| OLD | NEW |
|---|
| (Empty) |
| 1 /* | |
| 2 * aes_cbc.c | |
| 3 * | |
| 4 * AES Cipher Block Chaining Mode | |
| 5 * | |
| 6 * David A. McGrew | |
| 7 * Cisco Systems, Inc. | |
| 8 */ | |
| 9 | |
| 10 /* | |
| 11 * | |
| 12 * Copyright (c) 2001-2006, Cisco Systems, Inc. | |
| 13 * All rights reserved. | |
| 14 * | |
| 15 * Redistribution and use in source and binary forms, with or without | |
| 16 * modification, are permitted provided that the following conditions | |
| 17 * are met: | |
| 18 * | |
| 19 * Redistributions of source code must retain the above copyright | |
| 20 * notice, this list of conditions and the following disclaimer. | |
| 21 * | |
| 22 * Redistributions in binary form must reproduce the above | |
| 23 * copyright notice, this list of conditions and the following | |
| 24 * disclaimer in the documentation and/or other materials provided | |
| 25 * with the distribution. | |
| 26 * | |
| 27 * Neither the name of the Cisco Systems, Inc. nor the names of its | |
| 28 * contributors may be used to endorse or promote products derived | |
| 29 * from this software without specific prior written permission. | |
| 30 * | |
| 31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 33 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
| 34 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | |
| 35 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
| 36 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
| 37 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 38 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
| 39 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
| 40 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
| 41 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
| 42 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 43 * | |
| 44 */ | |
| 45 | |
| 46 #ifdef HAVE_CONFIG_H | |
| 47 #include <config.h> | |
| 48 #endif | |
| 49 | |
| 50 #include "aes_cbc.h" | |
| 51 #include "alloc.h" | |
| 52 | |
| 53 debug_module_t mod_aes_cbc = { | |
| 54 0, /* debugging is off by default */ | |
| 55 "aes cbc" /* printable module name */ | |
| 56 }; | |
| 57 | |
| 58 | |
| 59 | |
| 60 err_status_t | |
| 61 aes_cbc_alloc(cipher_t **c, int key_len, int tlen) { | |
| 62 extern cipher_type_t aes_cbc; | |
| 63 uint8_t *pointer; | |
| 64 int tmp; | |
| 65 | |
| 66 debug_print(mod_aes_cbc, | |
| 67 "allocating cipher with key length %d", key_len); | |
| 68 | |
| 69 if (key_len != 16 && key_len != 24 && key_len != 32) | |
| 70 return err_status_bad_param; | |
| 71 | |
| 72 /* allocate memory a cipher of type aes_cbc */ | |
| 73 tmp = (sizeof(aes_cbc_ctx_t) + sizeof(cipher_t)); | |
| 74 pointer = (uint8_t*)crypto_alloc(tmp); | |
| 75 if (pointer == NULL) | |
| 76 return err_status_alloc_fail; | |
| 77 | |
| 78 /* set pointers */ | |
| 79 *c = (cipher_t *)pointer; | |
| 80 (*c)->algorithm = AES_CBC; | |
| 81 (*c)->type = &aes_cbc; | |
| 82 (*c)->state = pointer + sizeof(cipher_t); | |
| 83 | |
| 84 /* increment ref_count */ | |
| 85 aes_cbc.ref_count++; | |
| 86 | |
| 87 /* set key size */ | |
| 88 (*c)->key_len = key_len; | |
| 89 | |
| 90 return err_status_ok; | |
| 91 } | |
| 92 | |
| 93 err_status_t | |
| 94 aes_cbc_dealloc(cipher_t *c) { | |
| 95 extern cipher_type_t aes_cbc; | |
| 96 | |
| 97 /* zeroize entire state*/ | |
| 98 octet_string_set_to_zero((uint8_t *)c, | |
| 99 sizeof(aes_cbc_ctx_t) + sizeof(cipher_t)); | |
| 100 | |
| 101 /* free memory */ | |
| 102 crypto_free(c); | |
| 103 | |
| 104 /* decrement ref_count */ | |
| 105 aes_cbc.ref_count--; | |
| 106 | |
| 107 return err_status_ok; | |
| 108 } | |
| 109 | |
| 110 err_status_t | |
| 111 aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, int key_len) { | |
| 112 | |
| 113 debug_print(mod_aes_cbc, | |
| 114 "key: %s", octet_string_hex_string(key, key_len)); | |
| 115 | |
| 116 /* | |
| 117 * Save the key until we have the IV later. We don't | |
| 118 * know the direction until the IV is set. | |
| 119 */ | |
| 120 c->key_len = (key_len <= 32 ? key_len : 32); | |
| 121 memcpy(c->key, key, c->key_len); | |
| 122 | |
| 123 return err_status_ok; | |
| 124 } | |
| 125 | |
| 126 | |
| 127 err_status_t | |
| 128 aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv, int direction) { | |
| 129 err_status_t status; | |
| 130 int i; | |
| 131 /* v128_t *input = iv; */ | |
| 132 uint8_t *input = (uint8_t*) iv; | |
| 133 | |
| 134 /* set state and 'previous' block to iv */ | |
| 135 for (i=0; i < 16; i++) | |
| 136 c->previous.v8[i] = c->state.v8[i] = input[i]; | |
| 137 | |
| 138 debug_print(mod_aes_cbc, "setting iv: %s", v128_hex_string(&c->state)); | |
| 139 | |
| 140 /* expand key for the appropriate direction */ | |
| 141 switch (direction) { | |
| 142 case (direction_encrypt): | |
| 143 status = aes_expand_encryption_key(c->key, c->key_len, &c->expanded_key); | |
| 144 memset(c->key, 0, 32); | |
| 145 if (status) | |
| 146 return status; | |
| 147 break; | |
| 148 case (direction_decrypt): | |
| 149 status = aes_expand_decryption_key(c->key, c->key_len, &c->expanded_key); | |
| 150 memset(c->key, 0, 32); | |
| 151 if (status) | |
| 152 return status; | |
| 153 break; | |
| 154 default: | |
| 155 return err_status_bad_param; | |
| 156 } | |
| 157 | |
| 158 return err_status_ok; | |
| 159 } | |
| 160 | |
| 161 err_status_t | |
| 162 aes_cbc_encrypt(aes_cbc_ctx_t *c, | |
| 163 unsigned char *data, | |
| 164 unsigned int *bytes_in_data) { | |
| 165 int i; | |
| 166 unsigned char *input = data; /* pointer to data being read */ | |
| 167 unsigned char *output = data; /* pointer to data being written */ | |
| 168 int bytes_to_encr = *bytes_in_data; | |
| 169 | |
| 170 /* | |
| 171 * verify that we're 16-octet aligned | |
| 172 */ | |
| 173 if (*bytes_in_data & 0xf) | |
| 174 return err_status_bad_param; | |
| 175 | |
| 176 /* | |
| 177 * note that we assume that the initialization vector has already | |
| 178 * been set, e.g. by calling aes_cbc_set_iv() | |
| 179 */ | |
| 180 debug_print(mod_aes_cbc, "iv: %s", | |
| 181 v128_hex_string(&c->state)); | |
| 182 | |
| 183 /* | |
| 184 * loop over plaintext blocks, exoring state into plaintext then | |
| 185 * encrypting and writing to output | |
| 186 */ | |
| 187 while (bytes_to_encr > 0) { | |
| 188 | |
| 189 /* exor plaintext into state */ | |
| 190 for (i=0; i < 16; i++) | |
| 191 c->state.v8[i] ^= *input++; | |
| 192 | |
| 193 debug_print(mod_aes_cbc, "inblock: %s", | |
| 194 v128_hex_string(&c->state)); | |
| 195 | |
| 196 aes_encrypt(&c->state, &c->expanded_key); | |
| 197 | |
| 198 debug_print(mod_aes_cbc, "outblock: %s", | |
| 199 v128_hex_string(&c->state)); | |
| 200 | |
| 201 /* copy ciphertext to output */ | |
| 202 for (i=0; i < 16; i++) | |
| 203 *output++ = c->state.v8[i]; | |
| 204 | |
| 205 bytes_to_encr -= 16; | |
| 206 } | |
| 207 | |
| 208 return err_status_ok; | |
| 209 } | |
| 210 | |
| 211 err_status_t | |
| 212 aes_cbc_decrypt(aes_cbc_ctx_t *c, | |
| 213 unsigned char *data, | |
| 214 unsigned int *bytes_in_data) { | |
| 215 int i; | |
| 216 v128_t state, previous; | |
| 217 unsigned char *input = data; /* pointer to data being read */ | |
| 218 unsigned char *output = data; /* pointer to data being written */ | |
| 219 int bytes_to_encr = *bytes_in_data; | |
| 220 uint8_t tmp; | |
| 221 | |
| 222 /* | |
| 223 * verify that we're 16-octet aligned | |
| 224 */ | |
| 225 if (*bytes_in_data & 0x0f) | |
| 226 return err_status_bad_param; | |
| 227 | |
| 228 /* set 'previous' block to iv*/ | |
| 229 for (i=0; i < 16; i++) { | |
| 230 previous.v8[i] = c->previous.v8[i]; | |
| 231 } | |
| 232 | |
| 233 debug_print(mod_aes_cbc, "iv: %s", | |
| 234 v128_hex_string(&previous)); | |
| 235 | |
| 236 /* | |
| 237 * loop over ciphertext blocks, decrypting then exoring with state | |
| 238 * then writing plaintext to output | |
| 239 */ | |
| 240 while (bytes_to_encr > 0) { | |
| 241 | |
| 242 /* set state to ciphertext input block */ | |
| 243 for (i=0; i < 16; i++) { | |
| 244 state.v8[i] = *input++; | |
| 245 } | |
| 246 | |
| 247 debug_print(mod_aes_cbc, "inblock: %s", | |
| 248 v128_hex_string(&state)); | |
| 249 | |
| 250 /* decrypt state */ | |
| 251 aes_decrypt(&state, &c->expanded_key); | |
| 252 | |
| 253 debug_print(mod_aes_cbc, "outblock: %s", | |
| 254 v128_hex_string(&state)); | |
| 255 | |
| 256 /* | |
| 257 * exor previous ciphertext block out of plaintext, and write new | |
| 258 * plaintext block to output, while copying old ciphertext block | |
| 259 * to the 'previous' block | |
| 260 */ | |
| 261 for (i=0; i < 16; i++) { | |
| 262 tmp = *output; | |
| 263 *output++ = state.v8[i] ^ previous.v8[i]; | |
| 264 previous.v8[i] = tmp; | |
| 265 } | |
| 266 | |
| 267 bytes_to_encr -= 16; | |
| 268 } | |
| 269 | |
| 270 return err_status_ok; | |
| 271 } | |
| 272 | |
| 273 | |
| 274 err_status_t | |
| 275 aes_cbc_nist_encrypt(aes_cbc_ctx_t *c, | |
| 276 unsigned char *data, | |
| 277 unsigned int *bytes_in_data) { | |
| 278 int i; | |
| 279 unsigned char *pad_start; | |
| 280 int num_pad_bytes; | |
| 281 err_status_t status; | |
| 282 | |
| 283 /* | |
| 284 * determine the number of padding bytes that we need to add - | |
| 285 * this value is always between 1 and 16, inclusive. | |
| 286 */ | |
| 287 num_pad_bytes = 16 - (*bytes_in_data & 0xf); | |
| 288 pad_start = data; | |
| 289 pad_start += *bytes_in_data; | |
| 290 *pad_start++ = 0xa0; | |
| 291 for (i=0; i < num_pad_bytes; i++) | |
| 292 *pad_start++ = 0x00; | |
| 293 | |
| 294 /* | |
| 295 * increment the data size | |
| 296 */ | |
| 297 *bytes_in_data += num_pad_bytes; | |
| 298 | |
| 299 /* | |
| 300 * now cbc encrypt the padded data | |
| 301 */ | |
| 302 status = aes_cbc_encrypt(c, data, bytes_in_data); | |
| 303 if (status) | |
| 304 return status; | |
| 305 | |
| 306 return err_status_ok; | |
| 307 } | |
| 308 | |
| 309 | |
| 310 err_status_t | |
| 311 aes_cbc_nist_decrypt(aes_cbc_ctx_t *c, | |
| 312 unsigned char *data, | |
| 313 unsigned int *bytes_in_data) { | |
| 314 unsigned char *pad_end; | |
| 315 int num_pad_bytes; | |
| 316 err_status_t status; | |
| 317 | |
| 318 /* | |
| 319 * cbc decrypt the padded data | |
| 320 */ | |
| 321 status = aes_cbc_decrypt(c, data, bytes_in_data); | |
| 322 if (status) | |
| 323 return status; | |
| 324 | |
| 325 /* | |
| 326 * determine the number of padding bytes in the decrypted plaintext | |
| 327 * - this value is always between 1 and 16, inclusive. | |
| 328 */ | |
| 329 num_pad_bytes = 1; | |
| 330 pad_end = data + (*bytes_in_data - 1); | |
| 331 while (*pad_end != 0xa0) { /* note: should check padding correctness */ | |
| 332 pad_end--; | |
| 333 num_pad_bytes++; | |
| 334 } | |
| 335 | |
| 336 /* decrement data size */ | |
| 337 *bytes_in_data -= num_pad_bytes; | |
| 338 | |
| 339 return err_status_ok; | |
| 340 } | |
| 341 | |
| 342 | |
| 343 char | |
| 344 aes_cbc_description[] = "aes cipher block chaining (cbc) mode"; | |
| 345 | |
| 346 /* | |
| 347 * Test case 0 is derived from FIPS 197 Appendix C; it uses an | |
| 348 * all-zero IV, so that the first block encryption matches the test | |
| 349 * case in that appendix. This property provides a check of the base | |
| 350 * AES encryption and decryption algorithms; if CBC fails on some | |
| 351 * particular platform, then you should print out AES intermediate | |
| 352 * data and compare with the detailed info provided in that appendix. | |
| 353 * | |
| 354 */ | |
| 355 | |
| 356 | |
| 357 uint8_t aes_cbc_test_case_0_key[16] = { | |
| 358 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
| 359 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f | |
| 360 }; | |
| 361 | |
| 362 uint8_t aes_cbc_test_case_0_plaintext[64] = { | |
| 363 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | |
| 364 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff | |
| 365 }; | |
| 366 | |
| 367 uint8_t aes_cbc_test_case_0_ciphertext[80] = { | |
| 368 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30, | |
| 369 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a, | |
| 370 0x03, 0x35, 0xed, 0x27, 0x67, 0xf2, 0x6d, 0xf1, | |
| 371 0x64, 0x83, 0x2e, 0x23, 0x44, 0x38, 0x70, 0x8b | |
| 372 | |
| 373 }; | |
| 374 | |
| 375 uint8_t aes_cbc_test_case_0_iv[16] = { | |
| 376 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
| 377 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | |
| 378 }; | |
| 379 | |
| 380 | |
| 381 cipher_test_case_t aes_cbc_test_case_0 = { | |
| 382 16, /* octets in key */ | |
| 383 aes_cbc_test_case_0_key, /* key */ | |
| 384 aes_cbc_test_case_0_iv, /* initialization vector */ | |
| 385 16, /* octets in plaintext */ | |
| 386 aes_cbc_test_case_0_plaintext, /* plaintext */ | |
| 387 32, /* octets in ciphertext */ | |
| 388 aes_cbc_test_case_0_ciphertext, /* ciphertext */ | |
| 389 0, | |
| 390 NULL, | |
| 391 0, | |
| 392 NULL /* pointer to next testcase */ | |
| 393 }; | |
| 394 | |
| 395 | |
| 396 /* | |
| 397 * this test case is taken directly from Appendix F.2 of NIST Special | |
| 398 * Publication SP 800-38A | |
| 399 */ | |
| 400 | |
| 401 uint8_t aes_cbc_test_case_1_key[16] = { | |
| 402 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, | |
| 403 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, | |
| 404 }; | |
| 405 | |
| 406 uint8_t aes_cbc_test_case_1_plaintext[64] = { | |
| 407 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, | |
| 408 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, | |
| 409 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, | |
| 410 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, | |
| 411 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, | |
| 412 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, | |
| 413 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, | |
| 414 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 | |
| 415 }; | |
| 416 | |
| 417 uint8_t aes_cbc_test_case_1_ciphertext[80] = { | |
| 418 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, | |
| 419 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, | |
| 420 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, | |
| 421 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2, | |
| 422 0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b, | |
| 423 0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16, | |
| 424 0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09, | |
| 425 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7, | |
| 426 0x39, 0x34, 0x07, 0x03, 0x36, 0xd0, 0x77, 0x99, | |
| 427 0xe0, 0xc4, 0x2f, 0xdd, 0xa8, 0xdf, 0x4c, 0xa3 | |
| 428 }; | |
| 429 | |
| 430 uint8_t aes_cbc_test_case_1_iv[16] = { | |
| 431 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
| 432 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f | |
| 433 }; | |
| 434 | |
| 435 cipher_test_case_t aes_cbc_test_case_1 = { | |
| 436 16, /* octets in key */ | |
| 437 aes_cbc_test_case_1_key, /* key */ | |
| 438 aes_cbc_test_case_1_iv, /* initialization vector */ | |
| 439 64, /* octets in plaintext */ | |
| 440 aes_cbc_test_case_1_plaintext, /* plaintext */ | |
| 441 80, /* octets in ciphertext */ | |
| 442 aes_cbc_test_case_1_ciphertext, /* ciphertext */ | |
| 443 0, | |
| 444 NULL, | |
| 445 0, | |
| 446 &aes_cbc_test_case_0 /* pointer to next testcase */ | |
| 447 }; | |
| 448 | |
| 449 /* | |
| 450 * Test case 2 is like test case 0, but for 256-bit keys. (FIPS 197 | |
| 451 * appendix C.3). | |
| 452 */ | |
| 453 | |
| 454 | |
| 455 uint8_t aes_cbc_test_case_2_key[32] = { | |
| 456 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
| 457 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, | |
| 458 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, | |
| 459 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f | |
| 460 }; | |
| 461 | |
| 462 uint8_t aes_cbc_test_case_2_plaintext[64] = { | |
| 463 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, | |
| 464 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff | |
| 465 }; | |
| 466 | |
| 467 uint8_t aes_cbc_test_case_2_ciphertext[80] = { | |
| 468 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf, | |
| 469 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89, | |
| 470 0x72, 0x72, 0x6e, 0xe7, 0x71, 0x39, 0xbf, 0x11, | |
| 471 0xe5, 0x40, 0xe2, 0x7c, 0x54, 0x65, 0x1d, 0xee | |
| 472 }; | |
| 473 | |
| 474 uint8_t aes_cbc_test_case_2_iv[16] = { | |
| 475 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
| 476 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 | |
| 477 }; | |
| 478 | |
| 479 cipher_test_case_t aes_cbc_test_case_2 = { | |
| 480 32, /* octets in key */ | |
| 481 aes_cbc_test_case_2_key, /* key */ | |
| 482 aes_cbc_test_case_2_iv, /* initialization vector */ | |
| 483 16, /* octets in plaintext */ | |
| 484 aes_cbc_test_case_2_plaintext, /* plaintext */ | |
| 485 32, /* octets in ciphertext */ | |
| 486 aes_cbc_test_case_2_ciphertext, /* ciphertext */ | |
| 487 0, | |
| 488 NULL, | |
| 489 0, | |
| 490 &aes_cbc_test_case_1 /* pointer to next testcase */ | |
| 491 }; | |
| 492 | |
| 493 | |
| 494 /* | |
| 495 * this test case is taken directly from Appendix F.2 of NIST Special | |
| 496 * Publication SP 800-38A | |
| 497 */ | |
| 498 | |
| 499 uint8_t aes_cbc_test_case_3_key[32] = { | |
| 500 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, | |
| 501 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, | |
| 502 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, | |
| 503 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 | |
| 504 }; | |
| 505 | |
| 506 uint8_t aes_cbc_test_case_3_plaintext[64] = { | |
| 507 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, | |
| 508 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, | |
| 509 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, | |
| 510 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, | |
| 511 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, | |
| 512 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, | |
| 513 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, | |
| 514 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 | |
| 515 }; | |
| 516 | |
| 517 uint8_t aes_cbc_test_case_3_ciphertext[80] = { | |
| 518 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba, | |
| 519 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6, | |
| 520 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d, | |
| 521 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d, | |
| 522 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf, | |
| 523 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61, | |
| 524 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc, | |
| 525 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b, | |
| 526 0xfb, 0x98, 0x20, 0x2c, 0x45, 0xb2, 0xe4, 0xa0, | |
| 527 0x63, 0xc4, 0x68, 0xba, 0x84, 0x39, 0x16, 0x5a | |
| 528 }; | |
| 529 | |
| 530 uint8_t aes_cbc_test_case_3_iv[16] = { | |
| 531 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, | |
| 532 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f | |
| 533 }; | |
| 534 | |
| 535 cipher_test_case_t aes_cbc_test_case_3 = { | |
| 536 32, /* octets in key */ | |
| 537 aes_cbc_test_case_3_key, /* key */ | |
| 538 aes_cbc_test_case_3_iv, /* initialization vector */ | |
| 539 64, /* octets in plaintext */ | |
| 540 aes_cbc_test_case_3_plaintext, /* plaintext */ | |
| 541 80, /* octets in ciphertext */ | |
| 542 aes_cbc_test_case_3_ciphertext, /* ciphertext */ | |
| 543 0, | |
| 544 NULL, | |
| 545 0, | |
| 546 &aes_cbc_test_case_2 /* pointer to next testcase */ | |
| 547 }; | |
| 548 | |
| 549 cipher_type_t aes_cbc = { | |
| 550 (cipher_alloc_func_t) aes_cbc_alloc, | |
| 551 (cipher_dealloc_func_t) aes_cbc_dealloc, | |
| 552 (cipher_init_func_t) aes_cbc_context_init, | |
| 553 (cipher_set_aad_func_t) 0, | |
| 554 (cipher_encrypt_func_t) aes_cbc_nist_encrypt, | |
| 555 (cipher_decrypt_func_t) aes_cbc_nist_decrypt, | |
| 556 (cipher_set_iv_func_t) aes_cbc_set_iv, | |
| 557 (cipher_get_tag_func_t) 0, | |
| 558 (char *) aes_cbc_description, | |
| 559 (int) 0, /* instance count */ | |
| 560 (cipher_test_case_t *) &aes_cbc_test_case_3, | |
| 561 (debug_module_t *) &mod_aes_cbc, | |
| 562 (cipher_type_id_t) AES_CBC | |
| 563 }; | |
| 564 | |
| 565 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2344973002:
Update libsrtp to version 2.0 (Closed)
