Example #1
0
err_status_t
aes_test_inverse(void) {
  v128_t x, y;
  aes_expanded_key_t expanded_key, decrypt_key;
  uint8_t plaintext[16] = {
    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
    0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 
  };
  uint8_t key[16] = {
    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 
    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
  };
  v128_t k;
  v128_set_to_zero(&x);
  
  v128_copy_octet_string(&k, key);
  v128_copy_octet_string(&x, plaintext);
  aes_expand_encryption_key(k, expanded_key);
  aes_expand_decryption_key(k, decrypt_key);
  aes_encrypt(&x, expanded_key);
  aes_decrypt(&x, decrypt_key);
  
  /* compare to expected value then report */
  v128_copy_octet_string(&y, plaintext);

  if (v128_is_eq(&x, &y))
    return err_status_ok;
  return err_status_algo_fail;
  
}
Example #2
0
err_status_t
aes_icm_context_init(aes_icm_ctx_t *c, const octet_t *key) {
    v128_t tmp_key;

    /* set counter and initial values to 'offset' value */
    /* FIX!!! this assumes the salt is at key + 16, and thus that the */
    /* FIX!!! cipher key length is 16!  Also note this copies past the
              end of the 'key' array by 2 bytes! */
    v128_copy_octet_string(&c->counter, key + 16);
    v128_copy_octet_string(&c->offset, key + 16);

    /* force last two octets of the offset to zero (for srtp compatibility) */
    c->offset.octet[14] = c->offset.octet[15] = 0;
    c->counter.octet[14] = c->counter.octet[15] = 0;

    /* set tmp_key (for alignment) */
    v128_copy_octet_string(&tmp_key, key);

    debug_print(mod_aes_icm,
                "key:  %s", v128_hex_string(&tmp_key));
    debug_print(mod_aes_icm,
                "offset: %s", v128_hex_string(&c->offset));

    /* expand key */
    aes_expand_encryption_key(tmp_key, c->expanded_key);

    /* indicate that the keystream_buffer is empty */
    c->bytes_in_buffer = 0;

    return err_status_ok;
}
Example #3
0
/*
 * aes_icm_openssl_context_init(...) initializes the aes_icm_context
 * using the value in key[].
 *
 * the key is the secret key
 *
 * the salt is unpredictable (but not necessarily secret) data which
 * randomizes the starting point in the keystream
 */
err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key)
{
    /* set counter and initial values to 'offset' value */
    /* FIX!!! this assumes the salt is at key + 16, and thus that the */
    /* FIX!!! cipher key length is 16!  Also note this copies past the
              end of the 'key' array by 2 bytes! */
    v128_copy_octet_string(&c->counter, key + c->key_size);
    v128_copy_octet_string(&c->offset, key + c->key_size);

    /* force last two octets of the offset to zero (for srtp compatibility) */
    c->offset.v8[SALT_SIZE] = c->offset.v8[SALT_SIZE + 1] = 0;
    c->counter.v8[SALT_SIZE] = c->counter.v8[SALT_SIZE + 1] = 0;

    /* copy key to be used later when CiscoSSL crypto context is created */
    v128_copy_octet_string((v128_t*)&c->key, key);

    /* if the key is greater than 16 bytes, copy the second
     * half.  Note, we treat AES-192 and AES-256 the same here
     * for simplicity.  The storage location receiving the
     * key is statically allocated to handle a full 32 byte key
     * regardless of the cipher in use.
     */
    if (c->key_size == AES_256_KEYSIZE || c->key_size == AES_192_KEYSIZE) {
        debug_print(mod_aes_icm, "Copying last 16 bytes of key: %s",
                    v128_hex_string((v128_t*)(key + AES_128_KEYSIZE)));
        v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, key + AES_128_KEYSIZE);
    }

    debug_print(mod_aes_icm, "key:  %s", v128_hex_string((v128_t*)&c->key));
    debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));

    EVP_CIPHER_CTX_cleanup(&c->ctx);

    return err_status_ok;
}
Example #4
0
err_status_t
aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, 
		     cipher_direction_t dir) {
  v128_t tmp_key;

  /* set tmp_key (for alignment) */
  v128_copy_octet_string(&tmp_key, key);

  debug_print(mod_aes_cbc, 
	      "key:  %s", v128_hex_string(&tmp_key)); 

  /* expand key for the appropriate direction */
  switch (dir) {
  case (direction_encrypt):
    aes_expand_encryption_key(&tmp_key, c->expanded_key);
    break;
  case (direction_decrypt):
    aes_expand_decryption_key(&tmp_key, c->expanded_key);
    break;
  default:
    return err_status_bad_param;
  }


  return err_status_ok;
}
Example #5
0
/*
 * aes_icm_openssl_context_init(...) initializes the aes_icm_context
 * using the value in key[].
 *
 * the key is the secret key
 *
 * the salt is unpredictable (but not necessarily secret) data which
 * randomizes the starting point in the keystream
 */
err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key, int len)
{
    /*
     * set counter and initial values to 'offset' value, being careful not to
     * go past the end of the key buffer
     */

    if (c->key_size + SALT_SIZE != len)
        return err_status_bad_param;

    v128_set_to_zero(&c->counter);
    v128_set_to_zero(&c->offset);
    memcpy(&c->counter, key + c->key_size, SALT_SIZE);
    memcpy(&c->offset, key + c->key_size, SALT_SIZE);

    /* force last two octets of the offset to zero (for srtp compatibility) */
    c->offset.v8[SALT_SIZE] = c->offset.v8[SALT_SIZE + 1] = 0;
    c->counter.v8[SALT_SIZE] = c->counter.v8[SALT_SIZE + 1] = 0;

    /* copy key to be used later when CiscoSSL crypto context is created */
    v128_copy_octet_string((v128_t*)&c->key, key);

    /* if the key is greater than 16 bytes, copy the second
     * half.  Note, we treat AES-192 and AES-256 the same here
     * for simplicity.  The storage location receiving the
     * key is statically allocated to handle a full 32 byte key
     * regardless of the cipher in use.
     */
    if (c->key_size == AES_256_KEYSIZE
#ifndef BORINGSSL
        || c->key_size == AES_192_KEYSIZE
#endif
       ) {
        debug_print(mod_aes_icm, "Copying last 16 bytes of key: %s",
                    v128_hex_string((v128_t*)(key + AES_128_KEYSIZE)));
        v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, key + AES_128_KEYSIZE);
    }

    debug_print(mod_aes_icm, "key:  %s", v128_hex_string((v128_t*)&c->key));
    debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));

    EVP_CIPHER_CTX_cleanup(&c->ctx);

    return err_status_ok;
}
/*
 * aes_gcm_openssl_context_init(...) initializes the aes_gcm_context
 * using the value in key[].
 *
 * the key is the secret key
 */
err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key)
{
    c->dir = direction_any;

    /* copy key to be used later when CiscoSSL crypto context is created */
    v128_copy_octet_string((v128_t*)&c->key, key);

    if (c->key_size == AES_256_KEYSIZE) {
        debug_print(mod_aes_gcm, "Copying last 16 bytes of key: %s",
                    v128_hex_string((v128_t*)(key + AES_128_KEYSIZE)));
        v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, 
		               key + AES_128_KEYSIZE);
    }

    debug_print(mod_aes_gcm, "key:  %s", v128_hex_string((v128_t*)&c->key));

    EVP_CIPHER_CTX_cleanup(&c->ctx);

    return (err_status_ok);
}
Example #7
0
static srtp_err_status_t srtp_aes_icm_set_iv (srtp_aes_icm_ctx_t *c, uint8_t *iv, int direction)
{
    v128_t nonce;

    /* set nonce (for alignment) */
    v128_copy_octet_string(&nonce, iv);

    debug_print(srtp_mod_aes_icm,
                "setting iv: %s", v128_hex_string(&nonce));

    v128_xor(&c->counter, &c->offset, &nonce);

    debug_print(srtp_mod_aes_icm,
                "set_counter: %s", v128_hex_string(&c->counter));

    /* indicate that the keystream_buffer is empty */
    c->bytes_in_buffer = 0;

    return srtp_err_status_ok;
}
Example #8
0
/*
 * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with
 * the offset
 */
static srtp_err_status_t srtp_aes_icm_openssl_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t dir)
{
    srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
    v128_t nonce;

    /* set nonce (for alignment) */
    v128_copy_octet_string(&nonce, iv);

    debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce));

    v128_xor(&c->counter, &c->offset, &nonce);

    debug_print(srtp_mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter));

    if (!EVP_EncryptInit_ex(c->ctx, NULL,
                            NULL, NULL, c->counter.v8)) {
        return srtp_err_status_fail;
    } else {
        return srtp_err_status_ok;
    }
}
Example #9
0
/*
 * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with
 * the offset
 */
err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)
{
    const EVP_CIPHER *evp;
    v128_t nonce;

    /* set nonce (for alignment) */
    v128_copy_octet_string(&nonce, iv);

    debug_print(mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce));

    v128_xor(&c->counter, &c->offset, &nonce);

    debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter));

    switch (c->key_size) {
    case AES_256_KEYSIZE:
        evp = EVP_aes_256_ctr();
        break;
#ifndef BORINGSSL
    case AES_192_KEYSIZE:
        evp = EVP_aes_192_ctr();
        break;
#endif
    case AES_128_KEYSIZE:
        evp = EVP_aes_128_ctr();
        break;
    default:
        return err_status_bad_param;
        break;
    }

    if (!EVP_EncryptInit_ex(&c->ctx, evp,
                            NULL, c->key.v8, c->counter.v8)) {
        return err_status_fail;
    } else {
        return err_status_ok;
    }
}