Changeset 5614 for pjproject/trunk/third_party/srtp/crypto/cipher/aes_icm.c
- Timestamp:
- Jul 4, 2017 5:22:51 AM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
pjproject/trunk/third_party/srtp/crypto/cipher/aes_icm.c
r5261 r5614 9 9 10 10 /* 11 * 12 * Copyright (c) 2001-20 06,2013Cisco Systems, Inc.11 * 12 * Copyright (c) 2001-2017 Cisco Systems, Inc. 13 13 * All rights reserved. 14 * 14 * 15 15 * Redistribution and use in source and binary forms, with or without 16 16 * modification, are permitted provided that the following conditions 17 17 * are met: 18 * 18 * 19 19 * Redistributions of source code must retain the above copyright 20 20 * notice, this list of conditions and the following disclaimer. 21 * 21 * 22 22 * Redistributions in binary form must reproduce the above 23 23 * copyright notice, this list of conditions and the following 24 24 * disclaimer in the documentation and/or other materials provided 25 25 * with the distribution. 26 * 26 * 27 27 * Neither the name of the Cisco Systems, Inc. nor the names of its 28 28 * contributors may be used to endorse or promote products derived 29 29 * from this software without specific prior written permission. 30 * 30 * 31 31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 32 32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 54 54 55 55 56 debug_module_t mod_aes_icm = { 57 0, /* debugging is off by default */ 58 "aes icm" /* printable module name */ 59 }; 56 srtp_debug_module_t srtp_mod_aes_icm = { 57 0, /* debugging is off by default */ 58 "aes icm" /* printable module name */ 59 }; 60 extern const srtp_cipher_type_t srtp_aes_icm_128; 61 extern const srtp_cipher_type_t srtp_aes_icm_256; 60 62 61 63 /* … … 64 66 * 16 bits 65 67 * <-----> 66 * +------+------+------+------+------+------+------+------+ 68 * +------+------+------+------+------+------+------+------+ 67 69 * | nonce | pakcet index | ctr |---+ 68 70 * +------+------+------+------+------+------+------+------+ | … … 75 77 * | encrypt | 76 78 * +---------+ 77 * | 79 * | 78 80 * +------+------+------+------+------+------+------+------+ | 79 * | keystream block |<--+ 80 * +------+------+------+------+------+------+------+------+ 81 * | keystream block |<--+ 82 * +------+------+------+------+------+------+------+------+ 81 83 * 82 84 * All fields are big-endian … … 84 86 * ctr is the block counter, which increments from zero for 85 87 * each packet (16 bits wide) 86 * 88 * 87 89 * packet index is distinct for each packet (48 bits wide) 88 90 * … … 93 95 */ 94 96 95 err_status_t 96 aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int forIsmacryp){97 extern cipher_type_t aes_icm;98 uint8_t *pointer; 99 int tmp;100 101 debug_print(mod_aes_icm, 102 "allocating cipher with key length %d", key_len);103 104 /*105 * Ismacryp, for example, uses 16 byte key + 8 byte106 * salt so this function is called with key_len = 24.107 * The check for key_len = 30/38/46 does not apply. Our usage108 * of aes functions with key_len = values other than 30109 * has not broken anything. Don't know what would be the110 * effect of skipping this check for srtp in general.111 */ 112 if (!(forIsmacryp && key_len > 16 && key_len < 30) &&113 key_len != 30 && key_len != 38 && key_len != 46)114 return err_status_bad_param;115 116 /* allocate memory a cipher of type aes_icm */117 tmp = (sizeof(aes_icm_ctx_t) + sizeof(cipher_t));118 pointer = (uint8_t*)crypto_alloc(tmp); 119 if (pointer == NULL)120 return err_status_alloc_fail;121 122 /* set pointers */123 *c = (cipher_t *)pointer;124 switch (key_len) {125 case 46: 126 (*c)->algorithm = AES_256_ICM;127 break;128 case 38: 129 (*c)->algorithm = AES_192_ICM;130 break;131 default:132 (*c)->algorithm = AES_128_ICM;133 break;134 }135 (*c)->type = &aes_icm;136 (*c)->state = pointer + sizeof(cipher_t);137 138 /* increment ref_count */139 aes_icm.ref_count++; 140 141 /* set key size */142 (*c)->key_len = key_len;143 144 return err_status_ok;97 static srtp_err_status_t srtp_aes_icm_alloc (srtp_cipher_t **c, int key_len, int tlen) 98 { 99 srtp_aes_icm_ctx_t *icm; 100 101 debug_print(srtp_mod_aes_icm, 102 "allocating cipher with key length %d", key_len); 103 104 /* 105 * The check for key_len = 30/46 does not apply. Our usage 106 * of aes functions with key_len = values other than 30 107 * has not broken anything. Don't know what would be the 108 * effect of skipping this check for srtp in general. 109 */ 110 if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT && key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) { 111 return srtp_err_status_bad_param; 112 } 113 114 /* allocate memory a cipher of type aes_icm */ 115 *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); 116 if (*c == NULL) { 117 return srtp_err_status_alloc_fail; 118 } 119 memset(*c, 0x0, sizeof(srtp_cipher_t)); 120 121 icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t)); 122 if (icm == NULL) { 123 srtp_crypto_free(*c); 124 return srtp_err_status_alloc_fail; 125 } 126 memset(icm, 0x0, sizeof(srtp_aes_icm_ctx_t)); 127 128 /* set pointers */ 129 (*c)->state = icm; 130 131 switch (key_len) { 132 case SRTP_AES_ICM_256_KEY_LEN_WSALT: 133 (*c)->algorithm = SRTP_AES_ICM_256; 134 (*c)->type = &srtp_aes_icm_256; 135 break; 136 default: 137 (*c)->algorithm = SRTP_AES_ICM_128; 138 (*c)->type = &srtp_aes_icm_128; 139 break; 140 } 141 142 /* set key size */ 143 icm->key_size = key_len; 144 (*c)->key_len = key_len; 145 146 return srtp_err_status_ok; 145 147 } 146 148 147 err_status_t aes_icm_alloc(cipher_t **c, int key_len, int forIsmacryp) { 148 return aes_icm_alloc_ismacryp(c, key_len, 0); 149 } 150 151 err_status_t 152 aes_icm_dealloc(cipher_t *c) { 153 extern cipher_type_t aes_icm;154 155 /* zeroize entire state*/156 octet_string_set_to_zero((uint8_t *)c,157 sizeof(aes_icm_ctx_t) + sizeof(cipher_t)); 158 159 /* free memory */160 crypto_free(c);161 162 /* decrement ref_count */163 aes_icm.ref_count--;164 165 return err_status_ok;149 static srtp_err_status_t srtp_aes_icm_dealloc (srtp_cipher_t *c) 150 { 151 srtp_aes_icm_ctx_t *ctx; 152 153 if (c == NULL) { 154 return srtp_err_status_bad_param; 155 } 156 157 ctx = (srtp_aes_icm_ctx_t *)c->state; 158 if (ctx) { 159 /* zeroize the key material */ 160 octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t)); 161 srtp_crypto_free(ctx); 162 } 163 164 /* free the cipher context */ 165 srtp_crypto_free(c); 166 167 return srtp_err_status_ok; 166 168 } 167 169 … … 171 173 * using the value in key[]. 172 174 * 173 * the key is the secret key 175 * the key is the secret key 174 176 * 175 177 * the salt is unpredictable (but not necessarily secret) data which … … 177 179 */ 178 180 179 err_status_t 180 aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key, int key_len) { 181 err_status_t status; 182 int base_key_len, copy_len; 183 184 if (key_len > 16 && key_len < 30) /* Ismacryp */ 185 base_key_len = 16; 186 else if (key_len == 30 || key_len == 38 || key_len == 46) 187 base_key_len = key_len - 14; 188 else 189 return err_status_bad_param; 190 191 /* 192 * set counter and initial values to 'offset' value, being careful not to 193 * go past the end of the key buffer 194 */ 195 v128_set_to_zero(&c->counter); 196 v128_set_to_zero(&c->offset); 197 198 copy_len = key_len - base_key_len; 199 /* force last two octets of the offset to be left zero (for srtp compatibility) */ 200 if (copy_len > 14) 201 copy_len = 14; 202 203 memcpy(&c->counter, key + base_key_len, copy_len); 204 memcpy(&c->offset, key + base_key_len, copy_len); 205 206 debug_print(mod_aes_icm, 207 "key: %s", octet_string_hex_string(key, base_key_len)); 208 debug_print(mod_aes_icm, 209 "offset: %s", v128_hex_string(&c->offset)); 210 211 /* expand key */ 212 status = aes_expand_encryption_key(key, base_key_len, &c->expanded_key); 213 if (status) { 181 static srtp_err_status_t srtp_aes_icm_context_init (void *cv, const uint8_t *key) 182 { 183 srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; 184 srtp_err_status_t status; 185 int base_key_len, copy_len; 186 187 if (c->key_size == SRTP_AES_ICM_128_KEY_LEN_WSALT || c->key_size == SRTP_AES_ICM_256_KEY_LEN_WSALT) { 188 base_key_len = c->key_size - SRTP_SALT_LEN; 189 } else{ 190 return srtp_err_status_bad_param; 191 } 192 193 /* 194 * set counter and initial values to 'offset' value, being careful not to 195 * go past the end of the key buffer 196 */ 214 197 v128_set_to_zero(&c->counter); 215 198 v128_set_to_zero(&c->offset); 216 return status; 217 } 218 219 /* indicate that the keystream_buffer is empty */ 220 c->bytes_in_buffer = 0; 221 222 return err_status_ok; 223 } 224 225 /* 226 * aes_icm_set_octet(c, i) sets the counter of the context which it is 227 * passed so that the next octet of keystream that will be generated 228 * is the ith octet 229 */ 230 231 err_status_t 232 aes_icm_set_octet(aes_icm_ctx_t *c, 233 uint64_t octet_num) { 234 235 #ifdef NO_64BIT_MATH 236 int tail_num = low32(octet_num) & 0x0f; 237 /* 64-bit right-shift 4 */ 238 uint64_t block_num = make64(high32(octet_num) >> 4, 239 ((high32(octet_num) & 0x0f)<<(32-4)) | 240 (low32(octet_num) >> 4)); 241 #else 242 int tail_num = (int)(octet_num % 16); 243 uint64_t block_num = octet_num / 16; 244 #endif 245 246 247 /* set counter value */ 248 /* FIX - There's no way this is correct */ 249 c->counter.v64[0] = c->offset.v64[0]; 250 #ifdef NO_64BIT_MATH 251 c->counter.v64[0] = make64(high32(c->offset.v64[0]) ^ high32(block_num), 252 low32(c->offset.v64[0]) ^ low32(block_num)); 253 #else 254 c->counter.v64[0] = c->offset.v64[0] ^ block_num; 255 #endif 256 257 debug_print(mod_aes_icm, 258 "set_octet: %s", v128_hex_string(&c->counter)); 259 260 /* fill keystream buffer, if needed */ 261 if (tail_num) { 262 v128_copy(&c->keystream_buffer, &c->counter); 263 aes_encrypt(&c->keystream_buffer, &c->expanded_key); 264 c->bytes_in_buffer = sizeof(v128_t); 265 266 debug_print(mod_aes_icm, "counter: %s", 267 v128_hex_string(&c->counter)); 268 debug_print(mod_aes_icm, "ciphertext: %s", 269 v128_hex_string(&c->keystream_buffer)); 270 271 /* indicate number of bytes in keystream_buffer */ 272 c->bytes_in_buffer = sizeof(v128_t) - tail_num; 273 274 } else { 275 276 /* indicate that keystream_buffer is empty */ 199 200 copy_len = c->key_size - base_key_len; 201 /* force last two octets of the offset to be left zero (for srtp compatibility) */ 202 if (copy_len > SRTP_SALT_LEN) { 203 copy_len = SRTP_SALT_LEN; 204 } 205 206 memcpy(&c->counter, key + base_key_len, copy_len); 207 memcpy(&c->offset, key + base_key_len, copy_len); 208 209 debug_print(srtp_mod_aes_icm, 210 "key: %s", srtp_octet_string_hex_string(key, base_key_len)); 211 debug_print(srtp_mod_aes_icm, 212 "offset: %s", v128_hex_string(&c->offset)); 213 214 /* expand key */ 215 status = srtp_aes_expand_encryption_key(key, base_key_len, &c->expanded_key); 216 if (status) { 217 v128_set_to_zero(&c->counter); 218 v128_set_to_zero(&c->offset); 219 return status; 220 } 221 222 /* indicate that the keystream_buffer is empty */ 277 223 c->bytes_in_buffer = 0; 278 } 279 280 return err_status_ok; 224 225 return srtp_err_status_ok; 281 226 } 282 227 … … 286 231 */ 287 232 288 err_status_t 289 aes_icm_set_iv(aes_icm_ctx_t *c, void *iv, int direction) { 290 v128_t nonce; 291 292 /* set nonce (for alignment) */ 293 v128_copy_octet_string(&nonce, iv); 294 295 debug_print(mod_aes_icm, 296 "setting iv: %s", v128_hex_string(&nonce)); 297 298 v128_xor(&c->counter, &c->offset, &nonce); 299 300 debug_print(mod_aes_icm, 301 "set_counter: %s", v128_hex_string(&c->counter)); 302 303 /* indicate that the keystream_buffer is empty */ 304 c->bytes_in_buffer = 0; 305 306 return err_status_ok; 233 static srtp_err_status_t srtp_aes_icm_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t direction) 234 { 235 srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; 236 v128_t nonce; 237 238 /* set nonce (for alignment) */ 239 v128_copy_octet_string(&nonce, iv); 240 241 debug_print(srtp_mod_aes_icm, 242 "setting iv: %s", v128_hex_string(&nonce)); 243 244 v128_xor(&c->counter, &c->offset, &nonce); 245 246 debug_print(srtp_mod_aes_icm, 247 "set_counter: %s", v128_hex_string(&c->counter)); 248 249 /* indicate that the keystream_buffer is empty */ 250 c->bytes_in_buffer = 0; 251 252 return srtp_err_status_ok; 307 253 } 308 254 … … 315 261 * this is an internal, hopefully inlined function 316 262 */ 317 318 static inline void 319 aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) { 320 /* fill buffer with new keystream */ 321 v128_copy(&c->keystream_buffer, &c->counter); 322 aes_encrypt(&c->keystream_buffer, &c->expanded_key); 323 c->bytes_in_buffer = sizeof(v128_t); 324 325 debug_print(mod_aes_icm, "counter: %s", 326 v128_hex_string(&c->counter)); 327 debug_print(mod_aes_icm, "ciphertext: %s", 328 v128_hex_string(&c->keystream_buffer)); 329 330 /* clock counter forward */ 331 332 if (forIsmacryp) { 333 uint32_t temp; 334 //alex's clock counter forward 335 temp = ntohl(c->counter.v32[3]); 336 ++temp; 337 c->counter.v32[3] = htonl(temp); 338 } else { 339 if (!++(c->counter.v8[15])) 340 ++(c->counter.v8[14]); 341 } 263 static void srtp_aes_icm_advance (srtp_aes_icm_ctx_t *c) 264 { 265 /* fill buffer with new keystream */ 266 v128_copy(&c->keystream_buffer, &c->counter); 267 srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key); 268 c->bytes_in_buffer = sizeof(v128_t); 269 270 debug_print(srtp_mod_aes_icm, "counter: %s", 271 v128_hex_string(&c->counter)); 272 debug_print(srtp_mod_aes_icm, "ciphertext: %s", 273 v128_hex_string(&c->keystream_buffer)); 274 275 /* clock counter forward */ 276 if (!++(c->counter.v8[15])) { 277 ++(c->counter.v8[14]); 278 } 342 279 } 343 280 … … 352 289 * - loop over blocks, filling keystream_buffer and then 353 290 * adding keystream into data 354 * - fill buffer then add in remaining (< 16) bytes of keystream 355 */ 356 357 err_status_t 358 aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c, 359 unsigned char *buf, unsigned int *enc_len, 360 int forIsmacryp) { 361 unsigned int bytes_to_encr = *enc_len; 362 unsigned int i; 363 uint32_t *b; 364 365 /* check that there's enough segment left but not for ismacryp*/ 366 if (!forIsmacryp && (bytes_to_encr + htons(c->counter.v16[7])) > 0xffff) 367 return err_status_terminus; 368 369 debug_print(mod_aes_icm, "block index: %d", 370 htons(c->counter.v16[7])); 371 if (bytes_to_encr <= (unsigned int)c->bytes_in_buffer) { 372 373 /* deal with odd case of small bytes_to_encr */ 374 for (i = (sizeof(v128_t) - c->bytes_in_buffer); 375 i < (sizeof(v128_t) - c->bytes_in_buffer + bytes_to_encr); i++) 376 { 377 *buf++ ^= c->keystream_buffer.v8[i]; 378 } 379 380 c->bytes_in_buffer -= bytes_to_encr; 381 382 /* return now to avoid the main loop */ 383 return err_status_ok; 384 385 } else { 386 387 /* encrypt bytes until the remaining data is 16-byte aligned */ 388 for (i=(sizeof(v128_t) - c->bytes_in_buffer); i < sizeof(v128_t); i++) 389 *buf++ ^= c->keystream_buffer.v8[i]; 390 391 bytes_to_encr -= c->bytes_in_buffer; 392 c->bytes_in_buffer = 0; 393 394 } 395 396 /* now loop over entire 16-byte blocks of keystream */ 397 for (i=0; i < (bytes_to_encr/sizeof(v128_t)); i++) { 398 399 /* fill buffer with new keystream */ 400 aes_icm_advance_ismacryp(c, forIsmacryp); 401 402 /* 403 * add keystream into the data buffer (this would be a lot faster 404 * if we could assume 32-bit alignment!) 405 */ 291 * - fill buffer then add in remaining (< 16) bytes of keystream 292 */ 293 294 static srtp_err_status_t srtp_aes_icm_encrypt (void *cv, 295 unsigned char *buf, unsigned int *enc_len) 296 { 297 srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t*)cv; 298 unsigned int bytes_to_encr = *enc_len; 299 unsigned int i; 300 uint32_t *b; 301 302 /* check that there's enough segment left*/ 303 if ((bytes_to_encr + htons(c->counter.v16[7])) > 0xffff) { 304 return srtp_err_status_terminus; 305 } 306 307 debug_print(srtp_mod_aes_icm, "block index: %d", 308 htons(c->counter.v16[7])); 309 if (bytes_to_encr <= (unsigned int)c->bytes_in_buffer) { 310 311 /* deal with odd case of small bytes_to_encr */ 312 for (i = (sizeof(v128_t) - c->bytes_in_buffer); 313 i < (sizeof(v128_t) - c->bytes_in_buffer + bytes_to_encr); i++) { 314 *buf++ ^= c->keystream_buffer.v8[i]; 315 } 316 317 c->bytes_in_buffer -= bytes_to_encr; 318 319 /* return now to avoid the main loop */ 320 return srtp_err_status_ok; 321 322 } else { 323 324 /* encrypt bytes until the remaining data is 16-byte aligned */ 325 for (i = (sizeof(v128_t) - c->bytes_in_buffer); i < sizeof(v128_t); i++) { 326 *buf++ ^= c->keystream_buffer.v8[i]; 327 } 328 329 bytes_to_encr -= c->bytes_in_buffer; 330 c->bytes_in_buffer = 0; 331 332 } 333 334 /* now loop over entire 16-byte blocks of keystream */ 335 for (i = 0; i < (bytes_to_encr / sizeof(v128_t)); i++) { 336 337 /* fill buffer with new keystream */ 338 srtp_aes_icm_advance(c); 339 340 /* 341 * add keystream into the data buffer (this would be a lot faster 342 * if we could assume 32-bit alignment!) 343 */ 406 344 407 345 #if ALIGN_32 408 b = (uint32_t *)buf; 409 *b++ ^= c->keystream_buffer.v32[0]; 410 *b++ ^= c->keystream_buffer.v32[1]; 411 *b++ ^= c->keystream_buffer.v32[2]; 412 *b++ ^= c->keystream_buffer.v32[3]; 413 buf = (uint8_t *)b; 414 #else 415 if ((((unsigned long) buf) & 0x03) != 0) { 416 *buf++ ^= c->keystream_buffer.v8[0]; 417 *buf++ ^= c->keystream_buffer.v8[1]; 418 *buf++ ^= c->keystream_buffer.v8[2]; 419 *buf++ ^= c->keystream_buffer.v8[3]; 420 *buf++ ^= c->keystream_buffer.v8[4]; 421 *buf++ ^= c->keystream_buffer.v8[5]; 422 *buf++ ^= c->keystream_buffer.v8[6]; 423 *buf++ ^= c->keystream_buffer.v8[7]; 424 *buf++ ^= c->keystream_buffer.v8[8]; 425 *buf++ ^= c->keystream_buffer.v8[9]; 426 *buf++ ^= c->keystream_buffer.v8[10]; 427 *buf++ ^= c->keystream_buffer.v8[11]; 428 *buf++ ^= c->keystream_buffer.v8[12]; 429 *buf++ ^= c->keystream_buffer.v8[13]; 430 *buf++ ^= c->keystream_buffer.v8[14]; 431 *buf++ ^= c->keystream_buffer.v8[15]; 346 b = (uint32_t*)buf; 347 *b++ ^= c->keystream_buffer.v32[0]; 348 *b++ ^= c->keystream_buffer.v32[1]; 349 *b++ ^= c->keystream_buffer.v32[2]; 350 *b++ ^= c->keystream_buffer.v32[3]; 351 buf = (uint8_t*)b; 352 #else 353 if ((((unsigned long)buf) & 0x03) != 0) { 354 *buf++ ^= c->keystream_buffer.v8[0]; 355 *buf++ ^= c->keystream_buffer.v8[1]; 356 *buf++ ^= c->keystream_buffer.v8[2]; 357 *buf++ ^= c->keystream_buffer.v8[3]; 358 *buf++ ^= c->keystream_buffer.v8[4]; 359 *buf++ ^= c->keystream_buffer.v8[5]; 360 *buf++ ^= c->keystream_buffer.v8[6]; 361 *buf++ ^= c->keystream_buffer.v8[7]; 362 *buf++ ^= c->keystream_buffer.v8[8]; 363 *buf++ ^= c->keystream_buffer.v8[9]; 364 *buf++ ^= c->keystream_buffer.v8[10]; 365 *buf++ ^= c->keystream_buffer.v8[11]; 366 *buf++ ^= c->keystream_buffer.v8[12]; 367 *buf++ ^= c->keystream_buffer.v8[13]; 368 *buf++ ^= c->keystream_buffer.v8[14]; 369 *buf++ ^= c->keystream_buffer.v8[15]; 370 } else { 371 b = (uint32_t*)buf; 372 *b++ ^= c->keystream_buffer.v32[0]; 373 *b++ ^= c->keystream_buffer.v32[1]; 374 *b++ ^= c->keystream_buffer.v32[2]; 375 *b++ ^= c->keystream_buffer.v32[3]; 376 buf = (uint8_t*)b; 377 } 378 #endif /* #if ALIGN_32 */ 379 380 } 381 382 /* if there is a tail end of the data, process it */ 383 if ((bytes_to_encr & 0xf) != 0) { 384 385 /* fill buffer with new keystream */ 386 srtp_aes_icm_advance(c); 387 388 for (i = 0; i < (bytes_to_encr & 0xf); i++) { 389 *buf++ ^= c->keystream_buffer.v8[i]; 390 } 391 392 /* reset the keystream buffer size to right value */ 393 c->bytes_in_buffer = sizeof(v128_t) - i; 432 394 } else { 433 b = (uint32_t *)buf; 434 *b++ ^= c->keystream_buffer.v32[0]; 435 *b++ ^= c->keystream_buffer.v32[1]; 436 *b++ ^= c->keystream_buffer.v32[2]; 437 *b++ ^= c->keystream_buffer.v32[3]; 438 buf = (uint8_t *)b; 439 } 440 #endif /* #if ALIGN_32 */ 441 442 } 443 444 /* if there is a tail end of the data, process it */ 445 if ((bytes_to_encr & 0xf) != 0) { 446 447 /* fill buffer with new keystream */ 448 aes_icm_advance_ismacryp(c, forIsmacryp); 449 450 for (i=0; i < (bytes_to_encr & 0xf); i++) 451 *buf++ ^= c->keystream_buffer.v8[i]; 452 453 /* reset the keystream buffer size to right value */ 454 c->bytes_in_buffer = sizeof(v128_t) - i; 455 } else { 456 457 /* no tail, so just reset the keystream buffer size to zero */ 458 c->bytes_in_buffer = 0; 459 460 } 461 462 return err_status_ok; 395 396 /* no tail, so just reset the keystream buffer size to zero */ 397 c->bytes_in_buffer = 0; 398 399 } 400 401 return srtp_err_status_ok; 463 402 } 464 403 465 err_status_t 466 aes_icm_encrypt(aes_icm_ctx_t *c, unsigned char *buf, unsigned int *enc_len) { 467 return aes_icm_encrypt_ismacryp(c, buf, enc_len, 0); 468 } 469 470 err_status_t 471 aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, unsigned int num_octets_to_output) { 472 unsigned int len = num_octets_to_output; 473 474 /* zeroize the buffer */ 475 octet_string_set_to_zero(buffer, num_octets_to_output); 476 477 /* exor keystream into buffer */ 478 return aes_icm_encrypt(c, buffer, &len); 479 } 480 481 uint16_t 482 aes_icm_bytes_encrypted(aes_icm_ctx_t *c) { 483 return htons(c->counter.v16[7]); 484 } 485 486 char 487 aes_icm_description[] = "aes integer counter mode"; 488 489 uint8_t aes_icm_test_case_0_key[30] = { 490 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 491 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, 492 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 493 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd 494 }; 495 496 uint8_t aes_icm_test_case_0_nonce[16] = { 497 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 498 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 499 }; 500 501 uint8_t aes_icm_test_case_0_plaintext[32] = { 502 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 503 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 504 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 505 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 506 }; 507 508 uint8_t aes_icm_test_case_0_ciphertext[32] = { 509 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, 510 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, 511 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, 512 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab 513 }; 514 515 cipher_test_case_t aes_icm_test_case_0 = { 516 30, /* octets in key */ 517 aes_icm_test_case_0_key, /* key */ 518 aes_icm_test_case_0_nonce, /* packet index */ 519 32, /* octets in plaintext */ 520 aes_icm_test_case_0_plaintext, /* plaintext */ 521 32, /* octets in ciphertext */ 522 aes_icm_test_case_0_ciphertext, /* ciphertext */ 523 0, 524 NULL, 525 0, 526 NULL /* pointer to next testcase */ 527 }; 528 529 uint8_t aes_icm_test_case_1_key[46] = { 530 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, 531 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, 532 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82, 533 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98, 534 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 535 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd 536 }; 537 538 uint8_t aes_icm_test_case_1_nonce[16] = { 539 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 540 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 541 }; 542 543 uint8_t aes_icm_test_case_1_plaintext[32] = { 544 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 545 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 546 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 547 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 548 }; 549 550 uint8_t aes_icm_test_case_1_ciphertext[32] = { 551 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, 552 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, 553 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, 554 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac 555 }; 556 557 cipher_test_case_t aes_icm_test_case_1 = { 558 46, /* octets in key */ 559 aes_icm_test_case_1_key, /* key */ 560 aes_icm_test_case_1_nonce, /* packet index */ 561 32, /* octets in plaintext */ 562 aes_icm_test_case_1_plaintext, /* plaintext */ 563 32, /* octets in ciphertext */ 564 aes_icm_test_case_1_ciphertext, /* ciphertext */ 565 0, 566 NULL, 567 0, 568 &aes_icm_test_case_0 /* pointer to next testcase */ 404 static const char srtp_aes_icm_128_description[] = "AES-128 integer counter mode"; 405 static const char srtp_aes_icm_256_description[] = "AES-256 integer counter mode"; 406 407 static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = { 408 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 409 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, 410 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 411 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd 412 }; 413 414 static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = { 415 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 416 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 417 }; 418 419 static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = { 420 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 421 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 422 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 423 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 424 }; 425 426 static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = { 427 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, 428 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, 429 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, 430 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab 431 }; 432 433 static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = { 434 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */ 435 srtp_aes_icm_128_test_case_0_key, /* key */ 436 srtp_aes_icm_128_test_case_0_nonce, /* packet index */ 437 32, /* octets in plaintext */ 438 srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */ 439 32, /* octets in ciphertext */ 440 srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */ 441 0, 442 NULL, 443 0, 444 NULL /* pointer to next testcase */ 445 }; 446 447 static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = { 448 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, 449 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, 450 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82, 451 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98, 452 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 453 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd 454 }; 455 456 static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = { 457 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 458 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 459 }; 460 461 static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = { 462 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 463 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 464 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 465 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 466 }; 467 468 static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = { 469 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, 470 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, 471 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, 472 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac 473 }; 474 475 static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = { 476 SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */ 477 srtp_aes_icm_256_test_case_0_key, /* key */ 478 srtp_aes_icm_256_test_case_0_nonce, /* packet index */ 479 32, /* octets in plaintext */ 480 srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */ 481 32, /* octets in ciphertext */ 482 srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */ 483 0, 484 NULL, 485 0, 486 NULL, /* pointer to next testcase */ 569 487 }; 570 488 … … 575 493 */ 576 494 577 cipher_type_t aes_icm = { 578 (cipher_alloc_func_t) aes_icm_alloc, 579 (cipher_dealloc_func_t) aes_icm_dealloc, 580 (cipher_init_func_t) aes_icm_context_init, 581 (cipher_set_aad_func_t) 0, 582 (cipher_encrypt_func_t) aes_icm_encrypt, 583 (cipher_decrypt_func_t) aes_icm_encrypt, 584 (cipher_set_iv_func_t) aes_icm_set_iv, 585 (cipher_get_tag_func_t) 0, 586 (char *) aes_icm_description, 587 (int) 0, /* instance count */ 588 (cipher_test_case_t *) &aes_icm_test_case_1, 589 (debug_module_t *) &mod_aes_icm, 590 (cipher_type_id_t) AES_ICM 591 }; 592 495 const srtp_cipher_type_t srtp_aes_icm_128 = { 496 srtp_aes_icm_alloc, 497 srtp_aes_icm_dealloc, 498 srtp_aes_icm_context_init, 499 0, /* set_aad */ 500 srtp_aes_icm_encrypt, 501 srtp_aes_icm_encrypt, 502 srtp_aes_icm_set_iv, 503 0, /* get_tag */ 504 srtp_aes_icm_128_description, 505 &srtp_aes_icm_128_test_case_0, 506 SRTP_AES_ICM_128 507 }; 508 509 const srtp_cipher_type_t srtp_aes_icm_256 = { 510 srtp_aes_icm_alloc, 511 srtp_aes_icm_dealloc, 512 srtp_aes_icm_context_init, 513 0, /* set_aad */ 514 srtp_aes_icm_encrypt, 515 srtp_aes_icm_encrypt, 516 srtp_aes_icm_set_iv, 517 0, /* get_tag */ 518 srtp_aes_icm_256_description, 519 &srtp_aes_icm_256_test_case_0, 520 SRTP_AES_ICM_256 521 };
Note: See TracChangeset
for help on using the changeset viewer.