Changeset 5261 for pjproject/trunk/third_party/srtp/crypto/cipher/aes_icm.c
- Timestamp:
- Mar 15, 2016 3:57:39 AM (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
pjproject/trunk/third_party/srtp/crypto/cipher/aes_icm.c
r4588 r5261 10 10 /* 11 11 * 12 * Copyright (c) 2001-2006, Cisco Systems, Inc.12 * Copyright (c) 2001-2006,2013 Cisco Systems, Inc. 13 13 * All rights reserved. 14 14 * … … 44 44 */ 45 45 46 #ifdef HAVE_CONFIG_H 47 #include <config.h> 48 #endif 46 49 47 50 #define ALIGN_32 0 … … 102 105 * Ismacryp, for example, uses 16 byte key + 8 byte 103 106 * salt so this function is called with key_len = 24. 104 * The check for key_len = 30 does not apply. Our usage107 * The check for key_len = 30/38/46 does not apply. Our usage 105 108 * of aes functions with key_len = values other than 30 106 109 * has not broken anything. Don't know what would be the 107 110 * effect of skipping this check for srtp in general. 108 111 */ 109 if (!forIsmacryp && key_len != 30) 112 if (!(forIsmacryp && key_len > 16 && key_len < 30) && 113 key_len != 30 && key_len != 38 && key_len != 46) 110 114 return err_status_bad_param; 111 115 … … 118 122 /* set pointers */ 119 123 *c = (cipher_t *)pointer; 124 switch (key_len) { 125 case 46: 126 (*c)->algorithm = AES_256_ICM; 127 break; 128 case 38: 129 (*c)->algorithm = AES_192_ICM; 130 break; 131 default: 132 (*c)->algorithm = AES_128_ICM; 133 break; 134 } 120 135 (*c)->type = &aes_icm; 121 136 (*c)->state = pointer + sizeof(cipher_t); … … 163 178 164 179 err_status_t 165 aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key) { 166 v128_t tmp_key; 167 168 /* set counter and initial values to 'offset' value */ 169 /* FIX!!! this assumes the salt is at key + 16, and thus that the */ 170 /* FIX!!! cipher key length is 16! Also note this copies past the 171 end of the 'key' array by 2 bytes! */ 172 v128_copy_octet_string(&c->counter, key + 16); 173 v128_copy_octet_string(&c->offset, key + 16); 174 175 /* force last two octets of the offset to zero (for srtp compatibility) */ 176 c->offset.v8[14] = c->offset.v8[15] = 0; 177 c->counter.v8[14] = c->counter.v8[15] = 0; 178 179 /* set tmp_key (for alignment) */ 180 v128_copy_octet_string(&tmp_key, key); 180 aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key, int key_len) { 181 err_status_t status; 182 int base_key_len, copy_len; 183 184 if (key_len > 16 && key_len < 30) /* Ismacryp */ 185 base_key_len = 16; 186 else if (key_len == 30 || key_len == 38 || key_len == 46) 187 base_key_len = key_len - 14; 188 else 189 return err_status_bad_param; 190 191 /* 192 * set counter and initial values to 'offset' value, being careful not to 193 * go past the end of the key buffer 194 */ 195 v128_set_to_zero(&c->counter); 196 v128_set_to_zero(&c->offset); 197 198 copy_len = key_len - base_key_len; 199 /* force last two octets of the offset to be left zero (for srtp compatibility) */ 200 if (copy_len > 14) 201 copy_len = 14; 202 203 memcpy(&c->counter, key + base_key_len, copy_len); 204 memcpy(&c->offset, key + base_key_len, copy_len); 181 205 182 206 debug_print(mod_aes_icm, 183 "key: %s", v128_hex_string(&tmp_key));207 "key: %s", octet_string_hex_string(key, base_key_len)); 184 208 debug_print(mod_aes_icm, 185 209 "offset: %s", v128_hex_string(&c->offset)); 186 210 187 211 /* expand key */ 188 aes_expand_encryption_key(&tmp_key, c->expanded_key); 212 status = aes_expand_encryption_key(key, base_key_len, &c->expanded_key); 213 if (status) { 214 v128_set_to_zero(&c->counter); 215 v128_set_to_zero(&c->offset); 216 return status; 217 } 189 218 190 219 /* indicate that the keystream_buffer is empty */ … … 211 240 (low32(octet_num) >> 4)); 212 241 #else 213 int tail_num = octet_num % 16;242 int tail_num = (int)(octet_num % 16); 214 243 uint64_t block_num = octet_num / 16; 215 244 #endif … … 232 261 if (tail_num) { 233 262 v128_copy(&c->keystream_buffer, &c->counter); 234 aes_encrypt(&c->keystream_buffer, c->expanded_key);263 aes_encrypt(&c->keystream_buffer, &c->expanded_key); 235 264 c->bytes_in_buffer = sizeof(v128_t); 236 265 … … 258 287 259 288 err_status_t 260 aes_icm_set_iv(aes_icm_ctx_t *c, void *iv) { 261 v128_t *nonce = (v128_t *) iv; 289 aes_icm_set_iv(aes_icm_ctx_t *c, void *iv, int direction) { 290 v128_t nonce; 291 292 /* set nonce (for alignment) */ 293 v128_copy_octet_string(&nonce, iv); 262 294 263 295 debug_print(mod_aes_icm, 264 "setting iv: %s", v128_hex_string( nonce));296 "setting iv: %s", v128_hex_string(&nonce)); 265 297 266 v128_xor(&c->counter, &c->offset, nonce);298 v128_xor(&c->counter, &c->offset, &nonce); 267 299 268 300 debug_print(mod_aes_icm, … … 288 320 /* fill buffer with new keystream */ 289 321 v128_copy(&c->keystream_buffer, &c->counter); 290 aes_encrypt(&c->keystream_buffer, c->expanded_key);322 aes_encrypt(&c->keystream_buffer, &c->expanded_key); 291 323 c->bytes_in_buffer = sizeof(v128_t); 292 324 … … 302 334 //alex's clock counter forward 303 335 temp = ntohl(c->counter.v32[3]); 304 c->counter.v32[3] = htonl(++temp); 336 ++temp; 337 c->counter.v32[3] = htonl(temp); 305 338 } else { 306 339 if (!++(c->counter.v8[15])) … … 308 341 } 309 342 } 310 311 inline void aes_icm_advance(aes_icm_ctx_t *c) {312 aes_icm_advance_ismacryp(c, 0);313 }314 315 343 316 344 /*e … … 441 469 442 470 err_status_t 443 aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output) {471 aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, unsigned int num_octets_to_output) { 444 472 unsigned int len = num_octets_to_output; 445 473 … … 451 479 } 452 480 481 uint16_t 482 aes_icm_bytes_encrypted(aes_icm_ctx_t *c) { 483 return htons(c->counter.v16[7]); 484 } 453 485 454 486 char … … 489 521 32, /* octets in ciphertext */ 490 522 aes_icm_test_case_0_ciphertext, /* ciphertext */ 523 0, 524 NULL, 525 0, 491 526 NULL /* pointer to next testcase */ 492 527 }; 528 529 uint8_t aes_icm_test_case_1_key[46] = { 530 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, 531 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, 532 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82, 533 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98, 534 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 535 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd 536 }; 537 538 uint8_t aes_icm_test_case_1_nonce[16] = { 539 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 540 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 541 }; 542 543 uint8_t aes_icm_test_case_1_plaintext[32] = { 544 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 545 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 546 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 547 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 548 }; 549 550 uint8_t aes_icm_test_case_1_ciphertext[32] = { 551 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, 552 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, 553 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, 554 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac 555 }; 556 557 cipher_test_case_t aes_icm_test_case_1 = { 558 46, /* octets in key */ 559 aes_icm_test_case_1_key, /* key */ 560 aes_icm_test_case_1_nonce, /* packet index */ 561 32, /* octets in plaintext */ 562 aes_icm_test_case_1_plaintext, /* plaintext */ 563 32, /* octets in ciphertext */ 564 aes_icm_test_case_1_ciphertext, /* ciphertext */ 565 0, 566 NULL, 567 0, 568 &aes_icm_test_case_0 /* pointer to next testcase */ 569 }; 570 493 571 494 572 … … 501 579 (cipher_dealloc_func_t) aes_icm_dealloc, 502 580 (cipher_init_func_t) aes_icm_context_init, 581 (cipher_set_aad_func_t) 0, 503 582 (cipher_encrypt_func_t) aes_icm_encrypt, 504 583 (cipher_decrypt_func_t) aes_icm_encrypt, 505 584 (cipher_set_iv_func_t) aes_icm_set_iv, 585 (cipher_get_tag_func_t) 0, 506 586 (char *) aes_icm_description, 507 587 (int) 0, /* instance count */ 508 (cipher_test_case_t *) &aes_icm_test_case_0, 509 (debug_module_t *) &mod_aes_icm 510 }; 511 588 (cipher_test_case_t *) &aes_icm_test_case_1, 589 (debug_module_t *) &mod_aes_icm, 590 (cipher_type_id_t) AES_ICM 591 }; 592
Note: See TracChangeset
for help on using the changeset viewer.