[asterisk-dev] AES encryption in IAX2

Tim Panton thp at westhawk.co.uk
Fri Dec 12 08:37:03 CST 2008


I've just implemented AES encryption in our SNMP stack.
So what? I hear you say!

I know it is probably too late, but the way they have specified it
might be useful for IAX2.

They have done an interesting optimization which means
that they don't have to pad the frame to a multiple of AES's block  
length
(16 bytes).

Here's what the RFC (http://www.apps.ietf.org/rfc/rfc3826.html) says:

"The plaintext is divided into 128-bit blocks. The last block may have  
fewer than
128 bits, and no padding is required.

The first input block is the IV, and the forward cipher operation is  
applied to
the IV to produce the first output block. The first ciphertext block  
is produced
by exclusive-ORing the first plaintext block with the first output  
block.
The ciphertext block is also used as the input block for the subsequent
forward cipher operation.

The process is repeated with the successive input blocks until a  
ciphertext
segment is produced from every plaintext segment.

The last ciphertext block is produced by exclusive-ORing the last  
plaintext
segment of r bits (r is less than or equal to 128) with the segment of  
the r
most significant bits of the last output block."


------

So this would save an average of 8 bytes per miniframe, but the big  
win is with GSM, where
the 33byte frame expands to 64 bytes  to cover the encryption. This  
way we could get
it back to 33 :-)  which is a worthwhile saving.

Tim.




More information about the asterisk-dev mailing list