dect
/
asterisk
Archived
13
0
Fork 0
Code Releases Activity

Remove built-in AES code and use optional_api instead 

Review: https://reviewboard.asterisk.org/r/793/


git-svn-id: http://svn.digium.com/svn/asterisk/trunk@278538 f38db490-d61c-443f-a65b-d21fe96a405b
This commit is contained in:
twilson 2010-07-21 19:11:32 +00:00
parent fe09035019
commit 15f42844ef
14 changed files with 95 additions and 2312 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
channels/chan_iax2.c
View File

@ -80,7 +80,6 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include "asterisk/utils.h"
#include "asterisk/causes.h"
#include "asterisk/localtime.h"
#include "asterisk/aes.h"
#include "asterisk/dnsmgr.h"
#include "asterisk/devicestate.h"
#include "asterisk/netsock.h"
@ -6035,7 +6034,7 @@ static void build_rand_pad(unsigned char *buf, ssize_t len)
static void build_encryption_keys(const unsigned char *digest, struct chan_iax2_pvt *pvt)
{
build_ecx_key(digest, pvt);
ast_aes_decrypt_key(digest, &pvt->dcx);
ast_aes_set_decrypt_key(digest, &pvt->dcx);
}
static void build_ecx_key(const unsigned char *digest, struct chan_iax2_pvt *pvt)
@ -6044,8 +6043,8 @@ static void build_ecx_key(const unsigned char *digest, struct chan_iax2_pvt *pvt
* in the pvt struct because queued frames occasionally need to be decrypted and
* re-encrypted when updated for a retransmission */
build_rand_pad(pvt->semirand, sizeof(pvt->semirand));
ast_aes_encrypt_key(digest, &pvt->ecx);
ast_aes_decrypt_key(digest, &pvt->mydcx);
ast_aes_set_encrypt_key(digest, &pvt->ecx);
ast_aes_set_decrypt_key(digest, &pvt->mydcx);
}
static void memcpy_decrypt(unsigned char *dst, const unsigned char *src, int len, ast_aes_decrypt_key *dcx)
@ -11214,7 +11213,7 @@ immediatedial:
IAX_DEBUGDIGEST("Receiving", ies.challenge);
ast_aes_decrypt_key((unsigned char *) ies.challenge, &iaxs[fr->callno]->dcx);
ast_aes_set_decrypt_key((unsigned char *) ies.challenge, &iaxs[fr->callno]->dcx);
break;
case IAX_COMMAND_DPREP:
complete_dpreply(iaxs[fr->callno], &ies);

2
channels/iax2-parser.h
View File

@ -19,7 +19,7 @@
#define _IAX2_PARSER_H
#include "asterisk/linkedlists.h"
#include "asterisk/aes.h"
#include "asterisk/crypto.h"
#include "asterisk/frame_defs.h"
struct iax_ies {

9
funcs/func_aes.c
View File

@ -22,6 +22,9 @@
* \ingroup functions
*/
/*** MODULEINFO
<use>crypto</use>
***/
#include "asterisk.h"
@ -30,7 +33,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include "asterisk/module.h"
#include "asterisk/pbx.h"
#include "asterisk/app.h"
#include "asterisk/aes.h"
#include "asterisk/crypto.h"
#define AES_BLOCK_SIZE 16
@ -97,8 +100,8 @@ static int aes_helper(struct ast_channel *chan, const char *cmd, char *data,
return -1;
}
ast_aes_encrypt_key((unsigned char *) args.key, &ecx); /* encryption: plaintext -> encryptedtext -> base64 */
ast_aes_decrypt_key((unsigned char *) args.key, &dcx); /* decryption: base64 -> encryptedtext -> plaintext */
ast_aes_set_encrypt_key((unsigned char *) args.key, &ecx); /* encryption: plaintext -> encryptedtext -> base64 */
ast_aes_set_decrypt_key((unsigned char *) args.key, &dcx); /* decryption: base64 -> encryptedtext -> plaintext */
tmp = ast_calloc(1, len); /* requires a tmp buffer for the base64 decode */
tmpP = tmp;
encrypt = strcmp("AES_DECRYPT", cmd); /* -1 if encrypting, 0 if decrypting */

68
include/asterisk/aes.h
View File

@ -1,68 +0,0 @@
/*
* Asterisk -- An open source telephony toolkit.
*
* Copyright (C) 20075, Digium, Inc.
*
* Kevin P. Fleming <kpfleming@digium.com>
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*
* This program is free software, distributed under the terms of
* the GNU General Public License Version 2. See the LICENSE file
* at the top of the source tree.
*/
/*! \file
* Wrappers for AES encryption/decryption
*
* \author Kevin P. Fleming <kpfleming@digium.com>
*
* These wrappers provided a generic interface to either the
* AES methods provided by OpenSSL's crypto library, or the
* AES implementation included with Asterisk.
*/
#ifndef _ASTERISK_AES_H
#define _ASTERISK_AES_H
#ifdef HAVE_CRYPTO
/* Use the OpenSSL crypto library */
#include "openssl/aes.h"
typedef AES_KEY ast_aes_encrypt_key;
typedef AES_KEY ast_aes_decrypt_key;
#define ast_aes_encrypt_key(key, context) AES_set_encrypt_key(key, 128, context)
#define ast_aes_decrypt_key(key, context) AES_set_decrypt_key(key, 128, context)
#define ast_aes_encrypt(in, out, context) AES_encrypt(in, out, context)
#define ast_aes_decrypt(in, out, context) AES_decrypt(in, out, context)
#else /* !HAVE_CRYPTO */
/* Use the included AES implementation */
#define AES_128
#include "aes_internal.h"
typedef aes_encrypt_ctx ast_aes_encrypt_key;
typedef aes_decrypt_ctx ast_aes_decrypt_key;
#define ast_aes_encrypt_key(key, context) aes_encrypt_key128(key, context)
#define ast_aes_decrypt_key(key, context) aes_decrypt_key128(key, context)
#define ast_aes_encrypt(in, out, context) aes_encrypt(in, out, context)
#define ast_aes_decrypt(in, out, context) aes_decrypt(in, out, context)
#endif /* !HAVE_CRYPTO */
#endif /* _ASTERISK_AES_H */

170
include/asterisk/aes_internal.h
View File

@ -1,170 +0,0 @@
/*
* Asterisk -- An open source telephony toolkit.
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*/
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 26/08/2003
*/
/*!\file
\brief This file contains the definitions required to use AES in C. See aesopt.h
for optimisation details.
*/
#ifndef _AES_INTERNAL_H
#define _AES_INTERNAL_H
/* This include is used to find 8 & 32 bit unsigned integer types */
#include "limits.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#define AES_128 /* define if AES with 128 bit keys is needed */
#undef AES_192 /* define if AES with 192 bit keys is needed */
#undef AES_256 /* define if AES with 256 bit keys is needed */
#undef AES_VAR /* define if a variable key size is needed */
/* The following must also be set in assembler files if being used */
#define AES_ENCRYPT /* if support for encryption is needed */
#define AES_DECRYPT /* if support for decryption is needed */
#define AES_ERR_CHK /* for parameter checks & error return codes */
#if UCHAR_MAX == 0xff /* an unsigned 8 bit type */
typedef unsigned char aes_08t;
#else
#error Please define aes_08t as an 8-bit unsigned integer type in aes.h
#endif
#if UINT_MAX == 0xffffffff /* an unsigned 32 bit type */
typedef unsigned int aes_32t;
#elif ULONG_MAX == 0xffffffff
typedef unsigned long aes_32t;
#else
#error Please define aes_32t as a 32-bit unsigned integer type in aes.h
#endif
#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */
#define N_COLS 4 /* the number of columns in the state */
/* a maximum of 60 32-bit words are needed for the key schedule but */
/* 64 are claimed to allow space at the top for a CBC xor buffer. */
/* If this is not needed, this value can be reduced to 60. A value */
/* of 64 may also help in maintaining alignment in some situations */
#define KS_LENGTH 64
#ifdef AES_ERR_CHK
#define aes_ret int
#define aes_good 0
#define aes_error -1
#else
#define aes_ret void
#endif
#ifndef AES_DLL /* implement normal/DLL functions */
#define aes_rval aes_ret
#else
#define aes_rval aes_ret __declspec(dllexport) _stdcall
#endif
/* This routine must be called before first use if non-static */
/* tables are being used */
void gen_tabs(void);
/* The key length (klen) is input in bytes when it is in the range */
/* 16 <= klen <= 32 or in bits when in the range 128 <= klen <= 256 */
#ifdef AES_ENCRYPT
typedef struct
{ aes_32t ks[KS_LENGTH];
} aes_encrypt_ctx;
#if defined(AES_128) || defined(AES_VAR)
aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1]);
#endif
#if defined(AES_192) || defined(AES_VAR)
aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1]);
#endif
#if defined(AES_256) || defined(AES_VAR)
aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1]);
#endif
#if defined(AES_VAR)
aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1]);
#endif
aes_rval aes_encrypt(const void *in_blk, void *out_blk, const aes_encrypt_ctx cx[1]);
#endif
#ifdef AES_DECRYPT
typedef struct
{ aes_32t ks[KS_LENGTH];
} aes_decrypt_ctx;
#if defined(AES_128) || defined(AES_VAR)
aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_192) || defined(AES_VAR)
aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_256) || defined(AES_VAR)
aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_VAR)
aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1]);
#endif
aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx[1]);
#endif
#if defined(__cplusplus)
}
#endif
#endif

54
include/asterisk/crypto.h
View File

@ -28,6 +28,16 @@ extern "C" {
#endif
#include "asterisk/optional_api.h"
#include "asterisk/logger.h"
#ifdef HAVE_CRYPTO
#include "openssl/aes.h"
typedef AES_KEY ast_aes_encrypt_key;
typedef AES_KEY ast_aes_decrypt_key;
#else /* !HAVE_CRYPTO */
typedef char ast_aes_encrypt_key;
typedef char ast_aes_decrypt_key;
#endif /* HAVE_CRYPTO */
#define AST_KEY_PUBLIC (1 << 0)
#define AST_KEY_PRIVATE (1 << 1)
@ -122,6 +132,50 @@ AST_OPTIONAL_API(int, ast_encrypt_bin, (unsigned char *dst, const unsigned char
*/
AST_OPTIONAL_API(int, ast_decrypt_bin, (unsigned char *dst, const unsigned char *src, int srclen, struct ast_key *key), { return -1; });
/*!
* \brief Set an encryption key
* \param key a 16 char key
* \param ctx address of an aes encryption context
*
* \retval 0 success
* \retval nonzero failure
*/
AST_OPTIONAL_API(int, ast_aes_set_encrypt_key,
(const unsigned char *key, ast_aes_encrypt_key *ctx),
{ ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n"); return -1; });
/*!
* \brief Set a decryption key
* \param key a 16 char key
* \param ctx address of an aes encryption context
*
* \retval 0 success
* \retval nonzero failure
*/
AST_OPTIONAL_API(int, ast_aes_set_decrypt_key,
(const unsigned char *key, ast_aes_decrypt_key *ctx),
{ ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n"); return -1; });
/*!
* \brief AES encrypt data
* \param in data to be encrypted
* \param out pointer to a buffer to hold the encrypted output
* \param ctx address of an aes encryption context filled in with ast_aes_set_encrypt_key
*/
AST_OPTIONAL_API(void, ast_aes_encrypt,
(const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *ctx),
{ ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n");return; });
/*!
* \brief AES decrypt data
* \param in encrypted data
* \param out pointer to a buffer to hold the decrypted output
* \param ctx address of an aes encryption context filled in with ast_aes_set_decrypt_key
*/
AST_OPTIONAL_API(void, ast_aes_decrypt,
(const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *ctx),
{ ast_log(LOG_WARNING, "AES encryption disabled. Install OpenSSL.\n");return; });
AST_OPTIONAL_API(int, ast_crypto_loaded, (void), { return 0; });
#if defined(__cplusplus) || defined(c_plusplus)

321
main/aescrypt.c
View File

@ -1,321 +0,0 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 26/08/2003
*/
/*! \file
*
* \brief This file contains the code for implementing encryption and decryption
* for AES (Rijndael) for block and key sizes of 16, 24 and 32 bytes. It
* can optionally be replaced by code written in assembler using NASM. For
* further details see the file aesopt.h
*
* \author Dr Brian Gladman <brg@gladman.me.uk>
*/
#if defined(__cplusplus)
extern "C"
{
#endif
#ifndef HAVE_CRYPTO
#include "aesopt.h"
#define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c])
#define so(y,x,c) word_out(y, c, s(x,c))
#if defined(ARRAYS)
#define locals(y,x) x[4],y[4]
#else
#define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3
#endif
#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
s(y,2) = s(x,2); s(y,3) = s(x,3);
#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3)
#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3)
#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3)
#if defined(ENCRYPTION) && !defined(AES_ASM)
/* Visual C++ .Net v7.1 provides the fastest encryption code when using
Pentium optimiation with small code but this is poor for decryption
so we need to control this with the following VC++ pragmas
*/
#if defined(_MSC_VER)
#pragma optimize( "s", on )
#endif
/* Given the column (c) of the output state variable, the following
macros give the input state variables which are needed in its
computation for each row (r) of the state. All the alternative
macros give the same end values but expand into different ways
of calculating these values. In particular the complex macro
used for dynamically variable block sizes is designed to expand
to a compile time constant whenever possible but will expand to
conditional clauses on some branches (I am grateful to Frank
Yellin for this construction)
*/
#define fwd_var(x,r,c)\
( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
: r == 1 ? ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))\
: r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
: ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2)))
#if defined(FT4_SET)
#undef dec_fmvars
#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,n),fwd_var,rf1,c))
#elif defined(FT1_SET)
#undef dec_fmvars
#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(f,n),fwd_var,rf1,c))
#else
#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ fwd_mcol(no_table(x,t_use(s,box),fwd_var,rf1,c)))
#endif
#if defined(FL4_SET)
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,l),fwd_var,rf1,c))
#elif defined(FL1_SET)
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(f,l),fwd_var,rf1,c))
#else
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(s,box),fwd_var,rf1,c))
#endif
aes_rval aes_encrypt(const void *in_blk, void *out_blk, const aes_encrypt_ctx cx[1])
{ aes_32t locals(b0, b1);
const aes_32t *kp = cx->ks;
#ifdef dec_fmvars
dec_fmvars; /* declare variables for fwd_mcol() if needed */
#endif
aes_32t nr = (kp[45] ^ kp[52] ^ kp[53] ? kp[52] : 14);
#ifdef AES_ERR_CHK
if( (nr != 10 || !(kp[0] | kp[3] | kp[4]))
&& (nr != 12 || !(kp[0] | kp[5] | kp[6]))
&& (nr != 14 || !(kp[0] | kp[7] | kp[8])) )
return aes_error;
#endif
state_in(b0, in_blk, kp);
#if (ENC_UNROLL == FULL)
switch(nr)
{
case 14:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
kp += 2 * N_COLS;
case 12:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
kp += 2 * N_COLS;
case 10:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
round(fwd_rnd, b1, b0, kp + 3 * N_COLS);
round(fwd_rnd, b0, b1, kp + 4 * N_COLS);
round(fwd_rnd, b1, b0, kp + 5 * N_COLS);
round(fwd_rnd, b0, b1, kp + 6 * N_COLS);
round(fwd_rnd, b1, b0, kp + 7 * N_COLS);
round(fwd_rnd, b0, b1, kp + 8 * N_COLS);
round(fwd_rnd, b1, b0, kp + 9 * N_COLS);
round(fwd_lrnd, b0, b1, kp +10 * N_COLS);
}
#else
#if (ENC_UNROLL == PARTIAL)
{ aes_32t rnd;
for(rnd = 0; rnd < (nr >> 1) - 1; ++rnd)
{
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
kp += N_COLS;
round(fwd_rnd, b0, b1, kp);
}
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
#else
{ aes_32t rnd;
for(rnd = 0; rnd < nr - 1; ++rnd)
{
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
l_copy(b0, b1);
}
#endif
kp += N_COLS;
round(fwd_lrnd, b0, b1, kp);
}
#endif
state_out(out_blk, b0);
#ifdef AES_ERR_CHK
return aes_good;
#endif
}
#endif
#if defined(DECRYPTION) && !defined(AES_ASM)
/* Visual C++ .Net v7.1 provides the fastest encryption code when using
Pentium optimiation with small code but this is poor for decryption
so we need to control this with the following VC++ pragmas
*/
#if defined(_MSC_VER)
#pragma optimize( "t", on )
#endif
/* Given the column (c) of the output state variable, the following
macros give the input state variables which are needed in its
computation for each row (r) of the state. All the alternative
macros give the same end values but expand into different ways
of calculating these values. In particular the complex macro
used for dynamically variable block sizes is designed to expand
to a compile time constant whenever possible but will expand to
conditional clauses on some branches (I am grateful to Frank
Yellin for this construction)
*/
#define inv_var(x,r,c)\
( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
: r == 1 ? ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2))\
: r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
: ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0)))
#if defined(IT4_SET)
#undef dec_imvars
#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,n),inv_var,rf1,c))
#elif defined(IT1_SET)
#undef dec_imvars
#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(i,n),inv_var,rf1,c))
#else
#define inv_rnd(y,x,k,c) (s(y,c) = inv_mcol((k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c)))
#endif
#if defined(IL4_SET)
#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,l),inv_var,rf1,c))
#elif defined(IL1_SET)
#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(i,l),inv_var,rf1,c))
#else
#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c))
#endif
aes_rval aes_decrypt(const void *in_blk, void *out_blk, const aes_decrypt_ctx cx[1])
{ aes_32t locals(b0, b1);
#ifdef dec_imvars
dec_imvars; /* declare variables for inv_mcol() if needed */
#endif
aes_32t nr = (cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] ? cx->ks[52] : 14);
const aes_32t *kp = cx->ks + nr * N_COLS;
#ifdef AES_ERR_CHK
if( (nr != 10 || !(cx->ks[0] | cx->ks[3] | cx->ks[4]))
&& (nr != 12 || !(cx->ks[0] | cx->ks[5] | cx->ks[6]))
&& (nr != 14 || !(cx->ks[0] | cx->ks[7] | cx->ks[8])) )
return aes_error;
#endif
state_in(b0, in_blk, kp);
#if (DEC_UNROLL == FULL)
switch(nr)
{
case 14:
round(inv_rnd, b1, b0, kp - 1 * N_COLS);
round(inv_rnd, b0, b1, kp - 2 * N_COLS);
kp -= 2 * N_COLS;
case 12:
round(inv_rnd, b1, b0, kp - 1 * N_COLS);
round(inv_rnd, b0, b1, kp - 2 * N_COLS);
kp -= 2 * N_COLS;
case 10:
round(inv_rnd, b1, b0, kp - 1 * N_COLS);
round(inv_rnd, b0, b1, kp - 2 * N_COLS);
round(inv_rnd, b1, b0, kp - 3 * N_COLS);
round(inv_rnd, b0, b1, kp - 4 * N_COLS);
round(inv_rnd, b1, b0, kp - 5 * N_COLS);
round(inv_rnd, b0, b1, kp - 6 * N_COLS);
round(inv_rnd, b1, b0, kp - 7 * N_COLS);
round(inv_rnd, b0, b1, kp - 8 * N_COLS);
round(inv_rnd, b1, b0, kp - 9 * N_COLS);
round(inv_lrnd, b0, b1, kp - 10 * N_COLS);
}
#else
#if (DEC_UNROLL == PARTIAL)
{ aes_32t rnd;
for(rnd = 0; rnd < (nr >> 1) - 1; ++rnd)
{
kp -= N_COLS;
round(inv_rnd, b1, b0, kp);
kp -= N_COLS;
round(inv_rnd, b0, b1, kp);
}
kp -= N_COLS;
round(inv_rnd, b1, b0, kp);
#else
{ aes_32t rnd;
for(rnd = 0; rnd < nr - 1; ++rnd)
{
kp -= N_COLS;
round(inv_rnd, b1, b0, kp);
l_copy(b0, b1);
}
#endif
kp -= N_COLS;
round(inv_lrnd, b0, b1, kp);
}
#endif
state_out(out_blk, b0);
#ifdef AES_ERR_CHK
return aes_good;
#endif
}
#endif
#endif /* !HAVE_CRYPTO */
#if defined(__cplusplus)
}
#endif

473
main/aeskey.c
View File

@ -1,473 +0,0 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 26/08/2003
*/
/*! \file
*
* \brief This file contains the code for implementing the key schedule for AES
* (Rijndael) for block and key sizes of 16, 24, and 32 bytes. See aesopt.h
* for further details including optimisation.
*
* \author Dr Brian Gladman <brg@gladman.me.uk>
*/
#if defined(__cplusplus)
extern "C"
{
#endif
#ifndef HAVE_CRYPTO
#include "aesopt.h"
/* Initialise the key schedule from the user supplied key. The key
length can be specified in bytes, with legal values of 16, 24
and 32, or in bits, with legal values of 128, 192 and 256. These
values correspond with Nk values of 4, 6 and 8 respectively.
The following macros implement a single cycle in the key
schedule generation process. The number of cycles needed
for each cx->n_col and nk value is:
nk = 4 5 6 7 8
------------------------------
cx->n_col = 4 10 9 8 7 7
cx->n_col = 5 14 11 10 9 9
cx->n_col = 6 19 15 12 11 11
cx->n_col = 7 21 19 16 13 14
cx->n_col = 8 29 23 19 17 14
*/
#define ke4(k,i) \
{ k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \
k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \
}
#define kel4(k,i) \
{ k[4*(i)+4] = ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+5] = ss[1] ^= ss[0]; \
k[4*(i)+6] = ss[2] ^= ss[1]; k[4*(i)+7] = ss[3] ^= ss[2]; \
}
#define ke6(k,i) \
{ k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \
k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \
k[6*(i)+10] = ss[4] ^= ss[3]; k[6*(i)+11] = ss[5] ^= ss[4]; \
}
#define kel6(k,i) \
{ k[6*(i)+ 6] = ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 7] = ss[1] ^= ss[0]; \
k[6*(i)+ 8] = ss[2] ^= ss[1]; k[6*(i)+ 9] = ss[3] ^= ss[2]; \
}
#define ke8(k,i) \
{ k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \
k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \
k[8*(i)+12] = ss[4] ^= ls_box(ss[3],0); k[8*(i)+13] = ss[5] ^= ss[4]; \
k[8*(i)+14] = ss[6] ^= ss[5]; k[8*(i)+15] = ss[7] ^= ss[6]; \
}
#define kel8(k,i) \
{ k[8*(i)+ 8] = ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 9] = ss[1] ^= ss[0]; \
k[8*(i)+10] = ss[2] ^= ss[1]; k[8*(i)+11] = ss[3] ^= ss[2]; \
}
#if defined(ENCRYPTION_KEY_SCHEDULE)
#if defined(AES_128) || defined(AES_VAR)
aes_rval aes_encrypt_key128(const void *in_key, aes_encrypt_ctx cx[1])
{ aes_32t ss[4];
cx->ks[0] = ss[0] = word_in(in_key, 0);
cx->ks[1] = ss[1] = word_in(in_key, 1);
cx->ks[2] = ss[2] = word_in(in_key, 2);
cx->ks[3] = ss[3] = word_in(in_key, 3);
#if ENC_UNROLL == NONE
{ aes_32t i;
for(i = 0; i < ((11 * N_COLS - 1) / 4); ++i)
ke4(cx->ks, i);
}
#else
ke4(cx->ks, 0); ke4(cx->ks, 1);
ke4(cx->ks, 2); ke4(cx->ks, 3);
ke4(cx->ks, 4); ke4(cx->ks, 5);
ke4(cx->ks, 6); ke4(cx->ks, 7);
ke4(cx->ks, 8); kel4(cx->ks, 9);
#endif
/* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */
/* key and must be non-zero for 128 and 192 bits keys */
cx->ks[53] = cx->ks[45] = 0;
cx->ks[52] = 10;
#ifdef AES_ERR_CHK
return aes_good;
#endif
}
#endif
#if defined(AES_192) || defined(AES_VAR)
aes_rval aes_encrypt_key192(const void *in_key, aes_encrypt_ctx cx[1])
{ aes_32t ss[6];
cx->ks[0] = ss[0] = word_in(in_key, 0);
cx->ks[1] = ss[1] = word_in(in_key, 1);
cx->ks[2] = ss[2] = word_in(in_key, 2);
cx->ks[3] = ss[3] = word_in(in_key, 3);
cx->ks[4] = ss[4] = word_in(in_key, 4);
cx->ks[5] = ss[5] = word_in(in_key, 5);
#if ENC_UNROLL == NONE
{ aes_32t i;
for(i = 0; i < (13 * N_COLS - 1) / 6; ++i)
ke6(cx->ks, i);
}
#else
ke6(cx->ks, 0); ke6(cx->ks, 1);
ke6(cx->ks, 2); ke6(cx->ks, 3);
ke6(cx->ks, 4); ke6(cx->ks, 5);
ke6(cx->ks, 6); kel6(cx->ks, 7);
#endif
/* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */
/* key and must be non-zero for 128 and 192 bits keys */
cx->ks[53] = cx->ks[45];
cx->ks[52] = 12;
#ifdef AES_ERR_CHK
return aes_good;
#endif
}
#endif
#if defined(AES_256) || defined(AES_VAR)
aes_rval aes_encrypt_key256(const void *in_key, aes_encrypt_ctx cx[1])
{ aes_32t ss[8];
cx->ks[0] = ss[0] = word_in(in_key, 0);
cx->ks[1] = ss[1] = word_in(in_key, 1);
cx->ks[2] = ss[2] = word_in(in_key, 2);
cx->ks[3] = ss[3] = word_in(in_key, 3);
cx->ks[4] = ss[4] = word_in(in_key, 4);
cx->ks[5] = ss[5] = word_in(in_key, 5);
cx->ks[6] = ss[6] = word_in(in_key, 6);
cx->ks[7] = ss[7] = word_in(in_key, 7);
#if ENC_UNROLL == NONE
{ aes_32t i;
for(i = 0; i < (15 * N_COLS - 1) / 8; ++i)
ke8(cx->ks, i);
}
#else
ke8(cx->ks, 0); ke8(cx->ks, 1);
ke8(cx->ks, 2); ke8(cx->ks, 3);
ke8(cx->ks, 4); ke8(cx->ks, 5);
kel8(cx->ks, 6);
#endif
#ifdef AES_ERR_CHK
return aes_good;
#endif
}
#endif
#if defined(AES_VAR)
aes_rval aes_encrypt_key(const void *in_key, int key_len, aes_encrypt_ctx cx[1])
{
switch(key_len)
{
#ifdef AES_ERR_CHK
case 16: case 128: return aes_encrypt_key128(in_key, cx);
case 24: case 192: return aes_encrypt_key192(in_key, cx);
case 32: case 256: return aes_encrypt_key256(in_key, cx);
default: return aes_error;
#else
case 16: case 128: aes_encrypt_key128(in_key, cx); return;
case 24: case 192: aes_encrypt_key192(in_key, cx); return;
case 32: case 256: aes_encrypt_key256(in_key, cx); return;
#endif
}
}
#endif
#endif
#if defined(DECRYPTION_KEY_SCHEDULE)
#if DEC_ROUND == NO_TABLES
#define ff(x) (x)
#else
#define ff(x) inv_mcol(x)
#ifdef dec_imvars
#define d_vars dec_imvars
#endif
#endif
#if 1
#define kdf4(k,i) \
{ ss[0] = ss[0] ^ ss[2] ^ ss[1] ^ ss[3]; ss[1] = ss[1] ^ ss[3]; ss[2] = ss[2] ^ ss[3]; ss[3] = ss[3]; \
ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
ss[4] ^= k[4*(i)]; k[4*(i)+4] = ff(ss[4]); ss[4] ^= k[4*(i)+1]; k[4*(i)+5] = ff(ss[4]); \
ss[4] ^= k[4*(i)+2]; k[4*(i)+6] = ff(ss[4]); ss[4] ^= k[4*(i)+3]; k[4*(i)+7] = ff(ss[4]); \
}
#define kd4(k,i) \
{ ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; ss[4] = ff(ss[4]); \
k[4*(i)+4] = ss[4] ^= k[4*(i)]; k[4*(i)+5] = ss[4] ^= k[4*(i)+1]; \
k[4*(i)+6] = ss[4] ^= k[4*(i)+2]; k[4*(i)+7] = ss[4] ^= k[4*(i)+3]; \
}
#define kdl4(k,i) \
{ ss[4] = ls_box(ss[(i+3) % 4], 3) ^ t_use(r,c)[i]; ss[i % 4] ^= ss[4]; \
k[4*(i)+4] = (ss[0] ^= ss[1]) ^ ss[2] ^ ss[3]; k[4*(i)+5] = ss[1] ^ ss[3]; \
k[4*(i)+6] = ss[0]; k[4*(i)+7] = ss[1]; \
}
#else
#define kdf4(k,i) \
{ ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ff(ss[0]); ss[1] ^= ss[0]; k[4*(i)+ 5] = ff(ss[1]); \
ss[2] ^= ss[1]; k[4*(i)+ 6] = ff(ss[2]); ss[3] ^= ss[2]; k[4*(i)+ 7] = ff(ss[3]); \
}
#define kd4(k,i) \
{ ss[4] = ls_box(ss[3],3) ^ t_use(r,c)[i]; \
ss[0] ^= ss[4]; ss[4] = ff(ss[4]); k[4*(i)+ 4] = ss[4] ^= k[4*(i)]; \
ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[4] ^= k[4*(i)+ 1]; \
ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[4] ^= k[4*(i)+ 2]; \
ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[4] ^= k[4*(i)+ 3]; \
}
#define kdl4(k,i) \
{ ss[0] ^= ls_box(ss[3],3) ^ t_use(r,c)[i]; k[4*(i)+ 4] = ss[0]; ss[1] ^= ss[0]; k[4*(i)+ 5] = ss[1]; \
ss[2] ^= ss[1]; k[4*(i)+ 6] = ss[2]; ss[3] ^= ss[2]; k[4*(i)+ 7] = ss[3]; \
}
#endif
#define kdf6(k,i) \
{ ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ff(ss[0]); ss[1] ^= ss[0]; k[6*(i)+ 7] = ff(ss[1]); \
ss[2] ^= ss[1]; k[6*(i)+ 8] = ff(ss[2]); ss[3] ^= ss[2]; k[6*(i)+ 9] = ff(ss[3]); \
ss[4] ^= ss[3]; k[6*(i)+10] = ff(ss[4]); ss[5] ^= ss[4]; k[6*(i)+11] = ff(ss[5]); \
}
#define kd6(k,i) \
{ ss[6] = ls_box(ss[5],3) ^ t_use(r,c)[i]; \
ss[0] ^= ss[6]; ss[6] = ff(ss[6]); k[6*(i)+ 6] = ss[6] ^= k[6*(i)]; \
ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[6] ^= k[6*(i)+ 1]; \
ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[6] ^= k[6*(i)+ 2]; \
ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[6] ^= k[6*(i)+ 3]; \
ss[4] ^= ss[3]; k[6*(i)+10] = ss[6] ^= k[6*(i)+ 4]; \
ss[5] ^= ss[4]; k[6*(i)+11] = ss[6] ^= k[6*(i)+ 5]; \
}
#define kdl6(k,i) \
{ ss[0] ^= ls_box(ss[5],3) ^ t_use(r,c)[i]; k[6*(i)+ 6] = ss[0]; ss[1] ^= ss[0]; k[6*(i)+ 7] = ss[1]; \
ss[2] ^= ss[1]; k[6*(i)+ 8] = ss[2]; ss[3] ^= ss[2]; k[6*(i)+ 9] = ss[3]; \
}
#define kdf8(k,i) \
{ ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ff(ss[0]); ss[1] ^= ss[0]; k[8*(i)+ 9] = ff(ss[1]); \
ss[2] ^= ss[1]; k[8*(i)+10] = ff(ss[2]); ss[3] ^= ss[2]; k[8*(i)+11] = ff(ss[3]); \
ss[4] ^= ls_box(ss[3],0); k[8*(i)+12] = ff(ss[4]); ss[5] ^= ss[4]; k[8*(i)+13] = ff(ss[5]); \
ss[6] ^= ss[5]; k[8*(i)+14] = ff(ss[6]); ss[7] ^= ss[6]; k[8*(i)+15] = ff(ss[7]); \
}
#define kd8(k,i) \
{ aes_32t g = ls_box(ss[7],3) ^ t_use(r,c)[i]; \
ss[0] ^= g; g = ff(g); k[8*(i)+ 8] = g ^= k[8*(i)]; \
ss[1] ^= ss[0]; k[8*(i)+ 9] = g ^= k[8*(i)+ 1]; \
ss[2] ^= ss[1]; k[8*(i)+10] = g ^= k[8*(i)+ 2]; \
ss[3] ^= ss[2]; k[8*(i)+11] = g ^= k[8*(i)+ 3]; \
g = ls_box(ss[3],0); \
ss[4] ^= g; g = ff(g); k[8*(i)+12] = g ^= k[8*(i)+ 4]; \
ss[5] ^= ss[4]; k[8*(i)+13] = g ^= k[8*(i)+ 5]; \
ss[6] ^= ss[5]; k[8*(i)+14] = g ^= k[8*(i)+ 6]; \
ss[7] ^= ss[6]; k[8*(i)+15] = g ^= k[8*(i)+ 7]; \
}
#define kdl8(k,i) \
{ ss[0] ^= ls_box(ss[7],3) ^ t_use(r,c)[i]; k[8*(i)+ 8] = ss[0]; ss[1] ^= ss[0]; k[8*(i)+ 9] = ss[1]; \
ss[2] ^= ss[1]; k[8*(i)+10] = ss[2]; ss[3] ^= ss[2]; k[8*(i)+11] = ss[3]; \
}
#if defined(AES_128) || defined(AES_VAR)
aes_rval aes_decrypt_key128(const void *in_key, aes_decrypt_ctx cx[1])
{ aes_32t ss[5];
#ifdef d_vars
d_vars;
#endif
cx->ks[0] = ss[0] = word_in(in_key, 0);
cx->ks[1] = ss[1] = word_in(in_key, 1);
cx->ks[2] = ss[2] = word_in(in_key, 2);
cx->ks[3] = ss[3] = word_in(in_key, 3);
#if DEC_UNROLL == NONE
{ aes_32t i;
for(i = 0; i < (11 * N_COLS - 1) / 4; ++i)
ke4(cx->ks, i);
#if !(DEC_ROUND == NO_TABLES)
for(i = N_COLS; i < 10 * N_COLS; ++i)
cx->ks[i] = inv_mcol(cx->ks[i]);
#endif
}
#else
kdf4(cx->ks, 0); kd4(cx->ks, 1);
kd4(cx->ks, 2); kd4(cx->ks, 3);
kd4(cx->ks, 4); kd4(cx->ks, 5);
kd4(cx->ks, 6); kd4(cx->ks, 7);
kd4(cx->ks, 8); kdl4(cx->ks, 9);
#endif
/* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */
/* key and must be non-zero for 128 and 192 bits keys */
cx->ks[53] = cx->ks[45] = 0;
cx->ks[52] = 10;
#ifdef AES_ERR_CHK
return aes_good;
#endif
}
#endif
#if defined(AES_192) || defined(AES_VAR)
aes_rval aes_decrypt_key192(const void *in_key, aes_decrypt_ctx cx[1])
{ aes_32t ss[7];
#ifdef d_vars
d_vars;
#endif
cx->ks[0] = ss[0] = word_in(in_key, 0);
cx->ks[1] = ss[1] = word_in(in_key, 1);
cx->ks[2] = ss[2] = word_in(in_key, 2);
cx->ks[3] = ss[3] = word_in(in_key, 3);
#if DEC_UNROLL == NONE
cx->ks[4] = ss[4] = word_in(in_key, 4);
cx->ks[5] = ss[5] = word_in(in_key, 5);
{ aes_32t i;
for(i = 0; i < (13 * N_COLS - 1) / 6; ++i)
ke6(cx->ks, i);
#if !(DEC_ROUND == NO_TABLES)
for(i = N_COLS; i < 12 * N_COLS; ++i)
cx->ks[i] = inv_mcol(cx->ks[i]);
#endif
}
#else
cx->ks[4] = ff(ss[4] = word_in(in_key, 4));
cx->ks[5] = ff(ss[5] = word_in(in_key, 5));
kdf6(cx->ks, 0); kd6(cx->ks, 1);
kd6(cx->ks, 2); kd6(cx->ks, 3);
kd6(cx->ks, 4); kd6(cx->ks, 5);
kd6(cx->ks, 6); kdl6(cx->ks, 7);
#endif
/* cx->ks[45] ^ cx->ks[52] ^ cx->ks[53] is zero for a 256 bit */
/* key and must be non-zero for 128 and 192 bits keys */
cx->ks[53] = cx->ks[45];
cx->ks[52] = 12;
#ifdef AES_ERR_CHK
return aes_good;
#endif
}
#endif
#if defined(AES_256) || defined(AES_VAR)
aes_rval aes_decrypt_key256(const void *in_key, aes_decrypt_ctx cx[1])
{ aes_32t ss[8];
#ifdef d_vars
d_vars;
#endif
cx->ks[0] = ss[0] = word_in(in_key, 0);
cx->ks[1] = ss[1] = word_in(in_key, 1);
cx->ks[2] = ss[2] = word_in(in_key, 2);
cx->ks[3] = ss[3] = word_in(in_key, 3);
#if DEC_UNROLL == NONE
cx->ks[4] = ss[4] = word_in(in_key, 4);
cx->ks[5] = ss[5] = word_in(in_key, 5);
cx->ks[6] = ss[6] = word_in(in_key, 6);
cx->ks[7] = ss[7] = word_in(in_key, 7);
{ aes_32t i;
for(i = 0; i < (15 * N_COLS - 1) / 8; ++i)
ke8(cx->ks, i);
#if !(DEC_ROUND == NO_TABLES)
for(i = N_COLS; i < 14 * N_COLS; ++i)
cx->ks[i] = inv_mcol(cx->ks[i]);
#endif
}
#else
cx->ks[4] = ff(ss[4] = word_in(in_key, 4));
cx->ks[5] = ff(ss[5] = word_in(in_key, 5));
cx->ks[6] = ff(ss[6] = word_in(in_key, 6));
cx->ks[7] = ff(ss[7] = word_in(in_key, 7));
kdf8(cx->ks, 0); kd8(cx->ks, 1);
kd8(cx->ks, 2); kd8(cx->ks, 3);
kd8(cx->ks, 4); kd8(cx->ks, 5);
kdl8(cx->ks, 6);
#endif
#ifdef AES_ERR_CHK
return aes_good;
#endif
}
#endif
#if defined(AES_VAR)
aes_rval aes_decrypt_key(const void *in_key, int key_len, aes_decrypt_ctx cx[1])
{
switch(key_len)
{
#ifdef AES_ERR_CHK
case 16: case 128: return aes_decrypt_key128(in_key, cx);
case 24: case 192: return aes_decrypt_key192(in_key, cx);
case 32: case 256: return aes_decrypt_key256(in_key, cx);
default: return aes_error;
#else
case 16: case 128: aes_decrypt_key128(in_key, cx); return;
case 24: case 192: aes_decrypt_key192(in_key, cx); return;
case 32: case 256: aes_decrypt_key256(in_key, cx); return;
#endif
}
}
#endif
#endif
#endif /* !HAVE_CRYPTO */
#if defined(__cplusplus)
}
#endif

1029
main/aesopt.h
View File

File diff suppressed because it is too large Load Diff

236
main/aestab.c
View File

@ -1,236 +0,0 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2003, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 26/08/2003
*/
#if defined(__cplusplus)
extern "C"
{
#endif
#ifndef HAVE_CRYPTO
#define DO_TABLES
#include "aesopt.h"
#if defined(FIXED_TABLES)
/* implemented in case of wrong call for fixed tables */
void gen_tabs(void)
{
}
#else /* dynamic table generation */
#if !defined(FF_TABLES)
/* Generate the tables for the dynamic table option
It will generally be sensible to use tables to compute finite
field multiplies and inverses but where memory is scarse this
code might sometimes be better. But it only has effect during
initialisation so its pretty unimportant in overall terms.
*/
/* return 2 ^ (n - 1) where n is the bit number of the highest bit
set in x with x in the range 1 < x < 0x00000200. This form is
used so that locals within fi can be bytes rather than words
*/
static aes_08t hibit(const aes_32t x)
{ aes_08t r = (aes_08t)((x >> 1) | (x >> 2));
r |= (r >> 2);
r |= (r >> 4);
return (r + 1) >> 1;
}
/* return the inverse of the finite field element x */
static aes_08t fi(const aes_08t x)
{ aes_08t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
if(x < 2) return x;
for(;;)
{
if(!n1) return v1;
while(n2 >= n1)
{
n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2);
}
if(!n2) return v2;
while(n1 >= n2)
{
n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1);
}
}
}
#endif
/* The forward and inverse affine transformations used in the S-box */
#define fwd_affine(x) \
(w = (aes_32t)x, w ^= (w<<1)^(w<<2)^(w<<3)^(w<<4), 0x63^(aes_08t)(w^(w>>8)))
#define inv_affine(x) \
(w = (aes_32t)x, w = (w<<1)^(w<<3)^(w<<6), 0x05^(aes_08t)(w^(w>>8)))
static int init = 0;
void gen_tabs(void)
{ aes_32t i, w;
#if defined(FF_TABLES)
aes_08t pow[512], log[256];
if(init) return;
/* log and power tables for GF(2^8) finite field with
WPOLY as modular polynomial - the simplest primitive
root is 0x03, used here to generate the tables
*/
i = 0; w = 1;
do
{
pow[i] = (aes_08t)w;
pow[i + 255] = (aes_08t)w;
log[w] = (aes_08t)i++;
w ^= (w << 1) ^ (w & 0x80 ? WPOLY : 0);
}
while (w != 1);
#else
if(init) return;
#endif
for(i = 0, w = 1; i < RC_LENGTH; ++i)
{
t_set(r,c)[i] = bytes2word(w, 0, 0, 0);
w = f2(w);
}
for(i = 0; i < 256; ++i)
{ aes_08t b;
b = fwd_affine(fi((aes_08t)i));
w = bytes2word(f2(b), b, b, f3(b));
#ifdef SBX_SET
t_set(s,box)[i] = b;
#endif
#ifdef FT1_SET /* tables for a normal encryption round */
t_set(f,n)[i] = w;
#endif
#ifdef FT4_SET
t_set(f,n)[0][i] = w;
t_set(f,n)[1][i] = upr(w,1);
t_set(f,n)[2][i] = upr(w,2);
t_set(f,n)[3][i] = upr(w,3);
#endif
w = bytes2word(b, 0, 0, 0);
#ifdef FL1_SET /* tables for last encryption round (may also */
t_set(f,l)[i] = w; /* be used in the key schedule) */
#endif
#ifdef FL4_SET
t_set(f,l)[0][i] = w;
t_set(f,l)[1][i] = upr(w,1);
t_set(f,l)[2][i] = upr(w,2);
t_set(f,l)[3][i] = upr(w,3);
#endif
#ifdef LS1_SET /* table for key schedule if t_set(f,l) above is */
t_set(l,s)[i] = w; /* not of the required form */
#endif
#ifdef LS4_SET
t_set(l,s)[0][i] = w;
t_set(l,s)[1][i] = upr(w,1);
t_set(l,s)[2][i] = upr(w,2);
t_set(l,s)[3][i] = upr(w,3);
#endif
b = fi(inv_affine((aes_08t)i));
w = bytes2word(fe(b), f9(b), fd(b), fb(b));
#ifdef IM1_SET /* tables for the inverse mix column operation */
t_set(i,m)[b] = w;
#endif
#ifdef IM4_SET
t_set(i,m)[0][b] = w;
t_set(i,m)[1][b] = upr(w,1);
t_set(i,m)[2][b] = upr(w,2);
t_set(i,m)[3][b] = upr(w,3);
#endif
#ifdef ISB_SET
t_set(i,box)[i] = b;
#endif
#ifdef IT1_SET /* tables for a normal decryption round */
t_set(i,n)[i] = w;
#endif
#ifdef IT4_SET
t_set(i,n)[0][i] = w;
t_set(i,n)[1][i] = upr(w,1);
t_set(i,n)[2][i] = upr(w,2);
t_set(i,n)[3][i] = upr(w,3);
#endif
w = bytes2word(b, 0, 0, 0);
#ifdef IL1_SET /* tables for last decryption round */
t_set(i,l)[i] = w;
#endif
#ifdef IL4_SET
t_set(i,l)[0][i] = w;
t_set(i,l)[1][i] = upr(w,1);
t_set(i,l)[2][i] = upr(w,2);
t_set(i,l)[3][i] = upr(w,3);
#endif
}
init = 1;
}
#endif
#endif /* !HAVE_CRYPTO */
#if defined(__cplusplus)
}
#endif

2
pbx/dundi-parser.h
View File

@ -13,7 +13,7 @@
#define _DUNDI_PARSER_H
#include "asterisk/dundi.h"
#include "asterisk/aes.h"
#include "asterisk/crypto.h"
#define DUNDI_MAX_STACK 512
#define DUNDI_MAX_ANSWERS 100

9
pbx/pbx_dundi.c
View File

@ -61,7 +61,6 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include "asterisk/crypto.h"
#include "asterisk/astdb.h"
#include "asterisk/acl.h"
#include "asterisk/aes.h"
#include "asterisk/app.h"
#include "dundi-parser.h"
@ -1313,8 +1312,8 @@ static int update_key(struct dundi_peer *peer)
int res;
if (!peer->keyexpire || (peer->keyexpire < time(NULL))) {
build_iv(key);
ast_aes_encrypt_key(key, &peer->us_ecx);
ast_aes_decrypt_key(key, &peer->us_dcx);
ast_aes_set_encrypt_key(key, &peer->us_ecx);
ast_aes_set_decrypt_key(key, &peer->us_dcx);
ekey = ast_key_get(peer->inkey, AST_KEY_PUBLIC);
if (!ekey) {
ast_log(LOG_NOTICE, "No such key '%s' for creating RSA encrypted shared key for '%s'!\n",
@ -1516,8 +1515,8 @@ static int check_key(struct dundi_peer *peer, unsigned char *newkey, unsigned ch
memcpy(peer->rxenckey, newkey, 128);
memcpy(peer->rxenckey + 128, newsig, 128);
peer->them_keycrc32 = crc32(0L, peer->rxenckey, 128);
ast_aes_decrypt_key(dst, &peer->them_dcx);
ast_aes_encrypt_key(dst, &peer->them_ecx);
ast_aes_set_decrypt_key(dst, &peer->them_dcx);
ast_aes_set_encrypt_key(dst, &peer->them_ecx);
return 1;
}

21
res/res_crypto.c
View File

@ -37,6 +37,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include "asterisk/paths.h" /* use ast_config_AST_KEY_DIR */
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/aes.h>
#include <dirent.h>
#include "asterisk/module.h"
@ -453,6 +454,26 @@ int AST_OPTIONAL_API_NAME(ast_crypto_loaded)(void)
return 1;
}
int AST_OPTIONAL_API_NAME(ast_aes_set_encrypt_key)(const unsigned char *key, ast_aes_encrypt_key *ctx)
{
return AES_set_encrypt_key(key, 128, ctx);
}
int AST_OPTIONAL_API_NAME(ast_aes_set_decrypt_key)(const unsigned char *key, ast_aes_decrypt_key *ctx)
{
return AES_set_decrypt_key(key, 128, ctx);
}
void AST_OPTIONAL_API_NAME(ast_aes_encrypt)(const unsigned char *in, unsigned char *out, const ast_aes_encrypt_key *ctx)
{
return AES_encrypt(in, out, ctx);
}
void AST_OPTIONAL_API_NAME(ast_aes_decrypt)(const unsigned char *in, unsigned char *out, const ast_aes_decrypt_key *ctx)
{
return AES_decrypt(in, out, ctx);
}
/*!
* \brief refresh RSA keys from file
* \param ifd file descriptor

4
res/res_crypto.exports.in
View File

@ -8,6 +8,10 @@
LINKER_SYMBOL_PREFIX*ast_key_get;
LINKER_SYMBOL_PREFIX*ast_sign;
LINKER_SYMBOL_PREFIX*ast_sign_bin;
LINKER_SYMBOL_PREFIX*ast_aes_encrypt;
LINKER_SYMBOL_PREFIX*ast_aes_decrypt;
LINKER_SYMBOL_PREFIX*ast_aes_set_encrypt_key;
LINKER_SYMBOL_PREFIX*ast_aes_set_decrypt_key;
local:
*;
};