1 files changed, 149 insertions, 28 deletions

diff --git a/third_party/srtp/crypto/cipher/aes_cbc.c b/third_party/srtp/crypto/cipher/aes_cbc.c
index 8fc6a327..11953bf2 100644
--- a/third_party/srtp/crypto/cipher/aes_cbc.c
+++ b/third_party/srtp/crypto/cipher/aes_cbc.c
@@ -43,6 +43,9 @@
  *
  */
 
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
 
 #include "aes_cbc.h"
 #include "alloc.h"
@@ -55,7 +58,7 @@ debug_module_t mod_aes_cbc = {
 
 
 err_status_t
-aes_cbc_alloc(cipher_t **c, int key_len) {
+aes_cbc_alloc(cipher_t **c, int key_len, int tlen) {
   extern cipher_type_t aes_cbc;
   uint8_t *pointer;
   int tmp;
@@ -63,10 +66,10 @@ aes_cbc_alloc(cipher_t **c, int key_len) {
   debug_print(mod_aes_cbc, 
 	      "allocating cipher with key length %d", key_len);
 
-  if (key_len != 16)
+  if (key_len != 16 && key_len != 24 && key_len != 32)
     return err_status_bad_param;
   
-  /* allocate memory a cipher of type aes_icm */
+  /* allocate memory a cipher of type aes_cbc */
   tmp = (sizeof(aes_cbc_ctx_t) + sizeof(cipher_t));
   pointer = (uint8_t*)crypto_alloc(tmp);
   if (pointer == NULL) 
@@ -74,6 +77,7 @@ aes_cbc_alloc(cipher_t **c, int key_len) {
 
   /* set pointers */
   *c = (cipher_t *)pointer;
+  (*c)->algorithm = AES_CBC;
   (*c)->type = &aes_cbc;
   (*c)->state = pointer + sizeof(cipher_t);
 
@@ -104,35 +108,25 @@ aes_cbc_dealloc(cipher_t *c) {
 }
 
 err_status_t
-aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, 
-		     cipher_direction_t dir) {
-  v128_t tmp_key;
-
-  /* set tmp_key (for alignment) */
-  v128_copy_octet_string(&tmp_key, key);
+aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, int key_len) {
 
   debug_print(mod_aes_cbc, 
-	      "key:  %s", v128_hex_string(&tmp_key)); 
-
-  /* expand key for the appropriate direction */
-  switch (dir) {
-  case (direction_encrypt):
-    aes_expand_encryption_key(&tmp_key, c->expanded_key);
-    break;
-  case (direction_decrypt):
-    aes_expand_decryption_key(&tmp_key, c->expanded_key);
-    break;
-  default:
-    return err_status_bad_param;
-  }
+	      "key:  %s", octet_string_hex_string(key, key_len)); 
 
+  /*
+   * Save the key until we have the IV later.  We don't
+   * know the direction until the IV is set.
+   */
+  c->key_len = (key_len <= 32 ? key_len : 32);
+  memcpy(c->key, key, c->key_len);
 
   return err_status_ok;
 }
 
 
 err_status_t
-aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv) {
+aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv, int direction) {
+  err_status_t status;
   int i;
 /*   v128_t *input = iv; */
   uint8_t *input = (uint8_t*) iv;
@@ -143,6 +137,24 @@ aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv) {
 
   debug_print(mod_aes_cbc, "setting iv: %s", v128_hex_string(&c->state)); 
 
+  /* expand key for the appropriate direction */
+  switch (direction) {
+  case (direction_encrypt):
+    status = aes_expand_encryption_key(c->key, c->key_len, &c->expanded_key);
+    memset(c->key, 0, 32);
+    if (status)
+      return status;
+    break;
+  case (direction_decrypt):
+    status = aes_expand_decryption_key(c->key, c->key_len, &c->expanded_key);
+    memset(c->key, 0, 32);
+    if (status)
+      return status;
+    break;
+  default:
+    return err_status_bad_param;
+  }
+
   return err_status_ok;
 }
 
@@ -181,7 +193,7 @@ aes_cbc_encrypt(aes_cbc_ctx_t *c,
     debug_print(mod_aes_cbc, "inblock:  %s", 
 	      v128_hex_string(&c->state));
 
-    aes_encrypt(&c->state, c->expanded_key);
+    aes_encrypt(&c->state, &c->expanded_key);
 
     debug_print(mod_aes_cbc, "outblock: %s", 
 	      v128_hex_string(&c->state));
@@ -236,7 +248,7 @@ aes_cbc_decrypt(aes_cbc_ctx_t *c,
 	      v128_hex_string(&state));
     
     /* decrypt state */
-    aes_decrypt(&state, c->expanded_key);
+    aes_decrypt(&state, &c->expanded_key);
 
     debug_print(mod_aes_cbc, "outblock: %s", 
 	      v128_hex_string(&state));
@@ -332,7 +344,7 @@ char
 aes_cbc_description[] = "aes cipher block chaining (cbc) mode";
 
 /*
- * Test case 0 is derived from FIPS 197 Appendix A; it uses an
+ * Test case 0 is derived from FIPS 197 Appendix C; it uses an
  * all-zero IV, so that the first block encryption matches the test
  * case in that appendix.  This property provides a check of the base
  * AES encryption and decryption algorithms; if CBC fails on some
@@ -374,6 +386,9 @@ cipher_test_case_t aes_cbc_test_case_0 = {
   aes_cbc_test_case_0_plaintext,         /* plaintext                */
   32,                                    /* octets in ciphertext     */
   aes_cbc_test_case_0_ciphertext,        /* ciphertext               */
+  0,
+  NULL,
+  0,
   NULL                                   /* pointer to next testcase */
 };
 
@@ -425,20 +440,126 @@ cipher_test_case_t aes_cbc_test_case_1 = {
   aes_cbc_test_case_1_plaintext,         /* plaintext                */
   80,                                    /* octets in ciphertext     */
   aes_cbc_test_case_1_ciphertext,        /* ciphertext               */
+  0,
+  NULL,
+  0,
   &aes_cbc_test_case_0                    /* pointer to next testcase */
 };
 
+/*
+ * Test case 2 is like test case 0, but for 256-bit keys. (FIPS 197 
+ * appendix C.3).
+ */
+
+
+uint8_t aes_cbc_test_case_2_key[32] = {
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 
+  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 
+  0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+};
+
+uint8_t aes_cbc_test_case_2_plaintext[64] =  {
+  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff 
+};
+
+uint8_t aes_cbc_test_case_2_ciphertext[80] = {
+  0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
+  0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89,  
+  0x72, 0x72, 0x6e, 0xe7, 0x71, 0x39, 0xbf, 0x11,
+  0xe5, 0x40, 0xe2, 0x7c, 0x54, 0x65, 0x1d, 0xee
+};
+
+uint8_t aes_cbc_test_case_2_iv[16] = {
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+cipher_test_case_t aes_cbc_test_case_2 = {
+  32,                                    /* octets in key            */
+  aes_cbc_test_case_2_key,               /* key                      */
+  aes_cbc_test_case_2_iv,                /* initialization vector    */
+  16,                                    /* octets in plaintext      */
+  aes_cbc_test_case_2_plaintext,         /* plaintext                */
+  32,                                    /* octets in ciphertext     */
+  aes_cbc_test_case_2_ciphertext,        /* ciphertext               */
+  0,
+  NULL,
+  0,
+  &aes_cbc_test_case_1                   /* pointer to next testcase */
+};
+
+
+/*
+ * this test case is taken directly from Appendix F.2 of NIST Special
+ * Publication SP 800-38A
+ */
+
+uint8_t aes_cbc_test_case_3_key[32] = {
+  0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+  0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+  0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+  0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
+};
+
+uint8_t aes_cbc_test_case_3_plaintext[64] =  {
+  0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 
+  0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+  0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 
+  0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+  0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+  0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+  0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 
+  0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
+};
+
+uint8_t aes_cbc_test_case_3_ciphertext[80] = {
+  0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
+  0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
+  0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
+  0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
+  0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf,
+  0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61,
+  0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
+  0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b,
+  0xfb, 0x98, 0x20, 0x2c, 0x45, 0xb2, 0xe4, 0xa0,
+  0x63, 0xc4, 0x68, 0xba, 0x84, 0x39, 0x16, 0x5a
+};
+
+uint8_t aes_cbc_test_case_3_iv[16] = {
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 
+  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+
+cipher_test_case_t aes_cbc_test_case_3 = {
+  32,                                    /* octets in key            */
+  aes_cbc_test_case_3_key,               /* key                      */
+  aes_cbc_test_case_3_iv,                /* initialization vector    */
+  64,                                    /* octets in plaintext      */
+  aes_cbc_test_case_3_plaintext,         /* plaintext                */
+  80,                                    /* octets in ciphertext     */
+  aes_cbc_test_case_3_ciphertext,        /* ciphertext               */
+  0,
+  NULL,
+  0,
+  &aes_cbc_test_case_2                    /* pointer to next testcase */
+};
+
 cipher_type_t aes_cbc = {
   (cipher_alloc_func_t)          aes_cbc_alloc,
   (cipher_dealloc_func_t)        aes_cbc_dealloc,  
   (cipher_init_func_t)           aes_cbc_context_init,
+  (cipher_set_aad_func_t)        0,
   (cipher_encrypt_func_t)        aes_cbc_nist_encrypt,
   (cipher_decrypt_func_t)        aes_cbc_nist_decrypt,
   (cipher_set_iv_func_t)         aes_cbc_set_iv,
+  (cipher_get_tag_func_t)        0,
   (char *)                       aes_cbc_description,
   (int)                          0,   /* instance count */
-  (cipher_test_case_t *)        &aes_cbc_test_case_0,
-  (debug_module_t *)            &mod_aes_cbc
+  (cipher_test_case_t *)        &aes_cbc_test_case_3,
+  (debug_module_t *)            &mod_aes_cbc,
+  (cipher_type_id_t)             AES_CBC
 };