Changeset 5614
- Timestamp:
- Jul 4, 2017 5:22:51 AM (7 years ago)
- Location:
- pjproject/trunk
- Files:
-
- 1 added
- 39 deleted
- 60 edited
Legend:
- Unmodified
- Added
- Removed
-
pjproject/trunk/pjmedia/src/pjmedia/transport_srtp.c
r5602 r5614 75 75 static const pj_str_t ID_CRYPTO = { "crypto", 6 }; 76 76 77 typedef void (*crypto_method_t)( crypto_policy_t *policy);77 typedef void (*crypto_method_t)(srtp_crypto_policy_t *policy); 78 78 79 79 typedef struct crypto_suite 80 80 { 81 81 char *name; 82 cipher_type_id_tcipher_type;82 srtp_cipher_type_id_t cipher_type; 83 83 unsigned cipher_key_len; /* key + salt length */ 84 84 unsigned cipher_salt_len; /* salt only length */ 85 auth_type_id_t auth_type;85 srtp_auth_type_id_t auth_type; 86 86 unsigned auth_key_len; 87 87 unsigned srtp_auth_tag_len; 88 88 unsigned srtcp_auth_tag_len; 89 s ec_serv_tservice;89 srtp_sec_serv_t service; 90 90 /* This is an attempt to validate crypto support by libsrtp, i.e: it should 91 91 * raise linking error if the libsrtp does not support the crypto. 92 92 */ 93 cipher_type_t*ext_cipher_type;93 srtp_cipher_type_t *ext_cipher_type; 94 94 crypto_method_t ext_crypto_method; 95 95 } crypto_suite; 96 96 97 extern cipher_type_taes_gcm_256_openssl;98 extern cipher_type_taes_gcm_128_openssl;99 extern cipher_type_taes_icm_192;97 extern srtp_cipher_type_t srtp_aes_gcm_256_openssl; 98 extern srtp_cipher_type_t srtp_aes_gcm_128_openssl; 99 extern srtp_cipher_type_t srtp_aes_icm_192; 100 100 101 101 /* https://www.iana.org/assignments/sdp-security-descriptions/sdp-security-descriptions.xhtml */ 102 102 static crypto_suite crypto_suites[] = { 103 103 /* plain RTP/RTCP (no cipher & no auth) */ 104 {"NULL", NULL_CIPHER, 0,NULL_AUTH, 0, 0, 0, sec_serv_none},104 {"NULL", SRTP_NULL_CIPHER, 0, SRTP_NULL_AUTH, 0, 0, 0, sec_serv_none}, 105 105 106 106 #if defined(PJMEDIA_SRTP_HAS_AES_GCM_256)&&(PJMEDIA_SRTP_HAS_AES_GCM_256!=0) 107 107 108 108 /* cipher AES_GCM, NULL auth, auth tag len = 16 octets */ 109 {"AEAD_AES_256_GCM", AES_256_GCM, 44, 12, 110 NULL_AUTH, 0, 16, 16, sec_serv_conf_and_auth, &aes_gcm_256_openssl}, 109 {"AEAD_AES_256_GCM", SRTP_AES_GCM_256, 44, 12, 110 SRTP_NULL_AUTH, 0, 16, 16, sec_serv_conf_and_auth, 111 &srtp_aes_gcm_256_openssl}, 111 112 112 113 /* cipher AES_GCM, NULL auth, auth tag len = 8 octets */ 113 {"AEAD_AES_256_GCM_8", AES_256_GCM, 44, 12, 114 NULL_AUTH, 0, 8, 8, sec_serv_conf_and_auth, &aes_gcm_256_openssl}, 114 {"AEAD_AES_256_GCM_8", SRTP_AES_GCM_256, 44, 12, 115 SRTP_NULL_AUTH, 0, 8, 8, sec_serv_conf_and_auth, 116 &srtp_aes_gcm_256_openssl}, 115 117 #endif 116 118 #if defined(PJMEDIA_SRTP_HAS_AES_CM_256)&&(PJMEDIA_SRTP_HAS_AES_CM_256!=0) 117 119 118 /* cipher AES_CM_256, auth HMAC_SHA1, auth tag len = 10 octets */119 {"AES_256_CM_HMAC_SHA1_80", AES_ICM, 46, 14, HMAC_SHA1, 20, 10, 10,120 sec_serv_conf_and_auth, NULL,121 &crypto_policy_set_aes_cm_256_hmac_sha1_80},122 123 /* cipher AES_CM_256, auth HMAC_SHA1, auth tag len = 10 octets */124 {"AES_256_CM_HMAC_SHA1_32", AES_ICM, 46, 14, HMAC_SHA1, 20, 4, 10,125 sec_serv_conf_and_auth, NULL,126 &crypto_policy_set_aes_cm_256_hmac_sha1_32},120 /* cipher AES_CM_256, auth SRTP_HMAC_SHA1, auth tag len = 10 octets */ 121 {"AES_256_CM_HMAC_SHA1_80", SRTP_AES_ICM_256, 46, 14, 122 SRTP_HMAC_SHA1, 20, 10, 10, sec_serv_conf_and_auth, 123 NULL, &srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80}, 124 125 /* cipher AES_CM_256, auth SRTP_HMAC_SHA1, auth tag len = 10 octets */ 126 {"AES_256_CM_HMAC_SHA1_32", SRTP_AES_ICM_256, 46, 14, 127 SRTP_HMAC_SHA1, 20, 4, 10, sec_serv_conf_and_auth, 128 NULL, &srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32}, 127 129 #endif 128 130 #if defined(PJMEDIA_SRTP_HAS_AES_CM_192)&&(PJMEDIA_SRTP_HAS_AES_CM_192!=0) 129 131 130 /* cipher AES_CM_192, auth HMAC_SHA1, auth tag len = 10 octets */ 131 {"AES_192_CM_HMAC_SHA1_80", AES_ICM, 38, 14, HMAC_SHA1, 20, 10, 10, 132 sec_serv_conf_and_auth, &aes_icm_192}, 133 134 /* cipher AES_CM_192, auth HMAC_SHA1, auth tag len = 4 octets */ 135 {"AES_192_CM_HMAC_SHA1_32", AES_ICM, 38, 14, HMAC_SHA1, 20, 4, 10, 136 sec_serv_conf_and_auth, &aes_icm_192}, 132 /* cipher AES_CM_192, auth SRTP_HMAC_SHA1, auth tag len = 10 octets */ 133 {"AES_192_CM_HMAC_SHA1_80", SRTP_AES_ICM_192, 38, 14, 134 SRTP_HMAC_SHA1, 20, 10, 10, sec_serv_conf_and_auth, 135 &srtp_aes_icm_192}, 136 137 /* cipher AES_CM_192, auth SRTP_HMAC_SHA1, auth tag len = 4 octets */ 138 {"AES_192_CM_HMAC_SHA1_32", SRTP_AES_ICM_192, 38, 14, 139 SRTP_HMAC_SHA1, 20, 4, 10, sec_serv_conf_and_auth, 140 &srtp_aes_icm_192}, 137 141 #endif 138 142 #if defined(PJMEDIA_SRTP_HAS_AES_GCM_128)&&(PJMEDIA_SRTP_HAS_AES_GCM_128!=0) 139 143 140 144 /* cipher AES_GCM, NULL auth, auth tag len = 16 octets */ 141 {"AEAD_AES_128_GCM", AES_128_GCM, 28, 12, 142 NULL_AUTH, 0, 16, 16, sec_serv_conf_and_auth, &aes_gcm_128_openssl}, 145 {"AEAD_AES_128_GCM", SRTP_AES_GCM_128, 28, 12, 146 SRTP_NULL_AUTH, 0, 16, 16, sec_serv_conf_and_auth, 147 &srtp_aes_gcm_128_openssl}, 143 148 144 149 /* cipher AES_GCM, NULL auth, auth tag len = 8 octets */ 145 {"AEAD_AES_128_GCM_8", AES_128_GCM, 28, 12, 146 NULL_AUTH, 0, 8, 8, sec_serv_conf_and_auth, &aes_gcm_128_openssl}, 150 {"AEAD_AES_128_GCM_8", SRTP_AES_GCM_128, 28, 12, 151 SRTP_NULL_AUTH, 0, 8, 8, sec_serv_conf_and_auth, 152 &srtp_aes_gcm_128_openssl}, 147 153 #endif 148 154 #if defined(PJMEDIA_SRTP_HAS_AES_CM_128)&&(PJMEDIA_SRTP_HAS_AES_CM_128!=0) 149 155 150 /* cipher AES_CM_128, auth HMAC_SHA1, auth tag len = 10 octets */151 {"AES_CM_128_HMAC_SHA1_80", AES_ICM, 30, 14, HMAC_SHA1, 20, 10, 10,152 sec_serv_conf_and_auth},153 154 /* cipher AES_CM_128, auth HMAC_SHA1, auth tag len = 4 octets */155 {"AES_CM_128_HMAC_SHA1_32", AES_ICM, 30, 14, HMAC_SHA1, 20, 4, 10,156 sec_serv_conf_and_auth},156 /* cipher AES_CM_128, auth SRTP_HMAC_SHA1, auth tag len = 10 octets */ 157 {"AES_CM_128_HMAC_SHA1_80", SRTP_AES_ICM_128, 30, 14, 158 SRTP_HMAC_SHA1, 20, 10, 10, sec_serv_conf_and_auth}, 159 160 /* cipher AES_CM_128, auth SRTP_HMAC_SHA1, auth tag len = 4 octets */ 161 {"AES_CM_128_HMAC_SHA1_32", SRTP_AES_ICM_128, 30, 14, 162 SRTP_HMAC_SHA1, 20, 4, 10, sec_serv_conf_and_auth}, 157 163 #endif 158 164 … … 346 352 #if defined(PJ_HAS_ERROR_STRING) && (PJ_HAS_ERROR_STRING != 0) 347 353 static char *liberr[] = { 348 "ok", /* err_status_ok= 0 */354 "ok", /* srtp_err_status_ok = 0 */ 349 355 "unspecified failure", /* err_status_fail = 1 */ 350 356 "unsupported parameter", /* err_status_bad_param = 2 */ … … 413 419 /* Init libsrtp */ 414 420 { 415 err_status_t err;421 srtp_err_status_t err; 416 422 417 423 err = srtp_init(); 418 if (err != err_status_ok) {424 if (err != srtp_err_status_ok) { 419 425 PJ_LOG(4, (THIS_FILE, "Failed to initialize libsrtp: %s", 420 426 get_libsrtp_errstr(err))); … … 445 451 static void pjmedia_srtp_deinit_lib(pjmedia_endpt *endpt) 446 452 { 447 err_status_t err;453 srtp_err_status_t err; 448 454 449 455 /* Note that currently this SRTP init/deinit is not equipped with … … 467 473 err = srtp_shutdown(); 468 474 # else 469 err = err_status_ok;475 err = srtp_err_status_ok; 470 476 # endif 471 if (err != err_status_ok) {477 if (err != srtp_err_status_ok) { 472 478 PJ_LOG(4, (THIS_FILE, "Failed to deinitialize libsrtp: %s", 473 479 get_libsrtp_errstr(err))); … … 680 686 srtp_policy_t tx_; 681 687 srtp_policy_t rx_; 682 err_status_terr;688 srtp_err_status_t err; 683 689 int cr_tx_idx = 0; 684 690 int au_tx_idx = 0; … … 753 759 tx_.next = NULL; 754 760 err = srtp_create(&srtp->srtp_tx_ctx, &tx_); 755 if (err != err_status_ok) {761 if (err != srtp_err_status_ok) { 756 762 status = PJMEDIA_ERRNO_FROM_LIBSRTP(err); 757 763 goto on_return; … … 786 792 rx_.next = NULL; 787 793 err = srtp_create(&srtp->srtp_rx_ctx, &rx_); 788 if (err != err_status_ok) {794 if (err != srtp_err_status_ok) { 789 795 srtp_dealloc(srtp->srtp_tx_ctx); 790 796 status = PJMEDIA_ERRNO_FROM_LIBSRTP(err); … … 851 857 { 852 858 transport_srtp *p_srtp = (transport_srtp*) srtp; 853 err_status_t err;859 srtp_err_status_t err; 854 860 855 861 PJ_ASSERT_RETURN(srtp, PJ_EINVAL); … … 863 869 864 870 err = srtp_dealloc(p_srtp->srtp_rx_ctx); 865 if (err != err_status_ok) {871 if (err != srtp_err_status_ok) { 866 872 PJ_LOG(4, (p_srtp->pool->obj_name, 867 873 "Failed to dealloc RX SRTP context: %s", … … 869 875 } 870 876 err = srtp_dealloc(p_srtp->srtp_tx_ctx); 871 if (err != err_status_ok) {877 if (err != srtp_err_status_ok) { 872 878 PJ_LOG(4, (p_srtp->pool->obj_name, 873 879 "Failed to dealloc TX SRTP context: %s", … … 1032 1038 transport_srtp *srtp = (transport_srtp*) tp; 1033 1039 int len = (int)size; 1034 err_status_t err;1040 srtp_err_status_t err; 1035 1041 1036 1042 if (srtp->bypass_srtp) … … 1050 1056 pj_lock_release(srtp->mutex); 1051 1057 1052 if (err == err_status_ok) {1058 if (err == srtp_err_status_ok) { 1053 1059 status = pjmedia_transport_send_rtp(srtp->member_tp, 1054 1060 srtp->rtp_tx_buffer, len); … … 1076 1082 transport_srtp *srtp = (transport_srtp*) tp; 1077 1083 int len = (int)size; 1078 err_status_t err;1084 srtp_err_status_t err; 1079 1085 1080 1086 if (srtp->bypass_srtp) { … … 1096 1102 pj_lock_release(srtp->mutex); 1097 1103 1098 if (err == err_status_ok) {1104 if (err == srtp_err_status_ok) { 1099 1105 status = pjmedia_transport_send_rtcp2(srtp->member_tp, addr, addr_len, 1100 1106 srtp->rtcp_tx_buffer, len); … … 1154 1160 transport_srtp *srtp = (transport_srtp *) user_data; 1155 1161 int len = size; 1156 err_status_t err;1162 srtp_err_status_t err; 1157 1163 void (*cb)(void*, void*, pj_ssize_t) = NULL; 1158 1164 void *cb_data = NULL; … … 1201 1207 err = srtp_unprotect(srtp->srtp_rx_ctx, (pj_uint8_t*)pkt, &len); 1202 1208 if (srtp->probation_cnt > 0 && 1203 (err == err_status_replay_old || err == err_status_replay_fail)) 1209 (err == srtp_err_status_replay_old || 1210 err == srtp_err_status_replay_fail)) 1204 1211 { 1205 1212 /* Handle such condition that stream is updated (RTP seq is reinited … … 1224 1231 } 1225 1232 1226 if (err != err_status_ok) {1233 if (err != srtp_err_status_ok) { 1227 1234 PJ_LOG(5,(srtp->pool->obj_name, 1228 1235 "Failed to unprotect SRTP, pkt size=%d, err=%s", … … 1247 1254 transport_srtp *srtp = (transport_srtp *) user_data; 1248 1255 int len = size; 1249 err_status_t err;1256 srtp_err_status_t err; 1250 1257 void (*cb)(void*, void*, pj_ssize_t) = NULL; 1251 1258 void *cb_data = NULL; … … 1270 1277 } 1271 1278 err = srtp_unprotect_rtcp(srtp->srtp_rx_ctx, (pj_uint8_t*)pkt, &len); 1272 if (err != err_status_ok) {1279 if (err != srtp_err_status_ok) { 1273 1280 PJ_LOG(5,(srtp->pool->obj_name, 1274 1281 "Failed to unprotect SRTCP, pkt size=%d, err=%s", … … 1511 1518 { 1512 1519 transport_srtp *srtp = (transport_srtp *)tp; 1513 err_status_t err;1520 srtp_err_status_t err; 1514 1521 1515 1522 if (srtp->bypass_srtp) … … 1534 1541 err = srtp_unprotect_rtcp(srtp->srtp_rx_ctx, pkt, pkt_len); 1535 1542 1536 if (err != err_status_ok) {1543 if (err != srtp_err_status_ok) { 1537 1544 PJ_LOG(5,(srtp->pool->obj_name, 1538 1545 "Failed to unprotect SRTP, pkt size=%d, err=%s", … … 1542 1549 pj_lock_release(srtp->mutex); 1543 1550 1544 return (err==err_status_ok) ? PJ_SUCCESS : PJMEDIA_ERRNO_FROM_LIBSRTP(err); 1545 } 1546 1547 #endif 1548 1549 1551 return (err==srtp_err_status_ok) ? PJ_SUCCESS : 1552 PJMEDIA_ERRNO_FROM_LIBSRTP(err); 1553 } 1554 1555 #endif 1556 1557 -
pjproject/trunk/pjmedia/src/pjmedia/transport_srtp_dtls.c
r5598 r5614 893 893 pj_assert(ds); 894 894 895 PJ_UNUSED_ARG(tp); 896 895 897 if (op == PJ_ICE_STRANS_OP_NEGOTIATION && status == PJ_SUCCESS && 896 898 ds->setup == DTLS_SETUP_ACTIVE) … … 982 984 #endif 983 985 986 PJ_UNUSED_ARG(sdp_pool); 987 PJ_UNUSED_ARG(options); 988 984 989 if (ds->srtp->offerer_side) { 985 990 /* As offerer: do nothing. */ … … 1033 1038 PJ_LOG(2,(ds->base.name, "dtls_encode_sdp()")); 1034 1039 #endif 1040 1041 PJ_UNUSED_ARG(sdp_pool); 1035 1042 1036 1043 m_rem = sdp_remote ? sdp_remote->media[media_index] : NULL; … … 1184 1191 PJ_LOG(2,(ds->base.name, "dtls_media_start()")); 1185 1192 #endif 1193 1194 PJ_UNUSED_ARG(tmp_pool); 1186 1195 1187 1196 m_rem = sdp_remote->media[media_index]; -
pjproject/trunk/pjmedia/src/pjmedia/transport_srtp_sdes.c
r5597 r5614 32 32 #endif 33 33 34 35 #include <pj/rand.h> 36 37 34 38 static pj_status_t sdes_media_create(pjmedia_transport *tp, 35 39 pj_pool_t *sdp_pool, … … 112 116 pj_bool_t key_ok; 113 117 char key[MAX_KEY_LEN]; 114 err_status_t err;115 118 unsigned i; 116 119 … … 119 122 120 123 do { 121 key_ok = PJ_TRUE;122 123 124 124 #if defined(PJ_HAS_SSL_SOCK) && (PJ_HAS_SSL_SOCK != 0) 125 err = RAND_bytes((unsigned char*)key,126 125 int err = RAND_bytes((unsigned char*)key, 126 crypto_suites[cs_idx].cipher_key_len); 127 127 if (err != 1) { 128 128 PJ_LOG(5,(THIS_FILE, "Failed generating random key")); 129 129 return PJMEDIA_ERRNO_FROM_LIBSRTP(1); 130 130 } 131 #else 132 err = crypto_get_random((unsigned char*)key, 133 crypto_suites[cs_idx].cipher_key_len); 134 if (err != err_status_ok) { 135 PJ_LOG(5,(THIS_FILE, "Failed generating random key: %s", 136 get_libsrtp_errstr(err))); 137 return PJMEDIA_ERRNO_FROM_LIBSRTP(err); 138 } 131 #else 132 PJ_LOG(3,(THIS_FILE, "Warning: simple random generator is used " 133 "for generating SRTP key")); 134 for (i=0; i<crypto_suites[cs_idx].cipher_key_len; ++i) 135 key[i] = (char)(pj_rand() & 0xFF); 139 136 #endif 137 138 key_ok = PJ_TRUE; 140 139 for (i=0; i<crypto_suites[cs_idx].cipher_key_len && key_ok; ++i) 141 140 if (key[i] == 0) key_ok = PJ_FALSE; … … 267 266 { 268 267 struct transport_srtp *srtp = (struct transport_srtp*)tp->user_data; 268 269 PJ_UNUSED_ARG(options); 270 PJ_UNUSED_ARG(sdp_pool); 269 271 270 272 /* Validations */ -
pjproject/trunk/pjsip-apps/build/pjsua.vcproj
r4537 r5614 12 12 /> 13 13 <Platform 14 Name="x64" 15 /> 16 <Platform 14 17 Name="Pocket PC 2003 (ARMV4)" 15 18 /> 16 19 <Platform 17 20 Name="Smartphone 2003 (ARMV4)" 18 />19 <Platform20 Name="x64"21 21 /> 22 22 <Platform … … 104 104 </Configuration> 105 105 <Configuration 106 Name="Release|x64" 107 ConfigurationType="1" 108 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\build\vs\pjproject-vs8-win64-release-defaults.vsprops" 109 UseOfMFC="0" 110 ATLMinimizesCRunTimeLibraryUsage="false" 111 CharacterSet="2" 112 > 113 <Tool 114 Name="VCPreBuildEventTool" 115 /> 116 <Tool 117 Name="VCCustomBuildTool" 118 /> 119 <Tool 120 Name="VCXMLDataGeneratorTool" 121 /> 122 <Tool 123 Name="VCWebServiceProxyGeneratorTool" 124 /> 125 <Tool 126 Name="VCMIDLTool" 127 TargetEnvironment="3" 128 /> 129 <Tool 130 Name="VCCLCompilerTool" 131 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include" 132 PreprocessorDefinitions="_CONSOLE;" 133 PrecompiledHeaderFile="" 134 /> 135 <Tool 136 Name="VCManagedResourceCompilerTool" 137 /> 138 <Tool 139 Name="VCResourceCompilerTool" 140 /> 141 <Tool 142 Name="VCPreLinkEventTool" 143 /> 144 <Tool 145 Name="VCLinkerTool" 146 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib" 147 TargetMachine="17" 148 /> 149 <Tool 150 Name="VCALinkTool" 151 /> 152 <Tool 153 Name="VCManifestTool" 154 /> 155 <Tool 156 Name="VCXDCMakeTool" 157 /> 158 <Tool 159 Name="VCBscMakeTool" 160 /> 161 <Tool 162 Name="VCFxCopTool" 163 /> 164 <Tool 165 Name="VCAppVerifierTool" 166 /> 167 <Tool 168 Name="VCWebDeploymentTool" 169 /> 170 <Tool 171 Name="VCPostBuildEventTool" 172 /> 173 </Configuration> 174 <Configuration 175 Name="Debug|Win32" 176 ConfigurationType="1" 177 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\build\vs\pjproject-vs8-win32-common-defaults.vsprops" 178 UseOfMFC="0" 179 ATLMinimizesCRunTimeLibraryUsage="false" 180 CharacterSet="2" 181 > 182 <Tool 183 Name="VCPreBuildEventTool" 184 /> 185 <Tool 186 Name="VCCustomBuildTool" 187 /> 188 <Tool 189 Name="VCXMLDataGeneratorTool" 190 /> 191 <Tool 192 Name="VCWebServiceProxyGeneratorTool" 193 /> 194 <Tool 195 Name="VCMIDLTool" 196 /> 197 <Tool 198 Name="VCCLCompilerTool" 199 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include" 200 PreprocessorDefinitions="_CONSOLE;" 201 PrecompiledHeaderFile="" 202 /> 203 <Tool 204 Name="VCManagedResourceCompilerTool" 205 /> 206 <Tool 207 Name="VCResourceCompilerTool" 208 /> 209 <Tool 210 Name="VCPreLinkEventTool" 211 /> 212 <Tool 213 Name="VCLinkerTool" 214 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib" 215 IgnoreDefaultLibraryNames="msvcrt.lib" 216 /> 217 <Tool 218 Name="VCALinkTool" 219 /> 220 <Tool 221 Name="VCManifestTool" 222 /> 223 <Tool 224 Name="VCXDCMakeTool" 225 /> 226 <Tool 227 Name="VCBscMakeTool" 228 /> 229 <Tool 230 Name="VCFxCopTool" 231 /> 232 <Tool 233 Name="VCAppVerifierTool" 234 /> 235 <Tool 236 Name="VCWebDeploymentTool" 237 /> 238 <Tool 239 Name="VCPostBuildEventTool" 240 /> 241 </Configuration> 242 <Configuration 243 Name="Debug|x64" 244 ConfigurationType="1" 245 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\build\vs\pjproject-vs8-win64-common-defaults.vsprops" 246 UseOfMFC="0" 247 ATLMinimizesCRunTimeLibraryUsage="false" 248 CharacterSet="2" 249 > 250 <Tool 251 Name="VCPreBuildEventTool" 252 /> 253 <Tool 254 Name="VCCustomBuildTool" 255 /> 256 <Tool 257 Name="VCXMLDataGeneratorTool" 258 /> 259 <Tool 260 Name="VCWebServiceProxyGeneratorTool" 261 /> 262 <Tool 263 Name="VCMIDLTool" 264 TargetEnvironment="3" 265 /> 266 <Tool 267 Name="VCCLCompilerTool" 268 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include" 269 PreprocessorDefinitions="_CONSOLE;" 270 PrecompiledHeaderFile="" 271 DebugInformationFormat="3" 272 /> 273 <Tool 274 Name="VCManagedResourceCompilerTool" 275 /> 276 <Tool 277 Name="VCResourceCompilerTool" 278 /> 279 <Tool 280 Name="VCPreLinkEventTool" 281 /> 282 <Tool 283 Name="VCLinkerTool" 284 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib" 285 IgnoreDefaultLibraryNames="msvcrt.lib" 286 TargetMachine="17" 287 /> 288 <Tool 289 Name="VCALinkTool" 290 /> 291 <Tool 292 Name="VCManifestTool" 293 /> 294 <Tool 295 Name="VCXDCMakeTool" 296 /> 297 <Tool 298 Name="VCBscMakeTool" 299 /> 300 <Tool 301 Name="VCFxCopTool" 302 /> 303 <Tool 304 Name="VCAppVerifierTool" 305 /> 306 <Tool 307 Name="VCWebDeploymentTool" 308 /> 309 <Tool 310 Name="VCPostBuildEventTool" 311 /> 312 </Configuration> 313 <Configuration 314 Name="Debug-Static|Win32" 315 ConfigurationType="1" 316 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\build\vs\pjproject-vs8-win32-common-defaults.vsprops" 317 UseOfMFC="0" 318 ATLMinimizesCRunTimeLibraryUsage="false" 319 CharacterSet="2" 320 > 321 <Tool 322 Name="VCPreBuildEventTool" 323 /> 324 <Tool 325 Name="VCCustomBuildTool" 326 /> 327 <Tool 328 Name="VCXMLDataGeneratorTool" 329 /> 330 <Tool 331 Name="VCWebServiceProxyGeneratorTool" 332 /> 333 <Tool 334 Name="VCMIDLTool" 335 /> 336 <Tool 337 Name="VCCLCompilerTool" 338 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include" 339 PreprocessorDefinitions="_CONSOLE;" 340 PrecompiledHeaderFile="" 341 /> 342 <Tool 343 Name="VCManagedResourceCompilerTool" 344 /> 345 <Tool 346 Name="VCResourceCompilerTool" 347 /> 348 <Tool 349 Name="VCPreLinkEventTool" 350 /> 351 <Tool 352 Name="VCLinkerTool" 353 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib" 354 /> 355 <Tool 356 Name="VCALinkTool" 357 /> 358 <Tool 359 Name="VCManifestTool" 360 /> 361 <Tool 362 Name="VCXDCMakeTool" 363 /> 364 <Tool 365 Name="VCBscMakeTool" 366 /> 367 <Tool 368 Name="VCFxCopTool" 369 /> 370 <Tool 371 Name="VCAppVerifierTool" 372 /> 373 <Tool 374 Name="VCWebDeploymentTool" 375 /> 376 <Tool 377 Name="VCPostBuildEventTool" 378 /> 379 </Configuration> 380 <Configuration 381 Name="Debug-Static|x64" 382 ConfigurationType="1" 383 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\build\vs\pjproject-vs8-win64-common-defaults.vsprops" 384 UseOfMFC="0" 385 ATLMinimizesCRunTimeLibraryUsage="false" 386 CharacterSet="2" 387 > 388 <Tool 389 Name="VCPreBuildEventTool" 390 /> 391 <Tool 392 Name="VCCustomBuildTool" 393 /> 394 <Tool 395 Name="VCXMLDataGeneratorTool" 396 /> 397 <Tool 398 Name="VCWebServiceProxyGeneratorTool" 399 /> 400 <Tool 401 Name="VCMIDLTool" 402 TargetEnvironment="3" 403 /> 404 <Tool 405 Name="VCCLCompilerTool" 406 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include" 407 PreprocessorDefinitions="_CONSOLE;" 408 PrecompiledHeaderFile="" 409 DebugInformationFormat="3" 410 /> 411 <Tool 412 Name="VCManagedResourceCompilerTool" 413 /> 414 <Tool 415 Name="VCResourceCompilerTool" 416 /> 417 <Tool 418 Name="VCPreLinkEventTool" 419 /> 420 <Tool 421 Name="VCLinkerTool" 422 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib" 423 TargetMachine="17" 424 /> 425 <Tool 426 Name="VCALinkTool" 427 /> 428 <Tool 429 Name="VCManifestTool" 430 /> 431 <Tool 432 Name="VCXDCMakeTool" 433 /> 434 <Tool 435 Name="VCBscMakeTool" 436 /> 437 <Tool 438 Name="VCFxCopTool" 439 /> 440 <Tool 441 Name="VCAppVerifierTool" 442 /> 443 <Tool 444 Name="VCWebDeploymentTool" 445 /> 446 <Tool 447 Name="VCPostBuildEventTool" 448 /> 449 </Configuration> 450 <Configuration 451 Name="Release-Dynamic|Win32" 452 ConfigurationType="1" 453 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\build\vs\pjproject-vs8-win32-release-defaults.vsprops" 454 UseOfMFC="0" 455 ATLMinimizesCRunTimeLibraryUsage="false" 456 CharacterSet="2" 457 > 458 <Tool 459 Name="VCPreBuildEventTool" 460 /> 461 <Tool 462 Name="VCCustomBuildTool" 463 /> 464 <Tool 465 Name="VCXMLDataGeneratorTool" 466 /> 467 <Tool 468 Name="VCWebServiceProxyGeneratorTool" 469 /> 470 <Tool 471 Name="VCMIDLTool" 472 /> 473 <Tool 474 Name="VCCLCompilerTool" 475 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include" 476 PreprocessorDefinitions="_CONSOLE;" 477 PrecompiledHeaderFile="" 478 /> 479 <Tool 480 Name="VCManagedResourceCompilerTool" 481 /> 482 <Tool 483 Name="VCResourceCompilerTool" 484 /> 485 <Tool 486 Name="VCPreLinkEventTool" 487 /> 488 <Tool 489 Name="VCLinkerTool" 490 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib" 491 /> 492 <Tool 493 Name="VCALinkTool" 494 /> 495 <Tool 496 Name="VCManifestTool" 497 /> 498 <Tool 499 Name="VCXDCMakeTool" 500 /> 501 <Tool 502 Name="VCBscMakeTool" 503 /> 504 <Tool 505 Name="VCFxCopTool" 506 /> 507 <Tool 508 Name="VCAppVerifierTool" 509 /> 510 <Tool 511 Name="VCWebDeploymentTool" 512 /> 513 <Tool 514 Name="VCPostBuildEventTool" 515 /> 516 </Configuration> 517 <Configuration 518 Name="Release-Dynamic|x64" 519 ConfigurationType="1" 520 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\build\vs\pjproject-vs8-win64-release-defaults.vsprops" 521 UseOfMFC="0" 522 ATLMinimizesCRunTimeLibraryUsage="false" 523 CharacterSet="2" 524 > 525 <Tool 526 Name="VCPreBuildEventTool" 527 /> 528 <Tool 529 Name="VCCustomBuildTool" 530 /> 531 <Tool 532 Name="VCXMLDataGeneratorTool" 533 /> 534 <Tool 535 Name="VCWebServiceProxyGeneratorTool" 536 /> 537 <Tool 538 Name="VCMIDLTool" 539 TargetEnvironment="3" 540 /> 541 <Tool 542 Name="VCCLCompilerTool" 543 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include" 544 PreprocessorDefinitions="_CONSOLE;" 545 PrecompiledHeaderFile="" 546 /> 547 <Tool 548 Name="VCManagedResourceCompilerTool" 549 /> 550 <Tool 551 Name="VCResourceCompilerTool" 552 /> 553 <Tool 554 Name="VCPreLinkEventTool" 555 /> 556 <Tool 557 Name="VCLinkerTool" 558 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib" 559 TargetMachine="17" 560 /> 561 <Tool 562 Name="VCALinkTool" 563 /> 564 <Tool 565 Name="VCManifestTool" 566 /> 567 <Tool 568 Name="VCXDCMakeTool" 569 /> 570 <Tool 571 Name="VCBscMakeTool" 572 /> 573 <Tool 574 Name="VCFxCopTool" 575 /> 576 <Tool 577 Name="VCAppVerifierTool" 578 /> 579 <Tool 580 Name="VCWebDeploymentTool" 581 /> 582 <Tool 583 Name="VCPostBuildEventTool" 584 /> 585 </Configuration> 586 <Configuration 587 Name="Debug-Dynamic|Win32" 588 ConfigurationType="1" 589 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-debug-dynamic-defaults.vsprops;..\..\build\vs\pjproject-vs8-win32-common-defaults.vsprops" 590 UseOfMFC="0" 591 ATLMinimizesCRunTimeLibraryUsage="false" 592 CharacterSet="2" 593 > 594 <Tool 595 Name="VCPreBuildEventTool" 596 /> 597 <Tool 598 Name="VCCustomBuildTool" 599 /> 600 <Tool 601 Name="VCXMLDataGeneratorTool" 602 /> 603 <Tool 604 Name="VCWebServiceProxyGeneratorTool" 605 /> 606 <Tool 607 Name="VCMIDLTool" 608 /> 609 <Tool 610 Name="VCCLCompilerTool" 611 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include" 612 PreprocessorDefinitions="_CONSOLE;" 613 PrecompiledHeaderFile="" 614 /> 615 <Tool 616 Name="VCManagedResourceCompilerTool" 617 /> 618 <Tool 619 Name="VCResourceCompilerTool" 620 /> 621 <Tool 622 Name="VCPreLinkEventTool" 623 /> 624 <Tool 625 Name="VCLinkerTool" 626 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib" 627 /> 628 <Tool 629 Name="VCALinkTool" 630 /> 631 <Tool 632 Name="VCManifestTool" 633 /> 634 <Tool 635 Name="VCXDCMakeTool" 636 /> 637 <Tool 638 Name="VCBscMakeTool" 639 /> 640 <Tool 641 Name="VCFxCopTool" 642 /> 643 <Tool 644 Name="VCAppVerifierTool" 645 /> 646 <Tool 647 Name="VCWebDeploymentTool" 648 /> 649 <Tool 650 Name="VCPostBuildEventTool" 651 /> 652 </Configuration> 653 <Configuration 654 Name="Debug-Dynamic|x64" 655 ConfigurationType="1" 656 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-debug-dynamic-defaults.vsprops;..\..\build\vs\pjproject-vs8-win64-common-defaults.vsprops" 657 UseOfMFC="0" 658 ATLMinimizesCRunTimeLibraryUsage="false" 659 CharacterSet="2" 660 > 661 <Tool 662 Name="VCPreBuildEventTool" 663 /> 664 <Tool 665 Name="VCCustomBuildTool" 666 /> 667 <Tool 668 Name="VCXMLDataGeneratorTool" 669 /> 670 <Tool 671 Name="VCWebServiceProxyGeneratorTool" 672 /> 673 <Tool 674 Name="VCMIDLTool" 675 TargetEnvironment="3" 676 /> 677 <Tool 678 Name="VCCLCompilerTool" 679 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include" 680 PreprocessorDefinitions="_CONSOLE;" 681 PrecompiledHeaderFile="" 682 DebugInformationFormat="3" 683 /> 684 <Tool 685 Name="VCManagedResourceCompilerTool" 686 /> 687 <Tool 688 Name="VCResourceCompilerTool" 689 /> 690 <Tool 691 Name="VCPreLinkEventTool" 692 /> 693 <Tool 694 Name="VCLinkerTool" 695 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib" 696 TargetMachine="17" 697 /> 698 <Tool 699 Name="VCALinkTool" 700 /> 701 <Tool 702 Name="VCManifestTool" 703 /> 704 <Tool 705 Name="VCXDCMakeTool" 706 /> 707 <Tool 708 Name="VCBscMakeTool" 709 /> 710 <Tool 711 Name="VCFxCopTool" 712 /> 713 <Tool 714 Name="VCAppVerifierTool" 715 /> 716 <Tool 717 Name="VCWebDeploymentTool" 718 /> 719 <Tool 720 Name="VCPostBuildEventTool" 721 /> 722 </Configuration> 723 <Configuration 724 Name="Release-Static|Win32" 725 ConfigurationType="1" 726 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-release-static-defaults.vsprops;..\..\build\vs\pjproject-vs8-win32-release-defaults.vsprops" 727 UseOfMFC="0" 728 ATLMinimizesCRunTimeLibraryUsage="false" 729 CharacterSet="2" 730 > 731 <Tool 732 Name="VCPreBuildEventTool" 733 /> 734 <Tool 735 Name="VCCustomBuildTool" 736 /> 737 <Tool 738 Name="VCXMLDataGeneratorTool" 739 /> 740 <Tool 741 Name="VCWebServiceProxyGeneratorTool" 742 /> 743 <Tool 744 Name="VCMIDLTool" 745 /> 746 <Tool 747 Name="VCCLCompilerTool" 748 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include" 749 PreprocessorDefinitions="_CONSOLE;" 750 PrecompiledHeaderFile="" 751 /> 752 <Tool 753 Name="VCManagedResourceCompilerTool" 754 /> 755 <Tool 756 Name="VCResourceCompilerTool" 757 /> 758 <Tool 759 Name="VCPreLinkEventTool" 760 /> 761 <Tool 762 Name="VCLinkerTool" 763 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib" 764 /> 765 <Tool 766 Name="VCALinkTool" 767 /> 768 <Tool 769 Name="VCManifestTool" 770 /> 771 <Tool 772 Name="VCXDCMakeTool" 773 /> 774 <Tool 775 Name="VCBscMakeTool" 776 /> 777 <Tool 778 Name="VCFxCopTool" 779 /> 780 <Tool 781 Name="VCAppVerifierTool" 782 /> 783 <Tool 784 Name="VCWebDeploymentTool" 785 /> 786 <Tool 787 Name="VCPostBuildEventTool" 788 /> 789 </Configuration> 790 <Configuration 791 Name="Release-Static|x64" 792 ConfigurationType="1" 793 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-release-static-defaults.vsprops;..\..\build\vs\pjproject-vs8-win64-release-defaults.vsprops" 794 UseOfMFC="0" 795 ATLMinimizesCRunTimeLibraryUsage="false" 796 CharacterSet="2" 797 > 798 <Tool 799 Name="VCPreBuildEventTool" 800 /> 801 <Tool 802 Name="VCCustomBuildTool" 803 /> 804 <Tool 805 Name="VCXMLDataGeneratorTool" 806 /> 807 <Tool 808 Name="VCWebServiceProxyGeneratorTool" 809 /> 810 <Tool 811 Name="VCMIDLTool" 812 TargetEnvironment="3" 813 /> 814 <Tool 815 Name="VCCLCompilerTool" 816 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include" 817 PreprocessorDefinitions="_CONSOLE;" 818 PrecompiledHeaderFile="" 819 /> 820 <Tool 821 Name="VCManagedResourceCompilerTool" 822 /> 823 <Tool 824 Name="VCResourceCompilerTool" 825 /> 826 <Tool 827 Name="VCPreLinkEventTool" 828 /> 829 <Tool 830 Name="VCLinkerTool" 831 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib" 832 TargetMachine="17" 833 /> 834 <Tool 835 Name="VCALinkTool" 836 /> 837 <Tool 838 Name="VCManifestTool" 839 /> 840 <Tool 841 Name="VCXDCMakeTool" 842 /> 843 <Tool 844 Name="VCBscMakeTool" 845 /> 846 <Tool 847 Name="VCFxCopTool" 848 /> 849 <Tool 850 Name="VCAppVerifierTool" 851 /> 852 <Tool 853 Name="VCWebDeploymentTool" 854 /> 855 <Tool 856 Name="VCPostBuildEventTool" 857 /> 858 </Configuration> 859 <Configuration 106 860 Name="Release|Pocket PC 2003 (ARMV4)" 107 861 ConfigurationType="1" … … 238 992 </Configuration> 239 993 <Configuration 240 Name="Release|x64"241 ConfigurationType="1"242 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\build\vs\pjproject-vs8-win64-release-defaults.vsprops"243 UseOfMFC="0"244 ATLMinimizesCRunTimeLibraryUsage="false"245 CharacterSet="2"246 >247 <Tool248 Name="VCPreBuildEventTool"249 />250 <Tool251 Name="VCCustomBuildTool"252 />253 <Tool254 Name="VCXMLDataGeneratorTool"255 />256 <Tool257 Name="VCWebServiceProxyGeneratorTool"258 />259 <Tool260 Name="VCMIDLTool"261 TargetEnvironment="3"262 />263 <Tool264 Name="VCCLCompilerTool"265 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include"266 PreprocessorDefinitions="_CONSOLE;"267 PrecompiledHeaderFile=""268 />269 <Tool270 Name="VCManagedResourceCompilerTool"271 />272 <Tool273 Name="VCResourceCompilerTool"274 />275 <Tool276 Name="VCPreLinkEventTool"277 />278 <Tool279 Name="VCLinkerTool"280 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib"281 TargetMachine="17"282 />283 <Tool284 Name="VCALinkTool"285 />286 <Tool287 Name="VCManifestTool"288 />289 <Tool290 Name="VCXDCMakeTool"291 />292 <Tool293 Name="VCBscMakeTool"294 />295 <Tool296 Name="VCFxCopTool"297 />298 <Tool299 Name="VCAppVerifierTool"300 />301 <Tool302 Name="VCWebDeploymentTool"303 />304 <Tool305 Name="VCPostBuildEventTool"306 />307 </Configuration>308 <Configuration309 Name="Debug|Win32"310 ConfigurationType="1"311 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\build\vs\pjproject-vs8-win32-common-defaults.vsprops"312 UseOfMFC="0"313 ATLMinimizesCRunTimeLibraryUsage="false"314 CharacterSet="2"315 >316 <Tool317 Name="VCPreBuildEventTool"318 />319 <Tool320 Name="VCCustomBuildTool"321 />322 <Tool323 Name="VCXMLDataGeneratorTool"324 />325 <Tool326 Name="VCWebServiceProxyGeneratorTool"327 />328 <Tool329 Name="VCMIDLTool"330 />331 <Tool332 Name="VCCLCompilerTool"333 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include"334 PreprocessorDefinitions="_CONSOLE;"335 PrecompiledHeaderFile=""336 />337 <Tool338 Name="VCManagedResourceCompilerTool"339 />340 <Tool341 Name="VCResourceCompilerTool"342 />343 <Tool344 Name="VCPreLinkEventTool"345 />346 <Tool347 Name="VCLinkerTool"348 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib"349 IgnoreDefaultLibraryNames="msvcrt.lib"350 />351 <Tool352 Name="VCALinkTool"353 />354 <Tool355 Name="VCManifestTool"356 />357 <Tool358 Name="VCXDCMakeTool"359 />360 <Tool361 Name="VCBscMakeTool"362 />363 <Tool364 Name="VCFxCopTool"365 />366 <Tool367 Name="VCAppVerifierTool"368 />369 <Tool370 Name="VCWebDeploymentTool"371 />372 <Tool373 Name="VCPostBuildEventTool"374 />375 </Configuration>376 <Configuration377 994 Name="Debug|Pocket PC 2003 (ARMV4)" 378 995 ConfigurationType="1" … … 509 1126 </Configuration> 510 1127 <Configuration 511 Name="Debug|x64"512 ConfigurationType="1"513 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\build\vs\pjproject-vs8-win64-common-defaults.vsprops"514 UseOfMFC="0"515 ATLMinimizesCRunTimeLibraryUsage="false"516 CharacterSet="2"517 >518 <Tool519 Name="VCPreBuildEventTool"520 />521 <Tool522 Name="VCCustomBuildTool"523 />524 <Tool525 Name="VCXMLDataGeneratorTool"526 />527 <Tool528 Name="VCWebServiceProxyGeneratorTool"529 />530 <Tool531 Name="VCMIDLTool"532 TargetEnvironment="3"533 />534 <Tool535 Name="VCCLCompilerTool"536 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include"537 PreprocessorDefinitions="_CONSOLE;"538 PrecompiledHeaderFile=""539 DebugInformationFormat="3"540 />541 <Tool542 Name="VCManagedResourceCompilerTool"543 />544 <Tool545 Name="VCResourceCompilerTool"546 />547 <Tool548 Name="VCPreLinkEventTool"549 />550 <Tool551 Name="VCLinkerTool"552 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib"553 IgnoreDefaultLibraryNames="msvcrt.lib"554 TargetMachine="17"555 />556 <Tool557 Name="VCALinkTool"558 />559 <Tool560 Name="VCManifestTool"561 />562 <Tool563 Name="VCXDCMakeTool"564 />565 <Tool566 Name="VCBscMakeTool"567 />568 <Tool569 Name="VCFxCopTool"570 />571 <Tool572 Name="VCAppVerifierTool"573 />574 <Tool575 Name="VCWebDeploymentTool"576 />577 <Tool578 Name="VCPostBuildEventTool"579 />580 </Configuration>581 <Configuration582 Name="Debug-Static|Win32"583 ConfigurationType="1"584 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\build\vs\pjproject-vs8-win32-common-defaults.vsprops"585 UseOfMFC="0"586 ATLMinimizesCRunTimeLibraryUsage="false"587 CharacterSet="2"588 >589 <Tool590 Name="VCPreBuildEventTool"591 />592 <Tool593 Name="VCCustomBuildTool"594 />595 <Tool596 Name="VCXMLDataGeneratorTool"597 />598 <Tool599 Name="VCWebServiceProxyGeneratorTool"600 />601 <Tool602 Name="VCMIDLTool"603 />604 <Tool605 Name="VCCLCompilerTool"606 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include"607 PreprocessorDefinitions="_CONSOLE;"608 PrecompiledHeaderFile=""609 />610 <Tool611 Name="VCManagedResourceCompilerTool"612 />613 <Tool614 Name="VCResourceCompilerTool"615 />616 <Tool617 Name="VCPreLinkEventTool"618 />619 <Tool620 Name="VCLinkerTool"621 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib"622 />623 <Tool624 Name="VCALinkTool"625 />626 <Tool627 Name="VCManifestTool"628 />629 <Tool630 Name="VCXDCMakeTool"631 />632 <Tool633 Name="VCBscMakeTool"634 />635 <Tool636 Name="VCFxCopTool"637 />638 <Tool639 Name="VCAppVerifierTool"640 />641 <Tool642 Name="VCWebDeploymentTool"643 />644 <Tool645 Name="VCPostBuildEventTool"646 />647 </Configuration>648 <Configuration649 1128 Name="Debug-Static|Pocket PC 2003 (ARMV4)" 650 1129 ConfigurationType="1" … … 781 1260 </Configuration> 782 1261 <Configuration 783 Name="Debug-Static|x64"784 ConfigurationType="1"785 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-debug-static-defaults.vsprops;..\..\build\vs\pjproject-vs8-win64-common-defaults.vsprops"786 UseOfMFC="0"787 ATLMinimizesCRunTimeLibraryUsage="false"788 CharacterSet="2"789 >790 <Tool791 Name="VCPreBuildEventTool"792 />793 <Tool794 Name="VCCustomBuildTool"795 />796 <Tool797 Name="VCXMLDataGeneratorTool"798 />799 <Tool800 Name="VCWebServiceProxyGeneratorTool"801 />802 <Tool803 Name="VCMIDLTool"804 TargetEnvironment="3"805 />806 <Tool807 Name="VCCLCompilerTool"808 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include"809 PreprocessorDefinitions="_CONSOLE;"810 PrecompiledHeaderFile=""811 DebugInformationFormat="3"812 />813 <Tool814 Name="VCManagedResourceCompilerTool"815 />816 <Tool817 Name="VCResourceCompilerTool"818 />819 <Tool820 Name="VCPreLinkEventTool"821 />822 <Tool823 Name="VCLinkerTool"824 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib"825 TargetMachine="17"826 />827 <Tool828 Name="VCALinkTool"829 />830 <Tool831 Name="VCManifestTool"832 />833 <Tool834 Name="VCXDCMakeTool"835 />836 <Tool837 Name="VCBscMakeTool"838 />839 <Tool840 Name="VCFxCopTool"841 />842 <Tool843 Name="VCAppVerifierTool"844 />845 <Tool846 Name="VCWebDeploymentTool"847 />848 <Tool849 Name="VCPostBuildEventTool"850 />851 </Configuration>852 <Configuration853 Name="Release-Dynamic|Win32"854 ConfigurationType="1"855 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\build\vs\pjproject-vs8-win32-release-defaults.vsprops"856 UseOfMFC="0"857 ATLMinimizesCRunTimeLibraryUsage="false"858 CharacterSet="2"859 >860 <Tool861 Name="VCPreBuildEventTool"862 />863 <Tool864 Name="VCCustomBuildTool"865 />866 <Tool867 Name="VCXMLDataGeneratorTool"868 />869 <Tool870 Name="VCWebServiceProxyGeneratorTool"871 />872 <Tool873 Name="VCMIDLTool"874 />875 <Tool876 Name="VCCLCompilerTool"877 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include"878 PreprocessorDefinitions="_CONSOLE;"879 PrecompiledHeaderFile=""880 />881 <Tool882 Name="VCManagedResourceCompilerTool"883 />884 <Tool885 Name="VCResourceCompilerTool"886 />887 <Tool888 Name="VCPreLinkEventTool"889 />890 <Tool891 Name="VCLinkerTool"892 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib"893 />894 <Tool895 Name="VCALinkTool"896 />897 <Tool898 Name="VCManifestTool"899 />900 <Tool901 Name="VCXDCMakeTool"902 />903 <Tool904 Name="VCBscMakeTool"905 />906 <Tool907 Name="VCFxCopTool"908 />909 <Tool910 Name="VCAppVerifierTool"911 />912 <Tool913 Name="VCWebDeploymentTool"914 />915 <Tool916 Name="VCPostBuildEventTool"917 />918 </Configuration>919 <Configuration920 1262 Name="Release-Dynamic|Pocket PC 2003 (ARMV4)" 921 1263 ConfigurationType="1" … … 1052 1394 </Configuration> 1053 1395 <Configuration 1054 Name="Release-Dynamic|x64"1055 ConfigurationType="1"1056 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-release-dynamic-defaults.vsprops;..\..\build\vs\pjproject-vs8-win64-release-defaults.vsprops"1057 UseOfMFC="0"1058 ATLMinimizesCRunTimeLibraryUsage="false"1059 CharacterSet="2"1060 >1061 <Tool1062 Name="VCPreBuildEventTool"1063 />1064 <Tool1065 Name="VCCustomBuildTool"1066 />1067 <Tool1068 Name="VCXMLDataGeneratorTool"1069 />1070 <Tool1071 Name="VCWebServiceProxyGeneratorTool"1072 />1073 <Tool1074 Name="VCMIDLTool"1075 TargetEnvironment="3"1076 />1077 <Tool1078 Name="VCCLCompilerTool"1079 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include"1080 PreprocessorDefinitions="_CONSOLE;"1081 PrecompiledHeaderFile=""1082 />1083 <Tool1084 Name="VCManagedResourceCompilerTool"1085 />1086 <Tool1087 Name="VCResourceCompilerTool"1088 />1089 <Tool1090 Name="VCPreLinkEventTool"1091 />1092 <Tool1093 Name="VCLinkerTool"1094 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib"1095 TargetMachine="17"1096 />1097 <Tool1098 Name="VCALinkTool"1099 />1100 <Tool1101 Name="VCManifestTool"1102 />1103 <Tool1104 Name="VCXDCMakeTool"1105 />1106 <Tool1107 Name="VCBscMakeTool"1108 />1109 <Tool1110 Name="VCFxCopTool"1111 />1112 <Tool1113 Name="VCAppVerifierTool"1114 />1115 <Tool1116 Name="VCWebDeploymentTool"1117 />1118 <Tool1119 Name="VCPostBuildEventTool"1120 />1121 </Configuration>1122 <Configuration1123 Name="Debug-Dynamic|Win32"1124 ConfigurationType="1"1125 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-debug-dynamic-defaults.vsprops;..\..\build\vs\pjproject-vs8-win32-common-defaults.vsprops"1126 UseOfMFC="0"1127 ATLMinimizesCRunTimeLibraryUsage="false"1128 CharacterSet="2"1129 >1130 <Tool1131 Name="VCPreBuildEventTool"1132 />1133 <Tool1134 Name="VCCustomBuildTool"1135 />1136 <Tool1137 Name="VCXMLDataGeneratorTool"1138 />1139 <Tool1140 Name="VCWebServiceProxyGeneratorTool"1141 />1142 <Tool1143 Name="VCMIDLTool"1144 />1145 <Tool1146 Name="VCCLCompilerTool"1147 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include"1148 PreprocessorDefinitions="_CONSOLE;"1149 PrecompiledHeaderFile=""1150 />1151 <Tool1152 Name="VCManagedResourceCompilerTool"1153 />1154 <Tool1155 Name="VCResourceCompilerTool"1156 />1157 <Tool1158 Name="VCPreLinkEventTool"1159 />1160 <Tool1161 Name="VCLinkerTool"1162 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib"1163 />1164 <Tool1165 Name="VCALinkTool"1166 />1167 <Tool1168 Name="VCManifestTool"1169 />1170 <Tool1171 Name="VCXDCMakeTool"1172 />1173 <Tool1174 Name="VCBscMakeTool"1175 />1176 <Tool1177 Name="VCFxCopTool"1178 />1179 <Tool1180 Name="VCAppVerifierTool"1181 />1182 <Tool1183 Name="VCWebDeploymentTool"1184 />1185 <Tool1186 Name="VCPostBuildEventTool"1187 />1188 </Configuration>1189 <Configuration1190 1396 Name="Debug-Dynamic|Pocket PC 2003 (ARMV4)" 1191 1397 ConfigurationType="1" … … 1322 1528 </Configuration> 1323 1529 <Configuration 1324 Name="Debug-Dynamic|x64"1325 ConfigurationType="1"1326 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-debug-dynamic-defaults.vsprops;..\..\build\vs\pjproject-vs8-win64-common-defaults.vsprops"1327 UseOfMFC="0"1328 ATLMinimizesCRunTimeLibraryUsage="false"1329 CharacterSet="2"1330 >1331 <Tool1332 Name="VCPreBuildEventTool"1333 />1334 <Tool1335 Name="VCCustomBuildTool"1336 />1337 <Tool1338 Name="VCXMLDataGeneratorTool"1339 />1340 <Tool1341 Name="VCWebServiceProxyGeneratorTool"1342 />1343 <Tool1344 Name="VCMIDLTool"1345 TargetEnvironment="3"1346 />1347 <Tool1348 Name="VCCLCompilerTool"1349 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include"1350 PreprocessorDefinitions="_CONSOLE;"1351 PrecompiledHeaderFile=""1352 DebugInformationFormat="3"1353 />1354 <Tool1355 Name="VCManagedResourceCompilerTool"1356 />1357 <Tool1358 Name="VCResourceCompilerTool"1359 />1360 <Tool1361 Name="VCPreLinkEventTool"1362 />1363 <Tool1364 Name="VCLinkerTool"1365 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib"1366 TargetMachine="17"1367 />1368 <Tool1369 Name="VCALinkTool"1370 />1371 <Tool1372 Name="VCManifestTool"1373 />1374 <Tool1375 Name="VCXDCMakeTool"1376 />1377 <Tool1378 Name="VCBscMakeTool"1379 />1380 <Tool1381 Name="VCFxCopTool"1382 />1383 <Tool1384 Name="VCAppVerifierTool"1385 />1386 <Tool1387 Name="VCWebDeploymentTool"1388 />1389 <Tool1390 Name="VCPostBuildEventTool"1391 />1392 </Configuration>1393 <Configuration1394 Name="Release-Static|Win32"1395 ConfigurationType="1"1396 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-release-static-defaults.vsprops;..\..\build\vs\pjproject-vs8-win32-release-defaults.vsprops"1397 UseOfMFC="0"1398 ATLMinimizesCRunTimeLibraryUsage="false"1399 CharacterSet="2"1400 >1401 <Tool1402 Name="VCPreBuildEventTool"1403 />1404 <Tool1405 Name="VCCustomBuildTool"1406 />1407 <Tool1408 Name="VCXMLDataGeneratorTool"1409 />1410 <Tool1411 Name="VCWebServiceProxyGeneratorTool"1412 />1413 <Tool1414 Name="VCMIDLTool"1415 />1416 <Tool1417 Name="VCCLCompilerTool"1418 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include"1419 PreprocessorDefinitions="_CONSOLE;"1420 PrecompiledHeaderFile=""1421 />1422 <Tool1423 Name="VCManagedResourceCompilerTool"1424 />1425 <Tool1426 Name="VCResourceCompilerTool"1427 />1428 <Tool1429 Name="VCPreLinkEventTool"1430 />1431 <Tool1432 Name="VCLinkerTool"1433 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib"1434 />1435 <Tool1436 Name="VCALinkTool"1437 />1438 <Tool1439 Name="VCManifestTool"1440 />1441 <Tool1442 Name="VCXDCMakeTool"1443 />1444 <Tool1445 Name="VCBscMakeTool"1446 />1447 <Tool1448 Name="VCFxCopTool"1449 />1450 <Tool1451 Name="VCAppVerifierTool"1452 />1453 <Tool1454 Name="VCWebDeploymentTool"1455 />1456 <Tool1457 Name="VCPostBuildEventTool"1458 />1459 </Configuration>1460 <Configuration1461 1530 Name="Release-Static|Pocket PC 2003 (ARMV4)" 1462 1531 ConfigurationType="1" … … 1590 1659 /> 1591 1660 <DebuggerTool 1592 />1593 </Configuration>1594 <Configuration1595 Name="Release-Static|x64"1596 ConfigurationType="1"1597 InheritedPropertySheets="..\..\build\vs\pjproject-vs8-release-static-defaults.vsprops;..\..\build\vs\pjproject-vs8-win64-release-defaults.vsprops"1598 UseOfMFC="0"1599 ATLMinimizesCRunTimeLibraryUsage="false"1600 CharacterSet="2"1601 >1602 <Tool1603 Name="VCPreBuildEventTool"1604 />1605 <Tool1606 Name="VCCustomBuildTool"1607 />1608 <Tool1609 Name="VCXMLDataGeneratorTool"1610 />1611 <Tool1612 Name="VCWebServiceProxyGeneratorTool"1613 />1614 <Tool1615 Name="VCMIDLTool"1616 TargetEnvironment="3"1617 />1618 <Tool1619 Name="VCCLCompilerTool"1620 AdditionalIncludeDirectories="../../pjsip/include,../../pjlib/include,../../pjlib-util/include,../../pjmedia/include,../../pjnath/include"1621 PreprocessorDefinitions="_CONSOLE;"1622 PrecompiledHeaderFile=""1623 />1624 <Tool1625 Name="VCManagedResourceCompilerTool"1626 />1627 <Tool1628 Name="VCResourceCompilerTool"1629 />1630 <Tool1631 Name="VCPreLinkEventTool"1632 />1633 <Tool1634 Name="VCLinkerTool"1635 AdditionalDependencies="Iphlpapi.lib dsound.lib dxguid.lib netapi32.lib mswsock.lib ws2_32.lib odbc32.lib odbccp32.lib ole32.lib user32.lib gdi32.lib advapi32.lib"1636 TargetMachine="17"1637 />1638 <Tool1639 Name="VCALinkTool"1640 />1641 <Tool1642 Name="VCManifestTool"1643 />1644 <Tool1645 Name="VCXDCMakeTool"1646 />1647 <Tool1648 Name="VCBscMakeTool"1649 />1650 <Tool1651 Name="VCFxCopTool"1652 />1653 <Tool1654 Name="VCAppVerifierTool"1655 />1656 <Tool1657 Name="VCWebDeploymentTool"1658 />1659 <Tool1660 Name="VCPostBuildEventTool"1661 1661 /> 1662 1662 </Configuration> … … 3302 3302 </FileConfiguration> 3303 3303 <FileConfiguration 3304 Name="Release|x64" 3305 > 3306 <Tool 3307 Name="VCCLCompilerTool" 3308 AdditionalIncludeDirectories="" 3309 PreprocessorDefinitions="" 3310 /> 3311 </FileConfiguration> 3312 <FileConfiguration 3313 Name="Debug|Win32" 3314 > 3315 <Tool 3316 Name="VCCLCompilerTool" 3317 AdditionalIncludeDirectories="" 3318 PreprocessorDefinitions="" 3319 /> 3320 </FileConfiguration> 3321 <FileConfiguration 3322 Name="Debug|x64" 3323 > 3324 <Tool 3325 Name="VCCLCompilerTool" 3326 AdditionalIncludeDirectories="" 3327 PreprocessorDefinitions="" 3328 /> 3329 </FileConfiguration> 3330 <FileConfiguration 3331 Name="Debug-Static|Win32" 3332 > 3333 <Tool 3334 Name="VCCLCompilerTool" 3335 AdditionalIncludeDirectories="" 3336 PreprocessorDefinitions="" 3337 /> 3338 </FileConfiguration> 3339 <FileConfiguration 3340 Name="Debug-Static|x64" 3341 > 3342 <Tool 3343 Name="VCCLCompilerTool" 3344 AdditionalIncludeDirectories="" 3345 PreprocessorDefinitions="" 3346 /> 3347 </FileConfiguration> 3348 <FileConfiguration 3349 Name="Release-Dynamic|Win32" 3350 > 3351 <Tool 3352 Name="VCCLCompilerTool" 3353 AdditionalIncludeDirectories="" 3354 PreprocessorDefinitions="" 3355 /> 3356 </FileConfiguration> 3357 <FileConfiguration 3358 Name="Release-Dynamic|x64" 3359 > 3360 <Tool 3361 Name="VCCLCompilerTool" 3362 AdditionalIncludeDirectories="" 3363 PreprocessorDefinitions="" 3364 /> 3365 </FileConfiguration> 3366 <FileConfiguration 3367 Name="Debug-Dynamic|Win32" 3368 > 3369 <Tool 3370 Name="VCCLCompilerTool" 3371 AdditionalIncludeDirectories="" 3372 PreprocessorDefinitions="" 3373 /> 3374 </FileConfiguration> 3375 <FileConfiguration 3376 Name="Debug-Dynamic|x64" 3377 > 3378 <Tool 3379 Name="VCCLCompilerTool" 3380 AdditionalIncludeDirectories="" 3381 PreprocessorDefinitions="" 3382 /> 3383 </FileConfiguration> 3384 <FileConfiguration 3385 Name="Release-Static|Win32" 3386 > 3387 <Tool 3388 Name="VCCLCompilerTool" 3389 AdditionalIncludeDirectories="" 3390 PreprocessorDefinitions="" 3391 /> 3392 </FileConfiguration> 3393 <FileConfiguration 3394 Name="Release-Static|x64" 3395 > 3396 <Tool 3397 Name="VCCLCompilerTool" 3398 AdditionalIncludeDirectories="" 3399 PreprocessorDefinitions="" 3400 /> 3401 </FileConfiguration> 3402 <FileConfiguration 3304 3403 Name="Release|Pocket PC 2003 (ARMV4)" 3305 3404 ExcludedFromBuild="true" … … 3322 3421 </FileConfiguration> 3323 3422 <FileConfiguration 3324 Name="Release|x64"3325 >3326 <Tool3327 Name="VCCLCompilerTool"3328 AdditionalIncludeDirectories=""3329 PreprocessorDefinitions=""3330 />3331 </FileConfiguration>3332 <FileConfiguration3333 Name="Debug|Win32"3334 >3335 <Tool3336 Name="VCCLCompilerTool"3337 AdditionalIncludeDirectories=""3338 PreprocessorDefinitions=""3339 />3340 </FileConfiguration>3341 <FileConfiguration3342 3423 Name="Debug|Pocket PC 2003 (ARMV4)" 3343 3424 ExcludedFromBuild="true" … … 3360 3441 </FileConfiguration> 3361 3442 <FileConfiguration 3362 Name="Debug|x64"3363 >3364 <Tool3365 Name="VCCLCompilerTool"3366 AdditionalIncludeDirectories=""3367 PreprocessorDefinitions=""3368 />3369 </FileConfiguration>3370 <FileConfiguration3371 Name="Debug-Static|Win32"3372 >3373 <Tool3374 Name="VCCLCompilerTool"3375 AdditionalIncludeDirectories=""3376 PreprocessorDefinitions=""3377 />3378 </FileConfiguration>3379 <FileConfiguration3380 3443 Name="Debug-Static|Pocket PC 2003 (ARMV4)" 3381 3444 ExcludedFromBuild="true" … … 3398 3461 </FileConfiguration> 3399 3462 <FileConfiguration 3400 Name="Debug-Static|x64"3401 >3402 <Tool3403 Name="VCCLCompilerTool"3404 AdditionalIncludeDirectories=""3405 PreprocessorDefinitions=""3406 />3407 </FileConfiguration>3408 <FileConfiguration3409 Name="Release-Dynamic|Win32"3410 >3411 <Tool3412 Name="VCCLCompilerTool"3413 AdditionalIncludeDirectories=""3414 PreprocessorDefinitions=""3415 />3416 </FileConfiguration>3417 <FileConfiguration3418 3463 Name="Release-Dynamic|Pocket PC 2003 (ARMV4)" 3419 3464 ExcludedFromBuild="true" … … 3436 3481 </FileConfiguration> 3437 3482 <FileConfiguration 3438 Name="Release-Dynamic|x64"3439 >3440 <Tool3441 Name="VCCLCompilerTool"3442 AdditionalIncludeDirectories=""3443 PreprocessorDefinitions=""3444 />3445 </FileConfiguration>3446 <FileConfiguration3447 Name="Debug-Dynamic|Win32"3448 >3449 <Tool3450 Name="VCCLCompilerTool"3451 AdditionalIncludeDirectories=""3452 PreprocessorDefinitions=""3453 />3454 </FileConfiguration>3455 <FileConfiguration3456 3483 Name="Debug-Dynamic|Pocket PC 2003 (ARMV4)" 3457 3484 ExcludedFromBuild="true" … … 3474 3501 </FileConfiguration> 3475 3502 <FileConfiguration 3476 Name="Debug-Dynamic|x64"3477 >3478 <Tool3479 Name="VCCLCompilerTool"3480 AdditionalIncludeDirectories=""3481 PreprocessorDefinitions=""3482 />3483 </FileConfiguration>3484 <FileConfiguration3485 Name="Release-Static|Win32"3486 >3487 <Tool3488 Name="VCCLCompilerTool"3489 AdditionalIncludeDirectories=""3490 PreprocessorDefinitions=""3491 />3492 </FileConfiguration>3493 <FileConfiguration3494 3503 Name="Release-Static|Pocket PC 2003 (ARMV4)" 3495 3504 ExcludedFromBuild="true" … … 3504 3513 Name="Release-Static|Smartphone 2003 (ARMV4)" 3505 3514 ExcludedFromBuild="true" 3506 >3507 <Tool3508 Name="VCCLCompilerTool"3509 AdditionalIncludeDirectories=""3510 PreprocessorDefinitions=""3511 />3512 </FileConfiguration>3513 <FileConfiguration3514 Name="Release-Static|x64"3515 3515 > 3516 3516 <Tool … … 3862 3862 </FileConfiguration> 3863 3863 <FileConfiguration 3864 Name="Release|x64" 3865 > 3866 <Tool 3867 Name="VCCLCompilerTool" 3868 AdditionalIncludeDirectories="" 3869 PreprocessorDefinitions="" 3870 /> 3871 </FileConfiguration> 3872 <FileConfiguration 3873 Name="Debug|Win32" 3874 > 3875 <Tool 3876 Name="VCCLCompilerTool" 3877 AdditionalIncludeDirectories="" 3878 PreprocessorDefinitions="" 3879 /> 3880 </FileConfiguration> 3881 <FileConfiguration 3882 Name="Debug|x64" 3883 > 3884 <Tool 3885 Name="VCCLCompilerTool" 3886 AdditionalIncludeDirectories="" 3887 PreprocessorDefinitions="" 3888 /> 3889 </FileConfiguration> 3890 <FileConfiguration 3891 Name="Debug-Static|Win32" 3892 > 3893 <Tool 3894 Name="VCCLCompilerTool" 3895 AdditionalIncludeDirectories="" 3896 PreprocessorDefinitions="" 3897 /> 3898 </FileConfiguration> 3899 <FileConfiguration 3900 Name="Debug-Static|x64" 3901 > 3902 <Tool 3903 Name="VCCLCompilerTool" 3904 AdditionalIncludeDirectories="" 3905 PreprocessorDefinitions="" 3906 /> 3907 </FileConfiguration> 3908 <FileConfiguration 3909 Name="Release-Dynamic|Win32" 3910 > 3911 <Tool 3912 Name="VCCLCompilerTool" 3913 AdditionalIncludeDirectories="" 3914 PreprocessorDefinitions="" 3915 /> 3916 </FileConfiguration> 3917 <FileConfiguration 3918 Name="Release-Dynamic|x64" 3919 > 3920 <Tool 3921 Name="VCCLCompilerTool" 3922 AdditionalIncludeDirectories="" 3923 PreprocessorDefinitions="" 3924 /> 3925 </FileConfiguration> 3926 <FileConfiguration 3927 Name="Debug-Dynamic|Win32" 3928 > 3929 <Tool 3930 Name="VCCLCompilerTool" 3931 AdditionalIncludeDirectories="" 3932 PreprocessorDefinitions="" 3933 /> 3934 </FileConfiguration> 3935 <FileConfiguration 3936 Name="Debug-Dynamic|x64" 3937 > 3938 <Tool 3939 Name="VCCLCompilerTool" 3940 AdditionalIncludeDirectories="" 3941 PreprocessorDefinitions="" 3942 /> 3943 </FileConfiguration> 3944 <FileConfiguration 3945 Name="Release-Static|Win32" 3946 > 3947 <Tool 3948 Name="VCCLCompilerTool" 3949 AdditionalIncludeDirectories="" 3950 PreprocessorDefinitions="" 3951 /> 3952 </FileConfiguration> 3953 <FileConfiguration 3954 Name="Release-Static|x64" 3955 > 3956 <Tool 3957 Name="VCCLCompilerTool" 3958 AdditionalIncludeDirectories="" 3959 PreprocessorDefinitions="" 3960 /> 3961 </FileConfiguration> 3962 <FileConfiguration 3864 3963 Name="Release|Pocket PC 2003 (ARMV4)" 3865 3964 > … … 3880 3979 </FileConfiguration> 3881 3980 <FileConfiguration 3882 Name="Release|x64"3883 >3884 <Tool3885 Name="VCCLCompilerTool"3886 AdditionalIncludeDirectories=""3887 PreprocessorDefinitions=""3888 />3889 </FileConfiguration>3890 <FileConfiguration3891 Name="Debug|Win32"3892 >3893 <Tool3894 Name="VCCLCompilerTool"3895 AdditionalIncludeDirectories=""3896 PreprocessorDefinitions=""3897 />3898 </FileConfiguration>3899 <FileConfiguration3900 3981 Name="Debug|Pocket PC 2003 (ARMV4)" 3901 3982 > … … 3916 3997 </FileConfiguration> 3917 3998 <FileConfiguration 3918 Name="Debug|x64"3919 >3920 <Tool3921 Name="VCCLCompilerTool"3922 AdditionalIncludeDirectories=""3923 PreprocessorDefinitions=""3924 />3925 </FileConfiguration>3926 <FileConfiguration3927 Name="Debug-Static|Win32"3928 >3929 <Tool3930 Name="VCCLCompilerTool"3931 AdditionalIncludeDirectories=""3932 PreprocessorDefinitions=""3933 />3934 </FileConfiguration>3935 <FileConfiguration3936 3999 Name="Debug-Static|Pocket PC 2003 (ARMV4)" 3937 4000 > … … 3952 4015 </FileConfiguration> 3953 4016 <FileConfiguration 3954 Name="Debug-Static|x64"3955 >3956 <Tool3957 Name="VCCLCompilerTool"3958 AdditionalIncludeDirectories=""3959 PreprocessorDefinitions=""3960 />3961 </FileConfiguration>3962 <FileConfiguration3963 Name="Release-Dynamic|Win32"3964 >3965 <Tool3966 Name="VCCLCompilerTool"3967 AdditionalIncludeDirectories=""3968 PreprocessorDefinitions=""3969 />3970 </FileConfiguration>3971 <FileConfiguration3972 4017 Name="Release-Dynamic|Pocket PC 2003 (ARMV4)" 3973 4018 > … … 3988 4033 </FileConfiguration> 3989 4034 <FileConfiguration 3990 Name="Release-Dynamic|x64"3991 >3992 <Tool3993 Name="VCCLCompilerTool"3994 AdditionalIncludeDirectories=""3995 PreprocessorDefinitions=""3996 />3997 </FileConfiguration>3998 <FileConfiguration3999 Name="Debug-Dynamic|Win32"4000 >4001 <Tool4002 Name="VCCLCompilerTool"4003 AdditionalIncludeDirectories=""4004 PreprocessorDefinitions=""4005 />4006 </FileConfiguration>4007 <FileConfiguration4008 4035 Name="Debug-Dynamic|Pocket PC 2003 (ARMV4)" 4009 4036 > … … 4024 4051 </FileConfiguration> 4025 4052 <FileConfiguration 4026 Name="Debug-Dynamic|x64"4027 >4028 <Tool4029 Name="VCCLCompilerTool"4030 AdditionalIncludeDirectories=""4031 PreprocessorDefinitions=""4032 />4033 </FileConfiguration>4034 <FileConfiguration4035 Name="Release-Static|Win32"4036 >4037 <Tool4038 Name="VCCLCompilerTool"4039 AdditionalIncludeDirectories=""4040 PreprocessorDefinitions=""4041 />4042 </FileConfiguration>4043 <FileConfiguration4044 4053 Name="Release-Static|Pocket PC 2003 (ARMV4)" 4045 4054 > … … 4052 4061 <FileConfiguration 4053 4062 Name="Release-Static|Smartphone 2003 (ARMV4)" 4054 >4055 <Tool4056 Name="VCCLCompilerTool"4057 AdditionalIncludeDirectories=""4058 PreprocessorDefinitions=""4059 />4060 </FileConfiguration>4061 <FileConfiguration4062 Name="Release-Static|x64"4063 4063 > 4064 4064 <Tool -
pjproject/trunk/third_party/build/os-auto.mak.in
r5568 r5614 47 47 ifeq (@ac_ssl_has_aes_gcm@,0) 48 48 CIPHERS_SRC = crypto/cipher/aes.o crypto/cipher/aes_icm.o \ 49 crypto/cipher/aes_cbc.o49 # crypto/cipher/aes_cbc.o 50 50 HASHES_SRC = crypto/hash/sha1.o crypto/hash/hmac.o \ 51 51 # crypto/hash/tmmhv2.o 52 RNG_SRC = crypto/rng/rand_source.o crypto/rng/prng.o \53 crypto/rng/ctr_prng.o52 RNG_SRC = # crypto/rng/rand_source.o crypto/rng/prng.o \ 53 # crypto/rng/ctr_prng.o 54 54 else 55 55 CIPHERS_SRC = crypto/cipher/aes_icm_ossl.o crypto/cipher/aes_gcm_ossl.o 56 56 HASHES_SRC = crypto/hash/hmac_ossl.o 57 RNG_SRC = crypto/rng/rand_source_ossl.o57 RNG_SRC = # crypto/rng/rand_source_ossl.o 58 58 SRTP_OTHER_CFLAGS = -DOPENSSL 59 59 endif -
pjproject/trunk/third_party/build/srtp/libsrtp.vcproj
r5261 r5614 3138 3138 </File> 3139 3139 <File 3140 RelativePath="..\..\srtp\include\rtp.h"3141 >3142 </File>3143 <File3144 3140 RelativePath="..\..\srtp\include\srtp.h" 3145 3141 > … … 3163 3159 RelativePath="..\..\srtp\crypto\cipher\aes.c" 3164 3160 > 3161 <FileConfiguration 3162 Name="Debug|Win32" 3163 > 3164 <Tool 3165 Name="VCCLCompilerTool" 3166 /> 3167 </FileConfiguration> 3165 3168 </File> 3166 3169 <File 3167 RelativePath="..\..\srtp\crypto\cipher\aes_ cbc.c"3170 RelativePath="..\..\srtp\crypto\cipher\aes_gcm_ossl.c" 3168 3171 > 3172 <FileConfiguration 3173 Name="Debug|Win32" 3174 ExcludedFromBuild="true" 3175 > 3176 <Tool 3177 Name="VCCLCompilerTool" 3178 /> 3179 </FileConfiguration> 3180 <FileConfiguration 3181 Name="Debug|x64" 3182 ExcludedFromBuild="true" 3183 > 3184 <Tool 3185 Name="VCCLCompilerTool" 3186 /> 3187 </FileConfiguration> 3188 <FileConfiguration 3189 Name="Release|Win32" 3190 ExcludedFromBuild="true" 3191 > 3192 <Tool 3193 Name="VCCLCompilerTool" 3194 /> 3195 </FileConfiguration> 3196 <FileConfiguration 3197 Name="Release|x64" 3198 ExcludedFromBuild="true" 3199 > 3200 <Tool 3201 Name="VCCLCompilerTool" 3202 /> 3203 </FileConfiguration> 3204 <FileConfiguration 3205 Name="Debug-Static|Win32" 3206 ExcludedFromBuild="true" 3207 > 3208 <Tool 3209 Name="VCCLCompilerTool" 3210 /> 3211 </FileConfiguration> 3212 <FileConfiguration 3213 Name="Debug-Static|x64" 3214 ExcludedFromBuild="true" 3215 > 3216 <Tool 3217 Name="VCCLCompilerTool" 3218 /> 3219 </FileConfiguration> 3220 <FileConfiguration 3221 Name="Release-Dynamic|Win32" 3222 ExcludedFromBuild="true" 3223 > 3224 <Tool 3225 Name="VCCLCompilerTool" 3226 /> 3227 </FileConfiguration> 3228 <FileConfiguration 3229 Name="Release-Dynamic|x64" 3230 ExcludedFromBuild="true" 3231 > 3232 <Tool 3233 Name="VCCLCompilerTool" 3234 /> 3235 </FileConfiguration> 3236 <FileConfiguration 3237 Name="Debug-Dynamic|Win32" 3238 ExcludedFromBuild="true" 3239 > 3240 <Tool 3241 Name="VCCLCompilerTool" 3242 /> 3243 </FileConfiguration> 3244 <FileConfiguration 3245 Name="Debug-Dynamic|x64" 3246 ExcludedFromBuild="true" 3247 > 3248 <Tool 3249 Name="VCCLCompilerTool" 3250 /> 3251 </FileConfiguration> 3252 <FileConfiguration 3253 Name="Release-Static|Win32" 3254 ExcludedFromBuild="true" 3255 > 3256 <Tool 3257 Name="VCCLCompilerTool" 3258 /> 3259 </FileConfiguration> 3260 <FileConfiguration 3261 Name="Release-Static|x64" 3262 ExcludedFromBuild="true" 3263 > 3264 <Tool 3265 Name="VCCLCompilerTool" 3266 /> 3267 </FileConfiguration> 3169 3268 </File> 3170 3269 <File 3171 3270 RelativePath="..\..\srtp\crypto\cipher\aes_icm.c" 3172 3271 > 3272 <FileConfiguration 3273 Name="Debug|Win32" 3274 > 3275 <Tool 3276 Name="VCCLCompilerTool" 3277 /> 3278 </FileConfiguration> 3279 </File> 3280 <File 3281 RelativePath="..\..\srtp\crypto\cipher\aes_icm_ossl.c" 3282 > 3283 <FileConfiguration 3284 Name="Debug|Win32" 3285 ExcludedFromBuild="true" 3286 > 3287 <Tool 3288 Name="VCCLCompilerTool" 3289 /> 3290 </FileConfiguration> 3291 <FileConfiguration 3292 Name="Debug|x64" 3293 ExcludedFromBuild="true" 3294 > 3295 <Tool 3296 Name="VCCLCompilerTool" 3297 /> 3298 </FileConfiguration> 3299 <FileConfiguration 3300 Name="Release|Win32" 3301 ExcludedFromBuild="true" 3302 > 3303 <Tool 3304 Name="VCCLCompilerTool" 3305 /> 3306 </FileConfiguration> 3307 <FileConfiguration 3308 Name="Release|x64" 3309 ExcludedFromBuild="true" 3310 > 3311 <Tool 3312 Name="VCCLCompilerTool" 3313 /> 3314 </FileConfiguration> 3315 <FileConfiguration 3316 Name="Debug-Static|Win32" 3317 ExcludedFromBuild="true" 3318 > 3319 <Tool 3320 Name="VCCLCompilerTool" 3321 /> 3322 </FileConfiguration> 3323 <FileConfiguration 3324 Name="Debug-Static|x64" 3325 ExcludedFromBuild="true" 3326 > 3327 <Tool 3328 Name="VCCLCompilerTool" 3329 /> 3330 </FileConfiguration> 3331 <FileConfiguration 3332 Name="Release-Dynamic|Win32" 3333 ExcludedFromBuild="true" 3334 > 3335 <Tool 3336 Name="VCCLCompilerTool" 3337 /> 3338 </FileConfiguration> 3339 <FileConfiguration 3340 Name="Release-Dynamic|x64" 3341 ExcludedFromBuild="true" 3342 > 3343 <Tool 3344 Name="VCCLCompilerTool" 3345 /> 3346 </FileConfiguration> 3347 <FileConfiguration 3348 Name="Debug-Dynamic|Win32" 3349 ExcludedFromBuild="true" 3350 > 3351 <Tool 3352 Name="VCCLCompilerTool" 3353 /> 3354 </FileConfiguration> 3355 <FileConfiguration 3356 Name="Debug-Dynamic|x64" 3357 ExcludedFromBuild="true" 3358 > 3359 <Tool 3360 Name="VCCLCompilerTool" 3361 /> 3362 </FileConfiguration> 3363 <FileConfiguration 3364 Name="Release-Static|Win32" 3365 ExcludedFromBuild="true" 3366 > 3367 <Tool 3368 Name="VCCLCompilerTool" 3369 /> 3370 </FileConfiguration> 3371 <FileConfiguration 3372 Name="Release-Static|x64" 3373 ExcludedFromBuild="true" 3374 > 3375 <Tool 3376 Name="VCCLCompilerTool" 3377 /> 3378 </FileConfiguration> 3173 3379 </File> 3174 3380 <File … … 3191 3397 RelativePath="..\..\srtp\crypto\hash\hmac.c" 3192 3398 > 3399 <FileConfiguration 3400 Name="Debug|Win32" 3401 > 3402 <Tool 3403 Name="VCCLCompilerTool" 3404 /> 3405 </FileConfiguration> 3406 </File> 3407 <File 3408 RelativePath="..\..\srtp\crypto\hash\hmac_ossl.c" 3409 > 3410 <FileConfiguration 3411 Name="Debug|Win32" 3412 ExcludedFromBuild="true" 3413 > 3414 <Tool 3415 Name="VCCLCompilerTool" 3416 /> 3417 </FileConfiguration> 3418 <FileConfiguration 3419 Name="Debug|x64" 3420 ExcludedFromBuild="true" 3421 > 3422 <Tool 3423 Name="VCCLCompilerTool" 3424 /> 3425 </FileConfiguration> 3426 <FileConfiguration 3427 Name="Release|Win32" 3428 ExcludedFromBuild="true" 3429 > 3430 <Tool 3431 Name="VCCLCompilerTool" 3432 /> 3433 </FileConfiguration> 3434 <FileConfiguration 3435 Name="Release|x64" 3436 ExcludedFromBuild="true" 3437 > 3438 <Tool 3439 Name="VCCLCompilerTool" 3440 /> 3441 </FileConfiguration> 3442 <FileConfiguration 3443 Name="Debug-Static|Win32" 3444 ExcludedFromBuild="true" 3445 > 3446 <Tool 3447 Name="VCCLCompilerTool" 3448 /> 3449 </FileConfiguration> 3450 <FileConfiguration 3451 Name="Debug-Static|x64" 3452 ExcludedFromBuild="true" 3453 > 3454 <Tool 3455 Name="VCCLCompilerTool" 3456 /> 3457 </FileConfiguration> 3458 <FileConfiguration 3459 Name="Release-Dynamic|Win32" 3460 ExcludedFromBuild="true" 3461 > 3462 <Tool 3463 Name="VCCLCompilerTool" 3464 /> 3465 </FileConfiguration> 3466 <FileConfiguration 3467 Name="Release-Dynamic|x64" 3468 ExcludedFromBuild="true" 3469 > 3470 <Tool 3471 Name="VCCLCompilerTool" 3472 /> 3473 </FileConfiguration> 3474 <FileConfiguration 3475 Name="Debug-Dynamic|Win32" 3476 ExcludedFromBuild="true" 3477 > 3478 <Tool 3479 Name="VCCLCompilerTool" 3480 /> 3481 </FileConfiguration> 3482 <FileConfiguration 3483 Name="Debug-Dynamic|x64" 3484 ExcludedFromBuild="true" 3485 > 3486 <Tool 3487 Name="VCCLCompilerTool" 3488 /> 3489 </FileConfiguration> 3490 <FileConfiguration 3491 Name="Release-Static|Win32" 3492 ExcludedFromBuild="true" 3493 > 3494 <Tool 3495 Name="VCCLCompilerTool" 3496 /> 3497 </FileConfiguration> 3498 <FileConfiguration 3499 Name="Release-Static|x64" 3500 ExcludedFromBuild="true" 3501 > 3502 <Tool 3503 Name="VCCLCompilerTool" 3504 /> 3505 </FileConfiguration> 3193 3506 </File> 3194 3507 <File … … 3199 3512 RelativePath="..\..\srtp\crypto\hash\sha1.c" 3200 3513 > 3514 <FileConfiguration 3515 Name="Debug|Win32" 3516 > 3517 <Tool 3518 Name="VCCLCompilerTool" 3519 /> 3520 </FileConfiguration> 3201 3521 </File> 3202 3522 </Filter> … … 3222 3542 <File 3223 3543 RelativePath="..\..\srtp\crypto\math\datatypes.c" 3224 >3225 </File>3226 <File3227 RelativePath="..\..\srtp\crypto\math\gf2_8.c"3228 3544 > 3229 3545 </File> … … 3253 3569 </File> 3254 3570 <File 3255 RelativePath="..\..\srtp\crypto\include\aes_cbc.h"3256 >3257 </File>3258 <File3259 3571 RelativePath="..\..\srtp\crypto\include\aes_icm.h" 3260 3572 > … … 3273 3585 </File> 3274 3586 <File 3275 RelativePath="..\..\srtp\crypto\include\crypto.h"3276 >3277 </File>3278 <File3279 3587 RelativePath="..\..\srtp\crypto\include\crypto_kernel.h" 3280 3588 > 3281 3589 </File> 3282 3590 <File 3283 RelativePath="..\..\srtp\crypto\include\crypto_math.h"3284 >3285 </File>3286 <File3287 3591 RelativePath="..\..\srtp\crypto\include\crypto_types.h" 3288 >3289 </File>3290 <File3291 RelativePath="..\..\srtp\crypto\include\cryptoalg.h"3292 3592 > 3293 3593 </File> … … 3301 3601 </File> 3302 3602 <File 3303 RelativePath="..\..\srtp\crypto\include\gf2_8.h"3304 >3305 </File>3306 <File3307 3603 RelativePath="..\..\srtp\crypto\include\hmac.h" 3308 3604 > … … 3310 3606 <File 3311 3607 RelativePath="..\..\srtp\crypto\include\integers.h" 3312 >3313 </File>3314 <File3315 RelativePath="..\..\srtp\crypto\include\kernel_compat.h"3316 3608 > 3317 3609 </File> … … 3326 3618 <File 3327 3619 RelativePath="..\..\srtp\crypto\include\null_cipher.h" 3328 >3329 </File>3330 <File3331 RelativePath="..\..\srtp\crypto\include\prng.h"3332 >3333 </File>3334 <File3335 RelativePath="..\..\srtp\crypto\include\rand_source.h"3336 3620 > 3337 3621 </File> … … 3352 3636 > 3353 3637 </File> 3354 <File3355 RelativePath="..\..\srtp\crypto\include\xfm.h"3356 >3357 </File>3358 </Filter>3359 <Filter3360 Name="rng"3361 >3362 <File3363 RelativePath="..\..\srtp\crypto\rng\ctr_prng.c"3364 >3365 </File>3366 <File3367 RelativePath="..\..\srtp\crypto\rng\prng.c"3368 >3369 </File>3370 <File3371 RelativePath="..\..\srtp\crypto\rng\rand_source.c"3372 >3373 </File>3374 3638 </Filter> 3375 3639 </Filter> -
pjproject/trunk/third_party/build/srtp/libsrtp.vcxproj
r5547 r5614 494 494 <ItemGroup> 495 495 <ClCompile Include="..\..\srtp\crypto\cipher\aes.c" /> 496 <ClCompile Include="..\..\srtp\crypto\cipher\aes_cbc.c" />497 496 <ClCompile Include="..\..\srtp\crypto\cipher\aes_gcm_ossl.c"> 498 497 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release-Static|Win32'">true</ExcludedFromBuild> … … 569 568 <ClCompile Include="..\..\srtp\crypto\kernel\key.c" /> 570 569 <ClCompile Include="..\..\srtp\crypto\math\datatypes.c" /> 571 <ClCompile Include="..\..\srtp\crypto\math\gf2_8.c" />572 570 <ClCompile Include="..\..\srtp\crypto\math\stat.c" /> 573 571 <ClCompile Include="..\..\srtp\crypto\replay\rdb.c" /> 574 572 <ClCompile Include="..\..\srtp\crypto\replay\rdbx.c" /> 575 <ClCompile Include="..\..\srtp\crypto\rng\ctr_prng.c" />576 <ClCompile Include="..\..\srtp\crypto\rng\prng.c" />577 <ClCompile Include="..\..\srtp\crypto\rng\rand_source.c" />578 <ClCompile Include="..\..\srtp\crypto\rng\rand_source_ossl.c">579 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release-Static|Win32'">true</ExcludedFromBuild>580 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>581 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug-Dynamic|Win32'">true</ExcludedFromBuild>582 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>583 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug-Static|Win32'">true</ExcludedFromBuild>584 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release-Dynamic|Win32'">true</ExcludedFromBuild>585 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release-Static|x64'">true</ExcludedFromBuild>586 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>587 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug-Dynamic|x64'">true</ExcludedFromBuild>588 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>589 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug-Static|x64'">true</ExcludedFromBuild>590 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release-Dynamic|x64'">true</ExcludedFromBuild>591 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release-Static|ARM'">true</ExcludedFromBuild>592 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">true</ExcludedFromBuild>593 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug-Dynamic|ARM'">true</ExcludedFromBuild>594 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">true</ExcludedFromBuild>595 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug-Static|ARM'">true</ExcludedFromBuild>596 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release-Dynamic|ARM'">true</ExcludedFromBuild>597 </ClCompile>598 573 <ClCompile Include="..\..\srtp\pjlib\srtp_err.c" /> 599 574 <ClCompile Include="..\..\srtp\srtp\srtp.c" /> … … 602 577 <ItemGroup> 603 578 <ClInclude Include="..\..\srtp\crypto\include\aes.h" /> 604 <ClInclude Include="..\..\srtp\crypto\include\aes_cbc.h" />605 579 <ClInclude Include="..\..\srtp\crypto\include\aes_icm.h" /> 606 580 <ClInclude Include="..\..\srtp\crypto\include\alloc.h" /> 607 581 <ClInclude Include="..\..\srtp\crypto\include\auth.h" /> 608 582 <ClInclude Include="..\..\srtp\crypto\include\cipher.h" /> 609 <ClInclude Include="..\..\srtp\crypto\include\crypto.h" />610 <ClInclude Include="..\..\srtp\crypto\include\cryptoalg.h" />611 583 <ClInclude Include="..\..\srtp\crypto\include\crypto_kernel.h" /> 612 <ClInclude Include="..\..\srtp\crypto\include\crypto_math.h" />613 584 <ClInclude Include="..\..\srtp\crypto\include\crypto_types.h" /> 614 585 <ClInclude Include="..\..\srtp\crypto\include\datatypes.h" /> 615 586 <ClInclude Include="..\..\srtp\crypto\include\err.h" /> 616 <ClInclude Include="..\..\srtp\crypto\include\gf2_8.h" />617 587 <ClInclude Include="..\..\srtp\crypto\include\hmac.h" /> 618 588 <ClInclude Include="..\..\srtp\crypto\include\integers.h" /> 619 <ClInclude Include="..\..\srtp\crypto\include\kernel_compat.h" />620 589 <ClInclude Include="..\..\srtp\crypto\include\key.h" /> 621 590 <ClInclude Include="..\..\srtp\crypto\include\null_auth.h" /> 622 591 <ClInclude Include="..\..\srtp\crypto\include\null_cipher.h" /> 623 <ClInclude Include="..\..\srtp\crypto\include\prng.h" />624 <ClInclude Include="..\..\srtp\crypto\include\rand_source.h" />625 592 <ClInclude Include="..\..\srtp\crypto\include\rdb.h" /> 626 593 <ClInclude Include="..\..\srtp\crypto\include\rdbx.h" /> … … 628 595 <ClInclude Include="..\..\srtp\crypto\include\stat.h" /> 629 596 <ClInclude Include="..\..\srtp\include\ekt.h" /> 630 <ClInclude Include="..\..\srtp\include\rtp.h" />631 597 <ClInclude Include="..\..\srtp\include\srtp.h" /> 632 598 <ClInclude Include="..\..\srtp\include\ut_sim.h" /> -
pjproject/trunk/third_party/build/srtp/libsrtp.vcxproj.filters
r5415 r5614 31 31 <UniqueIdentifier>{b4cf0314-f1bd-44d6-ad75-187c4b03c5c3}</UniqueIdentifier> 32 32 </Filter> 33 <Filter Include="crypto\rng">34 <UniqueIdentifier>{101639e1-fe64-435f-8428-4c647132ad40}</UniqueIdentifier>35 </Filter>36 33 </ItemGroup> 37 34 <ItemGroup> … … 43 40 </ClCompile> 44 41 <ClCompile Include="..\..\srtp\crypto\cipher\aes.c"> 45 <Filter>crypto\cipher</Filter>46 </ClCompile>47 <ClCompile Include="..\..\srtp\crypto\cipher\aes_cbc.c">48 42 <Filter>crypto\cipher</Filter> 49 43 </ClCompile> … … 81 75 <Filter>crypto\math</Filter> 82 76 </ClCompile> 83 <ClCompile Include="..\..\srtp\crypto\math\gf2_8.c">84 <Filter>crypto\math</Filter>85 </ClCompile>86 77 <ClCompile Include="..\..\srtp\crypto\math\stat.c"> 87 78 <Filter>crypto\math</Filter> … … 92 83 <ClCompile Include="..\..\srtp\crypto\replay\rdbx.c"> 93 84 <Filter>crypto\replay</Filter> 94 </ClCompile>95 <ClCompile Include="..\..\srtp\crypto\rng\ctr_prng.c">96 <Filter>crypto\rng</Filter>97 </ClCompile>98 <ClCompile Include="..\..\srtp\crypto\rng\prng.c">99 <Filter>crypto\rng</Filter>100 </ClCompile>101 <ClCompile Include="..\..\srtp\crypto\rng\rand_source.c">102 <Filter>crypto\rng</Filter>103 85 </ClCompile> 104 86 <ClCompile Include="..\..\srtp\srtp\ekt.c"> … … 114 96 <Filter>crypto\hash</Filter> 115 97 </ClCompile> 116 <ClCompile Include="..\..\srtp\crypto\rng\rand_source_ossl.c">117 <Filter>crypto\rng</Filter>118 </ClCompile>119 98 </ItemGroup> 120 99 <ItemGroup> 121 <ClInclude Include="..\..\srtp\include\rtp.h">122 <Filter>Header Files</Filter>123 </ClInclude>124 100 <ClInclude Include="..\..\srtp\include\srtp.h"> 125 101 <Filter>Header Files</Filter> … … 132 108 </ClInclude> 133 109 <ClInclude Include="..\..\srtp\crypto\include\aes.h"> 134 <Filter>crypto\include</Filter>135 </ClInclude>136 <ClInclude Include="..\..\srtp\crypto\include\aes_cbc.h">137 110 <Filter>crypto\include</Filter> 138 111 </ClInclude> … … 149 122 <Filter>crypto\include</Filter> 150 123 </ClInclude> 151 <ClInclude Include="..\..\srtp\crypto\include\crypto.h">152 <Filter>crypto\include</Filter>153 </ClInclude>154 124 <ClInclude Include="..\..\srtp\crypto\include\crypto_kernel.h"> 155 125 <Filter>crypto\include</Filter> 156 126 </ClInclude> 157 <ClInclude Include="..\..\srtp\crypto\include\crypto_math.h">158 <Filter>crypto\include</Filter>159 </ClInclude>160 127 <ClInclude Include="..\..\srtp\crypto\include\crypto_types.h"> 161 <Filter>crypto\include</Filter>162 </ClInclude>163 <ClInclude Include="..\..\srtp\crypto\include\cryptoalg.h">164 128 <Filter>crypto\include</Filter> 165 129 </ClInclude> … … 170 134 <Filter>crypto\include</Filter> 171 135 </ClInclude> 172 <ClInclude Include="..\..\srtp\crypto\include\gf2_8.h">173 <Filter>crypto\include</Filter>174 </ClInclude>175 136 <ClInclude Include="..\..\srtp\crypto\include\hmac.h"> 176 137 <Filter>crypto\include</Filter> 177 138 </ClInclude> 178 139 <ClInclude Include="..\..\srtp\crypto\include\integers.h"> 179 <Filter>crypto\include</Filter>180 </ClInclude>181 <ClInclude Include="..\..\srtp\crypto\include\kernel_compat.h">182 140 <Filter>crypto\include</Filter> 183 141 </ClInclude> … … 189 147 </ClInclude> 190 148 <ClInclude Include="..\..\srtp\crypto\include\null_cipher.h"> 191 <Filter>crypto\include</Filter>192 </ClInclude>193 <ClInclude Include="..\..\srtp\crypto\include\prng.h">194 <Filter>crypto\include</Filter>195 </ClInclude>196 <ClInclude Include="..\..\srtp\crypto\include\rand_source.h">197 149 <Filter>crypto\include</Filter> 198 150 </ClInclude> -
pjproject/trunk/third_party/build/srtp/srtp_config.h
r5261 r5614 226 226 227 227 /* Define to the full name and version of this package. */ 228 #define PACKAGE_STRING "libsrtp 1.5.4"228 #define PACKAGE_STRING "libsrtp 2.1.0" 229 229 230 230 /* Define to the version of this package. */ 231 #define PACKAGE_VERSION " 1.5.4"231 #define PACKAGE_VERSION "2.1.0" 232 232 233 233 -
pjproject/trunk/third_party/srtp/CHANGES
r5261 r5614 1 1 Changelog 2 2 3 1.5.4 3 2.1.0 4 4 5 Use BE byte ordering of RTCP trailer. 5 Compatibility changes 6 6 7 Allow zero length payload on unprotect. 7 PR #253 - Cipher type cleanup for AES 8 When libSRTP is compiled with OpenSSL and the AES 256 ICM cipher is used 9 with RTCP an incorrect initialization vector is formed. 10 This change will break backwards compatibility with older versions (1.5, 11 2.0) of libSRTP when using the AES 256 ICM cipher with OpenSSL for RTCP. 8 12 9 1.5.3 13 PR #259 - Sequence number incorrectly masked for AES GCM IV 14 The initialization vector for AES GCM encryption was incorrectly formed on 15 little endian machines. 16 This change will break backwards compatibility with older versions (1.5, 17 2.0) of libSRTP when using the AES GCM cipher for RTCP. 10 18 11 Fix for CVE-2015-6360. 19 PR #287 - Fix OOB read in key generation for encrypted headers with GCM ciphers 20 Adds padding of GCM salt to the corresponding ICM length used for header 21 encryption. 22 This change will break backwards compatibility with version 2.0 of libSRTP 23 when using the header encryption extension with the AES GCM cipher. 12 24 13 Pull request 103 - Makefile.in: Don't hard-code ar. 25 Major changes 14 26 15 Pull request 99 - Various fixes for compiling with Visual Studio. 16 17 Pull request 98 - Do not duplicate shared library when installing. 27 PR #204 - OpenSSL performance improvements 28 Changed key expansion to occur once per key instead of once per packet. 18 29 19 Please see commit log for a full list of other minor fixes. 30 PR #209 - Restore AES-192 under BoringSSL 31 BoringSSL supports AES-192 and is now enabled in libSRTP. 20 32 21 1.5.2 22 23 Autoconf checks for libz and libdl for buildroot support. 33 PR #224 - Master Key Identifiers (MKI) Support patch 34 Adds MKI support with up to 4 keys. 24 35 25 Pull request 96 - Include config.h to get inline on Windows. 36 PR #234 - Report SSRC instead of srtp_stream_t in srtp_event_data_t 37 srtp_stream_t is an opaque type making the event framework almost useless. 38 Now the SSRC is returned instead for use as a key in the public API. 26 39 27 Pull request 93 - Don't include AES-192 when compiling against BoringSSL. 40 PR #238 - Configure changes and improvements 41 CFLAGS check more shell neutral, quotation fixes, always generate and 42 install pkg-config file, improved OpenSSL discovery and linking, remove 43 -fPIC flag on Windows, fix shared library generation under Cygwin, replace 44 hardcoded CFLAGS with compiler checks, and regenerate configure after 45 configure.in changes. 28 46 29 1.5.1 47 PR #241 & PR #261 - Improved logging API to receive log messages from libSRTP 48 Provides a logging API and the ability to enable logging to stdout and a 49 file, as well as a switch to enable all internal debug modules. 30 50 31 Pull request 95 - Additional header check from Chromium 51 PR #289 - Added support for set and get the roll-over-counter 52 Adds an API to set and get the ROC in an (S)RTP session. 32 53 33 Pull request 94 - Add missing copyright headers. 54 PR #304 - Fix (S)RTP and (S)RTCP for big endian machines 55 The structures srtp_hdr_t, srtcp_hdr_t and srtcp_trailer_t were defined 56 incorrectly on big endian systems. 34 57 35 Pull request 90 - Fix out-of-source tree builds. 58 Other changes 36 59 37 P ull request 89 - Introduce little endian RISC support60 PR #149 - Don't create a symlink if there is no $(SHAREDLIBVERSION) 38 61 39 P ull request 86 - Add support for cross-compiling the shared library for Windows and OS X62 PR #151 - Make srtp_driver compile for MIPS 40 63 41 P ull request 85 - Add -f <pcap filter> option to rtp_decoder64 PR #160 - Use PKG_PROG_PKG_CONFIG to find correct pkg-config 42 65 43 P ull request 84 - Avoid problems due to unsafe macros66 PR #167 - Additional RTCP and SRTCP tests 44 67 45 P ull request 82 - Align the AES ICM nonce68 PR #169 - Identified merge conflict created by commit 6b71fb9 46 69 47 P ull request 80 - Take advantage of base64 conversion in testapps70 PR #173 - Avoid error 'possibly undefined macro: AM_PROG_AR' 48 71 49 P ull request 75 - Cleanup: miscellaneous cleanup of initial OpenSSL AES support72 PR #174 - Avoid warning 'The macro AC_TRY_LINK is obsolete.' 50 73 51 P ull request 74 - Allow testing with pcap file or capture - Issue #4574 PR #175 - Remove 2nd -fPIC 52 75 53 Other trivial fixes are included as well. Please see github for details.76 PR #182 - Add a length check before reading packet data 54 77 55 1.5.0 56 57 Add support for using OpenSSL crypto using the --enable-openssl 58 option. 78 PR #191 - On debug, output correct endianness of SSRC 59 79 60 Add support for AES-GCM crypto suites.80 PR #192 - Replace octet_string_is_eq with a constant-time implementation 61 81 62 Add support for pkg_config.82 PR #195 - Add missing __cplusplus header guards 63 83 64 Add user data API to allow user to associate additional data with a 65 SRTP context. 84 PR #198 - Update sha1_driver.c to avoid memory leaks 66 85 67 This release also includes a variety of bug fixes, which can be 68 viewed at: https://github.com/cisco/libsrtp/commits/master 86 PR #202 - Add an explicit cast to avoid a printf format warning on macOS 69 87 70 Note: The change log was not maintained between versions 1.3.20 and 71 1.4.5. 88 PR #205 - Update Windows build files to Visual Studio 2015 72 89 73 1.3.20 90 PR #207 - Fix to install-win.bat syntax, and add installation of x64 libraries 74 91 75 Lots of changes. Thanks to Jeff Chan for catching a memory leak and 76 helping track down the endian issues with the SSRCs. 92 PR #208 - Make replace_cipher and replace_auth public again 77 93 78 1.3.8 94 PR #211 - Changes for OpenSSL 1.1.0 compatibility 79 95 80 This is an interim release. Several little-endian bugs were identified 81 and fixed; this means that we can use intel/linux for development again. 96 PR #213 - Add cast to `unsigned int` in call to printf in test 82 97 83 Cleaned up sha1 and hmac code significantly, got rid of some excess 84 functions and properly documented the fuctions in the .h files. 98 PR #214 - Avoid empty initializer braces 85 99 86 Eliminated some vestigial files.100 PR #222 - Fix issue: No consistency when use some srtp_* functions 87 101 88 There is a SIGBUS error in the AES encrypt function on sparc 89 (observed on both solaris and openbsd) with gcc 2.95. Was unable to 90 find bad pointer anywhere, so I'm wondering if it isn't a compiler 91 problem (there's a known problem whose profile it fits). It doesn't 92 appear on any other platform, even in the cipher_driver stress 93 tests. 102 PR #231 - Advance version on master in preparation for 2.1 release 94 103 95 P lanned changes104 PR #232 - Update Travis, do not build with OpenSSL on OSX 96 105 97 Change interface to nonces (xtd_seq_num_t) so that it uses98 network byte ordering, and is consistent with other arguments.106 PR #233 - crypto/replay/rdbx.c: Return type of srtp_index_guess from int to 107 int32_t 99 108 109 PR #236 - test/rtp_decoder.c: Removed superfluous conditional 100 110 101 1.3.6 111 PR #237 - test/rtp_decoder.c: spring cleaning 102 112 103 Changed /dev/random (in configure.in and crypto/rng/rand_source.c) to 104 /dev/urandom; the latter is non-blocking on all known platforms (which 105 corrects some programs that seem to hang) and is actually present on 106 Open BSD (unlike /dev/random, which only works in the presence of 107 hardware supported random number generation). 113 PR #239 - octet_string_set_to_zero() delegates to OPENSSL_cleanse() if 114 available, if not it will use srtp_cleanse() to zero memory 108 115 109 Added machine/types.h case in include/integers.h.116 PR #243 - EKT is not really supported yet, remove from install 110 117 111 1.3.5 118 PR #244 - Add simple error checking in timing test to avoid false results 112 119 113 Removing srtp_t::template and stream_clone().120 PR #245 - Add missing srtp_cipher_dealloc calls when test fails 114 121 115 Adding a new policy structure, which will reflect a complete SRTP 116 policy (including SRTCP). 122 PR #246 - test/rtp_decoder: Add missing conditional 117 123 118 This version is *incomplete* and will undergo more changes. It is119 provided only as a basis for discussion.124 PR #248 - New README.md that integrates intro, credits and references from 125 /doc/ and is used to generate documentation 120 126 121 1.3.4 127 PR #249 - Remove support for generic aesicm from configure.in 122 128 123 Removed tmmh.c and tmmh.h, which implemented version one of TMMH.129 PR #250 - Update README.md, incorrect tag for link 124 130 125 Changed srtp_get_trailer_length() to act on streams rather than 126 sessions, and documented the macro SRTP_MAX_TRAILER_LEN, which should 127 usually be used rather than that function. 131 PR #255 - Cleanup outdated comment related to MKI 128 132 129 Removed 'salt' from cipher input.133 PR #258 - Add AES-GCM to DTLS-SRTP Protection Profiles 130 134 131 Changed rdbx to use err.h error codes.135 PR #263 - Cleaning up and removing duplicated and outdated code 132 136 133 Changed malloc() and free() to xalloc() and xfree; these functions 134 are defined in crypto/kernel/alloc.c and declared in 135 include/alloc.h. 137 PR #265 - Introduction of unit test framework: CUTest 136 138 137 Added 'output' functions to cipher, in addition to 'encrypt' 138 functions. It is no longer necessary to zeroize a buffer before 139 encrypting in order to get keystream. 139 PR #267 - crypto/kernel/err.c: Include datatypes.h 140 140 141 Changed octet_string_hex_string() so that "times two" isn't needed 142 in its input. 141 PR #272 - Reduce literal constants 143 142 144 Added crypto_kernel_init() prior to command-line parsing, so that 145 kernel can be passed command-line arguments, such as "-d 146 debug_module". This was done to for the applications 147 test/srtp-driver, test/kernel-driver, and test/ust-driver. 143 PR #273 - SRTP AEAD SRTCP initialization vector regression tests 148 144 149 Improved srtp_init_aes_128_prf - wrote key derivation function 150 (srtp_kdf_t). 145 PR #274 - Update Travis build - add ccache 151 146 152 Add the tag_len as an argument to the auth_compute() function, but 153 not the corresponding macro. This change allows the tag length for 154 a given auth func to be set to different values at initialization 155 time. Previously, the structure auth_t contained the 156 output_length, but that value was inaccessible from hmac_compute() 157 and other functions. 147 PR #276 - Reference and docs updates 158 148 159 Re-named files from a-b.c to a_b.c. in order to help portability.149 PR #278 - Removed crypto/test/auth_driver.c and test/lfsr.c 160 150 161 Re-named rijndael to aes (or aes_128 as appropriate).151 PR #279 - Bump copyright year 162 152 153 PR #283 - Add missing docs in srtp.h 163 154 164 1.2.1 155 PR #284 - Add strict-prototypes warning if supported 165 156 166 Changes so that 1.2.0 compiles on cygwin-win2k.157 PR #291 - Use const char * for srtp_set_debug_module() 167 158 168 Added better error reporting system. If syslog is present on the 169 OS, then it is used. 159 PR #294 - Fix incorrect result of rdb_increment on overflow 170 160 161 PR #300 - Standalone tests 171 162 172 1.2.0 Many improvements and additions, and a fexfixes163 PR #301 - Configure fixes 173 164 174 Fixed endian issues in RTP header construction in the function 175 rtp_sendto() in srtp/rtp.c. 165 PR #302 - Fix warning regarding unused variable 176 166 177 Implemented RIJNDAEL decryption operation, adding the functions 178 rijndael_decrypt() and rijndael_expand_decryption_key(). Also 179 re-named rijndael_expand_key() to rijndael_expand_encryption_key() 180 for consistency. 181 182 Implemented random number source using /dev/random, in the files 183 crypto/rng/rand_source.c and include/rand_source.h. 184 185 Added index check to SEAL cipher (only values less than 2^32 are 186 allowed) 187 188 Added test case for null_auth authentication function. 189 190 Added a timing test which tests the effect of CPU cache thrash on 191 cipher throughput. The test is done by the function 192 cipher_test_throughput_array(); the function 193 cipher_array_alloc_init() creates an array of ciphers for use in 194 this test. This test can be accessed by using the -a flag to 195 the application cipher-driver in the test subdirectory. 196 197 Added argument processing to ust-driver.c, and added that app to 198 the 'runtest' target in Makefile.in. 199 200 A minor auth_t API change: last argument of auth_init() eliminated. 201 202 203 1.0.6 A small but important fix 204 205 Fixed srtp_init_aes_128_prf() by adding octet_string_set_to_zero() 206 after buffer allocation. 207 208 Eliminated references to no-longer-existing variables in debugging 209 code in srtp/srtp.c. This fixes the compilation failure that 210 occured when using PRINT_DEBUG in that file. 211 212 Corrected spelling of Richard Priestley's name in credits. Sorry 213 Richard! 214 215 216 1.0.5 Many little fixes 217 218 Fixed octet_string_set_to_zero(), which was writing one 219 more zero octet than it should. This bug caused srtp_protect() 220 and srtp_unprotect() to overwrite the byte that followed the 221 srtp packet. 222 223 Changed sizeof(uint32_t) to srtp_get_trailer_length() in 224 srtp-driver.c. This is just defensive coding. 225 226 Added NULL check to malloc in srtp_alloc(). 227 228 229 1.0.4 Many minor fixes and two big ones (thanks for the bug reports!) 230 231 Removed 'ssrc' from the srtp_init_aes_128_prf() function argument 232 list. This is so that applications which do not a priori know the 233 ssrc which they will be receiving can still use libsrtp. Now the 234 SSRC value is gleaned from the rtp header and exored into the 235 counter mode offset in the srtp_protect() and srtp_unprotect() 236 functions, if that cipher is used. This change cascaed through 237 many other functions, including srtp_init_from_hex(), 238 srtp_sender_init() and srtp_receiver_init() in rtp.c, and also 239 changing the CLI to test/rtpw. In the future, another function 240 call will be added to the library that enables multiple ssrc/key 241 pairs to be installed into the same srtp session, so that libsrtp 242 works with multiple srtp senders. For now, this functionality is 243 lacking. 244 245 Removed the GDOI interface to the rtpw demo program. This will be 246 added again at a later date, after the SRTP and GDOI distributions 247 stabilize. For now, I've left in the GDOI #defines and autoconf 248 definitions so that they'll be in place when needed. 249 250 Updated tmmhv2_compute() so that it didn't assume any particular 251 alginment of the output tag. 252 253 Changed bit field variables in srtp.h to unsigned char from 254 unsigned int in order to avoid a potential endianness issue. 255 256 Fixed rdbx_estimate_index() to handle all input cases. This solves 257 the now notorious "abaft" bug in the rtpw demo app on linux/intel, 258 in which spurious replay protection failures happen after that word 259 is received. 260 261 Added ntohs(hdr->seq) to srtp_protect and srtp_unprotect, removed 262 from rijndael_icm_set_segment(). 263 264 Added error checking and handling to srtp_sender_init() and 265 srtp_receiver_init(). 266 267 Changed srtp_alloc() so that it does what you'd expect: allocate an 268 srtp_ctx_t structure. This hides the library internals. 269 270 271 1.0.1 Many minor fixes 272 273 Added cipher_driver_buffer_test(...) to test/cipher-driver.c. This 274 function checks that the byte-buffering functions used by a cipher 275 are correct. 276 277 Fixed SunOS/Solaris build problems: added HAVE_SYS_INT_TYPES_H and 278 changed index_t to xtd_seq_num_t (see include/rdbx.h). 279 280 Fixed SEAL3.0 output byte buffering, added byte-buffering test to 281 cipher/cipher-driver.c. 282 283 Fixed roc-driver so that the non-sequential insertion test 284 automatically recovers from bad estimates. This was required to 285 prevent spurious failures. 286 287 Made rdbx_estimate_index(...) function smarter, so that initial RTP 288 sequence numbers greater than 32,768 don't cause it to estimate the 289 rollover counter of 0xffffffff. 290 291 292 1.0.0 Initial release 293 167 PR #303 - Makefile.in: Add gnu as match for shared lib suffix -
pjproject/trunk/third_party/srtp/LICENSE
r1730 r5614 1 1 /* 2 2 * 3 * Copyright (c) 2001-20 06Cisco Systems, Inc.3 * Copyright (c) 2001-2017 Cisco Systems, Inc. 4 4 * All rights reserved. 5 5 * -
pjproject/trunk/third_party/srtp/VERSION
r5261 r5614 1 1.5.4 1 2.1.0-pre -
pjproject/trunk/third_party/srtp/crypto/cipher/aes.c
r5261 r5614 9 9 10 10 /* 11 * 12 * Copyright (c) 2001-20 06, Cisco Systems, Inc.11 * 12 * Copyright (c) 2001-2017, Cisco Systems, Inc. 13 13 * All rights reserved. 14 * 14 * 15 15 * Redistribution and use in source and binary forms, with or without 16 16 * modification, are permitted provided that the following conditions 17 17 * are met: 18 * 18 * 19 19 * Redistributions of source code must retain the above copyright 20 20 * notice, this list of conditions and the following disclaimer. 21 * 21 * 22 22 * Redistributions in binary form must reproduce the above 23 23 * copyright notice, this list of conditions and the following 24 24 * disclaimer in the documentation and/or other materials provided 25 25 * with the distribution. 26 * 26 * 27 27 * Neither the name of the Cisco Systems, Inc. nor the names of its 28 28 * contributors may be used to endorse or promote products derived 29 29 * from this software without specific prior written permission. 30 * 30 * 31 31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 32 32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 51 51 #include "err.h" 52 52 53 /* 54 * we use the tables T0, T1, T2, T3, and T4 to compute AES, and 53 /* 54 * we use the tables T0, T1, T2, T3, and T4 to compute AES, and 55 55 * the tables U0, U1, U2, and U4 to compute its inverse 56 56 * … … 65 65 #ifndef WORDS_BIGENDIAN 66 66 67 static uint32_t T0[256] = {68 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,69 0xdf2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,70 0x50303060, 0x3010102, 0xa96767ce, 0x7d2b2b56,71 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,72 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,73 0x15fafaef, 0xeb5959b2, 0xc947478e, 0xbf0f0fb,74 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,75 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,76 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,77 0x5a36366c, 0x413f3f7e, 0x2f7f7f5, 0x4fcccc83,78 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x8f1f1f9,79 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,80 0xc040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,81 0x28181830, 0xa1969637, 0xf05050a, 0xb59a9a2f,82 0x907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,83 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,84 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,85 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,86 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,87 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,88 0xf55353a6, 0x68d1d1b9, 0x0, 0x2cededc1,89 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,90 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,91 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,92 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,93 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,94 0xcf45458a, 0x10f9f9e9, 0x6020204, 0x817f7ffe,95 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,96 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,97 0xad92923f, 0xbc9d9d21, 0x48383870, 0x4f5f5f1,98 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,99 0x30101020, 0x1affffe5, 0xef3f3fd, 0x6dd2d2bf,100 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,101 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,102 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,103 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,104 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,105 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,106 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,107 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,108 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,109 0xdb494992, 0xa06060c, 0x6c242448, 0xe45c5cb8,110 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,111 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,112 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,113 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,114 0xb46c6cd8, 0xfa5656ac, 0x7f4f4f3, 0x25eaeacf,115 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,116 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,117 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,118 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,119 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,120 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,121 0xd8484890, 0x5030306, 0x1f6f6f7, 0x120e0e1c,122 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,123 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,124 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,125 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,126 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,127 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,128 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,129 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,130 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,131 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c,67 static const uint32_t T0[256] = { 68 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 69 0xdf2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, 70 0x50303060, 0x3010102, 0xa96767ce, 0x7d2b2b56, 71 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, 72 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, 73 0x15fafaef, 0xeb5959b2, 0xc947478e, 0xbf0f0fb, 74 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 75 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, 76 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, 77 0x5a36366c, 0x413f3f7e, 0x2f7f7f5, 0x4fcccc83, 78 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x8f1f1f9, 79 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, 80 0xc040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, 81 0x28181830, 0xa1969637, 0xf05050a, 0xb59a9a2f, 82 0x907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, 83 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 84 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, 85 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, 86 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, 87 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, 88 0xf55353a6, 0x68d1d1b9, 0x0, 0x2cededc1, 89 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 90 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, 91 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, 92 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 93 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, 94 0xcf45458a, 0x10f9f9e9, 0x6020204, 0x817f7ffe, 95 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, 96 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, 97 0xad92923f, 0xbc9d9d21, 0x48383870, 0x4f5f5f1, 98 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 99 0x30101020, 0x1affffe5, 0xef3f3fd, 0x6dd2d2bf, 100 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, 101 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, 102 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, 103 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, 104 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, 105 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, 106 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, 107 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, 108 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, 109 0xdb494992, 0xa06060c, 0x6c242448, 0xe45c5cb8, 110 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, 111 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, 112 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, 113 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 114 0xb46c6cd8, 0xfa5656ac, 0x7f4f4f3, 0x25eaeacf, 115 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, 116 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, 117 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, 118 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, 119 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 120 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, 121 0xd8484890, 0x5030306, 0x1f6f6f7, 0x120e0e1c, 122 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 123 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, 124 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, 125 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, 126 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, 127 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, 128 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 129 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, 130 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, 131 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c, 132 132 }; 133 133 134 static uint32_t T1[256] = {135 0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d,136 0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154,137 0x30306050, 0x1010203, 0x6767cea9, 0x2b2b567d,138 0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a,139 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87,140 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b,141 0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea,142 0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b,143 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a,144 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f,145 0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908,146 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f,147 0x404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e,148 0x18183028, 0x969637a1, 0x5050a0f, 0x9a9a2fb5,149 0x7070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d,150 0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f,151 0x909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e,152 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb,153 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce,154 0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397,155 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c,156 0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed,157 0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b,158 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a,159 0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16,160 0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194,161 0x45458acf, 0xf9f9e910, 0x2020406, 0x7f7ffe81,162 0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3,163 0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a,164 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104,165 0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263,166 0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d,167 0xcdcd814c, 0xc0c1814, 0x13132635, 0xececc32f,168 0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39,169 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47,170 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695,171 0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f,172 0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83,173 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c,174 0xdedea779, 0x5e5ebce2, 0xb0b161d, 0xdbdbad76,175 0xe0e0db3b, 0x32326456, 0x3a3a744e, 0xa0a141e,176 0x494992db, 0x6060c0a, 0x2424486c, 0x5c5cb8e4,177 0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6,178 0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b,179 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7,180 0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0,181 0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25,182 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x8081018,183 0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72,184 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751,185 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21,186 0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85,187 0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa,188 0x484890d8, 0x3030605, 0xf6f6f701, 0xe0e1c12,189 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0,190 0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9,191 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233,192 0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7,193 0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920,194 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a,195 0x8c8c038f, 0xa1a159f8, 0x89890980, 0xd0d1a17,196 0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8,197 0x414182c3, 0x999929b0, 0x2d2d5a77, 0xf0f1e11,198 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a,134 static const uint32_t T1[256] = { 135 0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d, 136 0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154, 137 0x30306050, 0x1010203, 0x6767cea9, 0x2b2b567d, 138 0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a, 139 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87, 140 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b, 141 0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea, 142 0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b, 143 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a, 144 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f, 145 0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908, 146 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f, 147 0x404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e, 148 0x18183028, 0x969637a1, 0x5050a0f, 0x9a9a2fb5, 149 0x7070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d, 150 0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f, 151 0x909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e, 152 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb, 153 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce, 154 0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397, 155 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c, 156 0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed, 157 0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b, 158 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a, 159 0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16, 160 0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194, 161 0x45458acf, 0xf9f9e910, 0x2020406, 0x7f7ffe81, 162 0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3, 163 0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a, 164 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104, 165 0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263, 166 0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d, 167 0xcdcd814c, 0xc0c1814, 0x13132635, 0xececc32f, 168 0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39, 169 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47, 170 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695, 171 0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f, 172 0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83, 173 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c, 174 0xdedea779, 0x5e5ebce2, 0xb0b161d, 0xdbdbad76, 175 0xe0e0db3b, 0x32326456, 0x3a3a744e, 0xa0a141e, 176 0x494992db, 0x6060c0a, 0x2424486c, 0x5c5cb8e4, 177 0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6, 178 0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b, 179 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7, 180 0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0, 181 0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25, 182 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x8081018, 183 0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72, 184 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751, 185 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21, 186 0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85, 187 0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa, 188 0x484890d8, 0x3030605, 0xf6f6f701, 0xe0e1c12, 189 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0, 190 0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9, 191 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233, 192 0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7, 193 0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920, 194 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a, 195 0x8c8c038f, 0xa1a159f8, 0x89890980, 0xd0d1a17, 196 0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8, 197 0x414182c3, 0x999929b0, 0x2d2d5a77, 0xf0f1e11, 198 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a, 199 199 }; 200 200 201 static uint32_t T2[256] = {202 0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b,203 0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5,204 0x30605030, 0x1020301, 0x67cea967, 0x2b567d2b,205 0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76,206 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d,207 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0,208 0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf,209 0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0,210 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26,211 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc,212 0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1,213 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15,214 0x4080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3,215 0x18302818, 0x9637a196, 0x50a0f05, 0x9a2fb59a,216 0x70e0907, 0x12243612, 0x801b9b80, 0xe2df3de2,217 0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75,218 0x9121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a,219 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0,220 0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3,221 0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784,222 0x53a6f553, 0xd1b968d1, 0x0, 0xedc12ced,223 0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b,224 0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39,225 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf,226 0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb,227 0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485,228 0x458acf45, 0xf9e910f9, 0x2040602, 0x7ffe817f,229 0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8,230 0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f,231 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5,232 0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321,233 0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2,234 0xcd814ccd, 0xc18140c, 0x13263513, 0xecc32fec,235 0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917,236 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d,237 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573,238 0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc,239 0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388,240 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14,241 0xdea779de, 0x5ebce25e, 0xb161d0b, 0xdbad76db,242 0xe0db3be0, 0x32645632, 0x3a744e3a, 0xa141e0a,243 0x4992db49, 0x60c0a06, 0x24486c24, 0x5cb8e45c,244 0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662,245 0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79,246 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d,247 0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9,248 0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea,249 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x8101808,250 0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e,251 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6,252 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f,253 0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a,254 0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66,255 0x4890d848, 0x3060503, 0xf6f701f6, 0xe1c120e,256 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9,257 0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e,258 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311,259 0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794,260 0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9,261 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf,262 0x8c038f8c, 0xa159f8a1, 0x89098089, 0xd1a170d,263 0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868,264 0x4182c341, 0x9929b099, 0x2d5a772d, 0xf1e110f,265 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16,201 static const uint32_t T2[256] = { 202 0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b, 203 0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5, 204 0x30605030, 0x1020301, 0x67cea967, 0x2b567d2b, 205 0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76, 206 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d, 207 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0, 208 0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf, 209 0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0, 210 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26, 211 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc, 212 0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1, 213 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15, 214 0x4080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3, 215 0x18302818, 0x9637a196, 0x50a0f05, 0x9a2fb59a, 216 0x70e0907, 0x12243612, 0x801b9b80, 0xe2df3de2, 217 0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75, 218 0x9121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a, 219 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0, 220 0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3, 221 0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784, 222 0x53a6f553, 0xd1b968d1, 0x0, 0xedc12ced, 223 0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b, 224 0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39, 225 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf, 226 0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb, 227 0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485, 228 0x458acf45, 0xf9e910f9, 0x2040602, 0x7ffe817f, 229 0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8, 230 0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f, 231 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5, 232 0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321, 233 0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2, 234 0xcd814ccd, 0xc18140c, 0x13263513, 0xecc32fec, 235 0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917, 236 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d, 237 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573, 238 0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc, 239 0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388, 240 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14, 241 0xdea779de, 0x5ebce25e, 0xb161d0b, 0xdbad76db, 242 0xe0db3be0, 0x32645632, 0x3a744e3a, 0xa141e0a, 243 0x4992db49, 0x60c0a06, 0x24486c24, 0x5cb8e45c, 244 0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662, 245 0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79, 246 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d, 247 0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9, 248 0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea, 249 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x8101808, 250 0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e, 251 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6, 252 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f, 253 0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a, 254 0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66, 255 0x4890d848, 0x3060503, 0xf6f701f6, 0xe1c120e, 256 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9, 257 0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e, 258 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311, 259 0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794, 260 0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9, 261 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf, 262 0x8c038f8c, 0xa159f8a1, 0x89098089, 0xd1a170d, 263 0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868, 264 0x4182c341, 0x9929b099, 0x2d5a772d, 0xf1e110f, 265 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16, 266 266 }; 267 267 268 static uint32_t T3[256] = {269 0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b,270 0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5,271 0x60503030, 0x2030101, 0xcea96767, 0x567d2b2b,272 0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676,273 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d,274 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0,275 0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf,276 0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0,277 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626,278 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc,279 0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1,280 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515,281 0x80c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3,282 0x30281818, 0x37a19696, 0xa0f0505, 0x2fb59a9a,283 0xe090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2,284 0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575,285 0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a,286 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0,287 0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3,288 0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484,289 0xa6f55353, 0xb968d1d1, 0x0, 0xc12ceded,290 0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b,291 0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939,292 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf,293 0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb,294 0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585,295 0x8acf4545, 0xe910f9f9, 0x4060202, 0xfe817f7f,296 0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8,297 0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x58a8f8f,298 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5,299 0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121,300 0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2,301 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec,302 0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717,303 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d,304 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373,305 0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc,306 0x44662222, 0x547e2a2a, 0x3bab9090, 0xb838888,307 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414,308 0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb,309 0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a,310 0x92db4949, 0xc0a0606, 0x486c2424, 0xb8e45c5c,311 0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262,312 0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979,313 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d,314 0x18c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9,315 0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea,316 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808,317 0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e,318 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6,319 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f,320 0x96dd4b4b, 0x61dcbdbd, 0xd868b8b, 0xf858a8a,321 0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666,322 0x90d84848, 0x6050303, 0xf701f6f6, 0x1c120e0e,323 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9,324 0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e,325 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111,326 0xd2bb6969, 0xa970d9d9, 0x7898e8e, 0x33a79494,327 0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9,328 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf,329 0x38f8c8c, 0x59f8a1a1, 0x9808989, 0x1a170d0d,330 0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868,331 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f,332 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616,268 static const uint32_t T3[256] = { 269 0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b, 270 0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5, 271 0x60503030, 0x2030101, 0xcea96767, 0x567d2b2b, 272 0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676, 273 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d, 274 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0, 275 0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf, 276 0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0, 277 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626, 278 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc, 279 0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1, 280 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515, 281 0x80c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3, 282 0x30281818, 0x37a19696, 0xa0f0505, 0x2fb59a9a, 283 0xe090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2, 284 0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575, 285 0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a, 286 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0, 287 0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3, 288 0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484, 289 0xa6f55353, 0xb968d1d1, 0x0, 0xc12ceded, 290 0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b, 291 0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939, 292 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf, 293 0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb, 294 0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585, 295 0x8acf4545, 0xe910f9f9, 0x4060202, 0xfe817f7f, 296 0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8, 297 0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x58a8f8f, 298 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5, 299 0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121, 300 0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2, 301 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec, 302 0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717, 303 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d, 304 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373, 305 0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc, 306 0x44662222, 0x547e2a2a, 0x3bab9090, 0xb838888, 307 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414, 308 0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb, 309 0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a, 310 0x92db4949, 0xc0a0606, 0x486c2424, 0xb8e45c5c, 311 0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262, 312 0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979, 313 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d, 314 0x18c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9, 315 0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea, 316 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808, 317 0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e, 318 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6, 319 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f, 320 0x96dd4b4b, 0x61dcbdbd, 0xd868b8b, 0xf858a8a, 321 0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666, 322 0x90d84848, 0x6050303, 0xf701f6f6, 0x1c120e0e, 323 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9, 324 0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e, 325 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111, 326 0xd2bb6969, 0xa970d9d9, 0x7898e8e, 0x33a79494, 327 0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9, 328 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf, 329 0x38f8c8c, 0x59f8a1a1, 0x9808989, 0x1a170d0d, 330 0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868, 331 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f, 332 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616, 333 333 }; 334 334 335 static uint32_t U0[256] = {336 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,337 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,338 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5,339 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5,340 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d,341 0x2752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b,342 0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295,343 0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e,344 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927,345 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d,346 0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362,347 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9,348 0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52,349 0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566,350 0x728ebb2, 0x3c2b52f, 0x9a7bc586, 0xa50837d3,351 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed,352 0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e,353 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4,354 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4,355 0x39ec830b, 0xaaef6040, 0x69f715e, 0x51106ebd,356 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d,357 0xb58d5491, 0x55dc471, 0x6fd40604, 0xff155060,358 0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967,359 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879,360 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x0,361 0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c,362 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36,363 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624,364 0xb1670a0c, 0xfe75793, 0xd296eeb4, 0x9e919b1b,365 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c,366 0xaba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12,367 0xb0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14,368 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3,369 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b,370 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8,371 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684,372 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7,373 0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177,374 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947,375 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322,376 0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498,377 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f,378 0xe49d3a2c, 0xd927850, 0x9bcc5f6a, 0x62467e54,379 0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382,380 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf,381 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb,382 0x97826cd, 0xf418596e, 0x1b79aec, 0xa89a4f83,383 0x656e95e6, 0x7ee6ffaa, 0x8cfbc21, 0xe6e815ef,384 0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029,385 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235,386 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733,387 0x4a9804f1, 0xf7daec41, 0xe50cd7f, 0x2ff69117,388 0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4,389 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546,390 0x4ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb,391 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d,392 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb,393 0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a,394 0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773,395 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478,396 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2,397 0x72c31d16, 0xc25e2bc, 0x8b493c28, 0x41950dff,398 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664,399 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0,335 static const uint32_t U0[256] = { 336 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 337 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b, 338 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5, 339 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5, 340 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d, 341 0x2752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b, 342 0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295, 343 0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e, 344 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927, 345 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, 346 0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362, 347 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9, 348 0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52, 349 0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566, 350 0x728ebb2, 0x3c2b52f, 0x9a7bc586, 0xa50837d3, 351 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, 352 0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e, 353 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4, 354 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4, 355 0x39ec830b, 0xaaef6040, 0x69f715e, 0x51106ebd, 356 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d, 357 0xb58d5491, 0x55dc471, 0x6fd40604, 0xff155060, 358 0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967, 359 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879, 360 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x0, 361 0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c, 362 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36, 363 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624, 364 0xb1670a0c, 0xfe75793, 0xd296eeb4, 0x9e919b1b, 365 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c, 366 0xaba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, 367 0xb0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14, 368 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3, 369 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b, 370 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8, 371 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684, 372 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 373 0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177, 374 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947, 375 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, 376 0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498, 377 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f, 378 0xe49d3a2c, 0xd927850, 0x9bcc5f6a, 0x62467e54, 379 0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382, 380 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf, 381 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, 382 0x97826cd, 0xf418596e, 0x1b79aec, 0xa89a4f83, 383 0x656e95e6, 0x7ee6ffaa, 0x8cfbc21, 0xe6e815ef, 384 0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029, 385 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235, 386 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733, 387 0x4a9804f1, 0xf7daec41, 0xe50cd7f, 0x2ff69117, 388 0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4, 389 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546, 390 0x4ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 391 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d, 392 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb, 393 0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a, 394 0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773, 395 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478, 396 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 397 0x72c31d16, 0xc25e2bc, 0x8b493c28, 0x41950dff, 398 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664, 399 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0, 400 400 }; 401 401 402 static uint32_t U1[256] = {403 0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96,404 0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x3e34b93,405 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525,406 0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f,407 0x5ab1de49, 0x1bba2567, 0xeea4598, 0xc0fe5de1,408 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6,409 0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da,410 0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44,411 0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd,412 0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4,413 0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245,414 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994,415 0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7,416 0xd373ab23, 0x24b72e2, 0x8f1fe357, 0xab55662a,417 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x837d3a5,418 0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c,419 0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1,420 0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a,421 0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475,422 0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51,423 0x8a213ef9, 0x6dd963d, 0x53eddae, 0xbde64d46,424 0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff,425 0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777,426 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db,427 0xa7ca147, 0xf427ce9, 0x1e84f8c9, 0x0,428 0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e,429 0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627,430 0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a,431 0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e,432 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16,433 0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d,434 0xd090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8,435 0x19f15785, 0x775af4c, 0xdd99eebb, 0x607fa3fd,436 0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34,437 0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863,438 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420,439 0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d,440 0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0,441 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722,442 0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef,443 0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0xbd49836,444 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4,445 0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462,446 0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5,447 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3,448 0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b,449 0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8,450 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6,451 0x9be7bad9, 0x366f4ace, 0x99fead4, 0x7cb029d6,452 0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0,453 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315,454 0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f,455 0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x496e4df,456 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f,457 0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e,458 0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13,459 0x61d79a8c, 0xca1377a, 0x14f8598e, 0x3c13eb89,460 0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c,461 0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf,462 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886,463 0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f,464 0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41,465 0x1a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490,466 0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042,402 static const uint32_t U1[256] = { 403 0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96, 404 0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x3e34b93, 405 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525, 406 0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f, 407 0x5ab1de49, 0x1bba2567, 0xeea4598, 0xc0fe5de1, 408 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6, 409 0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da, 410 0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44, 411 0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd, 412 0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4, 413 0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245, 414 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994, 415 0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7, 416 0xd373ab23, 0x24b72e2, 0x8f1fe357, 0xab55662a, 417 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x837d3a5, 418 0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c, 419 0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1, 420 0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a, 421 0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475, 422 0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51, 423 0x8a213ef9, 0x6dd963d, 0x53eddae, 0xbde64d46, 424 0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff, 425 0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777, 426 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db, 427 0xa7ca147, 0xf427ce9, 0x1e84f8c9, 0x0, 428 0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e, 429 0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627, 430 0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a, 431 0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e, 432 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16, 433 0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d, 434 0xd090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8, 435 0x19f15785, 0x775af4c, 0xdd99eebb, 0x607fa3fd, 436 0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34, 437 0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863, 438 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420, 439 0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d, 440 0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0, 441 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722, 442 0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef, 443 0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0xbd49836, 444 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4, 445 0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462, 446 0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5, 447 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3, 448 0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b, 449 0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8, 450 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6, 451 0x9be7bad9, 0x366f4ace, 0x99fead4, 0x7cb029d6, 452 0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0, 453 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315, 454 0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f, 455 0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x496e4df, 456 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f, 457 0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e, 458 0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13, 459 0x61d79a8c, 0xca1377a, 0x14f8598e, 0x3c13eb89, 460 0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c, 461 0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf, 462 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886, 463 0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f, 464 0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41, 465 0x1a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490, 466 0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042, 467 467 }; 468 468 469 static uint32_t U2[256] = {470 0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e,471 0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303,472 0x302055fa, 0x76adf66d, 0xcc889176, 0x2f5254c,473 0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3,474 0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0,475 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9,476 0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59,477 0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8,478 0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71,479 0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a,480 0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f,481 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x8f9942b,482 0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8,483 0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab,484 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508,485 0x2830f287, 0xbf23b2a5, 0x302ba6a, 0x16ed5c82,486 0xcf8a2b1c, 0x79a792b4, 0x7f3f0f2, 0x694ea1e2,487 0xda65cdf4, 0x506d5be, 0x34d11f62, 0xa6c48afe,488 0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb,489 0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110,490 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd,491 0x5491b58d, 0xc471055d, 0x6046fd4, 0x5060ff15,492 0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e,493 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee,494 0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x0,495 0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72,496 0xefdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739,497 0xf0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e,498 0xa0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91,499 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a,500 0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17,501 0x90e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9,502 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60,503 0x1f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e,504 0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1,505 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011,506 0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1,507 0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3,508 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264,509 0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90,510 0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b,511 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf,512 0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246,513 0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af,514 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312,515 0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb,516 0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a,517 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8,518 0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c,519 0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066,520 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8,521 0x4f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6,522 0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04,523 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51,524 0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0xbfb2e41,525 0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347,526 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c,527 0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1,528 0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37,529 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db,530 0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40,531 0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0xdff4195,532 0xa8397101, 0xc08deb3, 0xb4d89ce4, 0x566490c1,533 0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257,469 static const uint32_t U2[256] = { 470 0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e, 471 0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303, 472 0x302055fa, 0x76adf66d, 0xcc889176, 0x2f5254c, 473 0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3, 474 0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0, 475 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9, 476 0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59, 477 0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8, 478 0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71, 479 0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a, 480 0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f, 481 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x8f9942b, 482 0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8, 483 0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab, 484 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508, 485 0x2830f287, 0xbf23b2a5, 0x302ba6a, 0x16ed5c82, 486 0xcf8a2b1c, 0x79a792b4, 0x7f3f0f2, 0x694ea1e2, 487 0xda65cdf4, 0x506d5be, 0x34d11f62, 0xa6c48afe, 488 0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb, 489 0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110, 490 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd, 491 0x5491b58d, 0xc471055d, 0x6046fd4, 0x5060ff15, 492 0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e, 493 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee, 494 0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x0, 495 0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72, 496 0xefdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739, 497 0xf0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e, 498 0xa0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91, 499 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a, 500 0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17, 501 0x90e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9, 502 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60, 503 0x1f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e, 504 0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1, 505 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011, 506 0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1, 507 0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3, 508 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264, 509 0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90, 510 0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b, 511 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf, 512 0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246, 513 0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af, 514 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312, 515 0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb, 516 0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a, 517 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8, 518 0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c, 519 0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066, 520 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8, 521 0x4f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6, 522 0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04, 523 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51, 524 0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0xbfb2e41, 525 0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347, 526 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c, 527 0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1, 528 0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37, 529 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db, 530 0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40, 531 0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0xdff4195, 532 0xa8397101, 0xc08deb3, 0xb4d89ce4, 0x566490c1, 533 0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257, 534 534 }; 535 535 536 static uint32_t U3[256] = {537 0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27,538 0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3,539 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02,540 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362,541 0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe,542 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3,543 0x3e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952,544 0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9,545 0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9,546 0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace,547 0x63184adf, 0xe582311a, 0x97603351, 0x62457f53,548 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08,549 0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b,550 0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55,551 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837,552 0x30f28728, 0x23b2a5bf, 0x2ba6a03, 0xed5c8216,553 0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269,554 0x65cdf4da, 0x6d5be05, 0xd11f6234, 0xc48afea6,555 0x349d532e, 0xa2a055f3, 0x532e18a, 0xa475ebf6,556 0xb39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e,557 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6,558 0x91b58d54, 0x71055dc4, 0x46fd406, 0x60ff1550,559 0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9,560 0xb0bd42e8, 0x7888b89, 0xe7385b19, 0x79dbeec8,561 0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x0,562 0x9838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a,563 0xfdfbff0e, 0xf563885, 0x3d1ed5ae, 0x3627392d,564 0xa64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36,565 0xcb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b,566 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12,567 0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b,568 0xe0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e,569 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f,570 0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb,571 0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4,572 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6,573 0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129,574 0x1d4b2f9e, 0xdcf330b2, 0xdec5286, 0x77d0e3c1,575 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9,576 0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033,577 0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4,578 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad,579 0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e,580 0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3,581 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225,582 0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b,583 0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f,584 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815,585 0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0,586 0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2,587 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7,588 0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691,589 0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496,590 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165,591 0x9d04ea5e, 0x15d358c, 0xfa737487, 0xfb2e410b,592 0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6,593 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13,594 0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147,595 0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7,596 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44,597 0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3,598 0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d,599 0x397101a8, 0x8deb30c, 0xd89ce4b4, 0x6490c156,600 0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8,536 static const uint32_t U3[256] = { 537 0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27, 538 0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3, 539 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02, 540 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362, 541 0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe, 542 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3, 543 0x3e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952, 544 0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9, 545 0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9, 546 0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace, 547 0x63184adf, 0xe582311a, 0x97603351, 0x62457f53, 548 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08, 549 0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b, 550 0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55, 551 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837, 552 0x30f28728, 0x23b2a5bf, 0x2ba6a03, 0xed5c8216, 553 0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269, 554 0x65cdf4da, 0x6d5be05, 0xd11f6234, 0xc48afea6, 555 0x349d532e, 0xa2a055f3, 0x532e18a, 0xa475ebf6, 556 0xb39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e, 557 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6, 558 0x91b58d54, 0x71055dc4, 0x46fd406, 0x60ff1550, 559 0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9, 560 0xb0bd42e8, 0x7888b89, 0xe7385b19, 0x79dbeec8, 561 0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x0, 562 0x9838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a, 563 0xfdfbff0e, 0xf563885, 0x3d1ed5ae, 0x3627392d, 564 0xa64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36, 565 0xcb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b, 566 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12, 567 0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b, 568 0xe0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e, 569 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f, 570 0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb, 571 0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4, 572 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6, 573 0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129, 574 0x1d4b2f9e, 0xdcf330b2, 0xdec5286, 0x77d0e3c1, 575 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9, 576 0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033, 577 0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4, 578 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad, 579 0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e, 580 0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3, 581 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225, 582 0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b, 583 0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f, 584 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815, 585 0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0, 586 0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2, 587 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7, 588 0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691, 589 0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496, 590 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165, 591 0x9d04ea5e, 0x15d358c, 0xfa737487, 0xfb2e410b, 592 0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6, 593 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13, 594 0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147, 595 0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7, 596 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44, 597 0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3, 598 0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d, 599 0x397101a8, 0x8deb30c, 0xd89ce4b4, 0x6490c156, 600 0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8, 601 601 }; 602 602 603 603 #else /* assume big endian */ 604 604 605 static uint32_t T0[256] = {606 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,607 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,608 0x60303050, 0x2010103, 0xce6767a9, 0x562b2b7d,609 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,610 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,611 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,612 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,613 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,614 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,615 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,616 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,617 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,618 0x804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,619 0x30181828, 0x379696a1, 0xa05050f, 0x2f9a9ab5,620 0xe070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,621 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,622 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,623 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,624 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,625 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,626 0xa65353f5, 0xb9d1d168, 0x0, 0xc1eded2c,627 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,628 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,629 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,630 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,631 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,632 0x8a4545cf, 0xe9f9f910, 0x4020206, 0xfe7f7f81,633 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,634 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x58f8f8a,635 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,636 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,637 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,638 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,639 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,640 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,641 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,642 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,643 0x44222266, 0x542a2a7e, 0x3b9090ab, 0xb888883,644 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,645 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,646 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,647 0x924949db, 0xc06060a, 0x4824246c, 0xb85c5ce4,648 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,649 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,650 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,651 0x18d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,652 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,653 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,654 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,655 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,656 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,657 0x964b4bdd, 0x61bdbddc, 0xd8b8b86, 0xf8a8a85,658 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,659 0x904848d8, 0x6030305, 0xf7f6f601, 0x1c0e0e12,660 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,661 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,662 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,663 0xd26969bb, 0xa9d9d970, 0x78e8e89, 0x339494a7,664 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,665 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,666 0x38c8c8f, 0x59a1a1f8, 0x9898980, 0x1a0d0d17,667 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,668 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,669 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a,605 static const uint32_t T0[256] = { 606 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 607 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, 608 0x60303050, 0x2010103, 0xce6767a9, 0x562b2b7d, 609 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 610 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87, 611 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, 612 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 613 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b, 614 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, 615 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 616 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108, 617 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, 618 0x804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 619 0x30181828, 0x379696a1, 0xa05050f, 0x2f9a9ab5, 620 0xe070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, 621 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, 622 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e, 623 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, 624 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 625 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497, 626 0xa65353f5, 0xb9d1d168, 0x0, 0xc1eded2c, 627 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 628 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b, 629 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, 630 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 631 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594, 632 0x8a4545cf, 0xe9f9f910, 0x4020206, 0xfe7f7f81, 633 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, 634 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x58f8f8a, 635 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, 636 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 637 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d, 638 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, 639 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, 640 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47, 641 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, 642 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 643 0x44222266, 0x542a2a7e, 0x3b9090ab, 0xb888883, 644 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, 645 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, 646 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e, 647 0x924949db, 0xc06060a, 0x4824246c, 0xb85c5ce4, 648 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 649 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b, 650 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, 651 0x18d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 652 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25, 653 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, 654 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 655 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651, 656 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, 657 0x964b4bdd, 0x61bdbddc, 0xd8b8b86, 0xf8a8a85, 658 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa, 659 0x904848d8, 0x6030305, 0xf7f6f601, 0x1c0e0e12, 660 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 661 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9, 662 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, 663 0xd26969bb, 0xa9d9d970, 0x78e8e89, 0x339494a7, 664 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920, 665 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, 666 0x38c8c8f, 0x59a1a1f8, 0x9898980, 0x1a0d0d17, 667 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8, 668 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, 669 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a, 670 670 }; 671 671 672 static uint32_t T1[256] = {673 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,674 0xdfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,675 0x50603030, 0x3020101, 0xa9ce6767, 0x7d562b2b,676 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676,677 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d,678 0x15effafa, 0xebb25959, 0xc98e4747, 0xbfbf0f0,679 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf,680 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0,681 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626,682 0x5a6c3636, 0x417e3f3f, 0x2f5f7f7, 0x4f83cccc,683 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x8f9f1f1,684 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515,685 0xc080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3,686 0x28301818, 0xa1379696, 0xf0a0505, 0xb52f9a9a,687 0x90e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2,688 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575,689 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a,690 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0,691 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3,692 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484,693 0xf5a65353, 0x68b9d1d1, 0x0, 0x2cc1eded,694 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b,695 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939,696 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf,697 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb,698 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585,699 0xcf8a4545, 0x10e9f9f9, 0x6040202, 0x81fe7f7f,700 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8,701 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f,702 0xad3f9292, 0xbc219d9d, 0x48703838, 0x4f1f5f5,703 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121,704 0x30201010, 0x1ae5ffff, 0xefdf3f3, 0x6dbfd2d2,705 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec,706 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717,707 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d,708 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373,709 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc,710 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888,711 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414,712 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb,713 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a,714 0xdb924949, 0xa0c0606, 0x6c482424, 0xe4b85c5c,715 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262,716 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979,717 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d,718 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9,719 0xb4d86c6c, 0xfaac5656, 0x7f3f4f4, 0x25cfeaea,720 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808,721 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e,722 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6,723 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f,724 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a,725 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666,726 0xd8904848, 0x5060303, 0x1f7f6f6, 0x121c0e0e,727 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9,728 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e,729 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111,730 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494,731 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9,732 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf,733 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d,734 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868,735 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f,736 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616,672 static const uint32_t T1[256] = { 673 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, 674 0xdfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, 675 0x50603030, 0x3020101, 0xa9ce6767, 0x7d562b2b, 676 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676, 677 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d, 678 0x15effafa, 0xebb25959, 0xc98e4747, 0xbfbf0f0, 679 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf, 680 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0, 681 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626, 682 0x5a6c3636, 0x417e3f3f, 0x2f5f7f7, 0x4f83cccc, 683 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x8f9f1f1, 684 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515, 685 0xc080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3, 686 0x28301818, 0xa1379696, 0xf0a0505, 0xb52f9a9a, 687 0x90e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2, 688 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575, 689 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a, 690 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0, 691 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3, 692 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484, 693 0xf5a65353, 0x68b9d1d1, 0x0, 0x2cc1eded, 694 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b, 695 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939, 696 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf, 697 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb, 698 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585, 699 0xcf8a4545, 0x10e9f9f9, 0x6040202, 0x81fe7f7f, 700 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8, 701 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f, 702 0xad3f9292, 0xbc219d9d, 0x48703838, 0x4f1f5f5, 703 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121, 704 0x30201010, 0x1ae5ffff, 0xefdf3f3, 0x6dbfd2d2, 705 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec, 706 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717, 707 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d, 708 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373, 709 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc, 710 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888, 711 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414, 712 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb, 713 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a, 714 0xdb924949, 0xa0c0606, 0x6c482424, 0xe4b85c5c, 715 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262, 716 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979, 717 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d, 718 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9, 719 0xb4d86c6c, 0xfaac5656, 0x7f3f4f4, 0x25cfeaea, 720 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808, 721 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e, 722 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6, 723 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f, 724 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a, 725 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666, 726 0xd8904848, 0x5060303, 0x1f7f6f6, 0x121c0e0e, 727 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9, 728 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e, 729 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111, 730 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494, 731 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9, 732 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf, 733 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d, 734 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868, 735 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f, 736 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616, 737 737 }; 738 738 739 static uint32_t T2[256] = {740 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b,741 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5,742 0x30506030, 0x1030201, 0x67a9ce67, 0x2b7d562b,743 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76,744 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d,745 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0,746 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af,747 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0,748 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26,749 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc,750 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1,751 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15,752 0x40c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3,753 0x18283018, 0x96a13796, 0x50f0a05, 0x9ab52f9a,754 0x7090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2,755 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75,756 0x91b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a,757 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0,758 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3,759 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384,760 0x53f5a653, 0xd168b9d1, 0x0, 0xed2cc1ed,761 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b,762 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239,763 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf,764 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb,765 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185,766 0x45cf8a45, 0xf910e9f9, 0x2060402, 0x7f81fe7f,767 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8,768 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f,769 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5,770 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221,771 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2,772 0xcd4c81cd, 0xc14180c, 0x13352613, 0xec2fc3ec,773 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17,774 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d,775 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673,776 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc,777 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88,778 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814,779 0xde79a7de, 0x5ee2bc5e, 0xb1d160b, 0xdb76addb,780 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0xa1e140a,781 0x49db9249, 0x60a0c06, 0x246c4824, 0x5ce4b85c,782 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462,783 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279,784 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d,785 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9,786 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea,787 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x8181008,788 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e,789 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6,790 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f,791 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a,792 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66,793 0x48d89048, 0x3050603, 0xf601f7f6, 0xe121c0e,794 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9,795 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e,796 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211,797 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394,798 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9,799 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df,800 0x8c8f038c, 0xa1f859a1, 0x89800989, 0xd171a0d,801 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068,802 0x41c38241, 0x99b02999, 0x2d775a2d, 0xf111e0f,803 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16,739 static const uint32_t T2[256] = { 740 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b, 741 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5, 742 0x30506030, 0x1030201, 0x67a9ce67, 0x2b7d562b, 743 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76, 744 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d, 745 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0, 746 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af, 747 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0, 748 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26, 749 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc, 750 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1, 751 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15, 752 0x40c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3, 753 0x18283018, 0x96a13796, 0x50f0a05, 0x9ab52f9a, 754 0x7090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2, 755 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75, 756 0x91b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a, 757 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0, 758 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3, 759 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384, 760 0x53f5a653, 0xd168b9d1, 0x0, 0xed2cc1ed, 761 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b, 762 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239, 763 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf, 764 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb, 765 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185, 766 0x45cf8a45, 0xf910e9f9, 0x2060402, 0x7f81fe7f, 767 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8, 768 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f, 769 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5, 770 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221, 771 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2, 772 0xcd4c81cd, 0xc14180c, 0x13352613, 0xec2fc3ec, 773 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17, 774 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d, 775 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673, 776 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc, 777 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88, 778 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814, 779 0xde79a7de, 0x5ee2bc5e, 0xb1d160b, 0xdb76addb, 780 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0xa1e140a, 781 0x49db9249, 0x60a0c06, 0x246c4824, 0x5ce4b85c, 782 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462, 783 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279, 784 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d, 785 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9, 786 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea, 787 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x8181008, 788 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e, 789 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6, 790 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f, 791 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a, 792 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66, 793 0x48d89048, 0x3050603, 0xf601f7f6, 0xe121c0e, 794 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9, 795 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e, 796 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211, 797 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394, 798 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9, 799 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df, 800 0x8c8f038c, 0xa1f859a1, 0x89800989, 0xd171a0d, 801 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068, 802 0x41c38241, 0x99b02999, 0x2d775a2d, 0xf111e0f, 803 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16, 804 804 }; 805 805 806 static uint32_t T3[256] = {807 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6,808 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491,809 0x30305060, 0x1010302, 0x6767a9ce, 0x2b2b7d56,810 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec,811 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa,812 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb,813 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45,814 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b,815 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c,816 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83,817 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9,818 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a,819 0x4040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d,820 0x18182830, 0x9696a137, 0x5050f0a, 0x9a9ab52f,821 0x707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf,822 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea,823 0x9091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34,824 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b,825 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d,826 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713,827 0x5353f5a6, 0xd1d168b9, 0x0, 0xeded2cc1,828 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6,829 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72,830 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85,831 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed,832 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411,833 0x4545cf8a, 0xf9f910e9, 0x2020604, 0x7f7f81fe,834 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b,835 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05,836 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1,837 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342,838 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf,839 0xcdcd4c81, 0xc0c1418, 0x13133526, 0xecec2fc3,840 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e,841 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a,842 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6,843 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3,844 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b,845 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28,846 0xdede79a7, 0x5e5ee2bc, 0xb0b1d16, 0xdbdb76ad,847 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0xa0a1e14,848 0x4949db92, 0x6060a0c, 0x24246c48, 0x5c5ce4b8,849 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4,850 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2,851 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da,852 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049,853 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf,854 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x8081810,855 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c,856 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197,857 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e,858 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f,859 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc,860 0x4848d890, 0x3030506, 0xf6f601f7, 0xe0e121c,861 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069,862 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927,863 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322,864 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733,865 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9,866 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5,867 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0xd0d171a,868 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0,869 0x4141c382, 0x9999b029, 0x2d2d775a, 0xf0f111e,870 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c,806 static const uint32_t T3[256] = { 807 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6, 808 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491, 809 0x30305060, 0x1010302, 0x6767a9ce, 0x2b2b7d56, 810 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec, 811 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa, 812 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb, 813 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45, 814 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b, 815 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c, 816 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83, 817 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9, 818 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a, 819 0x4040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d, 820 0x18182830, 0x9696a137, 0x5050f0a, 0x9a9ab52f, 821 0x707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf, 822 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea, 823 0x9091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34, 824 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b, 825 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d, 826 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713, 827 0x5353f5a6, 0xd1d168b9, 0x0, 0xeded2cc1, 828 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6, 829 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72, 830 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85, 831 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed, 832 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411, 833 0x4545cf8a, 0xf9f910e9, 0x2020604, 0x7f7f81fe, 834 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b, 835 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05, 836 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1, 837 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342, 838 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf, 839 0xcdcd4c81, 0xc0c1418, 0x13133526, 0xecec2fc3, 840 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e, 841 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a, 842 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6, 843 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3, 844 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b, 845 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28, 846 0xdede79a7, 0x5e5ee2bc, 0xb0b1d16, 0xdbdb76ad, 847 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0xa0a1e14, 848 0x4949db92, 0x6060a0c, 0x24246c48, 0x5c5ce4b8, 849 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4, 850 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2, 851 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da, 852 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049, 853 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf, 854 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x8081810, 855 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c, 856 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197, 857 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e, 858 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f, 859 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc, 860 0x4848d890, 0x3030506, 0xf6f601f7, 0xe0e121c, 861 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069, 862 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927, 863 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322, 864 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733, 865 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9, 866 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5, 867 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0xd0d171a, 868 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0, 869 0x4141c382, 0x9999b029, 0x2d2d775a, 0xf0f111e, 870 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c, 871 871 }; 872 872 873 static uint32_t U0[256] = {874 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,875 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,876 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,877 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,878 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,879 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,880 0x38f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,881 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,882 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,883 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,884 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,885 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,886 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,887 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,888 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,889 0x302887f2, 0x23bfa5b2, 0x2036aba, 0xed16825c,890 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,891 0x65daf4cd, 0x605bed5, 0xd134621f, 0xc4a6fe8a,892 0x342e539d, 0xa2f355a0, 0x58ae132, 0xa4f6eb75,893 0xb83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,894 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,895 0x91548db5, 0x71c45d05, 0x406d46f, 0x605015ff,896 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,897 0xb0e842bd, 0x7898b88, 0xe7195b38, 0x79c8eedb,898 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x0,899 0x9808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,900 0xfd0efffb, 0xf853856, 0x3daed51e, 0x362d3927,901 0xa0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,902 0xc0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,903 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,904 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,905 0xe090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,906 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,907 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,908 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,909 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,910 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,911 0x1d9e2f4b, 0xdcb230f3, 0xd8652ec, 0x77c1e3d0,912 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,913 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,914 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,915 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,916 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,917 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,918 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,919 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,920 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,921 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,922 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,923 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,924 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,925 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,926 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,927 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,928 0x9d5eea04, 0x18c355d, 0xfa877473, 0xfb0b412e,929 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,930 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,931 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,932 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,933 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,934 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,935 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,936 0x39a80171, 0x80cb3de, 0xd8b4e49c, 0x6456c190,937 0x7bcb8461, 0xd532b670, 0x486c5c74,0xd0b85742873 static const uint32_t U0[256] = { 874 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, 875 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, 876 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25, 877 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, 878 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1, 879 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6, 880 0x38f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, 881 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844, 882 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd, 883 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, 884 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45, 885 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94, 886 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, 887 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a, 888 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5, 889 0x302887f2, 0x23bfa5b2, 0x2036aba, 0xed16825c, 890 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1, 891 0x65daf4cd, 0x605bed5, 0xd134621f, 0xc4a6fe8a, 892 0x342e539d, 0xa2f355a0, 0x58ae132, 0xa4f6eb75, 893 0xb83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051, 894 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46, 895 0x91548db5, 0x71c45d05, 0x406d46f, 0x605015ff, 896 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77, 897 0xb0e842bd, 0x7898b88, 0xe7195b38, 0x79c8eedb, 898 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x0, 899 0x9808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e, 900 0xfd0efffb, 0xf853856, 0x3daed51e, 0x362d3927, 901 0xa0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, 902 0xc0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e, 903 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16, 904 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, 905 0xe090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8, 906 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd, 907 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, 908 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163, 909 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120, 910 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, 911 0x1d9e2f4b, 0xdcb230f3, 0xd8652ec, 0x77c1e3d0, 912 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422, 913 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, 914 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36, 915 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4, 916 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, 917 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5, 918 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3, 919 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, 920 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8, 921 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6, 922 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, 923 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0, 924 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815, 925 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f, 926 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df, 927 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f, 928 0x9d5eea04, 0x18c355d, 0xfa877473, 0xfb0b412e, 929 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713, 930 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89, 931 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, 932 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf, 933 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86, 934 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, 935 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541, 936 0x39a80171, 0x80cb3de, 0xd8b4e49c, 0x6456c190, 937 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 938 938 }; 939 939 940 static uint32_t U1[256] = {941 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e,942 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303,943 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,944 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3,945 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0,946 0x2c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9,947 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259,948 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8,949 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971,950 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a,951 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f,952 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b,953 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8,954 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab,955 0x7b2eb28, 0x32fb5c2, 0x9a86c57b, 0xa5d33708,956 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682,957 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2,958 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe,959 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb,960 0x390b83ec, 0xaa4060ef, 0x65e719f, 0x51bd6e10,961 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd,962 0xb591548d, 0x571c45d, 0x6f0406d4, 0xff605015,963 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e,964 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee,965 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x0,966 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72,967 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39,968 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e,969 0xb10c0a67, 0xf9357e7, 0xd2b4ee96, 0x9e1b9b91,970 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a,971 0xae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17,972 0xb0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9,973 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60,974 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e,975 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1,976 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611,977 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1,978 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3,979 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964,980 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390,981 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b,982 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf,983 0xe42c3a9d, 0xd507892, 0x9b6a5fcc, 0x62547e46,984 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af,985 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512,986 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb,987 0x9cd2678, 0xf46e5918, 0x1ec9ab7, 0xa8834f9a,988 0x65e6956e, 0x7eaaffe6, 0x821bccf, 0xe6ef15e8,989 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c,990 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266,991 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8,992 0x4af10498, 0xf741ecda, 0xe7fcd50, 0x2f1791f6,993 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604,994 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551,995 0x49d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41,996 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647,997 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c,998 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1,999 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737,1000 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db,1001 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340,1002 0x72161dc3, 0xcbce225, 0x8b283c49, 0x41ff0d95,1003 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1,1004 0x617bcb84, 0x70d532b6, 0x74486c5c,0x42d0b857940 static const uint32_t U1[256] = { 941 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, 942 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, 943 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c, 944 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3, 945 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0, 946 0x2c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9, 947 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259, 948 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8, 949 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971, 950 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a, 951 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f, 952 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b, 953 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8, 954 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab, 955 0x7b2eb28, 0x32fb5c2, 0x9a86c57b, 0xa5d33708, 956 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682, 957 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2, 958 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe, 959 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb, 960 0x390b83ec, 0xaa4060ef, 0x65e719f, 0x51bd6e10, 961 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd, 962 0xb591548d, 0x571c45d, 0x6f0406d4, 0xff605015, 963 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e, 964 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee, 965 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x0, 966 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72, 967 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39, 968 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e, 969 0xb10c0a67, 0xf9357e7, 0xd2b4ee96, 0x9e1b9b91, 970 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a, 971 0xae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17, 972 0xb0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9, 973 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60, 974 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e, 975 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1, 976 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611, 977 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1, 978 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3, 979 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964, 980 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390, 981 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b, 982 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf, 983 0xe42c3a9d, 0xd507892, 0x9b6a5fcc, 0x62547e46, 984 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af, 985 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512, 986 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb, 987 0x9cd2678, 0xf46e5918, 0x1ec9ab7, 0xa8834f9a, 988 0x65e6956e, 0x7eaaffe6, 0x821bccf, 0xe6ef15e8, 989 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c, 990 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266, 991 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8, 992 0x4af10498, 0xf741ecda, 0xe7fcd50, 0x2f1791f6, 993 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604, 994 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551, 995 0x49d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41, 996 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647, 997 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c, 998 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1, 999 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737, 1000 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db, 1001 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340, 1002 0x72161dc3, 0xcbce225, 0x8b283c49, 0x41ff0d95, 1003 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1, 1004 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857 1005 1005 }; 1006 1006 1007 static uint32_t U2[256] = {1008 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27,1009 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x3934be3,1010 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502,1011 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562,1012 0x5a49deb1, 0x1b6725ba, 0xe9845ea, 0xc0e15dfe,1013 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3,1014 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552,1015 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9,1016 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9,1017 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce,1018 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253,1019 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908,1020 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b,1021 0xd323ab73, 0x2e2724b, 0x8f57e31f, 0xab2a6655,1022 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x8a5d337,1023 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16,1024 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69,1025 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6,1026 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6,1027 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e,1028 0x8af93e21, 0x63d96dd, 0x5aedd3e, 0xbd464de6,1029 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050,1030 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9,1031 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8,1032 0xa47a17c, 0xfe97c42, 0x1ec9f884, 0x0,1033 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a,1034 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d,1035 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436,1036 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b,1037 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12,1038 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b,1039 0xd0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e,1040 0x198557f1, 0x74caf75, 0xddbbee99, 0x60fda37f,1041 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb,1042 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4,1043 0xdccad731, 0x85104263, 0x22401397, 0x112084c6,1044 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729,1045 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1,1046 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9,1047 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233,1048 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0xb3698d4,1049 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad,1050 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e,1051 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3,1052 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25,1053 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b,1054 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f,1055 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15,1056 0x9bd9bae7, 0x36ce4a6f, 0x9d4ea9f, 0x7cd629b0,1057 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2,1058 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7,1059 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791,1060 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x4dfe496,1061 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665,1062 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b,1063 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6,1064 0x618c9ad7, 0xc7a37a1, 0x148e59f8, 0x3c89eb13,1065 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47,1066 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7,1067 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844,1068 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3,1069 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d,1070 0x17139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456,1071 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b81007 static const uint32_t U2[256] = { 1008 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27, 1009 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x3934be3, 1010 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502, 1011 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562, 1012 0x5a49deb1, 0x1b6725ba, 0xe9845ea, 0xc0e15dfe, 1013 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3, 1014 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552, 1015 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9, 1016 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9, 1017 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce, 1018 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253, 1019 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908, 1020 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b, 1021 0xd323ab73, 0x2e2724b, 0x8f57e31f, 0xab2a6655, 1022 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x8a5d337, 1023 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16, 1024 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69, 1025 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6, 1026 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6, 1027 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e, 1028 0x8af93e21, 0x63d96dd, 0x5aedd3e, 0xbd464de6, 1029 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050, 1030 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9, 1031 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8, 1032 0xa47a17c, 0xfe97c42, 0x1ec9f884, 0x0, 1033 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a, 1034 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d, 1035 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436, 1036 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b, 1037 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12, 1038 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b, 1039 0xd0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e, 1040 0x198557f1, 0x74caf75, 0xddbbee99, 0x60fda37f, 1041 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb, 1042 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4, 1043 0xdccad731, 0x85104263, 0x22401397, 0x112084c6, 1044 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729, 1045 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1, 1046 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9, 1047 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233, 1048 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0xb3698d4, 1049 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad, 1050 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e, 1051 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3, 1052 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25, 1053 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b, 1054 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f, 1055 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15, 1056 0x9bd9bae7, 0x36ce4a6f, 0x9d4ea9f, 0x7cd629b0, 1057 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2, 1058 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7, 1059 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791, 1060 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x4dfe496, 1061 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665, 1062 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b, 1063 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6, 1064 0x618c9ad7, 0xc7a37a1, 0x148e59f8, 0x3c89eb13, 1065 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47, 1066 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7, 1067 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844, 1068 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3, 1069 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d, 1070 0x17139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456, 1071 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8 1072 1072 }; 1073 1073 1074 static uint32_t U3[256] = {1075 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a,1076 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b,1077 0x30fa5520, 0x766df6ad, 0xcc769188, 0x24c25f5,1078 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5,1079 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d,1080 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b,1081 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95,1082 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e,1083 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27,1084 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d,1085 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562,1086 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x82b94f9,1087 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752,1088 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66,1089 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3,1090 0x2887f230, 0xbfa5b223, 0x36aba02, 0x16825ced,1091 0xcf1c2b8a, 0x79b492a7, 0x7f2f0f3, 0x69e2a14e,1092 0xdaf4cd65, 0x5bed506, 0x34621fd1, 0xa6fe8ac4,1093 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4,1094 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd,1095 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d,1096 0x548db591, 0xc45d0571, 0x6d46f04, 0x5015ff60,1097 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767,1098 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79,1099 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x0,1100 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c,1101 0xefffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736,1102 0xfd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24,1103 0xa67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b,1104 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c,1105 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12,1106 0x90d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814,1107 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3,1108 0x1269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b,1109 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8,1110 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084,1111 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7,1112 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077,1113 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247,1114 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22,1115 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698,1116 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f,1117 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254,1118 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582,1119 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf,1120 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb,1121 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883,1122 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef,1123 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629,1124 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035,1125 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533,1126 0x4984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17,1127 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4,1128 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46,1129 0x5eea049d, 0x8c355d01, 0x877473fa, 0xb412efb,1130 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d,1131 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb,1132 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a,1133 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73,1134 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678,1135 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2,1136 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0xd9541ff,1137 0xa8017139, 0xcb3de08, 0xb4e49cd8, 0x56c19064,1138 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d01074 static const uint32_t U3[256] = { 1075 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a, 1076 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b, 1077 0x30fa5520, 0x766df6ad, 0xcc769188, 0x24c25f5, 1078 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5, 1079 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d, 1080 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b, 1081 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95, 1082 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e, 1083 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27, 1084 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d, 1085 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562, 1086 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x82b94f9, 1087 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752, 1088 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66, 1089 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3, 1090 0x2887f230, 0xbfa5b223, 0x36aba02, 0x16825ced, 1091 0xcf1c2b8a, 0x79b492a7, 0x7f2f0f3, 0x69e2a14e, 1092 0xdaf4cd65, 0x5bed506, 0x34621fd1, 0xa6fe8ac4, 1093 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4, 1094 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd, 1095 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d, 1096 0x548db591, 0xc45d0571, 0x6d46f04, 0x5015ff60, 1097 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767, 1098 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79, 1099 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x0, 1100 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c, 1101 0xefffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736, 1102 0xfd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24, 1103 0xa67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b, 1104 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c, 1105 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12, 1106 0x90d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814, 1107 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3, 1108 0x1269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b, 1109 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8, 1110 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084, 1111 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7, 1112 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077, 1113 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247, 1114 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22, 1115 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698, 1116 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f, 1117 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254, 1118 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582, 1119 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf, 1120 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb, 1121 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883, 1122 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef, 1123 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629, 1124 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035, 1125 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533, 1126 0x4984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17, 1127 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4, 1128 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46, 1129 0x5eea049d, 0x8c355d01, 0x877473fa, 0xb412efb, 1130 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d, 1131 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb, 1132 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a, 1133 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73, 1134 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678, 1135 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2, 1136 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0xd9541ff, 1137 0xa8017139, 0xcb3de08, 0xb4e49cd8, 0x56c19064, 1138 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0 1139 1139 }; 1140 1140 1141 1141 #endif 1142 1142 1143 /* 1143 /* 1144 1144 * the following tables (aes_sbox, aes_inv_sbox, T4, U4) are 1145 * endian-neutral 1145 * endian-neutral 1146 1146 */ 1147 1147 1148 static uint8_t1149 aes_sbox[256] = {1150 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,1151 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,1152 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,1153 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,1154 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,1155 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,1156 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,1157 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,1158 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,1159 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,1160 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,1161 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,1162 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,1163 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,1164 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,1165 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,1166 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,1167 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,1168 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,1169 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,1170 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,1171 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,1172 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,1173 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,1174 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,1175 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,1176 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,1177 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,1178 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,1179 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,1180 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,1181 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x161148 static const uint8_t 1149 aes_sbox[256] = { 1150 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 1151 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 1152 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 1153 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 1154 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 1155 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 1156 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 1157 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 1158 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 1159 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 1160 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 1161 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 1162 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 1163 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 1164 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 1165 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 1166 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 1167 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 1168 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 1169 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 1170 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 1171 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 1172 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 1173 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 1174 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 1175 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 1176 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 1177 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 1178 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 1179 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 1180 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 1181 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 1182 1182 }; 1183 1183 1184 1184 #ifndef CPU_RISC 1185 static uint8_t1186 aes_inv_sbox[256] = {1187 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,1188 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,1189 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,1190 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,1191 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,1192 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,1193 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,1194 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,1195 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,1196 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,1197 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,1198 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,1199 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,1200 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,1201 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,1202 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,1203 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,1204 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,1205 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,1206 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,1207 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,1208 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,1209 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,1210 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,1211 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,1212 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,1213 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,1214 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,1215 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,1216 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,1217 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,1218 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d1185 static const uint8_t 1186 aes_inv_sbox[256] = { 1187 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 1188 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, 1189 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 1190 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, 1191 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 1192 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, 1193 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 1194 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, 1195 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 1196 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, 1197 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 1198 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, 1199 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 1200 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, 1201 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 1202 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, 1203 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 1204 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, 1205 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 1206 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, 1207 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 1208 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, 1209 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 1210 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, 1211 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 1212 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, 1213 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 1214 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, 1215 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 1216 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, 1217 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 1218 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d 1219 1219 }; 1220 1220 #endif /* ! CPU_RISC */ 1221 1221 1222 1222 #ifdef CPU_RISC 1223 static uint32_t1224 T4[256] = { 1225 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b,1226 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5,1227 0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b,1228 0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676,1229 0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d,1230 0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0,1231 0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf,1232 0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0,1233 0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626,1234 0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc,1235 0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1,1236 0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515,1237 0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3,1238 0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a,1239 0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2,1240 0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575,1241 0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a,1242 0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0,1243 0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3,1244 0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484,1245 0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed,1246 0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b,1247 0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939,1248 0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf,1249 0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb,1250 0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585,1251 0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f,1252 0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8,1253 0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f,1254 0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5,1255 0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121,1256 0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2,1257 0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec,1258 0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717,1259 0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d,1260 0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373,1261 0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc,1262 0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888,1263 0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414,1264 0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb,1265 0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a,1266 0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c,1267 0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262,1268 0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979,1269 0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d,1270 0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9,1271 0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea,1272 0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808,1273 0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e,1274 0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6,1275 0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f,1276 0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a,1277 0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666,1278 0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e,1279 0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9,1280 0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e,1281 0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111,1282 0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494,1283 0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9,1284 0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf,1285 0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d,1286 0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868,1287 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f,1288 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x161616161223 static const uint32_t 1224 T4[256] = { 1225 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b, 1226 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5, 1227 0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b, 1228 0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676, 1229 0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d, 1230 0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0, 1231 0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf, 1232 0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0, 1233 0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626, 1234 0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc, 1235 0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1, 1236 0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515, 1237 0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3, 1238 0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a, 1239 0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2, 1240 0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575, 1241 0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a, 1242 0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0, 1243 0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3, 1244 0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484, 1245 0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed, 1246 0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b, 1247 0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939, 1248 0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf, 1249 0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb, 1250 0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585, 1251 0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f, 1252 0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8, 1253 0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f, 1254 0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5, 1255 0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121, 1256 0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2, 1257 0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec, 1258 0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717, 1259 0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d, 1260 0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373, 1261 0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc, 1262 0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888, 1263 0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414, 1264 0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb, 1265 0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a, 1266 0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c, 1267 0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262, 1268 0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979, 1269 0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d, 1270 0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9, 1271 0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea, 1272 0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808, 1273 0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e, 1274 0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6, 1275 0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f, 1276 0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a, 1277 0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666, 1278 0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e, 1279 0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9, 1280 0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e, 1281 0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111, 1282 0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494, 1283 0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9, 1284 0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf, 1285 0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d, 1286 0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868, 1287 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f, 1288 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616 1289 1289 }; 1290 1290 1291 static uint32_t U4[256] = {1292 0x52525252, 0x9090909, 0x6a6a6a6a, 0xd5d5d5d5,1293 0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838,1294 0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e,1295 0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb,1296 0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282,1297 0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787,1298 0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444,1299 0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb,1300 0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232,1301 0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d,1302 0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0xb0b0b0b,1303 0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e,1304 0x8080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666,1305 0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2,1306 0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949,1307 0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525,1308 0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464,1309 0x86868686, 0x68686868, 0x98989898, 0x16161616,1310 0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc,1311 0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292,1312 0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050,1313 0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada,1314 0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757,1315 0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484,1316 0x90909090, 0xd8d8d8d8, 0xabababab, 0x0,1317 0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0xa0a0a0a,1318 0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x5050505,1319 0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x6060606,1320 0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f,1321 0xcacacaca, 0x3f3f3f3f, 0xf0f0f0f, 0x2020202,1322 0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x3030303,1323 0x1010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b,1324 0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141,1325 0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea,1326 0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece,1327 0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373,1328 0x96969696, 0xacacacac, 0x74747474, 0x22222222,1329 0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585,1330 0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8,1331 0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e,1332 0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171,1333 0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989,1334 0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0xe0e0e0e,1335 0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b,1336 0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b,1337 0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020,1338 0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe,1339 0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4,1340 0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333,1341 0x88888888, 0x7070707, 0xc7c7c7c7, 0x31313131,1342 0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959,1343 0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f,1344 0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9,1345 0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0xd0d0d0d,1346 0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f,1347 0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef,1348 0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d,1349 0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0,1350 0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c,1351 0x83838383, 0x53535353, 0x99999999, 0x61616161,1352 0x17171717, 0x2b2b2b2b, 0x4040404, 0x7e7e7e7e,1353 0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626,1354 0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363,1355 0x55555555, 0x21212121, 0xc0c0c0c,0x7d7d7d7d1291 static const uint32_t U4[256] = { 1292 0x52525252, 0x9090909, 0x6a6a6a6a, 0xd5d5d5d5, 1293 0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838, 1294 0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e, 1295 0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb, 1296 0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282, 1297 0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787, 1298 0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444, 1299 0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb, 1300 0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232, 1301 0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d, 1302 0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0xb0b0b0b, 1303 0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e, 1304 0x8080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666, 1305 0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2, 1306 0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949, 1307 0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525, 1308 0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464, 1309 0x86868686, 0x68686868, 0x98989898, 0x16161616, 1310 0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc, 1311 0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292, 1312 0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050, 1313 0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada, 1314 0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757, 1315 0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484, 1316 0x90909090, 0xd8d8d8d8, 0xabababab, 0x0, 1317 0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0xa0a0a0a, 1318 0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x5050505, 1319 0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x6060606, 1320 0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f, 1321 0xcacacaca, 0x3f3f3f3f, 0xf0f0f0f, 0x2020202, 1322 0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x3030303, 1323 0x1010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b, 1324 0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141, 1325 0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea, 1326 0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece, 1327 0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373, 1328 0x96969696, 0xacacacac, 0x74747474, 0x22222222, 1329 0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585, 1330 0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8, 1331 0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e, 1332 0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171, 1333 0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989, 1334 0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0xe0e0e0e, 1335 0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b, 1336 0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b, 1337 0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020, 1338 0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe, 1339 0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4, 1340 0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333, 1341 0x88888888, 0x7070707, 0xc7c7c7c7, 0x31313131, 1342 0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959, 1343 0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f, 1344 0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9, 1345 0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0xd0d0d0d, 1346 0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f, 1347 0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef, 1348 0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d, 1349 0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0, 1350 0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c, 1351 0x83838383, 0x53535353, 0x99999999, 0x61616161, 1352 0x17171717, 0x2b2b2b2b, 0x4040404, 0x7e7e7e7e, 1353 0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626, 1354 0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363, 1355 0x55555555, 0x21212121, 0xc0c0c0c, 0x7d7d7d7d 1356 1356 }; 1357 1357 #endif /* CPU_RISC */ 1358 1358 1359 #define gf2_8_field_polynomial 0x1B 1360 /* 1361 * gf2_8_shift(z) returns the result of the GF(2^8) 'multiply by x' 1362 * operation, using the field representation from AES; that is, the 1363 * next gf2_8 value in the cyclic representation of that field. The 1364 * value z should be an uint8_t. 1365 */ 1366 #define gf2_8_shift(z) (((z) & 128) ? \ 1367 (((z) << 1) ^ gf2_8_field_polynomial) : ((z) << 1)) 1359 1368 1360 1369 /* aes internals */ 1361 1370 1362 extern debug_module_tmod_aes_icm;1371 extern srtp_debug_module_t srtp_mod_aes_icm; 1363 1372 1364 1373 static void 1365 aes_128_expand_encryption_key(const uint8_t *key, 1366 aes_expanded_key_t *expanded_key) { 1367 int i; 1368 gf2_8 rc; 1369 1370 /* initialize round constant */ 1371 rc = 1; 1372 1373 expanded_key->num_rounds = 10; 1374 1375 v128_copy_octet_string(&expanded_key->round[0], key); 1374 aes_128_expand_encryption_key (const uint8_t *key, 1375 srtp_aes_expanded_key_t *expanded_key) 1376 { 1377 int i; 1378 uint8_t rc; 1379 1380 /* initialize round constant */ 1381 rc = 1; 1382 1383 expanded_key->num_rounds = 10; 1384 1385 v128_copy_octet_string(&expanded_key->round[0], key); 1376 1386 1377 1387 #if 0 1378 debug_print(mod_aes_icm,1379 "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0])); 1388 debug_print(srtp_mod_aes_icm, 1389 "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0])); 1380 1390 #endif 1381 1391 1382 /* loop over round keys */1383 for (i=1; i < 11; i++) {1384 1385 /* munge first word of round key */1386 expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[13]] ^ rc;1387 expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[14]];1388 expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[15]];1389 expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[12]];1390 1391 expanded_key->round[i].v32[0] ^= expanded_key->round[i-1].v32[0];1392 1393 /* set remaining 32 bit words to the exor of the one previous with1394 * the one four words previous */1395 1396 expanded_key->round[i].v32[1] =1397 expanded_key->round[i].v32[0] ^ expanded_key->round[i-1].v32[1];1398 1399 expanded_key->round[i].v32[2] =1400 expanded_key->round[i].v32[1] ^ expanded_key->round[i-1].v32[2];1401 1402 expanded_key->round[i].v32[3] =1403 expanded_key->round[i].v32[2] ^ expanded_key->round[i-1].v32[3];1392 /* loop over round keys */ 1393 for (i = 1; i < 11; i++) { 1394 1395 /* munge first word of round key */ 1396 expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i - 1].v8[13]] ^ rc; 1397 expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i - 1].v8[14]]; 1398 expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i - 1].v8[15]]; 1399 expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i - 1].v8[12]]; 1400 1401 expanded_key->round[i].v32[0] ^= expanded_key->round[i - 1].v32[0]; 1402 1403 /* set remaining 32 bit words to the exor of the one previous with 1404 * the one four words previous */ 1405 1406 expanded_key->round[i].v32[1] = 1407 expanded_key->round[i].v32[0] ^ expanded_key->round[i - 1].v32[1]; 1408 1409 expanded_key->round[i].v32[2] = 1410 expanded_key->round[i].v32[1] ^ expanded_key->round[i - 1].v32[2]; 1411 1412 expanded_key->round[i].v32[3] = 1413 expanded_key->round[i].v32[2] ^ expanded_key->round[i - 1].v32[3]; 1404 1414 1405 1415 #if 0 1406 debug_print2(mod_aes_icm, 1407 "expanded key[%d]: %s", i,v128_hex_string(&expanded_key->round[i])); 1416 debug_print2(srtp_mod_aes_icm, 1417 "expanded key[%d]: %s", i, v128_hex_string(&expanded_key->round[i])); 1408 1418 #endif 1409 1419 1410 /* modify round constant */1411 rc = gf2_8_shift(rc);1412 1413 }1420 /* modify round constant */ 1421 rc = gf2_8_shift(rc); 1422 1423 } 1414 1424 } 1415 1425 1416 1426 static void 1417 aes_256_expand_encryption_key(const unsigned char *key, 1418 aes_expanded_key_t *expanded_key) { 1419 int i; 1420 gf2_8 rc; 1421 1422 /* initialize round constant */ 1423 rc = 1; 1424 1425 expanded_key->num_rounds = 14; 1426 1427 v128_copy_octet_string(&expanded_key->round[0], key); 1428 v128_copy_octet_string(&expanded_key->round[1], key+16); 1427 aes_256_expand_encryption_key (const unsigned char *key, 1428 srtp_aes_expanded_key_t *expanded_key) 1429 { 1430 int i; 1431 uint8_t rc; 1432 1433 /* initialize round constant */ 1434 rc = 1; 1435 1436 expanded_key->num_rounds = 14; 1437 1438 v128_copy_octet_string(&expanded_key->round[0], key); 1439 v128_copy_octet_string(&expanded_key->round[1], key + 16); 1429 1440 1430 1441 #if 0 1431 debug_print(mod_aes_icm,1432 "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0])); 1433 debug_print(mod_aes_icm,1434 "expanded key[1]: %s", v128_hex_string(&expanded_key->round[1])); 1442 debug_print(srtp_mod_aes_icm, 1443 "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0])); 1444 debug_print(srtp_mod_aes_icm, 1445 "expanded key[1]: %s", v128_hex_string(&expanded_key->round[1])); 1435 1446 #endif 1436 1447 1437 /* loop over rest of round keys */ 1438 for (i=2; i < 15; i++) { 1439 1440 /* munge first word of round key */ 1441 if ((i & 1) == 0) { 1442 expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[13]] ^ rc; 1443 expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[14]]; 1444 expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[15]]; 1445 expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[12]]; 1446 1447 /* modify round constant */ 1448 rc = gf2_8_shift(rc); 1448 /* loop over rest of round keys */ 1449 for (i = 2; i < 15; i++) { 1450 1451 /* munge first word of round key */ 1452 if ((i & 1) == 0) { 1453 expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i - 1].v8[13]] ^ rc; 1454 expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i - 1].v8[14]]; 1455 expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i - 1].v8[15]]; 1456 expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i - 1].v8[12]]; 1457 1458 /* modify round constant */ 1459 rc = gf2_8_shift(rc); 1460 }else { 1461 expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i - 1].v8[12]]; 1462 expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i - 1].v8[13]]; 1463 expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i - 1].v8[14]]; 1464 expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i - 1].v8[15]]; 1465 } 1466 1467 expanded_key->round[i].v32[0] ^= expanded_key->round[i - 2].v32[0]; 1468 1469 /* set remaining 32 bit words to the exor of the one previous with 1470 * the one eight words previous */ 1471 1472 expanded_key->round[i].v32[1] = 1473 expanded_key->round[i].v32[0] ^ expanded_key->round[i - 2].v32[1]; 1474 1475 expanded_key->round[i].v32[2] = 1476 expanded_key->round[i].v32[1] ^ expanded_key->round[i - 2].v32[2]; 1477 1478 expanded_key->round[i].v32[3] = 1479 expanded_key->round[i].v32[2] ^ expanded_key->round[i - 2].v32[3]; 1480 1481 #if 0 1482 debug_print2(srtp_mod_aes_icm, 1483 "expanded key[%d]: %s", i, v128_hex_string(&expanded_key->round[i])); 1484 #endif 1485 1449 1486 } 1450 else { 1451 expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[12]]; 1452 expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[13]]; 1453 expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[14]]; 1454 expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[15]]; 1487 } 1488 1489 srtp_err_status_t srtp_aes_expand_encryption_key (const uint8_t *key, 1490 int key_len, 1491 srtp_aes_expanded_key_t *expanded_key) 1492 { 1493 if (key_len == 16) { 1494 aes_128_expand_encryption_key(key, expanded_key); 1495 return srtp_err_status_ok; 1496 }else if (key_len == 24) { 1497 /* AES-192 not yet supported */ 1498 return srtp_err_status_bad_param; 1499 }else if (key_len == 32) { 1500 aes_256_expand_encryption_key(key, expanded_key); 1501 return srtp_err_status_ok; 1502 }else { 1503 return srtp_err_status_bad_param; 1455 1504 } 1456 1457 expanded_key->round[i].v32[0] ^= expanded_key->round[i-2].v32[0]; 1458 1459 /* set remaining 32 bit words to the exor of the one previous with 1460 * the one eight words previous */ 1461 1462 expanded_key->round[i].v32[1] = 1463 expanded_key->round[i].v32[0] ^ expanded_key->round[i-2].v32[1]; 1464 1465 expanded_key->round[i].v32[2] = 1466 expanded_key->round[i].v32[1] ^ expanded_key->round[i-2].v32[2]; 1467 1468 expanded_key->round[i].v32[3] = 1469 expanded_key->round[i].v32[2] ^ expanded_key->round[i-2].v32[3]; 1470 1471 #if 0 1472 debug_print2(mod_aes_icm, 1473 "expanded key[%d]: %s", i,v128_hex_string(&expanded_key->round[i])); 1505 } 1506 1507 srtp_err_status_t srtp_aes_expand_decryption_key (const uint8_t *key, 1508 int key_len, 1509 srtp_aes_expanded_key_t *expanded_key) 1510 { 1511 int i; 1512 srtp_err_status_t status; 1513 int num_rounds = expanded_key->num_rounds; 1514 1515 status = srtp_aes_expand_encryption_key(key, key_len, expanded_key); 1516 if (status) { 1517 return status; 1518 } 1519 1520 /* invert the order of the round keys */ 1521 for (i = 0; i < num_rounds / 2; i++) { 1522 v128_t tmp; 1523 v128_copy(&tmp, &expanded_key->round[num_rounds - i]); 1524 v128_copy(&expanded_key->round[num_rounds - i], &expanded_key->round[i]); 1525 v128_copy(&expanded_key->round[i], &tmp); 1526 } 1527 1528 /* 1529 * apply the inverse mixColumn transform to the round keys (except 1530 * for the first and the last) 1531 * 1532 * mixColumn is implemented by using the tables U0, U1, U2, U3, 1533 * followed by the T4 table (which cancels out the use of the sbox 1534 * in the U-tables) 1535 */ 1536 for (i = 1; i < num_rounds; i++) { 1537 #ifdef CPU_RISC 1538 uint32_t tmp; 1539 1540 #ifdef WORDS_BIGENDIAN 1541 tmp = expanded_key->round[i].v32[0]; 1542 expanded_key->round[i].v32[0] = 1543 U0[T4[(tmp >> 24) ] & 0xff] ^ 1544 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1545 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1546 U3[T4[(tmp) & 0xff] & 0xff]; 1547 1548 tmp = expanded_key->round[i].v32[1]; 1549 expanded_key->round[i].v32[1] = 1550 U0[T4[(tmp >> 24) ] & 0xff] ^ 1551 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1552 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1553 U3[T4[(tmp) & 0xff] & 0xff]; 1554 1555 tmp = expanded_key->round[i].v32[2]; 1556 expanded_key->round[i].v32[2] = 1557 U0[T4[(tmp >> 24) ] & 0xff] ^ 1558 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1559 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1560 U3[T4[(tmp) & 0xff] & 0xff]; 1561 1562 tmp = expanded_key->round[i].v32[3]; 1563 expanded_key->round[i].v32[3] = 1564 U0[T4[(tmp >> 24) ] & 0xff] ^ 1565 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1566 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1567 U3[T4[(tmp) & 0xff] & 0xff]; 1568 #else 1569 tmp = expanded_key->round[i].v32[0]; 1570 expanded_key->round[i].v32[0] = 1571 U3[T4[(tmp >> 24) ] & 0xff] ^ 1572 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1573 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1574 U0[T4[(tmp) & 0xff] & 0xff]; 1575 1576 tmp = expanded_key->round[i].v32[1]; 1577 expanded_key->round[i].v32[1] = 1578 U3[T4[(tmp >> 24) ] & 0xff] ^ 1579 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1580 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1581 U0[T4[(tmp) & 0xff] & 0xff]; 1582 1583 tmp = expanded_key->round[i].v32[2]; 1584 expanded_key->round[i].v32[2] = 1585 U3[T4[(tmp >> 24) ] & 0xff] ^ 1586 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1587 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1588 U0[T4[(tmp) & 0xff] & 0xff]; 1589 1590 tmp = expanded_key->round[i].v32[3]; 1591 expanded_key->round[i].v32[3] = 1592 U3[T4[(tmp >> 24) ] & 0xff] ^ 1593 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1594 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1595 U0[T4[(tmp) & 0xff] & 0xff]; 1596 #endif /* WORDS_BIGENDIAN */ 1597 1598 #else /* assume CPU_CISC */ 1599 1600 uint32_t c0, c1, c2, c3; 1601 1602 c0 = U0[aes_sbox[expanded_key->round[i].v8[0]]] 1603 ^ U1[aes_sbox[expanded_key->round[i].v8[1]]] 1604 ^ U2[aes_sbox[expanded_key->round[i].v8[2]]] 1605 ^ U3[aes_sbox[expanded_key->round[i].v8[3]]]; 1606 1607 c1 = U0[aes_sbox[expanded_key->round[i].v8[4]]] 1608 ^ U1[aes_sbox[expanded_key->round[i].v8[5]]] 1609 ^ U2[aes_sbox[expanded_key->round[i].v8[6]]] 1610 ^ U3[aes_sbox[expanded_key->round[i].v8[7]]]; 1611 1612 c2 = U0[aes_sbox[expanded_key->round[i].v8[8]]] 1613 ^ U1[aes_sbox[expanded_key->round[i].v8[9]]] 1614 ^ U2[aes_sbox[expanded_key->round[i].v8[10]]] 1615 ^ U3[aes_sbox[expanded_key->round[i].v8[11]]]; 1616 1617 c3 = U0[aes_sbox[expanded_key->round[i].v8[12]]] 1618 ^ U1[aes_sbox[expanded_key->round[i].v8[13]]] 1619 ^ U2[aes_sbox[expanded_key->round[i].v8[14]]] 1620 ^ U3[aes_sbox[expanded_key->round[i].v8[15]]]; 1621 1622 expanded_key->round[i].v32[0] = c0; 1623 expanded_key->round[i].v32[1] = c1; 1624 expanded_key->round[i].v32[2] = c2; 1625 expanded_key->round[i].v32[3] = c3; 1626 1474 1627 #endif 1475 1476 } 1628 } 1629 1630 return srtp_err_status_ok; 1477 1631 } 1478 1632 1479 err_status_t 1480 aes_expand_encryption_key(const uint8_t *key, 1481 int key_len, 1482 aes_expanded_key_t *expanded_key) { 1483 if (key_len == 16) { 1484 aes_128_expand_encryption_key(key, expanded_key); 1485 return err_status_ok; 1486 } 1487 else if (key_len == 24) { 1488 /* AES-192 not yet supported */ 1489 return err_status_bad_param; 1490 } 1491 else if (key_len == 32) { 1492 aes_256_expand_encryption_key(key, expanded_key); 1493 return err_status_ok; 1494 } 1495 else 1496 return err_status_bad_param; 1633 #ifdef CPU_CISC 1634 1635 1636 static inline void aes_round (v128_t *state, const v128_t *round_key) 1637 { 1638 uint32_t column0, column1, column2, column3; 1639 1640 /* compute the columns of the output square in terms of the octets 1641 of state, using the tables T0, T1, T2, T3 */ 1642 1643 column0 = T0[state->v8[0]] ^ T1[state->v8[5]] 1644 ^ T2[state->v8[10]] ^ T3[state->v8[15]]; 1645 1646 column1 = T0[state->v8[4]] ^ T1[state->v8[9]] 1647 ^ T2[state->v8[14]] ^ T3[state->v8[3]]; 1648 1649 column2 = T0[state->v8[8]] ^ T1[state->v8[13]] 1650 ^ T2[state->v8[2]] ^ T3[state->v8[7]]; 1651 1652 column3 = T0[state->v8[12]] ^ T1[state->v8[1]] 1653 ^ T2[state->v8[6]] ^ T3[state->v8[11]]; 1654 1655 state->v32[0] = column0 ^ round_key->v32[0]; 1656 state->v32[1] = column1 ^ round_key->v32[1]; 1657 state->v32[2] = column2 ^ round_key->v32[2]; 1658 state->v32[3] = column3 ^ round_key->v32[3]; 1659 1497 1660 } 1498 1661 1499 err_status_t 1500 aes_expand_decryption_key(const uint8_t *key, 1501 int key_len, 1502 aes_expanded_key_t *expanded_key) { 1503 int i; 1504 err_status_t status; 1505 int num_rounds = expanded_key->num_rounds; 1506 1507 status = aes_expand_encryption_key(key, key_len, expanded_key); 1508 if (status) 1509 return status; 1510 1511 /* invert the order of the round keys */ 1512 for (i=0; i < num_rounds/2; i++) { 1513 v128_t tmp; 1514 v128_copy(&tmp, &expanded_key->round[num_rounds-i]); 1515 v128_copy(&expanded_key->round[num_rounds-i], &expanded_key->round[i]); 1516 v128_copy(&expanded_key->round[i], &tmp); 1517 } 1518 1519 /* 1520 * apply the inverse mixColumn transform to the round keys (except 1521 * for the first and the last) 1522 * 1523 * mixColumn is implemented by using the tables U0, U1, U2, U3, 1524 * followed by the T4 table (which cancels out the use of the sbox 1525 * in the U-tables) 1526 */ 1527 for (i=1; i < num_rounds; i++) { 1528 #ifdef CPU_RISC 1529 uint32_t tmp; 1530 1662 1663 static inline void aes_inv_round (v128_t *state, const v128_t *round_key) 1664 { 1665 uint32_t column0, column1, column2, column3; 1666 1667 /* compute the columns of the output square in terms of the octets 1668 of state, using the tables U0, U1, U2, U3 */ 1669 1670 column0 = U0[state->v8[0]] ^ U1[state->v8[13]] 1671 ^ U2[state->v8[10]] ^ U3[state->v8[7]]; 1672 1673 column1 = U0[state->v8[4]] ^ U1[state->v8[1]] 1674 ^ U2[state->v8[14]] ^ U3[state->v8[11]]; 1675 1676 column2 = U0[state->v8[8]] ^ U1[state->v8[5]] 1677 ^ U2[state->v8[2]] ^ U3[state->v8[15]]; 1678 1679 column3 = U0[state->v8[12]] ^ U1[state->v8[9]] 1680 ^ U2[state->v8[6]] ^ U3[state->v8[3]]; 1681 1682 state->v32[0] = column0 ^ round_key->v32[0]; 1683 state->v32[1] = column1 ^ round_key->v32[1]; 1684 state->v32[2] = column2 ^ round_key->v32[2]; 1685 state->v32[3] = column3 ^ round_key->v32[3]; 1686 1687 } 1688 1689 static inline void aes_final_round (v128_t *state, const v128_t *round_key) 1690 { 1691 uint8_t tmp; 1692 1693 /* byte substitutions and row shifts */ 1694 /* first row - no shift */ 1695 state->v8[0] = aes_sbox[state->v8[0]]; 1696 state->v8[4] = aes_sbox[state->v8[4]]; 1697 state->v8[8] = aes_sbox[state->v8[8]]; 1698 state->v8[12] = aes_sbox[state->v8[12]]; 1699 1700 /* second row - shift one left */ 1701 tmp = aes_sbox[state->v8[1]]; 1702 state->v8[1] = aes_sbox[state->v8[5]]; 1703 state->v8[5] = aes_sbox[state->v8[9]]; 1704 state->v8[9] = aes_sbox[state->v8[13]]; 1705 state->v8[13] = tmp; 1706 1707 /* third row - shift two left */ 1708 tmp = aes_sbox[state->v8[10]]; 1709 state->v8[10] = aes_sbox[state->v8[2]]; 1710 state->v8[2] = tmp; 1711 tmp = aes_sbox[state->v8[14]]; 1712 state->v8[14] = aes_sbox[state->v8[6]]; 1713 state->v8[6] = tmp; 1714 1715 /* fourth row - shift three left */ 1716 tmp = aes_sbox[state->v8[15]]; 1717 state->v8[15] = aes_sbox[state->v8[11]]; 1718 state->v8[11] = aes_sbox[state->v8[7]]; 1719 state->v8[7] = aes_sbox[state->v8[3]]; 1720 state->v8[3] = tmp; 1721 1722 v128_xor_eq(state, round_key); 1723 } 1724 1725 static inline void aes_inv_final_round (v128_t *state, const v128_t *round_key) 1726 { 1727 uint8_t tmp; 1728 1729 /* byte substitutions and row shifts */ 1730 /* first row - no shift */ 1731 state->v8[0] = aes_inv_sbox[state->v8[0]]; 1732 state->v8[4] = aes_inv_sbox[state->v8[4]]; 1733 state->v8[8] = aes_inv_sbox[state->v8[8]]; 1734 state->v8[12] = aes_inv_sbox[state->v8[12]]; 1735 1736 /* second row - shift one right */ 1737 tmp = aes_inv_sbox[state->v8[13]]; 1738 state->v8[13] = aes_inv_sbox[state->v8[9]]; 1739 state->v8[9] = aes_inv_sbox[state->v8[5]]; 1740 state->v8[5] = aes_inv_sbox[state->v8[1]]; 1741 state->v8[1] = tmp; 1742 1743 /* third row - shift two right */ 1744 tmp = aes_inv_sbox[state->v8[2]]; 1745 state->v8[2] = aes_inv_sbox[state->v8[10]]; 1746 state->v8[10] = tmp; 1747 tmp = aes_inv_sbox[state->v8[6]]; 1748 state->v8[6] = aes_inv_sbox[state->v8[14]]; 1749 state->v8[14] = tmp; 1750 1751 /* fourth row - shift three right */ 1752 tmp = aes_inv_sbox[state->v8[3]]; 1753 state->v8[3] = aes_inv_sbox[state->v8[7]]; 1754 state->v8[7] = aes_inv_sbox[state->v8[11]]; 1755 state->v8[11] = aes_inv_sbox[state->v8[15]]; 1756 state->v8[15] = tmp; 1757 1758 v128_xor_eq(state, round_key); 1759 } 1760 1761 1762 #elif CPU_RISC 1763 1764 static inline void aes_round (v128_t *state, const v128_t *round_key) 1765 { 1766 uint32_t column0, column1, column2, column3; 1767 1768 /* compute the columns of the output square in terms of the octets 1769 of state, using the tables T0, T1, T2, T3 */ 1531 1770 #ifdef WORDS_BIGENDIAN 1532 tmp = expanded_key->round[i].v32[0]; 1533 expanded_key->round[i].v32[0] = 1534 U0[T4[(tmp >> 24) ] & 0xff] ^ 1535 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1536 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1537 U3[T4[(tmp) & 0xff] & 0xff]; 1538 1539 tmp = expanded_key->round[i].v32[1]; 1540 expanded_key->round[i].v32[1] = 1541 U0[T4[(tmp >> 24) ] & 0xff] ^ 1542 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1543 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1544 U3[T4[(tmp) & 0xff] & 0xff]; 1545 1546 tmp = expanded_key->round[i].v32[2]; 1547 expanded_key->round[i].v32[2] = 1548 U0[T4[(tmp >> 24) ] & 0xff] ^ 1549 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1550 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1551 U3[T4[(tmp) & 0xff] & 0xff]; 1552 1553 tmp = expanded_key->round[i].v32[3]; 1554 expanded_key->round[i].v32[3] = 1555 U0[T4[(tmp >> 24) ] & 0xff] ^ 1556 U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1557 U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1558 U3[T4[(tmp) & 0xff] & 0xff]; 1771 column0 = T0[state->v32[0] >> 24] ^ T1[(state->v32[1] >> 16) & 0xff] 1772 ^ T2[(state->v32[2] >> 8) & 0xff] ^ T3[state->v32[3] & 0xff]; 1773 1774 column1 = T0[state->v32[1] >> 24] ^ T1[(state->v32[2] >> 16) & 0xff] 1775 ^ T2[(state->v32[3] >> 8) & 0xff] ^ T3[state->v32[0] & 0xff]; 1776 1777 column2 = T0[state->v32[2] >> 24] ^ T1[(state->v32[3] >> 16) & 0xff] 1778 ^ T2[(state->v32[0] >> 8) & 0xff] ^ T3[state->v32[1] & 0xff]; 1779 1780 column3 = T0[state->v32[3] >> 24] ^ T1[(state->v32[0] >> 16) & 0xff] 1781 ^ T2[(state->v32[1] >> 8) & 0xff] ^ T3[state->v32[2] & 0xff]; 1559 1782 #else 1560 tmp = expanded_key->round[i].v32[0]; 1561 expanded_key->round[i].v32[0] = 1562 U3[T4[(tmp >> 24) ] & 0xff] ^ 1563 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1564 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1565 U0[T4[(tmp) & 0xff] & 0xff]; 1566 1567 tmp = expanded_key->round[i].v32[1]; 1568 expanded_key->round[i].v32[1] = 1569 U3[T4[(tmp >> 24) ] & 0xff] ^ 1570 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1571 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1572 U0[T4[(tmp) & 0xff] & 0xff]; 1573 1574 tmp = expanded_key->round[i].v32[2]; 1575 expanded_key->round[i].v32[2] = 1576 U3[T4[(tmp >> 24) ] & 0xff] ^ 1577 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1578 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1579 U0[T4[(tmp) & 0xff] & 0xff]; 1580 1581 tmp = expanded_key->round[i].v32[3]; 1582 expanded_key->round[i].v32[3] = 1583 U3[T4[(tmp >> 24) ] & 0xff] ^ 1584 U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ 1585 U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ 1586 U0[T4[(tmp) & 0xff] & 0xff]; 1783 column0 = T0[state->v32[0] & 0xff] ^ T1[(state->v32[1] >> 8) & 0xff] 1784 ^ T2[(state->v32[2] >> 16) & 0xff] ^ T3[state->v32[3] >> 24]; 1785 1786 column1 = T0[state->v32[1] & 0xff] ^ T1[(state->v32[2] >> 8) & 0xff] 1787 ^ T2[(state->v32[3] >> 16) & 0xff] ^ T3[state->v32[0] >> 24]; 1788 1789 column2 = T0[state->v32[2] & 0xff] ^ T1[(state->v32[3] >> 8) & 0xff] 1790 ^ T2[(state->v32[0] >> 16) & 0xff] ^ T3[state->v32[1] >> 24]; 1791 1792 column3 = T0[state->v32[3] & 0xff] ^ T1[(state->v32[0] >> 8) & 0xff] 1793 ^ T2[(state->v32[1] >> 16) & 0xff] ^ T3[state->v32[2] >> 24]; 1587 1794 #endif /* WORDS_BIGENDIAN */ 1588 1795 1589 #else /* assume CPU_CISC */ 1590 1591 uint32_t c0, c1, c2, c3; 1592 1593 c0 = U0[aes_sbox[expanded_key->round[i].v8[0]]] 1594 ^ U1[aes_sbox[expanded_key->round[i].v8[1]]] 1595 ^ U2[aes_sbox[expanded_key->round[i].v8[2]]] 1596 ^ U3[aes_sbox[expanded_key->round[i].v8[3]]]; 1597 1598 c1 = U0[aes_sbox[expanded_key->round[i].v8[4]]] 1599 ^ U1[aes_sbox[expanded_key->round[i].v8[5]]] 1600 ^ U2[aes_sbox[expanded_key->round[i].v8[6]]] 1601 ^ U3[aes_sbox[expanded_key->round[i].v8[7]]]; 1602 1603 c2 = U0[aes_sbox[expanded_key->round[i].v8[8]]] 1604 ^ U1[aes_sbox[expanded_key->round[i].v8[9]]] 1605 ^ U2[aes_sbox[expanded_key->round[i].v8[10]]] 1606 ^ U3[aes_sbox[expanded_key->round[i].v8[11]]]; 1607 1608 c3 = U0[aes_sbox[expanded_key->round[i].v8[12]]] 1609 ^ U1[aes_sbox[expanded_key->round[i].v8[13]]] 1610 ^ U2[aes_sbox[expanded_key->round[i].v8[14]]] 1611 ^ U3[aes_sbox[expanded_key->round[i].v8[15]]]; 1612 1613 expanded_key->round[i].v32[0] = c0; 1614 expanded_key->round[i].v32[1] = c1; 1615 expanded_key->round[i].v32[2] = c2; 1616 expanded_key->round[i].v32[3] = c3; 1617 1618 #endif 1619 } 1620 1621 return err_status_ok; 1796 state->v32[0] = column0 ^ round_key->v32[0]; 1797 state->v32[1] = column1 ^ round_key->v32[1]; 1798 state->v32[2] = column2 ^ round_key->v32[2]; 1799 state->v32[3] = column3 ^ round_key->v32[3]; 1800 1622 1801 } 1623 1802 1624 #ifdef CPU_CISC 1625 1626 1627 static inline void 1628 aes_round(v128_t *state, const v128_t *round_key) { 1629 uint32_t column0, column1, column2, column3; 1630 1631 /* compute the columns of the output square in terms of the octets 1632 of state, using the tables T0, T1, T2, T3 */ 1633 1634 column0 = T0[state->v8[0]] ^ T1[state->v8[5]] 1635 ^ T2[state->v8[10]] ^ T3[state->v8[15]]; 1636 1637 column1 = T0[state->v8[4]] ^ T1[state->v8[9]] 1638 ^ T2[state->v8[14]] ^ T3[state->v8[3]]; 1639 1640 column2 = T0[state->v8[8]] ^ T1[state->v8[13]] 1641 ^ T2[state->v8[2]] ^ T3[state->v8[7]]; 1642 1643 column3 = T0[state->v8[12]] ^ T1[state->v8[1]] 1644 ^ T2[state->v8[6]] ^ T3[state->v8[11]]; 1645 1646 state->v32[0] = column0 ^ round_key->v32[0]; 1647 state->v32[1] = column1 ^ round_key->v32[1]; 1648 state->v32[2] = column2 ^ round_key->v32[2]; 1649 state->v32[3] = column3 ^ round_key->v32[3]; 1803 static inline void aes_inv_round (v128_t *state, const v128_t *round_key) 1804 { 1805 uint32_t column0, column1, column2, column3; 1806 1807 /* compute the columns of the output square in terms of the octets 1808 of state, using the tables U0, U1, U2, U3 */ 1809 1810 #ifdef WORDS_BIGENDIAN 1811 column0 = U0[state->v32[0] >> 24] ^ U1[(state->v32[3] >> 16) & 0xff] 1812 ^ U2[(state->v32[2] >> 8) & 0xff] ^ U3[state->v32[1] & 0xff]; 1813 1814 column1 = U0[state->v32[1] >> 24] ^ U1[(state->v32[0] >> 16) & 0xff] 1815 ^ U2[(state->v32[3] >> 8) & 0xff] ^ U3[state->v32[2] & 0xff]; 1816 1817 column2 = U0[state->v32[2] >> 24] ^ U1[(state->v32[1] >> 16) & 0xff] 1818 ^ U2[(state->v32[0] >> 8) & 0xff] ^ U3[state->v32[3] & 0xff]; 1819 1820 column3 = U0[state->v32[3] >> 24] ^ U1[(state->v32[2] >> 16) & 0xff] 1821 ^ U2[(state->v32[1] >> 8) & 0xff] ^ U3[state->v32[0] & 0xff]; 1822 #else 1823 column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff] 1824 ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[(state->v32[1] >> 24) & 0xff]; 1825 1826 column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff] 1827 ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[(state->v32[2] >> 24) & 0xff]; 1828 1829 column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff] 1830 ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[(state->v32[3] >> 24) & 0xff]; 1831 1832 column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff] 1833 ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[(state->v32[0] >> 24) & 0xff]; 1834 #endif /* WORDS_BIGENDIAN */ 1835 1836 state->v32[0] = column0 ^ round_key->v32[0]; 1837 state->v32[1] = column1 ^ round_key->v32[1]; 1838 state->v32[2] = column2 ^ round_key->v32[2]; 1839 state->v32[3] = column3 ^ round_key->v32[3]; 1650 1840 1651 1841 } 1652 1842 1653 1654 static inline void 1655 aes_inv_round(v128_t *state, const v128_t *round_key) { 1656 uint32_t column0, column1, column2, column3; 1657 1658 /* compute the columns of the output square in terms of the octets 1659 of state, using the tables U0, U1, U2, U3 */ 1660 1661 column0 = U0[state->v8[0]] ^ U1[state->v8[13]] 1662 ^ U2[state->v8[10]] ^ U3[state->v8[7]]; 1663 1664 column1 = U0[state->v8[4]] ^ U1[state->v8[1]] 1665 ^ U2[state->v8[14]] ^ U3[state->v8[11]]; 1666 1667 column2 = U0[state->v8[8]] ^ U1[state->v8[5]] 1668 ^ U2[state->v8[2]] ^ U3[state->v8[15]]; 1669 1670 column3 = U0[state->v8[12]] ^ U1[state->v8[9]] 1671 ^ U2[state->v8[6]] ^ U3[state->v8[3]]; 1672 1673 state->v32[0] = column0 ^ round_key->v32[0]; 1674 state->v32[1] = column1 ^ round_key->v32[1]; 1675 state->v32[2] = column2 ^ round_key->v32[2]; 1676 state->v32[3] = column3 ^ round_key->v32[3]; 1843 static inline void aes_final_round (v128_t *state, const v128_t *round_key) 1844 { 1845 uint32_t tmp0, tmp1, tmp2, tmp3; 1846 1847 #ifdef WORDS_BIGENDIAN 1848 tmp0 = (T4[(state->v32[0] >> 24)] & 0xff000000) 1849 ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) 1850 ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) 1851 ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff) 1852 ^ round_key->v32[0]; 1853 1854 tmp1 = (T4[(state->v32[1] >> 24)] & 0xff000000) 1855 ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) 1856 ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) 1857 ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff) 1858 ^ round_key->v32[1]; 1859 1860 tmp2 = (T4[(state->v32[2] >> 24)] & 0xff000000) 1861 ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) 1862 ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) 1863 ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff) 1864 ^ round_key->v32[2]; 1865 1866 tmp3 = (T4[(state->v32[3] >> 24)] & 0xff000000) 1867 ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) 1868 ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) 1869 ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff) 1870 ^ round_key->v32[3]; 1871 #else 1872 tmp0 = (T4[(state->v32[3] >> 24)] & 0xff000000) 1873 ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) 1874 ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) 1875 ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff) 1876 ^ round_key->v32[0]; 1877 1878 tmp1 = (T4[(state->v32[0] >> 24)] & 0xff000000) 1879 ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) 1880 ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) 1881 ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff) 1882 ^ round_key->v32[1]; 1883 1884 tmp2 = (T4[(state->v32[1] >> 24)] & 0xff000000) 1885 ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) 1886 ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) 1887 ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff) 1888 ^ round_key->v32[2]; 1889 1890 tmp3 = (T4[(state->v32[2] >> 24)] & 0xff000000) 1891 ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) 1892 ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) 1893 ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff) 1894 ^ round_key->v32[3]; 1895 #endif /* WORDS_BIGENDIAN */ 1896 1897 state->v32[0] = tmp0; 1898 state->v32[1] = tmp1; 1899 state->v32[2] = tmp2; 1900 state->v32[3] = tmp3; 1677 1901 1678 1902 } 1679 1903 1680 static inline void 1681 aes_final_round(v128_t *state, const v128_t *round_key) { 1682 uint8_t tmp; 1683 1684 /* byte substitutions and row shifts */ 1685 /* first row - no shift */ 1686 state->v8[0] = aes_sbox[state->v8[0]]; 1687 state->v8[4] = aes_sbox[state->v8[4]]; 1688 state->v8[8] = aes_sbox[state->v8[8]]; 1689 state->v8[12] = aes_sbox[state->v8[12]]; 1690 1691 /* second row - shift one left */ 1692 tmp = aes_sbox[state->v8[1]]; 1693 state->v8[1] = aes_sbox[state->v8[5]]; 1694 state->v8[5] = aes_sbox[state->v8[9]]; 1695 state->v8[9] = aes_sbox[state->v8[13]]; 1696 state->v8[13] = tmp; 1697 1698 /* third row - shift two left */ 1699 tmp = aes_sbox[state->v8[10]]; 1700 state->v8[10] = aes_sbox[state->v8[2]]; 1701 state->v8[2] = tmp; 1702 tmp = aes_sbox[state->v8[14]]; 1703 state->v8[14] = aes_sbox[state->v8[6]]; 1704 state->v8[6] = tmp; 1705 1706 /* fourth row - shift three left */ 1707 tmp = aes_sbox[state->v8[15]]; 1708 state->v8[15] = aes_sbox[state->v8[11]]; 1709 state->v8[11] = aes_sbox[state->v8[7]]; 1710 state->v8[7] = aes_sbox[state->v8[3]]; 1711 state->v8[3] = tmp; 1712 1713 v128_xor_eq(state, round_key); 1904 static inline void aes_inv_final_round (v128_t *state, const v128_t *round_key) 1905 { 1906 uint32_t tmp0, tmp1, tmp2, tmp3; 1907 1908 #ifdef WORDS_BIGENDIAN 1909 tmp0 = (U4[(state->v32[0] >> 24)] & 0xff000000) 1910 ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) 1911 ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) 1912 ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff) 1913 ^ round_key->v32[0]; 1914 1915 tmp1 = (U4[(state->v32[1] >> 24)] & 0xff000000) 1916 ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) 1917 ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) 1918 ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff) 1919 ^ round_key->v32[1]; 1920 1921 tmp2 = (U4[(state->v32[2] >> 24)] & 0xff000000) 1922 ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) 1923 ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) 1924 ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff) 1925 ^ round_key->v32[2]; 1926 1927 tmp3 = (U4[(state->v32[3] >> 24)] & 0xff000000) 1928 ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) 1929 ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) 1930 ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff) 1931 ^ round_key->v32[3]; 1932 #else 1933 tmp0 = (U4[(state->v32[1] >> 24)] & 0xff000000) 1934 ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) 1935 ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) 1936 ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff) 1937 ^ round_key->v32[0]; 1938 1939 tmp1 = (U4[(state->v32[2] >> 24)] & 0xff000000) 1940 ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) 1941 ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) 1942 ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff) 1943 ^ round_key->v32[1]; 1944 1945 tmp2 = (U4[(state->v32[3] >> 24)] & 0xff000000) 1946 ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) 1947 ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) 1948 ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff) 1949 ^ round_key->v32[2]; 1950 1951 tmp3 = (U4[(state->v32[0] >> 24)] & 0xff000000) 1952 ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) 1953 ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) 1954 ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff) 1955 ^ round_key->v32[3]; 1956 #endif /* WORDS_BIGENDIAN */ 1957 1958 state->v32[0] = tmp0; 1959 state->v32[1] = tmp1; 1960 state->v32[2] = tmp2; 1961 state->v32[3] = tmp3; 1714 1962 } 1715 1963 1716 static inline void 1717 aes_inv_final_round(v128_t *state, const v128_t *round_key) { 1718 uint8_t tmp; 1719 1720 /* byte substitutions and row shifts */ 1721 /* first row - no shift */ 1722 state->v8[0] = aes_inv_sbox[state->v8[0]]; 1723 state->v8[4] = aes_inv_sbox[state->v8[4]]; 1724 state->v8[8] = aes_inv_sbox[state->v8[8]]; 1725 state->v8[12] = aes_inv_sbox[state->v8[12]]; 1726 1727 /* second row - shift one right */ 1728 tmp = aes_inv_sbox[state->v8[13]]; 1729 state->v8[13] = aes_inv_sbox[state->v8[9]]; 1730 state->v8[9] = aes_inv_sbox[state->v8[5]]; 1731 state->v8[5] = aes_inv_sbox[state->v8[1]]; 1732 state->v8[1] = tmp; 1733 1734 /* third row - shift two right */ 1735 tmp = aes_inv_sbox[state->v8[2]]; 1736 state->v8[2] = aes_inv_sbox[state->v8[10]]; 1737 state->v8[10] = tmp; 1738 tmp = aes_inv_sbox[state->v8[6]]; 1739 state->v8[6] = aes_inv_sbox[state->v8[14]]; 1740 state->v8[14] = tmp; 1741 1742 /* fourth row - shift three right */ 1743 tmp = aes_inv_sbox[state->v8[3]]; 1744 state->v8[3] = aes_inv_sbox[state->v8[7]]; 1745 state->v8[7] = aes_inv_sbox[state->v8[11]]; 1746 state->v8[11] = aes_inv_sbox[state->v8[15]]; 1747 state->v8[15] = tmp; 1748 1749 v128_xor_eq(state, round_key); 1964 #elif CPU_16 /* assume 16-bit word size on processor */ 1965 1966 static inline void aes_round (v128_t *state, const v128_t *round_key) 1967 { 1968 uint32_t column0, column1, column2, column3; 1969 uint16_t c 1970 /* compute the columns of the output square in terms of the octets 1971 of state, using the tables T0, T1, T2, T3 */ 1972 1973 column0 = T0[state->v8[0]] ^ T1[state->v8[5]] 1974 ^ T2[state->v8[10]] ^ T3[state->v8[15]]; 1975 1976 column1 = T0[state->v8[4]] ^ T1[state->v8[9]] 1977 ^ T2[state->v8[14]] ^ T3[state->v8[3]]; 1978 1979 column2 = T0[state->v8[8]] ^ T1[state->v8[13]] 1980 ^ T2[state->v8[2]] ^ T3[state->v8[7]]; 1981 1982 column3 = T0[state->v8[12]] ^ T1[state->v8[1]] 1983 ^ T2[state->v8[6]] ^ T3[state->v8[11]]; 1984 1985 state->v32[0] = column0 ^ round_key->v32[0]; 1986 state->v32[1] = column1 ^ round_key->v32[1]; 1987 state->v32[2] = column2 ^ round_key->v32[2]; 1988 state->v32[3] = column3 ^ round_key->v32[3]; 1989 1750 1990 } 1751 1991 1752 1992 1753 #elif CPU_RISC 1754 1755 static inline void 1756 aes_round(v128_t *state, const v128_t *round_key) { 1757 uint32_t column0, column1, column2, column3; 1758 1759 /* compute the columns of the output square in terms of the octets 1760 of state, using the tables T0, T1, T2, T3 */ 1761 #ifdef WORDS_BIGENDIAN 1762 column0 = T0[state->v32[0] >> 24] ^ T1[(state->v32[1] >> 16) & 0xff] 1763 ^ T2[(state->v32[2] >> 8) & 0xff] ^ T3[state->v32[3] & 0xff]; 1764 1765 column1 = T0[state->v32[1] >> 24] ^ T1[(state->v32[2] >> 16) & 0xff] 1766 ^ T2[(state->v32[3] >> 8) & 0xff] ^ T3[state->v32[0] & 0xff]; 1767 1768 column2 = T0[state->v32[2] >> 24] ^ T1[(state->v32[3] >> 16) & 0xff] 1769 ^ T2[(state->v32[0] >> 8) & 0xff] ^ T3[state->v32[1] & 0xff]; 1770 1771 column3 = T0[state->v32[3] >> 24] ^ T1[(state->v32[0] >> 16) & 0xff] 1772 ^ T2[(state->v32[1] >> 8) & 0xff] ^ T3[state->v32[2] & 0xff]; 1773 #else 1774 column0 = T0[state->v32[0] & 0xff] ^ T1[(state->v32[1] >> 8) & 0xff] 1775 ^ T2[(state->v32[2] >> 16) & 0xff] ^ T3[state->v32[3] >> 24]; 1776 1777 column1 = T0[state->v32[1] & 0xff] ^ T1[(state->v32[2] >> 8) & 0xff] 1778 ^ T2[(state->v32[3] >> 16) & 0xff] ^ T3[state->v32[0] >> 24]; 1779 1780 column2 = T0[state->v32[2] & 0xff] ^ T1[(state->v32[3] >> 8) & 0xff] 1781 ^ T2[(state->v32[0] >> 16) & 0xff] ^ T3[state->v32[1] >> 24]; 1782 1783 column3 = T0[state->v32[3] & 0xff] ^ T1[(state->v32[0] >> 8) & 0xff] 1784 ^ T2[(state->v32[1] >> 16) & 0xff] ^ T3[state->v32[2] >> 24]; 1785 #endif /* WORDS_BIGENDIAN */ 1786 1787 state->v32[0] = column0 ^ round_key->v32[0]; 1788 state->v32[1] = column1 ^ round_key->v32[1]; 1789 state->v32[2] = column2 ^ round_key->v32[2]; 1790 state->v32[3] = column3 ^ round_key->v32[3]; 1993 static inline void aes_inv_round (v128_t *state, const v128_t *round_key) 1994 { 1995 uint32_t column0, column1, column2, column3; 1996 1997 /* compute the columns of the output square in terms of the octets 1998 of state, using the tables U0, U1, U2, U3 */ 1999 2000 column0 = U0[state->v8[0]] ^ U1[state->v8[5]] 2001 ^ U2[state->v8[10]] ^ U3[state->v8[15]]; 2002 2003 column1 = U0[state->v8[4]] ^ U1[state->v8[9]] 2004 ^ U2[state->v8[14]] ^ U3[state->v8[3]]; 2005 2006 column2 = U0[state->v8[8]] ^ U1[state->v8[13]] 2007 ^ U2[state->v8[2]] ^ U3[state->v8[7]]; 2008 2009 column3 = U0[state->v8[12]] ^ U1[state->v8[1]] 2010 ^ U2[state->v8[6]] ^ U3[state->v8[11]]; 2011 2012 state->v32[0] = column0 ^ round_key->v32[0]; 2013 state->v32[1] = column1 ^ round_key->v32[1]; 2014 state->v32[2] = column2 ^ round_key->v32[2]; 2015 state->v32[3] = column3 ^ round_key->v32[3]; 1791 2016 1792 2017 } 1793 2018 1794 static inline void 1795 aes_inv_round(v128_t *state, const v128_t *round_key) { 1796 uint32_t column0, column1, column2, column3; 1797 1798 /* compute the columns of the output square in terms of the octets 1799 of state, using the tables U0, U1, U2, U3 */ 1800 1801 #ifdef WORDS_BIGENDIAN 1802 column0 = U0[state->v32[0] >> 24] ^ U1[(state->v32[3] >> 16) & 0xff] 1803 ^ U2[(state->v32[2] >> 8) & 0xff] ^ U3[state->v32[1] & 0xff]; 1804 1805 column1 = U0[state->v32[1] >> 24] ^ U1[(state->v32[0] >> 16) & 0xff] 1806 ^ U2[(state->v32[3] >> 8) & 0xff] ^ U3[state->v32[2] & 0xff]; 1807 1808 column2 = U0[state->v32[2] >> 24] ^ U1[(state->v32[1] >> 16) & 0xff] 1809 ^ U2[(state->v32[0] >> 8) & 0xff] ^ U3[state->v32[3] & 0xff]; 1810 1811 column3 = U0[state->v32[3] >> 24] ^ U1[(state->v32[2] >> 16) & 0xff] 1812 ^ U2[(state->v32[1] >> 8) & 0xff] ^ U3[state->v32[0] & 0xff]; 1813 #else 1814 column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff] 1815 ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[(state->v32[1] >> 24) & 0xff]; 1816 1817 column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff] 1818 ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[(state->v32[2] >> 24) & 0xff]; 1819 1820 column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff] 1821 ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[(state->v32[3] >> 24) & 0xff]; 1822 1823 column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff] 1824 ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[(state->v32[0] >> 24) & 0xff]; 1825 #endif /* WORDS_BIGENDIAN */ 1826 1827 state->v32[0] = column0 ^ round_key->v32[0]; 1828 state->v32[1] = column1 ^ round_key->v32[1]; 1829 state->v32[2] = column2 ^ round_key->v32[2]; 1830 state->v32[3] = column3 ^ round_key->v32[3]; 1831 2019 static inline void aes_final_round (v128_t *state, const v128_t *round_key) 2020 { 2021 uint8_t tmp; 2022 2023 /* byte substitutions and row shifts */ 2024 /* first row - no shift */ 2025 state->v8[0] = aes_sbox[state->v8[0]]; 2026 state->v8[4] = aes_sbox[state->v8[4]]; 2027 state->v8[8] = aes_sbox[state->v8[8]]; 2028 state->v8[12] = aes_sbox[state->v8[12]]; 2029 2030 /* second row - shift one left */ 2031 tmp = aes_sbox[state->v8[1]]; 2032 state->v8[1] = aes_sbox[state->v8[5]]; 2033 state->v8[5] = aes_sbox[state->v8[9]]; 2034 state->v8[9] = aes_sbox[state->v8[13]]; 2035 state->v8[13] = tmp; 2036 2037 /* third row - shift two left */ 2038 tmp = aes_sbox[state->v8[10]]; 2039 state->v8[10] = aes_sbox[state->v8[2]]; 2040 state->v8[2] = tmp; 2041 tmp = aes_sbox[state->v8[14]]; 2042 state->v8[14] = aes_sbox[state->v8[6]]; 2043 state->v8[6] = tmp; 2044 2045 /* fourth row - shift three left */ 2046 tmp = aes_sbox[state->v8[15]]; 2047 state->v8[15] = aes_sbox[state->v8[11]]; 2048 state->v8[11] = aes_sbox[state->v8[7]]; 2049 state->v8[7] = aes_sbox[state->v8[3]]; 2050 state->v8[3] = tmp; 2051 2052 v128_xor_eq(state, round_key); 1832 2053 } 1833 2054 1834 static inline void 1835 aes_final_round(v128_t *state, const v128_t *round_key) { 1836 uint32_t tmp0, tmp1, tmp2, tmp3; 1837 1838 #ifdef WORDS_BIGENDIAN 1839 tmp0 = (T4[(state->v32[0] >> 24)] & 0xff000000) 1840 ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) 1841 ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) 1842 ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff) 1843 ^ round_key->v32[0]; 1844 1845 tmp1 = (T4[(state->v32[1] >> 24)] & 0xff000000) 1846 ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) 1847 ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) 1848 ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff) 1849 ^ round_key->v32[1]; 1850 1851 tmp2 = (T4[(state->v32[2] >> 24)] & 0xff000000) 1852 ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) 1853 ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) 1854 ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff) 1855 ^ round_key->v32[2]; 1856 1857 tmp3 = (T4[(state->v32[3] >> 24)] & 0xff000000) 1858 ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) 1859 ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) 1860 ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff) 1861 ^ round_key->v32[3]; 1862 #else 1863 tmp0 = (T4[(state->v32[3] >> 24)] & 0xff000000) 1864 ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) 1865 ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) 1866 ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff) 1867 ^ round_key->v32[0]; 1868 1869 tmp1 = (T4[(state->v32[0] >> 24)] & 0xff000000) 1870 ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) 1871 ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) 1872 ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff) 1873 ^ round_key->v32[1]; 1874 1875 tmp2 = (T4[(state->v32[1] >> 24)] & 0xff000000) 1876 ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) 1877 ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) 1878 ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff) 1879 ^ round_key->v32[2]; 1880 1881 tmp3 = (T4[(state->v32[2] >> 24)] & 0xff000000) 1882 ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) 1883 ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) 1884 ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff) 1885 ^ round_key->v32[3]; 1886 #endif /* WORDS_BIGENDIAN */ 1887 1888 state->v32[0] = tmp0; 1889 state->v32[1] = tmp1; 1890 state->v32[2] = tmp2; 1891 state->v32[3] = tmp3; 1892 2055 static inline void aes_inv_final_round (v128_t *state, const v128_t *round_key) 2056 { 2057 uint8_t tmp; 2058 2059 /* byte substitutions and row shifts */ 2060 /* first row - no shift */ 2061 state->v8[0] = aes_inv_sbox[state->v8[0]]; 2062 state->v8[4] = aes_inv_sbox[state->v8[4]]; 2063 state->v8[8] = aes_inv_sbox[state->v8[8]]; 2064 state->v8[12] = aes_inv_sbox[state->v8[12]]; 2065 2066 /* second row - shift one left */ 2067 tmp = aes_inv_sbox[state->v8[1]]; 2068 state->v8[1] = aes_inv_sbox[state->v8[5]]; 2069 state->v8[5] = aes_inv_sbox[state->v8[9]]; 2070 state->v8[9] = aes_inv_sbox[state->v8[13]]; 2071 state->v8[13] = tmp; 2072 2073 /* third row - shift two left */ 2074 tmp = aes_inv_sbox[state->v8[10]]; 2075 state->v8[10] = aes_inv_sbox[state->v8[2]]; 2076 state->v8[2] = tmp; 2077 tmp = aes_inv_sbox[state->v8[14]]; 2078 state->v8[14] = aes_inv_sbox[state->v8[6]]; 2079 state->v8[6] = tmp; 2080 2081 /* fourth row - shift three left */ 2082 tmp = aes_inv_sbox[state->v8[15]]; 2083 state->v8[15] = aes_inv_sbox[state->v8[11]]; 2084 state->v8[11] = aes_inv_sbox[state->v8[7]]; 2085 state->v8[7] = aes_inv_sbox[state->v8[3]]; 2086 state->v8[3] = tmp; 2087 2088 v128_xor_eq(state, round_key); 1893 2089 } 1894 2090 1895 static inline void 1896 aes_inv_final_round(v128_t *state, const v128_t *round_key) { 1897 uint32_t tmp0, tmp1, tmp2, tmp3; 1898 1899 #ifdef WORDS_BIGENDIAN 1900 tmp0 = (U4[(state->v32[0] >> 24)] & 0xff000000) 1901 ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) 1902 ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) 1903 ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff) 1904 ^ round_key->v32[0]; 1905 1906 tmp1 = (U4[(state->v32[1] >> 24)] & 0xff000000) 1907 ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) 1908 ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) 1909 ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff) 1910 ^ round_key->v32[1]; 1911 1912 tmp2 = (U4[(state->v32[2] >> 24)] & 0xff000000) 1913 ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) 1914 ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) 1915 ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff) 1916 ^ round_key->v32[2]; 1917 1918 tmp3 = (U4[(state->v32[3] >> 24)] & 0xff000000) 1919 ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) 1920 ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) 1921 ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff) 1922 ^ round_key->v32[3]; 1923 #else 1924 tmp0 = (U4[(state->v32[1] >> 24)] & 0xff000000) 1925 ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) 1926 ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) 1927 ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff) 1928 ^ round_key->v32[0]; 1929 1930 tmp1 = (U4[(state->v32[2] >> 24)] & 0xff000000) 1931 ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) 1932 ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) 1933 ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff) 1934 ^ round_key->v32[1]; 1935 1936 tmp2 = (U4[(state->v32[3] >> 24)] & 0xff000000) 1937 ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) 1938 ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) 1939 ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff) 1940 ^ round_key->v32[2]; 1941 1942 tmp3 = (U4[(state->v32[0] >> 24)] & 0xff000000) 1943 ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) 1944 ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) 1945 ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff) 1946 ^ round_key->v32[3]; 1947 #endif /* WORDS_BIGENDIAN */ 1948 1949 state->v32[0] = tmp0; 1950 state->v32[1] = tmp1; 1951 state->v32[2] = tmp2; 1952 state->v32[3] = tmp3; 1953 2091 #endif /* CPU type */ 2092 2093 2094 void srtp_aes_encrypt (v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key) 2095 { 2096 2097 /* add in the subkey */ 2098 v128_xor_eq(plaintext, &exp_key->round[0]); 2099 2100 /* now do the rounds */ 2101 aes_round(plaintext, &exp_key->round[1]); 2102 aes_round(plaintext, &exp_key->round[2]); 2103 aes_round(plaintext, &exp_key->round[3]); 2104 aes_round(plaintext, &exp_key->round[4]); 2105 aes_round(plaintext, &exp_key->round[5]); 2106 aes_round(plaintext, &exp_key->round[6]); 2107 aes_round(plaintext, &exp_key->round[7]); 2108 aes_round(plaintext, &exp_key->round[8]); 2109 aes_round(plaintext, &exp_key->round[9]); 2110 if (exp_key->num_rounds == 10) { 2111 aes_final_round(plaintext, &exp_key->round[10]); 2112 }else if (exp_key->num_rounds == 12) { 2113 aes_round(plaintext, &exp_key->round[10]); 2114 aes_round(plaintext, &exp_key->round[11]); 2115 aes_final_round(plaintext, &exp_key->round[12]); 2116 }else if (exp_key->num_rounds == 14) { 2117 aes_round(plaintext, &exp_key->round[10]); 2118 aes_round(plaintext, &exp_key->round[11]); 2119 aes_round(plaintext, &exp_key->round[12]); 2120 aes_round(plaintext, &exp_key->round[13]); 2121 aes_final_round(plaintext, &exp_key->round[14]); 2122 } 1954 2123 } 1955 2124 1956 #elif CPU_16 /* assume 16-bit word size on processor */ 1957 1958 static inline void 1959 aes_round(v128_t *state, const v128_t *round_key) { 1960 uint32_t column0, column1, column2, column3; 1961 uint16_t c 1962 /* compute the columns of the output square in terms of the octets 1963 of state, using the tables T0, T1, T2, T3 */ 1964 1965 column0 = T0[state->v8[0]] ^ T1[state->v8[5]] 1966 ^ T2[state->v8[10]] ^ T3[state->v8[15]]; 1967 1968 column1 = T0[state->v8[4]] ^ T1[state->v8[9]] 1969 ^ T2[state->v8[14]] ^ T3[state->v8[3]]; 1970 1971 column2 = T0[state->v8[8]] ^ T1[state->v8[13]] 1972 ^ T2[state->v8[2]] ^ T3[state->v8[7]]; 1973 1974 column3 = T0[state->v8[12]] ^ T1[state->v8[1]] 1975 ^ T2[state->v8[6]] ^ T3[state->v8[11]]; 1976 1977 state->v32[0] = column0 ^ round_key->v32[0]; 1978 state->v32[1] = column1 ^ round_key->v32[1]; 1979 state->v32[2] = column2 ^ round_key->v32[2]; 1980 state->v32[3] = column3 ^ round_key->v32[3]; 1981 2125 void srtp_aes_decrypt (v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key) 2126 { 2127 2128 /* add in the subkey */ 2129 v128_xor_eq(plaintext, &exp_key->round[0]); 2130 2131 /* now do the rounds */ 2132 aes_inv_round(plaintext, &exp_key->round[1]); 2133 aes_inv_round(plaintext, &exp_key->round[2]); 2134 aes_inv_round(plaintext, &exp_key->round[3]); 2135 aes_inv_round(plaintext, &exp_key->round[4]); 2136 aes_inv_round(plaintext, &exp_key->round[5]); 2137 aes_inv_round(plaintext, &exp_key->round[6]); 2138 aes_inv_round(plaintext, &exp_key->round[7]); 2139 aes_inv_round(plaintext, &exp_key->round[8]); 2140 aes_inv_round(plaintext, &exp_key->round[9]); 2141 if (exp_key->num_rounds == 10) { 2142 aes_inv_final_round(plaintext, &exp_key->round[10]); 2143 }else if (exp_key->num_rounds == 12) { 2144 aes_inv_round(plaintext, &exp_key->round[10]); 2145 aes_inv_round(plaintext, &exp_key->round[11]); 2146 aes_inv_final_round(plaintext, &exp_key->round[12]); 2147 }else if (exp_key->num_rounds == 14) { 2148 aes_inv_round(plaintext, &exp_key->round[10]); 2149 aes_inv_round(plaintext, &exp_key->round[11]); 2150 aes_inv_round(plaintext, &exp_key->round[12]); 2151 aes_inv_round(plaintext, &exp_key->round[13]); 2152 aes_inv_final_round(plaintext, &exp_key->round[14]); 2153 } 1982 2154 } 1983 1984 1985 static inline void1986 aes_inv_round(v128_t *state, const v128_t *round_key) {1987 uint32_t column0, column1, column2, column3;1988 1989 /* compute the columns of the output square in terms of the octets1990 of state, using the tables U0, U1, U2, U3 */1991 1992 column0 = U0[state->v8[0]] ^ U1[state->v8[5]]1993 ^ U2[state->v8[10]] ^ U3[state->v8[15]];1994 1995 column1 = U0[state->v8[4]] ^ U1[state->v8[9]]1996 ^ U2[state->v8[14]] ^ U3[state->v8[3]];1997 1998 column2 = U0[state->v8[8]] ^ U1[state->v8[13]]1999 ^ U2[state->v8[2]] ^ U3[state->v8[7]];2000 2001 column3 = U0[state->v8[12]] ^ U1[state->v8[1]]2002 ^ U2[state->v8[6]] ^ U3[state->v8[11]];2003 2004 state->v32[0] = column0 ^ round_key->v32[0];2005 state->v32[1] = column1 ^ round_key->v32[1];2006 state->v32[2] = column2 ^ round_key->v32[2];2007 state->v32[3] = column3 ^ round_key->v32[3];2008 2009 }2010 2011 static inline void2012 aes_final_round(v128_t *state, const v128_t *round_key) {2013 uint8_t tmp;2014 2015 /* byte substitutions and row shifts */2016 /* first row - no shift */2017 state->v8[0] = aes_sbox[state->v8[0]];2018 state->v8[4] = aes_sbox[state->v8[4]];2019 state->v8[8] = aes_sbox[state->v8[8]];2020 state->v8[12] = aes_sbox[state->v8[12]];2021 2022 /* second row - shift one left */2023 tmp = aes_sbox[state->v8[1]];2024 state->v8[1] = aes_sbox[state->v8[5]];2025 state->v8[5] = aes_sbox[state->v8[9]];2026 state->v8[9] = aes_sbox[state->v8[13]];2027 state->v8[13] = tmp;2028 2029 /* third row - shift two left */2030 tmp = aes_sbox[state->v8[10]];2031 state->v8[10] = aes_sbox[state->v8[2]];2032 state->v8[2] = tmp;2033 tmp = aes_sbox[state->v8[14]];2034 state->v8[14] = aes_sbox[state->v8[6]];2035 state->v8[6] = tmp;2036 2037 /* fourth row - shift three left */2038 tmp = aes_sbox[state->v8[15]];2039 state->v8[15] = aes_sbox[state->v8[11]];2040 state->v8[11] = aes_sbox[state->v8[7]];2041 state->v8[7] = aes_sbox[state->v8[3]];2042 state->v8[3] = tmp;2043 2044 v128_xor_eq(state, round_key);2045 }2046 2047 static inline void2048 aes_inv_final_round(v128_t *state, const v128_t *round_key) {2049 uint8_t tmp;2050 2051 /* byte substitutions and row shifts */2052 /* first row - no shift */2053 state->v8[0] = aes_inv_sbox[state->v8[0]];2054 state->v8[4] = aes_inv_sbox[state->v8[4]];2055 state->v8[8] = aes_inv_sbox[state->v8[8]];2056 state->v8[12] = aes_inv_sbox[state->v8[12]];2057 2058 /* second row - shift one left */2059 tmp = aes_inv_sbox[state->v8[1]];2060 state->v8[1] = aes_inv_sbox[state->v8[5]];2061 state->v8[5] = aes_inv_sbox[state->v8[9]];2062 state->v8[9] = aes_inv_sbox[state->v8[13]];2063 state->v8[13] = tmp;2064 2065 /* third row - shift two left */2066 tmp = aes_inv_sbox[state->v8[10]];2067 state->v8[10] = aes_inv_sbox[state->v8[2]];2068 state->v8[2] = tmp;2069 tmp = aes_inv_sbox[state->v8[14]];2070 state->v8[14] = aes_inv_sbox[state->v8[6]];2071 state->v8[6] = tmp;2072 2073 /* fourth row - shift three left */2074 tmp = aes_inv_sbox[state->v8[15]];2075 state->v8[15] = aes_inv_sbox[state->v8[11]];2076 state->v8[11] = aes_inv_sbox[state->v8[7]];2077 state->v8[7] = aes_inv_sbox[state->v8[3]];2078 state->v8[3] = tmp;2079 2080 v128_xor_eq(state, round_key);2081 }2082 2083 #endif /* CPU type */2084 2085 2086 void2087 aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {2088 2089 /* add in the subkey */2090 v128_xor_eq(plaintext, &exp_key->round[0]);2091 2092 /* now do the rounds */2093 aes_round(plaintext, &exp_key->round[1]);2094 aes_round(plaintext, &exp_key->round[2]);2095 aes_round(plaintext, &exp_key->round[3]);2096 aes_round(plaintext, &exp_key->round[4]);2097 aes_round(plaintext, &exp_key->round[5]);2098 aes_round(plaintext, &exp_key->round[6]);2099 aes_round(plaintext, &exp_key->round[7]);2100 aes_round(plaintext, &exp_key->round[8]);2101 aes_round(plaintext, &exp_key->round[9]);2102 if (exp_key->num_rounds == 10) {2103 aes_final_round(plaintext, &exp_key->round[10]);2104 }2105 else if (exp_key->num_rounds == 12) {2106 aes_round(plaintext, &exp_key->round[10]);2107 aes_round(plaintext, &exp_key->round[11]);2108 aes_final_round(plaintext, &exp_key->round[12]);2109 }2110 else if (exp_key->num_rounds == 14) {2111 aes_round(plaintext, &exp_key->round[10]);2112 aes_round(plaintext, &exp_key->round[11]);2113 aes_round(plaintext, &exp_key->round[12]);2114 aes_round(plaintext, &exp_key->round[13]);2115 aes_final_round(plaintext, &exp_key->round[14]);2116 }2117 }2118 2119 void2120 aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {2121 2122 /* add in the subkey */2123 v128_xor_eq(plaintext, &exp_key->round[0]);2124 2125 /* now do the rounds */2126 aes_inv_round(plaintext, &exp_key->round[1]);2127 aes_inv_round(plaintext, &exp_key->round[2]);2128 aes_inv_round(plaintext, &exp_key->round[3]);2129 aes_inv_round(plaintext, &exp_key->round[4]);2130 aes_inv_round(plaintext, &exp_key->round[5]);2131 aes_inv_round(plaintext, &exp_key->round[6]);2132 aes_inv_round(plaintext, &exp_key->round[7]);2133 aes_inv_round(plaintext, &exp_key->round[8]);2134 aes_inv_round(plaintext, &exp_key->round[9]);2135 if (exp_key->num_rounds == 10) {2136 aes_inv_final_round(plaintext, &exp_key->round[10]);2137 }2138 else if (exp_key->num_rounds == 12) {2139 aes_inv_round(plaintext, &exp_key->round[10]);2140 aes_inv_round(plaintext, &exp_key->round[11]);2141 aes_inv_final_round(plaintext, &exp_key->round[12]);2142 }2143 else if (exp_key->num_rounds == 14) {2144 aes_inv_round(plaintext, &exp_key->round[10]);2145 aes_inv_round(plaintext, &exp_key->round[11]);2146 aes_inv_round(plaintext, &exp_key->round[12]);2147 aes_inv_round(plaintext, &exp_key->round[13]);2148 aes_inv_final_round(plaintext, &exp_key->round[14]);2149 }2150 } -
pjproject/trunk/third_party/srtp/crypto/cipher/aes_gcm_ossl.c
r5261 r5614 11 11 /* 12 12 * 13 * Copyright (c) 2013 , Cisco Systems, Inc.13 * Copyright (c) 2013-2017, Cisco Systems, Inc. 14 14 * All rights reserved. 15 15 * … … 53 53 #include "aes_gcm_ossl.h" 54 54 #include "alloc.h" 55 #include "err.h" /* for srtp_debug */ 55 56 #include "crypto_types.h" 56 57 57 58 58 debug_module_tmod_aes_gcm = {59 srtp_debug_module_t srtp_mod_aes_gcm = { 59 60 0, /* debugging is off by default */ 60 61 "aes gcm" /* printable module name */ … … 65 66 * 128-bit and 256-bit GCM ciphers. 66 67 */ 67 extern c ipher_type_taes_gcm_128_openssl;68 extern c ipher_type_taes_gcm_256_openssl;68 extern const srtp_cipher_type_t srtp_aes_gcm_128_openssl; 69 extern const srtp_cipher_type_t srtp_aes_gcm_256_openssl; 69 70 70 71 /* 71 72 * For now we only support 8 and 16 octet tags. The spec allows for 72 * optional 12 byte tag, which may be supported in the future. 73 * optional 12 byte tag, which may be supported in the future. 73 74 */ 74 75 #define GCM_AUTH_TAG_LEN 16 … … 79 80 * This function allocates a new instance of this crypto engine. 80 81 * The key_len parameter should be one of 28 or 44 for 81 * AES-128-GCM or AES-256-GCM respectively. Note that the 82 * AES-128-GCM or AES-256-GCM respectively. Note that the 82 83 * key length includes the 14 byte salt value that is used when 83 84 * initializing the KDF. 84 85 */ 85 err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen) 86 { 87 aes_gcm_ctx_t *gcm; 88 int tmp; 89 uint8_t *allptr; 90 91 debug_print(mod_aes_gcm, "allocating cipher with key length %d", key_len); 92 debug_print(mod_aes_gcm, "allocating cipher with tag length %d", tlen); 86 static srtp_err_status_t srtp_aes_gcm_openssl_alloc (srtp_cipher_t **c, int key_len, int tlen) 87 { 88 srtp_aes_gcm_ctx_t *gcm; 89 90 debug_print(srtp_mod_aes_gcm, "allocating cipher with key length %d", key_len); 91 debug_print(srtp_mod_aes_gcm, "allocating cipher with tag length %d", tlen); 93 92 94 93 /* 95 94 * Verify the key_len is valid for one of: AES-128/256 96 95 */ 97 if (key_len != AES_128_GCM_KEYSIZE_WSALT &&98 key_len != AES_256_GCM_KEYSIZE_WSALT) {99 return ( err_status_bad_param);96 if (key_len != SRTP_AES_GCM_128_KEY_LEN_WSALT && 97 key_len != SRTP_AES_GCM_256_KEY_LEN_WSALT) { 98 return (srtp_err_status_bad_param); 100 99 } 101 100 102 101 if (tlen != GCM_AUTH_TAG_LEN && 103 104 return ( err_status_bad_param);102 tlen != GCM_AUTH_TAG_LEN_8) { 103 return (srtp_err_status_bad_param); 105 104 } 106 105 107 106 /* allocate memory a cipher of type aes_gcm */ 108 tmp = sizeof(cipher_t) + sizeof(aes_gcm_ctx_t); 109 allptr = crypto_alloc(tmp); 110 if (allptr == NULL) { 111 return (err_status_alloc_fail); 107 *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); 108 if (*c == NULL) { 109 return (srtp_err_status_alloc_fail); 110 } 111 memset(*c, 0x0, sizeof(srtp_cipher_t)); 112 113 gcm = (srtp_aes_gcm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_gcm_ctx_t)); 114 if (gcm == NULL) { 115 srtp_crypto_free(*c); 116 *c = NULL; 117 return (srtp_err_status_alloc_fail); 118 } 119 memset(gcm, 0x0, sizeof(srtp_aes_gcm_ctx_t)); 120 121 gcm->ctx = EVP_CIPHER_CTX_new(); 122 if (gcm->ctx == NULL) { 123 srtp_crypto_free(gcm); 124 srtp_crypto_free(*c); 125 *c = NULL; 126 return srtp_err_status_alloc_fail; 112 127 } 113 128 114 129 /* set pointers */ 115 *c = (cipher_t*)allptr; 116 (*c)->state = allptr + sizeof(cipher_t); 117 gcm = (aes_gcm_ctx_t *)(*c)->state; 118 119 /* increment ref_count */ 130 (*c)->state = gcm; 131 132 /* setup cipher attributes */ 120 133 switch (key_len) { 121 case AES_128_GCM_KEYSIZE_WSALT: 122 (*c)->type = &aes_gcm_128_openssl; 123 (*c)->algorithm = AES_128_GCM; 124 aes_gcm_128_openssl.ref_count++; 125 ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE; 126 ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen; 134 case SRTP_AES_GCM_128_KEY_LEN_WSALT: 135 (*c)->type = &srtp_aes_gcm_128_openssl; 136 (*c)->algorithm = SRTP_AES_GCM_128; 137 gcm->key_size = SRTP_AES_128_KEY_LEN; 138 gcm->tag_len = tlen; 127 139 break; 128 case AES_256_GCM_KEYSIZE_WSALT: 129 (*c)->type = &aes_gcm_256_openssl; 130 (*c)->algorithm = AES_256_GCM; 131 aes_gcm_256_openssl.ref_count++; 132 ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE; 133 ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen; 140 case SRTP_AES_GCM_256_KEY_LEN_WSALT: 141 (*c)->type = &srtp_aes_gcm_256_openssl; 142 (*c)->algorithm = SRTP_AES_GCM_256; 143 gcm->key_size = SRTP_AES_256_KEY_LEN; 144 gcm->tag_len = tlen; 134 145 break; 135 146 } … … 137 148 /* set key size */ 138 149 (*c)->key_len = key_len; 139 EVP_CIPHER_CTX_init(&gcm->ctx); 140 141 return (err_status_ok); 142 } 143 144 145 /* 146 * This function deallocates a GCM session 147 */ 148 err_status_t aes_gcm_openssl_dealloc (cipher_t *c) 149 { 150 aes_gcm_ctx_t *ctx; 151 152 ctx = (aes_gcm_ctx_t*)c->state; 150 151 return (srtp_err_status_ok); 152 } 153 154 155 /* 156 * This function deallocates a GCM session 157 */ 158 static srtp_err_status_t srtp_aes_gcm_openssl_dealloc (srtp_cipher_t *c) 159 { 160 srtp_aes_gcm_ctx_t *ctx; 161 162 ctx = (srtp_aes_gcm_ctx_t*)c->state; 153 163 if (ctx) { 154 EVP_CIPHER_CTX_cleanup(&ctx->ctx); 155 /* decrement ref_count for the appropriate engine */ 156 switch (ctx->key_size) { 157 case AES_256_KEYSIZE: 158 aes_gcm_256_openssl.ref_count--; 159 break; 160 case AES_128_KEYSIZE: 161 aes_gcm_128_openssl.ref_count--; 162 break; 163 default: 164 return (err_status_dealloc_fail); 165 break; 166 } 167 } 168 169 /* zeroize entire state*/ 170 octet_string_set_to_zero((uint8_t*)c, sizeof(cipher_t) + sizeof(aes_gcm_ctx_t)); 164 EVP_CIPHER_CTX_free(ctx->ctx); 165 /* zeroize the key material */ 166 octet_string_set_to_zero(ctx, sizeof(srtp_aes_gcm_ctx_t)); 167 srtp_crypto_free(ctx); 168 } 171 169 172 170 /* free memory */ 173 crypto_free(c);174 175 return ( err_status_ok);171 srtp_crypto_free(c); 172 173 return (srtp_err_status_ok); 176 174 } 177 175 … … 182 180 * the key is the secret key 183 181 */ 184 err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key) 185 { 186 c->dir = direction_any; 187 188 /* copy key to be used later when CiscoSSL crypto context is created */ 189 v128_copy_octet_string((v128_t*)&c->key, key); 190 191 if (c->key_size == AES_256_KEYSIZE) { 192 debug_print(mod_aes_gcm, "Copying last 16 bytes of key: %s", 193 v128_hex_string((v128_t*)(key + AES_128_KEYSIZE))); 194 v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, 195 key + AES_128_KEYSIZE); 196 } 197 198 debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key)); 199 200 EVP_CIPHER_CTX_cleanup(&c->ctx); 201 202 return (err_status_ok); 203 } 204 205 206 /* 207 * aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with 208 * the offset 209 */ 210 err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv, 211 int direction) 212 { 182 static srtp_err_status_t srtp_aes_gcm_openssl_context_init (void* cv, const uint8_t *key) 183 { 184 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; 213 185 const EVP_CIPHER *evp; 214 186 215 if (direction != direction_encrypt && direction != direction_decrypt) { 216 return (err_status_bad_param); 217 } 218 c->dir = direction; 219 220 debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(iv)); 187 c->dir = srtp_direction_any; 188 189 debug_print(srtp_mod_aes_gcm, "key: %s", srtp_octet_string_hex_string(key, c->key_size)); 221 190 222 191 switch (c->key_size) { 223 case AES_256_KEYSIZE:192 case SRTP_AES_256_KEY_LEN: 224 193 evp = EVP_aes_256_gcm(); 225 194 break; 226 case AES_128_KEYSIZE:195 case SRTP_AES_128_KEY_LEN: 227 196 evp = EVP_aes_128_gcm(); 228 197 break; 229 198 default: 230 return ( err_status_bad_param);199 return (srtp_err_status_bad_param); 231 200 break; 232 201 } 233 202 234 if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8, 235 NULL, (c->dir == direction_encrypt ? 1 : 0))) { 236 return (err_status_init_fail); 203 if (!EVP_CipherInit_ex(c->ctx, evp, NULL, key, NULL, 0)) { 204 return (srtp_err_status_init_fail); 205 } 206 207 return (srtp_err_status_ok); 208 } 209 210 211 /* 212 * aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with 213 * the offset 214 */ 215 static srtp_err_status_t srtp_aes_gcm_openssl_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t direction) 216 { 217 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; 218 219 if (direction != srtp_direction_encrypt && direction != srtp_direction_decrypt) { 220 return (srtp_err_status_bad_param); 221 } 222 c->dir = direction; 223 224 debug_print(srtp_mod_aes_gcm, "setting iv: %s", v128_hex_string((v128_t*)iv)); 225 226 if (!EVP_CipherInit_ex(c->ctx, NULL, NULL, NULL, 227 NULL, (c->dir == srtp_direction_encrypt ? 1 : 0))) { 228 return (srtp_err_status_init_fail); 237 229 } 238 230 239 231 /* set IV len and the IV value, the followiong 3 calls are required */ 240 if (!EVP_CIPHER_CTX_ctrl( &c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {241 return ( err_status_init_fail);242 } 243 if (!EVP_CIPHER_CTX_ctrl( &c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1,iv)) {244 return ( err_status_init_fail);245 } 246 if (!EVP_CIPHER_CTX_ctrl( &c->ctx, EVP_CTRL_GCM_IV_GEN, 0,iv)) {247 return ( err_status_init_fail);248 } 249 250 return ( err_status_ok);232 if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { 233 return (srtp_err_status_init_fail); 234 } 235 if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, (void*)iv)) { 236 return (srtp_err_status_init_fail); 237 } 238 if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, (void*)iv)) { 239 return (srtp_err_status_init_fail); 240 } 241 242 return (srtp_err_status_ok); 251 243 } 252 244 … … 259 251 * aad_len length of aad buffer 260 252 */ 261 err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad, 262 unsigned int aad_len) 263 { 253 static srtp_err_status_t srtp_aes_gcm_openssl_set_aad (void *cv, const uint8_t *aad, uint32_t aad_len) 254 { 255 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; 264 256 int rv; 265 257 … … 268 260 * processing AAD 269 261 */ 270 EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad); 271 272 rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len); 262 263 /* 264 * OpenSSL never write to address pointed by the last parameter of 265 * EVP_CIPHER_CTX_ctrl while EVP_CTRL_GCM_SET_TAG (in reality, 266 * OpenSSL copy its content to the context), so we can make 267 * aad read-only in this function and all its wrappers. 268 */ 269 unsigned char dummy_tag[GCM_AUTH_TAG_LEN]; 270 memset(dummy_tag, 0x0, GCM_AUTH_TAG_LEN); 271 EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, &dummy_tag); 272 273 rv = EVP_Cipher(c->ctx, NULL, aad, aad_len); 273 274 if (rv != aad_len) { 274 return ( err_status_algo_fail);275 return (srtp_err_status_algo_fail); 275 276 } else { 276 return ( err_status_ok);277 return (srtp_err_status_ok); 277 278 } 278 279 } … … 286 287 * enc_len length of encrypt buffer 287 288 */ 288 err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf, 289 unsigned int *enc_len) 290 { 291 if (c->dir != direction_encrypt && c->dir !=direction_decrypt) {292 return ( err_status_bad_param);289 static srtp_err_status_t srtp_aes_gcm_openssl_encrypt (void *cv, unsigned char *buf, unsigned int *enc_len) 290 { 291 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; 292 if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) { 293 return (srtp_err_status_bad_param); 293 294 } 294 295 … … 296 297 * Encrypt the data 297 298 */ 298 EVP_Cipher( &c->ctx, buf, buf, *enc_len);299 300 return ( err_status_ok);299 EVP_Cipher(c->ctx, buf, buf, *enc_len); 300 301 return (srtp_err_status_ok); 301 302 } 302 303 303 304 /* 304 305 * This function calculates and returns the GCM tag for a given context. 305 * This should be called after encrypting the data. The *len value 306 * This should be called after encrypting the data. The *len value 306 307 * is increased by the tag size. The caller must ensure that *buf has 307 308 * enough room to accept the appended tag. … … 312 313 * len length of encrypt buffer 313 314 */ 314 err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf, 315 int *len) 316 { 315 static srtp_err_status_t srtp_aes_gcm_openssl_get_tag (void *cv, uint8_t *buf, uint32_t *len) 316 { 317 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; 317 318 /* 318 319 * Calculate the tag 319 320 */ 320 EVP_Cipher( &c->ctx, NULL, NULL, 0);321 EVP_Cipher(c->ctx, NULL, NULL, 0); 321 322 322 323 /* 323 324 * Retreive the tag 324 325 */ 325 EVP_CIPHER_CTX_ctrl( &c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);326 EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf); 326 327 327 328 /* … … 330 331 *len = c->tag_len; 331 332 332 return ( err_status_ok);333 return (srtp_err_status_ok); 333 334 } 334 335 … … 342 343 * enc_len length of encrypt buffer 343 344 */ 344 err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf, 345 unsigned int *enc_len) 346 { 347 if (c->dir != direction_encrypt && c->dir !=direction_decrypt) {348 return ( err_status_bad_param);345 static srtp_err_status_t srtp_aes_gcm_openssl_decrypt (void *cv, unsigned char *buf, unsigned int *enc_len) 346 { 347 srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; 348 if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) { 349 return (srtp_err_status_bad_param); 349 350 } 350 351 … … 352 353 * Set the tag before decrypting 353 354 */ 354 EVP_CIPHER_CTX_ctrl( &c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,355 356 EVP_Cipher( &c->ctx, buf, buf, *enc_len - c->tag_len);355 EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, 356 buf + (*enc_len - c->tag_len)); 357 EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len); 357 358 358 359 /* 359 360 * Check the tag 360 361 */ 361 if (EVP_Cipher( &c->ctx, NULL, NULL, 0)) {362 return ( err_status_auth_fail);362 if (EVP_Cipher(c->ctx, NULL, NULL, 0)) { 363 return (srtp_err_status_auth_fail); 363 364 } 364 365 … … 369 370 *enc_len -= c->tag_len; 370 371 371 return ( err_status_ok);372 return (srtp_err_status_ok); 372 373 } 373 374 … … 377 378 * Name of this crypto engine 378 379 */ 379 charaes_gcm_128_openssl_description[] = "AES-128 GCM using openssl";380 charaes_gcm_256_openssl_description[] = "AES-256 GCM using openssl";380 static const char srtp_aes_gcm_128_openssl_description[] = "AES-128 GCM using openssl"; 381 static const char srtp_aes_gcm_256_openssl_description[] = "AES-256 GCM using openssl"; 381 382 382 383 383 384 /* 384 385 * KAT values for AES self-test. These 385 * values we're derived from independent test code 386 * values we're derived from independent test code 386 387 * using OpenSSL. 387 388 */ 388 uint8_t aes_gcm_test_case_0_key[AES_128_GCM_KEYSIZE_WSALT] = {389 static const uint8_t srtp_aes_gcm_test_case_0_key[SRTP_AES_GCM_128_KEY_LEN_WSALT] = { 389 390 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 390 391 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 391 392 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 392 0x09, 0x0a, 0x0b, 0x0c, 393 }; 394 395 uint8_taes_gcm_test_case_0_iv[12] = {396 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 393 0x09, 0x0a, 0x0b, 0x0c, 394 }; 395 396 static uint8_t srtp_aes_gcm_test_case_0_iv[12] = { 397 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 397 398 0xde, 0xca, 0xf8, 0x88 398 399 }; 399 400 400 uint8_taes_gcm_test_case_0_plaintext[60] = {401 static const uint8_t srtp_aes_gcm_test_case_0_plaintext[60] = { 401 402 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 402 403 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, … … 409 410 }; 410 411 411 uint8_taes_gcm_test_case_0_aad[20] = {412 static const uint8_t srtp_aes_gcm_test_case_0_aad[20] = { 412 413 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 413 414 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, … … 415 416 }; 416 417 417 uint8_taes_gcm_test_case_0_ciphertext[76] = {418 static const uint8_t srtp_aes_gcm_test_case_0_ciphertext[76] = { 418 419 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 419 420 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, … … 429 430 }; 430 431 431 cipher_test_case_taes_gcm_test_case_0a = {432 AES_128_GCM_KEYSIZE_WSALT,/* octets in key */433 aes_gcm_test_case_0_key,/* key */434 aes_gcm_test_case_0_iv,/* packet index */435 60, 436 aes_gcm_test_case_0_plaintext,/* plaintext */437 68, 438 aes_gcm_test_case_0_ciphertext,/* ciphertext + tag */439 20, 440 aes_gcm_test_case_0_aad,/* AAD */432 static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0a = { 433 SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */ 434 srtp_aes_gcm_test_case_0_key, /* key */ 435 srtp_aes_gcm_test_case_0_iv, /* packet index */ 436 60, /* octets in plaintext */ 437 srtp_aes_gcm_test_case_0_plaintext, /* plaintext */ 438 68, /* octets in ciphertext */ 439 srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ 440 20, /* octets in AAD */ 441 srtp_aes_gcm_test_case_0_aad, /* AAD */ 441 442 GCM_AUTH_TAG_LEN_8, 442 NULL 443 }; 444 445 cipher_test_case_taes_gcm_test_case_0 = {446 AES_128_GCM_KEYSIZE_WSALT,/* octets in key */447 aes_gcm_test_case_0_key,/* key */448 aes_gcm_test_case_0_iv,/* packet index */449 60, 450 aes_gcm_test_case_0_plaintext,/* plaintext */451 76, 452 aes_gcm_test_case_0_ciphertext,/* ciphertext + tag */453 20, 454 aes_gcm_test_case_0_aad,/* AAD */443 NULL /* pointer to next testcase */ 444 }; 445 446 static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0 = { 447 SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */ 448 srtp_aes_gcm_test_case_0_key, /* key */ 449 srtp_aes_gcm_test_case_0_iv, /* packet index */ 450 60, /* octets in plaintext */ 451 srtp_aes_gcm_test_case_0_plaintext, /* plaintext */ 452 76, /* octets in ciphertext */ 453 srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ 454 20, /* octets in AAD */ 455 srtp_aes_gcm_test_case_0_aad, /* AAD */ 455 456 GCM_AUTH_TAG_LEN, 456 & aes_gcm_test_case_0a/* pointer to next testcase */457 }; 458 459 uint8_t aes_gcm_test_case_1_key[AES_256_GCM_KEYSIZE_WSALT] = {457 &srtp_aes_gcm_test_case_0a /* pointer to next testcase */ 458 }; 459 460 static const uint8_t srtp_aes_gcm_test_case_1_key[SRTP_AES_GCM_256_KEY_LEN_WSALT] = { 460 461 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 461 462 0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c, 462 0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2, 463 0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2, 463 464 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 464 465 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 465 0x09, 0x0a, 0x0b, 0x0c, 466 467 }; 468 469 uint8_taes_gcm_test_case_1_iv[12] = {470 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 466 0x09, 0x0a, 0x0b, 0x0c, 467 468 }; 469 470 static uint8_t srtp_aes_gcm_test_case_1_iv[12] = { 471 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 471 472 0xde, 0xca, 0xf8, 0x88 472 473 }; 473 474 474 uint8_taes_gcm_test_case_1_plaintext[60] = {475 static const uint8_t srtp_aes_gcm_test_case_1_plaintext[60] = { 475 476 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 476 477 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, … … 483 484 }; 484 485 485 uint8_taes_gcm_test_case_1_aad[20] = {486 static const uint8_t srtp_aes_gcm_test_case_1_aad[20] = { 486 487 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 487 488 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, … … 489 490 }; 490 491 491 uint8_taes_gcm_test_case_1_ciphertext[76] = {492 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46, 493 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a, 494 0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86, 495 0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a, 496 0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9, 497 0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80, 498 0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10, 499 0x09, 0xc9, 0x86, 0xc1, 492 static const uint8_t srtp_aes_gcm_test_case_1_ciphertext[76] = { 493 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46, 494 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a, 495 0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86, 496 0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a, 497 0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9, 498 0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80, 499 0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10, 500 0x09, 0xc9, 0x86, 0xc1, 500 501 /* the last 16 bytes are the tag */ 501 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f, 502 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f, 502 503 0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d, 503 504 }; 504 505 505 cipher_test_case_taes_gcm_test_case_1a = {506 AES_256_GCM_KEYSIZE_WSALT,/* octets in key */507 aes_gcm_test_case_1_key,/* key */508 aes_gcm_test_case_1_iv,/* packet index */509 60, 510 aes_gcm_test_case_1_plaintext,/* plaintext */511 68, 512 aes_gcm_test_case_1_ciphertext,/* ciphertext + tag */513 20, 514 aes_gcm_test_case_1_aad,/* AAD */506 static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1a = { 507 SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */ 508 srtp_aes_gcm_test_case_1_key, /* key */ 509 srtp_aes_gcm_test_case_1_iv, /* packet index */ 510 60, /* octets in plaintext */ 511 srtp_aes_gcm_test_case_1_plaintext, /* plaintext */ 512 68, /* octets in ciphertext */ 513 srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ 514 20, /* octets in AAD */ 515 srtp_aes_gcm_test_case_1_aad, /* AAD */ 515 516 GCM_AUTH_TAG_LEN_8, 516 NULL 517 }; 518 519 cipher_test_case_taes_gcm_test_case_1 = {520 AES_256_GCM_KEYSIZE_WSALT,/* octets in key */521 aes_gcm_test_case_1_key,/* key */522 aes_gcm_test_case_1_iv,/* packet index */523 60, 524 aes_gcm_test_case_1_plaintext,/* plaintext */525 76, 526 aes_gcm_test_case_1_ciphertext,/* ciphertext + tag */527 20, 528 aes_gcm_test_case_1_aad,/* AAD */517 NULL /* pointer to next testcase */ 518 }; 519 520 static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1 = { 521 SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */ 522 srtp_aes_gcm_test_case_1_key, /* key */ 523 srtp_aes_gcm_test_case_1_iv, /* packet index */ 524 60, /* octets in plaintext */ 525 srtp_aes_gcm_test_case_1_plaintext, /* plaintext */ 526 76, /* octets in ciphertext */ 527 srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ 528 20, /* octets in AAD */ 529 srtp_aes_gcm_test_case_1_aad, /* AAD */ 529 530 GCM_AUTH_TAG_LEN, 530 & aes_gcm_test_case_1a/* pointer to next testcase */531 &srtp_aes_gcm_test_case_1a /* pointer to next testcase */ 531 532 }; 532 533 … … 534 535 * This is the vector function table for this crypto engine. 535 536 */ 536 cipher_type_t aes_gcm_128_openssl = { 537 (cipher_alloc_func_t) aes_gcm_openssl_alloc, 538 (cipher_dealloc_func_t) aes_gcm_openssl_dealloc, 539 (cipher_init_func_t) aes_gcm_openssl_context_init, 540 (cipher_set_aad_func_t) aes_gcm_openssl_set_aad, 541 (cipher_encrypt_func_t) aes_gcm_openssl_encrypt, 542 (cipher_decrypt_func_t) aes_gcm_openssl_decrypt, 543 (cipher_set_iv_func_t) aes_gcm_openssl_set_iv, 544 (cipher_get_tag_func_t) aes_gcm_openssl_get_tag, 545 (char*) aes_gcm_128_openssl_description, 546 (int) 0, /* instance count */ 547 (cipher_test_case_t*) &aes_gcm_test_case_0, 548 (debug_module_t*) &mod_aes_gcm, 549 (cipher_type_id_t) AES_128_GCM 537 const srtp_cipher_type_t srtp_aes_gcm_128_openssl = { 538 srtp_aes_gcm_openssl_alloc, 539 srtp_aes_gcm_openssl_dealloc, 540 srtp_aes_gcm_openssl_context_init, 541 srtp_aes_gcm_openssl_set_aad, 542 srtp_aes_gcm_openssl_encrypt, 543 srtp_aes_gcm_openssl_decrypt, 544 srtp_aes_gcm_openssl_set_iv, 545 srtp_aes_gcm_openssl_get_tag, 546 srtp_aes_gcm_128_openssl_description, 547 &srtp_aes_gcm_test_case_0, 548 SRTP_AES_GCM_128 550 549 }; 551 550 … … 553 552 * This is the vector function table for this crypto engine. 554 553 */ 555 cipher_type_t aes_gcm_256_openssl = { 556 (cipher_alloc_func_t) aes_gcm_openssl_alloc, 557 (cipher_dealloc_func_t) aes_gcm_openssl_dealloc, 558 (cipher_init_func_t) aes_gcm_openssl_context_init, 559 (cipher_set_aad_func_t) aes_gcm_openssl_set_aad, 560 (cipher_encrypt_func_t) aes_gcm_openssl_encrypt, 561 (cipher_decrypt_func_t) aes_gcm_openssl_decrypt, 562 (cipher_set_iv_func_t) aes_gcm_openssl_set_iv, 563 (cipher_get_tag_func_t) aes_gcm_openssl_get_tag, 564 (char*) aes_gcm_256_openssl_description, 565 (int) 0, /* instance count */ 566 (cipher_test_case_t*) &aes_gcm_test_case_1, 567 (debug_module_t*) &mod_aes_gcm, 568 (cipher_type_id_t) AES_256_GCM 569 }; 570 554 const srtp_cipher_type_t srtp_aes_gcm_256_openssl = { 555 srtp_aes_gcm_openssl_alloc, 556 srtp_aes_gcm_openssl_dealloc, 557 srtp_aes_gcm_openssl_context_init, 558 srtp_aes_gcm_openssl_set_aad, 559 srtp_aes_gcm_openssl_encrypt, 560 srtp_aes_gcm_openssl_decrypt, 561 srtp_aes_gcm_openssl_set_iv, 562 srtp_aes_gcm_openssl_get_tag, 563 srtp_aes_gcm_256_openssl_description, 564 &srtp_aes_gcm_test_case_1, 565 SRTP_AES_GCM_256 566 }; 567 -
pjproject/trunk/third_party/srtp/crypto/cipher/aes_icm.c
r5261 r5614 9 9 10 10 /* 11 * 12 * Copyright (c) 2001-20 06,2013Cisco Systems, Inc.11 * 12 * Copyright (c) 2001-2017 Cisco Systems, Inc. 13 13 * All rights reserved. 14 * 14 * 15 15 * Redistribution and use in source and binary forms, with or without 16 16 * modification, are permitted provided that the following conditions 17 17 * are met: 18 * 18 * 19 19 * Redistributions of source code must retain the above copyright 20 20 * notice, this list of conditions and the following disclaimer. 21 * 21 * 22 22 * Redistributions in binary form must reproduce the above 23 23 * copyright notice, this list of conditions and the following 24 24 * disclaimer in the documentation and/or other materials provided 25 25 * with the distribution. 26 * 26 * 27 27 * Neither the name of the Cisco Systems, Inc. nor the names of its 28 28 * contributors may be used to endorse or promote products derived 29 29 * from this software without specific prior written permission. 30 * 30 * 31 31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 32 32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 54 54 55 55 56 debug_module_t mod_aes_icm = { 57 0, /* debugging is off by default */ 58 "aes icm" /* printable module name */ 59 }; 56 srtp_debug_module_t srtp_mod_aes_icm = { 57 0, /* debugging is off by default */ 58 "aes icm" /* printable module name */ 59 }; 60 extern const srtp_cipher_type_t srtp_aes_icm_128; 61 extern const srtp_cipher_type_t srtp_aes_icm_256; 60 62 61 63 /* … … 64 66 * 16 bits 65 67 * <-----> 66 * +------+------+------+------+------+------+------+------+ 68 * +------+------+------+------+------+------+------+------+ 67 69 * | nonce | pakcet index | ctr |---+ 68 70 * +------+------+------+------+------+------+------+------+ | … … 75 77 * | encrypt | 76 78 * +---------+ 77 * | 79 * | 78 80 * +------+------+------+------+------+------+------+------+ | 79 * | keystream block |<--+ 80 * +------+------+------+------+------+------+------+------+ 81 * | keystream block |<--+ 82 * +------+------+------+------+------+------+------+------+ 81 83 * 82 84 * All fields are big-endian … … 84 86 * ctr is the block counter, which increments from zero for 85 87 * each packet (16 bits wide) 86 * 88 * 87 89 * packet index is distinct for each packet (48 bits wide) 88 90 * … … 93 95 */ 94 96 95 err_status_t 96 aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int forIsmacryp){97 extern cipher_type_t aes_icm;98 uint8_t *pointer; 99 int tmp;100 101 debug_print(mod_aes_icm, 102 "allocating cipher with key length %d", key_len);103 104 /*105 * Ismacryp, for example, uses 16 byte key + 8 byte106 * salt so this function is called with key_len = 24.107 * The check for key_len = 30/38/46 does not apply. Our usage108 * of aes functions with key_len = values other than 30109 * has not broken anything. Don't know what would be the110 * effect of skipping this check for srtp in general.111 */ 112 if (!(forIsmacryp && key_len > 16 && key_len < 30) &&113 key_len != 30 && key_len != 38 && key_len != 46)114 return err_status_bad_param;115 116 /* allocate memory a cipher of type aes_icm */117 tmp = (sizeof(aes_icm_ctx_t) + sizeof(cipher_t));118 pointer = (uint8_t*)crypto_alloc(tmp); 119 if (pointer == NULL)120 return err_status_alloc_fail;121 122 /* set pointers */123 *c = (cipher_t *)pointer;124 switch (key_len) {125 case 46: 126 (*c)->algorithm = AES_256_ICM;127 break;128 case 38: 129 (*c)->algorithm = AES_192_ICM;130 break;131 default:132 (*c)->algorithm = AES_128_ICM;133 break;134 }135 (*c)->type = &aes_icm;136 (*c)->state = pointer + sizeof(cipher_t);137 138 /* increment ref_count */139 aes_icm.ref_count++; 140 141 /* set key size */142 (*c)->key_len = key_len;143 144 return err_status_ok;97 static srtp_err_status_t srtp_aes_icm_alloc (srtp_cipher_t **c, int key_len, int tlen) 98 { 99 srtp_aes_icm_ctx_t *icm; 100 101 debug_print(srtp_mod_aes_icm, 102 "allocating cipher with key length %d", key_len); 103 104 /* 105 * The check for key_len = 30/46 does not apply. Our usage 106 * of aes functions with key_len = values other than 30 107 * has not broken anything. Don't know what would be the 108 * effect of skipping this check for srtp in general. 109 */ 110 if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT && key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) { 111 return srtp_err_status_bad_param; 112 } 113 114 /* allocate memory a cipher of type aes_icm */ 115 *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); 116 if (*c == NULL) { 117 return srtp_err_status_alloc_fail; 118 } 119 memset(*c, 0x0, sizeof(srtp_cipher_t)); 120 121 icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t)); 122 if (icm == NULL) { 123 srtp_crypto_free(*c); 124 return srtp_err_status_alloc_fail; 125 } 126 memset(icm, 0x0, sizeof(srtp_aes_icm_ctx_t)); 127 128 /* set pointers */ 129 (*c)->state = icm; 130 131 switch (key_len) { 132 case SRTP_AES_ICM_256_KEY_LEN_WSALT: 133 (*c)->algorithm = SRTP_AES_ICM_256; 134 (*c)->type = &srtp_aes_icm_256; 135 break; 136 default: 137 (*c)->algorithm = SRTP_AES_ICM_128; 138 (*c)->type = &srtp_aes_icm_128; 139 break; 140 } 141 142 /* set key size */ 143 icm->key_size = key_len; 144 (*c)->key_len = key_len; 145 146 return srtp_err_status_ok; 145 147 } 146 148 147 err_status_t aes_icm_alloc(cipher_t **c, int key_len, int forIsmacryp) { 148 return aes_icm_alloc_ismacryp(c, key_len, 0); 149 } 150 151 err_status_t 152 aes_icm_dealloc(cipher_t *c) { 153 extern cipher_type_t aes_icm;154 155 /* zeroize entire state*/156 octet_string_set_to_zero((uint8_t *)c,157 sizeof(aes_icm_ctx_t) + sizeof(cipher_t)); 158 159 /* free memory */160 crypto_free(c);161 162 /* decrement ref_count */163 aes_icm.ref_count--;164 165 return err_status_ok;149 static srtp_err_status_t srtp_aes_icm_dealloc (srtp_cipher_t *c) 150 { 151 srtp_aes_icm_ctx_t *ctx; 152 153 if (c == NULL) { 154 return srtp_err_status_bad_param; 155 } 156 157 ctx = (srtp_aes_icm_ctx_t *)c->state; 158 if (ctx) { 159 /* zeroize the key material */ 160 octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t)); 161 srtp_crypto_free(ctx); 162 } 163 164 /* free the cipher context */ 165 srtp_crypto_free(c); 166 167 return srtp_err_status_ok; 166 168 } 167 169 … … 171 173 * using the value in key[]. 172 174 * 173 * the key is the secret key 175 * the key is the secret key 174 176 * 175 177 * the salt is unpredictable (but not necessarily secret) data which … … 177 179 */ 178 180 179 err_status_t 180 aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key, int key_len) { 181 err_status_t status; 182 int base_key_len, copy_len; 183 184 if (key_len > 16 && key_len < 30) /* Ismacryp */ 185 base_key_len = 16; 186 else if (key_len == 30 || key_len == 38 || key_len == 46) 187 base_key_len = key_len - 14; 188 else 189 return err_status_bad_param; 190 191 /* 192 * set counter and initial values to 'offset' value, being careful not to 193 * go past the end of the key buffer 194 */ 195 v128_set_to_zero(&c->counter); 196 v128_set_to_zero(&c->offset); 197 198 copy_len = key_len - base_key_len; 199 /* force last two octets of the offset to be left zero (for srtp compatibility) */ 200 if (copy_len > 14) 201 copy_len = 14; 202 203 memcpy(&c->counter, key + base_key_len, copy_len); 204 memcpy(&c->offset, key + base_key_len, copy_len); 205 206 debug_print(mod_aes_icm, 207 "key: %s", octet_string_hex_string(key, base_key_len)); 208 debug_print(mod_aes_icm, 209 "offset: %s", v128_hex_string(&c->offset)); 210 211 /* expand key */ 212 status = aes_expand_encryption_key(key, base_key_len, &c->expanded_key); 213 if (status) { 181 static srtp_err_status_t srtp_aes_icm_context_init (void *cv, const uint8_t *key) 182 { 183 srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; 184 srtp_err_status_t status; 185 int base_key_len, copy_len; 186 187 if (c->key_size == SRTP_AES_ICM_128_KEY_LEN_WSALT || c->key_size == SRTP_AES_ICM_256_KEY_LEN_WSALT) { 188 base_key_len = c->key_size - SRTP_SALT_LEN; 189 } else{ 190 return srtp_err_status_bad_param; 191 } 192 193 /* 194 * set counter and initial values to 'offset' value, being careful not to 195 * go past the end of the key buffer 196 */ 214 197 v128_set_to_zero(&c->counter); 215 198 v128_set_to_zero(&c->offset); 216 return status; 217 } 218 219 /* indicate that the keystream_buffer is empty */ 220 c->bytes_in_buffer = 0; 221 222 return err_status_ok; 223 } 224 225 /* 226 * aes_icm_set_octet(c, i) sets the counter of the context which it is 227 * passed so that the next octet of keystream that will be generated 228 * is the ith octet 229 */ 230 231 err_status_t 232 aes_icm_set_octet(aes_icm_ctx_t *c, 233 uint64_t octet_num) { 234 235 #ifdef NO_64BIT_MATH 236 int tail_num = low32(octet_num) & 0x0f; 237 /* 64-bit right-shift 4 */ 238 uint64_t block_num = make64(high32(octet_num) >> 4, 239 ((high32(octet_num) & 0x0f)<<(32-4)) | 240 (low32(octet_num) >> 4)); 241 #else 242 int tail_num = (int)(octet_num % 16); 243 uint64_t block_num = octet_num / 16; 244 #endif 245 246 247 /* set counter value */ 248 /* FIX - There's no way this is correct */ 249 c->counter.v64[0] = c->offset.v64[0]; 250 #ifdef NO_64BIT_MATH 251 c->counter.v64[0] = make64(high32(c->offset.v64[0]) ^ high32(block_num), 252 low32(c->offset.v64[0]) ^ low32(block_num)); 253 #else 254 c->counter.v64[0] = c->offset.v64[0] ^ block_num; 255 #endif 256 257 debug_print(mod_aes_icm, 258 "set_octet: %s", v128_hex_string(&c->counter)); 259 260 /* fill keystream buffer, if needed */ 261 if (tail_num) { 262 v128_copy(&c->keystream_buffer, &c->counter); 263 aes_encrypt(&c->keystream_buffer, &c->expanded_key); 264 c->bytes_in_buffer = sizeof(v128_t); 265 266 debug_print(mod_aes_icm, "counter: %s", 267 v128_hex_string(&c->counter)); 268 debug_print(mod_aes_icm, "ciphertext: %s", 269 v128_hex_string(&c->keystream_buffer)); 270 271 /* indicate number of bytes in keystream_buffer */ 272 c->bytes_in_buffer = sizeof(v128_t) - tail_num; 273 274 } else { 275 276 /* indicate that keystream_buffer is empty */ 199 200 copy_len = c->key_size - base_key_len; 201 /* force last two octets of the offset to be left zero (for srtp compatibility) */ 202 if (copy_len > SRTP_SALT_LEN) { 203 copy_len = SRTP_SALT_LEN; 204 } 205 206 memcpy(&c->counter, key + base_key_len, copy_len); 207 memcpy(&c->offset, key + base_key_len, copy_len); 208 209 debug_print(srtp_mod_aes_icm, 210 "key: %s", srtp_octet_string_hex_string(key, base_key_len)); 211 debug_print(srtp_mod_aes_icm, 212 "offset: %s", v128_hex_string(&c->offset)); 213 214 /* expand key */ 215 status = srtp_aes_expand_encryption_key(key, base_key_len, &c->expanded_key); 216 if (status) { 217 v128_set_to_zero(&c->counter); 218 v128_set_to_zero(&c->offset); 219 return status; 220 } 221 222 /* indicate that the keystream_buffer is empty */ 277 223 c->bytes_in_buffer = 0; 278 } 279 280 return err_status_ok; 224 225 return srtp_err_status_ok; 281 226 } 282 227 … … 286 231 */ 287 232 288 err_status_t 289 aes_icm_set_iv(aes_icm_ctx_t *c, void *iv, int direction) { 290 v128_t nonce; 291 292 /* set nonce (for alignment) */ 293 v128_copy_octet_string(&nonce, iv); 294 295 debug_print(mod_aes_icm, 296 "setting iv: %s", v128_hex_string(&nonce)); 297 298 v128_xor(&c->counter, &c->offset, &nonce); 299 300 debug_print(mod_aes_icm, 301 "set_counter: %s", v128_hex_string(&c->counter)); 302 303 /* indicate that the keystream_buffer is empty */ 304 c->bytes_in_buffer = 0; 305 306 return err_status_ok; 233 static srtp_err_status_t srtp_aes_icm_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t direction) 234 { 235 srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; 236 v128_t nonce; 237 238 /* set nonce (for alignment) */ 239 v128_copy_octet_string(&nonce, iv); 240 241 debug_print(srtp_mod_aes_icm, 242 "setting iv: %s", v128_hex_string(&nonce)); 243 244 v128_xor(&c->counter, &c->offset, &nonce); 245 246 debug_print(srtp_mod_aes_icm, 247 "set_counter: %s", v128_hex_string(&c->counter)); 248 249 /* indicate that the keystream_buffer is empty */ 250 c->bytes_in_buffer = 0; 251 252 return srtp_err_status_ok; 307 253 } 308 254 … … 315 261 * this is an internal, hopefully inlined function 316 262 */ 317 318 static inline void 319 aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) { 320 /* fill buffer with new keystream */ 321 v128_copy(&c->keystream_buffer, &c->counter); 322 aes_encrypt(&c->keystream_buffer, &c->expanded_key); 323 c->bytes_in_buffer = sizeof(v128_t); 324 325 debug_print(mod_aes_icm, "counter: %s", 326 v128_hex_string(&c->counter)); 327 debug_print(mod_aes_icm, "ciphertext: %s", 328 v128_hex_string(&c->keystream_buffer)); 329 330 /* clock counter forward */ 331 332 if (forIsmacryp) { 333 uint32_t temp; 334 //alex's clock counter forward 335 temp = ntohl(c->counter.v32[3]); 336 ++temp; 337 c->counter.v32[3] = htonl(temp); 338 } else { 339 if (!++(c->counter.v8[15])) 340 ++(c->counter.v8[14]); 341 } 263 static void srtp_aes_icm_advance (srtp_aes_icm_ctx_t *c) 264 { 265 /* fill buffer with new keystream */ 266 v128_copy(&c->keystream_buffer, &c->counter); 267 srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key); 268 c->bytes_in_buffer = sizeof(v128_t); 269 270 debug_print(srtp_mod_aes_icm, "counter: %s", 271 v128_hex_string(&c->counter)); 272 debug_print(srtp_mod_aes_icm, "ciphertext: %s", 273 v128_hex_string(&c->keystream_buffer)); 274 275 /* clock counter forward */ 276 if (!++(c->counter.v8[15])) { 277 ++(c->counter.v8[14]); 278 } 342 279 } 343 280 … … 352 289 * - loop over blocks, filling keystream_buffer and then 353 290 * adding keystream into data 354 * - fill buffer then add in remaining (< 16) bytes of keystream 355 */ 356 357 err_status_t 358 aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c, 359 unsigned char *buf, unsigned int *enc_len, 360 int forIsmacryp) { 361 unsigned int bytes_to_encr = *enc_len; 362 unsigned int i; 363 uint32_t *b; 364 365 /* check that there's enough segment left but not for ismacryp*/ 366 if (!forIsmacryp && (bytes_to_encr + htons(c->counter.v16[7])) > 0xffff) 367 return err_status_terminus; 368 369 debug_print(mod_aes_icm, "block index: %d", 370 htons(c->counter.v16[7])); 371 if (bytes_to_encr <= (unsigned int)c->bytes_in_buffer) { 372 373 /* deal with odd case of small bytes_to_encr */ 374 for (i = (sizeof(v128_t) - c->bytes_in_buffer); 375 i < (sizeof(v128_t) - c->bytes_in_buffer + bytes_to_encr); i++) 376 { 377 *buf++ ^= c->keystream_buffer.v8[i]; 378 } 379 380 c->bytes_in_buffer -= bytes_to_encr; 381 382 /* return now to avoid the main loop */ 383 return err_status_ok; 384 385 } else { 386 387 /* encrypt bytes until the remaining data is 16-byte aligned */ 388 for (i=(sizeof(v128_t) - c->bytes_in_buffer); i < sizeof(v128_t); i++) 389 *buf++ ^= c->keystream_buffer.v8[i]; 390 391 bytes_to_encr -= c->bytes_in_buffer; 392 c->bytes_in_buffer = 0; 393 394 } 395 396 /* now loop over entire 16-byte blocks of keystream */ 397 for (i=0; i < (bytes_to_encr/sizeof(v128_t)); i++) { 398 399 /* fill buffer with new keystream */ 400 aes_icm_advance_ismacryp(c, forIsmacryp); 401 402 /* 403 * add keystream into the data buffer (this would be a lot faster 404 * if we could assume 32-bit alignment!) 405 */ 291 * - fill buffer then add in remaining (< 16) bytes of keystream 292 */ 293 294 static srtp_err_status_t srtp_aes_icm_encrypt (void *cv, 295 unsigned char *buf, unsigned int *enc_len) 296 { 297 srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t*)cv; 298 unsigned int bytes_to_encr = *enc_len; 299 unsigned int i; 300 uint32_t *b; 301 302 /* check that there's enough segment left*/ 303 if ((bytes_to_encr + htons(c->counter.v16[7])) > 0xffff) { 304 return srtp_err_status_terminus; 305 } 306 307 debug_print(srtp_mod_aes_icm, "block index: %d", 308 htons(c->counter.v16[7])); 309 if (bytes_to_encr <= (unsigned int)c->bytes_in_buffer) { 310 311 /* deal with odd case of small bytes_to_encr */ 312 for (i = (sizeof(v128_t) - c->bytes_in_buffer); 313 i < (sizeof(v128_t) - c->bytes_in_buffer + bytes_to_encr); i++) { 314 *buf++ ^= c->keystream_buffer.v8[i]; 315 } 316 317 c->bytes_in_buffer -= bytes_to_encr; 318 319 /* return now to avoid the main loop */ 320 return srtp_err_status_ok; 321 322 } else { 323 324 /* encrypt bytes until the remaining data is 16-byte aligned */ 325 for (i = (sizeof(v128_t) - c->bytes_in_buffer); i < sizeof(v128_t); i++) { 326 *buf++ ^= c->keystream_buffer.v8[i]; 327 } 328 329 bytes_to_encr -= c->bytes_in_buffer; 330 c->bytes_in_buffer = 0; 331 332 } 333 334 /* now loop over entire 16-byte blocks of keystream */ 335 for (i = 0; i < (bytes_to_encr / sizeof(v128_t)); i++) { 336 337 /* fill buffer with new keystream */ 338 srtp_aes_icm_advance(c); 339 340 /* 341 * add keystream into the data buffer (this would be a lot faster 342 * if we could assume 32-bit alignment!) 343 */ 406 344 407 345 #if ALIGN_32 408 b = (uint32_t *)buf; 409 *b++ ^= c->keystream_buffer.v32[0]; 410 *b++ ^= c->keystream_buffer.v32[1]; 411 *b++ ^= c->keystream_buffer.v32[2]; 412 *b++ ^= c->keystream_buffer.v32[3]; 413 buf = (uint8_t *)b; 414 #else 415 if ((((unsigned long) buf) & 0x03) != 0) { 416 *buf++ ^= c->keystream_buffer.v8[0]; 417 *buf++ ^= c->keystream_buffer.v8[1]; 418 *buf++ ^= c->keystream_buffer.v8[2]; 419 *buf++ ^= c->keystream_buffer.v8[3]; 420 *buf++ ^= c->keystream_buffer.v8[4]; 421 *buf++ ^= c->keystream_buffer.v8[5]; 422 *buf++ ^= c->keystream_buffer.v8[6]; 423 *buf++ ^= c->keystream_buffer.v8[7]; 424 *buf++ ^= c->keystream_buffer.v8[8]; 425 *buf++ ^= c->keystream_buffer.v8[9]; 426 *buf++ ^= c->keystream_buffer.v8[10]; 427 *buf++ ^= c->keystream_buffer.v8[11]; 428 *buf++ ^= c->keystream_buffer.v8[12]; 429 *buf++ ^= c->keystream_buffer.v8[13]; 430 *buf++ ^= c->keystream_buffer.v8[14]; 431 *buf++ ^= c->keystream_buffer.v8[15]; 346 b = (uint32_t*)buf; 347 *b++ ^= c->keystream_buffer.v32[0]; 348 *b++ ^= c->keystream_buffer.v32[1]; 349 *b++ ^= c->keystream_buffer.v32[2]; 350 *b++ ^= c->keystream_buffer.v32[3]; 351 buf = (uint8_t*)b; 352 #else 353 if ((((unsigned long)buf) & 0x03) != 0) { 354 *buf++ ^= c->keystream_buffer.v8[0]; 355 *buf++ ^= c->keystream_buffer.v8[1]; 356 *buf++ ^= c->keystream_buffer.v8[2]; 357 *buf++ ^= c->keystream_buffer.v8[3]; 358 *buf++ ^= c->keystream_buffer.v8[4]; 359 *buf++ ^= c->keystream_buffer.v8[5]; 360 *buf++ ^= c->keystream_buffer.v8[6]; 361 *buf++ ^= c->keystream_buffer.v8[7]; 362 *buf++ ^= c->keystream_buffer.v8[8]; 363 *buf++ ^= c->keystream_buffer.v8[9]; 364 *buf++ ^= c->keystream_buffer.v8[10]; 365 *buf++ ^= c->keystream_buffer.v8[11]; 366 *buf++ ^= c->keystream_buffer.v8[12]; 367 *buf++ ^= c->keystream_buffer.v8[13]; 368 *buf++ ^= c->keystream_buffer.v8[14]; 369 *buf++ ^= c->keystream_buffer.v8[15]; 370 } else { 371 b = (uint32_t*)buf; 372 *b++ ^= c->keystream_buffer.v32[0]; 373 *b++ ^= c->keystream_buffer.v32[1]; 374 *b++ ^= c->keystream_buffer.v32[2]; 375 *b++ ^= c->keystream_buffer.v32[3]; 376 buf = (uint8_t*)b; 377 } 378 #endif /* #if ALIGN_32 */ 379 380 } 381 382 /* if there is a tail end of the data, process it */ 383 if ((bytes_to_encr & 0xf) != 0) { 384 385 /* fill buffer with new keystream */ 386 srtp_aes_icm_advance(c); 387 388 for (i = 0; i < (bytes_to_encr & 0xf); i++) { 389 *buf++ ^= c->keystream_buffer.v8[i]; 390 } 391 392 /* reset the keystream buffer size to right value */ 393 c->bytes_in_buffer = sizeof(v128_t) - i; 432 394 } else { 433 b = (uint32_t *)buf; 434 *b++ ^= c->keystream_buffer.v32[0]; 435 *b++ ^= c->keystream_buffer.v32[1]; 436 *b++ ^= c->keystream_buffer.v32[2]; 437 *b++ ^= c->keystream_buffer.v32[3]; 438 buf = (uint8_t *)b; 439 } 440 #endif /* #if ALIGN_32 */ 441 442 } 443 444 /* if there is a tail end of the data, process it */ 445 if ((bytes_to_encr & 0xf) != 0) { 446 447 /* fill buffer with new keystream */ 448 aes_icm_advance_ismacryp(c, forIsmacryp); 449 450 for (i=0; i < (bytes_to_encr & 0xf); i++) 451 *buf++ ^= c->keystream_buffer.v8[i]; 452 453 /* reset the keystream buffer size to right value */ 454 c->bytes_in_buffer = sizeof(v128_t) - i; 455 } else { 456 457 /* no tail, so just reset the keystream buffer size to zero */ 458 c->bytes_in_buffer = 0; 459 460 } 461 462 return err_status_ok; 395 396 /* no tail, so just reset the keystream buffer size to zero */ 397 c->bytes_in_buffer = 0; 398 399 } 400 401 return srtp_err_status_ok; 463 402 } 464 403 465 err_status_t 466 aes_icm_encrypt(aes_icm_ctx_t *c, unsigned char *buf, unsigned int *enc_len) { 467 return aes_icm_encrypt_ismacryp(c, buf, enc_len, 0); 468 } 469 470 err_status_t 471 aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, unsigned int num_octets_to_output) { 472 unsigned int len = num_octets_to_output; 473 474 /* zeroize the buffer */ 475 octet_string_set_to_zero(buffer, num_octets_to_output); 476 477 /* exor keystream into buffer */ 478 return aes_icm_encrypt(c, buffer, &len); 479 } 480 481 uint16_t 482 aes_icm_bytes_encrypted(aes_icm_ctx_t *c) { 483 return htons(c->counter.v16[7]); 484 } 485 486 char 487 aes_icm_description[] = "aes integer counter mode"; 488 489 uint8_t aes_icm_test_case_0_key[30] = { 490 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 491 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, 492 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 493 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd 494 }; 495 496 uint8_t aes_icm_test_case_0_nonce[16] = { 497 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 498 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 499 }; 500 501 uint8_t aes_icm_test_case_0_plaintext[32] = { 502 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 503 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 504 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 505 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 506 }; 507 508 uint8_t aes_icm_test_case_0_ciphertext[32] = { 509 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, 510 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, 511 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, 512 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab 513 }; 514 515 cipher_test_case_t aes_icm_test_case_0 = { 516 30, /* octets in key */ 517 aes_icm_test_case_0_key, /* key */ 518 aes_icm_test_case_0_nonce, /* packet index */ 519 32, /* octets in plaintext */ 520 aes_icm_test_case_0_plaintext, /* plaintext */ 521 32, /* octets in ciphertext */ 522 aes_icm_test_case_0_ciphertext, /* ciphertext */ 523 0, 524 NULL, 525 0, 526 NULL /* pointer to next testcase */ 527 }; 528 529 uint8_t aes_icm_test_case_1_key[46] = { 530 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, 531 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, 532 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82, 533 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98, 534 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 535 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd 536 }; 537 538 uint8_t aes_icm_test_case_1_nonce[16] = { 539 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 540 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 541 }; 542 543 uint8_t aes_icm_test_case_1_plaintext[32] = { 544 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 545 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 546 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 547 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 548 }; 549 550 uint8_t aes_icm_test_case_1_ciphertext[32] = { 551 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, 552 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, 553 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, 554 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac 555 }; 556 557 cipher_test_case_t aes_icm_test_case_1 = { 558 46, /* octets in key */ 559 aes_icm_test_case_1_key, /* key */ 560 aes_icm_test_case_1_nonce, /* packet index */ 561 32, /* octets in plaintext */ 562 aes_icm_test_case_1_plaintext, /* plaintext */ 563 32, /* octets in ciphertext */ 564 aes_icm_test_case_1_ciphertext, /* ciphertext */ 565 0, 566 NULL, 567 0, 568 &aes_icm_test_case_0 /* pointer to next testcase */ 404 static const char srtp_aes_icm_128_description[] = "AES-128 integer counter mode"; 405 static const char srtp_aes_icm_256_description[] = "AES-256 integer counter mode"; 406 407 static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = { 408 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 409 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, 410 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 411 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd 412 }; 413 414 static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = { 415 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 416 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 417 }; 418 419 static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = { 420 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 421 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 422 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 423 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 424 }; 425 426 static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = { 427 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, 428 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, 429 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, 430 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab 431 }; 432 433 static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = { 434 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */ 435 srtp_aes_icm_128_test_case_0_key, /* key */ 436 srtp_aes_icm_128_test_case_0_nonce, /* packet index */ 437 32, /* octets in plaintext */ 438 srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */ 439 32, /* octets in ciphertext */ 440 srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */ 441 0, 442 NULL, 443 0, 444 NULL /* pointer to next testcase */ 445 }; 446 447 static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = { 448 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, 449 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, 450 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82, 451 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98, 452 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 453 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd 454 }; 455 456 static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = { 457 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 458 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 459 }; 460 461 static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = { 462 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 463 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 464 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 465 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 466 }; 467 468 static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = { 469 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, 470 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, 471 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, 472 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac 473 }; 474 475 static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = { 476 SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */ 477 srtp_aes_icm_256_test_case_0_key, /* key */ 478 srtp_aes_icm_256_test_case_0_nonce, /* packet index */ 479 32, /* octets in plaintext */ 480 srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */ 481 32, /* octets in ciphertext */ 482 srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */ 483 0, 484 NULL, 485 0, 486 NULL, /* pointer to next testcase */ 569 487 }; 570 488 … … 575 493 */ 576 494 577 cipher_type_t aes_icm = { 578 (cipher_alloc_func_t) aes_icm_alloc, 579 (cipher_dealloc_func_t) aes_icm_dealloc, 580 (cipher_init_func_t) aes_icm_context_init, 581 (cipher_set_aad_func_t) 0, 582 (cipher_encrypt_func_t) aes_icm_encrypt, 583 (cipher_decrypt_func_t) aes_icm_encrypt, 584 (cipher_set_iv_func_t) aes_icm_set_iv, 585 (cipher_get_tag_func_t) 0, 586 (char *) aes_icm_description, 587 (int) 0, /* instance count */ 588 (cipher_test_case_t *) &aes_icm_test_case_1, 589 (debug_module_t *) &mod_aes_icm, 590 (cipher_type_id_t) AES_ICM 591 }; 592 495 const srtp_cipher_type_t srtp_aes_icm_128 = { 496 srtp_aes_icm_alloc, 497 srtp_aes_icm_dealloc, 498 srtp_aes_icm_context_init, 499 0, /* set_aad */ 500 srtp_aes_icm_encrypt, 501 srtp_aes_icm_encrypt, 502 srtp_aes_icm_set_iv, 503 0, /* get_tag */ 504 srtp_aes_icm_128_description, 505 &srtp_aes_icm_128_test_case_0, 506 SRTP_AES_ICM_128 507 }; 508 509 const srtp_cipher_type_t srtp_aes_icm_256 = { 510 srtp_aes_icm_alloc, 511 srtp_aes_icm_dealloc, 512 srtp_aes_icm_context_init, 513 0, /* set_aad */ 514 srtp_aes_icm_encrypt, 515 srtp_aes_icm_encrypt, 516 srtp_aes_icm_set_iv, 517 0, /* get_tag */ 518 srtp_aes_icm_256_description, 519 &srtp_aes_icm_256_test_case_0, 520 SRTP_AES_ICM_256 521 }; -
pjproject/trunk/third_party/srtp/crypto/cipher/aes_icm_ossl.c
r5261 r5614 15 15 /* 16 16 * 17 * Copyright (c) 2013 , Cisco Systems, Inc.17 * Copyright (c) 2013-2017, Cisco Systems, Inc. 18 18 * All rights reserved. 19 19 * … … 56 56 #include "aes_icm_ossl.h" 57 57 #include "crypto_types.h" 58 #include "err.h" /* for srtp_debug */ 58 59 #include "alloc.h" 59 #include "crypto_types.h" 60 61 62 debug_module_t mod_aes_icm = { 60 61 62 srtp_debug_module_t srtp_mod_aes_icm = { 63 63 0, /* debugging is off by default */ 64 64 "aes icm ossl" /* printable module name */ 65 65 }; 66 extern cipher_test_case_t aes_icm_test_case_0; 67 extern cipher_type_t aes_icm; 68 #ifndef SRTP_NO_AES192 69 extern cipher_type_t aes_icm_192; 70 #endif 71 extern cipher_type_t aes_icm_256; 66 extern const srtp_cipher_type_t srtp_aes_icm_128; 67 extern const srtp_cipher_type_t srtp_aes_icm_192; 68 extern const srtp_cipher_type_t srtp_aes_icm_256; 72 69 73 70 /* … … 113 110 * isn't used in counter mode. 114 111 */ 115 err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)112 static srtp_err_status_t srtp_aes_icm_openssl_alloc (srtp_cipher_t **c, int key_len, int tlen) 116 113 { 117 aes_icm_ctx_t *icm; 118 int tmp; 119 uint8_t *allptr; 120 121 debug_print(mod_aes_icm, "allocating cipher with key length %d", key_len); 114 srtp_aes_icm_ctx_t *icm; 115 116 debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d", key_len); 122 117 123 118 /* 124 119 * Verify the key_len is valid for one of: AES-128/192/256 125 120 */ 126 if (key_len != AES_128_KEYSIZE_WSALT && 127 #ifndef SRTP_NO_AES192 128 key_len != AES_192_KEYSIZE_WSALT && 129 #endif 130 key_len != AES_256_KEYSIZE_WSALT) { 131 return err_status_bad_param; 121 if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT && key_len != SRTP_AES_ICM_192_KEY_LEN_WSALT && 122 key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) { 123 return srtp_err_status_bad_param; 132 124 } 133 125 134 126 /* allocate memory a cipher of type aes_icm */ 135 tmp = sizeof(cipher_t) + sizeof(aes_icm_ctx_t); 136 allptr = (uint8_t*)crypto_alloc(tmp); 137 if (allptr == NULL) { 138 return err_status_alloc_fail; 127 *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); 128 if (*c == NULL) { 129 return srtp_err_status_alloc_fail; 130 } 131 memset(*c, 0x0, sizeof(srtp_cipher_t)); 132 133 icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t)); 134 if (icm == NULL) { 135 srtp_crypto_free(*c); 136 *c = NULL; 137 return srtp_err_status_alloc_fail; 138 } 139 memset(icm, 0x0, sizeof(srtp_aes_icm_ctx_t)); 140 141 icm->ctx = EVP_CIPHER_CTX_new(); 142 if (icm->ctx == NULL) { 143 srtp_crypto_free(icm); 144 srtp_crypto_free(*c); 145 *c = NULL; 146 return srtp_err_status_alloc_fail; 139 147 } 140 148 141 149 /* set pointers */ 142 *c = (cipher_t*)allptr; 143 (*c)->state = allptr + sizeof(cipher_t); 144 icm = (aes_icm_ctx_t*)(*c)->state; 145 146 /* increment ref_count */ 150 (*c)->state = icm; 151 152 /* setup cipher parameters */ 147 153 switch (key_len) { 148 case AES_128_KEYSIZE_WSALT: 149 (*c)->algorithm = AES_128_ICM; 150 (*c)->type = &aes_icm; 151 aes_icm.ref_count++; 152 ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE; 153 break; 154 #ifndef SRTP_NO_AES192 155 case AES_192_KEYSIZE_WSALT: 156 (*c)->algorithm = AES_192_ICM; 157 (*c)->type = &aes_icm_192; 158 aes_icm_192.ref_count++; 159 ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_192_KEYSIZE; 160 break; 161 #endif 162 case AES_256_KEYSIZE_WSALT: 163 (*c)->algorithm = AES_256_ICM; 164 (*c)->type = &aes_icm_256; 165 aes_icm_256.ref_count++; 166 ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE; 154 case SRTP_AES_ICM_128_KEY_LEN_WSALT: 155 (*c)->algorithm = SRTP_AES_ICM_128; 156 (*c)->type = &srtp_aes_icm_128; 157 icm->key_size = SRTP_AES_128_KEY_LEN; 158 break; 159 case SRTP_AES_ICM_192_KEY_LEN_WSALT: 160 (*c)->algorithm = SRTP_AES_ICM_192; 161 (*c)->type = &srtp_aes_icm_192; 162 icm->key_size = SRTP_AES_192_KEY_LEN; 163 break; 164 case SRTP_AES_ICM_256_KEY_LEN_WSALT: 165 (*c)->algorithm = SRTP_AES_ICM_256; 166 (*c)->type = &srtp_aes_icm_256; 167 icm->key_size = SRTP_AES_256_KEY_LEN; 167 168 break; 168 169 } … … 170 171 /* set key size */ 171 172 (*c)->key_len = key_len; 172 EVP_CIPHER_CTX_init(&icm->ctx); 173 174 return err_status_ok; 173 174 return srtp_err_status_ok; 175 175 } 176 176 … … 179 179 * This function deallocates an instance of this engine 180 180 */ 181 err_status_t aes_icm_openssl_dealloc (cipher_t *c)181 static srtp_err_status_t srtp_aes_icm_openssl_dealloc (srtp_cipher_t *c) 182 182 { 183 aes_icm_ctx_t *ctx;183 srtp_aes_icm_ctx_t *ctx; 184 184 185 185 if (c == NULL) { 186 return err_status_bad_param;186 return srtp_err_status_bad_param; 187 187 } 188 188 … … 190 190 * Free the EVP context 191 191 */ 192 ctx = ( aes_icm_ctx_t*)c->state;192 ctx = (srtp_aes_icm_ctx_t*)c->state; 193 193 if (ctx != NULL) { 194 EVP_CIPHER_CTX_cleanup(&ctx->ctx); 195 /* decrement ref_count for the appropriate engine */ 196 switch (ctx->key_size) { 197 case AES_256_KEYSIZE: 198 aes_icm_256.ref_count--; 199 break; 200 #ifndef SRTP_NO_AES192 201 case AES_192_KEYSIZE: 202 aes_icm_192.ref_count--; 203 break; 204 #endif 205 case AES_128_KEYSIZE: 206 aes_icm.ref_count--; 207 break; 208 default: 209 return err_status_dealloc_fail; 210 break; 211 } 212 } 213 214 /* zeroize entire state*/ 215 octet_string_set_to_zero((uint8_t*)c, 216 sizeof(cipher_t) + sizeof(aes_icm_ctx_t)); 194 EVP_CIPHER_CTX_free(ctx->ctx); 195 /* zeroize the key material */ 196 octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t)); 197 srtp_crypto_free(ctx); 198 } 217 199 218 200 /* free memory */ 219 crypto_free(c);220 221 return err_status_ok;201 srtp_crypto_free(c); 202 203 return srtp_err_status_ok; 222 204 } 223 205 … … 231 213 * randomizes the starting point in the keystream 232 214 */ 233 err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key, int len)215 static srtp_err_status_t srtp_aes_icm_openssl_context_init (void* cv, const uint8_t *key) 234 216 { 217 srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; 218 const EVP_CIPHER *evp; 219 235 220 /* 236 221 * set counter and initial values to 'offset' value, being careful not to 237 222 * go past the end of the key buffer 238 223 */ 239 240 if (c->key_size + SALT_SIZE != len)241 return err_status_bad_param;242 243 224 v128_set_to_zero(&c->counter); 244 225 v128_set_to_zero(&c->offset); 245 memcpy(&c->counter, key + c->key_size, S ALT_SIZE);246 memcpy(&c->offset, key + c->key_size, S ALT_SIZE);226 memcpy(&c->counter, key + c->key_size, SRTP_SALT_LEN); 227 memcpy(&c->offset, key + c->key_size, SRTP_SALT_LEN); 247 228 248 229 /* force last two octets of the offset to zero (for srtp compatibility) */ 249 c->offset.v8[SALT_SIZE] = c->offset.v8[SALT_SIZE + 1] = 0; 250 c->counter.v8[SALT_SIZE] = c->counter.v8[SALT_SIZE + 1] = 0; 251 252 /* copy key to be used later when CiscoSSL crypto context is created */ 253 v128_copy_octet_string((v128_t*)&c->key, key); 254 255 /* if the key is greater than 16 bytes, copy the second 256 * half. Note, we treat AES-192 and AES-256 the same here 257 * for simplicity. The storage location receiving the 258 * key is statically allocated to handle a full 32 byte key 259 * regardless of the cipher in use. 260 */ 261 if (c->key_size == AES_256_KEYSIZE 262 #ifndef SRTP_NO_AES192 263 || c->key_size == AES_192_KEYSIZE 264 #endif 265 ) { 266 debug_print(mod_aes_icm, "Copying last 16 bytes of key: %s", 267 v128_hex_string((v128_t*)(key + AES_128_KEYSIZE))); 268 v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, key + AES_128_KEYSIZE); 269 } 270 271 debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key)); 272 debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); 273 274 EVP_CIPHER_CTX_cleanup(&c->ctx); 275 276 return err_status_ok; 230 c->offset.v8[SRTP_SALT_LEN] = c->offset.v8[SRTP_SALT_LEN + 1] = 0; 231 c->counter.v8[SRTP_SALT_LEN] = c->counter.v8[SRTP_SALT_LEN + 1] = 0; 232 233 debug_print(srtp_mod_aes_icm, "key: %s", srtp_octet_string_hex_string(key, c->key_size)); 234 debug_print(srtp_mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); 235 236 switch (c->key_size) { 237 case SRTP_AES_256_KEY_LEN: 238 evp = EVP_aes_256_ctr(); 239 break; 240 case SRTP_AES_192_KEY_LEN: 241 evp = EVP_aes_192_ctr(); 242 break; 243 case SRTP_AES_128_KEY_LEN: 244 evp = EVP_aes_128_ctr(); 245 break; 246 default: 247 return srtp_err_status_bad_param; 248 break; 249 } 250 251 if (!EVP_EncryptInit_ex(c->ctx, evp, 252 NULL, key, NULL)) { 253 return srtp_err_status_fail; 254 } else { 255 return srtp_err_status_ok; 256 } 257 258 return srtp_err_status_ok; 277 259 } 278 260 … … 282 264 * the offset 283 265 */ 284 err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)266 static srtp_err_status_t srtp_aes_icm_openssl_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t dir) 285 267 { 286 const EVP_CIPHER *evp;268 srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; 287 269 v128_t nonce; 288 270 … … 290 272 v128_copy_octet_string(&nonce, iv); 291 273 292 debug_print( mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce));274 debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce)); 293 275 294 276 v128_xor(&c->counter, &c->offset, &nonce); 295 277 296 debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter)); 297 298 switch (c->key_size) { 299 case AES_256_KEYSIZE: 300 evp = EVP_aes_256_ctr(); 301 break; 302 #ifndef SRTP_NO_AES192 303 case AES_192_KEYSIZE: 304 evp = EVP_aes_192_ctr(); 305 break; 306 #endif 307 case AES_128_KEYSIZE: 308 evp = EVP_aes_128_ctr(); 309 break; 310 default: 311 return err_status_bad_param; 312 break; 313 } 314 315 if (!EVP_EncryptInit_ex(&c->ctx, evp, 316 NULL, c->key.v8, c->counter.v8)) { 317 return err_status_fail; 278 debug_print(srtp_mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter)); 279 280 if (!EVP_EncryptInit_ex(c->ctx, NULL, 281 NULL, NULL, c->counter.v8)) { 282 return srtp_err_status_fail; 318 283 } else { 319 return err_status_ok;284 return srtp_err_status_ok; 320 285 } 321 286 } … … 329 294 * enc_len length of encrypt buffer 330 295 */ 331 err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsigned int *enc_len)296 static srtp_err_status_t srtp_aes_icm_openssl_encrypt (void *cv, unsigned char *buf, unsigned int *enc_len) 332 297 { 298 srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; 333 299 int len = 0; 334 300 335 debug_print( mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));336 337 if (!EVP_EncryptUpdate( &c->ctx, buf, &len, buf, *enc_len)) {338 return err_status_cipher_fail;301 debug_print(srtp_mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter)); 302 303 if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) { 304 return srtp_err_status_cipher_fail; 339 305 } 340 306 *enc_len = len; 341 307 342 if (!EVP_EncryptFinal_ex( &c->ctx, buf, &len)) {343 return err_status_cipher_fail;308 if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) { 309 return srtp_err_status_cipher_fail; 344 310 } 345 311 *enc_len += len; 346 312 347 return err_status_ok;313 return srtp_err_status_ok; 348 314 } 349 315 350 uint16_t aes_icm_bytes_encrypted(aes_icm_ctx_t *c)351 {352 return htons(c->counter.v16[7]);353 }354 355 316 /* 356 317 * Name of this crypto engine 357 318 */ 358 char aes_icm_openssl_description[] = "AES-128 counter mode using openssl"; 359 #ifndef SRTP_NO_AES192 360 char aes_icm_192_openssl_description[] = "AES-192 counter mode using openssl"; 361 #endif 362 char aes_icm_256_openssl_description[] = "AES-256 counter mode using openssl"; 319 static const char srtp_aes_icm_128_openssl_description[] = "AES-128 counter mode using openssl"; 320 static const char srtp_aes_icm_192_openssl_description[] = "AES-192 counter mode using openssl"; 321 static const char srtp_aes_icm_256_openssl_description[] = "AES-256 counter mode using openssl"; 363 322 364 323 … … 367 326 * values came from the legacy libsrtp code. 368 327 */ 369 uint8_t aes_icm_test_case_0_key[AES_128_KEYSIZE_WSALT] = {328 static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = { 370 329 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 371 330 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, … … 374 333 }; 375 334 376 uint8_t aes_icm_test_case_0_nonce[16] = {335 static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = { 377 336 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 378 337 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 379 338 }; 380 339 381 uint8_t aes_icm_test_case_0_plaintext[32] = {382 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 383 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 384 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 385 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 386 }; 387 388 uint8_t aes_icm_test_case_0_ciphertext[32] = {340 static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = { 341 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 342 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 343 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 344 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 345 }; 346 347 static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = { 389 348 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, 390 349 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, … … 393 352 }; 394 353 395 cipher_test_case_t aes_icm_test_case_0 = {396 AES_128_KEYSIZE_WSALT, /* octets in key */397 aes_icm_test_case_0_key, /* key */398 aes_icm_test_case_0_nonce, /* packet index */354 static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = { 355 SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */ 356 srtp_aes_icm_128_test_case_0_key, /* key */ 357 srtp_aes_icm_128_test_case_0_nonce, /* packet index */ 399 358 32, /* octets in plaintext */ 400 aes_icm_test_case_0_plaintext, /* plaintext */359 srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */ 401 360 32, /* octets in ciphertext */ 402 aes_icm_test_case_0_ciphertext, /* ciphertext */361 srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */ 403 362 0, 404 363 NULL, … … 407 366 }; 408 367 409 #ifndef SRTP_NO_AES192410 368 /* 411 369 * KAT values for AES-192-CTR self-test. These 412 370 * values came from section 7 of RFC 6188. 413 371 */ 414 uint8_t aes_icm_192_test_case_1_key[AES_192_KEYSIZE_WSALT] = {372 static const uint8_t srtp_aes_icm_192_test_case_0_key[SRTP_AES_ICM_192_KEY_LEN_WSALT] = { 415 373 0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d, 416 374 0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21, … … 420 378 }; 421 379 422 uint8_t aes_icm_192_test_case_1_nonce[16] = {380 static uint8_t srtp_aes_icm_192_test_case_0_nonce[16] = { 423 381 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 424 382 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 425 383 }; 426 384 427 uint8_t aes_icm_192_test_case_1_plaintext[32] = {428 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 429 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 430 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 431 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 432 }; 433 434 uint8_t aes_icm_192_test_case_1_ciphertext[32] = {385 static const uint8_t srtp_aes_icm_192_test_case_0_plaintext[32] = { 386 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 387 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 388 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 389 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 390 }; 391 392 static const uint8_t srtp_aes_icm_192_test_case_0_ciphertext[32] = { 435 393 0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d, 436 394 0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c, … … 439 397 }; 440 398 441 cipher_test_case_t aes_icm_192_test_case_1= {442 AES_192_KEYSIZE_WSALT, /* octets in key */443 aes_icm_192_test_case_1_key, /* key */444 aes_icm_192_test_case_1_nonce, /* packet index */399 static const srtp_cipher_test_case_t srtp_aes_icm_192_test_case_0 = { 400 SRTP_AES_ICM_192_KEY_LEN_WSALT, /* octets in key */ 401 srtp_aes_icm_192_test_case_0_key, /* key */ 402 srtp_aes_icm_192_test_case_0_nonce, /* packet index */ 445 403 32, /* octets in plaintext */ 446 aes_icm_192_test_case_1_plaintext, /* plaintext */404 srtp_aes_icm_192_test_case_0_plaintext, /* plaintext */ 447 405 32, /* octets in ciphertext */ 448 aes_icm_192_test_case_1_ciphertext, /* ciphertext */406 srtp_aes_icm_192_test_case_0_ciphertext, /* ciphertext */ 449 407 0, 450 408 NULL, … … 452 410 NULL /* pointer to next testcase */ 453 411 }; 454 #endif455 412 456 413 /* … … 458 415 * values came from section 7 of RFC 6188. 459 416 */ 460 uint8_t aes_icm_256_test_case_2_key[AES_256_KEYSIZE_WSALT] = {417 static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = { 461 418 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, 462 419 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, … … 467 424 }; 468 425 469 uint8_t aes_icm_256_test_case_2_nonce[16] = {426 static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = { 470 427 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 471 428 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 472 429 }; 473 430 474 uint8_t aes_icm_256_test_case_2_plaintext[32] = {475 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 476 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 477 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 478 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 479 }; 480 481 uint8_t aes_icm_256_test_case_2_ciphertext[32] = {431 static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = { 432 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 433 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 434 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 435 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 436 }; 437 438 static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = { 482 439 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, 483 440 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, … … 486 443 }; 487 444 488 cipher_test_case_t aes_icm_256_test_case_2= {489 AES_256_KEYSIZE_WSALT, /* octets in key */490 aes_icm_256_test_case_2_key, /* key */491 aes_icm_256_test_case_2_nonce, /* packet index */445 static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = { 446 SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */ 447 srtp_aes_icm_256_test_case_0_key, /* key */ 448 srtp_aes_icm_256_test_case_0_nonce, /* packet index */ 492 449 32, /* octets in plaintext */ 493 aes_icm_256_test_case_2_plaintext, /* plaintext */450 srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */ 494 451 32, /* octets in ciphertext */ 495 aes_icm_256_test_case_2_ciphertext, /* ciphertext */452 srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */ 496 453 0, 497 454 NULL, … … 504 461 * note: the encrypt function is identical to the decrypt function 505 462 */ 506 cipher_type_t aes_icm = { 507 (cipher_alloc_func_t) aes_icm_openssl_alloc, 508 (cipher_dealloc_func_t) aes_icm_openssl_dealloc, 509 (cipher_init_func_t) aes_icm_openssl_context_init, 510 (cipher_set_aad_func_t) 0, 511 (cipher_encrypt_func_t) aes_icm_openssl_encrypt, 512 (cipher_decrypt_func_t) aes_icm_openssl_encrypt, 513 (cipher_set_iv_func_t) aes_icm_openssl_set_iv, 514 (cipher_get_tag_func_t) 0, 515 (char*) aes_icm_openssl_description, 516 (int) 0, /* instance count */ 517 (cipher_test_case_t*) &aes_icm_test_case_0, 518 (debug_module_t*) &mod_aes_icm, 519 (cipher_type_id_t) AES_ICM 520 }; 521 522 #ifndef SRTP_NO_AES192 463 const srtp_cipher_type_t srtp_aes_icm_128 = { 464 srtp_aes_icm_openssl_alloc, 465 srtp_aes_icm_openssl_dealloc, 466 srtp_aes_icm_openssl_context_init, 467 0, /* set_aad */ 468 srtp_aes_icm_openssl_encrypt, 469 srtp_aes_icm_openssl_encrypt, 470 srtp_aes_icm_openssl_set_iv, 471 0, /* get_tag */ 472 srtp_aes_icm_128_openssl_description, 473 &srtp_aes_icm_128_test_case_0, 474 SRTP_AES_ICM_128 475 }; 476 523 477 /* 524 478 * This is the function table for this crypto engine. 525 479 * note: the encrypt function is identical to the decrypt function 526 480 */ 527 cipher_type_t aes_icm_192 = { 528 (cipher_alloc_func_t) aes_icm_openssl_alloc, 529 (cipher_dealloc_func_t) aes_icm_openssl_dealloc, 530 (cipher_init_func_t) aes_icm_openssl_context_init, 531 (cipher_set_aad_func_t) 0, 532 (cipher_encrypt_func_t) aes_icm_openssl_encrypt, 533 (cipher_decrypt_func_t) aes_icm_openssl_encrypt, 534 (cipher_set_iv_func_t) aes_icm_openssl_set_iv, 535 (cipher_get_tag_func_t) 0, 536 (char*) aes_icm_192_openssl_description, 537 (int) 0, /* instance count */ 538 (cipher_test_case_t*) &aes_icm_192_test_case_1, 539 (debug_module_t*) &mod_aes_icm, 540 (cipher_type_id_t) AES_192_ICM 541 }; 542 #endif 481 const srtp_cipher_type_t srtp_aes_icm_192 = { 482 srtp_aes_icm_openssl_alloc, 483 srtp_aes_icm_openssl_dealloc, 484 srtp_aes_icm_openssl_context_init, 485 0, /* set_aad */ 486 srtp_aes_icm_openssl_encrypt, 487 srtp_aes_icm_openssl_encrypt, 488 srtp_aes_icm_openssl_set_iv, 489 0, /* get_tag */ 490 srtp_aes_icm_192_openssl_description, 491 &srtp_aes_icm_192_test_case_0, 492 SRTP_AES_ICM_192 493 }; 543 494 544 495 /* … … 546 497 * note: the encrypt function is identical to the decrypt function 547 498 */ 548 cipher_type_t aes_icm_256 = { 549 (cipher_alloc_func_t) aes_icm_openssl_alloc, 550 (cipher_dealloc_func_t) aes_icm_openssl_dealloc, 551 (cipher_init_func_t) aes_icm_openssl_context_init, 552 (cipher_set_aad_func_t) 0, 553 (cipher_encrypt_func_t) aes_icm_openssl_encrypt, 554 (cipher_decrypt_func_t) aes_icm_openssl_encrypt, 555 (cipher_set_iv_func_t) aes_icm_openssl_set_iv, 556 (cipher_get_tag_func_t) 0, 557 (char*) aes_icm_256_openssl_description, 558 (int) 0, /* instance count */ 559 (cipher_test_case_t*) &aes_icm_256_test_case_2, 560 (debug_module_t*) &mod_aes_icm, 561 (cipher_type_id_t) AES_256_ICM 562 }; 563 499 const srtp_cipher_type_t srtp_aes_icm_256 = { 500 srtp_aes_icm_openssl_alloc, 501 srtp_aes_icm_openssl_dealloc, 502 srtp_aes_icm_openssl_context_init, 503 0, /* set_aad */ 504 srtp_aes_icm_openssl_encrypt, 505 srtp_aes_icm_openssl_encrypt, 506 srtp_aes_icm_openssl_set_iv, 507 0, /* get_tag */ 508 srtp_aes_icm_256_openssl_description, 509 &srtp_aes_icm_256_test_case_0, 510 SRTP_AES_ICM_256 511 }; 512 -
pjproject/trunk/third_party/srtp/crypto/cipher/cipher.c
r5261 r5614 6 6 * David A. McGrew 7 7 * Cisco Systems, Inc. 8 * 8 * 9 9 */ 10 10 11 11 /* 12 * 13 * Copyright (c) 2001-20 06,2013Cisco Systems, Inc.12 * 13 * Copyright (c) 2001-2017 Cisco Systems, Inc. 14 14 * All rights reserved. 15 * 15 * 16 16 * Redistribution and use in source and binary forms, with or without 17 17 * modification, are permitted provided that the following conditions 18 18 * are met: 19 * 19 * 20 20 * Redistributions of source code must retain the above copyright 21 21 * notice, this list of conditions and the following disclaimer. 22 * 22 * 23 23 * Redistributions in binary form must reproduce the above 24 24 * copyright notice, this list of conditions and the following 25 25 * disclaimer in the documentation and/or other materials provided 26 26 * with the distribution. 27 * 27 * 28 28 * Neither the name of the Cisco Systems, Inc. nor the names of its 29 29 * contributors may be used to endorse or promote products derived 30 30 * from this software without specific prior written permission. 31 * 31 * 32 32 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 33 33 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 51 51 #include "cipher.h" 52 52 #include "crypto_types.h" 53 #include " rand_source.h" /* used in invertibiltiy tests*/53 #include "err.h" /* for srtp_debug */ 54 54 #include "alloc.h" /* for crypto_alloc(), crypto_free() */ 55 55 56 debug_module_tmod_cipher = {57 0,/* debugging is off by default */58 "cipher"/* printable module name */56 srtp_debug_module_t srtp_mod_cipher = { 57 0, /* debugging is off by default */ 58 "cipher" /* printable module name */ 59 59 }; 60 60 61 err_status_t 62 cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output) { 61 srtp_err_status_t srtp_cipher_type_alloc (const srtp_cipher_type_t *ct, srtp_cipher_t **c, int key_len, int tlen) 62 { 63 if (!ct || !ct->alloc) { 64 return (srtp_err_status_bad_param); 65 } 66 return ((ct)->alloc((c), (key_len), (tlen))); 67 } 68 69 srtp_err_status_t srtp_cipher_dealloc (srtp_cipher_t *c) 70 { 71 if (!c || !c->type) { 72 return (srtp_err_status_bad_param); 73 } 74 return (((c)->type)->dealloc(c)); 75 } 76 77 srtp_err_status_t srtp_cipher_init (srtp_cipher_t *c, const uint8_t *key) 78 { 79 if (!c || !c->type || !c->state) { 80 return (srtp_err_status_bad_param); 81 } 82 return (((c)->type)->init(((c)->state), (key))); 83 } 84 85 86 srtp_err_status_t srtp_cipher_set_iv (srtp_cipher_t *c, uint8_t *iv, int direction) 87 { 88 if (!c || !c->type || !c->state) { 89 return (srtp_err_status_bad_param); 90 } 91 92 return (((c)->type)->set_iv(((c)->state), iv, direction)); 93 } 94 95 srtp_err_status_t srtp_cipher_output (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output) 96 { 97 98 /* zeroize the buffer */ 99 octet_string_set_to_zero(buffer, *num_octets_to_output); 100 101 /* exor keystream into buffer */ 102 return (((c)->type)->encrypt(((c)->state), buffer, num_octets_to_output)); 103 } 104 105 srtp_err_status_t srtp_cipher_encrypt (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output) 106 { 107 if (!c || !c->type || !c->state) { 108 return (srtp_err_status_bad_param); 109 } 110 111 return (((c)->type)->encrypt(((c)->state), buffer, num_octets_to_output)); 112 } 113 114 srtp_err_status_t srtp_cipher_decrypt (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output) 115 { 116 if (!c || !c->type || !c->state) { 117 return (srtp_err_status_bad_param); 118 } 119 120 return (((c)->type)->decrypt(((c)->state), buffer, num_octets_to_output)); 121 } 122 123 srtp_err_status_t srtp_cipher_get_tag (srtp_cipher_t *c, uint8_t *buffer, uint32_t *tag_len) 124 { 125 if (!c || !c->type || !c->state) { 126 return (srtp_err_status_bad_param); 127 } 128 if (!((c)->type)->get_tag) { 129 return (srtp_err_status_no_such_op); 130 } 131 132 return (((c)->type)->get_tag(((c)->state), buffer, tag_len)); 133 } 134 135 srtp_err_status_t srtp_cipher_set_aad (srtp_cipher_t *c, const uint8_t *aad, uint32_t aad_len) 136 { 137 if (!c || !c->type || !c->state) { 138 return (srtp_err_status_bad_param); 139 } 140 if (!((c)->type)->set_aad) { 141 return (srtp_err_status_no_such_op); 142 } 143 144 return (((c)->type)->set_aad(((c)->state), aad, aad_len)); 145 } 146 147 /* some bookkeeping functions */ 148 149 int srtp_cipher_get_key_length (const srtp_cipher_t *c) 150 { 151 return c->key_len; 152 } 153 154 155 /* 156 * A trivial platform independent random source. The random 157 * data is used for some of the cipher self-tests. 158 */ 159 static srtp_err_status_t srtp_cipher_rand (void *dest, uint32_t len) 160 { 161 #if defined(HAVE_RAND_S) 162 uint8_t *dst = (uint8_t *)dest; 163 while (len) 164 { 165 unsigned int val; 166 errno_t err = rand_s(&val); 167 168 if (err != 0) 169 return srtp_err_status_fail; 63 170 64 /* zeroize the buffer */ 65 octet_string_set_to_zero(buffer, num_octets_to_output); 66 67 /* exor keystream into buffer */ 68 return cipher_encrypt(c, buffer, (unsigned int *) &num_octets_to_output); 69 } 70 71 /* some bookkeeping functions */ 72 73 int 74 cipher_get_key_length(const cipher_t *c) { 75 return c->key_len; 76 } 77 78 /* 79 * cipher_type_test(ct, test_data) tests a cipher of type ct against 171 *dst++ = val & 0xff; 172 len--; 173 } 174 #else 175 /* Generic C-library (rand()) version */ 176 /* This is a random source of last resort */ 177 uint8_t *dst = (uint8_t *)dest; 178 while (len) 179 { 180 int val = rand(); 181 /* rand() returns 0-32767 (ugh) */ 182 /* Is this a good enough way to get random bytes? 183 It is if it passes FIPS-140... */ 184 *dst++ = val & 0xff; 185 len--; 186 } 187 #endif 188 return srtp_err_status_ok; 189 } 190 191 #define SELF_TEST_BUF_OCTETS 128 192 #define NUM_RAND_TESTS 128 193 #define MAX_KEY_LEN 64 194 /* 195 * srtp_cipher_type_test(ct, test_data) tests a cipher of type ct against 80 196 * test cases provided in a list test_data of values of key, salt, iv, 81 197 * plaintext, and ciphertext that is known to be good 82 198 */ 83 84 #define SELF_TEST_BUF_OCTETS 128 85 #define NUM_RAND_TESTS 128 86 #define MAX_KEY_LEN 64 87 88 err_status_t 89 cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data) { 90 const cipher_test_case_t *test_case = test_data; 91 cipher_t *c; 92 err_status_t status; 93 uint8_t buffer[SELF_TEST_BUF_OCTETS]; 94 uint8_t buffer2[SELF_TEST_BUF_OCTETS]; 95 int tag_len; 96 unsigned int len; 97 int i, j, case_num = 0; 98 99 debug_print(mod_cipher, "running self-test for cipher %s", 100 ct->description); 101 102 /* 103 * check to make sure that we have at least one test case, and 104 * return an error if we don't - we need to be paranoid here 105 */ 106 if (test_case == NULL) 107 return err_status_cant_check; 108 109 /* 110 * loop over all test cases, perform known-answer tests of both the 111 * encryption and decryption functions 112 */ 113 while (test_case != NULL) { 114 /* allocate cipher */ 115 status = cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets); 116 if (status) 117 return status; 118 199 srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srtp_cipher_test_case_t *test_data) 200 { 201 const srtp_cipher_test_case_t *test_case = test_data; 202 srtp_cipher_t *c; 203 srtp_err_status_t status; 204 uint8_t buffer[SELF_TEST_BUF_OCTETS]; 205 uint8_t buffer2[SELF_TEST_BUF_OCTETS]; 206 uint32_t tag_len; 207 unsigned int len; 208 int i, j, case_num = 0; 209 210 debug_print(srtp_mod_cipher, "running self-test for cipher %s", 211 ct->description); 212 119 213 /* 120 * test the encrypt function 214 * check to make sure that we have at least one test case, and 215 * return an error if we don't - we need to be paranoid here 121 216 */ 122 debug_print(mod_cipher, "testing encryption", NULL); 123 124 /* initialize cipher */ 125 status = cipher_init(c, test_case->key); 217 if (test_case == NULL) { 218 return srtp_err_status_cant_check; 219 } 220 221 /* 222 * loop over all test cases, perform known-answer tests of both the 223 * encryption and decryption functions 224 */ 225 while (test_case != NULL) { 226 /* allocate cipher */ 227 status = srtp_cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets); 228 if (status) { 229 return status; 230 } 231 232 /* 233 * test the encrypt function 234 */ 235 debug_print(srtp_mod_cipher, "testing encryption", NULL); 236 237 /* initialize cipher */ 238 status = srtp_cipher_init(c, test_case->key); 239 if (status) { 240 srtp_cipher_dealloc(c); 241 return status; 242 } 243 244 /* copy plaintext into test buffer */ 245 if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) { 246 srtp_cipher_dealloc(c); 247 return srtp_err_status_bad_param; 248 } 249 for (i = 0; i < test_case->plaintext_length_octets; i++) { 250 buffer[i] = test_case->plaintext[i]; 251 } 252 253 debug_print(srtp_mod_cipher, "plaintext: %s", 254 srtp_octet_string_hex_string(buffer, 255 test_case->plaintext_length_octets)); 256 257 /* set the initialization vector */ 258 status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_encrypt); 259 if (status) { 260 srtp_cipher_dealloc(c); 261 return status; 262 } 263 264 if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { 265 debug_print(srtp_mod_cipher, "IV: %s", 266 srtp_octet_string_hex_string(test_case->idx, 12)); 267 268 /* 269 * Set the AAD 270 */ 271 status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets); 272 if (status) { 273 srtp_cipher_dealloc(c); 274 return status; 275 } 276 debug_print(srtp_mod_cipher, "AAD: %s", 277 srtp_octet_string_hex_string(test_case->aad, 278 test_case->aad_length_octets)); 279 } 280 281 /* encrypt */ 282 len = test_case->plaintext_length_octets; 283 status = srtp_cipher_encrypt(c, buffer, &len); 284 if (status) { 285 srtp_cipher_dealloc(c); 286 return status; 287 } 288 289 if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { 290 /* 291 * Get the GCM tag 292 */ 293 status = srtp_cipher_get_tag(c, buffer + len, &tag_len); 294 if (status) { 295 srtp_cipher_dealloc(c); 296 return status; 297 } 298 len += tag_len; 299 } 300 301 debug_print(srtp_mod_cipher, "ciphertext: %s", 302 srtp_octet_string_hex_string(buffer, 303 test_case->ciphertext_length_octets)); 304 305 /* compare the resulting ciphertext with that in the test case */ 306 if (len != test_case->ciphertext_length_octets) { 307 srtp_cipher_dealloc(c); 308 return srtp_err_status_algo_fail; 309 } 310 status = srtp_err_status_ok; 311 for (i = 0; i < test_case->ciphertext_length_octets; i++) { 312 if (buffer[i] != test_case->ciphertext[i]) { 313 status = srtp_err_status_algo_fail; 314 debug_print(srtp_mod_cipher, "test case %d failed", case_num); 315 debug_print(srtp_mod_cipher, "(failure at byte %d)", i); 316 break; 317 } 318 } 319 if (status) { 320 321 debug_print(srtp_mod_cipher, "c computed: %s", 322 srtp_octet_string_hex_string(buffer, 323 2 * test_case->plaintext_length_octets)); 324 debug_print(srtp_mod_cipher, "c expected: %s", 325 srtp_octet_string_hex_string(test_case->ciphertext, 326 2 * test_case->plaintext_length_octets)); 327 328 srtp_cipher_dealloc(c); 329 return srtp_err_status_algo_fail; 330 } 331 332 /* 333 * test the decrypt function 334 */ 335 debug_print(srtp_mod_cipher, "testing decryption", NULL); 336 337 /* re-initialize cipher for decryption */ 338 status = srtp_cipher_init(c, test_case->key); 339 if (status) { 340 srtp_cipher_dealloc(c); 341 return status; 342 } 343 344 /* copy ciphertext into test buffer */ 345 if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) { 346 srtp_cipher_dealloc(c); 347 return srtp_err_status_bad_param; 348 } 349 for (i = 0; i < test_case->ciphertext_length_octets; i++) { 350 buffer[i] = test_case->ciphertext[i]; 351 } 352 353 debug_print(srtp_mod_cipher, "ciphertext: %s", 354 srtp_octet_string_hex_string(buffer, 355 test_case->plaintext_length_octets)); 356 357 /* set the initialization vector */ 358 status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_decrypt); 359 if (status) { 360 srtp_cipher_dealloc(c); 361 return status; 362 } 363 364 if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { 365 /* 366 * Set the AAD 367 */ 368 status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets); 369 if (status) { 370 srtp_cipher_dealloc(c); 371 return status; 372 } 373 debug_print(srtp_mod_cipher, "AAD: %s", 374 srtp_octet_string_hex_string(test_case->aad, 375 test_case->aad_length_octets)); 376 } 377 378 /* decrypt */ 379 len = test_case->ciphertext_length_octets; 380 status = srtp_cipher_decrypt(c, buffer, &len); 381 if (status) { 382 srtp_cipher_dealloc(c); 383 return status; 384 } 385 386 debug_print(srtp_mod_cipher, "plaintext: %s", 387 srtp_octet_string_hex_string(buffer, 388 test_case->plaintext_length_octets)); 389 390 /* compare the resulting plaintext with that in the test case */ 391 if (len != test_case->plaintext_length_octets) { 392 srtp_cipher_dealloc(c); 393 return srtp_err_status_algo_fail; 394 } 395 status = srtp_err_status_ok; 396 for (i = 0; i < test_case->plaintext_length_octets; i++) { 397 if (buffer[i] != test_case->plaintext[i]) { 398 status = srtp_err_status_algo_fail; 399 debug_print(srtp_mod_cipher, "test case %d failed", case_num); 400 debug_print(srtp_mod_cipher, "(failure at byte %d)", i); 401 } 402 } 403 if (status) { 404 405 debug_print(srtp_mod_cipher, "p computed: %s", 406 srtp_octet_string_hex_string(buffer, 407 2 * test_case->plaintext_length_octets)); 408 debug_print(srtp_mod_cipher, "p expected: %s", 409 srtp_octet_string_hex_string(test_case->plaintext, 410 2 * test_case->plaintext_length_octets)); 411 412 srtp_cipher_dealloc(c); 413 return srtp_err_status_algo_fail; 414 } 415 416 /* deallocate the cipher */ 417 status = srtp_cipher_dealloc(c); 418 if (status) { 419 return status; 420 } 421 422 /* 423 * the cipher passed the test case, so move on to the next test 424 * case in the list; if NULL, we'l proceed to the next test 425 */ 426 test_case = test_case->next_test_case; 427 ++case_num; 428 } 429 430 /* now run some random invertibility tests */ 431 432 /* allocate cipher, using paramaters from the first test case */ 433 test_case = test_data; 434 status = srtp_cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets); 126 435 if (status) { 127 cipher_dealloc(c); 128 return status; 129 } 130 131 /* copy plaintext into test buffer */ 132 if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) { 133 cipher_dealloc(c); 134 return err_status_bad_param; 135 } 136 for (i=0; i < test_case->plaintext_length_octets; i++) 137 buffer[i] = test_case->plaintext[i]; 138 139 debug_print(mod_cipher, "plaintext: %s", 140 octet_string_hex_string(buffer, 141 test_case->plaintext_length_octets)); 142 143 /* set the initialization vector */ 144 status = cipher_set_iv(c, test_case->idx, direction_encrypt); 436 return status; 437 } 438 439 for (j = 0; j < NUM_RAND_TESTS; j++) { 440 unsigned length; 441 int plaintext_len; 442 uint8_t key[MAX_KEY_LEN]; 443 uint8_t iv[MAX_KEY_LEN]; 444 445 /* choose a length at random (leaving room for IV and padding) */ 446 length = rand() % (SELF_TEST_BUF_OCTETS - 64); 447 debug_print(srtp_mod_cipher, "random plaintext length %d\n", length); 448 status = srtp_cipher_rand(buffer, length); 449 if (status) { 450 srtp_cipher_dealloc(c); 451 return status; 452 } 453 454 debug_print(srtp_mod_cipher, "plaintext: %s", 455 srtp_octet_string_hex_string(buffer, length)); 456 457 /* copy plaintext into second buffer */ 458 for (i = 0; (unsigned int)i < length; i++) { 459 buffer2[i] = buffer[i]; 460 } 461 462 /* choose a key at random */ 463 if (test_case->key_length_octets > MAX_KEY_LEN) { 464 srtp_cipher_dealloc(c); 465 return srtp_err_status_cant_check; 466 } 467 status = srtp_cipher_rand(key, test_case->key_length_octets); 468 if (status) { 469 srtp_cipher_dealloc(c); 470 return status; 471 } 472 473 /* chose a random initialization vector */ 474 status = srtp_cipher_rand(iv, MAX_KEY_LEN); 475 if (status) { 476 srtp_cipher_dealloc(c); 477 return status; 478 } 479 480 /* initialize cipher */ 481 status = srtp_cipher_init(c, key); 482 if (status) { 483 srtp_cipher_dealloc(c); 484 return status; 485 } 486 487 /* set initialization vector */ 488 status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_encrypt); 489 if (status) { 490 srtp_cipher_dealloc(c); 491 return status; 492 } 493 494 if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { 495 /* 496 * Set the AAD 497 */ 498 status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets); 499 if (status) { 500 srtp_cipher_dealloc(c); 501 return status; 502 } 503 debug_print(srtp_mod_cipher, "AAD: %s", 504 srtp_octet_string_hex_string(test_case->aad, 505 test_case->aad_length_octets)); 506 } 507 508 /* encrypt buffer with cipher */ 509 plaintext_len = length; 510 status = srtp_cipher_encrypt(c, buffer, &length); 511 if (status) { 512 srtp_cipher_dealloc(c); 513 return status; 514 } 515 if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { 516 /* 517 * Get the GCM tag 518 */ 519 status = srtp_cipher_get_tag(c, buffer + length, &tag_len); 520 if (status) { 521 srtp_cipher_dealloc(c); 522 return status; 523 } 524 length += tag_len; 525 } 526 debug_print(srtp_mod_cipher, "ciphertext: %s", 527 srtp_octet_string_hex_string(buffer, length)); 528 529 /* 530 * re-initialize cipher for decryption, re-set the iv, then 531 * decrypt the ciphertext 532 */ 533 status = srtp_cipher_init(c, key); 534 if (status) { 535 srtp_cipher_dealloc(c); 536 return status; 537 } 538 status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_decrypt); 539 if (status) { 540 srtp_cipher_dealloc(c); 541 return status; 542 } 543 if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { 544 /* 545 * Set the AAD 546 */ 547 status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets); 548 if (status) { 549 srtp_cipher_dealloc(c); 550 return status; 551 } 552 debug_print(srtp_mod_cipher, "AAD: %s", 553 srtp_octet_string_hex_string(test_case->aad, 554 test_case->aad_length_octets)); 555 } 556 status = srtp_cipher_decrypt(c, buffer, &length); 557 if (status) { 558 srtp_cipher_dealloc(c); 559 return status; 560 } 561 562 debug_print(srtp_mod_cipher, "plaintext[2]: %s", 563 srtp_octet_string_hex_string(buffer, length)); 564 565 /* compare the resulting plaintext with the original one */ 566 if (length != plaintext_len) { 567 srtp_cipher_dealloc(c); 568 return srtp_err_status_algo_fail; 569 } 570 status = srtp_err_status_ok; 571 for (i = 0; i < plaintext_len; i++) { 572 if (buffer[i] != buffer2[i]) { 573 status = srtp_err_status_algo_fail; 574 debug_print(srtp_mod_cipher, "random test case %d failed", case_num); 575 debug_print(srtp_mod_cipher, "(failure at byte %d)", i); 576 } 577 } 578 if (status) { 579 srtp_cipher_dealloc(c); 580 return srtp_err_status_algo_fail; 581 } 582 583 } 584 585 status = srtp_cipher_dealloc(c); 145 586 if (status) { 146 cipher_dealloc(c); 147 return status; 148 } 149 150 if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) { 151 debug_print(mod_cipher, "IV: %s", 152 octet_string_hex_string(test_case->idx, 12)); 153 154 /* 155 * Set the AAD 156 */ 157 status = cipher_set_aad(c, test_case->aad, 158 test_case->aad_length_octets); 159 if (status) { 160 cipher_dealloc(c); 161 return status; 162 } 163 debug_print(mod_cipher, "AAD: %s", 164 octet_string_hex_string(test_case->aad, 165 test_case->aad_length_octets)); 166 } 167 168 /* encrypt */ 169 len = test_case->plaintext_length_octets; 170 status = cipher_encrypt(c, buffer, &len); 171 if (status) { 172 cipher_dealloc(c); 173 return status; 174 } 175 176 if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) { 177 /* 178 * Get the GCM tag 179 */ 180 status = cipher_get_tag(c, buffer + len, &tag_len); 181 if (status) { 182 cipher_dealloc(c); 183 return status; 184 } 185 len += tag_len; 186 } 187 188 debug_print(mod_cipher, "ciphertext: %s", 189 octet_string_hex_string(buffer, 190 test_case->ciphertext_length_octets)); 191 192 /* compare the resulting ciphertext with that in the test case */ 193 if (len != test_case->ciphertext_length_octets) 194 return err_status_algo_fail; 195 status = err_status_ok; 196 for (i=0; i < test_case->ciphertext_length_octets; i++) 197 if (buffer[i] != test_case->ciphertext[i]) { 198 status = err_status_algo_fail; 199 debug_print(mod_cipher, "test case %d failed", case_num); 200 debug_print(mod_cipher, "(failure at byte %d)", i); 201 break; 202 } 203 if (status) { 204 205 debug_print(mod_cipher, "c computed: %s", 206 octet_string_hex_string(buffer, 207 2*test_case->plaintext_length_octets)); 208 debug_print(mod_cipher, "c expected: %s", 209 octet_string_hex_string(test_case->ciphertext, 210 2*test_case->plaintext_length_octets)); 211 212 cipher_dealloc(c); 213 return err_status_algo_fail; 214 } 215 216 /* 217 * test the decrypt function 218 */ 219 debug_print(mod_cipher, "testing decryption", NULL); 220 221 /* re-initialize cipher for decryption */ 222 status = cipher_init(c, test_case->key); 223 if (status) { 224 cipher_dealloc(c); 225 return status; 226 } 227 228 /* copy ciphertext into test buffer */ 229 if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) { 230 cipher_dealloc(c); 231 return err_status_bad_param; 232 } 233 for (i=0; i < test_case->ciphertext_length_octets; i++) 234 buffer[i] = test_case->ciphertext[i]; 235 236 debug_print(mod_cipher, "ciphertext: %s", 237 octet_string_hex_string(buffer, 238 test_case->plaintext_length_octets)); 239 240 /* set the initialization vector */ 241 status = cipher_set_iv(c, test_case->idx, direction_decrypt); 242 if (status) { 243 cipher_dealloc(c); 244 return status; 245 } 246 247 if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) { 248 /* 249 * Set the AAD 250 */ 251 status = cipher_set_aad(c, test_case->aad, 252 test_case->aad_length_octets); 253 if (status) { 254 cipher_dealloc(c); 255 return status; 256 } 257 debug_print(mod_cipher, "AAD: %s", 258 octet_string_hex_string(test_case->aad, 259 test_case->aad_length_octets)); 260 } 261 262 /* decrypt */ 263 len = test_case->ciphertext_length_octets; 264 status = cipher_decrypt(c, buffer, &len); 265 if (status) { 266 cipher_dealloc(c); 267 return status; 268 } 269 270 debug_print(mod_cipher, "plaintext: %s", 271 octet_string_hex_string(buffer, 272 test_case->plaintext_length_octets)); 273 274 /* compare the resulting plaintext with that in the test case */ 275 if (len != test_case->plaintext_length_octets) 276 return err_status_algo_fail; 277 status = err_status_ok; 278 for (i=0; i < test_case->plaintext_length_octets; i++) 279 if (buffer[i] != test_case->plaintext[i]) { 280 status = err_status_algo_fail; 281 debug_print(mod_cipher, "test case %d failed", case_num); 282 debug_print(mod_cipher, "(failure at byte %d)", i); 283 } 284 if (status) { 285 286 debug_print(mod_cipher, "p computed: %s", 287 octet_string_hex_string(buffer, 288 2*test_case->plaintext_length_octets)); 289 debug_print(mod_cipher, "p expected: %s", 290 octet_string_hex_string(test_case->plaintext, 291 2*test_case->plaintext_length_octets)); 292 293 cipher_dealloc(c); 294 return err_status_algo_fail; 295 } 296 297 /* deallocate the cipher */ 298 status = cipher_dealloc(c); 299 if (status) 300 return status; 301 302 /* 303 * the cipher passed the test case, so move on to the next test 304 * case in the list; if NULL, we'l proceed to the next test 305 */ 306 test_case = test_case->next_test_case; 307 ++case_num; 308 } 309 310 /* now run some random invertibility tests */ 311 312 /* allocate cipher, using paramaters from the first test case */ 313 test_case = test_data; 314 status = cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets); 315 if (status) 316 return status; 317 318 rand_source_init(); 319 320 for (j=0; j < NUM_RAND_TESTS; j++) { 321 unsigned length; 322 int plaintext_len; 323 uint8_t key[MAX_KEY_LEN]; 324 uint8_t iv[MAX_KEY_LEN]; 325 326 /* choose a length at random (leaving room for IV and padding) */ 327 length = rand() % (SELF_TEST_BUF_OCTETS - 64); 328 debug_print(mod_cipher, "random plaintext length %d\n", length); 329 status = rand_source_get_octet_string(buffer, length); 330 if (status) return status; 331 332 debug_print(mod_cipher, "plaintext: %s", 333 octet_string_hex_string(buffer, length)); 334 335 /* copy plaintext into second buffer */ 336 for (i=0; (unsigned int)i < length; i++) 337 buffer2[i] = buffer[i]; 338 339 /* choose a key at random */ 340 if (test_case->key_length_octets > MAX_KEY_LEN) 341 return err_status_cant_check; 342 status = rand_source_get_octet_string(key, test_case->key_length_octets); 343 if (status) return status; 344 345 /* chose a random initialization vector */ 346 status = rand_source_get_octet_string(iv, MAX_KEY_LEN); 347 if (status) return status; 348 349 /* initialize cipher */ 350 status = cipher_init(c, key); 351 if (status) { 352 cipher_dealloc(c); 353 return status; 354 } 355 356 /* set initialization vector */ 357 status = cipher_set_iv(c, test_case->idx, direction_encrypt); 358 if (status) { 359 cipher_dealloc(c); 360 return status; 361 } 362 363 if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) { 364 /* 365 * Set the AAD 366 */ 367 status = cipher_set_aad(c, test_case->aad, 368 test_case->aad_length_octets); 369 if (status) { 370 cipher_dealloc(c); 371 return status; 372 } 373 debug_print(mod_cipher, "AAD: %s", 374 octet_string_hex_string(test_case->aad, 375 test_case->aad_length_octets)); 376 } 377 378 /* encrypt buffer with cipher */ 379 plaintext_len = length; 380 status = cipher_encrypt(c, buffer, &length); 381 if (status) { 382 cipher_dealloc(c); 383 return status; 384 } 385 if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) { 386 /* 387 * Get the GCM tag 388 */ 389 status = cipher_get_tag(c, buffer + length, &tag_len); 390 if (status) { 391 cipher_dealloc(c); 392 return status; 393 } 394 length += tag_len; 395 } 396 debug_print(mod_cipher, "ciphertext: %s", 397 octet_string_hex_string(buffer, length)); 398 399 /* 400 * re-initialize cipher for decryption, re-set the iv, then 401 * decrypt the ciphertext 402 */ 403 status = cipher_init(c, key); 404 if (status) { 405 cipher_dealloc(c); 406 return status; 407 } 408 status = cipher_set_iv(c, test_case->idx, direction_decrypt); 409 if (status) { 410 cipher_dealloc(c); 411 return status; 412 } 413 if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) { 414 /* 415 * Set the AAD 416 */ 417 status = cipher_set_aad(c, test_case->aad, 418 test_case->aad_length_octets); 419 if (status) { 420 cipher_dealloc(c); 421 return status; 422 } 423 debug_print(mod_cipher, "AAD: %s", 424 octet_string_hex_string(test_case->aad, 425 test_case->aad_length_octets)); 426 } 427 status = cipher_decrypt(c, buffer, &length); 428 if (status) { 429 cipher_dealloc(c); 430 return status; 431 } 432 433 debug_print(mod_cipher, "plaintext[2]: %s", 434 octet_string_hex_string(buffer, length)); 435 436 /* compare the resulting plaintext with the original one */ 437 if (length != plaintext_len) { 438 return err_status_algo_fail; 439 } 440 status = err_status_ok; 441 for (i=0; i < plaintext_len; i++) 442 if (buffer[i] != buffer2[i]) { 443 status = err_status_algo_fail; 444 debug_print(mod_cipher, "random test case %d failed", case_num); 445 debug_print(mod_cipher, "(failure at byte %d)", i); 446 } 447 if (status) { 448 cipher_dealloc(c); 449 return err_status_algo_fail; 450 } 451 452 } 453 454 status = cipher_dealloc(c); 455 if (status) 456 return status; 457 458 return err_status_ok; 459 } 460 461 462 /* 463 * cipher_type_self_test(ct) performs cipher_type_test on ct's internal 587 return status; 588 } 589 590 return srtp_err_status_ok; 591 } 592 593 594 /* 595 * srtp_cipher_type_self_test(ct) performs srtp_cipher_type_test on ct's internal 464 596 * list of test data. 465 597 */ 466 467 err_status_t 468 cipher_type_self_test(const cipher_type_t *ct) { 469 return cipher_type_test(ct, ct->test_data); 598 srtp_err_status_t srtp_cipher_type_self_test (const srtp_cipher_type_t *ct) 599 { 600 return srtp_cipher_type_test(ct, ct->test_data); 470 601 } 471 602 … … 473 604 * cipher_bits_per_second(c, l, t) computes (an estimate of) the 474 605 * number of bits that a cipher implementation can encrypt in a second 475 * 606 * 476 607 * c is a cipher (which MUST be allocated and initialized already), l 477 608 * is the length in octets of the test data to be encrypted, and t is … … 480 611 * if an error is encountered, the value 0 is returned 481 612 */ 482 483 uint64_t 484 cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials) { 485 int i; 486 v128_t nonce; 487 clock_t timer; 488 unsigned char *enc_buf; 489 unsigned int len = octets_in_buffer; 490 491 enc_buf = (unsigned char*) crypto_alloc(octets_in_buffer); 492 if (enc_buf == NULL) 493 return 0; /* indicate bad parameters by returning null */ 494 495 /* time repeated trials */ 496 v128_set_to_zero(&nonce); 497 timer = clock(); 498 for(i=0; i < num_trials; i++, nonce.v32[3] = i) { 499 cipher_set_iv(c, &nonce, direction_encrypt); 500 cipher_encrypt(c, enc_buf, &len); 501 } 502 timer = clock() - timer; 503 504 crypto_free(enc_buf); 505 506 if (timer == 0) { 507 /* Too fast! */ 508 return 0; 509 } 510 511 return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer; 512 } 613 uint64_t srtp_cipher_bits_per_second (srtp_cipher_t *c, int octets_in_buffer, int num_trials) 614 { 615 int i; 616 v128_t nonce; 617 clock_t timer; 618 unsigned char *enc_buf; 619 unsigned int len = octets_in_buffer; 620 621 enc_buf = (unsigned char*)srtp_crypto_alloc(octets_in_buffer); 622 if (enc_buf == NULL) { 623 return 0; /* indicate bad parameters by returning null */ 624 625 } 626 /* time repeated trials */ 627 v128_set_to_zero(&nonce); 628 timer = clock(); 629 for (i = 0; i < num_trials; i++, nonce.v32[3] = i) { 630 if (srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt) != srtp_err_status_ok) { 631 srtp_crypto_free(enc_buf); 632 return 0; 633 } 634 if (srtp_cipher_encrypt(c, enc_buf, &len) != srtp_err_status_ok) { 635 srtp_crypto_free(enc_buf); 636 return 0; 637 } 638 } 639 timer = clock() - timer; 640 641 srtp_crypto_free(enc_buf); 642 643 if (timer == 0) { 644 /* Too fast! */ 645 return 0; 646 } 647 648 return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer; 649 } -
pjproject/trunk/third_party/srtp/crypto/cipher/null_cipher.c
r5261 r5614 10 10 11 11 /* 12 * 13 * Copyright (c) 2001-20 06,2013Cisco Systems, Inc.12 * 13 * Copyright (c) 2001-2017 Cisco Systems, Inc. 14 14 * All rights reserved. 15 * 15 * 16 16 * Redistribution and use in source and binary forms, with or without 17 17 * modification, are permitted provided that the following conditions 18 18 * are met: 19 * 19 * 20 20 * Redistributions of source code must retain the above copyright 21 21 * notice, this list of conditions and the following disclaimer. 22 * 22 * 23 23 * Redistributions in binary form must reproduce the above 24 24 * copyright notice, this list of conditions and the following 25 25 * disclaimer in the documentation and/or other materials provided 26 26 * with the distribution. 27 * 27 * 28 28 * Neither the name of the Cisco Systems, Inc. nor the names of its 29 29 * contributors may be used to endorse or promote products derived 30 30 * from this software without specific prior written permission. 31 * 31 * 32 32 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 33 33 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 51 51 #include "datatypes.h" 52 52 #include "null_cipher.h" 53 #include "err.h" /* for srtp_debug */ 53 54 #include "alloc.h" 54 55 55 56 /* the null_cipher uses the cipher debug module */ 56 57 57 extern debug_module_tmod_cipher;58 extern srtp_debug_module_t srtp_mod_cipher; 58 59 59 err_status_t 60 null_cipher_alloc(cipher_t **c, int key_len, int tlen) { 61 extern cipher_type_t null_cipher; 62 uint8_t *pointer; 63 64 debug_print(mod_cipher, 65 "allocating cipher with key length %d", key_len); 60 static srtp_err_status_t srtp_null_cipher_alloc (srtp_cipher_t **c, int key_len, int tlen) 61 { 62 extern const srtp_cipher_type_t srtp_null_cipher; 66 63 67 /* allocate memory a cipher of type null_cipher */ 68 pointer = (uint8_t*)crypto_alloc(sizeof(null_cipher_ctx_t) + sizeof(cipher_t)); 69 if (pointer == NULL) 70 return err_status_alloc_fail; 64 debug_print(srtp_mod_cipher, 65 "allocating cipher with key length %d", key_len); 71 66 72 /* set pointers */ 73 *c = (cipher_t *)pointer; 74 (*c)->algorithm = NULL_CIPHER; 75 (*c)->type = &null_cipher; 76 (*c)->state = pointer + sizeof(cipher_t); 67 /* allocate memory a cipher of type null_cipher */ 68 *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); 69 if (*c == NULL) { 70 return srtp_err_status_alloc_fail; 71 } 72 memset(*c, 0x0, sizeof(srtp_cipher_t)); 77 73 78 /* set key size */ 79 (*c)->key_len = key_len; 74 /* set pointers */ 75 (*c)->algorithm = SRTP_NULL_CIPHER; 76 (*c)->type = &srtp_null_cipher; 77 (*c)->state = (void *) 0x1; /* The null cipher does not maintain state */ 80 78 81 /* increment ref_count*/82 null_cipher.ref_count++;83 84 returnerr_status_ok;85 79 /* set key size */ 80 (*c)->key_len = key_len; 81 82 return srtp_err_status_ok; 83 86 84 } 87 85 88 err_status_t 89 null_cipher_dealloc(cipher_t *c){90 extern cipher_type_tnull_cipher;86 static srtp_err_status_t srtp_null_cipher_dealloc (srtp_cipher_t *c) 87 { 88 extern const srtp_cipher_type_t srtp_null_cipher; 91 89 92 /* zeroize entire state*/ 93 octet_string_set_to_zero((uint8_t *)c, 94 sizeof(null_cipher_ctx_t) + sizeof(cipher_t)); 90 /* zeroize entire state*/ 91 octet_string_set_to_zero(c, sizeof(srtp_cipher_t)); 95 92 96 /* free memory of type null_cipher */97 crypto_free(c);93 /* free memory of type null_cipher */ 94 srtp_crypto_free(c); 98 95 99 /* decrement reference count */ 100 null_cipher.ref_count--; 101 102 return err_status_ok; 103 96 return srtp_err_status_ok; 97 104 98 } 105 99 106 err_status_t 107 null_cipher_init(null_cipher_ctx_t *ctx, const uint8_t *key, int key_len) { 100 static srtp_err_status_t srtp_null_cipher_init (void *cv, const uint8_t *key) 101 { 102 /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */ 108 103 109 debug_print(mod_cipher, "initializing null cipher", NULL);104 debug_print(srtp_mod_cipher, "initializing null cipher", NULL); 110 105 111 returnerr_status_ok;106 return srtp_err_status_ok; 112 107 } 113 108 114 err_status_t 115 null_cipher_set_iv(null_cipher_ctx_t *c, void *iv) { 116 return err_status_ok; 109 static srtp_err_status_t srtp_null_cipher_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t dir) 110 { 111 /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */ 112 return srtp_err_status_ok; 117 113 } 118 114 119 err_status_t 120 null_cipher_encrypt(null_cipher_ctx_t *c, 121 unsigned char *buf, unsigned int *bytes_to_encr) { 122 return err_status_ok; 115 static srtp_err_status_t srtp_null_cipher_encrypt (void *cv, 116 unsigned char *buf, unsigned int *bytes_to_encr) 117 { 118 /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */ 119 return srtp_err_status_ok; 123 120 } 124 121 125 char 126 null_cipher_description[] = "null cipher"; 122 static const char srtp_null_cipher_description[] = "null cipher"; 127 123 128 cipher_test_case_t 129 null_cipher_test_0 = { 130 0, /* octets in key */ 131 NULL, /* key */ 132 0, /* packet index */ 133 0, /* octets in plaintext */ 134 NULL, /* plaintext */ 135 0, /* octets in plaintext */ 136 NULL, /* ciphertext */ 137 0, 138 NULL, 139 0, 140 NULL /* pointer to next testcase */ 124 static const srtp_cipher_test_case_t srtp_null_cipher_test_0 = { 125 0, /* octets in key */ 126 NULL, /* key */ 127 0, /* packet index */ 128 0, /* octets in plaintext */ 129 NULL, /* plaintext */ 130 0, /* octets in plaintext */ 131 NULL, /* ciphertext */ 132 0, 133 NULL, 134 0, 135 NULL /* pointer to next testcase */ 141 136 }; 142 137 … … 146 141 */ 147 142 148 cipher_type_t null_cipher = { 149 (cipher_alloc_func_t) null_cipher_alloc, 150 (cipher_dealloc_func_t) null_cipher_dealloc, 151 (cipher_init_func_t) null_cipher_init, 152 (cipher_set_aad_func_t) 0, 153 (cipher_encrypt_func_t) null_cipher_encrypt, 154 (cipher_decrypt_func_t) null_cipher_encrypt, 155 (cipher_set_iv_func_t) null_cipher_set_iv, 156 (cipher_get_tag_func_t) 0, 157 (char *) null_cipher_description, 158 (int) 0, 159 (cipher_test_case_t *) &null_cipher_test_0, 160 (debug_module_t *) NULL, 161 (cipher_type_id_t) NULL_CIPHER 143 const srtp_cipher_type_t srtp_null_cipher = { 144 srtp_null_cipher_alloc, 145 srtp_null_cipher_dealloc, 146 srtp_null_cipher_init, 147 0, /* set_aad */ 148 srtp_null_cipher_encrypt, 149 srtp_null_cipher_encrypt, 150 srtp_null_cipher_set_iv, 151 0, /* get_tag */ 152 srtp_null_cipher_description, 153 &srtp_null_cipher_test_0, 154 SRTP_NULL_CIPHER 162 155 }; 163 156 -
pjproject/trunk/third_party/srtp/crypto/hash/auth.c
r5261 r5614 9 9 10 10 /* 11 * 12 * Copyright (c) 2001-20 06, Cisco Systems, Inc.11 * 12 * Copyright (c) 2001-2017, Cisco Systems, Inc. 13 13 * All rights reserved. 14 * 14 * 15 15 * Redistribution and use in source and binary forms, with or without 16 16 * modification, are permitted provided that the following conditions 17 17 * are met: 18 * 18 * 19 19 * Redistributions of source code must retain the above copyright 20 20 * notice, this list of conditions and the following disclaimer. 21 * 21 * 22 22 * Redistributions in binary form must reproduce the above 23 23 * copyright notice, this list of conditions and the following 24 24 * disclaimer in the documentation and/or other materials provided 25 25 * with the distribution. 26 * 26 * 27 27 * Neither the name of the Cisco Systems, Inc. nor the names of its 28 28 * contributors may be used to endorse or promote products derived 29 29 * from this software without specific prior written permission. 30 * 30 * 31 31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 32 32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 49 49 50 50 #include "auth.h" 51 #include "err.h" /* for srtp_debug */ 52 #include "datatypes.h" /* for octet_string */ 51 53 52 54 /* the debug module for authentiation */ 53 55 54 debug_module_tmod_auth = {55 0,/* debugging is off by default */56 "auth func"/* printable name for module */56 srtp_debug_module_t srtp_mod_auth = { 57 0, /* debugging is off by default */ 58 "auth func" /* printable name for module */ 57 59 }; 58 60 59 61 60 int 61 auth_get_key_length(const auth_t *a){62 return a->key_len;62 int srtp_auth_get_key_length (const srtp_auth_t *a) 63 { 64 return a->key_len; 63 65 } 64 66 65 int 66 auth_get_tag_length(const auth_t *a){67 return a->out_len;67 int srtp_auth_get_tag_length (const srtp_auth_t *a) 68 { 69 return a->out_len; 68 70 } 69 71 70 int 71 auth_get_prefix_length(const auth_t *a) { 72 return a->prefix_len; 73 } 74 75 int 76 auth_type_get_ref_count(const auth_type_t *at) { 77 return at->ref_count; 72 int srtp_auth_get_prefix_length (const srtp_auth_t *a) 73 { 74 return a->prefix_len; 78 75 } 79 76 80 77 /* 81 * auth_type_test() tests an auth function of type ct against78 * srtp_auth_type_test() tests an auth function of type ct against 82 79 * test cases provided in a list test_data of values of key, data, and tag 83 80 * that is known to be good … … 87 84 #define SELF_TEST_TAG_BUF_OCTETS 32 88 85 89 err_status_t 90 auth_type_test(const auth_type_t *at, const auth_test_case_t *test_data) { 91 const auth_test_case_t *test_case = test_data; 92 auth_t *a; 93 err_status_t status; 94 uint8_t tag[SELF_TEST_TAG_BUF_OCTETS]; 95 int i, case_num = 0; 86 srtp_err_status_t 87 srtp_auth_type_test (const srtp_auth_type_t *at, const srtp_auth_test_case_t *test_data) 88 { 89 const srtp_auth_test_case_t *test_case = test_data; 90 srtp_auth_t *a; 91 srtp_err_status_t status; 92 uint8_t tag[SELF_TEST_TAG_BUF_OCTETS]; 93 int i, case_num = 0; 96 94 97 debug_print(mod_auth, "running self-test for auth function %s", 98 at->description); 99 100 /* 101 * check to make sure that we have at least one test case, and 102 * return an error if we don't - we need to be paranoid here 103 */ 104 if (test_case == NULL) 105 return err_status_cant_check; 95 debug_print(srtp_mod_auth, "running self-test for auth function %s", 96 at->description); 106 97 107 /* loop over all test cases */ 108 while (test_case != NULL) { 109 110 /* check test case parameters */ 111 if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS) 112 return err_status_bad_param; 113 114 /* allocate auth */ 115 status = auth_type_alloc(at, &a, test_case->key_length_octets, 116 test_case->tag_length_octets); 117 if (status) 118 return status; 119 120 /* initialize auth */ 121 status = auth_init(a, test_case->key); 122 if (status) { 123 auth_dealloc(a); 124 return status; 98 /* 99 * check to make sure that we have at least one test case, and 100 * return an error if we don't - we need to be paranoid here 101 */ 102 if (test_case == NULL) { 103 return srtp_err_status_cant_check; 125 104 } 126 105 127 /* zeroize tag then compute */ 128 octet_string_set_to_zero(tag, test_case->tag_length_octets); 129 status = auth_compute(a, test_case->data, 130 test_case->data_length_octets, tag); 131 if (status) { 132 auth_dealloc(a); 133 return status; 106 /* loop over all test cases */ 107 while (test_case != NULL) { 108 109 /* check test case parameters */ 110 if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS) { 111 return srtp_err_status_bad_param; 112 } 113 114 /* allocate auth */ 115 status = srtp_auth_type_alloc(at, &a, test_case->key_length_octets, 116 test_case->tag_length_octets); 117 if (status) { 118 return status; 119 } 120 121 /* initialize auth */ 122 status = srtp_auth_init(a, test_case->key); 123 if (status) { 124 srtp_auth_dealloc(a); 125 return status; 126 } 127 128 /* zeroize tag then compute */ 129 octet_string_set_to_zero(tag, test_case->tag_length_octets); 130 status = srtp_auth_compute(a, test_case->data, 131 test_case->data_length_octets, tag); 132 if (status) { 133 srtp_auth_dealloc(a); 134 return status; 135 } 136 137 debug_print(srtp_mod_auth, "key: %s", 138 srtp_octet_string_hex_string(test_case->key, 139 test_case->key_length_octets)); 140 debug_print(srtp_mod_auth, "data: %s", 141 srtp_octet_string_hex_string(test_case->data, 142 test_case->data_length_octets)); 143 debug_print(srtp_mod_auth, "tag computed: %s", 144 srtp_octet_string_hex_string(tag, test_case->tag_length_octets)); 145 debug_print(srtp_mod_auth, "tag expected: %s", 146 srtp_octet_string_hex_string(test_case->tag, 147 test_case->tag_length_octets)); 148 149 /* check the result */ 150 status = srtp_err_status_ok; 151 for (i = 0; i < test_case->tag_length_octets; i++) { 152 if (tag[i] != test_case->tag[i]) { 153 status = srtp_err_status_algo_fail; 154 debug_print(srtp_mod_auth, "test case %d failed", case_num); 155 debug_print(srtp_mod_auth, " (mismatch at octet %d)", i); 156 } 157 } 158 if (status) { 159 srtp_auth_dealloc(a); 160 return srtp_err_status_algo_fail; 161 } 162 163 /* deallocate the auth function */ 164 status = srtp_auth_dealloc(a); 165 if (status) { 166 return status; 167 } 168 169 /* 170 * the auth function passed the test case, so move on to the next test 171 * case in the list; if NULL, we'll quit and return an OK 172 */ 173 test_case = test_case->next_test_case; 174 ++case_num; 134 175 } 135 136 debug_print(mod_auth, "key: %s",137 octet_string_hex_string(test_case->key,138 test_case->key_length_octets));139 debug_print(mod_auth, "data: %s",140 octet_string_hex_string(test_case->data,141 test_case->data_length_octets));142 debug_print(mod_auth, "tag computed: %s",143 octet_string_hex_string(tag, test_case->tag_length_octets));144 debug_print(mod_auth, "tag expected: %s",145 octet_string_hex_string(test_case->tag,146 test_case->tag_length_octets));147 176 148 /* check the result */ 149 status = err_status_ok; 150 for (i=0; i < test_case->tag_length_octets; i++) 151 if (tag[i] != test_case->tag[i]) { 152 status = err_status_algo_fail; 153 debug_print(mod_auth, "test case %d failed", case_num); 154 debug_print(mod_auth, " (mismatch at octet %d)", i); 155 } 156 if (status) { 157 auth_dealloc(a); 158 return err_status_algo_fail; 159 } 160 161 /* deallocate the auth function */ 162 status = auth_dealloc(a); 163 if (status) 164 return status; 165 166 /* 167 * the auth function passed the test case, so move on to the next test 168 * case in the list; if NULL, we'll quit and return an OK 169 */ 170 test_case = test_case->next_test_case; 171 ++case_num; 172 } 173 174 return err_status_ok; 177 return srtp_err_status_ok; 175 178 } 176 179 177 180 178 /* 179 * auth_type_self_test(at) performs auth_type_test on at's internal181 /* 182 * auth_type_self_test(at) performs srtp_auth_type_test on at's internal 180 183 * list of test data. 181 184 */ 182 185 183 err_status_t 184 auth_type_self_test(const auth_type_t *at){185 returnauth_type_test(at, at->test_data);186 srtp_err_status_t srtp_auth_type_self_test (const srtp_auth_type_t *at) 187 { 188 return srtp_auth_type_test(at, at->test_data); 186 189 } 187 190 -
pjproject/trunk/third_party/srtp/crypto/hash/hmac.c
r5261 r5614 2 2 * hmac.c 3 3 * 4 * implementation of hmac auth_type_t4 * implementation of hmac srtp_auth_type_t 5 5 * 6 6 * David A. McGrew … … 8 8 */ 9 9 /* 10 * 11 * Copyright(c) 2001-20 06Cisco Systems, Inc.10 * 11 * Copyright(c) 2001-2017 Cisco Systems, Inc. 12 12 * All rights reserved. 13 * 13 * 14 14 * Redistribution and use in source and binary forms, with or without 15 15 * modification, are permitted provided that the following conditions 16 16 * are met: 17 * 17 * 18 18 * Redistributions of source code must retain the above copyright 19 19 * notice, this list of conditions and the following disclaimer. 20 * 20 * 21 21 * Redistributions in binary form must reproduce the above 22 22 * copyright notice, this list of conditions and the following 23 23 * disclaimer in the documentation and/or other materials provided 24 24 * with the distribution. 25 * 25 * 26 26 * Neither the name of the Cisco Systems, Inc. nor the names of its 27 27 * contributors may be used to endorse or promote products derived 28 28 * from this software without specific prior written permission. 29 * 29 * 30 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 47 47 #endif 48 48 49 #include "hmac.h" 49 #include "hmac.h" 50 50 #include "alloc.h" 51 51 52 52 /* the debug module for authentiation */ 53 53 54 debug_module_t mod_hmac = { 55 0, /* debugging is off by default */ 56 "hmac sha-1" /* printable name for module */ 57 }; 58 59 60 err_status_t 61 hmac_alloc(auth_t **a, int key_len, int out_len) { 62 extern auth_type_t hmac; 63 uint8_t *pointer; 64 65 debug_print(mod_hmac, "allocating auth func with key length %d", key_len); 66 debug_print(mod_hmac, " tag length %d", out_len); 67 68 /* 69 * check key length - note that we don't support keys larger 70 * than 20 bytes yet 71 */ 72 if (key_len > 20) 73 return err_status_bad_param; 74 75 /* check output length - should be less than 20 bytes */ 76 if (out_len > 20) 77 return err_status_bad_param; 78 79 /* allocate memory for auth and hmac_ctx_t structures */ 80 pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t)); 81 if (pointer == NULL) 82 return err_status_alloc_fail; 83 84 /* set pointers */ 85 *a = (auth_t *)pointer; 86 (*a)->type = &hmac; 87 (*a)->state = pointer + sizeof(auth_t); 88 (*a)->out_len = out_len; 89 (*a)->key_len = key_len; 90 (*a)->prefix_len = 0; 91 92 /* increment global count of all hmac uses */ 93 hmac.ref_count++; 94 95 return err_status_ok; 96 } 97 98 err_status_t 99 hmac_dealloc(auth_t *a) { 100 extern auth_type_t hmac; 101 102 /* zeroize entire state*/ 103 octet_string_set_to_zero((uint8_t *)a, 104 sizeof(hmac_ctx_t) + sizeof(auth_t)); 105 106 /* free memory */ 107 crypto_free(a); 108 109 /* decrement global count of all hmac uses */ 110 hmac.ref_count--; 111 112 return err_status_ok; 113 } 114 115 err_status_t 116 hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len) { 117 int i; 118 uint8_t ipad[64]; 119 120 /* 121 * check key length - note that we don't support keys larger 122 * than 20 bytes yet 123 */ 124 if (key_len > 20) 125 return err_status_bad_param; 126 127 /* 128 * set values of ipad and opad by exoring the key into the 129 * appropriate constant values 130 */ 131 for (i=0; i < key_len; i++) { 132 ipad[i] = key[i] ^ 0x36; 133 state->opad[i] = key[i] ^ 0x5c; 134 } 135 /* set the rest of ipad, opad to constant values */ 136 for ( ; i < 64; i++) { 137 ipad[i] = 0x36; 138 ((uint8_t *)state->opad)[i] = 0x5c; 139 } 140 141 debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64)); 142 143 /* initialize sha1 context */ 144 sha1_init(&state->init_ctx); 145 146 /* hash ipad ^ key */ 147 sha1_update(&state->init_ctx, ipad, 64); 148 memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t)); 149 150 return err_status_ok; 151 } 152 153 err_status_t 154 hmac_start(hmac_ctx_t *state) { 155 156 memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t)); 157 158 return err_status_ok; 159 } 160 161 err_status_t 162 hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets) { 163 164 debug_print(mod_hmac, "input: %s", 165 octet_string_hex_string(message, msg_octets)); 166 167 /* hash message into sha1 context */ 168 sha1_update(&state->ctx, message, msg_octets); 169 170 return err_status_ok; 171 } 172 173 err_status_t 174 hmac_compute(hmac_ctx_t *state, const void *message, 175 int msg_octets, int tag_len, uint8_t *result) { 176 uint32_t hash_value[5]; 177 uint32_t H[5]; 178 int i; 179 180 /* check tag length, return error if we can't provide the value expected */ 181 if (tag_len > 20) 182 return err_status_bad_param; 183 184 /* hash message, copy output into H */ 185 hmac_update(state, (const uint8_t*)message, msg_octets); 186 sha1_final(&state->ctx, H); 187 188 /* 189 * note that we don't need to debug_print() the input, since the 190 * function hmac_update() already did that for us 191 */ 192 debug_print(mod_hmac, "intermediate state: %s", 193 octet_string_hex_string((uint8_t *)H, 20)); 194 195 /* re-initialize hash context */ 196 sha1_init(&state->ctx); 197 198 /* hash opad ^ key */ 199 sha1_update(&state->ctx, (uint8_t *)state->opad, 64); 200 201 /* hash the result of the inner hash */ 202 sha1_update(&state->ctx, (uint8_t *)H, 20); 203 204 /* the result is returned in the array hash_value[] */ 205 sha1_final(&state->ctx, hash_value); 206 207 /* copy hash_value to *result */ 208 for (i=0; i < tag_len; i++) 209 result[i] = ((uint8_t *)hash_value)[i]; 210 211 debug_print(mod_hmac, "output: %s", 212 octet_string_hex_string((uint8_t *)hash_value, tag_len)); 213 214 return err_status_ok; 54 srtp_debug_module_t srtp_mod_hmac = { 55 0, /* debugging is off by default */ 56 "hmac sha-1" /* printable name for module */ 57 }; 58 59 60 static srtp_err_status_t srtp_hmac_alloc (srtp_auth_t **a, int key_len, int out_len) 61 { 62 extern const srtp_auth_type_t srtp_hmac; 63 uint8_t *pointer; 64 65 debug_print(srtp_mod_hmac, "allocating auth func with key length %d", key_len); 66 debug_print(srtp_mod_hmac, " tag length %d", out_len); 67 68 /* 69 * check key length - note that we don't support keys larger 70 * than 20 bytes yet 71 */ 72 if (key_len > 20) { 73 return srtp_err_status_bad_param; 74 } 75 76 /* check output length - should be less than 20 bytes */ 77 if (out_len > 20) { 78 return srtp_err_status_bad_param; 79 } 80 81 /* allocate memory for auth and srtp_hmac_ctx_t structures */ 82 pointer = (uint8_t*)srtp_crypto_alloc(sizeof(srtp_hmac_ctx_t) + sizeof(srtp_auth_t)); 83 if (pointer == NULL) { 84 return srtp_err_status_alloc_fail; 85 } 86 87 /* set pointers */ 88 *a = (srtp_auth_t*)pointer; 89 (*a)->type = &srtp_hmac; 90 (*a)->state = pointer + sizeof(srtp_auth_t); 91 (*a)->out_len = out_len; 92 (*a)->key_len = key_len; 93 (*a)->prefix_len = 0; 94 95 return srtp_err_status_ok; 96 } 97 98 static srtp_err_status_t srtp_hmac_dealloc (srtp_auth_t *a) 99 { 100 /* zeroize entire state*/ 101 octet_string_set_to_zero(a, sizeof(srtp_hmac_ctx_t) + sizeof(srtp_auth_t)); 102 103 /* free memory */ 104 srtp_crypto_free(a); 105 106 return srtp_err_status_ok; 107 } 108 109 static srtp_err_status_t srtp_hmac_init (void *statev, const uint8_t *key, int key_len) 110 { 111 srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev; 112 int i; 113 uint8_t ipad[64]; 114 115 /* 116 * check key length - note that we don't support keys larger 117 * than 20 bytes yet 118 */ 119 if (key_len > 20) { 120 return srtp_err_status_bad_param; 121 } 122 123 /* 124 * set values of ipad and opad by exoring the key into the 125 * appropriate constant values 126 */ 127 for (i = 0; i < key_len; i++) { 128 ipad[i] = key[i] ^ 0x36; 129 state->opad[i] = key[i] ^ 0x5c; 130 } 131 /* set the rest of ipad, opad to constant values */ 132 for (; i < 64; i++) { 133 ipad[i] = 0x36; 134 ((uint8_t*)state->opad)[i] = 0x5c; 135 } 136 137 debug_print(srtp_mod_hmac, "ipad: %s", srtp_octet_string_hex_string(ipad, 64)); 138 139 /* initialize sha1 context */ 140 srtp_sha1_init(&state->init_ctx); 141 142 /* hash ipad ^ key */ 143 srtp_sha1_update(&state->init_ctx, ipad, 64); 144 memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t)); 145 146 return srtp_err_status_ok; 147 } 148 149 static srtp_err_status_t srtp_hmac_start (void *statev) 150 { 151 srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev; 152 153 memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t)); 154 155 return srtp_err_status_ok; 156 } 157 158 static srtp_err_status_t srtp_hmac_update (void *statev, const uint8_t *message, int msg_octets) 159 { 160 srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev; 161 162 debug_print(srtp_mod_hmac, "input: %s", 163 srtp_octet_string_hex_string(message, msg_octets)); 164 165 /* hash message into sha1 context */ 166 srtp_sha1_update(&state->ctx, message, msg_octets); 167 168 return srtp_err_status_ok; 169 } 170 171 static srtp_err_status_t srtp_hmac_compute (void *statev, const uint8_t *message, 172 int msg_octets, int tag_len, uint8_t *result) 173 { 174 srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev; 175 uint32_t hash_value[5]; 176 uint32_t H[5]; 177 int i; 178 179 /* check tag length, return error if we can't provide the value expected */ 180 if (tag_len > 20) { 181 return srtp_err_status_bad_param; 182 } 183 184 /* hash message, copy output into H */ 185 srtp_hmac_update(state, message, msg_octets); 186 srtp_sha1_final(&state->ctx, H); 187 188 /* 189 * note that we don't need to debug_print() the input, since the 190 * function hmac_update() already did that for us 191 */ 192 debug_print(srtp_mod_hmac, "intermediate state: %s", 193 srtp_octet_string_hex_string((uint8_t*)H, 20)); 194 195 /* re-initialize hash context */ 196 srtp_sha1_init(&state->ctx); 197 198 /* hash opad ^ key */ 199 srtp_sha1_update(&state->ctx, (uint8_t*)state->opad, 64); 200 201 /* hash the result of the inner hash */ 202 srtp_sha1_update(&state->ctx, (uint8_t*)H, 20); 203 204 /* the result is returned in the array hash_value[] */ 205 srtp_sha1_final(&state->ctx, hash_value); 206 207 /* copy hash_value to *result */ 208 for (i = 0; i < tag_len; i++) { 209 result[i] = ((uint8_t*)hash_value)[i]; 210 } 211 212 debug_print(srtp_mod_hmac, "output: %s", 213 srtp_octet_string_hex_string((uint8_t*)hash_value, tag_len)); 214 215 return srtp_err_status_ok; 215 216 } 216 217 … … 218 219 /* begin test case 0 */ 219 220 220 uint8_t 221 hmac_test_case_0_key[20] = { 222 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 223 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 224 0x0b, 0x0b, 0x0b, 0x0b 225 }; 226 227 uint8_t 228 hmac_test_case_0_data[8] = { 229 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */ 230 }; 231 232 uint8_t 233 hmac_test_case_0_tag[20] = { 234 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 235 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, 236 0xf1, 0x46, 0xbe, 0x00 237 }; 238 239 auth_test_case_t 240 hmac_test_case_0 = { 241 20, /* octets in key */ 242 hmac_test_case_0_key, /* key */ 243 8, /* octets in data */ 244 hmac_test_case_0_data, /* data */ 245 20, /* octets in tag */ 246 hmac_test_case_0_tag, /* tag */ 247 NULL /* pointer to next testcase */ 221 static const uint8_t srtp_hmac_test_case_0_key[20] = { 222 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 223 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 224 0x0b, 0x0b, 0x0b, 0x0b 225 }; 226 227 static const uint8_t srtp_hmac_test_case_0_data[8] = { 228 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */ 229 }; 230 231 static const uint8_t srtp_hmac_test_case_0_tag[20] = { 232 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 233 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, 234 0xf1, 0x46, 0xbe, 0x00 235 }; 236 237 static const srtp_auth_test_case_t srtp_hmac_test_case_0 = { 238 20, /* octets in key */ 239 srtp_hmac_test_case_0_key, /* key */ 240 8, /* octets in data */ 241 srtp_hmac_test_case_0_data, /* data */ 242 20, /* octets in tag */ 243 srtp_hmac_test_case_0_tag, /* tag */ 244 NULL /* pointer to next testcase */ 248 245 }; 249 246 250 247 /* end test case 0 */ 251 248 252 charhmac_description[] = "hmac sha-1 authentication function";249 static const char srtp_hmac_description[] = "hmac sha-1 authentication function"; 253 250 254 251 /* 255 * auth_type_t hmac is the hmac metaobject252 * srtp_auth_type_t hmac is the hmac metaobject 256 253 */ 257 254 258 auth_type_t 259 hmac = { 260 (auth_alloc_func) hmac_alloc, 261 (auth_dealloc_func) hmac_dealloc, 262 (auth_init_func) hmac_init, 263 (auth_compute_func) hmac_compute, 264 (auth_update_func) hmac_update, 265 (auth_start_func) hmac_start, 266 (char *) hmac_description, 267 (int) 0, /* instance count */ 268 (auth_test_case_t *) &hmac_test_case_0, 269 (debug_module_t *) &mod_hmac, 270 (auth_type_id_t) HMAC_SHA1 271 }; 272 255 const srtp_auth_type_t srtp_hmac = { 256 srtp_hmac_alloc, 257 srtp_hmac_dealloc, 258 srtp_hmac_init, 259 srtp_hmac_compute, 260 srtp_hmac_update, 261 srtp_hmac_start, 262 srtp_hmac_description, 263 &srtp_hmac_test_case_0, 264 SRTP_HMAC_SHA1 265 }; 266 -
pjproject/trunk/third_party/srtp/crypto/hash/hmac_ossl.c
r5261 r5614 2 2 * hmac_ossl.c 3 3 * 4 * Implementation of hmac auth_type_t that leverages OpenSSL4 * Implementation of hmac srtp_auth_type_t that leverages OpenSSL 5 5 * 6 6 * John A. Foley … … 9 9 /* 10 10 * 11 * Copyright(c) 2013 , Cisco Systems, Inc.11 * Copyright(c) 2013-2017, Cisco Systems, Inc. 12 12 * All rights reserved. 13 13 * … … 47 47 #endif 48 48 49 #include " hmac.h"49 #include "auth.h" 50 50 #include "alloc.h" 51 #include "err.h" /* for srtp_debug */ 51 52 #include <openssl/evp.h> 52 53 #define HMAC_KEYLEN_MAX 20 53 #include <openssl/hmac.h> 54 55 #define SHA1_DIGEST_SIZE 20 54 56 55 57 /* the debug module for authentiation */ 56 58 57 debug_module_tmod_hmac = {59 srtp_debug_module_t srtp_mod_hmac = { 58 60 0, /* debugging is off by default */ 59 61 "hmac sha-1 openssl" /* printable name for module */ … … 61 63 62 64 63 err_status_t 64 hmac_alloc (auth_t **a, int key_len, int out_len) 65 { 66 extern auth_type_t hmac; 67 uint8_t *pointer; 68 hmac_ctx_t *new_hmac_ctx; 69 70 debug_print(mod_hmac, "allocating auth func with key length %d", key_len); 71 debug_print(mod_hmac, " tag length %d", out_len); 72 73 /* 74 * check key length - note that we don't support keys larger 75 * than 20 bytes yet 76 */ 77 if (key_len > HMAC_KEYLEN_MAX) { 78 return err_status_bad_param; 79 } 65 static srtp_err_status_t srtp_hmac_alloc (srtp_auth_t **a, int key_len, int out_len) 66 { 67 extern const srtp_auth_type_t srtp_hmac; 68 69 debug_print(srtp_mod_hmac, "allocating auth func with key length %d", key_len); 70 debug_print(srtp_mod_hmac, " tag length %d", out_len); 80 71 81 72 /* check output length - should be less than 20 bytes */ 82 if (out_len > HMAC_KEYLEN_MAX) { 83 return err_status_bad_param; 84 } 85 86 /* allocate memory for auth and hmac_ctx_t structures */ 87 pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t)); 88 if (pointer == NULL) { 89 return err_status_alloc_fail; 90 } 73 if (out_len > SHA1_DIGEST_SIZE) { 74 return srtp_err_status_bad_param; 75 } 76 77 /* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated 78 using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */ 79 #if OPENSSL_VERSION_NUMBER < 0x10100000L 80 { 81 /* allocate memory for auth and HMAC_CTX structures */ 82 uint8_t* pointer; 83 HMAC_CTX *new_hmac_ctx; 84 pointer = (uint8_t*)srtp_crypto_alloc(sizeof(HMAC_CTX) + sizeof(srtp_auth_t)); 85 if (pointer == NULL) { 86 return srtp_err_status_alloc_fail; 87 } 88 *a = (srtp_auth_t*)pointer; 89 (*a)->state = pointer + sizeof(srtp_auth_t); 90 new_hmac_ctx = (HMAC_CTX*)((*a)->state); 91 92 HMAC_CTX_init(new_hmac_ctx); 93 } 94 95 #else 96 *a = (srtp_auth_t*)srtp_crypto_alloc(sizeof(srtp_auth_t)); 97 if (*a == NULL) { 98 return srtp_err_status_alloc_fail; 99 } 100 101 (*a)->state = HMAC_CTX_new(); 102 if ((*a)->state == NULL) { 103 srtp_crypto_free(*a); 104 *a = NULL; 105 return srtp_err_status_alloc_fail; 106 } 107 #endif 91 108 92 109 /* set pointers */ 93 *a = (auth_t*)pointer; 94 (*a)->type = &hmac; 95 (*a)->state = pointer + sizeof(auth_t); 110 (*a)->type = &srtp_hmac; 96 111 (*a)->out_len = out_len; 97 112 (*a)->key_len = key_len; 98 113 (*a)->prefix_len = 0; 99 new_hmac_ctx = (hmac_ctx_t*)((*a)->state); 100 memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t)); 101 102 /* increment global count of all hmac uses */ 103 hmac.ref_count++; 104 105 return err_status_ok; 106 } 107 108 err_status_t 109 hmac_dealloc (auth_t *a) 110 { 111 extern auth_type_t hmac; 112 hmac_ctx_t *hmac_ctx; 113 114 hmac_ctx = (hmac_ctx_t*)a->state; 115 if (hmac_ctx->ctx_initialized) { 116 EVP_MD_CTX_cleanup(&hmac_ctx->ctx); 117 } 118 if (hmac_ctx->init_ctx_initialized) { 119 EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx); 120 } 114 115 return srtp_err_status_ok; 116 } 117 118 static srtp_err_status_t srtp_hmac_dealloc (srtp_auth_t *a) 119 { 120 HMAC_CTX *hmac_ctx; 121 122 hmac_ctx = (HMAC_CTX*)a->state; 123 124 #if OPENSSL_VERSION_NUMBER < 0x10100000L 125 HMAC_CTX_cleanup(hmac_ctx); 121 126 122 127 /* zeroize entire state*/ 123 octet_string_set_to_zero((uint8_t*)a, 124 sizeof(hmac_ctx_t) + sizeof(auth_t)); 128 octet_string_set_to_zero(a, sizeof(HMAC_CTX) + sizeof(srtp_auth_t)); 129 130 #else 131 HMAC_CTX_free(hmac_ctx); 132 133 /* zeroize entire state*/ 134 octet_string_set_to_zero(a, sizeof(srtp_auth_t)); 135 #endif 125 136 126 137 /* free memory */ 127 crypto_free(a); 128 129 /* decrement global count of all hmac uses */ 130 hmac.ref_count--; 131 132 return err_status_ok; 133 } 134 135 err_status_t 136 hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len) 137 { 138 srtp_crypto_free(a); 139 140 return srtp_err_status_ok; 141 } 142 143 static srtp_err_status_t srtp_hmac_start (void *statev) 144 { 145 HMAC_CTX *state = (HMAC_CTX *)statev; 146 147 if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0) 148 return srtp_err_status_auth_fail; 149 150 return srtp_err_status_ok; 151 } 152 153 static srtp_err_status_t srtp_hmac_init (void *statev, const uint8_t *key, int key_len) 154 { 155 HMAC_CTX *state = (HMAC_CTX *)statev; 156 157 if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0) 158 return srtp_err_status_auth_fail; 159 160 return srtp_err_status_ok; 161 } 162 163 static srtp_err_status_t srtp_hmac_update (void *statev, const uint8_t *message, int msg_octets) 164 { 165 HMAC_CTX *state = (HMAC_CTX *)statev; 166 167 debug_print(srtp_mod_hmac, "input: %s", 168 srtp_octet_string_hex_string(message, msg_octets)); 169 170 if (HMAC_Update(state, message, msg_octets) == 0) 171 return srtp_err_status_auth_fail; 172 173 return srtp_err_status_ok; 174 } 175 176 static srtp_err_status_t srtp_hmac_compute (void *statev, const uint8_t *message, 177 int msg_octets, int tag_len, uint8_t *result) 178 { 179 HMAC_CTX *state = (HMAC_CTX *)statev; 180 uint8_t hash_value[SHA1_DIGEST_SIZE]; 138 181 int i; 139 uint8_t ipad[64]; 140 141 /* 142 * check key length - note that we don't support keys larger 143 * than 20 bytes yet 144 */ 145 if (key_len > HMAC_KEYLEN_MAX) { 146 return err_status_bad_param; 147 } 148 149 /* 150 * set values of ipad and opad by exoring the key into the 151 * appropriate constant values 152 */ 153 for (i = 0; i < key_len; i++) { 154 ipad[i] = key[i] ^ 0x36; 155 state->opad[i] = key[i] ^ 0x5c; 156 } 157 /* set the rest of ipad, opad to constant values */ 158 for (; i < sizeof(ipad); i++) { 159 ipad[i] = 0x36; 160 ((uint8_t*)state->opad)[i] = 0x5c; 161 } 162 163 debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, sizeof(ipad))); 164 165 /* initialize sha1 context */ 166 sha1_init(&state->init_ctx); 167 state->init_ctx_initialized = 1; 168 169 /* hash ipad ^ key */ 170 sha1_update(&state->init_ctx, ipad, sizeof(ipad)); 171 return (hmac_start(state)); 172 } 173 174 err_status_t 175 hmac_start (hmac_ctx_t *state) 176 { 177 if (state->ctx_initialized) { 178 EVP_MD_CTX_cleanup(&state->ctx); 179 } 180 if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) { 181 return err_status_auth_fail; 182 } else { 183 state->ctx_initialized = 1; 184 return err_status_ok; 185 } 186 } 187 188 err_status_t 189 hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets) 190 { 191 debug_print(mod_hmac, "input: %s", 192 octet_string_hex_string(message, msg_octets)); 193 194 /* hash message into sha1 context */ 195 sha1_update(&state->ctx, message, msg_octets); 196 197 return err_status_ok; 198 } 199 200 err_status_t 201 hmac_compute (hmac_ctx_t *state, const void *message, 202 int msg_octets, int tag_len, uint8_t *result) 203 { 204 uint32_t hash_value[5]; 205 uint32_t H[5]; 206 int i; 182 unsigned int len; 207 183 208 184 /* check tag length, return error if we can't provide the value expected */ 209 if (tag_len > HMAC_KEYLEN_MAX) {210 return err_status_bad_param;185 if (tag_len > SHA1_DIGEST_SIZE) { 186 return srtp_err_status_bad_param; 211 187 } 212 188 213 189 /* hash message, copy output into H */ 214 sha1_update(&state->ctx, message, msg_octets); 215 sha1_final(&state->ctx, H); 216 217 /* 218 * note that we don't need to debug_print() the input, since the 219 * function hmac_update() already did that for us 220 */ 221 debug_print(mod_hmac, "intermediate state: %s", 222 octet_string_hex_string((uint8_t*)H, sizeof(H))); 223 224 /* re-initialize hash context */ 225 sha1_init(&state->ctx); 226 227 /* hash opad ^ key */ 228 sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad)); 229 230 /* hash the result of the inner hash */ 231 sha1_update(&state->ctx, (uint8_t*)H, sizeof(H)); 232 233 /* the result is returned in the array hash_value[] */ 234 sha1_final(&state->ctx, hash_value); 190 if (HMAC_Update(state, message, msg_octets) == 0) 191 return srtp_err_status_auth_fail; 192 193 if (HMAC_Final(state, hash_value, &len) == 0) 194 return srtp_err_status_auth_fail; 195 196 if (len < tag_len) 197 return srtp_err_status_auth_fail; 235 198 236 199 /* copy hash_value to *result */ 237 200 for (i = 0; i < tag_len; i++) { 238 result[i] = ((uint8_t*)hash_value)[i];239 } 240 241 debug_print( mod_hmac, "output: %s",242 octet_string_hex_string((uint8_t*)hash_value, tag_len));243 244 return err_status_ok;201 result[i] = hash_value[i]; 202 } 203 204 debug_print(srtp_mod_hmac, "output: %s", 205 srtp_octet_string_hex_string(hash_value, tag_len)); 206 207 return srtp_err_status_ok; 245 208 } 246 209 … … 248 211 /* begin test case 0 */ 249 212 250 uint8_t 251 hmac_test_case_0_key[HMAC_KEYLEN_MAX] = { 213 static const uint8_t srtp_hmac_test_case_0_key[SHA1_DIGEST_SIZE] = { 252 214 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 253 215 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, … … 255 217 }; 256 218 257 uint8_t 258 hmac_test_case_0_data[8] = { 219 static const uint8_t srtp_hmac_test_case_0_data[8] = { 259 220 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */ 260 221 }; 261 222 262 uint8_t 263 hmac_test_case_0_tag[HMAC_KEYLEN_MAX] = { 223 static const uint8_t srtp_hmac_test_case_0_tag[SHA1_DIGEST_SIZE] = { 264 224 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 265 225 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, … … 267 227 }; 268 228 269 auth_test_case_t 270 hmac_test_case_0 = { 271 sizeof(hmac_test_case_0_key), /* octets in key */ 272 hmac_test_case_0_key, /* key */ 273 sizeof(hmac_test_case_0_data), /* octets in data */ 274 hmac_test_case_0_data, /* data */ 275 sizeof(hmac_test_case_0_tag), /* octets in tag */ 276 hmac_test_case_0_tag, /* tag */ 229 static const srtp_auth_test_case_t srtp_hmac_test_case_0 = { 230 sizeof(srtp_hmac_test_case_0_key), /* octets in key */ 231 srtp_hmac_test_case_0_key, /* key */ 232 sizeof(srtp_hmac_test_case_0_data), /* octets in data */ 233 srtp_hmac_test_case_0_data, /* data */ 234 sizeof(srtp_hmac_test_case_0_tag), /* octets in tag */ 235 srtp_hmac_test_case_0_tag, /* tag */ 277 236 NULL /* pointer to next testcase */ 278 237 }; … … 280 239 /* end test case 0 */ 281 240 282 charhmac_description[] = "hmac sha-1 authentication function";241 static const char srtp_hmac_description[] = "hmac sha-1 authentication function"; 283 242 284 243 /* 285 * auth_type_t hmac is the hmac metaobject244 * srtp_auth_type_t hmac is the hmac metaobject 286 245 */ 287 246 288 auth_type_t 289 hmac = { 290 (auth_alloc_func) hmac_alloc, 291 (auth_dealloc_func) hmac_dealloc, 292 (auth_init_func) hmac_init, 293 (auth_compute_func) hmac_compute, 294 (auth_update_func) hmac_update, 295 (auth_start_func) hmac_start, 296 (char*) hmac_description, 297 (int) 0, /* instance count */ 298 (auth_test_case_t*) &hmac_test_case_0, 299 (debug_module_t*) &mod_hmac, 300 (auth_type_id_t) HMAC_SHA1 301 }; 302 247 const srtp_auth_type_t srtp_hmac = { 248 srtp_hmac_alloc, 249 srtp_hmac_dealloc, 250 srtp_hmac_init, 251 srtp_hmac_compute, 252 srtp_hmac_update, 253 srtp_hmac_start, 254 srtp_hmac_description, 255 &srtp_hmac_test_case_0, 256 SRTP_HMAC_SHA1 257 }; 258 -
pjproject/trunk/third_party/srtp/crypto/hash/null_auth.c
r5261 r5614 10 10 11 11 /* 12 * 13 * Copyright (c) 2001-20 06, Cisco Systems, Inc.12 * 13 * Copyright (c) 2001-2017, Cisco Systems, Inc. 14 14 * All rights reserved. 15 * 15 * 16 16 * Redistribution and use in source and binary forms, with or without 17 17 * modification, are permitted provided that the following conditions 18 18 * are met: 19 * 19 * 20 20 * Redistributions of source code must retain the above copyright 21 21 * notice, this list of conditions and the following disclaimer. 22 * 22 * 23 23 * Redistributions in binary form must reproduce the above 24 24 * copyright notice, this list of conditions and the following 25 25 * disclaimer in the documentation and/or other materials provided 26 26 * with the distribution. 27 * 27 * 28 28 * Neither the name of the Cisco Systems, Inc. nor the names of its 29 29 * contributors may be used to endorse or promote products derived 30 30 * from this software without specific prior written permission. 31 * 31 * 32 32 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 33 33 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 49 49 #endif 50 50 51 #include "null_auth.h" 51 #include "null_auth.h" 52 #include "err.h" /* for srtp_debug */ 52 53 #include "alloc.h" 53 54 54 55 /* null_auth uses the auth debug module */ 55 56 56 extern debug_module_tmod_auth;57 extern srtp_debug_module_t srtp_mod_auth; 57 58 58 err_status_t 59 null_auth_alloc(auth_t **a, int key_len, int out_len){60 extern auth_type_tnull_auth;61 uint8_t *pointer;59 static srtp_err_status_t srtp_null_auth_alloc (srtp_auth_t **a, int key_len, int out_len) 60 { 61 extern const srtp_auth_type_t srtp_null_auth; 62 uint8_t *pointer; 62 63 63 debug_print(mod_auth, "allocating auth func with key length %d", key_len);64 debug_print(mod_auth, " tag length %d", out_len);64 debug_print(srtp_mod_auth, "allocating auth func with key length %d", key_len); 65 debug_print(srtp_mod_auth, " tag length %d", out_len); 65 66 66 /* allocate memory for auth and null_auth_ctx_t structures */ 67 pointer = (uint8_t*)crypto_alloc(sizeof(null_auth_ctx_t) + sizeof(auth_t)); 68 if (pointer == NULL) 69 return err_status_alloc_fail; 67 /* allocate memory for auth and srtp_null_auth_ctx_t structures */ 68 pointer = (uint8_t*)srtp_crypto_alloc(sizeof(srtp_null_auth_ctx_t) + sizeof(srtp_auth_t)); 69 if (pointer == NULL) { 70 return srtp_err_status_alloc_fail; 71 } 70 72 71 /* set pointers */72 *a = (auth_t*)pointer;73 (*a)->type = &null_auth;74 (*a)->state = pointer + sizeof (auth_t);75 (*a)->out_len = out_len;76 (*a)->prefix_len = out_len;77 (*a)->key_len = key_len;73 /* set pointers */ 74 *a = (srtp_auth_t*)pointer; 75 (*a)->type = &srtp_null_auth; 76 (*a)->state = pointer + sizeof(srtp_auth_t); 77 (*a)->out_len = out_len; 78 (*a)->prefix_len = out_len; 79 (*a)->key_len = key_len; 78 80 79 /* increment global count of all null_auth uses */ 80 null_auth.ref_count++; 81 82 return err_status_ok; 81 return srtp_err_status_ok; 83 82 } 84 83 85 err_status_t 86 null_auth_dealloc(auth_t *a) { 87 extern auth_type_t null_auth; 88 89 /* zeroize entire state*/ 90 octet_string_set_to_zero((uint8_t *)a, 91 sizeof(null_auth_ctx_t) + sizeof(auth_t)); 84 static srtp_err_status_t srtp_null_auth_dealloc (srtp_auth_t *a) 85 { 86 extern const srtp_auth_type_t srtp_null_auth; 92 87 93 /* free memory */ 94 crypto_free(a); 95 96 /* decrement global count of all null_auth uses */ 97 null_auth.ref_count--; 88 /* zeroize entire state*/ 89 octet_string_set_to_zero(a, sizeof(srtp_null_auth_ctx_t) + sizeof(srtp_auth_t)); 98 90 99 return err_status_ok; 91 /* free memory */ 92 srtp_crypto_free(a); 93 94 return srtp_err_status_ok; 100 95 } 101 96 102 err_status_t 103 null_auth_init(null_auth_ctx_t *state, const uint8_t *key, int key_len) { 97 static srtp_err_status_t srtp_null_auth_init (void *statev, const uint8_t *key, int key_len) 98 { 99 /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */ 100 /* accept any length of key, and do nothing */ 104 101 105 /* accept any length of key, and do nothing */ 106 107 return err_status_ok; 102 return srtp_err_status_ok; 108 103 } 109 104 110 err_status_t 111 null_auth_compute(null_auth_ctx_t *state, uint8_t *message, 112 int msg_octets, int tag_len, uint8_t *result) { 105 static srtp_err_status_t srtp_null_auth_compute (void *statev, const uint8_t *message, 106 int msg_octets, int tag_len, uint8_t *result) 107 { 108 /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */ 113 109 114 returnerr_status_ok;110 return srtp_err_status_ok; 115 111 } 116 112 117 err_status_t 118 null_auth_update(null_auth_ctx_t *state, uint8_t *message, 119 int msg_octets) { 113 static srtp_err_status_t srtp_null_auth_update (void *statev, const uint8_t *message, 114 int msg_octets) 115 { 116 /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */ 120 117 121 returnerr_status_ok;118 return srtp_err_status_ok; 122 119 } 123 120 124 err_status_t 125 null_auth_start(null_auth_ctx_t *state) { 126 return err_status_ok; 121 static srtp_err_status_t srtp_null_auth_start (void *statev) 122 { 123 /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */ 124 125 return srtp_err_status_ok; 127 126 } 128 127 129 128 /* 130 * auth_type_t - defines description, test case, and null_auth129 * srtp_auth_type_t - defines description, test case, and null_auth 131 130 * metaobject 132 131 */ … … 134 133 /* begin test case 0 */ 135 134 136 auth_test_case_t 137 null_auth_test_case_0 = { 138 0, /* octets in key */ 139 NULL, /* key */ 140 0, /* octets in data */ 141 NULL, /* data */ 142 0, /* octets in tag */ 143 NULL, /* tag */ 144 NULL /* pointer to next testcase */ 135 static const srtp_auth_test_case_t srtp_null_auth_test_case_0 = { 136 0, /* octets in key */ 137 NULL, /* key */ 138 0, /* octets in data */ 139 NULL, /* data */ 140 0, /* octets in tag */ 141 NULL, /* tag */ 142 NULL /* pointer to next testcase */ 145 143 }; 146 144 147 145 /* end test case 0 */ 148 146 149 charnull_auth_description[] = "null authentication function";147 static const char srtp_null_auth_description[] = "null authentication function"; 150 148 151 auth_type_t 152 null_auth = { 153 (auth_alloc_func) null_auth_alloc, 154 (auth_dealloc_func) null_auth_dealloc, 155 (auth_init_func) null_auth_init, 156 (auth_compute_func) null_auth_compute, 157 (auth_update_func) null_auth_update, 158 (auth_start_func) null_auth_start, 159 (char *) null_auth_description, 160 (int) 0, /* instance count */ 161 (auth_test_case_t *) &null_auth_test_case_0, 162 (debug_module_t *) NULL, 163 (auth_type_id_t) NULL_AUTH 149 const srtp_auth_type_t srtp_null_auth = { 150 srtp_null_auth_alloc, 151 srtp_null_auth_dealloc, 152 srtp_null_auth_init, 153 srtp_null_auth_compute, 154 srtp_null_auth_update, 155 srtp_null_auth_start, 156 srtp_null_auth_description, 157 &srtp_null_auth_test_case_0, 158 SRTP_NULL_AUTH 164 159 }; 165 160 -
pjproject/trunk/third_party/srtp/crypto/hash/sha1.c
r5261 r5614 10 10 11 11 /* 12 * 13 * Copyright (c) 2001-20 06, Cisco Systems, Inc.12 * 13 * Copyright (c) 2001-2017, Cisco Systems, Inc. 14 14 * All rights reserved. 15 * 15 * 16 16 * Redistribution and use in source and binary forms, with or without 17 17 * modification, are permitted provided that the following conditions 18 18 * are met: 19 * 19 * 20 20 * Redistributions of source code must retain the above copyright 21 21 * notice, this list of conditions and the following disclaimer. 22 * 22 * 23 23 * Redistributions in binary form must reproduce the above 24 24 * copyright notice, this list of conditions and the following 25 25 * disclaimer in the documentation and/or other materials provided 26 26 * with the distribution. 27 * 27 * 28 28 * Neither the name of the Cisco Systems, Inc. nor the names of its 29 29 * contributors may be used to endorse or promote products derived 30 30 * from this software without specific prior written permission. 31 * 31 * 32 32 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 33 33 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 51 51 #include "sha1.h" 52 52 53 debug_module_tmod_sha1 = {54 0,/* debugging is off by default */55 "sha-1"/* printable module name */53 srtp_debug_module_t srtp_mod_sha1 = { 54 0, /* debugging is off by default */ 55 "sha-1" /* printable module name */ 56 56 }; 57 57 … … 61 61 #define S30(X) ((X << 30) | (X >> 2)) 62 62 63 #define f0(B, C,D) ((B & C) | (~B & D))64 #define f1(B, C,D) (B ^ C ^ D)65 #define f2(B, C,D) ((B & C) | (B & D) | (C & D))66 #define f3(B, C,D) (B ^ C ^ D)67 68 /* 69 * nota bene: the variable K0 appears in the curses library, so we 70 * give longer names to these variables to avoid spurious warnings 63 #define f0(B, C, D) ((B & C) | (~B & D)) 64 #define f1(B, C, D) (B ^ C ^ D) 65 #define f2(B, C, D) ((B & C) | (B & D) | (C & D)) 66 #define f3(B, C, D) (B ^ C ^ D) 67 68 /* 69 * nota bene: the variable K0 appears in the curses library, so we 70 * give longer names to these variables to avoid spurious warnings 71 71 * on systems that uses curses 72 72 */ … … 77 77 uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */ 78 78 79 void 80 sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]){81 sha1_ctx_t ctx;82 83 sha1_init(&ctx);84 sha1_update(&ctx, msg, octets_in_msg);85 sha1_final(&ctx, hash_value);79 void srtp_sha1 (const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) 80 { 81 srtp_sha1_ctx_t ctx; 82 83 srtp_sha1_init(&ctx); 84 srtp_sha1_update(&ctx, msg, octets_in_msg); 85 srtp_sha1_final(&ctx, hash_value); 86 86 87 87 } 88 88 89 89 /* 90 * s ha1_core(M, H) computes the core compression function, where M is90 * srtp_sha1_core(M, H) computes the core compression function, where M is 91 91 * the next part of the message (in network byte order) and H is the 92 92 * intermediate state { H0, H1, ...} (in host byte order) … … 99 99 */ 100 100 101 void 102 sha1_core(const uint32_t M[16], uint32_t hash_value[5]){103 uint32_t H0;104 uint32_t H1;105 uint32_t H2;106 uint32_t H3;107 uint32_t H4;108 uint32_t W[80];109 uint32_t A, B, C, D, E, TEMP;110 int t;111 112 /* copy hash_value into H0, H1, H2, H3, H4 */113 H0 = hash_value[0];114 H1 = hash_value[1];115 H2 = hash_value[2];116 H3 = hash_value[3];117 H4 = hash_value[4];118 119 /* copy/xor message into array */120 121 W[0] = be32_to_cpu(M[0]);122 W[1] = be32_to_cpu(M[1]);123 W[2] = be32_to_cpu(M[2]);124 W[3] = be32_to_cpu(M[3]);125 W[4] = be32_to_cpu(M[4]);126 W[5] = be32_to_cpu(M[5]);127 W[6] = be32_to_cpu(M[6]);128 W[7] = be32_to_cpu(M[7]);129 W[8] = be32_to_cpu(M[8]);130 W[9] = be32_to_cpu(M[9]);131 W[10] = be32_to_cpu(M[10]);132 W[11] = be32_to_cpu(M[11]);133 W[12] = be32_to_cpu(M[12]);134 W[13] = be32_to_cpu(M[13]);135 W[14] = be32_to_cpu(M[14]);136 W[15] = be32_to_cpu(M[15]);137 TEMP = W[13] ^ W[8] ^ W[2] ^ W[0]; W[16] = S1(TEMP);138 TEMP = W[14] ^ W[9] ^ W[3] ^ W[1]; W[17] = S1(TEMP);139 TEMP = W[15] ^ W[10] ^ W[4] ^ W[2]; W[18] = S1(TEMP);140 TEMP = W[16] ^ W[11] ^ W[5] ^ W[3]; W[19] = S1(TEMP);141 TEMP = W[17] ^ W[12] ^ W[6] ^ W[4]; W[20] = S1(TEMP);142 TEMP = W[18] ^ W[13] ^ W[7] ^ W[5]; W[21] = S1(TEMP);143 TEMP = W[19] ^ W[14] ^ W[8] ^ W[6]; W[22] = S1(TEMP);144 TEMP = W[20] ^ W[15] ^ W[9] ^ W[7]; W[23] = S1(TEMP);145 TEMP = W[21] ^ W[16] ^ W[10] ^ W[8]; W[24] = S1(TEMP);146 TEMP = W[22] ^ W[17] ^ W[11] ^ W[9]; W[25] = S1(TEMP);147 TEMP = W[23] ^ W[18] ^ W[12] ^ W[10]; W[26] = S1(TEMP);148 TEMP = W[24] ^ W[19] ^ W[13] ^ W[11]; W[27] = S1(TEMP);149 TEMP = W[25] ^ W[20] ^ W[14] ^ W[12]; W[28] = S1(TEMP);150 TEMP = W[26] ^ W[21] ^ W[15] ^ W[13]; W[29] = S1(TEMP);151 TEMP = W[27] ^ W[22] ^ W[16] ^ W[14]; W[30] = S1(TEMP);152 TEMP = W[28] ^ W[23] ^ W[17] ^ W[15]; W[31] = S1(TEMP);153 154 /* process the remainder of the array */155 for (t=32; t < 80; t++) {156 TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];157 W[t] = S1(TEMP);158 }159 160 A = H0; B = H1; C = H2; D = H3; E = H4;161 162 for (t=0; t < 20; t++) {163 TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0;164 E = D; D = C; C = S30(B); B = A; A = TEMP;165 }166 for (; t < 40; t++) {167 TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1;168 E = D; D = C; C = S30(B); B = A; A = TEMP;169 }170 for (; t < 60; t++) {171 TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2;172 E = D; D = C; C = S30(B); B = A; A = TEMP;173 }174 for (; t < 80; t++) {175 TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3;176 E = D; D = C; C = S30(B); B = A; A = TEMP;177 }178 179 hash_value[0] = H0 + A;180 hash_value[1] = H1 + B;181 hash_value[2] = H2 + C;182 hash_value[3] = H3 + D;183 hash_value[4] = H4 + E;184 185 return;101 void srtp_sha1_core (const uint32_t M[16], uint32_t hash_value[5]) 102 { 103 uint32_t H0; 104 uint32_t H1; 105 uint32_t H2; 106 uint32_t H3; 107 uint32_t H4; 108 uint32_t W[80]; 109 uint32_t A, B, C, D, E, TEMP; 110 int t; 111 112 /* copy hash_value into H0, H1, H2, H3, H4 */ 113 H0 = hash_value[0]; 114 H1 = hash_value[1]; 115 H2 = hash_value[2]; 116 H3 = hash_value[3]; 117 H4 = hash_value[4]; 118 119 /* copy/xor message into array */ 120 121 W[0] = be32_to_cpu(M[0]); 122 W[1] = be32_to_cpu(M[1]); 123 W[2] = be32_to_cpu(M[2]); 124 W[3] = be32_to_cpu(M[3]); 125 W[4] = be32_to_cpu(M[4]); 126 W[5] = be32_to_cpu(M[5]); 127 W[6] = be32_to_cpu(M[6]); 128 W[7] = be32_to_cpu(M[7]); 129 W[8] = be32_to_cpu(M[8]); 130 W[9] = be32_to_cpu(M[9]); 131 W[10] = be32_to_cpu(M[10]); 132 W[11] = be32_to_cpu(M[11]); 133 W[12] = be32_to_cpu(M[12]); 134 W[13] = be32_to_cpu(M[13]); 135 W[14] = be32_to_cpu(M[14]); 136 W[15] = be32_to_cpu(M[15]); 137 TEMP = W[13] ^ W[8] ^ W[2] ^ W[0]; W[16] = S1(TEMP); 138 TEMP = W[14] ^ W[9] ^ W[3] ^ W[1]; W[17] = S1(TEMP); 139 TEMP = W[15] ^ W[10] ^ W[4] ^ W[2]; W[18] = S1(TEMP); 140 TEMP = W[16] ^ W[11] ^ W[5] ^ W[3]; W[19] = S1(TEMP); 141 TEMP = W[17] ^ W[12] ^ W[6] ^ W[4]; W[20] = S1(TEMP); 142 TEMP = W[18] ^ W[13] ^ W[7] ^ W[5]; W[21] = S1(TEMP); 143 TEMP = W[19] ^ W[14] ^ W[8] ^ W[6]; W[22] = S1(TEMP); 144 TEMP = W[20] ^ W[15] ^ W[9] ^ W[7]; W[23] = S1(TEMP); 145 TEMP = W[21] ^ W[16] ^ W[10] ^ W[8]; W[24] = S1(TEMP); 146 TEMP = W[22] ^ W[17] ^ W[11] ^ W[9]; W[25] = S1(TEMP); 147 TEMP = W[23] ^ W[18] ^ W[12] ^ W[10]; W[26] = S1(TEMP); 148 TEMP = W[24] ^ W[19] ^ W[13] ^ W[11]; W[27] = S1(TEMP); 149 TEMP = W[25] ^ W[20] ^ W[14] ^ W[12]; W[28] = S1(TEMP); 150 TEMP = W[26] ^ W[21] ^ W[15] ^ W[13]; W[29] = S1(TEMP); 151 TEMP = W[27] ^ W[22] ^ W[16] ^ W[14]; W[30] = S1(TEMP); 152 TEMP = W[28] ^ W[23] ^ W[17] ^ W[15]; W[31] = S1(TEMP); 153 154 /* process the remainder of the array */ 155 for (t = 32; t < 80; t++) { 156 TEMP = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; 157 W[t] = S1(TEMP); 158 } 159 160 A = H0; B = H1; C = H2; D = H3; E = H4; 161 162 for (t = 0; t < 20; t++) { 163 TEMP = S5(A) + f0(B, C, D) + E + W[t] + SHA_K0; 164 E = D; D = C; C = S30(B); B = A; A = TEMP; 165 } 166 for (; t < 40; t++) { 167 TEMP = S5(A) + f1(B, C, D) + E + W[t] + SHA_K1; 168 E = D; D = C; C = S30(B); B = A; A = TEMP; 169 } 170 for (; t < 60; t++) { 171 TEMP = S5(A) + f2(B, C, D) + E + W[t] + SHA_K2; 172 E = D; D = C; C = S30(B); B = A; A = TEMP; 173 } 174 for (; t < 80; t++) { 175 TEMP = S5(A) + f3(B, C, D) + E + W[t] + SHA_K3; 176 E = D; D = C; C = S30(B); B = A; A = TEMP; 177 } 178 179 hash_value[0] = H0 + A; 180 hash_value[1] = H1 + B; 181 hash_value[2] = H2 + C; 182 hash_value[3] = H3 + D; 183 hash_value[4] = H4 + E; 184 185 return; 186 186 } 187 187 188 void 189 sha1_init(sha1_ctx_t *ctx){190 191 /* initialize state vector */192 ctx->H[0] = 0x67452301;193 ctx->H[1] = 0xefcdab89;194 ctx->H[2] = 0x98badcfe;195 ctx->H[3] = 0x10325476;196 ctx->H[4] = 0xc3d2e1f0;197 198 /* indicate that message buffer is empty */199 ctx->octets_in_buffer = 0;200 201 /* reset message bit-count to zero */202 ctx->num_bits_in_msg = 0;188 void srtp_sha1_init (srtp_sha1_ctx_t *ctx) 189 { 190 191 /* initialize state vector */ 192 ctx->H[0] = 0x67452301; 193 ctx->H[1] = 0xefcdab89; 194 ctx->H[2] = 0x98badcfe; 195 ctx->H[3] = 0x10325476; 196 ctx->H[4] = 0xc3d2e1f0; 197 198 /* indicate that message buffer is empty */ 199 ctx->octets_in_buffer = 0; 200 201 /* reset message bit-count to zero */ 202 ctx->num_bits_in_msg = 0; 203 203 204 204 } 205 205 206 void 207 sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) { 208 int i; 209 uint8_t *buf = (uint8_t *)ctx->M; 210 211 /* update message bit-count */ 212 ctx->num_bits_in_msg += octets_in_msg * 8; 213 214 /* loop over 16-word blocks of M */ 215 while (octets_in_msg > 0) { 216 217 if (octets_in_msg + ctx->octets_in_buffer >= 64) { 218 219 /* 220 * copy words of M into msg buffer until that buffer is full, 221 * converting them into host byte order as needed 222 */ 223 octets_in_msg -= (64 - ctx->octets_in_buffer); 224 for (i=ctx->octets_in_buffer; i < 64; i++) 225 buf[i] = *msg++; 226 ctx->octets_in_buffer = 0; 227 228 /* process a whole block */ 229 230 debug_print(mod_sha1, "(update) running sha1_core()", NULL); 231 232 sha1_core(ctx->M, ctx->H); 233 234 } else { 235 236 debug_print(mod_sha1, "(update) not running sha1_core()", NULL); 237 238 for (i=ctx->octets_in_buffer; 239 i < (ctx->octets_in_buffer + octets_in_msg); i++) 240 buf[i] = *msg++; 241 ctx->octets_in_buffer += octets_in_msg; 242 octets_in_msg = 0; 243 } 244 245 } 206 void srtp_sha1_update (srtp_sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) 207 { 208 int i; 209 uint8_t *buf = (uint8_t*)ctx->M; 210 211 /* update message bit-count */ 212 ctx->num_bits_in_msg += octets_in_msg * 8; 213 214 /* loop over 16-word blocks of M */ 215 while (octets_in_msg > 0) { 216 217 if (octets_in_msg + ctx->octets_in_buffer >= 64) { 218 219 /* 220 * copy words of M into msg buffer until that buffer is full, 221 * converting them into host byte order as needed 222 */ 223 octets_in_msg -= (64 - ctx->octets_in_buffer); 224 for (i = ctx->octets_in_buffer; i < 64; i++) { 225 buf[i] = *msg++; 226 } 227 ctx->octets_in_buffer = 0; 228 229 /* process a whole block */ 230 231 debug_print(srtp_mod_sha1, "(update) running srtp_sha1_core()", NULL); 232 233 srtp_sha1_core(ctx->M, ctx->H); 234 235 } else { 236 237 debug_print(srtp_mod_sha1, "(update) not running srtp_sha1_core()", NULL); 238 239 for (i = ctx->octets_in_buffer; 240 i < (ctx->octets_in_buffer + octets_in_msg); i++) { 241 buf[i] = *msg++; 242 } 243 ctx->octets_in_buffer += octets_in_msg; 244 octets_in_msg = 0; 245 } 246 247 } 246 248 247 249 } 248 250 249 251 /* 250 * s ha1_final(ctx, output) computes the result for ctx and copies it252 * srtp_sha1_final(ctx, output) computes the result for ctx and copies it 251 253 * into the twenty octets located at *output 252 254 */ 253 255 254 void 255 sha1_final(sha1_ctx_t *ctx, uint32_t *output) { 256 uint32_t A, B, C, D, E, TEMP; 257 uint32_t W[80]; 258 int i, t; 259 260 /* 261 * process the remaining octets_in_buffer, padding and terminating as 262 * necessary 263 */ 264 { 265 int tail = ctx->octets_in_buffer % 4; 266 267 /* copy/xor message into array */ 268 for (i=0; i < (ctx->octets_in_buffer+3)/4; i++) 269 W[i] = be32_to_cpu(ctx->M[i]); 270 271 /* set the high bit of the octet immediately following the message */ 272 switch (tail) { 273 case (3): 274 W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xffffff00) | 0x80; 275 W[i] = 0x0; 276 break; 277 case (2): 278 W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xffff0000) | 0x8000; 279 W[i] = 0x0; 280 break; 281 case (1): 282 W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xff000000) | 0x800000; 283 W[i] = 0x0; 284 break; 285 case (0): 286 W[i] = 0x80000000; 287 break; 288 } 289 290 /* zeroize remaining words */ 291 for (i++ ; i < 15; i++) 292 W[i] = 0x0; 293 294 /* 295 * if there is room at the end of the word array, then set the 296 * last word to the bit-length of the message; otherwise, set that 297 * word to zero and then we need to do one more run of the 298 * compression algo. 256 void srtp_sha1_final (srtp_sha1_ctx_t *ctx, uint32_t *output) 257 { 258 uint32_t A, B, C, D, E, TEMP; 259 uint32_t W[80]; 260 int i, t; 261 262 /* 263 * process the remaining octets_in_buffer, padding and terminating as 264 * necessary 299 265 */ 300 if (ctx->octets_in_buffer < 56) 301 W[15] = ctx->num_bits_in_msg; 302 else if (ctx->octets_in_buffer < 60) 303 W[15] = 0x0; 304 305 /* process the word array */ 306 for (t=16; t < 80; t++) { 307 TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; 308 W[t] = S1(TEMP); 309 } 310 311 A = ctx->H[0]; 312 B = ctx->H[1]; 313 C = ctx->H[2]; 314 D = ctx->H[3]; 315 E = ctx->H[4]; 316 317 for (t=0; t < 20; t++) { 318 TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0; 319 E = D; D = C; C = S30(B); B = A; A = TEMP; 320 } 321 for ( ; t < 40; t++) { 322 TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1; 323 E = D; D = C; C = S30(B); B = A; A = TEMP; 324 } 325 for ( ; t < 60; t++) { 326 TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2; 327 E = D; D = C; C = S30(B); B = A; A = TEMP; 328 } 329 for ( ; t < 80; t++) { 330 TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3; 331 E = D; D = C; C = S30(B); B = A; A = TEMP; 332 } 333 334 ctx->H[0] += A; 335 ctx->H[1] += B; 336 ctx->H[2] += C; 337 ctx->H[3] += D; 338 ctx->H[4] += E; 339 340 } 341 342 debug_print(mod_sha1, "(final) running sha1_core()", NULL); 343 344 if (ctx->octets_in_buffer >= 56) { 345 346 debug_print(mod_sha1, "(final) running sha1_core() again", NULL); 347 348 /* we need to do one final run of the compression algo */ 349 350 /* 351 * set initial part of word array to zeros, and set the 352 * final part to the number of bits in the message 353 */ 354 for (i=0; i < 15; i++) 355 W[i] = 0x0; 356 W[15] = ctx->num_bits_in_msg; 357 358 /* process the word array */ 359 for (t=16; t < 80; t++) { 360 TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; 361 W[t] = S1(TEMP); 362 } 363 364 A = ctx->H[0]; 365 B = ctx->H[1]; 366 C = ctx->H[2]; 367 D = ctx->H[3]; 368 E = ctx->H[4]; 369 370 for (t=0; t < 20; t++) { 371 TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0; 372 E = D; D = C; C = S30(B); B = A; A = TEMP; 373 } 374 for ( ; t < 40; t++) { 375 TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1; 376 E = D; D = C; C = S30(B); B = A; A = TEMP; 377 } 378 for ( ; t < 60; t++) { 379 TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2; 380 E = D; D = C; C = S30(B); B = A; A = TEMP; 381 } 382 for ( ; t < 80; t++) { 383 TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3; 384 E = D; D = C; C = S30(B); B = A; A = TEMP; 385 } 386 387 ctx->H[0] += A; 388 ctx->H[1] += B; 389 ctx->H[2] += C; 390 ctx->H[3] += D; 391 ctx->H[4] += E; 392 } 393 394 /* copy result into output buffer */ 395 output[0] = be32_to_cpu(ctx->H[0]); 396 output[1] = be32_to_cpu(ctx->H[1]); 397 output[2] = be32_to_cpu(ctx->H[2]); 398 output[3] = be32_to_cpu(ctx->H[3]); 399 output[4] = be32_to_cpu(ctx->H[4]); 400 401 /* indicate that message buffer in context is empty */ 402 ctx->octets_in_buffer = 0; 403 404 return; 266 { 267 int tail = ctx->octets_in_buffer % 4; 268 269 /* copy/xor message into array */ 270 for (i = 0; i < (ctx->octets_in_buffer + 3) / 4; i++) { 271 W[i] = be32_to_cpu(ctx->M[i]); 272 } 273 274 /* set the high bit of the octet immediately following the message */ 275 switch (tail) { 276 case (3): 277 W[i - 1] = (be32_to_cpu(ctx->M[i - 1]) & 0xffffff00) | 0x80; 278 W[i] = 0x0; 279 break; 280 case (2): 281 W[i - 1] = (be32_to_cpu(ctx->M[i - 1]) & 0xffff0000) | 0x8000; 282 W[i] = 0x0; 283 break; 284 case (1): 285 W[i - 1] = (be32_to_cpu(ctx->M[i - 1]) & 0xff000000) | 0x800000; 286 W[i] = 0x0; 287 break; 288 case (0): 289 W[i] = 0x80000000; 290 break; 291 } 292 293 /* zeroize remaining words */ 294 for (i++; i < 15; i++) { 295 W[i] = 0x0; 296 } 297 298 /* 299 * if there is room at the end of the word array, then set the 300 * last word to the bit-length of the message; otherwise, set that 301 * word to zero and then we need to do one more run of the 302 * compression algo. 303 */ 304 if (ctx->octets_in_buffer < 56) { 305 W[15] = ctx->num_bits_in_msg; 306 } else if (ctx->octets_in_buffer < 60) { 307 W[15] = 0x0; 308 } 309 310 /* process the word array */ 311 for (t = 16; t < 80; t++) { 312 TEMP = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; 313 W[t] = S1(TEMP); 314 } 315 316 A = ctx->H[0]; 317 B = ctx->H[1]; 318 C = ctx->H[2]; 319 D = ctx->H[3]; 320 E = ctx->H[4]; 321 322 for (t = 0; t < 20; t++) { 323 TEMP = S5(A) + f0(B, C, D) + E + W[t] + SHA_K0; 324 E = D; D = C; C = S30(B); B = A; A = TEMP; 325 } 326 for (; t < 40; t++) { 327 TEMP = S5(A) + f1(B, C, D) + E + W[t] + SHA_K1; 328 E = D; D = C; C = S30(B); B = A; A = TEMP; 329 } 330 for (; t < 60; t++) { 331 TEMP = S5(A) + f2(B, C, D) + E + W[t] + SHA_K2; 332 E = D; D = C; C = S30(B); B = A; A = TEMP; 333 } 334 for (; t < 80; t++) { 335 TEMP = S5(A) + f3(B, C, D) + E + W[t] + SHA_K3; 336 E = D; D = C; C = S30(B); B = A; A = TEMP; 337 } 338 339 ctx->H[0] += A; 340 ctx->H[1] += B; 341 ctx->H[2] += C; 342 ctx->H[3] += D; 343 ctx->H[4] += E; 344 345 } 346 347 debug_print(srtp_mod_sha1, "(final) running srtp_sha1_core()", NULL); 348 349 if (ctx->octets_in_buffer >= 56) { 350 351 debug_print(srtp_mod_sha1, "(final) running srtp_sha1_core() again", NULL); 352 353 /* we need to do one final run of the compression algo */ 354 355 /* 356 * set initial part of word array to zeros, and set the 357 * final part to the number of bits in the message 358 */ 359 for (i = 0; i < 15; i++) { 360 W[i] = 0x0; 361 } 362 W[15] = ctx->num_bits_in_msg; 363 364 /* process the word array */ 365 for (t = 16; t < 80; t++) { 366 TEMP = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; 367 W[t] = S1(TEMP); 368 } 369 370 A = ctx->H[0]; 371 B = ctx->H[1]; 372 C = ctx->H[2]; 373 D = ctx->H[3]; 374 E = ctx->H[4]; 375 376 for (t = 0; t < 20; t++) { 377 TEMP = S5(A) + f0(B, C, D) + E + W[t] + SHA_K0; 378 E = D; D = C; C = S30(B); B = A; A = TEMP; 379 } 380 for (; t < 40; t++) { 381 TEMP = S5(A) + f1(B, C, D) + E + W[t] + SHA_K1; 382 E = D; D = C; C = S30(B); B = A; A = TEMP; 383 } 384 for (; t < 60; t++) { 385 TEMP = S5(A) + f2(B, C, D) + E + W[t] + SHA_K2; 386 E = D; D = C; C = S30(B); B = A; A = TEMP; 387 } 388 for (; t < 80; t++) { 389 TEMP = S5(A) + f3(B, C, D) + E + W[t] + SHA_K3; 390 E = D; D = C; C = S30(B); B = A; A = TEMP; 391 } 392 393 ctx->H[0] += A; 394 ctx->H[1] += B; 395 ctx->H[2] += C; 396 ctx->H[3] += D; 397 ctx->H[4] += E; 398 } 399 400 /* copy result into output buffer */ 401 output[0] = be32_to_cpu(ctx->H[0]); 402 output[1] = be32_to_cpu(ctx->H[1]); 403 output[2] = be32_to_cpu(ctx->H[2]); 404 output[3] = be32_to_cpu(ctx->H[3]); 405 output[4] = be32_to_cpu(ctx->H[4]); 406 407 /* indicate that message buffer in context is empty */ 408 ctx->octets_in_buffer = 0; 409 410 return; 405 411 } 406 412 -
pjproject/trunk/third_party/srtp/crypto/include/aes.h
r5261 r5614 9 9 10 10 /* 11 * 12 * Copyright (c) 2001-20 06, Cisco Systems, Inc.11 * 12 * Copyright (c) 2001-2017, Cisco Systems, Inc. 13 13 * All rights reserved. 14 * 14 * 15 15 * Redistribution and use in source and binary forms, with or without 16 16 * modification, are permitted provided that the following conditions 17 17 * are met: 18 * 18 * 19 19 * Redistributions of source code must retain the above copyright 20 20 * notice, this list of conditions and the following disclaimer. 21 * 21 * 22 22 * Redistributions in binary form must reproduce the above 23 23 * copyright notice, this list of conditions and the following 24 24 * disclaimer in the documentation and/or other materials provided 25 25 * with the distribution. 26 * 26 * 27 27 * Neither the name of the Cisco Systems, Inc. nor the names of its 28 28 * contributors may be used to endorse or promote products derived 29 29 * from this software without specific prior written permission. 30 * 30 * 31 31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 32 32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 44 44 */ 45 45 46 #ifndef _AES_H47 #define _AES_H46 #ifndef AES_H 47 #define AES_H 48 48 49 49 #include "datatypes.h" 50 #include "gf2_8.h"51 50 #include "err.h" 51 52 #ifdef __cplusplus 53 extern "C" { 54 #endif 52 55 53 56 /* aes internals */ 54 57 55 58 typedef struct { 56 v128_t round[15];57 int num_rounds;58 } aes_expanded_key_t;59 v128_t round[15]; 60 int num_rounds; 61 } srtp_aes_expanded_key_t; 59 62 60 err_status_t 61 aes_expand_encryption_key(const uint8_t *key,62 63 63 srtp_err_status_t srtp_aes_expand_encryption_key( 64 const uint8_t *key, 65 int key_len, 66 srtp_aes_expanded_key_t *expanded_key); 64 67 65 err_status_t 66 aes_expand_decryption_key(const uint8_t *key,67 68 68 srtp_err_status_t srtp_aes_expand_decryption_key( 69 const uint8_t *key, 70 int key_len, 71 srtp_aes_expanded_key_t *expanded_key); 69 72 70 void 71 aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key); 73 void srtp_aes_encrypt(v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key); 72 74 73 void 74 aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key); 75 void srtp_aes_decrypt(v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key); 75 76 76 #if 0 77 /* 78 * internal functions 79 */ 77 #ifdef __cplusplus 78 } 79 #endif 80 80 81 void 82 aes_init_sbox(void); 83 84 void 85 aes_compute_tables(void); 86 #endif 87 88 #endif /* _AES_H */ 81 #endif /* AES_H */ -
pjproject/trunk/third_party/srtp/crypto/include/aes_gcm_ossl.h
r5261 r5614 9 9 */ 10 10 /* 11 * 12 * Copyright (c) 2013 , Cisco Systems, Inc.11 * 12 * Copyright (c) 2013-2017, Cisco Systems, Inc. 13 13 * All rights reserved. 14 * 14 * 15 15 * Redistribution and use in source and binary forms, with or without 16 16 * modification, are permitted provided that the following conditions 17 17 * are met: 18 * 18 * 19 19 * Redistributions of source code must retain the above copyright 20 20 * notice, this list of conditions and the following disclaimer. 21 * 21 * 22 22 * Redistributions in binary form must reproduce the above 23 23 * copyright notice, this list of conditions and the following 24 24 * disclaimer in the documentation and/or other materials provided 25 25 * with the distribution. 26 * 26 * 27 27 * Neither the name of the Cisco Systems, Inc. nor the names of its 28 28 * contributors may be used to endorse or promote products derived 29 29 * from this software without specific prior written permission. 30 * 30 * 31 31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 32 32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 49 49 #include "cipher.h" 50 50 #include "srtp.h" 51 #include "datatypes.h" 51 52 #include <openssl/evp.h> 52 53 #include <openssl/aes.h> 53 54 54 55 typedef struct { 55 v256_t key; 56 int key_size; 57 int tag_len; 58 EVP_CIPHER_CTX ctx; 59 cipher_direction_t dir; 60 } aes_gcm_ctx_t; 56 int key_size; 57 int tag_len; 58 EVP_CIPHER_CTX* ctx; 59 srtp_cipher_direction_t dir; 60 } srtp_aes_gcm_ctx_t; 61 61 62 62 #endif /* AES_GCM_OSSL_H */ -
pjproject/trunk/third_party/srtp/crypto/include/aes_icm.h
r5261 r5614 11 11 /* 12 12 * 13 * Copyright (c) 2001-20 06, Cisco Systems, Inc.13 * Copyright (c) 2001-2017, Cisco Systems, Inc. 14 14 * All rights reserved. 15 15 * … … 52 52 53 53 typedef struct { 54 v128_t counter; /* holds the counter value */ 55 v128_t offset; /* initial offset value */ 56 v128_t keystream_buffer; /* buffers bytes of keystream */ 57 aes_expanded_key_t expanded_key; /* the cipher key */ 58 int bytes_in_buffer; /* number of unused bytes in buffer */ 59 } aes_icm_ctx_t; 60 61 62 err_status_t 63 aes_icm_context_init(aes_icm_ctx_t *c, 64 const unsigned char *key, 65 int key_len); 66 67 err_status_t 68 aes_icm_set_iv(aes_icm_ctx_t *c, void *iv, int direction); 69 70 err_status_t 71 aes_icm_encrypt(aes_icm_ctx_t *c, 72 unsigned char *buf, unsigned int *bytes_to_encr); 73 74 err_status_t 75 aes_icm_output(aes_icm_ctx_t *c, 76 unsigned char *buf, unsigned int bytes_to_output); 77 78 err_status_t 79 aes_icm_dealloc(cipher_t *c); 80 81 err_status_t 82 aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c, 83 unsigned char *buf, 84 unsigned int *enc_len, 85 int forIsmacryp); 86 87 err_status_t 88 aes_icm_alloc_ismacryp(cipher_t **c, 89 int key_len, 90 int forIsmacryp); 91 92 uint16_t 93 aes_icm_bytes_encrypted(aes_icm_ctx_t *c); 54 v128_t counter; /* holds the counter value */ 55 v128_t offset; /* initial offset value */ 56 v128_t keystream_buffer; /* buffers bytes of keystream */ 57 srtp_aes_expanded_key_t expanded_key; /* the cipher key */ 58 int bytes_in_buffer; /* number of unused bytes in buffer */ 59 int key_size; /* AES key size + 14 byte SALT */ 60 } srtp_aes_icm_ctx_t; 94 61 95 62 #endif /* AES_ICM_H */ -
pjproject/trunk/third_party/srtp/crypto/include/aes_icm_ossl.h
r5261 r5614 10 10 /* 11 11 * 12 * Copyright (c) 2001-20 05,2012, Cisco Systems, Inc.12 * Copyright (c) 2001-2017, Cisco Systems, Inc. 13 13 * All rights reserved. 14 14 * … … 48 48 49 49 #include "cipher.h" 50 #include "datatypes.h" 50 51 #include <openssl/evp.h> 51 52 #include <openssl/aes.h> 52 53 #ifdef OPENSSL_IS_BORINGSSL54 // BoringSSL doesn't support AES-192, cipher will be disabled55 #define SRTP_NO_AES19256 #endif57 58 #define SALT_SIZE 1459 #define AES_128_KEYSIZE AES_BLOCK_SIZE60 #ifndef SRTP_NO_AES19261 #define AES_192_KEYSIZE AES_BLOCK_SIZE + AES_BLOCK_SIZE / 262 #endif63 #define AES_256_KEYSIZE AES_BLOCK_SIZE * 264 #define AES_128_KEYSIZE_WSALT AES_128_KEYSIZE + SALT_SIZE65 #ifndef SRTP_NO_AES19266 #define AES_192_KEYSIZE_WSALT AES_192_KEYSIZE + SALT_SIZE67 #endif68 #define AES_256_KEYSIZE_WSALT AES_256_KEYSIZE + SALT_SIZE69 53 70 54 typedef struct { 71 55 v128_t counter; /* holds the counter value */ 72 56 v128_t offset; /* initial offset value */ 73 v256_t key;74 57 int key_size; 75 EVP_CIPHER_CTX ctx; 76 } aes_icm_ctx_t; 77 78 err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir); 79 err_status_t aes_icm_openssl_context_init(aes_icm_ctx_t *c, const uint8_t *key, int len); 80 err_status_t aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output); 81 uint16_t aes_icm_bytes_encrypted(aes_icm_ctx_t *c); 82 58 EVP_CIPHER_CTX* ctx; 59 } srtp_aes_icm_ctx_t; 83 60 84 61 #endif /* AES_ICM_H */ -
pjproject/trunk/third_party/srtp/crypto/include/alloc.h
r1730 r5614 9 9 /* 10 10 * 11 * Copyright (c) 2001-20 06Cisco Systems, Inc.11 * Copyright (c) 2001-2017 Cisco Systems, Inc. 12 12 * All rights reserved. 13 13 * … … 49 49 #include "datatypes.h" 50 50 51 void * 52 crypto_alloc(size_t size); 51 #ifdef __cplusplus 52 extern "C" { 53 #endif 53 54 54 void 55 crypto_free(void *ptr); 55 void * srtp_crypto_alloc(size_t size); 56 57 void srtp_crypto_free(void *ptr); 58 59 #ifdef __cplusplus 60 } 61 #endif 56 62 57 63 #endif /* CRYPTO_ALLOC_H */ -
pjproject/trunk/third_party/srtp/crypto/include/auth.h
r5261 r5614 9 9 10 10 /* 11 * 12 * Copyright (c) 2001-20 06, Cisco Systems, Inc.11 * 12 * Copyright (c) 2001-2017, Cisco Systems, Inc. 13 13 * All rights reserved. 14 * 14 * 15 15 * Redistribution and use in source and binary forms, with or without 16 16 * modification, are permitted provided that the following conditions 17 17 * are met: 18 * 18 * 19 19 * Redistributions of source code must retain the above copyright 20 20 * notice, this list of conditions and the following disclaimer. 21 * 21 * 22 22 * Redistributions in binary form must reproduce the above 23 23 * copyright notice, this list of conditions and the following 24 24 * disclaimer in the documentation and/or other materials provided 25 25 * with the distribution. 26 * 26 * 27 27 * Neither the name of the Cisco Systems, Inc. nor the names of its 28 28 * contributors may be used to endorse or promote products derived 29 29 * from this software without specific prior written permission. 30 * 30 * 31 31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 32 32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 44 44 */ 45 45 46 #ifndef AUTH_H47 #define AUTH_H46 #ifndef SRTP_AUTH_H 47 #define SRTP_AUTH_H 48 48 49 #include "datatypes.h" 50 #include "err.h" /* error codes */ 51 #include "crypto.h" /* for auth_type_id_t */ 52 #include "crypto_types.h" /* for values of auth_type_id_t */ 49 #include "srtp.h" 50 #include "crypto_types.h" /* for values of auth_type_id_t */ 53 51 54 typedef struct auth_type_t *auth_type_pointer; 55 typedef struct auth_t *auth_pointer_t; 52 #ifdef __cplusplus 53 extern "C" { 54 #endif 56 55 57 typedef err_status_t (*auth_alloc_func)58 (auth_pointer_t *ap, int key_len, int out_len);56 typedef const struct srtp_auth_type_t *srtp_auth_type_pointer; 57 typedef struct srtp_auth_t *srtp_auth_pointer_t; 59 58 60 typedef err_status_t (*auth_init_func)61 (void *state, const uint8_t *key, int key_len);59 typedef srtp_err_status_t (*srtp_auth_alloc_func) 60 (srtp_auth_pointer_t *ap, int key_len, int out_len); 62 61 63 typedef err_status_t (*auth_dealloc_func)(auth_pointer_t ap); 62 typedef srtp_err_status_t (*srtp_auth_init_func) 63 (void *state, const uint8_t *key, int key_len); 64 64 65 typedef err_status_t (*auth_compute_func) 66 (void *state, uint8_t *buffer, int octets_to_auth, 67 int tag_len, uint8_t *tag); 65 typedef srtp_err_status_t (*srtp_auth_dealloc_func)(srtp_auth_pointer_t ap); 68 66 69 typedef err_status_t (*auth_update_func) 70 (void *state, uint8_t *buffer, int octets_to_auth); 67 typedef srtp_err_status_t (*srtp_auth_compute_func) 68 (void *state, const uint8_t *buffer, int octets_to_auth, 69 int tag_len, uint8_t *tag); 71 70 72 typedef err_status_t (*auth_start_func)(void *state); 73 71 typedef srtp_err_status_t (*srtp_auth_update_func) 72 (void *state, const uint8_t *buffer, int octets_to_auth); 73 74 typedef srtp_err_status_t (*srtp_auth_start_func)(void *state); 75 74 76 /* some syntactic sugar on these function types */ 77 #define srtp_auth_type_alloc(at, a, klen, outlen) \ 78 ((at)->alloc((a), (klen), (outlen))) 75 79 76 #define auth_type_alloc(at, a, klen, outlen)\77 ((at)->alloc((a), (klen), (outlen)))80 #define srtp_auth_init(a, key) \ 81 (((a)->type)->init((a)->state, (key), ((a)->key_len))) 78 82 79 #define auth_init(a, key)\80 (((a)->type)->init((a)->state, (key), ((a)->key_len)))83 #define srtp_auth_compute(a, buf, len, res) \ 84 (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res))) 81 85 82 #define auth_compute(a, buf, len, res)\83 (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res)))86 #define srtp_auth_update(a, buf, len) \ 87 (((a)->type)->update((a)->state, (buf), (len))) 84 88 85 #define auth_update(a, buf, len) \ 86 (((a)->type)->update((a)->state, (buf), (len))) 89 #define srtp_auth_start(a)(((a)->type)->start((a)->state)) 87 90 88 #define auth_start(a)(((a)->type)->start((a)->state)) 89 90 #define auth_dealloc(c) (((c)->type)->dealloc(c)) 91 #define srtp_auth_dealloc(c) (((c)->type)->dealloc(c)) 91 92 92 93 /* functions to get information about a particular auth_t */ 94 int srtp_auth_get_key_length(const struct srtp_auth_t *a); 93 95 94 int 95 auth_get_key_length(const struct auth_t *a); 96 int srtp_auth_get_tag_length(const struct srtp_auth_t *a); 96 97 97 int 98 auth_get_tag_length(const struct auth_t *a); 99 100 int 101 auth_get_prefix_length(const struct auth_t *a); 98 int srtp_auth_get_prefix_length(const struct srtp_auth_t *a); 102 99 103 100 /* 104 * auth_test_case_t is a (list of) key/message/tag values that are101 * srtp_auth_test_case_t is a (list of) key/message/tag values that are 105 102 * known to be correct for a particular cipher. this data can be used 106 103 * to test an implementation in an on-the-fly self test of the 107 * correc ness of the implementation. (see theauth_type_self_test()104 * correctness of the implementation. (see the srtp_auth_type_self_test() 108 105 * function below) 109 106 */ 107 typedef struct srtp_auth_test_case_t { 108 int key_length_octets; /* octets in key */ 109 const uint8_t *key; /* key */ 110 int data_length_octets; /* octets in data */ 111 const uint8_t *data; /* data */ 112 int tag_length_octets; /* octets in tag */ 113 const uint8_t *tag; /* tag */ 114 const struct srtp_auth_test_case_t *next_test_case; /* pointer to next testcase */ 115 } srtp_auth_test_case_t; 110 116 111 typedef struct auth_test_case_t { 112 int key_length_octets; /* octets in key */ 113 uint8_t *key; /* key */ 114 int data_length_octets; /* octets in data */ 115 uint8_t *data; /* data */ 116 int tag_length_octets; /* octets in tag */ 117 uint8_t *tag; /* tag */ 118 struct auth_test_case_t *next_test_case; /* pointer to next testcase */ 119 } auth_test_case_t; 117 /* srtp_auth_type_t */ 118 typedef struct srtp_auth_type_t { 119 srtp_auth_alloc_func alloc; 120 srtp_auth_dealloc_func dealloc; 121 srtp_auth_init_func init; 122 srtp_auth_compute_func compute; 123 srtp_auth_update_func update; 124 srtp_auth_start_func start; 125 const char *description; 126 const srtp_auth_test_case_t *test_data; 127 srtp_auth_type_id_t id; 128 } srtp_auth_type_t; 120 129 121 /* auth_type_t */ 130 typedef struct srtp_auth_t { 131 const srtp_auth_type_t *type; 132 void *state; 133 int out_len; /* length of output tag in octets */ 134 int key_len; /* length of key in octets */ 135 int prefix_len; /* length of keystream prefix */ 136 } srtp_auth_t; 122 137 123 typedef struct auth_type_t { 124 auth_alloc_func alloc; 125 auth_dealloc_func dealloc; 126 auth_init_func init; 127 auth_compute_func compute; 128 auth_update_func update; 129 auth_start_func start; 130 char *description; 131 int ref_count; 132 auth_test_case_t *test_data; 133 debug_module_t *debug; 134 auth_type_id_t id; 135 } auth_type_t; 136 137 typedef struct auth_t { 138 auth_type_t *type; 139 void *state; 140 int out_len; /* length of output tag in octets */ 141 int key_len; /* length of key in octets */ 142 int prefix_len; /* length of keystream prefix */ 143 } auth_t; 144 145 /* 146 * auth_type_self_test() tests an auth_type against test cases 138 /* 139 * srtp_auth_type_self_test() tests an auth_type against test cases 147 140 * provided in an array of values of key/message/tag that is known to 148 141 * be good 149 142 */ 143 srtp_err_status_t srtp_auth_type_self_test(const srtp_auth_type_t *at); 150 144 151 err_status_t 152 auth_type_self_test(const auth_type_t *at); 153 154 /* 155 * auth_type_test() tests an auth_type against external test cases 145 /* 146 * srtp_auth_type_test() tests an auth_type against external test cases 156 147 * provided in an array of values of key/message/tag that is known to 157 148 * be good 158 149 */ 159 160 err_status_t 161 auth_type_test(const auth_type_t *at, const auth_test_case_t *test_data); 150 srtp_err_status_t srtp_auth_type_test(const srtp_auth_type_t *at, 151 const srtp_auth_test_case_t *test_data); 162 152 163 153 /* 164 * auth_type_get_ref_count(at) returns the reference count (the number 165 * of instantiations) of the auth_type_t at 154 * srtp_replace_auth_type(ct, id) 155 * 156 * replaces srtp's kernel's auth type implementation for the auth_type id 157 * with a new one passed in externally. The new auth type must pass all the 158 * existing auth_type's self tests as well as its own. 166 159 */ 160 srtp_err_status_t srtp_replace_auth_type(const srtp_auth_type_t *ct, srtp_auth_type_id_t id); 167 161 168 int 169 auth_type_get_ref_count(const auth_type_t *at); 162 #ifdef __cplusplus 163 } 164 #endif 170 165 171 #endif /* AUTH_H */166 #endif /* SRTP_AUTH_H */ -
pjproject/trunk/third_party/srtp/crypto/include/cipher.h
r5261 r5614 8 8 */ 9 9 /* 10 * 11 * Copyright (c) 2001-20 06,2013Cisco Systems, Inc.10 * 11 * Copyright (c) 2001-2017 Cisco Systems, Inc. 12 12 * All rights reserved. 13 * 13 * 14 14 * Redistribution and use in source and binary forms, with or without 15 15 * modification, are permitted provided that the following conditions 16 16 * are met: 17 * 17 * 18 18 * Redistributions of source code must retain the above copyright 19 19 * notice, this list of conditions and the following disclaimer. 20 * 20 * 21 21 * Redistributions in binary form must reproduce the above 22 22 * copyright notice, this list of conditions and the following 23 23 * disclaimer in the documentation and/or other materials provided 24 24 * with the distribution. 25 * 25 * 26 26 * Neither the name of the Cisco Systems, Inc. nor the names of its 27 27 * contributors may be used to endorse or promote products derived 28 28 * from this software without specific prior written permission. 29 * 29 * 30 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 44 44 45 45 46 #ifndef CIPHER_H 47 #define CIPHER_H 48 49 #include "datatypes.h" 50 #include "rdbx.h" /* for xtd_seq_num_t */ 51 #include "err.h" /* for error codes */ 52 #include "crypto.h" /* for cipher_type_id_t */ 53 #include "crypto_types.h" /* for values of cipher_type_id_t */ 54 55 56 /** 57 * @brief cipher_direction_t defines a particular cipher operation. 58 * 59 * A cipher_direction_t is an enum that describes a particular cipher 46 #ifndef SRTP_CIPHER_H 47 #define SRTP_CIPHER_H 48 49 #include "srtp.h" 50 #include "crypto_types.h" /* for values of cipher_type_id_t */ 51 52 53 #ifdef __cplusplus 54 extern "C" { 55 #endif 56 57 /* 58 * srtp_cipher_direction_t defines a particular cipher operation. 59 * 60 * A srtp_cipher_direction_t is an enum that describes a particular cipher 60 61 * operation, i.e. encryption or decryption. For some ciphers, this 61 62 * distinction does not matter, but for others, it is essential. 62 63 */ 63 64 typedef enum { 65 direction_encrypt, /**< encryption (convert plaintext to ciphertext) */ 66 direction_decrypt, /**< decryption (convert ciphertext to plaintext) */ 67 direction_any /**< encryption or decryption */ 68 } cipher_direction_t; 69 70 /* 71 * the cipher_pointer and cipher_type_pointer definitions are needed 72 * as cipher_t and cipher_type_t are not yet defined 73 */ 74 75 typedef struct cipher_type_t *cipher_type_pointer_t; 76 typedef struct cipher_t *cipher_pointer_t; 77 78 /* 79 * a cipher_alloc_func_t allocates (but does not initialize) a cipher_t 80 */ 81 82 typedef err_status_t (*cipher_alloc_func_t) 83 (cipher_pointer_t *cp, int key_len, int tag_len); 84 85 /* 86 * a cipher_init_func_t [re-]initializes a cipher_t with a given key 87 */ 88 89 typedef err_status_t (*cipher_init_func_t) 90 (void *state, const uint8_t *key, int key_len); 91 92 /* a cipher_dealloc_func_t de-allocates a cipher_t */ 93 94 typedef err_status_t (*cipher_dealloc_func_t)(cipher_pointer_t cp); 95 96 /* a cipher_set_segment_func_t sets the segment index of a cipher_t */ 97 98 typedef err_status_t (*cipher_set_segment_func_t) 99 (void *state, xtd_seq_num_t idx); 100 101 /* 102 * a cipher_set_aad_func_t processes the AAD data for AEAD ciphers 103 */ 104 typedef err_status_t (*cipher_set_aad_func_t) 105 (void *state, uint8_t *aad, unsigned int aad_len); 106 107 108 /* a cipher_encrypt_func_t encrypts data in-place */ 109 110 typedef err_status_t (*cipher_encrypt_func_t) 111 (void *state, uint8_t *buffer, unsigned int *octets_to_encrypt); 112 113 /* a cipher_decrypt_func_t decrypts data in-place */ 114 115 typedef err_status_t (*cipher_decrypt_func_t) 116 (void *state, uint8_t *buffer, unsigned int *octets_to_decrypt); 117 118 /* 119 * a cipher_set_iv_func_t function sets the current initialization vector 120 */ 121 122 typedef err_status_t (*cipher_set_iv_func_t) 123 (cipher_pointer_t cp, void *iv, cipher_direction_t direction); 124 125 /* 126 * a cipher_get_tag_funct_t function is used to get the authentication 64 typedef enum { 65 srtp_direction_encrypt, /**< encryption (convert plaintext to ciphertext) */ 66 srtp_direction_decrypt, /**< decryption (convert ciphertext to plaintext) */ 67 srtp_direction_any /**< encryption or decryption */ 68 } srtp_cipher_direction_t; 69 70 /* 71 * the srtp_cipher_pointer_t definition is needed 72 * as srtp_cipher_t is not yet defined 73 */ 74 typedef struct srtp_cipher_t *srtp_cipher_pointer_t; 75 76 /* 77 * a srtp_cipher_alloc_func_t allocates (but does not initialize) a srtp_cipher_t 78 */ 79 typedef srtp_err_status_t (*srtp_cipher_alloc_func_t) 80 (srtp_cipher_pointer_t *cp, int key_len, int tag_len); 81 82 /* 83 * a srtp_cipher_init_func_t [re-]initializes a cipher_t with a given key 84 */ 85 typedef srtp_err_status_t (*srtp_cipher_init_func_t) 86 (void *state, const uint8_t *key); 87 88 /* a srtp_cipher_dealloc_func_t de-allocates a cipher_t */ 89 typedef srtp_err_status_t (*srtp_cipher_dealloc_func_t)(srtp_cipher_pointer_t cp); 90 91 /* 92 * a srtp_cipher_set_aad_func_t processes the AAD data for AEAD ciphers 93 */ 94 typedef srtp_err_status_t (*srtp_cipher_set_aad_func_t) 95 (void *state, const uint8_t *aad, uint32_t aad_len); 96 97 98 /* a srtp_cipher_encrypt_func_t encrypts data in-place */ 99 typedef srtp_err_status_t (*srtp_cipher_encrypt_func_t) 100 (void *state, uint8_t *buffer, unsigned int *octets_to_encrypt); 101 102 /* a srtp_cipher_decrypt_func_t decrypts data in-place */ 103 typedef srtp_err_status_t (*srtp_cipher_decrypt_func_t) 104 (void *state, uint8_t *buffer, unsigned int *octets_to_decrypt); 105 106 /* 107 * a srtp_cipher_set_iv_func_t function sets the current initialization vector 108 */ 109 typedef srtp_err_status_t (*srtp_cipher_set_iv_func_t) 110 (void *state, uint8_t *iv, srtp_cipher_direction_t direction); 111 112 /* 113 * a cipher_get_tag_func_t function is used to get the authentication 127 114 * tag that was calculated by an AEAD cipher. 128 115 */ 129 typedef err_status_t (*cipher_get_tag_func_t)130 (void *state, void *tag, int *len);131 132 133 /* 134 * cipher_test_case_t is a (list of) key, salt, xtd_seq_num_t,135 * plaintext, and ciphertextvalues that are known to be correct for a116 typedef srtp_err_status_t (*srtp_cipher_get_tag_func_t) 117 (void *state, uint8_t *tag, uint32_t *len); 118 119 120 /* 121 * srtp_cipher_test_case_t is a (list of) key, salt, plaintext, ciphertext, 122 * and aad values that are known to be correct for a 136 123 * particular cipher. this data can be used to test an implementation 137 * in an on-the-fly self test of the correcness of the implementation. 138 * (see the cipher_type_self_test() function below) 139 */ 140 141 typedef struct cipher_test_case_t { 142 int key_length_octets; /* octets in key */ 143 uint8_t *key; /* key */ 144 uint8_t *idx; /* packet index */ 145 int plaintext_length_octets; /* octets in plaintext */ 146 uint8_t *plaintext; /* plaintext */ 147 int ciphertext_length_octets; /* octets in plaintext */ 148 uint8_t *ciphertext; /* ciphertext */ 149 int aad_length_octets; /* octets in AAD */ 150 uint8_t *aad; /* AAD */ 151 int tag_length_octets; /* Length of AEAD tag */ 152 struct cipher_test_case_t *next_test_case; /* pointer to next testcase */ 153 } cipher_test_case_t; 154 155 /* cipher_type_t defines the 'metadata' for a particular cipher type */ 156 157 typedef struct cipher_type_t { 158 cipher_alloc_func_t alloc; 159 cipher_dealloc_func_t dealloc; 160 cipher_init_func_t init; 161 cipher_set_aad_func_t set_aad; 162 cipher_encrypt_func_t encrypt; 163 cipher_encrypt_func_t decrypt; 164 cipher_set_iv_func_t set_iv; 165 cipher_get_tag_func_t get_tag; 166 char *description; 167 int ref_count; 168 cipher_test_case_t *test_data; 169 debug_module_t *debug; 170 cipher_type_id_t id; 171 } cipher_type_t; 172 173 /* 174 * cipher_t defines an instantiation of a particular cipher, with fixed 124 * in an on-the-fly self test of the correctness of the implementation. 125 * (see the srtp_cipher_type_self_test() function below) 126 */ 127 typedef struct srtp_cipher_test_case_t { 128 int key_length_octets; /* octets in key */ 129 const uint8_t *key; /* key */ 130 uint8_t *idx; /* packet index */ 131 int plaintext_length_octets; /* octets in plaintext */ 132 const uint8_t *plaintext; /* plaintext */ 133 int ciphertext_length_octets; /* octets in plaintext */ 134 const uint8_t *ciphertext; /* ciphertext */ 135 int aad_length_octets; /* octets in AAD */ 136 const uint8_t *aad; /* AAD */ 137 int tag_length_octets; /* Length of AEAD tag */ 138 const struct srtp_cipher_test_case_t *next_test_case; /* pointer to next testcase */ 139 } srtp_cipher_test_case_t; 140 141 /* srtp_cipher_type_t defines the 'metadata' for a particular cipher type */ 142 typedef struct srtp_cipher_type_t { 143 srtp_cipher_alloc_func_t alloc; 144 srtp_cipher_dealloc_func_t dealloc; 145 srtp_cipher_init_func_t init; 146 srtp_cipher_set_aad_func_t set_aad; 147 srtp_cipher_encrypt_func_t encrypt; 148 srtp_cipher_encrypt_func_t decrypt; 149 srtp_cipher_set_iv_func_t set_iv; 150 srtp_cipher_get_tag_func_t get_tag; 151 const char *description; 152 const srtp_cipher_test_case_t *test_data; 153 srtp_cipher_type_id_t id; 154 } srtp_cipher_type_t; 155 156 /* 157 * srtp_cipher_t defines an instantiation of a particular cipher, with fixed 175 158 * key length, key and salt values 176 159 */ 177 178 typedef struct cipher_t { 179 cipher_type_t *type; 180 void *state; 181 int key_len; 182 int algorithm; 183 } cipher_t; 184 185 /* some syntactic sugar on these function types */ 186 187 #define cipher_type_alloc(ct, c, klen, tlen) ((ct)->alloc((c), (klen), (tlen))) 188 189 #define cipher_dealloc(c) (((c)->type)->dealloc(c)) 190 191 #define cipher_init(c, k) (((c)->type)->init(((c)->state), (k), ((c)->key_len))) 192 193 #define cipher_encrypt(c, buf, len) \ 194 (((c)->type)->encrypt(((c)->state), (buf), (len))) 195 196 #define cipher_get_tag(c, buf, len) \ 197 (((c)->type)->get_tag(((c)->state), (buf), (len))) 198 199 #define cipher_decrypt(c, buf, len) \ 200 (((c)->type)->decrypt(((c)->state), (buf), (len))) 201 202 #define cipher_set_iv(c, n, dir) \ 203 ((c) ? (((c)->type)->set_iv(((cipher_pointer_t)(c)->state), (n), (dir))) : \ 204 err_status_no_such_op) 205 #define cipher_set_aad(c, a, l) \ 206 (((c) && (((c)->type)->set_aad)) ? \ 207 (((c)->type)->set_aad(((c)->state), (a), (l))) : \ 208 err_status_no_such_op) 209 210 err_status_t 211 cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output); 212 160 typedef struct srtp_cipher_t { 161 const srtp_cipher_type_t *type; 162 void *state; 163 int key_len; 164 int algorithm; 165 } srtp_cipher_t; 213 166 214 167 /* some bookkeeping functions */ 215 216 int 217 cipher_get_key_length(const cipher_t *c); 218 219 220 /* 221 * cipher_type_self_test() tests a cipher against test cases provided in 222 * an array of values of key/xtd_seq_num_t/plaintext/ciphertext 168 int srtp_cipher_get_key_length(const srtp_cipher_t *c); 169 170 171 /* 172 * srtp_cipher_type_self_test() tests a cipher against test cases provided in 173 * an array of values of key/srtp_xtd_seq_num_t/plaintext/ciphertext 223 174 * that is known to be good 224 175 */ 225 226 err_status_t 227 cipher_type_self_test(const cipher_type_t *ct); 228 229 230 /* 231 * cipher_type_test() tests a cipher against external test cases provided in 232 * an array of values of key/xtd_seq_num_t/plaintext/ciphertext 176 srtp_err_status_t srtp_cipher_type_self_test(const srtp_cipher_type_t *ct); 177 178 179 /* 180 * srtp_cipher_type_test() tests a cipher against external test cases provided in 181 * an array of values of key/srtp_xtd_seq_num_t/plaintext/ciphertext 233 182 * that is known to be good 234 183 */ 235 236 err_status_t 237 cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data); 238 239 240 /* 241 * cipher_bits_per_second(c, l, t) computes (and estimate of) the 184 srtp_err_status_t srtp_cipher_type_test(const srtp_cipher_type_t *ct, const srtp_cipher_test_case_t *test_data); 185 186 187 /* 188 * srtp_cipher_bits_per_second(c, l, t) computes (an estimate of) the 242 189 * number of bits that a cipher implementation can encrypt in a second 243 * 190 * 244 191 * c is a cipher (which MUST be allocated and initialized already), l 245 192 * is the length in octets of the test data to be encrypted, and t is … … 248 195 * if an error is encountered, then the value 0 is returned 249 196 */ 250 251 uint64_t 252 cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials); 253 254 #endif /* CIPHER_H */ 197 uint64_t srtp_cipher_bits_per_second(srtp_cipher_t *c, int octets_in_buffer, int num_trials); 198 199 srtp_err_status_t srtp_cipher_type_alloc(const srtp_cipher_type_t *ct, srtp_cipher_t **c, int key_len, int tlen); 200 srtp_err_status_t srtp_cipher_dealloc(srtp_cipher_t *c); 201 srtp_err_status_t srtp_cipher_init(srtp_cipher_t *c, const uint8_t *key); 202 srtp_err_status_t srtp_cipher_set_iv(srtp_cipher_t *c, uint8_t *iv, int direction); 203 srtp_err_status_t srtp_cipher_output(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output); 204 srtp_err_status_t srtp_cipher_encrypt(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output); 205 srtp_err_status_t srtp_cipher_decrypt(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output); 206 srtp_err_status_t srtp_cipher_get_tag(srtp_cipher_t *c, uint8_t *buffer, uint32_t *tag_len); 207 srtp_err_status_t srtp_cipher_set_aad(srtp_cipher_t *c, const uint8_t *aad, uint32_t aad_len); 208 209 /* 210 * srtp_replace_cipher_type(ct, id) 211 * 212 * replaces srtp's existing cipher implementation for the cipher_type id 213 * with a new one passed in externally. The new cipher must pass all the 214 * existing cipher_type's self tests as well as its own. 215 */ 216 srtp_err_status_t srtp_replace_cipher_type(const srtp_cipher_type_t *ct, srtp_cipher_type_id_t id); 217 218 #ifdef __cplusplus 219 } 220 #endif 221 222 #endif /* SRTP_CIPHER_H */ -
pjproject/trunk/third_party/srtp/crypto/include/crypto_kernel.h
r5261 r5614 8 8 */ 9 9 /* 10 * 11 * Copyright(c) 2001-20 06Cisco Systems, Inc.10 * 11 * Copyright(c) 2001-2017 Cisco Systems, Inc. 12 12 * All rights reserved. 13 * 13 * 14 14 * Redistribution and use in source and binary forms, with or without 15 15 * modification, are permitted provided that the following conditions 16 16 * are met: 17 * 17 * 18 18 * Redistributions of source code must retain the above copyright 19 19 * notice, this list of conditions and the following disclaimer. 20 * 20 * 21 21 * Redistributions in binary form must reproduce the above 22 22 * copyright notice, this list of conditions and the following 23 23 * disclaimer in the documentation and/or other materials provided 24 24 * with the distribution. 25 * 25 * 26 26 * Neither the name of the Cisco Systems, Inc. nor the names of its 27 27 * contributors may be used to endorse or promote products derived 28 28 * from this software without specific prior written permission. 29 * 29 * 30 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 47 47 #define CRYPTO_KERNEL 48 48 49 #include "rand_source.h" 50 #include "prng.h" 51 #include "cipher.h" 49 #include "cipher.h" 52 50 #include "auth.h" 53 #include "cryptoalg.h"54 #include "stat.h"55 51 #include "err.h" 56 52 #include "crypto_types.h" 57 53 #include "key.h" 58 #include "crypto.h" 54 55 #ifdef __cplusplus 56 extern "C" { 57 #endif 59 58 60 59 /* … … 64 63 * secure - initialized and passed self-tests 65 64 */ 66 67 65 typedef enum { 68 crypto_kernel_state_insecure, 69 crypto_kernel_state_secure 70 } crypto_kernel_state_t; 71 72 /* 73 * linked list of cipher types 74 */ 75 76 typedef struct kernel_cipher_type { 77 cipher_type_id_t id; 78 cipher_type_t *cipher_type; 79 struct kernel_cipher_type *next; 80 } kernel_cipher_type_t; 81 82 /* 83 * linked list of auth types 84 */ 85 86 typedef struct kernel_auth_type { 87 auth_type_id_t id; 88 auth_type_t *auth_type; 89 struct kernel_auth_type *next; 90 } kernel_auth_type_t; 91 92 /* 93 * linked list of debug modules 94 */ 95 96 typedef struct kernel_debug_module { 97 debug_module_t *mod; 98 struct kernel_debug_module *next; 99 } kernel_debug_module_t; 66 srtp_crypto_kernel_state_insecure, 67 srtp_crypto_kernel_state_secure 68 } srtp_crypto_kernel_state_t; 69 70 /* 71 * linked list of cipher types 72 */ 73 typedef struct srtp_kernel_cipher_type { 74 srtp_cipher_type_id_t id; 75 const srtp_cipher_type_t *cipher_type; 76 struct srtp_kernel_cipher_type *next; 77 } srtp_kernel_cipher_type_t; 78 79 /* 80 * linked list of auth types 81 */ 82 typedef struct srtp_kernel_auth_type { 83 srtp_auth_type_id_t id; 84 const srtp_auth_type_t *auth_type; 85 struct srtp_kernel_auth_type *next; 86 } srtp_kernel_auth_type_t; 87 88 /* 89 * linked list of debug modules 90 */ 91 typedef struct srtp_kernel_debug_module { 92 srtp_debug_module_t *mod; 93 struct srtp_kernel_debug_module *next; 94 } srtp_kernel_debug_module_t; 100 95 101 96 … … 106 101 * a global variable defined in crypto_kernel.c 107 102 */ 108 109 103 typedef struct { 110 crypto_kernel_state_t state; /* current state of kernel */111 kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */112 kernel_auth_type_t *auth_type_list; /* list of all auth func types */113 kernel_debug_module_t *debug_module_list; /* list of all debug modules */114 } crypto_kernel_t;115 116 117 /* 118 * crypto_kernel_t external api119 */ 120 121 122 /* 123 * The function crypto_kernel_init() initialized the crypto kernel and104 srtp_crypto_kernel_state_t state; /* current state of kernel */ 105 srtp_kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */ 106 srtp_kernel_auth_type_t *auth_type_list; /* list of all auth func types */ 107 srtp_kernel_debug_module_t *debug_module_list; /* list of all debug modules */ 108 } srtp_crypto_kernel_t; 109 110 111 /* 112 * srtp_crypto_kernel_t external api 113 */ 114 115 116 /* 117 * The function srtp_crypto_kernel_init() initialized the crypto kernel and 124 118 * runs the self-test operations on the random number generators and 125 119 * crypto algorithms. Possible return values are: 126 120 * 127 * err_status_ok initialization successful 128 * <other> init failure 129 * 130 * If any value other than err_status_ok is returned, the 131 * crypto_kernel MUST NOT be used. 132 */ 133 134 err_status_t 135 crypto_kernel_init(void); 136 137 138 /* 139 * The function crypto_kernel_shutdown() de-initializes the 121 * srtp_err_status_ok initialization successful 122 * <other> init failure 123 * 124 * If any value other than srtp_err_status_ok is returned, the 125 * crypto_kernel MUST NOT be used. 126 */ 127 srtp_err_status_t srtp_crypto_kernel_init(void); 128 129 130 /* 131 * The function srtp_crypto_kernel_shutdown() de-initializes the 140 132 * crypto_kernel, zeroizes keys and other cryptographic material, and 141 133 * deallocates any dynamically allocated memory. Possible return 142 134 * values are: 143 135 * 144 * err_status_ok shutdown successful 145 * <other> shutdown failure 146 * 147 */ 148 149 err_status_t 150 crypto_kernel_shutdown(void); 151 152 /* 153 * The function crypto_kernel_stats() checks the the crypto_kernel, 136 * srtp_err_status_ok shutdown successful 137 * <other> shutdown failure 138 * 139 */ 140 srtp_err_status_t srtp_crypto_kernel_shutdown(void); 141 142 /* 143 * The function srtp_crypto_kernel_stats() checks the the crypto_kernel, 154 144 * running tests on the ciphers, auth funcs, and rng, and prints out a 155 145 * status report. Possible return values are: 156 146 * 157 * err_status_ok all tests were passed 158 * <other> a test failed 159 * 160 */ 161 162 err_status_t 163 crypto_kernel_status(void); 164 165 166 /* 167 * crypto_kernel_list_debug_modules() outputs a list of debugging modules 168 * 169 */ 170 171 err_status_t 172 crypto_kernel_list_debug_modules(void); 173 174 /* 175 * crypto_kernel_load_cipher_type() 176 * 177 */ 178 179 err_status_t 180 crypto_kernel_load_cipher_type(cipher_type_t *ct, cipher_type_id_t id); 181 182 err_status_t 183 crypto_kernel_load_auth_type(auth_type_t *ct, auth_type_id_t id); 184 185 /* 186 * crypto_kernel_replace_cipher_type(ct, id) 187 * 188 * replaces the crypto kernel's existing cipher for the cipher_type id 189 * with a new one passed in externally. The new cipher must pass all the 190 * existing cipher_type's self tests as well as its own. 191 */ 192 err_status_t 193 crypto_kernel_replace_cipher_type(cipher_type_t *ct, cipher_type_id_t id); 194 195 196 /* 197 * crypto_kernel_replace_auth_type(ct, id) 198 * 199 * replaces the crypto kernel's existing cipher for the auth_type id 200 * with a new one passed in externally. The new auth type must pass all the 201 * existing auth_type's self tests as well as its own. 202 */ 203 err_status_t 204 crypto_kernel_replace_auth_type(auth_type_t *ct, auth_type_id_t id); 205 206 207 err_status_t 208 crypto_kernel_load_debug_module(debug_module_t *new_dm); 209 210 /* 211 * crypto_kernel_alloc_cipher(id, cp, key_len); 147 * srtp_err_status_ok all tests were passed 148 * <other> a test failed 149 * 150 */ 151 srtp_err_status_t srtp_crypto_kernel_status(void); 152 153 154 /* 155 * srtp_crypto_kernel_list_debug_modules() outputs a list of debugging modules 156 * 157 */ 158 srtp_err_status_t srtp_crypto_kernel_list_debug_modules(void); 159 160 /* 161 * srtp_crypto_kernel_load_cipher_type() 162 * 163 */ 164 srtp_err_status_t srtp_crypto_kernel_load_cipher_type(const srtp_cipher_type_t *ct, srtp_cipher_type_id_t id); 165 166 srtp_err_status_t srtp_crypto_kernel_load_auth_type(const srtp_auth_type_t *ct, srtp_auth_type_id_t id); 167 168 srtp_err_status_t srtp_crypto_kernel_load_debug_module(srtp_debug_module_t *new_dm); 169 170 /* 171 * srtp_crypto_kernel_alloc_cipher(id, cp, key_len); 212 172 * 213 173 * allocates a cipher of type id at location *cp, with key length 214 174 * key_len octets. Return values are: 215 * 216 * err_status_ok no problems 217 * err_status_alloc_fail an allocation failure occured 218 * err_status_fail couldn't find cipher with identifier 'id' 219 */ 220 221 err_status_t 222 crypto_kernel_alloc_cipher(cipher_type_id_t id, 223 cipher_pointer_t *cp, 224 int key_len, 225 int tag_len); 226 227 /* 228 * crypto_kernel_alloc_auth(id, ap, key_len, tag_len); 175 * 176 * srtp_err_status_ok no problems 177 * srtp_err_status_alloc_fail an allocation failure occured 178 * srtp_err_status_fail couldn't find cipher with identifier 'id' 179 */ 180 srtp_err_status_t srtp_crypto_kernel_alloc_cipher(srtp_cipher_type_id_t id, srtp_cipher_pointer_t *cp, int key_len, int tag_len); 181 182 /* 183 * srtp_crypto_kernel_alloc_auth(id, ap, key_len, tag_len); 229 184 * 230 185 * allocates an auth function of type id at location *ap, with key 231 186 * length key_len octets and output tag length of tag_len. Return 232 187 * values are: 233 * 234 * err_status_ok no problems 235 * err_status_alloc_fail an allocation failure occured 236 * err_status_fail couldn't find auth with identifier 'id' 237 */ 238 239 err_status_t 240 crypto_kernel_alloc_auth(auth_type_id_t id, 241 auth_pointer_t *ap, 242 int key_len, 243 int tag_len); 244 245 246 /* 247 * crypto_kernel_set_debug_module(mod_name, v) 248 * 188 * 189 * srtp_err_status_ok no problems 190 * srtp_err_status_alloc_fail an allocation failure occured 191 * srtp_err_status_fail couldn't find auth with identifier 'id' 192 */ 193 srtp_err_status_t srtp_crypto_kernel_alloc_auth(srtp_auth_type_id_t id, srtp_auth_pointer_t *ap, int key_len, int tag_len); 194 195 196 /* 197 * srtp_crypto_kernel_set_debug_module(mod_name, v) 198 * 249 199 * sets dynamic debugging to the value v (0 for off, 1 for on) for the 250 200 * debug module with the name mod_name 251 201 * 252 * returns err_status_ok on success, err_status_fail otherwise 253 */ 254 255 err_status_t 256 crypto_kernel_set_debug_module(char *mod_name, int v); 257 258 /** 259 * @brief writes a random octet string. 260 * 261 * The function call crypto_get_random(dest, len) writes len octets of 262 * random data to the location to which dest points, and returns an 263 * error code. This error code @b must be checked, and if a failure is 264 * reported, the data in the buffer @b must @b not be used. 265 * 266 * @warning If the return code is not checked, then non-random 267 * data may be in the buffer. This function will fail 268 * unless it is called after crypto_kernel_init(). 269 * 270 * @return 271 * - err_status_ok if no problems occured. 272 * - [other] a problem occured, and no assumptions should 273 * be made about the contents of the destination 274 * buffer. 275 * 276 * @ingroup SRTP 277 */ 278 err_status_t 279 crypto_get_random(unsigned char *buffer, unsigned int length); 280 202 * returns srtp_err_status_ok on success, srtp_err_status_fail otherwise 203 */ 204 srtp_err_status_t srtp_crypto_kernel_set_debug_module(const char *mod_name, int v); 205 206 #ifdef __cplusplus 207 } 208 #endif 209 281 210 #endif /* CRYPTO_KERNEL */ -
pjproject/trunk/third_party/srtp/crypto/include/crypto_types.h
r5261 r5614 9 9 /* 10 10 * 11 * Copyright(c) 2001-20 06,2013Cisco Systems, Inc.11 * Copyright(c) 2001-2017 Cisco Systems, Inc. 12 12 * All rights reserved. 13 13 * … … 43 43 */ 44 44 45 #ifndef CRYPTO_TYPES_H46 #define CRYPTO_TYPES_H45 #ifndef SRTP_CRYPTO_TYPES_H 46 #define SRTP_CRYPTO_TYPES_H 47 47 48 /* *49 * @defgroup Algos Cryptographic Algorithms48 /* 49 * The null cipher performs no encryption. 50 50 * 51 * 52 * This library provides several different cryptographic algorithms, 53 * each of which can be selected by using the cipher_type_id_t and 54 * auth_type_id_t. These algorithms are documented below. 55 * 56 * Authentication functions that use the Universal Security Transform 57 * (UST) must be used in conjunction with a cipher other than the null 58 * cipher. These functions require a per-message pseudorandom input 59 * that is generated by the cipher. 60 * 61 * The identifiers STRONGHOLD_AUTH and STRONGHOLD_CIPHER identify the 62 * strongest available authentication function and cipher, 63 * respectively. They are resolved at compile time to the strongest 64 * available algorithm. The stronghold algorithms can serve as did 65 * the keep of a medieval fortification; they provide the strongest 66 * defense (or the last refuge). 67 * 68 * @{ 69 */ 70 71 /** 72 * @defgroup Ciphers Cipher Types 73 * 74 * @brief Each cipher type is identified by an unsigned integer. The 75 * cipher types available in this edition of libSRTP are given 76 * by the #defines below. 77 * 78 * A cipher_type_id_t is an identifier for a cipher_type; only values 79 * given by the #defines above (or those present in the file 80 * crypto_types.h) should be used. 81 * 82 * The identifier STRONGHOLD_CIPHER indicates the strongest available 83 * cipher, allowing an application to choose the strongest available 84 * algorithm without any advance knowledge about the avaliable 85 * algorithms. 86 * 87 * @{ 88 */ 89 90 /** 91 * @brief The null cipher performs no encryption. 92 * 93 * The NULL_CIPHER leaves its inputs unaltered, during both the 51 * The SRTP_NULL_CIPHER leaves its inputs unaltered, during both the 94 52 * encryption and decryption operations. This cipher can be chosen 95 53 * to indicate that no encryption is to be performed. 96 54 */ 97 #define NULL_CIPHER 055 #define SRTP_NULL_CIPHER 0 98 56 99 /* *100 * @brief AES Integer Counter Mode (AES ICM)57 /* 58 * AES-128 Integer Counter Mode (AES ICM) 101 59 * 102 * AES ICM is the variant of counter mode that is used by Secure RTP.103 * This cipher uses a 16-, 24-, or 32-octet key concatenated with a60 * AES-128 ICM is the variant of counter mode that is used by 61 * Secure RTP. This cipher uses a 16-octet key concatenated with a 104 62 * 14-octet offset (or salt) value. 105 63 */ 106 #define AES_ICM 164 #define SRTP_AES_ICM_128 1 107 65 108 /** 109 * @brief AES-128 Integer Counter Mode (AES ICM) 110 * AES-128 ICM is a deprecated alternate name for AES ICM. 66 /* 67 * AES-192 Integer Counter Mode (AES ICM) 68 * 69 * AES-128 ICM is the variant of counter mode that is used by 70 * Secure RTP. This cipher uses a 24-octet key concatenated with a 71 * 14-octet offset (or salt) value. 111 72 */ 112 #define AES_128_ICM AES_ICM73 #define SRTP_AES_ICM_192 4 113 74 114 /** 115 * @brief SEAL 3.0 116 * 117 * SEAL is the Software-Optimized Encryption Algorithm of Coppersmith 118 * and Rogaway. Nota bene: this cipher is IBM proprietary. 75 /* 76 * AES-256 Integer Counter Mode (AES ICM) 77 * 78 * AES-128 ICM is the variant of counter mode that is used by 79 * Secure RTP. This cipher uses a 32-octet key concatenated with a 80 * 14-octet offset (or salt) value. 119 81 */ 120 #define S EAL 282 #define SRTP_AES_ICM_256 5 121 83 122 /** 123 * @brief AES Cipher Block Chaining mode (AES CBC) 124 * 125 * AES CBC is the AES Cipher Block Chaining mode. 126 * This cipher uses a 16-, 24-, or 32-octet key. 127 */ 128 #define AES_CBC 3 129 130 /** 131 * @brief AES-128 Cipher Block Chaining mode (AES CBC) 132 * 133 * AES-128 CBC is a deprecated alternate name for AES CBC. 134 */ 135 #define AES_128_CBC AES_CBC 136 137 /** 138 * @brief Strongest available cipher. 139 * 140 * This identifier resolves to the strongest cipher type available. 141 */ 142 #define STRONGHOLD_CIPHER AES_ICM 143 144 /** 145 * @brief AES-192 Integer Counter Mode (AES ICM) 146 * AES-192 ICM is a deprecated alternate name for AES ICM. 147 */ 148 #define AES_192_ICM 4 149 150 /** 151 * @brief AES-256 Integer Counter Mode (AES ICM) 152 * AES-256 ICM is a deprecated alternate name for AES ICM. 153 */ 154 #define AES_256_ICM 5 155 156 /** 157 * @brief AES-128_GCM Galois Counter Mode (AES GCM) 84 /* 85 * AES-128_GCM Galois Counter Mode (AES GCM) 158 86 * 159 87 * AES-128 GCM is the variant of galois counter mode that is used by 160 88 * Secure RTP. This cipher uses a 16-octet key. 161 89 */ 162 #define AES_128_GCM 690 #define SRTP_AES_GCM_128 6 163 91 164 /* *165 * @briefAES-256_GCM Galois Counter Mode (AES GCM)92 /* 93 * AES-256_GCM Galois Counter Mode (AES GCM) 166 94 * 167 95 * AES-256 GCM is the variant of galois counter mode that is used by 168 96 * Secure RTP. This cipher uses a 32-octet key. 169 97 */ 170 #define AES_256_GCM 798 #define SRTP_AES_GCM_256 7 171 99 172 /** 173 * @} 174 */ 175 176 177 178 /** 179 * @defgroup Authentication Authentication Function Types 180 * 181 * @brief Each authentication function type is identified by an 182 * unsigned integer. The authentication function types available in 183 * this edition of libSRTP are given by the #defines below. 184 * 185 * An auth_type_id_t is an identifier for an authentication function type; 186 * only values given by the #defines above (or those present in the 187 * file crypto_types.h) should be used. 188 * 189 * The identifier STRONGHOLD_AUTH indicates the strongest available 190 * authentication function, allowing an application to choose the 191 * strongest available algorithm without any advance knowledge about 192 * the avaliable algorithms. The stronghold algorithms can serve as 193 * did the keep of a medieval fortification; they provide the 194 * strongest defense (or the last refuge). 195 * 196 * @{ 197 */ 198 199 /** 200 * @brief The null authentication function performs no authentication. 100 /* 101 * The null authentication function performs no authentication. 201 102 * 202 103 * The NULL_AUTH function does nothing, and can be selected to indicate 203 104 * that authentication should not be performed. 204 105 */ 205 #define NULL_AUTH 0106 #define SRTP_NULL_AUTH 0 206 107 207 /* *208 * @brief UST with TMMH Version 2108 /* 109 * HMAC-SHA1 209 110 * 210 * UST_TMMHv2 implements the Truncated Multi-Modular Hash using 211 * UST. This function must be used in conjunction with a cipher other 212 * than the null cipher. 213 * with a cipher. 214 */ 215 #define UST_TMMHv2 1 216 217 /** 218 * @brief (UST) AES-128 XORMAC 219 * 220 * UST_AES_128_XMAC implements AES-128 XORMAC, using UST. Nota bene: 221 * the XORMAC algorithm is IBM proprietary. 222 */ 223 #define UST_AES_128_XMAC 2 224 225 /** 226 * @brief HMAC-SHA1 227 * 228 * HMAC_SHA1 implements the Hash-based MAC using the NIST Secure 111 * SRTP_HMAC_SHA1 implements the Hash-based MAC using the NIST Secure 229 112 * Hash Algorithm version 1 (SHA1). 230 113 */ 231 #define HMAC_SHA1 3114 #define SRTP_HMAC_SHA1 3 232 115 233 /** 234 * @brief Strongest available authentication function. 235 * 236 * This identifier resolves to the strongest available authentication 237 * function. 238 */ 239 #define STRONGHOLD_AUTH HMAC_SHA1 240 241 /** 242 * @} 243 */ 244 /** 245 * @} 246 */ 247 248 #endif /* CRYPTO_TYPES_H */ 116 #endif /* SRTP_CRYPTO_TYPES_H */ -
pjproject/trunk/third_party/srtp/crypto/include/datatypes.h
r5261 r5614 10 10 /* 11 11 * 12 * Copyright (c) 2001-20 06, Cisco Systems, Inc.12 * Copyright (c) 2001-2017, Cisco Systems, Inc. 13 13 * All rights reserved. 14 14 * … … 45 45 46 46 47 #ifndef _DATATYPES_H48 #define _DATATYPES_H47 #ifndef DATATYPES_H 48 #define DATATYPES_H 49 49 50 50 #include "integers.h" /* definitions of uint32_t, et cetera */ … … 53 53 #include <stdarg.h> 54 54 55 #ifndef SRTP_KERNEL 56 # include <stdio.h> 57 # include <string.h> 58 # include <time.h> 59 # ifdef HAVE_NETINET_IN_H 60 # include <netinet/in.h> 61 # elif defined HAVE_WINSOCK2_H 62 # include <winsock2.h> 63 # endif 55 #include <stdio.h> 56 #include <string.h> 57 #include <time.h> 58 #ifdef HAVE_NETINET_IN_H 59 # include <netinet/in.h> 60 #elif defined HAVE_WINSOCK2_H 61 # include <winsock2.h> 62 #endif 63 64 #ifdef __cplusplus 65 extern "C" { 64 66 #endif 65 67 … … 116 118 octet_get_weight(uint8_t octet); 117 119 120 #define MAX_PRINT_STRING_LEN 1024 121 118 122 char * 119 octet_bit_string(uint8_t x); 120 121 #define MAX_PRINT_STRING_LEN 1024 122 123 char * 124 octet_string_hex_string(const void *str, int length); 123 srtp_octet_string_hex_string(const void *str, int length); 125 124 126 125 char * … … 129 128 char * 130 129 v128_hex_string(v128_t *x); 131 132 uint8_t133 nibble_to_hex_char(uint8_t nibble);134 135 char *136 char_to_hex_string(char *x, int num_char);137 138 uint8_t139 hex_string_to_octet(char *s);140 141 /*142 * hex_string_to_octet_string(raw, hex, len) converts the hexadecimal143 * string at *hex (of length len octets) to the equivalent raw data144 * and writes it to *raw.145 *146 * if a character in the hex string that is not a hexadeciaml digit147 * (0123456789abcdefABCDEF) is encountered, the function stops writing148 * data to *raw149 *150 * the number of hex digits copied (which is two times the number of151 * octets in *raw) is returned152 */153 154 int155 hex_string_to_octet_string(char *raw, char *hex, int len);156 157 v128_t158 hex_string_to_v128(char *s);159 130 160 131 void … … 274 245 _v128_clear_bit(x, bit) \ 275 246 ) 276 277 278 #if 0279 /* nothing uses this */280 #ifdef WORDS_BIGENDIAN281 282 #define _v128_add(z, x, y) { \283 uint64_t tmp; \284 \285 tmp = x->v32[3] + y->v32[3]; \286 z->v32[3] = (uint32_t) tmp; \287 \288 tmp = x->v32[2] + y->v32[2] + (tmp >> 32); \289 z->v32[2] = (uint32_t) tmp; \290 \291 tmp = x->v32[1] + y->v32[1] + (tmp >> 32); \292 z->v32[1] = (uint32_t) tmp; \293 \294 tmp = x->v32[0] + y->v32[0] + (tmp >> 32); \295 z->v32[0] = (uint32_t) tmp; \296 }297 298 #else /* assume little endian architecture */299 300 #define _v128_add(z, x, y) { \301 uint64_t tmp; \302 \303 tmp = htonl(x->v32[3]) + htonl(y->v32[3]); \304 z->v32[3] = ntohl((uint32_t) tmp); \305 \306 tmp = htonl(x->v32[2]) + htonl(y->v32[2]) \307 + htonl(tmp >> 32); \308 z->v32[2] = ntohl((uint32_t) tmp); \309 \310 tmp = htonl(x->v32[1]) + htonl(y->v32[1]) \311 + htonl(tmp >> 32); \312 z->v32[1] = ntohl((uint32_t) tmp); \313 \314 tmp = htonl(x->v32[0]) + htonl(y->v32[0]) \315 + htonl(tmp >> 32); \316 z->v32[0] = ntohl((uint32_t) tmp); \317 }318 #endif /* WORDS_BIGENDIAN */319 #endif /* 0 */320 321 247 322 248 #ifdef DATATYPES_USE_MACROS /* little functions are really macros */ … … 373 299 374 300 /* 375 * octet_string_is_eq(a,b, len) returns 1 if the length len strings a 376 * and b are not equal, returns 0 otherwise 301 * octet_string_is_eq(a, b, len) returns 1 if the length len strings a 302 * and b are not equal. It returns 0 otherwise. The running time of the 303 * comparison depends only on len, making this safe to use for (e.g.) 304 * verifying authentication tags. 377 305 */ 378 306 … … 380 308 octet_string_is_eq(uint8_t *a, uint8_t *b, int len); 381 309 382 void 383 octet_string_set_to_zero(uint8_t *s, int len); 384 385 386 #if !defined(SRTP_KERNEL_LINUX) && defined(HAVE_CONFIG_H) 310 /* 311 * A portable way to zero out memory as recommended by 312 * https://cryptocoding.net/index.php/Coding_rules#Clean_memory_of_secret_data 313 * This is used to zero memory when OPENSSL_cleanse() is not available. 314 */ 315 void 316 srtp_cleanse(void *s, size_t len); 317 318 /* 319 * Functions as a wrapper that delegates to either srtp_cleanse() or 320 * OPENSSL_cleanse() if available to zero memory. 321 */ 322 void 323 octet_string_set_to_zero(void *s, size_t len); 324 325 #if defined(HAVE_CONFIG_H) 387 326 388 327 /* … … 427 366 } 428 367 429 #endif /* ! SRTP_KERNEL_LINUX */368 #endif 430 369 431 370 #endif /* WORDS_BIGENDIAN */ … … 510 449 bitvector_bit_string(bitvector_t *x, char* buf, int len); 511 450 512 #ifdef TESTAPP_SOURCE513 int base64_string_to_octet_string(char *raw, int *pad, char *base64, int len); 451 #ifdef __cplusplus 452 } 514 453 #endif 515 454 516 #endif /* _DATATYPES_H */455 #endif /* DATATYPES_H */ -
pjproject/trunk/third_party/srtp/crypto/include/err.h
r5261 r5614 1 1 /* 2 2 * err.h 3 * 3 * 4 4 * error status codes 5 5 * … … 8 8 */ 9 9 /* 10 * 11 * Copyright (c) 2001-20 06, Cisco Systems, Inc.10 * 11 * Copyright (c) 2001-2017, Cisco Systems, Inc. 12 12 * All rights reserved. 13 * 13 * 14 14 * Redistribution and use in source and binary forms, with or without 15 15 * modification, are permitted provided that the following conditions 16 16 * are met: 17 * 17 * 18 18 * Redistributions of source code must retain the above copyright 19 19 * notice, this list of conditions and the following disclaimer. 20 * 20 * 21 21 * Redistributions in binary form must reproduce the above 22 22 * copyright notice, this list of conditions and the following 23 23 * disclaimer in the documentation and/or other materials provided 24 24 * with the distribution. 25 * 25 * 26 26 * Neither the name of the Cisco Systems, Inc. nor the names of its 27 27 * contributors may be used to endorse or promote products derived 28 28 * from this software without specific prior written permission. 29 * 29 * 30 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 49 49 #include <stdio.h> 50 50 #include <stdarg.h> 51 #include "srtp.h" 52 53 #ifdef __cplusplus 54 extern "C" { 55 #endif 51 56 52 57 /** 53 58 * @defgroup Error Error Codes 54 * 55 * Error status codes are represented by the enumeration err_status_t.56 * 59 * 60 * Error status codes are represented by the enumeration srtp_err_status_t. 61 * 57 62 * @{ 58 63 */ 59 64 60 61 /*62 * @brief err_status_t defines error codes.63 *64 * The enumeration err_status_t defines error codes. Note that the65 * value of err_status_ok is equal to zero, which can simplify error66 * checking somewhat.67 *68 */69 typedef enum {70 err_status_ok = 0, /**< nothing to report */71 err_status_fail = 1, /**< unspecified failure */72 err_status_bad_param = 2, /**< unsupported parameter */73 err_status_alloc_fail = 3, /**< couldn't allocate memory */74 err_status_dealloc_fail = 4, /**< couldn't deallocate properly */75 err_status_init_fail = 5, /**< couldn't initialize */76 err_status_terminus = 6, /**< can't process as much data as requested */77 err_status_auth_fail = 7, /**< authentication failure */78 err_status_cipher_fail = 8, /**< cipher failure */79 err_status_replay_fail = 9, /**< replay check failed (bad index) */80 err_status_replay_old = 10, /**< replay check failed (index too old) */81 err_status_algo_fail = 11, /**< algorithm failed test routine */82 err_status_no_such_op = 12, /**< unsupported operation */83 err_status_no_ctx = 13, /**< no appropriate context found */84 err_status_cant_check = 14, /**< unable to perform desired validation */85 err_status_key_expired = 15, /**< can't use key any more */86 err_status_socket_err = 16, /**< error in use of socket */87 err_status_signal_err = 17, /**< error in use POSIX signals */88 err_status_nonce_bad = 18, /**< nonce check failed */89 err_status_read_fail = 19, /**< couldn't read data */90 err_status_write_fail = 20, /**< couldn't write data */91 err_status_parse_err = 21, /**< error parsing data */92 err_status_encode_err = 22, /**< error encoding data */93 err_status_semaphore_err = 23,/**< error while using semaphores */94 err_status_pfkey_err = 24 /**< error while using pfkey */95 } err_status_t;96 65 97 66 /** … … 100 69 101 70 typedef enum { 102 err_level_emergency = 0, 103 err_level_alert, 104 err_level_critical, 105 err_level_error, 106 err_level_warning, 107 err_level_notice, 108 err_level_info, 109 err_level_debug, 110 err_level_none 111 } err_reporting_level_t; 71 srtp_err_level_error, 72 srtp_err_level_warning, 73 srtp_err_level_info, 74 srtp_err_level_debug 75 } srtp_err_reporting_level_t; 112 76 113 77 /* 114 78 * err_reporting_init prepares the error system. If 115 * ERR_REPORTING_S YSLOG is defined, it will open syslog.79 * ERR_REPORTING_STDOUT is defined, it will log to stdout. 116 80 * 117 * The ident argument is a string that will be prepended to118 * all syslog messages. It is conventionally argv[0].119 81 */ 120 82 121 err_status_t 122 err_reporting_init(const char *ident); 83 srtp_err_status_t srtp_err_reporting_init(void); 123 84 124 #ifdef SRTP_KERNEL_LINUX 125 extern err_reporting_level_t err_level; 126 #else 85 typedef void (srtp_err_report_handler_func_t)(srtp_err_reporting_level_t level, const char * msg); 86 87 srtp_err_status_t srtp_install_err_report_handler(srtp_err_report_handler_func_t func); 127 88 128 89 /* 129 * keydaemon_report_errorreports a 'printf' formatted error130 * string, followed by a an arg list. The priorityargument131 * is equivalent to that defined for syslog.90 * srtp_err_report reports a 'printf' formatted error 91 * string, followed by a an arg list. The level argument 92 * is one of srtp_err_reporting_level_t. 132 93 * 133 * Errors will be reported to ERR_REPORTING_FILE, if defined, and to134 * syslog, if ERR_REPORTING_SYSLOGis defined.94 * Errors will be reported to stdout, if ERR_REPORTING_STDOUT 95 * is defined. 135 96 * 136 97 */ 137 98 138 99 void 139 err_report(int priority, const char *format, ...); 140 #endif /* ! SRTP_KERNEL_LINUX */ 100 srtp_err_report(srtp_err_reporting_level_t level, const char *format, ...); 141 101 142 102 … … 146 106 147 107 typedef struct { 148 int on;/* 1 if debugging is on, 0 if it is off */149 const char *name;/* printable name for debug module */150 } debug_module_t;108 int on; /* 1 if debugging is on, 0 if it is off */ 109 const char *name; /* printable name for debug module */ 110 } srtp_debug_module_t; 151 111 152 #ifdef ENABLE_DEBUG GING112 #ifdef ENABLE_DEBUG_LOGGING 153 113 154 #define debug_on(mod) (mod).on = 1155 156 #define debug_off(mod) (mod).on = 0157 158 /* use err_report() to report debug message */159 114 #define debug_print(mod, format, arg) \ 160 if (mod.on) err_report(err_level_debug, ("%s: " format "\n"), mod.name, arg)161 #define debug_print2(mod, format, arg1, arg2) \162 if (mod.on) err_report(err_level_debug, ("%s: " format "\n"), mod.name, arg1,arg2)115 srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg) 116 #define debug_print2(mod, format, arg1, arg2) \ 117 srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg1, arg2) 163 118 164 119 #else 165 120 166 /* define macros to do nothing */ 167 #define debug_print(mod, format, arg) 168 169 #define debug_on(mod) 170 171 #define debug_off(mod) 121 #define debug_print(mod, format, arg) \ 122 if (mod.on) srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg) 123 #define debug_print2(mod, format, arg1, arg2) \ 124 if (mod.on) srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg1, arg2) 172 125 173 126 #endif 174 127 128 #ifdef __cplusplus 129 } 130 #endif 131 175 132 #endif /* ERR_H */ -
pjproject/trunk/third_party/srtp/crypto/include/hmac.h
r5261 r5614 2 2 * hmac.h 3 3 * 4 * interface to hmac auth_type_t4 * interface to hmac srtp_auth_type_t 5 5 * 6 6 * David A. McGrew … … 9 9 */ 10 10 /* 11 * 12 * Copyright (c) 2001-20 06,2013, Cisco Systems, Inc.11 * 12 * Copyright (c) 2001-2017, Cisco Systems, Inc. 13 13 * All rights reserved. 14 * 14 * 15 15 * Redistribution and use in source and binary forms, with or without 16 16 * modification, are permitted provided that the following conditions 17 17 * are met: 18 * 18 * 19 19 * Redistributions of source code must retain the above copyright 20 20 * notice, this list of conditions and the following disclaimer. 21 * 21 * 22 22 * Redistributions in binary form must reproduce the above 23 23 * copyright notice, this list of conditions and the following 24 24 * disclaimer in the documentation and/or other materials provided 25 25 * with the distribution. 26 * 26 * 27 27 * Neither the name of the Cisco Systems, Inc. nor the names of its 28 28 * contributors may be used to endorse or promote products derived 29 29 * from this software without specific prior written permission. 30 * 30 * 31 31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 32 32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 51 51 52 52 typedef struct { 53 uint8_t opad[64]; 54 sha1_ctx_t ctx; 55 sha1_ctx_t init_ctx; 56 #ifdef OPENSSL 57 int ctx_initialized; 58 int init_ctx_initialized; 59 #endif 60 } hmac_ctx_t; 61 62 err_status_t 63 hmac_alloc(auth_t **a, int key_len, int out_len); 64 65 err_status_t 66 hmac_dealloc(auth_t *a); 67 68 err_status_t 69 hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len); 70 71 err_status_t 72 hmac_start(hmac_ctx_t *state); 73 74 err_status_t 75 hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets); 76 77 err_status_t 78 hmac_compute(hmac_ctx_t *state, const void *message, 79 int msg_octets, int tag_len, uint8_t *result); 80 53 uint8_t opad[64]; 54 srtp_sha1_ctx_t ctx; 55 srtp_sha1_ctx_t init_ctx; 56 } srtp_hmac_ctx_t; 81 57 82 58 #endif /* HMAC_H */ -
pjproject/trunk/third_party/srtp/crypto/include/integers.h
r5261 r5614 10 10 /* 11 11 * 12 * Copyright (c) 2001-20 06, Cisco Systems, Inc.12 * Copyright (c) 2001-2017, Cisco Systems, Inc. 13 13 * All rights reserved. 14 14 * … … 48 48 #define INTEGERS_H 49 49 50 #include "config.h"51 52 #ifdef SRTP_KERNEL53 54 #include "kernel_compat.h"55 56 #else /* SRTP_KERNEL */57 50 58 51 /* use standard integer definitions, if they're available */ … … 74 67 #ifdef HAVE_MACHINE_TYPES_H 75 68 # include <machine/types.h> 69 #endif 70 71 #ifdef __cplusplus 72 extern "C" { 76 73 #endif 77 74 … … 98 95 typedef unsigned int uint32_t; 99 96 #endif 97 #ifndef HAVE_INT32_T 98 typedef int int32_t; 99 #endif 100 100 101 101 … … 108 108 #endif 109 109 110 #endif /* SRTP_KERNEL */111 110 112 111 /* These macros are to load and store 32-bit values from un-aligned … … 145 144 #endif 146 145 146 #ifdef __cplusplus 147 } 148 #endif 149 147 150 #endif /* INTEGERS_H */ -
pjproject/trunk/third_party/srtp/crypto/include/key.h
r1730 r5614 3 3 * 4 4 * key usage limits enforcement 5 * 5 * 6 6 * David A. Mcgrew 7 7 * Cisco Systems, Inc. 8 8 */ 9 9 /* 10 * 11 * Copyright (c) 2001-20 06Cisco Systems, Inc.10 * 11 * Copyright (c) 2001-2017 Cisco Systems, Inc. 12 12 * All rights reserved. 13 * 13 * 14 14 * Redistribution and use in source and binary forms, with or without 15 15 * modification, are permitted provided that the following conditions 16 16 * are met: 17 * 17 * 18 18 * Redistributions of source code must retain the above copyright 19 19 * notice, this list of conditions and the following disclaimer. 20 * 20 * 21 21 * Redistributions in binary form must reproduce the above 22 22 * copyright notice, this list of conditions and the following 23 23 * disclaimer in the documentation and/or other materials provided 24 24 * with the distribution. 25 * 25 * 26 26 * Neither the name of the Cisco Systems, Inc. nor the names of its 27 27 * contributors may be used to endorse or promote products derived 28 28 * from this software without specific prior written permission. 29 * 29 * 30 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 46 46 #define KEY_H 47 47 48 #include "rdbx.h" /* for xtd_seq_num_t */48 #include "rdbx.h" /* for srtp_xtd_seq_num_t */ 49 49 #include "err.h" 50 50 51 typedef struct key_limit_ctx_t *key_limit_t; 51 #ifdef __cplusplus 52 extern "C" { 53 #endif 54 55 typedef struct srtp_key_limit_ctx_t *srtp_key_limit_t; 52 56 53 57 typedef enum { 54 key_event_normal,55 key_event_soft_limit,56 key_event_hard_limit57 } key_event_t;58 srtp_key_event_normal, 59 srtp_key_event_soft_limit, 60 srtp_key_event_hard_limit 61 } srtp_key_event_t; 58 62 59 err_status_t 60 key_limit_set(key_limit_t key, const xtd_seq_num_t s); 63 srtp_err_status_t srtp_key_limit_set(srtp_key_limit_t key, const srtp_xtd_seq_num_t s); 61 64 62 err_status_t 63 key_limit_clone(key_limit_t original, key_limit_t *new_key); 65 srtp_err_status_t srtp_key_limit_clone(srtp_key_limit_t original, srtp_key_limit_t *new_key); 64 66 65 err_status_t 66 key_limit_check(const key_limit_t key); 67 srtp_err_status_t srtp_key_limit_check(const srtp_key_limit_t key); 67 68 68 key_event_t 69 key_limit_update(key_limit_t key); 69 srtp_key_event_t srtp_key_limit_update(srtp_key_limit_t key); 70 70 71 typedef enum { 72 key_state_normal,73 key_state_past_soft_limit,74 key_state_expired75 } key_state_t;71 typedef enum { 72 srtp_key_state_normal, 73 srtp_key_state_past_soft_limit, 74 srtp_key_state_expired 75 } srtp_key_state_t; 76 76 77 typedef struct key_limit_ctx_t { 78 xtd_seq_num_t num_left; 79 key_state_t state; 80 } key_limit_ctx_t; 77 typedef struct srtp_key_limit_ctx_t { 78 srtp_xtd_seq_num_t num_left; 79 srtp_key_state_t state; 80 } srtp_key_limit_ctx_t; 81 82 #ifdef __cplusplus 83 } 84 #endif 81 85 82 86 #endif /* KEY_H */ -
pjproject/trunk/third_party/srtp/crypto/include/null_auth.h
r1730 r5614 8 8 9 9 /* 10 * 11 * Copyright (c) 2001-20 06, Cisco Systems, Inc.10 * 11 * Copyright (c) 2001-2017, Cisco Systems, Inc. 12 12 * All rights reserved. 13 * 13 * 14 14 * Redistribution and use in source and binary forms, with or without 15 15 * modification, are permitted provided that the following conditions 16 16 * are met: 17 * 17 * 18 18 * Redistributions of source code must retain the above copyright 19 19 * notice, this list of conditions and the following disclaimer. 20 * 20 * 21 21 * Redistributions in binary form must reproduce the above 22 22 * copyright notice, this list of conditions and the following 23 23 * disclaimer in the documentation and/or other materials provided 24 24 * with the distribution. 25 * 25 * 26 26 * Neither the name of the Cisco Systems, Inc. nor the names of its 27 27 * contributors may be used to endorse or promote products derived 28 28 * from this software without specific prior written permission. 29 * 29 * 30 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 48 48 #include "auth.h" 49 49 50 #ifdef __cplusplus 51 extern "C" { 52 #endif 53 50 54 typedef struct { 51 52 } null_auth_ctx_t;55 char foo; 56 } srtp_null_auth_ctx_t; 53 57 54 err_status_t 55 null_auth_alloc(auth_t **a, int key_len, int out_len);58 #if 0 59 srtp_err_status_t srtp_null_auth_alloc(srtp_auth_t **a, int key_len, int out_len); 56 60 57 err_status_t 58 null_auth_dealloc(auth_t *a); 61 srtp_err_status_t srtp_null_auth_dealloc(srtp_auth_t *a); 59 62 60 err_status_t 61 null_auth_init(null_auth_ctx_t *state, const uint8_t *key, int key_len); 63 srtp_err_status_t srtp_null_auth_init(srtp_null_auth_ctx_t *state, const uint8_t *key, int key_len); 62 64 63 err_status_t 64 null_auth_compute (null_auth_ctx_t *state, uint8_t *message, 65 int msg_octets, int tag_len, uint8_t *result); 65 srtp_err_status_t srtp_null_auth_compute(srtp_null_auth_ctx_t *state, uint8_t *message, int msg_octets, int tag_len, uint8_t *result); 66 66 67 #endif 68 69 #ifdef __cplusplus 70 } 71 #endif 67 72 68 73 #endif /* NULL_AUTH_H */ -
pjproject/trunk/third_party/srtp/crypto/include/null_cipher.h
r5261 r5614 10 10 11 11 /* 12 * 13 * Copyright (c) 2001-20 06, Cisco Systems, Inc.12 * 13 * Copyright (c) 2001-2017, Cisco Systems, Inc. 14 14 * All rights reserved. 15 * 15 * 16 16 * Redistribution and use in source and binary forms, with or without 17 17 * modification, are permitted provided that the following conditions 18 18 * are met: 19 * 19 * 20 20 * Redistributions of source code must retain the above copyright 21 21 * notice, this list of conditions and the following disclaimer. 22 * 22 * 23 23 * Redistributions in binary form must reproduce the above 24 24 * copyright notice, this list of conditions and the following 25 25 * disclaimer in the documentation and/or other materials provided 26 26 * with the distribution. 27 * 27 * 28 28 * Neither the name of the Cisco Systems, Inc. nor the names of its 29 29 * contributors may be used to endorse or promote products derived 30 30 * from this software without specific prior written permission. 31 * 31 * 32 32 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 33 33 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 53 53 54 54 typedef struct { 55 char foo ;/* empty, for now */ 56 } null_cipher_ctx_t; 57 58 59 /* 60 * none of these functions do anything (though future versions may keep 61 * track of bytes encrypted, number of instances, and/or other info). 62 */ 63 64 err_status_t 65 null_cipher_init(null_cipher_ctx_t *c, const uint8_t *key, int key_len); 66 67 err_status_t 68 null_cipher_set_segment(null_cipher_ctx_t *c, 69 unsigned long segment_index); 70 71 err_status_t 72 null_cipher_encrypt(null_cipher_ctx_t *c, 73 unsigned char *buf, unsigned int *bytes_to_encr); 74 75 76 err_status_t 77 null_cipher_encrypt_aligned(null_cipher_ctx_t *c, 78 unsigned char *buf, int bytes_to_encr); 55 char foo; /* empty, for now */ 56 } srtp_null_cipher_ctx_t; 79 57 80 58 #endif /* NULL_CIPHER_H */ -
pjproject/trunk/third_party/srtp/crypto/include/rdb.h
r5261 r5614 11 11 /* 12 12 * 13 * Copyright (c) 2001-20 06, Cisco Systems, Inc.13 * Copyright (c) 2001-2017, Cisco Systems, Inc. 14 14 * All rights reserved. 15 15 * … … 50 50 #include "integers.h" /* for uint32_t */ 51 51 #include "datatypes.h" /* for v128_t */ 52 #include "err.h" /* for err_status_t */ 52 #include "err.h" /* for srtp_err_status_t */ 53 54 #ifdef __cplusplus 55 extern "C" { 56 #endif 53 57 54 58 /* … … 58 62 59 63 typedef struct { 60 uint32_t window_start;/* packet index of the first bit in bitmask */61 v128_t bitmask;62 } rdb_t;64 uint32_t window_start; /* packet index of the first bit in bitmask */ 65 v128_t bitmask; 66 } srtp_rdb_t; 63 67 64 #define rdb_bits_in_bitmask (8 *sizeof(v128_t))68 #define rdb_bits_in_bitmask (8 * sizeof(v128_t)) 65 69 66 70 /* 67 * rdbinit71 * srtp_rdb_init 68 72 * 69 73 * initalizes rdb 70 74 * 71 * returns err_status_ok on success,err_status_t_fail otherwise75 * returns srtp_err_status_ok on success, srtp_err_status_t_fail otherwise 72 76 */ 73 74 err_status_t 75 rdb_init(rdb_t *rdb); 77 srtp_err_status_t srtp_rdb_init(srtp_rdb_t *rdb); 76 78 77 79 78 80 /* 79 * rdb_check81 * srtp_rdb_check 80 82 * 81 83 * checks to see if index appears in rdb 82 84 * 83 * returns err_status_fail if the index already appears in rdb,84 * returns err_status_ok otherwise85 * returns srtp_err_status_fail if the index already appears in rdb, 86 * returns srtp_err_status_ok otherwise 85 87 */ 86 87 err_status_t 88 rdb_check(const rdb_t *rdb, uint32_t rdb_index); 88 srtp_err_status_t srtp_rdb_check(const srtp_rdb_t *rdb, uint32_t rdb_index); 89 89 90 90 /* 91 * rdb_add_index91 * srtp_rdb_add_index 92 92 * 93 * adds index to rdb_t (and does *not* check if index appears in db)93 * adds index to srtp_rdb_t (and does *not* check if index appears in db) 94 94 * 95 * returns err_status_ok on success,err_status_fail otherwise95 * returns srtp_err_status_ok on success, srtp_err_status_fail otherwise 96 96 * 97 97 */ 98 99 err_status_t 100 rdb_add_index(rdb_t *rdb, uint32_t rdb_index); 98 srtp_err_status_t srtp_rdb_add_index(srtp_rdb_t *rdb, uint32_t rdb_index); 101 99 102 100 /* 103 * the functions rdb_increment() and rdb_get_value() are for use by101 * the functions srtp_rdb_increment() and srtp_rdb_get_value() are for use by 104 102 * senders, not receivers - DO NOT use these functions on the same 105 * rdb_t upon whichrdb_add_index is used!103 * srtp_rdb_t upon which srtp_rdb_add_index is used! 106 104 */ 107 105 108 106 109 107 /* 110 * rdb_increment(db) increments the sequence number in db, if it is108 * srtp_rdb_increment(db) increments the sequence number in db, if it is 111 109 * not too high 112 110 * 113 111 * return values: 114 * 115 * err_status_ok no problem116 * err_status_key_expired sequence number too high112 * 113 * srtp_err_status_ok no problem 114 * srtp_err_status_key_expired sequence number too high 117 115 * 118 116 */ 119 err_status_t 120 rdb_increment(rdb_t *rdb); 117 srtp_err_status_t srtp_rdb_increment(srtp_rdb_t *rdb); 121 118 122 119 /* 123 * rdb_get_value(db) returns the current sequence number of db120 * srtp_rdb_get_value(db) returns the current sequence number of db 124 121 */ 125 126 uint32_t 127 rdb_get_value(const rdb_t *rdb); 122 uint32_t srtp_rdb_get_value(const srtp_rdb_t *rdb); 128 123 129 124 130 #endif /* REPLAY_DB_H */ 125 #ifdef __cplusplus 126 } 127 #endif 128 129 #endif /* REPLAY_DB_H */ -
pjproject/trunk/third_party/srtp/crypto/include/rdbx.h
r5261 r5614 11 11 /* 12 12 * 13 * Copyright (c) 2001-20 06, Cisco Systems, Inc.13 * Copyright (c) 2001-2017, Cisco Systems, Inc. 14 14 * All rights reserved. 15 15 * … … 51 51 #include "err.h" 52 52 53 /* #define ROC_TEST */ 53 #ifdef __cplusplus 54 extern "C" { 55 #endif 56 57 /* #define ROC_TEST */ 54 58 55 59 #ifndef ROC_TEST 56 60 57 typedef uint16_t s equence_number_t; /* 16 bit sequence number */58 typedef uint32_t rollover_counter_t;/* 32 bit rollover counter */61 typedef uint16_t srtp_sequence_number_t; /* 16 bit sequence number */ 62 typedef uint32_t srtp_rollover_counter_t; /* 32 bit rollover counter */ 59 63 60 64 #else /* use small seq_num and roc datatypes for testing purposes */ 61 65 62 typedef unsigned char s equence_number_t;/* 8 bit sequence number */63 typedef uint16_t rollover_counter_t;/* 16 bit rollover counter */66 typedef unsigned char srtp_sequence_number_t; /* 8 bit sequence number */ 67 typedef uint16_t srtp_rollover_counter_t; /* 16 bit rollover counter */ 64 68 65 69 #endif 66 70 67 #define seq_num_median (1 << (8*sizeof(sequence_number_t) - 1)) 68 #define seq_num_max (1 << (8*sizeof(sequence_number_t))) 69 70 /* 71 * An xtd_seq_num_t is a 64-bit unsigned integer used as an 'extended' 72 * sequence number. 73 */ 74 75 typedef uint64_t xtd_seq_num_t; 76 77 78 /* 79 * An rdbx_t is a replay database with extended range; it uses an 71 #define seq_num_median (1 << (8 * sizeof(srtp_sequence_number_t) - 1)) 72 #define seq_num_max (1 << (8 * sizeof(srtp_sequence_number_t))) 73 74 /* 75 * An rtp_xtd_seq_num_t is a 64-bit unsigned integer used as an 'extended' 76 * sequence number. 77 */ 78 typedef uint64_t srtp_xtd_seq_num_t; 79 80 81 /* 82 * An srtp_rdbx_t is a replay database with extended range; it uses an 80 83 * xtd_seq_num_t and a bitmask of recently received indices. 81 84 */ 82 83 85 typedef struct { 84 xtd_seq_num_t index;85 bitvector_t bitmask;86 } rdbx_t;87 88 89 /* 90 * rdbx_init(rdbx_ptr, ws)86 srtp_xtd_seq_num_t index; 87 bitvector_t bitmask; 88 } srtp_rdbx_t; 89 90 91 /* 92 * srtp_rdbx_init(rdbx_ptr, ws) 91 93 * 92 94 * initializes the rdbx pointed to by its argument with the window size ws, 93 95 * setting the rollover counter and sequence number to zero 94 96 */ 95 96 err_status_t 97 rdbx_init(rdbx_t *rdbx, unsigned long ws); 98 99 100 /* 101 * rdbx_dealloc(rdbx_ptr) 97 srtp_err_status_t srtp_rdbx_init(srtp_rdbx_t *rdbx, unsigned long ws); 98 99 100 /* 101 * srtp_rdbx_dealloc(rdbx_ptr) 102 102 * 103 103 * frees memory associated with the rdbx 104 104 */ 105 106 err_status_t 107 rdbx_dealloc(rdbx_t *rdbx); 108 109 110 /* 111 * rdbx_estimate_index(rdbx, guess, s) 112 * 105 srtp_err_status_t srtp_rdbx_dealloc(srtp_rdbx_t *rdbx); 106 107 108 /* 109 * srtp_rdbx_estimate_index(rdbx, guess, s) 110 * 113 111 * given an rdbx and a sequence number s (from a newly arrived packet), 114 112 * sets the contents of *guess to contain the best guess of the packet … … 116 114 * *guess and the locally stored synch info 117 115 */ 118 119 int 120 rdbx_estimate_index(const rdbx_t *rdbx, 121 xtd_seq_num_t *guess, 122 sequence_number_t s); 123 124 /* 125 * rdbx_check(rdbx, delta); 126 * 127 * rdbx_check(&r, delta) checks to see if the xtd_seq_num_t 116 int32_t srtp_rdbx_estimate_index(const srtp_rdbx_t *rdbx, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s); 117 118 /* 119 * srtp_rdbx_check(rdbx, delta); 120 * 121 * srtp_rdbx_check(&r, delta) checks to see if the xtd_seq_num_t 128 122 * which is at rdbx->window_start + delta is in the rdb 129 123 * 130 124 */ 131 132 err_status_t 133 rdbx_check(const rdbx_t *rdbx, int difference); 134 135 /* 136 * replay_add_index(rdbx, delta) 137 * 138 * adds the xtd_seq_num_t at rdbx->window_start + delta to replay_db 125 srtp_err_status_t srtp_rdbx_check(const srtp_rdbx_t *rdbx, int difference); 126 127 /* 128 * srtp_replay_add_index(rdbx, delta) 129 * 130 * adds the srtp_xtd_seq_num_t at rdbx->window_start + delta to replay_db 139 131 * (and does *not* check if that xtd_seq_num_t appears in db) 140 132 * … … 143 135 * should protect the rdbx between these calls if necessary. 144 136 */ 145 146 err_status_t 147 rdbx_add_index(rdbx_t *rdbx, int delta); 148 149 150 /* 151 * rdbx_set_roc(rdbx, roc) initalizes the rdbx_t at the location rdbx 137 srtp_err_status_t srtp_rdbx_add_index(srtp_rdbx_t *rdbx, int delta); 138 139 140 /* 141 * srtp_rdbx_set_roc(rdbx, roc) initalizes the srtp_rdbx_t at the location rdbx 152 142 * to have the rollover counter value roc. If that value is less than 153 143 * the current rollover counter value, then the function returns 154 * err_status_replay_old; otherwise, err_status_ok is returned. 155 * 156 */ 157 158 err_status_t 159 rdbx_set_roc(rdbx_t *rdbx, uint32_t roc); 160 161 /* 162 * rdbx_get_roc(rdbx) returns the value of the rollover counter for 163 * the rdbx_t pointed to by rdbx 164 * 165 */ 166 167 xtd_seq_num_t 168 rdbx_get_packet_index(const rdbx_t *rdbx); 169 170 /* 171 * xtd_seq_num_t functions - these are *internal* functions of rdbx, and 144 * srtp_err_status_replay_old; otherwise, srtp_err_status_ok is returned. 145 * 146 */ 147 srtp_err_status_t srtp_rdbx_set_roc(srtp_rdbx_t *rdbx, uint32_t roc); 148 149 /* 150 * srtp_rdbx_get_packet_index(rdbx) returns the value of the rollover counter for 151 * the srtp_rdbx_t pointed to by rdbx 152 * 153 */ 154 srtp_xtd_seq_num_t srtp_rdbx_get_packet_index(const srtp_rdbx_t *rdbx); 155 156 /* 157 * srtp_xtd_seq_num_t functions - these are *internal* functions of rdbx, and 172 158 * shouldn't be used to manipulate rdbx internal values. use the rdbx 173 159 * api instead! … … 175 161 176 162 /* 177 * rdbx_get_ws(rdbx_ptr)163 * srtp_rdbx_get_ws(rdbx_ptr) 178 164 * 179 165 * gets the window size which was used to initialize the rdbx 180 166 */ 181 182 unsigned long 183 rdbx_get_window_size(const rdbx_t *rdbx); 167 unsigned long srtp_rdbx_get_window_size(const srtp_rdbx_t *rdbx); 184 168 185 169 186 170 /* index_init(&pi) initializes a packet index pi (sets it to zero) */ 187 188 void 189 index_init(xtd_seq_num_t *pi); 171 void srtp_index_init(srtp_xtd_seq_num_t *pi); 190 172 191 173 /* index_advance(&pi, s) advances a xtd_seq_num_t forward by s */ 192 193 void 194 index_advance(xtd_seq_num_t *pi, sequence_number_t s); 195 196 197 /* 198 * index_guess(local, guess, s) 199 * 200 * given a xtd_seq_num_t local (which represents the highest 174 void srtp_index_advance(srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s); 175 176 177 /* 178 * srtp_index_guess(local, guess, s) 179 * 180 * given a srtp_xtd_seq_num_t local (which represents the highest 201 181 * known-to-be-good index) and a sequence number s (from a newly 202 182 * arrived packet), sets the contents of *guess to contain the best … … 204 184 * difference between *guess and *local 205 185 */ 206 207 int 208 index_guess(const xtd_seq_num_t *local, 209 xtd_seq_num_t *guess, 210 sequence_number_t s); 211 186 int32_t srtp_index_guess(const srtp_xtd_seq_num_t *local, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s); 187 188 /* 189 * srtp_rdbx_get_roc(rdbx) 190 * 191 * Get the current rollover counter 192 * 193 */ 194 uint32_t srtp_rdbx_get_roc(const srtp_rdbx_t *rdbx); 195 196 /* 197 * srtp_rdbx_set_roc_seq(rdbx, roc, seq) initalizes the srtp_rdbx_t at the 198 * location rdbx to have the rollover counter value roc and packet sequence 199 * number seq. If the new rollover counter value is less than the current 200 * rollover counter value, then the function returns 201 * srtp_err_status_replay_old, otherwise, srtp_err_status_ok is returned. 202 */ 203 srtp_err_status_t srtp_rdbx_set_roc_seq (srtp_rdbx_t *rdbx, 204 uint32_t roc, 205 uint16_t seq); 206 207 #ifdef __cplusplus 208 } 209 #endif 212 210 213 211 #endif /* RDBX_H */ 214 215 216 217 218 219 220 221 222 -
pjproject/trunk/third_party/srtp/crypto/include/sha1.h
r5261 r5614 10 10 11 11 /* 12 * 13 * Copyright (c) 2001-20 06, Cisco Systems, Inc.12 * 13 * Copyright (c) 2001-2017, Cisco Systems, Inc. 14 14 * All rights reserved. 15 * 15 * 16 16 * Redistribution and use in source and binary forms, with or without 17 17 * modification, are permitted provided that the following conditions 18 18 * are met: 19 * 19 * 20 20 * Redistributions of source code must retain the above copyright 21 21 * notice, this list of conditions and the following disclaimer. 22 * 22 * 23 23 * Redistributions in binary form must reproduce the above 24 24 * copyright notice, this list of conditions and the following 25 25 * disclaimer in the documentation and/or other materials provided 26 26 * with the distribution. 27 * 27 * 28 28 * Neither the name of the Cisco Systems, Inc. nor the names of its 29 29 * contributors may be used to endorse or promote products derived 30 30 * from this software without specific prior written permission. 31 * 31 * 32 32 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 33 33 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 56 56 #include <openssl/evp.h> 57 57 #include <stdint.h> 58 #else 59 #include "datatypes.h" 60 #endif 58 61 59 typedef EVP_MD_CTX sha1_ctx_t; 62 #ifdef __cplusplus 63 extern "C" { 64 #endif 65 66 #ifdef OPENSSL 60 67 61 68 /* 62 * s ha1_init(&ctx) initializes the SHA1 context ctx69 * srtp_sha1_init(&ctx) initializes the SHA1 context ctx 63 70 * 64 * s ha1_update(&ctx, msg, len) hashes the len octets starting at msg71 * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg 65 72 * into the SHA1 context 66 73 * 67 * s ha1_final(&ctx, output) performs the final processing of the SHA174 * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1 68 75 * context and writes the result to the 20 octets at output 69 76 * … … 73 80 */ 74 81 75 static inline void sha1_init (sha1_ctx_t *ctx) 82 /* OpenSSL 1.1.0 made EVP_MD_CTX an opaque structure, which must be allocated 83 using EVP_MD_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */ 84 #if OPENSSL_VERSION_NUMBER < 0x10100000L 85 86 typedef EVP_MD_CTX srtp_sha1_ctx_t; 87 88 static inline void srtp_sha1_init (srtp_sha1_ctx_t *ctx) 76 89 { 77 90 EVP_MD_CTX_init(ctx); … … 79 92 } 80 93 81 static inline void s ha1_update (sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)94 static inline void srtp_sha1_update (srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg) 82 95 { 83 96 EVP_DigestUpdate(ctx, M, octets_in_msg); 84 97 } 85 98 86 static inline void s ha1_final (sha1_ctx_t *ctx, uint32_t *output)99 static inline void srtp_sha1_final (srtp_sha1_ctx_t *ctx, uint32_t *output) 87 100 { 88 101 unsigned int len = 0; 89 102 90 103 EVP_DigestFinal(ctx, (unsigned char*)output, &len); 104 EVP_MD_CTX_cleanup(ctx); 91 105 } 106 92 107 #else 93 #include "datatypes.h" 108 109 typedef EVP_MD_CTX* srtp_sha1_ctx_t; 110 111 static inline void srtp_sha1_init (srtp_sha1_ctx_t *ctx) 112 { 113 *ctx = EVP_MD_CTX_new(); 114 EVP_DigestInit(*ctx, EVP_sha1()); 115 } 116 117 static inline void srtp_sha1_update (srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg) 118 { 119 EVP_DigestUpdate(*ctx, M, octets_in_msg); 120 } 121 122 static inline void srtp_sha1_final (srtp_sha1_ctx_t *ctx, uint32_t *output) 123 { 124 unsigned int len = 0; 125 126 EVP_DigestFinal(*ctx, (unsigned char*)output, &len); 127 EVP_MD_CTX_free(*ctx); 128 } 129 #endif 130 131 #else 94 132 95 133 typedef struct { 96 uint32_t H[5]; /* state vector */ 97 uint32_t M[16]; /* message buffer */ 98 int octets_in_buffer; /* octets of message in buffer */ 99 uint32_t num_bits_in_msg; /* total number of bits in message */ 100 } sha1_ctx_t; 134 uint32_t H[5]; /* state vector */ 135 uint32_t M[16]; /* message buffer */ 136 int octets_in_buffer; /* octets of message in buffer */ 137 uint32_t num_bits_in_msg; /* total number of bits in message */ 138 } srtp_sha1_ctx_t; 139 101 140 102 141 /* 103 * sha1(&ctx, msg, len, output) hashes the len octets starting at msg 104 * into the SHA1 context, then writes the result to the 20 octets at 105 * output 106 * 107 */ 108 109 void 110 sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]); 111 112 /* 113 * sha1_init(&ctx) initializes the SHA1 context ctx 114 * 115 * sha1_update(&ctx, msg, len) hashes the len octets starting at msg 142 * srtp_sha1_init(&ctx) initializes the SHA1 context ctx 143 * 144 * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg 116 145 * into the SHA1 context 117 * 118 * s ha1_final(&ctx, output) performs the final processing of the SHA1146 * 147 * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1 119 148 * context and writes the result to the 20 octets at output 120 149 * 121 150 */ 151 void srtp_sha1_init(srtp_sha1_ctx_t *ctx); 122 152 123 void 124 sha1_init(sha1_ctx_t *ctx); 153 void srtp_sha1_update(srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg); 125 154 126 void 127 sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg); 128 129 void 130 sha1_final(sha1_ctx_t *ctx, uint32_t output[5]); 155 void srtp_sha1_final(srtp_sha1_ctx_t * ctx, uint32_t output[5]); 131 156 132 157 /* 133 * The s ha1_core function is INTERNAL to SHA-1, but it is declared158 * The srtp_sha1_core function is INTERNAL to SHA-1, but it is declared 134 159 * here because it is also used by the cipher SEAL 3.0 in its key 135 * setup algorithm. 160 * setup algorithm. 136 161 */ 137 162 138 163 /* 139 * s ha1_core(M, H) computes the core sha1 compression function, where M is164 * srtp_sha1_core(M, H) computes the core sha1 compression function, where M is 140 165 * the next part of the message and H is the intermediate state {H0, 141 166 * H1, ...} … … 144 169 * complete sha1 function 145 170 */ 146 147 void 148 sha1_core(const uint32_t M[16], uint32_t hash_value[5]); 171 void srtp_sha1_core(const uint32_t M[16], uint32_t hash_value[5]); 149 172 150 173 #endif /* else OPENSSL */ 151 174 175 #ifdef __cplusplus 176 } 177 #endif 178 152 179 #endif /* SHA1_H */ -
pjproject/trunk/third_party/srtp/crypto/include/stat.h
r1730 r5614 10 10 /* 11 11 * 12 * Copyright(c) 2001-20 06, Cisco Systems, Inc.12 * Copyright(c) 2001-2017, Cisco Systems, Inc. 13 13 * All rights reserved. 14 14 * … … 49 49 50 50 #include "datatypes.h" /* for uint8_t */ 51 #include "err.h" /* for err_status_t */ 52 #include "rand_source.h" /* for rand_source_func_t definition */ 51 #include "err.h" /* for srtp_err_status_t */ 53 52 54 err_status_t 55 stat_test_monobit(uint8_t *data); 53 #ifdef __cplusplus 54 extern "C" { 55 #endif 56 56 57 err_status_t 58 stat_test_poker(uint8_t *data); 57 srtp_err_status_t stat_test_monobit(uint8_t *data); 59 58 60 err_status_t 61 stat_test_runs(uint8_t *data); 59 srtp_err_status_t stat_test_poker(uint8_t *data); 62 60 63 err_status_t 64 stat_test_rand_source(rand_source_func_t rs); 61 srtp_err_status_t stat_test_runs(uint8_t *data); 65 62 66 err_status_t 67 stat_test_rand_source_with_repetition(rand_source_func_t source, unsigned num_trials); 63 #ifdef __cplusplus 64 } 65 #endif 68 66 69 67 #endif /* STAT_H */ -
pjproject/trunk/third_party/srtp/crypto/kernel/alloc.c
r5261 r5614 9 9 /* 10 10 * 11 * Copyright (c) 2001-20 06Cisco Systems, Inc.11 * Copyright (c) 2001-2017 Cisco Systems, Inc. 12 12 * All rights reserved. 13 13 * … … 52 52 /* the debug module for memory allocation */ 53 53 54 debug_module_t mod_alloc = {54 srtp_debug_module_t mod_alloc = { 55 55 0, /* debugging is off by default */ 56 56 "alloc" /* printable name for module */ … … 58 58 59 59 /* 60 * Nota bene: the debugging statements for crypto_alloc() and61 * crypto_free() have identical prefixes, which include the addresses60 * Nota bene: the debugging statements for srtp_crypto_alloc() and 61 * srtp_crypto_free() have identical prefixes, which include the addresses 62 62 * of the memory locations on which they are operating. This fact can 63 63 * be used to locate memory leaks, by turning on memory debugging, … … 66 66 */ 67 67 68 #if def SRTP_KERNEL_LINUX68 #if defined(HAVE_STDLIB_H) 69 69 70 #include <linux/interrupt.h> 71 72 void * 73 crypto_alloc(size_t size) { 74 void *ptr; 75 76 ptr = kmalloc(size, in_interrupt() ? GFP_ATOMIC : GFP_KERNEL); 77 78 if (ptr) { 79 debug_print(mod_alloc, "(location: %p) allocated", ptr); 80 } else { 81 debug_print(mod_alloc, "allocation failed (asked for %d bytes)\n", size); 82 } 83 84 return ptr; 85 } 86 87 void 88 crypto_free(void *ptr) { 89 90 debug_print(mod_alloc, "(location: %p) freed", ptr); 91 92 kfree(ptr); 93 } 94 95 96 #elif defined(HAVE_STDLIB_H) 97 98 void * 99 crypto_alloc(size_t size) { 70 void * srtp_crypto_alloc(size_t size) { 100 71 void *ptr; 101 72 … … 111 82 } 112 83 113 void 114 crypto_free(void *ptr) { 84 void srtp_crypto_free(void *ptr) { 115 85 116 86 debug_print(mod_alloc, "(location: %p) freed", ptr); -
pjproject/trunk/third_party/srtp/crypto/kernel/crypto_kernel.c
r5261 r5614 8 8 */ 9 9 /* 10 * 11 * Copyright(c) 2001-20 06,2013Cisco Systems, Inc.10 * 11 * Copyright(c) 2001-2017 Cisco Systems, Inc. 12 12 * All rights reserved. 13 * 13 * 14 14 * Redistribution and use in source and binary forms, with or without 15 15 * modification, are permitted provided that the following conditions 16 16 * are met: 17 * 17 * 18 18 * Redistributions of source code must retain the above copyright 19 19 * notice, this list of conditions and the following disclaimer. 20 * 20 * 21 21 * Redistributions in binary form must reproduce the above 22 22 * copyright notice, this list of conditions and the following 23 23 * disclaimer in the documentation and/or other materials provided 24 24 * with the distribution. 25 * 25 * 26 26 * Neither the name of the Cisco Systems, Inc. nor the names of its 27 27 * contributors may be used to endorse or promote products derived 28 28 * from this software without specific prior written permission. 29 * 29 * 30 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 54 54 /* the debug module for the crypto_kernel */ 55 55 56 debug_module_tmod_crypto_kernel = {57 0,/* debugging is off by default */58 "crypto kernel"/* printable name for module */56 srtp_debug_module_t srtp_mod_crypto_kernel = { 57 0, /* debugging is off by default */ 58 "crypto kernel" /* printable name for module */ 59 59 }; 60 60 61 61 /* 62 * other debug modules that can be included in the kernel62 * other generic debug modules that can be included in the kernel 63 63 */ 64 64 65 extern debug_module_tmod_auth;66 extern debug_module_tmod_cipher;67 extern debug_module_t mod_stat;68 extern debug_module_t mod_alloc;69 70 /* 65 extern srtp_debug_module_t srtp_mod_auth; 66 extern srtp_debug_module_t srtp_mod_cipher; 67 extern srtp_debug_module_t mod_stat; 68 extern srtp_debug_module_t mod_alloc; 69 70 /* 71 71 * cipher types that can be included in the kernel 72 */ 73 74 extern cipher_type_tnull_cipher;75 extern cipher_type_t aes_icm;76 #ifndef OPENSSL 77 extern cipher_type_t aes_cbc; 78 #else 79 extern cipher_type_taes_gcm_128_openssl;80 extern cipher_type_taes_gcm_256_openssl;72 */ 73 74 extern srtp_cipher_type_t srtp_null_cipher; 75 extern srtp_cipher_type_t srtp_aes_icm_128; 76 extern srtp_cipher_type_t srtp_aes_icm_256; 77 #ifdef OPENSSL 78 extern srtp_cipher_type_t srtp_aes_icm_192; 79 extern srtp_cipher_type_t srtp_aes_gcm_128_openssl; 80 extern srtp_cipher_type_t srtp_aes_gcm_256_openssl; 81 81 #endif 82 82 83 /* debug modules for cipher types */ 84 extern srtp_debug_module_t srtp_mod_aes_icm; 85 #ifdef OPENSSL 86 extern srtp_debug_module_t srtp_mod_aes_gcm; 87 #endif 83 88 84 89 /* … … 86 91 */ 87 92 88 extern auth_type_t null_auth; 89 extern auth_type_t hmac; 93 extern srtp_auth_type_t srtp_null_auth; 94 extern srtp_auth_type_t srtp_hmac; 95 96 /* debug modules for auth types */ 97 extern srtp_debug_module_t srtp_mod_hmac; 90 98 91 99 /* crypto_kernel is a global variable, the only one of its datatype */ 92 100 93 crypto_kernel_t 94 crypto_kernel = { 95 crypto_kernel_state_insecure, /* start off in insecure state */ 96 NULL, /* no cipher types yet */ 97 NULL, /* no auth types yet */ 98 NULL /* no debug modules yet */ 101 srtp_crypto_kernel_t crypto_kernel = { 102 srtp_crypto_kernel_state_insecure, /* start off in insecure state */ 103 NULL, /* no cipher types yet */ 104 NULL, /* no auth types yet */ 105 NULL /* no debug modules yet */ 99 106 }; 100 107 101 108 #define MAX_RNG_TRIALS 25 102 109 103 err_status_t 104 crypto_kernel_init() { 105 err_status_t status; 106 107 /* check the security state */ 108 if (crypto_kernel.state == crypto_kernel_state_secure) { 109 110 srtp_err_status_t srtp_crypto_kernel_init () 111 { 112 srtp_err_status_t status; 113 114 /* check the security state */ 115 if (crypto_kernel.state == srtp_crypto_kernel_state_secure) { 116 117 /* 118 * we're already in the secure state, but we've been asked to 119 * re-initialize, so we just re-run the self-tests and then return 120 */ 121 return srtp_crypto_kernel_status(); 122 } 123 124 /* initialize error reporting system */ 125 status = srtp_err_reporting_init(); 126 if (status) { 127 return status; 128 } 129 130 /* load debug modules */ 131 status = srtp_crypto_kernel_load_debug_module(&srtp_mod_crypto_kernel); 132 if (status) { 133 return status; 134 } 135 status = srtp_crypto_kernel_load_debug_module(&srtp_mod_auth); 136 if (status) { 137 return status; 138 } 139 status = srtp_crypto_kernel_load_debug_module(&srtp_mod_cipher); 140 if (status) { 141 return status; 142 } 143 status = srtp_crypto_kernel_load_debug_module(&mod_stat); 144 if (status) { 145 return status; 146 } 147 status = srtp_crypto_kernel_load_debug_module(&mod_alloc); 148 if (status) { 149 return status; 150 } 151 152 /* load cipher types */ 153 status = srtp_crypto_kernel_load_cipher_type(&srtp_null_cipher, SRTP_NULL_CIPHER); 154 if (status) { 155 return status; 156 } 157 status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_128, SRTP_AES_ICM_128); 158 if (status) { 159 return status; 160 } 161 status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_256, SRTP_AES_ICM_256); 162 if (status) { 163 return status; 164 } 165 status = srtp_crypto_kernel_load_debug_module(&srtp_mod_aes_icm); 166 if (status) { 167 return status; 168 } 169 #ifdef OPENSSL 170 status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_192, SRTP_AES_ICM_192); 171 if (status) { 172 return status; 173 } 174 status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_128_openssl, SRTP_AES_GCM_128); 175 if (status) { 176 return status; 177 } 178 status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_256_openssl, SRTP_AES_GCM_256); 179 if (status) { 180 return status; 181 } 182 status = srtp_crypto_kernel_load_debug_module(&srtp_mod_aes_gcm); 183 if (status) { 184 return status; 185 } 186 #endif 187 188 /* load auth func types */ 189 status = srtp_crypto_kernel_load_auth_type(&srtp_null_auth, SRTP_NULL_AUTH); 190 if (status) { 191 return status; 192 } 193 status = srtp_crypto_kernel_load_auth_type(&srtp_hmac, SRTP_HMAC_SHA1); 194 if (status) { 195 return status; 196 } 197 status = srtp_crypto_kernel_load_debug_module(&srtp_mod_hmac); 198 if (status) { 199 return status; 200 } 201 202 /* change state to secure */ 203 crypto_kernel.state = srtp_crypto_kernel_state_secure; 204 205 return srtp_err_status_ok; 206 } 207 208 srtp_err_status_t srtp_crypto_kernel_status () 209 { 210 srtp_err_status_t status; 211 srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; 212 srtp_kernel_auth_type_t *atype = crypto_kernel.auth_type_list; 213 214 /* for each cipher type, describe and test */ 215 while (ctype != NULL) { 216 srtp_err_report(srtp_err_level_info, "cipher: %s\n", ctype->cipher_type->description); 217 srtp_err_report(srtp_err_level_info, " self-test: "); 218 status = srtp_cipher_type_self_test(ctype->cipher_type); 219 if (status) { 220 srtp_err_report(srtp_err_level_error, "failed with error code %d\n", status); 221 exit(status); 222 } 223 srtp_err_report(srtp_err_level_info, "passed\n"); 224 ctype = ctype->next; 225 } 226 227 /* for each auth type, describe and test */ 228 while (atype != NULL) { 229 srtp_err_report(srtp_err_level_info, "auth func: %s\n", atype->auth_type->description); 230 srtp_err_report(srtp_err_level_info, " self-test: "); 231 status = srtp_auth_type_self_test(atype->auth_type); 232 if (status) { 233 srtp_err_report(srtp_err_level_error, "failed with error code %d\n", status); 234 exit(status); 235 } 236 srtp_err_report(srtp_err_level_info, "passed\n"); 237 atype = atype->next; 238 } 239 240 srtp_crypto_kernel_list_debug_modules(); 241 242 return srtp_err_status_ok; 243 } 244 245 srtp_err_status_t srtp_crypto_kernel_list_debug_modules () 246 { 247 srtp_kernel_debug_module_t *dm = crypto_kernel.debug_module_list; 248 249 /* describe each debug module */ 250 srtp_err_report(srtp_err_level_info, "debug modules loaded:\n"); 251 while (dm != NULL) { 252 srtp_err_report(srtp_err_level_info, " %s ", dm->mod->name); 253 if (dm->mod->on) { 254 srtp_err_report(srtp_err_level_info, "(on)\n"); 255 } else{ 256 srtp_err_report(srtp_err_level_info, "(off)\n"); 257 } 258 dm = dm->next; 259 } 260 261 return srtp_err_status_ok; 262 } 263 264 srtp_err_status_t srtp_crypto_kernel_shutdown () 265 { 110 266 /* 111 * we're already in the secure state, but we've been asked to 112 * re-initialize, so we just re-run the self-tests and then return 267 * free dynamic memory used in crypto_kernel at present 113 268 */ 114 return crypto_kernel_status(); 115 } 116 117 /* initialize error reporting system */ 118 status = err_reporting_init("crypto"); 119 if (status) 120 return status; 121 122 /* load debug modules */ 123 status = crypto_kernel_load_debug_module(&mod_crypto_kernel); 124 if (status) 125 return status; 126 status = crypto_kernel_load_debug_module(&mod_auth); 127 if (status) 128 return status; 129 status = crypto_kernel_load_debug_module(&mod_cipher); 130 if (status) 131 return status; 132 status = crypto_kernel_load_debug_module(&mod_stat); 133 if (status) 134 return status; 135 status = crypto_kernel_load_debug_module(&mod_alloc); 136 if (status) 137 return status; 138 139 /* initialize random number generator */ 140 status = rand_source_init(); 141 if (status) 142 return status; 143 144 /* run FIPS-140 statistical tests on rand_source */ 145 status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS); 146 if (status) 147 return status; 148 149 #ifndef OPENSSL 150 /* initialize pseudorandom number generator */ 151 status = ctr_prng_init(rand_source_get_octet_string); 152 if (status) 153 return status; 154 155 /* run FIPS-140 statistical tests on ctr_prng */ 156 status = stat_test_rand_source_with_repetition(ctr_prng_get_octet_string, MAX_RNG_TRIALS); 157 if (status) 158 return status; 159 #endif 160 161 /* load cipher types */ 162 status = crypto_kernel_load_cipher_type(&null_cipher, NULL_CIPHER); 163 if (status) 164 return status; 165 status = crypto_kernel_load_cipher_type(&aes_icm, AES_ICM); 166 if (status) 167 return status; 168 #ifndef OPENSSL 169 status = crypto_kernel_load_cipher_type(&aes_cbc, AES_CBC); 170 if (status) 171 return status; 172 #else 173 status = crypto_kernel_load_cipher_type(&aes_gcm_128_openssl, AES_128_GCM); 174 if (status) { 175 return status; 176 } 177 status = crypto_kernel_load_cipher_type(&aes_gcm_256_openssl, AES_256_GCM); 178 if (status) { 179 return status; 180 } 181 #endif 182 183 /* load auth func types */ 184 status = crypto_kernel_load_auth_type(&null_auth, NULL_AUTH); 185 if (status) 186 return status; 187 status = crypto_kernel_load_auth_type(&hmac, HMAC_SHA1); 188 if (status) 189 return status; 190 191 /* change state to secure */ 192 crypto_kernel.state = crypto_kernel_state_secure; 193 194 return err_status_ok; 195 } 196 197 err_status_t 198 crypto_kernel_status() { 199 err_status_t status; 200 kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; 201 kernel_auth_type_t *atype = crypto_kernel.auth_type_list; 202 kernel_debug_module_t *dm = crypto_kernel.debug_module_list; 203 204 /* run FIPS-140 statistical tests on rand_source */ 205 printf("testing rand_source..."); 206 status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS); 207 if (status) { 208 printf("failed\n"); 209 crypto_kernel.state = crypto_kernel_state_insecure; 210 return status; 211 } 212 printf("passed\n"); 213 214 /* for each cipher type, describe and test */ 215 while(ctype != NULL) { 216 printf("cipher: %s\n", ctype->cipher_type->description); 217 printf(" instance count: %d\n", ctype->cipher_type->ref_count); 218 printf(" self-test: "); 219 status = cipher_type_self_test(ctype->cipher_type); 220 if (status) { 221 printf("failed with error code %d\n", status); 222 exit(status); 223 } 224 printf("passed\n"); 225 ctype = ctype->next; 226 } 227 228 /* for each auth type, describe and test */ 229 while(atype != NULL) { 230 printf("auth func: %s\n", atype->auth_type->description); 231 printf(" instance count: %d\n", atype->auth_type->ref_count); 232 printf(" self-test: "); 233 status = auth_type_self_test(atype->auth_type); 234 if (status) { 235 printf("failed with error code %d\n", status); 236 exit(status); 237 } 238 printf("passed\n"); 239 atype = atype->next; 240 } 241 242 /* describe each debug module */ 243 printf("debug modules loaded:\n"); 244 while (dm != NULL) { 245 printf(" %s ", dm->mod->name); 246 if (dm->mod->on) 247 printf("(on)\n"); 248 else 249 printf("(off)\n"); 250 dm = dm->next; 251 } 252 253 return err_status_ok; 254 } 255 256 err_status_t 257 crypto_kernel_list_debug_modules() { 258 kernel_debug_module_t *dm = crypto_kernel.debug_module_list; 259 260 /* describe each debug module */ 261 printf("debug modules loaded:\n"); 262 while (dm != NULL) { 263 printf(" %s ", dm->mod->name); 264 if (dm->mod->on) 265 printf("(on)\n"); 266 else 267 printf("(off)\n"); 268 dm = dm->next; 269 } 270 271 return err_status_ok; 272 } 273 274 err_status_t 275 crypto_kernel_shutdown() { 276 err_status_t status; 277 278 /* 279 * free dynamic memory used in crypto_kernel at present 280 */ 281 282 /* walk down cipher type list, freeing memory */ 283 while (crypto_kernel.cipher_type_list != NULL) { 284 kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; 285 crypto_kernel.cipher_type_list = ctype->next; 286 debug_print(mod_crypto_kernel, 287 "freeing memory for cipher %s", 288 ctype->cipher_type->description); 289 crypto_free(ctype); 290 } 291 292 /* walk down authetication module list, freeing memory */ 293 while (crypto_kernel.auth_type_list != NULL) { 294 kernel_auth_type_t *atype = crypto_kernel.auth_type_list; 295 crypto_kernel.auth_type_list = atype->next; 296 debug_print(mod_crypto_kernel, 297 "freeing memory for authentication %s", 298 atype->auth_type->description); 299 crypto_free(atype); 300 } 301 302 /* walk down debug module list, freeing memory */ 303 while (crypto_kernel.debug_module_list != NULL) { 304 kernel_debug_module_t *kdm = crypto_kernel.debug_module_list; 305 crypto_kernel.debug_module_list = kdm->next; 306 debug_print(mod_crypto_kernel, 307 "freeing memory for debug module %s", 308 kdm->mod->name); 309 crypto_free(kdm); 310 } 311 312 /* de-initialize random number generator */ status = rand_source_deinit(); 313 if (status) 314 return status; 315 316 /* return to insecure state */ 317 crypto_kernel.state = crypto_kernel_state_insecure; 318 319 return err_status_ok; 320 } 321 322 static inline err_status_t 323 crypto_kernel_do_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id, 324 int replace) { 325 kernel_cipher_type_t *ctype, *new_ctype; 326 err_status_t status; 327 328 /* defensive coding */ 329 if (new_ct == NULL) 330 return err_status_bad_param; 331 332 if (new_ct->id != id) 333 return err_status_bad_param; 334 335 /* check cipher type by running self-test */ 336 status = cipher_type_self_test(new_ct); 337 if (status) { 338 return status; 339 } 340 341 /* walk down list, checking if this type is in the list already */ 342 ctype = crypto_kernel.cipher_type_list; 343 while (ctype != NULL) { 344 if (id == ctype->id) { 345 if (!replace) 346 return err_status_bad_param; 347 status = cipher_type_test(new_ct, ctype->cipher_type->test_data); 348 if (status) 349 return status; 350 new_ctype = ctype; 351 break; 352 } 353 else if (new_ct == ctype->cipher_type) 354 return err_status_bad_param; 355 ctype = ctype->next; 356 } 357 358 /* if not found, put new_ct at the head of the list */ 359 if (ctype == NULL) { 360 /* allocate memory */ 361 new_ctype = (kernel_cipher_type_t *) crypto_alloc(sizeof(kernel_cipher_type_t)); 362 if (new_ctype == NULL) 363 return err_status_alloc_fail; 364 new_ctype->next = crypto_kernel.cipher_type_list; 269 270 /* walk down cipher type list, freeing memory */ 271 while (crypto_kernel.cipher_type_list != NULL) { 272 srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; 273 crypto_kernel.cipher_type_list = ctype->next; 274 debug_print(srtp_mod_crypto_kernel, 275 "freeing memory for cipher %s", 276 ctype->cipher_type->description); 277 srtp_crypto_free(ctype); 278 } 279 280 /* walk down authetication module list, freeing memory */ 281 while (crypto_kernel.auth_type_list != NULL) { 282 srtp_kernel_auth_type_t *atype = crypto_kernel.auth_type_list; 283 crypto_kernel.auth_type_list = atype->next; 284 debug_print(srtp_mod_crypto_kernel, 285 "freeing memory for authentication %s", 286 atype->auth_type->description); 287 srtp_crypto_free(atype); 288 } 289 290 /* walk down debug module list, freeing memory */ 291 while (crypto_kernel.debug_module_list != NULL) { 292 srtp_kernel_debug_module_t *kdm = crypto_kernel.debug_module_list; 293 crypto_kernel.debug_module_list = kdm->next; 294 debug_print(srtp_mod_crypto_kernel, 295 "freeing memory for debug module %s", 296 kdm->mod->name); 297 srtp_crypto_free(kdm); 298 } 299 300 /* return to insecure state */ 301 crypto_kernel.state = srtp_crypto_kernel_state_insecure; 302 303 return srtp_err_status_ok; 304 } 305 306 static inline srtp_err_status_t srtp_crypto_kernel_do_load_cipher_type (const srtp_cipher_type_t *new_ct, srtp_cipher_type_id_t id, int replace) 307 { 308 srtp_kernel_cipher_type_t *ctype, *new_ctype; 309 srtp_err_status_t status; 310 311 /* defensive coding */ 312 if (new_ct == NULL) { 313 return srtp_err_status_bad_param; 314 } 315 316 if (new_ct->id != id) { 317 return srtp_err_status_bad_param; 318 } 319 320 /* check cipher type by running self-test */ 321 status = srtp_cipher_type_self_test(new_ct); 322 if (status) { 323 return status; 324 } 325 326 /* walk down list, checking if this type is in the list already */ 327 ctype = crypto_kernel.cipher_type_list; 328 while (ctype != NULL) { 329 if (id == ctype->id) { 330 if (!replace) { 331 return srtp_err_status_bad_param; 332 } 333 status = srtp_cipher_type_test(new_ct, ctype->cipher_type->test_data); 334 if (status) { 335 return status; 336 } 337 new_ctype = ctype; 338 break; 339 }else if (new_ct == ctype->cipher_type) { 340 return srtp_err_status_bad_param; 341 } 342 ctype = ctype->next; 343 } 344 345 /* if not found, put new_ct at the head of the list */ 346 if (ctype == NULL) { 347 /* allocate memory */ 348 new_ctype = (srtp_kernel_cipher_type_t*)srtp_crypto_alloc(sizeof(srtp_kernel_cipher_type_t)); 349 if (new_ctype == NULL) { 350 return srtp_err_status_alloc_fail; 351 } 352 new_ctype->next = crypto_kernel.cipher_type_list; 353 354 /* set head of list to new cipher type */ 355 crypto_kernel.cipher_type_list = new_ctype; 356 } 357 358 /* set fields */ 359 new_ctype->cipher_type = new_ct; 360 new_ctype->id = id; 361 362 return srtp_err_status_ok; 363 } 364 365 srtp_err_status_t srtp_crypto_kernel_load_cipher_type (const srtp_cipher_type_t *new_ct, srtp_cipher_type_id_t id) 366 { 367 return srtp_crypto_kernel_do_load_cipher_type(new_ct, id, 0); 368 } 369 370 srtp_err_status_t srtp_replace_cipher_type (const srtp_cipher_type_t *new_ct, srtp_cipher_type_id_t id) 371 { 372 return srtp_crypto_kernel_do_load_cipher_type(new_ct, id, 1); 373 } 374 375 srtp_err_status_t srtp_crypto_kernel_do_load_auth_type (const srtp_auth_type_t *new_at, srtp_auth_type_id_t id, int replace) 376 { 377 srtp_kernel_auth_type_t *atype, *new_atype; 378 srtp_err_status_t status; 379 380 /* defensive coding */ 381 if (new_at == NULL) { 382 return srtp_err_status_bad_param; 383 } 384 385 if (new_at->id != id) { 386 return srtp_err_status_bad_param; 387 } 388 389 /* check auth type by running self-test */ 390 status = srtp_auth_type_self_test(new_at); 391 if (status) { 392 return status; 393 } 394 395 /* walk down list, checking if this type is in the list already */ 396 atype = crypto_kernel.auth_type_list; 397 while (atype != NULL) { 398 if (id == atype->id) { 399 if (!replace) { 400 return srtp_err_status_bad_param; 401 } 402 status = srtp_auth_type_test(new_at, atype->auth_type->test_data); 403 if (status) { 404 return status; 405 } 406 new_atype = atype; 407 break; 408 }else if (new_at == atype->auth_type) { 409 return srtp_err_status_bad_param; 410 } 411 atype = atype->next; 412 } 413 414 /* if not found, put new_at at the head of the list */ 415 if (atype == NULL) { 416 /* allocate memory */ 417 new_atype = (srtp_kernel_auth_type_t*)srtp_crypto_alloc(sizeof(srtp_kernel_auth_type_t)); 418 if (new_atype == NULL) { 419 return srtp_err_status_alloc_fail; 420 } 421 422 new_atype->next = crypto_kernel.auth_type_list; 423 /* set head of list to new auth type */ 424 crypto_kernel.auth_type_list = new_atype; 425 } 426 427 /* set fields */ 428 new_atype->auth_type = new_at; 429 new_atype->id = id; 430 431 return srtp_err_status_ok; 432 433 } 434 435 srtp_err_status_t srtp_crypto_kernel_load_auth_type (const srtp_auth_type_t *new_at, srtp_auth_type_id_t id) 436 { 437 return srtp_crypto_kernel_do_load_auth_type(new_at, id, 0); 438 } 439 440 srtp_err_status_t srtp_replace_auth_type (const srtp_auth_type_t *new_at, srtp_auth_type_id_t id) 441 { 442 return srtp_crypto_kernel_do_load_auth_type(new_at, id, 1); 443 } 444 445 446 const srtp_cipher_type_t * srtp_crypto_kernel_get_cipher_type (srtp_cipher_type_id_t id) 447 { 448 srtp_kernel_cipher_type_t *ctype; 449 450 /* walk down list, looking for id */ 451 ctype = crypto_kernel.cipher_type_list; 452 while (ctype != NULL) { 453 if (id == ctype->id) { 454 return ctype->cipher_type; 455 } 456 ctype = ctype->next; 457 } 458 459 /* haven't found the right one, indicate failure by returning NULL */ 460 return NULL; 461 } 462 463 464 srtp_err_status_t srtp_crypto_kernel_alloc_cipher (srtp_cipher_type_id_t id, srtp_cipher_pointer_t *cp, int key_len, int tag_len) 465 { 466 const srtp_cipher_type_t *ct; 467 468 /* 469 * if the crypto_kernel is not yet initialized, we refuse to allocate 470 * any ciphers - this is a bit extra-paranoid 471 */ 472 if (crypto_kernel.state != srtp_crypto_kernel_state_secure) { 473 return srtp_err_status_init_fail; 474 } 475 476 ct = srtp_crypto_kernel_get_cipher_type(id); 477 if (!ct) { 478 return srtp_err_status_fail; 479 } 480 481 return ((ct)->alloc(cp, key_len, tag_len)); 482 } 483 484 485 486 const srtp_auth_type_t * srtp_crypto_kernel_get_auth_type (srtp_auth_type_id_t id) 487 { 488 srtp_kernel_auth_type_t *atype; 489 490 /* walk down list, looking for id */ 491 atype = crypto_kernel.auth_type_list; 492 while (atype != NULL) { 493 if (id == atype->id) { 494 return atype->auth_type; 495 } 496 atype = atype->next; 497 } 498 499 /* haven't found the right one, indicate failure by returning NULL */ 500 return NULL; 501 } 502 503 srtp_err_status_t srtp_crypto_kernel_alloc_auth (srtp_auth_type_id_t id, srtp_auth_pointer_t *ap, int key_len, int tag_len) 504 { 505 const srtp_auth_type_t *at; 506 507 /* 508 * if the crypto_kernel is not yet initialized, we refuse to allocate 509 * any auth functions - this is a bit extra-paranoid 510 */ 511 if (crypto_kernel.state != srtp_crypto_kernel_state_secure) { 512 return srtp_err_status_init_fail; 513 } 514 515 at = srtp_crypto_kernel_get_auth_type(id); 516 if (!at) { 517 return srtp_err_status_fail; 518 } 519 520 return ((at)->alloc(ap, key_len, tag_len)); 521 } 522 523 srtp_err_status_t srtp_crypto_kernel_load_debug_module (srtp_debug_module_t *new_dm) 524 { 525 srtp_kernel_debug_module_t *kdm, *new; 526 527 /* defensive coding */ 528 if (new_dm == NULL) { 529 return srtp_err_status_bad_param; 530 } 531 532 /* walk down list, checking if this type is in the list already */ 533 kdm = crypto_kernel.debug_module_list; 534 while (kdm != NULL) { 535 if (strncmp(new_dm->name, kdm->mod->name, 64) == 0) { 536 return srtp_err_status_bad_param; 537 } 538 kdm = kdm->next; 539 } 540 541 /* put new_dm at the head of the list */ 542 /* allocate memory */ 543 new = (srtp_kernel_debug_module_t*)srtp_crypto_alloc(sizeof(srtp_kernel_debug_module_t)); 544 if (new == NULL) { 545 return srtp_err_status_alloc_fail; 546 } 547 548 /* set fields */ 549 new->mod = new_dm; 550 new->next = crypto_kernel.debug_module_list; 365 551 366 552 /* set head of list to new cipher type */ 367 crypto_kernel.cipher_type_list = new_ctype; 368 } 369 370 /* set fields */ 371 new_ctype->cipher_type = new_ct; 372 new_ctype->id = id; 373 374 /* load debug module, if there is one present */ 375 if (new_ct->debug != NULL) 376 crypto_kernel_load_debug_module(new_ct->debug); 377 /* we could check for errors here */ 378 379 return err_status_ok; 380 } 381 382 err_status_t 383 crypto_kernel_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) { 384 return crypto_kernel_do_load_cipher_type(new_ct, id, 0); 385 } 386 387 err_status_t 388 crypto_kernel_replace_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) { 389 return crypto_kernel_do_load_cipher_type(new_ct, id, 1); 390 } 391 392 err_status_t 393 crypto_kernel_do_load_auth_type(auth_type_t *new_at, auth_type_id_t id, 394 int replace) { 395 kernel_auth_type_t *atype, *new_atype; 396 err_status_t status; 397 398 /* defensive coding */ 399 if (new_at == NULL) 400 return err_status_bad_param; 401 402 if (new_at->id != id) 403 return err_status_bad_param; 404 405 /* check auth type by running self-test */ 406 status = auth_type_self_test(new_at); 407 if (status) { 408 return status; 409 } 410 411 /* walk down list, checking if this type is in the list already */ 412 atype = crypto_kernel.auth_type_list; 413 while (atype != NULL) { 414 if (id == atype->id) { 415 if (!replace) 416 return err_status_bad_param; 417 status = auth_type_test(new_at, atype->auth_type->test_data); 418 if (status) 419 return status; 420 new_atype = atype; 421 break; 422 } 423 else if (new_at == atype->auth_type) 424 return err_status_bad_param; 425 atype = atype->next; 426 } 427 428 /* if not found, put new_at at the head of the list */ 429 if (atype == NULL) { 430 /* allocate memory */ 431 new_atype = (kernel_auth_type_t *)crypto_alloc(sizeof(kernel_auth_type_t)); 432 if (new_atype == NULL) 433 return err_status_alloc_fail; 434 435 new_atype->next = crypto_kernel.auth_type_list; 436 /* set head of list to new auth type */ 437 crypto_kernel.auth_type_list = new_atype; 438 } 439 440 /* set fields */ 441 new_atype->auth_type = new_at; 442 new_atype->id = id; 443 444 /* load debug module, if there is one present */ 445 if (new_at->debug != NULL) 446 crypto_kernel_load_debug_module(new_at->debug); 447 /* we could check for errors here */ 448 449 return err_status_ok; 450 451 } 452 453 err_status_t 454 crypto_kernel_load_auth_type(auth_type_t *new_at, auth_type_id_t id) { 455 return crypto_kernel_do_load_auth_type(new_at, id, 0); 456 } 457 458 err_status_t 459 crypto_kernel_replace_auth_type(auth_type_t *new_at, auth_type_id_t id) { 460 return crypto_kernel_do_load_auth_type(new_at, id, 1); 461 } 462 463 464 cipher_type_t * 465 crypto_kernel_get_cipher_type(cipher_type_id_t id) { 466 kernel_cipher_type_t *ctype; 467 468 /* walk down list, looking for id */ 469 ctype = crypto_kernel.cipher_type_list; 470 while (ctype != NULL) { 471 if (id == ctype->id) 472 return ctype->cipher_type; 473 ctype = ctype->next; 474 } 475 476 /* haven't found the right one, indicate failure by returning NULL */ 477 return NULL; 478 } 479 480 481 err_status_t 482 crypto_kernel_alloc_cipher(cipher_type_id_t id, 483 cipher_pointer_t *cp, 484 int key_len, 485 int tag_len) { 486 cipher_type_t *ct; 487 488 /* 489 * if the crypto_kernel is not yet initialized, we refuse to allocate 490 * any ciphers - this is a bit extra-paranoid 491 */ 492 if (crypto_kernel.state != crypto_kernel_state_secure) 493 return err_status_init_fail; 494 495 ct = crypto_kernel_get_cipher_type(id); 496 if (!ct) 497 return err_status_fail; 498 499 return ((ct)->alloc(cp, key_len, tag_len)); 500 } 501 502 503 504 auth_type_t * 505 crypto_kernel_get_auth_type(auth_type_id_t id) { 506 kernel_auth_type_t *atype; 507 508 /* walk down list, looking for id */ 509 atype = crypto_kernel.auth_type_list; 510 while (atype != NULL) { 511 if (id == atype->id) 512 return atype->auth_type; 513 atype = atype->next; 514 } 515 516 /* haven't found the right one, indicate failure by returning NULL */ 517 return NULL; 518 } 519 520 err_status_t 521 crypto_kernel_alloc_auth(auth_type_id_t id, 522 auth_pointer_t *ap, 523 int key_len, 524 int tag_len) { 525 auth_type_t *at; 526 527 /* 528 * if the crypto_kernel is not yet initialized, we refuse to allocate 529 * any auth functions - this is a bit extra-paranoid 530 */ 531 if (crypto_kernel.state != crypto_kernel_state_secure) 532 return err_status_init_fail; 533 534 at = crypto_kernel_get_auth_type(id); 535 if (!at) 536 return err_status_fail; 537 538 return ((at)->alloc(ap, key_len, tag_len)); 539 } 540 541 err_status_t 542 crypto_kernel_load_debug_module(debug_module_t *new_dm) { 543 kernel_debug_module_t *kdm, *new; 544 545 /* defensive coding */ 546 if (new_dm == NULL) 547 return err_status_bad_param; 548 549 /* walk down list, checking if this type is in the list already */ 550 kdm = crypto_kernel.debug_module_list; 551 while (kdm != NULL) { 552 if (strncmp(new_dm->name, kdm->mod->name, 64) == 0) 553 return err_status_bad_param; 554 kdm = kdm->next; 555 } 556 557 /* put new_dm at the head of the list */ 558 /* allocate memory */ 559 new = (kernel_debug_module_t *)crypto_alloc(sizeof(kernel_debug_module_t)); 560 if (new == NULL) 561 return err_status_alloc_fail; 562 563 /* set fields */ 564 new->mod = new_dm; 565 new->next = crypto_kernel.debug_module_list; 566 567 /* set head of list to new cipher type */ 568 crypto_kernel.debug_module_list = new; 569 570 return err_status_ok; 571 } 572 573 err_status_t 574 crypto_kernel_set_debug_module(char *name, int on) { 575 kernel_debug_module_t *kdm; 576 577 /* walk down list, checking if this type is in the list already */ 578 kdm = crypto_kernel.debug_module_list; 579 while (kdm != NULL) { 580 if (strncmp(name, kdm->mod->name, 64) == 0) { 581 kdm->mod->on = on; 582 return err_status_ok; 583 } 584 kdm = kdm->next; 585 } 586 587 return err_status_fail; 588 } 589 590 err_status_t 591 crypto_get_random(unsigned char *buffer, unsigned int length) { 592 if (crypto_kernel.state == crypto_kernel_state_secure) 593 #ifdef OPENSSL 594 return rand_source_get_octet_string(buffer, length); 595 #else 596 return ctr_prng_get_octet_string(buffer, length); 597 #endif 598 else 599 return err_status_fail; 600 } 553 crypto_kernel.debug_module_list = new; 554 555 return srtp_err_status_ok; 556 } 557 558 srtp_err_status_t srtp_crypto_kernel_set_debug_module (const char *name, int on) 559 { 560 srtp_kernel_debug_module_t *kdm; 561 562 /* walk down list, checking if this type is in the list already */ 563 kdm = crypto_kernel.debug_module_list; 564 while (kdm != NULL) { 565 if (strncmp(name, kdm->mod->name, 64) == 0) { 566 kdm->mod->on = on; 567 return srtp_err_status_ok; 568 } 569 kdm = kdm->next; 570 } 571 572 return srtp_err_status_fail; 573 } -
pjproject/trunk/third_party/srtp/crypto/kernel/err.c
r5261 r5614 8 8 */ 9 9 /* 10 * 11 * Copyright(c) 2001-20 06Cisco Systems, Inc.10 * 11 * Copyright(c) 2001-2017 Cisco Systems, Inc. 12 12 * All rights reserved. 13 * 13 * 14 14 * Redistribution and use in source and binary forms, with or without 15 15 * modification, are permitted provided that the following conditions 16 16 * are met: 17 * 17 * 18 18 * Redistributions of source code must retain the above copyright 19 19 * notice, this list of conditions and the following disclaimer. 20 * 20 * 21 21 * Redistributions in binary form must reproduce the above 22 22 * copyright notice, this list of conditions and the following 23 23 * disclaimer in the documentation and/or other materials provided 24 24 * with the distribution. 25 * 25 * 26 26 * Neither the name of the Cisco Systems, Inc. nor the names of its 27 27 * contributors may be used to endorse or promote products derived 28 28 * from this software without specific prior written permission. 29 * 29 * 30 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 48 48 49 49 #include "err.h" 50 #include "datatypes.h" 51 #include <string.h> 50 52 51 #ifdef ERR_REPORTING_SYSLOG 52 # ifdef HAVE_SYSLOG_H 53 # include <syslog.h> 54 # endif 53 /* srtp_err_file is the FILE to which errors are reported */ 54 55 static FILE *srtp_err_file = NULL; 56 57 srtp_err_status_t srtp_err_reporting_init () 58 { 59 #ifdef ERR_REPORTING_STDOUT 60 srtp_err_file = stdout; 61 #elif defined(ERR_REPORTING_FILE) 62 /* open file for error reporting */ 63 srtp_err_file = fopen(ERR_REPORTING_FILE, "w"); 64 if (srtp_err_file == NULL) { 65 return srtp_err_status_init_fail; 66 } 55 67 #endif 56 68 57 58 /* err_level reflects the level of errors that are reported */ 59 60 err_reporting_level_t err_level = err_level_none; 61 62 #ifdef SRTP_KERNEL_LINUX 63 err_status_t 64 err_reporting_init(const char *ident) { 65 66 return err_status_ok; 69 return srtp_err_status_ok; 67 70 } 68 71 69 #else /* SRTP_KERNEL_LINUX */ 72 static srtp_err_report_handler_func_t * srtp_err_report_handler = NULL; 70 73 71 /* err_file is the FILE to which errors are reported */ 72 73 static FILE *err_file = NULL; 74 75 err_status_t 76 err_reporting_init(const char *ident) { 77 #ifdef ERR_REPORTING_SYSLOG 78 openlog(ident, LOG_PID, LOG_AUTHPRIV); 79 #endif 80 81 /* 82 * Believe it or not, openlog doesn't return an error on failure. 83 * But then, neither does the syslog() call... 84 */ 85 86 #ifdef ERR_REPORTING_STDOUT 87 err_file = stdout; 88 #elif defined(USE_ERR_REPORTING_FILE) 89 /* open file for error reporting */ 90 err_file = fopen(ERR_REPORTING_FILE, "w"); 91 if (err_file == NULL) 92 return err_status_init_fail; 93 #endif 94 95 return err_status_ok; 74 srtp_err_status_t srtp_install_err_report_handler(srtp_err_report_handler_func_t func) 75 { 76 srtp_err_report_handler = func; 77 return srtp_err_status_ok; 96 78 } 97 79 98 void 99 err_report(int priority, const char *format, ...) { 100 va_list args; 101 102 if (priority <= err_level) { 103 104 va_start(args, format); 105 if (err_file != NULL) { 106 vfprintf(err_file, format, args); 107 /* fprintf(err_file, "\n"); */ 80 void srtp_err_report (srtp_err_reporting_level_t level, const char *format, ...) 81 { 82 va_list args; 83 if (srtp_err_file != NULL) { 84 va_start(args, format); 85 vfprintf(srtp_err_file, format, args); 86 va_end(args); 108 87 } 109 #ifdef ERR_REPORTING_SYSLOG 110 if (1) { /* FIXME: Make this a runtime option. */ 111 int syslogpri; 112 113 switch (priority) { 114 case err_level_emergency: 115 syslogpri = LOG_EMERG; 116 break; 117 case err_level_alert: 118 syslogpri = LOG_ALERT; 119 break; 120 case err_level_critical: 121 syslogpri = LOG_CRIT; 122 break; 123 case err_level_error: 124 syslogpri = LOG_ERR; 125 break; 126 case err_level_warning: 127 syslogpri = LOG_WARNING; 128 break; 129 case err_level_notice: 130 syslogpri = LOG_NOTICE; 131 break; 132 case err_level_info: 133 syslogpri = LOG_INFO; 134 break; 135 case err_level_debug: 136 case err_level_none: 137 default: 138 syslogpri = LOG_DEBUG; 139 break; 140 } 141 142 vsyslog(syslogpri, format, args); 143 #endif 144 va_end(args); 145 } 88 if (srtp_err_report_handler != NULL) { 89 va_start(args, format); 90 char msg[512]; 91 if (vsnprintf(msg, sizeof(msg), format, args) > 0) { 92 /* strip trailing \n, callback should not have one */ 93 size_t l = strlen(msg); 94 if (l && msg[l-1] == '\n') { 95 msg[l-1] = '\0'; 96 } 97 srtp_err_report_handler(level, msg); 98 /* 99 * NOTE, need to be carefull, there is a potential that octet_string_set_to_zero() could 100 * call srtp_err_report() in the future, leading to recursion 101 */ 102 octet_string_set_to_zero(msg, sizeof(msg)); 103 } 104 va_end(args); 105 } 146 106 } 147 #endif /* SRTP_KERNEL_LINUX */148 149 void150 err_reporting_set_level(err_reporting_level_t lvl) {151 err_level = lvl;152 } -
pjproject/trunk/third_party/srtp/crypto/kernel/key.c
r5261 r5614 3 3 * 4 4 * key usage limits enforcement 5 * 5 * 6 6 * David A. Mcgrew 7 7 * Cisco Systems, Inc. 8 8 */ 9 9 /* 10 * 11 * Copyright (c) 2001-20 06Cisco Systems, Inc.10 * 11 * Copyright (c) 2001-2017 Cisco Systems, Inc. 12 12 * All rights reserved. 13 * 13 * 14 14 * Redistribution and use in source and binary forms, with or without 15 15 * modification, are permitted provided that the following conditions 16 16 * are met: 17 * 17 * 18 18 * Redistributions of source code must retain the above copyright 19 19 * notice, this list of conditions and the following disclaimer. 20 * 20 * 21 21 * Redistributions in binary form must reproduce the above 22 22 * copyright notice, this list of conditions and the following 23 23 * disclaimer in the documentation and/or other materials provided 24 24 * with the distribution. 25 * 25 * 26 26 * Neither the name of the Cisco Systems, Inc. nor the names of its 27 27 * contributors may be used to endorse or promote products derived 28 28 * from this software without specific prior written permission. 29 * 29 * 30 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 51 51 #define soft_limit 0x10000 52 52 53 err_status_t 54 key_limit_set(key_limit_t key, const xtd_seq_num_t s){53 srtp_err_status_t srtp_key_limit_set (srtp_key_limit_t key, const srtp_xtd_seq_num_t s) 54 { 55 55 #ifdef NO_64BIT_MATH 56 if (high32(s) == 0 && low32(s) < soft_limit) 57 return err_status_bad_param; 56 if (high32(s) == 0 && low32(s) < soft_limit) { 57 return srtp_err_status_bad_param; 58 } 58 59 #else 59 if (s < soft_limit) 60 return err_status_bad_param; 60 if (s < soft_limit) { 61 return srtp_err_status_bad_param; 62 } 61 63 #endif 62 key->num_left = s;63 key->state =key_state_normal;64 returnerr_status_ok;64 key->num_left = s; 65 key->state = srtp_key_state_normal; 66 return srtp_err_status_ok; 65 67 } 66 68 67 err_status_t 68 key_limit_clone(key_limit_t original, key_limit_t *new_key) { 69 if (original == NULL) 70 return err_status_bad_param; 71 *new_key = original; 72 return err_status_ok; 69 srtp_err_status_t srtp_key_limit_clone (srtp_key_limit_t original, srtp_key_limit_t *new_key) 70 { 71 if (original == NULL) { 72 return srtp_err_status_bad_param; 73 } 74 *new_key = original; 75 return srtp_err_status_ok; 73 76 } 74 77 75 err_status_t 76 key_limit_check(const key_limit_t key) { 77 if (key->state == key_state_expired) 78 return err_status_key_expired; 79 return err_status_ok; 78 srtp_err_status_t srtp_key_limit_check (const srtp_key_limit_t key) 79 { 80 if (key->state == srtp_key_state_expired) { 81 return srtp_err_status_key_expired; 82 } 83 return srtp_err_status_ok; 80 84 } 81 85 82 key_event_t 83 key_limit_update(key_limit_t key){86 srtp_key_event_t srtp_key_limit_update (srtp_key_limit_t key) 87 { 84 88 #ifdef NO_64BIT_MATH 85 if (low32(key->num_left) == 0) 86 { 87 // carry 88 key->num_left = make64(high32(key->num_left)-1,low32(key->num_left) - 1); 89 } 90 else 91 { 92 // no carry 93 key->num_left = make64(high32(key->num_left),low32(key->num_left) - 1); 94 } 95 if (high32(key->num_left) != 0 || low32(key->num_left) >= soft_limit) { 96 return key_event_normal; /* we're above the soft limit */ 97 } 89 if (low32(key->num_left) == 0) { 90 // carry 91 key->num_left = make64(high32(key->num_left) - 1, low32(key->num_left) - 1); 92 }else { 93 // no carry 94 key->num_left = make64(high32(key->num_left), low32(key->num_left) - 1); 95 } 96 if (high32(key->num_left) != 0 || low32(key->num_left) >= soft_limit) { 97 return srtp_key_event_normal; /* we're above the soft limit */ 98 } 98 99 #else 99 key->num_left--;100 if (key->num_left >= soft_limit) {101 return key_event_normal;/* we're above the soft limit */102 }100 key->num_left--; 101 if (key->num_left >= soft_limit) { 102 return srtp_key_event_normal; /* we're above the soft limit */ 103 } 103 104 #endif 104 if (key->state ==key_state_normal) {105 /* we just passed the soft limit, so change the state */106 key->state =key_state_past_soft_limit;107 }105 if (key->state == srtp_key_state_normal) { 106 /* we just passed the soft limit, so change the state */ 107 key->state = srtp_key_state_past_soft_limit; 108 } 108 109 #ifdef NO_64BIT_MATH 109 if (low32(key->num_left) == 0 && high32(key->num_left == 0))110 if (low32(key->num_left) == 0 && high32(key->num_left == 0)) 110 111 #else 111 if (key->num_left < 1)112 if (key->num_left < 1) 112 113 #endif 113 {/* we just hit the hard limit */114 key->state =key_state_expired;115 returnkey_event_hard_limit;116 }117 returnkey_event_soft_limit;114 { /* we just hit the hard limit */ 115 key->state = srtp_key_state_expired; 116 return srtp_key_event_hard_limit; 117 } 118 return srtp_key_event_soft_limit; 118 119 } 119 120 -
pjproject/trunk/third_party/srtp/crypto/math/datatypes.c
r5261 r5614 10 10 /* 11 11 * 12 * Copyright (c) 2001-20 06Cisco Systems, Inc.12 * Copyright (c) 2001-2017 Cisco Systems, Inc. 13 13 * All rights reserved. 14 14 * … … 48 48 #endif 49 49 50 #ifdef OPENSSL 51 #include <openssl/crypto.h> 52 #endif 53 50 54 #include "datatypes.h" 51 55 … … 103 107 104 108 uint8_t 105 nibble_to_hex_char(uint8_t nibble) {109 srtp_nibble_to_hex_char(uint8_t nibble) { 106 110 char buf[16] = {'0', '1', '2', '3', '4', '5', '6', '7', 107 111 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; … … 109 113 } 110 114 111 char * 112 octet_string_hex_string(const void *s, int length) { 115 char * srtp_octet_string_hex_string(const void *s, int length) { 113 116 const uint8_t *str = (const uint8_t *)s; 114 117 int i; … … 119 122 /* truncate string if it would be too long */ 120 123 if (length > MAX_PRINT_STRING_LEN) 121 length = MAX_PRINT_STRING_LEN- 1;124 length = MAX_PRINT_STRING_LEN-2; 122 125 123 126 for (i=0; i < length; i+=2) { 124 bit_string[i] = nibble_to_hex_char(*str >> 4);125 bit_string[i+1] = nibble_to_hex_char(*str++ & 0xF);127 bit_string[i] = srtp_nibble_to_hex_char(*str >> 4); 128 bit_string[i+1] = srtp_nibble_to_hex_char(*str++ & 0xF); 126 129 } 127 130 bit_string[i] = 0; /* null terminate string */ 128 131 return bit_string; 129 }130 131 static inline int132 hex_char_to_nibble(uint8_t c) {133 switch(c) {134 case ('0'): return 0x0;135 case ('1'): return 0x1;136 case ('2'): return 0x2;137 case ('3'): return 0x3;138 case ('4'): return 0x4;139 case ('5'): return 0x5;140 case ('6'): return 0x6;141 case ('7'): return 0x7;142 case ('8'): return 0x8;143 case ('9'): return 0x9;144 case ('a'): return 0xa;145 case ('A'): return 0xa;146 case ('b'): return 0xb;147 case ('B'): return 0xb;148 case ('c'): return 0xc;149 case ('C'): return 0xc;150 case ('d'): return 0xd;151 case ('D'): return 0xd;152 case ('e'): return 0xe;153 case ('E'): return 0xe;154 case ('f'): return 0xf;155 case ('F'): return 0xf;156 default: return -1; /* this flags an error */157 }158 /* NOTREACHED */159 return -1; /* this keeps compilers from complaining */160 }161 162 int163 is_hex_string(char *s) {164 while(*s != 0)165 if (hex_char_to_nibble(*s++) == -1)166 return 0;167 return 1;168 }169 170 /*171 * hex_string_to_octet_string converts a hexadecimal string172 * of length 2 * len to a raw octet string of length len173 */174 175 int176 hex_string_to_octet_string(char *raw, char *hex, int len) {177 uint8_t x;178 int tmp;179 int hex_len;180 181 hex_len = 0;182 while (hex_len < len) {183 tmp = hex_char_to_nibble(hex[0]);184 if (tmp == -1)185 return hex_len;186 x = (tmp << 4);187 hex_len++;188 tmp = hex_char_to_nibble(hex[1]);189 if (tmp == -1)190 return hex_len;191 x |= (tmp & 0xff);192 hex_len++;193 *raw++ = x;194 hex += 2;195 }196 return hex_len;197 132 } 198 133 … … 202 137 203 138 for (i=j=0; i < 16; i++) { 204 bit_string[j++] = nibble_to_hex_char(x->v8[i] >> 4);205 bit_string[j++] = nibble_to_hex_char(x->v8[i] & 0xF);139 bit_string[j++] = srtp_nibble_to_hex_char(x->v8[i] >> 4); 140 bit_string[j++] = srtp_nibble_to_hex_char(x->v8[i] & 0xF); 206 141 } 207 142 … … 430 365 v->word = NULL; 431 366 else { 432 v->word = (uint32_t*) crypto_alloc(l);367 v->word = (uint32_t*)srtp_crypto_alloc(l); 433 368 if (v->word == NULL) { 434 369 v->word = NULL; … … 449 384 bitvector_dealloc(bitvector_t *v) { 450 385 if (v->word != NULL) 451 crypto_free(v->word);386 srtp_crypto_free(v->word); 452 387 v->word = NULL; 453 388 v->length = 0; … … 510 445 } 511 446 512 513 447 int 514 448 octet_string_is_eq(uint8_t *a, uint8_t *b, int len) { 515 449 uint8_t *end = b + len; 450 uint8_t accumulator = 0; 451 452 /* 453 * We use this somewhat obscure implementation to try to ensure the running 454 * time only depends on len, even accounting for compiler optimizations. 455 * The accumulator ends up zero iff the strings are equal. 456 */ 516 457 while (b < end) 517 if (*a++ != *b++) 518 return 1; 519 return 0; 520 } 521 522 void 523 octet_string_set_to_zero(uint8_t *s, int len) { 524 uint8_t *end = s + len; 525 526 do { 527 *s = 0; 528 } while (++s < end); 529 458 accumulator |= (*a++ ^ *b++); 459 460 /* Return 1 if *not* equal. */ 461 return accumulator != 0; 462 } 463 464 void 465 srtp_cleanse(void *s, size_t len) 466 { 467 volatile unsigned char *p = (volatile unsigned char *)s; 468 while(len--) *p++ = 0; 469 } 470 471 void 472 octet_string_set_to_zero(void *s, size_t len) 473 { 474 #ifdef OPENSSL 475 OPENSSL_cleanse(s, len); 476 #else 477 srtp_cleanse(s, len); 478 #endif 530 479 } 531 480 -
pjproject/trunk/third_party/srtp/crypto/math/stat.c
r5261 r5614 2 2 * stats.c 3 3 * 4 * statistical tests for randomness (FIPS 140-2, Section 4.9)4 * statistical tests 5 5 * 6 6 * David A. McGrew … … 10 10 /* 11 11 * 12 * Copyright (c) 2001-20 06, Cisco Systems, Inc.12 * Copyright (c) 2001-2017, Cisco Systems, Inc. 13 13 * All rights reserved. 14 14 * … … 50 50 #include "stat.h" 51 51 52 debug_module_t mod_stat = {52 srtp_debug_module_t mod_stat = { 53 53 0, /* debugging is off by default */ 54 54 (char *)"stat test" /* printable module name */ … … 62 62 #define STAT_TEST_DATA_LEN 2500 63 63 64 err_status_t64 srtp_err_status_t 65 65 stat_test_monobit(uint8_t *data) { 66 66 uint8_t *data_end = data + STAT_TEST_DATA_LEN; … … 76 76 77 77 if ((ones_count < 9725) || (ones_count > 10275)) 78 return err_status_algo_fail;79 80 return err_status_ok;78 return srtp_err_status_algo_fail; 79 80 return srtp_err_status_ok; 81 81 } 82 82 83 err_status_t83 srtp_err_status_t 84 84 stat_test_poker(uint8_t *data) { 85 85 int i; … … 107 107 108 108 if ((poker < 2.16) || (poker > 46.17)) 109 return err_status_algo_fail;110 111 return err_status_ok;109 return srtp_err_status_algo_fail; 110 111 return srtp_err_status_ok; 112 112 } 113 113 … … 117 117 */ 118 118 119 err_status_t119 srtp_err_status_t 120 120 stat_test_runs(uint8_t *data) { 121 121 uint8_t *data_end = data + STAT_TEST_DATA_LEN; … … 148 148 if (state > 25) { 149 149 debug_print(mod_stat, ">25 runs: %d", state); 150 return err_status_algo_fail;150 return srtp_err_status_algo_fail; 151 151 } 152 152 … … 156 156 if (state < -25) { 157 157 debug_print(mod_stat, ">25 gaps: %d", state); 158 return err_status_algo_fail; /* long-runs test failed */158 return srtp_err_status_algo_fail; /* long-runs test failed */ 159 159 } 160 160 if (state < -6) { … … 176 176 if (state > 25) { 177 177 debug_print(mod_stat, ">25 runs (2): %d", state); 178 return err_status_algo_fail; /* long-runs test failed */178 return srtp_err_status_algo_fail; /* long-runs test failed */ 179 179 } 180 180 if (state > 6) { … … 191 191 if (state < -25) { 192 192 debug_print(mod_stat, ">25 gaps (2): %d", state); 193 return err_status_algo_fail;193 return srtp_err_status_algo_fail; 194 194 } 195 195 … … 218 218 if ( (runs[i] < lo_value[i] ) || (runs[i] > hi_value[i]) 219 219 || (gaps[i] < lo_value[i] ) || (gaps[i] > hi_value[i])) 220 return err_status_algo_fail;221 222 223 return err_status_ok;220 return srtp_err_status_algo_fail; 221 222 223 return srtp_err_status_ok; 224 224 } 225 225 226 226 227 /*228 * the function stat_test_rand_source applys the FIPS-140-2 statistical229 * tests to the random source defined by rs230 *231 */232 233 #define RAND_SRC_BUF_OCTETS 50 /* this value MUST divide 2500! */234 235 err_status_t236 stat_test_rand_source(rand_source_func_t get_rand_bytes) {237 int i;238 double poker;239 uint8_t *data, *data_end;240 uint16_t f[16] = {241 0, 0, 0, 0, 0, 0, 0, 0,242 0, 0, 0, 0, 0, 0, 0, 0243 };244 uint8_t buffer[RAND_SRC_BUF_OCTETS];245 err_status_t status;246 int ones_count = 0;247 uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 };248 uint16_t gaps[6] = { 0, 0, 0, 0, 0, 0 };249 uint16_t lo_value[6] = { 2315, 1114, 527, 240, 103, 103 };250 uint16_t hi_value[6] = { 2685, 1386, 723, 384, 209, 209 };251 int state = 0;252 uint16_t mask;253 254 /* counters for monobit, poker, and runs tests are initialized above */255 256 /* main loop: fill buffer, update counters for stat tests */257 for (i=0; i < 2500; i+=RAND_SRC_BUF_OCTETS) {258 259 /* fill data buffer */260 status = get_rand_bytes(buffer, RAND_SRC_BUF_OCTETS);261 if (status) {262 debug_print(mod_stat, "couldn't get rand bytes: %d",status);263 return status;264 }265 266 #if 0267 debug_print(mod_stat, "%s",268 octet_string_hex_string(buffer, RAND_SRC_BUF_OCTETS));269 #endif270 271 data = buffer;272 data_end = data + RAND_SRC_BUF_OCTETS;273 while (data < data_end) {274 275 /* update monobit test counter */276 ones_count += octet_get_weight(*data);277 278 /* update poker test counters */279 f[*data & 0x0f]++; /* increment freq. count for low nibble */280 f[(*data) >> 4]++; /* increment freq. count for high nibble */281 282 /* update runs test counters */283 /* loop over the bits of this byte */284 for (mask = 1; mask < 256; mask <<= 1) {285 if (*data & mask) {286 287 /* next bit is a one */288 if (state > 0) {289 290 /* prefix is a run, so increment the run-count */291 state++;292 293 /* check for long runs */294 if (state > 25) {295 debug_print(mod_stat, ">25 runs (3): %d", state);296 return err_status_algo_fail;297 }298 299 } else if (state < 0) {300 301 /* prefix is a gap */302 if (state < -25) {303 debug_print(mod_stat, ">25 gaps (3): %d", state);304 return err_status_algo_fail; /* long-runs test failed */305 }306 if (state < -6) {307 state = -6; /* group together gaps > 5 */308 }309 gaps[-1-state]++; /* increment gap count */310 state = 1; /* set state at one set bit */311 } else {312 313 /* state is zero; this happens only at initialization */314 state = 1;315 }316 } else {317 318 /* next bit is a zero */319 if (state > 0) {320 321 /* prefix is a run */322 if (state > 25) {323 debug_print(mod_stat, ">25 runs (4): %d", state);324 return err_status_algo_fail; /* long-runs test failed */325 }326 if (state > 6) {327 state = 6; /* group together runs > 5 */328 }329 runs[state-1]++; /* increment run count */330 state = -1; /* set state at one zero bit */331 } else if (state < 0) {332 333 /* prefix is a gap, so increment gap-count (decrement state) */334 state--;335 336 /* check for long gaps */337 if (state < -25) {338 debug_print(mod_stat, ">25 gaps (4): %d", state);339 return err_status_algo_fail;340 }341 342 } else {343 344 /* state is zero; this happens only at initialization */345 state = -1;346 }347 }348 }349 350 /* advance data pointer */351 data++;352 }353 }354 355 /* check to see if test data is within bounds */356 357 /* check monobit test data */358 359 debug_print(mod_stat, "stat: bit count: %d", ones_count);360 361 if ((ones_count < 9725) || (ones_count > 10275)) {362 debug_print(mod_stat, "stat: failed monobit test %d", ones_count);363 return err_status_algo_fail;364 }365 366 /* check poker test data */367 poker = 0.0;368 for (i=0; i < 16; i++)369 poker += (double) f[i] * f[i];370 371 poker *= (16.0 / 5000.0);372 poker -= 5000.0;373 374 debug_print(mod_stat, "stat: poker test: %f", poker);375 376 if ((poker < 2.16) || (poker > 46.17)) {377 debug_print(mod_stat, "stat: failed poker test", NULL);378 return err_status_algo_fail;379 }380 381 /* check run and gap counts against the fixed limits */382 for (i=0; i < 6; i++)383 if ((runs[i] < lo_value[i] ) || (runs[i] > hi_value[i])384 || (gaps[i] < lo_value[i] ) || (gaps[i] > hi_value[i])) {385 debug_print(mod_stat, "stat: failed run/gap test", NULL);386 return err_status_algo_fail;387 }388 389 debug_print(mod_stat, "passed random stat test", NULL);390 return err_status_ok;391 }392 393 err_status_t394 stat_test_rand_source_with_repetition(rand_source_func_t source, unsigned num_trials) {395 unsigned int i;396 err_status_t err = err_status_algo_fail;397 398 for (i=0; i < num_trials; i++) {399 err = stat_test_rand_source(source);400 if (err == err_status_ok) {401 return err_status_ok;402 }403 debug_print(mod_stat, "failed stat test (try number %d)\n", i);404 }405 406 return err;407 } -
pjproject/trunk/third_party/srtp/crypto/replay/rdb.c
r5261 r5614 9 9 10 10 /* 11 * 12 * Copyright (c) 2001-20 06, Cisco Systems, Inc.11 * 12 * Copyright (c) 2001-2017, Cisco Systems, Inc. 13 13 * All rights reserved. 14 * 14 * 15 15 * Redistribution and use in source and binary forms, with or without 16 16 * modification, are permitted provided that the following conditions 17 17 * are met: 18 * 18 * 19 19 * Redistributions of source code must retain the above copyright 20 20 * notice, this list of conditions and the following disclaimer. 21 * 21 * 22 22 * Redistributions in binary form must reproduce the above 23 23 * copyright notice, this list of conditions and the following 24 24 * disclaimer in the documentation and/or other materials provided 25 25 * with the distribution. 26 * 26 * 27 27 * Neither the name of the Cisco Systems, Inc. nor the names of its 28 28 * contributors may be used to endorse or promote products derived 29 29 * from this software without specific prior written permission. 30 * 30 * 31 31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 32 32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 54 54 /* 55 55 * this implementation of a replay database works as follows: 56 * 56 * 57 57 * window_start is the index of the first packet in the window 58 58 * bitmask a bit-buffer, containing the most recently entered 59 * index as the leftmost bit 59 * index as the leftmost bit 60 60 * 61 61 */ 62 62 63 /* rdb_init initalizes rdb */ 64 65 err_status_t 66 rdb_init(rdb_t *rdb) { 67 v128_set_to_zero(&rdb->bitmask); 68 rdb->window_start = 0; 69 return err_status_ok; 63 /* srtp_rdb_init initalizes rdb */ 64 srtp_err_status_t srtp_rdb_init (srtp_rdb_t *rdb) 65 { 66 v128_set_to_zero(&rdb->bitmask); 67 rdb->window_start = 0; 68 return srtp_err_status_ok; 70 69 } 71 70 72 71 /* 73 * rdb_check checks to see if index appears in rdb72 * srtp_rdb_check checks to see if index appears in rdb 74 73 */ 74 srtp_err_status_t srtp_rdb_check (const srtp_rdb_t *rdb, uint32_t p_index) 75 { 75 76 76 err_status_t 77 rdb_check(const rdb_t *rdb, uint32_t p_index) { 78 79 /* if the index appears after (or at very end of) the window, its good */ 80 if (p_index >= rdb->window_start + rdb_bits_in_bitmask) 81 return err_status_ok; 82 83 /* if the index appears before the window, its bad */ 84 if (p_index < rdb->window_start) 85 return err_status_replay_old; 77 /* if the index appears after (or at very end of) the window, its good */ 78 if (p_index >= rdb->window_start + rdb_bits_in_bitmask) { 79 return srtp_err_status_ok; 80 } 86 81 87 /* otherwise, the index appears within the window, so check the bitmask */ 88 if (v128_get_bit(&rdb->bitmask, (p_index - rdb->window_start)) == 1) 89 return err_status_replay_fail; 90 91 /* otherwise, the index is okay */ 92 return err_status_ok; 82 /* if the index appears before the window, its bad */ 83 if (p_index < rdb->window_start) { 84 return srtp_err_status_replay_old; 85 } 86 87 /* otherwise, the index appears within the window, so check the bitmask */ 88 if (v128_get_bit(&rdb->bitmask, (p_index - rdb->window_start)) == 1) { 89 return srtp_err_status_replay_fail; 90 } 91 92 /* otherwise, the index is okay */ 93 return srtp_err_status_ok; 93 94 } 94 95 95 96 /* 96 * rdb_add_index adds index tordb_t (and does *not* check if97 * srtp_rdb_add_index adds index to srtp_rdb_t (and does *not* check if 97 98 * index appears in db) 98 99 * 99 * this function should be called only after rdb_check has100 * this function should be called only after srtp_rdb_check has 100 101 * indicated that the index does not appear in the rdb, e.g., a mutex 101 102 * should protect the rdb between these calls 102 103 */ 104 srtp_err_status_t srtp_rdb_add_index (srtp_rdb_t *rdb, uint32_t p_index) 105 { 106 int delta; 103 107 104 err_status_t 105 rdb_add_index(rdb_t *rdb, uint32_t p_index) { 106 int delta; 108 /* here we *assume* that p_index > rdb->window_start */ 107 109 108 /* here we *assume* that p_index > rdb->window_start */ 110 delta = (p_index - rdb->window_start); 111 if (delta < rdb_bits_in_bitmask) { 109 112 110 delta = (p_index - rdb->window_start);111 if (delta < rdb_bits_in_bitmask) {113 /* if the p_index is within the window, set the appropriate bit */ 114 v128_set_bit(&rdb->bitmask, delta); 112 115 113 /* if the p_index is within the window, set the appropriate bit */ 114 v128_set_bit(&rdb->bitmask, delta); 116 } else { 115 117 116 } else { 117 118 delta -= rdb_bits_in_bitmask - 1; 118 delta -= rdb_bits_in_bitmask - 1; 119 119 120 /* shift the window forward by delta bits*/121 v128_left_shift(&rdb->bitmask, delta);122 v128_set_bit(&rdb->bitmask, rdb_bits_in_bitmask-1);123 rdb->window_start += delta;120 /* shift the window forward by delta bits*/ 121 v128_left_shift(&rdb->bitmask, delta); 122 v128_set_bit(&rdb->bitmask, rdb_bits_in_bitmask - 1); 123 rdb->window_start += delta; 124 124 125 }125 } 126 126 127 returnerr_status_ok;127 return srtp_err_status_ok; 128 128 } 129 129 130 err_status_t 131 rdb_increment(rdb_t *rdb){130 srtp_err_status_t srtp_rdb_increment (srtp_rdb_t *rdb) 131 { 132 132 133 if (rdb->window_start++ > 0x7fffffff) 134 return err_status_key_expired; 135 return err_status_ok; 133 if (rdb->window_start >= 0x7fffffff) { 134 return srtp_err_status_key_expired; 135 } 136 ++rdb->window_start; 137 return srtp_err_status_ok; 136 138 } 137 139 138 uint32_t 139 rdb_get_value(const rdb_t *rdb){140 return rdb->window_start;140 uint32_t srtp_rdb_get_value (const srtp_rdb_t *rdb) 141 { 142 return rdb->window_start; 141 143 } -
pjproject/trunk/third_party/srtp/crypto/replay/rdbx.c
r5261 r5614 9 9 10 10 /* 11 * 12 * Copyright (c) 2001-20 06, Cisco Systems, Inc.11 * 12 * Copyright (c) 2001-2017, Cisco Systems, Inc. 13 13 * All rights reserved. 14 * 14 * 15 15 * Redistribution and use in source and binary forms, with or without 16 16 * modification, are permitted provided that the following conditions 17 17 * are met: 18 * 18 * 19 19 * Redistributions of source code must retain the above copyright 20 20 * notice, this list of conditions and the following disclaimer. 21 * 21 * 22 22 * Redistributions in binary form must reproduce the above 23 23 * copyright notice, this list of conditions and the following 24 24 * disclaimer in the documentation and/or other materials provided 25 25 * with the distribution. 26 * 26 * 27 27 * Neither the name of the Cisco Systems, Inc. nor the names of its 28 28 * contributors may be used to endorse or promote products derived 29 29 * from this software without specific prior written permission. 30 * 30 * 31 31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 32 32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT … … 70 70 * rdbx implementation notes 71 71 * 72 * A xtd_seq_num_t is essentially a sequence number for which some of72 * A srtp_xtd_seq_num_t is essentially a sequence number for which some of 73 73 * the data on the wire are implicit. It logically consists of a 74 74 * rollover counter and a sequence number; the sequence number is the … … 76 76 * 77 77 * Upon receiving a sequence_number (e.g. in a newly received SRTP 78 * packet), the complete xtd_seq_num_t can be estimated by using a79 * local xtd_seq_num_t as a basis. This is done using the function80 * index_guess(&local, &guess, seq_from_packet). This function78 * packet), the complete srtp_xtd_seq_num_t can be estimated by using a 79 * local srtp_xtd_seq_num_t as a basis. This is done using the function 80 * srtp_index_guess(&local, &guess, seq_from_packet). This function 81 81 * returns the difference of the guess and the local value. The local 82 * xtd_seq_num_t can be moved forward to the guess using the function83 * index_advance(&guess, delta), where delta is the difference.84 * 85 * 86 * A rdbx_t consists of axtd_seq_num_t and a bitmask. The index is highest82 * srtp_xtd_seq_num_t can be moved forward to the guess using the function 83 * srtp_index_advance(&guess, delta), where delta is the difference. 84 * 85 * 86 * A srtp_rdbx_t consists of a srtp_xtd_seq_num_t and a bitmask. The index is highest 87 87 * sequence number that has been received, and the bitmask indicates 88 88 * which of the recent indicies have been received as well. The … … 91 91 92 92 93 void 94 index_init(xtd_seq_num_t *pi){95 #ifdef NO_64BIT_MATH 96 *pi = make64(0,0);97 #else 98 *pi = 0;99 #endif 100 } 101 102 void 103 index_advance(xtd_seq_num_t *pi, sequence_number_t s){104 #ifdef NO_64BIT_MATH 105 /* a > ~b means a+b will generate a carry */106 /* s is uint16 here */107 *pi = make64(high32(*pi) + (s > ~low32(*pi) ? 1 : 0),low32(*pi) + s);108 #else 109 *pi += s;110 #endif 111 } 112 113 114 /* 115 * index_guess(local, guess, s)116 * 117 * given a xtd_seq_num_t local (which represents the last118 * known-to-be-good received xtd_seq_num_t) and a sequence number s93 void srtp_index_init (srtp_xtd_seq_num_t *pi) 94 { 95 #ifdef NO_64BIT_MATH 96 *pi = make64(0, 0); 97 #else 98 *pi = 0; 99 #endif 100 } 101 102 void srtp_index_advance (srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s) 103 { 104 #ifdef NO_64BIT_MATH 105 /* a > ~b means a+b will generate a carry */ 106 /* s is uint16 here */ 107 *pi = make64(high32(*pi) + (s > ~low32(*pi) ? 1 : 0), low32(*pi) + s); 108 #else 109 *pi += s; 110 #endif 111 } 112 113 114 /* 115 * srtp_index_guess(local, guess, s) 116 * 117 * given a srtp_xtd_seq_num_t local (which represents the last 118 * known-to-be-good received srtp_xtd_seq_num_t) and a sequence number s 119 119 * (from a newly arrived packet), sets the contents of *guess to 120 120 * contain the best guess of the packet index to which s corresponds, … … 122 122 * 123 123 * nota bene - the output is a signed integer, DON'T cast it to a 124 * unsigned integer! 125 */ 126 127 int 128 index_guess(const xtd_seq_num_t *local, 129 xtd_seq_num_t *guess, 130 sequence_number_t s) { 131 #ifdef NO_64BIT_MATH 132 uint32_t local_roc = ((high32(*local) << 16) | 133 (low32(*local) >> 16)); 134 uint16_t local_seq = (uint16_t) (low32(*local)); 135 #else 136 uint32_t local_roc = (uint32_t)(*local >> 16); 137 uint16_t local_seq = (uint16_t) *local; 138 #endif 139 #ifdef NO_64BIT_MATH 140 uint32_t guess_roc = ((high32(*guess) << 16) | 141 (low32(*guess) >> 16)); 142 uint16_t guess_seq = (uint16_t) (low32(*guess)); 143 #else 144 uint32_t guess_roc = (uint32_t)(*guess >> 16); 145 uint16_t guess_seq = (uint16_t) *guess; 146 #endif 147 int difference; 148 149 if (local_seq < seq_num_median) { 150 if (s - local_seq > seq_num_median) { 151 guess_roc = local_roc - 1; 152 difference = s - local_seq - seq_num_max; 124 * unsigned integer! 125 */ 126 127 int32_t srtp_index_guess (const srtp_xtd_seq_num_t *local, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s) 128 { 129 #ifdef NO_64BIT_MATH 130 uint32_t local_roc = ((high32(*local) << 16) | 131 (low32(*local) >> 16)); 132 uint16_t local_seq = (uint16_t)(low32(*local)); 133 #else 134 uint32_t local_roc = (uint32_t)(*local >> 16); 135 uint16_t local_seq = (uint16_t)*local; 136 #endif 137 #ifdef NO_64BIT_MATH 138 uint32_t guess_roc = ((high32(*guess) << 16) | 139 (low32(*guess) >> 16)); 140 uint16_t guess_seq = (uint16_t)(low32(*guess)); 141 #else 142 uint32_t guess_roc = (uint32_t)(*guess >> 16); 143 uint16_t guess_seq = (uint16_t)*guess; 144 #endif 145 int32_t difference; 146 147 if (local_seq < seq_num_median) { 148 if (s - local_seq > seq_num_median) { 149 guess_roc = local_roc - 1; 150 difference = s - local_seq - seq_num_max; 151 } else { 152 guess_roc = local_roc; 153 difference = s - local_seq; 154 } 153 155 } else { 154 guess_roc = local_roc; 155 difference = s - local_seq; 156 } 157 } else { 158 if (local_seq - seq_num_median > s) { 159 guess_roc = local_roc + 1; 160 difference = s - local_seq + seq_num_max; 161 } else { 162 guess_roc = local_roc; 163 difference = s - local_seq; 164 } 165 } 166 guess_seq = s; 167 168 /* Note: guess_roc is 32 bits, so this generates a 48-bit result! */ 169 #ifdef NO_64BIT_MATH 170 *guess = make64(guess_roc >> 16, 171 (guess_roc << 16) | guess_seq); 172 #else 173 *guess = (((uint64_t) guess_roc) << 16) | guess_seq; 174 #endif 175 176 return difference; 156 if (local_seq - seq_num_median > s) { 157 guess_roc = local_roc + 1; 158 difference = s - local_seq + seq_num_max; 159 } else { 160 guess_roc = local_roc; 161 difference = s - local_seq; 162 } 163 } 164 guess_seq = s; 165 166 /* Note: guess_roc is 32 bits, so this generates a 48-bit result! */ 167 #ifdef NO_64BIT_MATH 168 *guess = make64(guess_roc >> 16, 169 (guess_roc << 16) | guess_seq); 170 #else 171 *guess = (((uint64_t)guess_roc) << 16) | guess_seq; 172 #endif 173 174 return difference; 177 175 } 178 176 … … 184 182 185 183 /* 186 * rdbx_init(&r, ws) initializes therdbx_t pointed to by r with window size ws187 */ 188 189 err_status_t 190 rdbx_init(rdbx_t *rdbx, unsigned long ws) {191 if (ws == 0)192 return err_status_bad_param;193 194 if (bitvector_alloc(&rdbx->bitmask, ws) != 0)195 returnerr_status_alloc_fail;196 197 index_init(&rdbx->index); 198 199 return err_status_ok; 200 } 201 202 /* 203 * rdbx_dealloc(&r) frees memory for the rdbx_t pointed to by r 204 * /205 206 err_status_t 207 rdbx_dealloc(rdbx_t *rdbx){208 bitvector_dealloc(&rdbx->bitmask);209 210 returnerr_status_ok;211 } 212 213 /* 214 * rdbx_set_roc(rdbx, roc) initalizes therdbx_t at the location rdbx184 * srtp_rdbx_init(&r, ws) initializes the srtp_rdbx_t pointed to by r with window size ws 185 */ 186 srtp_err_status_t srtp_rdbx_init (srtp_rdbx_t *rdbx, unsigned long ws) 187 { 188 if (ws == 0) { 189 return srtp_err_status_bad_param; 190 } 191 192 if (bitvector_alloc(&rdbx->bitmask, ws) != 0) { 193 return srtp_err_status_alloc_fail; 194 } 195 196 srtp_index_init(&rdbx->index); 197 198 return srtp_err_status_ok; 199 } 200 201 /* 202 * srtp_rdbx_dealloc(&r) frees memory for the srtp_rdbx_t pointed to by r 203 */ 204 srtp_err_status_t srtp_rdbx_dealloc (srtp_rdbx_t *rdbx) 205 { 206 bitvector_dealloc(&rdbx->bitmask); 207 208 return srtp_err_status_ok; 209 } 210 211 /* 212 * srtp_rdbx_set_roc(rdbx, roc) initalizes the srtp_rdbx_t at the location rdbx 215 213 * to have the rollover counter value roc. If that value is less than 216 214 * the current rollover counter value, then the function returns 217 * err_status_replay_old; otherwise, err_status_ok is returned. 218 * 219 */ 220 221 err_status_t 222 rdbx_set_roc(rdbx_t *rdbx, uint32_t roc) { 223 bitvector_set_to_zero(&rdbx->bitmask); 215 * srtp_err_status_replay_old; otherwise, srtp_err_status_ok is returned. 216 * 217 */ 218 srtp_err_status_t srtp_rdbx_set_roc (srtp_rdbx_t *rdbx, uint32_t roc) 219 { 220 bitvector_set_to_zero(&rdbx->bitmask); 224 221 225 222 #ifdef NO_64BIT_MATH … … 227 224 #else 228 225 229 /* make sure that we're not moving backwards */ 230 if (roc < (rdbx->index >> 16)) 231 return err_status_replay_old; 232 233 rdbx->index &= 0xffff; /* retain lowest 16 bits */ 234 rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */ 235 #endif 236 237 return err_status_ok; 238 } 239 240 /* 241 * rdbx_get_packet_index(rdbx) returns the value of the packet index 242 * for the rdbx_t pointed to by rdbx 243 * 244 */ 245 246 xtd_seq_num_t 247 rdbx_get_packet_index(const rdbx_t *rdbx) { 248 return rdbx->index; 249 } 250 251 /* 252 * rdbx_get_window_size(rdbx) returns the value of the window size 253 * for the rdbx_t pointed to by rdbx 254 * 255 */ 256 257 unsigned long 258 rdbx_get_window_size(const rdbx_t *rdbx) { 259 return bitvector_get_length(&rdbx->bitmask); 260 } 261 262 /* 263 * rdbx_check(&r, delta) checks to see if the xtd_seq_num_t 226 /* make sure that we're not moving backwards */ 227 if (roc < (rdbx->index >> 16)) { 228 return srtp_err_status_replay_old; 229 } 230 231 rdbx->index &= 0xffff; /* retain lowest 16 bits */ 232 rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */ 233 #endif 234 235 return srtp_err_status_ok; 236 } 237 238 /* 239 * srtp_rdbx_get_packet_index(rdbx) returns the value of the packet index 240 * for the srtp_rdbx_t pointed to by rdbx 241 * 242 */ 243 srtp_xtd_seq_num_t srtp_rdbx_get_packet_index (const srtp_rdbx_t *rdbx) 244 { 245 return rdbx->index; 246 } 247 248 /* 249 * srtp_rdbx_get_window_size(rdbx) returns the value of the window size 250 * for the srtp_rdbx_t pointed to by rdbx 251 * 252 */ 253 unsigned long srtp_rdbx_get_window_size (const srtp_rdbx_t *rdbx) 254 { 255 return bitvector_get_length(&rdbx->bitmask); 256 } 257 258 /* 259 * srtp_rdbx_check(&r, delta) checks to see if the srtp_xtd_seq_num_t 264 260 * which is at rdbx->index + delta is in the rdb 265 261 */ 266 267 err_status_t 268 rdbx_check(const rdbx_t *rdbx, int delta) { 269 270 if (delta > 0) { /* if delta is positive, it's good */ 271 return err_status_ok; 272 } else if ((int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta < 0) { 273 /* if delta is lower than the bitmask, it's bad */ 274 return err_status_replay_old; 275 } else if (bitvector_get_bit(&rdbx->bitmask, 276 (int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta) == 1) { 277 /* delta is within the window, so check the bitmask */ 278 return err_status_replay_fail; 279 } 280 /* otherwise, the index is okay */ 281 282 return err_status_ok; 283 } 284 285 /* 286 * rdbx_add_index adds the xtd_seq_num_t at rdbx->window_start + d to 287 * replay_db (and does *not* check if that xtd_seq_num_t appears in db) 262 srtp_err_status_t srtp_rdbx_check (const srtp_rdbx_t *rdbx, int delta) 263 { 264 265 if (delta > 0) { /* if delta is positive, it's good */ 266 return srtp_err_status_ok; 267 } else if ((int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta < 0) { 268 /* if delta is lower than the bitmask, it's bad */ 269 return srtp_err_status_replay_old; 270 } else if (bitvector_get_bit(&rdbx->bitmask, 271 (int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta) == 1) { 272 /* delta is within the window, so check the bitmask */ 273 return srtp_err_status_replay_fail; 274 } 275 /* otherwise, the index is okay */ 276 277 return srtp_err_status_ok; 278 } 279 280 /* 281 * srtp_rdbx_add_index adds the srtp_xtd_seq_num_t at rdbx->window_start + d to 282 * replay_db (and does *not* check if that srtp_xtd_seq_num_t appears in db) 288 283 * 289 284 * this function should be called only after replay_check has … … 291 286 * should protect the rdbx between these calls if need be 292 287 */ 293 294 err_status_t 295 rdbx_add_index(rdbx_t *rdbx, int delta) { 296 297 if (delta > 0) { 298 /* shift forward by delta */ 299 index_advance(&rdbx->index, delta); 300 bitvector_left_shift(&rdbx->bitmask, delta); 301 bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1); 302 } else { 303 /* delta is in window */ 304 bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) -1 + delta); 305 } 306 307 /* note that we need not consider the case that delta == 0 */ 308 309 return err_status_ok; 310 } 311 312 313 314 /* 315 * rdbx_estimate_index(rdbx, guess, s) 316 * 288 srtp_err_status_t srtp_rdbx_add_index (srtp_rdbx_t *rdbx, int delta) 289 { 290 291 if (delta > 0) { 292 /* shift forward by delta */ 293 srtp_index_advance(&rdbx->index, delta); 294 bitvector_left_shift(&rdbx->bitmask, delta); 295 bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1); 296 } else { 297 /* delta is in window */ 298 bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1 + delta); 299 } 300 301 /* note that we need not consider the case that delta == 0 */ 302 303 return srtp_err_status_ok; 304 } 305 306 307 308 /* 309 * srtp_rdbx_estimate_index(rdbx, guess, s) 310 * 317 311 * given an rdbx and a sequence number s (from a newly arrived packet), 318 312 * sets the contents of *guess to contain the best guess of the packet … … 320 314 * *guess and the locally stored synch info 321 315 */ 322 323 int 324 rdbx_estimate_index(const rdbx_t *rdbx, 325 xtd_seq_num_t *guess, 326 sequence_number_t s) { 327 328 /* 329 * if the sequence number and rollover counter in the rdbx are 330 * non-zero, then use the index_guess(...) function, otherwise, just 331 * set the rollover counter to zero (since the index_guess(...) 332 * function might incorrectly guess that the rollover counter is 333 * 0xffffffff) 334 */ 335 336 #ifdef NO_64BIT_MATH 337 /* seq_num_median = 0x8000 */ 338 if (high32(rdbx->index) > 0 || 339 low32(rdbx->index) > seq_num_median) 340 #else 341 if (rdbx->index > seq_num_median) 342 #endif 343 return index_guess(&rdbx->index, guess, s); 344 345 #ifdef NO_64BIT_MATH 346 *guess = make64(0,(uint32_t) s); 347 #else 348 *guess = s; 349 #endif 350 351 #ifdef NO_64BIT_MATH 352 return s - (uint16_t) low32(rdbx->index); 353 #else 354 return s - (uint16_t) rdbx->index; 355 #endif 356 } 316 int32_t srtp_rdbx_estimate_index (const srtp_rdbx_t *rdbx, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s) 317 { 318 319 /* 320 * if the sequence number and rollover counter in the rdbx are 321 * non-zero, then use the srtp_index_guess(...) function, otherwise, just 322 * set the rollover counter to zero (since the srtp_index_guess(...) 323 * function might incorrectly guess that the rollover counter is 324 * 0xffffffff) 325 */ 326 327 #ifdef NO_64BIT_MATH 328 /* seq_num_median = 0x8000 */ 329 if (high32(rdbx->index) > 0 || 330 low32(rdbx->index) > seq_num_median) 331 #else 332 if (rdbx->index > seq_num_median) 333 #endif 334 { return srtp_index_guess(&rdbx->index, guess, s); } 335 336 #ifdef NO_64BIT_MATH 337 *guess = make64(0, (uint32_t)s); 338 #else 339 *guess = s; 340 #endif 341 342 #ifdef NO_64BIT_MATH 343 return s - (uint16_t)low32(rdbx->index); 344 #else 345 return s - (uint16_t)rdbx->index; 346 #endif 347 } 348 349 /* 350 * srtp_rdbx_get_roc(rdbx) 351 * 352 * Get the current rollover counter 353 * 354 */ 355 uint32_t srtp_rdbx_get_roc(const srtp_rdbx_t *rdbx) 356 { 357 uint32_t roc; 358 359 #ifdef NO_64BIT_MATH 360 roc = ((high32(rdbx->index) << 16) | (low32(rdbx->index) >> 16)); 361 #else 362 roc = (uint32_t)(rdbx->index >> 16); 363 #endif 364 365 return roc; 366 } 367 368 /* 369 * srtp_rdbx_set_roc_seq(rdbx, roc, seq) initalizes the srtp_rdbx_t at the 370 * location rdbx to have the rollover counter value roc and packet sequence 371 * number seq. If the new rollover counter value is less than the current 372 * rollover counter value, then the function returns 373 * srtp_err_status_replay_old, otherwise, srtp_err_status_ok is returned. 374 */ 375 srtp_err_status_t srtp_rdbx_set_roc_seq (srtp_rdbx_t *rdbx, 376 uint32_t roc, 377 uint16_t seq) 378 { 379 #ifdef NO_64BIT_MATH 380 #error not yet implemented 381 #else 382 383 /* make sure that we're not moving backwards */ 384 if (roc < (rdbx->index >> 16)) { 385 return srtp_err_status_replay_old; 386 } 387 388 rdbx->index = seq; 389 rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */ 390 #endif 391 392 bitvector_set_to_zero(&rdbx->bitmask); 393 394 return srtp_err_status_ok; 395 } 396 -
pjproject/trunk/third_party/srtp/crypto/replay/ut_sim.c
r5261 r5614 11 11 /* 12 12 * 13 * Copyright (c) 2001-20 06, Cisco Systems, Inc.13 * Copyright (c) 2001-2017, Cisco Systems, Inc. 14 14 * All rights reserved. 15 15 * -
pjproject/trunk/third_party/srtp/include/ekt.h
r5261 r5614 9 9 /* 10 10 * 11 * Copyright (c) 2001-20 05Cisco Systems, Inc.11 * Copyright (c) 2001-2017 Cisco Systems, Inc. 12 12 * All rights reserved. 13 13 * … … 60 60 */ 61 61 62 #ifndef EKT_H 63 #define EKT_H 62 #ifndef SRTP_EKT_H 63 #define SRTP_EKT_H 64 65 // left in commented out as reminder to not include private headers 66 //#include "srtp_priv.h" 64 67 65 68 #ifdef __cplusplus … … 67 70 #endif 68 71 69 #include "srtp_priv.h" 72 #define SRTP_EKT_CIPHER_DEFAULT 1 73 #define SRTP_EKT_CIPHER_AES_128_ECB 1 74 #define SRTP_EKT_CIPHER_AES_192_KEY_WRAP 2 75 #define SRTP_EKT_CIPHER_AES_256_KEY_WRAP 3 70 76 71 #define EKT_CIPHER_DEFAULT 1 72 #define EKT_CIPHER_AES_128_ECB 1 73 #define EKT_CIPHER_AES_192_KEY_WRAP 2 74 #define EKT_CIPHER_AES_256_KEY_WRAP 3 75 76 typedef uint16_t ekt_spi_t; 77 typedef uint16_t srtp_ekt_spi_t; 77 78 78 79 79 unsigned 80 ekt_octets_after_base_tag(ekt_stream_t ekt); 80 unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt); 81 81 82 82 /* 83 83 * an srtp_policy_t structure can contain a pointer to an 84 * ekt_policy_t structure84 * srtp_ekt_policy_t structure 85 85 * 86 86 * this structure holds all of the high level EKT information, and it … … 88 88 */ 89 89 90 typedef struct ekt_policy_ctx_t {91 ekt_spi_t spi; /* security parameter index */90 typedef struct srtp_ekt_policy_ctx_t { 91 srtp_ekt_spi_t spi; /* security parameter index */ 92 92 uint8_t ekt_cipher_type; 93 93 uint8_t *ekt_key; 94 struct ekt_policy_ctx_t *next_ekt_policy;95 } ekt_policy_ctx_t;94 struct srtp_ekt_policy_ctx_t *next_ekt_policy; 95 } srtp_ekt_policy_ctx_t; 96 96 97 97 98 98 /* 99 * an ekt_data_t structure holds the data corresponding to an ekt key,99 * an srtp_ekt_data_t structure holds the data corresponding to an ekt key, 100 100 * spi, and so on 101 101 */ 102 102 103 typedef struct ekt_data_t {104 ekt_spi_t spi;103 typedef struct srtp_ekt_data_t { 104 srtp_ekt_spi_t spi; 105 105 uint8_t ekt_cipher_type; 106 aes_expanded_key_t ekt_enc_key;107 aes_expanded_key_t ekt_dec_key;106 srtp_aes_expanded_key_t ekt_enc_key; 107 srtp_aes_expanded_key_t ekt_dec_key; 108 108 struct ekt_data_t *next_ekt_data; 109 } ekt_data_t;109 } srtp_ekt_data_t; 110 110 111 111 /* 112 * an srtp_stream_ctx_t can contain an ekt_stream_ctx_t112 * an srtp_stream_ctx_t can contain an srtp_ekt_stream_ctx_t 113 113 * 114 * an ekt_stream_ctx_t structure holds all of the EKT information for114 * an srtp_ekt_stream_ctx_t structure holds all of the EKT information for 115 115 * a specific SRTP stream 116 116 */ 117 117 118 typedef struct ekt_stream_ctx_t {119 ekt_data_t*data;120 uint16_t isn; /* initial sequence number */121 uint8_t 122 } ekt_stream_ctx_t;118 typedef struct srtp_ekt_stream_ctx_t { 119 srtp_ekt_data_t *data; 120 uint16_t isn; /* initial sequence number */ 121 uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN]; 122 } srtp_ekt_stream_ctx_t; 123 123 124 124 125 125 126 err_status_t 127 ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy); 126 srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, srtp_ekt_policy_t policy); 128 127 129 err_status_t 130 ekt_stream_init(ekt_stream_t e, 131 ekt_spi_t spi, 132 void *ekt_key, 133 unsigned ekt_cipher_type); 128 srtp_err_status_t srtp_ekt_stream_init(srtp_ekt_stream_t e, srtp_ekt_spi_t spi, void *ekt_key, unsigned ekt_cipher_type); 134 129 135 err_status_t 136 ekt_stream_init_from_policy(ekt_stream_t e, ekt_policy_t p); 130 srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t e, srtp_ekt_policy_t p); 137 131 138 132 139 133 140 err_status_t 141 srtp_stream_init_from_ekt(srtp_stream_t stream, 142 const void *srtcp_hdr, 143 unsigned pkt_octet_len); 134 srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, const void *srtcp_hdr, unsigned pkt_octet_len); 144 135 145 136 146 void 147 ekt_write_data(ekt_stream_t ekt, 148 uint8_t *base_tag, 149 unsigned base_tag_len, 150 int *packet_len, 151 xtd_seq_num_t pkt_index); 137 void srtp_ekt_write_data(srtp_ekt_stream_t ekt, uint8_t *base_tag, unsigned base_tag_len, int *packet_len, srtp_xtd_seq_num_t pkt_index); 152 138 153 139 /* … … 159 145 * length 160 146 */ 147 srtp_err_status_t srtp_ekt_tag_verification_preproces(uint8_t *pkt_tag, uint8_t *pkt_tag_copy, unsigned tag_len); 161 148 162 err_status_t 163 ekt_tag_verification_preproces(uint8_t *pkt_tag, 164 uint8_t *pkt_tag_copy, 165 unsigned tag_len); 166 167 err_status_t 168 ekt_tag_verification_postproces(uint8_t *pkt_tag, 169 uint8_t *pkt_tag_copy, 170 unsigned tag_len); 149 srtp_err_status_t srtp_ekt_tag_verification_postproces(uint8_t *pkt_tag, uint8_t *pkt_tag_copy, unsigned tag_len); 171 150 172 151 … … 183 162 * 184 163 */ 185 186 err_status_t 187 srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_stream_t *s, 188 uint8_t *pkt_tag, 189 unsigned pkt_octet_len); 164 srtp_err_status_t srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_stream_t *s, uint8_t *pkt_tag, unsigned pkt_octet_len); 190 165 191 166 /* it's not clear that a tag_generation_postprocess function is needed */ 192 193 err_status_t 194 srtcp_auth_tag_generation_postprocess(void); 167 srtp_err_status_t srtcp_auth_tag_generation_postprocess(void); 195 168 196 169 … … 199 172 #endif 200 173 201 #endif /* EKT_H */174 #endif /* SRTP_EKT_H */ -
pjproject/trunk/third_party/srtp/include/getopt_s.h
r1730 r5614 9 9 /* 10 10 * 11 * Copyright (c) 2001-20 06Cisco Systems, Inc.11 * Copyright (c) 2001-2017 Cisco Systems, Inc. 12 12 * All rights reserved. 13 13 * … … 46 46 #define GETOPT_S_H 47 47 48 #ifdef __cplusplus 49 extern "C" { 50 #endif 51 48 52 /* 49 53 * getopt_s(), optarg_s, and optind_s are small, locally defined … … 58 62 extern int optind_s; /* defined in getopt.c */ 59 63 64 #ifdef __cplusplus 65 } 66 #endif 67 60 68 #endif /* GETOPT_S_H */ -
pjproject/trunk/third_party/srtp/include/srtp.h
r5261 r5614 9 9 /* 10 10 * 11 * Copyright (c) 2001-20 06, Cisco Systems, Inc.11 * Copyright (c) 2001-2017, Cisco Systems, Inc. 12 12 * All rights reserved. 13 13 * … … 44 44 45 45 46 #ifndef SRTP_H 47 #define SRTP_H 46 #ifndef SRTP_SRTP_H 47 #define SRTP_SRTP_H 48 49 #include <stdint.h> 48 50 49 51 #ifdef __cplusplus … … 51 53 #endif 52 54 53 #include <stdint.h>54 #include "crypto.h"55 #include "crypto_types.h"56 #include "err.h"57 58 55 /** 59 56 * @defgroup SRTP Secure RTP … … 83 80 84 81 /** 82 * SRTP_MAX_MKI_LEN is the maximum size the MKI could be which is 83 * 128 bytes 84 */ 85 #define SRTP_MAX_MKI_LEN 128 86 87 88 /** 85 89 * SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer 86 90 * (authentication tag and MKI) supported by libSRTP. This value is 87 * the ma ximum number of octets that will be added to an RTP packet by91 * the maixmum number of octets that will be added to an RTP packet by 88 92 * srtp_protect(). 89 93 * 90 94 * @brief the maximum number of octets added by srtp_protect(). 91 95 */ 92 #define SRTP_MAX_TRAILER_LEN SRTP_MAX_TAG_LEN 93 96 #define SRTP_MAX_TRAILER_LEN (SRTP_MAX_TAG_LEN + SRTP_MAX_MKI_LEN) 97 98 /** 99 * SRTP_MAX_NUM_MASTER_KEYS is the maximum number of Master keys for 100 * MKI supported by libSRTP. 101 * 102 */ 103 #define SRTP_MAX_NUM_MASTER_KEYS 16 104 105 #define SRTP_SALT_LEN 14 94 106 /* 95 * SRTP_AEAD_SALT_LEN is the length of the SALT values used with 107 * SRTP_AEAD_SALT_LEN is the length of the SALT values used with 96 108 * GCM mode. GCM mode requires an IV. The SALT value is used 97 109 * as part of the IV formation logic applied to each RTP packet. 98 110 */ 99 #define SRTP_AEAD_SALT_LEN 12 100 #define AES_128_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 16 101 #define AES_192_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 24 102 #define AES_256_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 32 103 104 105 106 /* 107 * nota bene: since libSRTP doesn't support the use of the MKI, the 108 * SRTP_MAX_TRAILER_LEN value is just the maximum tag length 109 */ 110 111 /** 112 * @brief sec_serv_t describes a set of security services. 113 * 114 * A sec_serv_t enumeration is used to describe the particular 111 #define SRTP_AEAD_SALT_LEN 12 112 113 #define SRTP_AES_128_KEY_LEN 16 114 #define SRTP_AES_192_KEY_LEN 24 115 #define SRTP_AES_256_KEY_LEN 32 116 117 #define SRTP_AES_ICM_128_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_128_KEY_LEN) 118 #define SRTP_AES_ICM_192_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_192_KEY_LEN) 119 #define SRTP_AES_ICM_256_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_256_KEY_LEN) 120 121 #define SRTP_AES_GCM_128_KEY_LEN_WSALT (SRTP_AEAD_SALT_LEN + SRTP_AES_128_KEY_LEN) 122 #define SRTP_AES_GCM_192_KEY_LEN_WSALT (SRTP_AEAD_SALT_LEN + SRTP_AES_192_KEY_LEN) 123 #define SRTP_AES_GCM_256_KEY_LEN_WSALT (SRTP_AEAD_SALT_LEN + SRTP_AES_256_KEY_LEN) 124 125 /** 126 * @brief A srtp_cipher_type_id_t is an identifier for a particular cipher 127 * type. 128 * 129 * A srtp_cipher_type_id_t is an integer that represents a particular 130 * cipher type, e.g. the Advanced Encryption Standard (AES). A 131 * SRTP_NULL_CIPHER is avaliable; this cipher leaves the data unchanged, 132 * and can be selected to indicate that no encryption is to take 133 * place. 134 * 135 * @ingroup Ciphers 136 */ 137 typedef uint32_t srtp_cipher_type_id_t; 138 139 /** 140 * @brief An srtp_auth_type_id_t is an identifier for a particular authentication 141 * function. 142 * 143 * An srtp_auth_type_id_t is an integer that represents a particular 144 * authentication function type, e.g. HMAC-SHA1. A SRTP_NULL_AUTH is 145 * avaliable; this authentication function performs no computation, 146 * and can be selected to indicate that no authentication is to take 147 * place. 148 * 149 * @ingroup Authentication 150 */ 151 typedef uint32_t srtp_auth_type_id_t; 152 153 /** 154 * @brief srtp_err_status_t defines error codes. 155 * 156 * The enumeration srtp_err_status_t defines error codes. Note that the 157 * value of srtp_err_status_ok is equal to zero, which can simplify error 158 * checking somewhat. 159 * 160 */ 161 typedef enum { 162 srtp_err_status_ok = 0, /**< nothing to report */ 163 srtp_err_status_fail = 1, /**< unspecified failure */ 164 srtp_err_status_bad_param = 2, /**< unsupported parameter */ 165 srtp_err_status_alloc_fail = 3, /**< couldn't allocate memory */ 166 srtp_err_status_dealloc_fail = 4, /**< couldn't deallocate properly */ 167 srtp_err_status_init_fail = 5, /**< couldn't initialize */ 168 srtp_err_status_terminus = 6, /**< can't process as much data as requested */ 169 srtp_err_status_auth_fail = 7, /**< authentication failure */ 170 srtp_err_status_cipher_fail = 8, /**< cipher failure */ 171 srtp_err_status_replay_fail = 9, /**< replay check failed (bad index) */ 172 srtp_err_status_replay_old = 10, /**< replay check failed (index too old) */ 173 srtp_err_status_algo_fail = 11, /**< algorithm failed test routine */ 174 srtp_err_status_no_such_op = 12, /**< unsupported operation */ 175 srtp_err_status_no_ctx = 13, /**< no appropriate context found */ 176 srtp_err_status_cant_check = 14, /**< unable to perform desired validation */ 177 srtp_err_status_key_expired = 15, /**< can't use key any more */ 178 srtp_err_status_socket_err = 16, /**< error in use of socket */ 179 srtp_err_status_signal_err = 17, /**< error in use POSIX signals */ 180 srtp_err_status_nonce_bad = 18, /**< nonce check failed */ 181 srtp_err_status_read_fail = 19, /**< couldn't read data */ 182 srtp_err_status_write_fail = 20, /**< couldn't write data */ 183 srtp_err_status_parse_err = 21, /**< error parsing data */ 184 srtp_err_status_encode_err = 22, /**< error encoding data */ 185 srtp_err_status_semaphore_err = 23,/**< error while using semaphores */ 186 srtp_err_status_pfkey_err = 24, /**< error while using pfkey */ 187 srtp_err_status_bad_mki = 25, /**< error MKI present in packet is invalid */ 188 srtp_err_status_pkt_idx_old = 26, /**< packet index is too old to consider */ 189 srtp_err_status_pkt_idx_adv = 27 /**< packet index advanced, reset needed */ 190 } srtp_err_status_t; 191 192 193 typedef struct srtp_ctx_t_ srtp_ctx_t; 194 195 /** 196 * @brief srtp_sec_serv_t describes a set of security services. 197 * 198 * A srtp_sec_serv_t enumeration is used to describe the particular 115 199 * security services that will be applied by a particular crypto 116 200 * policy (or other mechanism). … … 122 206 sec_serv_auth = 2, /**< authentication */ 123 207 sec_serv_conf_and_auth = 3 /**< confidentiality and authentication */ 124 } s ec_serv_t;208 } srtp_sec_serv_t; 125 209 126 210 /** 127 * @brief crypto_policy_t describes a particular crypto policy that211 * @brief srtp_crypto_policy_t describes a particular crypto policy that 128 212 * can be applied to an SRTP stream. 129 213 * 130 * A crypto_policy_t describes a particular cryptographic policy that214 * A srtp_crypto_policy_t describes a particular cryptographic policy that 131 215 * can be applied to an SRTP or SRTCP stream. An SRTP session policy 132 216 * consists of a list of these policies, one for each SRTP stream … … 134 218 */ 135 219 136 typedef struct crypto_policy_t {137 cipher_type_id_t cipher_type; /**< An integer representing138 * the type of cipher. */220 typedef struct srtp_crypto_policy_t { 221 srtp_cipher_type_id_t cipher_type; /**< An integer representing 222 * the type of cipher. */ 139 223 int cipher_key_len; /**< The length of the cipher key 140 224 * in octets. */ 141 auth_type_id_t auth_type; /**< An integer representing the142 * authentication function. */225 srtp_auth_type_id_t auth_type; /**< An integer representing the 226 * authentication function. */ 143 227 int auth_key_len; /**< The length of the authentication 144 228 * function key in octets. */ 145 229 int auth_tag_len; /**< The length of the authentication 146 230 * tag in octets. */ 147 s ec_serv_tsec_serv; /**< The flag indicating the security231 srtp_sec_serv_t sec_serv; /**< The flag indicating the security 148 232 * services to be applied. */ 149 } crypto_policy_t;233 } srtp_crypto_policy_t; 150 234 151 235 152 236 /** 153 * @brief s src_type_t describes the type of an SSRC.154 * 155 * An s src_type_t enumeration is used to indicate a type of SSRC. See237 * @brief srtp_ssrc_type_t describes the type of an SSRC. 238 * 239 * An srtp_ssrc_type_t enumeration is used to indicate a type of SSRC. See 156 240 * @ref srtp_policy_t for more informataion. 157 241 */ … … 166 250 (i.e. a value that is used in the 167 251 function srtp_protect()) */ 168 } s src_type_t;169 170 /** 171 * @brief An s src_t represents a particular SSRC value, or a `wildcard' SSRC.172 * 173 * An s src_t represents a particular SSRC value (if its type is252 } srtp_ssrc_type_t; 253 254 /** 255 * @brief An srtp_ssrc_t represents a particular SSRC value, or a `wildcard' SSRC. 256 * 257 * An srtp_ssrc_t represents a particular SSRC value (if its type is 174 258 * ssrc_specific), or a wildcard SSRC value that will match all 175 259 * outbound SSRCs (if its type is ssrc_any_outbound) or all inbound … … 179 263 180 264 typedef struct { 181 s src_type_t type;/**< The type of this particular SSRC */182 unsigned int value; /**< The value of this SSRC, if it is not a wildcard */183 } s src_t;265 srtp_ssrc_type_t type; /**< The type of this particular SSRC */ 266 unsigned int value; /**< The value of this SSRC, if it is not a wildcard */ 267 } srtp_ssrc_t; 184 268 185 269 … … 187 271 * @brief points to an EKT policy 188 272 */ 189 typedef struct ekt_policy_ctx_t *ekt_policy_t;273 typedef struct srtp_ekt_policy_ctx_t *srtp_ekt_policy_t; 190 274 191 275 … … 193 277 * @brief points to EKT stream data 194 278 */ 195 typedef struct ekt_stream_ctx_t *ekt_stream_t; 196 279 typedef struct srtp_ekt_stream_ctx_t *srtp_ekt_stream_t; 280 281 /** 282 * @brief srtp_master_key_t represents a master key. There will 283 * be a Master Key Index and the Master Key associated with the 284 * Master Key Index. Need to also keep track of the Master Key 285 * Index Size to correctly read it from a packet. 286 */ 287 typedef struct srtp_master_key_t { 288 unsigned char *key; 289 unsigned char *mki_id; 290 unsigned int mki_size; 291 } srtp_master_key_t; 197 292 198 293 /** … … 224 319 225 320 typedef struct srtp_policy_t { 226 s src_tssrc; /**< The SSRC value of stream, or the321 srtp_ssrc_t ssrc; /**< The SSRC value of stream, or the 227 322 * flags SSRC_ANY_INBOUND or 228 323 * SSRC_ANY_OUTBOUND if key sharing 229 324 * is used for this policy element. 230 325 */ 231 crypto_policy_t rtp;/**< SRTP crypto policy. */232 crypto_policy_t rtcp;/**< SRTCP crypto policy. */326 srtp_crypto_policy_t rtp; /**< SRTP crypto policy. */ 327 srtp_crypto_policy_t rtcp; /**< SRTCP crypto policy. */ 233 328 unsigned char *key; /**< Pointer to the SRTP master key for 234 * this stream. */ 235 ekt_policy_t ekt; /**< Pointer to the EKT policy structure 329 * this stream. */ 330 srtp_master_key_t **keys; /** Array of Master Key structures */ 331 unsigned long num_master_keys; /** Number of master keys */ 332 srtp_ekt_policy_t ekt; /**< Pointer to the EKT policy structure 236 333 * for this stream (if any) */ 237 334 unsigned long window_size; /**< The window size to use for replay … … 243 340 * payload, or a severe security weakness 244 341 * is introduced!) */ 342 int *enc_xtn_hdr; /**< List of header ids to encrypt. */ 343 int enc_xtn_hdr_count; /**< Number of entries in list of header ids. */ 245 344 struct srtp_policy_t *next; /**< Pointer to next stream policy. */ 246 345 } srtp_policy_t; … … 262 361 */ 263 362 264 typedef struct srtp_ctx_t *srtp_t; 265 266 267 /** 268 * @brief An srtp_stream_t points to an SRTP stream structure. 269 * 270 * The typedef srtp_stream_t is a pointer to a structure that 271 * represents an SRTP stream. This datatype is intentionally 272 * opaque in order to separate the interface from the implementation. 273 * 274 * An SRTP stream consists of all of the traffic sent to an SRTP 275 * session by a single participant. A session can be viewed as 276 * a set of streams. 277 * 278 */ 279 typedef struct srtp_stream_ctx_t *srtp_stream_t; 280 363 typedef srtp_ctx_t *srtp_t; 281 364 282 365 … … 288 371 */ 289 372 290 err_status_t 291 srtp_init(void); 373 srtp_err_status_t srtp_init(void); 292 374 293 375 /** … … 297 379 */ 298 380 299 err_status_t 300 srtp_shutdown(void); 381 srtp_err_status_t srtp_shutdown(void); 301 382 302 383 /** … … 306 387 * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP 307 388 * protection to the RTP packet rtp_hdr (which has length *len_ptr) using 308 * the SRTP context ctx. If err_status_ok is returned, then rtp_hdr389 * the SRTP context ctx. If srtp_err_status_ok is returned, then rtp_hdr 309 390 * points to the resulting SRTP packet and *len_ptr is the number of 310 391 * octets in that packet; otherwise, no assumptions should be made … … 332 413 * @param len_ptr is a pointer to the length in octets of the complete 333 414 * RTP packet (header and body) before the function call, and of the 334 * complete SRTP packet after the call, if err_status_ok was returned.415 * complete SRTP packet after the call, if srtp_err_status_ok was returned. 335 416 * Otherwise, the value of the data to which it points is undefined. 336 417 * 337 418 * @return 338 * - err_status_ok no problems339 * - err_status_replay_fail rtp sequence number was non-increasing419 * - srtp_err_status_ok no problems 420 * - srtp_err_status_replay_fail rtp sequence number was non-increasing 340 421 * - @e other failure in cryptographic mechanisms 341 422 */ 342 423 343 err_status_t 344 srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr); 345 424 srtp_err_status_t srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr); 425 426 /** 427 * @brief srtp_protect_mki() is the Secure RTP sender-side packet processing 428 * function that can utilize MKI. 429 * 430 * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP 431 * protection to the RTP packet rtp_hdr (which has length *len_ptr) using 432 * the SRTP context ctx. If srtp_err_status_ok is returned, then rtp_hdr 433 * points to the resulting SRTP packet and *len_ptr is the number of 434 * octets in that packet; otherwise, no assumptions should be made 435 * about the value of either data elements. 436 * 437 * The sequence numbers of the RTP packets presented to this function 438 * need not be consecutive, but they @b must be out of order by less 439 * than 2^15 = 32,768 packets. 440 * 441 * @warning This function assumes that it can write the authentication 442 * tag into the location in memory immediately following the RTP 443 * packet, and assumes that the RTP packet is aligned on a 32-bit 444 * boundary. 445 * 446 * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN 447 * into the location in memory immediately following the RTP packet. 448 * Callers MUST ensure that this much writable memory is available in 449 * the buffer that holds the RTP packet. 450 * 451 * @param ctx is the SRTP context to use in processing the packet. 452 * 453 * @param rtp_hdr is a pointer to the RTP packet (before the call); after 454 * the function returns, it points to the srtp packet. 455 * 456 * @param pkt_octet_len is a pointer to the length in octets of the complete 457 * RTP packet (header and body) before the function call, and of the 458 * complete SRTP packet after the call, if srtp_err_status_ok was returned. 459 * Otherwise, the value of the data to which it points is undefined. 460 * 461 * @param use_mki is a boolean to tell the system if mki is being used. If 462 * set to false then will use the first set of session keys. If set to true will 463 * use the session keys identified by the mki_index 464 * 465 * @param mki_index integer value specifying which set of session keys should be 466 * used if use_mki is set to true. 467 * 468 * @return 469 * - srtp_err_status_ok no problems 470 * - srtp_err_status_replay_fail rtp sequence number was non-increasing 471 * - @e other failure in cryptographic mechanisms 472 */ 473 474 srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx, void *rtp_hdr, 475 int *pkt_octet_len, unsigned int use_mki, 476 unsigned int mki_index); 477 346 478 /** 347 479 * @brief srtp_unprotect() is the Secure RTP receiver-side packet … … 351 483 * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr 352 484 * (which has length *len_ptr), using the SRTP context ctx. If 353 * err_status_ok is returned, then srtp_hdr points to the resulting485 * srtp_err_status_ok is returned, then srtp_hdr points to the resulting 354 486 * RTP packet and *len_ptr is the number of octets in that packet; 355 487 * otherwise, no assumptions should be made about the value of either … … 367 499 * @param srtp_hdr is a pointer to the header of the SRTP packet 368 500 * (before the call). after the function returns, it points to the 369 * rtp packet if err_status_ok was returned; otherwise, the value of501 * rtp packet if srtp_err_status_ok was returned; otherwise, the value of 370 502 * the data to which it points is undefined. 371 503 * 372 504 * @param len_ptr is a pointer to the length in octets of the complete 373 505 * srtp packet (header and body) before the function call, and of the 374 * complete rtp packet after the call, if err_status_ok was returned.506 * complete rtp packet after the call, if srtp_err_status_ok was returned. 375 507 * Otherwise, the value of the data to which it points is undefined. 376 508 * 377 509 * @return 378 * - err_status_ok if the RTP packet is valid.379 * - err_status_auth_fail if the SRTP packet failed the message510 * - srtp_err_status_ok if the RTP packet is valid. 511 * - srtp_err_status_auth_fail if the SRTP packet failed the message 380 512 * authentication check. 381 * - err_status_replay_fail if the SRTP packet is a replay (e.g. packet has513 * - srtp_err_status_replay_fail if the SRTP packet is a replay (e.g. packet has 382 514 * already been processed and accepted). 383 515 * - [other] if there has been an error in the cryptographic mechanisms. … … 385 517 */ 386 518 387 err_status_t 388 srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr); 389 519 srtp_err_status_t srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr); 520 521 /** 522 * @brief srtp_unprotect_mki() is the Secure RTP receiver-side packet 523 * processing function that checks for MKI. 524 * 525 * The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies 526 * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr 527 * (which has length *len_ptr), using the SRTP context ctx. If 528 * srtp_err_status_ok is returned, then srtp_hdr points to the resulting 529 * RTP packet and *len_ptr is the number of octets in that packet; 530 * otherwise, no assumptions should be made about the value of either 531 * data elements. 532 * 533 * The sequence numbers of the RTP packets presented to this function 534 * need not be consecutive, but they @b must be out of order by less 535 * than 2^15 = 32,768 packets. 536 * 537 * @warning This function assumes that the SRTP packet is aligned on a 538 * 32-bit boundary. 539 * 540 * @param ctx is the SRTP session which applies to the particular packet. 541 * 542 * @param srtp_hdr is a pointer to the header of the SRTP packet 543 * (before the call). after the function returns, it points to the 544 * rtp packet if srtp_err_status_ok was returned; otherwise, the value of 545 * the data to which it points is undefined. 546 * 547 * @param len_ptr is a pointer to the length in octets of the complete 548 * srtp packet (header and body) before the function call, and of the 549 * complete rtp packet after the call, if srtp_err_status_ok was returned. 550 * Otherwise, the value of the data to which it points is undefined. 551 * 552 * @param use_mki is a boolean to tell the system if mki is being used. If 553 * set to false then will use the first set of session keys. If set to true will 554 * use the session keys identified by the mki_index 555 * 556 * @return 557 * - srtp_err_status_ok if the RTP packet is valid. 558 * - srtp_err_status_auth_fail if the SRTP packet failed the message 559 * authentication check. 560 * - srtp_err_status_replay_fail if the SRTP packet is a replay (e.g. packet has 561 * already been processed and accepted). 562 * - srtp_err_status_bad_mki if the MKI in the packet is not a known MKI id 563 * - [other] if there has been an error in the cryptographic mechanisms. 564 * 565 */ 566 567 srtp_err_status_t srtp_unprotect_mki(srtp_t ctx, void *srtp_hdr, int *len_ptr, 568 unsigned int use_mki); 390 569 391 570 /** 392 571 * @brief srtp_create() allocates and initializes an SRTP session. 393 572 394 * The function call srtp_create(session, policy, key) allocates and 395 * initializes an SRTP session context, applying the given policy and 396 * key. 573 * The function call srtp_create(session, policy) allocates and 574 * initializes an SRTP session context, applying the given policy. 397 575 * 398 576 * @param session is a pointer to the SRTP session to which the policy is … … 407 585 * 408 586 * @return 409 * - err_status_ok if creation succeded. 410 * - err_status_alloc_fail if allocation failed. 411 * - err_status_init_fail if initialization failed. 412 */ 413 414 err_status_t 415 srtp_create(srtp_t *session, const srtp_policy_t *policy); 587 * - srtp_err_status_ok if creation succeded. 588 * - srtp_err_status_alloc_fail if allocation failed. 589 * - srtp_err_status_init_fail if initialization failed. 590 */ 591 592 srtp_err_status_t srtp_create(srtp_t *session, const srtp_policy_t *policy); 416 593 417 594 … … 426 603 * 427 604 * @return values: 428 * - err_status_ok if stream creation succeded. 429 * - err_status_alloc_fail if stream allocation failed 430 * - err_status_init_fail if stream initialization failed. 431 */ 432 433 err_status_t 434 srtp_add_stream(srtp_t session, 435 const srtp_policy_t *policy); 605 * - srtp_err_status_ok if stream creation succeded. 606 * - srtp_err_status_alloc_fail if stream allocation failed 607 * - srtp_err_status_init_fail if stream initialization failed. 608 */ 609 610 srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy); 436 611 437 612 … … 446 621 * will be removed. 447 622 * 448 * @param ssrc is the SSRC value of the stream to be removed. 623 * @param ssrc is the SSRC value of the stream to be removed 624 * in network byte order. 449 625 * 450 626 * @warning Wildcard SSRC values cannot be removed from a … … 452 628 * 453 629 * @return 454 * - err_status_ok if the stream deallocation succeded.630 * - srtp_err_status_ok if the stream deallocation succeded. 455 631 * - [other] otherwise. 456 632 * 457 633 */ 458 634 459 err_status_t 460 srtp_remove_stream(srtp_t session, unsigned int ssrc); 461 462 /** 463 * @brief crypto_policy_set_rtp_default() sets a crypto policy 635 srtp_err_status_t srtp_remove_stream(srtp_t session, unsigned int ssrc); 636 637 /** 638 * @brief srtp_update() udpates all streams in the session. 639 * 640 * The function call srtp_update(session, policy) updates 641 * all the streams in the session applying the given policy 642 * and key. The exsisting ROC value of all streams will be 643 * preserved. 644 * 645 * @param session is the SRTP session that contains the streams 646 * to be updated. 647 * 648 * @param policy is the srtp_policy_t struct that describes the policy 649 * for the session. The struct may be a single element, or it may be 650 * the head of a list, in which case each element of the list is 651 * processed. The final element of the list @b must 652 * have its `next' field set to NULL. 653 * 654 * @return 655 * - srtp_err_status_ok if stream creation succeded. 656 * - srtp_err_status_alloc_fail if stream allocation failed 657 * - srtp_err_status_init_fail if stream initialization failed. 658 * - [other] otherwise. 659 * 660 */ 661 662 srtp_err_status_t srtp_update(srtp_t session, const srtp_policy_t *policy); 663 664 /** 665 * @brief srtp_update_stream() udpates a SRTP stream. 666 * 667 * The function call srtp_update_stream(session, policy) updates 668 * the stream(s) in the session that match applying the given 669 * policy and key. The exsisting ROC value of all stream(s) will 670 * be preserved. 671 * 672 * @param session is the SRTP session that contains the streams 673 * to be updated. 674 * 675 * @param policy is the srtp_policy_t struct that describes the policy 676 * for the session. 677 * 678 * @return 679 * - srtp_err_status_ok if stream creation succeded. 680 * - srtp_err_status_alloc_fail if stream allocation failed 681 * - srtp_err_status_init_fail if stream initialization failed. 682 * - [other] otherwise. 683 * 684 */ 685 686 srtp_err_status_t srtp_update_stream(srtp_t session, const srtp_policy_t *policy); 687 688 /** 689 * @brief srtp_crypto_policy_set_rtp_default() sets a crypto policy 464 690 * structure to the SRTP default policy for RTP protection. 465 691 * … … 479 705 */ 480 706 481 void 482 crypto_policy_set_rtp_default(crypto_policy_t *p); 483 484 /** 485 * @brief crypto_policy_set_rtcp_default() sets a crypto policy 707 void srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p); 708 709 /** 710 * @brief srtp_crypto_policy_set_rtcp_default() sets a crypto policy 486 711 * structure to the SRTP default policy for RTCP protection. 487 712 * 488 713 * @param p is a pointer to the policy structure to be set 489 714 * 490 * The function call crypto_policy_set_rtcp_default(&p) sets the491 * crypto_policy_t at location p to the SRTP default policy for RTCP715 * The function call srtp_crypto_policy_set_rtcp_default(&p) sets the 716 * srtp_crypto_policy_t at location p to the SRTP default policy for RTCP 492 717 * protection, as defined in the specification. This function is a 493 718 * convenience that helps to avoid dealing directly with the policy … … 495 720 * with this function call. Doing so may allow your code to be 496 721 * forward compatible with later versions of libSRTP that include more 497 * elements in the crypto_policy_t datatype. 498 * 499 * @return void. 500 * 501 */ 502 503 void 504 crypto_policy_set_rtcp_default(crypto_policy_t *p); 505 506 /** 507 * @brief crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto 722 * elements in the srtp_crypto_policy_t datatype. 723 * 724 * @return void. 725 * 726 */ 727 728 void srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p); 729 730 /** 731 * @brief srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto 508 732 * policy structure to the SRTP default policy for RTP protection. 509 733 * 510 734 * @param p is a pointer to the policy structure to be set 511 735 * 512 * The function crypto_policy_set_aes_cm_128_hmac_sha1_80() is a513 * synonym for crypto_policy_set_rtp_default(). It conforms to the736 * The function srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80() is a 737 * synonym for srtp_crypto_policy_set_rtp_default(). It conforms to the 514 738 * naming convention used in RFC 4568 (SDP Security Descriptions for 515 739 * Media Streams). … … 519 743 */ 520 744 521 #define crypto_policy_set_aes_cm_128_hmac_sha1_80(p)crypto_policy_set_rtp_default(p)522 523 524 /** 525 * @brief crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto745 #define srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(p) srtp_crypto_policy_set_rtp_default(p) 746 747 748 /** 749 * @brief srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto 526 750 * policy structure to a short-authentication tag policy 527 751 * 528 752 * @param p is a pointer to the policy structure to be set 529 753 * 530 * The function call crypto_policy_set_aes_cm_128_hmac_sha1_32(&p)531 * sets the crypto_policy_t at location p to use policy754 * The function call srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&p) 755 * sets the srtp_crypto_policy_t at location p to use policy 532 756 * AES_CM_128_HMAC_SHA1_32 as defined in RFC 4568. 533 757 * This policy uses AES-128 … … 542 766 * policy elements with this function call. Doing so may allow your 543 767 * code to be forward compatible with later versions of libSRTP that 544 * include more elements in the crypto_policy_t datatype.768 * include more elements in the srtp_crypto_policy_t datatype. 545 769 * 546 770 * @warning This crypto policy is intended for use in SRTP, but not in … … 553 777 */ 554 778 555 void 556 crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p); 557 558 559 560 /** 561 * @brief crypto_policy_set_aes_cm_128_null_auth() sets a crypto 779 void srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p); 780 781 782 783 /** 784 * @brief srtp_crypto_policy_set_aes_cm_128_null_auth() sets a crypto 562 785 * policy structure to an encryption-only policy 563 786 * 564 787 * @param p is a pointer to the policy structure to be set 565 788 * 566 * The function call crypto_policy_set_aes_cm_128_null_auth(&p) sets567 * the crypto_policy_t at location p to use the SRTP default cipher789 * The function call srtp_crypto_policy_set_aes_cm_128_null_auth(&p) sets 790 * the srtp_crypto_policy_t at location p to use the SRTP default cipher 568 791 * (AES-128 Counter Mode), but to use no authentication method. This 569 792 * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 570 793 * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). 571 794 * 795 * This function is a convenience that helps to avoid dealing directly 796 * with the policy data structure. You are encouraged to initialize 797 * policy elements with this function call. Doing so may allow your 798 * code to be forward compatible with later versions of libSRTP that 799 * include more elements in the srtp_crypto_policy_t datatype. 800 * 801 * @warning This policy is NOT RECOMMENDED for SRTP unless it is 802 * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see 803 * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). 804 * 805 * @return void. 806 * 807 */ 808 809 void srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p); 810 811 812 /** 813 * @brief srtp_crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto 814 * policy structure to an authentication-only policy 815 * 816 * @param p is a pointer to the policy structure to be set 817 * 818 * The function call srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&p) 819 * sets the srtp_crypto_policy_t at location p to use HMAC-SHA1 with an 80 820 * bit authentication tag to provide message authentication, but to 821 * use no encryption. This policy is NOT RECOMMENDED for SRTP unless 822 * there is a requirement to forego encryption. 823 * 824 * This function is a convenience that helps to avoid dealing directly 825 * with the policy data structure. You are encouraged to initialize 826 * policy elements with this function call. Doing so may allow your 827 * code to be forward compatible with later versions of libSRTP that 828 * include more elements in the srtp_crypto_policy_t datatype. 829 * 830 * @warning This policy is NOT RECOMMENDED for SRTP unless there is a 831 * requirement to forego encryption. 832 * 833 * @return void. 834 * 835 */ 836 void srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p); 837 838 /** 839 * @brief srtp_crypto_policy_set_null_cipher_hmac_null() sets a crypto 840 * policy structure to use no encryption or authentication. 841 * 842 * @param p is a pointer to the policy structure to be set 843 * 844 * The function call srtp_crypto_policy_set_null_cipher_hmac_null(&p) 845 * sets the srtp_crypto_policy_t at location p to use no encryption and 846 * no authentication. This policy should only be used for testing and 847 * troubleshootingl. 848 * 849 * This function is a convenience that helps to avoid dealing directly 850 * with the policy data structure. You are encouraged to initialize 851 * policy elements with this function call. Doing so may allow your 852 * code to be forward compatible with later versions of libSRTP that 853 * include more elements in the srtp_crypto_policy_t datatype. 854 * 855 * @warning This policy is NOT RECOMMENDED for SRTP unless there is a 856 * requirement to forego encryption and authentication. 857 * 858 * @return void. 859 * 860 */ 861 void srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p); 862 863 864 /** 865 * @brief srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto 866 * policy structure to a encryption and authentication policy using AES-256 867 * for RTP protection. 868 * 869 * @param p is a pointer to the policy structure to be set 870 * 871 * The function call srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&p) 872 * sets the srtp_crypto_policy_t at location p to use policy 873 * AES_CM_256_HMAC_SHA1_80 as defined in RFC 6188. This policy uses AES-256 874 * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit 875 * authentication tag. 876 * 877 * This function is a convenience that helps to avoid dealing directly 878 * with the policy data structure. You are encouraged to initialize 879 * policy elements with this function call. Doing so may allow your 880 * code to be forward compatible with later versions of libSRTP that 881 * include more elements in the srtp_crypto_policy_t datatype. 882 * 883 * @return void. 884 * 885 */ 886 887 void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p); 888 889 890 /** 891 * @brief srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto 892 * policy structure to a short-authentication tag policy using AES-256 893 * encryption. 894 * 895 * @param p is a pointer to the policy structure to be set 896 * 897 * The function call srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(&p) 898 * sets the srtp_crypto_policy_t at location p to use policy 899 * AES_CM_256_HMAC_SHA1_32 as defined in RFC 6188. This policy uses AES-256 900 * Counter Mode encryption and HMAC-SHA1 authentication, with an 901 * authentication tag that is only 32 bits long. This length is 902 * considered adequate only for protecting audio and video media that 903 * use a stateless playback function. See Section 7.5 of RFC 3711 904 * (http://www.ietf.org/rfc/rfc3711.txt). 905 * 906 * This function is a convenience that helps to avoid dealing directly 907 * with the policy data structure. You are encouraged to initialize 908 * policy elements with this function call. Doing so may allow your 909 * code to be forward compatible with later versions of libSRTP that 910 * include more elements in the srtp_crypto_policy_t datatype. 911 * 912 * @warning This crypto policy is intended for use in SRTP, but not in 913 * SRTCP. It is recommended that a policy that uses longer 914 * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711 915 * (http://www.ietf.org/rfc/rfc3711.txt). 916 * 917 * @return void. 918 * 919 */ 920 921 void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p); 922 923 /** 924 * @brief srtp_crypto_policy_set_aes_cm_256_null_auth() sets a crypto 925 * policy structure to an encryption-only policy 926 * 927 * @param p is a pointer to the policy structure to be set 928 * 929 * The function call srtp_crypto_policy_set_aes_cm_256_null_auth(&p) sets 930 * the srtp_crypto_policy_t at location p to use the SRTP default cipher 931 * (AES-256 Counter Mode), but to use no authentication method. This 932 * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 933 * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). 934 * 935 * This function is a convenience that helps to avoid dealing directly 936 * with the policy data structure. You are encouraged to initialize 937 * policy elements with this function call. Doing so may allow your 938 * code to be forward compatible with later versions of libSRTP that 939 * include more elements in the srtp_crypto_policy_t datatype. 940 * 941 * @warning This policy is NOT RECOMMENDED for SRTP unless it is 942 * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see 943 * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). 944 * 945 * @return void. 946 * 947 */ 948 void srtp_crypto_policy_set_aes_cm_256_null_auth(srtp_crypto_policy_t *p); 949 950 951 /** 952 * @brief srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80() sets a crypto 953 * policy structure to a encryption and authentication policy using AES-192 954 * for RTP protection. 955 * 956 * @param p is a pointer to the policy structure to be set 957 * 958 * The function call srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(&p) 959 * sets the crypto_policy_t at location p to use policy 960 * AES_CM_192_HMAC_SHA1_80 as defined in RFC 6188. This policy uses AES-192 961 * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit 962 * authentication tag. 963 * 572 964 * This function is a convenience that helps to avoid dealing directly 573 965 * with the policy data structure. You are encouraged to initialize … … 576 968 * include more elements in the crypto_policy_t datatype. 577 969 * 578 * @warning This policy is NOT RECOMMENDED for SRTP unless it is 579 * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see 580 * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). 581 * 582 * @return void. 583 * 584 */ 585 586 void 587 crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p); 588 589 590 /** 591 * @brief crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto 592 * policy structure to an authentication-only policy 593 * 594 * @param p is a pointer to the policy structure to be set 595 * 596 * The function call crypto_policy_set_null_cipher_hmac_sha1_80(&p) 597 * sets the crypto_policy_t at location p to use HMAC-SHA1 with an 80 598 * bit authentication tag to provide message authentication, but to 599 * use no encryption. This policy is NOT RECOMMENDED for SRTP unless 600 * there is a requirement to forego encryption. 601 * 970 * @return void. 971 * 972 */ 973 void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p); 974 975 976 /** 977 * @brief srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32() sets a crypto 978 * policy structure to a short-authentication tag policy using AES-192 979 * encryption. 980 * 981 * @param p is a pointer to the policy structure to be set 982 * 983 * The function call srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(&p) 984 * sets the crypto_policy_t at location p to use policy 985 * AES_CM_192_HMAC_SHA1_32 as defined in RFC 6188. This policy uses AES-192 986 * Counter Mode encryption and HMAC-SHA1 authentication, with an 987 * authentication tag that is only 32 bits long. This length is 988 * considered adequate only for protecting audio and video media that 989 * use a stateless playback function. See Section 7.5 of RFC 3711 990 * (http://www.ietf.org/rfc/rfc3711.txt). 991 * 602 992 * This function is a convenience that helps to avoid dealing directly 603 993 * with the policy data structure. You are encouraged to initialize … … 606 996 * include more elements in the crypto_policy_t datatype. 607 997 * 608 * @warning This policy is NOT RECOMMENDED for SRTP unless there is a 609 * requirement to forego encryption. 610 * 611 * @return void. 612 * 613 */ 614 615 void 616 crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p); 617 618 619 /** 620 * @brief crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto 621 * policy structure to a encryption and authentication policy using AES-256 622 * for RTP protection. 623 * 624 * @param p is a pointer to the policy structure to be set 625 * 626 * The function call crypto_policy_set_aes_cm_256_hmac_sha1_80(&p) 627 * sets the crypto_policy_t at location p to use policy 628 * AES_CM_256_HMAC_SHA1_80 as defined in 629 * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256 630 * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit 631 * authentication tag. 632 * 998 * @warning This crypto policy is intended for use in SRTP, but not in 999 * SRTCP. It is recommended that a policy that uses longer 1000 * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711 1001 * (http://www.ietf.org/rfc/rfc3711.txt). 1002 * 1003 * @return void. 1004 * 1005 */ 1006 void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p); 1007 1008 1009 /** 1010 * @brief srtp_crypto_policy_set_aes_cm_192_null_auth() sets a crypto 1011 * policy structure to an encryption-only policy 1012 * 1013 * @param p is a pointer to the policy structure to be set 1014 * 1015 * The function call srtp_crypto_policy_set_aes_cm_192_null_auth(&p) sets 1016 * the crypto_policy_t at location p to use the SRTP default cipher 1017 * (AES-192 Counter Mode), but to use no authentication method. This 1018 * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 1019 * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). 1020 * 633 1021 * This function is a convenience that helps to avoid dealing directly 634 1022 * with the policy data structure. You are encouraged to initialize … … 637 1025 * include more elements in the crypto_policy_t datatype. 638 1026 * 639 * @return void. 640 * 641 */ 642 643 void crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p); 644 645 646 /** 647 * @brief crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto 648 * policy structure to a short-authentication tag policy using AES-256 649 * encryption. 1027 * @warning This policy is NOT RECOMMENDED for SRTP unless it is 1028 * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see 1029 * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). 1030 * 1031 * @return void. 1032 * 1033 */ 1034 void srtp_crypto_policy_set_aes_cm_192_null_auth(srtp_crypto_policy_t *p); 1035 1036 1037 /** 1038 * @brief srtp_crypto_policy_set_aes_gcm_128_8_auth() sets a crypto 1039 * policy structure to an AEAD encryption policy. 650 1040 * 651 1041 * @param p is a pointer to the policy structure to be set 652 1042 * 653 * The function call crypto_policy_set_aes_cm_256_hmac_sha1_32(&p) 654 * sets the crypto_policy_t at location p to use policy 655 * AES_CM_256_HMAC_SHA1_32 as defined in 656 * draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256 657 * Counter Mode encryption and HMAC-SHA1 authentication, with an 658 * authentication tag that is only 32 bits long. This length is 659 * considered adequate only for protecting audio and video media that 660 * use a stateless playback function. See Section 7.5 of RFC 3711 661 * (http://www.ietf.org/rfc/rfc3711.txt). 1043 * The function call srtp_crypto_policy_set_aes_gcm_128_8_auth(&p) sets 1044 * the srtp_crypto_policy_t at location p to use the SRTP default cipher 1045 * (AES-128 Galois Counter Mode) with 8 octet auth tag. This 1046 * policy applies confidentiality and authentication to both the 1047 * RTP and RTCP packets. 662 1048 * 663 1049 * This function is a convenience that helps to avoid dealing directly … … 665 1051 * policy elements with this function call. Doing so may allow your 666 1052 * code to be forward compatible with later versions of libSRTP that 667 * include more elements in the crypto_policy_t datatype. 668 * 669 * @warning This crypto policy is intended for use in SRTP, but not in 670 * SRTCP. It is recommended that a policy that uses longer 671 * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711 672 * (http://www.ietf.org/rfc/rfc3711.txt). 673 * 674 * @return void. 675 * 676 */ 677 678 void 679 crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p); 680 681 /** 682 * @brief crypto_policy_set_aes_cm_256_null_auth() sets a crypto 683 * policy structure to an encryption-only policy 684 * 685 * @param p is a pointer to the policy structure to be set 686 * 687 * The function call crypto_policy_set_aes_cm_256_null_auth(&p) sets 688 * the crypto_policy_t at location p to use the SRTP default cipher 689 * (AES-256 Counter Mode), but to use no authentication method. This 690 * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 691 * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). 692 * 1053 * include more elements in the srtp_crypto_policy_t datatype. 1054 * 1055 * @return void. 1056 * 1057 */ 1058 void srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p); 1059 1060 /** 1061 * @brief srtp_crypto_policy_set_aes_gcm_256_8_auth() sets a crypto 1062 * policy structure to an AEAD encryption policy 1063 * 1064 * @param p is a pointer to the policy structure to be set 1065 * 1066 * The function call srtp_crypto_policy_set_aes_gcm_256_8_auth(&p) sets 1067 * the srtp_crypto_policy_t at location p to use the SRTP default cipher 1068 * (AES-256 Galois Counter Mode) with 8 octet auth tag. This 1069 * policy applies confidentiality and authentication to both the 1070 * RTP and RTCP packets. 1071 * 693 1072 * This function is a convenience that helps to avoid dealing directly 694 1073 * with the policy data structure. You are encouraged to initialize 695 1074 * policy elements with this function call. Doing so may allow your 696 1075 * code to be forward compatible with later versions of libSRTP that 697 * include more elements in the crypto_policy_t datatype. 698 * 699 * @warning This policy is NOT RECOMMENDED for SRTP unless it is 700 * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see 701 * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). 702 * 703 * @return void. 704 * 705 */ 706 void 707 crypto_policy_set_aes_cm_256_null_auth(crypto_policy_t *p); 708 709 /** 710 * @brief crypto_policy_set_aes_gcm_128_8_auth() sets a crypto 711 * policy structure to an AEAD encryption policy. 1076 * include more elements in the srtp_crypto_policy_t datatype. 1077 * 1078 * @return void. 1079 * 1080 */ 1081 void srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p); 1082 1083 /** 1084 * @brief srtp_crypto_policy_set_aes_gcm_128_8_only_auth() sets a crypto 1085 * policy structure to an AEAD authentication-only policy 712 1086 * 713 1087 * @param p is a pointer to the policy structure to be set 714 1088 * 715 * The function call crypto_policy_set_aes_gcm_128_8_auth(&p) sets716 * the crypto_policy_t at location p to use the SRTP default cipher717 * (AES-128 Galois Counter Mode) with 8 octet auth tag. This 718 * policy applies confidentiality and authentication to both the719 * RTP andRTCP packets.1089 * The function call srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&p) sets 1090 * the srtp_crypto_policy_t at location p to use the SRTP default cipher 1091 * (AES-128 Galois Counter Mode) with 8 octet auth tag. This policy 1092 * applies confidentiality and authentication to the RTP packets, 1093 * but only authentication to the RTCP packets. 720 1094 * 721 1095 * This function is a convenience that helps to avoid dealing directly … … 723 1097 * policy elements with this function call. Doing so may allow your 724 1098 * code to be forward compatible with later versions of libSRTP that 725 * include more elements in the crypto_policy_t datatype. 726 * 727 * @return void. 728 * 729 */ 730 void 731 crypto_policy_set_aes_gcm_128_8_auth(crypto_policy_t *p); 732 733 /** 734 * @brief crypto_policy_set_aes_gcm_256_8_auth() sets a crypto 735 * policy structure to an AEAD encryption policy 1099 * include more elements in the srtp_crypto_policy_t datatype. 1100 * 1101 * @return void. 1102 * 1103 */ 1104 void srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p); 1105 1106 /** 1107 * @brief srtp_crypto_policy_set_aes_gcm_256_8_only_auth() sets a crypto 1108 * policy structure to an AEAD authentication-only policy 736 1109 * 737 1110 * @param p is a pointer to the policy structure to be set 738 1111 * 739 * The function call crypto_policy_set_aes_gcm_256_8_auth(&p) sets740 * the crypto_policy_t at location p to use the SRTP default cipher741 * (AES-256 Galois Counter Mode) with 8 octet auth tag. This 742 * policy applies confidentiality and authentication to both the743 * RTP andRTCP packets.1112 * The function call srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&p) sets 1113 * the srtp_crypto_policy_t at location p to use the SRTP default cipher 1114 * (AES-256 Galois Counter Mode) with 8 octet auth tag. This policy 1115 * applies confidentiality and authentication to the RTP packets, 1116 * but only authentication to the RTCP packets. 744 1117 * 745 1118 * This function is a convenience that helps to avoid dealing directly … … 747 1120 * policy elements with this function call. Doing so may allow your 748 1121 * code to be forward compatible with later versions of libSRTP that 749 * include more elements in the crypto_policy_t datatype. 750 * 751 * @return void. 752 * 753 */ 754 void 755 crypto_policy_set_aes_gcm_256_8_auth(crypto_policy_t *p); 756 757 /** 758 * @brief crypto_policy_set_aes_gcm_128_8_only_auth() sets a crypto 759 * policy structure to an AEAD authentication-only policy 1122 * include more elements in the srtp_crypto_policy_t datatype. 1123 * 1124 * @return void. 1125 * 1126 */ 1127 void srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p); 1128 1129 /** 1130 * @brief srtp_crypto_policy_set_aes_gcm_128_16_auth() sets a crypto 1131 * policy structure to an AEAD encryption policy. 760 1132 * 761 1133 * @param p is a pointer to the policy structure to be set 762 1134 * 763 * The function call crypto_policy_set_aes_gcm_128_8_only_auth(&p) sets764 * the crypto_policy_t at location p to use the SRTP default cipher765 * (AES-128 Galois Counter Mode) with 8 octet auth tag. This policy766 * applies confidentiality and authentication to the RTP packets,767 * but only authentication to theRTCP packets.1135 * The function call srtp_crypto_policy_set_aes_gcm_128_16_auth(&p) sets 1136 * the srtp_crypto_policy_t at location p to use the SRTP default cipher 1137 * (AES-128 Galois Counter Mode) with 16 octet auth tag. This 1138 * policy applies confidentiality and authentication to both the 1139 * RTP and RTCP packets. 768 1140 * 769 1141 * This function is a convenience that helps to avoid dealing directly … … 771 1143 * policy elements with this function call. Doing so may allow your 772 1144 * code to be forward compatible with later versions of libSRTP that 773 * include more elements in the crypto_policy_t datatype. 774 * 775 * @return void. 776 * 777 */ 778 void 779 crypto_policy_set_aes_gcm_128_8_only_auth(crypto_policy_t *p); 780 781 /** 782 * @brief crypto_policy_set_aes_gcm_256_8_only_auth() sets a crypto 783 * policy structure to an AEAD authentication-only policy 1145 * include more elements in the srtp_crypto_policy_t datatype. 1146 * 1147 * @return void. 1148 * 1149 */ 1150 void srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p); 1151 1152 /** 1153 * @brief srtp_crypto_policy_set_aes_gcm_256_16_auth() sets a crypto 1154 * policy structure to an AEAD encryption policy 784 1155 * 785 1156 * @param p is a pointer to the policy structure to be set 786 1157 * 787 * The function call crypto_policy_set_aes_gcm_256_8_only_auth(&p) sets788 * the crypto_policy_t at location p to use the SRTP default cipher789 * (AES-256 Galois Counter Mode) with 8 octet auth tag. This policy790 * applies confidentiality and authentication to the RTP packets,791 * but only authentication to theRTCP packets.1158 * The function call srtp_crypto_policy_set_aes_gcm_256_16_auth(&p) sets 1159 * the srtp_crypto_policy_t at location p to use the SRTP default cipher 1160 * (AES-256 Galois Counter Mode) with 16 octet auth tag. This 1161 * policy applies confidentiality and authentication to both the 1162 * RTP and RTCP packets. 792 1163 * 793 1164 * This function is a convenience that helps to avoid dealing directly … … 795 1166 * policy elements with this function call. Doing so may allow your 796 1167 * code to be forward compatible with later versions of libSRTP that 797 * include more elements in the crypto_policy_t datatype. 798 * 799 * @return void. 800 * 801 */ 802 void 803 crypto_policy_set_aes_gcm_256_8_only_auth(crypto_policy_t *p); 804 805 /** 806 * @brief crypto_policy_set_aes_gcm_128_16_auth() sets a crypto 807 * policy structure to an AEAD encryption policy. 808 * 809 * @param p is a pointer to the policy structure to be set 810 * 811 * The function call crypto_policy_set_aes_gcm_128_16_auth(&p) sets 812 * the crypto_policy_t at location p to use the SRTP default cipher 813 * (AES-128 Galois Counter Mode) with 16 octet auth tag. This 814 * policy applies confidentiality and authentication to both the 815 * RTP and RTCP packets. 816 * 1168 * include more elements in the srtp_crypto_policy_t datatype. 1169 * 1170 * @return void. 1171 * 1172 */ 1173 void srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p); 1174 1175 1176 /** 1177 * @brief srtp_dealloc() deallocates storage for an SRTP session 1178 * context. 1179 * 1180 * The function call srtp_dealloc(s) deallocates storage for the 1181 * SRTP session context s. This function should be called no more 1182 * than one time for each of the contexts allocated by the function 1183 * srtp_create(). 1184 * 1185 * @param s is the srtp_t for the session to be deallocated. 1186 * 1187 * @return 1188 * - srtp_err_status_ok if there no problems. 1189 * - srtp_err_status_dealloc_fail a memory deallocation failure occured. 1190 */ 1191 1192 srtp_err_status_t srtp_dealloc(srtp_t s); 1193 1194 1195 /* 1196 * @brief identifies a particular SRTP profile 1197 * 1198 * An srtp_profile_t enumeration is used to identify a particular SRTP 1199 * profile (that is, a set of algorithms and parameters). These profiles 1200 * are defined for DTLS-SRTP: 1201 * https://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml 1202 */ 1203 1204 typedef enum { 1205 srtp_profile_reserved = 0, 1206 srtp_profile_aes128_cm_sha1_80 = 1, 1207 srtp_profile_aes128_cm_sha1_32 = 2, 1208 srtp_profile_null_sha1_80 = 5, 1209 srtp_profile_null_sha1_32 = 6, 1210 srtp_profile_aead_aes_128_gcm = 7, 1211 srtp_profile_aead_aes_256_gcm = 8, 1212 } srtp_profile_t; 1213 1214 1215 /** 1216 * @brief srtp_crypto_policy_set_from_profile_for_rtp() sets a crypto policy 1217 * structure to the appropriate value for RTP based on an srtp_profile_t 1218 * 1219 * @param policy is a pointer to the policy structure to be set 1220 * 1221 * @param profile is an enumeration for the policy to be set 1222 * 1223 * The function call srtp_crypto_policy_set_rtp_default(&policy, profile) 1224 * sets the srtp_crypto_policy_t at location policy to the policy for RTP 1225 * protection, as defined by the srtp_profile_t profile. 1226 * 817 1227 * This function is a convenience that helps to avoid dealing directly 818 1228 * with the policy data structure. You are encouraged to initialize 819 1229 * policy elements with this function call. Doing so may allow your 820 1230 * code to be forward compatible with later versions of libSRTP that 821 * include more elements in the crypto_policy_t datatype. 822 * 823 * @return void. 824 * 825 */ 826 void 827 crypto_policy_set_aes_gcm_128_16_auth(crypto_policy_t *p); 828 829 /** 830 * @brief crypto_policy_set_aes_gcm_256_16_auth() sets a crypto 831 * policy structure to an AEAD encryption policy 832 * 833 * @param p is a pointer to the policy structure to be set 834 * 835 * The function call crypto_policy_set_aes_gcm_256_16_auth(&p) sets 836 * the crypto_policy_t at location p to use the SRTP default cipher 837 * (AES-256 Galois Counter Mode) with 16 octet auth tag. This 838 * policy applies confidentiality and authentication to both the 839 * RTP and RTCP packets. 840 * 1231 * include more elements in the srtp_crypto_policy_t datatype. 1232 * 1233 * @return values 1234 * - srtp_err_status_ok no problems were encountered 1235 * - srtp_err_status_bad_param the profile is not supported 1236 * 1237 */ 1238 srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtp(srtp_crypto_policy_t *policy, srtp_profile_t profile); 1239 1240 1241 1242 1243 /** 1244 * @brief srtp_crypto_policy_set_from_profile_for_rtcp() sets a crypto policy 1245 * structure to the appropriate value for RTCP based on an srtp_profile_t 1246 * 1247 * @param policy is a pointer to the policy structure to be set 1248 * 1249 * @param profile is an enumeration for the policy to be set 1250 * 1251 * The function call srtp_crypto_policy_set_rtcp_default(&policy, profile) 1252 * sets the srtp_crypto_policy_t at location policy to the policy for RTCP 1253 * protection, as defined by the srtp_profile_t profile. 1254 * 841 1255 * This function is a convenience that helps to avoid dealing directly 842 1256 * with the policy data structure. You are encouraged to initialize 843 1257 * policy elements with this function call. Doing so may allow your 844 1258 * code to be forward compatible with later versions of libSRTP that 845 * include more elements in the crypto_policy_t datatype. 846 * 847 * @return void. 848 * 849 */ 850 void 851 crypto_policy_set_aes_gcm_256_16_auth(crypto_policy_t *p); 852 853 854 /** 855 * @brief srtp_dealloc() deallocates storage for an SRTP session 856 * context. 857 * 858 * The function call srtp_dealloc(s) deallocates storage for the 859 * SRTP session context s. This function should be called no more 860 * than one time for each of the contexts allocated by the function 861 * srtp_create(). 862 * 863 * @param s is the srtp_t for the session to be deallocated. 864 * 865 * @return 866 * - err_status_ok if there no problems. 867 * - err_status_dealloc_fail a memory deallocation failure occured. 868 */ 869 870 err_status_t 871 srtp_dealloc(srtp_t s); 872 873 874 /* 875 * @brief identifies a particular SRTP profile 876 * 877 * An srtp_profile_t enumeration is used to identify a particular SRTP 878 * profile (that is, a set of algorithms and parameters). These 879 * profiles are defined in the DTLS-SRTP draft. 880 */ 881 882 typedef enum { 883 srtp_profile_reserved = 0, 884 srtp_profile_aes128_cm_sha1_80 = 1, 885 srtp_profile_aes128_cm_sha1_32 = 2, 886 srtp_profile_aes256_cm_sha1_80 = 3, 887 srtp_profile_aes256_cm_sha1_32 = 4, 888 srtp_profile_null_sha1_80 = 5, 889 srtp_profile_null_sha1_32 = 6, 890 } srtp_profile_t; 891 892 893 /** 894 * @brief crypto_policy_set_from_profile_for_rtp() sets a crypto policy 895 * structure to the appropriate value for RTP based on an srtp_profile_t 896 * 897 * @param p is a pointer to the policy structure to be set 898 * 899 * The function call crypto_policy_set_rtp_default(&policy, profile) 900 * sets the crypto_policy_t at location policy to the policy for RTP 901 * protection, as defined by the srtp_profile_t profile. 902 * 903 * This function is a convenience that helps to avoid dealing directly 904 * with the policy data structure. You are encouraged to initialize 905 * policy elements with this function call. Doing so may allow your 906 * code to be forward compatible with later versions of libSRTP that 907 * include more elements in the crypto_policy_t datatype. 908 * 1259 * include more elements in the srtp_crypto_policy_t datatype. 1260 * 909 1261 * @return values 910 * - err_status_ok no problems were encountered 911 * - err_status_bad_param the profile is not supported 912 * 913 */ 914 err_status_t 915 crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy, 916 srtp_profile_t profile); 917 918 919 920 921 /** 922 * @brief crypto_policy_set_from_profile_for_rtcp() sets a crypto policy 923 * structure to the appropriate value for RTCP based on an srtp_profile_t 924 * 925 * @param p is a pointer to the policy structure to be set 926 * 927 * The function call crypto_policy_set_rtcp_default(&policy, profile) 928 * sets the crypto_policy_t at location policy to the policy for RTCP 929 * protection, as defined by the srtp_profile_t profile. 930 * 931 * This function is a convenience that helps to avoid dealing directly 932 * with the policy data structure. You are encouraged to initialize 933 * policy elements with this function call. Doing so may allow your 934 * code to be forward compatible with later versions of libSRTP that 935 * include more elements in the crypto_policy_t datatype. 936 * 937 * @return values 938 * - err_status_ok no problems were encountered 939 * - err_status_bad_param the profile is not supported 940 * 941 */ 942 err_status_t 943 crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy, 944 srtp_profile_t profile); 1262 * - srtp_err_status_ok no problems were encountered 1263 * - srtp_err_status_bad_param the profile is not supported 1264 * 1265 */ 1266 srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtcp(srtp_crypto_policy_t *policy, srtp_profile_t profile); 945 1267 946 1268 /** … … 960 1282 * @brief appends the salt to the key 961 1283 * 962 * The function call append_salt_to_key(k, klen, s, slen)1284 * The function call srtp_append_salt_to_key(k, klen, s, slen) 963 1285 * copies the string s to the location at klen bytes following 964 1286 * the location k. … … 970 1292 971 1293 void 972 append_salt_to_key(unsigned char *key, unsigned int bytes_in_key,973 1294 srtp_append_salt_to_key(unsigned char *key, unsigned int bytes_in_key, 1295 unsigned char *salt, unsigned int bytes_in_salt); 974 1296 975 1297 … … 1006 1328 * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies 1007 1329 * SRTCP protection to the RTCP packet rtcp_hdr (which has length 1008 * *len_ptr) using the SRTP session context ctx. If err_status_ok is1330 * *len_ptr) using the SRTP session context ctx. If srtp_err_status_ok is 1009 1331 * returned, then rtp_hdr points to the resulting SRTCP packet and 1010 1332 * *len_ptr is the number of octets in that packet; otherwise, no … … 1028 1350 * @param pkt_octet_len is a pointer to the length in octets of the 1029 1351 * complete RTCP packet (header and body) before the function call, 1030 * and of the complete SRTCP packet after the call, if err_status_ok1352 * and of the complete SRTCP packet after the call, if srtp_err_status_ok 1031 1353 * was returned. Otherwise, the value of the data to which it points 1032 1354 * is undefined. 1033 1355 * 1034 1356 * @return 1035 * - err_status_ok if there were no problems.1357 * - srtp_err_status_ok if there were no problems. 1036 1358 * - [other] if there was a failure in 1037 1359 * the cryptographic mechanisms. … … 1039 1361 1040 1362 1041 err_status_t 1042 srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len); 1363 srtp_err_status_t srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len); 1364 1365 1366 /** 1367 * @brief srtp_protect_rtcp_mki() is the Secure RTCP sender-side packet 1368 * processing function that can utilize mki. 1369 * 1370 * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies 1371 * SRTCP protection to the RTCP packet rtcp_hdr (which has length 1372 * *len_ptr) using the SRTP session context ctx. If srtp_err_status_ok is 1373 * returned, then rtp_hdr points to the resulting SRTCP packet and 1374 * *len_ptr is the number of octets in that packet; otherwise, no 1375 * assumptions should be made about the value of either data elements. 1376 * 1377 * @warning This function assumes that it can write the authentication 1378 * tag into the location in memory immediately following the RTCP 1379 * packet, and assumes that the RTCP packet is aligned on a 32-bit 1380 * boundary. 1381 * 1382 * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN+4 1383 * into the location in memory immediately following the RTCP packet. 1384 * Callers MUST ensure that this much writable memory is available in 1385 * the buffer that holds the RTCP packet. 1386 * 1387 * @param ctx is the SRTP context to use in processing the packet. 1388 * 1389 * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after 1390 * the function returns, it points to the srtp packet. 1391 * 1392 * @param pkt_octet_len is a pointer to the length in octets of the 1393 * complete RTCP packet (header and body) before the function call, 1394 * and of the complete SRTCP packet after the call, if srtp_err_status_ok 1395 * was returned. Otherwise, the value of the data to which it points 1396 * is undefined. 1397 * 1398 * @param use_mki is a boolean to tell the system if mki is being used. If 1399 * set to false then will use the first set of session keys. If set to true will 1400 * use the session keys identified by the mki_index 1401 * 1402 * @param mki_index integer value specifying which set of session kesy should be 1403 * used if use_mki is set to true. 1404 * 1405 * @return 1406 * - srtp_err_status_ok if there were no problems. 1407 * - [other] if there was a failure in 1408 * the cryptographic mechanisms. 1409 */ 1410 1411 srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len, 1412 unsigned int use_mki, unsigned int mki_index); 1043 1413 1044 1414 /** … … 1049 1419 * verifies the Secure RTCP protection of the SRTCP packet pointed to 1050 1420 * by srtcp_hdr (which has length *len_ptr), using the SRTP session 1051 * context ctx. If err_status_ok is returned, then srtcp_hdr points1421 * context ctx. If srtp_err_status_ok is returned, then srtcp_hdr points 1052 1422 * to the resulting RTCP packet and *len_ptr is the number of octets 1053 1423 * in that packet; otherwise, no assumptions should be made about the … … 1062 1432 * @param srtcp_hdr is a pointer to the header of the SRTCP packet 1063 1433 * (before the call). After the function returns, it points to the 1064 * rtp packet if err_status_ok was returned; otherwise, the value of1434 * rtp packet if srtp_err_status_ok was returned; otherwise, the value of 1065 1435 * the data to which it points is undefined. 1066 1436 * 1067 1437 * @param pkt_octet_len is a pointer to the length in octets of the 1068 1438 * complete SRTCP packet (header and body) before the function call, 1069 * and of the complete rtp packet after the call, if err_status_ok was1439 * and of the complete rtp packet after the call, if srtp_err_status_ok was 1070 1440 * returned. Otherwise, the value of the data to which it points is 1071 1441 * undefined. 1072 1442 * 1073 1443 * @return 1074 * - err_status_ok if the RTCP packet is valid.1075 * - err_status_auth_fail if the SRTCP packet failed the message1444 * - srtp_err_status_ok if the RTCP packet is valid. 1445 * - srtp_err_status_auth_fail if the SRTCP packet failed the message 1076 1446 * authentication check. 1077 * - err_status_replay_fail if the SRTCP packet is a replay (e.g. has1447 * - srtp_err_status_replay_fail if the SRTCP packet is a replay (e.g. has 1078 1448 * already been processed and accepted). 1079 1449 * - [other] if there has been an error in the cryptographic mechanisms. … … 1081 1451 */ 1082 1452 1083 err_status_t 1084 srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len); 1453 srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len); 1454 1455 /** 1456 * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet 1457 * processing function. 1458 * 1459 * The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr) 1460 * verifies the Secure RTCP protection of the SRTCP packet pointed to 1461 * by srtcp_hdr (which has length *len_ptr), using the SRTP session 1462 * context ctx. If srtp_err_status_ok is returned, then srtcp_hdr points 1463 * to the resulting RTCP packet and *len_ptr is the number of octets 1464 * in that packet; otherwise, no assumptions should be made about the 1465 * value of either data elements. 1466 * 1467 * @warning This function assumes that the SRTCP packet is aligned on a 1468 * 32-bit boundary. 1469 * 1470 * @param ctx is a pointer to the srtp_t which applies to the 1471 * particular packet. 1472 * 1473 * @param srtcp_hdr is a pointer to the header of the SRTCP packet 1474 * (before the call). After the function returns, it points to the 1475 * rtp packet if srtp_err_status_ok was returned; otherwise, the value of 1476 * the data to which it points is undefined. 1477 * 1478 * @param pkt_octet_len is a pointer to the length in octets of the 1479 * complete SRTCP packet (header and body) before the function call, 1480 * and of the complete rtp packet after the call, if srtp_err_status_ok was 1481 * returned. Otherwise, the value of the data to which it points is 1482 * undefined. 1483 * 1484 * @param use_mki is a boolean to tell the system if mki is being used. If 1485 * set to false then will use the first set of session keys. If set to true will 1486 * use the session keys identified by the mki_index 1487 * 1488 * @return 1489 * - srtp_err_status_ok if the RTCP packet is valid. 1490 * - srtp_err_status_auth_fail if the SRTCP packet failed the message 1491 * authentication check. 1492 * - srtp_err_status_replay_fail if the SRTCP packet is a replay (e.g. has 1493 * already been processed and accepted). 1494 * - srtp_err_status_bad_mki if the MKI in the packet is not a known MKI id 1495 * - [other] if there has been an error in the cryptographic mechanisms. 1496 * 1497 */ 1498 1499 srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, void *srtcp_hdr, 1500 int *pkt_octet_len, 1501 unsigned int use_mki); 1085 1502 1086 1503 /** … … 1174 1591 * more packets can be protected or unprotected. When this happens, 1175 1592 * it is likely that you will want to either deallocate the stream 1176 * (using srtp_ stream_dealloc()), and possibly allocate a new one.1593 * (using srtp_remove_stream()), and possibly allocate a new one. 1177 1594 * 1178 1595 * When an SRTP stream expires, the other streams in the same session … … 1206 1623 typedef struct srtp_event_data_t { 1207 1624 srtp_t session; /**< The session in which the event happend. */ 1208 srtp_stream_t stream; /**< The stream in which the event happend.*/1625 uint32_t ssrc; /**< The ssrc in host order of the stream in which the event happend */ 1209 1626 srtp_event_t event; /**< An enum indicating the type of event. */ 1210 1627 } srtp_event_data_t; … … 1236 1653 */ 1237 1654 1238 err_status_t 1239 srtp_install_event_handler(srtp_event_handler_func_t func); 1655 srtp_err_status_t srtp_install_event_handler(srtp_event_handler_func_t func); 1240 1656 1241 1657 /** … … 1250 1666 */ 1251 1667 unsigned int srtp_get_version(void); 1668 1669 /** 1670 * @brief srtp_set_debug_module(mod_name, v) 1671 * 1672 * sets dynamic debugging to the value v (0 for off, 1 for on) for the 1673 * debug module with the name mod_name 1674 * 1675 * returns err_status_ok on success, err_status_fail otherwise 1676 */ 1677 srtp_err_status_t srtp_set_debug_module(const char *mod_name, int v); 1678 1679 /** 1680 * @brief srtp_list_debug_modules() outputs a list of debugging modules 1681 * 1682 */ 1683 srtp_err_status_t srtp_list_debug_modules(void); 1684 1685 /** 1686 * @brief srtp_log_level_t defines log levels. 1687 * 1688 * The enumeration srtp_log_level_t defines log levels reported 1689 * in the srtp_log_handler_func_t. 1690 * 1691 */ 1692 typedef enum { 1693 srtp_log_level_error, /**< log level is reporting an error message */ 1694 srtp_log_level_warning, /**< log level is reporting a warning message */ 1695 srtp_log_level_info, /**< log level is reporting an info message */ 1696 srtp_log_level_debug /**< log level is reporting a debug message */ 1697 } srtp_log_level_t; 1698 1699 /** 1700 * @brief srtp_log_handler_func_t is the function prototype for 1701 * the log handler. 1702 * 1703 * The typedef srtp_event_handler_func_t is the prototype for the 1704 * event handler function. It has as srtp_log_level_t, log 1705 * message and data as arguments. 1706 * There can only be a single, global handler for all log messages in 1707 * libSRTP. 1708 */ 1709 typedef void (srtp_log_handler_func_t)(srtp_log_level_t level, const char * msg, void *data); 1710 1711 /** 1712 * @brief sets the log handler to the function supplied by the caller. 1713 * 1714 * The function call srtp_install_log_handler(func) sets the log 1715 * handler function to the value func. The value NULL is acceptable 1716 * as an argument; in this case, log messages will be ignored. 1717 * This function can be called before srtp_init() inorder to capture 1718 * any logging during start up. 1719 * 1720 * @param func is a pointer to a fuction of type srtp_log_handler_func_t. 1721 * This function will be used by libSRTP to output log messages. 1722 * @param data is a user pointer that will be returned as the data argument in func. 1723 */ 1724 srtp_err_status_t srtp_install_log_handler(srtp_log_handler_func_t func, void *data); 1725 1726 /** 1727 * @brief srtp_get_protect_trailer_length(session, use_mki, mki_index, length) 1728 * 1729 * Determines the length of the amount of data Lib SRTP will add to the 1730 * packet during the protect process. The length is returned in the length parameter 1731 * 1732 * returns err_status_ok on success, err_status_bad_mki if the MKI index is invalid 1733 * 1734 */ 1735 srtp_err_status_t srtp_get_protect_trailer_length(srtp_t session, uint32_t use_mki, 1736 uint32_t mki_index, uint32_t *length); 1737 1738 /** 1739 * @brief srtp_get_protect_rtcp_trailer_length(session, use_mki, mki_index, length) 1740 * 1741 * Determines the length of the amount of data Lib SRTP will add to the 1742 * packet during the protect process. The length is returned in the length parameter 1743 * 1744 * returns err_status_ok on success, err_status_bad_mki if the MKI index is invalid 1745 * 1746 */ 1747 srtp_err_status_t srtp_get_protect_rtcp_trailer_length(srtp_t session, uint32_t use_mki, 1748 uint32_t mki_index, uint32_t *length); 1749 1750 1751 /** 1752 * @brief srtp_set_stream_roc(session, ssrc, roc) 1753 * 1754 * Set the roll-over-counter on a session for a given SSRC 1755 * 1756 * returns err_status_ok on success, srtp_err_status_bad_param if there is no 1757 * stream found 1758 * 1759 */ 1760 srtp_err_status_t srtp_set_stream_roc(srtp_t session, uint32_t ssrc, uint32_t roc); 1761 1762 /** 1763 * @brief srtp_get_stream_roc(session, ssrc, roc) 1764 * 1765 * Get the roll-over-counter on a session for a given SSRC 1766 * 1767 * returns err_status_ok on success, srtp_err_status_bad_param if there is no 1768 * stream found 1769 * 1770 */ 1771 srtp_err_status_t srtp_get_stream_roc(srtp_t session, uint32_t ssrc, uint32_t *roc); 1772 1252 1773 1253 1774 /** … … 1264 1785 #endif 1265 1786 1266 #endif /* SRTP_ H */1787 #endif /* SRTP_SRTP_H */ -
pjproject/trunk/third_party/srtp/include/srtp_priv.h
r5261 r5614 9 9 /* 10 10 * 11 * Copyright (c) 2001-20 06Cisco Systems, Inc.11 * Copyright (c) 2001-2017 Cisco Systems, Inc. 12 12 * All rights reserved. 13 13 * … … 46 46 #define SRTP_PRIV_H 47 47 48 // Leave this as the top level import. Ensures the existence of defines 48 49 #include "config.h" 50 49 51 #include "srtp.h" 50 52 #include "rdbx.h" 51 53 #include "rdb.h" 52 54 #include "integers.h" 53 #include "crypto.h"54 55 #include "cipher.h" 55 56 #include "auth.h" … … 58 59 #include "crypto_kernel.h" 59 60 61 #ifdef __cplusplus 62 extern "C" { 63 #endif 64 60 65 #define SRTP_VER_STRING PACKAGE_STRING 61 66 #define SRTP_VERSION PACKAGE_VERSION 62 67 63 /* 64 * an srtp_hdr_t represents the srtp header 65 * 66 * in this implementation, an srtp_hdr_t is assumed to be 32-bit aligned 67 * 68 * (note that this definition follows that of RFC 1889 Appendix A, but 69 * is not identical) 70 */ 71 72 #ifndef WORDS_BIGENDIAN 73 74 /* 75 * srtp_hdr_t represents an RTP or SRTP header. The bit-fields in 76 * this structure should be declared "unsigned int" instead of 77 * "unsigned char", but doing so causes the MS compiler to not 78 * fully pack the bit fields. 79 */ 80 81 typedef struct { 82 unsigned char cc:4; /* CSRC count */ 83 unsigned char x:1; /* header extension flag */ 84 unsigned char p:1; /* padding flag */ 85 unsigned char version:2; /* protocol version */ 86 unsigned char pt:7; /* payload type */ 87 unsigned char m:1; /* marker bit */ 88 uint16_t seq; /* sequence number */ 89 uint32_t ts; /* timestamp */ 90 uint32_t ssrc; /* synchronization source */ 91 } srtp_hdr_t; 92 93 #else /* BIG_ENDIAN */ 94 95 typedef struct { 96 unsigned char version:2; /* protocol version */ 97 unsigned char p:1; /* padding flag */ 98 unsigned char x:1; /* header extension flag */ 99 unsigned char cc:4; /* CSRC count */ 100 unsigned char m:1; /* marker bit */ 101 unsigned char pt:7; /* payload type */ 102 uint16_t seq; /* sequence number */ 103 uint32_t ts; /* timestamp */ 104 uint32_t ssrc; /* synchronization source */ 105 } srtp_hdr_t; 106 107 #endif 108 109 typedef struct { 110 uint16_t profile_specific; /* profile-specific info */ 111 uint16_t length; /* number of 32-bit words in extension */ 112 } srtp_hdr_xtnd_t; 113 114 115 /* 116 * srtcp_hdr_t represents a secure rtcp header 117 * 118 * in this implementation, an srtcp header is assumed to be 32-bit 119 * alinged 120 */ 121 122 #ifndef WORDS_BIGENDIAN 123 124 typedef struct { 125 unsigned char rc:5; /* reception report count */ 126 unsigned char p:1; /* padding flag */ 127 unsigned char version:2; /* protocol version */ 128 unsigned char pt:8; /* payload type */ 129 uint16_t len; /* length */ 130 uint32_t ssrc; /* synchronization source */ 131 } srtcp_hdr_t; 132 133 typedef struct { 134 unsigned int index:31; /* srtcp packet index in network order! */ 135 unsigned int e:1; /* encrypted? 1=yes */ 136 /* optional mikey/etc go here */ 137 /* and then the variable-length auth tag */ 138 } srtcp_trailer_t; 139 140 141 #else /* BIG_ENDIAN */ 142 143 typedef struct { 144 unsigned char version:2; /* protocol version */ 145 unsigned char p:1; /* padding flag */ 146 unsigned char rc:5; /* reception report count */ 147 unsigned char pt:8; /* payload type */ 148 uint16_t len; /* length */ 149 uint32_t ssrc; /* synchronization source */ 150 } srtcp_hdr_t; 151 152 typedef struct { 153 unsigned int version:2; /* protocol version */ 154 unsigned int p:1; /* padding flag */ 155 unsigned int count:5; /* varies by packet type */ 156 unsigned int pt:8; /* payload type */ 157 uint16_t length; /* len of uint32s of packet less header */ 158 } rtcp_common_t; 159 160 typedef struct { 161 unsigned int e:1; /* encrypted? 1=yes */ 162 unsigned int index:31; /* srtcp packet index */ 163 /* optional mikey/etc go here */ 164 /* and then the variable-length auth tag */ 165 } srtcp_trailer_t; 166 167 #endif 168 68 typedef struct srtp_stream_ctx_t_ srtp_stream_ctx_t; 69 typedef srtp_stream_ctx_t *srtp_stream_t; 169 70 170 71 /* … … 176 77 * to ssrc, or NULL if no stream exists for that ssrc 177 78 */ 178 179 srtp_stream_t 180 srtp_get_stream(srtp_t srtp, uint32_t ssrc); 79 srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc); 181 80 182 81 … … 185 84 * deriving all of the needed keys using the KDF and the key k. 186 85 */ 187 188 189 err_status_t 190 srtp_stream_init_keys(srtp_stream_t srtp, const void *key); 86 srtp_err_status_t srtp_stream_init_keys(srtp_stream_ctx_t *srtp, 87 srtp_master_key_t *master_key, 88 const unsigned int current_mki_index); 89 90 /* 91 * srtp_stream_init_all_master_keys(s, k, m) (re)initializes the srtp_stream_t s by 92 * deriving all of the needed keys for all the master keys using the KDF and the keys from k. 93 */ 94 srtp_err_status_t srtp_steam_init_all_master_keys(srtp_stream_ctx_t *srtp, 95 unsigned char *key, 96 srtp_master_key_t **keys, 97 const unsigned int max_master_keys); 191 98 192 99 /* … … 194 101 * use the policy at the location p 195 102 */ 196 err_status_t 197 srtp_stream_init(srtp_stream_t srtp, 198 const srtp_policy_t *p); 103 srtp_err_status_t srtp_stream_init(srtp_stream_t srtp, const srtp_policy_t *p); 199 104 200 105 … … 209 114 } direction_t; 210 115 116 /* 117 * srtp_session_keys_t will contain the encryption, hmac, salt keys 118 * for both SRTP and SRTCP. The session keys will also contain the 119 * MKI ID which is used to identify the session keys. 120 */ 121 typedef struct srtp_session_keys_t { 122 srtp_cipher_t *rtp_cipher; 123 srtp_cipher_t *rtp_xtn_hdr_cipher; 124 srtp_auth_t *rtp_auth; 125 srtp_cipher_t *rtcp_cipher; 126 srtp_auth_t *rtcp_auth; 127 uint8_t salt[SRTP_AEAD_SALT_LEN]; 128 uint8_t c_salt[SRTP_AEAD_SALT_LEN]; 129 uint8_t *mki_id; 130 unsigned int mki_size; 131 srtp_key_limit_ctx_t *limit; 132 } srtp_session_keys_t; 133 134 211 135 /* 212 136 * an srtp_stream_t has its own SSRC, encryption key, authentication … … 214 138 * 215 139 * note that the keys might not actually be unique, in which case the 216 * cipher_t andauth_t pointers will point to the same structures217 */ 218 219 typedef struct srtp_stream_ctx_t {140 * srtp_cipher_t and srtp_auth_t pointers will point to the same structures 141 */ 142 143 typedef struct srtp_stream_ctx_t_ { 220 144 uint32_t ssrc; 221 cipher_t *rtp_cipher; 222 auth_t *rtp_auth; 223 rdbx_t rtp_rdbx; 224 sec_serv_t rtp_services; 225 cipher_t *rtcp_cipher; 226 auth_t *rtcp_auth; 227 rdb_t rtcp_rdb; 228 sec_serv_t rtcp_services; 229 key_limit_ctx_t *limit; 145 srtp_session_keys_t *session_keys; 146 unsigned int num_master_keys; 147 srtp_rdbx_t rtp_rdbx; 148 srtp_sec_serv_t rtp_services; 149 srtp_rdb_t rtcp_rdb; 150 srtp_sec_serv_t rtcp_services; 230 151 direction_t direction; 231 152 int allow_repeat_tx; 232 ekt_stream_t ekt; 233 uint8_t salt[SRTP_AEAD_SALT_LEN]; /* used with GCM mode for SRTP */ 234 uint8_t c_salt[SRTP_AEAD_SALT_LEN]; /* used with GCM mode for SRTCP */ 235 struct srtp_stream_ctx_t *next; /* linked list of streams */ 236 } srtp_stream_ctx_t; 153 srtp_ekt_stream_t ekt; 154 int *enc_xtn_hdr; 155 int enc_xtn_hdr_count; 156 uint32_t pending_roc; 157 struct srtp_stream_ctx_t_ *next; /* linked list of streams */ 158 } strp_stream_ctx_t_; 237 159 238 160 … … 241 163 */ 242 164 243 typedef struct srtp_ctx_t {244 s rtp_stream_ctx_t*stream_list; /* linked list of streams */245 s rtp_stream_ctx_t*stream_template; /* act as template for other streams */165 typedef struct srtp_ctx_t_ { 166 struct srtp_stream_ctx_t_ *stream_list; /* linked list of streams */ 167 struct srtp_stream_ctx_t_ *stream_template; /* act as template for other streams */ 246 168 void *user_data; /* user custom data */ 247 } srtp_ctx_t; 248 169 } srtp_ctx_t_; 170 171 172 /* 173 * srtp_hdr_t represents an RTP or SRTP header. The bit-fields in 174 * this structure should be declared "unsigned int" instead of 175 * "unsigned char", but doing so causes the MS compiler to not 176 * fully pack the bit fields. 177 * 178 * In this implementation, an srtp_hdr_t is assumed to be 32-bit aligned 179 * 180 * (note that this definition follows that of RFC 1889 Appendix A, but 181 * is not identical) 182 */ 183 184 #ifndef WORDS_BIGENDIAN 185 186 typedef struct { 187 unsigned char cc : 4; /* CSRC count */ 188 unsigned char x : 1; /* header extension flag */ 189 unsigned char p : 1; /* padding flag */ 190 unsigned char version : 2; /* protocol version */ 191 unsigned char pt : 7; /* payload type */ 192 unsigned char m : 1; /* marker bit */ 193 uint16_t seq; /* sequence number */ 194 uint32_t ts; /* timestamp */ 195 uint32_t ssrc; /* synchronization source */ 196 } srtp_hdr_t; 197 198 #else /* BIG_ENDIAN */ 199 200 typedef struct { 201 unsigned char version : 2; /* protocol version */ 202 unsigned char p : 1; /* padding flag */ 203 unsigned char x : 1; /* header extension flag */ 204 unsigned char cc : 4; /* CSRC count */ 205 unsigned char m : 1; /* marker bit */ 206 unsigned char pt : 7; /* payload type */ 207 uint16_t seq; /* sequence number */ 208 uint32_t ts; /* timestamp */ 209 uint32_t ssrc; /* synchronization source */ 210 } srtp_hdr_t; 211 212 #endif 213 214 215 typedef struct { 216 uint16_t profile_specific; /* profile-specific info */ 217 uint16_t length; /* number of 32-bit words in extension */ 218 } srtp_hdr_xtnd_t; 219 220 221 /* 222 * srtcp_hdr_t represents a secure rtcp header 223 * 224 * in this implementation, an srtcp header is assumed to be 32-bit 225 * alinged 226 */ 227 228 #ifndef WORDS_BIGENDIAN 229 230 typedef struct { 231 unsigned char rc : 5; /* reception report count */ 232 unsigned char p : 1; /* padding flag */ 233 unsigned char version : 2; /* protocol version */ 234 unsigned char pt : 8; /* payload type */ 235 uint16_t len; /* length */ 236 uint32_t ssrc; /* synchronization source */ 237 } srtcp_hdr_t; 238 239 typedef struct { 240 unsigned int index : 31; /* srtcp packet index in network order! */ 241 unsigned int e : 1; /* encrypted? 1=yes */ 242 /* optional mikey/etc go here */ 243 /* and then the variable-length auth tag */ 244 } srtcp_trailer_t; 245 246 #else /* BIG_ENDIAN */ 247 248 typedef struct { 249 unsigned char version : 2; /* protocol version */ 250 unsigned char p : 1; /* padding flag */ 251 unsigned char rc : 5; /* reception report count */ 252 unsigned char pt : 8; /* payload type */ 253 uint16_t len; /* length */ 254 uint32_t ssrc; /* synchronization source */ 255 } srtcp_hdr_t; 256 257 typedef struct { 258 unsigned int e : 1; /* encrypted? 1=yes */ 259 unsigned int index : 31; /* srtcp packet index */ 260 /* optional mikey/etc go here */ 261 /* and then the variable-length auth tag */ 262 } srtcp_trailer_t; 263 264 #endif 249 265 250 266 … … 261 277 srtp_event_data_t data; \ 262 278 data.session = srtp; \ 263 data.s tream = strm;\279 data.ssrc = ntohl(strm->ssrc); \ 264 280 data.event = evnt; \ 265 281 srtp_event_handler(&data); \ 266 282 } 267 283 284 #ifdef __cplusplus 285 } 286 #endif 268 287 269 288 #endif /* SRTP_PRIV_H */ -
pjproject/trunk/third_party/srtp/include/ut_sim.h
r1730 r5614 11 11 /* 12 12 * 13 * Copyright (c) 2001-20 06, Cisco Systems, Inc.13 * Copyright (c) 2001-2017, Cisco Systems, Inc. 14 14 * All rights reserved. 15 15 * … … 52 52 #include "integers.h" /* for uint32_t */ 53 53 54 #ifdef __cplusplus 55 extern "C" { 56 #endif 57 54 58 #define UT_BUF 160 /* maximum amount of packet reorder */ 55 59 … … 77 81 ut_next_index(ut_connection *utc); 78 82 83 #ifdef __cplusplus 84 } 85 #endif 79 86 80 87 #endif /* UT_SIM_H */ -
pjproject/trunk/third_party/srtp/pjlib/srtp_err.c
r5261 r5614 22 22 /* Redirect libsrtp error to PJ_LOG */ 23 23 24 err_reporting_level_t err_level = err_level_none;24 srtp_err_reporting_level_t err_level = srtp_err_level_error; 25 25 26 err_status_t 27 err_reporting_init(const char *ident) { 28 PJ_UNUSED_ARG(ident); 29 return err_status_ok; 30 } 31 32 void 33 err_report(int priority, const char *format, ...) { 26 void srtp_err_report(srtp_err_reporting_level_t priority, const char *format, ...) 27 { 34 28 va_list args; 35 29 … … 44 38 } 45 39 46 void 47 err_reporting_set_level(err_reporting_level_t lvl){40 void srtp_err_reporting_set_level(srtp_err_reporting_level_t lvl) 41 { 48 42 err_level = lvl; 49 43 } 50 44 45 srtp_err_status_t srtp_err_reporting_init(void) 46 { 47 return srtp_err_status_ok; 48 } 49 50 srtp_err_status_t srtp_install_err_report_handler(srtp_err_report_handler_func_t func) 51 { 52 PJ_UNUSED_ARG(func); 53 return srtp_err_status_ok; 54 } -
pjproject/trunk/third_party/srtp/srtp/ekt.c
r5261 r5614 9 9 /* 10 10 * 11 * Copyright (c) 2001-20 06Cisco Systems, Inc.11 * Copyright (c) 2001-2017 Cisco Systems, Inc. 12 12 * All rights reserved. 13 13 * … … 48 48 #include "ekt.h" 49 49 50 extern debug_module_t mod_srtp;50 extern srtp_debug_module_t mod_srtp; 51 51 52 52 /* … … 72 72 #define EKT_SPI_LEN 2 73 73 74 unsigned 75 ekt_octets_after_base_tag(ekt_stream_t ekt) { 74 unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt) { 76 75 /* 77 76 * if the pointer ekt is NULL, then EKT is not in effect, so we … … 82 81 83 82 switch(ekt->data->ekt_cipher_type) { 84 case EKT_CIPHER_AES_128_ECB:83 case SRTP_EKT_CIPHER_AES_128_ECB: 85 84 return 16 + EKT_OCTETS_AFTER_EMK; 86 85 break; … … 91 90 } 92 91 93 static inline ekt_spi_t 94 srtcp_packet_get_ekt_spi(const uint8_t *packet_start, unsigned pkt_octet_len) { 92 static inline srtp_ekt_spi_t srtcp_packet_get_ekt_spi(const uint8_t *packet_start, unsigned pkt_octet_len) { 95 93 const uint8_t *spi_location; 96 94 97 95 spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN); 98 96 99 return *((const ekt_spi_t *)spi_location); 100 } 101 102 static inline uint32_t 103 srtcp_packet_get_ekt_roc(const uint8_t *packet_start, unsigned pkt_octet_len) { 97 return *((const srtp_ekt_spi_t *)spi_location); 98 } 99 100 static inline uint32_t srtcp_packet_get_ekt_roc(const uint8_t *packet_start, unsigned pkt_octet_len) { 104 101 const uint8_t *roc_location; 105 102 … … 109 106 } 110 107 111 static inline const uint8_t * 112 srtcp_packet_get_emk_location(const uint8_t *packet_start, 113 unsigned pkt_octet_len) { 108 static inline const uint8_t * srtcp_packet_get_emk_location(const uint8_t *packet_start, unsigned pkt_octet_len) { 114 109 const uint8_t *location; 115 110 … … 120 115 121 116 122 err_status_t 123 ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy) { 117 srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, srtp_ekt_policy_t policy) { 124 118 125 119 /* … … 129 123 if (!policy) { 130 124 *stream_data = NULL; 131 return err_status_ok;125 return srtp_err_status_ok; 132 126 } 133 127 … … 135 129 *stream_data = NULL; 136 130 137 return err_status_ok; 138 } 139 140 err_status_t 141 ekt_stream_init_from_policy(ekt_stream_t stream_data, ekt_policy_t policy) { 131 return srtp_err_status_ok; 132 } 133 134 srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t stream_data, srtp_ekt_policy_t policy) { 142 135 if (!stream_data) 143 return err_status_ok; 144 145 return err_status_ok; 146 } 147 148 149 void 150 aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len) { 136 return srtp_err_status_ok; 137 138 return srtp_err_status_ok; 139 } 140 141 142 void aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len) { 151 143 #ifndef OPENSSL 152 144 //FIXME: need to get this working through the crypto module interface 153 aes_expanded_key_t expanded_key;154 155 aes_expand_decryption_key(key, key_len, &expanded_key);156 aes_decrypt(ciphertext, &expanded_key);145 srtp_aes_expanded_key_t expanded_key; 146 147 srtp_aes_expand_decryption_key(key, key_len, &expanded_key); 148 srtp_aes_decrypt(ciphertext, &expanded_key); 157 149 #endif 158 150 } … … 163 155 */ 164 156 165 err_status_t 166 srtp_stream_init_from_ekt(srtp_stream_t stream, 167 const void *srtcp_hdr, 168 unsigned pkt_octet_len) { 169 err_status_t err; 157 srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, const void *srtcp_hdr, unsigned pkt_octet_len) { 158 srtp_err_status_t err; 170 159 const uint8_t *master_key; 171 160 srtp_policy_t srtp_policy; … … 177 166 if (stream->ekt->data->spi != 178 167 srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len)) 179 return err_status_no_ctx;180 181 if (stream->ekt->data->ekt_cipher_type != EKT_CIPHER_AES_128_ECB)182 return err_status_bad_param;168 return srtp_err_status_no_ctx; 169 170 if (stream->ekt->data->ekt_cipher_type != SRTP_EKT_CIPHER_AES_128_ECB) 171 return srtp_err_status_bad_param; 183 172 184 173 /* decrypt the Encrypted Master Key field */ … … 191 180 /* set the SRTP ROC */ 192 181 roc = srtcp_packet_get_ekt_roc(srtcp_hdr, pkt_octet_len); 193 err = rdbx_set_roc(&stream->rtp_rdbx, roc);182 err = srtp_rdbx_set_roc(&stream->rtp_rdbx, roc); 194 183 if (err) return err; 195 184 … … 197 186 if (err) return err; 198 187 199 return err_status_ok; 200 } 201 202 void 203 ekt_write_data(ekt_stream_t ekt, 204 uint8_t *base_tag, 205 unsigned base_tag_len, 206 int *packet_len, 207 xtd_seq_num_t pkt_index) { 188 return srtp_err_status_ok; 189 } 190 191 void srtp_ekt_write_data(srtp_ekt_stream_t ekt, uint8_t *base_tag, unsigned base_tag_len, int *packet_len, srtp_xtd_seq_num_t pkt_index) { 208 192 uint32_t roc; 209 193 uint16_t isn; … … 222 206 223 207 /* copy encrypted master key into packet */ 224 emk_len = ekt_octets_after_base_tag(ekt);208 emk_len = srtp_ekt_octets_after_base_tag(ekt); 225 209 memcpy(packet, ekt->encrypted_master_key, emk_len); 226 210 debug_print(mod_srtp, "writing EKT EMK: %s,", 227 octet_string_hex_string(packet, emk_len));211 srtp_octet_string_hex_string(packet, emk_len)); 228 212 packet += emk_len; 229 213 … … 232 216 *((uint32_t *)packet) = be32_to_cpu(roc); 233 217 debug_print(mod_srtp, "writing EKT ROC: %s,", 234 octet_string_hex_string(packet, sizeof(roc)));218 srtp_octet_string_hex_string(packet, sizeof(roc))); 235 219 packet += sizeof(roc); 236 220 … … 239 223 *((uint16_t *)packet) = htons(isn); 240 224 debug_print(mod_srtp, "writing EKT ISN: %s,", 241 octet_string_hex_string(packet, sizeof(isn)));225 srtp_octet_string_hex_string(packet, sizeof(isn))); 242 226 packet += sizeof(isn); 243 227 … … 245 229 *((uint16_t *)packet) = htons(ekt->data->spi); 246 230 debug_print(mod_srtp, "writing EKT SPI: %s,", 247 octet_string_hex_string(packet, sizeof(ekt->data->spi)));231 srtp_octet_string_hex_string(packet, sizeof(ekt->data->spi))); 248 232 249 233 /* increase packet length appropriately */ … … 262 246 */ 263 247 264 void 265 srtcp_ekt_trailer(ekt_stream_t ekt, 266 unsigned *auth_len, 267 void **auth_tag, 268 void *tag_copy) { 269 248 void srtcp_ekt_trailer(srtp_ekt_stream_t ekt, unsigned *auth_len, void **auth_tag, void *tag_copy) { 270 249 /* 271 250 * if there is no EKT policy, then the other inputs are unaffected -
pjproject/trunk/third_party/srtp/srtp/srtp.c
r5261 r5614 9 9 /* 10 10 * 11 * Copyright (c) 2001-20 06, Cisco Systems, Inc.11 * Copyright (c) 2001-2017, Cisco Systems, Inc. 12 12 * All rights reserved. 13 13 * … … 43 43 */ 44 44 45 // Leave this as the top level import. Ensures the existence of defines 46 #include "config.h" 45 47 46 48 #include "srtp_priv.h" 49 #include "crypto_types.h" 50 #include "err.h" 47 51 #include "ekt.h" /* for SRTP Encrypted Key Transport */ 48 #include "alloc.h" /* for crypto_alloc() */52 #include "alloc.h" /* for srtp_crypto_alloc() */ 49 53 #ifdef OPENSSL 50 54 #include "aes_gcm_ossl.h" /* for AES GCM mode */ 55 # ifdef OPENSSL_KDF 56 # include <openssl/kdf.h> 57 # include "aes_icm_ossl.h" /* for AES GCM mode */ 58 # endif 51 59 #endif 52 60 53 #ifndef SRTP_KERNEL 54 # include <limits.h> 55 # ifdef HAVE_NETINET_IN_H 56 # include <netinet/in.h> 57 # elif defined(HAVE_WINSOCK2_H) 58 # include <winsock2.h> 59 # endif 60 #endif /* ! SRTP_KERNEL */ 61 #include <limits.h> 62 #ifdef HAVE_NETINET_IN_H 63 # include <netinet/in.h> 64 #elif defined(HAVE_WINSOCK2_H) 65 # include <winsock2.h> 66 #endif 61 67 62 68 63 69 /* the debug module for srtp */ 64 70 65 debug_module_t mod_srtp = {71 srtp_debug_module_t mod_srtp = { 66 72 0, /* debugging is off by default */ 67 73 "srtp" /* printable name for module */ … … 74 80 #define octets_in_rtp_extn_hdr 4 75 81 76 static err_status_t82 static srtp_err_status_t 77 83 srtp_validate_rtp_header(void *rtp_hdr, int *pkt_octet_len) { 78 84 srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; 85 int rtp_header_len = octets_in_rtp_header + 4 * hdr->cc; 86 87 if (*pkt_octet_len < octets_in_rtp_header) 88 return srtp_err_status_bad_param; 79 89 80 90 /* Check RTP header length */ 81 int rtp_header_len = octets_in_rtp_header + 4 * hdr->cc;82 91 if (hdr->x == 1) 83 92 rtp_header_len += octets_in_rtp_extn_hdr; 84 93 85 94 if (*pkt_octet_len < rtp_header_len) 86 return err_status_bad_param;95 return srtp_err_status_bad_param; 87 96 88 97 /* Verifing profile length. */ … … 94 103 /* profile length counts the number of 32-bit words */ 95 104 if (*pkt_octet_len < rtp_header_len) 96 return err_status_bad_param;97 } 98 return err_status_ok;105 return srtp_err_status_bad_param; 106 } 107 return srtp_err_status_ok; 99 108 } 100 109 … … 138 147 } 139 148 140 err_status_t 149 /* Release (maybe partially allocated) stream. */ 150 static void 151 srtp_stream_free(srtp_stream_ctx_t *str) { 152 unsigned int i = 0; 153 srtp_session_keys_t *session_keys = NULL; 154 155 for (i = 0; i < str->num_master_keys; i++) { 156 session_keys = &str->session_keys[i]; 157 158 if (session_keys->rtp_xtn_hdr_cipher) { 159 srtp_cipher_dealloc(session_keys->rtp_xtn_hdr_cipher); 160 } 161 162 if (session_keys->rtcp_cipher) { 163 srtp_cipher_dealloc(session_keys->rtcp_cipher); 164 } 165 166 if (session_keys->rtcp_auth) { 167 srtp_auth_dealloc(session_keys->rtcp_auth); 168 } 169 170 if (session_keys->rtp_cipher) { 171 srtp_cipher_dealloc(session_keys->rtp_cipher); 172 } 173 174 if (session_keys->rtp_auth) { 175 srtp_auth_dealloc(session_keys->rtp_auth); 176 } 177 178 if (session_keys->mki_id) { 179 srtp_crypto_free(session_keys->mki_id); 180 } 181 182 if (session_keys->limit) { 183 srtp_crypto_free(session_keys->limit); 184 } 185 } 186 187 srtp_crypto_free(str->session_keys); 188 189 if (str->enc_xtn_hdr) { 190 srtp_crypto_free(str->enc_xtn_hdr); 191 } 192 193 srtp_crypto_free(str); 194 } 195 196 srtp_err_status_t 141 197 srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, 142 198 const srtp_policy_t *p) { 143 199 srtp_stream_ctx_t *str; 144 err_status_t stat; 200 srtp_err_status_t stat; 201 unsigned int i = 0; 202 srtp_session_keys_t *session_keys = NULL; 145 203 146 204 /* … … 153 211 154 212 /* allocate srtp stream and set str_ptr */ 155 str = (srtp_stream_ctx_t *) crypto_alloc(sizeof(srtp_stream_ctx_t));213 str = (srtp_stream_ctx_t *) srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); 156 214 if (str == NULL) 157 return err_status_alloc_fail; 158 *str_ptr = str; 159 160 /* allocate cipher */ 161 stat = crypto_kernel_alloc_cipher(p->rtp.cipher_type, 162 &str->rtp_cipher, 163 p->rtp.cipher_key_len, 164 p->rtp.auth_tag_len); 215 return srtp_err_status_alloc_fail; 216 217 memset(str, 0, sizeof(srtp_stream_ctx_t)); 218 *str_ptr = str; 219 220 /* To keep backwards API compatible if someone is using multiple master 221 * keys then key should be set to NULL 222 */ 223 if (p->key != NULL) { 224 str->num_master_keys = 1; 225 } else { 226 str->num_master_keys = p->num_master_keys; 227 } 228 229 str->session_keys = (srtp_session_keys_t *)srtp_crypto_alloc( 230 sizeof(srtp_session_keys_t) * str->num_master_keys); 231 232 if (str->session_keys == NULL) { 233 srtp_stream_free(str); 234 return srtp_err_status_alloc_fail; 235 } 236 237 memset(str->session_keys, 0, sizeof(srtp_session_keys_t) * str->num_master_keys); 238 239 for (i = 0; i < str->num_master_keys; i++) { 240 session_keys = &str->session_keys[i]; 241 242 /* allocate cipher */ 243 stat = srtp_crypto_kernel_alloc_cipher(p->rtp.cipher_type, 244 &session_keys->rtp_cipher, 245 p->rtp.cipher_key_len, 246 p->rtp.auth_tag_len); 247 if (stat) { 248 srtp_stream_free(str); 249 return stat; 250 } 251 252 /* allocate auth function */ 253 stat = srtp_crypto_kernel_alloc_auth(p->rtp.auth_type, 254 &session_keys->rtp_auth, 255 p->rtp.auth_key_len, 256 p->rtp.auth_tag_len); 257 if (stat) { 258 srtp_stream_free(str); 259 return stat; 260 } 261 262 /* 263 * ...and now the RTCP-specific initialization - first, allocate 264 * the cipher 265 */ 266 stat = srtp_crypto_kernel_alloc_cipher(p->rtcp.cipher_type, 267 &session_keys->rtcp_cipher, 268 p->rtcp.cipher_key_len, 269 p->rtcp.auth_tag_len); 270 if (stat) { 271 srtp_stream_free(str); 272 return stat; 273 } 274 275 /* allocate auth function */ 276 stat = srtp_crypto_kernel_alloc_auth(p->rtcp.auth_type, 277 &session_keys->rtcp_auth, 278 p->rtcp.auth_key_len, 279 p->rtcp.auth_tag_len); 280 if (stat) { 281 srtp_stream_free(str); 282 return stat; 283 } 284 285 session_keys->mki_id = NULL; 286 287 /* allocate key limit structure */ 288 session_keys->limit = (srtp_key_limit_ctx_t*) srtp_crypto_alloc(sizeof(srtp_key_limit_ctx_t)); 289 if (session_keys->limit == NULL) { 290 srtp_stream_free(str); 291 return srtp_err_status_alloc_fail; 292 } 293 } 294 295 /* allocate ekt data associated with stream */ 296 stat = srtp_ekt_alloc(&str->ekt, p->ekt); 165 297 if (stat) { 166 crypto_free(str);298 srtp_stream_free(str); 167 299 return stat; 168 300 } 169 301 170 /* allocate auth function */ 171 stat = crypto_kernel_alloc_auth(p->rtp.auth_type, 172 &str->rtp_auth, 173 p->rtp.auth_key_len, 174 p->rtp.auth_tag_len); 175 if (stat) { 176 cipher_dealloc(str->rtp_cipher); 177 crypto_free(str); 178 return stat; 179 } 180 181 /* allocate key limit structure */ 182 str->limit = (key_limit_ctx_t*) crypto_alloc(sizeof(key_limit_ctx_t)); 183 if (str->limit == NULL) { 184 auth_dealloc(str->rtp_auth); 185 cipher_dealloc(str->rtp_cipher); 186 crypto_free(str); 187 return err_status_alloc_fail; 188 } 189 190 /* 191 * ...and now the RTCP-specific initialization - first, allocate 192 * the cipher 193 */ 194 stat = crypto_kernel_alloc_cipher(p->rtcp.cipher_type, 195 &str->rtcp_cipher, 196 p->rtcp.cipher_key_len, 197 p->rtcp.auth_tag_len); 198 if (stat) { 199 auth_dealloc(str->rtp_auth); 200 cipher_dealloc(str->rtp_cipher); 201 crypto_free(str->limit); 202 crypto_free(str); 203 return stat; 204 } 205 206 /* allocate auth function */ 207 stat = crypto_kernel_alloc_auth(p->rtcp.auth_type, 208 &str->rtcp_auth, 209 p->rtcp.auth_key_len, 210 p->rtcp.auth_tag_len); 211 if (stat) { 212 cipher_dealloc(str->rtcp_cipher); 213 auth_dealloc(str->rtp_auth); 214 cipher_dealloc(str->rtp_cipher); 215 crypto_free(str->limit); 216 crypto_free(str); 217 return stat; 218 } 219 220 /* allocate ekt data associated with stream */ 221 stat = ekt_alloc(&str->ekt, p->ekt); 222 if (stat) { 223 auth_dealloc(str->rtcp_auth); 224 cipher_dealloc(str->rtcp_cipher); 225 auth_dealloc(str->rtp_auth); 226 cipher_dealloc(str->rtp_cipher); 227 crypto_free(str->limit); 228 crypto_free(str); 229 return stat; 230 } 231 232 return err_status_ok; 233 } 234 235 err_status_t 236 srtp_stream_dealloc(srtp_t session, srtp_stream_ctx_t *stream) { 237 err_status_t status; 238 302 if (p->enc_xtn_hdr && p->enc_xtn_hdr_count > 0) { 303 srtp_cipher_type_id_t enc_xtn_hdr_cipher_type; 304 int enc_xtn_hdr_cipher_key_len; 305 306 str->enc_xtn_hdr = (int*) srtp_crypto_alloc(p->enc_xtn_hdr_count * sizeof(p->enc_xtn_hdr[0])); 307 if (!str->enc_xtn_hdr) { 308 srtp_stream_free(str); 309 return srtp_err_status_alloc_fail; 310 } 311 memcpy(str->enc_xtn_hdr, p->enc_xtn_hdr, p->enc_xtn_hdr_count * sizeof(p->enc_xtn_hdr[0])); 312 str->enc_xtn_hdr_count = p->enc_xtn_hdr_count; 313 314 /* For GCM ciphers, the corresponding ICM cipher is used for header extensions encryption. */ 315 switch (p->rtp.cipher_type) { 316 case SRTP_AES_GCM_128: 317 enc_xtn_hdr_cipher_type = SRTP_AES_ICM_128; 318 enc_xtn_hdr_cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; 319 break; 320 case SRTP_AES_GCM_256: 321 enc_xtn_hdr_cipher_type = SRTP_AES_ICM_256; 322 enc_xtn_hdr_cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; 323 break; 324 default: 325 enc_xtn_hdr_cipher_type = p->rtp.cipher_type; 326 enc_xtn_hdr_cipher_key_len = p->rtp.cipher_key_len; 327 break; 328 } 329 330 for (i = 0; i < str->num_master_keys; i++) { 331 session_keys = &str->session_keys[i]; 332 333 /* allocate cipher for extensions header encryption */ 334 stat = srtp_crypto_kernel_alloc_cipher(enc_xtn_hdr_cipher_type, 335 &session_keys->rtp_xtn_hdr_cipher, 336 enc_xtn_hdr_cipher_key_len, 337 0); 338 if (stat) { 339 srtp_stream_free(str); 340 return stat; 341 } 342 } 343 } else { 344 for (i = 0; i < str->num_master_keys; i++) { 345 session_keys = &str->session_keys[i]; 346 session_keys->rtp_xtn_hdr_cipher = NULL; 347 } 348 349 str->enc_xtn_hdr = NULL; 350 str->enc_xtn_hdr_count = 0; 351 } 352 353 return srtp_err_status_ok; 354 } 355 356 srtp_err_status_t 357 srtp_stream_dealloc(srtp_stream_ctx_t *stream, srtp_stream_ctx_t *stream_template) { 358 srtp_err_status_t status; 359 unsigned int i = 0; 360 srtp_session_keys_t *session_keys = NULL; 361 srtp_session_keys_t *template_session_keys = NULL; 362 239 363 /* 240 364 * we use a conservative deallocation strategy - if any deallocation … … 242 366 * anything else 243 367 */ 244 245 /* deallocate cipher, if it is not the same as that in template */ 246 if (session->stream_template 247 && stream->rtp_cipher == session->stream_template->rtp_cipher) { 248 /* do nothing */ 368 for ( i = 0; i < stream->num_master_keys; i++) { 369 session_keys = &stream->session_keys[i]; 370 371 if (stream_template) { 372 template_session_keys = &stream_template->session_keys[i]; 373 } else { 374 template_session_keys = NULL; 375 } 376 377 /* deallocate cipher, if it is not the same as that in template */ 378 if (template_session_keys 379 && session_keys->rtp_cipher == template_session_keys->rtp_cipher) { 380 /* do nothing */ 381 } else { 382 status = srtp_cipher_dealloc(session_keys->rtp_cipher); 383 if (status) 384 return status; 385 } 386 387 /* deallocate auth function, if it is not the same as that in template */ 388 if (template_session_keys 389 && session_keys->rtp_auth == template_session_keys->rtp_auth) { 390 /* do nothing */ 391 } else { 392 status = srtp_auth_dealloc(session_keys->rtp_auth); 393 if (status) 394 return status; 395 } 396 397 if (template_session_keys 398 && session_keys->rtp_xtn_hdr_cipher == template_session_keys->rtp_xtn_hdr_cipher) { 399 /* do nothing */ 400 } else if (session_keys->rtp_xtn_hdr_cipher) { 401 status = srtp_cipher_dealloc(session_keys->rtp_xtn_hdr_cipher); 402 if (status) 403 return status; 404 } 405 406 /* 407 * deallocate rtcp cipher, if it is not the same as that in 408 * template 409 */ 410 if (template_session_keys 411 && session_keys->rtcp_cipher == template_session_keys->rtcp_cipher) { 412 /* do nothing */ 413 } else { 414 status = srtp_cipher_dealloc(session_keys->rtcp_cipher); 415 if (status) 416 return status; 417 } 418 419 /* 420 * deallocate rtcp auth function, if it is not the same as that in 421 * template 422 */ 423 if (template_session_keys 424 && session_keys->rtcp_auth == template_session_keys->rtcp_auth) { 425 /* do nothing */ 426 } else { 427 status = srtp_auth_dealloc(session_keys->rtcp_auth); 428 if (status) 429 return status; 430 } 431 432 /* 433 * zeroize the salt value 434 */ 435 octet_string_set_to_zero(session_keys->salt, SRTP_AEAD_SALT_LEN); 436 octet_string_set_to_zero(session_keys->c_salt, SRTP_AEAD_SALT_LEN); 437 438 if (session_keys->mki_id) { 439 octet_string_set_to_zero(session_keys->mki_id, session_keys->mki_size); 440 srtp_crypto_free(session_keys->mki_id); 441 session_keys->mki_id = NULL; 442 } 443 444 /* deallocate key usage limit, if it is not the same as that in template */ 445 if (template_session_keys 446 && session_keys->limit == template_session_keys->limit) { 447 /* do nothing */ 448 } else { 449 srtp_crypto_free(session_keys->limit); 450 } 451 452 } 453 454 if (stream_template 455 && stream->session_keys == stream_template->session_keys) { 456 /* do nothing */ 249 457 } else { 250 status = cipher_dealloc(stream->rtp_cipher); 251 if (status) 252 return status; 253 } 254 255 /* deallocate auth function, if it is not the same as that in template */ 256 if (session->stream_template 257 && stream->rtp_auth == session->stream_template->rtp_auth) { 258 /* do nothing */ 259 } else { 260 status = auth_dealloc(stream->rtp_auth); 261 if (status) 262 return status; 263 } 264 265 /* deallocate key usage limit, if it is not the same as that in template */ 266 if (session->stream_template 267 && stream->limit == session->stream_template->limit) { 268 /* do nothing */ 269 } else { 270 crypto_free(stream->limit); 271 } 272 273 /* 274 * deallocate rtcp cipher, if it is not the same as that in 275 * template 276 */ 277 if (session->stream_template 278 && stream->rtcp_cipher == session->stream_template->rtcp_cipher) { 279 /* do nothing */ 280 } else { 281 status = cipher_dealloc(stream->rtcp_cipher); 282 if (status) 283 return status; 284 } 285 286 /* 287 * deallocate rtcp auth function, if it is not the same as that in 288 * template 289 */ 290 if (session->stream_template 291 && stream->rtcp_auth == session->stream_template->rtcp_auth) { 292 /* do nothing */ 293 } else { 294 status = auth_dealloc(stream->rtcp_auth); 295 if (status) 296 return status; 297 } 298 299 status = rdbx_dealloc(&stream->rtp_rdbx); 458 srtp_crypto_free(stream->session_keys); 459 } 460 461 status = srtp_rdbx_dealloc(&stream->rtp_rdbx); 300 462 if (status) 301 463 return status; … … 303 465 /* DAM - need to deallocate EKT here */ 304 466 305 /*306 * zeroize the salt value307 */308 memset(stream->salt, 0, SRTP_AEAD_SALT_LEN);309 memset(stream->c_salt, 0, SRTP_AEAD_SALT_LEN);310 311 467 if (stream_template 468 && stream->enc_xtn_hdr == stream_template->enc_xtn_hdr) { 469 /* do nothing */ 470 } else if (stream->enc_xtn_hdr) { 471 srtp_crypto_free(stream->enc_xtn_hdr); 472 } 473 312 474 /* deallocate srtp stream context */ 313 crypto_free(stream);314 315 return err_status_ok;475 srtp_crypto_free(stream); 476 477 return srtp_err_status_ok; 316 478 } 317 479 … … 325 487 */ 326 488 327 err_status_t489 srtp_err_status_t 328 490 srtp_stream_clone(const srtp_stream_ctx_t *stream_template, 329 491 uint32_t ssrc, 330 492 srtp_stream_ctx_t **str_ptr) { 331 err_status_t status;493 srtp_err_status_t status; 332 494 srtp_stream_ctx_t *str; 333 334 debug_print(mod_srtp, "cloning stream (SSRC: 0x%08x)", ssrc); 495 unsigned int i = 0; 496 srtp_session_keys_t *session_keys = NULL; 497 const srtp_session_keys_t *template_session_keys = NULL; 498 499 debug_print(mod_srtp, "cloning stream (SSRC: 0x%08x)", ntohl(ssrc)); 335 500 336 501 /* allocate srtp stream and set str_ptr */ 337 str = (srtp_stream_ctx_t *) crypto_alloc(sizeof(srtp_stream_ctx_t));502 str = (srtp_stream_ctx_t *) srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); 338 503 if (str == NULL) 339 return err_status_alloc_fail;504 return srtp_err_status_alloc_fail; 340 505 *str_ptr = str; 341 506 342 /* set cipher and auth pointers to those of the template */ 343 str->rtp_cipher = stream_template->rtp_cipher; 344 str->rtp_auth = stream_template->rtp_auth; 345 str->rtcp_cipher = stream_template->rtcp_cipher; 346 str->rtcp_auth = stream_template->rtcp_auth; 347 348 /* set key limit to point to that of the template */ 349 status = key_limit_clone(stream_template->limit, &str->limit); 350 if (status) { 351 crypto_free(*str_ptr); 507 str->num_master_keys = stream_template->num_master_keys; 508 str->session_keys = (srtp_session_keys_t *)srtp_crypto_alloc( 509 sizeof(srtp_session_keys_t) * str->num_master_keys); 510 511 if (str->session_keys == NULL) { 512 srtp_crypto_free(*str_ptr); 513 *str_ptr = NULL; 514 return srtp_err_status_alloc_fail; 515 } 516 517 for (i = 0; i < stream_template->num_master_keys; i++){ 518 session_keys = &str->session_keys[i]; 519 template_session_keys = &stream_template->session_keys[i]; 520 521 /* set cipher and auth pointers to those of the template */ 522 session_keys->rtp_cipher = template_session_keys->rtp_cipher; 523 session_keys->rtp_auth = template_session_keys->rtp_auth; 524 session_keys->rtp_xtn_hdr_cipher = template_session_keys->rtp_xtn_hdr_cipher; 525 session_keys->rtcp_cipher = template_session_keys->rtcp_cipher; 526 session_keys->rtcp_auth = template_session_keys->rtcp_auth; 527 session_keys->mki_size = template_session_keys->mki_size; 528 529 if (template_session_keys->mki_size == 0) { 530 session_keys->mki_id = NULL; 531 } else { 532 session_keys->mki_id = srtp_crypto_alloc(template_session_keys->mki_size); 533 534 if (session_keys->mki_id == NULL) { 535 return srtp_err_status_init_fail; 536 } 537 memset(session_keys->mki_id, 0x0, session_keys->mki_size); 538 memcpy(session_keys->mki_id, template_session_keys->mki_id, session_keys->mki_size); 539 } 540 /* Copy the salt values */ 541 memcpy(session_keys->salt, template_session_keys->salt, SRTP_AEAD_SALT_LEN); 542 memcpy(session_keys->c_salt, template_session_keys->c_salt, SRTP_AEAD_SALT_LEN); 543 544 /* set key limit to point to that of the template */ 545 status = srtp_key_limit_clone(template_session_keys->limit, &session_keys->limit); 546 if (status) { 547 srtp_crypto_free(*str_ptr); 548 *str_ptr = NULL; 549 return status; 550 } 551 } 552 553 554 /* initialize replay databases */ 555 status = srtp_rdbx_init(&str->rtp_rdbx, 556 srtp_rdbx_get_window_size(&stream_template->rtp_rdbx)); 557 if (status) { 558 srtp_crypto_free(*str_ptr); 352 559 *str_ptr = NULL; 353 560 return status; 354 561 } 355 356 /* initialize replay databases */ 357 status = rdbx_init(&str->rtp_rdbx, 358 rdbx_get_window_size(&stream_template->rtp_rdbx)); 359 if (status) { 360 crypto_free(*str_ptr); 361 *str_ptr = NULL; 362 return status; 363 } 364 rdb_init(&str->rtcp_rdb); 562 srtp_rdb_init(&str->rtcp_rdb); 365 563 str->allow_repeat_tx = stream_template->allow_repeat_tx; 366 564 367 565 /* set ssrc to that provided */ 368 566 str->ssrc = ssrc; 567 568 /* reset pending ROC */ 569 str->pending_roc = 0; 369 570 370 571 /* set direction and security services */ … … 376 577 str->ekt = stream_template->ekt; 377 578 378 /* Copy the salt values*/379 memcpy(str->salt, stream_template->salt, SRTP_AEAD_SALT_LEN);380 memcpy(str->c_salt, stream_template->c_salt, SRTP_AEAD_SALT_LEN);579 /* copy information about extensions header encryption */ 580 str->enc_xtn_hdr = stream_template->enc_xtn_hdr; 581 str->enc_xtn_hdr_count = stream_template->enc_xtn_hdr_count; 381 582 382 583 /* defensive coding */ 383 584 str->next = NULL; 384 385 return err_status_ok; 585 return srtp_err_status_ok; 386 586 } 387 587 … … 409 609 label_rtcp_encryption = 0x03, 410 610 label_rtcp_msg_auth = 0x04, 411 label_rtcp_salt = 0x05 611 label_rtcp_salt = 0x05, 612 label_rtp_header_encryption = 0x06, 613 label_rtp_header_salt = 0x07 412 614 } srtp_prf_label; 413 615 616 #define MAX_SRTP_KEY_LEN 256 617 618 #if defined(OPENSSL) && defined(OPENSSL_KDF) 619 #define MAX_SRTP_AESKEY_LEN 32 620 #define MAX_SRTP_SALT_LEN 14 414 621 415 622 /* … … 417 624 * default KDF is the only one implemented at present. 418 625 */ 419 420 626 typedef struct { 421 cipher_t *cipher; /* cipher used for key derivation */ 627 uint8_t master_key[MAX_SRTP_AESKEY_LEN]; 628 uint8_t master_salt[MAX_SRTP_SALT_LEN]; 629 const EVP_CIPHER *evp; 422 630 } srtp_kdf_t; 423 631 424 err_status_t 425 srtp_kdf_init(srtp_kdf_t *kdf, cipher_type_id_t cipher_id, const uint8_t *key, int length) { 426 427 err_status_t stat; 428 stat = crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, length, 0); 429 if (stat) 430 return stat; 431 432 stat = cipher_init(kdf->cipher, key); 433 if (stat) { 434 cipher_dealloc(kdf->cipher); 435 return stat; 436 } 437 438 return err_status_ok; 439 } 440 441 err_status_t 442 srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label, 443 uint8_t *key, unsigned int length) { 444 445 v128_t nonce; 446 err_status_t status; 632 633 static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t *key, int key_len, int salt_len) 634 { 635 memset(kdf, 0x0, sizeof(srtp_kdf_t)); 636 637 /* The NULL cipher has zero key length */ 638 if (key_len == 0) return srtp_err_status_ok; 639 640 if ((key_len > MAX_SRTP_AESKEY_LEN) || (salt_len > MAX_SRTP_SALT_LEN)) { 641 return srtp_err_status_bad_param; 642 } 643 switch (key_len) { 644 case SRTP_AES_256_KEYSIZE: 645 kdf->evp = EVP_aes_256_ctr(); 646 break; 647 case SRTP_AES_192_KEYSIZE: 648 kdf->evp = EVP_aes_192_ctr(); 649 break; 650 case SRTP_AES_128_KEYSIZE: 651 kdf->evp = EVP_aes_128_ctr(); 652 break; 653 default: 654 return srtp_err_status_bad_param; 655 break; 656 } 657 memcpy(kdf->master_key, key, key_len); 658 memcpy(kdf->master_salt, key+key_len, salt_len); 659 return srtp_err_status_ok; 660 } 661 662 static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label, uint8_t *key, unsigned int length) 663 { 664 int ret; 665 666 /* The NULL cipher will not have an EVP */ 667 if (!kdf->evp) return srtp_err_status_ok; 668 octet_string_set_to_zero(key, length); 669 670 /* 671 * Invoke the OpenSSL SRTP KDF function 672 * This is useful if OpenSSL is in FIPS mode and FIP 673 * compliance is required for SRTP. 674 */ 675 ret = kdf_srtp(kdf->evp, (char *)&kdf->master_key, (char *)&kdf->master_salt, NULL, NULL, label, (char *)key); 676 if (ret == -1) { 677 return (srtp_err_status_algo_fail); 678 } 679 680 return srtp_err_status_ok; 681 } 682 683 static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) { 684 octet_string_set_to_zero(kdf->master_key, MAX_SRTP_AESKEY_LEN); 685 octet_string_set_to_zero(kdf->master_salt, MAX_SRTP_SALT_LEN); 686 kdf->evp = NULL; 687 688 return srtp_err_status_ok; 689 } 690 691 #else /* if OPENSSL_KDF */ 692 693 /* 694 * srtp_kdf_t represents a key derivation function. The SRTP 695 * default KDF is the only one implemented at present. 696 */ 697 typedef struct { 698 srtp_cipher_t *cipher; /* cipher used for key derivation */ 699 } srtp_kdf_t; 700 701 static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t *key, int key_len) 702 { 703 srtp_cipher_type_id_t cipher_id; 704 srtp_err_status_t stat; 705 switch (key_len) { 706 case SRTP_AES_ICM_256_KEY_LEN_WSALT: 707 cipher_id = SRTP_AES_ICM_256; 708 break; 709 case SRTP_AES_ICM_192_KEY_LEN_WSALT: 710 cipher_id = SRTP_AES_ICM_192; 711 break; 712 case SRTP_AES_ICM_128_KEY_LEN_WSALT: 713 cipher_id = SRTP_AES_ICM_128; 714 break; 715 default: 716 return srtp_err_status_bad_param; 717 break; 718 } 719 720 stat = srtp_crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, key_len, 0); 721 if (stat) return stat; 722 723 stat = srtp_cipher_init(kdf->cipher, key); 724 if (stat) { 725 srtp_cipher_dealloc(kdf->cipher); 726 return stat; 727 } 728 return srtp_err_status_ok; 729 } 730 731 static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label, uint8_t *key, unsigned int length) 732 { 733 srtp_err_status_t status; 734 v128_t nonce; 447 735 448 /* set eigth octet of nonce to <label>, set the rest of it to zero */449 v128_set_to_zero(&nonce);450 nonce.v8[7] = label;736 /* set eigth octet of nonce to <label>, set the rest of it to zero */ 737 v128_set_to_zero(&nonce); 738 nonce.v8[7] = label; 451 739 452 status = cipher_set_iv(kdf->cipher, &nonce, direction_encrypt); 453 if (status) 454 return status; 740 status = srtp_cipher_set_iv(kdf->cipher, (uint8_t*)&nonce, srtp_direction_encrypt); 741 if (status) return status; 455 742 456 /* generate keystream output */ 457 octet_string_set_to_zero(key, length); 458 status = cipher_encrypt(kdf->cipher, key, &length); 459 if (status) 460 return status; 461 462 return err_status_ok; 463 } 464 465 err_status_t 466 srtp_kdf_clear(srtp_kdf_t *kdf) { 467 err_status_t status; 468 status = cipher_dealloc(kdf->cipher); 469 if (status) 470 return status; 471 kdf->cipher = NULL; 472 473 return err_status_ok; 474 } 743 /* generate keystream output */ 744 octet_string_set_to_zero(key, length); 745 status = srtp_cipher_encrypt(kdf->cipher, key, &length); 746 if (status) return status; 747 748 return srtp_err_status_ok; 749 } 750 751 static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) { 752 srtp_err_status_t status; 753 status = srtp_cipher_dealloc(kdf->cipher); 754 if (status) return status; 755 kdf->cipher = NULL; 756 return srtp_err_status_ok; 757 } 758 #endif /* else OPENSSL_KDF */ 475 759 476 760 /* … … 478 762 */ 479 763 480 #define MAX_SRTP_KEY_LEN 256481 764 482 765 483 766 /* Get the base key length corresponding to a given combined key+salt 484 767 * length for the given cipher. 485 * Assumption is that for AES-ICM a key length < 30 is Ismacryp using486 * AES-128 and short salts; everything else uses a salt length of 14.487 768 * TODO: key and salt lengths should be separate fields in the policy. */ 488 static inline int base_key_length(const cipher_type_t *cipher, int key_length)769 static inline int base_key_length(const srtp_cipher_type_t *cipher, int key_length) 489 770 { 490 771 switch (cipher->id) { 491 case AES_128_ICM:492 case AES_192_ICM:493 case AES_256_ICM:772 case SRTP_AES_ICM_128: 773 case SRTP_AES_ICM_192: 774 case SRTP_AES_ICM_256: 494 775 /* The legacy modes are derived from 495 776 * the configured key length on the policy */ 496 return key_length - 14;777 return key_length - SRTP_SALT_LEN; 497 778 break; 498 case AES_128_GCM:499 return 16;779 case SRTP_AES_GCM_128: 780 return key_length - SRTP_AEAD_SALT_LEN; 500 781 break; 501 case AES_256_GCM:502 return 32;782 case SRTP_AES_GCM_256: 783 return key_length - SRTP_AEAD_SALT_LEN; 503 784 break; 504 785 default: … … 508 789 } 509 790 510 err_status_t 511 srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { 512 err_status_t stat; 791 unsigned int 792 srtp_validate_policy_master_keys(const srtp_policy_t *policy) 793 { 794 int i = 0; 795 796 if (policy->key == NULL) { 797 if (policy->num_master_keys <= 0) 798 return 0; 799 800 if (policy->num_master_keys > SRTP_MAX_NUM_MASTER_KEYS) 801 return 0; 802 803 for (i = 0; i < policy->num_master_keys; i++) { 804 if (policy->keys[i]->key == NULL) 805 return 0; 806 if (policy->keys[i]->mki_size > SRTP_MAX_MKI_LEN) 807 return 0; 808 } 809 } 810 811 return 1; 812 } 813 814 srtp_session_keys_t* 815 srtp_get_session_keys_with_mki_index(srtp_stream_ctx_t *stream, 816 unsigned int use_mki, 817 unsigned int mki_index) { 818 if (use_mki) { 819 if (mki_index < stream->num_master_keys) { 820 return &stream->session_keys[mki_index]; 821 } 822 } 823 824 return &stream->session_keys[0]; 825 } 826 827 unsigned int 828 srtp_inject_mki(uint8_t *mki_tag_location, srtp_session_keys_t* session_keys, 829 unsigned int use_mki) 830 { 831 unsigned int mki_size = 0; 832 833 if (use_mki) { 834 mki_size = session_keys->mki_size; 835 836 if (mki_size != 0) { 837 // Write MKI into memory 838 memcpy(mki_tag_location, session_keys->mki_id, mki_size); 839 } 840 } 841 842 return mki_size; 843 } 844 845 srtp_err_status_t 846 srtp_stream_init_all_master_keys(srtp_stream_ctx_t *srtp, 847 unsigned char *key, 848 srtp_master_key_t **keys, 849 const unsigned int max_master_keys) { 850 int i = 0; 851 srtp_err_status_t status = srtp_err_status_ok; 852 srtp_master_key_t single_master_key; 853 854 if ( key != NULL ) { 855 srtp->num_master_keys = 1; 856 single_master_key.key = key; 857 single_master_key.mki_id = NULL; 858 single_master_key.mki_size = 0; 859 status = srtp_stream_init_keys(srtp, &single_master_key, 0); 860 } else { 861 srtp->num_master_keys = max_master_keys; 862 863 for (i = 0; i < srtp->num_master_keys && i < SRTP_MAX_NUM_MASTER_KEYS; i++) { 864 status = srtp_stream_init_keys(srtp, keys[i], i); 865 866 if (status) { 867 return status; 868 } 869 } 870 } 871 872 return status; 873 } 874 875 srtp_err_status_t 876 srtp_stream_init_keys(srtp_stream_ctx_t *srtp, srtp_master_key_t *master_key, 877 const unsigned int current_mki_index) { 878 srtp_err_status_t stat; 513 879 srtp_kdf_t kdf; 514 880 uint8_t tmp_key[MAX_SRTP_KEY_LEN]; … … 516 882 int rtp_base_key_len, rtp_salt_len; 517 883 int rtcp_base_key_len, rtcp_salt_len; 884 srtp_session_keys_t *session_keys = NULL; 885 unsigned char *key = master_key->key; 518 886 519 887 /* If RTP or RTCP have a key length > AES-128, assume matching kdf. */ 520 888 /* TODO: kdf algorithm, master key length, and master salt length should 521 889 * be part of srtp_policy_t. */ 522 rtp_keylen = cipher_get_key_length(srtp->rtp_cipher); 523 rtcp_keylen = cipher_get_key_length(srtp->rtcp_cipher); 524 rtp_base_key_len = base_key_length(srtp->rtp_cipher->type, rtp_keylen); 890 session_keys = &srtp->session_keys[current_mki_index]; 891 892 /* initialize key limit to maximum value */ 893 #ifdef NO_64BIT_MATH 894 { 895 uint64_t temp; 896 temp = make64(UINT_MAX,UINT_MAX); 897 srtp_key_limit_set(session_keys->limit, temp); 898 } 899 #else 900 srtp_key_limit_set(session_keys->limit, 0xffffffffffffLL); 901 #endif 902 903 904 if ( master_key->mki_size != 0 ) { 905 session_keys->mki_id = srtp_crypto_alloc(master_key->mki_size); 906 907 if (session_keys->mki_id == NULL) { 908 return srtp_err_status_init_fail; 909 } 910 memset(session_keys->mki_id, 0x0, master_key->mki_size); 911 memcpy(session_keys->mki_id, master_key->mki_id, master_key->mki_size); 912 } else { 913 session_keys->mki_id = NULL; 914 } 915 916 session_keys->mki_size = master_key->mki_size; 917 918 rtp_keylen = srtp_cipher_get_key_length(session_keys->rtp_cipher); 919 rtcp_keylen = srtp_cipher_get_key_length(session_keys->rtcp_cipher); 920 rtp_base_key_len = base_key_length(session_keys->rtp_cipher->type, rtp_keylen); 525 921 rtp_salt_len = rtp_keylen - rtp_base_key_len; 526 922 … … 548 944 549 945 /* initialize KDF state */ 550 stat = srtp_kdf_init(&kdf, AES_ICM, (const uint8_t *)tmp_key, kdf_keylen); 946 #if defined(OPENSSL) && defined(OPENSSL_KDF) 947 stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, rtp_base_key_len, rtp_salt_len); 948 #else 949 stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, kdf_keylen); 950 #endif 551 951 if (stat) { 552 return err_status_init_fail; 952 /* zeroize temp buffer */ 953 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 954 return srtp_err_status_init_fail; 553 955 } 554 956 … … 559 961 /* zeroize temp buffer */ 560 962 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 561 return err_status_init_fail;963 return srtp_err_status_init_fail; 562 964 } 563 965 debug_print(mod_srtp, "cipher key: %s", 564 octet_string_hex_string(tmp_key, rtp_base_key_len));966 srtp_octet_string_hex_string(tmp_key, rtp_base_key_len)); 565 967 566 968 /* … … 577 979 /* zeroize temp buffer */ 578 980 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 579 return err_status_init_fail;580 } 581 memcpy(s rtp->salt, tmp_key + rtp_base_key_len, SRTP_AEAD_SALT_LEN);981 return srtp_err_status_init_fail; 982 } 983 memcpy(session_keys->salt, tmp_key + rtp_base_key_len, SRTP_AEAD_SALT_LEN); 582 984 } 583 985 if (rtp_salt_len > 0) { 584 986 debug_print(mod_srtp, "cipher salt: %s", 585 octet_string_hex_string(tmp_key + rtp_base_key_len, rtp_salt_len));987 srtp_octet_string_hex_string(tmp_key + rtp_base_key_len, rtp_salt_len)); 586 988 } 587 989 588 990 /* initialize cipher */ 589 stat = cipher_init(srtp->rtp_cipher, tmp_key);991 stat = srtp_cipher_init(session_keys->rtp_cipher, tmp_key); 590 992 if (stat) { 591 993 /* zeroize temp buffer */ 592 994 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 593 return err_status_init_fail; 995 return srtp_err_status_init_fail; 996 } 997 998 if (session_keys->rtp_xtn_hdr_cipher) { 999 /* generate extensions header encryption key */ 1000 int rtp_xtn_hdr_keylen; 1001 int rtp_xtn_hdr_base_key_len; 1002 int rtp_xtn_hdr_salt_len; 1003 srtp_kdf_t tmp_kdf; 1004 srtp_kdf_t *xtn_hdr_kdf; 1005 1006 if (session_keys->rtp_xtn_hdr_cipher->type != session_keys->rtp_cipher->type) { 1007 /* With GCM ciphers, the header extensions are still encrypted using the corresponding ICM cipher. */ 1008 /* See https://tools.ietf.org/html/rfc7714#section-8.3 */ 1009 uint8_t tmp_xtn_hdr_key[MAX_SRTP_KEY_LEN]; 1010 rtp_xtn_hdr_keylen = srtp_cipher_get_key_length(session_keys->rtp_xtn_hdr_cipher); 1011 rtp_xtn_hdr_base_key_len = base_key_length(session_keys->rtp_xtn_hdr_cipher->type, 1012 rtp_xtn_hdr_keylen); 1013 rtp_xtn_hdr_salt_len = rtp_xtn_hdr_keylen - rtp_xtn_hdr_base_key_len; 1014 if (rtp_xtn_hdr_salt_len > rtp_salt_len) { 1015 switch (session_keys->rtp_cipher->type->id) { 1016 case SRTP_AES_GCM_128: 1017 case SRTP_AES_GCM_256: 1018 /* The shorter GCM salt is padded to the required ICM salt length. */ 1019 rtp_xtn_hdr_salt_len = rtp_salt_len; 1020 break; 1021 default: 1022 /* zeroize temp buffer */ 1023 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 1024 return srtp_err_status_bad_param; 1025 } 1026 } 1027 memset(tmp_xtn_hdr_key, 0x0, MAX_SRTP_KEY_LEN); 1028 memcpy(tmp_xtn_hdr_key, key, (rtp_xtn_hdr_base_key_len + rtp_xtn_hdr_salt_len)); 1029 xtn_hdr_kdf = &tmp_kdf; 1030 1031 /* initialize KDF state */ 1032 #if defined(OPENSSL) && defined(OPENSSL_KDF) 1033 stat = srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key, rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len); 1034 #else 1035 stat = srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key, kdf_keylen); 1036 #endif 1037 octet_string_set_to_zero(tmp_xtn_hdr_key, MAX_SRTP_KEY_LEN); 1038 if (stat) { 1039 /* zeroize temp buffer */ 1040 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 1041 return srtp_err_status_init_fail; 1042 } 1043 } else { 1044 /* Reuse main KDF. */ 1045 rtp_xtn_hdr_keylen = rtp_keylen; 1046 rtp_xtn_hdr_base_key_len = rtp_base_key_len; 1047 rtp_xtn_hdr_salt_len = rtp_salt_len; 1048 xtn_hdr_kdf = &kdf; 1049 } 1050 1051 stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_encryption, 1052 tmp_key, rtp_xtn_hdr_base_key_len); 1053 if (stat) { 1054 /* zeroize temp buffer */ 1055 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 1056 return srtp_err_status_init_fail; 1057 } 1058 debug_print(mod_srtp, "extensions cipher key: %s", 1059 srtp_octet_string_hex_string(tmp_key, rtp_xtn_hdr_base_key_len)); 1060 1061 /* 1062 * if the cipher in the srtp context uses a salt, then we need 1063 * to generate the salt value 1064 */ 1065 if (rtp_xtn_hdr_salt_len > 0) { 1066 debug_print(mod_srtp, "found rtp_xtn_hdr_salt_len > 0, generating salt", NULL); 1067 1068 /* generate encryption salt, put after encryption key */ 1069 stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_salt, 1070 tmp_key + rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len); 1071 if (stat) { 1072 /* zeroize temp buffer */ 1073 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 1074 return srtp_err_status_init_fail; 1075 } 1076 } 1077 if (rtp_xtn_hdr_salt_len > 0) { 1078 debug_print(mod_srtp, "extensions cipher salt: %s", 1079 srtp_octet_string_hex_string(tmp_key + rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len)); 1080 } 1081 1082 /* initialize extensions header cipher */ 1083 stat = srtp_cipher_init(session_keys->rtp_xtn_hdr_cipher, tmp_key); 1084 if (stat) { 1085 /* zeroize temp buffer */ 1086 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 1087 return srtp_err_status_init_fail; 1088 } 1089 1090 if (xtn_hdr_kdf != &kdf) { 1091 /* release memory for custom header extension encryption kdf */ 1092 stat = srtp_kdf_clear(xtn_hdr_kdf); 1093 if (stat) { 1094 /* zeroize temp buffer */ 1095 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 1096 return srtp_err_status_init_fail; 1097 } 1098 } 594 1099 } 595 1100 596 1101 /* generate authentication key */ 597 1102 stat = srtp_kdf_generate(&kdf, label_rtp_msg_auth, 598 tmp_key, auth_get_key_length(srtp->rtp_auth));1103 tmp_key, srtp_auth_get_key_length(session_keys->rtp_auth)); 599 1104 if (stat) { 600 1105 /* zeroize temp buffer */ 601 1106 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 602 return err_status_init_fail;1107 return srtp_err_status_init_fail; 603 1108 } 604 1109 debug_print(mod_srtp, "auth key: %s", 605 octet_string_hex_string(tmp_key,606 auth_get_key_length(srtp->rtp_auth)));1110 srtp_octet_string_hex_string(tmp_key, 1111 srtp_auth_get_key_length(session_keys->rtp_auth))); 607 1112 608 1113 /* initialize auth function */ 609 stat = auth_init(srtp->rtp_auth, tmp_key);1114 stat = srtp_auth_init(session_keys->rtp_auth, tmp_key); 610 1115 if (stat) { 611 1116 /* zeroize temp buffer */ 612 1117 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 613 return err_status_init_fail;1118 return srtp_err_status_init_fail; 614 1119 } 615 1120 … … 618 1123 */ 619 1124 620 rtcp_base_key_len = base_key_length(s rtp->rtcp_cipher->type, rtcp_keylen);1125 rtcp_base_key_len = base_key_length(session_keys->rtcp_cipher->type, rtcp_keylen); 621 1126 rtcp_salt_len = rtcp_keylen - rtcp_base_key_len; 622 1127 debug_print(mod_srtp, "rtcp salt len: %d", rtcp_salt_len); … … 628 1133 /* zeroize temp buffer */ 629 1134 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 630 return err_status_init_fail;1135 return srtp_err_status_init_fail; 631 1136 } 632 1137 … … 645 1150 /* zeroize temp buffer */ 646 1151 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 647 return err_status_init_fail;648 } 649 memcpy(s rtp->c_salt, tmp_key + rtcp_base_key_len, SRTP_AEAD_SALT_LEN);1152 return srtp_err_status_init_fail; 1153 } 1154 memcpy(session_keys->c_salt, tmp_key + rtcp_base_key_len, SRTP_AEAD_SALT_LEN); 650 1155 } 651 1156 debug_print(mod_srtp, "rtcp cipher key: %s", 652 octet_string_hex_string(tmp_key, rtcp_base_key_len));1157 srtp_octet_string_hex_string(tmp_key, rtcp_base_key_len)); 653 1158 if (rtcp_salt_len > 0) { 654 1159 debug_print(mod_srtp, "rtcp cipher salt: %s", 655 octet_string_hex_string(tmp_key + rtcp_base_key_len, rtcp_salt_len));1160 srtp_octet_string_hex_string(tmp_key + rtcp_base_key_len, rtcp_salt_len)); 656 1161 } 657 1162 658 1163 /* initialize cipher */ 659 stat = cipher_init(srtp->rtcp_cipher, tmp_key);1164 stat = srtp_cipher_init(session_keys->rtcp_cipher, tmp_key); 660 1165 if (stat) { 661 1166 /* zeroize temp buffer */ 662 1167 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 663 return err_status_init_fail;1168 return srtp_err_status_init_fail; 664 1169 } 665 1170 666 1171 /* generate authentication key */ 667 1172 stat = srtp_kdf_generate(&kdf, label_rtcp_msg_auth, 668 tmp_key, auth_get_key_length(srtp->rtcp_auth));1173 tmp_key, srtp_auth_get_key_length(session_keys->rtcp_auth)); 669 1174 if (stat) { 670 1175 /* zeroize temp buffer */ 671 1176 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 672 return err_status_init_fail;1177 return srtp_err_status_init_fail; 673 1178 } 674 1179 675 1180 debug_print(mod_srtp, "rtcp auth key: %s", 676 octet_string_hex_string(tmp_key,677 auth_get_key_length(srtp->rtcp_auth)));1181 srtp_octet_string_hex_string(tmp_key, 1182 srtp_auth_get_key_length(session_keys->rtcp_auth))); 678 1183 679 1184 /* initialize auth function */ 680 stat = auth_init(srtp->rtcp_auth, tmp_key);1185 stat = srtp_auth_init(session_keys->rtcp_auth, tmp_key); 681 1186 if (stat) { 682 1187 /* zeroize temp buffer */ 683 1188 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 684 return err_status_init_fail;1189 return srtp_err_status_init_fail; 685 1190 } 686 1191 687 1192 /* clear memory then return */ 688 1193 stat = srtp_kdf_clear(&kdf); 689 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 1194 octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); 690 1195 if (stat) 691 return err_status_init_fail;692 693 return err_status_ok;694 } 695 696 err_status_t1196 return srtp_err_status_init_fail; 1197 1198 return srtp_err_status_ok; 1199 } 1200 1201 srtp_err_status_t 697 1202 srtp_stream_init(srtp_stream_ctx_t *srtp, 698 1203 const srtp_policy_t *p) { 699 err_status_t err;1204 srtp_err_status_t err; 700 1205 701 1206 debug_print(mod_srtp, "initializing stream (SSRC: 0x%08x)", … … 708 1213 709 1214 if (p->window_size != 0 && (p->window_size < 64 || p->window_size >= 0x8000)) 710 return err_status_bad_param;1215 return srtp_err_status_bad_param; 711 1216 712 1217 if (p->window_size != 0) 713 err = rdbx_init(&srtp->rtp_rdbx, p->window_size);1218 err = srtp_rdbx_init(&srtp->rtp_rdbx, p->window_size); 714 1219 else 715 err = rdbx_init(&srtp->rtp_rdbx, 128);1220 err = srtp_rdbx_init(&srtp->rtp_rdbx, 128); 716 1221 if (err) return err; 717 718 /* initialize key limit to maximum value */719 #ifdef NO_64BIT_MATH720 {721 uint64_t temp;722 temp = make64(UINT_MAX,UINT_MAX);723 key_limit_set(srtp->limit, temp);724 }725 #else726 key_limit_set(srtp->limit, 0xffffffffffffLL);727 #endif728 1222 729 1223 /* set the SSRC value */ 730 1224 srtp->ssrc = htonl(p->ssrc.value); 1225 1226 /* reset pending ROC */ 1227 srtp->pending_roc = 0; 731 1228 732 1229 /* set the security service flags */ … … 742 1239 743 1240 /* initialize SRTCP replay database */ 744 rdb_init(&srtp->rtcp_rdb);1241 srtp_rdb_init(&srtp->rtcp_rdb); 745 1242 746 1243 /* initialize allow_repeat_tx */ 747 1244 /* guard against uninitialized memory: allow only 0 or 1 here */ 748 1245 if (p->allow_repeat_tx != 0 && p->allow_repeat_tx != 1) { 749 rdbx_dealloc(&srtp->rtp_rdbx);750 return err_status_bad_param;1246 srtp_rdbx_dealloc(&srtp->rtp_rdbx); 1247 return srtp_err_status_bad_param; 751 1248 } 752 1249 srtp->allow_repeat_tx = p->allow_repeat_tx; … … 755 1252 756 1253 /* initialize keys */ 757 err = srtp_stream_init_ keys(srtp, p->key);1254 err = srtp_stream_init_all_master_keys(srtp, p->key, p->keys, p->num_master_keys); 758 1255 if (err) { 759 rdbx_dealloc(&srtp->rtp_rdbx);1256 srtp_rdbx_dealloc(&srtp->rtp_rdbx); 760 1257 return err; 761 1258 } … … 765 1262 * the stream 766 1263 */ 767 err = ekt_stream_init_from_policy(srtp->ekt, p->ekt);1264 err = srtp_ekt_stream_init_from_policy(srtp->ekt, p->ekt); 768 1265 if (err) { 769 rdbx_dealloc(&srtp->rtp_rdbx);1266 srtp_rdbx_dealloc(&srtp->rtp_rdbx); 770 1267 return err; 771 1268 } 772 1269 773 return err_status_ok;1270 return srtp_err_status_ok; 774 1271 } 775 1272 … … 783 1280 srtp_event_reporter(srtp_event_data_t *data) { 784 1281 785 err_report(err_level_warning, "srtp: in stream 0x%x: ",786 data->stream->ssrc);1282 srtp_err_report(srtp_err_level_warning, "srtp: in stream 0x%x: ", 1283 data->ssrc); 787 1284 788 1285 switch(data->event) { 789 1286 case event_ssrc_collision: 790 err_report(err_level_warning, "\tSSRC collision\n");1287 srtp_err_report(srtp_err_level_warning, "\tSSRC collision\n"); 791 1288 break; 792 1289 case event_key_soft_limit: 793 err_report(err_level_warning, "\tkey usage soft limit reached\n");1290 srtp_err_report(srtp_err_level_warning, "\tkey usage soft limit reached\n"); 794 1291 break; 795 1292 case event_key_hard_limit: 796 err_report(err_level_warning, "\tkey usage hard limit reached\n");1293 srtp_err_report(srtp_err_level_warning, "\tkey usage hard limit reached\n"); 797 1294 break; 798 1295 case event_packet_index_limit: 799 err_report(err_level_warning, "\tpacket index limit reached\n");1296 srtp_err_report(srtp_err_level_warning, "\tpacket index limit reached\n"); 800 1297 break; 801 1298 default: 802 err_report(err_level_warning, "\tunknown event reported to handler\n");1299 srtp_err_report(srtp_err_level_warning, "\tunknown event reported to handler\n"); 803 1300 } 804 1301 } … … 816 1313 static srtp_event_handler_func_t *srtp_event_handler = srtp_event_reporter; 817 1314 818 err_status_t1315 srtp_err_status_t 819 1316 srtp_install_event_handler(srtp_event_handler_func_t func) { 820 1317 … … 827 1324 /* set global event handling function */ 828 1325 srtp_event_handler = func; 829 return err_status_ok;1326 return srtp_err_status_ok; 830 1327 } 1328 1329 1330 /* 1331 * Check if the given extension header id is / should be encrypted. 1332 * Returns 1 if yes, otherwise 0. 1333 */ 1334 static int 1335 srtp_protect_extension_header(srtp_stream_ctx_t *stream, int id) { 1336 int* enc_xtn_hdr = stream->enc_xtn_hdr; 1337 int count = stream->enc_xtn_hdr_count; 1338 1339 if (!enc_xtn_hdr || count <= 0) { 1340 return 0; 1341 } 1342 1343 while (count > 0) { 1344 if (*enc_xtn_hdr == id) { 1345 return 1; 1346 } 1347 1348 enc_xtn_hdr++; 1349 count--; 1350 } 1351 return 0; 1352 } 1353 1354 1355 /* 1356 * extensions header encryption RFC 6904 1357 */ 1358 static srtp_err_status_t 1359 srtp_process_header_encryption(srtp_stream_ctx_t *stream, 1360 srtp_hdr_xtnd_t *xtn_hdr, 1361 srtp_session_keys_t *session_keys) { 1362 srtp_err_status_t status; 1363 uint8_t keystream[257]; /* Maximum 2 bytes header + 255 bytes data. */ 1364 int keystream_pos; 1365 uint8_t* xtn_hdr_data = ((uint8_t *)xtn_hdr) + octets_in_rtp_extn_hdr; 1366 uint8_t* xtn_hdr_end = xtn_hdr_data + (ntohs(xtn_hdr->length) * sizeof(uint32_t)); 1367 1368 if (ntohs(xtn_hdr->profile_specific) == 0xbede) { 1369 /* RFC 5285, section 4.2. One-Byte Header */ 1370 while (xtn_hdr_data < xtn_hdr_end) { 1371 uint8_t xid = (*xtn_hdr_data & 0xf0) >> 4; 1372 unsigned int xlen = (*xtn_hdr_data & 0x0f) + 1; 1373 uint32_t xlen_with_header = 1+xlen; 1374 xtn_hdr_data++; 1375 1376 if (xtn_hdr_data + xlen > xtn_hdr_end) 1377 return srtp_err_status_parse_err; 1378 1379 if (xid == 15) { 1380 /* found header 15, stop further processing. */ 1381 break; 1382 } 1383 1384 status = srtp_cipher_output(session_keys->rtp_xtn_hdr_cipher, 1385 keystream, &xlen_with_header); 1386 if (status) 1387 return srtp_err_status_cipher_fail; 1388 1389 if (srtp_protect_extension_header(stream, xid)) { 1390 keystream_pos = 1; 1391 while (xlen > 0) { 1392 *xtn_hdr_data ^= keystream[keystream_pos++]; 1393 xtn_hdr_data++; 1394 xlen--; 1395 } 1396 } else { 1397 xtn_hdr_data += xlen; 1398 } 1399 1400 /* skip padding bytes. */ 1401 while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) { 1402 xtn_hdr_data++; 1403 } 1404 } 1405 } else if ((ntohs(xtn_hdr->profile_specific) & 0x1fff) == 0x100) { 1406 /* RFC 5285, section 4.3. Two-Byte Header */ 1407 while (xtn_hdr_data + 1 < xtn_hdr_end) { 1408 uint8_t xid = *xtn_hdr_data; 1409 unsigned int xlen = *(xtn_hdr_data+1); 1410 uint32_t xlen_with_header = 2+xlen; 1411 xtn_hdr_data += 2; 1412 1413 if (xtn_hdr_data + xlen > xtn_hdr_end) 1414 return srtp_err_status_parse_err; 1415 1416 status = srtp_cipher_output(session_keys->rtp_xtn_hdr_cipher, 1417 keystream, &xlen_with_header); 1418 if (status) 1419 return srtp_err_status_cipher_fail; 1420 1421 if (xlen > 0 && srtp_protect_extension_header(stream, xid)) { 1422 keystream_pos = 2; 1423 while (xlen > 0) { 1424 *xtn_hdr_data ^= keystream[keystream_pos++]; 1425 xtn_hdr_data++; 1426 xlen--; 1427 } 1428 } else { 1429 xtn_hdr_data += xlen; 1430 } 1431 1432 /* skip padding bytes. */ 1433 while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) { 1434 xtn_hdr_data++; 1435 } 1436 } 1437 } else { 1438 /* unsupported extension header format. */ 1439 return srtp_err_status_parse_err; 1440 } 1441 1442 return srtp_err_status_ok; 1443 } 1444 831 1445 832 1446 /* 833 1447 * AEAD uses a new IV formation method. This function implements 834 * section 9.1 from draft-ietf-avtcore-srtp-aes-gcm-07.txt. The835 * calculation is defined as, where (+) is the xor operation:1448 * section 8.1. (SRTP IV Formation for AES-GCM) of RFC7714. 1449 * The calculation is defined as, where (+) is the xor operation: 836 1450 * 837 1451 * … … 850 1464 * +--+--+--+--+--+--+--+--+--+--+--+--+* 851 1465 * 852 * Input: *s tream - pointer to SRTP stream context, used to retrieve853 * the SALT1466 * Input: *session_keys - pointer to SRTP stream context session keys, 1467 * used to retrieve the SALT 854 1468 * *iv - Pointer to receive the calculated IV 855 1469 * *seq - The ROC and SEQ value to use for the … … 858 1472 * 859 1473 */ 860 static void srtp_calc_aead_iv(srtp_stream_ctx_t *stream, v128_t *iv, 861 xtd_seq_num_t *seq, srtp_hdr_t *hdr) 1474 1475 static void srtp_calc_aead_iv(srtp_session_keys_t *session_keys, v128_t *iv, 1476 srtp_xtd_seq_num_t *seq, srtp_hdr_t *hdr) 862 1477 { 863 1478 v128_t in; … … 889 1504 * Get the SALT value from the context 890 1505 */ 891 memcpy(salt.v8, s tream->salt, SRTP_AEAD_SALT_LEN);1506 memcpy(salt.v8, session_keys->salt, SRTP_AEAD_SALT_LEN); 892 1507 debug_print(mod_srtp, "RTP SALT = %s\n", v128_hex_string(&salt)); 893 1508 … … 898 1513 } 899 1514 1515 1516 srtp_session_keys_t* 1517 srtp_get_session_keys(srtp_stream_ctx_t *stream, uint8_t* hdr, 1518 const unsigned int* pkt_octet_len, 1519 unsigned int* mki_size) { 1520 unsigned int base_mki_start_location = *pkt_octet_len; 1521 unsigned int mki_start_location = 0; 1522 unsigned int tag_len = 0; 1523 unsigned int i = 0; 1524 1525 // Determine the authentication tag size 1526 if (stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_128 || 1527 stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_256) { 1528 tag_len = 0; 1529 } else { 1530 tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth); 1531 } 1532 1533 if (tag_len > base_mki_start_location) { 1534 *mki_size = 0; 1535 return NULL; 1536 } 1537 1538 base_mki_start_location -= tag_len; 1539 1540 for (i = 0; i < stream->num_master_keys; i++) { 1541 if (stream->session_keys[i].mki_size != 0) { 1542 *mki_size = stream->session_keys[i].mki_size; 1543 mki_start_location = base_mki_start_location - *mki_size; 1544 1545 if ( mki_start_location >= *mki_size && 1546 memcmp(hdr + mki_start_location, stream->session_keys[i].mki_id, *mki_size) == 0 ) { 1547 return &stream->session_keys[i]; 1548 } 1549 } 1550 } 1551 1552 *mki_size = 0; 1553 return NULL; 1554 } 1555 1556 static srtp_err_status_t 1557 srtp_estimate_index(srtp_rdbx_t *rdbx, 1558 uint32_t roc, 1559 srtp_xtd_seq_num_t *est, 1560 srtp_sequence_number_t seq, 1561 int *delta) 1562 { 1563 #ifdef NO_64BIT_MATH 1564 uint32_t internal_pkt_idx_reduced; 1565 uint32_t external_pkt_idx_reduced; 1566 uint32_t internal_roc; 1567 uint32_t roc_difference; 1568 #endif 1569 1570 #ifdef NO_64BIT_MATH 1571 *est = (srtp_xtd_seq_num_t)make64(roc >> 16, (roc << 16) | seq); 1572 *delta = low32(est) - rdbx->index; 1573 #else 1574 *est = (srtp_xtd_seq_num_t)(((uint64_t)roc) << 16) | seq; 1575 *delta = (int)(*est - rdbx->index); 1576 #endif 1577 1578 if (*est > rdbx->index) { 1579 #ifdef NO_64BIT_MATH 1580 internal_roc = (uint32_t)(rdbx->index >> 16); 1581 roc_difference = roc - internal_roc; 1582 if (roc_difference > 1) { 1583 *delta = 0; 1584 return srtp_err_status_pkt_idx_adv; 1585 } 1586 1587 internal_pkt_idx_reduced = (uint32_t)(rdbx->index & 0xFFFF); 1588 external_pkt_idx_reduced = (uint32_t)((roc_difference << 16) | seq); 1589 1590 if (external_pkt_idx_reduced - internal_pkt_idx_reduced > 1591 seq_num_median) { 1592 *delta = 0; 1593 return srtp_err_status_pkt_idx_adv; 1594 } 1595 #else 1596 if (*est - rdbx->index > seq_num_median) { 1597 *delta = 0; 1598 return srtp_err_status_pkt_idx_adv; 1599 } 1600 #endif 1601 } else if (*est < rdbx->index) { 1602 #ifdef NO_64BIT_MATH 1603 1604 internal_roc = (uint32_t)(rdbx->index >> 16); 1605 roc_difference = internal_roc - roc; 1606 if (roc_difference > 1) { 1607 *delta = 0; 1608 return srtp_err_status_pkt_idx_adv; 1609 } 1610 1611 internal_pkt_idx_reduced = 1612 (uint32_t)((roc_difference << 16) | rdbx->index & 0xFFFF); 1613 external_pkt_idx_reduced = (uint32_t)(seq); 1614 1615 if (internal_pkt_idx_reduced - external_pkt_idx_reduced > 1616 seq_num_median) { 1617 *delta = 0; 1618 return srtp_err_status_pkt_idx_old; 1619 } 1620 #else 1621 if (rdbx->index - *est > seq_num_median) { 1622 *delta = 0; 1623 return srtp_err_status_pkt_idx_old; 1624 } 1625 #endif 1626 } 1627 1628 return srtp_err_status_ok; 1629 } 1630 1631 static srtp_err_status_t 1632 srtp_get_est_pkt_index(srtp_hdr_t *hdr, 1633 srtp_stream_ctx_t *stream, 1634 srtp_xtd_seq_num_t *est, 1635 int *delta) 1636 { 1637 srtp_err_status_t result = srtp_err_status_ok; 1638 1639 if (stream->pending_roc) { 1640 result = srtp_estimate_index(&stream->rtp_rdbx, 1641 stream->pending_roc, 1642 est, 1643 ntohs(hdr->seq), 1644 delta); 1645 } else { 1646 /* estimate packet index from seq. num. in header */ 1647 *delta = srtp_rdbx_estimate_index(&stream->rtp_rdbx, 1648 est, 1649 ntohs(hdr->seq)); 1650 } 1651 1652 #ifdef NO_64BIT_MATH 1653 debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(*est), low32(*est)); 1654 #else 1655 debug_print(mod_srtp, "estimated u_packet index: %016llx", *est); 1656 #endif 1657 return result; 1658 } 900 1659 901 1660 /* … … 904 1663 * encrypted and authenticated. 905 1664 */ 906 static err_status_t 907 srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, 908 void *rtp_hdr, unsigned int *pkt_octet_len) 1665 static srtp_err_status_t 1666 srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, 1667 void *rtp_hdr, unsigned int *pkt_octet_len, 1668 srtp_session_keys_t *session_keys, unsigned int use_mki) 909 1669 { 910 1670 srtp_hdr_t *hdr = (srtp_hdr_t*)rtp_hdr; 911 1671 uint32_t *enc_start; /* pointer to start of encrypted portion */ 912 1672 int enc_octet_len = 0; /* number of octets in encrypted portion */ 913 xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */1673 srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ 914 1674 int delta; /* delta of local pkt idx and that in hdr */ 915 err_status_t status;916 int tag_len;1675 srtp_err_status_t status; 1676 uint32_t tag_len; 917 1677 v128_t iv; 918 1678 unsigned int aad_len; 1679 srtp_hdr_xtnd_t *xtn_hdr = NULL; 1680 unsigned int mki_size = 0; 1681 uint8_t *mki_location = NULL; 919 1682 920 1683 debug_print(mod_srtp, "function srtp_protect_aead", NULL); … … 925 1688 * the event handler if we hit either. 926 1689 */ 927 switch ( key_limit_update(stream->limit)) {928 case key_event_normal:1690 switch (srtp_key_limit_update(session_keys->limit)) { 1691 case srtp_key_event_normal: 929 1692 break; 930 case key_event_hard_limit:1693 case srtp_key_event_hard_limit: 931 1694 srtp_handle_event(ctx, stream, event_key_hard_limit); 932 return err_status_key_expired;933 case key_event_soft_limit:1695 return srtp_err_status_key_expired; 1696 case srtp_key_event_soft_limit: 934 1697 default: 935 1698 srtp_handle_event(ctx, stream, event_key_soft_limit); … … 938 1701 939 1702 /* get tag length from stream */ 940 tag_len = auth_get_tag_length(stream->rtp_auth);1703 tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth); 941 1704 942 1705 /* … … 948 1711 enc_start = (uint32_t*)hdr + uint32s_in_rtp_header + hdr->cc; 949 1712 if (hdr->x == 1) { 950 srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t*)enc_start;1713 xtn_hdr = (srtp_hdr_xtnd_t*)enc_start; 951 1714 enc_start += (ntohs(xtn_hdr->length) + 1); 952 1715 } 1716 /* note: the passed size is without the auth tag */ 953 1717 if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len)) 954 return err_status_parse_err;1718 return srtp_err_status_parse_err; 955 1719 enc_octet_len = (int)(*pkt_octet_len - 956 1720 ((uint8_t*)enc_start - (uint8_t*)hdr)); 957 if (enc_octet_len < 0) return err_status_parse_err;1721 if (enc_octet_len < 0) return srtp_err_status_parse_err; 958 1722 959 1723 /* … … 961 1725 * and the sequence number from the header 962 1726 */ 963 delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq));964 status = rdbx_check(&stream->rtp_rdbx, delta);1727 delta = srtp_rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); 1728 status = srtp_rdbx_check(&stream->rtp_rdbx, delta); 965 1729 if (status) { 966 if (status != err_status_replay_fail || !stream->allow_repeat_tx) {1730 if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx) { 967 1731 return status; /* we've been asked to reuse an index */ 968 1732 } 969 1733 } else { 970 rdbx_add_index(&stream->rtp_rdbx, delta);1734 srtp_rdbx_add_index(&stream->rtp_rdbx, delta); 971 1735 } 972 1736 … … 981 1745 * AEAD uses a new IV formation method 982 1746 */ 983 srtp_calc_aead_iv(stream, &iv, &est, hdr); 984 status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt); 985 if (status) { 986 return err_status_cipher_fail; 987 } 988 1747 srtp_calc_aead_iv(session_keys, &iv, &est, hdr); 989 1748 /* shift est, put into network byte order */ 990 1749 #ifdef NO_64BIT_MATH … … 996 1755 #endif 997 1756 1757 status = srtp_cipher_set_iv(session_keys->rtp_cipher, 1758 (uint8_t*)&iv, srtp_direction_encrypt); 1759 if (!status && session_keys->rtp_xtn_hdr_cipher) { 1760 iv.v32[0] = 0; 1761 iv.v32[1] = hdr->ssrc; 1762 iv.v64[1] = est; 1763 status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, 1764 (uint8_t*)&iv, srtp_direction_encrypt); 1765 } 1766 if (status) { 1767 return srtp_err_status_cipher_fail; 1768 } 1769 1770 if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) { 1771 /* 1772 * extensions header encryption RFC 6904 1773 */ 1774 status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); 1775 if (status) { 1776 return status; 1777 } 1778 } 1779 998 1780 /* 999 1781 * Set the AAD over the RTP header 1000 1782 */ 1001 1783 aad_len = (uint8_t *)enc_start - (uint8_t *)hdr; 1002 status = cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len);1784 status = srtp_cipher_set_aad(session_keys->rtp_cipher, (uint8_t*)hdr, aad_len); 1003 1785 if (status) { 1004 return ( err_status_cipher_fail);1786 return ( srtp_err_status_cipher_fail); 1005 1787 } 1006 1788 1007 1789 /* Encrypt the payload */ 1008 status = cipher_encrypt(stream->rtp_cipher,1790 status = srtp_cipher_encrypt(session_keys->rtp_cipher, 1009 1791 (uint8_t*)enc_start, (unsigned int *)&enc_octet_len); 1010 1792 if (status) { 1011 return err_status_cipher_fail;1793 return srtp_err_status_cipher_fail; 1012 1794 } 1013 1795 /* … … 1015 1797 * and append that to the output 1016 1798 */ 1017 status = cipher_get_tag(stream->rtp_cipher,1799 status = srtp_cipher_get_tag(session_keys->rtp_cipher, 1018 1800 (uint8_t*)enc_start+enc_octet_len, &tag_len); 1019 1801 if (status) { 1020 return ( err_status_cipher_fail); 1021 } 1802 return ( srtp_err_status_cipher_fail); 1803 } 1804 1805 mki_location = (uint8_t *)hdr + *pkt_octet_len + tag_len; 1806 mki_size = srtp_inject_mki(mki_location, session_keys, use_mki); 1022 1807 1023 1808 /* increase the packet length by the length of the auth tag */ 1024 1809 *pkt_octet_len += tag_len; 1025 1810 1026 return err_status_ok; 1811 /* increase the packet length by the length of the mki_size */ 1812 *pkt_octet_len += mki_size; 1813 1814 return srtp_err_status_ok; 1027 1815 } 1028 1816 … … 1035 1823 * when decrypting the payload. 1036 1824 */ 1037 static err_status_t1825 static srtp_err_status_t 1038 1826 srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, 1039 xtd_seq_num_t est, void *srtp_hdr, unsigned int *pkt_octet_len) 1827 srtp_xtd_seq_num_t est, void *srtp_hdr, unsigned int *pkt_octet_len, 1828 srtp_session_keys_t *session_keys, unsigned int mki_size) 1040 1829 { 1041 1830 srtp_hdr_t *hdr = (srtp_hdr_t*)srtp_hdr; … … 1043 1832 unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ 1044 1833 v128_t iv; 1045 err_status_t status;1834 srtp_err_status_t status; 1046 1835 int tag_len; 1047 1836 unsigned int aad_len; 1837 srtp_hdr_xtnd_t *xtn_hdr = NULL; 1048 1838 1049 1839 debug_print(mod_srtp, "function srtp_unprotect_aead", NULL); … … 1056 1846 1057 1847 /* get tag length from stream */ 1058 tag_len = auth_get_tag_length(stream->rtp_auth);1848 tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth); 1059 1849 1060 1850 /* 1061 1851 * AEAD uses a new IV formation method 1062 1852 */ 1063 srtp_calc_aead_iv(stream, &iv, &est, hdr); 1064 status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt); 1853 srtp_calc_aead_iv(session_keys, &iv, &est, hdr); 1854 status = srtp_cipher_set_iv(session_keys->rtp_cipher, 1855 (uint8_t*)&iv, srtp_direction_decrypt); 1856 if (!status && session_keys->rtp_xtn_hdr_cipher) { 1857 iv.v32[0] = 0; 1858 iv.v32[1] = hdr->ssrc; 1859 #ifdef NO_64BIT_MATH 1860 iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), 1861 low32(est) << 16)); 1862 #else 1863 iv.v64[1] = be64_to_cpu(est << 16); 1864 #endif 1865 status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt); 1866 } 1065 1867 if (status) { 1066 return err_status_cipher_fail;1868 return srtp_err_status_cipher_fail; 1067 1869 } 1068 1870 … … 1075 1877 enc_start = (uint32_t*)hdr + uint32s_in_rtp_header + hdr->cc; 1076 1878 if (hdr->x == 1) { 1077 srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t*)enc_start;1879 xtn_hdr = (srtp_hdr_xtnd_t*)enc_start; 1078 1880 enc_start += (ntohs(xtn_hdr->length) + 1); 1079 1881 } 1080 if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len )))1081 return err_status_parse_err;1882 if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len - mki_size))) 1883 return srtp_err_status_parse_err; 1082 1884 /* 1083 1885 * We pass the tag down to the cipher when doing GCM mode 1084 1886 */ 1085 enc_octet_len = (unsigned int)(*pkt_octet_len - 1887 enc_octet_len = (unsigned int)(*pkt_octet_len - mki_size - 1086 1888 ((uint8_t*)enc_start - (uint8_t*)hdr)); 1087 1889 … … 1092 1894 */ 1093 1895 if (enc_octet_len < (unsigned int) tag_len) { 1094 return err_status_cipher_fail;1896 return srtp_err_status_cipher_fail; 1095 1897 } 1096 1898 … … 1100 1902 * the event handler if we hit either. 1101 1903 */ 1102 switch ( key_limit_update(stream->limit)) {1103 case key_event_normal:1904 switch (srtp_key_limit_update(session_keys->limit)) { 1905 case srtp_key_event_normal: 1104 1906 break; 1105 case key_event_soft_limit:1907 case srtp_key_event_soft_limit: 1106 1908 srtp_handle_event(ctx, stream, event_key_soft_limit); 1107 1909 break; 1108 case key_event_hard_limit:1910 case srtp_key_event_hard_limit: 1109 1911 srtp_handle_event(ctx, stream, event_key_hard_limit); 1110 return err_status_key_expired;1912 return srtp_err_status_key_expired; 1111 1913 default: 1112 1914 break; … … 1117 1919 */ 1118 1920 aad_len = (uint8_t *)enc_start - (uint8_t *)hdr; 1119 status = cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len);1921 status = srtp_cipher_set_aad(session_keys->rtp_cipher, (uint8_t*)hdr, aad_len); 1120 1922 if (status) { 1121 return ( err_status_cipher_fail);1122 } 1123 1124 /* Decrypt the ciphertext. This also checks the auth tag based 1923 return ( srtp_err_status_cipher_fail); 1924 } 1925 1926 /* Decrypt the ciphertext. This also checks the auth tag based 1125 1927 * on the AAD we just specified above */ 1126 status = cipher_decrypt(stream->rtp_cipher,1127 (uint8_t*)enc_start, &enc_octet_len);1928 status = srtp_cipher_decrypt(session_keys->rtp_cipher, 1929 (uint8_t*)enc_start, &enc_octet_len); 1128 1930 if (status) { 1129 1931 return status; 1932 } 1933 1934 if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) { 1935 /* 1936 * extensions header encryption RFC 6904 1937 */ 1938 status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); 1939 if (status) { 1940 return status; 1941 } 1130 1942 } 1131 1943 … … 1180 1992 * index into the replay database 1181 1993 */ 1182 rdbx_add_index(&stream->rtp_rdbx, delta);1994 srtp_rdbx_add_index(&stream->rtp_rdbx, delta); 1183 1995 1184 1996 /* decrease the packet length by the length of the auth tag */ 1185 1997 *pkt_octet_len -= tag_len; 1186 1998 1187 return err_status_ok; 1188 } 1189 1190 1191 1192 1193 err_status_t 1999 /* decrease the packet length by the length of the mki_size */ 2000 *pkt_octet_len -= mki_size; 2001 2002 return srtp_err_status_ok; 2003 } 2004 2005 2006 srtp_err_status_t 1194 2007 srtp_protect(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len) { 2008 return srtp_protect_mki(ctx, rtp_hdr, pkt_octet_len, 0, 0); 2009 } 2010 2011 srtp_err_status_t 2012 srtp_protect_mki(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len, 2013 unsigned int use_mki, unsigned int mki_index ) { 1195 2014 srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; 1196 2015 uint32_t *enc_start; /* pointer to start of encrypted portion */ 1197 2016 uint32_t *auth_start; /* pointer to start of auth. portion */ 1198 2017 int enc_octet_len = 0; /* number of octets in encrypted portion */ 1199 xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */2018 srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ 1200 2019 int delta; /* delta of local pkt idx and that in hdr */ 1201 2020 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ 1202 err_status_t status;2021 srtp_err_status_t status; 1203 2022 int tag_len; 1204 2023 srtp_stream_ctx_t *stream; 1205 int prefix_len; 2024 uint32_t prefix_len; 2025 srtp_hdr_xtnd_t *xtn_hdr = NULL; 2026 unsigned int mki_size = 0; 2027 srtp_session_keys_t *session_keys = NULL; 2028 uint8_t* mki_location = NULL; 2029 int advance_packet_index = 0; 1206 2030 1207 2031 debug_print(mod_srtp, "function srtp_protect", NULL); … … 1216 2040 /* check the packet length - it must at least contain a full header */ 1217 2041 if (*pkt_octet_len < octets_in_rtp_header) 1218 return err_status_bad_param;2042 return srtp_err_status_bad_param; 1219 2043 1220 2044 /* … … 1247 2071 } else { 1248 2072 /* no template stream, so we return an error */ 1249 return err_status_no_ctx;2073 return srtp_err_status_no_ctx; 1250 2074 } 1251 2075 } … … 1257 2081 * those functions. 1258 2082 */ 2083 1259 2084 if (stream->direction != dir_srtp_sender) { 1260 2085 if (stream->direction == dir_unknown) { … … 1265 2090 } 1266 2091 2092 session_keys = srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index); 2093 1267 2094 /* 1268 2095 * Check if this is an AEAD stream (GCM mode). If so, then dispatch 1269 2096 * the request to our AEAD handler. 1270 2097 */ 1271 if (stream->rtp_cipher->algorithm == AES_128_GCM || 1272 stream->rtp_cipher->algorithm == AES_256_GCM) { 1273 return srtp_protect_aead(ctx, stream, rtp_hdr, (unsigned int*)pkt_octet_len); 2098 if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || 2099 session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { 2100 return srtp_protect_aead(ctx, stream, rtp_hdr, 2101 (unsigned int*)pkt_octet_len, session_keys, 2102 use_mki); 1274 2103 } 1275 2104 … … 1279 2108 * the event handler if we hit either. 1280 2109 */ 1281 switch( key_limit_update(stream->limit)) {1282 case key_event_normal:2110 switch(srtp_key_limit_update(session_keys->limit)) { 2111 case srtp_key_event_normal: 1283 2112 break; 1284 case key_event_soft_limit:2113 case srtp_key_event_soft_limit: 1285 2114 srtp_handle_event(ctx, stream, event_key_soft_limit); 1286 2115 break; 1287 case key_event_hard_limit:2116 case srtp_key_event_hard_limit: 1288 2117 srtp_handle_event(ctx, stream, event_key_hard_limit); 1289 return err_status_key_expired;2118 return srtp_err_status_key_expired; 1290 2119 default: 1291 2120 break; … … 1293 2122 1294 2123 /* get tag length from stream */ 1295 tag_len = auth_get_tag_length(stream->rtp_auth);2124 tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth); 1296 2125 1297 2126 /* … … 1306 2135 enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; 1307 2136 if (hdr->x == 1) { 1308 srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;2137 xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; 1309 2138 enc_start += (ntohs(xtn_hdr->length) + 1); 1310 2139 } 2140 /* note: the passed size is without the auth tag */ 1311 2141 if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len)) 1312 return err_status_parse_err;2142 return srtp_err_status_parse_err; 1313 2143 enc_octet_len = (int)(*pkt_octet_len - 1314 2144 ((uint8_t*)enc_start - (uint8_t*)hdr)); 1315 if (enc_octet_len < 0) return err_status_parse_err;2145 if (enc_octet_len < 0) return srtp_err_status_parse_err; 1316 2146 } else { 1317 2147 enc_start = NULL; 1318 2148 } 2149 2150 mki_location = (uint8_t *)hdr + *pkt_octet_len; 2151 mki_size = srtp_inject_mki(mki_location, session_keys, use_mki); 1319 2152 1320 2153 /* … … 1325 2158 if (stream->rtp_services & sec_serv_auth) { 1326 2159 auth_start = (uint32_t *)hdr; 1327 auth_tag = (uint8_t *)hdr + *pkt_octet_len ;2160 auth_tag = (uint8_t *)hdr + *pkt_octet_len + mki_size; 1328 2161 } else { 1329 2162 auth_start = NULL; … … 1331 2164 } 1332 2165 1333 /* 1334 * estimate the packet index using the start of the replay window 1335 * and the sequence number from the header 1336 */ 1337 delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); 1338 status = rdbx_check(&stream->rtp_rdbx, delta); 1339 if (status) { 1340 if (status != err_status_replay_fail || !stream->allow_repeat_tx) 1341 return status; /* we've been asked to reuse an index */ 1342 } 1343 else 1344 rdbx_add_index(&stream->rtp_rdbx, delta); 2166 /* 2167 * estimate the packet index using the start of the replay window 2168 * and the sequence number from the header 2169 */ 2170 status = srtp_get_est_pkt_index(hdr, 2171 stream, 2172 &est, 2173 &delta); 2174 2175 if (status && (status != srtp_err_status_pkt_idx_adv)) 2176 return status; 2177 2178 if (status == srtp_err_status_pkt_idx_adv) 2179 advance_packet_index = 1; 2180 2181 if (advance_packet_index) { 2182 srtp_rdbx_set_roc_seq(&stream->rtp_rdbx, 2183 (uint32_t)(est >> 16), 2184 (uint16_t)(est & 0xFFFF)); 2185 stream->pending_roc = 0; 2186 srtp_rdbx_add_index(&stream->rtp_rdbx, 0); 2187 } else { 2188 status = srtp_rdbx_check(&stream->rtp_rdbx, delta); 2189 if (status) { 2190 if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx) 2191 return status; /* we've been asked to reuse an index */ 2192 } 2193 srtp_rdbx_add_index(&stream->rtp_rdbx, delta); 2194 } 1345 2195 1346 2196 #ifdef NO_64BIT_MATH … … 1354 2204 * if we're using rindael counter mode, set nonce and seq 1355 2205 */ 1356 if (stream->rtp_cipher->type->id == AES_ICM || 1357 stream->rtp_cipher->type->id == AES_256_ICM) { 2206 if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM_128 || 2207 session_keys->rtp_cipher->type->id == SRTP_AES_ICM_192 || 2208 session_keys->rtp_cipher->type->id == SRTP_AES_ICM_256) { 1358 2209 v128_t iv; 1359 2210 … … 1366 2217 iv.v64[1] = be64_to_cpu(est << 16); 1367 2218 #endif 1368 status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt); 1369 2219 status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); 2220 if (!status && session_keys->rtp_xtn_hdr_cipher) { 2221 status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt); 2222 } 1370 2223 } else { 1371 2224 v128_t iv; … … 1379 2232 #endif 1380 2233 iv.v64[1] = be64_to_cpu(est); 1381 status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt); 2234 status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); 2235 if (!status && session_keys->rtp_xtn_hdr_cipher) { 2236 status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt); 2237 } 1382 2238 } 1383 2239 if (status) 1384 return err_status_cipher_fail;2240 return srtp_err_status_cipher_fail; 1385 2241 1386 2242 /* shift est, put into network byte order */ … … 1399 2255 if (auth_start) { 1400 2256 1401 prefix_len = auth_get_prefix_length(stream->rtp_auth);2257 prefix_len = srtp_auth_get_prefix_length(session_keys->rtp_auth); 1402 2258 if (prefix_len) { 1403 status = cipher_output(stream->rtp_cipher, auth_tag,prefix_len);2259 status = srtp_cipher_output(session_keys->rtp_cipher, auth_tag, &prefix_len); 1404 2260 if (status) 1405 return err_status_cipher_fail;2261 return srtp_err_status_cipher_fail; 1406 2262 debug_print(mod_srtp, "keystream prefix: %s", 1407 octet_string_hex_string(auth_tag, prefix_len)); 2263 srtp_octet_string_hex_string(auth_tag, prefix_len)); 2264 } 2265 } 2266 2267 if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) { 2268 /* 2269 * extensions header encryption RFC 6904 2270 */ 2271 status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); 2272 if (status) { 2273 return status; 1408 2274 } 1409 2275 } … … 1411 2277 /* if we're encrypting, exor keystream into the message */ 1412 2278 if (enc_start) { 1413 status = cipher_encrypt(stream->rtp_cipher,1414 (uint8_t *)enc_start, (unsigned int*)&enc_octet_len);2279 status = srtp_cipher_encrypt(session_keys->rtp_cipher, 2280 (uint8_t *)enc_start, (unsigned int *)&enc_octet_len); 1415 2281 if (status) 1416 return err_status_cipher_fail;2282 return srtp_err_status_cipher_fail; 1417 2283 } 1418 2284 … … 1424 2290 1425 2291 /* initialize auth func context */ 1426 status = auth_start(stream->rtp_auth);2292 status = srtp_auth_start(session_keys->rtp_auth); 1427 2293 if (status) return status; 1428 2294 1429 2295 /* run auth func over packet */ 1430 status = auth_update(stream->rtp_auth,2296 status = srtp_auth_update(session_keys->rtp_auth, 1431 2297 (uint8_t *)auth_start, *pkt_octet_len); 1432 2298 if (status) return status; … … 1434 2300 /* run auth func over ROC, put result into auth_tag */ 1435 2301 debug_print(mod_srtp, "estimated packet index: %016llx", est); 1436 status = auth_compute(stream->rtp_auth, (uint8_t *)&est, 4, auth_tag);2302 status = srtp_auth_compute(session_keys->rtp_auth, (uint8_t *)&est, 4, auth_tag); 1437 2303 debug_print(mod_srtp, "srtp auth tag: %s", 1438 octet_string_hex_string(auth_tag, tag_len));2304 srtp_octet_string_hex_string(auth_tag, tag_len)); 1439 2305 if (status) 1440 return err_status_auth_fail;2306 return srtp_err_status_auth_fail; 1441 2307 1442 2308 } … … 1448 2314 } 1449 2315 1450 return err_status_ok; 1451 } 1452 1453 1454 err_status_t 2316 if (use_mki) { 2317 /* increate the packet length by the mki size */ 2318 *pkt_octet_len += mki_size; 2319 } 2320 2321 return srtp_err_status_ok; 2322 } 2323 2324 2325 srtp_err_status_t 1455 2326 srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { 2327 return srtp_unprotect_mki(ctx, srtp_hdr, pkt_octet_len, 0); 2328 } 2329 2330 srtp_err_status_t 2331 srtp_unprotect_mki(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len, 2332 unsigned int use_mki) { 1456 2333 srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr; 1457 2334 uint32_t *enc_start; /* pointer to start of encrypted portion */ … … 1459 2336 unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ 1460 2337 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ 1461 xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */2338 srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ 1462 2339 int delta; /* delta of local pkt idx and that in hdr */ 1463 2340 v128_t iv; 1464 err_status_t status;2341 srtp_err_status_t status; 1465 2342 srtp_stream_ctx_t *stream; 1466 2343 uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; 1467 int tag_len, prefix_len; 2344 uint32_t tag_len, prefix_len; 2345 srtp_hdr_xtnd_t *xtn_hdr = NULL; 2346 unsigned int mki_size = 0; 2347 srtp_session_keys_t *session_keys = NULL; 2348 int advance_packet_index = 0; 2349 uint32_t roc_to_set = 0; 2350 uint16_t seq_to_set = 0; 1468 2351 1469 2352 debug_print(mod_srtp, "function srtp_unprotect", NULL); … … 1478 2361 /* check the packet length - it must at least contain a full header */ 1479 2362 if (*pkt_octet_len < octets_in_rtp_header) 1480 return err_status_bad_param;2363 return srtp_err_status_bad_param; 1481 2364 1482 2365 /* … … 1492 2375 stream = ctx->stream_template; 1493 2376 debug_print(mod_srtp, "using provisional stream (SSRC: 0x%08x)", 1494 hdr->ssrc);2377 ntohl(hdr->ssrc)); 1495 2378 1496 2379 /* … … 1499 2382 */ 1500 2383 #ifdef NO_64BIT_MATH 1501 est = ( xtd_seq_num_t) make64(0,ntohs(hdr->seq));2384 est = (srtp_xtd_seq_num_t) make64(0,ntohs(hdr->seq)); 1502 2385 delta = low32(est); 1503 2386 #else 1504 est = ( xtd_seq_num_t) ntohs(hdr->seq);2387 est = (srtp_xtd_seq_num_t) ntohs(hdr->seq); 1505 2388 delta = (int)est; 1506 2389 #endif … … 1511 2394 * key-sharing, so return an error 1512 2395 */ 1513 return err_status_no_ctx;2396 return srtp_err_status_no_ctx; 1514 2397 } 1515 2398 } else { 1516 1517 /* estimate packet index from seq. num. in header */ 1518 delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); 1519 2399 status = srtp_get_est_pkt_index(hdr, 2400 stream, 2401 &est, 2402 &delta); 2403 2404 if (status && (status != srtp_err_status_pkt_idx_adv)) 2405 return status; 2406 2407 if (status == srtp_err_status_pkt_idx_adv) { 2408 advance_packet_index = 1; 2409 roc_to_set = (uint32_t)(est >> 16); 2410 seq_to_set = (uint16_t)(est & 0xFFFF); 2411 } 2412 1520 2413 /* check replay database */ 1521 status = rdbx_check(&stream->rtp_rdbx, delta); 1522 if (status) 1523 return status; 2414 if (!advance_packet_index) { 2415 status = srtp_rdbx_check(&stream->rtp_rdbx, delta); 2416 if (status) 2417 return status; 2418 } 1524 2419 } 1525 2420 … … 1531 2426 1532 2427 /* 2428 * Determine if MKI is being used and what session keys should be used 2429 */ 2430 if (use_mki) { 2431 session_keys = srtp_get_session_keys(stream, (uint8_t *)hdr, 2432 (const unsigned int*)pkt_octet_len, 2433 &mki_size); 2434 2435 if (session_keys == NULL) 2436 return srtp_err_status_bad_mki; 2437 } else { 2438 session_keys = &stream->session_keys[0]; 2439 } 2440 2441 /* 1533 2442 * Check if this is an AEAD stream (GCM mode). If so, then dispatch 1534 2443 * the request to our AEAD handler. 1535 2444 */ 1536 if (stream->rtp_cipher->algorithm == AES_128_GCM || 1537 stream->rtp_cipher->algorithm == AES_256_GCM) { 1538 return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr, (unsigned int*)pkt_octet_len); 2445 if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || 2446 session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { 2447 return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr, 2448 (unsigned int*)pkt_octet_len, session_keys, 2449 mki_size); 1539 2450 } 1540 2451 1541 2452 /* get tag length from stream */ 1542 tag_len = auth_get_tag_length(stream->rtp_auth);2453 tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth); 1543 2454 1544 2455 /* … … 1546 2457 * happen to be using 1547 2458 */ 1548 if (s tream->rtp_cipher->type->id == AES_ICM||1549 s tream->rtp_cipher->type->id == AES_256_ICM) {1550 2459 if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM_128 || 2460 session_keys->rtp_cipher->type->id == SRTP_AES_ICM_192 || 2461 session_keys->rtp_cipher->type->id == SRTP_AES_ICM_256) { 1551 2462 /* aes counter mode */ 1552 2463 iv.v32[0] = 0; … … 1558 2469 iv.v64[1] = be64_to_cpu(est << 16); 1559 2470 #endif 1560 status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt); 2471 status = srtp_cipher_set_iv(session_keys->rtp_cipher, 2472 (uint8_t*)&iv, srtp_direction_decrypt); 2473 if (!status && session_keys->rtp_xtn_hdr_cipher) { 2474 status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, 2475 (uint8_t*)&iv, srtp_direction_decrypt); 2476 } 1561 2477 } else { 1562 2478 … … 1569 2485 #endif 1570 2486 iv.v64[1] = be64_to_cpu(est); 1571 status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt); 2487 status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t*)&iv, srtp_direction_decrypt); 2488 if (!status && session_keys->rtp_xtn_hdr_cipher) { 2489 status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_decrypt); 2490 } 1572 2491 } 1573 2492 if (status) 1574 return err_status_cipher_fail;2493 return srtp_err_status_cipher_fail; 1575 2494 1576 2495 /* shift est, put into network byte order */ … … 1594 2513 enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; 1595 2514 if (hdr->x == 1) { 1596 srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;2515 xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; 1597 2516 enc_start += (ntohs(xtn_hdr->length) + 1); 1598 2517 } 1599 if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len )))1600 return err_status_parse_err;1601 enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len - 2518 if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len - mki_size))) 2519 return srtp_err_status_parse_err; 2520 enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len - mki_size - 1602 2521 ((uint8_t*)enc_start - (uint8_t*)hdr)); 1603 2522 } else { … … 1631 2550 * the authenticator isn't using a universal hash function 1632 2551 */ 1633 if (s tream->rtp_auth->prefix_len != 0) {2552 if (session_keys->rtp_auth->prefix_len != 0) { 1634 2553 1635 prefix_len = auth_get_prefix_length(stream->rtp_auth);1636 status = cipher_output(stream->rtp_cipher, tmp_tag,prefix_len);2554 prefix_len = srtp_auth_get_prefix_length(session_keys->rtp_auth); 2555 status = srtp_cipher_output(session_keys->rtp_cipher, tmp_tag, &prefix_len); 1637 2556 debug_print(mod_srtp, "keystream prefix: %s", 1638 octet_string_hex_string(tmp_tag, prefix_len));2557 srtp_octet_string_hex_string(tmp_tag, prefix_len)); 1639 2558 if (status) 1640 return err_status_cipher_fail;2559 return srtp_err_status_cipher_fail; 1641 2560 } 1642 2561 1643 2562 /* initialize auth func context */ 1644 status = auth_start(stream->rtp_auth);2563 status = srtp_auth_start(session_keys->rtp_auth); 1645 2564 if (status) return status; 1646 2565 1647 2566 /* now compute auth function over packet */ 1648 status = auth_update(stream->rtp_auth, (uint8_t *)auth_start,1649 *pkt_octet_len - tag_len );2567 status = srtp_auth_update(session_keys->rtp_auth, (uint8_t *)auth_start, 2568 *pkt_octet_len - tag_len - mki_size); 1650 2569 1651 2570 /* run auth func over ROC, then write tmp tag */ 1652 status = auth_compute(stream->rtp_auth, (uint8_t *)&est, 4, tmp_tag);2571 status = srtp_auth_compute(session_keys->rtp_auth, (uint8_t *)&est, 4, tmp_tag); 1653 2572 1654 2573 debug_print(mod_srtp, "computed auth tag: %s", 1655 octet_string_hex_string(tmp_tag, tag_len));2574 srtp_octet_string_hex_string(tmp_tag, tag_len)); 1656 2575 debug_print(mod_srtp, "packet auth tag: %s", 1657 octet_string_hex_string(auth_tag, tag_len));2576 srtp_octet_string_hex_string(auth_tag, tag_len)); 1658 2577 if (status) 1659 return err_status_auth_fail;2578 return srtp_err_status_auth_fail; 1660 2579 1661 2580 if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) 1662 return err_status_auth_fail;2581 return srtp_err_status_auth_fail; 1663 2582 } 1664 2583 … … 1668 2587 * the event handler if we hit either. 1669 2588 */ 1670 switch( key_limit_update(stream->limit)) {1671 case key_event_normal:2589 switch(srtp_key_limit_update(session_keys->limit)) { 2590 case srtp_key_event_normal: 1672 2591 break; 1673 case key_event_soft_limit:2592 case srtp_key_event_soft_limit: 1674 2593 srtp_handle_event(ctx, stream, event_key_soft_limit); 1675 2594 break; 1676 case key_event_hard_limit:2595 case srtp_key_event_hard_limit: 1677 2596 srtp_handle_event(ctx, stream, event_key_hard_limit); 1678 return err_status_key_expired;2597 return srtp_err_status_key_expired; 1679 2598 default: 1680 2599 break; 1681 2600 } 1682 2601 2602 if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) { 2603 /* 2604 * extensions header encryption RFC 6904 2605 */ 2606 status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); 2607 if (status) { 2608 return status; 2609 } 2610 } 2611 1683 2612 /* if we're decrypting, add keystream into ciphertext */ 1684 2613 if (enc_start) { 1685 status = cipher_decrypt(stream->rtp_cipher,1686 2614 status = srtp_cipher_decrypt(session_keys->rtp_cipher, 2615 (uint8_t *)enc_start, &enc_octet_len); 1687 2616 if (status) 1688 return err_status_cipher_fail;2617 return srtp_err_status_cipher_fail; 1689 2618 } 1690 2619 … … 1733 2662 stream = new_stream; 1734 2663 } 1735 2664 1736 2665 /* 1737 2666 * the message authentication function passed, so add the packet 1738 2667 * index into the replay database 1739 2668 */ 1740 rdbx_add_index(&stream->rtp_rdbx, delta); 2669 if (advance_packet_index) { 2670 srtp_rdbx_set_roc_seq(&stream->rtp_rdbx, 2671 roc_to_set, 2672 seq_to_set); 2673 stream->pending_roc = 0; 2674 srtp_rdbx_add_index(&stream->rtp_rdbx, 0); 2675 } else { 2676 srtp_rdbx_add_index(&stream->rtp_rdbx, delta); 2677 } 1741 2678 1742 2679 /* decrease the packet length by the length of the auth tag */ 1743 2680 *pkt_octet_len -= tag_len; 1744 2681 1745 return err_status_ok; 1746 } 1747 1748 err_status_t 2682 /* decrease the packet length by the mki size */ 2683 *pkt_octet_len -= mki_size; 2684 2685 return srtp_err_status_ok; 2686 } 2687 2688 srtp_err_status_t 1749 2689 srtp_init() { 1750 err_status_t status;2690 srtp_err_status_t status; 1751 2691 1752 2692 /* initialize crypto kernel */ 1753 status = crypto_kernel_init();2693 status = srtp_crypto_kernel_init(); 1754 2694 if (status) 1755 2695 return status; 1756 2696 1757 2697 /* load srtp debug module into the kernel */ 1758 status = crypto_kernel_load_debug_module(&mod_srtp);2698 status = srtp_crypto_kernel_load_debug_module(&mod_srtp); 1759 2699 if (status) 1760 2700 return status; 1761 2701 1762 return err_status_ok;1763 } 1764 1765 err_status_t2702 return srtp_err_status_ok; 2703 } 2704 2705 srtp_err_status_t 1766 2706 srtp_shutdown() { 1767 err_status_t status;2707 srtp_err_status_t status; 1768 2708 1769 2709 /* shut down crypto kernel */ 1770 status = crypto_kernel_shutdown();2710 status = srtp_crypto_kernel_shutdown(); 1771 2711 if (status) 1772 2712 return status; … … 1774 2714 /* shutting down crypto kernel frees the srtp debug module as well */ 1775 2715 1776 return err_status_ok;2716 return srtp_err_status_ok; 1777 2717 } 1778 2718 … … 1792 2732 int 1793 2733 srtp_get_trailer_length(const srtp_stream_t s) { 1794 return auth_get_tag_length(s->rtp_auth);2734 return srtp_auth_get_tag_length(s->rtp_auth); 1795 2735 } 1796 2736 … … 1820 2760 } 1821 2761 1822 err_status_t2762 srtp_err_status_t 1823 2763 srtp_dealloc(srtp_t session) { 1824 2764 srtp_stream_ctx_t *stream; 1825 err_status_t status;2765 srtp_err_status_t status; 1826 2766 1827 2767 /* … … 1835 2775 while (stream != NULL) { 1836 2776 srtp_stream_t next = stream->next; 1837 status = srtp_stream_dealloc(s ession, stream);2777 status = srtp_stream_dealloc(stream, session->stream_template); 1838 2778 if (status) 1839 2779 return status; … … 1843 2783 /* deallocate stream template, if there is one */ 1844 2784 if (session->stream_template != NULL) { 1845 status = auth_dealloc(session->stream_template->rtcp_auth); 1846 if (status) 1847 return status; 1848 status = cipher_dealloc(session->stream_template->rtcp_cipher); 1849 if (status) 1850 return status; 1851 crypto_free(session->stream_template->limit); 1852 status = cipher_dealloc(session->stream_template->rtp_cipher); 1853 if (status) 1854 return status; 1855 status = auth_dealloc(session->stream_template->rtp_auth); 2785 status = srtp_stream_dealloc(session->stream_template, NULL); 1856 2786 if (status) 1857 2787 return status; 1858 status = rdbx_dealloc(&session->stream_template->rtp_rdbx);1859 if (status)1860 return status;1861 crypto_free(session->stream_template);1862 2788 } 1863 2789 1864 2790 /* deallocate session context */ 1865 crypto_free(session);1866 1867 return err_status_ok;1868 } 1869 1870 1871 err_status_t2791 srtp_crypto_free(session); 2792 2793 return srtp_err_status_ok; 2794 } 2795 2796 2797 srtp_err_status_t 1872 2798 srtp_add_stream(srtp_t session, 1873 2799 const srtp_policy_t *policy) { 1874 err_status_t status;2800 srtp_err_status_t status; 1875 2801 srtp_stream_t tmp; 1876 2802 1877 2803 /* sanity check arguments */ 1878 if ((session == NULL) || (policy == NULL) || ( policy->key == NULL))1879 return err_status_bad_param;2804 if ((session == NULL) || (policy == NULL) || (!srtp_validate_policy_master_keys(policy))) 2805 return srtp_err_status_bad_param; 1880 2806 1881 2807 /* allocate stream */ … … 1888 2814 status = srtp_stream_init(tmp, policy); 1889 2815 if (status) { 1890 crypto_free(tmp);2816 srtp_crypto_free(tmp); 1891 2817 return status; 1892 2818 } … … 1903 2829 case (ssrc_any_outbound): 1904 2830 if (session->stream_template) { 1905 return err_status_bad_param;2831 return srtp_err_status_bad_param; 1906 2832 } 1907 2833 session->stream_template = tmp; … … 1910 2836 case (ssrc_any_inbound): 1911 2837 if (session->stream_template) { 1912 return err_status_bad_param;2838 return srtp_err_status_bad_param; 1913 2839 } 1914 2840 session->stream_template = tmp; … … 1921 2847 case (ssrc_undefined): 1922 2848 default: 1923 crypto_free(tmp);1924 return err_status_bad_param;2849 srtp_crypto_free(tmp); 2850 return srtp_err_status_bad_param; 1925 2851 } 1926 2852 1927 return err_status_ok;1928 } 1929 1930 1931 err_status_t2853 return srtp_err_status_ok; 2854 } 2855 2856 2857 srtp_err_status_t 1932 2858 srtp_create(srtp_t *session, /* handle for session */ 1933 2859 const srtp_policy_t *policy) { /* SRTP policy (list) */ 1934 err_status_t stat;2860 srtp_err_status_t stat; 1935 2861 srtp_ctx_t *ctx; 1936 2862 1937 2863 /* sanity check arguments */ 1938 2864 if (session == NULL) 1939 return err_status_bad_param;2865 return srtp_err_status_bad_param; 1940 2866 1941 2867 /* allocate srtp context and set ctx_ptr */ 1942 ctx = (srtp_ctx_t *) crypto_alloc(sizeof(srtp_ctx_t));2868 ctx = (srtp_ctx_t *) srtp_crypto_alloc(sizeof(srtp_ctx_t)); 1943 2869 if (ctx == NULL) 1944 return err_status_alloc_fail;2870 return srtp_err_status_alloc_fail; 1945 2871 *session = ctx; 1946 2872 … … 1958 2884 /* clean up everything */ 1959 2885 srtp_dealloc(*session); 2886 *session = NULL; 1960 2887 return stat; 1961 2888 } … … 1965 2892 } 1966 2893 1967 return err_status_ok;1968 } 1969 1970 1971 err_status_t2894 return srtp_err_status_ok; 2895 } 2896 2897 2898 srtp_err_status_t 1972 2899 srtp_remove_stream(srtp_t session, uint32_t ssrc) { 1973 2900 srtp_stream_ctx_t *stream, *last_stream; 1974 err_status_t status;2901 srtp_err_status_t status; 1975 2902 1976 2903 /* sanity check arguments */ 1977 2904 if (session == NULL) 1978 return err_status_bad_param;2905 return srtp_err_status_bad_param; 1979 2906 1980 2907 /* find stream in list; complain if not found */ … … 1985 2912 } 1986 2913 if (stream == NULL) 1987 return err_status_no_ctx;2914 return srtp_err_status_no_ctx; 1988 2915 1989 2916 /* remove stream from the list */ … … 1995 2922 1996 2923 /* deallocate the stream */ 1997 status = srtp_stream_dealloc(s ession, stream);2924 status = srtp_stream_dealloc(stream, session->stream_template); 1998 2925 if (status) 1999 2926 return status; 2000 2927 2001 return err_status_ok; 2928 return srtp_err_status_ok; 2929 } 2930 2931 2932 srtp_err_status_t 2933 srtp_update(srtp_t session, const srtp_policy_t *policy) { 2934 srtp_err_status_t stat; 2935 2936 /* sanity check arguments */ 2937 if ((session == NULL) || (policy == NULL) || (!srtp_validate_policy_master_keys(policy))) { 2938 return srtp_err_status_bad_param; 2939 } 2940 2941 while (policy != NULL) { 2942 stat = srtp_update_stream(session, policy); 2943 if (stat) { 2944 return stat; 2945 } 2946 2947 /* set policy to next item in list */ 2948 policy = policy->next; 2949 } 2950 return srtp_err_status_ok; 2951 } 2952 2953 2954 static srtp_err_status_t 2955 update_template_streams(srtp_t session, const srtp_policy_t *policy) { 2956 srtp_err_status_t status; 2957 srtp_stream_t new_stream_template; 2958 srtp_stream_t new_stream_list = NULL; 2959 2960 if (session->stream_template == NULL) { 2961 return srtp_err_status_bad_param; 2962 } 2963 2964 /* allocate new template stream */ 2965 status = srtp_stream_alloc(&new_stream_template, policy); 2966 if (status) { 2967 return status; 2968 } 2969 2970 /* initialize new template stream */ 2971 status = srtp_stream_init(new_stream_template, policy); 2972 if (status) { 2973 srtp_crypto_free(new_stream_template); 2974 return status; 2975 } 2976 2977 /* for all old templated streams */ 2978 for (;;) { 2979 srtp_stream_t stream; 2980 uint32_t ssrc; 2981 srtp_xtd_seq_num_t old_index; 2982 srtp_rdb_t old_rtcp_rdb; 2983 2984 stream = session->stream_list; 2985 while ((stream != NULL) && 2986 (stream->session_keys[0].rtp_auth != 2987 session->stream_template->session_keys[0].rtp_auth)) { 2988 stream = stream->next; 2989 } 2990 if (stream == NULL) { 2991 /* no more templated streams */ 2992 break; 2993 } 2994 2995 /* save old extendard seq */ 2996 ssrc = stream->ssrc; 2997 old_index = stream->rtp_rdbx.index; 2998 old_rtcp_rdb = stream->rtcp_rdb; 2999 3000 /* remove stream */ 3001 status = srtp_remove_stream(session, ssrc); 3002 if (status) { 3003 /* free new allocations */ 3004 while (new_stream_list != NULL) { 3005 srtp_stream_t next = new_stream_list->next; 3006 srtp_stream_dealloc(new_stream_list, new_stream_template); 3007 new_stream_list = next; 3008 } 3009 srtp_stream_dealloc(new_stream_template, NULL); 3010 return status; 3011 } 3012 3013 /* allocate and initialize a new stream */ 3014 status = srtp_stream_clone(new_stream_template, ssrc, &stream); 3015 if (status) { 3016 /* free new allocations */ 3017 while (new_stream_list != NULL) { 3018 srtp_stream_t next = new_stream_list->next; 3019 srtp_stream_dealloc(new_stream_list, new_stream_template); 3020 new_stream_list = next; 3021 } 3022 srtp_stream_dealloc(new_stream_template, NULL); 3023 return status; 3024 } 3025 3026 /* add new stream to the head of the new_stream_list */ 3027 stream->next = new_stream_list; 3028 new_stream_list = stream; 3029 3030 /* restore old extended seq */ 3031 stream->rtp_rdbx.index = old_index; 3032 stream->rtcp_rdb = old_rtcp_rdb; 3033 } 3034 /* dealloc old template */ 3035 srtp_stream_dealloc(session->stream_template, NULL); 3036 /* set new template */ 3037 session->stream_template = new_stream_template; 3038 /* add new list */ 3039 if (new_stream_list) { 3040 srtp_stream_t tail = new_stream_list; 3041 while (tail->next) { 3042 tail = tail->next; 3043 } 3044 tail->next = session->stream_list; 3045 session->stream_list = new_stream_list; 3046 } 3047 return status; 3048 } 3049 3050 3051 static srtp_err_status_t 3052 update_stream(srtp_t session, const srtp_policy_t *policy) { 3053 srtp_err_status_t status; 3054 srtp_xtd_seq_num_t old_index; 3055 srtp_rdb_t old_rtcp_rdb; 3056 srtp_stream_t stream; 3057 3058 stream = srtp_get_stream(session, htonl(policy->ssrc.value)); 3059 if (stream == NULL) { 3060 return srtp_err_status_bad_param; 3061 } 3062 3063 /* save old extendard seq */ 3064 old_index = stream->rtp_rdbx.index; 3065 old_rtcp_rdb = stream->rtcp_rdb; 3066 3067 status = srtp_remove_stream(session, htonl(policy->ssrc.value)); 3068 if (status) { 3069 return status; 3070 } 3071 3072 status = srtp_add_stream(session, policy); 3073 if (status) { 3074 return status; 3075 } 3076 3077 stream = srtp_get_stream(session, htonl(policy->ssrc.value)); 3078 if (stream == NULL) { 3079 return srtp_err_status_fail; 3080 } 3081 3082 /* restore old extended seq */ 3083 stream->rtp_rdbx.index = old_index; 3084 stream->rtcp_rdb = old_rtcp_rdb; 3085 3086 return srtp_err_status_ok; 3087 } 3088 3089 3090 srtp_err_status_t 3091 srtp_update_stream(srtp_t session, const srtp_policy_t *policy) { 3092 srtp_err_status_t status; 3093 3094 /* sanity check arguments */ 3095 if ((session == NULL) || (policy == NULL) || (!srtp_validate_policy_master_keys(policy))) 3096 return srtp_err_status_bad_param; 3097 3098 switch (policy->ssrc.type) { 3099 case (ssrc_any_outbound): 3100 case (ssrc_any_inbound): 3101 status = update_template_streams(session, policy); 3102 break; 3103 case (ssrc_specific): 3104 status = update_stream(session, policy); 3105 break; 3106 case (ssrc_undefined): 3107 default: 3108 return srtp_err_status_bad_param; 3109 } 3110 3111 return status; 2002 3112 } 2003 3113 2004 3114 2005 3115 /* 2006 * the default policy - provides a convenient way for callers to use3116 * The default policy - provides a convenient way for callers to use 2007 3117 * the default security policy 2008 * 2009 * this policy is that defined in the current SRTP internet draft. 3118 * 3119 * The default policy is defined in RFC 3711 3120 * (Section 5. Default and mandatory-to-implement Transforms) 2010 3121 * 2011 3122 */ … … 2018 3129 2019 3130 void 2020 crypto_policy_set_rtp_default(crypto_policy_t *p) {2021 2022 p->cipher_type = AES_ICM;2023 p->cipher_key_len = 30;/* default 128 bits per RFC 3711 */2024 p->auth_type = HMAC_SHA1;3131 srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p) { 3132 3133 p->cipher_type = SRTP_AES_ICM_128; 3134 p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* default 128 bits per RFC 3711 */ 3135 p->auth_type = SRTP_HMAC_SHA1; 2025 3136 p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ 2026 3137 p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ … … 2030 3141 2031 3142 void 2032 crypto_policy_set_rtcp_default(crypto_policy_t *p) {2033 2034 p->cipher_type = AES_ICM;2035 p->cipher_key_len = 30;/* default 128 bits per RFC 3711 */2036 p->auth_type = HMAC_SHA1;3143 srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p) { 3144 3145 p->cipher_type = SRTP_AES_ICM_128; 3146 p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* default 128 bits per RFC 3711 */ 3147 p->auth_type = SRTP_HMAC_SHA1; 2037 3148 p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ 2038 3149 p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ … … 2042 3153 2043 3154 void 2044 crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p) {3155 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p) { 2045 3156 2046 3157 /* … … 2050 3161 */ 2051 3162 2052 p->cipher_type = AES_ICM;2053 p->cipher_key_len = 30;/* 128 bit key, 112 bit salt */2054 p->auth_type = HMAC_SHA1;3163 p->cipher_type = SRTP_AES_ICM_128; 3164 p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* 128 bit key, 112 bit salt */ 3165 p->auth_type = SRTP_HMAC_SHA1; 2055 3166 p->auth_key_len = 20; /* 160 bit key */ 2056 3167 p->auth_tag_len = 4; /* 32 bit tag */ … … 2061 3172 2062 3173 void 2063 crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p) {3174 srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p) { 2064 3175 2065 3176 /* … … 2069 3180 */ 2070 3181 2071 p->cipher_type = AES_ICM;2072 p->cipher_key_len = 30;/* 128 bit key, 112 bit salt */2073 p->auth_type = NULL_AUTH;3182 p->cipher_type = SRTP_AES_ICM_128; 3183 p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* 128 bit key, 112 bit salt */ 3184 p->auth_type = SRTP_NULL_AUTH; 2074 3185 p->auth_key_len = 0; 2075 3186 p->auth_tag_len = 0; … … 2080 3191 2081 3192 void 2082 crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p) {3193 srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p) { 2083 3194 2084 3195 /* … … 2086 3197 */ 2087 3198 2088 p->cipher_type = NULL_CIPHER;3199 p->cipher_type = SRTP_NULL_CIPHER; 2089 3200 p->cipher_key_len = 0; 2090 p->auth_type = HMAC_SHA1;3201 p->auth_type = SRTP_HMAC_SHA1; 2091 3202 p->auth_key_len = 20; 2092 3203 p->auth_tag_len = 10; … … 2095 3206 } 2096 3207 2097 2098 3208 void 2099 crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p) {3209 srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p) { 2100 3210 2101 3211 /* 2102 * corresponds to draft-ietf-avt-big-aes-03.txt 2103 */ 2104 2105 p->cipher_type = AES_ICM; 2106 p->cipher_key_len = 46; 2107 p->auth_type = HMAC_SHA1; 3212 * Should only be used for testing 3213 */ 3214 3215 p->cipher_type = SRTP_NULL_CIPHER; 3216 p->cipher_key_len = 0; 3217 p->auth_type = SRTP_NULL_AUTH; 3218 p->auth_key_len = 0; 3219 p->auth_tag_len = 0; 3220 p->sec_serv = sec_serv_none; 3221 3222 } 3223 3224 3225 void 3226 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p) { 3227 3228 /* 3229 * corresponds to RFC 6188 3230 */ 3231 3232 p->cipher_type = SRTP_AES_ICM_256; 3233 p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; 3234 p->auth_type = SRTP_HMAC_SHA1; 2108 3235 p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ 2109 3236 p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ … … 2113 3240 2114 3241 void 2115 crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p) {3242 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p) { 2116 3243 2117 3244 /* 2118 * corresponds to draft-ietf-avt-big-aes-03.txt3245 * corresponds to RFC 6188 2119 3246 * 2120 3247 * note that this crypto policy is intended for SRTP, but not SRTCP 2121 3248 */ 2122 3249 2123 p->cipher_type = AES_ICM;2124 p->cipher_key_len = 46;2125 p->auth_type = HMAC_SHA1;3250 p->cipher_type = SRTP_AES_ICM_256; 3251 p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; 3252 p->auth_type = SRTP_HMAC_SHA1; 2126 3253 p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ 2127 3254 p->auth_tag_len = 4; /* default 80 bits per RFC 3711 */ … … 2133 3260 */ 2134 3261 void 2135 crypto_policy_set_aes_cm_256_null_auth (crypto_policy_t *p)3262 srtp_crypto_policy_set_aes_cm_256_null_auth (srtp_crypto_policy_t *p) 2136 3263 { 2137 p->cipher_type = AES_ICM;2138 p->cipher_key_len = 46;2139 p->auth_type = NULL_AUTH;3264 p->cipher_type = SRTP_AES_ICM_256; 3265 p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; 3266 p->auth_type = SRTP_NULL_AUTH; 2140 3267 p->auth_key_len = 0; 2141 3268 p->auth_tag_len = 0; … … 2144 3271 2145 3272 #ifdef OPENSSL 3273 void 3274 srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p) { 3275 3276 /* 3277 * corresponds to RFC 6188 3278 */ 3279 3280 p->cipher_type = SRTP_AES_ICM_192; 3281 p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT; 3282 p->auth_type = SRTP_HMAC_SHA1; 3283 p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ 3284 p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ 3285 p->sec_serv = sec_serv_conf_and_auth; 3286 } 3287 3288 3289 void 3290 srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p) { 3291 3292 /* 3293 * corresponds to RFC 6188 3294 * 3295 * note that this crypto policy is intended for SRTP, but not SRTCP 3296 */ 3297 3298 p->cipher_type = SRTP_AES_ICM_192; 3299 p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT; 3300 p->auth_type = SRTP_HMAC_SHA1; 3301 p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ 3302 p->auth_tag_len = 4; /* default 80 bits per RFC 3711 */ 3303 p->sec_serv = sec_serv_conf_and_auth; 3304 } 3305 3306 /* 3307 * AES-192 with no authentication. 3308 */ 3309 void 3310 srtp_crypto_policy_set_aes_cm_192_null_auth (srtp_crypto_policy_t *p) 3311 { 3312 p->cipher_type = SRTP_AES_ICM_192; 3313 p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT; 3314 p->auth_type = SRTP_NULL_AUTH; 3315 p->auth_key_len = 0; 3316 p->auth_tag_len = 0; 3317 p->sec_serv = sec_serv_conf; 3318 } 3319 2146 3320 /* 2147 3321 * AES-128 GCM mode with 8 octet auth tag. 2148 3322 */ 2149 3323 void 2150 crypto_policy_set_aes_gcm_128_8_auth(crypto_policy_t *p) {2151 p->cipher_type = AES_128_GCM;2152 p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT;2153 p->auth_type = NULL_AUTH; /* GCM handles the auth for us */3324 srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p) { 3325 p->cipher_type = SRTP_AES_GCM_128; 3326 p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT; 3327 p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ 2154 3328 p->auth_key_len = 0; 2155 3329 p->auth_tag_len = 8; /* 8 octet tag length */ … … 2161 3335 */ 2162 3336 void 2163 crypto_policy_set_aes_gcm_256_8_auth(crypto_policy_t *p) {2164 p->cipher_type = AES_256_GCM;2165 p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT;2166 p->auth_type = NULL_AUTH; /* GCM handles the auth for us */3337 srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p) { 3338 p->cipher_type = SRTP_AES_GCM_256; 3339 p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT; 3340 p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ 2167 3341 p->auth_key_len = 0; 2168 3342 p->auth_tag_len = 8; /* 8 octet tag length */ … … 2174 3348 */ 2175 3349 void 2176 crypto_policy_set_aes_gcm_128_8_only_auth(crypto_policy_t *p) {2177 p->cipher_type = AES_128_GCM;2178 p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT;2179 p->auth_type = NULL_AUTH; /* GCM handles the auth for us */3350 srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p) { 3351 p->cipher_type = SRTP_AES_GCM_128; 3352 p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT; 3353 p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ 2180 3354 p->auth_key_len = 0; 2181 3355 p->auth_tag_len = 8; /* 8 octet tag length */ … … 2187 3361 */ 2188 3362 void 2189 crypto_policy_set_aes_gcm_256_8_only_auth(crypto_policy_t *p) {2190 p->cipher_type = AES_256_GCM;2191 p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT;2192 p->auth_type = NULL_AUTH; /* GCM handles the auth for us */3363 srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p) { 3364 p->cipher_type = SRTP_AES_GCM_256; 3365 p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT; 3366 p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ 2193 3367 p->auth_key_len = 0; 2194 3368 p->auth_tag_len = 8; /* 8 octet tag length */ … … 2200 3374 */ 2201 3375 void 2202 crypto_policy_set_aes_gcm_128_16_auth(crypto_policy_t *p) {2203 p->cipher_type = AES_128_GCM;2204 p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT;2205 p->auth_type = NULL_AUTH; /* GCM handles the auth for us */3376 srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p) { 3377 p->cipher_type = SRTP_AES_GCM_128; 3378 p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT; 3379 p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ 2206 3380 p->auth_key_len = 0; 2207 3381 p->auth_tag_len = 16; /* 16 octet tag length */ … … 2213 3387 */ 2214 3388 void 2215 crypto_policy_set_aes_gcm_256_16_auth(crypto_policy_t *p) {2216 p->cipher_type = AES_256_GCM;2217 p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT;2218 p->auth_type = NULL_AUTH; /* GCM handles the auth for us */3389 srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p) { 3390 p->cipher_type = SRTP_AES_GCM_256; 3391 p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT; 3392 p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ 2219 3393 p->auth_key_len = 0; 2220 3394 p->auth_tag_len = 16; /* 16 octet tag length */ … … 2230 3404 /* 2231 3405 * AEAD uses a new IV formation method. This function implements 2232 * section 10.1 from draft-ietf-avtcore-srtp-aes-gcm-07.txt. The2233 * calculation is defined as, where (+) is the xor operation:3406 * section 9.1 (SRTCP IV Formation for AES-GCM) from RFC7714. 3407 * The calculation is defined as, where (+) is the xor operation: 2234 3408 * 2235 3409 * 0 1 2 3 4 5 6 7 8 9 10 11 … … 2246 3420 * +--+--+--+--+--+--+--+--+--+--+--+--+* 2247 3421 * 2248 * Input: *stream - pointer to SRTP stream context, used to retrieve 2249 * the SALT 2250 * *iv - Pointer to recieve the calculated IV 2251 * seq_num - The SEQ value to use for the IV calculation. 2252 * *hdr - The RTP header, used to get the SSRC value 3422 * Input: *session_keys - pointer to SRTP stream context session keys, 3423 * used to retrieve the SALT 3424 * *iv - Pointer to recieve the calculated IV 3425 * seq_num - The SEQ value to use for the IV calculation. 3426 * *hdr - The RTP header, used to get the SSRC value 3427 * 3428 * Returns: srtp_err_status_ok if no error or srtp_err_status_bad_param 3429 * if seq_num is invalid 2253 3430 * 2254 3431 */ 2255 static void srtp_calc_aead_iv_srtcp(srtp_stream_ctx_t *stream, v128_t *iv, 2256 uint32_t seq_num, srtcp_hdr_t *hdr) 3432 static srtp_err_status_t 3433 srtp_calc_aead_iv_srtcp(srtp_session_keys_t *session_keys, v128_t *iv, 3434 uint32_t seq_num, srtcp_hdr_t *hdr) 2257 3435 { 2258 3436 v128_t in; … … 2265 3443 memcpy(&in.v16[1], &hdr->ssrc, 4); /* still in network order! */ 2266 3444 in.v16[3] = 0; 2267 in.v32[2] = 0x7FFFFFFF & htonl(seq_num); /* bit 32 is suppose to be zero */ 3445 3446 /* 3447 * The SRTCP index (seq_num) spans bits 0 through 30 inclusive. 3448 * The most significant bit should be zero. 3449 */ 3450 if (seq_num & 0x80000000UL) { 3451 return srtp_err_status_bad_param; 3452 } 3453 in.v32[2] = htonl(seq_num); 2268 3454 2269 3455 debug_print(mod_srtp, "Pre-salted RTCP IV = %s\n", v128_hex_string(&in)); … … 2272 3458 * Get the SALT value from the context 2273 3459 */ 2274 memcpy(salt.v8, s tream->c_salt, 12);3460 memcpy(salt.v8, session_keys->c_salt, 12); 2275 3461 debug_print(mod_srtp, "RTCP SALT = %s\n", v128_hex_string(&salt)); 2276 3462 … … 2279 3465 */ 2280 3466 v128_xor(iv, &in, &salt); 3467 3468 return srtp_err_status_ok; 2281 3469 } 2282 3470 … … 2285 3473 * AES-GCM mode with 128 or 256 bit keys. 2286 3474 */ 2287 static err_status_t3475 static srtp_err_status_t 2288 3476 srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, 2289 void *rtcp_hdr, unsigned int *pkt_octet_len) 3477 void *rtcp_hdr, unsigned int *pkt_octet_len, 3478 srtp_session_keys_t *session_keys, unsigned int use_mki) 2290 3479 { 2291 3480 srtcp_hdr_t *hdr = (srtcp_hdr_t*)rtcp_hdr; … … 2294 3483 unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ 2295 3484 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ 2296 err_status_t status;2297 int tag_len;3485 srtp_err_status_t status; 3486 uint32_t tag_len; 2298 3487 uint32_t seq_num; 2299 3488 v128_t iv; 2300 3489 uint32_t tseq; 3490 unsigned int mki_size = 0; 2301 3491 2302 3492 /* get tag length from stream context */ 2303 tag_len = auth_get_tag_length(stream->rtcp_auth);3493 tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); 2304 3494 2305 3495 /* … … 2325 3515 } 2326 3516 3517 mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len + tag_len + sizeof(srtcp_trailer_t), 3518 session_keys, use_mki); 3519 2327 3520 /* 2328 3521 * set the auth_tag pointer to the proper location, which is after … … 2337 3530 * if its value isn't too big 2338 3531 */ 2339 status = rdb_increment(&stream->rtcp_rdb);3532 status = srtp_rdb_increment(&stream->rtcp_rdb); 2340 3533 if (status) { 2341 3534 return status; 2342 3535 } 2343 seq_num = rdb_get_value(&stream->rtcp_rdb);3536 seq_num = srtp_rdb_get_value(&stream->rtcp_rdb); 2344 3537 *trailer |= htonl(seq_num); 2345 3538 debug_print(mod_srtp, "srtcp index: %x", seq_num); 2346 3539 2347 3540 /* 2348 * Calculating the IV and pass it down to the cipher 2349 */ 2350 srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr); 2351 status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt); 3541 * Calculate and set the IV 3542 */ 3543 status = srtp_calc_aead_iv_srtcp(session_keys, &iv, seq_num, hdr); 2352 3544 if (status) { 2353 return err_status_cipher_fail; 3545 return srtp_err_status_cipher_fail; 3546 } 3547 status = srtp_cipher_set_iv(session_keys->rtcp_cipher, 3548 (uint8_t*)&iv, srtp_direction_encrypt); 3549 if (status) { 3550 return srtp_err_status_cipher_fail; 2354 3551 } 2355 3552 … … 2358 3555 */ 2359 3556 if (enc_start) { 2360 2361 2362 2363 2364 status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, 2365 octets_in_rtcp_header);2366 2367 return (err_status_cipher_fail);2368 3557 /* 3558 * If payload encryption is enabled, then the AAD consist of 3559 * the RTCP header and the seq# at the end of the packet 3560 */ 3561 status = srtp_cipher_set_aad(session_keys->rtcp_cipher, 3562 (uint8_t*)hdr, octets_in_rtcp_header); 3563 if (status) { 3564 return ( srtp_err_status_cipher_fail); 3565 } 2369 3566 } else { 2370 2371 2372 * the entire packet as described in section 10.3 in revision 07 2373 * of the draft. 2374 2375 status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, 2376 *pkt_octet_len);2377 2378 return (err_status_cipher_fail);2379 2380 } 2381 /* 3567 /* 3568 * Since payload encryption is not enabled, we must authenticate 3569 * the entire packet as described in RFC 7714 (Section 9.3. Data 3570 * Types in Unencrypted SRTCP Compound Packets) 3571 */ 3572 status = srtp_cipher_set_aad(session_keys->rtcp_cipher, 3573 (uint8_t*)hdr, *pkt_octet_len); 3574 if (status) { 3575 return ( srtp_err_status_cipher_fail); 3576 } 3577 } 3578 /* 2382 3579 * Process the sequence# as AAD 2383 3580 */ 2384 3581 tseq = *trailer; 2385 status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq,2386 sizeof(srtcp_trailer_t));3582 status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t*)&tseq, 3583 sizeof(srtcp_trailer_t)); 2387 3584 if (status) { 2388 return ( err_status_cipher_fail);3585 return ( srtp_err_status_cipher_fail); 2389 3586 } 2390 3587 2391 3588 /* if we're encrypting, exor keystream into the message */ 2392 3589 if (enc_start) { 2393 status = cipher_encrypt(stream->rtcp_cipher,2394 (uint8_t*)enc_start, &enc_octet_len);3590 status = srtp_cipher_encrypt(session_keys->rtcp_cipher, 3591 (uint8_t*)enc_start, &enc_octet_len); 2395 3592 if (status) { 2396 return err_status_cipher_fail;3593 return srtp_err_status_cipher_fail; 2397 3594 } 2398 2399 2400 2401 status = cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag, 2402 &tag_len);2403 2404 return (err_status_cipher_fail);2405 2406 3595 /* 3596 * Get the tag and append that to the output 3597 */ 3598 status = srtp_cipher_get_tag(session_keys->rtcp_cipher, (uint8_t*)auth_tag, 3599 &tag_len); 3600 if (status) { 3601 return ( srtp_err_status_cipher_fail); 3602 } 3603 enc_octet_len += tag_len; 2407 3604 } else { 2408 2409 2410 2411 2412 2413 status = cipher_encrypt(stream->rtcp_cipher, NULL, &nolen);3605 /* 3606 * Even though we're not encrypting the payload, we need 3607 * to run the cipher to get the auth tag. 3608 */ 3609 unsigned int nolen = 0; 3610 status = srtp_cipher_encrypt(session_keys->rtcp_cipher, NULL, &nolen); 2414 3611 if (status) { 2415 return err_status_cipher_fail;3612 return srtp_err_status_cipher_fail; 2416 3613 } 2417 2418 2419 2420 status = cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag, 2421 &tag_len);2422 2423 return (err_status_cipher_fail);2424 2425 3614 /* 3615 * Get the tag and append that to the output 3616 */ 3617 status = srtp_cipher_get_tag(session_keys->rtcp_cipher, (uint8_t*)auth_tag, 3618 &tag_len); 3619 if (status) { 3620 return ( srtp_err_status_cipher_fail); 3621 } 3622 enc_octet_len += tag_len; 2426 3623 } 2427 3624 … … 2429 3626 *pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t)); 2430 3627 2431 return err_status_ok; 3628 /* increase the packet by the mki_size */ 3629 *pkt_octet_len += mki_size; 3630 3631 return srtp_err_status_ok; 2432 3632 } 2433 3633 … … 2438 3638 * when decrypting the payload. 2439 3639 */ 2440 static err_status_t3640 static srtp_err_status_t 2441 3641 srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, 2442 void *srtcp_hdr, unsigned int *pkt_octet_len) 3642 void *srtcp_hdr, unsigned int *pkt_octet_len, 3643 srtp_session_keys_t *session_keys, unsigned int use_mki) 2443 3644 { 2444 3645 srtcp_hdr_t *hdr = (srtcp_hdr_t*)srtcp_hdr; … … 2447 3648 unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ 2448 3649 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ 2449 err_status_t status;3650 srtp_err_status_t status; 2450 3651 int tag_len; 2451 3652 unsigned int tmp_len; … … 2453 3654 v128_t iv; 2454 3655 uint32_t tseq; 3656 unsigned int mki_size = 0; 2455 3657 2456 3658 /* get tag length from stream context */ 2457 tag_len = auth_get_tag_length(stream->rtcp_auth); 3659 tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); 3660 3661 if (use_mki) { 3662 mki_size = session_keys->mki_size; 3663 } 2458 3664 2459 3665 /* … … 2469 3675 * multiples of 32-bits (RFC 3550 6.1) 2470 3676 */ 2471 trailer = (uint32_t*)((char*)hdr + *pkt_octet_len - sizeof(srtcp_trailer_t) );3677 trailer = (uint32_t*)((char*)hdr + *pkt_octet_len - sizeof(srtcp_trailer_t) - mki_size); 2472 3678 /* 2473 3679 * We pass the tag down to the cipher when doing GCM mode 2474 3680 */ 2475 3681 enc_octet_len = *pkt_octet_len - (octets_in_rtcp_header + 2476 sizeof(srtcp_trailer_t) );2477 auth_tag = (uint8_t*)hdr + *pkt_octet_len - tag_len - sizeof(srtcp_trailer_t);3682 sizeof(srtcp_trailer_t) + mki_size); 3683 auth_tag = (uint8_t*)hdr + *pkt_octet_len - tag_len - mki_size - sizeof(srtcp_trailer_t); 2478 3684 2479 3685 if (*((unsigned char*)trailer) & SRTCP_E_BYTE_BIT) { … … 2490 3696 seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; 2491 3697 debug_print(mod_srtp, "srtcp index: %x", seq_num); 2492 status = rdb_check(&stream->rtcp_rdb, seq_num);3698 status = srtp_rdb_check(&stream->rtcp_rdb, seq_num); 2493 3699 if (status) { 2494 3700 return status; … … 2498 3704 * Calculate and set the IV 2499 3705 */ 2500 srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr); 2501 status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt); 3706 status = srtp_calc_aead_iv_srtcp(session_keys, &iv, seq_num, hdr); 2502 3707 if (status) { 2503 return err_status_cipher_fail; 3708 return srtp_err_status_cipher_fail; 3709 } 3710 status = srtp_cipher_set_iv(session_keys->rtcp_cipher, 3711 (uint8_t*)&iv, srtp_direction_decrypt); 3712 if (status) { 3713 return srtp_err_status_cipher_fail; 2504 3714 } 2505 3715 … … 2508 3718 */ 2509 3719 if (enc_start) { 2510 2511 2512 2513 2514 status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, 2515 octets_in_rtcp_header);2516 2517 return (err_status_cipher_fail);2518 3720 /* 3721 * If payload encryption is enabled, then the AAD consist of 3722 * the RTCP header and the seq# at the end of the packet 3723 */ 3724 status = srtp_cipher_set_aad(session_keys->rtcp_cipher, 3725 (uint8_t*)hdr, octets_in_rtcp_header); 3726 if (status) { 3727 return ( srtp_err_status_cipher_fail); 3728 } 2519 3729 } else { 2520 /* 2521 * Since payload encryption is not enabled, we must authenticate 2522 * the entire packet as described in section 10.3 in revision 07 2523 * of the draft. 2524 */ 2525 status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr, 2526 (*pkt_octet_len - tag_len - sizeof(srtcp_trailer_t))); 2527 if (status) { 2528 return ( err_status_cipher_fail); 2529 } 2530 } 2531 2532 /* 2533 * Process the sequence# as AAD 3730 /* 3731 * Since payload encryption is not enabled, we must authenticate 3732 * the entire packet as described in RFC 7714 (Section 9.3. Data 3733 * Types in Unencrypted SRTCP Compound Packets) 3734 */ 3735 status = srtp_cipher_set_aad( 3736 session_keys->rtcp_cipher, (uint8_t*)hdr, 3737 (*pkt_octet_len - tag_len - sizeof(srtcp_trailer_t) - mki_size)); 3738 if (status) { 3739 return ( srtp_err_status_cipher_fail); 3740 } 3741 } 3742 3743 /* 3744 * Process the sequence# as AAD 2534 3745 */ 2535 3746 tseq = *trailer; 2536 status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq,2537 sizeof(srtcp_trailer_t));3747 status = srtp_cipher_set_aad(session_keys->rtcp_cipher, 3748 (uint8_t*)&tseq, sizeof(srtcp_trailer_t)); 2538 3749 if (status) { 2539 return (err_status_cipher_fail);3750 return ( srtp_err_status_cipher_fail); 2540 3751 } 2541 3752 2542 3753 /* if we're decrypting, exor keystream into the message */ 2543 3754 if (enc_start) { 2544 status = cipher_decrypt(stream->rtcp_cipher, 2545 (uint8_t*)enc_start, &enc_octet_len); 3755 status = srtp_cipher_decrypt(session_keys->rtcp_cipher, (uint8_t*)enc_start, &enc_octet_len); 2546 3756 if (status) { 2547 3757 return status; 2548 3758 } 2549 3759 } else { 2550 /* 2551 * Still need to run the cipher to check the tag 2552 */ 2553 tmp_len = tag_len; 2554 status = cipher_decrypt(stream->rtcp_cipher, (uint8_t*)auth_tag, 2555 &tmp_len); 3760 /* 3761 * Still need to run the cipher to check the tag 3762 */ 3763 tmp_len = tag_len; 3764 status = srtp_cipher_decrypt(session_keys->rtcp_cipher, (uint8_t*)auth_tag, &tmp_len); 2556 3765 if (status) { 2557 3766 return status; … … 2560 3769 2561 3770 /* decrease the packet length by the length of the auth tag and seq_num*/ 2562 *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t) );3771 *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t) + mki_size); 2563 3772 2564 3773 /* … … 2609 3818 2610 3819 /* we've passed the authentication check, so add seq_num to the rdb */ 2611 rdb_add_index(&stream->rtcp_rdb, seq_num);2612 2613 return err_status_ok;2614 } 2615 2616 err_status_t3820 srtp_rdb_add_index(&stream->rtcp_rdb, seq_num); 3821 3822 return srtp_err_status_ok; 3823 } 3824 3825 srtp_err_status_t 2617 3826 srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) { 3827 return srtp_protect_rtcp_mki(ctx, rtcp_hdr, pkt_octet_len, 0, 0); 3828 } 3829 3830 srtp_err_status_t 3831 srtp_protect_rtcp_mki(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len, 3832 unsigned int use_mki, unsigned int mki_index) { 2618 3833 srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr; 2619 3834 uint32_t *enc_start; /* pointer to start of encrypted portion */ … … 2622 3837 unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ 2623 3838 uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ 2624 err_status_t status;3839 srtp_err_status_t status; 2625 3840 int tag_len; 2626 3841 srtp_stream_ctx_t *stream; 2627 int prefix_len;3842 uint32_t prefix_len; 2628 3843 uint32_t seq_num; 3844 unsigned int mki_size = 0; 3845 srtp_session_keys_t *session_keys = NULL; 2629 3846 2630 3847 /* we assume the hdr is 32-bit aligned to start */ … … 2632 3849 /* check the packet length - it must at least contain a full header */ 2633 3850 if (*pkt_octet_len < octets_in_rtcp_header) 2634 return err_status_bad_param;3851 return srtp_err_status_bad_param; 2635 3852 2636 3853 /* … … 2660 3877 } else { 2661 3878 /* no template stream, so we return an error */ 2662 return err_status_no_ctx;3879 return srtp_err_status_no_ctx; 2663 3880 } 2664 3881 } … … 2678 3895 } 2679 3896 3897 session_keys = srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index); 3898 2680 3899 /* 2681 3900 * Check if this is an AEAD stream (GCM mode). If so, then dispatch 2682 3901 * the request to our AEAD handler. 2683 3902 */ 2684 if (stream->rtp_cipher->algorithm == AES_128_GCM || 2685 stream->rtp_cipher->algorithm == AES_256_GCM) { 2686 return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr, (unsigned int*)pkt_octet_len); 3903 if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || 3904 session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { 3905 return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr, 3906 (unsigned int*)pkt_octet_len, session_keys, 3907 use_mki); 2687 3908 } 2688 3909 2689 3910 /* get tag length from stream context */ 2690 tag_len = auth_get_tag_length(stream->rtcp_auth);3911 tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); 2691 3912 2692 3913 /* … … 2713 3934 } 2714 3935 3936 mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t), 3937 session_keys, use_mki); 3938 2715 3939 /* 2716 3940 * set the auth_start and auth_tag pointers to the proper locations … … 2719 3943 /* Note: This would need to change for optional mikey data */ 2720 3944 auth_start = (uint32_t *)hdr; 2721 auth_tag = (uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t) ;3945 auth_tag = (uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t) + mki_size; 2722 3946 2723 3947 /* perform EKT processing if needed */ 2724 ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len,2725 rdbx_get_packet_index(&stream->rtp_rdbx));3948 srtp_ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len, 3949 srtp_rdbx_get_packet_index(&stream->rtp_rdbx)); 2726 3950 2727 3951 /* … … 2729 3953 * if its value isn't too big 2730 3954 */ 2731 status = rdb_increment(&stream->rtcp_rdb);3955 status = srtp_rdb_increment(&stream->rtcp_rdb); 2732 3956 if (status) 2733 3957 return status; 2734 seq_num = rdb_get_value(&stream->rtcp_rdb);3958 seq_num = srtp_rdb_get_value(&stream->rtcp_rdb); 2735 3959 *trailer |= htonl(seq_num); 2736 3960 debug_print(mod_srtp, "srtcp index: %x", seq_num); … … 2739 3963 * if we're using rindael counter mode, set nonce and seq 2740 3964 */ 2741 if (stream->rtcp_cipher->type->id == AES_ICM) { 3965 if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_128 || 3966 session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_192 || 3967 session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_256) { 2742 3968 v128_t iv; 2743 3969 … … 2746 3972 iv.v32[2] = htonl(seq_num >> 16); 2747 3973 iv.v32[3] = htonl(seq_num << 16); 2748 status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt); 3974 status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t*)&iv, 3975 srtp_direction_encrypt); 2749 3976 2750 3977 } else { … … 2756 3983 iv.v32[2] = 0; 2757 3984 iv.v32[3] = htonl(seq_num); 2758 status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt); 3985 status = srtp_cipher_set_iv(session_keys->rtcp_cipher, 3986 (uint8_t*)&iv, srtp_direction_encrypt); 2759 3987 } 2760 3988 if (status) 2761 return err_status_cipher_fail;3989 return srtp_err_status_cipher_fail; 2762 3990 2763 3991 /* … … 2770 3998 2771 3999 /* put keystream prefix into auth_tag */ 2772 prefix_len = auth_get_prefix_length(stream->rtcp_auth);2773 status = cipher_output(stream->rtcp_cipher, auth_tag,prefix_len);4000 prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth); 4001 status = srtp_cipher_output(session_keys->rtcp_cipher, auth_tag, &prefix_len); 2774 4002 2775 4003 debug_print(mod_srtp, "keystream prefix: %s", 2776 octet_string_hex_string(auth_tag, prefix_len));4004 srtp_octet_string_hex_string(auth_tag, prefix_len)); 2777 4005 2778 4006 if (status) 2779 return err_status_cipher_fail;4007 return srtp_err_status_cipher_fail; 2780 4008 } 2781 4009 2782 4010 /* if we're encrypting, exor keystream into the message */ 2783 4011 if (enc_start) { 2784 status = cipher_encrypt(stream->rtcp_cipher,2785 4012 status = srtp_cipher_encrypt(session_keys->rtcp_cipher, 4013 (uint8_t *)enc_start, &enc_octet_len); 2786 4014 if (status) 2787 return err_status_cipher_fail;4015 return srtp_err_status_cipher_fail; 2788 4016 } 2789 4017 2790 4018 /* initialize auth func context */ 2791 auth_start(stream->rtcp_auth);4019 srtp_auth_start(session_keys->rtcp_auth); 2792 4020 2793 4021 /* … … 2795 4023 * result at auth_tag 2796 4024 */ 2797 status = auth_compute(stream->rtcp_auth,4025 status = srtp_auth_compute(session_keys->rtcp_auth, 2798 4026 (uint8_t *)auth_start, 2799 4027 (*pkt_octet_len) + sizeof(srtcp_trailer_t), 2800 4028 auth_tag); 2801 4029 debug_print(mod_srtp, "srtcp auth tag: %s", 2802 octet_string_hex_string(auth_tag, tag_len));4030 srtp_octet_string_hex_string(auth_tag, tag_len)); 2803 4031 if (status) 2804 return err_status_auth_fail;4032 return srtp_err_status_auth_fail; 2805 4033 2806 4034 /* increase the packet length by the length of the auth tag and seq_num*/ 2807 4035 *pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t)); 4036 4037 /* increase the packet by the mki_size */ 4038 *pkt_octet_len += mki_size; 2808 4039 2809 return err_status_ok;2810 } 2811 2812 2813 err_status_t4040 return srtp_err_status_ok; 4041 } 4042 4043 4044 srtp_err_status_t 2814 4045 srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { 4046 return srtp_unprotect_rtcp_mki(ctx, srtcp_hdr, pkt_octet_len, 0); 4047 } 4048 4049 srtp_err_status_t 4050 srtp_unprotect_rtcp_mki(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len, 4051 unsigned int use_mki) { 2815 4052 srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr; 2816 4053 uint32_t *enc_start; /* pointer to start of encrypted portion */ … … 2821 4058 uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; 2822 4059 uint8_t tag_copy[SRTP_MAX_TAG_LEN]; 2823 err_status_t status;4060 srtp_err_status_t status; 2824 4061 unsigned int auth_len; 2825 4062 int tag_len; 2826 4063 srtp_stream_ctx_t *stream; 2827 int prefix_len;4064 uint32_t prefix_len; 2828 4065 uint32_t seq_num; 2829 4066 int e_bit_in_packet; /* whether the E-bit was found in the packet */ 2830 4067 int sec_serv_confidentiality; /* whether confidentiality was requested */ 4068 unsigned int mki_size = 0; 4069 srtp_session_keys_t *session_keys = NULL; 2831 4070 2832 4071 /* we assume the hdr is 32-bit aligned to start */ … … 2836 4075 a positive value */ 2837 4076 if (*pkt_octet_len < octets_in_rtcp_header + sizeof(srtcp_trailer_t)) 2838 return err_status_bad_param;4077 return srtp_err_status_bad_param; 2839 4078 2840 4079 /* … … 2867 4106 2868 4107 debug_print(mod_srtp, "srtcp using provisional stream (SSRC: 0x%08x)", 2869 hdr->ssrc);4108 ntohl(hdr->ssrc)); 2870 4109 } else { 2871 4110 /* no template stream, so we return an error */ 2872 return err_status_no_ctx;4111 return srtp_err_status_no_ctx; 2873 4112 } 2874 4113 } 2875 4114 4115 /* 4116 * Determine if MKI is being used and what session keys should be used 4117 */ 4118 if (use_mki) { 4119 session_keys = srtp_get_session_keys(stream, (uint8_t *)hdr, 4120 (const unsigned int*)pkt_octet_len, 4121 &mki_size); 4122 4123 if (session_keys == NULL) 4124 return srtp_err_status_bad_mki; 4125 } else { 4126 session_keys = &stream->session_keys[0]; 4127 } 4128 4129 2876 4130 /* get tag length from stream context */ 2877 tag_len = auth_get_tag_length(stream->rtcp_auth);4131 tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); 2878 4132 2879 4133 /* check the packet length - it must contain at least a full RTCP 2880 4134 header, an auth tag (if applicable), and the SRTCP encrypted flag 2881 4135 and 31-bit index value */ 2882 if (*pkt_octet_len < (int) (octets_in_rtcp_header + tag_len + sizeof(srtcp_trailer_t))) {2883 return err_status_bad_param;4136 if (*pkt_octet_len < (int) (octets_in_rtcp_header + tag_len + mki_size + sizeof(srtcp_trailer_t))) { 4137 return srtp_err_status_bad_param; 2884 4138 } 2885 4139 … … 2888 4142 * the request to our AEAD handler. 2889 4143 */ 2890 if (stream->rtp_cipher->algorithm == AES_128_GCM || 2891 stream->rtp_cipher->algorithm == AES_256_GCM) { 2892 return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr, (unsigned int*)pkt_octet_len); 4144 if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || 4145 session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { 4146 return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr, 4147 (unsigned int*)pkt_octet_len, session_keys, 4148 mki_size); 2893 4149 } 2894 4150 … … 2900 4156 */ 2901 4157 enc_octet_len = *pkt_octet_len - 2902 (octets_in_rtcp_header + tag_len + sizeof(srtcp_trailer_t));4158 (octets_in_rtcp_header + tag_len + mki_size + sizeof(srtcp_trailer_t)); 2903 4159 /* index & E (encryption) bit follow normal data. hdr->len 2904 4160 is the number of words (32-bit) in the normal packet minus 1 */ … … 2911 4167 */ 2912 4168 trailer = (uint32_t *) ((char *) hdr + 2913 *pkt_octet_len -(tag_len + sizeof(srtcp_trailer_t)));4169 *pkt_octet_len -(tag_len + mki_size + sizeof(srtcp_trailer_t))); 2914 4170 e_bit_in_packet = 2915 4171 (*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT; 2916 4172 if (e_bit_in_packet != sec_serv_confidentiality) { 2917 return err_status_cant_check;4173 return srtp_err_status_cant_check; 2918 4174 } 2919 4175 if (sec_serv_confidentiality) { … … 2929 4185 */ 2930 4186 auth_start = (uint32_t *)hdr; 2931 auth_len = *pkt_octet_len - tag_len; 2932 auth_tag = (uint8_t *)hdr + auth_len; 4187 4188 /* 4189 * The location of the auth tag in the packet needs to know MKI 4190 * could be present. The data needed to calculate the Auth tag 4191 * must not include the MKI 4192 */ 4193 auth_len = *pkt_octet_len - tag_len - mki_size; 4194 auth_tag = (uint8_t *)hdr + auth_len + mki_size; 2933 4195 2934 4196 /* … … 2940 4202 */ 2941 4203 if (stream->ekt) { 2942 auth_tag -= ekt_octets_after_base_tag(stream->ekt);4204 auth_tag -= srtp_ekt_octets_after_base_tag(stream->ekt); 2943 4205 memcpy(tag_copy, auth_tag, tag_len); 2944 4206 octet_string_set_to_zero(auth_tag, tag_len); … … 2953 4215 seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; 2954 4216 debug_print(mod_srtp, "srtcp index: %x", seq_num); 2955 status = rdb_check(&stream->rtcp_rdb, seq_num);4217 status = srtp_rdb_check(&stream->rtcp_rdb, seq_num); 2956 4218 if (status) 2957 4219 return status; … … 2960 4222 * if we're using aes counter mode, set nonce and seq 2961 4223 */ 2962 if (stream->rtcp_cipher->type->id == AES_ICM) { 4224 if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_128 || 4225 session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_192 || 4226 session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_256) { 2963 4227 v128_t iv; 2964 4228 … … 2967 4231 iv.v32[2] = htonl(seq_num >> 16); 2968 4232 iv.v32[3] = htonl(seq_num << 16); 2969 status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt); 4233 status = srtp_cipher_set_iv(session_keys->rtcp_cipher, 4234 (uint8_t*)&iv, srtp_direction_decrypt); 2970 4235 2971 4236 } else { … … 2977 4242 iv.v32[2] = 0; 2978 4243 iv.v32[3] = htonl(seq_num); 2979 status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt); 4244 status = srtp_cipher_set_iv(session_keys->rtcp_cipher, 4245 (uint8_t*)&iv, srtp_direction_decrypt); 2980 4246 2981 4247 } 2982 4248 if (status) 2983 return err_status_cipher_fail;4249 return srtp_err_status_cipher_fail; 2984 4250 2985 4251 /* initialize auth func context */ 2986 auth_start(stream->rtcp_auth);4252 srtp_auth_start(session_keys->rtcp_auth); 2987 4253 2988 4254 /* run auth func over packet, put result into tmp_tag */ 2989 status = auth_compute(stream->rtcp_auth, (uint8_t *)auth_start,4255 status = srtp_auth_compute(session_keys->rtcp_auth, (uint8_t *)auth_start, 2990 4256 auth_len, tmp_tag); 2991 4257 debug_print(mod_srtp, "srtcp computed tag: %s", 2992 octet_string_hex_string(tmp_tag, tag_len));4258 srtp_octet_string_hex_string(tmp_tag, tag_len)); 2993 4259 if (status) 2994 return err_status_auth_fail;4260 return srtp_err_status_auth_fail; 2995 4261 2996 4262 /* compare the tag just computed with the one in the packet */ 2997 4263 debug_print(mod_srtp, "srtcp tag from packet: %s", 2998 octet_string_hex_string(auth_tag, tag_len));4264 srtp_octet_string_hex_string(auth_tag, tag_len)); 2999 4265 if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) 3000 return err_status_auth_fail;4266 return srtp_err_status_auth_fail; 3001 4267 3002 4268 /* … … 3004 4270 * prefix into the authentication tag 3005 4271 */ 3006 prefix_len = auth_get_prefix_length(stream->rtcp_auth);4272 prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth); 3007 4273 if (prefix_len) { 3008 status = cipher_output(stream->rtcp_cipher, auth_tag,prefix_len);4274 status = srtp_cipher_output(session_keys->rtcp_cipher, auth_tag, &prefix_len); 3009 4275 debug_print(mod_srtp, "keystream prefix: %s", 3010 octet_string_hex_string(auth_tag, prefix_len));4276 srtp_octet_string_hex_string(auth_tag, prefix_len)); 3011 4277 if (status) 3012 return err_status_cipher_fail;4278 return srtp_err_status_cipher_fail; 3013 4279 } 3014 4280 3015 4281 /* if we're decrypting, exor keystream into the message */ 3016 4282 if (enc_start) { 3017 status = cipher_decrypt(stream->rtcp_cipher,3018 (uint8_t *)enc_start,&enc_octet_len);4283 status = srtp_cipher_decrypt(session_keys->rtcp_cipher, (uint8_t *)enc_start, 4284 &enc_octet_len); 3019 4285 if (status) 3020 return err_status_cipher_fail;4286 return srtp_err_status_cipher_fail; 3021 4287 } 3022 4288 3023 4289 /* decrease the packet length by the length of the auth tag and seq_num */ 3024 4290 *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t)); 4291 4292 /* decrease the packet length by the length of the mki_size */ 4293 *pkt_octet_len -= mki_size; 3025 4294 3026 4295 /* … … 3028 4297 * length 3029 4298 */ 3030 *pkt_octet_len -= ekt_octets_after_base_tag(stream->ekt);4299 *pkt_octet_len -= srtp_ekt_octets_after_base_tag(stream->ekt); 3031 4300 3032 4301 /* … … 3076 4345 3077 4346 /* we've passed the authentication check, so add seq_num to the rdb */ 3078 rdb_add_index(&stream->rtcp_rdb, seq_num);4347 srtp_rdb_add_index(&stream->rtcp_rdb, seq_num); 3079 4348 3080 4349 3081 return err_status_ok;4350 return srtp_err_status_ok; 3082 4351 } 3083 4352 … … 3102 4371 */ 3103 4372 3104 err_status_t3105 crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy,3106 srtp_profile_t profile) {4373 srtp_err_status_t 4374 srtp_crypto_policy_set_from_profile_for_rtp(srtp_crypto_policy_t *policy, 4375 srtp_profile_t profile) { 3107 4376 3108 4377 /* set SRTP policy from the SRTP profile in the key set */ 3109 4378 switch(profile) { 3110 4379 case srtp_profile_aes128_cm_sha1_80: 3111 crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);4380 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); 3112 4381 break; 3113 4382 case srtp_profile_aes128_cm_sha1_32: 3114 crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);4383 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); 3115 4384 break; 3116 4385 case srtp_profile_null_sha1_80: 3117 crypto_policy_set_null_cipher_hmac_sha1_80(policy);4386 srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy); 3118 4387 break; 3119 case srtp_profile_aes256_cm_sha1_80: 3120 crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); 4388 #if defined(OPENSSL) 4389 case srtp_profile_aead_aes_128_gcm: 4390 srtp_crypto_policy_set_aes_gcm_128_16_auth(policy); 3121 4391 break; 3122 case srtp_profile_ae s256_cm_sha1_32:3123 crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);4392 case srtp_profile_aead_aes_256_gcm: 4393 srtp_crypto_policy_set_aes_gcm_256_16_auth(policy); 3124 4394 break; 4395 #endif 3125 4396 /* the following profiles are not (yet) supported */ 3126 4397 case srtp_profile_null_sha1_32: 3127 4398 default: 3128 return err_status_bad_param;3129 } 3130 3131 return err_status_ok;3132 } 3133 3134 err_status_t3135 crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy,3136 srtp_profile_t profile) {4399 return srtp_err_status_bad_param; 4400 } 4401 4402 return srtp_err_status_ok; 4403 } 4404 4405 srtp_err_status_t 4406 srtp_crypto_policy_set_from_profile_for_rtcp(srtp_crypto_policy_t *policy, 4407 srtp_profile_t profile) { 3137 4408 3138 4409 /* set SRTP policy from the SRTP profile in the key set */ 3139 4410 switch(profile) { 3140 4411 case srtp_profile_aes128_cm_sha1_80: 3141 crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);4412 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); 3142 4413 break; 3143 4414 case srtp_profile_aes128_cm_sha1_32: 3144 4415 /* We do not honor the 32-bit auth tag request since 3145 4416 * this is not compliant with RFC 3711 */ 3146 crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);4417 srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); 3147 4418 break; 3148 4419 case srtp_profile_null_sha1_80: 3149 crypto_policy_set_null_cipher_hmac_sha1_80(policy);4420 srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy); 3150 4421 break; 3151 case srtp_profile_aes256_cm_sha1_80: 3152 crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); 4422 #if defined(OPENSSL) 4423 case srtp_profile_aead_aes_128_gcm: 4424 srtp_crypto_policy_set_aes_gcm_128_16_auth(policy); 3153 4425 break; 3154 case srtp_profile_aes256_cm_sha1_32: 3155 /* We do not honor the 32-bit auth tag request since 3156 * this is not compliant with RFC 3711 */ 3157 crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); 4426 case srtp_profile_aead_aes_256_gcm: 4427 srtp_crypto_policy_set_aes_gcm_256_16_auth(policy); 3158 4428 break; 4429 #endif 3159 4430 /* the following profiles are not (yet) supported */ 3160 4431 case srtp_profile_null_sha1_32: 3161 4432 default: 3162 return err_status_bad_param; 3163 } 3164 3165 return err_status_ok; 3166 } 3167 3168 void 3169 append_salt_to_key(uint8_t *key, unsigned int bytes_in_key, 3170 uint8_t *salt, unsigned int bytes_in_salt) { 3171 4433 return srtp_err_status_bad_param; 4434 } 4435 4436 return srtp_err_status_ok; 4437 } 4438 4439 void srtp_append_salt_to_key(uint8_t *key, unsigned int bytes_in_key, uint8_t *salt, unsigned int bytes_in_salt) { 3172 4440 memcpy(key + bytes_in_key, salt, bytes_in_salt); 3173 3174 4441 } 3175 4442 … … 3179 4446 switch(profile) { 3180 4447 case srtp_profile_aes128_cm_sha1_80: 3181 return 16;4448 return SRTP_AES_128_KEY_LEN; 3182 4449 break; 3183 4450 case srtp_profile_aes128_cm_sha1_32: 3184 return 16;4451 return SRTP_AES_128_KEY_LEN; 3185 4452 break; 3186 4453 case srtp_profile_null_sha1_80: 3187 return 16;4454 return SRTP_AES_128_KEY_LEN; 3188 4455 break; 3189 case srtp_profile_ae s256_cm_sha1_80:3190 return 32;4456 case srtp_profile_aead_aes_128_gcm: 4457 return SRTP_AES_128_KEY_LEN; 3191 4458 break; 3192 case srtp_profile_ae s256_cm_sha1_32:3193 return 32;4459 case srtp_profile_aead_aes_256_gcm: 4460 return SRTP_AES_256_KEY_LEN; 3194 4461 break; 3195 4462 /* the following profiles are not (yet) supported */ … … 3205 4472 switch(profile) { 3206 4473 case srtp_profile_aes128_cm_sha1_80: 3207 return 14;4474 return SRTP_SALT_LEN; 3208 4475 break; 3209 4476 case srtp_profile_aes128_cm_sha1_32: 3210 return 14;4477 return SRTP_SALT_LEN; 3211 4478 break; 3212 4479 case srtp_profile_null_sha1_80: 3213 return 14;4480 return SRTP_SALT_LEN; 3214 4481 break; 3215 case srtp_profile_ae s256_cm_sha1_80:3216 return 14;4482 case srtp_profile_aead_aes_128_gcm: 4483 return SRTP_AEAD_SALT_LEN; 3217 4484 break; 3218 case srtp_profile_ae s256_cm_sha1_32:3219 return 14;4485 case srtp_profile_aead_aes_256_gcm: 4486 return SRTP_AEAD_SALT_LEN; 3220 4487 break; 3221 4488 /* the following profiles are not (yet) supported */ … … 3225 4492 } 3226 4493 } 4494 4495 srtp_err_status_t 4496 srtp_get_protect_trailer_length(srtp_t session, 4497 uint32_t use_mki, 4498 uint32_t mki_index, 4499 uint32_t *length) 4500 { 4501 srtp_stream_ctx_t *stream; 4502 4503 if (session == NULL) 4504 return srtp_err_status_bad_param; 4505 4506 *length = 0; 4507 4508 /* Try obtaining stream from stream_list */ 4509 stream = session->stream_list; 4510 4511 if (stream == NULL) { 4512 /* Try obtaining the template stream */ 4513 stream = session->stream_template; 4514 } 4515 4516 if (stream == NULL) { 4517 return srtp_err_status_bad_param; 4518 } 4519 4520 if (use_mki) { 4521 if (mki_index > stream->num_master_keys) 4522 return srtp_err_status_bad_mki; 4523 4524 *length += stream->session_keys[mki_index].mki_size; 4525 *length += srtp_auth_get_tag_length(stream->session_keys[mki_index].rtp_auth); 4526 } else { 4527 *length += srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth); 4528 } 4529 4530 return srtp_err_status_ok; 4531 } 4532 4533 srtp_err_status_t 4534 srtp_get_protect_rtcp_trailer_length(srtp_t session, 4535 uint32_t use_mki, 4536 uint32_t mki_index, 4537 uint32_t *length) 4538 { 4539 srtp_stream_ctx_t *stream; 4540 4541 if (session == NULL) 4542 return srtp_err_status_bad_param; 4543 4544 *length = 0; 4545 4546 /* Try obtaining stream from stream_list */ 4547 stream = session->stream_list; 4548 4549 if (stream == NULL) { 4550 /* Try obtaining the template stream */ 4551 stream = session->stream_template; 4552 } 4553 4554 if (stream == NULL) { 4555 return srtp_err_status_bad_param; 4556 } 4557 4558 if (use_mki) { 4559 if (mki_index > stream->num_master_keys) 4560 return srtp_err_status_bad_mki; 4561 4562 *length += stream->session_keys[mki_index].mki_size; 4563 *length += srtp_auth_get_tag_length(stream->session_keys[mki_index].rtcp_auth); 4564 } else { 4565 *length += srtp_auth_get_tag_length(stream->session_keys[0].rtcp_auth); 4566 } 4567 4568 *length += sizeof(srtcp_trailer_t); 4569 4570 return srtp_err_status_ok; 4571 } 4572 4573 4574 /* 4575 * SRTP debug interface 4576 */ 4577 srtp_err_status_t srtp_set_debug_module(const char *mod_name, int v) 4578 { 4579 return srtp_crypto_kernel_set_debug_module(mod_name, v); 4580 } 4581 4582 srtp_err_status_t srtp_list_debug_modules(void) 4583 { 4584 return srtp_crypto_kernel_list_debug_modules(); 4585 } 4586 4587 /* 4588 * srtp_log_handler is a global variable holding a pointer to the 4589 * log handler function; this function is called for any log 4590 * output. 4591 */ 4592 4593 static srtp_log_handler_func_t *srtp_log_handler = NULL; 4594 static void * srtp_log_handler_data = NULL; 4595 4596 void srtp_err_handler(srtp_err_reporting_level_t level, const char * msg) 4597 { 4598 if (srtp_log_handler) { 4599 srtp_log_level_t log_level = srtp_log_level_error; 4600 switch(level) { 4601 case srtp_err_level_error: log_level = srtp_log_level_error; break; 4602 case srtp_err_level_warning: log_level = srtp_log_level_warning; break; 4603 case srtp_err_level_info: log_level = srtp_log_level_info; break; 4604 case srtp_err_level_debug: log_level = srtp_log_level_debug; break; 4605 } 4606 4607 srtp_log_handler(log_level, msg, srtp_log_handler_data); 4608 } 4609 } 4610 4611 srtp_err_status_t srtp_install_log_handler(srtp_log_handler_func_t func, void * data) 4612 { 4613 4614 /* 4615 * note that we accept NULL arguments intentionally - calling this 4616 * function with a NULL arguments removes a log handler that's 4617 * been previously installed 4618 */ 4619 4620 if (srtp_log_handler) { 4621 srtp_install_err_report_handler(NULL); 4622 } 4623 srtp_log_handler = func; 4624 srtp_log_handler_data = data; 4625 if (srtp_log_handler) { 4626 srtp_install_err_report_handler(srtp_err_handler); 4627 } 4628 return srtp_err_status_ok; 4629 } 4630 4631 srtp_err_status_t 4632 srtp_set_stream_roc(srtp_t session, uint32_t ssrc, uint32_t roc) { 4633 srtp_stream_t stream; 4634 4635 stream = srtp_get_stream(session, htonl(ssrc)); 4636 if (stream == NULL) 4637 return srtp_err_status_bad_param; 4638 4639 stream->pending_roc = roc; 4640 4641 return srtp_err_status_ok; 4642 } 4643 4644 srtp_err_status_t 4645 srtp_get_stream_roc(srtp_t session, uint32_t ssrc, uint32_t *roc) { 4646 srtp_stream_t stream; 4647 4648 stream = srtp_get_stream(session, htonl(ssrc)); 4649 if (stream == NULL) 4650 return srtp_err_status_bad_param; 4651 4652 *roc = srtp_rdbx_get_roc(&stream->rtp_rdbx); 4653 4654 return srtp_err_status_ok; 4655 }
Note: See TracChangeset
for help on using the changeset viewer.