void
v128_copy_octet_string(v128_t *x, const uint8_t s[16]) {
#ifdef ALIGNMENT_32BIT_REQUIRED
if ((((uint32_t) &s[0]) & 0x3) != 0)
#endif
{
x->v8[0] = s[0];
x->v8[1] = s[1];
x->v8[2] = s[2];
x->v8[3] = s[3];
x->v8[4] = s[4];
x->v8[5] = s[5];
x->v8[6] = s[6];
x->v8[7] = s[7];
x->v8[8] = s[8];
x->v8[9] = s[9];
x->v8[10] = s[10];
x->v8[11] = s[11];
x->v8[12] = s[12];
x->v8[13] = s[13];
x->v8[14] = s[14];
x->v8[15] = s[15];
}
#ifdef ALIGNMENT_32BIT_REQUIRED
else
{
v128_t *v = (v128_t *) &s[0];
v128_copy(x,v);
}
#endif
}
/*
* aes_icm_advance(...) refills the keystream_buffer and
* advances the block index of the sicm_context forward by one
*
* this is an internal, hopefully inlined function
*/
static void srtp_aes_icm_advance_ismacryp (srtp_aes_icm_ctx_t *c, uint8_t forIsmacryp)
{
/* fill buffer with new keystream */
v128_copy(&c->keystream_buffer, &c->counter);
srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key);
c->bytes_in_buffer = sizeof(v128_t);
debug_print(srtp_mod_aes_icm, "counter: %s",
v128_hex_string(&c->counter));
debug_print(srtp_mod_aes_icm, "ciphertext: %s",
v128_hex_string(&c->keystream_buffer));
/* clock counter forward */
if (forIsmacryp) {
uint32_t temp;
//alex's clock counter forward
temp = ntohl(c->counter.v32[3]);
++temp;
c->counter.v32[3] = htonl(temp);
} else {
if (!++(c->counter.v8[15])) {
++(c->counter.v8[14]);
}
}
}
inline void
aes_icm_advance(aes_icm_ctx_t *c) {
#if GENERIC_AESICM
uint32_t temp;
#endif
/* fill buffer with new keystream */
v128_copy(&c->keystream_buffer, &c->counter);
aes_encrypt(&c->keystream_buffer, c->expanded_key);
c->bytes_in_buffer = 16;
debug_print(mod_aes_icm, "counter: %s",
v128_hex_string(&c->counter));
debug_print(mod_aes_icm, "ciphertext: %s",
v128_hex_string(&c->keystream_buffer));
/* clock counter forward */
#if GENERIC_AESICM
//alex's clock counter forward
temp = ntohl(c->counter.v32[3]);
c->counter.v32[3] = htonl(++temp);
#else
if (!++(c->counter.octet[15]))
++(c->counter.octet[14]);
#endif
}
/*
* aes_icm_advance(...) refills the keystream_buffer and
* advances the block index of the sicm_context forward by one
*
* this is an internal, hopefully inlined function
*/
static void srtp_aes_icm_advance (srtp_aes_icm_ctx_t *c)
{
/* fill buffer with new keystream */
v128_copy(&c->keystream_buffer, &c->counter);
srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key);
c->bytes_in_buffer = sizeof(v128_t);
debug_print(srtp_mod_aes_icm, "counter: %s",
v128_hex_string(&c->counter));
debug_print(srtp_mod_aes_icm, "ciphertext: %s",
v128_hex_string(&c->keystream_buffer));
/* clock counter forward */
if (!++(c->counter.v8[15])) {
++(c->counter.v8[14]);
}
}
err_status_t
aes_icm_set_octet(aes_icm_ctx_t *c,
uint64_t octet_num) {
int tail_num = octet_num % 16;
uint64_t block_num = octet_num / 16;
/* set counter value */
c->counter.v64[0] = c->offset.v64[0];
c->counter.v64[0] = c->offset.v64[0] ^ block_num;
debug_print(mod_aes_icm,
"set_octet: %s", v128_hex_string(&c->counter));
/* fill keystream buffer, if needed */
if (tail_num) {
v128_copy(&c->keystream_buffer, &c->counter);
aes_encrypt(&c->keystream_buffer, c->expanded_key);
c->bytes_in_buffer = 16;
debug_print(mod_aes_icm, "counter: %s",
v128_hex_string(&c->counter));
debug_print(mod_aes_icm, "ciphertext: %s",
v128_hex_string(&c->keystream_buffer));
/* indicate number of bytes in keystream_buffer */
c->bytes_in_buffer = 16 - tail_num;
} else {
/* indicate that keystream_buffer is empty */
c->bytes_in_buffer = 0;
}
return err_status_ok;
}
err_status_t
x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
uint32_t t;
v128_t buffer;
int i, tail_len;
err_status_t status;
/*
* if we need to re-initialize the prng, do so now
*
* avoid overflows by subtracting instead of adding
*/
if (x917_prng.octet_count > MAX_PRNG_OUT_LEN - len) {
status = x917_prng_init(x917_prng.rand);
if (status)
return status;
}
x917_prng.octet_count += len;
/* find out the time */
t = time(NULL);
/* loop until we have output enough data */
for (i=0; i < len/16; i++) {
/* exor time into state */
x917_prng.state.v32[0] ^= t;
/* copy state into buffer */
v128_copy(&buffer, &x917_prng.state);
/* apply aes to buffer */
aes_encrypt(&buffer, x917_prng.key);
/* write data to output */
*dest++ = buffer.v8[0];
*dest++ = buffer.v8[1];
*dest++ = buffer.v8[2];
*dest++ = buffer.v8[3];
*dest++ = buffer.v8[4];
*dest++ = buffer.v8[5];
*dest++ = buffer.v8[6];
*dest++ = buffer.v8[7];
*dest++ = buffer.v8[8];
*dest++ = buffer.v8[9];
*dest++ = buffer.v8[10];
*dest++ = buffer.v8[11];
*dest++ = buffer.v8[12];
*dest++ = buffer.v8[13];
*dest++ = buffer.v8[14];
*dest++ = buffer.v8[15];
/* exor time into buffer */
buffer.v32[0] ^= t;
/* encrypt buffer */
aes_encrypt(&buffer, x917_prng.key);
/* copy buffer into state */
v128_copy(&x917_prng.state, &buffer);
}
/* if we need to output any more octets, we'll do so now */
tail_len = len % 16;
if (tail_len) {
/* exor time into state */
x917_prng.state.v32[0] ^= t;
/* copy value into buffer */
v128_copy(&buffer, &x917_prng.state);
/* apply aes to buffer */
aes_encrypt(&buffer, x917_prng.key);
/* write data to output */
for (i=0; i < tail_len; i++) {
*dest++ = buffer.v8[i];
}
/* now update the state one more time */
/* exor time into buffer */
buffer.v32[0] ^= t;
/* encrypt buffer */
aes_encrypt(&buffer, x917_prng.key);
/* copy buffer into state */
v128_copy(&x917_prng.state, &buffer);
}
return err_status_ok;
}