SRTP_SRC = libs/srtp/srtp/srtp.c libs/srtp/srtp/ekt.c libs/srtp/crypto/cipher/cipher.c libs/srtp/crypto/cipher/null_cipher.c \
libs/srtp/crypto/cipher/aes.c libs/srtp/crypto/cipher/aes_icm.c \
- libs/srtp/crypto/cipher/aes_cbc.c \
libs/srtp/crypto/hash/null_auth.c libs/srtp/crypto/hash/sha1.c \
libs/srtp/crypto/hash/hmac.c libs/srtp/crypto/hash/auth.c \
libs/srtp/crypto/math/datatypes.c libs/srtp/crypto/math/stat.c \
libs/srtp/crypto/kernel/crypto_kernel.c libs/srtp/crypto/kernel/alloc.c \
- libs/srtp/crypto/kernel/key.c \
- libs/srtp/crypto/rng/prng.c libs/srtp/crypto/rng/ctr_prng.c \
- libs/srtp/crypto/kernel/err.c libs/srtp/crypto/rng/rand_source.c \
+ libs/srtp/crypto/kernel/key.c libs/srtp/crypto/kernel/err.c \
libs/srtp/crypto/replay/rdb.c libs/srtp/crypto/replay/rdbx.c libs/srtp/crypto/replay/ut_sim.c
libs/srtp/libsrtp.la: libs/srtp libs/srtp/.update $(SRTP_SRC)
Changelog
-1.3.20
+2.1.0
- Lots of changes. Thanks to Jeff Chan for catching a memory leak and
- helping track down the endian issues with the SSRCs.
+Compatibility changes
-1.3.8
+ PR #253 - Cipher type cleanup for AES
+ When libSRTP is compiled with OpenSSL and the AES 256 ICM cipher is used
+ with RTCP an incorrect initialization vector is formed.
+ This change will break backwards compatibility with older versions (1.5,
+ 2.0) of libSRTP when using the AES 256 ICM cipher with OpenSSL for RTCP.
- This is an interim release. Several little-endian bugs were identified
- and fixed; this means that we can use intel/linux for development again.
+ PR #259 - Sequence number incorrectly masked for AES GCM IV
+ The initialization vector for AES GCM encryption was incorrectly formed on
+ little endian machines.
+ This change will break backwards compatibility with older versions (1.5,
+ 2.0) of libSRTP when using the AES GCM cipher for RTCP.
- Cleaned up sha1 and hmac code significantly, got rid of some excess
- functions and properly documented the fuctions in the .h files.
+ PR #287 - Fix OOB read in key generation for encrypted headers with GCM ciphers
+ Adds padding of GCM salt to the corresponding ICM length used for header
+ encryption.
+ This change will break backwards compatibility with version 2.0 of libSRTP
+ when using the header encryption extension with the AES GCM cipher.
- Eliminated some vestigial files.
+Major changes
- There is a SIGBUS error in the AES encrypt function on sparc
- (observed on both solaris and openbsd) with gcc 2.95. Was unable to
- find bad pointer anywhere, so I'm wondering if it isn't a compiler
- problem (there's a known problem whose profile it fits). It doesn't
- appear on any other platform, even in the cipher_driver stress
- tests.
+ PR #204 - OpenSSL performance improvements
+ Changed key expansion to occur once per key instead of once per packet.
- Planned changes
+ PR #209 - Restore AES-192 under BoringSSL
+ BoringSSL supports AES-192 and is now enabled in libSRTP.
- Change interface to nonces (xtd_seq_num_t) so that it uses
- network byte ordering, and is consistent with other arguments.
+ PR #224 - Master Key Identifiers (MKI) Support patch
+ Adds MKI support with up to 4 keys.
+ PR #234 - Report SSRC instead of srtp_stream_t in srtp_event_data_t
+ srtp_stream_t is an opaque type making the event framework almost useless.
+ Now the SSRC is returned instead for use as a key in the public API.
-1.3.6
+ PR #238 - Configure changes and improvements
+ CFLAGS check more shell neutral, quotation fixes, always generate and
+ install pkg-config file, improved OpenSSL discovery and linking, remove
+ -fPIC flag on Windows, fix shared library generation under Cygwin, replace
+ hardcoded CFLAGS with compiler checks, and regenerate configure after
+ configure.in changes.
- Changed /dev/random (in configure.in and crypto/rng/rand_source.c) to
- /dev/urandom; the latter is non-blocking on all known platforms (which
- corrects some programs that seem to hang) and is actually present on
- Open BSD (unlike /dev/random, which only works in the presence of
- hardware supported random number generation).
+ PR #241 & PR #261 - Improved logging API to receive log messages from libSRTP
+ Provides a logging API and the ability to enable logging to stdout and a
+ file, as well as a switch to enable all internal debug modules.
- Added machine/types.h case in include/integers.h.
+ PR #289 - Added support for set and get the roll-over-counter
+ Adds an API to set and get the ROC in an (S)RTP session.
-1.3.5
+ PR #304 - Fix (S)RTP and (S)RTCP for big endian machines
+ The structures srtp_hdr_t, srtcp_hdr_t and srtcp_trailer_t were defined
+ incorrectly on big endian systems.
- Removing srtp_t::template and stream_clone().
+Other changes
- Adding a new policy structure, which will reflect a complete SRTP
- policy (including SRTCP).
+ PR #149 - Don't create a symlink if there is no $(SHAREDLIBVERSION)
- This version is *incomplete* and will undergo more changes. It is
- provided only as a basis for discussion.
+ PR #151 - Make srtp_driver compile for MIPS
-1.3.4
+ PR #160 - Use PKG_PROG_PKG_CONFIG to find correct pkg-config
- Removed tmmh.c and tmmh.h, which implemented version one of TMMH.
+ PR #167 - Additional RTCP and SRTCP tests
- Changed srtp_get_trailer_length() to act on streams rather than
- sessions, and documented the macro SRTP_MAX_TRAILER_LEN, which should
- usually be used rather than that function.
+ PR #169 - Identified merge conflict created by commit 6b71fb9
- Removed 'salt' from cipher input.
+ PR #173 - Avoid error 'possibly undefined macro: AM_PROG_AR'
- Changed rdbx to use err.h error codes.
+ PR #174 - Avoid warning 'The macro AC_TRY_LINK is obsolete.'
- Changed malloc() and free() to xalloc() and xfree; these functions
- are defined in crypto/kernel/alloc.c and declared in
- include/alloc.h.
+ PR #175 - Remove 2nd -fPIC
- Added 'output' functions to cipher, in addition to 'encrypt'
- functions. It is no longer necessary to zeroize a buffer before
- encrypting in order to get keystream.
+ PR #182 - Add a length check before reading packet data
- Changed octet_string_hex_string() so that "times two" isn't needed
- in its input.
+ PR #191 - On debug, output correct endianness of SSRC
- Added crypto_kernel_init() prior to command-line parsing, so that
- kernel can be passed command-line arguments, such as "-d
- debug_module". This was done to for the applications
- test/srtp-driver, test/kernel-driver, and test/ust-driver.
+ PR #192 - Replace octet_string_is_eq with a constant-time implementation
- Improved srtp_init_aes_128_prf - wrote key derivation function
- (srtp_kdf_t).
+ PR #195 - Add missing __cplusplus header guards
- Add the tag_len as an argument to the auth_compute() function, but
- not the corresponding macro. This change allows the tag length for
- a given auth func to be set to different values at initialization
- time. Previously, the structure auth_t contained the
- output_length, but that value was inaccessible from hmac_compute()
- and other functions.
+ PR #198 - Update sha1_driver.c to avoid memory leaks
- Re-named files from a-b.c to a_b.c. in order to help portability.
+ PR #202 - Add an explicit cast to avoid a printf format warning on macOS
- Re-named rijndael to aes (or aes_128 as appropriate).
+ PR #205 - Update Windows build files to Visual Studio 2015
+ PR #207 - Fix to install-win.bat syntax, and add installation of x64 libraries
-1.2.1
+ PR #208 - Make replace_cipher and replace_auth public again
- Changes so that 1.2.0 compiles on cygwin-win2k.
+ PR #211 - Changes for OpenSSL 1.1.0 compatibility
- Added better error reporting system. If syslog is present on the
- OS, then it is used.
+ PR #213 - Add cast to `unsigned int` in call to printf in test
+ PR #214 - Avoid empty initializer braces
-1.2.0 Many improvements and additions, and a fex fixes
+ PR #222 - Fix issue: No consistency when use some srtp_* functions
- Fixed endian issues in RTP header construction in the function
- rtp_sendto() in srtp/rtp.c.
+ PR #231 - Advance version on master in preparation for 2.1 release
- Implemented RIJNDAEL decryption operation, adding the functions
- rijndael_decrypt() and rijndael_expand_decryption_key(). Also
- re-named rijndael_expand_key() to rijndael_expand_encryption_key()
- for consistency.
+ PR #232 - Update Travis, do not build with OpenSSL on OSX
- Implemented random number source using /dev/random, in the files
- crypto/rng/rand_source.c and include/rand_source.h.
+ PR #233 - crypto/replay/rdbx.c: Return type of srtp_index_guess from int to
+ int32_t
- Added index check to SEAL cipher (only values less than 2^32 are
- allowed)
+ PR #236 - test/rtp_decoder.c: Removed superfluous conditional
- Added test case for null_auth authentication function.
+ PR #237 - test/rtp_decoder.c: spring cleaning
- Added a timing test which tests the effect of CPU cache thrash on
- cipher throughput. The test is done by the function
- cipher_test_throughput_array(); the function
- cipher_array_alloc_init() creates an array of ciphers for use in
- this test. This test can be accessed by using the -a flag to
- the application cipher-driver in the test subdirectory.
-
- Added argument processing to ust-driver.c, and added that app to
- the 'runtest' target in Makefile.in.
+ PR #239 - octet_string_set_to_zero() delegates to OPENSSL_cleanse() if
+ available, if not it will use srtp_cleanse() to zero memory
- A minor auth_t API change: last argument of auth_init() eliminated.
+ PR #243 - EKT is not really supported yet, remove from install
+ PR #244 - Add simple error checking in timing test to avoid false results
-1.0.6 A small but important fix
+ PR #245 - Add missing srtp_cipher_dealloc calls when test fails
- Fixed srtp_init_aes_128_prf() by adding octet_string_set_to_zero()
- after buffer allocation.
+ PR #246 - test/rtp_decoder: Add missing conditional
- Eliminated references to no-longer-existing variables in debugging
- code in srtp/srtp.c. This fixes the compilation failure that
- occured when using PRINT_DEBUG in that file.
+ PR #248 - New README.md that integrates intro, credits and references from
+ /doc/ and is used to generate documentation
- Corrected spelling of Richard Priestley's name in credits. Sorry
- Richard!
+ PR #249 - Remove support for generic aesicm from configure.in
+ PR #250 - Update README.md, incorrect tag for link
-1.0.5 Many little fixes
+ PR #255 - Cleanup outdated comment related to MKI
- Fixed octet_string_set_to_zero(), which was writing one
- more zero octet than it should. This bug caused srtp_protect()
- and srtp_unprotect() to overwrite the byte that followed the
- srtp packet.
+ PR #258 - Add AES-GCM to DTLS-SRTP Protection Profiles
- Changed sizeof(uint32_t) to srtp_get_trailer_length() in
- srtp-driver.c. This is just defensive coding.
+ PR #263 - Cleaning up and removing duplicated and outdated code
- Added NULL check to malloc in srtp_alloc().
+ PR #265 - Introduction of unit test framework: CUTest
+ PR #267 - crypto/kernel/err.c: Include datatypes.h
-1.0.4 Many minor fixes and two big ones (thanks for the bug reports!)
+ PR #272 - Reduce literal constants
- Removed 'ssrc' from the srtp_init_aes_128_prf() function argument
- list. This is so that applications which do not a priori know the
- ssrc which they will be receiving can still use libsrtp. Now the
- SSRC value is gleaned from the rtp header and exored into the
- counter mode offset in the srtp_protect() and srtp_unprotect()
- functions, if that cipher is used. This change cascaed through
- many other functions, including srtp_init_from_hex(),
- srtp_sender_init() and srtp_receiver_init() in rtp.c, and also
- changing the CLI to test/rtpw. In the future, another function
- call will be added to the library that enables multiple ssrc/key
- pairs to be installed into the same srtp session, so that libsrtp
- works with multiple srtp senders. For now, this functionality is
- lacking.
+ PR #273 - SRTP AEAD SRTCP initialization vector regression tests
- Removed the GDOI interface to the rtpw demo program. This will be
- added again at a later date, after the SRTP and GDOI distributions
- stabilize. For now, I've left in the GDOI #defines and autoconf
- definitions so that they'll be in place when needed.
+ PR #274 - Update Travis build - add ccache
- Updated tmmhv2_compute() so that it didn't assume any particular
- alginment of the output tag.
+ PR #276 - Reference and docs updates
- Changed bit field variables in srtp.h to unsigned char from
- unsigned int in order to avoid a potential endianness issue.
+ PR #278 - Removed crypto/test/auth_driver.c and test/lfsr.c
- Fixed rdbx_estimate_index() to handle all input cases. This solves
- the now notorious "abaft" bug in the rtpw demo app on linux/intel,
- in which spurious replay protection failures happen after that word
- is received.
+ PR #279 - Bump copyright year
- Added ntohs(hdr->seq) to srtp_protect and srtp_unprotect, removed
- from rijndael_icm_set_segment().
+ PR #283 - Add missing docs in srtp.h
- Added error checking and handling to srtp_sender_init() and
- srtp_receiver_init().
+ PR #284 - Add strict-prototypes warning if supported
- Changed srtp_alloc() so that it does what you'd expect: allocate an
- srtp_ctx_t structure. This hides the library internals.
+ PR #291 - Use const char * for srtp_set_debug_module()
+ PR #294 - Fix incorrect result of rdb_increment on overflow
-1.0.1 Many minor fixes
+ PR #300 - Standalone tests
- Added cipher_driver_buffer_test(...) to test/cipher-driver.c. This
- function checks that the byte-buffering functions used by a cipher
- are correct.
+ PR #301 - Configure fixes
- Fixed SunOS/Solaris build problems: added HAVE_SYS_INT_TYPES_H and
- changed index_t to xtd_seq_num_t (see include/rdbx.h).
-
- Fixed SEAL3.0 output byte buffering, added byte-buffering test to
- cipher/cipher-driver.c.
-
- Fixed roc-driver so that the non-sequential insertion test
- automatically recovers from bad estimates. This was required to
- prevent spurious failures.
-
- Made rdbx_estimate_index(...) function smarter, so that initial RTP
- sequence numbers greater than 32,768 don't cause it to estimate the
- rollover counter of 0xffffffff.
-
-
-1.0.0 Initial release
+ PR #302 - Fix warning regarding unused variable
+ PR #303 - Makefile.in: Add gnu as match for shared lib suffix
\ No newline at end of file
/*
*
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
-AUTOMAKE_OPTIONS = gnu
+AUTOMAKE_OPTIONS = gnu subdir-objects
NAME=srtp
AM_CFLAGS = $(new_AM_CFLAGS) -I./src -Icrypto/include -I$(srcdir)/include -I$(srcdir)/crypto/include
AM_LDFLAGS = $(new_AM_LDFLAGS) -L.
HMAC_OBJS = @HMAC_OBJS@
-RNG_EXTRA_OBJS = @RNG_EXTRA_OBJS@
AES_ICM_OBJS = @AES_ICM_OBJS@
-lib_LTLIBRARIES = libsrtp.la libcryptomath.la
+lib_LTLIBRARIES = libsrtp.la
libsrtp_la_SOURCES = srtp/srtp.c srtp/ekt.c crypto/cipher/cipher.c crypto/cipher/null_cipher.c \
crypto/hash/null_auth.c crypto/hash/auth.c \
crypto/math/datatypes.c crypto/math/stat.c \
if ENABLE_OPENSSL
libsrtp_la_SOURCES += crypto/cipher/aes_icm_ossl.c crypto/cipher/aes_gcm_ossl.c
-libsrtp_la_SOURCES += crypto/rng/rand_source_ossl.c
libsrtp_la_SOURCES += crypto/hash/hmac_ossl.c
else
libsrtp_la_SOURCES += crypto/hash/sha1.c crypto/hash/hmac.c
-libsrtp_la_SOURCES += crypto/cipher/aes_icm.c crypto/cipher/aes.c crypto/cipher/aes_cbc.c
-libsrtp_la_SOURCES += crypto/rng/prng.c crypto/rng/ctr_prng.c
-if RNG_OBJS_LINUX
-libsrtp_la_SOURCES += crypto/rng/rand_linux_kernel.c
-EXTRA_DIST += crypto/rng/rand_source.c
-else
-libsrtp_la_SOURCES += crypto/rng/rand_source.c
-endif
+libsrtp_la_SOURCES += crypto/cipher/aes_icm.c crypto/cipher/aes.c
endif
if GDOI
libsrtp_la_SOURCES += gdoi/srtp+gdoi.c
endif
-libcryptomath_la_SOURCES = crypto/math/math.c crypto/math/gf2_8.c
-libcryptomath_la_LDFLAGS = -version-info 1:42:1
-
library_includedir = $(prefix)/include/srtp
-library_include_HEADERS = include/rtp.h include/srtp.h include/ut_sim.h crypto/include/aes_cbc.h crypto/include/auth.h \
- crypto/include/crypto_math.h crypto/include/datatypes.h crypto/include/integers.h crypto/include/null_cipher.h \
+library_include_HEADERS = include/rtp.h include/srtp.h include/ut_sim.h crypto/include/auth.h \
+ crypto/include/datatypes.h crypto/include/integers.h crypto/include/null_cipher.h \
crypto/include/rdbx.h crypto/include/aes_icm.h crypto/include/cipher.h crypto/include/crypto_types.h \
- crypto/include/err.h crypto/include/kernel_compat.h crypto/include/prng.h crypto/include/sha1.h \
- crypto/include/aes.h crypto/include/config.h crypto/include/crypto.h crypto/include/gf2_8.h crypto/include/key.h \
- crypto/include/rand_source.h crypto/include/stat.h crypto/include/alloc.h crypto/include/crypto_kernel.h \
- crypto/include/cryptoalg.h crypto/include/hmac.h crypto/include/null_auth.h crypto/include/rdb.h crypto/include/xfm.h
-
-noinst_PROGRAMS = aes_tables
-aes_tables_SOURCES = tables/aes_tables.c
-aes_tables_LDADD = libcryptomath.la
+ crypto/include/err.h crypto/include/sha1.h \
+ crypto/include/aes.h crypto/include/config.h crypto/include/key.h \
+ crypto/include/stat.h crypto/include/alloc.h crypto/include/crypto_kernel.h \
+ crypto/include/hmac.h crypto/include/null_auth.h crypto/include/rdb.h
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = srtp-1.42.pc
--- /dev/null
+<a name="introduction-to-libsrtp"></a>
+# Introduction to libSRTP
+
+This package provides an implementation of the Secure Real-time
+Transport Protocol (SRTP), the Universal Security Transform (UST), and
+a supporting cryptographic kernel. The SRTP API is documented in include/srtp.h,
+and the library is in libsrtp2.a (after compilation).
+
+This document describes libSRTP, the Open Source Secure RTP library
+from Cisco Systems, Inc. RTP is the Real-time Transport Protocol, an
+IETF standard for the transport of real-time data such as telephony,
+audio, and video, defined by [RFC 3550](https://www.ietf.org/rfc/rfc3550.txt).
+Secure RTP (SRTP) is an RTP profile for providing confidentiality to RTP data
+and authentication to the RTP header and payload. SRTP is an IETF Standard,
+defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt), and was developed
+in the IETF Audio/Video Transport (AVT) Working Group. This library supports
+all of the mandatory features of SRTP, but not all of the optional features. See
+the [Supported Features](#supported-features) section for more detailed information.
+
+This document is also used to generate the documentation files in the /doc/
+folder where a more detailed reference to the libSRTP API and related functions
+can be created (requires installing doxygen.). The reference material is created
+automatically from comments embedded in some of the C header files. The
+documentation is organized into modules in order to improve its clarity. These
+modules do not directly correspond to files. An underlying cryptographic kernel
+provides much of the basic functionality of libSRTP but is mostly undocumented
+because it does its work behind the scenes.
+
+--------------------------------------------------------------------------------
+
+<a name="contact"></a>
+# Contact Us
+
+- [libsrtp@lists.packetizer.com](mailto:libsrtp@lists.packetizer.com) general mailing list for news / announcements / discussions. This is an open list, see
+[https://lists.packetizer.com/mailman/listinfo/libsrtp](https://lists.packetizer.com/mailman/listinfo/libsrtp) for singing up.
+
+- [libsrtp-security@lists.packetizer.com](mailto:libsrtp-security@lists.packetizer.com) for disclosing security issues to the libsrtp maintenance team. This is a closed list but anyone can send to it.
+
+
+--------------------------------------------------------------------------------
+
+<a name="contents"></a>
+## Contents
+
+- [Introduction to libSRTP](#introduction-to-libsrtp)
+ - [Contact Us](#contact)
+ - [Contents](#contents)
+- [License and Disclaimer](#license-and-disclaimer)
+- [libSRTP Overview](#libsrtp-overview)
+ - [Secure RTP Background](#secure-rtp-background)
+ - [Supported Features](#supported-features)
+ - [Implementation Notes](#implementation-notes)
+- [Installing and Building libSRTP](#installing-and-building-libsrtp)
+- [Applications](#applications)
+ - [Example Code](#example-code)
+- [Credits](#credits)
+- [References](#references)
+
+--------------------------------------------------------------------------------
+
+<a name="license-and-disclaimer"></a>
+# License and Disclaimer
+
+libSRTP is distributed under the following license, which is included
+in the source code distribution. It is reproduced in the manual in
+case you got the library from another source.
+
+> Copyright (c) 2001-2017 Cisco Systems, Inc. All rights reserved.
+>
+> Redistribution and use in source and binary forms, with or without
+> modification, are permitted provided that the following conditions
+> are met:
+>
+> - Redistributions of source code must retain the above copyright
+> notice, this list of conditions and the following disclaimer.
+> - Redistributions in binary form must reproduce the above copyright
+> notice, this list of conditions and the following disclaimer in
+> the documentation and/or other materials provided with the distribution.
+> - Neither the name of the Cisco Systems, Inc. nor the names of its
+> contributors may be used to endorse or promote products derived
+> from this software without specific prior written permission.
+>
+> THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+> "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+> LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+> FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+> COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+> INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+> (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+> SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+> HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+> STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+> ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+> OF THE POSSIBILITY OF SUCH DAMAGE.
+
+--------------------------------------------------------------------------------
+
+<a name="libsrtp-overview"></a>
+# libSRTP Overview
+
+libSRTP provides functions for protecting RTP and RTCP. RTP packets
+can be encrypted and authenticated (using the `srtp_protect()`
+function), turning them into SRTP packets. Similarly, SRTP packets
+can be decrypted and have their authentication verified (using the
+`srtp_unprotect()` function), turning them into RTP packets. Similar
+functions apply security to RTCP packets.
+
+The typedef `srtp_stream_t` points to a structure holding all of the
+state associated with an SRTP stream, including the keys and
+parameters for cipher and message authentication functions and the
+anti-replay data. A particular `srtp_stream_t` holds the information
+needed to protect a particular RTP and RTCP stream. This datatype
+is intentionally opaque in order to better seperate the libSRTP
+API from its implementation.
+
+Within an SRTP session, there can be multiple streams, each
+originating from a particular sender. Each source uses a distinct
+stream context to protect the RTP and RTCP stream that it is
+originating. The typedef `srtp_t` points to a structure holding all of
+the state associated with an SRTP session. There can be multiple
+stream contexts associated with a single `srtp_t`. A stream context
+cannot exist indepent from an `srtp_t`, though of course an `srtp_t` can
+be created that contains only a single stream context. A device
+participating in an SRTP session must have a stream context for each
+source in that session, so that it can process the data that it
+receives from each sender.
+
+In libSRTP, a session is created using the function `srtp_create()`.
+The policy to be implemented in the session is passed into this
+function as an `srtp_policy_t` structure. A single one of these
+structures describes the policy of a single stream. These structures
+can also be linked together to form an entire session policy. A linked
+list of `srtp_policy_t` structures is equivalent to a session policy.
+In such a policy, we refer to a single `srtp_policy_t` as an *element*.
+
+An `srtp_policy_t` strucutre contains two `crypto_policy_t` structures
+that describe the cryptograhic policies for RTP and RTCP, as well as
+the SRTP master key and the SSRC value. The SSRC describes what to
+protect (e.g. which stream), and the `crypto_policy_t` structures
+describe how to protect it. The key is contained in a policy element
+because it simplifies the interface to the library. In many cases, it
+is desirable to use the same cryptographic policies across all of the
+streams in a session, but to use a distinct key for each stream. A
+`crypto_policy_t` structure can be initialized by using either the
+`crypto_policy_set_rtp_default()` or `crypto_policy_set_rtcp_default()`
+functions, which set a crypto policy structure to the default policies
+for RTP and RTCP protection, respectively.
+
+--------------------------------------------------------------------------------
+
+<a name="secure-rtp-background"></a>
+## Secure RTP Background
+
+In this section we review SRTP and introduce some terms that are used
+in libSRTP. An RTP session is defined by a pair of destination
+transport addresses, that is, a network address plus a pair of UDP
+ports for RTP and RTCP. RTCP, the RTP control protocol, is used to
+coordinate between the participants in an RTP session, e.g. to provide
+feedback from receivers to senders. An *SRTP session* is
+similarly defined; it is just an RTP session for which the SRTP
+profile is being used. An SRTP session consists of the traffic sent
+to the SRTP or SRTCP destination transport addresses. Each
+participant in a session is identified by a synchronization source
+(SSRC) identifier. Some participants may not send any SRTP traffic;
+they are called receivers, even though they send out SRTCP traffic,
+such as receiver reports.
+
+RTP allows multiple sources to send RTP and RTCP traffic during the
+same session. The synchronization source identifier (SSRC) is used to
+distinguish these sources. In libSRTP, we call the SRTP and SRTCP
+traffic from a particular source a *stream*. Each stream has its own
+SSRC, sequence number, rollover counter, and other data. A particular
+choice of options, cryptographic mechanisms, and keys is called a
+*policy*. Each stream within a session can have a distinct policy
+applied to it. A session policy is a collection of stream policies.
+
+A single policy can be used for all of the streams in a given session,
+though the case in which a single *key* is shared across multiple
+streams requires care. When key sharing is used, the SSRC values that
+identify the streams **must** be distinct. This requirement can be
+enforced by using the convention that each SRTP and SRTCP key is used
+for encryption by only a single sender. In other words, the key is
+shared only across streams that originate from a particular device (of
+course, other SRTP participants will need to use the key for
+decryption). libSRTP supports this enforcement by detecting the case
+in which a key is used for both inbound and outbound data.
+
+--------------------------------------------------------------------------------
+
+<a name="supported-features"></a>
+## Supported Features
+
+This library supports all of the mandatory-to-implement features of
+SRTP (as defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt)). Some of these
+features can be selected (or de-selected) at run time by setting an
+appropriate policy; this is done using the structure `srtp_policy_t`.
+Some other behaviors of the protocol can be adapted by defining an
+approriate event handler for the exceptional events; see the SRTPevents
+section in the generated documentation.
+
+Some options that are described in the SRTP specification are not
+supported. This includes
+
+- key derivation rates other than zero,
+- the cipher F8,
+- the use of the packet index to select between master keys.
+
+The user should be aware that it is possible to misuse this libary,
+and that the result may be that the security level it provides is
+inadequate. If you are implementing a feature using this library, you
+will want to read the Security Considerations section of [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt).
+In addition, it is important that you read and understand the
+terms outlined in the [License and Disclaimer](#license-and-disclaimer) section.
+
+--------------------------------------------------------------------------------
+
+<a name="implementation-notes"></a>
+## Implementation Notes
+
+ * The `srtp_protect()` function assumes that the buffer holding the
+ rtp packet has enough storage allocated that the authentication
+ tag can be written to the end of that packet. If this assumption
+ is not valid, memory corruption will ensue.
+
+ * Automated tests for the crypto functions are provided through
+ the `cipher_type_self_test()` and `auth_type_self_test()` functions.
+ These functions should be used to test each port of this code
+ to a new platform.
+
+ * Replay protection is contained in the crypto engine, and
+ tests for it are provided.
+
+ * This implementation provides calls to initialize, protect, and
+ unprotect RTP packets, and makes as few as possible assumptions
+ about how these functions will be called. For example, the
+ caller is not expected to provide packets in order (though if
+ they're called more than 65k out of sequence, synchronization
+ will be lost).
+
+ * The sequence number in the rtp packet is used as the low 16 bits
+ of the sender's local packet index. Note that RTP will start its
+ sequence number in a random place, and the SRTP layer just jumps
+ forward to that number at its first invocation. An earlier
+ version of this library used initial sequence numbers that are
+ less than 32,768; this trick is no longer required as the
+ `rdbx_estimate_index(...)` function has been made smarter.
+
+ * The replay window for (S)RTCP is hardcoded to 128 bits in length.
+
+--------------------------------------------------------------------------------
+
+<a name="installing-and-building-libsrtp"></a>
+# Installing and Building libSRTP
+
+To install libSRTP, download the latest release of the distribution
+from [https://github.com/cisco/libsrtp/releases](https://github.com/cisco/libsrtp/releases).
+You probably want to get the most recent release. Unpack the distribution and
+extract the source files; the directory into which the source files
+will go is named `libsrtp-A-B-C` where `A` is the version number, `B` is the
+major release number and `C` is the minor release number.
+
+libSRTP uses the GNU `autoconf` and `make` utilities (BSD make will not work; if
+both versions of make are on your platform, you can invoke GNU make as
+`gmake`.). In the `libsrtp` directory, run the configure script and then
+make:
+
+~~~.txt
+./configure [ options ]
+make
+~~~
+
+The configure script accepts the following options:
+
+Option | Description
+-------------------------------|--------------------
+\-\-help \-h | Display help
+\-\-enable-debug-logging | Enable debug logging in all modules
+\-\-enable-log-stdout | Enable logging to stdout
+\-\-enable-openssl | Enable OpenSSL crypto engine
+\-\-enable-openssl-kdf | Enable OpenSSL KDF algorithm
+\-\-with-log-file | Use file for logging
+\-\-with-openssl-dir | Location of OpenSSL installation
+
+By default there is no log output, logging can be enabled to be output to stdout
+or a given file using the configure options.
+
+This package has been tested on the following platforms: Mac OS X
+(powerpc-apple-darwin1.4), Cygwin (i686-pc-cygwin), Solaris
+(sparc-sun-solaris2.6), RedHat Linux 7.1 and 9 (i686-pc-linux), and
+OpenBSD (sparc-unknown-openbsd2.7).
+
+--------------------------------------------------------------------------------
+
+<a name="applications"></a>
+# Applications
+
+Several test drivers and a simple and portable srtp application are
+included in the `test/` subdirectory.
+
+Test driver | Function tested
+--------- | -------
+kernel_driver | crypto kernel (ciphers, auth funcs, rng)
+srtp_driver | srtp in-memory tests (does not use the network)
+rdbx_driver | rdbx (extended replay database)
+roc_driver | extended sequence number functions
+replay_driver | replay database
+cipher_driver | ciphers
+auth_driver | hash functions
+
+The app `rtpw` is a simple rtp application which reads words from
+`/usr/dict/words` and then sends them out one at a time using [s]rtp.
+Manual srtp keying uses the -k option; automated key management
+using gdoi will be added later.
+
+usage:
+~~~.txt
+rtpw [[-d <debug>]* [-k|b <key> [-a][-e <key size>][-g]] [-s | -r] dest_ip dest_port] | [-l]
+~~~
+
+Either the -s (sender) or -r (receiver) option must be chosen. The
+values `dest_ip`, `dest_port` are the IP address and UDP port to which
+the dictionary will be sent, respectively.
+
+The options are:
+
+Option | Description
+--------- | -------
+ -s | (S)RTP sender - causes app to send words
+ -r | (S)RTP receive - causes app to receive words
+ -k <key> | use SRTP master key <key>, where the key is a hexadecimal (without the leading "0x")
+ -b <key> | same as -k but with base64 encoded key
+ -e <keysize> | encrypt/decrypt (for data confidentiality) (requires use of -k option as well) (use 128, 192, or 256 for keysize)
+ -g | use AES-GCM mode (must be used with -e)
+ -a | message authentication (requires use of -k option as well)
+ -l | list the available debug modules
+ -d <debug> | turn on debugging for module <debug>
+
+In order to get random 30-byte values for use as key/salt pairs , you
+can use the following bash function to format the output of
+`/dev/random` (where that device is available).
+
+~~~.txt
+function randhex() {
+ cat /dev/random | od --read-bytes=32 --width=32 -x | awk '{ print $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 }'
+}
+~~~
+
+An example of an SRTP session using two rtpw programs follows:
+
+~~~.txt
+set k=c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451
+
+[sh1]$ test/rtpw -s -k $k -e 128 -a 0.0.0.0 9999
+Security services: confidentiality message authentication
+set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
+setting SSRC to 2078917053
+sending word: A
+sending word: a
+sending word: aa
+sending word: aal
+...
+
+[sh2]$ test/rtpw -r -k $k -e 128 -a 0.0.0.0 9999
+security services: confidentiality message authentication
+set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
+19 octets received from SSRC 2078917053 word: A
+19 octets received from SSRC 2078917053 word: a
+20 octets received from SSRC 2078917053 word: aa
+21 octets received from SSRC 2078917053 word: aal
+...
+~~~
+
+--------------------------------------------------------------------------------
+
+<a name="example-code"></a>
+## Example Code
+
+This section provides a simple example of how to use libSRTP. The
+example code lacks error checking, but is functional. Here we assume
+that the value ssrc is already set to describe the SSRC of the stream
+that we are sending, and that the functions `get_rtp_packet()` and
+`send_srtp_packet()` are available to us. The former puts an RTP packet
+into the buffer and returns the number of octets written to that
+buffer. The latter sends the RTP packet in the buffer, given the
+length as its second argument.
+
+~~~.c
+srtp_t session;
+srtp_policy_t policy;
+
+// Set key to predetermined value
+uint8_t key[30] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D};
+
+// initialize libSRTP
+srtp_init();
+
+// set policy to describe a policy for an SRTP stream
+crypto_policy_set_rtp_default(&policy.rtp);
+crypto_policy_set_rtcp_default(&policy.rtcp);
+policy.ssrc = ssrc;
+policy.key = key;
+policy.next = NULL;
+
+// allocate and initialize the SRTP session
+srtp_create(&session, &policy);
+
+// main loop: get rtp packets, send srtp packets
+while (1) {
+ char rtp_buffer[2048];
+ unsigned len;
+
+ len = get_rtp_packet(rtp_buffer);
+ srtp_protect(session, rtp_buffer, &len);
+ send_srtp_packet(rtp_buffer, len);
+}
+~~~
+
+--------------------------------------------------------------------------------
+
+<a name="credits"></a>
+# Credits
+
+The original implementation and documentation of libSRTP was written
+by David McGrew of Cisco Systems, Inc. in order to promote the use,
+understanding, and interoperability of Secure RTP. Michael Jerris
+contributed support for building under MSVC. Andris Pavenis
+contributed many important fixes. Brian West contributed changes to
+enable dynamic linking. Yves Shumann reported documentation bugs.
+Randell Jesup contributed a working SRTCP implementation and other
+fixes. Steve Underwood contributed x86_64 portability changes. We also give
+thanks to Fredrik Thulin, Brian Weis, Mark Baugher, Jeff Chan, Bill
+Simon, Douglas Smith, Bill May, Richard Preistley, Joe Tardo and
+others for contributions, comments, and corrections.
+
+This reference material, when applicable, in this documenation was generated
+using the doxygen utility for automatic documentation of source code.
+
+Copyright 2001-2005 by David A. McGrew, Cisco Systems, Inc.
+
+--------------------------------------------------------------------------------
+
+<a name="references"></a>
+# References
+
+SRTP and ICM References
+September, 2005
+
+Secure RTP is defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt).
+The counter mode definition is in Section 4.1.1.
+
+SHA-1 is defined in [FIPS PUB 180-4](http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf).
+
+HMAC is defined in [RFC 2104](https://www.ietf.org/rfc/rfc2104.txt)
+and HMAC-SHA1 test vectors are available
+in [RFC 2202](https://www.ietf.org/rfc/rfc2202.txt).
+
+AES-GCM usage in SRTP is defined in [RFC 7714](https://www.ietf.org/html/rfc7714)
--- /dev/null
+/* Hacked config.h for Windows XP 32-bit & VC7 */
+
+#ifdef (_MSC_VER >= 1400)
+# define HAVE_RAND_S 1
+#endif
+
+/* Define if building for a CISC machine (e.g. Intel). */
+#define CPU_CISC 1
+
+/* Define if building for a RISC machine (assume slow byte access). */
+#undef CPU_RISC
+
+/* Path to random device */
+#undef DEV_URANDOM
+
+/* Define to enabled debug logging for all mudules. */
+#undef ENABLE_DEBUG_LOGGING
+
+/* Logging statments will be writen to this file. */
+#undef ERR_REPORTING_FILE
+
+/* Define to redirect logging to stdout. */
+#undef ERR_REPORTING_STDOUT
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#undef HAVE_ARPA_INET_H
+
+/* Define to 1 if you have the <byteswap.h> header file. */
+#undef HAVE_BYTESWAP_H
+
+/* Define to 1 if you have the `inet_aton' function. */
+#define HAVE_INET_ATON 1
+
+/* Define to 1 if the system has the type `int16_t'. */
+#undef HAVE_INT16_T
+
+/* Define to 1 if the system has the type `int32_t'. */
+#undef HAVE_INT32_T
+
+/* Define to 1 if the system has the type `int8_t'. */
+#undef HAVE_INT8_T
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+#undef HAVE_LIBSOCKET
+
+/* Define to 1 if you have the <machine/types.h> header file. */
+#undef HAVE_MACHINE_TYPES_H
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#undef HAVE_NETINET_IN_H
+
+/* Define to 1 if you have the `socket' function. */
+#define HAVE_SOCKET 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the <sys/int_types.h> header file. */
+#undef HAVE_SYS_INT_TYPES_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#undef HAVE_SYS_UIO_H
+
+/* Define to 1 if the system has the type `uint16_t'. */
+#undef HAVE_UINT16_T
+
+/* Define to 1 if the system has the type `uint32_t'. */
+#undef HAVE_UINT32_T
+
+/* Define to 1 if the system has the type `uint64_t'. */
+#undef HAVE_UINT64_T
+
+/* Define to 1 if the system has the type `uint8_t'. */
+#undef HAVE_UINT8_T
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the `usleep' function. */
+#define HAVE_USLEEP 1
+
+/* Define to 1 if you have the <windows.h> header file. */
+#define HAVE_WINDOWS_H 1
+
+/* Define to 1 if you have the <winsock2.h> header file. */
+#define HAVE_WINSOCK2_H 1
+
+/* Define to use X86 inlined assembly code */
+#undef HAVE_X86
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* The size of a `unsigned long', as computed by sizeof. */
+#define SIZEOF_UNSIGNED_LONG 4
+
+/* The size of a `unsigned long long', as computed by sizeof. */
+#define SIZEOF_UNSIGNED_LONG_LONG 8
+
+/* Define to use GDOI. */
+#undef SRTP_GDOI
+
+/* Define to compile for kernel contexts. */
+#undef SRTP_KERNEL
+
+/* Define to compile for Linux kernel context. */
+#undef SRTP_KERNEL_LINUX
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define to 1 if your processor stores words with the most significant byte
+ first (like Motorola and SPARC, unlike Intel and VAX). */
+#undef WORDS_BIGENDIAN
+
+/* Define to empty if `const' does not conform to ANSI C. */
+//#undef const
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+ calls it, or to nothing if 'inline' is not supported under any name. */
+//#ifndef __cplusplus
+//#undef inline
+//#endif
+#define inline __inline
+
+/* Define to `unsigned' if <sys/types.h> does not define. */
+//#undef size_t
#if (_MSC_VER >= 1400)
# define HAVE_RAND_S 1
+# define _CRT_RAND_S
#endif
/* Define if building for a CISC machine (e.g. Intel). */
/* Define if building for a RISC machine (assume slow byte access). */
/* #undef CPU_RISC */
-/* Path to random device */
-/* #define DEV_URANDOM "/dev/urandom" */
+/* Define to enabled debug logging for all mudules. */
+#undef ENABLE_DEBUG_LOGGING
-/* Define to compile in dynamic debugging system. */
-#define ENABLE_DEBUGGING 1
-
-/* Report errors to this file. */
+/* Logging statments will be writen to this file. */
/* #undef ERR_REPORTING_FILE */
-/* Define to use logging to stdout. */
-#define ERR_REPORTING_STDOUT 1
-
-/* Define this to use ISMAcryp code. */
-/* #undef GENERIC_AESICM */
+/* Define to redirect logging to stdout. */
+#undef ERR_REPORTING_STDOUT
/* Define to 1 if you have the <arpa/inet.h> header file. */
/* #undef HAVE_ARPA_INET_H */
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
-/* Define to 1 if you have the <syslog.h> header file. */
-/* #undef HAVE_SYSLOG_H */
-
/* Define to 1 if you have the <sys/int_types.h> header file. */
/* #undef HAVE_SYS_INT_TYPES_H */
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
-/* Write errors to this file */
-/* #undef USE_ERR_REPORTING_FILE */
-
-/* Define to use syslog logging. */
-/* #undef USE_SYSLOG */
-
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
/* #undef WORDS_BIGENDIAN */
--- /dev/null
+/* crypto/include/config.h. Generated by configure. */
+/* config_in.h. Generated from configure.in by autoheader. */
+
+#if (_MSC_VER >= 1400)
+# define HAVE_RAND_S 1
+# define _CRT_RAND_S
+#endif
+
+/* Define if building for a CISC machine (e.g. Intel). */
+#define CPU_CISC 1
+
+/* Define if building for a RISC machine (assume slow byte access). */
+/* #undef CPU_RISC */
+
+/* Define to enabled debug logging for all mudules. */
+#undef ENABLE_DEBUG_LOGGING
+
+/* Logging statments will be writen to this file. */
+/* #undef ERR_REPORTING_FILE */
+
+/* Define to redirect logging to stdout. */
+#undef ERR_REPORTING_STDOUT
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+/* #undef HAVE_ARPA_INET_H */
+
+/* Define to 1 if you have the <byteswap.h> header file. */
+/* #undef HAVE_BYTESWAP_H */
+
+/* Define to 1 if you have the `inet_aton' function. */
+/* #undef HAVE_INET_ATON */
+
+/* Define to 1 if the system has the type `int16_t'. */
+#define HAVE_INT16_T 1
+
+/* Define to 1 if the system has the type `int32_t'. */
+#define HAVE_INT32_T 1
+
+/* Define to 1 if the system has the type `int8_t'. */
+#define HAVE_INT8_T 1
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+/* #undef HAVE_INTTYPES_H */
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+/* #undef HAVE_LIBSOCKET */
+
+/* Define to 1 if you have the <machine/types.h> header file. */
+/* #undef HAVE_MACHINE_TYPES_H */
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+/* #undef HAVE_NETINET_IN_H */
+
+/* Define to 1 if you have the `socket' function. */
+/* #undef HAVE_SOCKET */
+
+/* Define to 1 if you have the <stdint.h> header file. */
+/* #undef HAVE_STDINT_H */
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the <sys/int_types.h> header file. */
+/* #undef HAVE_SYS_INT_TYPES_H */
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+/* #undef HAVE_SYS_SOCKET_H */
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+/* #undef HAVE_SYS_UIO_H */
+
+/* Define to 1 if the system has the type `uint16_t'. */
+#define HAVE_UINT16_T 1
+
+/* Define to 1 if the system has the type `uint32_t'. */
+#define HAVE_UINT32_T 1
+
+/* Define to 1 if the system has the type `uint64_t'. */
+#define HAVE_UINT64_T 1
+
+/* Define to 1 if the system has the type `uint8_t'. */
+#define HAVE_UINT8_T 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+/* #undef HAVE_UNISTD_H */
+
+/* Define to 1 if you have the `usleep' function. */
+/* #undef HAVE_USLEEP */
+
+/* Define to 1 if you have the <windows.h> header file. */
+#define HAVE_WINDOWS_H 1
+
+/* Define to 1 if you have the <winsock2.h> header file. */
+#define HAVE_WINSOCK2_H 1
+
+/* Define to use X86 inlined assembly code */
+/* #undef HAVE_X86 */
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT ""
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME ""
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING ""
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME ""
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION ""
+
+/* The size of a `unsigned long', as computed by sizeof. */
+#define SIZEOF_UNSIGNED_LONG 4
+
+/* The size of a `unsigned long long', as computed by sizeof. */
+#define SIZEOF_UNSIGNED_LONG_LONG 8
+
+/* Define to use GDOI. */
+/* #undef SRTP_GDOI */
+
+/* Define to compile for kernel contexts. */
+/* #undef SRTP_KERNEL */
+
+/* Define to compile for Linux kernel context. */
+/* #undef SRTP_KERNEL_LINUX */
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* Define to 1 if your processor stores words with the most significant byte
+ first (like Motorola and SPARC, unlike Intel and VAX). */
+/* #undef WORDS_BIGENDIAN */
+
+/* Define to empty if `const' does not conform to ANSI C. */
+/* #undef const */
+
+/* Define 'inline' to nothing, since the MSVC compiler doesn't support it. */
+#define inline
+
+/* Define to `unsigned' if <sys/types.h> does not define. */
+/* #undef size_t */
+
+#if (_MSC_VER >= 1400) // VC8+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE
+#endif
+#ifndef _CRT_NONSTDC_NO_DEPRECATE
+#define _CRT_NONSTDC_NO_DEPRECATE
+#endif
+#endif // VC8+
+
+#ifndef uint32_t
+typedef unsigned __int8 uint8_t;
+typedef unsigned __int16 uint16_t;
+typedef unsigned __int32 uint32_t;
+typedef unsigned __int64 uint64_t;
+typedef __int8 int8_t;
+typedef __int16 int16_t;
+typedef __int32 int32_t;
+typedef __int64 int64_t;
+#endif
+
+#ifdef _MSC_VER
+#pragma warning(disable:4311)
+#endif
[AC_MSG_FAILURE([can't find openssl >1.0.1 crypto lib])])
AC_DEFINE(OPENSSL, 1, [Define this to use OpenSSL crypto.])
AES_ICM_OBJS="crypto/cipher/aes_icm_ossl.o crypto/cipher/aes_gcm_ossl.o"
- RNG_OBJS=rand_source_ossl.o
HMAC_OBJS=crypto/hash/hmac_ossl.o
USE_OPENSSL=1
AC_SUBST(USE_OPENSSL)
AES_ICM_OBJS="crypto/cipher/aes_icm.o crypto/cipher/aes.o crypto/cipher/aes_cbc.o"
AC_MSG_CHECKING(which random device to use)
if test "$enable_kernel_linux" = "yes"; then
- RNG_OBJS=rand_linux_kernel.o
AC_MSG_RESULT([Linux kernel builtin])
else
- RNG_OBJS=rand_source.o
if test -n "$DEV_URANDOM"; then
AC_DEFINE_UNQUOTED(DEV_URANDOM, "$DEV_URANDOM",[Path to random device])
AC_MSG_RESULT([$DEV_URANDOM])
AC_MSG_RESULT([standard rand() function...])
fi
fi
- RNG_EXTRA_OBJS="crypto/rng/prng.o crypto/rng/ctr_prng.o"
HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o"
fi
AM_CONDITIONAL([ENABLE_OPENSSL],[test "${enable_openssl}" = "yes"])
-AM_CONDITIONAL([RNG_OBJS_LINUX], test x$enable_kernel_linux = xyes)
AC_SUBST(AES_ICM_OBJS)
-AC_SUBST(RNG_OBJS)
-AC_SUBST(RNG_EXTRA_OBJS)
AC_SUBST(HMAC_OBJS)
AC_MSG_RESULT($enable_openssl)
AC_OUTPUT(Makefile crypto/Makefile doc/Makefile test/Makefile srtp-1.42.pc)
# This is needed when building outside the source dir.
-AS_MKDIR_P(crypto/ae_xfm)
AS_MKDIR_P(crypto/cipher)
AS_MKDIR_P(crypto/hash)
AS_MKDIR_P(crypto/kernel)
AS_MKDIR_P(crypto/math)
AS_MKDIR_P(crypto/replay)
-AS_MKDIR_P(crypto/rng)
AS_MKDIR_P(crypto/test)
AS_MKDIR_P(doc)
AS_MKDIR_P(srtp)
+++ /dev/null
-/*
- * xfm.c
- *
- * Crypto transform implementation
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-#include "cryptoalg.h"
-#include "aes_cbc.h"
-#include "hmac.h"
-#include "crypto_kernel.h" /* for crypto_get_random() */
-
-#define KEY_LEN 16
-#define ENC_KEY_LEN 16
-#define MAC_KEY_LEN 16
-#define IV_LEN 16
-#define TAG_LEN 12
-#define MAX_EXPAND 27
-
-err_status_t
-aes_128_cbc_hmac_sha1_96_func(void *key,
- void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len,
- void *auth_tag) {
- aes_cbc_ctx_t aes_ctx;
- hmac_ctx_t hmac_ctx;
- unsigned char enc_key[ENC_KEY_LEN];
- unsigned char mac_key[MAC_KEY_LEN];
- err_status_t status;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-
- /* derive encryption and authentication keys from the input key */
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
- if (status) return status;
-
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
- if (status) return status;
-
-
- /* perform encryption and authentication */
-
- /* set aes key */
- status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_encrypt);
- if (status) return status;
-
- /* set iv */
- status = crypto_get_random(iv, IV_LEN);
- if (status) return status;
- status = aes_cbc_set_iv(&aes_ctx, iv);
-
- /* encrypt the opaque data */
- status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len);
- if (status) return status;
-
- /* authenticate clear and opaque data */
- status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
- if (status) return status;
-
- status = hmac_start(&hmac_ctx);
- if (status) return status;
-
- status = hmac_update(&hmac_ctx, clear, clear_len);
- if (status) return status;
-
- status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag);
- if (status) return status;
-
- }
-
- return err_status_ok;
-}
-
-err_status_t
-aes_128_cbc_hmac_sha1_96_inv(void *key,
- void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len,
- void *auth_tag) {
- aes_cbc_ctx_t aes_ctx;
- hmac_ctx_t hmac_ctx;
- unsigned char enc_key[ENC_KEY_LEN];
- unsigned char mac_key[MAC_KEY_LEN];
- unsigned char tmp_tag[TAG_LEN];
- unsigned char *tag = auth_tag;
- err_status_t status;
- int i;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-
- /* derive encryption and authentication keys from the input key */
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
- if (status) return status;
-
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
- if (status) return status;
-
- /* perform encryption and authentication */
-
- /* set aes key */
- status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_decrypt);
- if (status) return status;
-
- /* set iv */
- status = rand_source_get_octet_string(iv, IV_LEN);
- if (status) return status;
- status = aes_cbc_set_iv(&aes_ctx, iv);
-
- /* encrypt the opaque data */
- status = aes_cbc_nist_decrypt(&aes_ctx, opaque, opaque_len);
- if (status) return status;
-
- /* authenticate clear and opaque data */
- status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
- if (status) return status;
-
- status = hmac_start(&hmac_ctx);
- if (status) return status;
-
- status = hmac_update(&hmac_ctx, clear, clear_len);
- if (status) return status;
-
- status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, tmp_tag);
- if (status) return status;
-
- /* compare the computed tag with the one provided as input */
- for (i=0; i < TAG_LEN; i++)
- if (tmp_tag[i] != tag[i])
- return err_status_auth_fail;
-
- }
-
- return err_status_ok;
-}
-
-
-#define ENC 1
-
-#define DEBUG_PRINT 0
-
-err_status_t
-aes_128_cbc_hmac_sha1_96_enc(void *key,
- const void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len) {
- aes_cbc_ctx_t aes_ctx;
- hmac_ctx_t hmac_ctx;
- unsigned char enc_key[ENC_KEY_LEN];
- unsigned char mac_key[MAC_KEY_LEN];
- unsigned char *auth_tag;
- err_status_t status;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-
-#if DEBUG_PRINT
- printf("ENC using key %s\n", octet_string_hex_string(key, KEY_LEN));
-#endif
-
- /* derive encryption and authentication keys from the input key */
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
- if (status) return status;
-
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
- if (status) return status;
-
-
- /* perform encryption and authentication */
-
- /* set aes key */
- status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_encrypt);
- if (status) return status;
-
- /* set iv */
- status = rand_source_get_octet_string(iv, IV_LEN);
- if (status) return status;
- status = aes_cbc_set_iv(&aes_ctx, iv);
- if (status) return status;
-
-#if DEBUG_PRINT
- printf("plaintext len: %d\n", *opaque_len);
- printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN));
- printf("plaintext: %s\n", octet_string_hex_string(opaque, *opaque_len));
-#endif
-
-#if ENC
- /* encrypt the opaque data */
- status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len);
- if (status) return status;
-#endif
-
-#if DEBUG_PRINT
- printf("ciphertext len: %d\n", *opaque_len);
- printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len));
-#endif
-
- /*
- * authenticate clear and opaque data, then write the
- * authentication tag to the location immediately following the
- * ciphertext
- */
- status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
- if (status) return status;
-
- status = hmac_start(&hmac_ctx);
- if (status) return status;
-
- status = hmac_update(&hmac_ctx, clear, clear_len);
- if (status) return status;
-#if DEBUG_PRINT
- printf("hmac input: %s\n",
- octet_string_hex_string(clear, clear_len));
-#endif
- auth_tag = (unsigned char *)opaque;
- auth_tag += *opaque_len;
- status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag);
- if (status) return status;
-#if DEBUG_PRINT
- printf("hmac input: %s\n",
- octet_string_hex_string(opaque, *opaque_len));
-#endif
- /* bump up the opaque_len to reflect the authentication tag */
- *opaque_len += TAG_LEN;
-
-#if DEBUG_PRINT
- printf("prot data len: %d\n", *opaque_len);
- printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len));
-#endif
- }
-
- return err_status_ok;
-}
-
-err_status_t
-aes_128_cbc_hmac_sha1_96_dec(void *key,
- const void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len) {
- aes_cbc_ctx_t aes_ctx;
- hmac_ctx_t hmac_ctx;
- unsigned char enc_key[ENC_KEY_LEN];
- unsigned char mac_key[MAC_KEY_LEN];
- unsigned char tmp_tag[TAG_LEN];
- unsigned char *auth_tag;
- unsigned ciphertext_len;
- err_status_t status;
- int i;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-#if DEBUG_PRINT
- printf("DEC using key %s\n", octet_string_hex_string(key, KEY_LEN));
-#endif
-
- /* derive encryption and authentication keys from the input key */
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
- if (status) return status;
-
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
- if (status) return status;
-
-#if DEBUG_PRINT
- printf("prot data len: %d\n", *opaque_len);
- printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len));
-#endif
-
- /*
- * set the protected data length to that of the ciphertext, by
- * subtracting out the length of the authentication tag
- */
- ciphertext_len = *opaque_len - TAG_LEN;
-
-#if DEBUG_PRINT
- printf("ciphertext len: %d\n", ciphertext_len);
-#endif
- /* verify the authentication tag */
-
- /*
- * compute the authentication tag for the clear and opaque data,
- * and write it to a temporary location
- */
- status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
- if (status) return status;
-
- status = hmac_start(&hmac_ctx);
- if (status) return status;
-
- status = hmac_update(&hmac_ctx, clear, clear_len);
- if (status) return status;
-
-#if DEBUG_PRINT
- printf("hmac input: %s\n",
- octet_string_hex_string(clear, clear_len));
-#endif
-
- status = hmac_compute(&hmac_ctx, opaque, ciphertext_len, TAG_LEN, tmp_tag);
- if (status) return status;
-
-#if DEBUG_PRINT
- printf("hmac input: %s\n",
- octet_string_hex_string(opaque, ciphertext_len));
-#endif
-
- /*
- * compare the computed tag with the one provided as input (which
- * immediately follows the ciphertext)
- */
- auth_tag = (unsigned char *)opaque;
- auth_tag += ciphertext_len;
-#if DEBUG_PRINT
- printf("auth_tag: %s\n", octet_string_hex_string(auth_tag, TAG_LEN));
- printf("tmp_tag: %s\n", octet_string_hex_string(tmp_tag, TAG_LEN));
-#endif
- for (i=0; i < TAG_LEN; i++) {
- if (tmp_tag[i] != auth_tag[i])
- return err_status_auth_fail;
- }
-
- /* bump down the opaque_len to reflect the authentication tag */
- *opaque_len -= TAG_LEN;
-
- /* decrypt the confidential data */
- status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_decrypt);
- if (status) return status;
- status = aes_cbc_set_iv(&aes_ctx, iv);
- if (status) return status;
-
-#if DEBUG_PRINT
- printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len));
- printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN));
-#endif
-
-#if ENC
- status = aes_cbc_nist_decrypt(&aes_ctx, opaque, &ciphertext_len);
- if (status) return status;
-#endif
-
-#if DEBUG_PRINT
- printf("plaintext len: %d\n", ciphertext_len);
- printf("plaintext: %s\n",
- octet_string_hex_string(opaque, ciphertext_len));
-#endif
-
- /* indicate the length of the plaintext */
- *opaque_len = ciphertext_len;
- }
-
- return err_status_ok;
-}
-
-cryptoalg_ctx_t cryptoalg_ctx = {
- aes_128_cbc_hmac_sha1_96_enc,
- aes_128_cbc_hmac_sha1_96_dec,
- KEY_LEN,
- IV_LEN,
- TAG_LEN,
- MAX_EXPAND,
-};
-
-cryptoalg_t cryptoalg = &cryptoalg_ctx;
-
-#define NULL_TAG_LEN 12
-
-err_status_t
-null_enc(void *key,
- const void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len) {
- int i;
- unsigned char *auth_tag;
- unsigned char *init_vec = iv;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-
-#if DEBUG_PRINT
- printf("NULL ENC using key %s\n", octet_string_hex_string(key, KEY_LEN));
- printf("NULL_TAG_LEN: %d\n", NULL_TAG_LEN);
- printf("plaintext len: %d\n", *opaque_len);
-#endif
- for (i=0; i < IV_LEN; i++)
- init_vec[i] = i + (i * 16);
-#if DEBUG_PRINT
- printf("iv: %s\n",
- octet_string_hex_string(iv, IV_LEN));
- printf("plaintext: %s\n",
- octet_string_hex_string(opaque, *opaque_len));
-#endif
- auth_tag = opaque;
- auth_tag += *opaque_len;
- for (i=0; i < NULL_TAG_LEN; i++)
- auth_tag[i] = i + (i * 16);
- *opaque_len += NULL_TAG_LEN;
-#if DEBUG_PRINT
- printf("protected data len: %d\n", *opaque_len);
- printf("protected data: %s\n",
- octet_string_hex_string(opaque, *opaque_len));
-#endif
-
- }
-
- return err_status_ok;
-}
-
-err_status_t
-null_dec(void *key,
- const void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len) {
- unsigned char *auth_tag;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-
-#if DEBUG_PRINT
- printf("NULL DEC using key %s\n", octet_string_hex_string(key, KEY_LEN));
-
- printf("protected data len: %d\n", *opaque_len);
- printf("protected data: %s\n",
- octet_string_hex_string(opaque, *opaque_len));
-#endif
- auth_tag = opaque;
- auth_tag += (*opaque_len - NULL_TAG_LEN);
-#if DEBUG_PRINT
- printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN));
-#endif
- *opaque_len -= NULL_TAG_LEN;
-#if DEBUG_PRINT
- printf("plaintext len: %d\n", *opaque_len);
- printf("plaintext: %s\n",
- octet_string_hex_string(opaque, *opaque_len));
-#endif
- }
-
- return err_status_ok;
-}
-
-cryptoalg_ctx_t null_cryptoalg_ctx = {
- null_enc,
- null_dec,
- KEY_LEN,
- IV_LEN,
- NULL_TAG_LEN,
- MAX_EXPAND,
-};
-
-cryptoalg_t null_cryptoalg = &null_cryptoalg_ctx;
-
-int
-cryptoalg_get_id(cryptoalg_t c) {
- if (c == cryptoalg)
- return 1;
- return 0;
-}
-
-cryptoalg_t
-cryptoalg_find_by_id(int id) {
- switch(id) {
- case 1:
- return cryptoalg;
- default:
- break;
- }
- return 0;
-}
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
#include "aes.h"
#include "err.h"
-/*
- * we use the tables T0, T1, T2, T3, and T4 to compute AES, and
+/*
+ * we use the tables T0, T1, T2, T3, and T4 to compute AES, and
* the tables U0, U1, U2, and U4 to compute its inverse
*
* different tables are used on little-endian (Intel, VMS) and
#ifndef WORDS_BIGENDIAN
-static uint32_t T0[256] = {
- 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
- 0xdf2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
- 0x50303060, 0x3010102, 0xa96767ce, 0x7d2b2b56,
- 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
- 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
- 0x15fafaef, 0xeb5959b2, 0xc947478e, 0xbf0f0fb,
- 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
- 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
- 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
- 0x5a36366c, 0x413f3f7e, 0x2f7f7f5, 0x4fcccc83,
- 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x8f1f1f9,
- 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
- 0xc040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
- 0x28181830, 0xa1969637, 0xf05050a, 0xb59a9a2f,
- 0x907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
- 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
- 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
- 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
- 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
- 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
- 0xf55353a6, 0x68d1d1b9, 0x0, 0x2cededc1,
- 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
- 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
- 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
- 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
- 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
- 0xcf45458a, 0x10f9f9e9, 0x6020204, 0x817f7ffe,
- 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
- 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
- 0xad92923f, 0xbc9d9d21, 0x48383870, 0x4f5f5f1,
- 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
- 0x30101020, 0x1affffe5, 0xef3f3fd, 0x6dd2d2bf,
- 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
- 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
- 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
- 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
- 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
- 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
- 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
- 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
- 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
- 0xdb494992, 0xa06060c, 0x6c242448, 0xe45c5cb8,
- 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
- 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
- 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
- 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
- 0xb46c6cd8, 0xfa5656ac, 0x7f4f4f3, 0x25eaeacf,
- 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
- 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
- 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
- 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
- 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
- 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
- 0xd8484890, 0x5030306, 0x1f6f6f7, 0x120e0e1c,
- 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
- 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
- 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
- 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
- 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
- 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
- 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
- 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
- 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
- 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c,
+static const uint32_t T0[256] = {
+ 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
+ 0xdf2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
+ 0x50303060, 0x3010102, 0xa96767ce, 0x7d2b2b56,
+ 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
+ 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
+ 0x15fafaef, 0xeb5959b2, 0xc947478e, 0xbf0f0fb,
+ 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
+ 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
+ 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
+ 0x5a36366c, 0x413f3f7e, 0x2f7f7f5, 0x4fcccc83,
+ 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x8f1f1f9,
+ 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
+ 0xc040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
+ 0x28181830, 0xa1969637, 0xf05050a, 0xb59a9a2f,
+ 0x907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
+ 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
+ 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
+ 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
+ 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
+ 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
+ 0xf55353a6, 0x68d1d1b9, 0x0, 0x2cededc1,
+ 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
+ 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
+ 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
+ 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
+ 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
+ 0xcf45458a, 0x10f9f9e9, 0x6020204, 0x817f7ffe,
+ 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
+ 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
+ 0xad92923f, 0xbc9d9d21, 0x48383870, 0x4f5f5f1,
+ 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
+ 0x30101020, 0x1affffe5, 0xef3f3fd, 0x6dd2d2bf,
+ 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
+ 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
+ 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
+ 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
+ 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
+ 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
+ 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
+ 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
+ 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
+ 0xdb494992, 0xa06060c, 0x6c242448, 0xe45c5cb8,
+ 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
+ 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
+ 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
+ 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
+ 0xb46c6cd8, 0xfa5656ac, 0x7f4f4f3, 0x25eaeacf,
+ 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
+ 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
+ 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
+ 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
+ 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
+ 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
+ 0xd8484890, 0x5030306, 0x1f6f6f7, 0x120e0e1c,
+ 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
+ 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
+ 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
+ 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
+ 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
+ 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
+ 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
+ 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
+ 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
+ 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c,
};
-static uint32_t T1[256] = {
- 0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d,
- 0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154,
- 0x30306050, 0x1010203, 0x6767cea9, 0x2b2b567d,
- 0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a,
- 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87,
- 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b,
- 0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea,
- 0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b,
- 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a,
- 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f,
- 0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908,
- 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f,
- 0x404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e,
- 0x18183028, 0x969637a1, 0x5050a0f, 0x9a9a2fb5,
- 0x7070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d,
- 0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f,
- 0x909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e,
- 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb,
- 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce,
- 0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397,
- 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c,
- 0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed,
- 0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b,
- 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a,
- 0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16,
- 0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194,
- 0x45458acf, 0xf9f9e910, 0x2020406, 0x7f7ffe81,
- 0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3,
- 0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a,
- 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104,
- 0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263,
- 0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d,
- 0xcdcd814c, 0xc0c1814, 0x13132635, 0xececc32f,
- 0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39,
- 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47,
- 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695,
- 0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f,
- 0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83,
- 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c,
- 0xdedea779, 0x5e5ebce2, 0xb0b161d, 0xdbdbad76,
- 0xe0e0db3b, 0x32326456, 0x3a3a744e, 0xa0a141e,
- 0x494992db, 0x6060c0a, 0x2424486c, 0x5c5cb8e4,
- 0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6,
- 0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b,
- 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7,
- 0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0,
- 0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25,
- 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x8081018,
- 0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72,
- 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751,
- 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21,
- 0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85,
- 0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa,
- 0x484890d8, 0x3030605, 0xf6f6f701, 0xe0e1c12,
- 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0,
- 0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9,
- 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233,
- 0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7,
- 0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920,
- 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a,
- 0x8c8c038f, 0xa1a159f8, 0x89890980, 0xd0d1a17,
- 0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8,
- 0x414182c3, 0x999929b0, 0x2d2d5a77, 0xf0f1e11,
- 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a,
+static const uint32_t T1[256] = {
+ 0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d,
+ 0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154,
+ 0x30306050, 0x1010203, 0x6767cea9, 0x2b2b567d,
+ 0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a,
+ 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87,
+ 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b,
+ 0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea,
+ 0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b,
+ 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a,
+ 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f,
+ 0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908,
+ 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f,
+ 0x404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e,
+ 0x18183028, 0x969637a1, 0x5050a0f, 0x9a9a2fb5,
+ 0x7070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d,
+ 0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f,
+ 0x909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e,
+ 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb,
+ 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce,
+ 0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397,
+ 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c,
+ 0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed,
+ 0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b,
+ 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a,
+ 0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16,
+ 0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194,
+ 0x45458acf, 0xf9f9e910, 0x2020406, 0x7f7ffe81,
+ 0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3,
+ 0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a,
+ 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104,
+ 0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263,
+ 0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d,
+ 0xcdcd814c, 0xc0c1814, 0x13132635, 0xececc32f,
+ 0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39,
+ 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47,
+ 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695,
+ 0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f,
+ 0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83,
+ 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c,
+ 0xdedea779, 0x5e5ebce2, 0xb0b161d, 0xdbdbad76,
+ 0xe0e0db3b, 0x32326456, 0x3a3a744e, 0xa0a141e,
+ 0x494992db, 0x6060c0a, 0x2424486c, 0x5c5cb8e4,
+ 0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6,
+ 0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b,
+ 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7,
+ 0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0,
+ 0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25,
+ 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x8081018,
+ 0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72,
+ 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751,
+ 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21,
+ 0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85,
+ 0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa,
+ 0x484890d8, 0x3030605, 0xf6f6f701, 0xe0e1c12,
+ 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0,
+ 0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9,
+ 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233,
+ 0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7,
+ 0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920,
+ 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a,
+ 0x8c8c038f, 0xa1a159f8, 0x89890980, 0xd0d1a17,
+ 0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8,
+ 0x414182c3, 0x999929b0, 0x2d2d5a77, 0xf0f1e11,
+ 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a,
};
-static uint32_t T2[256] = {
- 0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b,
- 0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5,
- 0x30605030, 0x1020301, 0x67cea967, 0x2b567d2b,
- 0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76,
- 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d,
- 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0,
- 0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf,
- 0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0,
- 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26,
- 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc,
- 0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1,
- 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15,
- 0x4080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3,
- 0x18302818, 0x9637a196, 0x50a0f05, 0x9a2fb59a,
- 0x70e0907, 0x12243612, 0x801b9b80, 0xe2df3de2,
- 0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75,
- 0x9121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a,
- 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0,
- 0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3,
- 0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784,
- 0x53a6f553, 0xd1b968d1, 0x0, 0xedc12ced,
- 0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b,
- 0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39,
- 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf,
- 0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb,
- 0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485,
- 0x458acf45, 0xf9e910f9, 0x2040602, 0x7ffe817f,
- 0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8,
- 0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f,
- 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5,
- 0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321,
- 0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2,
- 0xcd814ccd, 0xc18140c, 0x13263513, 0xecc32fec,
- 0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917,
- 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d,
- 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573,
- 0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc,
- 0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388,
- 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14,
- 0xdea779de, 0x5ebce25e, 0xb161d0b, 0xdbad76db,
- 0xe0db3be0, 0x32645632, 0x3a744e3a, 0xa141e0a,
- 0x4992db49, 0x60c0a06, 0x24486c24, 0x5cb8e45c,
- 0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662,
- 0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79,
- 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d,
- 0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9,
- 0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea,
- 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x8101808,
- 0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e,
- 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6,
- 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f,
- 0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a,
- 0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66,
- 0x4890d848, 0x3060503, 0xf6f701f6, 0xe1c120e,
- 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9,
- 0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e,
- 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311,
- 0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794,
- 0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9,
- 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf,
- 0x8c038f8c, 0xa159f8a1, 0x89098089, 0xd1a170d,
- 0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868,
- 0x4182c341, 0x9929b099, 0x2d5a772d, 0xf1e110f,
- 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16,
+static const uint32_t T2[256] = {
+ 0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b,
+ 0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5,
+ 0x30605030, 0x1020301, 0x67cea967, 0x2b567d2b,
+ 0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76,
+ 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d,
+ 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0,
+ 0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf,
+ 0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0,
+ 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26,
+ 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc,
+ 0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1,
+ 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15,
+ 0x4080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3,
+ 0x18302818, 0x9637a196, 0x50a0f05, 0x9a2fb59a,
+ 0x70e0907, 0x12243612, 0x801b9b80, 0xe2df3de2,
+ 0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75,
+ 0x9121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a,
+ 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0,
+ 0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3,
+ 0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784,
+ 0x53a6f553, 0xd1b968d1, 0x0, 0xedc12ced,
+ 0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b,
+ 0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39,
+ 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf,
+ 0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb,
+ 0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485,
+ 0x458acf45, 0xf9e910f9, 0x2040602, 0x7ffe817f,
+ 0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8,
+ 0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f,
+ 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5,
+ 0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321,
+ 0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2,
+ 0xcd814ccd, 0xc18140c, 0x13263513, 0xecc32fec,
+ 0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917,
+ 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d,
+ 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573,
+ 0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc,
+ 0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388,
+ 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14,
+ 0xdea779de, 0x5ebce25e, 0xb161d0b, 0xdbad76db,
+ 0xe0db3be0, 0x32645632, 0x3a744e3a, 0xa141e0a,
+ 0x4992db49, 0x60c0a06, 0x24486c24, 0x5cb8e45c,
+ 0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662,
+ 0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79,
+ 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d,
+ 0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9,
+ 0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea,
+ 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x8101808,
+ 0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e,
+ 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6,
+ 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f,
+ 0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a,
+ 0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66,
+ 0x4890d848, 0x3060503, 0xf6f701f6, 0xe1c120e,
+ 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9,
+ 0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e,
+ 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311,
+ 0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794,
+ 0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9,
+ 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf,
+ 0x8c038f8c, 0xa159f8a1, 0x89098089, 0xd1a170d,
+ 0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868,
+ 0x4182c341, 0x9929b099, 0x2d5a772d, 0xf1e110f,
+ 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16,
};
-static uint32_t T3[256] = {
- 0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b,
- 0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5,
- 0x60503030, 0x2030101, 0xcea96767, 0x567d2b2b,
- 0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676,
- 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d,
- 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0,
- 0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf,
- 0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0,
- 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626,
- 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc,
- 0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1,
- 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515,
- 0x80c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3,
- 0x30281818, 0x37a19696, 0xa0f0505, 0x2fb59a9a,
- 0xe090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2,
- 0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575,
- 0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a,
- 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0,
- 0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3,
- 0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484,
- 0xa6f55353, 0xb968d1d1, 0x0, 0xc12ceded,
- 0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b,
- 0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939,
- 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf,
- 0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb,
- 0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585,
- 0x8acf4545, 0xe910f9f9, 0x4060202, 0xfe817f7f,
- 0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8,
- 0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x58a8f8f,
- 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5,
- 0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121,
- 0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2,
- 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec,
- 0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717,
- 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d,
- 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373,
- 0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc,
- 0x44662222, 0x547e2a2a, 0x3bab9090, 0xb838888,
- 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414,
- 0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb,
- 0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a,
- 0x92db4949, 0xc0a0606, 0x486c2424, 0xb8e45c5c,
- 0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262,
- 0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979,
- 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d,
- 0x18c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9,
- 0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea,
- 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808,
- 0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e,
- 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6,
- 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f,
- 0x96dd4b4b, 0x61dcbdbd, 0xd868b8b, 0xf858a8a,
- 0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666,
- 0x90d84848, 0x6050303, 0xf701f6f6, 0x1c120e0e,
- 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9,
- 0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e,
- 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111,
- 0xd2bb6969, 0xa970d9d9, 0x7898e8e, 0x33a79494,
- 0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9,
- 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf,
- 0x38f8c8c, 0x59f8a1a1, 0x9808989, 0x1a170d0d,
- 0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868,
- 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f,
- 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616,
+static const uint32_t T3[256] = {
+ 0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b,
+ 0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5,
+ 0x60503030, 0x2030101, 0xcea96767, 0x567d2b2b,
+ 0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676,
+ 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d,
+ 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0,
+ 0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf,
+ 0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0,
+ 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626,
+ 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc,
+ 0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1,
+ 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515,
+ 0x80c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3,
+ 0x30281818, 0x37a19696, 0xa0f0505, 0x2fb59a9a,
+ 0xe090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2,
+ 0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575,
+ 0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a,
+ 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0,
+ 0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3,
+ 0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484,
+ 0xa6f55353, 0xb968d1d1, 0x0, 0xc12ceded,
+ 0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b,
+ 0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939,
+ 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf,
+ 0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb,
+ 0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585,
+ 0x8acf4545, 0xe910f9f9, 0x4060202, 0xfe817f7f,
+ 0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8,
+ 0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x58a8f8f,
+ 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5,
+ 0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121,
+ 0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2,
+ 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec,
+ 0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717,
+ 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d,
+ 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373,
+ 0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc,
+ 0x44662222, 0x547e2a2a, 0x3bab9090, 0xb838888,
+ 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414,
+ 0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb,
+ 0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a,
+ 0x92db4949, 0xc0a0606, 0x486c2424, 0xb8e45c5c,
+ 0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262,
+ 0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979,
+ 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d,
+ 0x18c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9,
+ 0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea,
+ 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808,
+ 0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e,
+ 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6,
+ 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f,
+ 0x96dd4b4b, 0x61dcbdbd, 0xd868b8b, 0xf858a8a,
+ 0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666,
+ 0x90d84848, 0x6050303, 0xf701f6f6, 0x1c120e0e,
+ 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9,
+ 0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e,
+ 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111,
+ 0xd2bb6969, 0xa970d9d9, 0x7898e8e, 0x33a79494,
+ 0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9,
+ 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf,
+ 0x38f8c8c, 0x59f8a1a1, 0x9808989, 0x1a170d0d,
+ 0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868,
+ 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f,
+ 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616,
};
-static uint32_t U0[256] = {
- 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
- 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
- 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5,
- 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5,
- 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d,
- 0x2752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b,
- 0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295,
- 0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e,
- 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927,
- 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d,
- 0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362,
- 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9,
- 0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52,
- 0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566,
- 0x728ebb2, 0x3c2b52f, 0x9a7bc586, 0xa50837d3,
- 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed,
- 0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e,
- 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4,
- 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4,
- 0x39ec830b, 0xaaef6040, 0x69f715e, 0x51106ebd,
- 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d,
- 0xb58d5491, 0x55dc471, 0x6fd40604, 0xff155060,
- 0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967,
- 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879,
- 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x0,
- 0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c,
- 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36,
- 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624,
- 0xb1670a0c, 0xfe75793, 0xd296eeb4, 0x9e919b1b,
- 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c,
- 0xaba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12,
- 0xb0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14,
- 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3,
- 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b,
- 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8,
- 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684,
- 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7,
- 0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177,
- 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947,
- 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322,
- 0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498,
- 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f,
- 0xe49d3a2c, 0xd927850, 0x9bcc5f6a, 0x62467e54,
- 0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382,
- 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf,
- 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb,
- 0x97826cd, 0xf418596e, 0x1b79aec, 0xa89a4f83,
- 0x656e95e6, 0x7ee6ffaa, 0x8cfbc21, 0xe6e815ef,
- 0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029,
- 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235,
- 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733,
- 0x4a9804f1, 0xf7daec41, 0xe50cd7f, 0x2ff69117,
- 0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4,
- 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546,
- 0x4ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb,
- 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d,
- 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb,
- 0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a,
- 0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773,
- 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478,
- 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2,
- 0x72c31d16, 0xc25e2bc, 0x8b493c28, 0x41950dff,
- 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664,
- 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0,
+static const uint32_t U0[256] = {
+ 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
+ 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
+ 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5,
+ 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5,
+ 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d,
+ 0x2752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b,
+ 0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295,
+ 0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e,
+ 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927,
+ 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d,
+ 0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362,
+ 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9,
+ 0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52,
+ 0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566,
+ 0x728ebb2, 0x3c2b52f, 0x9a7bc586, 0xa50837d3,
+ 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed,
+ 0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e,
+ 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4,
+ 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4,
+ 0x39ec830b, 0xaaef6040, 0x69f715e, 0x51106ebd,
+ 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d,
+ 0xb58d5491, 0x55dc471, 0x6fd40604, 0xff155060,
+ 0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967,
+ 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879,
+ 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x0,
+ 0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c,
+ 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36,
+ 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624,
+ 0xb1670a0c, 0xfe75793, 0xd296eeb4, 0x9e919b1b,
+ 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c,
+ 0xaba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12,
+ 0xb0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14,
+ 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3,
+ 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b,
+ 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8,
+ 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684,
+ 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7,
+ 0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177,
+ 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947,
+ 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322,
+ 0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498,
+ 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f,
+ 0xe49d3a2c, 0xd927850, 0x9bcc5f6a, 0x62467e54,
+ 0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382,
+ 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf,
+ 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb,
+ 0x97826cd, 0xf418596e, 0x1b79aec, 0xa89a4f83,
+ 0x656e95e6, 0x7ee6ffaa, 0x8cfbc21, 0xe6e815ef,
+ 0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029,
+ 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235,
+ 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733,
+ 0x4a9804f1, 0xf7daec41, 0xe50cd7f, 0x2ff69117,
+ 0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4,
+ 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546,
+ 0x4ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb,
+ 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d,
+ 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb,
+ 0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a,
+ 0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773,
+ 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478,
+ 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2,
+ 0x72c31d16, 0xc25e2bc, 0x8b493c28, 0x41950dff,
+ 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664,
+ 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0,
};
-static uint32_t U1[256] = {
- 0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96,
- 0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x3e34b93,
- 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525,
- 0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f,
- 0x5ab1de49, 0x1bba2567, 0xeea4598, 0xc0fe5de1,
- 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6,
- 0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da,
- 0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44,
- 0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd,
- 0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4,
- 0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245,
- 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994,
- 0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7,
- 0xd373ab23, 0x24b72e2, 0x8f1fe357, 0xab55662a,
- 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x837d3a5,
- 0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c,
- 0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1,
- 0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a,
- 0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475,
- 0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51,
- 0x8a213ef9, 0x6dd963d, 0x53eddae, 0xbde64d46,
- 0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff,
- 0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777,
- 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db,
- 0xa7ca147, 0xf427ce9, 0x1e84f8c9, 0x0,
- 0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e,
- 0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627,
- 0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a,
- 0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e,
- 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16,
- 0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d,
- 0xd090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8,
- 0x19f15785, 0x775af4c, 0xdd99eebb, 0x607fa3fd,
- 0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34,
- 0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863,
- 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420,
- 0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d,
- 0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0,
- 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722,
- 0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef,
- 0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0xbd49836,
- 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4,
- 0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462,
- 0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5,
- 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3,
- 0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b,
- 0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8,
- 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6,
- 0x9be7bad9, 0x366f4ace, 0x99fead4, 0x7cb029d6,
- 0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0,
- 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315,
- 0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f,
- 0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x496e4df,
- 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f,
- 0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e,
- 0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13,
- 0x61d79a8c, 0xca1377a, 0x14f8598e, 0x3c13eb89,
- 0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c,
- 0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf,
- 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886,
- 0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f,
- 0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41,
- 0x1a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490,
- 0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042,
+static const uint32_t U1[256] = {
+ 0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96,
+ 0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x3e34b93,
+ 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525,
+ 0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f,
+ 0x5ab1de49, 0x1bba2567, 0xeea4598, 0xc0fe5de1,
+ 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6,
+ 0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da,
+ 0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44,
+ 0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd,
+ 0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4,
+ 0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245,
+ 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994,
+ 0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7,
+ 0xd373ab23, 0x24b72e2, 0x8f1fe357, 0xab55662a,
+ 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x837d3a5,
+ 0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c,
+ 0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1,
+ 0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a,
+ 0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475,
+ 0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51,
+ 0x8a213ef9, 0x6dd963d, 0x53eddae, 0xbde64d46,
+ 0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff,
+ 0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777,
+ 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db,
+ 0xa7ca147, 0xf427ce9, 0x1e84f8c9, 0x0,
+ 0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e,
+ 0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627,
+ 0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a,
+ 0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e,
+ 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16,
+ 0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d,
+ 0xd090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8,
+ 0x19f15785, 0x775af4c, 0xdd99eebb, 0x607fa3fd,
+ 0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34,
+ 0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863,
+ 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420,
+ 0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d,
+ 0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0,
+ 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722,
+ 0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef,
+ 0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0xbd49836,
+ 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4,
+ 0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462,
+ 0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5,
+ 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3,
+ 0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b,
+ 0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8,
+ 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6,
+ 0x9be7bad9, 0x366f4ace, 0x99fead4, 0x7cb029d6,
+ 0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0,
+ 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315,
+ 0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f,
+ 0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x496e4df,
+ 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f,
+ 0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e,
+ 0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13,
+ 0x61d79a8c, 0xca1377a, 0x14f8598e, 0x3c13eb89,
+ 0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c,
+ 0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf,
+ 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886,
+ 0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f,
+ 0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41,
+ 0x1a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490,
+ 0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042,
};
-static uint32_t U2[256] = {
- 0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e,
- 0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303,
- 0x302055fa, 0x76adf66d, 0xcc889176, 0x2f5254c,
- 0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3,
- 0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0,
- 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9,
- 0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59,
- 0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8,
- 0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71,
- 0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a,
- 0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f,
- 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x8f9942b,
- 0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8,
- 0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab,
- 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508,
- 0x2830f287, 0xbf23b2a5, 0x302ba6a, 0x16ed5c82,
- 0xcf8a2b1c, 0x79a792b4, 0x7f3f0f2, 0x694ea1e2,
- 0xda65cdf4, 0x506d5be, 0x34d11f62, 0xa6c48afe,
- 0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb,
- 0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110,
- 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd,
- 0x5491b58d, 0xc471055d, 0x6046fd4, 0x5060ff15,
- 0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e,
- 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee,
- 0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x0,
- 0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72,
- 0xefdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739,
- 0xf0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e,
- 0xa0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91,
- 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a,
- 0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17,
- 0x90e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9,
- 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60,
- 0x1f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e,
- 0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1,
- 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011,
- 0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1,
- 0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3,
- 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264,
- 0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90,
- 0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b,
- 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf,
- 0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246,
- 0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af,
- 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312,
- 0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb,
- 0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a,
- 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8,
- 0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c,
- 0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066,
- 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8,
- 0x4f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6,
- 0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04,
- 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51,
- 0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0xbfb2e41,
- 0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347,
- 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c,
- 0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1,
- 0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37,
- 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db,
- 0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40,
- 0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0xdff4195,
- 0xa8397101, 0xc08deb3, 0xb4d89ce4, 0x566490c1,
- 0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257,
+static const uint32_t U2[256] = {
+ 0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e,
+ 0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303,
+ 0x302055fa, 0x76adf66d, 0xcc889176, 0x2f5254c,
+ 0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3,
+ 0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0,
+ 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9,
+ 0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59,
+ 0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8,
+ 0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71,
+ 0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a,
+ 0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f,
+ 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x8f9942b,
+ 0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8,
+ 0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab,
+ 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508,
+ 0x2830f287, 0xbf23b2a5, 0x302ba6a, 0x16ed5c82,
+ 0xcf8a2b1c, 0x79a792b4, 0x7f3f0f2, 0x694ea1e2,
+ 0xda65cdf4, 0x506d5be, 0x34d11f62, 0xa6c48afe,
+ 0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb,
+ 0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110,
+ 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd,
+ 0x5491b58d, 0xc471055d, 0x6046fd4, 0x5060ff15,
+ 0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e,
+ 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee,
+ 0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x0,
+ 0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72,
+ 0xefdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739,
+ 0xf0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e,
+ 0xa0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91,
+ 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a,
+ 0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17,
+ 0x90e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9,
+ 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60,
+ 0x1f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e,
+ 0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1,
+ 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011,
+ 0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1,
+ 0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3,
+ 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264,
+ 0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90,
+ 0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b,
+ 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf,
+ 0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246,
+ 0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af,
+ 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312,
+ 0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb,
+ 0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a,
+ 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8,
+ 0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c,
+ 0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066,
+ 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8,
+ 0x4f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6,
+ 0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04,
+ 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51,
+ 0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0xbfb2e41,
+ 0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347,
+ 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c,
+ 0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1,
+ 0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37,
+ 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db,
+ 0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40,
+ 0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0xdff4195,
+ 0xa8397101, 0xc08deb3, 0xb4d89ce4, 0x566490c1,
+ 0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257,
};
-static uint32_t U3[256] = {
- 0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27,
- 0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3,
- 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02,
- 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362,
- 0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe,
- 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3,
- 0x3e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952,
- 0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9,
- 0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9,
- 0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace,
- 0x63184adf, 0xe582311a, 0x97603351, 0x62457f53,
- 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08,
- 0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b,
- 0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55,
- 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837,
- 0x30f28728, 0x23b2a5bf, 0x2ba6a03, 0xed5c8216,
- 0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269,
- 0x65cdf4da, 0x6d5be05, 0xd11f6234, 0xc48afea6,
- 0x349d532e, 0xa2a055f3, 0x532e18a, 0xa475ebf6,
- 0xb39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e,
- 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6,
- 0x91b58d54, 0x71055dc4, 0x46fd406, 0x60ff1550,
- 0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9,
- 0xb0bd42e8, 0x7888b89, 0xe7385b19, 0x79dbeec8,
- 0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x0,
- 0x9838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a,
- 0xfdfbff0e, 0xf563885, 0x3d1ed5ae, 0x3627392d,
- 0xa64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36,
- 0xcb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b,
- 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12,
- 0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b,
- 0xe0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e,
- 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f,
- 0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb,
- 0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4,
- 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6,
- 0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129,
- 0x1d4b2f9e, 0xdcf330b2, 0xdec5286, 0x77d0e3c1,
- 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9,
- 0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033,
- 0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4,
- 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad,
- 0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e,
- 0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3,
- 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225,
- 0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b,
- 0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f,
- 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815,
- 0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0,
- 0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2,
- 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7,
- 0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691,
- 0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496,
- 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165,
- 0x9d04ea5e, 0x15d358c, 0xfa737487, 0xfb2e410b,
- 0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6,
- 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13,
- 0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147,
- 0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7,
- 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44,
- 0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3,
- 0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d,
- 0x397101a8, 0x8deb30c, 0xd89ce4b4, 0x6490c156,
- 0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8,
+static const uint32_t U3[256] = {
+ 0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27,
+ 0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3,
+ 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02,
+ 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362,
+ 0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe,
+ 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3,
+ 0x3e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952,
+ 0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9,
+ 0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9,
+ 0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace,
+ 0x63184adf, 0xe582311a, 0x97603351, 0x62457f53,
+ 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08,
+ 0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b,
+ 0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55,
+ 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837,
+ 0x30f28728, 0x23b2a5bf, 0x2ba6a03, 0xed5c8216,
+ 0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269,
+ 0x65cdf4da, 0x6d5be05, 0xd11f6234, 0xc48afea6,
+ 0x349d532e, 0xa2a055f3, 0x532e18a, 0xa475ebf6,
+ 0xb39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e,
+ 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6,
+ 0x91b58d54, 0x71055dc4, 0x46fd406, 0x60ff1550,
+ 0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9,
+ 0xb0bd42e8, 0x7888b89, 0xe7385b19, 0x79dbeec8,
+ 0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x0,
+ 0x9838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a,
+ 0xfdfbff0e, 0xf563885, 0x3d1ed5ae, 0x3627392d,
+ 0xa64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36,
+ 0xcb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b,
+ 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12,
+ 0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b,
+ 0xe0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e,
+ 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f,
+ 0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb,
+ 0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4,
+ 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6,
+ 0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129,
+ 0x1d4b2f9e, 0xdcf330b2, 0xdec5286, 0x77d0e3c1,
+ 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9,
+ 0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033,
+ 0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4,
+ 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad,
+ 0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e,
+ 0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3,
+ 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225,
+ 0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b,
+ 0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f,
+ 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815,
+ 0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0,
+ 0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2,
+ 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7,
+ 0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691,
+ 0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496,
+ 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165,
+ 0x9d04ea5e, 0x15d358c, 0xfa737487, 0xfb2e410b,
+ 0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6,
+ 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13,
+ 0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147,
+ 0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7,
+ 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44,
+ 0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3,
+ 0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d,
+ 0x397101a8, 0x8deb30c, 0xd89ce4b4, 0x6490c156,
+ 0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8,
};
#else /* assume big endian */
-static uint32_t T0[256] = {
- 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
- 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
- 0x60303050, 0x2010103, 0xce6767a9, 0x562b2b7d,
- 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
- 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
- 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
- 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
- 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
- 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
- 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
- 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
- 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
- 0x804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
- 0x30181828, 0x379696a1, 0xa05050f, 0x2f9a9ab5,
- 0xe070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
- 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
- 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
- 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
- 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
- 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
- 0xa65353f5, 0xb9d1d168, 0x0, 0xc1eded2c,
- 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
- 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
- 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
- 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
- 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
- 0x8a4545cf, 0xe9f9f910, 0x4020206, 0xfe7f7f81,
- 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
- 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x58f8f8a,
- 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
- 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
- 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
- 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
- 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
- 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
- 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
- 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
- 0x44222266, 0x542a2a7e, 0x3b9090ab, 0xb888883,
- 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
- 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
- 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
- 0x924949db, 0xc06060a, 0x4824246c, 0xb85c5ce4,
- 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
- 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
- 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
- 0x18d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
- 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
- 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
- 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
- 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
- 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
- 0x964b4bdd, 0x61bdbddc, 0xd8b8b86, 0xf8a8a85,
- 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
- 0x904848d8, 0x6030305, 0xf7f6f601, 0x1c0e0e12,
- 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
- 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
- 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
- 0xd26969bb, 0xa9d9d970, 0x78e8e89, 0x339494a7,
- 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
- 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
- 0x38c8c8f, 0x59a1a1f8, 0x9898980, 0x1a0d0d17,
- 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
- 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
- 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a,
+static const uint32_t T0[256] = {
+ 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
+ 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
+ 0x60303050, 0x2010103, 0xce6767a9, 0x562b2b7d,
+ 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
+ 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
+ 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
+ 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
+ 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
+ 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
+ 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
+ 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
+ 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
+ 0x804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
+ 0x30181828, 0x379696a1, 0xa05050f, 0x2f9a9ab5,
+ 0xe070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
+ 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
+ 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
+ 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
+ 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
+ 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
+ 0xa65353f5, 0xb9d1d168, 0x0, 0xc1eded2c,
+ 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
+ 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
+ 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
+ 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
+ 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
+ 0x8a4545cf, 0xe9f9f910, 0x4020206, 0xfe7f7f81,
+ 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
+ 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x58f8f8a,
+ 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
+ 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
+ 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
+ 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
+ 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
+ 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
+ 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
+ 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
+ 0x44222266, 0x542a2a7e, 0x3b9090ab, 0xb888883,
+ 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
+ 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
+ 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
+ 0x924949db, 0xc06060a, 0x4824246c, 0xb85c5ce4,
+ 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
+ 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
+ 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
+ 0x18d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
+ 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
+ 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
+ 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
+ 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
+ 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
+ 0x964b4bdd, 0x61bdbddc, 0xd8b8b86, 0xf8a8a85,
+ 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
+ 0x904848d8, 0x6030305, 0xf7f6f601, 0x1c0e0e12,
+ 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
+ 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
+ 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
+ 0xd26969bb, 0xa9d9d970, 0x78e8e89, 0x339494a7,
+ 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
+ 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
+ 0x38c8c8f, 0x59a1a1f8, 0x9898980, 0x1a0d0d17,
+ 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
+ 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
+ 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a,
};
-static uint32_t T1[256] = {
- 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,
- 0xdfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,
- 0x50603030, 0x3020101, 0xa9ce6767, 0x7d562b2b,
- 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676,
- 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d,
- 0x15effafa, 0xebb25959, 0xc98e4747, 0xbfbf0f0,
- 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf,
- 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0,
- 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626,
- 0x5a6c3636, 0x417e3f3f, 0x2f5f7f7, 0x4f83cccc,
- 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x8f9f1f1,
- 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515,
- 0xc080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3,
- 0x28301818, 0xa1379696, 0xf0a0505, 0xb52f9a9a,
- 0x90e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2,
- 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575,
- 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a,
- 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0,
- 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3,
- 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484,
- 0xf5a65353, 0x68b9d1d1, 0x0, 0x2cc1eded,
- 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b,
- 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939,
- 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf,
- 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb,
- 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585,
- 0xcf8a4545, 0x10e9f9f9, 0x6040202, 0x81fe7f7f,
- 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8,
- 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f,
- 0xad3f9292, 0xbc219d9d, 0x48703838, 0x4f1f5f5,
- 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121,
- 0x30201010, 0x1ae5ffff, 0xefdf3f3, 0x6dbfd2d2,
- 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec,
- 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717,
- 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d,
- 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373,
- 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc,
- 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888,
- 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414,
- 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb,
- 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a,
- 0xdb924949, 0xa0c0606, 0x6c482424, 0xe4b85c5c,
- 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262,
- 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979,
- 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d,
- 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9,
- 0xb4d86c6c, 0xfaac5656, 0x7f3f4f4, 0x25cfeaea,
- 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808,
- 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e,
- 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6,
- 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f,
- 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a,
- 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666,
- 0xd8904848, 0x5060303, 0x1f7f6f6, 0x121c0e0e,
- 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9,
- 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e,
- 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111,
- 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494,
- 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9,
- 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf,
- 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d,
- 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868,
- 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f,
- 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616,
+static const uint32_t T1[256] = {
+ 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,
+ 0xdfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,
+ 0x50603030, 0x3020101, 0xa9ce6767, 0x7d562b2b,
+ 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676,
+ 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d,
+ 0x15effafa, 0xebb25959, 0xc98e4747, 0xbfbf0f0,
+ 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf,
+ 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0,
+ 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626,
+ 0x5a6c3636, 0x417e3f3f, 0x2f5f7f7, 0x4f83cccc,
+ 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x8f9f1f1,
+ 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515,
+ 0xc080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3,
+ 0x28301818, 0xa1379696, 0xf0a0505, 0xb52f9a9a,
+ 0x90e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2,
+ 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575,
+ 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a,
+ 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0,
+ 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3,
+ 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484,
+ 0xf5a65353, 0x68b9d1d1, 0x0, 0x2cc1eded,
+ 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b,
+ 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939,
+ 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf,
+ 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb,
+ 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585,
+ 0xcf8a4545, 0x10e9f9f9, 0x6040202, 0x81fe7f7f,
+ 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8,
+ 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f,
+ 0xad3f9292, 0xbc219d9d, 0x48703838, 0x4f1f5f5,
+ 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121,
+ 0x30201010, 0x1ae5ffff, 0xefdf3f3, 0x6dbfd2d2,
+ 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec,
+ 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717,
+ 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d,
+ 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373,
+ 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc,
+ 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888,
+ 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414,
+ 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb,
+ 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a,
+ 0xdb924949, 0xa0c0606, 0x6c482424, 0xe4b85c5c,
+ 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262,
+ 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979,
+ 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d,
+ 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9,
+ 0xb4d86c6c, 0xfaac5656, 0x7f3f4f4, 0x25cfeaea,
+ 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808,
+ 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e,
+ 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6,
+ 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f,
+ 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a,
+ 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666,
+ 0xd8904848, 0x5060303, 0x1f7f6f6, 0x121c0e0e,
+ 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9,
+ 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e,
+ 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111,
+ 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494,
+ 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9,
+ 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf,
+ 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d,
+ 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868,
+ 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f,
+ 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616,
};
-static uint32_t T2[256] = {
- 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b,
- 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5,
- 0x30506030, 0x1030201, 0x67a9ce67, 0x2b7d562b,
- 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76,
- 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d,
- 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0,
- 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af,
- 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0,
- 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26,
- 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc,
- 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1,
- 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15,
- 0x40c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3,
- 0x18283018, 0x96a13796, 0x50f0a05, 0x9ab52f9a,
- 0x7090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2,
- 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75,
- 0x91b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a,
- 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0,
- 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3,
- 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384,
- 0x53f5a653, 0xd168b9d1, 0x0, 0xed2cc1ed,
- 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b,
- 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239,
- 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf,
- 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb,
- 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185,
- 0x45cf8a45, 0xf910e9f9, 0x2060402, 0x7f81fe7f,
- 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8,
- 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f,
- 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5,
- 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221,
- 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2,
- 0xcd4c81cd, 0xc14180c, 0x13352613, 0xec2fc3ec,
- 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17,
- 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d,
- 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673,
- 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc,
- 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88,
- 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814,
- 0xde79a7de, 0x5ee2bc5e, 0xb1d160b, 0xdb76addb,
- 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0xa1e140a,
- 0x49db9249, 0x60a0c06, 0x246c4824, 0x5ce4b85c,
- 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462,
- 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279,
- 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d,
- 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9,
- 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea,
- 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x8181008,
- 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e,
- 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6,
- 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f,
- 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a,
- 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66,
- 0x48d89048, 0x3050603, 0xf601f7f6, 0xe121c0e,
- 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9,
- 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e,
- 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211,
- 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394,
- 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9,
- 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df,
- 0x8c8f038c, 0xa1f859a1, 0x89800989, 0xd171a0d,
- 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068,
- 0x41c38241, 0x99b02999, 0x2d775a2d, 0xf111e0f,
- 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16,
+static const uint32_t T2[256] = {
+ 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b,
+ 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5,
+ 0x30506030, 0x1030201, 0x67a9ce67, 0x2b7d562b,
+ 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76,
+ 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d,
+ 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0,
+ 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af,
+ 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0,
+ 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26,
+ 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc,
+ 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1,
+ 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15,
+ 0x40c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3,
+ 0x18283018, 0x96a13796, 0x50f0a05, 0x9ab52f9a,
+ 0x7090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2,
+ 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75,
+ 0x91b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a,
+ 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0,
+ 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3,
+ 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384,
+ 0x53f5a653, 0xd168b9d1, 0x0, 0xed2cc1ed,
+ 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b,
+ 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239,
+ 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf,
+ 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb,
+ 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185,
+ 0x45cf8a45, 0xf910e9f9, 0x2060402, 0x7f81fe7f,
+ 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8,
+ 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f,
+ 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5,
+ 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221,
+ 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2,
+ 0xcd4c81cd, 0xc14180c, 0x13352613, 0xec2fc3ec,
+ 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17,
+ 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d,
+ 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673,
+ 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc,
+ 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88,
+ 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814,
+ 0xde79a7de, 0x5ee2bc5e, 0xb1d160b, 0xdb76addb,
+ 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0xa1e140a,
+ 0x49db9249, 0x60a0c06, 0x246c4824, 0x5ce4b85c,
+ 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462,
+ 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279,
+ 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d,
+ 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9,
+ 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea,
+ 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x8181008,
+ 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e,
+ 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6,
+ 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f,
+ 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a,
+ 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66,
+ 0x48d89048, 0x3050603, 0xf601f7f6, 0xe121c0e,
+ 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9,
+ 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e,
+ 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211,
+ 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394,
+ 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9,
+ 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df,
+ 0x8c8f038c, 0xa1f859a1, 0x89800989, 0xd171a0d,
+ 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068,
+ 0x41c38241, 0x99b02999, 0x2d775a2d, 0xf111e0f,
+ 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16,
};
-static uint32_t T3[256] = {
- 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6,
- 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491,
- 0x30305060, 0x1010302, 0x6767a9ce, 0x2b2b7d56,
- 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec,
- 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa,
- 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb,
- 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45,
- 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b,
- 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c,
- 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83,
- 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9,
- 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a,
- 0x4040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d,
- 0x18182830, 0x9696a137, 0x5050f0a, 0x9a9ab52f,
- 0x707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf,
- 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea,
- 0x9091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34,
- 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b,
- 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d,
- 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713,
- 0x5353f5a6, 0xd1d168b9, 0x0, 0xeded2cc1,
- 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6,
- 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72,
- 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85,
- 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed,
- 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411,
- 0x4545cf8a, 0xf9f910e9, 0x2020604, 0x7f7f81fe,
- 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b,
- 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05,
- 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1,
- 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342,
- 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf,
- 0xcdcd4c81, 0xc0c1418, 0x13133526, 0xecec2fc3,
- 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e,
- 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a,
- 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6,
- 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3,
- 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b,
- 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28,
- 0xdede79a7, 0x5e5ee2bc, 0xb0b1d16, 0xdbdb76ad,
- 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0xa0a1e14,
- 0x4949db92, 0x6060a0c, 0x24246c48, 0x5c5ce4b8,
- 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4,
- 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2,
- 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da,
- 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049,
- 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf,
- 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x8081810,
- 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c,
- 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197,
- 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e,
- 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f,
- 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc,
- 0x4848d890, 0x3030506, 0xf6f601f7, 0xe0e121c,
- 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069,
- 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927,
- 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322,
- 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733,
- 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9,
- 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5,
- 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0xd0d171a,
- 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0,
- 0x4141c382, 0x9999b029, 0x2d2d775a, 0xf0f111e,
- 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c,
+static const uint32_t T3[256] = {
+ 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6,
+ 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491,
+ 0x30305060, 0x1010302, 0x6767a9ce, 0x2b2b7d56,
+ 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec,
+ 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa,
+ 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb,
+ 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45,
+ 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b,
+ 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c,
+ 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83,
+ 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9,
+ 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a,
+ 0x4040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d,
+ 0x18182830, 0x9696a137, 0x5050f0a, 0x9a9ab52f,
+ 0x707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf,
+ 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea,
+ 0x9091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34,
+ 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b,
+ 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d,
+ 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713,
+ 0x5353f5a6, 0xd1d168b9, 0x0, 0xeded2cc1,
+ 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6,
+ 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72,
+ 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85,
+ 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed,
+ 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411,
+ 0x4545cf8a, 0xf9f910e9, 0x2020604, 0x7f7f81fe,
+ 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b,
+ 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05,
+ 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1,
+ 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342,
+ 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf,
+ 0xcdcd4c81, 0xc0c1418, 0x13133526, 0xecec2fc3,
+ 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e,
+ 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a,
+ 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6,
+ 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3,
+ 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b,
+ 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28,
+ 0xdede79a7, 0x5e5ee2bc, 0xb0b1d16, 0xdbdb76ad,
+ 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0xa0a1e14,
+ 0x4949db92, 0x6060a0c, 0x24246c48, 0x5c5ce4b8,
+ 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4,
+ 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2,
+ 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da,
+ 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049,
+ 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf,
+ 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x8081810,
+ 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c,
+ 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197,
+ 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e,
+ 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f,
+ 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc,
+ 0x4848d890, 0x3030506, 0xf6f601f7, 0xe0e121c,
+ 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069,
+ 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927,
+ 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322,
+ 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733,
+ 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9,
+ 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5,
+ 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0xd0d171a,
+ 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0,
+ 0x4141c382, 0x9999b029, 0x2d2d775a, 0xf0f111e,
+ 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c,
};
-static uint32_t U0[256] = {
- 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
- 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
- 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
- 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
- 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
- 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
- 0x38f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
- 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
- 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
- 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
- 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
- 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
- 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
- 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
- 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
- 0x302887f2, 0x23bfa5b2, 0x2036aba, 0xed16825c,
- 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
- 0x65daf4cd, 0x605bed5, 0xd134621f, 0xc4a6fe8a,
- 0x342e539d, 0xa2f355a0, 0x58ae132, 0xa4f6eb75,
- 0xb83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
- 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
- 0x91548db5, 0x71c45d05, 0x406d46f, 0x605015ff,
- 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
- 0xb0e842bd, 0x7898b88, 0xe7195b38, 0x79c8eedb,
- 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x0,
- 0x9808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
- 0xfd0efffb, 0xf853856, 0x3daed51e, 0x362d3927,
- 0xa0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
- 0xc0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
- 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
- 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
- 0xe090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
- 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
- 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
- 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
- 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
- 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
- 0x1d9e2f4b, 0xdcb230f3, 0xd8652ec, 0x77c1e3d0,
- 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
- 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
- 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
- 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
- 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
- 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
- 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
- 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
- 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
- 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
- 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
- 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
- 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
- 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
- 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
- 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
- 0x9d5eea04, 0x18c355d, 0xfa877473, 0xfb0b412e,
- 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
- 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
- 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
- 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
- 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
- 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
- 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
- 0x39a80171, 0x80cb3de, 0xd8b4e49c, 0x6456c190,
- 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
+static const uint32_t U0[256] = {
+ 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
+ 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
+ 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
+ 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
+ 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
+ 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
+ 0x38f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
+ 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
+ 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
+ 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
+ 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
+ 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
+ 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
+ 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
+ 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
+ 0x302887f2, 0x23bfa5b2, 0x2036aba, 0xed16825c,
+ 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
+ 0x65daf4cd, 0x605bed5, 0xd134621f, 0xc4a6fe8a,
+ 0x342e539d, 0xa2f355a0, 0x58ae132, 0xa4f6eb75,
+ 0xb83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
+ 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
+ 0x91548db5, 0x71c45d05, 0x406d46f, 0x605015ff,
+ 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
+ 0xb0e842bd, 0x7898b88, 0xe7195b38, 0x79c8eedb,
+ 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x0,
+ 0x9808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
+ 0xfd0efffb, 0xf853856, 0x3daed51e, 0x362d3927,
+ 0xa0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
+ 0xc0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
+ 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
+ 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
+ 0xe090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
+ 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
+ 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
+ 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
+ 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
+ 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
+ 0x1d9e2f4b, 0xdcb230f3, 0xd8652ec, 0x77c1e3d0,
+ 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
+ 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
+ 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
+ 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
+ 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
+ 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
+ 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
+ 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
+ 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
+ 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
+ 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
+ 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
+ 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
+ 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
+ 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
+ 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
+ 0x9d5eea04, 0x18c355d, 0xfa877473, 0xfb0b412e,
+ 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
+ 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
+ 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
+ 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
+ 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
+ 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
+ 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
+ 0x39a80171, 0x80cb3de, 0xd8b4e49c, 0x6456c190,
+ 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
};
-static uint32_t U1[256] = {
- 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e,
- 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303,
- 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
- 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3,
- 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0,
- 0x2c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9,
- 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259,
- 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8,
- 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971,
- 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a,
- 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f,
- 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b,
- 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8,
- 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab,
- 0x7b2eb28, 0x32fb5c2, 0x9a86c57b, 0xa5d33708,
- 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682,
- 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2,
- 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe,
- 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb,
- 0x390b83ec, 0xaa4060ef, 0x65e719f, 0x51bd6e10,
- 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd,
- 0xb591548d, 0x571c45d, 0x6f0406d4, 0xff605015,
- 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e,
- 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee,
- 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x0,
- 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72,
- 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39,
- 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e,
- 0xb10c0a67, 0xf9357e7, 0xd2b4ee96, 0x9e1b9b91,
- 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a,
- 0xae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17,
- 0xb0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9,
- 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60,
- 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e,
- 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1,
- 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611,
- 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1,
- 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3,
- 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964,
- 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390,
- 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b,
- 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf,
- 0xe42c3a9d, 0xd507892, 0x9b6a5fcc, 0x62547e46,
- 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af,
- 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512,
- 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb,
- 0x9cd2678, 0xf46e5918, 0x1ec9ab7, 0xa8834f9a,
- 0x65e6956e, 0x7eaaffe6, 0x821bccf, 0xe6ef15e8,
- 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c,
- 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266,
- 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8,
- 0x4af10498, 0xf741ecda, 0xe7fcd50, 0x2f1791f6,
- 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604,
- 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551,
- 0x49d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41,
- 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647,
- 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c,
- 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1,
- 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737,
- 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db,
- 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340,
- 0x72161dc3, 0xcbce225, 0x8b283c49, 0x41ff0d95,
- 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1,
- 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857
+static const uint32_t U1[256] = {
+ 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e,
+ 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303,
+ 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
+ 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3,
+ 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0,
+ 0x2c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9,
+ 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259,
+ 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8,
+ 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971,
+ 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a,
+ 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f,
+ 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b,
+ 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8,
+ 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab,
+ 0x7b2eb28, 0x32fb5c2, 0x9a86c57b, 0xa5d33708,
+ 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682,
+ 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2,
+ 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe,
+ 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb,
+ 0x390b83ec, 0xaa4060ef, 0x65e719f, 0x51bd6e10,
+ 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd,
+ 0xb591548d, 0x571c45d, 0x6f0406d4, 0xff605015,
+ 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e,
+ 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee,
+ 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x0,
+ 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72,
+ 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39,
+ 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e,
+ 0xb10c0a67, 0xf9357e7, 0xd2b4ee96, 0x9e1b9b91,
+ 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a,
+ 0xae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17,
+ 0xb0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9,
+ 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60,
+ 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e,
+ 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1,
+ 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611,
+ 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1,
+ 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3,
+ 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964,
+ 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390,
+ 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b,
+ 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf,
+ 0xe42c3a9d, 0xd507892, 0x9b6a5fcc, 0x62547e46,
+ 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af,
+ 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512,
+ 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb,
+ 0x9cd2678, 0xf46e5918, 0x1ec9ab7, 0xa8834f9a,
+ 0x65e6956e, 0x7eaaffe6, 0x821bccf, 0xe6ef15e8,
+ 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c,
+ 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266,
+ 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8,
+ 0x4af10498, 0xf741ecda, 0xe7fcd50, 0x2f1791f6,
+ 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604,
+ 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551,
+ 0x49d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41,
+ 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647,
+ 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c,
+ 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1,
+ 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737,
+ 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db,
+ 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340,
+ 0x72161dc3, 0xcbce225, 0x8b283c49, 0x41ff0d95,
+ 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1,
+ 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857
};
-static uint32_t U2[256] = {
- 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27,
- 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x3934be3,
- 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502,
- 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562,
- 0x5a49deb1, 0x1b6725ba, 0xe9845ea, 0xc0e15dfe,
- 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3,
- 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552,
- 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9,
- 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9,
- 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce,
- 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253,
- 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908,
- 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b,
- 0xd323ab73, 0x2e2724b, 0x8f57e31f, 0xab2a6655,
- 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x8a5d337,
- 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16,
- 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69,
- 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6,
- 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6,
- 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e,
- 0x8af93e21, 0x63d96dd, 0x5aedd3e, 0xbd464de6,
- 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050,
- 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9,
- 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8,
- 0xa47a17c, 0xfe97c42, 0x1ec9f884, 0x0,
- 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a,
- 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d,
- 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436,
- 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b,
- 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12,
- 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b,
- 0xd0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e,
- 0x198557f1, 0x74caf75, 0xddbbee99, 0x60fda37f,
- 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb,
- 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4,
- 0xdccad731, 0x85104263, 0x22401397, 0x112084c6,
- 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729,
- 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1,
- 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9,
- 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233,
- 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0xb3698d4,
- 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad,
- 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e,
- 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3,
- 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25,
- 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b,
- 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f,
- 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15,
- 0x9bd9bae7, 0x36ce4a6f, 0x9d4ea9f, 0x7cd629b0,
- 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2,
- 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7,
- 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791,
- 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x4dfe496,
- 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665,
- 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b,
- 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6,
- 0x618c9ad7, 0xc7a37a1, 0x148e59f8, 0x3c89eb13,
- 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47,
- 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7,
- 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844,
- 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3,
- 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d,
- 0x17139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456,
- 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8
+static const uint32_t U2[256] = {
+ 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27,
+ 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x3934be3,
+ 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502,
+ 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562,
+ 0x5a49deb1, 0x1b6725ba, 0xe9845ea, 0xc0e15dfe,
+ 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3,
+ 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552,
+ 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9,
+ 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9,
+ 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce,
+ 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253,
+ 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908,
+ 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b,
+ 0xd323ab73, 0x2e2724b, 0x8f57e31f, 0xab2a6655,
+ 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x8a5d337,
+ 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16,
+ 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69,
+ 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6,
+ 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6,
+ 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e,
+ 0x8af93e21, 0x63d96dd, 0x5aedd3e, 0xbd464de6,
+ 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050,
+ 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9,
+ 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8,
+ 0xa47a17c, 0xfe97c42, 0x1ec9f884, 0x0,
+ 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a,
+ 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d,
+ 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436,
+ 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b,
+ 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12,
+ 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b,
+ 0xd0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e,
+ 0x198557f1, 0x74caf75, 0xddbbee99, 0x60fda37f,
+ 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb,
+ 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4,
+ 0xdccad731, 0x85104263, 0x22401397, 0x112084c6,
+ 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729,
+ 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1,
+ 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9,
+ 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233,
+ 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0xb3698d4,
+ 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad,
+ 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e,
+ 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3,
+ 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25,
+ 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b,
+ 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f,
+ 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15,
+ 0x9bd9bae7, 0x36ce4a6f, 0x9d4ea9f, 0x7cd629b0,
+ 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2,
+ 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7,
+ 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791,
+ 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x4dfe496,
+ 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665,
+ 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b,
+ 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6,
+ 0x618c9ad7, 0xc7a37a1, 0x148e59f8, 0x3c89eb13,
+ 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47,
+ 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7,
+ 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844,
+ 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3,
+ 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d,
+ 0x17139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456,
+ 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8
};
-static uint32_t U3[256] = {
- 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a,
- 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b,
- 0x30fa5520, 0x766df6ad, 0xcc769188, 0x24c25f5,
- 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5,
- 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d,
- 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b,
- 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95,
- 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e,
- 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27,
- 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d,
- 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562,
- 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x82b94f9,
- 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752,
- 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66,
- 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3,
- 0x2887f230, 0xbfa5b223, 0x36aba02, 0x16825ced,
- 0xcf1c2b8a, 0x79b492a7, 0x7f2f0f3, 0x69e2a14e,
- 0xdaf4cd65, 0x5bed506, 0x34621fd1, 0xa6fe8ac4,
- 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4,
- 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd,
- 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d,
- 0x548db591, 0xc45d0571, 0x6d46f04, 0x5015ff60,
- 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767,
- 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79,
- 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x0,
- 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c,
- 0xefffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736,
- 0xfd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24,
- 0xa67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b,
- 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c,
- 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12,
- 0x90d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814,
- 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3,
- 0x1269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b,
- 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8,
- 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084,
- 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7,
- 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077,
- 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247,
- 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22,
- 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698,
- 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f,
- 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254,
- 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582,
- 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf,
- 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb,
- 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883,
- 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef,
- 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629,
- 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035,
- 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533,
- 0x4984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17,
- 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4,
- 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46,
- 0x5eea049d, 0x8c355d01, 0x877473fa, 0xb412efb,
- 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d,
- 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb,
- 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a,
- 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73,
- 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678,
- 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2,
- 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0xd9541ff,
- 0xa8017139, 0xcb3de08, 0xb4e49cd8, 0x56c19064,
- 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0
+static const uint32_t U3[256] = {
+ 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a,
+ 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b,
+ 0x30fa5520, 0x766df6ad, 0xcc769188, 0x24c25f5,
+ 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5,
+ 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d,
+ 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b,
+ 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95,
+ 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e,
+ 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27,
+ 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d,
+ 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562,
+ 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x82b94f9,
+ 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752,
+ 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66,
+ 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3,
+ 0x2887f230, 0xbfa5b223, 0x36aba02, 0x16825ced,
+ 0xcf1c2b8a, 0x79b492a7, 0x7f2f0f3, 0x69e2a14e,
+ 0xdaf4cd65, 0x5bed506, 0x34621fd1, 0xa6fe8ac4,
+ 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4,
+ 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd,
+ 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d,
+ 0x548db591, 0xc45d0571, 0x6d46f04, 0x5015ff60,
+ 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767,
+ 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79,
+ 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x0,
+ 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c,
+ 0xefffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736,
+ 0xfd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24,
+ 0xa67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b,
+ 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c,
+ 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12,
+ 0x90d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814,
+ 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3,
+ 0x1269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b,
+ 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8,
+ 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084,
+ 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7,
+ 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077,
+ 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247,
+ 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22,
+ 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698,
+ 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f,
+ 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254,
+ 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582,
+ 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf,
+ 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb,
+ 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883,
+ 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef,
+ 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629,
+ 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035,
+ 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533,
+ 0x4984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17,
+ 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4,
+ 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46,
+ 0x5eea049d, 0x8c355d01, 0x877473fa, 0xb412efb,
+ 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d,
+ 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb,
+ 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a,
+ 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73,
+ 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678,
+ 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2,
+ 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0xd9541ff,
+ 0xa8017139, 0xcb3de08, 0xb4e49cd8, 0x56c19064,
+ 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0
};
#endif
-/*
+/*
* the following tables (aes_sbox, aes_inv_sbox, T4, U4) are
- * endian-neutral
+ * endian-neutral
*/
-static uint8_t
-aes_sbox[256] = {
- 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
- 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
- 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
- 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
- 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
- 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
- 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
- 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
- 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
- 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
- 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
- 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
- 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
- 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
- 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
- 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
- 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
- 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
- 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
- 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
- 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
- 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
- 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
- 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
- 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
- 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
- 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
- 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
- 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
- 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+static const uint8_t
+ aes_sbox[256] = {
+ 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
+ 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
+ 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
+ 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+ 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
+ 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+ 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
+ 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+ 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
+ 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
+ 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
+ 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+ 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
+ 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
+ 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
+ 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+ 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
+ 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+ 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
+ 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+ 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
+ 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
+ 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
+ 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+ 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
+ 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
+ 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
+ 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+ 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
+ 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+ 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
+ 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
};
#ifndef CPU_RISC
-static uint8_t
-aes_inv_sbox[256] = {
- 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
- 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
- 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
- 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
- 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
- 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
- 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
- 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
- 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
- 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
- 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
- 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
- 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
- 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
- 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
- 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
- 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
- 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
- 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
- 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
- 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
- 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
- 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
- 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
- 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
- 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
- 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
- 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
- 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
- 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
- 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
- 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+static const uint8_t
+ aes_inv_sbox[256] = {
+ 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
+ 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
+ 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
+ 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
+ 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
+ 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
+ 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
+ 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
+ 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
+ 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
+ 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
+ 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
+ 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
+ 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
+ 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
+ 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
+ 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
+ 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
+ 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
+ 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
+ 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
+ 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
+ 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
+ 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
+ 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
+ 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
+ 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
+ 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
+ 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
+ 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
+ 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
+ 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
};
#endif /* ! CPU_RISC */
#ifdef CPU_RISC
-static uint32_t
-T4[256] = {
- 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b,
- 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5,
- 0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b,
- 0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676,
- 0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d,
- 0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0,
- 0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf,
- 0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0,
- 0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626,
- 0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc,
- 0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1,
- 0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515,
- 0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3,
- 0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a,
- 0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2,
- 0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575,
- 0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a,
- 0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0,
- 0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3,
- 0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484,
- 0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed,
- 0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b,
- 0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939,
- 0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf,
- 0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb,
- 0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585,
- 0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f,
- 0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8,
- 0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f,
- 0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5,
- 0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121,
- 0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2,
- 0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec,
- 0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717,
- 0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d,
- 0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373,
- 0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc,
- 0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888,
- 0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414,
- 0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb,
- 0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a,
- 0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c,
- 0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262,
- 0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979,
- 0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d,
- 0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9,
- 0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea,
- 0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808,
- 0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e,
- 0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6,
- 0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f,
- 0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a,
- 0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666,
- 0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e,
- 0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9,
- 0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e,
- 0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111,
- 0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494,
- 0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9,
- 0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf,
- 0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d,
- 0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868,
- 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f,
- 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616
+static const uint32_t
+ T4[256] = {
+ 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b,
+ 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5,
+ 0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b,
+ 0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676,
+ 0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d,
+ 0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0,
+ 0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf,
+ 0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0,
+ 0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626,
+ 0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc,
+ 0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1,
+ 0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515,
+ 0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3,
+ 0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a,
+ 0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2,
+ 0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575,
+ 0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a,
+ 0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0,
+ 0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3,
+ 0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484,
+ 0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed,
+ 0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b,
+ 0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939,
+ 0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf,
+ 0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb,
+ 0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585,
+ 0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f,
+ 0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8,
+ 0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f,
+ 0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5,
+ 0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121,
+ 0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2,
+ 0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec,
+ 0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717,
+ 0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d,
+ 0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373,
+ 0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc,
+ 0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888,
+ 0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414,
+ 0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb,
+ 0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a,
+ 0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c,
+ 0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262,
+ 0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979,
+ 0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d,
+ 0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9,
+ 0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea,
+ 0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808,
+ 0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e,
+ 0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6,
+ 0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f,
+ 0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a,
+ 0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666,
+ 0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e,
+ 0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9,
+ 0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e,
+ 0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111,
+ 0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494,
+ 0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9,
+ 0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf,
+ 0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d,
+ 0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868,
+ 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f,
+ 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616
};
-static uint32_t U4[256] = {
- 0x52525252, 0x9090909, 0x6a6a6a6a, 0xd5d5d5d5,
- 0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838,
- 0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e,
- 0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb,
- 0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282,
- 0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787,
- 0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444,
- 0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb,
- 0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232,
- 0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d,
- 0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0xb0b0b0b,
- 0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e,
- 0x8080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666,
- 0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2,
- 0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949,
- 0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525,
- 0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464,
- 0x86868686, 0x68686868, 0x98989898, 0x16161616,
- 0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc,
- 0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292,
- 0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050,
- 0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada,
- 0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757,
- 0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484,
- 0x90909090, 0xd8d8d8d8, 0xabababab, 0x0,
- 0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0xa0a0a0a,
- 0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x5050505,
- 0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x6060606,
- 0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f,
- 0xcacacaca, 0x3f3f3f3f, 0xf0f0f0f, 0x2020202,
- 0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x3030303,
- 0x1010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b,
- 0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141,
- 0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea,
- 0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece,
- 0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373,
- 0x96969696, 0xacacacac, 0x74747474, 0x22222222,
- 0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585,
- 0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8,
- 0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e,
- 0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171,
- 0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989,
- 0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0xe0e0e0e,
- 0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b,
- 0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b,
- 0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020,
- 0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe,
- 0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4,
- 0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333,
- 0x88888888, 0x7070707, 0xc7c7c7c7, 0x31313131,
- 0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959,
- 0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f,
- 0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9,
- 0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0xd0d0d0d,
- 0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f,
- 0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef,
- 0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d,
- 0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0,
- 0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c,
- 0x83838383, 0x53535353, 0x99999999, 0x61616161,
- 0x17171717, 0x2b2b2b2b, 0x4040404, 0x7e7e7e7e,
- 0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626,
- 0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363,
- 0x55555555, 0x21212121, 0xc0c0c0c, 0x7d7d7d7d
+static const uint32_t U4[256] = {
+ 0x52525252, 0x9090909, 0x6a6a6a6a, 0xd5d5d5d5,
+ 0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838,
+ 0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e,
+ 0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb,
+ 0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282,
+ 0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787,
+ 0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444,
+ 0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb,
+ 0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232,
+ 0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d,
+ 0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0xb0b0b0b,
+ 0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e,
+ 0x8080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666,
+ 0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2,
+ 0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949,
+ 0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525,
+ 0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464,
+ 0x86868686, 0x68686868, 0x98989898, 0x16161616,
+ 0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc,
+ 0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292,
+ 0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050,
+ 0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada,
+ 0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757,
+ 0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484,
+ 0x90909090, 0xd8d8d8d8, 0xabababab, 0x0,
+ 0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0xa0a0a0a,
+ 0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x5050505,
+ 0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x6060606,
+ 0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f,
+ 0xcacacaca, 0x3f3f3f3f, 0xf0f0f0f, 0x2020202,
+ 0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x3030303,
+ 0x1010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b,
+ 0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141,
+ 0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea,
+ 0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece,
+ 0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373,
+ 0x96969696, 0xacacacac, 0x74747474, 0x22222222,
+ 0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585,
+ 0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8,
+ 0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e,
+ 0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171,
+ 0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989,
+ 0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0xe0e0e0e,
+ 0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b,
+ 0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b,
+ 0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020,
+ 0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe,
+ 0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4,
+ 0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333,
+ 0x88888888, 0x7070707, 0xc7c7c7c7, 0x31313131,
+ 0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959,
+ 0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f,
+ 0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9,
+ 0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0xd0d0d0d,
+ 0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f,
+ 0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef,
+ 0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d,
+ 0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0,
+ 0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c,
+ 0x83838383, 0x53535353, 0x99999999, 0x61616161,
+ 0x17171717, 0x2b2b2b2b, 0x4040404, 0x7e7e7e7e,
+ 0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626,
+ 0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363,
+ 0x55555555, 0x21212121, 0xc0c0c0c, 0x7d7d7d7d
};
#endif /* CPU_RISC */
+#define gf2_8_field_polynomial 0x1B
+/*
+ * gf2_8_shift(z) returns the result of the GF(2^8) 'multiply by x'
+ * operation, using the field representation from AES; that is, the
+ * next gf2_8 value in the cyclic representation of that field. The
+ * value z should be an uint8_t.
+ */
+#define gf2_8_shift(z) (((z) & 128) ? \
+ (((z) << 1) ^ gf2_8_field_polynomial) : ((z) << 1))
/* aes internals */
-extern debug_module_t mod_aes_icm;
+extern srtp_debug_module_t srtp_mod_aes_icm;
static void
-aes_128_expand_encryption_key(const uint8_t *key,
- aes_expanded_key_t *expanded_key) {
- int i;
- gf2_8 rc;
+aes_128_expand_encryption_key (const uint8_t *key,
+ srtp_aes_expanded_key_t *expanded_key)
+{
+ int i;
+ uint8_t rc;
- /* initialize round constant */
- rc = 1;
+ /* initialize round constant */
+ rc = 1;
- expanded_key->num_rounds = 10;
+ expanded_key->num_rounds = 10;
- v128_copy_octet_string(&expanded_key->round[0], key);
+ v128_copy_octet_string(&expanded_key->round[0], key);
#if 0
- debug_print(mod_aes_icm,
- "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0]));
+ debug_print(srtp_mod_aes_icm,
+ "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0]));
#endif
- /* loop over round keys */
- for (i=1; i < 11; i++) {
+ /* loop over round keys */
+ for (i = 1; i < 11; i++) {
- /* munge first word of round key */
- expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[13]] ^ rc;
- expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[14]];
- expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[15]];
- expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[12]];
+ /* munge first word of round key */
+ expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i - 1].v8[13]] ^ rc;
+ expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i - 1].v8[14]];
+ expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i - 1].v8[15]];
+ expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i - 1].v8[12]];
- expanded_key->round[i].v32[0] ^= expanded_key->round[i-1].v32[0];
+ expanded_key->round[i].v32[0] ^= expanded_key->round[i - 1].v32[0];
- /* set remaining 32 bit words to the exor of the one previous with
- * the one four words previous */
+ /* set remaining 32 bit words to the exor of the one previous with
+ * the one four words previous */
- expanded_key->round[i].v32[1] =
- expanded_key->round[i].v32[0] ^ expanded_key->round[i-1].v32[1];
+ expanded_key->round[i].v32[1] =
+ expanded_key->round[i].v32[0] ^ expanded_key->round[i - 1].v32[1];
- expanded_key->round[i].v32[2] =
- expanded_key->round[i].v32[1] ^ expanded_key->round[i-1].v32[2];
+ expanded_key->round[i].v32[2] =
+ expanded_key->round[i].v32[1] ^ expanded_key->round[i - 1].v32[2];
- expanded_key->round[i].v32[3] =
- expanded_key->round[i].v32[2] ^ expanded_key->round[i-1].v32[3];
+ expanded_key->round[i].v32[3] =
+ expanded_key->round[i].v32[2] ^ expanded_key->round[i - 1].v32[3];
#if 0
- debug_print2(mod_aes_icm,
- "expanded key[%d]: %s", i,v128_hex_string(&expanded_key->round[i]));
+ debug_print2(srtp_mod_aes_icm,
+ "expanded key[%d]: %s", i, v128_hex_string(&expanded_key->round[i]));
#endif
- /* modify round constant */
- rc = gf2_8_shift(rc);
+ /* modify round constant */
+ rc = gf2_8_shift(rc);
- }
+ }
}
static void
-aes_256_expand_encryption_key(const unsigned char *key,
- aes_expanded_key_t *expanded_key) {
- int i;
- gf2_8 rc;
+aes_256_expand_encryption_key (const unsigned char *key,
+ srtp_aes_expanded_key_t *expanded_key)
+{
+ int i;
+ uint8_t rc;
- /* initialize round constant */
- rc = 1;
+ /* initialize round constant */
+ rc = 1;
- expanded_key->num_rounds = 14;
+ expanded_key->num_rounds = 14;
- v128_copy_octet_string(&expanded_key->round[0], key);
- v128_copy_octet_string(&expanded_key->round[1], key+16);
+ v128_copy_octet_string(&expanded_key->round[0], key);
+ v128_copy_octet_string(&expanded_key->round[1], key + 16);
#if 0
- debug_print(mod_aes_icm,
- "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0]));
- debug_print(mod_aes_icm,
- "expanded key[1]: %s", v128_hex_string(&expanded_key->round[1]));
+ debug_print(srtp_mod_aes_icm,
+ "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0]));
+ debug_print(srtp_mod_aes_icm,
+ "expanded key[1]: %s", v128_hex_string(&expanded_key->round[1]));
#endif
- /* loop over rest of round keys */
- for (i=2; i < 15; i++) {
+ /* loop over rest of round keys */
+ for (i = 2; i < 15; i++) {
- /* munge first word of round key */
- if ((i & 1) == 0) {
- expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[13]] ^ rc;
- expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[14]];
- expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[15]];
- expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[12]];
+ /* munge first word of round key */
+ if ((i & 1) == 0) {
+ expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i - 1].v8[13]] ^ rc;
+ expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i - 1].v8[14]];
+ expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i - 1].v8[15]];
+ expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i - 1].v8[12]];
- /* modify round constant */
- rc = gf2_8_shift(rc);
- }
- else {
- expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[12]];
- expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[13]];
- expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[14]];
- expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[15]];
- }
+ /* modify round constant */
+ rc = gf2_8_shift(rc);
+ }else {
+ expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i - 1].v8[12]];
+ expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i - 1].v8[13]];
+ expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i - 1].v8[14]];
+ expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i - 1].v8[15]];
+ }
- expanded_key->round[i].v32[0] ^= expanded_key->round[i-2].v32[0];
+ expanded_key->round[i].v32[0] ^= expanded_key->round[i - 2].v32[0];
- /* set remaining 32 bit words to the exor of the one previous with
- * the one eight words previous */
+ /* set remaining 32 bit words to the exor of the one previous with
+ * the one eight words previous */
- expanded_key->round[i].v32[1] =
- expanded_key->round[i].v32[0] ^ expanded_key->round[i-2].v32[1];
+ expanded_key->round[i].v32[1] =
+ expanded_key->round[i].v32[0] ^ expanded_key->round[i - 2].v32[1];
- expanded_key->round[i].v32[2] =
- expanded_key->round[i].v32[1] ^ expanded_key->round[i-2].v32[2];
+ expanded_key->round[i].v32[2] =
+ expanded_key->round[i].v32[1] ^ expanded_key->round[i - 2].v32[2];
- expanded_key->round[i].v32[3] =
- expanded_key->round[i].v32[2] ^ expanded_key->round[i-2].v32[3];
+ expanded_key->round[i].v32[3] =
+ expanded_key->round[i].v32[2] ^ expanded_key->round[i - 2].v32[3];
#if 0
- debug_print2(mod_aes_icm,
- "expanded key[%d]: %s", i,v128_hex_string(&expanded_key->round[i]));
+ debug_print2(srtp_mod_aes_icm,
+ "expanded key[%d]: %s", i, v128_hex_string(&expanded_key->round[i]));
#endif
- }
+ }
}
-err_status_t
-aes_expand_encryption_key(const uint8_t *key,
- int key_len,
- aes_expanded_key_t *expanded_key) {
- if (key_len == 16) {
- aes_128_expand_encryption_key(key, expanded_key);
- return err_status_ok;
- }
- else if (key_len == 24) {
- /* AES-192 not yet supported */
- return err_status_bad_param;
- }
- else if (key_len == 32) {
- aes_256_expand_encryption_key(key, expanded_key);
- return err_status_ok;
- }
- else
- return err_status_bad_param;
+srtp_err_status_t srtp_aes_expand_encryption_key (const uint8_t *key,
+ int key_len,
+ srtp_aes_expanded_key_t *expanded_key)
+{
+ if (key_len == 16) {
+ aes_128_expand_encryption_key(key, expanded_key);
+ return srtp_err_status_ok;
+ }else if (key_len == 24) {
+ /* AES-192 not yet supported */
+ return srtp_err_status_bad_param;
+ }else if (key_len == 32) {
+ aes_256_expand_encryption_key(key, expanded_key);
+ return srtp_err_status_ok;
+ }else {
+ return srtp_err_status_bad_param;
+ }
}
-err_status_t
-aes_expand_decryption_key(const uint8_t *key,
- int key_len,
- aes_expanded_key_t *expanded_key) {
- int i;
- err_status_t status;
- int num_rounds = expanded_key->num_rounds;
-
- status = aes_expand_encryption_key(key, key_len, expanded_key);
- if (status)
- return status;
-
- /* invert the order of the round keys */
- for (i=0; i < num_rounds/2; i++) {
- v128_t tmp;
- v128_copy(&tmp, &expanded_key->round[num_rounds-i]);
- v128_copy(&expanded_key->round[num_rounds-i], &expanded_key->round[i]);
- v128_copy(&expanded_key->round[i], &tmp);
- }
-
- /*
- * apply the inverse mixColumn transform to the round keys (except
- * for the first and the last)
- *
- * mixColumn is implemented by using the tables U0, U1, U2, U3,
- * followed by the T4 table (which cancels out the use of the sbox
- * in the U-tables)
- */
- for (i=1; i < num_rounds; i++) {
+srtp_err_status_t srtp_aes_expand_decryption_key (const uint8_t *key,
+ int key_len,
+ srtp_aes_expanded_key_t *expanded_key)
+{
+ int i;
+ srtp_err_status_t status;
+ int num_rounds = expanded_key->num_rounds;
+
+ status = srtp_aes_expand_encryption_key(key, key_len, expanded_key);
+ if (status) {
+ return status;
+ }
+
+ /* invert the order of the round keys */
+ for (i = 0; i < num_rounds / 2; i++) {
+ v128_t tmp;
+ v128_copy(&tmp, &expanded_key->round[num_rounds - i]);
+ v128_copy(&expanded_key->round[num_rounds - i], &expanded_key->round[i]);
+ v128_copy(&expanded_key->round[i], &tmp);
+ }
+
+ /*
+ * apply the inverse mixColumn transform to the round keys (except
+ * for the first and the last)
+ *
+ * mixColumn is implemented by using the tables U0, U1, U2, U3,
+ * followed by the T4 table (which cancels out the use of the sbox
+ * in the U-tables)
+ */
+ for (i = 1; i < num_rounds; i++) {
#ifdef CPU_RISC
- uint32_t tmp;
-
- tmp = expanded_key->round[i].v32[0];
- expanded_key->round[i].v32[0] =
- U0[T4[(tmp >> 24) ] & 0xff] ^
- U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
- U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
- U3[T4[(tmp) & 0xff] & 0xff];
-
- tmp = expanded_key->round[i].v32[1];
- expanded_key->round[i].v32[1] =
- U0[T4[(tmp >> 24) ] & 0xff] ^
- U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
- U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
- U3[T4[(tmp) & 0xff] & 0xff];
-
- tmp = expanded_key->round[i].v32[2];
- expanded_key->round[i].v32[2] =
- U0[T4[(tmp >> 24) ] & 0xff] ^
- U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
- U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
- U3[T4[(tmp) & 0xff] & 0xff];
-
- tmp = expanded_key->round[i].v32[3];
- expanded_key->round[i].v32[3] =
- U0[T4[(tmp >> 24) ] & 0xff] ^
- U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
- U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
- U3[T4[(tmp) & 0xff] & 0xff];
+ uint32_t tmp;
+
+#ifdef WORDS_BIGENDIAN
+ tmp = expanded_key->round[i].v32[0];
+ expanded_key->round[i].v32[0] =
+ U0[T4[(tmp >> 24) ] & 0xff] ^
+ U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U3[T4[(tmp) & 0xff] & 0xff];
+
+ tmp = expanded_key->round[i].v32[1];
+ expanded_key->round[i].v32[1] =
+ U0[T4[(tmp >> 24) ] & 0xff] ^
+ U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U3[T4[(tmp) & 0xff] & 0xff];
+
+ tmp = expanded_key->round[i].v32[2];
+ expanded_key->round[i].v32[2] =
+ U0[T4[(tmp >> 24) ] & 0xff] ^
+ U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U3[T4[(tmp) & 0xff] & 0xff];
+
+ tmp = expanded_key->round[i].v32[3];
+ expanded_key->round[i].v32[3] =
+ U0[T4[(tmp >> 24) ] & 0xff] ^
+ U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U3[T4[(tmp) & 0xff] & 0xff];
+#else
+ tmp = expanded_key->round[i].v32[0];
+ expanded_key->round[i].v32[0] =
+ U3[T4[(tmp >> 24) ] & 0xff] ^
+ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U0[T4[(tmp) & 0xff] & 0xff];
+
+ tmp = expanded_key->round[i].v32[1];
+ expanded_key->round[i].v32[1] =
+ U3[T4[(tmp >> 24) ] & 0xff] ^
+ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U0[T4[(tmp) & 0xff] & 0xff];
+
+ tmp = expanded_key->round[i].v32[2];
+ expanded_key->round[i].v32[2] =
+ U3[T4[(tmp >> 24) ] & 0xff] ^
+ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U0[T4[(tmp) & 0xff] & 0xff];
+
+ tmp = expanded_key->round[i].v32[3];
+ expanded_key->round[i].v32[3] =
+ U3[T4[(tmp >> 24) ] & 0xff] ^
+ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U0[T4[(tmp) & 0xff] & 0xff];
+#endif /* WORDS_BIGENDIAN */
+
#else /* assume CPU_CISC */
- uint32_t c0, c1, c2, c3;
+ uint32_t c0, c1, c2, c3;
- c0 = U0[aes_sbox[expanded_key->round[i].v8[0]]]
- ^ U1[aes_sbox[expanded_key->round[i].v8[1]]]
- ^ U2[aes_sbox[expanded_key->round[i].v8[2]]]
- ^ U3[aes_sbox[expanded_key->round[i].v8[3]]];
+ c0 = U0[aes_sbox[expanded_key->round[i].v8[0]]]
+ ^ U1[aes_sbox[expanded_key->round[i].v8[1]]]
+ ^ U2[aes_sbox[expanded_key->round[i].v8[2]]]
+ ^ U3[aes_sbox[expanded_key->round[i].v8[3]]];
- c1 = U0[aes_sbox[expanded_key->round[i].v8[4]]]
- ^ U1[aes_sbox[expanded_key->round[i].v8[5]]]
- ^ U2[aes_sbox[expanded_key->round[i].v8[6]]]
- ^ U3[aes_sbox[expanded_key->round[i].v8[7]]];
+ c1 = U0[aes_sbox[expanded_key->round[i].v8[4]]]
+ ^ U1[aes_sbox[expanded_key->round[i].v8[5]]]
+ ^ U2[aes_sbox[expanded_key->round[i].v8[6]]]
+ ^ U3[aes_sbox[expanded_key->round[i].v8[7]]];
- c2 = U0[aes_sbox[expanded_key->round[i].v8[8]]]
- ^ U1[aes_sbox[expanded_key->round[i].v8[9]]]
- ^ U2[aes_sbox[expanded_key->round[i].v8[10]]]
- ^ U3[aes_sbox[expanded_key->round[i].v8[11]]];
+ c2 = U0[aes_sbox[expanded_key->round[i].v8[8]]]
+ ^ U1[aes_sbox[expanded_key->round[i].v8[9]]]
+ ^ U2[aes_sbox[expanded_key->round[i].v8[10]]]
+ ^ U3[aes_sbox[expanded_key->round[i].v8[11]]];
- c3 = U0[aes_sbox[expanded_key->round[i].v8[12]]]
- ^ U1[aes_sbox[expanded_key->round[i].v8[13]]]
- ^ U2[aes_sbox[expanded_key->round[i].v8[14]]]
- ^ U3[aes_sbox[expanded_key->round[i].v8[15]]];
+ c3 = U0[aes_sbox[expanded_key->round[i].v8[12]]]
+ ^ U1[aes_sbox[expanded_key->round[i].v8[13]]]
+ ^ U2[aes_sbox[expanded_key->round[i].v8[14]]]
+ ^ U3[aes_sbox[expanded_key->round[i].v8[15]]];
- expanded_key->round[i].v32[0] = c0;
- expanded_key->round[i].v32[1] = c1;
- expanded_key->round[i].v32[2] = c2;
- expanded_key->round[i].v32[3] = c3;
+ expanded_key->round[i].v32[0] = c0;
+ expanded_key->round[i].v32[1] = c1;
+ expanded_key->round[i].v32[2] = c2;
+ expanded_key->round[i].v32[3] = c3;
-#endif
- }
+#endif
+ }
- return err_status_ok;
+ return srtp_err_status_ok;
}
#ifdef CPU_CISC
-static inline void
-aes_round(v128_t *state, const v128_t *round_key) {
- uint32_t column0, column1, column2, column3;
+static inline void aes_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t column0, column1, column2, column3;
- /* compute the columns of the output square in terms of the octets
- of state, using the tables T0, T1, T2, T3 */
+ /* compute the columns of the output square in terms of the octets
+ of state, using the tables T0, T1, T2, T3 */
- column0 = T0[state->v8[0]] ^ T1[state->v8[5]]
- ^ T2[state->v8[10]] ^ T3[state->v8[15]];
+ column0 = T0[state->v8[0]] ^ T1[state->v8[5]]
+ ^ T2[state->v8[10]] ^ T3[state->v8[15]];
- column1 = T0[state->v8[4]] ^ T1[state->v8[9]]
- ^ T2[state->v8[14]] ^ T3[state->v8[3]];
+ column1 = T0[state->v8[4]] ^ T1[state->v8[9]]
+ ^ T2[state->v8[14]] ^ T3[state->v8[3]];
- column2 = T0[state->v8[8]] ^ T1[state->v8[13]]
- ^ T2[state->v8[2]] ^ T3[state->v8[7]];
+ column2 = T0[state->v8[8]] ^ T1[state->v8[13]]
+ ^ T2[state->v8[2]] ^ T3[state->v8[7]];
- column3 = T0[state->v8[12]] ^ T1[state->v8[1]]
- ^ T2[state->v8[6]] ^ T3[state->v8[11]];
+ column3 = T0[state->v8[12]] ^ T1[state->v8[1]]
+ ^ T2[state->v8[6]] ^ T3[state->v8[11]];
- state->v32[0] = column0 ^ round_key->v32[0];
- state->v32[1] = column1 ^ round_key->v32[1];
- state->v32[2] = column2 ^ round_key->v32[2];
- state->v32[3] = column3 ^ round_key->v32[3];
+ state->v32[0] = column0 ^ round_key->v32[0];
+ state->v32[1] = column1 ^ round_key->v32[1];
+ state->v32[2] = column2 ^ round_key->v32[2];
+ state->v32[3] = column3 ^ round_key->v32[3];
}
-static inline void
-aes_inv_round(v128_t *state, const v128_t *round_key) {
- uint32_t column0, column1, column2, column3;
+static inline void aes_inv_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t column0, column1, column2, column3;
- /* compute the columns of the output square in terms of the octets
- of state, using the tables U0, U1, U2, U3 */
+ /* compute the columns of the output square in terms of the octets
+ of state, using the tables U0, U1, U2, U3 */
- column0 = U0[state->v8[0]] ^ U1[state->v8[13]]
- ^ U2[state->v8[10]] ^ U3[state->v8[7]];
+ column0 = U0[state->v8[0]] ^ U1[state->v8[13]]
+ ^ U2[state->v8[10]] ^ U3[state->v8[7]];
- column1 = U0[state->v8[4]] ^ U1[state->v8[1]]
- ^ U2[state->v8[14]] ^ U3[state->v8[11]];
+ column1 = U0[state->v8[4]] ^ U1[state->v8[1]]
+ ^ U2[state->v8[14]] ^ U3[state->v8[11]];
- column2 = U0[state->v8[8]] ^ U1[state->v8[5]]
- ^ U2[state->v8[2]] ^ U3[state->v8[15]];
+ column2 = U0[state->v8[8]] ^ U1[state->v8[5]]
+ ^ U2[state->v8[2]] ^ U3[state->v8[15]];
- column3 = U0[state->v8[12]] ^ U1[state->v8[9]]
- ^ U2[state->v8[6]] ^ U3[state->v8[3]];
+ column3 = U0[state->v8[12]] ^ U1[state->v8[9]]
+ ^ U2[state->v8[6]] ^ U3[state->v8[3]];
- state->v32[0] = column0 ^ round_key->v32[0];
- state->v32[1] = column1 ^ round_key->v32[1];
- state->v32[2] = column2 ^ round_key->v32[2];
- state->v32[3] = column3 ^ round_key->v32[3];
+ state->v32[0] = column0 ^ round_key->v32[0];
+ state->v32[1] = column1 ^ round_key->v32[1];
+ state->v32[2] = column2 ^ round_key->v32[2];
+ state->v32[3] = column3 ^ round_key->v32[3];
}
-static inline void
-aes_final_round(v128_t *state, const v128_t *round_key) {
- uint8_t tmp;
-
- /* byte substitutions and row shifts */
- /* first row - no shift */
- state->v8[0] = aes_sbox[state->v8[0]];
- state->v8[4] = aes_sbox[state->v8[4]];
- state->v8[8] = aes_sbox[state->v8[8]];
- state->v8[12] = aes_sbox[state->v8[12]];
-
- /* second row - shift one left */
- tmp = aes_sbox[state->v8[1]];
- state->v8[1] = aes_sbox[state->v8[5]];
- state->v8[5] = aes_sbox[state->v8[9]];
- state->v8[9] = aes_sbox[state->v8[13]];
- state->v8[13] = tmp;
-
- /* third row - shift two left */
- tmp = aes_sbox[state->v8[10]];
- state->v8[10] = aes_sbox[state->v8[2]];
- state->v8[2] = tmp;
- tmp = aes_sbox[state->v8[14]];
- state->v8[14] = aes_sbox[state->v8[6]];
- state->v8[6] = tmp;
-
- /* fourth row - shift three left */
- tmp = aes_sbox[state->v8[15]];
- state->v8[15] = aes_sbox[state->v8[11]];
- state->v8[11] = aes_sbox[state->v8[7]];
- state->v8[7] = aes_sbox[state->v8[3]];
- state->v8[3] = tmp;
-
- v128_xor_eq(state, round_key);
+static inline void aes_final_round (v128_t *state, const v128_t *round_key)
+{
+ uint8_t tmp;
+
+ /* byte substitutions and row shifts */
+ /* first row - no shift */
+ state->v8[0] = aes_sbox[state->v8[0]];
+ state->v8[4] = aes_sbox[state->v8[4]];
+ state->v8[8] = aes_sbox[state->v8[8]];
+ state->v8[12] = aes_sbox[state->v8[12]];
+
+ /* second row - shift one left */
+ tmp = aes_sbox[state->v8[1]];
+ state->v8[1] = aes_sbox[state->v8[5]];
+ state->v8[5] = aes_sbox[state->v8[9]];
+ state->v8[9] = aes_sbox[state->v8[13]];
+ state->v8[13] = tmp;
+
+ /* third row - shift two left */
+ tmp = aes_sbox[state->v8[10]];
+ state->v8[10] = aes_sbox[state->v8[2]];
+ state->v8[2] = tmp;
+ tmp = aes_sbox[state->v8[14]];
+ state->v8[14] = aes_sbox[state->v8[6]];
+ state->v8[6] = tmp;
+
+ /* fourth row - shift three left */
+ tmp = aes_sbox[state->v8[15]];
+ state->v8[15] = aes_sbox[state->v8[11]];
+ state->v8[11] = aes_sbox[state->v8[7]];
+ state->v8[7] = aes_sbox[state->v8[3]];
+ state->v8[3] = tmp;
+
+ v128_xor_eq(state, round_key);
}
-static inline void
-aes_inv_final_round(v128_t *state, const v128_t *round_key) {
- uint8_t tmp;
-
- /* byte substitutions and row shifts */
- /* first row - no shift */
- state->v8[0] = aes_inv_sbox[state->v8[0]];
- state->v8[4] = aes_inv_sbox[state->v8[4]];
- state->v8[8] = aes_inv_sbox[state->v8[8]];
- state->v8[12] = aes_inv_sbox[state->v8[12]];
-
- /* second row - shift one right */
- tmp = aes_inv_sbox[state->v8[13]];
- state->v8[13] = aes_inv_sbox[state->v8[9]];
- state->v8[9] = aes_inv_sbox[state->v8[5]];
- state->v8[5] = aes_inv_sbox[state->v8[1]];
- state->v8[1] = tmp;
-
- /* third row - shift two right */
- tmp = aes_inv_sbox[state->v8[2]];
- state->v8[2] = aes_inv_sbox[state->v8[10]];
- state->v8[10] = tmp;
- tmp = aes_inv_sbox[state->v8[6]];
- state->v8[6] = aes_inv_sbox[state->v8[14]];
- state->v8[14] = tmp;
-
- /* fourth row - shift three right */
- tmp = aes_inv_sbox[state->v8[3]];
- state->v8[3] = aes_inv_sbox[state->v8[7]];
- state->v8[7] = aes_inv_sbox[state->v8[11]];
- state->v8[11] = aes_inv_sbox[state->v8[15]];
- state->v8[15] = tmp;
-
- v128_xor_eq(state, round_key);
+static inline void aes_inv_final_round (v128_t *state, const v128_t *round_key)
+{
+ uint8_t tmp;
+
+ /* byte substitutions and row shifts */
+ /* first row - no shift */
+ state->v8[0] = aes_inv_sbox[state->v8[0]];
+ state->v8[4] = aes_inv_sbox[state->v8[4]];
+ state->v8[8] = aes_inv_sbox[state->v8[8]];
+ state->v8[12] = aes_inv_sbox[state->v8[12]];
+
+ /* second row - shift one right */
+ tmp = aes_inv_sbox[state->v8[13]];
+ state->v8[13] = aes_inv_sbox[state->v8[9]];
+ state->v8[9] = aes_inv_sbox[state->v8[5]];
+ state->v8[5] = aes_inv_sbox[state->v8[1]];
+ state->v8[1] = tmp;
+
+ /* third row - shift two right */
+ tmp = aes_inv_sbox[state->v8[2]];
+ state->v8[2] = aes_inv_sbox[state->v8[10]];
+ state->v8[10] = tmp;
+ tmp = aes_inv_sbox[state->v8[6]];
+ state->v8[6] = aes_inv_sbox[state->v8[14]];
+ state->v8[14] = tmp;
+
+ /* fourth row - shift three right */
+ tmp = aes_inv_sbox[state->v8[3]];
+ state->v8[3] = aes_inv_sbox[state->v8[7]];
+ state->v8[7] = aes_inv_sbox[state->v8[11]];
+ state->v8[11] = aes_inv_sbox[state->v8[15]];
+ state->v8[15] = tmp;
+
+ v128_xor_eq(state, round_key);
}
#elif CPU_RISC
-static inline void
-aes_round(v128_t *state, const v128_t *round_key) {
- uint32_t column0, column1, column2, column3;
+static inline void aes_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t column0, column1, column2, column3;
- /* compute the columns of the output square in terms of the octets
- of state, using the tables T0, T1, T2, T3 */
+ /* compute the columns of the output square in terms of the octets
+ of state, using the tables T0, T1, T2, T3 */
#ifdef WORDS_BIGENDIAN
- column0 = T0[state->v32[0] >> 24] ^ T1[(state->v32[1] >> 16) & 0xff]
- ^ T2[(state->v32[2] >> 8) & 0xff] ^ T3[state->v32[3] & 0xff];
+ column0 = T0[state->v32[0] >> 24] ^ T1[(state->v32[1] >> 16) & 0xff]
+ ^ T2[(state->v32[2] >> 8) & 0xff] ^ T3[state->v32[3] & 0xff];
- column1 = T0[state->v32[1] >> 24] ^ T1[(state->v32[2] >> 16) & 0xff]
- ^ T2[(state->v32[3] >> 8) & 0xff] ^ T3[state->v32[0] & 0xff];
+ column1 = T0[state->v32[1] >> 24] ^ T1[(state->v32[2] >> 16) & 0xff]
+ ^ T2[(state->v32[3] >> 8) & 0xff] ^ T3[state->v32[0] & 0xff];
- column2 = T0[state->v32[2] >> 24] ^ T1[(state->v32[3] >> 16) & 0xff]
- ^ T2[(state->v32[0] >> 8) & 0xff] ^ T3[state->v32[1] & 0xff];
+ column2 = T0[state->v32[2] >> 24] ^ T1[(state->v32[3] >> 16) & 0xff]
+ ^ T2[(state->v32[0] >> 8) & 0xff] ^ T3[state->v32[1] & 0xff];
- column3 = T0[state->v32[3] >> 24] ^ T1[(state->v32[0] >> 16) & 0xff]
- ^ T2[(state->v32[1] >> 8) & 0xff] ^ T3[state->v32[2] & 0xff];
+ column3 = T0[state->v32[3] >> 24] ^ T1[(state->v32[0] >> 16) & 0xff]
+ ^ T2[(state->v32[1] >> 8) & 0xff] ^ T3[state->v32[2] & 0xff];
#else
- column0 = T0[state->v32[0] & 0xff] ^ T1[(state->v32[1] >> 8) & 0xff]
- ^ T2[(state->v32[2] >> 16) & 0xff] ^ T3[state->v32[3] >> 24];
+ column0 = T0[state->v32[0] & 0xff] ^ T1[(state->v32[1] >> 8) & 0xff]
+ ^ T2[(state->v32[2] >> 16) & 0xff] ^ T3[state->v32[3] >> 24];
- column1 = T0[state->v32[1] & 0xff] ^ T1[(state->v32[2] >> 8) & 0xff]
- ^ T2[(state->v32[3] >> 16) & 0xff] ^ T3[state->v32[0] >> 24];
+ column1 = T0[state->v32[1] & 0xff] ^ T1[(state->v32[2] >> 8) & 0xff]
+ ^ T2[(state->v32[3] >> 16) & 0xff] ^ T3[state->v32[0] >> 24];
- column2 = T0[state->v32[2] & 0xff] ^ T1[(state->v32[3] >> 8) & 0xff]
- ^ T2[(state->v32[0] >> 16) & 0xff] ^ T3[state->v32[1] >> 24];
+ column2 = T0[state->v32[2] & 0xff] ^ T1[(state->v32[3] >> 8) & 0xff]
+ ^ T2[(state->v32[0] >> 16) & 0xff] ^ T3[state->v32[1] >> 24];
- column3 = T0[state->v32[3] & 0xff] ^ T1[(state->v32[0] >> 8) & 0xff]
- ^ T2[(state->v32[1] >> 16) & 0xff] ^ T3[state->v32[2] >> 24];
+ column3 = T0[state->v32[3] & 0xff] ^ T1[(state->v32[0] >> 8) & 0xff]
+ ^ T2[(state->v32[1] >> 16) & 0xff] ^ T3[state->v32[2] >> 24];
#endif /* WORDS_BIGENDIAN */
- state->v32[0] = column0 ^ round_key->v32[0];
- state->v32[1] = column1 ^ round_key->v32[1];
- state->v32[2] = column2 ^ round_key->v32[2];
- state->v32[3] = column3 ^ round_key->v32[3];
+ state->v32[0] = column0 ^ round_key->v32[0];
+ state->v32[1] = column1 ^ round_key->v32[1];
+ state->v32[2] = column2 ^ round_key->v32[2];
+ state->v32[3] = column3 ^ round_key->v32[3];
}
-static inline void
-aes_inv_round(v128_t *state, const v128_t *round_key) {
- uint32_t column0, column1, column2, column3;
+static inline void aes_inv_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t column0, column1, column2, column3;
- /* compute the columns of the output square in terms of the octets
- of state, using the tables U0, U1, U2, U3 */
+ /* compute the columns of the output square in terms of the octets
+ of state, using the tables U0, U1, U2, U3 */
#ifdef WORDS_BIGENDIAN
- /* FIX! WRong indexes */
- column0 = U0[state->v32[0] >> 24] ^ U1[(state->v32[3] >> 16) & 0xff]
- ^ U2[(state->v32[2] >> 8) & 0xff] ^ U3[state->v32[1] & 0xff];
+ column0 = U0[state->v32[0] >> 24] ^ U1[(state->v32[3] >> 16) & 0xff]
+ ^ U2[(state->v32[2] >> 8) & 0xff] ^ U3[state->v32[1] & 0xff];
- column1 = U0[state->v32[1] >> 24] ^ U1[(state->v32[0] >> 16) & 0xff]
- ^ U2[(state->v32[3] >> 8) & 0xff] ^ U3[state->v32[2] & 0xff];
+ column1 = U0[state->v32[1] >> 24] ^ U1[(state->v32[0] >> 16) & 0xff]
+ ^ U2[(state->v32[3] >> 8) & 0xff] ^ U3[state->v32[2] & 0xff];
- column2 = U0[state->v32[2] >> 24] ^ U1[(state->v32[1] >> 16) & 0xff]
- ^ U2[(state->v32[0] >> 8) & 0xff] ^ U3[state->v32[3] & 0xff];
+ column2 = U0[state->v32[2] >> 24] ^ U1[(state->v32[1] >> 16) & 0xff]
+ ^ U2[(state->v32[0] >> 8) & 0xff] ^ U3[state->v32[3] & 0xff];
- column3 = U0[state->v32[3] >> 24] ^ U1[(state->v32[2] >> 16) & 0xff]
- ^ U2[(state->v32[1] >> 8) & 0xff] ^ U3[state->v32[0] & 0xff];
+ column3 = U0[state->v32[3] >> 24] ^ U1[(state->v32[2] >> 16) & 0xff]
+ ^ U2[(state->v32[1] >> 8) & 0xff] ^ U3[state->v32[0] & 0xff];
#else
- column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff]
- ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[state->v32[3] >> 24];
+ column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff]
+ ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[(state->v32[1] >> 24) & 0xff];
- column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff]
- ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[state->v32[0] >> 24];
+ column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff]
+ ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[(state->v32[2] >> 24) & 0xff];
- column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff]
- ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[state->v32[1] >> 24];
+ column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff]
+ ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[(state->v32[3] >> 24) & 0xff];
- column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff]
- ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[state->v32[2] >> 24];
+ column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff]
+ ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[(state->v32[0] >> 24) & 0xff];
#endif /* WORDS_BIGENDIAN */
- state->v32[0] = column0 ^ round_key->v32[0];
- state->v32[1] = column1 ^ round_key->v32[1];
- state->v32[2] = column2 ^ round_key->v32[2];
- state->v32[3] = column3 ^ round_key->v32[3];
+ state->v32[0] = column0 ^ round_key->v32[0];
+ state->v32[1] = column1 ^ round_key->v32[1];
+ state->v32[2] = column2 ^ round_key->v32[2];
+ state->v32[3] = column3 ^ round_key->v32[3];
}
-static inline void
-aes_final_round(v128_t *state, const v128_t *round_key) {
- uint32_t tmp0, tmp1, tmp2, tmp3;
-
- tmp0 = (T4[(state->v32[0] >> 24)] & 0xff000000)
- ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
- ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
- ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[0];
-
- tmp1 = (T4[(state->v32[1] >> 24)] & 0xff000000)
- ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
- ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
- ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[1];
-
- tmp2 = (T4[(state->v32[2] >> 24)] & 0xff000000)
- ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
- ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
- ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[2];
-
- tmp3 = (T4[(state->v32[3] >> 24)] & 0xff000000)
- ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
- ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
- ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[3];
-
- state->v32[0] = tmp0;
- state->v32[1] = tmp1;
- state->v32[2] = tmp2;
- state->v32[3] = tmp3;
+static inline void aes_final_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t tmp0, tmp1, tmp2, tmp3;
+
+#ifdef WORDS_BIGENDIAN
+ tmp0 = (T4[(state->v32[0] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[0];
+
+ tmp1 = (T4[(state->v32[1] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[1];
+
+ tmp2 = (T4[(state->v32[2] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[2];
+
+ tmp3 = (T4[(state->v32[3] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[3];
+#else
+ tmp0 = (T4[(state->v32[3] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[0];
+
+ tmp1 = (T4[(state->v32[0] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[1];
+
+ tmp2 = (T4[(state->v32[1] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[2];
+
+ tmp3 = (T4[(state->v32[2] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[3];
+#endif /* WORDS_BIGENDIAN */
+
+ state->v32[0] = tmp0;
+ state->v32[1] = tmp1;
+ state->v32[2] = tmp2;
+ state->v32[3] = tmp3;
}
-static inline void
-aes_inv_final_round(v128_t *state, const v128_t *round_key) {
- uint32_t tmp0, tmp1, tmp2, tmp3;
-
- tmp0 = (U4[(state->v32[0] >> 24)] & 0xff000000)
- ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
- ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
- ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[0];
-
- tmp1 = (U4[(state->v32[1] >> 24)] & 0xff000000)
- ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
- ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
- ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[1];
-
- tmp2 = (U4[(state->v32[2] >> 24)] & 0xff000000)
- ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
- ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
- ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[2];
-
- tmp3 = (U4[(state->v32[3] >> 24)] & 0xff000000)
- ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
- ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
- ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[3];
-
- state->v32[0] = tmp0;
- state->v32[1] = tmp1;
- state->v32[2] = tmp2;
- state->v32[3] = tmp3;
+static inline void aes_inv_final_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t tmp0, tmp1, tmp2, tmp3;
+#ifdef WORDS_BIGENDIAN
+ tmp0 = (U4[(state->v32[0] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[0];
+
+ tmp1 = (U4[(state->v32[1] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[1];
+
+ tmp2 = (U4[(state->v32[2] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[2];
+
+ tmp3 = (U4[(state->v32[3] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[3];
+#else
+ tmp0 = (U4[(state->v32[1] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[0];
+
+ tmp1 = (U4[(state->v32[2] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[1];
+
+ tmp2 = (U4[(state->v32[3] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[2];
+
+ tmp3 = (U4[(state->v32[0] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[3];
+#endif /* WORDS_BIGENDIAN */
+
+ state->v32[0] = tmp0;
+ state->v32[1] = tmp1;
+ state->v32[2] = tmp2;
+ state->v32[3] = tmp3;
}
#elif CPU_16 /* assume 16-bit word size on processor */
-static inline void
-aes_round(v128_t *state, const v128_t *round_key) {
- uint32_t column0, column1, column2, column3;
- uint16_t c
- /* compute the columns of the output square in terms of the octets
- of state, using the tables T0, T1, T2, T3 */
+static inline void aes_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t column0, column1, column2, column3;
+ uint16_t c
+ /* compute the columns of the output square in terms of the octets
+ of state, using the tables T0, T1, T2, T3 */
- column0 = T0[state->v8[0]] ^ T1[state->v8[5]]
- ^ T2[state->v8[10]] ^ T3[state->v8[15]];
+ column0 = T0[state->v8[0]] ^ T1[state->v8[5]]
+ ^ T2[state->v8[10]] ^ T3[state->v8[15]];
- column1 = T0[state->v8[4]] ^ T1[state->v8[9]]
- ^ T2[state->v8[14]] ^ T3[state->v8[3]];
+ column1 = T0[state->v8[4]] ^ T1[state->v8[9]]
+ ^ T2[state->v8[14]] ^ T3[state->v8[3]];
- column2 = T0[state->v8[8]] ^ T1[state->v8[13]]
- ^ T2[state->v8[2]] ^ T3[state->v8[7]];
+ column2 = T0[state->v8[8]] ^ T1[state->v8[13]]
+ ^ T2[state->v8[2]] ^ T3[state->v8[7]];
- column3 = T0[state->v8[12]] ^ T1[state->v8[1]]
- ^ T2[state->v8[6]] ^ T3[state->v8[11]];
+ column3 = T0[state->v8[12]] ^ T1[state->v8[1]]
+ ^ T2[state->v8[6]] ^ T3[state->v8[11]];
- state->v32[0] = column0 ^ round_key->v32[0];
- state->v32[1] = column1 ^ round_key->v32[1];
- state->v32[2] = column2 ^ round_key->v32[2];
- state->v32[3] = column3 ^ round_key->v32[3];
+ state->v32[0] = column0 ^ round_key->v32[0];
+ state->v32[1] = column1 ^ round_key->v32[1];
+ state->v32[2] = column2 ^ round_key->v32[2];
+ state->v32[3] = column3 ^ round_key->v32[3];
}
-static inline void
-aes_inv_round(v128_t *state, const v128_t *round_key) {
- uint32_t column0, column1, column2, column3;
+static inline void aes_inv_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t column0, column1, column2, column3;
- /* compute the columns of the output square in terms of the octets
- of state, using the tables U0, U1, U2, U3 */
+ /* compute the columns of the output square in terms of the octets
+ of state, using the tables U0, U1, U2, U3 */
- column0 = U0[state->v8[0]] ^ U1[state->v8[5]]
- ^ U2[state->v8[10]] ^ U3[state->v8[15]];
+ column0 = U0[state->v8[0]] ^ U1[state->v8[5]]
+ ^ U2[state->v8[10]] ^ U3[state->v8[15]];
- column1 = U0[state->v8[4]] ^ U1[state->v8[9]]
- ^ U2[state->v8[14]] ^ U3[state->v8[3]];
+ column1 = U0[state->v8[4]] ^ U1[state->v8[9]]
+ ^ U2[state->v8[14]] ^ U3[state->v8[3]];
- column2 = U0[state->v8[8]] ^ U1[state->v8[13]]
- ^ U2[state->v8[2]] ^ U3[state->v8[7]];
+ column2 = U0[state->v8[8]] ^ U1[state->v8[13]]
+ ^ U2[state->v8[2]] ^ U3[state->v8[7]];
- column3 = U0[state->v8[12]] ^ U1[state->v8[1]]
- ^ U2[state->v8[6]] ^ U3[state->v8[11]];
+ column3 = U0[state->v8[12]] ^ U1[state->v8[1]]
+ ^ U2[state->v8[6]] ^ U3[state->v8[11]];
- state->v32[0] = column0 ^ round_key->v32[0];
- state->v32[1] = column1 ^ round_key->v32[1];
- state->v32[2] = column2 ^ round_key->v32[2];
- state->v32[3] = column3 ^ round_key->v32[3];
+ state->v32[0] = column0 ^ round_key->v32[0];
+ state->v32[1] = column1 ^ round_key->v32[1];
+ state->v32[2] = column2 ^ round_key->v32[2];
+ state->v32[3] = column3 ^ round_key->v32[3];
}
-static inline void
-aes_final_round(v128_t *state, const v128_t *round_key) {
- uint8_t tmp;
-
- /* byte substitutions and row shifts */
- /* first row - no shift */
- state->v8[0] = aes_sbox[state->v8[0]];
- state->v8[4] = aes_sbox[state->v8[4]];
- state->v8[8] = aes_sbox[state->v8[8]];
- state->v8[12] = aes_sbox[state->v8[12]];
-
- /* second row - shift one left */
- tmp = aes_sbox[state->v8[1]];
- state->v8[1] = aes_sbox[state->v8[5]];
- state->v8[5] = aes_sbox[state->v8[9]];
- state->v8[9] = aes_sbox[state->v8[13]];
- state->v8[13] = tmp;
-
- /* third row - shift two left */
- tmp = aes_sbox[state->v8[10]];
- state->v8[10] = aes_sbox[state->v8[2]];
- state->v8[2] = tmp;
- tmp = aes_sbox[state->v8[14]];
- state->v8[14] = aes_sbox[state->v8[6]];
- state->v8[6] = tmp;
-
- /* fourth row - shift three left */
- tmp = aes_sbox[state->v8[15]];
- state->v8[15] = aes_sbox[state->v8[11]];
- state->v8[11] = aes_sbox[state->v8[7]];
- state->v8[7] = aes_sbox[state->v8[3]];
- state->v8[3] = tmp;
-
- v128_xor_eq(state, round_key);
+static inline void aes_final_round (v128_t *state, const v128_t *round_key)
+{
+ uint8_t tmp;
+
+ /* byte substitutions and row shifts */
+ /* first row - no shift */
+ state->v8[0] = aes_sbox[state->v8[0]];
+ state->v8[4] = aes_sbox[state->v8[4]];
+ state->v8[8] = aes_sbox[state->v8[8]];
+ state->v8[12] = aes_sbox[state->v8[12]];
+
+ /* second row - shift one left */
+ tmp = aes_sbox[state->v8[1]];
+ state->v8[1] = aes_sbox[state->v8[5]];
+ state->v8[5] = aes_sbox[state->v8[9]];
+ state->v8[9] = aes_sbox[state->v8[13]];
+ state->v8[13] = tmp;
+
+ /* third row - shift two left */
+ tmp = aes_sbox[state->v8[10]];
+ state->v8[10] = aes_sbox[state->v8[2]];
+ state->v8[2] = tmp;
+ tmp = aes_sbox[state->v8[14]];
+ state->v8[14] = aes_sbox[state->v8[6]];
+ state->v8[6] = tmp;
+
+ /* fourth row - shift three left */
+ tmp = aes_sbox[state->v8[15]];
+ state->v8[15] = aes_sbox[state->v8[11]];
+ state->v8[11] = aes_sbox[state->v8[7]];
+ state->v8[7] = aes_sbox[state->v8[3]];
+ state->v8[3] = tmp;
+
+ v128_xor_eq(state, round_key);
}
-static inline void
-aes_inv_final_round(v128_t *state, const v128_t *round_key) {
- uint8_t tmp;
-
- /* byte substitutions and row shifts */
- /* first row - no shift */
- state->v8[0] = aes_inv_sbox[state->v8[0]];
- state->v8[4] = aes_inv_sbox[state->v8[4]];
- state->v8[8] = aes_inv_sbox[state->v8[8]];
- state->v8[12] = aes_inv_sbox[state->v8[12]];
-
- /* second row - shift one left */
- tmp = aes_inv_sbox[state->v8[1]];
- state->v8[1] = aes_inv_sbox[state->v8[5]];
- state->v8[5] = aes_inv_sbox[state->v8[9]];
- state->v8[9] = aes_inv_sbox[state->v8[13]];
- state->v8[13] = tmp;
-
- /* third row - shift two left */
- tmp = aes_inv_sbox[state->v8[10]];
- state->v8[10] = aes_inv_sbox[state->v8[2]];
- state->v8[2] = tmp;
- tmp = aes_inv_sbox[state->v8[14]];
- state->v8[14] = aes_inv_sbox[state->v8[6]];
- state->v8[6] = tmp;
-
- /* fourth row - shift three left */
- tmp = aes_inv_sbox[state->v8[15]];
- state->v8[15] = aes_inv_sbox[state->v8[11]];
- state->v8[11] = aes_inv_sbox[state->v8[7]];
- state->v8[7] = aes_inv_sbox[state->v8[3]];
- state->v8[3] = tmp;
-
- v128_xor_eq(state, round_key);
+static inline void aes_inv_final_round (v128_t *state, const v128_t *round_key)
+{
+ uint8_t tmp;
+
+ /* byte substitutions and row shifts */
+ /* first row - no shift */
+ state->v8[0] = aes_inv_sbox[state->v8[0]];
+ state->v8[4] = aes_inv_sbox[state->v8[4]];
+ state->v8[8] = aes_inv_sbox[state->v8[8]];
+ state->v8[12] = aes_inv_sbox[state->v8[12]];
+
+ /* second row - shift one left */
+ tmp = aes_inv_sbox[state->v8[1]];
+ state->v8[1] = aes_inv_sbox[state->v8[5]];
+ state->v8[5] = aes_inv_sbox[state->v8[9]];
+ state->v8[9] = aes_inv_sbox[state->v8[13]];
+ state->v8[13] = tmp;
+
+ /* third row - shift two left */
+ tmp = aes_inv_sbox[state->v8[10]];
+ state->v8[10] = aes_inv_sbox[state->v8[2]];
+ state->v8[2] = tmp;
+ tmp = aes_inv_sbox[state->v8[14]];
+ state->v8[14] = aes_inv_sbox[state->v8[6]];
+ state->v8[6] = tmp;
+
+ /* fourth row - shift three left */
+ tmp = aes_inv_sbox[state->v8[15]];
+ state->v8[15] = aes_inv_sbox[state->v8[11]];
+ state->v8[11] = aes_inv_sbox[state->v8[7]];
+ state->v8[7] = aes_inv_sbox[state->v8[3]];
+ state->v8[3] = tmp;
+
+ v128_xor_eq(state, round_key);
}
#endif /* CPU type */
-void
-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
-
- /* add in the subkey */
- v128_xor_eq(plaintext, &exp_key->round[0]);
-
- /* now do the rounds */
- aes_round(plaintext, &exp_key->round[1]);
- aes_round(plaintext, &exp_key->round[2]);
- aes_round(plaintext, &exp_key->round[3]);
- aes_round(plaintext, &exp_key->round[4]);
- aes_round(plaintext, &exp_key->round[5]);
- aes_round(plaintext, &exp_key->round[6]);
- aes_round(plaintext, &exp_key->round[7]);
- aes_round(plaintext, &exp_key->round[8]);
- aes_round(plaintext, &exp_key->round[9]);
- if (exp_key->num_rounds == 10) {
- aes_final_round(plaintext, &exp_key->round[10]);
- }
- else if (exp_key->num_rounds == 12) {
- aes_round(plaintext, &exp_key->round[10]);
- aes_round(plaintext, &exp_key->round[11]);
- aes_final_round(plaintext, &exp_key->round[12]);
- }
- else if (exp_key->num_rounds == 14) {
- aes_round(plaintext, &exp_key->round[10]);
- aes_round(plaintext, &exp_key->round[11]);
- aes_round(plaintext, &exp_key->round[12]);
- aes_round(plaintext, &exp_key->round[13]);
- aes_final_round(plaintext, &exp_key->round[14]);
- }
+void srtp_aes_encrypt (v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key)
+{
+
+ /* add in the subkey */
+ v128_xor_eq(plaintext, &exp_key->round[0]);
+
+ /* now do the rounds */
+ aes_round(plaintext, &exp_key->round[1]);
+ aes_round(plaintext, &exp_key->round[2]);
+ aes_round(plaintext, &exp_key->round[3]);
+ aes_round(plaintext, &exp_key->round[4]);
+ aes_round(plaintext, &exp_key->round[5]);
+ aes_round(plaintext, &exp_key->round[6]);
+ aes_round(plaintext, &exp_key->round[7]);
+ aes_round(plaintext, &exp_key->round[8]);
+ aes_round(plaintext, &exp_key->round[9]);
+ if (exp_key->num_rounds == 10) {
+ aes_final_round(plaintext, &exp_key->round[10]);
+ }else if (exp_key->num_rounds == 12) {
+ aes_round(plaintext, &exp_key->round[10]);
+ aes_round(plaintext, &exp_key->round[11]);
+ aes_final_round(plaintext, &exp_key->round[12]);
+ }else if (exp_key->num_rounds == 14) {
+ aes_round(plaintext, &exp_key->round[10]);
+ aes_round(plaintext, &exp_key->round[11]);
+ aes_round(plaintext, &exp_key->round[12]);
+ aes_round(plaintext, &exp_key->round[13]);
+ aes_final_round(plaintext, &exp_key->round[14]);
+ }
}
-void
-aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
-
- /* add in the subkey */
- v128_xor_eq(plaintext, &exp_key->round[0]);
-
- /* now do the rounds */
- aes_inv_round(plaintext, &exp_key->round[1]);
- aes_inv_round(plaintext, &exp_key->round[2]);
- aes_inv_round(plaintext, &exp_key->round[3]);
- aes_inv_round(plaintext, &exp_key->round[4]);
- aes_inv_round(plaintext, &exp_key->round[5]);
- aes_inv_round(plaintext, &exp_key->round[6]);
- aes_inv_round(plaintext, &exp_key->round[7]);
- aes_inv_round(plaintext, &exp_key->round[8]);
- aes_inv_round(plaintext, &exp_key->round[9]);
- if (exp_key->num_rounds == 10) {
- aes_inv_final_round(plaintext, &exp_key->round[10]);
- }
- else if (exp_key->num_rounds == 12) {
- aes_inv_round(plaintext, &exp_key->round[10]);
- aes_inv_round(plaintext, &exp_key->round[11]);
- aes_inv_final_round(plaintext, &exp_key->round[12]);
- }
- else if (exp_key->num_rounds == 14) {
- aes_inv_round(plaintext, &exp_key->round[10]);
- aes_inv_round(plaintext, &exp_key->round[11]);
- aes_inv_round(plaintext, &exp_key->round[12]);
- aes_inv_round(plaintext, &exp_key->round[13]);
- aes_inv_final_round(plaintext, &exp_key->round[14]);
- }
+void srtp_aes_decrypt (v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key)
+{
+
+ /* add in the subkey */
+ v128_xor_eq(plaintext, &exp_key->round[0]);
+
+ /* now do the rounds */
+ aes_inv_round(plaintext, &exp_key->round[1]);
+ aes_inv_round(plaintext, &exp_key->round[2]);
+ aes_inv_round(plaintext, &exp_key->round[3]);
+ aes_inv_round(plaintext, &exp_key->round[4]);
+ aes_inv_round(plaintext, &exp_key->round[5]);
+ aes_inv_round(plaintext, &exp_key->round[6]);
+ aes_inv_round(plaintext, &exp_key->round[7]);
+ aes_inv_round(plaintext, &exp_key->round[8]);
+ aes_inv_round(plaintext, &exp_key->round[9]);
+ if (exp_key->num_rounds == 10) {
+ aes_inv_final_round(plaintext, &exp_key->round[10]);
+ }else if (exp_key->num_rounds == 12) {
+ aes_inv_round(plaintext, &exp_key->round[10]);
+ aes_inv_round(plaintext, &exp_key->round[11]);
+ aes_inv_final_round(plaintext, &exp_key->round[12]);
+ }else if (exp_key->num_rounds == 14) {
+ aes_inv_round(plaintext, &exp_key->round[10]);
+ aes_inv_round(plaintext, &exp_key->round[11]);
+ aes_inv_round(plaintext, &exp_key->round[12]);
+ aes_inv_round(plaintext, &exp_key->round[13]);
+ aes_inv_final_round(plaintext, &exp_key->round[14]);
+ }
}
+++ /dev/null
-/*
- * aes_cbc.c
- *
- * AES Cipher Block Chaining Mode
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include "aes_cbc.h"
-#include "alloc.h"
-
-debug_module_t mod_aes_cbc = {
- 0, /* debugging is off by default */
- "aes cbc" /* printable module name */
-};
-
-
-
-err_status_t
-aes_cbc_alloc(cipher_t **c, int key_len, int tlen) {
- extern cipher_type_t aes_cbc;
- uint8_t *pointer;
- int tmp;
-
- debug_print(mod_aes_cbc,
- "allocating cipher with key length %d", key_len);
-
- if (key_len != 16 && key_len != 24 && key_len != 32)
- return err_status_bad_param;
-
- /* allocate memory a cipher of type aes_cbc */
- tmp = (sizeof(aes_cbc_ctx_t) + sizeof(cipher_t));
- pointer = (uint8_t*)crypto_alloc(tmp);
- if (pointer == NULL)
- return err_status_alloc_fail;
-
- /* set pointers */
- *c = (cipher_t *)pointer;
- (*c)->type = &aes_cbc;
- (*c)->state = pointer + sizeof(cipher_t);
-
- /* increment ref_count */
- aes_cbc.ref_count++;
-
- /* set key size */
- (*c)->key_len = key_len;
-
- return err_status_ok;
-}
-
-err_status_t
-aes_cbc_dealloc(cipher_t *c) {
- extern cipher_type_t aes_cbc;
-
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t *)c,
- sizeof(aes_cbc_ctx_t) + sizeof(cipher_t));
-
- /* free memory */
- crypto_free(c);
-
- /* decrement ref_count */
- aes_cbc.ref_count--;
-
- return err_status_ok;
-}
-
-err_status_t
-aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, int key_len) {
-
- debug_print(mod_aes_cbc,
- "key: %s", octet_string_hex_string(key, key_len));
-
- /*
- * Save the key until we have the IV later. We don't
- * know the direction until the IV is set.
- */
- c->key_len = (key_len <= 32 ? key_len : 32);
- memcpy(c->key, key, c->key_len);
-
- return err_status_ok;
-}
-
-
-err_status_t
-aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv, int direction) {
- err_status_t status;
- int i;
-/* v128_t *input = iv; */
- uint8_t *input = (uint8_t*) iv;
-
- /* set state and 'previous' block to iv */
- for (i=0; i < 16; i++)
- c->previous.v8[i] = c->state.v8[i] = input[i];
-
- debug_print(mod_aes_cbc, "setting iv: %s", v128_hex_string(&c->state));
-
- /* expand key for the appropriate direction */
- switch (direction) {
- case (direction_encrypt):
- status = aes_expand_encryption_key(c->key, c->key_len, &c->expanded_key);
- memset(c->key, 0, 32);
- if (status)
- return status;
- break;
- case (direction_decrypt):
- status = aes_expand_decryption_key(c->key, c->key_len, &c->expanded_key);
- memset(c->key, 0, 32);
- if (status)
- return status;
- break;
- default:
- return err_status_bad_param;
- }
-
- return err_status_ok;
-}
-
-err_status_t
-aes_cbc_encrypt(aes_cbc_ctx_t *c,
- unsigned char *data,
- unsigned int *bytes_in_data) {
- int i;
- unsigned char *input = data; /* pointer to data being read */
- unsigned char *output = data; /* pointer to data being written */
- int bytes_to_encr = *bytes_in_data;
-
- /*
- * verify that we're 16-octet aligned
- */
- if (*bytes_in_data & 0xf)
- return err_status_bad_param;
-
- /*
- * note that we assume that the initialization vector has already
- * been set, e.g. by calling aes_cbc_set_iv()
- */
- debug_print(mod_aes_cbc, "iv: %s",
- v128_hex_string(&c->state));
-
- /*
- * loop over plaintext blocks, exoring state into plaintext then
- * encrypting and writing to output
- */
- while (bytes_to_encr > 0) {
-
- /* exor plaintext into state */
- for (i=0; i < 16; i++)
- c->state.v8[i] ^= *input++;
-
- debug_print(mod_aes_cbc, "inblock: %s",
- v128_hex_string(&c->state));
-
- aes_encrypt(&c->state, &c->expanded_key);
-
- debug_print(mod_aes_cbc, "outblock: %s",
- v128_hex_string(&c->state));
-
- /* copy ciphertext to output */
- for (i=0; i < 16; i++)
- *output++ = c->state.v8[i];
-
- bytes_to_encr -= 16;
- }
-
- return err_status_ok;
-}
-
-err_status_t
-aes_cbc_decrypt(aes_cbc_ctx_t *c,
- unsigned char *data,
- unsigned int *bytes_in_data) {
- int i;
- v128_t state, previous;
- unsigned char *input = data; /* pointer to data being read */
- unsigned char *output = data; /* pointer to data being written */
- int bytes_to_encr = *bytes_in_data;
- uint8_t tmp;
-
- /*
- * verify that we're 16-octet aligned
- */
- if (*bytes_in_data & 0x0f)
- return err_status_bad_param;
-
- /* set 'previous' block to iv*/
- for (i=0; i < 16; i++) {
- previous.v8[i] = c->previous.v8[i];
- }
-
- debug_print(mod_aes_cbc, "iv: %s",
- v128_hex_string(&previous));
-
- /*
- * loop over ciphertext blocks, decrypting then exoring with state
- * then writing plaintext to output
- */
- while (bytes_to_encr > 0) {
-
- /* set state to ciphertext input block */
- for (i=0; i < 16; i++) {
- state.v8[i] = *input++;
- }
-
- debug_print(mod_aes_cbc, "inblock: %s",
- v128_hex_string(&state));
-
- /* decrypt state */
- aes_decrypt(&state, &c->expanded_key);
-
- debug_print(mod_aes_cbc, "outblock: %s",
- v128_hex_string(&state));
-
- /*
- * exor previous ciphertext block out of plaintext, and write new
- * plaintext block to output, while copying old ciphertext block
- * to the 'previous' block
- */
- for (i=0; i < 16; i++) {
- tmp = *output;
- *output++ = state.v8[i] ^ previous.v8[i];
- previous.v8[i] = tmp;
- }
-
- bytes_to_encr -= 16;
- }
-
- return err_status_ok;
-}
-
-
-err_status_t
-aes_cbc_nist_encrypt(aes_cbc_ctx_t *c,
- unsigned char *data,
- unsigned int *bytes_in_data) {
- int i;
- unsigned char *pad_start;
- int num_pad_bytes;
- err_status_t status;
-
- /*
- * determine the number of padding bytes that we need to add -
- * this value is always between 1 and 16, inclusive.
- */
- num_pad_bytes = 16 - (*bytes_in_data & 0xf);
- pad_start = data;
- pad_start += *bytes_in_data;
- *pad_start++ = 0xa0;
- for (i=0; i < num_pad_bytes; i++)
- *pad_start++ = 0x00;
-
- /*
- * increment the data size
- */
- *bytes_in_data += num_pad_bytes;
-
- /*
- * now cbc encrypt the padded data
- */
- status = aes_cbc_encrypt(c, data, bytes_in_data);
- if (status)
- return status;
-
- return err_status_ok;
-}
-
-
-err_status_t
-aes_cbc_nist_decrypt(aes_cbc_ctx_t *c,
- unsigned char *data,
- unsigned int *bytes_in_data) {
- unsigned char *pad_end;
- int num_pad_bytes;
- err_status_t status;
-
- /*
- * cbc decrypt the padded data
- */
- status = aes_cbc_decrypt(c, data, bytes_in_data);
- if (status)
- return status;
-
- /*
- * determine the number of padding bytes in the decrypted plaintext
- * - this value is always between 1 and 16, inclusive.
- */
- num_pad_bytes = 1;
- pad_end = data + (*bytes_in_data - 1);
- while (*pad_end != 0xa0) { /* note: should check padding correctness */
- pad_end--;
- num_pad_bytes++;
- }
-
- /* decrement data size */
- *bytes_in_data -= num_pad_bytes;
-
- return err_status_ok;
-}
-
-
-char
-aes_cbc_description[] = "aes cipher block chaining (cbc) mode";
-
-/*
- * Test case 0 is derived from FIPS 197 Appendix C; it uses an
- * all-zero IV, so that the first block encryption matches the test
- * case in that appendix. This property provides a check of the base
- * AES encryption and decryption algorithms; if CBC fails on some
- * particular platform, then you should print out AES intermediate
- * data and compare with the detailed info provided in that appendix.
- *
- */
-
-
-uint8_t aes_cbc_test_case_0_key[16] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
-};
-
-uint8_t aes_cbc_test_case_0_plaintext[64] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
-};
-
-uint8_t aes_cbc_test_case_0_ciphertext[80] = {
- 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
- 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a,
- 0x03, 0x35, 0xed, 0x27, 0x67, 0xf2, 0x6d, 0xf1,
- 0x64, 0x83, 0x2e, 0x23, 0x44, 0x38, 0x70, 0x8b
-
-};
-
-uint8_t aes_cbc_test_case_0_iv[16] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
-
-
-cipher_test_case_t aes_cbc_test_case_0 = {
- 16, /* octets in key */
- aes_cbc_test_case_0_key, /* key */
- aes_cbc_test_case_0_iv, /* initialization vector */
- 16, /* octets in plaintext */
- aes_cbc_test_case_0_plaintext, /* plaintext */
- 32, /* octets in ciphertext */
- aes_cbc_test_case_0_ciphertext, /* ciphertext */
- 0,
- NULL,
- 0,
- NULL /* pointer to next testcase */
-};
-
-
-/*
- * this test case is taken directly from Appendix F.2 of NIST Special
- * Publication SP 800-38A
- */
-
-uint8_t aes_cbc_test_case_1_key[16] = {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
-};
-
-uint8_t aes_cbc_test_case_1_plaintext[64] = {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
- 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
- 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
- 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
- 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
- 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
-};
-
-uint8_t aes_cbc_test_case_1_ciphertext[80] = {
- 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
- 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
- 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
- 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2,
- 0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b,
- 0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16,
- 0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09,
- 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7,
- 0x39, 0x34, 0x07, 0x03, 0x36, 0xd0, 0x77, 0x99,
- 0xe0, 0xc4, 0x2f, 0xdd, 0xa8, 0xdf, 0x4c, 0xa3
-};
-
-uint8_t aes_cbc_test_case_1_iv[16] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
-};
-
-cipher_test_case_t aes_cbc_test_case_1 = {
- 16, /* octets in key */
- aes_cbc_test_case_1_key, /* key */
- aes_cbc_test_case_1_iv, /* initialization vector */
- 64, /* octets in plaintext */
- aes_cbc_test_case_1_plaintext, /* plaintext */
- 80, /* octets in ciphertext */
- aes_cbc_test_case_1_ciphertext, /* ciphertext */
- 0,
- NULL,
- 0,
- &aes_cbc_test_case_0 /* pointer to next testcase */
-};
-
-/*
- * Test case 2 is like test case 0, but for 256-bit keys. (FIPS 197
- * appendix C.3).
- */
-
-
-uint8_t aes_cbc_test_case_2_key[32] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
-};
-
-uint8_t aes_cbc_test_case_2_plaintext[64] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
-};
-
-uint8_t aes_cbc_test_case_2_ciphertext[80] = {
- 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
- 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89,
- 0x72, 0x72, 0x6e, 0xe7, 0x71, 0x39, 0xbf, 0x11,
- 0xe5, 0x40, 0xe2, 0x7c, 0x54, 0x65, 0x1d, 0xee
-};
-
-uint8_t aes_cbc_test_case_2_iv[16] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
-
-cipher_test_case_t aes_cbc_test_case_2 = {
- 32, /* octets in key */
- aes_cbc_test_case_2_key, /* key */
- aes_cbc_test_case_2_iv, /* initialization vector */
- 16, /* octets in plaintext */
- aes_cbc_test_case_2_plaintext, /* plaintext */
- 32, /* octets in ciphertext */
- aes_cbc_test_case_2_ciphertext, /* ciphertext */
- 0,
- NULL,
- 0,
- &aes_cbc_test_case_1 /* pointer to next testcase */
-};
-
-
-/*
- * this test case is taken directly from Appendix F.2 of NIST Special
- * Publication SP 800-38A
- */
-
-uint8_t aes_cbc_test_case_3_key[32] = {
- 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
- 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
- 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
- 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
-};
-
-uint8_t aes_cbc_test_case_3_plaintext[64] = {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
- 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
- 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
- 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
- 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
- 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
-};
-
-uint8_t aes_cbc_test_case_3_ciphertext[80] = {
- 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
- 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
- 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
- 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
- 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf,
- 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61,
- 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
- 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b,
- 0xfb, 0x98, 0x20, 0x2c, 0x45, 0xb2, 0xe4, 0xa0,
- 0x63, 0xc4, 0x68, 0xba, 0x84, 0x39, 0x16, 0x5a
-};
-
-uint8_t aes_cbc_test_case_3_iv[16] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
-};
-
-cipher_test_case_t aes_cbc_test_case_3 = {
- 32, /* octets in key */
- aes_cbc_test_case_3_key, /* key */
- aes_cbc_test_case_3_iv, /* initialization vector */
- 64, /* octets in plaintext */
- aes_cbc_test_case_3_plaintext, /* plaintext */
- 80, /* octets in ciphertext */
- aes_cbc_test_case_3_ciphertext, /* ciphertext */
- 0,
- NULL,
- 0,
- &aes_cbc_test_case_2 /* pointer to next testcase */
-};
-
-cipher_type_t aes_cbc = {
- (cipher_alloc_func_t) aes_cbc_alloc,
- (cipher_dealloc_func_t) aes_cbc_dealloc,
- (cipher_init_func_t) aes_cbc_context_init,
- (cipher_set_aad_func_t) 0,
- (cipher_encrypt_func_t) aes_cbc_nist_encrypt,
- (cipher_decrypt_func_t) aes_cbc_nist_decrypt,
- (cipher_set_iv_func_t) aes_cbc_set_iv,
- (cipher_get_tag_func_t) 0,
- (char *) aes_cbc_description,
- (int) 0, /* instance count */
- (cipher_test_case_t *) &aes_cbc_test_case_3,
- (debug_module_t *) &mod_aes_cbc,
- (cipher_type_id_t) AES_CBC
-};
-
-
/*
*
- * Copyright (c) 2013, Cisco Systems, Inc.
+ * Copyright (c) 2013-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <openssl/evp.h>
#include "aes_icm_ossl.h"
#include "aes_gcm_ossl.h"
#include "alloc.h"
+#include "err.h" /* for srtp_debug */
#include "crypto_types.h"
-debug_module_t mod_aes_gcm = {
+srtp_debug_module_t srtp_mod_aes_gcm = {
0, /* debugging is off by default */
"aes gcm" /* printable module name */
};
* The following are the global singleton instances for the
* 128-bit and 256-bit GCM ciphers.
*/
-extern cipher_type_t aes_gcm_128_openssl;
-extern cipher_type_t aes_gcm_256_openssl;
+extern const srtp_cipher_type_t srtp_aes_gcm_128_openssl;
+extern const srtp_cipher_type_t srtp_aes_gcm_256_openssl;
/*
* For now we only support 8 and 16 octet tags. The spec allows for
- * optional 12 byte tag, which may be supported in the future.
+ * optional 12 byte tag, which may be supported in the future.
*/
#define GCM_AUTH_TAG_LEN 16
#define GCM_AUTH_TAG_LEN_8 8
/*
* This function allocates a new instance of this crypto engine.
* The key_len parameter should be one of 28 or 44 for
- * AES-128-GCM or AES-256-GCM respectively. Note that the
+ * AES-128-GCM or AES-256-GCM respectively. Note that the
* key length includes the 14 byte salt value that is used when
* initializing the KDF.
*/
-err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)
+static srtp_err_status_t srtp_aes_gcm_openssl_alloc (srtp_cipher_t **c, int key_len, int tlen)
{
- aes_gcm_ctx_t *gcm;
- int tmp;
- uint8_t *allptr;
+ srtp_aes_gcm_ctx_t *gcm;
- debug_print(mod_aes_gcm, "allocating cipher with key length %d", key_len);
- debug_print(mod_aes_gcm, "allocating cipher with tag length %d", tlen);
+ debug_print(srtp_mod_aes_gcm, "allocating cipher with key length %d", key_len);
+ debug_print(srtp_mod_aes_gcm, "allocating cipher with tag length %d", tlen);
/*
* Verify the key_len is valid for one of: AES-128/256
*/
- if (key_len != AES_128_GCM_KEYSIZE_WSALT &&
- key_len != AES_256_GCM_KEYSIZE_WSALT) {
- return (err_status_bad_param);
+ if (key_len != SRTP_AES_GCM_128_KEY_LEN_WSALT &&
+ key_len != SRTP_AES_GCM_256_KEY_LEN_WSALT) {
+ return (srtp_err_status_bad_param);
}
if (tlen != GCM_AUTH_TAG_LEN &&
- tlen != GCM_AUTH_TAG_LEN_8) {
- return (err_status_bad_param);
+ tlen != GCM_AUTH_TAG_LEN_8) {
+ return (srtp_err_status_bad_param);
}
/* allocate memory a cipher of type aes_gcm */
- tmp = sizeof(cipher_t) + sizeof(aes_gcm_ctx_t);
- allptr = crypto_alloc(tmp);
- if (allptr == NULL) {
- return (err_status_alloc_fail);
+ *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
+ if (*c == NULL) {
+ return (srtp_err_status_alloc_fail);
+ }
+ memset(*c, 0x0, sizeof(srtp_cipher_t));
+
+ gcm = (srtp_aes_gcm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_gcm_ctx_t));
+ if (gcm == NULL) {
+ srtp_crypto_free(*c);
+ *c = NULL;
+ return (srtp_err_status_alloc_fail);
+ }
+ memset(gcm, 0x0, sizeof(srtp_aes_gcm_ctx_t));
+
+ gcm->ctx = EVP_CIPHER_CTX_new();
+ if (gcm->ctx == NULL) {
+ srtp_crypto_free(gcm);
+ srtp_crypto_free(*c);
+ *c = NULL;
+ return srtp_err_status_alloc_fail;
}
/* set pointers */
- *c = (cipher_t*)allptr;
- (*c)->state = allptr + sizeof(cipher_t);
- gcm = (aes_gcm_ctx_t *)(*c)->state;
+ (*c)->state = gcm;
- /* increment ref_count */
+ /* setup cipher attributes */
switch (key_len) {
- case AES_128_GCM_KEYSIZE_WSALT:
- (*c)->type = &aes_gcm_128_openssl;
- (*c)->algorithm = AES_128_GCM;
- aes_gcm_128_openssl.ref_count++;
- ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE;
- ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen;
+ case SRTP_AES_GCM_128_KEY_LEN_WSALT:
+ (*c)->type = &srtp_aes_gcm_128_openssl;
+ (*c)->algorithm = SRTP_AES_GCM_128;
+ gcm->key_size = SRTP_AES_128_KEY_LEN;
+ gcm->tag_len = tlen;
break;
- case AES_256_GCM_KEYSIZE_WSALT:
- (*c)->type = &aes_gcm_256_openssl;
- (*c)->algorithm = AES_256_GCM;
- aes_gcm_256_openssl.ref_count++;
- ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE;
- ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen;
+ case SRTP_AES_GCM_256_KEY_LEN_WSALT:
+ (*c)->type = &srtp_aes_gcm_256_openssl;
+ (*c)->algorithm = SRTP_AES_GCM_256;
+ gcm->key_size = SRTP_AES_256_KEY_LEN;
+ gcm->tag_len = tlen;
break;
}
/* set key size */
(*c)->key_len = key_len;
- EVP_CIPHER_CTX_init(&gcm->ctx);
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
/*
- * This function deallocates a GCM session
+ * This function deallocates a GCM session
*/
-err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
+static srtp_err_status_t srtp_aes_gcm_openssl_dealloc (srtp_cipher_t *c)
{
- aes_gcm_ctx_t *ctx;
+ srtp_aes_gcm_ctx_t *ctx;
- ctx = (aes_gcm_ctx_t*)c->state;
+ ctx = (srtp_aes_gcm_ctx_t*)c->state;
if (ctx) {
- EVP_CIPHER_CTX_cleanup(&ctx->ctx);
- /* decrement ref_count for the appropriate engine */
- switch (ctx->key_size) {
- case AES_256_KEYSIZE:
- aes_gcm_256_openssl.ref_count--;
- break;
- case AES_128_KEYSIZE:
- aes_gcm_128_openssl.ref_count--;
- break;
- default:
- return (err_status_dealloc_fail);
- break;
- }
+ EVP_CIPHER_CTX_free(ctx->ctx);
+ /* zeroize the key material */
+ octet_string_set_to_zero(ctx, sizeof(srtp_aes_gcm_ctx_t));
+ srtp_crypto_free(ctx);
}
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t*)c, sizeof(cipher_t) + sizeof(aes_gcm_ctx_t));
-
/* free memory */
- crypto_free(c);
+ srtp_crypto_free(c);
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
/*
*
* the key is the secret key
*/
-err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key)
+static srtp_err_status_t srtp_aes_gcm_openssl_context_init (void* cv, const uint8_t *key)
{
- c->dir = direction_any;
+ srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+ const EVP_CIPHER *evp;
- /* copy key to be used later when CiscoSSL crypto context is created */
- v128_copy_octet_string((v128_t*)&c->key, key);
+ c->dir = srtp_direction_any;
- if (c->key_size == AES_256_KEYSIZE) {
- debug_print(mod_aes_gcm, "Copying last 16 bytes of key: %s",
- v128_hex_string((v128_t*)(key + AES_128_KEYSIZE)));
- v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1,
- key + AES_128_KEYSIZE);
- }
+ debug_print(srtp_mod_aes_gcm, "key: %s", srtp_octet_string_hex_string(key, c->key_size));
- debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key));
+ switch (c->key_size) {
+ case SRTP_AES_256_KEY_LEN:
+ evp = EVP_aes_256_gcm();
+ break;
+ case SRTP_AES_128_KEY_LEN:
+ evp = EVP_aes_128_gcm();
+ break;
+ default:
+ return (srtp_err_status_bad_param);
+ break;
+ }
- EVP_CIPHER_CTX_cleanup(&c->ctx);
+ if (!EVP_CipherInit_ex(c->ctx, evp, NULL, key, NULL, 0)) {
+ return (srtp_err_status_init_fail);
+ }
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
* aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with
* the offset
*/
-err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv,
- int direction)
+static srtp_err_status_t srtp_aes_gcm_openssl_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t direction)
{
- const EVP_CIPHER *evp;
- v128_t *nonce = iv;
+ srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
- if (direction != direction_encrypt && direction != direction_decrypt) {
- return (err_status_bad_param);
+ if (direction != srtp_direction_encrypt && direction != srtp_direction_decrypt) {
+ return (srtp_err_status_bad_param);
}
c->dir = direction;
- debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(nonce));
-
- switch (c->key_size) {
- case AES_256_KEYSIZE:
- evp = EVP_aes_256_gcm();
- break;
- case AES_128_KEYSIZE:
- evp = EVP_aes_128_gcm();
- break;
- default:
- return (err_status_bad_param);
- break;
- }
+ debug_print(srtp_mod_aes_gcm, "setting iv: %s", v128_hex_string((v128_t*)iv));
- if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
- NULL, (c->dir == direction_encrypt ? 1 : 0))) {
- return (err_status_init_fail);
+ if (!EVP_CipherInit_ex(c->ctx, NULL, NULL, NULL,
+ NULL, (c->dir == srtp_direction_encrypt ? 1 : 0))) {
+ return (srtp_err_status_init_fail);
}
/* set IV len and the IV value, the followiong 3 calls are required */
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
- return (err_status_init_fail);
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
+ return (srtp_err_status_init_fail);
}
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
- return (err_status_init_fail);
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, (void*)iv)) {
+ return (srtp_err_status_init_fail);
}
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
- return (err_status_init_fail);
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, (void*)iv)) {
+ return (srtp_err_status_init_fail);
}
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
/*
* aad Additional data to process for AEAD cipher suites
* aad_len length of aad buffer
*/
-err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad,
- unsigned int aad_len)
+static srtp_err_status_t srtp_aes_gcm_openssl_set_aad (void *cv, const uint8_t *aad, uint32_t aad_len)
{
+ srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
int rv;
/*
* Set dummy tag, OpenSSL requires the Tag to be set before
* processing AAD
*/
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);
- rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len);
+ /*
+ * OpenSSL never write to address pointed by the last parameter of
+ * EVP_CIPHER_CTX_ctrl while EVP_CTRL_GCM_SET_TAG (in reality,
+ * OpenSSL copy its content to the context), so we can make
+ * aad read-only in this function and all its wrappers.
+ */
+ unsigned char dummy_tag[GCM_AUTH_TAG_LEN];
+ memset(dummy_tag, 0x0, GCM_AUTH_TAG_LEN);
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, &dummy_tag);
+
+ rv = EVP_Cipher(c->ctx, NULL, aad, aad_len);
if (rv != aad_len) {
- return (err_status_algo_fail);
+ return (srtp_err_status_algo_fail);
} else {
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
}
* buf data to encrypt
* enc_len length of encrypt buffer
*/
-err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf,
- unsigned int *enc_len)
+static srtp_err_status_t srtp_aes_gcm_openssl_encrypt (void *cv, unsigned char *buf, unsigned int *enc_len)
{
- if (c->dir != direction_encrypt && c->dir != direction_decrypt) {
- return (err_status_bad_param);
+ srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+ if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) {
+ return (srtp_err_status_bad_param);
}
/*
* Encrypt the data
*/
- EVP_Cipher(&c->ctx, buf, buf, *enc_len);
+ EVP_Cipher(c->ctx, buf, buf, *enc_len);
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
/*
* This function calculates and returns the GCM tag for a given context.
- * This should be called after encrypting the data. The *len value
+ * This should be called after encrypting the data. The *len value
* is increased by the tag size. The caller must ensure that *buf has
* enough room to accept the appended tag.
*
* buf data to encrypt
* len length of encrypt buffer
*/
-err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf,
- int *len)
+static srtp_err_status_t srtp_aes_gcm_openssl_get_tag (void *cv, uint8_t *buf, uint32_t *len)
{
+ srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
/*
* Calculate the tag
*/
- EVP_Cipher(&c->ctx, NULL, NULL, 0);
+ EVP_Cipher(c->ctx, NULL, NULL, 0);
/*
* Retreive the tag
*/
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
/*
* Increase encryption length by desired tag size
*/
*len = c->tag_len;
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
* buf data to encrypt
* enc_len length of encrypt buffer
*/
-err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf,
- unsigned int *enc_len)
+static srtp_err_status_t srtp_aes_gcm_openssl_decrypt (void *cv, unsigned char *buf, unsigned int *enc_len)
{
- if (c->dir != direction_encrypt && c->dir != direction_decrypt) {
- return (err_status_bad_param);
+ srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+ if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) {
+ return (srtp_err_status_bad_param);
}
/*
* Set the tag before decrypting
*/
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
- buf + (*enc_len - c->tag_len));
- EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len);
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
+ buf + (*enc_len - c->tag_len));
+ EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len);
/*
* Check the tag
*/
- if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) {
- return (err_status_auth_fail);
+ if (EVP_Cipher(c->ctx, NULL, NULL, 0)) {
+ return (srtp_err_status_auth_fail);
}
/*
*/
*enc_len -= c->tag_len;
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
/*
* Name of this crypto engine
*/
-char aes_gcm_128_openssl_description[] = "AES-128 GCM using openssl";
-char aes_gcm_256_openssl_description[] = "AES-256 GCM using openssl";
+static const char srtp_aes_gcm_128_openssl_description[] = "AES-128 GCM using openssl";
+static const char srtp_aes_gcm_256_openssl_description[] = "AES-256 GCM using openssl";
/*
* KAT values for AES self-test. These
- * values we're derived from independent test code
+ * values we're derived from independent test code
* using OpenSSL.
*/
-uint8_t aes_gcm_test_case_0_key[AES_128_GCM_KEYSIZE_WSALT] = {
+static const uint8_t srtp_aes_gcm_test_case_0_key[SRTP_AES_GCM_128_KEY_LEN_WSALT] = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x09, 0x0a, 0x0b, 0x0c,
+ 0x09, 0x0a, 0x0b, 0x0c,
};
-uint8_t aes_gcm_test_case_0_iv[12] = {
- 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+static uint8_t srtp_aes_gcm_test_case_0_iv[12] = {
+ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
-uint8_t aes_gcm_test_case_0_plaintext[60] = {
+static const uint8_t srtp_aes_gcm_test_case_0_plaintext[60] = {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0xba, 0x63, 0x7b, 0x39
};
-uint8_t aes_gcm_test_case_0_aad[20] = {
+static const uint8_t srtp_aes_gcm_test_case_0_aad[20] = {
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
-uint8_t aes_gcm_test_case_0_ciphertext[76] = {
+static const uint8_t srtp_aes_gcm_test_case_0_ciphertext[76] = {
0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47,
};
-cipher_test_case_t aes_gcm_test_case_0a = {
- AES_128_GCM_KEYSIZE_WSALT, /* octets in key */
- aes_gcm_test_case_0_key, /* key */
- aes_gcm_test_case_0_iv, /* packet index */
- 60, /* octets in plaintext */
- aes_gcm_test_case_0_plaintext, /* plaintext */
- 68, /* octets in ciphertext */
- aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
- 20, /* octets in AAD */
- aes_gcm_test_case_0_aad, /* AAD */
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0a = {
+ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_gcm_test_case_0_key, /* key */
+ srtp_aes_gcm_test_case_0_iv, /* packet index */
+ 60, /* octets in plaintext */
+ srtp_aes_gcm_test_case_0_plaintext, /* plaintext */
+ 68, /* octets in ciphertext */
+ srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
+ 20, /* octets in AAD */
+ srtp_aes_gcm_test_case_0_aad, /* AAD */
GCM_AUTH_TAG_LEN_8,
- NULL /* pointer to next testcase */
+ NULL /* pointer to next testcase */
};
-cipher_test_case_t aes_gcm_test_case_0 = {
- AES_128_GCM_KEYSIZE_WSALT, /* octets in key */
- aes_gcm_test_case_0_key, /* key */
- aes_gcm_test_case_0_iv, /* packet index */
- 60, /* octets in plaintext */
- aes_gcm_test_case_0_plaintext, /* plaintext */
- 76, /* octets in ciphertext */
- aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
- 20, /* octets in AAD */
- aes_gcm_test_case_0_aad, /* AAD */
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0 = {
+ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_gcm_test_case_0_key, /* key */
+ srtp_aes_gcm_test_case_0_iv, /* packet index */
+ 60, /* octets in plaintext */
+ srtp_aes_gcm_test_case_0_plaintext, /* plaintext */
+ 76, /* octets in ciphertext */
+ srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
+ 20, /* octets in AAD */
+ srtp_aes_gcm_test_case_0_aad, /* AAD */
GCM_AUTH_TAG_LEN,
- &aes_gcm_test_case_0a /* pointer to next testcase */
+ &srtp_aes_gcm_test_case_0a /* pointer to next testcase */
};
-uint8_t aes_gcm_test_case_1_key[AES_256_GCM_KEYSIZE_WSALT] = {
+static const uint8_t srtp_aes_gcm_test_case_1_key[SRTP_AES_GCM_256_KEY_LEN_WSALT] = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c,
- 0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2,
+ 0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x09, 0x0a, 0x0b, 0x0c,
+ 0x09, 0x0a, 0x0b, 0x0c,
};
-uint8_t aes_gcm_test_case_1_iv[12] = {
- 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+static uint8_t srtp_aes_gcm_test_case_1_iv[12] = {
+ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
-uint8_t aes_gcm_test_case_1_plaintext[60] = {
+static const uint8_t srtp_aes_gcm_test_case_1_plaintext[60] = {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0xba, 0x63, 0x7b, 0x39
};
-uint8_t aes_gcm_test_case_1_aad[20] = {
+static const uint8_t srtp_aes_gcm_test_case_1_aad[20] = {
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
-uint8_t aes_gcm_test_case_1_ciphertext[76] = {
- 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46,
- 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a,
- 0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86,
- 0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a,
- 0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9,
- 0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80,
- 0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10,
- 0x09, 0xc9, 0x86, 0xc1,
+static const uint8_t srtp_aes_gcm_test_case_1_ciphertext[76] = {
+ 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46,
+ 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a,
+ 0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86,
+ 0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a,
+ 0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9,
+ 0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80,
+ 0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10,
+ 0x09, 0xc9, 0x86, 0xc1,
/* the last 16 bytes are the tag */
- 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f,
+ 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f,
0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d,
};
-cipher_test_case_t aes_gcm_test_case_1a = {
- AES_256_GCM_KEYSIZE_WSALT, /* octets in key */
- aes_gcm_test_case_1_key, /* key */
- aes_gcm_test_case_1_iv, /* packet index */
- 60, /* octets in plaintext */
- aes_gcm_test_case_1_plaintext, /* plaintext */
- 68, /* octets in ciphertext */
- aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
- 20, /* octets in AAD */
- aes_gcm_test_case_1_aad, /* AAD */
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1a = {
+ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_gcm_test_case_1_key, /* key */
+ srtp_aes_gcm_test_case_1_iv, /* packet index */
+ 60, /* octets in plaintext */
+ srtp_aes_gcm_test_case_1_plaintext, /* plaintext */
+ 68, /* octets in ciphertext */
+ srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
+ 20, /* octets in AAD */
+ srtp_aes_gcm_test_case_1_aad, /* AAD */
GCM_AUTH_TAG_LEN_8,
- NULL /* pointer to next testcase */
+ NULL /* pointer to next testcase */
};
-cipher_test_case_t aes_gcm_test_case_1 = {
- AES_256_GCM_KEYSIZE_WSALT, /* octets in key */
- aes_gcm_test_case_1_key, /* key */
- aes_gcm_test_case_1_iv, /* packet index */
- 60, /* octets in plaintext */
- aes_gcm_test_case_1_plaintext, /* plaintext */
- 76, /* octets in ciphertext */
- aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
- 20, /* octets in AAD */
- aes_gcm_test_case_1_aad, /* AAD */
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1 = {
+ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_gcm_test_case_1_key, /* key */
+ srtp_aes_gcm_test_case_1_iv, /* packet index */
+ 60, /* octets in plaintext */
+ srtp_aes_gcm_test_case_1_plaintext, /* plaintext */
+ 76, /* octets in ciphertext */
+ srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
+ 20, /* octets in AAD */
+ srtp_aes_gcm_test_case_1_aad, /* AAD */
GCM_AUTH_TAG_LEN,
- &aes_gcm_test_case_1a /* pointer to next testcase */
+ &srtp_aes_gcm_test_case_1a /* pointer to next testcase */
};
/*
* This is the vector function table for this crypto engine.
*/
-cipher_type_t aes_gcm_128_openssl = {
- (cipher_alloc_func_t) aes_gcm_openssl_alloc,
- (cipher_dealloc_func_t) aes_gcm_openssl_dealloc,
- (cipher_init_func_t) aes_gcm_openssl_context_init,
- (cipher_set_aad_func_t) aes_gcm_openssl_set_aad,
- (cipher_encrypt_func_t) aes_gcm_openssl_encrypt,
- (cipher_decrypt_func_t) aes_gcm_openssl_decrypt,
- (cipher_set_iv_func_t) aes_gcm_openssl_set_iv,
- (cipher_get_tag_func_t) aes_gcm_openssl_get_tag,
- (char*) aes_gcm_128_openssl_description,
- (int) 0, /* instance count */
- (cipher_test_case_t*) &aes_gcm_test_case_0,
- (debug_module_t*) &mod_aes_gcm,
- (cipher_type_id_t) AES_128_GCM
+const srtp_cipher_type_t srtp_aes_gcm_128_openssl = {
+ srtp_aes_gcm_openssl_alloc,
+ srtp_aes_gcm_openssl_dealloc,
+ srtp_aes_gcm_openssl_context_init,
+ srtp_aes_gcm_openssl_set_aad,
+ srtp_aes_gcm_openssl_encrypt,
+ srtp_aes_gcm_openssl_decrypt,
+ srtp_aes_gcm_openssl_set_iv,
+ srtp_aes_gcm_openssl_get_tag,
+ srtp_aes_gcm_128_openssl_description,
+ &srtp_aes_gcm_test_case_0,
+ SRTP_AES_GCM_128
};
/*
* This is the vector function table for this crypto engine.
*/
-cipher_type_t aes_gcm_256_openssl = {
- (cipher_alloc_func_t) aes_gcm_openssl_alloc,
- (cipher_dealloc_func_t) aes_gcm_openssl_dealloc,
- (cipher_init_func_t) aes_gcm_openssl_context_init,
- (cipher_set_aad_func_t) aes_gcm_openssl_set_aad,
- (cipher_encrypt_func_t) aes_gcm_openssl_encrypt,
- (cipher_decrypt_func_t) aes_gcm_openssl_decrypt,
- (cipher_set_iv_func_t) aes_gcm_openssl_set_iv,
- (cipher_get_tag_func_t) aes_gcm_openssl_get_tag,
- (char*) aes_gcm_256_openssl_description,
- (int) 0, /* instance count */
- (cipher_test_case_t*) &aes_gcm_test_case_1,
- (debug_module_t*) &mod_aes_gcm,
- (cipher_type_id_t) AES_256_GCM
+const srtp_cipher_type_t srtp_aes_gcm_256_openssl = {
+ srtp_aes_gcm_openssl_alloc,
+ srtp_aes_gcm_openssl_dealloc,
+ srtp_aes_gcm_openssl_context_init,
+ srtp_aes_gcm_openssl_set_aad,
+ srtp_aes_gcm_openssl_encrypt,
+ srtp_aes_gcm_openssl_decrypt,
+ srtp_aes_gcm_openssl_set_iv,
+ srtp_aes_gcm_openssl_get_tag,
+ srtp_aes_gcm_256_openssl_description,
+ &srtp_aes_gcm_test_case_1,
+ SRTP_AES_GCM_256
};
*/
/*
- *
- * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
#define ALIGN_32 0
#include "alloc.h"
-debug_module_t mod_aes_icm = {
- 0, /* debugging is off by default */
- "aes icm" /* printable module name */
+srtp_debug_module_t srtp_mod_aes_icm = {
+ 0, /* debugging is off by default */
+ "aes icm" /* printable module name */
};
+extern const srtp_cipher_type_t srtp_aes_icm_128;
+extern const srtp_cipher_type_t srtp_aes_icm_256;
/*
* integer counter mode works as follows:
*
* 16 bits
* <----->
- * +------+------+------+------+------+------+------+------+
+ * +------+------+------+------+------+------+------+------+
* | nonce | pakcet index | ctr |---+
* +------+------+------+------+------+------+------+------+ |
* |
* +---------+
* | encrypt |
* +---------+
- * |
+ * |
* +------+------+------+------+------+------+------+------+ |
- * | keystream block |<--+
- * +------+------+------+------+------+------+------+------+
+ * | keystream block |<--+
+ * +------+------+------+------+------+------+------+------+
*
* All fields are big-endian
*
* ctr is the block counter, which increments from zero for
* each packet (16 bits wide)
- *
+ *
* packet index is distinct for each packet (48 bits wide)
*
* nonce can be distinct across many uses of the same key, or
*
*/
-err_status_t
-aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int forIsmacryp) {
- extern cipher_type_t aes_icm;
- uint8_t *pointer;
- int tmp;
-
- debug_print(mod_aes_icm,
- "allocating cipher with key length %d", key_len);
-
- /*
- * Ismacryp, for example, uses 16 byte key + 8 byte
- * salt so this function is called with key_len = 24.
- * The check for key_len = 30/38/46 does not apply. Our usage
- * of aes functions with key_len = values other than 30
- * has not broken anything. Don't know what would be the
- * effect of skipping this check for srtp in general.
- */
- if (!(forIsmacryp && key_len > 16 && key_len < 30) &&
- key_len != 30 && key_len != 38 && key_len != 46)
- return err_status_bad_param;
-
- /* allocate memory a cipher of type aes_icm */
- tmp = (sizeof(aes_icm_ctx_t) + sizeof(cipher_t));
- pointer = (uint8_t*)crypto_alloc(tmp);
- if (pointer == NULL)
- return err_status_alloc_fail;
-
- /* set pointers */
- *c = (cipher_t *)pointer;
- switch (key_len) {
- case 46:
- (*c)->algorithm = AES_256_ICM;
- break;
- case 38:
- (*c)->algorithm = AES_192_ICM;
- break;
- default:
- (*c)->algorithm = AES_128_ICM;
- break;
- }
- (*c)->type = &aes_icm;
- (*c)->state = pointer + sizeof(cipher_t);
-
- /* increment ref_count */
- aes_icm.ref_count++;
-
- /* set key size */
- (*c)->key_len = key_len;
-
- return err_status_ok;
-}
+static srtp_err_status_t srtp_aes_icm_alloc (srtp_cipher_t **c, int key_len, int tlen)
+{
+ srtp_aes_icm_ctx_t *icm;
+
+ debug_print(srtp_mod_aes_icm,
+ "allocating cipher with key length %d", key_len);
+
+ /*
+ * The check for key_len = 30/46 does not apply. Our usage
+ * of aes functions with key_len = values other than 30
+ * has not broken anything. Don't know what would be the
+ * effect of skipping this check for srtp in general.
+ */
+ if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT && key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) {
+ return srtp_err_status_bad_param;
+ }
+
+ /* allocate memory a cipher of type aes_icm */
+ *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
+ if (*c == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+ memset(*c, 0x0, sizeof(srtp_cipher_t));
+
+ icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t));
+ if (icm == NULL) {
+ srtp_crypto_free(*c);
+ return srtp_err_status_alloc_fail;
+ }
+ memset(icm, 0x0, sizeof(srtp_aes_icm_ctx_t));
+
+ /* set pointers */
+ (*c)->state = icm;
+
+ switch (key_len) {
+ case SRTP_AES_ICM_256_KEY_LEN_WSALT:
+ (*c)->algorithm = SRTP_AES_ICM_256;
+ (*c)->type = &srtp_aes_icm_256;
+ break;
+ default:
+ (*c)->algorithm = SRTP_AES_ICM_128;
+ (*c)->type = &srtp_aes_icm_128;
+ break;
+ }
+
+ /* set key size */
+ icm->key_size = key_len;
+ (*c)->key_len = key_len;
-err_status_t aes_icm_alloc(cipher_t **c, int key_len, int forIsmacryp) {
- return aes_icm_alloc_ismacryp(c, key_len, 0);
+ return srtp_err_status_ok;
}
-err_status_t
-aes_icm_dealloc(cipher_t *c) {
- extern cipher_type_t aes_icm;
+static srtp_err_status_t srtp_aes_icm_dealloc (srtp_cipher_t *c)
+{
+ srtp_aes_icm_ctx_t *ctx;
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t *)c,
- sizeof(aes_icm_ctx_t) + sizeof(cipher_t));
+ if (c == NULL) {
+ return srtp_err_status_bad_param;
+ }
+
+ ctx = (srtp_aes_icm_ctx_t *)c->state;
+ if (ctx) {
+ /* zeroize the key material */
+ octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t));
+ srtp_crypto_free(ctx);
+ }
- /* free memory */
- crypto_free(c);
+ /* free the cipher context */
+ srtp_crypto_free(c);
- /* decrement ref_count */
- aes_icm.ref_count--;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
* aes_icm_context_init(...) initializes the aes_icm_context
* using the value in key[].
*
- * the key is the secret key
+ * the key is the secret key
*
* the salt is unpredictable (but not necessarily secret) data which
* randomizes the starting point in the keystream
*/
-err_status_t
-aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key, int key_len) {
- err_status_t status;
- int base_key_len, copy_len;
-
- if (key_len > 16 && key_len < 30) /* Ismacryp */
- base_key_len = 16;
- else if (key_len == 30 || key_len == 38 || key_len == 46)
- base_key_len = key_len - 14;
- else
- return err_status_bad_param;
-
- /*
- * set counter and initial values to 'offset' value, being careful not to
- * go past the end of the key buffer
- */
- v128_set_to_zero(&c->counter);
- v128_set_to_zero(&c->offset);
-
- copy_len = key_len - base_key_len;
- /* force last two octets of the offset to be left zero (for srtp compatibility) */
- if (copy_len > 14)
- copy_len = 14;
-
- memcpy(&c->counter, key + base_key_len, copy_len);
- memcpy(&c->offset, key + base_key_len, copy_len);
-
- debug_print(mod_aes_icm,
- "key: %s", octet_string_hex_string(key, base_key_len));
- debug_print(mod_aes_icm,
- "offset: %s", v128_hex_string(&c->offset));
-
- /* expand key */
- status = aes_expand_encryption_key(key, base_key_len, &c->expanded_key);
- if (status) {
- v128_set_to_zero(&c->counter);
- v128_set_to_zero(&c->offset);
- return status;
- }
-
- /* indicate that the keystream_buffer is empty */
- c->bytes_in_buffer = 0;
+static srtp_err_status_t srtp_aes_icm_context_init (void *cv, const uint8_t *key)
+{
+ srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
+ srtp_err_status_t status;
+ int base_key_len, copy_len;
- return err_status_ok;
-}
+ if (c->key_size == SRTP_AES_ICM_128_KEY_LEN_WSALT || c->key_size == SRTP_AES_ICM_256_KEY_LEN_WSALT) {
+ base_key_len = c->key_size - SRTP_SALT_LEN;
+ } else{
+ return srtp_err_status_bad_param;
+ }
-/*
- * aes_icm_set_octet(c, i) sets the counter of the context which it is
- * passed so that the next octet of keystream that will be generated
- * is the ith octet
- */
+ /*
+ * set counter and initial values to 'offset' value, being careful not to
+ * go past the end of the key buffer
+ */
+ v128_set_to_zero(&c->counter);
+ v128_set_to_zero(&c->offset);
-err_status_t
-aes_icm_set_octet(aes_icm_ctx_t *c,
- uint64_t octet_num) {
+ copy_len = c->key_size - base_key_len;
+ /* force last two octets of the offset to be left zero (for srtp compatibility) */
+ if (copy_len > SRTP_SALT_LEN) {
+ copy_len = SRTP_SALT_LEN;
+ }
-#ifdef NO_64BIT_MATH
- int tail_num = low32(octet_num) & 0x0f;
- /* 64-bit right-shift 4 */
- uint64_t block_num = make64(high32(octet_num) >> 4,
- ((high32(octet_num) & 0x0f)<<(32-4)) |
- (low32(octet_num) >> 4));
-#else
- int tail_num = (int)(octet_num % 16);
- uint64_t block_num = octet_num / 16;
-#endif
-
-
- /* set counter value */
- /* FIX - There's no way this is correct */
- c->counter.v64[0] = c->offset.v64[0];
-#ifdef NO_64BIT_MATH
- c->counter.v64[0] = make64(high32(c->offset.v64[0]) ^ high32(block_num),
- low32(c->offset.v64[0]) ^ low32(block_num));
-#else
- c->counter.v64[0] = c->offset.v64[0] ^ block_num;
-#endif
+ memcpy(&c->counter, key + base_key_len, copy_len);
+ memcpy(&c->offset, key + base_key_len, copy_len);
- debug_print(mod_aes_icm,
- "set_octet: %s", v128_hex_string(&c->counter));
+ debug_print(srtp_mod_aes_icm,
+ "key: %s", srtp_octet_string_hex_string(key, base_key_len));
+ debug_print(srtp_mod_aes_icm,
+ "offset: %s", v128_hex_string(&c->offset));
- /* fill keystream buffer, if needed */
- if (tail_num) {
- v128_copy(&c->keystream_buffer, &c->counter);
- aes_encrypt(&c->keystream_buffer, &c->expanded_key);
- c->bytes_in_buffer = sizeof(v128_t);
+ /* expand key */
+ status = srtp_aes_expand_encryption_key(key, base_key_len, &c->expanded_key);
+ if (status) {
+ v128_set_to_zero(&c->counter);
+ v128_set_to_zero(&c->offset);
+ return status;
+ }
- debug_print(mod_aes_icm, "counter: %s",
- v128_hex_string(&c->counter));
- debug_print(mod_aes_icm, "ciphertext: %s",
- v128_hex_string(&c->keystream_buffer));
-
- /* indicate number of bytes in keystream_buffer */
- c->bytes_in_buffer = sizeof(v128_t) - tail_num;
-
- } else {
-
- /* indicate that keystream_buffer is empty */
+ /* indicate that the keystream_buffer is empty */
c->bytes_in_buffer = 0;
- }
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
* the offset
*/
-err_status_t
-aes_icm_set_iv(aes_icm_ctx_t *c, void *iv, int direction) {
- v128_t nonce;
+static srtp_err_status_t srtp_aes_icm_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t direction)
+{
+ srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
+ v128_t nonce;
+
+ /* set nonce (for alignment) */
+ v128_copy_octet_string(&nonce, iv);
- /* set nonce (for alignment) */
- v128_copy_octet_string(&nonce, iv);
+ debug_print(srtp_mod_aes_icm,
+ "setting iv: %s", v128_hex_string(&nonce));
- debug_print(mod_aes_icm,
- "setting iv: %s", v128_hex_string(&nonce));
-
- v128_xor(&c->counter, &c->offset, &nonce);
-
- debug_print(mod_aes_icm,
- "set_counter: %s", v128_hex_string(&c->counter));
+ v128_xor(&c->counter, &c->offset, &nonce);
- /* indicate that the keystream_buffer is empty */
- c->bytes_in_buffer = 0;
+ debug_print(srtp_mod_aes_icm,
+ "set_counter: %s", v128_hex_string(&c->counter));
+
+ /* indicate that the keystream_buffer is empty */
+ c->bytes_in_buffer = 0;
- return err_status_ok;
+ return srtp_err_status_ok;
}
*
* this is an internal, hopefully inlined function
*/
-
-static inline void
-aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) {
- /* fill buffer with new keystream */
- v128_copy(&c->keystream_buffer, &c->counter);
- aes_encrypt(&c->keystream_buffer, &c->expanded_key);
- c->bytes_in_buffer = sizeof(v128_t);
-
- debug_print(mod_aes_icm, "counter: %s",
- v128_hex_string(&c->counter));
- debug_print(mod_aes_icm, "ciphertext: %s",
- v128_hex_string(&c->keystream_buffer));
-
- /* clock counter forward */
-
- if (forIsmacryp) {
- uint32_t temp;
- //alex's clock counter forward
- temp = ntohl(c->counter.v32[3]);
- c->counter.v32[3] = htonl(++temp);
- } else {
- if (!++(c->counter.v8[15]))
- ++(c->counter.v8[14]);
- }
-}
+static void srtp_aes_icm_advance (srtp_aes_icm_ctx_t *c)
+{
+ /* fill buffer with new keystream */
+ v128_copy(&c->keystream_buffer, &c->counter);
+ srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key);
+ c->bytes_in_buffer = sizeof(v128_t);
-static inline void aes_icm_advance(aes_icm_ctx_t *c) {
- aes_icm_advance_ismacryp(c, 0);
-}
+ debug_print(srtp_mod_aes_icm, "counter: %s",
+ v128_hex_string(&c->counter));
+ debug_print(srtp_mod_aes_icm, "ciphertext: %s",
+ v128_hex_string(&c->keystream_buffer));
+ /* clock counter forward */
+ if (!++(c->counter.v8[15])) {
+ ++(c->counter.v8[14]);
+ }
+}
/*e
* icm_encrypt deals with the following cases:
* - add keystream into data until keystream_buffer is depleted
* - loop over blocks, filling keystream_buffer and then
* adding keystream into data
- * - fill buffer then add in remaining (< 16) bytes of keystream
+ * - fill buffer then add in remaining (< 16) bytes of keystream
*/
-err_status_t
-aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
- unsigned char *buf, unsigned int *enc_len,
- int forIsmacryp) {
- unsigned int bytes_to_encr = *enc_len;
- unsigned int i;
- uint32_t *b;
-
- /* check that there's enough segment left but not for ismacryp*/
- if (!forIsmacryp && (bytes_to_encr + htons(c->counter.v16[7])) > 0xffff)
- return err_status_terminus;
-
- debug_print(mod_aes_icm, "block index: %d",
- htons(c->counter.v16[7]));
- if (bytes_to_encr <= (unsigned int)c->bytes_in_buffer) {
-
- /* deal with odd case of small bytes_to_encr */
- for (i = (sizeof(v128_t) - c->bytes_in_buffer);
- i < (sizeof(v128_t) - c->bytes_in_buffer + bytes_to_encr); i++)
- {
- *buf++ ^= c->keystream_buffer.v8[i];
- }
-
- c->bytes_in_buffer -= bytes_to_encr;
-
- /* return now to avoid the main loop */
- return err_status_ok;
-
- } else {
-
- /* encrypt bytes until the remaining data is 16-byte aligned */
- for (i=(sizeof(v128_t) - c->bytes_in_buffer); i < sizeof(v128_t); i++)
- *buf++ ^= c->keystream_buffer.v8[i];
-
- bytes_to_encr -= c->bytes_in_buffer;
- c->bytes_in_buffer = 0;
+static srtp_err_status_t srtp_aes_icm_encrypt (void *cv,
+ unsigned char *buf, unsigned int *enc_len)
+{
+ srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t*)cv;
+ unsigned int bytes_to_encr = *enc_len;
+ unsigned int i;
+ uint32_t *b;
+
+ /* check that there's enough segment left*/
+ if ((bytes_to_encr + htons(c->counter.v16[7])) > 0xffff) {
+ return srtp_err_status_terminus;
+ }
- }
-
- /* now loop over entire 16-byte blocks of keystream */
- for (i=0; i < (bytes_to_encr/sizeof(v128_t)); i++) {
+ debug_print(srtp_mod_aes_icm, "block index: %d",
+ htons(c->counter.v16[7]));
+ if (bytes_to_encr <= (unsigned int)c->bytes_in_buffer) {
- /* fill buffer with new keystream */
- aes_icm_advance_ismacryp(c, forIsmacryp);
+ /* deal with odd case of small bytes_to_encr */
+ for (i = (sizeof(v128_t) - c->bytes_in_buffer);
+ i < (sizeof(v128_t) - c->bytes_in_buffer + bytes_to_encr); i++) {
+ *buf++ ^= c->keystream_buffer.v8[i];
+ }
- /*
- * add keystream into the data buffer (this would be a lot faster
- * if we could assume 32-bit alignment!)
- */
+ c->bytes_in_buffer -= bytes_to_encr;
+
+ /* return now to avoid the main loop */
+ return srtp_err_status_ok;
-#if ALIGN_32
- b = (uint32_t *)buf;
- *b++ ^= c->keystream_buffer.v32[0];
- *b++ ^= c->keystream_buffer.v32[1];
- *b++ ^= c->keystream_buffer.v32[2];
- *b++ ^= c->keystream_buffer.v32[3];
- buf = (uint8_t *)b;
-#else
- if ((((unsigned long) buf) & 0x03) != 0) {
- *buf++ ^= c->keystream_buffer.v8[0];
- *buf++ ^= c->keystream_buffer.v8[1];
- *buf++ ^= c->keystream_buffer.v8[2];
- *buf++ ^= c->keystream_buffer.v8[3];
- *buf++ ^= c->keystream_buffer.v8[4];
- *buf++ ^= c->keystream_buffer.v8[5];
- *buf++ ^= c->keystream_buffer.v8[6];
- *buf++ ^= c->keystream_buffer.v8[7];
- *buf++ ^= c->keystream_buffer.v8[8];
- *buf++ ^= c->keystream_buffer.v8[9];
- *buf++ ^= c->keystream_buffer.v8[10];
- *buf++ ^= c->keystream_buffer.v8[11];
- *buf++ ^= c->keystream_buffer.v8[12];
- *buf++ ^= c->keystream_buffer.v8[13];
- *buf++ ^= c->keystream_buffer.v8[14];
- *buf++ ^= c->keystream_buffer.v8[15];
} else {
- b = (uint32_t *)buf;
- *b++ ^= c->keystream_buffer.v32[0];
- *b++ ^= c->keystream_buffer.v32[1];
- *b++ ^= c->keystream_buffer.v32[2];
- *b++ ^= c->keystream_buffer.v32[3];
- buf = (uint8_t *)b;
+
+ /* encrypt bytes until the remaining data is 16-byte aligned */
+ for (i = (sizeof(v128_t) - c->bytes_in_buffer); i < sizeof(v128_t); i++) {
+ *buf++ ^= c->keystream_buffer.v8[i];
+ }
+
+ bytes_to_encr -= c->bytes_in_buffer;
+ c->bytes_in_buffer = 0;
+
}
-#endif /* #if ALIGN_32 */
- }
-
- /* if there is a tail end of the data, process it */
- if ((bytes_to_encr & 0xf) != 0) {
-
- /* fill buffer with new keystream */
- aes_icm_advance_ismacryp(c, forIsmacryp);
-
- for (i=0; i < (bytes_to_encr & 0xf); i++)
- *buf++ ^= c->keystream_buffer.v8[i];
-
- /* reset the keystream buffer size to right value */
- c->bytes_in_buffer = sizeof(v128_t) - i;
- } else {
-
- /* no tail, so just reset the keystream buffer size to zero */
- c->bytes_in_buffer = 0;
+ /* now loop over entire 16-byte blocks of keystream */
+ for (i = 0; i < (bytes_to_encr / sizeof(v128_t)); i++) {
- }
+ /* fill buffer with new keystream */
+ srtp_aes_icm_advance(c);
- return err_status_ok;
-}
+ /*
+ * add keystream into the data buffer (this would be a lot faster
+ * if we could assume 32-bit alignment!)
+ */
-err_status_t
-aes_icm_encrypt(aes_icm_ctx_t *c, unsigned char *buf, unsigned int *enc_len) {
- return aes_icm_encrypt_ismacryp(c, buf, enc_len, 0);
-}
+#if ALIGN_32
+ b = (uint32_t*)buf;
+ *b++ ^= c->keystream_buffer.v32[0];
+ *b++ ^= c->keystream_buffer.v32[1];
+ *b++ ^= c->keystream_buffer.v32[2];
+ *b++ ^= c->keystream_buffer.v32[3];
+ buf = (uint8_t*)b;
+#else
+ if ((((unsigned long)buf) & 0x03) != 0) {
+ *buf++ ^= c->keystream_buffer.v8[0];
+ *buf++ ^= c->keystream_buffer.v8[1];
+ *buf++ ^= c->keystream_buffer.v8[2];
+ *buf++ ^= c->keystream_buffer.v8[3];
+ *buf++ ^= c->keystream_buffer.v8[4];
+ *buf++ ^= c->keystream_buffer.v8[5];
+ *buf++ ^= c->keystream_buffer.v8[6];
+ *buf++ ^= c->keystream_buffer.v8[7];
+ *buf++ ^= c->keystream_buffer.v8[8];
+ *buf++ ^= c->keystream_buffer.v8[9];
+ *buf++ ^= c->keystream_buffer.v8[10];
+ *buf++ ^= c->keystream_buffer.v8[11];
+ *buf++ ^= c->keystream_buffer.v8[12];
+ *buf++ ^= c->keystream_buffer.v8[13];
+ *buf++ ^= c->keystream_buffer.v8[14];
+ *buf++ ^= c->keystream_buffer.v8[15];
+ } else {
+ b = (uint32_t*)buf;
+ *b++ ^= c->keystream_buffer.v32[0];
+ *b++ ^= c->keystream_buffer.v32[1];
+ *b++ ^= c->keystream_buffer.v32[2];
+ *b++ ^= c->keystream_buffer.v32[3];
+ buf = (uint8_t*)b;
+ }
+#endif /* #if ALIGN_32 */
-err_status_t
-aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output) {
- unsigned int len = num_octets_to_output;
-
- /* zeroize the buffer */
- octet_string_set_to_zero(buffer, num_octets_to_output);
-
- /* exor keystream into buffer */
- return aes_icm_encrypt(c, buffer, &len);
-}
+ }
-uint16_t
-aes_icm_bytes_encrypted(aes_icm_ctx_t *c) {
- return htons(c->counter.v16[7]);
+ /* if there is a tail end of the data, process it */
+ if ((bytes_to_encr & 0xf) != 0) {
+
+ /* fill buffer with new keystream */
+ srtp_aes_icm_advance(c);
+
+ for (i = 0; i < (bytes_to_encr & 0xf); i++) {
+ *buf++ ^= c->keystream_buffer.v8[i];
+ }
+
+ /* reset the keystream buffer size to right value */
+ c->bytes_in_buffer = sizeof(v128_t) - i;
+ } else {
+
+ /* no tail, so just reset the keystream buffer size to zero */
+ c->bytes_in_buffer = 0;
+
+ }
+
+ return srtp_err_status_ok;
}
-char
-aes_icm_description[] = "aes integer counter mode";
+static const char srtp_aes_icm_128_description[] = "AES-128 integer counter mode";
+static const char srtp_aes_icm_256_description[] = "AES-256 integer counter mode";
-uint8_t aes_icm_test_case_0_key[30] = {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
- 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
-uint8_t aes_icm_test_case_0_nonce[16] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
-uint8_t aes_icm_test_case_0_plaintext[32] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
-uint8_t aes_icm_test_case_0_ciphertext[32] = {
- 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80,
- 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4,
- 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7,
- 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab
+static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = {
+ 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80,
+ 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4,
+ 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7,
+ 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab
};
-cipher_test_case_t aes_icm_test_case_0 = {
- 30, /* octets in key */
- aes_icm_test_case_0_key, /* key */
- aes_icm_test_case_0_nonce, /* packet index */
- 32, /* octets in plaintext */
- aes_icm_test_case_0_plaintext, /* plaintext */
- 32, /* octets in ciphertext */
- aes_icm_test_case_0_ciphertext, /* ciphertext */
- 0,
- NULL,
- 0,
- NULL /* pointer to next testcase */
+static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = {
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_icm_128_test_case_0_key, /* key */
+ srtp_aes_icm_128_test_case_0_nonce, /* packet index */
+ 32, /* octets in plaintext */
+ srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */
+ 32, /* octets in ciphertext */
+ srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */
+ 0,
+ NULL,
+ 0,
+ NULL /* pointer to next testcase */
};
-uint8_t aes_icm_test_case_1_key[46] = {
- 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70,
- 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92,
- 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82,
- 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98,
- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
- 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = {
+ 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70,
+ 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92,
+ 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82,
+ 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
-uint8_t aes_icm_test_case_1_nonce[16] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
-uint8_t aes_icm_test_case_1_plaintext[32] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
-uint8_t aes_icm_test_case_1_ciphertext[32] = {
- 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25,
- 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4,
- 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6,
- 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac
+static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = {
+ 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25,
+ 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4,
+ 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6,
+ 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac
};
-cipher_test_case_t aes_icm_test_case_1 = {
- 46, /* octets in key */
- aes_icm_test_case_1_key, /* key */
- aes_icm_test_case_1_nonce, /* packet index */
- 32, /* octets in plaintext */
- aes_icm_test_case_1_plaintext, /* plaintext */
- 32, /* octets in ciphertext */
- aes_icm_test_case_1_ciphertext, /* ciphertext */
- 0,
- NULL,
- 0,
- &aes_icm_test_case_0 /* pointer to next testcase */
+static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = {
+ SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_icm_256_test_case_0_key, /* key */
+ srtp_aes_icm_256_test_case_0_nonce, /* packet index */
+ 32, /* octets in plaintext */
+ srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */
+ 32, /* octets in ciphertext */
+ srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */
+ 0,
+ NULL,
+ 0,
+ NULL, /* pointer to next testcase */
};
* note: the encrypt function is identical to the decrypt function
*/
-cipher_type_t aes_icm = {
- (cipher_alloc_func_t) aes_icm_alloc,
- (cipher_dealloc_func_t) aes_icm_dealloc,
- (cipher_init_func_t) aes_icm_context_init,
- (cipher_set_aad_func_t) 0,
- (cipher_encrypt_func_t) aes_icm_encrypt,
- (cipher_decrypt_func_t) aes_icm_encrypt,
- (cipher_set_iv_func_t) aes_icm_set_iv,
- (cipher_get_tag_func_t) 0,
- (char *) aes_icm_description,
- (int) 0, /* instance count */
- (cipher_test_case_t *) &aes_icm_test_case_1,
- (debug_module_t *) &mod_aes_icm,
- (cipher_type_id_t) AES_ICM
+const srtp_cipher_type_t srtp_aes_icm_128 = {
+ srtp_aes_icm_alloc,
+ srtp_aes_icm_dealloc,
+ srtp_aes_icm_context_init,
+ 0, /* set_aad */
+ srtp_aes_icm_encrypt,
+ srtp_aes_icm_encrypt,
+ srtp_aes_icm_set_iv,
+ 0, /* get_tag */
+ srtp_aes_icm_128_description,
+ &srtp_aes_icm_128_test_case_0,
+ SRTP_AES_ICM_128
};
+const srtp_cipher_type_t srtp_aes_icm_256 = {
+ srtp_aes_icm_alloc,
+ srtp_aes_icm_dealloc,
+ srtp_aes_icm_context_init,
+ 0, /* set_aad */
+ srtp_aes_icm_encrypt,
+ srtp_aes_icm_encrypt,
+ srtp_aes_icm_set_iv,
+ 0, /* get_tag */
+ srtp_aes_icm_256_description,
+ &srtp_aes_icm_256_test_case_0,
+ SRTP_AES_ICM_256
+};
/*
*
- * Copyright (c) 2013, Cisco Systems, Inc.
+ * Copyright (c) 2013-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <openssl/evp.h>
#include "aes_icm_ossl.h"
#include "crypto_types.h"
+#include "err.h" /* for srtp_debug */
#include "alloc.h"
-#include "crypto_types.h"
-debug_module_t mod_aes_icm = {
+srtp_debug_module_t srtp_mod_aes_icm = {
0, /* debugging is off by default */
"aes icm ossl" /* printable module name */
};
-extern cipher_test_case_t aes_icm_test_case_0;
-extern cipher_type_t aes_icm;
-extern cipher_type_t aes_icm_192;
-extern cipher_type_t aes_icm_256;
+extern const srtp_cipher_type_t srtp_aes_icm_128;
+extern const srtp_cipher_type_t srtp_aes_icm_192;
+extern const srtp_cipher_type_t srtp_aes_icm_256;
/*
* integer counter mode works as follows:
* 16 bits
* <----->
* +------+------+------+------+------+------+------+------+
- * | nonce | pakcet index | ctr |---+
+ * | nonce | packet index | ctr |---+
* +------+------+------+------+------+------+------+------+ |
* |
* +------+------+------+------+------+------+------+------+ v
* value. The tlen argument is for the AEAD tag length, which
* isn't used in counter mode.
*/
-err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)
+static srtp_err_status_t srtp_aes_icm_openssl_alloc (srtp_cipher_t **c, int key_len, int tlen)
{
- aes_icm_ctx_t *icm;
- int tmp;
- uint8_t *allptr;
+ srtp_aes_icm_ctx_t *icm;
- debug_print(mod_aes_icm, "allocating cipher with key length %d", key_len);
+ debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d", key_len);
/*
* Verify the key_len is valid for one of: AES-128/192/256
*/
- if (key_len != AES_128_KEYSIZE_WSALT && key_len != AES_192_KEYSIZE_WSALT &&
- key_len != AES_256_KEYSIZE_WSALT) {
- return err_status_bad_param;
+ if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT && key_len != SRTP_AES_ICM_192_KEY_LEN_WSALT &&
+ key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) {
+ return srtp_err_status_bad_param;
}
/* allocate memory a cipher of type aes_icm */
- tmp = sizeof(cipher_t) + sizeof(aes_icm_ctx_t);
- allptr = (uint8_t*)crypto_alloc(tmp);
- if (allptr == NULL) {
- return err_status_alloc_fail;
+ *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
+ if (*c == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+ memset(*c, 0x0, sizeof(srtp_cipher_t));
+
+ icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t));
+ if (icm == NULL) {
+ srtp_crypto_free(*c);
+ *c = NULL;
+ return srtp_err_status_alloc_fail;
+ }
+ memset(icm, 0x0, sizeof(srtp_aes_icm_ctx_t));
+
+ icm->ctx = EVP_CIPHER_CTX_new();
+ if (icm->ctx == NULL) {
+ srtp_crypto_free(icm);
+ srtp_crypto_free(*c);
+ *c = NULL;
+ return srtp_err_status_alloc_fail;
}
/* set pointers */
- *c = (cipher_t*)allptr;
- (*c)->state = allptr + sizeof(cipher_t);
- icm = (aes_icm_ctx_t*)(*c)->state;
+ (*c)->state = icm;
- /* increment ref_count */
+ /* setup cipher parameters */
switch (key_len) {
- case AES_128_KEYSIZE_WSALT:
- (*c)->algorithm = AES_128_ICM;
- (*c)->type = &aes_icm;
- aes_icm.ref_count++;
- ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE;
+ case SRTP_AES_ICM_128_KEY_LEN_WSALT:
+ (*c)->algorithm = SRTP_AES_ICM_128;
+ (*c)->type = &srtp_aes_icm_128;
+ icm->key_size = SRTP_AES_128_KEY_LEN;
break;
- case AES_192_KEYSIZE_WSALT:
- (*c)->algorithm = AES_192_ICM;
- (*c)->type = &aes_icm_192;
- aes_icm_192.ref_count++;
- ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_192_KEYSIZE;
+ case SRTP_AES_ICM_192_KEY_LEN_WSALT:
+ (*c)->algorithm = SRTP_AES_ICM_192;
+ (*c)->type = &srtp_aes_icm_192;
+ icm->key_size = SRTP_AES_192_KEY_LEN;
break;
- case AES_256_KEYSIZE_WSALT:
- (*c)->algorithm = AES_256_ICM;
- (*c)->type = &aes_icm_256;
- aes_icm_256.ref_count++;
- ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE;
+ case SRTP_AES_ICM_256_KEY_LEN_WSALT:
+ (*c)->algorithm = SRTP_AES_ICM_256;
+ (*c)->type = &srtp_aes_icm_256;
+ icm->key_size = SRTP_AES_256_KEY_LEN;
break;
}
/* set key size */
(*c)->key_len = key_len;
- EVP_CIPHER_CTX_init(&icm->ctx);
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
* This function deallocates an instance of this engine
*/
-err_status_t aes_icm_openssl_dealloc (cipher_t *c)
+static srtp_err_status_t srtp_aes_icm_openssl_dealloc (srtp_cipher_t *c)
{
- aes_icm_ctx_t *ctx;
+ srtp_aes_icm_ctx_t *ctx;
if (c == NULL) {
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
/*
* Free the EVP context
*/
- ctx = (aes_icm_ctx_t*)c->state;
+ ctx = (srtp_aes_icm_ctx_t*)c->state;
if (ctx != NULL) {
- EVP_CIPHER_CTX_cleanup(&ctx->ctx);
- /* decrement ref_count for the appropriate engine */
- switch (ctx->key_size) {
- case AES_256_KEYSIZE:
- aes_icm_256.ref_count--;
- break;
- case AES_192_KEYSIZE:
- aes_icm_192.ref_count--;
- break;
- case AES_128_KEYSIZE:
- aes_icm.ref_count--;
- break;
- default:
- return err_status_dealloc_fail;
- break;
- }
+ EVP_CIPHER_CTX_free(ctx->ctx);
+ /* zeroize the key material */
+ octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t));
+ srtp_crypto_free(ctx);
}
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t*)c,
- sizeof(cipher_t) + sizeof(aes_icm_ctx_t));
-
/* free memory */
- crypto_free(c);
+ srtp_crypto_free(c);
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
* the salt is unpredictable (but not necessarily secret) data which
* randomizes the starting point in the keystream
*/
-err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key)
+static srtp_err_status_t srtp_aes_icm_openssl_context_init (void* cv, const uint8_t *key)
{
+ srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
+ const EVP_CIPHER *evp;
+
/*
* set counter and initial values to 'offset' value, being careful not to
* go past the end of the key buffer
*/
v128_set_to_zero(&c->counter);
v128_set_to_zero(&c->offset);
- memcpy(&c->counter, key + c->key_size, SALT_SIZE);
- memcpy(&c->offset, key + c->key_size, SALT_SIZE);
+ memcpy(&c->counter, key + c->key_size, SRTP_SALT_LEN);
+ memcpy(&c->offset, key + c->key_size, SRTP_SALT_LEN);
/* force last two octets of the offset to zero (for srtp compatibility) */
- c->offset.v8[SALT_SIZE] = c->offset.v8[SALT_SIZE + 1] = 0;
- c->counter.v8[SALT_SIZE] = c->counter.v8[SALT_SIZE + 1] = 0;
+ c->offset.v8[SRTP_SALT_LEN] = c->offset.v8[SRTP_SALT_LEN + 1] = 0;
+ c->counter.v8[SRTP_SALT_LEN] = c->counter.v8[SRTP_SALT_LEN + 1] = 0;
- /* copy key to be used later when CiscoSSL crypto context is created */
- v128_copy_octet_string((v128_t*)&c->key, key);
+ debug_print(srtp_mod_aes_icm, "key: %s", srtp_octet_string_hex_string(key, c->key_size));
+ debug_print(srtp_mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
- /* if the key is greater than 16 bytes, copy the second
- * half. Note, we treat AES-192 and AES-256 the same here
- * for simplicity. The storage location receiving the
- * key is statically allocated to handle a full 32 byte key
- * regardless of the cipher in use.
- */
- if (c->key_size == AES_256_KEYSIZE || c->key_size == AES_192_KEYSIZE) {
- debug_print(mod_aes_icm, "Copying last 16 bytes of key: %s",
- v128_hex_string((v128_t*)(key + AES_128_KEYSIZE)));
- v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, key + AES_128_KEYSIZE);
+ switch (c->key_size) {
+ case SRTP_AES_256_KEY_LEN:
+ evp = EVP_aes_256_ctr();
+ break;
+ case SRTP_AES_192_KEY_LEN:
+ evp = EVP_aes_192_ctr();
+ break;
+ case SRTP_AES_128_KEY_LEN:
+ evp = EVP_aes_128_ctr();
+ break;
+ default:
+ return srtp_err_status_bad_param;
+ break;
}
- debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key));
- debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
-
- EVP_CIPHER_CTX_cleanup(&c->ctx);
+ if (!EVP_EncryptInit_ex(c->ctx, evp,
+ NULL, key, NULL)) {
+ return srtp_err_status_fail;
+ } else {
+ return srtp_err_status_ok;
+ }
- return err_status_ok;
+ return srtp_err_status_ok;
}
* aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with
* the offset
*/
-err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)
+static srtp_err_status_t srtp_aes_icm_openssl_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t dir)
{
- const EVP_CIPHER *evp;
+ srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
v128_t nonce;
/* set nonce (for alignment) */
v128_copy_octet_string(&nonce, iv);
- debug_print(mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce));
+ debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce));
v128_xor(&c->counter, &c->offset, &nonce);
- debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter));
-
- switch (c->key_size) {
- case AES_256_KEYSIZE:
- evp = EVP_aes_256_ctr();
- break;
- case AES_192_KEYSIZE:
- evp = EVP_aes_192_ctr();
- break;
- case AES_128_KEYSIZE:
- evp = EVP_aes_128_ctr();
- break;
- default:
- return err_status_bad_param;
- break;
- }
+ debug_print(srtp_mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter));
- if (!EVP_EncryptInit_ex(&c->ctx, evp,
- NULL, c->key.v8, c->counter.v8)) {
- return err_status_fail;
+ if (!EVP_EncryptInit_ex(c->ctx, NULL,
+ NULL, NULL, c->counter.v8)) {
+ return srtp_err_status_fail;
} else {
- return err_status_ok;
+ return srtp_err_status_ok;
}
}
* buf data to encrypt
* enc_len length of encrypt buffer
*/
-err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsigned int *enc_len)
+static srtp_err_status_t srtp_aes_icm_openssl_encrypt (void *cv, unsigned char *buf, unsigned int *enc_len)
{
+ srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
int len = 0;
- debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));
+ debug_print(srtp_mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));
- if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) {
- return err_status_cipher_fail;
+ if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) {
+ return srtp_err_status_cipher_fail;
}
*enc_len = len;
- if (!EVP_EncryptFinal_ex(&c->ctx, buf, (int*)&len)) {
- return err_status_cipher_fail;
+ if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) {
+ return srtp_err_status_cipher_fail;
}
*enc_len += len;
- return err_status_ok;
-}
-
-/*
- * Abstraction layer for encrypt.
- */
-err_status_t aes_icm_output (aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output)
-{
- unsigned int len = num_octets_to_output;
-
- /* zeroize the buffer */
- octet_string_set_to_zero(buffer, num_octets_to_output);
-
- /* exor keystream into buffer */
- return aes_icm_openssl_encrypt(c, buffer, &len);
+ return srtp_err_status_ok;
}
/*
* Name of this crypto engine
*/
-char aes_icm_openssl_description[] = "AES-128 counter mode using openssl";
-char aes_icm_192_openssl_description[] = "AES-192 counter mode using openssl";
-char aes_icm_256_openssl_description[] = "AES-256 counter mode using openssl";
+static const char srtp_aes_icm_128_openssl_description[] = "AES-128 counter mode using openssl";
+static const char srtp_aes_icm_192_openssl_description[] = "AES-192 counter mode using openssl";
+static const char srtp_aes_icm_256_openssl_description[] = "AES-256 counter mode using openssl";
/*
* KAT values for AES self-test. These
* values came from the legacy libsrtp code.
*/
-uint8_t aes_icm_test_case_0_key[AES_128_KEYSIZE_WSALT] = {
+static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = {
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
-uint8_t aes_icm_test_case_0_nonce[16] = {
+static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
-uint8_t aes_icm_test_case_0_plaintext[32] = {
+static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
-uint8_t aes_icm_test_case_0_ciphertext[32] = {
+static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = {
0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80,
0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4,
0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7,
0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab
};
-cipher_test_case_t aes_icm_test_case_0 = {
- AES_128_KEYSIZE_WSALT, /* octets in key */
- aes_icm_test_case_0_key, /* key */
- aes_icm_test_case_0_nonce, /* packet index */
+static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = {
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_icm_128_test_case_0_key, /* key */
+ srtp_aes_icm_128_test_case_0_nonce, /* packet index */
32, /* octets in plaintext */
- aes_icm_test_case_0_plaintext, /* plaintext */
+ srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */
32, /* octets in ciphertext */
- aes_icm_test_case_0_ciphertext, /* ciphertext */
+ srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */
0,
NULL,
0,
* KAT values for AES-192-CTR self-test. These
* values came from section 7 of RFC 6188.
*/
-uint8_t aes_icm_192_test_case_1_key[AES_192_KEYSIZE_WSALT] = {
+static const uint8_t srtp_aes_icm_192_test_case_0_key[SRTP_AES_ICM_192_KEY_LEN_WSALT] = {
0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d,
0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21,
0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7,
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
-uint8_t aes_icm_192_test_case_1_nonce[16] = {
+static uint8_t srtp_aes_icm_192_test_case_0_nonce[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
-uint8_t aes_icm_192_test_case_1_plaintext[32] = {
+static const uint8_t srtp_aes_icm_192_test_case_0_plaintext[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
-uint8_t aes_icm_192_test_case_1_ciphertext[32] = {
+static const uint8_t srtp_aes_icm_192_test_case_0_ciphertext[32] = {
0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d,
0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c,
0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61,
0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a
};
-cipher_test_case_t aes_icm_192_test_case_1 = {
- AES_192_KEYSIZE_WSALT, /* octets in key */
- aes_icm_192_test_case_1_key, /* key */
- aes_icm_192_test_case_1_nonce, /* packet index */
+static const srtp_cipher_test_case_t srtp_aes_icm_192_test_case_0 = {
+ SRTP_AES_ICM_192_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_icm_192_test_case_0_key, /* key */
+ srtp_aes_icm_192_test_case_0_nonce, /* packet index */
32, /* octets in plaintext */
- aes_icm_192_test_case_1_plaintext, /* plaintext */
+ srtp_aes_icm_192_test_case_0_plaintext, /* plaintext */
32, /* octets in ciphertext */
- aes_icm_192_test_case_1_ciphertext, /* ciphertext */
+ srtp_aes_icm_192_test_case_0_ciphertext, /* ciphertext */
0,
NULL,
0,
NULL /* pointer to next testcase */
};
-
/*
* KAT values for AES-256-CTR self-test. These
* values came from section 7 of RFC 6188.
*/
-uint8_t aes_icm_256_test_case_2_key[AES_256_KEYSIZE_WSALT] = {
+static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = {
0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70,
0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92,
0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82,
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
-uint8_t aes_icm_256_test_case_2_nonce[16] = {
+static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
-uint8_t aes_icm_256_test_case_2_plaintext[32] = {
+static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
-uint8_t aes_icm_256_test_case_2_ciphertext[32] = {
+static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = {
0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25,
0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4,
0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6,
0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac
};
-cipher_test_case_t aes_icm_256_test_case_2 = {
- AES_256_KEYSIZE_WSALT, /* octets in key */
- aes_icm_256_test_case_2_key, /* key */
- aes_icm_256_test_case_2_nonce, /* packet index */
+static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = {
+ SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_icm_256_test_case_0_key, /* key */
+ srtp_aes_icm_256_test_case_0_nonce, /* packet index */
32, /* octets in plaintext */
- aes_icm_256_test_case_2_plaintext, /* plaintext */
+ srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */
32, /* octets in ciphertext */
- aes_icm_256_test_case_2_ciphertext, /* ciphertext */
+ srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */
0,
NULL,
0,
* This is the function table for this crypto engine.
* note: the encrypt function is identical to the decrypt function
*/
-cipher_type_t aes_icm = {
- (cipher_alloc_func_t) aes_icm_openssl_alloc,
- (cipher_dealloc_func_t) aes_icm_openssl_dealloc,
- (cipher_init_func_t) aes_icm_openssl_context_init,
- (cipher_set_aad_func_t) 0,
- (cipher_encrypt_func_t) aes_icm_openssl_encrypt,
- (cipher_decrypt_func_t) aes_icm_openssl_encrypt,
- (cipher_set_iv_func_t) aes_icm_openssl_set_iv,
- (cipher_get_tag_func_t) 0,
- (char*) aes_icm_openssl_description,
- (int) 0, /* instance count */
- (cipher_test_case_t*) &aes_icm_test_case_0,
- (debug_module_t*) &mod_aes_icm,
- (cipher_type_id_t) AES_ICM
+const srtp_cipher_type_t srtp_aes_icm_128 = {
+ srtp_aes_icm_openssl_alloc,
+ srtp_aes_icm_openssl_dealloc,
+ srtp_aes_icm_openssl_context_init,
+ 0, /* set_aad */
+ srtp_aes_icm_openssl_encrypt,
+ srtp_aes_icm_openssl_encrypt,
+ srtp_aes_icm_openssl_set_iv,
+ 0, /* get_tag */
+ srtp_aes_icm_128_openssl_description,
+ &srtp_aes_icm_128_test_case_0,
+ SRTP_AES_ICM_128
};
/*
* This is the function table for this crypto engine.
* note: the encrypt function is identical to the decrypt function
*/
-cipher_type_t aes_icm_192 = {
- (cipher_alloc_func_t) aes_icm_openssl_alloc,
- (cipher_dealloc_func_t) aes_icm_openssl_dealloc,
- (cipher_init_func_t) aes_icm_openssl_context_init,
- (cipher_set_aad_func_t) 0,
- (cipher_encrypt_func_t) aes_icm_openssl_encrypt,
- (cipher_decrypt_func_t) aes_icm_openssl_encrypt,
- (cipher_set_iv_func_t) aes_icm_openssl_set_iv,
- (cipher_get_tag_func_t) 0,
- (char*) aes_icm_192_openssl_description,
- (int) 0, /* instance count */
- (cipher_test_case_t*) &aes_icm_192_test_case_1,
- (debug_module_t*) &mod_aes_icm,
- (cipher_type_id_t) AES_192_ICM
+const srtp_cipher_type_t srtp_aes_icm_192 = {
+ srtp_aes_icm_openssl_alloc,
+ srtp_aes_icm_openssl_dealloc,
+ srtp_aes_icm_openssl_context_init,
+ 0, /* set_aad */
+ srtp_aes_icm_openssl_encrypt,
+ srtp_aes_icm_openssl_encrypt,
+ srtp_aes_icm_openssl_set_iv,
+ 0, /* get_tag */
+ srtp_aes_icm_192_openssl_description,
+ &srtp_aes_icm_192_test_case_0,
+ SRTP_AES_ICM_192
};
/*
* This is the function table for this crypto engine.
* note: the encrypt function is identical to the decrypt function
*/
-cipher_type_t aes_icm_256 = {
- (cipher_alloc_func_t) aes_icm_openssl_alloc,
- (cipher_dealloc_func_t) aes_icm_openssl_dealloc,
- (cipher_init_func_t) aes_icm_openssl_context_init,
- (cipher_set_aad_func_t) 0,
- (cipher_encrypt_func_t) aes_icm_openssl_encrypt,
- (cipher_decrypt_func_t) aes_icm_openssl_encrypt,
- (cipher_set_iv_func_t) aes_icm_openssl_set_iv,
- (cipher_get_tag_func_t) 0,
- (char*) aes_icm_256_openssl_description,
- (int) 0, /* instance count */
- (cipher_test_case_t*) &aes_icm_256_test_case_2,
- (debug_module_t*) &mod_aes_icm,
- (cipher_type_id_t) AES_256_ICM
+const srtp_cipher_type_t srtp_aes_icm_256 = {
+ srtp_aes_icm_openssl_alloc,
+ srtp_aes_icm_openssl_dealloc,
+ srtp_aes_icm_openssl_context_init,
+ 0, /* set_aad */
+ srtp_aes_icm_openssl_encrypt,
+ srtp_aes_icm_openssl_encrypt,
+ srtp_aes_icm_openssl_set_iv,
+ 0, /* get_tag */
+ srtp_aes_icm_256_openssl_description,
+ &srtp_aes_icm_256_test_case_0,
+ SRTP_AES_ICM_256
};
*
* David A. McGrew
* Cisco Systems, Inc.
- *
+ *
*/
/*
- *
- * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "cipher.h"
#include "crypto_types.h"
-#include "rand_source.h" /* used in invertibiltiy tests */
+#include "err.h" /* for srtp_debug */
#include "alloc.h" /* for crypto_alloc(), crypto_free() */
-debug_module_t mod_cipher = {
- 0, /* debugging is off by default */
- "cipher" /* printable module name */
+srtp_debug_module_t srtp_mod_cipher = {
+ 0, /* debugging is off by default */
+ "cipher" /* printable module name */
};
-err_status_t
-cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output) {
-
- /* zeroize the buffer */
- octet_string_set_to_zero(buffer, num_octets_to_output);
-
- /* exor keystream into buffer */
- return cipher_encrypt(c, buffer, (unsigned int *) &num_octets_to_output);
+srtp_err_status_t srtp_cipher_type_alloc (const srtp_cipher_type_t *ct, srtp_cipher_t **c, int key_len, int tlen)
+{
+ if (!ct || !ct->alloc) {
+ return (srtp_err_status_bad_param);
+ }
+ return ((ct)->alloc((c), (key_len), (tlen)));
+}
+
+srtp_err_status_t srtp_cipher_dealloc (srtp_cipher_t *c)
+{
+ if (!c || !c->type) {
+ return (srtp_err_status_bad_param);
+ }
+ return (((c)->type)->dealloc(c));
+}
+
+srtp_err_status_t srtp_cipher_init (srtp_cipher_t *c, const uint8_t *key)
+{
+ if (!c || !c->type || !c->state) {
+ return (srtp_err_status_bad_param);
+ }
+ return (((c)->type)->init(((c)->state), (key)));
+}
+
+
+srtp_err_status_t srtp_cipher_set_iv (srtp_cipher_t *c, uint8_t *iv, int direction)
+{
+ if (!c || !c->type || !c->state) {
+ return (srtp_err_status_bad_param);
+ }
+
+ return (((c)->type)->set_iv(((c)->state), iv, direction));
+}
+
+srtp_err_status_t srtp_cipher_output (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output)
+{
+
+ /* zeroize the buffer */
+ octet_string_set_to_zero(buffer, *num_octets_to_output);
+
+ /* exor keystream into buffer */
+ return (((c)->type)->encrypt(((c)->state), buffer, num_octets_to_output));
+}
+
+srtp_err_status_t srtp_cipher_encrypt (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output)
+{
+ if (!c || !c->type || !c->state) {
+ return (srtp_err_status_bad_param);
+ }
+
+ return (((c)->type)->encrypt(((c)->state), buffer, num_octets_to_output));
+}
+
+srtp_err_status_t srtp_cipher_decrypt (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output)
+{
+ if (!c || !c->type || !c->state) {
+ return (srtp_err_status_bad_param);
+ }
+
+ return (((c)->type)->decrypt(((c)->state), buffer, num_octets_to_output));
+}
+
+srtp_err_status_t srtp_cipher_get_tag (srtp_cipher_t *c, uint8_t *buffer, uint32_t *tag_len)
+{
+ if (!c || !c->type || !c->state) {
+ return (srtp_err_status_bad_param);
+ }
+ if (!((c)->type)->get_tag) {
+ return (srtp_err_status_no_such_op);
+ }
+
+ return (((c)->type)->get_tag(((c)->state), buffer, tag_len));
+}
+
+srtp_err_status_t srtp_cipher_set_aad (srtp_cipher_t *c, const uint8_t *aad, uint32_t aad_len)
+{
+ if (!c || !c->type || !c->state) {
+ return (srtp_err_status_bad_param);
+ }
+ if (!((c)->type)->set_aad) {
+ return (srtp_err_status_no_such_op);
+ }
+
+ return (((c)->type)->set_aad(((c)->state), aad, aad_len));
}
/* some bookkeeping functions */
-int
-cipher_get_key_length(const cipher_t *c) {
- return c->key_len;
+int srtp_cipher_get_key_length (const srtp_cipher_t *c)
+{
+ return c->key_len;
}
-/*
- * cipher_type_test(ct, test_data) tests a cipher of type ct against
- * test cases provided in a list test_data of values of key, salt, iv,
- * plaintext, and ciphertext that is known to be good
- */
+/*
+ * A trivial platform independent random source. The random
+ * data is used for some of the cipher self-tests.
+ */
+static srtp_err_status_t srtp_cipher_rand (void *dest, uint32_t len)
+{
+#if defined(HAVE_RAND_S)
+ uint8_t *dst = (uint8_t *)dest;
+ while (len)
+ {
+ unsigned int val;
+ errno_t err = rand_s(&val);
+
+ if (err != 0)
+ return srtp_err_status_fail;
+
+ *dst++ = val & 0xff;
+ len--;
+ }
+#else
+ /* Generic C-library (rand()) version */
+ /* This is a random source of last resort */
+ uint8_t *dst = (uint8_t *)dest;
+ while (len)
+ {
+ int val = rand();
+ /* rand() returns 0-32767 (ugh) */
+ /* Is this a good enough way to get random bytes?
+ It is if it passes FIPS-140... */
+ *dst++ = val & 0xff;
+ len--;
+ }
+#endif
+ return srtp_err_status_ok;
+}
+
#define SELF_TEST_BUF_OCTETS 128
#define NUM_RAND_TESTS 128
#define MAX_KEY_LEN 64
+/*
+ * srtp_cipher_type_test(ct, test_data) tests a cipher of type ct against
+ * test cases provided in a list test_data of values of key, salt, iv,
+ * plaintext, and ciphertext that is known to be good
+ */
+srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srtp_cipher_test_case_t *test_data)
+{
+ const srtp_cipher_test_case_t *test_case = test_data;
+ srtp_cipher_t *c;
+ srtp_err_status_t status;
+ uint8_t buffer[SELF_TEST_BUF_OCTETS];
+ uint8_t buffer2[SELF_TEST_BUF_OCTETS];
+ uint32_t tag_len;
+ unsigned int len;
+ int i, j, case_num = 0;
+
+ debug_print(srtp_mod_cipher, "running self-test for cipher %s",
+ ct->description);
-err_status_t
-cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data) {
- const cipher_test_case_t *test_case = test_data;
- cipher_t *c;
- err_status_t status;
- uint8_t buffer[SELF_TEST_BUF_OCTETS];
- uint8_t buffer2[SELF_TEST_BUF_OCTETS];
- int tag_len;
- unsigned int len;
- int i, j, case_num = 0;
-
- debug_print(mod_cipher, "running self-test for cipher %s",
- ct->description);
-
- /*
- * check to make sure that we have at least one test case, and
- * return an error if we don't - we need to be paranoid here
- */
- if (test_case == NULL)
- return err_status_cant_check;
-
- /*
- * loop over all test cases, perform known-answer tests of both the
- * encryption and decryption functions
- */
- while (test_case != NULL) {
- /* allocate cipher */
- status = cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets);
- if (status)
- return status;
-
/*
- * test the encrypt function
+ * check to make sure that we have at least one test case, and
+ * return an error if we don't - we need to be paranoid here
*/
- debug_print(mod_cipher, "testing encryption", NULL);
-
- /* initialize cipher */
- status = cipher_init(c, test_case->key);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
-
- /* copy plaintext into test buffer */
- if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) {
- cipher_dealloc(c);
- return err_status_bad_param;
+ if (test_case == NULL) {
+ return srtp_err_status_cant_check;
}
- for (i=0; i < test_case->plaintext_length_octets; i++)
- buffer[i] = test_case->plaintext[i];
-
- debug_print(mod_cipher, "plaintext: %s",
- octet_string_hex_string(buffer,
- test_case->plaintext_length_octets));
- /* set the initialization vector */
- status = cipher_set_iv(c, test_case->idx, direction_encrypt);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
-
- if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
- debug_print(mod_cipher, "IV: %s",
- octet_string_hex_string(test_case->idx, 12));
+ /*
+ * loop over all test cases, perform known-answer tests of both the
+ * encryption and decryption functions
+ */
+ while (test_case != NULL) {
+ /* allocate cipher */
+ status = srtp_cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets);
+ if (status) {
+ return status;
+ }
/*
- * Set the AAD
+ * test the encrypt function
*/
- status = cipher_set_aad(c, test_case->aad,
- test_case->aad_length_octets);
+ debug_print(srtp_mod_cipher, "testing encryption", NULL);
+
+ /* initialize cipher */
+ status = srtp_cipher_init(c, test_case->key);
if (status) {
- cipher_dealloc(c);
- return status;
- }
- debug_print(mod_cipher, "AAD: %s",
- octet_string_hex_string(test_case->aad,
- test_case->aad_length_octets));
- }
+ srtp_cipher_dealloc(c);
+ return status;
+ }
- /* encrypt */
- len = test_case->plaintext_length_octets;
- status = cipher_encrypt(c, buffer, &len);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
-
- if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
- /*
- * Get the GCM tag
- */
- status = cipher_get_tag(c, buffer + len, &tag_len);
+ /* copy plaintext into test buffer */
+ if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) {
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_bad_param;
+ }
+ for (i = 0; i < test_case->plaintext_length_octets; i++) {
+ buffer[i] = test_case->plaintext[i];
+ }
+
+ debug_print(srtp_mod_cipher, "plaintext: %s",
+ srtp_octet_string_hex_string(buffer,
+ test_case->plaintext_length_octets));
+
+ /* set the initialization vector */
+ status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_encrypt);
if (status) {
- cipher_dealloc(c);
+ srtp_cipher_dealloc(c);
return status;
}
- len += tag_len;
- }
- debug_print(mod_cipher, "ciphertext: %s",
- octet_string_hex_string(buffer,
- test_case->ciphertext_length_octets));
-
- /* compare the resulting ciphertext with that in the test case */
- if (len != (unsigned int)test_case->ciphertext_length_octets)
- return err_status_algo_fail;
- status = err_status_ok;
- for (i=0; i < test_case->ciphertext_length_octets; i++)
- if (buffer[i] != test_case->ciphertext[i]) {
- status = err_status_algo_fail;
- debug_print(mod_cipher, "test case %d failed", case_num);
- debug_print(mod_cipher, "(failure at byte %d)", i);
- break;
- }
- if (status) {
+ if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) {
+ debug_print(srtp_mod_cipher, "IV: %s",
+ srtp_octet_string_hex_string(test_case->idx, 12));
+
+ /*
+ * Set the AAD
+ */
+ status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ debug_print(srtp_mod_cipher, "AAD: %s",
+ srtp_octet_string_hex_string(test_case->aad,
+ test_case->aad_length_octets));
+ }
- debug_print(mod_cipher, "c computed: %s",
- octet_string_hex_string(buffer,
- 2*test_case->plaintext_length_octets));
- debug_print(mod_cipher, "c expected: %s",
- octet_string_hex_string(test_case->ciphertext,
- 2*test_case->plaintext_length_octets));
+ /* encrypt */
+ len = test_case->plaintext_length_octets;
+ status = srtp_cipher_encrypt(c, buffer, &len);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
- cipher_dealloc(c);
- return err_status_algo_fail;
- }
+ if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) {
+ /*
+ * Get the GCM tag
+ */
+ status = srtp_cipher_get_tag(c, buffer + len, &tag_len);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ len += tag_len;
+ }
- /*
- * test the decrypt function
- */
- debug_print(mod_cipher, "testing decryption", NULL);
+ debug_print(srtp_mod_cipher, "ciphertext: %s",
+ srtp_octet_string_hex_string(buffer,
+ test_case->ciphertext_length_octets));
- /* re-initialize cipher for decryption */
- status = cipher_init(c, test_case->key);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
+ /* compare the resulting ciphertext with that in the test case */
+ if (len != test_case->ciphertext_length_octets) {
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_algo_fail;
+ }
+ status = srtp_err_status_ok;
+ for (i = 0; i < test_case->ciphertext_length_octets; i++) {
+ if (buffer[i] != test_case->ciphertext[i]) {
+ status = srtp_err_status_algo_fail;
+ debug_print(srtp_mod_cipher, "test case %d failed", case_num);
+ debug_print(srtp_mod_cipher, "(failure at byte %d)", i);
+ break;
+ }
+ }
+ if (status) {
- /* copy ciphertext into test buffer */
- if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) {
- cipher_dealloc(c);
- return err_status_bad_param;
- }
- for (i=0; i < test_case->ciphertext_length_octets; i++)
- buffer[i] = test_case->ciphertext[i];
+ debug_print(srtp_mod_cipher, "c computed: %s",
+ srtp_octet_string_hex_string(buffer,
+ 2 * test_case->plaintext_length_octets));
+ debug_print(srtp_mod_cipher, "c expected: %s",
+ srtp_octet_string_hex_string(test_case->ciphertext,
+ 2 * test_case->plaintext_length_octets));
- debug_print(mod_cipher, "ciphertext: %s",
- octet_string_hex_string(buffer,
- test_case->plaintext_length_octets));
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_algo_fail;
+ }
- /* set the initialization vector */
- status = cipher_set_iv(c, test_case->idx, direction_decrypt);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
-
- if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
/*
- * Set the AAD
+ * test the decrypt function
*/
- status = cipher_set_aad(c, test_case->aad,
- test_case->aad_length_octets);
+ debug_print(srtp_mod_cipher, "testing decryption", NULL);
+
+ /* re-initialize cipher for decryption */
+ status = srtp_cipher_init(c, test_case->key);
if (status) {
- cipher_dealloc(c);
+ srtp_cipher_dealloc(c);
return status;
- }
- debug_print(mod_cipher, "AAD: %s",
- octet_string_hex_string(test_case->aad,
- test_case->aad_length_octets));
- }
+ }
- /* decrypt */
- len = test_case->ciphertext_length_octets;
- status = cipher_decrypt(c, buffer, &len);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
-
- debug_print(mod_cipher, "plaintext: %s",
- octet_string_hex_string(buffer,
- test_case->plaintext_length_octets));
-
- /* compare the resulting plaintext with that in the test case */
- if (len != (unsigned int)test_case->plaintext_length_octets)
- return err_status_algo_fail;
- status = err_status_ok;
- for (i=0; i < test_case->plaintext_length_octets; i++)
- if (buffer[i] != test_case->plaintext[i]) {
- status = err_status_algo_fail;
- debug_print(mod_cipher, "test case %d failed", case_num);
- debug_print(mod_cipher, "(failure at byte %d)", i);
- }
- if (status) {
+ /* copy ciphertext into test buffer */
+ if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) {
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_bad_param;
+ }
+ for (i = 0; i < test_case->ciphertext_length_octets; i++) {
+ buffer[i] = test_case->ciphertext[i];
+ }
- debug_print(mod_cipher, "p computed: %s",
- octet_string_hex_string(buffer,
- 2*test_case->plaintext_length_octets));
- debug_print(mod_cipher, "p expected: %s",
- octet_string_hex_string(test_case->plaintext,
- 2*test_case->plaintext_length_octets));
+ debug_print(srtp_mod_cipher, "ciphertext: %s",
+ srtp_octet_string_hex_string(buffer,
+ test_case->plaintext_length_octets));
- cipher_dealloc(c);
- return err_status_algo_fail;
- }
+ /* set the initialization vector */
+ status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_decrypt);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
- /* deallocate the cipher */
- status = cipher_dealloc(c);
- if (status)
- return status;
-
- /*
- * the cipher passed the test case, so move on to the next test
- * case in the list; if NULL, we'l proceed to the next test
- */
- test_case = test_case->next_test_case;
- ++case_num;
- }
-
- /* now run some random invertibility tests */
+ if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) {
+ /*
+ * Set the AAD
+ */
+ status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ debug_print(srtp_mod_cipher, "AAD: %s",
+ srtp_octet_string_hex_string(test_case->aad,
+ test_case->aad_length_octets));
+ }
- /* allocate cipher, using paramaters from the first test case */
- test_case = test_data;
- status = cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets);
- if (status)
- return status;
-
- rand_source_init();
-
- for (j=0; j < NUM_RAND_TESTS; j++) {
- unsigned length;
- int plaintext_len;
- uint8_t key[MAX_KEY_LEN];
- uint8_t iv[MAX_KEY_LEN];
-
- /* choose a length at random (leaving room for IV and padding) */
- length = rand() % (SELF_TEST_BUF_OCTETS - 64);
- debug_print(mod_cipher, "random plaintext length %d\n", length);
- status = rand_source_get_octet_string(buffer, length);
- if (status) return status;
-
- debug_print(mod_cipher, "plaintext: %s",
- octet_string_hex_string(buffer, length));
-
- /* copy plaintext into second buffer */
- for (i=0; (unsigned int)i < length; i++)
- buffer2[i] = buffer[i];
-
- /* choose a key at random */
- if (test_case->key_length_octets > MAX_KEY_LEN)
- return err_status_cant_check;
- status = rand_source_get_octet_string(key, test_case->key_length_octets);
- if (status) return status;
-
- /* chose a random initialization vector */
- status = rand_source_get_octet_string(iv, MAX_KEY_LEN);
- if (status) return status;
-
- /* initialize cipher */
- status = cipher_init(c, key);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
+ /* decrypt */
+ len = test_case->ciphertext_length_octets;
+ status = srtp_cipher_decrypt(c, buffer, &len);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
- /* set initialization vector */
- status = cipher_set_iv(c, test_case->idx, direction_encrypt);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
+ debug_print(srtp_mod_cipher, "plaintext: %s",
+ srtp_octet_string_hex_string(buffer,
+ test_case->plaintext_length_octets));
- if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
- /*
- * Set the AAD
- */
- status = cipher_set_aad(c, test_case->aad,
- test_case->aad_length_octets);
+ /* compare the resulting plaintext with that in the test case */
+ if (len != test_case->plaintext_length_octets) {
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_algo_fail;
+ }
+ status = srtp_err_status_ok;
+ for (i = 0; i < test_case->plaintext_length_octets; i++) {
+ if (buffer[i] != test_case->plaintext[i]) {
+ status = srtp_err_status_algo_fail;
+ debug_print(srtp_mod_cipher, "test case %d failed", case_num);
+ debug_print(srtp_mod_cipher, "(failure at byte %d)", i);
+ }
+ }
+ if (status) {
+
+ debug_print(srtp_mod_cipher, "p computed: %s",
+ srtp_octet_string_hex_string(buffer,
+ 2 * test_case->plaintext_length_octets));
+ debug_print(srtp_mod_cipher, "p expected: %s",
+ srtp_octet_string_hex_string(test_case->plaintext,
+ 2 * test_case->plaintext_length_octets));
+
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_algo_fail;
+ }
+
+ /* deallocate the cipher */
+ status = srtp_cipher_dealloc(c);
if (status) {
- cipher_dealloc(c);
return status;
- }
- debug_print(mod_cipher, "AAD: %s",
- octet_string_hex_string(test_case->aad,
- test_case->aad_length_octets));
+ }
+
+ /*
+ * the cipher passed the test case, so move on to the next test
+ * case in the list; if NULL, we'l proceed to the next test
+ */
+ test_case = test_case->next_test_case;
+ ++case_num;
}
- /* encrypt buffer with cipher */
- plaintext_len = length;
- status = cipher_encrypt(c, buffer, &length);
+ /* now run some random invertibility tests */
+
+ /* allocate cipher, using paramaters from the first test case */
+ test_case = test_data;
+ status = srtp_cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets);
if (status) {
- cipher_dealloc(c);
- return status;
+ return status;
}
- if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
- /*
- * Get the GCM tag
- */
- status = cipher_get_tag(c, buffer + length, &tag_len);
+
+ for (j = 0; j < NUM_RAND_TESTS; j++) {
+ unsigned length;
+ int plaintext_len;
+ uint8_t key[MAX_KEY_LEN];
+ uint8_t iv[MAX_KEY_LEN];
+
+ /* choose a length at random (leaving room for IV and padding) */
+ length = rand() % (SELF_TEST_BUF_OCTETS - 64);
+ debug_print(srtp_mod_cipher, "random plaintext length %d\n", length);
+ status = srtp_cipher_rand(buffer, length);
if (status) {
- cipher_dealloc(c);
+ srtp_cipher_dealloc(c);
return status;
}
- length += tag_len;
- }
- debug_print(mod_cipher, "ciphertext: %s",
- octet_string_hex_string(buffer, length));
- /*
- * re-initialize cipher for decryption, re-set the iv, then
- * decrypt the ciphertext
- */
- status = cipher_init(c, key);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
- status = cipher_set_iv(c, test_case->idx, direction_decrypt);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
- if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
+ debug_print(srtp_mod_cipher, "plaintext: %s",
+ srtp_octet_string_hex_string(buffer, length));
+
+ /* copy plaintext into second buffer */
+ for (i = 0; (unsigned int)i < length; i++) {
+ buffer2[i] = buffer[i];
+ }
+
+ /* choose a key at random */
+ if (test_case->key_length_octets > MAX_KEY_LEN) {
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_cant_check;
+ }
+ status = srtp_cipher_rand(key, test_case->key_length_octets);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+
+ /* chose a random initialization vector */
+ status = srtp_cipher_rand(iv, MAX_KEY_LEN);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+
+ /* initialize cipher */
+ status = srtp_cipher_init(c, key);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+
+ /* set initialization vector */
+ status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_encrypt);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+
+ if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) {
+ /*
+ * Set the AAD
+ */
+ status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ debug_print(srtp_mod_cipher, "AAD: %s",
+ srtp_octet_string_hex_string(test_case->aad,
+ test_case->aad_length_octets));
+ }
+
+ /* encrypt buffer with cipher */
+ plaintext_len = length;
+ status = srtp_cipher_encrypt(c, buffer, &length);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) {
+ /*
+ * Get the GCM tag
+ */
+ status = srtp_cipher_get_tag(c, buffer + length, &tag_len);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ length += tag_len;
+ }
+ debug_print(srtp_mod_cipher, "ciphertext: %s",
+ srtp_octet_string_hex_string(buffer, length));
+
/*
- * Set the AAD
+ * re-initialize cipher for decryption, re-set the iv, then
+ * decrypt the ciphertext
*/
- status = cipher_set_aad(c, test_case->aad,
- test_case->aad_length_octets);
+ status = srtp_cipher_init(c, key);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_decrypt);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) {
+ /*
+ * Set the AAD
+ */
+ status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ debug_print(srtp_mod_cipher, "AAD: %s",
+ srtp_octet_string_hex_string(test_case->aad,
+ test_case->aad_length_octets));
+ }
+ status = srtp_cipher_decrypt(c, buffer, &length);
if (status) {
- cipher_dealloc(c);
+ srtp_cipher_dealloc(c);
return status;
- }
- debug_print(mod_cipher, "AAD: %s",
- octet_string_hex_string(test_case->aad,
- test_case->aad_length_octets));
+ }
+
+ debug_print(srtp_mod_cipher, "plaintext[2]: %s",
+ srtp_octet_string_hex_string(buffer, length));
+
+ /* compare the resulting plaintext with the original one */
+ if (length != plaintext_len) {
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_algo_fail;
+ }
+ status = srtp_err_status_ok;
+ for (i = 0; i < plaintext_len; i++) {
+ if (buffer[i] != buffer2[i]) {
+ status = srtp_err_status_algo_fail;
+ debug_print(srtp_mod_cipher, "random test case %d failed", case_num);
+ debug_print(srtp_mod_cipher, "(failure at byte %d)", i);
+ }
+ }
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_algo_fail;
+ }
+
}
- status = cipher_decrypt(c, buffer, &length);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
-
- debug_print(mod_cipher, "plaintext[2]: %s",
- octet_string_hex_string(buffer, length));
-
- /* compare the resulting plaintext with the original one */
- if (length != (unsigned int)plaintext_len) {
- return err_status_algo_fail;
- }
- status = err_status_ok;
- for (i=0; i < plaintext_len; i++)
- if (buffer[i] != buffer2[i]) {
- status = err_status_algo_fail;
- debug_print(mod_cipher, "random test case %d failed", case_num);
- debug_print(mod_cipher, "(failure at byte %d)", i);
- }
+
+ status = srtp_cipher_dealloc(c);
if (status) {
- cipher_dealloc(c);
- return err_status_algo_fail;
+ return status;
}
-
- }
-
- status = cipher_dealloc(c);
- if (status)
- return status;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-/*
- * cipher_type_self_test(ct) performs cipher_type_test on ct's internal
+/*
+ * srtp_cipher_type_self_test(ct) performs srtp_cipher_type_test on ct's internal
* list of test data.
*/
-
-err_status_t
-cipher_type_self_test(const cipher_type_t *ct) {
- return cipher_type_test(ct, ct->test_data);
+srtp_err_status_t srtp_cipher_type_self_test (const srtp_cipher_type_t *ct)
+{
+ return srtp_cipher_type_test(ct, ct->test_data);
}
/*
* cipher_bits_per_second(c, l, t) computes (an estimate of) the
* number of bits that a cipher implementation can encrypt in a second
- *
+ *
* c is a cipher (which MUST be allocated and initialized already), l
* is the length in octets of the test data to be encrypted, and t is
* the number of trials
*
* if an error is encountered, the value 0 is returned
*/
+uint64_t srtp_cipher_bits_per_second (srtp_cipher_t *c, int octets_in_buffer, int num_trials)
+{
+ int i;
+ v128_t nonce;
+ clock_t timer;
+ unsigned char *enc_buf;
+ unsigned int len = octets_in_buffer;
+
+ enc_buf = (unsigned char*)srtp_crypto_alloc(octets_in_buffer);
+ if (enc_buf == NULL) {
+ return 0; /* indicate bad parameters by returning null */
-uint64_t
-cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials) {
- int i;
- v128_t nonce;
- clock_t timer;
- unsigned char *enc_buf;
- unsigned int len = octets_in_buffer;
-
- enc_buf = (unsigned char*) crypto_alloc(octets_in_buffer);
- if (enc_buf == NULL)
- return 0; /* indicate bad parameters by returning null */
-
- /* time repeated trials */
- v128_set_to_zero(&nonce);
- timer = clock();
- for(i=0; i < num_trials; i++, nonce.v32[3] = i) {
- cipher_set_iv(c, &nonce, direction_encrypt);
- cipher_encrypt(c, enc_buf, &len);
- }
- timer = clock() - timer;
+ }
+ /* time repeated trials */
+ v128_set_to_zero(&nonce);
+ timer = clock();
+ for (i = 0; i < num_trials; i++, nonce.v32[3] = i) {
+ if (srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt) != srtp_err_status_ok) {
+ srtp_crypto_free(enc_buf);
+ return 0;
+ }
+ if (srtp_cipher_encrypt(c, enc_buf, &len) != srtp_err_status_ok) {
+ srtp_crypto_free(enc_buf);
+ return 0;
+ }
+ }
+ timer = clock() - timer;
- crypto_free(enc_buf);
+ srtp_crypto_free(enc_buf);
- if (timer == 0) {
- /* Too fast! */
- return 0;
- }
-
- return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer;
+ if (timer == 0) {
+ /* Too fast! */
+ return 0;
+ }
+
+ return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer;
}
*/
/*
- *
- * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "datatypes.h"
#include "null_cipher.h"
+#include "err.h" /* for srtp_debug */
#include "alloc.h"
/* the null_cipher uses the cipher debug module */
-extern debug_module_t mod_cipher;
-
-err_status_t
-null_cipher_alloc(cipher_t **c, int key_len, int tlen) {
- extern cipher_type_t null_cipher;
- uint8_t *pointer;
-
- debug_print(mod_cipher,
- "allocating cipher with key length %d", key_len);
-
- /* allocate memory a cipher of type null_cipher */
- pointer = (uint8_t*)crypto_alloc(sizeof(null_cipher_ctx_t) + sizeof(cipher_t));
- if (pointer == NULL)
- return err_status_alloc_fail;
-
- /* set pointers */
- *c = (cipher_t *)pointer;
- (*c)->algorithm = NULL_CIPHER;
- (*c)->type = &null_cipher;
- (*c)->state = pointer + sizeof(cipher_t);
-
- /* set key size */
- (*c)->key_len = key_len;
-
- /* increment ref_count */
- null_cipher.ref_count++;
-
- return err_status_ok;
-
+extern srtp_debug_module_t srtp_mod_cipher;
+
+static srtp_err_status_t srtp_null_cipher_alloc (srtp_cipher_t **c, int key_len, int tlen)
+{
+ extern const srtp_cipher_type_t srtp_null_cipher;
+
+ debug_print(srtp_mod_cipher,
+ "allocating cipher with key length %d", key_len);
+
+ /* allocate memory a cipher of type null_cipher */
+ *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
+ if (*c == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+ memset(*c, 0x0, sizeof(srtp_cipher_t));
+
+ /* set pointers */
+ (*c)->algorithm = SRTP_NULL_CIPHER;
+ (*c)->type = &srtp_null_cipher;
+ (*c)->state = (void *) 0x1; /* The null cipher does not maintain state */
+
+ /* set key size */
+ (*c)->key_len = key_len;
+
+ return srtp_err_status_ok;
+
}
-err_status_t
-null_cipher_dealloc(cipher_t *c) {
- extern cipher_type_t null_cipher;
+static srtp_err_status_t srtp_null_cipher_dealloc (srtp_cipher_t *c)
+{
+ extern const srtp_cipher_type_t srtp_null_cipher;
+
+ /* zeroize entire state*/
+ octet_string_set_to_zero(c, sizeof(srtp_cipher_t));
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t *)c,
- sizeof(null_cipher_ctx_t) + sizeof(cipher_t));
+ /* free memory of type null_cipher */
+ srtp_crypto_free(c);
- /* free memory of type null_cipher */
- crypto_free(c);
+ return srtp_err_status_ok;
- /* decrement reference count */
- null_cipher.ref_count--;
-
- return err_status_ok;
-
}
-err_status_t
-null_cipher_init(null_cipher_ctx_t *ctx, const uint8_t *key, int key_len) {
+static srtp_err_status_t srtp_null_cipher_init (void *cv, const uint8_t *key)
+{
+ /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */
- debug_print(mod_cipher, "initializing null cipher", NULL);
+ debug_print(srtp_mod_cipher, "initializing null cipher", NULL);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-null_cipher_set_iv(null_cipher_ctx_t *c, void *iv) {
- return err_status_ok;
+static srtp_err_status_t srtp_null_cipher_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t dir)
+{
+ /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */
+ return srtp_err_status_ok;
}
-err_status_t
-null_cipher_encrypt(null_cipher_ctx_t *c,
- unsigned char *buf, unsigned int *bytes_to_encr) {
- return err_status_ok;
+static srtp_err_status_t srtp_null_cipher_encrypt (void *cv,
+ unsigned char *buf, unsigned int *bytes_to_encr)
+{
+ /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */
+ return srtp_err_status_ok;
}
-char
-null_cipher_description[] = "null cipher";
-
-cipher_test_case_t
-null_cipher_test_0 = {
- 0, /* octets in key */
- NULL, /* key */
- 0, /* packet index */
- 0, /* octets in plaintext */
- NULL, /* plaintext */
- 0, /* octets in plaintext */
- NULL, /* ciphertext */
- 0,
- NULL,
- 0,
- NULL /* pointer to next testcase */
+static const char srtp_null_cipher_description[] = "null cipher";
+
+static const srtp_cipher_test_case_t srtp_null_cipher_test_0 = {
+ 0, /* octets in key */
+ NULL, /* key */
+ 0, /* packet index */
+ 0, /* octets in plaintext */
+ NULL, /* plaintext */
+ 0, /* octets in plaintext */
+ NULL, /* ciphertext */
+ 0,
+ NULL,
+ 0,
+ NULL /* pointer to next testcase */
};
* note: the decrypt function is idential to the encrypt function
*/
-cipher_type_t null_cipher = {
- (cipher_alloc_func_t) null_cipher_alloc,
- (cipher_dealloc_func_t) null_cipher_dealloc,
- (cipher_init_func_t) null_cipher_init,
- (cipher_set_aad_func_t) 0,
- (cipher_encrypt_func_t) null_cipher_encrypt,
- (cipher_decrypt_func_t) null_cipher_encrypt,
- (cipher_set_iv_func_t) null_cipher_set_iv,
- (cipher_get_tag_func_t) 0,
- (char *) null_cipher_description,
- (int) 0,
- (cipher_test_case_t *) &null_cipher_test_0,
- (debug_module_t *) NULL,
- (cipher_type_id_t) NULL_CIPHER
+const srtp_cipher_type_t srtp_null_cipher = {
+ srtp_null_cipher_alloc,
+ srtp_null_cipher_dealloc,
+ srtp_null_cipher_init,
+ 0, /* set_aad */
+ srtp_null_cipher_encrypt,
+ srtp_null_cipher_encrypt,
+ srtp_null_cipher_set_iv,
+ 0, /* get_tag */
+ srtp_null_cipher_description,
+ &srtp_null_cipher_test_0,
+ SRTP_NULL_CIPHER
};
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "auth.h"
+#include "err.h" /* for srtp_debug */
+#include "datatypes.h" /* for octet_string */
/* the debug module for authentiation */
-debug_module_t mod_auth = {
- 0, /* debugging is off by default */
- "auth func" /* printable name for module */
+srtp_debug_module_t srtp_mod_auth = {
+ 0, /* debugging is off by default */
+ "auth func" /* printable name for module */
};
-int
-auth_get_key_length(const auth_t *a) {
- return a->key_len;
-}
-
-int
-auth_get_tag_length(const auth_t *a) {
- return a->out_len;
+int srtp_auth_get_key_length (const srtp_auth_t *a)
+{
+ return a->key_len;
}
-int
-auth_get_prefix_length(const auth_t *a) {
- return a->prefix_len;
+int srtp_auth_get_tag_length (const srtp_auth_t *a)
+{
+ return a->out_len;
}
-int
-auth_type_get_ref_count(const auth_type_t *at) {
- return at->ref_count;
+int srtp_auth_get_prefix_length (const srtp_auth_t *a)
+{
+ return a->prefix_len;
}
/*
- * auth_type_test() tests an auth function of type ct against
+ * srtp_auth_type_test() tests an auth function of type ct against
* test cases provided in a list test_data of values of key, data, and tag
* that is known to be good
*/
/* should be big enough for most occasions */
#define SELF_TEST_TAG_BUF_OCTETS 32
-err_status_t
-auth_type_test(const auth_type_t *at, const auth_test_case_t *test_data) {
- const auth_test_case_t *test_case = test_data;
- auth_t *a;
- err_status_t status;
- uint8_t tag[SELF_TEST_TAG_BUF_OCTETS];
- int i, case_num = 0;
-
- debug_print(mod_auth, "running self-test for auth function %s",
- at->description);
-
- /*
- * check to make sure that we have at least one test case, and
- * return an error if we don't - we need to be paranoid here
- */
- if (test_case == NULL)
- return err_status_cant_check;
-
- /* loop over all test cases */
- while (test_case != NULL) {
-
- /* check test case parameters */
- if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS)
- return err_status_bad_param;
-
- /* allocate auth */
- status = auth_type_alloc(at, &a, test_case->key_length_octets,
- test_case->tag_length_octets);
- if (status)
- return status;
-
- /* initialize auth */
- status = auth_init(a, test_case->key);
- if (status) {
- auth_dealloc(a);
- return status;
+srtp_err_status_t
+srtp_auth_type_test (const srtp_auth_type_t *at, const srtp_auth_test_case_t *test_data)
+{
+ const srtp_auth_test_case_t *test_case = test_data;
+ srtp_auth_t *a;
+ srtp_err_status_t status;
+ uint8_t tag[SELF_TEST_TAG_BUF_OCTETS];
+ int i, case_num = 0;
+
+ debug_print(srtp_mod_auth, "running self-test for auth function %s",
+ at->description);
+
+ /*
+ * check to make sure that we have at least one test case, and
+ * return an error if we don't - we need to be paranoid here
+ */
+ if (test_case == NULL) {
+ return srtp_err_status_cant_check;
}
- /* zeroize tag then compute */
- octet_string_set_to_zero(tag, test_case->tag_length_octets);
- status = auth_compute(a, test_case->data,
- test_case->data_length_octets, tag);
- if (status) {
- auth_dealloc(a);
- return status;
+ /* loop over all test cases */
+ while (test_case != NULL) {
+
+ /* check test case parameters */
+ if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS) {
+ return srtp_err_status_bad_param;
+ }
+
+ /* allocate auth */
+ status = srtp_auth_type_alloc(at, &a, test_case->key_length_octets,
+ test_case->tag_length_octets);
+ if (status) {
+ return status;
+ }
+
+ /* initialize auth */
+ status = srtp_auth_init(a, test_case->key);
+ if (status) {
+ srtp_auth_dealloc(a);
+ return status;
+ }
+
+ /* zeroize tag then compute */
+ octet_string_set_to_zero(tag, test_case->tag_length_octets);
+ status = srtp_auth_compute(a, test_case->data,
+ test_case->data_length_octets, tag);
+ if (status) {
+ srtp_auth_dealloc(a);
+ return status;
+ }
+
+ debug_print(srtp_mod_auth, "key: %s",
+ srtp_octet_string_hex_string(test_case->key,
+ test_case->key_length_octets));
+ debug_print(srtp_mod_auth, "data: %s",
+ srtp_octet_string_hex_string(test_case->data,
+ test_case->data_length_octets));
+ debug_print(srtp_mod_auth, "tag computed: %s",
+ srtp_octet_string_hex_string(tag, test_case->tag_length_octets));
+ debug_print(srtp_mod_auth, "tag expected: %s",
+ srtp_octet_string_hex_string(test_case->tag,
+ test_case->tag_length_octets));
+
+ /* check the result */
+ status = srtp_err_status_ok;
+ for (i = 0; i < test_case->tag_length_octets; i++) {
+ if (tag[i] != test_case->tag[i]) {
+ status = srtp_err_status_algo_fail;
+ debug_print(srtp_mod_auth, "test case %d failed", case_num);
+ debug_print(srtp_mod_auth, " (mismatch at octet %d)", i);
+ }
+ }
+ if (status) {
+ srtp_auth_dealloc(a);
+ return srtp_err_status_algo_fail;
+ }
+
+ /* deallocate the auth function */
+ status = srtp_auth_dealloc(a);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * the auth function passed the test case, so move on to the next test
+ * case in the list; if NULL, we'll quit and return an OK
+ */
+ test_case = test_case->next_test_case;
+ ++case_num;
}
-
- debug_print(mod_auth, "key: %s",
- octet_string_hex_string(test_case->key,
- test_case->key_length_octets));
- debug_print(mod_auth, "data: %s",
- octet_string_hex_string(test_case->data,
- test_case->data_length_octets));
- debug_print(mod_auth, "tag computed: %s",
- octet_string_hex_string(tag, test_case->tag_length_octets));
- debug_print(mod_auth, "tag expected: %s",
- octet_string_hex_string(test_case->tag,
- test_case->tag_length_octets));
-
- /* check the result */
- status = err_status_ok;
- for (i=0; i < test_case->tag_length_octets; i++)
- if (tag[i] != test_case->tag[i]) {
- status = err_status_algo_fail;
- debug_print(mod_auth, "test case %d failed", case_num);
- debug_print(mod_auth, " (mismatch at octet %d)", i);
- }
- if (status) {
- auth_dealloc(a);
- return err_status_algo_fail;
- }
-
- /* deallocate the auth function */
- status = auth_dealloc(a);
- if (status)
- return status;
-
- /*
- * the auth function passed the test case, so move on to the next test
- * case in the list; if NULL, we'll quit and return an OK
- */
- test_case = test_case->next_test_case;
- ++case_num;
- }
-
- return err_status_ok;
+
+ return srtp_err_status_ok;
}
-/*
- * auth_type_self_test(at) performs auth_type_test on at's internal
+/*
+ * auth_type_self_test(at) performs srtp_auth_type_test on at's internal
* list of test data.
*/
-err_status_t
-auth_type_self_test(const auth_type_t *at) {
- return auth_type_test(at, at->test_data);
+srtp_err_status_t srtp_auth_type_self_test (const srtp_auth_type_t *at)
+{
+ return srtp_auth_type_test(at, at->test_data);
}
/*
* hmac.c
*
- * implementation of hmac auth_type_t
+ * implementation of hmac srtp_auth_type_t
*
* David A. McGrew
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*
*/
-#include "hmac.h"
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include "hmac.h"
#include "alloc.h"
/* the debug module for authentiation */
-debug_module_t mod_hmac = {
- 0, /* debugging is off by default */
- "hmac sha-1" /* printable name for module */
+srtp_debug_module_t srtp_mod_hmac = {
+ 0, /* debugging is off by default */
+ "hmac sha-1" /* printable name for module */
};
-err_status_t
-hmac_alloc(auth_t **a, int key_len, int out_len) {
- extern auth_type_t hmac;
- uint8_t *pointer;
+static srtp_err_status_t srtp_hmac_alloc (srtp_auth_t **a, int key_len, int out_len)
+{
+ extern const srtp_auth_type_t srtp_hmac;
+ uint8_t *pointer;
- debug_print(mod_hmac, "allocating auth func with key length %d", key_len);
- debug_print(mod_hmac, " tag length %d", out_len);
+ debug_print(srtp_mod_hmac, "allocating auth func with key length %d", key_len);
+ debug_print(srtp_mod_hmac, " tag length %d", out_len);
- /*
- * check key length - note that we don't support keys larger
- * than 20 bytes yet
- */
- if (key_len > 20)
- return err_status_bad_param;
-
- /* check output length - should be less than 20 bytes */
- if (out_len > 20)
- return err_status_bad_param;
-
- /* allocate memory for auth and hmac_ctx_t structures */
- pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t));
- if (pointer == NULL)
- return err_status_alloc_fail;
+ /*
+ * check key length - note that we don't support keys larger
+ * than 20 bytes yet
+ */
+ if (key_len > 20) {
+ return srtp_err_status_bad_param;
+ }
+
+ /* check output length - should be less than 20 bytes */
+ if (out_len > 20) {
+ return srtp_err_status_bad_param;
+ }
+
+ /* allocate memory for auth and srtp_hmac_ctx_t structures */
+ pointer = (uint8_t*)srtp_crypto_alloc(sizeof(srtp_hmac_ctx_t) + sizeof(srtp_auth_t));
+ if (pointer == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+
+ /* set pointers */
+ *a = (srtp_auth_t*)pointer;
+ (*a)->type = &srtp_hmac;
+ (*a)->state = pointer + sizeof(srtp_auth_t);
+ (*a)->out_len = out_len;
+ (*a)->key_len = key_len;
+ (*a)->prefix_len = 0;
+
+ return srtp_err_status_ok;
+}
- /* set pointers */
- *a = (auth_t *)pointer;
- (*a)->type = &hmac;
- (*a)->state = pointer + sizeof(auth_t);
- (*a)->out_len = out_len;
- (*a)->key_len = key_len;
- (*a)->prefix_len = 0;
+static srtp_err_status_t srtp_hmac_dealloc (srtp_auth_t *a)
+{
+ /* zeroize entire state*/
+ octet_string_set_to_zero(a, sizeof(srtp_hmac_ctx_t) + sizeof(srtp_auth_t));
- /* increment global count of all hmac uses */
- hmac.ref_count++;
+ /* free memory */
+ srtp_crypto_free(a);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_dealloc(auth_t *a) {
- extern auth_type_t hmac;
-
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t *)a,
- sizeof(hmac_ctx_t) + sizeof(auth_t));
-
- /* free memory */
- crypto_free(a);
-
- /* decrement global count of all hmac uses */
- hmac.ref_count--;
-
- return err_status_ok;
-}
+static srtp_err_status_t srtp_hmac_init (void *statev, const uint8_t *key, int key_len)
+{
+ srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
+ int i;
+ uint8_t ipad[64];
+
+ /*
+ * check key length - note that we don't support keys larger
+ * than 20 bytes yet
+ */
+ if (key_len > 20) {
+ return srtp_err_status_bad_param;
+ }
-err_status_t
-hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len) {
- int i;
- uint8_t ipad[64];
-
/*
- * check key length - note that we don't support keys larger
- * than 20 bytes yet
- */
- if (key_len > 20)
- return err_status_bad_param;
-
- /*
- * set values of ipad and opad by exoring the key into the
- * appropriate constant values
- */
- for (i=0; i < key_len; i++) {
- ipad[i] = key[i] ^ 0x36;
- state->opad[i] = key[i] ^ 0x5c;
- }
- /* set the rest of ipad, opad to constant values */
- for ( ; i < 64; i++) {
- ipad[i] = 0x36;
- ((uint8_t *)state->opad)[i] = 0x5c;
- }
-
- debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64));
-
- /* initialize sha1 context */
- sha1_init(&state->init_ctx);
-
- /* hash ipad ^ key */
- sha1_update(&state->init_ctx, ipad, 64);
- memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t));
-
- return err_status_ok;
+ * set values of ipad and opad by exoring the key into the
+ * appropriate constant values
+ */
+ for (i = 0; i < key_len; i++) {
+ ipad[i] = key[i] ^ 0x36;
+ state->opad[i] = key[i] ^ 0x5c;
+ }
+ /* set the rest of ipad, opad to constant values */
+ for (; i < 64; i++) {
+ ipad[i] = 0x36;
+ ((uint8_t*)state->opad)[i] = 0x5c;
+ }
+
+ debug_print(srtp_mod_hmac, "ipad: %s", srtp_octet_string_hex_string(ipad, 64));
+
+ /* initialize sha1 context */
+ srtp_sha1_init(&state->init_ctx);
+
+ /* hash ipad ^ key */
+ srtp_sha1_update(&state->init_ctx, ipad, 64);
+ memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t));
+
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_start(hmac_ctx_t *state) {
-
- memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t));
+static srtp_err_status_t srtp_hmac_start (void *statev)
+{
+ srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
- return err_status_ok;
+ memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t));
+
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets) {
+static srtp_err_status_t srtp_hmac_update (void *statev, const uint8_t *message, int msg_octets)
+{
+ srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
+
+ debug_print(srtp_mod_hmac, "input: %s",
+ srtp_octet_string_hex_string(message, msg_octets));
- debug_print(mod_hmac, "input: %s",
- octet_string_hex_string(message, msg_octets));
-
- /* hash message into sha1 context */
- sha1_update(&state->ctx, message, msg_octets);
+ /* hash message into sha1 context */
+ srtp_sha1_update(&state->ctx, message, msg_octets);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_compute(hmac_ctx_t *state, const void *message,
- int msg_octets, int tag_len, uint8_t *result) {
- uint32_t hash_value[5];
- uint32_t H[5];
- int i;
-
- /* check tag length, return error if we can't provide the value expected */
- if (tag_len > 20)
- return err_status_bad_param;
-
- /* hash message, copy output into H */
- hmac_update(state, (const uint8_t*)message, msg_octets);
- sha1_final(&state->ctx, H);
-
- /*
- * note that we don't need to debug_print() the input, since the
- * function hmac_update() already did that for us
- */
- debug_print(mod_hmac, "intermediate state: %s",
- octet_string_hex_string((uint8_t *)H, 20));
-
- /* re-initialize hash context */
- sha1_init(&state->ctx);
-
- /* hash opad ^ key */
- sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
-
- /* hash the result of the inner hash */
- sha1_update(&state->ctx, (uint8_t *)H, 20);
-
- /* the result is returned in the array hash_value[] */
- sha1_final(&state->ctx, hash_value);
-
- /* copy hash_value to *result */
- for (i=0; i < tag_len; i++)
- result[i] = ((uint8_t *)hash_value)[i];
-
- debug_print(mod_hmac, "output: %s",
- octet_string_hex_string((uint8_t *)hash_value, tag_len));
-
- return err_status_ok;
+static srtp_err_status_t srtp_hmac_compute (void *statev, const uint8_t *message,
+ int msg_octets, int tag_len, uint8_t *result)
+{
+ srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
+ uint32_t hash_value[5];
+ uint32_t H[5];
+ int i;
+
+ /* check tag length, return error if we can't provide the value expected */
+ if (tag_len > 20) {
+ return srtp_err_status_bad_param;
+ }
+
+ /* hash message, copy output into H */
+ srtp_hmac_update(state, message, msg_octets);
+ srtp_sha1_final(&state->ctx, H);
+
+ /*
+ * note that we don't need to debug_print() the input, since the
+ * function hmac_update() already did that for us
+ */
+ debug_print(srtp_mod_hmac, "intermediate state: %s",
+ srtp_octet_string_hex_string((uint8_t*)H, 20));
+
+ /* re-initialize hash context */
+ srtp_sha1_init(&state->ctx);
+
+ /* hash opad ^ key */
+ srtp_sha1_update(&state->ctx, (uint8_t*)state->opad, 64);
+
+ /* hash the result of the inner hash */
+ srtp_sha1_update(&state->ctx, (uint8_t*)H, 20);
+
+ /* the result is returned in the array hash_value[] */
+ srtp_sha1_final(&state->ctx, hash_value);
+
+ /* copy hash_value to *result */
+ for (i = 0; i < tag_len; i++) {
+ result[i] = ((uint8_t*)hash_value)[i];
+ }
+
+ debug_print(srtp_mod_hmac, "output: %s",
+ srtp_octet_string_hex_string((uint8_t*)hash_value, tag_len));
+
+ return srtp_err_status_ok;
}
/* begin test case 0 */
-uint8_t
-hmac_test_case_0_key[20] = {
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b
+static const uint8_t srtp_hmac_test_case_0_key[20] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b
};
-uint8_t
-hmac_test_case_0_data[8] = {
- 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */
+static const uint8_t srtp_hmac_test_case_0_data[8] = {
+ 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */
};
-uint8_t
-hmac_test_case_0_tag[20] = {
- 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
- 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
- 0xf1, 0x46, 0xbe, 0x00
+static const uint8_t srtp_hmac_test_case_0_tag[20] = {
+ 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
+ 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
+ 0xf1, 0x46, 0xbe, 0x00
};
-auth_test_case_t
-hmac_test_case_0 = {
- 20, /* octets in key */
- hmac_test_case_0_key, /* key */
- 8, /* octets in data */
- hmac_test_case_0_data, /* data */
- 20, /* octets in tag */
- hmac_test_case_0_tag, /* tag */
- NULL /* pointer to next testcase */
+static const srtp_auth_test_case_t srtp_hmac_test_case_0 = {
+ 20, /* octets in key */
+ srtp_hmac_test_case_0_key, /* key */
+ 8, /* octets in data */
+ srtp_hmac_test_case_0_data, /* data */
+ 20, /* octets in tag */
+ srtp_hmac_test_case_0_tag, /* tag */
+ NULL /* pointer to next testcase */
};
/* end test case 0 */
-char hmac_description[] = "hmac sha-1 authentication function";
+static const char srtp_hmac_description[] = "hmac sha-1 authentication function";
/*
- * auth_type_t hmac is the hmac metaobject
+ * srtp_auth_type_t hmac is the hmac metaobject
*/
-auth_type_t
-hmac = {
- (auth_alloc_func) hmac_alloc,
- (auth_dealloc_func) hmac_dealloc,
- (auth_init_func) hmac_init,
- (auth_compute_func) hmac_compute,
- (auth_update_func) hmac_update,
- (auth_start_func) hmac_start,
- (char *) hmac_description,
- (int) 0, /* instance count */
- (auth_test_case_t *) &hmac_test_case_0,
- (debug_module_t *) &mod_hmac,
- (auth_type_id_t) HMAC_SHA1
+const srtp_auth_type_t srtp_hmac = {
+ srtp_hmac_alloc,
+ srtp_hmac_dealloc,
+ srtp_hmac_init,
+ srtp_hmac_compute,
+ srtp_hmac_update,
+ srtp_hmac_start,
+ srtp_hmac_description,
+ &srtp_hmac_test_case_0,
+ SRTP_HMAC_SHA1
};
/*
* hmac_ossl.c
*
- * Implementation of hmac auth_type_t that leverages OpenSSL
+ * Implementation of hmac srtp_auth_type_t that leverages OpenSSL
*
* John A. Foley
* Cisco Systems, Inc.
*/
/*
*
- * Copyright(c) 2013, Cisco Systems, Inc.
+ * Copyright(c) 2013-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*
*/
-#include "hmac.h"
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#include "auth.h"
#include "alloc.h"
+#include "err.h" /* for srtp_debug */
#include <openssl/evp.h>
+#include <openssl/hmac.h>
+
+#define SHA1_DIGEST_SIZE 20
/* the debug module for authentiation */
-debug_module_t mod_hmac = {
+srtp_debug_module_t srtp_mod_hmac = {
0, /* debugging is off by default */
"hmac sha-1 openssl" /* printable name for module */
};
-err_status_t
-hmac_alloc (auth_t **a, int key_len, int out_len)
+static srtp_err_status_t srtp_hmac_alloc (srtp_auth_t **a, int key_len, int out_len)
{
- extern auth_type_t hmac;
- uint8_t *pointer;
- hmac_ctx_t *new_hmac_ctx;
-
- debug_print(mod_hmac, "allocating auth func with key length %d", key_len);
- debug_print(mod_hmac, " tag length %d", out_len);
-
- /*
- * check key length - note that we don't support keys larger
- * than 20 bytes yet
- */
- if (key_len > 20) {
- return err_status_bad_param;
- }
+ extern const srtp_auth_type_t srtp_hmac;
+
+ debug_print(srtp_mod_hmac, "allocating auth func with key length %d", key_len);
+ debug_print(srtp_mod_hmac, " tag length %d", out_len);
/* check output length - should be less than 20 bytes */
- if (out_len > 20) {
- return err_status_bad_param;
+ if (out_len > SHA1_DIGEST_SIZE) {
+ return srtp_err_status_bad_param;
+ }
+
+/* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated
+ using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ {
+ /* allocate memory for auth and HMAC_CTX structures */
+ uint8_t* pointer;
+ HMAC_CTX *new_hmac_ctx;
+ pointer = (uint8_t*)srtp_crypto_alloc(sizeof(HMAC_CTX) + sizeof(srtp_auth_t));
+ if (pointer == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+ *a = (srtp_auth_t*)pointer;
+ (*a)->state = pointer + sizeof(srtp_auth_t);
+ new_hmac_ctx = (HMAC_CTX*)((*a)->state);
+
+ HMAC_CTX_init(new_hmac_ctx);
+ }
+
+#else
+ *a = (srtp_auth_t*)srtp_crypto_alloc(sizeof(srtp_auth_t));
+ if (*a == NULL) {
+ return srtp_err_status_alloc_fail;
}
- /* allocate memory for auth and hmac_ctx_t structures */
- pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t));
- if (pointer == NULL) {
- return err_status_alloc_fail;
+ (*a)->state = HMAC_CTX_new();
+ if ((*a)->state == NULL) {
+ srtp_crypto_free(*a);
+ *a = NULL;
+ return srtp_err_status_alloc_fail;
}
+#endif
/* set pointers */
- *a = (auth_t*)pointer;
- (*a)->type = &hmac;
- (*a)->state = pointer + sizeof(auth_t);
+ (*a)->type = &srtp_hmac;
(*a)->out_len = out_len;
(*a)->key_len = key_len;
(*a)->prefix_len = 0;
- new_hmac_ctx = (hmac_ctx_t*)((*a)->state);
- memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t));
- /* increment global count of all hmac uses */
- hmac.ref_count++;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_dealloc (auth_t *a)
+static srtp_err_status_t srtp_hmac_dealloc (srtp_auth_t *a)
{
- extern auth_type_t hmac;
- hmac_ctx_t *hmac_ctx;
+ HMAC_CTX *hmac_ctx;
- hmac_ctx = (hmac_ctx_t*)a->state;
- if (hmac_ctx->ctx_initialized) {
- EVP_MD_CTX_cleanup(&hmac_ctx->ctx);
- }
- if (hmac_ctx->init_ctx_initialized) {
- EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx);
- }
+ hmac_ctx = (HMAC_CTX*)a->state;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ HMAC_CTX_cleanup(hmac_ctx);
/* zeroize entire state*/
- octet_string_set_to_zero((uint8_t*)a,
- sizeof(hmac_ctx_t) + sizeof(auth_t));
+ octet_string_set_to_zero(a, sizeof(HMAC_CTX) + sizeof(srtp_auth_t));
- /* free memory */
- crypto_free(a);
+#else
+ HMAC_CTX_free(hmac_ctx);
- /* decrement global count of all hmac uses */
- hmac.ref_count--;
+ /* zeroize entire state*/
+ octet_string_set_to_zero(a, sizeof(srtp_auth_t));
+#endif
- return err_status_ok;
+ /* free memory */
+ srtp_crypto_free(a);
+
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len)
+static srtp_err_status_t srtp_hmac_start (void *statev)
{
- int i;
- uint8_t ipad[64];
-
- /*
- * check key length - note that we don't support keys larger
- * than 20 bytes yet
- */
- if (key_len > 20) {
- return err_status_bad_param;
- }
-
- /*
- * set values of ipad and opad by exoring the key into the
- * appropriate constant values
- */
- for (i = 0; i < key_len; i++) {
- ipad[i] = key[i] ^ 0x36;
- state->opad[i] = key[i] ^ 0x5c;
- }
- /* set the rest of ipad, opad to constant values */
- for (; i < 64; i++) {
- ipad[i] = 0x36;
- ((uint8_t*)state->opad)[i] = 0x5c;
- }
-
- debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64));
+ HMAC_CTX *state = (HMAC_CTX *)statev;
- /* initialize sha1 context */
- sha1_init(&state->init_ctx);
- state->init_ctx_initialized = 1;
+ if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0)
+ return srtp_err_status_auth_fail;
- /* hash ipad ^ key */
- sha1_update(&state->init_ctx, ipad, 64);
- return (hmac_start(state));
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_start (hmac_ctx_t *state)
+static srtp_err_status_t srtp_hmac_init (void *statev, const uint8_t *key, int key_len)
{
- if (state->ctx_initialized) {
- EVP_MD_CTX_cleanup(&state->ctx);
- }
- if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) {
- return err_status_auth_fail;
- } else {
- state->ctx_initialized = 1;
- return err_status_ok;
- }
+ HMAC_CTX *state = (HMAC_CTX *)statev;
+
+ if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0)
+ return srtp_err_status_auth_fail;
+
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets)
+static srtp_err_status_t srtp_hmac_update (void *statev, const uint8_t *message, int msg_octets)
{
+ HMAC_CTX *state = (HMAC_CTX *)statev;
- debug_print(mod_hmac, "input: %s",
- octet_string_hex_string(message, msg_octets));
+ debug_print(srtp_mod_hmac, "input: %s",
+ srtp_octet_string_hex_string(message, msg_octets));
- /* hash message into sha1 context */
- sha1_update(&state->ctx, message, msg_octets);
+ if (HMAC_Update(state, message, msg_octets) == 0)
+ return srtp_err_status_auth_fail;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_compute (hmac_ctx_t *state, const void *message,
+static srtp_err_status_t srtp_hmac_compute (void *statev, const uint8_t *message,
int msg_octets, int tag_len, uint8_t *result)
{
- uint32_t hash_value[5];
- uint32_t H[5];
+ HMAC_CTX *state = (HMAC_CTX *)statev;
+ uint8_t hash_value[SHA1_DIGEST_SIZE];
int i;
+ unsigned int len;
/* check tag length, return error if we can't provide the value expected */
- if (tag_len > 20) {
- return err_status_bad_param;
+ if (tag_len > SHA1_DIGEST_SIZE) {
+ return srtp_err_status_bad_param;
}
/* hash message, copy output into H */
- sha1_update(&state->ctx, message, msg_octets);
- sha1_final(&state->ctx, H);
-
- /*
- * note that we don't need to debug_print() the input, since the
- * function hmac_update() already did that for us
- */
- debug_print(mod_hmac, "intermediate state: %s",
- octet_string_hex_string((uint8_t*)H, 20));
-
- /* re-initialize hash context */
- sha1_init(&state->ctx);
-
- /* hash opad ^ key */
- sha1_update(&state->ctx, (uint8_t*)state->opad, 64);
+ if (HMAC_Update(state, message, msg_octets) == 0)
+ return srtp_err_status_auth_fail;
- /* hash the result of the inner hash */
- sha1_update(&state->ctx, (uint8_t*)H, 20);
+ if (HMAC_Final(state, hash_value, &len) == 0)
+ return srtp_err_status_auth_fail;
- /* the result is returned in the array hash_value[] */
- sha1_final(&state->ctx, hash_value);
+ if (len < tag_len)
+ return srtp_err_status_auth_fail;
/* copy hash_value to *result */
for (i = 0; i < tag_len; i++) {
- result[i] = ((uint8_t*)hash_value)[i];
+ result[i] = hash_value[i];
}
- debug_print(mod_hmac, "output: %s",
- octet_string_hex_string((uint8_t*)hash_value, tag_len));
+ debug_print(srtp_mod_hmac, "output: %s",
+ srtp_octet_string_hex_string(hash_value, tag_len));
- return err_status_ok;
+ return srtp_err_status_ok;
}
/* begin test case 0 */
-uint8_t
- hmac_test_case_0_key[20] = {
+static const uint8_t srtp_hmac_test_case_0_key[SHA1_DIGEST_SIZE] = {
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b
};
-uint8_t
- hmac_test_case_0_data[8] = {
+static const uint8_t srtp_hmac_test_case_0_data[8] = {
0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */
};
-uint8_t
- hmac_test_case_0_tag[20] = {
+static const uint8_t srtp_hmac_test_case_0_tag[SHA1_DIGEST_SIZE] = {
0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
0xf1, 0x46, 0xbe, 0x00
};
-auth_test_case_t
- hmac_test_case_0 = {
- 20, /* octets in key */
- hmac_test_case_0_key, /* key */
- 8, /* octets in data */
- hmac_test_case_0_data, /* data */
- 20, /* octets in tag */
- hmac_test_case_0_tag, /* tag */
- NULL /* pointer to next testcase */
+static const srtp_auth_test_case_t srtp_hmac_test_case_0 = {
+ sizeof(srtp_hmac_test_case_0_key), /* octets in key */
+ srtp_hmac_test_case_0_key, /* key */
+ sizeof(srtp_hmac_test_case_0_data), /* octets in data */
+ srtp_hmac_test_case_0_data, /* data */
+ sizeof(srtp_hmac_test_case_0_tag), /* octets in tag */
+ srtp_hmac_test_case_0_tag, /* tag */
+ NULL /* pointer to next testcase */
};
/* end test case 0 */
-char hmac_description[] = "hmac sha-1 authentication function";
+static const char srtp_hmac_description[] = "hmac sha-1 authentication function";
/*
- * auth_type_t hmac is the hmac metaobject
+ * srtp_auth_type_t hmac is the hmac metaobject
*/
-auth_type_t
- hmac = {
- (auth_alloc_func) hmac_alloc,
- (auth_dealloc_func) hmac_dealloc,
- (auth_init_func) hmac_init,
- (auth_compute_func) hmac_compute,
- (auth_update_func) hmac_update,
- (auth_start_func) hmac_start,
- (char*) hmac_description,
- (int) 0, /* instance count */
- (auth_test_case_t*) &hmac_test_case_0,
- (debug_module_t*) &mod_hmac,
- (auth_type_id_t) HMAC_SHA1
+const srtp_auth_type_t srtp_hmac = {
+ srtp_hmac_alloc,
+ srtp_hmac_dealloc,
+ srtp_hmac_init,
+ srtp_hmac_compute,
+ srtp_hmac_update,
+ srtp_hmac_start,
+ srtp_hmac_description,
+ &srtp_hmac_test_case_0,
+ SRTP_HMAC_SHA1
};
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
-#include "null_auth.h"
+#include "null_auth.h"
+#include "err.h" /* for srtp_debug */
#include "alloc.h"
/* null_auth uses the auth debug module */
-extern debug_module_t mod_auth;
+extern srtp_debug_module_t srtp_mod_auth;
-err_status_t
-null_auth_alloc(auth_t **a, int key_len, int out_len) {
- extern auth_type_t null_auth;
- uint8_t *pointer;
+static srtp_err_status_t srtp_null_auth_alloc (srtp_auth_t **a, int key_len, int out_len)
+{
+ extern const srtp_auth_type_t srtp_null_auth;
+ uint8_t *pointer;
- debug_print(mod_auth, "allocating auth func with key length %d", key_len);
- debug_print(mod_auth, " tag length %d", out_len);
+ debug_print(srtp_mod_auth, "allocating auth func with key length %d", key_len);
+ debug_print(srtp_mod_auth, " tag length %d", out_len);
- /* allocate memory for auth and null_auth_ctx_t structures */
- pointer = (uint8_t*)crypto_alloc(sizeof(null_auth_ctx_t) + sizeof(auth_t));
- if (pointer == NULL)
- return err_status_alloc_fail;
+ /* allocate memory for auth and srtp_null_auth_ctx_t structures */
+ pointer = (uint8_t*)srtp_crypto_alloc(sizeof(srtp_null_auth_ctx_t) + sizeof(srtp_auth_t));
+ if (pointer == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
- /* set pointers */
- *a = (auth_t *)pointer;
- (*a)->type = &null_auth;
- (*a)->state = pointer + sizeof (auth_t);
- (*a)->out_len = out_len;
- (*a)->prefix_len = out_len;
- (*a)->key_len = key_len;
+ /* set pointers */
+ *a = (srtp_auth_t*)pointer;
+ (*a)->type = &srtp_null_auth;
+ (*a)->state = pointer + sizeof(srtp_auth_t);
+ (*a)->out_len = out_len;
+ (*a)->prefix_len = out_len;
+ (*a)->key_len = key_len;
- /* increment global count of all null_auth uses */
- null_auth.ref_count++;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-null_auth_dealloc(auth_t *a) {
- extern auth_type_t null_auth;
-
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t *)a,
- sizeof(null_auth_ctx_t) + sizeof(auth_t));
-
- /* free memory */
- crypto_free(a);
-
- /* decrement global count of all null_auth uses */
- null_auth.ref_count--;
-
- return err_status_ok;
+static srtp_err_status_t srtp_null_auth_dealloc (srtp_auth_t *a)
+{
+ extern const srtp_auth_type_t srtp_null_auth;
+
+ /* zeroize entire state*/
+ octet_string_set_to_zero(a, sizeof(srtp_null_auth_ctx_t) + sizeof(srtp_auth_t));
+
+ /* free memory */
+ srtp_crypto_free(a);
+
+ return srtp_err_status_ok;
}
-err_status_t
-null_auth_init(null_auth_ctx_t *state, const uint8_t *key, int key_len) {
+static srtp_err_status_t srtp_null_auth_init (void *statev, const uint8_t *key, int key_len)
+{
+ /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */
+ /* accept any length of key, and do nothing */
- /* accept any length of key, and do nothing */
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-null_auth_compute(null_auth_ctx_t *state, uint8_t *message,
- int msg_octets, int tag_len, uint8_t *result) {
+static srtp_err_status_t srtp_null_auth_compute (void *statev, const uint8_t *message,
+ int msg_octets, int tag_len, uint8_t *result)
+{
+ /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-null_auth_update(null_auth_ctx_t *state, uint8_t *message,
- int msg_octets) {
+static srtp_err_status_t srtp_null_auth_update (void *statev, const uint8_t *message,
+ int msg_octets)
+{
+ /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-null_auth_start(null_auth_ctx_t *state) {
- return err_status_ok;
+static srtp_err_status_t srtp_null_auth_start (void *statev)
+{
+ /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */
+
+ return srtp_err_status_ok;
}
/*
- * auth_type_t - defines description, test case, and null_auth
+ * srtp_auth_type_t - defines description, test case, and null_auth
* metaobject
*/
/* begin test case 0 */
-auth_test_case_t
-null_auth_test_case_0 = {
- 0, /* octets in key */
- NULL, /* key */
- 0, /* octets in data */
- NULL, /* data */
- 0, /* octets in tag */
- NULL, /* tag */
- NULL /* pointer to next testcase */
+static const srtp_auth_test_case_t srtp_null_auth_test_case_0 = {
+ 0, /* octets in key */
+ NULL, /* key */
+ 0, /* octets in data */
+ NULL, /* data */
+ 0, /* octets in tag */
+ NULL, /* tag */
+ NULL /* pointer to next testcase */
};
/* end test case 0 */
-char null_auth_description[] = "null authentication function";
-
-auth_type_t
-null_auth = {
- (auth_alloc_func) null_auth_alloc,
- (auth_dealloc_func) null_auth_dealloc,
- (auth_init_func) null_auth_init,
- (auth_compute_func) null_auth_compute,
- (auth_update_func) null_auth_update,
- (auth_start_func) null_auth_start,
- (char *) null_auth_description,
- (int) 0, /* instance count */
- (auth_test_case_t *) &null_auth_test_case_0,
- (debug_module_t *) NULL,
- (auth_type_id_t) NULL_AUTH
+static const char srtp_null_auth_description[] = "null authentication function";
+
+const srtp_auth_type_t srtp_null_auth = {
+ srtp_null_auth_alloc,
+ srtp_null_auth_dealloc,
+ srtp_null_auth_init,
+ srtp_null_auth_compute,
+ srtp_null_auth_update,
+ srtp_null_auth_start,
+ srtp_null_auth_description,
+ &srtp_null_auth_test_case_0,
+ SRTP_NULL_AUTH
};
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
#include "sha1.h"
-debug_module_t mod_sha1 = {
- 0, /* debugging is off by default */
- "sha-1" /* printable module name */
+srtp_debug_module_t srtp_mod_sha1 = {
+ 0, /* debugging is off by default */
+ "sha-1" /* printable module name */
};
/* SN == Rotate left N bits */
#define S5(X) ((X << 5) | (X >> 27))
#define S30(X) ((X << 30) | (X >> 2))
-#define f0(B,C,D) ((B & C) | (~B & D))
-#define f1(B,C,D) (B ^ C ^ D)
-#define f2(B,C,D) ((B & C) | (B & D) | (C & D))
-#define f3(B,C,D) (B ^ C ^ D)
+#define f0(B, C, D) ((B & C) | (~B & D))
+#define f1(B, C, D) (B ^ C ^ D)
+#define f2(B, C, D) ((B & C) | (B & D) | (C & D))
+#define f3(B, C, D) (B ^ C ^ D)
-/*
- * nota bene: the variable K0 appears in the curses library, so we
- * give longer names to these variables to avoid spurious warnings
+/*
+ * nota bene: the variable K0 appears in the curses library, so we
+ * give longer names to these variables to avoid spurious warnings
* on systems that uses curses
*/
uint32_t SHA_K2 = 0x8F1BBCDC; /* Kt for 40 <= t <= 59 */
uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */
-void
-sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) {
- sha1_ctx_t ctx;
+void srtp_sha1 (const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5])
+{
+ srtp_sha1_ctx_t ctx;
- sha1_init(&ctx);
- sha1_update(&ctx, msg, octets_in_msg);
- sha1_final(&ctx, hash_value);
+ srtp_sha1_init(&ctx);
+ srtp_sha1_update(&ctx, msg, octets_in_msg);
+ srtp_sha1_final(&ctx, hash_value);
}
/*
- * sha1_core(M, H) computes the core compression function, where M is
+ * srtp_sha1_core(M, H) computes the core compression function, where M is
* the next part of the message (in network byte order) and H is the
* intermediate state { H0, H1, ...} (in host byte order)
*
* (crypto/cipher/seal.c)
*/
-void
-sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
- uint32_t H0;
- uint32_t H1;
- uint32_t H2;
- uint32_t H3;
- uint32_t H4;
- uint32_t W[80];
- uint32_t A, B, C, D, E, TEMP;
- int t;
-
- /* copy hash_value into H0, H1, H2, H3, H4 */
- H0 = hash_value[0];
- H1 = hash_value[1];
- H2 = hash_value[2];
- H3 = hash_value[3];
- H4 = hash_value[4];
-
- /* copy/xor message into array */
-
- W[0] = be32_to_cpu(M[0]);
- W[1] = be32_to_cpu(M[1]);
- W[2] = be32_to_cpu(M[2]);
- W[3] = be32_to_cpu(M[3]);
- W[4] = be32_to_cpu(M[4]);
- W[5] = be32_to_cpu(M[5]);
- W[6] = be32_to_cpu(M[6]);
- W[7] = be32_to_cpu(M[7]);
- W[8] = be32_to_cpu(M[8]);
- W[9] = be32_to_cpu(M[9]);
- W[10] = be32_to_cpu(M[10]);
- W[11] = be32_to_cpu(M[11]);
- W[12] = be32_to_cpu(M[12]);
- W[13] = be32_to_cpu(M[13]);
- W[14] = be32_to_cpu(M[14]);
- W[15] = be32_to_cpu(M[15]);
- TEMP = W[13] ^ W[8] ^ W[2] ^ W[0]; W[16] = S1(TEMP);
- TEMP = W[14] ^ W[9] ^ W[3] ^ W[1]; W[17] = S1(TEMP);
- TEMP = W[15] ^ W[10] ^ W[4] ^ W[2]; W[18] = S1(TEMP);
- TEMP = W[16] ^ W[11] ^ W[5] ^ W[3]; W[19] = S1(TEMP);
- TEMP = W[17] ^ W[12] ^ W[6] ^ W[4]; W[20] = S1(TEMP);
- TEMP = W[18] ^ W[13] ^ W[7] ^ W[5]; W[21] = S1(TEMP);
- TEMP = W[19] ^ W[14] ^ W[8] ^ W[6]; W[22] = S1(TEMP);
- TEMP = W[20] ^ W[15] ^ W[9] ^ W[7]; W[23] = S1(TEMP);
- TEMP = W[21] ^ W[16] ^ W[10] ^ W[8]; W[24] = S1(TEMP);
- TEMP = W[22] ^ W[17] ^ W[11] ^ W[9]; W[25] = S1(TEMP);
- TEMP = W[23] ^ W[18] ^ W[12] ^ W[10]; W[26] = S1(TEMP);
- TEMP = W[24] ^ W[19] ^ W[13] ^ W[11]; W[27] = S1(TEMP);
- TEMP = W[25] ^ W[20] ^ W[14] ^ W[12]; W[28] = S1(TEMP);
- TEMP = W[26] ^ W[21] ^ W[15] ^ W[13]; W[29] = S1(TEMP);
- TEMP = W[27] ^ W[22] ^ W[16] ^ W[14]; W[30] = S1(TEMP);
- TEMP = W[28] ^ W[23] ^ W[17] ^ W[15]; W[31] = S1(TEMP);
-
- /* process the remainder of the array */
- for (t=32; t < 80; t++) {
- TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
- W[t] = S1(TEMP);
- }
-
- A = H0; B = H1; C = H2; D = H3; E = H4;
-
- for (t=0; t < 20; t++) {
- TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 40; t++) {
- TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 60; t++) {
- TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 80; t++) {
- TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
-
- hash_value[0] = H0 + A;
- hash_value[1] = H1 + B;
- hash_value[2] = H2 + C;
- hash_value[3] = H3 + D;
- hash_value[4] = H4 + E;
-
- return;
-}
+void srtp_sha1_core (const uint32_t M[16], uint32_t hash_value[5])
+{
+ uint32_t H0;
+ uint32_t H1;
+ uint32_t H2;
+ uint32_t H3;
+ uint32_t H4;
+ uint32_t W[80];
+ uint32_t A, B, C, D, E, TEMP;
+ int t;
+
+ /* copy hash_value into H0, H1, H2, H3, H4 */
+ H0 = hash_value[0];
+ H1 = hash_value[1];
+ H2 = hash_value[2];
+ H3 = hash_value[3];
+ H4 = hash_value[4];
-void
-sha1_init(sha1_ctx_t *ctx) {
+ /* copy/xor message into array */
- /* initialize state vector */
- ctx->H[0] = 0x67452301;
- ctx->H[1] = 0xefcdab89;
- ctx->H[2] = 0x98badcfe;
- ctx->H[3] = 0x10325476;
- ctx->H[4] = 0xc3d2e1f0;
+ W[0] = be32_to_cpu(M[0]);
+ W[1] = be32_to_cpu(M[1]);
+ W[2] = be32_to_cpu(M[2]);
+ W[3] = be32_to_cpu(M[3]);
+ W[4] = be32_to_cpu(M[4]);
+ W[5] = be32_to_cpu(M[5]);
+ W[6] = be32_to_cpu(M[6]);
+ W[7] = be32_to_cpu(M[7]);
+ W[8] = be32_to_cpu(M[8]);
+ W[9] = be32_to_cpu(M[9]);
+ W[10] = be32_to_cpu(M[10]);
+ W[11] = be32_to_cpu(M[11]);
+ W[12] = be32_to_cpu(M[12]);
+ W[13] = be32_to_cpu(M[13]);
+ W[14] = be32_to_cpu(M[14]);
+ W[15] = be32_to_cpu(M[15]);
+ TEMP = W[13] ^ W[8] ^ W[2] ^ W[0]; W[16] = S1(TEMP);
+ TEMP = W[14] ^ W[9] ^ W[3] ^ W[1]; W[17] = S1(TEMP);
+ TEMP = W[15] ^ W[10] ^ W[4] ^ W[2]; W[18] = S1(TEMP);
+ TEMP = W[16] ^ W[11] ^ W[5] ^ W[3]; W[19] = S1(TEMP);
+ TEMP = W[17] ^ W[12] ^ W[6] ^ W[4]; W[20] = S1(TEMP);
+ TEMP = W[18] ^ W[13] ^ W[7] ^ W[5]; W[21] = S1(TEMP);
+ TEMP = W[19] ^ W[14] ^ W[8] ^ W[6]; W[22] = S1(TEMP);
+ TEMP = W[20] ^ W[15] ^ W[9] ^ W[7]; W[23] = S1(TEMP);
+ TEMP = W[21] ^ W[16] ^ W[10] ^ W[8]; W[24] = S1(TEMP);
+ TEMP = W[22] ^ W[17] ^ W[11] ^ W[9]; W[25] = S1(TEMP);
+ TEMP = W[23] ^ W[18] ^ W[12] ^ W[10]; W[26] = S1(TEMP);
+ TEMP = W[24] ^ W[19] ^ W[13] ^ W[11]; W[27] = S1(TEMP);
+ TEMP = W[25] ^ W[20] ^ W[14] ^ W[12]; W[28] = S1(TEMP);
+ TEMP = W[26] ^ W[21] ^ W[15] ^ W[13]; W[29] = S1(TEMP);
+ TEMP = W[27] ^ W[22] ^ W[16] ^ W[14]; W[30] = S1(TEMP);
+ TEMP = W[28] ^ W[23] ^ W[17] ^ W[15]; W[31] = S1(TEMP);
+
+ /* process the remainder of the array */
+ for (t = 32; t < 80; t++) {
+ TEMP = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
+ W[t] = S1(TEMP);
+ }
- /* indicate that message buffer is empty */
- ctx->octets_in_buffer = 0;
+ A = H0; B = H1; C = H2; D = H3; E = H4;
- /* reset message bit-count to zero */
- ctx->num_bits_in_msg = 0;
+ for (t = 0; t < 20; t++) {
+ TEMP = S5(A) + f0(B, C, D) + E + W[t] + SHA_K0;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 40; t++) {
+ TEMP = S5(A) + f1(B, C, D) + E + W[t] + SHA_K1;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 60; t++) {
+ TEMP = S5(A) + f2(B, C, D) + E + W[t] + SHA_K2;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 80; t++) {
+ TEMP = S5(A) + f3(B, C, D) + E + W[t] + SHA_K3;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+
+ hash_value[0] = H0 + A;
+ hash_value[1] = H1 + B;
+ hash_value[2] = H2 + C;
+ hash_value[3] = H3 + D;
+ hash_value[4] = H4 + E;
+ return;
}
-void
-sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
- int i;
- uint8_t *buf = (uint8_t *)ctx->M;
+void srtp_sha1_init (srtp_sha1_ctx_t *ctx)
+{
- /* update message bit-count */
- ctx->num_bits_in_msg += octets_in_msg * 8;
+ /* initialize state vector */
+ ctx->H[0] = 0x67452301;
+ ctx->H[1] = 0xefcdab89;
+ ctx->H[2] = 0x98badcfe;
+ ctx->H[3] = 0x10325476;
+ ctx->H[4] = 0xc3d2e1f0;
- /* loop over 16-word blocks of M */
- while (octets_in_msg > 0) {
+ /* indicate that message buffer is empty */
+ ctx->octets_in_buffer = 0;
- if (octets_in_msg + ctx->octets_in_buffer >= 64) {
+ /* reset message bit-count to zero */
+ ctx->num_bits_in_msg = 0;
- /*
- * copy words of M into msg buffer until that buffer is full,
- * converting them into host byte order as needed
- */
- octets_in_msg -= (64 - ctx->octets_in_buffer);
- for (i=ctx->octets_in_buffer; i < 64; i++)
- buf[i] = *msg++;
- ctx->octets_in_buffer = 0;
+}
- /* process a whole block */
+void srtp_sha1_update (srtp_sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg)
+{
+ int i;
+ uint8_t *buf = (uint8_t*)ctx->M;
- debug_print(mod_sha1, "(update) running sha1_core()", NULL);
+ /* update message bit-count */
+ ctx->num_bits_in_msg += octets_in_msg * 8;
- sha1_core(ctx->M, ctx->H);
+ /* loop over 16-word blocks of M */
+ while (octets_in_msg > 0) {
- } else {
+ if (octets_in_msg + ctx->octets_in_buffer >= 64) {
- debug_print(mod_sha1, "(update) not running sha1_core()", NULL);
+ /*
+ * copy words of M into msg buffer until that buffer is full,
+ * converting them into host byte order as needed
+ */
+ octets_in_msg -= (64 - ctx->octets_in_buffer);
+ for (i = ctx->octets_in_buffer; i < 64; i++) {
+ buf[i] = *msg++;
+ }
+ ctx->octets_in_buffer = 0;
- for (i=ctx->octets_in_buffer;
- i < (ctx->octets_in_buffer + octets_in_msg); i++)
- buf[i] = *msg++;
- ctx->octets_in_buffer += octets_in_msg;
- octets_in_msg = 0;
- }
+ /* process a whole block */
- }
+ debug_print(srtp_mod_sha1, "(update) running srtp_sha1_core()", NULL);
-}
+ srtp_sha1_core(ctx->M, ctx->H);
-/*
- * sha1_final(ctx, output) computes the result for ctx and copies it
- * into the twenty octets located at *output
- */
+ } else {
-void
-sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
- uint32_t A, B, C, D, E, TEMP;
- uint32_t W[80];
- int i, t;
+ debug_print(srtp_mod_sha1, "(update) not running srtp_sha1_core()", NULL);
- /*
- * process the remaining octets_in_buffer, padding and terminating as
- * necessary
- */
- {
- int tail = ctx->octets_in_buffer % 4;
+ for (i = ctx->octets_in_buffer;
+ i < (ctx->octets_in_buffer + octets_in_msg); i++) {
+ buf[i] = *msg++;
+ }
+ ctx->octets_in_buffer += octets_in_msg;
+ octets_in_msg = 0;
+ }
- /* copy/xor message into array */
- for (i=0; i < (ctx->octets_in_buffer+3)/4; i++)
- W[i] = be32_to_cpu(ctx->M[i]);
-
- /* set the high bit of the octet immediately following the message */
- switch (tail) {
- case (3):
- W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xffffff00) | 0x80;
- W[i] = 0x0;
- break;
- case (2):
- W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xffff0000) | 0x8000;
- W[i] = 0x0;
- break;
- case (1):
- W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xff000000) | 0x800000;
- W[i] = 0x0;
- break;
- case (0):
- W[i] = 0x80000000;
- break;
}
- /* zeroize remaining words */
- for (i++ ; i < 15; i++)
- W[i] = 0x0;
-
- /*
- * if there is room at the end of the word array, then set the
- * last word to the bit-length of the message; otherwise, set that
- * word to zero and then we need to do one more run of the
- * compression algo.
- */
- if (ctx->octets_in_buffer < 56)
- W[15] = ctx->num_bits_in_msg;
- else if (ctx->octets_in_buffer < 60)
- W[15] = 0x0;
-
- /* process the word array */
- for (t=16; t < 80; t++) {
- TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
- W[t] = S1(TEMP);
- }
-
- A = ctx->H[0];
- B = ctx->H[1];
- C = ctx->H[2];
- D = ctx->H[3];
- E = ctx->H[4];
-
- for (t=0; t < 20; t++) {
- TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 40; t++) {
- TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 60; t++) {
- TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 80; t++) {
- TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
-
- ctx->H[0] += A;
- ctx->H[1] += B;
- ctx->H[2] += C;
- ctx->H[3] += D;
- ctx->H[4] += E;
-
- }
-
- debug_print(mod_sha1, "(final) running sha1_core()", NULL);
-
- if (ctx->octets_in_buffer >= 56) {
+}
- debug_print(mod_sha1, "(final) running sha1_core() again", NULL);
+/*
+ * srtp_sha1_final(ctx, output) computes the result for ctx and copies it
+ * into the twenty octets located at *output
+ */
- /* we need to do one final run of the compression algo */
+void srtp_sha1_final (srtp_sha1_ctx_t *ctx, uint32_t *output)
+{
+ uint32_t A, B, C, D, E, TEMP;
+ uint32_t W[80];
+ int i, t;
- /*
- * set initial part of word array to zeros, and set the
- * final part to the number of bits in the message
+ /*
+ * process the remaining octets_in_buffer, padding and terminating as
+ * necessary
*/
- for (i=0; i < 15; i++)
- W[i] = 0x0;
- W[15] = ctx->num_bits_in_msg;
-
- /* process the word array */
- for (t=16; t < 80; t++) {
- TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
- W[t] = S1(TEMP);
- }
+ {
+ int tail = ctx->octets_in_buffer % 4;
+
+ /* copy/xor message into array */
+ for (i = 0; i < (ctx->octets_in_buffer + 3) / 4; i++) {
+ W[i] = be32_to_cpu(ctx->M[i]);
+ }
+
+ /* set the high bit of the octet immediately following the message */
+ switch (tail) {
+ case (3):
+ W[i - 1] = (be32_to_cpu(ctx->M[i - 1]) & 0xffffff00) | 0x80;
+ W[i] = 0x0;
+ break;
+ case (2):
+ W[i - 1] = (be32_to_cpu(ctx->M[i - 1]) & 0xffff0000) | 0x8000;
+ W[i] = 0x0;
+ break;
+ case (1):
+ W[i - 1] = (be32_to_cpu(ctx->M[i - 1]) & 0xff000000) | 0x800000;
+ W[i] = 0x0;
+ break;
+ case (0):
+ W[i] = 0x80000000;
+ break;
+ }
+
+ /* zeroize remaining words */
+ for (i++; i < 15; i++) {
+ W[i] = 0x0;
+ }
+
+ /*
+ * if there is room at the end of the word array, then set the
+ * last word to the bit-length of the message; otherwise, set that
+ * word to zero and then we need to do one more run of the
+ * compression algo.
+ */
+ if (ctx->octets_in_buffer < 56) {
+ W[15] = ctx->num_bits_in_msg;
+ } else if (ctx->octets_in_buffer < 60) {
+ W[15] = 0x0;
+ }
+
+ /* process the word array */
+ for (t = 16; t < 80; t++) {
+ TEMP = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
+ W[t] = S1(TEMP);
+ }
+
+ A = ctx->H[0];
+ B = ctx->H[1];
+ C = ctx->H[2];
+ D = ctx->H[3];
+ E = ctx->H[4];
+
+ for (t = 0; t < 20; t++) {
+ TEMP = S5(A) + f0(B, C, D) + E + W[t] + SHA_K0;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 40; t++) {
+ TEMP = S5(A) + f1(B, C, D) + E + W[t] + SHA_K1;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 60; t++) {
+ TEMP = S5(A) + f2(B, C, D) + E + W[t] + SHA_K2;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 80; t++) {
+ TEMP = S5(A) + f3(B, C, D) + E + W[t] + SHA_K3;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+
+ ctx->H[0] += A;
+ ctx->H[1] += B;
+ ctx->H[2] += C;
+ ctx->H[3] += D;
+ ctx->H[4] += E;
- A = ctx->H[0];
- B = ctx->H[1];
- C = ctx->H[2];
- D = ctx->H[3];
- E = ctx->H[4];
-
- for (t=0; t < 20; t++) {
- TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 40; t++) {
- TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 60; t++) {
- TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 80; t++) {
- TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
}
- ctx->H[0] += A;
- ctx->H[1] += B;
- ctx->H[2] += C;
- ctx->H[3] += D;
- ctx->H[4] += E;
- }
+ debug_print(srtp_mod_sha1, "(final) running srtp_sha1_core()", NULL);
+
+ if (ctx->octets_in_buffer >= 56) {
+
+ debug_print(srtp_mod_sha1, "(final) running srtp_sha1_core() again", NULL);
+
+ /* we need to do one final run of the compression algo */
+
+ /*
+ * set initial part of word array to zeros, and set the
+ * final part to the number of bits in the message
+ */
+ for (i = 0; i < 15; i++) {
+ W[i] = 0x0;
+ }
+ W[15] = ctx->num_bits_in_msg;
+
+ /* process the word array */
+ for (t = 16; t < 80; t++) {
+ TEMP = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
+ W[t] = S1(TEMP);
+ }
+
+ A = ctx->H[0];
+ B = ctx->H[1];
+ C = ctx->H[2];
+ D = ctx->H[3];
+ E = ctx->H[4];
+
+ for (t = 0; t < 20; t++) {
+ TEMP = S5(A) + f0(B, C, D) + E + W[t] + SHA_K0;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 40; t++) {
+ TEMP = S5(A) + f1(B, C, D) + E + W[t] + SHA_K1;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 60; t++) {
+ TEMP = S5(A) + f2(B, C, D) + E + W[t] + SHA_K2;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 80; t++) {
+ TEMP = S5(A) + f3(B, C, D) + E + W[t] + SHA_K3;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+
+ ctx->H[0] += A;
+ ctx->H[1] += B;
+ ctx->H[2] += C;
+ ctx->H[3] += D;
+ ctx->H[4] += E;
+ }
- /* copy result into output buffer */
- output[0] = be32_to_cpu(ctx->H[0]);
- output[1] = be32_to_cpu(ctx->H[1]);
- output[2] = be32_to_cpu(ctx->H[2]);
- output[3] = be32_to_cpu(ctx->H[3]);
- output[4] = be32_to_cpu(ctx->H[4]);
+ /* copy result into output buffer */
+ output[0] = be32_to_cpu(ctx->H[0]);
+ output[1] = be32_to_cpu(ctx->H[1]);
+ output[2] = be32_to_cpu(ctx->H[2]);
+ output[3] = be32_to_cpu(ctx->H[3]);
+ output[4] = be32_to_cpu(ctx->H[4]);
- /* indicate that message buffer in context is empty */
- ctx->octets_in_buffer = 0;
+ /* indicate that message buffer in context is empty */
+ ctx->octets_in_buffer = 0;
- return;
+ return;
}
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*
*/
-#ifndef _AES_H
-#define _AES_H
-
-#include "config.h"
+#ifndef AES_H
+#define AES_H
#include "datatypes.h"
-#include "gf2_8.h"
#include "err.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* aes internals */
typedef struct {
- v128_t round[15];
- int num_rounds;
-} aes_expanded_key_t;
-
-err_status_t
-aes_expand_encryption_key(const uint8_t *key,
- int key_len,
- aes_expanded_key_t *expanded_key);
+ v128_t round[15];
+ int num_rounds;
+} srtp_aes_expanded_key_t;
-err_status_t
-aes_expand_decryption_key(const uint8_t *key,
- int key_len,
- aes_expanded_key_t *expanded_key);
+srtp_err_status_t srtp_aes_expand_encryption_key(
+ const uint8_t *key,
+ int key_len,
+ srtp_aes_expanded_key_t *expanded_key);
-void
-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
+srtp_err_status_t srtp_aes_expand_decryption_key(
+ const uint8_t *key,
+ int key_len,
+ srtp_aes_expanded_key_t *expanded_key);
-void
-aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
-
-#if 0
-/*
- * internal functions
- */
+void srtp_aes_encrypt(v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key);
-void
-aes_init_sbox(void);
+void srtp_aes_decrypt(v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key);
-void
-aes_compute_tables(void);
-#endif
+#ifdef __cplusplus
+}
+#endif
-#endif /* _AES_H */
+#endif /* AES_H */
+++ /dev/null
-/*
- * aes_cbc.h
- *
- * Header for AES Cipher Blobk Chaining Mode.
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- *
- */
-
-#ifndef AES_CBC_H
-#define AES_CBC_H
-
-#include "aes.h"
-#include "cipher.h"
-
-typedef struct {
- v128_t state; /* cipher chaining state */
- v128_t previous; /* previous ciphertext block */
- uint8_t key[32];
- int key_len;
- aes_expanded_key_t expanded_key; /* the cipher key */
-} aes_cbc_ctx_t;
-
-err_status_t
-aes_cbc_set_key(aes_cbc_ctx_t *c,
- const unsigned char *key);
-
-err_status_t
-aes_cbc_encrypt(aes_cbc_ctx_t *c,
- unsigned char *buf,
- unsigned int *bytes_in_data);
-
-err_status_t
-aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key,
- int key_len);
-
-err_status_t
-aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv, int direction);
-
-err_status_t
-aes_cbc_nist_encrypt(aes_cbc_ctx_t *c,
- unsigned char *data,
- unsigned int *bytes_in_data);
-
-err_status_t
-aes_cbc_nist_decrypt(aes_cbc_ctx_t *c,
- unsigned char *data,
- unsigned int *bytes_in_data);
-
-#endif /* AES_CBC_H */
-
*
*/
/*
- *
- * Copyright (c) 2013, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2013-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
#include "cipher.h"
#include "srtp.h"
+#include "datatypes.h"
#include <openssl/evp.h>
#include <openssl/aes.h>
typedef struct {
- v256_t key;
- int key_size;
- int tag_len;
- EVP_CIPHER_CTX ctx;
- cipher_direction_t dir;
-} aes_gcm_ctx_t;
+ int key_size;
+ int tag_len;
+ EVP_CIPHER_CTX* ctx;
+ srtp_cipher_direction_t dir;
+} srtp_aes_gcm_ctx_t;
#endif /* AES_GCM_OSSL_H */
*
*/
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
#ifndef AES_ICM_H
#define AES_ICM_H
#include "cipher.h"
typedef struct {
- v128_t counter; /* holds the counter value */
- v128_t offset; /* initial offset value */
- v128_t keystream_buffer; /* buffers bytes of keystream */
- aes_expanded_key_t expanded_key; /* the cipher key */
- int bytes_in_buffer; /* number of unused bytes in buffer */
-} aes_icm_ctx_t;
-
-
-err_status_t
-aes_icm_context_init(aes_icm_ctx_t *c,
- const unsigned char *key,
- int key_len);
-
-err_status_t
-aes_icm_set_iv(aes_icm_ctx_t *c, void *iv, int direction);
-
-err_status_t
-aes_icm_encrypt(aes_icm_ctx_t *c,
- unsigned char *buf, unsigned int *bytes_to_encr);
-
-err_status_t
-aes_icm_output(aes_icm_ctx_t *c,
- unsigned char *buf, int bytes_to_output);
-
-err_status_t
-aes_icm_dealloc(cipher_t *c);
-
-err_status_t
-aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
- unsigned char *buf,
- unsigned int *enc_len,
- int forIsmacryp);
-
-err_status_t
-aes_icm_alloc_ismacryp(cipher_t **c,
- int key_len,
- int forIsmacryp);
-
-uint16_t
-aes_icm_bytes_encrypted(aes_icm_ctx_t *c);
+ v128_t counter; /* holds the counter value */
+ v128_t offset; /* initial offset value */
+ v128_t keystream_buffer; /* buffers bytes of keystream */
+ srtp_aes_expanded_key_t expanded_key; /* the cipher key */
+ int bytes_in_buffer; /* number of unused bytes in buffer */
+ int key_size; /* AES key size + 14 byte SALT */
+} srtp_aes_icm_ctx_t;
#endif /* AES_ICM_H */
*/
/*
*
- * Copyright (c) 2001-2005,2012, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#define AES_ICM_H
#include "cipher.h"
+#include "datatypes.h"
#include <openssl/evp.h>
#include <openssl/aes.h>
-#define SALT_SIZE 14
-#define AES_128_KEYSIZE AES_BLOCK_SIZE
-#define AES_192_KEYSIZE AES_BLOCK_SIZE + AES_BLOCK_SIZE / 2
-#define AES_256_KEYSIZE AES_BLOCK_SIZE * 2
-#define AES_128_KEYSIZE_WSALT AES_128_KEYSIZE + SALT_SIZE
-#define AES_192_KEYSIZE_WSALT AES_192_KEYSIZE + SALT_SIZE
-#define AES_256_KEYSIZE_WSALT AES_256_KEYSIZE + SALT_SIZE
-
typedef struct {
v128_t counter; /* holds the counter value */
v128_t offset; /* initial offset value */
- v256_t key;
int key_size;
- EVP_CIPHER_CTX ctx;
-} aes_icm_ctx_t;
-
-err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir);
-
+ EVP_CIPHER_CTX* ctx;
+} srtp_aes_icm_ctx_t;
#endif /* AES_ICM_H */
*/
/*
*
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include "datatypes.h"
-void *
-crypto_alloc(size_t size);
+#ifdef __cplusplus
+extern "C" {
+#endif
-void
-crypto_free(void *ptr);
+void * srtp_crypto_alloc(size_t size);
+
+void srtp_crypto_free(void *ptr);
+
+#ifdef __cplusplus
+}
+#endif
#endif /* CRYPTO_ALLOC_H */
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*
*/
-#ifndef AUTH_H
-#define AUTH_H
+#ifndef SRTP_AUTH_H
+#define SRTP_AUTH_H
-#include "datatypes.h"
-#include "err.h" /* error codes */
-#include "crypto.h" /* for auth_type_id_t */
-#include "crypto_types.h" /* for values of auth_type_id_t */
+#include "srtp.h"
+#include "crypto_types.h" /* for values of auth_type_id_t */
-typedef struct auth_type_t *auth_type_pointer;
-typedef struct auth_t *auth_pointer_t;
+#ifdef __cplusplus
+extern "C" {
+#endif
-typedef err_status_t (*auth_alloc_func)
- (auth_pointer_t *ap, int key_len, int out_len);
+typedef const struct srtp_auth_type_t *srtp_auth_type_pointer;
+typedef struct srtp_auth_t *srtp_auth_pointer_t;
-typedef err_status_t (*auth_init_func)
- (void *state, const uint8_t *key, int key_len);
+typedef srtp_err_status_t (*srtp_auth_alloc_func)
+ (srtp_auth_pointer_t *ap, int key_len, int out_len);
-typedef err_status_t (*auth_dealloc_func)(auth_pointer_t ap);
+typedef srtp_err_status_t (*srtp_auth_init_func)
+ (void *state, const uint8_t *key, int key_len);
-typedef err_status_t (*auth_compute_func)
- (void *state, uint8_t *buffer, int octets_to_auth,
- int tag_len, uint8_t *tag);
+typedef srtp_err_status_t (*srtp_auth_dealloc_func)(srtp_auth_pointer_t ap);
-typedef err_status_t (*auth_update_func)
- (void *state, uint8_t *buffer, int octets_to_auth);
+typedef srtp_err_status_t (*srtp_auth_compute_func)
+ (void *state, const uint8_t *buffer, int octets_to_auth,
+ int tag_len, uint8_t *tag);
-typedef err_status_t (*auth_start_func)(void *state);
-
-/* some syntactic sugar on these function types */
+typedef srtp_err_status_t (*srtp_auth_update_func)
+ (void *state, const uint8_t *buffer, int octets_to_auth);
-#define auth_type_alloc(at, a, klen, outlen) \
- ((at)->alloc((a), (klen), (outlen)))
+typedef srtp_err_status_t (*srtp_auth_start_func)(void *state);
-#define auth_init(a, key) \
- (((a)->type)->init((a)->state, (key), ((a)->key_len)))
+/* some syntactic sugar on these function types */
+#define srtp_auth_type_alloc(at, a, klen, outlen) \
+ ((at)->alloc((a), (klen), (outlen)))
-#define auth_compute(a, buf, len, res) \
- (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res)))
+#define srtp_auth_init(a, key) \
+ (((a)->type)->init((a)->state, (key), ((a)->key_len)))
-#define auth_update(a, buf, len) \
- (((a)->type)->update((a)->state, (buf), (len)))
+#define srtp_auth_compute(a, buf, len, res) \
+ (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res)))
-#define auth_start(a)(((a)->type)->start((a)->state))
+#define srtp_auth_update(a, buf, len) \
+ (((a)->type)->update((a)->state, (buf), (len)))
-#define auth_dealloc(c) (((c)->type)->dealloc(c))
+#define srtp_auth_start(a)(((a)->type)->start((a)->state))
-/* functions to get information about a particular auth_t */
+#define srtp_auth_dealloc(c) (((c)->type)->dealloc(c))
-int
-auth_get_key_length(const struct auth_t *a);
+/* functions to get information about a particular auth_t */
+int srtp_auth_get_key_length(const struct srtp_auth_t *a);
-int
-auth_get_tag_length(const struct auth_t *a);
+int srtp_auth_get_tag_length(const struct srtp_auth_t *a);
-int
-auth_get_prefix_length(const struct auth_t *a);
+int srtp_auth_get_prefix_length(const struct srtp_auth_t *a);
/*
- * auth_test_case_t is a (list of) key/message/tag values that are
+ * srtp_auth_test_case_t is a (list of) key/message/tag values that are
* known to be correct for a particular cipher. this data can be used
* to test an implementation in an on-the-fly self test of the
- * correcness of the implementation. (see the auth_type_self_test()
+ * correctness of the implementation. (see the srtp_auth_type_self_test()
* function below)
*/
+typedef struct srtp_auth_test_case_t {
+ int key_length_octets; /* octets in key */
+ const uint8_t *key; /* key */
+ int data_length_octets; /* octets in data */
+ const uint8_t *data; /* data */
+ int tag_length_octets; /* octets in tag */
+ const uint8_t *tag; /* tag */
+ const struct srtp_auth_test_case_t *next_test_case; /* pointer to next testcase */
+} srtp_auth_test_case_t;
+
+/* srtp_auth_type_t */
+typedef struct srtp_auth_type_t {
+ srtp_auth_alloc_func alloc;
+ srtp_auth_dealloc_func dealloc;
+ srtp_auth_init_func init;
+ srtp_auth_compute_func compute;
+ srtp_auth_update_func update;
+ srtp_auth_start_func start;
+ const char *description;
+ const srtp_auth_test_case_t *test_data;
+ srtp_auth_type_id_t id;
+} srtp_auth_type_t;
+
+typedef struct srtp_auth_t {
+ const srtp_auth_type_t *type;
+ void *state;
+ int out_len; /* length of output tag in octets */
+ int key_len; /* length of key in octets */
+ int prefix_len; /* length of keystream prefix */
+} srtp_auth_t;
-typedef struct auth_test_case_t {
- int key_length_octets; /* octets in key */
- uint8_t *key; /* key */
- int data_length_octets; /* octets in data */
- uint8_t *data; /* data */
- int tag_length_octets; /* octets in tag */
- uint8_t *tag; /* tag */
- struct auth_test_case_t *next_test_case; /* pointer to next testcase */
-} auth_test_case_t;
-
-/* auth_type_t */
-
-typedef struct auth_type_t {
- auth_alloc_func alloc;
- auth_dealloc_func dealloc;
- auth_init_func init;
- auth_compute_func compute;
- auth_update_func update;
- auth_start_func start;
- char *description;
- int ref_count;
- auth_test_case_t *test_data;
- debug_module_t *debug;
- auth_type_id_t id;
-} auth_type_t;
-
-typedef struct auth_t {
- auth_type_t *type;
- void *state;
- int out_len; /* length of output tag in octets */
- int key_len; /* length of key in octets */
- int prefix_len; /* length of keystream prefix */
-} auth_t;
-
-/*
- * auth_type_self_test() tests an auth_type against test cases
+/*
+ * srtp_auth_type_self_test() tests an auth_type against test cases
* provided in an array of values of key/message/tag that is known to
* be good
*/
+srtp_err_status_t srtp_auth_type_self_test(const srtp_auth_type_t *at);
-err_status_t
-auth_type_self_test(const auth_type_t *at);
-
-/*
- * auth_type_test() tests an auth_type against external test cases
+/*
+ * srtp_auth_type_test() tests an auth_type against external test cases
* provided in an array of values of key/message/tag that is known to
* be good
*/
-
-err_status_t
-auth_type_test(const auth_type_t *at, const auth_test_case_t *test_data);
+srtp_err_status_t srtp_auth_type_test(const srtp_auth_type_t *at,
+ const srtp_auth_test_case_t *test_data);
/*
- * auth_type_get_ref_count(at) returns the reference count (the number
- * of instantiations) of the auth_type_t at
+ * srtp_replace_auth_type(ct, id)
+ *
+ * replaces srtp's kernel's auth type implementation for the auth_type id
+ * with a new one passed in externally. The new auth type must pass all the
+ * existing auth_type's self tests as well as its own.
*/
+srtp_err_status_t srtp_replace_auth_type(const srtp_auth_type_t *ct, srtp_auth_type_id_t id);
-int
-auth_type_get_ref_count(const auth_type_t *at);
+#ifdef __cplusplus
+}
+#endif
-#endif /* AUTH_H */
+#endif /* SRTP_AUTH_H */
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*/
-#ifndef CIPHER_H
-#define CIPHER_H
+#ifndef SRTP_CIPHER_H
+#define SRTP_CIPHER_H
-#include "datatypes.h"
-#include "rdbx.h" /* for xtd_seq_num_t */
-#include "err.h" /* for error codes */
-#include "crypto.h" /* for cipher_type_id_t */
-#include "crypto_types.h" /* for values of cipher_type_id_t */
+#include "srtp.h"
+#include "crypto_types.h" /* for values of cipher_type_id_t */
-/**
- * @brief cipher_direction_t defines a particular cipher operation.
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * srtp_cipher_direction_t defines a particular cipher operation.
*
- * A cipher_direction_t is an enum that describes a particular cipher
+ * A srtp_cipher_direction_t is an enum that describes a particular cipher
* operation, i.e. encryption or decryption. For some ciphers, this
* distinction does not matter, but for others, it is essential.
*/
-
-typedef enum {
- direction_encrypt, /**< encryption (convert plaintext to ciphertext) */
- direction_decrypt, /**< decryption (convert ciphertext to plaintext) */
- direction_any /**< encryption or decryption */
-} cipher_direction_t;
+typedef enum {
+ srtp_direction_encrypt, /**< encryption (convert plaintext to ciphertext) */
+ srtp_direction_decrypt, /**< decryption (convert ciphertext to plaintext) */
+ srtp_direction_any /**< encryption or decryption */
+} srtp_cipher_direction_t;
/*
- * the cipher_pointer and cipher_type_pointer definitions are needed
- * as cipher_t and cipher_type_t are not yet defined
+ * the srtp_cipher_pointer_t definition is needed
+ * as srtp_cipher_t is not yet defined
*/
-
-typedef struct cipher_type_t *cipher_type_pointer_t;
-typedef struct cipher_t *cipher_pointer_t;
+typedef struct srtp_cipher_t *srtp_cipher_pointer_t;
/*
- * a cipher_alloc_func_t allocates (but does not initialize) a cipher_t
+ * a srtp_cipher_alloc_func_t allocates (but does not initialize) a srtp_cipher_t
*/
+typedef srtp_err_status_t (*srtp_cipher_alloc_func_t)
+ (srtp_cipher_pointer_t *cp, int key_len, int tag_len);
-typedef err_status_t (*cipher_alloc_func_t)
- (cipher_pointer_t *cp, int key_len, int tag_len);
-
-/*
- * a cipher_init_func_t [re-]initializes a cipher_t with a given key
+/*
+ * a srtp_cipher_init_func_t [re-]initializes a cipher_t with a given key
*/
+typedef srtp_err_status_t (*srtp_cipher_init_func_t)
+ (void *state, const uint8_t *key);
-typedef err_status_t (*cipher_init_func_t)
-(void *state, const uint8_t *key, int key_len);
-
-/* a cipher_dealloc_func_t de-allocates a cipher_t */
-
-typedef err_status_t (*cipher_dealloc_func_t)(cipher_pointer_t cp);
+/* a srtp_cipher_dealloc_func_t de-allocates a cipher_t */
+typedef srtp_err_status_t (*srtp_cipher_dealloc_func_t)(srtp_cipher_pointer_t cp);
-/* a cipher_set_segment_func_t sets the segment index of a cipher_t */
-
-typedef err_status_t (*cipher_set_segment_func_t)
- (void *state, xtd_seq_num_t idx);
-
-/*
- * a cipher_set_aad_func_t processes the AAD data for AEAD ciphers
+/*
+ * a srtp_cipher_set_aad_func_t processes the AAD data for AEAD ciphers
*/
-typedef err_status_t (*cipher_set_aad_func_t)
- (void *state, uint8_t *aad, unsigned int aad_len);
+typedef srtp_err_status_t (*srtp_cipher_set_aad_func_t)
+ (void *state, const uint8_t *aad, uint32_t aad_len);
-/* a cipher_encrypt_func_t encrypts data in-place */
+/* a srtp_cipher_encrypt_func_t encrypts data in-place */
+typedef srtp_err_status_t (*srtp_cipher_encrypt_func_t)
+ (void *state, uint8_t *buffer, unsigned int *octets_to_encrypt);
-typedef err_status_t (*cipher_encrypt_func_t)
- (void *state, uint8_t *buffer, unsigned int *octets_to_encrypt);
+/* a srtp_cipher_decrypt_func_t decrypts data in-place */
+typedef srtp_err_status_t (*srtp_cipher_decrypt_func_t)
+ (void *state, uint8_t *buffer, unsigned int *octets_to_decrypt);
-/* a cipher_decrypt_func_t decrypts data in-place */
-
-typedef err_status_t (*cipher_decrypt_func_t)
- (void *state, uint8_t *buffer, unsigned int *octets_to_decrypt);
-
-/*
- * a cipher_set_iv_func_t function sets the current initialization vector
+/*
+ * a srtp_cipher_set_iv_func_t function sets the current initialization vector
*/
-
-typedef err_status_t (*cipher_set_iv_func_t)
- (cipher_pointer_t cp, void *iv, cipher_direction_t direction);
+typedef srtp_err_status_t (*srtp_cipher_set_iv_func_t)
+ (void *state, uint8_t *iv, srtp_cipher_direction_t direction);
/*
- * a cipher_get_tag_funct_t function is used to get the authentication
+ * a cipher_get_tag_func_t function is used to get the authentication
* tag that was calculated by an AEAD cipher.
*/
-typedef err_status_t (*cipher_get_tag_func_t)
- (void *state, void *tag, int *len);
+typedef srtp_err_status_t (*srtp_cipher_get_tag_func_t)
+ (void *state, uint8_t *tag, uint32_t *len);
/*
- * cipher_test_case_t is a (list of) key, salt, xtd_seq_num_t,
- * plaintext, and ciphertext values that are known to be correct for a
+ * srtp_cipher_test_case_t is a (list of) key, salt, plaintext, ciphertext,
+ * and aad values that are known to be correct for a
* particular cipher. this data can be used to test an implementation
- * in an on-the-fly self test of the correcness of the implementation.
- * (see the cipher_type_self_test() function below)
+ * in an on-the-fly self test of the correctness of the implementation.
+ * (see the srtp_cipher_type_self_test() function below)
*/
-
-typedef struct cipher_test_case_t {
- int key_length_octets; /* octets in key */
- uint8_t *key; /* key */
- uint8_t *idx; /* packet index */
- int plaintext_length_octets; /* octets in plaintext */
- uint8_t *plaintext; /* plaintext */
- int ciphertext_length_octets; /* octets in plaintext */
- uint8_t *ciphertext; /* ciphertext */
- int aad_length_octets; /* octets in AAD */
- uint8_t *aad; /* AAD */
- int tag_length_octets; /* Length of AEAD tag */
- struct cipher_test_case_t *next_test_case; /* pointer to next testcase */
-} cipher_test_case_t;
-
-/* cipher_type_t defines the 'metadata' for a particular cipher type */
-
-typedef struct cipher_type_t {
- cipher_alloc_func_t alloc;
- cipher_dealloc_func_t dealloc;
- cipher_init_func_t init;
- cipher_set_aad_func_t set_aad;
- cipher_encrypt_func_t encrypt;
- cipher_encrypt_func_t decrypt;
- cipher_set_iv_func_t set_iv;
- cipher_get_tag_func_t get_tag;
- char *description;
- int ref_count;
- cipher_test_case_t *test_data;
- debug_module_t *debug;
- cipher_type_id_t id;
-} cipher_type_t;
+typedef struct srtp_cipher_test_case_t {
+ int key_length_octets; /* octets in key */
+ const uint8_t *key; /* key */
+ uint8_t *idx; /* packet index */
+ int plaintext_length_octets; /* octets in plaintext */
+ const uint8_t *plaintext; /* plaintext */
+ int ciphertext_length_octets; /* octets in plaintext */
+ const uint8_t *ciphertext; /* ciphertext */
+ int aad_length_octets; /* octets in AAD */
+ const uint8_t *aad; /* AAD */
+ int tag_length_octets; /* Length of AEAD tag */
+ const struct srtp_cipher_test_case_t *next_test_case; /* pointer to next testcase */
+} srtp_cipher_test_case_t;
+
+/* srtp_cipher_type_t defines the 'metadata' for a particular cipher type */
+typedef struct srtp_cipher_type_t {
+ srtp_cipher_alloc_func_t alloc;
+ srtp_cipher_dealloc_func_t dealloc;
+ srtp_cipher_init_func_t init;
+ srtp_cipher_set_aad_func_t set_aad;
+ srtp_cipher_encrypt_func_t encrypt;
+ srtp_cipher_encrypt_func_t decrypt;
+ srtp_cipher_set_iv_func_t set_iv;
+ srtp_cipher_get_tag_func_t get_tag;
+ const char *description;
+ const srtp_cipher_test_case_t *test_data;
+ srtp_cipher_type_id_t id;
+} srtp_cipher_type_t;
/*
- * cipher_t defines an instantiation of a particular cipher, with fixed
+ * srtp_cipher_t defines an instantiation of a particular cipher, with fixed
* key length, key and salt values
*/
-
-typedef struct cipher_t {
- cipher_type_t *type;
- void *state;
- int key_len;
- int algorithm;
-} cipher_t;
-
-/* some syntactic sugar on these function types */
-
-#define cipher_type_alloc(ct, c, klen, tlen) ((ct)->alloc((c), (klen), (tlen)))
-
-#define cipher_dealloc(c) (((c)->type)->dealloc(c))
-
-#define cipher_init(c, k) (((c)->type)->init(((c)->state), (k), ((c)->key_len)))
-
-#define cipher_encrypt(c, buf, len) \
- (((c)->type)->encrypt(((c)->state), (buf), (len)))
-
-#define cipher_get_tag(c, buf, len) \
- (((c)->type)->get_tag(((c)->state), (buf), (len)))
-
-#define cipher_decrypt(c, buf, len) \
- (((c)->type)->decrypt(((c)->state), (buf), (len)))
-
-#define cipher_set_iv(c, n, dir) \
- ((c) ? (((c)->type)->set_iv(((cipher_pointer_t)(c)->state), (n), (dir))) : \
- err_status_no_such_op)
-#define cipher_set_aad(c, a, l) \
- (((c) && (((c)->type)->set_aad)) ? \
- (((c)->type)->set_aad(((c)->state), (a), (l))) : \
- err_status_no_such_op)
-
-err_status_t
-cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output);
-
+typedef struct srtp_cipher_t {
+ const srtp_cipher_type_t *type;
+ void *state;
+ int key_len;
+ int algorithm;
+} srtp_cipher_t;
/* some bookkeeping functions */
+int srtp_cipher_get_key_length(const srtp_cipher_t *c);
-int
-cipher_get_key_length(const cipher_t *c);
-
-/*
- * cipher_type_self_test() tests a cipher against test cases provided in
- * an array of values of key/xtd_seq_num_t/plaintext/ciphertext
+/*
+ * srtp_cipher_type_self_test() tests a cipher against test cases provided in
+ * an array of values of key/srtp_xtd_seq_num_t/plaintext/ciphertext
* that is known to be good
*/
-
-err_status_t
-cipher_type_self_test(const cipher_type_t *ct);
+srtp_err_status_t srtp_cipher_type_self_test(const srtp_cipher_type_t *ct);
-/*
- * cipher_type_test() tests a cipher against external test cases provided in
- * an array of values of key/xtd_seq_num_t/plaintext/ciphertext
+/*
+ * srtp_cipher_type_test() tests a cipher against external test cases provided in
+ * an array of values of key/srtp_xtd_seq_num_t/plaintext/ciphertext
* that is known to be good
*/
-
-err_status_t
-cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data);
+srtp_err_status_t srtp_cipher_type_test(const srtp_cipher_type_t *ct, const srtp_cipher_test_case_t *test_data);
/*
- * cipher_bits_per_second(c, l, t) computes (and estimate of) the
+ * srtp_cipher_bits_per_second(c, l, t) computes (an estimate of) the
* number of bits that a cipher implementation can encrypt in a second
- *
+ *
* c is a cipher (which MUST be allocated and initialized already), l
* is the length in octets of the test data to be encrypted, and t is
* the number of trials
*
* if an error is encountered, then the value 0 is returned
*/
+uint64_t srtp_cipher_bits_per_second(srtp_cipher_t *c, int octets_in_buffer, int num_trials);
+
+srtp_err_status_t srtp_cipher_type_alloc(const srtp_cipher_type_t *ct, srtp_cipher_t **c, int key_len, int tlen);
+srtp_err_status_t srtp_cipher_dealloc(srtp_cipher_t *c);
+srtp_err_status_t srtp_cipher_init(srtp_cipher_t *c, const uint8_t *key);
+srtp_err_status_t srtp_cipher_set_iv(srtp_cipher_t *c, uint8_t *iv, int direction);
+srtp_err_status_t srtp_cipher_output(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output);
+srtp_err_status_t srtp_cipher_encrypt(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output);
+srtp_err_status_t srtp_cipher_decrypt(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output);
+srtp_err_status_t srtp_cipher_get_tag(srtp_cipher_t *c, uint8_t *buffer, uint32_t *tag_len);
+srtp_err_status_t srtp_cipher_set_aad(srtp_cipher_t *c, const uint8_t *aad, uint32_t aad_len);
+
+/*
+ * srtp_replace_cipher_type(ct, id)
+ *
+ * replaces srtp's existing cipher implementation for the cipher_type id
+ * with a new one passed in externally. The new cipher must pass all the
+ * existing cipher_type's self tests as well as its own.
+ */
+srtp_err_status_t srtp_replace_cipher_type(const srtp_cipher_type_t *ct, srtp_cipher_type_id_t id);
-uint64_t
-cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials);
+#ifdef __cplusplus
+}
+#endif
-#endif /* CIPHER_H */
+#endif /* SRTP_CIPHER_H */
+++ /dev/null
-/*
- * crypto.h
- *
- * API for libcrypto
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-#ifndef CRYPTO_H
-#define CRYPTO_H
-
-/**
- * @brief A cipher_type_id_t is an identifier for a particular cipher
- * type.
- *
- * A cipher_type_id_t is an integer that represents a particular
- * cipher type, e.g. the Advanced Encryption Standard (AES). A
- * NULL_CIPHER is avaliable; this cipher leaves the data unchanged,
- * and can be selected to indicate that no encryption is to take
- * place.
- *
- * @ingroup Ciphers
- */
-typedef uint32_t cipher_type_id_t;
-
-/**
- * @brief An auth_type_id_t is an identifier for a particular authentication
- * function.
- *
- * An auth_type_id_t is an integer that represents a particular
- * authentication function type, e.g. HMAC-SHA1. A NULL_AUTH is
- * avaliable; this authentication function performs no computation,
- * and can be selected to indicate that no authentication is to take
- * place.
- *
- * @ingroup Authentication
- */
-typedef uint32_t auth_type_id_t;
-
-#endif /* CRYPTO_H */
-
-
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
#ifndef CRYPTO_KERNEL
#define CRYPTO_KERNEL
-#include "rand_source.h"
-#include "prng.h"
-#include "cipher.h"
+#include "cipher.h"
#include "auth.h"
-#include "cryptoalg.h"
-#include "stat.h"
#include "err.h"
#include "crypto_types.h"
#include "key.h"
-#include "crypto.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
/*
* crypto_kernel_state_t defines the possible states:
* insecure - not yet initialized
* secure - initialized and passed self-tests
*/
-
typedef enum {
- crypto_kernel_state_insecure,
- crypto_kernel_state_secure
-} crypto_kernel_state_t;
+ srtp_crypto_kernel_state_insecure,
+ srtp_crypto_kernel_state_secure
+} srtp_crypto_kernel_state_t;
-/*
- * linked list of cipher types
+/*
+ * linked list of cipher types
*/
+typedef struct srtp_kernel_cipher_type {
+ srtp_cipher_type_id_t id;
+ const srtp_cipher_type_t *cipher_type;
+ struct srtp_kernel_cipher_type *next;
+} srtp_kernel_cipher_type_t;
-typedef struct kernel_cipher_type {
- cipher_type_id_t id;
- cipher_type_t *cipher_type;
- struct kernel_cipher_type *next;
-} kernel_cipher_type_t;
-
-/*
- * linked list of auth types
+/*
+ * linked list of auth types
*/
-
-typedef struct kernel_auth_type {
- auth_type_id_t id;
- auth_type_t *auth_type;
- struct kernel_auth_type *next;
-} kernel_auth_type_t;
+typedef struct srtp_kernel_auth_type {
+ srtp_auth_type_id_t id;
+ const srtp_auth_type_t *auth_type;
+ struct srtp_kernel_auth_type *next;
+} srtp_kernel_auth_type_t;
/*
- * linked list of debug modules
+ * linked list of debug modules
*/
-
-typedef struct kernel_debug_module {
- debug_module_t *mod;
- struct kernel_debug_module *next;
-} kernel_debug_module_t;
+typedef struct srtp_kernel_debug_module {
+ srtp_debug_module_t *mod;
+ struct srtp_kernel_debug_module *next;
+} srtp_kernel_debug_module_t;
/*
* note that there is *exactly one* instance of this data type,
* a global variable defined in crypto_kernel.c
*/
-
typedef struct {
- crypto_kernel_state_t state; /* current state of kernel */
- kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */
- kernel_auth_type_t *auth_type_list; /* list of all auth func types */
- kernel_debug_module_t *debug_module_list; /* list of all debug modules */
-} crypto_kernel_t;
+ srtp_crypto_kernel_state_t state; /* current state of kernel */
+ srtp_kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */
+ srtp_kernel_auth_type_t *auth_type_list; /* list of all auth func types */
+ srtp_kernel_debug_module_t *debug_module_list; /* list of all debug modules */
+} srtp_crypto_kernel_t;
/*
- * crypto_kernel_t external api
+ * srtp_crypto_kernel_t external api
*/
/*
- * The function crypto_kernel_init() initialized the crypto kernel and
+ * The function srtp_crypto_kernel_init() initialized the crypto kernel and
* runs the self-test operations on the random number generators and
* crypto algorithms. Possible return values are:
*
- * err_status_ok initialization successful
- * <other> init failure
+ * srtp_err_status_ok initialization successful
+ * <other> init failure
*
- * If any value other than err_status_ok is returned, the
- * crypto_kernel MUST NOT be used.
+ * If any value other than srtp_err_status_ok is returned, the
+ * crypto_kernel MUST NOT be used.
*/
-
-err_status_t
-crypto_kernel_init(void);
+srtp_err_status_t srtp_crypto_kernel_init(void);
/*
- * The function crypto_kernel_shutdown() de-initializes the
+ * The function srtp_crypto_kernel_shutdown() de-initializes the
* crypto_kernel, zeroizes keys and other cryptographic material, and
* deallocates any dynamically allocated memory. Possible return
* values are:
*
- * err_status_ok shutdown successful
- * <other> shutdown failure
+ * srtp_err_status_ok shutdown successful
+ * <other> shutdown failure
*
*/
-
-err_status_t
-crypto_kernel_shutdown(void);
+srtp_err_status_t srtp_crypto_kernel_shutdown(void);
/*
- * The function crypto_kernel_stats() checks the the crypto_kernel,
+ * The function srtp_crypto_kernel_stats() checks the the crypto_kernel,
* running tests on the ciphers, auth funcs, and rng, and prints out a
* status report. Possible return values are:
*
- * err_status_ok all tests were passed
- * <other> a test failed
+ * srtp_err_status_ok all tests were passed
+ * <other> a test failed
*
*/
-
-err_status_t
-crypto_kernel_status(void);
+srtp_err_status_t srtp_crypto_kernel_status(void);
/*
- * crypto_kernel_list_debug_modules() outputs a list of debugging modules
+ * srtp_crypto_kernel_list_debug_modules() outputs a list of debugging modules
*
*/
-
-err_status_t
-crypto_kernel_list_debug_modules(void);
+srtp_err_status_t srtp_crypto_kernel_list_debug_modules(void);
/*
- * crypto_kernel_load_cipher_type()
+ * srtp_crypto_kernel_load_cipher_type()
*
*/
+srtp_err_status_t srtp_crypto_kernel_load_cipher_type(const srtp_cipher_type_t *ct, srtp_cipher_type_id_t id);
-err_status_t
-crypto_kernel_load_cipher_type(cipher_type_t *ct, cipher_type_id_t id);
+srtp_err_status_t srtp_crypto_kernel_load_auth_type(const srtp_auth_type_t *ct, srtp_auth_type_id_t id);
-err_status_t
-crypto_kernel_load_auth_type(auth_type_t *ct, auth_type_id_t id);
+srtp_err_status_t srtp_crypto_kernel_load_debug_module(srtp_debug_module_t *new_dm);
/*
- * crypto_kernel_replace_cipher_type(ct, id)
- *
- * replaces the crypto kernel's existing cipher for the cipher_type id
- * with a new one passed in externally. The new cipher must pass all the
- * existing cipher_type's self tests as well as its own.
- */
-err_status_t
-crypto_kernel_replace_cipher_type(cipher_type_t *ct, cipher_type_id_t id);
-
-
-/*
- * crypto_kernel_replace_auth_type(ct, id)
- *
- * replaces the crypto kernel's existing cipher for the auth_type id
- * with a new one passed in externally. The new auth type must pass all the
- * existing auth_type's self tests as well as its own.
- */
-err_status_t
-crypto_kernel_replace_auth_type(auth_type_t *ct, auth_type_id_t id);
-
-
-err_status_t
-crypto_kernel_load_debug_module(debug_module_t *new_dm);
-
-/*
- * crypto_kernel_alloc_cipher(id, cp, key_len);
+ * srtp_crypto_kernel_alloc_cipher(id, cp, key_len);
*
* allocates a cipher of type id at location *cp, with key length
* key_len octets. Return values are:
- *
- * err_status_ok no problems
- * err_status_alloc_fail an allocation failure occured
- * err_status_fail couldn't find cipher with identifier 'id'
+ *
+ * srtp_err_status_ok no problems
+ * srtp_err_status_alloc_fail an allocation failure occured
+ * srtp_err_status_fail couldn't find cipher with identifier 'id'
*/
-
-err_status_t
-crypto_kernel_alloc_cipher(cipher_type_id_t id,
- cipher_pointer_t *cp,
- int key_len,
- int tag_len);
+srtp_err_status_t srtp_crypto_kernel_alloc_cipher(srtp_cipher_type_id_t id, srtp_cipher_pointer_t *cp, int key_len, int tag_len);
/*
- * crypto_kernel_alloc_auth(id, ap, key_len, tag_len);
+ * srtp_crypto_kernel_alloc_auth(id, ap, key_len, tag_len);
*
* allocates an auth function of type id at location *ap, with key
* length key_len octets and output tag length of tag_len. Return
* values are:
- *
- * err_status_ok no problems
- * err_status_alloc_fail an allocation failure occured
- * err_status_fail couldn't find auth with identifier 'id'
+ *
+ * srtp_err_status_ok no problems
+ * srtp_err_status_alloc_fail an allocation failure occured
+ * srtp_err_status_fail couldn't find auth with identifier 'id'
*/
-
-err_status_t
-crypto_kernel_alloc_auth(auth_type_id_t id,
- auth_pointer_t *ap,
- int key_len,
- int tag_len);
+srtp_err_status_t srtp_crypto_kernel_alloc_auth(srtp_auth_type_id_t id, srtp_auth_pointer_t *ap, int key_len, int tag_len);
/*
- * crypto_kernel_set_debug_module(mod_name, v)
- *
+ * srtp_crypto_kernel_set_debug_module(mod_name, v)
+ *
* sets dynamic debugging to the value v (0 for off, 1 for on) for the
* debug module with the name mod_name
*
- * returns err_status_ok on success, err_status_fail otherwise
+ * returns srtp_err_status_ok on success, srtp_err_status_fail otherwise
*/
+srtp_err_status_t srtp_crypto_kernel_set_debug_module(const char *mod_name, int v);
-err_status_t
-crypto_kernel_set_debug_module(char *mod_name, int v);
+#ifdef __cplusplus
+}
+#endif
-/**
- * @brief writes a random octet string.
- *
- * The function call crypto_get_random(dest, len) writes len octets of
- * random data to the location to which dest points, and returns an
- * error code. This error code @b must be checked, and if a failure is
- * reported, the data in the buffer @b must @b not be used.
- *
- * @warning If the return code is not checked, then non-random
- * data may be in the buffer. This function will fail
- * unless it is called after crypto_kernel_init().
- *
- * @return
- * - err_status_ok if no problems occured.
- * - [other] a problem occured, and no assumptions should
- * be made about the contents of the destination
- * buffer.
- *
- * @ingroup SRTP
- */
-err_status_t
-crypto_get_random(unsigned char *buffer, unsigned int length);
-
#endif /* CRYPTO_KERNEL */
+++ /dev/null
-/*
- * math.h
- *
- * crypto math operations and data types
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifndef MATH_H
-#define MATH_H
-
-#include "datatypes.h"
-
-unsigned char
-v32_weight(v32_t a);
-
-unsigned char
-v32_distance(v32_t x, v32_t y);
-
-unsigned int
-v32_dot_product(v32_t a, v32_t b);
-
-char *
-v16_bit_string(v16_t x);
-
-char *
-v32_bit_string(v32_t x);
-
-char *
-v64_bit_string(const v64_t *x);
-
-char *
-octet_hex_string(uint8_t x);
-
-char *
-v16_hex_string(v16_t x);
-
-char *
-v32_hex_string(v32_t x);
-
-char *
-v64_hex_string(const v64_t *x);
-
-int
-hex_char_to_nibble(uint8_t c);
-
-int
-is_hex_string(char *s);
-
-v16_t
-hex_string_to_v16(char *s);
-
-v32_t
-hex_string_to_v32(char *s);
-
-v64_t
-hex_string_to_v64(char *s);
-
-/* the matrix A[] is stored in column format, i.e., A[i] is
- the ith column of the matrix */
-
-uint8_t
-A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b);
-
-void
-v16_copy_octet_string(v16_t *x, const uint8_t s[2]);
-
-void
-v32_copy_octet_string(v32_t *x, const uint8_t s[4]);
-
-void
-v64_copy_octet_string(v64_t *x, const uint8_t s[8]);
-
-void
-v128_add(v128_t *z, v128_t *x, v128_t *y);
-
-int
-octet_string_is_eq(uint8_t *a, uint8_t *b, int len);
-
-void
-octet_string_set_to_zero(uint8_t *s, int len);
-
-
-
-/*
- * the matrix A[] is stored in column format, i.e., A[i] is the ith
- * column of the matrix
-*/
-uint8_t
-A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b);
-
-
-#if 0
-#if WORDS_BIGENDIAN
-
-#define _v128_add(z, x, y) { \
- uint64_t tmp; \
- \
- tmp = x->v32[3] + y->v32[3]; \
- z->v32[3] = (uint32_t) tmp; \
- \
- tmp = x->v32[2] + y->v32[2] + (tmp >> 32); \
- z->v32[2] = (uint32_t) tmp; \
- \
- tmp = x->v32[1] + y->v32[1] + (tmp >> 32); \
- z->v32[1] = (uint32_t) tmp; \
- \
- tmp = x->v32[0] + y->v32[0] + (tmp >> 32); \
- z->v32[0] = (uint32_t) tmp; \
-}
-
-#else /* assume little endian architecture */
-
-#define _v128_add(z, x, y) { \
- uint64_t tmp; \
- \
- tmp = htonl(x->v32[3]) + htonl(y->v32[3]); \
- z->v32[3] = ntohl((uint32_t) tmp); \
- \
- tmp = htonl(x->v32[2]) + htonl(y->v32[2]) \
- + htonl(tmp >> 32); \
- z->v32[2] = ntohl((uint32_t) tmp); \
- \
- tmp = htonl(x->v32[1]) + htonl(y->v32[1]) \
- + htonl(tmp >> 32); \
- z->v32[1] = ntohl((uint32_t) tmp); \
- \
- tmp = htonl(x->v32[0]) + htonl(y->v32[0]) \
- + htonl(tmp >> 32); \
- z->v32[0] = ntohl((uint32_t) tmp); \
-}
-
-#endif /* WORDS_BIGENDIAN */
-#endif
-
-#ifdef DATATYPES_USE_MACROS /* little functions are really macros */
-
-#define v128_set_to_zero(z) _v128_set_to_zero(z)
-#define v128_copy(z, x) _v128_copy(z, x)
-#define v128_xor(z, x, y) _v128_xor(z, x, y)
-#define v128_and(z, x, y) _v128_and(z, x, y)
-#define v128_or(z, x, y) _v128_or(z, x, y)
-#define v128_complement(x) _v128_complement(x)
-#define v128_is_eq(x, y) _v128_is_eq(x, y)
-#define v128_xor_eq(x, y) _v128_xor_eq(x, y)
-#define v128_get_bit(x, i) _v128_get_bit(x, i)
-#define v128_set_bit(x, i) _v128_set_bit(x, i)
-#define v128_clear_bit(x, i) _v128_clear_bit(x, i)
-#define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y)
-
-#else
-
-void
-v128_set_to_zero(v128_t *x);
-
-int
-v128_is_eq(const v128_t *x, const v128_t *y);
-
-void
-v128_copy(v128_t *x, const v128_t *y);
-
-void
-v128_xor(v128_t *z, v128_t *x, v128_t *y);
-
-void
-v128_and(v128_t *z, v128_t *x, v128_t *y);
-
-void
-v128_or(v128_t *z, v128_t *x, v128_t *y);
-
-void
-v128_complement(v128_t *x);
-
-int
-v128_get_bit(const v128_t *x, int i);
-
-void
-v128_set_bit(v128_t *x, int i) ;
-
-void
-v128_clear_bit(v128_t *x, int i);
-
-void
-v128_set_bit_to(v128_t *x, int i, int y);
-
-#endif /* DATATYPES_USE_MACROS */
-
-/*
- * octet_string_is_eq(a,b, len) returns 1 if the length len strings a
- * and b are not equal, returns 0 otherwise
- */
-
-int
-octet_string_is_eq(uint8_t *a, uint8_t *b, int len);
-
-void
-octet_string_set_to_zero(uint8_t *s, int len);
-
-
-#endif /* MATH_H */
-
-
-
*/
/*
*
- * Copyright(c) 2001-2006,2013 Cisco Systems, Inc.
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*
*/
-#ifndef CRYPTO_TYPES_H
-#define CRYPTO_TYPES_H
+#ifndef SRTP_CRYPTO_TYPES_H
+#define SRTP_CRYPTO_TYPES_H
-/**
- * @defgroup Algos Cryptographic Algorithms
- *
- *
- * This library provides several different cryptographic algorithms,
- * each of which can be selected by using the cipher_type_id_t and
- * auth_type_id_t. These algorithms are documented below.
- *
- * Authentication functions that use the Universal Security Transform
- * (UST) must be used in conjunction with a cipher other than the null
- * cipher. These functions require a per-message pseudorandom input
- * that is generated by the cipher.
- *
- * The identifiers STRONGHOLD_AUTH and STRONGHOLD_CIPHER identify the
- * strongest available authentication function and cipher,
- * respectively. They are resolved at compile time to the strongest
- * available algorithm. The stronghold algorithms can serve as did
- * the keep of a medieval fortification; they provide the strongest
- * defense (or the last refuge).
- *
- * @{
- */
-
-/**
- * @defgroup Ciphers Cipher Types
- *
- * @brief Each cipher type is identified by an unsigned integer. The
- * cipher types available in this edition of libSRTP are given
- * by the #defines below.
- *
- * A cipher_type_id_t is an identifier for a cipher_type; only values
- * given by the #defines above (or those present in the file
- * crypto_types.h) should be used.
- *
- * The identifier STRONGHOLD_CIPHER indicates the strongest available
- * cipher, allowing an application to choose the strongest available
- * algorithm without any advance knowledge about the avaliable
- * algorithms.
- *
- * @{
- */
-
-/**
- * @brief The null cipher performs no encryption.
+/*
+ * The null cipher performs no encryption.
*
- * The NULL_CIPHER leaves its inputs unaltered, during both the
+ * The SRTP_NULL_CIPHER leaves its inputs unaltered, during both the
* encryption and decryption operations. This cipher can be chosen
* to indicate that no encryption is to be performed.
*/
-#define NULL_CIPHER 0
+#define SRTP_NULL_CIPHER 0
-/**
- * @brief AES Integer Counter Mode (AES ICM)
+/*
+ * AES-128 Integer Counter Mode (AES ICM)
*
- * AES ICM is the variant of counter mode that is used by Secure RTP.
- * This cipher uses a 16-, 24-, or 32-octet key concatenated with a
+ * AES-128 ICM is the variant of counter mode that is used by
+ * Secure RTP. This cipher uses a 16-octet key concatenated with a
* 14-octet offset (or salt) value.
*/
-#define AES_ICM 1
-
-/**
- * @brief AES-128 Integer Counter Mode (AES ICM)
- * AES-128 ICM is a deprecated alternate name for AES ICM.
- */
-#define AES_128_ICM AES_ICM
+#define SRTP_AES_ICM_128 1
-/**
- * @brief SEAL 3.0
- *
- * SEAL is the Software-Optimized Encryption Algorithm of Coppersmith
- * and Rogaway. Nota bene: this cipher is IBM proprietary.
- */
-#define SEAL 2
-
-/**
- * @brief AES Cipher Block Chaining mode (AES CBC)
+/*
+ * AES-192 Integer Counter Mode (AES ICM)
*
- * AES CBC is the AES Cipher Block Chaining mode.
- * This cipher uses a 16-, 24-, or 32-octet key.
- */
-#define AES_CBC 3
-
-/**
- * @brief AES-128 Cipher Block Chaining mode (AES CBC)
- *
- * AES-128 CBC is a deprecated alternate name for AES CBC.
+ * AES-128 ICM is the variant of counter mode that is used by
+ * Secure RTP. This cipher uses a 24-octet key concatenated with a
+ * 14-octet offset (or salt) value.
*/
-#define AES_128_CBC AES_CBC
+#define SRTP_AES_ICM_192 4
-/**
- * @brief Strongest available cipher.
+/*
+ * AES-256 Integer Counter Mode (AES ICM)
*
- * This identifier resolves to the strongest cipher type available.
- */
-#define STRONGHOLD_CIPHER AES_ICM
-
-/**
- * @brief AES-192 Integer Counter Mode (AES ICM)
- * AES-192 ICM is a deprecated alternate name for AES ICM.
- */
-#define AES_192_ICM 4
-
-/**
- * @brief AES-256 Integer Counter Mode (AES ICM)
- * AES-256 ICM is a deprecated alternate name for AES ICM.
+ * AES-128 ICM is the variant of counter mode that is used by
+ * Secure RTP. This cipher uses a 32-octet key concatenated with a
+ * 14-octet offset (or salt) value.
*/
-#define AES_256_ICM 5
+#define SRTP_AES_ICM_256 5
-/**
- * @brief AES-128_GCM Galois Counter Mode (AES GCM)
+/*
+ * AES-128_GCM Galois Counter Mode (AES GCM)
*
* AES-128 GCM is the variant of galois counter mode that is used by
* Secure RTP. This cipher uses a 16-octet key.
*/
-#define AES_128_GCM 6
+#define SRTP_AES_GCM_128 6
-/**
- * @brief AES-256_GCM Galois Counter Mode (AES GCM)
+/*
+ * AES-256_GCM Galois Counter Mode (AES GCM)
*
* AES-256 GCM is the variant of galois counter mode that is used by
* Secure RTP. This cipher uses a 32-octet key.
*/
-#define AES_256_GCM 7
-
-/**
- * @}
- */
+#define SRTP_AES_GCM_256 7
-
-
-/**
- * @defgroup Authentication Authentication Function Types
- *
- * @brief Each authentication function type is identified by an
- * unsigned integer. The authentication function types available in
- * this edition of libSRTP are given by the #defines below.
- *
- * An auth_type_id_t is an identifier for an authentication function type;
- * only values given by the #defines above (or those present in the
- * file crypto_types.h) should be used.
- *
- * The identifier STRONGHOLD_AUTH indicates the strongest available
- * authentication function, allowing an application to choose the
- * strongest available algorithm without any advance knowledge about
- * the avaliable algorithms. The stronghold algorithms can serve as
- * did the keep of a medieval fortification; they provide the
- * strongest defense (or the last refuge).
- *
- * @{
- */
-
-/**
- * @brief The null authentication function performs no authentication.
+/*
+ * The null authentication function performs no authentication.
*
* The NULL_AUTH function does nothing, and can be selected to indicate
* that authentication should not be performed.
*/
-#define NULL_AUTH 0
+#define SRTP_NULL_AUTH 0
-/**
- * @brief UST with TMMH Version 2
- *
- * UST_TMMHv2 implements the Truncated Multi-Modular Hash using
- * UST. This function must be used in conjunction with a cipher other
- * than the null cipher.
- * with a cipher.
- */
-#define UST_TMMHv2 1
-
-/**
- * @brief (UST) AES-128 XORMAC
- *
- * UST_AES_128_XMAC implements AES-128 XORMAC, using UST. Nota bene:
- * the XORMAC algorithm is IBM proprietary.
- */
-#define UST_AES_128_XMAC 2
-
-/**
- * @brief HMAC-SHA1
+/*
+ * HMAC-SHA1
*
- * HMAC_SHA1 implements the Hash-based MAC using the NIST Secure
+ * SRTP_HMAC_SHA1 implements the Hash-based MAC using the NIST Secure
* Hash Algorithm version 1 (SHA1).
*/
-#define HMAC_SHA1 3
-
-/**
- * @brief Strongest available authentication function.
- *
- * This identifier resolves to the strongest available authentication
- * function.
- */
-#define STRONGHOLD_AUTH HMAC_SHA1
-
-/**
- * @}
- */
-/**
- * @}
- */
+#define SRTP_HMAC_SHA1 3
-#endif /* CRYPTO_TYPES_H */
+#endif /* SRTP_CRYPTO_TYPES_H */
+++ /dev/null
-/*
- * cryptoalg.h
- *
- * API for authenticated encryption crypto algorithms
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifndef CRYPTOALG_H
-#define CRYPTOALG_H
-
-#include "err.h"
-
-/**
- * @defgroup Crypto Cryptography
- *
- * Zed uses a simple interface to a cryptographic transform.
- *
- * @{
- */
-
-/**
- * @brief applies a crypto algorithm
- *
- * The function pointer cryptoalg_func_t points to a function that
- * implements a crypto transform, and provides a uniform API for
- * accessing crypto mechanisms.
- *
- * @param key location of secret key
- *
- * @param clear data to be authenticated but not encrypted
- *
- * @param clear_len length of data to be authenticated but not encrypted
- *
- * @param iv location to write the Initialization Vector (IV)
- *
- * @param protect location of the data to be encrypted and
- * authenticated (before the function call), and the ciphertext
- * and authentication tag (after the call)
- *
- * @param protected_len location of the length of the data to be
- * encrypted and authenticated (before the function call), and the
- * length of the ciphertext (after the call)
- *
- */
-
-typedef err_status_t (*cryptoalg_func_t)
- (void *key,
- const void *clear,
- unsigned clear_len,
- void *iv,
- void *protect,
- unsigned *protected_len);
-
-typedef
-err_status_t (*cryptoalg_inv_t)
- (void *key, /* location of secret key */
- const void *clear, /* data to be authenticated only */
- unsigned clear_len, /* length of data to be authenticated only */
- void *iv, /* location of iv */
- void *opaque, /* data to be decrypted and authenticated */
- unsigned *opaque_len /* location of the length of data to be
- * decrypted and authd (before and after)
- */
- );
-
-typedef struct cryptoalg_ctx_t {
- cryptoalg_func_t enc;
- cryptoalg_inv_t dec;
- unsigned key_len;
- unsigned iv_len;
- unsigned auth_tag_len;
- unsigned max_expansion;
-} cryptoalg_ctx_t;
-
-typedef cryptoalg_ctx_t *cryptoalg_t;
-
-#define cryptoalg_get_key_len(cryptoalg) ((cryptoalg)->key_len)
-
-#define cryptoalg_get_iv_len(cryptoalg) ((cryptoalg)->iv_len)
-
-#define cryptoalg_get_auth_tag_len(cryptoalg) ((cryptoalg)->auth_tag_len)
-
-int
-cryptoalg_get_id(cryptoalg_t c);
-
-cryptoalg_t
-cryptoalg_find_by_id(int id);
-
-
-/**
- * @}
- */
-
-#endif /* CRYPTOALG_H */
-
-
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
-#ifndef _DATATYPES_H
-#define _DATATYPES_H
+#ifndef DATATYPES_H
+#define DATATYPES_H
#include "integers.h" /* definitions of uint32_t, et cetera */
#include "alloc.h"
#include <stdarg.h>
-#ifndef SRTP_KERNEL
-# include <stdio.h>
-# include <string.h>
-# include <time.h>
-# ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-# elif defined HAVE_WINSOCK2_H
-# include <winsock2.h>
-# endif
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#elif defined HAVE_WINSOCK2_H
+# include <winsock2.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
#endif
int
octet_get_weight(uint8_t octet);
-char *
-octet_bit_string(uint8_t x);
-
#define MAX_PRINT_STRING_LEN 1024
char *
-octet_string_hex_string(const void *str, int length);
+srtp_octet_string_hex_string(const void *str, int length);
char *
v128_bit_string(v128_t *x);
char *
v128_hex_string(v128_t *x);
-uint8_t
-nibble_to_hex_char(uint8_t nibble);
-
-char *
-char_to_hex_string(char *x, int num_char);
-
-uint8_t
-hex_string_to_octet(char *s);
-
-/*
- * hex_string_to_octet_string(raw, hex, len) converts the hexadecimal
- * string at *hex (of length len octets) to the equivalent raw data
- * and writes it to *raw.
- *
- * if a character in the hex string that is not a hexadeciaml digit
- * (0123456789abcdefABCDEF) is encountered, the function stops writing
- * data to *raw
- *
- * the number of hex digits copied (which is two times the number of
- * octets in *raw) is returned
- */
-
-int
-hex_string_to_octet_string(char *raw, char *hex, int len);
-
-v128_t
-hex_string_to_v128(char *s);
-
void
v128_copy_octet_string(v128_t *x, const uint8_t s[16]);
_v128_clear_bit(x, bit) \
)
-
-#if 0
-/* nothing uses this */
-#ifdef WORDS_BIGENDIAN
-
-#define _v128_add(z, x, y) { \
- uint64_t tmp; \
- \
- tmp = x->v32[3] + y->v32[3]; \
- z->v32[3] = (uint32_t) tmp; \
- \
- tmp = x->v32[2] + y->v32[2] + (tmp >> 32); \
- z->v32[2] = (uint32_t) tmp; \
- \
- tmp = x->v32[1] + y->v32[1] + (tmp >> 32); \
- z->v32[1] = (uint32_t) tmp; \
- \
- tmp = x->v32[0] + y->v32[0] + (tmp >> 32); \
- z->v32[0] = (uint32_t) tmp; \
-}
-
-#else /* assume little endian architecture */
-
-#define _v128_add(z, x, y) { \
- uint64_t tmp; \
- \
- tmp = htonl(x->v32[3]) + htonl(y->v32[3]); \
- z->v32[3] = ntohl((uint32_t) tmp); \
- \
- tmp = htonl(x->v32[2]) + htonl(y->v32[2]) \
- + htonl(tmp >> 32); \
- z->v32[2] = ntohl((uint32_t) tmp); \
- \
- tmp = htonl(x->v32[1]) + htonl(y->v32[1]) \
- + htonl(tmp >> 32); \
- z->v32[1] = ntohl((uint32_t) tmp); \
- \
- tmp = htonl(x->v32[0]) + htonl(y->v32[0]) \
- + htonl(tmp >> 32); \
- z->v32[0] = ntohl((uint32_t) tmp); \
-}
-#endif /* WORDS_BIGENDIAN */
-#endif /* 0 */
-
-
#ifdef DATATYPES_USE_MACROS /* little functions are really macros */
#define v128_set_to_zero(z) _v128_set_to_zero(z)
#endif /* DATATYPES_USE_MACROS */
/*
- * octet_string_is_eq(a,b, len) returns 1 if the length len strings a
- * and b are not equal, returns 0 otherwise
+ * octet_string_is_eq(a, b, len) returns 1 if the length len strings a
+ * and b are not equal. It returns 0 otherwise. The running time of the
+ * comparison depends only on len, making this safe to use for (e.g.)
+ * verifying authentication tags.
*/
int
octet_string_is_eq(uint8_t *a, uint8_t *b, int len);
+/*
+ * A portable way to zero out memory as recommended by
+ * https://cryptocoding.net/index.php/Coding_rules#Clean_memory_of_secret_data
+ * This is used to zero memory when OPENSSL_cleanse() is not available.
+ */
void
-octet_string_set_to_zero(uint8_t *s, int len);
+srtp_cleanse(void *s, size_t len);
+/*
+ * Functions as a wrapper that delegates to either srtp_cleanse() or
+ * OPENSSL_cleanse() if available to zero memory.
+ */
+void
+octet_string_set_to_zero(void *s, size_t len);
-#ifndef SRTP_KERNEL_LINUX
+#if defined(HAVE_CONFIG_H)
/*
* Convert big endian integers to CPU byte order.
# define be64_to_cpu(x) bswap_64((x))
#else
-#if defined(__GNUC__) && defined(HAVE_X86) && !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__NetBSD__) && !defined(__DragonFly__) && !defined(__sun)
+#if defined(__GNUC__) && defined(HAVE_X86)
/* Fall back. */
static inline uint32_t be32_to_cpu(uint32_t v) {
/* optimized for x86. */
return v;
}
-#endif /* ! SRTP_KERNEL_LINUX */
+#endif
#endif /* WORDS_BIGENDIAN */
char *
bitvector_bit_string(bitvector_t *x, char* buf, int len);
-#endif /* _DATATYPES_H */
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* DATATYPES_H */
/*
* err.h
- *
+ *
* error status codes
*
* David A. McGrew
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
#ifndef ERR_H
#define ERR_H
-#include "datatypes.h"
+#include <stdio.h>
+#include <stdarg.h>
+#include "srtp.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
/**
* @defgroup Error Error Codes
- *
- * Error status codes are represented by the enumeration err_status_t.
- *
- * @{
- */
-
-
-/*
- * @brief err_status_t defines error codes.
*
- * The enumeration err_status_t defines error codes. Note that the
- * value of err_status_ok is equal to zero, which can simplify error
- * checking somewhat.
+ * Error status codes are represented by the enumeration srtp_err_status_t.
*
+ * @{
*/
-typedef enum {
- err_status_ok = 0, /**< nothing to report */
- err_status_fail = 1, /**< unspecified failure */
- err_status_bad_param = 2, /**< unsupported parameter */
- err_status_alloc_fail = 3, /**< couldn't allocate memory */
- err_status_dealloc_fail = 4, /**< couldn't deallocate properly */
- err_status_init_fail = 5, /**< couldn't initialize */
- err_status_terminus = 6, /**< can't process as much data as requested */
- err_status_auth_fail = 7, /**< authentication failure */
- err_status_cipher_fail = 8, /**< cipher failure */
- err_status_replay_fail = 9, /**< replay check failed (bad index) */
- err_status_replay_old = 10, /**< replay check failed (index too old) */
- err_status_algo_fail = 11, /**< algorithm failed test routine */
- err_status_no_such_op = 12, /**< unsupported operation */
- err_status_no_ctx = 13, /**< no appropriate context found */
- err_status_cant_check = 14, /**< unable to perform desired validation */
- err_status_key_expired = 15, /**< can't use key any more */
- err_status_socket_err = 16, /**< error in use of socket */
- err_status_signal_err = 17, /**< error in use POSIX signals */
- err_status_nonce_bad = 18, /**< nonce check failed */
- err_status_read_fail = 19, /**< couldn't read data */
- err_status_write_fail = 20, /**< couldn't write data */
- err_status_parse_err = 21, /**< error parsing data */
- err_status_encode_err = 22, /**< error encoding data */
- err_status_semaphore_err = 23,/**< error while using semaphores */
- err_status_pfkey_err = 24 /**< error while using pfkey */
-} err_status_t;
+
/**
* @}
*/
typedef enum {
- err_level_emergency = 0,
- err_level_alert,
- err_level_critical,
- err_level_error,
- err_level_warning,
- err_level_notice,
- err_level_info,
- err_level_debug,
- err_level_none
-} err_reporting_level_t;
+ srtp_err_level_error,
+ srtp_err_level_warning,
+ srtp_err_level_info,
+ srtp_err_level_debug
+} srtp_err_reporting_level_t;
/*
* err_reporting_init prepares the error system. If
- * ERR_REPORTING_SYSLOG is defined, it will open syslog.
+ * ERR_REPORTING_STDOUT is defined, it will log to stdout.
*
- * The ident argument is a string that will be prepended to
- * all syslog messages. It is conventionally argv[0].
*/
-err_status_t
-err_reporting_init(char *ident);
+srtp_err_status_t srtp_err_reporting_init(void);
-#ifdef SRTP_KERNEL_LINUX
-extern err_reporting_level_t err_level;
-#else
+typedef void (srtp_err_report_handler_func_t)(srtp_err_reporting_level_t level, const char * msg);
+
+srtp_err_status_t srtp_install_err_report_handler(srtp_err_report_handler_func_t func);
/*
- * keydaemon_report_error reports a 'printf' formatted error
- * string, followed by a an arg list. The priority argument
- * is equivalent to that defined for syslog.
+ * srtp_err_report reports a 'printf' formatted error
+ * string, followed by a an arg list. The level argument
+ * is one of srtp_err_reporting_level_t.
*
- * Errors will be reported to ERR_REPORTING_FILE, if defined, and to
- * syslog, if ERR_REPORTING_SYSLOG is defined.
+ * Errors will be reported to stdout, if ERR_REPORTING_STDOUT
+ * is defined.
*
*/
void
-err_report(int priority, char *format, ...);
-#endif /* ! SRTP_KERNEL_LINUX */
+srtp_err_report(srtp_err_reporting_level_t level, const char *format, ...);
/*
*/
typedef struct {
- int on; /* 1 if debugging is on, 0 if it is off */
- char *name; /* printable name for debug module */
-} debug_module_t;
-
-#ifdef ENABLE_DEBUGGING
-
-#define debug_on(mod) (mod).on = 1
+ int on; /* 1 if debugging is on, 0 if it is off */
+ const char *name; /* printable name for debug module */
+} srtp_debug_module_t;
-#define debug_off(mod) (mod).on = 0
+#ifdef ENABLE_DEBUG_LOGGING
-/* use err_report() to report debug message */
#define debug_print(mod, format, arg) \
- if (mod.on) err_report(err_level_debug, ("%s: " format "\n"), mod.name, arg)
-#define debug_print2(mod, format, arg1,arg2) \
- if (mod.on) err_report(err_level_debug, ("%s: " format "\n"), mod.name, arg1,arg2)
+ srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg)
+#define debug_print2(mod, format, arg1, arg2) \
+ srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg1, arg2)
#else
-/* define macros to do nothing */
-#define debug_print(mod, format, arg)
-
-#define debug_on(mod)
+#define debug_print(mod, format, arg) \
+ if (mod.on) srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg)
+#define debug_print2(mod, format, arg1, arg2) \
+ if (mod.on) srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg1, arg2)
-#define debug_off(mod)
+#endif
+#ifdef __cplusplus
+}
#endif
#endif /* ERR_H */
+++ /dev/null
-/*
- * gf2_8.h
- *
- * GF(256) implementation
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#ifndef GF2_8_H
-#define GF2_8_H
-
-#include "datatypes.h" /* for uint8_t definition */
-
-typedef uint8_t gf2_8;
-
-#define gf2_8_field_polynomial 0x1B
-
-/*
- * gf2_8_shift(x) returns
- */
-
-/*
- * gf2_8_shift(z) returns the result of the GF(2^8) 'multiply by x'
- * operation, using the field representation from AES; that is, the
- * next gf2_8 value in the cyclic representation of that field. The
- * value z should be an uint8_t.
- */
-
-#define gf2_8_shift(z) (((z) & 128) ? \
- (((z) << 1) ^ gf2_8_field_polynomial) : ((z) << 1))
-
-gf2_8
-gf2_8_compute_inverse(gf2_8 x);
-
-void
-test_gf2_8(void);
-
-gf2_8
-gf2_8_multiply(gf2_8 x, gf2_8 y);
-
-#endif /* GF2_8_H */
/*
* hmac.h
*
- * interface to hmac auth_type_t
+ * interface to hmac srtp_auth_type_t
*
* David A. McGrew
* Cisco Systems, Inc.
*
*/
/*
- *
- * Copyright (c) 2001-2006,2013, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
#include "sha1.h"
typedef struct {
- uint8_t opad[64];
- sha1_ctx_t ctx;
- sha1_ctx_t init_ctx;
-#ifdef OPENSSL
- int ctx_initialized;
- int init_ctx_initialized;
-#endif
-} hmac_ctx_t;
-
-err_status_t
-hmac_alloc(auth_t **a, int key_len, int out_len);
-
-err_status_t
-hmac_dealloc(auth_t *a);
-
-err_status_t
-hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len);
-
-err_status_t
-hmac_start(hmac_ctx_t *state);
-
-err_status_t
-hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets);
-
-err_status_t
-hmac_compute(hmac_ctx_t *state, const void *message,
- int msg_octets, int tag_len, uint8_t *result);
-
+ uint8_t opad[64];
+ srtp_sha1_ctx_t ctx;
+ srtp_sha1_ctx_t init_ctx;
+} srtp_hmac_ctx_t;
#endif /* HMAC_H */
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#ifndef INTEGERS_H
#define INTEGERS_H
-#include "config.h" /* configuration file, using autoconf */
-
-#ifdef SRTP_KERNEL
-
-#include "kernel_compat.h"
-
-#else /* SRTP_KERNEL */
/* use standard integer definitions, if they're available */
#ifdef HAVE_STDLIB_H
# include <machine/types.h>
#endif
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* Can we do 64 bit integers? */
-#ifndef HAVE_UINT64_T
+#if !defined(HAVE_UINT64_T)
# if SIZEOF_UNSIGNED_LONG == 8
typedef unsigned long uint64_t;
# elif SIZEOF_UNSIGNED_LONG_LONG == 8
#ifndef HAVE_UINT32_T
typedef unsigned int uint32_t;
#endif
+#ifndef HAVE_INT32_T
+typedef int int32_t;
+#endif
-#ifdef NO_64BIT_MATH
+#if defined(NO_64BIT_MATH) && defined(HAVE_CONFIG_H)
typedef double uint64_t;
/* assert that sizeof(double) == 8 */
extern uint64_t make64(uint32_t high, uint32_t low);
extern uint32_t low32(uint64_t value);
#endif
-#endif /* SRTP_KERNEL */
/* These macros are to load and store 32-bit values from un-aligned
addresses. This is required for processors that do not allow unaligned
#define GET_32(addr) (*(((uint32_t *) (addr)))
#endif
+#ifdef __cplusplus
+}
+#endif
+
#endif /* INTEGERS_H */
+++ /dev/null
-/*
- * kernel_compat.h
- *
- * Compatibility stuff for building in kernel context where standard
- * C headers and library are not available.
- *
- * Marcus Sundberg
- * Ingate Systems AB
- */
-/*
- *
- * Copyright(c) 2005 Ingate Systems AB
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the author(s) nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifndef KERNEL_COMPAT_H
-#define KERNEL_COMPAT_H
-
-#ifdef SRTP_KERNEL_LINUX
-
-#include <linux/kernel.h>
-#include <linux/slab.h>
-#include <linux/sched.h>
-#include <linux/random.h>
-#include <linux/byteorder/generic.h>
-
-
-#define err_report(priority, ...) \
- do {\
- if (priority <= err_level) {\
- printk(__VA_ARGS__);\
- }\
- }while(0)
-
-#define clock() (jiffies)
-#define time(x) (jiffies)
-
-/* rand() implementation. */
-#define RAND_MAX 32767
-
-static inline int rand(void)
-{
- uint32_t temp;
- get_random_bytes(&temp, sizeof(temp));
- return temp % (RAND_MAX+1);
-}
-
-/* stdio/stdlib implementation. */
-#define printf(...) printk(__VA_ARGS__)
-#define exit(n) panic("%s:%d: exit(%d)\n", __FILE__, __LINE__, (n))
-
-#endif /* SRTP_KERNEL_LINUX */
-
-#endif /* KERNEL_COMPAT_H */
* key.h
*
* key usage limits enforcement
- *
+ *
* David A. Mcgrew
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
#ifndef KEY_H
#define KEY_H
-#include "rdbx.h" /* for xtd_seq_num_t */
+#include "rdbx.h" /* for srtp_xtd_seq_num_t */
#include "err.h"
-typedef struct key_limit_ctx_t *key_limit_t;
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct srtp_key_limit_ctx_t *srtp_key_limit_t;
typedef enum {
- key_event_normal,
- key_event_soft_limit,
- key_event_hard_limit
-} key_event_t;
+ srtp_key_event_normal,
+ srtp_key_event_soft_limit,
+ srtp_key_event_hard_limit
+} srtp_key_event_t;
-err_status_t
-key_limit_set(key_limit_t key, const xtd_seq_num_t s);
+srtp_err_status_t srtp_key_limit_set(srtp_key_limit_t key, const srtp_xtd_seq_num_t s);
-err_status_t
-key_limit_clone(key_limit_t original, key_limit_t *new_key);
+srtp_err_status_t srtp_key_limit_clone(srtp_key_limit_t original, srtp_key_limit_t *new_key);
-err_status_t
-key_limit_check(const key_limit_t key);
+srtp_err_status_t srtp_key_limit_check(const srtp_key_limit_t key);
-key_event_t
-key_limit_update(key_limit_t key);
+srtp_key_event_t srtp_key_limit_update(srtp_key_limit_t key);
+
+typedef enum {
+ srtp_key_state_normal,
+ srtp_key_state_past_soft_limit,
+ srtp_key_state_expired
+} srtp_key_state_t;
-typedef enum {
- key_state_normal,
- key_state_past_soft_limit,
- key_state_expired
-} key_state_t;
+typedef struct srtp_key_limit_ctx_t {
+ srtp_xtd_seq_num_t num_left;
+ srtp_key_state_t state;
+} srtp_key_limit_ctx_t;
-typedef struct key_limit_ctx_t {
- xtd_seq_num_t num_left;
- key_state_t state;
-} key_limit_ctx_t;
+#ifdef __cplusplus
+}
+#endif
#endif /* KEY_H */
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
#include "auth.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
typedef struct {
- char foo;
-} null_auth_ctx_t;
+ char foo;
+} srtp_null_auth_ctx_t;
+
+#if 0
+srtp_err_status_t srtp_null_auth_alloc(srtp_auth_t **a, int key_len, int out_len);
-err_status_t
-null_auth_alloc(auth_t **a, int key_len, int out_len);
+srtp_err_status_t srtp_null_auth_dealloc(srtp_auth_t *a);
-err_status_t
-null_auth_dealloc(auth_t *a);
+srtp_err_status_t srtp_null_auth_init(srtp_null_auth_ctx_t *state, const uint8_t *key, int key_len);
-err_status_t
-null_auth_init(null_auth_ctx_t *state, const uint8_t *key, int key_len);
+srtp_err_status_t srtp_null_auth_compute(srtp_null_auth_ctx_t *state, uint8_t *message, int msg_octets, int tag_len, uint8_t *result);
-err_status_t
-null_auth_compute (null_auth_ctx_t *state, uint8_t *message,
- int msg_octets, int tag_len, uint8_t *result);
+#endif
+#ifdef __cplusplus
+}
+#endif
#endif /* NULL_AUTH_H */
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
#include "cipher.h"
typedef struct {
- char foo ;/* empty, for now */
-} null_cipher_ctx_t;
-
-
-/*
- * none of these functions do anything (though future versions may keep
- * track of bytes encrypted, number of instances, and/or other info).
- */
-
-err_status_t
-null_cipher_init(null_cipher_ctx_t *c, const uint8_t *key, int key_len);
-
-err_status_t
-null_cipher_set_segment(null_cipher_ctx_t *c,
- unsigned long segment_index);
-
-err_status_t
-null_cipher_encrypt(null_cipher_ctx_t *c,
- unsigned char *buf, unsigned int *bytes_to_encr);
-
-
-err_status_t
-null_cipher_encrypt_aligned(null_cipher_ctx_t *c,
- unsigned char *buf, int bytes_to_encr);
+ char foo; /* empty, for now */
+} srtp_null_cipher_ctx_t;
#endif /* NULL_CIPHER_H */
+++ /dev/null
-/*
- * prng.h
- *
- * pseudorandom source
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-#ifndef PRNG_H
-#define PRNG_H
-
-#include "rand_source.h" /* for rand_source_func_t definition */
-#include "aes.h" /* for aes */
-//FIXME: this is temporary until we pull in the code to use OpenSSL for RNG
-#ifdef OPENSSL
-#include "aes_icm_ossl.h" /* for aes ctr */
-#else
-#include "aes_icm.h" /* for aes ctr */
-#endif
-
-#define MAX_PRNG_OUT_LEN 0xffffffffU
-
-/*
- * x917_prng is an ANSI X9.17-like AES-based PRNG
- */
-
-typedef struct {
- v128_t state; /* state data */
- aes_expanded_key_t key; /* secret key */
- uint32_t octet_count; /* number of octets output since last init */
- rand_source_func_t rand; /* random source for re-initialization */
-} x917_prng_t;
-
-err_status_t
-x917_prng_init(rand_source_func_t random_source);
-
-err_status_t
-x917_prng_get_octet_string(uint8_t *dest, uint32_t len);
-
-
-/*
- * ctr_prng is an AES-CTR based PRNG
- */
-
-typedef struct {
- uint32_t octet_count; /* number of octets output since last init */
- aes_icm_ctx_t state; /* state data */
- rand_source_func_t rand; /* random source for re-initialization */
-} ctr_prng_t;
-
-err_status_t
-ctr_prng_init(rand_source_func_t random_source);
-
-err_status_t
-ctr_prng_get_octet_string(void *dest, uint32_t len);
-
-
-#endif
*/
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
#ifndef REPLAY_DB_H
#define REPLAY_DB_H
#include "integers.h" /* for uint32_t */
#include "datatypes.h" /* for v128_t */
-#include "err.h" /* for err_status_t */
+#include "err.h" /* for srtp_err_status_t */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
/*
* if the ith least significant bit is one, then the packet index
*/
typedef struct {
- uint32_t window_start; /* packet index of the first bit in bitmask */
- v128_t bitmask;
-} rdb_t;
+ uint32_t window_start; /* packet index of the first bit in bitmask */
+ v128_t bitmask;
+} srtp_rdb_t;
-#define rdb_bits_in_bitmask (8*sizeof(v128_t))
+#define rdb_bits_in_bitmask (8 * sizeof(v128_t))
/*
- * rdb init
+ * srtp_rdb_init
*
* initalizes rdb
*
- * returns err_status_ok on success, err_status_t_fail otherwise
+ * returns srtp_err_status_ok on success, srtp_err_status_t_fail otherwise
*/
-
-err_status_t
-rdb_init(rdb_t *rdb);
+srtp_err_status_t srtp_rdb_init(srtp_rdb_t *rdb);
/*
- * rdb_check
+ * srtp_rdb_check
*
* checks to see if index appears in rdb
*
- * returns err_status_fail if the index already appears in rdb,
- * returns err_status_ok otherwise
+ * returns srtp_err_status_fail if the index already appears in rdb,
+ * returns srtp_err_status_ok otherwise
*/
-
-err_status_t
-rdb_check(const rdb_t *rdb, uint32_t rdb_index);
+srtp_err_status_t srtp_rdb_check(const srtp_rdb_t *rdb, uint32_t rdb_index);
/*
- * rdb_add_index
+ * srtp_rdb_add_index
*
- * adds index to rdb_t (and does *not* check if index appears in db)
+ * adds index to srtp_rdb_t (and does *not* check if index appears in db)
*
- * returns err_status_ok on success, err_status_fail otherwise
+ * returns srtp_err_status_ok on success, srtp_err_status_fail otherwise
*
*/
-
-err_status_t
-rdb_add_index(rdb_t *rdb, uint32_t rdb_index);
+srtp_err_status_t srtp_rdb_add_index(srtp_rdb_t *rdb, uint32_t rdb_index);
/*
- * the functions rdb_increment() and rdb_get_value() are for use by
+ * the functions srtp_rdb_increment() and srtp_rdb_get_value() are for use by
* senders, not receivers - DO NOT use these functions on the same
- * rdb_t upon which rdb_add_index is used!
+ * srtp_rdb_t upon which srtp_rdb_add_index is used!
*/
/*
- * rdb_increment(db) increments the sequence number in db, if it is
+ * srtp_rdb_increment(db) increments the sequence number in db, if it is
* not too high
*
* return values:
- *
- * err_status_ok no problem
- * err_status_key_expired sequence number too high
+ *
+ * srtp_err_status_ok no problem
+ * srtp_err_status_key_expired sequence number too high
*
*/
-err_status_t
-rdb_increment(rdb_t *rdb);
+srtp_err_status_t srtp_rdb_increment(srtp_rdb_t *rdb);
/*
- * rdb_get_value(db) returns the current sequence number of db
+ * srtp_rdb_get_value(db) returns the current sequence number of db
*/
+uint32_t srtp_rdb_get_value(const srtp_rdb_t *rdb);
-uint32_t
-rdb_get_value(const rdb_t *rdb);
+#ifdef __cplusplus
+}
+#endif
-#endif /* REPLAY_DB_H */
+#endif /* REPLAY_DB_H */
*
*/
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
#ifndef RDBX_H
#define RDBX_H
#include "datatypes.h"
#include "err.h"
-/* #define ROC_TEST */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* #define ROC_TEST */
#ifndef ROC_TEST
-typedef uint16_t sequence_number_t; /* 16 bit sequence number */
-typedef uint32_t rollover_counter_t; /* 32 bit rollover counter */
+typedef uint16_t srtp_sequence_number_t; /* 16 bit sequence number */
+typedef uint32_t srtp_rollover_counter_t; /* 32 bit rollover counter */
#else /* use small seq_num and roc datatypes for testing purposes */
-typedef unsigned char sequence_number_t; /* 8 bit sequence number */
-typedef uint16_t rollover_counter_t; /* 16 bit rollover counter */
+typedef unsigned char srtp_sequence_number_t; /* 8 bit sequence number */
+typedef uint16_t srtp_rollover_counter_t; /* 16 bit rollover counter */
#endif
-#define seq_num_median (1 << (8*sizeof(sequence_number_t) - 1))
-#define seq_num_max (1 << (8*sizeof(sequence_number_t)))
+#define seq_num_median (1 << (8 * sizeof(srtp_sequence_number_t) - 1))
+#define seq_num_max (1 << (8 * sizeof(srtp_sequence_number_t)))
/*
- * An xtd_seq_num_t is a 64-bit unsigned integer used as an 'extended'
- * sequence number.
+ * An rtp_xtd_seq_num_t is a 64-bit unsigned integer used as an 'extended'
+ * sequence number.
*/
-
-typedef uint64_t xtd_seq_num_t;
+typedef uint64_t srtp_xtd_seq_num_t;
/*
- * An rdbx_t is a replay database with extended range; it uses an
+ * An srtp_rdbx_t is a replay database with extended range; it uses an
* xtd_seq_num_t and a bitmask of recently received indices.
*/
-
typedef struct {
- xtd_seq_num_t index;
- bitvector_t bitmask;
-} rdbx_t;
+ srtp_xtd_seq_num_t index;
+ bitvector_t bitmask;
+} srtp_rdbx_t;
/*
- * rdbx_init(rdbx_ptr, ws)
+ * srtp_rdbx_init(rdbx_ptr, ws)
*
* initializes the rdbx pointed to by its argument with the window size ws,
* setting the rollover counter and sequence number to zero
*/
-
-err_status_t
-rdbx_init(rdbx_t *rdbx, unsigned long ws);
+srtp_err_status_t srtp_rdbx_init(srtp_rdbx_t *rdbx, unsigned long ws);
/*
- * rdbx_dealloc(rdbx_ptr)
+ * srtp_rdbx_dealloc(rdbx_ptr)
*
* frees memory associated with the rdbx
*/
-
-err_status_t
-rdbx_dealloc(rdbx_t *rdbx);
+srtp_err_status_t srtp_rdbx_dealloc(srtp_rdbx_t *rdbx);
/*
- * rdbx_estimate_index(rdbx, guess, s)
- *
+ * srtp_rdbx_estimate_index(rdbx, guess, s)
+ *
* given an rdbx and a sequence number s (from a newly arrived packet),
* sets the contents of *guess to contain the best guess of the packet
* index to which s corresponds, and returns the difference between
* *guess and the locally stored synch info
*/
-
-int
-rdbx_estimate_index(const rdbx_t *rdbx,
- xtd_seq_num_t *guess,
- sequence_number_t s);
+int32_t srtp_rdbx_estimate_index(const srtp_rdbx_t *rdbx, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s);
/*
- * rdbx_check(rdbx, delta);
+ * srtp_rdbx_check(rdbx, delta);
*
- * rdbx_check(&r, delta) checks to see if the xtd_seq_num_t
+ * srtp_rdbx_check(&r, delta) checks to see if the xtd_seq_num_t
* which is at rdbx->window_start + delta is in the rdb
*
*/
-
-err_status_t
-rdbx_check(const rdbx_t *rdbx, int difference);
+srtp_err_status_t srtp_rdbx_check(const srtp_rdbx_t *rdbx, int difference);
/*
- * replay_add_index(rdbx, delta)
- *
- * adds the xtd_seq_num_t at rdbx->window_start + delta to replay_db
+ * srtp_replay_add_index(rdbx, delta)
+ *
+ * adds the srtp_xtd_seq_num_t at rdbx->window_start + delta to replay_db
* (and does *not* check if that xtd_seq_num_t appears in db)
*
* this function should be called *only* after replay_check has
* indicated that the index does not appear in the rdbx, and a mutex
* should protect the rdbx between these calls if necessary.
*/
-
-err_status_t
-rdbx_add_index(rdbx_t *rdbx, int delta);
+srtp_err_status_t srtp_rdbx_add_index(srtp_rdbx_t *rdbx, int delta);
/*
- * rdbx_set_roc(rdbx, roc) initalizes the rdbx_t at the location rdbx
+ * srtp_rdbx_set_roc(rdbx, roc) initalizes the srtp_rdbx_t at the location rdbx
* to have the rollover counter value roc. If that value is less than
* the current rollover counter value, then the function returns
- * err_status_replay_old; otherwise, err_status_ok is returned.
- *
+ * srtp_err_status_replay_old; otherwise, srtp_err_status_ok is returned.
+ *
*/
-
-err_status_t
-rdbx_set_roc(rdbx_t *rdbx, uint32_t roc);
+srtp_err_status_t srtp_rdbx_set_roc(srtp_rdbx_t *rdbx, uint32_t roc);
/*
- * rdbx_get_roc(rdbx) returns the value of the rollover counter for
- * the rdbx_t pointed to by rdbx
- *
+ * srtp_rdbx_get_packet_index(rdbx) returns the value of the rollover counter for
+ * the srtp_rdbx_t pointed to by rdbx
+ *
*/
-
-xtd_seq_num_t
-rdbx_get_packet_index(const rdbx_t *rdbx);
+srtp_xtd_seq_num_t srtp_rdbx_get_packet_index(const srtp_rdbx_t *rdbx);
/*
- * xtd_seq_num_t functions - these are *internal* functions of rdbx, and
+ * srtp_xtd_seq_num_t functions - these are *internal* functions of rdbx, and
* shouldn't be used to manipulate rdbx internal values. use the rdbx
* api instead!
*/
/*
- * rdbx_get_ws(rdbx_ptr)
+ * srtp_rdbx_get_ws(rdbx_ptr)
*
* gets the window size which was used to initialize the rdbx
*/
-
-unsigned long
-rdbx_get_window_size(const rdbx_t *rdbx);
+unsigned long srtp_rdbx_get_window_size(const srtp_rdbx_t *rdbx);
/* index_init(&pi) initializes a packet index pi (sets it to zero) */
-
-void
-index_init(xtd_seq_num_t *pi);
+void srtp_index_init(srtp_xtd_seq_num_t *pi);
/* index_advance(&pi, s) advances a xtd_seq_num_t forward by s */
-
-void
-index_advance(xtd_seq_num_t *pi, sequence_number_t s);
+void srtp_index_advance(srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s);
/*
- * index_guess(local, guess, s)
- *
- * given a xtd_seq_num_t local (which represents the highest
+ * srtp_index_guess(local, guess, s)
+ *
+ * given a srtp_xtd_seq_num_t local (which represents the highest
* known-to-be-good index) and a sequence number s (from a newly
* arrived packet), sets the contents of *guess to contain the best
* guess of the packet index to which s corresponds, and returns the
* difference between *guess and *local
*/
+int32_t srtp_index_guess(const srtp_xtd_seq_num_t *local, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s);
-int
-index_guess(const xtd_seq_num_t *local,
- xtd_seq_num_t *guess,
- sequence_number_t s);
-
-
-#endif /* RDBX_H */
-
-
-
-
-
-
+/*
+ * srtp_rdbx_get_roc(rdbx)
+ *
+ * Get the current rollover counter
+ *
+ */
+uint32_t srtp_rdbx_get_roc(const srtp_rdbx_t *rdbx);
+/*
+ * srtp_rdbx_set_roc_seq(rdbx, roc, seq) initalizes the srtp_rdbx_t at the
+ * location rdbx to have the rollover counter value roc and packet sequence
+ * number seq. If the new rollover counter value is less than the current
+ * rollover counter value, then the function returns
+ * srtp_err_status_replay_old, otherwise, srtp_err_status_ok is returned.
+ */
+srtp_err_status_t srtp_rdbx_set_roc_seq (srtp_rdbx_t *rdbx,
+ uint32_t roc,
+ uint16_t seq);
+#ifdef __cplusplus
+}
+#endif
+#endif /* RDBX_H */
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
#ifndef SHA1_H
#define SHA1_H
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "err.h"
#ifdef OPENSSL
#include <openssl/evp.h>
+#include <stdint.h>
+#else
+#include "datatypes.h"
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
-typedef EVP_MD_CTX sha1_ctx_t;
+#ifdef OPENSSL
/*
- * sha1_init(&ctx) initializes the SHA1 context ctx
+ * srtp_sha1_init(&ctx) initializes the SHA1 context ctx
*
- * sha1_update(&ctx, msg, len) hashes the len octets starting at msg
+ * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg
* into the SHA1 context
*
- * sha1_final(&ctx, output) performs the final processing of the SHA1
+ * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1
* context and writes the result to the 20 octets at output
*
* Return values are ignored on the EVP functions since all three
*
*/
-static inline void sha1_init (sha1_ctx_t *ctx)
+/* OpenSSL 1.1.0 made EVP_MD_CTX an opaque structure, which must be allocated
+ using EVP_MD_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+typedef EVP_MD_CTX srtp_sha1_ctx_t;
+
+static inline void srtp_sha1_init (srtp_sha1_ctx_t *ctx)
{
EVP_MD_CTX_init(ctx);
EVP_DigestInit(ctx, EVP_sha1());
}
-static inline void sha1_update (sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
+static inline void srtp_sha1_update (srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
{
EVP_DigestUpdate(ctx, M, octets_in_msg);
}
-static inline void sha1_final (sha1_ctx_t *ctx, uint32_t *output)
+static inline void srtp_sha1_final (srtp_sha1_ctx_t *ctx, uint32_t *output)
{
unsigned int len = 0;
EVP_DigestFinal(ctx, (unsigned char*)output, &len);
+ EVP_MD_CTX_cleanup(ctx);
}
+
#else
-#include "datatypes.h"
-typedef struct {
- uint32_t H[5]; /* state vector */
- uint32_t M[16]; /* message buffer */
- int octets_in_buffer; /* octets of message in buffer */
- uint32_t num_bits_in_msg; /* total number of bits in message */
-} sha1_ctx_t;
+typedef EVP_MD_CTX* srtp_sha1_ctx_t;
-/*
- * sha1(&ctx, msg, len, output) hashes the len octets starting at msg
- * into the SHA1 context, then writes the result to the 20 octets at
- * output
- *
- */
+static inline void srtp_sha1_init (srtp_sha1_ctx_t *ctx)
+{
+ *ctx = EVP_MD_CTX_new();
+ EVP_DigestInit(*ctx, EVP_sha1());
+}
+
+static inline void srtp_sha1_update (srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
+{
+ EVP_DigestUpdate(*ctx, M, octets_in_msg);
+}
+
+static inline void srtp_sha1_final (srtp_sha1_ctx_t *ctx, uint32_t *output)
+{
+ unsigned int len = 0;
+
+ EVP_DigestFinal(*ctx, (unsigned char*)output, &len);
+ EVP_MD_CTX_free(*ctx);
+}
+#endif
+
+#else
+
+typedef struct {
+ uint32_t H[5]; /* state vector */
+ uint32_t M[16]; /* message buffer */
+ int octets_in_buffer; /* octets of message in buffer */
+ uint32_t num_bits_in_msg; /* total number of bits in message */
+} srtp_sha1_ctx_t;
-void
-sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]);
/*
- * sha1_init(&ctx) initializes the SHA1 context ctx
- *
- * sha1_update(&ctx, msg, len) hashes the len octets starting at msg
+ * srtp_sha1_init(&ctx) initializes the SHA1 context ctx
+ *
+ * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg
* into the SHA1 context
- *
- * sha1_final(&ctx, output) performs the final processing of the SHA1
+ *
+ * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1
* context and writes the result to the 20 octets at output
*
*/
+void srtp_sha1_init(srtp_sha1_ctx_t *ctx);
-void
-sha1_init(sha1_ctx_t *ctx);
-
-void
-sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
+void srtp_sha1_update(srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
-void
-sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
+void srtp_sha1_final(srtp_sha1_ctx_t * ctx, uint32_t output[5]);
/*
- * The sha1_core function is INTERNAL to SHA-1, but it is declared
+ * The srtp_sha1_core function is INTERNAL to SHA-1, but it is declared
* here because it is also used by the cipher SEAL 3.0 in its key
- * setup algorithm.
+ * setup algorithm.
*/
/*
- * sha1_core(M, H) computes the core sha1 compression function, where M is
+ * srtp_sha1_core(M, H) computes the core sha1 compression function, where M is
* the next part of the message and H is the intermediate state {H0,
* H1, ...}
*
* this function does not do any of the padding required in the
* complete sha1 function
*/
-
-void
-sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
+void srtp_sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
#endif /* else OPENSSL */
-
+
+#ifdef __cplusplus
+}
+#endif
+
#endif /* SHA1_H */
/*
*
- * Copyright(c) 2001-2006, Cisco Systems, Inc.
+ * Copyright(c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#define STAT_H
#include "datatypes.h" /* for uint8_t */
-#include "err.h" /* for err_status_t */
-#include "rand_source.h" /* for rand_source_func_t definition */
+#include "err.h" /* for srtp_err_status_t */
-err_status_t
-stat_test_monobit(uint8_t *data);
+#ifdef __cplusplus
+extern "C" {
+#endif
-err_status_t
-stat_test_poker(uint8_t *data);
+srtp_err_status_t stat_test_monobit(uint8_t *data);
-err_status_t
-stat_test_runs(uint8_t *data);
+srtp_err_status_t stat_test_poker(uint8_t *data);
-err_status_t
-stat_test_rand_source(rand_source_func_t rs);
+srtp_err_status_t stat_test_runs(uint8_t *data);
-err_status_t
-stat_test_rand_source_with_repetition(rand_source_func_t source, unsigned num_trials);
+#ifdef __cplusplus
+}
+#endif
#endif /* STAT_H */
+++ /dev/null
-/*
- * xfm.h
- *
- * interface for abstract crypto transform
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-#ifndef XFM_H
-#define XFM_H
-
-#include "crypto_kernel.h"
-#include "err.h"
-
-/**
- * @defgroup Crypto Cryptography
- *
- * A simple interface to an abstract cryptographic transform that
- * provides both confidentiality and message authentication.
- *
- * @{
- */
-
-/**
- * @brief applies a crypto transform
- *
- * The function pointer xfm_func_t points to a function that
- * implements a crypto transform, and provides a uniform API for
- * accessing crypto mechanisms.
- *
- * @param key location of secret key
- *
- * @param clear data to be authenticated only
- *
- * @param clear_len length of data to be authenticated only
- *
- * @param iv location to write the Initialization Vector (IV)
- *
- * @param protect location of the data to be encrypted and
- * authenticated (before the function call), and the ciphertext
- * and authentication tag (after the call)
- *
- * @param protected_len location of the length of the data to be
- * encrypted and authenticated (before the function call), and the
- * length of the ciphertext (after the call)
- *
- * @param auth_tag location to write auth tag
- */
-
-typedef err_status_t (*xfm_func_t)
- (void *key,
- void *clear,
- unsigned clear_len,
- void *iv,
- void *protect,
- unsigned *protected_len,
- void *auth_tag
- );
-
-typedef
-err_status_t (*xfm_inv_t)
- (void *key, /* location of secret key */
- void *clear, /* data to be authenticated only */
- unsigned clear_len, /* length of data to be authenticated only */
- void *iv, /* location of iv */
- void *opaque, /* data to be decrypted and authenticated */
- unsigned *opaque_len, /* location of the length of data to be
- * decrypted and authd (before and after)
- */
- void *auth_tag /* location of auth tag */
- );
-
-typedef struct xfm_ctx_t {
- xfm_func_t func;
- xfm_inv_t inv;
- unsigned key_len;
- unsigned iv_len;
- unsigned auth_tag_len;
-} xfm_ctx_t;
-
-typedef xfm_ctx_t *xfm_t;
-
-#define xfm_get_key_len(xfm) ((xfm)->key_len)
-
-#define xfm_get_iv_len(xfm) ((xfm)->iv_len)
-
-#define xfm_get_auth_tag_len(xfm) ((xfm)->auth_tag_len)
-
-
-/* cryptoalgo - 5/28 */
-
-typedef err_status_t (*cryptoalg_func_t)
- (void *key,
- void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len
- );
-
-typedef
-err_status_t (*cryptoalg_inv_t)
- (void *key, /* location of secret key */
- void *clear, /* data to be authenticated only */
- unsigned clear_len, /* length of data to be authenticated only */
- void *iv, /* location of iv */
- void *opaque, /* data to be decrypted and authenticated */
- unsigned *opaque_len /* location of the length of data to be
- * decrypted and authd (before and after)
- */
- );
-
-typedef struct cryptoalg_ctx_t {
- cryptoalg_func_t enc;
- cryptoalg_inv_t dec;
- unsigned key_len;
- unsigned iv_len;
- unsigned auth_tag_len;
- unsigned max_expansion;
-} cryptoalg_ctx_t;
-
-typedef cryptoalg_ctx_t *cryptoalg_t;
-
-#define cryptoalg_get_key_len(cryptoalg) ((cryptoalg)->key_len)
-
-#define cryptoalg_get_iv_len(cryptoalg) ((cryptoalg)->iv_len)
-
-#define cryptoalg_get_auth_tag_len(cryptoalg) ((cryptoalg)->auth_tag_len)
-
-
-
-/**
- * @}
- */
-
-#endif /* XFM_H */
-
-
*/
/*
*
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "alloc.h"
#include "crypto_kernel.h"
/* the debug module for memory allocation */
-debug_module_t mod_alloc = {
+srtp_debug_module_t mod_alloc = {
0, /* debugging is off by default */
"alloc" /* printable name for module */
};
/*
- * Nota bene: the debugging statements for crypto_alloc() and
- * crypto_free() have identical prefixes, which include the addresses
+ * Nota bene: the debugging statements for srtp_crypto_alloc() and
+ * srtp_crypto_free() have identical prefixes, which include the addresses
* of the memory locations on which they are operating. This fact can
* be used to locate memory leaks, by turning on memory debugging,
* grepping for 'alloc', then matching alloc and free calls by
* address.
*/
-#ifdef SRTP_KERNEL_LINUX
-
-#include <linux/interrupt.h>
+#if defined(HAVE_STDLIB_H)
-void *
-crypto_alloc(size_t size) {
+void * srtp_crypto_alloc(size_t size) {
void *ptr;
- ptr = kmalloc(size, in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
-
+ ptr = malloc(size);
+
if (ptr) {
debug_print(mod_alloc, "(location: %p) allocated", ptr);
} else {
return ptr;
}
-void
-crypto_free(void *ptr) {
-
- debug_print(mod_alloc, "(location: %p) freed", ptr);
-
- kfree(ptr);
-}
-
-
-#elif defined(HAVE_STDLIB_H)
-
-void *
-crypto_alloc(size_t size) {
- void *ptr;
-
- ptr = malloc(size);
-
- if (ptr) {
- debug_print(mod_alloc, "(location: %p) allocated", ptr);
- } else
- debug_print(mod_alloc, "allocation failed (asked for %d bytes)\n", size);
-
- return ptr;
-}
-
-void
-crypto_free(void *ptr) {
+void srtp_crypto_free(void *ptr) {
debug_print(mod_alloc, "(location: %p) freed", ptr);
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright(c) 2001-2006,2013 Cisco Systems, Inc.
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "alloc.h"
#include "crypto_kernel.h"
/* the debug module for the crypto_kernel */
-debug_module_t mod_crypto_kernel = {
- 0, /* debugging is off by default */
- "crypto kernel" /* printable name for module */
+srtp_debug_module_t srtp_mod_crypto_kernel = {
+ 0, /* debugging is off by default */
+ "crypto kernel" /* printable name for module */
};
/*
- * other debug modules that can be included in the kernel
+ * other generic debug modules that can be included in the kernel
*/
-extern debug_module_t mod_auth;
-extern debug_module_t mod_cipher;
-extern debug_module_t mod_stat;
-extern debug_module_t mod_alloc;
+extern srtp_debug_module_t srtp_mod_auth;
+extern srtp_debug_module_t srtp_mod_cipher;
+extern srtp_debug_module_t mod_stat;
+extern srtp_debug_module_t mod_alloc;
-/*
+/*
* cipher types that can be included in the kernel
- */
-
-extern cipher_type_t null_cipher;
-extern cipher_type_t aes_icm;
-#ifndef OPENSSL
-extern cipher_type_t aes_cbc;
-#else
-extern cipher_type_t aes_gcm_128_openssl;
-extern cipher_type_t aes_gcm_256_openssl;
+ */
+
+extern srtp_cipher_type_t srtp_null_cipher;
+extern srtp_cipher_type_t srtp_aes_icm_128;
+extern srtp_cipher_type_t srtp_aes_icm_256;
+#ifdef OPENSSL
+extern srtp_cipher_type_t srtp_aes_icm_192;
+extern srtp_cipher_type_t srtp_aes_gcm_128_openssl;
+extern srtp_cipher_type_t srtp_aes_gcm_256_openssl;
#endif
+/* debug modules for cipher types */
+extern srtp_debug_module_t srtp_mod_aes_icm;
+#ifdef OPENSSL
+extern srtp_debug_module_t srtp_mod_aes_gcm;
+#endif
/*
* auth func types that can be included in the kernel
*/
-extern auth_type_t null_auth;
-extern auth_type_t hmac;
+extern srtp_auth_type_t srtp_null_auth;
+extern srtp_auth_type_t srtp_hmac;
+
+/* debug modules for auth types */
+extern srtp_debug_module_t srtp_mod_hmac;
/* crypto_kernel is a global variable, the only one of its datatype */
-crypto_kernel_t
-crypto_kernel = {
- crypto_kernel_state_insecure, /* start off in insecure state */
- NULL, /* no cipher types yet */
- NULL, /* no auth types yet */
- NULL /* no debug modules yet */
+srtp_crypto_kernel_t crypto_kernel = {
+ srtp_crypto_kernel_state_insecure, /* start off in insecure state */
+ NULL, /* no cipher types yet */
+ NULL, /* no auth types yet */
+ NULL /* no debug modules yet */
};
#define MAX_RNG_TRIALS 25
-err_status_t
-crypto_kernel_init() {
- err_status_t status;
+srtp_err_status_t srtp_crypto_kernel_init ()
+{
+ srtp_err_status_t status;
- /* check the security state */
- if (crypto_kernel.state == crypto_kernel_state_secure) {
-
- /*
- * we're already in the secure state, but we've been asked to
- * re-initialize, so we just re-run the self-tests and then return
- */
- return crypto_kernel_status();
- }
-
- /* initialize error reporting system */
- status = err_reporting_init("crypto");
- if (status)
- return status;
-
- /* load debug modules */
- status = crypto_kernel_load_debug_module(&mod_crypto_kernel);
- if (status)
- return status;
- status = crypto_kernel_load_debug_module(&mod_auth);
- if (status)
- return status;
- status = crypto_kernel_load_debug_module(&mod_cipher);
- if (status)
- return status;
- status = crypto_kernel_load_debug_module(&mod_stat);
- if (status)
- return status;
- status = crypto_kernel_load_debug_module(&mod_alloc);
- if (status)
- return status;
-
- /* initialize random number generator */
- status = rand_source_init();
- if (status)
- return status;
-
- /* run FIPS-140 statistical tests on rand_source */
- status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS);
- if (status)
- return status;
-
-#ifndef OPENSSL
- /* initialize pseudorandom number generator */
- status = ctr_prng_init(rand_source_get_octet_string);
- if (status)
- return status;
-
- /* run FIPS-140 statistical tests on ctr_prng */
- status = stat_test_rand_source_with_repetition(ctr_prng_get_octet_string, MAX_RNG_TRIALS);
- if (status)
- return status;
-#endif
-
- /* load cipher types */
- status = crypto_kernel_load_cipher_type(&null_cipher, NULL_CIPHER);
- if (status)
- return status;
- status = crypto_kernel_load_cipher_type(&aes_icm, AES_ICM);
- if (status)
- return status;
-#ifndef OPENSSL
- status = crypto_kernel_load_cipher_type(&aes_cbc, AES_CBC);
- if (status)
- return status;
-#else
- status = crypto_kernel_load_cipher_type(&aes_gcm_128_openssl, AES_128_GCM);
- if (status) {
- return status;
- }
- status = crypto_kernel_load_cipher_type(&aes_gcm_256_openssl, AES_256_GCM);
- if (status) {
- return status;
- }
-#endif
+ /* check the security state */
+ if (crypto_kernel.state == srtp_crypto_kernel_state_secure) {
- /* load auth func types */
- status = crypto_kernel_load_auth_type(&null_auth, NULL_AUTH);
- if (status)
- return status;
- status = crypto_kernel_load_auth_type(&hmac, HMAC_SHA1);
- if (status)
- return status;
+ /*
+ * we're already in the secure state, but we've been asked to
+ * re-initialize, so we just re-run the self-tests and then return
+ */
+ return srtp_crypto_kernel_status();
+ }
- /* change state to secure */
- crypto_kernel.state = crypto_kernel_state_secure;
+ /* initialize error reporting system */
+ status = srtp_err_reporting_init();
+ if (status) {
+ return status;
+ }
- return err_status_ok;
-}
+ /* load debug modules */
+ status = srtp_crypto_kernel_load_debug_module(&srtp_mod_crypto_kernel);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_debug_module(&srtp_mod_auth);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_debug_module(&srtp_mod_cipher);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_debug_module(&mod_stat);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_debug_module(&mod_alloc);
+ if (status) {
+ return status;
+ }
-err_status_t
-crypto_kernel_status() {
- err_status_t status;
- kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
- kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
- kernel_debug_module_t *dm = crypto_kernel.debug_module_list;
-
- /* run FIPS-140 statistical tests on rand_source */
- printf("testing rand_source...");
- status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS);
- if (status) {
- printf("failed\n");
- crypto_kernel.state = crypto_kernel_state_insecure;
- return status;
- }
- printf("passed\n");
-
- /* for each cipher type, describe and test */
- while(ctype != NULL) {
- printf("cipher: %s\n", ctype->cipher_type->description);
- printf(" instance count: %d\n", ctype->cipher_type->ref_count);
- printf(" self-test: ");
- status = cipher_type_self_test(ctype->cipher_type);
+ /* load cipher types */
+ status = srtp_crypto_kernel_load_cipher_type(&srtp_null_cipher, SRTP_NULL_CIPHER);
if (status) {
- printf("failed with error code %d\n", status);
- exit(status);
- }
- printf("passed\n");
- ctype = ctype->next;
- }
-
- /* for each auth type, describe and test */
- while(atype != NULL) {
- printf("auth func: %s\n", atype->auth_type->description);
- printf(" instance count: %d\n", atype->auth_type->ref_count);
- printf(" self-test: ");
- status = auth_type_self_test(atype->auth_type);
+ return status;
+ }
+ status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_128, SRTP_AES_ICM_128);
if (status) {
- printf("failed with error code %d\n", status);
- exit(status);
- }
- printf("passed\n");
- atype = atype->next;
- }
-
- /* describe each debug module */
- printf("debug modules loaded:\n");
- while (dm != NULL) {
- printf(" %s ", dm->mod->name);
- if (dm->mod->on)
- printf("(on)\n");
- else
- printf("(off)\n");
- dm = dm->next;
- }
-
- return err_status_ok;
+ return status;
+ }
+ status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_256, SRTP_AES_ICM_256);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_debug_module(&srtp_mod_aes_icm);
+ if (status) {
+ return status;
+ }
+#ifdef OPENSSL
+ status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_192, SRTP_AES_ICM_192);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_128_openssl, SRTP_AES_GCM_128);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_256_openssl, SRTP_AES_GCM_256);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_debug_module(&srtp_mod_aes_gcm);
+ if (status) {
+ return status;
+ }
+#endif
+
+ /* load auth func types */
+ status = srtp_crypto_kernel_load_auth_type(&srtp_null_auth, SRTP_NULL_AUTH);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_auth_type(&srtp_hmac, SRTP_HMAC_SHA1);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_debug_module(&srtp_mod_hmac);
+ if (status) {
+ return status;
+ }
+
+ /* change state to secure */
+ crypto_kernel.state = srtp_crypto_kernel_state_secure;
+
+ return srtp_err_status_ok;
}
-err_status_t
-crypto_kernel_list_debug_modules() {
- kernel_debug_module_t *dm = crypto_kernel.debug_module_list;
-
- /* describe each debug module */
- printf("debug modules loaded:\n");
- while (dm != NULL) {
- printf(" %s ", dm->mod->name);
- if (dm->mod->on)
- printf("(on)\n");
- else
- printf("(off)\n");
- dm = dm->next;
- }
-
- return err_status_ok;
+srtp_err_status_t srtp_crypto_kernel_status ()
+{
+ srtp_err_status_t status;
+ srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
+ srtp_kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
+
+ /* for each cipher type, describe and test */
+ while (ctype != NULL) {
+ srtp_err_report(srtp_err_level_info, "cipher: %s\n", ctype->cipher_type->description);
+ srtp_err_report(srtp_err_level_info, " self-test: ");
+ status = srtp_cipher_type_self_test(ctype->cipher_type);
+ if (status) {
+ srtp_err_report(srtp_err_level_error, "failed with error code %d\n", status);
+ exit(status);
+ }
+ srtp_err_report(srtp_err_level_info, "passed\n");
+ ctype = ctype->next;
+ }
+
+ /* for each auth type, describe and test */
+ while (atype != NULL) {
+ srtp_err_report(srtp_err_level_info, "auth func: %s\n", atype->auth_type->description);
+ srtp_err_report(srtp_err_level_info, " self-test: ");
+ status = srtp_auth_type_self_test(atype->auth_type);
+ if (status) {
+ srtp_err_report(srtp_err_level_error, "failed with error code %d\n", status);
+ exit(status);
+ }
+ srtp_err_report(srtp_err_level_info, "passed\n");
+ atype = atype->next;
+ }
+
+ srtp_crypto_kernel_list_debug_modules();
+
+ return srtp_err_status_ok;
}
-err_status_t
-crypto_kernel_shutdown() {
- err_status_t status;
-
- /*
- * free dynamic memory used in crypto_kernel at present
- */
-
- /* walk down cipher type list, freeing memory */
- while (crypto_kernel.cipher_type_list != NULL) {
- kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
- crypto_kernel.cipher_type_list = ctype->next;
- debug_print(mod_crypto_kernel,
- "freeing memory for cipher %s",
- ctype->cipher_type->description);
- crypto_free(ctype);
- }
-
- /* walk down authetication module list, freeing memory */
- while (crypto_kernel.auth_type_list != NULL) {
- kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
- crypto_kernel.auth_type_list = atype->next;
- debug_print(mod_crypto_kernel,
- "freeing memory for authentication %s",
- atype->auth_type->description);
- crypto_free(atype);
- }
-
- /* walk down debug module list, freeing memory */
- while (crypto_kernel.debug_module_list != NULL) {
- kernel_debug_module_t *kdm = crypto_kernel.debug_module_list;
- crypto_kernel.debug_module_list = kdm->next;
- debug_print(mod_crypto_kernel,
- "freeing memory for debug module %s",
- kdm->mod->name);
- crypto_free(kdm);
- }
-
- /* de-initialize random number generator */ status = rand_source_deinit();
- if (status)
- return status;
-
- /* return to insecure state */
- crypto_kernel.state = crypto_kernel_state_insecure;
-
- return err_status_ok;
+srtp_err_status_t srtp_crypto_kernel_list_debug_modules ()
+{
+ srtp_kernel_debug_module_t *dm = crypto_kernel.debug_module_list;
+
+ /* describe each debug module */
+ srtp_err_report(srtp_err_level_info, "debug modules loaded:\n");
+ while (dm != NULL) {
+ srtp_err_report(srtp_err_level_info, " %s ", dm->mod->name);
+ if (dm->mod->on) {
+ srtp_err_report(srtp_err_level_info, "(on)\n");
+ } else{
+ srtp_err_report(srtp_err_level_info, "(off)\n");
+ }
+ dm = dm->next;
+ }
+
+ return srtp_err_status_ok;
}
-static inline err_status_t
-crypto_kernel_do_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id,
- int replace) {
- kernel_cipher_type_t *ctype, *new_ctype = 0;
- err_status_t status;
-
- /* defensive coding */
- if (new_ct == NULL)
- return err_status_bad_param;
-
- if (new_ct->id != id)
- return err_status_bad_param;
-
- /* check cipher type by running self-test */
- status = cipher_type_self_test(new_ct);
- if (status) {
- return status;
- }
-
- /* walk down list, checking if this type is in the list already */
- ctype = crypto_kernel.cipher_type_list;
- while (ctype != NULL) {
- if (id == ctype->id) {
- if (!replace)
- return err_status_bad_param;
- status = cipher_type_test(new_ct, ctype->cipher_type->test_data);
- if (status)
- return status;
- new_ctype = ctype;
- break;
- }
- else if (new_ct == ctype->cipher_type)
- return err_status_bad_param;
- ctype = ctype->next;
- }
-
- /* if not found, put new_ct at the head of the list */
- if (ctype == NULL) {
- /* allocate memory */
- new_ctype = (kernel_cipher_type_t *) crypto_alloc(sizeof(kernel_cipher_type_t));
- if (new_ctype == NULL)
- return err_status_alloc_fail;
- new_ctype->next = crypto_kernel.cipher_type_list;
+srtp_err_status_t srtp_crypto_kernel_shutdown ()
+{
+ /*
+ * free dynamic memory used in crypto_kernel at present
+ */
- /* set head of list to new cipher type */
- crypto_kernel.cipher_type_list = new_ctype;
- }
-
- /* set fields */
- new_ctype->cipher_type = new_ct;
- new_ctype->id = id;
-
- /* load debug module, if there is one present */
- if (new_ct->debug != NULL)
- crypto_kernel_load_debug_module(new_ct->debug);
- /* we could check for errors here */
-
- return err_status_ok;
+ /* walk down cipher type list, freeing memory */
+ while (crypto_kernel.cipher_type_list != NULL) {
+ srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
+ crypto_kernel.cipher_type_list = ctype->next;
+ debug_print(srtp_mod_crypto_kernel,
+ "freeing memory for cipher %s",
+ ctype->cipher_type->description);
+ srtp_crypto_free(ctype);
+ }
+
+ /* walk down authetication module list, freeing memory */
+ while (crypto_kernel.auth_type_list != NULL) {
+ srtp_kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
+ crypto_kernel.auth_type_list = atype->next;
+ debug_print(srtp_mod_crypto_kernel,
+ "freeing memory for authentication %s",
+ atype->auth_type->description);
+ srtp_crypto_free(atype);
+ }
+
+ /* walk down debug module list, freeing memory */
+ while (crypto_kernel.debug_module_list != NULL) {
+ srtp_kernel_debug_module_t *kdm = crypto_kernel.debug_module_list;
+ crypto_kernel.debug_module_list = kdm->next;
+ debug_print(srtp_mod_crypto_kernel,
+ "freeing memory for debug module %s",
+ kdm->mod->name);
+ srtp_crypto_free(kdm);
+ }
+
+ /* return to insecure state */
+ crypto_kernel.state = srtp_crypto_kernel_state_insecure;
+
+ return srtp_err_status_ok;
}
-err_status_t
-crypto_kernel_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) {
- return crypto_kernel_do_load_cipher_type(new_ct, id, 0);
+static inline srtp_err_status_t srtp_crypto_kernel_do_load_cipher_type (const srtp_cipher_type_t *new_ct, srtp_cipher_type_id_t id, int replace)
+{
+ srtp_kernel_cipher_type_t *ctype, *new_ctype;
+ srtp_err_status_t status;
+
+ /* defensive coding */
+ if (new_ct == NULL) {
+ return srtp_err_status_bad_param;
+ }
+
+ if (new_ct->id != id) {
+ return srtp_err_status_bad_param;
+ }
+
+ /* check cipher type by running self-test */
+ status = srtp_cipher_type_self_test(new_ct);
+ if (status) {
+ return status;
+ }
+
+ /* walk down list, checking if this type is in the list already */
+ ctype = crypto_kernel.cipher_type_list;
+ while (ctype != NULL) {
+ if (id == ctype->id) {
+ if (!replace) {
+ return srtp_err_status_bad_param;
+ }
+ status = srtp_cipher_type_test(new_ct, ctype->cipher_type->test_data);
+ if (status) {
+ return status;
+ }
+ new_ctype = ctype;
+ break;
+ }else if (new_ct == ctype->cipher_type) {
+ return srtp_err_status_bad_param;
+ }
+ ctype = ctype->next;
+ }
+
+ /* if not found, put new_ct at the head of the list */
+ if (ctype == NULL) {
+ /* allocate memory */
+ new_ctype = (srtp_kernel_cipher_type_t*)srtp_crypto_alloc(sizeof(srtp_kernel_cipher_type_t));
+ if (new_ctype == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+ new_ctype->next = crypto_kernel.cipher_type_list;
+
+ /* set head of list to new cipher type */
+ crypto_kernel.cipher_type_list = new_ctype;
+ }
+
+ /* set fields */
+ new_ctype->cipher_type = new_ct;
+ new_ctype->id = id;
+
+ return srtp_err_status_ok;
}
-err_status_t
-crypto_kernel_replace_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) {
- return crypto_kernel_do_load_cipher_type(new_ct, id, 1);
+srtp_err_status_t srtp_crypto_kernel_load_cipher_type (const srtp_cipher_type_t *new_ct, srtp_cipher_type_id_t id)
+{
+ return srtp_crypto_kernel_do_load_cipher_type(new_ct, id, 0);
}
-err_status_t
-crypto_kernel_do_load_auth_type(auth_type_t *new_at, auth_type_id_t id,
- int replace) {
- kernel_auth_type_t *atype, *new_atype = 0;
- err_status_t status;
-
- /* defensive coding */
- if (new_at == NULL)
- return err_status_bad_param;
-
- if (new_at->id != id)
- return err_status_bad_param;
-
- /* check auth type by running self-test */
- status = auth_type_self_test(new_at);
- if (status) {
- return status;
- }
-
- /* walk down list, checking if this type is in the list already */
- atype = crypto_kernel.auth_type_list;
- while (atype != NULL) {
- if (id == atype->id) {
- if (!replace)
- return err_status_bad_param;
- status = auth_type_test(new_at, atype->auth_type->test_data);
- if (status)
- return status;
- new_atype = atype;
- break;
- }
- else if (new_at == atype->auth_type)
- return err_status_bad_param;
- atype = atype->next;
- }
-
- /* if not found, put new_at at the head of the list */
- if (atype == NULL) {
- /* allocate memory */
- new_atype = (kernel_auth_type_t *)crypto_alloc(sizeof(kernel_auth_type_t));
- if (new_atype == NULL)
- return err_status_alloc_fail;
-
- new_atype->next = crypto_kernel.auth_type_list;
- /* set head of list to new auth type */
- crypto_kernel.auth_type_list = new_atype;
- }
-
- /* set fields */
- new_atype->auth_type = new_at;
- new_atype->id = id;
-
- /* load debug module, if there is one present */
- if (new_at->debug != NULL)
- crypto_kernel_load_debug_module(new_at->debug);
- /* we could check for errors here */
-
- return err_status_ok;
+srtp_err_status_t srtp_replace_cipher_type (const srtp_cipher_type_t *new_ct, srtp_cipher_type_id_t id)
+{
+ return srtp_crypto_kernel_do_load_cipher_type(new_ct, id, 1);
+}
+
+srtp_err_status_t srtp_crypto_kernel_do_load_auth_type (const srtp_auth_type_t *new_at, srtp_auth_type_id_t id, int replace)
+{
+ srtp_kernel_auth_type_t *atype, *new_atype;
+ srtp_err_status_t status;
+
+ /* defensive coding */
+ if (new_at == NULL) {
+ return srtp_err_status_bad_param;
+ }
+
+ if (new_at->id != id) {
+ return srtp_err_status_bad_param;
+ }
+
+ /* check auth type by running self-test */
+ status = srtp_auth_type_self_test(new_at);
+ if (status) {
+ return status;
+ }
+
+ /* walk down list, checking if this type is in the list already */
+ atype = crypto_kernel.auth_type_list;
+ while (atype != NULL) {
+ if (id == atype->id) {
+ if (!replace) {
+ return srtp_err_status_bad_param;
+ }
+ status = srtp_auth_type_test(new_at, atype->auth_type->test_data);
+ if (status) {
+ return status;
+ }
+ new_atype = atype;
+ break;
+ }else if (new_at == atype->auth_type) {
+ return srtp_err_status_bad_param;
+ }
+ atype = atype->next;
+ }
+
+ /* if not found, put new_at at the head of the list */
+ if (atype == NULL) {
+ /* allocate memory */
+ new_atype = (srtp_kernel_auth_type_t*)srtp_crypto_alloc(sizeof(srtp_kernel_auth_type_t));
+ if (new_atype == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+
+ new_atype->next = crypto_kernel.auth_type_list;
+ /* set head of list to new auth type */
+ crypto_kernel.auth_type_list = new_atype;
+ }
+
+ /* set fields */
+ new_atype->auth_type = new_at;
+ new_atype->id = id;
+
+ return srtp_err_status_ok;
}
-err_status_t
-crypto_kernel_load_auth_type(auth_type_t *new_at, auth_type_id_t id) {
- return crypto_kernel_do_load_auth_type(new_at, id, 0);
+srtp_err_status_t srtp_crypto_kernel_load_auth_type (const srtp_auth_type_t *new_at, srtp_auth_type_id_t id)
+{
+ return srtp_crypto_kernel_do_load_auth_type(new_at, id, 0);
}
-err_status_t
-crypto_kernel_replace_auth_type(auth_type_t *new_at, auth_type_id_t id) {
- return crypto_kernel_do_load_auth_type(new_at, id, 1);
+srtp_err_status_t srtp_replace_auth_type (const srtp_auth_type_t *new_at, srtp_auth_type_id_t id)
+{
+ return srtp_crypto_kernel_do_load_auth_type(new_at, id, 1);
}
-cipher_type_t *
-crypto_kernel_get_cipher_type(cipher_type_id_t id) {
- kernel_cipher_type_t *ctype;
-
- /* walk down list, looking for id */
- ctype = crypto_kernel.cipher_type_list;
- while (ctype != NULL) {
- if (id == ctype->id)
- return ctype->cipher_type;
- ctype = ctype->next;
- }
-
- /* haven't found the right one, indicate failure by returning NULL */
- return NULL;
-}
+const srtp_cipher_type_t * srtp_crypto_kernel_get_cipher_type (srtp_cipher_type_id_t id)
+{
+ srtp_kernel_cipher_type_t *ctype;
+ /* walk down list, looking for id */
+ ctype = crypto_kernel.cipher_type_list;
+ while (ctype != NULL) {
+ if (id == ctype->id) {
+ return ctype->cipher_type;
+ }
+ ctype = ctype->next;
+ }
-err_status_t
-crypto_kernel_alloc_cipher(cipher_type_id_t id,
- cipher_pointer_t *cp,
- int key_len,
- int tag_len) {
- cipher_type_t *ct;
-
- /*
- * if the crypto_kernel is not yet initialized, we refuse to allocate
- * any ciphers - this is a bit extra-paranoid
- */
- if (crypto_kernel.state != crypto_kernel_state_secure)
- return err_status_init_fail;
-
- ct = crypto_kernel_get_cipher_type(id);
- if (!ct)
- return err_status_fail;
-
- return ((ct)->alloc(cp, key_len, tag_len));
+ /* haven't found the right one, indicate failure by returning NULL */
+ return NULL;
}
+srtp_err_status_t srtp_crypto_kernel_alloc_cipher (srtp_cipher_type_id_t id, srtp_cipher_pointer_t *cp, int key_len, int tag_len)
+{
+ const srtp_cipher_type_t *ct;
-auth_type_t *
-crypto_kernel_get_auth_type(auth_type_id_t id) {
- kernel_auth_type_t *atype;
-
- /* walk down list, looking for id */
- atype = crypto_kernel.auth_type_list;
- while (atype != NULL) {
- if (id == atype->id)
- return atype->auth_type;
- atype = atype->next;
- }
+ /*
+ * if the crypto_kernel is not yet initialized, we refuse to allocate
+ * any ciphers - this is a bit extra-paranoid
+ */
+ if (crypto_kernel.state != srtp_crypto_kernel_state_secure) {
+ return srtp_err_status_init_fail;
+ }
- /* haven't found the right one, indicate failure by returning NULL */
- return NULL;
+ ct = srtp_crypto_kernel_get_cipher_type(id);
+ if (!ct) {
+ return srtp_err_status_fail;
+ }
+
+ return ((ct)->alloc(cp, key_len, tag_len));
}
-err_status_t
-crypto_kernel_alloc_auth(auth_type_id_t id,
- auth_pointer_t *ap,
- int key_len,
- int tag_len) {
- auth_type_t *at;
-
- /*
- * if the crypto_kernel is not yet initialized, we refuse to allocate
- * any auth functions - this is a bit extra-paranoid
- */
- if (crypto_kernel.state != crypto_kernel_state_secure)
- return err_status_init_fail;
-
- at = crypto_kernel_get_auth_type(id);
- if (!at)
- return err_status_fail;
-
- return ((at)->alloc(ap, key_len, tag_len));
+
+
+const srtp_auth_type_t * srtp_crypto_kernel_get_auth_type (srtp_auth_type_id_t id)
+{
+ srtp_kernel_auth_type_t *atype;
+
+ /* walk down list, looking for id */
+ atype = crypto_kernel.auth_type_list;
+ while (atype != NULL) {
+ if (id == atype->id) {
+ return atype->auth_type;
+ }
+ atype = atype->next;
+ }
+
+ /* haven't found the right one, indicate failure by returning NULL */
+ return NULL;
}
-err_status_t
-crypto_kernel_load_debug_module(debug_module_t *new_dm) {
- kernel_debug_module_t *kdm, *new;
-
- /* defensive coding */
- if (new_dm == NULL)
- return err_status_bad_param;
-
- /* walk down list, checking if this type is in the list already */
- kdm = crypto_kernel.debug_module_list;
- while (kdm != NULL) {
- if (strncmp(new_dm->name, kdm->mod->name, 64) == 0)
- return err_status_bad_param;
- kdm = kdm->next;
- }
-
- /* put new_dm at the head of the list */
- /* allocate memory */
- new = (kernel_debug_module_t *)crypto_alloc(sizeof(kernel_debug_module_t));
- if (new == NULL)
- return err_status_alloc_fail;
-
- /* set fields */
- new->mod = new_dm;
- new->next = crypto_kernel.debug_module_list;
-
- /* set head of list to new cipher type */
- crypto_kernel.debug_module_list = new;
-
- return err_status_ok;
+srtp_err_status_t srtp_crypto_kernel_alloc_auth (srtp_auth_type_id_t id, srtp_auth_pointer_t *ap, int key_len, int tag_len)
+{
+ const srtp_auth_type_t *at;
+
+ /*
+ * if the crypto_kernel is not yet initialized, we refuse to allocate
+ * any auth functions - this is a bit extra-paranoid
+ */
+ if (crypto_kernel.state != srtp_crypto_kernel_state_secure) {
+ return srtp_err_status_init_fail;
+ }
+
+ at = srtp_crypto_kernel_get_auth_type(id);
+ if (!at) {
+ return srtp_err_status_fail;
+ }
+
+ return ((at)->alloc(ap, key_len, tag_len));
}
-err_status_t
-crypto_kernel_set_debug_module(char *name, int on) {
- kernel_debug_module_t *kdm;
-
- /* walk down list, checking if this type is in the list already */
- kdm = crypto_kernel.debug_module_list;
- while (kdm != NULL) {
- if (strncmp(name, kdm->mod->name, 64) == 0) {
- kdm->mod->on = on;
- return err_status_ok;
- }
- kdm = kdm->next;
- }
-
- return err_status_fail;
+srtp_err_status_t srtp_crypto_kernel_load_debug_module (srtp_debug_module_t *new_dm)
+{
+ srtp_kernel_debug_module_t *kdm, *new;
+
+ /* defensive coding */
+ if (new_dm == NULL) {
+ return srtp_err_status_bad_param;
+ }
+
+ /* walk down list, checking if this type is in the list already */
+ kdm = crypto_kernel.debug_module_list;
+ while (kdm != NULL) {
+ if (strncmp(new_dm->name, kdm->mod->name, 64) == 0) {
+ return srtp_err_status_bad_param;
+ }
+ kdm = kdm->next;
+ }
+
+ /* put new_dm at the head of the list */
+ /* allocate memory */
+ new = (srtp_kernel_debug_module_t*)srtp_crypto_alloc(sizeof(srtp_kernel_debug_module_t));
+ if (new == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+
+ /* set fields */
+ new->mod = new_dm;
+ new->next = crypto_kernel.debug_module_list;
+
+ /* set head of list to new cipher type */
+ crypto_kernel.debug_module_list = new;
+
+ return srtp_err_status_ok;
}
-err_status_t
-crypto_get_random(unsigned char *buffer, unsigned int length) {
- if (crypto_kernel.state == crypto_kernel_state_secure)
-#ifdef OPENSSL
- return rand_source_get_octet_string(buffer, length);
-#else
- return ctr_prng_get_octet_string(buffer, length);
-#endif
- else
- return err_status_fail;
+srtp_err_status_t srtp_crypto_kernel_set_debug_module (const char *name, int on)
+{
+ srtp_kernel_debug_module_t *kdm;
+
+ /* walk down list, checking if this type is in the list already */
+ kdm = crypto_kernel.debug_module_list;
+ while (kdm != NULL) {
+ if (strncmp(name, kdm->mod->name, 64) == 0) {
+ kdm->mod->on = on;
+ return srtp_err_status_ok;
+ }
+ kdm = kdm->next;
+ }
+
+ return srtp_err_status_fail;
}
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*
*/
-#include "err.h"
-
-#ifdef ERR_REPORTING_SYSLOG
-# ifdef HAVE_SYSLOG_H
-# include <syslog.h>
-# endif
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
#endif
+#include "err.h"
+#include "datatypes.h"
+#include <string.h>
-/* err_level reflects the level of errors that are reported */
-
-err_reporting_level_t err_level = err_level_none;
-
-#ifdef SRTP_KERNEL_LINUX
-err_status_t
-err_reporting_init(char *ident) {
-
- return err_status_ok;
-}
-
-#else /* SRTP_KERNEL_LINUX */
-
-/* err_file is the FILE to which errors are reported */
-
-static FILE *err_file = NULL;
+/* srtp_err_file is the FILE to which errors are reported */
-err_status_t
-err_reporting_init(char *ident) {
-#ifdef ERR_REPORTING_SYSLOG
- openlog(ident, LOG_PID, LOG_AUTHPRIV);
-#endif
-
- /*
- * Believe it or not, openlog doesn't return an error on failure.
- * But then, neither does the syslog() call...
- */
+static FILE *srtp_err_file = NULL;
+srtp_err_status_t srtp_err_reporting_init ()
+{
#ifdef ERR_REPORTING_STDOUT
- err_file = stdout;
-#elif defined(USE_ERR_REPORTING_FILE)
- /* open file for error reporting */
- err_file = fopen(ERR_REPORTING_FILE, "w");
- if (err_file == NULL)
- return err_status_init_fail;
+ srtp_err_file = stdout;
+#elif defined(ERR_REPORTING_FILE)
+ /* open file for error reporting */
+ srtp_err_file = fopen(ERR_REPORTING_FILE, "w");
+ if (srtp_err_file == NULL) {
+ return srtp_err_status_init_fail;
+ }
#endif
- return err_status_ok;
+ return srtp_err_status_ok;
}
-void
-err_report(int priority, char *format, ...) {
- va_list args;
-
- if (priority <= err_level) {
+static srtp_err_report_handler_func_t * srtp_err_report_handler = NULL;
- va_start(args, format);
- if (err_file != NULL) {
- vfprintf(err_file, format, args);
- /* fprintf(err_file, "\n"); */
- }
-#ifdef ERR_REPORTING_SYSLOG
- if (1) { /* FIXME: Make this a runtime option. */
- int syslogpri;
-
- switch (priority) {
- case err_level_emergency:
- syslogpri = LOG_EMERG;
- break;
- case err_level_alert:
- syslogpri = LOG_ALERT;
- break;
- case err_level_critical:
- syslogpri = LOG_CRIT;
- break;
- case err_level_error:
- syslogpri = LOG_ERR;
- break;
- case err_level_warning:
- syslogpri = LOG_WARNING;
- break;
- case err_level_notice:
- syslogpri = LOG_NOTICE;
- break;
- case err_level_info:
- syslogpri = LOG_INFO;
- break;
- case err_level_debug:
- case err_level_none:
- default:
- syslogpri = LOG_DEBUG;
- break;
- }
-
- vsyslog(syslogpri, format, args);
-#endif
- va_end(args);
- }
+srtp_err_status_t srtp_install_err_report_handler(srtp_err_report_handler_func_t func)
+{
+ srtp_err_report_handler = func;
+ return srtp_err_status_ok;
}
-#endif /* SRTP_KERNEL_LINUX */
-void
-err_reporting_set_level(err_reporting_level_t lvl) {
- err_level = lvl;
+void srtp_err_report (srtp_err_reporting_level_t level, const char *format, ...)
+{
+ va_list args;
+ if (srtp_err_file != NULL) {
+ va_start(args, format);
+ vfprintf(srtp_err_file, format, args);
+ va_end(args);
+ }
+ if (srtp_err_report_handler != NULL) {
+ va_start(args, format);
+ char msg[512];
+ if (vsnprintf(msg, sizeof(msg), format, args) > 0) {
+ /* strip trailing \n, callback should not have one */
+ size_t l = strlen(msg);
+ if (l && msg[l-1] == '\n') {
+ msg[l-1] = '\0';
+ }
+ srtp_err_report_handler(level, msg);
+ /*
+ * NOTE, need to be carefull, there is a potential that octet_string_set_to_zero() could
+ * call srtp_err_report() in the future, leading to recursion
+ */
+ octet_string_set_to_zero(msg, sizeof(msg));
+ }
+ va_end(args);
+ }
}
* key.c
*
* key usage limits enforcement
- *
+ *
* David A. Mcgrew
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "key.h"
#define soft_limit 0x10000
-err_status_t
-key_limit_set(key_limit_t key, const xtd_seq_num_t s) {
+srtp_err_status_t srtp_key_limit_set (srtp_key_limit_t key, const srtp_xtd_seq_num_t s)
+{
#ifdef NO_64BIT_MATH
- if (high32(s) == 0 && low32(s) < soft_limit)
- return err_status_bad_param;
+ if (high32(s) == 0 && low32(s) < soft_limit) {
+ return srtp_err_status_bad_param;
+ }
#else
- if (s < soft_limit)
- return err_status_bad_param;
+ if (s < soft_limit) {
+ return srtp_err_status_bad_param;
+ }
#endif
- key->num_left = s;
- key->state = key_state_normal;
- return err_status_ok;
+ key->num_left = s;
+ key->state = srtp_key_state_normal;
+ return srtp_err_status_ok;
}
-err_status_t
-key_limit_clone(key_limit_t original, key_limit_t *new_key) {
- if (original == NULL)
- return err_status_bad_param;
- *new_key = original;
- return err_status_ok;
+srtp_err_status_t srtp_key_limit_clone (srtp_key_limit_t original, srtp_key_limit_t *new_key)
+{
+ if (original == NULL) {
+ return srtp_err_status_bad_param;
+ }
+ *new_key = original;
+ return srtp_err_status_ok;
}
-err_status_t
-key_limit_check(const key_limit_t key) {
- if (key->state == key_state_expired)
- return err_status_key_expired;
- return err_status_ok;
+srtp_err_status_t srtp_key_limit_check (const srtp_key_limit_t key)
+{
+ if (key->state == srtp_key_state_expired) {
+ return srtp_err_status_key_expired;
+ }
+ return srtp_err_status_ok;
}
-key_event_t
-key_limit_update(key_limit_t key) {
+srtp_key_event_t srtp_key_limit_update (srtp_key_limit_t key)
+{
#ifdef NO_64BIT_MATH
- if (low32(key->num_left) == 0)
- {
- // carry
- key->num_left = make64(high32(key->num_left)-1,low32(key->num_left) - 1);
- }
- else
- {
- // no carry
- key->num_left = make64(high32(key->num_left),low32(key->num_left) - 1);
- }
- if (high32(key->num_left) != 0 || low32(key->num_left) >= soft_limit) {
- return key_event_normal; /* we're above the soft limit */
- }
+ if (low32(key->num_left) == 0) {
+ // carry
+ key->num_left = make64(high32(key->num_left) - 1, low32(key->num_left) - 1);
+ }else {
+ // no carry
+ key->num_left = make64(high32(key->num_left), low32(key->num_left) - 1);
+ }
+ if (high32(key->num_left) != 0 || low32(key->num_left) >= soft_limit) {
+ return srtp_key_event_normal; /* we're above the soft limit */
+ }
#else
- key->num_left--;
- if (key->num_left >= soft_limit) {
- return key_event_normal; /* we're above the soft limit */
- }
+ key->num_left--;
+ if (key->num_left >= soft_limit) {
+ return srtp_key_event_normal; /* we're above the soft limit */
+ }
#endif
- if (key->state == key_state_normal) {
- /* we just passed the soft limit, so change the state */
- key->state = key_state_past_soft_limit;
- }
+ if (key->state == srtp_key_state_normal) {
+ /* we just passed the soft limit, so change the state */
+ key->state = srtp_key_state_past_soft_limit;
+ }
#ifdef NO_64BIT_MATH
- if (low32(key->num_left) == 0 && high32(key->num_left == 0))
+ if (low32(key->num_left) == 0 && high32(key->num_left == 0))
#else
- if (key->num_left < 1)
+ if (key->num_left < 1)
#endif
- { /* we just hit the hard limit */
- key->state = key_state_expired;
- return key_event_hard_limit;
- }
- return key_event_soft_limit;
+ { /* we just hit the hard limit */
+ key->state = srtp_key_state_expired;
+ return srtp_key_event_hard_limit;
+ }
+ return srtp_key_event_soft_limit;
}
*/
/*
*
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
+#ifdef OPENSSL
+#include <openssl/crypto.h>
+#endif
+
#include "datatypes.h"
int
char bit_string[MAX_PRINT_STRING_LEN];
uint8_t
-nibble_to_hex_char(uint8_t nibble) {
+srtp_nibble_to_hex_char(uint8_t nibble) {
char buf[16] = {'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
return buf[nibble & 0xF];
}
-char *
-octet_string_hex_string(const void *s, int length) {
+char * srtp_octet_string_hex_string(const void *s, int length) {
const uint8_t *str = (const uint8_t *)s;
int i;
/* truncate string if it would be too long */
if (length > MAX_PRINT_STRING_LEN)
- length = MAX_PRINT_STRING_LEN-1;
+ length = MAX_PRINT_STRING_LEN-2;
for (i=0; i < length; i+=2) {
- bit_string[i] = nibble_to_hex_char(*str >> 4);
- bit_string[i+1] = nibble_to_hex_char(*str++ & 0xF);
+ bit_string[i] = srtp_nibble_to_hex_char(*str >> 4);
+ bit_string[i+1] = srtp_nibble_to_hex_char(*str++ & 0xF);
}
bit_string[i] = 0; /* null terminate string */
return bit_string;
}
-static inline int
-hex_char_to_nibble(uint8_t c) {
- switch(c) {
- case ('0'): return 0x0;
- case ('1'): return 0x1;
- case ('2'): return 0x2;
- case ('3'): return 0x3;
- case ('4'): return 0x4;
- case ('5'): return 0x5;
- case ('6'): return 0x6;
- case ('7'): return 0x7;
- case ('8'): return 0x8;
- case ('9'): return 0x9;
- case ('a'): return 0xa;
- case ('A'): return 0xa;
- case ('b'): return 0xb;
- case ('B'): return 0xb;
- case ('c'): return 0xc;
- case ('C'): return 0xc;
- case ('d'): return 0xd;
- case ('D'): return 0xd;
- case ('e'): return 0xe;
- case ('E'): return 0xe;
- case ('f'): return 0xf;
- case ('F'): return 0xf;
- default: return -1; /* this flags an error */
- }
- /* NOTREACHED */
-#ifndef WIN32
- return -1; /* this keeps compilers from complaining */
-#endif
-}
-
-int
-is_hex_string(char *s) {
- while(*s != 0)
- if (hex_char_to_nibble(*s++) == -1)
- return 0;
- return 1;
-}
-
-/*
- * hex_string_to_octet_string converts a hexadecimal string
- * of length 2 * len to a raw octet string of length len
- */
-
-int
-hex_string_to_octet_string(char *raw, char *hex, int len) {
- uint8_t x;
- int tmp;
- int hex_len;
-
- hex_len = 0;
- while (hex_len < len) {
- tmp = hex_char_to_nibble(hex[0]);
- if (tmp == -1)
- return hex_len;
- x = (uint8_t)(tmp << 4);
- hex_len++;
- tmp = hex_char_to_nibble(hex[1]);
- if (tmp == -1)
- return hex_len;
- x |= (tmp & 0xff);
- hex_len++;
- *raw++ = x;
- hex += 2;
- }
- return hex_len;
-}
-
char *
v128_hex_string(v128_t *x) {
int i, j;
for (i=j=0; i < 16; i++) {
- bit_string[j++] = nibble_to_hex_char(x->v8[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x->v8[i] & 0xF);
+ bit_string[j++] = srtp_nibble_to_hex_char(x->v8[i] >> 4);
+ bit_string[j++] = srtp_nibble_to_hex_char(x->v8[i] & 0xF);
}
bit_string[j] = 0; /* null terminate string */
if (l == 0)
v->word = NULL;
else {
- v->word = (uint32_t*)crypto_alloc(l);
+ v->word = (uint32_t*)srtp_crypto_alloc(l);
if (v->word == NULL) {
v->word = NULL;
v->length = 0;
void
bitvector_dealloc(bitvector_t *v) {
if (v->word != NULL)
- crypto_free(v->word);
+ srtp_crypto_free(v->word);
v->word = NULL;
v->length = 0;
}
}
-
int
octet_string_is_eq(uint8_t *a, uint8_t *b, int len) {
uint8_t *end = b + len;
+ uint8_t accumulator = 0;
+
+ /*
+ * We use this somewhat obscure implementation to try to ensure the running
+ * time only depends on len, even accounting for compiler optimizations.
+ * The accumulator ends up zero iff the strings are equal.
+ */
while (b < end)
- if (*a++ != *b++)
- return 1;
- return 0;
+ accumulator |= (*a++ ^ *b++);
+
+ /* Return 1 if *not* equal. */
+ return accumulator != 0;
}
void
-octet_string_set_to_zero(uint8_t *s, int len) {
- uint8_t *end = s + len;
+srtp_cleanse(void *s, size_t len)
+{
+ volatile unsigned char *p = (volatile unsigned char *)s;
+ while(len--) *p++ = 0;
+}
- do {
- *s = 0;
- } while (++s < end);
-
+void
+octet_string_set_to_zero(void *s, size_t len)
+{
+#ifdef OPENSSL
+ OPENSSL_cleanse(s, len);
+#else
+ srtp_cleanse(s, len);
+#endif
}
+#ifdef TESTAPP_SOURCE
-/*
- * From RFC 1521: The Base64 Alphabet
- *
- * Value Encoding Value Encoding Value Encoding Value Encoding
- * 0 A 17 R 34 i 51 z
- * 1 B 18 S 35 j 52 0
- * 2 C 19 T 36 k 53 1
- * 3 D 20 U 37 l 54 2
- * 4 E 21 V 38 m 55 3
- * 5 F 22 W 39 n 56 4
- * 6 G 23 X 40 o 57 5
- * 7 H 24 Y 41 p 58 6
- * 8 I 25 Z 42 q 59 7
- * 9 J 26 a 43 r 60 8
- * 10 K 27 b 44 s 61 9
- * 11 L 28 c 45 t 62 +
- * 12 M 29 d 46 u 63 /
- * 13 N 30 e 47 v
- * 14 O 31 f 48 w (pad) =
- * 15 P 32 g 49 x
- * 16 Q 33 h 50 y
- */
+static const char b64chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz0123456789+/";
-int
-base64_char_to_sextet(uint8_t c) {
- switch(c) {
- case 'A':
- return 0;
- case 'B':
- return 1;
- case 'C':
- return 2;
- case 'D':
- return 3;
- case 'E':
- return 4;
- case 'F':
- return 5;
- case 'G':
- return 6;
- case 'H':
- return 7;
- case 'I':
- return 8;
- case 'J':
- return 9;
- case 'K':
- return 10;
- case 'L':
- return 11;
- case 'M':
- return 12;
- case 'N':
- return 13;
- case 'O':
- return 14;
- case 'P':
- return 15;
- case 'Q':
- return 16;
- case 'R':
- return 17;
- case 'S':
- return 18;
- case 'T':
- return 19;
- case 'U':
- return 20;
- case 'V':
- return 21;
- case 'W':
- return 22;
- case 'X':
- return 23;
- case 'Y':
- return 24;
- case 'Z':
- return 25;
- case 'a':
- return 26;
- case 'b':
- return 27;
- case 'c':
- return 28;
- case 'd':
- return 29;
- case 'e':
- return 30;
- case 'f':
- return 31;
- case 'g':
- return 32;
- case 'h':
- return 33;
- case 'i':
- return 34;
- case 'j':
- return 35;
- case 'k':
- return 36;
- case 'l':
- return 37;
- case 'm':
- return 38;
- case 'n':
- return 39;
- case 'o':
- return 40;
- case 'p':
- return 41;
- case 'q':
- return 42;
- case 'r':
- return 43;
- case 's':
- return 44;
- case 't':
- return 45;
- case 'u':
- return 46;
- case 'v':
- return 47;
- case 'w':
- return 48;
- case 'x':
- return 49;
- case 'y':
- return 50;
- case 'z':
- return 51;
- case '0':
- return 52;
- case '1':
- return 53;
- case '2':
- return 54;
- case '3':
- return 55;
- case '4':
- return 56;
- case '5':
- return 57;
- case '6':
- return 58;
- case '7':
- return 59;
- case '8':
- return 60;
- case '9':
- return 61;
- case '+':
- return 62;
- case '/':
- return 63;
- case '=':
- return 64;
- default:
- break;
- }
- return -1;
+static int base64_block_to_octet_triple(char *out, char *in) {
+ unsigned char sextets[4] = {0};
+ int j = 0;
+ int i;
+
+ for (i = 0; i < 4; i++) {
+ char *p = strchr(b64chars, in[i]);
+ if (p != NULL) sextets[i] = p - b64chars;
+ else j++;
+ }
+
+ out[0] = (sextets[0]<<2)|(sextets[1]>>4);
+ if (j < 2) out[1] = (sextets[1]<<4)|(sextets[2]>>2);
+ if (j < 1) out[2] = (sextets[2]<<6)|sextets[3];
+ return j;
}
-/*
- * base64_string_to_octet_string converts a hexadecimal string
- * of length 2 * len to a raw octet string of length len
- */
+int base64_string_to_octet_string(char *out, int *pad, char *in, int len) {
+ int k = 0;
+ int i = 0;
+ int j = 0;
+ if (len % 4 != 0) return 0;
-int
-base64_string_to_octet_string(char *raw, char *base64, int len) {
- uint8_t x;
- int tmp;
- int base64_len;
-
- base64_len = 0;
- while (base64_len < len) {
- tmp = base64_char_to_sextet(base64[0]);
- if (tmp == -1)
- return base64_len;
- x = (uint8_t)(tmp << 6);
- base64_len++;
- tmp = base64_char_to_sextet(base64[1]);
- if (tmp == -1)
- return base64_len;
- x |= (tmp & 0xffff);
- base64_len++;
- *raw++ = x;
- base64 += 2;
+ while (i < len && j == 0) {
+ j = base64_block_to_octet_triple(out + k, in + i);
+ k += 3;
+ i += 4;
}
- return base64_len;
+ *pad = j;
+ return i;
}
+
+#endif
+++ /dev/null
-/*
- * gf2_8.c
- *
- * GF(256) finite field implementation, with the representation used
- * in the AES cipher.
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include "datatypes.h"
-#include "gf2_8.h"
-
-/* gf2_8_shift() moved to gf2_8.h as an inline function */
-
-gf2_8
-gf2_8_multiply(gf2_8 x, gf2_8 y) {
- gf2_8 z = 0;
-
- if (y & 1) z ^= x; x = gf2_8_shift(x);
- if (y & 2) z ^= x; x = gf2_8_shift(x);
- if (y & 4) z ^= x; x = gf2_8_shift(x);
- if (y & 8) z ^= x; x = gf2_8_shift(x);
- if (y & 16) z ^= x; x = gf2_8_shift(x);
- if (y & 32) z ^= x; x = gf2_8_shift(x);
- if (y & 64) z ^= x; x = gf2_8_shift(x);
- if (y & 128) z ^= x;
-
- return z;
-}
-
-
-/* this should use the euclidean algorithm */
-
-gf2_8
-gf2_8_compute_inverse(gf2_8 x) {
- unsigned int i;
-
- if (x == 0) return 0; /* zero is a special case */
- for (i=0; i < 256; i++)
- if (gf2_8_multiply((gf2_8) i, x) == 1)
- return (gf2_8) i;
-
- return 0;
-}
-
+++ /dev/null
-/*
- * math.c
- *
- * crypto math operations and data types
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include "crypto_math.h"
-
-int
-octet_weight[256] = {
- 0, 1, 1, 2, 1, 2, 2, 3,
- 1, 2, 2, 3, 2, 3, 3, 4,
- 1, 2, 2, 3, 2, 3, 3, 4,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 1, 2, 2, 3, 2, 3, 3, 4,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 1, 2, 2, 3, 2, 3, 3, 4,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 4, 5, 5, 6, 5, 6, 6, 7,
- 1, 2, 2, 3, 2, 3, 3, 4,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 4, 5, 5, 6, 5, 6, 6, 7,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 4, 5, 5, 6, 5, 6, 6, 7,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 4, 5, 5, 6, 5, 6, 6, 7,
- 4, 5, 5, 6, 5, 6, 6, 7,
- 5, 6, 6, 7, 6, 7, 7, 8
-};
-
-int
-low_bit[256] = {
- -1, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 5, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 6, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 5, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 7, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 5, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 6, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 5, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0
-};
-
-
-int
-high_bit[256] = {
- -1, 0, 1, 1, 2, 2, 2, 2,
- 3, 3, 3, 3, 3, 3, 3, 3,
- 4, 4, 4, 4, 4, 4, 4, 4,
- 4, 4, 4, 4, 4, 4, 4, 4,
- 5, 5, 5, 5, 5, 5, 5, 5,
- 5, 5, 5, 5, 5, 5, 5, 5,
- 5, 5, 5, 5, 5, 5, 5, 5,
- 5, 5, 5, 5, 5, 5, 5, 5,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7
-};
-
-int
-octet_get_weight(uint8_t octet) {
- extern int octet_weight[256];
-
- return octet_weight[octet];
-}
-
-unsigned char
-v32_weight(v32_t a) {
- unsigned int wt = 0;
-
- wt += octet_weight[a.v8[0]]; /* note: endian-ness makes no difference */
- wt += octet_weight[a.v8[1]];
- wt += octet_weight[a.v8[2]];
- wt += octet_weight[a.v8[3]];
-
- return wt;
-}
-
-unsigned char
-v32_distance(v32_t x, v32_t y) {
- x.value ^= y.value;
- return v32_weight(x);
-}
-
-unsigned int
-v32_dot_product(v32_t a, v32_t b) {
- a.value &= b.value;
- return v32_weight(a) & 1;
-}
-
-/*
- * _bit_string returns a NULL-terminated character string suitable for
- * printing
- */
-
-#define MAX_STRING_LENGTH 1024
-
-char bit_string[MAX_STRING_LENGTH];
-
-char *
-octet_bit_string(uint8_t x) {
- int mask, index;
-
- for (mask = 1, index = 0; mask < 256; mask <<= 1)
- if ((x & mask) == 0)
- bit_string[index++] = '0';
- else
- bit_string[index++] = '1';
-
- bit_string[index++] = 0; /* NULL terminate string */
-
- return bit_string;
-}
-
-char *
-v16_bit_string(v16_t x) {
- int i, mask, index;
-
- for (i = index = 0; i < 2; i++) {
- for (mask = 1; mask < 256; mask <<= 1)
- if ((x.v8[i] & mask) == 0)
- bit_string[index++] = '0';
- else
- bit_string[index++] = '1';
- }
- bit_string[index++] = 0; /* NULL terminate string */
- return bit_string;
-}
-
-char *
-v32_bit_string(v32_t x) {
- int i, mask, index;
-
- for (i = index = 0; i < 4; i++) {
- for (mask = 128; mask > 0; mask >>= 1)
- if ((x.v8[i] & mask) == 0)
- bit_string[index++] = '0';
- else
- bit_string[index++] = '1';
- }
- bit_string[index++] = 0; /* NULL terminate string */
- return bit_string;
-}
-
-char *
-v64_bit_string(const v64_t *x) {
- int i, mask, index;
-
- for (i = index = 0; i < 8; i++) {
- for (mask = 1; mask < 256; mask <<= 1)
- if ((x->v8[i] & mask) == 0)
- bit_string[index++] = '0';
- else
- bit_string[index++] = '1';
- }
- bit_string[index++] = 0; /* NULL terminate string */
- return bit_string;
-}
-
-char *
-v128_bit_string(v128_t *x) {
- int j, index;
- uint32_t mask;
-
- for (j=index=0; j < 4; j++) {
- for (mask=0x80000000; mask > 0; mask >>= 1) {
- if (x->v32[j] & mask)
- bit_string[index] = '1';
- else
- bit_string[index] = '0';
- ++index;
- }
- }
- bit_string[128] = 0; /* null terminate string */
-
- return bit_string;
-}
-
-uint8_t
-nibble_to_hex_char(uint8_t nibble) {
- char buf[16] = {'0', '1', '2', '3', '4', '5', '6', '7',
- '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
- return buf[nibble & 0xF];
-}
-
-char *
-octet_hex_string(uint8_t x) {
-
- bit_string[0] = nibble_to_hex_char(x >> 4);
- bit_string[1] = nibble_to_hex_char(x & 0xF);
-
- bit_string[2] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-octet_string_hex_string(const void *str, int length) {
- const uint8_t *s = str;
- int i;
-
- /* double length, since one octet takes two hex characters */
- length *= 2;
-
- /* truncate string if it would be too long */
- if (length > MAX_STRING_LENGTH)
- length = MAX_STRING_LENGTH-1;
-
- for (i=0; i < length; i+=2) {
- bit_string[i] = nibble_to_hex_char(*s >> 4);
- bit_string[i+1] = nibble_to_hex_char(*s++ & 0xF);
- }
- bit_string[i] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-v16_hex_string(v16_t x) {
- int i, j;
-
- for (i=j=0; i < 2; i++) {
- bit_string[j++] = nibble_to_hex_char(x.v8[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x.v8[i] & 0xF);
- }
-
- bit_string[j] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-v32_hex_string(v32_t x) {
- int i, j;
-
- for (i=j=0; i < 4; i++) {
- bit_string[j++] = nibble_to_hex_char(x.v8[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x.v8[i] & 0xF);
- }
-
- bit_string[j] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-v64_hex_string(const v64_t *x) {
- int i, j;
-
- for (i=j=0; i < 8; i++) {
- bit_string[j++] = nibble_to_hex_char(x->v8[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x->v8[i] & 0xF);
- }
-
- bit_string[j] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-v128_hex_string(v128_t *x) {
- int i, j;
-
- for (i=j=0; i < 16; i++) {
- bit_string[j++] = nibble_to_hex_char(x->v8[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x->v8[i] & 0xF);
- }
-
- bit_string[j] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-char_to_hex_string(char *x, int num_char) {
- int i, j;
-
- if (num_char >= 16)
- num_char = 16;
- for (i=j=0; i < num_char; i++) {
- bit_string[j++] = nibble_to_hex_char(x[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x[i] & 0xF);
- }
-
- bit_string[j] = 0; /* null terminate string */
- return bit_string;
-}
-
-int
-hex_char_to_nibble(uint8_t c) {
- switch(c) {
- case ('0'): return 0x0;
- case ('1'): return 0x1;
- case ('2'): return 0x2;
- case ('3'): return 0x3;
- case ('4'): return 0x4;
- case ('5'): return 0x5;
- case ('6'): return 0x6;
- case ('7'): return 0x7;
- case ('8'): return 0x8;
- case ('9'): return 0x9;
- case ('a'): return 0xa;
- case ('A'): return 0xa;
- case ('b'): return 0xb;
- case ('B'): return 0xb;
- case ('c'): return 0xc;
- case ('C'): return 0xc;
- case ('d'): return 0xd;
- case ('D'): return 0xd;
- case ('e'): return 0xe;
- case ('E'): return 0xe;
- case ('f'): return 0xf;
- case ('F'): return 0xf;
- default: return -1; /* this flags an error */
- }
- /* NOTREACHED */
- return -1; /* this keeps compilers from complaining */
-}
-
-int
-is_hex_string(char *s) {
- while(*s != 0)
- if (hex_char_to_nibble(*s++) == -1)
- return 0;
- return 1;
-}
-
-uint8_t
-hex_string_to_octet(char *s) {
- uint8_t x;
-
- x = (hex_char_to_nibble(s[0]) << 4)
- | hex_char_to_nibble(s[1] & 0xFF);
-
- return x;
-}
-
-/*
- * hex_string_to_octet_string converts a hexadecimal string
- * of length 2 * len to a raw octet string of length len
- */
-
-int
-hex_string_to_octet_string(char *raw, char *hex, int len) {
- uint8_t x;
- int tmp;
- int hex_len;
-
- hex_len = 0;
- while (hex_len < len) {
- tmp = hex_char_to_nibble(hex[0]);
- if (tmp == -1)
- return hex_len;
- x = (tmp << 4);
- hex_len++;
- tmp = hex_char_to_nibble(hex[1]);
- if (tmp == -1)
- return hex_len;
- x |= (tmp & 0xff);
- hex_len++;
- *raw++ = x;
- hex += 2;
- }
- return hex_len;
-}
-
-v16_t
-hex_string_to_v16(char *s) {
- v16_t x;
- int i, j;
-
- for (i=j=0; i < 4; i += 2, j++) {
- x.v8[j] = (hex_char_to_nibble(s[i]) << 4)
- | hex_char_to_nibble(s[i+1] & 0xFF);
- }
- return x;
-}
-
-v32_t
-hex_string_to_v32(char *s) {
- v32_t x;
- int i, j;
-
- for (i=j=0; i < 8; i += 2, j++) {
- x.v8[j] = (hex_char_to_nibble(s[i]) << 4)
- | hex_char_to_nibble(s[i+1] & 0xFF);
- }
- return x;
-}
-
-v64_t
-hex_string_to_v64(char *s) {
- v64_t x;
- int i, j;
-
- for (i=j=0; i < 16; i += 2, j++) {
- x.v8[j] = (hex_char_to_nibble(s[i]) << 4)
- | hex_char_to_nibble(s[i+1] & 0xFF);
- }
- return x;
-}
-
-v128_t
-hex_string_to_v128(char *s) {
- v128_t x;
- int i, j;
-
- for (i=j=0; i < 32; i += 2, j++) {
- x.v8[j] = (hex_char_to_nibble(s[i]) << 4)
- | hex_char_to_nibble(s[i+1] & 0xFF);
- }
- return x;
-}
-
-
-
-/*
- * the matrix A[] is stored in column format, i.e., A[i] is the ith
- * column of the matrix
- */
-
-uint8_t
-A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b) {
- int index = 0;
- unsigned mask;
-
- for (mask=1; mask < 256; mask *= 2) {
- if (x & mask)
- b^= A[index];
- ++index;
- }
-
- return b;
-}
-
-void
-v16_copy_octet_string(v16_t *x, const uint8_t s[2]) {
- x->v8[0] = s[0];
- x->v8[1] = s[1];
-}
-
-void
-v32_copy_octet_string(v32_t *x, const uint8_t s[4]) {
- x->v8[0] = s[0];
- x->v8[1] = s[1];
- x->v8[2] = s[2];
- x->v8[3] = s[3];
-}
-
-void
-v64_copy_octet_string(v64_t *x, const uint8_t s[8]) {
- x->v8[0] = s[0];
- x->v8[1] = s[1];
- x->v8[2] = s[2];
- x->v8[3] = s[3];
- x->v8[4] = s[4];
- x->v8[5] = s[5];
- x->v8[6] = s[6];
- x->v8[7] = s[7];
-}
-
-void
-v128_copy_octet_string(v128_t *x, const uint8_t s[16]) {
- x->v8[0] = s[0];
- x->v8[1] = s[1];
- x->v8[2] = s[2];
- x->v8[3] = s[3];
- x->v8[4] = s[4];
- x->v8[5] = s[5];
- x->v8[6] = s[6];
- x->v8[7] = s[7];
- x->v8[8] = s[8];
- x->v8[9] = s[9];
- x->v8[10] = s[10];
- x->v8[11] = s[11];
- x->v8[12] = s[12];
- x->v8[13] = s[13];
- x->v8[14] = s[14];
- x->v8[15] = s[15];
-
-}
-
-#ifndef DATATYPES_USE_MACROS /* little functions are not macros */
-
-void
-v128_set_to_zero(v128_t *x) {
- _v128_set_to_zero(x);
-}
-
-void
-v128_copy(v128_t *x, const v128_t *y) {
- _v128_copy(x, y);
-}
-
-void
-v128_xor(v128_t *z, v128_t *x, v128_t *y) {
- _v128_xor(z, x, y);
-}
-
-void
-v128_and(v128_t *z, v128_t *x, v128_t *y) {
- _v128_and(z, x, y);
-}
-
-void
-v128_or(v128_t *z, v128_t *x, v128_t *y) {
- _v128_or(z, x, y);
-}
-
-void
-v128_complement(v128_t *x) {
- _v128_complement(x);
-}
-
-int
-v128_is_eq(const v128_t *x, const v128_t *y) {
- return _v128_is_eq(x, y);
-}
-
-int
-v128_get_bit(const v128_t *x, int i) {
- return _v128_get_bit(x, i);
-}
-
-void
-v128_set_bit(v128_t *x, int i) {
- _v128_set_bit(x, i);
-}
-
-void
-v128_clear_bit(v128_t *x, int i){
- _v128_clear_bit(x, i);
-}
-
-void
-v128_set_bit_to(v128_t *x, int i, int y){
- _v128_set_bit_to(x, i, y);
-}
-
-
-#endif /* DATATYPES_USE_MACROS */
-
-
-static inline void
-v128_left_shift2(v128_t *x, int num_bits) {
- int i;
- int word_shift = num_bits >> 5;
- int bit_shift = num_bits & 31;
-
- for (i=0; i < (4-word_shift); i++) {
- x->v32[i] = x->v32[i+word_shift] << bit_shift;
- }
-
- for ( ; i < word_shift; i++) {
- x->v32[i] = 0;
- }
-
-}
-
-void
-v128_right_shift(v128_t *x, int index) {
- const int base_index = index >> 5;
- const int bit_index = index & 31;
- int i, from;
- uint32_t b;
-
- if (index > 127) {
- v128_set_to_zero(x);
- return;
- }
-
- if (bit_index == 0) {
-
- /* copy each word from left size to right side */
- x->v32[4-1] = x->v32[4-1-base_index];
- for (i=4-1; i > base_index; i--)
- x->v32[i-1] = x->v32[i-1-base_index];
-
- } else {
-
- /* set each word to the "or" of the two bit-shifted words */
- for (i = 4; i > base_index; i--) {
- from = i-1 - base_index;
- b = x->v32[from] << bit_index;
- if (from > 0)
- b |= x->v32[from-1] >> (32-bit_index);
- x->v32[i-1] = b;
- }
-
- }
-
- /* now wrap up the final portion */
- for (i=0; i < base_index; i++)
- x->v32[i] = 0;
-
-}
-
-void
-v128_left_shift(v128_t *x, int index) {
- int i;
- const int base_index = index >> 5;
- const int bit_index = index & 31;
-
- if (index > 127) {
- v128_set_to_zero(x);
- return;
- }
-
- if (bit_index == 0) {
- for (i=0; i < 4 - base_index; i++)
- x->v32[i] = x->v32[i+base_index];
- } else {
- for (i=0; i < 4 - base_index - 1; i++)
- x->v32[i] = (x->v32[i+base_index] << bit_index) ^
- (x->v32[i+base_index+1] >> (32 - bit_index));
- x->v32[4 - base_index-1] = x->v32[4-1] << bit_index;
- }
-
- /* now wrap up the final portion */
- for (i = 4 - base_index; i < 4; i++)
- x->v32[i] = 0;
-
-}
-
-
-#if 0
-void
-v128_add(v128_t *z, v128_t *x, v128_t *y) {
- /* integer addition modulo 2^128 */
-
-#ifdef WORDS_BIGENDIAN
- uint64_t tmp;
-
- tmp = x->v32[3] + y->v32[3];
- z->v32[3] = (uint32_t) tmp;
-
- tmp = x->v32[2] + y->v32[2] + (tmp >> 32);
- z->v32[2] = (uint32_t) tmp;
-
- tmp = x->v32[1] + y->v32[1] + (tmp >> 32);
- z->v32[1] = (uint32_t) tmp;
-
- tmp = x->v32[0] + y->v32[0] + (tmp >> 32);
- z->v32[0] = (uint32_t) tmp;
-
-#else /* assume little endian architecture */
- uint64_t tmp;
-
- tmp = htonl(x->v32[3]) + htonl(y->v32[3]);
- z->v32[3] = ntohl((uint32_t) tmp);
-
- tmp = htonl(x->v32[2]) + htonl(y->v32[2]) + htonl(tmp >> 32);
- z->v32[2] = ntohl((uint32_t) tmp);
-
- tmp = htonl(x->v32[1]) + htonl(y->v32[1]) + htonl(tmp >> 32);
- z->v32[1] = ntohl((uint32_t) tmp);
-
- tmp = htonl(x->v32[0]) + htonl(y->v32[0]) + htonl(tmp >> 32);
- z->v32[0] = ntohl((uint32_t) tmp);
-
-#endif /* WORDS_BIGENDIAN */
-
-}
-#endif
-
-int
-octet_string_is_eq(uint8_t *a, uint8_t *b, int len) {
- uint8_t *end = b + len;
- while (b < end)
- if (*a++ != *b++)
- return 1;
- return 0;
-}
-
-void
-octet_string_set_to_zero(uint8_t *s, int len) {
- uint8_t *end = s + len;
-
- do {
- *s = 0;
- } while (++s < end);
-
-}
-
-
-/* functions below not yet tested! */
-
-int
-v32_low_bit(v32_t *w) {
- int value;
-
- value = low_bit[w->v8[0]];
- if (value != -1)
- return value;
- value = low_bit[w->v8[1]];
- if (value != -1)
- return value + 8;
- value = low_bit[w->v8[2]];
- if (value != -1)
- return value + 16;
- value = low_bit[w->v8[3]];
- if (value == -1)
- return -1;
- return value + 24;
-}
-
-/* high_bit not done yet */
-
-
-
-
-
/*
* stats.c
*
- * statistical tests for randomness (FIPS 140-2, Section 4.9)
+ * statistical tests
*
* David A. McGrew
* Cisco Systems, Inc.
*/
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "stat.h"
-debug_module_t mod_stat = {
+srtp_debug_module_t mod_stat = {
0, /* debugging is off by default */
(char *)"stat test" /* printable module name */
};
#define STAT_TEST_DATA_LEN 2500
-err_status_t
+srtp_err_status_t
stat_test_monobit(uint8_t *data) {
uint8_t *data_end = data + STAT_TEST_DATA_LEN;
uint16_t ones_count;
ones_count = 0;
while (data < data_end) {
- ones_count += (uint16_t)octet_get_weight(*data);
+ ones_count += octet_get_weight(*data);
data++;
}
debug_print(mod_stat, "bit count: %d", ones_count);
if ((ones_count < 9725) || (ones_count > 10275))
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
stat_test_poker(uint8_t *data) {
int i;
uint8_t *data_end = data + STAT_TEST_DATA_LEN;
debug_print(mod_stat, "poker test: %f\n", poker);
if ((poker < 2.16) || (poker > 46.17))
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
- return err_status_ok;
+ return srtp_err_status_ok;
}
* runs[i] holds the number of runs of size (i-1)
*/
-err_status_t
+srtp_err_status_t
stat_test_runs(uint8_t *data) {
uint8_t *data_end = data + STAT_TEST_DATA_LEN;
uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 };
/* check for long runs */
if (state > 25) {
debug_print(mod_stat, ">25 runs: %d", state);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
} else if (state < 0) {
/* prefix is a gap */
if (state < -25) {
debug_print(mod_stat, ">25 gaps: %d", state);
- return err_status_algo_fail; /* long-runs test failed */
+ return srtp_err_status_algo_fail; /* long-runs test failed */
}
if (state < -6) {
state = -6; /* group together gaps > 5 */
/* prefix is a run */
if (state > 25) {
debug_print(mod_stat, ">25 runs (2): %d", state);
- return err_status_algo_fail; /* long-runs test failed */
+ return srtp_err_status_algo_fail; /* long-runs test failed */
}
if (state > 6) {
state = 6; /* group together runs > 5 */
/* check for long gaps */
if (state < -25) {
debug_print(mod_stat, ">25 gaps (2): %d", state);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
} else {
for (i=0; i < 6; i++)
if ( (runs[i] < lo_value[i] ) || (runs[i] > hi_value[i])
|| (gaps[i] < lo_value[i] ) || (gaps[i] > hi_value[i]))
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-/*
- * the function stat_test_rand_source applys the FIPS-140-2 statistical
- * tests to the random source defined by rs
- *
- */
-
-#define RAND_SRC_BUF_OCTETS 50 /* this value MUST divide 2500! */
-
-err_status_t
-stat_test_rand_source(rand_source_func_t get_rand_bytes) {
- int i;
- double poker;
- uint8_t *data, *data_end;
- uint16_t f[16] = {
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0
- };
- uint8_t buffer[RAND_SRC_BUF_OCTETS];
- err_status_t status;
- int ones_count = 0;
- uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 };
- uint16_t gaps[6] = { 0, 0, 0, 0, 0, 0 };
- uint16_t lo_value[6] = { 2315, 1114, 527, 240, 103, 103 };
- uint16_t hi_value[6] = { 2685, 1386, 723, 384, 209, 209 };
- int state = 0;
- uint16_t mask;
-
- /* counters for monobit, poker, and runs tests are initialized above */
-
- /* main loop: fill buffer, update counters for stat tests */
- for (i=0; i < 2500; i+=RAND_SRC_BUF_OCTETS) {
-
- /* fill data buffer */
- status = get_rand_bytes(buffer, RAND_SRC_BUF_OCTETS);
- if (status) {
- debug_print(mod_stat, "couldn't get rand bytes: %d",status);
- return status;
- }
-
-#if 0
- debug_print(mod_stat, "%s",
- octet_string_hex_string(buffer, RAND_SRC_BUF_OCTETS));
-#endif
-
- data = buffer;
- data_end = data + RAND_SRC_BUF_OCTETS;
- while (data < data_end) {
-
- /* update monobit test counter */
- ones_count += octet_get_weight(*data);
-
- /* update poker test counters */
- f[*data & 0x0f]++; /* increment freq. count for low nibble */
- f[(*data) >> 4]++; /* increment freq. count for high nibble */
-
- /* update runs test counters */
- /* loop over the bits of this byte */
- for (mask = 1; mask < 256; mask <<= 1) {
- if (*data & mask) {
-
- /* next bit is a one */
- if (state > 0) {
-
- /* prefix is a run, so increment the run-count */
- state++;
-
- /* check for long runs */
- if (state > 25) {
- debug_print(mod_stat, ">25 runs (3): %d", state);
- return err_status_algo_fail;
- }
-
- } else if (state < 0) {
-
- /* prefix is a gap */
- if (state < -25) {
- debug_print(mod_stat, ">25 gaps (3): %d", state);
- return err_status_algo_fail; /* long-runs test failed */
- }
- if (state < -6) {
- state = -6; /* group together gaps > 5 */
- }
- gaps[-1-state]++; /* increment gap count */
- state = 1; /* set state at one set bit */
- } else {
-
- /* state is zero; this happens only at initialization */
- state = 1;
- }
- } else {
-
- /* next bit is a zero */
- if (state > 0) {
-
- /* prefix is a run */
- if (state > 25) {
- debug_print(mod_stat, ">25 runs (4): %d", state);
- return err_status_algo_fail; /* long-runs test failed */
- }
- if (state > 6) {
- state = 6; /* group together runs > 5 */
- }
- runs[state-1]++; /* increment run count */
- state = -1; /* set state at one zero bit */
- } else if (state < 0) {
-
- /* prefix is a gap, so increment gap-count (decrement state) */
- state--;
-
- /* check for long gaps */
- if (state < -25) {
- debug_print(mod_stat, ">25 gaps (4): %d", state);
- return err_status_algo_fail;
- }
-
- } else {
-
- /* state is zero; this happens only at initialization */
- state = -1;
- }
- }
- }
-
- /* advance data pointer */
- data++;
- }
- }
-
- /* check to see if test data is within bounds */
-
- /* check monobit test data */
-
- debug_print(mod_stat, "stat: bit count: %d", ones_count);
-
- if ((ones_count < 9725) || (ones_count > 10275)) {
- debug_print(mod_stat, "stat: failed monobit test %d", ones_count);
- return err_status_algo_fail;
- }
-
- /* check poker test data */
- poker = 0.0;
- for (i=0; i < 16; i++)
- poker += (double) f[i] * f[i];
-
- poker *= (16.0 / 5000.0);
- poker -= 5000.0;
-
- debug_print(mod_stat, "stat: poker test: %f", poker);
-
- if ((poker < 2.16) || (poker > 46.17)) {
- debug_print(mod_stat, "stat: failed poker test", NULL);
- return err_status_algo_fail;
- }
-
- /* check run and gap counts against the fixed limits */
- for (i=0; i < 6; i++)
- if ((runs[i] < lo_value[i] ) || (runs[i] > hi_value[i])
- || (gaps[i] < lo_value[i] ) || (gaps[i] > hi_value[i])) {
- debug_print(mod_stat, "stat: failed run/gap test", NULL);
- return err_status_algo_fail;
- }
-
- debug_print(mod_stat, "passed random stat test", NULL);
- return err_status_ok;
-}
-
-err_status_t
-stat_test_rand_source_with_repetition(rand_source_func_t source, unsigned num_trials) {
- unsigned int i;
- err_status_t err = err_status_algo_fail;
-
- for (i=0; i < num_trials; i++) {
- err = stat_test_rand_source(source);
- if (err == err_status_ok) {
- return err_status_ok;
- }
- debug_print(mod_stat, "failed stat test (try number %d)\n", i);
- }
-
- return err;
-}
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "rdb.h"
/*
* this implementation of a replay database works as follows:
- *
+ *
* window_start is the index of the first packet in the window
* bitmask a bit-buffer, containing the most recently entered
- * index as the leftmost bit
+ * index as the leftmost bit
*
*/
-/* rdb_init initalizes rdb */
-
-err_status_t
-rdb_init(rdb_t *rdb) {
- v128_set_to_zero(&rdb->bitmask);
- rdb->window_start = 0;
- return err_status_ok;
+/* srtp_rdb_init initalizes rdb */
+srtp_err_status_t srtp_rdb_init (srtp_rdb_t *rdb)
+{
+ v128_set_to_zero(&rdb->bitmask);
+ rdb->window_start = 0;
+ return srtp_err_status_ok;
}
/*
- * rdb_check checks to see if index appears in rdb
+ * srtp_rdb_check checks to see if index appears in rdb
*/
-
-err_status_t
-rdb_check(const rdb_t *rdb, uint32_t p_index) {
-
- /* if the index appears after (or at very end of) the window, its good */
- if (p_index >= rdb->window_start + rdb_bits_in_bitmask)
- return err_status_ok;
-
- /* if the index appears before the window, its bad */
- if (p_index < rdb->window_start)
- return err_status_replay_old;
-
- /* otherwise, the index appears within the window, so check the bitmask */
- if (v128_get_bit(&rdb->bitmask, (p_index - rdb->window_start)) == 1)
- return err_status_replay_fail;
-
- /* otherwise, the index is okay */
- return err_status_ok;
+srtp_err_status_t srtp_rdb_check (const srtp_rdb_t *rdb, uint32_t p_index)
+{
+
+ /* if the index appears after (or at very end of) the window, its good */
+ if (p_index >= rdb->window_start + rdb_bits_in_bitmask) {
+ return srtp_err_status_ok;
+ }
+
+ /* if the index appears before the window, its bad */
+ if (p_index < rdb->window_start) {
+ return srtp_err_status_replay_old;
+ }
+
+ /* otherwise, the index appears within the window, so check the bitmask */
+ if (v128_get_bit(&rdb->bitmask, (p_index - rdb->window_start)) == 1) {
+ return srtp_err_status_replay_fail;
+ }
+
+ /* otherwise, the index is okay */
+ return srtp_err_status_ok;
}
/*
- * rdb_add_index adds index to rdb_t (and does *not* check if
+ * srtp_rdb_add_index adds index to srtp_rdb_t (and does *not* check if
* index appears in db)
*
- * this function should be called only after rdb_check has
+ * this function should be called only after srtp_rdb_check has
* indicated that the index does not appear in the rdb, e.g., a mutex
* should protect the rdb between these calls
*/
+srtp_err_status_t srtp_rdb_add_index (srtp_rdb_t *rdb, uint32_t p_index)
+{
+ int delta;
-err_status_t
-rdb_add_index(rdb_t *rdb, uint32_t p_index) {
- int delta;
+ /* here we *assume* that p_index > rdb->window_start */
- /* here we *assume* that p_index > rdb->window_start */
+ delta = (p_index - rdb->window_start);
+ if (delta < rdb_bits_in_bitmask) {
- delta = (p_index - rdb->window_start);
- if (delta < rdb_bits_in_bitmask) {
+ /* if the p_index is within the window, set the appropriate bit */
+ v128_set_bit(&rdb->bitmask, delta);
- /* if the p_index is within the window, set the appropriate bit */
- v128_set_bit(&rdb->bitmask, delta);
+ } else {
- } else {
-
- delta -= rdb_bits_in_bitmask - 1;
+ delta -= rdb_bits_in_bitmask - 1;
- /* shift the window forward by delta bits*/
- v128_left_shift(&rdb->bitmask, delta);
- v128_set_bit(&rdb->bitmask, rdb_bits_in_bitmask-1);
- rdb->window_start += delta;
+ /* shift the window forward by delta bits*/
+ v128_left_shift(&rdb->bitmask, delta);
+ v128_set_bit(&rdb->bitmask, rdb_bits_in_bitmask - 1);
+ rdb->window_start += delta;
- }
+ }
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-rdb_increment(rdb_t *rdb) {
+srtp_err_status_t srtp_rdb_increment (srtp_rdb_t *rdb)
+{
- if (rdb->window_start++ > 0x7fffffff)
- return err_status_key_expired;
- return err_status_ok;
+ if (rdb->window_start >= 0x7fffffff) {
+ return srtp_err_status_key_expired;
+ }
+ ++rdb->window_start;
+ return srtp_err_status_ok;
}
-uint32_t
-rdb_get_value(const rdb_t *rdb) {
- return rdb->window_start;
+uint32_t srtp_rdb_get_value (const srtp_rdb_t *rdb)
+{
+ return rdb->window_start;
}
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "rdbx.h"
/*
* rdbx implementation notes
*
- * A xtd_seq_num_t is essentially a sequence number for which some of
+ * A srtp_xtd_seq_num_t is essentially a sequence number for which some of
* the data on the wire are implicit. It logically consists of a
* rollover counter and a sequence number; the sequence number is the
* explicit part, and the rollover counter is the implicit part.
*
* Upon receiving a sequence_number (e.g. in a newly received SRTP
- * packet), the complete xtd_seq_num_t can be estimated by using a
- * local xtd_seq_num_t as a basis. This is done using the function
- * index_guess(&local, &guess, seq_from_packet). This function
+ * packet), the complete srtp_xtd_seq_num_t can be estimated by using a
+ * local srtp_xtd_seq_num_t as a basis. This is done using the function
+ * srtp_index_guess(&local, &guess, seq_from_packet). This function
* returns the difference of the guess and the local value. The local
- * xtd_seq_num_t can be moved forward to the guess using the function
- * index_advance(&guess, delta), where delta is the difference.
- *
+ * srtp_xtd_seq_num_t can be moved forward to the guess using the function
+ * srtp_index_advance(&guess, delta), where delta is the difference.
+ *
*
- * A rdbx_t consists of a xtd_seq_num_t and a bitmask. The index is highest
+ * A srtp_rdbx_t consists of a srtp_xtd_seq_num_t and a bitmask. The index is highest
* sequence number that has been received, and the bitmask indicates
* which of the recent indicies have been received as well. The
* highest bit in the bitmask corresponds to the index in the bitmask.
*/
-void
-index_init(xtd_seq_num_t *pi) {
+void srtp_index_init (srtp_xtd_seq_num_t *pi)
+{
#ifdef NO_64BIT_MATH
- *pi = make64(0,0);
+ *pi = make64(0, 0);
#else
- *pi = 0;
+ *pi = 0;
#endif
}
-void
-index_advance(xtd_seq_num_t *pi, sequence_number_t s) {
+void srtp_index_advance (srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s)
+{
#ifdef NO_64BIT_MATH
- /* a > ~b means a+b will generate a carry */
- /* s is uint16 here */
- *pi = make64(high32(*pi) + (s > ~low32(*pi) ? 1 : 0),low32(*pi) + s);
+ /* a > ~b means a+b will generate a carry */
+ /* s is uint16 here */
+ *pi = make64(high32(*pi) + (s > ~low32(*pi) ? 1 : 0), low32(*pi) + s);
#else
- *pi += s;
+ *pi += s;
#endif
}
/*
- * index_guess(local, guess, s)
- *
- * given a xtd_seq_num_t local (which represents the last
- * known-to-be-good received xtd_seq_num_t) and a sequence number s
+ * srtp_index_guess(local, guess, s)
+ *
+ * given a srtp_xtd_seq_num_t local (which represents the last
+ * known-to-be-good received srtp_xtd_seq_num_t) and a sequence number s
* (from a newly arrived packet), sets the contents of *guess to
* contain the best guess of the packet index to which s corresponds,
* and returns the difference between *guess and *local
*
* nota bene - the output is a signed integer, DON'T cast it to a
- * unsigned integer!
+ * unsigned integer!
*/
-int
-index_guess(const xtd_seq_num_t *local,
- xtd_seq_num_t *guess,
- sequence_number_t s) {
+int32_t srtp_index_guess (const srtp_xtd_seq_num_t *local, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s)
+{
#ifdef NO_64BIT_MATH
- uint32_t local_roc = ((high32(*local) << 16) |
- (low32(*local) >> 16));
- uint16_t local_seq = (uint16_t) (low32(*local));
+ uint32_t local_roc = ((high32(*local) << 16) |
+ (low32(*local) >> 16));
+ uint16_t local_seq = (uint16_t)(low32(*local));
#else
- uint32_t local_roc = (uint32_t)(*local >> 16);
- uint16_t local_seq = (uint16_t) *local;
+ uint32_t local_roc = (uint32_t)(*local >> 16);
+ uint16_t local_seq = (uint16_t)*local;
#endif
#ifdef NO_64BIT_MATH
- uint32_t guess_roc = ((high32(*guess) << 16) |
- (low32(*guess) >> 16));
- uint16_t guess_seq = (uint16_t) (low32(*guess));
+ uint32_t guess_roc = ((high32(*guess) << 16) |
+ (low32(*guess) >> 16));
+ uint16_t guess_seq = (uint16_t)(low32(*guess));
#else
- uint32_t guess_roc = (uint32_t)(*guess >> 16);
- uint16_t guess_seq = (uint16_t) *guess;
+ uint32_t guess_roc = (uint32_t)(*guess >> 16);
+ uint16_t guess_seq = (uint16_t)*guess;
#endif
- int difference;
-
- if (local_seq < seq_num_median) {
- if (s - local_seq > seq_num_median) {
- guess_roc = local_roc - 1;
- difference = s - local_seq - seq_num_max;
+ int32_t difference;
+
+ if (local_seq < seq_num_median) {
+ if (s - local_seq > seq_num_median) {
+ guess_roc = local_roc - 1;
+ difference = s - local_seq - seq_num_max;
+ } else {
+ guess_roc = local_roc;
+ difference = s - local_seq;
+ }
} else {
- guess_roc = local_roc;
- difference = s - local_seq;
+ if (local_seq - seq_num_median > s) {
+ guess_roc = local_roc + 1;
+ difference = s - local_seq + seq_num_max;
+ } else {
+ guess_roc = local_roc;
+ difference = s - local_seq;
+ }
}
- } else {
- if (local_seq - seq_num_median > s) {
- guess_roc = local_roc + 1;
- difference = s - local_seq + seq_num_max;
- } else {
- guess_roc = local_roc;
- difference = s - local_seq;
- }
- }
- guess_seq = s;
-
- /* Note: guess_roc is 32 bits, so this generates a 48-bit result! */
+ guess_seq = s;
+
+ /* Note: guess_roc is 32 bits, so this generates a 48-bit result! */
#ifdef NO_64BIT_MATH
- *guess = make64(guess_roc >> 16,
- (guess_roc << 16) | guess_seq);
+ *guess = make64(guess_roc >> 16,
+ (guess_roc << 16) | guess_seq);
#else
- *guess = (((uint64_t) guess_roc) << 16) | guess_seq;
+ *guess = (((uint64_t)guess_roc) << 16) | guess_seq;
#endif
- return difference;
+ return difference;
}
/*
/*
- * rdbx_init(&r, ws) initializes the rdbx_t pointed to by r with window size ws
+ * srtp_rdbx_init(&r, ws) initializes the srtp_rdbx_t pointed to by r with window size ws
*/
+srtp_err_status_t srtp_rdbx_init (srtp_rdbx_t *rdbx, unsigned long ws)
+{
+ if (ws == 0) {
+ return srtp_err_status_bad_param;
+ }
-err_status_t
-rdbx_init(rdbx_t *rdbx, unsigned long ws) {
- if (ws == 0)
- return err_status_bad_param;
-
- if (bitvector_alloc(&rdbx->bitmask, ws) != 0)
- return err_status_alloc_fail;
+ if (bitvector_alloc(&rdbx->bitmask, ws) != 0) {
+ return srtp_err_status_alloc_fail;
+ }
- index_init(&rdbx->index);
+ srtp_index_init(&rdbx->index);
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
- * rdbx_dealloc(&r) frees memory for the rdbx_t pointed to by r
+ * srtp_rdbx_dealloc(&r) frees memory for the srtp_rdbx_t pointed to by r
*/
+srtp_err_status_t srtp_rdbx_dealloc (srtp_rdbx_t *rdbx)
+{
+ bitvector_dealloc(&rdbx->bitmask);
-err_status_t
-rdbx_dealloc(rdbx_t *rdbx) {
- bitvector_dealloc(&rdbx->bitmask);
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
- * rdbx_set_roc(rdbx, roc) initalizes the rdbx_t at the location rdbx
+ * srtp_rdbx_set_roc(rdbx, roc) initalizes the srtp_rdbx_t at the location rdbx
* to have the rollover counter value roc. If that value is less than
* the current rollover counter value, then the function returns
- * err_status_replay_old; otherwise, err_status_ok is returned.
- *
+ * srtp_err_status_replay_old; otherwise, srtp_err_status_ok is returned.
+ *
*/
-
-err_status_t
-rdbx_set_roc(rdbx_t *rdbx, uint32_t roc) {
- bitvector_set_to_zero(&rdbx->bitmask);
+srtp_err_status_t srtp_rdbx_set_roc (srtp_rdbx_t *rdbx, uint32_t roc)
+{
+ bitvector_set_to_zero(&rdbx->bitmask);
#ifdef NO_64BIT_MATH
#error not yet implemented
#else
- /* make sure that we're not moving backwards */
- if (roc < (rdbx->index >> 16))
- return err_status_replay_old;
+ /* make sure that we're not moving backwards */
+ if (roc < (rdbx->index >> 16)) {
+ return srtp_err_status_replay_old;
+ }
- rdbx->index &= 0xffff; /* retain lowest 16 bits */
- rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */
+ rdbx->index &= 0xffff; /* retain lowest 16 bits */
+ rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */
#endif
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
- * rdbx_get_packet_index(rdbx) returns the value of the packet index
- * for the rdbx_t pointed to by rdbx
- *
+ * srtp_rdbx_get_packet_index(rdbx) returns the value of the packet index
+ * for the srtp_rdbx_t pointed to by rdbx
+ *
*/
-
-xtd_seq_num_t
-rdbx_get_packet_index(const rdbx_t *rdbx) {
- return rdbx->index;
+srtp_xtd_seq_num_t srtp_rdbx_get_packet_index (const srtp_rdbx_t *rdbx)
+{
+ return rdbx->index;
}
/*
- * rdbx_get_window_size(rdbx) returns the value of the window size
- * for the rdbx_t pointed to by rdbx
- *
+ * srtp_rdbx_get_window_size(rdbx) returns the value of the window size
+ * for the srtp_rdbx_t pointed to by rdbx
+ *
*/
-
-unsigned long
-rdbx_get_window_size(const rdbx_t *rdbx) {
- return bitvector_get_length(&rdbx->bitmask);
+unsigned long srtp_rdbx_get_window_size (const srtp_rdbx_t *rdbx)
+{
+ return bitvector_get_length(&rdbx->bitmask);
}
/*
- * rdbx_check(&r, delta) checks to see if the xtd_seq_num_t
+ * srtp_rdbx_check(&r, delta) checks to see if the srtp_xtd_seq_num_t
* which is at rdbx->index + delta is in the rdb
*/
+srtp_err_status_t srtp_rdbx_check (const srtp_rdbx_t *rdbx, int delta)
+{
+
+ if (delta > 0) { /* if delta is positive, it's good */
+ return srtp_err_status_ok;
+ } else if ((int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta < 0) {
+ /* if delta is lower than the bitmask, it's bad */
+ return srtp_err_status_replay_old;
+ } else if (bitvector_get_bit(&rdbx->bitmask,
+ (int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta) == 1) {
+ /* delta is within the window, so check the bitmask */
+ return srtp_err_status_replay_fail;
+ }
+ /* otherwise, the index is okay */
-err_status_t
-rdbx_check(const rdbx_t *rdbx, int delta) {
-
- if (delta > 0) { /* if delta is positive, it's good */
- return err_status_ok;
- } else if ((int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta < 0) {
- /* if delta is lower than the bitmask, it's bad */
- return err_status_replay_old;
- } else if (bitvector_get_bit(&rdbx->bitmask,
- (int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta) == 1) {
- /* delta is within the window, so check the bitmask */
- return err_status_replay_fail;
- }
- /* otherwise, the index is okay */
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
- * rdbx_add_index adds the xtd_seq_num_t at rdbx->window_start + d to
- * replay_db (and does *not* check if that xtd_seq_num_t appears in db)
+ * srtp_rdbx_add_index adds the srtp_xtd_seq_num_t at rdbx->window_start + d to
+ * replay_db (and does *not* check if that srtp_xtd_seq_num_t appears in db)
*
* this function should be called only after replay_check has
* indicated that the index does not appear in the rdbx, e.g., a mutex
* should protect the rdbx between these calls if need be
*/
+srtp_err_status_t srtp_rdbx_add_index (srtp_rdbx_t *rdbx, int delta)
+{
+
+ if (delta > 0) {
+ /* shift forward by delta */
+ srtp_index_advance(&rdbx->index, delta);
+ bitvector_left_shift(&rdbx->bitmask, delta);
+ bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1);
+ } else {
+ /* delta is in window */
+ bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1 + delta);
+ }
+
+ /* note that we need not consider the case that delta == 0 */
-err_status_t
-rdbx_add_index(rdbx_t *rdbx, int delta) {
-
- if (delta > 0) {
- /* shift forward by delta */
- index_advance(&rdbx->index, (sequence_number_t)delta);
- bitvector_left_shift(&rdbx->bitmask, delta);
- bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1);
- } else {
- /* delta is in window */
- bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) -1 + delta);
- }
-
- /* note that we need not consider the case that delta == 0 */
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
- * rdbx_estimate_index(rdbx, guess, s)
- *
+ * srtp_rdbx_estimate_index(rdbx, guess, s)
+ *
* given an rdbx and a sequence number s (from a newly arrived packet),
* sets the contents of *guess to contain the best guess of the packet
* index to which s corresponds, and returns the difference between
* *guess and the locally stored synch info
*/
+int32_t srtp_rdbx_estimate_index (const srtp_rdbx_t *rdbx, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s)
+{
-int
-rdbx_estimate_index(const rdbx_t *rdbx,
- xtd_seq_num_t *guess,
- sequence_number_t s) {
+ /*
+ * if the sequence number and rollover counter in the rdbx are
+ * non-zero, then use the srtp_index_guess(...) function, otherwise, just
+ * set the rollover counter to zero (since the srtp_index_guess(...)
+ * function might incorrectly guess that the rollover counter is
+ * 0xffffffff)
+ */
- /*
- * if the sequence number and rollover counter in the rdbx are
- * non-zero, then use the index_guess(...) function, otherwise, just
- * set the rollover counter to zero (since the index_guess(...)
- * function might incorrectly guess that the rollover counter is
- * 0xffffffff)
- */
+#ifdef NO_64BIT_MATH
+ /* seq_num_median = 0x8000 */
+ if (high32(rdbx->index) > 0 ||
+ low32(rdbx->index) > seq_num_median)
+#else
+ if (rdbx->index > seq_num_median)
+#endif
+ { return srtp_index_guess(&rdbx->index, guess, s); }
#ifdef NO_64BIT_MATH
- /* seq_num_median = 0x8000 */
- if (high32(rdbx->index) > 0 ||
- low32(rdbx->index) > seq_num_median)
+ *guess = make64(0, (uint32_t)s);
#else
- if (rdbx->index > seq_num_median)
+ *guess = s;
#endif
- return index_guess(&rdbx->index, guess, s);
-
+
#ifdef NO_64BIT_MATH
- *guess = make64(0,(uint32_t) s);
-#else
- *guess = s;
+ return s - (uint16_t)low32(rdbx->index);
+#else
+ return s - (uint16_t)rdbx->index;
#endif
+}
+
+/*
+ * srtp_rdbx_get_roc(rdbx)
+ *
+ * Get the current rollover counter
+ *
+ */
+uint32_t srtp_rdbx_get_roc(const srtp_rdbx_t *rdbx)
+{
+ uint32_t roc;
#ifdef NO_64BIT_MATH
- return s - (uint16_t) low32(rdbx->index);
+ roc = ((high32(rdbx->index) << 16) | (low32(rdbx->index) >> 16));
#else
- return s - (uint16_t) rdbx->index;
+ roc = (uint32_t)(rdbx->index >> 16);
#endif
+
+ return roc;
}
+
+/*
+ * srtp_rdbx_set_roc_seq(rdbx, roc, seq) initalizes the srtp_rdbx_t at the
+ * location rdbx to have the rollover counter value roc and packet sequence
+ * number seq. If the new rollover counter value is less than the current
+ * rollover counter value, then the function returns
+ * srtp_err_status_replay_old, otherwise, srtp_err_status_ok is returned.
+ */
+srtp_err_status_t srtp_rdbx_set_roc_seq (srtp_rdbx_t *rdbx,
+ uint32_t roc,
+ uint16_t seq)
+{
+#ifdef NO_64BIT_MATH
+ #error not yet implemented
+#else
+
+ /* make sure that we're not moving backwards */
+ if (roc < (rdbx->index >> 16)) {
+ return srtp_err_status_replay_old;
+ }
+
+ rdbx->index = seq;
+ rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */
+#endif
+
+ bitvector_set_to_zero(&rdbx->bitmask);
+
+ return srtp_err_status_ok;
+}
+
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "ut_sim.h"
+++ /dev/null
-/*
- * ctr_prng.c
- *
- * counter mode based pseudorandom source
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include "prng.h"
-
-/* single, global prng structure */
-
-ctr_prng_t ctr_prng;
-
-err_status_t
-ctr_prng_init(rand_source_func_t random_source) {
- uint8_t tmp_key[32];
- err_status_t status;
-
- /* initialize output count to zero */
- ctr_prng.octet_count = 0;
-
- /* set random source */
- ctr_prng.rand = random_source;
-
- /* initialize secret key from random source */
- status = random_source(tmp_key, 32);
- if (status)
- return status;
-
- /* initialize aes ctr context with random key */
-#ifdef OPENSSL
- status = aes_icm_openssl_context_init(&ctr_prng.state, tmp_key, 30);
-#else
- status = aes_icm_context_init(&ctr_prng.state, tmp_key, 30);
-#endif
- if (status)
- return status;
-
- return err_status_ok;
-}
-
-err_status_t
-ctr_prng_get_octet_string(void *dest, uint32_t len) {
- err_status_t status;
-
- /*
- * if we need to re-initialize the prng, do so now
- */
- if ((aes_icm_bytes_encrypted(&ctr_prng.state) + len) > 0xffff) {
- status = ctr_prng_init(ctr_prng.rand);
- if (status)
- return status;
- }
- ctr_prng.octet_count += len;
-
- /*
- * write prng output
- */
- status = aes_icm_output(&ctr_prng.state, (uint8_t*)dest, len);
- if (status)
- return status;
-
- return err_status_ok;
-}
-
-err_status_t
-ctr_prng_deinit(void) {
-
- /* nothing */
-
- return err_status_ok;
-}
+++ /dev/null
-/*
- * prng.c
- *
- * pseudorandom source
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include "prng.h"
-
-/* single, global prng structure */
-
-x917_prng_t x917_prng;
-
-err_status_t
-x917_prng_init(rand_source_func_t random_source) {
- uint8_t tmp_key[16];
- err_status_t status;
-
- /* initialize output count to zero */
- x917_prng.octet_count = 0;
-
- /* set random source */
- x917_prng.rand = random_source;
-
- /* initialize secret key from random source */
- status = random_source(tmp_key, 16);
- if (status)
- return status;
-
- /* expand aes key */
- aes_expand_encryption_key(tmp_key, 16, &x917_prng.key);
-
- /* initialize prng state from random source */
- status = x917_prng.rand((uint8_t *)&x917_prng.state, 16);
- if (status)
- return status;
-
- return err_status_ok;
-}
-
-err_status_t
-x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
- uint32_t t;
- v128_t buffer;
- uint32_t i, tail_len;
- err_status_t status;
-
- /*
- * if we need to re-initialize the prng, do so now
- *
- * avoid overflows by subtracting instead of adding
- */
- if (x917_prng.octet_count > MAX_PRNG_OUT_LEN - len) {
- status = x917_prng_init(x917_prng.rand);
- if (status)
- return status;
- }
- x917_prng.octet_count += len;
-
- /* find out the time */
- t = (uint32_t)time(NULL);
-
- /* loop until we have output enough data */
- for (i=0; i < len/16; i++) {
-
- /* exor time into state */
- x917_prng.state.v32[0] ^= t;
-
- /* copy state into buffer */
- v128_copy(&buffer, &x917_prng.state);
-
- /* apply aes to buffer */
- aes_encrypt(&buffer, &x917_prng.key);
-
- /* write data to output */
- *dest++ = buffer.v8[0];
- *dest++ = buffer.v8[1];
- *dest++ = buffer.v8[2];
- *dest++ = buffer.v8[3];
- *dest++ = buffer.v8[4];
- *dest++ = buffer.v8[5];
- *dest++ = buffer.v8[6];
- *dest++ = buffer.v8[7];
- *dest++ = buffer.v8[8];
- *dest++ = buffer.v8[9];
- *dest++ = buffer.v8[10];
- *dest++ = buffer.v8[11];
- *dest++ = buffer.v8[12];
- *dest++ = buffer.v8[13];
- *dest++ = buffer.v8[14];
- *dest++ = buffer.v8[15];
-
- /* exor time into buffer */
- buffer.v32[0] ^= t;
-
- /* encrypt buffer */
- aes_encrypt(&buffer, &x917_prng.key);
-
- /* copy buffer into state */
- v128_copy(&x917_prng.state, &buffer);
-
- }
-
- /* if we need to output any more octets, we'll do so now */
- tail_len = len % 16;
- if (tail_len) {
-
- /* exor time into state */
- x917_prng.state.v32[0] ^= t;
-
- /* copy value into buffer */
- v128_copy(&buffer, &x917_prng.state);
-
- /* apply aes to buffer */
- aes_encrypt(&buffer, &x917_prng.key);
-
- /* write data to output */
- for (i=0; i < tail_len; i++) {
- *dest++ = buffer.v8[i];
- }
-
- /* now update the state one more time */
-
- /* exor time into buffer */
- buffer.v32[0] ^= t;
-
- /* encrypt buffer */
- aes_encrypt(&buffer, &x917_prng.key);
-
- /* copy buffer into state */
- v128_copy(&x917_prng.state, &buffer);
-
- }
-
- return err_status_ok;
-}
-
-err_status_t
-x917_prng_deinit(void) {
-
- return err_status_ok;
-}
+++ /dev/null
-/*
- * rand_linux_kernel.c
- *
- * implements a random source using Linux kernel functions
- *
- * Marcus Sundberg
- * Ingate Systems AB
- */
-/*
- *
- * Copyright(c) 2005 Ingate Systems AB
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the author(s) nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include "config.h"
-#include "rand_source.h"
-
-
-err_status_t
-rand_source_init(void) {
- return err_status_ok;
-}
-
-err_status_t
-rand_source_get_octet_string(void *dest, uint32_t len) {
-
- get_random_bytes(dest, len);
-
- return err_status_ok;
-}
-
-err_status_t
-rand_source_deinit(void) {
- return err_status_ok;
-}
+++ /dev/null
-/*
- * rand_source.c
- *
- * implements a random source based on /dev/random
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include "config.h"
-
-#ifdef DEV_URANDOM
-# include <fcntl.h> /* for open() */
-# include <unistd.h> /* for close() */
-#elif defined(HAVE_RAND_S)
-# define _CRT_RAND_S
-# include <stdlib.h>
-#else
-# include <stdio.h>
-#endif
-
-#include "rand_source.h"
-
-
-/*
- * global dev_rand_fdes is file descriptor for /dev/random
- *
- * This variable is also used to indicate that the random source has
- * been initialized. When this variable is set to the value of the
- * #define RAND_SOURCE_NOT_READY, it indicates that the random source
- * is not ready to be used. The value of the #define
- * RAND_SOURCE_READY is for use whenever that variable is used as an
- * indicator of the state of the random source, but not as a file
- * descriptor.
- */
-
-#define RAND_SOURCE_NOT_READY (-1)
-#define RAND_SOURCE_READY (17)
-
-static int dev_random_fdes = RAND_SOURCE_NOT_READY;
-
-
-err_status_t
-rand_source_init(void) {
- if (dev_random_fdes >= 0) {
- /* already open */
- return err_status_ok;
- }
-#ifdef DEV_URANDOM
- /* open random source for reading */
- dev_random_fdes = open(DEV_URANDOM, O_RDONLY);
- if (dev_random_fdes < 0)
- return err_status_init_fail;
-#elif defined(HAVE_RAND_S)
- dev_random_fdes = RAND_SOURCE_READY;
-#else
- /* no random source available; let the user know */
- fprintf(stderr, "WARNING: no real random source present!\n");
- dev_random_fdes = RAND_SOURCE_READY;
-#endif
- return err_status_ok;
-}
-
-err_status_t
-rand_source_get_octet_string(void *dest, uint32_t len) {
-
- /*
- * read len octets from /dev/random to dest, and
- * check return value to make sure enough octets were
- * written
- */
-#ifdef DEV_URANDOM
- uint8_t *dst = (uint8_t *)dest;
- while (len)
- {
- ssize_t num_read = read(dev_random_fdes, dst, len);
- if (num_read <= 0 || num_read > len)
- return err_status_fail;
- len -= num_read;
- dst += num_read;
- }
-#elif defined(HAVE_RAND_S)
- uint8_t *dst = (uint8_t *)dest;
- while (len)
- {
- unsigned int val;
- errno_t err = rand_s(&val);
-
- if (err != 0)
- return err_status_fail;
-
- *dst++ = val & 0xff;
- len--;
- }
-#else
- /* Generic C-library (rand()) version */
- /* This is a random source of last resort */
- uint8_t *dst = (uint8_t *)dest;
- while (len)
- {
- int val = rand();
- /* rand() returns 0-32767 (ugh) */
- /* Is this a good enough way to get random bytes?
- It is if it passes FIPS-140... */
- *dst++ = val & 0xff;
- len--;
- }
-#endif
- return err_status_ok;
-}
-
-err_status_t
-rand_source_deinit(void) {
- if (dev_random_fdes < 0)
- return err_status_dealloc_fail; /* well, we haven't really failed, *
- * but there is something wrong */
-#ifdef DEV_URANDOM
- close(dev_random_fdes);
-#endif
- dev_random_fdes = RAND_SOURCE_NOT_READY;
-
- return err_status_ok;
-}
+++ /dev/null
-aes_calc
-cipher_driver
-datatypes_driver
-env
-kernel_driver
-rand_gen
-sha1_driver
-stat_driver
* Cisco Systems, Inc.
*/
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
/*
Example usage (with first NIST FIPS 197 test case):
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "aes.h"
#include <stdio.h>
#include <string.h>
+#include "util.h"
void
usage(char *prog_name) {
main (int argc, char *argv[]) {
v128_t data;
uint8_t key[AES_MAX_KEY_LEN];
- aes_expanded_key_t exp_key;
+ srtp_aes_expanded_key_t exp_key;
int key_len, len;
int verbose = 0;
- err_status_t status;
+ srtp_err_status_t status;
if (argc == 3) {
/* we're not in verbose mode */
}
/* encrypt plaintext */
- status = aes_expand_encryption_key(key, key_len, &exp_key);
+ status = srtp_aes_expand_encryption_key(key, key_len, &exp_key);
if (status) {
fprintf(stderr,
"error: AES key expansion failed.\n");
exit(1);
}
- aes_encrypt(&data, &exp_key);
+ srtp_aes_encrypt(&data, &exp_key);
/* write ciphertext to output */
if (verbose) {
+++ /dev/null
-/*
- * auth_driver.c
- *
- * a driver for auth functions
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include <stdio.h> /* for printf() */
-#include <stdlib.h> /* for xalloc() */
-#include <unistd.h> /* for getopt() */
-
-#include "auth.h"
-#include "null_auth.h"
-
-#define PRINT_DEBUG_DATA 0
-
-extern auth_type_t tmmhv2;
-
-const uint16_t msg0[9] = {
- 0x6015, 0xf141, 0x5ba1, 0x29a0, 0xf604, 0xd1c, 0x2d9, 0xaa8a, 0x7931
-};
-
-/* key1 is for TAG_WORDS = 2 */
-
-const uint16_t key1[47] = {
- 0xe627, 0x6a01, 0x5ea7, 0xf27a, 0xc536, 0x2192, 0x11be, 0xea35,
- 0xdb9d, 0x63d6, 0xfa8a, 0xfc45, 0xe08b, 0xd216, 0xced2, 0x7853,
- 0x1a82, 0x22f5, 0x90fb, 0x1c29, 0x708e, 0xd06f, 0x82c3, 0xbee6,
- 0x4f21, 0x6f33, 0x65c0, 0xd211, 0xc25e, 0x9138, 0x4fa3, 0x7c1f,
- 0x61ac, 0x3489, 0x2976, 0x8c19, 0x8252, 0xddbf, 0xcad3, 0xc28f,
- 0x68d6, 0x58dd, 0x504f, 0x2bbf, 0x0278, 0x70b7, 0xcfca
-};
-
-double
-auth_bits_per_second(auth_t *h, int msg_len);
-
-
-void
-usage(char *prog_name) {
- printf("usage: %s [ -t | -v ]\n", prog_name);
- exit(255);
-}
-
-#define MAX_MSG_LEN 2048
-
-int
-main (int argc, char *argv[]) {
- auth_t *a = NULL;
- err_status_t status;
- int i;
- int c;
- unsigned do_timing_test = 0;
- unsigned do_validation = 0;
-
- /* process input arguments */
- while (1) {
- c = getopt(argc, argv, "tv");
- if (c == -1)
- break;
- switch (c) {
- case 't':
- do_timing_test = 1;
- break;
- case 'v':
- do_validation = 1;
- break;
- default:
- usage(argv[0]);
- }
- }
-
- printf("auth driver\nDavid A. McGrew\nCisco Systems, Inc.\n");
-
- if (!do_validation && !do_timing_test)
- usage(argv[0]);
-
- if (do_validation) {
- printf("running self-test for %s...", tmmhv2.description);
- status = tmmhv2_add_big_test();
- if (status) {
- printf("tmmhv2_add_big_test failed with error code %d\n", status);
- exit(status);
- }
- status = auth_type_self_test(&tmmhv2);
- if (status) {
- printf("failed with error code %d\n", status);
- exit(status);
- }
- printf("passed\n");
- }
-
- if (do_timing_test) {
-
- /* tmmhv2 timing test */
- status = auth_type_alloc(&tmmhv2, &a, 94, 4);
- if (status) {
- fprintf(stderr, "can't allocate tmmhv2\n");
- exit(status);
- }
- status = auth_init(a, (uint8_t *)key1);
- if (status) {
- printf("error initializaing auth function\n");
- exit(status);
- }
-
- printf("timing %s (tag length %d)\n",
- tmmhv2.description, auth_get_tag_length(a));
- for (i=8; i <= MAX_MSG_LEN; i *= 2)
- printf("msg len: %d\tgigabits per second: %f\n",
- i, auth_bits_per_second(a, i) / 1E9);
-
- status = auth_dealloc(a);
- if (status) {
- printf("error deallocating auth function\n");
- exit(status);
- }
-
- }
-
- return 0;
-}
-
-#define NUM_TRIALS 100000
-
-#include <time.h>
-
-double
-auth_bits_per_second(auth_t *a, int msg_len_octets) {
- int i;
- clock_t timer;
- uint8_t *result;
- int msg_len = (msg_len_octets + 1)/2;
- uint16_t *msg_string;
-
- /* create random message */
- msg_string = (uint16_t *) crypto_alloc(msg_len_octets);
- if (msg_string == NULL)
- return 0.0; /* indicate failure */
- for (i=0; i < msg_len; i++)
- msg_string[i] = (uint16_t) random();
-
- /* allocate temporary storage for authentication tag */
- result = crypto_alloc(auth_get_tag_length(a));
- if (result == NULL) {
- free(msg_string);
- return 0.0; /* indicate failure */
- }
-
- timer = clock();
- for (i=0; i < NUM_TRIALS; i++) {
- auth_compute(a, (uint8_t *)msg_string, msg_len_octets, (uint8_t *)result);
- }
- timer = clock() - timer;
-
- free(msg_string);
- free(result);
-
- return (double) NUM_TRIALS * 8 * msg_len_octets * CLOCKS_PER_SEC / timer;
-}
-
-
/*
*
- * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h> /* for printf() */
#include <stdlib.h> /* for rand() */
#include <string.h> /* for memset() */
-#include <unistd.h> /* for getopt() */
+#include "getopt_s.h"
#include "cipher.h"
#ifdef OPENSSL
#include "aes_icm_ossl.h"
#else
#include "aes_icm.h"
#endif
-#include "null_cipher.h"
#define PRINT_DEBUG 0
void
-cipher_driver_test_throughput(cipher_t *c);
+cipher_driver_test_throughput(srtp_cipher_t *c);
-err_status_t
-cipher_driver_self_test(cipher_type_t *ct);
+srtp_err_status_t
+cipher_driver_self_test(srtp_cipher_type_t *ct);
/*
* calls
*/
-err_status_t
-cipher_driver_test_buffering(cipher_t *c);
+srtp_err_status_t
+cipher_driver_test_buffering(srtp_cipher_t *c);
/*
* functions for testing cipher cache thrash
*/
-err_status_t
-cipher_driver_test_array_throughput(cipher_type_t *ct,
+srtp_err_status_t
+cipher_driver_test_array_throughput(srtp_cipher_type_t *ct,
int klen, int num_cipher);
void
-cipher_array_test_throughput(cipher_t *ca[], int num_cipher);
+cipher_array_test_throughput(srtp_cipher_t *ca[], int num_cipher);
uint64_t
-cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
+cipher_array_bits_per_second(srtp_cipher_t *cipher_array[], int num_cipher,
unsigned octets_in_buffer, int num_trials);
-err_status_t
-cipher_array_delete(cipher_t *cipher_array[], int num_cipher);
+srtp_err_status_t
+cipher_array_delete(srtp_cipher_t *cipher_array[], int num_cipher);
-err_status_t
-cipher_array_alloc_init(cipher_t ***cipher_array, int num_ciphers,
- cipher_type_t *ctype, int klen);
+srtp_err_status_t
+cipher_array_alloc_init(srtp_cipher_t ***cipher_array, int num_ciphers,
+ srtp_cipher_type_t *ctype, int klen);
void
usage(char *prog_name) {
}
void
-check_status(err_status_t s) {
+check_status(srtp_err_status_t s) {
if (s) {
printf("error (code %d)\n", s);
exit(s);
}
/*
- * null_cipher, aes_icm, and aes_cbc are the cipher meta-objects
+ * null_cipher and srtp_aes_icm are the cipher meta-objects
* defined in the files in crypto/cipher subdirectory. these are
* declared external so that we can use these cipher types here
*/
-extern cipher_type_t null_cipher;
-extern cipher_type_t aes_icm;
-#ifndef OPENSSL
-extern cipher_type_t aes_cbc;
-#else
-extern cipher_type_t aes_icm_192;
-extern cipher_type_t aes_icm_256;
-extern cipher_type_t aes_gcm_128_openssl;
-extern cipher_type_t aes_gcm_256_openssl;
+extern srtp_cipher_type_t srtp_null_cipher;
+extern srtp_cipher_type_t srtp_aes_icm_128;
+extern srtp_cipher_type_t srtp_aes_icm_256;
+#ifdef OPENSSL
+extern srtp_cipher_type_t srtp_aes_icm_192;
+extern srtp_cipher_type_t srtp_aes_gcm_128_openssl;
+extern srtp_cipher_type_t srtp_aes_gcm_256_openssl;
#endif
int
main(int argc, char *argv[]) {
- cipher_t *c = NULL;
- err_status_t status;
+ srtp_cipher_t *c = NULL;
+ srtp_err_status_t status;
unsigned char test_key[48] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
/* process input arguments */
while (1) {
- q = getopt(argc, argv, "tva");
+ q = getopt_s(argc, argv, "tva");
if (q == -1)
break;
switch (q) {
usage(argv[0]);
}
}
-
+
printf("cipher test driver\n"
"David A. McGrew\n"
"Cisco Systems, Inc.\n");
int num_cipher;
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&null_cipher, 0, num_cipher);
+ cipher_driver_test_array_throughput(&srtp_null_cipher, 0, num_cipher);
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&aes_icm, 30, num_cipher);
+ cipher_driver_test_array_throughput(&srtp_aes_icm_128, SRTP_AES_ICM_128_KEY_LEN_WSALT, num_cipher);
-#ifndef OPENSSL
- for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&aes_icm, 46, num_cipher);
-
- for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&aes_cbc, 16, num_cipher);
-
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&aes_cbc, 32, num_cipher);
-#else
- for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&aes_icm_192, 38, num_cipher);
+ cipher_driver_test_array_throughput(&srtp_aes_icm_256, SRTP_AES_ICM_256_KEY_LEN_WSALT, num_cipher);
+#ifdef OPENSSL
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&aes_icm_256, 46, num_cipher);
+ cipher_driver_test_array_throughput(&srtp_aes_icm_192, SRTP_AES_ICM_192_KEY_LEN_WSALT, num_cipher);
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) {
- cipher_driver_test_array_throughput(&aes_gcm_128_openssl, AES_128_GCM_KEYSIZE_WSALT, num_cipher);
+ cipher_driver_test_array_throughput(&srtp_aes_gcm_128_openssl, SRTP_AES_GCM_128_KEY_LEN_WSALT, num_cipher);
}
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) {
- cipher_driver_test_array_throughput(&aes_gcm_256_openssl, AES_256_GCM_KEYSIZE_WSALT, num_cipher);
+ cipher_driver_test_array_throughput(&srtp_aes_gcm_256_openssl, SRTP_AES_GCM_256_KEY_LEN_WSALT, num_cipher);
}
#endif
}
if (do_validation) {
- cipher_driver_self_test(&null_cipher);
- cipher_driver_self_test(&aes_icm);
-#ifndef OPENSSL
- cipher_driver_self_test(&aes_cbc);
-#else
- cipher_driver_self_test(&aes_icm_192);
- cipher_driver_self_test(&aes_icm_256);
- cipher_driver_self_test(&aes_gcm_128_openssl);
- cipher_driver_self_test(&aes_gcm_256_openssl);
+ cipher_driver_self_test(&srtp_null_cipher);
+ cipher_driver_self_test(&srtp_aes_icm_128);
+ cipher_driver_self_test(&srtp_aes_icm_256);
+#ifdef OPENSSL
+ cipher_driver_self_test(&srtp_aes_icm_192);
+ cipher_driver_self_test(&srtp_aes_gcm_128_openssl);
+ cipher_driver_self_test(&srtp_aes_gcm_256_openssl);
#endif
}
- /* do timing and/or buffer_test on null_cipher */
- status = cipher_type_alloc(&null_cipher, &c, 0, 0);
+ /* do timing and/or buffer_test on srtp_null_cipher */
+ status = srtp_cipher_type_alloc(&srtp_null_cipher, &c, 0, 0);
check_status(status);
- status = cipher_init(c, NULL);
+ status = srtp_cipher_init(c, NULL);
check_status(status);
if (do_timing_test)
status = cipher_driver_test_buffering(c);
check_status(status);
}
- status = cipher_dealloc(c);
+ status = srtp_cipher_dealloc(c);
check_status(status);
/* run the throughput test on the aes_icm cipher (128-bit key) */
- status = cipher_type_alloc(&aes_icm, &c, 30, 0);
+ status = srtp_cipher_type_alloc(&srtp_aes_icm_128, &c, SRTP_AES_ICM_128_KEY_LEN_WSALT, 0);
if (status) {
fprintf(stderr, "error: can't allocate cipher\n");
exit(status);
}
- status = cipher_init(c, test_key);
+ status = srtp_cipher_init(c, test_key);
check_status(status);
if (do_timing_test)
check_status(status);
}
- status = cipher_dealloc(c);
+ status = srtp_cipher_dealloc(c);
check_status(status);
/* repeat the tests with 256-bit keys */
-#ifndef OPENSSL
- status = cipher_type_alloc(&aes_icm, &c, 46, 0);
-#else
- status = cipher_type_alloc(&aes_icm_256, &c, 46, 0);
-#endif
+ status = srtp_cipher_type_alloc(&srtp_aes_icm_256, &c, SRTP_AES_ICM_256_KEY_LEN_WSALT, 0);
if (status) {
fprintf(stderr, "error: can't allocate cipher\n");
exit(status);
}
- status = cipher_init(c, test_key);
+ status = srtp_cipher_init(c, test_key);
check_status(status);
if (do_timing_test)
check_status(status);
}
- status = cipher_dealloc(c);
+ status = srtp_cipher_dealloc(c);
check_status(status);
#ifdef OPENSSL
/* run the throughput test on the aes_gcm_128_openssl cipher */
- status = cipher_type_alloc(&aes_gcm_128_openssl, &c, AES_128_GCM_KEYSIZE_WSALT, 8);
+ status = srtp_cipher_type_alloc(&srtp_aes_gcm_128_openssl, &c, SRTP_AES_GCM_128_KEY_LEN_WSALT, 8);
if (status) {
fprintf(stderr, "error: can't allocate GCM 128 cipher\n");
exit(status);
}
- status = cipher_init(c, test_key);
+ status = srtp_cipher_init(c, test_key);
check_status(status);
if (do_timing_test) {
cipher_driver_test_throughput(c);
status = cipher_driver_test_buffering(c);
check_status(status);
}
- status = cipher_dealloc(c);
+ status = srtp_cipher_dealloc(c);
check_status(status);
/* run the throughput test on the aes_gcm_256_openssl cipher */
- status = cipher_type_alloc(&aes_gcm_256_openssl, &c, AES_256_GCM_KEYSIZE_WSALT, 16);
+ status = srtp_cipher_type_alloc(&srtp_aes_gcm_256_openssl, &c, SRTP_AES_GCM_256_KEY_LEN_WSALT, 16);
if (status) {
fprintf(stderr, "error: can't allocate GCM 256 cipher\n");
exit(status);
}
- status = cipher_init(c, test_key);
+ status = srtp_cipher_init(c, test_key);
check_status(status);
if (do_timing_test) {
cipher_driver_test_throughput(c);
status = cipher_driver_test_buffering(c);
check_status(status);
}
- status = cipher_dealloc(c);
+ status = srtp_cipher_dealloc(c);
check_status(status);
#endif
}
void
-cipher_driver_test_throughput(cipher_t *c) {
+cipher_driver_test_throughput(srtp_cipher_t *c) {
int i;
int min_enc_len = 32;
int max_enc_len = 2048; /* should be a power of two */
fflush(stdout);
for (i=min_enc_len; i <= max_enc_len; i = i * 2)
printf("msg len: %d\tgigabits per second: %f\n",
- i, cipher_bits_per_second(c, i, num_trials) / 1e9);
+ i, srtp_cipher_bits_per_second(c, i, num_trials) / 1e9);
}
-err_status_t
-cipher_driver_self_test(cipher_type_t *ct) {
- err_status_t status;
+srtp_err_status_t
+cipher_driver_self_test(srtp_cipher_type_t *ct) {
+ srtp_err_status_t status;
printf("running cipher self-test for %s...", ct->description);
- status = cipher_type_self_test(ct);
+ status = srtp_cipher_type_self_test(ct);
if (status) {
printf("failed with error code %d\n", status);
exit(status);
}
printf("passed\n");
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
* calls
*/
-err_status_t
-cipher_driver_test_buffering(cipher_t *c) {
+#define INITIAL_BUFLEN 1024
+srtp_err_status_t
+cipher_driver_test_buffering(srtp_cipher_t *c) {
int i, j, num_trials = 1000;
- unsigned len, buflen = 1024;
- uint8_t buffer0[buflen], buffer1[buflen], *current, *end;
+ unsigned len, buflen = INITIAL_BUFLEN;
+ uint8_t buffer0[INITIAL_BUFLEN], buffer1[INITIAL_BUFLEN], *current, *end;
uint8_t idx[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x34
};
- err_status_t status;
+ srtp_err_status_t status;
printf("testing output buffering for cipher %s...",
c->type->description);
for (i=0; i < num_trials; i++) {
/* set buffers to zero */
- for (j=0; j < buflen; j++)
+ for (j=0; j < (int) buflen; j++) {
buffer0[j] = buffer1[j] = 0;
+ }
/* initialize cipher */
- status = cipher_set_iv(c, idx, direction_encrypt);
+ status = srtp_cipher_set_iv(c, (uint8_t*)idx, srtp_direction_encrypt);
if (status)
return status;
/* generate 'reference' value by encrypting all at once */
- status = cipher_encrypt(c, buffer0, &buflen);
+ status = srtp_cipher_encrypt(c, buffer0, &buflen);
if (status)
return status;
/* re-initialize cipher */
- status = cipher_set_iv(c, idx, direction_encrypt);
+ status = srtp_cipher_set_iv(c, (uint8_t*)idx, srtp_direction_encrypt);
if (status)
return status;
if (current + len > end)
len = end - current;
- status = cipher_encrypt(c, current, &len);
+ status = srtp_cipher_encrypt(c, current, &len);
if (status)
return status;
}
/* compare buffers */
- for (j=0; j < buflen; j++)
+ for (j=0; j < (int) buflen; j++) {
if (buffer0[j] != buffer1[j]) {
#if PRINT_DEBUG
printf("test case %d failed at byte %d\n", i, j);
printf("computed: %s\n", octet_string_hex_string(buffer1, buflen));
printf("expected: %s\n", octet_string_hex_string(buffer0, buflen));
#endif
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
+ }
}
printf("passed\n");
- return err_status_ok;
+ return srtp_err_status_ok;
}
* cache thrash on cipher throughput.
*
* cipher_array_alloc_init(ctype, array, num_ciphers) creates an array
- * of cipher_t of type ctype
+ * of srtp_cipher_t of type ctype
*/
-err_status_t
-cipher_array_alloc_init(cipher_t ***ca, int num_ciphers,
- cipher_type_t *ctype, int klen) {
+srtp_err_status_t
+cipher_array_alloc_init(srtp_cipher_t ***ca, int num_ciphers,
+ srtp_cipher_type_t *ctype, int klen) {
int i, j;
- err_status_t status;
+ srtp_err_status_t status;
uint8_t *key;
- cipher_t **cipher_array;
+ srtp_cipher_t **cipher_array;
/* pad klen allocation, to handle aes_icm reading 16 bytes for the
14-byte salt */
int klen_pad = ((klen + 15) >> 4) << 4;
/* allocate array of pointers to ciphers */
- cipher_array = (cipher_t **) malloc(sizeof(cipher_t *) * num_ciphers);
+ cipher_array = (srtp_cipher_t **) malloc(sizeof(srtp_cipher_t *) * num_ciphers);
if (cipher_array == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
/* set ca to location of cipher_array */
*ca = cipher_array;
/* allocate key */
- key = crypto_alloc(klen_pad);
+ key = srtp_crypto_alloc(klen_pad);
if (key == NULL) {
free(cipher_array);
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
}
/* allocate and initialize an array of ciphers */
for (i=0; i < num_ciphers; i++) {
/* allocate cipher */
- status = cipher_type_alloc(ctype, cipher_array, klen, 16);
+ status = srtp_cipher_type_alloc(ctype, cipher_array, klen, 16);
if (status)
return status;
key[j] = (uint8_t) rand();
for (; j < klen_pad; j++)
key[j] = 0;
- status = cipher_init(*cipher_array, key);
+ status = srtp_cipher_init(*cipher_array, key);
if (status)
return status;
cipher_array++;
}
- crypto_free(key);
+ srtp_crypto_free(key);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-cipher_array_delete(cipher_t *cipher_array[], int num_cipher) {
+srtp_err_status_t
+cipher_array_delete(srtp_cipher_t *cipher_array[], int num_cipher) {
int i;
for (i=0; i < num_cipher; i++) {
- cipher_dealloc(cipher_array[i]);
+ srtp_cipher_dealloc(cipher_array[i]);
}
free(cipher_array);
- return err_status_ok;
+ return srtp_err_status_ok;
}
*/
uint64_t
-cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
+cipher_array_bits_per_second(srtp_cipher_t *cipher_array[], int num_cipher,
unsigned octets_in_buffer, int num_trials) {
int i;
v128_t nonce;
int cipher_index = rand() % num_cipher;
/* Over-alloc, for NIST CBC padding */
- enc_buf = crypto_alloc(octets_in_buffer+17);
+ enc_buf = srtp_crypto_alloc(octets_in_buffer+17);
if (enc_buf == NULL)
return 0; /* indicate bad parameters by returning null */
memset(enc_buf, 0, octets_in_buffer);
v128_set_to_zero(&nonce);
timer = clock();
for(i=0; i < num_trials; i++, nonce.v32[3] = i) {
- /* length parameter to cipher_encrypt is in/out -- out is total, padded
+ /* length parameter to srtp_cipher_encrypt is in/out -- out is total, padded
* length -- so reset it each time. */
unsigned octets_to_encrypt = octets_in_buffer;
/* encrypt buffer with cipher */
- cipher_set_iv(cipher_array[cipher_index], &nonce, direction_encrypt);
- cipher_encrypt(cipher_array[cipher_index], enc_buf, &octets_to_encrypt);
+ srtp_cipher_set_iv(cipher_array[cipher_index], (uint8_t*)&nonce, srtp_direction_encrypt);
+ srtp_cipher_encrypt(cipher_array[cipher_index], enc_buf, &octets_to_encrypt);
/* choose a cipher at random from the array*/
cipher_index = (*((uint32_t *)enc_buf)) % num_cipher;
}
void
-cipher_array_test_throughput(cipher_t *ca[], int num_cipher) {
+cipher_array_test_throughput(srtp_cipher_t *ca[], int num_cipher) {
int i;
int min_enc_len = 16;
int max_enc_len = 2048; /* should be a power of two */
}
-err_status_t
-cipher_driver_test_array_throughput(cipher_type_t *ct,
+srtp_err_status_t
+cipher_driver_test_array_throughput(srtp_cipher_type_t *ct,
int klen, int num_cipher) {
- cipher_t **ca = NULL;
- err_status_t status;
+ srtp_cipher_t **ca = NULL;
+ srtp_err_status_t status;
status = cipher_array_alloc_init(&ca, num_cipher, ct, klen);
if (status) {
cipher_array_delete(ca, num_cipher);
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h> /* for printf() */
#include <string.h> /* for strlen() */
#include "datatypes.h"
+#include "util.h"
void
byte_order(void);
void
print_string(char *s) {
- int i;
+ size_t i;
printf("%s\n", s);
printf("strlen(s) = %u\n", (unsigned)strlen(s));
printf("{ ");
uint32_t x = 0x11223344;
uint64_t y = 0x1122334455667788LL;
- printf("before: %0x\nafter: %0x\n", x, be32_to_cpu(x));
+ printf("before: %0x\nafter: %0x\n", x, (unsigned int)be32_to_cpu(x));
printf("before: %0llx\nafter: %0llx\n", (unsigned long long)y,
(unsigned long long)be64_to_cpu(y));
*/
/*
*
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
int
main(void) {
int err_count = 0;
- char *str;
#ifdef WORDS_BIGENDIAN
printf("CPU set to big-endian\t\t\t(WORDS_BIGENDIAN == 1)\n");
printf("using stdout for error reporting\t(ERR_REPORTING_STDOUT == 1)\n");
#endif
-#ifndef OPENSSL
-#ifdef DEV_URANDOM
- str = DEV_URANDOM;
-#else
- str = "";
-#endif
- printf("using %s as a random source\t(DEV_URANDOM == %s)\n",
- str, str);
- if (strcmp("", str) == 0) {
- err_count++;
- }
-#endif
-
if (err_count)
printf("warning: configuration is probably in error "
"(found %d problems)\n", err_count);
*/
/*
*
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h> /* for printf() */
-#include <unistd.h> /* for getopt() */
+#include "getopt_s.h"
#include "crypto_kernel.h"
void
int
main (int argc, char *argv[]) {
- extern char *optarg;
int q;
int do_validation = 0;
- err_status_t status;
+ srtp_err_status_t status;
if (argc == 1)
usage(argv[0]);
/* initialize kernel - we need to do this before anything else */
- status = crypto_kernel_init();
+ status = srtp_crypto_kernel_init();
if (status) {
- printf("error: crypto_kernel init failed\n");
+ printf("error: srtp_crypto_kernel init failed\n");
exit(1);
}
- printf("crypto_kernel successfully initalized\n");
+ printf("srtp_crypto_kernel successfully initalized\n");
/* process input arguments */
while (1) {
- q = getopt(argc, argv, "vd:");
+ q = getopt_s(argc, argv, "vd:");
if (q == -1)
break;
switch (q) {
do_validation = 1;
break;
case 'd':
- status = crypto_kernel_set_debug_module(optarg, 1);
+ status = srtp_crypto_kernel_set_debug_module(optarg_s, 1);
if (status) {
- printf("error: set debug module (%s) failed\n", optarg);
+ printf("error: set debug module (%s) failed\n", optarg_s);
exit(1);
}
break;
}
if (do_validation) {
- printf("checking crypto_kernel status...\n");
- status = crypto_kernel_status();
+ printf("checking srtp_crypto_kernel status...\n");
+ status = srtp_crypto_kernel_status();
if (status) {
printf("failed\n");
exit(1);
}
- printf("crypto_kernel passed self-tests\n");
+ printf("srtp_crypto_kernel passed self-tests\n");
}
- status = crypto_kernel_shutdown();
+ status = srtp_crypto_kernel_shutdown();
if (status) {
- printf("error: crypto_kernel shutdown failed\n");
+ printf("error: srtp_crypto_kernel shutdown failed\n");
exit(1);
}
- printf("crypto_kernel successfully shut down\n");
+ printf("srtp_crypto_kernel successfully shut down\n");
return 0;
}
* of the crypto_kernel
*/
-err_status_t
+srtp_err_status_t
crypto_kernel_cipher_test(void) {
/* not implemented yet! */
- return err_status_ok;
+ return srtp_err_status_ok;
}
+++ /dev/null
-/*
- * rand_gen.c
- *
- * a random source (random number generator)
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include <stdio.h> /* for printf() */
-#include <unistd.h> /* for getopt() */
-#include "crypto_kernel.h"
-
-/*
- * MAX_PRINT_STRING_LEN is defined in datatypes.h, and is the length
- * of the largest hexadecimal string that can be generated by the
- * function octet_string_hex_string().
- */
-
-#define BUF_LEN (MAX_PRINT_STRING_LEN/2)
-
-void
-usage(char *prog_name) {
- printf("usage: %s -n <num_bytes> [-l][ -d debug_module ]*\n"
- " -n <num> output <num> random bytes, where <num>"
- " is between zero and %d\n"
- " -l list the avaliable debug modules\n"
- " -d <mod> turn on debugging module <mod>\n",
- prog_name, BUF_LEN);
- exit(255);
-}
-
-int
-main (int argc, char *argv[]) {
- extern char *optarg;
- int q;
- int num_octets = 0;
- unsigned do_list_mods = 0;
- err_status_t status;
-
- if (argc == 1)
- usage(argv[0]);
-
- /* initialize kernel - we need to do this before anything else */
- status = crypto_kernel_init();
- if (status) {
- printf("error: crypto_kernel init failed\n");
- exit(1);
- }
-
- /* process input arguments */
- while (1) {
- q = getopt(argc, argv, "ld:n:");
- if (q == -1)
- break;
- switch (q) {
- case 'd':
- status = crypto_kernel_set_debug_module(optarg, 1);
- if (status) {
- printf("error: set debug module (%s) failed\n", optarg);
- exit(1);
- }
- break;
- case 'l':
- do_list_mods = 1;
- break;
- case 'n':
- num_octets = atoi(optarg);
- if (num_octets < 0 || num_octets > BUF_LEN)
- usage(argv[0]);
- break;
- default:
- usage(argv[0]);
- }
- }
-
- if (do_list_mods) {
- status = crypto_kernel_list_debug_modules();
- if (status) {
- printf("error: list of debug modules failed\n");
- exit(1);
- }
- }
-
- if (num_octets > 0) {
- uint8_t buffer[BUF_LEN];
-
- status = crypto_get_random(buffer, num_octets);
- if (status) {
- printf("error: failure in random source\n");
- } else {
- printf("%s\n", octet_string_hex_string(buffer, num_octets));
- }
- }
-
- status = crypto_kernel_shutdown();
- if (status) {
- printf("error: crypto_kernel shutdown failed\n");
- exit(1);
- }
-
- return 0;
-}
-
+++ /dev/null
-/*
- * Soak test the RNG for exhaustion failures
- */
-#include <stdio.h> /* for printf() */
-#include <unistd.h> /* for getopt() */
-#include "crypto_kernel.h"
-
-#define BUF_LEN (MAX_PRINT_STRING_LEN/2)
-
-int main(int argc, char *argv[])
-{
- int q;
- extern char *optarg;
- int num_octets = 0;
- err_status_t status;
- uint32_t iterations = 0;
- int print_values = 0;
-
- if (argc == 1) {
- exit(255);
- }
-
- status = crypto_kernel_init();
- if (status) {
- printf("error: crypto_kernel init failed\n");
- exit(1);
- }
-
- while (1) {
- q = getopt(argc, argv, "pvn:");
- if (q == -1) {
- break;
- }
- switch (q) {
- case 'p':
- print_values = 1;
- break;
- case 'n':
- num_octets = atoi(optarg);
- if (num_octets < 0 || num_octets > BUF_LEN) {
- exit(255);
- }
- break;
- case 'v':
- num_octets = 30;
- print_values = 0;
- break;
- default:
- exit(255);
- }
- }
-
- if (num_octets > 0) {
- while (iterations < 300000) {
- uint8_t buffer[BUF_LEN];
-
- status = crypto_get_random(buffer, num_octets);
- if (status) {
- printf("iteration %d error: failure in random source\n", iterations);
- exit(255);
- } else if (print_values) {
- printf("%s\n", octet_string_hex_string(buffer, num_octets));
- }
- iterations++;
- }
- }
-
- status = crypto_kernel_shutdown();
- if (status) {
- printf("error: crypto_kernel shutdown failed\n");
- exit(1);
- }
-
- return 0;
-}
-
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h>
+#include <string.h>
#include "sha1.h"
+#include "util.h"
#define SHA_PASS 0
#define SHA_FAIL 1
hash_test_case_t *sha1_test_case_list;
-err_status_t
+srtp_err_status_t
hash_test_case_add(hash_test_case_t **list_ptr,
char *hex_data,
unsigned data_len,
test_case = malloc(sizeof(hash_test_case_t));
if (test_case == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
tmp_len = hex_string_to_octet_string((char *)test_case->data, hex_data, data_len*2);
- if (tmp_len != data_len*2)
- return err_status_parse_err;
+ if (tmp_len != data_len*2) {
+ free(test_case);
+ return srtp_err_status_parse_err;
+ }
tmp_len = hex_string_to_octet_string((char *)test_case->hash, hex_hash, hash_len*2);
- if (tmp_len != hash_len*2)
- return err_status_parse_err;
+ if (tmp_len != hash_len*2) {
+ free(test_case);
+ return srtp_err_status_parse_err;
+ }
test_case->data_len = data_len;
test_case->hash_len = hash_len;
test_case->next_test_case = list_head;
*list_ptr = test_case;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
sha1_test_case_validate(const hash_test_case_t *test_case) {
- sha1_ctx_t ctx;
+ srtp_sha1_ctx_t ctx;
uint32_t hash_value[5];
if (test_case == NULL)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
if (test_case->hash_len != 20)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
if (test_case->data_len > MAX_HASH_DATA_LEN)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
- sha1_init(&ctx);
- sha1_update(&ctx, test_case->data, test_case->data_len);
- sha1_final(&ctx, hash_value);
+ srtp_sha1_init(&ctx);
+ srtp_sha1_update(&ctx, test_case->data, test_case->data_len);
+ srtp_sha1_final(&ctx, hash_value);
if (0 == memcmp(test_case->hash, hash_value, 20)) {
#if VERBOSE
printf("PASSED: reference value: %s\n",
printf("PASSED: computed value: %s\n",
octet_string_hex_string((const uint8_t *)hash_value, 20));
#endif
- return err_status_ok;
+ return srtp_err_status_ok;
}
printf("reference value: %s\n",
printf("computed value: %s\n",
octet_string_hex_string((const uint8_t *)hash_value, 20));
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
char hex_hash[40];
};
-err_status_t
+srtp_err_status_t
sha1_add_test_cases(void) {
int i;
- err_status_t err;
+ srtp_err_status_t err;
/*
* these test cases are taken from the "SHA-1 Sample Vectors"
}
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
sha1_dealloc_test_cases(void) {
hash_test_case_t *t, *next;
sha1_test_case_list = NULL;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
sha1_validate(void) {
hash_test_case_t *test_case;
- err_status_t err;
+ srtp_err_status_t err;
err = sha1_add_test_cases();
if (err) {
}
if (sha1_test_case_list == NULL)
- return err_status_cant_check;
+ return srtp_err_status_cant_check;
test_case = sha1_test_case_list;
while (test_case != NULL) {
sha1_dealloc_test_cases();
- return err_status_ok;
+ return srtp_err_status_ok;
}
int
main (void) {
- err_status_t err;
+ srtp_err_status_t err;
printf("sha1 test driver\n");
* Cisco Systems, Inc.
*/
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
#include <stdio.h> /* for printf() */
void *state;
} random_source_t;
-err_status_t
+srtp_err_status_t
random_source_alloc(void);
void
-err_check(err_status_t s) {
+err_check(srtp_err_status_t s) {
if (s) {
printf("error (code %d)\n", s);
exit(1);
uint8_t buffer[2532];
unsigned int buf_len = 2500;
int i, j;
- extern cipher_type_t aes_icm;
+ extern srtp_cipher_type_t srtp_aes_icm_128;
+ extern srtp_cipher_type_t srtp_aes_icm_256;
#ifdef OPENSSL
- extern cipher_type_t aes_gcm_128_openssl;
- extern cipher_type_t aes_gcm_256_openssl;
+ extern srtp_cipher_type_t srtp_aes_gcm_128_openssl;
+ extern srtp_cipher_type_t srtp_aes_gcm_256_openssl;
#endif
- cipher_t *c;
+ srtp_cipher_t *c;
uint8_t key[46] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
/* set buffer to cipher output */
for (i=0; i < 2500; i++)
buffer[i] = 0;
- err_check(cipher_type_alloc(&aes_icm, &c, 30, 0));
- err_check(cipher_init(c, key));
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_type_alloc(&srtp_aes_icm_128, &c, SRTP_AES_ICM_128_KEY_LEN_WSALT, 0));
+ err_check(srtp_cipher_init(c, key));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
/* run tests on cipher outout */
printf("monobit %d\n", stat_test_monobit(buffer));
printf("poker %d\n", stat_test_poker(buffer));
for (i=0; i < 2500; i++)
buffer[i] = 0;
nonce.v32[3] = i;
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
if (stat_test_runs(buffer)) {
num_fail++;
}
printf("(nota bene: a small fraction of stat_test failures does not \n"
"indicate that the random source is invalid)\n");
- err_check(cipher_dealloc(c));
+ err_check(srtp_cipher_dealloc(c));
printf("running stat_tests on AES-256-ICM, expecting success\n");
/* set buffer to cipher output */
for (i=0; i < 2500; i++)
buffer[i] = 0;
- err_check(cipher_type_alloc(&aes_icm, &c, 46, 0));
- err_check(cipher_init(c, key));
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_type_alloc(&srtp_aes_icm_256, &c, SRTP_AES_ICM_256_KEY_LEN_WSALT, 0));
+ err_check(srtp_cipher_init(c, key));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
/* run tests on cipher outout */
printf("monobit %d\n", stat_test_monobit(buffer));
printf("poker %d\n", stat_test_poker(buffer));
for (i=0; i < 2500; i++)
buffer[i] = 0;
nonce.v32[3] = i;
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
if (stat_test_runs(buffer)) {
num_fail++;
}
for (i=0; i < 2500; i++) {
buffer[i] = 0;
}
- err_check(cipher_type_alloc(&aes_gcm_128_openssl, &c, AES_128_GCM_KEYSIZE_WSALT, 8));
- err_check(cipher_init(c, key));
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_type_alloc(&srtp_aes_gcm_128_openssl, &c, SRTP_AES_GCM_128_KEY_LEN_WSALT, 8));
+ err_check(srtp_cipher_init(c, key));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
/* run tests on cipher outout */
printf("monobit %d\n", stat_test_monobit(buffer));
printf("poker %d\n", stat_test_poker(buffer));
buffer[i] = 0;
}
nonce.v32[3] = i;
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
buf_len = 2500;
if (stat_test_runs(buffer)) {
num_fail++;
for (i=0; i < 2500; i++) {
buffer[i] = 0;
}
- err_check(cipher_type_alloc(&aes_gcm_256_openssl, &c, AES_256_GCM_KEYSIZE_WSALT, 16));
- err_check(cipher_init(c, key));
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_type_alloc(&srtp_aes_gcm_256_openssl, &c, SRTP_AES_GCM_256_KEY_LEN_WSALT, 16));
+ err_check(srtp_cipher_init(c, key));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
/* run tests on cipher outout */
printf("monobit %d\n", stat_test_monobit(buffer));
printf("poker %d\n", stat_test_poker(buffer));
buffer[i] = 0;
}
nonce.v32[3] = i;
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
buf_len = 2500;
if (stat_test_runs(buffer)) {
num_fail++;
printf("(nota bene: a small fraction of stat_test failures does not \n"
"indicate that the random source is invalid)\n");
- err_check(cipher_dealloc(c));
+ err_check(srtp_cipher_dealloc(c));
return 0;
}
+++ /dev/null
-# Doxyfile 1.3-rc3
-
-# This file describes the settings to be used by the documentation system
-# doxygen (www.doxygen.org) for a project
-#
-# All text after a hash (#) is considered a comment and will be ignored
-# The format is:
-# TAG = value [value, ...]
-# For lists items can also be appended using:
-# TAG += value [value, ...]
-# Values that contain spaces should be placed between quotes (" ")
-
-#---------------------------------------------------------------------------
-# General configuration options
-#---------------------------------------------------------------------------
-
-# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
-# by quotes) that should identify the project.
-
-PROJECT_NAME = libSRTP
-
-# The PROJECT_NUMBER tag can be used to enter a project or revision number.
-# This could be handy for archiving the generated documentation or
-# if some version control system is used.
-
-PROJECT_NUMBER = 1.3.22
-
-# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
-# base path where the generated documentation will be put.
-# If a relative path is entered, it will be relative to the location
-# where doxygen was started. If left blank the current directory will be used.
-
-OUTPUT_DIRECTORY =
-
-# The OUTPUT_LANGUAGE tag is used to specify the language in which all
-# documentation generated by doxygen is written. Doxygen will use this
-# information to generate all constant output in the proper language.
-# The default language is English, other supported languages are:
-# Brazilian, Catalan, Chinese, Chinese-Traditional, Croatian, Czech, Danish, Dutch,
-# Finnish, French, German, Greek, Hungarian, Italian, Japanese, Japanese-en
-# (Japanese with english messages), Korean, Norwegian, Polish, Portuguese,
-# Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish and Ukrainian.
-
-OUTPUT_LANGUAGE = English
-
-# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
-# documentation are documented, even if no documentation was available.
-# Private class members and static file members will be hidden unless
-# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
-
-EXTRACT_ALL = NO
-
-# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
-# will be included in the documentation.
-
-EXTRACT_PRIVATE = NO
-
-# If the EXTRACT_STATIC tag is set to YES all static members of a file
-# will be included in the documentation.
-
-EXTRACT_STATIC = NO
-
-# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
-# defined locally in source files will be included in the documentation.
-# If set to NO only classes defined in header files are included.
-
-EXTRACT_LOCAL_CLASSES = YES
-
-# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
-# undocumented members of documented classes, files or namespaces.
-# If set to NO (the default) these members will be included in the
-# various overviews, but no documentation section is generated.
-# This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_MEMBERS = YES
-
-# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
-# undocumented classes that are normally visible in the class hierarchy.
-# If set to NO (the default) these class will be included in the various
-# overviews. This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_CLASSES = NO
-
-# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
-# friend (class|struct|union) declarations.
-# If set to NO (the default) these declarations will be included in the
-# documentation.
-
-HIDE_FRIEND_COMPOUNDS = NO
-
-# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
-# documentation blocks found inside the body of a function.
-# If set to NO (the default) these blocks will be appended to the
-# function's detailed documentation block.
-
-HIDE_IN_BODY_DOCS = NO
-
-# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
-# include brief member descriptions after the members that are listed in
-# the file and class documentation (similar to JavaDoc).
-# Set to NO to disable this.
-
-BRIEF_MEMBER_DESC = YES
-
-# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
-# the brief description of a member or function before the detailed description.
-# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
-# brief descriptions will be completely suppressed.
-
-REPEAT_BRIEF = NO
-
-# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
-# Doxygen will generate a detailed section even if there is only a brief
-# description.
-
-ALWAYS_DETAILED_SEC = NO
-
-# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show
-# all inherited members of a class in the documentation of that class
-# as if those members were ordinary class members. Constructors,
-# destructors and assignment operators of the base classes will not be
-# shown.
-
-INLINE_INHERITED_MEMB = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
-# path before files name in the file list and in the header files. If set
-# to NO the shortest path that makes the file name unique will be used.
-
-FULL_PATH_NAMES = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
-# can be used to strip a user defined part of the path. Stripping is
-# only done if one of the specified strings matches the left-hand part of
-# the path. It is allowed to use relative paths in the argument list.
-
-STRIP_FROM_PATH =
-
-# The INTERNAL_DOCS tag determines if documentation
-# that is typed after a \internal command is included. If the tag is set
-# to NO (the default) then the documentation will be excluded.
-# Set it to YES to include the internal documentation.
-
-INTERNAL_DOCS = NO
-
-# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
-# file names in lower case letters. If set to YES upper case letters are also
-# allowed. This is useful if you have classes or files whose names only differ
-# in case and if your file system supports case sensitive file names. Windows
-# users are adviced to set this option to NO.
-
-CASE_SENSE_NAMES = YES
-
-# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
-# (but less readable) file names. This can be useful is your file systems
-# doesn't support long names like on DOS, Mac, or CD-ROM.
-
-SHORT_NAMES = NO
-
-# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
-# will show members with their full class and namespace scopes in the
-# documentation. If set to YES the scope will be hidden.
-
-HIDE_SCOPE_NAMES = NO
-
-# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
-# will generate a verbatim copy of the header file for each class for
-# which an include is specified. Set to NO to disable this.
-
-VERBATIM_HEADERS = YES
-
-# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
-# will put list of the files that are included by a file in the documentation
-# of that file.
-
-SHOW_INCLUDE_FILES = NO
-
-# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
-# will interpret the first line (until the first dot) of a JavaDoc-style
-# comment as the brief description. If set to NO, the JavaDoc
-# comments will behave just like the Qt-style comments (thus requiring an
-# explict @brief command for a brief description.
-
-JAVADOC_AUTOBRIEF = NO
-
-# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
-# treat a multi-line C++ special comment block (i.e. a block of //! or ///
-# comments) as a brief description. This used to be the default behaviour.
-# The new default is to treat a multi-line C++ comment block as a detailed
-# description. Set this tag to YES if you prefer the old behaviour instead.
-
-MULTILINE_CPP_IS_BRIEF = NO
-
-# If the DETAILS_AT_TOP tag is set to YES then Doxygen
-# will output the detailed description near the top, like JavaDoc.
-# If set to NO, the detailed description appears after the member
-# documentation.
-
-DETAILS_AT_TOP = NO
-
-# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
-# member inherits the documentation from any documented member that it
-# reimplements.
-
-INHERIT_DOCS = YES
-
-# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
-# is inserted in the documentation for inline members.
-
-INLINE_INFO = YES
-
-# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
-# will sort the (detailed) documentation of file and class members
-# alphabetically by member name. If set to NO the members will appear in
-# declaration order.
-
-SORT_MEMBER_DOCS = YES
-
-# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
-# tag is set to YES, then doxygen will reuse the documentation of the first
-# member in the group (if any) for the other members of the group. By default
-# all members of a group must be documented explicitly.
-
-DISTRIBUTE_GROUP_DOC = NO
-
-# The TAB_SIZE tag can be used to set the number of spaces in a tab.
-# Doxygen uses this value to replace tabs by spaces in code fragments.
-
-TAB_SIZE = 3
-
-# The GENERATE_TODOLIST tag can be used to enable (YES) or
-# disable (NO) the todo list. This list is created by putting \todo
-# commands in the documentation.
-
-GENERATE_TODOLIST = YES
-
-# The GENERATE_TESTLIST tag can be used to enable (YES) or
-# disable (NO) the test list. This list is created by putting \test
-# commands in the documentation.
-
-GENERATE_TESTLIST = YES
-
-# The GENERATE_BUGLIST tag can be used to enable (YES) or
-# disable (NO) the bug list. This list is created by putting \bug
-# commands in the documentation.
-
-GENERATE_BUGLIST = YES
-
-# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
-# disable (NO) the deprecated list. This list is created by putting
-# \deprecated commands in the documentation.
-
-GENERATE_DEPRECATEDLIST= YES
-
-# This tag can be used to specify a number of aliases that acts
-# as commands in the documentation. An alias has the form "name=value".
-# For example adding "sideeffect=\par Side Effects:\n" will allow you to
-# put the command \sideeffect (or @sideeffect) in the documentation, which
-# will result in a user defined paragraph with heading "Side Effects:".
-# You can put \n's in the value part of an alias to insert newlines.
-
-ALIASES =
-
-# The ENABLED_SECTIONS tag can be used to enable conditional
-# documentation sections, marked by \if sectionname ... \endif.
-
-ENABLED_SECTIONS =
-
-# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
-# the initial value of a variable or define consist of for it to appear in
-# the documentation. If the initializer consists of more lines than specified
-# here it will be hidden. Use a value of 0 to hide initializers completely.
-# The appearance of the initializer of individual variables and defines in the
-# documentation can be controlled using \showinitializer or \hideinitializer
-# command in the documentation regardless of this setting.
-
-MAX_INITIALIZER_LINES = 30
-
-# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources
-# only. Doxygen will then generate output that is more tailored for C.
-# For instance some of the names that are used will be different. The list
-# of all members will be omitted, etc.
-
-OPTIMIZE_OUTPUT_FOR_C = YES
-
-# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java sources
-# only. Doxygen will then generate output that is more tailored for Java.
-# For instance namespaces will be presented as packages, qualified scopes
-# will look different, etc.
-
-OPTIMIZE_OUTPUT_JAVA = NO
-
-# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
-# at the bottom of the documentation of classes and structs. If set to YES the
-# list will mention the files that were used to generate the documentation.
-
-SHOW_USED_FILES = YES
-
-#---------------------------------------------------------------------------
-# configuration options related to warning and progress messages
-#---------------------------------------------------------------------------
-
-# The QUIET tag can be used to turn on/off the messages that are generated
-# by doxygen. Possible values are YES and NO. If left blank NO is used.
-
-QUIET = NO
-
-# The WARNINGS tag can be used to turn on/off the warning messages that are
-# generated by doxygen. Possible values are YES and NO. If left blank
-# NO is used.
-
-WARNINGS = YES
-
-# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
-# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
-# automatically be disabled.
-
-WARN_IF_UNDOCUMENTED = YES
-
-# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
-# potential errors in the documentation, such as not documenting some
-# parameters in a documented function, or documenting parameters that
-# don't exist or using markup commands wrongly.
-
-WARN_IF_DOC_ERROR = YES
-
-# The WARN_FORMAT tag determines the format of the warning messages that
-# doxygen can produce. The string should contain the $file, $line, and $text
-# tags, which will be replaced by the file and line number from which the
-# warning originated and the warning text.
-
-WARN_FORMAT = "$file:$line: $text"
-
-# The WARN_LOGFILE tag can be used to specify a file to which warning
-# and error messages should be written. If left blank the output is written
-# to stderr.
-
-WARN_LOGFILE =
-
-#---------------------------------------------------------------------------
-# configuration options related to the input files
-#---------------------------------------------------------------------------
-
-# The INPUT tag can be used to specify the files and/or directories that contain
-# documented source files. You may enter file names like "myfile.cpp" or
-# directories like "/usr/src/myproject". Separate the files or directories
-# with spaces.
-
-INPUT = intro.txt ../include/srtp.h ../crypto/include/crypto_types.h ../crypto/include/err.h ../crypto/include/crypto.h crypto_kernel.txt
-
-# If the value of the INPUT tag contains directories, you can use the
-# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank the following patterns are tested:
-# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx *.hpp
-# *.h++ *.idl *.odl
-
-FILE_PATTERNS =
-
-# The RECURSIVE tag can be used to turn specify whether or not subdirectories
-# should be searched for input files as well. Possible values are YES and NO.
-# If left blank NO is used.
-
-RECURSIVE = NO
-
-# The EXCLUDE tag can be used to specify files and/or directories that should
-# excluded from the INPUT source files. This way you can easily exclude a
-# subdirectory from a directory tree whose root is specified with the INPUT tag.
-
-EXCLUDE =
-
-# The EXCLUDE_SYMLINKS tag can be used select whether or not files or directories
-# that are symbolic links (a Unix filesystem feature) are excluded from the input.
-
-EXCLUDE_SYMLINKS = NO
-
-# If the value of the INPUT tag contains directories, you can use the
-# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
-# certain files from those directories.
-
-EXCLUDE_PATTERNS =
-
-# The EXAMPLE_PATH tag can be used to specify one or more files or
-# directories that contain example code fragments that are included (see
-# the \include command).
-
-EXAMPLE_PATH =
-
-# If the value of the EXAMPLE_PATH tag contains directories, you can use the
-# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank all files are included.
-
-EXAMPLE_PATTERNS =
-
-# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
-# searched for input files to be used with the \include or \dontinclude
-# commands irrespective of the value of the RECURSIVE tag.
-# Possible values are YES and NO. If left blank NO is used.
-
-EXAMPLE_RECURSIVE = NO
-
-# The IMAGE_PATH tag can be used to specify one or more files or
-# directories that contain image that are included in the documentation (see
-# the \image command).
-
-IMAGE_PATH =
-
-# The INPUT_FILTER tag can be used to specify a program that doxygen should
-# invoke to filter for each input file. Doxygen will invoke the filter program
-# by executing (via popen()) the command <filter> <input-file>, where <filter>
-# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
-# input file. Doxygen will then use the output that the filter program writes
-# to standard output.
-
-INPUT_FILTER =
-
-# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
-# INPUT_FILTER) will be used to filter the input files when producing source
-# files to browse (i.e. when SOURCE_BROWSER is set to YES).
-
-FILTER_SOURCE_FILES = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to source browsing
-#---------------------------------------------------------------------------
-
-# If the SOURCE_BROWSER tag is set to YES then a list of source files will
-# be generated. Documented entities will be cross-referenced with these sources.
-
-SOURCE_BROWSER = NO
-
-# Setting the INLINE_SOURCES tag to YES will include the body
-# of functions and classes directly in the documentation.
-
-INLINE_SOURCES = NO
-
-# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
-# doxygen to hide any special comment blocks from generated source code
-# fragments. Normal C and C++ comments will always remain visible.
-
-STRIP_CODE_COMMENTS = YES
-
-# If the REFERENCED_BY_RELATION tag is set to YES (the default)
-# then for each documented function all documented
-# functions referencing it will be listed.
-
-REFERENCED_BY_RELATION = YES
-
-# If the REFERENCES_RELATION tag is set to YES (the default)
-# then for each documented function all documented entities
-# called/used by that function will be listed.
-
-REFERENCES_RELATION = YES
-
-#---------------------------------------------------------------------------
-# configuration options related to the alphabetical class index
-#---------------------------------------------------------------------------
-
-# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
-# of all compounds will be generated. Enable this if the project
-# contains a lot of classes, structs, unions or interfaces.
-
-ALPHABETICAL_INDEX = NO
-
-# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
-# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
-# in which this list will be split (can be a number in the range [1..20])
-
-COLS_IN_ALPHA_INDEX = 5
-
-# In case all classes in a project start with a common prefix, all
-# classes will be put under the same header in the alphabetical index.
-# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
-# should be ignored while generating the index headers.
-
-IGNORE_PREFIX =
-
-#---------------------------------------------------------------------------
-# configuration options related to the HTML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
-# generate HTML output.
-
-GENERATE_HTML = NO
-
-# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `html' will be used as the default path.
-
-HTML_OUTPUT = html
-
-# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
-# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
-# doxygen will generate files with .html extension.
-
-HTML_FILE_EXTENSION = .html
-
-# The HTML_HEADER tag can be used to specify a personal HTML header for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard header.
-
-HTML_HEADER =
-
-# The HTML_FOOTER tag can be used to specify a personal HTML footer for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard footer.
-
-HTML_FOOTER =
-
-# The HTML_STYLESHEET tag can be used to specify a user defined cascading
-# style sheet that is used by each HTML page. It can be used to
-# fine-tune the look of the HTML output. If the tag is left blank doxygen
-# will generate a default style sheet
-
-HTML_STYLESHEET =
-
-# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
-# files or namespaces will be aligned in HTML using tables. If set to
-# NO a bullet list will be used.
-
-HTML_ALIGN_MEMBERS = YES
-
-# If the GENERATE_HTMLHELP tag is set to YES, additional index files
-# will be generated that can be used as input for tools like the
-# Microsoft HTML help workshop to generate a compressed HTML help file (.chm)
-# of the generated HTML documentation.
-
-GENERATE_HTMLHELP = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
-# be used to specify the file name of the resulting .chm file. You
-# can add a path in front of the file if the result should not be
-# written to the html output dir.
-
-CHM_FILE =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
-# be used to specify the location (absolute path including file name) of
-# the HTML help compiler (hhc.exe). If non empty doxygen will try to run
-# the html help compiler on the generated index.hhp.
-
-HHC_LOCATION =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
-# controls if a separate .chi index file is generated (YES) or that
-# it should be included in the master .chm file (NO).
-
-GENERATE_CHI = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
-# controls whether a binary table of contents is generated (YES) or a
-# normal table of contents (NO) in the .chm file.
-
-BINARY_TOC = NO
-
-# The TOC_EXPAND flag can be set to YES to add extra items for group members
-# to the contents of the Html help documentation and to the tree view.
-
-TOC_EXPAND = NO
-
-# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
-# top of each HTML page. The value NO (the default) enables the index and
-# the value YES disables it.
-
-DISABLE_INDEX = NO
-
-# This tag can be used to set the number of enum values (range [1..20])
-# that doxygen will group on one line in the generated HTML documentation.
-
-ENUM_VALUES_PER_LINE = 4
-
-# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
-# generated containing a tree-like index structure (just like the one that
-# is generated for HTML Help). For this to work a browser that supports
-# JavaScript, DHTML, CSS and frames is required (for instance Mozilla,
-# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are
-# probably better off using the HTML help feature.
-
-GENERATE_TREEVIEW = NO
-
-# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
-# used to set the initial width (in pixels) of the frame in which the tree
-# is shown.
-
-TREEVIEW_WIDTH = 250
-
-#---------------------------------------------------------------------------
-# configuration options related to the LaTeX output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
-# generate Latex output.
-
-GENERATE_LATEX = YES
-
-# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `latex' will be used as the default path.
-
-LATEX_OUTPUT = latex
-
-# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
-# invoked. If left blank `latex' will be used as the default command name.
-
-LATEX_CMD_NAME = latex
-
-# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
-# generate index for LaTeX. If left blank `makeindex' will be used as the
-# default command name.
-
-MAKEINDEX_CMD_NAME = makeindex
-
-# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
-# LaTeX documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_LATEX = NO
-
-# The PAPER_TYPE tag can be used to set the paper type that is used
-# by the printer. Possible values are: a4, a4wide, letter, legal and
-# executive. If left blank a4wide will be used.
-
-PAPER_TYPE = letter
-
-# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
-# packages that should be included in the LaTeX output.
-
-EXTRA_PACKAGES =
-
-# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
-# the generated latex document. The header should contain everything until
-# the first chapter. If it is left blank doxygen will generate a
-# standard header. Notice: only use this tag if you know what you are doing!
-
-LATEX_HEADER = header.tex
-
-# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
-# is prepared for conversion to pdf (using ps2pdf). The pdf file will
-# contain links (just like the HTML output) instead of page references
-# This makes the output suitable for online browsing using a pdf viewer.
-
-PDF_HYPERLINKS = YES
-
-# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
-# plain latex in the generated Makefile. Set this option to YES to get a
-# higher quality PDF documentation.
-
-USE_PDFLATEX = YES
-
-# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
-# command to the generated LaTeX files. This will instruct LaTeX to keep
-# running if errors occur, instead of asking the user for help.
-# This option is also used when generating formulas in HTML.
-
-LATEX_BATCHMODE = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the RTF output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
-# The RTF output is optimised for Word 97 and may not look very pretty with
-# other RTF readers or editors.
-
-GENERATE_RTF = NO
-
-# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `rtf' will be used as the default path.
-
-RTF_OUTPUT = rtf
-
-# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
-# RTF documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_RTF = NO
-
-# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
-# will contain hyperlink fields. The RTF file will
-# contain links (just like the HTML output) instead of page references.
-# This makes the output suitable for online browsing using WORD or other
-# programs which support those fields.
-# Note: wordpad (write) and others do not support links.
-
-RTF_HYPERLINKS = NO
-
-# Load stylesheet definitions from file. Syntax is similar to doxygen's
-# config file, i.e. a series of assigments. You only have to provide
-# replacements, missing definitions are set to their default value.
-
-RTF_STYLESHEET_FILE =
-
-# Set optional variables used in the generation of an rtf document.
-# Syntax is similar to doxygen's config file.
-
-RTF_EXTENSIONS_FILE =
-
-#---------------------------------------------------------------------------
-# configuration options related to the man page output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
-# generate man pages
-
-GENERATE_MAN = NO
-
-# The MAN_OUTPUT tag is used to specify where the man pages will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `man' will be used as the default path.
-
-MAN_OUTPUT = man
-
-# The MAN_EXTENSION tag determines the extension that is added to
-# the generated man pages (default is the subroutine's section .3)
-
-MAN_EXTENSION = .3
-
-# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
-# then it will generate one additional man file for each entity
-# documented in the real man page(s). These additional files
-# only source the real man page, but without them the man command
-# would be unable to find the correct page. The default is NO.
-
-MAN_LINKS = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the XML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_XML tag is set to YES Doxygen will
-# generate an XML file that captures the structure of
-# the code including all documentation. Note that this
-# feature is still experimental and incomplete at the
-# moment.
-
-GENERATE_XML = NO
-
-# The XML_SCHEMA tag can be used to specify an XML schema,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-XML_SCHEMA =
-
-# The XML_DTD tag can be used to specify an XML DTD,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-XML_DTD =
-
-#---------------------------------------------------------------------------
-# configuration options for the AutoGen Definitions output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
-# generate an AutoGen Definitions (see autogen.sf.net) file
-# that captures the structure of the code including all
-# documentation. Note that this feature is still experimental
-# and incomplete at the moment.
-
-GENERATE_AUTOGEN_DEF = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the Perl module output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_PERLMOD tag is set to YES Doxygen will
-# generate a Perl module file that captures the structure of
-# the code including all documentation. Note that this
-# feature is still experimental and incomplete at the
-# moment.
-
-GENERATE_PERLMOD = NO
-
-# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
-# the necessary Makefile rules, Perl scripts and LaTeX code to be able
-# to generate PDF and DVI output from the Perl module output.
-
-PERLMOD_LATEX = NO
-
-# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
-# nicely formatted so it can be parsed by a human reader. This is useful
-# if you want to understand what is going on. On the other hand, if this
-# tag is set to NO the size of the Perl module output will be much smaller
-# and Perl will parse it just the same.
-
-PERLMOD_PRETTY = YES
-
-# The names of the make variables in the generated doxyrules.make file
-# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
-# This is useful so different doxyrules.make files included by the same
-# Makefile don't overwrite each other's variables.
-
-PERLMOD_MAKEVAR_PREFIX =
-
-#---------------------------------------------------------------------------
-# Configuration options related to the preprocessor
-#---------------------------------------------------------------------------
-
-# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
-# evaluate all C-preprocessor directives found in the sources and include
-# files.
-
-ENABLE_PREPROCESSING = YES
-
-# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
-# names in the source code. If set to NO (the default) only conditional
-# compilation will be performed. Macro expansion can be done in a controlled
-# way by setting EXPAND_ONLY_PREDEF to YES.
-
-MACRO_EXPANSION = NO
-
-# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
-# then the macro expansion is limited to the macros specified with the
-# PREDEFINED and EXPAND_AS_PREDEFINED tags.
-
-EXPAND_ONLY_PREDEF = NO
-
-# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
-# in the INCLUDE_PATH (see below) will be search if a #include is found.
-
-SEARCH_INCLUDES = YES
-
-# The INCLUDE_PATH tag can be used to specify one or more directories that
-# contain include files that are not input files but should be processed by
-# the preprocessor.
-
-INCLUDE_PATH =
-
-# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
-# patterns (like *.h and *.hpp) to filter out the header-files in the
-# directories. If left blank, the patterns specified with FILE_PATTERNS will
-# be used.
-
-INCLUDE_FILE_PATTERNS =
-
-# The PREDEFINED tag can be used to specify one or more macro names that
-# are defined before the preprocessor is started (similar to the -D option of
-# gcc). The argument of the tag is a list of macros of the form: name
-# or name=definition (no spaces). If the definition and the = are
-# omitted =1 is assumed.
-
-PREDEFINED =
-
-# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
-# this tag can be used to specify a list of macro names that should be expanded.
-# The macro definition that is found in the sources will be used.
-# Use the PREDEFINED tag if you want to use a different macro definition.
-
-EXPAND_AS_DEFINED =
-
-# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
-# doxygen's preprocessor will remove all function-like macros that are alone
-# on a line, have an all uppercase name, and do not end with a semicolon. Such
-# function macros are typically used for boiler-plate code, and will confuse the
-# parser if not removed.
-
-SKIP_FUNCTION_MACROS = YES
-
-#---------------------------------------------------------------------------
-# Configuration::addtions related to external references
-#---------------------------------------------------------------------------
-
-# The TAGFILES tag can be used to specify one or more tagfiles.
-
-TAGFILES =
-
-# When a file name is specified after GENERATE_TAGFILE, doxygen will create
-# a tag file that is based on the input files it reads.
-
-GENERATE_TAGFILE =
-
-# If the ALLEXTERNALS tag is set to YES all external classes will be listed
-# in the class index. If set to NO only the inherited external classes
-# will be listed.
-
-ALLEXTERNALS = NO
-
-# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
-# in the modules index. If set to NO, only the current project's groups will
-# be listed.
-
-EXTERNAL_GROUPS = YES
-
-# The PERL_PATH should be the absolute path and name of the perl script
-# interpreter (i.e. the result of `which perl').
-
-PERL_PATH = /usr/bin/perl
-
-#---------------------------------------------------------------------------
-# Configuration options related to the dot tool
-#---------------------------------------------------------------------------
-
-# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
-# generate a inheritance diagram (in Html, RTF and LaTeX) for classes with base or
-# super classes. Setting the tag to NO turns the diagrams off. Note that this
-# option is superceded by the HAVE_DOT option below. This is only a fallback. It is
-# recommended to install and use dot, since it yield more powerful graphs.
-
-CLASS_DIAGRAMS = YES
-
-# If set to YES, the inheritance and collaboration graphs will hide
-# inheritance and usage relations if the target is undocumented
-# or is not a class.
-
-HIDE_UNDOC_RELATIONS = YES
-
-# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
-# available from the path. This tool is part of Graphviz, a graph visualization
-# toolkit from AT&T and Lucent Bell Labs. The other options in this section
-# have no effect if this option is set to NO (the default)
-
-HAVE_DOT = NO
-
-# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect inheritance relations. Setting this tag to YES will force the
-# the CLASS_DIAGRAMS tag to NO.
-
-CLASS_GRAPH = YES
-
-# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect implementation dependencies (inheritance, containment, and
-# class references variables) of the class with other documented classes.
-
-COLLABORATION_GRAPH = YES
-
-# If set to YES, the inheritance and collaboration graphs will show the
-# relations between templates and their instances.
-
-TEMPLATE_RELATIONS = YES
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
-# tags are set to YES then doxygen will generate a graph for each documented
-# file showing the direct and indirect include dependencies of the file with
-# other documented files.
-
-INCLUDE_GRAPH = YES
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
-# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
-# documented header file showing the documented files that directly or
-# indirectly include this file.
-
-INCLUDED_BY_GRAPH = YES
-
-# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
-# will graphical hierarchy of all classes instead of a textual one.
-
-GRAPHICAL_HIERARCHY = YES
-
-# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
-# generated by dot. Possible values are png, jpg, or gif
-# If left blank png will be used.
-
-DOT_IMAGE_FORMAT = png
-
-# The tag DOT_PATH can be used to specify the path where the dot tool can be
-# found. If left blank, it is assumed the dot tool can be found on the path.
-
-DOT_PATH =
-
-# The DOTFILE_DIRS tag can be used to specify one or more directories that
-# contain dot files that are included in the documentation (see the
-# \dotfile command).
-
-DOTFILE_DIRS =
-
-# The MAX_DOT_GRAPH_WIDTH tag can be used to set the maximum allowed width
-# (in pixels) of the graphs generated by dot. If a graph becomes larger than
-# this value, doxygen will try to truncate the graph, so that it fits within
-# the specified constraint. Beware that most browsers cannot cope with very
-# large images.
-
-MAX_DOT_GRAPH_WIDTH = 1024
-
-# The MAX_DOT_GRAPH_HEIGHT tag can be used to set the maximum allows height
-# (in pixels) of the graphs generated by dot. If a graph becomes larger than
-# this value, doxygen will try to truncate the graph, so that it fits within
-# the specified constraint. Beware that most browsers cannot cope with very
-# large images.
-
-MAX_DOT_GRAPH_HEIGHT = 1024
-
-# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
-# generate a legend page explaining the meaning of the various boxes and
-# arrows in the dot generated graphs.
-
-GENERATE_LEGEND = YES
-
-# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
-# remove the intermedate dot files that are used to generate
-# the various graphs.
-
-DOT_CLEANUP = YES
-
-#---------------------------------------------------------------------------
-# Configuration::addtions related to the search engine
-#---------------------------------------------------------------------------
-
-# The SEARCHENGINE tag specifies whether or not a search engine should be
-# used. If set to NO the values of all tags below this one will be ignored.
-
-SEARCHENGINE = NO
-
-# The CGI_NAME tag should be the name of the CGI script that
-# starts the search engine (doxysearch) with the correct parameters.
-# A script with this name will be generated by doxygen.
-
-CGI_NAME = search.cgi
-
-# The CGI_URL tag should be the absolute URL to the directory where the
-# cgi binaries are located. See the documentation of your http daemon for
-# details.
-
-CGI_URL =
-
-# The DOC_URL tag should be the absolute URL to the directory where the
-# documentation is located. If left blank the absolute path to the
-# documentation, with file:// prepended to it, will be used.
-
-DOC_URL =
-
-# The DOC_ABSPATH tag should be the absolute path to the directory where the
-# documentation is located. If left blank the directory on the local machine
-# will be used.
-
-DOC_ABSPATH =
-
-# The BIN_ABSPATH tag must point to the directory where the doxysearch binary
-# is installed.
-
-BIN_ABSPATH = /usr/local/bin/
-
-# The EXT_DOC_PATHS tag can be used to specify one or more paths to
-# documentation generated for other projects. This allows doxysearch to search
-# the documentation for these projects as well.
-
-EXT_DOC_PATHS =
--- /dev/null
+# Doxyfile 1.8.11
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project.
+#
+# All text after a double hash (##) is considered a comment and is placed in
+# front of the TAG it is preceding.
+#
+# All text after a single hash (#) is considered a comment and will be ignored.
+# The format is:
+# TAG = value [value, ...]
+# For lists, items can also be appended using:
+# TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (\" \").
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# This tag specifies the encoding used for all characters in the config file
+# that follow. The default is UTF-8 which is also the encoding used for all text
+# before the first occurrence of this tag. Doxygen uses libiconv (or the iconv
+# built into libc) for the transcoding. See http://www.gnu.org/software/libiconv
+# for the list of possible encodings.
+# The default value is: UTF-8.
+
+DOXYFILE_ENCODING = UTF-8
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded by
+# double-quotes, unless you are using Doxywizard) that should identify the
+# project for which the documentation is generated. This name is used in the
+# title of most generated pages and in a few other places.
+# The default value is: My Project.
+
+PROJECT_NAME = libSRTP
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number. This
+# could be handy for archiving the generated documentation or if some version
+# control system is used.
+
+PROJECT_NUMBER = LIBSRTPVERSIONNUMBER
+
+# Using the PROJECT_BRIEF tag one can provide an optional one line description
+# for a project that appears at the top of each page and should give viewer a
+# quick idea about the purpose of the project. Keep the description short.
+
+PROJECT_BRIEF =
+
+# With the PROJECT_LOGO tag one can specify a logo or an icon that is included
+# in the documentation. The maximum height of the logo should not exceed 55
+# pixels and the maximum width should not exceed 200 pixels. Doxygen will copy
+# the logo to the output directory.
+
+PROJECT_LOGO =
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path
+# into which the generated documentation will be written. If a relative path is
+# entered, it will be relative to the location where doxygen was started. If
+# left blank the current directory will be used.
+
+OUTPUT_DIRECTORY =
+
+# If the CREATE_SUBDIRS tag is set to YES then doxygen will create 4096 sub-
+# directories (in 2 levels) under the output directory of each output format and
+# will distribute the generated files over these directories. Enabling this
+# option can be useful when feeding doxygen a huge amount of source files, where
+# putting all generated files in the same directory would otherwise causes
+# performance problems for the file system.
+# The default value is: NO.
+
+CREATE_SUBDIRS = NO
+
+# If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII
+# characters to appear in the names of generated files. If set to NO, non-ASCII
+# characters will be escaped, for example _xE3_x81_x84 will be used for Unicode
+# U+3044.
+# The default value is: NO.
+
+ALLOW_UNICODE_NAMES = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all
+# documentation generated by doxygen is written. Doxygen will use this
+# information to generate all constant output in the proper language.
+# Possible values are: Afrikaans, Arabic, Armenian, Brazilian, Catalan, Chinese,
+# Chinese-Traditional, Croatian, Czech, Danish, Dutch, English (United States),
+# Esperanto, Farsi (Persian), Finnish, French, German, Greek, Hungarian,
+# Indonesian, Italian, Japanese, Japanese-en (Japanese with English messages),
+# Korean, Korean-en (Korean with English messages), Latvian, Lithuanian,
+# Macedonian, Norwegian, Persian (Farsi), Polish, Portuguese, Romanian, Russian,
+# Serbian, Serbian-Cyrillic, Slovak, Slovene, Spanish, Swedish, Turkish,
+# Ukrainian and Vietnamese.
+# The default value is: English.
+
+OUTPUT_LANGUAGE = English
+
+# If the BRIEF_MEMBER_DESC tag is set to YES, doxygen will include brief member
+# descriptions after the members that are listed in the file and class
+# documentation (similar to Javadoc). Set to NO to disable this.
+# The default value is: YES.
+
+BRIEF_MEMBER_DESC = YES
+
+# If the REPEAT_BRIEF tag is set to YES, doxygen will prepend the brief
+# description of a member or function before the detailed description
+#
+# Note: If both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
+# brief descriptions will be completely suppressed.
+# The default value is: YES.
+
+REPEAT_BRIEF = NO
+
+# This tag implements a quasi-intelligent brief description abbreviator that is
+# used to form the text in various listings. Each string in this list, if found
+# as the leading text of the brief description, will be stripped from the text
+# and the result, after processing the whole list, is used as the annotated
+# text. Otherwise, the brief description is used as-is. If left blank, the
+# following values are used ($name is automatically replaced with the name of
+# the entity):The $name class, The $name widget, The $name file, is, provides,
+# specifies, contains, represents, a, an and the.
+
+ABBREVIATE_BRIEF =
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
+# doxygen will generate a detailed section even if there is only a brief
+# description.
+# The default value is: NO.
+
+ALWAYS_DETAILED_SEC = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
+# inherited members of a class in the documentation of that class as if those
+# members were ordinary class members. Constructors, destructors and assignment
+# operators of the base classes will not be shown.
+# The default value is: NO.
+
+INLINE_INHERITED_MEMB = NO
+
+# If the FULL_PATH_NAMES tag is set to YES, doxygen will prepend the full path
+# before files name in the file list and in the header files. If set to NO the
+# shortest path that makes the file name unique will be used
+# The default value is: YES.
+
+FULL_PATH_NAMES = NO
+
+# The STRIP_FROM_PATH tag can be used to strip a user-defined part of the path.
+# Stripping is only done if one of the specified strings matches the left-hand
+# part of the path. The tag can be used to show relative paths in the file list.
+# If left blank the directory from which doxygen is run is used as the path to
+# strip.
+#
+# Note that you can specify absolute paths here, but also relative paths, which
+# will be relative from the directory where doxygen is started.
+# This tag requires that the tag FULL_PATH_NAMES is set to YES.
+
+STRIP_FROM_PATH =
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of the
+# path mentioned in the documentation of a class, which tells the reader which
+# header file to include in order to use a class. If left blank only the name of
+# the header file containing the class definition is used. Otherwise one should
+# specify the list of include paths that are normally passed to the compiler
+# using the -I flag.
+
+STRIP_FROM_INC_PATH =
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter (but
+# less readable) file names. This can be useful is your file systems doesn't
+# support long names like on DOS, Mac, or CD-ROM.
+# The default value is: NO.
+
+SHORT_NAMES = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then doxygen will interpret the
+# first line (until the first dot) of a Javadoc-style comment as the brief
+# description. If set to NO, the Javadoc-style will behave just like regular Qt-
+# style comments (thus requiring an explicit @brief command for a brief
+# description.)
+# The default value is: NO.
+
+JAVADOC_AUTOBRIEF = NO
+
+# If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first
+# line (until the first dot) of a Qt-style comment as the brief description. If
+# set to NO, the Qt-style will behave just like regular Qt-style comments (thus
+# requiring an explicit \brief command for a brief description.)
+# The default value is: NO.
+
+QT_AUTOBRIEF = NO
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make doxygen treat a
+# multi-line C++ special comment block (i.e. a block of //! or /// comments) as
+# a brief description. This used to be the default behavior. The new default is
+# to treat a multi-line C++ comment block as a detailed description. Set this
+# tag to YES if you prefer the old behavior instead.
+#
+# Note that setting this tag to YES also means that rational rose comments are
+# not recognized any more.
+# The default value is: NO.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the
+# documentation from any documented member that it re-implements.
+# The default value is: YES.
+
+INHERIT_DOCS = YES
+
+# If the SEPARATE_MEMBER_PAGES tag is set to YES then doxygen will produce a new
+# page for each member. If set to NO, the documentation of a member will be part
+# of the file/class/namespace that contains it.
+# The default value is: NO.
+
+SEPARATE_MEMBER_PAGES = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab. Doxygen
+# uses this value to replace tabs by spaces in code fragments.
+# Minimum value: 1, maximum value: 16, default value: 4.
+
+TAB_SIZE = 4
+
+# This tag can be used to specify a number of aliases that act as commands in
+# the documentation. An alias has the form:
+# name=value
+# For example adding
+# "sideeffect=@par Side Effects:\n"
+# will allow you to put the command \sideeffect (or @sideeffect) in the
+# documentation, which will result in a user-defined paragraph with heading
+# "Side Effects:". You can put \n's in the value part of an alias to insert
+# newlines.
+
+ALIASES =
+
+# This tag can be used to specify a number of word-keyword mappings (TCL only).
+# A mapping has the form "name=value". For example adding "class=itcl::class"
+# will allow you to use the command class in the itcl::class meaning.
+
+TCL_SUBST =
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources
+# only. Doxygen will then generate output that is more tailored for C. For
+# instance, some of the names that are used will be different. The list of all
+# members will be omitted, etc.
+# The default value is: NO.
+
+OPTIMIZE_OUTPUT_FOR_C = YES
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java or
+# Python sources only. Doxygen will then generate output that is more tailored
+# for that language. For instance, namespaces will be presented as packages,
+# qualified scopes will look different, etc.
+# The default value is: NO.
+
+OPTIMIZE_OUTPUT_JAVA = NO
+
+# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran
+# sources. Doxygen will then generate output that is tailored for Fortran.
+# The default value is: NO.
+
+OPTIMIZE_FOR_FORTRAN = NO
+
+# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL
+# sources. Doxygen will then generate output that is tailored for VHDL.
+# The default value is: NO.
+
+OPTIMIZE_OUTPUT_VHDL = NO
+
+# Doxygen selects the parser to use depending on the extension of the files it
+# parses. With this tag you can assign which parser to use for a given
+# extension. Doxygen has a built-in mapping, but you can override or extend it
+# using this tag. The format is ext=language, where ext is a file extension, and
+# language is one of the parsers supported by doxygen: IDL, Java, Javascript,
+# C#, C, C++, D, PHP, Objective-C, Python, Fortran (fixed format Fortran:
+# FortranFixed, free formatted Fortran: FortranFree, unknown formatted Fortran:
+# Fortran. In the later case the parser tries to guess whether the code is fixed
+# or free formatted code, this is the default for Fortran type files), VHDL. For
+# instance to make doxygen treat .inc files as Fortran files (default is PHP),
+# and .f files as C (default is Fortran), use: inc=Fortran f=C.
+#
+# Note: For files without extension you can use no_extension as a placeholder.
+#
+# Note that for custom extensions you also need to set FILE_PATTERNS otherwise
+# the files are not read by doxygen.
+
+EXTENSION_MAPPING =
+
+# If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments
+# according to the Markdown format, which allows for more readable
+# documentation. See http://daringfireball.net/projects/markdown/ for details.
+# The output of markdown processing is further processed by doxygen, so you can
+# mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in
+# case of backward compatibilities issues.
+# The default value is: YES.
+
+MARKDOWN_SUPPORT = YES
+
+# When enabled doxygen tries to link words that correspond to documented
+# classes, or namespaces to their corresponding documentation. Such a link can
+# be prevented in individual cases by putting a % sign in front of the word or
+# globally by setting AUTOLINK_SUPPORT to NO.
+# The default value is: YES.
+
+AUTOLINK_SUPPORT = YES
+
+# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want
+# to include (a tag file for) the STL sources as input, then you should set this
+# tag to YES in order to let doxygen match functions declarations and
+# definitions whose arguments contain STL classes (e.g. func(std::string);
+# versus func(std::string) {}). This also make the inheritance and collaboration
+# diagrams that involve STL classes more complete and accurate.
+# The default value is: NO.
+
+BUILTIN_STL_SUPPORT = NO
+
+# If you use Microsoft's C++/CLI language, you should set this option to YES to
+# enable parsing support.
+# The default value is: NO.
+
+CPP_CLI_SUPPORT = NO
+
+# Set the SIP_SUPPORT tag to YES if your project consists of sip (see:
+# http://www.riverbankcomputing.co.uk/software/sip/intro) sources only. Doxygen
+# will parse them like normal C++ but will assume all classes use public instead
+# of private inheritance when no explicit protection keyword is present.
+# The default value is: NO.
+
+SIP_SUPPORT = NO
+
+# For Microsoft's IDL there are propget and propput attributes to indicate
+# getter and setter methods for a property. Setting this option to YES will make
+# doxygen to replace the get and set methods by a property in the documentation.
+# This will only work if the methods are indeed getting or setting a simple
+# type. If this is not the case, or you want to show the methods anyway, you
+# should set this option to NO.
+# The default value is: YES.
+
+IDL_PROPERTY_SUPPORT = YES
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
+# tag is set to YES then doxygen will reuse the documentation of the first
+# member in the group (if any) for the other members of the group. By default
+# all members of a group must be documented explicitly.
+# The default value is: NO.
+
+DISTRIBUTE_GROUP_DOC = NO
+
+# If one adds a struct or class to a group and this option is enabled, then also
+# any nested class or struct is added to the same group. By default this option
+# is disabled and one has to add nested compounds explicitly via \ingroup.
+# The default value is: NO.
+
+GROUP_NESTED_COMPOUNDS = NO
+
+# Set the SUBGROUPING tag to YES to allow class member groups of the same type
+# (for instance a group of public functions) to be put as a subgroup of that
+# type (e.g. under the Public Functions section). Set it to NO to prevent
+# subgrouping. Alternatively, this can be done per class using the
+# \nosubgrouping command.
+# The default value is: YES.
+
+SUBGROUPING = YES
+
+# When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and unions
+# are shown inside the group in which they are included (e.g. using \ingroup)
+# instead of on a separate page (for HTML and Man pages) or section (for LaTeX
+# and RTF).
+#
+# Note that this feature does not work in combination with
+# SEPARATE_MEMBER_PAGES.
+# The default value is: NO.
+
+INLINE_GROUPED_CLASSES = NO
+
+# When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and unions
+# with only public data fields or simple typedef fields will be shown inline in
+# the documentation of the scope in which they are defined (i.e. file,
+# namespace, or group documentation), provided this scope is documented. If set
+# to NO, structs, classes, and unions are shown on a separate page (for HTML and
+# Man pages) or section (for LaTeX and RTF).
+# The default value is: NO.
+
+INLINE_SIMPLE_STRUCTS = NO
+
+# When TYPEDEF_HIDES_STRUCT tag is enabled, a typedef of a struct, union, or
+# enum is documented as struct, union, or enum with the name of the typedef. So
+# typedef struct TypeS {} TypeT, will appear in the documentation as a struct
+# with name TypeT. When disabled the typedef will appear as a member of a file,
+# namespace, or class. And the struct will be named TypeS. This can typically be
+# useful for C code in case the coding convention dictates that all compound
+# types are typedef'ed and only the typedef is referenced, never the tag name.
+# The default value is: NO.
+
+TYPEDEF_HIDES_STRUCT = NO
+
+# The size of the symbol lookup cache can be set using LOOKUP_CACHE_SIZE. This
+# cache is used to resolve symbols given their name and scope. Since this can be
+# an expensive process and often the same symbol appears multiple times in the
+# code, doxygen keeps a cache of pre-resolved symbols. If the cache is too small
+# doxygen will become slower. If the cache is too large, memory is wasted. The
+# cache size is given by this formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range
+# is 0..9, the default is 0, corresponding to a cache size of 2^16=65536
+# symbols. At the end of a run doxygen will report the cache usage and suggest
+# the optimal cache size from a speed point of view.
+# Minimum value: 0, maximum value: 9, default value: 0.
+
+LOOKUP_CACHE_SIZE = 0
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES, doxygen will assume all entities in
+# documentation are documented, even if no documentation was available. Private
+# class members and static file members will be hidden unless the
+# EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES.
+# Note: This will also disable the warnings about undocumented members that are
+# normally produced when WARNINGS is set to YES.
+# The default value is: NO.
+
+EXTRACT_ALL = NO
+
+# If the EXTRACT_PRIVATE tag is set to YES, all private members of a class will
+# be included in the documentation.
+# The default value is: NO.
+
+EXTRACT_PRIVATE = NO
+
+# If the EXTRACT_PACKAGE tag is set to YES, all members with package or internal
+# scope will be included in the documentation.
+# The default value is: NO.
+
+EXTRACT_PACKAGE = NO
+
+# If the EXTRACT_STATIC tag is set to YES, all static members of a file will be
+# included in the documentation.
+# The default value is: NO.
+
+EXTRACT_STATIC = NO
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES, classes (and structs) defined
+# locally in source files will be included in the documentation. If set to NO,
+# only classes defined in header files are included. Does not have any effect
+# for Java sources.
+# The default value is: YES.
+
+EXTRACT_LOCAL_CLASSES = YES
+
+# This flag is only useful for Objective-C code. If set to YES, local methods,
+# which are defined in the implementation section but not in the interface are
+# included in the documentation. If set to NO, only methods in the interface are
+# included.
+# The default value is: NO.
+
+EXTRACT_LOCAL_METHODS = NO
+
+# If this flag is set to YES, the members of anonymous namespaces will be
+# extracted and appear in the documentation as a namespace called
+# 'anonymous_namespace{file}', where file will be replaced with the base name of
+# the file that contains the anonymous namespace. By default anonymous namespace
+# are hidden.
+# The default value is: NO.
+
+EXTRACT_ANON_NSPACES = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all
+# undocumented members inside documented classes or files. If set to NO these
+# members will be included in the various overviews, but no documentation
+# section is generated. This option has no effect if EXTRACT_ALL is enabled.
+# The default value is: NO.
+
+HIDE_UNDOC_MEMBERS = YES
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all
+# undocumented classes that are normally visible in the class hierarchy. If set
+# to NO, these classes will be included in the various overviews. This option
+# has no effect if EXTRACT_ALL is enabled.
+# The default value is: NO.
+
+HIDE_UNDOC_CLASSES = NO
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend
+# (class|struct|union) declarations. If set to NO, these declarations will be
+# included in the documentation.
+# The default value is: NO.
+
+HIDE_FRIEND_COMPOUNDS = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, doxygen will hide any
+# documentation blocks found inside the body of a function. If set to NO, these
+# blocks will be appended to the function's detailed documentation block.
+# The default value is: NO.
+
+HIDE_IN_BODY_DOCS = NO
+
+# The INTERNAL_DOCS tag determines if documentation that is typed after a
+# \internal command is included. If the tag is set to NO then the documentation
+# will be excluded. Set it to YES to include the internal documentation.
+# The default value is: NO.
+
+INTERNAL_DOCS = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file
+# names in lower-case letters. If set to YES, upper-case letters are also
+# allowed. This is useful if you have classes or files whose names only differ
+# in case and if your file system supports case sensitive file names. Windows
+# and Mac users are advised to set this option to NO.
+# The default value is: system dependent.
+
+CASE_SENSE_NAMES = YES
+
+# If the HIDE_SCOPE_NAMES tag is set to NO then doxygen will show members with
+# their full class and namespace scopes in the documentation. If set to YES, the
+# scope will be hidden.
+# The default value is: NO.
+
+HIDE_SCOPE_NAMES = NO
+
+# If the HIDE_COMPOUND_REFERENCE tag is set to NO (default) then doxygen will
+# append additional text to a page's title, such as Class Reference. If set to
+# YES the compound reference will be hidden.
+# The default value is: NO.
+
+HIDE_COMPOUND_REFERENCE= NO
+
+# If the SHOW_INCLUDE_FILES tag is set to YES then doxygen will put a list of
+# the files that are included by a file in the documentation of that file.
+# The default value is: YES.
+
+SHOW_INCLUDE_FILES = NO
+
+# If the SHOW_GROUPED_MEMB_INC tag is set to YES then Doxygen will add for each
+# grouped member an include statement to the documentation, telling the reader
+# which file to include in order to use the member.
+# The default value is: NO.
+
+SHOW_GROUPED_MEMB_INC = NO
+
+# If the FORCE_LOCAL_INCLUDES tag is set to YES then doxygen will list include
+# files with double quotes in the documentation rather than with sharp brackets.
+# The default value is: NO.
+
+FORCE_LOCAL_INCLUDES = NO
+
+# If the INLINE_INFO tag is set to YES then a tag [inline] is inserted in the
+# documentation for inline members.
+# The default value is: YES.
+
+INLINE_INFO = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES then doxygen will sort the
+# (detailed) documentation of file and class members alphabetically by member
+# name. If set to NO, the members will appear in declaration order.
+# The default value is: YES.
+
+SORT_MEMBER_DOCS = YES
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the brief
+# descriptions of file, namespace and class members alphabetically by member
+# name. If set to NO, the members will appear in declaration order. Note that
+# this will also influence the order of the classes in the class list.
+# The default value is: NO.
+
+SORT_BRIEF_DOCS = NO
+
+# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the
+# (brief and detailed) documentation of class members so that constructors and
+# destructors are listed first. If set to NO the constructors will appear in the
+# respective orders defined by SORT_BRIEF_DOCS and SORT_MEMBER_DOCS.
+# Note: If SORT_BRIEF_DOCS is set to NO this option is ignored for sorting brief
+# member documentation.
+# Note: If SORT_MEMBER_DOCS is set to NO this option is ignored for sorting
+# detailed member documentation.
+# The default value is: NO.
+
+SORT_MEMBERS_CTORS_1ST = NO
+
+# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the hierarchy
+# of group names into alphabetical order. If set to NO the group names will
+# appear in their defined order.
+# The default value is: NO.
+
+SORT_GROUP_NAMES = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be sorted by
+# fully-qualified names, including namespaces. If set to NO, the class list will
+# be sorted only by class name, not including the namespace part.
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the alphabetical
+# list.
+# The default value is: NO.
+
+SORT_BY_SCOPE_NAME = NO
+
+# If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to do proper
+# type resolution of all parameters of a function it will reject a match between
+# the prototype and the implementation of a member function even if there is
+# only one candidate or it is obvious which candidate to choose by doing a
+# simple string match. By disabling STRICT_PROTO_MATCHING doxygen will still
+# accept a match between prototype and implementation in such cases.
+# The default value is: NO.
+
+STRICT_PROTO_MATCHING = NO
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or disable (NO) the todo
+# list. This list is created by putting \todo commands in the documentation.
+# The default value is: YES.
+
+GENERATE_TODOLIST = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or disable (NO) the test
+# list. This list is created by putting \test commands in the documentation.
+# The default value is: YES.
+
+GENERATE_TESTLIST = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or disable (NO) the bug
+# list. This list is created by putting \bug commands in the documentation.
+# The default value is: YES.
+
+GENERATE_BUGLIST = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or disable (NO)
+# the deprecated list. This list is created by putting \deprecated commands in
+# the documentation.
+# The default value is: YES.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional documentation
+# sections, marked by \if <section_label> ... \endif and \cond <section_label>
+# ... \endcond blocks.
+
+ENABLED_SECTIONS =
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines that the
+# initial value of a variable or macro / define can have for it to appear in the
+# documentation. If the initializer consists of more lines than specified here
+# it will be hidden. Use a value of 0 to hide initializers completely. The
+# appearance of the value of individual variables and macros / defines can be
+# controlled using \showinitializer or \hideinitializer command in the
+# documentation regardless of this setting.
+# Minimum value: 0, maximum value: 10000, default value: 30.
+
+MAX_INITIALIZER_LINES = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated at
+# the bottom of the documentation of classes and structs. If set to YES, the
+# list will mention the files that were used to generate the documentation.
+# The default value is: YES.
+
+SHOW_USED_FILES = YES
+
+# Set the SHOW_FILES tag to NO to disable the generation of the Files page. This
+# will remove the Files entry from the Quick Index and from the Folder Tree View
+# (if specified).
+# The default value is: YES.
+
+SHOW_FILES = YES
+
+# Set the SHOW_NAMESPACES tag to NO to disable the generation of the Namespaces
+# page. This will remove the Namespaces entry from the Quick Index and from the
+# Folder Tree View (if specified).
+# The default value is: YES.
+
+SHOW_NAMESPACES = YES
+
+# The FILE_VERSION_FILTER tag can be used to specify a program or script that
+# doxygen should invoke to get the current version for each file (typically from
+# the version control system). Doxygen will invoke the program by executing (via
+# popen()) the command command input-file, where command is the value of the
+# FILE_VERSION_FILTER tag, and input-file is the name of an input file provided
+# by doxygen. Whatever the program writes to standard output is used as the file
+# version. For an example see the documentation.
+
+FILE_VERSION_FILTER =
+
+# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed
+# by doxygen. The layout file controls the global structure of the generated
+# output files in an output format independent way. To create the layout file
+# that represents doxygen's defaults, run doxygen with the -l option. You can
+# optionally specify a file name after the option, if omitted DoxygenLayout.xml
+# will be used as the name of the layout file.
+#
+# Note that if you run doxygen from a directory containing a file called
+# DoxygenLayout.xml, doxygen will parse it automatically even if the LAYOUT_FILE
+# tag is left empty.
+
+LAYOUT_FILE =
+
+# The CITE_BIB_FILES tag can be used to specify one or more bib files containing
+# the reference definitions. This must be a list of .bib files. The .bib
+# extension is automatically appended if omitted. This requires the bibtex tool
+# to be installed. See also http://en.wikipedia.org/wiki/BibTeX for more info.
+# For LaTeX the style of the bibliography can be controlled using
+# LATEX_BIB_STYLE. To use this feature you need bibtex and perl available in the
+# search path. See also \cite for info how to create references.
+
+CITE_BIB_FILES =
+
+#---------------------------------------------------------------------------
+# Configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated to
+# standard output by doxygen. If QUIET is set to YES this implies that the
+# messages are off.
+# The default value is: NO.
+
+QUIET = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are
+# generated to standard error (stderr) by doxygen. If WARNINGS is set to YES
+# this implies that the warnings are on.
+#
+# Tip: Turn warnings on while writing the documentation.
+# The default value is: YES.
+
+WARNINGS = YES
+
+# If the WARN_IF_UNDOCUMENTED tag is set to YES then doxygen will generate
+# warnings for undocumented members. If EXTRACT_ALL is set to YES then this flag
+# will automatically be disabled.
+# The default value is: YES.
+
+WARN_IF_UNDOCUMENTED = YES
+
+# If the WARN_IF_DOC_ERROR tag is set to YES, doxygen will generate warnings for
+# potential errors in the documentation, such as not documenting some parameters
+# in a documented function, or documenting parameters that don't exist or using
+# markup commands wrongly.
+# The default value is: YES.
+
+WARN_IF_DOC_ERROR = YES
+
+# This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that
+# are documented, but have no documentation for their parameters or return
+# value. If set to NO, doxygen will only warn about wrong or incomplete
+# parameter documentation, but not about the absence of documentation.
+# The default value is: NO.
+
+WARN_NO_PARAMDOC = NO
+
+# If the WARN_AS_ERROR tag is set to YES then doxygen will immediately stop when
+# a warning is encountered.
+# The default value is: NO.
+
+WARN_AS_ERROR = NO
+
+# The WARN_FORMAT tag determines the format of the warning messages that doxygen
+# can produce. The string should contain the $file, $line, and $text tags, which
+# will be replaced by the file and line number from which the warning originated
+# and the warning text. Optionally the format may contain $version, which will
+# be replaced by the version of the file (if it could be obtained via
+# FILE_VERSION_FILTER)
+# The default value is: $file:$line: $text.
+
+WARN_FORMAT = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning and error
+# messages should be written. If left blank the output is written to standard
+# error (stderr).
+
+WARN_LOGFILE =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag is used to specify the files and/or directories that contain
+# documented source files. You may enter file names like myfile.cpp or
+# directories like /usr/src/myproject. Separate the files or directories with
+# spaces. See also FILE_PATTERNS and EXTENSION_MAPPING
+# Note: If this tag is empty the current directory is searched.
+
+INPUT = ../README.md \
+ ../include/srtp.h \
+ ../crypto/include/auth.h \
+ ../crypto/include/cipher.h \
+ ../crypto/include/crypto_types.h \
+ ../crypto/include/err.h \
+ crypto_kernel.txt
+
+# This tag can be used to specify the character encoding of the source files
+# that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses
+# libiconv (or the iconv built into libc) for the transcoding. See the libiconv
+# documentation (see: http://www.gnu.org/software/libiconv) for the list of
+# possible encodings.
+# The default value is: UTF-8.
+
+INPUT_ENCODING = UTF-8
+
+# If the value of the INPUT tag contains directories, you can use the
+# FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and
+# *.h) to filter out the source-files in the directories.
+#
+# Note that for custom extensions or not directly supported extensions you also
+# need to set EXTENSION_MAPPING for the extension otherwise the files are not
+# read by doxygen.
+#
+# If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cpp,
+# *.c++, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h,
+# *.hh, *.hxx, *.hpp, *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc,
+# *.m, *.markdown, *.md, *.mm, *.dox, *.py, *.pyw, *.f90, *.f, *.for, *.tcl,
+# *.vhd, *.vhdl, *.ucf, *.qsf, *.as and *.js.
+
+FILE_PATTERNS =
+
+# The RECURSIVE tag can be used to specify whether or not subdirectories should
+# be searched for input files as well.
+# The default value is: NO.
+
+RECURSIVE = NO
+
+# The EXCLUDE tag can be used to specify files and/or directories that should be
+# excluded from the INPUT source files. This way you can easily exclude a
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+#
+# Note that relative paths are relative to the directory from which doxygen is
+# run.
+
+EXCLUDE =
+
+# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
+# directories that are symbolic links (a Unix file system feature) are excluded
+# from the input.
+# The default value is: NO.
+
+EXCLUDE_SYMLINKS = NO
+
+# If the value of the INPUT tag contains directories, you can use the
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
+# certain files from those directories.
+#
+# Note that the wildcards are matched against the file with absolute path, so to
+# exclude all test directories for example use the pattern */test/*
+
+EXCLUDE_PATTERNS =
+
+# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
+# (namespaces, classes, functions, etc.) that should be excluded from the
+# output. The symbol name can be a fully qualified name, a word, or if the
+# wildcard * is used, a substring. Examples: ANamespace, AClass,
+# AClass::ANamespace, ANamespace::*Test
+#
+# Note that the wildcards are matched against the file with absolute path, so to
+# exclude all test directories use the pattern */test/*
+
+EXCLUDE_SYMBOLS =
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or directories
+# that contain example code fragments that are included (see the \include
+# command).
+
+EXAMPLE_PATH =
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp and
+# *.h) to filter out the source-files in the directories. If left blank all
+# files are included.
+
+EXAMPLE_PATTERNS =
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
+# searched for input files to be used with the \include or \dontinclude commands
+# irrespective of the value of the RECURSIVE tag.
+# The default value is: NO.
+
+EXAMPLE_RECURSIVE = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or directories
+# that contain images that are to be included in the documentation (see the
+# \image command).
+
+IMAGE_PATH =
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should
+# invoke to filter for each input file. Doxygen will invoke the filter program
+# by executing (via popen()) the command:
+#
+# <filter> <input-file>
+#
+# where <filter> is the value of the INPUT_FILTER tag, and <input-file> is the
+# name of an input file. Doxygen will then use the output that the filter
+# program writes to standard output. If FILTER_PATTERNS is specified, this tag
+# will be ignored.
+#
+# Note that the filter must not add or remove lines; it is applied before the
+# code is scanned, but not when the output code is generated. If lines are added
+# or removed, the anchors will not be placed correctly.
+#
+# Note that for custom extensions or not directly supported extensions you also
+# need to set EXTENSION_MAPPING for the extension otherwise the files are not
+# properly processed by doxygen.
+
+INPUT_FILTER =
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
+# basis. Doxygen will compare the file name with each pattern and apply the
+# filter if there is a match. The filters are a list of the form: pattern=filter
+# (like *.cpp=my_cpp_filter). See INPUT_FILTER for further information on how
+# filters are used. If the FILTER_PATTERNS tag is empty or if none of the
+# patterns match the file name, INPUT_FILTER is applied.
+#
+# Note that for custom extensions or not directly supported extensions you also
+# need to set EXTENSION_MAPPING for the extension otherwise the files are not
+# properly processed by doxygen.
+
+FILTER_PATTERNS =
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
+# INPUT_FILTER) will also be used to filter the input files that are used for
+# producing the source files to browse (i.e. when SOURCE_BROWSER is set to YES).
+# The default value is: NO.
+
+FILTER_SOURCE_FILES = NO
+
+# The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file
+# pattern. A pattern will override the setting for FILTER_PATTERN (if any) and
+# it is also possible to disable source filtering for a specific pattern using
+# *.ext= (so without naming a filter).
+# This tag requires that the tag FILTER_SOURCE_FILES is set to YES.
+
+FILTER_SOURCE_PATTERNS =
+
+# If the USE_MDFILE_AS_MAINPAGE tag refers to the name of a markdown file that
+# is part of the input, its contents will be placed on the main page
+# (index.html). This can be useful if you have a project on for instance GitHub
+# and want to reuse the introduction page also for the doxygen output.
+
+USE_MDFILE_AS_MAINPAGE = README.md
+
+#---------------------------------------------------------------------------
+# Configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will be
+# generated. Documented entities will be cross-referenced with these sources.
+#
+# Note: To get rid of all source code in the generated output, make sure that
+# also VERBATIM_HEADERS is set to NO.
+# The default value is: NO.
+
+SOURCE_BROWSER = NO
+
+# Setting the INLINE_SOURCES tag to YES will include the body of functions,
+# classes and enums directly into the documentation.
+# The default value is: NO.
+
+INLINE_SOURCES = NO
+
+# Setting the STRIP_CODE_COMMENTS tag to YES will instruct doxygen to hide any
+# special comment blocks from generated source code fragments. Normal C, C++ and
+# Fortran comments will always remain visible.
+# The default value is: YES.
+
+STRIP_CODE_COMMENTS = YES
+
+# If the REFERENCED_BY_RELATION tag is set to YES then for each documented
+# function all documented functions referencing it will be listed.
+# The default value is: NO.
+
+REFERENCED_BY_RELATION = YES
+
+# If the REFERENCES_RELATION tag is set to YES then for each documented function
+# all documented entities called/used by that function will be listed.
+# The default value is: NO.
+
+REFERENCES_RELATION = YES
+
+# If the REFERENCES_LINK_SOURCE tag is set to YES and SOURCE_BROWSER tag is set
+# to YES then the hyperlinks from functions in REFERENCES_RELATION and
+# REFERENCED_BY_RELATION lists will link to the source code. Otherwise they will
+# link to the documentation.
+# The default value is: YES.
+
+REFERENCES_LINK_SOURCE = YES
+
+# If SOURCE_TOOLTIPS is enabled (the default) then hovering a hyperlink in the
+# source code will show a tooltip with additional information such as prototype,
+# brief description and links to the definition and documentation. Since this
+# will make the HTML file larger and loading of large files a bit slower, you
+# can opt to disable this feature.
+# The default value is: YES.
+# This tag requires that the tag SOURCE_BROWSER is set to YES.
+
+SOURCE_TOOLTIPS = YES
+
+# If the USE_HTAGS tag is set to YES then the references to source code will
+# point to the HTML generated by the htags(1) tool instead of doxygen built-in
+# source browser. The htags tool is part of GNU's global source tagging system
+# (see http://www.gnu.org/software/global/global.html). You will need version
+# 4.8.6 or higher.
+#
+# To use it do the following:
+# - Install the latest version of global
+# - Enable SOURCE_BROWSER and USE_HTAGS in the config file
+# - Make sure the INPUT points to the root of the source tree
+# - Run doxygen as normal
+#
+# Doxygen will invoke htags (and that will in turn invoke gtags), so these
+# tools must be available from the command line (i.e. in the search path).
+#
+# The result: instead of the source browser generated by doxygen, the links to
+# source code will now point to the output of htags.
+# The default value is: NO.
+# This tag requires that the tag SOURCE_BROWSER is set to YES.
+
+USE_HTAGS = NO
+
+# If the VERBATIM_HEADERS tag is set the YES then doxygen will generate a
+# verbatim copy of the header file for each class for which an include is
+# specified. Set to NO to disable this.
+# See also: Section \class.
+# The default value is: YES.
+
+VERBATIM_HEADERS = YES
+
+#---------------------------------------------------------------------------
+# Configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index of all
+# compounds will be generated. Enable this if the project contains a lot of
+# classes, structs, unions or interfaces.
+# The default value is: YES.
+
+ALPHABETICAL_INDEX = NO
+
+# The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in
+# which the alphabetical index list will be split.
+# Minimum value: 1, maximum value: 20, default value: 5.
+# This tag requires that the tag ALPHABETICAL_INDEX is set to YES.
+
+COLS_IN_ALPHA_INDEX = 5
+
+# In case all classes in a project start with a common prefix, all classes will
+# be put under the same header in the alphabetical index. The IGNORE_PREFIX tag
+# can be used to specify a prefix (or a list of prefixes) that should be ignored
+# while generating the index headers.
+# This tag requires that the tag ALPHABETICAL_INDEX is set to YES.
+
+IGNORE_PREFIX =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES, doxygen will generate HTML output
+# The default value is: YES.
+
+GENERATE_HTML = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. If a
+# relative path is entered the value of OUTPUT_DIRECTORY will be put in front of
+# it.
+# The default directory is: html.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_OUTPUT = html
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for each
+# generated HTML page (for example: .htm, .php, .asp).
+# The default value is: .html.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_FILE_EXTENSION = .html
+
+# The HTML_HEADER tag can be used to specify a user-defined HTML header file for
+# each generated HTML page. If the tag is left blank doxygen will generate a
+# standard header.
+#
+# To get valid HTML the header file that includes any scripts and style sheets
+# that doxygen needs, which is dependent on the configuration options used (e.g.
+# the setting GENERATE_TREEVIEW). It is highly recommended to start with a
+# default header using
+# doxygen -w html new_header.html new_footer.html new_stylesheet.css
+# YourConfigFile
+# and then modify the file new_header.html. See also section "Doxygen usage"
+# for information on how to generate the default header that doxygen normally
+# uses.
+# Note: The header is subject to change so you typically have to regenerate the
+# default header when upgrading to a newer version of doxygen. For a description
+# of the possible markers and block names see the documentation.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_HEADER =
+
+# The HTML_FOOTER tag can be used to specify a user-defined HTML footer for each
+# generated HTML page. If the tag is left blank doxygen will generate a standard
+# footer. See HTML_HEADER for more information on how to generate a default
+# footer and what special commands can be used inside the footer. See also
+# section "Doxygen usage" for information on how to generate the default footer
+# that doxygen normally uses.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_FOOTER =
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading style
+# sheet that is used by each HTML page. It can be used to fine-tune the look of
+# the HTML output. If left blank doxygen will generate a default style sheet.
+# See also section "Doxygen usage" for information on how to generate the style
+# sheet that doxygen normally uses.
+# Note: It is recommended to use HTML_EXTRA_STYLESHEET instead of this tag, as
+# it is more robust and this tag (HTML_STYLESHEET) will in the future become
+# obsolete.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_STYLESHEET = docs.css
+
+# The HTML_EXTRA_STYLESHEET tag can be used to specify additional user-defined
+# cascading style sheets that are included after the standard style sheets
+# created by doxygen. Using this option one can overrule certain style aspects.
+# This is preferred over using HTML_STYLESHEET since it does not replace the
+# standard style sheet and is therefore more robust against future updates.
+# Doxygen will copy the style sheet files to the output directory.
+# Note: The order of the extra style sheet files is of importance (e.g. the last
+# style sheet in the list overrules the setting of the previous ones in the
+# list). For an example see the documentation.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_EXTRA_STYLESHEET =
+
+# The HTML_EXTRA_FILES tag can be used to specify one or more extra images or
+# other source files which should be copied to the HTML output directory. Note
+# that these files will be copied to the base HTML output directory. Use the
+# $relpath^ marker in the HTML_HEADER and/or HTML_FOOTER files to load these
+# files. In the HTML_STYLESHEET file, use the file name only. Also note that the
+# files will be copied as-is; there are no commands or markers available.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_EXTRA_FILES =
+
+# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen
+# will adjust the colors in the style sheet and background images according to
+# this color. Hue is specified as an angle on a colorwheel, see
+# http://en.wikipedia.org/wiki/Hue for more information. For instance the value
+# 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300
+# purple, and 360 is red again.
+# Minimum value: 0, maximum value: 359, default value: 220.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_COLORSTYLE_HUE = 220
+
+# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of the colors
+# in the HTML output. For a value of 0 the output will use grayscales only. A
+# value of 255 will produce the most vivid colors.
+# Minimum value: 0, maximum value: 255, default value: 100.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_COLORSTYLE_SAT = 100
+
+# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to the
+# luminance component of the colors in the HTML output. Values below 100
+# gradually make the output lighter, whereas values above 100 make the output
+# darker. The value divided by 100 is the actual gamma applied, so 80 represents
+# a gamma of 0.8, The value 220 represents a gamma of 2.2, and 100 does not
+# change the gamma.
+# Minimum value: 40, maximum value: 240, default value: 80.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_COLORSTYLE_GAMMA = 80
+
+# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML
+# page will contain the date and time when the page was generated. Setting this
+# to YES can help to show when doxygen was last run and thus if the
+# documentation is up to date.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_TIMESTAMP = NO
+
+# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
+# documentation will contain sections that can be hidden and shown after the
+# page has loaded.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_DYNAMIC_SECTIONS = NO
+
+# With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries
+# shown in the various tree structured indices initially; the user can expand
+# and collapse entries dynamically later on. Doxygen will expand the tree to
+# such a level that at most the specified number of entries are visible (unless
+# a fully collapsed tree already exceeds this amount). So setting the number of
+# entries 1 will produce a full collapsed tree by default. 0 is a special value
+# representing an infinite number of entries and will result in a full expanded
+# tree by default.
+# Minimum value: 0, maximum value: 9999, default value: 100.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_INDEX_NUM_ENTRIES = 100
+
+# If the GENERATE_DOCSET tag is set to YES, additional index files will be
+# generated that can be used as input for Apple's Xcode 3 integrated development
+# environment (see: http://developer.apple.com/tools/xcode/), introduced with
+# OSX 10.5 (Leopard). To create a documentation set, doxygen will generate a
+# Makefile in the HTML output directory. Running make will produce the docset in
+# that directory and running make install will install the docset in
+# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at
+# startup. See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html
+# for more information.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+GENERATE_DOCSET = NO
+
+# This tag determines the name of the docset feed. A documentation feed provides
+# an umbrella under which multiple documentation sets from a single provider
+# (such as a company or product suite) can be grouped.
+# The default value is: Doxygen generated docs.
+# This tag requires that the tag GENERATE_DOCSET is set to YES.
+
+DOCSET_FEEDNAME = "Doxygen generated docs"
+
+# This tag specifies a string that should uniquely identify the documentation
+# set bundle. This should be a reverse domain-name style string, e.g.
+# com.mycompany.MyDocSet. Doxygen will append .docset to the name.
+# The default value is: org.doxygen.Project.
+# This tag requires that the tag GENERATE_DOCSET is set to YES.
+
+DOCSET_BUNDLE_ID = org.doxygen.Project
+
+# The DOCSET_PUBLISHER_ID tag specifies a string that should uniquely identify
+# the documentation publisher. This should be a reverse domain-name style
+# string, e.g. com.mycompany.MyDocSet.documentation.
+# The default value is: org.doxygen.Publisher.
+# This tag requires that the tag GENERATE_DOCSET is set to YES.
+
+DOCSET_PUBLISHER_ID = org.doxygen.Publisher
+
+# The DOCSET_PUBLISHER_NAME tag identifies the documentation publisher.
+# The default value is: Publisher.
+# This tag requires that the tag GENERATE_DOCSET is set to YES.
+
+DOCSET_PUBLISHER_NAME = Publisher
+
+# If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three
+# additional HTML index files: index.hhp, index.hhc, and index.hhk. The
+# index.hhp is a project file that can be read by Microsoft's HTML Help Workshop
+# (see: http://www.microsoft.com/en-us/download/details.aspx?id=21138) on
+# Windows.
+#
+# The HTML Help Workshop contains a compiler that can convert all HTML output
+# generated by doxygen into a single compiled HTML file (.chm). Compiled HTML
+# files are now used as the Windows 98 help format, and will replace the old
+# Windows help format (.hlp) on all Windows platforms in the future. Compressed
+# HTML files also contain an index, a table of contents, and you can search for
+# words in the documentation. The HTML workshop also contains a viewer for
+# compressed HTML files.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+GENERATE_HTMLHELP = NO
+
+# The CHM_FILE tag can be used to specify the file name of the resulting .chm
+# file. You can add a path in front of the file if the result should not be
+# written to the html output directory.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+CHM_FILE =
+
+# The HHC_LOCATION tag can be used to specify the location (absolute path
+# including file name) of the HTML help compiler (hhc.exe). If non-empty,
+# doxygen will try to run the HTML help compiler on the generated index.hhp.
+# The file has to be specified with full path.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+HHC_LOCATION =
+
+# The GENERATE_CHI flag controls if a separate .chi index file is generated
+# (YES) or that it should be included in the master .chm file (NO).
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+GENERATE_CHI = NO
+
+# The CHM_INDEX_ENCODING is used to encode HtmlHelp index (hhk), content (hhc)
+# and project file content.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+CHM_INDEX_ENCODING =
+
+# The BINARY_TOC flag controls whether a binary table of contents is generated
+# (YES) or a normal table of contents (NO) in the .chm file. Furthermore it
+# enables the Previous and Next buttons.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+BINARY_TOC = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members to
+# the table of contents of the HTML help documentation and to the tree view.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+TOC_EXPAND = NO
+
+# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and
+# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated that
+# can be used as input for Qt's qhelpgenerator to generate a Qt Compressed Help
+# (.qch) of the generated HTML documentation.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+GENERATE_QHP = NO
+
+# If the QHG_LOCATION tag is specified, the QCH_FILE tag can be used to specify
+# the file name of the resulting .qch file. The path specified is relative to
+# the HTML output folder.
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QCH_FILE =
+
+# The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help
+# Project output. For more information please see Qt Help Project / Namespace
+# (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#namespace).
+# The default value is: org.doxygen.Project.
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHP_NAMESPACE = org.doxygen.Project
+
+# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt
+# Help Project output. For more information please see Qt Help Project / Virtual
+# Folders (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#virtual-
+# folders).
+# The default value is: doc.
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHP_VIRTUAL_FOLDER = doc
+
+# If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom
+# filter to add. For more information please see Qt Help Project / Custom
+# Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom-
+# filters).
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHP_CUST_FILTER_NAME =
+
+# The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the
+# custom filter to add. For more information please see Qt Help Project / Custom
+# Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom-
+# filters).
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHP_CUST_FILTER_ATTRS =
+
+# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this
+# project's filter section matches. Qt Help Project / Filter Attributes (see:
+# http://qt-project.org/doc/qt-4.8/qthelpproject.html#filter-attributes).
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHP_SECT_FILTER_ATTRS =
+
+# The QHG_LOCATION tag can be used to specify the location of Qt's
+# qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the
+# generated .qhp file.
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHG_LOCATION =
+
+# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files will be
+# generated, together with the HTML files, they form an Eclipse help plugin. To
+# install this plugin and make it available under the help contents menu in
+# Eclipse, the contents of the directory containing the HTML and XML files needs
+# to be copied into the plugins directory of eclipse. The name of the directory
+# within the plugins directory should be the same as the ECLIPSE_DOC_ID value.
+# After copying Eclipse needs to be restarted before the help appears.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+GENERATE_ECLIPSEHELP = NO
+
+# A unique identifier for the Eclipse help plugin. When installing the plugin
+# the directory name containing the HTML and XML files should also have this
+# name. Each documentation set should have its own identifier.
+# The default value is: org.doxygen.Project.
+# This tag requires that the tag GENERATE_ECLIPSEHELP is set to YES.
+
+ECLIPSE_DOC_ID = org.doxygen.Project
+
+# If you want full control over the layout of the generated HTML pages it might
+# be necessary to disable the index and replace it with your own. The
+# DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) at top
+# of each HTML page. A value of NO enables the index and the value YES disables
+# it. Since the tabs in the index contain the same information as the navigation
+# tree, you can set this option to YES if you also set GENERATE_TREEVIEW to YES.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+DISABLE_INDEX = NO
+
+# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index
+# structure should be generated to display hierarchical information. If the tag
+# value is set to YES, a side panel will be generated containing a tree-like
+# index structure (just like the one that is generated for HTML Help). For this
+# to work a browser that supports JavaScript, DHTML, CSS and frames is required
+# (i.e. any modern browser). Windows users are probably better off using the
+# HTML help feature. Via custom style sheets (see HTML_EXTRA_STYLESHEET) one can
+# further fine-tune the look of the index. As an example, the default style
+# sheet generated by doxygen has an example that shows how to put an image at
+# the root of the tree instead of the PROJECT_NAME. Since the tree basically has
+# the same information as the tab index, you could consider setting
+# DISABLE_INDEX to YES when enabling this option.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+GENERATE_TREEVIEW = NO
+
+# The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values that
+# doxygen will group on one line in the generated HTML documentation.
+#
+# Note that a value of 0 will completely suppress the enum values from appearing
+# in the overview section.
+# Minimum value: 0, maximum value: 20, default value: 4.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+ENUM_VALUES_PER_LINE = 4
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be used
+# to set the initial width (in pixels) of the frame in which the tree is shown.
+# Minimum value: 0, maximum value: 1500, default value: 250.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+TREEVIEW_WIDTH = 250
+
+# If the EXT_LINKS_IN_WINDOW option is set to YES, doxygen will open links to
+# external symbols imported via tag files in a separate window.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+EXT_LINKS_IN_WINDOW = NO
+
+# Use this tag to change the font size of LaTeX formulas included as images in
+# the HTML documentation. When you change the font size after a successful
+# doxygen run you need to manually remove any form_*.png images from the HTML
+# output directory to force them to be regenerated.
+# Minimum value: 8, maximum value: 50, default value: 10.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+FORMULA_FONTSIZE = 10
+
+# Use the FORMULA_TRANPARENT tag to determine whether or not the images
+# generated for formulas are transparent PNGs. Transparent PNGs are not
+# supported properly for IE 6.0, but are supported on all modern browsers.
+#
+# Note that when changing this option you need to delete any form_*.png files in
+# the HTML output directory before the changes have effect.
+# The default value is: YES.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+FORMULA_TRANSPARENT = YES
+
+# Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see
+# http://www.mathjax.org) which uses client side Javascript for the rendering
+# instead of using pre-rendered bitmaps. Use this if you do not have LaTeX
+# installed or if you want to formulas look prettier in the HTML output. When
+# enabled you may also need to install MathJax separately and configure the path
+# to it using the MATHJAX_RELPATH option.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+USE_MATHJAX = NO
+
+# When MathJax is enabled you can set the default output format to be used for
+# the MathJax output. See the MathJax site (see:
+# http://docs.mathjax.org/en/latest/output.html) for more details.
+# Possible values are: HTML-CSS (which is slower, but has the best
+# compatibility), NativeMML (i.e. MathML) and SVG.
+# The default value is: HTML-CSS.
+# This tag requires that the tag USE_MATHJAX is set to YES.
+
+MATHJAX_FORMAT = HTML-CSS
+
+# When MathJax is enabled you need to specify the location relative to the HTML
+# output directory using the MATHJAX_RELPATH option. The destination directory
+# should contain the MathJax.js script. For instance, if the mathjax directory
+# is located at the same level as the HTML output directory, then
+# MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax
+# Content Delivery Network so you can quickly see the result without installing
+# MathJax. However, it is strongly recommended to install a local copy of
+# MathJax from http://www.mathjax.org before deployment.
+# The default value is: http://cdn.mathjax.org/mathjax/latest.
+# This tag requires that the tag USE_MATHJAX is set to YES.
+
+MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest
+
+# The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax
+# extension names that should be enabled during MathJax rendering. For example
+# MATHJAX_EXTENSIONS = TeX/AMSmath TeX/AMSsymbols
+# This tag requires that the tag USE_MATHJAX is set to YES.
+
+MATHJAX_EXTENSIONS =
+
+# The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces
+# of code that will be used on startup of the MathJax code. See the MathJax site
+# (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an
+# example see the documentation.
+# This tag requires that the tag USE_MATHJAX is set to YES.
+
+MATHJAX_CODEFILE =
+
+# When the SEARCHENGINE tag is enabled doxygen will generate a search box for
+# the HTML output. The underlying search engine uses javascript and DHTML and
+# should work on any modern browser. Note that when using HTML help
+# (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets (GENERATE_DOCSET)
+# there is already a search function so this one should typically be disabled.
+# For large projects the javascript based search engine can be slow, then
+# enabling SERVER_BASED_SEARCH may provide a better solution. It is possible to
+# search using the keyboard; to jump to the search box use <access key> + S
+# (what the <access key> is depends on the OS and browser, but it is typically
+# <CTRL>, <ALT>/<option>, or both). Inside the search box use the <cursor down
+# key> to jump into the search results window, the results can be navigated
+# using the <cursor keys>. Press <Enter> to select an item or <escape> to cancel
+# the search. The filter options can be selected when the cursor is inside the
+# search box by pressing <Shift>+<cursor down>. Also here use the <cursor keys>
+# to select a filter and <Enter> or <escape> to activate or cancel the filter
+# option.
+# The default value is: YES.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+SEARCHENGINE = NO
+
+# When the SERVER_BASED_SEARCH tag is enabled the search engine will be
+# implemented using a web server instead of a web client using Javascript. There
+# are two flavors of web server based searching depending on the EXTERNAL_SEARCH
+# setting. When disabled, doxygen will generate a PHP script for searching and
+# an index file used by the script. When EXTERNAL_SEARCH is enabled the indexing
+# and searching needs to be provided by external tools. See the section
+# "External Indexing and Searching" for details.
+# The default value is: NO.
+# This tag requires that the tag SEARCHENGINE is set to YES.
+
+SERVER_BASED_SEARCH = NO
+
+# When EXTERNAL_SEARCH tag is enabled doxygen will no longer generate the PHP
+# script for searching. Instead the search results are written to an XML file
+# which needs to be processed by an external indexer. Doxygen will invoke an
+# external search engine pointed to by the SEARCHENGINE_URL option to obtain the
+# search results.
+#
+# Doxygen ships with an example indexer (doxyindexer) and search engine
+# (doxysearch.cgi) which are based on the open source search engine library
+# Xapian (see: http://xapian.org/).
+#
+# See the section "External Indexing and Searching" for details.
+# The default value is: NO.
+# This tag requires that the tag SEARCHENGINE is set to YES.
+
+EXTERNAL_SEARCH = NO
+
+# The SEARCHENGINE_URL should point to a search engine hosted by a web server
+# which will return the search results when EXTERNAL_SEARCH is enabled.
+#
+# Doxygen ships with an example indexer (doxyindexer) and search engine
+# (doxysearch.cgi) which are based on the open source search engine library
+# Xapian (see: http://xapian.org/). See the section "External Indexing and
+# Searching" for details.
+# This tag requires that the tag SEARCHENGINE is set to YES.
+
+SEARCHENGINE_URL =
+
+# When SERVER_BASED_SEARCH and EXTERNAL_SEARCH are both enabled the unindexed
+# search data is written to a file for indexing by an external tool. With the
+# SEARCHDATA_FILE tag the name of this file can be specified.
+# The default file is: searchdata.xml.
+# This tag requires that the tag SEARCHENGINE is set to YES.
+
+SEARCHDATA_FILE = searchdata.xml
+
+# When SERVER_BASED_SEARCH and EXTERNAL_SEARCH are both enabled the
+# EXTERNAL_SEARCH_ID tag can be used as an identifier for the project. This is
+# useful in combination with EXTRA_SEARCH_MAPPINGS to search through multiple
+# projects and redirect the results back to the right project.
+# This tag requires that the tag SEARCHENGINE is set to YES.
+
+EXTERNAL_SEARCH_ID =
+
+# The EXTRA_SEARCH_MAPPINGS tag can be used to enable searching through doxygen
+# projects other than the one defined by this configuration file, but that are
+# all added to the same external search index. Each project needs to have a
+# unique id set via EXTERNAL_SEARCH_ID. The search mapping then maps the id of
+# to a relative location where the documentation can be found. The format is:
+# EXTRA_SEARCH_MAPPINGS = tagname1=loc1 tagname2=loc2 ...
+# This tag requires that the tag SEARCHENGINE is set to YES.
+
+EXTRA_SEARCH_MAPPINGS =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES, doxygen will generate LaTeX output.
+# The default value is: YES.
+
+GENERATE_LATEX = NO
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. If a
+# relative path is entered the value of OUTPUT_DIRECTORY will be put in front of
+# it.
+# The default directory is: latex.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+LATEX_OUTPUT = latex
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
+# invoked.
+#
+# Note that when enabling USE_PDFLATEX this option is only used for generating
+# bitmaps for formulas in the HTML output, but not in the Makefile that is
+# written to the output directory.
+# The default file is: latex.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+LATEX_CMD_NAME = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to generate
+# index for LaTeX.
+# The default file is: makeindex.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+MAKEINDEX_CMD_NAME = makeindex
+
+# If the COMPACT_LATEX tag is set to YES, doxygen generates more compact LaTeX
+# documents. This may be useful for small projects and may help to save some
+# trees in general.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+COMPACT_LATEX = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used by the
+# printer.
+# Possible values are: a4 (210 x 297 mm), letter (8.5 x 11 inches), legal (8.5 x
+# 14 inches) and executive (7.25 x 10.5 inches).
+# The default value is: a4.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+PAPER_TYPE = letter
+
+# The EXTRA_PACKAGES tag can be used to specify one or more LaTeX package names
+# that should be included in the LaTeX output. The package can be specified just
+# by its name or with the correct syntax as to be used with the LaTeX
+# \usepackage command. To get the times font for instance you can specify :
+# EXTRA_PACKAGES=times or EXTRA_PACKAGES={times}
+# To use the option intlimits with the amsmath package you can specify:
+# EXTRA_PACKAGES=[intlimits]{amsmath}
+# If left blank no extra packages will be included.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+EXTRA_PACKAGES =
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for the
+# generated LaTeX document. The header should contain everything until the first
+# chapter. If it is left blank doxygen will generate a standard header. See
+# section "Doxygen usage" for information on how to let doxygen write the
+# default header to a separate file.
+#
+# Note: Only use a user-defined header if you know what you are doing! The
+# following commands have a special meaning inside the header: $title,
+# $datetime, $date, $doxygenversion, $projectname, $projectnumber,
+# $projectbrief, $projectlogo. Doxygen will replace $title with the empty
+# string, for the replacement values of the other commands the user is referred
+# to HTML_HEADER.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+LATEX_HEADER =
+
+# The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for the
+# generated LaTeX document. The footer should contain everything after the last
+# chapter. If it is left blank doxygen will generate a standard footer. See
+# LATEX_HEADER for more information on how to generate a default footer and what
+# special commands can be used inside the footer.
+#
+# Note: Only use a user-defined footer if you know what you are doing!
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+LATEX_FOOTER =
+
+# The LATEX_EXTRA_STYLESHEET tag can be used to specify additional user-defined
+# LaTeX style sheets that are included after the standard style sheets created
+# by doxygen. Using this option one can overrule certain style aspects. Doxygen
+# will copy the style sheet files to the output directory.
+# Note: The order of the extra style sheet files is of importance (e.g. the last
+# style sheet in the list overrules the setting of the previous ones in the
+# list).
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+LATEX_EXTRA_STYLESHEET =
+
+# The LATEX_EXTRA_FILES tag can be used to specify one or more extra images or
+# other source files which should be copied to the LATEX_OUTPUT output
+# directory. Note that the files will be copied as-is; there are no commands or
+# markers available.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+LATEX_EXTRA_FILES =
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated is
+# prepared for conversion to PDF (using ps2pdf or pdflatex). The PDF file will
+# contain links (just like the HTML output) instead of page references. This
+# makes the output suitable for online browsing using a PDF viewer.
+# The default value is: YES.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+PDF_HYPERLINKS = YES
+
+# If the USE_PDFLATEX tag is set to YES, doxygen will use pdflatex to generate
+# the PDF file directly from the LaTeX files. Set this option to YES, to get a
+# higher quality PDF documentation.
+# The default value is: YES.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+USE_PDFLATEX = YES
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \batchmode
+# command to the generated LaTeX files. This will instruct LaTeX to keep running
+# if errors occur, instead of asking the user for help. This option is also used
+# when generating formulas in HTML.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+LATEX_BATCHMODE = NO
+
+# If the LATEX_HIDE_INDICES tag is set to YES then doxygen will not include the
+# index chapters (such as File Index, Compound Index, etc.) in the output.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+LATEX_HIDE_INDICES = NO
+
+# If the LATEX_SOURCE_CODE tag is set to YES then doxygen will include source
+# code with syntax highlighting in the LaTeX output.
+#
+# Note that which sources are shown also depends on other settings such as
+# SOURCE_BROWSER.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+LATEX_SOURCE_CODE = NO
+
+# The LATEX_BIB_STYLE tag can be used to specify the style to use for the
+# bibliography, e.g. plainnat, or ieeetr. See
+# http://en.wikipedia.org/wiki/BibTeX and \cite for more info.
+# The default value is: plain.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+LATEX_BIB_STYLE = plain
+
+# If the LATEX_TIMESTAMP tag is set to YES then the footer of each generated
+# page will contain the date and time when the page was generated. Setting this
+# to NO can help when comparing the output of multiple runs.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_LATEX is set to YES.
+
+LATEX_TIMESTAMP = NO
+
+#---------------------------------------------------------------------------
+# Configuration options related to the RTF output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_RTF tag is set to YES, doxygen will generate RTF output. The
+# RTF output is optimized for Word 97 and may not look too pretty with other RTF
+# readers/editors.
+# The default value is: NO.
+
+GENERATE_RTF = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. If a
+# relative path is entered the value of OUTPUT_DIRECTORY will be put in front of
+# it.
+# The default directory is: rtf.
+# This tag requires that the tag GENERATE_RTF is set to YES.
+
+RTF_OUTPUT = rtf
+
+# If the COMPACT_RTF tag is set to YES, doxygen generates more compact RTF
+# documents. This may be useful for small projects and may help to save some
+# trees in general.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_RTF is set to YES.
+
+COMPACT_RTF = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated will
+# contain hyperlink fields. The RTF file will contain links (just like the HTML
+# output) instead of page references. This makes the output suitable for online
+# browsing using Word or some other Word compatible readers that support those
+# fields.
+#
+# Note: WordPad (write) and others do not support links.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_RTF is set to YES.
+
+RTF_HYPERLINKS = NO
+
+# Load stylesheet definitions from file. Syntax is similar to doxygen's config
+# file, i.e. a series of assignments. You only have to provide replacements,
+# missing definitions are set to their default value.
+#
+# See also section "Doxygen usage" for information on how to generate the
+# default style sheet that doxygen normally uses.
+# This tag requires that the tag GENERATE_RTF is set to YES.
+
+RTF_STYLESHEET_FILE =
+
+# Set optional variables used in the generation of an RTF document. Syntax is
+# similar to doxygen's config file. A template extensions file can be generated
+# using doxygen -e rtf extensionFile.
+# This tag requires that the tag GENERATE_RTF is set to YES.
+
+RTF_EXTENSIONS_FILE =
+
+# If the RTF_SOURCE_CODE tag is set to YES then doxygen will include source code
+# with syntax highlighting in the RTF output.
+#
+# Note that which sources are shown also depends on other settings such as
+# SOURCE_BROWSER.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_RTF is set to YES.
+
+RTF_SOURCE_CODE = NO
+
+#---------------------------------------------------------------------------
+# Configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES, doxygen will generate man pages for
+# classes and files.
+# The default value is: NO.
+
+GENERATE_MAN = NO
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put. If a
+# relative path is entered the value of OUTPUT_DIRECTORY will be put in front of
+# it. A directory man3 will be created inside the directory specified by
+# MAN_OUTPUT.
+# The default directory is: man.
+# This tag requires that the tag GENERATE_MAN is set to YES.
+
+MAN_OUTPUT = man
+
+# The MAN_EXTENSION tag determines the extension that is added to the generated
+# man pages. In case the manual section does not start with a number, the number
+# 3 is prepended. The dot (.) at the beginning of the MAN_EXTENSION tag is
+# optional.
+# The default value is: .3.
+# This tag requires that the tag GENERATE_MAN is set to YES.
+
+MAN_EXTENSION = .3
+
+# The MAN_SUBDIR tag determines the name of the directory created within
+# MAN_OUTPUT in which the man pages are placed. If defaults to man followed by
+# MAN_EXTENSION with the initial . removed.
+# This tag requires that the tag GENERATE_MAN is set to YES.
+
+MAN_SUBDIR =
+
+# If the MAN_LINKS tag is set to YES and doxygen generates man output, then it
+# will generate one additional man file for each entity documented in the real
+# man page(s). These additional files only source the real man page, but without
+# them the man command would be unable to find the correct page.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_MAN is set to YES.
+
+MAN_LINKS = NO
+
+#---------------------------------------------------------------------------
+# Configuration options related to the XML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_XML tag is set to YES, doxygen will generate an XML file that
+# captures the structure of the code including all documentation.
+# The default value is: NO.
+
+GENERATE_XML = NO
+
+# The XML_OUTPUT tag is used to specify where the XML pages will be put. If a
+# relative path is entered the value of OUTPUT_DIRECTORY will be put in front of
+# it.
+# The default directory is: xml.
+# This tag requires that the tag GENERATE_XML is set to YES.
+
+XML_OUTPUT = xml
+
+# If the XML_PROGRAMLISTING tag is set to YES, doxygen will dump the program
+# listings (including syntax highlighting and cross-referencing information) to
+# the XML output. Note that enabling this will significantly increase the size
+# of the XML output.
+# The default value is: YES.
+# This tag requires that the tag GENERATE_XML is set to YES.
+
+XML_PROGRAMLISTING = YES
+
+#---------------------------------------------------------------------------
+# Configuration options related to the DOCBOOK output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_DOCBOOK tag is set to YES, doxygen will generate Docbook files
+# that can be used to generate PDF.
+# The default value is: NO.
+
+GENERATE_DOCBOOK = NO
+
+# The DOCBOOK_OUTPUT tag is used to specify where the Docbook pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be put in
+# front of it.
+# The default directory is: docbook.
+# This tag requires that the tag GENERATE_DOCBOOK is set to YES.
+
+DOCBOOK_OUTPUT = docbook
+
+# If the DOCBOOK_PROGRAMLISTING tag is set to YES, doxygen will include the
+# program listings (including syntax highlighting and cross-referencing
+# information) to the DOCBOOK output. Note that enabling this will significantly
+# increase the size of the DOCBOOK output.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_DOCBOOK is set to YES.
+
+DOCBOOK_PROGRAMLISTING = NO
+
+#---------------------------------------------------------------------------
+# Configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES, doxygen will generate an
+# AutoGen Definitions (see http://autogen.sf.net) file that captures the
+# structure of the code including all documentation. Note that this feature is
+# still experimental and incomplete at the moment.
+# The default value is: NO.
+
+GENERATE_AUTOGEN_DEF = NO
+
+#---------------------------------------------------------------------------
+# Configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_PERLMOD tag is set to YES, doxygen will generate a Perl module
+# file that captures the structure of the code including all documentation.
+#
+# Note that this feature is still experimental and incomplete at the moment.
+# The default value is: NO.
+
+GENERATE_PERLMOD = NO
+
+# If the PERLMOD_LATEX tag is set to YES, doxygen will generate the necessary
+# Makefile rules, Perl scripts and LaTeX code to be able to generate PDF and DVI
+# output from the Perl module output.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_PERLMOD is set to YES.
+
+PERLMOD_LATEX = NO
+
+# If the PERLMOD_PRETTY tag is set to YES, the Perl module output will be nicely
+# formatted so it can be parsed by a human reader. This is useful if you want to
+# understand what is going on. On the other hand, if this tag is set to NO, the
+# size of the Perl module output will be much smaller and Perl will parse it
+# just the same.
+# The default value is: YES.
+# This tag requires that the tag GENERATE_PERLMOD is set to YES.
+
+PERLMOD_PRETTY = YES
+
+# The names of the make variables in the generated doxyrules.make file are
+# prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. This is useful
+# so different doxyrules.make files included by the same Makefile don't
+# overwrite each other's variables.
+# This tag requires that the tag GENERATE_PERLMOD is set to YES.
+
+PERLMOD_MAKEVAR_PREFIX =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES, doxygen will evaluate all
+# C-preprocessor directives found in the sources and include files.
+# The default value is: YES.
+
+ENABLE_PREPROCESSING = YES
+
+# If the MACRO_EXPANSION tag is set to YES, doxygen will expand all macro names
+# in the source code. If set to NO, only conditional compilation will be
+# performed. Macro expansion can be done in a controlled way by setting
+# EXPAND_ONLY_PREDEF to YES.
+# The default value is: NO.
+# This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
+
+MACRO_EXPANSION = NO
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES then
+# the macro expansion is limited to the macros specified with the PREDEFINED and
+# EXPAND_AS_DEFINED tags.
+# The default value is: NO.
+# This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
+
+EXPAND_ONLY_PREDEF = NO
+
+# If the SEARCH_INCLUDES tag is set to YES, the include files in the
+# INCLUDE_PATH will be searched if a #include is found.
+# The default value is: YES.
+# This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
+
+SEARCH_INCLUDES = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that
+# contain include files that are not input files but should be processed by the
+# preprocessor.
+# This tag requires that the tag SEARCH_INCLUDES is set to YES.
+
+INCLUDE_PATH =
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
+# patterns (like *.h and *.hpp) to filter out the header-files in the
+# directories. If left blank, the patterns specified with FILE_PATTERNS will be
+# used.
+# This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
+
+INCLUDE_FILE_PATTERNS =
+
+# The PREDEFINED tag can be used to specify one or more macro names that are
+# defined before the preprocessor is started (similar to the -D option of e.g.
+# gcc). The argument of the tag is a list of macros of the form: name or
+# name=definition (no spaces). If the definition and the "=" are omitted, "=1"
+# is assumed. To prevent a macro definition from being undefined via #undef or
+# recursively expanded use the := operator instead of the = operator.
+# This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
+
+PREDEFINED =
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then this
+# tag can be used to specify a list of macro names that should be expanded. The
+# macro definition that is found in the sources will be used. Use the PREDEFINED
+# tag if you want to use a different macro definition that overrules the
+# definition found in the source code.
+# This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
+
+EXPAND_AS_DEFINED =
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES then doxygen's preprocessor will
+# remove all references to function-like macros that are alone on a line, have
+# an all uppercase name, and do not end with a semicolon. Such function macros
+# are typically used for boiler-plate code, and will confuse the parser if not
+# removed.
+# The default value is: YES.
+# This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
+
+SKIP_FUNCTION_MACROS = YES
+
+#---------------------------------------------------------------------------
+# Configuration options related to external references
+#---------------------------------------------------------------------------
+
+# The TAGFILES tag can be used to specify one or more tag files. For each tag
+# file the location of the external documentation should be added. The format of
+# a tag file without this location is as follows:
+# TAGFILES = file1 file2 ...
+# Adding location for the tag files is done as follows:
+# TAGFILES = file1=loc1 "file2 = loc2" ...
+# where loc1 and loc2 can be relative or absolute paths or URLs. See the
+# section "Linking to external documentation" for more information about the use
+# of tag files.
+# Note: Each tag file must have a unique name (where the name does NOT include
+# the path). If a tag file is not located in the directory in which doxygen is
+# run, you must also specify the path to the tagfile here.
+
+TAGFILES =
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create a
+# tag file that is based on the input files it reads. See section "Linking to
+# external documentation" for more information about the usage of tag files.
+
+GENERATE_TAGFILE =
+
+# If the ALLEXTERNALS tag is set to YES, all external class will be listed in
+# the class index. If set to NO, only the inherited external classes will be
+# listed.
+# The default value is: NO.
+
+ALLEXTERNALS = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES, all external groups will be listed
+# in the modules index. If set to NO, only the current project's groups will be
+# listed.
+# The default value is: YES.
+
+EXTERNAL_GROUPS = YES
+
+# If the EXTERNAL_PAGES tag is set to YES, all external pages will be listed in
+# the related pages index. If set to NO, only the current project's pages will
+# be listed.
+# The default value is: YES.
+
+EXTERNAL_PAGES = YES
+
+# The PERL_PATH should be the absolute path and name of the perl script
+# interpreter (i.e. the result of 'which perl').
+# The default file (with absolute path) is: /usr/bin/perl.
+
+PERL_PATH = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool
+#---------------------------------------------------------------------------
+
+# If the CLASS_DIAGRAMS tag is set to YES, doxygen will generate a class diagram
+# (in HTML and LaTeX) for classes with base or super classes. Setting the tag to
+# NO turns the diagrams off. Note that this option also works with HAVE_DOT
+# disabled, but it is recommended to install and use dot, since it yields more
+# powerful graphs.
+# The default value is: YES.
+
+CLASS_DIAGRAMS = YES
+
+# You can define message sequence charts within doxygen comments using the \msc
+# command. Doxygen will then run the mscgen tool (see:
+# http://www.mcternan.me.uk/mscgen/)) to produce the chart and insert it in the
+# documentation. The MSCGEN_PATH tag allows you to specify the directory where
+# the mscgen tool resides. If left empty the tool is assumed to be found in the
+# default search path.
+
+MSCGEN_PATH =
+
+# You can include diagrams made with dia in doxygen documentation. Doxygen will
+# then run dia to produce the diagram and insert it in the documentation. The
+# DIA_PATH tag allows you to specify the directory where the dia binary resides.
+# If left empty dia is assumed to be found in the default search path.
+
+DIA_PATH =
+
+# If set to YES the inheritance and collaboration graphs will hide inheritance
+# and usage relations if the target is undocumented or is not a class.
+# The default value is: YES.
+
+HIDE_UNDOC_RELATIONS = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
+# available from the path. This tool is part of Graphviz (see:
+# http://www.graphviz.org/), a graph visualization toolkit from AT&T and Lucent
+# Bell Labs. The other options in this section have no effect if this option is
+# set to NO
+# The default value is: NO.
+
+HAVE_DOT = NO
+
+# The DOT_NUM_THREADS specifies the number of dot invocations doxygen is allowed
+# to run in parallel. When set to 0 doxygen will base this on the number of
+# processors available in the system. You can set it explicitly to a value
+# larger than 0 to get control over the balance between CPU load and processing
+# speed.
+# Minimum value: 0, maximum value: 32, default value: 0.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+DOT_NUM_THREADS = 0
+
+# When you want a differently looking font in the dot files that doxygen
+# generates you can specify the font name using DOT_FONTNAME. You need to make
+# sure dot is able to find the font, which can be done by putting it in a
+# standard location or by setting the DOTFONTPATH environment variable or by
+# setting DOT_FONTPATH to the directory containing the font.
+# The default value is: Helvetica.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+DOT_FONTNAME = Helvetica
+
+# The DOT_FONTSIZE tag can be used to set the size (in points) of the font of
+# dot graphs.
+# Minimum value: 4, maximum value: 24, default value: 10.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+DOT_FONTSIZE = 10
+
+# By default doxygen will tell dot to use the default font as specified with
+# DOT_FONTNAME. If you specify a different font using DOT_FONTNAME you can set
+# the path where dot can find it using this tag.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+DOT_FONTPATH =
+
+# If the CLASS_GRAPH tag is set to YES then doxygen will generate a graph for
+# each documented class showing the direct and indirect inheritance relations.
+# Setting this tag to YES will force the CLASS_DIAGRAMS tag to NO.
+# The default value is: YES.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+CLASS_GRAPH = YES
+
+# If the COLLABORATION_GRAPH tag is set to YES then doxygen will generate a
+# graph for each documented class showing the direct and indirect implementation
+# dependencies (inheritance, containment, and class references variables) of the
+# class with other documented classes.
+# The default value is: YES.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+COLLABORATION_GRAPH = YES
+
+# If the GROUP_GRAPHS tag is set to YES then doxygen will generate a graph for
+# groups, showing the direct groups dependencies.
+# The default value is: YES.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+GROUP_GRAPHS = YES
+
+# If the UML_LOOK tag is set to YES, doxygen will generate inheritance and
+# collaboration diagrams in a style similar to the OMG's Unified Modeling
+# Language.
+# The default value is: NO.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+UML_LOOK = NO
+
+# If the UML_LOOK tag is enabled, the fields and methods are shown inside the
+# class node. If there are many fields or methods and many nodes the graph may
+# become too big to be useful. The UML_LIMIT_NUM_FIELDS threshold limits the
+# number of items for each type to make the size more manageable. Set this to 0
+# for no limit. Note that the threshold may be exceeded by 50% before the limit
+# is enforced. So when you set the threshold to 10, up to 15 fields may appear,
+# but if the number exceeds 15, the total amount of fields shown is limited to
+# 10.
+# Minimum value: 0, maximum value: 100, default value: 10.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+UML_LIMIT_NUM_FIELDS = 10
+
+# If the TEMPLATE_RELATIONS tag is set to YES then the inheritance and
+# collaboration graphs will show the relations between templates and their
+# instances.
+# The default value is: NO.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+TEMPLATE_RELATIONS = YES
+
+# If the INCLUDE_GRAPH, ENABLE_PREPROCESSING and SEARCH_INCLUDES tags are set to
+# YES then doxygen will generate a graph for each documented file showing the
+# direct and indirect include dependencies of the file with other documented
+# files.
+# The default value is: YES.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+INCLUDE_GRAPH = YES
+
+# If the INCLUDED_BY_GRAPH, ENABLE_PREPROCESSING and SEARCH_INCLUDES tags are
+# set to YES then doxygen will generate a graph for each documented file showing
+# the direct and indirect include dependencies of the file with other documented
+# files.
+# The default value is: YES.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+INCLUDED_BY_GRAPH = YES
+
+# If the CALL_GRAPH tag is set to YES then doxygen will generate a call
+# dependency graph for every global function or class method.
+#
+# Note that enabling this option will significantly increase the time of a run.
+# So in most cases it will be better to enable call graphs for selected
+# functions only using the \callgraph command. Disabling a call graph can be
+# accomplished by means of the command \hidecallgraph.
+# The default value is: NO.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+CALL_GRAPH = NO
+
+# If the CALLER_GRAPH tag is set to YES then doxygen will generate a caller
+# dependency graph for every global function or class method.
+#
+# Note that enabling this option will significantly increase the time of a run.
+# So in most cases it will be better to enable caller graphs for selected
+# functions only using the \callergraph command. Disabling a caller graph can be
+# accomplished by means of the command \hidecallergraph.
+# The default value is: NO.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+CALLER_GRAPH = NO
+
+# If the GRAPHICAL_HIERARCHY tag is set to YES then doxygen will graphical
+# hierarchy of all classes instead of a textual one.
+# The default value is: YES.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+GRAPHICAL_HIERARCHY = YES
+
+# If the DIRECTORY_GRAPH tag is set to YES then doxygen will show the
+# dependencies a directory has on other directories in a graphical way. The
+# dependency relations are determined by the #include relations between the
+# files in the directories.
+# The default value is: YES.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+DIRECTORY_GRAPH = YES
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
+# generated by dot. For an explanation of the image formats see the section
+# output formats in the documentation of the dot tool (Graphviz (see:
+# http://www.graphviz.org/)).
+# Note: If you choose svg you need to set HTML_FILE_EXTENSION to xhtml in order
+# to make the SVG files visible in IE 9+ (other browsers do not have this
+# requirement).
+# Possible values are: png, jpg, gif, svg, png:gd, png:gd:gd, png:cairo,
+# png:cairo:gd, png:cairo:cairo, png:cairo:gdiplus, png:gdiplus and
+# png:gdiplus:gdiplus.
+# The default value is: png.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+DOT_IMAGE_FORMAT = png
+
+# If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to
+# enable generation of interactive SVG images that allow zooming and panning.
+#
+# Note that this requires a modern browser other than Internet Explorer. Tested
+# and working are Firefox, Chrome, Safari, and Opera.
+# Note: For IE 9+ you need to set HTML_FILE_EXTENSION to xhtml in order to make
+# the SVG files visible. Older versions of IE do not have SVG support.
+# The default value is: NO.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+INTERACTIVE_SVG = NO
+
+# The DOT_PATH tag can be used to specify the path where the dot tool can be
+# found. If left blank, it is assumed the dot tool can be found in the path.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+DOT_PATH =
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that
+# contain dot files that are included in the documentation (see the \dotfile
+# command).
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+DOTFILE_DIRS =
+
+# The MSCFILE_DIRS tag can be used to specify one or more directories that
+# contain msc files that are included in the documentation (see the \mscfile
+# command).
+
+MSCFILE_DIRS =
+
+# The DIAFILE_DIRS tag can be used to specify one or more directories that
+# contain dia files that are included in the documentation (see the \diafile
+# command).
+
+DIAFILE_DIRS =
+
+# When using plantuml, the PLANTUML_JAR_PATH tag should be used to specify the
+# path where java can find the plantuml.jar file. If left blank, it is assumed
+# PlantUML is not used or called during a preprocessing step. Doxygen will
+# generate a warning when it encounters a \startuml command in this case and
+# will not generate output for the diagram.
+
+PLANTUML_JAR_PATH =
+
+# When using plantuml, the specified paths are searched for files specified by
+# the !include statement in a plantuml block.
+
+PLANTUML_INCLUDE_PATH =
+
+# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of nodes
+# that will be shown in the graph. If the number of nodes in a graph becomes
+# larger than this value, doxygen will truncate the graph, which is visualized
+# by representing a node as a red box. Note that doxygen if the number of direct
+# children of the root node in a graph is already larger than
+# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note that
+# the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH.
+# Minimum value: 0, maximum value: 10000, default value: 50.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+DOT_GRAPH_MAX_NODES = 50
+
+# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the graphs
+# generated by dot. A depth value of 3 means that only nodes reachable from the
+# root by following a path via at most 3 edges will be shown. Nodes that lay
+# further from the root node will be omitted. Note that setting this option to 1
+# or 2 may greatly reduce the computation time needed for large code bases. Also
+# note that the size of a graph can be further restricted by
+# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction.
+# Minimum value: 0, maximum value: 1000, default value: 0.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+MAX_DOT_GRAPH_DEPTH = 0
+
+# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
+# background. This is disabled by default, because dot on Windows does not seem
+# to support this out of the box.
+#
+# Warning: Depending on the platform used, enabling this option may lead to
+# badly anti-aliased labels on the edges of a graph (i.e. they become hard to
+# read).
+# The default value is: NO.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+DOT_TRANSPARENT = NO
+
+# Set the DOT_MULTI_TARGETS tag to YES to allow dot to generate multiple output
+# files in one run (i.e. multiple -o and -T options on the command line). This
+# makes dot run faster, but since only newer versions of dot (>1.8.10) support
+# this, this feature is disabled by default.
+# The default value is: NO.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+DOT_MULTI_TARGETS = NO
+
+# If the GENERATE_LEGEND tag is set to YES doxygen will generate a legend page
+# explaining the meaning of the various boxes and arrows in the dot generated
+# graphs.
+# The default value is: YES.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+GENERATE_LEGEND = YES
+
+# If the DOT_CLEANUP tag is set to YES, doxygen will remove the intermediate dot
+# files that are used to generate the various graphs.
+# The default value is: YES.
+# This tag requires that the tag HAVE_DOT is set to YES.
+
+DOT_CLEANUP = YES
# Cisco Systems, Inc.
#
# This makefile does not use the autoconf system; we don't really need
-# it. We just run doxygen then latex. If you don't have either of
-# these, then there is no way that you can make your own
-# documentation. Of course, you can just go online at pick up the
-# documentation from http://srtp.sourceforge.net.
+# it. We just run doxygen.
+# The most up to date documentation can be found at www.github.com/cisco/libsrtp
srcdir = @srcdir@
top_srcdir = @top_srcdir@
version = $(shell cat $(top_srcdir)/VERSION)
-
-.PHONY: libsrtpdoc cryptodoc clean
-libsrtpdoc:
- @if test ! -e Doxyfile; then \
+.PHONY: libsrtpdoc clean
+libsrtpdoc:
+ @if test ! -e Doxyfile.in; then \
echo "*** Sorry, can't build doc outside source dir"; exit 1; \
fi
- sed 's/LIBSRTPVERSION/$(version)/' header.template > header.tex
+ sed 's/LIBSRTPVERSIONNUMBER/$(version)/' Doxyfile.in > Doxyfile
doxygen
- sed 's/\subsection/\section/' latex/index.tex > latex/index.tmp
- mv latex/index.tmp latex/index.tex
- cd latex; make
- cp latex/refman.pdf libsrtp.pdf
-
-
-cryptodoc: clean
- doxygen crypto.dox
- cd latex; make
- cp latex/refman.pdf crypto.pdf
clean:
- rm -rf latex/ header.tex
- for a in * ; do \
- if [ -f "$$a~" ] ; then rm -f $$a~; fi; \
- done;
+
+ rm -rf html/ Doxyfile
+ for a in * ; do \
+ if [ -f "$$a~" ] ; then rm -f $$a~; fi; \
+ done;
--- /dev/null
+/* The standard CSS for doxygen 1.8.11 */
+
+body, table, div, p, dl {
+ font: 400 14px/22px Roboto,sans-serif;
+}
+
+body {
+ max-width: 800px;
+ margin: 0 auto;
+}
+
+/* @group Heading Levels */
+
+h1.groupheader {
+ font-size: 150%;
+}
+
+.title {
+ font: 400 14px/28px Roboto,sans-serif;
+ font-size: 150%;
+ font-weight: bold;
+ margin: 10px 2px;
+}
+
+h2.groupheader {
+ border-bottom: 1px solid #879ECB;
+ color: #354C7B;
+ font-size: 150%;
+ font-weight: normal;
+ margin-top: 1.75em;
+ padding-top: 8px;
+ padding-bottom: 4px;
+ width: 100%;
+}
+
+h3.groupheader {
+ font-size: 100%;
+}
+
+h1, h2, h3, h4, h5, h6 {
+ -webkit-transition: text-shadow 0.5s linear;
+ -moz-transition: text-shadow 0.5s linear;
+ -ms-transition: text-shadow 0.5s linear;
+ -o-transition: text-shadow 0.5s linear;
+ transition: text-shadow 0.5s linear;
+ margin-right: 15px;
+}
+
+h1.glow, h2.glow, h3.glow, h4.glow, h5.glow, h6.glow {
+ text-shadow: 0 0 15px cyan;
+}
+
+dt {
+ font-weight: bold;
+}
+
+div.multicol {
+ -moz-column-gap: 1em;
+ -webkit-column-gap: 1em;
+ -moz-column-count: 3;
+ -webkit-column-count: 3;
+}
+
+p.startli, p.startdd {
+ margin-top: 2px;
+}
+
+p.starttd {
+ margin-top: 0px;
+}
+
+p.endli {
+ margin-bottom: 0px;
+}
+
+p.enddd {
+ margin-bottom: 4px;
+}
+
+p.endtd {
+ margin-bottom: 2px;
+}
+
+/* @end */
+
+caption {
+ font-weight: bold;
+}
+
+span.legend {
+ font-size: 70%;
+ text-align: center;
+}
+
+h3.version {
+ font-size: 90%;
+ text-align: center;
+}
+
+div.qindex, div.navtab{
+ background-color: #EBEFF6;
+ border: 1px solid #A3B4D7;
+ text-align: center;
+}
+
+div.qindex, div.navpath {
+ width: 100%;
+ line-height: 140%;
+}
+
+div.navtab {
+ margin-right: 15px;
+}
+
+/* @group Link Styling */
+
+a {
+ color: #3D578C;
+ font-weight: normal;
+ text-decoration: none;
+}
+
+.contents a:visited {
+ color: #4665A2;
+}
+
+a:hover {
+ text-decoration: underline;
+}
+
+a.qindex {
+ font-weight: bold;
+}
+
+a.qindexHL {
+ font-weight: bold;
+ background-color: #9CAFD4;
+ color: #ffffff;
+ border: 1px double #869DCA;
+}
+
+.contents a.qindexHL:visited {
+ color: #ffffff;
+}
+
+a.el {
+ font-weight: bold;
+}
+
+a.elRef {
+}
+
+a.code, a.code:visited, a.line, a.line:visited {
+ color: #4665A2;
+}
+
+a.codeRef, a.codeRef:visited, a.lineRef, a.lineRef:visited {
+ color: #4665A2;
+}
+
+/* @end */
+
+dl.el {
+ margin-left: -1cm;
+}
+
+pre.fragment {
+ border: 1px solid #C4CFE5;
+ background-color: #FBFCFD;
+ padding: 4px 6px;
+ margin: 4px 8px 4px 2px;
+ overflow: auto;
+ word-wrap: break-word;
+ font-size: 9pt;
+ line-height: 125%;
+ font-family: monospace, fixed;
+ font-size: 105%;
+}
+
+div.fragment {
+ padding: 4px 6px;
+ margin: 4px 8px 4px 2px;
+ background-color: #FBFCFD;
+ border: 1px solid #C4CFE5;
+}
+
+div.line {
+ font-family: monospace, fixed;
+ font-size: 13px;
+ min-height: 13px;
+ line-height: 1.0;
+ text-wrap: unrestricted;
+ white-space: -moz-pre-wrap; /* Moz */
+ white-space: -pre-wrap; /* Opera 4-6 */
+ white-space: -o-pre-wrap; /* Opera 7 */
+ white-space: pre-wrap; /* CSS3 */
+ word-wrap: break-word; /* IE 5.5+ */
+ text-indent: -53px;
+ padding-left: 53px;
+ padding-bottom: 0px;
+ margin: 0px;
+ -webkit-transition-property: background-color, box-shadow;
+ -webkit-transition-duration: 0.5s;
+ -moz-transition-property: background-color, box-shadow;
+ -moz-transition-duration: 0.5s;
+ -ms-transition-property: background-color, box-shadow;
+ -ms-transition-duration: 0.5s;
+ -o-transition-property: background-color, box-shadow;
+ -o-transition-duration: 0.5s;
+ transition-property: background-color, box-shadow;
+ transition-duration: 0.5s;
+}
+
+div.line:after {
+ content:"\000A";
+ white-space: pre;
+}
+
+div.line.glow {
+ background-color: cyan;
+ box-shadow: 0 0 10px cyan;
+}
+
+
+span.lineno {
+ padding-right: 4px;
+ text-align: right;
+ border-right: 2px solid #0F0;
+ background-color: #E8E8E8;
+ white-space: pre;
+}
+span.lineno a {
+ background-color: #D8D8D8;
+}
+
+span.lineno a:hover {
+ background-color: #C8C8C8;
+}
+
+div.ah, span.ah {
+ background-color: black;
+ font-weight: bold;
+ color: #ffffff;
+ margin-bottom: 3px;
+ margin-top: 3px;
+ padding: 0.2em;
+ border: solid thin #333;
+ border-radius: 0.5em;
+ -webkit-border-radius: .5em;
+ -moz-border-radius: .5em;
+ box-shadow: 2px 2px 3px #999;
+ -webkit-box-shadow: 2px 2px 3px #999;
+ -moz-box-shadow: rgba(0, 0, 0, 0.15) 2px 2px 2px;
+ background-image: -webkit-gradient(linear, left top, left bottom, from(#eee), to(#000),color-stop(0.3, #444));
+ background-image: -moz-linear-gradient(center top, #eee 0%, #444 40%, #000 110%);
+}
+
+div.classindex ul {
+ list-style: none;
+ padding-left: 0;
+}
+
+div.classindex span.ai {
+ display: inline-block;
+}
+
+div.groupHeader {
+ margin-left: 16px;
+ margin-top: 12px;
+ font-weight: bold;
+}
+
+div.groupText {
+ margin-left: 16px;
+ font-style: italic;
+}
+
+body {
+ background-color: white;
+ color: black;
+}
+
+div.contents {
+ margin-top: 10px;
+ margin-left: 12px;
+ margin-right: 8px;
+}
+
+td.indexkey {
+ background-color: #EBEFF6;
+ font-weight: bold;
+ border: 1px solid #C4CFE5;
+ margin: 2px 0px 2px 0;
+ padding: 2px 10px;
+ white-space: nowrap;
+ vertical-align: top;
+}
+
+td.indexvalue {
+ background-color: #EBEFF6;
+ border: 1px solid #C4CFE5;
+ padding: 2px 10px;
+ margin: 2px 0px;
+}
+
+tr.memlist {
+ background-color: #EEF1F7;
+}
+
+p.formulaDsp {
+ text-align: center;
+}
+
+img.formulaDsp {
+
+}
+
+img.formulaInl {
+ vertical-align: middle;
+}
+
+div.center {
+ text-align: center;
+ margin-top: 0px;
+ margin-bottom: 0px;
+ padding: 0px;
+}
+
+div.center img {
+ border: 0px;
+}
+
+address.footer {
+ text-align: right;
+ padding-right: 12px;
+}
+
+img.footer {
+ border: 0px;
+ vertical-align: middle;
+}
+
+/* @group Code Colorization */
+
+span.keyword {
+ color: #008000
+}
+
+span.keywordtype {
+ color: #604020
+}
+
+span.keywordflow {
+ color: #e08000
+}
+
+span.comment {
+ color: #800000
+}
+
+span.preprocessor {
+ color: #806020
+}
+
+span.stringliteral {
+ color: #002080
+}
+
+span.charliteral {
+ color: #008080
+}
+
+span.vhdldigit {
+ color: #ff00ff
+}
+
+span.vhdlchar {
+ color: #000000
+}
+
+span.vhdlkeyword {
+ color: #700070
+}
+
+span.vhdllogic {
+ color: #ff0000
+}
+
+blockquote {
+ background-color: #F7F8FB;
+ border-left: 2px solid #9CAFD4;
+ margin: 0 24px 0 4px;
+ padding: 0 12px 0 16px;
+}
+
+/* @end */
+
+
+.search {
+ color: #003399;
+ font-weight: bold;
+}
+
+form.search {
+ margin-bottom: 0px;
+ margin-top: 0px;
+}
+
+input.search {
+ font-size: 75%;
+ color: #000080;
+ font-weight: normal;
+ background-color: #e8eef2;
+}
+
+
+td.tiny {
+ font-size: 75%;
+}
+
+.dirtab {
+ padding: 4px;
+ border-collapse: collapse;
+ border: 1px solid #A3B4D7;
+}
+
+th.dirtab {
+ background: #EBEFF6;
+ font-weight: bold;
+}
+
+hr {
+ height: 0px;
+ border: none;
+ border-top: 1px solid #4A6AAA;
+}
+
+hr.footer {
+ height: 1px;
+}
+
+/* @group Member Descriptions */
+
+table.memberdecls {
+ border-spacing: 0px;
+ padding: 0px;
+}
+
+.memberdecls td, .fieldtable tr {
+ -webkit-transition-property: background-color, box-shadow;
+ -webkit-transition-duration: 0.5s;
+ -moz-transition-property: background-color, box-shadow;
+ -moz-transition-duration: 0.5s;
+ -ms-transition-property: background-color, box-shadow;
+ -ms-transition-duration: 0.5s;
+ -o-transition-property: background-color, box-shadow;
+ -o-transition-duration: 0.5s;
+ transition-property: background-color, box-shadow;
+ transition-duration: 0.5s;
+}
+
+.memberdecls td.glow, .fieldtable tr.glow {
+ background-color: cyan;
+ box-shadow: 0 0 15px cyan;
+}
+
+.mdescLeft, .mdescRight,
+.memItemLeft, .memItemRight,
+.memTemplItemLeft, .memTemplItemRight, .memTemplParams {
+ background-color: #F9FAFC;
+ border: none;
+ margin: 4px;
+ padding: 1px 0 0 8px;
+}
+
+.mdescLeft, .mdescRight {
+ padding: 0px 8px 4px 8px;
+ color: #555;
+}
+
+.memSeparator {
+ border-bottom: 1px solid #DEE4F0;
+ line-height: 1px;
+ margin: 0px;
+ padding: 0px;
+}
+
+.memItemLeft, .memTemplItemLeft {
+ white-space: nowrap;
+}
+
+.memItemRight {
+ width: 100%;
+}
+
+.memTemplParams {
+ color: #4665A2;
+ white-space: nowrap;
+ font-size: 80%;
+}
+
+/* @end */
+
+/* @group Member Details */
+
+/* Styles for detailed member documentation */
+
+.memtemplate {
+ font-size: 80%;
+ color: #4665A2;
+ font-weight: normal;
+ margin-left: 9px;
+}
+
+.memnav {
+ background-color: #EBEFF6;
+ border: 1px solid #A3B4D7;
+ text-align: center;
+ margin: 2px;
+ margin-right: 15px;
+ padding: 2px;
+}
+
+.mempage {
+ width: 100%;
+}
+
+.memitem {
+ padding: 0;
+ margin-bottom: 10px;
+ margin-right: 5px;
+ -webkit-transition: box-shadow 0.5s linear;
+ -moz-transition: box-shadow 0.5s linear;
+ -ms-transition: box-shadow 0.5s linear;
+ -o-transition: box-shadow 0.5s linear;
+ transition: box-shadow 0.5s linear;
+ display: table !important;
+ width: 100%;
+}
+
+.memitem.glow {
+ box-shadow: 0 0 15px cyan;
+}
+
+.memname {
+ font-weight: bold;
+ margin-left: 6px;
+}
+
+.memname td {
+ vertical-align: bottom;
+}
+
+.memproto, dl.reflist dt {
+ border-top: 1px solid #A8B8D9;
+ border-left: 1px solid #A8B8D9;
+ border-right: 1px solid #A8B8D9;
+ padding: 6px 0px 6px 0px;
+ color: #253555;
+ font-weight: bold;
+ text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.9);
+ background-image:url('nav_f.png');
+ background-repeat:repeat-x;
+ background-color: #E2E8F2;
+ /* opera specific markup */
+ box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15);
+ border-top-right-radius: 4px;
+ border-top-left-radius: 4px;
+ /* firefox specific markup */
+ -moz-box-shadow: rgba(0, 0, 0, 0.15) 5px 5px 5px;
+ -moz-border-radius-topright: 4px;
+ -moz-border-radius-topleft: 4px;
+ /* webkit specific markup */
+ -webkit-box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15);
+ -webkit-border-top-right-radius: 4px;
+ -webkit-border-top-left-radius: 4px;
+
+}
+
+.memdoc, dl.reflist dd {
+ border-bottom: 1px solid #A8B8D9;
+ border-left: 1px solid #A8B8D9;
+ border-right: 1px solid #A8B8D9;
+ padding: 6px 10px 2px 10px;
+ background-color: #FBFCFD;
+ border-top-width: 0;
+ background-image:url('nav_g.png');
+ background-repeat:repeat-x;
+ background-color: #FFFFFF;
+ /* opera specific markup */
+ border-bottom-left-radius: 4px;
+ border-bottom-right-radius: 4px;
+ box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15);
+ /* firefox specific markup */
+ -moz-border-radius-bottomleft: 4px;
+ -moz-border-radius-bottomright: 4px;
+ -moz-box-shadow: rgba(0, 0, 0, 0.15) 5px 5px 5px;
+ /* webkit specific markup */
+ -webkit-border-bottom-left-radius: 4px;
+ -webkit-border-bottom-right-radius: 4px;
+ -webkit-box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15);
+}
+
+dl.reflist dt {
+ padding: 5px;
+}
+
+dl.reflist dd {
+ margin: 0px 0px 10px 0px;
+ padding: 5px;
+}
+
+.paramkey {
+ text-align: right;
+}
+
+.paramtype {
+ white-space: nowrap;
+}
+
+.paramname {
+ color: #602020;
+ white-space: nowrap;
+}
+.paramname em {
+ font-style: normal;
+}
+.paramname code {
+ line-height: 14px;
+}
+
+.params, .retval, .exception, .tparams {
+ margin-left: 0px;
+ padding-left: 0px;
+}
+
+.params .paramname, .retval .paramname {
+ font-weight: bold;
+ vertical-align: top;
+}
+
+.params .paramtype {
+ font-style: italic;
+ vertical-align: top;
+}
+
+.params .paramdir {
+ font-family: "courier new",courier,monospace;
+ vertical-align: top;
+}
+
+table.mlabels {
+ border-spacing: 0px;
+}
+
+td.mlabels-left {
+ width: 100%;
+ padding: 0px;
+}
+
+td.mlabels-right {
+ vertical-align: bottom;
+ padding: 0px;
+ white-space: nowrap;
+}
+
+span.mlabels {
+ margin-left: 8px;
+}
+
+span.mlabel {
+ background-color: #728DC1;
+ border-top:1px solid #5373B4;
+ border-left:1px solid #5373B4;
+ border-right:1px solid #C4CFE5;
+ border-bottom:1px solid #C4CFE5;
+ text-shadow: none;
+ color: white;
+ margin-right: 4px;
+ padding: 2px 3px;
+ border-radius: 3px;
+ font-size: 7pt;
+ white-space: nowrap;
+ vertical-align: middle;
+}
+
+
+
+/* @end */
+
+/* these are for tree view inside a (index) page */
+
+div.directory {
+ margin: 10px 0px;
+ border-top: 1px solid #9CAFD4;
+ border-bottom: 1px solid #9CAFD4;
+ width: 100%;
+}
+
+.directory table {
+ border-collapse:collapse;
+}
+
+.directory td {
+ margin: 0px;
+ padding: 0px;
+ vertical-align: top;
+}
+
+.directory td.entry {
+ white-space: nowrap;
+ padding-right: 6px;
+ padding-top: 3px;
+}
+
+.directory td.entry a {
+ outline:none;
+}
+
+.directory td.entry a img {
+ border: none;
+}
+
+.directory td.desc {
+ width: 100%;
+ padding-left: 6px;
+ padding-right: 6px;
+ padding-top: 3px;
+ border-left: 1px solid rgba(0,0,0,0.05);
+}
+
+.directory tr.even {
+ padding-left: 6px;
+ background-color: #F7F8FB;
+}
+
+.directory img {
+ vertical-align: -30%;
+}
+
+.directory .levels {
+ white-space: nowrap;
+ width: 100%;
+ text-align: right;
+ font-size: 9pt;
+}
+
+.directory .levels span {
+ cursor: pointer;
+ padding-left: 2px;
+ padding-right: 2px;
+ color: #3D578C;
+}
+
+.arrow {
+ color: #9CAFD4;
+ -webkit-user-select: none;
+ -khtml-user-select: none;
+ -moz-user-select: none;
+ -ms-user-select: none;
+ user-select: none;
+ cursor: pointer;
+ font-size: 80%;
+ display: inline-block;
+ width: 16px;
+ height: 22px;
+}
+
+.icon {
+ font-family: Arial, Helvetica;
+ font-weight: bold;
+ font-size: 12px;
+ height: 14px;
+ width: 16px;
+ display: inline-block;
+ background-color: #728DC1;
+ color: white;
+ text-align: center;
+ border-radius: 4px;
+ margin-left: 2px;
+ margin-right: 2px;
+}
+
+.icona {
+ width: 24px;
+ height: 22px;
+ display: inline-block;
+}
+
+.iconfopen {
+ width: 24px;
+ height: 18px;
+ margin-bottom: 4px;
+ background-image:url('folderopen.png');
+ background-position: 0px -4px;
+ background-repeat: repeat-y;
+ vertical-align:top;
+ display: inline-block;
+}
+
+.iconfclosed {
+ width: 24px;
+ height: 18px;
+ margin-bottom: 4px;
+ background-image:url('folderclosed.png');
+ background-position: 0px -4px;
+ background-repeat: repeat-y;
+ vertical-align:top;
+ display: inline-block;
+}
+
+.icondoc {
+ width: 24px;
+ height: 18px;
+ margin-bottom: 4px;
+ background-image:url('doc.png');
+ background-position: 0px -4px;
+ background-repeat: repeat-y;
+ vertical-align:top;
+ display: inline-block;
+}
+
+table.directory {
+ font: 400 14px Roboto,sans-serif;
+}
+
+/* @end */
+
+div.dynheader {
+ margin-top: 8px;
+ -webkit-touch-callout: none;
+ -webkit-user-select: none;
+ -khtml-user-select: none;
+ -moz-user-select: none;
+ -ms-user-select: none;
+ user-select: none;
+}
+
+address {
+ font-style: normal;
+ color: #2A3D61;
+}
+
+table.doxtable caption {
+ caption-side: top;
+}
+
+table.doxtable {
+ border-collapse:collapse;
+ margin-top: 4px;
+ margin-bottom: 4px;
+}
+
+table.doxtable td, table.doxtable th {
+ border: 1px solid #2D4068;
+ padding: 3px 7px 2px;
+}
+
+table.doxtable th {
+ background-color: #374F7F;
+ color: #FFFFFF;
+ font-size: 110%;
+ padding-bottom: 4px;
+ padding-top: 5px;
+}
+
+table.fieldtable {
+ width: 100%;
+ margin-bottom: 10px;
+ border: 1px solid #A8B8D9;
+ border-spacing: 0px;
+ -moz-border-radius: 4px;
+ -webkit-border-radius: 4px;
+ border-radius: 4px;
+ -moz-box-shadow: rgba(0, 0, 0, 0.15) 2px 2px 2px;
+ -webkit-box-shadow: 2px 2px 2px rgba(0, 0, 0, 0.15);
+ box-shadow: 2px 2px 2px rgba(0, 0, 0, 0.15);
+}
+
+.fieldtable td, .fieldtable th {
+ padding: 3px 7px 2px;
+}
+
+.fieldtable td.fieldtype, .fieldtable td.fieldname {
+ white-space: nowrap;
+ border-right: 1px solid #A8B8D9;
+ border-bottom: 1px solid #A8B8D9;
+ vertical-align: top;
+}
+
+.fieldtable td.fieldname {
+ padding-top: 3px;
+}
+
+.fieldtable td.fielddoc {
+ border-bottom: 1px solid #A8B8D9;
+ width: 100%;
+}
+
+.fieldtable td.fielddoc p:first-child {
+ margin-top: 0px;
+}
+
+.fieldtable td.fielddoc p:last-child {
+ margin-bottom: 2px;
+}
+
+.fieldtable tr:last-child td {
+ border-bottom: none;
+}
+
+.fieldtable th {
+ background-image:url('nav_f.png');
+ background-repeat:repeat-x;
+ background-color: #E2E8F2;
+ font-size: 90%;
+ color: #253555;
+ padding-bottom: 4px;
+ padding-top: 5px;
+ text-align:left;
+ -moz-border-radius-topleft: 4px;
+ -moz-border-radius-topright: 4px;
+ -webkit-border-top-left-radius: 4px;
+ -webkit-border-top-right-radius: 4px;
+ border-top-left-radius: 4px;
+ border-top-right-radius: 4px;
+ border-bottom: 1px solid #A8B8D9;
+}
+
+
+.tabsearch {
+ top: 0px;
+ left: 10px;
+ height: 36px;
+ background-image: url('tab_b.png');
+ z-index: 101;
+ overflow: hidden;
+ font-size: 13px;
+}
+
+.navpath ul
+{
+ font-size: 11px;
+ background-image:url('tab_b.png');
+ background-repeat:repeat-x;
+ background-position: 0 -5px;
+ height:30px;
+ line-height:30px;
+ color:#8AA0CC;
+ border:solid 1px #C2CDE4;
+ overflow:hidden;
+ margin:0px;
+ padding:0px;
+}
+
+.navpath li
+{
+ list-style-type:none;
+ float:left;
+ padding-left:10px;
+ padding-right:15px;
+ background-image:url('bc_s.png');
+ background-repeat:no-repeat;
+ background-position:right;
+ color:#364D7C;
+}
+
+.navpath li.navelem a
+{
+ height:32px;
+ display:block;
+ text-decoration: none;
+ outline: none;
+ color: #283A5D;
+ font-family: 'Lucida Grande',Geneva,Helvetica,Arial,sans-serif;
+ text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.9);
+ text-decoration: none;
+}
+
+.navpath li.navelem a:hover
+{
+ color:#6884BD;
+}
+
+.navpath li.footer
+{
+ list-style-type:none;
+ float:right;
+ padding-left:10px;
+ padding-right:15px;
+ background-image:none;
+ background-repeat:no-repeat;
+ background-position:right;
+ color:#364D7C;
+ font-size: 8pt;
+}
+
+
+div.summary
+{
+ float: right;
+ font-size: 8pt;
+ padding-right: 5px;
+ width: 50%;
+ text-align: right;
+}
+
+div.summary a
+{
+ white-space: nowrap;
+}
+
+table.classindex
+{
+ margin: 10px;
+ white-space: nowrap;
+ margin-left: 3%;
+ margin-right: 3%;
+ width: 94%;
+ border: 0;
+ border-spacing: 0;
+ padding: 0;
+}
+
+div.ingroups
+{
+ font-size: 8pt;
+ width: 50%;
+ text-align: left;
+}
+
+div.ingroups a
+{
+ white-space: nowrap;
+}
+
+div.header
+{
+ background-image:url('nav_h.png');
+ background-repeat:repeat-x;
+ background-color: #F9FAFC;
+ margin: 0px;
+ border-bottom: 1px solid #C4CFE5;
+}
+
+div.headertitle
+{
+ padding: 5px 5px 5px 10px;
+}
+
+dl
+{
+ padding: 0 0 0 10px;
+}
+
+/* dl.note, dl.warning, dl.attention, dl.pre, dl.post, dl.invariant, dl.deprecated, dl.todo, dl.test, dl.bug */
+dl.section
+{
+ margin-left: 0px;
+ padding-left: 0px;
+}
+
+dl.note
+{
+ margin-left:-7px;
+ padding-left: 3px;
+ border-left:4px solid;
+ border-color: #D0C000;
+}
+
+dl.warning, dl.attention
+{
+ margin-left:-7px;
+ padding-left: 3px;
+ border-left:4px solid;
+ border-color: #FF0000;
+}
+
+dl.pre, dl.post, dl.invariant
+{
+ margin-left:-7px;
+ padding-left: 3px;
+ border-left:4px solid;
+ border-color: #00D000;
+}
+
+dl.deprecated
+{
+ margin-left:-7px;
+ padding-left: 3px;
+ border-left:4px solid;
+ border-color: #505050;
+}
+
+dl.todo
+{
+ margin-left:-7px;
+ padding-left: 3px;
+ border-left:4px solid;
+ border-color: #00C0E0;
+}
+
+dl.test
+{
+ margin-left:-7px;
+ padding-left: 3px;
+ border-left:4px solid;
+ border-color: #3030E0;
+}
+
+dl.bug
+{
+ margin-left:-7px;
+ padding-left: 3px;
+ border-left:4px solid;
+ border-color: #C08050;
+}
+
+dl.section dd {
+ margin-bottom: 6px;
+}
+
+
+#projectlogo
+{
+ text-align: center;
+ vertical-align: bottom;
+ border-collapse: separate;
+}
+
+#projectlogo img
+{
+ border: 0px none;
+}
+
+#projectalign
+{
+ vertical-align: middle;
+}
+
+#projectname
+{
+ font: 300% Tahoma, Arial,sans-serif;
+ margin: 0px;
+ padding: 2px 0px;
+}
+
+#projectbrief
+{
+ font: 120% Tahoma, Arial,sans-serif;
+ margin: 0px;
+ padding: 0px;
+}
+
+#projectnumber
+{
+ font: 50% Tahoma, Arial,sans-serif;
+ margin: 0px;
+ padding: 0px;
+}
+
+#titlearea
+{
+ padding: 0px;
+ margin: 0px;
+ width: 100%;
+ border-bottom: 1px solid #5373B4;
+}
+
+.image
+{
+ text-align: center;
+}
+
+.dotgraph
+{
+ text-align: center;
+}
+
+.mscgraph
+{
+ text-align: center;
+}
+
+.diagraph
+{
+ text-align: center;
+}
+
+.caption
+{
+ font-weight: bold;
+}
+
+div.zoom
+{
+ border: 1px solid #90A5CE;
+}
+
+dl.citelist {
+ margin-bottom:50px;
+}
+
+dl.citelist dt {
+ color:#334975;
+ float:left;
+ font-weight:bold;
+ margin-right:10px;
+ padding:5px;
+}
+
+dl.citelist dd {
+ margin:2px 0;
+ padding:5px 0;
+}
+
+div.toc {
+ padding: 14px 25px;
+ background-color: #F4F6FA;
+ border: 1px solid #D8DFEE;
+ border-radius: 7px 7px 7px 7px;
+ float: right;
+ height: auto;
+ margin: 0 8px 10px 10px;
+ width: 200px;
+}
+
+div.toc li {
+ background: url("bdwn.png") no-repeat scroll 0 5px transparent;
+ font: 10px/1.2 Verdana,DejaVu Sans,Geneva,sans-serif;
+ margin-top: 5px;
+ padding-left: 10px;
+ padding-top: 2px;
+}
+
+div.toc h3 {
+ font: bold 12px/1.2 Arial,FreeSans,sans-serif;
+ color: #4665A2;
+ border-bottom: 0 none;
+ margin: 0;
+}
+
+div.toc ul {
+ list-style: none outside none;
+ border: medium none;
+ padding: 0px;
+}
+
+div.toc li.level1 {
+ margin-left: 0px;
+}
+
+div.toc li.level2 {
+ margin-left: 15px;
+}
+
+div.toc li.level3 {
+ margin-left: 30px;
+}
+
+div.toc li.level4 {
+ margin-left: 45px;
+}
+
+.inherit_header {
+ font-weight: bold;
+ color: gray;
+ cursor: pointer;
+ -webkit-touch-callout: none;
+ -webkit-user-select: none;
+ -khtml-user-select: none;
+ -moz-user-select: none;
+ -ms-user-select: none;
+ user-select: none;
+}
+
+.inherit_header td {
+ padding: 6px 0px 2px 5px;
+}
+
+.inherit {
+ display: none;
+}
+
+tr.heading h2 {
+ margin-top: 12px;
+ margin-bottom: 4px;
+}
+
+/* tooltip related style info */
+
+.ttc {
+ position: absolute;
+ display: none;
+}
+
+#powerTip {
+ cursor: default;
+ white-space: nowrap;
+ background-color: white;
+ border: 1px solid gray;
+ border-radius: 4px 4px 4px 4px;
+ box-shadow: 1px 1px 7px gray;
+ display: none;
+ font-size: smaller;
+ max-width: 80%;
+ opacity: 0.9;
+ padding: 1ex 1em 1em;
+ position: absolute;
+ z-index: 2147483647;
+}
+
+#powerTip div.ttdoc {
+ color: grey;
+ font-style: italic;
+}
+
+#powerTip div.ttname a {
+ font-weight: bold;
+}
+
+#powerTip div.ttname {
+ font-weight: bold;
+}
+
+#powerTip div.ttdeci {
+ color: #006318;
+}
+
+#powerTip div {
+ margin: 0px;
+ padding: 0px;
+ font: 12px/16px Roboto,sans-serif;
+}
+
+#powerTip:before, #powerTip:after {
+ content: "";
+ position: absolute;
+ margin: 0px;
+}
+
+#powerTip.n:after, #powerTip.n:before,
+#powerTip.s:after, #powerTip.s:before,
+#powerTip.w:after, #powerTip.w:before,
+#powerTip.e:after, #powerTip.e:before,
+#powerTip.ne:after, #powerTip.ne:before,
+#powerTip.se:after, #powerTip.se:before,
+#powerTip.nw:after, #powerTip.nw:before,
+#powerTip.sw:after, #powerTip.sw:before {
+ border: solid transparent;
+ content: " ";
+ height: 0;
+ width: 0;
+ position: absolute;
+}
+
+#powerTip.n:after, #powerTip.s:after,
+#powerTip.w:after, #powerTip.e:after,
+#powerTip.nw:after, #powerTip.ne:after,
+#powerTip.sw:after, #powerTip.se:after {
+ border-color: rgba(255, 255, 255, 0);
+}
+
+#powerTip.n:before, #powerTip.s:before,
+#powerTip.w:before, #powerTip.e:before,
+#powerTip.nw:before, #powerTip.ne:before,
+#powerTip.sw:before, #powerTip.se:before {
+ border-color: rgba(128, 128, 128, 0);
+}
+
+#powerTip.n:after, #powerTip.n:before,
+#powerTip.ne:after, #powerTip.ne:before,
+#powerTip.nw:after, #powerTip.nw:before {
+ top: 100%;
+}
+
+#powerTip.n:after, #powerTip.ne:after, #powerTip.nw:after {
+ border-top-color: #ffffff;
+ border-width: 10px;
+ margin: 0px -10px;
+}
+#powerTip.n:before {
+ border-top-color: #808080;
+ border-width: 11px;
+ margin: 0px -11px;
+}
+#powerTip.n:after, #powerTip.n:before {
+ left: 50%;
+}
+
+#powerTip.nw:after, #powerTip.nw:before {
+ right: 14px;
+}
+
+#powerTip.ne:after, #powerTip.ne:before {
+ left: 14px;
+}
+
+#powerTip.s:after, #powerTip.s:before,
+#powerTip.se:after, #powerTip.se:before,
+#powerTip.sw:after, #powerTip.sw:before {
+ bottom: 100%;
+}
+
+#powerTip.s:after, #powerTip.se:after, #powerTip.sw:after {
+ border-bottom-color: #ffffff;
+ border-width: 10px;
+ margin: 0px -10px;
+}
+
+#powerTip.s:before, #powerTip.se:before, #powerTip.sw:before {
+ border-bottom-color: #808080;
+ border-width: 11px;
+ margin: 0px -11px;
+}
+
+#powerTip.s:after, #powerTip.s:before {
+ left: 50%;
+}
+
+#powerTip.sw:after, #powerTip.sw:before {
+ right: 14px;
+}
+
+#powerTip.se:after, #powerTip.se:before {
+ left: 14px;
+}
+
+#powerTip.e:after, #powerTip.e:before {
+ left: 100%;
+}
+#powerTip.e:after {
+ border-left-color: #ffffff;
+ border-width: 10px;
+ top: 50%;
+ margin-top: -10px;
+}
+#powerTip.e:before {
+ border-left-color: #808080;
+ border-width: 11px;
+ top: 50%;
+ margin-top: -11px;
+}
+
+#powerTip.w:after, #powerTip.w:before {
+ right: 100%;
+}
+#powerTip.w:after {
+ border-right-color: #ffffff;
+ border-width: 10px;
+ top: 50%;
+ margin-top: -10px;
+}
+#powerTip.w:before {
+ border-right-color: #808080;
+ border-width: 11px;
+ top: 50%;
+ margin-top: -11px;
+}
+
+@media print
+{
+ #top { display: none; }
+ #side-nav { display: none; }
+ #nav-path { display: none; }
+ body { overflow:visible; }
+ h1, h2, h3, h4, h5, h6 { page-break-after: avoid; }
+ .summary { display: none; }
+ .memitem { page-break-inside: avoid; }
+ #doc-content
+ {
+ margin-left:0 !important;
+ height:auto !important;
+ width:auto !important;
+ overflow:inherit;
+ display:inline;
+ }
+}
+
+++ /dev/null
-\r\r\r\r\r\r\r\rCrypto Forum Research Group David A. McGrew\rInternet Draft Cisco Systems, Inc.\rExpires April, 2003 October, 2002\r\r\r\r Integer Counter Mode\r <draft-irtf-cfrg-icm-00.txt>\r\r\rStatus of this Memo\r\r This document is an Internet Draft and is in full conformance with\r all provisions of Section 10 of RFC-2026. Internet Drafts are working\r documents of the Internet Engineering Task Force (IETF), its areas,\r and working groups. Note that other groups may also distribute\r working documents as Internet Drafts.\r\r Internet Drafts are draft documents valid for a maximum of six months\r and may be updated, replaced, or obsoleted by other documents at any\r time. It is inappropriate to use Internet Drafts as reference\r material or to cite them other than as "work in progress."\r\r The list of current Internet-Drafts can be accessed at\r http://www.ietf.org/ietf/1id-abstracts.txt\r\r The list of Internet-Draft Shadow Directories can be accessed at\r http://www.ietf.org/shadow.html.\r\r\r1. Abstract\r\r\r This document specifies Integer Counter Mode (ICM), a mode of\r operation of a block cipher which defines an indexed keystream\r generator (which generates a keystream segment given an index).\r This mode is efficient, parallelizable, and has been proven secure\r given realistic assumptions about the block cipher. Test vectors\r are provided for AES.\r\r Counter Mode admits many variations. The variant specified in\r this document is secure and flexible, yet it enables a single\r implementation of a keystream generator to suffice in different\r application domains.\r\r\r\r\r\r\rMcGrew [Page 1]\r\r\rInternet Draft Integer Counter Mode October, 2002\r\r\r2. Notational Conventions\r\r The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",\r "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in\r this document are to be interpreted as described in RFC-2119 [B97].\r\r\r3. Introduction\r\r Counter Mode is a way to define a pseudorandom keystream generator\r using a block cipher [CTR]. The keystream can be used for additive\r encryption, key derivation, or any other application requiring\r pseudorandom data.\r\r In ICM, the keystream is logically broken into segments. Each\r segment is identified with a segment index, and the segments have\r equal lengths. This segmentation makes ICM especially appropriate\r for securing packet-based protocols.\r\r\r4. ICM\r\r In this section, ICM keystream generation and encryption are\r defined.\r\r\r4.1. ICM Parameters\r\r The following parameters are used in ICM. These parameters MUST\r remain fixed for any given use of a key.\r\r Parameter Meaning\r -----------------------------------------------------------------\r BLOCK_LENGTH the number of octets in the cipher block\r KEY_LENGTH the number of octets in the cipher key\r OFFSET_LENGTH the number of octets in the offset\r SEGMENT_INDEX_LENGTH the number of octets in the segment index\r BLOCK_INDEX_LENGTH the number of octets in the block index\r\r\r4.2. Keystream Segments\r\r Conceptually, ICM is a keystream generator that takes a secret key\r and a segment index as an input and then outputs a keystream\r segment. The segmentation lends itself to packet encryption, as\r each keystream segment can be used to encrypt a distinct packet.\r\r A counter is a value containing BLOCK_LENGTH octets which is\r\r\r\rMcGrew [Page 2]\r\r\rInternet Draft Integer Counter Mode October, 2002\r\r\r incremented using an increment function based on integer addition,\r to produce a sequence of distinct values which are used as inputs to\r the block cipher. (In the context of this specification, an integer\r is an octet string, the most significant of which is the first.)\r The output blocks of the cipher are concatenated to form the\r keystream segment. The first octet of the segment is the first\r octet of the first output block, and so on. A schematic of this\r process is shown in Figure 1.\r\r\r Figure 1. The generation of a keystream segment given a segment\r index and a block cipher key K. Here C[i] and S[i] denote the ith\r counter and keystream block, respectively.\r\r segment\r index\r |\r v\r C[0] -----> C[1] -----> C[2] -----> ...\r | | |\r v v v\r +---+ +---+ +---+\r K->| E | K->| E | K->| E | ...\r +---+ +---+ +---+\r | | |\r v v v\r S[0] S[1] S[2] ...\r\r The ith counter C[i] of the keystream segment with segment index s\r is defined as\r\r C[i] = (i + s * (256^BLOCK_INDEX_LENGTH)) (+) r\r\r where r denotes the shifted Offset, which is defined as the Offset\r times 256^(BLOCK_LENGTH - OFFSET_LENGTH). (This multiplication\r left-shifts the Offset so that it is aligned with the leftmost\r edge of the block.) Here ^ denotes exponentiation and (+) denotes\r the bitwise exclusive-or operation.\r\r The number of blocks in any segment MUST NOT exceed\r 256^BLOCK_INDEX_LENGTH. The number of segments MUST NOT exceed\r 256^SEGMENT_INDEX_LENGTH. These restrictions ensure the uniqueness\r of each block cipher input. They also imply that each segment\r contains no more than (256^BLOCK_INDEX_LENGTH)*BLOCK_LENGTH octets.\r\r The sum of SEGMENT_INDEX_LENGTH and BLOCK_INDEX_LENGTH MUST NOT\r exceed BLOCK_LENGTH / 2. This requirement protects the ICM\r keystream generator from potentially failing to be pseudorandom (see\r\r\r\rMcGrew [Page 3]\r\r\rInternet Draft Integer Counter Mode October, 2002\r\r\r the rationale).\r\r Figure 2. An illustration of the structure of a counter with\r BLOCK_LENGTH = 8, SEGMENT_INDEX_LENGTH = 2, and BLOCK_INDEX_LENGTH\r = 2. The field marked `null' is not part of either the block\r or segment indices.\r\r 0 1 2 3\r 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1\r +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\r | null |\r +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\r | segment index | block index |\r +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\r\r\r4.3. ICM Encryption\r\r Unless otherwise specified, ICM encryption consists of bitwise\r exclusive-oring the keystream into the plaintext to produce\r the ciphertext.\r\r\r4.4 ICM KEY\r\r An ICM key consists of the block cipher key and an Offset. The\r Offset is an integer with OFFSET_LENGTH octets, which is used to\r `randomize' the logical starting point of keystream. The Offset is\r crucial to providing security; see the rationale. The value of\r OFFSET_LENGTH SHOULD be at least half that of BLOCK_LENGTH.\r\r For the purposes of transporting an ICM key, e.g. in a signaling\r protocol, that key SHOULD be considered a sequence of octets in\r which the block cipher key precedes the Offset.\r\r\r5. Implementation Considerations\r\r Implementation of the `add one modulo 2^m' operation is simple. For\r example, with BLOCK_LENGTH = 8 (m=64), it can be implemented in C as\r\r if (!++x) ++y;\r\r where x and y are 32-bit unsigned integers in network byte order.\r The implementation of general purpose addition modulo 2^m is\r slightly more complicated.\r\r The fact that the Offset is left-aligned enables an implementation\r\r\r\rMcGrew [Page 4]\r\r\rInternet Draft Integer Counter Mode October, 2002\r\r\r to avoid propagating carry values outside of the block index and/or\r the segment index. Choosing an OFFSET_LENGTH value equal to half\r that of BLOCK_LENGTH avoids all of these carries, since the Offset\r is then shifted so that it occupies the most significant octets of\r the block, while the block and segment indices occupy the least\r significant ones.\r\r\r6. Parameters and Test Vectors for AES\r\r This section provides ICM parameters and test vectors for AES\r with a 128 bit block size and 128 bit key (that is, with a\r BLOCK_LENGTH and KEY_LENGTH of 16).\r\r All integers are expressed in hexadecimal. Each consecutive pair of\r hex digits corresponds to an octet, so that the integer\r 000102030405060708090A0B0C0D0E0F corresponds to the octet sequence\r { 00, 01, 02, 02 ... }.\r\r BLOCK_LENGTH 16\r KEY_LENGTH 16\r OFFSET_LENGTH 14\r SEGMENT_INDEX_LENGTH 6\r BLOCK_INDEX_LENGTH 2\r\r Block Cipher Key: 2b7e151628aed2a6abf7158809cf4f3c\r Offset: f0f1f2f3f4f5f6f7f8f9fafbfcfd\r Segment Index: 000000000000\r Keystream: e03ead0935c95e80e166b16dd92b4eb4\r d23513162b02d0f72a43a2fe4a5f97ab\r ...\r\r The counter values that correspond to the keystream blocks are\r outlined below.\r\r Counter Keystream\r\r f0f1f2f3f4f5f6f7f8f9fafbfcfd0000 e03ead0935c95e80e166b16dd92b4eb4\r f0f1f2f3f4f5f6f7f8f9fafbfcfd0001 d23513162b02d0f72a43a2fe4a5f97ab\r f0f1f2f3f4f5f6f7f8f9fafbfcfd0002 41e95b3bb0a2e8dd477901e4fca894c0\r ... ...\r\r\r7. Security Considerations\r\r Each block cipher input is distinct for any segment and any block\r index. To see this fact, subtract any two counter values with\r distinct segment or block indices; the result is non-zero.\r\r\r\rMcGrew [Page 5]\r\r\rInternet Draft Integer Counter Mode October, 2002\r\r\r The limitation on the number of segments which can be generated\r ensures that the probability with which an adversary can distinguish\r the keystream generator from random is negligible. For a\r theoretical justification of this fact, see Bellare et. al. [BR98].\r Their analysis shows that if the block cipher cannot be\r distinguished from a random permutation, then the keystream\r generated by ICM cannot be distinguished from keystream generated by\r a truly random process, as long as the length of keystream which is\r generated is kept below some threshold. The threshold defined in\r Section 4.2 is sufficient for most uses of ICM for encryption. This\r specification refrains from dictating a lower threshold in order to\r refrain from dictating a particular policy, and to avoid a\r complicated digression.\r\r The use of the Offset, a key-dependent value which randomizes the\r starting position of the keystream, is essential for security. The\r omission of this mechanism leaves the door open for practical\r attacks, such as the key collision attack and Hellman's time-memory\r tradeoff attack; see McGrew and Fluhrer [MF00] for a description of\r these attacks which is applicable to ICM. Several counter mode\r proposals do not include an offset, and are thus vulnerable to these\r attacks.\r\r\r8. Rationale\r\r This speficiation includes input from implementation experience with\r several counter mode variants. The goals of ICM are to provide:\r\r o a secure keystream generator and cipher, and\r\r o a definition flexible enough that a single implementation can be\r used for a variety of applications (e.g., Secure RTP [SRTP],\r IPsec ESP [KA96]).\r\r The Offset slightly increases the key management overhead, but this\r minor disadvantage is well outweighed by other savings. The Offset\r is no larger than a CBC mode IV, and ICM enables the use of an\r explicit IV (as is commonly used with CBC [MD98]) to be avoided.\r\r\r9. History\r\r This draft is based on draft-mcgrew-saag-icm-00.txt, which was\r submitted to SAAG on November, 2001 and which expired in May, 2002.\r\r The current definition of ICM has changed from the earlier one; the\r counter formation is different and the specifications are\r\r\r\rMcGrew [Page 6]\r\r\rInternet Draft Integer Counter Mode October, 2002\r\r\r unfortunately not interoperable. This change was motivated by a\r considerable amount of feedback on the desirability of admitting\r optimizations of the sort described in Section 5, in which the carry\r operations of counter addition need not be propagated across a large\r register.\r\r The current definition of ICM is interoperable with that defined in\r Secure RTP [SRTP].\r\r\r10. Acknowledgements\r\r Thanks are due to Helger Lipmaa, Jerome Etienne, Scott Fluhrer and\r Mats Naslund for their helpful discussion and comments.\r\r\r11. Contact Information\r\r Questions and comments on this draft SHOULD be sent to:\r\r David A. McGrew\r Cisco Systems, Inc.\r mcgrew@cisco.com\r\r and copied to the Crypto Forum Research Group at:\r\r cfrg@ietf.org.\r\r\r12. References\r\r\r [BR98] M. Bellare, A. Desai, E. Lokipii and P. Rogaway, A\r Concrete Security Treatment of Symmetric Encryption:\r Analysis of DES Modes of Operation, Proceedings of\r the 38th Symposium on Foundations of Computer\r Science, IEEE, 1997.\r\r [B97] S. Bradner, Key words for use in RFCs to Indicate\r Requirement Levels, RFC 2119, March 1997.\r\r [AES] The Advanced Encryption Standard, United States\r National Institute for Standards and Technology (NIST),\r http://www.nist.gov/aes/.\r\r [CTR] M. Dworkin, NIST Special Publication 800-38A,\r "Recommendation for Block Cipher Modes of Operation: Methods\r and Techniques", 2001. Online at\r\r\r\rMcGrew [Page 7]\r\r\rInternet Draft Integer Counter Mode October, 2002\r\r\r http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-\r 38a.pdf.\r\r [MD98] Madson, C., and Doraswamy, N., "The ESP DES-CBC Cipher\r Algorithm With Explicit IV", RFC 2405, November 1998.\r\r [MF00] D. McGrew and S. Fluhrer, Attacks on Additive Encryption and\r Implications on Internet Security, Selected Areas in\r Cryptography 2000.\r\r [SRTP] The Secure Real-time Transport Protocol, Baugher et. al.,\r Internet Draft, draft-ietf-avt-srtp-05.txt.\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\r\rMcGrew [Page 8]\r\r\r
\ No newline at end of file
+++ /dev/null
-% header.tex
-%
-% header file for the libSRTP documentation - based on the header
-% file generated by doxygen, with the initial chapters of the
-% original libSRTP documentation tacked on
-%
-\documentclass[letterpaper]{book}
-\usepackage{makeidx}
-\usepackage{fancyhdr}
-\usepackage{graphicx}
-\usepackage{multicol}
-\usepackage{float}
-\usepackage{textcomp}
-\usepackage{alltt}
-\usepackage{times}
-\usepackage{graphicx}
-\ifx\pdfoutput\undefined
-\usepackage[ps2pdf,
- pagebackref=true,
- colorlinks=true,
- linkcolor=blue
- ]{hyperref}
-\else
-\usepackage[pdftex,
- pagebackref=true,
- colorlinks=true,
- linkcolor=blue
- ]{hyperref}
-\fi
-\usepackage{doxygen}
-\makeindex
-\setcounter{tocdepth}{1}
-\renewcommand{\footrulewidth}{0.4pt}
-
-% these lengths are from DAM
-\textwidth = 6.5 in
-%\textheight = 9 in
-\oddsidemargin = 0.0 in
-\evensidemargin = 0.0 in
-\topmargin = 0.0 in
-\headheight = 0.0 in
-%\headsep = 0.0 in
-\parskip = 0.2in
-\parindent = 0.0in
-
-% these header and footer definitions from DAM
-\lhead{libSRTP}
-\chead{}
-\rhead{\rightmark}
-%\rhead{\slshape }
-\lfoot{}
-\cfoot{ \thepage }
-\rfoot{}
-%\fancyhead[LE,RO]{\rightmark }
-%\fancyhead[LO,RE]{\slshape }
-
-% let's use the palatino font
-\fontfamily{ppl}
-\selectfont
-
-
-\begin{document}
-\begin{titlepage}
-\vspace*{4cm}
-%\begin{center}
-{\Huge
-libSRTP LIBSRTPVERSION Overview and Reference Manual\\
- \hrulefill
-}\\
-\vspace*{0cm}
-\begin{flushright}
-{\Large David A. McGrew \\ \texttt{mcgrew@cisco.com} }\\
-\vspace*{0.5cm}
-\end{flushright}
-%\end{center}
-
-%\includegraphics[scale=.8]{phone}
-
-\end{titlepage}
-
-
-\clearemptydoublepage
-\vspace*{3cm}
-{\LARGE Preface}
-\vspace{1cm}
-
-The original implementation and documentation of libSRTP was written
-by David McGrew of Cisco Systems, Inc. in order to promote the use,
-understanding, and interoperability of Secure RTP. Michael Jerris
-contributed support for building under MSVC. Andris Pavenis
-contributed many important fixes. Brian West contributed changes to
-enable dynamic linking. Yves Shumann reported documentation bugs.
-Randell Jesup contributed a working SRTCP implementation and other
-fixes. Alex Vanzella and Will Clark contributed changes so that the
-AES ICM implementation can be used for ISMA media encryption. Steve
-Underwood contributed x86\_64 portability changes. We also give
-thanks to Fredrik Thulin, Brian Weis, Mark Baugher, Jeff Chan, Bill
-Simon, Douglas Smith, Bill May, Richard Preistley, Joe Tardo and
-others for contributions, comments, and corrections.
-
-This reference material in this documenation was generated using the
-\texttt{doxygen} utility for automatic documentation of source code.
-
-\copyright 2001-2005 by David A. McGrew, Cisco Systems, Inc.
-\thispagestyle{empty}
-
-\clearemptydoublepage
-\pagenumbering{roman}
-\tableofcontents
-%\clearemptydoublepage
-
-\clearemptydoublepage
-\pagenumbering{arabic}
-
-
+++ /dev/null
-/**
-
-@mainpage Introduction to libSRTP
-
-This document describes libSRTP, the Open Source Secure RTP library
-from Cisco Systems, Inc. RTP is the Real-time Transport Protocol, an
-IETF standard for the transport of real-time data such as telephony,
-audio, and video, defined by RFC 3550. Secure RTP (SRTP) is an RTP
-profile for providing confidentiality to RTP data and authentication
-to the RTP header and payload. SRTP is an IETF Proposed Standard,
-defined in RFC 3711, and was developed in the IETF Audio/Video
-Transport (AVT) Working Group. This library supports all of the
-mandatory features of SRTP, but not all of the optional features. See
-the @ref Features section for more detailed information.
-
-This document is organized as follows. The first chapter provides
-background material on SRTP and overview of libSRTP. The following
-chapters provide a detailed reference to the libSRTP API and related
-functions. The reference material is created automatically (using the
-doxygen utility) from comments embedded in some of the C header
-files. The documentation is organized into modules in order to improve
-its clarity. These modules do not directly correspond to files. An
-underlying cryptographic kernel provides much of the basic
-functionality of libSRTP, but is mostly undocumented because it does
-its work behind the scenes.
-
-@section LICENSE License and Disclaimer
-
-libSRTP is distributed under the following license, which is included
-in the source code distribution. It is reproduced in the manual in
-case you got the library from another source.
-
-@latexonly
-\begin{quote}
-Copyright (c) 2001-2005 Cisco Systems, Inc. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-\begin{itemize}
-\item Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-\item Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials provided
- with the distribution.
-\item Neither the name of the Cisco Systems, Inc. nor the names of its
- contributors may be used to endorse or promote products derived
- from this software without specific prior written permission.
-\end{itemize}
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
-INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-OF THE POSSIBILITY OF SUCH DAMAGE.
-\end{quote}
-@endlatexonly
-
-@section Features Supported Features
-
-This library supports all of the mandatory-to-implement features of
-SRTP (as defined by the most recent Internet Draft). Some of these
-features can be selected (or de-selected) at run time by setting an
-appropriate policy; this is done using the structure srtp_policy_t.
-Some other behaviors of the protocol can be adapted by defining an
-approriate event handler for the exceptional events; see the @ref
-SRTPevents section.
-
-Some options that are not included in the specification are supported.
-Most notably, the TMMH authentication function is included, though it
-was removed from the SRTP Internet Draft during the summer of 2002.
-
-
-@latexonly
-Some options that are described in the SRTP specification are not
-supported. This includes
-\begin{itemize}
-\item the Master Key Index (MKI),
-\item key derivation rates other than zero,
-\item the cipher F8,
-\item anti-replay lists with sizes other than 128,
-\item the use of the packet index to select between master keys.
-\end{itemize}
-@endlatexonly
-
-The user should be aware that it is possible to misuse this libary,
-and that the result may be that the security level it provides is
-inadequate. If you are implementing a feature using this library, you
-will want to read the Security Considerations section of the Internet
-Draft. In addition, it is important that you read and understand the
-terms outlined in the @ref LICENSE section.
-
-
-@section Installing Installing and Building libSRTP
-
-@latexonly
-
-To install libSRTP, download the latest release of the distribution
-from \texttt{srtp.sourceforge.net}. The format of the names of the
-distributions are \texttt{srtp-A.B.C.tgz}, where \texttt{A} is the
-version number, \texttt{B} is the major release number, \texttt{C} is
-the minor release number, and \texttt{tgz} is the file
-extension\footnote{The extension \texttt{.tgz} is identical to
-\texttt{tar.gz}, and indicates a compressed tar file.} You probably
-want to get the most recent release. Unpack the distribution and
-extract the source files; the directory into which the source files
-will go is named \texttt{srtp}.
-
-libSRTP uses the GNU \texttt{autoconf} and \texttt{make}
-utilities\footnote{BSD make will not work; if both versions of make
-are on your platform, you can invoke GNU make as \texttt{gmake}.}. In
-the \texttt{srtp} directory, run the configure script and then make:
-\begin{verbatim}
- ./configure [ options ]
- make
-\end{verbatim}
-The configure script accepts the following options:
-\begin{quote}
-\begin{description}
-\item[--help] provides a usage summary.
-\item[--disable-debug] compiles libSRTP without the runtime
- dynamic debugging system.
-\item[--enable-generic-aesicm] compile in changes for ismacryp
-\item[--enable-syslog] use syslog for error reporting.
-\item[--disable-stdout] diables stdout for error reporting.
-\item[--enable-console] use \texttt{/dev/console} for error reporting
-\item[--gdoi] use GDOI key management (disabled at present).
-\end{description}
-\end{quote}
-
-By default, dynamic debugging is enabled and stdout is used for
-debugging. You can use the configure options to have the debugging
-output sent to syslog or the system console. Alternatively, you can
-define ERR\_REPORTING\_FILE in \texttt{include/conf.h} to be any other
-file that can be opened by libSRTP, and debug messages will be sent to
-it.
-
-This package has been tested on the following platforms: Mac OS X
-(powerpc-apple-darwin1.4), Cygwin (i686-pc-cygwin), Solaris
-(sparc-sun-solaris2.6), RedHat Linux 7.1 and 9 (i686-pc-linux), and
-OpenBSD (sparc-unknown-openbsd2.7).
-
-
-@endlatexonly
-
-@section Applications Applications
-
-@latexonly
-
-Several test drivers and a simple and portable srtp application are
-included in the \texttt{test/} subdirectory.
-
-\begin{center}
-\begin{tabular}{ll}
-\hline
-Test driver & Function tested \\
-\hline
-kernel\_driver & crypto kernel (ciphers, auth funcs, rng) \\
-srtp\_driver & srtp in-memory tests (does not use the network) \\
-rdbx\_driver & rdbx (extended replay database) \\
-roc\_driver & extended sequence number functions \\
-replay\_driver & replay database \\
-cipher\_driver & ciphers \\
-auth\_driver & hash functions \\
-\hline
-\end{tabular}
-\end{center}
-
-The app rtpw is a simple rtp application which reads words from
-/usr/dict/words and then sends them out one at a time using [s]rtp.
-Manual srtp keying uses the -k option; automated key management
-using gdoi will be added later.
-
-The usage for rtpw is
-
-\texttt{rtpw [[-d $<$debug$>$]* [-k $<$key$>$ [-a][-e]] [-s | -r] dest\_ip
-dest\_port] | [-l]}
-
-Either the -s (sender) or -r (receiver) option must be chosen. The
-values dest\_ip, dest\_port are the IP address and UDP port to which
-the dictionary will be sent, respectively. The options are:
-\begin{center}
-\begin{tabular}{ll}
- -s & (S)RTP sender - causes app to send words \\
- -r & (S)RTP receive - causes app to receive words \\
- -k $<$key$>$ & use SRTP master key $<$key$>$, where the
- key is a hexadecimal value (without the
- leading "0x") \\
- -e & encrypt/decrypt (for data confidentiality)
- (requires use of -k option as well)\\
- -a & message authentication
- (requires use of -k option as well) \\
- -l & list the available debug modules \\
- -d $<$debug$>$ & turn on debugging for module $<$debug$>$ \\
-\end{tabular}
-\end{center}
-
-In order to get a random 30-byte value for use as a key/salt pair, you
-can use the \texttt{rand\_gen} utility in the \texttt{test/}
-subdirectory.
-
-An example of an SRTP session using two rtpw programs follows:
-
-\begin{verbatim}
-[sh1] set k=`test/rand_gen -n 30`
-[sh1] echo $k
-c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451
-[sh1]$ test/rtpw -s -k $k -ea 0.0.0.0 9999
-Security services: confidentiality message authentication
-set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
-setting SSRC to 2078917053
-sending word: A
-sending word: a
-sending word: aa
-sending word: aal
-sending word: aalii
-sending word: aam
-sending word: Aani
-sending word: aardvark
-...
-
-[sh2] set k=c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451
-[sh2]$ test/rtpw -r -k $k -ea 0.0.0.0 9999
-security services: confidentiality message authentication
-set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
-19 octets received from SSRC 2078917053 word: A
-19 octets received from SSRC 2078917053 word: a
-20 octets received from SSRC 2078917053 word: aa
-21 octets received from SSRC 2078917053 word: aal
-...
-\end{verbatim}
-
-
-@endlatexonly
-
-
-@section Review Secure RTP Background
-
-In this section we review SRTP and introduce some terms that are used
-in libSRTP. An RTP session is defined by a pair of destination
-transport addresses, that is, a network address plus a pair of UDP
-ports for RTP and RTCP. RTCP, the RTP control protocol, is used to
-coordinate between the participants in an RTP session, e.g. to provide
-feedback from receivers to senders. An @e SRTP @e session is
-similarly defined; it is just an RTP session for which the SRTP
-profile is being used. An SRTP session consists of the traffic sent
-to the SRTP or SRTCP destination transport addresses. Each
-participant in a session is identified by a synchronization source
-(SSRC) identifier. Some participants may not send any SRTP traffic;
-they are called receivers, even though they send out SRTCP traffic,
-such as receiver reports.
-
-RTP allows multiple sources to send RTP and RTCP traffic during the
-same session. The synchronization source identifier (SSRC) is used to
-distinguish these sources. In libSRTP, we call the SRTP and SRTCP
-traffic from a particular source a @e stream. Each stream has its own
-SSRC, sequence number, rollover counter, and other data. A particular
-choice of options, cryptographic mechanisms, and keys is called a @e
-policy. Each stream within a session can have a distinct policy
-applied to it. A session policy is a collection of stream policies.
-
-A single policy can be used for all of the streams in a given session,
-though the case in which a single @e key is shared across multiple
-streams requires care. When key sharing is used, the SSRC values that
-identify the streams @b must be distinct. This requirement can be
-enforced by using the convention that each SRTP and SRTCP key is used
-for encryption by only a single sender. In other words, the key is
-shared only across streams that originate from a particular device (of
-course, other SRTP participants will need to use the key for
-decryption). libSRTP supports this enforcement by detecting the case
-in which a key is used for both inbound and outbound data.
-
-
-@section Overview libSRTP Overview
-
-libSRTP provides functions for protecting RTP and RTCP. RTP packets
-can be encrypted and authenticated (using the srtp_protect()
-function), turning them into SRTP packets. Similarly, SRTP packets
-can be decrypted and have their authentication verified (using the
-srtp_unprotect() function), turning them into RTP packets. Similar
-functions apply security to RTCP packets.
-
-The typedef srtp_stream_t points to a structure holding all of the
-state associated with an SRTP stream, including the keys and
-parameters for cipher and message authentication functions and the
-anti-replay data. A particular srtp_stream_t holds the information
-needed to protect a particular RTP and RTCP stream. This datatype
-is intentionally opaque in order to better seperate the libSRTP
-API from its implementation.
-
-Within an SRTP session, there can be multiple streams, each
-originating from a particular sender. Each source uses a distinct
-stream context to protect the RTP and RTCP stream that it is
-originating. The typedef srtp_t points to a structure holding all of
-the state associated with an SRTP session. There can be multiple
-stream contexts associated with a single srtp_t. A stream context
-cannot exist indepent from an srtp_t, though of course an srtp_t can
-be created that contains only a single stream context. A device
-participating in an SRTP session must have a stream context for each
-source in that session, so that it can process the data that it
-receives from each sender.
-
-
-In libSRTP, a session is created using the function srtp_create().
-The policy to be implemented in the session is passed into this
-function as an srtp_policy_t structure. A single one of these
-structures describes the policy of a single stream. These structures
-can also be linked together to form an entire session policy. A linked
-list of srtp_policy_t structures is equivalent to a session policy.
-In such a policy, we refer to a single srtp_policy_t as an @e element.
-
-An srtp_policy_t strucutre contains two crypto_policy_t structures
-that describe the cryptograhic policies for RTP and RTCP, as well as
-the SRTP master key and the SSRC value. The SSRC describes what to
-protect (e.g. which stream), and the crypto_policy_t structures
-describe how to protect it. The key is contained in a policy element
-because it simplifies the interface to the library. In many cases, it
-is desirable to use the same cryptographic policies across all of the
-streams in a session, but to use a distinct key for each stream. A
-crypto_policy_t structure can be initialized by using either the
-crypto_policy_set_rtp_default() or crypto_policy_set_rtcp_default()
-functions, which set a crypto policy structure to the default policies
-for RTP and RTCP protection, respectively.
-
-@section Example Example Code
-
-This section provides a simple example of how to use libSRTP. The
-example code lacks error checking, but is functional. Here we assume
-that the value ssrc is already set to describe the SSRC of the stream
-that we are sending, and that the functions get_rtp_packet() and
-send_srtp_packet() are available to us. The former puts an RTP packet
-into the buffer and returns the number of octets written to that
-buffer. The latter sends the RTP packet in the buffer, given the
-length as its second argument.
-
-@verbatim
- srtp_t session;
- srtp_policy_t policy;
- uint8_t key[30];
-
- // initialize libSRTP
- srtp_init();
-
- // set policy to describe a policy for an SRTP stream
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
- policy.ssrc = ssrc;
- policy.key = key;
- policy.next = NULL;
-
- // set key to random value
- crypto_get_random(key, 30);
-
- // allocate and initialize the SRTP session
- srtp_create(&session, &policy);
-
- // main loop: get rtp packets, send srtp packets
- while (1) {
- char rtp_buffer[2048];
- unsigned len;
-
- len = get_rtp_packet(rtp_buffer);
- srtp_protect(session, rtp_buffer, &len);
- send_srtp_packet(rtp_buffer, len);
- }
-@endverbatim
-
-@section ISMAcryp ISMA Encryption Support
-
-The Internet Streaming Media Alliance (ISMA) specifies a way
-to pre-encrypt a media file prior to streaming. This method
-is an alternative to SRTP encryption, which is potentially
-useful when a particular media file will be streamed
-multiple times. The specification is available online
-at http://www.isma.tv/specreq.nsf/SpecRequest.
-
-libSRTP provides the encryption and decryption functions needed for ISMAcryp
-in the library @t libaesicm.a, which is included in the default
-Makefile target. This library is used by the MPEG4IP project; see
-http://mpeg4ip.sourceforge.net/.
-
-Note that ISMAcryp does not provide authentication for
-RTP nor RTCP, nor confidentiality for RTCP.
-ISMAcryp RECOMMENDS the use of SRTP message authentication for ISMAcryp
-streams while using ISMAcryp encryption to protect the media itself.
-
-
- */
+++ /dev/null
-SRTP and ICM References
-September, 2005
-
-This document provides references for the various cryptographic
-functions used in libSRTP and libaesicm.
-
-Secure RTP is defined in RFC 3711, which is included in this
-distribution for convenience. The counter mode definition is in
-Section 4.1.1 of the SRTP draft.
-
-SHA-1 is defined in FIPS-180-1, available online at the NIST website.
-
-HMAC is defined in RFC2104, and HMAC-SHA1 test vectors are available
-in RFC2202, which are available online at http://www.ietf.org/rfc/
-
-ICM is defined by draft-irtf-cfrg-icm-00.txt, and its application in
-ISMAcryp (the Internet Streaming Media Alliance 1.0 Encryption and
-Authentication) is defined in that specification. It is available
-from http://www.isma.tv/.
-
-
+++ /dev/null
-
-
-
-
-
-
-Network Working Group M. Baugher
-Request for Comments: 3711 D. McGrew
-Category: Standards Track Cisco Systems, Inc.
- M. Naslund
- E. Carrara
- K. Norrman
- Ericsson Research
- March 2004
-
-
- The Secure Real-time Transport Protocol (SRTP)
-
-Status of this Memo
-
- This document specifies an Internet standards track protocol for the
- Internet community, and requests discussion and suggestions for
- improvements. Please refer to the current edition of the "Internet
- Official Protocol Standards" (STD 1) for the standardization state
- and status of this protocol. Distribution of this memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (2004). All Rights Reserved.
-
-Abstract
-
- This document describes the Secure Real-time Transport Protocol
- (SRTP), a profile of the Real-time Transport Protocol (RTP), which
- can provide confidentiality, message authentication, and replay
- protection to the RTP traffic and to the control traffic for RTP, the
- Real-time Transport Control Protocol (RTCP).
-
-Table of Contents
-
- 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
- 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3
- 2. Goals and Features . . . . . . . . . . . . . . . . . . . . . . 4
- 2.1. Features . . . . . . . . . . . . . . . . . . . . . . . . 5
- 3. SRTP Framework . . . . . . . . . . . . . . . . . . . . . . . . 5
- 3.1. Secure RTP . . . . . . . . . . . . . . . . . . . . . . . 6
- 3.2. SRTP Cryptographic Contexts. . . . . . . . . . . . . . . 7
- 3.2.1. Transform-independent parameters . . . . . . . . 8
- 3.2.2. Transform-dependent parameters . . . . . . . . . 10
- 3.2.3. Mapping SRTP Packets to Cryptographic Contexts . 10
- 3.3. SRTP Packet Processing . . . . . . . . . . . . . . . . . 11
- 3.3.1. Packet Index Determination, and ROC, s_l Update. 13
- 3.3.2. Replay Protection. . . . . . . . . . . . . . . . 15
- 3.4. Secure RTCP . . . . . . . . . . . . . . . . . . . . . . . 15
-
-
-
-Baugher, et al. Standards Track [Page 1]
-\f
-RFC 3711 SRTP March 2004
-
-
- 4. Pre-Defined Cryptographic Transforms . . . . . . . . . . . . . 19
- 4.1. Encryption . . . . . . . . . . . . . . . . . . . . . . . 19
- 4.1.1. AES in Counter Mode. . . . . . . . . . . . . . . 21
- 4.1.2. AES in f8-mode . . . . . . . . . . . . . . . . . 22
- 4.1.3. NULL Cipher. . . . . . . . . . . . . . . . . . . 25
- 4.2. Message Authentication and Integrity . . . . . . . . . . 25
- 4.2.1. HMAC-SHA1. . . . . . . . . . . . . . . . . . . . 25
- 4.3. Key Derivation . . . . . . . . . . . . . . . . . . . . . 26
- 4.3.1. Key Derivation Algorithm . . . . . . . . . . . . 26
- 4.3.2. SRTCP Key Derivation . . . . . . . . . . . . . . 28
- 4.3.3. AES-CM PRF . . . . . . . . . . . . . . . . . . . 28
- 5. Default and mandatory-to-implement Transforms. . . . . . . . . 28
- 5.1. Encryption: AES-CM and NULL. . . . . . . . . . . . . . . 29
- 5.2. Message Authentication/Integrity: HMAC-SHA1. . . . . . . 29
- 5.3. Key Derivation: AES-CM PRF . . . . . . . . . . . . . . . 29
- 6. Adding SRTP Transforms . . . . . . . . . . . . . . . . . . . . 29
- 7. Rationale. . . . . . . . . . . . . . . . . . . . . . . . . . . 30
- 7.1. Key derivation . . . . . . . . . . . . . . . . . . . . . 30
- 7.2. Salting key. . . . . . . . . . . . . . . . . . . . . . . 30
- 7.3. Message Integrity from Universal Hashing . . . . . . . . 31
- 7.4. Data Origin Authentication Considerations. . . . . . . . 31
- 7.5. Short and Zero-length Message Authentication . . . . . . 32
- 8. Key Management Considerations. . . . . . . . . . . . . . . . . 33
- 8.1. Re-keying . . . . . . . . . . . . . . . . . . . . . . . 34
- 8.1.1. Use of the <From, To> for re-keying. . . . . . . 34
- 8.2. Key Management parameters. . . . . . . . . . . . . . . . 35
- 9. Security Considerations. . . . . . . . . . . . . . . . . . . . 37
- 9.1. SSRC collision and two-time pad. . . . . . . . . . . . . 37
- 9.2. Key Usage. . . . . . . . . . . . . . . . . . . . . . . . 38
- 9.3. Confidentiality of the RTP Payload . . . . . . . . . . . 39
- 9.4. Confidentiality of the RTP Header. . . . . . . . . . . . 40
- 9.5. Integrity of the RTP payload and header. . . . . . . . . 40
- 9.5.1. Risks of Weak or Null Message Authentication. . . 42
- 9.5.2. Implicit Header Authentication . . . . . . . . . 43
- 10. Interaction with Forward Error Correction mechanisms. . . . . 43
- 11. Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . 43
- 11.1. Unicast. . . . . . . . . . . . . . . . . . . . . . . . . 43
- 11.2. Multicast (one sender) . . . . . . . . . . . . . . . . . 44
- 11.3. Re-keying and access control . . . . . . . . . . . . . . 45
- 11.4. Summary of basic scenarios . . . . . . . . . . . . . . . 46
- 12. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 46
- 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 47
- 14. References . . . . . . . . . . . . . . . . . . . . . . . . . . 47
- 14.1. Normative References . . . . . . . . . . . . . . . . . . 47
- 14.2. Informative References . . . . . . . . . . . . . . . . . 48
- Appendix A: Pseudocode for Index Determination . . . . . . . . . . 51
- Appendix B: Test Vectors . . . . . . . . . . . . . . . . . . . . . 51
- B.1. AES-f8 Test Vectors. . . . . . . . . . . . . . . . . . . 51
-
-
-
-Baugher, et al. Standards Track [Page 2]
-\f
-RFC 3711 SRTP March 2004
-
-
- B.2. AES-CM Test Vectors. . . . . . . . . . . . . . . . . . . 52
- B.3. Key Derivation Test Vectors. . . . . . . . . . . . . . . 53
- Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 55
- Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 56
-
-1. Introduction
-
- This document describes the Secure Real-time Transport Protocol
- (SRTP), a profile of the Real-time Transport Protocol (RTP), which
- can provide confidentiality, message authentication, and replay
- protection to the RTP traffic and to the control traffic for RTP,
- RTCP (the Real-time Transport Control Protocol) [RFC3350].
-
- SRTP provides a framework for encryption and message authentication
- of RTP and RTCP streams (Section 3). SRTP defines a set of default
- cryptographic transforms (Sections 4 and 5), and it allows new
- transforms to be introduced in the future (Section 6). With
- appropriate key management (Sections 7 and 8), SRTP is secure
- (Sections 9) for unicast and multicast RTP applications (Section 11).
-
- SRTP can achieve high throughput and low packet expansion. SRTP
- proves to be a suitable protection for heterogeneous environments
- (mix of wired and wireless networks). To get such features, default
- transforms are described, based on an additive stream cipher for
- encryption, a keyed-hash based function for message authentication,
- and an "implicit" index for sequencing/synchronization based on the
- RTP sequence number for SRTP and an index number for Secure RTCP
- (SRTCP).
-
-1.1. Notational Conventions
-
- The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
- "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
- document are to be interpreted as described in [RFC2119]. The
- terminology conforms to [RFC2828] with the following exception. For
- simplicity we use the term "random" throughout the document to denote
- randomly or pseudo-randomly generated values. Large amounts of
- random bits may be difficult to obtain, and for the security of SRTP,
- pseudo-randomness is sufficient [RFC1750].
-
- By convention, the adopted representation is the network byte order,
- i.e., the left most bit (octet) is the most significant one. By XOR
- we mean bitwise addition modulo 2 of binary strings, and || denotes
- concatenation. In other words, if C = A || B, then the most
- significant bits of C are the bits of A, and the least significant
- bits of C equal the bits of B. Hexadecimal numbers are prefixed by
- 0x.
-
-
-
-
-Baugher, et al. Standards Track [Page 3]
-\f
-RFC 3711 SRTP March 2004
-
-
- The word "encryption" includes also use of the NULL algorithm (which
- in practice does leave the data in the clear).
-
- With slight abuse of notation, we use the terms "message
- authentication" and "authentication tag" as is common practice, even
- though in some circumstances, e.g., group communication, the service
- provided is actually only integrity protection and not data origin
- authentication.
-
-2. Goals and Features
-
- The security goals for SRTP are to ensure:
-
- * the confidentiality of the RTP and RTCP payloads, and
-
- * the integrity of the entire RTP and RTCP packets, together with
- protection against replayed packets.
-
- These security services are optional and independent from each other,
- except that SRTCP integrity protection is mandatory (malicious or
- erroneous alteration of RTCP messages could otherwise disrupt the
- processing of the RTP stream).
-
- Other, functional, goals for the protocol are:
-
- * a framework that permits upgrading with new cryptographic
- transforms,
-
- * low bandwidth cost, i.e., a framework preserving RTP header
- compression efficiency,
-
- and, asserted by the pre-defined transforms:
-
- * a low computational cost,
-
- * a small footprint (i.e., small code size and data memory for
- keying information and replay lists),
-
- * limited packet expansion to support the bandwidth economy goal,
-
- * independence from the underlying transport, network, and physical
- layers used by RTP, in particular high tolerance to packet loss
- and re-ordering.
-
- These properties ensure that SRTP is a suitable protection scheme for
- RTP/RTCP in both wired and wireless scenarios.
-
-
-
-
-
-Baugher, et al. Standards Track [Page 4]
-\f
-RFC 3711 SRTP March 2004
-
-
-2.1. Features
-
- Besides the above mentioned direct goals, SRTP provides for some
- additional features. They have been introduced to lighten the burden
- on key management and to further increase security. They include:
-
- * A single "master key" can provide keying material for
- confidentiality and integrity protection, both for the SRTP stream
- and the corresponding SRTCP stream. This is achieved with a key
- derivation function (see Section 4.3), providing "session keys"
- for the respective security primitive, securely derived from the
- master key.
-
- * In addition, the key derivation can be configured to periodically
- refresh the session keys, which limits the amount of ciphertext
- produced by a fixed key, available for an adversary to
- cryptanalyze.
-
- * "Salting keys" are used to protect against pre-computation and
- time-memory tradeoff attacks [MF00] [BS00].
-
- Detailed rationale for these features can be found in Section 7.
-
-3. SRTP Framework
-
- RTP is the Real-time Transport Protocol [RFC3550]. We define SRTP as
- a profile of RTP. This profile is an extension to the RTP
- Audio/Video Profile [RFC3551]. Except where explicitly noted, all
- aspects of that profile apply, with the addition of the SRTP security
- features. Conceptually, we consider SRTP to be a "bump in the stack"
- implementation which resides between the RTP application and the
- transport layer. SRTP intercepts RTP packets and then forwards an
- equivalent SRTP packet on the sending side, and intercepts SRTP
- packets and passes an equivalent RTP packet up the stack on the
- receiving side.
-
- Secure RTCP (SRTCP) provides the same security services to RTCP as
- SRTP does to RTP. SRTCP message authentication is MANDATORY and
- thereby protects the RTCP fields to keep track of membership, provide
- feedback to RTP senders, or maintain packet sequence counters. SRTCP
- is described in Section 3.4.
-
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 5]
-\f
-RFC 3711 SRTP March 2004
-
-
-3.1. Secure RTP
-
- The format of an SRTP packet is illustrated in Figure 1.
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+
- |V=2|P|X| CC |M| PT | sequence number | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | timestamp | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | synchronization source (SSRC) identifier | |
- +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ |
- | contributing source (CSRC) identifiers | |
- | .... | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | RTP extension (OPTIONAL) | |
- +>+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | | payload ... | |
- | | +-------------------------------+ |
- | | | RTP padding | RTP pad count | |
- +>+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+
- | ~ SRTP MKI (OPTIONAL) ~ |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | : authentication tag (RECOMMENDED) : |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | |
- +- Encrypted Portion* Authenticated Portion ---+
-
- Figure 1. The format of an SRTP packet. *Encrypted Portion is the
- same size as the plaintext for the Section 4 pre-defined transforms.
-
- The "Encrypted Portion" of an SRTP packet consists of the encryption
- of the RTP payload (including RTP padding when present) of the
- equivalent RTP packet. The Encrypted Portion MAY be the exact size
- of the plaintext or MAY be larger. Figure 1 shows the RTP payload
- including any possible padding for RTP [RFC3550].
-
- None of the pre-defined encryption transforms uses any padding; for
- these, the RTP and SRTP payload sizes match exactly. New transforms
- added to SRTP (following Section 6) may require padding, and may
- hence produce larger payloads. RTP provides its own padding format
- (as seen in Fig. 1), which due to the padding indicator in the RTP
- header has merits in terms of compactness relative to paddings using
- prefix-free codes. This RTP padding SHALL be the default method for
- transforms requiring padding. Transforms MAY specify other padding
- methods, and MUST then specify the amount, format, and processing of
- their padding. It is important to note that encryption transforms
-
-
-
-Baugher, et al. Standards Track [Page 6]
-\f
-RFC 3711 SRTP March 2004
-
-
- that use padding are vulnerable to subtle attacks, especially when
- message authentication is not used [V02]. Each specification for a
- new encryption transform needs to carefully consider and describe the
- security implications of the padding that it uses. Message
- authentication codes define their own padding, so this default does
- not apply to authentication transforms.
-
- The OPTIONAL MKI and the RECOMMENDED authentication tag are the only
- fields defined by SRTP that are not in RTP. Only 8-bit alignment is
- assumed.
-
- MKI (Master Key Identifier): configurable length, OPTIONAL. The
- MKI is defined, signaled, and used by key management. The
- MKI identifies the master key from which the session
- key(s) were derived that authenticate and/or encrypt the
- particular packet. Note that the MKI SHALL NOT identify
- the SRTP cryptographic context, which is identified
- according to Section 3.2.3. The MKI MAY be used by key
- management for the purposes of re-keying, identifying a
- particular master key within the cryptographic context
- (Section 3.2.1).
-
- Authentication tag: configurable length, RECOMMENDED. The
- authentication tag is used to carry message authentication
- data. The Authenticated Portion of an SRTP packet
- consists of the RTP header followed by the Encrypted
- Portion of the SRTP packet. Thus, if both encryption and
- authentication are applied, encryption SHALL be applied
- before authentication on the sender side and conversely on
- the receiver side. The authentication tag provides
- authentication of the RTP header and payload, and it
- indirectly provides replay protection by authenticating
- the sequence number. Note that the MKI is not integrity
- protected as this does not provide any extra protection.
-
-3.2. SRTP Cryptographic Contexts
-
- Each SRTP stream requires the sender and receiver to maintain
- cryptographic state information. This information is called the
- "cryptographic context".
-
- SRTP uses two types of keys: session keys and master keys. By a
- "session key", we mean a key which is used directly in a
- cryptographic transform (e.g., encryption or message authentication),
- and by a "master key", we mean a random bit string (given by the key
- management protocol) from which session keys are derived in a
-
-
-
-
-
-Baugher, et al. Standards Track [Page 7]
-\f
-RFC 3711 SRTP March 2004
-
-
- cryptographically secure way. The master key(s) and other parameters
- in the cryptographic context are provided by key management
- mechanisms external to SRTP, see Section 8.
-
-3.2.1. Transform-independent parameters
-
- Transform-independent parameters are present in the cryptographic
- context independently of the particular encryption or authentication
- transforms that are used. The transform-independent parameters of
- the cryptographic context for SRTP consist of:
-
- * a 32-bit unsigned rollover counter (ROC), which records how many
- times the 16-bit RTP sequence number has been reset to zero after
- passing through 65,535. Unlike the sequence number (SEQ), which
- SRTP extracts from the RTP packet header, the ROC is maintained by
- SRTP as described in Section 3.3.1.
-
- We define the index of the SRTP packet corresponding to a given
- ROC and RTP sequence number to be the 48-bit quantity
-
- i = 2^16 * ROC + SEQ.
-
- * for the receiver only, a 16-bit sequence number s_l, which can be
- thought of as the highest received RTP sequence number (see
- Section 3.3.1 for its handling), which SHOULD be authenticated
- since message authentication is RECOMMENDED,
-
- * an identifier for the encryption algorithm, i.e., the cipher and
- its mode of operation,
-
- * an identifier for the message authentication algorithm,
-
- * a replay list, maintained by the receiver only (when
- authentication and replay protection are provided), containing
- indices of recently received and authenticated SRTP packets,
-
- * an MKI indicator (0/1) as to whether an MKI is present in SRTP and
- SRTCP packets,
-
- * if the MKI indicator is set to one, the length (in octets) of the
- MKI field, and (for the sender) the actual value of the currently
- active MKI (the value of the MKI indicator and length MUST be kept
- fixed for the lifetime of the context),
-
- * the master key(s), which MUST be random and kept secret,
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 8]
-\f
-RFC 3711 SRTP March 2004
-
-
- * for each master key, there is a counter of the number of SRTP
- packets that have been processed (sent) with that master key
- (essential for security, see Sections 3.3.1 and 9),
-
- * non-negative integers n_e, and n_a, determining the length of the
- session keys for encryption, and message authentication.
-
- In addition, for each master key, an SRTP stream MAY use the
- following associated values:
-
- * a master salt, to be used in the key derivation of session keys.
- This value, when used, MUST be random, but MAY be public. Use of
- master salt is strongly RECOMMENDED, see Section 9.2. A "NULL"
- salt is treated as 00...0.
-
- * an integer in the set {1,2,4,...,2^24}, the "key_derivation_rate",
- where an unspecified value is treated as zero. The constraint to
- be a power of 2 simplifies the session-key derivation
- implementation, see Section 4.3.
-
- * an MKI value,
-
- * <From, To> values, specifying the lifetime for a master key,
- expressed in terms of the two 48-bit index values inside whose
- range (including the range end-points) the master key is valid.
- For the use of <From, To>, see Section 8.1.1. <From, To> is an
- alternative to the MKI and assumes that a master key is in one-
- to-one correspondence with the SRTP session key on which the
- <From, To> range is defined.
-
- SRTCP SHALL by default share the crypto context with SRTP, except:
-
- * no rollover counter and s_l-value need to be maintained as the
- RTCP index is explicitly carried in each SRTCP packet,
-
- * a separate replay list is maintained (when replay protection is
- provided),
-
- * SRTCP maintains a separate counter for its master key (even if the
- master key is the same as that for SRTP, see below), as a means to
- maintain a count of the number of SRTCP packets that have been
- processed with that key.
-
- Note in particular that the master key(s) MAY be shared between SRTP
- and the corresponding SRTCP, if the pre-defined transforms (including
- the key derivation) are used but the session key(s) MUST NOT be so
- shared.
-
-
-
-
-Baugher, et al. Standards Track [Page 9]
-\f
-RFC 3711 SRTP March 2004
-
-
- In addition, there can be cases (see Sections 8 and 9.1) where
- several SRTP streams within a given RTP session, identified by their
- synchronization source (SSRCs, which is part of the RTP header),
- share most of the crypto context parameters (including possibly
- master and session keys). In such cases, just as in the normal
- SRTP/SRTCP parameter sharing above, separate replay lists and packet
- counters for each stream (SSRC) MUST still be maintained. Also,
- separate SRTP indices MUST then be maintained.
-
- A summary of parameters, pre-defined transforms, and default values
- for the above parameters (and other SRTP parameters) can be found in
- Sections 5 and 8.2.
-
-3.2.2. Transform-dependent parameters
-
- All encryption, authentication/integrity, and key derivation
- parameters are defined in the transforms section (Section 4).
- Typical examples of such parameters are block size of ciphers,
- session keys, data for the Initialization Vector (IV) formation, etc.
- Future SRTP transform specifications MUST include a section to list
- the additional cryptographic context's parameters for that transform,
- if any.
-
-3.2.3. Mapping SRTP Packets to Cryptographic Contexts
-
- Recall that an RTP session for each participant is defined [RFC3550]
- by a pair of destination transport addresses (one network address
- plus a port pair for RTP and RTCP), and that a multimedia session is
- defined as a collection of RTP sessions. For example, a particular
- multimedia session could include an audio RTP session, a video RTP
- session, and a text RTP session.
-
- A cryptographic context SHALL be uniquely identified by the triplet
- context identifier:
-
- context id = <SSRC, destination network address, destination
- transport port number>
-
- where the destination network address and the destination transport
- port are the ones in the SRTP packet. It is assumed that, when
- presented with this information, the key management returns a context
- with the information as described in Section 3.2.
-
- As noted above, SRTP and SRTCP by default share the bulk of the
- parameters in the cryptographic context. Thus, retrieving the crypto
- context parameters for an SRTCP stream in practice may imply a
- binding to the correspondent SRTP crypto context. It is up to the
- implementation to assure such binding, since the RTCP port may not be
-
-
-
-Baugher, et al. Standards Track [Page 10]
-\f
-RFC 3711 SRTP March 2004
-
-
- directly deducible from the RTP port only. Alternatively, the key
- management may choose to provide separate SRTP- and SRTCP- contexts,
- duplicating the common parameters (such as master key(s)). The
- latter approach then also enables SRTP and SRTCP to use, e.g.,
- distinct transforms, if so desired. Similar considerations arise
- when multiple SRTP streams, forming part of one single RTP session,
- share keys and other parameters.
-
- If no valid context can be found for a packet corresponding to a
- certain context identifier, that packet MUST be discarded.
-
-3.3. SRTP Packet Processing
-
- The following applies to SRTP. SRTCP is described in Section 3.4.
-
- Assuming initialization of the cryptographic context(s) has taken
- place via key management, the sender SHALL do the following to
- construct an SRTP packet:
-
- 1. Determine which cryptographic context to use as described in
- Section 3.2.3.
-
- 2. Determine the index of the SRTP packet using the rollover counter,
- the highest sequence number in the cryptographic context, and the
- sequence number in the RTP packet, as described in Section 3.3.1.
-
- 3. Determine the master key and master salt. This is done using the
- index determined in the previous step or the current MKI in the
- cryptographic context, according to Section 8.1.
-
- 4. Determine the session keys and session salt (if they are used by
- the transform) as described in Section 4.3, using master key,
- master salt, key_derivation_rate, and session key-lengths in the
- cryptographic context with the index, determined in Steps 2 and 3.
-
- 5. Encrypt the RTP payload to produce the Encrypted Portion of the
- packet (see Section 4.1, for the defined ciphers). This step uses
- the encryption algorithm indicated in the cryptographic context,
- the session encryption key and the session salt (if used) found in
- Step 4 together with the index found in Step 2.
-
- 6. If the MKI indicator is set to one, append the MKI to the packet.
-
- 7. For message authentication, compute the authentication tag for the
- Authenticated Portion of the packet, as described in Section 4.2.
- This step uses the current rollover counter, the authentication
-
-
-
-
-
-Baugher, et al. Standards Track [Page 11]
-\f
-RFC 3711 SRTP March 2004
-
-
- algorithm indicated in the cryptographic context, and the session
- authentication key found in Step 4. Append the authentication tag
- to the packet.
-
- 8. If necessary, update the ROC as in Section 3.3.1, using the packet
- index determined in Step 2.
-
- To authenticate and decrypt an SRTP packet, the receiver SHALL do the
- following:
-
- 1. Determine which cryptographic context to use as described in
- Section 3.2.3.
-
- 2. Run the algorithm in Section 3.3.1 to get the index of the SRTP
- packet. The algorithm uses the rollover counter and highest
- sequence number in the cryptographic context with the sequence
- number in the SRTP packet, as described in Section 3.3.1.
-
- 3. Determine the master key and master salt. If the MKI indicator in
- the context is set to one, use the MKI in the SRTP packet,
- otherwise use the index from the previous step, according to
- Section 8.1.
-
- 4. Determine the session keys, and session salt (if used by the
- transform) as described in Section 4.3, using master key, master
- salt, key_derivation_rate and session key-lengths in the
- cryptographic context with the index, determined in Steps 2 and 3.
-
- 5. For message authentication and replay protection, first check if
- the packet has been replayed (Section 3.3.2), using the Replay
- List and the index as determined in Step 2. If the packet is
- judged to be replayed, then the packet MUST be discarded, and the
- event SHOULD be logged.
-
- Next, perform verification of the authentication tag, using the
- rollover counter from Step 2, the authentication algorithm
- indicated in the cryptographic context, and the session
- authentication key from Step 4. If the result is "AUTHENTICATION
- FAILURE" (see Section 4.2), the packet MUST be discarded from
- further processing and the event SHOULD be logged.
-
- 6. Decrypt the Encrypted Portion of the packet (see Section 4.1, for
- the defined ciphers), using the decryption algorithm indicated in
- the cryptographic context, the session encryption key and salt (if
- used) found in Step 4 with the index from Step 2.
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 12]
-\f
-RFC 3711 SRTP March 2004
-
-
- 7. Update the rollover counter and highest sequence number, s_l, in
- the cryptographic context as in Section 3.3.1, using the packet
- index estimated in Step 2. If replay protection is provided, also
- update the Replay List as described in Section 3.3.2.
-
- 8. When present, remove the MKI and authentication tag fields from
- the packet.
-
-3.3.1. Packet Index Determination, and ROC, s_l Update
-
- SRTP implementations use an "implicit" packet index for sequencing,
- i.e., not all of the index is explicitly carried in the SRTP packet.
- For the pre-defined transforms, the index i is used in replay
- protection (Section 3.3.2), encryption (Section 4.1), message
- authentication (Section 4.2), and for the key derivation (Section
- 4.3).
-
- When the session starts, the sender side MUST set the rollover
- counter, ROC, to zero. Each time the RTP sequence number, SEQ, wraps
- modulo 2^16, the sender side MUST increment ROC by one, modulo 2^32
- (see security aspects below). The sender's packet index is then
- defined as
-
- i = 2^16 * ROC + SEQ.
-
- Receiver-side implementations use the RTP sequence number to
- determine the correct index of a packet, which is the location of the
- packet in the sequence of all SRTP packets. A robust approach for
- the proper use of a rollover counter requires its handling and use to
- be well defined. In particular, out-of-order RTP packets with
- sequence numbers close to 2^16 or zero must be properly handled.
-
- The index estimate is based on the receiver's locally maintained ROC
- and s_l values. At the setup of the session, the ROC MUST be set to
- zero. Receivers joining an on-going session MUST be given the
- current ROC value using out-of-band signaling such as key-management
- signaling. Furthermore, the receiver SHALL initialize s_l to the RTP
- sequence number (SEQ) of the first observed SRTP packet (unless the
- initial value is provided by out of band signaling such as key
- management).
-
- On consecutive SRTP packets, the receiver SHOULD estimate the index
- as
- i = 2^16 * v + SEQ,
-
- where v is chosen from the set { ROC-1, ROC, ROC+1 } (modulo 2^32)
- such that i is closest (in modulo 2^48 sense) to the value 2^16 * ROC
- + s_l (see Appendix A for pseudocode).
-
-
-
-Baugher, et al. Standards Track [Page 13]
-\f
-RFC 3711 SRTP March 2004
-
-
- After the packet has been processed and authenticated (when enabled
- for SRTP packets for the session), the receiver MUST use v to
- conditionally update its s_l and ROC variables as follows. If
- v=(ROC-1) mod 2^32, then there is no update to s_l or ROC. If v=ROC,
- then s_l is set to SEQ if and only if SEQ is larger than the current
- s_l; there is no change to ROC. If v=(ROC+1) mod 2^32, then s_l is
- set to SEQ and ROC is set to v.
-
- After a re-keying occurs (changing to a new master key), the rollover
- counter always maintains its sequence of values, i.e., it MUST NOT be
- reset to zero.
-
- As the rollover counter is 32 bits long and the sequence number is 16
- bits long, the maximum number of packets belonging to a given SRTP
- stream that can be secured with the same key is 2^48 using the pre-
- defined transforms. After that number of SRTP packets have been sent
- with a given (master or session) key, the sender MUST NOT send any
- more packets with that key. (There exists a similar limit for SRTCP,
- which in practice may be more restrictive, see Section 9.2.) This
- limitation enforces a security benefit by providing an upper bound on
- the amount of traffic that can pass before cryptographic keys are
- changed. Re-keying (see Section 8.1) MUST be triggered, before this
- amount of traffic, and MAY be triggered earlier, e.g., for increased
- security and access control to media. Recurring key derivation by
- means of a non-zero key_derivation_rate (see Section 4.3), also gives
- stronger security but does not change the above absolute maximum
- value.
-
- On the receiver side, there is a caveat to updating s_l and ROC: if
- message authentication is not present, neither the initialization of
- s_l, nor the ROC update can be made completely robust. The
- receiver's "implicit index" approach works for the pre-defined
- transforms as long as the reorder and loss of the packets are not too
- great and bit-errors do not occur in unfortunate ways. In
- particular, 2^15 packets would need to be lost, or a packet would
- need to be 2^15 packets out of sequence before synchronization is
- lost. Such drastic loss or reorder is likely to disrupt the RTP
- application itself.
-
- The algorithm for the index estimate and ROC update is a matter of
- implementation, and should take into consideration the environment
- (e.g., packet loss rate) and the cases when synchronization is likely
- to be lost, e.g., when the initial sequence number (randomly chosen
- by RTP) is not known in advance (not sent in the key management
- protocol) but may be near to wrap modulo 2^16.
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 14]
-\f
-RFC 3711 SRTP March 2004
-
-
- A more elaborate and more robust scheme than the one given above is
- the handling of RTP's own "rollover counter", see Appendix A.1 of
- [RFC3550].
-
-3.3.2. Replay Protection
-
- Secure replay protection is only possible when integrity protection
- is present. It is RECOMMENDED to use replay protection, both for RTP
- and RTCP, as integrity protection alone cannot assure security
- against replay attacks.
-
- A packet is "replayed" when it is stored by an adversary, and then
- re-injected into the network. When message authentication is
- provided, SRTP protects against such attacks through a Replay List.
- Each SRTP receiver maintains a Replay List, which conceptually
- contains the indices of all of the packets which have been received
- and authenticated. In practice, the list can use a "sliding window"
- approach, so that a fixed amount of storage suffices for replay
- protection. Packet indices which lag behind the packet index in the
- context by more than SRTP-WINDOW-SIZE can be assumed to have been
- received, where SRTP-WINDOW-SIZE is a receiver-side, implementation-
- dependent parameter and MUST be at least 64, but which MAY be set to
- a higher value.
-
- The receiver checks the index of an incoming packet against the
- replay list and the window. Only packets with index ahead of the
- window, or, inside the window but not already received, SHALL be
- accepted.
-
- After the packet has been authenticated (if necessary the window is
- first moved ahead), the replay list SHALL be updated with the new
- index.
-
- The Replay List can be efficiently implemented by using a bitmap to
- represent which packets have been received, as described in the
- Security Architecture for IP [RFC2401].
-
-3.4. Secure RTCP
-
- Secure RTCP follows the definition of Secure RTP. SRTCP adds three
- mandatory new fields (the SRTCP index, an "encrypt-flag", and the
- authentication tag) and one optional field (the MKI) to the RTCP
- packet definition. The three mandatory fields MUST be appended to an
- RTCP packet in order to form an equivalent SRTCP packet. The added
- fields follow any other profile-specific extensions.
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 15]
-\f
-RFC 3711 SRTP March 2004
-
-
- According to Section 6.1 of [RFC3550], there is a REQUIRED packet
- format for compound packets. SRTCP MUST be given packets according
- to that requirement in the sense that the first part MUST be a sender
- report or a receiver report. However, the RTCP encryption prefix (a
- random 32-bit quantity) specified in that Section MUST NOT be used
- since, as is stated there, it is only applicable to the encryption
- method specified in [RFC3550] and is not needed by the cryptographic
- mechanisms used in SRTP.
-
- 0 1 2 3
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+
- |V=2|P| RC | PT=SR or RR | length | |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | SSRC of sender | |
- +>+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ |
- | ~ sender info ~ |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | ~ report block 1 ~ |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | ~ report block 2 ~ |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | ~ ... ~ |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | |V=2|P| SC | PT=SDES=202 | length | |
- | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ |
- | | SSRC/CSRC_1 | |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | ~ SDES items ~ |
- | +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ |
- | ~ ... ~ |
- +>+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ |
- | |E| SRTCP index | |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+
- | ~ SRTCP MKI (OPTIONAL) ~ |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | : authentication tag : |
- | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
- | |
- +-- Encrypted Portion Authenticated Portion -----+
-
-
- Figure 2. An example of the format of a Secure RTCP packet,
- consisting of an underlying RTCP compound packet with a Sender Report
- and SDES packet.
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 16]
-\f
-RFC 3711 SRTP March 2004
-
-
- The Encrypted Portion of an SRTCP packet consists of the encryption
- (Section 4.1) of the RTCP payload of the equivalent compound RTCP
- packet, from the first RTCP packet, i.e., from the ninth (9) octet to
- the end of the compound packet. The Authenticated Portion of an
- SRTCP packet consists of the entire equivalent (eventually compound)
- RTCP packet, the E flag, and the SRTCP index (after any encryption
- has been applied to the payload).
-
- The added fields are:
-
- E-flag: 1 bit, REQUIRED
- The E-flag indicates if the current SRTCP packet is
- encrypted or unencrypted. Section 9.1 of [RFC3550] allows
- the split of a compound RTCP packet into two lower-layer
- packets, one to be encrypted and one to be sent in the
- clear. The E bit set to "1" indicates encrypted packet, and
- "0" indicates non-encrypted packet.
-
- SRTCP index: 31 bits, REQUIRED
- The SRTCP index is a 31-bit counter for the SRTCP packet.
- The index is explicitly included in each packet, in contrast
- to the "implicit" index approach used for SRTP. The SRTCP
- index MUST be set to zero before the first SRTCP packet is
- sent, and MUST be incremented by one, modulo 2^31, after
- each SRTCP packet is sent. In particular, after a re-key,
- the SRTCP index MUST NOT be reset to zero again.
-
- Authentication Tag: configurable length, REQUIRED
- The authentication tag is used to carry message
- authentication data.
-
- MKI: configurable length, OPTIONAL
- The MKI is the Master Key Indicator, and functions according
- to the MKI definition in Section 3.
-
- SRTCP uses the cryptographic context parameters and packet processing
- of SRTP by default, with the following changes:
-
- * The receiver does not need to "estimate" the index, as it is
- explicitly signaled in the packet.
-
- * Pre-defined SRTCP encryption is as specified in Section 4.1, but
- using the definition of the SRTCP Encrypted Portion given in this
- section, and using the SRTCP index as the index i. The encryption
- transform and related parameters SHALL by default be the same
- selected for the protection of the associated SRTP stream(s),
- while the NULL algorithm SHALL be applied to the RTCP packets not
- to be encrypted. SRTCP may have a different encryption transform
-
-
-
-Baugher, et al. Standards Track [Page 17]
-\f
-RFC 3711 SRTP March 2004
-
-
- than the one used by the corresponding SRTP. The expected use for
- this feature is when the former has NULL-encryption and the latter
- has a non NULL-encryption.
-
- The E-flag is assigned a value by the sender depending on whether the
- packet was encrypted or not.
-
- * SRTCP decryption is performed as in Section 4, but only if the E
- flag is equal to 1. If so, the Encrypted Portion is decrypted,
- using the SRTCP index as the index i. In case the E-flag is 0,
- the payload is simply left unmodified.
-
- * SRTCP replay protection is as defined in Section 3.3.2, but using
- the SRTCP index as the index i and a separate Replay List that is
- specific to SRTCP.
-
- * The pre-defined SRTCP authentication tag is specified as in
- Section 4.2, but with the Authenticated Portion of the SRTCP
- packet given in this section (which includes the index). The
- authentication transform and related parameters (e.g., key size)
- SHALL by default be the same as selected for the protection of the
- associated SRTP stream(s).
-
- * In the last step of the processing, only the sender needs to
- update the value of the SRTCP index by incrementing it modulo 2^31
- and for security reasons the sender MUST also check the number of
- SRTCP packets processed, see Section 9.2.
-
- Message authentication for RTCP is REQUIRED, as it is the control
- protocol (e.g., it has a BYE packet) for RTP.
-
- Precautions must be taken so that the packet expansion in SRTCP (due
- to the added fields) does not cause SRTCP messages to use more than
- their share of RTCP bandwidth. To avoid this, the following two
- measures MUST be taken:
-
- 1. When initializing the RTCP variable "avg_rtcp_size" defined in
- chapter 6.3 of [RFC3550], it MUST include the size of the fields
- that will be added by SRTCP (index, E-bit, authentication tag, and
- when present, the MKI).
-
- 2. When updating the "avg_rtcp_size" using the variable "packet_size"
- (section 6.3.3 of [RFC3550]), the value of "packet_size" MUST
- include the size of the additional fields added by SRTCP.
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 18]
-\f
-RFC 3711 SRTP March 2004
-
-
- With these measures in place the SRTCP messages will not use more
- than the allotted bandwidth. The effect of the size of the added
- fields on the SRTCP traffic will be that messages will be sent with
- longer packet intervals. The increase in the intervals will be
- directly proportional to size of the added fields. For the pre-
- defined transforms, the size of the added fields will be at least 14
- octets, and upper bounded depending on MKI and the authentication tag
- sizes.
-
-4. Pre-Defined Cryptographic Transforms
-
- While there are numerous encryption and message authentication
- algorithms that can be used in SRTP, below we define default
- algorithms in order to avoid the complexity of specifying the
- encodings for the signaling of algorithm and parameter identifiers.
- The defined algorithms have been chosen as they fulfill the goals
- listed in Section 2. Recommendations on how to extend SRTP with new
- transforms are given in Section 6.
-
-4.1. Encryption
-
- The following parameters are common to both pre-defined, non-NULL,
- encryption transforms specified in this section.
-
- * BLOCK_CIPHER-MODE indicates the block cipher used and its mode of
- operation
- * n_b is the bit-size of the block for the block cipher
- * k_e is the session encryption key
- * n_e is the bit-length of k_e
- * k_s is the session salting key
- * n_s is the bit-length of k_s
- * SRTP_PREFIX_LENGTH is the octet length of the keystream prefix, a
- non-negative integer, specified by the message authentication code
- in use.
-
- The distinct session keys and salts for SRTP/SRTCP are by default
- derived as specified in Section 4.3.
-
- The encryption transforms defined in SRTP map the SRTP packet index
- and secret key into a pseudo-random keystream segment. Each
- keystream segment encrypts a single RTP packet. The process of
- encrypting a packet consists of generating the keystream segment
- corresponding to the packet, and then bitwise exclusive-oring that
- keystream segment onto the payload of the RTP packet to produce the
- Encrypted Portion of the SRTP packet. In case the payload size is
- not an integer multiple of n_b bits, the excess (least significant)
- bits of the keystream are simply discarded. Decryption is done the
- same way, but swapping the roles of the plaintext and ciphertext.
-
-
-
-Baugher, et al. Standards Track [Page 19]
-\f
-RFC 3711 SRTP March 2004
-
-
- +----+ +------------------+---------------------------------+
- | KG |-->| Keystream Prefix | Keystream Suffix |---+
- +----+ +------------------+---------------------------------+ |
- |
- +---------------------------------+ v
- | Payload of RTP Packet |->(*)
- +---------------------------------+ |
- |
- +---------------------------------+ |
- | Encrypted Portion of SRTP Packet|<--+
- +---------------------------------+
-
- Figure 3: Default SRTP Encryption Processing. Here KG denotes the
- keystream generator, and (*) denotes bitwise exclusive-or.
-
- The definition of how the keystream is generated, given the index,
- depends on the cipher and its mode of operation. Below, two such
- keystream generators are defined. The NULL cipher is also defined,
- to be used when encryption of RTP is not required.
-
- The SRTP definition of the keystream is illustrated in Figure 3. The
- initial octets of each keystream segment MAY be reserved for use in a
- message authentication code, in which case the keystream used for
- encryption starts immediately after the last reserved octet. The
- initial reserved octets are called the "keystream prefix" (not to be
- confused with the "encryption prefix" of [RFC3550, Section 6.1]), and
- the remaining octets are called the "keystream suffix". The
- keystream prefix MUST NOT be used for encryption. The process is
- illustrated in Figure 3.
-
- The number of octets in the keystream prefix is denoted as
- SRTP_PREFIX_LENGTH. The keystream prefix is indicated by a positive,
- non-zero value of SRTP_PREFIX_LENGTH. This means that, even if
- confidentiality is not to be provided, the keystream generator output
- may still need to be computed for packet authentication, in which
- case the default keystream generator (mode) SHALL be used.
-
- The default cipher is the Advanced Encryption Standard (AES) [AES],
- and we define two modes of running AES, (1) Segmented Integer Counter
- Mode AES and (2) AES in f8-mode. In the remainder of this section,
- let E(k,x) be AES applied to key k and input block x.
-
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 20]
-\f
-RFC 3711 SRTP March 2004
-
-
-4.1.1. AES in Counter Mode
-
- Conceptually, counter mode [AES-CTR] consists of encrypting
- successive integers. The actual definition is somewhat more
- complicated, in order to randomize the starting point of the integer
- sequence. Each packet is encrypted with a distinct keystream
- segment, which SHALL be computed as follows.
-
- A keystream segment SHALL be the concatenation of the 128-bit output
- blocks of the AES cipher in the encrypt direction, using key k = k_e,
- in which the block indices are in increasing order. Symbolically,
- each keystream segment looks like
-
- E(k, IV) || E(k, IV + 1 mod 2^128) || E(k, IV + 2 mod 2^128) ...
-
- where the 128-bit integer value IV SHALL be defined by the SSRC, the
- SRTP packet index i, and the SRTP session salting key k_s, as below.
-
- IV = (k_s * 2^16) XOR (SSRC * 2^64) XOR (i * 2^16)
-
- Each of the three terms in the XOR-sum above is padded with as many
- leading zeros as needed to make the operation well-defined,
- considered as a 128-bit value.
-
- The inclusion of the SSRC allows the use of the same key to protect
- distinct SRTP streams within the same RTP session, see the security
- caveats in Section 9.1.
-
- In the case of SRTCP, the SSRC of the first header of the compound
- packet MUST be used, i SHALL be the 31-bit SRTCP index and k_e, k_s
- SHALL be replaced by the SRTCP encryption session key and salt.
-
- Note that the initial value, IV, is fixed for each packet and is
- formed by "reserving" 16 zeros in the least significant bits for the
- purpose of the counter. The number of blocks of keystream generated
- for any fixed value of IV MUST NOT exceed 2^16 to avoid keystream
- re-use, see below. The AES has a block size of 128 bits, so 2^16
- output blocks are sufficient to generate the 2^23 bits of keystream
- needed to encrypt the largest possible RTP packet (except for IPv6
- "jumbograms" [RFC2675], which are not likely to be used for RTP-based
- multimedia traffic). This restriction on the maximum bit-size of the
- packet that can be encrypted ensures the security of the encryption
- method by limiting the effectiveness of probabilistic attacks [BDJR].
-
- For a particular Counter Mode key, each IV value used as an input
- MUST be distinct, in order to avoid the security exposure of a two-
- time pad situation (Section 9.1). To satisfy this constraint, an
- implementation MUST ensure that the combination of the SRTP packet
-
-
-
-Baugher, et al. Standards Track [Page 21]
-\f
-RFC 3711 SRTP March 2004
-
-
- index of ROC || SEQ, and the SSRC used in the construction of the IV
- are distinct for any particular key. The failure to ensure this
- uniqueness could be catastrophic for Secure RTP. This is in contrast
- to the situation for RTP itself, which may be able to tolerate such
- failures. It is RECOMMENDED that, if a dedicated security module is
- present, the RTP sequence numbers and SSRC either be generated or
- checked by that module (i.e., sequence-number and SSRC processing in
- an SRTP system needs to be protected as well as the key).
-
-4.1.2. AES in f8-mode
-
- To encrypt UMTS (Universal Mobile Telecommunications System, as 3G
- networks) data, a solution (see [f8-a] [f8-b]) known as the f8-
- algorithm has been developed. On a high level, the proposed scheme
- is a variant of Output Feedback Mode (OFB) [HAC], with a more
- elaborate initialization and feedback function. As in normal OFB,
- the core consists of a block cipher. We also define here the use of
- AES as a block cipher to be used in what we shall call "f8-mode of
- operation" RTP encryption. The AES f8-mode SHALL use the same
- default sizes for session key and salt as AES counter mode.
-
- Figure 4 shows the structure of block cipher, E, running in f8-mode.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 22]
-\f
-RFC 3711 SRTP March 2004
-
-
- IV
- |
- v
- +------+
- | |
- +--->| E |
- | +------+
- | |
- m -> (*) +-----------+-------------+-- ... ------+
- | IV' | | | |
- | | j=1 -> (*) j=2 -> (*) ... j=L-1 ->(*)
- | | | | |
- | | +-> (*) +-> (*) ... +-> (*)
- | | | | | | | |
- | v | v | v | v
- | +------+ | +------+ | +------+ | +------+
- k_e ---+--->| E | | | E | | | E | | | E |
- | | | | | | | | | | |
- +------+ | +------+ | +------+ | +------+
- | | | | | | |
- +------+ +--------+ +-- ... ----+ |
- | | | |
- v v v v
- S(0) S(1) S(2) . . . S(L-1)
-
- Figure 4. f8-mode of operation (asterisk, (*), denotes bitwise XOR).
- The figure represents the KG in Figure 3, when AES-f8 is used.
-
-4.1.2.1. f8 Keystream Generation
-
- The Initialization Vector (IV) SHALL be determined as described in
- Section 4.1.2.2 (and in Section 4.1.2.3 for SRTCP).
-
- Let IV', S(j), and m denote n_b-bit blocks. The keystream,
- S(0) ||... || S(L-1), for an N-bit message SHALL be defined by
- setting IV' = E(k_e XOR m, IV), and S(-1) = 00..0. For
- j = 0,1,..,L-1 where L = N/n_b (rounded up to nearest integer if it
- is not already an integer) compute
-
- S(j) = E(k_e, IV' XOR j XOR S(j-1))
-
- Notice that the IV is not used directly. Instead it is fed through E
- under another key to produce an internal, "masked" value (denoted
- IV') to prevent an attacker from gaining known input/output pairs.
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 23]
-\f
-RFC 3711 SRTP March 2004
-
-
- The role of the internal counter, j, is to prevent short keystream
- cycles. The value of the key mask m SHALL be
-
- m = k_s || 0x555..5,
-
- i.e., the session salting key, appended by the binary pattern 0101..
- to fill out the entire desired key size, n_e.
-
- The sender SHOULD NOT generate more than 2^32 blocks, which is
- sufficient to generate 2^39 bits of keystream. Unlike counter mode,
- there is no absolute threshold above (below) which f8 is guaranteed
- to be insecure (secure). The above bound has been chosen to limit,
- with sufficient security margin, the probability of degenerative
- behavior in the f8 keystream generation.
-
-4.1.2.2. f8 SRTP IV Formation
-
- The purpose of the following IV formation is to provide a feature
- which we call implicit header authentication (IHA), see Section 9.5.
-
- The SRTP IV for 128-bit block AES-f8 SHALL be formed in the following
- way:
-
- IV = 0x00 || M || PT || SEQ || TS || SSRC || ROC
-
- M, PT, SEQ, TS, SSRC SHALL be taken from the RTP header; ROC is from
- the cryptographic context.
-
- The presence of the SSRC as part of the IV allows AES-f8 to be used
- when a master key is shared between multiple streams within the same
- RTP session, see Section 9.1.
-
-4.1.2.3. f8 SRTCP IV Formation
-
- The SRTCP IV for 128-bit block AES-f8 SHALL be formed in the
- following way:
-
- IV= 0..0 || E || SRTCP index || V || P || RC || PT || length || SSRC
-
- where V, P, RC, PT, length, SSRC SHALL be taken from the first header
- in the RTCP compound packet. E and SRTCP index are the 1-bit and
- 31-bit fields added to the packet.
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 24]
-\f
-RFC 3711 SRTP March 2004
-
-
-4.1.3. NULL Cipher
-
- The NULL cipher is used when no confidentiality for RTP/RTCP is
- requested. The keystream can be thought of as "000..0", i.e., the
- encryption SHALL simply copy the plaintext input into the ciphertext
- output.
-
-4.2. Message Authentication and Integrity
-
- Throughout this section, M will denote data to be integrity
- protected. In the case of SRTP, M SHALL consist of the Authenticated
- Portion of the packet (as specified in Figure 1) concatenated with
- the ROC, M = Authenticated Portion || ROC; in the case of SRTCP, M
- SHALL consist of the Authenticated Portion (as specified in Figure 2)
- only.
-
- Common parameters:
-
- * AUTH_ALG is the authentication algorithm
- * k_a is the session message authentication key
- * n_a is the bit-length of the authentication key
- * n_tag is the bit-length of the output authentication tag
- * SRTP_PREFIX_LENGTH is the octet length of the keystream prefix as
- defined above, a parameter of AUTH_ALG
-
- The distinct session authentication keys for SRTP/SRTCP are by
- default derived as specified in Section 4.3.
-
- The values of n_a, n_tag, and SRTP_PREFIX_LENGTH MUST be fixed for
- any particular fixed value of the key.
-
- We describe the process of computing authentication tags as follows.
- The sender computes the tag of M and appends it to the packet. The
- SRTP receiver verifies a message/authentication tag pair by computing
- a new authentication tag over M using the selected algorithm and key,
- and then compares it to the tag associated with the received message.
- If the two tags are equal, then the message/tag pair is valid;
- otherwise, it is invalid and the error audit message "AUTHENTICATION
- FAILURE" MUST be returned.
-
-4.2.1. HMAC-SHA1
-
- The pre-defined authentication transform for SRTP is HMAC-SHA1
- [RFC2104]. With HMAC-SHA1, the SRTP_PREFIX_LENGTH (Figure 3) SHALL
- be 0. For SRTP (respectively SRTCP), the HMAC SHALL be applied to
- the session authentication key and M as specified above, i.e.,
- HMAC(k_a, M). The HMAC output SHALL then be truncated to the n_tag
- left-most bits.
-
-
-
-Baugher, et al. Standards Track [Page 25]
-\f
-RFC 3711 SRTP March 2004
-
-
-4.3. Key Derivation
-
-4.3.1. Key Derivation Algorithm
-
- Regardless of the encryption or message authentication transform that
- is employed (it may be an SRTP pre-defined transform or newly
- introduced according to Section 6), interoperable SRTP
- implementations MUST use the SRTP key derivation to generate session
- keys. Once the key derivation rate is properly signaled at the start
- of the session, there is no need for extra communication between the
- parties that use SRTP key derivation.
-
- packet index ---+
- |
- v
- +-----------+ master +--------+ session encr_key
- | ext | key | |---------->
- | key mgmt |-------->| key | session auth_key
- | (optional | | deriv |---------->
- | rekey) |-------->| | session salt_key
- | | master | |---------->
- +-----------+ salt +--------+
-
- Figure 5: SRTP key derivation.
-
- At least one initial key derivation SHALL be performed by SRTP, i.e.,
- the first key derivation is REQUIRED. Further applications of the
- key derivation MAY be performed, according to the
- "key_derivation_rate" value in the cryptographic context. The key
- derivation function SHALL initially be invoked before the first
- packet and then, when r > 0, a key derivation is performed whenever
- index mod r equals zero. This can be thought of as "refreshing" the
- session keys. The value of "key_derivation_rate" MUST be kept fixed
- for the lifetime of the associated master key.
-
- Interoperable SRTP implementations MAY also derive session salting
- keys for encryption transforms, as is done in both of the pre-
- defined transforms.
-
- Let m and n be positive integers. A pseudo-random function family is
- a set of keyed functions {PRF_n(k,x)} such that for the (secret)
- random key k, given m-bit x, PRF_n(k,x) is an n-bit string,
- computationally indistinguishable from random n-bit strings, see
- [HAC]. For the purpose of key derivation in SRTP, a secure PRF with
- m = 128 (or more) MUST be used, and a default PRF transform is
- defined in Section 4.3.3.
-
-
-
-
-
-Baugher, et al. Standards Track [Page 26]
-\f
-RFC 3711 SRTP March 2004
-
-
- Let "a DIV t" denote integer division of a by t, rounded down, and
- with the convention that "a DIV 0 = 0" for all a. We also make the
- convention of treating "a DIV t" as a bit string of the same length
- as a, and thus "a DIV t" will in general have leading zeros.
-
- Key derivation SHALL be defined as follows in terms of <label>, an
- 8-bit constant (see below), master_salt and key_derivation_rate, as
- determined in the cryptographic context, and index, the packet index
- (i.e., the 48-bit ROC || SEQ for SRTP):
-
- * Let r = index DIV key_derivation_rate (with DIV as defined above).
-
- * Let key_id = <label> || r.
-
- * Let x = key_id XOR master_salt, where key_id and master_salt are
- aligned so that their least significant bits agree (right-
- alignment).
-
- <label> MUST be unique for each type of key to be derived. We
- currently define <label> 0x00 to 0x05 (see below), and future
- extensions MAY specify new values in the range 0x06 to 0xff for other
- purposes. The n-bit SRTP key (or salt) for this packet SHALL then be
- derived from the master key, k_master as follows:
-
- PRF_n(k_master, x).
-
- (The PRF may internally specify additional formatting and padding of
- x, see e.g., Section 4.3.3 for the default PRF.)
-
- The session keys and salt SHALL now be derived using:
-
- - k_e (SRTP encryption): <label> = 0x00, n = n_e.
-
- - k_a (SRTP message authentication): <label> = 0x01, n = n_a.
-
- - k_s (SRTP salting key): <label> = 0x02, n = n_s.
-
- where n_e, n_s, and n_a are from the cryptographic context.
-
- The master key and master salt MUST be random, but the master salt
- MAY be public.
-
- Note that for a key_derivation_rate of 0, the application of the key
- derivation SHALL take place exactly once.
-
- The definition of DIV above is purely for notational convenience.
- For a non-zero t among the set of allowed key derivation rates, "a
- DIV t" can be implemented as a right-shift by the base-2 logarithm of
-
-
-
-Baugher, et al. Standards Track [Page 27]
-\f
-RFC 3711 SRTP March 2004
-
-
- t. The derivation operation is further facilitated if the rates are
- chosen to be powers of 256, but that granularity was considered too
- coarse to be a requirement of this specification.
-
- The upper limit on the number of packets that can be secured using
- the same master key (see Section 9.2) is independent of the key
- derivation.
-
-4.3.2. SRTCP Key Derivation
-
- SRTCP SHALL by default use the same master key (and master salt) as
- SRTP. To do this securely, the following changes SHALL be done to
- the definitions in Section 4.3.1 when applying session key derivation
- for SRTCP.
-
- Replace the SRTP index by the 32-bit quantity: 0 || SRTCP index
- (i.e., excluding the E-bit, replacing it with a fixed 0-bit), and use
- <label> = 0x03 for the SRTCP encryption key, <label> = 0x04 for the
- SRTCP authentication key, and, <label> = 0x05 for the SRTCP salting
- key.
-
-4.3.3. AES-CM PRF
-
- The currently defined PRF, keyed by 128, 192, or 256 bit master key,
- has input block size m = 128 and can produce n-bit outputs for n up
- to 2^23. PRF_n(k_master,x) SHALL be AES in Counter Mode as described
- in Section 4.1.1, applied to key k_master, and IV equal to (x*2^16),
- and with the output keystream truncated to the n first (left-most)
- bits. (Requiring n/128, rounded up, applications of AES.)
-
-5. Default and mandatory-to-implement Transforms
-
- The default transforms also are mandatory-to-implement transforms in
- SRTP. Of course, "mandatory-to-implement" does not imply
- "mandatory-to-use". Table 1 summarizes the pre-defined transforms.
- The default values below are valid for the pre-defined transforms.
-
- mandatory-to-impl. optional default
-
- encryption AES-CM, NULL AES-f8 AES-CM
- message integrity HMAC-SHA1 - HMAC-SHA1
- key derivation (PRF) AES-CM - AES-CM
-
- Table 1: Mandatory-to-implement, optional and default transforms in
- SRTP and SRTCP.
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 28]
-\f
-RFC 3711 SRTP March 2004
-
-
-5.1. Encryption: AES-CM and NULL
-
- AES running in Segmented Integer Counter Mode, as defined in Section
- 4.1.1, SHALL be the default encryption algorithm. The default key
- lengths SHALL be 128-bit for the session encryption key (n_e). The
- default session salt key-length (n_s) SHALL be 112 bits.
-
- The NULL cipher SHALL also be mandatory-to-implement.
-
-5.2. Message Authentication/Integrity: HMAC-SHA1
-
- HMAC-SHA1, as defined in Section 4.2.1, SHALL be the default message
- authentication code. The default session authentication key-length
- (n_a) SHALL be 160 bits, the default authentication tag length
- (n_tag) SHALL be 80 bits, and the SRTP_PREFIX_LENGTH SHALL be zero
- for HMAC-SHA1. In addition, for SRTCP, the pre-defined HMAC-SHA1
- MUST NOT be applied with a value of n_tag, nor n_a, that are smaller
- than these defaults. For SRTP, smaller values are NOT RECOMMENDED,
- but MAY be used after careful consideration of the issues in Section
- 7.5 and 9.5.
-
-5.3. Key Derivation: AES-CM PRF
-
- The AES Counter Mode based key derivation and PRF defined in Sections
- 4.3.1 to 4.3.3, using a 128-bit master key, SHALL be the default
- method for generating session keys. The default master salt length
- SHALL be 112 bits and the default key-derivation rate SHALL be zero.
-
-6. Adding SRTP Transforms
-
- Section 4 provides examples of the level of detail needed for
- defining transforms. Whenever a new transform is to be added to
- SRTP, a companion standard track RFC MUST be written to exactly
- define how the new transform can be used with SRTP (and SRTCP). Such
- a companion RFC SHOULD avoid overlap with the SRTP protocol document.
- Note however, that it MAY be necessary to extend the SRTP or SRTCP
- cryptographic context definition with new parameters (including fixed
- or default values), add steps to the packet processing, or even add
- fields to the SRTP/SRTCP packets. The companion RFC SHALL explain
- any known issues regarding interactions between the transform and
- other aspects of SRTP.
-
- Each new transform document SHOULD specify its key attributes, e.g.,
- size of keys (minimum, maximum, recommended), format of keys,
- recommended/required processing of input keying material,
- requirements/recommendations on key lifetime, re-keying and key
- derivation, whether sharing of keys between SRTP and SRTCP is allowed
- or not, etc.
-
-
-
-Baugher, et al. Standards Track [Page 29]
-\f
-RFC 3711 SRTP March 2004
-
-
- An added message integrity transform SHOULD define a minimum
- acceptable key/tag size for SRTCP, equivalent in strength to the
- minimum values as defined in Section 5.2.
-
-7. Rationale
-
- This section explains the rationale behind several important features
- of SRTP.
-
-7.1. Key derivation
-
- Key derivation reduces the burden on the key establishment. As many
- as six different keys are needed per crypto context (SRTP and SRTCP
- encryption keys and salts, SRTP and SRTCP authentication keys), but
- these are derived from a single master key in a cryptographically
- secure way. Thus, the key management protocol needs to exchange only
- one master key (plus master salt when required), and then SRTP itself
- derives all the necessary session keys (via the first, mandatory
- application of the key derivation function).
-
- Multiple applications of the key derivation function are optional,
- but will give security benefits when enabled. They prevent an
- attacker from obtaining large amounts of ciphertext produced by a
- single fixed session key. If the attacker was able to collect a
- large amount of ciphertext for a certain session key, he might be
- helped in mounting certain attacks.
-
- Multiple applications of the key derivation function provide
- backwards and forward security in the sense that a compromised
- session key does not compromise other session keys derived from the
- same master key. This means that the attacker who is able to recover
- a certain session key, is anyway not able to have access to messages
- secured under previous and later session keys (derived from the same
- master key). (Note that, of course, a leaked master key reveals all
- the session keys derived from it.)
-
- Considerations arise with high-rate key refresh, especially in large
- multicast settings, see Section 11.
-
-7.2. Salting key
-
- The master salt guarantees security against off-line key-collision
- attacks on the key derivation that might otherwise reduce the
- effective key size [MF00].
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 30]
-\f
-RFC 3711 SRTP March 2004
-
-
- The derived session salting key used in the encryption, has been
- introduced to protect against some attacks on additive stream
- ciphers, see Section 9.2. The explicit inclusion method of the salt
- in the IV has been selected for ease of hardware implementation.
-
-7.3. Message Integrity from Universal Hashing
-
- The particular definition of the keystream given in Section 4.1 (the
- keystream prefix) is to give provision for particular universal hash
- functions, suitable for message authentication in the Wegman-Carter
- paradigm [WC81]. Such functions are provably secure, simple, quick,
- and especially appropriate for Digital Signal Processors and other
- processors with a fast multiply operation.
-
- No authentication transforms are currently provided in SRTP other
- than HMAC-SHA1. Future transforms, like the above mentioned
- universal hash functions, MAY be added following the guidelines in
- Section 6.
-
-7.4. Data Origin Authentication Considerations
-
- Note that in pair-wise communications, integrity and data origin
- authentication are provided together. However, in group scenarios
- where the keys are shared between members, the MAC tag only proves
- that a member of the group sent the packet, but does not prevent
- against a member impersonating another. Data origin authentication
- (DOA) for multicast and group RTP sessions is a hard problem that
- needs a solution; while some promising proposals are being
- investigated [PCST1] [PCST2], more work is needed to rigorously
- specify these technologies. Thus SRTP data origin authentication in
- groups is for further study.
-
- DOA can be done otherwise using signatures. However, this has high
- impact in terms of bandwidth and processing time, therefore we do not
- offer this form of authentication in the pre-defined packet-integrity
- transform.
-
- The presence of mixers and translators does not allow data origin
- authentication in case the RTP payload and/or the RTP header are
- manipulated. Note that these types of middle entities also disrupt
- end-to-end confidentiality (as the IV formation depends e.g., on the
- RTP header preservation). A certain trust model may choose to trust
- the mixers/translators to decrypt/re-encrypt the media (this would
- imply breaking the end-to-end security, with related security
- implications).
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 31]
-\f
-RFC 3711 SRTP March 2004
-
-
-7.5. Short and Zero-length Message Authentication
-
- As shown in Figure 1, the authentication tag is RECOMMENDED in SRTP.
- A full 80-bit authentication-tag SHOULD be used, but a shorter tag or
- even a zero-length tag (i.e., no message authentication) MAY be used
- under certain conditions to support either of the following two
- application environments.
-
- 1. Strong authentication can be impractical in environments where
- bandwidth preservation is imperative. An important special
- case is wireless communication systems, in which bandwidth is a
- scarce and expensive resource. Studies have shown that for
- certain applications and link technologies, additional bytes
- may result in a significant decrease in spectrum efficiency
- [SWO]. Considerable effort has been made to design IP header
- compression techniques to improve spectrum efficiency
- [RFC3095]. A typical voice application produces 20 byte
- samples, and the RTP, UDP and IP headers need to be jointly
- compressed to one or two bytes on average in order to obtain
- acceptable wireless bandwidth economy [RFC3095]. In this case,
- strong authentication would impose nearly fifty percent
- overhead.
-
- 2. Authentication is impractical for applications that use data
- links with fixed-width fields that cannot accommodate the
- expansion due to the authentication tag. This is the case for
- some important existing wireless channels. For example, zero-
- byte header compression is used to adapt EVRC/SMV voice with
- the legacy IS-95 bearer channel in CDMA2000 VoIP services. It
- was found that not a single additional octet could be added to
- the data, which motivated the creation of a zero-byte profile
- for ROHC [RFC3242].
-
- A short tag is secure for a restricted set of applications. Consider
- a voice telephony application, for example, such as a G.729 audio
- codec with a 20-millisecond packetization interval, protected by a
- 32-bit message authentication tag. The likelihood of any given
- packet being successfully forged is only one in 2^32. Thus an
- adversary can control no more than 20 milliseconds of audio output
- during a 994-day period, on average. In contrast, the effect of a
- single forged packet can be much larger if the application is
- stateful. A codec that uses relative or predictive compression
- across packets will propagate the maliciously generated state,
- affecting a longer duration of output.
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 32]
-\f
-RFC 3711 SRTP March 2004
-
-
- Certainly not all SRTP or telephony applications meet the criteria
- for short or zero-length authentication tags. Section 9.5.1
- discusses the risks of weak or no message authentication, and section
- 9.5 describes the circumstances when it is acceptable and when it is
- unacceptable.
-
-8. Key Management Considerations
-
- There are emerging key management standards [MIKEY] [KEYMGT] [SDMS]
- for establishing an SRTP cryptographic context (e.g., an SRTP master
- key). Both proprietary and open-standard key management methods are
- likely to be used for telephony applications [MIKEY] [KINK] and
- multicast applications [GDOI]. This section provides guidance for
- key management systems that service SRTP session.
-
- For initialization, an interoperable SRTP implementation SHOULD be
- given the SSRC and MAY be given the initial RTP sequence number for
- the RTP stream by key management (thus, key management has a
- dependency on RTP operational parameters). Sending the RTP sequence
- number in the key management may be useful e.g., when the initial
- sequence number is close to wrapping (to avoid synchronization
- problems), and to communicate the current sequence number to a
- joining endpoint (to properly initialize its replay list).
-
- If the pre-defined transforms are used, SRTP allows sharing of the
- same master key between SRTP/SRTCP streams belonging to the same RTP
- session.
-
- First, sharing between SRTP streams belonging to the same RTP session
- is secure if the design of the synchronization mechanism, i.e., the
- IV, avoids keystream re-use (the two-time pad, Section 9.1). This is
- taken care of by the fact that RTP provides for unique SSRCs for
- streams belonging to the same RTP session. See Section 9.1 for
- further discussion.
-
- Second, sharing between SRTP and the corresponding SRTCP is secure.
- The fact that an SRTP stream and its associated SRTCP stream both
- carry the same SSRC does not constitute a problem for the two-time
- pad due to the key derivation. Thus, SRTP and SRTCP corresponding to
- one RTP session MAY share master keys (as they do by default).
-
- Note that message authentication also has a dependency on SSRC
- uniqueness that is unrelated to the problem of keystream reuse: SRTP
- streams authenticated under the same key MUST have a distinct SSRC in
- order to identify the sender of the message. This requirement is
- needed because the SSRC is the cryptographically authenticated field
-
-
-
-
-
-Baugher, et al. Standards Track [Page 33]
-\f
-RFC 3711 SRTP March 2004
-
-
- used to distinguish between different SRTP streams. Were two streams
- to use identical SSRC values, then an adversary could substitute
- messages from one stream into the other without detection.
-
- SRTP/SRTCP MUST NOT share master keys under any other circumstances
- than the ones given above, i.e., between SRTP and its corresponding
- SRTCP, and, between streams belonging to the same RTP session.
-
-8.1. Re-keying
-
- The recommended way for a particular key management system to provide
- re-key within SRTP is by associating a master key in a crypto context
- with an MKI.
-
- This provides for easy master key retrieval (see Scenarios in Section
- 11), but has the disadvantage of adding extra bits to each packet.
- As noted in Section 7.5, some wireless links do not cater for added
- bits, therefore SRTP also defines a more economic way of triggering
- re-keying, via use of <From, To>, which works in some specific,
- simple scenarios (see Section 8.1.1).
-
- SRTP senders SHALL count the amount of SRTP and SRTCP traffic being
- used for a master key and invoke key management to re-key if needed
- (Section 9.2). These interactions are defined by the key management
- interface to SRTP and are not defined by this protocol specification.
-
-8.1.1. Use of the <From, To> for re-keying
-
- In addition to the use of the MKI, SRTP defines another optional
- mechanism for master key retrieval, the <From, To>. The <From, To>
- specifies the range of SRTP indices (a pair of sequence number and
- ROC) within which a certain master key is valid, and is (when used)
- part of the crypto context. By looking at the 48-bit SRTP index of
- the current SRTP packet, the corresponding master key can be found by
- determining which From-To interval it belongs to. For SRTCP, the
- most recently observed/used SRTP index (which can be obtained from
- the cryptographic context) is used for this purpose, even though
- SRTCP has its own (31-bit) index (see caveat below).
-
- This method, compared to the MKI, has the advantage of identifying
- the master key and defining its lifetime without adding extra bits to
- each packet. This could be useful, as already noted, for some
- wireless links that do not cater for added bits. However, its use
- SHOULD be limited to specific, very simple scenarios. We recommend
- to limit its use when the RTP session is a simple unidirectional or
- bi-directional stream. This is because in case of multiple streams,
- it is difficult to trigger the re-key based on the <From, To> of a
- single RTP stream. For example, if several streams share a master
-
-
-
-Baugher, et al. Standards Track [Page 34]
-\f
-RFC 3711 SRTP March 2004
-
-
- key, there is no simple one-to-one correspondence between the index
- sequence space of a certain stream, and the index sequence space on
- which the <From, To> values are based. Consequently, when a master
- key is shared between streams, one of these streams MUST be
- designated by key management as the one whose index space defines the
- re-keying points. Also, the re-key triggering on SRTCP is based on
- the correspondent SRTP stream, i.e., when the SRTP stream changes the
- master key, so does the correspondent SRTCP. This becomes obviously
- more and more complex with multiple streams.
-
- The default values for the <From, To> are "from the first observed
- packet" and "until further notice". However, the maximum limit of
- SRTP/SRTCP packets that are sent under each given master/session key
- (Section 9.2) MUST NOT be exceeded.
-
- In case the <From, To> is used as key retrieval, then the MKI is not
- inserted in the packet (and its indicator in the crypto context is
- zero). However, using the MKI does not exclude using <From, To> key
- lifetime simultaneously. This can for instance be useful to signal
- at the sender side at which point in time an MKI is to be made
- active.
-
-8.2. Key Management parameters
-
- The table below lists all SRTP parameters that key management can
- supply. For reference, it also provides a summary of the default and
- mandatory-to-support values for an SRTP implementation as described
- in Section 5.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 35]
-\f
-RFC 3711 SRTP March 2004
-
-
- Parameter Mandatory-to-support Default
- --------- -------------------- -------
-
- SRTP and SRTCP encr transf. AES_CM, NULL AES_CM
- (Other possible values: AES_f8)
-
- SRTP and SRTCP auth transf. HMAC-SHA1 HMAC-SHA1
-
- SRTP and SRTCP auth params:
- n_tag (tag length) 80 80
- SRTP prefix_length 0 0
-
- Key derivation PRF AES_CM AES_CM
-
- Key material params
- (for each master key):
- master key length 128 128
- n_e (encr session key length) 128 128
- n_a (auth session key length) 160 160
- master salt key
- length of the master salt 112 112
- n_s (session salt key length) 112 112
- key derivation rate 0 0
-
- key lifetime
- SRTP-packets-max-lifetime 2^48 2^48
- SRTCP-packets-max-lifetime 2^31 2^31
- from-to-lifetime <From, To>
- MKI indicator 0 0
- length of the MKI 0 0
- value of the MKI
-
- Crypto context index params:
- SSRC value
- ROC
- SEQ
- SRTCP Index
- Transport address
- Port number
-
- Relation to other RTP profiles:
- sender's order between FEC and SRTP FEC-SRTP FEC-SRTP
- (see Section 10)
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 36]
-\f
-RFC 3711 SRTP March 2004
-
-
-9. Security Considerations
-
-9.1. SSRC collision and two-time pad
-
- Any fixed keystream output, generated from the same key and index
- MUST only be used to encrypt once. Re-using such keystream (jokingly
- called a "two-time pad" system by cryptographers), can seriously
- compromise security. The NSA's VENONA project [C99] provides a
- historical example of such a compromise. It is REQUIRED that
- automatic key management be used for establishing and maintaining
- SRTP and SRTCP keying material; this requirement is to avoid
- keystream reuse, which is more likely to occur with manual key
- management. Furthermore, in SRTP, a "two-time pad" is avoided by
- requiring the key, or some other parameter of cryptographic
- significance, to be unique per RTP/RTCP stream and packet. The pre-
- defined SRTP transforms accomplish packet-uniqueness by including the
- packet index and stream-uniqueness by inclusion of the SSRC.
-
- The pre-defined transforms (AES-CM and AES-f8) allow master keys to
- be shared across streams belonging to the same RTP session by the
- inclusion of the SSRC in the IV. A master key MUST NOT be shared
- among different RTP sessions.
-
- Thus, the SSRC MUST be unique between all the RTP streams within the
- same RTP session that share the same master key. RTP itself provides
- an algorithm for detecting SSRC collisions within the same RTP
- session. Thus, temporary collisions could lead to temporary two-time
- pad, in the unfortunate event that SSRCs collide at a point in time
- when the streams also have identical sequence numbers (occurring with
- probability roughly 2^(-48)). Therefore, the key management SHOULD
- take care of avoiding such SSRC collisions by including the SSRCs to
- be used in the session as negotiation parameters, proactively
- assuring their uniqueness. This is a strong requirements in
- scenarios where for example, there are multiple senders that can
- start to transmit simultaneously, before SSRC collision are detected
- at the RTP level.
-
- Note also that even with distinct SSRCs, extensive use of the same
- key might improve chances of probabilistic collision and time-
- memory-tradeoff attacks succeeding.
-
- As described, master keys MAY be shared between streams belonging to
- the same RTP session, but it is RECOMMENDED that each SSRC have its
- own master key. When master keys are shared among SSRC participants
- and SSRCs are managed by a key management module as recommended
- above, the RECOMMENDED policy for an SSRC collision error is for the
- participant to leave the SRTP session as it is a sign of malfunction.
-
-
-
-
-Baugher, et al. Standards Track [Page 37]
-\f
-RFC 3711 SRTP March 2004
-
-
-9.2. Key Usage
-
- The effective key size is determined (upper bounded) by the size of
- the master key and, for encryption, the size of the salting key. Any
- additive stream cipher is vulnerable to attacks that use statistical
- knowledge about the plaintext source to enable key collision and
- time-memory tradeoff attacks [MF00] [H80] [BS00]. These attacks take
- advantage of commonalities among plaintexts, and provide a way for a
- cryptanalyst to amortize the computational effort of decryption over
- many keys, or over many bytes of output, thus reducing the effective
- key size of the cipher. A detailed analysis of these attacks and
- their applicability to the encryption of Internet traffic is provided
- in [MF00]. In summary, the effective key size of SRTP when used in a
- security system in which m distinct keys are used, is equal to the
- key size of the cipher less the logarithm (base two) of m.
- Protection against such attacks can be provided simply by increasing
- the size of the keys used, which here can be accomplished by the use
- of the salting key. Note that the salting key MUST be random but MAY
- be public. A salt size of (the suggested) size 112 bits protects
- against attacks in scenarios where at most 2^112 keys are in use.
- This is sufficient for all practical purposes.
-
- Implementations SHOULD use keys that are as large as possible.
- Please note that in many cases increasing the key size of a cipher
- does not affect the throughput of that cipher.
-
- The use of the SRTP and SRTCP indices in the pre-defined transforms
- fixes the maximum number of packets that can be secured with the same
- key. This limit is fixed to 2^48 SRTP packets for an SRTP stream,
- and 2^31 SRTCP packets, when SRTP and SRTCP are considered
- independently. Due to for example re-keying, reaching this limit may
- or may not coincide with wrapping of the indices, and thus the sender
- MUST keep packet counts. However, when the session keys for related
- SRTP and SRTCP streams are derived from the same master key (the
- default behavior, Section 4.3), the upper bound that has to be
- considered is in practice the minimum of the two quantities. That
- is, when 2^48 SRTP packets or 2^31 SRTCP packets have been secured
- with the same key (whichever occurs before), the key management MUST
- be called to provide new master key(s) (previously stored and used
- keys MUST NOT be used again), or the session MUST be terminated. If
- a sender of RTCP discovers that the sender of SRTP (or SRTCP) has not
- updated the master or session key prior to sending 2^48 SRTP (or 2^31
- SRTCP) packets belonging to the same SRTP (SRTCP) stream, it is up to
- the security policy of the RTCP sender how to behave, e.g., whether
- an RTCP BYE-packet should be sent and/or if the event should be
- logged.
-
-
-
-
-
-Baugher, et al. Standards Track [Page 38]
-\f
-RFC 3711 SRTP March 2004
-
-
- Note: in most typical applications (assuming at least one RTCP packet
- for every 128,000 RTP packets), it will be the SRTCP index that first
- reaches the upper limit, although the time until this occurs is very
- long: even at 200 SRTCP packets/sec, the 2^31 index space of SRTCP is
- enough to secure approximately 4 months of communication.
-
- Note that if the master key is to be shared between SRTP streams
- within the same RTP session (Section 9.1), although the above bounds
- are on a per stream (i.e., per SSRC) basis, the sender MUST base re-
- key decision on the stream whose sequence number space is the first
- to be exhausted.
-
- Key derivation limits the amount of plaintext that is encrypted with
- a fixed session key, and made available to an attacker for analysis,
- but key derivation does not extend the master key's lifetime. To see
- this, simply consider our requirements to avoid two-time pad: two
- distinct packets MUST either be processed with distinct IVs, or with
- distinct session keys, and both the distinctness of IV and of the
- session keys are (for the pre-defined transforms) dependent on the
- distinctness of the packet indices.
-
- Note that with the key derivation, the effective key size is at most
- that of the master key, even if the derived session key is
- considerably longer. With the pre-defined authentication transform,
- the session authentication key is 160 bits, but the master key by
- default is only 128 bits. This design choice was made to comply with
- certain recommendations in [RFC2104] so that an existing HMAC
- implementation can be plugged into SRTP without problems. Since the
- default tag size is 80 bits, it is, for the applications in mind,
- also considered acceptable from security point of view. Users having
- concerns about this are RECOMMENDED to instead use a 192 bit master
- key in the key derivation. It was, however, chosen not to mandate
- 192-bit keys since existing AES implementations to be used in the
- key-derivation may not always support key-lengths other than 128
- bits. Since AES is not defined (or properly analyzed) for use with
- 160 bit keys it is NOT RECOMMENDED that ad-hoc key-padding schemes
- are used to pad shorter keys to 192 or 256 bits.
-
-9.3. Confidentiality of the RTP Payload
-
- SRTP's pre-defined ciphers are "seekable" stream ciphers, i.e.,
- ciphers able to efficiently seek to arbitrary locations in their
- keystream (so that the encryption or decryption of one packet does
- not depend on preceding packets). By using seekable stream ciphers,
- SRTP avoids the denial of service attacks that are possible on stream
- ciphers that lack this property. It is important to be aware that,
- as with any stream cipher, the exact length of the payload is
- revealed by the encryption. This means that it may be possible to
-
-
-
-Baugher, et al. Standards Track [Page 39]
-\f
-RFC 3711 SRTP March 2004
-
-
- deduce certain "formatting bits" of the payload, as the length of the
- codec output might vary due to certain parameter settings etc. This,
- in turn, implies that the corresponding bit of the keystream can be
- deduced. However, if the stream cipher is secure (counter mode and
- f8 are provably secure under certain assumptions [BDJR] [KSYH] [IK]),
- knowledge of a few bits of the keystream will not aid an attacker in
- predicting subsequent keystream bits. Thus, the payload length (and
- information deducible from this) will leak, but nothing else.
-
- As some RTP packet could contain highly predictable data, e.g., SID,
- it is important to use a cipher designed to resist known plaintext
- attacks (which is the current practice).
-
-9.4. Confidentiality of the RTP Header
-
- In SRTP, RTP headers are sent in the clear to allow for header
- compression. This means that data such as payload type,
- synchronization source identifier, and timestamp are available to an
- eavesdropper. Moreover, since RTP allows for future extensions of
- headers, we cannot foresee what kind of possibly sensitive
- information might also be "leaked".
-
- SRTP is a low-cost method, which allows header compression to reduce
- bandwidth. It is up to the endpoints' policies to decide about the
- security protocol to employ. If one really needs to protect headers,
- and is allowed to do so by the surrounding environment, then one
- should also look at alternatives, e.g., IPsec [RFC2401].
-
-9.5. Integrity of the RTP payload and header
-
- SRTP messages are subject to attacks on their integrity and source
- identification, and these risks are discussed in Section 9.5.1. To
- protect against these attacks, each SRTP stream SHOULD be protected
- by HMAC-SHA1 [RFC2104] with an 80-bit output tag and a 160-bit key,
- or a message authentication code with equivalent strength. Secure
- RTP SHOULD NOT be used without message authentication, except under
- the circumstances described in this section. It is important to note
- that encryption algorithms, including AES Counter Mode and f8, do not
- provide message authentication. SRTCP MUST NOT be used with weak (or
- NULL) authentication.
-
- SRTP MAY be used with weak authentication (e.g., a 32-bit
- authentication tag), or with no authentication (the NULL
- authentication algorithm). These options allow SRTP to be used to
- provide confidentiality in situations where
-
- * weak or null authentication is an acceptable security risk, and
- * it is impractical to provide strong message authentication.
-
-
-
-Baugher, et al. Standards Track [Page 40]
-\f
-RFC 3711 SRTP March 2004
-
-
- These conditions are described below and in Section 7.5. Note that
- both conditions MUST hold in order for weak or null authentication to
- be used. The risks associated with exercising the weak or null
- authentication options need to be considered by a security audit
- prior to their use for a particular application or environment given
- the risks, which are discussed in Section 9.5.1.
-
- Weak authentication is acceptable when the RTP application is such
- that the effect of a small fraction of successful forgeries is
- negligible. If the application is stateless, then the effect of a
- single forged RTP packet is limited to the decoding of that
- particular packet. Under this condition, the size of the
- authentication tag MUST ensure that only a negligible fraction of the
- packets passed to the RTP application by the SRTP receiver can be
- forgeries. This fraction is negligible when an adversary, if given
- control of the forged packets, is not able to make a significant
- impact on the output of the RTP application (see the example of
- Section 7.5).
-
- Weak or null authentication MAY be acceptable when it is unlikely
- that an adversary can modify ciphertext so that it decrypts to an
- intelligible value. One important case is when it is difficult for
- an adversary to acquire the RTP plaintext data, since for many
- codecs, an adversary that does not know the input signal cannot
- manipulate the output signal in a controlled way. In many cases it
- may be difficult for the adversary to determine the actual value of
- the plaintext. For example, a hidden snooping device might be
- required in order to know a live audio or video signal. The
- adversary's signal must have a quality equivalent to or greater than
- that of the signal under attack, since otherwise the adversary would
- not have enough information to encode that signal with the codec used
- by the victim. Plaintext prediction may also be especially difficult
- for an interactive application such as a telephone call.
-
- Weak or null authentication MUST NOT be used when the RTP application
- makes data forwarding or access control decisions based on the RTP
- data. In such a case, an attacker may be able to subvert
- confidentiality by causing the receiver to forward data to an
- attacker. See Section 3 of [B96] for a real-life example of such
- attacks.
-
- Null authentication MUST NOT be used when a replay attack, in which
- an adversary stores packets then replays them later in the session,
- could have a non-negligible impact on the receiver. An example of a
- successful replay attack is the storing of the output of a
- surveillance camera for a period of time, later followed by the
-
-
-
-
-
-Baugher, et al. Standards Track [Page 41]
-\f
-RFC 3711 SRTP March 2004
-
-
- injection of that output to the monitoring station to avoid
- surveillance. Encryption does not protect against this attack, and
- non-null authentication is REQUIRED in order to defeat it.
-
- If existential message forgery is an issue, i.e., when the accuracy
- of the received data is of non-negligible importance, null
- authentication MUST NOT be used.
-
-9.5.1. Risks of Weak or Null Message Authentication
-
- During a security audit considering the use of weak or null
- authentication, it is important to keep in mind the following attacks
- which are possible when no message authentication algorithm is used.
-
- An attacker who cannot predict the plaintext is still always able to
- modify the message sent between the sender and the receiver so that
- it decrypts to a random plaintext value, or to send a stream of bogus
- packets to the receiver that will decrypt to random plaintext values.
- This attack is essentially a denial of service attack, though in the
- absence of message authentication, the RTP application will have
- inputs that are bit-wise correlated with the true value. Some
- multimedia codecs and common operating systems will crash when such
- data are accepted as valid video data. This denial of service attack
- may be a much larger threat than that due to an attacker dropping,
- delaying, or re-ordering packets.
-
- An attacker who cannot predict the plaintext can still replay a
- previous message with certainty that the receiver will accept it.
- Applications with stateless codecs might be robust against this type
- of attack, but for other, more complex applications these attacks may
- be far more grave.
-
- An attacker who can predict the plaintext can modify the ciphertext
- so that it will decrypt to any value of her choosing. With an
- additive stream cipher, an attacker will always be able to change
- individual bits.
-
- An attacker may be able to subvert confidentiality due to the lack of
- authentication when a data forwarding or access control decision is
- made on decrypted but unauthenticated plaintext. This is because the
- receiver may be fooled into forwarding data to an attacker, leading
- to an indirect breach of confidentiality (see Section 3 of [B96]).
- This is because data-forwarding decisions are made on the decrypted
- plaintext; information in the plaintext will determine to what subnet
- (or process) the plaintext is forwarded in ESP [RFC2401] tunnel mode
- (respectively, transport mode). When Secure RTP is used without
-
-
-
-
-
-Baugher, et al. Standards Track [Page 42]
-\f
-RFC 3711 SRTP March 2004
-
-
- message authentication, it should be verified that the application
- does not make data forwarding or access control decisions based on
- the decrypted plaintext.
-
- Some cipher modes of operation that require padding, e.g., standard
- cipher block chaining (CBC) are very sensitive to attacks on
- confidentiality if certain padding types are used in the absence of
- integrity. The attack [V02] shows that this is indeed the case for
- the standard RTP padding as discussed in reference to Figure 1, when
- used together with CBC mode. Later transform additions to SRTP MUST
- therefore carefully consider the risk of using this padding without
- proper integrity protection.
-
-9.5.2. Implicit Header Authentication
-
- The IV formation of the f8-mode gives implicit authentication (IHA)
- of the RTP header, even when message authentication is not used.
- When IHA is used, an attacker that modifies the value of the RTP
- header will cause the decryption process at the receiver to produce
- random plaintext values. While this protection is not equivalent to
- message authentication, it may be useful for some applications.
-
-10. Interaction with Forward Error Correction mechanisms
-
- The default processing when using Forward Error Correction (e.g., RFC
- 2733) processing with SRTP SHALL be to perform FEC processing prior
- to SRTP processing on the sender side and to perform SRTP processing
- prior to FEC processing on the receiver side. Any change to this
- ordering (reversing it, or, placing FEC between SRTP encryption and
- SRTP authentication) SHALL be signaled out of band.
-
-11. Scenarios
-
- SRTP can be used as security protocol for the RTP/RTCP traffic in
- many different scenarios. SRTP has a number of configuration
- options, in particular regarding key usage, and can have impact on
- the total performance of the application according to the way it is
- used. Hence, the use of SRTP is dependent on the kind of scenario
- and application it is used with. In the following, we briefly
- illustrate some use cases for SRTP, and give some guidelines for
- recommended setting of its options.
-
-11.1. Unicast
-
- A typical example would be a voice call or video-on-demand
- application.
-
-
-
-
-
-Baugher, et al. Standards Track [Page 43]
-\f
-RFC 3711 SRTP March 2004
-
-
- Consider one bi-directional RTP stream, as one RTP session. It is
- possible for the two parties to share the same master key in the two
- directions according to the principles of Section 9.1. The first
- round of the key derivation splits the master key into any or all of
- the following session keys (according to the provided security
- functions):
-
- SRTP_encr_key, SRTP_auth_key, SRTCP_encr_key, and SRTCP_auth key.
-
- (For simplicity, we omit discussion of the salts, which are also
- derived.) In this scenario, it will in most cases suffice to have a
- single master key with the default lifetime. This guarantees
- sufficiently long lifetime of the keys and a minimum set of keys in
- place for most practical purposes. Also, in this case RTCP
- protection can be applied smoothly. Under these assumptions, use of
- the MKI can be omitted. As the key-derivation in combination with
- large difference in the packet rate in the respective directions may
- require simultaneous storage of several session keys, if storage is
- an issue, we recommended to use low-rate key derivation.
-
- The same considerations can be extended to the unicast scenario with
- multiple RTP sessions, where each session would have a distinct
- master key.
-
-11.2. Multicast (one sender)
-
- Just as with (unprotected) RTP, a scalability issue arises in big
- groups due to the possibly very large amount of SRTCP Receiver
- Reports that the sender might need to process. In SRTP, the sender
- may have to keep state (the cryptographic context) for each receiver,
- or more precisely, for the SRTCP used to protect Receiver Reports.
- The overhead increases proportionally to the size of the group. In
- particular, re-keying requires special concern, see below.
-
- Consider first a small group of receivers. There are a few possible
- setups with the distribution of master keys among the receivers.
- Given a single RTP session, one possibility is that the receivers
- share the same master key as per Section 9.1 to secure all their
- respective RTCP traffic. This shared master key could then be the
- same one used by the sender to protect its outbound SRTP traffic.
- Alternatively, it could be a master key shared only among the
- receivers and used solely for their SRTCP traffic. Both alternatives
- require the receivers to trust each other.
-
- Considering SRTCP and key storage, it is recommended to use low-rate
- (or zero) key_derivation (except the mandatory initial one), so that
- the sender does not need to store too many session keys (each SRTCP
- stream might otherwise have a different session key at a given point
-
-
-
-Baugher, et al. Standards Track [Page 44]
-\f
-RFC 3711 SRTP March 2004
-
-
- in time, as the SRTCP sources send at different times). Thus, in
- case key derivation is wanted for SRTP, the cryptographic context for
- SRTP can be kept separate from the SRTCP crypto context, so that it
- is possible to have a key_derivation_rate of 0 for SRTCP and a non-
- zero value for SRTP.
-
- Use of the MKI for re-keying is RECOMMENDED for most applications
- (see Section 8.1).
-
- If there are more than one SRTP/SRTCP stream (within the same RTP
- session) that share the master key, the upper limit of 2^48 SRTP
- packets / 2^31 SRTCP packets means that, before one of the streams
- reaches its maximum number of packets, re-keying MUST be triggered on
- ALL streams sharing the master key. (From strict security point of
- view, only the stream reaching the maximum would need to be re-keyed,
- but then the streams would no longer be sharing master key, which is
- the intention.) A local policy at the sender side should force
- rekeying in a way that the maximum packet limit is not reached on any
- of the streams. Use of the MKI for re-keying is RECOMMENDED.
-
- In large multicast with one sender, the same considerations as for
- the small group multicast hold. The biggest issue in this scenario
- is the additional load placed at the sender side, due to the state
- (cryptographic contexts) that has to be maintained for each receiver,
- sending back RTCP Receiver Reports. At minimum, a replay window
- might need to be maintained for each RTCP source.
-
-11.3. Re-keying and access control
-
- Re-keying may occur due to access control (e.g., when a member is
- removed during a multicast RTP session), or for pure cryptographic
- reasons (e.g., the key is at the end of its lifetime). When using
- SRTP default transforms, the master key MUST be replaced before any
- of the index spaces are exhausted for any of the streams protected by
- one and the same master key.
-
- How key management re-keys SRTP implementations is out of scope, but
- it is clear that there are straightforward ways to manage keys for a
- multicast group. In one-sender multicast, for example, it is
- typically the responsibility of the sender to determine when a new
- key is needed. The sender is the one entity that can keep track of
- when the maximum number of packets has been sent, as receivers may
- join and leave the session at any time, there may be packet loss and
- delay etc. In scenarios other than one-sender multicast, other
- methods can be used. Here, one must take into consideration that key
- exchange can be a costly operation, taking several seconds for a
- single exchange. Hence, some time before the master key is
- exhausted/expires, out-of-band key management is initiated, resulting
-
-
-
-Baugher, et al. Standards Track [Page 45]
-\f
-RFC 3711 SRTP March 2004
-
-
- in a new master key that is shared with the receiver(s). In any
- event, to maintain synchronization when switching to the new key,
- group policy might choose between using the MKI and the <From, To>,
- as described in Section 8.1.
-
- For access control purposes, the <From, To> periods are set at the
- desired granularity, dependent on the packet rate. High rate re-
- keying can be problematic for SRTCP in some large-group scenarios.
- As mentioned, there are potential problems in using the SRTP index,
- rather than the SRTCP index, for determining the master key. In
- particular, for short periods during switching of master keys, it may
- be the case that SRTCP packets are not under the current master key
- of the correspondent SRTP. Therefore, using the MKI for re-keying in
- such scenarios will produce better results.
-
-11.4. Summary of basic scenarios
-
- The description of these scenarios highlights some recommendations on
- the use of SRTP, mainly related to re-keying and large scale
- multicast:
-
- - Do not use fast re-keying with the <From, To> feature. It may, in
- particular, give problems in retrieving the correct SRTCP key, if
- an SRTCP packet arrives close to the re-keying time. The MKI
- SHOULD be used in this case.
-
- - If multiple SRTP streams in the same RTP session share the same
- master key, also moderate rate re-keying MAY have the same
- problems, and the MKI SHOULD be used.
-
- - Though offering increased security, a non-zero key_derivation_rate
- is NOT RECOMMENDED when trying to minimize the number of keys in
- use with multiple streams.
-
-12. IANA Considerations
-
- The RTP specification establishes a registry of profile names for use
- by higher-level control protocols, such as the Session Description
- Protocol (SDP), to refer to transport methods. This profile
- registers the name "RTP/SAVP".
-
- SRTP uses cryptographic transforms which a key management protocol
- signals. It is the task of each particular key management protocol
- to register the cryptographic transforms or suites of transforms with
- IANA. The key management protocol conveys these protocol numbers,
- not SRTP, and each key management protocol chooses the numbering
- scheme and syntax that it requires.
-
-
-
-
-Baugher, et al. Standards Track [Page 46]
-\f
-RFC 3711 SRTP March 2004
-
-
- Specification of a key management protocol for SRTP is out of scope
- here. Section 8.2, however, provides guidance on the parameters that
- need to be defined for the default and mandatory transforms.
-
-13. Acknowledgements
-
- David Oran (Cisco) and Rolf Blom (Ericsson) are co-authors of this
- document but their valuable contributions are acknowledged here to
- keep the length of the author list down.
-
- The authors would in addition like to thank Magnus Westerlund, Brian
- Weis, Ghyslain Pelletier, Morgan Lindqvist, Robert Fairlie-
- Cuninghame, Adrian Perrig, the AVT WG and in particular the chairmen
- Colin Perkins and Stephen Casner, the Transport and Security Area
- Directors, and Eric Rescorla for their reviews and support.
-
-14. References
-
-14.1. Normative References
-
- [AES] NIST, "Advanced Encryption Standard (AES)", FIPS PUB 197,
- http://www.nist.gov/aes/
-
- [RFC2104] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-
- Hashing for Message Authentication", RFC 2104, February
- 1997.
-
- [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119, March 1997.
-
- [RFC2401] Kent, S. and R. Atkinson, "Security Architecture for
- Internet Protocol", RFC 2401, November 1998.
-
- [RFC2828] Shirey, R., "Internet Security Glossary", FYI 36, RFC 2828,
- May 2000.
-
- [RFC3550] Schulzrinne, H., Casner, S., Frederick, R. and V. Jacobson,
- "RTP: A Transport Protocol for Real-time Applications", RFC
- 3550, July 2003.
-
- [RFC3551] Schulzrinne, H. and S. Casner, "RTP Profile for Audio and
- Video Conferences with Minimal Control", RFC 3551, July
- 2003.
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 47]
-\f
-RFC 3711 SRTP March 2004
-
-
-14.2. Informative References
-
- [AES-CTR] Lipmaa, H., Rogaway, P. and D. Wagner, "CTR-Mode
- Encryption", NIST, http://csrc.nist.gov/encryption/modes/
- workshop1/papers/lipmaa-ctr.pdf
-
- [B96] Bellovin, S., "Problem Areas for the IP Security
- Protocols," in Proceedings of the Sixth Usenix Unix
- Security Symposium, pp. 1-16, San Jose, CA, July 1996
- (http://www.research.att.com/~smb/papers/index.html).
-
- [BDJR] Bellare, M., Desai, A., Jokipii, E. and P. Rogaway, "A
- Concrete Treatment of Symmetric Encryption: Analysis of DES
- Modes of Operation", Proceedings 38th IEEE FOCS, pp. 394-
- 403, 1997.
-
- [BS00] Biryukov, A. and A. Shamir, "Cryptanalytic Time/Memory/Data
- Tradeoffs for Stream Ciphers", Proceedings, ASIACRYPT 2000,
- LNCS 1976, pp. 1-13, Springer Verlag.
-
- [C99] Crowell, W. P., "Introduction to the VENONA Project",
- http://www.nsa.gov:8080/docs/venona/index.html.
-
- [CTR] Dworkin, M., NIST Special Publication 800-38A,
- "Recommendation for Block Cipher Modes of Operation:
- Methods and Techniques", 2001.
- http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-
- 38a.pdf.
-
- [f8-a] 3GPP TS 35.201 V4.1.0 (2001-12) Technical Specification 3rd
- Generation Partnership Project; Technical Specification
- Group Services and System Aspects; 3G Security;
- Specification of the 3GPP Confidentiality and Integrity
- Algorithms; Document 1: f8 and f9 Specification (Release
- 4).
-
- [f8-b] 3GPP TR 33.908 V4.0.0 (2001-09) Technical Report 3rd
- Generation Partnership Project; Technical Specification
- Group Services and System Aspects; 3G Security; General
- Report on the Design, Specification and Evaluation of 3GPP
- Standard Confidentiality and Integrity Algorithms (Release
- 4).
-
- [GDOI] Baugher, M., Weis, B., Hardjono, T. and H. Harney, "The
- Group Domain of Interpretation, RFC 3547, July 2003.
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 48]
-\f
-RFC 3711 SRTP March 2004
-
-
- [HAC] Menezes, A., Van Oorschot, P. and S. Vanstone, "Handbook
- of Applied Cryptography", CRC Press, 1997, ISBN 0-8493-
- 8523-7.
-
- [H80] Hellman, M. E., "A cryptanalytic time-memory trade-off",
- IEEE Transactions on Information Theory, July 1980, pp.
- 401-406.
-
- [IK] T. Iwata and T. Kohno: "New Security Proofs for the 3GPP
- Confidentiality and Integrity Algorithms", Proceedings of
- FSE 2004.
-
- [KINK] Thomas, M. and J. Vilhuber, "Kerberized Internet
- Negotiation of Keys (KINK)", Work in Progress.
-
- [KEYMGT] Arrko, J., et al., "Key Management Extensions for Session
- Description Protocol (SDP) and Real Time Streaming Protocol
- (RTSP)", Work in Progress.
-
- [KSYH] Kang, J-S., Shin, S-U., Hong, D. and O. Yi, "Provable
- Security of KASUMI and 3GPP Encryption Mode f8",
- Proceedings Asiacrypt 2001, Springer Verlag LNCS 2248, pp.
- 255-271, 2001.
-
- [MIKEY] Arrko, J., et. al., "MIKEY: Multimedia Internet KEYing",
- Work in Progress.
-
- [MF00] McGrew, D. and S. Fluhrer, "Attacks on Encryption of
- Redundant Plaintext and Implications on Internet Security",
- the Proceedings of the Seventh Annual Workshop on Selected
- Areas in Cryptography (SAC 2000), Springer-Verlag.
-
- [PCST1] Perrig, A., Canetti, R., Tygar, D. and D. Song, "Efficient
- and Secure Source Authentication for Multicast", in Proc.
- of Network and Distributed System Security Symposium NDSS
- 2001, pp. 35-46, 2001.
-
- [PCST2] Perrig, A., Canetti, R., Tygar, D. and D. Song, "Efficient
- Authentication and Signing of Multicast Streams over Lossy
- Channels", in Proc. of IEEE Security and Privacy Symposium
- S&P2000, pp. 56-73, 2000.
-
- [RFC1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
- Recommendations for Security", RFC 1750, December 1994.
-
- [RFC2675] Borman, D., Deering, S. and R. Hinden, "IPv6 Jumbograms",
- RFC 2675, August 1999.
-
-
-
-
-Baugher, et al. Standards Track [Page 49]
-\f
-RFC 3711 SRTP March 2004
-
-
- [RFC3095] Bormann, C., Burmeister, C., Degermark, M., Fukuhsima, H.,
- Hannu, H., Jonsson, L-E., Hakenberg, R., Koren, T., Le, K.,
- Liu, Z., Martensson, A., Miyazaki, A., Svanbro, K., Wiebke,
- T., Yoshimura, T. and H. Zheng, "RObust Header Compression:
- Framework and Four Profiles: RTP, UDP, ESP, and
- uncompressed (ROHC)", RFC 3095, July 2001.
-
- [RFC3242] Jonsson, L-E. and G. Pelletier, "RObust Header Compression
- (ROHC): A Link-Layer Assisted Profile for IP/UDP/RTP ", RFC
- 3242, April 2002.
-
- [SDMS] Andreasen, F., Baugher, M. and D. Wing, "Session
- Description Protocol Security Descriptions for Media
- Streams", Work in Progress.
-
- [SWO] Svanbro, K., Wiorek, J. and B. Olin, "Voice-over-IP-over-
- wireless", Proc. PIMRC 2000, London, Sept. 2000.
-
- [V02] Vaudenay, S., "Security Flaws Induced by CBC Padding -
- Application to SSL, IPsec, WTLS...", Advances in
- Cryptology, EUROCRYPT'02, LNCS 2332, pp. 534-545.
-
- [WC81] Wegman, M. N., and J.L. Carter, "New Hash Functions and
- Their Use in Authentication and Set Equality", JCSS 22,
- 265-279, 1981.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 50]
-\f
-RFC 3711 SRTP March 2004
-
-
-Appendix A: Pseudocode for Index Determination
-
- The following is an example of pseudo-code for the algorithm to
- determine the index i of an SRTP packet with sequence number SEQ. In
- the following, signed arithmetic is assumed.
-
- if (s_l < 32,768)
- if (SEQ - s_l > 32,768)
- set v to (ROC-1) mod 2^32
- else
- set v to ROC
- endif
- else
- if (s_l - 32,768 > SEQ)
- set v to (ROC+1) mod 2^32
- else
- set v to ROC
- endif
- endif
- return SEQ + v*65,536
-
-Appendix B: Test Vectors
-
- All values are in hexadecimal.
-
-B.1. AES-f8 Test Vectors
-
- SRTP PREFIX LENGTH : 0
-
- RTP packet header : 806e5cba50681de55c621599
-
- RTP packet payload : 70736575646f72616e646f6d6e657373
- 20697320746865206e65787420626573
- 74207468696e67
-
- ROC : d462564a
- key : 234829008467be186c3de14aae72d62c
- salt key : 32f2870d
- key-mask (m) : 32f2870d555555555555555555555555
- key XOR key-mask : 11baae0dd132eb4d3968b41ffb278379
-
- IV : 006e5cba50681de55c621599d462564a
- IV' : 595b699bbd3bc0df26062093c1ad8f73
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 51]
-\f
-RFC 3711 SRTP March 2004
-
-
- j = 0
- IV' xor j : 595b699bbd3bc0df26062093c1ad8f73
- S(-1) : 00000000000000000000000000000000
- IV' xor S(-1) xor j : 595b699bbd3bc0df26062093c1ad8f73
- S(0) : 71ef82d70a172660240709c7fbb19d8e
- plaintext : 70736575646f72616e646f6d6e657373
- ciphertext : 019ce7a26e7854014a6366aa95d4eefd
-
- j = 1
- IV' xor j : 595b699bbd3bc0df26062093c1ad8f72
- S(0) : 71ef82d70a172660240709c7fbb19d8e
- IV' xor S(0) xor j : 28b4eb4cb72ce6bf020129543a1c12fc
- S(1) : 3abd640a60919fd43bd289a09649b5fc
- plaintext : 20697320746865206e65787420626573
- ciphertext : 1ad4172a14f9faf455b7f1d4b62bd08f
-
- j = 2
- IV' xor j : 595b699bbd3bc0df26062093c1ad8f71
- S(1) : 3abd640a60919fd43bd289a09649b5fc
- IV' xor S(1) xor j : 63e60d91ddaa5f0b1dd4a93357e43a8d
- S(2) : 220c7a8715266565b09ecc8a2a62b11b
- plaintext : 74207468696e67
- ciphertext : 562c0eef7c4802
-
-B.2. AES-CM Test Vectors
-
- Keystream segment length: 1044512 octets (65282 AES blocks)
- Session Key: 2B7E151628AED2A6ABF7158809CF4F3C
- Rollover Counter: 00000000
- Sequence Number: 0000
- SSRC: 00000000
- Session Salt: F0F1F2F3F4F5F6F7F8F9FAFBFCFD0000 (already shifted)
- Offset: F0F1F2F3F4F5F6F7F8F9FAFBFCFD0000
-
- Counter Keystream
-
- F0F1F2F3F4F5F6F7F8F9FAFBFCFD0000 E03EAD0935C95E80E166B16DD92B4EB4
- F0F1F2F3F4F5F6F7F8F9FAFBFCFD0001 D23513162B02D0F72A43A2FE4A5F97AB
- F0F1F2F3F4F5F6F7F8F9FAFBFCFD0002 41E95B3BB0A2E8DD477901E4FCA894C0
- ... ...
- F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF EC8CDF7398607CB0F2D21675EA9EA1E4
- F0F1F2F3F4F5F6F7F8F9FAFBFCFDFF00 362B7C3C6773516318A077D7FC5073AE
- F0F1F2F3F4F5F6F7F8F9FAFBFCFDFF01 6A2CC3787889374FBEB4C81B17BA6C44
-
- Nota Bene: this test case is contrived so that the latter part of the
- keystream segment coincides with the test case in Section F.5.1 of
- [CTR].
-
-
-
-
-Baugher, et al. Standards Track [Page 52]
-\f
-RFC 3711 SRTP March 2004
-
-
-B.3. Key Derivation Test Vectors
-
- This section provides test data for the default key derivation
- function, which uses AES-128 in Counter Mode. In the following, we
- walk through the initial key derivation for the AES-128 Counter Mode
- cipher, which requires a 16 octet session encryption key and a 14
- octet session salt, and an authentication function which requires a
- 94-octet session authentication key. These values are called the
- cipher key, the cipher salt, and the auth key in the following.
- Since this is the initial key derivation and the key derivation rate
- is equal to zero, the value of (index DIV key_derivation_rate) is
- zero (actually, a six-octet string of zeros). In the following, we
- shorten key_derivation_rate to kdr.
-
- The inputs to the key derivation function are the 16 octet master key
- and the 14 octet master salt:
-
- master key: E1F97A0D3E018BE0D64FA32C06DE4139
- master salt: 0EC675AD498AFEEBB6960B3AABE6
-
- We first show how the cipher key is generated. The input block for
- AES-CM is generated by exclusive-oring the master salt with the
- concatenation of the encryption key label 0x00 with (index DIV kdr),
- then padding on the right with two null octets (which implements the
- multiply-by-2^16 operation, see Section 4.3.3). The resulting value
- is then AES-CM- encrypted using the master key to get the cipher key.
-
- index DIV kdr: 000000000000
- label: 00
- master salt: 0EC675AD498AFEEBB6960B3AABE6
- -----------------------------------------------
- xor: 0EC675AD498AFEEBB6960B3AABE6 (x, PRF input)
-
- x*2^16: 0EC675AD498AFEEBB6960B3AABE60000 (AES-CM input)
-
- cipher key: C61E7A93744F39EE10734AFE3FF7A087 (AES-CM output)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 53]
-\f
-RFC 3711 SRTP March 2004
-
-
- Next, we show how the cipher salt is generated. The input block for
- AES-CM is generated by exclusive-oring the master salt with the
- concatenation of the encryption salt label. That value is padded and
- encrypted as above.
-
- index DIV kdr: 000000000000
- label: 02
- master salt: 0EC675AD498AFEEBB6960B3AABE6
-
- ----------------------------------------------
- xor: 0EC675AD498AFEE9B6960B3AABE6 (x, PRF input)
-
- x*2^16: 0EC675AD498AFEE9B6960B3AABE60000 (AES-CM input)
-
- 30CBBC08863D8C85D49DB34A9AE17AC6 (AES-CM ouptut)
-
- cipher salt: 30CBBC08863D8C85D49DB34A9AE1
-
- We now show how the auth key is generated. The input block for AES-
- CM is generated as above, but using the authentication key label.
-
- index DIV kdr: 000000000000
- label: 01
- master salt: 0EC675AD498AFEEBB6960B3AABE6
- -----------------------------------------------
- xor: 0EC675AD498AFEEAB6960B3AABE6 (x, PRF input)
-
- x*2^16: 0EC675AD498AFEEAB6960B3AABE60000 (AES-CM input)
-
- Below, the auth key is shown on the left, while the corresponding AES
- input blocks are shown on the right.
-
- auth key AES input blocks
- CEBE321F6FF7716B6FD4AB49AF256A15 0EC675AD498AFEEAB6960B3AABE60000
- 6D38BAA48F0A0ACF3C34E2359E6CDBCE 0EC675AD498AFEEAB6960B3AABE60001
- E049646C43D9327AD175578EF7227098 0EC675AD498AFEEAB6960B3AABE60002
- 6371C10C9A369AC2F94A8C5FBCDDDC25 0EC675AD498AFEEAB6960B3AABE60003
- 6D6E919A48B610EF17C2041E47403576 0EC675AD498AFEEAB6960B3AABE60004
- 6B68642C59BBFC2F34DB60DBDFB2 0EC675AD498AFEEAB6960B3AABE60005
-
-
-
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 54]
-\f
-RFC 3711 SRTP March 2004
-
-
-Authors' Addresses
-
- Questions and comments should be directed to the authors and
- avt@ietf.org:
-
- Mark Baugher
- Cisco Systems, Inc.
- 5510 SW Orchid Street
- Portland, OR 97219 USA
-
- Phone: +1 408-853-4418
- EMail: mbaugher@cisco.com
-
-
- Elisabetta Carrara
- Ericsson Research
- SE-16480 Stockholm
- Sweden
-
- Phone: +46 8 50877040
- EMail: elisabetta.carrara@ericsson.com
-
-
- David A. McGrew
- Cisco Systems, Inc.
- San Jose, CA 95134-1706
- USA
-
- Phone: +1 301-349-5815
- EMail: mcgrew@cisco.com
-
-
- Mats Naslund
- Ericsson Research
- SE-16480 Stockholm
- Sweden
-
- Phone: +46 8 58533739
- EMail: mats.naslund@ericsson.com
-
-
- Karl Norrman
- Ericsson Research
- SE-16480 Stockholm
- Sweden
-
- Phone: +46 8 4044502
- EMail: karl.norrman@ericsson.com
-
-
-
-Baugher, et al. Standards Track [Page 55]
-\f
-RFC 3711 SRTP March 2004
-
-
-Full Copyright Statement
-
- Copyright (C) The Internet Society (2004). This document is subject
- to the rights, licenses and restrictions contained in BCP 78 and
- except as set forth therein, the authors retain all their rights.
-
- This document and the information contained herein are provided on an
- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Intellectual Property
-
- The IETF takes no position regarding the validity or scope of any
- Intellectual Property Rights or other rights that might be claimed to
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; nor does it represent that it has
- made any independent effort to identify any such rights. Information
- on the procedures with respect to rights in RFC documents can be
- found in BCP 78 and BCP 79.
-
- Copies of IPR disclosures made to the IETF Secretariat and any
- assurances of licenses to be made available, or the result of an
- attempt made to obtain a general license or permission for the use of
- such proprietary rights by implementers or users of this
- specification can be obtained from the IETF on-line IPR repository at
- http://www.ietf.org/ipr.
-
- The IETF invites any interested party to bring to its attention any
- copyrights, patents or patent applications, or other proprietary
- rights that may cover technology that may be required to implement
- this standard. Please address the information to the IETF at ietf-
- ipr@ietf.org.
-
-Acknowledgement
-
- Funding for the RFC Editor function is currently provided by the
- Internet Society.
-
-
-
-
-
-
-
-
-
-Baugher, et al. Standards Track [Page 56]
-\f
*/
/*
*
- * Copyright (c) 2001-2005 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*
*/
-#ifndef EKT_H
-#define EKT_H
+#ifndef SRTP_EKT_H
+#define SRTP_EKT_H
+
+// left in commented out as reminder to not include private headers
+//#include "srtp_priv.h"
#ifdef __cplusplus
extern "C" {
#endif
-#include "srtp_priv.h"
-
-#define EKT_CIPHER_DEFAULT 1
-#define EKT_CIPHER_AES_128_ECB 1
-#define EKT_CIPHER_AES_192_KEY_WRAP 2
-#define EKT_CIPHER_AES_256_KEY_WRAP 3
+#define SRTP_EKT_CIPHER_DEFAULT 1
+#define SRTP_EKT_CIPHER_AES_128_ECB 1
+#define SRTP_EKT_CIPHER_AES_192_KEY_WRAP 2
+#define SRTP_EKT_CIPHER_AES_256_KEY_WRAP 3
-typedef uint16_t ekt_spi_t;
+typedef uint16_t srtp_ekt_spi_t;
-unsigned
-ekt_octets_after_base_tag(ekt_stream_t ekt);
+unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt);
/*
* an srtp_policy_t structure can contain a pointer to an
- * ekt_policy_t structure
+ * srtp_ekt_policy_t structure
*
* this structure holds all of the high level EKT information, and it
* is passed into libsrtp to indicate what policy should be in effect
*/
-typedef struct ekt_policy_ctx_t {
- ekt_spi_t spi; /* security parameter index */
+typedef struct srtp_ekt_policy_ctx_t {
+ srtp_ekt_spi_t spi; /* security parameter index */
uint8_t ekt_cipher_type;
uint8_t *ekt_key;
- struct ekt_policy_ctx_t *next_ekt_policy;
-} ekt_policy_ctx_t;
+ struct srtp_ekt_policy_ctx_t *next_ekt_policy;
+} srtp_ekt_policy_ctx_t;
/*
- * an ekt_data_t structure holds the data corresponding to an ekt key,
+ * an srtp_ekt_data_t structure holds the data corresponding to an ekt key,
* spi, and so on
*/
-typedef struct ekt_data_t {
- ekt_spi_t spi;
+typedef struct srtp_ekt_data_t {
+ srtp_ekt_spi_t spi;
uint8_t ekt_cipher_type;
- aes_expanded_key_t ekt_enc_key;
- aes_expanded_key_t ekt_dec_key;
+ srtp_aes_expanded_key_t ekt_enc_key;
+ srtp_aes_expanded_key_t ekt_dec_key;
struct ekt_data_t *next_ekt_data;
-} ekt_data_t;
+} srtp_ekt_data_t;
/*
- * an srtp_stream_ctx_t can contain an ekt_stream_ctx_t
+ * an srtp_stream_ctx_t can contain an srtp_ekt_stream_ctx_t
*
- * an ekt_stream_ctx_t structure holds all of the EKT information for
+ * an srtp_ekt_stream_ctx_t structure holds all of the EKT information for
* a specific SRTP stream
*/
-typedef struct ekt_stream_ctx_t {
- ekt_data_t *data;
- uint16_t isn; /* initial sequence number */
- uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN];
-} ekt_stream_ctx_t;
+typedef struct srtp_ekt_stream_ctx_t {
+ srtp_ekt_data_t *data;
+ uint16_t isn; /* initial sequence number */
+ uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN];
+} srtp_ekt_stream_ctx_t;
-err_status_t
-ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy);
+srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, srtp_ekt_policy_t policy);
-err_status_t
-ekt_stream_init(ekt_stream_t e,
- ekt_spi_t spi,
- void *ekt_key,
- unsigned ekt_cipher_type);
+srtp_err_status_t srtp_ekt_stream_init(srtp_ekt_stream_t e, srtp_ekt_spi_t spi, void *ekt_key, unsigned ekt_cipher_type);
-err_status_t
-ekt_stream_init_from_policy(ekt_stream_t e, ekt_policy_t p);
+srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t e, srtp_ekt_policy_t p);
-err_status_t
-srtp_stream_init_from_ekt(srtp_stream_t stream,
- const void *srtcp_hdr,
- unsigned pkt_octet_len);
+srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, const void *srtcp_hdr, unsigned pkt_octet_len);
-void
-ekt_write_data(ekt_stream_t ekt,
- uint8_t *base_tag,
- unsigned base_tag_len,
- int *packet_len,
- xtd_seq_num_t pkt_index);
+void srtp_ekt_write_data(srtp_ekt_stream_t ekt, uint8_t *base_tag, unsigned base_tag_len, int *packet_len, srtp_xtd_seq_num_t pkt_index);
/*
* We handle EKT by performing some additional steps before
* With EKT, the tag_len parameter is actually the base tag
* length
*/
+srtp_err_status_t srtp_ekt_tag_verification_preproces(uint8_t *pkt_tag, uint8_t *pkt_tag_copy, unsigned tag_len);
-err_status_t
-ekt_tag_verification_preproces(uint8_t *pkt_tag,
- uint8_t *pkt_tag_copy,
- unsigned tag_len);
-
-err_status_t
-ekt_tag_verification_postproces(uint8_t *pkt_tag,
- uint8_t *pkt_tag_copy,
- unsigned tag_len);
+srtp_err_status_t srtp_ekt_tag_verification_postproces(uint8_t *pkt_tag, uint8_t *pkt_tag_copy, unsigned tag_len);
/*
* When EKT is not used, this function is a no-op.
*
*/
-
-err_status_t
-srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_stream_t *s,
- uint8_t *pkt_tag,
- unsigned pkt_octet_len);
+srtp_err_status_t srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_stream_t *s, uint8_t *pkt_tag, unsigned pkt_octet_len);
/* it's not clear that a tag_generation_postprocess function is needed */
-
-err_status_t
-srtcp_auth_tag_generation_postprocess(void);
+srtp_err_status_t srtcp_auth_tag_generation_postprocess(void);
#ifdef __cplusplus
}
#endif
-#endif /* EKT_H */
+#endif /* SRTP_EKT_H */
*/
/*
*
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#ifndef GETOPT_S_H
#define GETOPT_S_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/*
* getopt_s(), optarg_s, and optind_s are small, locally defined
* versions of the POSIX standard getopt() interface.
extern int optind_s; /* defined in getopt.c */
+#ifdef __cplusplus
+}
+#endif
+
#endif /* GETOPT_S_H */
*/
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
-#ifndef SRTP_H
-#define SRTP_H
+#ifndef SRTP_SRTP_H
+#define SRTP_SRTP_H
+
+#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
-#include "crypto_kernel.h"
-
/**
* @defgroup SRTP Secure RTP
*
* SRTP_MAX_TAG_LEN is the maximum tag length supported by libSRTP
*/
-#define SRTP_MAX_TAG_LEN 12
+#define SRTP_MAX_TAG_LEN 16
+
+/**
+ * SRTP_MAX_MKI_LEN is the maximum size the MKI could be which is
+ * 128 bytes
+ */
+#define SRTP_MAX_MKI_LEN 128
+
/**
* SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer
* (authentication tag and MKI) supported by libSRTP. This value is
- * the maximum number of octets that will be added to an RTP packet by
+ * the maixmum number of octets that will be added to an RTP packet by
* srtp_protect().
*
* @brief the maximum number of octets added by srtp_protect().
*/
-#define SRTP_MAX_TRAILER_LEN SRTP_MAX_TAG_LEN
+#define SRTP_MAX_TRAILER_LEN (SRTP_MAX_TAG_LEN + SRTP_MAX_MKI_LEN)
+
+/**
+ * SRTP_MAX_NUM_MASTER_KEYS is the maximum number of Master keys for
+ * MKI supported by libSRTP.
+ *
+ */
+#define SRTP_MAX_NUM_MASTER_KEYS 16
+#define SRTP_SALT_LEN 14
/*
- * SRTP_AEAD_SALT_LEN is the length of the SALT values used with
+ * SRTP_AEAD_SALT_LEN is the length of the SALT values used with
* GCM mode. GCM mode requires an IV. The SALT value is used
* as part of the IV formation logic applied to each RTP packet.
*/
-#define SRTP_AEAD_SALT_LEN 12
-#define AES_128_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 16
-#define AES_192_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 24
-#define AES_256_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 32
+#define SRTP_AEAD_SALT_LEN 12
+
+#define SRTP_AES_128_KEY_LEN 16
+#define SRTP_AES_192_KEY_LEN 24
+#define SRTP_AES_256_KEY_LEN 32
+
+#define SRTP_AES_ICM_128_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_128_KEY_LEN)
+#define SRTP_AES_ICM_192_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_192_KEY_LEN)
+#define SRTP_AES_ICM_256_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_256_KEY_LEN)
+
+#define SRTP_AES_GCM_128_KEY_LEN_WSALT (SRTP_AEAD_SALT_LEN + SRTP_AES_128_KEY_LEN)
+#define SRTP_AES_GCM_192_KEY_LEN_WSALT (SRTP_AEAD_SALT_LEN + SRTP_AES_192_KEY_LEN)
+#define SRTP_AES_GCM_256_KEY_LEN_WSALT (SRTP_AEAD_SALT_LEN + SRTP_AES_256_KEY_LEN)
+
+/**
+ * @brief A srtp_cipher_type_id_t is an identifier for a particular cipher
+ * type.
+ *
+ * A srtp_cipher_type_id_t is an integer that represents a particular
+ * cipher type, e.g. the Advanced Encryption Standard (AES). A
+ * SRTP_NULL_CIPHER is avaliable; this cipher leaves the data unchanged,
+ * and can be selected to indicate that no encryption is to take
+ * place.
+ *
+ * @ingroup Ciphers
+ */
+typedef uint32_t srtp_cipher_type_id_t;
+/**
+ * @brief An srtp_auth_type_id_t is an identifier for a particular authentication
+ * function.
+ *
+ * An srtp_auth_type_id_t is an integer that represents a particular
+ * authentication function type, e.g. HMAC-SHA1. A SRTP_NULL_AUTH is
+ * avaliable; this authentication function performs no computation,
+ * and can be selected to indicate that no authentication is to take
+ * place.
+ *
+ * @ingroup Authentication
+ */
+typedef uint32_t srtp_auth_type_id_t;
-/*
- * nota bene: since libSRTP doesn't support the use of the MKI, the
- * SRTP_MAX_TRAILER_LEN value is just the maximum tag length
+/**
+ * @brief srtp_err_status_t defines error codes.
+ *
+ * The enumeration srtp_err_status_t defines error codes. Note that the
+ * value of srtp_err_status_ok is equal to zero, which can simplify error
+ * checking somewhat.
+ *
*/
+typedef enum {
+ srtp_err_status_ok = 0, /**< nothing to report */
+ srtp_err_status_fail = 1, /**< unspecified failure */
+ srtp_err_status_bad_param = 2, /**< unsupported parameter */
+ srtp_err_status_alloc_fail = 3, /**< couldn't allocate memory */
+ srtp_err_status_dealloc_fail = 4, /**< couldn't deallocate properly */
+ srtp_err_status_init_fail = 5, /**< couldn't initialize */
+ srtp_err_status_terminus = 6, /**< can't process as much data as requested */
+ srtp_err_status_auth_fail = 7, /**< authentication failure */
+ srtp_err_status_cipher_fail = 8, /**< cipher failure */
+ srtp_err_status_replay_fail = 9, /**< replay check failed (bad index) */
+ srtp_err_status_replay_old = 10, /**< replay check failed (index too old) */
+ srtp_err_status_algo_fail = 11, /**< algorithm failed test routine */
+ srtp_err_status_no_such_op = 12, /**< unsupported operation */
+ srtp_err_status_no_ctx = 13, /**< no appropriate context found */
+ srtp_err_status_cant_check = 14, /**< unable to perform desired validation */
+ srtp_err_status_key_expired = 15, /**< can't use key any more */
+ srtp_err_status_socket_err = 16, /**< error in use of socket */
+ srtp_err_status_signal_err = 17, /**< error in use POSIX signals */
+ srtp_err_status_nonce_bad = 18, /**< nonce check failed */
+ srtp_err_status_read_fail = 19, /**< couldn't read data */
+ srtp_err_status_write_fail = 20, /**< couldn't write data */
+ srtp_err_status_parse_err = 21, /**< error parsing data */
+ srtp_err_status_encode_err = 22, /**< error encoding data */
+ srtp_err_status_semaphore_err = 23,/**< error while using semaphores */
+ srtp_err_status_pfkey_err = 24, /**< error while using pfkey */
+ srtp_err_status_bad_mki = 25, /**< error MKI present in packet is invalid */
+ srtp_err_status_pkt_idx_old = 26, /**< packet index is too old to consider */
+ srtp_err_status_pkt_idx_adv = 27 /**< packet index advanced, reset needed */
+} srtp_err_status_t;
+
+
+typedef struct srtp_ctx_t_ srtp_ctx_t;
/**
- * @brief sec_serv_t describes a set of security services.
+ * @brief srtp_sec_serv_t describes a set of security services.
*
- * A sec_serv_t enumeration is used to describe the particular
+ * A srtp_sec_serv_t enumeration is used to describe the particular
* security services that will be applied by a particular crypto
* policy (or other mechanism).
*/
sec_serv_conf = 1, /**< confidentiality */
sec_serv_auth = 2, /**< authentication */
sec_serv_conf_and_auth = 3 /**< confidentiality and authentication */
-} sec_serv_t;
+} srtp_sec_serv_t;
/**
- * @brief crypto_policy_t describes a particular crypto policy that
+ * @brief srtp_crypto_policy_t describes a particular crypto policy that
* can be applied to an SRTP stream.
*
- * A crypto_policy_t describes a particular cryptographic policy that
+ * A srtp_crypto_policy_t describes a particular cryptographic policy that
* can be applied to an SRTP or SRTCP stream. An SRTP session policy
* consists of a list of these policies, one for each SRTP stream
* in the session.
*/
-typedef struct crypto_policy_t {
- cipher_type_id_t cipher_type; /**< An integer representing
- * the type of cipher. */
+typedef struct srtp_crypto_policy_t {
+ srtp_cipher_type_id_t cipher_type; /**< An integer representing
+ * the type of cipher. */
int cipher_key_len; /**< The length of the cipher key
* in octets. */
- auth_type_id_t auth_type; /**< An integer representing the
- * authentication function. */
+ srtp_auth_type_id_t auth_type; /**< An integer representing the
+ * authentication function. */
int auth_key_len; /**< The length of the authentication
* function key in octets. */
int auth_tag_len; /**< The length of the authentication
* tag in octets. */
- sec_serv_t sec_serv; /**< The flag indicating the security
+ srtp_sec_serv_t sec_serv; /**< The flag indicating the security
* services to be applied. */
-} crypto_policy_t;
+} srtp_crypto_policy_t;
/**
- * @brief ssrc_type_t describes the type of an SSRC.
+ * @brief srtp_ssrc_type_t describes the type of an SSRC.
*
- * An ssrc_type_t enumeration is used to indicate a type of SSRC. See
+ * An srtp_ssrc_type_t enumeration is used to indicate a type of SSRC. See
* @ref srtp_policy_t for more informataion.
*/
ssrc_any_outbound = 3 /**< Indicates any outbound SSRC value
(i.e. a value that is used in the
function srtp_protect()) */
-} ssrc_type_t;
+} srtp_ssrc_type_t;
/**
- * @brief An ssrc_t represents a particular SSRC value, or a `wildcard' SSRC.
+ * @brief An srtp_ssrc_t represents a particular SSRC value, or a `wildcard' SSRC.
*
- * An ssrc_t represents a particular SSRC value (if its type is
+ * An srtp_ssrc_t represents a particular SSRC value (if its type is
* ssrc_specific), or a wildcard SSRC value that will match all
* outbound SSRCs (if its type is ssrc_any_outbound) or all inbound
* SSRCs (if its type is ssrc_any_inbound).
*/
typedef struct {
- ssrc_type_t type; /**< The type of this particular SSRC */
- unsigned int value; /**< The value of this SSRC, if it is not a wildcard */
-} ssrc_t;
+ srtp_ssrc_type_t type; /**< The type of this particular SSRC */
+ unsigned int value; /**< The value of this SSRC, if it is not a wildcard */
+} srtp_ssrc_t;
/**
* @brief points to an EKT policy
*/
-typedef struct ekt_policy_ctx_t *ekt_policy_t;
+typedef struct srtp_ekt_policy_ctx_t *srtp_ekt_policy_t;
/**
* @brief points to EKT stream data
*/
-typedef struct ekt_stream_ctx_t *ekt_stream_t;
+typedef struct srtp_ekt_stream_ctx_t *srtp_ekt_stream_t;
+/**
+ * @brief srtp_master_key_t represents a master key. There will
+ * be a Master Key Index and the Master Key associated with the
+ * Master Key Index. Need to also keep track of the Master Key
+ * Index Size to correctly read it from a packet.
+ */
+typedef struct srtp_master_key_t {
+ unsigned char *key;
+ unsigned char *mki_id;
+ unsigned int mki_size;
+} srtp_master_key_t;
/**
* @brief represents the policy for an SRTP session.
*/
typedef struct srtp_policy_t {
- ssrc_t ssrc; /**< The SSRC value of stream, or the
+ srtp_ssrc_t ssrc; /**< The SSRC value of stream, or the
* flags SSRC_ANY_INBOUND or
* SSRC_ANY_OUTBOUND if key sharing
* is used for this policy element.
*/
- crypto_policy_t rtp; /**< SRTP crypto policy. */
- crypto_policy_t rtcp; /**< SRTCP crypto policy. */
+ srtp_crypto_policy_t rtp; /**< SRTP crypto policy. */
+ srtp_crypto_policy_t rtcp; /**< SRTCP crypto policy. */
unsigned char *key; /**< Pointer to the SRTP master key for
- * this stream. */
- ekt_policy_t ekt; /**< Pointer to the EKT policy structure
+ * this stream. */
+ srtp_master_key_t **keys; /** Array of Master Key structures */
+ unsigned long num_master_keys; /** Number of master keys */
+ srtp_ekt_policy_t ekt; /**< Pointer to the EKT policy structure
* for this stream (if any) */
unsigned long window_size; /**< The window size to use for replay
* protection. */
* transmissions must have the same RTP
* payload, or a severe security weakness
* is introduced!) */
+ int *enc_xtn_hdr; /**< List of header ids to encrypt. */
+ int enc_xtn_hdr_count; /**< Number of entries in list of header ids. */
struct srtp_policy_t *next; /**< Pointer to next stream policy. */
} srtp_policy_t;
* streams, each of which originates with a different participant.
*/
-typedef struct srtp_ctx_t *srtp_t;
-
-
-/**
- * @brief An srtp_stream_t points to an SRTP stream structure.
- *
- * The typedef srtp_stream_t is a pointer to a structure that
- * represents an SRTP stream. This datatype is intentionally
- * opaque in order to separate the interface from the implementation.
- *
- * An SRTP stream consists of all of the traffic sent to an SRTP
- * session by a single participant. A session can be viewed as
- * a set of streams.
- *
- */
-typedef struct srtp_stream_ctx_t *srtp_stream_t;
-
+typedef srtp_ctx_t *srtp_t;
/**
* functions.
*/
-err_status_t
-srtp_init(void);
+srtp_err_status_t srtp_init(void);
/**
* @brief srtp_shutdown() de-initializes the srtp library.
* @warning No srtp functions may be called after calling this function.
*/
-err_status_t
-srtp_shutdown(void);
+srtp_err_status_t srtp_shutdown(void);
/**
* @brief srtp_protect() is the Secure RTP sender-side packet processing
*
* The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP
* protection to the RTP packet rtp_hdr (which has length *len_ptr) using
- * the SRTP context ctx. If err_status_ok is returned, then rtp_hdr
+ * the SRTP context ctx. If srtp_err_status_ok is returned, then rtp_hdr
* points to the resulting SRTP packet and *len_ptr is the number of
* octets in that packet; otherwise, no assumptions should be made
* about the value of either data elements.
*
* @param len_ptr is a pointer to the length in octets of the complete
* RTP packet (header and body) before the function call, and of the
- * complete SRTP packet after the call, if err_status_ok was returned.
+ * complete SRTP packet after the call, if srtp_err_status_ok was returned.
* Otherwise, the value of the data to which it points is undefined.
*
* @return
- * - err_status_ok no problems
- * - err_status_replay_fail rtp sequence number was non-increasing
+ * - srtp_err_status_ok no problems
+ * - srtp_err_status_replay_fail rtp sequence number was non-increasing
* - @e other failure in cryptographic mechanisms
*/
-err_status_t
-srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr);
-
+srtp_err_status_t srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr);
+
+/**
+ * @brief srtp_protect_mki() is the Secure RTP sender-side packet processing
+ * function that can utilize MKI.
+ *
+ * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP
+ * protection to the RTP packet rtp_hdr (which has length *len_ptr) using
+ * the SRTP context ctx. If srtp_err_status_ok is returned, then rtp_hdr
+ * points to the resulting SRTP packet and *len_ptr is the number of
+ * octets in that packet; otherwise, no assumptions should be made
+ * about the value of either data elements.
+ *
+ * The sequence numbers of the RTP packets presented to this function
+ * need not be consecutive, but they @b must be out of order by less
+ * than 2^15 = 32,768 packets.
+ *
+ * @warning This function assumes that it can write the authentication
+ * tag into the location in memory immediately following the RTP
+ * packet, and assumes that the RTP packet is aligned on a 32-bit
+ * boundary.
+ *
+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN
+ * into the location in memory immediately following the RTP packet.
+ * Callers MUST ensure that this much writable memory is available in
+ * the buffer that holds the RTP packet.
+ *
+ * @param ctx is the SRTP context to use in processing the packet.
+ *
+ * @param rtp_hdr is a pointer to the RTP packet (before the call); after
+ * the function returns, it points to the srtp packet.
+ *
+ * @param pkt_octet_len is a pointer to the length in octets of the complete
+ * RTP packet (header and body) before the function call, and of the
+ * complete SRTP packet after the call, if srtp_err_status_ok was returned.
+ * Otherwise, the value of the data to which it points is undefined.
+ *
+ * @param use_mki is a boolean to tell the system if mki is being used. If
+ * set to false then will use the first set of session keys. If set to true will
+ * use the session keys identified by the mki_index
+ *
+ * @param mki_index integer value specifying which set of session keys should be
+ * used if use_mki is set to true.
+ *
+ * @return
+ * - srtp_err_status_ok no problems
+ * - srtp_err_status_replay_fail rtp sequence number was non-increasing
+ * - @e other failure in cryptographic mechanisms
+ */
+
+srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx, void *rtp_hdr,
+ int *pkt_octet_len, unsigned int use_mki,
+ unsigned int mki_index);
+
/**
* @brief srtp_unprotect() is the Secure RTP receiver-side packet
* processing function.
* The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies
* the Secure RTP protection of the SRTP packet pointed to by srtp_hdr
* (which has length *len_ptr), using the SRTP context ctx. If
- * err_status_ok is returned, then srtp_hdr points to the resulting
+ * srtp_err_status_ok is returned, then srtp_hdr points to the resulting
* RTP packet and *len_ptr is the number of octets in that packet;
* otherwise, no assumptions should be made about the value of either
* data elements.
* @warning This function assumes that the SRTP packet is aligned on a
* 32-bit boundary.
*
- * @param ctx is a pointer to the srtp_t which applies to the
- * particular packet.
+ * @param ctx is the SRTP session which applies to the particular packet.
*
* @param srtp_hdr is a pointer to the header of the SRTP packet
* (before the call). after the function returns, it points to the
- * rtp packet if err_status_ok was returned; otherwise, the value of
+ * rtp packet if srtp_err_status_ok was returned; otherwise, the value of
* the data to which it points is undefined.
*
* @param len_ptr is a pointer to the length in octets of the complete
* srtp packet (header and body) before the function call, and of the
- * complete rtp packet after the call, if err_status_ok was returned.
+ * complete rtp packet after the call, if srtp_err_status_ok was returned.
* Otherwise, the value of the data to which it points is undefined.
*
* @return
- * - err_status_ok if the RTP packet is valid.
- * - err_status_auth_fail if the SRTP packet failed the message
+ * - srtp_err_status_ok if the RTP packet is valid.
+ * - srtp_err_status_auth_fail if the SRTP packet failed the message
* authentication check.
- * - err_status_replay_fail if the SRTP packet is a replay (e.g. packet has
+ * - srtp_err_status_replay_fail if the SRTP packet is a replay (e.g. packet has
* already been processed and accepted).
* - [other] if there has been an error in the cryptographic mechanisms.
*
*/
-err_status_t
-srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr);
+srtp_err_status_t srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr);
+/**
+ * @brief srtp_unprotect_mki() is the Secure RTP receiver-side packet
+ * processing function that checks for MKI.
+ *
+ * The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies
+ * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr
+ * (which has length *len_ptr), using the SRTP context ctx. If
+ * srtp_err_status_ok is returned, then srtp_hdr points to the resulting
+ * RTP packet and *len_ptr is the number of octets in that packet;
+ * otherwise, no assumptions should be made about the value of either
+ * data elements.
+ *
+ * The sequence numbers of the RTP packets presented to this function
+ * need not be consecutive, but they @b must be out of order by less
+ * than 2^15 = 32,768 packets.
+ *
+ * @warning This function assumes that the SRTP packet is aligned on a
+ * 32-bit boundary.
+ *
+ * @param ctx is the SRTP session which applies to the particular packet.
+ *
+ * @param srtp_hdr is a pointer to the header of the SRTP packet
+ * (before the call). after the function returns, it points to the
+ * rtp packet if srtp_err_status_ok was returned; otherwise, the value of
+ * the data to which it points is undefined.
+ *
+ * @param len_ptr is a pointer to the length in octets of the complete
+ * srtp packet (header and body) before the function call, and of the
+ * complete rtp packet after the call, if srtp_err_status_ok was returned.
+ * Otherwise, the value of the data to which it points is undefined.
+ *
+ * @param use_mki is a boolean to tell the system if mki is being used. If
+ * set to false then will use the first set of session keys. If set to true will
+ * use the session keys identified by the mki_index
+ *
+ * @return
+ * - srtp_err_status_ok if the RTP packet is valid.
+ * - srtp_err_status_auth_fail if the SRTP packet failed the message
+ * authentication check.
+ * - srtp_err_status_replay_fail if the SRTP packet is a replay (e.g. packet has
+ * already been processed and accepted).
+ * - srtp_err_status_bad_mki if the MKI in the packet is not a known MKI id
+ * - [other] if there has been an error in the cryptographic mechanisms.
+ *
+ */
+
+srtp_err_status_t srtp_unprotect_mki(srtp_t ctx, void *srtp_hdr, int *len_ptr,
+ unsigned int use_mki);
/**
* @brief srtp_create() allocates and initializes an SRTP session.
- * The function call srtp_create(session, policy, key) allocates and
- * initializes an SRTP session context, applying the given policy and
- * key.
+ * The function call srtp_create(session, policy) allocates and
+ * initializes an SRTP session context, applying the given policy.
*
- * @param session is the SRTP session to which the policy is to be added.
+ * @param session is a pointer to the SRTP session to which the policy is
+ * to be added.
*
* @param policy is the srtp_policy_t struct that describes the policy
* for the session. The struct may be a single element, or it may be
* have its `next' field set to NULL.
*
* @return
- * - err_status_ok if creation succeded.
- * - err_status_alloc_fail if allocation failed.
- * - err_status_init_fail if initialization failed.
+ * - srtp_err_status_ok if creation succeded.
+ * - srtp_err_status_alloc_fail if allocation failed.
+ * - srtp_err_status_init_fail if initialization failed.
*/
-err_status_t
-srtp_create(srtp_t *session, const srtp_policy_t *policy);
+srtp_err_status_t srtp_create(srtp_t *session, const srtp_policy_t *policy);
/**
* stream.
*
* @return values:
- * - err_status_ok if stream creation succeded.
- * - err_status_alloc_fail if stream allocation failed
- * - err_status_init_fail if stream initialization failed.
+ * - srtp_err_status_ok if stream creation succeded.
+ * - srtp_err_status_alloc_fail if stream allocation failed
+ * - srtp_err_status_init_fail if stream initialization failed.
*/
-err_status_t
-srtp_add_stream(srtp_t session,
- const srtp_policy_t *policy);
+srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy);
/**
* @param session is the SRTP session from which the stream
* will be removed.
*
- * @param ssrc is the SSRC value of the stream to be removed.
+ * @param ssrc is the SSRC value of the stream to be removed
+ * in network byte order.
*
* @warning Wildcard SSRC values cannot be removed from a
* session.
*
* @return
- * - err_status_ok if the stream deallocation succeded.
+ * - srtp_err_status_ok if the stream deallocation succeded.
* - [other] otherwise.
*
*/
-err_status_t
-srtp_remove_stream(srtp_t session, unsigned int ssrc);
+srtp_err_status_t srtp_remove_stream(srtp_t session, unsigned int ssrc);
/**
- * @brief crypto_policy_set_rtp_default() sets a crypto policy
+ * @brief srtp_update() udpates all streams in the session.
+ *
+ * The function call srtp_update(session, policy) updates
+ * all the streams in the session applying the given policy
+ * and key. The exsisting ROC value of all streams will be
+ * preserved.
+ *
+ * @param session is the SRTP session that contains the streams
+ * to be updated.
+ *
+ * @param policy is the srtp_policy_t struct that describes the policy
+ * for the session. The struct may be a single element, or it may be
+ * the head of a list, in which case each element of the list is
+ * processed. The final element of the list @b must
+ * have its `next' field set to NULL.
+ *
+ * @return
+ * - srtp_err_status_ok if stream creation succeded.
+ * - srtp_err_status_alloc_fail if stream allocation failed
+ * - srtp_err_status_init_fail if stream initialization failed.
+ * - [other] otherwise.
+ *
+ */
+
+srtp_err_status_t srtp_update(srtp_t session, const srtp_policy_t *policy);
+
+/**
+ * @brief srtp_update_stream() udpates a SRTP stream.
+ *
+ * The function call srtp_update_stream(session, policy) updates
+ * the stream(s) in the session that match applying the given
+ * policy and key. The exsisting ROC value of all stream(s) will
+ * be preserved.
+ *
+ * @param session is the SRTP session that contains the streams
+ * to be updated.
+ *
+ * @param policy is the srtp_policy_t struct that describes the policy
+ * for the session.
+ *
+ * @return
+ * - srtp_err_status_ok if stream creation succeded.
+ * - srtp_err_status_alloc_fail if stream allocation failed
+ * - srtp_err_status_init_fail if stream initialization failed.
+ * - [other] otherwise.
+ *
+ */
+
+srtp_err_status_t srtp_update_stream(srtp_t session, const srtp_policy_t *policy);
+
+/**
+ * @brief srtp_crypto_policy_set_rtp_default() sets a crypto policy
* structure to the SRTP default policy for RTP protection.
*
* @param p is a pointer to the policy structure to be set
*
*/
-void
-crypto_policy_set_rtp_default(crypto_policy_t *p);
+void srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_rtcp_default() sets a crypto policy
+ * @brief srtp_crypto_policy_set_rtcp_default() sets a crypto policy
* structure to the SRTP default policy for RTCP protection.
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_rtcp_default(&p) sets the
- * crypto_policy_t at location p to the SRTP default policy for RTCP
+ * The function call srtp_crypto_policy_set_rtcp_default(&p) sets the
+ * srtp_crypto_policy_t at location p to the SRTP default policy for RTCP
* protection, as defined in the specification. This function is a
* convenience that helps to avoid dealing directly with the policy
* data structure. You are encouraged to initialize policy elements
* with this function call. Doing so may allow your code to be
* forward compatible with later versions of libSRTP that include more
- * elements in the crypto_policy_t datatype.
+ * elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void
-crypto_policy_set_rtcp_default(crypto_policy_t *p);
+void srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto
* policy structure to the SRTP default policy for RTP protection.
*
* @param p is a pointer to the policy structure to be set
*
- * The function crypto_policy_set_aes_cm_128_hmac_sha1_80() is a
- * synonym for crypto_policy_set_rtp_default(). It conforms to the
+ * The function srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80() is a
+ * synonym for srtp_crypto_policy_set_rtp_default(). It conforms to the
* naming convention used in RFC 4568 (SDP Security Descriptions for
* Media Streams).
*
*
*/
-#define crypto_policy_set_aes_cm_128_hmac_sha1_80(p) crypto_policy_set_rtp_default(p)
+#define srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(p) srtp_crypto_policy_set_rtp_default(p)
/**
- * @brief crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto
* policy structure to a short-authentication tag policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_cm_128_hmac_sha1_32(&p)
- * sets the crypto_policy_t at location p to use policy
+ * The function call srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&p)
+ * sets the srtp_crypto_policy_t at location p to use policy
* AES_CM_128_HMAC_SHA1_32 as defined in RFC 4568.
* This policy uses AES-128
* Counter Mode encryption and HMAC-SHA1 authentication, with an
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @warning This crypto policy is intended for use in SRTP, but not in
* SRTCP. It is recommended that a policy that uses longer
*
*/
-void
-crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_cm_128_null_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_cm_128_null_auth() sets a crypto
* policy structure to an encryption-only policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_cm_128_null_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_cm_128_null_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-128 Counter Mode), but to use no authentication method. This
* policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
* of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @warning This policy is NOT RECOMMENDED for SRTP unless it is
* unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
*
*/
-void
-crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto
+ * @brief srtp_crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto
* policy structure to an authentication-only policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_null_cipher_hmac_sha1_80(&p)
- * sets the crypto_policy_t at location p to use HMAC-SHA1 with an 80
+ * The function call srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&p)
+ * sets the srtp_crypto_policy_t at location p to use HMAC-SHA1 with an 80
* bit authentication tag to provide message authentication, but to
* use no encryption. This policy is NOT RECOMMENDED for SRTP unless
* there is a requirement to forego encryption.
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @warning This policy is NOT RECOMMENDED for SRTP unless there is a
* requirement to forego encryption.
* @return void.
*
*/
+void srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p);
-void
-crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p);
+/**
+ * @brief srtp_crypto_policy_set_null_cipher_hmac_null() sets a crypto
+ * policy structure to use no encryption or authentication.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_null_cipher_hmac_null(&p)
+ * sets the srtp_crypto_policy_t at location p to use no encryption and
+ * no authentication. This policy should only be used for testing and
+ * troubleshootingl.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @warning This policy is NOT RECOMMENDED for SRTP unless there is a
+ * requirement to forego encryption and authentication.
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto
* policy structure to a encryption and authentication policy using AES-256
* for RTP protection.
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_cm_256_hmac_sha1_80(&p)
- * sets the crypto_policy_t at location p to use policy
- * AES_CM_256_HMAC_SHA1_80 as defined in
- * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256
+ * The function call srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&p)
+ * sets the srtp_crypto_policy_t at location p to use policy
+ * AES_CM_256_HMAC_SHA1_80 as defined in RFC 6188. This policy uses AES-256
* Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit
* authentication tag.
*
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto
* policy structure to a short-authentication tag policy using AES-256
* encryption.
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_cm_256_hmac_sha1_32(&p)
- * sets the crypto_policy_t at location p to use policy
- * AES_CM_256_HMAC_SHA1_32 as defined in
- * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256
+ * The function call srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(&p)
+ * sets the srtp_crypto_policy_t at location p to use policy
+ * AES_CM_256_HMAC_SHA1_32 as defined in RFC 6188. This policy uses AES-256
* Counter Mode encryption and HMAC-SHA1 authentication, with an
* authentication tag that is only 32 bits long. This length is
* considered adequate only for protecting audio and video media that
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @warning This crypto policy is intended for use in SRTP, but not in
* SRTCP. It is recommended that a policy that uses longer
*
*/
-void
-crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_cm_256_null_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_cm_256_null_auth() sets a crypto
* policy structure to an encryption-only policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_cm_256_null_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_cm_256_null_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-256 Counter Mode), but to use no authentication method. This
* policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
* of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @warning This policy is NOT RECOMMENDED for SRTP unless it is
+ * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
+ * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_cm_256_null_auth(srtp_crypto_policy_t *p);
+
+
+/**
+ * @brief srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80() sets a crypto
+ * policy structure to a encryption and authentication policy using AES-192
+ * for RTP protection.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(&p)
+ * sets the crypto_policy_t at location p to use policy
+ * AES_CM_192_HMAC_SHA1_80 as defined in RFC 6188. This policy uses AES-192
+ * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit
+ * authentication tag.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p);
+
+
+/**
+ * @brief srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32() sets a crypto
+ * policy structure to a short-authentication tag policy using AES-192
+ * encryption.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(&p)
+ * sets the crypto_policy_t at location p to use policy
+ * AES_CM_192_HMAC_SHA1_32 as defined in RFC 6188. This policy uses AES-192
+ * Counter Mode encryption and HMAC-SHA1 authentication, with an
+ * authentication tag that is only 32 bits long. This length is
+ * considered adequate only for protecting audio and video media that
+ * use a stateless playback function. See Section 7.5 of RFC 3711
+ * (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the crypto_policy_t datatype.
+ *
+ * @warning This crypto policy is intended for use in SRTP, but not in
+ * SRTCP. It is recommended that a policy that uses longer
+ * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711
+ * (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p);
+
+
+/**
+ * @brief srtp_crypto_policy_set_aes_cm_192_null_auth() sets a crypto
+ * policy structure to an encryption-only policy
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_aes_cm_192_null_auth(&p) sets
+ * the crypto_policy_t at location p to use the SRTP default cipher
+ * (AES-192 Counter Mode), but to use no authentication method. This
+ * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
+ * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
* include more elements in the crypto_policy_t datatype.
*
* @warning This policy is NOT RECOMMENDED for SRTP unless it is
* @return void.
*
*/
-void
-crypto_policy_set_aes_cm_256_null_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_cm_192_null_auth(srtp_crypto_policy_t *p);
+
/**
- * @brief crypto_policy_set_aes_gcm_128_8_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_gcm_128_8_auth() sets a crypto
* policy structure to an AEAD encryption policy.
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_gcm_128_8_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_gcm_128_8_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-128 Galois Counter Mode) with 8 octet auth tag. This
* policy applies confidentiality and authentication to both the
* RTP and RTCP packets.
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void
-crypto_policy_set_aes_gcm_128_8_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_gcm_256_8_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_gcm_256_8_auth() sets a crypto
* policy structure to an AEAD encryption policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_gcm_256_8_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_gcm_256_8_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-256 Galois Counter Mode) with 8 octet auth tag. This
* policy applies confidentiality and authentication to both the
* RTP and RTCP packets.
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void
-crypto_policy_set_aes_gcm_256_8_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_gcm_128_8_only_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_gcm_128_8_only_auth() sets a crypto
* policy structure to an AEAD authentication-only policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_gcm_128_8_only_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-128 Galois Counter Mode) with 8 octet auth tag. This policy
* applies confidentiality and authentication to the RTP packets,
* but only authentication to the RTCP packets.
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void
-crypto_policy_set_aes_gcm_128_8_only_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_gcm_256_8_only_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_gcm_256_8_only_auth() sets a crypto
* policy structure to an AEAD authentication-only policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_gcm_256_8_only_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-256 Galois Counter Mode) with 8 octet auth tag. This policy
* applies confidentiality and authentication to the RTP packets,
* but only authentication to the RTCP packets.
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void
-crypto_policy_set_aes_gcm_256_8_only_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_gcm_128_16_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_gcm_128_16_auth() sets a crypto
* policy structure to an AEAD encryption policy.
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_gcm_128_16_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_gcm_128_16_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-128 Galois Counter Mode) with 16 octet auth tag. This
* policy applies confidentiality and authentication to both the
* RTP and RTCP packets.
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void
-crypto_policy_set_aes_gcm_128_16_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_gcm_256_16_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_gcm_256_16_auth() sets a crypto
* policy structure to an AEAD encryption policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_gcm_256_16_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_gcm_256_16_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-256 Galois Counter Mode) with 16 octet auth tag. This
* policy applies confidentiality and authentication to both the
* RTP and RTCP packets.
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void
-crypto_policy_set_aes_gcm_256_16_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p);
/**
* @param s is the srtp_t for the session to be deallocated.
*
* @return
- * - err_status_ok if there no problems.
- * - err_status_dealloc_fail a memory deallocation failure occured.
+ * - srtp_err_status_ok if there no problems.
+ * - srtp_err_status_dealloc_fail a memory deallocation failure occured.
*/
-err_status_t
-srtp_dealloc(srtp_t s);
+srtp_err_status_t srtp_dealloc(srtp_t s);
/*
* @brief identifies a particular SRTP profile
*
* An srtp_profile_t enumeration is used to identify a particular SRTP
- * profile (that is, a set of algorithms and parameters). These
- * profiles are defined in the DTLS-SRTP draft.
+ * profile (that is, a set of algorithms and parameters). These profiles
+ * are defined for DTLS-SRTP:
+ * https://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
*/
typedef enum {
srtp_profile_reserved = 0,
srtp_profile_aes128_cm_sha1_80 = 1,
srtp_profile_aes128_cm_sha1_32 = 2,
- srtp_profile_aes256_cm_sha1_80 = 3,
- srtp_profile_aes256_cm_sha1_32 = 4,
srtp_profile_null_sha1_80 = 5,
srtp_profile_null_sha1_32 = 6,
+ srtp_profile_aead_aes_128_gcm = 7,
+ srtp_profile_aead_aes_256_gcm = 8,
} srtp_profile_t;
/**
- * @brief crypto_policy_set_from_profile_for_rtp() sets a crypto policy
+ * @brief srtp_crypto_policy_set_from_profile_for_rtp() sets a crypto policy
* structure to the appropriate value for RTP based on an srtp_profile_t
*
- * @param p is a pointer to the policy structure to be set
- *
- * The function call crypto_policy_set_rtp_default(&policy, profile)
- * sets the crypto_policy_t at location policy to the policy for RTP
+ * @param policy is a pointer to the policy structure to be set
+ *
+ * @param profile is an enumeration for the policy to be set
+ *
+ * The function call srtp_crypto_policy_set_rtp_default(&policy, profile)
+ * sets the srtp_crypto_policy_t at location policy to the policy for RTP
* protection, as defined by the srtp_profile_t profile.
- *
+ *
* This function is a convenience that helps to avoid dealing directly
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
- *
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
* @return values
- * - err_status_ok no problems were encountered
- * - err_status_bad_param the profile is not supported
- *
+ * - srtp_err_status_ok no problems were encountered
+ * - srtp_err_status_bad_param the profile is not supported
+ *
*/
-err_status_t
-crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy,
- srtp_profile_t profile);
+srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtp(srtp_crypto_policy_t *policy, srtp_profile_t profile);
/**
- * @brief crypto_policy_set_from_profile_for_rtcp() sets a crypto policy
+ * @brief srtp_crypto_policy_set_from_profile_for_rtcp() sets a crypto policy
* structure to the appropriate value for RTCP based on an srtp_profile_t
*
- * @param p is a pointer to the policy structure to be set
- *
- * The function call crypto_policy_set_rtcp_default(&policy, profile)
- * sets the crypto_policy_t at location policy to the policy for RTCP
+ * @param policy is a pointer to the policy structure to be set
+ *
+ * @param profile is an enumeration for the policy to be set
+ *
+ * The function call srtp_crypto_policy_set_rtcp_default(&policy, profile)
+ * sets the srtp_crypto_policy_t at location policy to the policy for RTCP
* protection, as defined by the srtp_profile_t profile.
- *
+ *
* This function is a convenience that helps to avoid dealing directly
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
- *
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
* @return values
- * - err_status_ok no problems were encountered
- * - err_status_bad_param the profile is not supported
- *
+ * - srtp_err_status_ok no problems were encountered
+ * - srtp_err_status_bad_param the profile is not supported
+ *
*/
-err_status_t
-crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy,
- srtp_profile_t profile);
+srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtcp(srtp_crypto_policy_t *policy, srtp_profile_t profile);
/**
* @brief returns the master key length for a given SRTP profile
/**
* @brief appends the salt to the key
*
- * The function call append_salt_to_key(k, klen, s, slen)
+ * The function call srtp_append_salt_to_key(k, klen, s, slen)
* copies the string s to the location at klen bytes following
* the location k.
*
*/
void
-append_salt_to_key(unsigned char *key, unsigned int bytes_in_key,
- unsigned char *salt, unsigned int bytes_in_salt);
+srtp_append_salt_to_key(unsigned char *key, unsigned int bytes_in_key,
+ unsigned char *salt, unsigned int bytes_in_salt);
*
* The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies
* SRTCP protection to the RTCP packet rtcp_hdr (which has length
- * *len_ptr) using the SRTP session context ctx. If err_status_ok is
+ * *len_ptr) using the SRTP session context ctx. If srtp_err_status_ok is
* returned, then rtp_hdr points to the resulting SRTCP packet and
* *len_ptr is the number of octets in that packet; otherwise, no
* assumptions should be made about the value of either data elements.
*
* @param pkt_octet_len is a pointer to the length in octets of the
* complete RTCP packet (header and body) before the function call,
- * and of the complete SRTCP packet after the call, if err_status_ok
+ * and of the complete SRTCP packet after the call, if srtp_err_status_ok
* was returned. Otherwise, the value of the data to which it points
* is undefined.
*
* @return
- * - err_status_ok if there were no problems.
+ * - srtp_err_status_ok if there were no problems.
* - [other] if there was a failure in
* the cryptographic mechanisms.
*/
-err_status_t
-srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len);
+srtp_err_status_t srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len);
+
+
+/**
+ * @brief srtp_protect_rtcp_mki() is the Secure RTCP sender-side packet
+ * processing function that can utilize mki.
+ *
+ * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies
+ * SRTCP protection to the RTCP packet rtcp_hdr (which has length
+ * *len_ptr) using the SRTP session context ctx. If srtp_err_status_ok is
+ * returned, then rtp_hdr points to the resulting SRTCP packet and
+ * *len_ptr is the number of octets in that packet; otherwise, no
+ * assumptions should be made about the value of either data elements.
+ *
+ * @warning This function assumes that it can write the authentication
+ * tag into the location in memory immediately following the RTCP
+ * packet, and assumes that the RTCP packet is aligned on a 32-bit
+ * boundary.
+ *
+ * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN+4
+ * into the location in memory immediately following the RTCP packet.
+ * Callers MUST ensure that this much writable memory is available in
+ * the buffer that holds the RTCP packet.
+ *
+ * @param ctx is the SRTP context to use in processing the packet.
+ *
+ * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after
+ * the function returns, it points to the srtp packet.
+ *
+ * @param pkt_octet_len is a pointer to the length in octets of the
+ * complete RTCP packet (header and body) before the function call,
+ * and of the complete SRTCP packet after the call, if srtp_err_status_ok
+ * was returned. Otherwise, the value of the data to which it points
+ * is undefined.
+ *
+ * @param use_mki is a boolean to tell the system if mki is being used. If
+ * set to false then will use the first set of session keys. If set to true will
+ * use the session keys identified by the mki_index
+ *
+ * @param mki_index integer value specifying which set of session kesy should be
+ * used if use_mki is set to true.
+ *
+ * @return
+ * - srtp_err_status_ok if there were no problems.
+ * - [other] if there was a failure in
+ * the cryptographic mechanisms.
+ */
+
+srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len,
+ unsigned int use_mki, unsigned int mki_index);
+
+/**
+ * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet
+ * processing function.
+ *
+ * The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr)
+ * verifies the Secure RTCP protection of the SRTCP packet pointed to
+ * by srtcp_hdr (which has length *len_ptr), using the SRTP session
+ * context ctx. If srtp_err_status_ok is returned, then srtcp_hdr points
+ * to the resulting RTCP packet and *len_ptr is the number of octets
+ * in that packet; otherwise, no assumptions should be made about the
+ * value of either data elements.
+ *
+ * @warning This function assumes that the SRTCP packet is aligned on a
+ * 32-bit boundary.
+ *
+ * @param ctx is a pointer to the srtp_t which applies to the
+ * particular packet.
+ *
+ * @param srtcp_hdr is a pointer to the header of the SRTCP packet
+ * (before the call). After the function returns, it points to the
+ * rtp packet if srtp_err_status_ok was returned; otherwise, the value of
+ * the data to which it points is undefined.
+ *
+ * @param pkt_octet_len is a pointer to the length in octets of the
+ * complete SRTCP packet (header and body) before the function call,
+ * and of the complete rtp packet after the call, if srtp_err_status_ok was
+ * returned. Otherwise, the value of the data to which it points is
+ * undefined.
+ *
+ * @return
+ * - srtp_err_status_ok if the RTCP packet is valid.
+ * - srtp_err_status_auth_fail if the SRTCP packet failed the message
+ * authentication check.
+ * - srtp_err_status_replay_fail if the SRTCP packet is a replay (e.g. has
+ * already been processed and accepted).
+ * - [other] if there has been an error in the cryptographic mechanisms.
+ *
+ */
+
+srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len);
/**
* @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet
* The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr)
* verifies the Secure RTCP protection of the SRTCP packet pointed to
* by srtcp_hdr (which has length *len_ptr), using the SRTP session
- * context ctx. If err_status_ok is returned, then srtcp_hdr points
+ * context ctx. If srtp_err_status_ok is returned, then srtcp_hdr points
* to the resulting RTCP packet and *len_ptr is the number of octets
* in that packet; otherwise, no assumptions should be made about the
* value of either data elements.
*
* @param srtcp_hdr is a pointer to the header of the SRTCP packet
* (before the call). After the function returns, it points to the
- * rtp packet if err_status_ok was returned; otherwise, the value of
+ * rtp packet if srtp_err_status_ok was returned; otherwise, the value of
* the data to which it points is undefined.
*
* @param pkt_octet_len is a pointer to the length in octets of the
* complete SRTCP packet (header and body) before the function call,
- * and of the complete rtp packet after the call, if err_status_ok was
+ * and of the complete rtp packet after the call, if srtp_err_status_ok was
* returned. Otherwise, the value of the data to which it points is
* undefined.
*
+ * @param use_mki is a boolean to tell the system if mki is being used. If
+ * set to false then will use the first set of session keys. If set to true will
+ * use the session keys identified by the mki_index
+ *
* @return
- * - err_status_ok if the RTCP packet is valid.
- * - err_status_auth_fail if the SRTCP packet failed the message
+ * - srtp_err_status_ok if the RTCP packet is valid.
+ * - srtp_err_status_auth_fail if the SRTCP packet failed the message
* authentication check.
- * - err_status_replay_fail if the SRTCP packet is a replay (e.g. has
+ * - srtp_err_status_replay_fail if the SRTCP packet is a replay (e.g. has
* already been processed and accepted).
+ * - srtp_err_status_bad_mki if the MKI in the packet is not a known MKI id
* - [other] if there has been an error in the cryptographic mechanisms.
*
*/
-err_status_t
-srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len);
+srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, void *srtcp_hdr,
+ int *pkt_octet_len,
+ unsigned int use_mki);
/**
* @}
*/
+
+/**
+ * @defgroup User data associated to a SRTP session.
+ * @ingroup SRTP
+ *
+ * @brief Store custom user data within a SRTP session.
+ *
+ * @{
+ */
+
+/**
+ * @brief srtp_set_user_data() stores the given pointer into the SRTP
+ * session for later retrieval.
+ *
+ * @param ctx is the srtp_t context in which the given data pointer is
+ * stored.
+ *
+ * @param data is a pointer to the custom information (struct, function,
+ * etc) associated with the SRTP session.
+ *
+ * @return void.
+ *
+ */
+
+void
+srtp_set_user_data(srtp_t ctx, void *data);
+
+/**
+ * @brief srtp_get_user_data() retrieves the pointer to the custom data
+ * previously stored with srtp_set_user_data().
+ *
+ * This function is mostly useful for retrieving data associated to a
+ * SRTP session when an event fires. The user can then get such a custom
+ * data by calling this function with the session field of the
+ * srtp_event_data_t struct as argument.
+ *
+ * @param ctx is the srtp_t context in which the given data pointer was
+ * stored.
+ *
+ * @return void* pointer to the user data.
+ *
+ */
+
+void*
+srtp_get_user_data(srtp_t ctx);
+
+/**
+ * @}
+ */
+
+
/**
* @defgroup SRTPevents SRTP events and callbacks
* @ingroup SRTP
* reached, an SRTP stream will enter an `expired' state in which no
* more packets can be protected or unprotected. When this happens,
* it is likely that you will want to either deallocate the stream
- * (using srtp_stream_dealloc()), and possibly allocate a new one.
+ * (using srtp_remove_stream()), and possibly allocate a new one.
*
* When an SRTP stream expires, the other streams in the same session
* are unaffected, unless key sharing is used by that stream. In the
typedef struct srtp_event_data_t {
srtp_t session; /**< The session in which the event happend. */
- srtp_stream_t stream; /**< The stream in which the event happend. */
+ uint32_t ssrc; /**< The ssrc in host order of the stream in which the event happend */
srtp_event_t event; /**< An enum indicating the type of event. */
} srtp_event_data_t;
* will be used by libSRTP to handle events.
*/
-err_status_t
-srtp_install_event_handler(srtp_event_handler_func_t func);
+srtp_err_status_t srtp_install_event_handler(srtp_event_handler_func_t func);
+
+/**
+ * @brief Returns the version string of the library.
+ *
+ */
+const char *srtp_get_version_string(void);
+
+/**
+ * @brief Returns the numeric representation of the library version.
+ *
+ */
+unsigned int srtp_get_version(void);
+
+/**
+ * @brief srtp_set_debug_module(mod_name, v)
+ *
+ * sets dynamic debugging to the value v (0 for off, 1 for on) for the
+ * debug module with the name mod_name
+ *
+ * returns err_status_ok on success, err_status_fail otherwise
+ */
+srtp_err_status_t srtp_set_debug_module(const char *mod_name, int v);
+
+/**
+ * @brief srtp_list_debug_modules() outputs a list of debugging modules
+ *
+ */
+srtp_err_status_t srtp_list_debug_modules(void);
+
+/**
+ * @brief srtp_log_level_t defines log levels.
+ *
+ * The enumeration srtp_log_level_t defines log levels reported
+ * in the srtp_log_handler_func_t.
+ *
+ */
+typedef enum {
+ srtp_log_level_error, /**< log level is reporting an error message */
+ srtp_log_level_warning, /**< log level is reporting a warning message */
+ srtp_log_level_info, /**< log level is reporting an info message */
+ srtp_log_level_debug /**< log level is reporting a debug message */
+} srtp_log_level_t;
+
+/**
+ * @brief srtp_log_handler_func_t is the function prototype for
+ * the log handler.
+ *
+ * The typedef srtp_event_handler_func_t is the prototype for the
+ * event handler function. It has as srtp_log_level_t, log
+ * message and data as arguments.
+ * There can only be a single, global handler for all log messages in
+ * libSRTP.
+ */
+typedef void (srtp_log_handler_func_t)(srtp_log_level_t level, const char * msg, void *data);
+
+/**
+ * @brief sets the log handler to the function supplied by the caller.
+ *
+ * The function call srtp_install_log_handler(func) sets the log
+ * handler function to the value func. The value NULL is acceptable
+ * as an argument; in this case, log messages will be ignored.
+ * This function can be called before srtp_init() inorder to capture
+ * any logging during start up.
+ *
+ * @param func is a pointer to a fuction of type srtp_log_handler_func_t.
+ * This function will be used by libSRTP to output log messages.
+ * @param data is a user pointer that will be returned as the data argument in func.
+ */
+srtp_err_status_t srtp_install_log_handler(srtp_log_handler_func_t func, void *data);
+
+/**
+ * @brief srtp_get_protect_trailer_length(session, use_mki, mki_index, length)
+ *
+ * Determines the length of the amount of data Lib SRTP will add to the
+ * packet during the protect process. The length is returned in the length parameter
+ *
+ * returns err_status_ok on success, err_status_bad_mki if the MKI index is invalid
+ *
+ */
+srtp_err_status_t srtp_get_protect_trailer_length(srtp_t session, uint32_t use_mki,
+ uint32_t mki_index, uint32_t *length);
+
+/**
+ * @brief srtp_get_protect_rtcp_trailer_length(session, use_mki, mki_index, length)
+ *
+ * Determines the length of the amount of data Lib SRTP will add to the
+ * packet during the protect process. The length is returned in the length parameter
+ *
+ * returns err_status_ok on success, err_status_bad_mki if the MKI index is invalid
+ *
+ */
+srtp_err_status_t srtp_get_protect_rtcp_trailer_length(srtp_t session, uint32_t use_mki,
+ uint32_t mki_index, uint32_t *length);
+
+
+/**
+ * @brief srtp_set_stream_roc(session, ssrc, roc)
+ *
+ * Set the roll-over-counter on a session for a given SSRC
+ *
+ * returns err_status_ok on success, srtp_err_status_bad_param if there is no
+ * stream found
+ *
+ */
+srtp_err_status_t srtp_set_stream_roc(srtp_t session, uint32_t ssrc, uint32_t roc);
+
+/**
+ * @brief srtp_get_stream_roc(session, ssrc, roc)
+ *
+ * Get the roll-over-counter on a session for a given SSRC
+ *
+ * returns err_status_ok on success, srtp_err_status_bad_param if there is no
+ * stream found
+ *
+ */
+srtp_err_status_t srtp_get_stream_roc(srtp_t session, uint32_t ssrc, uint32_t *roc);
+
/**
* @}
}
#endif
-#endif /* SRTP_H */
+#endif /* SRTP_SRTP_H */
*/
/*
*
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#ifndef SRTP_PRIV_H
#define SRTP_PRIV_H
+// Leave this as the top level import. Ensures the existence of defines
+#include "config.h"
+
#include "srtp.h"
#include "rdbx.h"
#include "rdb.h"
#include "integers.h"
-
-/*
- * an srtp_hdr_t represents the srtp header
- *
- * in this implementation, an srtp_hdr_t is assumed to be 32-bit aligned
- *
- * (note that this definition follows that of RFC 1889 Appendix A, but
- * is not identical)
- */
-
-#ifndef WORDS_BIGENDIAN
-
-/*
- * srtp_hdr_t represents an RTP or SRTP header. The bit-fields in
- * this structure should be declared "unsigned int" instead of
- * "unsigned char", but doing so causes the MS compiler to not
- * fully pack the bit fields.
- */
-
-typedef struct {
- unsigned cc:4; /* CSRC count */
- unsigned x:1; /* header extension flag */
- unsigned p:1; /* padding flag */
- unsigned version:2; /* protocol version */
- unsigned pt:7; /* payload type */
- unsigned m:1; /* marker bit */
- unsigned seq:16; /* sequence number */
- unsigned ts:32; /* timestamp */
- uint32_t ssrc; /* synchronization source */
-} srtp_hdr_t;
-
-#else /* BIG_ENDIAN */
-
-typedef struct {
- unsigned version:2; /* protocol version */
- unsigned p:1; /* padding flag */
- unsigned x:1; /* header extension flag */
- unsigned cc:4; /* CSRC count */
- unsigned m:1; /* marker bit */
- unsigned pt:7; /* payload type */
- unsigned seq:16; /* sequence number */
- unsigned ts:32; /* timestamp */
- uint32_t ssrc; /* synchronization source */
-} srtp_hdr_t;
-
+#include "cipher.h"
+#include "auth.h"
+#include "aes.h"
+#include "key.h"
+#include "crypto_kernel.h"
+
+#ifdef __cplusplus
+extern "C" {
#endif
-typedef struct {
- uint16_t profile_specific; /* profile-specific info */
- uint16_t length; /* number of 32-bit words in extension */
-} srtp_hdr_xtnd_t;
-
-
-/*
- * srtcp_hdr_t represents a secure rtcp header
- *
- * in this implementation, an srtcp header is assumed to be 32-bit
- * alinged
- */
-
-#ifndef WORDS_BIGENDIAN
-
-typedef struct {
- unsigned rc:5; /* reception report count */
- unsigned p:1; /* padding flag */
- unsigned version:2; /* protocol version */
- unsigned pt:8; /* payload type */
- unsigned len:16; /* length */
- uint32_t ssrc; /* synchronization source */
-} srtcp_hdr_t;
-
-typedef struct {
- unsigned int index:31; /* srtcp packet index in network order! */
- unsigned int e:1; /* encrypted? 1=yes */
- /* optional mikey/etc go here */
- /* and then the variable-length auth tag */
-} srtcp_trailer_t;
-
-
-#else /* BIG_ENDIAN */
-
-typedef struct {
- unsigned version:2; /* protocol version */
- unsigned p:1; /* padding flag */
- unsigned rc:5; /* reception report count */
- unsigned pt:8; /* payload type */
- uint16_t len; /* length */
- uint32_t ssrc; /* synchronization source */
-} srtcp_hdr_t;
-
-typedef struct {
- unsigned int version:2; /* protocol version */
- unsigned int p:1; /* padding flag */
- unsigned int count:5; /* varies by packet type */
- unsigned int pt:8; /* payload type */
- uint16_t length; /* len of uint32s of packet less header */
-} rtcp_common_t;
-
-typedef struct {
- unsigned int e:1; /* encrypted? 1=yes */
- unsigned int index:31; /* srtcp packet index */
- /* optional mikey/etc go here */
- /* and then the variable-length auth tag */
-} srtcp_trailer_t;
-
-#endif
+#define SRTP_VER_STRING PACKAGE_STRING
+#define SRTP_VERSION PACKAGE_VERSION
+typedef struct srtp_stream_ctx_t_ srtp_stream_ctx_t;
+typedef srtp_stream_ctx_t *srtp_stream_t;
/*
* the following declarations are libSRTP internal functions
* srtp_get_stream(ssrc) returns a pointer to the stream corresponding
* to ssrc, or NULL if no stream exists for that ssrc
*/
-
-srtp_stream_t
-srtp_get_stream(srtp_t srtp, uint32_t ssrc);
+srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc);
/*
* srtp_stream_init_keys(s, k) (re)initializes the srtp_stream_t s by
* deriving all of the needed keys using the KDF and the key k.
*/
+srtp_err_status_t srtp_stream_init_keys(srtp_stream_ctx_t *srtp,
+ srtp_master_key_t *master_key,
+ const unsigned int current_mki_index);
-
-err_status_t
-srtp_stream_init_keys(srtp_stream_t srtp, const void *key);
+/*
+ * srtp_stream_init_all_master_keys(s, k, m) (re)initializes the srtp_stream_t s by
+ * deriving all of the needed keys for all the master keys using the KDF and the keys from k.
+ */
+srtp_err_status_t srtp_steam_init_all_master_keys(srtp_stream_ctx_t *srtp,
+ unsigned char *key,
+ srtp_master_key_t **keys,
+ const unsigned int max_master_keys);
/*
* srtp_stream_init(s, p) initializes the srtp_stream_t s to
* use the policy at the location p
*/
-err_status_t
-srtp_stream_init(srtp_stream_t srtp,
- const srtp_policy_t *p);
+srtp_err_status_t srtp_stream_init(srtp_stream_t srtp, const srtp_policy_t *p);
/*
dir_srtp_receiver = 2
} direction_t;
+/*
+ * srtp_session_keys_t will contain the encryption, hmac, salt keys
+ * for both SRTP and SRTCP. The session keys will also contain the
+ * MKI ID which is used to identify the session keys.
+ */
+typedef struct srtp_session_keys_t {
+ srtp_cipher_t *rtp_cipher;
+ srtp_cipher_t *rtp_xtn_hdr_cipher;
+ srtp_auth_t *rtp_auth;
+ srtp_cipher_t *rtcp_cipher;
+ srtp_auth_t *rtcp_auth;
+ uint8_t salt[SRTP_AEAD_SALT_LEN];
+ uint8_t c_salt[SRTP_AEAD_SALT_LEN];
+ uint8_t *mki_id;
+ unsigned int mki_size;
+ srtp_key_limit_ctx_t *limit;
+} srtp_session_keys_t;
+
+
/*
* an srtp_stream_t has its own SSRC, encryption key, authentication
* key, sequence number, and replay database
*
* note that the keys might not actually be unique, in which case the
- * cipher_t and auth_t pointers will point to the same structures
+ * srtp_cipher_t and srtp_auth_t pointers will point to the same structures
*/
-typedef struct srtp_stream_ctx_t {
+typedef struct srtp_stream_ctx_t_ {
uint32_t ssrc;
- cipher_t *rtp_cipher;
- auth_t *rtp_auth;
- rdbx_t rtp_rdbx;
- sec_serv_t rtp_services;
- cipher_t *rtcp_cipher;
- auth_t *rtcp_auth;
- rdb_t rtcp_rdb;
- sec_serv_t rtcp_services;
- key_limit_ctx_t *limit;
+ srtp_session_keys_t *session_keys;
+ unsigned int num_master_keys;
+ srtp_rdbx_t rtp_rdbx;
+ srtp_sec_serv_t rtp_services;
+ srtp_rdb_t rtcp_rdb;
+ srtp_sec_serv_t rtcp_services;
direction_t direction;
int allow_repeat_tx;
- ekt_stream_t ekt;
- uint8_t salt[SRTP_AEAD_SALT_LEN]; /* used with GCM mode for SRTP */
- uint8_t c_salt[SRTP_AEAD_SALT_LEN]; /* used with GCM mode for SRTCP */
- struct srtp_stream_ctx_t *next; /* linked list of streams */
-} srtp_stream_ctx_t;
+ srtp_ekt_stream_t ekt;
+ int *enc_xtn_hdr;
+ int enc_xtn_hdr_count;
+ uint32_t pending_roc;
+ struct srtp_stream_ctx_t_ *next; /* linked list of streams */
+} strp_stream_ctx_t_;
/*
* an srtp_ctx_t holds a stream list and a service description
*/
-typedef struct srtp_ctx_t {
- srtp_stream_ctx_t *stream_list; /* linked list of streams */
- srtp_stream_ctx_t *stream_template; /* act as template for other streams */
-} srtp_ctx_t;
+typedef struct srtp_ctx_t_ {
+ struct srtp_stream_ctx_t_ *stream_list; /* linked list of streams */
+ struct srtp_stream_ctx_t_ *stream_template; /* act as template for other streams */
+ void *user_data; /* user custom data */
+} srtp_ctx_t_;
+
+
+/*
+ * srtp_hdr_t represents an RTP or SRTP header. The bit-fields in
+ * this structure should be declared "unsigned int" instead of
+ * "unsigned char", but doing so causes the MS compiler to not
+ * fully pack the bit fields.
+ *
+ * In this implementation, an srtp_hdr_t is assumed to be 32-bit aligned
+ *
+ * (note that this definition follows that of RFC 1889 Appendix A, but
+ * is not identical)
+ */
+
+#ifdef _MSC_VER
+#pragma pack(push, r1, 1)
+#endif
+
+#ifndef WORDS_BIGENDIAN
+
+typedef struct {
+ unsigned cc : 4; /* CSRC count */
+ unsigned x : 1; /* header extension flag */
+ unsigned p : 1; /* padding flag */
+ unsigned version : 2; /* protocol version */
+ unsigned pt : 7; /* payload type */
+ unsigned m : 1; /* marker bit */
+ unsigned seq : 16; /* sequence number */
+ unsigned ts : 32; /* timestamp */
+ uint32_t ssrc; /* synchronization source */
+} srtp_hdr_t;
+
+#else /* BIG_ENDIAN */
+
+typedef struct {
+ unsigned version : 2; /* protocol version */
+ unsigned p : 1; /* padding flag */
+ unsigned x : 1; /* header extension flag */
+ unsigned cc : 4; /* CSRC count */
+ unsigned m : 1; /* marker bit */
+ unsigned pt : 7; /* payload type */
+ unsigned seq: 16; /* sequence number */
+ unsigned ts : 32; /* timestamp */
+ uint32_t ssrc; /* synchronization source */
+} srtp_hdr_t;
+
+#endif
+
+typedef struct {
+ uint16_t profile_specific; /* profile-specific info */
+ uint16_t length; /* number of 32-bit words in extension */
+} srtp_hdr_xtnd_t;
+
+
+/*
+ * srtcp_hdr_t represents a secure rtcp header
+ *
+ * in this implementation, an srtcp header is assumed to be 32-bit
+ * alinged
+ */
+
+#ifndef WORDS_BIGENDIAN
+typedef struct {
+ unsigned rc : 5; /* reception report count */
+ unsigned p : 1; /* padding flag */
+ unsigned version : 2; /* protocol version */
+ unsigned pt : 8; /* payload type */
+ unsigned len : 16; /* length */
+ uint32_t ssrc; /* synchronization source */
+} srtcp_hdr_t;
+typedef struct {
+ unsigned int index : 31; /* srtcp packet index in network order! */
+ unsigned int e : 1; /* encrypted? 1=yes */
+ /* optional mikey/etc go here */
+ /* and then the variable-length auth tag */
+} srtcp_trailer_t;
+
+#else /* BIG_ENDIAN */
+
+typedef struct {
+ unsigned version : 2; /* protocol version */
+ unsigned p : 1; /* padding flag */
+ unsigned rc : 5; /* reception report count */
+ unsigned pt : 8; /* payload type */
+ unsigned len : 16; /* length */
+ uint32_t ssrc; /* synchronization source */
+} srtcp_hdr_t;
+
+typedef struct {
+ unsigned int e : 1; /* encrypted? 1=yes */
+ unsigned int index : 31; /* srtcp packet index */
+ /* optional mikey/etc go here */
+ /* and then the variable-length auth tag */
+} srtcp_trailer_t;
+
+#endif
+
+#ifdef _MSC_VER
+#pragma pack(pop, r1)
+#endif
/*
* srtp_handle_event(srtp, srtm, evnt) calls the event handling
if(srtp_event_handler) { \
srtp_event_data_t data; \
data.session = srtp; \
- data.stream = strm; \
+ data.ssrc = ntohl(strm->ssrc); \
data.event = evnt; \
srtp_event_handler(&data); \
}
+#ifdef __cplusplus
+}
+#endif
#endif /* SRTP_PRIV_H */
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include "integers.h" /* for uint32_t */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
#define UT_BUF 160 /* maximum amount of packet reorder */
typedef struct {
uint32_t
ut_next_index(ut_connection *utc);
+#ifdef __cplusplus
+}
+#endif
#endif /* UT_SIM_H */
--- /dev/null
+:: Installs from srtp windows build directory to directory specified on
+:: command line
+
+
+@if "%1"=="" (
+ echo "Usage: %~nx0 destdir"
+ exit /b 1
+) else (
+ set destdir=%1
+)
+
+@if not exist %destdir% (
+ echo %destdir% not found
+ exit /b 1
+)
+
+@for %%d in (include\srtp.h crypto\include\cipher.h Debug\srtp2.lib Release\srtp2.lib x64\Debug\srtp2.lib x64\Release\srtp2.lib) do (
+ if not exist "%%d" (
+ echo "%%d not found: are you in the right directory?"
+ exit /b 1
+ )
+)
+
+mkdir %destdir%\include
+mkdir %destdir%\include\srtp2
+mkdir %destdir%\lib
+mkdir %destdir%\lib\x64
+
+@for %%d in (include\srtp.h include\ekt.h crypto\include\cipher.h crypto\include\auth.h crypto\include\crypto_types.h) do (
+ copy %%d %destdir%\include\srtp2
+)
+copy Release\srtp2.lib %destdir%\lib\srtp2.lib
+copy Debug\srtp2.lib %destdir%\lib\srtp2d.lib
+copy x64\Release\srtp2.lib %destdir%\lib\x64\srtp2.lib
+copy x64\Debug\srtp2.lib %destdir%\lib\x64\srtp2d.lib
+++ /dev/null
-<?xml version="1.0" encoding="Windows-1252"?>\r
-<VisualStudioProject\r
- ProjectType="Visual C++"\r
- Version="9.00"\r
- Name="libsrtp"\r
- ProjectGUID="{EEF031CB-FED8-451E-A471-91EC8D4F6750}"\r
- RootNamespace="libsrtp"\r
- Keyword="Win32Proj"\r
- TargetFrameworkVersion="131072"\r
- >\r
- <Platforms>\r
- <Platform\r
- Name="Win32"\r
- />\r
- <Platform\r
- Name="x64"\r
- />\r
- </Platforms>\r
- <ToolFiles>\r
- </ToolFiles>\r
- <Configurations>\r
- <Configuration\r
- Name="Debug|Win32"\r
- OutputDirectory="$(ConfigurationName)"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- Optimization="0"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;_DEBUG;_LIB;HAVE_CONFIG_H"\r
- MinimalRebuild="true"\r
- BasicRuntimeChecks="3"\r
- RuntimeLibrary="3"\r
- StructMemberAlignment="0"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="4"\r
- WarnAsError="true"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Debug|x64"\r
- OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- TargetEnvironment="3"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- Optimization="0"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;_DEBUG;_LIB;HAVE_CONFIG_H"\r
- MinimalRebuild="true"\r
- BasicRuntimeChecks="3"\r
- RuntimeLibrary="3"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="4"\r
- WarnAsError="false"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release|Win32"\r
- OutputDirectory="$(ConfigurationName)"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- WholeProgramOptimization="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;NDEBUG;_LIB;HAVE_CONFIG_H"\r
- RuntimeLibrary="2"\r
- StructMemberAlignment="0"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="4"\r
- WarnAsError="true"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release|x64"\r
- OutputDirectory="$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- WholeProgramOptimization="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- TargetEnvironment="3"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;NDEBUG;_LIB;HAVE_CONFIG_H"\r
- RuntimeLibrary="2"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="4"\r
- WarnAsError="false"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Debug Dll|Win32"\r
- OutputDirectory="$(SolutionDir)Debug"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="2"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- Optimization="0"\r
- EnableIntrinsicFunctions="true"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;_DEBUG;_LIB;HAVE_CONFIG_H"\r
- MinimalRebuild="true"\r
- BasicRuntimeChecks="3"\r
- RuntimeLibrary="3"\r
- StructMemberAlignment="0"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="4"\r
- WarnAsError="true"\r
- DebugInformationFormat="4"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLinkerTool"\r
- AdditionalDependencies="Ws2_32.lib"\r
- ModuleDefinitionFile="srtp.def"\r
- OptimizeReferences="1"\r
- EnableCOMDATFolding="1"\r
- OptimizeForWindows98="1"\r
- LinkTimeCodeGeneration="0"\r
- RandomizedBaseAddress="1"\r
- DataExecutionPrevention="0"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCManifestTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCAppVerifierTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Debug Dll|x64"\r
- OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="2"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- TargetEnvironment="3"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- Optimization="0"\r
- EnableIntrinsicFunctions="true"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;_DEBUG;_LIB;HAVE_CONFIG_H"\r
- MinimalRebuild="true"\r
- BasicRuntimeChecks="3"\r
- RuntimeLibrary="3"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="4"\r
- WarnAsError="true"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLinkerTool"\r
- AdditionalDependencies="Ws2_32.lib"\r
- ModuleDefinitionFile="srtp.def"\r
- OptimizeReferences="1"\r
- EnableCOMDATFolding="1"\r
- OptimizeForWindows98="1"\r
- LinkTimeCodeGeneration="0"\r
- RandomizedBaseAddress="1"\r
- DataExecutionPrevention="0"\r
- TargetMachine="17"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCManifestTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCAppVerifierTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release Dll|Win32"\r
- OutputDirectory="$(SolutionDir)Release"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="2"\r
- CharacterSet="1"\r
- WholeProgramOptimization="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;NDEBUG;_LIB;HAVE_CONFIG_H"\r
- RuntimeLibrary="2"\r
- StructMemberAlignment="0"\r
- BufferSecurityCheck="false"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="4"\r
- WarnAsError="true"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLinkerTool"\r
- AdditionalDependencies="Ws2_32.lib"\r
- ModuleDefinitionFile="srtp.def"\r
- RandomizedBaseAddress="1"\r
- DataExecutionPrevention="0"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCManifestTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCAppVerifierTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release Dll|x64"\r
- OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"\r
- IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"\r
- ConfigurationType="2"\r
- CharacterSet="1"\r
- WholeProgramOptimization="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- TargetEnvironment="3"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;NDEBUG;_LIB;HAVE_CONFIG_H"\r
- RuntimeLibrary="2"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="4"\r
- WarnAsError="true"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLinkerTool"\r
- AdditionalDependencies="Ws2_32.lib"\r
- ModuleDefinitionFile="srtp.def"\r
- RandomizedBaseAddress="1"\r
- DataExecutionPrevention="0"\r
- TargetMachine="17"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCManifestTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCAppVerifierTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- </Configurations>\r
- <References>\r
- </References>\r
- <Files>\r
- <Filter\r
- Name="Source Files"\r
- Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"\r
- UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"\r
- >\r
- <File\r
- RelativePath=".\srtp\srtp.c"\r
- >\r
- </File>\r
- <Filter\r
- Name="Kernel"\r
- >\r
- <File\r
- RelativePath=".\crypto\kernel\alloc.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\kernel\crypto_kernel.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\rng\ctr_prng.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\kernel\err.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\kernel\key.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\rng\prng.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\rng\rand_source.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Ciphers"\r
- >\r
- <File\r
- RelativePath=".\crypto\cipher\aes.c"\r
- >\r
- <FileConfiguration\r
- Name="Debug Dll|Win32"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- InlineFunctionExpansion="0"\r
- EnableIntrinsicFunctions="false"\r
- EnableFunctionLevelLinking="false"\r
- />\r
- </FileConfiguration>\r
- <FileConfiguration\r
- Name="Debug Dll|x64"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- InlineFunctionExpansion="0"\r
- EnableIntrinsicFunctions="false"\r
- EnableFunctionLevelLinking="false"\r
- />\r
- </FileConfiguration>\r
- </File>\r
- <File\r
- RelativePath=".\crypto\cipher\aes_cbc.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\cipher\aes_icm.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\cipher\cipher.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\cipher\null_cipher.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Hashes"\r
- >\r
- <File\r
- RelativePath=".\crypto\hash\auth.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\hash\hmac.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\hash\null_auth.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\hash\sha1.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Replay"\r
- >\r
- <File\r
- RelativePath=".\crypto\replay\rdb.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\replay\rdbx.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\replay\ut_sim.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Math"\r
- >\r
- <File\r
- RelativePath=".\crypto\math\datatypes.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\math\stat.c"\r
- >\r
- </File>\r
- </Filter>\r
- </Filter>\r
- <Filter\r
- Name="Header Files"\r
- Filter="h;hpp;hxx;hm;inl;inc;xsd"\r
- UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"\r
- >\r
- <File\r
- RelativePath=".\crypto\include\aes.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\aes_cbc.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\aes_icm.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\alloc.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\auth.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\cipher.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\config.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\crypto.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\crypto_kernel.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\crypto_math.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\crypto_types.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\cryptoalg.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\datatypes.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\err.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\gf2_8.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\hmac.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\integers.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\kernel_compat.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\key.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\null_auth.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\null_cipher.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\prng.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\rand_source.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\rdb.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\rdbx.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\include\rtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\sha1.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\include\srtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\stat.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\include\ut_sim.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\xfm.h"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Resource Files"\r
- Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"\r
- UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"\r
- >\r
- </Filter>\r
- <File\r
- RelativePath=".\srtp.def"\r
- >\r
- </File>\r
- </Files>\r
- <Globals>\r
- </Globals>\r
-</VisualStudioProject>\r
-<?xml version="1.0" encoding="utf-8"?>\r
+<?xml version="1.0" encoding="utf-8"?>\r
<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">\r
<ItemGroup Label="ProjectConfigurations">\r
<ProjectConfiguration Include="Debug Dll|Win32">\r
<ClCompile Include="srtp\srtp.c" />\r
<ClCompile Include="crypto\kernel\alloc.c" />\r
<ClCompile Include="crypto\kernel\crypto_kernel.c" />\r
- <ClCompile Include="crypto\rng\ctr_prng.c" />\r
<ClCompile Include="crypto\kernel\err.c" />\r
<ClCompile Include="crypto\kernel\key.c" />\r
- <ClCompile Include="crypto\rng\prng.c" />\r
- <ClCompile Include="crypto\rng\rand_source.c" />\r
<ClCompile Include="crypto\cipher\aes.c">\r
<InlineFunctionExpansion Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">Default</InlineFunctionExpansion>\r
<IntrinsicFunctions Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">false</IntrinsicFunctions>\r
<IntrinsicFunctions Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">false</IntrinsicFunctions>\r
<FunctionLevelLinking Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">false</FunctionLevelLinking>\r
</ClCompile>\r
- <ClCompile Include="crypto\cipher\aes_cbc.c" />\r
<ClCompile Include="crypto\cipher\cipher.c" />\r
<ClCompile Include="crypto\cipher\null_cipher.c" />\r
<ClCompile Include="crypto\hash\auth.c" />\r
</ItemGroup>\r
<ItemGroup>\r
<ClInclude Include="crypto\include\aes.h" />\r
- <ClInclude Include="crypto\include\aes_cbc.h" />\r
<ClInclude Include="crypto\include\aes_gcm_ossl.h" />\r
<ClInclude Include="crypto\include\aes_icm.h" />\r
<ClInclude Include="crypto\include\aes_icm_ossl.h" />\r
<ClInclude Include="crypto\include\auth.h" />\r
<ClInclude Include="crypto\include\cipher.h" />\r
<ClInclude Include="crypto\include\config.h" />\r
- <ClInclude Include="crypto\include\crypto.h" />\r
<ClInclude Include="crypto\include\crypto_kernel.h" />\r
- <ClInclude Include="crypto\include\crypto_math.h" />\r
<ClInclude Include="crypto\include\crypto_types.h" />\r
- <ClInclude Include="crypto\include\cryptoalg.h" />\r
<ClInclude Include="crypto\include\datatypes.h" />\r
<ClInclude Include="crypto\include\err.h" />\r
- <ClInclude Include="crypto\include\gf2_8.h" />\r
<ClInclude Include="crypto\include\hmac.h" />\r
<ClInclude Include="crypto\include\integers.h" />\r
- <ClInclude Include="crypto\include\kernel_compat.h" />\r
<ClInclude Include="crypto\include\key.h" />\r
<ClInclude Include="crypto\include\null_auth.h" />\r
<ClInclude Include="crypto\include\null_cipher.h" />\r
- <ClInclude Include="crypto\include\prng.h" />\r
- <ClInclude Include="crypto\include\rand_source.h" />\r
<ClInclude Include="crypto\include\rdb.h" />\r
<ClInclude Include="crypto\include\rdbx.h" />\r
<ClInclude Include="include\rtp.h" />\r
<ClInclude Include="include\srtp.h" />\r
<ClInclude Include="crypto\include\stat.h" />\r
<ClInclude Include="include\ut_sim.h" />\r
- <ClInclude Include="crypto\include\xfm.h" />\r
</ItemGroup>\r
<ItemGroup>\r
<None Include="srtp.def" />\r
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />\r
<ImportGroup Label="ExtensionTargets">\r
</ImportGroup>\r
-</Project>
\ No newline at end of file
+</Project>\r
+++ /dev/null
-<?xml version="1.0" encoding="Windows-1252"?>\r
-<VisualStudioProject\r
- ProjectType="Visual C++"\r
- Version="8.00"\r
- Name="libsrtp"\r
- ProjectGUID="{EEF031CB-FED8-451E-A471-91EC8D4F6750}"\r
- RootNamespace="libsrtp"\r
- Keyword="Win32Proj"\r
- >\r
- <Platforms>\r
- <Platform\r
- Name="Win32"\r
- />\r
- </Platforms>\r
- <ToolFiles>\r
- </ToolFiles>\r
- <Configurations>\r
- <Configuration\r
- Name="Debug|Win32"\r
- OutputDirectory="$(ConfigurationName)"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- Optimization="0"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;_DEBUG;_LIB;HAVE_CONFIG_H"\r
- MinimalRebuild="true"\r
- BasicRuntimeChecks="3"\r
- RuntimeLibrary="3"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="4"\r
- WarnAsError="true"\r
- Detect64BitPortabilityProblems="true"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release|Win32"\r
- OutputDirectory="$(ConfigurationName)"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- WholeProgramOptimization="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;NDEBUG;_LIB;HAVE_CONFIG_H"\r
- RuntimeLibrary="2"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="4"\r
- WarnAsError="true"\r
- Detect64BitPortabilityProblems="true"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Debug Dll|Win32"\r
- OutputDirectory="$(SolutionDir)Debug"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="2"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- Optimization="0"\r
- EnableIntrinsicFunctions="true"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;_DEBUG;_LIB;HAVE_CONFIG_H"\r
- MinimalRebuild="true"\r
- BasicRuntimeChecks="3"\r
- RuntimeLibrary="3"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="4"\r
- WarnAsError="true"\r
- Detect64BitPortabilityProblems="true"\r
- DebugInformationFormat="4"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLinkerTool"\r
- AdditionalDependencies="Ws2_32.lib"\r
- ModuleDefinitionFile="srtp.def"\r
- OptimizeReferences="1"\r
- EnableCOMDATFolding="1"\r
- OptimizeForWindows98="1"\r
- LinkTimeCodeGeneration="0"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCManifestTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCAppVerifierTool"\r
- />\r
- <Tool\r
- Name="VCWebDeploymentTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release Dll|Win32"\r
- OutputDirectory="$(SolutionDir)Release"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="2"\r
- CharacterSet="1"\r
- WholeProgramOptimization="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;NDEBUG;_LIB;HAVE_CONFIG_H"\r
- RuntimeLibrary="2"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="4"\r
- WarnAsError="true"\r
- Detect64BitPortabilityProblems="true"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLinkerTool"\r
- AdditionalDependencies="Ws2_32.lib"\r
- ModuleDefinitionFile="srtp.def"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCManifestTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCAppVerifierTool"\r
- />\r
- <Tool\r
- Name="VCWebDeploymentTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- </Configurations>\r
- <References>\r
- </References>\r
- <Files>\r
- <Filter\r
- Name="Source Files"\r
- Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"\r
- UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"\r
- >\r
- <File\r
- RelativePath=".\srtp\srtp.c"\r
- >\r
- </File>\r
- <Filter\r
- Name="Kernel"\r
- >\r
- <File\r
- RelativePath=".\crypto\kernel\alloc.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\kernel\crypto_kernel.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\rng\ctr_prng.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\kernel\err.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\kernel\key.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\rng\prng.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\rng\rand_source.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Ciphers"\r
- >\r
- <File\r
- RelativePath=".\crypto\cipher\aes.c"\r
- >\r
- <FileConfiguration\r
- Name="Debug Dll|Win32"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- InlineFunctionExpansion="0"\r
- EnableIntrinsicFunctions="false"\r
- EnableFunctionLevelLinking="false"\r
- />\r
- </FileConfiguration>\r
- </File>\r
- <File\r
- RelativePath=".\crypto\cipher\aes_cbc.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\cipher\aes_icm.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\cipher\cipher.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\cipher\null_cipher.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Hashes"\r
- >\r
- <File\r
- RelativePath=".\crypto\hash\auth.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\hash\hmac.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\hash\null_auth.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\hash\sha1.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Replay"\r
- >\r
- <File\r
- RelativePath=".\crypto\replay\rdb.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\replay\rdbx.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\replay\ut_sim.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Math"\r
- >\r
- <File\r
- RelativePath=".\crypto\math\datatypes.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\math\stat.c"\r
- >\r
- </File>\r
- </Filter>\r
- </Filter>\r
- <Filter\r
- Name="Header Files"\r
- Filter="h;hpp;hxx;hm;inl;inc;xsd"\r
- UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"\r
- >\r
- <File\r
- RelativePath=".\crypto\include\aes.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\aes_cbc.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\aes_icm.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\alloc.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\auth.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\cipher.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\config.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\crypto.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\crypto_kernel.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\crypto_math.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\crypto_types.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\cryptoalg.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\datatypes.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\err.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\gf2_8.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\hmac.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\integers.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\kernel_compat.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\key.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\null_auth.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\null_cipher.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\prng.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\rand_source.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\rdb.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\rdbx.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\include\rtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\sha1.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\include\srtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\stat.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\include\ut_sim.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\xfm.h"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Resource Files"\r
- Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"\r
- UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"\r
- >\r
- </Filter>\r
- <File\r
- RelativePath=".\srtp.def"\r
- >\r
- </File>\r
- </Files>\r
- <Globals>\r
- </Globals>\r
-</VisualStudioProject>\r
--- /dev/null
+prefix=@prefix@
+exec_prefix=@prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: @PACKAGE_NAME@
+Version: @PACKAGE_VERSION@
+Description: Library for SRTP (Secure Realtime Transport Protocol)
+
+Libs: -L${libdir} -lsrtp2 @LIBS@
+Cflags: -I${includedir}
EXPORTS
srtp_init
+srtp_shutdown
srtp_protect
srtp_unprotect
srtp_create
srtp_add_stream
srtp_remove_stream
-crypto_policy_set_rtp_default
-crypto_policy_set_rtcp_default
-crypto_policy_set_aes_cm_128_hmac_sha1_32
-crypto_policy_set_aes_cm_128_null_auth
-crypto_policy_set_null_cipher_hmac_sha1_80
+srtp_update
+srtp_update_stream
+srtp_crypto_policy_set_rtp_default
+srtp_crypto_policy_set_rtcp_default
+srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32
+srtp_crypto_policy_set_aes_cm_128_null_auth
+srtp_crypto_policy_set_null_cipher_hmac_sha1_80
+srtp_crypto_policy_set_null_cipher_hmac_null
+srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80
+srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32
+srtp_crypto_policy_set_aes_cm_256_null_auth
+; TODO - GCM module not yet supported on Win32
+; srtp_crypto_policy_set_aes_gcm_128_8_auth
+; srtp_crypto_policy_set_aes_gcm_256_8_auth
+; srtp_crypto_policy_set_aes_gcm_128_8_only_auth
+; srtp_crypto_policy_set_aes_gcm_256_8_only_auth
+; srtp_crypto_policy_set_aes_gcm_128_16_auth
+; srtp_crypto_policy_set_aes_gcm_256_16_auth
srtp_dealloc
-srtp_get_stream
+srtp_crypto_policy_set_from_profile_for_rtp
+srtp_crypto_policy_set_from_profile_for_rtcp
+srtp_profile_get_master_key_length
+srtp_profile_get_master_salt_length
+srtp_append_salt_to_key
srtp_protect_rtcp
srtp_unprotect_rtcp
+srtp_set_user_data
+srtp_get_user_data
srtp_install_event_handler
-crypto_kernel_init
-crypto_kernel_shutdown
-crypto_kernel_status
-crypto_kernel_list_debug_modules
-crypto_kernel_load_cipher_type
-crypto_kernel_load_auth_type
-crypto_kernel_load_debug_module
-crypto_kernel_alloc_cipher
-crypto_kernel_alloc_auth
-crypto_kernel_set_debug_module
-crypto_get_random
-rand_source_init
-rand_source_get_octet_string
-rand_source_deinit
-x917_prng_init
-x917_prng_get_octet_string
-ctr_prng_init
-ctr_prng_get_octet_string
-cipher_output
-cipher_get_key_length
-cipher_type_self_test
-cipher_bits_per_second
-auth_get_key_length
-auth_get_tag_length
-auth_get_prefix_length
-auth_type_self_test
-auth_type_get_ref_count
-stat_test_monobit
-stat_test_poker
-stat_test_runs
-stat_test_rand_source
-stat_test_rand_source_with_repetition
-err_reporting_init
-err_report
-key_limit_set
-key_limit_clone
-key_limit_check
-key_limit_update
-rdbx_init
-rdbx_estimate_index
-rdbx_check
-rdbx_add_index
-index_init
-index_advance
-index_guess
-octet_get_weight
-octet_string_hex_string
-v128_bit_string
-v128_hex_string
-nibble_to_hex_char
-hex_string_to_octet_string
-v128_copy_octet_string
-v128_left_shift
-v128_right_shift
-octet_string_is_eq
-octet_string_set_to_zero
-rdb_init
-rdb_check
-rdb_add_index
-rdb_increment
-rdb_get_value
-aes_expand_encryption_key
-aes_expand_decryption_key
-aes_encrypt
-aes_decrypt
-aes_icm_context_init
-aes_icm_set_iv
-aes_icm_encrypt
-aes_icm_output
-aes_icm_dealloc
-aes_icm_encrypt_ismacryp
-aes_icm_alloc_ismacryp
-crypto_alloc
-crypto_free
+srtp_get_version_string
+srtp_get_version
+srtp_set_debug_module
+srtp_list_debug_modules
+srtp_ekt_octets_after_base_tag
+srtp_ekt_alloc
+srtp_ekt_stream_init_from_policy
+srtp_ekt_write_data
+srtp_cipher_get_key_length
+srtp_cipher_type_self_test
+srtp_cipher_type_test
+srtp_cipher_bits_per_second
+srtp_cipher_type_alloc
+srtp_cipher_dealloc
+srtp_cipher_init
+srtp_cipher_set_iv
+srtp_cipher_output
+srtp_cipher_encrypt
+srtp_cipher_decrypt
+srtp_cipher_get_tag
+srtp_cipher_set_aad
+srtp_replace_cipher_type
+srtp_auth_get_key_length
+srtp_auth_get_tag_length
+srtp_auth_get_prefix_length
+srtp_auth_type_self_test
+srtp_auth_type_test
+srtp_replace_auth_type
--- /dev/null
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Express 14 for Windows Desktop
+VisualStudioVersion = 14.0.25123.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "srtp2", "srtp2.vcxproj", "{EEF031CB-FED8-451E-A471-91EC8D4F6750}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug Dll|Win32 = Debug Dll|Win32
+ Debug Dll|x64 = Debug Dll|x64
+ Debug|Win32 = Debug|Win32
+ Debug|x64 = Debug|x64
+ Release Dll|Win32 = Release Dll|Win32
+ Release Dll|x64 = Release Dll|x64
+ Release|Win32 = Release|Win32
+ Release|x64 = Release|x64
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug Dll|Win32.ActiveCfg = Debug Dll|Win32
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug Dll|Win32.Build.0 = Debug Dll|Win32
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug Dll|x64.ActiveCfg = Debug Dll|x64
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug Dll|x64.Build.0 = Debug Dll|x64
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug|Win32.ActiveCfg = Debug|Win32
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug|Win32.Build.0 = Debug|Win32
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug|x64.ActiveCfg = Debug|x64
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug|x64.Build.0 = Debug|x64
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release Dll|Win32.ActiveCfg = Release Dll|Win32
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release Dll|Win32.Build.0 = Release Dll|Win32
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release Dll|x64.ActiveCfg = Release Dll|x64
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release Dll|x64.Build.0 = Release Dll|x64
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release|Win32.ActiveCfg = Release|Win32
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release|Win32.Build.0 = Release|Win32
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release|x64.ActiveCfg = Release|x64
+ {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release|x64.Build.0 = Release|x64
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
+++ /dev/null
-<?xml version="1.0" encoding="Windows-1252"?>\r
-<VisualStudioProject\r
- ProjectType="Visual C++"\r
- Version="8.00"\r
- Name="srtp"\r
- ProjectGUID="{EEF031CB-FED8-451E-A471-91EC8D4F6750}"\r
- RootNamespace="srtp"\r
- Keyword="Win32Proj"\r
- >\r
- <Platforms>\r
- <Platform\r
- Name="Win32"\r
- />\r
- </Platforms>\r
- <ToolFiles>\r
- </ToolFiles>\r
- <Configurations>\r
- <Configuration\r
- Name="Debug|Win32"\r
- OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- Optimization="0"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;_DEBUG;_LIB;HAVE_CONFIG_H"\r
- MinimalRebuild="true"\r
- BasicRuntimeChecks="3"\r
- RuntimeLibrary="3"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- Detect64BitPortabilityProblems="true"\r
- DebugInformationFormat="4"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release|Win32"\r
- OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="4"\r
- CharacterSet="1"\r
- WholeProgramOptimization="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;NDEBUG;_LIB;HAVE_CONFIG_H"\r
- RuntimeLibrary="2"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- Detect64BitPortabilityProblems="true"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLibrarianTool"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Debug Dll|Win32"\r
- OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="2"\r
- CharacterSet="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- Optimization="0"\r
- EnableIntrinsicFunctions="true"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;_DEBUG;_LIB;HAVE_CONFIG_H"\r
- MinimalRebuild="true"\r
- BasicRuntimeChecks="3"\r
- RuntimeLibrary="3"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- Detect64BitPortabilityProblems="true"\r
- DebugInformationFormat="4"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLinkerTool"\r
- AdditionalDependencies="Ws2_32.lib"\r
- ModuleDefinitionFile="srtp.def"\r
- OptimizeReferences="1"\r
- EnableCOMDATFolding="1"\r
- OptimizeForWindows98="1"\r
- LinkTimeCodeGeneration="0"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCManifestTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCAppVerifierTool"\r
- />\r
- <Tool\r
- Name="VCWebDeploymentTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- <Configuration\r
- Name="Release Dll|Win32"\r
- OutputDirectory="$(SolutionDir)$(ConfigurationName)"\r
- IntermediateDirectory="$(ConfigurationName)"\r
- ConfigurationType="2"\r
- CharacterSet="1"\r
- WholeProgramOptimization="1"\r
- >\r
- <Tool\r
- Name="VCPreBuildEventTool"\r
- Description="Creating config.h from config.hw"\r
- CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL"\r
- />\r
- <Tool\r
- Name="VCCustomBuildTool"\r
- Description=""\r
- CommandLine=""\r
- Outputs=""\r
- />\r
- <Tool\r
- Name="VCXMLDataGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCWebServiceProxyGeneratorTool"\r
- />\r
- <Tool\r
- Name="VCMIDLTool"\r
- />\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- AdditionalIncludeDirectories="crypto/include;include"\r
- PreprocessorDefinitions="WIN32;NDEBUG;_LIB;HAVE_CONFIG_H"\r
- RuntimeLibrary="2"\r
- StructMemberAlignment="0"\r
- UsePrecompiledHeader="0"\r
- WarningLevel="3"\r
- Detect64BitPortabilityProblems="true"\r
- DebugInformationFormat="3"\r
- />\r
- <Tool\r
- Name="VCManagedResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCResourceCompilerTool"\r
- />\r
- <Tool\r
- Name="VCPreLinkEventTool"\r
- />\r
- <Tool\r
- Name="VCLinkerTool"\r
- AdditionalDependencies="Ws2_32.lib"\r
- ModuleDefinitionFile="srtp.def"\r
- />\r
- <Tool\r
- Name="VCALinkTool"\r
- />\r
- <Tool\r
- Name="VCManifestTool"\r
- />\r
- <Tool\r
- Name="VCXDCMakeTool"\r
- />\r
- <Tool\r
- Name="VCBscMakeTool"\r
- />\r
- <Tool\r
- Name="VCFxCopTool"\r
- />\r
- <Tool\r
- Name="VCAppVerifierTool"\r
- />\r
- <Tool\r
- Name="VCWebDeploymentTool"\r
- />\r
- <Tool\r
- Name="VCPostBuildEventTool"\r
- />\r
- </Configuration>\r
- </Configurations>\r
- <References>\r
- </References>\r
- <Files>\r
- <Filter\r
- Name="Source Files"\r
- Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"\r
- UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"\r
- >\r
- <File\r
- RelativePath=".\srtp\srtp.c"\r
- >\r
- </File>\r
- <Filter\r
- Name="Kernel"\r
- >\r
- <File\r
- RelativePath=".\crypto\kernel\alloc.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\kernel\crypto_kernel.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\rng\ctr_prng.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\kernel\err.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\kernel\key.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\rng\prng.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\rng\rand_source.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Ciphers"\r
- >\r
- <File\r
- RelativePath=".\crypto\cipher\aes.c"\r
- >\r
- <FileConfiguration\r
- Name="Debug Dll|Win32"\r
- >\r
- <Tool\r
- Name="VCCLCompilerTool"\r
- InlineFunctionExpansion="0"\r
- EnableIntrinsicFunctions="false"\r
- EnableFunctionLevelLinking="false"\r
- />\r
- </FileConfiguration>\r
- </File>\r
- <File\r
- RelativePath=".\crypto\cipher\aes_cbc.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\cipher\aes_icm.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\cipher\cipher.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\cipher\null_cipher.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Hashes"\r
- >\r
- <File\r
- RelativePath=".\crypto\hash\auth.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\hash\hmac.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\hash\null_auth.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\hash\sha1.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Replay"\r
- >\r
- <File\r
- RelativePath=".\crypto\replay\rdb.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\replay\rdbx.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\replay\ut_sim.c"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Math"\r
- >\r
- <File\r
- RelativePath=".\crypto\math\datatypes.c"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\math\stat.c"\r
- >\r
- </File>\r
- </Filter>\r
- </Filter>\r
- <Filter\r
- Name="Header Files"\r
- Filter="h;hpp;hxx;hm;inl;inc;xsd"\r
- UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"\r
- >\r
- <File\r
- RelativePath=".\crypto\include\aes.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\aes_cbc.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\aes_icm.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\alloc.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\auth.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\cipher.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\config.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\crypto.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\crypto_kernel.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\crypto_math.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\crypto_types.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\cryptoalg.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\datatypes.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\err.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\gf2_8.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\hmac.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\integers.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\kernel_compat.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\key.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\null_auth.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\null_cipher.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\prng.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\rand_source.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\rdb.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\rdbx.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\include\rtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\sha1.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\include\srtp.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\stat.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\include\ut_sim.h"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\crypto\include\xfm.h"\r
- >\r
- </File>\r
- </Filter>\r
- <Filter\r
- Name="Resource Files"\r
- Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"\r
- UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"\r
- >\r
- </Filter>\r
- <File\r
- RelativePath=".\srtp.def"\r
- >\r
- </File>\r
- </Files>\r
- <Globals>\r
- </Globals>\r
-</VisualStudioProject>\r
*/
/*
*
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
-#include "err.h"
#include "srtp_priv.h"
+#include "err.h"
#include "ekt.h"
-extern debug_module_t mod_srtp;
+extern srtp_debug_module_t mod_srtp;
/*
* The EKT Authentication Tag format.
#define EKT_OCTETS_AFTER_ROC 4
#define EKT_SPI_LEN 2
-unsigned
-ekt_octets_after_base_tag(ekt_stream_t ekt) {
+unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt) {
/*
* if the pointer ekt is NULL, then EKT is not in effect, so we
* indicate this by returning zero
return 0;
switch(ekt->data->ekt_cipher_type) {
- case EKT_CIPHER_AES_128_ECB:
+ case SRTP_EKT_CIPHER_AES_128_ECB:
return 16 + EKT_OCTETS_AFTER_EMK;
break;
default:
return 0;
}
-static inline ekt_spi_t
-srtcp_packet_get_ekt_spi(const uint8_t *packet_start, unsigned pkt_octet_len) {
+static inline srtp_ekt_spi_t srtcp_packet_get_ekt_spi(const uint8_t *packet_start, unsigned pkt_octet_len) {
const uint8_t *spi_location;
spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN);
- return *((const ekt_spi_t *)spi_location);
+ return *((const srtp_ekt_spi_t *)spi_location);
}
-static inline uint32_t
-srtcp_packet_get_ekt_roc(const uint8_t *packet_start, unsigned pkt_octet_len) {
+static inline uint32_t srtcp_packet_get_ekt_roc(const uint8_t *packet_start, unsigned pkt_octet_len) {
const uint8_t *roc_location;
roc_location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_ROC);
return *((const uint32_t *)roc_location);
}
-static inline const uint8_t *
-srtcp_packet_get_emk_location(const uint8_t *packet_start,
- unsigned pkt_octet_len) {
+static inline const uint8_t * srtcp_packet_get_emk_location(const uint8_t *packet_start, unsigned pkt_octet_len) {
const uint8_t *location;
location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_BASE_TAG);
}
-err_status_t
-ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy) {
+srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, srtp_ekt_policy_t policy) {
/*
* if the policy pointer is NULL, then EKT is not in use
*/
if (!policy) {
*stream_data = NULL;
- return err_status_ok;
+ return srtp_err_status_ok;
}
/* TODO */
*stream_data = NULL;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-ekt_stream_init_from_policy(ekt_stream_t stream_data, ekt_policy_t policy) {
+srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t stream_data, srtp_ekt_policy_t policy) {
if (!stream_data)
- return err_status_ok;
+ return srtp_err_status_ok;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-void
-aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len) {
+void aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len) {
#ifndef OPENSSL
//FIXME: need to get this working through the crypto module interface
- aes_expanded_key_t expanded_key;
+ srtp_aes_expanded_key_t expanded_key;
- aes_expand_decryption_key(key, key_len, &expanded_key);
- aes_decrypt(ciphertext, &expanded_key);
+ srtp_aes_expand_decryption_key(key, key_len, &expanded_key);
+ srtp_aes_decrypt(ciphertext, &expanded_key);
#endif
}
* the EKT data from an SRTCP trailer.
*/
-err_status_t
-srtp_stream_init_from_ekt(srtp_stream_t stream,
- const void *srtcp_hdr,
- unsigned pkt_octet_len) {
- err_status_t err;
+srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, const void *srtcp_hdr, unsigned pkt_octet_len) {
+ srtp_err_status_t err;
const uint8_t *master_key;
srtp_policy_t srtp_policy;
uint32_t roc;
*/
if (stream->ekt->data->spi !=
srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len))
- return err_status_no_ctx;
+ return srtp_err_status_no_ctx;
- if (stream->ekt->data->ekt_cipher_type != EKT_CIPHER_AES_128_ECB)
- return err_status_bad_param;
+ if (stream->ekt->data->ekt_cipher_type != SRTP_EKT_CIPHER_AES_128_ECB)
+ return srtp_err_status_bad_param;
/* decrypt the Encrypted Master Key field */
master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len);
/* set the SRTP ROC */
roc = srtcp_packet_get_ekt_roc(srtcp_hdr, pkt_octet_len);
- err = rdbx_set_roc(&stream->rtp_rdbx, roc);
+ err = srtp_rdbx_set_roc(&stream->rtp_rdbx, roc);
if (err) return err;
err = srtp_stream_init(stream, &srtp_policy);
if (err) return err;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-void
-ekt_write_data(ekt_stream_t ekt,
- uint8_t *base_tag,
- unsigned base_tag_len,
- int *packet_len,
- xtd_seq_num_t pkt_index) {
+void srtp_ekt_write_data(srtp_ekt_stream_t ekt, uint8_t *base_tag, unsigned base_tag_len, int *packet_len, srtp_xtd_seq_num_t pkt_index) {
uint32_t roc;
uint16_t isn;
unsigned emk_len;
packet = base_tag + base_tag_len;
/* copy encrypted master key into packet */
- emk_len = ekt_octets_after_base_tag(ekt);
+ emk_len = srtp_ekt_octets_after_base_tag(ekt);
memcpy(packet, ekt->encrypted_master_key, emk_len);
debug_print(mod_srtp, "writing EKT EMK: %s,",
- octet_string_hex_string(packet, emk_len));
+ srtp_octet_string_hex_string(packet, emk_len));
packet += emk_len;
/* copy ROC into packet */
roc = (uint32_t)(pkt_index >> 16);
*((uint32_t *)packet) = be32_to_cpu(roc);
debug_print(mod_srtp, "writing EKT ROC: %s,",
- octet_string_hex_string(packet, sizeof(roc)));
+ srtp_octet_string_hex_string(packet, sizeof(roc)));
packet += sizeof(roc);
/* copy ISN into packet */
isn = (uint16_t)pkt_index;
*((uint16_t *)packet) = htons(isn);
debug_print(mod_srtp, "writing EKT ISN: %s,",
- octet_string_hex_string(packet, sizeof(isn)));
+ srtp_octet_string_hex_string(packet, sizeof(isn)));
packet += sizeof(isn);
/* copy SPI into packet */
*((uint16_t *)packet) = htons(ekt->data->spi);
debug_print(mod_srtp, "writing EKT SPI: %s,",
- octet_string_hex_string(packet, sizeof(ekt->data->spi)));
+ srtp_octet_string_hex_string(packet, sizeof(ekt->data->spi)));
/* increase packet length appropriately */
*packet_len += EKT_OCTETS_AFTER_EMK + emk_len;
* auth_tag pointer is set to the location
*/
-void
-srtcp_ekt_trailer(ekt_stream_t ekt,
- unsigned *auth_len,
- void **auth_tag,
- void *tag_copy) {
-
+void srtcp_ekt_trailer(srtp_ekt_stream_t ekt, unsigned *auth_len, void **auth_tag, void *tag_copy) {
/*
* if there is no EKT policy, then the other inputs are unaffected
*/
*/
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*
*/
+// Leave this as the top level import. Ensures the existence of defines
+#include "config.h"
-#include "srtp.h"
+#include "srtp_priv.h"
+#include "crypto_types.h"
+#include "err.h"
#include "ekt.h" /* for SRTP Encrypted Key Transport */
-#include "alloc.h" /* for crypto_alloc() */
+#include "alloc.h" /* for srtp_crypto_alloc() */
#ifdef OPENSSL
#include "aes_gcm_ossl.h" /* for AES GCM mode */
+# ifdef OPENSSL_KDF
+# include <openssl/kdf.h>
+# include "aes_icm_ossl.h" /* for AES GCM mode */
+# endif
#endif
-#ifndef SRTP_KERNEL
-# include <limits.h>
-# ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-# elif defined(HAVE_WINSOCK2_H)
-# include <winsock2.h>
-# endif
-#endif /* ! SRTP_KERNEL */
+#include <limits.h>
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#elif defined(HAVE_WINSOCK2_H)
+# include <winsock2.h>
+#endif
/* the debug module for srtp */
-debug_module_t mod_srtp = {
+srtp_debug_module_t mod_srtp = {
0, /* debugging is off by default */
"srtp" /* printable name for module */
};
#define uint32s_in_rtp_header 3
#define octets_in_rtcp_header 8
#define uint32s_in_rtcp_header 2
+#define octets_in_rtp_extn_hdr 4
+
+static srtp_err_status_t
+srtp_validate_rtp_header(void *rtp_hdr, int *pkt_octet_len) {
+ if (*pkt_octet_len < octets_in_rtp_header)
+ return srtp_err_status_bad_param;
+
+ srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr;
+
+ /* Check RTP header length */
+ int rtp_header_len = octets_in_rtp_header + 4 * hdr->cc;
+ if (hdr->x == 1)
+ rtp_header_len += octets_in_rtp_extn_hdr;
+
+ if (*pkt_octet_len < rtp_header_len)
+ return srtp_err_status_bad_param;
+
+ /* Verifing profile length. */
+ if (hdr->x == 1) {
+ srtp_hdr_xtnd_t *xtn_hdr =
+ (srtp_hdr_xtnd_t *)((uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc);
+ int profile_len = ntohs(xtn_hdr->length);
+ rtp_header_len += profile_len * 4;
+ /* profile length counts the number of 32-bit words */
+ if (*pkt_octet_len < rtp_header_len)
+ return srtp_err_status_bad_param;
+ }
+ return srtp_err_status_ok;
+}
+
+const char *srtp_get_version_string ()
+{
+ /*
+ * Simply return the autotools generated string
+ */
+ return SRTP_VER_STRING;
+}
+unsigned int srtp_get_version ()
+{
+ unsigned int major = 0, minor = 0, micro = 0;
+ unsigned int rv = 0;
+ int parse_rv;
+
+ /*
+ * Parse the autotools generated version
+ */
+ parse_rv = sscanf(SRTP_VERSION, "%u.%u.%u", &major, &minor, µ);
+ if (parse_rv != 3) {
+ /*
+ * We're expected to parse all 3 version levels.
+ * If not, then this must not be an official release.
+ * Return all zeros on the version
+ */
+ return (0);
+ }
+
+ /*
+ * We allow 8 bits for the major and minor, while
+ * allowing 16 bits for the micro. 16 bits for the micro
+ * may be beneficial for a continuous delivery model
+ * in the future.
+ */
+ rv |= (major & 0xFF) << 24;
+ rv |= (minor & 0xFF) << 16;
+ rv |= micro & 0xFF;
+ return rv;
+}
+
+/* Release (maybe partially allocated) stream. */
+static void
+srtp_stream_free(srtp_stream_ctx_t *str) {
+ unsigned int i = 0;
+ srtp_session_keys_t *session_keys = NULL;
+
+ for (i = 0; i < str->num_master_keys; i++) {
+ session_keys = &str->session_keys[i];
+
+ if (session_keys->rtp_xtn_hdr_cipher) {
+ srtp_cipher_dealloc(session_keys->rtp_xtn_hdr_cipher);
+ }
+
+ if (session_keys->rtcp_cipher) {
+ srtp_cipher_dealloc(session_keys->rtcp_cipher);
+ }
+
+ if (session_keys->rtcp_auth) {
+ srtp_auth_dealloc(session_keys->rtcp_auth);
+ }
+
+ if (session_keys->rtp_cipher) {
+ srtp_cipher_dealloc(session_keys->rtp_cipher);
+ }
+
+ if (session_keys->rtp_auth) {
+ srtp_auth_dealloc(session_keys->rtp_auth);
+ }
+
+ if (session_keys->mki_id) {
+ srtp_crypto_free(session_keys->mki_id);
+ }
+
+ if (session_keys->limit) {
+ srtp_crypto_free(session_keys->limit);
+ }
+ }
+
+ srtp_crypto_free(str->session_keys);
+
+ if (str->enc_xtn_hdr) {
+ srtp_crypto_free(str->enc_xtn_hdr);
+ }
+
+ srtp_crypto_free(str);
+}
-err_status_t
+srtp_err_status_t
srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
const srtp_policy_t *p) {
srtp_stream_ctx_t *str;
- err_status_t stat;
+ srtp_err_status_t stat;
+ unsigned int i = 0;
+ srtp_session_keys_t *session_keys = NULL;
/*
* This function allocates the stream context, rtp and rtcp ciphers
*/
/* allocate srtp stream and set str_ptr */
- str = (srtp_stream_ctx_t *) crypto_alloc(sizeof(srtp_stream_ctx_t));
+ str = (srtp_stream_ctx_t *) srtp_crypto_alloc(sizeof(srtp_stream_ctx_t));
if (str == NULL)
- return err_status_alloc_fail;
- *str_ptr = str;
-
- /* allocate cipher */
- stat = crypto_kernel_alloc_cipher(p->rtp.cipher_type,
- &str->rtp_cipher,
- p->rtp.cipher_key_len,
- p->rtp.auth_tag_len);
- if (stat) {
- crypto_free(str);
- return stat;
+ return srtp_err_status_alloc_fail;
+
+ memset(str, 0, sizeof(srtp_stream_ctx_t));
+ *str_ptr = str;
+
+ /* To keep backwards API compatible if someone is using multiple master
+ * keys then key should be set to NULL
+ */
+ if (p->key != NULL) {
+ str->num_master_keys = 1;
+ } else {
+ str->num_master_keys = p->num_master_keys;
}
- /* allocate auth function */
- stat = crypto_kernel_alloc_auth(p->rtp.auth_type,
- &str->rtp_auth,
- p->rtp.auth_key_len,
- p->rtp.auth_tag_len);
- if (stat) {
- cipher_dealloc(str->rtp_cipher);
- crypto_free(str);
- return stat;
+ str->session_keys = (srtp_session_keys_t *)srtp_crypto_alloc(
+ sizeof(srtp_session_keys_t) * str->num_master_keys);
+
+ if (str->session_keys == NULL) {
+ srtp_stream_free(str);
+ return srtp_err_status_alloc_fail;
}
-
- /* allocate key limit structure */
- str->limit = (key_limit_ctx_t*) crypto_alloc(sizeof(key_limit_ctx_t));
- if (str->limit == NULL) {
- auth_dealloc(str->rtp_auth);
- cipher_dealloc(str->rtp_cipher);
- crypto_free(str);
- return err_status_alloc_fail;
+
+ memset(str->session_keys, 0, sizeof(srtp_session_keys_t) * str->num_master_keys);
+
+ for (i = 0; i < str->num_master_keys; i++) {
+ session_keys = &str->session_keys[i];
+
+ /* allocate cipher */
+ stat = srtp_crypto_kernel_alloc_cipher(p->rtp.cipher_type,
+ &session_keys->rtp_cipher,
+ p->rtp.cipher_key_len,
+ p->rtp.auth_tag_len);
+ if (stat) {
+ srtp_stream_free(str);
+ return stat;
+ }
+
+ /* allocate auth function */
+ stat = srtp_crypto_kernel_alloc_auth(p->rtp.auth_type,
+ &session_keys->rtp_auth,
+ p->rtp.auth_key_len,
+ p->rtp.auth_tag_len);
+ if (stat) {
+ srtp_stream_free(str);
+ return stat;
+ }
+
+ /*
+ * ...and now the RTCP-specific initialization - first, allocate
+ * the cipher
+ */
+ stat = srtp_crypto_kernel_alloc_cipher(p->rtcp.cipher_type,
+ &session_keys->rtcp_cipher,
+ p->rtcp.cipher_key_len,
+ p->rtcp.auth_tag_len);
+ if (stat) {
+ srtp_stream_free(str);
+ return stat;
+ }
+
+ /* allocate auth function */
+ stat = srtp_crypto_kernel_alloc_auth(p->rtcp.auth_type,
+ &session_keys->rtcp_auth,
+ p->rtcp.auth_key_len,
+ p->rtcp.auth_tag_len);
+ if (stat) {
+ srtp_stream_free(str);
+ return stat;
+ }
+
+ session_keys->mki_id = NULL;
+
+ /* allocate key limit structure */
+ session_keys->limit = (srtp_key_limit_ctx_t*) srtp_crypto_alloc(sizeof(srtp_key_limit_ctx_t));
+ if (session_keys->limit == NULL) {
+ srtp_stream_free(str);
+ return srtp_err_status_alloc_fail;
+ }
}
- /*
- * ...and now the RTCP-specific initialization - first, allocate
- * the cipher
- */
- stat = crypto_kernel_alloc_cipher(p->rtcp.cipher_type,
- &str->rtcp_cipher,
- p->rtcp.cipher_key_len,
- p->rtcp.auth_tag_len);
+ /* allocate ekt data associated with stream */
+ stat = srtp_ekt_alloc(&str->ekt, p->ekt);
if (stat) {
- auth_dealloc(str->rtp_auth);
- cipher_dealloc(str->rtp_cipher);
- crypto_free(str->limit);
- crypto_free(str);
+ srtp_stream_free(str);
return stat;
}
- /* allocate auth function */
- stat = crypto_kernel_alloc_auth(p->rtcp.auth_type,
- &str->rtcp_auth,
- p->rtcp.auth_key_len,
- p->rtcp.auth_tag_len);
- if (stat) {
- cipher_dealloc(str->rtcp_cipher);
- auth_dealloc(str->rtp_auth);
- cipher_dealloc(str->rtp_cipher);
- crypto_free(str->limit);
- crypto_free(str);
- return stat;
- }
+ if (p->enc_xtn_hdr && p->enc_xtn_hdr_count > 0) {
+ srtp_cipher_type_id_t enc_xtn_hdr_cipher_type;
+ int enc_xtn_hdr_cipher_key_len;
- /* allocate ekt data associated with stream */
- stat = ekt_alloc(&str->ekt, p->ekt);
- if (stat) {
- auth_dealloc(str->rtcp_auth);
- cipher_dealloc(str->rtcp_cipher);
- auth_dealloc(str->rtp_auth);
- cipher_dealloc(str->rtp_cipher);
- crypto_free(str->limit);
- crypto_free(str);
- return stat;
+ str->enc_xtn_hdr = (int*) srtp_crypto_alloc(p->enc_xtn_hdr_count * sizeof(p->enc_xtn_hdr[0]));
+ if (!str->enc_xtn_hdr) {
+ srtp_stream_free(str);
+ return srtp_err_status_alloc_fail;
+ }
+ memcpy(str->enc_xtn_hdr, p->enc_xtn_hdr, p->enc_xtn_hdr_count * sizeof(p->enc_xtn_hdr[0]));
+ str->enc_xtn_hdr_count = p->enc_xtn_hdr_count;
+
+ /* For GCM ciphers, the corresponding ICM cipher is used for header extensions encryption. */
+ switch (p->rtp.cipher_type) {
+ case SRTP_AES_GCM_128:
+ enc_xtn_hdr_cipher_type = SRTP_AES_ICM_128;
+ enc_xtn_hdr_cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT;
+ break;
+ case SRTP_AES_GCM_256:
+ enc_xtn_hdr_cipher_type = SRTP_AES_ICM_256;
+ enc_xtn_hdr_cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT;
+ break;
+ default:
+ enc_xtn_hdr_cipher_type = p->rtp.cipher_type;
+ enc_xtn_hdr_cipher_key_len = p->rtp.cipher_key_len;
+ break;
+ }
+
+ for (i = 0; i < str->num_master_keys; i++) {
+ session_keys = &str->session_keys[i];
+
+ /* allocate cipher for extensions header encryption */
+ stat = srtp_crypto_kernel_alloc_cipher(enc_xtn_hdr_cipher_type,
+ &session_keys->rtp_xtn_hdr_cipher,
+ enc_xtn_hdr_cipher_key_len,
+ 0);
+ if (stat) {
+ srtp_stream_free(str);
+ return stat;
+ }
+ }
+ } else {
+ for (i = 0; i < str->num_master_keys; i++) {
+ session_keys = &str->session_keys[i];
+ session_keys->rtp_xtn_hdr_cipher = NULL;
+ }
+
+ str->enc_xtn_hdr = NULL;
+ str->enc_xtn_hdr_count = 0;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-srtp_stream_dealloc(srtp_t session, srtp_stream_ctx_t *stream) {
- err_status_t status;
-
+srtp_err_status_t
+srtp_stream_dealloc(srtp_stream_ctx_t *stream, srtp_stream_ctx_t *stream_template) {
+ srtp_err_status_t status;
+ unsigned int i = 0;
+ srtp_session_keys_t *session_keys = NULL;
+ srtp_session_keys_t *template_session_keys = NULL;
+
/*
* we use a conservative deallocation strategy - if any deallocation
* fails, then we report that fact without trying to deallocate
* anything else
*/
+ for ( i = 0; i < stream->num_master_keys; i++) {
+ session_keys = &stream->session_keys[i];
- /* deallocate cipher, if it is not the same as that in template */
- if (session->stream_template
- && stream->rtp_cipher == session->stream_template->rtp_cipher) {
- /* do nothing */
- } else {
- status = cipher_dealloc(stream->rtp_cipher);
- if (status)
- return status;
- }
+ if (stream_template) {
+ template_session_keys = &stream_template->session_keys[i];
+ } else {
+ template_session_keys = NULL;
+ }
- /* deallocate auth function, if it is not the same as that in template */
- if (session->stream_template
- && stream->rtp_auth == session->stream_template->rtp_auth) {
- /* do nothing */
- } else {
- status = auth_dealloc(stream->rtp_auth);
- if (status)
- return status;
- }
+ /* deallocate cipher, if it is not the same as that in template */
+ if (template_session_keys
+ && session_keys->rtp_cipher == template_session_keys->rtp_cipher) {
+ /* do nothing */
+ } else {
+ status = srtp_cipher_dealloc(session_keys->rtp_cipher);
+ if (status)
+ return status;
+ }
- /* deallocate key usage limit, if it is not the same as that in template */
- if (session->stream_template
- && stream->limit == session->stream_template->limit) {
- /* do nothing */
- } else {
- crypto_free(stream->limit);
- }
+ /* deallocate auth function, if it is not the same as that in template */
+ if (template_session_keys
+ && session_keys->rtp_auth == template_session_keys->rtp_auth) {
+ /* do nothing */
+ } else {
+ status = srtp_auth_dealloc(session_keys->rtp_auth);
+ if (status)
+ return status;
+ }
+
+ if (template_session_keys
+ && session_keys->rtp_xtn_hdr_cipher == template_session_keys->rtp_xtn_hdr_cipher) {
+ /* do nothing */
+ } else if (session_keys->rtp_xtn_hdr_cipher) {
+ status = srtp_cipher_dealloc(session_keys->rtp_xtn_hdr_cipher);
+ if (status)
+ return status;
+ }
+
+ /*
+ * deallocate rtcp cipher, if it is not the same as that in
+ * template
+ */
+ if (template_session_keys
+ && session_keys->rtcp_cipher == template_session_keys->rtcp_cipher) {
+ /* do nothing */
+ } else {
+ status = srtp_cipher_dealloc(session_keys->rtcp_cipher);
+ if (status)
+ return status;
+ }
+
+ /*
+ * deallocate rtcp auth function, if it is not the same as that in
+ * template
+ */
+ if (template_session_keys
+ && session_keys->rtcp_auth == template_session_keys->rtcp_auth) {
+ /* do nothing */
+ } else {
+ status = srtp_auth_dealloc(session_keys->rtcp_auth);
+ if (status)
+ return status;
+ }
+
+ /*
+ * zeroize the salt value
+ */
+ octet_string_set_to_zero(session_keys->salt, SRTP_AEAD_SALT_LEN);
+ octet_string_set_to_zero(session_keys->c_salt, SRTP_AEAD_SALT_LEN);
+
+ if (session_keys->mki_id) {
+ octet_string_set_to_zero(session_keys->mki_id, session_keys->mki_size);
+ srtp_crypto_free(session_keys->mki_id);
+ session_keys->mki_id = NULL;
+ }
+
+ /* deallocate key usage limit, if it is not the same as that in template */
+ if (template_session_keys
+ && session_keys->limit == template_session_keys->limit) {
+ /* do nothing */
+ } else {
+ srtp_crypto_free(session_keys->limit);
+ }
- /*
- * deallocate rtcp cipher, if it is not the same as that in
- * template
- */
- if (session->stream_template
- && stream->rtcp_cipher == session->stream_template->rtcp_cipher) {
- /* do nothing */
- } else {
- status = cipher_dealloc(stream->rtcp_cipher);
- if (status)
- return status;
}
- /*
- * deallocate rtcp auth function, if it is not the same as that in
- * template
- */
- if (session->stream_template
- && stream->rtcp_auth == session->stream_template->rtcp_auth) {
- /* do nothing */
+ if (stream_template
+ && stream->session_keys == stream_template->session_keys) {
+ /* do nothing */
} else {
- status = auth_dealloc(stream->rtcp_auth);
- if (status)
- return status;
+ srtp_crypto_free(stream->session_keys);
}
- status = rdbx_dealloc(&stream->rtp_rdbx);
+ status = srtp_rdbx_dealloc(&stream->rtp_rdbx);
if (status)
return status;
/* DAM - need to deallocate EKT here */
- /*
- * zeroize the salt value
- */
- memset(stream->salt, 0, SRTP_AEAD_SALT_LEN);
- memset(stream->c_salt, 0, SRTP_AEAD_SALT_LEN);
+ if (stream_template
+ && stream->enc_xtn_hdr == stream_template->enc_xtn_hdr) {
+ /* do nothing */
+ } else if (stream->enc_xtn_hdr) {
+ srtp_crypto_free(stream->enc_xtn_hdr);
+ }
-
/* deallocate srtp stream context */
- crypto_free(stream);
+ srtp_crypto_free(stream);
- return err_status_ok;
+ return srtp_err_status_ok;
}
* the SSRC
*/
-err_status_t
+srtp_err_status_t
srtp_stream_clone(const srtp_stream_ctx_t *stream_template,
uint32_t ssrc,
srtp_stream_ctx_t **str_ptr) {
- err_status_t status;
+ srtp_err_status_t status;
srtp_stream_ctx_t *str;
+ unsigned int i = 0;
+ srtp_session_keys_t *session_keys = NULL;
+ const srtp_session_keys_t *template_session_keys = NULL;
- debug_print(mod_srtp, "cloning stream (SSRC: 0x%08x)", ssrc);
+ debug_print(mod_srtp, "cloning stream (SSRC: 0x%08x)", ntohl(ssrc));
/* allocate srtp stream and set str_ptr */
- str = (srtp_stream_ctx_t *) crypto_alloc(sizeof(srtp_stream_ctx_t));
+ str = (srtp_stream_ctx_t *) srtp_crypto_alloc(sizeof(srtp_stream_ctx_t));
if (str == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
*str_ptr = str;
- /* set cipher and auth pointers to those of the template */
- str->rtp_cipher = stream_template->rtp_cipher;
- str->rtp_auth = stream_template->rtp_auth;
- str->rtcp_cipher = stream_template->rtcp_cipher;
- str->rtcp_auth = stream_template->rtcp_auth;
+ str->num_master_keys = stream_template->num_master_keys;
+ str->session_keys = (srtp_session_keys_t *)srtp_crypto_alloc(
+ sizeof(srtp_session_keys_t) * str->num_master_keys);
- /* set key limit to point to that of the template */
- status = key_limit_clone(stream_template->limit, &str->limit);
- if (status) {
- crypto_free(*str_ptr);
+ if (str->session_keys == NULL) {
+ srtp_crypto_free(*str_ptr);
*str_ptr = NULL;
- return status;
+ return srtp_err_status_alloc_fail;
+ }
+
+ for (i = 0; i < stream_template->num_master_keys; i++){
+ session_keys = &str->session_keys[i];
+ template_session_keys = &stream_template->session_keys[i];
+
+ /* set cipher and auth pointers to those of the template */
+ session_keys->rtp_cipher = template_session_keys->rtp_cipher;
+ session_keys->rtp_auth = template_session_keys->rtp_auth;
+ session_keys->rtp_xtn_hdr_cipher = template_session_keys->rtp_xtn_hdr_cipher;
+ session_keys->rtcp_cipher = template_session_keys->rtcp_cipher;
+ session_keys->rtcp_auth = template_session_keys->rtcp_auth;
+ session_keys->mki_size = template_session_keys->mki_size;
+
+ if (template_session_keys->mki_size == 0) {
+ session_keys->mki_id = NULL;
+ } else {
+ session_keys->mki_id = srtp_crypto_alloc(template_session_keys->mki_size);
+
+ if (session_keys->mki_id == NULL) {
+ return srtp_err_status_init_fail;
+ }
+ memset(session_keys->mki_id, 0x0, session_keys->mki_size);
+ memcpy(session_keys->mki_id, template_session_keys->mki_id, session_keys->mki_size);
+ }
+ /* Copy the salt values */
+ memcpy(session_keys->salt, template_session_keys->salt, SRTP_AEAD_SALT_LEN);
+ memcpy(session_keys->c_salt, template_session_keys->c_salt, SRTP_AEAD_SALT_LEN);
+
+ /* set key limit to point to that of the template */
+ status = srtp_key_limit_clone(template_session_keys->limit, &session_keys->limit);
+ if (status) {
+ srtp_crypto_free(*str_ptr);
+ *str_ptr = NULL;
+ return status;
+ }
}
+
/* initialize replay databases */
- status = rdbx_init(&str->rtp_rdbx,
- rdbx_get_window_size(&stream_template->rtp_rdbx));
+ status = srtp_rdbx_init(&str->rtp_rdbx,
+ srtp_rdbx_get_window_size(&stream_template->rtp_rdbx));
if (status) {
- crypto_free(*str_ptr);
+ srtp_crypto_free(*str_ptr);
*str_ptr = NULL;
return status;
}
- rdb_init(&str->rtcp_rdb);
+ srtp_rdb_init(&str->rtcp_rdb);
str->allow_repeat_tx = stream_template->allow_repeat_tx;
-
+
/* set ssrc to that provided */
str->ssrc = ssrc;
+ /* reset pending ROC */
+ str->pending_roc = 0;
+
/* set direction and security services */
str->direction = stream_template->direction;
str->rtp_services = stream_template->rtp_services;
/* set pointer to EKT data associated with stream */
str->ekt = stream_template->ekt;
- /* Copy the salt values */
- memcpy(str->salt, stream_template->salt, SRTP_AEAD_SALT_LEN);
- memcpy(str->c_salt, stream_template->c_salt, SRTP_AEAD_SALT_LEN);
+ /* copy information about extensions header encryption */
+ str->enc_xtn_hdr = stream_template->enc_xtn_hdr;
+ str->enc_xtn_hdr_count = stream_template->enc_xtn_hdr_count;
/* defensive coding */
str->next = NULL;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
label_rtp_salt = 0x02,
label_rtcp_encryption = 0x03,
label_rtcp_msg_auth = 0x04,
- label_rtcp_salt = 0x05
+ label_rtcp_salt = 0x05,
+ label_rtp_header_encryption = 0x06,
+ label_rtp_header_salt = 0x07
} srtp_prf_label;
+#define MAX_SRTP_KEY_LEN 256
+
+#if defined(OPENSSL) && defined(OPENSSL_KDF)
+#define MAX_SRTP_AESKEY_LEN 32
+#define MAX_SRTP_SALT_LEN 14
/*
* srtp_kdf_t represents a key derivation function. The SRTP
* default KDF is the only one implemented at present.
*/
-
typedef struct {
- cipher_t *cipher; /* cipher used for key derivation */
+ uint8_t master_key[MAX_SRTP_AESKEY_LEN];
+ uint8_t master_salt[MAX_SRTP_SALT_LEN];
+ const EVP_CIPHER *evp;
} srtp_kdf_t;
-err_status_t
-srtp_kdf_init(srtp_kdf_t *kdf, cipher_type_id_t cipher_id, const uint8_t *key, int length) {
- err_status_t stat;
- stat = crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, length, 0);
- if (stat)
- return stat;
+static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t *key, int key_len, int salt_len)
+{
+ memset(kdf, 0x0, sizeof(srtp_kdf_t));
- stat = cipher_init(kdf->cipher, key);
- if (stat) {
- cipher_dealloc(kdf->cipher);
- return stat;
- }
+ /* The NULL cipher has zero key length */
+ if (key_len == 0) return srtp_err_status_ok;
+
+ if ((key_len > MAX_SRTP_AESKEY_LEN) || (salt_len > MAX_SRTP_SALT_LEN)) {
+ return srtp_err_status_bad_param;
+ }
+ switch (key_len) {
+ case SRTP_AES_256_KEYSIZE:
+ kdf->evp = EVP_aes_256_ctr();
+ break;
+ case SRTP_AES_192_KEYSIZE:
+ kdf->evp = EVP_aes_192_ctr();
+ break;
+ case SRTP_AES_128_KEYSIZE:
+ kdf->evp = EVP_aes_128_ctr();
+ break;
+ default:
+ return srtp_err_status_bad_param;
+ break;
+ }
+ memcpy(kdf->master_key, key, key_len);
+ memcpy(kdf->master_salt, key+key_len, salt_len);
+ return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label, uint8_t *key, unsigned int length)
+{
+ int ret;
+
+ /* The NULL cipher will not have an EVP */
+ if (!kdf->evp) return srtp_err_status_ok;
+ octet_string_set_to_zero(key, length);
+
+ /*
+ * Invoke the OpenSSL SRTP KDF function
+ * This is useful if OpenSSL is in FIPS mode and FIP
+ * compliance is required for SRTP.
+ */
+ ret = kdf_srtp(kdf->evp, (char *)&kdf->master_key, (char *)&kdf->master_salt, NULL, NULL, label, (char *)key);
+ if (ret == -1) {
+ return (srtp_err_status_algo_fail);
+ }
+
+ return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) {
+ octet_string_set_to_zero(kdf->master_key, MAX_SRTP_AESKEY_LEN);
+ octet_string_set_to_zero(kdf->master_salt, MAX_SRTP_SALT_LEN);
+ kdf->evp = NULL;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label,
- uint8_t *key, unsigned int length) {
+#else /* if OPENSSL_KDF */
- v128_t nonce;
- err_status_t status;
+/*
+ * srtp_kdf_t represents a key derivation function. The SRTP
+ * default KDF is the only one implemented at present.
+ */
+typedef struct {
+ srtp_cipher_t *cipher; /* cipher used for key derivation */
+} srtp_kdf_t;
+
+static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t *key, int key_len)
+{
+ srtp_cipher_type_id_t cipher_id;
+ switch (key_len) {
+ case SRTP_AES_ICM_256_KEY_LEN_WSALT:
+ cipher_id = SRTP_AES_ICM_256;
+ break;
+ case SRTP_AES_ICM_192_KEY_LEN_WSALT:
+ cipher_id = SRTP_AES_ICM_192;
+ break;
+ case SRTP_AES_ICM_128_KEY_LEN_WSALT:
+ cipher_id = SRTP_AES_ICM_128;
+ break;
+ default:
+ return srtp_err_status_bad_param;
+ break;
+ }
+
+ srtp_err_status_t stat;
+ stat = srtp_crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, key_len, 0);
+ if (stat) return stat;
+
+ stat = srtp_cipher_init(kdf->cipher, key);
+ if (stat) {
+ srtp_cipher_dealloc(kdf->cipher);
+ return stat;
+ }
+ return srtp_err_status_ok;
+}
+
+static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label, uint8_t *key, unsigned int length)
+{
+ srtp_err_status_t status;
+ v128_t nonce;
- /* set eigth octet of nonce to <label>, set the rest of it to zero */
- v128_set_to_zero(&nonce);
- nonce.v8[7] = label;
+ /* set eigth octet of nonce to <label>, set the rest of it to zero */
+ v128_set_to_zero(&nonce);
+ nonce.v8[7] = label;
- status = cipher_set_iv(kdf->cipher, &nonce, direction_encrypt);
- if (status)
- return status;
+ status = srtp_cipher_set_iv(kdf->cipher, (uint8_t*)&nonce, srtp_direction_encrypt);
+ if (status) return status;
- /* generate keystream output */
- octet_string_set_to_zero(key, length);
- status = cipher_encrypt(kdf->cipher, key, &length);
- if (status)
- return status;
+ /* generate keystream output */
+ octet_string_set_to_zero(key, length);
+ status = srtp_cipher_encrypt(kdf->cipher, key, &length);
+ if (status) return status;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-srtp_kdf_clear(srtp_kdf_t *kdf) {
- err_status_t status;
- status = cipher_dealloc(kdf->cipher);
- if (status)
- return status;
- kdf->cipher = NULL;
-
- return err_status_ok;
+static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) {
+ srtp_err_status_t status;
+ status = srtp_cipher_dealloc(kdf->cipher);
+ if (status) return status;
+ kdf->cipher = NULL;
+ return srtp_err_status_ok;
}
+#endif /* else OPENSSL_KDF */
/*
* end of key derivation functions
*/
-#define MAX_SRTP_KEY_LEN 256
/* Get the base key length corresponding to a given combined key+salt
* length for the given cipher.
- * Assumption is that for AES-ICM a key length < 30 is Ismacryp using
- * AES-128 and short salts; everything else uses a salt length of 14.
* TODO: key and salt lengths should be separate fields in the policy. */
-static inline int base_key_length(const cipher_type_t *cipher, int key_length)
+static inline int base_key_length(const srtp_cipher_type_t *cipher, int key_length)
{
switch (cipher->id) {
- case AES_128_ICM:
- case AES_192_ICM:
- case AES_256_ICM:
+ case SRTP_AES_ICM_128:
+ case SRTP_AES_ICM_192:
+ case SRTP_AES_ICM_256:
/* The legacy modes are derived from
* the configured key length on the policy */
- return key_length - 14;
+ return key_length - SRTP_SALT_LEN;
break;
- case AES_128_GCM:
- return 16;
+ case SRTP_AES_GCM_128:
+ return key_length - SRTP_AEAD_SALT_LEN;
break;
- case AES_256_GCM:
- return 32;
+ case SRTP_AES_GCM_256:
+ return key_length - SRTP_AEAD_SALT_LEN;
break;
default:
return key_length;
}
}
-err_status_t
-srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) {
- err_status_t stat;
+unsigned int
+srtp_validate_policy_master_keys(const srtp_policy_t *policy)
+{
+ int i = 0;
+
+ if (policy->key == NULL) {
+ if (policy->num_master_keys <= 0)
+ return 0;
+
+ if (policy->num_master_keys > SRTP_MAX_NUM_MASTER_KEYS)
+ return 0;
+
+ for (i = 0; i < policy->num_master_keys; i++) {
+ if (policy->keys[i]->key == NULL)
+ return 0;
+ if (policy->keys[i]->mki_size > SRTP_MAX_MKI_LEN)
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+srtp_session_keys_t*
+srtp_get_session_keys_with_mki_index(srtp_stream_ctx_t *stream,
+ unsigned int use_mki,
+ unsigned int mki_index) {
+ if (use_mki) {
+ if (mki_index < stream->num_master_keys) {
+ return &stream->session_keys[mki_index];
+ }
+ }
+
+ return &stream->session_keys[0];
+}
+
+unsigned int
+srtp_inject_mki(uint8_t *mki_tag_location, srtp_session_keys_t* session_keys,
+ unsigned int use_mki)
+{
+ unsigned int mki_size = 0;
+
+ if (use_mki) {
+ mki_size = session_keys->mki_size;
+
+ if (mki_size != 0) {
+ // Write MKI into memory
+ memcpy(mki_tag_location, session_keys->mki_id, mki_size);
+ }
+ }
+
+ return mki_size;
+}
+
+srtp_err_status_t
+srtp_stream_init_all_master_keys(srtp_stream_ctx_t *srtp,
+ unsigned char *key,
+ srtp_master_key_t **keys,
+ const unsigned int max_master_keys) {
+ int i = 0;
+ srtp_err_status_t status = srtp_err_status_ok;
+ srtp_master_key_t single_master_key;
+
+ if ( key != NULL ) {
+ srtp->num_master_keys = 1;
+ single_master_key.key = key;
+ single_master_key.mki_id = NULL;
+ single_master_key.mki_size = 0;
+ status = srtp_stream_init_keys(srtp, &single_master_key, 0);
+ } else {
+ srtp->num_master_keys = max_master_keys;
+
+ for (i = 0; i < srtp->num_master_keys && i < SRTP_MAX_NUM_MASTER_KEYS; i++) {
+ status = srtp_stream_init_keys(srtp, keys[i], i);
+
+ if (status) {
+ return status;
+ }
+ }
+ }
+
+ return status;
+}
+
+srtp_err_status_t
+srtp_stream_init_keys(srtp_stream_ctx_t *srtp, srtp_master_key_t *master_key,
+ const unsigned int current_mki_index) {
+ srtp_err_status_t stat;
srtp_kdf_t kdf;
uint8_t tmp_key[MAX_SRTP_KEY_LEN];
int kdf_keylen = 30, rtp_keylen, rtcp_keylen;
int rtp_base_key_len, rtp_salt_len;
int rtcp_base_key_len, rtcp_salt_len;
+ srtp_session_keys_t *session_keys = NULL;
+ unsigned char *key = master_key->key;
/* If RTP or RTCP have a key length > AES-128, assume matching kdf. */
/* TODO: kdf algorithm, master key length, and master salt length should
* be part of srtp_policy_t. */
- rtp_keylen = cipher_get_key_length(srtp->rtp_cipher);
- rtcp_keylen = cipher_get_key_length(srtp->rtcp_cipher);
- rtp_base_key_len = base_key_length(srtp->rtp_cipher->type, rtp_keylen);
+ session_keys = &srtp->session_keys[current_mki_index];
+
+ /* initialize key limit to maximum value */
+#ifdef NO_64BIT_MATH
+{
+ uint64_t temp;
+ temp = make64(UINT_MAX,UINT_MAX);
+ srtp_key_limit_set(session_keys->limit, temp);
+}
+#else
+ srtp_key_limit_set(session_keys->limit, 0xffffffffffffLL);
+#endif
+
+
+ if ( master_key->mki_size != 0 ) {
+ session_keys->mki_id = srtp_crypto_alloc(master_key->mki_size);
+
+ if (session_keys->mki_id == NULL) {
+ return srtp_err_status_init_fail;
+ }
+ memset(session_keys->mki_id, 0x0, master_key->mki_size);
+ memcpy(session_keys->mki_id, master_key->mki_id, master_key->mki_size);
+ } else {
+ session_keys->mki_id = NULL;
+ }
+
+ session_keys->mki_size = master_key->mki_size;
+
+ rtp_keylen = srtp_cipher_get_key_length(session_keys->rtp_cipher);
+ rtcp_keylen = srtp_cipher_get_key_length(session_keys->rtcp_cipher);
+ rtp_base_key_len = base_key_length(session_keys->rtp_cipher->type, rtp_keylen);
rtp_salt_len = rtp_keylen - rtp_base_key_len;
if (rtp_keylen > kdf_keylen) {
memcpy(tmp_key, key, (rtp_base_key_len + rtp_salt_len));
/* initialize KDF state */
- stat = srtp_kdf_init(&kdf, AES_ICM, (const uint8_t *)tmp_key, kdf_keylen);
+#if defined(OPENSSL) && defined(OPENSSL_KDF)
+ stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, rtp_base_key_len, rtp_salt_len);
+#else
+ stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, kdf_keylen);
+#endif
if (stat) {
- return err_status_init_fail;
+ /* zeroize temp buffer */
+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+ return srtp_err_status_init_fail;
}
/* generate encryption key */
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
debug_print(mod_srtp, "cipher key: %s",
- octet_string_hex_string(tmp_key, rtp_base_key_len));
+ srtp_octet_string_hex_string(tmp_key, rtp_base_key_len));
/*
* if the cipher in the srtp context uses a salt, then we need
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
- memcpy(srtp->salt, tmp_key + rtp_base_key_len, SRTP_AEAD_SALT_LEN);
+ memcpy(session_keys->salt, tmp_key + rtp_base_key_len, SRTP_AEAD_SALT_LEN);
}
if (rtp_salt_len > 0) {
debug_print(mod_srtp, "cipher salt: %s",
- octet_string_hex_string(tmp_key + rtp_base_key_len, rtp_salt_len));
+ srtp_octet_string_hex_string(tmp_key + rtp_base_key_len, rtp_salt_len));
}
/* initialize cipher */
- stat = cipher_init(srtp->rtp_cipher, tmp_key);
+ stat = srtp_cipher_init(session_keys->rtp_cipher, tmp_key);
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
+ }
+
+ if (session_keys->rtp_xtn_hdr_cipher) {
+ /* generate extensions header encryption key */
+ int rtp_xtn_hdr_keylen;
+ int rtp_xtn_hdr_base_key_len;
+ int rtp_xtn_hdr_salt_len;
+ srtp_kdf_t tmp_kdf;
+ srtp_kdf_t *xtn_hdr_kdf;
+
+ if (session_keys->rtp_xtn_hdr_cipher->type != session_keys->rtp_cipher->type) {
+ /* With GCM ciphers, the header extensions are still encrypted using the corresponding ICM cipher. */
+ /* See https://tools.ietf.org/html/rfc7714#section-8.3 */
+ uint8_t tmp_xtn_hdr_key[MAX_SRTP_KEY_LEN];
+ rtp_xtn_hdr_keylen = srtp_cipher_get_key_length(session_keys->rtp_xtn_hdr_cipher);
+ rtp_xtn_hdr_base_key_len = base_key_length(session_keys->rtp_xtn_hdr_cipher->type,
+ rtp_xtn_hdr_keylen);
+ rtp_xtn_hdr_salt_len = rtp_xtn_hdr_keylen - rtp_xtn_hdr_base_key_len;
+ if (rtp_xtn_hdr_salt_len > rtp_salt_len) {
+ switch (session_keys->rtp_cipher->type->id) {
+ case SRTP_AES_GCM_128:
+ case SRTP_AES_GCM_256:
+ /* The shorter GCM salt is padded to the required ICM salt length. */
+ rtp_xtn_hdr_salt_len = rtp_salt_len;
+ break;
+ default:
+ /* zeroize temp buffer */
+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+ return srtp_err_status_bad_param;
+ }
+ }
+ memset(tmp_xtn_hdr_key, 0x0, MAX_SRTP_KEY_LEN);
+ memcpy(tmp_xtn_hdr_key, key, (rtp_xtn_hdr_base_key_len + rtp_xtn_hdr_salt_len));
+ xtn_hdr_kdf = &tmp_kdf;
+
+ /* initialize KDF state */
+#if defined(OPENSSL) && defined(OPENSSL_KDF)
+ stat = srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key, rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len);
+#else
+ stat = srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key, kdf_keylen);
+#endif
+ octet_string_set_to_zero(tmp_xtn_hdr_key, MAX_SRTP_KEY_LEN);
+ if (stat) {
+ /* zeroize temp buffer */
+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+ return srtp_err_status_init_fail;
+ }
+ } else {
+ /* Reuse main KDF. */
+ rtp_xtn_hdr_keylen = rtp_keylen;
+ rtp_xtn_hdr_base_key_len = rtp_base_key_len;
+ rtp_xtn_hdr_salt_len = rtp_salt_len;
+ xtn_hdr_kdf = &kdf;
+ }
+
+ stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_encryption,
+ tmp_key, rtp_xtn_hdr_base_key_len);
+ if (stat) {
+ /* zeroize temp buffer */
+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+ return srtp_err_status_init_fail;
+ }
+ debug_print(mod_srtp, "extensions cipher key: %s",
+ srtp_octet_string_hex_string(tmp_key, rtp_xtn_hdr_base_key_len));
+
+ /*
+ * if the cipher in the srtp context uses a salt, then we need
+ * to generate the salt value
+ */
+ if (rtp_xtn_hdr_salt_len > 0) {
+ debug_print(mod_srtp, "found rtp_xtn_hdr_salt_len > 0, generating salt", NULL);
+
+ /* generate encryption salt, put after encryption key */
+ stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_salt,
+ tmp_key + rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len);
+ if (stat) {
+ /* zeroize temp buffer */
+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+ return srtp_err_status_init_fail;
+ }
+ }
+ if (rtp_xtn_hdr_salt_len > 0) {
+ debug_print(mod_srtp, "extensions cipher salt: %s",
+ srtp_octet_string_hex_string(tmp_key + rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len));
+ }
+
+ /* initialize extensions header cipher */
+ stat = srtp_cipher_init(session_keys->rtp_xtn_hdr_cipher, tmp_key);
+ if (stat) {
+ /* zeroize temp buffer */
+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+ return srtp_err_status_init_fail;
+ }
+
+ if (xtn_hdr_kdf != &kdf) {
+ /* release memory for custom header extension encryption kdf */
+ stat = srtp_kdf_clear(xtn_hdr_kdf);
+ if (stat) {
+ /* zeroize temp buffer */
+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+ return srtp_err_status_init_fail;
+ }
+ }
}
/* generate authentication key */
stat = srtp_kdf_generate(&kdf, label_rtp_msg_auth,
- tmp_key, auth_get_key_length(srtp->rtp_auth));
+ tmp_key, srtp_auth_get_key_length(session_keys->rtp_auth));
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
debug_print(mod_srtp, "auth key: %s",
- octet_string_hex_string(tmp_key,
- auth_get_key_length(srtp->rtp_auth)));
+ srtp_octet_string_hex_string(tmp_key,
+ srtp_auth_get_key_length(session_keys->rtp_auth)));
/* initialize auth function */
- stat = auth_init(srtp->rtp_auth, tmp_key);
+ stat = srtp_auth_init(session_keys->rtp_auth, tmp_key);
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/*
* ...now initialize SRTCP keys
*/
- rtcp_base_key_len = base_key_length(srtp->rtcp_cipher->type, rtcp_keylen);
+ rtcp_base_key_len = base_key_length(session_keys->rtcp_cipher->type, rtcp_keylen);
rtcp_salt_len = rtcp_keylen - rtcp_base_key_len;
debug_print(mod_srtp, "rtcp salt len: %d", rtcp_salt_len);
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/*
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
- memcpy(srtp->c_salt, tmp_key + rtcp_base_key_len, SRTP_AEAD_SALT_LEN);
+ memcpy(session_keys->c_salt, tmp_key + rtcp_base_key_len, SRTP_AEAD_SALT_LEN);
}
debug_print(mod_srtp, "rtcp cipher key: %s",
- octet_string_hex_string(tmp_key, rtcp_base_key_len));
+ srtp_octet_string_hex_string(tmp_key, rtcp_base_key_len));
if (rtcp_salt_len > 0) {
debug_print(mod_srtp, "rtcp cipher salt: %s",
- octet_string_hex_string(tmp_key + rtcp_base_key_len, rtcp_salt_len));
+ srtp_octet_string_hex_string(tmp_key + rtcp_base_key_len, rtcp_salt_len));
}
/* initialize cipher */
- stat = cipher_init(srtp->rtcp_cipher, tmp_key);
+ stat = srtp_cipher_init(session_keys->rtcp_cipher, tmp_key);
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/* generate authentication key */
stat = srtp_kdf_generate(&kdf, label_rtcp_msg_auth,
- tmp_key, auth_get_key_length(srtp->rtcp_auth));
+ tmp_key, srtp_auth_get_key_length(session_keys->rtcp_auth));
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
debug_print(mod_srtp, "rtcp auth key: %s",
- octet_string_hex_string(tmp_key,
- auth_get_key_length(srtp->rtcp_auth)));
+ srtp_octet_string_hex_string(tmp_key,
+ srtp_auth_get_key_length(session_keys->rtcp_auth)));
/* initialize auth function */
- stat = auth_init(srtp->rtcp_auth, tmp_key);
+ stat = srtp_auth_init(session_keys->rtcp_auth, tmp_key);
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/* clear memory then return */
stat = srtp_kdf_clear(&kdf);
- octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
+ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
if (stat)
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_stream_init(srtp_stream_ctx_t *srtp,
const srtp_policy_t *p) {
- err_status_t err;
+ srtp_err_status_t err;
debug_print(mod_srtp, "initializing stream (SSRC: 0x%08x)",
p->ssrc.value);
* calculated. Let a window size of 0 imply the default value. */
if (p->window_size != 0 && (p->window_size < 64 || p->window_size >= 0x8000))
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
if (p->window_size != 0)
- err = rdbx_init(&srtp->rtp_rdbx, p->window_size);
+ err = srtp_rdbx_init(&srtp->rtp_rdbx, p->window_size);
else
- err = rdbx_init(&srtp->rtp_rdbx, 128);
+ err = srtp_rdbx_init(&srtp->rtp_rdbx, 128);
if (err) return err;
- /* initialize key limit to maximum value */
-#ifdef NO_64BIT_MATH
-{
- uint64_t temp;
- temp = make64(UINT_MAX,UINT_MAX);
- key_limit_set(srtp->limit, temp);
-}
-#else
- key_limit_set(srtp->limit, 0xffffffffffffLL);
-#endif
-
/* set the SSRC value */
srtp->ssrc = htonl(p->ssrc.value);
+ /* reset pending ROC */
+ srtp->pending_roc = 0;
+
/* set the security service flags */
srtp->rtp_services = p->rtp.sec_serv;
srtp->rtcp_services = p->rtcp.sec_serv;
srtp->direction = dir_unknown;
/* initialize SRTCP replay database */
- rdb_init(&srtp->rtcp_rdb);
+ srtp_rdb_init(&srtp->rtcp_rdb);
/* initialize allow_repeat_tx */
/* guard against uninitialized memory: allow only 0 or 1 here */
if (p->allow_repeat_tx != 0 && p->allow_repeat_tx != 1) {
- rdbx_dealloc(&srtp->rtp_rdbx);
- return err_status_bad_param;
+ srtp_rdbx_dealloc(&srtp->rtp_rdbx);
+ return srtp_err_status_bad_param;
}
srtp->allow_repeat_tx = p->allow_repeat_tx;
/* DAM - no RTCP key limit at present */
/* initialize keys */
- err = srtp_stream_init_keys(srtp, p->key);
+ err = srtp_stream_init_all_master_keys(srtp, p->key, p->keys, p->num_master_keys);
if (err) {
- rdbx_dealloc(&srtp->rtp_rdbx);
+ srtp_rdbx_dealloc(&srtp->rtp_rdbx);
return err;
}
* if EKT is in use, then initialize the EKT data associated with
* the stream
*/
- err = ekt_stream_init_from_policy(srtp->ekt, p->ekt);
+ err = srtp_ekt_stream_init_from_policy(srtp->ekt, p->ekt);
if (err) {
- rdbx_dealloc(&srtp->rtp_rdbx);
+ srtp_rdbx_dealloc(&srtp->rtp_rdbx);
return err;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
void
srtp_event_reporter(srtp_event_data_t *data) {
- err_report(err_level_warning, "srtp: in stream 0x%x: ",
- data->stream->ssrc);
+ srtp_err_report(srtp_err_level_warning, "srtp: in stream 0x%x: ",
+ data->ssrc);
switch(data->event) {
case event_ssrc_collision:
- err_report(err_level_warning, "\tSSRC collision\n");
+ srtp_err_report(srtp_err_level_warning, "\tSSRC collision\n");
break;
case event_key_soft_limit:
- err_report(err_level_warning, "\tkey usage soft limit reached\n");
+ srtp_err_report(srtp_err_level_warning, "\tkey usage soft limit reached\n");
break;
case event_key_hard_limit:
- err_report(err_level_warning, "\tkey usage hard limit reached\n");
+ srtp_err_report(srtp_err_level_warning, "\tkey usage hard limit reached\n");
break;
case event_packet_index_limit:
- err_report(err_level_warning, "\tpacket index limit reached\n");
+ srtp_err_report(srtp_err_level_warning, "\tpacket index limit reached\n");
break;
default:
- err_report(err_level_warning, "\tunknown event reported to handler\n");
+ srtp_err_report(srtp_err_level_warning, "\tunknown event reported to handler\n");
}
}
static srtp_event_handler_func_t *srtp_event_handler = srtp_event_reporter;
- err_status_t
+ srtp_err_status_t
srtp_install_event_handler(srtp_event_handler_func_t func) {
/*
* been previously installed
*/
- /* set global event handling function */
- srtp_event_handler = func;
- return err_status_ok;
- }
+ /* set global event handling function */
+ srtp_event_handler = func;
+ return srtp_err_status_ok;
+ }
+
+
+/*
+ * Check if the given extension header id is / should be encrypted.
+ * Returns 1 if yes, otherwise 0.
+ */
+static int
+srtp_protect_extension_header(srtp_stream_ctx_t *stream, int id) {
+ int* enc_xtn_hdr = stream->enc_xtn_hdr;
+ int count = stream->enc_xtn_hdr_count;
+
+ if (!enc_xtn_hdr || count <= 0) {
+ return 0;
+ }
+
+ while (count > 0) {
+ if (*enc_xtn_hdr == id) {
+ return 1;
+ }
+
+ enc_xtn_hdr++;
+ count--;
+ }
+ return 0;
+}
+
+
+/*
+ * extensions header encryption RFC 6904
+ */
+static srtp_err_status_t
+srtp_process_header_encryption(srtp_stream_ctx_t *stream,
+ srtp_hdr_xtnd_t *xtn_hdr,
+ srtp_session_keys_t *session_keys) {
+ srtp_err_status_t status;
+ uint8_t keystream[257]; /* Maximum 2 bytes header + 255 bytes data. */
+ int keystream_pos;
+ uint8_t* xtn_hdr_data = ((uint8_t *)xtn_hdr) + octets_in_rtp_extn_hdr;
+ uint8_t* xtn_hdr_end = xtn_hdr_data + (ntohs(xtn_hdr->length) * sizeof(uint32_t));
+
+ if (ntohs(xtn_hdr->profile_specific) == 0xbede) {
+ /* RFC 5285, section 4.2. One-Byte Header */
+ while (xtn_hdr_data < xtn_hdr_end) {
+ uint8_t xid = (*xtn_hdr_data & 0xf0) >> 4;
+ unsigned int xlen = (*xtn_hdr_data & 0x0f) + 1;
+ uint32_t xlen_with_header = 1+xlen;
+ xtn_hdr_data++;
+
+ if (xtn_hdr_data + xlen > xtn_hdr_end)
+ return srtp_err_status_parse_err;
+
+ if (xid == 15) {
+ /* found header 15, stop further processing. */
+ break;
+ }
+
+ status = srtp_cipher_output(session_keys->rtp_xtn_hdr_cipher,
+ keystream, &xlen_with_header);
+ if (status)
+ return srtp_err_status_cipher_fail;
+
+ if (srtp_protect_extension_header(stream, xid)) {
+ keystream_pos = 1;
+ while (xlen > 0) {
+ *xtn_hdr_data ^= keystream[keystream_pos++];
+ xtn_hdr_data++;
+ xlen--;
+ }
+ } else {
+ xtn_hdr_data += xlen;
+ }
+
+ /* skip padding bytes. */
+ while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) {
+ xtn_hdr_data++;
+ }
+ }
+ } else if ((ntohs(xtn_hdr->profile_specific) & 0x1fff) == 0x100) {
+ /* RFC 5285, section 4.3. Two-Byte Header */
+ while (xtn_hdr_data + 1 < xtn_hdr_end) {
+ uint8_t xid = *xtn_hdr_data;
+ unsigned int xlen = *(xtn_hdr_data+1);
+ uint32_t xlen_with_header = 2+xlen;
+ xtn_hdr_data += 2;
+
+ if (xtn_hdr_data + xlen > xtn_hdr_end)
+ return srtp_err_status_parse_err;
+
+ status = srtp_cipher_output(session_keys->rtp_xtn_hdr_cipher,
+ keystream, &xlen_with_header);
+ if (status)
+ return srtp_err_status_cipher_fail;
+
+ if (xlen > 0 && srtp_protect_extension_header(stream, xid)) {
+ keystream_pos = 2;
+ while (xlen > 0) {
+ *xtn_hdr_data ^= keystream[keystream_pos++];
+ xtn_hdr_data++;
+ xlen--;
+ }
+ } else {
+ xtn_hdr_data += xlen;
+ }
+
+ /* skip padding bytes. */
+ while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) {
+ xtn_hdr_data++;
+ }
+ }
+ } else {
+ /* unsupported extension header format. */
+ return srtp_err_status_parse_err;
+ }
+
+ return srtp_err_status_ok;
+}
+
/*
* AEAD uses a new IV formation method. This function implements
- * section 9.1 from draft-ietf-avtcore-srtp-aes-gcm-07.txt. The
- * calculation is defined as, where (+) is the xor operation:
+ * section 8.1. (SRTP IV Formation for AES-GCM) of RFC7714.
+ * The calculation is defined as, where (+) is the xor operation:
*
*
* 0 0 0 0 0 0 0 0 0 0 1 1
* | Initialization Vector |<--+
* +--+--+--+--+--+--+--+--+--+--+--+--+*
*
- * Input: *stream - pointer to SRTP stream context, used to retrieve
- * the SALT
+ * Input: *session_keys - pointer to SRTP stream context session keys,
+ * used to retrieve the SALT
* *iv - Pointer to receive the calculated IV
* *seq - The ROC and SEQ value to use for the
* IV calculation.
* *hdr - The RTP header, used to get the SSRC value
*
*/
-static void srtp_calc_aead_iv(srtp_stream_ctx_t *stream, v128_t *iv,
- xtd_seq_num_t *seq, srtp_hdr_t *hdr)
+
+static void srtp_calc_aead_iv(srtp_session_keys_t *session_keys, v128_t *iv,
+ srtp_xtd_seq_num_t *seq, srtp_hdr_t *hdr)
{
v128_t in;
v128_t salt;
/*
* Get the SALT value from the context
*/
- memcpy(salt.v8, stream->salt, SRTP_AEAD_SALT_LEN);
+ memcpy(salt.v8, session_keys->salt, SRTP_AEAD_SALT_LEN);
debug_print(mod_srtp, "RTP SALT = %s\n", v128_hex_string(&salt));
/*
}
+srtp_session_keys_t*
+srtp_get_session_keys(srtp_stream_ctx_t *stream, uint8_t* hdr,
+ const unsigned int* pkt_octet_len,
+ unsigned int* mki_size) {
+ unsigned int base_mki_start_location = *pkt_octet_len;
+ unsigned int mki_start_location = 0;
+ unsigned int tag_len = 0;
+ unsigned int i = 0;
+
+ // Determine the authentication tag size
+ if (stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_128 ||
+ stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_256) {
+ tag_len = 0;
+ } else {
+ tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth);
+ }
+
+ if (tag_len > base_mki_start_location) {
+ *mki_size = 0;
+ return NULL;
+ }
+
+ base_mki_start_location -= tag_len;
+
+ for (i = 0; i < stream->num_master_keys; i++) {
+ if (stream->session_keys[i].mki_size != 0) {
+ *mki_size = stream->session_keys[i].mki_size;
+ mki_start_location = base_mki_start_location - *mki_size;
+
+ if ( mki_start_location >= *mki_size &&
+ memcmp(hdr + mki_start_location, stream->session_keys[i].mki_id, *mki_size) == 0 ) {
+ return &stream->session_keys[i];
+ }
+ }
+ }
+
+ *mki_size = 0;
+ return NULL;
+}
+
+static srtp_err_status_t
+srtp_estimate_index(srtp_rdbx_t *rdbx,
+ uint32_t roc,
+ srtp_xtd_seq_num_t *est,
+ srtp_sequence_number_t seq,
+ int *delta)
+{
+#ifdef NO_64BIT_MATH
+ uint32_t internal_pkt_idx_reduced;
+ uint32_t external_pkt_idx_reduced;
+ uint32_t internal_roc;
+ uint32_t roc_difference;
+#endif
+
+#ifdef NO_64BIT_MATH
+ *est = (srtp_xtd_seq_num_t)make64(roc >> 16, (roc << 16) | seq);
+ *delta = low32(est) - rdbx->index;
+#else
+ *est = (srtp_xtd_seq_num_t)(((uint64_t)roc) << 16) | seq;
+ *delta = (int)(*est - rdbx->index);
+#endif
+
+ if (*est > rdbx->index) {
+#ifdef NO_64BIT_MATH
+ internal_roc = (uint32_t)(rdbx->index >> 16);
+ roc_difference = roc - internal_roc;
+ if (roc_difference > 1) {
+ *delta = 0;
+ return srtp_err_status_pkt_idx_adv;
+ }
+
+ internal_pkt_idx_reduced = (uint32_t)(rdbx->index & 0xFFFF);
+ external_pkt_idx_reduced = (uint32_t)((roc_difference << 16) | seq);
+
+ if (external_pkt_idx_reduced - internal_pkt_idx_reduced >
+ seq_num_median) {
+ *delta = 0;
+ return srtp_err_status_pkt_idx_adv;
+ }
+#else
+ if (*est - rdbx->index > seq_num_median) {
+ *delta = 0;
+ return srtp_err_status_pkt_idx_adv;
+ }
+#endif
+ } else if (*est < rdbx->index) {
+#ifdef NO_64BIT_MATH
+
+ internal_roc = (uint32_t)(rdbx->index >> 16);
+ roc_difference = internal_roc - roc;
+ if (roc_difference > 1) {
+ *delta = 0;
+ return srtp_err_status_pkt_idx_adv;
+ }
+
+ internal_pkt_idx_reduced =
+ (uint32_t)((roc_difference << 16) | rdbx->index & 0xFFFF);
+ external_pkt_idx_reduced = (uint32_t)(seq);
+
+ if (internal_pkt_idx_reduced - external_pkt_idx_reduced >
+ seq_num_median) {
+ *delta = 0;
+ return srtp_err_status_pkt_idx_old;
+ }
+#else
+ if (rdbx->index - *est > seq_num_median) {
+ *delta = 0;
+ return srtp_err_status_pkt_idx_old;
+ }
+#endif
+ }
+
+ return srtp_err_status_ok;
+}
+
+static srtp_err_status_t
+srtp_get_est_pkt_index(srtp_hdr_t *hdr,
+ srtp_stream_ctx_t *stream,
+ srtp_xtd_seq_num_t *est,
+ int *delta)
+{
+ srtp_err_status_t result = srtp_err_status_ok;
+
+ if (stream->pending_roc) {
+ result = srtp_estimate_index(&stream->rtp_rdbx,
+ stream->pending_roc,
+ est,
+ ntohs(hdr->seq),
+ delta);
+ } else {
+ /* estimate packet index from seq. num. in header */
+ *delta = srtp_rdbx_estimate_index(&stream->rtp_rdbx,
+ est,
+ ntohs(hdr->seq));
+ }
+
+#ifdef NO_64BIT_MATH
+ debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(*est), low32(*est));
+#else
+ debug_print(mod_srtp, "estimated u_packet index: %016llx", *est);
+#endif
+ return result;
+}
+
/*
* This function handles outgoing SRTP packets while in AEAD mode,
* which currently supports AES-GCM encryption. All packets are
* encrypted and authenticated.
*/
-static err_status_t
-srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream,
- void *rtp_hdr, unsigned int *pkt_octet_len)
+static srtp_err_status_t
+srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream,
+ void *rtp_hdr, unsigned int *pkt_octet_len,
+ srtp_session_keys_t *session_keys, unsigned int use_mki)
{
srtp_hdr_t *hdr = (srtp_hdr_t*)rtp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
- unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
- xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */
+ int enc_octet_len = 0; /* number of octets in encrypted portion */
+ srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */
int delta; /* delta of local pkt idx and that in hdr */
- err_status_t status;
- int tag_len;
+ srtp_err_status_t status;
+ uint32_t tag_len;
v128_t iv;
unsigned int aad_len;
+ srtp_hdr_xtnd_t *xtn_hdr = NULL;
+ unsigned int mki_size = 0;
+ uint8_t *mki_location = NULL;
debug_print(mod_srtp, "function srtp_protect_aead", NULL);
* didn't just hit either the soft limit or the hard limit, and call
* the event handler if we hit either.
*/
- switch (key_limit_update(stream->limit)) {
- case key_event_normal:
+ switch (srtp_key_limit_update(session_keys->limit)) {
+ case srtp_key_event_normal:
break;
- case key_event_hard_limit:
+ case srtp_key_event_hard_limit:
srtp_handle_event(ctx, stream, event_key_hard_limit);
- return err_status_key_expired;
- case key_event_soft_limit:
+ return srtp_err_status_key_expired;
+ case srtp_key_event_soft_limit:
default:
srtp_handle_event(ctx, stream, event_key_soft_limit);
break;
}
/* get tag length from stream */
- tag_len = auth_get_tag_length(stream->rtp_auth);
+ tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth);
/*
* find starting point for encryption and length of data to be
*/
enc_start = (uint32_t*)hdr + uint32s_in_rtp_header + hdr->cc;
if (hdr->x == 1) {
- srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t*)enc_start;
+ xtn_hdr = (srtp_hdr_xtnd_t*)enc_start;
enc_start += (ntohs(xtn_hdr->length) + 1);
}
- if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
- return err_status_parse_err;
- enc_octet_len = (unsigned int)(*pkt_octet_len -
+ /* note: the passed size is without the auth tag */
+ if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len))
+ return srtp_err_status_parse_err;
+ enc_octet_len = (int)(*pkt_octet_len -
((uint8_t*)enc_start - (uint8_t*)hdr));
+ if (enc_octet_len < 0) return srtp_err_status_parse_err;
/*
* estimate the packet index using the start of the replay window
* and the sequence number from the header
*/
- delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq));
- status = rdbx_check(&stream->rtp_rdbx, delta);
+ delta = srtp_rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq));
+ status = srtp_rdbx_check(&stream->rtp_rdbx, delta);
if (status) {
- if (status != err_status_replay_fail || !stream->allow_repeat_tx) {
+ if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx) {
return status; /* we've been asked to reuse an index */
}
} else {
- rdbx_add_index(&stream->rtp_rdbx, delta);
+ srtp_rdbx_add_index(&stream->rtp_rdbx, delta);
}
#ifdef NO_64BIT_MATH
/*
* AEAD uses a new IV formation method
*/
- srtp_calc_aead_iv(stream, &iv, &est, hdr);
- status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt);
- if (status) {
- return err_status_cipher_fail;
- }
-
+ srtp_calc_aead_iv(session_keys, &iv, &est, hdr);
/* shift est, put into network byte order */
#ifdef NO_64BIT_MATH
est = be64_to_cpu(make64((high32(est) << 16) |
est = be64_to_cpu(est << 16);
#endif
+ status = srtp_cipher_set_iv(session_keys->rtp_cipher,
+ (uint8_t*)&iv, srtp_direction_encrypt);
+ if (!status && session_keys->rtp_xtn_hdr_cipher) {
+ iv.v32[0] = 0;
+ iv.v32[1] = hdr->ssrc;
+ iv.v64[1] = est;
+ status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher,
+ (uint8_t*)&iv, srtp_direction_encrypt);
+ }
+ if (status) {
+ return srtp_err_status_cipher_fail;
+ }
+
+ if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) {
+ /*
+ * extensions header encryption RFC 6904
+ */
+ status = srtp_process_header_encryption(stream, xtn_hdr, session_keys);
+ if (status) {
+ return status;
+ }
+ }
+
/*
* Set the AAD over the RTP header
*/
aad_len = (uint8_t *)enc_start - (uint8_t *)hdr;
- status = cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len);
+ status = srtp_cipher_set_aad(session_keys->rtp_cipher, (uint8_t*)hdr, aad_len);
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
/* Encrypt the payload */
- status = cipher_encrypt(stream->rtp_cipher,
- (uint8_t*)enc_start, &enc_octet_len);
+ status = srtp_cipher_encrypt(session_keys->rtp_cipher,
+ (uint8_t*)enc_start, (unsigned int *)&enc_octet_len);
if (status) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/*
* If we're doing GCM, we need to get the tag
* and append that to the output
*/
- status = cipher_get_tag(stream->rtp_cipher,
+ status = srtp_cipher_get_tag(session_keys->rtp_cipher,
(uint8_t*)enc_start+enc_octet_len, &tag_len);
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
- enc_octet_len += tag_len;
+
+ mki_location = (uint8_t *)hdr + *pkt_octet_len + tag_len;
+ mki_size = srtp_inject_mki(mki_location, session_keys, use_mki);
/* increase the packet length by the length of the auth tag */
*pkt_octet_len += tag_len;
- return err_status_ok;
+ /* increase the packet length by the length of the mki_size */
+ *pkt_octet_len += mki_size;
+
+ return srtp_err_status_ok;
}
* of the packet stream and is automatically checked by GCM
* when decrypting the payload.
*/
-static err_status_t
+static srtp_err_status_t
srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta,
- xtd_seq_num_t est, void *srtp_hdr, unsigned int *pkt_octet_len)
+ srtp_xtd_seq_num_t est, void *srtp_hdr, unsigned int *pkt_octet_len,
+ srtp_session_keys_t *session_keys, unsigned int mki_size)
{
srtp_hdr_t *hdr = (srtp_hdr_t*)srtp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
v128_t iv;
- err_status_t status;
+ srtp_err_status_t status;
int tag_len;
unsigned int aad_len;
+ srtp_hdr_xtnd_t *xtn_hdr = NULL;
debug_print(mod_srtp, "function srtp_unprotect_aead", NULL);
#endif
/* get tag length from stream */
- tag_len = auth_get_tag_length(stream->rtp_auth);
+ tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth);
/*
* AEAD uses a new IV formation method
*/
- srtp_calc_aead_iv(stream, &iv, &est, hdr);
- status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt);
+ srtp_calc_aead_iv(session_keys, &iv, &est, hdr);
+ status = srtp_cipher_set_iv(session_keys->rtp_cipher,
+ (uint8_t*)&iv, srtp_direction_decrypt);
+ if (!status && session_keys->rtp_xtn_hdr_cipher) {
+ iv.v32[0] = 0;
+ iv.v32[1] = hdr->ssrc;
+#ifdef NO_64BIT_MATH
+ iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16),
+ low32(est) << 16));
+#else
+ iv.v64[1] = be64_to_cpu(est << 16);
+#endif
+ status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt);
+ }
if (status) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/*
*/
enc_start = (uint32_t*)hdr + uint32s_in_rtp_header + hdr->cc;
if (hdr->x == 1) {
- srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t*)enc_start;
+ xtn_hdr = (srtp_hdr_xtnd_t*)enc_start;
enc_start += (ntohs(xtn_hdr->length) + 1);
}
- if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
- return err_status_parse_err;
+ if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len - mki_size)))
+ return srtp_err_status_parse_err;
/*
* We pass the tag down to the cipher when doing GCM mode
*/
- enc_octet_len = (unsigned int)(*pkt_octet_len -
+ enc_octet_len = (unsigned int)(*pkt_octet_len - mki_size -
((uint8_t*)enc_start - (uint8_t*)hdr));
/*
* the tag size. It must always be at least as large
* as the tag length.
*/
- if (enc_octet_len < tag_len) {
- return err_status_cipher_fail;
+ if (enc_octet_len < (unsigned int) tag_len) {
+ return srtp_err_status_cipher_fail;
}
/*
* didn't just hit either the soft limit or the hard limit, and call
* the event handler if we hit either.
*/
- switch (key_limit_update(stream->limit)) {
- case key_event_normal:
+ switch (srtp_key_limit_update(session_keys->limit)) {
+ case srtp_key_event_normal:
break;
- case key_event_soft_limit:
+ case srtp_key_event_soft_limit:
srtp_handle_event(ctx, stream, event_key_soft_limit);
break;
- case key_event_hard_limit:
+ case srtp_key_event_hard_limit:
srtp_handle_event(ctx, stream, event_key_hard_limit);
- return err_status_key_expired;
+ return srtp_err_status_key_expired;
default:
break;
}
* Set the AAD for AES-GCM, which is the RTP header
*/
aad_len = (uint8_t *)enc_start - (uint8_t *)hdr;
- status = cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len);
+ status = srtp_cipher_set_aad(session_keys->rtp_cipher, (uint8_t*)hdr, aad_len);
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
- /* Decrypt the ciphertext. This also checks the auth tag based
+ /* Decrypt the ciphertext. This also checks the auth tag based
* on the AAD we just specified above */
- status = cipher_decrypt(stream->rtp_cipher,
- (uint8_t*)enc_start, &enc_octet_len);
+ status = srtp_cipher_decrypt(session_keys->rtp_cipher,
+ (uint8_t*)enc_start, &enc_octet_len);
if (status) {
return status;
}
+ if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) {
+ /*
+ * extensions header encryption RFC 6904
+ */
+ status = srtp_process_header_encryption(stream, xtn_hdr, session_keys);
+ if (status) {
+ return status;
+ }
+ }
+
/*
* verify that stream is for received traffic - this check will
* detect SSRC collisions, since a stream that appears in both
* the message authentication function passed, so add the packet
* index into the replay database
*/
- rdbx_add_index(&stream->rtp_rdbx, delta);
+ srtp_rdbx_add_index(&stream->rtp_rdbx, delta);
/* decrease the packet length by the length of the auth tag */
*pkt_octet_len -= tag_len;
- return err_status_ok;
-}
-
+ /* decrease the packet length by the length of the mki_size */
+ *pkt_octet_len -= mki_size;
+ return srtp_err_status_ok;
+}
- err_status_t
+ srtp_err_status_t
srtp_protect(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len) {
+ return srtp_protect_mki(ctx, rtp_hdr, pkt_octet_len, 0, 0);
+ }
+
+srtp_err_status_t
+srtp_protect_mki(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len,
+ unsigned int use_mki, unsigned int mki_index ) {
srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *auth_start; /* pointer to start of auth. portion */
- unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
- xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */
+ int enc_octet_len = 0; /* number of octets in encrypted portion */
+ srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */
int delta; /* delta of local pkt idx and that in hdr */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
- err_status_t status;
+ srtp_err_status_t status;
int tag_len;
srtp_stream_ctx_t *stream;
- int prefix_len;
+ uint32_t prefix_len;
+ srtp_hdr_xtnd_t *xtn_hdr = NULL;
+ unsigned int mki_size = 0;
+ srtp_session_keys_t *session_keys = NULL;
+ uint8_t* mki_location = NULL;
+ int advance_packet_index = 0;
debug_print(mod_srtp, "function srtp_protect", NULL);
/* we assume the hdr is 32-bit aligned to start */
+ /* Verify RTP header */
+ status = srtp_validate_rtp_header(rtp_hdr, pkt_octet_len);
+ if (status)
+ return status;
+
/* check the packet length - it must at least contain a full header */
if (*pkt_octet_len < octets_in_rtp_header)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/*
* look up ssrc in srtp_stream list, and process the packet with
stream = new_stream;
} else {
/* no template stream, so we return an error */
- return err_status_no_ctx;
+ return srtp_err_status_no_ctx;
}
}
* srtp_protect() and srtp_unprotect() will fail this test in one of
* those functions.
*/
+
if (stream->direction != dir_srtp_sender) {
if (stream->direction == dir_unknown) {
stream->direction = dir_srtp_sender;
}
}
+ session_keys = srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index);
+
/*
* Check if this is an AEAD stream (GCM mode). If so, then dispatch
* the request to our AEAD handler.
*/
- if (stream->rtp_cipher->algorithm == AES_128_GCM ||
- stream->rtp_cipher->algorithm == AES_256_GCM) {
- return srtp_protect_aead(ctx, stream, rtp_hdr, (unsigned int*)pkt_octet_len);
+ if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 ||
+ session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) {
+ return srtp_protect_aead(ctx, stream, rtp_hdr,
+ (unsigned int*)pkt_octet_len, session_keys,
+ use_mki);
}
/*
* didn't just hit either the soft limit or the hard limit, and call
* the event handler if we hit either.
*/
- switch(key_limit_update(stream->limit)) {
- case key_event_normal:
+ switch(srtp_key_limit_update(session_keys->limit)) {
+ case srtp_key_event_normal:
break;
- case key_event_soft_limit:
+ case srtp_key_event_soft_limit:
srtp_handle_event(ctx, stream, event_key_soft_limit);
break;
- case key_event_hard_limit:
+ case srtp_key_event_hard_limit:
srtp_handle_event(ctx, stream, event_key_hard_limit);
- return err_status_key_expired;
+ return srtp_err_status_key_expired;
default:
break;
}
/* get tag length from stream */
- tag_len = auth_get_tag_length(stream->rtp_auth);
+ tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth);
/*
* find starting point for encryption and length of data to be
if (stream->rtp_services & sec_serv_conf) {
enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc;
if (hdr->x == 1) {
- srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
+ xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
enc_start += (ntohs(xtn_hdr->length) + 1);
- if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
- return err_status_parse_err;
}
- enc_octet_len = (unsigned int)(*pkt_octet_len -
+ /* note: the passed size is without the auth tag */
+ if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len))
+ return srtp_err_status_parse_err;
+ enc_octet_len = (int)(*pkt_octet_len -
((uint8_t*)enc_start - (uint8_t*)hdr));
+ if (enc_octet_len < 0) return srtp_err_status_parse_err;
} else {
enc_start = NULL;
}
+ mki_location = (uint8_t *)hdr + *pkt_octet_len;
+ mki_size = srtp_inject_mki(mki_location, session_keys, use_mki);
+
/*
* if we're providing authentication, set the auth_start and auth_tag
* pointers to the proper locations; otherwise, set auth_start to NULL
*/
if (stream->rtp_services & sec_serv_auth) {
auth_start = (uint32_t *)hdr;
- auth_tag = (uint8_t *)hdr + *pkt_octet_len;
+ auth_tag = (uint8_t *)hdr + *pkt_octet_len + mki_size;
} else {
auth_start = NULL;
auth_tag = NULL;
}
- /*
- * estimate the packet index using the start of the replay window
- * and the sequence number from the header
- */
- delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq));
- status = rdbx_check(&stream->rtp_rdbx, delta);
- if (status) {
- if (status != err_status_replay_fail || !stream->allow_repeat_tx)
- return status; /* we've been asked to reuse an index */
- }
- else
- rdbx_add_index(&stream->rtp_rdbx, delta);
+ /*
+ * estimate the packet index using the start of the replay window
+ * and the sequence number from the header
+ */
+ status = srtp_get_est_pkt_index(hdr,
+ stream,
+ &est,
+ &delta);
+
+ if (status && (status != srtp_err_status_pkt_idx_adv))
+ return status;
+
+ if (status == srtp_err_status_pkt_idx_adv)
+ advance_packet_index = 1;
+
+ if (advance_packet_index) {
+ srtp_rdbx_set_roc_seq(&stream->rtp_rdbx,
+ (uint32_t)(est >> 16),
+ (uint16_t)(est & 0xFFFF));
+ stream->pending_roc = 0;
+ srtp_rdbx_add_index(&stream->rtp_rdbx, 0);
+ } else {
+ status = srtp_rdbx_check(&stream->rtp_rdbx, delta);
+ if (status) {
+ if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx)
+ return status; /* we've been asked to reuse an index */
+ }
+ srtp_rdbx_add_index(&stream->rtp_rdbx, delta);
+ }
#ifdef NO_64BIT_MATH
debug_print2(mod_srtp, "estimated packet index: %08x%08x",
/*
* if we're using rindael counter mode, set nonce and seq
*/
- if (stream->rtp_cipher->type->id == AES_ICM ||
- stream->rtp_cipher->type->id == AES_256_ICM) {
+ if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM_128 ||
+ session_keys->rtp_cipher->type->id == SRTP_AES_ICM_192 ||
+ session_keys->rtp_cipher->type->id == SRTP_AES_ICM_256) {
v128_t iv;
iv.v32[0] = 0;
#else
iv.v64[1] = be64_to_cpu(est << 16);
#endif
- status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt);
-
+ status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t*)&iv, srtp_direction_encrypt);
+ if (!status && session_keys->rtp_xtn_hdr_cipher) {
+ status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt);
+ }
} else {
v128_t iv;
iv.v64[0] = 0;
#endif
iv.v64[1] = be64_to_cpu(est);
- status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt);
+ status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t*)&iv, srtp_direction_encrypt);
+ if (!status && session_keys->rtp_xtn_hdr_cipher) {
+ status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt);
+ }
}
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
/* shift est, put into network byte order */
#ifdef NO_64BIT_MATH
*/
if (auth_start) {
- prefix_len = auth_get_prefix_length(stream->rtp_auth);
+ prefix_len = srtp_auth_get_prefix_length(session_keys->rtp_auth);
if (prefix_len) {
- status = cipher_output(stream->rtp_cipher, auth_tag, prefix_len);
+ status = srtp_cipher_output(session_keys->rtp_cipher, auth_tag, &prefix_len);
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
debug_print(mod_srtp, "keystream prefix: %s",
- octet_string_hex_string(auth_tag, prefix_len));
+ srtp_octet_string_hex_string(auth_tag, prefix_len));
+ }
+ }
+
+ if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) {
+ /*
+ * extensions header encryption RFC 6904
+ */
+ status = srtp_process_header_encryption(stream, xtn_hdr, session_keys);
+ if (status) {
+ return status;
}
}
/* if we're encrypting, exor keystream into the message */
if (enc_start) {
- status = cipher_encrypt(stream->rtp_cipher,
- (uint8_t *)enc_start, &enc_octet_len);
+ status = srtp_cipher_encrypt(session_keys->rtp_cipher,
+ (uint8_t *)enc_start, (unsigned int *)&enc_octet_len);
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/*
if (auth_start) {
/* initialize auth func context */
- status = auth_start(stream->rtp_auth);
+ status = srtp_auth_start(session_keys->rtp_auth);
if (status) return status;
/* run auth func over packet */
- status = auth_update(stream->rtp_auth,
+ status = srtp_auth_update(session_keys->rtp_auth,
(uint8_t *)auth_start, *pkt_octet_len);
if (status) return status;
/* run auth func over ROC, put result into auth_tag */
debug_print(mod_srtp, "estimated packet index: %016llx", est);
- status = auth_compute(stream->rtp_auth, (uint8_t *)&est, 4, auth_tag);
+ status = srtp_auth_compute(session_keys->rtp_auth, (uint8_t *)&est, 4, auth_tag);
debug_print(mod_srtp, "srtp auth tag: %s",
- octet_string_hex_string(auth_tag, tag_len));
+ srtp_octet_string_hex_string(auth_tag, tag_len));
if (status)
- return err_status_auth_fail;
+ return srtp_err_status_auth_fail;
}
*pkt_octet_len += tag_len;
}
- return err_status_ok;
+ if (use_mki) {
+ /* increate the packet length by the mki size */
+ *pkt_octet_len += mki_size;
+ }
+
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
+ return srtp_unprotect_mki(ctx, srtp_hdr, pkt_octet_len, 0);
+}
+
+srtp_err_status_t
+srtp_unprotect_mki(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len,
+ unsigned int use_mki) {
srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *auth_start; /* pointer to start of auth. portion */
unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
- xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */
+ srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */
int delta; /* delta of local pkt idx and that in hdr */
v128_t iv;
- err_status_t status;
+ srtp_err_status_t status;
srtp_stream_ctx_t *stream;
uint8_t tmp_tag[SRTP_MAX_TAG_LEN];
- int tag_len, prefix_len;
+ uint32_t tag_len, prefix_len;
+ srtp_hdr_xtnd_t *xtn_hdr = NULL;
+ unsigned int mki_size = 0;
+ srtp_session_keys_t *session_keys = NULL;
+ int advance_packet_index = 0;
+ uint32_t roc_to_set = 0;
+ uint16_t seq_to_set = 0;
debug_print(mod_srtp, "function srtp_unprotect", NULL);
/* we assume the hdr is 32-bit aligned to start */
+ /* Verify RTP header */
+ status = srtp_validate_rtp_header(srtp_hdr, pkt_octet_len);
+ if (status)
+ return status;
+
/* check the packet length - it must at least contain a full header */
if (*pkt_octet_len < octets_in_rtp_header)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/*
* look up ssrc in srtp_stream list, and process the packet with
if (ctx->stream_template != NULL) {
stream = ctx->stream_template;
debug_print(mod_srtp, "using provisional stream (SSRC: 0x%08x)",
- hdr->ssrc);
+ ntohl(hdr->ssrc));
/*
* set estimated packet index to sequence number from header,
* and set delta equal to the same value
*/
#ifdef NO_64BIT_MATH
- est = (xtd_seq_num_t) make64(0,ntohs(hdr->seq));
+ est = (srtp_xtd_seq_num_t) make64(0,ntohs(hdr->seq));
delta = low32(est);
#else
- est = (xtd_seq_num_t) ntohs(hdr->seq);
+ est = (srtp_xtd_seq_num_t) ntohs(hdr->seq);
delta = (int)est;
#endif
} else {
* no stream corresponding to SSRC found, and we don't do
* key-sharing, so return an error
*/
- return err_status_no_ctx;
+ return srtp_err_status_no_ctx;
}
} else {
-
- /* estimate packet index from seq. num. in header */
- delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq));
-
- /* check replay database */
- status = rdbx_check(&stream->rtp_rdbx, delta);
- if (status)
+ status = srtp_get_est_pkt_index(hdr,
+ stream,
+ &est,
+ &delta);
+
+ if (status && (status != srtp_err_status_pkt_idx_adv))
return status;
+
+ if (status == srtp_err_status_pkt_idx_adv) {
+ advance_packet_index = 1;
+ roc_to_set = (uint32_t)(est >> 16);
+ seq_to_set = (uint16_t)(est & 0xFFFF);
+ }
+
+ /* check replay database */
+ if (!advance_packet_index) {
+ status = srtp_rdbx_check(&stream->rtp_rdbx, delta);
+ if (status)
+ return status;
+ }
}
#ifdef NO_64BIT_MATH
debug_print(mod_srtp, "estimated u_packet index: %016llx", est);
#endif
+ /*
+ * Determine if MKI is being used and what session keys should be used
+ */
+ if (use_mki) {
+ session_keys = srtp_get_session_keys(stream, (uint8_t *)hdr,
+ (const unsigned int*)pkt_octet_len,
+ &mki_size);
+
+ if (session_keys == NULL)
+ return srtp_err_status_bad_mki;
+ } else {
+ session_keys = &stream->session_keys[0];
+ }
+
/*
* Check if this is an AEAD stream (GCM mode). If so, then dispatch
* the request to our AEAD handler.
*/
- if (stream->rtp_cipher->algorithm == AES_128_GCM ||
- stream->rtp_cipher->algorithm == AES_256_GCM) {
- return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr, (unsigned int*)pkt_octet_len);
+ if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 ||
+ session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) {
+ return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr,
+ (unsigned int*)pkt_octet_len, session_keys,
+ mki_size);
}
/* get tag length from stream */
- tag_len = auth_get_tag_length(stream->rtp_auth);
+ tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth);
/*
* set the cipher's IV properly, depending on whatever cipher we
* happen to be using
*/
- if (stream->rtp_cipher->type->id == AES_ICM ||
- stream->rtp_cipher->type->id == AES_256_ICM) {
-
+ if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM_128 ||
+ session_keys->rtp_cipher->type->id == SRTP_AES_ICM_192 ||
+ session_keys->rtp_cipher->type->id == SRTP_AES_ICM_256) {
/* aes counter mode */
iv.v32[0] = 0;
iv.v32[1] = hdr->ssrc; /* still in network order */
#else
iv.v64[1] = be64_to_cpu(est << 16);
#endif
- status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt);
+ status = srtp_cipher_set_iv(session_keys->rtp_cipher,
+ (uint8_t*)&iv, srtp_direction_decrypt);
+ if (!status && session_keys->rtp_xtn_hdr_cipher) {
+ status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher,
+ (uint8_t*)&iv, srtp_direction_decrypt);
+ }
} else {
/* no particular format - set the iv to the pakcet index */
iv.v64[0] = 0;
#endif
iv.v64[1] = be64_to_cpu(est);
- status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt);
+ status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t*)&iv, srtp_direction_decrypt);
+ if (!status && session_keys->rtp_xtn_hdr_cipher) {
+ status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_decrypt);
+ }
}
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
/* shift est, put into network byte order */
#ifdef NO_64BIT_MATH
if (stream->rtp_services & sec_serv_conf) {
enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc;
if (hdr->x == 1) {
- srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
+ xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
enc_start += (ntohs(xtn_hdr->length) + 1);
}
- if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
- return err_status_parse_err;
- enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len -
+ if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len - mki_size)))
+ return srtp_err_status_parse_err;
+ enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len - mki_size -
((uint8_t*)enc_start - (uint8_t*)hdr));
} else {
enc_start = NULL;
* if the keystream prefix length is zero, then we know that
* the authenticator isn't using a universal hash function
*/
- if (stream->rtp_auth->prefix_len != 0) {
+ if (session_keys->rtp_auth->prefix_len != 0) {
- prefix_len = auth_get_prefix_length(stream->rtp_auth);
- status = cipher_output(stream->rtp_cipher, tmp_tag, prefix_len);
+ prefix_len = srtp_auth_get_prefix_length(session_keys->rtp_auth);
+ status = srtp_cipher_output(session_keys->rtp_cipher, tmp_tag, &prefix_len);
debug_print(mod_srtp, "keystream prefix: %s",
- octet_string_hex_string(tmp_tag, prefix_len));
+ srtp_octet_string_hex_string(tmp_tag, prefix_len));
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/* initialize auth func context */
- status = auth_start(stream->rtp_auth);
+ status = srtp_auth_start(session_keys->rtp_auth);
if (status) return status;
/* now compute auth function over packet */
- status = auth_update(stream->rtp_auth, (uint8_t *)auth_start,
- *pkt_octet_len - tag_len);
+ status = srtp_auth_update(session_keys->rtp_auth, (uint8_t *)auth_start,
+ *pkt_octet_len - tag_len - mki_size);
/* run auth func over ROC, then write tmp tag */
- status = auth_compute(stream->rtp_auth, (uint8_t *)&est, 4, tmp_tag);
+ status = srtp_auth_compute(session_keys->rtp_auth, (uint8_t *)&est, 4, tmp_tag);
debug_print(mod_srtp, "computed auth tag: %s",
- octet_string_hex_string(tmp_tag, tag_len));
+ srtp_octet_string_hex_string(tmp_tag, tag_len));
debug_print(mod_srtp, "packet auth tag: %s",
- octet_string_hex_string(auth_tag, tag_len));
+ srtp_octet_string_hex_string(auth_tag, tag_len));
if (status)
- return err_status_auth_fail;
+ return srtp_err_status_auth_fail;
if (octet_string_is_eq(tmp_tag, auth_tag, tag_len))
- return err_status_auth_fail;
+ return srtp_err_status_auth_fail;
}
/*
* didn't just hit either the soft limit or the hard limit, and call
* the event handler if we hit either.
*/
- switch(key_limit_update(stream->limit)) {
- case key_event_normal:
+ switch(srtp_key_limit_update(session_keys->limit)) {
+ case srtp_key_event_normal:
break;
- case key_event_soft_limit:
+ case srtp_key_event_soft_limit:
srtp_handle_event(ctx, stream, event_key_soft_limit);
break;
- case key_event_hard_limit:
+ case srtp_key_event_hard_limit:
srtp_handle_event(ctx, stream, event_key_hard_limit);
- return err_status_key_expired;
+ return srtp_err_status_key_expired;
default:
break;
}
+ if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) {
+ /*
+ * extensions header encryption RFC 6904
+ */
+ status = srtp_process_header_encryption(stream, xtn_hdr, session_keys);
+ if (status) {
+ return status;
+ }
+ }
+
/* if we're decrypting, add keystream into ciphertext */
if (enc_start) {
- status = cipher_decrypt(stream->rtp_cipher,
- (uint8_t *)enc_start, &enc_octet_len);
+ status = srtp_cipher_decrypt(session_keys->rtp_cipher,
+ (uint8_t *)enc_start, &enc_octet_len);
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/*
/* set stream (the pointer used in this function) */
stream = new_stream;
}
-
+
/*
* the message authentication function passed, so add the packet
* index into the replay database
*/
- rdbx_add_index(&stream->rtp_rdbx, delta);
+ if (advance_packet_index) {
+ srtp_rdbx_set_roc_seq(&stream->rtp_rdbx,
+ roc_to_set,
+ seq_to_set);
+ stream->pending_roc = 0;
+ srtp_rdbx_add_index(&stream->rtp_rdbx, 0);
+ } else {
+ srtp_rdbx_add_index(&stream->rtp_rdbx, delta);
+ }
/* decrease the packet length by the length of the auth tag */
*pkt_octet_len -= tag_len;
- return err_status_ok;
+ /* decrease the packet length by the mki size */
+ *pkt_octet_len -= mki_size;
+
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_init() {
- err_status_t status;
+ srtp_err_status_t status;
/* initialize crypto kernel */
- status = crypto_kernel_init();
+ status = srtp_crypto_kernel_init();
if (status)
return status;
/* load srtp debug module into the kernel */
- status = crypto_kernel_load_debug_module(&mod_srtp);
+ status = srtp_crypto_kernel_load_debug_module(&mod_srtp);
if (status)
return status;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_shutdown() {
- err_status_t status;
+ srtp_err_status_t status;
/* shut down crypto kernel */
- status = crypto_kernel_shutdown();
+ status = srtp_crypto_kernel_shutdown();
if (status)
return status;
/* shutting down crypto kernel frees the srtp debug module as well */
- return err_status_ok;
+ return srtp_err_status_ok;
}
int
srtp_get_trailer_length(const srtp_stream_t s) {
- return auth_get_tag_length(s->rtp_auth);
+ return srtp_auth_get_tag_length(s->rtp_auth);
}
#endif
return NULL;
}
-err_status_t
+srtp_err_status_t
srtp_dealloc(srtp_t session) {
srtp_stream_ctx_t *stream;
- err_status_t status;
+ srtp_err_status_t status;
/*
* we take a conservative deallocation strategy - if we encounter an
stream = session->stream_list;
while (stream != NULL) {
srtp_stream_t next = stream->next;
- status = srtp_stream_dealloc(session, stream);
+ status = srtp_stream_dealloc(stream, session->stream_template);
if (status)
return status;
stream = next;
/* deallocate stream template, if there is one */
if (session->stream_template != NULL) {
- status = auth_dealloc(session->stream_template->rtcp_auth);
- if (status)
- return status;
- status = cipher_dealloc(session->stream_template->rtcp_cipher);
- if (status)
- return status;
- crypto_free(session->stream_template->limit);
- status = cipher_dealloc(session->stream_template->rtp_cipher);
- if (status)
- return status;
- status = auth_dealloc(session->stream_template->rtp_auth);
- if (status)
- return status;
- status = rdbx_dealloc(&session->stream_template->rtp_rdbx);
+ status = srtp_stream_dealloc(session->stream_template, NULL);
if (status)
return status;
- crypto_free(session->stream_template);
}
/* deallocate session context */
- crypto_free(session);
+ srtp_crypto_free(session);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_add_stream(srtp_t session,
const srtp_policy_t *policy) {
- err_status_t status;
+ srtp_err_status_t status;
srtp_stream_t tmp;
/* sanity check arguments */
- if ((session == NULL) || (policy == NULL) || (policy->key == NULL))
- return err_status_bad_param;
+ if ((session == NULL) || (policy == NULL) || (!srtp_validate_policy_master_keys(policy)))
+ return srtp_err_status_bad_param;
/* allocate stream */
status = srtp_stream_alloc(&tmp, policy);
/* initialize stream */
status = srtp_stream_init(tmp, policy);
if (status) {
- crypto_free(tmp);
+ srtp_crypto_free(tmp);
return status;
}
switch (policy->ssrc.type) {
case (ssrc_any_outbound):
if (session->stream_template) {
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
session->stream_template = tmp;
session->stream_template->direction = dir_srtp_sender;
break;
case (ssrc_any_inbound):
if (session->stream_template) {
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
session->stream_template = tmp;
session->stream_template->direction = dir_srtp_receiver;
break;
case (ssrc_undefined):
default:
- crypto_free(tmp);
- return err_status_bad_param;
+ srtp_crypto_free(tmp);
+ return srtp_err_status_bad_param;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_create(srtp_t *session, /* handle for session */
const srtp_policy_t *policy) { /* SRTP policy (list) */
- err_status_t stat;
+ srtp_err_status_t stat;
srtp_ctx_t *ctx;
/* sanity check arguments */
if (session == NULL)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/* allocate srtp context and set ctx_ptr */
- ctx = (srtp_ctx_t *) crypto_alloc(sizeof(srtp_ctx_t));
+ ctx = (srtp_ctx_t *) srtp_crypto_alloc(sizeof(srtp_ctx_t));
if (ctx == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
*session = ctx;
/*
*/
ctx->stream_template = NULL;
ctx->stream_list = NULL;
+ ctx->user_data = NULL;
while (policy != NULL) {
stat = srtp_add_stream(ctx, policy);
if (stat) {
/* clean up everything */
srtp_dealloc(*session);
+ *session = NULL;
return stat;
}
- /* set policy to next item in list */
- policy = policy->next;
+ /* set policy to next item in list */
+ policy = policy->next;
+ }
+
+ return srtp_err_status_ok;
+}
+
+
+srtp_err_status_t
+srtp_remove_stream(srtp_t session, uint32_t ssrc) {
+ srtp_stream_ctx_t *stream, *last_stream;
+ srtp_err_status_t status;
+
+ /* sanity check arguments */
+ if (session == NULL)
+ return srtp_err_status_bad_param;
+
+ /* find stream in list; complain if not found */
+ last_stream = stream = session->stream_list;
+ while ((stream != NULL) && (ssrc != stream->ssrc)) {
+ last_stream = stream;
+ stream = stream->next;
+ }
+ if (stream == NULL)
+ return srtp_err_status_no_ctx;
+
+ /* remove stream from the list */
+ if (last_stream == stream)
+ /* stream was first in list */
+ session->stream_list = stream->next;
+ else
+ last_stream->next = stream->next;
+
+ /* deallocate the stream */
+ status = srtp_stream_dealloc(stream, session->stream_template);
+ if (status)
+ return status;
+
+ return srtp_err_status_ok;
+}
+
+
+srtp_err_status_t
+srtp_update(srtp_t session, const srtp_policy_t *policy) {
+ srtp_err_status_t stat;
+
+ /* sanity check arguments */
+ if ((session == NULL) || (policy == NULL) || (!srtp_validate_policy_master_keys(policy))) {
+ return srtp_err_status_bad_param;
+ }
+
+ while (policy != NULL) {
+ stat = srtp_update_stream(session, policy);
+ if (stat) {
+ return stat;
+ }
+
+ /* set policy to next item in list */
+ policy = policy->next;
+ }
+ return srtp_err_status_ok;
+}
+
+
+static srtp_err_status_t
+update_template_streams(srtp_t session, const srtp_policy_t *policy) {
+ srtp_err_status_t status;
+ srtp_stream_t new_stream_template;
+ srtp_stream_t new_stream_list = NULL;
+
+ if (session->stream_template == NULL) {
+ return srtp_err_status_bad_param;
+ }
+
+ /* allocate new template stream */
+ status = srtp_stream_alloc(&new_stream_template, policy);
+ if (status) {
+ return status;
+ }
+
+ /* initialize new template stream */
+ status = srtp_stream_init(new_stream_template, policy);
+ if (status) {
+ srtp_crypto_free(new_stream_template);
+ return status;
+ }
+
+ /* for all old templated streams */
+ for (;;) {
+ srtp_stream_t stream;
+ uint32_t ssrc;
+ srtp_xtd_seq_num_t old_index;
+ srtp_rdb_t old_rtcp_rdb;
+
+ stream = session->stream_list;
+ while ((stream != NULL) &&
+ (stream->session_keys[0].rtp_auth !=
+ session->stream_template->session_keys[0].rtp_auth)) {
+ stream = stream->next;
+ }
+ if (stream == NULL) {
+ /* no more templated streams */
+ break;
+ }
+
+ /* save old extendard seq */
+ ssrc = stream->ssrc;
+ old_index = stream->rtp_rdbx.index;
+ old_rtcp_rdb = stream->rtcp_rdb;
+
+ /* remove stream */
+ status = srtp_remove_stream(session, ssrc);
+ if (status) {
+ /* free new allocations */
+ while (new_stream_list != NULL) {
+ srtp_stream_t next = new_stream_list->next;
+ srtp_stream_dealloc(new_stream_list, new_stream_template);
+ new_stream_list = next;
+ }
+ srtp_stream_dealloc(new_stream_template, NULL);
+ return status;
+ }
+
+ /* allocate and initialize a new stream */
+ status = srtp_stream_clone(new_stream_template, ssrc, &stream);
+ if (status) {
+ /* free new allocations */
+ while (new_stream_list != NULL) {
+ srtp_stream_t next = new_stream_list->next;
+ srtp_stream_dealloc(new_stream_list, new_stream_template);
+ new_stream_list = next;
+ }
+ srtp_stream_dealloc(new_stream_template, NULL);
+ return status;
+ }
+
+ /* add new stream to the head of the new_stream_list */
+ stream->next = new_stream_list;
+ new_stream_list = stream;
+
+ /* restore old extended seq */
+ stream->rtp_rdbx.index = old_index;
+ stream->rtcp_rdb = old_rtcp_rdb;
+ }
+ /* dealloc old template */
+ srtp_stream_dealloc(session->stream_template, NULL);
+ /* set new template */
+ session->stream_template = new_stream_template;
+ /* add new list */
+ if (new_stream_list) {
+ srtp_stream_t tail = new_stream_list;
+ while (tail->next) {
+ tail = tail->next;
+ }
+ tail->next = session->stream_list;
+ session->stream_list = new_stream_list;
+ }
+ return status;
+}
+
+
+static srtp_err_status_t
+update_stream(srtp_t session, const srtp_policy_t *policy) {
+ srtp_err_status_t status;
+ srtp_xtd_seq_num_t old_index;
+ srtp_rdb_t old_rtcp_rdb;
+ srtp_stream_t stream;
+
+ stream = srtp_get_stream(session, htonl(policy->ssrc.value));
+ if (stream == NULL) {
+ return srtp_err_status_bad_param;
+ }
+
+ /* save old extendard seq */
+ old_index = stream->rtp_rdbx.index;
+ old_rtcp_rdb = stream->rtcp_rdb;
+
+ status = srtp_remove_stream(session, htonl(policy->ssrc.value));
+ if (status) {
+ return status;
+ }
+
+ status = srtp_add_stream(session, policy);
+ if (status) {
+ return status;
+ }
+
+ stream = srtp_get_stream(session, htonl(policy->ssrc.value));
+ if (stream == NULL) {
+ return srtp_err_status_fail;
}
- return err_status_ok;
+ /* restore old extended seq */
+ stream->rtp_rdbx.index = old_index;
+ stream->rtcp_rdb = old_rtcp_rdb;
+
+ return srtp_err_status_ok;
}
-err_status_t
-srtp_remove_stream(srtp_t session, uint32_t ssrc) {
- srtp_stream_ctx_t *stream, *last_stream;
- err_status_t status;
+srtp_err_status_t
+srtp_update_stream(srtp_t session, const srtp_policy_t *policy) {
+ srtp_err_status_t status;
/* sanity check arguments */
- if (session == NULL)
- return err_status_bad_param;
-
- /* find stream in list; complain if not found */
- last_stream = stream = session->stream_list;
- while ((stream != NULL) && (ssrc != stream->ssrc)) {
- last_stream = stream;
- stream = stream->next;
- }
- if (stream == NULL)
- return err_status_no_ctx;
-
- /* remove stream from the list */
- if (last_stream == stream)
- /* stream was first in list */
- session->stream_list = stream->next;
- else
- last_stream->next = stream->next;
+ if ((session == NULL) || (policy == NULL) || (!srtp_validate_policy_master_keys(policy)))
+ return srtp_err_status_bad_param;
- /* deallocate the stream */
- status = srtp_stream_dealloc(session, stream);
- if (status)
- return status;
+ switch (policy->ssrc.type) {
+ case (ssrc_any_outbound):
+ case (ssrc_any_inbound):
+ status = update_template_streams(session, policy);
+ break;
+ case (ssrc_specific):
+ status = update_stream(session, policy);
+ break;
+ case (ssrc_undefined):
+ default:
+ return srtp_err_status_bad_param;
+ }
- return err_status_ok;
+ return status;
}
/*
- * the default policy - provides a convenient way for callers to use
+ * The default policy - provides a convenient way for callers to use
* the default security policy
- *
- * this policy is that defined in the current SRTP internet draft.
+ *
+ * The default policy is defined in RFC 3711
+ * (Section 5. Default and mandatory-to-implement Transforms)
*
*/
/* There are hard-coded 16's for base_key_len in the key generation code */
void
-crypto_policy_set_rtp_default(crypto_policy_t *p) {
+srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p) {
- p->cipher_type = AES_ICM;
- p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */
- p->auth_type = HMAC_SHA1;
+ p->cipher_type = SRTP_AES_ICM_128;
+ p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* default 128 bits per RFC 3711 */
+ p->auth_type = SRTP_HMAC_SHA1;
p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */
p->sec_serv = sec_serv_conf_and_auth;
}
void
-crypto_policy_set_rtcp_default(crypto_policy_t *p) {
+srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p) {
- p->cipher_type = AES_ICM;
- p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */
- p->auth_type = HMAC_SHA1;
+ p->cipher_type = SRTP_AES_ICM_128;
+ p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* default 128 bits per RFC 3711 */
+ p->auth_type = SRTP_HMAC_SHA1;
p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */
p->sec_serv = sec_serv_conf_and_auth;
}
void
-crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p) {
+srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p) {
/*
* corresponds to RFC 4568
* note that this crypto policy is intended for SRTP, but not SRTCP
*/
- p->cipher_type = AES_ICM;
- p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */
- p->auth_type = HMAC_SHA1;
+ p->cipher_type = SRTP_AES_ICM_128;
+ p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* 128 bit key, 112 bit salt */
+ p->auth_type = SRTP_HMAC_SHA1;
p->auth_key_len = 20; /* 160 bit key */
p->auth_tag_len = 4; /* 32 bit tag */
p->sec_serv = sec_serv_conf_and_auth;
void
-crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p) {
+srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p) {
/*
* corresponds to RFC 4568
* note that this crypto policy is intended for SRTP, but not SRTCP
*/
- p->cipher_type = AES_ICM;
- p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */
- p->auth_type = NULL_AUTH;
+ p->cipher_type = SRTP_AES_ICM_128;
+ p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* 128 bit key, 112 bit salt */
+ p->auth_type = SRTP_NULL_AUTH;
p->auth_key_len = 0;
p->auth_tag_len = 0;
p->sec_serv = sec_serv_conf;
void
-crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p) {
+srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p) {
/*
* corresponds to RFC 4568
*/
- p->cipher_type = NULL_CIPHER;
+ p->cipher_type = SRTP_NULL_CIPHER;
p->cipher_key_len = 0;
- p->auth_type = HMAC_SHA1;
+ p->auth_type = SRTP_HMAC_SHA1;
p->auth_key_len = 20;
p->auth_tag_len = 10;
p->sec_serv = sec_serv_auth;
}
+void
+srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p) {
+
+ /*
+ * Should only be used for testing
+ */
+
+ p->cipher_type = SRTP_NULL_CIPHER;
+ p->cipher_key_len = 0;
+ p->auth_type = SRTP_NULL_AUTH;
+ p->auth_key_len = 0;
+ p->auth_tag_len = 0;
+ p->sec_serv = sec_serv_none;
+
+}
+
void
-crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p) {
+srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p) {
/*
- * corresponds to draft-ietf-avt-big-aes-03.txt
+ * corresponds to RFC 6188
*/
- p->cipher_type = AES_ICM;
- p->cipher_key_len = 46;
- p->auth_type = HMAC_SHA1;
+ p->cipher_type = SRTP_AES_ICM_256;
+ p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT;
+ p->auth_type = SRTP_HMAC_SHA1;
p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */
p->sec_serv = sec_serv_conf_and_auth;
void
-crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p) {
+srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p) {
/*
- * corresponds to draft-ietf-avt-big-aes-03.txt
+ * corresponds to RFC 6188
*
* note that this crypto policy is intended for SRTP, but not SRTCP
*/
- p->cipher_type = AES_ICM;
- p->cipher_key_len = 46;
- p->auth_type = HMAC_SHA1;
+ p->cipher_type = SRTP_AES_ICM_256;
+ p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT;
+ p->auth_type = SRTP_HMAC_SHA1;
p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
p->auth_tag_len = 4; /* default 80 bits per RFC 3711 */
p->sec_serv = sec_serv_conf_and_auth;
* AES-256 with no authentication.
*/
void
-crypto_policy_set_aes_cm_256_null_auth (crypto_policy_t *p)
+srtp_crypto_policy_set_aes_cm_256_null_auth (srtp_crypto_policy_t *p)
{
- p->cipher_type = AES_ICM;
- p->cipher_key_len = 46;
- p->auth_type = NULL_AUTH;
+ p->cipher_type = SRTP_AES_ICM_256;
+ p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT;
+ p->auth_type = SRTP_NULL_AUTH;
p->auth_key_len = 0;
p->auth_tag_len = 0;
p->sec_serv = sec_serv_conf;
}
#ifdef OPENSSL
+void
+srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p) {
+
+ /*
+ * corresponds to RFC 6188
+ */
+
+ p->cipher_type = SRTP_AES_ICM_192;
+ p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT;
+ p->auth_type = SRTP_HMAC_SHA1;
+ p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
+ p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */
+ p->sec_serv = sec_serv_conf_and_auth;
+}
+
+
+void
+srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p) {
+
+ /*
+ * corresponds to RFC 6188
+ *
+ * note that this crypto policy is intended for SRTP, but not SRTCP
+ */
+
+ p->cipher_type = SRTP_AES_ICM_192;
+ p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT;
+ p->auth_type = SRTP_HMAC_SHA1;
+ p->auth_key_len = 20; /* default 160 bits per RFC 3711 */
+ p->auth_tag_len = 4; /* default 80 bits per RFC 3711 */
+ p->sec_serv = sec_serv_conf_and_auth;
+}
+
+/*
+ * AES-192 with no authentication.
+ */
+void
+srtp_crypto_policy_set_aes_cm_192_null_auth (srtp_crypto_policy_t *p)
+{
+ p->cipher_type = SRTP_AES_ICM_192;
+ p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT;
+ p->auth_type = SRTP_NULL_AUTH;
+ p->auth_key_len = 0;
+ p->auth_tag_len = 0;
+ p->sec_serv = sec_serv_conf;
+}
+
/*
* AES-128 GCM mode with 8 octet auth tag.
*/
void
-crypto_policy_set_aes_gcm_128_8_auth(crypto_policy_t *p) {
- p->cipher_type = AES_128_GCM;
- p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT;
- p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
+srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p) {
+ p->cipher_type = SRTP_AES_GCM_128;
+ p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT;
+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
p->auth_key_len = 0;
p->auth_tag_len = 8; /* 8 octet tag length */
p->sec_serv = sec_serv_conf_and_auth;
* AES-256 GCM mode with 8 octet auth tag.
*/
void
-crypto_policy_set_aes_gcm_256_8_auth(crypto_policy_t *p) {
- p->cipher_type = AES_256_GCM;
- p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT;
- p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
+srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p) {
+ p->cipher_type = SRTP_AES_GCM_256;
+ p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT;
+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
p->auth_key_len = 0;
p->auth_tag_len = 8; /* 8 octet tag length */
p->sec_serv = sec_serv_conf_and_auth;
* AES-128 GCM mode with 8 octet auth tag, no RTCP encryption.
*/
void
-crypto_policy_set_aes_gcm_128_8_only_auth(crypto_policy_t *p) {
- p->cipher_type = AES_128_GCM;
- p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT;
- p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
+srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p) {
+ p->cipher_type = SRTP_AES_GCM_128;
+ p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT;
+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
p->auth_key_len = 0;
p->auth_tag_len = 8; /* 8 octet tag length */
p->sec_serv = sec_serv_auth; /* This only applies to RTCP */
* AES-256 GCM mode with 8 octet auth tag, no RTCP encryption.
*/
void
-crypto_policy_set_aes_gcm_256_8_only_auth(crypto_policy_t *p) {
- p->cipher_type = AES_256_GCM;
- p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT;
- p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
+srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p) {
+ p->cipher_type = SRTP_AES_GCM_256;
+ p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT;
+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
p->auth_key_len = 0;
p->auth_tag_len = 8; /* 8 octet tag length */
p->sec_serv = sec_serv_auth; /* This only applies to RTCP */
* AES-128 GCM mode with 16 octet auth tag.
*/
void
-crypto_policy_set_aes_gcm_128_16_auth(crypto_policy_t *p) {
- p->cipher_type = AES_128_GCM;
- p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT;
- p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
+srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p) {
+ p->cipher_type = SRTP_AES_GCM_128;
+ p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT;
+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
p->auth_key_len = 0;
p->auth_tag_len = 16; /* 16 octet tag length */
p->sec_serv = sec_serv_conf_and_auth;
* AES-256 GCM mode with 16 octet auth tag.
*/
void
-crypto_policy_set_aes_gcm_256_16_auth(crypto_policy_t *p) {
- p->cipher_type = AES_256_GCM;
- p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT;
- p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
+srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p) {
+ p->cipher_type = SRTP_AES_GCM_256;
+ p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT;
+ p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */
p->auth_key_len = 0;
p->auth_tag_len = 16; /* 16 octet tag length */
p->sec_serv = sec_serv_conf_and_auth;
/*
* AEAD uses a new IV formation method. This function implements
- * section 10.1 from draft-ietf-avtcore-srtp-aes-gcm-07.txt. The
- * calculation is defined as, where (+) is the xor operation:
+ * section 9.1 (SRTCP IV Formation for AES-GCM) from RFC7714.
+ * The calculation is defined as, where (+) is the xor operation:
*
* 0 1 2 3 4 5 6 7 8 9 10 11
* +--+--+--+--+--+--+--+--+--+--+--+--+
* | Initialization Vector |<--+
* +--+--+--+--+--+--+--+--+--+--+--+--+*
*
- * Input: *stream - pointer to SRTP stream context, used to retrieve
- * the SALT
- * *iv - Pointer to recieve the calculated IV
- * seq_num - The SEQ value to use for the IV calculation.
- * *hdr - The RTP header, used to get the SSRC value
+ * Input: *session_keys - pointer to SRTP stream context session keys,
+ * used to retrieve the SALT
+ * *iv - Pointer to recieve the calculated IV
+ * seq_num - The SEQ value to use for the IV calculation.
+ * *hdr - The RTP header, used to get the SSRC value
+ *
+ * Returns: srtp_err_status_ok if no error or srtp_err_status_bad_param
+ * if seq_num is invalid
*
*/
-static void srtp_calc_aead_iv_srtcp(srtp_stream_ctx_t *stream, v128_t *iv,
- uint32_t seq_num, srtcp_hdr_t *hdr)
+static srtp_err_status_t
+srtp_calc_aead_iv_srtcp(srtp_session_keys_t *session_keys, v128_t *iv,
+ uint32_t seq_num, srtcp_hdr_t *hdr)
{
v128_t in;
v128_t salt;
in.v16[0] = 0;
memcpy(&in.v16[1], &hdr->ssrc, 4); /* still in network order! */
in.v16[3] = 0;
- in.v32[2] = 0x7FFFFFFF & htonl(seq_num); /* bit 32 is suppose to be zero */
+
+ /*
+ * The SRTCP index (seq_num) spans bits 0 through 30 inclusive.
+ * The most significant bit should be zero.
+ */
+ if (seq_num & 0x80000000UL) {
+ return srtp_err_status_bad_param;
+ }
+ in.v32[2] = htonl(seq_num);
debug_print(mod_srtp, "Pre-salted RTCP IV = %s\n", v128_hex_string(&in));
/*
* Get the SALT value from the context
*/
- memcpy(salt.v8, stream->c_salt, 12);
+ memcpy(salt.v8, session_keys->c_salt, 12);
debug_print(mod_srtp, "RTCP SALT = %s\n", v128_hex_string(&salt));
/*
* Finally, apply the SALT to the input
*/
v128_xor(iv, &in, &salt);
+
+ return srtp_err_status_ok;
}
/*
* This code handles AEAD ciphers for outgoing RTCP. We currently support
* AES-GCM mode with 128 or 256 bit keys.
*/
-static err_status_t
+static srtp_err_status_t
srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream,
- void *rtcp_hdr, unsigned int *pkt_octet_len)
+ void *rtcp_hdr, unsigned int *pkt_octet_len,
+ srtp_session_keys_t *session_keys, unsigned int use_mki)
{
srtcp_hdr_t *hdr = (srtcp_hdr_t*)rtcp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *trailer; /* pointer to start of trailer */
unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
- err_status_t status;
- int tag_len;
+ srtp_err_status_t status;
+ uint32_t tag_len;
uint32_t seq_num;
v128_t iv;
uint32_t tseq;
+ unsigned int mki_size = 0;
/* get tag length from stream context */
- tag_len = auth_get_tag_length(stream->rtcp_auth);
+ tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth);
/*
* set encryption start and encryption length - if we're not
*trailer = 0x00000000; /* set encrypt bit */
}
+ mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len + tag_len + sizeof(srtcp_trailer_t),
+ session_keys, use_mki);
+
/*
* set the auth_tag pointer to the proper location, which is after
* the payload, but before the trailer
* check sequence number for overruns, and copy it into the packet
* if its value isn't too big
*/
- status = rdb_increment(&stream->rtcp_rdb);
+ status = srtp_rdb_increment(&stream->rtcp_rdb);
if (status) {
return status;
}
- seq_num = rdb_get_value(&stream->rtcp_rdb);
+ seq_num = srtp_rdb_get_value(&stream->rtcp_rdb);
*trailer |= htonl(seq_num);
debug_print(mod_srtp, "srtcp index: %x", seq_num);
/*
- * Calculating the IV and pass it down to the cipher
+ * Calculate and set the IV
*/
- srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr);
- status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt);
+ status = srtp_calc_aead_iv_srtcp(session_keys, &iv, seq_num, hdr);
+ if (status) {
+ return srtp_err_status_cipher_fail;
+ }
+ status = srtp_cipher_set_iv(session_keys->rtcp_cipher,
+ (uint8_t*)&iv, srtp_direction_encrypt);
if (status) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/*
* Set the AAD for GCM mode
*/
if (enc_start) {
- /*
- * If payload encryption is enabled, then the AAD consist of
- * the RTCP header and the seq# at the end of the packet
- */
- status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr,
- octets_in_rtcp_header);
- if (status) {
- return ( err_status_cipher_fail);
- }
+ /*
+ * If payload encryption is enabled, then the AAD consist of
+ * the RTCP header and the seq# at the end of the packet
+ */
+ status = srtp_cipher_set_aad(session_keys->rtcp_cipher,
+ (uint8_t*)hdr, octets_in_rtcp_header);
+ if (status) {
+ return ( srtp_err_status_cipher_fail);
+ }
} else {
- /*
- * Since payload encryption is not enabled, we must authenticate
- * the entire packet as described in section 10.3 in revision 07
- * of the draft.
- */
- status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr,
- *pkt_octet_len);
- if (status) {
- return ( err_status_cipher_fail);
- }
+ /*
+ * Since payload encryption is not enabled, we must authenticate
+ * the entire packet as described in RFC 7714 (Section 9.3. Data
+ * Types in Unencrypted SRTCP Compound Packets)
+ */
+ status = srtp_cipher_set_aad(session_keys->rtcp_cipher,
+ (uint8_t*)hdr, *pkt_octet_len);
+ if (status) {
+ return ( srtp_err_status_cipher_fail);
+ }
}
- /*
- * put the idx# into network byte order and process it as AAD
+ /*
+ * Process the sequence# as AAD
*/
- tseq = htonl(*trailer);
- status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq,
- sizeof(srtcp_trailer_t));
+ tseq = *trailer;
+ status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t*)&tseq,
+ sizeof(srtcp_trailer_t));
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
/* if we're encrypting, exor keystream into the message */
if (enc_start) {
- status = cipher_encrypt(stream->rtcp_cipher,
- (uint8_t*)enc_start, &enc_octet_len);
+ status = srtp_cipher_encrypt(session_keys->rtcp_cipher,
+ (uint8_t*)enc_start, &enc_octet_len);
if (status) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
- /*
- * Get the tag and append that to the output
- */
- status = cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag,
- &tag_len);
- if (status) {
- return ( err_status_cipher_fail);
- }
- enc_octet_len += tag_len;
+ /*
+ * Get the tag and append that to the output
+ */
+ status = srtp_cipher_get_tag(session_keys->rtcp_cipher, (uint8_t*)auth_tag,
+ &tag_len);
+ if (status) {
+ return ( srtp_err_status_cipher_fail);
+ }
+ enc_octet_len += tag_len;
} else {
- /*
- * Even though we're not encrypting the payload, we need
- * to run the cipher to get the auth tag.
- */
- unsigned int nolen = 0;
- status = cipher_encrypt(stream->rtcp_cipher, NULL, &nolen);
+ /*
+ * Even though we're not encrypting the payload, we need
+ * to run the cipher to get the auth tag.
+ */
+ unsigned int nolen = 0;
+ status = srtp_cipher_encrypt(session_keys->rtcp_cipher, NULL, &nolen);
if (status) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
- /*
- * Get the tag and append that to the output
- */
- status = cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag,
- &tag_len);
- if (status) {
- return ( err_status_cipher_fail);
- }
- enc_octet_len += tag_len;
+ /*
+ * Get the tag and append that to the output
+ */
+ status = srtp_cipher_get_tag(session_keys->rtcp_cipher, (uint8_t*)auth_tag,
+ &tag_len);
+ if (status) {
+ return ( srtp_err_status_cipher_fail);
+ }
+ enc_octet_len += tag_len;
}
/* increase the packet length by the length of the auth tag and seq_num*/
*pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t));
- return err_status_ok;
+ /* increase the packet by the mki_size */
+ *pkt_octet_len += mki_size;
+
+ return srtp_err_status_ok;
}
/*
* at the end of the packet stream and is automatically checked by GCM
* when decrypting the payload.
*/
-static err_status_t
+static srtp_err_status_t
srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream,
- void *srtcp_hdr, unsigned int *pkt_octet_len)
+ void *srtcp_hdr, unsigned int *pkt_octet_len,
+ srtp_session_keys_t *session_keys, unsigned int use_mki)
{
srtcp_hdr_t *hdr = (srtcp_hdr_t*)srtcp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *trailer; /* pointer to start of trailer */
unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
- err_status_t status;
+ srtp_err_status_t status;
int tag_len;
unsigned int tmp_len;
uint32_t seq_num;
v128_t iv;
uint32_t tseq;
+ unsigned int mki_size = 0;
/* get tag length from stream context */
- tag_len = auth_get_tag_length(stream->rtcp_auth);
+ tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth);
+
+ if (use_mki) {
+ mki_size = session_keys->mki_size;
+ }
/*
* set encryption start, encryption length, and trailer
* NOTE: trailer is 32-bit aligned because RTCP 'packets' are always
* multiples of 32-bits (RFC 3550 6.1)
*/
- trailer = (uint32_t*)((char*)hdr + *pkt_octet_len - sizeof(srtcp_trailer_t));
+ trailer = (uint32_t*)((char*)hdr + *pkt_octet_len - sizeof(srtcp_trailer_t) - mki_size);
/*
* We pass the tag down to the cipher when doing GCM mode
*/
enc_octet_len = *pkt_octet_len - (octets_in_rtcp_header +
- sizeof(srtcp_trailer_t));
- auth_tag = (uint8_t*)hdr + *pkt_octet_len - tag_len - sizeof(srtcp_trailer_t);
+ sizeof(srtcp_trailer_t) + mki_size);
+ auth_tag = (uint8_t*)hdr + *pkt_octet_len - tag_len - mki_size - sizeof(srtcp_trailer_t);
if (*((unsigned char*)trailer) & SRTCP_E_BYTE_BIT) {
enc_start = (uint32_t*)hdr + uint32s_in_rtcp_header;
/* this is easier than dealing with bitfield access */
seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK;
debug_print(mod_srtp, "srtcp index: %x", seq_num);
- status = rdb_check(&stream->rtcp_rdb, seq_num);
+ status = srtp_rdb_check(&stream->rtcp_rdb, seq_num);
if (status) {
return status;
}
/*
* Calculate and set the IV
*/
- srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr);
- status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt);
+ status = srtp_calc_aead_iv_srtcp(session_keys, &iv, seq_num, hdr);
+ if (status) {
+ return srtp_err_status_cipher_fail;
+ }
+ status = srtp_cipher_set_iv(session_keys->rtcp_cipher,
+ (uint8_t*)&iv, srtp_direction_decrypt);
if (status) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/*
* Set the AAD for GCM mode
*/
if (enc_start) {
- /*
- * If payload encryption is enabled, then the AAD consist of
- * the RTCP header and the seq# at the end of the packet
- */
- status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr,
- octets_in_rtcp_header);
- if (status) {
- return ( err_status_cipher_fail);
- }
+ /*
+ * If payload encryption is enabled, then the AAD consist of
+ * the RTCP header and the seq# at the end of the packet
+ */
+ status = srtp_cipher_set_aad(session_keys->rtcp_cipher,
+ (uint8_t*)hdr, octets_in_rtcp_header);
+ if (status) {
+ return ( srtp_err_status_cipher_fail);
+ }
} else {
- /*
- * Since payload encryption is not enabled, we must authenticate
- * the entire packet as described in section 10.3 in revision 07
- * of the draft.
- */
- status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr,
- (*pkt_octet_len - tag_len - sizeof(srtcp_trailer_t)));
- if (status) {
- return ( err_status_cipher_fail);
- }
+ /*
+ * Since payload encryption is not enabled, we must authenticate
+ * the entire packet as described in RFC 7714 (Section 9.3. Data
+ * Types in Unencrypted SRTCP Compound Packets)
+ */
+ status = srtp_cipher_set_aad(
+ session_keys->rtcp_cipher, (uint8_t*)hdr,
+ (*pkt_octet_len - tag_len - sizeof(srtcp_trailer_t) - mki_size));
+ if (status) {
+ return ( srtp_err_status_cipher_fail);
+ }
}
- /*
- * put the idx# into network byte order, and process it as AAD
+ /*
+ * Process the sequence# as AAD
*/
- tseq = htonl(*trailer);
- status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq,
- sizeof(srtcp_trailer_t));
+ tseq = *trailer;
+ status = srtp_cipher_set_aad(session_keys->rtcp_cipher,
+ (uint8_t*)&tseq, sizeof(srtcp_trailer_t));
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
/* if we're decrypting, exor keystream into the message */
if (enc_start) {
- status = cipher_decrypt(stream->rtcp_cipher,
- (uint8_t*)enc_start, &enc_octet_len);
+ status = srtp_cipher_decrypt(session_keys->rtcp_cipher, (uint8_t*)enc_start, &enc_octet_len);
if (status) {
return status;
}
} else {
- /*
- * Still need to run the cipher to check the tag
- */
- tmp_len = tag_len;
- status = cipher_decrypt(stream->rtcp_cipher, (uint8_t*)auth_tag,
- &tmp_len);
+ /*
+ * Still need to run the cipher to check the tag
+ */
+ tmp_len = tag_len;
+ status = srtp_cipher_decrypt(session_keys->rtcp_cipher, (uint8_t*)auth_tag, &tmp_len);
if (status) {
return status;
}
}
/* decrease the packet length by the length of the auth tag and seq_num*/
- *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t));
+ *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t) + mki_size);
/*
* verify that stream is for received traffic - this check will
}
/* we've passed the authentication check, so add seq_num to the rdb */
- rdb_add_index(&stream->rtcp_rdb, seq_num);
+ srtp_rdb_add_index(&stream->rtcp_rdb, seq_num);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) {
+ return srtp_protect_rtcp_mki(ctx, rtcp_hdr, pkt_octet_len, 0, 0);
+}
+
+srtp_err_status_t
+srtp_protect_rtcp_mki(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len,
+ unsigned int use_mki, unsigned int mki_index) {
srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *auth_start; /* pointer to start of auth. portion */
uint32_t *trailer; /* pointer to start of trailer */
unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
- err_status_t status;
+ srtp_err_status_t status;
int tag_len;
srtp_stream_ctx_t *stream;
- int prefix_len;
+ uint32_t prefix_len;
uint32_t seq_num;
+ unsigned int mki_size = 0;
+ srtp_session_keys_t *session_keys = NULL;
/* we assume the hdr is 32-bit aligned to start */
/* check the packet length - it must at least contain a full header */
if (*pkt_octet_len < octets_in_rtcp_header)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/*
* look up ssrc in srtp_stream list, and process the packet with
stream = new_stream;
} else {
/* no template stream, so we return an error */
- return err_status_no_ctx;
+ return srtp_err_status_no_ctx;
}
}
}
}
+ session_keys = srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index);
+
/*
* Check if this is an AEAD stream (GCM mode). If so, then dispatch
* the request to our AEAD handler.
*/
- if (stream->rtp_cipher->algorithm == AES_128_GCM ||
- stream->rtp_cipher->algorithm == AES_256_GCM) {
- return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr, (unsigned int*)pkt_octet_len);
+ if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 ||
+ session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) {
+ return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr,
+ (unsigned int*)pkt_octet_len, session_keys,
+ use_mki);
}
/* get tag length from stream context */
- tag_len = auth_get_tag_length(stream->rtcp_auth);
+ tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth);
/*
* set encryption start and encryption length - if we're not
*trailer = 0x00000000; /* set encrypt bit */
}
+ mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t),
+ session_keys, use_mki);
+
/*
* set the auth_start and auth_tag pointers to the proper locations
* (note that srtpc *always* provides authentication, unlike srtp)
*/
/* Note: This would need to change for optional mikey data */
auth_start = (uint32_t *)hdr;
- auth_tag = (uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t);
+ auth_tag = (uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t) + mki_size;
/* perform EKT processing if needed */
- ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len,
- rdbx_get_packet_index(&stream->rtp_rdbx));
+ srtp_ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len,
+ srtp_rdbx_get_packet_index(&stream->rtp_rdbx));
/*
* check sequence number for overruns, and copy it into the packet
* if its value isn't too big
*/
- status = rdb_increment(&stream->rtcp_rdb);
+ status = srtp_rdb_increment(&stream->rtcp_rdb);
if (status)
return status;
- seq_num = rdb_get_value(&stream->rtcp_rdb);
+ seq_num = srtp_rdb_get_value(&stream->rtcp_rdb);
*trailer |= htonl(seq_num);
debug_print(mod_srtp, "srtcp index: %x", seq_num);
/*
* if we're using rindael counter mode, set nonce and seq
*/
- if (stream->rtcp_cipher->type->id == AES_ICM) {
+ if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_128 ||
+ session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_192 ||
+ session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_256) {
v128_t iv;
iv.v32[0] = 0;
iv.v32[1] = hdr->ssrc; /* still in network order! */
iv.v32[2] = htonl(seq_num >> 16);
iv.v32[3] = htonl(seq_num << 16);
- status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt);
+ status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t*)&iv,
+ srtp_direction_encrypt);
} else {
v128_t iv;
iv.v32[1] = 0;
iv.v32[2] = 0;
iv.v32[3] = htonl(seq_num);
- status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt);
+ status = srtp_cipher_set_iv(session_keys->rtcp_cipher,
+ (uint8_t*)&iv, srtp_direction_encrypt);
}
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
/*
* if we're authenticating using a universal hash, put the keystream
if (auth_start) {
/* put keystream prefix into auth_tag */
- prefix_len = auth_get_prefix_length(stream->rtcp_auth);
- status = cipher_output(stream->rtcp_cipher, auth_tag, prefix_len);
+ prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth);
+ status = srtp_cipher_output(session_keys->rtcp_cipher, auth_tag, &prefix_len);
debug_print(mod_srtp, "keystream prefix: %s",
- octet_string_hex_string(auth_tag, prefix_len));
+ srtp_octet_string_hex_string(auth_tag, prefix_len));
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/* if we're encrypting, exor keystream into the message */
if (enc_start) {
- status = cipher_encrypt(stream->rtcp_cipher,
- (uint8_t *)enc_start, &enc_octet_len);
+ status = srtp_cipher_encrypt(session_keys->rtcp_cipher,
+ (uint8_t *)enc_start, &enc_octet_len);
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/* initialize auth func context */
- auth_start(stream->rtcp_auth);
+ srtp_auth_start(session_keys->rtcp_auth);
/*
* run auth func over packet (including trailer), and write the
* result at auth_tag
*/
- status = auth_compute(stream->rtcp_auth,
+ status = srtp_auth_compute(session_keys->rtcp_auth,
(uint8_t *)auth_start,
(*pkt_octet_len) + sizeof(srtcp_trailer_t),
auth_tag);
debug_print(mod_srtp, "srtcp auth tag: %s",
- octet_string_hex_string(auth_tag, tag_len));
+ srtp_octet_string_hex_string(auth_tag, tag_len));
if (status)
- return err_status_auth_fail;
+ return srtp_err_status_auth_fail;
/* increase the packet length by the length of the auth tag and seq_num*/
*pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t));
+
+ /* increase the packet by the mki_size */
+ *pkt_octet_len += mki_size;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
+ return srtp_unprotect_rtcp_mki(ctx, srtcp_hdr, pkt_octet_len, 0);
+}
+
+srtp_err_status_t
+srtp_unprotect_rtcp_mki(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len,
+ unsigned int use_mki) {
srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
uint32_t *auth_start; /* pointer to start of auth. portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
uint8_t tmp_tag[SRTP_MAX_TAG_LEN];
uint8_t tag_copy[SRTP_MAX_TAG_LEN];
- err_status_t status;
+ srtp_err_status_t status;
unsigned int auth_len;
int tag_len;
srtp_stream_ctx_t *stream;
- int prefix_len;
+ uint32_t prefix_len;
uint32_t seq_num;
int e_bit_in_packet; /* whether the E-bit was found in the packet */
int sec_serv_confidentiality; /* whether confidentiality was requested */
+ unsigned int mki_size = 0;
+ srtp_session_keys_t *session_keys = NULL;
/* we assume the hdr is 32-bit aligned to start */
know the tag length, but we at least want to know that it is
a positive value */
if (*pkt_octet_len < octets_in_rtcp_header + sizeof(srtcp_trailer_t))
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/*
* look up ssrc in srtp_stream list, and process the packet with
}
debug_print(mod_srtp, "srtcp using provisional stream (SSRC: 0x%08x)",
- hdr->ssrc);
+ ntohl(hdr->ssrc));
} else {
/* no template stream, so we return an error */
- return err_status_no_ctx;
+ return srtp_err_status_no_ctx;
}
}
-
+
+ /*
+ * Determine if MKI is being used and what session keys should be used
+ */
+ if (use_mki) {
+ session_keys = srtp_get_session_keys(stream, (uint8_t *)hdr,
+ (const unsigned int*)pkt_octet_len,
+ &mki_size);
+
+ if (session_keys == NULL)
+ return srtp_err_status_bad_mki;
+ } else {
+ session_keys = &stream->session_keys[0];
+ }
+
+
/* get tag length from stream context */
- tag_len = auth_get_tag_length(stream->rtcp_auth);
+ tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth);
/* check the packet length - it must contain at least a full RTCP
header, an auth tag (if applicable), and the SRTCP encrypted flag
and 31-bit index value */
- if (*pkt_octet_len < (octets_in_rtcp_header + tag_len + sizeof(srtcp_trailer_t))) {
- return err_status_bad_param;
+ if (*pkt_octet_len < (int) (octets_in_rtcp_header + tag_len + mki_size + sizeof(srtcp_trailer_t))) {
+ return srtp_err_status_bad_param;
}
/*
* Check if this is an AEAD stream (GCM mode). If so, then dispatch
* the request to our AEAD handler.
*/
- if (stream->rtp_cipher->algorithm == AES_128_GCM ||
- stream->rtp_cipher->algorithm == AES_256_GCM) {
- return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr, (unsigned int*)pkt_octet_len);
+ if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 ||
+ session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) {
+ return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr,
+ (unsigned int*)pkt_octet_len, session_keys,
+ mki_size);
}
sec_serv_confidentiality = stream->rtcp_services == sec_serv_conf ||
* set encryption start, encryption length, and trailer
*/
enc_octet_len = *pkt_octet_len -
- (octets_in_rtcp_header + tag_len + sizeof(srtcp_trailer_t));
+ (octets_in_rtcp_header + tag_len + mki_size + sizeof(srtcp_trailer_t));
/* index & E (encryption) bit follow normal data. hdr->len
is the number of words (32-bit) in the normal packet minus 1 */
/* This should point trailer to the word past the end of the
* multiples of 32-bits (RFC 3550 6.1)
*/
trailer = (uint32_t *) ((char *) hdr +
- *pkt_octet_len -(tag_len + sizeof(srtcp_trailer_t)));
+ *pkt_octet_len -(tag_len + mki_size + sizeof(srtcp_trailer_t)));
e_bit_in_packet =
(*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT;
if (e_bit_in_packet != sec_serv_confidentiality) {
- return err_status_cant_check;
+ return srtp_err_status_cant_check;
}
if (sec_serv_confidentiality) {
enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header;
* (note that srtcp *always* uses authentication, unlike srtp)
*/
auth_start = (uint32_t *)hdr;
- auth_len = *pkt_octet_len - tag_len;
- auth_tag = (uint8_t *)hdr + auth_len;
+
+ /*
+ * The location of the auth tag in the packet needs to know MKI
+ * could be present. The data needed to calculate the Auth tag
+ * must not include the MKI
+ */
+ auth_len = *pkt_octet_len - tag_len - mki_size;
+ auth_tag = (uint8_t *)hdr + auth_len + mki_size;
/*
* if EKT is in use, then we make a copy of the tag from the packet,
* the base tag
*/
if (stream->ekt) {
- auth_tag -= ekt_octets_after_base_tag(stream->ekt);
+ auth_tag -= srtp_ekt_octets_after_base_tag(stream->ekt);
memcpy(tag_copy, auth_tag, tag_len);
octet_string_set_to_zero(auth_tag, tag_len);
auth_tag = tag_copy;
/* this is easier than dealing with bitfield access */
seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK;
debug_print(mod_srtp, "srtcp index: %x", seq_num);
- status = rdb_check(&stream->rtcp_rdb, seq_num);
+ status = srtp_rdb_check(&stream->rtcp_rdb, seq_num);
if (status)
return status;
/*
* if we're using aes counter mode, set nonce and seq
*/
- if (stream->rtcp_cipher->type->id == AES_ICM) {
+ if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_128 ||
+ session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_192 ||
+ session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_256) {
v128_t iv;
iv.v32[0] = 0;
iv.v32[1] = hdr->ssrc; /* still in network order! */
iv.v32[2] = htonl(seq_num >> 16);
iv.v32[3] = htonl(seq_num << 16);
- status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt);
+ status = srtp_cipher_set_iv(session_keys->rtcp_cipher,
+ (uint8_t*)&iv, srtp_direction_decrypt);
} else {
v128_t iv;
iv.v32[1] = 0;
iv.v32[2] = 0;
iv.v32[3] = htonl(seq_num);
- status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt);
+ status = srtp_cipher_set_iv(session_keys->rtcp_cipher,
+ (uint8_t*)&iv, srtp_direction_decrypt);
}
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
/* initialize auth func context */
- auth_start(stream->rtcp_auth);
+ srtp_auth_start(session_keys->rtcp_auth);
/* run auth func over packet, put result into tmp_tag */
- status = auth_compute(stream->rtcp_auth, (uint8_t *)auth_start,
+ status = srtp_auth_compute(session_keys->rtcp_auth, (uint8_t *)auth_start,
auth_len, tmp_tag);
debug_print(mod_srtp, "srtcp computed tag: %s",
- octet_string_hex_string(tmp_tag, tag_len));
+ srtp_octet_string_hex_string(tmp_tag, tag_len));
if (status)
- return err_status_auth_fail;
+ return srtp_err_status_auth_fail;
/* compare the tag just computed with the one in the packet */
debug_print(mod_srtp, "srtcp tag from packet: %s",
- octet_string_hex_string(auth_tag, tag_len));
+ srtp_octet_string_hex_string(auth_tag, tag_len));
if (octet_string_is_eq(tmp_tag, auth_tag, tag_len))
- return err_status_auth_fail;
+ return srtp_err_status_auth_fail;
/*
* if we're authenticating using a universal hash, put the keystream
* prefix into the authentication tag
*/
- prefix_len = auth_get_prefix_length(stream->rtcp_auth);
+ prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth);
if (prefix_len) {
- status = cipher_output(stream->rtcp_cipher, auth_tag, prefix_len);
+ status = srtp_cipher_output(session_keys->rtcp_cipher, auth_tag, &prefix_len);
debug_print(mod_srtp, "keystream prefix: %s",
- octet_string_hex_string(auth_tag, prefix_len));
+ srtp_octet_string_hex_string(auth_tag, prefix_len));
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/* if we're decrypting, exor keystream into the message */
if (enc_start) {
- status = cipher_decrypt(stream->rtcp_cipher,
- (uint8_t *)enc_start, &enc_octet_len);
+ status = srtp_cipher_decrypt(session_keys->rtcp_cipher, (uint8_t *)enc_start,
+ &enc_octet_len);
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/* decrease the packet length by the length of the auth tag and seq_num */
*pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t));
+ /* decrease the packet length by the length of the mki_size */
+ *pkt_octet_len -= mki_size;
+
/*
* if EKT is in effect, subtract the EKT data out of the packet
* length
*/
- *pkt_octet_len -= ekt_octets_after_base_tag(stream->ekt);
+ *pkt_octet_len -= srtp_ekt_octets_after_base_tag(stream->ekt);
/*
* verify that stream is for received traffic - this check will
}
/* we've passed the authentication check, so add seq_num to the rdb */
- rdb_add_index(&stream->rtcp_rdb, seq_num);
+ srtp_rdb_add_index(&stream->rtcp_rdb, seq_num);
- return err_status_ok;
+ return srtp_err_status_ok;
+}
+
+
+/*
+ * user data within srtp_t context
+ */
+
+void
+srtp_set_user_data(srtp_t ctx, void *data) {
+ ctx->user_data = data;
}
+void*
+srtp_get_user_data(srtp_t ctx) {
+ return ctx->user_data;
+}
/*
* dtls keying for srtp
*/
-err_status_t
-crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy,
- srtp_profile_t profile) {
+srtp_err_status_t
+srtp_crypto_policy_set_from_profile_for_rtp(srtp_crypto_policy_t *policy,
+ srtp_profile_t profile) {
/* set SRTP policy from the SRTP profile in the key set */
switch(profile) {
case srtp_profile_aes128_cm_sha1_80:
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
break;
case srtp_profile_aes128_cm_sha1_32:
- crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
break;
case srtp_profile_null_sha1_80:
- crypto_policy_set_null_cipher_hmac_sha1_80(policy);
+ srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy);
break;
- case srtp_profile_aes256_cm_sha1_80:
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+#if defined(OPENSSL)
+ case srtp_profile_aead_aes_128_gcm:
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(policy);
break;
- case srtp_profile_aes256_cm_sha1_32:
- crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
+ case srtp_profile_aead_aes_256_gcm:
+ srtp_crypto_policy_set_aes_gcm_256_16_auth(policy);
break;
+#endif
/* the following profiles are not (yet) supported */
case srtp_profile_null_sha1_32:
default:
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy,
- srtp_profile_t profile) {
+srtp_err_status_t
+srtp_crypto_policy_set_from_profile_for_rtcp(srtp_crypto_policy_t *policy,
+ srtp_profile_t profile) {
/* set SRTP policy from the SRTP profile in the key set */
switch(profile) {
case srtp_profile_aes128_cm_sha1_80:
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
break;
case srtp_profile_aes128_cm_sha1_32:
/* We do not honor the 32-bit auth tag request since
* this is not compliant with RFC 3711 */
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
break;
case srtp_profile_null_sha1_80:
- crypto_policy_set_null_cipher_hmac_sha1_80(policy);
+ srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy);
break;
- case srtp_profile_aes256_cm_sha1_80:
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+#if defined(OPENSSL)
+ case srtp_profile_aead_aes_128_gcm:
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(policy);
break;
- case srtp_profile_aes256_cm_sha1_32:
- /* We do not honor the 32-bit auth tag request since
- * this is not compliant with RFC 3711 */
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+ case srtp_profile_aead_aes_256_gcm:
+ srtp_crypto_policy_set_aes_gcm_256_16_auth(policy);
break;
+#endif
/* the following profiles are not (yet) supported */
case srtp_profile_null_sha1_32:
default:
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-void
-append_salt_to_key(uint8_t *key, unsigned int bytes_in_key,
- uint8_t *salt, unsigned int bytes_in_salt) {
-
+void srtp_append_salt_to_key(uint8_t *key, unsigned int bytes_in_key, uint8_t *salt, unsigned int bytes_in_salt) {
memcpy(key + bytes_in_key, salt, bytes_in_salt);
-
}
unsigned int
switch(profile) {
case srtp_profile_aes128_cm_sha1_80:
- return 16;
+ return SRTP_AES_128_KEY_LEN;
break;
case srtp_profile_aes128_cm_sha1_32:
- return 16;
+ return SRTP_AES_128_KEY_LEN;
break;
case srtp_profile_null_sha1_80:
- return 16;
+ return SRTP_AES_128_KEY_LEN;
break;
- case srtp_profile_aes256_cm_sha1_80:
- return 32;
+ case srtp_profile_aead_aes_128_gcm:
+ return SRTP_AES_128_KEY_LEN;
break;
- case srtp_profile_aes256_cm_sha1_32:
- return 32;
+ case srtp_profile_aead_aes_256_gcm:
+ return SRTP_AES_256_KEY_LEN;
break;
/* the following profiles are not (yet) supported */
case srtp_profile_null_sha1_32:
switch(profile) {
case srtp_profile_aes128_cm_sha1_80:
- return 14;
+ return SRTP_SALT_LEN;
break;
case srtp_profile_aes128_cm_sha1_32:
- return 14;
+ return SRTP_SALT_LEN;
break;
case srtp_profile_null_sha1_80:
- return 14;
+ return SRTP_SALT_LEN;
break;
- case srtp_profile_aes256_cm_sha1_80:
- return 14;
+ case srtp_profile_aead_aes_128_gcm:
+ return SRTP_AEAD_SALT_LEN;
break;
- case srtp_profile_aes256_cm_sha1_32:
- return 14;
+ case srtp_profile_aead_aes_256_gcm:
+ return SRTP_AEAD_SALT_LEN;
break;
/* the following profiles are not (yet) supported */
case srtp_profile_null_sha1_32:
return 0; /* indicate error by returning a zero */
}
}
+
+srtp_err_status_t
+srtp_get_protect_trailer_length(srtp_t session,
+ uint32_t use_mki,
+ uint32_t mki_index,
+ uint32_t *length)
+{
+ srtp_stream_ctx_t *stream;
+
+ if (session == NULL)
+ return srtp_err_status_bad_param;
+
+ *length = 0;
+
+ /* Try obtaining stream from stream_list */
+ stream = session->stream_list;
+
+ if (stream == NULL) {
+ /* Try obtaining the template stream */
+ stream = session->stream_template;
+ }
+
+ if (stream == NULL) {
+ return srtp_err_status_bad_param;
+ }
+
+ if (use_mki) {
+ if (mki_index > stream->num_master_keys)
+ return srtp_err_status_bad_mki;
+
+ *length += stream->session_keys[mki_index].mki_size;
+ *length += srtp_auth_get_tag_length(stream->session_keys[mki_index].rtp_auth);
+ } else {
+ *length += srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth);
+ }
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t
+srtp_get_protect_rtcp_trailer_length(srtp_t session,
+ uint32_t use_mki,
+ uint32_t mki_index,
+ uint32_t *length)
+{
+ srtp_stream_ctx_t *stream;
+
+ if (session == NULL)
+ return srtp_err_status_bad_param;
+
+ *length = 0;
+
+ /* Try obtaining stream from stream_list */
+ stream = session->stream_list;
+
+ if (stream == NULL) {
+ /* Try obtaining the template stream */
+ stream = session->stream_template;
+ }
+
+ if (stream == NULL) {
+ return srtp_err_status_bad_param;
+ }
+
+ if (use_mki) {
+ if (mki_index > stream->num_master_keys)
+ return srtp_err_status_bad_mki;
+
+ *length += stream->session_keys[mki_index].mki_size;
+ *length += srtp_auth_get_tag_length(stream->session_keys[mki_index].rtcp_auth);
+ } else {
+ *length += srtp_auth_get_tag_length(stream->session_keys[0].rtcp_auth);
+ }
+
+ *length += sizeof(srtcp_trailer_t);
+
+ return srtp_err_status_ok;
+}
+
+
+/*
+ * SRTP debug interface
+ */
+srtp_err_status_t srtp_set_debug_module(const char *mod_name, int v)
+{
+ return srtp_crypto_kernel_set_debug_module(mod_name, v);
+}
+
+srtp_err_status_t srtp_list_debug_modules(void)
+{
+ return srtp_crypto_kernel_list_debug_modules();
+}
+
+/*
+ * srtp_log_handler is a global variable holding a pointer to the
+ * log handler function; this function is called for any log
+ * output.
+ */
+
+static srtp_log_handler_func_t *srtp_log_handler = NULL;
+static void * srtp_log_handler_data = NULL;
+
+void srtp_err_handler(srtp_err_reporting_level_t level, const char * msg)
+{
+ if (srtp_log_handler) {
+ srtp_log_level_t log_level = srtp_log_level_error;
+ switch(level) {
+ case srtp_err_level_error: log_level = srtp_log_level_error; break;
+ case srtp_err_level_warning: log_level = srtp_log_level_warning; break;
+ case srtp_err_level_info: log_level = srtp_log_level_info; break;
+ case srtp_err_level_debug: log_level = srtp_log_level_debug; break;
+ }
+
+ srtp_log_handler(log_level, msg, srtp_log_handler_data);
+ }
+}
+
+srtp_err_status_t srtp_install_log_handler(srtp_log_handler_func_t func, void * data)
+{
+
+ /*
+ * note that we accept NULL arguments intentionally - calling this
+ * function with a NULL arguments removes a log handler that's
+ * been previously installed
+ */
+
+ if (srtp_log_handler) {
+ srtp_install_err_report_handler(NULL);
+ }
+ srtp_log_handler = func;
+ srtp_log_handler_data = data;
+ if (srtp_log_handler) {
+ srtp_install_err_report_handler(srtp_err_handler);
+ }
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t
+srtp_set_stream_roc(srtp_t session, uint32_t ssrc, uint32_t roc) {
+ srtp_stream_t stream;
+
+ stream = srtp_get_stream(session, htonl(ssrc));
+ if (stream == NULL)
+ return srtp_err_status_bad_param;
+
+ stream->pending_roc = roc;
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t
+srtp_get_stream_roc(srtp_t session, uint32_t ssrc, uint32_t *roc) {
+ srtp_stream_t stream;
+
+ stream = srtp_get_stream(session, htonl(ssrc));
+ if (stream == NULL)
+ return srtp_err_status_bad_param;
+
+ *roc = srtp_rdbx_get_roc(&stream->rtp_rdbx);
+
+ return srtp_err_status_ok;
+}
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+ <ProjectConfiguration Include="Debug Dll|Win32">
+ <Configuration>Debug Dll</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Debug Dll|x64">
+ <Configuration>Debug Dll</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Debug|Win32">
+ <Configuration>Debug</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Debug|x64">
+ <Configuration>Debug</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release Dll|Win32">
+ <Configuration>Release Dll</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release Dll|x64">
+ <Configuration>Release Dll</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|Win32">
+ <Configuration>Release</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|x64">
+ <Configuration>Release</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+ <ProjectGuid>{EEF031CB-FED8-451E-A471-91EC8D4F6750}</ProjectGuid>
+ <RootNamespace>srtp2</RootNamespace>
+ <Keyword>Win32Proj</Keyword>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'" Label="Configuration">
+ <ConfigurationType>DynamicLibrary</ConfigurationType>
+ <PlatformToolset>v140</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'" Label="Configuration">
+ <ConfigurationType>DynamicLibrary</ConfigurationType>
+ <PlatformToolset>v140</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'" Label="Configuration">
+ <ConfigurationType>DynamicLibrary</ConfigurationType>
+ <PlatformToolset>v140</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'" Label="Configuration">
+ <ConfigurationType>DynamicLibrary</ConfigurationType>
+ <PlatformToolset>v140</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+ <ConfigurationType>StaticLibrary</ConfigurationType>
+ <PlatformToolset>v140</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+ <ConfigurationType>StaticLibrary</ConfigurationType>
+ <PlatformToolset>v140</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+ <ConfigurationType>StaticLibrary</ConfigurationType>
+ <PlatformToolset>v140</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+ <ConfigurationType>StaticLibrary</ConfigurationType>
+ <PlatformToolset>v140</PlatformToolset>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ImportGroup Label="ExtensionSettings">
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup>
+ <_ProjectFileVersion>12.0.30501.0</_ProjectFileVersion>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+ <IntDir>$(Configuration)\</IntDir>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+ <IntDir>$(Configuration)\</IntDir>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">
+ <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+ <IntDir>$(Configuration)\</IntDir>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'">
+ <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+ <IntDir>$(Configuration)\</IntDir>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'" />
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <PreBuildEvent>
+ <Message>Creating config.h from config.hw</Message>
+ <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" > NUL</Command>
+ </PreBuildEvent>
+ <CustomBuildStep>
+ <Message />
+ <Command />
+ </CustomBuildStep>
+ <ClCompile>
+ <Optimization>Disabled</Optimization>
+ <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <MinimalRebuild>true</MinimalRebuild>
+ <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+ <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+ <StructMemberAlignment>Default</StructMemberAlignment>
+ <PrecompiledHeader />
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <PreBuildEvent>
+ <Message>Creating config.h from config.hw</Message>
+ <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" > NUL</Command>
+ </PreBuildEvent>
+ <CustomBuildStep>
+ <Message>
+ </Message>
+ <Command>
+ </Command>
+ </CustomBuildStep>
+ <ClCompile>
+ <Optimization>Disabled</Optimization>
+ <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+ <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+ <StructMemberAlignment>Default</StructMemberAlignment>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <PreBuildEvent>
+ <Message>Creating config.h from config.hw</Message>
+ <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" > NUL</Command>
+ </PreBuildEvent>
+ <CustomBuildStep>
+ <Message />
+ <Command />
+ </CustomBuildStep>
+ <ClCompile>
+ <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+ <StructMemberAlignment>Default</StructMemberAlignment>
+ <PrecompiledHeader />
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <PreBuildEvent>
+ <Message>Creating config.h from config.hw</Message>
+ <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" > NUL</Command>
+ </PreBuildEvent>
+ <CustomBuildStep>
+ <Message>
+ </Message>
+ <Command>
+ </Command>
+ </CustomBuildStep>
+ <ClCompile>
+ <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+ <StructMemberAlignment>Default</StructMemberAlignment>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">
+ <PreBuildEvent>
+ <Message>Creating config.h from config.hw</Message>
+ <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" > NUL</Command>
+ </PreBuildEvent>
+ <CustomBuildStep>
+ <Message />
+ <Command />
+ </CustomBuildStep>
+ <ClCompile>
+ <Optimization>Disabled</Optimization>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <MinimalRebuild>true</MinimalRebuild>
+ <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+ <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+ <StructMemberAlignment>Default</StructMemberAlignment>
+ <PrecompiledHeader />
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ </ClCompile>
+ <Link>
+ <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile>
+ <OptimizeReferences>false</OptimizeReferences>
+ <EnableCOMDATFolding>false</EnableCOMDATFolding>
+ <LinkTimeCodeGeneration />
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">
+ <PreBuildEvent>
+ <Message>Creating config.h from config.hw</Message>
+ <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" > NUL</Command>
+ </PreBuildEvent>
+ <CustomBuildStep>
+ <Message>
+ </Message>
+ <Command>
+ </Command>
+ </CustomBuildStep>
+ <ClCompile>
+ <Optimization>Disabled</Optimization>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+ <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+ <StructMemberAlignment>Default</StructMemberAlignment>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+ </ClCompile>
+ <Link>
+ <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile>
+ <OptimizeReferences>false</OptimizeReferences>
+ <EnableCOMDATFolding>false</EnableCOMDATFolding>
+ <LinkTimeCodeGeneration>
+ </LinkTimeCodeGeneration>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'">
+ <PreBuildEvent>
+ <Message>Creating config.h from config.hw</Message>
+ <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" > NUL</Command>
+ </PreBuildEvent>
+ <CustomBuildStep>
+ <Message />
+ <Command />
+ </CustomBuildStep>
+ <ClCompile>
+ <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+ <StructMemberAlignment>Default</StructMemberAlignment>
+ <PrecompiledHeader />
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+ </ClCompile>
+ <Link>
+ <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'">
+ <PreBuildEvent>
+ <Message>Creating config.h from config.hw</Message>
+ <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" > NUL</Command>
+ </PreBuildEvent>
+ <CustomBuildStep>
+ <Message>
+ </Message>
+ <Command>
+ </Command>
+ </CustomBuildStep>
+ <ClCompile>
+ <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
+ <StructMemberAlignment>Default</StructMemberAlignment>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <WarningLevel>Level3</WarningLevel>
+ <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+ </ClCompile>
+ <Link>
+ <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemGroup>
+ <ClCompile Include="crypto\cipher\aes.c">
+ <InlineFunctionExpansion Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">Default</InlineFunctionExpansion>
+ <InlineFunctionExpansion Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">Default</InlineFunctionExpansion>
+ <IntrinsicFunctions Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">false</IntrinsicFunctions>
+ <IntrinsicFunctions Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">false</IntrinsicFunctions>
+ <FunctionLevelLinking Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">false</FunctionLevelLinking>
+ <FunctionLevelLinking Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">false</FunctionLevelLinking>
+ </ClCompile>
+ <ClCompile Include="crypto\cipher\aes_icm.c" />
+ <ClCompile Include="crypto\cipher\cipher.c" />
+ <ClCompile Include="crypto\cipher\null_cipher.c" />
+ <ClCompile Include="crypto\hash\auth.c" />
+ <ClCompile Include="crypto\hash\hmac.c" />
+ <ClCompile Include="crypto\hash\null_auth.c" />
+ <ClCompile Include="crypto\hash\sha1.c" />
+ <ClCompile Include="crypto\kernel\alloc.c" />
+ <ClCompile Include="crypto\kernel\crypto_kernel.c" />
+ <ClCompile Include="crypto\kernel\err.c" />
+ <ClCompile Include="crypto\kernel\key.c" />
+ <ClCompile Include="crypto\math\datatypes.c" />
+ <ClCompile Include="crypto\math\stat.c" />
+ <ClCompile Include="crypto\replay\rdb.c" />
+ <ClCompile Include="crypto\replay\rdbx.c" />
+ <ClCompile Include="crypto\replay\ut_sim.c" />
+ <ClCompile Include="srtp\ekt.c" />
+ <ClCompile Include="srtp\srtp.c" />
+ </ItemGroup>
+ <ItemGroup>
+ <ClInclude Include="crypto\include\aes.h" />
+ <ClInclude Include="crypto\include\aes_cbc.h" />
+ <ClInclude Include="crypto\include\aes_icm.h" />
+ <ClInclude Include="crypto\include\alloc.h" />
+ <ClInclude Include="crypto\include\auth.h" />
+ <ClInclude Include="crypto\include\cipher.h" />
+ <ClInclude Include="crypto\include\config.h" />
+ <ClInclude Include="crypto\include\crypto.h" />
+ <ClInclude Include="crypto\include\cryptoalg.h" />
+ <ClInclude Include="crypto\include\crypto_kernel.h" />
+ <ClInclude Include="crypto\include\crypto_types.h" />
+ <ClInclude Include="crypto\include\datatypes.h" />
+ <ClInclude Include="crypto\include\err.h" />
+ <ClInclude Include="crypto\include\gf2_8.h" />
+ <ClInclude Include="crypto\include\hmac.h" />
+ <ClInclude Include="crypto\include\integers.h" />
+ <ClInclude Include="crypto\include\key.h" />
+ <ClInclude Include="crypto\include\null_auth.h" />
+ <ClInclude Include="crypto\include\null_cipher.h" />
+ <ClInclude Include="crypto\include\prng.h" />
+ <ClInclude Include="crypto\include\rand_source.h" />
+ <ClInclude Include="crypto\include\rdb.h" />
+ <ClInclude Include="crypto\include\rdbx.h" />
+ <ClInclude Include="crypto\include\sha1.h" />
+ <ClInclude Include="crypto\include\stat.h" />
+ <ClInclude Include="include\ekt.h" />
+ <ClInclude Include="include\srtp.h" />
+ <ClInclude Include="include\srtp_priv.h" />
+ <ClInclude Include="include\ut_sim.h" />
+ </ItemGroup>
+ <ItemGroup>
+ <None Include="config.hw" />
+ <None Include="srtp.def" />
+ </ItemGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+ <ImportGroup Label="ExtensionTargets">
+ </ImportGroup>
+</Project>
\ No newline at end of file
-<?xml version="1.0" encoding="utf-8"?>\r
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">\r
- <ItemGroup>\r
- <Filter Include="Source Files">\r
- <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>\r
- <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>\r
- </Filter>\r
- <Filter Include="Source Files\Kernel">\r
- <UniqueIdentifier>{7633dd78-47bb-43bb-9ba1-4ab7d89873d1}</UniqueIdentifier>\r
- </Filter>\r
- <Filter Include="Source Files\Ciphers">\r
- <UniqueIdentifier>{532f3250-40ff-4a34-a071-f7bccfde71e2}</UniqueIdentifier>\r
- </Filter>\r
- <Filter Include="Source Files\Hashes">\r
- <UniqueIdentifier>{8343a503-59a3-4af7-bed6-6d6439001561}</UniqueIdentifier>\r
- </Filter>\r
- <Filter Include="Source Files\Replay">\r
- <UniqueIdentifier>{dfda6cc2-cf2f-4b3d-ad48-6bfe332ec0c1}</UniqueIdentifier>\r
- </Filter>\r
- <Filter Include="Source Files\Math">\r
- <UniqueIdentifier>{67144ed7-fb0e-4c22-96a4-1be71053e80f}</UniqueIdentifier>\r
- </Filter>\r
- <Filter Include="Header Files">\r
- <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>\r
- <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>\r
- </Filter>\r
- <Filter Include="Resource Files">\r
- <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>\r
- <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>\r
- </Filter>\r
- </ItemGroup>\r
- <ItemGroup>\r
- <ClCompile Include="srtp\srtp.c">\r
- <Filter>Source Files</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\kernel\alloc.c">\r
- <Filter>Source Files\Kernel</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\kernel\crypto_kernel.c">\r
- <Filter>Source Files\Kernel</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\rng\ctr_prng.c">\r
- <Filter>Source Files\Kernel</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\kernel\err.c">\r
- <Filter>Source Files\Kernel</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\kernel\key.c">\r
- <Filter>Source Files\Kernel</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\rng\prng.c">\r
- <Filter>Source Files\Kernel</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\rng\rand_source.c">\r
- <Filter>Source Files\Kernel</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\cipher\aes.c">\r
- <Filter>Source Files\Ciphers</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\cipher\aes_cbc.c">\r
- <Filter>Source Files\Ciphers</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\cipher\cipher.c">\r
- <Filter>Source Files\Ciphers</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\cipher\null_cipher.c">\r
- <Filter>Source Files\Ciphers</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\hash\auth.c">\r
- <Filter>Source Files\Hashes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\hash\null_auth.c">\r
- <Filter>Source Files\Hashes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\replay\rdb.c">\r
- <Filter>Source Files\Replay</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\replay\rdbx.c">\r
- <Filter>Source Files\Replay</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\replay\ut_sim.c">\r
- <Filter>Source Files\Replay</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\math\datatypes.c">\r
- <Filter>Source Files\Math</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\math\stat.c">\r
- <Filter>Source Files\Math</Filter>\r
- </ClCompile>\r
- <ClCompile Include="srtp\ekt.c">\r
- <Filter>Source Files</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\hash\hmac_ossl.c">\r
- <Filter>Source Files\Hashes</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\cipher\aes_gcm_ossl.c">\r
- <Filter>Source Files\Ciphers</Filter>\r
- </ClCompile>\r
- <ClCompile Include="crypto\cipher\aes_icm_ossl.c">\r
- <Filter>Source Files\Ciphers</Filter>\r
- </ClCompile>\r
- </ItemGroup>\r
- <ItemGroup>\r
- <ClInclude Include="crypto\include\aes.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\aes_cbc.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\aes_icm.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\alloc.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\auth.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\cipher.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\config.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\crypto.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\crypto_kernel.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\crypto_math.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\crypto_types.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\cryptoalg.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\datatypes.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\err.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\gf2_8.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\hmac.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\integers.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\kernel_compat.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\key.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\null_auth.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\null_cipher.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\prng.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\rand_source.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\rdb.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\rdbx.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="include\rtp.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\sha1.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="include\srtp.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\stat.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="include\ut_sim.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\xfm.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\aes_gcm_ossl.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- <ClInclude Include="crypto\include\aes_icm_ossl.h">\r
- <Filter>Header Files</Filter>\r
- </ClInclude>\r
- </ItemGroup>\r
- <ItemGroup>\r
- <None Include="srtp.def">\r
- <Filter>Source Files</Filter>\r
- </None>\r
- </ItemGroup>\r
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup>
+ <Filter Include="Source Files">
+ <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+ <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+ </Filter>
+ <Filter Include="Source Files\Kernel">
+ <UniqueIdentifier>{c23c2703-7a15-4b7e-be1c-0555b7d0f8e1}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="Source Files\Ciphers">
+ <UniqueIdentifier>{43e45f3f-795e-4f2a-8801-3e19b7801d07}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="Source Files\Hashes">
+ <UniqueIdentifier>{11a7bf2a-6706-4c35-8e91-f58bef0f8669}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="Source Files\Replay">
+ <UniqueIdentifier>{237501ce-7043-44c7-a895-df2ceae6c8cd}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="Source Files\Math">
+ <UniqueIdentifier>{2a11592a-e474-4a50-bb3a-e4f039633257}</UniqueIdentifier>
+ </Filter>
+ <Filter Include="Header Files">
+ <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+ <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
+ </Filter>
+ <Filter Include="Resource Files">
+ <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+ <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>
+ </Filter>
+ </ItemGroup>
+ <ItemGroup>
+ <ClCompile Include="srtp\ekt.c">
+ <Filter>Source Files</Filter>
+ </ClCompile>
+ <ClCompile Include="srtp\srtp.c">
+ <Filter>Source Files</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\kernel\alloc.c">
+ <Filter>Source Files\Kernel</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\kernel\crypto_kernel.c">
+ <Filter>Source Files\Kernel</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\kernel\err.c">
+ <Filter>Source Files\Kernel</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\kernel\key.c">
+ <Filter>Source Files\Kernel</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\cipher\aes.c">
+ <Filter>Source Files\Ciphers</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\cipher\aes_icm.c">
+ <Filter>Source Files\Ciphers</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\cipher\cipher.c">
+ <Filter>Source Files\Ciphers</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\cipher\null_cipher.c">
+ <Filter>Source Files\Ciphers</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\hash\auth.c">
+ <Filter>Source Files\Hashes</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\hash\hmac.c">
+ <Filter>Source Files\Hashes</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\hash\null_auth.c">
+ <Filter>Source Files\Hashes</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\hash\sha1.c">
+ <Filter>Source Files\Hashes</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\replay\rdb.c">
+ <Filter>Source Files\Replay</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\replay\rdbx.c">
+ <Filter>Source Files\Replay</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\replay\ut_sim.c">
+ <Filter>Source Files\Replay</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\math\datatypes.c">
+ <Filter>Source Files\Math</Filter>
+ </ClCompile>
+ <ClCompile Include="crypto\math\stat.c">
+ <Filter>Source Files\Math</Filter>
+ </ClCompile>
+ </ItemGroup>
+ <ItemGroup>
+ <ClInclude Include="crypto\include\aes.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\aes_cbc.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\aes_icm.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\alloc.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\auth.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\cipher.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\config.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\crypto.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\crypto_kernel.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\crypto_types.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\cryptoalg.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\datatypes.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="include\ekt.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\err.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\gf2_8.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\hmac.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\integers.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\key.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\null_auth.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\null_cipher.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\prng.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\rand_source.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\rdb.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\rdbx.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\sha1.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="include\srtp.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="include\srtp_priv.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="crypto\include\stat.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ <ClInclude Include="include\ut_sim.h">
+ <Filter>Header Files</Filter>
+ </ClInclude>
+ </ItemGroup>
+ <ItemGroup>
+ <None Include="config.hw" />
+ <None Include="srtp.def">
+ <Filter>Source Files</Filter>
+ </None>
+ </ItemGroup>
</Project>
\ No newline at end of file
+++ /dev/null
-/*
- * aes_tables.c
- *
- * generate tables for the AES cipher
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <stdio.h>
-#include "gf2_8.h"
-#include "crypto_math.h"
-
-
-unsigned char aes_sbox[256];
-
-unsigned char aes_inv_sbox[256];
-
-uint32_t T0[256], T1[256], T2[256], T3[256], T4[256];
-
-
-#define AES_INVERSE_TEST 0 /* set to 1 to test forward/backwards aes */
-
-/* functions for precomputing AES values */
-
-/*
- * A[] is the 8 x 8 binary matrix (represented as an array of columns,
- * where each column is an octet) which defines the affine
- * transformation used in the AES substitution table (Section
- * 4.2.1 of the spec).
- */
-
-uint8_t A[8] = { 31, 62, 124, 248, 241, 227, 199, 143 };
-
-/*
- * b is the 8 bit vector (represented as an octet) used in the affine
- * transform described above.
- */
-
-uint8_t b = 99;
-
-
-void
-aes_init_sbox(void) {
- unsigned int i;
- uint8_t x;
-
- for (i=0; i < 256; i++) {
- x = gf2_8_compute_inverse((gf2_8)i);
- x = A_times_x_plus_b(A, x, b);
- aes_sbox[i] = x;
- aes_inv_sbox[x] = i;
- }
-}
-
-void
-aes_compute_tables(void) {
- int i;
- uint32_t x1, x2, x3;
- v32_t tmp;
-
- /* initialize substitution table */
- aes_init_sbox();
-
- /* combine sbox with linear operations to form 8-bit to 32-bit tables */
- for (i=0; i < 256; i++) {
- x1 = aes_sbox[i];
- x2 = gf2_8_shift(x1);
- x3 = x2 ^ x1;
-
- tmp.v8[0] = x2;
- tmp.v8[1] = x1;
- tmp.v8[2] = x1;
- tmp.v8[3] = x3;
- T0[i] = tmp.value;
-
- tmp.v8[0] = x3;
- tmp.v8[1] = x2;
- tmp.v8[2] = x1;
- tmp.v8[3] = x1;
- T1[i] = tmp.value;
-
- tmp.v8[0] = x1;
- tmp.v8[1] = x3;
- tmp.v8[2] = x2;
- tmp.v8[3] = x1;
- T2[i] = tmp.value;
-
- tmp.v8[0] = x1;
- tmp.v8[1] = x1;
- tmp.v8[2] = x3;
- tmp.v8[3] = x2;
- T3[i] = tmp.value;
-
- }
-}
-
-
-/*
- * the tables U0, U1, U2, U3 implement the aes operations invSubBytes,
- * invMixColumns, and invShiftRows
- */
-
-uint32_t U0[256], U1[256], U2[256], U3[256], U4[256];
-
-extern uint8_t aes_inv_sbox[256];
-
-void
-aes_compute_inv_tables(void) {
- int i;
- uint8_t x, xe, x9, xd, xb;
- v32_t tmp;
-
- /* combine sbox with linear operations to form 8-bit to 32-bit tables */
- for (i=0; i < 256; i++) {
- x = aes_inv_sbox[i];
-
- xe = gf2_8_multiply(0x0e, x);
- x9 = gf2_8_multiply(0x09, x);
- xd = gf2_8_multiply(0x0d, x);
- xb = gf2_8_multiply(0x0b, x);
-
- tmp.v8[0] = xe;
- tmp.v8[1] = x9;
- tmp.v8[2] = xd;
- tmp.v8[3] = xb;
- U0[i] = tmp.value;
-
- tmp.v8[0] = xb;
- tmp.v8[1] = xe;
- tmp.v8[2] = x9;
- tmp.v8[3] = xd;
- U1[i] = tmp.value;
-
- tmp.v8[0] = xd;
- tmp.v8[1] = xb;
- tmp.v8[2] = xe;
- tmp.v8[3] = x9;
- U2[i] = tmp.value;
-
- tmp.v8[0] = x9;
- tmp.v8[1] = xd;
- tmp.v8[2] = xb;
- tmp.v8[3] = xe;
- U3[i] = tmp.value;
-
- tmp.v8[0] = tmp.v8[1] = tmp.v8[2] = tmp.v8[3] = x;
- U4[i] = tmp.value;
- }
-}
-
-
-/*
- * aes_test_inverse() returns err_status_ok if aes
- * encryption and decryption are true inverses of each other, and
- * returns err_status_algo_fail otherwise
- */
-
-#include "err.h"
-
-err_status_t
-aes_test_inverse(void);
-
-#define TABLES_32BIT 1
-
-int
-main(void) {
- int i;
-
- aes_init_sbox();
- aes_compute_inv_tables();
-
-#if TABLES_32BIT
- printf("uint32_t U0 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%0x, ", U0[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U1 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%x, ", U1[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U2 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%x, ", U2[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U3 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%x, ", U3[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U4 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%x, ", U4[i]);
- }
- printf("\n}\n");
-
-#else
-
- printf("uint32_t U0 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%lx, ", U0[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U1 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%lx, ", U1[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U2 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%lx, ", U2[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U3 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%lx, ", U3[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U4 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%lx, ", U4[i]);
- }
- printf("\n}\n");
-
-
-#endif /* TABLES_32BIT */
-
-
-#if AES_INVERSE_TEST
- /*
- * test that aes_encrypt and aes_decrypt are actually
- * inverses of each other
- */
-
- printf("aes inverse test: ");
- if (aes_test_inverse() == err_status_ok)
- printf("passed\n");
- else {
- printf("failed\n");
- exit(1);
- }
-#endif
-
- return 0;
-}
-
-#if AES_INVERSE_TEST
-
-err_status_t
-aes_test_inverse(void) {
- v128_t x, y;
- aes_expanded_key_t expanded_key, decrypt_key;
- uint8_t plaintext[16] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
- };
- uint8_t key[16] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
- };
- v128_t k;
- v128_set_to_zero(&x);
-
- v128_copy_octet_string(&k, key);
- v128_copy_octet_string(&x, plaintext);
- aes_expand_encryption_key(k, expanded_key);
- aes_expand_decryption_key(k, decrypt_key);
- aes_encrypt(&x, expanded_key);
- aes_decrypt(&x, decrypt_key);
-
- /* compare to expected value then report */
- v128_copy_octet_string(&y, plaintext);
-
- if (v128_is_eq(&x, &y))
- return err_status_ok;
- return err_status_algo_fail;
-
-}
-
-#endif
AM_LDFLAGS = $(new_AM_LDFLAGS) -L$(srcdir) -lsrtp
check_PROGRAMS = cipher_driver kernel_driver rdbx_driver srtp_driver roc_driver replay_driver \
- aes_calc datatypes_driver rand_gen sha1_driver stat_driver rtpw
+ aes_calc datatypes_driver sha1_driver stat_driver rtpw
cipher_driver_SOURCES = crypto/cipher_driver.c
kernel_driver_SOURCES = crypto/kernel_driver.c
aes_calc_SOURCES = crypto/aes_calc.c
datatypes_driver_SOURCES = crypto/datatypes_driver.c
-rand_gen_SOURCES = crypto/rand_gen.c
sha1_driver_SOURCES = crypto/sha1_driver.c
stat_driver_SOURCES = crypto/stat_driver.c
rdbx_driver_SOURCES = rdbx_driver.c
./stat_driver
./sha1_driver -v
./kernel_driver -v
- ./rand_gen -n 256
--- /dev/null
+/*
+ * CUTest -- C/C++ Unit Test facility
+ * <http://github.com/mity/cutest>
+ *
+ * Copyright (c) 2013-2017 Martin Mitas
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+#ifndef CUTEST_H__
+#define CUTEST_H__
+
+
+/************************
+ *** Public interface ***
+ ************************/
+
+/* By default, <cutest.h> provides the main program entry point (function
+ * main()). However, if the test suite is composed of multiple source files
+ * which include <cutest.h>, then this causes a problem of multiple main()
+ * definitions. To avoid this problem, #define macro TEST_NO_MAIN in all
+ * compilation units but one.
+ */
+
+/* Macro to specify list of unit tests in the suite.
+ * The unit test implementation MUST provide list of unit tests it implements
+ * with this macro:
+ *
+ * TEST_LIST = {
+ * { "test1_name", test1_func_ptr },
+ * { "test2_name", test2_func_ptr },
+ * ...
+ * { 0 }
+ * };
+ *
+ * The list specifies names of each test (must be unique) and pointer to
+ * a function implementing it. The function does not take any arguments
+ * and has no return values, i.e. every test function has tp be compatible
+ * with this prototype:
+ *
+ * void test_func(void);
+ */
+#define TEST_LIST const struct test__ test_list__[]
+
+
+/* Macros for testing whether an unit test succeeds or fails. These macros
+ * can be used arbitrarily in functions implementing the unit tests.
+ *
+ * If any condition fails throughout execution of a test, the test fails.
+ *
+ * TEST_CHECK takes only one argument (the condition), TEST_CHECK_ allows
+ * also to specify an error message to print out if the condition fails.
+ * (It expects printf-like format string and its parameters). The macros
+ * return non-zero (condition passes) or 0 (condition fails).
+ *
+ * That can be useful when more conditions should be checked only if some
+ * preceding condition passes, as illustrated in this code snippet:
+ *
+ * SomeStruct* ptr = allocate_some_struct();
+ * if(TEST_CHECK(ptr != NULL)) {
+ * TEST_CHECK(ptr->member1 < 100);
+ * TEST_CHECK(ptr->member2 > 200);
+ * }
+ */
+#define TEST_CHECK_(cond,...) test_check__((cond), __FILE__, __LINE__, __VA_ARGS__)
+#define TEST_CHECK(cond) test_check__((cond), __FILE__, __LINE__, "%s", #cond)
+
+
+/**********************
+ *** Implementation ***
+ **********************/
+
+/* The unit test files should not rely on anything below. */
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(unix) || defined(__unix__) || defined(__unix) || defined(__APPLE__)
+ #define CUTEST_UNIX__ 1
+ #include <errno.h>
+ #include <unistd.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <signal.h>
+#endif
+
+#if defined(_WIN32) || defined(__WIN32__) || defined(__WINDOWS__)
+ #define CUTEST_WIN__ 1
+ #include <windows.h>
+ #include <io.h>
+#endif
+
+#ifdef __cplusplus
+ #include <exception>
+#endif
+
+
+/* Note our global private identifiers end with '__' to mitigate risk of clash
+ * with the unit tests implementation. */
+
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+
+struct test__ {
+ const char* name;
+ void (*func)(void);
+};
+
+extern const struct test__ test_list__[];
+
+int test_check__(int cond, const char* file, int line, const char* fmt, ...);
+
+
+#ifndef TEST_NO_MAIN
+
+static char* test_argv0__ = NULL;
+static int test_count__ = 0;
+static int test_no_exec__ = 0;
+static int test_no_summary__ = 0;
+static int test_skip_mode__ = 0;
+
+static int test_stat_failed_units__ = 0;
+static int test_stat_run_units__ = 0;
+
+static const struct test__* test_current_unit__ = NULL;
+static int test_current_already_logged__ = 0;
+static int test_verbose_level__ = 2;
+static int test_current_failures__ = 0;
+static int test_colorize__ = 0;
+
+#define CUTEST_COLOR_DEFAULT__ 0
+#define CUTEST_COLOR_GREEN__ 1
+#define CUTEST_COLOR_RED__ 2
+#define CUTEST_COLOR_DEFAULT_INTENSIVE__ 3
+#define CUTEST_COLOR_GREEN_INTENSIVE__ 4
+#define CUTEST_COLOR_RED_INTENSIVE__ 5
+
+static size_t
+test_print_in_color__(int color, const char* fmt, ...)
+{
+ va_list args;
+ char buffer[256];
+ size_t n;
+
+ va_start(args, fmt);
+ vsnprintf(buffer, sizeof(buffer), fmt, args);
+ va_end(args);
+ buffer[sizeof(buffer)-1] = '\0';
+
+ if(!test_colorize__) {
+ return printf("%s", buffer);
+ }
+
+#if defined CUTEST_UNIX__
+ {
+ const char* col_str;
+ switch(color) {
+ case CUTEST_COLOR_GREEN__: col_str = "\033[0;32m"; break;
+ case CUTEST_COLOR_RED__: col_str = "\033[0;31m"; break;
+ case CUTEST_COLOR_GREEN_INTENSIVE__: col_str = "\033[1;32m"; break;
+ case CUTEST_COLOR_RED_INTENSIVE__: col_str = "\033[1;30m"; break;
+ case CUTEST_COLOR_DEFAULT_INTENSIVE__: col_str = "\033[1m"; break;
+ default: col_str = "\033[0m"; break;
+ }
+ printf("%s", col_str);
+ n = printf("%s", buffer);
+ printf("\033[0m");
+ return n;
+ }
+#elif defined CUTEST_WIN__
+ {
+ HANDLE h;
+ CONSOLE_SCREEN_BUFFER_INFO info;
+ WORD attr;
+
+ h = GetStdHandle(STD_OUTPUT_HANDLE);
+ GetConsoleScreenBufferInfo(h, &info);
+
+ switch(color) {
+ case CUTEST_COLOR_GREEN__: attr = FOREGROUND_GREEN; break;
+ case CUTEST_COLOR_RED__: attr = FOREGROUND_RED; break;
+ case CUTEST_COLOR_GREEN_INTENSIVE__: attr = FOREGROUND_GREEN | FOREGROUND_INTENSITY; break;
+ case CUTEST_COLOR_RED_INTENSIVE__: attr = FOREGROUND_RED | FOREGROUND_INTENSITY; break;
+ case CUTEST_COLOR_DEFAULT_INTENSIVE__: attr = FOREGROUND_BLUE | FOREGROUND_GREEN | FOREGROUND_RED | FOREGROUND_INTENSITY; break;
+ default: attr = 0; break;
+ }
+ if(attr != 0)
+ SetConsoleTextAttribute(h, attr);
+ n = printf("%s", buffer);
+ SetConsoleTextAttribute(h, info.wAttributes);
+ return n;
+ }
+#else
+ n = printf("%s", buffer);
+ return n;
+#endif
+}
+
+int
+test_check__(int cond, const char* file, int line, const char* fmt, ...)
+{
+ const char *result_str;
+ int result_color;
+ int verbose_level;
+
+ if(cond) {
+ result_str = "ok";
+ result_color = CUTEST_COLOR_GREEN__;
+ verbose_level = 3;
+ } else {
+ if(!test_current_already_logged__ && test_current_unit__ != NULL) {
+ printf("[ ");
+ test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, "FAILED");
+ printf(" ]\n");
+ }
+ result_str = "failed";
+ result_color = CUTEST_COLOR_RED__;
+ verbose_level = 2;
+ test_current_failures__++;
+ test_current_already_logged__++;
+ }
+
+ if(test_verbose_level__ >= verbose_level) {
+ size_t n = 0;
+ va_list args;
+
+ printf(" ");
+
+ if(file != NULL)
+ n += printf("%s:%d: Check ", file, line);
+
+ va_start(args, fmt);
+ n += vprintf(fmt, args);
+ va_end(args);
+
+ printf("... ");
+ test_print_in_color__(result_color, result_str);
+ printf("\n");
+ test_current_already_logged__++;
+ }
+
+ return (cond != 0);
+}
+
+static void
+test_list_names__(void)
+{
+ const struct test__* test;
+
+ printf("Unit tests:\n");
+ for(test = &test_list__[0]; test->func != NULL; test++)
+ printf(" %s\n", test->name);
+}
+
+static const struct test__*
+test_by_name__(const char* name)
+{
+ const struct test__* test;
+
+ for(test = &test_list__[0]; test->func != NULL; test++) {
+ if(strcmp(test->name, name) == 0)
+ return test;
+ }
+
+ return NULL;
+}
+
+/* Call directly the given test unit function. */
+static int
+test_do_run__(const struct test__* test)
+{
+ test_current_unit__ = test;
+ test_current_failures__ = 0;
+ test_current_already_logged__ = 0;
+
+ if(test_verbose_level__ >= 3) {
+ test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__, "Test %s:\n", test->name);
+ test_current_already_logged__++;
+ } else if(test_verbose_level__ >= 1) {
+ size_t n;
+ char spaces[32];
+
+ n = test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__, "Test %s... ", test->name);
+ memset(spaces, ' ', sizeof(spaces));
+ if(n < sizeof(spaces))
+ printf("%.*s", (int) (sizeof(spaces) - n), spaces);
+ } else {
+ test_current_already_logged__ = 1;
+ }
+
+#ifdef __cplusplus
+ try {
+#endif
+
+ /* This is good to do for case the test unit e.g. crashes. */
+ fflush(stdout);
+ fflush(stderr);
+
+ test->func();
+
+#ifdef __cplusplus
+ } catch(std::exception& e) {
+ const char* what = e.what();
+ if(what != NULL)
+ test_check__(0, NULL, 0, "Threw std::exception: %s", what);
+ else
+ test_check__(0, NULL, 0, "Threw std::exception");
+ } catch(...) {
+ test_check__(0, NULL, 0, "Threw an exception");
+ }
+#endif
+
+ if(test_verbose_level__ >= 3) {
+ switch(test_current_failures__) {
+ case 0: test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__, " All conditions have passed.\n\n"); break;
+ case 1: test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, " One condition has FAILED.\n\n"); break;
+ default: test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, " %d conditions have FAILED.\n\n", test_current_failures__); break;
+ }
+ } else if(test_verbose_level__ >= 1 && test_current_failures__ == 0) {
+ printf("[ ");
+ test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__, "OK");
+ printf(" ]\n");
+ }
+
+ test_current_unit__ = NULL;
+ return (test_current_failures__ == 0) ? 0 : -1;
+}
+
+#if defined(CUTEST_UNIX__) || defined(CUTEST_WIN__)
+/* Called if anything goes bad in cutest, or if the unit test ends in other
+ * way then by normal returning from its function (e.g. exception or some
+ * abnormal child process termination). */
+static void
+test_error__(const char* fmt, ...)
+{
+ va_list args;
+
+ if(test_verbose_level__ == 0)
+ return;
+
+ if(test_verbose_level__ <= 2 && !test_current_already_logged__ && test_current_unit__ != NULL) {
+ printf("[ ");
+ test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, "FAILED");
+ printf(" ]\n");
+ }
+
+ if(test_verbose_level__ >= 2) {
+ test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, " Error: ");
+ va_start(args, fmt);
+ vprintf(fmt, args);
+ va_end(args);
+ printf("\n");
+ }
+}
+#endif
+
+/* Trigger the unit test. If possible (and not suppressed) it starts a child
+ * process who calls test_do_run__(), otherwise it calls test_do_run__()
+ * directly. */
+static void
+test_run__(const struct test__* test)
+{
+ int failed = 1;
+
+ test_current_unit__ = test;
+ test_current_already_logged__ = 0;
+
+ if(!test_no_exec__) {
+
+#if defined(CUTEST_UNIX__)
+
+ pid_t pid;
+ int exit_code;
+
+ pid = fork();
+ if(pid == (pid_t)-1) {
+ test_error__("Cannot fork. %s [%d]", strerror(errno), errno);
+ failed = 1;
+ } else if(pid == 0) {
+ /* Child: Do the test. */
+ failed = (test_do_run__(test) != 0);
+ exit(failed ? 1 : 0);
+ } else {
+ /* Parent: Wait until child terminates and analyze its exit code. */
+ waitpid(pid, &exit_code, 0);
+ if(WIFEXITED(exit_code)) {
+ switch(WEXITSTATUS(exit_code)) {
+ case 0: failed = 0; break; /* test has passed. */
+ case 1: /* noop */ break; /* "normal" failure. */
+ default: test_error__("Unexpected exit code [%d]", WEXITSTATUS(exit_code));
+ }
+ } else if(WIFSIGNALED(exit_code)) {
+ char tmp[32];
+ const char* signame;
+ switch(WTERMSIG(exit_code)) {
+ case SIGINT: signame = "SIGINT"; break;
+ case SIGHUP: signame = "SIGHUP"; break;
+ case SIGQUIT: signame = "SIGQUIT"; break;
+ case SIGABRT: signame = "SIGABRT"; break;
+ case SIGKILL: signame = "SIGKILL"; break;
+ case SIGSEGV: signame = "SIGSEGV"; break;
+ case SIGILL: signame = "SIGILL"; break;
+ case SIGTERM: signame = "SIGTERM"; break;
+ default: sprintf(tmp, "signal %d", WTERMSIG(exit_code)); signame = tmp; break;
+ }
+ test_error__("Test interrupted by %s", signame);
+ } else {
+ test_error__("Test ended in an unexpected way [%d]", exit_code);
+ }
+ }
+
+#elif defined(CUTEST_WIN__)
+
+ char buffer[512] = {0};
+ STARTUPINFOA startupInfo = {0};
+ PROCESS_INFORMATION processInfo;
+ DWORD exitCode;
+
+ /* Windows has no fork(). So we propagate all info into the child
+ * through a command line arguments. */
+ _snprintf(buffer, sizeof(buffer)-1,
+ "%s --no-exec --no-summary --verbose=%d --color=%s -- \"%s\"",
+ test_argv0__, test_verbose_level__,
+ test_colorize__ ? "always" : "never", test->name);
+ startupInfo.cb = sizeof(STARTUPINFO);
+ if(CreateProcessA(NULL, buffer, NULL, NULL, FALSE, 0, NULL, NULL, &startupInfo, &processInfo)) {
+ WaitForSingleObject(processInfo.hProcess, INFINITE);
+ GetExitCodeProcess(processInfo.hProcess, &exitCode);
+ CloseHandle(processInfo.hThread);
+ CloseHandle(processInfo.hProcess);
+ failed = (exitCode != 0);
+ } else {
+ test_error__("Cannot create unit test subprocess [%ld].", GetLastError());
+ failed = 1;
+ }
+
+#else
+
+ /* A platform where we don't know how to run child process. */
+ failed = (test_do_run__(test) != 0);
+
+#endif
+
+ } else {
+ /* Child processes suppressed through --no-exec. */
+ failed = (test_do_run__(test) != 0);
+ }
+
+ test_current_unit__ = NULL;
+
+ test_stat_run_units__++;
+ if(failed)
+ test_stat_failed_units__++;
+}
+
+#if defined(CUTEST_WIN__)
+/* Callback for SEH events. */
+static LONG CALLBACK
+test_exception_filter__(EXCEPTION_POINTERS *ptrs)
+{
+ test_error__("Unhandled SEH exception %08lx at %p.",
+ ptrs->ExceptionRecord->ExceptionCode,
+ ptrs->ExceptionRecord->ExceptionAddress);
+ fflush(stdout);
+ fflush(stderr);
+ return EXCEPTION_EXECUTE_HANDLER;
+}
+#endif
+
+static void
+test_help__(void)
+{
+ printf("Usage: %s [options] [test...]\n", test_argv0__);
+ printf("Run the specified unit tests; or if the option '--skip' is used, run all\n");
+ printf("tests in the suite but those listed. By default, if no tests are specified\n");
+ printf("on the command line, all unit tests in the suite are run.\n");
+ printf("\n");
+ printf("Options:\n");
+ printf(" -s, --skip Execute all unit tests but the listed ones\n");
+ printf(" --no-exec Do not execute unit tests as child processes\n");
+ printf(" --no-summary Suppress printing of test results summary\n");
+ printf(" -l, --list List unit tests in the suite and exit\n");
+ printf(" -v, --verbose Enable more verbose output\n");
+ printf(" --verbose=LEVEL Set verbose level to LEVEL:\n");
+ printf(" 0 ... Be silent\n");
+ printf(" 1 ... Output one line per test (and summary)\n");
+ printf(" 2 ... As 1 and failed conditions (this is default)\n");
+ printf(" 3 ... As 1 and all conditions (and extended summary)\n");
+ printf(" --color=WHEN Enable colorized output (WHEN is one of 'auto', 'always', 'never')\n");
+ printf(" -h, --help Display this help and exit\n");
+ printf("\n");
+ test_list_names__();
+}
+
+int
+main(int argc, char** argv)
+{
+ const struct test__** tests = NULL;
+ int i, j, n = 0;
+ int seen_double_dash = 0;
+
+ test_argv0__ = argv[0];
+
+#if defined CUTEST_UNIX__
+ test_colorize__ = isatty(STDOUT_FILENO);
+#elif defined CUTEST_WIN__
+ test_colorize__ = _isatty(_fileno(stdout));
+#else
+ test_colorize__ = 0;
+#endif
+
+ /* Parse options */
+ for(i = 1; i < argc; i++) {
+ if(seen_double_dash || argv[i][0] != '-') {
+ tests = (const struct test__**) realloc((void*)tests, (n+1) * sizeof(const struct test__*));
+ if(tests == NULL) {
+ fprintf(stderr, "Out of memory.\n");
+ exit(2);
+ }
+ tests[n] = test_by_name__(argv[i]);
+ if(tests[n] == NULL) {
+ fprintf(stderr, "%s: Unrecognized unit test '%s'\n", argv[0], argv[i]);
+ fprintf(stderr, "Try '%s --list' for list of unit tests.\n", argv[0]);
+ exit(2);
+ }
+ n++;
+ } else if(strcmp(argv[i], "--") == 0) {
+ seen_double_dash = 1;
+ } else if(strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-h") == 0) {
+ test_help__();
+ exit(0);
+ } else if(strcmp(argv[i], "--verbose") == 0 || strcmp(argv[i], "-v") == 0) {
+ test_verbose_level__++;
+ } else if(strncmp(argv[i], "--verbose=", 10) == 0) {
+ test_verbose_level__ = atoi(argv[i] + 10);
+ } else if(strcmp(argv[i], "--color=auto") == 0) {
+ /* noop (set from above) */
+ } else if(strcmp(argv[i], "--color=always") == 0 || strcmp(argv[i], "--color") == 0) {
+ test_colorize__ = 1;
+ } else if(strcmp(argv[i], "--color=never") == 0) {
+ test_colorize__ = 0;
+ } else if(strcmp(argv[i], "--skip") == 0 || strcmp(argv[i], "-s") == 0) {
+ test_skip_mode__ = 1;
+ } else if(strcmp(argv[i], "--no-exec") == 0) {
+ test_no_exec__ = 1;
+ } else if(strcmp(argv[i], "--no-summary") == 0) {
+ test_no_summary__ = 1;
+ } else if(strcmp(argv[i], "--list") == 0 || strcmp(argv[i], "-l") == 0) {
+ test_list_names__();
+ exit(0);
+ } else {
+ fprintf(stderr, "%s: Unrecognized option '%s'\n", argv[0], argv[i]);
+ fprintf(stderr, "Try '%s --help' for more information.\n", argv[0]);
+ exit(2);
+ }
+ }
+
+#if defined(CUTEST_WIN__)
+ SetUnhandledExceptionFilter(test_exception_filter__);
+#endif
+
+ /* Count all test units */
+ test_count__ = 0;
+ for(i = 0; test_list__[i].func != NULL; i++)
+ test_count__++;
+
+ /* Run the tests */
+ if(n == 0) {
+ /* Run all tests */
+ for(i = 0; test_list__[i].func != NULL; i++)
+ test_run__(&test_list__[i]);
+ } else if(!test_skip_mode__) {
+ /* Run the listed tests */
+ for(i = 0; i < n; i++)
+ test_run__(tests[i]);
+ } else {
+ /* Run all tests except those listed */
+ for(i = 0; test_list__[i].func != NULL; i++) {
+ int want_skip = 0;
+ for(j = 0; j < n; j++) {
+ if(tests[j] == &test_list__[i]) {
+ want_skip = 1;
+ break;
+ }
+ }
+ if(!want_skip)
+ test_run__(&test_list__[i]);
+ }
+ }
+
+ /* Write a summary */
+ if(!test_no_summary__ && test_verbose_level__ >= 1) {
+ test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__, "\nSummary:\n");
+
+ if(test_verbose_level__ >= 3) {
+ printf(" Count of all unit tests: %4d\n", test_count__);
+ printf(" Count of run unit tests: %4d\n", test_stat_run_units__);
+ printf(" Count of failed unit tests: %4d\n", test_stat_failed_units__);
+ printf(" Count of skipped unit tests: %4d\n", test_count__ - test_stat_run_units__);
+ }
+
+ if(test_stat_failed_units__ == 0) {
+ test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__,
+ " SUCCESS: All unit tests have passed.\n");
+ } else {
+ test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__,
+ " FAILED: %d of %d unit tests have failed.\n",
+ test_stat_failed_units__, test_stat_run_units__);
+ }
+ }
+
+ if(tests != NULL)
+ free((void*)tests);
+
+ return (test_stat_failed_units__ == 0) ? 0 : 1;
+}
+
+
+#endif /* #ifndef TEST_NO_MAIN */
+
+#ifdef __cplusplus
+ } /* extern "C" */
+#endif
+
+
+#endif /* #ifndef CUTEST_H__ */
*/
/*
*
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include "getopt_s.h" /* for local getopt() */
#include "srtp_priv.h"
-err_status_t
+srtp_err_status_t
test_dtls_srtp(void);
srtp_hdr_t *
main(int argc, char *argv[]) {
unsigned do_list_mods = 0;
int q;
- err_status_t err;
+ srtp_err_status_t err;
printf("dtls_srtp_driver\n");
do_list_mods = 1;
break;
case 'd':
- err = crypto_kernel_set_debug_module(optarg_s, 1);
+ err = srtp_crypto_kernel_set_debug_module(optarg_s, 1);
if (err) {
printf("error: set debug module (%s) failed\n", optarg_s);
exit(1);
}
if (do_list_mods) {
- err = crypto_kernel_list_debug_modules();
+ err = srtp_crypto_kernel_list_debug_modules();
if (err) {
printf("error: list of debug modules failed\n");
exit(1);
}
-err_status_t
+srtp_err_status_t
test_dtls_srtp(void) {
srtp_hdr_t *test_packet;
int test_packet_len = 80;
uint8_t salt[SRTP_MAX_KEY_LEN];
unsigned int key_len, salt_len;
srtp_profile_t profile;
- err_status_t err;
+ srtp_err_status_t err;
+
+ memset(&policy, 0x0, sizeof(srtp_policy_t));
/* create a 'null' SRTP session */
err = srtp_create(&s, NULL);
/*
* verify that packet-processing functions behave properly - we
- * expect that these functions will return err_status_no_ctx
+ * expect that these functions will return srtp_err_status_no_ctx
*/
test_packet = srtp_create_test_packet(80, 0xa5a5a5a5);
if (test_packet == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
err = srtp_protect(s, test_packet, &test_packet_len);
- if (err != err_status_no_ctx) {
+ if (err != srtp_err_status_no_ctx) {
printf("wrong return value from srtp_protect() (got code %d)\n",
err);
- return err_status_fail;
+ return srtp_err_status_fail;
}
err = srtp_unprotect(s, test_packet, &test_packet_len);
- if (err != err_status_no_ctx) {
+ if (err != srtp_err_status_no_ctx) {
printf("wrong return value from srtp_unprotect() (got code %d)\n",
err);
- return err_status_fail;
+ return srtp_err_status_fail;
}
err = srtp_protect_rtcp(s, test_packet, &test_packet_len);
- if (err != err_status_no_ctx) {
+ if (err != srtp_err_status_no_ctx) {
printf("wrong return value from srtp_protect_rtcp() (got code %d)\n",
err);
- return err_status_fail;
+ return srtp_err_status_fail;
}
err = srtp_unprotect_rtcp(s, test_packet, &test_packet_len);
- if (err != err_status_no_ctx) {
+ if (err != srtp_err_status_no_ctx) {
printf("wrong return value from srtp_unprotect_rtcp() (got code %d)\n",
err);
- return err_status_fail;
+ return srtp_err_status_fail;
}
salt_len = srtp_profile_get_master_salt_length(profile);
memset(key, 0xff, key_len);
memset(salt, 0xee, salt_len);
- append_salt_to_key(key, key_len, salt, salt_len);
- policy.key = key;
+ srtp_append_salt_to_key(key, key_len, salt, salt_len);
+ policy.key = key;
/* initialize SRTP policy from profile */
- err = crypto_policy_set_from_profile_for_rtp(&policy.rtp, profile);
+ err = srtp_crypto_policy_set_from_profile_for_rtp(&policy.rtp, profile);
if (err) return err;
- err = crypto_policy_set_from_profile_for_rtcp(&policy.rtcp, profile);
+ err = srtp_crypto_policy_set_from_profile_for_rtcp(&policy.rtcp, profile);
if (err) return err;
policy.ssrc.type = ssrc_any_inbound;
policy.ekt = NULL;
free(test_packet);
- return err_status_ok;
+ return srtp_err_status_ok;
}
*/
/*
*
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
+++ /dev/null
-/*
- * lfsr.c
- *
- */
-
-
-#include <stdio.h>
-#include "datatypes.h"
-
-uint32_t
-parity(uint32_t x) {
-
- x ^= (x >> 16);
- x ^= (x >> 8);
- x ^= (x >> 4);
- x ^= (x >> 2);
- x ^= (x >> 1);
-
- return x & 1;
-}
-
-
-/* typedef struct { */
-/* uint32_t register[8]; */
-/* } lfsr_t; */
-
-void
-compute_period(uint32_t feedback_polynomial) {
- int i;
- v32_t lfsr;
- v32_t mask;
-
- mask.value = feedback_polynomial;
- lfsr.value = 1;
-
- printf("polynomial: %s\t", v32_bit_string(mask));
-
- for (i=0; i < 256; i++) {
-/* printf("%s\n", v32_bit_string(lfsr)); */
- if (parity(mask.value & lfsr.value))
- lfsr.value = ((lfsr.value << 1) | 1) & 0xff;
- else
- lfsr.value = (lfsr.value << 1) & 0xff;
-
- /* now halt if we're back at the initial state */
- if (lfsr.value == 1) {
- printf("period: %d\n", i);
- break;
- }
- }
-}
-
-uint32_t poly0 = 223;
-
-
-uint32_t polynomials[39] = {
-31,
-47,
-55,
-59,
-61,
-79,
-87,
-91,
-103,
-107,
-109,
-115,
-117,
-121,
-143,
-151,
-157,
-167,
-171,
-173,
-179,
-181,
-185,
-199,
-203,
-205,
-211,
-213,
-227,
-229,
-233,
-241,
-127,
-191,
-223,
-239,
-247,
-251,
-253
-};
-
-char binary_string[32];
-
-char *
-u32_bit_string(uint32_t x, unsigned int length) {
- unsigned int mask;
- int index;
-
- mask = 1 << length;
- index = 0;
- for (; mask > 0; mask >>= 1)
- if ((x & mask) == 0)
- binary_string[index++] = '0';
- else
- binary_string[index++] = '1';
-
- binary_string[index++] = 0; /* NULL terminate string */
- return binary_string;
-}
-
-extern int octet_weight[256];
-
-unsigned int
-weight(uint32_t poly) {
- int wt = 0;
-
- /* note: endian-ness makes no difference */
- wt += octet_weight[poly & 0xff];
- wt += octet_weight[(poly >> 8) & 0xff];
- wt += octet_weight[(poly >> 16) & 0xff];
- wt += octet_weight[(poly >> 24)];
-
- return wt;
-}
-
-#define MAX_PERIOD 65535
-
-#define debug_print 0
-
-int
-period(uint32_t poly) {
- int i;
- uint32_t x;
-
-
- /* set lfsr to 1 */
- x = 1;
-#if debug_print
- printf("%d:\t%s\n", 0, u32_bit_string(x,8));
-#endif
- for (i=1; i < MAX_PERIOD; i++) {
- if (x & 1)
- x = (x >> 1) ^ poly;
- else
- x = (x >> 1);
-
-#if debug_print
- /* print for a sanity check */
- printf("%d:\t%s\n", i, u32_bit_string(x,8));
-#endif
-
- /* check for return to original value */
- if (x == 1)
- return i;
- }
- return i;
-}
-
-/*
- * weight distribution computes the weight distribution of the
- * code generated by the polynomial poly
- */
-
-#define MAX_LEN 8
-#define MAX_WEIGHT (1 << MAX_LEN)
-
-int A[MAX_WEIGHT+1];
-
-void
-weight_distribution2(uint32_t poly, int *A) {
- int i;
- uint32_t x;
-
- /* zeroize array */
- for (i=0; i < MAX_WEIGHT+1; i++)
- A[i] = 0;
-
- /* loop over all input sequences */
-
-
- /* set lfsr to 1 */
- x = 1;
-#if debug_print
- printf("%d:\t%s\n", 0, u32_bit_string(x,8));
-#endif
- for (i=1; i < MAX_PERIOD; i++) {
- if (x & 1)
- x = (x >> 1) ^ poly;
- else
- x = (x >> 1);
-
-#if debug_print
- /* print for a sanity check */
- printf("%d:\t%s\n", i, u32_bit_string(x,8));
-#endif
-
- /* increment weight */
- wt += (x & 1);
-
- /* check for return to original value */
- if (x == 1)
- break;
- }
-
- /* set zero */
- A[0] = 0;
-}
-
-
-void
-weight_distribution(uint32_t poly, int *A) {
- int i;
- uint32_t x;
-
- /* zeroize array */
- for (i=0; i < MAX_WEIGHT+1; i++)
- A[i] = 0;
-
- /* set lfsr to 1 */
- x = 1;
-#if debug_print
- printf("%d:\t%s\n", 0, u32_bit_string(x,8));
-#endif
- for (i=1; i < MAX_PERIOD; i++) {
- if (x & 1)
- x = (x >> 1) ^ poly;
- else
- x = (x >> 1);
-
-#if debug_print
- /* print for a sanity check */
- printf("%d:\t%s\n", i, u32_bit_string(x,8));
-#endif
-
- /* compute weight, increment proper element */
- A[weight(x)]++;
-
- /* check for return to original value */
- if (x == 1)
- break;
- }
-
- /* set zero */
- A[0] = 0;
-}
-
-
-
-
-int
-main () {
-
- int i,j;
- v32_t x;
- v32_t p;
-
- /* originally 0xaf */
- p.value = 0x9;
-
- printf("polynomial: %s\tperiod: %d\n",
- u32_bit_string(p.value,8), period(p.value));
-
- /* compute weight distribution */
- weight_distribution(p.value, A);
-
- /* print weight distribution */
- for (i=0; i <= 8; i++) {
- printf("A[%d]: %d\n", i, A[i]);
- }
-
-#if 0
- for (i=0; i < 39; i++) {
- printf("polynomial: %s\tperiod: %d\n",
- u32_bit_string(polynomials[i],8), period(polynomials[i]));
-
- /* compute weight distribution */
- weight_distribution(p.value, A);
-
- /* print weight distribution */
- for (j=0; j <= 8; j++) {
- printf("A[%d]: %d\n", j, A[j]);
- }
- }
-#endif
-
- {
- int bits = 8;
- uint32_t y;
- for (y=0; y < (1 << bits); y++) {
- printf("polynomial: %s\tweight: %d\tperiod: %d\n",
- u32_bit_string(y,bits), weight(y), period(y));
-
- /* compute weight distribution */
- weight_distribution(y, A);
-
- /* print weight distribution */
- for (j=0; j <= 8; j++) {
- printf("A[%d]: %d\n", j, A[j]);
- }
- }
- }
-
- return 0;
-}
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h> /* for printf() */
#include "getopt_s.h" /* for local getopt() */
#include "rdbx.h"
#ifdef ROC_TEST
-#error "rdbx_t won't work with ROC_TEST - bitmask same size as seq_median"
+#error "srtp_rdbx_t won't work with ROC_TEST - bitmask same size as seq_median"
#endif
#include "ut_sim.h"
-err_status_t
+srtp_err_status_t
test_replay_dbx(int num_trials, unsigned long ws);
double
int
main (int argc, char *argv[]) {
double rate;
- err_status_t status;
+ srtp_err_status_t status;
int q;
unsigned do_timing_test = 0;
unsigned do_validation = 0;
usage(argv[0]);
if (do_validation) {
- printf("testing rdbx_t (ws=128)...\n");
+ printf("testing srtp_rdbx_t (ws=128)...\n");
status = test_replay_dbx(1 << 12, 128);
if (status) {
}
printf("passed\n");
- printf("testing rdbx_t (ws=1024)...\n");
+ printf("testing srtp_rdbx_t (ws=1024)...\n");
status = test_replay_dbx(1 << 12, 1024);
if (status) {
}
void
-print_rdbx(rdbx_t *rdbx) {
+print_rdbx(srtp_rdbx_t *rdbx) {
char buf[2048];
printf("rdbx: {%llu, %s}\n",
(unsigned long long)(rdbx->index),
* rdbx_check_add(rdbx, idx) checks a known-to-be-good idx against
* rdbx, then adds it. if a failure is detected (i.e., the check
* indicates that the value is already in rdbx) then
- * err_status_algo_fail is returned.
+ * srtp_err_status_algo_fail is returned.
*
*/
-err_status_t
-rdbx_check_add(rdbx_t *rdbx, uint32_t idx) {
+srtp_err_status_t
+rdbx_check_add(srtp_rdbx_t *rdbx, uint32_t idx) {
int delta;
- xtd_seq_num_t est;
+ srtp_xtd_seq_num_t est;
- delta = index_guess(&rdbx->index, &est, idx);
+ delta = srtp_index_guess(&rdbx->index, &est, idx);
- if (rdbx_check(rdbx, delta) != err_status_ok) {
+ if (srtp_rdbx_check(rdbx, delta) != srtp_err_status_ok) {
printf("replay_check failed at index %u\n", idx);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
/*
* the estimated value est, at this point
*/
- if (rdbx_add_index(rdbx, delta) != err_status_ok) {
+ if (srtp_rdbx_add_index(rdbx, delta) != srtp_err_status_ok) {
printf("rdbx_add_index failed at index %u\n", idx);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
- * rdbx_check_expect_failure(rdbx_t *rdbx, uint32_t idx)
+ * rdbx_check_expect_failure(srtp_rdbx_t *rdbx, uint32_t idx)
*
* checks that a sequence number idx is in the replay database
* and thus will be rejected
*/
-err_status_t
-rdbx_check_expect_failure(rdbx_t *rdbx, uint32_t idx) {
+srtp_err_status_t
+rdbx_check_expect_failure(srtp_rdbx_t *rdbx, uint32_t idx) {
int delta;
- xtd_seq_num_t est;
- err_status_t status;
+ srtp_xtd_seq_num_t est;
+ srtp_err_status_t status;
- delta = index_guess(&rdbx->index, &est, idx);
+ delta = srtp_index_guess(&rdbx->index, &est, idx);
- status = rdbx_check(rdbx, delta);
- if (status == err_status_ok) {
+ status = srtp_rdbx_check(rdbx, delta);
+ if (status == srtp_err_status_ok) {
printf("delta: %d ", delta);
printf("replay_check failed at index %u (false positive)\n", idx);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-rdbx_check_add_unordered(rdbx_t *rdbx, uint32_t idx) {
+srtp_err_status_t
+rdbx_check_add_unordered(srtp_rdbx_t *rdbx, uint32_t idx) {
int delta;
- xtd_seq_num_t est;
- err_status_t rstat;
+ srtp_xtd_seq_num_t est;
+ srtp_err_status_t rstat;
- delta = index_guess(&rdbx->index, &est, idx);
+ delta = srtp_index_guess(&rdbx->index, &est, idx);
- rstat = rdbx_check(rdbx, delta);
- if ((rstat != err_status_ok) && (rstat != err_status_replay_old)) {
+ rstat = srtp_rdbx_check(rdbx, delta);
+ if ((rstat != srtp_err_status_ok) && (rstat != srtp_err_status_replay_old)) {
printf("replay_check_add_unordered failed at index %u\n", idx);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
- if (rstat == err_status_replay_old) {
- return err_status_ok;
+ if (rstat == srtp_err_status_replay_old) {
+ return srtp_err_status_ok;
}
- if (rdbx_add_index(rdbx, delta) != err_status_ok) {
+ if (srtp_rdbx_add_index(rdbx, delta) != srtp_err_status_ok) {
printf("rdbx_add_index failed at index %u\n", idx);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
test_replay_dbx(int num_trials, unsigned long ws) {
- rdbx_t rdbx;
+ srtp_rdbx_t rdbx;
uint32_t idx, ircvd;
ut_connection utc;
- err_status_t status;
+ srtp_err_status_t status;
int num_fp_trials;
- status = rdbx_init(&rdbx, ws);
+ status = srtp_rdbx_init(&rdbx, ws);
if (status) {
printf("replay_init failed with error code %d\n", status);
exit(1);
* test sequential insertion
*/
printf("\ttesting sequential insertion...");
- for (idx=0; idx < num_trials; idx++) {
+ for (idx=0; (int) idx < num_trials; idx++) {
status = rdbx_check_add(&rdbx, idx);
if (status)
return status;
printf("warning: no false positive tests performed\n");
}
printf("\ttesting for false positives...");
- for (idx=0; idx < num_fp_trials; idx++) {
+ for (idx=0; (int) idx < num_fp_trials; idx++) {
status = rdbx_check_expect_failure(&rdbx, idx);
if (status)
return status;
printf("passed\n");
/* re-initialize */
- rdbx_dealloc(&rdbx);
+ srtp_rdbx_dealloc(&rdbx);
- if (rdbx_init(&rdbx, ws) != err_status_ok) {
+ if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) {
printf("replay_init failed\n");
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/*
ut_init(&utc);
printf("\ttesting non-sequential insertion...");
- for (idx=0; idx < num_trials; idx++) {
+ for (idx=0; (int) idx < num_trials; idx++) {
ircvd = ut_next_index(&utc);
status = rdbx_check_add_unordered(&rdbx, ircvd);
if (status)
printf("passed\n");
/* re-initialize */
- rdbx_dealloc(&rdbx);
+ srtp_rdbx_dealloc(&rdbx);
- if (rdbx_init(&rdbx, ws) != err_status_ok) {
+ if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) {
printf("replay_init failed\n");
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/*
* check for false positives for each insertion.
*/
printf("\ttesting insertion with large gaps...");
- for (idx=0, ircvd=0; idx < num_trials; idx++, ircvd += (1 << (rand() % 12))) {
+ for (idx=0, ircvd=0; (int) idx < num_trials; idx++, ircvd += (1 << (rand() % 12))) {
status = rdbx_check_add(&rdbx, ircvd);
if (status)
return status;
}
printf("passed\n");
- rdbx_dealloc(&rdbx);
+ srtp_rdbx_dealloc(&rdbx);
- return err_status_ok;
+ return srtp_err_status_ok;
}
rdbx_check_adds_per_second(int num_trials, unsigned long ws) {
uint32_t i;
int delta;
- rdbx_t rdbx;
- xtd_seq_num_t est;
+ srtp_rdbx_t rdbx;
+ srtp_xtd_seq_num_t est;
clock_t timer;
int failures; /* count number of failures */
- if (rdbx_init(&rdbx, ws) != err_status_ok) {
+ if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) {
printf("replay_init failed\n");
exit(1);
}
failures = 0;
timer = clock();
- for(i=0; i < num_trials; i++) {
+ for(i=0; (int) i < num_trials; i++) {
- delta = index_guess(&rdbx.index, &est, i);
+ delta = srtp_index_guess(&rdbx.index, &est, i);
- if (rdbx_check(&rdbx, delta) != err_status_ok)
+ if (srtp_rdbx_check(&rdbx, delta) != srtp_err_status_ok)
++failures;
else
- if (rdbx_add_index(&rdbx, delta) != err_status_ok)
+ if (srtp_rdbx_add_index(&rdbx, delta) != srtp_err_status_ok)
++failures;
}
timer = clock() - timer;
printf("number of failures: %d \n", failures);
- rdbx_dealloc(&rdbx);
+ srtp_rdbx_dealloc(&rdbx);
return (double) CLOCKS_PER_SEC * num_trials / timer;
}
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h>
#include "rdb.h"
unsigned num_trials = 1 << 16;
-err_status_t
+srtp_err_status_t
test_rdb_db(void);
double
int
main (void) {
- err_status_t err;
+ srtp_err_status_t err;
- printf("testing anti-replay database (rdb_t)...\n");
+ printf("testing anti-replay database (srtp_rdb_t)...\n");
err = test_rdb_db();
if (err) {
printf("failed\n");
void
-print_rdb(rdb_t *rdb) {
+print_rdb(srtp_rdb_t *rdb) {
printf("rdb: {%u, %s}\n", rdb->window_start, v128_bit_string(&rdb->bitmask));
}
-err_status_t
-rdb_check_add(rdb_t *rdb, uint32_t idx) {
+srtp_err_status_t
+rdb_check_add(srtp_rdb_t *rdb, uint32_t idx) {
- if (rdb_check(rdb, idx) != err_status_ok) {
+ if (srtp_rdb_check(rdb, idx) != srtp_err_status_ok) {
printf("rdb_check failed at index %u\n", idx);
- return err_status_fail;
+ return srtp_err_status_fail;
}
- if (rdb_add_index(rdb, idx) != err_status_ok) {
+ if (srtp_rdb_add_index(rdb, idx) != srtp_err_status_ok) {
printf("rdb_add_index failed at index %u\n", idx);
- return err_status_fail;
+ return srtp_err_status_fail;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-rdb_check_expect_failure(rdb_t *rdb, uint32_t idx) {
- err_status_t err;
+srtp_err_status_t
+rdb_check_expect_failure(srtp_rdb_t *rdb, uint32_t idx) {
+ srtp_err_status_t err;
- err = rdb_check(rdb, idx);
- if ((err != err_status_replay_old) && (err != err_status_replay_fail)) {
+ err = srtp_rdb_check(rdb, idx);
+ if ((err != srtp_err_status_replay_old) && (err != srtp_err_status_replay_fail)) {
printf("rdb_check failed at index %u (false positive)\n", idx);
- return err_status_fail;
+ return srtp_err_status_fail;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-rdb_check_add_unordered(rdb_t *rdb, uint32_t idx) {
- err_status_t rstat;
+srtp_err_status_t
+rdb_check_add_unordered(srtp_rdb_t *rdb, uint32_t idx) {
+ srtp_err_status_t rstat;
/* printf("index: %u\n", idx); */
- rstat = rdb_check(rdb, idx);
- if ((rstat != err_status_ok) && (rstat != err_status_replay_old)) {
+ rstat = srtp_rdb_check(rdb, idx);
+ if ((rstat != srtp_err_status_ok) && (rstat != srtp_err_status_replay_old)) {
printf("rdb_check_add_unordered failed at index %u\n", idx);
return rstat;
}
- if (rstat == err_status_replay_old) {
- return err_status_ok;
+ if (rstat == srtp_err_status_replay_old) {
+ return srtp_err_status_ok;
}
- if (rdb_add_index(rdb, idx) != err_status_ok) {
+ if (srtp_rdb_add_index(rdb, idx) != srtp_err_status_ok) {
printf("rdb_add_index failed at index %u\n", idx);
- return err_status_fail;
+ return srtp_err_status_fail;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
test_rdb_db() {
- rdb_t rdb;
+ srtp_rdb_t rdb;
uint32_t idx, ircvd;
ut_connection utc;
- err_status_t err;
+ srtp_err_status_t err;
- if (rdb_init(&rdb) != err_status_ok) {
+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
printf("rdb_init failed\n");
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/* test sequential insertion */
}
/* re-initialize */
- if (rdb_init(&rdb) != err_status_ok) {
+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
printf("rdb_init failed\n");
- return err_status_fail;
+ return srtp_err_status_fail;
}
/* test non-sequential insertion */
}
/* re-initialize */
- if (rdb_init(&rdb) != err_status_ok) {
+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
printf("rdb_init failed\n");
- return err_status_fail;
+ return srtp_err_status_fail;
}
/* test insertion with large gaps */
}
/* re-initialize */
- if (rdb_init(&rdb) != err_status_ok) {
+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
printf("rdb_init failed\n");
- return err_status_fail;
+ return srtp_err_status_fail;
}
/* test loss of first 513 packets */
return err;
}
+ /* test for key expired */
+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
+ printf("rdb_init failed\n");
+ return srtp_err_status_fail;
+ }
+ rdb.window_start = 0x7ffffffe;
+ if (srtp_rdb_increment(&rdb) != srtp_err_status_ok) {
+ printf("srtp_rdb_increment of 0x7ffffffe failed\n");
+ return srtp_err_status_fail;
+ }
+ if (srtp_rdb_get_value(&rdb) != 0x7fffffff) {
+ printf("rdb valiue was not 0x7fffffff\n");
+ return srtp_err_status_fail;
+ }
+ if (srtp_rdb_increment(&rdb) != srtp_err_status_key_expired) {
+ printf("srtp_rdb_increment of 0x7fffffff did not return srtp_err_status_key_expired\n");
+ return srtp_err_status_fail;
+ }
+ if (srtp_rdb_get_value(&rdb) != 0x7fffffff) {
+ printf("rdb valiue was not 0x7fffffff\n");
+ return srtp_err_status_fail;
+ }
+
- return err_status_ok;
+ return srtp_err_status_ok;
}
#include <time.h> /* for clock() */
double
rdb_check_adds_per_second(void) {
uint32_t i;
- rdb_t rdb;
+ srtp_rdb_t rdb;
clock_t timer;
- int failures; /* count number of failures */
+ int failures = 0; /* count number of failures */
- if (rdb_init(&rdb) != err_status_ok) {
+ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) {
printf("rdb_init failed\n");
exit(1);
}
timer = clock();
for(i=0; i < REPLAY_NUM_TRIALS; i+=3) {
- if (rdb_check(&rdb, i+2) != err_status_ok)
+ if (srtp_rdb_check(&rdb, i+2) != srtp_err_status_ok)
++failures;
- if (rdb_add_index(&rdb, i+2) != err_status_ok)
+ if (srtp_rdb_add_index(&rdb, i+2) != srtp_err_status_ok)
++failures;
- if (rdb_check(&rdb, i+1) != err_status_ok)
+ if (srtp_rdb_check(&rdb, i+1) != srtp_err_status_ok)
++failures;
- if (rdb_add_index(&rdb, i+1) != err_status_ok)
+ if (srtp_rdb_add_index(&rdb, i+1) != srtp_err_status_ok)
++failures;
- if (rdb_check(&rdb, i) != err_status_ok)
+ if (srtp_rdb_check(&rdb, i) != srtp_err_status_ok)
++failures;
- if (rdb_add_index(&rdb, i) != err_status_ok)
+ if (srtp_rdb_add_index(&rdb, i) != srtp_err_status_ok)
++failures;
}
timer = clock() - timer;
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include <stdio.h>
/*
* defining ROC_TEST causes small datatypes to be used in
- * xtd_seq_num_t - this allows the functions to be exhaustively tested.
+ * srtp_xtd_seq_num_t - this allows the functions to be exhaustively tested.
*/
#if ROC_NEEDS_TO_BE_TESTED
#define ROC_TEST
#include "rdbx.h"
#include "ut_sim.h"
-err_status_t
+srtp_err_status_t
roc_test(int num_trials);
int
main (void) {
- err_status_t status;
+ srtp_err_status_t status;
printf("rollover counter test driver\n"
"David A. McGrew\n"
#define ROC_VERBOSE 0
-err_status_t
+srtp_err_status_t
roc_test(int num_trials) {
- xtd_seq_num_t local, est, ref;
+ srtp_xtd_seq_num_t local, est, ref;
ut_connection utc;
int i, num_bad_est = 0;
int delta;
uint32_t ircvd;
double failure_rate;
- index_init(&local);
- index_init(&ref);
- index_init(&est);
+ srtp_index_init(&local);
+ srtp_index_init(&ref);
+ srtp_index_init(&est);
printf("\n\ttesting sequential insertion...");
for (i=0; i < 2048; i++) {
- delta = index_guess(&local, &est, (uint16_t) ref);
+ delta = srtp_index_guess(&local, &est, (uint16_t) ref);
#if ROC_VERBOSE
printf("%lld, %lld, %d\n", ref, est, i);
#endif
#endif
++num_bad_est;
}
- index_advance(&ref, 1);
+ srtp_index_advance(&ref, 1);
}
failure_rate = (double) num_bad_est / num_trials;
if (failure_rate > 0.01) {
printf("error: failure rate too high (%d bad estimates in %d trials)\n",
num_bad_est, num_trials);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
printf("done\n");
printf("\ttesting non-sequential insertion...");
- index_init(&local);
- index_init(&ref);
- index_init(&est);
+ srtp_index_init(&local);
+ srtp_index_init(&ref);
+ srtp_index_init(&est);
ut_init(&utc);
for (i=0; i < num_trials; i++) {
ref = ircvd;
/* estimate index based on low bits of ircvd */
- delta = index_guess(&local, &est, (uint16_t) ref);
+ delta = srtp_index_guess(&local, &est, (uint16_t) ref);
#if ROC_VERBOSE
printf("ref: %lld, local: %lld, est: %lld, ircvd: %d, delta: %d\n",
ref, local, est, ircvd, delta);
if (local + delta != est) {
printf(" *bad delta*: local %llu + delta %d != est %llu\n",
(unsigned long long)local, delta, (unsigned long long)est);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
- /* now update local xtd_seq_num_t as necessary */
+ /* now update local srtp_xtd_seq_num_t as necessary */
if (delta > 0)
- index_advance(&local, delta);
+ srtp_index_advance(&local, delta);
if (ref != est) {
#if ROC_VERBOSE
if (failure_rate > 0.01) {
printf("error: failure rate too high (%d bad estimates in %d trials)\n",
num_bad_est, num_trials);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
printf("done\n");
- return err_status_ok;
+ return srtp_err_status_ok;
}
* Cisco Systems, Inc.
*/
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
-#include "rtp_priv.h"
+#include "rtp.h"
#include <stdio.h>
#include <string.h>
int
rtp_sendto(rtp_sender_t sender, const void* msg, int len) {
int octets_sent;
- err_status_t stat;
+ srtp_err_status_t stat;
int pkt_len = len + RTP_HEADER_LEN;
/* marshal data */
int
rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len) {
int octets_recvd;
- err_status_t stat;
+ srtp_err_status_t stat;
octets_recvd = recvfrom(receiver->socket, (void *)&receiver->message,
*len, 0, (struct sockaddr *) NULL, 0);
if (stat) {
fprintf(stderr,
"error: srtp unprotection failed with code %d%s\n", stat,
- stat == err_status_replay_fail ? " (replay check failed)" :
- stat == err_status_auth_fail ? " (auth check failed)" : "");
+ stat == srtp_err_status_replay_fail ? " (replay check failed)" :
+ stat == srtp_err_status_auth_fail ? " (auth check failed)" : "");
return -1;
}
strncpy(msg, receiver->message.body, octets_recvd);
void
rtp_receiver_dealloc(rtp_receiver_t rtp_ctx) {
- return free(rtp_ctx);
+ free(rtp_ctx);
}
--- /dev/null
+/*
+ * rtp.h
+ *
+ * rtp interface for srtp reference implementation
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ *
+ * data types:
+ *
+ * rtp_msg_t an rtp message (the data that goes on the wire)
+ * rtp_sender_t sender side socket and rtp info
+ * rtp_receiver_t receiver side socket and rtp info
+ *
+ */
+
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#ifndef SRTP_RTP_H
+#define SRTP_RTP_H
+
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#elif defined HAVE_WINSOCK2_H
+# include <winsock2.h>
+#endif
+
+#include "srtp_priv.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * RTP_HEADER_LEN indicates the size of an RTP header
+ */
+#define RTP_HEADER_LEN 12
+
+/*
+ * RTP_MAX_BUF_LEN defines the largest RTP packet in the rtp.c implementation
+ */
+#define RTP_MAX_BUF_LEN 16384
+
+
+typedef srtp_hdr_t rtp_hdr_t;
+
+typedef struct {
+ srtp_hdr_t header;
+ char body[RTP_MAX_BUF_LEN];
+} rtp_msg_t;
+
+typedef struct rtp_sender_ctx_t {
+ rtp_msg_t message;
+ int socket;
+ srtp_ctx_t *srtp_ctx;
+ struct sockaddr_in addr; /* reciever's address */
+} rtp_sender_ctx_t;
+
+typedef struct rtp_receiver_ctx_t {
+ rtp_msg_t message;
+ int socket;
+ srtp_ctx_t *srtp_ctx;
+ struct sockaddr_in addr; /* receiver's address */
+} rtp_receiver_ctx_t;
+
+
+typedef struct rtp_sender_ctx_t *rtp_sender_t;
+
+typedef struct rtp_receiver_ctx_t *rtp_receiver_t;
+
+int
+rtp_sendto(rtp_sender_t sender, const void* msg, int len);
+
+int
+rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len);
+
+int
+rtp_receiver_init(rtp_receiver_t rcvr, int sock,
+ struct sockaddr_in addr, unsigned int ssrc);
+
+int
+rtp_sender_init(rtp_sender_t sender, int sock,
+ struct sockaddr_in addr, unsigned int ssrc);
+
+/*
+ * srtp_sender_init(...) initializes an rtp_sender_t
+ */
+
+int
+srtp_sender_init(rtp_sender_t rtp_ctx, /* structure to be init'ed */
+ struct sockaddr_in name, /* socket name */
+ srtp_sec_serv_t security_services, /* sec. servs. to be used */
+ unsigned char *input_key /* master key/salt in hex */
+ );
+
+int
+srtp_receiver_init(rtp_receiver_t rtp_ctx, /* structure to be init'ed */
+ struct sockaddr_in name, /* socket name */
+ srtp_sec_serv_t security_services, /* sec. servs. to be used */
+ unsigned char *input_key /* master key/salt in hex */
+ );
+
+
+int
+rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy);
+
+int
+rtp_sender_deinit_srtp(rtp_sender_t sender);
+
+int
+rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy);
+
+int
+rtp_receiver_deinit_srtp(rtp_receiver_t sender);
+
+
+rtp_sender_t
+rtp_sender_alloc(void);
+
+void
+rtp_sender_dealloc(rtp_sender_t rtp_ctx);
+
+rtp_receiver_t
+rtp_receiver_alloc(void);
+
+void
+rtp_receiver_dealloc(rtp_receiver_t rtp_ctx);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SRTP_RTP_H */
--- /dev/null
+/*
+ * rtp_decoder.c
+ *
+ * decoder structures and functions for SRTP pcap decoder
+ *
+ * Example:
+ * $ wget --no-check-certificate https://raw.githubusercontent.com/gteissier/srtp-decrypt/master/marseillaise-srtp.pcap
+ * $ ./test/rtp_decoder -a -t 10 -e 128 -b aSBrbm93IGFsbCB5b3VyIGxpdHRsZSBzZWNyZXRz \
+ * < ~/marseillaise-srtp.pcap | text2pcap -t "%M:%S." -u 10000,10000 - - > ./marseillaise-rtp.pcap
+ *
+ * There is also a different way of setting up key size and tag size
+ * based upon RFC 4568 crypto suite specification, i.e.:
+ *
+ * $ ./test/rtp_decoder -s AES_CM_128_HMAC_SHA1_80 -b aSBrbm93IGFsbCB5b3VyIGxpdHRsZSBzZWNyZXRz ...
+ *
+ * Audio can be extracted using extractaudio utility from the RTPproxy
+ * package:
+ *
+ * $ extractaudio -A ./marseillaise-rtp.pcap ./marseillaise-out.wav
+ *
+ * Bernardo Torres <bernardo@torresautomacao.com.br>
+ *
+ * Some structure and code from https://github.com/gteissier/srtp-decrypt
+ */
+/*
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+#include "getopt_s.h" /* for local getopt() */
+#include <assert.h> /* for assert() */
+
+#include <pcap.h>
+#include "rtp_decoder.h"
+#include "util.h"
+
+#define MAX_KEY_LEN 96
+#define MAX_FILTER 256
+
+struct srtp_crypto_suite {
+ const char *can_name;
+ int key_size;
+ int tag_size;
+};
+
+static struct srtp_crypto_suite srtp_crypto_suites[] = {
+ {.can_name = "AES_CM_128_HMAC_SHA1_32", .key_size = 128, .tag_size = 4},
+#if 0
+ {.can_name = "F8_128_HMAC_SHA1_32", .key_size = 128, .tag_size = 4},
+#endif
+ {.can_name = "AES_CM_128_HMAC_SHA1_32", .key_size = 128, .tag_size = 4},
+ {.can_name = "AES_CM_128_HMAC_SHA1_80", .key_size = 128, .tag_size = 10},
+ {.can_name = NULL}
+};
+
+int
+main (int argc, char *argv[]) {
+ char errbuf[PCAP_ERRBUF_SIZE];
+ bpf_u_int32 pcap_net = 0;
+ pcap_t *pcap_handle;
+#if BEW
+ struct sockaddr_in local;
+#endif
+ srtp_sec_serv_t sec_servs = sec_serv_none;
+ int c;
+ struct srtp_crypto_suite scs, *i_scsp;
+ scs.key_size = 128;
+ scs.tag_size = 8;
+ int gcm_on = 0;
+ char *input_key = NULL;
+ int b64_input = 0;
+ char key[MAX_KEY_LEN];
+ struct bpf_program fp;
+ char filter_exp[MAX_FILTER] = "";
+ rtp_decoder_t dec;
+ srtp_policy_t policy;
+ srtp_err_status_t status;
+ int len;
+ int expected_len;
+ int do_list_mods = 0;
+
+ fprintf(stderr, "Using %s [0x%x]\n", srtp_get_version_string(), srtp_get_version());
+
+ /* initialize srtp library */
+ status = srtp_init();
+ if (status) {
+ fprintf(stderr, "error: srtp initialization failed with error code %d\n", status);
+ exit(1);
+ }
+
+ /* check args */
+ while (1) {
+ c = getopt_s(argc, argv, "b:k:gt:ae:ld:f:s:");
+ if (c == -1) {
+ break;
+ }
+ switch (c) {
+ case 'b':
+ b64_input = 1;
+ /* fall thru */
+ case 'k':
+ input_key = optarg_s;
+ break;
+ case 'e':
+ scs.key_size = atoi(optarg_s);
+ if (scs.key_size != 128 && scs.key_size != 256) {
+ fprintf(stderr, "error: encryption key size must be 128 or 256 (%d)\n", scs.key_size);
+ exit(1);
+ }
+ input_key = malloc(scs.key_size);
+ sec_servs |= sec_serv_conf;
+ break;
+ case 't':
+ scs.tag_size = atoi(optarg_s);
+ break;
+ case 'a':
+ sec_servs |= sec_serv_auth;
+ break;
+ case 'g':
+ gcm_on = 1;
+ sec_servs |= sec_serv_auth;
+ break;
+ case 'd':
+ status = srtp_crypto_kernel_set_debug_module(optarg_s, 1);
+ if (status) {
+ fprintf(stderr, "error: set debug module (%s) failed\n", optarg_s);
+ exit(1);
+ }
+ break;
+ case 'f':
+ if(strlen(optarg_s) > MAX_FILTER){
+ fprintf(stderr, "error: filter bigger than %d characters\n", MAX_FILTER);
+ exit(1);
+ }
+ fprintf(stderr, "Setting filter as %s\n", optarg_s);
+ strcpy(filter_exp, optarg_s);
+ break;
+ case 'l':
+ do_list_mods = 1;
+ break;
+ case 's':
+ for (i_scsp = &srtp_crypto_suites[0]; i_scsp->can_name != NULL; i_scsp++) {
+ if (strcasecmp(i_scsp->can_name, optarg_s) == 0) {
+ break;
+ }
+ }
+ if (i_scsp->can_name == NULL) {
+ fprintf(stderr, "Unknown/unsupported crypto suite name %s\n", optarg_s);
+ exit(1);
+ }
+ scs = *i_scsp;
+ input_key = malloc(scs.key_size);
+ sec_servs |= sec_serv_conf | sec_serv_auth;
+ break;
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ if (gcm_on && scs.tag_size != 8 && scs.tag_size != 16) {
+ fprintf(stderr, "error: GCM tag size must be 8 or 16 (%d)\n", scs.tag_size);
+ //exit(1);
+ }
+
+ if (do_list_mods) {
+ status = srtp_crypto_kernel_list_debug_modules();
+ if (status) {
+ fprintf(stderr, "error: list of debug modules failed\n");
+ exit(1);
+ }
+ return 0;
+ }
+
+ if ((sec_servs && !input_key) || (!sec_servs && input_key)) {
+ /*
+ * a key must be provided if and only if security services have
+ * been requested
+ */
+ if(input_key == NULL){
+ fprintf(stderr, "key not provided\n");
+ }
+ if(!sec_servs){
+ fprintf(stderr, "no secservs\n");
+ }
+ fprintf(stderr, "provided\n");
+ usage(argv[0]);
+ }
+
+
+
+ /* report security services selected on the command line */
+ fprintf(stderr, "security services: ");
+ if (sec_servs & sec_serv_conf)
+ fprintf(stderr, "confidentiality ");
+ if (sec_servs & sec_serv_auth)
+ fprintf(stderr, "message authentication");
+ if (sec_servs == sec_serv_none)
+ fprintf(stderr, "none");
+ fprintf(stderr, "\n");
+
+ /* set up the srtp policy and master key */
+ if (sec_servs) {
+ /*
+ * create policy structure, using the default mechanisms but
+ * with only the security services requested on the command line,
+ * using the right SSRC value
+ */
+ switch (sec_servs) {
+ case sec_serv_conf_and_auth:
+ if (gcm_on) {
+#ifdef OPENSSL
+ switch (scs.key_size) {
+ case 128:
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+ break;
+ case 256:
+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
+ break;
+ }
+#else
+ fprintf(stderr, "error: GCM mode only supported when using the OpenSSL crypto engine.\n");
+ return 0;
+#endif
+ } else {
+ switch (scs.key_size) {
+ case 128:
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ case 256:
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ }
+ }
+ break;
+ case sec_serv_conf:
+ if (gcm_on) {
+ fprintf(stderr, "error: GCM mode must always be used with auth enabled\n");
+ return -1;
+ } else {
+ switch (scs.key_size) {
+ case 128:
+ srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ case 256:
+ srtp_crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ break;
+ }
+ }
+ break;
+ case sec_serv_auth:
+ if (gcm_on) {
+#ifdef OPENSSL
+ switch (scs.key_size) {
+ case 128:
+ srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp);
+ break;
+ case 256:
+ srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp);
+ break;
+ }
+#else
+ printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n");
+ return 0;
+#endif
+ } else {
+ srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ }
+ break;
+ default:
+ fprintf(stderr, "error: unknown security service requested\n");
+ return -1;
+ }
+
+ policy.key = (uint8_t *) key;
+ policy.ekt = NULL;
+ policy.next = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.rtp.sec_serv = sec_servs;
+ policy.rtcp.sec_serv = sec_servs; //sec_serv_none; /* we don't do RTCP anyway */
+ fprintf(stderr, "setting tag len %d\n", scs.tag_size);
+ policy.rtp.auth_tag_len = scs.tag_size;
+
+ if (gcm_on && scs.tag_size != 8) {
+ fprintf(stderr, "setted tag len %d\n", scs.tag_size);
+ policy.rtp.auth_tag_len = scs.tag_size;
+ }
+
+ /*
+ * read key from hexadecimal or base64 on command line into an octet string
+ */
+ if (b64_input) {
+ int pad;
+ expected_len = policy.rtp.cipher_key_len*4/3;
+ len = base64_string_to_octet_string(key, &pad, input_key, expected_len);
+ if (pad != 0) {
+ fprintf(stderr, "error: padding in base64 unexpected\n");
+ exit(1);
+ }
+ } else {
+ expected_len = policy.rtp.cipher_key_len*2;
+ len = hex_string_to_octet_string(key, input_key, expected_len);
+ }
+ /* check that hex string is the right length */
+ if (len < expected_len) {
+ fprintf(stderr,
+ "error: too few digits in key/salt "
+ "(should be %d digits, found %d)\n",
+ expected_len, len);
+ exit(1);
+ }
+ if (strlen(input_key) > policy.rtp.cipher_key_len*2) {
+ fprintf(stderr,
+ "error: too many digits in key/salt "
+ "(should be %d hexadecimal digits, found %u)\n",
+ policy.rtp.cipher_key_len*2, (unsigned)strlen(input_key));
+ exit(1);
+ }
+
+ fprintf(stderr, "set master key/salt to %s/", octet_string_hex_string(key, 16));
+ fprintf(stderr, "%s\n", octet_string_hex_string(key+16, 14));
+
+ } else {
+ fprintf(stderr, "error: neither encryption or authentication were selected");
+ exit(1);
+ }
+
+ pcap_handle = pcap_open_offline("-", errbuf);
+
+ if (!pcap_handle) {
+ fprintf(stderr, "libpcap failed to open file '%s'\n", errbuf);
+ exit(1);
+ }
+ assert(pcap_handle != NULL);
+ if ((pcap_compile(pcap_handle, &fp, filter_exp, 1, pcap_net)) == -1) {
+ fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp,
+ pcap_geterr(pcap_handle));
+ return (2);
+ }
+ if (pcap_setfilter(pcap_handle, &fp) == -1) {
+ fprintf(stderr, "couldn't install filter %s: %s\n", filter_exp,
+ pcap_geterr(pcap_handle));
+ return (2);
+ }
+ dec = rtp_decoder_alloc();
+ if (dec == NULL) {
+ fprintf(stderr, "error: malloc() failed\n");
+ exit(1);
+ }
+ fprintf(stderr, "Starting decoder\n");
+ rtp_decoder_init(dec, policy);
+
+ pcap_loop(pcap_handle, 0, rtp_decoder_handle_pkt, (u_char *)dec);
+
+ rtp_decoder_deinit_srtp(dec);
+ rtp_decoder_dealloc(dec);
+
+ status = srtp_shutdown();
+ if (status) {
+ fprintf(stderr, "error: srtp shutdown failed with error code %d\n", status);
+ exit(1);
+ }
+
+ return 0;
+}
+
+
+void
+usage(char *string) {
+
+ fprintf(stderr, "usage: %s [-d <debug>]* [[-k][-b] <key> [-a][-e]]\n"
+ "or %s -l\n"
+ "where -a use message authentication\n"
+ " -e <key size> use encryption (use 128 or 256 for key size)\n"
+ " -g Use AES-GCM mode (must be used with -e)\n"
+ " -t <tag size> Tag size to use (in GCM mode use 8 or 16)\n"
+ " -k <key> sets the srtp master key given in hexadecimal\n"
+ " -b <key> sets the srtp master key given in base64\n"
+ " -l list debug modules\n"
+ " -f \"<pcap filter>\" to filter only the desired SRTP packets\n"
+ " -d <debug> turn on debugging for module <debug>\n"
+ " -s \"<srtp-crypto-suite>\" to set both key and tag size based\n"
+ " on RFC4568-style crypto suite specification\n",
+ string, string);
+ exit(1);
+
+}
+
+rtp_decoder_t
+rtp_decoder_alloc(void) {
+ return (rtp_decoder_t)malloc(sizeof(rtp_decoder_ctx_t));
+}
+
+void
+rtp_decoder_dealloc(rtp_decoder_t rtp_ctx) {
+ free(rtp_ctx);
+}
+
+srtp_err_status_t
+rtp_decoder_init_srtp(rtp_decoder_t decoder, unsigned int ssrc) {
+ decoder->policy.ssrc.value = htonl(ssrc);
+ return srtp_create(&decoder->srtp_ctx, &decoder->policy);
+}
+
+int
+rtp_decoder_deinit_srtp(rtp_decoder_t decoder) {
+ return srtp_dealloc(decoder->srtp_ctx);
+}
+
+int
+rtp_decoder_init(rtp_decoder_t dcdr, srtp_policy_t policy) {
+ dcdr->rtp_offset = DEFAULT_RTP_OFFSET;
+ dcdr->srtp_ctx = NULL;
+ dcdr->start_tv.tv_usec = 0;
+ dcdr->start_tv.tv_sec = 0;
+ dcdr->frame_nr = -1;
+ dcdr->policy = policy;
+ dcdr->policy.ssrc.type = ssrc_specific;
+ return 0;
+}
+
+/*
+ * decodes key as base64
+ */
+
+void hexdump(const void *ptr, size_t size) {
+ int i, j;
+ const unsigned char *cptr = ptr;
+
+ for (i = 0; i < size; i += 16) {
+ fprintf(stdout, "%04x ", i);
+ for (j = 0; j < 16 && i+j < size; j++) {
+ fprintf(stdout, "%02x ", cptr[i+j]);
+ }
+ fprintf(stdout, "\n");
+ }
+}
+
+void
+rtp_decoder_handle_pkt(u_char *arg, const struct pcap_pkthdr *hdr,
+ const u_char *bytes) {
+ rtp_decoder_t dcdr = (rtp_decoder_t)arg;
+ int pktsize;
+ struct timeval delta;
+ int octets_recvd;
+ srtp_err_status_t status;
+ dcdr->frame_nr++;
+
+ if ((dcdr->start_tv.tv_sec == 0) && (dcdr->start_tv.tv_usec == 0)) {
+ dcdr->start_tv = hdr->ts;
+ }
+
+ if (hdr->caplen < dcdr->rtp_offset) {
+ return;
+ }
+ const void *rtp_packet = bytes + dcdr->rtp_offset;
+
+ memcpy((void *)&dcdr->message, rtp_packet, hdr->caplen - dcdr->rtp_offset);
+ pktsize = hdr->caplen - dcdr->rtp_offset;
+ octets_recvd = pktsize;
+
+ if (octets_recvd == -1) {
+ return;
+ }
+
+ /* verify rtp header */
+ if (dcdr->message.header.version != 2) {
+ return;
+ }
+ if(dcdr->srtp_ctx == NULL) {
+ status = rtp_decoder_init_srtp(dcdr, dcdr->message.header.ssrc);
+ if (status) {
+ exit(1);
+ }
+ }
+ status = srtp_unprotect(dcdr->srtp_ctx, &dcdr->message, &octets_recvd);
+ if (status) {
+ return;
+ }
+ timersub(&hdr->ts, &dcdr->start_tv, &delta);
+ fprintf(stdout, "%02ld:%02ld.%06ld\n", delta.tv_sec/60, delta.tv_sec%60, (long)delta.tv_usec);
+ hexdump(&dcdr->message, octets_recvd);
+}
+
+void rtp_print_error(srtp_err_status_t status, char *message) {
+ fprintf(stderr,
+ "error: %s %d%s\n", message, status,
+ status == srtp_err_status_replay_fail ? " (replay check failed)" :
+ status == srtp_err_status_bad_param ? " (bad param)" :
+ status == srtp_err_status_no_ctx ? " (no context)" :
+ status == srtp_err_status_cipher_fail ? " (cipher failed)" :
+ status == srtp_err_status_key_expired ? " (key expired)" :
+ status == srtp_err_status_auth_fail ? " (auth check failed)" : "");
+}
/*
- * rand_source.h
+ * rtp_decoder.h
*
- * implements a random source based on /dev/random
+ * decoder structures and functions for SRTP pcap decoder
+ *
+ * Bernardo Torres <bernardo@torresautomacao.com.br>
+ *
+ * Some structure and code from https://github.com/gteissier/srtp-decrypt
*
- * David A. McGrew
- * Cisco Systems, Inc.
*/
/*
*
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
-#ifndef RAND_SOURCE
-#define RAND_SOURCE
+#ifndef RTP_DECODER_H
+#define RTP_DECODER_H
+
+#include "srtp_priv.h"
+#include "rtp.h"
-#include "err.h"
-#include "datatypes.h"
+#define DEFAULT_RTP_OFFSET 42
-err_status_t
-rand_source_init(void);
+typedef struct rtp_decoder_ctx_t {
+ srtp_policy_t policy;
+ srtp_ctx_t *srtp_ctx;
+ int rtp_offset;
+ struct timeval start_tv;
+ int frame_nr;
+ rtp_msg_t message;
+} rtp_decoder_ctx_t;
+
+typedef struct rtp_decoder_ctx_t *rtp_decoder_t;
/*
- * rand_source_get_octet_string() writes a random octet string.
- *
- * The function call rand_source_get_octet_string(dest, len) writes
- * len octets of random data to the location to which dest points,
- * and returns an error code. This error code should be checked,
- * and if a failure is reported, the data in the buffer MUST NOT
- * be used.
- *
- * warning: If the return code is not checked, then non-random
- * data may inadvertently be used.
- *
- * returns:
- * - err_status_ok if no problems occured.
- * - [other] a problem occured, and no assumptions should
- * be made about the contents of the destination
- * buffer.
+ * error to string
*/
+void rtp_print_error(srtp_err_status_t status, char *message);
-err_status_t
-rand_source_get_octet_string(void *dest, uint32_t length);
+/*
+ * prints the output of a random buffer in hexadecimal
+ */
+void hexdump(const void *ptr, size_t size);
-err_status_t
-rand_source_deinit(void);
+/*
+ * the function usage() prints an error message describing how this
+ * program should be called, then calls exit()
+ */
+void usage(char *prog_name);
+
+/*
+ * transforms base64 key into octet
+ */
+char *decode_sdes(char *in, char *out);
/*
- * function prototype for a random source function
- *
- * A rand_source_func_t writes num_octets at the location indicated by
- * dest and returns err_status_ok. Any other return value indicates
- * failure.
+ * pcap handling
*/
+void rtp_decoder_handle_pkt(u_char *arg, const struct pcap_pkthdr *hdr, const u_char *bytes);
+
+rtp_decoder_t rtp_decoder_alloc(void);
+
+void rtp_decoder_dealloc(rtp_decoder_t rtp_ctx);
+
+int rtp_decoder_init(rtp_decoder_t dcdr, srtp_policy_t policy);
+
+srtp_err_status_t rtp_decoder_init_srtp(rtp_decoder_t decoder, unsigned int ssrc);
-typedef err_status_t (*rand_source_func_t)
- (void *dest, uint32_t num_octets);
+int
+rtp_decoder_deinit_srtp(rtp_decoder_t decoder);
-#endif /* RAND_SOURCE */
+#endif /* RTP_DECODER_H */
* Cisco Systems, Inc.
*
* This app is a simple RTP application intended only for testing
- * libsrtp. It reads one word at a time from /usr/dict/words (or
+ * libsrtp. It reads one word at a time from words.txt (or
* whatever file is specified as DICT_FILE), and sends one word out
* each USEC_RATE microseconds. Secure RTP protections can be
* applied. See the usage() function for more details.
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
*/
-#include "datatypes.h"
+#ifdef HAVE_CONFIG_H
+ #include <config.h>
+#endif
+
#include "getopt_s.h" /* for local getopt() */
#include <stdio.h> /* for printf, fprintf */
#ifdef HAVE_UNISTD_H
#include <unistd.h> /* for close() */
+#elif defined(_MSC_VER)
+#include <io.h> /* for _close() */
+#define close _close
#endif
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#include "srtp.h"
#include "rtp.h"
+#include "util.h"
-#ifdef RTPW_USE_WINSOCK2
-# define DICT_FILE "words.txt"
-#else
-# define DICT_FILE "/usr/share/dict/words"
-#endif
+#define DICT_FILE "words.txt"
#define USEC_RATE (5e5)
#define MAX_WORD_LEN 128
#define ADDR_IS_MULTICAST(a) IN_MULTICAST(htonl(a))
struct sockaddr_in local;
#endif
program_type prog_type = unknown;
- sec_serv_t sec_servs = sec_serv_none;
+ srtp_sec_serv_t sec_servs = sec_serv_none;
unsigned char ttl = 5;
int c;
int key_size = 128;
int tag_size = 8;
int gcm_on = 0;
char *input_key = NULL;
+ int b64_input = 0;
char *address = NULL;
char key[MAX_KEY_LEN];
unsigned short port = 0;
rtp_sender_t snd;
srtp_policy_t policy;
- err_status_t status;
+ srtp_err_status_t status;
int len;
+ int expected_len;
int do_list_mods = 0;
uint32_t ssrc = 0xdeadbeef; /* ssrc value hardcoded for now */
#ifdef RTPW_USE_WINSOCK2
}
#endif
+ memset(&policy, 0x0, sizeof(srtp_policy_t));
+
+ printf("Using %s [0x%x]\n", srtp_get_version_string(), srtp_get_version());
+
if (setup_signal_handler(argv[0]) != 0) {
exit(1);
}
/* check args */
while (1) {
- c = getopt_s(argc, argv, "k:rsgt:ae:ld:");
+ c = getopt_s(argc, argv, "b:k:rsgt:ae:ld:");
if (c == -1) {
break;
}
switch (c) {
+ case 'b':
+ b64_input = 1;
+ /* fall thru */
case 'k':
input_key = optarg_s;
break;
prog_type = sender;
break;
case 'd':
- status = crypto_kernel_set_debug_module(optarg_s, 1);
+ status = srtp_set_debug_module(optarg_s, 1);
if (status) {
printf("error: set debug module (%s) failed\n", optarg_s);
exit(1);
if (prog_type == unknown) {
if (do_list_mods) {
- status = crypto_kernel_list_debug_modules();
+ status = srtp_list_debug_modules();
if (status) {
printf("error: list of debug modules failed\n");
exit(1);
#ifdef OPENSSL
switch (key_size) {
case 128:
- crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
break;
case 256:
- crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
break;
}
#else
} else {
switch (key_size) {
case 128:
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
case 256:
- crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
}
}
} else {
switch (key_size) {
case 128:
- crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
case 256:
- crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
}
}
#ifdef OPENSSL
switch (key_size) {
case 128:
- crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp);
+ srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp);
break;
case 256:
- crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp);
+ srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp);
break;
}
#else
return 0;
#endif
} else {
- crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
}
break;
default:
}
policy.ssrc.type = ssrc_specific;
policy.ssrc.value = ssrc;
- policy.key = (uint8_t *) key;
+ policy.key = (uint8_t *)key;
policy.ekt = NULL;
policy.next = NULL;
policy.window_size = 128;
}
/*
- * read key from hexadecimal on command line into an octet string
+ * read key from hexadecimal or base64 on command line into an octet string
*/
- len = hex_string_to_octet_string(key, input_key, policy.rtp.cipher_key_len*2);
-
+ if (b64_input) {
+ int pad;
+ expected_len = (policy.rtp.cipher_key_len*4)/3;
+ len = base64_string_to_octet_string(key, &pad, input_key, expected_len);
+ if (pad != 0) {
+ fprintf(stderr, "error: padding in base64 unexpected\n");
+ exit(1);
+ }
+ } else {
+ expected_len = policy.rtp.cipher_key_len*2;
+ len = hex_string_to_octet_string(key, input_key, expected_len);
+ }
/* check that hex string is the right length */
- if (len < policy.rtp.cipher_key_len*2) {
+ if (len < expected_len) {
fprintf(stderr,
"error: too few digits in key/salt "
- "(should be %d hexadecimal digits, found %d)\n",
- policy.rtp.cipher_key_len*2, len);
+ "(should be %d digits, found %d)\n",
+ expected_len, len);
exit(1);
}
- if (strlen(input_key) > policy.rtp.cipher_key_len*2) {
+ if ((int) strlen(input_key) > policy.rtp.cipher_key_len*2) {
fprintf(stderr,
"error: too many digits in key/salt "
"(should be %d hexadecimal digits, found %u)\n",
* the effect of this policy is to turn off SRTP, so that this
* application is now a vanilla-flavored RTP application.
*/
- policy.key = (uint8_t *)key;
+ srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtp);
+ srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtcp);
+ policy.key = (uint8_t *)key;
policy.ssrc.type = ssrc_specific;
policy.ssrc.value = ssrc;
- policy.rtp.cipher_type = NULL_CIPHER;
- policy.rtp.cipher_key_len = 0;
- policy.rtp.auth_type = NULL_AUTH;
- policy.rtp.auth_key_len = 0;
- policy.rtp.auth_tag_len = 0;
- policy.rtp.sec_serv = sec_serv_none;
- policy.rtcp.cipher_type = NULL_CIPHER;
- policy.rtcp.cipher_key_len = 0;
- policy.rtcp.auth_type = NULL_AUTH;
- policy.rtcp.auth_key_len = 0;
- policy.rtcp.auth_tag_len = 0;
- policy.rtcp.sec_serv = sec_serv_none;
policy.window_size = 0;
policy.allow_repeat_tx = 0;
policy.ekt = NULL;
" -e <key size> use encryption (use 128 or 256 for key size)\n"
" -g Use AES-GCM mode (must be used with -e)\n"
" -t <tag size> Tag size to use in GCM mode (use 8 or 16)\n"
- " -k <key> sets the srtp master key\n"
+ " -k <key> sets the srtp master key given in hexadecimal\n"
+ " -b <key> sets the srtp master key given in base64\n"
" -s act as rtp sender\n"
" -r act as rtp receiver\n"
" -l list debug modules\n"
# usage: rtpw_test <rtpw_commands>
#
# tests the rtpw sender and receiver functions
-
-RTPW=./rtpw
+#
+# Copyright (c) 2001-2017, Cisco Systems, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#
+# Neither the name of the Cisco Systems, Inc. nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+case $(uname -s) in
+ *CYGWIN*|*MINGW*)
+ EXE=".exe"
+ ;;
+ *)
+ EXE=""
+ ;;
+esac
+
+RTPW=./rtpw$EXE
DEST_PORT=9999
DURATION=3
-key=2b2edc5034f61a72345ca5986d7bfd0189aa6dc2ecab32fd9af74df6dfc6
+key=Ky7cUDT2GnI0XKWYbXv9AYmqbcLsqzL9mvdN9t/G
-ARGS="-k $key -a -e 128"
+ARGS="-b $key -a -e 128"
# First, we run "killall" to get rid of all existing rtpw processes.
# This step also enables this script to clean up after itself; if this
sleep 1
# verify that the background job is running
-ps | grep -q $receiver_pid
+ps -e | grep -q $receiver_pid
retval=$?
echo $retval
if [ $retval != 0 ]; then
echo $0 ": sender PID = $sender_pid"
# verify that the background job is running
-ps | grep -q $sender_pid
+ps -e | grep -q $sender_pid
retval=$?
echo $retval
if [ $retval != 0 ]; then
kill $receiver_pid
kill $sender_pid
-wait $receiver_pid
-wait $sender_pid
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
key=033490ba9e82994fc21013395739038992b2edc5034f61a72345ca598d7bfd0189aa6dc2ecab32fd9af74df6dfc6
sleep 1
# verify that the background job is running
-ps | grep -q $receiver_pid
+ps -e | grep -q $receiver_pid
retval=$?
echo $retval
if [ $retval != 0 ]; then
echo $0 ": sender PID = $sender_pid"
# verify that the background job is running
-ps | grep -q $sender_pid
+ps -e | grep -q $sender_pid
retval=$?
echo $retval
if [ $retval != 0 ]; then
kill $receiver_pid
kill $sender_pid
-wait $receiver_pid
-wait $sender_pid
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
echo $0 ": done (test passed)"
# usage: rtpw_test <rtpw_commands>
#
# tests the rtpw sender and receiver functions
-
-RTPW=./rtpw
+#
+# Copyright (c) 2001-2017, Cisco Systems, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+#
+# Neither the name of the Cisco Systems, Inc. nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+case $(uname -s) in
+ *CYGWIN*|*MINGW*)
+ EXE=".exe"
+ ;;
+ *)
+ EXE=""
+ ;;
+esac
+
+RTPW=./rtpw$EXE
DEST_PORT=9999
DURATION=3
sleep 1
# verify that the background job is running
-ps | grep -q $receiver_pid
+ps -e | grep -q $receiver_pid
retval=$?
echo $retval
if [ $retval != 0 ]; then
echo $0 ": sender PID = $sender_pid"
# verify that the background job is running
-ps | grep -q $sender_pid
+ps -e | grep -q $sender_pid
retval=$?
echo $retval
if [ $retval != 0 ]; then
kill $receiver_pid
kill $sender_pid
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
+
GCMARGS128="-k 01234567890123456789012345678901234567890123456789012345 -g -t 16 -e 128"
echo $0 ": starting GCM mode 128-bit (16 byte tag) rtpw receiver process... "
sleep 1
# verify that the background job is running
-ps | grep -q $receiver_pid
+ps -e | grep -q $receiver_pid
retval=$?
echo $retval
if [ $retval != 0 ]; then
echo $0 ": sender PID = $sender_pid"
# verify that the background job is running
-ps | grep -q $sender_pid
+ps -e | grep -q $sender_pid
retval=$?
echo $retval
if [ $retval != 0 ]; then
kill $receiver_pid
kill $sender_pid
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
GCMARGS256="-k 0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567 -g -e 256"
sleep 1
# verify that the background job is running
-ps | grep -q $receiver_pid
+ps -e | grep -q $receiver_pid
retval=$?
echo $retval
if [ $retval != 0 ]; then
echo $0 ": sender PID = $sender_pid"
# verify that the background job is running
-ps | grep -q $sender_pid
+ps -e | grep -q $sender_pid
retval=$?
echo $retval
if [ $retval != 0 ]; then
kill $receiver_pid
kill $sender_pid
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
GCMARGS256="-k a123456789012345678901234567890123456789012345678901234567890123456789012345678901234567 -g -t 16 -e 256"
echo $0 ": starting GCM mode 256-bit (16 byte tag) rtpw receiver process... "
sleep 1
# verify that the background job is running
-ps | grep -q $receiver_pid
+ps -e | grep -q $receiver_pid
retval=$?
echo $retval
if [ $retval != 0 ]; then
echo $0 ": sender PID = $sender_pid"
# verify that the background job is running
-ps | grep -q $sender_pid
+ps -e | grep -q $sender_pid
retval=$?
echo $retval
if [ $retval != 0 ]; then
kill $receiver_pid
kill $sender_pid
+wait $receiver_pid 2>/dev/null
+wait $sender_pid 2>/dev/null
echo $0 ": done (test passed)"
+
+
/*
* srtp_driver.c
- *
+ *
* a test driver for libSRTP
*
* David A. McGrew
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
#include "getopt_s.h" /* for local getopt() */
#include "srtp_priv.h"
+#include "util.h"
#ifdef HAVE_NETINET_IN_H
# include <netinet/in.h>
#define PRINT_REFERENCE_PACKET 1
-err_status_t
+srtp_err_status_t
srtp_validate(void);
-err_status_t
+#ifdef OPENSSL
+srtp_err_status_t
+srtp_validate_gcm(void);
+#endif
+
+srtp_err_status_t
+srtp_validate_encrypted_extensions_headers(void);
+
+#ifdef OPENSSL
+srtp_err_status_t
+srtp_validate_encrypted_extensions_headers_gcm(void);
+#endif
+
+srtp_err_status_t
srtp_validate_aes_256(void);
-err_status_t
+srtp_err_status_t
srtp_create_big_policy(srtp_policy_t **list);
-err_status_t
+srtp_err_status_t
srtp_dealloc_big_policy(srtp_policy_t *list);
-err_status_t
+srtp_err_status_t
+srtp_test_empty_payload(void);
+
+#ifdef OPENSSL
+srtp_err_status_t
+srtp_test_empty_payload_gcm(void);
+#endif
+
+srtp_err_status_t
srtp_test_remove_stream(void);
+srtp_err_status_t
+srtp_test_update(void);
+
+srtp_err_status_t
+srtp_test_protect_trailer_length(void);
+
+srtp_err_status_t
+srtp_test_protect_rtcp_trailer_length(void);
+
+srtp_err_status_t
+srtp_test_get_roc(void);
+
+srtp_err_status_t
+srtp_test_set_receiver_roc(void);
+
+srtp_err_status_t
+srtp_test_set_sender_roc(void);
+
double
srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy);
void
srtp_do_rejection_timing(const srtp_policy_t *policy);
-err_status_t
-srtp_test(const srtp_policy_t *policy);
+srtp_err_status_t
+srtp_test(const srtp_policy_t *policy, int extension_header, int mki_index);
-err_status_t
-srtcp_test(const srtp_policy_t *policy);
+srtp_err_status_t
+srtcp_test(const srtp_policy_t *policy, int mki_index);
-err_status_t
+srtp_err_status_t
srtp_session_print_policy(srtp_t srtp);
-err_status_t
-srtp_print_policy(const srtp_policy_t *policy);
+srtp_err_status_t
+srtp_print_policy(const srtp_policy_t *policy);
char *
srtp_packet_to_string(srtp_hdr_t *hdr, int packet_len);
double
mips_estimate(int num_trials, int *ignore);
+#define TEST_MKI_ID_SIZE 4
+
extern uint8_t test_key[46];
+extern uint8_t test_key_2[46];
+extern uint8_t test_mki_id[TEST_MKI_ID_SIZE];
+extern uint8_t test_mki_id_2[TEST_MKI_ID_SIZE];
+
+srtp_master_key_t master_key_1 = {
+ test_key,
+ test_mki_id,
+ TEST_MKI_ID_SIZE
+};
+
+srtp_master_key_t master_key_2 = {
+ test_key_2,
+ test_mki_id_2,
+ TEST_MKI_ID_SIZE
+};
+
+srtp_master_key_t *test_keys[2] = {
+ &master_key_1,
+ &master_key_2
+};
+
+void
+usage (char *prog_name)
+{
+ printf("usage: %s [ -t ][ -c ][ -v ][ -o ][-d <debug_module> ]* [ -l ]\n"
+ " -t run timing test\n"
+ " -r run rejection timing test\n"
+ " -c run codec timing test\n"
+ " -v run validation tests\n"
+ " -o output logging to stdout\n"
+ " -d <mod> turn on debugging module <mod>\n"
+ " -l list debugging modules\n", prog_name);
+ exit(1);
+}
void
-usage(char *prog_name) {
- printf("usage: %s [ -t ][ -c ][ -v ][-d <debug_module> ]* [ -l ]\n"
- " -t run timing test\n"
- " -r run rejection timing test\n"
- " -c run codec timing test\n"
- " -v run validation tests\n"
- " -d <mod> turn on debugging module <mod>\n"
- " -l list debugging modules\n", prog_name);
- exit(1);
+log_handler (srtp_log_level_t level, const char * msg, void * data)
+{
+ char level_char = '?';
+ switch(level) {
+ case srtp_log_level_error: level_char = 'e'; break;
+ case srtp_log_level_warning: level_char = 'w'; break;
+ case srtp_log_level_info: level_char = 'i'; break;
+ case srtp_log_level_debug: level_char = 'd'; break;
+ }
+ printf("SRTP-LOG [%c]: %s\n", level_char, msg);
}
/*
/*
* mod_driver debug module - debugging module for this test driver
*
- * we use the crypto_kernel debugging system in this driver, which
+ * we use the crypto_kernel debugging system in this driver, which
* makes the interface uniform and increases portability
- */
+ */
-debug_module_t mod_driver = {
- 0, /* debugging is off by default */
- "driver" /* printable name for module */
+srtp_debug_module_t mod_driver = {
+ 0, /* debugging is off by default */
+ "driver" /* printable name for module */
};
int
-main (int argc, char *argv[]) {
- int q;
- unsigned do_timing_test = 0;
- unsigned do_rejection_test = 0;
- unsigned do_codec_timing = 0;
- unsigned do_validation = 0;
- unsigned do_list_mods = 0;
- err_status_t status;
-
- /*
- * verify that the compiler has interpreted the header data
- * structure srtp_hdr_t correctly
- */
- if (sizeof(srtp_hdr_t) != 12) {
- printf("error: srtp_hdr_t has incorrect size"
- "(size is %ld bytes, expected 12)\n",
- (long)sizeof(srtp_hdr_t));
- exit(1);
- }
-
- /* initialize srtp library */
- status = srtp_init();
- if (status) {
- printf("error: srtp init failed with error code %d\n", status);
- exit(1);
- }
-
- /* load srtp_driver debug module */
- status = crypto_kernel_load_debug_module(&mod_driver);
- if (status) {
- printf("error: load of srtp_driver debug module failed "
- "with error code %d\n", status);
- exit(1);
- }
+main (int argc, char *argv[])
+{
+ int q;
+ unsigned do_timing_test = 0;
+ unsigned do_rejection_test = 0;
+ unsigned do_codec_timing = 0;
+ unsigned do_validation = 0;
+ unsigned do_list_mods = 0;
+ unsigned do_log_stdout = 0;
+ srtp_err_status_t status;
- /* process input arguments */
- while (1) {
- q = getopt_s(argc, argv, "trcvld:");
- if (q == -1)
- break;
- switch (q) {
- case 't':
- do_timing_test = 1;
- break;
- case 'r':
- do_rejection_test = 1;
- break;
- case 'c':
- do_codec_timing = 1;
- break;
- case 'v':
- do_validation = 1;
- break;
- case 'l':
- do_list_mods = 1;
- break;
- case 'd':
- status = crypto_kernel_set_debug_module(optarg_s, 1);
- if (status) {
- printf("error: set debug module (%s) failed\n", optarg_s);
+ /*
+ * verify that the compiler has interpreted the header data
+ * structure srtp_hdr_t correctly
+ */
+ if (sizeof(srtp_hdr_t) != 12) {
+ printf("error: srtp_hdr_t has incorrect size"
+ "(size is %ld bytes, expected 12)\n",
+ (long)sizeof(srtp_hdr_t));
exit(1);
- }
- break;
- default:
- usage(argv[0]);
- }
- }
-
- if (!do_validation && !do_timing_test && !do_codec_timing
- && !do_list_mods && !do_rejection_test)
- usage(argv[0]);
+ }
- if (do_list_mods) {
- status = crypto_kernel_list_debug_modules();
+ /* initialize srtp library */
+ status = srtp_init();
if (status) {
- printf("error: list of debug modules failed\n");
- exit(1);
+ printf("error: srtp init failed with error code %d\n", status);
+ exit(1);
}
- }
-
- if (do_validation) {
- const srtp_policy_t **policy = policy_array;
- srtp_policy_t *big_policy;
-
- /* loop over policy array, testing srtp and srtcp for each policy */
- while (*policy != NULL) {
- printf("testing srtp_protect and srtp_unprotect\n");
- if (srtp_test(*policy) == err_status_ok)
- printf("passed\n\n");
- else {
- printf("failed\n");
- exit(1);
- }
- printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n");
- if (srtcp_test(*policy) == err_status_ok)
- printf("passed\n\n");
- else {
- printf("failed\n");
- exit(1);
- }
- policy++;
- }
-
- /* create a big policy list and run tests on it */
- status = srtp_create_big_policy(&big_policy);
+
+ /* load srtp_driver debug module */
+ status = srtp_crypto_kernel_load_debug_module(&mod_driver);
if (status) {
- printf("unexpected failure with error code %d\n", status);
- exit(1);
- }
- printf("testing srtp_protect and srtp_unprotect with big policy\n");
- if (srtp_test(big_policy) == err_status_ok)
- printf("passed\n\n");
- else {
- printf("failed\n");
- exit(1);
+ printf("error: load of srtp_driver debug module failed "
+ "with error code %d\n", status);
+ exit(1);
}
- status = srtp_dealloc_big_policy(big_policy);
- if (status) {
- printf("unexpected failure with error code %d\n", status);
- exit(1);
+
+ /* process input arguments */
+ while (1) {
+ q = getopt_s(argc, argv, "trcvold:");
+ if (q == -1) {
+ break;
+ }
+ switch (q) {
+ case 't':
+ do_timing_test = 1;
+ break;
+ case 'r':
+ do_rejection_test = 1;
+ break;
+ case 'c':
+ do_codec_timing = 1;
+ break;
+ case 'v':
+ do_validation = 1;
+ break;
+ case 'o':
+ do_log_stdout = 1;
+ break;
+ case 'l':
+ do_list_mods = 1;
+ break;
+ case 'd':
+ status = srtp_set_debug_module(optarg_s, 1);
+ if (status) {
+ printf("error: set debug module (%s) failed\n", optarg_s);
+ exit(1);
+ }
+ break;
+ default:
+ usage(argv[0]);
+ }
}
- /* run test on wildcard policy */
- printf("testing srtp_protect and srtp_unprotect on "
- "wildcard ssrc policy\n");
- if (srtp_test(&wildcard_policy) == err_status_ok)
- printf("passed\n\n");
- else {
- printf("failed\n");
- exit(1);
- }
+ if (!do_validation && !do_timing_test && !do_codec_timing
+ && !do_list_mods && !do_rejection_test) {
+ usage(argv[0]);
+ }
- /*
- * run validation test against the reference packets - note
- * that this test only covers the default policy
- */
- printf("testing srtp_protect and srtp_unprotect against "
- "reference packets\n");
- if (srtp_validate() == err_status_ok)
- printf("passed\n\n");
- else {
- printf("failed\n");
- exit(1);
+ if (do_log_stdout) {
+ status = srtp_install_log_handler(log_handler, NULL);
+ if (status) {
+ printf("error: install log handler failed\n");
+ exit(1);
+ }
}
-//FIXME: need to get this working with the OpenSSL AES module
-#ifndef OPENSSL
- /*
- * run validation test against the reference packets for
- * AES-256
- */
- printf("testing srtp_protect and srtp_unprotect against "
- "reference packets (AES-256)\n");
- if (srtp_validate_aes_256() == err_status_ok)
- printf("passed\n\n");
- else {
- printf("failed\n");
- exit(1);
+ if (do_list_mods) {
+ status = srtp_list_debug_modules();
+ if (status) {
+ printf("error: list of debug modules failed\n");
+ exit(1);
+ }
}
+
+ if (do_validation) {
+ const srtp_policy_t **policy = policy_array;
+ srtp_policy_t *big_policy;
+
+ /* loop over policy array, testing srtp and srtcp for each policy */
+ while (*policy != NULL) {
+ printf("testing srtp_protect and srtp_unprotect\n");
+ if (srtp_test(*policy, 0, -1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+
+ printf("testing srtp_protect and srtp_unprotect with encrypted extensions headers\n");
+ if (srtp_test(*policy, 1, -1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+ printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n");
+ if (srtcp_test(*policy, -1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+ printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI index set to 0\n");
+ if (srtp_test(*policy, 0, 0) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+ printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI index set to 1\n");
+ if (srtp_test(*policy, 0, 1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+
+ printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI index set to 0\n");
+ if (srtcp_test(*policy, 0) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+ printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI index set to 1\n");
+ if (srtcp_test(*policy, 1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+ policy++;
+ }
+
+ /* create a big policy list and run tests on it */
+ status = srtp_create_big_policy(&big_policy);
+ if (status) {
+ printf("unexpected failure with error code %d\n", status);
+ exit(1);
+ }
+ printf("testing srtp_protect and srtp_unprotect with big policy\n");
+ if (srtp_test(big_policy, 0, -1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+ printf("testing srtp_protect and srtp_unprotect with big policy and encrypted extensions headers\n");
+ if (srtp_test(big_policy, 1, -1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+ status = srtp_dealloc_big_policy(big_policy);
+ if (status) {
+ printf("unexpected failure with error code %d\n", status);
+ exit(1);
+ }
+
+ /* run test on wildcard policy */
+ printf("testing srtp_protect and srtp_unprotect on "
+ "wildcard ssrc policy\n");
+ if (srtp_test(&wildcard_policy, 0, -1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+ printf("testing srtp_protect and srtp_unprotect on "
+ "wildcard ssrc policy and encrypted extensions headers\n");
+ if (srtp_test(&wildcard_policy, 1, -1) == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+
+ /*
+ * run validation test against the reference packets - note
+ * that this test only covers the default policy
+ */
+ printf("testing srtp_protect and srtp_unprotect against "
+ "reference packet\n");
+ if (srtp_validate() == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+
+#ifdef OPENSSL
+ printf("testing srtp_protect and srtp_unprotect against "
+ "reference packet using GCM\n");
+ if (srtp_validate_gcm() == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
#endif
- /*
- * test the function srtp_remove_stream()
- */
- printf("testing srtp_remove_stream()...");
- if (srtp_test_remove_stream() == err_status_ok)
- printf("passed\n");
- else {
- printf("failed\n");
- exit(1);
- }
- }
-
- if (do_timing_test) {
- const srtp_policy_t **policy = policy_array;
-
- /* loop over policies, run timing test for each */
- while (*policy != NULL) {
- srtp_print_policy(*policy);
- srtp_do_timing(*policy);
- policy++;
+ printf("testing srtp_protect and srtp_unprotect against "
+ "reference packet with encrypted extensions headers\n");
+ if (srtp_validate_encrypted_extensions_headers() == srtp_err_status_ok)
+ printf("passed\n\n");
+ else {
+ printf("failed\n");
+ exit(1);
+ }
+
+#ifdef OPENSSL
+ printf("testing srtp_protect and srtp_unprotect against "
+ "reference packet with encrypted extension headers (GCM)\n");
+ if (srtp_validate_encrypted_extensions_headers_gcm() == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+#endif
+
+ /*
+ * run validation test against the reference packets for
+ * AES-256
+ */
+ printf("testing srtp_protect and srtp_unprotect against "
+ "reference packet (AES-256)\n");
+ if (srtp_validate_aes_256() == srtp_err_status_ok) {
+ printf("passed\n\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+
+ /*
+ * test packets with empty payload
+ */
+ printf("testing srtp_protect and srtp_unprotect against "
+ "packet with empty payload\n");
+ if (srtp_test_empty_payload() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+#ifdef OPENSSL
+ printf("testing srtp_protect and srtp_unprotect against "
+ "packet with empty payload (GCM)\n");
+ if (srtp_test_empty_payload_gcm() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+#endif
+
+ /*
+ * test the function srtp_remove_stream()
+ */
+ printf("testing srtp_remove_stream()...");
+ if (srtp_test_remove_stream() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else{
+ printf("failed\n");
+ exit(1);
+ }
+
+ /*
+ * test the function srtp_update()
+ */
+ printf("testing srtp_update()...");
+ if (srtp_test_update() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+ /*
+ * test the functions srtp_get_protect_trailer_length
+ * and srtp_get_protect_rtcp_trailer_length
+ */
+ printf("testing srtp_get_protect_trailer_length()...");
+ if (srtp_test_protect_trailer_length() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+ printf("testing srtp_get_protect_rtcp_trailer_length()...");
+ if (srtp_test_protect_rtcp_trailer_length() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+ printf("testing srtp_test_get_roc()...");
+ if (srtp_test_get_roc() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+ printf("testing srtp_test_set_receiver_roc()...");
+ if (srtp_test_set_receiver_roc() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
+ printf("testing srtp_test_set_sender_roc()...");
+ if (srtp_test_set_sender_roc() == srtp_err_status_ok) {
+ printf("passed\n");
+ } else {
+ printf("failed\n");
+ exit(1);
+ }
+
}
- }
- if (do_rejection_test) {
- const srtp_policy_t **policy = policy_array;
-
- /* loop over policies, run rejection timing test for each */
- while (*policy != NULL) {
- srtp_print_policy(*policy);
- srtp_do_rejection_timing(*policy);
- policy++;
+ if (do_timing_test) {
+ const srtp_policy_t **policy = policy_array;
+
+ /* loop over policies, run timing test for each */
+ while (*policy != NULL) {
+ srtp_print_policy(*policy);
+ srtp_do_timing(*policy);
+ policy++;
+ }
}
- }
-
- if (do_codec_timing) {
- srtp_policy_t policy;
- int ignore;
- double mips = mips_estimate(1000000000, &ignore);
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
- policy.ssrc.type = ssrc_specific;
- policy.ssrc.value = 0xdecafbad;
- policy.key = test_key;
- policy.ekt = NULL;
- policy.window_size = 128;
- policy.allow_repeat_tx = 0;
- policy.next = NULL;
+ if (do_rejection_test) {
+ const srtp_policy_t **policy = policy_array;
- printf("mips estimate: %e\n", mips);
-
- printf("testing srtp processing time for voice codecs:\n");
- printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n");
- printf("G.711\t\t%d\t\t\t%e\n", 80,
- (double) mips * (80 * 8) /
- srtp_bits_per_second(80, &policy) / .01 );
- printf("G.711\t\t%d\t\t\t%e\n", 160,
- (double) mips * (160 * 8) /
- srtp_bits_per_second(160, &policy) / .02);
- printf("G.726-32\t%d\t\t\t%e\n", 40,
- (double) mips * (40 * 8) /
- srtp_bits_per_second(40, &policy) / .01 );
- printf("G.726-32\t%d\t\t\t%e\n", 80,
- (double) mips * (80 * 8) /
- srtp_bits_per_second(80, &policy) / .02);
- printf("G.729\t\t%d\t\t\t%e\n", 10,
- (double) mips * (10 * 8) /
- srtp_bits_per_second(10, &policy) / .01 );
- printf("G.729\t\t%d\t\t\t%e\n", 20,
- (double) mips * (20 * 8) /
- srtp_bits_per_second(20, &policy) / .02 );
- printf("Wideband\t%d\t\t\t%e\n", 320,
- (double) mips * (320 * 8) /
- srtp_bits_per_second(320, &policy) / .01 );
- printf("Wideband\t%d\t\t\t%e\n", 640,
- (double) mips * (640 * 8) /
- srtp_bits_per_second(640, &policy) / .02 );
- }
+ /* loop over policies, run rejection timing test for each */
+ while (*policy != NULL) {
+ srtp_print_policy(*policy);
+ srtp_do_rejection_timing(*policy);
+ policy++;
+ }
+ }
- status = srtp_shutdown();
- if (status) {
- printf("error: srtp shutdown failed with error code %d\n", status);
- exit(1);
- }
+ if (do_codec_timing) {
+ srtp_policy_t policy;
+ int ignore;
+ double mips_value = mips_estimate(1000000000, &ignore);
+
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xdecafbad;
+ policy.key = test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ printf("mips estimate: %e\n", mips_value);
+
+ printf("testing srtp processing time for voice codecs:\n");
+ printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n");
+ printf("G.711\t\t%d\t\t\t%e\n", 80,
+ (double)mips_value * (80 * 8) /
+ srtp_bits_per_second(80, &policy) / .01 );
+ printf("G.711\t\t%d\t\t\t%e\n", 160,
+ (double)mips_value * (160 * 8) /
+ srtp_bits_per_second(160, &policy) / .02);
+ printf("G.726-32\t%d\t\t\t%e\n", 40,
+ (double)mips_value * (40 * 8) /
+ srtp_bits_per_second(40, &policy) / .01 );
+ printf("G.726-32\t%d\t\t\t%e\n", 80,
+ (double)mips_value * (80 * 8) /
+ srtp_bits_per_second(80, &policy) / .02);
+ printf("G.729\t\t%d\t\t\t%e\n", 10,
+ (double)mips_value * (10 * 8) /
+ srtp_bits_per_second(10, &policy) / .01 );
+ printf("G.729\t\t%d\t\t\t%e\n", 20,
+ (double)mips_value * (20 * 8) /
+ srtp_bits_per_second(20, &policy) / .02 );
+ printf("Wideband\t%d\t\t\t%e\n", 320,
+ (double)mips_value * (320 * 8) /
+ srtp_bits_per_second(320, &policy) / .01 );
+ printf("Wideband\t%d\t\t\t%e\n", 640,
+ (double)mips_value * (640 * 8) /
+ srtp_bits_per_second(640, &policy) / .02 );
+ }
- return 0;
+ status = srtp_shutdown();
+ if (status) {
+ printf("error: srtp shutdown failed with error code %d\n", status);
+ exit(1);
+ }
+
+ return 0;
}
*/
srtp_hdr_t *
-srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc) {
+srtp_create_test_packet (int pkt_octet_len, uint32_t ssrc)
+{
+ int i;
+ uint8_t *buffer;
+ srtp_hdr_t *hdr;
+ int bytes_in_hdr = 12;
+
+ /* allocate memory for test packet */
+ hdr = (srtp_hdr_t*)malloc(pkt_octet_len + bytes_in_hdr
+ + SRTP_MAX_TRAILER_LEN + 4);
+ if (!hdr) {
+ return NULL;
+ }
+
+ hdr->version = 2; /* RTP version two */
+ hdr->p = 0; /* no padding needed */
+ hdr->x = 0; /* no header extension */
+ hdr->cc = 0; /* no CSRCs */
+ hdr->m = 0; /* marker bit */
+ hdr->pt = 0xf; /* payload type */
+ hdr->seq = htons(0x1234); /* sequence number */
+ hdr->ts = htonl(0xdecafbad); /* timestamp */
+ hdr->ssrc = htonl(ssrc); /* synch. source */
+
+ buffer = (uint8_t*)hdr;
+ buffer += bytes_in_hdr;
+
+ /* set RTP data to 0xab */
+ for (i = 0; i < pkt_octet_len; i++) {
+ *buffer++ = 0xab;
+ }
+
+ /* set post-data value to 0xffff to enable overrun checking */
+ for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++) {
+ *buffer++ = 0xff;
+ }
+
+ return hdr;
+}
+
+static srtp_hdr_t *
+srtp_create_test_packet_extended (int pkt_octet_len, uint32_t ssrc, uint16_t seq, uint32_t ts)
+{
+ srtp_hdr_t *hdr;
+
+ hdr = srtp_create_test_packet(pkt_octet_len, ssrc);
+ if (hdr == NULL)
+ return hdr;
+
+ hdr->seq = htons(seq);
+ hdr->ts = htonl(ts);
+ return hdr;
+}
+
+srtp_hdr_t *
+srtp_create_test_packet_ext_hdr(int pkt_octet_len, uint32_t ssrc) {
int i;
uint8_t *buffer;
srtp_hdr_t *hdr;
int bytes_in_hdr = 12;
+ uint8_t extension_header[12] = {
+ /* one-byte header */
+ 0xbe, 0xde,
+ /* size */
+ 0x00, 0x02,
+ /* id 1, length 1 (i.e. 2 bytes) */
+ 0x11,
+ /* payload */
+ 0xca,
+ 0xfe,
+ /* padding */
+ 0x00,
+ /* id 2, length 0 (i.e. 1 byte) */
+ 0x20,
+ /* payload */
+ 0xba,
+ /* padding */
+ 0x00,
+ 0x00
+ };
/* allocate memory for test packet */
hdr = (srtp_hdr_t*) malloc(pkt_octet_len + bytes_in_hdr
- + SRTP_MAX_TRAILER_LEN + 4);
+ + sizeof(extension_header) + SRTP_MAX_TRAILER_LEN + 4);
if (!hdr)
return NULL;
-
+
hdr->version = 2; /* RTP version two */
hdr->p = 0; /* no padding needed */
- hdr->x = 0; /* no header extension */
+ hdr->x = 1; /* no header extension */
hdr->cc = 0; /* no CSRCs */
hdr->m = 0; /* marker bit */
hdr->pt = 0xf; /* payload type */
buffer = (uint8_t *)hdr;
buffer += bytes_in_hdr;
+ memcpy(buffer, extension_header, sizeof(extension_header));
+ buffer += sizeof(extension_header);
+
/* set RTP data to 0xab */
for (i=0; i < pkt_octet_len; i++)
*buffer++ = 0xab;
}
void
-srtp_do_timing(const srtp_policy_t *policy) {
- int len;
-
- /*
- * note: the output of this function is formatted so that it
- * can be used in gnuplot. '#' indicates a comment, and "\r\n"
- * terminates a record
- */
-
- printf("# testing srtp throughput:\r\n");
- printf("# mesg length (octets)\tthroughput (megabits per second)\r\n");
-
- for (len=16; len <= 2048; len *= 2)
- printf("%d\t\t\t%f\r\n", len,
- srtp_bits_per_second(len, policy) / 1.0E6);
-
- /* these extra linefeeds let gnuplot know that a dataset is done */
- printf("\r\n\r\n");
+srtp_do_timing (const srtp_policy_t *policy)
+{
+ int len;
+
+ /*
+ * note: the output of this function is formatted so that it
+ * can be used in gnuplot. '#' indicates a comment, and "\r\n"
+ * terminates a record
+ */
+
+ printf("# testing srtp throughput:\r\n");
+ printf("# mesg length (octets)\tthroughput (megabits per second)\r\n");
+
+ for (len = 16; len <= 2048; len *= 2) {
+ printf("%d\t\t\t%f\r\n", len,
+ srtp_bits_per_second(len, policy) / 1.0E6);
+ }
+
+ /* these extra linefeeds let gnuplot know that a dataset is done */
+ printf("\r\n\r\n");
}
void
-srtp_do_rejection_timing(const srtp_policy_t *policy) {
- int len;
-
- /*
- * note: the output of this function is formatted so that it
- * can be used in gnuplot. '#' indicates a comment, and "\r\n"
- * terminates a record
- */
-
- printf("# testing srtp rejection throughput:\r\n");
- printf("# mesg length (octets)\trejections per second\r\n");
-
- for (len=8; len <= 2048; len *= 2)
- printf("%d\t\t\t%e\r\n", len, srtp_rejections_per_second(len, policy));
-
- /* these extra linefeeds let gnuplot know that a dataset is done */
- printf("\r\n\r\n");
+srtp_do_rejection_timing (const srtp_policy_t *policy)
+{
+ int len;
+
+ /*
+ * note: the output of this function is formatted so that it
+ * can be used in gnuplot. '#' indicates a comment, and "\r\n"
+ * terminates a record
+ */
+
+ printf("# testing srtp rejection throughput:\r\n");
+ printf("# mesg length (octets)\trejections per second\r\n");
+
+ for (len = 8; len <= 2048; len *= 2) {
+ printf("%d\t\t\t%e\r\n", len, srtp_rejections_per_second(len, policy));
+ }
+
+ /* these extra linefeeds let gnuplot know that a dataset is done */
+ printf("\r\n\r\n");
}
#define MAX_MSG_LEN 1024
double
-srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy) {
- srtp_t srtp;
- srtp_hdr_t *mesg;
- int i;
- clock_t timer;
- int num_trials = 100000;
- int len;
- uint32_t ssrc;
- err_status_t status;
-
- /*
- * allocate and initialize an srtp session
- */
- status = srtp_create(&srtp, policy);
- if (status) {
- printf("error: srtp_create() failed with error code %d\n", status);
- exit(1);
- }
-
- /*
- * if the ssrc is unspecified, use a predetermined one
- */
- if (policy->ssrc.type != ssrc_specific) {
- ssrc = 0xdeadbeef;
- } else {
- ssrc = policy->ssrc.value;
- }
+srtp_bits_per_second (int msg_len_octets, const srtp_policy_t *policy)
+{
+ srtp_t srtp;
+ srtp_hdr_t *mesg;
+ int i;
+ clock_t timer;
+ int num_trials = 100000;
+ int len;
+ uint32_t ssrc;
+ srtp_err_status_t status;
- /*
- * create a test packet
- */
- mesg = srtp_create_test_packet(msg_len_octets, ssrc);
- if (mesg == NULL)
- return 0.0; /* indicate failure by returning zero */
-
- timer = clock();
- for (i=0; i < num_trials; i++) {
- len = msg_len_octets + 12; /* add in rtp header length */
-
- /* srtp protect message */
- status = srtp_protect(srtp, mesg, &len);
+ /*
+ * allocate and initialize an srtp session
+ */
+ status = srtp_create(&srtp, policy);
if (status) {
- printf("error: srtp_protect() failed with error code %d\n", status);
- exit(1);
+ printf("error: srtp_create() failed with error code %d\n", status);
+ exit(1);
}
- /* increment message number */
- {
- /* hack sequence to avoid problems with macros for htons/ntohs on some systems */
- short new_seq = ntohs(mesg->seq) + 1;
- mesg->seq = htons(new_seq);
+ /*
+ * if the ssrc is unspecified, use a predetermined one
+ */
+ if (policy->ssrc.type != ssrc_specific) {
+ ssrc = 0xdeadbeef;
+ } else {
+ ssrc = policy->ssrc.value;
}
- }
- timer = clock() - timer;
-
- free(mesg);
-
- status = srtp_dealloc(srtp);
- if (status) {
- printf("error: srtp_dealloc() failed with error code %d\n", status);
- exit(1);
- }
-
- return (double) (msg_len_octets) * 8 *
- num_trials * CLOCKS_PER_SEC / timer;
-}
-
-double
-srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy) {
- srtp_ctx_t *srtp;
- srtp_hdr_t *mesg;
- int i;
- int len;
- clock_t timer;
- int num_trials = 1000000;
- uint32_t ssrc = policy->ssrc.value;
- err_status_t status;
-
- /*
- * allocate and initialize an srtp session
- */
- status = srtp_create(&srtp, policy);
- if (status) {
- printf("error: srtp_create() failed with error code %d\n", status);
- exit(1);
- }
-
- mesg = srtp_create_test_packet(msg_len_octets, ssrc);
- if (mesg == NULL)
- return 0.0; /* indicate failure by returning zero */
-
- len = msg_len_octets;
- srtp_protect(srtp, (srtp_hdr_t *)mesg, &len);
-
- timer = clock();
- for (i=0; i < num_trials; i++) {
- len = msg_len_octets;
- srtp_unprotect(srtp, (srtp_hdr_t *)mesg, &len);
- }
- timer = clock() - timer;
- free(mesg);
+ /*
+ * create a test packet
+ */
+ mesg = srtp_create_test_packet(msg_len_octets, ssrc);
+ if (mesg == NULL) {
+ return 0.0; /* indicate failure by returning zero */
- status = srtp_dealloc(srtp);
- if (status) {
- printf("error: srtp_dealloc() failed with error code %d\n", status);
- exit(1);
- }
+ }
+ timer = clock();
+ for (i = 0; i < num_trials; i++) {
+ len = msg_len_octets + 12; /* add in rtp header length */
+
+ /* srtp protect message */
+ status = srtp_protect(srtp, mesg, &len);
+ if (status) {
+ printf("error: srtp_protect() failed with error code %d\n", status);
+ exit(1);
+ }
+
+ /* increment message number */
+ {
+ /* hack sequence to avoid problems with macros for htons/ntohs on some systems */
+ short new_seq = ntohs(mesg->seq) + 1;
+ mesg->seq = htons(new_seq);
+ }
+ }
+ timer = clock() - timer;
- return (double) num_trials * CLOCKS_PER_SEC / timer;
-}
+ free(mesg);
+ status = srtp_dealloc(srtp);
+ if (status) {
+ printf("error: srtp_dealloc() failed with error code %d\n", status);
+ exit(1);
+ }
-void
-err_check(err_status_t s) {
- if (s == err_status_ok)
- return;
- else
- fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s);
- exit (1);
+ return (double)(msg_len_octets) * 8 *
+ num_trials * CLOCKS_PER_SEC / timer;
}
-err_status_t
-srtp_test(const srtp_policy_t *policy) {
- int i;
- srtp_t srtp_sender;
- srtp_t srtp_rcvr;
- err_status_t status = err_status_ok;
- srtp_hdr_t *hdr, *hdr2;
- uint8_t hdr_enc[64];
- uint8_t *pkt_end;
- int msg_len_octets, msg_len_enc;
- int len;
- int tag_length = policy->rtp.auth_tag_len;
- uint32_t ssrc;
- srtp_policy_t *rcvr_policy;
-
- err_check(srtp_create(&srtp_sender, policy));
-
- /* print out policy */
- err_check(srtp_session_print_policy(srtp_sender));
-
- /*
- * initialize data buffer, using the ssrc in the policy unless that
- * value is a wildcard, in which case we'll just use an arbitrary
- * one
- */
- if (policy->ssrc.type != ssrc_specific)
- ssrc = 0xdecafbad;
- else
- ssrc = policy->ssrc.value;
- msg_len_octets = 28;
- hdr = srtp_create_test_packet(msg_len_octets, ssrc);
+double
+srtp_rejections_per_second (int msg_len_octets, const srtp_policy_t *policy)
+{
+ srtp_ctx_t *srtp;
+ srtp_hdr_t *mesg;
+ int i;
+ int len;
+ clock_t timer;
+ int num_trials = 1000000;
+ uint32_t ssrc = policy->ssrc.value;
+ srtp_err_status_t status;
- if (hdr == NULL)
- return err_status_alloc_fail;
- hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
- if (hdr2 == NULL) {
- free(hdr);
- return err_status_alloc_fail;
- }
+ /*
+ * allocate and initialize an srtp session
+ */
+ status = srtp_create(&srtp, policy);
+ if (status) {
+ printf("error: srtp_create() failed with error code %d\n", status);
+ exit(1);
+ }
- /* set message length */
- len = msg_len_octets;
+ mesg = srtp_create_test_packet(msg_len_octets, ssrc);
+ if (mesg == NULL) {
+ return 0.0; /* indicate failure by returning zero */
- debug_print(mod_driver, "before protection:\n%s",
- srtp_packet_to_string(hdr, len));
+ }
+ len = msg_len_octets;
+ srtp_protect(srtp, (srtp_hdr_t*)mesg, &len);
-#if PRINT_REFERENCE_PACKET
- debug_print(mod_driver, "reference packet before protection:\n%s",
- octet_string_hex_string((uint8_t *)hdr, len));
-#endif
- err_check(srtp_protect(srtp_sender, hdr, &len));
+ timer = clock();
+ for (i = 0; i < num_trials; i++) {
+ len = msg_len_octets;
+ srtp_unprotect(srtp, (srtp_hdr_t*)mesg, &len);
+ }
+ timer = clock() - timer;
- debug_print(mod_driver, "after protection:\n%s",
- srtp_packet_to_string(hdr, len));
-#if PRINT_REFERENCE_PACKET
- debug_print(mod_driver, "after protection:\n%s",
- octet_string_hex_string((uint8_t *)hdr, len));
-#endif
+ free(mesg);
- /* save protected message and length */
- memcpy(hdr_enc, hdr, len);
- msg_len_enc = len;
-
- /*
- * check for overrun of the srtp_protect() function
- *
- * The packet is followed by a value of 0xfffff; if the value of the
- * data following the packet is different, then we know that the
- * protect function is overwriting the end of the packet.
- */
- pkt_end = (uint8_t *)hdr + sizeof(srtp_hdr_t)
- + msg_len_octets + tag_length;
- for (i = 0; i < 4; i++)
- if (pkt_end[i] != 0xff) {
- fprintf(stdout, "overwrite in srtp_protect() function "
- "(expected %x, found %x in trailing octet %d)\n",
- 0xff, ((uint8_t *)hdr)[i], i);
- free(hdr);
- free(hdr2);
- return err_status_algo_fail;
- }
-
- /*
- * if the policy includes confidentiality, check that ciphertext is
- * different than plaintext
- *
- * Note that this check will give false negatives, with some small
- * probability, especially if the packets are short. For that
- * reason, we skip this check if the plaintext is less than four
- * octets long.
- */
- if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
- printf("testing that ciphertext is distinct from plaintext...");
- status = err_status_algo_fail;
- for (i=12; i < msg_len_octets+12; i++)
- if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
- status = err_status_ok;
- }
+ status = srtp_dealloc(srtp);
if (status) {
- printf("failed\n");
- free(hdr);
- free(hdr2);
- return status;
+ printf("error: srtp_dealloc() failed with error code %d\n", status);
+ exit(1);
}
- printf("passed\n");
- }
-
- /*
- * if the policy uses a 'wildcard' ssrc, then we need to make a copy
- * of the policy that changes the direction to inbound
- *
- * we always copy the policy into the rcvr_policy, since otherwise
- * the compiler would fret about the constness of the policy
- */
- rcvr_policy = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
- if (rcvr_policy == NULL) {
- free(hdr);
- free(hdr2);
- return err_status_alloc_fail;
- }
- memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
- if (policy->ssrc.type == ssrc_any_outbound) {
- rcvr_policy->ssrc.type = ssrc_any_inbound;
- }
- err_check(srtp_create(&srtp_rcvr, rcvr_policy));
-
- err_check(srtp_unprotect(srtp_rcvr, hdr, &len));
+ return (double)num_trials * CLOCKS_PER_SEC / timer;
+}
- debug_print(mod_driver, "after unprotection:\n%s",
- srtp_packet_to_string(hdr, len));
- /* verify that the unprotected packet matches the origial one */
- for (i=0; i < msg_len_octets; i++)
- if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
- fprintf(stdout, "mismatch at octet %d\n", i);
- status = err_status_algo_fail;
+void
+err_check (srtp_err_status_t s)
+{
+ if (s == srtp_err_status_ok) {
+ return;
+ } else{
+ fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s);
}
- if (status) {
- free(hdr);
- free(hdr2);
- free(rcvr_policy);
- return status;
- }
-
- /*
- * if the policy includes authentication, then test for false positives
- */
- if (policy->rtp.sec_serv & sec_serv_auth) {
- char *data = ((char *)hdr) + 12;
-
- printf("testing for false positives in replay check...");
+ exit(1);
+}
- /* set message length */
- len = msg_len_enc;
-
- /* unprotect a second time - should fail with a replay error */
- status = srtp_unprotect(srtp_rcvr, hdr_enc, &len);
- if (status != err_status_replay_fail) {
- printf("failed with error code %d\n", status);
- free(hdr);
- free(hdr2);
- free(rcvr_policy);
- return status;
+srtp_err_status_t
+srtp_test_call_protect(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int mki_index) {
+ if (mki_index == -1) {
+ return srtp_protect(srtp_sender, hdr, len);
} else {
- printf("passed\n");
+ return srtp_protect_mki(srtp_sender, hdr, len, 1, mki_index);
}
+}
- printf("testing for false positives in auth check...");
-
- /* increment sequence number in header */
- hdr->seq++;
-
- /* set message length */
- len = msg_len_octets;
-
- /* apply protection */
- err_check(srtp_protect(srtp_sender, hdr, &len));
-
- /* flip bits in packet */
- data[0] ^= 0xff;
-
- /* unprotect, and check for authentication failure */
- status = srtp_unprotect(srtp_rcvr, hdr, &len);
- if (status != err_status_auth_fail) {
- printf("failed\n");
- free(hdr);
- free(hdr2);
- free(rcvr_policy);
- return status;
+srtp_err_status_t
+srtp_test_call_protect_rtcp(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int mki_index) {
+ if (mki_index == -1) {
+ return srtp_protect_rtcp(srtp_sender, hdr, len);
} else {
- printf("passed\n");
+ return srtp_protect_rtcp_mki(srtp_sender, hdr, len, 1, mki_index);
}
-
- }
+}
- err_check(srtp_dealloc(srtp_sender));
- err_check(srtp_dealloc(srtp_rcvr));
+srtp_err_status_t
+srtp_test_call_unprotect(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int use_mki) {
+ if (use_mki == -1) {
+ return srtp_unprotect(srtp_sender, hdr, len);
+ } else {
+ return srtp_unprotect_mki(srtp_sender, hdr, len, use_mki);
+ }
+}
- free(hdr);
- free(hdr2);
- free(rcvr_policy);
- return err_status_ok;
+srtp_err_status_t
+srtp_test_call_unprotect_rtcp(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int use_mki) {
+ if (use_mki == -1) {
+ return srtp_unprotect_rtcp(srtp_sender, hdr, len);
+ } else {
+ return srtp_unprotect_rtcp_mki(srtp_sender, hdr, len, use_mki);
+ }
}
+srtp_err_status_t
+srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index)
+{
+ int i;
+ srtp_t srtp_sender;
+ srtp_t srtp_rcvr;
+ srtp_err_status_t status = srtp_err_status_ok;
+ srtp_hdr_t *hdr, *hdr2;
+ uint8_t hdr_enc[64];
+ uint8_t *pkt_end;
+ int msg_len_octets, msg_len_enc;
+ int len;
+ int tag_length = policy->rtp.auth_tag_len;
+ uint32_t ssrc;
+ srtp_policy_t *rcvr_policy;
+ srtp_policy_t tmp_policy;
+ int header = 1;
+ int use_mki = 0;
+
+ if (mki_index >= 0)
+ use_mki = 1;
+
+ if (extension_header) {
+ memcpy(&tmp_policy, policy, sizeof(srtp_policy_t));
+ tmp_policy.enc_xtn_hdr = &header;
+ tmp_policy.enc_xtn_hdr_count = 1;
+ err_check(srtp_create(&srtp_sender, &tmp_policy));
+ } else {
+ err_check(srtp_create(&srtp_sender, policy));
+ }
+
+ /* print out policy */
+ err_check(srtp_session_print_policy(srtp_sender));
-err_status_t
-srtcp_test(const srtp_policy_t *policy) {
- int i;
- srtp_t srtcp_sender;
- srtp_t srtcp_rcvr;
- err_status_t status = err_status_ok;
- srtp_hdr_t *hdr, *hdr2;
- uint8_t hdr_enc[64];
- uint8_t *pkt_end;
- int msg_len_octets, msg_len_enc;
- int len;
- int tag_length = policy->rtp.auth_tag_len;
- uint32_t ssrc;
- srtp_policy_t *rcvr_policy;
-
- err_check(srtp_create(&srtcp_sender, policy));
-
- /* print out policy */
- err_check(srtp_session_print_policy(srtcp_sender));
-
- /*
- * initialize data buffer, using the ssrc in the policy unless that
- * value is a wildcard, in which case we'll just use an arbitrary
- * one
- */
- if (policy->ssrc.type != ssrc_specific)
- ssrc = 0xdecafbad;
- else
- ssrc = policy->ssrc.value;
- msg_len_octets = 28;
- hdr = srtp_create_test_packet(msg_len_octets, ssrc);
+ /*
+ * initialize data buffer, using the ssrc in the policy unless that
+ * value is a wildcard, in which case we'll just use an arbitrary
+ * one
+ */
+ if (policy->ssrc.type != ssrc_specific) {
+ ssrc = 0xdecafbad;
+ } else{
+ ssrc = policy->ssrc.value;
+ }
+ msg_len_octets = 28;
+ if (extension_header) {
+ hdr = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc);
+ hdr2 = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc);
+ } else {
+ hdr = srtp_create_test_packet(msg_len_octets, ssrc);
+ hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
+ }
- if (hdr == NULL)
- return err_status_alloc_fail;
- hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
- if (hdr2 == NULL) {
- free(hdr);
- return err_status_alloc_fail;
- }
+ if (hdr == NULL) {
+ free(hdr2);
+ return srtp_err_status_alloc_fail;
+ }
+ if (hdr2 == NULL) {
+ free(hdr);
+ return srtp_err_status_alloc_fail;
+ }
- /* set message length */
- len = msg_len_octets;
+ /* set message length */
+ len = msg_len_octets;
+ if (extension_header) {
+ len += 12;
+ }
- debug_print(mod_driver, "before protection:\n%s",
- srtp_packet_to_string(hdr, len));
+ debug_print(mod_driver, "before protection:\n%s",
+ srtp_packet_to_string(hdr, len));
#if PRINT_REFERENCE_PACKET
- debug_print(mod_driver, "reference packet before protection:\n%s",
- octet_string_hex_string((uint8_t *)hdr, len));
+ debug_print(mod_driver, "reference packet before protection:\n%s",
+ octet_string_hex_string((uint8_t*)hdr, len));
#endif
- err_check(srtp_protect_rtcp(srtcp_sender, hdr, &len));
+ err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index));
- debug_print(mod_driver, "after protection:\n%s",
- srtp_packet_to_string(hdr, len));
+ debug_print(mod_driver, "after protection:\n%s",
+ srtp_packet_to_string(hdr, len));
#if PRINT_REFERENCE_PACKET
- debug_print(mod_driver, "after protection:\n%s",
- octet_string_hex_string((uint8_t *)hdr, len));
+ debug_print(mod_driver, "after protection:\n%s",
+ octet_string_hex_string((uint8_t*)hdr, len));
#endif
- /* save protected message and length */
- memcpy(hdr_enc, hdr, len);
- msg_len_enc = len;
-
- /*
- * check for overrun of the srtp_protect() function
- *
- * The packet is followed by a value of 0xfffff; if the value of the
- * data following the packet is different, then we know that the
- * protect function is overwriting the end of the packet.
- */
- pkt_end = (uint8_t *)hdr + sizeof(srtp_hdr_t)
- + msg_len_octets + tag_length;
- for (i = 0; i < 4; i++)
- if (pkt_end[i] != 0xff) {
- fprintf(stdout, "overwrite in srtp_protect_rtcp() function "
- "(expected %x, found %x in trailing octet %d)\n",
- 0xff, ((uint8_t *)hdr)[i], i);
- free(hdr);
- free(hdr2);
- return err_status_algo_fail;
- }
-
- /*
- * if the policy includes confidentiality, check that ciphertext is
- * different than plaintext
- *
- * Note that this check will give false negatives, with some small
- * probability, especially if the packets are short. For that
- * reason, we skip this check if the plaintext is less than four
- * octets long.
- */
- if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
- printf("testing that ciphertext is distinct from plaintext...");
- status = err_status_algo_fail;
- for (i=12; i < msg_len_octets+12; i++)
- if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
- status = err_status_ok;
- }
- if (status) {
- printf("failed\n");
- free(hdr);
- free(hdr2);
- return status;
+ /* save protected message and length */
+ memcpy(hdr_enc, hdr, len);
+ msg_len_enc = len;
+
+ /*
+ * check for overrun of the srtp_protect() function
+ *
+ * The packet is followed by a value of 0xfffff; if the value of the
+ * data following the packet is different, then we know that the
+ * protect function is overwriting the end of the packet.
+ */
+ pkt_end = (uint8_t*)hdr + sizeof(srtp_hdr_t)
+ + msg_len_octets + tag_length;
+ if (extension_header) {
+ pkt_end += 12;
}
- printf("passed\n");
- }
-
- /*
- * if the policy uses a 'wildcard' ssrc, then we need to make a copy
- * of the policy that changes the direction to inbound
- *
- * we always copy the policy into the rcvr_policy, since otherwise
- * the compiler would fret about the constness of the policy
- */
- rcvr_policy = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
- if (rcvr_policy == NULL)
- return err_status_alloc_fail;
- memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
- if (policy->ssrc.type == ssrc_any_outbound) {
- rcvr_policy->ssrc.type = ssrc_any_inbound;
- }
-
- err_check(srtp_create(&srtcp_rcvr, rcvr_policy));
-
- err_check(srtp_unprotect_rtcp(srtcp_rcvr, hdr, &len));
-
- debug_print(mod_driver, "after unprotection:\n%s",
- srtp_packet_to_string(hdr, len));
-
- /* verify that the unprotected packet matches the origial one */
- for (i=0; i < msg_len_octets; i++)
- if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
- fprintf(stdout, "mismatch at octet %d\n", i);
- status = err_status_algo_fail;
+ for (i = 0; i < 4; i++) {
+ if (pkt_end[i] != 0xff) {
+ fprintf(stdout, "overwrite in srtp_protect() function "
+ "(expected %x, found %x in trailing octet %d)\n",
+ 0xff, ((uint8_t*)hdr)[i], i);
+ free(hdr);
+ free(hdr2);
+ return srtp_err_status_algo_fail;
+ }
}
- if (status) {
- free(hdr);
- free(hdr2);
- free(rcvr_policy);
- return status;
- }
- /*
- * if the policy includes authentication, then test for false positives
- */
- if (policy->rtp.sec_serv & sec_serv_auth) {
- char *data = ((char *)hdr) + 12;
-
- printf("testing for false positives in replay check...");
+ /*
+ * if the policy includes confidentiality, check that ciphertext is
+ * different than plaintext
+ *
+ * Note that this check will give false negatives, with some small
+ * probability, especially if the packets are short. For that
+ * reason, we skip this check if the plaintext is less than four
+ * octets long.
+ */
+ if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
+ printf("testing that ciphertext is distinct from plaintext...");
+ status = srtp_err_status_algo_fail;
+ for (i = 12; i < msg_len_octets + 12; i++) {
+ if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) {
+ status = srtp_err_status_ok;
+ }
+ }
+ if (status) {
+ printf("failed\n");
+ free(hdr);
+ free(hdr2);
+ return status;
+ }
+ printf("passed\n");
+ }
- /* set message length */
- len = msg_len_enc;
-
- /* unprotect a second time - should fail with a replay error */
- status = srtp_unprotect_rtcp(srtcp_rcvr, hdr_enc, &len);
- if (status != err_status_replay_fail) {
- printf("failed with error code %d\n", status);
- free(hdr);
- free(hdr2);
- free(rcvr_policy);
- return status;
+ /*
+ * if the policy uses a 'wildcard' ssrc, then we need to make a copy
+ * of the policy that changes the direction to inbound
+ *
+ * we always copy the policy into the rcvr_policy, since otherwise
+ * the compiler would fret about the constness of the policy
+ */
+ rcvr_policy = (srtp_policy_t*)malloc(sizeof(srtp_policy_t));
+ if (rcvr_policy == NULL) {
+ free(hdr);
+ free(hdr2);
+ return srtp_err_status_alloc_fail;
+ }
+ if (extension_header) {
+ memcpy(rcvr_policy, &tmp_policy, sizeof(srtp_policy_t));
+ if (tmp_policy.ssrc.type == ssrc_any_outbound) {
+ rcvr_policy->ssrc.type = ssrc_any_inbound;
+ }
} else {
- printf("passed\n");
+ memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
+ if (policy->ssrc.type == ssrc_any_outbound) {
+ rcvr_policy->ssrc.type = ssrc_any_inbound;
+ }
+ }
+
+ err_check(srtp_create(&srtp_rcvr, rcvr_policy));
+
+ err_check(srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki));
+
+ debug_print(mod_driver, "after unprotection:\n%s",
+ srtp_packet_to_string(hdr, len));
+
+ /* verify that the unprotected packet matches the origial one */
+ for (i = 0; i < msg_len_octets; i++) {
+ if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) {
+ fprintf(stdout, "mismatch at octet %d\n", i);
+ status = srtp_err_status_algo_fail;
+ }
}
+ if (status) {
+ free(hdr);
+ free(hdr2);
+ free(rcvr_policy);
+ return status;
+ }
+
+ /*
+ * if the policy includes authentication, then test for false positives
+ */
+ if (policy->rtp.sec_serv & sec_serv_auth) {
+ char *data = ((char*)hdr) + 12;
+
+ printf("testing for false positives in replay check...");
+
+ /* set message length */
+ len = msg_len_enc;
+
+ /* unprotect a second time - should fail with a replay error */
+ status = srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki);
+ if (status != srtp_err_status_replay_fail) {
+ printf("failed with error code %d\n", status);
+ free(hdr);
+ free(hdr2);
+ free(rcvr_policy);
+ return status;
+ } else {
+ printf("passed\n");
+ }
+
+ printf("testing for false positives in auth check...");
+
+ /* increment sequence number in header */
+ hdr->seq++;
+
+ /* set message length */
+ len = msg_len_octets;
+ if (extension_header) {
+ len += 12;
+ }
+
+ /* apply protection */
+ err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index));
+
+ /* flip bits in packet */
+ data[extension_header ? 12 : 0] ^= 0xff;
+
+ /* unprotect, and check for authentication failure */
+ status = srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki);
+ if (status != srtp_err_status_auth_fail) {
+ printf("failed\n");
+ free(hdr);
+ free(hdr2);
+ free(rcvr_policy);
+ return status;
+ } else {
+ printf("passed\n");
+ }
+
+ }
+
+ err_check(srtp_dealloc(srtp_sender));
+ err_check(srtp_dealloc(srtp_rcvr));
- printf("testing for false positives in auth check...");
+ free(hdr);
+ free(hdr2);
+ free(rcvr_policy);
+ return srtp_err_status_ok;
+}
+
+
+srtp_err_status_t
+srtcp_test (const srtp_policy_t *policy, int mki_index)
+{
+ int i;
+ srtp_t srtcp_sender;
+ srtp_t srtcp_rcvr;
+ srtp_err_status_t status = srtp_err_status_ok;
+ srtp_hdr_t *hdr, *hdr2;
+ uint8_t hdr_enc[64];
+ uint8_t *pkt_end;
+ int msg_len_octets, msg_len_enc;
+ int len;
+ int tag_length = policy->rtp.auth_tag_len;
+ uint32_t ssrc;
+ srtp_policy_t *rcvr_policy;
+ int use_mki = 0;
+
+ if (mki_index >= 0)
+ use_mki = 1;
+
+ err_check(srtp_create(&srtcp_sender, policy));
- /* increment sequence number in header */
- hdr->seq++;
+ /* print out policy */
+ err_check(srtp_session_print_policy(srtcp_sender));
+
+ /*
+ * initialize data buffer, using the ssrc in the policy unless that
+ * value is a wildcard, in which case we'll just use an arbitrary
+ * one
+ */
+ if (policy->ssrc.type != ssrc_specific) {
+ ssrc = 0xdecafbad;
+ } else{
+ ssrc = policy->ssrc.value;
+ }
+ msg_len_octets = 28;
+ hdr = srtp_create_test_packet(msg_len_octets, ssrc);
+
+ if (hdr == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+ hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
+ if (hdr2 == NULL) {
+ free(hdr);
+ return srtp_err_status_alloc_fail;
+ }
/* set message length */
len = msg_len_octets;
- /* apply protection */
- err_check(srtp_protect_rtcp(srtcp_sender, hdr, &len));
-
- /* flip bits in packet */
- data[0] ^= 0xff;
-
- /* unprotect, and check for authentication failure */
- status = srtp_unprotect_rtcp(srtcp_rcvr, hdr, &len);
- if (status != err_status_auth_fail) {
- printf("failed\n");
- free(hdr);
- free(hdr2);
- free(rcvr_policy);
- return status;
- } else {
- printf("passed\n");
+ debug_print(mod_driver, "before protection:\n%s",
+ srtp_packet_to_string(hdr, len));
+
+#if PRINT_REFERENCE_PACKET
+ debug_print(mod_driver, "reference packet before protection:\n%s",
+ octet_string_hex_string((uint8_t*)hdr, len));
+#endif
+ err_check(srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index));
+
+ debug_print(mod_driver, "after protection:\n%s",
+ srtp_packet_to_string(hdr, len));
+#if PRINT_REFERENCE_PACKET
+ debug_print(mod_driver, "after protection:\n%s",
+ octet_string_hex_string((uint8_t*)hdr, len));
+#endif
+
+ /* save protected message and length */
+ memcpy(hdr_enc, hdr, len);
+ msg_len_enc = len;
+
+ /*
+ * check for overrun of the srtp_protect() function
+ *
+ * The packet is followed by a value of 0xfffff; if the value of the
+ * data following the packet is different, then we know that the
+ * protect function is overwriting the end of the packet.
+ */
+ pkt_end = (uint8_t*)hdr + sizeof(srtp_hdr_t)
+ + msg_len_octets + tag_length;
+ for (i = 0; i < 4; i++) {
+ if (pkt_end[i] != 0xff) {
+ fprintf(stdout, "overwrite in srtp_protect_rtcp() function "
+ "(expected %x, found %x in trailing octet %d)\n",
+ 0xff, ((uint8_t*)hdr)[i], i);
+ free(hdr);
+ free(hdr2);
+ return srtp_err_status_algo_fail;
+ }
+ }
+
+ /*
+ * if the policy includes confidentiality, check that ciphertext is
+ * different than plaintext
+ *
+ * Note that this check will give false negatives, with some small
+ * probability, especially if the packets are short. For that
+ * reason, we skip this check if the plaintext is less than four
+ * octets long.
+ */
+ if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
+ printf("testing that ciphertext is distinct from plaintext...");
+ status = srtp_err_status_algo_fail;
+ for (i = 12; i < msg_len_octets + 12; i++) {
+ if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) {
+ status = srtp_err_status_ok;
+ }
+ }
+ if (status) {
+ printf("failed\n");
+ free(hdr);
+ free(hdr2);
+ return status;
+ }
+ printf("passed\n");
+ }
+
+ /*
+ * if the policy uses a 'wildcard' ssrc, then we need to make a copy
+ * of the policy that changes the direction to inbound
+ *
+ * we always copy the policy into the rcvr_policy, since otherwise
+ * the compiler would fret about the constness of the policy
+ */
+ rcvr_policy = (srtp_policy_t*)malloc(sizeof(srtp_policy_t));
+ if (rcvr_policy == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+ memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
+ if (policy->ssrc.type == ssrc_any_outbound) {
+ rcvr_policy->ssrc.type = ssrc_any_inbound;
+ }
+
+ err_check(srtp_create(&srtcp_rcvr, rcvr_policy));
+
+ err_check(srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki));
+
+ debug_print(mod_driver, "after unprotection:\n%s",
+ srtp_packet_to_string(hdr, len));
+
+ /* verify that the unprotected packet matches the origial one */
+ for (i = 0; i < msg_len_octets; i++) {
+ if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) {
+ fprintf(stdout, "mismatch at octet %d\n", i);
+ status = srtp_err_status_algo_fail;
+ }
+ }
+ if (status) {
+ free(hdr);
+ free(hdr2);
+ free(rcvr_policy);
+ return status;
+ }
+
+ /*
+ * if the policy includes authentication, then test for false positives
+ */
+ if (policy->rtp.sec_serv & sec_serv_auth) {
+ char *data = ((char*)hdr) + 12;
+
+ printf("testing for false positives in replay check...");
+
+ /* set message length */
+ len = msg_len_enc;
+
+ /* unprotect a second time - should fail with a replay error */
+ status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki);
+ if (status != srtp_err_status_replay_fail) {
+ printf("failed with error code %d\n", status);
+ free(hdr);
+ free(hdr2);
+ free(rcvr_policy);
+ return status;
+ } else {
+ printf("passed\n");
+ }
+
+ printf("testing for false positives in auth check...");
+
+ /* increment sequence number in header */
+ hdr->seq++;
+
+ /* set message length */
+ len = msg_len_octets;
+
+ /* apply protection */
+ err_check(srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index));
+
+ /* flip bits in packet */
+ data[0] ^= 0xff;
+
+ /* unprotect, and check for authentication failure */
+ status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki);
+ if (status != srtp_err_status_auth_fail) {
+ printf("failed\n");
+ free(hdr);
+ free(hdr2);
+ free(rcvr_policy);
+ return status;
+ } else {
+ printf("passed\n");
+ }
+
}
-
- }
- err_check(srtp_dealloc(srtcp_sender));
- err_check(srtp_dealloc(srtcp_rcvr));
+ err_check(srtp_dealloc(srtcp_sender));
+ err_check(srtp_dealloc(srtcp_rcvr));
- free(hdr);
- free(hdr2);
- free(rcvr_policy);
- return err_status_ok;
+ free(hdr);
+ free(hdr2);
+ free(rcvr_policy);
+ return srtp_err_status_ok;
}
-err_status_t
-srtp_session_print_policy(srtp_t srtp) {
- char *serv_descr[4] = {
- "none",
- "confidentiality",
- "authentication",
- "confidentiality and authentication"
- };
- char *direction[3] = {
- "unknown",
- "outbound",
- "inbound"
- };
- srtp_stream_t stream;
-
- /* sanity checking */
- if (srtp == NULL)
- return err_status_fail;
-
- /* if there's a template stream, print it out */
- if (srtp->stream_template != NULL) {
- stream = srtp->stream_template;
- printf("# SSRC: any %s\r\n"
- "# rtp cipher: %s\r\n"
- "# rtp auth: %s\r\n"
- "# rtp services: %s\r\n"
- "# rtcp cipher: %s\r\n"
- "# rtcp auth: %s\r\n"
- "# rtcp services: %s\r\n"
- "# window size: %lu\r\n"
- "# tx rtx allowed:%s\r\n",
- direction[stream->direction],
- stream->rtp_cipher->type->description,
- stream->rtp_auth->type->description,
- serv_descr[stream->rtp_services],
- stream->rtcp_cipher->type->description,
- stream->rtcp_auth->type->description,
- serv_descr[stream->rtcp_services],
- rdbx_get_window_size(&stream->rtp_rdbx),
- stream->allow_repeat_tx ? "true" : "false");
- }
+srtp_err_status_t
+srtp_session_print_policy (srtp_t srtp)
+{
+ char *serv_descr[4] = {
+ "none",
+ "confidentiality",
+ "authentication",
+ "confidentiality and authentication"
+ };
+ char *direction[3] = {
+ "unknown",
+ "outbound",
+ "inbound"
+ };
+ srtp_stream_t stream;
+ srtp_session_keys_t *session_keys = NULL;
+
+ /* sanity checking */
+ if (srtp == NULL) {
+ return srtp_err_status_fail;
+ }
- /* loop over streams in session, printing the policy of each */
- stream = srtp->stream_list;
- while (stream != NULL) {
- if (stream->rtp_services > sec_serv_conf_and_auth)
- return err_status_bad_param;
-
- printf("# SSRC: 0x%08x\r\n"
- "# rtp cipher: %s\r\n"
- "# rtp auth: %s\r\n"
- "# rtp services: %s\r\n"
- "# rtcp cipher: %s\r\n"
- "# rtcp auth: %s\r\n"
- "# rtcp services: %s\r\n"
- "# window size: %lu\r\n"
- "# tx rtx allowed:%s\r\n",
- stream->ssrc,
- stream->rtp_cipher->type->description,
- stream->rtp_auth->type->description,
- serv_descr[stream->rtp_services],
- stream->rtcp_cipher->type->description,
- stream->rtcp_auth->type->description,
- serv_descr[stream->rtcp_services],
- rdbx_get_window_size(&stream->rtp_rdbx),
- stream->allow_repeat_tx ? "true" : "false");
-
- /* advance to next stream in the list */
- stream = stream->next;
- }
- return err_status_ok;
+ /* if there's a template stream, print it out */
+ if (srtp->stream_template != NULL) {
+ stream = srtp->stream_template;
+ session_keys = &stream->session_keys[0];
+ printf("# SSRC: any %s\r\n"
+ "# rtp cipher: %s\r\n"
+ "# rtp auth: %s\r\n"
+ "# rtp services: %s\r\n"
+ "# rtcp cipher: %s\r\n"
+ "# rtcp auth: %s\r\n"
+ "# rtcp services: %s\r\n"
+ "# window size: %lu\r\n"
+ "# tx rtx allowed:%s\r\n",
+ direction[stream->direction],
+ session_keys->rtp_cipher->type->description,
+ session_keys->rtp_auth->type->description,
+ serv_descr[stream->rtp_services],
+ session_keys->rtcp_cipher->type->description,
+ session_keys->rtcp_auth->type->description,
+ serv_descr[stream->rtcp_services],
+ srtp_rdbx_get_window_size(&stream->rtp_rdbx),
+ stream->allow_repeat_tx ? "true" : "false");
+
+ printf("# Encrypted extension headers: ");
+ if (stream->enc_xtn_hdr && stream->enc_xtn_hdr_count > 0) {
+ int* enc_xtn_hdr = stream->enc_xtn_hdr;
+ int count = stream->enc_xtn_hdr_count;
+ while (count > 0) {
+ printf("%d ", *enc_xtn_hdr);
+ enc_xtn_hdr++;
+ count--;
+ }
+ printf("\n");
+ } else {
+ printf("none\n");
+ }
+ }
+
+ /* loop over streams in session, printing the policy of each */
+ stream = srtp->stream_list;
+ while (stream != NULL) {
+ if (stream->rtp_services > sec_serv_conf_and_auth) {
+ return srtp_err_status_bad_param;
+ }
+ session_keys = &stream->session_keys[0];
+
+ printf("# SSRC: 0x%08x\r\n"
+ "# rtp cipher: %s\r\n"
+ "# rtp auth: %s\r\n"
+ "# rtp services: %s\r\n"
+ "# rtcp cipher: %s\r\n"
+ "# rtcp auth: %s\r\n"
+ "# rtcp services: %s\r\n"
+ "# window size: %lu\r\n"
+ "# tx rtx allowed:%s\r\n",
+ stream->ssrc,
+ session_keys->rtp_cipher->type->description,
+ session_keys->rtp_auth->type->description,
+ serv_descr[stream->rtp_services],
+ session_keys->rtcp_cipher->type->description,
+ session_keys->rtcp_auth->type->description,
+ serv_descr[stream->rtcp_services],
+ srtp_rdbx_get_window_size(&stream->rtp_rdbx),
+ stream->allow_repeat_tx ? "true" : "false");
+
+ printf("# Encrypted extension headers: ");
+ if (stream->enc_xtn_hdr && stream->enc_xtn_hdr_count > 0) {
+ int* enc_xtn_hdr = stream->enc_xtn_hdr;
+ int count = stream->enc_xtn_hdr_count;
+ while (count > 0) {
+ printf("%d ", *enc_xtn_hdr);
+ enc_xtn_hdr++;
+ count--;
+ }
+ printf("\n");
+ } else {
+ printf("none\n");
+ }
+
+ /* advance to next stream in the list */
+ stream = stream->next;
+ }
+ return srtp_err_status_ok;
}
-err_status_t
-srtp_print_policy(const srtp_policy_t *policy) {
- err_status_t status;
- srtp_t session;
+srtp_err_status_t
+srtp_print_policy (const srtp_policy_t *policy)
+{
+ srtp_err_status_t status;
+ srtp_t session;
- status = srtp_create(&session, policy);
- if (status)
- return status;
- status = srtp_session_print_policy(session);
- if (status)
- return status;
- status = srtp_dealloc(session);
- if (status)
- return status;
- return err_status_ok;
+ status = srtp_create(&session, policy);
+ if (status) {
+ return status;
+ }
+ status = srtp_session_print_policy(session);
+ if (status) {
+ return status;
+ }
+ status = srtp_dealloc(session);
+ if (status) {
+ return status;
+ }
+ return srtp_err_status_ok;
}
-/*
- * srtp_print_packet(...) is for debugging only
+/*
+ * srtp_print_packet(...) is for debugging only
* it prints an RTP packet to the stdout
*
* note that this function is *not* threadsafe
char packet_string[MTU];
char *
-srtp_packet_to_string(srtp_hdr_t *hdr, int pkt_octet_len) {
- int octets_in_rtp_header = 12;
- uint8_t *data = ((uint8_t *)hdr)+octets_in_rtp_header;
- int hex_len = pkt_octet_len-octets_in_rtp_header;
-
- /* sanity checking */
- if ((hdr == NULL) || (pkt_octet_len > MTU))
- return NULL;
+srtp_packet_to_string (srtp_hdr_t *hdr, int pkt_octet_len)
+{
+ int octets_in_rtp_header = 12;
+ uint8_t *data = ((uint8_t*)hdr) + octets_in_rtp_header;
+ int hex_len = pkt_octet_len - octets_in_rtp_header;
+
+ /* sanity checking */
+ if ((hdr == NULL) || (pkt_octet_len > MTU)) {
+ return NULL;
+ }
- /* write packet into string */
- sprintf(packet_string,
- "(s)rtp packet: {\n"
- " version:\t%d\n"
- " p:\t\t%d\n"
- " x:\t\t%d\n"
- " cc:\t\t%d\n"
- " m:\t\t%d\n"
- " pt:\t\t%x\n"
- " seq:\t\t%x\n"
- " ts:\t\t%x\n"
- " ssrc:\t%x\n"
- " data:\t%s\n"
- "} (%d octets in total)\n",
- hdr->version,
- hdr->p,
- hdr->x,
- hdr->cc,
- hdr->m,
- hdr->pt,
- hdr->seq,
- hdr->ts,
- hdr->ssrc,
- octet_string_hex_string(data, hex_len),
- pkt_octet_len);
-
- return packet_string;
+ /* write packet into string */
+ sprintf(packet_string,
+ "(s)rtp packet: {\n"
+ " version:\t%d\n"
+ " p:\t\t%d\n"
+ " x:\t\t%d\n"
+ " cc:\t\t%d\n"
+ " m:\t\t%d\n"
+ " pt:\t\t%x\n"
+ " seq:\t\t%x\n"
+ " ts:\t\t%x\n"
+ " ssrc:\t%x\n"
+ " data:\t%s\n"
+ "} (%d octets in total)\n",
+ hdr->version,
+ hdr->p,
+ hdr->x,
+ hdr->cc,
+ hdr->m,
+ hdr->pt,
+ hdr->seq,
+ hdr->ts,
+ hdr->ssrc,
+ octet_string_hex_string(data, hex_len),
+ pkt_octet_len);
+
+ return packet_string;
}
/*
* optimize away the function
*/
-double
-mips_estimate(int num_trials, int *ignore) {
- clock_t t;
- volatile int i, sum;
+double
+mips_estimate (int num_trials, int *ignore)
+{
+ clock_t t;
+ volatile int i, sum;
+
+ sum = 0;
+ t = clock();
+ for (i = 0; i < num_trials; i++) {
+ sum += i;
+ }
+ t = clock() - t;
+
+/* printf("%d\n", sum); */
+ *ignore = sum;
+
+ return (double)num_trials * CLOCKS_PER_SEC / t;
+}
+
+
+/*
+ * srtp_validate() verifies the correctness of libsrtp by comparing
+ * some computed packets against some pre-computed reference values.
+ * These packets were made with the default SRTP policy.
+ */
+
+
+srtp_err_status_t
+srtp_validate ()
+{
+ uint8_t srtp_plaintext_ref[28] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab
+ };
+ uint8_t srtp_plaintext[38] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ uint8_t srtp_ciphertext[38] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c,
+ 0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15,
+ 0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc,
+ 0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb
+ };
+ uint8_t rtcp_plaintext_ref[24] = {
+ 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ };
+ uint8_t rtcp_plaintext[38] = {
+ 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ uint8_t srtcp_ciphertext[38] = {
+ 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+ 0x71, 0x28, 0x03, 0x5b, 0xe4, 0x87, 0xb9, 0xbd,
+ 0xbe, 0xf8, 0x90, 0x41, 0xf9, 0x77, 0xa5, 0xa8,
+ 0x80, 0x00, 0x00, 0x01, 0x99, 0x3e, 0x08, 0xcd,
+ 0x54, 0xd6, 0xc1, 0x23, 0x07, 0x98
+ };
+ srtp_t srtp_snd, srtp_recv;
+ srtp_err_status_t status;
+ int len;
+ srtp_policy_t policy;
+
+ /*
+ * create a session with a single stream using the default srtp
+ * policy and with the SSRC value 0xcafebabe
+ */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ status = srtp_create(&srtp_snd, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * protect plaintext, then compare with ciphertext
+ */
+ len = 28;
+ status = srtp_protect(srtp_snd, srtp_plaintext, &len);
+ if (status || (len != 38)) {
+ return srtp_err_status_fail;
+ }
+
+ debug_print(mod_driver, "ciphertext:\n %s",
+ octet_string_hex_string(srtp_plaintext, len));
+ debug_print(mod_driver, "ciphertext reference:\n %s",
+ octet_string_hex_string(srtp_ciphertext, len));
+
+ if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * protect plaintext rtcp, then compare with srtcp ciphertext
+ */
+ len = 24;
+ status = srtp_protect_rtcp(srtp_snd, rtcp_plaintext, &len);
+ if (status || (len != 38)) {
+ return srtp_err_status_fail;
+ }
+
+ debug_print(mod_driver, "srtcp ciphertext:\n %s",
+ octet_string_hex_string(rtcp_plaintext, len));
+ debug_print(mod_driver, "srtcp ciphertext reference:\n %s",
+ octet_string_hex_string(srtcp_ciphertext, len));
+
+ if (octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * create a receiver session context comparable to the one created
+ * above - we need to do this so that the replay checking doesn't
+ * complain
+ */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * unprotect ciphertext, then compare with plaintext
+ */
+ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+ if (status || (len != 28)) {
+ return status;
+ }
+
+ if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * unprotect srtcp ciphertext, then compare with rtcp plaintext
+ */
+ len = 38;
+ status = srtp_unprotect_rtcp(srtp_recv, srtcp_ciphertext, &len);
+ if (status || (len != 24)) {
+ return status;
+ }
+
+ if (octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) {
+ return srtp_err_status_fail;
+ }
+
+ status = srtp_dealloc(srtp_snd);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_dealloc(srtp_recv);
+ if (status) {
+ return status;
+ }
+
+ return srtp_err_status_ok;
+}
+
+#ifdef OPENSSL
+/*
+ * srtp_validate_gcm() verifies the correctness of libsrtp by comparing
+ * an computed packet against the known ciphertext for the plaintext.
+ */
+srtp_err_status_t
+srtp_validate_gcm ()
+{
+ unsigned char test_key_gcm[28] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+ 0xa8, 0xa9, 0xaa, 0xab
+ };
+ uint8_t rtp_plaintext_ref[28] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab
+ };
+ uint8_t rtp_plaintext[44] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00
+ };
+ uint8_t srtp_ciphertext[44] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xc5, 0x00, 0x2e, 0xde,
+ 0x04, 0xcf, 0xdd, 0x2e, 0xb9, 0x11, 0x59, 0xe0,
+ 0x88, 0x0a, 0xa0, 0x6e, 0xd2, 0x97, 0x68, 0x26,
+ 0xf7, 0x96, 0xb2, 0x01, 0xdf, 0x31, 0x31, 0xa1,
+ 0x27, 0xe8, 0xa3, 0x92
+ };
+ uint8_t rtcp_plaintext_ref[24] = {
+ 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ };
+ uint8_t rtcp_plaintext[44] = {
+ 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00
+ };
+ uint8_t srtcp_ciphertext[44] = {
+ 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe,
+ 0xc9, 0x8b, 0x8b, 0x5d, 0xf0, 0x39, 0x2a, 0x55,
+ 0x85, 0x2b, 0x6c, 0x21, 0xac, 0x8e, 0x70, 0x25,
+ 0xc5, 0x2c, 0x6f, 0xbe, 0xa2, 0xb3, 0xb4, 0x46,
+ 0xea, 0x31, 0x12, 0x3b, 0xa8, 0x8c, 0xe6, 0x1e,
+ 0x80, 0x00, 0x00, 0x01
+ };
+
+ srtp_t srtp_snd, srtp_recv;
+ srtp_err_status_t status;
+ int len;
+ srtp_policy_t policy;
+
+ /*
+ * create a session with a single stream using the default srtp
+ * policy and with the SSRC value 0xcafebabe
+ */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key_gcm;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ status = srtp_create(&srtp_snd, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * protect plaintext rtp, then compare with srtp ciphertext
+ */
+ len = 28;
+ status = srtp_protect(srtp_snd, rtp_plaintext, &len);
+ if (status || (len != 44)) {
+ return srtp_err_status_fail;
+ }
+
+ debug_print(mod_driver, "srtp ciphertext:\n %s",
+ octet_string_hex_string(rtp_plaintext, len));
+ debug_print(mod_driver, "srtp ciphertext reference:\n %s",
+ octet_string_hex_string(srtp_ciphertext, len));
+
+ if (octet_string_is_eq(rtp_plaintext, srtp_ciphertext, len)) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * protect plaintext rtcp, then compare with srtcp ciphertext
+ */
+ len = 24;
+ status = srtp_protect_rtcp(srtp_snd, rtcp_plaintext, &len);
+ if (status || (len != 44)) {
+ return srtp_err_status_fail;
+ }
+
+ debug_print(mod_driver, "srtcp ciphertext:\n %s",
+ octet_string_hex_string(rtcp_plaintext, len));
+ debug_print(mod_driver, "srtcp ciphertext reference:\n %s",
+ octet_string_hex_string(srtcp_ciphertext, len));
+
+ if (octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * create a receiver session context comparable to the one created
+ * above - we need to do this so that the replay checking doesn't
+ * complain
+ */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * unprotect srtp ciphertext, then compare with rtp plaintext
+ */
+ len = 44;
+ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+ if (status || (len != 28)) {
+ return status;
+ }
+
+ if (octet_string_is_eq(srtp_ciphertext, rtp_plaintext_ref, len)) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * unprotect srtcp ciphertext, then compare with rtcp plaintext
+ */
+ len = 44;
+ status = srtp_unprotect_rtcp(srtp_recv, srtcp_ciphertext, &len);
+ if (status || (len != 24)) {
+ return status;
+ }
+
+ if (octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) {
+ return srtp_err_status_fail;
+ }
+
+ status = srtp_dealloc(srtp_snd);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_dealloc(srtp_recv);
+ if (status) {
+ return status;
+ }
+
+ return srtp_err_status_ok;
+}
+#endif
+
+/*
+ * Test vectors taken from RFC 6904, Appendix A
+ */
+srtp_err_status_t
+srtp_validate_encrypted_extensions_headers() {
+ unsigned char test_key_ext_headers[30] = {
+ 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
+ 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
+ 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
+ 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
+ };
+ uint8_t srtp_plaintext_ref[56] = {
+ 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+ 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
+ 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
+ 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab
+ };
+ uint8_t srtp_plaintext[66] = {
+ 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+ 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
+ 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
+ 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00
+ };
+ uint8_t srtp_ciphertext[66] = {
+ 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+ 0x17, 0x58, 0x8A, 0x92, 0x70, 0xF4, 0xE1, 0x5E,
+ 0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x95, 0x46,
+ 0xA9, 0x94, 0xF0, 0xBC, 0x54, 0x78, 0x97, 0x00,
+ 0x4e, 0x55, 0xdc, 0x4c, 0xe7, 0x99, 0x78, 0xd8,
+ 0x8c, 0xa4, 0xd2, 0x15, 0x94, 0x9d, 0x24, 0x02,
+ 0x5a, 0x46, 0xb3, 0xca, 0x35, 0xc5, 0x35, 0xa8,
+ 0x91, 0xc7
+ };
+ srtp_t srtp_snd, srtp_recv;
+ srtp_err_status_t status;
+ int len;
+ srtp_policy_t policy;
+ int headers[3] = {1, 3, 4};
+
+ /*
+ * create a session with a single stream using the default srtp
+ * policy and with the SSRC value 0xcafebabe
+ */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key_ext_headers;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.enc_xtn_hdr = headers;
+ policy.enc_xtn_hdr_count = sizeof(headers) / sizeof(headers[0]);
+ policy.next = NULL;
+
+ status = srtp_create(&srtp_snd, &policy);
+ if (status)
+ return status;
+
+ /*
+ * protect plaintext, then compare with ciphertext
+ */
+ len = sizeof(srtp_plaintext_ref);
+ status = srtp_protect(srtp_snd, srtp_plaintext, &len);
+ if (status || (len != sizeof(srtp_plaintext)))
+ return srtp_err_status_fail;
+
+ debug_print(mod_driver, "ciphertext:\n %s",
+ srtp_octet_string_hex_string(srtp_plaintext, len));
+ debug_print(mod_driver, "ciphertext reference:\n %s",
+ srtp_octet_string_hex_string(srtp_ciphertext, len));
+
+ if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
+ return srtp_err_status_fail;
+
+ /*
+ * create a receiver session context comparable to the one created
+ * above - we need to do this so that the replay checking doesn't
+ * complain
+ */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status)
+ return status;
+
+ /*
+ * unprotect ciphertext, then compare with plaintext
+ */
+ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+ if (status) {
+ return status;
+ } else if (len != sizeof(srtp_plaintext_ref)) {
+ return srtp_err_status_fail;
+ }
+
+ if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
+ return srtp_err_status_fail;
+
+ status = srtp_dealloc(srtp_snd);
+ if (status)
+ return status;
+
+ status = srtp_dealloc(srtp_recv);
+ if (status)
+ return status;
+
+ return srtp_err_status_ok;
+}
+
+
+#ifdef OPENSSL
+
+/*
+ * Headers of test vectors taken from RFC 6904, Appendix A
+ */
+srtp_err_status_t
+srtp_validate_encrypted_extensions_headers_gcm() {
+ unsigned char test_key_ext_headers[30] = {
+ 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
+ 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
+ 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
+ 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
+ };
+ uint8_t srtp_plaintext_ref[56] = {
+ 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+ 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
+ 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
+ 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab
+ };
+ uint8_t srtp_plaintext[64] = {
+ 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+ 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27,
+ 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46,
+ 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ uint8_t srtp_ciphertext[64] = {
+ 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06,
+ 0x17, 0x12, 0xe0, 0x20, 0x5b, 0xfa, 0x94, 0x9b,
+ 0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0xbb, 0x46,
+ 0x73, 0x27, 0x78, 0xd9, 0x92, 0x9a, 0xab, 0x00,
+ 0x0e, 0xca, 0x0c, 0xf9, 0x5e, 0xe9, 0x55, 0xb2,
+ 0x6c, 0xd3, 0xd2, 0x88, 0xb4, 0x9f, 0x6c, 0xa9,
+ 0xf4, 0xb1, 0xb7, 0x59, 0x71, 0x9e, 0xb5, 0xbc
+ };
+ srtp_t srtp_snd, srtp_recv;
+ srtp_err_status_t status;
+ int len;
+ srtp_policy_t policy;
+ int headers[3] = {1, 3, 4};
+
+ /*
+ * create a session with a single stream using the default srtp
+ * policy and with the SSRC value 0xcafebabe
+ */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key_ext_headers;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.enc_xtn_hdr = headers;
+ policy.enc_xtn_hdr_count = sizeof(headers) / sizeof(headers[0]);
+ policy.next = NULL;
+
+ status = srtp_create(&srtp_snd, &policy);
+ if (status)
+ return status;
+
+ /*
+ * protect plaintext, then compare with ciphertext
+ */
+ len = sizeof(srtp_plaintext_ref);
+ status = srtp_protect(srtp_snd, srtp_plaintext, &len);
+ if (status || (len != sizeof(srtp_plaintext)))
+ return srtp_err_status_fail;
+
+ debug_print(mod_driver, "ciphertext:\n %s",
+ srtp_octet_string_hex_string(srtp_plaintext, len));
+ debug_print(mod_driver, "ciphertext reference:\n %s",
+ srtp_octet_string_hex_string(srtp_ciphertext, len));
+
+ if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
+ return srtp_err_status_fail;
+
+ /*
+ * create a receiver session context comparable to the one created
+ * above - we need to do this so that the replay checking doesn't
+ * complain
+ */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status)
+ return status;
+
+ /*
+ * unprotect ciphertext, then compare with plaintext
+ */
+ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+ if (status) {
+ return status;
+ } else if (len != sizeof(srtp_plaintext_ref)) {
+ return srtp_err_status_fail;
+ }
+
+ if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
+ return srtp_err_status_fail;
+
+ status = srtp_dealloc(srtp_snd);
+ if (status)
+ return status;
+
+ status = srtp_dealloc(srtp_recv);
+ if (status)
+ return status;
+
+ return srtp_err_status_ok;
+}
+#endif
+
+/*
+ * srtp_validate_aes_256() verifies the correctness of libsrtp by comparing
+ * some computed packets against some pre-computed reference values.
+ * These packets were made with the AES-CM-256/HMAC-SHA-1-80 policy.
+ */
+
+
+srtp_err_status_t
+srtp_validate_aes_256 ()
+{
+ unsigned char aes_256_test_key[46] = {
+ 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
+ 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
+ 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
+ 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
+
+ 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
+ 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
+ };
+ uint8_t srtp_plaintext_ref[28] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab
+ };
+ uint8_t srtp_plaintext[38] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ uint8_t srtp_ciphertext[38] = {
+ 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
+ 0xca, 0xfe, 0xba, 0xbe, 0xf1, 0xd9, 0xde, 0x17,
+ 0xff, 0x25, 0x1f, 0xf1, 0xaa, 0x00, 0x77, 0x74,
+ 0xb0, 0xb4, 0xb4, 0x0d, 0xa0, 0x8d, 0x9d, 0x9a,
+ 0x5b, 0x3a, 0x55, 0xd8, 0x87, 0x3b
+ };
+ srtp_t srtp_snd, srtp_recv;
+ srtp_err_status_t status;
+ int len;
+ srtp_policy_t policy;
+
+ /*
+ * create a session with a single stream using the default srtp
+ * policy and with the SSRC value 0xcafebabe
+ */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = aes_256_test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ status = srtp_create(&srtp_snd, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * protect plaintext, then compare with ciphertext
+ */
+ len = 28;
+ status = srtp_protect(srtp_snd, srtp_plaintext, &len);
+ if (status || (len != 38)) {
+ return srtp_err_status_fail;
+ }
+
+ debug_print(mod_driver, "ciphertext:\n %s",
+ octet_string_hex_string(srtp_plaintext, len));
+ debug_print(mod_driver, "ciphertext reference:\n %s",
+ octet_string_hex_string(srtp_ciphertext, len));
+
+ if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * create a receiver session context comparable to the one created
+ * above - we need to do this so that the replay checking doesn't
+ * complain
+ */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * unprotect ciphertext, then compare with plaintext
+ */
+ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
+ if (status || (len != 28)) {
+ return status;
+ }
+
+ if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) {
+ return srtp_err_status_fail;
+ }
+
+ status = srtp_dealloc(srtp_snd);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_dealloc(srtp_recv);
+ if (status) {
+ return status;
+ }
+
+ return srtp_err_status_ok;
+}
+
+
+srtp_err_status_t
+srtp_create_big_policy (srtp_policy_t **list)
+{
+ extern const srtp_policy_t *policy_array[];
+ srtp_policy_t *p, *tmp;
+ int i = 0;
+ uint32_t ssrc = 0;
+
+ /* sanity checking */
+ if ((list == NULL) || (policy_array[0] == NULL)) {
+ return srtp_err_status_bad_param;
+ }
+
+ /*
+ * loop over policy list, mallocing a new list and copying values
+ * into it (and incrementing the SSRC value as we go along)
+ */
+ tmp = NULL;
+ while (policy_array[i] != NULL) {
+ p = (srtp_policy_t*)malloc(sizeof(srtp_policy_t));
+ if (p == NULL) {
+ return srtp_err_status_bad_param;
+ }
+ memcpy(p, policy_array[i], sizeof(srtp_policy_t));
+ p->ssrc.type = ssrc_specific;
+ p->ssrc.value = ssrc++;
+ p->next = tmp;
+ tmp = p;
+ i++;
+ }
+ *list = p;
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t
+srtp_dealloc_big_policy (srtp_policy_t *list)
+{
+ srtp_policy_t *p, *next;
+
+ for (p = list; p != NULL; p = next) {
+ next = p->next;
+ free(p);
+ }
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t
+srtp_test_empty_payload()
+{
+ srtp_t srtp_snd, srtp_recv;
+ srtp_err_status_t status;
+ int len;
+ srtp_policy_t policy;
+ srtp_hdr_t *mesg;
+
+ /*
+ * create a session with a single stream using the default srtp
+ * policy and with the SSRC value 0xcafebabe
+ */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ status = srtp_create(&srtp_snd, &policy);
+ if (status) {
+ return status;
+ }
+
+ mesg = srtp_create_test_packet(0, policy.ssrc.value);
+ if (mesg == NULL) {
+ return srtp_err_status_fail;
+ }
+
+ len = 12; /* only the header */
+ status = srtp_protect(srtp_snd, mesg, &len);
+ if (status) {
+ return status;
+ } else if (len != 12 + 10) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * create a receiver session context comparable to the one created
+ * above - we need to do this so that the replay checking doesn't
+ * complain
+ */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * unprotect ciphertext, then compare with plaintext
+ */
+ status = srtp_unprotect(srtp_recv, mesg, &len);
+ if (status) {
+ return status;
+ } else if (len != 12) {
+ return srtp_err_status_fail;
+ }
+
+ status = srtp_dealloc(srtp_snd);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_dealloc(srtp_recv);
+ if (status) {
+ return status;
+ }
+
+ free(mesg);
+
+ return srtp_err_status_ok;
+}
+
+#ifdef OPENSSL
+srtp_err_status_t
+srtp_test_empty_payload_gcm()
+{
+ srtp_t srtp_snd, srtp_recv;
+ srtp_err_status_t status;
+ int len;
+ srtp_policy_t policy;
+ srtp_hdr_t *mesg;
+
+ /*
+ * create a session with a single stream using the default srtp
+ * policy and with the SSRC value 0xcafebabe
+ */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ status = srtp_create(&srtp_snd, &policy);
+ if (status) {
+ return status;
+ }
+
+ mesg = srtp_create_test_packet(0, policy.ssrc.value);
+ if (mesg == NULL) {
+ return srtp_err_status_fail;
+ }
+
+ len = 12; /* only the header */
+ status = srtp_protect(srtp_snd, mesg, &len);
+ if (status) {
+ return status;
+ } else if (len != 12 + 8) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * create a receiver session context comparable to the one created
+ * above - we need to do this so that the replay checking doesn't
+ * complain
+ */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * unprotect ciphertext, then compare with plaintext
+ */
+ status = srtp_unprotect(srtp_recv, mesg, &len);
+ if (status) {
+ return status;
+ } else if (len != 12) {
+ return srtp_err_status_fail;
+ }
+
+ status = srtp_dealloc(srtp_snd);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_dealloc(srtp_recv);
+ if (status) {
+ return status;
+ }
+
+ free(mesg);
+
+ return srtp_err_status_ok;
+}
+#endif // OPENSSL
+
+srtp_err_status_t
+srtp_test_remove_stream ()
+{
+ srtp_err_status_t status;
+ srtp_policy_t *policy_list, policy;
+ srtp_t session;
+ srtp_stream_t stream;
+
+ /*
+ * srtp_get_stream() is a libSRTP internal function that we declare
+ * here so that we can use it to verify the correct operation of the
+ * library
+ */
+ extern srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc);
+
+
+ status = srtp_create_big_policy(&policy_list);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_create(&session, policy_list);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * check for false positives by trying to remove a stream that's not
+ * in the session
+ */
+ status = srtp_remove_stream(session, htonl(0xaaaaaaaa));
+ if (status != srtp_err_status_no_ctx) {
+ return srtp_err_status_fail;
+ }
+
+ /*
+ * check for false negatives by removing stream 0x1, then
+ * searching for streams 0x0 and 0x2
+ */
+ status = srtp_remove_stream(session, htonl(0x1));
+ if (status != srtp_err_status_ok) {
+ return srtp_err_status_fail;
+ }
+ stream = srtp_get_stream(session, htonl(0x0));
+ if (stream == NULL) {
+ return srtp_err_status_fail;
+ }
+ stream = srtp_get_stream(session, htonl(0x2));
+ if (stream == NULL) {
+ return srtp_err_status_fail;
+ }
+
+ status = srtp_dealloc(session);
+ if (status != srtp_err_status_ok) {
+ return status;
+ }
+
+ status = srtp_dealloc_big_policy(policy_list);
+ if (status != srtp_err_status_ok) {
+ return status;
+ }
+
+ /* Now test adding and removing a single stream */
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key;
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+
+ status = srtp_create(&session, NULL);
+ if (status != srtp_err_status_ok) {
+ return status;
+ }
+
+ status = srtp_add_stream(session, &policy);
+ if (status != srtp_err_status_ok) {
+ return status;
+ }
+
+ status = srtp_remove_stream(session, htonl(0xcafebabe));
+ if (status != srtp_err_status_ok) {
+ return status;
+ }
+
+ status = srtp_dealloc(session);
+ if (status != srtp_err_status_ok) {
+ return status;
+ }
+
+ return srtp_err_status_ok;
+}
+
+
+unsigned char test_alt_key[46] = {
+ 0xe5, 0x19, 0x6f, 0x01, 0x5e, 0xf1, 0x9b, 0xe1,
+ 0xd7, 0x47, 0xa7, 0x27, 0x07, 0xd7, 0x47, 0x33,
+ 0x01, 0xc2, 0x35, 0x4d, 0x59, 0x6a, 0xf7, 0x84,
+ 0x96, 0x98, 0xeb, 0xaa, 0xac, 0xf6, 0xa1, 0x45,
+ 0xc7, 0x15, 0xe2, 0xea, 0xfe, 0x55, 0x67, 0x96,
+ 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
+};
+
+/*
+ * srtp_test_update() verifies updating/rekeying exsisting streams.
+ * As stated in https://tools.ietf.org/html/rfc3711#section-3.3.1
+ * the value of the ROC must not be reset after a rekey, this test
+ * atempts to prove that srtp_update does not reset the ROC.
+ */
+
+srtp_err_status_t
+srtp_test_update() {
+
+ srtp_err_status_t status;
+ uint32_t ssrc = 0x12121212;
+ int msg_len_octets = 32;
+ int protected_msg_len_octets;
+ srtp_hdr_t * msg;
+ srtp_t srtp_snd, srtp_recv;
+ srtp_policy_t policy;
+
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+ policy.ssrc.type = ssrc_any_outbound;
+ policy.key = test_key;
+
+ /* create a send and recive ctx with defualt profile and test_key */
+ status = srtp_create(&srtp_recv, &policy);
+ if (status)
+ return status;
+
+ policy.ssrc.type = ssrc_any_inbound;
+ status = srtp_create(&srtp_snd, &policy);
+ if (status)
+ return status;
+
+ /* protect and unprotect two msg's that will cause the ROC to be equal to 1 */
+ msg = srtp_create_test_packet(msg_len_octets, ssrc);
+ if (msg == NULL)
+ return srtp_err_status_alloc_fail;
+ msg->seq = htons(65535);
+
+ protected_msg_len_octets = msg_len_octets;
+ status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
+ if (status)
+ return srtp_err_status_fail;
+
+ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
+ if (status)
+ return status;
+
+ free(msg);
+
+ msg = srtp_create_test_packet(msg_len_octets, ssrc);
+ if (msg == NULL)
+ return srtp_err_status_alloc_fail;
+ msg->seq = htons(1);
+
+ protected_msg_len_octets = msg_len_octets;
+ status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
+ if (status)
+ return srtp_err_status_fail;
+
+ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
+ if (status)
+ return status;
+
+ free(msg);
+
+ /* update send ctx with same test_key t verify update works*/
+ policy.ssrc.type = ssrc_any_outbound;
+ policy.key = test_key;
+ status = srtp_update(srtp_snd, &policy);
+ if (status)
+ return status;
+
+ msg = srtp_create_test_packet(msg_len_octets, ssrc);
+ if (msg == NULL)
+ return srtp_err_status_alloc_fail;
+ msg->seq = htons(2);
+
+ protected_msg_len_octets = msg_len_octets;
+ status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
+ if (status)
+ return srtp_err_status_fail;
+
+ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
+ if (status)
+ return status;
+
+ free(msg);
+
+
+ /* update send ctx to use test_alt_key */
+ policy.ssrc.type = ssrc_any_outbound;
+ policy.key = test_alt_key;
+ status = srtp_update(srtp_snd, &policy);
+ if (status)
+ return status;
+
+ /* create and protect msg with new key and ROC still equal to 1 */
+ msg = srtp_create_test_packet(msg_len_octets, ssrc);
+ if (msg == NULL)
+ return srtp_err_status_alloc_fail;
+ msg->seq = htons(3);
+
+ protected_msg_len_octets = msg_len_octets;
+ status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets);
+ if (status)
+ return srtp_err_status_fail;
+
+ /* verify that recive ctx will fail to unprotect as it still uses test_key */
+ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
+ if (status == srtp_err_status_ok)
+ return srtp_err_status_fail;
+
+ /* create a new recvieve ctx with test_alt_key but since it is new it will have ROC equal to 1
+ * and therefore should fail to unprotected */
+ {
+ srtp_t srtp_recv_roc_0;
+
+ policy.ssrc.type = ssrc_any_inbound;
+ policy.key = test_alt_key;
+ status = srtp_create(&srtp_recv_roc_0, &policy);
+ if (status)
+ return status;
+
+ status = srtp_unprotect(srtp_recv_roc_0, msg, &protected_msg_len_octets);
+ if (status == srtp_err_status_ok)
+ return srtp_err_status_fail;
+
+ status = srtp_dealloc(srtp_recv_roc_0);
+ if (status)
+ return status;
+ }
+
+ /* update recive ctx to use test_alt_key */
+ policy.ssrc.type = ssrc_any_inbound;
+ policy.key = test_alt_key;
+ status = srtp_update(srtp_recv, &policy);
+ if (status)
+ return status;
+
+ /* verify that can still unprotect, therfore key is updated and ROC value is preserved */
+ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets);
+ if (status)
+ return status;
+
+ free(msg);
+
+ status = srtp_dealloc(srtp_snd);
+ if (status)
+ return status;
+
+ status = srtp_dealloc(srtp_recv);
+ if (status)
+ return status;
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t
+srtp_test_setup_protect_trailer_streams(srtp_t *srtp_send, srtp_t *srtp_send_mki,
+ srtp_t *srtp_send_aes_gcm, srtp_t *srtp_send_aes_gcm_mki) {
+
+ srtp_err_status_t status;
+ srtp_policy_t policy;
+ srtp_policy_t policy_mki;
+#ifdef OPENSSL
+ srtp_policy_t policy_aes_gcm;
+ srtp_policy_t policy_aes_gcm_mki;
+#endif // OPENSSL
+
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ekt = NULL;
+ policy.window_size = 128;
+ policy.allow_repeat_tx = 0;
+ policy.next = NULL;
+ policy.ssrc.type = ssrc_any_outbound;
+ policy.key = test_key;
+
+ memset(&policy_mki, 0, sizeof(policy_mki));
+ srtp_crypto_policy_set_rtp_default(&policy_mki.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy_mki.rtcp);
+ policy_mki.ekt = NULL;
+ policy_mki.window_size = 128;
+ policy_mki.allow_repeat_tx = 0;
+ policy_mki.next = NULL;
+ policy_mki.ssrc.type = ssrc_any_outbound;
+ policy_mki.key = NULL;
+ policy_mki.keys = test_keys;
+ policy_mki.num_master_keys = 2;
+
+#ifdef OPENSSL
+ memset(&policy_aes_gcm, 0, sizeof(policy_aes_gcm));
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtcp);
+ policy_aes_gcm.ekt = NULL;
+ policy_aes_gcm.window_size = 128;
+ policy_aes_gcm.allow_repeat_tx = 0;
+ policy_aes_gcm.next = NULL;
+ policy_aes_gcm.ssrc.type = ssrc_any_outbound;
+ policy_aes_gcm.key = test_key;
+
+ memset(&policy_aes_gcm_mki, 0, sizeof(policy_aes_gcm_mki));
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtcp);
+ policy_aes_gcm_mki.ekt = NULL;
+ policy_aes_gcm_mki.window_size = 128;
+ policy_aes_gcm_mki.allow_repeat_tx = 0;
+ policy_aes_gcm_mki.next = NULL;
+ policy_aes_gcm_mki.ssrc.type = ssrc_any_outbound;
+ policy_aes_gcm_mki.key = NULL;
+ policy_aes_gcm_mki.keys = test_keys;
+ policy_aes_gcm_mki.num_master_keys = 2;
+
+#endif
+
+ /* create a send ctx with defualt profile and test_key */
+ status = srtp_create(srtp_send, &policy);
+ if (status)
+ return status;
+
+ status = srtp_create(srtp_send_mki, &policy_mki);
+ if (status)
+ return status;
+
+#ifdef OPENSSL
+ status = srtp_create(srtp_send_aes_gcm, &policy_aes_gcm);
+ if (status)
+ return status;
+
+ status = srtp_create(srtp_send_aes_gcm_mki, &policy_aes_gcm_mki);
+ if (status)
+ return status;
+#endif //OPENSSL
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t
+srtp_test_protect_trailer_length() {
+
+ srtp_t srtp_send;
+ srtp_t srtp_send_mki;
+ srtp_t srtp_send_aes_gcm;
+ srtp_t srtp_send_aes_gcm_mki;
+ uint32_t length = 0;
+ srtp_err_status_t status;
+
+ srtp_test_setup_protect_trailer_streams(&srtp_send, &srtp_send_mki,
+ &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki);
+
+ status = srtp_get_protect_trailer_length(srtp_send, 0, 0, &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 10 bytes */
+ if (length != 10)
+ return srtp_err_status_fail;
+
+ status = srtp_get_protect_trailer_length(srtp_send_mki, 1, 1, &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 10 bytes + MKI length: 4 bytes*/
+ if (length != 14)
+ return srtp_err_status_fail;
+
+#ifdef OPENSSL
+ status = srtp_get_protect_trailer_length(srtp_send_aes_gcm, 0, 0, &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 16 bytes */
+ if (length != 16)
+ return srtp_err_status_fail;
+
+
+ status = srtp_get_protect_trailer_length(srtp_send_aes_gcm_mki, 1, 1, &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 16 bytes + MKI length: 4 bytes*/
+ if (length != 20)
+ return srtp_err_status_fail;
+
+#endif //OPENSSL
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t
+srtp_test_protect_rtcp_trailer_length() {
+
+ srtp_t srtp_send;
+ srtp_t srtp_send_mki;
+ srtp_t srtp_send_aes_gcm;
+ srtp_t srtp_send_aes_gcm_mki;
+ uint32_t length = 0;
+ srtp_err_status_t status;
+
+ srtp_test_setup_protect_trailer_streams(&srtp_send, &srtp_send_mki,
+ &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki);
+
+ status = srtp_get_protect_rtcp_trailer_length(srtp_send, 0, 0, &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes*/
+ if (length != 14)
+ return srtp_err_status_fail;
+
+ status = srtp_get_protect_rtcp_trailer_length(srtp_send_mki, 1, 1, &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/
+ if (length != 18)
+ return srtp_err_status_fail;
+
+#ifdef OPENSSL
+ status = srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm, 0, 0, &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes*/
+ if (length != 20)
+ return srtp_err_status_fail;
+
+
+ status = srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm_mki, 1, 1, &length);
+ if (status)
+ return status;
+
+ /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/
+ if (length != 24)
+ return srtp_err_status_fail;
+
+#endif //OPENSSL
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t
+srtp_test_get_roc() {
+ srtp_err_status_t status;
+ srtp_policy_t policy;
+ srtp_t session;
+ srtp_hdr_t *pkt;
+ uint32_t i;
+ uint32_t roc;
+ uint32_t ts;
+ uint16_t seq;
+
+ int msg_len_octets = 32;
+ int protected_msg_len_octets;
+
+ memset(&policy, 0, sizeof(policy));
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
+ policy.ssrc.type = ssrc_specific;
+ policy.ssrc.value = 0xcafebabe;
+ policy.key = test_key;
+ policy.window_size = 128;
+
+ /* Create a sender session */
+ status = srtp_create(&session, &policy);
+ if (status) {
+ return status;
+ }
+
+ /* Set start sequence so we roll over */
+ seq = 65535;
+ ts = 0;
+
+ for (i = 0; i < 2; i++) {
+ pkt = srtp_create_test_packet_extended(msg_len_octets, policy.ssrc.value, seq, ts);
+ protected_msg_len_octets = msg_len_octets;
+ status = srtp_protect(session, pkt, &protected_msg_len_octets);
+ free(pkt);
+ if (status) {
+ return status;
+ }
+
+ status = srtp_get_stream_roc(session, policy.ssrc.value, &roc);
+ if (status) {
+ return status;
+ }
+
+ if (roc != i) {
+ return srtp_err_status_fail;
+ }
+
+ seq++;
+ ts++;
+ }
+
+ /* Cleanup */
+ status = srtp_dealloc(session);
+ if (status) {
+ return status;
+ }
+
+ return srtp_err_status_ok;
+}
+
+static srtp_err_status_t
+test_set_receiver_roc(uint32_t packets, uint32_t roc_to_set)
+{
+ srtp_err_status_t status;
+
+ srtp_policy_t sender_policy;
+ srtp_t sender_session;
+
+ srtp_policy_t receiver_policy;
+ srtp_t receiver_session;
+
+ srtp_hdr_t *pkt_1;
+ unsigned char *recv_pkt_1;
+
+ srtp_hdr_t *pkt_2;
+ unsigned char *recv_pkt_2;
+
+ uint32_t i;
+ uint32_t ts;
+ uint16_t seq;
+
+ int msg_len_octets = 32;
+ int protected_msg_len_octets_1;
+ int protected_msg_len_octets_2;
+
+ /* Create sender */
+ memset(&sender_policy, 0, sizeof(sender_policy));
+ srtp_crypto_policy_set_rtp_default(&sender_policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp);
+ sender_policy.ssrc.type = ssrc_specific;
+ sender_policy.ssrc.value = 0xcafebabe;
+ sender_policy.key = test_key;
+ sender_policy.window_size = 128;
- sum = 0;
- t = clock();
- for (i=0; i<num_trials; i++)
- sum += i;
- t = clock() - t;
+ status = srtp_create(&sender_session, &sender_policy);
+ if (status) {
+ return status;
+ }
-/* printf("%d\n", sum); */
- *ignore = sum;
+ /* Create and protect packets */
+ seq = 0;
+ ts = 0;
+ for (i = 0; i < packets; i++) {
+ srtp_hdr_t *tmp_pkt;
+ int tmp_len;
+
+ tmp_pkt = srtp_create_test_packet_extended(msg_len_octets, sender_policy.ssrc.value, seq, ts);
+ tmp_len = msg_len_octets;
+ status = srtp_protect(sender_session, tmp_pkt, &tmp_len);
+ free(tmp_pkt);
+ if (status) {
+ return status;
+ }
+ seq++;
+ ts++;
+ }
- return (double) num_trials * CLOCKS_PER_SEC / t;
-}
+ /* Create the first packet to decrypt and test for ROC change */
+ pkt_1 = srtp_create_test_packet_extended(msg_len_octets, sender_policy.ssrc.value, seq, ts);
+ protected_msg_len_octets_1 = msg_len_octets;
+ status = srtp_protect(sender_session, pkt_1, &protected_msg_len_octets_1);
+ if (status) {
+ return status;
+ }
+ /* Create the second packet to decrypt and test for ROC change */
+ seq++;
+ ts++;
+ pkt_2 = srtp_create_test_packet_extended(msg_len_octets, sender_policy.ssrc.value, seq, ts);
+ protected_msg_len_octets_2 = msg_len_octets;
+ status = srtp_protect(sender_session, pkt_2, &protected_msg_len_octets_2);
+ if (status) {
+ return status;
+ }
-/*
- * srtp_validate() verifies the correctness of libsrtp by comparing
- * some computed packets against some pre-computed reference values.
- * These packets were made with the default SRTP policy.
- */
+ /* Create the receiver */
+ memset(&receiver_policy, 0, sizeof(receiver_policy));
+ srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp);
+ receiver_policy.ssrc.type = ssrc_specific;
+ receiver_policy.ssrc.value = sender_policy.ssrc.value;
+ receiver_policy.key = test_key;
+ receiver_policy.window_size = 128;
+ status = srtp_create(&receiver_session, &receiver_policy);
+ if (status) {
+ return status;
+ }
-err_status_t
-srtp_validate() {
- uint8_t srtp_plaintext_ref[28] = {
- 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
- 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
- 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
- 0xab, 0xab, 0xab, 0xab
- };
- uint8_t srtp_plaintext[38] = {
- 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
- 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
- 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
- 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- };
- uint8_t srtp_ciphertext[38] = {
- 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
- 0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c,
- 0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15,
- 0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc,
- 0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb
- };
- srtp_t srtp_snd, srtp_recv;
- err_status_t status;
- int len;
- srtp_policy_t policy;
-
- /*
- * create a session with a single stream using the default srtp
- * policy and with the SSRC value 0xcafebabe
- */
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
- policy.ssrc.type = ssrc_specific;
- policy.ssrc.value = 0xcafebabe;
- policy.key = test_key;
- policy.ekt = NULL;
- policy.window_size = 128;
- policy.allow_repeat_tx = 0;
- policy.next = NULL;
+ /* Make a copy of the first sent protected packet */
+ recv_pkt_1 = malloc(protected_msg_len_octets_1);
+ if (recv_pkt_1 == NULL) {
+ return srtp_err_status_fail;
+ }
+ memcpy(recv_pkt_1, pkt_1, protected_msg_len_octets_1);
- status = srtp_create(&srtp_snd, &policy);
- if (status)
+ /* Make a copy of the second sent protected packet */
+ recv_pkt_2 = malloc(protected_msg_len_octets_2);
+ if (recv_pkt_2 == NULL) {
+ return srtp_err_status_fail;
+ }
+ memcpy(recv_pkt_2, pkt_2, protected_msg_len_octets_2);
+
+ /* Set the ROC to the wanted value */
+ status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value, roc_to_set);
+ if (status) {
return status;
-
- /*
- * protect plaintext, then compare with ciphertext
- */
- len = 28;
- status = srtp_protect(srtp_snd, srtp_plaintext, &len);
- if (status || (len != 38))
- return err_status_fail;
-
- debug_print(mod_driver, "ciphertext:\n %s",
- octet_string_hex_string(srtp_plaintext, len));
- debug_print(mod_driver, "ciphertext reference:\n %s",
- octet_string_hex_string(srtp_ciphertext, len));
-
- if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
- return err_status_fail;
-
- /*
- * create a receiver session context comparable to the one created
- * above - we need to do this so that the replay checking doesn't
- * complain
- */
- status = srtp_create(&srtp_recv, &policy);
- if (status)
+ }
+
+ /* Unprotect the first packet */
+ status = srtp_unprotect(receiver_session, recv_pkt_1, &protected_msg_len_octets_1);
+ if (status) {
return status;
+ }
- /*
- * unprotect ciphertext, then compare with plaintext
- */
- status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
- if (status || (len != 28))
+ /* Unprotect the second packet */
+ status = srtp_unprotect(receiver_session, recv_pkt_2, &protected_msg_len_octets_2);
+ if (status) {
return status;
-
- if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
- return err_status_fail;
+ }
- status = srtp_dealloc(srtp_snd);
- if (status)
+ /* Cleanup */
+ status = srtp_dealloc(sender_session);
+ if (status) {
return status;
+ }
- status = srtp_dealloc(srtp_recv);
- if (status)
+ status = srtp_dealloc(receiver_session);
+ if (status) {
return status;
+ }
+
+ free(pkt_1);
+ free(recv_pkt_1);
+ free(pkt_2);
+ free(recv_pkt_2);
- return err_status_ok;
+ return srtp_err_status_ok;
}
+static srtp_err_status_t
+test_set_sender_roc(uint16_t seq, uint32_t roc_to_set)
+{
+ srtp_err_status_t status;
-/*
- * srtp_validate_aes_256() verifies the correctness of libsrtp by comparing
- * some computed packets against some pre-computed reference values.
- * These packets were made with the AES-CM-256/HMAC-SHA-1-80 policy.
- */
+ srtp_policy_t sender_policy;
+ srtp_t sender_session;
+ srtp_policy_t receiver_policy;
+ srtp_t receiver_session;
-err_status_t
-srtp_validate_aes_256() {
- unsigned char aes_256_test_key[46] = {
- 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
- 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
- 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
- 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
+ srtp_hdr_t *pkt;
+ unsigned char *recv_pkt;
- 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
- 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
- };
- uint8_t srtp_plaintext_ref[28] = {
- 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
- 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
- 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
- 0xab, 0xab, 0xab, 0xab
- };
- uint8_t srtp_plaintext[38] = {
- 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
- 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab,
- 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab,
- 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
- };
- uint8_t srtp_ciphertext[38] = {
- 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
- 0xca, 0xfe, 0xba, 0xbe, 0xf1, 0xd9, 0xde, 0x17,
- 0xff, 0x25, 0x1f, 0xf1, 0xaa, 0x00, 0x77, 0x74,
- 0xb0, 0xb4, 0xb4, 0x0d, 0xa0, 0x8d, 0x9d, 0x9a,
- 0x5b, 0x3a, 0x55, 0xd8, 0x87, 0x3b
- };
- srtp_t srtp_snd, srtp_recv;
- err_status_t status;
- int len;
- srtp_policy_t policy;
-
- /*
- * create a session with a single stream using the default srtp
- * policy and with the SSRC value 0xcafebabe
- */
- crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
- crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtcp);
- policy.ssrc.type = ssrc_specific;
- policy.ssrc.value = 0xcafebabe;
- policy.key = aes_256_test_key;
- policy.ekt = NULL;
- policy.window_size = 128;
- policy.allow_repeat_tx = 0;
- policy.next = NULL;
+ uint32_t ts;
- status = srtp_create(&srtp_snd, &policy);
- if (status)
+ int msg_len_octets = 32;
+ int protected_msg_len_octets;
+
+ /* Create sender */
+ memset(&sender_policy, 0, sizeof(sender_policy));
+ srtp_crypto_policy_set_rtp_default(&sender_policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp);
+ sender_policy.ssrc.type = ssrc_specific;
+ sender_policy.ssrc.value = 0xcafebabe;
+ sender_policy.key = test_key;
+ sender_policy.window_size = 128;
+
+ status = srtp_create(&sender_session, &sender_policy);
+ if (status) {
return status;
-
- /*
- * protect plaintext, then compare with ciphertext
- */
- len = 28;
- status = srtp_protect(srtp_snd, srtp_plaintext, &len);
- if (status || (len != 38))
- return err_status_fail;
-
- debug_print(mod_driver, "ciphertext:\n %s",
- octet_string_hex_string(srtp_plaintext, len));
- debug_print(mod_driver, "ciphertext reference:\n %s",
- octet_string_hex_string(srtp_ciphertext, len));
-
- if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
- return err_status_fail;
-
- /*
- * create a receiver session context comparable to the one created
- * above - we need to do this so that the replay checking doesn't
- * complain
- */
- status = srtp_create(&srtp_recv, &policy);
- if (status)
+ }
+
+ /* Set the ROC before encrypting the first packet */
+ status = srtp_set_stream_roc(sender_session, sender_policy.ssrc.value, roc_to_set);
+ if (status != srtp_err_status_ok) {
return status;
+ }
- /*
- * unprotect ciphertext, then compare with plaintext
- */
- status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len);
- if (status || (len != 28))
+ /* Create the packet to decrypt */
+ ts = 0;
+ pkt = srtp_create_test_packet_extended(msg_len_octets, sender_policy.ssrc.value, seq, ts);
+ protected_msg_len_octets = msg_len_octets;
+ status = srtp_protect(sender_session, pkt, &protected_msg_len_octets);
+ if (status) {
return status;
-
- if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
- return err_status_fail;
+ }
- status = srtp_dealloc(srtp_snd);
- if (status)
+ /* Create the receiver */
+ memset(&receiver_policy, 0, sizeof(receiver_policy));
+ srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp);
+ receiver_policy.ssrc.type = ssrc_specific;
+ receiver_policy.ssrc.value = sender_policy.ssrc.value;
+ receiver_policy.key = test_key;
+ receiver_policy.window_size = 128;
+
+ status = srtp_create(&receiver_session, &receiver_policy);
+ if (status) {
return status;
+ }
- status = srtp_dealloc(srtp_recv);
- if (status)
+ /* Make a copy of the sent protected packet */
+ recv_pkt = malloc(protected_msg_len_octets);
+ if (recv_pkt == NULL) {
+ return srtp_err_status_fail;
+ }
+ memcpy(recv_pkt, pkt, protected_msg_len_octets);
+
+ /* Set the ROC to the wanted value */
+ status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value, roc_to_set);
+ if (status) {
return status;
+ }
- return err_status_ok;
-}
+ status = srtp_unprotect(receiver_session, recv_pkt, &protected_msg_len_octets);
+ if (status) {
+ return status;
+ }
+ /* Cleanup */
+ status = srtp_dealloc(sender_session);
+ if (status) {
+ return status;
+ }
-err_status_t
-srtp_create_big_policy(srtp_policy_t **list) {
- extern const srtp_policy_t *policy_array[];
- srtp_policy_t *p, *tmp;
- int i = 0;
- uint32_t ssrc = 0;
-
- /* sanity checking */
- if ((list == NULL) || (policy_array[0] == NULL))
- return err_status_bad_param;
-
- /*
- * loop over policy list, mallocing a new list and copying values
- * into it (and incrementing the SSRC value as we go along)
- */
- tmp = NULL;
- while (policy_array[i] != NULL) {
- p = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
- if (p == NULL)
- return err_status_bad_param;
- memcpy(p, policy_array[i], sizeof(srtp_policy_t));
- p->ssrc.type = ssrc_specific;
- p->ssrc.value = ssrc++;
- p->next = tmp;
- tmp = p;
- i++;
+ status = srtp_dealloc(receiver_session);
+ if (status) {
+ return status;
}
- *list = p;
-
- return err_status_ok;
+
+ free(pkt);
+ free(recv_pkt);
+
+ return srtp_err_status_ok;
}
-err_status_t
-srtp_dealloc_big_policy(srtp_policy_t *list) {
- srtp_policy_t *p, *next;
+srtp_err_status_t
+srtp_test_set_receiver_roc() {
+ int packets;
+ uint32_t roc;
+ srtp_err_status_t status;
+
+ /* First test does not rollover */
+ packets = 1;
+ roc = 0;
- for (p = list; p != NULL; p = next) {
- next = p->next;
- free(p);
+ status = test_set_receiver_roc(packets - 1, roc);
+ if (status) {
+ return status;
}
- return err_status_ok;
-}
+ status = test_set_receiver_roc(packets, roc);
+ if (status) {
+ return status;
+ }
+ status = test_set_receiver_roc(packets + 1, roc);
+ if (status) {
+ return status;
+ }
-err_status_t
-srtp_test_remove_stream() {
- err_status_t status;
- srtp_policy_t *policy_list, policy;
- srtp_t session;
- srtp_stream_t stream;
- /*
- * srtp_get_stream() is a libSRTP internal function that we declare
- * here so that we can use it to verify the correct operation of the
- * library
- */
- extern srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc);
-
-
- status = srtp_create_big_policy(&policy_list);
- if (status)
+ status = test_set_receiver_roc(packets + 60000, roc);
+ if (status) {
return status;
+ }
- status = srtp_create(&session, policy_list);
- if (status)
+ /* Second test should rollover */
+ packets = 65535;
+ roc = 0;
+
+ status = test_set_receiver_roc(packets - 1, roc);
+ if (status) {
return status;
+ }
- /*
- * check for false positives by trying to remove a stream that's not
- * in the session
- */
- status = srtp_remove_stream(session, htonl(0xaaaaaaaa));
- if (status != err_status_no_ctx)
- return err_status_fail;
-
- /*
- * check for false negatives by removing stream 0x1, then
- * searching for streams 0x0 and 0x2
- */
- status = srtp_remove_stream(session, htonl(0x1));
- if (status != err_status_ok)
- return err_status_fail;
- stream = srtp_get_stream(session, htonl(0x0));
- if (stream == NULL)
- return err_status_fail;
- stream = srtp_get_stream(session, htonl(0x2));
- if (stream == NULL)
- return err_status_fail;
+ status = test_set_receiver_roc(packets, roc);
+ if (status) {
+ return status;
+ }
- status = srtp_dealloc(session);
- if (status != err_status_ok)
+ /* Now the rollover counter should be 1 */
+ roc = 1;
+ status = test_set_receiver_roc(packets + 1, roc);
+ if (status) {
return status;
+ }
- status = srtp_dealloc_big_policy(policy_list);
- if (status != err_status_ok)
+ status = test_set_receiver_roc(packets + 60000, roc);
+ if (status) {
return status;
+ }
- /* Now test adding and removing a single stream */
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
- policy.ssrc.type = ssrc_specific;
- policy.ssrc.value = 0xcafebabe;
- policy.key = test_key;
- policy.ekt = NULL;
- policy.window_size = 128;
- policy.allow_repeat_tx = 0;
- policy.next = NULL;
+ return srtp_err_status_ok;
+}
- status = srtp_create(&session, NULL);
- if (status != err_status_ok)
+srtp_err_status_t
+srtp_test_set_sender_roc() {
+ uint32_t roc;
+ uint16_t seq;
+ srtp_err_status_t status;
+
+ seq = 43210;
+ roc = 0;
+ status = test_set_sender_roc(seq, roc);
+ if (status) {
return status;
-
- status = srtp_add_stream(session, &policy);
- if (status != err_status_ok)
+ }
+
+ roc = 65535;
+ status = test_set_sender_roc(seq, roc);
+ if (status) {
return status;
+ }
- status = srtp_remove_stream(session, htonl(0xcafebabe));
- if (status != err_status_ok)
+ roc = 0xffff;
+ status = test_set_sender_roc(seq, roc);
+ if (status) {
return status;
+ }
- status = srtp_dealloc(session);
- if (status != err_status_ok)
+ roc = 0xffff00;
+ status = test_set_sender_roc(seq, roc);
+ if (status) {
+ return status;
+ }
+
+ roc = 0xfffffff0;
+ status = test_set_sender_roc(seq, roc);
+ if (status) {
return status;
+ }
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
};
+unsigned char test_key_2[46] = {
+ 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
+ 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
+ 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
+ 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
+ 0xc3, 0x17, 0xf2, 0xda, 0xbe, 0x35, 0x77, 0x93,
+ 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6
+};
-const srtp_policy_t default_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- { /* SRTP policy */
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 16, /* auth key length in octets */
- 10, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
- },
- { /* SRTCP policy */
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 16, /* auth key length in octets */
- 10, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
- },
- test_key,
- NULL, /* indicates that EKT is not in use */
- 128, /* replay window size */
- 0, /* retransmission not allowed */
- NULL
+unsigned char test_mki_id[TEST_MKI_ID_SIZE] = {
+ 0xe1, 0xf9, 0x7a, 0x0d
};
-const srtp_policy_t aes_tmmh_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- {
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- UST_TMMHv2, /* authentication func type */
- 94, /* auth key length in octets */
- 4, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
- },
- {
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- UST_TMMHv2, /* authentication func type */
- 94, /* auth key length in octets */
- 4, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
- },
- test_key,
- NULL, /* indicates that EKT is not in use */
- 128, /* replay window size */
- 0, /* retransmission not allowed */
- NULL
+unsigned char test_mki_id_2[TEST_MKI_ID_SIZE] = {
+ 0xf3, 0xa1, 0x46, 0x71
};
-const srtp_policy_t tmmh_only_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- {
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- UST_TMMHv2, /* authentication func type */
- 94, /* auth key length in octets */
- 4, /* auth tag length in octets */
- sec_serv_auth /* security services flag */
- },
- {
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- UST_TMMHv2, /* authentication func type */
- 94, /* auth key length in octets */
- 4, /* auth tag length in octets */
- sec_serv_auth /* security services flag */
- },
- test_key,
- NULL, /* indicates that EKT is not in use */
- 128, /* replay window size */
- 0, /* retransmission not allowed */
- NULL
+const srtp_policy_t default_policy = {
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ { /* SRTP policy */
+ SRTP_AES_ICM_128, /* cipher type */
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 16, /* auth key length in octets */
+ 10, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ { /* SRTCP policy */
+ SRTP_AES_ICM_128, /* cipher type */
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 16, /* auth key length in octets */
+ 10, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
};
const srtp_policy_t aes_only_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- {
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 0, /* auth tag length in octets */
- sec_serv_conf /* security services flag */
- },
- {
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 0, /* auth tag length in octets */
- sec_serv_conf /* security services flag */
- },
- test_key,
- NULL, /* indicates that EKT is not in use */
- 128, /* replay window size */
- 0, /* retransmission not allowed */
- NULL
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ SRTP_AES_ICM_128, /* cipher type */
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 0, /* auth tag length in octets */
+ sec_serv_conf /* security services flag */
+ },
+ {
+ SRTP_AES_ICM_128, /* cipher type */
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 0, /* auth tag length in octets */
+ sec_serv_conf /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
};
const srtp_policy_t hmac_only_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- {
- NULL_CIPHER, /* cipher type */
- 0, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 20, /* auth key length in octets */
- 4, /* auth tag length in octets */
- sec_serv_auth /* security services flag */
- },
- {
- NULL_CIPHER, /* cipher type */
- 0, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 20, /* auth key length in octets */
- 4, /* auth tag length in octets */
- sec_serv_auth /* security services flag */
- },
- test_key,
- NULL, /* indicates that EKT is not in use */
- 128, /* replay window size */
- 0, /* retransmission not allowed */
- NULL
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ SRTP_NULL_CIPHER, /* cipher type */
+ 0, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 4, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
+ },
+ {
+ SRTP_NULL_CIPHER, /* cipher type */
+ 0, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 4, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* Number of Master keys associated with the policy */
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
};
#ifdef OPENSSL
const srtp_policy_t aes128_gcm_8_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- { /* SRTP policy */
- AES_128_GCM, /* cipher type */
- AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 8, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ { /* SRTP policy */
+ SRTP_AES_GCM_128, /* cipher type */
+ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
},
- { /* SRTCP policy */
- AES_128_GCM, /* cipher type */
- AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 8, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
+ { /* SRTCP policy */
+ SRTP_AES_GCM_128, /* cipher type */
+ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
},
- test_key,
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
NULL, /* indicates that EKT is not in use */
128, /* replay window size */
0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
NULL
};
const srtp_policy_t aes128_gcm_8_cauth_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- { /* SRTP policy */
- AES_128_GCM, /* cipher type */
- AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 8, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ { /* SRTP policy */
+ SRTP_AES_GCM_128, /* cipher type */
+ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
},
- { /* SRTCP policy */
- AES_128_GCM, /* cipher type */
- AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 8, /* auth tag length in octets */
- sec_serv_auth /* security services flag */
+ { /* SRTCP policy */
+ SRTP_AES_GCM_128, /* cipher type */
+ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
},
- test_key,
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
NULL, /* indicates that EKT is not in use */
128, /* replay window size */
0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
NULL
};
-
+
const srtp_policy_t aes256_gcm_8_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- { /* SRTP policy */
- AES_256_GCM, /* cipher type */
- AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 8, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ { /* SRTP policy */
+ SRTP_AES_GCM_256, /* cipher type */
+ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
},
- { /* SRTCP policy */
- AES_256_GCM, /* cipher type */
- AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 8, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
+ { /* SRTCP policy */
+ SRTP_AES_GCM_256, /* cipher type */
+ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
},
- test_key,
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
NULL, /* indicates that EKT is not in use */
128, /* replay window size */
0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
NULL
};
-
+
const srtp_policy_t aes256_gcm_8_cauth_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- { /* SRTP policy */
- AES_256_GCM, /* cipher type */
- AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 8, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ { /* SRTP policy */
+ SRTP_AES_GCM_256, /* cipher type */
+ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
},
- { /* SRTCP policy */
- AES_256_GCM, /* cipher type */
- AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 8, /* auth tag length in octets */
- sec_serv_auth /* security services flag */
+ { /* SRTCP policy */
+ SRTP_AES_GCM_256, /* cipher type */
+ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 8, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
},
- test_key,
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
NULL, /* indicates that EKT is not in use */
128, /* replay window size */
0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
NULL
};
#endif
const srtp_policy_t null_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- {
- NULL_CIPHER, /* cipher type */
- 0, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 0, /* auth tag length in octets */
- sec_serv_none /* security services flag */
- },
- {
- NULL_CIPHER, /* cipher type */
- 0, /* cipher key length in octets */
- NULL_AUTH, /* authentication func type */
- 0, /* auth key length in octets */
- 0, /* auth tag length in octets */
- sec_serv_none /* security services flag */
- },
- test_key,
- NULL, /* indicates that EKT is not in use */
- 128, /* replay window size */
- 0, /* retransmission not allowed */
- NULL
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ SRTP_NULL_CIPHER, /* cipher type */
+ 0, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 0, /* auth tag length in octets */
+ sec_serv_none /* security services flag */
+ },
+ {
+ SRTP_NULL_CIPHER, /* cipher type */
+ 0, /* cipher key length in octets */
+ SRTP_NULL_AUTH, /* authentication func type */
+ 0, /* auth key length in octets */
+ 0, /* auth tag length in octets */
+ sec_serv_none /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
};
unsigned char test_256_key[46] = {
- 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
- 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
- 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
- 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
+ 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
+ 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29,
+ 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1,
+ 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6,
+
+ 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
+ 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
+};
+
+unsigned char test_256_key_2[46] = {
+ 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0,
+ 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39,
+ 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb,
+ 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6, 0xc1, 0x73,
+ 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
+ 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
+};
+
+srtp_master_key_t master_256_key_1 = {
+ test_256_key,
+ test_mki_id,
+ TEST_MKI_ID_SIZE
+};
+
+srtp_master_key_t master_256_key_2 = {
+ test_256_key_2,
+ test_mki_id_2,
+ TEST_MKI_ID_SIZE
+};
- 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9,
- 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2
+srtp_master_key_t *test_256_keys[2] = {
+ &master_key_1,
+ &master_key_2
};
const srtp_policy_t aes_256_hmac_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- { /* SRTP policy */
- AES_ICM, /* cipher type */
- 46, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 20, /* auth key length in octets */
- 10, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
- },
- { /* SRTCP policy */
- AES_ICM, /* cipher type */
- 46, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 20, /* auth key length in octets */
- 10, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
- },
- test_256_key,
- NULL, /* indicates that EKT is not in use */
- 128, /* replay window size */
- 0, /* retransmission not allowed */
- NULL
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ { /* SRTP policy */
+ SRTP_AES_ICM_256, /* cipher type */
+ SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 10, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ { /* SRTCP policy */
+ SRTP_AES_ICM_256, /* cipher type */
+ SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 10, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_256_keys,
+ 2, /* indicates the number of Master keys */
+ NULL, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
};
uint8_t ekt_test_key[16] = {
- 0x77, 0x26, 0x9d, 0xac, 0x16, 0xa3, 0x28, 0xca,
- 0x8e, 0xc9, 0x68, 0x4b, 0xcc, 0xc4, 0xd2, 0x1b
+ 0x77, 0x26, 0x9d, 0xac, 0x16, 0xa3, 0x28, 0xca,
+ 0x8e, 0xc9, 0x68, 0x4b, 0xcc, 0xc4, 0xd2, 0x1b
};
#include "ekt.h"
-ekt_policy_ctx_t ekt_test_policy = {
- 0xa5a5, /* SPI */
- EKT_CIPHER_AES_128_ECB,
- ekt_test_key,
- NULL
+srtp_ekt_policy_ctx_t ekt_test_policy = {
+ 0xa5a5, /* SPI */
+ SRTP_EKT_CIPHER_AES_128_ECB,
+ ekt_test_key,
+ NULL
};
const srtp_policy_t hmac_only_with_ekt_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- {
- NULL_CIPHER, /* cipher type */
- 0, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 20, /* auth key length in octets */
- 4, /* auth tag length in octets */
- sec_serv_auth /* security services flag */
- },
- {
- NULL_CIPHER, /* cipher type */
- 0, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 20, /* auth key length in octets */
- 4, /* auth tag length in octets */
- sec_serv_auth /* security services flag */
- },
- test_key,
- &ekt_test_policy, /* indicates that EKT is not in use */
- 128, /* replay window size */
- 0, /* retransmission not allowed */
- NULL
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ {
+ SRTP_NULL_CIPHER, /* cipher type */
+ 0, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 4, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
+ },
+ {
+ SRTP_NULL_CIPHER, /* cipher type */
+ 0, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 20, /* auth key length in octets */
+ 4, /* auth tag length in octets */
+ sec_serv_auth /* security services flag */
+ },
+ NULL,
+ (srtp_master_key_t **)test_keys,
+ 2, /* indicates the number of Master keys */
+ &ekt_test_policy, /* indicates that EKT is not in use */
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
};
* This array is used to test various aspects of libSRTP for
* different cryptographic policies. The order of the elements
* matters - the timing test generates output that can be used
- * in a plot (see the gnuplot script file 'timing'). If you
+ * in a plot (see the gnuplot script file 'timing'). If you
* add to this list, you should do it at the end.
*/
-#define USE_TMMH 0
-
const srtp_policy_t *
policy_array[] = {
- &hmac_only_policy,
-#if USE_TMMH
- &tmmh_only_policy,
-#endif
- &aes_only_policy,
-#if USE_TMMH
- &aes_tmmh_policy,
-#endif
- &default_policy,
+ &hmac_only_policy,
+ &aes_only_policy,
+ &default_policy,
#ifdef OPENSSL
- &aes128_gcm_8_policy,
- &aes128_gcm_8_cauth_policy,
- &aes256_gcm_8_policy,
- &aes256_gcm_8_cauth_policy,
+ &aes128_gcm_8_policy,
+ &aes128_gcm_8_cauth_policy,
+ &aes256_gcm_8_policy,
+ &aes256_gcm_8_cauth_policy,
#endif
- &null_policy,
- &aes_256_hmac_policy,
- &hmac_only_with_ekt_policy,
- NULL
+ &null_policy,
+ &aes_256_hmac_policy,
+ &hmac_only_with_ekt_policy,
+ NULL
};
const srtp_policy_t wildcard_policy = {
- { ssrc_any_outbound, 0 }, /* SSRC */
- { /* SRTP policy */
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 16, /* auth key length in octets */
- 10, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
- },
- { /* SRTCP policy */
- AES_128_ICM, /* cipher type */
- 30, /* cipher key length in octets */
- HMAC_SHA1, /* authentication func type */
- 16, /* auth key length in octets */
- 10, /* auth tag length in octets */
- sec_serv_conf_and_auth /* security services flag */
- },
- test_key,
- NULL,
- 128, /* replay window size */
- 0, /* retransmission not allowed */
- NULL
+ { ssrc_any_outbound, 0 }, /* SSRC */
+ { /* SRTP policy */
+ SRTP_AES_ICM_128, /* cipher type */
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 16, /* auth key length in octets */
+ 10, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ { /* SRTCP policy */
+ SRTP_AES_ICM_128, /* cipher type */
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */
+ SRTP_HMAC_SHA1, /* authentication func type */
+ 16, /* auth key length in octets */
+ 10, /* auth tag length in octets */
+ sec_serv_conf_and_auth /* security services flag */
+ },
+ test_key,
+ NULL,
+ 0,
+ NULL,
+ 128, /* replay window size */
+ 0, /* retransmission not allowed */
+ NULL, /* no encrypted extension headers */
+ 0, /* list of encrypted extension headers is empty */
+ NULL
};
--- /dev/null
+/*
+ * test_srtp.c
+ *
+ * Unit tests for internal srtp functions
+ *
+ * Cisco Systems, Inc.
+ *
+ */
+
+/*
+ *
+ * Copyright (c) 2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+ * Test specific.
+ */
+#include "cutest.h"
+
+/*
+ * libSRTP specific.
+ */
+#include "../srtp/srtp.c" // Get access to static functions
+
+/*
+ * Standard library.
+ */
+
+/*
+ * Forward declarations for all tests.
+ */
+
+void srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output(void);
+void srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param(void);
+void srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number(void);
+
+/*
+ * NULL terminated array of tests.
+ * The first item in the array is a char[] which give some information about
+ * what is being tested and is displayed to the user during runtime, the second
+ * item is the test function.
+ */
+
+TEST_LIST = {{"srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output()",
+ srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output},
+ {"srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param()",
+ srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param},
+ {"srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number()",
+ srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number},
+ {NULL} /* End of tests */};
+
+/*
+ * Implementation.
+ */
+
+void srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output()
+{
+ // Preconditions
+ srtp_session_keys_t session_keys;
+ v128_t init_vector;
+ srtcp_hdr_t header;
+ uint32_t sequence_num;
+
+ // Postconditions
+ srtp_err_status_t status;
+ const v128_t zero_vector;
+ memset((v128_t *)&zero_vector, 0, sizeof(v128_t));
+
+ // Given
+ memset(&session_keys, 0, sizeof(srtp_session_keys_t));
+ memset(&init_vector, 0, sizeof(v128_t));
+ memset(&header, 0, sizeof(srtcp_hdr_t));
+ sequence_num = 0x0UL;
+
+ // When
+ status = srtp_calc_aead_iv_srtcp(&session_keys, &init_vector, sequence_num,
+ &header);
+
+ // Then
+ TEST_CHECK(status == srtp_err_status_ok);
+ TEST_CHECK(memcmp(&zero_vector, &init_vector, sizeof(v128_t)) == 0);
+}
+
+void srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param()
+{
+ // Preconditions
+ srtp_session_keys_t session_keys;
+ v128_t init_vector;
+ srtcp_hdr_t header;
+ uint32_t sequence_num;
+
+ // Postconditions
+ srtp_err_status_t status;
+
+ // Given
+ memset(&session_keys, 0, sizeof(srtp_session_keys_t));
+ memset(&init_vector, 0, sizeof(v128_t));
+ memset(&header, 0, sizeof(srtcp_hdr_t));
+ sequence_num = 0x7FFFFFFFUL + 0x1UL;
+
+ // When
+ status = srtp_calc_aead_iv_srtcp(&session_keys, &init_vector, sequence_num,
+ &header);
+
+ // Then
+ TEST_CHECK(status == srtp_err_status_bad_param);
+}
+
+/*
+ * Regression test for issue #256:
+ * Srtcp IV calculation incorrectly masks high bit of sequence number for
+ * little-endian platforms.
+ * Ensure that for each valid sequence number where the most significant bit is
+ * high that we get an expected and unique IV.
+ */
+void srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number()
+{
+ // Preconditions
+ // Test each significant bit high in each full byte.
+ #define SAMPLE_COUNT (3)
+ srtp_session_keys_t session_keys;
+ srtcp_hdr_t header;
+ v128_t output_iv[SAMPLE_COUNT];
+ memset(&output_iv, 0, SAMPLE_COUNT * sizeof(v128_t));
+ uint32_t sequence_num[SAMPLE_COUNT];
+ sequence_num[0] = 0xFF;
+ sequence_num[1] = 0xFF00;
+ sequence_num[2] = 0xFF0000;
+
+ // Postconditions
+ v128_t final_iv[SAMPLE_COUNT];
+ memset(&final_iv, 0, SAMPLE_COUNT * sizeof(v128_t));
+ final_iv[0].v8[11] = 0xFF;
+ final_iv[1].v8[10] = 0xFF;
+ final_iv[2].v8[9] = 0xFF;
+
+ // Given
+ memset(&session_keys, 0, sizeof(srtp_session_keys_t));
+ memset(&header, 0, sizeof(srtcp_hdr_t));
+
+ // When
+ size_t i = 0;
+ for (i = 0; i < SAMPLE_COUNT; i++) {
+ TEST_CHECK(srtp_calc_aead_iv_srtcp(&session_keys, &output_iv[i],
+ sequence_num[i], &header)
+ == srtp_err_status_ok);
+ }
+
+ // Then all IVs are as expected
+ for (i = 0; i < SAMPLE_COUNT; i++) {
+ TEST_CHECK(memcmp(&final_iv[i], &output_iv[i], sizeof(v128_t)) == 0);
+ }
+ #undef SAMPLE_COUNT
+}
--- /dev/null
+/*
+ * util.c
+ *
+ * Utilities used by the test apps
+ *
+ * John A. Foley
+ * Cisco Systems, Inc.
+ */
+/*
+ *
+ * Copyright (c) 2014-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "util.h"
+
+#include <string.h>
+#include <stdint.h>
+
+char bit_string[MAX_PRINT_STRING_LEN];
+
+static inline int hex_char_to_nibble (uint8_t c)
+{
+ switch (c) {
+ case ('0'): return 0x0;
+ case ('1'): return 0x1;
+ case ('2'): return 0x2;
+ case ('3'): return 0x3;
+ case ('4'): return 0x4;
+ case ('5'): return 0x5;
+ case ('6'): return 0x6;
+ case ('7'): return 0x7;
+ case ('8'): return 0x8;
+ case ('9'): return 0x9;
+ case ('a'): return 0xa;
+ case ('A'): return 0xa;
+ case ('b'): return 0xb;
+ case ('B'): return 0xb;
+ case ('c'): return 0xc;
+ case ('C'): return 0xc;
+ case ('d'): return 0xd;
+ case ('D'): return 0xd;
+ case ('e'): return 0xe;
+ case ('E'): return 0xe;
+ case ('f'): return 0xf;
+ case ('F'): return 0xf;
+ default: return -1; /* this flags an error */
+ }
+ /* NOTREACHED */
+ return -1; /* this keeps compilers from complaining */
+}
+
+uint8_t nibble_to_hex_char (uint8_t nibble)
+{
+ char buf[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
+ '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
+
+ return buf[nibble & 0xF];
+}
+
+/*
+ * hex_string_to_octet_string converts a hexadecimal string
+ * of length 2 * len to a raw octet string of length len
+ */
+int hex_string_to_octet_string (char *raw, char *hex, int len)
+{
+ uint8_t x;
+ int tmp;
+ int hex_len;
+
+ hex_len = 0;
+ while (hex_len < len) {
+ tmp = hex_char_to_nibble(hex[0]);
+ if (tmp == -1) {
+ return hex_len;
+ }
+ x = (tmp << 4);
+ hex_len++;
+ tmp = hex_char_to_nibble(hex[1]);
+ if (tmp == -1) {
+ return hex_len;
+ }
+ x |= (tmp & 0xff);
+ hex_len++;
+ *raw++ = x;
+ hex += 2;
+ }
+ return hex_len;
+}
+
+char * octet_string_hex_string (const void *s, int length)
+{
+ const uint8_t *str = (const uint8_t*)s;
+ int i;
+
+ /* double length, since one octet takes two hex characters */
+ length *= 2;
+
+ /* truncate string if it would be too long */
+ if (length > MAX_PRINT_STRING_LEN) {
+ length = MAX_PRINT_STRING_LEN - 1;
+ }
+
+ for (i = 0; i < length; i += 2) {
+ bit_string[i] = nibble_to_hex_char(*str >> 4);
+ bit_string[i + 1] = nibble_to_hex_char(*str++ & 0xF);
+ }
+ bit_string[i] = 0; /* null terminate string */
+ return bit_string;
+}
+
+static const char b64chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz0123456789+/";
+
+static int base64_block_to_octet_triple (char *out, char *in)
+{
+ unsigned char sextets[4] = {0};
+ int j = 0;
+ int i;
+
+ for (i = 0; i < 4; i++) {
+ char *p = strchr(b64chars, in[i]);
+ if (p != NULL) {
+ sextets[i] = p - b64chars;
+ } else{ j++; }
+ }
+
+ out[0] = (sextets[0] << 2) | (sextets[1] >> 4);
+ if (j < 2) {
+ out[1] = (sextets[1] << 4) | (sextets[2] >> 2);
+ }
+ if (j < 1) {
+ out[2] = (sextets[2] << 6) | sextets[3];
+ }
+ return j;
+}
+
+int base64_string_to_octet_string (char *out, int *pad, char *in, int len)
+{
+ int k = 0;
+ int i = 0;
+ int j = 0;
+
+ if (len % 4 != 0) {
+ return 0;
+ }
+
+ while (i < len && j == 0) {
+ j = base64_block_to_octet_triple(out + k, in + i);
+ k += 3;
+ i += 4;
+ }
+ *pad = j;
+ return i;
+}
/*
- * rand_source_ossl.c
+ * util.h
*
- * implements a random source based on OpenSSL RAND_bytes()
+ * Utilities used by the test apps
*
- * John A. Foley
+ * John A. Foley
* Cisco Systems, Inc.
*/
/*
*
- * Copyright(c) 2013, Cisco Systems, Inc.
+ * Copyright (c) 2014-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
- * are met:crypto/test/aes_calc.c
+ * are met:
*
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
+#ifndef SRTP_TEST_UTIL_H
+#define SRTP_TEST_UTIL_H
-#include "rand_source.h"
-#include <openssl/rand.h>
+#define MAX_PRINT_STRING_LEN 1024
+int hex_string_to_octet_string(char *raw, char *hex, int len);
+char * octet_string_hex_string(const void *s, int length);
+int base64_string_to_octet_string(char *raw, int *pad, char *base64, int len);
-err_status_t rand_source_init (void)
-{
- return err_status_ok;
-}
-
-err_status_t rand_source_get_octet_string (void *dest, uint32_t len)
-{
- if (RAND_bytes(dest, len) == 1) {
- return err_status_ok;
- } else {
- return err_status_fail;
- }
-}
-
-err_status_t rand_source_deinit (void)
-{
- return err_status_ok;
-}
+#endif
--- /dev/null
+abducing
+acidheads
+acidness
+actons
+admixtures
+affidavit
+agelastic
+alated
+alimentary
+alleviated
+allseed
+annexure
+arragonite
+atonements
+autacoid
+axe
+axon
+ayres
+beathing
+blazonry
+bottom
+braising
+brehon
+brindisi
+broadcasts
+buds
+bulnbulns
+bushcraft
+calamander
+calipee
+casing
+caveat
+chaffings
+citifies
+clappers
+claques
+clavate
+colonial
+colonials
+commonalty
+compares
+consequent
+consumed
+contango
+courtierly
+creamery
+cruddiest
+cue
+cultish
+cumin
+cyclus
+dahlias
+dentitions
+derailers
+devitrify
+dibs
+diphysite
+disjunes
+drolleries
+dubitated
+dupion
+earliness
+eductor
+elenctic
+empresses
+entames
+epaulettes
+epicanthic
+epochal
+estated
+eurhythmic
+exfoliated
+extremity
+fayence
+figgery
+flaming
+foes
+forelays
+forewings
+forfeits
+fratches
+gardened
+gentile
+glumpish
+glyph
+goatherd
+grow
+gulden
+gumming
+hackling
+hanapers
+hared
+hatters
+hectare
+hedger
+heel
+heterodox
+hidden
+histologic
+howe
+inglobe
+inliers
+inuredness
+iotacism
+japed
+jelled
+jiffy
+jollies
+judgeship
+karite
+kart
+kenophobia
+kittens
+lactarian
+lancets
+leasable
+leep
+leming
+licorice
+listing
+lividly
+lobectomy
+lysosome
+madders
+maderizing
+manacle
+mangels
+marshiest
+maulstick
+meliorates
+mercy
+mikados
+monarchise
+moultings
+mucro
+munnions
+mystic
+myxoedemic
+nointing
+nong
+nonsense
+ochidore
+octuor
+officering
+opaqued
+oragious
+outtell
+oxeye
+pads
+palamae
+pansophy
+parazoa
+pepsines
+perimetric
+pheasant
+phonotypy
+pitarah
+plaintful
+poinders
+poke
+politer
+poonces
+populism
+pouty
+praedial
+presence
+prompter
+pummelled
+punishing
+quippish
+radicality
+radiuses
+rebuffing
+recorded
+redips
+regulators
+replay
+retrocedes
+rigors
+risen
+rootstocks
+rotenone
+rudenesses
+ruggedest
+runabout
+ruthfully
+sagacious
+scapes
+sclera
+sclerotium
+scumbering
+secondi
+serial
+shampoo
+showed
+sights
+sirenised
+sized
+slave
+socle
+solidness
+some
+spetches
+spiels
+squiring
+staminode
+stay
+stewpot
+stunsails
+subhumid
+subprogram
+supawn
+surplusage
+swimming
+swineherd
+tabun
+talliths
+taroks
+tensed
+thinnings
+three
+tipper
+toko
+tomahawks
+tombolos
+torpefy
+torulae
+touns
+travails
+tsarist
+unbeseems
+unblamably
+unbooked
+unnailed
+updates
+valorise
+viability
+virtue
+vulturns
+vulvate
+warran
+weakness
+westernise
+whingeings
+wrenching
+written
+yak
+yate
+yaupon
+zendiks
#undef VERSION
#undef PACKAGE
#undef inline
-#include <datatypes.h>
#include <switch_types.h>
#define KALMAN_SYSTEM_MODELS 3 /*loss, jitter, rtt*/
#undef VERSION
#undef PACKAGE
#undef inline
-#include <datatypes.h>
#include <srtp.h>
#include <srtp_priv.h>
#include <switch_ssl.h>
SWITCH_DECLARE(void) switch_rtp_get_random(void *buf, uint32_t len)
{
-#ifdef ENABLE_SRTP
- crypto_get_random(buf, len);
+#ifdef HAVE_OPENSSL
+ RAND_bytes(buf, len);
#else
switch_stun_random_string(buf, len, NULL);
#endif
}
#endif
#ifdef ENABLE_SRTP
- crypto_kernel_shutdown();
+ srtp_crypto_kernel_shutdown();
#endif
}
#else
switch_rtp_crypto_key_t *crypto_key;
srtp_policy_t *policy;
- err_status_t stat;
+ srtp_err_status_t stat;
switch_status_t status = SWITCH_STATUS_SUCCESS;
switch_channel_t *channel = switch_core_session_get_channel(rtp_session->session);
switch (crypto_key->type) {
case AES_CM_128_HMAC_SHA1_80:
- crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy->rtp);
- crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy->rtcp);
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy->rtp);
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy->rtcp);
if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_OUTBOUND) {
switch_channel_set_variable(channel, "rtp_has_crypto", "AES_CM_128_HMAC_SHA1_80");
}
break;
case AES_CM_128_HMAC_SHA1_32:
- crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy->rtp);
- crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy->rtcp);
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&policy->rtp);
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(&policy->rtcp);
if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_OUTBOUND) {
break;
case AEAD_AES_256_GCM_8:
- crypto_policy_set_aes_gcm_256_8_auth(&policy->rtp);
- crypto_policy_set_aes_gcm_256_8_auth(&policy->rtcp);
+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy->rtp);
+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy->rtcp);
if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_OUTBOUND) {
switch_channel_set_variable(channel, "rtp_has_crypto", "AEAD_AES_256_GCM_8");
break;
case AEAD_AES_128_GCM_8:
- crypto_policy_set_aes_gcm_128_8_auth(&policy->rtp);
- crypto_policy_set_aes_gcm_128_8_auth(&policy->rtcp);
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy->rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy->rtcp);
if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_OUTBOUND) {
switch_channel_set_variable(channel, "rtp_has_crypto", "AEAD_AES_128_GCM_8");
break;
case AES_CM_256_HMAC_SHA1_80:
- crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy->rtp);
- crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy->rtcp);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy->rtp);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy->rtcp);
if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_OUTBOUND) {
switch_channel_set_variable(channel, "rtp_has_crypto", "AES_CM_256_HMAC_SHA1_80");
}
break;
case AES_CM_128_NULL_AUTH:
- crypto_policy_set_aes_cm_128_null_auth(&policy->rtp);
- crypto_policy_set_aes_cm_128_null_auth(&policy->rtcp);
+ srtp_crypto_policy_set_aes_cm_128_null_auth(&policy->rtp);
+ srtp_crypto_policy_set_aes_cm_128_null_auth(&policy->rtcp);
if (switch_channel_direction(channel) == SWITCH_CALL_DIRECTION_OUTBOUND) {
switch_channel_set_variable(channel, "rtp_has_crypto", "AES_CM_128_NULL_AUTH");
#ifdef ENABLE_SRTP
if (rtp_session->flags[SWITCH_RTP_FLAG_SECURE_RECV]) {
int sbytes = (int) *bytes;
- err_status_t stat = 0;
+ srtp_err_status_t stat = 0;
if ((stat = srtp_unprotect_rtcp(rtp_session->recv_ctx[rtp_session->srtp_idx_rtcp], &rtp_session->rtcp_recv_msg_p->header, &sbytes))) {
rtp_session->last_rtp_hdr.pt == rtp_session->cng_pt)) {
//if (rtp_session->flags[SWITCH_RTP_FLAG_SECURE_RECV] && (!rtp_session->ice.ice_user || rtp_session->has_rtp)) {
int sbytes = (int) *bytes;
- err_status_t stat = 0;
+ srtp_err_status_t stat = 0;
if (rtp_session->flags[SWITCH_RTP_FLAG_SECURE_RECV_RESET] || !rtp_session->recv_ctx[rtp_session->srtp_idx_rtp]) {
switch_rtp_clear_flag(rtp_session, SWITCH_RTP_FLAG_SECURE_RECV_RESET);
if (!(*flags & SFF_PLC)) {
stat = srtp_unprotect(rtp_session->recv_ctx[rtp_session->srtp_idx_rtp], &rtp_session->recv_msg.header, &sbytes);
- if (rtp_session->flags[SWITCH_RTP_FLAG_NACK] && stat == err_status_replay_fail) {
+ if (rtp_session->flags[SWITCH_RTP_FLAG_NACK] && stat == srtp_err_status_replay_fail) {
/* false alarm nack */
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(rtp_session->session), SWITCH_LOG_DEBUG1, "REPLAY ERR, FALSE NACK\n");
stat = 0;
int errs = ++rtp_session->srtp_errs[rtp_session->srtp_idx_rtp];
if (stat != 10) {
char *msg;
- if (stat == err_status_replay_fail) msg="replay check failed";
- else if (stat == err_status_auth_fail) msg="auth check failed";
+ if (stat == srtp_err_status_replay_fail) msg="replay check failed";
+ else if (stat == srtp_err_status_auth_fail) msg="auth check failed";
else msg="";
if (errs >= MAX_SRTP_ERRS) {
switch_channel_t *channel = switch_core_session_get_channel(rtp_session->session);
if (rtp_session->flags[SWITCH_RTP_FLAG_SECURE_RECV] && rtp_session->rtcp_recv_msg_p->header.version == 2) {
//if (rtp_session->flags[SWITCH_RTP_FLAG_SECURE_RECV] && (!rtp_session->ice.ice_user || rtp_session->rtcp_recv_msg_p->header.version == 2)) {
int sbytes = (int) *bytes;
- err_status_t stat = 0;
+ srtp_err_status_t stat = 0;
if ((stat = srtp_unprotect_rtcp(rtp_session->recv_ctx[rtp_session->srtp_idx_rtcp], &rtp_session->rtcp_recv_msg_p->header, &sbytes))) {
#ifdef ENABLE_SRTP
if (rtp_session->flags[SWITCH_RTP_FLAG_SECURE_SEND]) {
int sbytes = (int) bytes;
- err_status_t stat;
+ srtp_err_status_t stat;
if (rtp_session->flags[SWITCH_RTP_FLAG_SECURE_SEND_RESET] || !rtp_session->send_ctx[rtp_session->srtp_idx_rtp]) {
if (rtp_session->flags[SWITCH_RTP_FLAG_SECURE_SEND]) {
int sbytes = (int) *bytes;
- err_status_t stat;
+ srtp_err_status_t stat;
if (rtp_session->flags[SWITCH_RTP_FLAG_SECURE_SEND_RESET]) {
switch_rtp_clear_flag(rtp_session, SWITCH_RTP_FLAG_SECURE_SEND_RESET);
projects / thirdparty / freeswitch.git / commitdiff
