diff --git a/Makefile.am b/Makefile.am
index aedd64926c..bad25cec50 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -584,14 +584,11 @@ libs/apr-util/libaprutil-1.la: libs/apr/libapr-1.la libs/apr-util libs/apr-util/
SRTP_SRC = libs/srtp/srtp/srtp.c libs/srtp/srtp/ekt.c libs/srtp/crypto/cipher/cipher.c libs/srtp/crypto/cipher/null_cipher.c \
libs/srtp/crypto/cipher/aes.c libs/srtp/crypto/cipher/aes_icm.c \
- libs/srtp/crypto/cipher/aes_cbc.c \
libs/srtp/crypto/hash/null_auth.c libs/srtp/crypto/hash/sha1.c \
libs/srtp/crypto/hash/hmac.c libs/srtp/crypto/hash/auth.c \
libs/srtp/crypto/math/datatypes.c libs/srtp/crypto/math/stat.c \
libs/srtp/crypto/kernel/crypto_kernel.c libs/srtp/crypto/kernel/alloc.c \
- libs/srtp/crypto/kernel/key.c \
- libs/srtp/crypto/rng/prng.c libs/srtp/crypto/rng/ctr_prng.c \
- libs/srtp/crypto/kernel/err.c libs/srtp/crypto/rng/rand_source.c \
+ libs/srtp/crypto/kernel/key.c libs/srtp/crypto/kernel/err.c \
libs/srtp/crypto/replay/rdb.c libs/srtp/crypto/replay/rdbx.c libs/srtp/crypto/replay/ut_sim.c
libs/srtp/libsrtp.la: libs/srtp libs/srtp/.update $(SRTP_SRC)
diff --git a/libs/srtp/CHANGES b/libs/srtp/CHANGES
index 949c389334..a323af1965 100644
--- a/libs/srtp/CHANGES
+++ b/libs/srtp/CHANGES
@@ -1,223 +1,167 @@
Changelog
-1.3.20
+2.1.0
- Lots of changes. Thanks to Jeff Chan for catching a memory leak and
- helping track down the endian issues with the SSRCs.
+Compatibility changes
-1.3.8
+ PR #253 - Cipher type cleanup for AES
+ When libSRTP is compiled with OpenSSL and the AES 256 ICM cipher is used
+ with RTCP an incorrect initialization vector is formed.
+ This change will break backwards compatibility with older versions (1.5,
+ 2.0) of libSRTP when using the AES 256 ICM cipher with OpenSSL for RTCP.
- This is an interim release. Several little-endian bugs were identified
- and fixed; this means that we can use intel/linux for development again.
+ PR #259 - Sequence number incorrectly masked for AES GCM IV
+ The initialization vector for AES GCM encryption was incorrectly formed on
+ little endian machines.
+ This change will break backwards compatibility with older versions (1.5,
+ 2.0) of libSRTP when using the AES GCM cipher for RTCP.
- Cleaned up sha1 and hmac code significantly, got rid of some excess
- functions and properly documented the fuctions in the .h files.
+ PR #287 - Fix OOB read in key generation for encrypted headers with GCM ciphers
+ Adds padding of GCM salt to the corresponding ICM length used for header
+ encryption.
+ This change will break backwards compatibility with version 2.0 of libSRTP
+ when using the header encryption extension with the AES GCM cipher.
- Eliminated some vestigial files.
+Major changes
- There is a SIGBUS error in the AES encrypt function on sparc
- (observed on both solaris and openbsd) with gcc 2.95. Was unable to
- find bad pointer anywhere, so I'm wondering if it isn't a compiler
- problem (there's a known problem whose profile it fits). It doesn't
- appear on any other platform, even in the cipher_driver stress
- tests.
+ PR #204 - OpenSSL performance improvements
+ Changed key expansion to occur once per key instead of once per packet.
- Planned changes
+ PR #209 - Restore AES-192 under BoringSSL
+ BoringSSL supports AES-192 and is now enabled in libSRTP.
- Change interface to nonces (xtd_seq_num_t) so that it uses
- network byte ordering, and is consistent with other arguments.
+ PR #224 - Master Key Identifiers (MKI) Support patch
+ Adds MKI support with up to 4 keys.
+ PR #234 - Report SSRC instead of srtp_stream_t in srtp_event_data_t
+ srtp_stream_t is an opaque type making the event framework almost useless.
+ Now the SSRC is returned instead for use as a key in the public API.
-1.3.6
+ PR #238 - Configure changes and improvements
+ CFLAGS check more shell neutral, quotation fixes, always generate and
+ install pkg-config file, improved OpenSSL discovery and linking, remove
+ -fPIC flag on Windows, fix shared library generation under Cygwin, replace
+ hardcoded CFLAGS with compiler checks, and regenerate configure after
+ configure.in changes.
- Changed /dev/random (in configure.in and crypto/rng/rand_source.c) to
- /dev/urandom; the latter is non-blocking on all known platforms (which
- corrects some programs that seem to hang) and is actually present on
- Open BSD (unlike /dev/random, which only works in the presence of
- hardware supported random number generation).
+ PR #241 & PR #261 - Improved logging API to receive log messages from libSRTP
+ Provides a logging API and the ability to enable logging to stdout and a
+ file, as well as a switch to enable all internal debug modules.
- Added machine/types.h case in include/integers.h.
+ PR #289 - Added support for set and get the roll-over-counter
+ Adds an API to set and get the ROC in an (S)RTP session.
-1.3.5
+ PR #304 - Fix (S)RTP and (S)RTCP for big endian machines
+ The structures srtp_hdr_t, srtcp_hdr_t and srtcp_trailer_t were defined
+ incorrectly on big endian systems.
- Removing srtp_t::template and stream_clone().
+Other changes
- Adding a new policy structure, which will reflect a complete SRTP
- policy (including SRTCP).
+ PR #149 - Don't create a symlink if there is no $(SHAREDLIBVERSION)
- This version is *incomplete* and will undergo more changes. It is
- provided only as a basis for discussion.
+ PR #151 - Make srtp_driver compile for MIPS
-1.3.4
+ PR #160 - Use PKG_PROG_PKG_CONFIG to find correct pkg-config
- Removed tmmh.c and tmmh.h, which implemented version one of TMMH.
+ PR #167 - Additional RTCP and SRTCP tests
- Changed srtp_get_trailer_length() to act on streams rather than
- sessions, and documented the macro SRTP_MAX_TRAILER_LEN, which should
- usually be used rather than that function.
+ PR #169 - Identified merge conflict created by commit 6b71fb9
- Removed 'salt' from cipher input.
+ PR #173 - Avoid error 'possibly undefined macro: AM_PROG_AR'
- Changed rdbx to use err.h error codes.
+ PR #174 - Avoid warning 'The macro AC_TRY_LINK is obsolete.'
- Changed malloc() and free() to xalloc() and xfree; these functions
- are defined in crypto/kernel/alloc.c and declared in
- include/alloc.h.
+ PR #175 - Remove 2nd -fPIC
- Added 'output' functions to cipher, in addition to 'encrypt'
- functions. It is no longer necessary to zeroize a buffer before
- encrypting in order to get keystream.
+ PR #182 - Add a length check before reading packet data
- Changed octet_string_hex_string() so that "times two" isn't needed
- in its input.
+ PR #191 - On debug, output correct endianness of SSRC
- Added crypto_kernel_init() prior to command-line parsing, so that
- kernel can be passed command-line arguments, such as "-d
- debug_module". This was done to for the applications
- test/srtp-driver, test/kernel-driver, and test/ust-driver.
+ PR #192 - Replace octet_string_is_eq with a constant-time implementation
- Improved srtp_init_aes_128_prf - wrote key derivation function
- (srtp_kdf_t).
+ PR #195 - Add missing __cplusplus header guards
- Add the tag_len as an argument to the auth_compute() function, but
- not the corresponding macro. This change allows the tag length for
- a given auth func to be set to different values at initialization
- time. Previously, the structure auth_t contained the
- output_length, but that value was inaccessible from hmac_compute()
- and other functions.
+ PR #198 - Update sha1_driver.c to avoid memory leaks
- Re-named files from a-b.c to a_b.c. in order to help portability.
+ PR #202 - Add an explicit cast to avoid a printf format warning on macOS
- Re-named rijndael to aes (or aes_128 as appropriate).
+ PR #205 - Update Windows build files to Visual Studio 2015
+ PR #207 - Fix to install-win.bat syntax, and add installation of x64 libraries
-1.2.1
+ PR #208 - Make replace_cipher and replace_auth public again
- Changes so that 1.2.0 compiles on cygwin-win2k.
+ PR #211 - Changes for OpenSSL 1.1.0 compatibility
- Added better error reporting system. If syslog is present on the
- OS, then it is used.
+ PR #213 - Add cast to `unsigned int` in call to printf in test
+ PR #214 - Avoid empty initializer braces
-1.2.0 Many improvements and additions, and a fex fixes
+ PR #222 - Fix issue: No consistency when use some srtp_* functions
- Fixed endian issues in RTP header construction in the function
- rtp_sendto() in srtp/rtp.c.
+ PR #231 - Advance version on master in preparation for 2.1 release
- Implemented RIJNDAEL decryption operation, adding the functions
- rijndael_decrypt() and rijndael_expand_decryption_key(). Also
- re-named rijndael_expand_key() to rijndael_expand_encryption_key()
- for consistency.
+ PR #232 - Update Travis, do not build with OpenSSL on OSX
- Implemented random number source using /dev/random, in the files
- crypto/rng/rand_source.c and include/rand_source.h.
+ PR #233 - crypto/replay/rdbx.c: Return type of srtp_index_guess from int to
+ int32_t
- Added index check to SEAL cipher (only values less than 2^32 are
- allowed)
+ PR #236 - test/rtp_decoder.c: Removed superfluous conditional
- Added test case for null_auth authentication function.
+ PR #237 - test/rtp_decoder.c: spring cleaning
- Added a timing test which tests the effect of CPU cache thrash on
- cipher throughput. The test is done by the function
- cipher_test_throughput_array(); the function
- cipher_array_alloc_init() creates an array of ciphers for use in
- this test. This test can be accessed by using the -a flag to
- the application cipher-driver in the test subdirectory.
-
- Added argument processing to ust-driver.c, and added that app to
- the 'runtest' target in Makefile.in.
+ PR #239 - octet_string_set_to_zero() delegates to OPENSSL_cleanse() if
+ available, if not it will use srtp_cleanse() to zero memory
- A minor auth_t API change: last argument of auth_init() eliminated.
+ PR #243 - EKT is not really supported yet, remove from install
+ PR #244 - Add simple error checking in timing test to avoid false results
-1.0.6 A small but important fix
+ PR #245 - Add missing srtp_cipher_dealloc calls when test fails
- Fixed srtp_init_aes_128_prf() by adding octet_string_set_to_zero()
- after buffer allocation.
+ PR #246 - test/rtp_decoder: Add missing conditional
- Eliminated references to no-longer-existing variables in debugging
- code in srtp/srtp.c. This fixes the compilation failure that
- occured when using PRINT_DEBUG in that file.
+ PR #248 - New README.md that integrates intro, credits and references from
+ /doc/ and is used to generate documentation
- Corrected spelling of Richard Priestley's name in credits. Sorry
- Richard!
+ PR #249 - Remove support for generic aesicm from configure.in
+ PR #250 - Update README.md, incorrect tag for link
-1.0.5 Many little fixes
+ PR #255 - Cleanup outdated comment related to MKI
- Fixed octet_string_set_to_zero(), which was writing one
- more zero octet than it should. This bug caused srtp_protect()
- and srtp_unprotect() to overwrite the byte that followed the
- srtp packet.
+ PR #258 - Add AES-GCM to DTLS-SRTP Protection Profiles
- Changed sizeof(uint32_t) to srtp_get_trailer_length() in
- srtp-driver.c. This is just defensive coding.
+ PR #263 - Cleaning up and removing duplicated and outdated code
- Added NULL check to malloc in srtp_alloc().
+ PR #265 - Introduction of unit test framework: CUTest
+ PR #267 - crypto/kernel/err.c: Include datatypes.h
-1.0.4 Many minor fixes and two big ones (thanks for the bug reports!)
+ PR #272 - Reduce literal constants
- Removed 'ssrc' from the srtp_init_aes_128_prf() function argument
- list. This is so that applications which do not a priori know the
- ssrc which they will be receiving can still use libsrtp. Now the
- SSRC value is gleaned from the rtp header and exored into the
- counter mode offset in the srtp_protect() and srtp_unprotect()
- functions, if that cipher is used. This change cascaed through
- many other functions, including srtp_init_from_hex(),
- srtp_sender_init() and srtp_receiver_init() in rtp.c, and also
- changing the CLI to test/rtpw. In the future, another function
- call will be added to the library that enables multiple ssrc/key
- pairs to be installed into the same srtp session, so that libsrtp
- works with multiple srtp senders. For now, this functionality is
- lacking.
+ PR #273 - SRTP AEAD SRTCP initialization vector regression tests
- Removed the GDOI interface to the rtpw demo program. This will be
- added again at a later date, after the SRTP and GDOI distributions
- stabilize. For now, I've left in the GDOI #defines and autoconf
- definitions so that they'll be in place when needed.
+ PR #274 - Update Travis build - add ccache
- Updated tmmhv2_compute() so that it didn't assume any particular
- alginment of the output tag.
+ PR #276 - Reference and docs updates
- Changed bit field variables in srtp.h to unsigned char from
- unsigned int in order to avoid a potential endianness issue.
+ PR #278 - Removed crypto/test/auth_driver.c and test/lfsr.c
- Fixed rdbx_estimate_index() to handle all input cases. This solves
- the now notorious "abaft" bug in the rtpw demo app on linux/intel,
- in which spurious replay protection failures happen after that word
- is received.
+ PR #279 - Bump copyright year
- Added ntohs(hdr->seq) to srtp_protect and srtp_unprotect, removed
- from rijndael_icm_set_segment().
+ PR #283 - Add missing docs in srtp.h
- Added error checking and handling to srtp_sender_init() and
- srtp_receiver_init().
+ PR #284 - Add strict-prototypes warning if supported
- Changed srtp_alloc() so that it does what you'd expect: allocate an
- srtp_ctx_t structure. This hides the library internals.
+ PR #291 - Use const char * for srtp_set_debug_module()
+ PR #294 - Fix incorrect result of rdb_increment on overflow
-1.0.1 Many minor fixes
+ PR #300 - Standalone tests
- Added cipher_driver_buffer_test(...) to test/cipher-driver.c. This
- function checks that the byte-buffering functions used by a cipher
- are correct.
+ PR #301 - Configure fixes
- Fixed SunOS/Solaris build problems: added HAVE_SYS_INT_TYPES_H and
- changed index_t to xtd_seq_num_t (see include/rdbx.h).
-
- Fixed SEAL3.0 output byte buffering, added byte-buffering test to
- cipher/cipher-driver.c.
-
- Fixed roc-driver so that the non-sequential insertion test
- automatically recovers from bad estimates. This was required to
- prevent spurious failures.
-
- Made rdbx_estimate_index(...) function smarter, so that initial RTP
- sequence numbers greater than 32,768 don't cause it to estimate the
- rollover counter of 0xffffffff.
-
-
-1.0.0 Initial release
+ PR #302 - Fix warning regarding unused variable
+ PR #303 - Makefile.in: Add gnu as match for shared lib suffix
\ No newline at end of file
diff --git a/libs/srtp/LICENSE b/libs/srtp/LICENSE
index dd43240cae..af0a2ac312 100644
--- a/libs/srtp/LICENSE
+++ b/libs/srtp/LICENSE
@@ -1,6 +1,6 @@
/*
*
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
diff --git a/libs/srtp/Makefile.am b/libs/srtp/Makefile.am
index 88be99b4e0..fc34a04ad3 100644
--- a/libs/srtp/Makefile.am
+++ b/libs/srtp/Makefile.am
@@ -1,4 +1,4 @@
-AUTOMAKE_OPTIONS = gnu
+AUTOMAKE_OPTIONS = gnu subdir-objects
NAME=srtp
AM_CFLAGS = $(new_AM_CFLAGS) -I./src -Icrypto/include -I$(srcdir)/include -I$(srcdir)/crypto/include
@@ -6,10 +6,9 @@ AM_CPPFLAGS = $(AM_CFLAGS)
AM_LDFLAGS = $(new_AM_LDFLAGS) -L.
HMAC_OBJS = @HMAC_OBJS@
-RNG_EXTRA_OBJS = @RNG_EXTRA_OBJS@
AES_ICM_OBJS = @AES_ICM_OBJS@
-lib_LTLIBRARIES = libsrtp.la libcryptomath.la
+lib_LTLIBRARIES = libsrtp.la
libsrtp_la_SOURCES = srtp/srtp.c srtp/ekt.c crypto/cipher/cipher.c crypto/cipher/null_cipher.c \
crypto/hash/null_auth.c crypto/hash/auth.c \
crypto/math/datatypes.c crypto/math/stat.c \
@@ -24,39 +23,24 @@ EXTRA_DIST=
if ENABLE_OPENSSL
libsrtp_la_SOURCES += crypto/cipher/aes_icm_ossl.c crypto/cipher/aes_gcm_ossl.c
-libsrtp_la_SOURCES += crypto/rng/rand_source_ossl.c
libsrtp_la_SOURCES += crypto/hash/hmac_ossl.c
else
libsrtp_la_SOURCES += crypto/hash/sha1.c crypto/hash/hmac.c
-libsrtp_la_SOURCES += crypto/cipher/aes_icm.c crypto/cipher/aes.c crypto/cipher/aes_cbc.c
-libsrtp_la_SOURCES += crypto/rng/prng.c crypto/rng/ctr_prng.c
-if RNG_OBJS_LINUX
-libsrtp_la_SOURCES += crypto/rng/rand_linux_kernel.c
-EXTRA_DIST += crypto/rng/rand_source.c
-else
-libsrtp_la_SOURCES += crypto/rng/rand_source.c
-endif
+libsrtp_la_SOURCES += crypto/cipher/aes_icm.c crypto/cipher/aes.c
endif
if GDOI
libsrtp_la_SOURCES += gdoi/srtp+gdoi.c
endif
-libcryptomath_la_SOURCES = crypto/math/math.c crypto/math/gf2_8.c
-libcryptomath_la_LDFLAGS = -version-info 1:42:1
-
library_includedir = $(prefix)/include/srtp
-library_include_HEADERS = include/rtp.h include/srtp.h include/ut_sim.h crypto/include/aes_cbc.h crypto/include/auth.h \
- crypto/include/crypto_math.h crypto/include/datatypes.h crypto/include/integers.h crypto/include/null_cipher.h \
+library_include_HEADERS = include/rtp.h include/srtp.h include/ut_sim.h crypto/include/auth.h \
+ crypto/include/datatypes.h crypto/include/integers.h crypto/include/null_cipher.h \
crypto/include/rdbx.h crypto/include/aes_icm.h crypto/include/cipher.h crypto/include/crypto_types.h \
- crypto/include/err.h crypto/include/kernel_compat.h crypto/include/prng.h crypto/include/sha1.h \
- crypto/include/aes.h crypto/include/config.h crypto/include/crypto.h crypto/include/gf2_8.h crypto/include/key.h \
- crypto/include/rand_source.h crypto/include/stat.h crypto/include/alloc.h crypto/include/crypto_kernel.h \
- crypto/include/cryptoalg.h crypto/include/hmac.h crypto/include/null_auth.h crypto/include/rdb.h crypto/include/xfm.h
-
-noinst_PROGRAMS = aes_tables
-aes_tables_SOURCES = tables/aes_tables.c
-aes_tables_LDADD = libcryptomath.la
+ crypto/include/err.h crypto/include/sha1.h \
+ crypto/include/aes.h crypto/include/config.h crypto/include/key.h \
+ crypto/include/stat.h crypto/include/alloc.h crypto/include/crypto_kernel.h \
+ crypto/include/hmac.h crypto/include/null_auth.h crypto/include/rdb.h
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = srtp-1.42.pc
diff --git a/libs/srtp/README.md b/libs/srtp/README.md
new file mode 100644
index 0000000000..b63267ac50
--- /dev/null
+++ b/libs/srtp/README.md
@@ -0,0 +1,460 @@
+
+# Introduction to libSRTP
+
+This package provides an implementation of the Secure Real-time
+Transport Protocol (SRTP), the Universal Security Transform (UST), and
+a supporting cryptographic kernel. The SRTP API is documented in include/srtp.h,
+and the library is in libsrtp2.a (after compilation).
+
+This document describes libSRTP, the Open Source Secure RTP library
+from Cisco Systems, Inc. RTP is the Real-time Transport Protocol, an
+IETF standard for the transport of real-time data such as telephony,
+audio, and video, defined by [RFC 3550](https://www.ietf.org/rfc/rfc3550.txt).
+Secure RTP (SRTP) is an RTP profile for providing confidentiality to RTP data
+and authentication to the RTP header and payload. SRTP is an IETF Standard,
+defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt), and was developed
+in the IETF Audio/Video Transport (AVT) Working Group. This library supports
+all of the mandatory features of SRTP, but not all of the optional features. See
+the [Supported Features](#supported-features) section for more detailed information.
+
+This document is also used to generate the documentation files in the /doc/
+folder where a more detailed reference to the libSRTP API and related functions
+can be created (requires installing doxygen.). The reference material is created
+automatically from comments embedded in some of the C header files. The
+documentation is organized into modules in order to improve its clarity. These
+modules do not directly correspond to files. An underlying cryptographic kernel
+provides much of the basic functionality of libSRTP but is mostly undocumented
+because it does its work behind the scenes.
+
+--------------------------------------------------------------------------------
+
+
+# Contact Us
+
+- [libsrtp@lists.packetizer.com](mailto:libsrtp@lists.packetizer.com) general mailing list for news / announcements / discussions. This is an open list, see
+[https://lists.packetizer.com/mailman/listinfo/libsrtp](https://lists.packetizer.com/mailman/listinfo/libsrtp) for singing up.
+
+- [libsrtp-security@lists.packetizer.com](mailto:libsrtp-security@lists.packetizer.com) for disclosing security issues to the libsrtp maintenance team. This is a closed list but anyone can send to it.
+
+
+--------------------------------------------------------------------------------
+
+
+## Contents
+
+- [Introduction to libSRTP](#introduction-to-libsrtp)
+ - [Contact Us](#contact)
+ - [Contents](#contents)
+- [License and Disclaimer](#license-and-disclaimer)
+- [libSRTP Overview](#libsrtp-overview)
+ - [Secure RTP Background](#secure-rtp-background)
+ - [Supported Features](#supported-features)
+ - [Implementation Notes](#implementation-notes)
+- [Installing and Building libSRTP](#installing-and-building-libsrtp)
+- [Applications](#applications)
+ - [Example Code](#example-code)
+- [Credits](#credits)
+- [References](#references)
+
+--------------------------------------------------------------------------------
+
+
+# License and Disclaimer
+
+libSRTP is distributed under the following license, which is included
+in the source code distribution. It is reproduced in the manual in
+case you got the library from another source.
+
+> Copyright (c) 2001-2017 Cisco Systems, Inc. All rights reserved.
+>
+> Redistribution and use in source and binary forms, with or without
+> modification, are permitted provided that the following conditions
+> are met:
+>
+> - Redistributions of source code must retain the above copyright
+> notice, this list of conditions and the following disclaimer.
+> - Redistributions in binary form must reproduce the above copyright
+> notice, this list of conditions and the following disclaimer in
+> the documentation and/or other materials provided with the distribution.
+> - Neither the name of the Cisco Systems, Inc. nor the names of its
+> contributors may be used to endorse or promote products derived
+> from this software without specific prior written permission.
+>
+> THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+> "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+> LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+> FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+> COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+> INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+> (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+> SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+> HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+> STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+> ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+> OF THE POSSIBILITY OF SUCH DAMAGE.
+
+--------------------------------------------------------------------------------
+
+
+# libSRTP Overview
+
+libSRTP provides functions for protecting RTP and RTCP. RTP packets
+can be encrypted and authenticated (using the `srtp_protect()`
+function), turning them into SRTP packets. Similarly, SRTP packets
+can be decrypted and have their authentication verified (using the
+`srtp_unprotect()` function), turning them into RTP packets. Similar
+functions apply security to RTCP packets.
+
+The typedef `srtp_stream_t` points to a structure holding all of the
+state associated with an SRTP stream, including the keys and
+parameters for cipher and message authentication functions and the
+anti-replay data. A particular `srtp_stream_t` holds the information
+needed to protect a particular RTP and RTCP stream. This datatype
+is intentionally opaque in order to better seperate the libSRTP
+API from its implementation.
+
+Within an SRTP session, there can be multiple streams, each
+originating from a particular sender. Each source uses a distinct
+stream context to protect the RTP and RTCP stream that it is
+originating. The typedef `srtp_t` points to a structure holding all of
+the state associated with an SRTP session. There can be multiple
+stream contexts associated with a single `srtp_t`. A stream context
+cannot exist indepent from an `srtp_t`, though of course an `srtp_t` can
+be created that contains only a single stream context. A device
+participating in an SRTP session must have a stream context for each
+source in that session, so that it can process the data that it
+receives from each sender.
+
+In libSRTP, a session is created using the function `srtp_create()`.
+The policy to be implemented in the session is passed into this
+function as an `srtp_policy_t` structure. A single one of these
+structures describes the policy of a single stream. These structures
+can also be linked together to form an entire session policy. A linked
+list of `srtp_policy_t` structures is equivalent to a session policy.
+In such a policy, we refer to a single `srtp_policy_t` as an *element*.
+
+An `srtp_policy_t` strucutre contains two `crypto_policy_t` structures
+that describe the cryptograhic policies for RTP and RTCP, as well as
+the SRTP master key and the SSRC value. The SSRC describes what to
+protect (e.g. which stream), and the `crypto_policy_t` structures
+describe how to protect it. The key is contained in a policy element
+because it simplifies the interface to the library. In many cases, it
+is desirable to use the same cryptographic policies across all of the
+streams in a session, but to use a distinct key for each stream. A
+`crypto_policy_t` structure can be initialized by using either the
+`crypto_policy_set_rtp_default()` or `crypto_policy_set_rtcp_default()`
+functions, which set a crypto policy structure to the default policies
+for RTP and RTCP protection, respectively.
+
+--------------------------------------------------------------------------------
+
+
+## Secure RTP Background
+
+In this section we review SRTP and introduce some terms that are used
+in libSRTP. An RTP session is defined by a pair of destination
+transport addresses, that is, a network address plus a pair of UDP
+ports for RTP and RTCP. RTCP, the RTP control protocol, is used to
+coordinate between the participants in an RTP session, e.g. to provide
+feedback from receivers to senders. An *SRTP session* is
+similarly defined; it is just an RTP session for which the SRTP
+profile is being used. An SRTP session consists of the traffic sent
+to the SRTP or SRTCP destination transport addresses. Each
+participant in a session is identified by a synchronization source
+(SSRC) identifier. Some participants may not send any SRTP traffic;
+they are called receivers, even though they send out SRTCP traffic,
+such as receiver reports.
+
+RTP allows multiple sources to send RTP and RTCP traffic during the
+same session. The synchronization source identifier (SSRC) is used to
+distinguish these sources. In libSRTP, we call the SRTP and SRTCP
+traffic from a particular source a *stream*. Each stream has its own
+SSRC, sequence number, rollover counter, and other data. A particular
+choice of options, cryptographic mechanisms, and keys is called a
+*policy*. Each stream within a session can have a distinct policy
+applied to it. A session policy is a collection of stream policies.
+
+A single policy can be used for all of the streams in a given session,
+though the case in which a single *key* is shared across multiple
+streams requires care. When key sharing is used, the SSRC values that
+identify the streams **must** be distinct. This requirement can be
+enforced by using the convention that each SRTP and SRTCP key is used
+for encryption by only a single sender. In other words, the key is
+shared only across streams that originate from a particular device (of
+course, other SRTP participants will need to use the key for
+decryption). libSRTP supports this enforcement by detecting the case
+in which a key is used for both inbound and outbound data.
+
+--------------------------------------------------------------------------------
+
+
+## Supported Features
+
+This library supports all of the mandatory-to-implement features of
+SRTP (as defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt)). Some of these
+features can be selected (or de-selected) at run time by setting an
+appropriate policy; this is done using the structure `srtp_policy_t`.
+Some other behaviors of the protocol can be adapted by defining an
+approriate event handler for the exceptional events; see the SRTPevents
+section in the generated documentation.
+
+Some options that are described in the SRTP specification are not
+supported. This includes
+
+- key derivation rates other than zero,
+- the cipher F8,
+- the use of the packet index to select between master keys.
+
+The user should be aware that it is possible to misuse this libary,
+and that the result may be that the security level it provides is
+inadequate. If you are implementing a feature using this library, you
+will want to read the Security Considerations section of [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt).
+In addition, it is important that you read and understand the
+terms outlined in the [License and Disclaimer](#license-and-disclaimer) section.
+
+--------------------------------------------------------------------------------
+
+
+## Implementation Notes
+
+ * The `srtp_protect()` function assumes that the buffer holding the
+ rtp packet has enough storage allocated that the authentication
+ tag can be written to the end of that packet. If this assumption
+ is not valid, memory corruption will ensue.
+
+ * Automated tests for the crypto functions are provided through
+ the `cipher_type_self_test()` and `auth_type_self_test()` functions.
+ These functions should be used to test each port of this code
+ to a new platform.
+
+ * Replay protection is contained in the crypto engine, and
+ tests for it are provided.
+
+ * This implementation provides calls to initialize, protect, and
+ unprotect RTP packets, and makes as few as possible assumptions
+ about how these functions will be called. For example, the
+ caller is not expected to provide packets in order (though if
+ they're called more than 65k out of sequence, synchronization
+ will be lost).
+
+ * The sequence number in the rtp packet is used as the low 16 bits
+ of the sender's local packet index. Note that RTP will start its
+ sequence number in a random place, and the SRTP layer just jumps
+ forward to that number at its first invocation. An earlier
+ version of this library used initial sequence numbers that are
+ less than 32,768; this trick is no longer required as the
+ `rdbx_estimate_index(...)` function has been made smarter.
+
+ * The replay window for (S)RTCP is hardcoded to 128 bits in length.
+
+--------------------------------------------------------------------------------
+
+
+# Installing and Building libSRTP
+
+To install libSRTP, download the latest release of the distribution
+from [https://github.com/cisco/libsrtp/releases](https://github.com/cisco/libsrtp/releases).
+You probably want to get the most recent release. Unpack the distribution and
+extract the source files; the directory into which the source files
+will go is named `libsrtp-A-B-C` where `A` is the version number, `B` is the
+major release number and `C` is the minor release number.
+
+libSRTP uses the GNU `autoconf` and `make` utilities (BSD make will not work; if
+both versions of make are on your platform, you can invoke GNU make as
+`gmake`.). In the `libsrtp` directory, run the configure script and then
+make:
+
+~~~.txt
+./configure [ options ]
+make
+~~~
+
+The configure script accepts the following options:
+
+Option | Description
+-------------------------------|--------------------
+\-\-help \-h | Display help
+\-\-enable-debug-logging | Enable debug logging in all modules
+\-\-enable-log-stdout | Enable logging to stdout
+\-\-enable-openssl | Enable OpenSSL crypto engine
+\-\-enable-openssl-kdf | Enable OpenSSL KDF algorithm
+\-\-with-log-file | Use file for logging
+\-\-with-openssl-dir | Location of OpenSSL installation
+
+By default there is no log output, logging can be enabled to be output to stdout
+or a given file using the configure options.
+
+This package has been tested on the following platforms: Mac OS X
+(powerpc-apple-darwin1.4), Cygwin (i686-pc-cygwin), Solaris
+(sparc-sun-solaris2.6), RedHat Linux 7.1 and 9 (i686-pc-linux), and
+OpenBSD (sparc-unknown-openbsd2.7).
+
+--------------------------------------------------------------------------------
+
+
+# Applications
+
+Several test drivers and a simple and portable srtp application are
+included in the `test/` subdirectory.
+
+Test driver | Function tested
+--------- | -------
+kernel_driver | crypto kernel (ciphers, auth funcs, rng)
+srtp_driver | srtp in-memory tests (does not use the network)
+rdbx_driver | rdbx (extended replay database)
+roc_driver | extended sequence number functions
+replay_driver | replay database
+cipher_driver | ciphers
+auth_driver | hash functions
+
+The app `rtpw` is a simple rtp application which reads words from
+`/usr/dict/words` and then sends them out one at a time using [s]rtp.
+Manual srtp keying uses the -k option; automated key management
+using gdoi will be added later.
+
+usage:
+~~~.txt
+rtpw [[-d ]* [-k|b [-a][-e ][-g]] [-s | -r] dest_ip dest_port] | [-l]
+~~~
+
+Either the -s (sender) or -r (receiver) option must be chosen. The
+values `dest_ip`, `dest_port` are the IP address and UDP port to which
+the dictionary will be sent, respectively.
+
+The options are:
+
+Option | Description
+--------- | -------
+ -s | (S)RTP sender - causes app to send words
+ -r | (S)RTP receive - causes app to receive words
+ -k | use SRTP master key , where the key is a hexadecimal (without the leading "0x")
+ -b | same as -k but with base64 encoded key
+ -e | encrypt/decrypt (for data confidentiality) (requires use of -k option as well) (use 128, 192, or 256 for keysize)
+ -g | use AES-GCM mode (must be used with -e)
+ -a | message authentication (requires use of -k option as well)
+ -l | list the available debug modules
+ -d | turn on debugging for module
+
+In order to get random 30-byte values for use as key/salt pairs , you
+can use the following bash function to format the output of
+`/dev/random` (where that device is available).
+
+~~~.txt
+function randhex() {
+ cat /dev/random | od --read-bytes=32 --width=32 -x | awk '{ print $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 }'
+}
+~~~
+
+An example of an SRTP session using two rtpw programs follows:
+
+~~~.txt
+set k=c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451
+
+[sh1]$ test/rtpw -s -k $k -e 128 -a 0.0.0.0 9999
+Security services: confidentiality message authentication
+set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
+setting SSRC to 2078917053
+sending word: A
+sending word: a
+sending word: aa
+sending word: aal
+...
+
+[sh2]$ test/rtpw -r -k $k -e 128 -a 0.0.0.0 9999
+security services: confidentiality message authentication
+set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451
+19 octets received from SSRC 2078917053 word: A
+19 octets received from SSRC 2078917053 word: a
+20 octets received from SSRC 2078917053 word: aa
+21 octets received from SSRC 2078917053 word: aal
+...
+~~~
+
+--------------------------------------------------------------------------------
+
+
+## Example Code
+
+This section provides a simple example of how to use libSRTP. The
+example code lacks error checking, but is functional. Here we assume
+that the value ssrc is already set to describe the SSRC of the stream
+that we are sending, and that the functions `get_rtp_packet()` and
+`send_srtp_packet()` are available to us. The former puts an RTP packet
+into the buffer and returns the number of octets written to that
+buffer. The latter sends the RTP packet in the buffer, given the
+length as its second argument.
+
+~~~.c
+srtp_t session;
+srtp_policy_t policy;
+
+// Set key to predetermined value
+uint8_t key[30] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D};
+
+// initialize libSRTP
+srtp_init();
+
+// set policy to describe a policy for an SRTP stream
+crypto_policy_set_rtp_default(&policy.rtp);
+crypto_policy_set_rtcp_default(&policy.rtcp);
+policy.ssrc = ssrc;
+policy.key = key;
+policy.next = NULL;
+
+// allocate and initialize the SRTP session
+srtp_create(&session, &policy);
+
+// main loop: get rtp packets, send srtp packets
+while (1) {
+ char rtp_buffer[2048];
+ unsigned len;
+
+ len = get_rtp_packet(rtp_buffer);
+ srtp_protect(session, rtp_buffer, &len);
+ send_srtp_packet(rtp_buffer, len);
+}
+~~~
+
+--------------------------------------------------------------------------------
+
+
+# Credits
+
+The original implementation and documentation of libSRTP was written
+by David McGrew of Cisco Systems, Inc. in order to promote the use,
+understanding, and interoperability of Secure RTP. Michael Jerris
+contributed support for building under MSVC. Andris Pavenis
+contributed many important fixes. Brian West contributed changes to
+enable dynamic linking. Yves Shumann reported documentation bugs.
+Randell Jesup contributed a working SRTCP implementation and other
+fixes. Steve Underwood contributed x86_64 portability changes. We also give
+thanks to Fredrik Thulin, Brian Weis, Mark Baugher, Jeff Chan, Bill
+Simon, Douglas Smith, Bill May, Richard Preistley, Joe Tardo and
+others for contributions, comments, and corrections.
+
+This reference material, when applicable, in this documenation was generated
+using the doxygen utility for automatic documentation of source code.
+
+Copyright 2001-2005 by David A. McGrew, Cisco Systems, Inc.
+
+--------------------------------------------------------------------------------
+
+
+# References
+
+SRTP and ICM References
+September, 2005
+
+Secure RTP is defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt).
+The counter mode definition is in Section 4.1.1.
+
+SHA-1 is defined in [FIPS PUB 180-4](http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf).
+
+HMAC is defined in [RFC 2104](https://www.ietf.org/rfc/rfc2104.txt)
+and HMAC-SHA1 test vectors are available
+in [RFC 2202](https://www.ietf.org/rfc/rfc2202.txt).
+
+AES-GCM usage in SRTP is defined in [RFC 7714](https://www.ietf.org/html/rfc7714)
diff --git a/libs/srtp/VERSION b/libs/srtp/VERSION
index e516bb9d96..44e5be2f08 100644
--- a/libs/srtp/VERSION
+++ b/libs/srtp/VERSION
@@ -1 +1 @@
-1.4.5
+2.1.0-pre
diff --git a/libs/srtp/config.h_win32vc7 b/libs/srtp/config.h_win32vc7
new file mode 100644
index 0000000000..3b2a78c7b1
--- /dev/null
+++ b/libs/srtp/config.h_win32vc7
@@ -0,0 +1,162 @@
+/* Hacked config.h for Windows XP 32-bit & VC7 */
+
+#ifdef (_MSC_VER >= 1400)
+# define HAVE_RAND_S 1
+#endif
+
+/* Define if building for a CISC machine (e.g. Intel). */
+#define CPU_CISC 1
+
+/* Define if building for a RISC machine (assume slow byte access). */
+#undef CPU_RISC
+
+/* Path to random device */
+#undef DEV_URANDOM
+
+/* Define to enabled debug logging for all mudules. */
+#undef ENABLE_DEBUG_LOGGING
+
+/* Logging statments will be writen to this file. */
+#undef ERR_REPORTING_FILE
+
+/* Define to redirect logging to stdout. */
+#undef ERR_REPORTING_STDOUT
+
+/* Define to 1 if you have the header file. */
+#undef HAVE_ARPA_INET_H
+
+/* Define to 1 if you have the header file. */
+#undef HAVE_BYTESWAP_H
+
+/* Define to 1 if you have the `inet_aton' function. */
+#define HAVE_INET_ATON 1
+
+/* Define to 1 if the system has the type `int16_t'. */
+#undef HAVE_INT16_T
+
+/* Define to 1 if the system has the type `int32_t'. */
+#undef HAVE_INT32_T
+
+/* Define to 1 if the system has the type `int8_t'. */
+#undef HAVE_INT8_T
+
+/* Define to 1 if you have the header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+#undef HAVE_LIBSOCKET
+
+/* Define to 1 if you have the header file. */
+#undef HAVE_MACHINE_TYPES_H
+
+/* Define to 1 if you have the header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the header file. */
+#undef HAVE_NETINET_IN_H
+
+/* Define to 1 if you have the `socket' function. */
+#define HAVE_SOCKET 1
+
+/* Define to 1 if you have the header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the header file. */
+#undef HAVE_SYS_INT_TYPES_H
+
+/* Define to 1 if you have the header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the header file. */
+#undef HAVE_SYS_UIO_H
+
+/* Define to 1 if the system has the type `uint16_t'. */
+#undef HAVE_UINT16_T
+
+/* Define to 1 if the system has the type `uint32_t'. */
+#undef HAVE_UINT32_T
+
+/* Define to 1 if the system has the type `uint64_t'. */
+#undef HAVE_UINT64_T
+
+/* Define to 1 if the system has the type `uint8_t'. */
+#undef HAVE_UINT8_T
+
+/* Define to 1 if you have the header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the `usleep' function. */
+#define HAVE_USLEEP 1
+
+/* Define to 1 if you have the header file. */
+#define HAVE_WINDOWS_H 1
+
+/* Define to 1 if you have the header file. */
+#define HAVE_WINSOCK2_H 1
+
+/* Define to use X86 inlined assembly code */
+#undef HAVE_X86
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* The size of a `unsigned long', as computed by sizeof. */
+#define SIZEOF_UNSIGNED_LONG 4
+
+/* The size of a `unsigned long long', as computed by sizeof. */
+#define SIZEOF_UNSIGNED_LONG_LONG 8
+
+/* Define to use GDOI. */
+#undef SRTP_GDOI
+
+/* Define to compile for kernel contexts. */
+#undef SRTP_KERNEL
+
+/* Define to compile for Linux kernel context. */
+#undef SRTP_KERNEL_LINUX
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define to 1 if your processor stores words with the most significant byte
+ first (like Motorola and SPARC, unlike Intel and VAX). */
+#undef WORDS_BIGENDIAN
+
+/* Define to empty if `const' does not conform to ANSI C. */
+//#undef const
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+ calls it, or to nothing if 'inline' is not supported under any name. */
+//#ifndef __cplusplus
+//#undef inline
+//#endif
+#define inline __inline
+
+/* Define to `unsigned' if does not define. */
+//#undef size_t
diff --git a/libs/srtp/config.hw b/libs/srtp/config.hw
index 902598f3fc..33ad189fb3 100644
--- a/libs/srtp/config.hw
+++ b/libs/srtp/config.hw
@@ -3,6 +3,7 @@
#if (_MSC_VER >= 1400)
# define HAVE_RAND_S 1
+# define _CRT_RAND_S
#endif
/* Define if building for a CISC machine (e.g. Intel). */
@@ -11,20 +12,14 @@
/* Define if building for a RISC machine (assume slow byte access). */
/* #undef CPU_RISC */
-/* Path to random device */
-/* #define DEV_URANDOM "/dev/urandom" */
+/* Define to enabled debug logging for all mudules. */
+#undef ENABLE_DEBUG_LOGGING
-/* Define to compile in dynamic debugging system. */
-#define ENABLE_DEBUGGING 1
-
-/* Report errors to this file. */
+/* Logging statments will be writen to this file. */
/* #undef ERR_REPORTING_FILE */
-/* Define to use logging to stdout. */
-#define ERR_REPORTING_STDOUT 1
-
-/* Define this to use ISMAcryp code. */
-/* #undef GENERIC_AESICM */
+/* Define to redirect logging to stdout. */
+#undef ERR_REPORTING_STDOUT
/* Define to 1 if you have the header file. */
/* #undef HAVE_ARPA_INET_H */
@@ -74,9 +69,6 @@
/* Define to 1 if you have the header file. */
#define HAVE_STRING_H 1
-/* Define to 1 if you have the header file. */
-/* #undef HAVE_SYSLOG_H */
-
/* Define to 1 if you have the header file. */
/* #undef HAVE_SYS_INT_TYPES_H */
@@ -152,12 +144,6 @@
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
-/* Write errors to this file */
-/* #undef USE_ERR_REPORTING_FILE */
-
-/* Define to use syslog logging. */
-/* #undef USE_SYSLOG */
-
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
/* #undef WORDS_BIGENDIAN */
diff --git a/libs/srtp/config.hw.orig b/libs/srtp/config.hw.orig
new file mode 100644
index 0000000000..6fc65df677
--- /dev/null
+++ b/libs/srtp/config.hw.orig
@@ -0,0 +1,182 @@
+/* crypto/include/config.h. Generated by configure. */
+/* config_in.h. Generated from configure.in by autoheader. */
+
+#if (_MSC_VER >= 1400)
+# define HAVE_RAND_S 1
+# define _CRT_RAND_S
+#endif
+
+/* Define if building for a CISC machine (e.g. Intel). */
+#define CPU_CISC 1
+
+/* Define if building for a RISC machine (assume slow byte access). */
+/* #undef CPU_RISC */
+
+/* Define to enabled debug logging for all mudules. */
+#undef ENABLE_DEBUG_LOGGING
+
+/* Logging statments will be writen to this file. */
+/* #undef ERR_REPORTING_FILE */
+
+/* Define to redirect logging to stdout. */
+#undef ERR_REPORTING_STDOUT
+
+/* Define to 1 if you have the header file. */
+/* #undef HAVE_ARPA_INET_H */
+
+/* Define to 1 if you have the header file. */
+/* #undef HAVE_BYTESWAP_H */
+
+/* Define to 1 if you have the `inet_aton' function. */
+/* #undef HAVE_INET_ATON */
+
+/* Define to 1 if the system has the type `int16_t'. */
+#define HAVE_INT16_T 1
+
+/* Define to 1 if the system has the type `int32_t'. */
+#define HAVE_INT32_T 1
+
+/* Define to 1 if the system has the type `int8_t'. */
+#define HAVE_INT8_T 1
+
+/* Define to 1 if you have the header file. */
+/* #undef HAVE_INTTYPES_H */
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+/* #undef HAVE_LIBSOCKET */
+
+/* Define to 1 if you have the header file. */
+/* #undef HAVE_MACHINE_TYPES_H */
+
+/* Define to 1 if you have the header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the header file. */
+/* #undef HAVE_NETINET_IN_H */
+
+/* Define to 1 if you have the `socket' function. */
+/* #undef HAVE_SOCKET */
+
+/* Define to 1 if you have the header file. */
+/* #undef HAVE_STDINT_H */
+
+/* Define to 1 if you have the header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the header file. */
+/* #undef HAVE_SYS_INT_TYPES_H */
+
+/* Define to 1 if you have the header file. */
+/* #undef HAVE_SYS_SOCKET_H */
+
+/* Define to 1 if you have the header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the header file. */
+/* #undef HAVE_SYS_UIO_H */
+
+/* Define to 1 if the system has the type `uint16_t'. */
+#define HAVE_UINT16_T 1
+
+/* Define to 1 if the system has the type `uint32_t'. */
+#define HAVE_UINT32_T 1
+
+/* Define to 1 if the system has the type `uint64_t'. */
+#define HAVE_UINT64_T 1
+
+/* Define to 1 if the system has the type `uint8_t'. */
+#define HAVE_UINT8_T 1
+
+/* Define to 1 if you have the header file. */
+/* #undef HAVE_UNISTD_H */
+
+/* Define to 1 if you have the `usleep' function. */
+/* #undef HAVE_USLEEP */
+
+/* Define to 1 if you have the header file. */
+#define HAVE_WINDOWS_H 1
+
+/* Define to 1 if you have the header file. */
+#define HAVE_WINSOCK2_H 1
+
+/* Define to use X86 inlined assembly code */
+/* #undef HAVE_X86 */
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT ""
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME ""
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING ""
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME ""
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION ""
+
+/* The size of a `unsigned long', as computed by sizeof. */
+#define SIZEOF_UNSIGNED_LONG 4
+
+/* The size of a `unsigned long long', as computed by sizeof. */
+#define SIZEOF_UNSIGNED_LONG_LONG 8
+
+/* Define to use GDOI. */
+/* #undef SRTP_GDOI */
+
+/* Define to compile for kernel contexts. */
+/* #undef SRTP_KERNEL */
+
+/* Define to compile for Linux kernel context. */
+/* #undef SRTP_KERNEL_LINUX */
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* Define to 1 if your processor stores words with the most significant byte
+ first (like Motorola and SPARC, unlike Intel and VAX). */
+/* #undef WORDS_BIGENDIAN */
+
+/* Define to empty if `const' does not conform to ANSI C. */
+/* #undef const */
+
+/* Define 'inline' to nothing, since the MSVC compiler doesn't support it. */
+#define inline
+
+/* Define to `unsigned' if does not define. */
+/* #undef size_t */
+
+#if (_MSC_VER >= 1400) // VC8+
+#ifndef _CRT_SECURE_NO_DEPRECATE
+#define _CRT_SECURE_NO_DEPRECATE
+#endif
+#ifndef _CRT_NONSTDC_NO_DEPRECATE
+#define _CRT_NONSTDC_NO_DEPRECATE
+#endif
+#endif // VC8+
+
+#ifndef uint32_t
+typedef unsigned __int8 uint8_t;
+typedef unsigned __int16 uint16_t;
+typedef unsigned __int32 uint32_t;
+typedef unsigned __int64 uint64_t;
+typedef __int8 int8_t;
+typedef __int16 int16_t;
+typedef __int32 int32_t;
+typedef __int64 int64_t;
+#endif
+
+#ifdef _MSC_VER
+#pragma warning(disable:4311)
+#endif
diff --git a/libs/srtp/configure.ac b/libs/srtp/configure.ac
index ba35f8b995..35803dac97 100644
--- a/libs/srtp/configure.ac
+++ b/libs/srtp/configure.ac
@@ -266,7 +266,6 @@ if test "$enable_openssl" = "yes"; then
[AC_MSG_FAILURE([can't find openssl >1.0.1 crypto lib])])
AC_DEFINE(OPENSSL, 1, [Define this to use OpenSSL crypto.])
AES_ICM_OBJS="crypto/cipher/aes_icm_ossl.o crypto/cipher/aes_gcm_ossl.o"
- RNG_OBJS=rand_source_ossl.o
HMAC_OBJS=crypto/hash/hmac_ossl.o
USE_OPENSSL=1
AC_SUBST(USE_OPENSSL)
@@ -275,10 +274,8 @@ else
AES_ICM_OBJS="crypto/cipher/aes_icm.o crypto/cipher/aes.o crypto/cipher/aes_cbc.o"
AC_MSG_CHECKING(which random device to use)
if test "$enable_kernel_linux" = "yes"; then
- RNG_OBJS=rand_linux_kernel.o
AC_MSG_RESULT([Linux kernel builtin])
else
- RNG_OBJS=rand_source.o
if test -n "$DEV_URANDOM"; then
AC_DEFINE_UNQUOTED(DEV_URANDOM, "$DEV_URANDOM",[Path to random device])
AC_MSG_RESULT([$DEV_URANDOM])
@@ -286,15 +283,11 @@ else
AC_MSG_RESULT([standard rand() function...])
fi
fi
- RNG_EXTRA_OBJS="crypto/rng/prng.o crypto/rng/ctr_prng.o"
HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o"
fi
AM_CONDITIONAL([ENABLE_OPENSSL],[test "${enable_openssl}" = "yes"])
-AM_CONDITIONAL([RNG_OBJS_LINUX], test x$enable_kernel_linux = xyes)
AC_SUBST(AES_ICM_OBJS)
-AC_SUBST(RNG_OBJS)
-AC_SUBST(RNG_EXTRA_OBJS)
AC_SUBST(HMAC_OBJS)
AC_MSG_RESULT($enable_openssl)
@@ -343,13 +336,11 @@ AC_CONFIG_HEADERS(crypto/include/config.h:config_in.h)
AC_OUTPUT(Makefile crypto/Makefile doc/Makefile test/Makefile srtp-1.42.pc)
# This is needed when building outside the source dir.
-AS_MKDIR_P(crypto/ae_xfm)
AS_MKDIR_P(crypto/cipher)
AS_MKDIR_P(crypto/hash)
AS_MKDIR_P(crypto/kernel)
AS_MKDIR_P(crypto/math)
AS_MKDIR_P(crypto/replay)
-AS_MKDIR_P(crypto/rng)
AS_MKDIR_P(crypto/test)
AS_MKDIR_P(doc)
AS_MKDIR_P(srtp)
diff --git a/libs/srtp/crypto/.cvsignore b/libs/srtp/crypto/.cvsignore
deleted file mode 100644
index f3c7a7c5da..0000000000
--- a/libs/srtp/crypto/.cvsignore
+++ /dev/null
@@ -1 +0,0 @@
-Makefile
diff --git a/libs/srtp/crypto/VERSION b/libs/srtp/crypto/VERSION
deleted file mode 100644
index 3eefcb9dd5..0000000000
--- a/libs/srtp/crypto/VERSION
+++ /dev/null
@@ -1 +0,0 @@
-1.0.0
diff --git a/libs/srtp/crypto/ae_xfm/xfm.c b/libs/srtp/crypto/ae_xfm/xfm.c
deleted file mode 100644
index 997ccbc282..0000000000
--- a/libs/srtp/crypto/ae_xfm/xfm.c
+++ /dev/null
@@ -1,570 +0,0 @@
-/*
- * xfm.c
- *
- * Crypto transform implementation
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-#include "cryptoalg.h"
-#include "aes_cbc.h"
-#include "hmac.h"
-#include "crypto_kernel.h" /* for crypto_get_random() */
-
-#define KEY_LEN 16
-#define ENC_KEY_LEN 16
-#define MAC_KEY_LEN 16
-#define IV_LEN 16
-#define TAG_LEN 12
-#define MAX_EXPAND 27
-
-err_status_t
-aes_128_cbc_hmac_sha1_96_func(void *key,
- void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len,
- void *auth_tag) {
- aes_cbc_ctx_t aes_ctx;
- hmac_ctx_t hmac_ctx;
- unsigned char enc_key[ENC_KEY_LEN];
- unsigned char mac_key[MAC_KEY_LEN];
- err_status_t status;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-
- /* derive encryption and authentication keys from the input key */
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
- if (status) return status;
-
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
- if (status) return status;
-
-
- /* perform encryption and authentication */
-
- /* set aes key */
- status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_encrypt);
- if (status) return status;
-
- /* set iv */
- status = crypto_get_random(iv, IV_LEN);
- if (status) return status;
- status = aes_cbc_set_iv(&aes_ctx, iv);
-
- /* encrypt the opaque data */
- status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len);
- if (status) return status;
-
- /* authenticate clear and opaque data */
- status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
- if (status) return status;
-
- status = hmac_start(&hmac_ctx);
- if (status) return status;
-
- status = hmac_update(&hmac_ctx, clear, clear_len);
- if (status) return status;
-
- status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag);
- if (status) return status;
-
- }
-
- return err_status_ok;
-}
-
-err_status_t
-aes_128_cbc_hmac_sha1_96_inv(void *key,
- void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len,
- void *auth_tag) {
- aes_cbc_ctx_t aes_ctx;
- hmac_ctx_t hmac_ctx;
- unsigned char enc_key[ENC_KEY_LEN];
- unsigned char mac_key[MAC_KEY_LEN];
- unsigned char tmp_tag[TAG_LEN];
- unsigned char *tag = auth_tag;
- err_status_t status;
- int i;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-
- /* derive encryption and authentication keys from the input key */
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
- if (status) return status;
-
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
- if (status) return status;
-
- /* perform encryption and authentication */
-
- /* set aes key */
- status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_decrypt);
- if (status) return status;
-
- /* set iv */
- status = rand_source_get_octet_string(iv, IV_LEN);
- if (status) return status;
- status = aes_cbc_set_iv(&aes_ctx, iv);
-
- /* encrypt the opaque data */
- status = aes_cbc_nist_decrypt(&aes_ctx, opaque, opaque_len);
- if (status) return status;
-
- /* authenticate clear and opaque data */
- status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
- if (status) return status;
-
- status = hmac_start(&hmac_ctx);
- if (status) return status;
-
- status = hmac_update(&hmac_ctx, clear, clear_len);
- if (status) return status;
-
- status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, tmp_tag);
- if (status) return status;
-
- /* compare the computed tag with the one provided as input */
- for (i=0; i < TAG_LEN; i++)
- if (tmp_tag[i] != tag[i])
- return err_status_auth_fail;
-
- }
-
- return err_status_ok;
-}
-
-
-#define ENC 1
-
-#define DEBUG_PRINT 0
-
-err_status_t
-aes_128_cbc_hmac_sha1_96_enc(void *key,
- const void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len) {
- aes_cbc_ctx_t aes_ctx;
- hmac_ctx_t hmac_ctx;
- unsigned char enc_key[ENC_KEY_LEN];
- unsigned char mac_key[MAC_KEY_LEN];
- unsigned char *auth_tag;
- err_status_t status;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-
-#if DEBUG_PRINT
- printf("ENC using key %s\n", octet_string_hex_string(key, KEY_LEN));
-#endif
-
- /* derive encryption and authentication keys from the input key */
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
- if (status) return status;
-
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
- if (status) return status;
-
-
- /* perform encryption and authentication */
-
- /* set aes key */
- status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_encrypt);
- if (status) return status;
-
- /* set iv */
- status = rand_source_get_octet_string(iv, IV_LEN);
- if (status) return status;
- status = aes_cbc_set_iv(&aes_ctx, iv);
- if (status) return status;
-
-#if DEBUG_PRINT
- printf("plaintext len: %d\n", *opaque_len);
- printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN));
- printf("plaintext: %s\n", octet_string_hex_string(opaque, *opaque_len));
-#endif
-
-#if ENC
- /* encrypt the opaque data */
- status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len);
- if (status) return status;
-#endif
-
-#if DEBUG_PRINT
- printf("ciphertext len: %d\n", *opaque_len);
- printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len));
-#endif
-
- /*
- * authenticate clear and opaque data, then write the
- * authentication tag to the location immediately following the
- * ciphertext
- */
- status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
- if (status) return status;
-
- status = hmac_start(&hmac_ctx);
- if (status) return status;
-
- status = hmac_update(&hmac_ctx, clear, clear_len);
- if (status) return status;
-#if DEBUG_PRINT
- printf("hmac input: %s\n",
- octet_string_hex_string(clear, clear_len));
-#endif
- auth_tag = (unsigned char *)opaque;
- auth_tag += *opaque_len;
- status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag);
- if (status) return status;
-#if DEBUG_PRINT
- printf("hmac input: %s\n",
- octet_string_hex_string(opaque, *opaque_len));
-#endif
- /* bump up the opaque_len to reflect the authentication tag */
- *opaque_len += TAG_LEN;
-
-#if DEBUG_PRINT
- printf("prot data len: %d\n", *opaque_len);
- printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len));
-#endif
- }
-
- return err_status_ok;
-}
-
-err_status_t
-aes_128_cbc_hmac_sha1_96_dec(void *key,
- const void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len) {
- aes_cbc_ctx_t aes_ctx;
- hmac_ctx_t hmac_ctx;
- unsigned char enc_key[ENC_KEY_LEN];
- unsigned char mac_key[MAC_KEY_LEN];
- unsigned char tmp_tag[TAG_LEN];
- unsigned char *auth_tag;
- unsigned ciphertext_len;
- err_status_t status;
- int i;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-#if DEBUG_PRINT
- printf("DEC using key %s\n", octet_string_hex_string(key, KEY_LEN));
-#endif
-
- /* derive encryption and authentication keys from the input key */
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key);
- if (status) return status;
-
- status = hmac_init(&hmac_ctx, key, KEY_LEN);
- if (status) return status;
- status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key);
- if (status) return status;
-
-#if DEBUG_PRINT
- printf("prot data len: %d\n", *opaque_len);
- printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len));
-#endif
-
- /*
- * set the protected data length to that of the ciphertext, by
- * subtracting out the length of the authentication tag
- */
- ciphertext_len = *opaque_len - TAG_LEN;
-
-#if DEBUG_PRINT
- printf("ciphertext len: %d\n", ciphertext_len);
-#endif
- /* verify the authentication tag */
-
- /*
- * compute the authentication tag for the clear and opaque data,
- * and write it to a temporary location
- */
- status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN);
- if (status) return status;
-
- status = hmac_start(&hmac_ctx);
- if (status) return status;
-
- status = hmac_update(&hmac_ctx, clear, clear_len);
- if (status) return status;
-
-#if DEBUG_PRINT
- printf("hmac input: %s\n",
- octet_string_hex_string(clear, clear_len));
-#endif
-
- status = hmac_compute(&hmac_ctx, opaque, ciphertext_len, TAG_LEN, tmp_tag);
- if (status) return status;
-
-#if DEBUG_PRINT
- printf("hmac input: %s\n",
- octet_string_hex_string(opaque, ciphertext_len));
-#endif
-
- /*
- * compare the computed tag with the one provided as input (which
- * immediately follows the ciphertext)
- */
- auth_tag = (unsigned char *)opaque;
- auth_tag += ciphertext_len;
-#if DEBUG_PRINT
- printf("auth_tag: %s\n", octet_string_hex_string(auth_tag, TAG_LEN));
- printf("tmp_tag: %s\n", octet_string_hex_string(tmp_tag, TAG_LEN));
-#endif
- for (i=0; i < TAG_LEN; i++) {
- if (tmp_tag[i] != auth_tag[i])
- return err_status_auth_fail;
- }
-
- /* bump down the opaque_len to reflect the authentication tag */
- *opaque_len -= TAG_LEN;
-
- /* decrypt the confidential data */
- status = aes_cbc_context_init(&aes_ctx, key, ENC_KEY_LEN, direction_decrypt);
- if (status) return status;
- status = aes_cbc_set_iv(&aes_ctx, iv);
- if (status) return status;
-
-#if DEBUG_PRINT
- printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len));
- printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN));
-#endif
-
-#if ENC
- status = aes_cbc_nist_decrypt(&aes_ctx, opaque, &ciphertext_len);
- if (status) return status;
-#endif
-
-#if DEBUG_PRINT
- printf("plaintext len: %d\n", ciphertext_len);
- printf("plaintext: %s\n",
- octet_string_hex_string(opaque, ciphertext_len));
-#endif
-
- /* indicate the length of the plaintext */
- *opaque_len = ciphertext_len;
- }
-
- return err_status_ok;
-}
-
-cryptoalg_ctx_t cryptoalg_ctx = {
- aes_128_cbc_hmac_sha1_96_enc,
- aes_128_cbc_hmac_sha1_96_dec,
- KEY_LEN,
- IV_LEN,
- TAG_LEN,
- MAX_EXPAND,
-};
-
-cryptoalg_t cryptoalg = &cryptoalg_ctx;
-
-#define NULL_TAG_LEN 12
-
-err_status_t
-null_enc(void *key,
- const void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len) {
- int i;
- unsigned char *auth_tag;
- unsigned char *init_vec = iv;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-
-#if DEBUG_PRINT
- printf("NULL ENC using key %s\n", octet_string_hex_string(key, KEY_LEN));
- printf("NULL_TAG_LEN: %d\n", NULL_TAG_LEN);
- printf("plaintext len: %d\n", *opaque_len);
-#endif
- for (i=0; i < IV_LEN; i++)
- init_vec[i] = i + (i * 16);
-#if DEBUG_PRINT
- printf("iv: %s\n",
- octet_string_hex_string(iv, IV_LEN));
- printf("plaintext: %s\n",
- octet_string_hex_string(opaque, *opaque_len));
-#endif
- auth_tag = opaque;
- auth_tag += *opaque_len;
- for (i=0; i < NULL_TAG_LEN; i++)
- auth_tag[i] = i + (i * 16);
- *opaque_len += NULL_TAG_LEN;
-#if DEBUG_PRINT
- printf("protected data len: %d\n", *opaque_len);
- printf("protected data: %s\n",
- octet_string_hex_string(opaque, *opaque_len));
-#endif
-
- }
-
- return err_status_ok;
-}
-
-err_status_t
-null_dec(void *key,
- const void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len) {
- unsigned char *auth_tag;
-
- /* check if we're doing authentication only */
- if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) {
-
- /* perform authentication only */
-
- } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) {
-
- /*
- * bad parameter - we expect either all three pointers to be NULL,
- * or none of those pointers to be NULL
- */
- return err_status_fail;
-
- } else {
-
-#if DEBUG_PRINT
- printf("NULL DEC using key %s\n", octet_string_hex_string(key, KEY_LEN));
-
- printf("protected data len: %d\n", *opaque_len);
- printf("protected data: %s\n",
- octet_string_hex_string(opaque, *opaque_len));
-#endif
- auth_tag = opaque;
- auth_tag += (*opaque_len - NULL_TAG_LEN);
-#if DEBUG_PRINT
- printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN));
-#endif
- *opaque_len -= NULL_TAG_LEN;
-#if DEBUG_PRINT
- printf("plaintext len: %d\n", *opaque_len);
- printf("plaintext: %s\n",
- octet_string_hex_string(opaque, *opaque_len));
-#endif
- }
-
- return err_status_ok;
-}
-
-cryptoalg_ctx_t null_cryptoalg_ctx = {
- null_enc,
- null_dec,
- KEY_LEN,
- IV_LEN,
- NULL_TAG_LEN,
- MAX_EXPAND,
-};
-
-cryptoalg_t null_cryptoalg = &null_cryptoalg_ctx;
-
-int
-cryptoalg_get_id(cryptoalg_t c) {
- if (c == cryptoalg)
- return 1;
- return 0;
-}
-
-cryptoalg_t
-cryptoalg_find_by_id(int id) {
- switch(id) {
- case 1:
- return cryptoalg;
- default:
- break;
- }
- return 0;
-}
diff --git a/libs/srtp/crypto/cipher/aes.c b/libs/srtp/crypto/cipher/aes.c
index a17b9e4993..a4d6bb630e 100644
--- a/libs/srtp/crypto/cipher/aes.c
+++ b/libs/srtp/crypto/cipher/aes.c
@@ -8,26 +8,26 @@
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -43,12 +43,15 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
#include "aes.h"
#include "err.h"
-/*
- * we use the tables T0, T1, T2, T3, and T4 to compute AES, and
+/*
+ * we use the tables T0, T1, T2, T3, and T4 to compute AES, and
* the tables U0, U1, U2, and U4 to compute its inverse
*
* different tables are used on little-endian (Intel, VMS) and
@@ -61,2005 +64,2091 @@
#ifndef WORDS_BIGENDIAN
-static uint32_t T0[256] = {
- 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
- 0xdf2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
- 0x50303060, 0x3010102, 0xa96767ce, 0x7d2b2b56,
- 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
- 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
- 0x15fafaef, 0xeb5959b2, 0xc947478e, 0xbf0f0fb,
- 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
- 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
- 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
- 0x5a36366c, 0x413f3f7e, 0x2f7f7f5, 0x4fcccc83,
- 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x8f1f1f9,
- 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
- 0xc040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
- 0x28181830, 0xa1969637, 0xf05050a, 0xb59a9a2f,
- 0x907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
- 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
- 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
- 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
- 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
- 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
- 0xf55353a6, 0x68d1d1b9, 0x0, 0x2cededc1,
- 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
- 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
- 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
- 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
- 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
- 0xcf45458a, 0x10f9f9e9, 0x6020204, 0x817f7ffe,
- 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
- 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
- 0xad92923f, 0xbc9d9d21, 0x48383870, 0x4f5f5f1,
- 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
- 0x30101020, 0x1affffe5, 0xef3f3fd, 0x6dd2d2bf,
- 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
- 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
- 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
- 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
- 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
- 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
- 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
- 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
- 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
- 0xdb494992, 0xa06060c, 0x6c242448, 0xe45c5cb8,
- 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
- 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
- 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
- 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
- 0xb46c6cd8, 0xfa5656ac, 0x7f4f4f3, 0x25eaeacf,
- 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
- 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
- 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
- 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
- 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
- 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
- 0xd8484890, 0x5030306, 0x1f6f6f7, 0x120e0e1c,
- 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
- 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
- 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
- 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
- 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
- 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
- 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
- 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
- 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
- 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c,
+static const uint32_t T0[256] = {
+ 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
+ 0xdf2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
+ 0x50303060, 0x3010102, 0xa96767ce, 0x7d2b2b56,
+ 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
+ 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
+ 0x15fafaef, 0xeb5959b2, 0xc947478e, 0xbf0f0fb,
+ 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
+ 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
+ 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
+ 0x5a36366c, 0x413f3f7e, 0x2f7f7f5, 0x4fcccc83,
+ 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x8f1f1f9,
+ 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
+ 0xc040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
+ 0x28181830, 0xa1969637, 0xf05050a, 0xb59a9a2f,
+ 0x907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
+ 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
+ 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
+ 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
+ 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
+ 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
+ 0xf55353a6, 0x68d1d1b9, 0x0, 0x2cededc1,
+ 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
+ 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
+ 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
+ 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
+ 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
+ 0xcf45458a, 0x10f9f9e9, 0x6020204, 0x817f7ffe,
+ 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
+ 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
+ 0xad92923f, 0xbc9d9d21, 0x48383870, 0x4f5f5f1,
+ 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
+ 0x30101020, 0x1affffe5, 0xef3f3fd, 0x6dd2d2bf,
+ 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
+ 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
+ 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
+ 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
+ 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
+ 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
+ 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
+ 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
+ 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
+ 0xdb494992, 0xa06060c, 0x6c242448, 0xe45c5cb8,
+ 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
+ 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
+ 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
+ 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
+ 0xb46c6cd8, 0xfa5656ac, 0x7f4f4f3, 0x25eaeacf,
+ 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
+ 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
+ 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
+ 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
+ 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
+ 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
+ 0xd8484890, 0x5030306, 0x1f6f6f7, 0x120e0e1c,
+ 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
+ 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
+ 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
+ 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
+ 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
+ 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
+ 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
+ 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
+ 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
+ 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c,
};
-static uint32_t T1[256] = {
- 0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d,
- 0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154,
- 0x30306050, 0x1010203, 0x6767cea9, 0x2b2b567d,
- 0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a,
- 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87,
- 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b,
- 0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea,
- 0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b,
- 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a,
- 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f,
- 0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908,
- 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f,
- 0x404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e,
- 0x18183028, 0x969637a1, 0x5050a0f, 0x9a9a2fb5,
- 0x7070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d,
- 0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f,
- 0x909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e,
- 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb,
- 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce,
- 0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397,
- 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c,
- 0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed,
- 0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b,
- 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a,
- 0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16,
- 0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194,
- 0x45458acf, 0xf9f9e910, 0x2020406, 0x7f7ffe81,
- 0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3,
- 0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a,
- 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104,
- 0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263,
- 0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d,
- 0xcdcd814c, 0xc0c1814, 0x13132635, 0xececc32f,
- 0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39,
- 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47,
- 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695,
- 0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f,
- 0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83,
- 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c,
- 0xdedea779, 0x5e5ebce2, 0xb0b161d, 0xdbdbad76,
- 0xe0e0db3b, 0x32326456, 0x3a3a744e, 0xa0a141e,
- 0x494992db, 0x6060c0a, 0x2424486c, 0x5c5cb8e4,
- 0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6,
- 0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b,
- 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7,
- 0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0,
- 0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25,
- 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x8081018,
- 0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72,
- 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751,
- 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21,
- 0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85,
- 0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa,
- 0x484890d8, 0x3030605, 0xf6f6f701, 0xe0e1c12,
- 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0,
- 0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9,
- 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233,
- 0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7,
- 0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920,
- 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a,
- 0x8c8c038f, 0xa1a159f8, 0x89890980, 0xd0d1a17,
- 0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8,
- 0x414182c3, 0x999929b0, 0x2d2d5a77, 0xf0f1e11,
- 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a,
+static const uint32_t T1[256] = {
+ 0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d,
+ 0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154,
+ 0x30306050, 0x1010203, 0x6767cea9, 0x2b2b567d,
+ 0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a,
+ 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87,
+ 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b,
+ 0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea,
+ 0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b,
+ 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a,
+ 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f,
+ 0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908,
+ 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f,
+ 0x404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e,
+ 0x18183028, 0x969637a1, 0x5050a0f, 0x9a9a2fb5,
+ 0x7070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d,
+ 0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f,
+ 0x909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e,
+ 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb,
+ 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce,
+ 0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397,
+ 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c,
+ 0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed,
+ 0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b,
+ 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a,
+ 0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16,
+ 0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194,
+ 0x45458acf, 0xf9f9e910, 0x2020406, 0x7f7ffe81,
+ 0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3,
+ 0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a,
+ 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104,
+ 0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263,
+ 0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d,
+ 0xcdcd814c, 0xc0c1814, 0x13132635, 0xececc32f,
+ 0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39,
+ 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47,
+ 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695,
+ 0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f,
+ 0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83,
+ 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c,
+ 0xdedea779, 0x5e5ebce2, 0xb0b161d, 0xdbdbad76,
+ 0xe0e0db3b, 0x32326456, 0x3a3a744e, 0xa0a141e,
+ 0x494992db, 0x6060c0a, 0x2424486c, 0x5c5cb8e4,
+ 0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6,
+ 0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b,
+ 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7,
+ 0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0,
+ 0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25,
+ 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x8081018,
+ 0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72,
+ 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751,
+ 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21,
+ 0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85,
+ 0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa,
+ 0x484890d8, 0x3030605, 0xf6f6f701, 0xe0e1c12,
+ 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0,
+ 0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9,
+ 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233,
+ 0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7,
+ 0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920,
+ 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a,
+ 0x8c8c038f, 0xa1a159f8, 0x89890980, 0xd0d1a17,
+ 0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8,
+ 0x414182c3, 0x999929b0, 0x2d2d5a77, 0xf0f1e11,
+ 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a,
};
-static uint32_t T2[256] = {
- 0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b,
- 0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5,
- 0x30605030, 0x1020301, 0x67cea967, 0x2b567d2b,
- 0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76,
- 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d,
- 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0,
- 0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf,
- 0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0,
- 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26,
- 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc,
- 0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1,
- 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15,
- 0x4080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3,
- 0x18302818, 0x9637a196, 0x50a0f05, 0x9a2fb59a,
- 0x70e0907, 0x12243612, 0x801b9b80, 0xe2df3de2,
- 0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75,
- 0x9121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a,
- 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0,
- 0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3,
- 0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784,
- 0x53a6f553, 0xd1b968d1, 0x0, 0xedc12ced,
- 0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b,
- 0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39,
- 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf,
- 0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb,
- 0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485,
- 0x458acf45, 0xf9e910f9, 0x2040602, 0x7ffe817f,
- 0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8,
- 0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f,
- 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5,
- 0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321,
- 0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2,
- 0xcd814ccd, 0xc18140c, 0x13263513, 0xecc32fec,
- 0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917,
- 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d,
- 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573,
- 0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc,
- 0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388,
- 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14,
- 0xdea779de, 0x5ebce25e, 0xb161d0b, 0xdbad76db,
- 0xe0db3be0, 0x32645632, 0x3a744e3a, 0xa141e0a,
- 0x4992db49, 0x60c0a06, 0x24486c24, 0x5cb8e45c,
- 0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662,
- 0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79,
- 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d,
- 0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9,
- 0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea,
- 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x8101808,
- 0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e,
- 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6,
- 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f,
- 0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a,
- 0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66,
- 0x4890d848, 0x3060503, 0xf6f701f6, 0xe1c120e,
- 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9,
- 0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e,
- 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311,
- 0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794,
- 0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9,
- 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf,
- 0x8c038f8c, 0xa159f8a1, 0x89098089, 0xd1a170d,
- 0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868,
- 0x4182c341, 0x9929b099, 0x2d5a772d, 0xf1e110f,
- 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16,
+static const uint32_t T2[256] = {
+ 0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b,
+ 0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5,
+ 0x30605030, 0x1020301, 0x67cea967, 0x2b567d2b,
+ 0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76,
+ 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d,
+ 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0,
+ 0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf,
+ 0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0,
+ 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26,
+ 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc,
+ 0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1,
+ 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15,
+ 0x4080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3,
+ 0x18302818, 0x9637a196, 0x50a0f05, 0x9a2fb59a,
+ 0x70e0907, 0x12243612, 0x801b9b80, 0xe2df3de2,
+ 0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75,
+ 0x9121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a,
+ 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0,
+ 0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3,
+ 0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784,
+ 0x53a6f553, 0xd1b968d1, 0x0, 0xedc12ced,
+ 0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b,
+ 0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39,
+ 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf,
+ 0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb,
+ 0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485,
+ 0x458acf45, 0xf9e910f9, 0x2040602, 0x7ffe817f,
+ 0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8,
+ 0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f,
+ 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5,
+ 0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321,
+ 0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2,
+ 0xcd814ccd, 0xc18140c, 0x13263513, 0xecc32fec,
+ 0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917,
+ 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d,
+ 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573,
+ 0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc,
+ 0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388,
+ 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14,
+ 0xdea779de, 0x5ebce25e, 0xb161d0b, 0xdbad76db,
+ 0xe0db3be0, 0x32645632, 0x3a744e3a, 0xa141e0a,
+ 0x4992db49, 0x60c0a06, 0x24486c24, 0x5cb8e45c,
+ 0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662,
+ 0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79,
+ 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d,
+ 0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9,
+ 0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea,
+ 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x8101808,
+ 0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e,
+ 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6,
+ 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f,
+ 0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a,
+ 0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66,
+ 0x4890d848, 0x3060503, 0xf6f701f6, 0xe1c120e,
+ 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9,
+ 0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e,
+ 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311,
+ 0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794,
+ 0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9,
+ 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf,
+ 0x8c038f8c, 0xa159f8a1, 0x89098089, 0xd1a170d,
+ 0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868,
+ 0x4182c341, 0x9929b099, 0x2d5a772d, 0xf1e110f,
+ 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16,
};
-static uint32_t T3[256] = {
- 0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b,
- 0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5,
- 0x60503030, 0x2030101, 0xcea96767, 0x567d2b2b,
- 0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676,
- 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d,
- 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0,
- 0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf,
- 0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0,
- 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626,
- 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc,
- 0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1,
- 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515,
- 0x80c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3,
- 0x30281818, 0x37a19696, 0xa0f0505, 0x2fb59a9a,
- 0xe090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2,
- 0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575,
- 0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a,
- 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0,
- 0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3,
- 0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484,
- 0xa6f55353, 0xb968d1d1, 0x0, 0xc12ceded,
- 0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b,
- 0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939,
- 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf,
- 0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb,
- 0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585,
- 0x8acf4545, 0xe910f9f9, 0x4060202, 0xfe817f7f,
- 0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8,
- 0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x58a8f8f,
- 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5,
- 0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121,
- 0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2,
- 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec,
- 0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717,
- 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d,
- 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373,
- 0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc,
- 0x44662222, 0x547e2a2a, 0x3bab9090, 0xb838888,
- 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414,
- 0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb,
- 0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a,
- 0x92db4949, 0xc0a0606, 0x486c2424, 0xb8e45c5c,
- 0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262,
- 0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979,
- 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d,
- 0x18c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9,
- 0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea,
- 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808,
- 0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e,
- 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6,
- 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f,
- 0x96dd4b4b, 0x61dcbdbd, 0xd868b8b, 0xf858a8a,
- 0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666,
- 0x90d84848, 0x6050303, 0xf701f6f6, 0x1c120e0e,
- 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9,
- 0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e,
- 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111,
- 0xd2bb6969, 0xa970d9d9, 0x7898e8e, 0x33a79494,
- 0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9,
- 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf,
- 0x38f8c8c, 0x59f8a1a1, 0x9808989, 0x1a170d0d,
- 0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868,
- 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f,
- 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616,
+static const uint32_t T3[256] = {
+ 0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b,
+ 0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5,
+ 0x60503030, 0x2030101, 0xcea96767, 0x567d2b2b,
+ 0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676,
+ 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d,
+ 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0,
+ 0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf,
+ 0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0,
+ 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626,
+ 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc,
+ 0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1,
+ 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515,
+ 0x80c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3,
+ 0x30281818, 0x37a19696, 0xa0f0505, 0x2fb59a9a,
+ 0xe090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2,
+ 0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575,
+ 0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a,
+ 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0,
+ 0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3,
+ 0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484,
+ 0xa6f55353, 0xb968d1d1, 0x0, 0xc12ceded,
+ 0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b,
+ 0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939,
+ 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf,
+ 0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb,
+ 0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585,
+ 0x8acf4545, 0xe910f9f9, 0x4060202, 0xfe817f7f,
+ 0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8,
+ 0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x58a8f8f,
+ 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5,
+ 0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121,
+ 0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2,
+ 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec,
+ 0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717,
+ 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d,
+ 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373,
+ 0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc,
+ 0x44662222, 0x547e2a2a, 0x3bab9090, 0xb838888,
+ 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414,
+ 0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb,
+ 0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a,
+ 0x92db4949, 0xc0a0606, 0x486c2424, 0xb8e45c5c,
+ 0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262,
+ 0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979,
+ 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d,
+ 0x18c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9,
+ 0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea,
+ 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808,
+ 0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e,
+ 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6,
+ 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f,
+ 0x96dd4b4b, 0x61dcbdbd, 0xd868b8b, 0xf858a8a,
+ 0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666,
+ 0x90d84848, 0x6050303, 0xf701f6f6, 0x1c120e0e,
+ 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9,
+ 0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e,
+ 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111,
+ 0xd2bb6969, 0xa970d9d9, 0x7898e8e, 0x33a79494,
+ 0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9,
+ 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf,
+ 0x38f8c8c, 0x59f8a1a1, 0x9808989, 0x1a170d0d,
+ 0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868,
+ 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f,
+ 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616,
};
-static uint32_t U0[256] = {
- 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
- 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
- 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5,
- 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5,
- 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d,
- 0x2752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b,
- 0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295,
- 0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e,
- 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927,
- 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d,
- 0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362,
- 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9,
- 0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52,
- 0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566,
- 0x728ebb2, 0x3c2b52f, 0x9a7bc586, 0xa50837d3,
- 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed,
- 0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e,
- 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4,
- 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4,
- 0x39ec830b, 0xaaef6040, 0x69f715e, 0x51106ebd,
- 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d,
- 0xb58d5491, 0x55dc471, 0x6fd40604, 0xff155060,
- 0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967,
- 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879,
- 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x0,
- 0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c,
- 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36,
- 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624,
- 0xb1670a0c, 0xfe75793, 0xd296eeb4, 0x9e919b1b,
- 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c,
- 0xaba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12,
- 0xb0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14,
- 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3,
- 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b,
- 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8,
- 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684,
- 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7,
- 0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177,
- 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947,
- 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322,
- 0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498,
- 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f,
- 0xe49d3a2c, 0xd927850, 0x9bcc5f6a, 0x62467e54,
- 0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382,
- 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf,
- 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb,
- 0x97826cd, 0xf418596e, 0x1b79aec, 0xa89a4f83,
- 0x656e95e6, 0x7ee6ffaa, 0x8cfbc21, 0xe6e815ef,
- 0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029,
- 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235,
- 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733,
- 0x4a9804f1, 0xf7daec41, 0xe50cd7f, 0x2ff69117,
- 0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4,
- 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546,
- 0x4ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb,
- 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d,
- 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb,
- 0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a,
- 0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773,
- 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478,
- 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2,
- 0x72c31d16, 0xc25e2bc, 0x8b493c28, 0x41950dff,
- 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664,
- 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0,
+static const uint32_t U0[256] = {
+ 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
+ 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
+ 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5,
+ 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5,
+ 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d,
+ 0x2752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b,
+ 0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295,
+ 0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e,
+ 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927,
+ 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d,
+ 0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362,
+ 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9,
+ 0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52,
+ 0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566,
+ 0x728ebb2, 0x3c2b52f, 0x9a7bc586, 0xa50837d3,
+ 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed,
+ 0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e,
+ 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4,
+ 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4,
+ 0x39ec830b, 0xaaef6040, 0x69f715e, 0x51106ebd,
+ 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d,
+ 0xb58d5491, 0x55dc471, 0x6fd40604, 0xff155060,
+ 0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967,
+ 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879,
+ 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x0,
+ 0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c,
+ 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36,
+ 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624,
+ 0xb1670a0c, 0xfe75793, 0xd296eeb4, 0x9e919b1b,
+ 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c,
+ 0xaba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12,
+ 0xb0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14,
+ 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3,
+ 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b,
+ 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8,
+ 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684,
+ 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7,
+ 0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177,
+ 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947,
+ 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322,
+ 0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498,
+ 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f,
+ 0xe49d3a2c, 0xd927850, 0x9bcc5f6a, 0x62467e54,
+ 0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382,
+ 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf,
+ 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb,
+ 0x97826cd, 0xf418596e, 0x1b79aec, 0xa89a4f83,
+ 0x656e95e6, 0x7ee6ffaa, 0x8cfbc21, 0xe6e815ef,
+ 0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029,
+ 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235,
+ 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733,
+ 0x4a9804f1, 0xf7daec41, 0xe50cd7f, 0x2ff69117,
+ 0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4,
+ 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546,
+ 0x4ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb,
+ 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d,
+ 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb,
+ 0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a,
+ 0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773,
+ 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478,
+ 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2,
+ 0x72c31d16, 0xc25e2bc, 0x8b493c28, 0x41950dff,
+ 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664,
+ 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0,
};
-static uint32_t U1[256] = {
- 0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96,
- 0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x3e34b93,
- 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525,
- 0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f,
- 0x5ab1de49, 0x1bba2567, 0xeea4598, 0xc0fe5de1,
- 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6,
- 0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da,
- 0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44,
- 0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd,
- 0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4,
- 0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245,
- 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994,
- 0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7,
- 0xd373ab23, 0x24b72e2, 0x8f1fe357, 0xab55662a,
- 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x837d3a5,
- 0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c,
- 0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1,
- 0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a,
- 0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475,
- 0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51,
- 0x8a213ef9, 0x6dd963d, 0x53eddae, 0xbde64d46,
- 0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff,
- 0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777,
- 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db,
- 0xa7ca147, 0xf427ce9, 0x1e84f8c9, 0x0,
- 0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e,
- 0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627,
- 0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a,
- 0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e,
- 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16,
- 0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d,
- 0xd090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8,
- 0x19f15785, 0x775af4c, 0xdd99eebb, 0x607fa3fd,
- 0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34,
- 0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863,
- 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420,
- 0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d,
- 0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0,
- 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722,
- 0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef,
- 0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0xbd49836,
- 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4,
- 0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462,
- 0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5,
- 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3,
- 0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b,
- 0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8,
- 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6,
- 0x9be7bad9, 0x366f4ace, 0x99fead4, 0x7cb029d6,
- 0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0,
- 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315,
- 0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f,
- 0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x496e4df,
- 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f,
- 0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e,
- 0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13,
- 0x61d79a8c, 0xca1377a, 0x14f8598e, 0x3c13eb89,
- 0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c,
- 0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf,
- 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886,
- 0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f,
- 0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41,
- 0x1a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490,
- 0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042,
+static const uint32_t U1[256] = {
+ 0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96,
+ 0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x3e34b93,
+ 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525,
+ 0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f,
+ 0x5ab1de49, 0x1bba2567, 0xeea4598, 0xc0fe5de1,
+ 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6,
+ 0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da,
+ 0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44,
+ 0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd,
+ 0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4,
+ 0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245,
+ 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994,
+ 0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7,
+ 0xd373ab23, 0x24b72e2, 0x8f1fe357, 0xab55662a,
+ 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x837d3a5,
+ 0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c,
+ 0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1,
+ 0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a,
+ 0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475,
+ 0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51,
+ 0x8a213ef9, 0x6dd963d, 0x53eddae, 0xbde64d46,
+ 0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff,
+ 0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777,
+ 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db,
+ 0xa7ca147, 0xf427ce9, 0x1e84f8c9, 0x0,
+ 0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e,
+ 0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627,
+ 0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a,
+ 0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e,
+ 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16,
+ 0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d,
+ 0xd090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8,
+ 0x19f15785, 0x775af4c, 0xdd99eebb, 0x607fa3fd,
+ 0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34,
+ 0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863,
+ 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420,
+ 0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d,
+ 0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0,
+ 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722,
+ 0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef,
+ 0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0xbd49836,
+ 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4,
+ 0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462,
+ 0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5,
+ 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3,
+ 0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b,
+ 0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8,
+ 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6,
+ 0x9be7bad9, 0x366f4ace, 0x99fead4, 0x7cb029d6,
+ 0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0,
+ 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315,
+ 0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f,
+ 0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x496e4df,
+ 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f,
+ 0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e,
+ 0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13,
+ 0x61d79a8c, 0xca1377a, 0x14f8598e, 0x3c13eb89,
+ 0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c,
+ 0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf,
+ 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886,
+ 0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f,
+ 0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41,
+ 0x1a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490,
+ 0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042,
};
-static uint32_t U2[256] = {
- 0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e,
- 0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303,
- 0x302055fa, 0x76adf66d, 0xcc889176, 0x2f5254c,
- 0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3,
- 0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0,
- 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9,
- 0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59,
- 0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8,
- 0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71,
- 0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a,
- 0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f,
- 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x8f9942b,
- 0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8,
- 0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab,
- 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508,
- 0x2830f287, 0xbf23b2a5, 0x302ba6a, 0x16ed5c82,
- 0xcf8a2b1c, 0x79a792b4, 0x7f3f0f2, 0x694ea1e2,
- 0xda65cdf4, 0x506d5be, 0x34d11f62, 0xa6c48afe,
- 0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb,
- 0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110,
- 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd,
- 0x5491b58d, 0xc471055d, 0x6046fd4, 0x5060ff15,
- 0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e,
- 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee,
- 0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x0,
- 0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72,
- 0xefdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739,
- 0xf0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e,
- 0xa0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91,
- 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a,
- 0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17,
- 0x90e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9,
- 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60,
- 0x1f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e,
- 0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1,
- 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011,
- 0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1,
- 0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3,
- 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264,
- 0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90,
- 0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b,
- 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf,
- 0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246,
- 0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af,
- 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312,
- 0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb,
- 0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a,
- 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8,
- 0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c,
- 0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066,
- 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8,
- 0x4f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6,
- 0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04,
- 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51,
- 0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0xbfb2e41,
- 0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347,
- 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c,
- 0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1,
- 0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37,
- 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db,
- 0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40,
- 0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0xdff4195,
- 0xa8397101, 0xc08deb3, 0xb4d89ce4, 0x566490c1,
- 0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257,
+static const uint32_t U2[256] = {
+ 0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e,
+ 0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303,
+ 0x302055fa, 0x76adf66d, 0xcc889176, 0x2f5254c,
+ 0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3,
+ 0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0,
+ 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9,
+ 0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59,
+ 0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8,
+ 0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71,
+ 0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a,
+ 0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f,
+ 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x8f9942b,
+ 0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8,
+ 0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab,
+ 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508,
+ 0x2830f287, 0xbf23b2a5, 0x302ba6a, 0x16ed5c82,
+ 0xcf8a2b1c, 0x79a792b4, 0x7f3f0f2, 0x694ea1e2,
+ 0xda65cdf4, 0x506d5be, 0x34d11f62, 0xa6c48afe,
+ 0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb,
+ 0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110,
+ 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd,
+ 0x5491b58d, 0xc471055d, 0x6046fd4, 0x5060ff15,
+ 0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e,
+ 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee,
+ 0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x0,
+ 0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72,
+ 0xefdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739,
+ 0xf0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e,
+ 0xa0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91,
+ 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a,
+ 0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17,
+ 0x90e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9,
+ 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60,
+ 0x1f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e,
+ 0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1,
+ 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011,
+ 0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1,
+ 0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3,
+ 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264,
+ 0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90,
+ 0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b,
+ 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf,
+ 0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246,
+ 0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af,
+ 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312,
+ 0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb,
+ 0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a,
+ 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8,
+ 0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c,
+ 0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066,
+ 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8,
+ 0x4f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6,
+ 0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04,
+ 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51,
+ 0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0xbfb2e41,
+ 0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347,
+ 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c,
+ 0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1,
+ 0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37,
+ 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db,
+ 0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40,
+ 0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0xdff4195,
+ 0xa8397101, 0xc08deb3, 0xb4d89ce4, 0x566490c1,
+ 0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257,
};
-static uint32_t U3[256] = {
- 0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27,
- 0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3,
- 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02,
- 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362,
- 0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe,
- 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3,
- 0x3e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952,
- 0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9,
- 0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9,
- 0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace,
- 0x63184adf, 0xe582311a, 0x97603351, 0x62457f53,
- 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08,
- 0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b,
- 0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55,
- 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837,
- 0x30f28728, 0x23b2a5bf, 0x2ba6a03, 0xed5c8216,
- 0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269,
- 0x65cdf4da, 0x6d5be05, 0xd11f6234, 0xc48afea6,
- 0x349d532e, 0xa2a055f3, 0x532e18a, 0xa475ebf6,
- 0xb39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e,
- 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6,
- 0x91b58d54, 0x71055dc4, 0x46fd406, 0x60ff1550,
- 0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9,
- 0xb0bd42e8, 0x7888b89, 0xe7385b19, 0x79dbeec8,
- 0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x0,
- 0x9838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a,
- 0xfdfbff0e, 0xf563885, 0x3d1ed5ae, 0x3627392d,
- 0xa64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36,
- 0xcb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b,
- 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12,
- 0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b,
- 0xe0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e,
- 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f,
- 0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb,
- 0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4,
- 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6,
- 0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129,
- 0x1d4b2f9e, 0xdcf330b2, 0xdec5286, 0x77d0e3c1,
- 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9,
- 0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033,
- 0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4,
- 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad,
- 0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e,
- 0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3,
- 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225,
- 0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b,
- 0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f,
- 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815,
- 0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0,
- 0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2,
- 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7,
- 0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691,
- 0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496,
- 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165,
- 0x9d04ea5e, 0x15d358c, 0xfa737487, 0xfb2e410b,
- 0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6,
- 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13,
- 0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147,
- 0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7,
- 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44,
- 0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3,
- 0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d,
- 0x397101a8, 0x8deb30c, 0xd89ce4b4, 0x6490c156,
- 0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8,
+static const uint32_t U3[256] = {
+ 0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27,
+ 0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3,
+ 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02,
+ 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362,
+ 0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe,
+ 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3,
+ 0x3e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952,
+ 0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9,
+ 0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9,
+ 0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace,
+ 0x63184adf, 0xe582311a, 0x97603351, 0x62457f53,
+ 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08,
+ 0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b,
+ 0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55,
+ 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837,
+ 0x30f28728, 0x23b2a5bf, 0x2ba6a03, 0xed5c8216,
+ 0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269,
+ 0x65cdf4da, 0x6d5be05, 0xd11f6234, 0xc48afea6,
+ 0x349d532e, 0xa2a055f3, 0x532e18a, 0xa475ebf6,
+ 0xb39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e,
+ 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6,
+ 0x91b58d54, 0x71055dc4, 0x46fd406, 0x60ff1550,
+ 0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9,
+ 0xb0bd42e8, 0x7888b89, 0xe7385b19, 0x79dbeec8,
+ 0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x0,
+ 0x9838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a,
+ 0xfdfbff0e, 0xf563885, 0x3d1ed5ae, 0x3627392d,
+ 0xa64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36,
+ 0xcb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b,
+ 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12,
+ 0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b,
+ 0xe0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e,
+ 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f,
+ 0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb,
+ 0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4,
+ 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6,
+ 0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129,
+ 0x1d4b2f9e, 0xdcf330b2, 0xdec5286, 0x77d0e3c1,
+ 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9,
+ 0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033,
+ 0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4,
+ 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad,
+ 0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e,
+ 0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3,
+ 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225,
+ 0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b,
+ 0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f,
+ 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815,
+ 0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0,
+ 0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2,
+ 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7,
+ 0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691,
+ 0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496,
+ 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165,
+ 0x9d04ea5e, 0x15d358c, 0xfa737487, 0xfb2e410b,
+ 0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6,
+ 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13,
+ 0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147,
+ 0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7,
+ 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44,
+ 0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3,
+ 0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d,
+ 0x397101a8, 0x8deb30c, 0xd89ce4b4, 0x6490c156,
+ 0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8,
};
#else /* assume big endian */
-static uint32_t T0[256] = {
- 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
- 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
- 0x60303050, 0x2010103, 0xce6767a9, 0x562b2b7d,
- 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
- 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
- 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
- 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
- 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
- 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
- 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
- 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
- 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
- 0x804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
- 0x30181828, 0x379696a1, 0xa05050f, 0x2f9a9ab5,
- 0xe070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
- 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
- 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
- 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
- 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
- 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
- 0xa65353f5, 0xb9d1d168, 0x0, 0xc1eded2c,
- 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
- 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
- 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
- 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
- 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
- 0x8a4545cf, 0xe9f9f910, 0x4020206, 0xfe7f7f81,
- 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
- 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x58f8f8a,
- 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
- 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
- 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
- 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
- 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
- 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
- 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
- 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
- 0x44222266, 0x542a2a7e, 0x3b9090ab, 0xb888883,
- 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
- 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
- 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
- 0x924949db, 0xc06060a, 0x4824246c, 0xb85c5ce4,
- 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
- 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
- 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
- 0x18d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
- 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
- 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
- 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
- 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
- 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
- 0x964b4bdd, 0x61bdbddc, 0xd8b8b86, 0xf8a8a85,
- 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
- 0x904848d8, 0x6030305, 0xf7f6f601, 0x1c0e0e12,
- 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
- 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
- 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
- 0xd26969bb, 0xa9d9d970, 0x78e8e89, 0x339494a7,
- 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
- 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
- 0x38c8c8f, 0x59a1a1f8, 0x9898980, 0x1a0d0d17,
- 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
- 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
- 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a,
+static const uint32_t T0[256] = {
+ 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
+ 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
+ 0x60303050, 0x2010103, 0xce6767a9, 0x562b2b7d,
+ 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
+ 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
+ 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
+ 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
+ 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
+ 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
+ 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
+ 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
+ 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
+ 0x804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
+ 0x30181828, 0x379696a1, 0xa05050f, 0x2f9a9ab5,
+ 0xe070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
+ 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
+ 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
+ 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
+ 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
+ 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
+ 0xa65353f5, 0xb9d1d168, 0x0, 0xc1eded2c,
+ 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
+ 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
+ 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
+ 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
+ 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
+ 0x8a4545cf, 0xe9f9f910, 0x4020206, 0xfe7f7f81,
+ 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
+ 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x58f8f8a,
+ 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
+ 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
+ 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
+ 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
+ 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
+ 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
+ 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
+ 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
+ 0x44222266, 0x542a2a7e, 0x3b9090ab, 0xb888883,
+ 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
+ 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
+ 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
+ 0x924949db, 0xc06060a, 0x4824246c, 0xb85c5ce4,
+ 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
+ 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
+ 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
+ 0x18d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
+ 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
+ 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
+ 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
+ 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
+ 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
+ 0x964b4bdd, 0x61bdbddc, 0xd8b8b86, 0xf8a8a85,
+ 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
+ 0x904848d8, 0x6030305, 0xf7f6f601, 0x1c0e0e12,
+ 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
+ 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
+ 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
+ 0xd26969bb, 0xa9d9d970, 0x78e8e89, 0x339494a7,
+ 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
+ 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
+ 0x38c8c8f, 0x59a1a1f8, 0x9898980, 0x1a0d0d17,
+ 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
+ 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
+ 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a,
};
-static uint32_t T1[256] = {
- 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,
- 0xdfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,
- 0x50603030, 0x3020101, 0xa9ce6767, 0x7d562b2b,
- 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676,
- 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d,
- 0x15effafa, 0xebb25959, 0xc98e4747, 0xbfbf0f0,
- 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf,
- 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0,
- 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626,
- 0x5a6c3636, 0x417e3f3f, 0x2f5f7f7, 0x4f83cccc,
- 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x8f9f1f1,
- 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515,
- 0xc080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3,
- 0x28301818, 0xa1379696, 0xf0a0505, 0xb52f9a9a,
- 0x90e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2,
- 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575,
- 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a,
- 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0,
- 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3,
- 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484,
- 0xf5a65353, 0x68b9d1d1, 0x0, 0x2cc1eded,
- 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b,
- 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939,
- 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf,
- 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb,
- 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585,
- 0xcf8a4545, 0x10e9f9f9, 0x6040202, 0x81fe7f7f,
- 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8,
- 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f,
- 0xad3f9292, 0xbc219d9d, 0x48703838, 0x4f1f5f5,
- 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121,
- 0x30201010, 0x1ae5ffff, 0xefdf3f3, 0x6dbfd2d2,
- 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec,
- 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717,
- 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d,
- 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373,
- 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc,
- 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888,
- 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414,
- 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb,
- 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a,
- 0xdb924949, 0xa0c0606, 0x6c482424, 0xe4b85c5c,
- 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262,
- 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979,
- 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d,
- 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9,
- 0xb4d86c6c, 0xfaac5656, 0x7f3f4f4, 0x25cfeaea,
- 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808,
- 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e,
- 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6,
- 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f,
- 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a,
- 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666,
- 0xd8904848, 0x5060303, 0x1f7f6f6, 0x121c0e0e,
- 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9,
- 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e,
- 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111,
- 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494,
- 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9,
- 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf,
- 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d,
- 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868,
- 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f,
- 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616,
+static const uint32_t T1[256] = {
+ 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b,
+ 0xdfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5,
+ 0x50603030, 0x3020101, 0xa9ce6767, 0x7d562b2b,
+ 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676,
+ 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d,
+ 0x15effafa, 0xebb25959, 0xc98e4747, 0xbfbf0f0,
+ 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf,
+ 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0,
+ 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626,
+ 0x5a6c3636, 0x417e3f3f, 0x2f5f7f7, 0x4f83cccc,
+ 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x8f9f1f1,
+ 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515,
+ 0xc080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3,
+ 0x28301818, 0xa1379696, 0xf0a0505, 0xb52f9a9a,
+ 0x90e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2,
+ 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575,
+ 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a,
+ 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0,
+ 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3,
+ 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484,
+ 0xf5a65353, 0x68b9d1d1, 0x0, 0x2cc1eded,
+ 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b,
+ 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939,
+ 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf,
+ 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb,
+ 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585,
+ 0xcf8a4545, 0x10e9f9f9, 0x6040202, 0x81fe7f7f,
+ 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8,
+ 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f,
+ 0xad3f9292, 0xbc219d9d, 0x48703838, 0x4f1f5f5,
+ 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121,
+ 0x30201010, 0x1ae5ffff, 0xefdf3f3, 0x6dbfd2d2,
+ 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec,
+ 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717,
+ 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d,
+ 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373,
+ 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc,
+ 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888,
+ 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414,
+ 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb,
+ 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a,
+ 0xdb924949, 0xa0c0606, 0x6c482424, 0xe4b85c5c,
+ 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262,
+ 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979,
+ 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d,
+ 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9,
+ 0xb4d86c6c, 0xfaac5656, 0x7f3f4f4, 0x25cfeaea,
+ 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808,
+ 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e,
+ 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6,
+ 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f,
+ 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a,
+ 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666,
+ 0xd8904848, 0x5060303, 0x1f7f6f6, 0x121c0e0e,
+ 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9,
+ 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e,
+ 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111,
+ 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494,
+ 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9,
+ 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf,
+ 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d,
+ 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868,
+ 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f,
+ 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616,
};
-static uint32_t T2[256] = {
- 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b,
- 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5,
- 0x30506030, 0x1030201, 0x67a9ce67, 0x2b7d562b,
- 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76,
- 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d,
- 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0,
- 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af,
- 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0,
- 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26,
- 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc,
- 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1,
- 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15,
- 0x40c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3,
- 0x18283018, 0x96a13796, 0x50f0a05, 0x9ab52f9a,
- 0x7090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2,
- 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75,
- 0x91b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a,
- 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0,
- 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3,
- 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384,
- 0x53f5a653, 0xd168b9d1, 0x0, 0xed2cc1ed,
- 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b,
- 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239,
- 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf,
- 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb,
- 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185,
- 0x45cf8a45, 0xf910e9f9, 0x2060402, 0x7f81fe7f,
- 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8,
- 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f,
- 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5,
- 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221,
- 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2,
- 0xcd4c81cd, 0xc14180c, 0x13352613, 0xec2fc3ec,
- 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17,
- 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d,
- 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673,
- 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc,
- 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88,
- 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814,
- 0xde79a7de, 0x5ee2bc5e, 0xb1d160b, 0xdb76addb,
- 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0xa1e140a,
- 0x49db9249, 0x60a0c06, 0x246c4824, 0x5ce4b85c,
- 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462,
- 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279,
- 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d,
- 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9,
- 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea,
- 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x8181008,
- 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e,
- 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6,
- 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f,
- 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a,
- 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66,
- 0x48d89048, 0x3050603, 0xf601f7f6, 0xe121c0e,
- 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9,
- 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e,
- 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211,
- 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394,
- 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9,
- 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df,
- 0x8c8f038c, 0xa1f859a1, 0x89800989, 0xd171a0d,
- 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068,
- 0x41c38241, 0x99b02999, 0x2d775a2d, 0xf111e0f,
- 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16,
+static const uint32_t T2[256] = {
+ 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b,
+ 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5,
+ 0x30506030, 0x1030201, 0x67a9ce67, 0x2b7d562b,
+ 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76,
+ 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d,
+ 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0,
+ 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af,
+ 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0,
+ 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26,
+ 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc,
+ 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1,
+ 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15,
+ 0x40c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3,
+ 0x18283018, 0x96a13796, 0x50f0a05, 0x9ab52f9a,
+ 0x7090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2,
+ 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75,
+ 0x91b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a,
+ 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0,
+ 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3,
+ 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384,
+ 0x53f5a653, 0xd168b9d1, 0x0, 0xed2cc1ed,
+ 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b,
+ 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239,
+ 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf,
+ 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb,
+ 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185,
+ 0x45cf8a45, 0xf910e9f9, 0x2060402, 0x7f81fe7f,
+ 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8,
+ 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f,
+ 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5,
+ 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221,
+ 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2,
+ 0xcd4c81cd, 0xc14180c, 0x13352613, 0xec2fc3ec,
+ 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17,
+ 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d,
+ 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673,
+ 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc,
+ 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88,
+ 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814,
+ 0xde79a7de, 0x5ee2bc5e, 0xb1d160b, 0xdb76addb,
+ 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0xa1e140a,
+ 0x49db9249, 0x60a0c06, 0x246c4824, 0x5ce4b85c,
+ 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462,
+ 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279,
+ 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d,
+ 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9,
+ 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea,
+ 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x8181008,
+ 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e,
+ 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6,
+ 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f,
+ 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a,
+ 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66,
+ 0x48d89048, 0x3050603, 0xf601f7f6, 0xe121c0e,
+ 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9,
+ 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e,
+ 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211,
+ 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394,
+ 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9,
+ 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df,
+ 0x8c8f038c, 0xa1f859a1, 0x89800989, 0xd171a0d,
+ 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068,
+ 0x41c38241, 0x99b02999, 0x2d775a2d, 0xf111e0f,
+ 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16,
};
-static uint32_t T3[256] = {
- 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6,
- 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491,
- 0x30305060, 0x1010302, 0x6767a9ce, 0x2b2b7d56,
- 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec,
- 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa,
- 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb,
- 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45,
- 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b,
- 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c,
- 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83,
- 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9,
- 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a,
- 0x4040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d,
- 0x18182830, 0x9696a137, 0x5050f0a, 0x9a9ab52f,
- 0x707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf,
- 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea,
- 0x9091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34,
- 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b,
- 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d,
- 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713,
- 0x5353f5a6, 0xd1d168b9, 0x0, 0xeded2cc1,
- 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6,
- 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72,
- 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85,
- 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed,
- 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411,
- 0x4545cf8a, 0xf9f910e9, 0x2020604, 0x7f7f81fe,
- 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b,
- 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05,
- 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1,
- 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342,
- 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf,
- 0xcdcd4c81, 0xc0c1418, 0x13133526, 0xecec2fc3,
- 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e,
- 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a,
- 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6,
- 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3,
- 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b,
- 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28,
- 0xdede79a7, 0x5e5ee2bc, 0xb0b1d16, 0xdbdb76ad,
- 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0xa0a1e14,
- 0x4949db92, 0x6060a0c, 0x24246c48, 0x5c5ce4b8,
- 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4,
- 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2,
- 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da,
- 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049,
- 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf,
- 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x8081810,
- 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c,
- 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197,
- 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e,
- 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f,
- 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc,
- 0x4848d890, 0x3030506, 0xf6f601f7, 0xe0e121c,
- 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069,
- 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927,
- 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322,
- 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733,
- 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9,
- 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5,
- 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0xd0d171a,
- 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0,
- 0x4141c382, 0x9999b029, 0x2d2d775a, 0xf0f111e,
- 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c,
+static const uint32_t T3[256] = {
+ 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6,
+ 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491,
+ 0x30305060, 0x1010302, 0x6767a9ce, 0x2b2b7d56,
+ 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec,
+ 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa,
+ 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb,
+ 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45,
+ 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b,
+ 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c,
+ 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83,
+ 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9,
+ 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a,
+ 0x4040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d,
+ 0x18182830, 0x9696a137, 0x5050f0a, 0x9a9ab52f,
+ 0x707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf,
+ 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea,
+ 0x9091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34,
+ 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b,
+ 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d,
+ 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713,
+ 0x5353f5a6, 0xd1d168b9, 0x0, 0xeded2cc1,
+ 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6,
+ 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72,
+ 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85,
+ 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed,
+ 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411,
+ 0x4545cf8a, 0xf9f910e9, 0x2020604, 0x7f7f81fe,
+ 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b,
+ 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05,
+ 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1,
+ 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342,
+ 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf,
+ 0xcdcd4c81, 0xc0c1418, 0x13133526, 0xecec2fc3,
+ 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e,
+ 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a,
+ 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6,
+ 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3,
+ 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b,
+ 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28,
+ 0xdede79a7, 0x5e5ee2bc, 0xb0b1d16, 0xdbdb76ad,
+ 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0xa0a1e14,
+ 0x4949db92, 0x6060a0c, 0x24246c48, 0x5c5ce4b8,
+ 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4,
+ 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2,
+ 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da,
+ 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049,
+ 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf,
+ 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x8081810,
+ 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c,
+ 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197,
+ 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e,
+ 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f,
+ 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc,
+ 0x4848d890, 0x3030506, 0xf6f601f7, 0xe0e121c,
+ 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069,
+ 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927,
+ 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322,
+ 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733,
+ 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9,
+ 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5,
+ 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0xd0d171a,
+ 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0,
+ 0x4141c382, 0x9999b029, 0x2d2d775a, 0xf0f111e,
+ 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c,
};
-static uint32_t U0[256] = {
- 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
- 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
- 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
- 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
- 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
- 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
- 0x38f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
- 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
- 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
- 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
- 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
- 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
- 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
- 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
- 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
- 0x302887f2, 0x23bfa5b2, 0x2036aba, 0xed16825c,
- 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
- 0x65daf4cd, 0x605bed5, 0xd134621f, 0xc4a6fe8a,
- 0x342e539d, 0xa2f355a0, 0x58ae132, 0xa4f6eb75,
- 0xb83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
- 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
- 0x91548db5, 0x71c45d05, 0x406d46f, 0x605015ff,
- 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
- 0xb0e842bd, 0x7898b88, 0xe7195b38, 0x79c8eedb,
- 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x0,
- 0x9808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
- 0xfd0efffb, 0xf853856, 0x3daed51e, 0x362d3927,
- 0xa0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
- 0xc0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
- 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
- 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
- 0xe090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
- 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
- 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
- 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
- 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
- 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
- 0x1d9e2f4b, 0xdcb230f3, 0xd8652ec, 0x77c1e3d0,
- 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
- 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
- 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
- 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
- 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
- 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
- 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
- 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
- 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
- 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
- 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
- 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
- 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
- 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
- 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
- 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
- 0x9d5eea04, 0x18c355d, 0xfa877473, 0xfb0b412e,
- 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
- 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
- 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
- 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
- 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
- 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
- 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
- 0x39a80171, 0x80cb3de, 0xd8b4e49c, 0x6456c190,
- 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
+static const uint32_t U0[256] = {
+ 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
+ 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
+ 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
+ 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
+ 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
+ 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
+ 0x38f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
+ 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
+ 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
+ 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
+ 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
+ 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
+ 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
+ 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
+ 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
+ 0x302887f2, 0x23bfa5b2, 0x2036aba, 0xed16825c,
+ 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
+ 0x65daf4cd, 0x605bed5, 0xd134621f, 0xc4a6fe8a,
+ 0x342e539d, 0xa2f355a0, 0x58ae132, 0xa4f6eb75,
+ 0xb83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
+ 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
+ 0x91548db5, 0x71c45d05, 0x406d46f, 0x605015ff,
+ 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
+ 0xb0e842bd, 0x7898b88, 0xe7195b38, 0x79c8eedb,
+ 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x0,
+ 0x9808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
+ 0xfd0efffb, 0xf853856, 0x3daed51e, 0x362d3927,
+ 0xa0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
+ 0xc0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
+ 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
+ 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
+ 0xe090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
+ 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
+ 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
+ 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
+ 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
+ 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
+ 0x1d9e2f4b, 0xdcb230f3, 0xd8652ec, 0x77c1e3d0,
+ 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
+ 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
+ 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
+ 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
+ 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
+ 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
+ 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
+ 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
+ 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
+ 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
+ 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
+ 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
+ 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
+ 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
+ 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
+ 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
+ 0x9d5eea04, 0x18c355d, 0xfa877473, 0xfb0b412e,
+ 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
+ 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
+ 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
+ 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
+ 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
+ 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
+ 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
+ 0x39a80171, 0x80cb3de, 0xd8b4e49c, 0x6456c190,
+ 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
};
-static uint32_t U1[256] = {
- 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e,
- 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303,
- 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
- 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3,
- 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0,
- 0x2c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9,
- 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259,
- 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8,
- 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971,
- 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a,
- 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f,
- 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b,
- 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8,
- 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab,
- 0x7b2eb28, 0x32fb5c2, 0x9a86c57b, 0xa5d33708,
- 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682,
- 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2,
- 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe,
- 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb,
- 0x390b83ec, 0xaa4060ef, 0x65e719f, 0x51bd6e10,
- 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd,
- 0xb591548d, 0x571c45d, 0x6f0406d4, 0xff605015,
- 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e,
- 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee,
- 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x0,
- 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72,
- 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39,
- 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e,
- 0xb10c0a67, 0xf9357e7, 0xd2b4ee96, 0x9e1b9b91,
- 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a,
- 0xae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17,
- 0xb0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9,
- 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60,
- 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e,
- 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1,
- 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611,
- 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1,
- 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3,
- 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964,
- 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390,
- 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b,
- 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf,
- 0xe42c3a9d, 0xd507892, 0x9b6a5fcc, 0x62547e46,
- 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af,
- 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512,
- 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb,
- 0x9cd2678, 0xf46e5918, 0x1ec9ab7, 0xa8834f9a,
- 0x65e6956e, 0x7eaaffe6, 0x821bccf, 0xe6ef15e8,
- 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c,
- 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266,
- 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8,
- 0x4af10498, 0xf741ecda, 0xe7fcd50, 0x2f1791f6,
- 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604,
- 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551,
- 0x49d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41,
- 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647,
- 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c,
- 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1,
- 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737,
- 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db,
- 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340,
- 0x72161dc3, 0xcbce225, 0x8b283c49, 0x41ff0d95,
- 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1,
- 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857
+static const uint32_t U1[256] = {
+ 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e,
+ 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303,
+ 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
+ 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3,
+ 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0,
+ 0x2c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9,
+ 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259,
+ 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8,
+ 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971,
+ 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a,
+ 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f,
+ 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b,
+ 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8,
+ 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab,
+ 0x7b2eb28, 0x32fb5c2, 0x9a86c57b, 0xa5d33708,
+ 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682,
+ 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2,
+ 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe,
+ 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb,
+ 0x390b83ec, 0xaa4060ef, 0x65e719f, 0x51bd6e10,
+ 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd,
+ 0xb591548d, 0x571c45d, 0x6f0406d4, 0xff605015,
+ 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e,
+ 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee,
+ 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x0,
+ 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72,
+ 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39,
+ 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e,
+ 0xb10c0a67, 0xf9357e7, 0xd2b4ee96, 0x9e1b9b91,
+ 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a,
+ 0xae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17,
+ 0xb0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9,
+ 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60,
+ 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e,
+ 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1,
+ 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611,
+ 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1,
+ 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3,
+ 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964,
+ 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390,
+ 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b,
+ 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf,
+ 0xe42c3a9d, 0xd507892, 0x9b6a5fcc, 0x62547e46,
+ 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af,
+ 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512,
+ 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb,
+ 0x9cd2678, 0xf46e5918, 0x1ec9ab7, 0xa8834f9a,
+ 0x65e6956e, 0x7eaaffe6, 0x821bccf, 0xe6ef15e8,
+ 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c,
+ 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266,
+ 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8,
+ 0x4af10498, 0xf741ecda, 0xe7fcd50, 0x2f1791f6,
+ 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604,
+ 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551,
+ 0x49d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41,
+ 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647,
+ 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c,
+ 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1,
+ 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737,
+ 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db,
+ 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340,
+ 0x72161dc3, 0xcbce225, 0x8b283c49, 0x41ff0d95,
+ 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1,
+ 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857
};
-static uint32_t U2[256] = {
- 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27,
- 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x3934be3,
- 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502,
- 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562,
- 0x5a49deb1, 0x1b6725ba, 0xe9845ea, 0xc0e15dfe,
- 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3,
- 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552,
- 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9,
- 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9,
- 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce,
- 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253,
- 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908,
- 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b,
- 0xd323ab73, 0x2e2724b, 0x8f57e31f, 0xab2a6655,
- 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x8a5d337,
- 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16,
- 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69,
- 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6,
- 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6,
- 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e,
- 0x8af93e21, 0x63d96dd, 0x5aedd3e, 0xbd464de6,
- 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050,
- 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9,
- 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8,
- 0xa47a17c, 0xfe97c42, 0x1ec9f884, 0x0,
- 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a,
- 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d,
- 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436,
- 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b,
- 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12,
- 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b,
- 0xd0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e,
- 0x198557f1, 0x74caf75, 0xddbbee99, 0x60fda37f,
- 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb,
- 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4,
- 0xdccad731, 0x85104263, 0x22401397, 0x112084c6,
- 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729,
- 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1,
- 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9,
- 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233,
- 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0xb3698d4,
- 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad,
- 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e,
- 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3,
- 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25,
- 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b,
- 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f,
- 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15,
- 0x9bd9bae7, 0x36ce4a6f, 0x9d4ea9f, 0x7cd629b0,
- 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2,
- 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7,
- 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791,
- 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x4dfe496,
- 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665,
- 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b,
- 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6,
- 0x618c9ad7, 0xc7a37a1, 0x148e59f8, 0x3c89eb13,
- 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47,
- 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7,
- 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844,
- 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3,
- 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d,
- 0x17139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456,
- 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8
+static const uint32_t U2[256] = {
+ 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27,
+ 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x3934be3,
+ 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502,
+ 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562,
+ 0x5a49deb1, 0x1b6725ba, 0xe9845ea, 0xc0e15dfe,
+ 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3,
+ 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552,
+ 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9,
+ 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9,
+ 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce,
+ 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253,
+ 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908,
+ 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b,
+ 0xd323ab73, 0x2e2724b, 0x8f57e31f, 0xab2a6655,
+ 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x8a5d337,
+ 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16,
+ 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69,
+ 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6,
+ 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6,
+ 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e,
+ 0x8af93e21, 0x63d96dd, 0x5aedd3e, 0xbd464de6,
+ 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050,
+ 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9,
+ 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8,
+ 0xa47a17c, 0xfe97c42, 0x1ec9f884, 0x0,
+ 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a,
+ 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d,
+ 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436,
+ 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b,
+ 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12,
+ 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b,
+ 0xd0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e,
+ 0x198557f1, 0x74caf75, 0xddbbee99, 0x60fda37f,
+ 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb,
+ 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4,
+ 0xdccad731, 0x85104263, 0x22401397, 0x112084c6,
+ 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729,
+ 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1,
+ 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9,
+ 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233,
+ 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0xb3698d4,
+ 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad,
+ 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e,
+ 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3,
+ 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25,
+ 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b,
+ 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f,
+ 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15,
+ 0x9bd9bae7, 0x36ce4a6f, 0x9d4ea9f, 0x7cd629b0,
+ 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2,
+ 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7,
+ 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791,
+ 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x4dfe496,
+ 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665,
+ 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b,
+ 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6,
+ 0x618c9ad7, 0xc7a37a1, 0x148e59f8, 0x3c89eb13,
+ 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47,
+ 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7,
+ 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844,
+ 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3,
+ 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d,
+ 0x17139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456,
+ 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8
};
-static uint32_t U3[256] = {
- 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a,
- 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b,
- 0x30fa5520, 0x766df6ad, 0xcc769188, 0x24c25f5,
- 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5,
- 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d,
- 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b,
- 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95,
- 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e,
- 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27,
- 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d,
- 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562,
- 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x82b94f9,
- 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752,
- 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66,
- 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3,
- 0x2887f230, 0xbfa5b223, 0x36aba02, 0x16825ced,
- 0xcf1c2b8a, 0x79b492a7, 0x7f2f0f3, 0x69e2a14e,
- 0xdaf4cd65, 0x5bed506, 0x34621fd1, 0xa6fe8ac4,
- 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4,
- 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd,
- 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d,
- 0x548db591, 0xc45d0571, 0x6d46f04, 0x5015ff60,
- 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767,
- 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79,
- 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x0,
- 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c,
- 0xefffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736,
- 0xfd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24,
- 0xa67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b,
- 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c,
- 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12,
- 0x90d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814,
- 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3,
- 0x1269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b,
- 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8,
- 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084,
- 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7,
- 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077,
- 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247,
- 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22,
- 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698,
- 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f,
- 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254,
- 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582,
- 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf,
- 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb,
- 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883,
- 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef,
- 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629,
- 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035,
- 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533,
- 0x4984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17,
- 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4,
- 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46,
- 0x5eea049d, 0x8c355d01, 0x877473fa, 0xb412efb,
- 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d,
- 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb,
- 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a,
- 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73,
- 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678,
- 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2,
- 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0xd9541ff,
- 0xa8017139, 0xcb3de08, 0xb4e49cd8, 0x56c19064,
- 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0
+static const uint32_t U3[256] = {
+ 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a,
+ 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b,
+ 0x30fa5520, 0x766df6ad, 0xcc769188, 0x24c25f5,
+ 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5,
+ 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d,
+ 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b,
+ 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95,
+ 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e,
+ 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27,
+ 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d,
+ 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562,
+ 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x82b94f9,
+ 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752,
+ 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66,
+ 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3,
+ 0x2887f230, 0xbfa5b223, 0x36aba02, 0x16825ced,
+ 0xcf1c2b8a, 0x79b492a7, 0x7f2f0f3, 0x69e2a14e,
+ 0xdaf4cd65, 0x5bed506, 0x34621fd1, 0xa6fe8ac4,
+ 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4,
+ 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd,
+ 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d,
+ 0x548db591, 0xc45d0571, 0x6d46f04, 0x5015ff60,
+ 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767,
+ 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79,
+ 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x0,
+ 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c,
+ 0xefffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736,
+ 0xfd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24,
+ 0xa67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b,
+ 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c,
+ 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12,
+ 0x90d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814,
+ 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3,
+ 0x1269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b,
+ 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8,
+ 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084,
+ 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7,
+ 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077,
+ 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247,
+ 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22,
+ 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698,
+ 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f,
+ 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254,
+ 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582,
+ 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf,
+ 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb,
+ 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883,
+ 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef,
+ 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629,
+ 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035,
+ 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533,
+ 0x4984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17,
+ 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4,
+ 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46,
+ 0x5eea049d, 0x8c355d01, 0x877473fa, 0xb412efb,
+ 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d,
+ 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb,
+ 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a,
+ 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73,
+ 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678,
+ 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2,
+ 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0xd9541ff,
+ 0xa8017139, 0xcb3de08, 0xb4e49cd8, 0x56c19064,
+ 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0
};
#endif
-/*
+/*
* the following tables (aes_sbox, aes_inv_sbox, T4, U4) are
- * endian-neutral
+ * endian-neutral
*/
-static uint8_t
-aes_sbox[256] = {
- 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
- 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
- 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
- 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
- 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
- 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
- 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
- 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
- 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
- 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
- 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
- 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
- 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
- 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
- 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
- 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
- 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
- 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
- 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
- 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
- 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
- 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
- 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
- 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
- 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
- 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
- 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
- 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
- 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
- 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+static const uint8_t
+ aes_sbox[256] = {
+ 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
+ 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
+ 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
+ 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+ 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
+ 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+ 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
+ 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+ 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
+ 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
+ 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
+ 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+ 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
+ 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
+ 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
+ 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+ 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
+ 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+ 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
+ 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+ 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
+ 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
+ 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
+ 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+ 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
+ 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
+ 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
+ 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+ 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
+ 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+ 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
+ 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
};
#ifndef CPU_RISC
-static uint8_t
-aes_inv_sbox[256] = {
- 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
- 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
- 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
- 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
- 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
- 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
- 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
- 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
- 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
- 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
- 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
- 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
- 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
- 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
- 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
- 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
- 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
- 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
- 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
- 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
- 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
- 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
- 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
- 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
- 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
- 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
- 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
- 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
- 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
- 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
- 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
- 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+static const uint8_t
+ aes_inv_sbox[256] = {
+ 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
+ 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
+ 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
+ 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
+ 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
+ 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
+ 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
+ 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
+ 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
+ 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
+ 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
+ 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
+ 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
+ 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
+ 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
+ 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
+ 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
+ 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
+ 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
+ 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
+ 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
+ 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
+ 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
+ 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
+ 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
+ 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
+ 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
+ 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
+ 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
+ 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
+ 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
+ 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
};
#endif /* ! CPU_RISC */
#ifdef CPU_RISC
-static uint32_t
-T4[256] = {
- 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b,
- 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5,
- 0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b,
- 0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676,
- 0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d,
- 0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0,
- 0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf,
- 0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0,
- 0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626,
- 0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc,
- 0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1,
- 0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515,
- 0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3,
- 0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a,
- 0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2,
- 0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575,
- 0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a,
- 0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0,
- 0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3,
- 0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484,
- 0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed,
- 0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b,
- 0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939,
- 0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf,
- 0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb,
- 0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585,
- 0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f,
- 0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8,
- 0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f,
- 0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5,
- 0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121,
- 0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2,
- 0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec,
- 0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717,
- 0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d,
- 0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373,
- 0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc,
- 0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888,
- 0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414,
- 0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb,
- 0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a,
- 0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c,
- 0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262,
- 0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979,
- 0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d,
- 0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9,
- 0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea,
- 0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808,
- 0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e,
- 0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6,
- 0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f,
- 0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a,
- 0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666,
- 0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e,
- 0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9,
- 0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e,
- 0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111,
- 0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494,
- 0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9,
- 0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf,
- 0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d,
- 0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868,
- 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f,
- 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616
+static const uint32_t
+ T4[256] = {
+ 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b,
+ 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5,
+ 0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b,
+ 0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676,
+ 0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d,
+ 0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0,
+ 0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf,
+ 0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0,
+ 0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626,
+ 0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc,
+ 0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1,
+ 0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515,
+ 0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3,
+ 0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a,
+ 0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2,
+ 0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575,
+ 0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a,
+ 0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0,
+ 0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3,
+ 0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484,
+ 0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed,
+ 0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b,
+ 0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939,
+ 0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf,
+ 0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb,
+ 0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585,
+ 0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f,
+ 0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8,
+ 0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f,
+ 0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5,
+ 0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121,
+ 0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2,
+ 0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec,
+ 0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717,
+ 0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d,
+ 0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373,
+ 0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc,
+ 0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888,
+ 0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414,
+ 0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb,
+ 0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a,
+ 0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c,
+ 0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262,
+ 0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979,
+ 0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d,
+ 0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9,
+ 0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea,
+ 0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808,
+ 0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e,
+ 0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6,
+ 0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f,
+ 0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a,
+ 0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666,
+ 0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e,
+ 0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9,
+ 0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e,
+ 0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111,
+ 0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494,
+ 0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9,
+ 0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf,
+ 0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d,
+ 0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868,
+ 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f,
+ 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616
};
-static uint32_t U4[256] = {
- 0x52525252, 0x9090909, 0x6a6a6a6a, 0xd5d5d5d5,
- 0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838,
- 0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e,
- 0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb,
- 0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282,
- 0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787,
- 0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444,
- 0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb,
- 0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232,
- 0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d,
- 0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0xb0b0b0b,
- 0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e,
- 0x8080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666,
- 0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2,
- 0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949,
- 0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525,
- 0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464,
- 0x86868686, 0x68686868, 0x98989898, 0x16161616,
- 0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc,
- 0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292,
- 0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050,
- 0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada,
- 0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757,
- 0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484,
- 0x90909090, 0xd8d8d8d8, 0xabababab, 0x0,
- 0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0xa0a0a0a,
- 0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x5050505,
- 0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x6060606,
- 0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f,
- 0xcacacaca, 0x3f3f3f3f, 0xf0f0f0f, 0x2020202,
- 0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x3030303,
- 0x1010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b,
- 0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141,
- 0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea,
- 0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece,
- 0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373,
- 0x96969696, 0xacacacac, 0x74747474, 0x22222222,
- 0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585,
- 0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8,
- 0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e,
- 0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171,
- 0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989,
- 0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0xe0e0e0e,
- 0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b,
- 0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b,
- 0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020,
- 0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe,
- 0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4,
- 0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333,
- 0x88888888, 0x7070707, 0xc7c7c7c7, 0x31313131,
- 0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959,
- 0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f,
- 0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9,
- 0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0xd0d0d0d,
- 0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f,
- 0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef,
- 0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d,
- 0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0,
- 0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c,
- 0x83838383, 0x53535353, 0x99999999, 0x61616161,
- 0x17171717, 0x2b2b2b2b, 0x4040404, 0x7e7e7e7e,
- 0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626,
- 0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363,
- 0x55555555, 0x21212121, 0xc0c0c0c, 0x7d7d7d7d
+static const uint32_t U4[256] = {
+ 0x52525252, 0x9090909, 0x6a6a6a6a, 0xd5d5d5d5,
+ 0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838,
+ 0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e,
+ 0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb,
+ 0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282,
+ 0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787,
+ 0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444,
+ 0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb,
+ 0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232,
+ 0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d,
+ 0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0xb0b0b0b,
+ 0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e,
+ 0x8080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666,
+ 0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2,
+ 0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949,
+ 0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525,
+ 0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464,
+ 0x86868686, 0x68686868, 0x98989898, 0x16161616,
+ 0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc,
+ 0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292,
+ 0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050,
+ 0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada,
+ 0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757,
+ 0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484,
+ 0x90909090, 0xd8d8d8d8, 0xabababab, 0x0,
+ 0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0xa0a0a0a,
+ 0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x5050505,
+ 0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x6060606,
+ 0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f,
+ 0xcacacaca, 0x3f3f3f3f, 0xf0f0f0f, 0x2020202,
+ 0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x3030303,
+ 0x1010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b,
+ 0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141,
+ 0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea,
+ 0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece,
+ 0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373,
+ 0x96969696, 0xacacacac, 0x74747474, 0x22222222,
+ 0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585,
+ 0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8,
+ 0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e,
+ 0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171,
+ 0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989,
+ 0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0xe0e0e0e,
+ 0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b,
+ 0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b,
+ 0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020,
+ 0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe,
+ 0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4,
+ 0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333,
+ 0x88888888, 0x7070707, 0xc7c7c7c7, 0x31313131,
+ 0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959,
+ 0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f,
+ 0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9,
+ 0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0xd0d0d0d,
+ 0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f,
+ 0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef,
+ 0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d,
+ 0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0,
+ 0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c,
+ 0x83838383, 0x53535353, 0x99999999, 0x61616161,
+ 0x17171717, 0x2b2b2b2b, 0x4040404, 0x7e7e7e7e,
+ 0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626,
+ 0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363,
+ 0x55555555, 0x21212121, 0xc0c0c0c, 0x7d7d7d7d
};
#endif /* CPU_RISC */
+#define gf2_8_field_polynomial 0x1B
+/*
+ * gf2_8_shift(z) returns the result of the GF(2^8) 'multiply by x'
+ * operation, using the field representation from AES; that is, the
+ * next gf2_8 value in the cyclic representation of that field. The
+ * value z should be an uint8_t.
+ */
+#define gf2_8_shift(z) (((z) & 128) ? \
+ (((z) << 1) ^ gf2_8_field_polynomial) : ((z) << 1))
/* aes internals */
-extern debug_module_t mod_aes_icm;
+extern srtp_debug_module_t srtp_mod_aes_icm;
static void
-aes_128_expand_encryption_key(const uint8_t *key,
- aes_expanded_key_t *expanded_key) {
- int i;
- gf2_8 rc;
+aes_128_expand_encryption_key (const uint8_t *key,
+ srtp_aes_expanded_key_t *expanded_key)
+{
+ int i;
+ uint8_t rc;
- /* initialize round constant */
- rc = 1;
+ /* initialize round constant */
+ rc = 1;
- expanded_key->num_rounds = 10;
+ expanded_key->num_rounds = 10;
- v128_copy_octet_string(&expanded_key->round[0], key);
+ v128_copy_octet_string(&expanded_key->round[0], key);
#if 0
- debug_print(mod_aes_icm,
- "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0]));
+ debug_print(srtp_mod_aes_icm,
+ "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0]));
#endif
- /* loop over round keys */
- for (i=1; i < 11; i++) {
+ /* loop over round keys */
+ for (i = 1; i < 11; i++) {
- /* munge first word of round key */
- expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[13]] ^ rc;
- expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[14]];
- expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[15]];
- expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[12]];
+ /* munge first word of round key */
+ expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i - 1].v8[13]] ^ rc;
+ expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i - 1].v8[14]];
+ expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i - 1].v8[15]];
+ expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i - 1].v8[12]];
- expanded_key->round[i].v32[0] ^= expanded_key->round[i-1].v32[0];
+ expanded_key->round[i].v32[0] ^= expanded_key->round[i - 1].v32[0];
- /* set remaining 32 bit words to the exor of the one previous with
- * the one four words previous */
+ /* set remaining 32 bit words to the exor of the one previous with
+ * the one four words previous */
- expanded_key->round[i].v32[1] =
- expanded_key->round[i].v32[0] ^ expanded_key->round[i-1].v32[1];
+ expanded_key->round[i].v32[1] =
+ expanded_key->round[i].v32[0] ^ expanded_key->round[i - 1].v32[1];
- expanded_key->round[i].v32[2] =
- expanded_key->round[i].v32[1] ^ expanded_key->round[i-1].v32[2];
+ expanded_key->round[i].v32[2] =
+ expanded_key->round[i].v32[1] ^ expanded_key->round[i - 1].v32[2];
- expanded_key->round[i].v32[3] =
- expanded_key->round[i].v32[2] ^ expanded_key->round[i-1].v32[3];
+ expanded_key->round[i].v32[3] =
+ expanded_key->round[i].v32[2] ^ expanded_key->round[i - 1].v32[3];
#if 0
- debug_print2(mod_aes_icm,
- "expanded key[%d]: %s", i,v128_hex_string(&expanded_key->round[i]));
+ debug_print2(srtp_mod_aes_icm,
+ "expanded key[%d]: %s", i, v128_hex_string(&expanded_key->round[i]));
#endif
- /* modify round constant */
- rc = gf2_8_shift(rc);
+ /* modify round constant */
+ rc = gf2_8_shift(rc);
- }
+ }
}
static void
-aes_256_expand_encryption_key(const unsigned char *key,
- aes_expanded_key_t *expanded_key) {
- int i;
- gf2_8 rc;
+aes_256_expand_encryption_key (const unsigned char *key,
+ srtp_aes_expanded_key_t *expanded_key)
+{
+ int i;
+ uint8_t rc;
- /* initialize round constant */
- rc = 1;
+ /* initialize round constant */
+ rc = 1;
- expanded_key->num_rounds = 14;
+ expanded_key->num_rounds = 14;
- v128_copy_octet_string(&expanded_key->round[0], key);
- v128_copy_octet_string(&expanded_key->round[1], key+16);
+ v128_copy_octet_string(&expanded_key->round[0], key);
+ v128_copy_octet_string(&expanded_key->round[1], key + 16);
#if 0
- debug_print(mod_aes_icm,
- "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0]));
- debug_print(mod_aes_icm,
- "expanded key[1]: %s", v128_hex_string(&expanded_key->round[1]));
+ debug_print(srtp_mod_aes_icm,
+ "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0]));
+ debug_print(srtp_mod_aes_icm,
+ "expanded key[1]: %s", v128_hex_string(&expanded_key->round[1]));
#endif
- /* loop over rest of round keys */
- for (i=2; i < 15; i++) {
+ /* loop over rest of round keys */
+ for (i = 2; i < 15; i++) {
- /* munge first word of round key */
- if ((i & 1) == 0) {
- expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[13]] ^ rc;
- expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[14]];
- expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[15]];
- expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[12]];
+ /* munge first word of round key */
+ if ((i & 1) == 0) {
+ expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i - 1].v8[13]] ^ rc;
+ expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i - 1].v8[14]];
+ expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i - 1].v8[15]];
+ expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i - 1].v8[12]];
- /* modify round constant */
- rc = gf2_8_shift(rc);
- }
- else {
- expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i-1].v8[12]];
- expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i-1].v8[13]];
- expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i-1].v8[14]];
- expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i-1].v8[15]];
- }
+ /* modify round constant */
+ rc = gf2_8_shift(rc);
+ }else {
+ expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i - 1].v8[12]];
+ expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i - 1].v8[13]];
+ expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i - 1].v8[14]];
+ expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i - 1].v8[15]];
+ }
- expanded_key->round[i].v32[0] ^= expanded_key->round[i-2].v32[0];
+ expanded_key->round[i].v32[0] ^= expanded_key->round[i - 2].v32[0];
- /* set remaining 32 bit words to the exor of the one previous with
- * the one eight words previous */
+ /* set remaining 32 bit words to the exor of the one previous with
+ * the one eight words previous */
- expanded_key->round[i].v32[1] =
- expanded_key->round[i].v32[0] ^ expanded_key->round[i-2].v32[1];
+ expanded_key->round[i].v32[1] =
+ expanded_key->round[i].v32[0] ^ expanded_key->round[i - 2].v32[1];
- expanded_key->round[i].v32[2] =
- expanded_key->round[i].v32[1] ^ expanded_key->round[i-2].v32[2];
+ expanded_key->round[i].v32[2] =
+ expanded_key->round[i].v32[1] ^ expanded_key->round[i - 2].v32[2];
- expanded_key->round[i].v32[3] =
- expanded_key->round[i].v32[2] ^ expanded_key->round[i-2].v32[3];
+ expanded_key->round[i].v32[3] =
+ expanded_key->round[i].v32[2] ^ expanded_key->round[i - 2].v32[3];
#if 0
- debug_print2(mod_aes_icm,
- "expanded key[%d]: %s", i,v128_hex_string(&expanded_key->round[i]));
+ debug_print2(srtp_mod_aes_icm,
+ "expanded key[%d]: %s", i, v128_hex_string(&expanded_key->round[i]));
#endif
- }
+ }
}
-err_status_t
-aes_expand_encryption_key(const uint8_t *key,
- int key_len,
- aes_expanded_key_t *expanded_key) {
- if (key_len == 16) {
- aes_128_expand_encryption_key(key, expanded_key);
- return err_status_ok;
- }
- else if (key_len == 24) {
- /* AES-192 not yet supported */
- return err_status_bad_param;
- }
- else if (key_len == 32) {
- aes_256_expand_encryption_key(key, expanded_key);
- return err_status_ok;
- }
- else
- return err_status_bad_param;
+srtp_err_status_t srtp_aes_expand_encryption_key (const uint8_t *key,
+ int key_len,
+ srtp_aes_expanded_key_t *expanded_key)
+{
+ if (key_len == 16) {
+ aes_128_expand_encryption_key(key, expanded_key);
+ return srtp_err_status_ok;
+ }else if (key_len == 24) {
+ /* AES-192 not yet supported */
+ return srtp_err_status_bad_param;
+ }else if (key_len == 32) {
+ aes_256_expand_encryption_key(key, expanded_key);
+ return srtp_err_status_ok;
+ }else {
+ return srtp_err_status_bad_param;
+ }
}
-err_status_t
-aes_expand_decryption_key(const uint8_t *key,
- int key_len,
- aes_expanded_key_t *expanded_key) {
- int i;
- err_status_t status;
- int num_rounds = expanded_key->num_rounds;
+srtp_err_status_t srtp_aes_expand_decryption_key (const uint8_t *key,
+ int key_len,
+ srtp_aes_expanded_key_t *expanded_key)
+{
+ int i;
+ srtp_err_status_t status;
+ int num_rounds = expanded_key->num_rounds;
- status = aes_expand_encryption_key(key, key_len, expanded_key);
- if (status)
- return status;
+ status = srtp_aes_expand_encryption_key(key, key_len, expanded_key);
+ if (status) {
+ return status;
+ }
- /* invert the order of the round keys */
- for (i=0; i < num_rounds/2; i++) {
- v128_t tmp;
- v128_copy(&tmp, &expanded_key->round[num_rounds-i]);
- v128_copy(&expanded_key->round[num_rounds-i], &expanded_key->round[i]);
- v128_copy(&expanded_key->round[i], &tmp);
- }
+ /* invert the order of the round keys */
+ for (i = 0; i < num_rounds / 2; i++) {
+ v128_t tmp;
+ v128_copy(&tmp, &expanded_key->round[num_rounds - i]);
+ v128_copy(&expanded_key->round[num_rounds - i], &expanded_key->round[i]);
+ v128_copy(&expanded_key->round[i], &tmp);
+ }
- /*
- * apply the inverse mixColumn transform to the round keys (except
- * for the first and the last)
- *
- * mixColumn is implemented by using the tables U0, U1, U2, U3,
- * followed by the T4 table (which cancels out the use of the sbox
- * in the U-tables)
- */
- for (i=1; i < num_rounds; i++) {
+ /*
+ * apply the inverse mixColumn transform to the round keys (except
+ * for the first and the last)
+ *
+ * mixColumn is implemented by using the tables U0, U1, U2, U3,
+ * followed by the T4 table (which cancels out the use of the sbox
+ * in the U-tables)
+ */
+ for (i = 1; i < num_rounds; i++) {
#ifdef CPU_RISC
- uint32_t tmp;
+ uint32_t tmp;
- tmp = expanded_key->round[i].v32[0];
- expanded_key->round[i].v32[0] =
- U0[T4[(tmp >> 24) ] & 0xff] ^
- U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
- U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
- U3[T4[(tmp) & 0xff] & 0xff];
+#ifdef WORDS_BIGENDIAN
+ tmp = expanded_key->round[i].v32[0];
+ expanded_key->round[i].v32[0] =
+ U0[T4[(tmp >> 24) ] & 0xff] ^
+ U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U3[T4[(tmp) & 0xff] & 0xff];
- tmp = expanded_key->round[i].v32[1];
- expanded_key->round[i].v32[1] =
- U0[T4[(tmp >> 24) ] & 0xff] ^
- U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
- U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
- U3[T4[(tmp) & 0xff] & 0xff];
+ tmp = expanded_key->round[i].v32[1];
+ expanded_key->round[i].v32[1] =
+ U0[T4[(tmp >> 24) ] & 0xff] ^
+ U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U3[T4[(tmp) & 0xff] & 0xff];
- tmp = expanded_key->round[i].v32[2];
- expanded_key->round[i].v32[2] =
- U0[T4[(tmp >> 24) ] & 0xff] ^
- U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
- U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
- U3[T4[(tmp) & 0xff] & 0xff];
+ tmp = expanded_key->round[i].v32[2];
+ expanded_key->round[i].v32[2] =
+ U0[T4[(tmp >> 24) ] & 0xff] ^
+ U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U3[T4[(tmp) & 0xff] & 0xff];
+
+ tmp = expanded_key->round[i].v32[3];
+ expanded_key->round[i].v32[3] =
+ U0[T4[(tmp >> 24) ] & 0xff] ^
+ U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U3[T4[(tmp) & 0xff] & 0xff];
+#else
+ tmp = expanded_key->round[i].v32[0];
+ expanded_key->round[i].v32[0] =
+ U3[T4[(tmp >> 24) ] & 0xff] ^
+ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U0[T4[(tmp) & 0xff] & 0xff];
+
+ tmp = expanded_key->round[i].v32[1];
+ expanded_key->round[i].v32[1] =
+ U3[T4[(tmp >> 24) ] & 0xff] ^
+ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U0[T4[(tmp) & 0xff] & 0xff];
+
+ tmp = expanded_key->round[i].v32[2];
+ expanded_key->round[i].v32[2] =
+ U3[T4[(tmp >> 24) ] & 0xff] ^
+ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U0[T4[(tmp) & 0xff] & 0xff];
+
+ tmp = expanded_key->round[i].v32[3];
+ expanded_key->round[i].v32[3] =
+ U3[T4[(tmp >> 24) ] & 0xff] ^
+ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^
+ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^
+ U0[T4[(tmp) & 0xff] & 0xff];
+#endif /* WORDS_BIGENDIAN */
- tmp = expanded_key->round[i].v32[3];
- expanded_key->round[i].v32[3] =
- U0[T4[(tmp >> 24) ] & 0xff] ^
- U1[T4[(tmp >> 16) & 0xff] & 0xff] ^
- U2[T4[(tmp >> 8) & 0xff] & 0xff] ^
- U3[T4[(tmp) & 0xff] & 0xff];
#else /* assume CPU_CISC */
- uint32_t c0, c1, c2, c3;
+ uint32_t c0, c1, c2, c3;
- c0 = U0[aes_sbox[expanded_key->round[i].v8[0]]]
- ^ U1[aes_sbox[expanded_key->round[i].v8[1]]]
- ^ U2[aes_sbox[expanded_key->round[i].v8[2]]]
- ^ U3[aes_sbox[expanded_key->round[i].v8[3]]];
+ c0 = U0[aes_sbox[expanded_key->round[i].v8[0]]]
+ ^ U1[aes_sbox[expanded_key->round[i].v8[1]]]
+ ^ U2[aes_sbox[expanded_key->round[i].v8[2]]]
+ ^ U3[aes_sbox[expanded_key->round[i].v8[3]]];
- c1 = U0[aes_sbox[expanded_key->round[i].v8[4]]]
- ^ U1[aes_sbox[expanded_key->round[i].v8[5]]]
- ^ U2[aes_sbox[expanded_key->round[i].v8[6]]]
- ^ U3[aes_sbox[expanded_key->round[i].v8[7]]];
+ c1 = U0[aes_sbox[expanded_key->round[i].v8[4]]]
+ ^ U1[aes_sbox[expanded_key->round[i].v8[5]]]
+ ^ U2[aes_sbox[expanded_key->round[i].v8[6]]]
+ ^ U3[aes_sbox[expanded_key->round[i].v8[7]]];
- c2 = U0[aes_sbox[expanded_key->round[i].v8[8]]]
- ^ U1[aes_sbox[expanded_key->round[i].v8[9]]]
- ^ U2[aes_sbox[expanded_key->round[i].v8[10]]]
- ^ U3[aes_sbox[expanded_key->round[i].v8[11]]];
+ c2 = U0[aes_sbox[expanded_key->round[i].v8[8]]]
+ ^ U1[aes_sbox[expanded_key->round[i].v8[9]]]
+ ^ U2[aes_sbox[expanded_key->round[i].v8[10]]]
+ ^ U3[aes_sbox[expanded_key->round[i].v8[11]]];
- c3 = U0[aes_sbox[expanded_key->round[i].v8[12]]]
- ^ U1[aes_sbox[expanded_key->round[i].v8[13]]]
- ^ U2[aes_sbox[expanded_key->round[i].v8[14]]]
- ^ U3[aes_sbox[expanded_key->round[i].v8[15]]];
+ c3 = U0[aes_sbox[expanded_key->round[i].v8[12]]]
+ ^ U1[aes_sbox[expanded_key->round[i].v8[13]]]
+ ^ U2[aes_sbox[expanded_key->round[i].v8[14]]]
+ ^ U3[aes_sbox[expanded_key->round[i].v8[15]]];
- expanded_key->round[i].v32[0] = c0;
- expanded_key->round[i].v32[1] = c1;
- expanded_key->round[i].v32[2] = c2;
- expanded_key->round[i].v32[3] = c3;
+ expanded_key->round[i].v32[0] = c0;
+ expanded_key->round[i].v32[1] = c1;
+ expanded_key->round[i].v32[2] = c2;
+ expanded_key->round[i].v32[3] = c3;
-#endif
- }
+#endif
+ }
- return err_status_ok;
+ return srtp_err_status_ok;
}
#ifdef CPU_CISC
-static inline void
-aes_round(v128_t *state, const v128_t *round_key) {
- uint32_t column0, column1, column2, column3;
+static inline void aes_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t column0, column1, column2, column3;
- /* compute the columns of the output square in terms of the octets
- of state, using the tables T0, T1, T2, T3 */
+ /* compute the columns of the output square in terms of the octets
+ of state, using the tables T0, T1, T2, T3 */
- column0 = T0[state->v8[0]] ^ T1[state->v8[5]]
- ^ T2[state->v8[10]] ^ T3[state->v8[15]];
+ column0 = T0[state->v8[0]] ^ T1[state->v8[5]]
+ ^ T2[state->v8[10]] ^ T3[state->v8[15]];
- column1 = T0[state->v8[4]] ^ T1[state->v8[9]]
- ^ T2[state->v8[14]] ^ T3[state->v8[3]];
+ column1 = T0[state->v8[4]] ^ T1[state->v8[9]]
+ ^ T2[state->v8[14]] ^ T3[state->v8[3]];
- column2 = T0[state->v8[8]] ^ T1[state->v8[13]]
- ^ T2[state->v8[2]] ^ T3[state->v8[7]];
+ column2 = T0[state->v8[8]] ^ T1[state->v8[13]]
+ ^ T2[state->v8[2]] ^ T3[state->v8[7]];
- column3 = T0[state->v8[12]] ^ T1[state->v8[1]]
- ^ T2[state->v8[6]] ^ T3[state->v8[11]];
+ column3 = T0[state->v8[12]] ^ T1[state->v8[1]]
+ ^ T2[state->v8[6]] ^ T3[state->v8[11]];
- state->v32[0] = column0 ^ round_key->v32[0];
- state->v32[1] = column1 ^ round_key->v32[1];
- state->v32[2] = column2 ^ round_key->v32[2];
- state->v32[3] = column3 ^ round_key->v32[3];
+ state->v32[0] = column0 ^ round_key->v32[0];
+ state->v32[1] = column1 ^ round_key->v32[1];
+ state->v32[2] = column2 ^ round_key->v32[2];
+ state->v32[3] = column3 ^ round_key->v32[3];
}
-static inline void
-aes_inv_round(v128_t *state, const v128_t *round_key) {
- uint32_t column0, column1, column2, column3;
+static inline void aes_inv_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t column0, column1, column2, column3;
- /* compute the columns of the output square in terms of the octets
- of state, using the tables U0, U1, U2, U3 */
+ /* compute the columns of the output square in terms of the octets
+ of state, using the tables U0, U1, U2, U3 */
- column0 = U0[state->v8[0]] ^ U1[state->v8[13]]
- ^ U2[state->v8[10]] ^ U3[state->v8[7]];
+ column0 = U0[state->v8[0]] ^ U1[state->v8[13]]
+ ^ U2[state->v8[10]] ^ U3[state->v8[7]];
- column1 = U0[state->v8[4]] ^ U1[state->v8[1]]
- ^ U2[state->v8[14]] ^ U3[state->v8[11]];
+ column1 = U0[state->v8[4]] ^ U1[state->v8[1]]
+ ^ U2[state->v8[14]] ^ U3[state->v8[11]];
- column2 = U0[state->v8[8]] ^ U1[state->v8[5]]
- ^ U2[state->v8[2]] ^ U3[state->v8[15]];
+ column2 = U0[state->v8[8]] ^ U1[state->v8[5]]
+ ^ U2[state->v8[2]] ^ U3[state->v8[15]];
- column3 = U0[state->v8[12]] ^ U1[state->v8[9]]
- ^ U2[state->v8[6]] ^ U3[state->v8[3]];
+ column3 = U0[state->v8[12]] ^ U1[state->v8[9]]
+ ^ U2[state->v8[6]] ^ U3[state->v8[3]];
- state->v32[0] = column0 ^ round_key->v32[0];
- state->v32[1] = column1 ^ round_key->v32[1];
- state->v32[2] = column2 ^ round_key->v32[2];
- state->v32[3] = column3 ^ round_key->v32[3];
+ state->v32[0] = column0 ^ round_key->v32[0];
+ state->v32[1] = column1 ^ round_key->v32[1];
+ state->v32[2] = column2 ^ round_key->v32[2];
+ state->v32[3] = column3 ^ round_key->v32[3];
}
-static inline void
-aes_final_round(v128_t *state, const v128_t *round_key) {
- uint8_t tmp;
+static inline void aes_final_round (v128_t *state, const v128_t *round_key)
+{
+ uint8_t tmp;
- /* byte substitutions and row shifts */
- /* first row - no shift */
- state->v8[0] = aes_sbox[state->v8[0]];
- state->v8[4] = aes_sbox[state->v8[4]];
- state->v8[8] = aes_sbox[state->v8[8]];
- state->v8[12] = aes_sbox[state->v8[12]];
+ /* byte substitutions and row shifts */
+ /* first row - no shift */
+ state->v8[0] = aes_sbox[state->v8[0]];
+ state->v8[4] = aes_sbox[state->v8[4]];
+ state->v8[8] = aes_sbox[state->v8[8]];
+ state->v8[12] = aes_sbox[state->v8[12]];
- /* second row - shift one left */
- tmp = aes_sbox[state->v8[1]];
- state->v8[1] = aes_sbox[state->v8[5]];
- state->v8[5] = aes_sbox[state->v8[9]];
- state->v8[9] = aes_sbox[state->v8[13]];
- state->v8[13] = tmp;
+ /* second row - shift one left */
+ tmp = aes_sbox[state->v8[1]];
+ state->v8[1] = aes_sbox[state->v8[5]];
+ state->v8[5] = aes_sbox[state->v8[9]];
+ state->v8[9] = aes_sbox[state->v8[13]];
+ state->v8[13] = tmp;
- /* third row - shift two left */
- tmp = aes_sbox[state->v8[10]];
- state->v8[10] = aes_sbox[state->v8[2]];
- state->v8[2] = tmp;
- tmp = aes_sbox[state->v8[14]];
- state->v8[14] = aes_sbox[state->v8[6]];
- state->v8[6] = tmp;
+ /* third row - shift two left */
+ tmp = aes_sbox[state->v8[10]];
+ state->v8[10] = aes_sbox[state->v8[2]];
+ state->v8[2] = tmp;
+ tmp = aes_sbox[state->v8[14]];
+ state->v8[14] = aes_sbox[state->v8[6]];
+ state->v8[6] = tmp;
- /* fourth row - shift three left */
- tmp = aes_sbox[state->v8[15]];
- state->v8[15] = aes_sbox[state->v8[11]];
- state->v8[11] = aes_sbox[state->v8[7]];
- state->v8[7] = aes_sbox[state->v8[3]];
- state->v8[3] = tmp;
+ /* fourth row - shift three left */
+ tmp = aes_sbox[state->v8[15]];
+ state->v8[15] = aes_sbox[state->v8[11]];
+ state->v8[11] = aes_sbox[state->v8[7]];
+ state->v8[7] = aes_sbox[state->v8[3]];
+ state->v8[3] = tmp;
- v128_xor_eq(state, round_key);
+ v128_xor_eq(state, round_key);
}
-static inline void
-aes_inv_final_round(v128_t *state, const v128_t *round_key) {
- uint8_t tmp;
+static inline void aes_inv_final_round (v128_t *state, const v128_t *round_key)
+{
+ uint8_t tmp;
- /* byte substitutions and row shifts */
- /* first row - no shift */
- state->v8[0] = aes_inv_sbox[state->v8[0]];
- state->v8[4] = aes_inv_sbox[state->v8[4]];
- state->v8[8] = aes_inv_sbox[state->v8[8]];
- state->v8[12] = aes_inv_sbox[state->v8[12]];
+ /* byte substitutions and row shifts */
+ /* first row - no shift */
+ state->v8[0] = aes_inv_sbox[state->v8[0]];
+ state->v8[4] = aes_inv_sbox[state->v8[4]];
+ state->v8[8] = aes_inv_sbox[state->v8[8]];
+ state->v8[12] = aes_inv_sbox[state->v8[12]];
- /* second row - shift one right */
- tmp = aes_inv_sbox[state->v8[13]];
- state->v8[13] = aes_inv_sbox[state->v8[9]];
- state->v8[9] = aes_inv_sbox[state->v8[5]];
- state->v8[5] = aes_inv_sbox[state->v8[1]];
- state->v8[1] = tmp;
+ /* second row - shift one right */
+ tmp = aes_inv_sbox[state->v8[13]];
+ state->v8[13] = aes_inv_sbox[state->v8[9]];
+ state->v8[9] = aes_inv_sbox[state->v8[5]];
+ state->v8[5] = aes_inv_sbox[state->v8[1]];
+ state->v8[1] = tmp;
- /* third row - shift two right */
- tmp = aes_inv_sbox[state->v8[2]];
- state->v8[2] = aes_inv_sbox[state->v8[10]];
- state->v8[10] = tmp;
- tmp = aes_inv_sbox[state->v8[6]];
- state->v8[6] = aes_inv_sbox[state->v8[14]];
- state->v8[14] = tmp;
+ /* third row - shift two right */
+ tmp = aes_inv_sbox[state->v8[2]];
+ state->v8[2] = aes_inv_sbox[state->v8[10]];
+ state->v8[10] = tmp;
+ tmp = aes_inv_sbox[state->v8[6]];
+ state->v8[6] = aes_inv_sbox[state->v8[14]];
+ state->v8[14] = tmp;
- /* fourth row - shift three right */
- tmp = aes_inv_sbox[state->v8[3]];
- state->v8[3] = aes_inv_sbox[state->v8[7]];
- state->v8[7] = aes_inv_sbox[state->v8[11]];
- state->v8[11] = aes_inv_sbox[state->v8[15]];
- state->v8[15] = tmp;
+ /* fourth row - shift three right */
+ tmp = aes_inv_sbox[state->v8[3]];
+ state->v8[3] = aes_inv_sbox[state->v8[7]];
+ state->v8[7] = aes_inv_sbox[state->v8[11]];
+ state->v8[11] = aes_inv_sbox[state->v8[15]];
+ state->v8[15] = tmp;
- v128_xor_eq(state, round_key);
+ v128_xor_eq(state, round_key);
}
#elif CPU_RISC
-static inline void
-aes_round(v128_t *state, const v128_t *round_key) {
- uint32_t column0, column1, column2, column3;
+static inline void aes_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t column0, column1, column2, column3;
- /* compute the columns of the output square in terms of the octets
- of state, using the tables T0, T1, T2, T3 */
+ /* compute the columns of the output square in terms of the octets
+ of state, using the tables T0, T1, T2, T3 */
#ifdef WORDS_BIGENDIAN
- column0 = T0[state->v32[0] >> 24] ^ T1[(state->v32[1] >> 16) & 0xff]
- ^ T2[(state->v32[2] >> 8) & 0xff] ^ T3[state->v32[3] & 0xff];
+ column0 = T0[state->v32[0] >> 24] ^ T1[(state->v32[1] >> 16) & 0xff]
+ ^ T2[(state->v32[2] >> 8) & 0xff] ^ T3[state->v32[3] & 0xff];
- column1 = T0[state->v32[1] >> 24] ^ T1[(state->v32[2] >> 16) & 0xff]
- ^ T2[(state->v32[3] >> 8) & 0xff] ^ T3[state->v32[0] & 0xff];
+ column1 = T0[state->v32[1] >> 24] ^ T1[(state->v32[2] >> 16) & 0xff]
+ ^ T2[(state->v32[3] >> 8) & 0xff] ^ T3[state->v32[0] & 0xff];
- column2 = T0[state->v32[2] >> 24] ^ T1[(state->v32[3] >> 16) & 0xff]
- ^ T2[(state->v32[0] >> 8) & 0xff] ^ T3[state->v32[1] & 0xff];
+ column2 = T0[state->v32[2] >> 24] ^ T1[(state->v32[3] >> 16) & 0xff]
+ ^ T2[(state->v32[0] >> 8) & 0xff] ^ T3[state->v32[1] & 0xff];
- column3 = T0[state->v32[3] >> 24] ^ T1[(state->v32[0] >> 16) & 0xff]
- ^ T2[(state->v32[1] >> 8) & 0xff] ^ T3[state->v32[2] & 0xff];
+ column3 = T0[state->v32[3] >> 24] ^ T1[(state->v32[0] >> 16) & 0xff]
+ ^ T2[(state->v32[1] >> 8) & 0xff] ^ T3[state->v32[2] & 0xff];
#else
- column0 = T0[state->v32[0] & 0xff] ^ T1[(state->v32[1] >> 8) & 0xff]
- ^ T2[(state->v32[2] >> 16) & 0xff] ^ T3[state->v32[3] >> 24];
+ column0 = T0[state->v32[0] & 0xff] ^ T1[(state->v32[1] >> 8) & 0xff]
+ ^ T2[(state->v32[2] >> 16) & 0xff] ^ T3[state->v32[3] >> 24];
- column1 = T0[state->v32[1] & 0xff] ^ T1[(state->v32[2] >> 8) & 0xff]
- ^ T2[(state->v32[3] >> 16) & 0xff] ^ T3[state->v32[0] >> 24];
+ column1 = T0[state->v32[1] & 0xff] ^ T1[(state->v32[2] >> 8) & 0xff]
+ ^ T2[(state->v32[3] >> 16) & 0xff] ^ T3[state->v32[0] >> 24];
- column2 = T0[state->v32[2] & 0xff] ^ T1[(state->v32[3] >> 8) & 0xff]
- ^ T2[(state->v32[0] >> 16) & 0xff] ^ T3[state->v32[1] >> 24];
+ column2 = T0[state->v32[2] & 0xff] ^ T1[(state->v32[3] >> 8) & 0xff]
+ ^ T2[(state->v32[0] >> 16) & 0xff] ^ T3[state->v32[1] >> 24];
- column3 = T0[state->v32[3] & 0xff] ^ T1[(state->v32[0] >> 8) & 0xff]
- ^ T2[(state->v32[1] >> 16) & 0xff] ^ T3[state->v32[2] >> 24];
+ column3 = T0[state->v32[3] & 0xff] ^ T1[(state->v32[0] >> 8) & 0xff]
+ ^ T2[(state->v32[1] >> 16) & 0xff] ^ T3[state->v32[2] >> 24];
#endif /* WORDS_BIGENDIAN */
- state->v32[0] = column0 ^ round_key->v32[0];
- state->v32[1] = column1 ^ round_key->v32[1];
- state->v32[2] = column2 ^ round_key->v32[2];
- state->v32[3] = column3 ^ round_key->v32[3];
+ state->v32[0] = column0 ^ round_key->v32[0];
+ state->v32[1] = column1 ^ round_key->v32[1];
+ state->v32[2] = column2 ^ round_key->v32[2];
+ state->v32[3] = column3 ^ round_key->v32[3];
}
-static inline void
-aes_inv_round(v128_t *state, const v128_t *round_key) {
- uint32_t column0, column1, column2, column3;
+static inline void aes_inv_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t column0, column1, column2, column3;
- /* compute the columns of the output square in terms of the octets
- of state, using the tables U0, U1, U2, U3 */
+ /* compute the columns of the output square in terms of the octets
+ of state, using the tables U0, U1, U2, U3 */
#ifdef WORDS_BIGENDIAN
- /* FIX! WRong indexes */
- column0 = U0[state->v32[0] >> 24] ^ U1[(state->v32[3] >> 16) & 0xff]
- ^ U2[(state->v32[2] >> 8) & 0xff] ^ U3[state->v32[1] & 0xff];
+ column0 = U0[state->v32[0] >> 24] ^ U1[(state->v32[3] >> 16) & 0xff]
+ ^ U2[(state->v32[2] >> 8) & 0xff] ^ U3[state->v32[1] & 0xff];
- column1 = U0[state->v32[1] >> 24] ^ U1[(state->v32[0] >> 16) & 0xff]
- ^ U2[(state->v32[3] >> 8) & 0xff] ^ U3[state->v32[2] & 0xff];
+ column1 = U0[state->v32[1] >> 24] ^ U1[(state->v32[0] >> 16) & 0xff]
+ ^ U2[(state->v32[3] >> 8) & 0xff] ^ U3[state->v32[2] & 0xff];
- column2 = U0[state->v32[2] >> 24] ^ U1[(state->v32[1] >> 16) & 0xff]
- ^ U2[(state->v32[0] >> 8) & 0xff] ^ U3[state->v32[3] & 0xff];
+ column2 = U0[state->v32[2] >> 24] ^ U1[(state->v32[1] >> 16) & 0xff]
+ ^ U2[(state->v32[0] >> 8) & 0xff] ^ U3[state->v32[3] & 0xff];
- column3 = U0[state->v32[3] >> 24] ^ U1[(state->v32[2] >> 16) & 0xff]
- ^ U2[(state->v32[1] >> 8) & 0xff] ^ U3[state->v32[0] & 0xff];
+ column3 = U0[state->v32[3] >> 24] ^ U1[(state->v32[2] >> 16) & 0xff]
+ ^ U2[(state->v32[1] >> 8) & 0xff] ^ U3[state->v32[0] & 0xff];
#else
- column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff]
- ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[state->v32[3] >> 24];
+ column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff]
+ ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[(state->v32[1] >> 24) & 0xff];
- column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff]
- ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[state->v32[0] >> 24];
+ column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff]
+ ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[(state->v32[2] >> 24) & 0xff];
- column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff]
- ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[state->v32[1] >> 24];
+ column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff]
+ ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[(state->v32[3] >> 24) & 0xff];
- column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff]
- ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[state->v32[2] >> 24];
+ column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff]
+ ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[(state->v32[0] >> 24) & 0xff];
#endif /* WORDS_BIGENDIAN */
- state->v32[0] = column0 ^ round_key->v32[0];
- state->v32[1] = column1 ^ round_key->v32[1];
- state->v32[2] = column2 ^ round_key->v32[2];
- state->v32[3] = column3 ^ round_key->v32[3];
+ state->v32[0] = column0 ^ round_key->v32[0];
+ state->v32[1] = column1 ^ round_key->v32[1];
+ state->v32[2] = column2 ^ round_key->v32[2];
+ state->v32[3] = column3 ^ round_key->v32[3];
}
-static inline void
-aes_final_round(v128_t *state, const v128_t *round_key) {
- uint32_t tmp0, tmp1, tmp2, tmp3;
+static inline void aes_final_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t tmp0, tmp1, tmp2, tmp3;
- tmp0 = (T4[(state->v32[0] >> 24)] & 0xff000000)
- ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
- ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
- ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[0];
+#ifdef WORDS_BIGENDIAN
+ tmp0 = (T4[(state->v32[0] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[0];
- tmp1 = (T4[(state->v32[1] >> 24)] & 0xff000000)
- ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
- ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
- ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[1];
+ tmp1 = (T4[(state->v32[1] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[1];
- tmp2 = (T4[(state->v32[2] >> 24)] & 0xff000000)
- ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
- ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
- ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[2];
+ tmp2 = (T4[(state->v32[2] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[2];
- tmp3 = (T4[(state->v32[3] >> 24)] & 0xff000000)
- ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
- ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
- ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[3];
+ tmp3 = (T4[(state->v32[3] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[3];
+#else
+ tmp0 = (T4[(state->v32[3] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[0];
- state->v32[0] = tmp0;
- state->v32[1] = tmp1;
- state->v32[2] = tmp2;
- state->v32[3] = tmp3;
+ tmp1 = (T4[(state->v32[0] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[1];
+
+ tmp2 = (T4[(state->v32[1] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[2];
+
+ tmp3 = (T4[(state->v32[2] >> 24)] & 0xff000000)
+ ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
+ ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
+ ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[3];
+#endif /* WORDS_BIGENDIAN */
+
+ state->v32[0] = tmp0;
+ state->v32[1] = tmp1;
+ state->v32[2] = tmp2;
+ state->v32[3] = tmp3;
}
-static inline void
-aes_inv_final_round(v128_t *state, const v128_t *round_key) {
- uint32_t tmp0, tmp1, tmp2, tmp3;
+static inline void aes_inv_final_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t tmp0, tmp1, tmp2, tmp3;
- tmp0 = (U4[(state->v32[0] >> 24)] & 0xff000000)
- ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
- ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
- ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[0];
+#ifdef WORDS_BIGENDIAN
+ tmp0 = (U4[(state->v32[0] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[0];
- tmp1 = (U4[(state->v32[1] >> 24)] & 0xff000000)
- ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
- ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
- ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[1];
+ tmp1 = (U4[(state->v32[1] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[1];
- tmp2 = (U4[(state->v32[2] >> 24)] & 0xff000000)
- ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
- ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
- ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[2];
+ tmp2 = (U4[(state->v32[2] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[2];
- tmp3 = (U4[(state->v32[3] >> 24)] & 0xff000000)
- ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
- ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
- ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff)
- ^ round_key->v32[3];
+ tmp3 = (U4[(state->v32[3] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[3];
+#else
+ tmp0 = (U4[(state->v32[1] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[0];
- state->v32[0] = tmp0;
- state->v32[1] = tmp1;
- state->v32[2] = tmp2;
- state->v32[3] = tmp3;
+ tmp1 = (U4[(state->v32[2] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[1];
+ tmp2 = (U4[(state->v32[3] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[2];
+
+ tmp3 = (U4[(state->v32[0] >> 24)] & 0xff000000)
+ ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000)
+ ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00)
+ ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff)
+ ^ round_key->v32[3];
+#endif /* WORDS_BIGENDIAN */
+
+ state->v32[0] = tmp0;
+ state->v32[1] = tmp1;
+ state->v32[2] = tmp2;
+ state->v32[3] = tmp3;
}
#elif CPU_16 /* assume 16-bit word size on processor */
-static inline void
-aes_round(v128_t *state, const v128_t *round_key) {
- uint32_t column0, column1, column2, column3;
- uint16_t c
- /* compute the columns of the output square in terms of the octets
- of state, using the tables T0, T1, T2, T3 */
+static inline void aes_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t column0, column1, column2, column3;
+ uint16_t c
+ /* compute the columns of the output square in terms of the octets
+ of state, using the tables T0, T1, T2, T3 */
- column0 = T0[state->v8[0]] ^ T1[state->v8[5]]
- ^ T2[state->v8[10]] ^ T3[state->v8[15]];
+ column0 = T0[state->v8[0]] ^ T1[state->v8[5]]
+ ^ T2[state->v8[10]] ^ T3[state->v8[15]];
- column1 = T0[state->v8[4]] ^ T1[state->v8[9]]
- ^ T2[state->v8[14]] ^ T3[state->v8[3]];
+ column1 = T0[state->v8[4]] ^ T1[state->v8[9]]
+ ^ T2[state->v8[14]] ^ T3[state->v8[3]];
- column2 = T0[state->v8[8]] ^ T1[state->v8[13]]
- ^ T2[state->v8[2]] ^ T3[state->v8[7]];
+ column2 = T0[state->v8[8]] ^ T1[state->v8[13]]
+ ^ T2[state->v8[2]] ^ T3[state->v8[7]];
- column3 = T0[state->v8[12]] ^ T1[state->v8[1]]
- ^ T2[state->v8[6]] ^ T3[state->v8[11]];
+ column3 = T0[state->v8[12]] ^ T1[state->v8[1]]
+ ^ T2[state->v8[6]] ^ T3[state->v8[11]];
- state->v32[0] = column0 ^ round_key->v32[0];
- state->v32[1] = column1 ^ round_key->v32[1];
- state->v32[2] = column2 ^ round_key->v32[2];
- state->v32[3] = column3 ^ round_key->v32[3];
+ state->v32[0] = column0 ^ round_key->v32[0];
+ state->v32[1] = column1 ^ round_key->v32[1];
+ state->v32[2] = column2 ^ round_key->v32[2];
+ state->v32[3] = column3 ^ round_key->v32[3];
}
-static inline void
-aes_inv_round(v128_t *state, const v128_t *round_key) {
- uint32_t column0, column1, column2, column3;
+static inline void aes_inv_round (v128_t *state, const v128_t *round_key)
+{
+ uint32_t column0, column1, column2, column3;
- /* compute the columns of the output square in terms of the octets
- of state, using the tables U0, U1, U2, U3 */
+ /* compute the columns of the output square in terms of the octets
+ of state, using the tables U0, U1, U2, U3 */
- column0 = U0[state->v8[0]] ^ U1[state->v8[5]]
- ^ U2[state->v8[10]] ^ U3[state->v8[15]];
+ column0 = U0[state->v8[0]] ^ U1[state->v8[5]]
+ ^ U2[state->v8[10]] ^ U3[state->v8[15]];
- column1 = U0[state->v8[4]] ^ U1[state->v8[9]]
- ^ U2[state->v8[14]] ^ U3[state->v8[3]];
+ column1 = U0[state->v8[4]] ^ U1[state->v8[9]]
+ ^ U2[state->v8[14]] ^ U3[state->v8[3]];
- column2 = U0[state->v8[8]] ^ U1[state->v8[13]]
- ^ U2[state->v8[2]] ^ U3[state->v8[7]];
+ column2 = U0[state->v8[8]] ^ U1[state->v8[13]]
+ ^ U2[state->v8[2]] ^ U3[state->v8[7]];
- column3 = U0[state->v8[12]] ^ U1[state->v8[1]]
- ^ U2[state->v8[6]] ^ U3[state->v8[11]];
+ column3 = U0[state->v8[12]] ^ U1[state->v8[1]]
+ ^ U2[state->v8[6]] ^ U3[state->v8[11]];
- state->v32[0] = column0 ^ round_key->v32[0];
- state->v32[1] = column1 ^ round_key->v32[1];
- state->v32[2] = column2 ^ round_key->v32[2];
- state->v32[3] = column3 ^ round_key->v32[3];
+ state->v32[0] = column0 ^ round_key->v32[0];
+ state->v32[1] = column1 ^ round_key->v32[1];
+ state->v32[2] = column2 ^ round_key->v32[2];
+ state->v32[3] = column3 ^ round_key->v32[3];
}
-static inline void
-aes_final_round(v128_t *state, const v128_t *round_key) {
- uint8_t tmp;
+static inline void aes_final_round (v128_t *state, const v128_t *round_key)
+{
+ uint8_t tmp;
- /* byte substitutions and row shifts */
- /* first row - no shift */
- state->v8[0] = aes_sbox[state->v8[0]];
- state->v8[4] = aes_sbox[state->v8[4]];
- state->v8[8] = aes_sbox[state->v8[8]];
- state->v8[12] = aes_sbox[state->v8[12]];
+ /* byte substitutions and row shifts */
+ /* first row - no shift */
+ state->v8[0] = aes_sbox[state->v8[0]];
+ state->v8[4] = aes_sbox[state->v8[4]];
+ state->v8[8] = aes_sbox[state->v8[8]];
+ state->v8[12] = aes_sbox[state->v8[12]];
- /* second row - shift one left */
- tmp = aes_sbox[state->v8[1]];
- state->v8[1] = aes_sbox[state->v8[5]];
- state->v8[5] = aes_sbox[state->v8[9]];
- state->v8[9] = aes_sbox[state->v8[13]];
- state->v8[13] = tmp;
+ /* second row - shift one left */
+ tmp = aes_sbox[state->v8[1]];
+ state->v8[1] = aes_sbox[state->v8[5]];
+ state->v8[5] = aes_sbox[state->v8[9]];
+ state->v8[9] = aes_sbox[state->v8[13]];
+ state->v8[13] = tmp;
- /* third row - shift two left */
- tmp = aes_sbox[state->v8[10]];
- state->v8[10] = aes_sbox[state->v8[2]];
- state->v8[2] = tmp;
- tmp = aes_sbox[state->v8[14]];
- state->v8[14] = aes_sbox[state->v8[6]];
- state->v8[6] = tmp;
+ /* third row - shift two left */
+ tmp = aes_sbox[state->v8[10]];
+ state->v8[10] = aes_sbox[state->v8[2]];
+ state->v8[2] = tmp;
+ tmp = aes_sbox[state->v8[14]];
+ state->v8[14] = aes_sbox[state->v8[6]];
+ state->v8[6] = tmp;
- /* fourth row - shift three left */
- tmp = aes_sbox[state->v8[15]];
- state->v8[15] = aes_sbox[state->v8[11]];
- state->v8[11] = aes_sbox[state->v8[7]];
- state->v8[7] = aes_sbox[state->v8[3]];
- state->v8[3] = tmp;
+ /* fourth row - shift three left */
+ tmp = aes_sbox[state->v8[15]];
+ state->v8[15] = aes_sbox[state->v8[11]];
+ state->v8[11] = aes_sbox[state->v8[7]];
+ state->v8[7] = aes_sbox[state->v8[3]];
+ state->v8[3] = tmp;
- v128_xor_eq(state, round_key);
+ v128_xor_eq(state, round_key);
}
-static inline void
-aes_inv_final_round(v128_t *state, const v128_t *round_key) {
- uint8_t tmp;
+static inline void aes_inv_final_round (v128_t *state, const v128_t *round_key)
+{
+ uint8_t tmp;
- /* byte substitutions and row shifts */
- /* first row - no shift */
- state->v8[0] = aes_inv_sbox[state->v8[0]];
- state->v8[4] = aes_inv_sbox[state->v8[4]];
- state->v8[8] = aes_inv_sbox[state->v8[8]];
- state->v8[12] = aes_inv_sbox[state->v8[12]];
+ /* byte substitutions and row shifts */
+ /* first row - no shift */
+ state->v8[0] = aes_inv_sbox[state->v8[0]];
+ state->v8[4] = aes_inv_sbox[state->v8[4]];
+ state->v8[8] = aes_inv_sbox[state->v8[8]];
+ state->v8[12] = aes_inv_sbox[state->v8[12]];
- /* second row - shift one left */
- tmp = aes_inv_sbox[state->v8[1]];
- state->v8[1] = aes_inv_sbox[state->v8[5]];
- state->v8[5] = aes_inv_sbox[state->v8[9]];
- state->v8[9] = aes_inv_sbox[state->v8[13]];
- state->v8[13] = tmp;
+ /* second row - shift one left */
+ tmp = aes_inv_sbox[state->v8[1]];
+ state->v8[1] = aes_inv_sbox[state->v8[5]];
+ state->v8[5] = aes_inv_sbox[state->v8[9]];
+ state->v8[9] = aes_inv_sbox[state->v8[13]];
+ state->v8[13] = tmp;
- /* third row - shift two left */
- tmp = aes_inv_sbox[state->v8[10]];
- state->v8[10] = aes_inv_sbox[state->v8[2]];
- state->v8[2] = tmp;
- tmp = aes_inv_sbox[state->v8[14]];
- state->v8[14] = aes_inv_sbox[state->v8[6]];
- state->v8[6] = tmp;
+ /* third row - shift two left */
+ tmp = aes_inv_sbox[state->v8[10]];
+ state->v8[10] = aes_inv_sbox[state->v8[2]];
+ state->v8[2] = tmp;
+ tmp = aes_inv_sbox[state->v8[14]];
+ state->v8[14] = aes_inv_sbox[state->v8[6]];
+ state->v8[6] = tmp;
- /* fourth row - shift three left */
- tmp = aes_inv_sbox[state->v8[15]];
- state->v8[15] = aes_inv_sbox[state->v8[11]];
- state->v8[11] = aes_inv_sbox[state->v8[7]];
- state->v8[7] = aes_inv_sbox[state->v8[3]];
- state->v8[3] = tmp;
+ /* fourth row - shift three left */
+ tmp = aes_inv_sbox[state->v8[15]];
+ state->v8[15] = aes_inv_sbox[state->v8[11]];
+ state->v8[11] = aes_inv_sbox[state->v8[7]];
+ state->v8[7] = aes_inv_sbox[state->v8[3]];
+ state->v8[3] = tmp;
- v128_xor_eq(state, round_key);
+ v128_xor_eq(state, round_key);
}
#endif /* CPU type */
-void
-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
+void srtp_aes_encrypt (v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key)
+{
- /* add in the subkey */
- v128_xor_eq(plaintext, &exp_key->round[0]);
+ /* add in the subkey */
+ v128_xor_eq(plaintext, &exp_key->round[0]);
- /* now do the rounds */
- aes_round(plaintext, &exp_key->round[1]);
- aes_round(plaintext, &exp_key->round[2]);
- aes_round(plaintext, &exp_key->round[3]);
- aes_round(plaintext, &exp_key->round[4]);
- aes_round(plaintext, &exp_key->round[5]);
- aes_round(plaintext, &exp_key->round[6]);
- aes_round(plaintext, &exp_key->round[7]);
- aes_round(plaintext, &exp_key->round[8]);
- aes_round(plaintext, &exp_key->round[9]);
- if (exp_key->num_rounds == 10) {
- aes_final_round(plaintext, &exp_key->round[10]);
- }
- else if (exp_key->num_rounds == 12) {
- aes_round(plaintext, &exp_key->round[10]);
- aes_round(plaintext, &exp_key->round[11]);
- aes_final_round(plaintext, &exp_key->round[12]);
- }
- else if (exp_key->num_rounds == 14) {
- aes_round(plaintext, &exp_key->round[10]);
- aes_round(plaintext, &exp_key->round[11]);
- aes_round(plaintext, &exp_key->round[12]);
- aes_round(plaintext, &exp_key->round[13]);
- aes_final_round(plaintext, &exp_key->round[14]);
- }
+ /* now do the rounds */
+ aes_round(plaintext, &exp_key->round[1]);
+ aes_round(plaintext, &exp_key->round[2]);
+ aes_round(plaintext, &exp_key->round[3]);
+ aes_round(plaintext, &exp_key->round[4]);
+ aes_round(plaintext, &exp_key->round[5]);
+ aes_round(plaintext, &exp_key->round[6]);
+ aes_round(plaintext, &exp_key->round[7]);
+ aes_round(plaintext, &exp_key->round[8]);
+ aes_round(plaintext, &exp_key->round[9]);
+ if (exp_key->num_rounds == 10) {
+ aes_final_round(plaintext, &exp_key->round[10]);
+ }else if (exp_key->num_rounds == 12) {
+ aes_round(plaintext, &exp_key->round[10]);
+ aes_round(plaintext, &exp_key->round[11]);
+ aes_final_round(plaintext, &exp_key->round[12]);
+ }else if (exp_key->num_rounds == 14) {
+ aes_round(plaintext, &exp_key->round[10]);
+ aes_round(plaintext, &exp_key->round[11]);
+ aes_round(plaintext, &exp_key->round[12]);
+ aes_round(plaintext, &exp_key->round[13]);
+ aes_final_round(plaintext, &exp_key->round[14]);
+ }
}
-void
-aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) {
+void srtp_aes_decrypt (v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key)
+{
- /* add in the subkey */
- v128_xor_eq(plaintext, &exp_key->round[0]);
+ /* add in the subkey */
+ v128_xor_eq(plaintext, &exp_key->round[0]);
- /* now do the rounds */
- aes_inv_round(plaintext, &exp_key->round[1]);
- aes_inv_round(plaintext, &exp_key->round[2]);
- aes_inv_round(plaintext, &exp_key->round[3]);
- aes_inv_round(plaintext, &exp_key->round[4]);
- aes_inv_round(plaintext, &exp_key->round[5]);
- aes_inv_round(plaintext, &exp_key->round[6]);
- aes_inv_round(plaintext, &exp_key->round[7]);
- aes_inv_round(plaintext, &exp_key->round[8]);
- aes_inv_round(plaintext, &exp_key->round[9]);
- if (exp_key->num_rounds == 10) {
- aes_inv_final_round(plaintext, &exp_key->round[10]);
- }
- else if (exp_key->num_rounds == 12) {
- aes_inv_round(plaintext, &exp_key->round[10]);
- aes_inv_round(plaintext, &exp_key->round[11]);
- aes_inv_final_round(plaintext, &exp_key->round[12]);
- }
- else if (exp_key->num_rounds == 14) {
- aes_inv_round(plaintext, &exp_key->round[10]);
- aes_inv_round(plaintext, &exp_key->round[11]);
- aes_inv_round(plaintext, &exp_key->round[12]);
- aes_inv_round(plaintext, &exp_key->round[13]);
- aes_inv_final_round(plaintext, &exp_key->round[14]);
- }
+ /* now do the rounds */
+ aes_inv_round(plaintext, &exp_key->round[1]);
+ aes_inv_round(plaintext, &exp_key->round[2]);
+ aes_inv_round(plaintext, &exp_key->round[3]);
+ aes_inv_round(plaintext, &exp_key->round[4]);
+ aes_inv_round(plaintext, &exp_key->round[5]);
+ aes_inv_round(plaintext, &exp_key->round[6]);
+ aes_inv_round(plaintext, &exp_key->round[7]);
+ aes_inv_round(plaintext, &exp_key->round[8]);
+ aes_inv_round(plaintext, &exp_key->round[9]);
+ if (exp_key->num_rounds == 10) {
+ aes_inv_final_round(plaintext, &exp_key->round[10]);
+ }else if (exp_key->num_rounds == 12) {
+ aes_inv_round(plaintext, &exp_key->round[10]);
+ aes_inv_round(plaintext, &exp_key->round[11]);
+ aes_inv_final_round(plaintext, &exp_key->round[12]);
+ }else if (exp_key->num_rounds == 14) {
+ aes_inv_round(plaintext, &exp_key->round[10]);
+ aes_inv_round(plaintext, &exp_key->round[11]);
+ aes_inv_round(plaintext, &exp_key->round[12]);
+ aes_inv_round(plaintext, &exp_key->round[13]);
+ aes_inv_final_round(plaintext, &exp_key->round[14]);
+ }
}
diff --git a/libs/srtp/crypto/cipher/aes_cbc.c b/libs/srtp/crypto/cipher/aes_cbc.c
deleted file mode 100644
index d57d0219d8..0000000000
--- a/libs/srtp/crypto/cipher/aes_cbc.c
+++ /dev/null
@@ -1,561 +0,0 @@
-/*
- * aes_cbc.c
- *
- * AES Cipher Block Chaining Mode
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include "aes_cbc.h"
-#include "alloc.h"
-
-debug_module_t mod_aes_cbc = {
- 0, /* debugging is off by default */
- "aes cbc" /* printable module name */
-};
-
-
-
-err_status_t
-aes_cbc_alloc(cipher_t **c, int key_len, int tlen) {
- extern cipher_type_t aes_cbc;
- uint8_t *pointer;
- int tmp;
-
- debug_print(mod_aes_cbc,
- "allocating cipher with key length %d", key_len);
-
- if (key_len != 16 && key_len != 24 && key_len != 32)
- return err_status_bad_param;
-
- /* allocate memory a cipher of type aes_cbc */
- tmp = (sizeof(aes_cbc_ctx_t) + sizeof(cipher_t));
- pointer = (uint8_t*)crypto_alloc(tmp);
- if (pointer == NULL)
- return err_status_alloc_fail;
-
- /* set pointers */
- *c = (cipher_t *)pointer;
- (*c)->type = &aes_cbc;
- (*c)->state = pointer + sizeof(cipher_t);
-
- /* increment ref_count */
- aes_cbc.ref_count++;
-
- /* set key size */
- (*c)->key_len = key_len;
-
- return err_status_ok;
-}
-
-err_status_t
-aes_cbc_dealloc(cipher_t *c) {
- extern cipher_type_t aes_cbc;
-
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t *)c,
- sizeof(aes_cbc_ctx_t) + sizeof(cipher_t));
-
- /* free memory */
- crypto_free(c);
-
- /* decrement ref_count */
- aes_cbc.ref_count--;
-
- return err_status_ok;
-}
-
-err_status_t
-aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, int key_len) {
-
- debug_print(mod_aes_cbc,
- "key: %s", octet_string_hex_string(key, key_len));
-
- /*
- * Save the key until we have the IV later. We don't
- * know the direction until the IV is set.
- */
- c->key_len = (key_len <= 32 ? key_len : 32);
- memcpy(c->key, key, c->key_len);
-
- return err_status_ok;
-}
-
-
-err_status_t
-aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv, int direction) {
- err_status_t status;
- int i;
-/* v128_t *input = iv; */
- uint8_t *input = (uint8_t*) iv;
-
- /* set state and 'previous' block to iv */
- for (i=0; i < 16; i++)
- c->previous.v8[i] = c->state.v8[i] = input[i];
-
- debug_print(mod_aes_cbc, "setting iv: %s", v128_hex_string(&c->state));
-
- /* expand key for the appropriate direction */
- switch (direction) {
- case (direction_encrypt):
- status = aes_expand_encryption_key(c->key, c->key_len, &c->expanded_key);
- memset(c->key, 0, 32);
- if (status)
- return status;
- break;
- case (direction_decrypt):
- status = aes_expand_decryption_key(c->key, c->key_len, &c->expanded_key);
- memset(c->key, 0, 32);
- if (status)
- return status;
- break;
- default:
- return err_status_bad_param;
- }
-
- return err_status_ok;
-}
-
-err_status_t
-aes_cbc_encrypt(aes_cbc_ctx_t *c,
- unsigned char *data,
- unsigned int *bytes_in_data) {
- int i;
- unsigned char *input = data; /* pointer to data being read */
- unsigned char *output = data; /* pointer to data being written */
- int bytes_to_encr = *bytes_in_data;
-
- /*
- * verify that we're 16-octet aligned
- */
- if (*bytes_in_data & 0xf)
- return err_status_bad_param;
-
- /*
- * note that we assume that the initialization vector has already
- * been set, e.g. by calling aes_cbc_set_iv()
- */
- debug_print(mod_aes_cbc, "iv: %s",
- v128_hex_string(&c->state));
-
- /*
- * loop over plaintext blocks, exoring state into plaintext then
- * encrypting and writing to output
- */
- while (bytes_to_encr > 0) {
-
- /* exor plaintext into state */
- for (i=0; i < 16; i++)
- c->state.v8[i] ^= *input++;
-
- debug_print(mod_aes_cbc, "inblock: %s",
- v128_hex_string(&c->state));
-
- aes_encrypt(&c->state, &c->expanded_key);
-
- debug_print(mod_aes_cbc, "outblock: %s",
- v128_hex_string(&c->state));
-
- /* copy ciphertext to output */
- for (i=0; i < 16; i++)
- *output++ = c->state.v8[i];
-
- bytes_to_encr -= 16;
- }
-
- return err_status_ok;
-}
-
-err_status_t
-aes_cbc_decrypt(aes_cbc_ctx_t *c,
- unsigned char *data,
- unsigned int *bytes_in_data) {
- int i;
- v128_t state, previous;
- unsigned char *input = data; /* pointer to data being read */
- unsigned char *output = data; /* pointer to data being written */
- int bytes_to_encr = *bytes_in_data;
- uint8_t tmp;
-
- /*
- * verify that we're 16-octet aligned
- */
- if (*bytes_in_data & 0x0f)
- return err_status_bad_param;
-
- /* set 'previous' block to iv*/
- for (i=0; i < 16; i++) {
- previous.v8[i] = c->previous.v8[i];
- }
-
- debug_print(mod_aes_cbc, "iv: %s",
- v128_hex_string(&previous));
-
- /*
- * loop over ciphertext blocks, decrypting then exoring with state
- * then writing plaintext to output
- */
- while (bytes_to_encr > 0) {
-
- /* set state to ciphertext input block */
- for (i=0; i < 16; i++) {
- state.v8[i] = *input++;
- }
-
- debug_print(mod_aes_cbc, "inblock: %s",
- v128_hex_string(&state));
-
- /* decrypt state */
- aes_decrypt(&state, &c->expanded_key);
-
- debug_print(mod_aes_cbc, "outblock: %s",
- v128_hex_string(&state));
-
- /*
- * exor previous ciphertext block out of plaintext, and write new
- * plaintext block to output, while copying old ciphertext block
- * to the 'previous' block
- */
- for (i=0; i < 16; i++) {
- tmp = *output;
- *output++ = state.v8[i] ^ previous.v8[i];
- previous.v8[i] = tmp;
- }
-
- bytes_to_encr -= 16;
- }
-
- return err_status_ok;
-}
-
-
-err_status_t
-aes_cbc_nist_encrypt(aes_cbc_ctx_t *c,
- unsigned char *data,
- unsigned int *bytes_in_data) {
- int i;
- unsigned char *pad_start;
- int num_pad_bytes;
- err_status_t status;
-
- /*
- * determine the number of padding bytes that we need to add -
- * this value is always between 1 and 16, inclusive.
- */
- num_pad_bytes = 16 - (*bytes_in_data & 0xf);
- pad_start = data;
- pad_start += *bytes_in_data;
- *pad_start++ = 0xa0;
- for (i=0; i < num_pad_bytes; i++)
- *pad_start++ = 0x00;
-
- /*
- * increment the data size
- */
- *bytes_in_data += num_pad_bytes;
-
- /*
- * now cbc encrypt the padded data
- */
- status = aes_cbc_encrypt(c, data, bytes_in_data);
- if (status)
- return status;
-
- return err_status_ok;
-}
-
-
-err_status_t
-aes_cbc_nist_decrypt(aes_cbc_ctx_t *c,
- unsigned char *data,
- unsigned int *bytes_in_data) {
- unsigned char *pad_end;
- int num_pad_bytes;
- err_status_t status;
-
- /*
- * cbc decrypt the padded data
- */
- status = aes_cbc_decrypt(c, data, bytes_in_data);
- if (status)
- return status;
-
- /*
- * determine the number of padding bytes in the decrypted plaintext
- * - this value is always between 1 and 16, inclusive.
- */
- num_pad_bytes = 1;
- pad_end = data + (*bytes_in_data - 1);
- while (*pad_end != 0xa0) { /* note: should check padding correctness */
- pad_end--;
- num_pad_bytes++;
- }
-
- /* decrement data size */
- *bytes_in_data -= num_pad_bytes;
-
- return err_status_ok;
-}
-
-
-char
-aes_cbc_description[] = "aes cipher block chaining (cbc) mode";
-
-/*
- * Test case 0 is derived from FIPS 197 Appendix C; it uses an
- * all-zero IV, so that the first block encryption matches the test
- * case in that appendix. This property provides a check of the base
- * AES encryption and decryption algorithms; if CBC fails on some
- * particular platform, then you should print out AES intermediate
- * data and compare with the detailed info provided in that appendix.
- *
- */
-
-
-uint8_t aes_cbc_test_case_0_key[16] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
-};
-
-uint8_t aes_cbc_test_case_0_plaintext[64] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
-};
-
-uint8_t aes_cbc_test_case_0_ciphertext[80] = {
- 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
- 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a,
- 0x03, 0x35, 0xed, 0x27, 0x67, 0xf2, 0x6d, 0xf1,
- 0x64, 0x83, 0x2e, 0x23, 0x44, 0x38, 0x70, 0x8b
-
-};
-
-uint8_t aes_cbc_test_case_0_iv[16] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
-
-
-cipher_test_case_t aes_cbc_test_case_0 = {
- 16, /* octets in key */
- aes_cbc_test_case_0_key, /* key */
- aes_cbc_test_case_0_iv, /* initialization vector */
- 16, /* octets in plaintext */
- aes_cbc_test_case_0_plaintext, /* plaintext */
- 32, /* octets in ciphertext */
- aes_cbc_test_case_0_ciphertext, /* ciphertext */
- 0,
- NULL,
- 0,
- NULL /* pointer to next testcase */
-};
-
-
-/*
- * this test case is taken directly from Appendix F.2 of NIST Special
- * Publication SP 800-38A
- */
-
-uint8_t aes_cbc_test_case_1_key[16] = {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
-};
-
-uint8_t aes_cbc_test_case_1_plaintext[64] = {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
- 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
- 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
- 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
- 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
- 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
-};
-
-uint8_t aes_cbc_test_case_1_ciphertext[80] = {
- 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
- 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
- 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
- 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2,
- 0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b,
- 0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16,
- 0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09,
- 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7,
- 0x39, 0x34, 0x07, 0x03, 0x36, 0xd0, 0x77, 0x99,
- 0xe0, 0xc4, 0x2f, 0xdd, 0xa8, 0xdf, 0x4c, 0xa3
-};
-
-uint8_t aes_cbc_test_case_1_iv[16] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
-};
-
-cipher_test_case_t aes_cbc_test_case_1 = {
- 16, /* octets in key */
- aes_cbc_test_case_1_key, /* key */
- aes_cbc_test_case_1_iv, /* initialization vector */
- 64, /* octets in plaintext */
- aes_cbc_test_case_1_plaintext, /* plaintext */
- 80, /* octets in ciphertext */
- aes_cbc_test_case_1_ciphertext, /* ciphertext */
- 0,
- NULL,
- 0,
- &aes_cbc_test_case_0 /* pointer to next testcase */
-};
-
-/*
- * Test case 2 is like test case 0, but for 256-bit keys. (FIPS 197
- * appendix C.3).
- */
-
-
-uint8_t aes_cbc_test_case_2_key[32] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
-};
-
-uint8_t aes_cbc_test_case_2_plaintext[64] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
-};
-
-uint8_t aes_cbc_test_case_2_ciphertext[80] = {
- 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
- 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89,
- 0x72, 0x72, 0x6e, 0xe7, 0x71, 0x39, 0xbf, 0x11,
- 0xe5, 0x40, 0xe2, 0x7c, 0x54, 0x65, 0x1d, 0xee
-};
-
-uint8_t aes_cbc_test_case_2_iv[16] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
-
-cipher_test_case_t aes_cbc_test_case_2 = {
- 32, /* octets in key */
- aes_cbc_test_case_2_key, /* key */
- aes_cbc_test_case_2_iv, /* initialization vector */
- 16, /* octets in plaintext */
- aes_cbc_test_case_2_plaintext, /* plaintext */
- 32, /* octets in ciphertext */
- aes_cbc_test_case_2_ciphertext, /* ciphertext */
- 0,
- NULL,
- 0,
- &aes_cbc_test_case_1 /* pointer to next testcase */
-};
-
-
-/*
- * this test case is taken directly from Appendix F.2 of NIST Special
- * Publication SP 800-38A
- */
-
-uint8_t aes_cbc_test_case_3_key[32] = {
- 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
- 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
- 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
- 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
-};
-
-uint8_t aes_cbc_test_case_3_plaintext[64] = {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
- 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
- 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
- 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
- 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
- 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
-};
-
-uint8_t aes_cbc_test_case_3_ciphertext[80] = {
- 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
- 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
- 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
- 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
- 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf,
- 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61,
- 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
- 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b,
- 0xfb, 0x98, 0x20, 0x2c, 0x45, 0xb2, 0xe4, 0xa0,
- 0x63, 0xc4, 0x68, 0xba, 0x84, 0x39, 0x16, 0x5a
-};
-
-uint8_t aes_cbc_test_case_3_iv[16] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
-};
-
-cipher_test_case_t aes_cbc_test_case_3 = {
- 32, /* octets in key */
- aes_cbc_test_case_3_key, /* key */
- aes_cbc_test_case_3_iv, /* initialization vector */
- 64, /* octets in plaintext */
- aes_cbc_test_case_3_plaintext, /* plaintext */
- 80, /* octets in ciphertext */
- aes_cbc_test_case_3_ciphertext, /* ciphertext */
- 0,
- NULL,
- 0,
- &aes_cbc_test_case_2 /* pointer to next testcase */
-};
-
-cipher_type_t aes_cbc = {
- (cipher_alloc_func_t) aes_cbc_alloc,
- (cipher_dealloc_func_t) aes_cbc_dealloc,
- (cipher_init_func_t) aes_cbc_context_init,
- (cipher_set_aad_func_t) 0,
- (cipher_encrypt_func_t) aes_cbc_nist_encrypt,
- (cipher_decrypt_func_t) aes_cbc_nist_decrypt,
- (cipher_set_iv_func_t) aes_cbc_set_iv,
- (cipher_get_tag_func_t) 0,
- (char *) aes_cbc_description,
- (int) 0, /* instance count */
- (cipher_test_case_t *) &aes_cbc_test_case_3,
- (debug_module_t *) &mod_aes_cbc,
- (cipher_type_id_t) AES_CBC
-};
-
-
diff --git a/libs/srtp/crypto/cipher/aes_gcm_ossl.c b/libs/srtp/crypto/cipher/aes_gcm_ossl.c
index 7ce52d001d..416582aacc 100644
--- a/libs/srtp/crypto/cipher/aes_gcm_ossl.c
+++ b/libs/srtp/crypto/cipher/aes_gcm_ossl.c
@@ -10,7 +10,7 @@
/*
*
- * Copyright (c) 2013, Cisco Systems, Inc.
+ * Copyright (c) 2013-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -44,14 +44,19 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include
#include "aes_icm_ossl.h"
#include "aes_gcm_ossl.h"
#include "alloc.h"
+#include "err.h" /* for srtp_debug */
#include "crypto_types.h"
-debug_module_t mod_aes_gcm = {
+srtp_debug_module_t srtp_mod_aes_gcm = {
0, /* debugging is off by default */
"aes gcm" /* printable module name */
};
@@ -60,12 +65,12 @@ debug_module_t mod_aes_gcm = {
* The following are the global singleton instances for the
* 128-bit and 256-bit GCM ciphers.
*/
-extern cipher_type_t aes_gcm_128_openssl;
-extern cipher_type_t aes_gcm_256_openssl;
+extern const srtp_cipher_type_t srtp_aes_gcm_128_openssl;
+extern const srtp_cipher_type_t srtp_aes_gcm_256_openssl;
/*
* For now we only support 8 and 16 octet tags. The spec allows for
- * optional 12 byte tag, which may be supported in the future.
+ * optional 12 byte tag, which may be supported in the future.
*/
#define GCM_AUTH_TAG_LEN 16
#define GCM_AUTH_TAG_LEN_8 8
@@ -74,101 +79,98 @@ extern cipher_type_t aes_gcm_256_openssl;
/*
* This function allocates a new instance of this crypto engine.
* The key_len parameter should be one of 28 or 44 for
- * AES-128-GCM or AES-256-GCM respectively. Note that the
+ * AES-128-GCM or AES-256-GCM respectively. Note that the
* key length includes the 14 byte salt value that is used when
* initializing the KDF.
*/
-err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)
+static srtp_err_status_t srtp_aes_gcm_openssl_alloc (srtp_cipher_t **c, int key_len, int tlen)
{
- aes_gcm_ctx_t *gcm;
- int tmp;
- uint8_t *allptr;
+ srtp_aes_gcm_ctx_t *gcm;
- debug_print(mod_aes_gcm, "allocating cipher with key length %d", key_len);
- debug_print(mod_aes_gcm, "allocating cipher with tag length %d", tlen);
+ debug_print(srtp_mod_aes_gcm, "allocating cipher with key length %d", key_len);
+ debug_print(srtp_mod_aes_gcm, "allocating cipher with tag length %d", tlen);
/*
* Verify the key_len is valid for one of: AES-128/256
*/
- if (key_len != AES_128_GCM_KEYSIZE_WSALT &&
- key_len != AES_256_GCM_KEYSIZE_WSALT) {
- return (err_status_bad_param);
+ if (key_len != SRTP_AES_GCM_128_KEY_LEN_WSALT &&
+ key_len != SRTP_AES_GCM_256_KEY_LEN_WSALT) {
+ return (srtp_err_status_bad_param);
}
if (tlen != GCM_AUTH_TAG_LEN &&
- tlen != GCM_AUTH_TAG_LEN_8) {
- return (err_status_bad_param);
+ tlen != GCM_AUTH_TAG_LEN_8) {
+ return (srtp_err_status_bad_param);
}
/* allocate memory a cipher of type aes_gcm */
- tmp = sizeof(cipher_t) + sizeof(aes_gcm_ctx_t);
- allptr = crypto_alloc(tmp);
- if (allptr == NULL) {
- return (err_status_alloc_fail);
+ *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
+ if (*c == NULL) {
+ return (srtp_err_status_alloc_fail);
+ }
+ memset(*c, 0x0, sizeof(srtp_cipher_t));
+
+ gcm = (srtp_aes_gcm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_gcm_ctx_t));
+ if (gcm == NULL) {
+ srtp_crypto_free(*c);
+ *c = NULL;
+ return (srtp_err_status_alloc_fail);
+ }
+ memset(gcm, 0x0, sizeof(srtp_aes_gcm_ctx_t));
+
+ gcm->ctx = EVP_CIPHER_CTX_new();
+ if (gcm->ctx == NULL) {
+ srtp_crypto_free(gcm);
+ srtp_crypto_free(*c);
+ *c = NULL;
+ return srtp_err_status_alloc_fail;
}
/* set pointers */
- *c = (cipher_t*)allptr;
- (*c)->state = allptr + sizeof(cipher_t);
- gcm = (aes_gcm_ctx_t *)(*c)->state;
+ (*c)->state = gcm;
- /* increment ref_count */
+ /* setup cipher attributes */
switch (key_len) {
- case AES_128_GCM_KEYSIZE_WSALT:
- (*c)->type = &aes_gcm_128_openssl;
- (*c)->algorithm = AES_128_GCM;
- aes_gcm_128_openssl.ref_count++;
- ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE;
- ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen;
+ case SRTP_AES_GCM_128_KEY_LEN_WSALT:
+ (*c)->type = &srtp_aes_gcm_128_openssl;
+ (*c)->algorithm = SRTP_AES_GCM_128;
+ gcm->key_size = SRTP_AES_128_KEY_LEN;
+ gcm->tag_len = tlen;
break;
- case AES_256_GCM_KEYSIZE_WSALT:
- (*c)->type = &aes_gcm_256_openssl;
- (*c)->algorithm = AES_256_GCM;
- aes_gcm_256_openssl.ref_count++;
- ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE;
- ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen;
+ case SRTP_AES_GCM_256_KEY_LEN_WSALT:
+ (*c)->type = &srtp_aes_gcm_256_openssl;
+ (*c)->algorithm = SRTP_AES_GCM_256;
+ gcm->key_size = SRTP_AES_256_KEY_LEN;
+ gcm->tag_len = tlen;
break;
}
/* set key size */
(*c)->key_len = key_len;
- EVP_CIPHER_CTX_init(&gcm->ctx);
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
/*
- * This function deallocates a GCM session
+ * This function deallocates a GCM session
*/
-err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
+static srtp_err_status_t srtp_aes_gcm_openssl_dealloc (srtp_cipher_t *c)
{
- aes_gcm_ctx_t *ctx;
+ srtp_aes_gcm_ctx_t *ctx;
- ctx = (aes_gcm_ctx_t*)c->state;
+ ctx = (srtp_aes_gcm_ctx_t*)c->state;
if (ctx) {
- EVP_CIPHER_CTX_cleanup(&ctx->ctx);
- /* decrement ref_count for the appropriate engine */
- switch (ctx->key_size) {
- case AES_256_KEYSIZE:
- aes_gcm_256_openssl.ref_count--;
- break;
- case AES_128_KEYSIZE:
- aes_gcm_128_openssl.ref_count--;
- break;
- default:
- return (err_status_dealloc_fail);
- break;
- }
+ EVP_CIPHER_CTX_free(ctx->ctx);
+ /* zeroize the key material */
+ octet_string_set_to_zero(ctx, sizeof(srtp_aes_gcm_ctx_t));
+ srtp_crypto_free(ctx);
}
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t*)c, sizeof(cipher_t) + sizeof(aes_gcm_ctx_t));
-
/* free memory */
- crypto_free(c);
+ srtp_crypto_free(c);
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
/*
@@ -177,25 +179,32 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
*
* the key is the secret key
*/
-err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key)
+static srtp_err_status_t srtp_aes_gcm_openssl_context_init (void* cv, const uint8_t *key)
{
- c->dir = direction_any;
+ srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+ const EVP_CIPHER *evp;
- /* copy key to be used later when CiscoSSL crypto context is created */
- v128_copy_octet_string((v128_t*)&c->key, key);
+ c->dir = srtp_direction_any;
- if (c->key_size == AES_256_KEYSIZE) {
- debug_print(mod_aes_gcm, "Copying last 16 bytes of key: %s",
- v128_hex_string((v128_t*)(key + AES_128_KEYSIZE)));
- v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1,
- key + AES_128_KEYSIZE);
+ debug_print(srtp_mod_aes_gcm, "key: %s", srtp_octet_string_hex_string(key, c->key_size));
+
+ switch (c->key_size) {
+ case SRTP_AES_256_KEY_LEN:
+ evp = EVP_aes_256_gcm();
+ break;
+ case SRTP_AES_128_KEY_LEN:
+ evp = EVP_aes_128_gcm();
+ break;
+ default:
+ return (srtp_err_status_bad_param);
+ break;
}
- debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key));
+ if (!EVP_CipherInit_ex(c->ctx, evp, NULL, key, NULL, 0)) {
+ return (srtp_err_status_init_fail);
+ }
- EVP_CIPHER_CTX_cleanup(&c->ctx);
-
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
@@ -203,48 +212,34 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key)
* aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with
* the offset
*/
-err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv,
- int direction)
+static srtp_err_status_t srtp_aes_gcm_openssl_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t direction)
{
- const EVP_CIPHER *evp;
- v128_t *nonce = iv;
+ srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
- if (direction != direction_encrypt && direction != direction_decrypt) {
- return (err_status_bad_param);
+ if (direction != srtp_direction_encrypt && direction != srtp_direction_decrypt) {
+ return (srtp_err_status_bad_param);
}
c->dir = direction;
- debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(nonce));
+ debug_print(srtp_mod_aes_gcm, "setting iv: %s", v128_hex_string((v128_t*)iv));
- switch (c->key_size) {
- case AES_256_KEYSIZE:
- evp = EVP_aes_256_gcm();
- break;
- case AES_128_KEYSIZE:
- evp = EVP_aes_128_gcm();
- break;
- default:
- return (err_status_bad_param);
- break;
- }
-
- if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
- NULL, (c->dir == direction_encrypt ? 1 : 0))) {
- return (err_status_init_fail);
+ if (!EVP_CipherInit_ex(c->ctx, NULL, NULL, NULL,
+ NULL, (c->dir == srtp_direction_encrypt ? 1 : 0))) {
+ return (srtp_err_status_init_fail);
}
/* set IV len and the IV value, the followiong 3 calls are required */
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
- return (err_status_init_fail);
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
+ return (srtp_err_status_init_fail);
}
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
- return (err_status_init_fail);
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, (void*)iv)) {
+ return (srtp_err_status_init_fail);
}
- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
- return (err_status_init_fail);
+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, (void*)iv)) {
+ return (srtp_err_status_init_fail);
}
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
/*
@@ -255,22 +250,31 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv,
* aad Additional data to process for AEAD cipher suites
* aad_len length of aad buffer
*/
-err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad,
- unsigned int aad_len)
+static srtp_err_status_t srtp_aes_gcm_openssl_set_aad (void *cv, const uint8_t *aad, uint32_t aad_len)
{
+ srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
int rv;
/*
* Set dummy tag, OpenSSL requires the Tag to be set before
* processing AAD
*/
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad);
- rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len);
+ /*
+ * OpenSSL never write to address pointed by the last parameter of
+ * EVP_CIPHER_CTX_ctrl while EVP_CTRL_GCM_SET_TAG (in reality,
+ * OpenSSL copy its content to the context), so we can make
+ * aad read-only in this function and all its wrappers.
+ */
+ unsigned char dummy_tag[GCM_AUTH_TAG_LEN];
+ memset(dummy_tag, 0x0, GCM_AUTH_TAG_LEN);
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, &dummy_tag);
+
+ rv = EVP_Cipher(c->ctx, NULL, aad, aad_len);
if (rv != aad_len) {
- return (err_status_algo_fail);
+ return (srtp_err_status_algo_fail);
} else {
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
}
@@ -282,24 +286,24 @@ err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad,
* buf data to encrypt
* enc_len length of encrypt buffer
*/
-err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf,
- unsigned int *enc_len)
+static srtp_err_status_t srtp_aes_gcm_openssl_encrypt (void *cv, unsigned char *buf, unsigned int *enc_len)
{
- if (c->dir != direction_encrypt && c->dir != direction_decrypt) {
- return (err_status_bad_param);
+ srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+ if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) {
+ return (srtp_err_status_bad_param);
}
/*
* Encrypt the data
*/
- EVP_Cipher(&c->ctx, buf, buf, *enc_len);
+ EVP_Cipher(c->ctx, buf, buf, *enc_len);
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
/*
* This function calculates and returns the GCM tag for a given context.
- * This should be called after encrypting the data. The *len value
+ * This should be called after encrypting the data. The *len value
* is increased by the tag size. The caller must ensure that *buf has
* enough room to accept the appended tag.
*
@@ -308,25 +312,25 @@ err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf,
* buf data to encrypt
* len length of encrypt buffer
*/
-err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf,
- int *len)
+static srtp_err_status_t srtp_aes_gcm_openssl_get_tag (void *cv, uint8_t *buf, uint32_t *len)
{
+ srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
/*
* Calculate the tag
*/
- EVP_Cipher(&c->ctx, NULL, NULL, 0);
+ EVP_Cipher(c->ctx, NULL, NULL, 0);
/*
* Retreive the tag
*/
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf);
/*
* Increase encryption length by desired tag size
*/
*len = c->tag_len;
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
@@ -338,25 +342,25 @@ err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf,
* buf data to encrypt
* enc_len length of encrypt buffer
*/
-err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf,
- unsigned int *enc_len)
+static srtp_err_status_t srtp_aes_gcm_openssl_decrypt (void *cv, unsigned char *buf, unsigned int *enc_len)
{
- if (c->dir != direction_encrypt && c->dir != direction_decrypt) {
- return (err_status_bad_param);
+ srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv;
+ if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) {
+ return (srtp_err_status_bad_param);
}
/*
* Set the tag before decrypting
*/
- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
- buf + (*enc_len - c->tag_len));
- EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len);
+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len,
+ buf + (*enc_len - c->tag_len));
+ EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len);
/*
* Check the tag
*/
- if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) {
- return (err_status_auth_fail);
+ if (EVP_Cipher(c->ctx, NULL, NULL, 0)) {
+ return (srtp_err_status_auth_fail);
}
/*
@@ -365,7 +369,7 @@ err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf,
*/
*enc_len -= c->tag_len;
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
@@ -373,28 +377,28 @@ err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf,
/*
* Name of this crypto engine
*/
-char aes_gcm_128_openssl_description[] = "AES-128 GCM using openssl";
-char aes_gcm_256_openssl_description[] = "AES-256 GCM using openssl";
+static const char srtp_aes_gcm_128_openssl_description[] = "AES-128 GCM using openssl";
+static const char srtp_aes_gcm_256_openssl_description[] = "AES-256 GCM using openssl";
/*
* KAT values for AES self-test. These
- * values we're derived from independent test code
+ * values we're derived from independent test code
* using OpenSSL.
*/
-uint8_t aes_gcm_test_case_0_key[AES_128_GCM_KEYSIZE_WSALT] = {
+static const uint8_t srtp_aes_gcm_test_case_0_key[SRTP_AES_GCM_128_KEY_LEN_WSALT] = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x09, 0x0a, 0x0b, 0x0c,
+ 0x09, 0x0a, 0x0b, 0x0c,
};
-uint8_t aes_gcm_test_case_0_iv[12] = {
- 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+static uint8_t srtp_aes_gcm_test_case_0_iv[12] = {
+ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
-uint8_t aes_gcm_test_case_0_plaintext[60] = {
+static const uint8_t srtp_aes_gcm_test_case_0_plaintext[60] = {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
@@ -405,13 +409,13 @@ uint8_t aes_gcm_test_case_0_plaintext[60] = {
0xba, 0x63, 0x7b, 0x39
};
-uint8_t aes_gcm_test_case_0_aad[20] = {
+static const uint8_t srtp_aes_gcm_test_case_0_aad[20] = {
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
-uint8_t aes_gcm_test_case_0_ciphertext[76] = {
+static const uint8_t srtp_aes_gcm_test_case_0_ciphertext[76] = {
0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
@@ -425,50 +429,50 @@ uint8_t aes_gcm_test_case_0_ciphertext[76] = {
0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47,
};
-cipher_test_case_t aes_gcm_test_case_0a = {
- AES_128_GCM_KEYSIZE_WSALT, /* octets in key */
- aes_gcm_test_case_0_key, /* key */
- aes_gcm_test_case_0_iv, /* packet index */
- 60, /* octets in plaintext */
- aes_gcm_test_case_0_plaintext, /* plaintext */
- 68, /* octets in ciphertext */
- aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
- 20, /* octets in AAD */
- aes_gcm_test_case_0_aad, /* AAD */
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0a = {
+ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_gcm_test_case_0_key, /* key */
+ srtp_aes_gcm_test_case_0_iv, /* packet index */
+ 60, /* octets in plaintext */
+ srtp_aes_gcm_test_case_0_plaintext, /* plaintext */
+ 68, /* octets in ciphertext */
+ srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
+ 20, /* octets in AAD */
+ srtp_aes_gcm_test_case_0_aad, /* AAD */
GCM_AUTH_TAG_LEN_8,
- NULL /* pointer to next testcase */
+ NULL /* pointer to next testcase */
};
-cipher_test_case_t aes_gcm_test_case_0 = {
- AES_128_GCM_KEYSIZE_WSALT, /* octets in key */
- aes_gcm_test_case_0_key, /* key */
- aes_gcm_test_case_0_iv, /* packet index */
- 60, /* octets in plaintext */
- aes_gcm_test_case_0_plaintext, /* plaintext */
- 76, /* octets in ciphertext */
- aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
- 20, /* octets in AAD */
- aes_gcm_test_case_0_aad, /* AAD */
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0 = {
+ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_gcm_test_case_0_key, /* key */
+ srtp_aes_gcm_test_case_0_iv, /* packet index */
+ 60, /* octets in plaintext */
+ srtp_aes_gcm_test_case_0_plaintext, /* plaintext */
+ 76, /* octets in ciphertext */
+ srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */
+ 20, /* octets in AAD */
+ srtp_aes_gcm_test_case_0_aad, /* AAD */
GCM_AUTH_TAG_LEN,
- &aes_gcm_test_case_0a /* pointer to next testcase */
+ &srtp_aes_gcm_test_case_0a /* pointer to next testcase */
};
-uint8_t aes_gcm_test_case_1_key[AES_256_GCM_KEYSIZE_WSALT] = {
+static const uint8_t srtp_aes_gcm_test_case_1_key[SRTP_AES_GCM_256_KEY_LEN_WSALT] = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c,
- 0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2,
+ 0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x09, 0x0a, 0x0b, 0x0c,
+ 0x09, 0x0a, 0x0b, 0x0c,
};
-uint8_t aes_gcm_test_case_1_iv[12] = {
- 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+static uint8_t srtp_aes_gcm_test_case_1_iv[12] = {
+ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
-uint8_t aes_gcm_test_case_1_plaintext[60] = {
+static const uint8_t srtp_aes_gcm_test_case_1_plaintext[60] = {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
@@ -479,89 +483,85 @@ uint8_t aes_gcm_test_case_1_plaintext[60] = {
0xba, 0x63, 0x7b, 0x39
};
-uint8_t aes_gcm_test_case_1_aad[20] = {
+static const uint8_t srtp_aes_gcm_test_case_1_aad[20] = {
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
-uint8_t aes_gcm_test_case_1_ciphertext[76] = {
- 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46,
- 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a,
- 0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86,
- 0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a,
- 0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9,
- 0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80,
- 0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10,
- 0x09, 0xc9, 0x86, 0xc1,
+static const uint8_t srtp_aes_gcm_test_case_1_ciphertext[76] = {
+ 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46,
+ 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a,
+ 0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86,
+ 0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a,
+ 0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9,
+ 0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80,
+ 0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10,
+ 0x09, 0xc9, 0x86, 0xc1,
/* the last 16 bytes are the tag */
- 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f,
+ 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f,
0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d,
};
-cipher_test_case_t aes_gcm_test_case_1a = {
- AES_256_GCM_KEYSIZE_WSALT, /* octets in key */
- aes_gcm_test_case_1_key, /* key */
- aes_gcm_test_case_1_iv, /* packet index */
- 60, /* octets in plaintext */
- aes_gcm_test_case_1_plaintext, /* plaintext */
- 68, /* octets in ciphertext */
- aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
- 20, /* octets in AAD */
- aes_gcm_test_case_1_aad, /* AAD */
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1a = {
+ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_gcm_test_case_1_key, /* key */
+ srtp_aes_gcm_test_case_1_iv, /* packet index */
+ 60, /* octets in plaintext */
+ srtp_aes_gcm_test_case_1_plaintext, /* plaintext */
+ 68, /* octets in ciphertext */
+ srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
+ 20, /* octets in AAD */
+ srtp_aes_gcm_test_case_1_aad, /* AAD */
GCM_AUTH_TAG_LEN_8,
- NULL /* pointer to next testcase */
+ NULL /* pointer to next testcase */
};
-cipher_test_case_t aes_gcm_test_case_1 = {
- AES_256_GCM_KEYSIZE_WSALT, /* octets in key */
- aes_gcm_test_case_1_key, /* key */
- aes_gcm_test_case_1_iv, /* packet index */
- 60, /* octets in plaintext */
- aes_gcm_test_case_1_plaintext, /* plaintext */
- 76, /* octets in ciphertext */
- aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
- 20, /* octets in AAD */
- aes_gcm_test_case_1_aad, /* AAD */
+static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1 = {
+ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_gcm_test_case_1_key, /* key */
+ srtp_aes_gcm_test_case_1_iv, /* packet index */
+ 60, /* octets in plaintext */
+ srtp_aes_gcm_test_case_1_plaintext, /* plaintext */
+ 76, /* octets in ciphertext */
+ srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */
+ 20, /* octets in AAD */
+ srtp_aes_gcm_test_case_1_aad, /* AAD */
GCM_AUTH_TAG_LEN,
- &aes_gcm_test_case_1a /* pointer to next testcase */
+ &srtp_aes_gcm_test_case_1a /* pointer to next testcase */
};
/*
* This is the vector function table for this crypto engine.
*/
-cipher_type_t aes_gcm_128_openssl = {
- (cipher_alloc_func_t) aes_gcm_openssl_alloc,
- (cipher_dealloc_func_t) aes_gcm_openssl_dealloc,
- (cipher_init_func_t) aes_gcm_openssl_context_init,
- (cipher_set_aad_func_t) aes_gcm_openssl_set_aad,
- (cipher_encrypt_func_t) aes_gcm_openssl_encrypt,
- (cipher_decrypt_func_t) aes_gcm_openssl_decrypt,
- (cipher_set_iv_func_t) aes_gcm_openssl_set_iv,
- (cipher_get_tag_func_t) aes_gcm_openssl_get_tag,
- (char*) aes_gcm_128_openssl_description,
- (int) 0, /* instance count */
- (cipher_test_case_t*) &aes_gcm_test_case_0,
- (debug_module_t*) &mod_aes_gcm,
- (cipher_type_id_t) AES_128_GCM
+const srtp_cipher_type_t srtp_aes_gcm_128_openssl = {
+ srtp_aes_gcm_openssl_alloc,
+ srtp_aes_gcm_openssl_dealloc,
+ srtp_aes_gcm_openssl_context_init,
+ srtp_aes_gcm_openssl_set_aad,
+ srtp_aes_gcm_openssl_encrypt,
+ srtp_aes_gcm_openssl_decrypt,
+ srtp_aes_gcm_openssl_set_iv,
+ srtp_aes_gcm_openssl_get_tag,
+ srtp_aes_gcm_128_openssl_description,
+ &srtp_aes_gcm_test_case_0,
+ SRTP_AES_GCM_128
};
/*
* This is the vector function table for this crypto engine.
*/
-cipher_type_t aes_gcm_256_openssl = {
- (cipher_alloc_func_t) aes_gcm_openssl_alloc,
- (cipher_dealloc_func_t) aes_gcm_openssl_dealloc,
- (cipher_init_func_t) aes_gcm_openssl_context_init,
- (cipher_set_aad_func_t) aes_gcm_openssl_set_aad,
- (cipher_encrypt_func_t) aes_gcm_openssl_encrypt,
- (cipher_decrypt_func_t) aes_gcm_openssl_decrypt,
- (cipher_set_iv_func_t) aes_gcm_openssl_set_iv,
- (cipher_get_tag_func_t) aes_gcm_openssl_get_tag,
- (char*) aes_gcm_256_openssl_description,
- (int) 0, /* instance count */
- (cipher_test_case_t*) &aes_gcm_test_case_1,
- (debug_module_t*) &mod_aes_gcm,
- (cipher_type_id_t) AES_256_GCM
+const srtp_cipher_type_t srtp_aes_gcm_256_openssl = {
+ srtp_aes_gcm_openssl_alloc,
+ srtp_aes_gcm_openssl_dealloc,
+ srtp_aes_gcm_openssl_context_init,
+ srtp_aes_gcm_openssl_set_aad,
+ srtp_aes_gcm_openssl_encrypt,
+ srtp_aes_gcm_openssl_decrypt,
+ srtp_aes_gcm_openssl_set_iv,
+ srtp_aes_gcm_openssl_get_tag,
+ srtp_aes_gcm_256_openssl_description,
+ &srtp_aes_gcm_test_case_1,
+ SRTP_AES_GCM_256
};
diff --git a/libs/srtp/crypto/cipher/aes_icm.c b/libs/srtp/crypto/cipher/aes_icm.c
index cda56a8ddc..6901213bad 100644
--- a/libs/srtp/crypto/cipher/aes_icm.c
+++ b/libs/srtp/crypto/cipher/aes_icm.c
@@ -8,26 +8,26 @@
*/
/*
- *
- * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -43,6 +43,9 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
#define ALIGN_32 0
@@ -50,17 +53,19 @@
#include "alloc.h"
-debug_module_t mod_aes_icm = {
- 0, /* debugging is off by default */
- "aes icm" /* printable module name */
+srtp_debug_module_t srtp_mod_aes_icm = {
+ 0, /* debugging is off by default */
+ "aes icm" /* printable module name */
};
+extern const srtp_cipher_type_t srtp_aes_icm_128;
+extern const srtp_cipher_type_t srtp_aes_icm_256;
/*
* integer counter mode works as follows:
*
* 16 bits
* <----->
- * +------+------+------+------+------+------+------+------+
+ * +------+------+------+------+------+------+------+------+
* | nonce | pakcet index | ctr |---+
* +------+------+------+------+------+------+------+------+ |
* |
@@ -71,16 +76,16 @@ debug_module_t mod_aes_icm = {
* +---------+
* | encrypt |
* +---------+
- * |
+ * |
* +------+------+------+------+------+------+------+------+ |
- * | keystream block |<--+
- * +------+------+------+------+------+------+------+------+
+ * | keystream block |<--+
+ * +------+------+------+------+------+------+------+------+
*
* All fields are big-endian
*
* ctr is the block counter, which increments from zero for
* each packet (16 bits wide)
- *
+ *
* packet index is distinct for each packet (48 bits wide)
*
* nonce can be distinct across many uses of the same key, or
@@ -89,77 +94,77 @@ debug_module_t mod_aes_icm = {
*
*/
-err_status_t
-aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int forIsmacryp) {
- extern cipher_type_t aes_icm;
- uint8_t *pointer;
- int tmp;
+static srtp_err_status_t srtp_aes_icm_alloc (srtp_cipher_t **c, int key_len, int tlen)
+{
+ srtp_aes_icm_ctx_t *icm;
- debug_print(mod_aes_icm,
- "allocating cipher with key length %d", key_len);
+ debug_print(srtp_mod_aes_icm,
+ "allocating cipher with key length %d", key_len);
- /*
- * Ismacryp, for example, uses 16 byte key + 8 byte
- * salt so this function is called with key_len = 24.
- * The check for key_len = 30/38/46 does not apply. Our usage
- * of aes functions with key_len = values other than 30
- * has not broken anything. Don't know what would be the
- * effect of skipping this check for srtp in general.
- */
- if (!(forIsmacryp && key_len > 16 && key_len < 30) &&
- key_len != 30 && key_len != 38 && key_len != 46)
- return err_status_bad_param;
+ /*
+ * The check for key_len = 30/46 does not apply. Our usage
+ * of aes functions with key_len = values other than 30
+ * has not broken anything. Don't know what would be the
+ * effect of skipping this check for srtp in general.
+ */
+ if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT && key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) {
+ return srtp_err_status_bad_param;
+ }
- /* allocate memory a cipher of type aes_icm */
- tmp = (sizeof(aes_icm_ctx_t) + sizeof(cipher_t));
- pointer = (uint8_t*)crypto_alloc(tmp);
- if (pointer == NULL)
- return err_status_alloc_fail;
+ /* allocate memory a cipher of type aes_icm */
+ *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
+ if (*c == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+ memset(*c, 0x0, sizeof(srtp_cipher_t));
- /* set pointers */
- *c = (cipher_t *)pointer;
- switch (key_len) {
- case 46:
- (*c)->algorithm = AES_256_ICM;
- break;
- case 38:
- (*c)->algorithm = AES_192_ICM;
- break;
- default:
- (*c)->algorithm = AES_128_ICM;
- break;
- }
- (*c)->type = &aes_icm;
- (*c)->state = pointer + sizeof(cipher_t);
+ icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t));
+ if (icm == NULL) {
+ srtp_crypto_free(*c);
+ return srtp_err_status_alloc_fail;
+ }
+ memset(icm, 0x0, sizeof(srtp_aes_icm_ctx_t));
- /* increment ref_count */
- aes_icm.ref_count++;
+ /* set pointers */
+ (*c)->state = icm;
- /* set key size */
- (*c)->key_len = key_len;
+ switch (key_len) {
+ case SRTP_AES_ICM_256_KEY_LEN_WSALT:
+ (*c)->algorithm = SRTP_AES_ICM_256;
+ (*c)->type = &srtp_aes_icm_256;
+ break;
+ default:
+ (*c)->algorithm = SRTP_AES_ICM_128;
+ (*c)->type = &srtp_aes_icm_128;
+ break;
+ }
- return err_status_ok;
+ /* set key size */
+ icm->key_size = key_len;
+ (*c)->key_len = key_len;
+
+ return srtp_err_status_ok;
}
-err_status_t aes_icm_alloc(cipher_t **c, int key_len, int forIsmacryp) {
- return aes_icm_alloc_ismacryp(c, key_len, 0);
-}
+static srtp_err_status_t srtp_aes_icm_dealloc (srtp_cipher_t *c)
+{
+ srtp_aes_icm_ctx_t *ctx;
-err_status_t
-aes_icm_dealloc(cipher_t *c) {
- extern cipher_type_t aes_icm;
+ if (c == NULL) {
+ return srtp_err_status_bad_param;
+ }
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t *)c,
- sizeof(aes_icm_ctx_t) + sizeof(cipher_t));
+ ctx = (srtp_aes_icm_ctx_t *)c->state;
+ if (ctx) {
+ /* zeroize the key material */
+ octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t));
+ srtp_crypto_free(ctx);
+ }
- /* free memory */
- crypto_free(c);
+ /* free the cipher context */
+ srtp_crypto_free(c);
- /* decrement ref_count */
- aes_icm.ref_count--;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -167,114 +172,57 @@ aes_icm_dealloc(cipher_t *c) {
* aes_icm_context_init(...) initializes the aes_icm_context
* using the value in key[].
*
- * the key is the secret key
+ * the key is the secret key
*
* the salt is unpredictable (but not necessarily secret) data which
* randomizes the starting point in the keystream
*/
-err_status_t
-aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key, int key_len) {
- err_status_t status;
- int base_key_len, copy_len;
+static srtp_err_status_t srtp_aes_icm_context_init (void *cv, const uint8_t *key)
+{
+ srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
+ srtp_err_status_t status;
+ int base_key_len, copy_len;
- if (key_len > 16 && key_len < 30) /* Ismacryp */
- base_key_len = 16;
- else if (key_len == 30 || key_len == 38 || key_len == 46)
- base_key_len = key_len - 14;
- else
- return err_status_bad_param;
+ if (c->key_size == SRTP_AES_ICM_128_KEY_LEN_WSALT || c->key_size == SRTP_AES_ICM_256_KEY_LEN_WSALT) {
+ base_key_len = c->key_size - SRTP_SALT_LEN;
+ } else{
+ return srtp_err_status_bad_param;
+ }
- /*
- * set counter and initial values to 'offset' value, being careful not to
- * go past the end of the key buffer
- */
- v128_set_to_zero(&c->counter);
- v128_set_to_zero(&c->offset);
-
- copy_len = key_len - base_key_len;
- /* force last two octets of the offset to be left zero (for srtp compatibility) */
- if (copy_len > 14)
- copy_len = 14;
-
- memcpy(&c->counter, key + base_key_len, copy_len);
- memcpy(&c->offset, key + base_key_len, copy_len);
-
- debug_print(mod_aes_icm,
- "key: %s", octet_string_hex_string(key, base_key_len));
- debug_print(mod_aes_icm,
- "offset: %s", v128_hex_string(&c->offset));
-
- /* expand key */
- status = aes_expand_encryption_key(key, base_key_len, &c->expanded_key);
- if (status) {
+ /*
+ * set counter and initial values to 'offset' value, being careful not to
+ * go past the end of the key buffer
+ */
v128_set_to_zero(&c->counter);
v128_set_to_zero(&c->offset);
- return status;
- }
- /* indicate that the keystream_buffer is empty */
- c->bytes_in_buffer = 0;
+ copy_len = c->key_size - base_key_len;
+ /* force last two octets of the offset to be left zero (for srtp compatibility) */
+ if (copy_len > SRTP_SALT_LEN) {
+ copy_len = SRTP_SALT_LEN;
+ }
- return err_status_ok;
-}
+ memcpy(&c->counter, key + base_key_len, copy_len);
+ memcpy(&c->offset, key + base_key_len, copy_len);
-/*
- * aes_icm_set_octet(c, i) sets the counter of the context which it is
- * passed so that the next octet of keystream that will be generated
- * is the ith octet
- */
+ debug_print(srtp_mod_aes_icm,
+ "key: %s", srtp_octet_string_hex_string(key, base_key_len));
+ debug_print(srtp_mod_aes_icm,
+ "offset: %s", v128_hex_string(&c->offset));
-err_status_t
-aes_icm_set_octet(aes_icm_ctx_t *c,
- uint64_t octet_num) {
+ /* expand key */
+ status = srtp_aes_expand_encryption_key(key, base_key_len, &c->expanded_key);
+ if (status) {
+ v128_set_to_zero(&c->counter);
+ v128_set_to_zero(&c->offset);
+ return status;
+ }
-#ifdef NO_64BIT_MATH
- int tail_num = low32(octet_num) & 0x0f;
- /* 64-bit right-shift 4 */
- uint64_t block_num = make64(high32(octet_num) >> 4,
- ((high32(octet_num) & 0x0f)<<(32-4)) |
- (low32(octet_num) >> 4));
-#else
- int tail_num = (int)(octet_num % 16);
- uint64_t block_num = octet_num / 16;
-#endif
-
-
- /* set counter value */
- /* FIX - There's no way this is correct */
- c->counter.v64[0] = c->offset.v64[0];
-#ifdef NO_64BIT_MATH
- c->counter.v64[0] = make64(high32(c->offset.v64[0]) ^ high32(block_num),
- low32(c->offset.v64[0]) ^ low32(block_num));
-#else
- c->counter.v64[0] = c->offset.v64[0] ^ block_num;
-#endif
-
- debug_print(mod_aes_icm,
- "set_octet: %s", v128_hex_string(&c->counter));
-
- /* fill keystream buffer, if needed */
- if (tail_num) {
- v128_copy(&c->keystream_buffer, &c->counter);
- aes_encrypt(&c->keystream_buffer, &c->expanded_key);
- c->bytes_in_buffer = sizeof(v128_t);
-
- debug_print(mod_aes_icm, "counter: %s",
- v128_hex_string(&c->counter));
- debug_print(mod_aes_icm, "ciphertext: %s",
- v128_hex_string(&c->keystream_buffer));
-
- /* indicate number of bytes in keystream_buffer */
- c->bytes_in_buffer = sizeof(v128_t) - tail_num;
-
- } else {
-
- /* indicate that keystream_buffer is empty */
+ /* indicate that the keystream_buffer is empty */
c->bytes_in_buffer = 0;
- }
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -282,25 +230,26 @@ aes_icm_set_octet(aes_icm_ctx_t *c,
* the offset
*/
-err_status_t
-aes_icm_set_iv(aes_icm_ctx_t *c, void *iv, int direction) {
- v128_t nonce;
+static srtp_err_status_t srtp_aes_icm_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t direction)
+{
+ srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
+ v128_t nonce;
- /* set nonce (for alignment) */
- v128_copy_octet_string(&nonce, iv);
+ /* set nonce (for alignment) */
+ v128_copy_octet_string(&nonce, iv);
- debug_print(mod_aes_icm,
- "setting iv: %s", v128_hex_string(&nonce));
-
- v128_xor(&c->counter, &c->offset, &nonce);
-
- debug_print(mod_aes_icm,
- "set_counter: %s", v128_hex_string(&c->counter));
+ debug_print(srtp_mod_aes_icm,
+ "setting iv: %s", v128_hex_string(&nonce));
- /* indicate that the keystream_buffer is empty */
- c->bytes_in_buffer = 0;
+ v128_xor(&c->counter, &c->offset, &nonce);
- return err_status_ok;
+ debug_print(srtp_mod_aes_icm,
+ "set_counter: %s", v128_hex_string(&c->counter));
+
+ /* indicate that the keystream_buffer is empty */
+ c->bytes_in_buffer = 0;
+
+ return srtp_err_status_ok;
}
@@ -311,37 +260,24 @@ aes_icm_set_iv(aes_icm_ctx_t *c, void *iv, int direction) {
*
* this is an internal, hopefully inlined function
*/
-
-static inline void
-aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) {
- /* fill buffer with new keystream */
- v128_copy(&c->keystream_buffer, &c->counter);
- aes_encrypt(&c->keystream_buffer, &c->expanded_key);
- c->bytes_in_buffer = sizeof(v128_t);
+static void srtp_aes_icm_advance (srtp_aes_icm_ctx_t *c)
+{
+ /* fill buffer with new keystream */
+ v128_copy(&c->keystream_buffer, &c->counter);
+ srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key);
+ c->bytes_in_buffer = sizeof(v128_t);
- debug_print(mod_aes_icm, "counter: %s",
- v128_hex_string(&c->counter));
- debug_print(mod_aes_icm, "ciphertext: %s",
- v128_hex_string(&c->keystream_buffer));
-
- /* clock counter forward */
+ debug_print(srtp_mod_aes_icm, "counter: %s",
+ v128_hex_string(&c->counter));
+ debug_print(srtp_mod_aes_icm, "ciphertext: %s",
+ v128_hex_string(&c->keystream_buffer));
- if (forIsmacryp) {
- uint32_t temp;
- //alex's clock counter forward
- temp = ntohl(c->counter.v32[3]);
- c->counter.v32[3] = htonl(++temp);
- } else {
- if (!++(c->counter.v8[15]))
- ++(c->counter.v8[14]);
- }
+ /* clock counter forward */
+ if (!++(c->counter.v8[15])) {
+ ++(c->counter.v8[14]);
+ }
}
-static inline void aes_icm_advance(aes_icm_ctx_t *c) {
- aes_icm_advance_ismacryp(c, 0);
-}
-
-
/*e
* icm_encrypt deals with the following cases:
*
@@ -352,221 +288,202 @@ static inline void aes_icm_advance(aes_icm_ctx_t *c) {
* - add keystream into data until keystream_buffer is depleted
* - loop over blocks, filling keystream_buffer and then
* adding keystream into data
- * - fill buffer then add in remaining (< 16) bytes of keystream
+ * - fill buffer then add in remaining (< 16) bytes of keystream
*/
-err_status_t
-aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
- unsigned char *buf, unsigned int *enc_len,
- int forIsmacryp) {
- unsigned int bytes_to_encr = *enc_len;
- unsigned int i;
- uint32_t *b;
+static srtp_err_status_t srtp_aes_icm_encrypt (void *cv,
+ unsigned char *buf, unsigned int *enc_len)
+{
+ srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t*)cv;
+ unsigned int bytes_to_encr = *enc_len;
+ unsigned int i;
+ uint32_t *b;
- /* check that there's enough segment left but not for ismacryp*/
- if (!forIsmacryp && (bytes_to_encr + htons(c->counter.v16[7])) > 0xffff)
- return err_status_terminus;
+ /* check that there's enough segment left*/
+ if ((bytes_to_encr + htons(c->counter.v16[7])) > 0xffff) {
+ return srtp_err_status_terminus;
+ }
- debug_print(mod_aes_icm, "block index: %d",
- htons(c->counter.v16[7]));
- if (bytes_to_encr <= (unsigned int)c->bytes_in_buffer) {
-
- /* deal with odd case of small bytes_to_encr */
- for (i = (sizeof(v128_t) - c->bytes_in_buffer);
- i < (sizeof(v128_t) - c->bytes_in_buffer + bytes_to_encr); i++)
- {
- *buf++ ^= c->keystream_buffer.v8[i];
- }
+ debug_print(srtp_mod_aes_icm, "block index: %d",
+ htons(c->counter.v16[7]));
+ if (bytes_to_encr <= (unsigned int)c->bytes_in_buffer) {
- c->bytes_in_buffer -= bytes_to_encr;
+ /* deal with odd case of small bytes_to_encr */
+ for (i = (sizeof(v128_t) - c->bytes_in_buffer);
+ i < (sizeof(v128_t) - c->bytes_in_buffer + bytes_to_encr); i++) {
+ *buf++ ^= c->keystream_buffer.v8[i];
+ }
- /* return now to avoid the main loop */
- return err_status_ok;
+ c->bytes_in_buffer -= bytes_to_encr;
- } else {
-
- /* encrypt bytes until the remaining data is 16-byte aligned */
- for (i=(sizeof(v128_t) - c->bytes_in_buffer); i < sizeof(v128_t); i++)
- *buf++ ^= c->keystream_buffer.v8[i];
+ /* return now to avoid the main loop */
+ return srtp_err_status_ok;
- bytes_to_encr -= c->bytes_in_buffer;
- c->bytes_in_buffer = 0;
+ } else {
- }
-
- /* now loop over entire 16-byte blocks of keystream */
- for (i=0; i < (bytes_to_encr/sizeof(v128_t)); i++) {
+ /* encrypt bytes until the remaining data is 16-byte aligned */
+ for (i = (sizeof(v128_t) - c->bytes_in_buffer); i < sizeof(v128_t); i++) {
+ *buf++ ^= c->keystream_buffer.v8[i];
+ }
- /* fill buffer with new keystream */
- aes_icm_advance_ismacryp(c, forIsmacryp);
+ bytes_to_encr -= c->bytes_in_buffer;
+ c->bytes_in_buffer = 0;
- /*
- * add keystream into the data buffer (this would be a lot faster
- * if we could assume 32-bit alignment!)
- */
+ }
+
+ /* now loop over entire 16-byte blocks of keystream */
+ for (i = 0; i < (bytes_to_encr / sizeof(v128_t)); i++) {
+
+ /* fill buffer with new keystream */
+ srtp_aes_icm_advance(c);
+
+ /*
+ * add keystream into the data buffer (this would be a lot faster
+ * if we could assume 32-bit alignment!)
+ */
#if ALIGN_32
- b = (uint32_t *)buf;
- *b++ ^= c->keystream_buffer.v32[0];
- *b++ ^= c->keystream_buffer.v32[1];
- *b++ ^= c->keystream_buffer.v32[2];
- *b++ ^= c->keystream_buffer.v32[3];
- buf = (uint8_t *)b;
-#else
- if ((((unsigned long) buf) & 0x03) != 0) {
- *buf++ ^= c->keystream_buffer.v8[0];
- *buf++ ^= c->keystream_buffer.v8[1];
- *buf++ ^= c->keystream_buffer.v8[2];
- *buf++ ^= c->keystream_buffer.v8[3];
- *buf++ ^= c->keystream_buffer.v8[4];
- *buf++ ^= c->keystream_buffer.v8[5];
- *buf++ ^= c->keystream_buffer.v8[6];
- *buf++ ^= c->keystream_buffer.v8[7];
- *buf++ ^= c->keystream_buffer.v8[8];
- *buf++ ^= c->keystream_buffer.v8[9];
- *buf++ ^= c->keystream_buffer.v8[10];
- *buf++ ^= c->keystream_buffer.v8[11];
- *buf++ ^= c->keystream_buffer.v8[12];
- *buf++ ^= c->keystream_buffer.v8[13];
- *buf++ ^= c->keystream_buffer.v8[14];
- *buf++ ^= c->keystream_buffer.v8[15];
- } else {
- b = (uint32_t *)buf;
- *b++ ^= c->keystream_buffer.v32[0];
- *b++ ^= c->keystream_buffer.v32[1];
- *b++ ^= c->keystream_buffer.v32[2];
- *b++ ^= c->keystream_buffer.v32[3];
- buf = (uint8_t *)b;
+ b = (uint32_t*)buf;
+ *b++ ^= c->keystream_buffer.v32[0];
+ *b++ ^= c->keystream_buffer.v32[1];
+ *b++ ^= c->keystream_buffer.v32[2];
+ *b++ ^= c->keystream_buffer.v32[3];
+ buf = (uint8_t*)b;
+#else
+ if ((((unsigned long)buf) & 0x03) != 0) {
+ *buf++ ^= c->keystream_buffer.v8[0];
+ *buf++ ^= c->keystream_buffer.v8[1];
+ *buf++ ^= c->keystream_buffer.v8[2];
+ *buf++ ^= c->keystream_buffer.v8[3];
+ *buf++ ^= c->keystream_buffer.v8[4];
+ *buf++ ^= c->keystream_buffer.v8[5];
+ *buf++ ^= c->keystream_buffer.v8[6];
+ *buf++ ^= c->keystream_buffer.v8[7];
+ *buf++ ^= c->keystream_buffer.v8[8];
+ *buf++ ^= c->keystream_buffer.v8[9];
+ *buf++ ^= c->keystream_buffer.v8[10];
+ *buf++ ^= c->keystream_buffer.v8[11];
+ *buf++ ^= c->keystream_buffer.v8[12];
+ *buf++ ^= c->keystream_buffer.v8[13];
+ *buf++ ^= c->keystream_buffer.v8[14];
+ *buf++ ^= c->keystream_buffer.v8[15];
+ } else {
+ b = (uint32_t*)buf;
+ *b++ ^= c->keystream_buffer.v32[0];
+ *b++ ^= c->keystream_buffer.v32[1];
+ *b++ ^= c->keystream_buffer.v32[2];
+ *b++ ^= c->keystream_buffer.v32[3];
+ buf = (uint8_t*)b;
+ }
+#endif /* #if ALIGN_32 */
+
}
-#endif /* #if ALIGN_32 */
- }
-
- /* if there is a tail end of the data, process it */
- if ((bytes_to_encr & 0xf) != 0) {
-
- /* fill buffer with new keystream */
- aes_icm_advance_ismacryp(c, forIsmacryp);
-
- for (i=0; i < (bytes_to_encr & 0xf); i++)
- *buf++ ^= c->keystream_buffer.v8[i];
-
- /* reset the keystream buffer size to right value */
- c->bytes_in_buffer = sizeof(v128_t) - i;
- } else {
+ /* if there is a tail end of the data, process it */
+ if ((bytes_to_encr & 0xf) != 0) {
- /* no tail, so just reset the keystream buffer size to zero */
- c->bytes_in_buffer = 0;
+ /* fill buffer with new keystream */
+ srtp_aes_icm_advance(c);
- }
+ for (i = 0; i < (bytes_to_encr & 0xf); i++) {
+ *buf++ ^= c->keystream_buffer.v8[i];
+ }
- return err_status_ok;
+ /* reset the keystream buffer size to right value */
+ c->bytes_in_buffer = sizeof(v128_t) - i;
+ } else {
+
+ /* no tail, so just reset the keystream buffer size to zero */
+ c->bytes_in_buffer = 0;
+
+ }
+
+ return srtp_err_status_ok;
}
-err_status_t
-aes_icm_encrypt(aes_icm_ctx_t *c, unsigned char *buf, unsigned int *enc_len) {
- return aes_icm_encrypt_ismacryp(c, buf, enc_len, 0);
-}
+static const char srtp_aes_icm_128_description[] = "AES-128 integer counter mode";
+static const char srtp_aes_icm_256_description[] = "AES-256 integer counter mode";
-err_status_t
-aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output) {
- unsigned int len = num_octets_to_output;
-
- /* zeroize the buffer */
- octet_string_set_to_zero(buffer, num_octets_to_output);
-
- /* exor keystream into buffer */
- return aes_icm_encrypt(c, buffer, &len);
-}
-
-uint16_t
-aes_icm_bytes_encrypted(aes_icm_ctx_t *c) {
- return htons(c->counter.v16[7]);
-}
-
-char
-aes_icm_description[] = "aes integer counter mode";
-
-uint8_t aes_icm_test_case_0_key[30] = {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
- 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
-uint8_t aes_icm_test_case_0_nonce[16] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
-uint8_t aes_icm_test_case_0_plaintext[32] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
-uint8_t aes_icm_test_case_0_ciphertext[32] = {
- 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80,
- 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4,
- 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7,
- 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab
+static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = {
+ 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80,
+ 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4,
+ 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7,
+ 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab
};
-cipher_test_case_t aes_icm_test_case_0 = {
- 30, /* octets in key */
- aes_icm_test_case_0_key, /* key */
- aes_icm_test_case_0_nonce, /* packet index */
- 32, /* octets in plaintext */
- aes_icm_test_case_0_plaintext, /* plaintext */
- 32, /* octets in ciphertext */
- aes_icm_test_case_0_ciphertext, /* ciphertext */
- 0,
- NULL,
- 0,
- NULL /* pointer to next testcase */
+static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = {
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_icm_128_test_case_0_key, /* key */
+ srtp_aes_icm_128_test_case_0_nonce, /* packet index */
+ 32, /* octets in plaintext */
+ srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */
+ 32, /* octets in ciphertext */
+ srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */
+ 0,
+ NULL,
+ 0,
+ NULL /* pointer to next testcase */
};
-uint8_t aes_icm_test_case_1_key[46] = {
- 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70,
- 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92,
- 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82,
- 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98,
- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
- 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
+static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = {
+ 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70,
+ 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92,
+ 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82,
+ 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98,
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
-uint8_t aes_icm_test_case_1_nonce[16] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
-uint8_t aes_icm_test_case_1_plaintext[32] = {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
-uint8_t aes_icm_test_case_1_ciphertext[32] = {
- 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25,
- 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4,
- 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6,
- 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac
+static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = {
+ 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25,
+ 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4,
+ 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6,
+ 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac
};
-cipher_test_case_t aes_icm_test_case_1 = {
- 46, /* octets in key */
- aes_icm_test_case_1_key, /* key */
- aes_icm_test_case_1_nonce, /* packet index */
- 32, /* octets in plaintext */
- aes_icm_test_case_1_plaintext, /* plaintext */
- 32, /* octets in ciphertext */
- aes_icm_test_case_1_ciphertext, /* ciphertext */
- 0,
- NULL,
- 0,
- &aes_icm_test_case_0 /* pointer to next testcase */
+static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = {
+ SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_icm_256_test_case_0_key, /* key */
+ srtp_aes_icm_256_test_case_0_nonce, /* packet index */
+ 32, /* octets in plaintext */
+ srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */
+ 32, /* octets in ciphertext */
+ srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */
+ 0,
+ NULL,
+ 0,
+ NULL, /* pointer to next testcase */
};
@@ -575,19 +492,30 @@ cipher_test_case_t aes_icm_test_case_1 = {
* note: the encrypt function is identical to the decrypt function
*/
-cipher_type_t aes_icm = {
- (cipher_alloc_func_t) aes_icm_alloc,
- (cipher_dealloc_func_t) aes_icm_dealloc,
- (cipher_init_func_t) aes_icm_context_init,
- (cipher_set_aad_func_t) 0,
- (cipher_encrypt_func_t) aes_icm_encrypt,
- (cipher_decrypt_func_t) aes_icm_encrypt,
- (cipher_set_iv_func_t) aes_icm_set_iv,
- (cipher_get_tag_func_t) 0,
- (char *) aes_icm_description,
- (int) 0, /* instance count */
- (cipher_test_case_t *) &aes_icm_test_case_1,
- (debug_module_t *) &mod_aes_icm,
- (cipher_type_id_t) AES_ICM
+const srtp_cipher_type_t srtp_aes_icm_128 = {
+ srtp_aes_icm_alloc,
+ srtp_aes_icm_dealloc,
+ srtp_aes_icm_context_init,
+ 0, /* set_aad */
+ srtp_aes_icm_encrypt,
+ srtp_aes_icm_encrypt,
+ srtp_aes_icm_set_iv,
+ 0, /* get_tag */
+ srtp_aes_icm_128_description,
+ &srtp_aes_icm_128_test_case_0,
+ SRTP_AES_ICM_128
};
+const srtp_cipher_type_t srtp_aes_icm_256 = {
+ srtp_aes_icm_alloc,
+ srtp_aes_icm_dealloc,
+ srtp_aes_icm_context_init,
+ 0, /* set_aad */
+ srtp_aes_icm_encrypt,
+ srtp_aes_icm_encrypt,
+ srtp_aes_icm_set_iv,
+ 0, /* get_tag */
+ srtp_aes_icm_256_description,
+ &srtp_aes_icm_256_test_case_0,
+ SRTP_AES_ICM_256
+};
diff --git a/libs/srtp/crypto/cipher/aes_icm_ossl.c b/libs/srtp/crypto/cipher/aes_icm_ossl.c
index 1e1860d093..25b431fadd 100644
--- a/libs/srtp/crypto/cipher/aes_icm_ossl.c
+++ b/libs/srtp/crypto/cipher/aes_icm_ossl.c
@@ -14,7 +14,7 @@
/*
*
- * Copyright (c) 2013, Cisco Systems, Inc.
+ * Copyright (c) 2013-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -48,21 +48,24 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include
#include "aes_icm_ossl.h"
#include "crypto_types.h"
+#include "err.h" /* for srtp_debug */
#include "alloc.h"
-#include "crypto_types.h"
-debug_module_t mod_aes_icm = {
+srtp_debug_module_t srtp_mod_aes_icm = {
0, /* debugging is off by default */
"aes icm ossl" /* printable module name */
};
-extern cipher_test_case_t aes_icm_test_case_0;
-extern cipher_type_t aes_icm;
-extern cipher_type_t aes_icm_192;
-extern cipher_type_t aes_icm_256;
+extern const srtp_cipher_type_t srtp_aes_icm_128;
+extern const srtp_cipher_type_t srtp_aes_icm_192;
+extern const srtp_cipher_type_t srtp_aes_icm_256;
/*
* integer counter mode works as follows:
@@ -70,7 +73,7 @@ extern cipher_type_t aes_icm_256;
* 16 bits
* <----->
* +------+------+------+------+------+------+------+------+
- * | nonce | pakcet index | ctr |---+
+ * | nonce | packet index | ctr |---+
* +------+------+------+------+------+------+------+------+ |
* |
* +------+------+------+------+------+------+------+------+ v
@@ -106,106 +109,98 @@ extern cipher_type_t aes_icm_256;
* value. The tlen argument is for the AEAD tag length, which
* isn't used in counter mode.
*/
-err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)
+static srtp_err_status_t srtp_aes_icm_openssl_alloc (srtp_cipher_t **c, int key_len, int tlen)
{
- aes_icm_ctx_t *icm;
- int tmp;
- uint8_t *allptr;
+ srtp_aes_icm_ctx_t *icm;
- debug_print(mod_aes_icm, "allocating cipher with key length %d", key_len);
+ debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d", key_len);
/*
* Verify the key_len is valid for one of: AES-128/192/256
*/
- if (key_len != AES_128_KEYSIZE_WSALT && key_len != AES_192_KEYSIZE_WSALT &&
- key_len != AES_256_KEYSIZE_WSALT) {
- return err_status_bad_param;
+ if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT && key_len != SRTP_AES_ICM_192_KEY_LEN_WSALT &&
+ key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) {
+ return srtp_err_status_bad_param;
}
/* allocate memory a cipher of type aes_icm */
- tmp = sizeof(cipher_t) + sizeof(aes_icm_ctx_t);
- allptr = (uint8_t*)crypto_alloc(tmp);
- if (allptr == NULL) {
- return err_status_alloc_fail;
+ *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
+ if (*c == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+ memset(*c, 0x0, sizeof(srtp_cipher_t));
+
+ icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t));
+ if (icm == NULL) {
+ srtp_crypto_free(*c);
+ *c = NULL;
+ return srtp_err_status_alloc_fail;
+ }
+ memset(icm, 0x0, sizeof(srtp_aes_icm_ctx_t));
+
+ icm->ctx = EVP_CIPHER_CTX_new();
+ if (icm->ctx == NULL) {
+ srtp_crypto_free(icm);
+ srtp_crypto_free(*c);
+ *c = NULL;
+ return srtp_err_status_alloc_fail;
}
/* set pointers */
- *c = (cipher_t*)allptr;
- (*c)->state = allptr + sizeof(cipher_t);
- icm = (aes_icm_ctx_t*)(*c)->state;
+ (*c)->state = icm;
- /* increment ref_count */
+ /* setup cipher parameters */
switch (key_len) {
- case AES_128_KEYSIZE_WSALT:
- (*c)->algorithm = AES_128_ICM;
- (*c)->type = &aes_icm;
- aes_icm.ref_count++;
- ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE;
+ case SRTP_AES_ICM_128_KEY_LEN_WSALT:
+ (*c)->algorithm = SRTP_AES_ICM_128;
+ (*c)->type = &srtp_aes_icm_128;
+ icm->key_size = SRTP_AES_128_KEY_LEN;
break;
- case AES_192_KEYSIZE_WSALT:
- (*c)->algorithm = AES_192_ICM;
- (*c)->type = &aes_icm_192;
- aes_icm_192.ref_count++;
- ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_192_KEYSIZE;
+ case SRTP_AES_ICM_192_KEY_LEN_WSALT:
+ (*c)->algorithm = SRTP_AES_ICM_192;
+ (*c)->type = &srtp_aes_icm_192;
+ icm->key_size = SRTP_AES_192_KEY_LEN;
break;
- case AES_256_KEYSIZE_WSALT:
- (*c)->algorithm = AES_256_ICM;
- (*c)->type = &aes_icm_256;
- aes_icm_256.ref_count++;
- ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE;
+ case SRTP_AES_ICM_256_KEY_LEN_WSALT:
+ (*c)->algorithm = SRTP_AES_ICM_256;
+ (*c)->type = &srtp_aes_icm_256;
+ icm->key_size = SRTP_AES_256_KEY_LEN;
break;
}
/* set key size */
(*c)->key_len = key_len;
- EVP_CIPHER_CTX_init(&icm->ctx);
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
* This function deallocates an instance of this engine
*/
-err_status_t aes_icm_openssl_dealloc (cipher_t *c)
+static srtp_err_status_t srtp_aes_icm_openssl_dealloc (srtp_cipher_t *c)
{
- aes_icm_ctx_t *ctx;
+ srtp_aes_icm_ctx_t *ctx;
if (c == NULL) {
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
/*
* Free the EVP context
*/
- ctx = (aes_icm_ctx_t*)c->state;
+ ctx = (srtp_aes_icm_ctx_t*)c->state;
if (ctx != NULL) {
- EVP_CIPHER_CTX_cleanup(&ctx->ctx);
- /* decrement ref_count for the appropriate engine */
- switch (ctx->key_size) {
- case AES_256_KEYSIZE:
- aes_icm_256.ref_count--;
- break;
- case AES_192_KEYSIZE:
- aes_icm_192.ref_count--;
- break;
- case AES_128_KEYSIZE:
- aes_icm.ref_count--;
- break;
- default:
- return err_status_dealloc_fail;
- break;
- }
+ EVP_CIPHER_CTX_free(ctx->ctx);
+ /* zeroize the key material */
+ octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t));
+ srtp_crypto_free(ctx);
}
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t*)c,
- sizeof(cipher_t) + sizeof(aes_icm_ctx_t));
-
/* free memory */
- crypto_free(c);
+ srtp_crypto_free(c);
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -217,42 +212,50 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c)
* the salt is unpredictable (but not necessarily secret) data which
* randomizes the starting point in the keystream
*/
-err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key)
+static srtp_err_status_t srtp_aes_icm_openssl_context_init (void* cv, const uint8_t *key)
{
+ srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
+ const EVP_CIPHER *evp;
+
/*
* set counter and initial values to 'offset' value, being careful not to
* go past the end of the key buffer
*/
v128_set_to_zero(&c->counter);
v128_set_to_zero(&c->offset);
- memcpy(&c->counter, key + c->key_size, SALT_SIZE);
- memcpy(&c->offset, key + c->key_size, SALT_SIZE);
+ memcpy(&c->counter, key + c->key_size, SRTP_SALT_LEN);
+ memcpy(&c->offset, key + c->key_size, SRTP_SALT_LEN);
/* force last two octets of the offset to zero (for srtp compatibility) */
- c->offset.v8[SALT_SIZE] = c->offset.v8[SALT_SIZE + 1] = 0;
- c->counter.v8[SALT_SIZE] = c->counter.v8[SALT_SIZE + 1] = 0;
+ c->offset.v8[SRTP_SALT_LEN] = c->offset.v8[SRTP_SALT_LEN + 1] = 0;
+ c->counter.v8[SRTP_SALT_LEN] = c->counter.v8[SRTP_SALT_LEN + 1] = 0;
- /* copy key to be used later when CiscoSSL crypto context is created */
- v128_copy_octet_string((v128_t*)&c->key, key);
+ debug_print(srtp_mod_aes_icm, "key: %s", srtp_octet_string_hex_string(key, c->key_size));
+ debug_print(srtp_mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
- /* if the key is greater than 16 bytes, copy the second
- * half. Note, we treat AES-192 and AES-256 the same here
- * for simplicity. The storage location receiving the
- * key is statically allocated to handle a full 32 byte key
- * regardless of the cipher in use.
- */
- if (c->key_size == AES_256_KEYSIZE || c->key_size == AES_192_KEYSIZE) {
- debug_print(mod_aes_icm, "Copying last 16 bytes of key: %s",
- v128_hex_string((v128_t*)(key + AES_128_KEYSIZE)));
- v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, key + AES_128_KEYSIZE);
+ switch (c->key_size) {
+ case SRTP_AES_256_KEY_LEN:
+ evp = EVP_aes_256_ctr();
+ break;
+ case SRTP_AES_192_KEY_LEN:
+ evp = EVP_aes_192_ctr();
+ break;
+ case SRTP_AES_128_KEY_LEN:
+ evp = EVP_aes_128_ctr();
+ break;
+ default:
+ return srtp_err_status_bad_param;
+ break;
}
- debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key));
- debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset));
+ if (!EVP_EncryptInit_ex(c->ctx, evp,
+ NULL, key, NULL)) {
+ return srtp_err_status_fail;
+ } else {
+ return srtp_err_status_ok;
+ }
- EVP_CIPHER_CTX_cleanup(&c->ctx);
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -260,40 +263,25 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key)
* aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with
* the offset
*/
-err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)
+static srtp_err_status_t srtp_aes_icm_openssl_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t dir)
{
- const EVP_CIPHER *evp;
+ srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
v128_t nonce;
/* set nonce (for alignment) */
v128_copy_octet_string(&nonce, iv);
- debug_print(mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce));
+ debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce));
v128_xor(&c->counter, &c->offset, &nonce);
- debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter));
+ debug_print(srtp_mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter));
- switch (c->key_size) {
- case AES_256_KEYSIZE:
- evp = EVP_aes_256_ctr();
- break;
- case AES_192_KEYSIZE:
- evp = EVP_aes_192_ctr();
- break;
- case AES_128_KEYSIZE:
- evp = EVP_aes_128_ctr();
- break;
- default:
- return err_status_bad_param;
- break;
- }
-
- if (!EVP_EncryptInit_ex(&c->ctx, evp,
- NULL, c->key.v8, c->counter.v8)) {
- return err_status_fail;
+ if (!EVP_EncryptInit_ex(c->ctx, NULL,
+ NULL, NULL, c->counter.v8)) {
+ return srtp_err_status_fail;
} else {
- return err_status_ok;
+ return srtp_err_status_ok;
}
}
@@ -305,85 +293,72 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)
* buf data to encrypt
* enc_len length of encrypt buffer
*/
-err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsigned int *enc_len)
+static srtp_err_status_t srtp_aes_icm_openssl_encrypt (void *cv, unsigned char *buf, unsigned int *enc_len)
{
+ srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
int len = 0;
- debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));
+ debug_print(srtp_mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));
- if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) {
- return err_status_cipher_fail;
+ if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) {
+ return srtp_err_status_cipher_fail;
}
*enc_len = len;
- if (!EVP_EncryptFinal_ex(&c->ctx, buf, (int*)&len)) {
- return err_status_cipher_fail;
+ if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) {
+ return srtp_err_status_cipher_fail;
}
*enc_len += len;
- return err_status_ok;
-}
-
-/*
- * Abstraction layer for encrypt.
- */
-err_status_t aes_icm_output (aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output)
-{
- unsigned int len = num_octets_to_output;
-
- /* zeroize the buffer */
- octet_string_set_to_zero(buffer, num_octets_to_output);
-
- /* exor keystream into buffer */
- return aes_icm_openssl_encrypt(c, buffer, &len);
+ return srtp_err_status_ok;
}
/*
* Name of this crypto engine
*/
-char aes_icm_openssl_description[] = "AES-128 counter mode using openssl";
-char aes_icm_192_openssl_description[] = "AES-192 counter mode using openssl";
-char aes_icm_256_openssl_description[] = "AES-256 counter mode using openssl";
+static const char srtp_aes_icm_128_openssl_description[] = "AES-128 counter mode using openssl";
+static const char srtp_aes_icm_192_openssl_description[] = "AES-192 counter mode using openssl";
+static const char srtp_aes_icm_256_openssl_description[] = "AES-256 counter mode using openssl";
/*
* KAT values for AES self-test. These
* values came from the legacy libsrtp code.
*/
-uint8_t aes_icm_test_case_0_key[AES_128_KEYSIZE_WSALT] = {
+static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = {
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
-uint8_t aes_icm_test_case_0_nonce[16] = {
+static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
-uint8_t aes_icm_test_case_0_plaintext[32] = {
+static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
-uint8_t aes_icm_test_case_0_ciphertext[32] = {
+static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = {
0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80,
0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4,
0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7,
0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab
};
-cipher_test_case_t aes_icm_test_case_0 = {
- AES_128_KEYSIZE_WSALT, /* octets in key */
- aes_icm_test_case_0_key, /* key */
- aes_icm_test_case_0_nonce, /* packet index */
+static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = {
+ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_icm_128_test_case_0_key, /* key */
+ srtp_aes_icm_128_test_case_0_nonce, /* packet index */
32, /* octets in plaintext */
- aes_icm_test_case_0_plaintext, /* plaintext */
+ srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */
32, /* octets in ciphertext */
- aes_icm_test_case_0_ciphertext, /* ciphertext */
+ srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */
0,
NULL,
0,
@@ -394,7 +369,7 @@ cipher_test_case_t aes_icm_test_case_0 = {
* KAT values for AES-192-CTR self-test. These
* values came from section 7 of RFC 6188.
*/
-uint8_t aes_icm_192_test_case_1_key[AES_192_KEYSIZE_WSALT] = {
+static const uint8_t srtp_aes_icm_192_test_case_0_key[SRTP_AES_ICM_192_KEY_LEN_WSALT] = {
0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d,
0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21,
0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7,
@@ -402,45 +377,44 @@ uint8_t aes_icm_192_test_case_1_key[AES_192_KEYSIZE_WSALT] = {
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
-uint8_t aes_icm_192_test_case_1_nonce[16] = {
+static uint8_t srtp_aes_icm_192_test_case_0_nonce[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
-uint8_t aes_icm_192_test_case_1_plaintext[32] = {
+static const uint8_t srtp_aes_icm_192_test_case_0_plaintext[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
-uint8_t aes_icm_192_test_case_1_ciphertext[32] = {
+static const uint8_t srtp_aes_icm_192_test_case_0_ciphertext[32] = {
0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d,
0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c,
0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61,
0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a
};
-cipher_test_case_t aes_icm_192_test_case_1 = {
- AES_192_KEYSIZE_WSALT, /* octets in key */
- aes_icm_192_test_case_1_key, /* key */
- aes_icm_192_test_case_1_nonce, /* packet index */
+static const srtp_cipher_test_case_t srtp_aes_icm_192_test_case_0 = {
+ SRTP_AES_ICM_192_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_icm_192_test_case_0_key, /* key */
+ srtp_aes_icm_192_test_case_0_nonce, /* packet index */
32, /* octets in plaintext */
- aes_icm_192_test_case_1_plaintext, /* plaintext */
+ srtp_aes_icm_192_test_case_0_plaintext, /* plaintext */
32, /* octets in ciphertext */
- aes_icm_192_test_case_1_ciphertext, /* ciphertext */
+ srtp_aes_icm_192_test_case_0_ciphertext, /* ciphertext */
0,
NULL,
0,
NULL /* pointer to next testcase */
};
-
/*
* KAT values for AES-256-CTR self-test. These
* values came from section 7 of RFC 6188.
*/
-uint8_t aes_icm_256_test_case_2_key[AES_256_KEYSIZE_WSALT] = {
+static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = {
0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70,
0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92,
0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82,
@@ -449,33 +423,33 @@ uint8_t aes_icm_256_test_case_2_key[AES_256_KEYSIZE_WSALT] = {
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd
};
-uint8_t aes_icm_256_test_case_2_nonce[16] = {
+static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
-uint8_t aes_icm_256_test_case_2_plaintext[32] = {
+static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
-uint8_t aes_icm_256_test_case_2_ciphertext[32] = {
+static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = {
0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25,
0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4,
0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6,
0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac
};
-cipher_test_case_t aes_icm_256_test_case_2 = {
- AES_256_KEYSIZE_WSALT, /* octets in key */
- aes_icm_256_test_case_2_key, /* key */
- aes_icm_256_test_case_2_nonce, /* packet index */
+static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = {
+ SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */
+ srtp_aes_icm_256_test_case_0_key, /* key */
+ srtp_aes_icm_256_test_case_0_nonce, /* packet index */
32, /* octets in plaintext */
- aes_icm_256_test_case_2_plaintext, /* plaintext */
+ srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */
32, /* octets in ciphertext */
- aes_icm_256_test_case_2_ciphertext, /* ciphertext */
+ srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */
0,
NULL,
0,
@@ -486,59 +460,53 @@ cipher_test_case_t aes_icm_256_test_case_2 = {
* This is the function table for this crypto engine.
* note: the encrypt function is identical to the decrypt function
*/
-cipher_type_t aes_icm = {
- (cipher_alloc_func_t) aes_icm_openssl_alloc,
- (cipher_dealloc_func_t) aes_icm_openssl_dealloc,
- (cipher_init_func_t) aes_icm_openssl_context_init,
- (cipher_set_aad_func_t) 0,
- (cipher_encrypt_func_t) aes_icm_openssl_encrypt,
- (cipher_decrypt_func_t) aes_icm_openssl_encrypt,
- (cipher_set_iv_func_t) aes_icm_openssl_set_iv,
- (cipher_get_tag_func_t) 0,
- (char*) aes_icm_openssl_description,
- (int) 0, /* instance count */
- (cipher_test_case_t*) &aes_icm_test_case_0,
- (debug_module_t*) &mod_aes_icm,
- (cipher_type_id_t) AES_ICM
+const srtp_cipher_type_t srtp_aes_icm_128 = {
+ srtp_aes_icm_openssl_alloc,
+ srtp_aes_icm_openssl_dealloc,
+ srtp_aes_icm_openssl_context_init,
+ 0, /* set_aad */
+ srtp_aes_icm_openssl_encrypt,
+ srtp_aes_icm_openssl_encrypt,
+ srtp_aes_icm_openssl_set_iv,
+ 0, /* get_tag */
+ srtp_aes_icm_128_openssl_description,
+ &srtp_aes_icm_128_test_case_0,
+ SRTP_AES_ICM_128
};
/*
* This is the function table for this crypto engine.
* note: the encrypt function is identical to the decrypt function
*/
-cipher_type_t aes_icm_192 = {
- (cipher_alloc_func_t) aes_icm_openssl_alloc,
- (cipher_dealloc_func_t) aes_icm_openssl_dealloc,
- (cipher_init_func_t) aes_icm_openssl_context_init,
- (cipher_set_aad_func_t) 0,
- (cipher_encrypt_func_t) aes_icm_openssl_encrypt,
- (cipher_decrypt_func_t) aes_icm_openssl_encrypt,
- (cipher_set_iv_func_t) aes_icm_openssl_set_iv,
- (cipher_get_tag_func_t) 0,
- (char*) aes_icm_192_openssl_description,
- (int) 0, /* instance count */
- (cipher_test_case_t*) &aes_icm_192_test_case_1,
- (debug_module_t*) &mod_aes_icm,
- (cipher_type_id_t) AES_192_ICM
+const srtp_cipher_type_t srtp_aes_icm_192 = {
+ srtp_aes_icm_openssl_alloc,
+ srtp_aes_icm_openssl_dealloc,
+ srtp_aes_icm_openssl_context_init,
+ 0, /* set_aad */
+ srtp_aes_icm_openssl_encrypt,
+ srtp_aes_icm_openssl_encrypt,
+ srtp_aes_icm_openssl_set_iv,
+ 0, /* get_tag */
+ srtp_aes_icm_192_openssl_description,
+ &srtp_aes_icm_192_test_case_0,
+ SRTP_AES_ICM_192
};
/*
* This is the function table for this crypto engine.
* note: the encrypt function is identical to the decrypt function
*/
-cipher_type_t aes_icm_256 = {
- (cipher_alloc_func_t) aes_icm_openssl_alloc,
- (cipher_dealloc_func_t) aes_icm_openssl_dealloc,
- (cipher_init_func_t) aes_icm_openssl_context_init,
- (cipher_set_aad_func_t) 0,
- (cipher_encrypt_func_t) aes_icm_openssl_encrypt,
- (cipher_decrypt_func_t) aes_icm_openssl_encrypt,
- (cipher_set_iv_func_t) aes_icm_openssl_set_iv,
- (cipher_get_tag_func_t) 0,
- (char*) aes_icm_256_openssl_description,
- (int) 0, /* instance count */
- (cipher_test_case_t*) &aes_icm_256_test_case_2,
- (debug_module_t*) &mod_aes_icm,
- (cipher_type_id_t) AES_256_ICM
+const srtp_cipher_type_t srtp_aes_icm_256 = {
+ srtp_aes_icm_openssl_alloc,
+ srtp_aes_icm_openssl_dealloc,
+ srtp_aes_icm_openssl_context_init,
+ 0, /* set_aad */
+ srtp_aes_icm_openssl_encrypt,
+ srtp_aes_icm_openssl_encrypt,
+ srtp_aes_icm_openssl_set_iv,
+ 0, /* get_tag */
+ srtp_aes_icm_256_openssl_description,
+ &srtp_aes_icm_256_test_case_0,
+ SRTP_AES_ICM_256
};
diff --git a/libs/srtp/crypto/cipher/cipher.c b/libs/srtp/crypto/cipher/cipher.c
index 3f8f01aea6..3c67790888 100644
--- a/libs/srtp/crypto/cipher/cipher.c
+++ b/libs/srtp/crypto/cipher/cipher.c
@@ -5,30 +5,30 @@
*
* David A. McGrew
* Cisco Systems, Inc.
- *
+ *
*/
/*
- *
- * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -44,465 +44,606 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include "cipher.h"
#include "crypto_types.h"
-#include "rand_source.h" /* used in invertibiltiy tests */
+#include "err.h" /* for srtp_debug */
#include "alloc.h" /* for crypto_alloc(), crypto_free() */
-debug_module_t mod_cipher = {
- 0, /* debugging is off by default */
- "cipher" /* printable module name */
+srtp_debug_module_t srtp_mod_cipher = {
+ 0, /* debugging is off by default */
+ "cipher" /* printable module name */
};
-err_status_t
-cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output) {
-
- /* zeroize the buffer */
- octet_string_set_to_zero(buffer, num_octets_to_output);
-
- /* exor keystream into buffer */
- return cipher_encrypt(c, buffer, (unsigned int *) &num_octets_to_output);
+srtp_err_status_t srtp_cipher_type_alloc (const srtp_cipher_type_t *ct, srtp_cipher_t **c, int key_len, int tlen)
+{
+ if (!ct || !ct->alloc) {
+ return (srtp_err_status_bad_param);
+ }
+ return ((ct)->alloc((c), (key_len), (tlen)));
+}
+
+srtp_err_status_t srtp_cipher_dealloc (srtp_cipher_t *c)
+{
+ if (!c || !c->type) {
+ return (srtp_err_status_bad_param);
+ }
+ return (((c)->type)->dealloc(c));
+}
+
+srtp_err_status_t srtp_cipher_init (srtp_cipher_t *c, const uint8_t *key)
+{
+ if (!c || !c->type || !c->state) {
+ return (srtp_err_status_bad_param);
+ }
+ return (((c)->type)->init(((c)->state), (key)));
+}
+
+
+srtp_err_status_t srtp_cipher_set_iv (srtp_cipher_t *c, uint8_t *iv, int direction)
+{
+ if (!c || !c->type || !c->state) {
+ return (srtp_err_status_bad_param);
+ }
+
+ return (((c)->type)->set_iv(((c)->state), iv, direction));
+}
+
+srtp_err_status_t srtp_cipher_output (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output)
+{
+
+ /* zeroize the buffer */
+ octet_string_set_to_zero(buffer, *num_octets_to_output);
+
+ /* exor keystream into buffer */
+ return (((c)->type)->encrypt(((c)->state), buffer, num_octets_to_output));
+}
+
+srtp_err_status_t srtp_cipher_encrypt (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output)
+{
+ if (!c || !c->type || !c->state) {
+ return (srtp_err_status_bad_param);
+ }
+
+ return (((c)->type)->encrypt(((c)->state), buffer, num_octets_to_output));
+}
+
+srtp_err_status_t srtp_cipher_decrypt (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output)
+{
+ if (!c || !c->type || !c->state) {
+ return (srtp_err_status_bad_param);
+ }
+
+ return (((c)->type)->decrypt(((c)->state), buffer, num_octets_to_output));
+}
+
+srtp_err_status_t srtp_cipher_get_tag (srtp_cipher_t *c, uint8_t *buffer, uint32_t *tag_len)
+{
+ if (!c || !c->type || !c->state) {
+ return (srtp_err_status_bad_param);
+ }
+ if (!((c)->type)->get_tag) {
+ return (srtp_err_status_no_such_op);
+ }
+
+ return (((c)->type)->get_tag(((c)->state), buffer, tag_len));
+}
+
+srtp_err_status_t srtp_cipher_set_aad (srtp_cipher_t *c, const uint8_t *aad, uint32_t aad_len)
+{
+ if (!c || !c->type || !c->state) {
+ return (srtp_err_status_bad_param);
+ }
+ if (!((c)->type)->set_aad) {
+ return (srtp_err_status_no_such_op);
+ }
+
+ return (((c)->type)->set_aad(((c)->state), aad, aad_len));
}
/* some bookkeeping functions */
-int
-cipher_get_key_length(const cipher_t *c) {
- return c->key_len;
+int srtp_cipher_get_key_length (const srtp_cipher_t *c)
+{
+ return c->key_len;
}
-/*
- * cipher_type_test(ct, test_data) tests a cipher of type ct against
- * test cases provided in a list test_data of values of key, salt, iv,
- * plaintext, and ciphertext that is known to be good
- */
+/*
+ * A trivial platform independent random source. The random
+ * data is used for some of the cipher self-tests.
+ */
+static srtp_err_status_t srtp_cipher_rand (void *dest, uint32_t len)
+{
+#if defined(HAVE_RAND_S)
+ uint8_t *dst = (uint8_t *)dest;
+ while (len)
+ {
+ unsigned int val;
+ errno_t err = rand_s(&val);
+
+ if (err != 0)
+ return srtp_err_status_fail;
+
+ *dst++ = val & 0xff;
+ len--;
+ }
+#else
+ /* Generic C-library (rand()) version */
+ /* This is a random source of last resort */
+ uint8_t *dst = (uint8_t *)dest;
+ while (len)
+ {
+ int val = rand();
+ /* rand() returns 0-32767 (ugh) */
+ /* Is this a good enough way to get random bytes?
+ It is if it passes FIPS-140... */
+ *dst++ = val & 0xff;
+ len--;
+ }
+#endif
+ return srtp_err_status_ok;
+}
+
#define SELF_TEST_BUF_OCTETS 128
#define NUM_RAND_TESTS 128
#define MAX_KEY_LEN 64
+/*
+ * srtp_cipher_type_test(ct, test_data) tests a cipher of type ct against
+ * test cases provided in a list test_data of values of key, salt, iv,
+ * plaintext, and ciphertext that is known to be good
+ */
+srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srtp_cipher_test_case_t *test_data)
+{
+ const srtp_cipher_test_case_t *test_case = test_data;
+ srtp_cipher_t *c;
+ srtp_err_status_t status;
+ uint8_t buffer[SELF_TEST_BUF_OCTETS];
+ uint8_t buffer2[SELF_TEST_BUF_OCTETS];
+ uint32_t tag_len;
+ unsigned int len;
+ int i, j, case_num = 0;
-err_status_t
-cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data) {
- const cipher_test_case_t *test_case = test_data;
- cipher_t *c;
- err_status_t status;
- uint8_t buffer[SELF_TEST_BUF_OCTETS];
- uint8_t buffer2[SELF_TEST_BUF_OCTETS];
- int tag_len;
- unsigned int len;
- int i, j, case_num = 0;
+ debug_print(srtp_mod_cipher, "running self-test for cipher %s",
+ ct->description);
- debug_print(mod_cipher, "running self-test for cipher %s",
- ct->description);
-
- /*
- * check to make sure that we have at least one test case, and
- * return an error if we don't - we need to be paranoid here
- */
- if (test_case == NULL)
- return err_status_cant_check;
-
- /*
- * loop over all test cases, perform known-answer tests of both the
- * encryption and decryption functions
- */
- while (test_case != NULL) {
- /* allocate cipher */
- status = cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets);
- if (status)
- return status;
-
/*
- * test the encrypt function
+ * check to make sure that we have at least one test case, and
+ * return an error if we don't - we need to be paranoid here
*/
- debug_print(mod_cipher, "testing encryption", NULL);
-
- /* initialize cipher */
- status = cipher_init(c, test_case->key);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
-
- /* copy plaintext into test buffer */
- if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) {
- cipher_dealloc(c);
- return err_status_bad_param;
- }
- for (i=0; i < test_case->plaintext_length_octets; i++)
- buffer[i] = test_case->plaintext[i];
-
- debug_print(mod_cipher, "plaintext: %s",
- octet_string_hex_string(buffer,
- test_case->plaintext_length_octets));
-
- /* set the initialization vector */
- status = cipher_set_iv(c, test_case->idx, direction_encrypt);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
-
- if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
- debug_print(mod_cipher, "IV: %s",
- octet_string_hex_string(test_case->idx, 12));
-
- /*
- * Set the AAD
- */
- status = cipher_set_aad(c, test_case->aad,
- test_case->aad_length_octets);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
- debug_print(mod_cipher, "AAD: %s",
- octet_string_hex_string(test_case->aad,
- test_case->aad_length_octets));
- }
-
- /* encrypt */
- len = test_case->plaintext_length_octets;
- status = cipher_encrypt(c, buffer, &len);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
-
- if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
- /*
- * Get the GCM tag
- */
- status = cipher_get_tag(c, buffer + len, &tag_len);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
- len += tag_len;
- }
-
- debug_print(mod_cipher, "ciphertext: %s",
- octet_string_hex_string(buffer,
- test_case->ciphertext_length_octets));
-
- /* compare the resulting ciphertext with that in the test case */
- if (len != (unsigned int)test_case->ciphertext_length_octets)
- return err_status_algo_fail;
- status = err_status_ok;
- for (i=0; i < test_case->ciphertext_length_octets; i++)
- if (buffer[i] != test_case->ciphertext[i]) {
- status = err_status_algo_fail;
- debug_print(mod_cipher, "test case %d failed", case_num);
- debug_print(mod_cipher, "(failure at byte %d)", i);
- break;
- }
- if (status) {
-
- debug_print(mod_cipher, "c computed: %s",
- octet_string_hex_string(buffer,
- 2*test_case->plaintext_length_octets));
- debug_print(mod_cipher, "c expected: %s",
- octet_string_hex_string(test_case->ciphertext,
- 2*test_case->plaintext_length_octets));
-
- cipher_dealloc(c);
- return err_status_algo_fail;
+ if (test_case == NULL) {
+ return srtp_err_status_cant_check;
}
/*
- * test the decrypt function
+ * loop over all test cases, perform known-answer tests of both the
+ * encryption and decryption functions
*/
- debug_print(mod_cipher, "testing decryption", NULL);
-
- /* re-initialize cipher for decryption */
- status = cipher_init(c, test_case->key);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
-
- /* copy ciphertext into test buffer */
- if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) {
- cipher_dealloc(c);
- return err_status_bad_param;
- }
- for (i=0; i < test_case->ciphertext_length_octets; i++)
- buffer[i] = test_case->ciphertext[i];
-
- debug_print(mod_cipher, "ciphertext: %s",
- octet_string_hex_string(buffer,
- test_case->plaintext_length_octets));
-
- /* set the initialization vector */
- status = cipher_set_iv(c, test_case->idx, direction_decrypt);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
-
- if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
- /*
- * Set the AAD
- */
- status = cipher_set_aad(c, test_case->aad,
- test_case->aad_length_octets);
+ while (test_case != NULL) {
+ /* allocate cipher */
+ status = srtp_cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets);
if (status) {
- cipher_dealloc(c);
- return status;
- }
- debug_print(mod_cipher, "AAD: %s",
- octet_string_hex_string(test_case->aad,
- test_case->aad_length_octets));
- }
-
- /* decrypt */
- len = test_case->ciphertext_length_octets;
- status = cipher_decrypt(c, buffer, &len);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
-
- debug_print(mod_cipher, "plaintext: %s",
- octet_string_hex_string(buffer,
- test_case->plaintext_length_octets));
-
- /* compare the resulting plaintext with that in the test case */
- if (len != (unsigned int)test_case->plaintext_length_octets)
- return err_status_algo_fail;
- status = err_status_ok;
- for (i=0; i < test_case->plaintext_length_octets; i++)
- if (buffer[i] != test_case->plaintext[i]) {
- status = err_status_algo_fail;
- debug_print(mod_cipher, "test case %d failed", case_num);
- debug_print(mod_cipher, "(failure at byte %d)", i);
- }
- if (status) {
-
- debug_print(mod_cipher, "p computed: %s",
- octet_string_hex_string(buffer,
- 2*test_case->plaintext_length_octets));
- debug_print(mod_cipher, "p expected: %s",
- octet_string_hex_string(test_case->plaintext,
- 2*test_case->plaintext_length_octets));
-
- cipher_dealloc(c);
- return err_status_algo_fail;
- }
-
- /* deallocate the cipher */
- status = cipher_dealloc(c);
- if (status)
- return status;
-
- /*
- * the cipher passed the test case, so move on to the next test
- * case in the list; if NULL, we'l proceed to the next test
- */
- test_case = test_case->next_test_case;
- ++case_num;
- }
-
- /* now run some random invertibility tests */
-
- /* allocate cipher, using paramaters from the first test case */
- test_case = test_data;
- status = cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets);
- if (status)
- return status;
-
- rand_source_init();
-
- for (j=0; j < NUM_RAND_TESTS; j++) {
- unsigned length;
- int plaintext_len;
- uint8_t key[MAX_KEY_LEN];
- uint8_t iv[MAX_KEY_LEN];
-
- /* choose a length at random (leaving room for IV and padding) */
- length = rand() % (SELF_TEST_BUF_OCTETS - 64);
- debug_print(mod_cipher, "random plaintext length %d\n", length);
- status = rand_source_get_octet_string(buffer, length);
- if (status) return status;
-
- debug_print(mod_cipher, "plaintext: %s",
- octet_string_hex_string(buffer, length));
-
- /* copy plaintext into second buffer */
- for (i=0; (unsigned int)i < length; i++)
- buffer2[i] = buffer[i];
-
- /* choose a key at random */
- if (test_case->key_length_octets > MAX_KEY_LEN)
- return err_status_cant_check;
- status = rand_source_get_octet_string(key, test_case->key_length_octets);
- if (status) return status;
-
- /* chose a random initialization vector */
- status = rand_source_get_octet_string(iv, MAX_KEY_LEN);
- if (status) return status;
-
- /* initialize cipher */
- status = cipher_init(c, key);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
-
- /* set initialization vector */
- status = cipher_set_iv(c, test_case->idx, direction_encrypt);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
-
- if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
- /*
- * Set the AAD
- */
- status = cipher_set_aad(c, test_case->aad,
- test_case->aad_length_octets);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
- debug_print(mod_cipher, "AAD: %s",
- octet_string_hex_string(test_case->aad,
- test_case->aad_length_octets));
- }
-
- /* encrypt buffer with cipher */
- plaintext_len = length;
- status = cipher_encrypt(c, buffer, &length);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
- if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
- /*
- * Get the GCM tag
- */
- status = cipher_get_tag(c, buffer + length, &tag_len);
- if (status) {
- cipher_dealloc(c);
return status;
}
- length += tag_len;
- }
- debug_print(mod_cipher, "ciphertext: %s",
- octet_string_hex_string(buffer, length));
- /*
- * re-initialize cipher for decryption, re-set the iv, then
- * decrypt the ciphertext
- */
- status = cipher_init(c, key);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
- status = cipher_set_iv(c, test_case->idx, direction_decrypt);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
- if (c->algorithm == AES_128_GCM || c->algorithm == AES_256_GCM) {
/*
- * Set the AAD
+ * test the encrypt function
*/
- status = cipher_set_aad(c, test_case->aad,
- test_case->aad_length_octets);
+ debug_print(srtp_mod_cipher, "testing encryption", NULL);
+
+ /* initialize cipher */
+ status = srtp_cipher_init(c, test_case->key);
if (status) {
- cipher_dealloc(c);
+ srtp_cipher_dealloc(c);
return status;
- }
- debug_print(mod_cipher, "AAD: %s",
- octet_string_hex_string(test_case->aad,
- test_case->aad_length_octets));
+ }
+
+ /* copy plaintext into test buffer */
+ if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) {
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_bad_param;
+ }
+ for (i = 0; i < test_case->plaintext_length_octets; i++) {
+ buffer[i] = test_case->plaintext[i];
+ }
+
+ debug_print(srtp_mod_cipher, "plaintext: %s",
+ srtp_octet_string_hex_string(buffer,
+ test_case->plaintext_length_octets));
+
+ /* set the initialization vector */
+ status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_encrypt);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+
+ if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) {
+ debug_print(srtp_mod_cipher, "IV: %s",
+ srtp_octet_string_hex_string(test_case->idx, 12));
+
+ /*
+ * Set the AAD
+ */
+ status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ debug_print(srtp_mod_cipher, "AAD: %s",
+ srtp_octet_string_hex_string(test_case->aad,
+ test_case->aad_length_octets));
+ }
+
+ /* encrypt */
+ len = test_case->plaintext_length_octets;
+ status = srtp_cipher_encrypt(c, buffer, &len);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+
+ if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) {
+ /*
+ * Get the GCM tag
+ */
+ status = srtp_cipher_get_tag(c, buffer + len, &tag_len);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ len += tag_len;
+ }
+
+ debug_print(srtp_mod_cipher, "ciphertext: %s",
+ srtp_octet_string_hex_string(buffer,
+ test_case->ciphertext_length_octets));
+
+ /* compare the resulting ciphertext with that in the test case */
+ if (len != test_case->ciphertext_length_octets) {
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_algo_fail;
+ }
+ status = srtp_err_status_ok;
+ for (i = 0; i < test_case->ciphertext_length_octets; i++) {
+ if (buffer[i] != test_case->ciphertext[i]) {
+ status = srtp_err_status_algo_fail;
+ debug_print(srtp_mod_cipher, "test case %d failed", case_num);
+ debug_print(srtp_mod_cipher, "(failure at byte %d)", i);
+ break;
+ }
+ }
+ if (status) {
+
+ debug_print(srtp_mod_cipher, "c computed: %s",
+ srtp_octet_string_hex_string(buffer,
+ 2 * test_case->plaintext_length_octets));
+ debug_print(srtp_mod_cipher, "c expected: %s",
+ srtp_octet_string_hex_string(test_case->ciphertext,
+ 2 * test_case->plaintext_length_octets));
+
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_algo_fail;
+ }
+
+ /*
+ * test the decrypt function
+ */
+ debug_print(srtp_mod_cipher, "testing decryption", NULL);
+
+ /* re-initialize cipher for decryption */
+ status = srtp_cipher_init(c, test_case->key);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+
+ /* copy ciphertext into test buffer */
+ if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) {
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_bad_param;
+ }
+ for (i = 0; i < test_case->ciphertext_length_octets; i++) {
+ buffer[i] = test_case->ciphertext[i];
+ }
+
+ debug_print(srtp_mod_cipher, "ciphertext: %s",
+ srtp_octet_string_hex_string(buffer,
+ test_case->plaintext_length_octets));
+
+ /* set the initialization vector */
+ status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_decrypt);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+
+ if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) {
+ /*
+ * Set the AAD
+ */
+ status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ debug_print(srtp_mod_cipher, "AAD: %s",
+ srtp_octet_string_hex_string(test_case->aad,
+ test_case->aad_length_octets));
+ }
+
+ /* decrypt */
+ len = test_case->ciphertext_length_octets;
+ status = srtp_cipher_decrypt(c, buffer, &len);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+
+ debug_print(srtp_mod_cipher, "plaintext: %s",
+ srtp_octet_string_hex_string(buffer,
+ test_case->plaintext_length_octets));
+
+ /* compare the resulting plaintext with that in the test case */
+ if (len != test_case->plaintext_length_octets) {
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_algo_fail;
+ }
+ status = srtp_err_status_ok;
+ for (i = 0; i < test_case->plaintext_length_octets; i++) {
+ if (buffer[i] != test_case->plaintext[i]) {
+ status = srtp_err_status_algo_fail;
+ debug_print(srtp_mod_cipher, "test case %d failed", case_num);
+ debug_print(srtp_mod_cipher, "(failure at byte %d)", i);
+ }
+ }
+ if (status) {
+
+ debug_print(srtp_mod_cipher, "p computed: %s",
+ srtp_octet_string_hex_string(buffer,
+ 2 * test_case->plaintext_length_octets));
+ debug_print(srtp_mod_cipher, "p expected: %s",
+ srtp_octet_string_hex_string(test_case->plaintext,
+ 2 * test_case->plaintext_length_octets));
+
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_algo_fail;
+ }
+
+ /* deallocate the cipher */
+ status = srtp_cipher_dealloc(c);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * the cipher passed the test case, so move on to the next test
+ * case in the list; if NULL, we'l proceed to the next test
+ */
+ test_case = test_case->next_test_case;
+ ++case_num;
}
- status = cipher_decrypt(c, buffer, &length);
- if (status) {
- cipher_dealloc(c);
- return status;
- }
- debug_print(mod_cipher, "plaintext[2]: %s",
- octet_string_hex_string(buffer, length));
+ /* now run some random invertibility tests */
- /* compare the resulting plaintext with the original one */
- if (length != (unsigned int)plaintext_len) {
- return err_status_algo_fail;
- }
- status = err_status_ok;
- for (i=0; i < plaintext_len; i++)
- if (buffer[i] != buffer2[i]) {
- status = err_status_algo_fail;
- debug_print(mod_cipher, "random test case %d failed", case_num);
- debug_print(mod_cipher, "(failure at byte %d)", i);
- }
+ /* allocate cipher, using paramaters from the first test case */
+ test_case = test_data;
+ status = srtp_cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets);
if (status) {
- cipher_dealloc(c);
- return err_status_algo_fail;
+ return status;
}
-
- }
- status = cipher_dealloc(c);
- if (status)
- return status;
+ for (j = 0; j < NUM_RAND_TESTS; j++) {
+ unsigned length;
+ int plaintext_len;
+ uint8_t key[MAX_KEY_LEN];
+ uint8_t iv[MAX_KEY_LEN];
- return err_status_ok;
+ /* choose a length at random (leaving room for IV and padding) */
+ length = rand() % (SELF_TEST_BUF_OCTETS - 64);
+ debug_print(srtp_mod_cipher, "random plaintext length %d\n", length);
+ status = srtp_cipher_rand(buffer, length);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+
+ debug_print(srtp_mod_cipher, "plaintext: %s",
+ srtp_octet_string_hex_string(buffer, length));
+
+ /* copy plaintext into second buffer */
+ for (i = 0; (unsigned int)i < length; i++) {
+ buffer2[i] = buffer[i];
+ }
+
+ /* choose a key at random */
+ if (test_case->key_length_octets > MAX_KEY_LEN) {
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_cant_check;
+ }
+ status = srtp_cipher_rand(key, test_case->key_length_octets);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+
+ /* chose a random initialization vector */
+ status = srtp_cipher_rand(iv, MAX_KEY_LEN);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+
+ /* initialize cipher */
+ status = srtp_cipher_init(c, key);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+
+ /* set initialization vector */
+ status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_encrypt);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+
+ if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) {
+ /*
+ * Set the AAD
+ */
+ status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ debug_print(srtp_mod_cipher, "AAD: %s",
+ srtp_octet_string_hex_string(test_case->aad,
+ test_case->aad_length_octets));
+ }
+
+ /* encrypt buffer with cipher */
+ plaintext_len = length;
+ status = srtp_cipher_encrypt(c, buffer, &length);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) {
+ /*
+ * Get the GCM tag
+ */
+ status = srtp_cipher_get_tag(c, buffer + length, &tag_len);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ length += tag_len;
+ }
+ debug_print(srtp_mod_cipher, "ciphertext: %s",
+ srtp_octet_string_hex_string(buffer, length));
+
+ /*
+ * re-initialize cipher for decryption, re-set the iv, then
+ * decrypt the ciphertext
+ */
+ status = srtp_cipher_init(c, key);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_decrypt);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) {
+ /*
+ * Set the AAD
+ */
+ status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+ debug_print(srtp_mod_cipher, "AAD: %s",
+ srtp_octet_string_hex_string(test_case->aad,
+ test_case->aad_length_octets));
+ }
+ status = srtp_cipher_decrypt(c, buffer, &length);
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return status;
+ }
+
+ debug_print(srtp_mod_cipher, "plaintext[2]: %s",
+ srtp_octet_string_hex_string(buffer, length));
+
+ /* compare the resulting plaintext with the original one */
+ if (length != plaintext_len) {
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_algo_fail;
+ }
+ status = srtp_err_status_ok;
+ for (i = 0; i < plaintext_len; i++) {
+ if (buffer[i] != buffer2[i]) {
+ status = srtp_err_status_algo_fail;
+ debug_print(srtp_mod_cipher, "random test case %d failed", case_num);
+ debug_print(srtp_mod_cipher, "(failure at byte %d)", i);
+ }
+ }
+ if (status) {
+ srtp_cipher_dealloc(c);
+ return srtp_err_status_algo_fail;
+ }
+
+ }
+
+ status = srtp_cipher_dealloc(c);
+ if (status) {
+ return status;
+ }
+
+ return srtp_err_status_ok;
}
-/*
- * cipher_type_self_test(ct) performs cipher_type_test on ct's internal
+/*
+ * srtp_cipher_type_self_test(ct) performs srtp_cipher_type_test on ct's internal
* list of test data.
*/
-
-err_status_t
-cipher_type_self_test(const cipher_type_t *ct) {
- return cipher_type_test(ct, ct->test_data);
+srtp_err_status_t srtp_cipher_type_self_test (const srtp_cipher_type_t *ct)
+{
+ return srtp_cipher_type_test(ct, ct->test_data);
}
/*
* cipher_bits_per_second(c, l, t) computes (an estimate of) the
* number of bits that a cipher implementation can encrypt in a second
- *
+ *
* c is a cipher (which MUST be allocated and initialized already), l
* is the length in octets of the test data to be encrypted, and t is
* the number of trials
*
* if an error is encountered, the value 0 is returned
*/
+uint64_t srtp_cipher_bits_per_second (srtp_cipher_t *c, int octets_in_buffer, int num_trials)
+{
+ int i;
+ v128_t nonce;
+ clock_t timer;
+ unsigned char *enc_buf;
+ unsigned int len = octets_in_buffer;
-uint64_t
-cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials) {
- int i;
- v128_t nonce;
- clock_t timer;
- unsigned char *enc_buf;
- unsigned int len = octets_in_buffer;
+ enc_buf = (unsigned char*)srtp_crypto_alloc(octets_in_buffer);
+ if (enc_buf == NULL) {
+ return 0; /* indicate bad parameters by returning null */
- enc_buf = (unsigned char*) crypto_alloc(octets_in_buffer);
- if (enc_buf == NULL)
- return 0; /* indicate bad parameters by returning null */
-
- /* time repeated trials */
- v128_set_to_zero(&nonce);
- timer = clock();
- for(i=0; i < num_trials; i++, nonce.v32[3] = i) {
- cipher_set_iv(c, &nonce, direction_encrypt);
- cipher_encrypt(c, enc_buf, &len);
- }
- timer = clock() - timer;
+ }
+ /* time repeated trials */
+ v128_set_to_zero(&nonce);
+ timer = clock();
+ for (i = 0; i < num_trials; i++, nonce.v32[3] = i) {
+ if (srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt) != srtp_err_status_ok) {
+ srtp_crypto_free(enc_buf);
+ return 0;
+ }
+ if (srtp_cipher_encrypt(c, enc_buf, &len) != srtp_err_status_ok) {
+ srtp_crypto_free(enc_buf);
+ return 0;
+ }
+ }
+ timer = clock() - timer;
- crypto_free(enc_buf);
+ srtp_crypto_free(enc_buf);
- if (timer == 0) {
- /* Too fast! */
- return 0;
- }
-
- return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer;
+ if (timer == 0) {
+ /* Too fast! */
+ return 0;
+ }
+
+ return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer;
}
diff --git a/libs/srtp/crypto/cipher/null_cipher.c b/libs/srtp/crypto/cipher/null_cipher.c
index 68d7aa70f5..46bf1126da 100644
--- a/libs/srtp/crypto/cipher/null_cipher.c
+++ b/libs/srtp/crypto/cipher/null_cipher.c
@@ -9,26 +9,26 @@
*/
/*
- *
- * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -44,96 +44,95 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include "datatypes.h"
#include "null_cipher.h"
+#include "err.h" /* for srtp_debug */
#include "alloc.h"
/* the null_cipher uses the cipher debug module */
-extern debug_module_t mod_cipher;
+extern srtp_debug_module_t srtp_mod_cipher;
-err_status_t
-null_cipher_alloc(cipher_t **c, int key_len, int tlen) {
- extern cipher_type_t null_cipher;
- uint8_t *pointer;
-
- debug_print(mod_cipher,
- "allocating cipher with key length %d", key_len);
+static srtp_err_status_t srtp_null_cipher_alloc (srtp_cipher_t **c, int key_len, int tlen)
+{
+ extern const srtp_cipher_type_t srtp_null_cipher;
- /* allocate memory a cipher of type null_cipher */
- pointer = (uint8_t*)crypto_alloc(sizeof(null_cipher_ctx_t) + sizeof(cipher_t));
- if (pointer == NULL)
- return err_status_alloc_fail;
+ debug_print(srtp_mod_cipher,
+ "allocating cipher with key length %d", key_len);
- /* set pointers */
- *c = (cipher_t *)pointer;
- (*c)->algorithm = NULL_CIPHER;
- (*c)->type = &null_cipher;
- (*c)->state = pointer + sizeof(cipher_t);
+ /* allocate memory a cipher of type null_cipher */
+ *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t));
+ if (*c == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+ memset(*c, 0x0, sizeof(srtp_cipher_t));
- /* set key size */
- (*c)->key_len = key_len;
+ /* set pointers */
+ (*c)->algorithm = SRTP_NULL_CIPHER;
+ (*c)->type = &srtp_null_cipher;
+ (*c)->state = (void *) 0x1; /* The null cipher does not maintain state */
+
+ /* set key size */
+ (*c)->key_len = key_len;
+
+ return srtp_err_status_ok;
- /* increment ref_count */
- null_cipher.ref_count++;
-
- return err_status_ok;
-
}
-err_status_t
-null_cipher_dealloc(cipher_t *c) {
- extern cipher_type_t null_cipher;
+static srtp_err_status_t srtp_null_cipher_dealloc (srtp_cipher_t *c)
+{
+ extern const srtp_cipher_type_t srtp_null_cipher;
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t *)c,
- sizeof(null_cipher_ctx_t) + sizeof(cipher_t));
+ /* zeroize entire state*/
+ octet_string_set_to_zero(c, sizeof(srtp_cipher_t));
- /* free memory of type null_cipher */
- crypto_free(c);
+ /* free memory of type null_cipher */
+ srtp_crypto_free(c);
+
+ return srtp_err_status_ok;
- /* decrement reference count */
- null_cipher.ref_count--;
-
- return err_status_ok;
-
}
-err_status_t
-null_cipher_init(null_cipher_ctx_t *ctx, const uint8_t *key, int key_len) {
+static srtp_err_status_t srtp_null_cipher_init (void *cv, const uint8_t *key)
+{
+ /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */
- debug_print(mod_cipher, "initializing null cipher", NULL);
+ debug_print(srtp_mod_cipher, "initializing null cipher", NULL);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-null_cipher_set_iv(null_cipher_ctx_t *c, void *iv) {
- return err_status_ok;
+static srtp_err_status_t srtp_null_cipher_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t dir)
+{
+ /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */
+ return srtp_err_status_ok;
}
-err_status_t
-null_cipher_encrypt(null_cipher_ctx_t *c,
- unsigned char *buf, unsigned int *bytes_to_encr) {
- return err_status_ok;
+static srtp_err_status_t srtp_null_cipher_encrypt (void *cv,
+ unsigned char *buf, unsigned int *bytes_to_encr)
+{
+ /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */
+ return srtp_err_status_ok;
}
-char
-null_cipher_description[] = "null cipher";
+static const char srtp_null_cipher_description[] = "null cipher";
-cipher_test_case_t
-null_cipher_test_0 = {
- 0, /* octets in key */
- NULL, /* key */
- 0, /* packet index */
- 0, /* octets in plaintext */
- NULL, /* plaintext */
- 0, /* octets in plaintext */
- NULL, /* ciphertext */
- 0,
- NULL,
- 0,
- NULL /* pointer to next testcase */
+static const srtp_cipher_test_case_t srtp_null_cipher_test_0 = {
+ 0, /* octets in key */
+ NULL, /* key */
+ 0, /* packet index */
+ 0, /* octets in plaintext */
+ NULL, /* plaintext */
+ 0, /* octets in plaintext */
+ NULL, /* ciphertext */
+ 0,
+ NULL,
+ 0,
+ NULL /* pointer to next testcase */
};
@@ -141,19 +140,17 @@ null_cipher_test_0 = {
* note: the decrypt function is idential to the encrypt function
*/
-cipher_type_t null_cipher = {
- (cipher_alloc_func_t) null_cipher_alloc,
- (cipher_dealloc_func_t) null_cipher_dealloc,
- (cipher_init_func_t) null_cipher_init,
- (cipher_set_aad_func_t) 0,
- (cipher_encrypt_func_t) null_cipher_encrypt,
- (cipher_decrypt_func_t) null_cipher_encrypt,
- (cipher_set_iv_func_t) null_cipher_set_iv,
- (cipher_get_tag_func_t) 0,
- (char *) null_cipher_description,
- (int) 0,
- (cipher_test_case_t *) &null_cipher_test_0,
- (debug_module_t *) NULL,
- (cipher_type_id_t) NULL_CIPHER
+const srtp_cipher_type_t srtp_null_cipher = {
+ srtp_null_cipher_alloc,
+ srtp_null_cipher_dealloc,
+ srtp_null_cipher_init,
+ 0, /* set_aad */
+ srtp_null_cipher_encrypt,
+ srtp_null_cipher_encrypt,
+ srtp_null_cipher_set_iv,
+ 0, /* get_tag */
+ srtp_null_cipher_description,
+ &srtp_null_cipher_test_0,
+ SRTP_NULL_CIPHER
};
diff --git a/libs/srtp/crypto/hash/auth.c b/libs/srtp/crypto/hash/auth.c
index aaf0269c71..c6ce3576f7 100644
--- a/libs/srtp/crypto/hash/auth.c
+++ b/libs/srtp/crypto/hash/auth.c
@@ -8,26 +8,26 @@
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -43,38 +43,39 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include "auth.h"
+#include "err.h" /* for srtp_debug */
+#include "datatypes.h" /* for octet_string */
/* the debug module for authentiation */
-debug_module_t mod_auth = {
- 0, /* debugging is off by default */
- "auth func" /* printable name for module */
+srtp_debug_module_t srtp_mod_auth = {
+ 0, /* debugging is off by default */
+ "auth func" /* printable name for module */
};
-int
-auth_get_key_length(const auth_t *a) {
- return a->key_len;
+int srtp_auth_get_key_length (const srtp_auth_t *a)
+{
+ return a->key_len;
}
-int
-auth_get_tag_length(const auth_t *a) {
- return a->out_len;
+int srtp_auth_get_tag_length (const srtp_auth_t *a)
+{
+ return a->out_len;
}
-int
-auth_get_prefix_length(const auth_t *a) {
- return a->prefix_len;
-}
-
-int
-auth_type_get_ref_count(const auth_type_t *at) {
- return at->ref_count;
+int srtp_auth_get_prefix_length (const srtp_auth_t *a)
+{
+ return a->prefix_len;
}
/*
- * auth_type_test() tests an auth function of type ct against
+ * srtp_auth_type_test() tests an auth function of type ct against
* test cases provided in a list test_data of values of key, data, and tag
* that is known to be good
*/
@@ -82,102 +83,108 @@ auth_type_get_ref_count(const auth_type_t *at) {
/* should be big enough for most occasions */
#define SELF_TEST_TAG_BUF_OCTETS 32
-err_status_t
-auth_type_test(const auth_type_t *at, const auth_test_case_t *test_data) {
- const auth_test_case_t *test_case = test_data;
- auth_t *a;
- err_status_t status;
- uint8_t tag[SELF_TEST_TAG_BUF_OCTETS];
- int i, case_num = 0;
+srtp_err_status_t
+srtp_auth_type_test (const srtp_auth_type_t *at, const srtp_auth_test_case_t *test_data)
+{
+ const srtp_auth_test_case_t *test_case = test_data;
+ srtp_auth_t *a;
+ srtp_err_status_t status;
+ uint8_t tag[SELF_TEST_TAG_BUF_OCTETS];
+ int i, case_num = 0;
- debug_print(mod_auth, "running self-test for auth function %s",
- at->description);
-
- /*
- * check to make sure that we have at least one test case, and
- * return an error if we don't - we need to be paranoid here
- */
- if (test_case == NULL)
- return err_status_cant_check;
+ debug_print(srtp_mod_auth, "running self-test for auth function %s",
+ at->description);
- /* loop over all test cases */
- while (test_case != NULL) {
-
- /* check test case parameters */
- if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS)
- return err_status_bad_param;
-
- /* allocate auth */
- status = auth_type_alloc(at, &a, test_case->key_length_octets,
- test_case->tag_length_octets);
- if (status)
- return status;
-
- /* initialize auth */
- status = auth_init(a, test_case->key);
- if (status) {
- auth_dealloc(a);
- return status;
+ /*
+ * check to make sure that we have at least one test case, and
+ * return an error if we don't - we need to be paranoid here
+ */
+ if (test_case == NULL) {
+ return srtp_err_status_cant_check;
}
- /* zeroize tag then compute */
- octet_string_set_to_zero(tag, test_case->tag_length_octets);
- status = auth_compute(a, test_case->data,
- test_case->data_length_octets, tag);
- if (status) {
- auth_dealloc(a);
- return status;
- }
-
- debug_print(mod_auth, "key: %s",
- octet_string_hex_string(test_case->key,
- test_case->key_length_octets));
- debug_print(mod_auth, "data: %s",
- octet_string_hex_string(test_case->data,
- test_case->data_length_octets));
- debug_print(mod_auth, "tag computed: %s",
- octet_string_hex_string(tag, test_case->tag_length_octets));
- debug_print(mod_auth, "tag expected: %s",
- octet_string_hex_string(test_case->tag,
- test_case->tag_length_octets));
+ /* loop over all test cases */
+ while (test_case != NULL) {
- /* check the result */
- status = err_status_ok;
- for (i=0; i < test_case->tag_length_octets; i++)
- if (tag[i] != test_case->tag[i]) {
- status = err_status_algo_fail;
- debug_print(mod_auth, "test case %d failed", case_num);
- debug_print(mod_auth, " (mismatch at octet %d)", i);
- }
- if (status) {
- auth_dealloc(a);
- return err_status_algo_fail;
+ /* check test case parameters */
+ if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS) {
+ return srtp_err_status_bad_param;
+ }
+
+ /* allocate auth */
+ status = srtp_auth_type_alloc(at, &a, test_case->key_length_octets,
+ test_case->tag_length_octets);
+ if (status) {
+ return status;
+ }
+
+ /* initialize auth */
+ status = srtp_auth_init(a, test_case->key);
+ if (status) {
+ srtp_auth_dealloc(a);
+ return status;
+ }
+
+ /* zeroize tag then compute */
+ octet_string_set_to_zero(tag, test_case->tag_length_octets);
+ status = srtp_auth_compute(a, test_case->data,
+ test_case->data_length_octets, tag);
+ if (status) {
+ srtp_auth_dealloc(a);
+ return status;
+ }
+
+ debug_print(srtp_mod_auth, "key: %s",
+ srtp_octet_string_hex_string(test_case->key,
+ test_case->key_length_octets));
+ debug_print(srtp_mod_auth, "data: %s",
+ srtp_octet_string_hex_string(test_case->data,
+ test_case->data_length_octets));
+ debug_print(srtp_mod_auth, "tag computed: %s",
+ srtp_octet_string_hex_string(tag, test_case->tag_length_octets));
+ debug_print(srtp_mod_auth, "tag expected: %s",
+ srtp_octet_string_hex_string(test_case->tag,
+ test_case->tag_length_octets));
+
+ /* check the result */
+ status = srtp_err_status_ok;
+ for (i = 0; i < test_case->tag_length_octets; i++) {
+ if (tag[i] != test_case->tag[i]) {
+ status = srtp_err_status_algo_fail;
+ debug_print(srtp_mod_auth, "test case %d failed", case_num);
+ debug_print(srtp_mod_auth, " (mismatch at octet %d)", i);
+ }
+ }
+ if (status) {
+ srtp_auth_dealloc(a);
+ return srtp_err_status_algo_fail;
+ }
+
+ /* deallocate the auth function */
+ status = srtp_auth_dealloc(a);
+ if (status) {
+ return status;
+ }
+
+ /*
+ * the auth function passed the test case, so move on to the next test
+ * case in the list; if NULL, we'll quit and return an OK
+ */
+ test_case = test_case->next_test_case;
+ ++case_num;
}
-
- /* deallocate the auth function */
- status = auth_dealloc(a);
- if (status)
- return status;
-
- /*
- * the auth function passed the test case, so move on to the next test
- * case in the list; if NULL, we'll quit and return an OK
- */
- test_case = test_case->next_test_case;
- ++case_num;
- }
-
- return err_status_ok;
+
+ return srtp_err_status_ok;
}
-/*
- * auth_type_self_test(at) performs auth_type_test on at's internal
+/*
+ * auth_type_self_test(at) performs srtp_auth_type_test on at's internal
* list of test data.
*/
-err_status_t
-auth_type_self_test(const auth_type_t *at) {
- return auth_type_test(at, at->test_data);
+srtp_err_status_t srtp_auth_type_self_test (const srtp_auth_type_t *at)
+{
+ return srtp_auth_type_test(at, at->test_data);
}
diff --git a/libs/srtp/crypto/hash/hmac.c b/libs/srtp/crypto/hash/hmac.c
index 4f389fe18e..416f17be26 100644
--- a/libs/srtp/crypto/hash/hmac.c
+++ b/libs/srtp/crypto/hash/hmac.c
@@ -1,32 +1,32 @@
/*
* hmac.c
*
- * implementation of hmac auth_type_t
+ * implementation of hmac srtp_auth_type_t
*
* David A. McGrew
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -42,227 +42,225 @@
*
*/
-#include "hmac.h"
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
+#include "hmac.h"
#include "alloc.h"
/* the debug module for authentiation */
-debug_module_t mod_hmac = {
- 0, /* debugging is off by default */
- "hmac sha-1" /* printable name for module */
+srtp_debug_module_t srtp_mod_hmac = {
+ 0, /* debugging is off by default */
+ "hmac sha-1" /* printable name for module */
};
-err_status_t
-hmac_alloc(auth_t **a, int key_len, int out_len) {
- extern auth_type_t hmac;
- uint8_t *pointer;
+static srtp_err_status_t srtp_hmac_alloc (srtp_auth_t **a, int key_len, int out_len)
+{
+ extern const srtp_auth_type_t srtp_hmac;
+ uint8_t *pointer;
- debug_print(mod_hmac, "allocating auth func with key length %d", key_len);
- debug_print(mod_hmac, " tag length %d", out_len);
+ debug_print(srtp_mod_hmac, "allocating auth func with key length %d", key_len);
+ debug_print(srtp_mod_hmac, " tag length %d", out_len);
- /*
- * check key length - note that we don't support keys larger
- * than 20 bytes yet
- */
- if (key_len > 20)
- return err_status_bad_param;
-
- /* check output length - should be less than 20 bytes */
- if (out_len > 20)
- return err_status_bad_param;
-
- /* allocate memory for auth and hmac_ctx_t structures */
- pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t));
- if (pointer == NULL)
- return err_status_alloc_fail;
-
- /* set pointers */
- *a = (auth_t *)pointer;
- (*a)->type = &hmac;
- (*a)->state = pointer + sizeof(auth_t);
- (*a)->out_len = out_len;
- (*a)->key_len = key_len;
- (*a)->prefix_len = 0;
-
- /* increment global count of all hmac uses */
- hmac.ref_count++;
-
- return err_status_ok;
-}
-
-err_status_t
-hmac_dealloc(auth_t *a) {
- extern auth_type_t hmac;
-
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t *)a,
- sizeof(hmac_ctx_t) + sizeof(auth_t));
-
- /* free memory */
- crypto_free(a);
-
- /* decrement global count of all hmac uses */
- hmac.ref_count--;
-
- return err_status_ok;
-}
-
-err_status_t
-hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len) {
- int i;
- uint8_t ipad[64];
-
/*
- * check key length - note that we don't support keys larger
- * than 20 bytes yet
- */
- if (key_len > 20)
- return err_status_bad_param;
-
- /*
- * set values of ipad and opad by exoring the key into the
- * appropriate constant values
- */
- for (i=0; i < key_len; i++) {
- ipad[i] = key[i] ^ 0x36;
- state->opad[i] = key[i] ^ 0x5c;
- }
- /* set the rest of ipad, opad to constant values */
- for ( ; i < 64; i++) {
- ipad[i] = 0x36;
- ((uint8_t *)state->opad)[i] = 0x5c;
- }
+ * check key length - note that we don't support keys larger
+ * than 20 bytes yet
+ */
+ if (key_len > 20) {
+ return srtp_err_status_bad_param;
+ }
- debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64));
-
- /* initialize sha1 context */
- sha1_init(&state->init_ctx);
+ /* check output length - should be less than 20 bytes */
+ if (out_len > 20) {
+ return srtp_err_status_bad_param;
+ }
- /* hash ipad ^ key */
- sha1_update(&state->init_ctx, ipad, 64);
- memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t));
+ /* allocate memory for auth and srtp_hmac_ctx_t structures */
+ pointer = (uint8_t*)srtp_crypto_alloc(sizeof(srtp_hmac_ctx_t) + sizeof(srtp_auth_t));
+ if (pointer == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
- return err_status_ok;
+ /* set pointers */
+ *a = (srtp_auth_t*)pointer;
+ (*a)->type = &srtp_hmac;
+ (*a)->state = pointer + sizeof(srtp_auth_t);
+ (*a)->out_len = out_len;
+ (*a)->key_len = key_len;
+ (*a)->prefix_len = 0;
+
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_start(hmac_ctx_t *state) {
-
- memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t));
+static srtp_err_status_t srtp_hmac_dealloc (srtp_auth_t *a)
+{
+ /* zeroize entire state*/
+ octet_string_set_to_zero(a, sizeof(srtp_hmac_ctx_t) + sizeof(srtp_auth_t));
- return err_status_ok;
+ /* free memory */
+ srtp_crypto_free(a);
+
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets) {
+static srtp_err_status_t srtp_hmac_init (void *statev, const uint8_t *key, int key_len)
+{
+ srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
+ int i;
+ uint8_t ipad[64];
- debug_print(mod_hmac, "input: %s",
- octet_string_hex_string(message, msg_octets));
-
- /* hash message into sha1 context */
- sha1_update(&state->ctx, message, msg_octets);
+ /*
+ * check key length - note that we don't support keys larger
+ * than 20 bytes yet
+ */
+ if (key_len > 20) {
+ return srtp_err_status_bad_param;
+ }
- return err_status_ok;
+ /*
+ * set values of ipad and opad by exoring the key into the
+ * appropriate constant values
+ */
+ for (i = 0; i < key_len; i++) {
+ ipad[i] = key[i] ^ 0x36;
+ state->opad[i] = key[i] ^ 0x5c;
+ }
+ /* set the rest of ipad, opad to constant values */
+ for (; i < 64; i++) {
+ ipad[i] = 0x36;
+ ((uint8_t*)state->opad)[i] = 0x5c;
+ }
+
+ debug_print(srtp_mod_hmac, "ipad: %s", srtp_octet_string_hex_string(ipad, 64));
+
+ /* initialize sha1 context */
+ srtp_sha1_init(&state->init_ctx);
+
+ /* hash ipad ^ key */
+ srtp_sha1_update(&state->init_ctx, ipad, 64);
+ memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t));
+
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_compute(hmac_ctx_t *state, const void *message,
- int msg_octets, int tag_len, uint8_t *result) {
- uint32_t hash_value[5];
- uint32_t H[5];
- int i;
+static srtp_err_status_t srtp_hmac_start (void *statev)
+{
+ srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
- /* check tag length, return error if we can't provide the value expected */
- if (tag_len > 20)
- return err_status_bad_param;
-
- /* hash message, copy output into H */
- hmac_update(state, (const uint8_t*)message, msg_octets);
- sha1_final(&state->ctx, H);
+ memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t));
- /*
- * note that we don't need to debug_print() the input, since the
- * function hmac_update() already did that for us
- */
- debug_print(mod_hmac, "intermediate state: %s",
- octet_string_hex_string((uint8_t *)H, 20));
+ return srtp_err_status_ok;
+}
- /* re-initialize hash context */
- sha1_init(&state->ctx);
-
- /* hash opad ^ key */
- sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
+static srtp_err_status_t srtp_hmac_update (void *statev, const uint8_t *message, int msg_octets)
+{
+ srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
- /* hash the result of the inner hash */
- sha1_update(&state->ctx, (uint8_t *)H, 20);
-
- /* the result is returned in the array hash_value[] */
- sha1_final(&state->ctx, hash_value);
+ debug_print(srtp_mod_hmac, "input: %s",
+ srtp_octet_string_hex_string(message, msg_octets));
- /* copy hash_value to *result */
- for (i=0; i < tag_len; i++)
- result[i] = ((uint8_t *)hash_value)[i];
+ /* hash message into sha1 context */
+ srtp_sha1_update(&state->ctx, message, msg_octets);
- debug_print(mod_hmac, "output: %s",
- octet_string_hex_string((uint8_t *)hash_value, tag_len));
+ return srtp_err_status_ok;
+}
- return err_status_ok;
+static srtp_err_status_t srtp_hmac_compute (void *statev, const uint8_t *message,
+ int msg_octets, int tag_len, uint8_t *result)
+{
+ srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
+ uint32_t hash_value[5];
+ uint32_t H[5];
+ int i;
+
+ /* check tag length, return error if we can't provide the value expected */
+ if (tag_len > 20) {
+ return srtp_err_status_bad_param;
+ }
+
+ /* hash message, copy output into H */
+ srtp_hmac_update(state, message, msg_octets);
+ srtp_sha1_final(&state->ctx, H);
+
+ /*
+ * note that we don't need to debug_print() the input, since the
+ * function hmac_update() already did that for us
+ */
+ debug_print(srtp_mod_hmac, "intermediate state: %s",
+ srtp_octet_string_hex_string((uint8_t*)H, 20));
+
+ /* re-initialize hash context */
+ srtp_sha1_init(&state->ctx);
+
+ /* hash opad ^ key */
+ srtp_sha1_update(&state->ctx, (uint8_t*)state->opad, 64);
+
+ /* hash the result of the inner hash */
+ srtp_sha1_update(&state->ctx, (uint8_t*)H, 20);
+
+ /* the result is returned in the array hash_value[] */
+ srtp_sha1_final(&state->ctx, hash_value);
+
+ /* copy hash_value to *result */
+ for (i = 0; i < tag_len; i++) {
+ result[i] = ((uint8_t*)hash_value)[i];
+ }
+
+ debug_print(srtp_mod_hmac, "output: %s",
+ srtp_octet_string_hex_string((uint8_t*)hash_value, tag_len));
+
+ return srtp_err_status_ok;
}
/* begin test case 0 */
-uint8_t
-hmac_test_case_0_key[20] = {
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b
+static const uint8_t srtp_hmac_test_case_0_key[20] = {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b
};
-uint8_t
-hmac_test_case_0_data[8] = {
- 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */
+static const uint8_t srtp_hmac_test_case_0_data[8] = {
+ 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */
};
-uint8_t
-hmac_test_case_0_tag[20] = {
- 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
- 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
- 0xf1, 0x46, 0xbe, 0x00
+static const uint8_t srtp_hmac_test_case_0_tag[20] = {
+ 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
+ 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
+ 0xf1, 0x46, 0xbe, 0x00
};
-auth_test_case_t
-hmac_test_case_0 = {
- 20, /* octets in key */
- hmac_test_case_0_key, /* key */
- 8, /* octets in data */
- hmac_test_case_0_data, /* data */
- 20, /* octets in tag */
- hmac_test_case_0_tag, /* tag */
- NULL /* pointer to next testcase */
+static const srtp_auth_test_case_t srtp_hmac_test_case_0 = {
+ 20, /* octets in key */
+ srtp_hmac_test_case_0_key, /* key */
+ 8, /* octets in data */
+ srtp_hmac_test_case_0_data, /* data */
+ 20, /* octets in tag */
+ srtp_hmac_test_case_0_tag, /* tag */
+ NULL /* pointer to next testcase */
};
/* end test case 0 */
-char hmac_description[] = "hmac sha-1 authentication function";
+static const char srtp_hmac_description[] = "hmac sha-1 authentication function";
/*
- * auth_type_t hmac is the hmac metaobject
+ * srtp_auth_type_t hmac is the hmac metaobject
*/
-auth_type_t
-hmac = {
- (auth_alloc_func) hmac_alloc,
- (auth_dealloc_func) hmac_dealloc,
- (auth_init_func) hmac_init,
- (auth_compute_func) hmac_compute,
- (auth_update_func) hmac_update,
- (auth_start_func) hmac_start,
- (char *) hmac_description,
- (int) 0, /* instance count */
- (auth_test_case_t *) &hmac_test_case_0,
- (debug_module_t *) &mod_hmac,
- (auth_type_id_t) HMAC_SHA1
+const srtp_auth_type_t srtp_hmac = {
+ srtp_hmac_alloc,
+ srtp_hmac_dealloc,
+ srtp_hmac_init,
+ srtp_hmac_compute,
+ srtp_hmac_update,
+ srtp_hmac_start,
+ srtp_hmac_description,
+ &srtp_hmac_test_case_0,
+ SRTP_HMAC_SHA1
};
diff --git a/libs/srtp/crypto/hash/hmac_ossl.c b/libs/srtp/crypto/hash/hmac_ossl.c
index dcf91b57ea..f99646b58f 100644
--- a/libs/srtp/crypto/hash/hmac_ossl.c
+++ b/libs/srtp/crypto/hash/hmac_ossl.c
@@ -1,14 +1,14 @@
/*
* hmac_ossl.c
*
- * Implementation of hmac auth_type_t that leverages OpenSSL
+ * Implementation of hmac srtp_auth_type_t that leverages OpenSSL
*
* John A. Foley
* Cisco Systems, Inc.
*/
/*
*
- * Copyright(c) 2013, Cisco Systems, Inc.
+ * Copyright(c) 2013-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -42,256 +42,217 @@
*
*/
-#include "hmac.h"
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
+#include "auth.h"
#include "alloc.h"
+#include "err.h" /* for srtp_debug */
#include
+#include
+
+#define SHA1_DIGEST_SIZE 20
/* the debug module for authentiation */
-debug_module_t mod_hmac = {
+srtp_debug_module_t srtp_mod_hmac = {
0, /* debugging is off by default */
"hmac sha-1 openssl" /* printable name for module */
};
-err_status_t
-hmac_alloc (auth_t **a, int key_len, int out_len)
+static srtp_err_status_t srtp_hmac_alloc (srtp_auth_t **a, int key_len, int out_len)
{
- extern auth_type_t hmac;
- uint8_t *pointer;
- hmac_ctx_t *new_hmac_ctx;
+ extern const srtp_auth_type_t srtp_hmac;
- debug_print(mod_hmac, "allocating auth func with key length %d", key_len);
- debug_print(mod_hmac, " tag length %d", out_len);
-
- /*
- * check key length - note that we don't support keys larger
- * than 20 bytes yet
- */
- if (key_len > 20) {
- return err_status_bad_param;
- }
+ debug_print(srtp_mod_hmac, "allocating auth func with key length %d", key_len);
+ debug_print(srtp_mod_hmac, " tag length %d", out_len);
/* check output length - should be less than 20 bytes */
- if (out_len > 20) {
- return err_status_bad_param;
+ if (out_len > SHA1_DIGEST_SIZE) {
+ return srtp_err_status_bad_param;
}
- /* allocate memory for auth and hmac_ctx_t structures */
- pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t));
- if (pointer == NULL) {
- return err_status_alloc_fail;
+/* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated
+ using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ {
+ /* allocate memory for auth and HMAC_CTX structures */
+ uint8_t* pointer;
+ HMAC_CTX *new_hmac_ctx;
+ pointer = (uint8_t*)srtp_crypto_alloc(sizeof(HMAC_CTX) + sizeof(srtp_auth_t));
+ if (pointer == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+ *a = (srtp_auth_t*)pointer;
+ (*a)->state = pointer + sizeof(srtp_auth_t);
+ new_hmac_ctx = (HMAC_CTX*)((*a)->state);
+
+ HMAC_CTX_init(new_hmac_ctx);
}
+#else
+ *a = (srtp_auth_t*)srtp_crypto_alloc(sizeof(srtp_auth_t));
+ if (*a == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+
+ (*a)->state = HMAC_CTX_new();
+ if ((*a)->state == NULL) {
+ srtp_crypto_free(*a);
+ *a = NULL;
+ return srtp_err_status_alloc_fail;
+ }
+#endif
+
/* set pointers */
- *a = (auth_t*)pointer;
- (*a)->type = &hmac;
- (*a)->state = pointer + sizeof(auth_t);
+ (*a)->type = &srtp_hmac;
(*a)->out_len = out_len;
(*a)->key_len = key_len;
(*a)->prefix_len = 0;
- new_hmac_ctx = (hmac_ctx_t*)((*a)->state);
- memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t));
- /* increment global count of all hmac uses */
- hmac.ref_count++;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_dealloc (auth_t *a)
+static srtp_err_status_t srtp_hmac_dealloc (srtp_auth_t *a)
{
- extern auth_type_t hmac;
- hmac_ctx_t *hmac_ctx;
+ HMAC_CTX *hmac_ctx;
- hmac_ctx = (hmac_ctx_t*)a->state;
- if (hmac_ctx->ctx_initialized) {
- EVP_MD_CTX_cleanup(&hmac_ctx->ctx);
- }
- if (hmac_ctx->init_ctx_initialized) {
- EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx);
- }
+ hmac_ctx = (HMAC_CTX*)a->state;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ HMAC_CTX_cleanup(hmac_ctx);
/* zeroize entire state*/
- octet_string_set_to_zero((uint8_t*)a,
- sizeof(hmac_ctx_t) + sizeof(auth_t));
+ octet_string_set_to_zero(a, sizeof(HMAC_CTX) + sizeof(srtp_auth_t));
+
+#else
+ HMAC_CTX_free(hmac_ctx);
+
+ /* zeroize entire state*/
+ octet_string_set_to_zero(a, sizeof(srtp_auth_t));
+#endif
/* free memory */
- crypto_free(a);
+ srtp_crypto_free(a);
- /* decrement global count of all hmac uses */
- hmac.ref_count--;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len)
+static srtp_err_status_t srtp_hmac_start (void *statev)
{
- int i;
- uint8_t ipad[64];
+ HMAC_CTX *state = (HMAC_CTX *)statev;
- /*
- * check key length - note that we don't support keys larger
- * than 20 bytes yet
- */
- if (key_len > 20) {
- return err_status_bad_param;
- }
+ if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0)
+ return srtp_err_status_auth_fail;
- /*
- * set values of ipad and opad by exoring the key into the
- * appropriate constant values
- */
- for (i = 0; i < key_len; i++) {
- ipad[i] = key[i] ^ 0x36;
- state->opad[i] = key[i] ^ 0x5c;
- }
- /* set the rest of ipad, opad to constant values */
- for (; i < 64; i++) {
- ipad[i] = 0x36;
- ((uint8_t*)state->opad)[i] = 0x5c;
- }
-
- debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64));
-
- /* initialize sha1 context */
- sha1_init(&state->init_ctx);
- state->init_ctx_initialized = 1;
-
- /* hash ipad ^ key */
- sha1_update(&state->init_ctx, ipad, 64);
- return (hmac_start(state));
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_start (hmac_ctx_t *state)
+static srtp_err_status_t srtp_hmac_init (void *statev, const uint8_t *key, int key_len)
{
- if (state->ctx_initialized) {
- EVP_MD_CTX_cleanup(&state->ctx);
- }
- if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) {
- return err_status_auth_fail;
- } else {
- state->ctx_initialized = 1;
- return err_status_ok;
- }
+ HMAC_CTX *state = (HMAC_CTX *)statev;
+
+ if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0)
+ return srtp_err_status_auth_fail;
+
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets)
+static srtp_err_status_t srtp_hmac_update (void *statev, const uint8_t *message, int msg_octets)
{
+ HMAC_CTX *state = (HMAC_CTX *)statev;
- debug_print(mod_hmac, "input: %s",
- octet_string_hex_string(message, msg_octets));
+ debug_print(srtp_mod_hmac, "input: %s",
+ srtp_octet_string_hex_string(message, msg_octets));
- /* hash message into sha1 context */
- sha1_update(&state->ctx, message, msg_octets);
+ if (HMAC_Update(state, message, msg_octets) == 0)
+ return srtp_err_status_auth_fail;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-hmac_compute (hmac_ctx_t *state, const void *message,
+static srtp_err_status_t srtp_hmac_compute (void *statev, const uint8_t *message,
int msg_octets, int tag_len, uint8_t *result)
{
- uint32_t hash_value[5];
- uint32_t H[5];
+ HMAC_CTX *state = (HMAC_CTX *)statev;
+ uint8_t hash_value[SHA1_DIGEST_SIZE];
int i;
+ unsigned int len;
/* check tag length, return error if we can't provide the value expected */
- if (tag_len > 20) {
- return err_status_bad_param;
+ if (tag_len > SHA1_DIGEST_SIZE) {
+ return srtp_err_status_bad_param;
}
/* hash message, copy output into H */
- sha1_update(&state->ctx, message, msg_octets);
- sha1_final(&state->ctx, H);
+ if (HMAC_Update(state, message, msg_octets) == 0)
+ return srtp_err_status_auth_fail;
- /*
- * note that we don't need to debug_print() the input, since the
- * function hmac_update() already did that for us
- */
- debug_print(mod_hmac, "intermediate state: %s",
- octet_string_hex_string((uint8_t*)H, 20));
+ if (HMAC_Final(state, hash_value, &len) == 0)
+ return srtp_err_status_auth_fail;
- /* re-initialize hash context */
- sha1_init(&state->ctx);
-
- /* hash opad ^ key */
- sha1_update(&state->ctx, (uint8_t*)state->opad, 64);
-
- /* hash the result of the inner hash */
- sha1_update(&state->ctx, (uint8_t*)H, 20);
-
- /* the result is returned in the array hash_value[] */
- sha1_final(&state->ctx, hash_value);
+ if (len < tag_len)
+ return srtp_err_status_auth_fail;
/* copy hash_value to *result */
for (i = 0; i < tag_len; i++) {
- result[i] = ((uint8_t*)hash_value)[i];
+ result[i] = hash_value[i];
}
- debug_print(mod_hmac, "output: %s",
- octet_string_hex_string((uint8_t*)hash_value, tag_len));
+ debug_print(srtp_mod_hmac, "output: %s",
+ srtp_octet_string_hex_string(hash_value, tag_len));
- return err_status_ok;
+ return srtp_err_status_ok;
}
/* begin test case 0 */
-uint8_t
- hmac_test_case_0_key[20] = {
+static const uint8_t srtp_hmac_test_case_0_key[SHA1_DIGEST_SIZE] = {
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b
};
-uint8_t
- hmac_test_case_0_data[8] = {
+static const uint8_t srtp_hmac_test_case_0_data[8] = {
0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */
};
-uint8_t
- hmac_test_case_0_tag[20] = {
+static const uint8_t srtp_hmac_test_case_0_tag[SHA1_DIGEST_SIZE] = {
0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
0xf1, 0x46, 0xbe, 0x00
};
-auth_test_case_t
- hmac_test_case_0 = {
- 20, /* octets in key */
- hmac_test_case_0_key, /* key */
- 8, /* octets in data */
- hmac_test_case_0_data, /* data */
- 20, /* octets in tag */
- hmac_test_case_0_tag, /* tag */
- NULL /* pointer to next testcase */
+static const srtp_auth_test_case_t srtp_hmac_test_case_0 = {
+ sizeof(srtp_hmac_test_case_0_key), /* octets in key */
+ srtp_hmac_test_case_0_key, /* key */
+ sizeof(srtp_hmac_test_case_0_data), /* octets in data */
+ srtp_hmac_test_case_0_data, /* data */
+ sizeof(srtp_hmac_test_case_0_tag), /* octets in tag */
+ srtp_hmac_test_case_0_tag, /* tag */
+ NULL /* pointer to next testcase */
};
/* end test case 0 */
-char hmac_description[] = "hmac sha-1 authentication function";
+static const char srtp_hmac_description[] = "hmac sha-1 authentication function";
/*
- * auth_type_t hmac is the hmac metaobject
+ * srtp_auth_type_t hmac is the hmac metaobject
*/
-auth_type_t
- hmac = {
- (auth_alloc_func) hmac_alloc,
- (auth_dealloc_func) hmac_dealloc,
- (auth_init_func) hmac_init,
- (auth_compute_func) hmac_compute,
- (auth_update_func) hmac_update,
- (auth_start_func) hmac_start,
- (char*) hmac_description,
- (int) 0, /* instance count */
- (auth_test_case_t*) &hmac_test_case_0,
- (debug_module_t*) &mod_hmac,
- (auth_type_id_t) HMAC_SHA1
+const srtp_auth_type_t srtp_hmac = {
+ srtp_hmac_alloc,
+ srtp_hmac_dealloc,
+ srtp_hmac_init,
+ srtp_hmac_compute,
+ srtp_hmac_update,
+ srtp_hmac_start,
+ srtp_hmac_description,
+ &srtp_hmac_test_case_0,
+ SRTP_HMAC_SHA1
};
diff --git a/libs/srtp/crypto/hash/null_auth.c b/libs/srtp/crypto/hash/null_auth.c
index 103444bc53..2d99027caa 100644
--- a/libs/srtp/crypto/hash/null_auth.c
+++ b/libs/srtp/crypto/hash/null_auth.c
@@ -9,26 +9,26 @@
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -44,119 +44,117 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
-#include "null_auth.h"
+#include "null_auth.h"
+#include "err.h" /* for srtp_debug */
#include "alloc.h"
/* null_auth uses the auth debug module */
-extern debug_module_t mod_auth;
+extern srtp_debug_module_t srtp_mod_auth;
-err_status_t
-null_auth_alloc(auth_t **a, int key_len, int out_len) {
- extern auth_type_t null_auth;
- uint8_t *pointer;
+static srtp_err_status_t srtp_null_auth_alloc (srtp_auth_t **a, int key_len, int out_len)
+{
+ extern const srtp_auth_type_t srtp_null_auth;
+ uint8_t *pointer;
- debug_print(mod_auth, "allocating auth func with key length %d", key_len);
- debug_print(mod_auth, " tag length %d", out_len);
+ debug_print(srtp_mod_auth, "allocating auth func with key length %d", key_len);
+ debug_print(srtp_mod_auth, " tag length %d", out_len);
- /* allocate memory for auth and null_auth_ctx_t structures */
- pointer = (uint8_t*)crypto_alloc(sizeof(null_auth_ctx_t) + sizeof(auth_t));
- if (pointer == NULL)
- return err_status_alloc_fail;
+ /* allocate memory for auth and srtp_null_auth_ctx_t structures */
+ pointer = (uint8_t*)srtp_crypto_alloc(sizeof(srtp_null_auth_ctx_t) + sizeof(srtp_auth_t));
+ if (pointer == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
- /* set pointers */
- *a = (auth_t *)pointer;
- (*a)->type = &null_auth;
- (*a)->state = pointer + sizeof (auth_t);
- (*a)->out_len = out_len;
- (*a)->prefix_len = out_len;
- (*a)->key_len = key_len;
+ /* set pointers */
+ *a = (srtp_auth_t*)pointer;
+ (*a)->type = &srtp_null_auth;
+ (*a)->state = pointer + sizeof(srtp_auth_t);
+ (*a)->out_len = out_len;
+ (*a)->prefix_len = out_len;
+ (*a)->key_len = key_len;
- /* increment global count of all null_auth uses */
- null_auth.ref_count++;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-null_auth_dealloc(auth_t *a) {
- extern auth_type_t null_auth;
-
- /* zeroize entire state*/
- octet_string_set_to_zero((uint8_t *)a,
- sizeof(null_auth_ctx_t) + sizeof(auth_t));
+static srtp_err_status_t srtp_null_auth_dealloc (srtp_auth_t *a)
+{
+ extern const srtp_auth_type_t srtp_null_auth;
- /* free memory */
- crypto_free(a);
-
- /* decrement global count of all null_auth uses */
- null_auth.ref_count--;
+ /* zeroize entire state*/
+ octet_string_set_to_zero(a, sizeof(srtp_null_auth_ctx_t) + sizeof(srtp_auth_t));
- return err_status_ok;
+ /* free memory */
+ srtp_crypto_free(a);
+
+ return srtp_err_status_ok;
}
-err_status_t
-null_auth_init(null_auth_ctx_t *state, const uint8_t *key, int key_len) {
+static srtp_err_status_t srtp_null_auth_init (void *statev, const uint8_t *key, int key_len)
+{
+ /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */
+ /* accept any length of key, and do nothing */
- /* accept any length of key, and do nothing */
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-null_auth_compute(null_auth_ctx_t *state, uint8_t *message,
- int msg_octets, int tag_len, uint8_t *result) {
+static srtp_err_status_t srtp_null_auth_compute (void *statev, const uint8_t *message,
+ int msg_octets, int tag_len, uint8_t *result)
+{
+ /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-null_auth_update(null_auth_ctx_t *state, uint8_t *message,
- int msg_octets) {
+static srtp_err_status_t srtp_null_auth_update (void *statev, const uint8_t *message,
+ int msg_octets)
+{
+ /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-null_auth_start(null_auth_ctx_t *state) {
- return err_status_ok;
+static srtp_err_status_t srtp_null_auth_start (void *statev)
+{
+ /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */
+
+ return srtp_err_status_ok;
}
/*
- * auth_type_t - defines description, test case, and null_auth
+ * srtp_auth_type_t - defines description, test case, and null_auth
* metaobject
*/
/* begin test case 0 */
-auth_test_case_t
-null_auth_test_case_0 = {
- 0, /* octets in key */
- NULL, /* key */
- 0, /* octets in data */
- NULL, /* data */
- 0, /* octets in tag */
- NULL, /* tag */
- NULL /* pointer to next testcase */
+static const srtp_auth_test_case_t srtp_null_auth_test_case_0 = {
+ 0, /* octets in key */
+ NULL, /* key */
+ 0, /* octets in data */
+ NULL, /* data */
+ 0, /* octets in tag */
+ NULL, /* tag */
+ NULL /* pointer to next testcase */
};
/* end test case 0 */
-char null_auth_description[] = "null authentication function";
+static const char srtp_null_auth_description[] = "null authentication function";
-auth_type_t
-null_auth = {
- (auth_alloc_func) null_auth_alloc,
- (auth_dealloc_func) null_auth_dealloc,
- (auth_init_func) null_auth_init,
- (auth_compute_func) null_auth_compute,
- (auth_update_func) null_auth_update,
- (auth_start_func) null_auth_start,
- (char *) null_auth_description,
- (int) 0, /* instance count */
- (auth_test_case_t *) &null_auth_test_case_0,
- (debug_module_t *) NULL,
- (auth_type_id_t) NULL_AUTH
+const srtp_auth_type_t srtp_null_auth = {
+ srtp_null_auth_alloc,
+ srtp_null_auth_dealloc,
+ srtp_null_auth_init,
+ srtp_null_auth_compute,
+ srtp_null_auth_update,
+ srtp_null_auth_start,
+ srtp_null_auth_description,
+ &srtp_null_auth_test_case_0,
+ SRTP_NULL_AUTH
};
diff --git a/libs/srtp/crypto/hash/sha1.c b/libs/srtp/crypto/hash/sha1.c
index b9a8d10509..94528899c6 100644
--- a/libs/srtp/crypto/hash/sha1.c
+++ b/libs/srtp/crypto/hash/sha1.c
@@ -9,26 +9,26 @@
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -44,12 +44,15 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
#include "sha1.h"
-debug_module_t mod_sha1 = {
- 0, /* debugging is off by default */
- "sha-1" /* printable module name */
+srtp_debug_module_t srtp_mod_sha1 = {
+ 0, /* debugging is off by default */
+ "sha-1" /* printable module name */
};
/* SN == Rotate left N bits */
@@ -57,14 +60,14 @@ debug_module_t mod_sha1 = {
#define S5(X) ((X << 5) | (X >> 27))
#define S30(X) ((X << 30) | (X >> 2))
-#define f0(B,C,D) ((B & C) | (~B & D))
-#define f1(B,C,D) (B ^ C ^ D)
-#define f2(B,C,D) ((B & C) | (B & D) | (C & D))
-#define f3(B,C,D) (B ^ C ^ D)
+#define f0(B, C, D) ((B & C) | (~B & D))
+#define f1(B, C, D) (B ^ C ^ D)
+#define f2(B, C, D) ((B & C) | (B & D) | (C & D))
+#define f3(B, C, D) (B ^ C ^ D)
-/*
- * nota bene: the variable K0 appears in the curses library, so we
- * give longer names to these variables to avoid spurious warnings
+/*
+ * nota bene: the variable K0 appears in the curses library, so we
+ * give longer names to these variables to avoid spurious warnings
* on systems that uses curses
*/
@@ -73,18 +76,18 @@ uint32_t SHA_K1 = 0x6ED9EBA1; /* Kt for 20 <= t <= 39 */
uint32_t SHA_K2 = 0x8F1BBCDC; /* Kt for 40 <= t <= 59 */
uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */
-void
-sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) {
- sha1_ctx_t ctx;
+void srtp_sha1 (const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5])
+{
+ srtp_sha1_ctx_t ctx;
- sha1_init(&ctx);
- sha1_update(&ctx, msg, octets_in_msg);
- sha1_final(&ctx, hash_value);
+ srtp_sha1_init(&ctx);
+ srtp_sha1_update(&ctx, msg, octets_in_msg);
+ srtp_sha1_final(&ctx, hash_value);
}
/*
- * sha1_core(M, H) computes the core compression function, where M is
+ * srtp_sha1_core(M, H) computes the core compression function, where M is
* the next part of the message (in network byte order) and H is the
* intermediate state { H0, H1, ...} (in host byte order)
*
@@ -95,310 +98,316 @@ sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) {
* (crypto/cipher/seal.c)
*/
-void
-sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
- uint32_t H0;
- uint32_t H1;
- uint32_t H2;
- uint32_t H3;
- uint32_t H4;
- uint32_t W[80];
- uint32_t A, B, C, D, E, TEMP;
- int t;
+void srtp_sha1_core (const uint32_t M[16], uint32_t hash_value[5])
+{
+ uint32_t H0;
+ uint32_t H1;
+ uint32_t H2;
+ uint32_t H3;
+ uint32_t H4;
+ uint32_t W[80];
+ uint32_t A, B, C, D, E, TEMP;
+ int t;
- /* copy hash_value into H0, H1, H2, H3, H4 */
- H0 = hash_value[0];
- H1 = hash_value[1];
- H2 = hash_value[2];
- H3 = hash_value[3];
- H4 = hash_value[4];
+ /* copy hash_value into H0, H1, H2, H3, H4 */
+ H0 = hash_value[0];
+ H1 = hash_value[1];
+ H2 = hash_value[2];
+ H3 = hash_value[3];
+ H4 = hash_value[4];
- /* copy/xor message into array */
+ /* copy/xor message into array */
- W[0] = be32_to_cpu(M[0]);
- W[1] = be32_to_cpu(M[1]);
- W[2] = be32_to_cpu(M[2]);
- W[3] = be32_to_cpu(M[3]);
- W[4] = be32_to_cpu(M[4]);
- W[5] = be32_to_cpu(M[5]);
- W[6] = be32_to_cpu(M[6]);
- W[7] = be32_to_cpu(M[7]);
- W[8] = be32_to_cpu(M[8]);
- W[9] = be32_to_cpu(M[9]);
- W[10] = be32_to_cpu(M[10]);
- W[11] = be32_to_cpu(M[11]);
- W[12] = be32_to_cpu(M[12]);
- W[13] = be32_to_cpu(M[13]);
- W[14] = be32_to_cpu(M[14]);
- W[15] = be32_to_cpu(M[15]);
- TEMP = W[13] ^ W[8] ^ W[2] ^ W[0]; W[16] = S1(TEMP);
- TEMP = W[14] ^ W[9] ^ W[3] ^ W[1]; W[17] = S1(TEMP);
- TEMP = W[15] ^ W[10] ^ W[4] ^ W[2]; W[18] = S1(TEMP);
- TEMP = W[16] ^ W[11] ^ W[5] ^ W[3]; W[19] = S1(TEMP);
- TEMP = W[17] ^ W[12] ^ W[6] ^ W[4]; W[20] = S1(TEMP);
- TEMP = W[18] ^ W[13] ^ W[7] ^ W[5]; W[21] = S1(TEMP);
- TEMP = W[19] ^ W[14] ^ W[8] ^ W[6]; W[22] = S1(TEMP);
- TEMP = W[20] ^ W[15] ^ W[9] ^ W[7]; W[23] = S1(TEMP);
- TEMP = W[21] ^ W[16] ^ W[10] ^ W[8]; W[24] = S1(TEMP);
- TEMP = W[22] ^ W[17] ^ W[11] ^ W[9]; W[25] = S1(TEMP);
- TEMP = W[23] ^ W[18] ^ W[12] ^ W[10]; W[26] = S1(TEMP);
- TEMP = W[24] ^ W[19] ^ W[13] ^ W[11]; W[27] = S1(TEMP);
- TEMP = W[25] ^ W[20] ^ W[14] ^ W[12]; W[28] = S1(TEMP);
- TEMP = W[26] ^ W[21] ^ W[15] ^ W[13]; W[29] = S1(TEMP);
- TEMP = W[27] ^ W[22] ^ W[16] ^ W[14]; W[30] = S1(TEMP);
- TEMP = W[28] ^ W[23] ^ W[17] ^ W[15]; W[31] = S1(TEMP);
+ W[0] = be32_to_cpu(M[0]);
+ W[1] = be32_to_cpu(M[1]);
+ W[2] = be32_to_cpu(M[2]);
+ W[3] = be32_to_cpu(M[3]);
+ W[4] = be32_to_cpu(M[4]);
+ W[5] = be32_to_cpu(M[5]);
+ W[6] = be32_to_cpu(M[6]);
+ W[7] = be32_to_cpu(M[7]);
+ W[8] = be32_to_cpu(M[8]);
+ W[9] = be32_to_cpu(M[9]);
+ W[10] = be32_to_cpu(M[10]);
+ W[11] = be32_to_cpu(M[11]);
+ W[12] = be32_to_cpu(M[12]);
+ W[13] = be32_to_cpu(M[13]);
+ W[14] = be32_to_cpu(M[14]);
+ W[15] = be32_to_cpu(M[15]);
+ TEMP = W[13] ^ W[8] ^ W[2] ^ W[0]; W[16] = S1(TEMP);
+ TEMP = W[14] ^ W[9] ^ W[3] ^ W[1]; W[17] = S1(TEMP);
+ TEMP = W[15] ^ W[10] ^ W[4] ^ W[2]; W[18] = S1(TEMP);
+ TEMP = W[16] ^ W[11] ^ W[5] ^ W[3]; W[19] = S1(TEMP);
+ TEMP = W[17] ^ W[12] ^ W[6] ^ W[4]; W[20] = S1(TEMP);
+ TEMP = W[18] ^ W[13] ^ W[7] ^ W[5]; W[21] = S1(TEMP);
+ TEMP = W[19] ^ W[14] ^ W[8] ^ W[6]; W[22] = S1(TEMP);
+ TEMP = W[20] ^ W[15] ^ W[9] ^ W[7]; W[23] = S1(TEMP);
+ TEMP = W[21] ^ W[16] ^ W[10] ^ W[8]; W[24] = S1(TEMP);
+ TEMP = W[22] ^ W[17] ^ W[11] ^ W[9]; W[25] = S1(TEMP);
+ TEMP = W[23] ^ W[18] ^ W[12] ^ W[10]; W[26] = S1(TEMP);
+ TEMP = W[24] ^ W[19] ^ W[13] ^ W[11]; W[27] = S1(TEMP);
+ TEMP = W[25] ^ W[20] ^ W[14] ^ W[12]; W[28] = S1(TEMP);
+ TEMP = W[26] ^ W[21] ^ W[15] ^ W[13]; W[29] = S1(TEMP);
+ TEMP = W[27] ^ W[22] ^ W[16] ^ W[14]; W[30] = S1(TEMP);
+ TEMP = W[28] ^ W[23] ^ W[17] ^ W[15]; W[31] = S1(TEMP);
- /* process the remainder of the array */
- for (t=32; t < 80; t++) {
- TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
- W[t] = S1(TEMP);
- }
-
- A = H0; B = H1; C = H2; D = H3; E = H4;
-
- for (t=0; t < 20; t++) {
- TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 40; t++) {
- TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 60; t++) {
- TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 80; t++) {
- TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
-
- hash_value[0] = H0 + A;
- hash_value[1] = H1 + B;
- hash_value[2] = H2 + C;
- hash_value[3] = H3 + D;
- hash_value[4] = H4 + E;
-
- return;
-}
-
-void
-sha1_init(sha1_ctx_t *ctx) {
-
- /* initialize state vector */
- ctx->H[0] = 0x67452301;
- ctx->H[1] = 0xefcdab89;
- ctx->H[2] = 0x98badcfe;
- ctx->H[3] = 0x10325476;
- ctx->H[4] = 0xc3d2e1f0;
-
- /* indicate that message buffer is empty */
- ctx->octets_in_buffer = 0;
-
- /* reset message bit-count to zero */
- ctx->num_bits_in_msg = 0;
-
-}
-
-void
-sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
- int i;
- uint8_t *buf = (uint8_t *)ctx->M;
-
- /* update message bit-count */
- ctx->num_bits_in_msg += octets_in_msg * 8;
-
- /* loop over 16-word blocks of M */
- while (octets_in_msg > 0) {
-
- if (octets_in_msg + ctx->octets_in_buffer >= 64) {
-
- /*
- * copy words of M into msg buffer until that buffer is full,
- * converting them into host byte order as needed
- */
- octets_in_msg -= (64 - ctx->octets_in_buffer);
- for (i=ctx->octets_in_buffer; i < 64; i++)
- buf[i] = *msg++;
- ctx->octets_in_buffer = 0;
-
- /* process a whole block */
-
- debug_print(mod_sha1, "(update) running sha1_core()", NULL);
-
- sha1_core(ctx->M, ctx->H);
-
- } else {
-
- debug_print(mod_sha1, "(update) not running sha1_core()", NULL);
-
- for (i=ctx->octets_in_buffer;
- i < (ctx->octets_in_buffer + octets_in_msg); i++)
- buf[i] = *msg++;
- ctx->octets_in_buffer += octets_in_msg;
- octets_in_msg = 0;
+ /* process the remainder of the array */
+ for (t = 32; t < 80; t++) {
+ TEMP = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
+ W[t] = S1(TEMP);
}
- }
+ A = H0; B = H1; C = H2; D = H3; E = H4;
+
+ for (t = 0; t < 20; t++) {
+ TEMP = S5(A) + f0(B, C, D) + E + W[t] + SHA_K0;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 40; t++) {
+ TEMP = S5(A) + f1(B, C, D) + E + W[t] + SHA_K1;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 60; t++) {
+ TEMP = S5(A) + f2(B, C, D) + E + W[t] + SHA_K2;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 80; t++) {
+ TEMP = S5(A) + f3(B, C, D) + E + W[t] + SHA_K3;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+
+ hash_value[0] = H0 + A;
+ hash_value[1] = H1 + B;
+ hash_value[2] = H2 + C;
+ hash_value[3] = H3 + D;
+ hash_value[4] = H4 + E;
+
+ return;
+}
+
+void srtp_sha1_init (srtp_sha1_ctx_t *ctx)
+{
+
+ /* initialize state vector */
+ ctx->H[0] = 0x67452301;
+ ctx->H[1] = 0xefcdab89;
+ ctx->H[2] = 0x98badcfe;
+ ctx->H[3] = 0x10325476;
+ ctx->H[4] = 0xc3d2e1f0;
+
+ /* indicate that message buffer is empty */
+ ctx->octets_in_buffer = 0;
+
+ /* reset message bit-count to zero */
+ ctx->num_bits_in_msg = 0;
+
+}
+
+void srtp_sha1_update (srtp_sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg)
+{
+ int i;
+ uint8_t *buf = (uint8_t*)ctx->M;
+
+ /* update message bit-count */
+ ctx->num_bits_in_msg += octets_in_msg * 8;
+
+ /* loop over 16-word blocks of M */
+ while (octets_in_msg > 0) {
+
+ if (octets_in_msg + ctx->octets_in_buffer >= 64) {
+
+ /*
+ * copy words of M into msg buffer until that buffer is full,
+ * converting them into host byte order as needed
+ */
+ octets_in_msg -= (64 - ctx->octets_in_buffer);
+ for (i = ctx->octets_in_buffer; i < 64; i++) {
+ buf[i] = *msg++;
+ }
+ ctx->octets_in_buffer = 0;
+
+ /* process a whole block */
+
+ debug_print(srtp_mod_sha1, "(update) running srtp_sha1_core()", NULL);
+
+ srtp_sha1_core(ctx->M, ctx->H);
+
+ } else {
+
+ debug_print(srtp_mod_sha1, "(update) not running srtp_sha1_core()", NULL);
+
+ for (i = ctx->octets_in_buffer;
+ i < (ctx->octets_in_buffer + octets_in_msg); i++) {
+ buf[i] = *msg++;
+ }
+ ctx->octets_in_buffer += octets_in_msg;
+ octets_in_msg = 0;
+ }
+
+ }
}
/*
- * sha1_final(ctx, output) computes the result for ctx and copies it
+ * srtp_sha1_final(ctx, output) computes the result for ctx and copies it
* into the twenty octets located at *output
*/
-void
-sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
- uint32_t A, B, C, D, E, TEMP;
- uint32_t W[80];
- int i, t;
+void srtp_sha1_final (srtp_sha1_ctx_t *ctx, uint32_t *output)
+{
+ uint32_t A, B, C, D, E, TEMP;
+ uint32_t W[80];
+ int i, t;
- /*
- * process the remaining octets_in_buffer, padding and terminating as
- * necessary
- */
- {
- int tail = ctx->octets_in_buffer % 4;
-
- /* copy/xor message into array */
- for (i=0; i < (ctx->octets_in_buffer+3)/4; i++)
- W[i] = be32_to_cpu(ctx->M[i]);
-
- /* set the high bit of the octet immediately following the message */
- switch (tail) {
- case (3):
- W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xffffff00) | 0x80;
- W[i] = 0x0;
- break;
- case (2):
- W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xffff0000) | 0x8000;
- W[i] = 0x0;
- break;
- case (1):
- W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xff000000) | 0x800000;
- W[i] = 0x0;
- break;
- case (0):
- W[i] = 0x80000000;
- break;
- }
-
- /* zeroize remaining words */
- for (i++ ; i < 15; i++)
- W[i] = 0x0;
-
- /*
- * if there is room at the end of the word array, then set the
- * last word to the bit-length of the message; otherwise, set that
- * word to zero and then we need to do one more run of the
- * compression algo.
+ /*
+ * process the remaining octets_in_buffer, padding and terminating as
+ * necessary
*/
- if (ctx->octets_in_buffer < 56)
- W[15] = ctx->num_bits_in_msg;
- else if (ctx->octets_in_buffer < 60)
- W[15] = 0x0;
+ {
+ int tail = ctx->octets_in_buffer % 4;
+
+ /* copy/xor message into array */
+ for (i = 0; i < (ctx->octets_in_buffer + 3) / 4; i++) {
+ W[i] = be32_to_cpu(ctx->M[i]);
+ }
+
+ /* set the high bit of the octet immediately following the message */
+ switch (tail) {
+ case (3):
+ W[i - 1] = (be32_to_cpu(ctx->M[i - 1]) & 0xffffff00) | 0x80;
+ W[i] = 0x0;
+ break;
+ case (2):
+ W[i - 1] = (be32_to_cpu(ctx->M[i - 1]) & 0xffff0000) | 0x8000;
+ W[i] = 0x0;
+ break;
+ case (1):
+ W[i - 1] = (be32_to_cpu(ctx->M[i - 1]) & 0xff000000) | 0x800000;
+ W[i] = 0x0;
+ break;
+ case (0):
+ W[i] = 0x80000000;
+ break;
+ }
+
+ /* zeroize remaining words */
+ for (i++; i < 15; i++) {
+ W[i] = 0x0;
+ }
+
+ /*
+ * if there is room at the end of the word array, then set the
+ * last word to the bit-length of the message; otherwise, set that
+ * word to zero and then we need to do one more run of the
+ * compression algo.
+ */
+ if (ctx->octets_in_buffer < 56) {
+ W[15] = ctx->num_bits_in_msg;
+ } else if (ctx->octets_in_buffer < 60) {
+ W[15] = 0x0;
+ }
+
+ /* process the word array */
+ for (t = 16; t < 80; t++) {
+ TEMP = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
+ W[t] = S1(TEMP);
+ }
+
+ A = ctx->H[0];
+ B = ctx->H[1];
+ C = ctx->H[2];
+ D = ctx->H[3];
+ E = ctx->H[4];
+
+ for (t = 0; t < 20; t++) {
+ TEMP = S5(A) + f0(B, C, D) + E + W[t] + SHA_K0;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 40; t++) {
+ TEMP = S5(A) + f1(B, C, D) + E + W[t] + SHA_K1;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 60; t++) {
+ TEMP = S5(A) + f2(B, C, D) + E + W[t] + SHA_K2;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 80; t++) {
+ TEMP = S5(A) + f3(B, C, D) + E + W[t] + SHA_K3;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+
+ ctx->H[0] += A;
+ ctx->H[1] += B;
+ ctx->H[2] += C;
+ ctx->H[3] += D;
+ ctx->H[4] += E;
- /* process the word array */
- for (t=16; t < 80; t++) {
- TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
- W[t] = S1(TEMP);
}
- A = ctx->H[0];
- B = ctx->H[1];
- C = ctx->H[2];
- D = ctx->H[3];
- E = ctx->H[4];
+ debug_print(srtp_mod_sha1, "(final) running srtp_sha1_core()", NULL);
- for (t=0; t < 20; t++) {
- TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 40; t++) {
- TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 60; t++) {
- TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 80; t++) {
- TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
+ if (ctx->octets_in_buffer >= 56) {
+
+ debug_print(srtp_mod_sha1, "(final) running srtp_sha1_core() again", NULL);
+
+ /* we need to do one final run of the compression algo */
+
+ /*
+ * set initial part of word array to zeros, and set the
+ * final part to the number of bits in the message
+ */
+ for (i = 0; i < 15; i++) {
+ W[i] = 0x0;
+ }
+ W[15] = ctx->num_bits_in_msg;
+
+ /* process the word array */
+ for (t = 16; t < 80; t++) {
+ TEMP = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16];
+ W[t] = S1(TEMP);
+ }
+
+ A = ctx->H[0];
+ B = ctx->H[1];
+ C = ctx->H[2];
+ D = ctx->H[3];
+ E = ctx->H[4];
+
+ for (t = 0; t < 20; t++) {
+ TEMP = S5(A) + f0(B, C, D) + E + W[t] + SHA_K0;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 40; t++) {
+ TEMP = S5(A) + f1(B, C, D) + E + W[t] + SHA_K1;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 60; t++) {
+ TEMP = S5(A) + f2(B, C, D) + E + W[t] + SHA_K2;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+ for (; t < 80; t++) {
+ TEMP = S5(A) + f3(B, C, D) + E + W[t] + SHA_K3;
+ E = D; D = C; C = S30(B); B = A; A = TEMP;
+ }
+
+ ctx->H[0] += A;
+ ctx->H[1] += B;
+ ctx->H[2] += C;
+ ctx->H[3] += D;
+ ctx->H[4] += E;
}
- ctx->H[0] += A;
- ctx->H[1] += B;
- ctx->H[2] += C;
- ctx->H[3] += D;
- ctx->H[4] += E;
+ /* copy result into output buffer */
+ output[0] = be32_to_cpu(ctx->H[0]);
+ output[1] = be32_to_cpu(ctx->H[1]);
+ output[2] = be32_to_cpu(ctx->H[2]);
+ output[3] = be32_to_cpu(ctx->H[3]);
+ output[4] = be32_to_cpu(ctx->H[4]);
- }
+ /* indicate that message buffer in context is empty */
+ ctx->octets_in_buffer = 0;
- debug_print(mod_sha1, "(final) running sha1_core()", NULL);
-
- if (ctx->octets_in_buffer >= 56) {
-
- debug_print(mod_sha1, "(final) running sha1_core() again", NULL);
-
- /* we need to do one final run of the compression algo */
-
- /*
- * set initial part of word array to zeros, and set the
- * final part to the number of bits in the message
- */
- for (i=0; i < 15; i++)
- W[i] = 0x0;
- W[15] = ctx->num_bits_in_msg;
-
- /* process the word array */
- for (t=16; t < 80; t++) {
- TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16];
- W[t] = S1(TEMP);
- }
-
- A = ctx->H[0];
- B = ctx->H[1];
- C = ctx->H[2];
- D = ctx->H[3];
- E = ctx->H[4];
-
- for (t=0; t < 20; t++) {
- TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 40; t++) {
- TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 60; t++) {
- TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
- for ( ; t < 80; t++) {
- TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3;
- E = D; D = C; C = S30(B); B = A; A = TEMP;
- }
-
- ctx->H[0] += A;
- ctx->H[1] += B;
- ctx->H[2] += C;
- ctx->H[3] += D;
- ctx->H[4] += E;
- }
-
- /* copy result into output buffer */
- output[0] = be32_to_cpu(ctx->H[0]);
- output[1] = be32_to_cpu(ctx->H[1]);
- output[2] = be32_to_cpu(ctx->H[2]);
- output[3] = be32_to_cpu(ctx->H[3]);
- output[4] = be32_to_cpu(ctx->H[4]);
-
- /* indicate that message buffer in context is empty */
- ctx->octets_in_buffer = 0;
-
- return;
+ return;
}
diff --git a/libs/srtp/crypto/include/.cvsignore b/libs/srtp/crypto/include/.cvsignore
deleted file mode 100644
index 0e56cf2f8c..0000000000
--- a/libs/srtp/crypto/include/.cvsignore
+++ /dev/null
@@ -1 +0,0 @@
-config.h
diff --git a/libs/srtp/crypto/include/aes.h b/libs/srtp/crypto/include/aes.h
index 288133743f..007163c534 100644
--- a/libs/srtp/crypto/include/aes.h
+++ b/libs/srtp/crypto/include/aes.h
@@ -8,26 +8,26 @@
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -43,48 +43,39 @@
*
*/
-#ifndef _AES_H
-#define _AES_H
-
-#include "config.h"
+#ifndef AES_H
+#define AES_H
#include "datatypes.h"
-#include "gf2_8.h"
#include "err.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* aes internals */
typedef struct {
- v128_t round[15];
- int num_rounds;
-} aes_expanded_key_t;
+ v128_t round[15];
+ int num_rounds;
+} srtp_aes_expanded_key_t;
-err_status_t
-aes_expand_encryption_key(const uint8_t *key,
- int key_len,
- aes_expanded_key_t *expanded_key);
+srtp_err_status_t srtp_aes_expand_encryption_key(
+ const uint8_t *key,
+ int key_len,
+ srtp_aes_expanded_key_t *expanded_key);
-err_status_t
-aes_expand_decryption_key(const uint8_t *key,
- int key_len,
- aes_expanded_key_t *expanded_key);
+srtp_err_status_t srtp_aes_expand_decryption_key(
+ const uint8_t *key,
+ int key_len,
+ srtp_aes_expanded_key_t *expanded_key);
-void
-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
+void srtp_aes_encrypt(v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key);
-void
-aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
+void srtp_aes_decrypt(v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key);
-#if 0
-/*
- * internal functions
- */
+#ifdef __cplusplus
+}
+#endif
-void
-aes_init_sbox(void);
-
-void
-aes_compute_tables(void);
-#endif
-
-#endif /* _AES_H */
+#endif /* AES_H */
diff --git a/libs/srtp/crypto/include/aes_cbc.h b/libs/srtp/crypto/include/aes_cbc.h
deleted file mode 100644
index f92591d968..0000000000
--- a/libs/srtp/crypto/include/aes_cbc.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * aes_cbc.h
- *
- * Header for AES Cipher Blobk Chaining Mode.
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- *
- */
-
-#ifndef AES_CBC_H
-#define AES_CBC_H
-
-#include "aes.h"
-#include "cipher.h"
-
-typedef struct {
- v128_t state; /* cipher chaining state */
- v128_t previous; /* previous ciphertext block */
- uint8_t key[32];
- int key_len;
- aes_expanded_key_t expanded_key; /* the cipher key */
-} aes_cbc_ctx_t;
-
-err_status_t
-aes_cbc_set_key(aes_cbc_ctx_t *c,
- const unsigned char *key);
-
-err_status_t
-aes_cbc_encrypt(aes_cbc_ctx_t *c,
- unsigned char *buf,
- unsigned int *bytes_in_data);
-
-err_status_t
-aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key,
- int key_len);
-
-err_status_t
-aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv, int direction);
-
-err_status_t
-aes_cbc_nist_encrypt(aes_cbc_ctx_t *c,
- unsigned char *data,
- unsigned int *bytes_in_data);
-
-err_status_t
-aes_cbc_nist_decrypt(aes_cbc_ctx_t *c,
- unsigned char *data,
- unsigned int *bytes_in_data);
-
-#endif /* AES_CBC_H */
-
diff --git a/libs/srtp/crypto/include/aes_gcm_ossl.h b/libs/srtp/crypto/include/aes_gcm_ossl.h
index 8e7711dc52..8b0d7a0264 100644
--- a/libs/srtp/crypto/include/aes_gcm_ossl.h
+++ b/libs/srtp/crypto/include/aes_gcm_ossl.h
@@ -8,26 +8,26 @@
*
*/
/*
- *
- * Copyright (c) 2013, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2013-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -48,16 +48,16 @@
#include "cipher.h"
#include "srtp.h"
+#include "datatypes.h"
#include
#include
typedef struct {
- v256_t key;
- int key_size;
- int tag_len;
- EVP_CIPHER_CTX ctx;
- cipher_direction_t dir;
-} aes_gcm_ctx_t;
+ int key_size;
+ int tag_len;
+ EVP_CIPHER_CTX* ctx;
+ srtp_cipher_direction_t dir;
+} srtp_aes_gcm_ctx_t;
#endif /* AES_GCM_OSSL_H */
diff --git a/libs/srtp/crypto/include/aes_icm.h b/libs/srtp/crypto/include/aes_icm.h
index 685a6d4c77..90fbd5e35d 100644
--- a/libs/srtp/crypto/include/aes_icm.h
+++ b/libs/srtp/crypto/include/aes_icm.h
@@ -8,6 +8,42 @@
*
*/
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
#ifndef AES_ICM_H
#define AES_ICM_H
@@ -15,46 +51,13 @@
#include "cipher.h"
typedef struct {
- v128_t counter; /* holds the counter value */
- v128_t offset; /* initial offset value */
- v128_t keystream_buffer; /* buffers bytes of keystream */
- aes_expanded_key_t expanded_key; /* the cipher key */
- int bytes_in_buffer; /* number of unused bytes in buffer */
-} aes_icm_ctx_t;
-
-
-err_status_t
-aes_icm_context_init(aes_icm_ctx_t *c,
- const unsigned char *key,
- int key_len);
-
-err_status_t
-aes_icm_set_iv(aes_icm_ctx_t *c, void *iv, int direction);
-
-err_status_t
-aes_icm_encrypt(aes_icm_ctx_t *c,
- unsigned char *buf, unsigned int *bytes_to_encr);
-
-err_status_t
-aes_icm_output(aes_icm_ctx_t *c,
- unsigned char *buf, int bytes_to_output);
-
-err_status_t
-aes_icm_dealloc(cipher_t *c);
-
-err_status_t
-aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
- unsigned char *buf,
- unsigned int *enc_len,
- int forIsmacryp);
-
-err_status_t
-aes_icm_alloc_ismacryp(cipher_t **c,
- int key_len,
- int forIsmacryp);
-
-uint16_t
-aes_icm_bytes_encrypted(aes_icm_ctx_t *c);
+ v128_t counter; /* holds the counter value */
+ v128_t offset; /* initial offset value */
+ v128_t keystream_buffer; /* buffers bytes of keystream */
+ srtp_aes_expanded_key_t expanded_key; /* the cipher key */
+ int bytes_in_buffer; /* number of unused bytes in buffer */
+ int key_size; /* AES key size + 14 byte SALT */
+} srtp_aes_icm_ctx_t;
#endif /* AES_ICM_H */
diff --git a/libs/srtp/crypto/include/aes_icm_ossl.h b/libs/srtp/crypto/include/aes_icm_ossl.h
index 89da7e0693..1dddd755fc 100644
--- a/libs/srtp/crypto/include/aes_icm_ossl.h
+++ b/libs/srtp/crypto/include/aes_icm_ossl.h
@@ -9,7 +9,7 @@
*/
/*
*
- * Copyright (c) 2001-2005,2012, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -47,27 +47,16 @@
#define AES_ICM_H
#include "cipher.h"
+#include "datatypes.h"
#include
#include
-#define SALT_SIZE 14
-#define AES_128_KEYSIZE AES_BLOCK_SIZE
-#define AES_192_KEYSIZE AES_BLOCK_SIZE + AES_BLOCK_SIZE / 2
-#define AES_256_KEYSIZE AES_BLOCK_SIZE * 2
-#define AES_128_KEYSIZE_WSALT AES_128_KEYSIZE + SALT_SIZE
-#define AES_192_KEYSIZE_WSALT AES_192_KEYSIZE + SALT_SIZE
-#define AES_256_KEYSIZE_WSALT AES_256_KEYSIZE + SALT_SIZE
-
typedef struct {
v128_t counter; /* holds the counter value */
v128_t offset; /* initial offset value */
- v256_t key;
int key_size;
- EVP_CIPHER_CTX ctx;
-} aes_icm_ctx_t;
-
-err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir);
-
+ EVP_CIPHER_CTX* ctx;
+} srtp_aes_icm_ctx_t;
#endif /* AES_ICM_H */
diff --git a/libs/srtp/crypto/include/alloc.h b/libs/srtp/crypto/include/alloc.h
index 5980eed6c1..0bd2a90820 100644
--- a/libs/srtp/crypto/include/alloc.h
+++ b/libs/srtp/crypto/include/alloc.h
@@ -8,7 +8,7 @@
*/
/*
*
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -48,10 +48,16 @@
#include "datatypes.h"
-void *
-crypto_alloc(size_t size);
+#ifdef __cplusplus
+extern "C" {
+#endif
-void
-crypto_free(void *ptr);
+void * srtp_crypto_alloc(size_t size);
+
+void srtp_crypto_free(void *ptr);
+
+#ifdef __cplusplus
+}
+#endif
#endif /* CRYPTO_ALLOC_H */
diff --git a/libs/srtp/crypto/include/auth.h b/libs/srtp/crypto/include/auth.h
index 5b5e4b21d4..7870b29450 100644
--- a/libs/srtp/crypto/include/auth.h
+++ b/libs/srtp/crypto/include/auth.h
@@ -8,26 +8,26 @@
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -43,129 +43,124 @@
*
*/
-#ifndef AUTH_H
-#define AUTH_H
+#ifndef SRTP_AUTH_H
+#define SRTP_AUTH_H
-#include "datatypes.h"
-#include "err.h" /* error codes */
-#include "crypto.h" /* for auth_type_id_t */
-#include "crypto_types.h" /* for values of auth_type_id_t */
+#include "srtp.h"
+#include "crypto_types.h" /* for values of auth_type_id_t */
-typedef struct auth_type_t *auth_type_pointer;
-typedef struct auth_t *auth_pointer_t;
+#ifdef __cplusplus
+extern "C" {
+#endif
-typedef err_status_t (*auth_alloc_func)
- (auth_pointer_t *ap, int key_len, int out_len);
+typedef const struct srtp_auth_type_t *srtp_auth_type_pointer;
+typedef struct srtp_auth_t *srtp_auth_pointer_t;
-typedef err_status_t (*auth_init_func)
- (void *state, const uint8_t *key, int key_len);
+typedef srtp_err_status_t (*srtp_auth_alloc_func)
+ (srtp_auth_pointer_t *ap, int key_len, int out_len);
-typedef err_status_t (*auth_dealloc_func)(auth_pointer_t ap);
+typedef srtp_err_status_t (*srtp_auth_init_func)
+ (void *state, const uint8_t *key, int key_len);
-typedef err_status_t (*auth_compute_func)
- (void *state, uint8_t *buffer, int octets_to_auth,
- int tag_len, uint8_t *tag);
+typedef srtp_err_status_t (*srtp_auth_dealloc_func)(srtp_auth_pointer_t ap);
-typedef err_status_t (*auth_update_func)
- (void *state, uint8_t *buffer, int octets_to_auth);
+typedef srtp_err_status_t (*srtp_auth_compute_func)
+ (void *state, const uint8_t *buffer, int octets_to_auth,
+ int tag_len, uint8_t *tag);
+
+typedef srtp_err_status_t (*srtp_auth_update_func)
+ (void *state, const uint8_t *buffer, int octets_to_auth);
+
+typedef srtp_err_status_t (*srtp_auth_start_func)(void *state);
-typedef err_status_t (*auth_start_func)(void *state);
-
/* some syntactic sugar on these function types */
+#define srtp_auth_type_alloc(at, a, klen, outlen) \
+ ((at)->alloc((a), (klen), (outlen)))
-#define auth_type_alloc(at, a, klen, outlen) \
- ((at)->alloc((a), (klen), (outlen)))
+#define srtp_auth_init(a, key) \
+ (((a)->type)->init((a)->state, (key), ((a)->key_len)))
-#define auth_init(a, key) \
- (((a)->type)->init((a)->state, (key), ((a)->key_len)))
+#define srtp_auth_compute(a, buf, len, res) \
+ (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res)))
-#define auth_compute(a, buf, len, res) \
- (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res)))
+#define srtp_auth_update(a, buf, len) \
+ (((a)->type)->update((a)->state, (buf), (len)))
-#define auth_update(a, buf, len) \
- (((a)->type)->update((a)->state, (buf), (len)))
+#define srtp_auth_start(a)(((a)->type)->start((a)->state))
-#define auth_start(a)(((a)->type)->start((a)->state))
-
-#define auth_dealloc(c) (((c)->type)->dealloc(c))
+#define srtp_auth_dealloc(c) (((c)->type)->dealloc(c))
/* functions to get information about a particular auth_t */
+int srtp_auth_get_key_length(const struct srtp_auth_t *a);
-int
-auth_get_key_length(const struct auth_t *a);
+int srtp_auth_get_tag_length(const struct srtp_auth_t *a);
-int
-auth_get_tag_length(const struct auth_t *a);
-
-int
-auth_get_prefix_length(const struct auth_t *a);
+int srtp_auth_get_prefix_length(const struct srtp_auth_t *a);
/*
- * auth_test_case_t is a (list of) key/message/tag values that are
+ * srtp_auth_test_case_t is a (list of) key/message/tag values that are
* known to be correct for a particular cipher. this data can be used
* to test an implementation in an on-the-fly self test of the
- * correcness of the implementation. (see the auth_type_self_test()
+ * correctness of the implementation. (see the srtp_auth_type_self_test()
* function below)
*/
+typedef struct srtp_auth_test_case_t {
+ int key_length_octets; /* octets in key */
+ const uint8_t *key; /* key */
+ int data_length_octets; /* octets in data */
+ const uint8_t *data; /* data */
+ int tag_length_octets; /* octets in tag */
+ const uint8_t *tag; /* tag */
+ const struct srtp_auth_test_case_t *next_test_case; /* pointer to next testcase */
+} srtp_auth_test_case_t;
-typedef struct auth_test_case_t {
- int key_length_octets; /* octets in key */
- uint8_t *key; /* key */
- int data_length_octets; /* octets in data */
- uint8_t *data; /* data */
- int tag_length_octets; /* octets in tag */
- uint8_t *tag; /* tag */
- struct auth_test_case_t *next_test_case; /* pointer to next testcase */
-} auth_test_case_t;
+/* srtp_auth_type_t */
+typedef struct srtp_auth_type_t {
+ srtp_auth_alloc_func alloc;
+ srtp_auth_dealloc_func dealloc;
+ srtp_auth_init_func init;
+ srtp_auth_compute_func compute;
+ srtp_auth_update_func update;
+ srtp_auth_start_func start;
+ const char *description;
+ const srtp_auth_test_case_t *test_data;
+ srtp_auth_type_id_t id;
+} srtp_auth_type_t;
-/* auth_type_t */
-
-typedef struct auth_type_t {
- auth_alloc_func alloc;
- auth_dealloc_func dealloc;
- auth_init_func init;
- auth_compute_func compute;
- auth_update_func update;
- auth_start_func start;
- char *description;
- int ref_count;
- auth_test_case_t *test_data;
- debug_module_t *debug;
- auth_type_id_t id;
-} auth_type_t;
-
-typedef struct auth_t {
- auth_type_t *type;
- void *state;
- int out_len; /* length of output tag in octets */
- int key_len; /* length of key in octets */
- int prefix_len; /* length of keystream prefix */
-} auth_t;
-
-/*
- * auth_type_self_test() tests an auth_type against test cases
- * provided in an array of values of key/message/tag that is known to
- * be good
- */
-
-err_status_t
-auth_type_self_test(const auth_type_t *at);
-
-/*
- * auth_type_test() tests an auth_type against external test cases
- * provided in an array of values of key/message/tag that is known to
- * be good
- */
-
-err_status_t
-auth_type_test(const auth_type_t *at, const auth_test_case_t *test_data);
+typedef struct srtp_auth_t {
+ const srtp_auth_type_t *type;
+ void *state;
+ int out_len; /* length of output tag in octets */
+ int key_len; /* length of key in octets */
+ int prefix_len; /* length of keystream prefix */
+} srtp_auth_t;
/*
- * auth_type_get_ref_count(at) returns the reference count (the number
- * of instantiations) of the auth_type_t at
+ * srtp_auth_type_self_test() tests an auth_type against test cases
+ * provided in an array of values of key/message/tag that is known to
+ * be good
*/
+srtp_err_status_t srtp_auth_type_self_test(const srtp_auth_type_t *at);
-int
-auth_type_get_ref_count(const auth_type_t *at);
+/*
+ * srtp_auth_type_test() tests an auth_type against external test cases
+ * provided in an array of values of key/message/tag that is known to
+ * be good
+ */
+srtp_err_status_t srtp_auth_type_test(const srtp_auth_type_t *at,
+ const srtp_auth_test_case_t *test_data);
-#endif /* AUTH_H */
+/*
+ * srtp_replace_auth_type(ct, id)
+ *
+ * replaces srtp's kernel's auth type implementation for the auth_type id
+ * with a new one passed in externally. The new auth type must pass all the
+ * existing auth_type's self tests as well as its own.
+ */
+srtp_err_status_t srtp_replace_auth_type(const srtp_auth_type_t *ct, srtp_auth_type_id_t id);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SRTP_AUTH_H */
diff --git a/libs/srtp/crypto/include/cipher.h b/libs/srtp/crypto/include/cipher.h
index d0d6b57f27..d544b12045 100644
--- a/libs/srtp/crypto/include/cipher.h
+++ b/libs/srtp/crypto/include/cipher.h
@@ -7,26 +7,26 @@
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -43,212 +43,180 @@
*/
-#ifndef CIPHER_H
-#define CIPHER_H
+#ifndef SRTP_CIPHER_H
+#define SRTP_CIPHER_H
-#include "datatypes.h"
-#include "rdbx.h" /* for xtd_seq_num_t */
-#include "err.h" /* for error codes */
-#include "crypto.h" /* for cipher_type_id_t */
-#include "crypto_types.h" /* for values of cipher_type_id_t */
+#include "srtp.h"
+#include "crypto_types.h" /* for values of cipher_type_id_t */
-/**
- * @brief cipher_direction_t defines a particular cipher operation.
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * srtp_cipher_direction_t defines a particular cipher operation.
*
- * A cipher_direction_t is an enum that describes a particular cipher
+ * A srtp_cipher_direction_t is an enum that describes a particular cipher
* operation, i.e. encryption or decryption. For some ciphers, this
* distinction does not matter, but for others, it is essential.
*/
-
-typedef enum {
- direction_encrypt, /**< encryption (convert plaintext to ciphertext) */
- direction_decrypt, /**< decryption (convert ciphertext to plaintext) */
- direction_any /**< encryption or decryption */
-} cipher_direction_t;
+typedef enum {
+ srtp_direction_encrypt, /**< encryption (convert plaintext to ciphertext) */
+ srtp_direction_decrypt, /**< decryption (convert ciphertext to plaintext) */
+ srtp_direction_any /**< encryption or decryption */
+} srtp_cipher_direction_t;
/*
- * the cipher_pointer and cipher_type_pointer definitions are needed
- * as cipher_t and cipher_type_t are not yet defined
+ * the srtp_cipher_pointer_t definition is needed
+ * as srtp_cipher_t is not yet defined
*/
-
-typedef struct cipher_type_t *cipher_type_pointer_t;
-typedef struct cipher_t *cipher_pointer_t;
+typedef struct srtp_cipher_t *srtp_cipher_pointer_t;
/*
- * a cipher_alloc_func_t allocates (but does not initialize) a cipher_t
+ * a srtp_cipher_alloc_func_t allocates (but does not initialize) a srtp_cipher_t
*/
-
-typedef err_status_t (*cipher_alloc_func_t)
- (cipher_pointer_t *cp, int key_len, int tag_len);
-
-/*
- * a cipher_init_func_t [re-]initializes a cipher_t with a given key
- */
-
-typedef err_status_t (*cipher_init_func_t)
-(void *state, const uint8_t *key, int key_len);
-
-/* a cipher_dealloc_func_t de-allocates a cipher_t */
-
-typedef err_status_t (*cipher_dealloc_func_t)(cipher_pointer_t cp);
-
-/* a cipher_set_segment_func_t sets the segment index of a cipher_t */
-
-typedef err_status_t (*cipher_set_segment_func_t)
- (void *state, xtd_seq_num_t idx);
-
-/*
- * a cipher_set_aad_func_t processes the AAD data for AEAD ciphers
- */
-typedef err_status_t (*cipher_set_aad_func_t)
- (void *state, uint8_t *aad, unsigned int aad_len);
-
-
-/* a cipher_encrypt_func_t encrypts data in-place */
-
-typedef err_status_t (*cipher_encrypt_func_t)
- (void *state, uint8_t *buffer, unsigned int *octets_to_encrypt);
-
-/* a cipher_decrypt_func_t decrypts data in-place */
-
-typedef err_status_t (*cipher_decrypt_func_t)
- (void *state, uint8_t *buffer, unsigned int *octets_to_decrypt);
-
-/*
- * a cipher_set_iv_func_t function sets the current initialization vector
- */
-
-typedef err_status_t (*cipher_set_iv_func_t)
- (cipher_pointer_t cp, void *iv, cipher_direction_t direction);
+typedef srtp_err_status_t (*srtp_cipher_alloc_func_t)
+ (srtp_cipher_pointer_t *cp, int key_len, int tag_len);
/*
- * a cipher_get_tag_funct_t function is used to get the authentication
+ * a srtp_cipher_init_func_t [re-]initializes a cipher_t with a given key
+ */
+typedef srtp_err_status_t (*srtp_cipher_init_func_t)
+ (void *state, const uint8_t *key);
+
+/* a srtp_cipher_dealloc_func_t de-allocates a cipher_t */
+typedef srtp_err_status_t (*srtp_cipher_dealloc_func_t)(srtp_cipher_pointer_t cp);
+
+/*
+ * a srtp_cipher_set_aad_func_t processes the AAD data for AEAD ciphers
+ */
+typedef srtp_err_status_t (*srtp_cipher_set_aad_func_t)
+ (void *state, const uint8_t *aad, uint32_t aad_len);
+
+
+/* a srtp_cipher_encrypt_func_t encrypts data in-place */
+typedef srtp_err_status_t (*srtp_cipher_encrypt_func_t)
+ (void *state, uint8_t *buffer, unsigned int *octets_to_encrypt);
+
+/* a srtp_cipher_decrypt_func_t decrypts data in-place */
+typedef srtp_err_status_t (*srtp_cipher_decrypt_func_t)
+ (void *state, uint8_t *buffer, unsigned int *octets_to_decrypt);
+
+/*
+ * a srtp_cipher_set_iv_func_t function sets the current initialization vector
+ */
+typedef srtp_err_status_t (*srtp_cipher_set_iv_func_t)
+ (void *state, uint8_t *iv, srtp_cipher_direction_t direction);
+
+/*
+ * a cipher_get_tag_func_t function is used to get the authentication
* tag that was calculated by an AEAD cipher.
*/
-typedef err_status_t (*cipher_get_tag_func_t)
- (void *state, void *tag, int *len);
+typedef srtp_err_status_t (*srtp_cipher_get_tag_func_t)
+ (void *state, uint8_t *tag, uint32_t *len);
/*
- * cipher_test_case_t is a (list of) key, salt, xtd_seq_num_t,
- * plaintext, and ciphertext values that are known to be correct for a
+ * srtp_cipher_test_case_t is a (list of) key, salt, plaintext, ciphertext,
+ * and aad values that are known to be correct for a
* particular cipher. this data can be used to test an implementation
- * in an on-the-fly self test of the correcness of the implementation.
- * (see the cipher_type_self_test() function below)
+ * in an on-the-fly self test of the correctness of the implementation.
+ * (see the srtp_cipher_type_self_test() function below)
*/
+typedef struct srtp_cipher_test_case_t {
+ int key_length_octets; /* octets in key */
+ const uint8_t *key; /* key */
+ uint8_t *idx; /* packet index */
+ int plaintext_length_octets; /* octets in plaintext */
+ const uint8_t *plaintext; /* plaintext */
+ int ciphertext_length_octets; /* octets in plaintext */
+ const uint8_t *ciphertext; /* ciphertext */
+ int aad_length_octets; /* octets in AAD */
+ const uint8_t *aad; /* AAD */
+ int tag_length_octets; /* Length of AEAD tag */
+ const struct srtp_cipher_test_case_t *next_test_case; /* pointer to next testcase */
+} srtp_cipher_test_case_t;
-typedef struct cipher_test_case_t {
- int key_length_octets; /* octets in key */
- uint8_t *key; /* key */
- uint8_t *idx; /* packet index */
- int plaintext_length_octets; /* octets in plaintext */
- uint8_t *plaintext; /* plaintext */
- int ciphertext_length_octets; /* octets in plaintext */
- uint8_t *ciphertext; /* ciphertext */
- int aad_length_octets; /* octets in AAD */
- uint8_t *aad; /* AAD */
- int tag_length_octets; /* Length of AEAD tag */
- struct cipher_test_case_t *next_test_case; /* pointer to next testcase */
-} cipher_test_case_t;
-
-/* cipher_type_t defines the 'metadata' for a particular cipher type */
-
-typedef struct cipher_type_t {
- cipher_alloc_func_t alloc;
- cipher_dealloc_func_t dealloc;
- cipher_init_func_t init;
- cipher_set_aad_func_t set_aad;
- cipher_encrypt_func_t encrypt;
- cipher_encrypt_func_t decrypt;
- cipher_set_iv_func_t set_iv;
- cipher_get_tag_func_t get_tag;
- char *description;
- int ref_count;
- cipher_test_case_t *test_data;
- debug_module_t *debug;
- cipher_type_id_t id;
-} cipher_type_t;
+/* srtp_cipher_type_t defines the 'metadata' for a particular cipher type */
+typedef struct srtp_cipher_type_t {
+ srtp_cipher_alloc_func_t alloc;
+ srtp_cipher_dealloc_func_t dealloc;
+ srtp_cipher_init_func_t init;
+ srtp_cipher_set_aad_func_t set_aad;
+ srtp_cipher_encrypt_func_t encrypt;
+ srtp_cipher_encrypt_func_t decrypt;
+ srtp_cipher_set_iv_func_t set_iv;
+ srtp_cipher_get_tag_func_t get_tag;
+ const char *description;
+ const srtp_cipher_test_case_t *test_data;
+ srtp_cipher_type_id_t id;
+} srtp_cipher_type_t;
/*
- * cipher_t defines an instantiation of a particular cipher, with fixed
+ * srtp_cipher_t defines an instantiation of a particular cipher, with fixed
* key length, key and salt values
*/
-
-typedef struct cipher_t {
- cipher_type_t *type;
- void *state;
- int key_len;
- int algorithm;
-} cipher_t;
-
-/* some syntactic sugar on these function types */
-
-#define cipher_type_alloc(ct, c, klen, tlen) ((ct)->alloc((c), (klen), (tlen)))
-
-#define cipher_dealloc(c) (((c)->type)->dealloc(c))
-
-#define cipher_init(c, k) (((c)->type)->init(((c)->state), (k), ((c)->key_len)))
-
-#define cipher_encrypt(c, buf, len) \
- (((c)->type)->encrypt(((c)->state), (buf), (len)))
-
-#define cipher_get_tag(c, buf, len) \
- (((c)->type)->get_tag(((c)->state), (buf), (len)))
-
-#define cipher_decrypt(c, buf, len) \
- (((c)->type)->decrypt(((c)->state), (buf), (len)))
-
-#define cipher_set_iv(c, n, dir) \
- ((c) ? (((c)->type)->set_iv(((cipher_pointer_t)(c)->state), (n), (dir))) : \
- err_status_no_such_op)
-#define cipher_set_aad(c, a, l) \
- (((c) && (((c)->type)->set_aad)) ? \
- (((c)->type)->set_aad(((c)->state), (a), (l))) : \
- err_status_no_such_op)
-
-err_status_t
-cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output);
-
+typedef struct srtp_cipher_t {
+ const srtp_cipher_type_t *type;
+ void *state;
+ int key_len;
+ int algorithm;
+} srtp_cipher_t;
/* some bookkeeping functions */
-
-int
-cipher_get_key_length(const cipher_t *c);
-
-
-/*
- * cipher_type_self_test() tests a cipher against test cases provided in
- * an array of values of key/xtd_seq_num_t/plaintext/ciphertext
- * that is known to be good
- */
-
-err_status_t
-cipher_type_self_test(const cipher_type_t *ct);
-
-
-/*
- * cipher_type_test() tests a cipher against external test cases provided in
- * an array of values of key/xtd_seq_num_t/plaintext/ciphertext
- * that is known to be good
- */
-
-err_status_t
-cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data);
+int srtp_cipher_get_key_length(const srtp_cipher_t *c);
/*
- * cipher_bits_per_second(c, l, t) computes (and estimate of) the
+ * srtp_cipher_type_self_test() tests a cipher against test cases provided in
+ * an array of values of key/srtp_xtd_seq_num_t/plaintext/ciphertext
+ * that is known to be good
+ */
+srtp_err_status_t srtp_cipher_type_self_test(const srtp_cipher_type_t *ct);
+
+
+/*
+ * srtp_cipher_type_test() tests a cipher against external test cases provided in
+ * an array of values of key/srtp_xtd_seq_num_t/plaintext/ciphertext
+ * that is known to be good
+ */
+srtp_err_status_t srtp_cipher_type_test(const srtp_cipher_type_t *ct, const srtp_cipher_test_case_t *test_data);
+
+
+/*
+ * srtp_cipher_bits_per_second(c, l, t) computes (an estimate of) the
* number of bits that a cipher implementation can encrypt in a second
- *
+ *
* c is a cipher (which MUST be allocated and initialized already), l
* is the length in octets of the test data to be encrypted, and t is
* the number of trials
*
* if an error is encountered, then the value 0 is returned
*/
+uint64_t srtp_cipher_bits_per_second(srtp_cipher_t *c, int octets_in_buffer, int num_trials);
-uint64_t
-cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials);
+srtp_err_status_t srtp_cipher_type_alloc(const srtp_cipher_type_t *ct, srtp_cipher_t **c, int key_len, int tlen);
+srtp_err_status_t srtp_cipher_dealloc(srtp_cipher_t *c);
+srtp_err_status_t srtp_cipher_init(srtp_cipher_t *c, const uint8_t *key);
+srtp_err_status_t srtp_cipher_set_iv(srtp_cipher_t *c, uint8_t *iv, int direction);
+srtp_err_status_t srtp_cipher_output(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output);
+srtp_err_status_t srtp_cipher_encrypt(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output);
+srtp_err_status_t srtp_cipher_decrypt(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output);
+srtp_err_status_t srtp_cipher_get_tag(srtp_cipher_t *c, uint8_t *buffer, uint32_t *tag_len);
+srtp_err_status_t srtp_cipher_set_aad(srtp_cipher_t *c, const uint8_t *aad, uint32_t aad_len);
-#endif /* CIPHER_H */
+/*
+ * srtp_replace_cipher_type(ct, id)
+ *
+ * replaces srtp's existing cipher implementation for the cipher_type id
+ * with a new one passed in externally. The new cipher must pass all the
+ * existing cipher_type's self tests as well as its own.
+ */
+srtp_err_status_t srtp_replace_cipher_type(const srtp_cipher_type_t *ct, srtp_cipher_type_id_t id);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SRTP_CIPHER_H */
diff --git a/libs/srtp/crypto/include/crypto.h b/libs/srtp/crypto/include/crypto.h
deleted file mode 100644
index 0e9667da57..0000000000
--- a/libs/srtp/crypto/include/crypto.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * crypto.h
- *
- * API for libcrypto
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-#ifndef CRYPTO_H
-#define CRYPTO_H
-
-/**
- * @brief A cipher_type_id_t is an identifier for a particular cipher
- * type.
- *
- * A cipher_type_id_t is an integer that represents a particular
- * cipher type, e.g. the Advanced Encryption Standard (AES). A
- * NULL_CIPHER is avaliable; this cipher leaves the data unchanged,
- * and can be selected to indicate that no encryption is to take
- * place.
- *
- * @ingroup Ciphers
- */
-typedef uint32_t cipher_type_id_t;
-
-/**
- * @brief An auth_type_id_t is an identifier for a particular authentication
- * function.
- *
- * An auth_type_id_t is an integer that represents a particular
- * authentication function type, e.g. HMAC-SHA1. A NULL_AUTH is
- * avaliable; this authentication function performs no computation,
- * and can be selected to indicate that no authentication is to take
- * place.
- *
- * @ingroup Authentication
- */
-typedef uint32_t auth_type_id_t;
-
-#endif /* CRYPTO_H */
-
-
diff --git a/libs/srtp/crypto/include/crypto_kernel.h b/libs/srtp/crypto/include/crypto_kernel.h
index caccfa03a9..1abf383f5a 100644
--- a/libs/srtp/crypto/include/crypto_kernel.h
+++ b/libs/srtp/crypto/include/crypto_kernel.h
@@ -7,26 +7,26 @@
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -46,16 +46,15 @@
#ifndef CRYPTO_KERNEL
#define CRYPTO_KERNEL
-#include "rand_source.h"
-#include "prng.h"
-#include "cipher.h"
+#include "cipher.h"
#include "auth.h"
-#include "cryptoalg.h"
-#include "stat.h"
#include "err.h"
#include "crypto_types.h"
#include "key.h"
-#include "crypto.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
/*
* crypto_kernel_state_t defines the possible states:
@@ -63,40 +62,36 @@
* insecure - not yet initialized
* secure - initialized and passed self-tests
*/
-
typedef enum {
- crypto_kernel_state_insecure,
- crypto_kernel_state_secure
-} crypto_kernel_state_t;
-
-/*
- * linked list of cipher types
- */
-
-typedef struct kernel_cipher_type {
- cipher_type_id_t id;
- cipher_type_t *cipher_type;
- struct kernel_cipher_type *next;
-} kernel_cipher_type_t;
-
-/*
- * linked list of auth types
- */
-
-typedef struct kernel_auth_type {
- auth_type_id_t id;
- auth_type_t *auth_type;
- struct kernel_auth_type *next;
-} kernel_auth_type_t;
+ srtp_crypto_kernel_state_insecure,
+ srtp_crypto_kernel_state_secure
+} srtp_crypto_kernel_state_t;
/*
- * linked list of debug modules
+ * linked list of cipher types
*/
+typedef struct srtp_kernel_cipher_type {
+ srtp_cipher_type_id_t id;
+ const srtp_cipher_type_t *cipher_type;
+ struct srtp_kernel_cipher_type *next;
+} srtp_kernel_cipher_type_t;
-typedef struct kernel_debug_module {
- debug_module_t *mod;
- struct kernel_debug_module *next;
-} kernel_debug_module_t;
+/*
+ * linked list of auth types
+ */
+typedef struct srtp_kernel_auth_type {
+ srtp_auth_type_id_t id;
+ const srtp_auth_type_t *auth_type;
+ struct srtp_kernel_auth_type *next;
+} srtp_kernel_auth_type_t;
+
+/*
+ * linked list of debug modules
+ */
+typedef struct srtp_kernel_debug_module {
+ srtp_debug_module_t *mod;
+ struct srtp_kernel_debug_module *next;
+} srtp_kernel_debug_module_t;
/*
@@ -105,177 +100,111 @@ typedef struct kernel_debug_module {
* note that there is *exactly one* instance of this data type,
* a global variable defined in crypto_kernel.c
*/
-
typedef struct {
- crypto_kernel_state_t state; /* current state of kernel */
- kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */
- kernel_auth_type_t *auth_type_list; /* list of all auth func types */
- kernel_debug_module_t *debug_module_list; /* list of all debug modules */
-} crypto_kernel_t;
+ srtp_crypto_kernel_state_t state; /* current state of kernel */
+ srtp_kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */
+ srtp_kernel_auth_type_t *auth_type_list; /* list of all auth func types */
+ srtp_kernel_debug_module_t *debug_module_list; /* list of all debug modules */
+} srtp_crypto_kernel_t;
/*
- * crypto_kernel_t external api
+ * srtp_crypto_kernel_t external api
*/
/*
- * The function crypto_kernel_init() initialized the crypto kernel and
+ * The function srtp_crypto_kernel_init() initialized the crypto kernel and
* runs the self-test operations on the random number generators and
* crypto algorithms. Possible return values are:
*
- * err_status_ok initialization successful
- * init failure
+ * srtp_err_status_ok initialization successful
+ * init failure
*
- * If any value other than err_status_ok is returned, the
- * crypto_kernel MUST NOT be used.
+ * If any value other than srtp_err_status_ok is returned, the
+ * crypto_kernel MUST NOT be used.
*/
-
-err_status_t
-crypto_kernel_init(void);
+srtp_err_status_t srtp_crypto_kernel_init(void);
/*
- * The function crypto_kernel_shutdown() de-initializes the
+ * The function srtp_crypto_kernel_shutdown() de-initializes the
* crypto_kernel, zeroizes keys and other cryptographic material, and
* deallocates any dynamically allocated memory. Possible return
* values are:
*
- * err_status_ok shutdown successful
- * shutdown failure
+ * srtp_err_status_ok shutdown successful
+ * shutdown failure
*
*/
-
-err_status_t
-crypto_kernel_shutdown(void);
+srtp_err_status_t srtp_crypto_kernel_shutdown(void);
/*
- * The function crypto_kernel_stats() checks the the crypto_kernel,
+ * The function srtp_crypto_kernel_stats() checks the the crypto_kernel,
* running tests on the ciphers, auth funcs, and rng, and prints out a
* status report. Possible return values are:
*
- * err_status_ok all tests were passed
- * a test failed
+ * srtp_err_status_ok all tests were passed
+ * a test failed
*
*/
-
-err_status_t
-crypto_kernel_status(void);
+srtp_err_status_t srtp_crypto_kernel_status(void);
/*
- * crypto_kernel_list_debug_modules() outputs a list of debugging modules
+ * srtp_crypto_kernel_list_debug_modules() outputs a list of debugging modules
*
*/
-
-err_status_t
-crypto_kernel_list_debug_modules(void);
+srtp_err_status_t srtp_crypto_kernel_list_debug_modules(void);
/*
- * crypto_kernel_load_cipher_type()
+ * srtp_crypto_kernel_load_cipher_type()
*
*/
+srtp_err_status_t srtp_crypto_kernel_load_cipher_type(const srtp_cipher_type_t *ct, srtp_cipher_type_id_t id);
-err_status_t
-crypto_kernel_load_cipher_type(cipher_type_t *ct, cipher_type_id_t id);
+srtp_err_status_t srtp_crypto_kernel_load_auth_type(const srtp_auth_type_t *ct, srtp_auth_type_id_t id);
-err_status_t
-crypto_kernel_load_auth_type(auth_type_t *ct, auth_type_id_t id);
+srtp_err_status_t srtp_crypto_kernel_load_debug_module(srtp_debug_module_t *new_dm);
/*
- * crypto_kernel_replace_cipher_type(ct, id)
- *
- * replaces the crypto kernel's existing cipher for the cipher_type id
- * with a new one passed in externally. The new cipher must pass all the
- * existing cipher_type's self tests as well as its own.
- */
-err_status_t
-crypto_kernel_replace_cipher_type(cipher_type_t *ct, cipher_type_id_t id);
-
-
-/*
- * crypto_kernel_replace_auth_type(ct, id)
- *
- * replaces the crypto kernel's existing cipher for the auth_type id
- * with a new one passed in externally. The new auth type must pass all the
- * existing auth_type's self tests as well as its own.
- */
-err_status_t
-crypto_kernel_replace_auth_type(auth_type_t *ct, auth_type_id_t id);
-
-
-err_status_t
-crypto_kernel_load_debug_module(debug_module_t *new_dm);
-
-/*
- * crypto_kernel_alloc_cipher(id, cp, key_len);
+ * srtp_crypto_kernel_alloc_cipher(id, cp, key_len);
*
* allocates a cipher of type id at location *cp, with key length
* key_len octets. Return values are:
- *
- * err_status_ok no problems
- * err_status_alloc_fail an allocation failure occured
- * err_status_fail couldn't find cipher with identifier 'id'
+ *
+ * srtp_err_status_ok no problems
+ * srtp_err_status_alloc_fail an allocation failure occured
+ * srtp_err_status_fail couldn't find cipher with identifier 'id'
*/
-
-err_status_t
-crypto_kernel_alloc_cipher(cipher_type_id_t id,
- cipher_pointer_t *cp,
- int key_len,
- int tag_len);
+srtp_err_status_t srtp_crypto_kernel_alloc_cipher(srtp_cipher_type_id_t id, srtp_cipher_pointer_t *cp, int key_len, int tag_len);
/*
- * crypto_kernel_alloc_auth(id, ap, key_len, tag_len);
+ * srtp_crypto_kernel_alloc_auth(id, ap, key_len, tag_len);
*
* allocates an auth function of type id at location *ap, with key
* length key_len octets and output tag length of tag_len. Return
* values are:
- *
- * err_status_ok no problems
- * err_status_alloc_fail an allocation failure occured
- * err_status_fail couldn't find auth with identifier 'id'
+ *
+ * srtp_err_status_ok no problems
+ * srtp_err_status_alloc_fail an allocation failure occured
+ * srtp_err_status_fail couldn't find auth with identifier 'id'
*/
-
-err_status_t
-crypto_kernel_alloc_auth(auth_type_id_t id,
- auth_pointer_t *ap,
- int key_len,
- int tag_len);
+srtp_err_status_t srtp_crypto_kernel_alloc_auth(srtp_auth_type_id_t id, srtp_auth_pointer_t *ap, int key_len, int tag_len);
/*
- * crypto_kernel_set_debug_module(mod_name, v)
- *
+ * srtp_crypto_kernel_set_debug_module(mod_name, v)
+ *
* sets dynamic debugging to the value v (0 for off, 1 for on) for the
* debug module with the name mod_name
*
- * returns err_status_ok on success, err_status_fail otherwise
+ * returns srtp_err_status_ok on success, srtp_err_status_fail otherwise
*/
+srtp_err_status_t srtp_crypto_kernel_set_debug_module(const char *mod_name, int v);
-err_status_t
-crypto_kernel_set_debug_module(char *mod_name, int v);
+#ifdef __cplusplus
+}
+#endif
-/**
- * @brief writes a random octet string.
- *
- * The function call crypto_get_random(dest, len) writes len octets of
- * random data to the location to which dest points, and returns an
- * error code. This error code @b must be checked, and if a failure is
- * reported, the data in the buffer @b must @b not be used.
- *
- * @warning If the return code is not checked, then non-random
- * data may be in the buffer. This function will fail
- * unless it is called after crypto_kernel_init().
- *
- * @return
- * - err_status_ok if no problems occured.
- * - [other] a problem occured, and no assumptions should
- * be made about the contents of the destination
- * buffer.
- *
- * @ingroup SRTP
- */
-err_status_t
-crypto_get_random(unsigned char *buffer, unsigned int length);
-
#endif /* CRYPTO_KERNEL */
diff --git a/libs/srtp/crypto/include/crypto_math.h b/libs/srtp/crypto/include/crypto_math.h
deleted file mode 100644
index 52f083721d..0000000000
--- a/libs/srtp/crypto/include/crypto_math.h
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
- * math.h
- *
- * crypto math operations and data types
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifndef MATH_H
-#define MATH_H
-
-#include "datatypes.h"
-
-unsigned char
-v32_weight(v32_t a);
-
-unsigned char
-v32_distance(v32_t x, v32_t y);
-
-unsigned int
-v32_dot_product(v32_t a, v32_t b);
-
-char *
-v16_bit_string(v16_t x);
-
-char *
-v32_bit_string(v32_t x);
-
-char *
-v64_bit_string(const v64_t *x);
-
-char *
-octet_hex_string(uint8_t x);
-
-char *
-v16_hex_string(v16_t x);
-
-char *
-v32_hex_string(v32_t x);
-
-char *
-v64_hex_string(const v64_t *x);
-
-int
-hex_char_to_nibble(uint8_t c);
-
-int
-is_hex_string(char *s);
-
-v16_t
-hex_string_to_v16(char *s);
-
-v32_t
-hex_string_to_v32(char *s);
-
-v64_t
-hex_string_to_v64(char *s);
-
-/* the matrix A[] is stored in column format, i.e., A[i] is
- the ith column of the matrix */
-
-uint8_t
-A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b);
-
-void
-v16_copy_octet_string(v16_t *x, const uint8_t s[2]);
-
-void
-v32_copy_octet_string(v32_t *x, const uint8_t s[4]);
-
-void
-v64_copy_octet_string(v64_t *x, const uint8_t s[8]);
-
-void
-v128_add(v128_t *z, v128_t *x, v128_t *y);
-
-int
-octet_string_is_eq(uint8_t *a, uint8_t *b, int len);
-
-void
-octet_string_set_to_zero(uint8_t *s, int len);
-
-
-
-/*
- * the matrix A[] is stored in column format, i.e., A[i] is the ith
- * column of the matrix
-*/
-uint8_t
-A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b);
-
-
-#if 0
-#if WORDS_BIGENDIAN
-
-#define _v128_add(z, x, y) { \
- uint64_t tmp; \
- \
- tmp = x->v32[3] + y->v32[3]; \
- z->v32[3] = (uint32_t) tmp; \
- \
- tmp = x->v32[2] + y->v32[2] + (tmp >> 32); \
- z->v32[2] = (uint32_t) tmp; \
- \
- tmp = x->v32[1] + y->v32[1] + (tmp >> 32); \
- z->v32[1] = (uint32_t) tmp; \
- \
- tmp = x->v32[0] + y->v32[0] + (tmp >> 32); \
- z->v32[0] = (uint32_t) tmp; \
-}
-
-#else /* assume little endian architecture */
-
-#define _v128_add(z, x, y) { \
- uint64_t tmp; \
- \
- tmp = htonl(x->v32[3]) + htonl(y->v32[3]); \
- z->v32[3] = ntohl((uint32_t) tmp); \
- \
- tmp = htonl(x->v32[2]) + htonl(y->v32[2]) \
- + htonl(tmp >> 32); \
- z->v32[2] = ntohl((uint32_t) tmp); \
- \
- tmp = htonl(x->v32[1]) + htonl(y->v32[1]) \
- + htonl(tmp >> 32); \
- z->v32[1] = ntohl((uint32_t) tmp); \
- \
- tmp = htonl(x->v32[0]) + htonl(y->v32[0]) \
- + htonl(tmp >> 32); \
- z->v32[0] = ntohl((uint32_t) tmp); \
-}
-
-#endif /* WORDS_BIGENDIAN */
-#endif
-
-#ifdef DATATYPES_USE_MACROS /* little functions are really macros */
-
-#define v128_set_to_zero(z) _v128_set_to_zero(z)
-#define v128_copy(z, x) _v128_copy(z, x)
-#define v128_xor(z, x, y) _v128_xor(z, x, y)
-#define v128_and(z, x, y) _v128_and(z, x, y)
-#define v128_or(z, x, y) _v128_or(z, x, y)
-#define v128_complement(x) _v128_complement(x)
-#define v128_is_eq(x, y) _v128_is_eq(x, y)
-#define v128_xor_eq(x, y) _v128_xor_eq(x, y)
-#define v128_get_bit(x, i) _v128_get_bit(x, i)
-#define v128_set_bit(x, i) _v128_set_bit(x, i)
-#define v128_clear_bit(x, i) _v128_clear_bit(x, i)
-#define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y)
-
-#else
-
-void
-v128_set_to_zero(v128_t *x);
-
-int
-v128_is_eq(const v128_t *x, const v128_t *y);
-
-void
-v128_copy(v128_t *x, const v128_t *y);
-
-void
-v128_xor(v128_t *z, v128_t *x, v128_t *y);
-
-void
-v128_and(v128_t *z, v128_t *x, v128_t *y);
-
-void
-v128_or(v128_t *z, v128_t *x, v128_t *y);
-
-void
-v128_complement(v128_t *x);
-
-int
-v128_get_bit(const v128_t *x, int i);
-
-void
-v128_set_bit(v128_t *x, int i) ;
-
-void
-v128_clear_bit(v128_t *x, int i);
-
-void
-v128_set_bit_to(v128_t *x, int i, int y);
-
-#endif /* DATATYPES_USE_MACROS */
-
-/*
- * octet_string_is_eq(a,b, len) returns 1 if the length len strings a
- * and b are not equal, returns 0 otherwise
- */
-
-int
-octet_string_is_eq(uint8_t *a, uint8_t *b, int len);
-
-void
-octet_string_set_to_zero(uint8_t *s, int len);
-
-
-#endif /* MATH_H */
-
-
-
diff --git a/libs/srtp/crypto/include/crypto_types.h b/libs/srtp/crypto/include/crypto_types.h
index dbb50c37fe..329d60dbd1 100644
--- a/libs/srtp/crypto/include/crypto_types.h
+++ b/libs/srtp/crypto/include/crypto_types.h
@@ -8,7 +8,7 @@
*/
/*
*
- * Copyright(c) 2001-2006,2013 Cisco Systems, Inc.
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -42,207 +42,75 @@
*
*/
-#ifndef CRYPTO_TYPES_H
-#define CRYPTO_TYPES_H
+#ifndef SRTP_CRYPTO_TYPES_H
+#define SRTP_CRYPTO_TYPES_H
-/**
- * @defgroup Algos Cryptographic Algorithms
+/*
+ * The null cipher performs no encryption.
*
- *
- * This library provides several different cryptographic algorithms,
- * each of which can be selected by using the cipher_type_id_t and
- * auth_type_id_t. These algorithms are documented below.
- *
- * Authentication functions that use the Universal Security Transform
- * (UST) must be used in conjunction with a cipher other than the null
- * cipher. These functions require a per-message pseudorandom input
- * that is generated by the cipher.
- *
- * The identifiers STRONGHOLD_AUTH and STRONGHOLD_CIPHER identify the
- * strongest available authentication function and cipher,
- * respectively. They are resolved at compile time to the strongest
- * available algorithm. The stronghold algorithms can serve as did
- * the keep of a medieval fortification; they provide the strongest
- * defense (or the last refuge).
- *
- * @{
- */
-
-/**
- * @defgroup Ciphers Cipher Types
- *
- * @brief Each cipher type is identified by an unsigned integer. The
- * cipher types available in this edition of libSRTP are given
- * by the #defines below.
- *
- * A cipher_type_id_t is an identifier for a cipher_type; only values
- * given by the #defines above (or those present in the file
- * crypto_types.h) should be used.
- *
- * The identifier STRONGHOLD_CIPHER indicates the strongest available
- * cipher, allowing an application to choose the strongest available
- * algorithm without any advance knowledge about the avaliable
- * algorithms.
- *
- * @{
- */
-
-/**
- * @brief The null cipher performs no encryption.
- *
- * The NULL_CIPHER leaves its inputs unaltered, during both the
+ * The SRTP_NULL_CIPHER leaves its inputs unaltered, during both the
* encryption and decryption operations. This cipher can be chosen
* to indicate that no encryption is to be performed.
*/
-#define NULL_CIPHER 0
+#define SRTP_NULL_CIPHER 0
-/**
- * @brief AES Integer Counter Mode (AES ICM)
+/*
+ * AES-128 Integer Counter Mode (AES ICM)
*
- * AES ICM is the variant of counter mode that is used by Secure RTP.
- * This cipher uses a 16-, 24-, or 32-octet key concatenated with a
+ * AES-128 ICM is the variant of counter mode that is used by
+ * Secure RTP. This cipher uses a 16-octet key concatenated with a
* 14-octet offset (or salt) value.
*/
-#define AES_ICM 1
+#define SRTP_AES_ICM_128 1
-/**
- * @brief AES-128 Integer Counter Mode (AES ICM)
- * AES-128 ICM is a deprecated alternate name for AES ICM.
- */
-#define AES_128_ICM AES_ICM
-
-/**
- * @brief SEAL 3.0
- *
- * SEAL is the Software-Optimized Encryption Algorithm of Coppersmith
- * and Rogaway. Nota bene: this cipher is IBM proprietary.
- */
-#define SEAL 2
-
-/**
- * @brief AES Cipher Block Chaining mode (AES CBC)
+/*
+ * AES-192 Integer Counter Mode (AES ICM)
*
- * AES CBC is the AES Cipher Block Chaining mode.
- * This cipher uses a 16-, 24-, or 32-octet key.
+ * AES-128 ICM is the variant of counter mode that is used by
+ * Secure RTP. This cipher uses a 24-octet key concatenated with a
+ * 14-octet offset (or salt) value.
*/
-#define AES_CBC 3
+#define SRTP_AES_ICM_192 4
-/**
- * @brief AES-128 Cipher Block Chaining mode (AES CBC)
+/*
+ * AES-256 Integer Counter Mode (AES ICM)
*
- * AES-128 CBC is a deprecated alternate name for AES CBC.
+ * AES-128 ICM is the variant of counter mode that is used by
+ * Secure RTP. This cipher uses a 32-octet key concatenated with a
+ * 14-octet offset (or salt) value.
*/
-#define AES_128_CBC AES_CBC
+#define SRTP_AES_ICM_256 5
-/**
- * @brief Strongest available cipher.
- *
- * This identifier resolves to the strongest cipher type available.
- */
-#define STRONGHOLD_CIPHER AES_ICM
-
-/**
- * @brief AES-192 Integer Counter Mode (AES ICM)
- * AES-192 ICM is a deprecated alternate name for AES ICM.
- */
-#define AES_192_ICM 4
-
-/**
- * @brief AES-256 Integer Counter Mode (AES ICM)
- * AES-256 ICM is a deprecated alternate name for AES ICM.
- */
-#define AES_256_ICM 5
-
-/**
- * @brief AES-128_GCM Galois Counter Mode (AES GCM)
+/*
+ * AES-128_GCM Galois Counter Mode (AES GCM)
*
* AES-128 GCM is the variant of galois counter mode that is used by
* Secure RTP. This cipher uses a 16-octet key.
*/
-#define AES_128_GCM 6
+#define SRTP_AES_GCM_128 6
-/**
- * @brief AES-256_GCM Galois Counter Mode (AES GCM)
+/*
+ * AES-256_GCM Galois Counter Mode (AES GCM)
*
* AES-256 GCM is the variant of galois counter mode that is used by
* Secure RTP. This cipher uses a 32-octet key.
*/
-#define AES_256_GCM 7
+#define SRTP_AES_GCM_256 7
-/**
- * @}
- */
-
-
-
-/**
- * @defgroup Authentication Authentication Function Types
- *
- * @brief Each authentication function type is identified by an
- * unsigned integer. The authentication function types available in
- * this edition of libSRTP are given by the #defines below.
- *
- * An auth_type_id_t is an identifier for an authentication function type;
- * only values given by the #defines above (or those present in the
- * file crypto_types.h) should be used.
- *
- * The identifier STRONGHOLD_AUTH indicates the strongest available
- * authentication function, allowing an application to choose the
- * strongest available algorithm without any advance knowledge about
- * the avaliable algorithms. The stronghold algorithms can serve as
- * did the keep of a medieval fortification; they provide the
- * strongest defense (or the last refuge).
- *
- * @{
- */
-
-/**
- * @brief The null authentication function performs no authentication.
+/*
+ * The null authentication function performs no authentication.
*
* The NULL_AUTH function does nothing, and can be selected to indicate
* that authentication should not be performed.
*/
-#define NULL_AUTH 0
+#define SRTP_NULL_AUTH 0
-/**
- * @brief UST with TMMH Version 2
+/*
+ * HMAC-SHA1
*
- * UST_TMMHv2 implements the Truncated Multi-Modular Hash using
- * UST. This function must be used in conjunction with a cipher other
- * than the null cipher.
- * with a cipher.
- */
-#define UST_TMMHv2 1
-
-/**
- * @brief (UST) AES-128 XORMAC
- *
- * UST_AES_128_XMAC implements AES-128 XORMAC, using UST. Nota bene:
- * the XORMAC algorithm is IBM proprietary.
- */
-#define UST_AES_128_XMAC 2
-
-/**
- * @brief HMAC-SHA1
- *
- * HMAC_SHA1 implements the Hash-based MAC using the NIST Secure
+ * SRTP_HMAC_SHA1 implements the Hash-based MAC using the NIST Secure
* Hash Algorithm version 1 (SHA1).
*/
-#define HMAC_SHA1 3
+#define SRTP_HMAC_SHA1 3
-/**
- * @brief Strongest available authentication function.
- *
- * This identifier resolves to the strongest available authentication
- * function.
- */
-#define STRONGHOLD_AUTH HMAC_SHA1
-
-/**
- * @}
- */
-/**
- * @}
- */
-
-#endif /* CRYPTO_TYPES_H */
+#endif /* SRTP_CRYPTO_TYPES_H */
diff --git a/libs/srtp/crypto/include/cryptoalg.h b/libs/srtp/crypto/include/cryptoalg.h
deleted file mode 100644
index d9f0441e0e..0000000000
--- a/libs/srtp/crypto/include/cryptoalg.h
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * cryptoalg.h
- *
- * API for authenticated encryption crypto algorithms
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifndef CRYPTOALG_H
-#define CRYPTOALG_H
-
-#include "err.h"
-
-/**
- * @defgroup Crypto Cryptography
- *
- * Zed uses a simple interface to a cryptographic transform.
- *
- * @{
- */
-
-/**
- * @brief applies a crypto algorithm
- *
- * The function pointer cryptoalg_func_t points to a function that
- * implements a crypto transform, and provides a uniform API for
- * accessing crypto mechanisms.
- *
- * @param key location of secret key
- *
- * @param clear data to be authenticated but not encrypted
- *
- * @param clear_len length of data to be authenticated but not encrypted
- *
- * @param iv location to write the Initialization Vector (IV)
- *
- * @param protect location of the data to be encrypted and
- * authenticated (before the function call), and the ciphertext
- * and authentication tag (after the call)
- *
- * @param protected_len location of the length of the data to be
- * encrypted and authenticated (before the function call), and the
- * length of the ciphertext (after the call)
- *
- */
-
-typedef err_status_t (*cryptoalg_func_t)
- (void *key,
- const void *clear,
- unsigned clear_len,
- void *iv,
- void *protect,
- unsigned *protected_len);
-
-typedef
-err_status_t (*cryptoalg_inv_t)
- (void *key, /* location of secret key */
- const void *clear, /* data to be authenticated only */
- unsigned clear_len, /* length of data to be authenticated only */
- void *iv, /* location of iv */
- void *opaque, /* data to be decrypted and authenticated */
- unsigned *opaque_len /* location of the length of data to be
- * decrypted and authd (before and after)
- */
- );
-
-typedef struct cryptoalg_ctx_t {
- cryptoalg_func_t enc;
- cryptoalg_inv_t dec;
- unsigned key_len;
- unsigned iv_len;
- unsigned auth_tag_len;
- unsigned max_expansion;
-} cryptoalg_ctx_t;
-
-typedef cryptoalg_ctx_t *cryptoalg_t;
-
-#define cryptoalg_get_key_len(cryptoalg) ((cryptoalg)->key_len)
-
-#define cryptoalg_get_iv_len(cryptoalg) ((cryptoalg)->iv_len)
-
-#define cryptoalg_get_auth_tag_len(cryptoalg) ((cryptoalg)->auth_tag_len)
-
-int
-cryptoalg_get_id(cryptoalg_t c);
-
-cryptoalg_t
-cryptoalg_find_by_id(int id);
-
-
-/**
- * @}
- */
-
-#endif /* CRYPTOALG_H */
-
-
diff --git a/libs/srtp/crypto/include/datatypes.h b/libs/srtp/crypto/include/datatypes.h
index 11078e6dc4..d20b9e6f8c 100644
--- a/libs/srtp/crypto/include/datatypes.h
+++ b/libs/srtp/crypto/include/datatypes.h
@@ -9,7 +9,7 @@
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -44,23 +44,25 @@
*/
-#ifndef _DATATYPES_H
-#define _DATATYPES_H
+#ifndef DATATYPES_H
+#define DATATYPES_H
#include "integers.h" /* definitions of uint32_t, et cetera */
#include "alloc.h"
#include
-#ifndef SRTP_KERNEL
-# include
-# include
-# include
-# ifdef HAVE_NETINET_IN_H
-# include
-# elif defined HAVE_WINSOCK2_H
-# include
-# endif
+#include
+#include
+#include
+#ifdef HAVE_NETINET_IN_H
+# include
+#elif defined HAVE_WINSOCK2_H
+# include
+#endif
+
+#ifdef __cplusplus
+extern "C" {
#endif
@@ -115,13 +117,10 @@ typedef union {
int
octet_get_weight(uint8_t octet);
-char *
-octet_bit_string(uint8_t x);
-
#define MAX_PRINT_STRING_LEN 1024
char *
-octet_string_hex_string(const void *str, int length);
+srtp_octet_string_hex_string(const void *str, int length);
char *
v128_bit_string(v128_t *x);
@@ -129,34 +128,6 @@ v128_bit_string(v128_t *x);
char *
v128_hex_string(v128_t *x);
-uint8_t
-nibble_to_hex_char(uint8_t nibble);
-
-char *
-char_to_hex_string(char *x, int num_char);
-
-uint8_t
-hex_string_to_octet(char *s);
-
-/*
- * hex_string_to_octet_string(raw, hex, len) converts the hexadecimal
- * string at *hex (of length len octets) to the equivalent raw data
- * and writes it to *raw.
- *
- * if a character in the hex string that is not a hexadeciaml digit
- * (0123456789abcdefABCDEF) is encountered, the function stops writing
- * data to *raw
- *
- * the number of hex digits copied (which is two times the number of
- * octets in *raw) is returned
- */
-
-int
-hex_string_to_octet_string(char *raw, char *hex, int len);
-
-v128_t
-hex_string_to_v128(char *s);
-
void
v128_copy_octet_string(v128_t *x, const uint8_t s[16]);
@@ -274,51 +245,6 @@ v128_right_shift(v128_t *x, int shift_index);
_v128_clear_bit(x, bit) \
)
-
-#if 0
-/* nothing uses this */
-#ifdef WORDS_BIGENDIAN
-
-#define _v128_add(z, x, y) { \
- uint64_t tmp; \
- \
- tmp = x->v32[3] + y->v32[3]; \
- z->v32[3] = (uint32_t) tmp; \
- \
- tmp = x->v32[2] + y->v32[2] + (tmp >> 32); \
- z->v32[2] = (uint32_t) tmp; \
- \
- tmp = x->v32[1] + y->v32[1] + (tmp >> 32); \
- z->v32[1] = (uint32_t) tmp; \
- \
- tmp = x->v32[0] + y->v32[0] + (tmp >> 32); \
- z->v32[0] = (uint32_t) tmp; \
-}
-
-#else /* assume little endian architecture */
-
-#define _v128_add(z, x, y) { \
- uint64_t tmp; \
- \
- tmp = htonl(x->v32[3]) + htonl(y->v32[3]); \
- z->v32[3] = ntohl((uint32_t) tmp); \
- \
- tmp = htonl(x->v32[2]) + htonl(y->v32[2]) \
- + htonl(tmp >> 32); \
- z->v32[2] = ntohl((uint32_t) tmp); \
- \
- tmp = htonl(x->v32[1]) + htonl(y->v32[1]) \
- + htonl(tmp >> 32); \
- z->v32[1] = ntohl((uint32_t) tmp); \
- \
- tmp = htonl(x->v32[0]) + htonl(y->v32[0]) \
- + htonl(tmp >> 32); \
- z->v32[0] = ntohl((uint32_t) tmp); \
-}
-#endif /* WORDS_BIGENDIAN */
-#endif /* 0 */
-
-
#ifdef DATATYPES_USE_MACROS /* little functions are really macros */
#define v128_set_to_zero(z) _v128_set_to_zero(z)
@@ -372,18 +298,31 @@ v128_set_bit_to(v128_t *x, int i, int y);
#endif /* DATATYPES_USE_MACROS */
/*
- * octet_string_is_eq(a,b, len) returns 1 if the length len strings a
- * and b are not equal, returns 0 otherwise
+ * octet_string_is_eq(a, b, len) returns 1 if the length len strings a
+ * and b are not equal. It returns 0 otherwise. The running time of the
+ * comparison depends only on len, making this safe to use for (e.g.)
+ * verifying authentication tags.
*/
int
octet_string_is_eq(uint8_t *a, uint8_t *b, int len);
+/*
+ * A portable way to zero out memory as recommended by
+ * https://cryptocoding.net/index.php/Coding_rules#Clean_memory_of_secret_data
+ * This is used to zero memory when OPENSSL_cleanse() is not available.
+ */
void
-octet_string_set_to_zero(uint8_t *s, int len);
+srtp_cleanse(void *s, size_t len);
+/*
+ * Functions as a wrapper that delegates to either srtp_cleanse() or
+ * OPENSSL_cleanse() if available to zero memory.
+ */
+void
+octet_string_set_to_zero(void *s, size_t len);
-#ifndef SRTP_KERNEL_LINUX
+#if defined(HAVE_CONFIG_H)
/*
* Convert big endian integers to CPU byte order.
@@ -399,7 +338,7 @@ octet_string_set_to_zero(uint8_t *s, int len);
# define be64_to_cpu(x) bswap_64((x))
#else
-#if defined(__GNUC__) && defined(HAVE_X86) && !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__NetBSD__) && !defined(__DragonFly__) && !defined(__sun)
+#if defined(__GNUC__) && defined(HAVE_X86)
/* Fall back. */
static inline uint32_t be32_to_cpu(uint32_t v) {
/* optimized for x86. */
@@ -426,7 +365,7 @@ static inline uint64_t be64_to_cpu(uint64_t v) {
return v;
}
-#endif /* ! SRTP_KERNEL_LINUX */
+#endif
#endif /* WORDS_BIGENDIAN */
@@ -509,4 +448,8 @@ bitvector_left_shift(bitvector_t *x, int index);
char *
bitvector_bit_string(bitvector_t *x, char* buf, int len);
-#endif /* _DATATYPES_H */
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* DATATYPES_H */
diff --git a/libs/srtp/crypto/include/err.h b/libs/srtp/crypto/include/err.h
index e54514df4e..b6f196da84 100644
--- a/libs/srtp/crypto/include/err.h
+++ b/libs/srtp/crypto/include/err.h
@@ -1,32 +1,32 @@
/*
* err.h
- *
+ *
* error status codes
*
* David A. McGrew
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -46,97 +46,58 @@
#ifndef ERR_H
#define ERR_H
-#include "datatypes.h"
+#include
+#include
+#include "srtp.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
/**
* @defgroup Error Error Codes
- *
- * Error status codes are represented by the enumeration err_status_t.
- *
+ *
+ * Error status codes are represented by the enumeration srtp_err_status_t.
+ *
* @{
*/
-/*
- * @brief err_status_t defines error codes.
- *
- * The enumeration err_status_t defines error codes. Note that the
- * value of err_status_ok is equal to zero, which can simplify error
- * checking somewhat.
- *
- */
-typedef enum {
- err_status_ok = 0, /**< nothing to report */
- err_status_fail = 1, /**< unspecified failure */
- err_status_bad_param = 2, /**< unsupported parameter */
- err_status_alloc_fail = 3, /**< couldn't allocate memory */
- err_status_dealloc_fail = 4, /**< couldn't deallocate properly */
- err_status_init_fail = 5, /**< couldn't initialize */
- err_status_terminus = 6, /**< can't process as much data as requested */
- err_status_auth_fail = 7, /**< authentication failure */
- err_status_cipher_fail = 8, /**< cipher failure */
- err_status_replay_fail = 9, /**< replay check failed (bad index) */
- err_status_replay_old = 10, /**< replay check failed (index too old) */
- err_status_algo_fail = 11, /**< algorithm failed test routine */
- err_status_no_such_op = 12, /**< unsupported operation */
- err_status_no_ctx = 13, /**< no appropriate context found */
- err_status_cant_check = 14, /**< unable to perform desired validation */
- err_status_key_expired = 15, /**< can't use key any more */
- err_status_socket_err = 16, /**< error in use of socket */
- err_status_signal_err = 17, /**< error in use POSIX signals */
- err_status_nonce_bad = 18, /**< nonce check failed */
- err_status_read_fail = 19, /**< couldn't read data */
- err_status_write_fail = 20, /**< couldn't write data */
- err_status_parse_err = 21, /**< error parsing data */
- err_status_encode_err = 22, /**< error encoding data */
- err_status_semaphore_err = 23,/**< error while using semaphores */
- err_status_pfkey_err = 24 /**< error while using pfkey */
-} err_status_t;
-
/**
* @}
*/
typedef enum {
- err_level_emergency = 0,
- err_level_alert,
- err_level_critical,
- err_level_error,
- err_level_warning,
- err_level_notice,
- err_level_info,
- err_level_debug,
- err_level_none
-} err_reporting_level_t;
+ srtp_err_level_error,
+ srtp_err_level_warning,
+ srtp_err_level_info,
+ srtp_err_level_debug
+} srtp_err_reporting_level_t;
/*
* err_reporting_init prepares the error system. If
- * ERR_REPORTING_SYSLOG is defined, it will open syslog.
+ * ERR_REPORTING_STDOUT is defined, it will log to stdout.
*
- * The ident argument is a string that will be prepended to
- * all syslog messages. It is conventionally argv[0].
*/
-err_status_t
-err_reporting_init(char *ident);
+srtp_err_status_t srtp_err_reporting_init(void);
-#ifdef SRTP_KERNEL_LINUX
-extern err_reporting_level_t err_level;
-#else
+typedef void (srtp_err_report_handler_func_t)(srtp_err_reporting_level_t level, const char * msg);
+
+srtp_err_status_t srtp_install_err_report_handler(srtp_err_report_handler_func_t func);
/*
- * keydaemon_report_error reports a 'printf' formatted error
- * string, followed by a an arg list. The priority argument
- * is equivalent to that defined for syslog.
+ * srtp_err_report reports a 'printf' formatted error
+ * string, followed by a an arg list. The level argument
+ * is one of srtp_err_reporting_level_t.
*
- * Errors will be reported to ERR_REPORTING_FILE, if defined, and to
- * syslog, if ERR_REPORTING_SYSLOG is defined.
+ * Errors will be reported to stdout, if ERR_REPORTING_STDOUT
+ * is defined.
*
*/
void
-err_report(int priority, char *format, ...);
-#endif /* ! SRTP_KERNEL_LINUX */
+srtp_err_report(srtp_err_reporting_level_t level, const char *format, ...);
/*
@@ -144,31 +105,28 @@ err_report(int priority, char *format, ...);
*/
typedef struct {
- int on; /* 1 if debugging is on, 0 if it is off */
- char *name; /* printable name for debug module */
-} debug_module_t;
+ int on; /* 1 if debugging is on, 0 if it is off */
+ const char *name; /* printable name for debug module */
+} srtp_debug_module_t;
-#ifdef ENABLE_DEBUGGING
+#ifdef ENABLE_DEBUG_LOGGING
-#define debug_on(mod) (mod).on = 1
-
-#define debug_off(mod) (mod).on = 0
-
-/* use err_report() to report debug message */
#define debug_print(mod, format, arg) \
- if (mod.on) err_report(err_level_debug, ("%s: " format "\n"), mod.name, arg)
-#define debug_print2(mod, format, arg1,arg2) \
- if (mod.on) err_report(err_level_debug, ("%s: " format "\n"), mod.name, arg1,arg2)
+ srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg)
+#define debug_print2(mod, format, arg1, arg2) \
+ srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg1, arg2)
#else
-/* define macros to do nothing */
-#define debug_print(mod, format, arg)
-
-#define debug_on(mod)
-
-#define debug_off(mod)
+#define debug_print(mod, format, arg) \
+ if (mod.on) srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg)
+#define debug_print2(mod, format, arg1, arg2) \
+ if (mod.on) srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg1, arg2)
#endif
+#ifdef __cplusplus
+}
+#endif
+
#endif /* ERR_H */
diff --git a/libs/srtp/crypto/include/gf2_8.h b/libs/srtp/crypto/include/gf2_8.h
deleted file mode 100644
index 098d37c9e2..0000000000
--- a/libs/srtp/crypto/include/gf2_8.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * gf2_8.h
- *
- * GF(256) implementation
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#ifndef GF2_8_H
-#define GF2_8_H
-
-#include "datatypes.h" /* for uint8_t definition */
-
-typedef uint8_t gf2_8;
-
-#define gf2_8_field_polynomial 0x1B
-
-/*
- * gf2_8_shift(x) returns
- */
-
-/*
- * gf2_8_shift(z) returns the result of the GF(2^8) 'multiply by x'
- * operation, using the field representation from AES; that is, the
- * next gf2_8 value in the cyclic representation of that field. The
- * value z should be an uint8_t.
- */
-
-#define gf2_8_shift(z) (((z) & 128) ? \
- (((z) << 1) ^ gf2_8_field_polynomial) : ((z) << 1))
-
-gf2_8
-gf2_8_compute_inverse(gf2_8 x);
-
-void
-test_gf2_8(void);
-
-gf2_8
-gf2_8_multiply(gf2_8 x, gf2_8 y);
-
-#endif /* GF2_8_H */
diff --git a/libs/srtp/crypto/include/hmac.h b/libs/srtp/crypto/include/hmac.h
index 875f45c649..148818122c 100644
--- a/libs/srtp/crypto/include/hmac.h
+++ b/libs/srtp/crypto/include/hmac.h
@@ -1,33 +1,33 @@
/*
* hmac.h
*
- * interface to hmac auth_type_t
+ * interface to hmac srtp_auth_type_t
*
* David A. McGrew
* Cisco Systems, Inc.
*
*/
/*
- *
- * Copyright (c) 2001-2006,2013, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -50,33 +50,9 @@
#include "sha1.h"
typedef struct {
- uint8_t opad[64];
- sha1_ctx_t ctx;
- sha1_ctx_t init_ctx;
-#ifdef OPENSSL
- int ctx_initialized;
- int init_ctx_initialized;
-#endif
-} hmac_ctx_t;
-
-err_status_t
-hmac_alloc(auth_t **a, int key_len, int out_len);
-
-err_status_t
-hmac_dealloc(auth_t *a);
-
-err_status_t
-hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len);
-
-err_status_t
-hmac_start(hmac_ctx_t *state);
-
-err_status_t
-hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets);
-
-err_status_t
-hmac_compute(hmac_ctx_t *state, const void *message,
- int msg_octets, int tag_len, uint8_t *result);
-
+ uint8_t opad[64];
+ srtp_sha1_ctx_t ctx;
+ srtp_sha1_ctx_t init_ctx;
+} srtp_hmac_ctx_t;
#endif /* HMAC_H */
diff --git a/libs/srtp/crypto/include/integers.h b/libs/srtp/crypto/include/integers.h
index 7010efdde3..4a871c7085 100644
--- a/libs/srtp/crypto/include/integers.h
+++ b/libs/srtp/crypto/include/integers.h
@@ -9,7 +9,7 @@
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -47,13 +47,6 @@
#ifndef INTEGERS_H
#define INTEGERS_H
-#include "config.h" /* configuration file, using autoconf */
-
-#ifdef SRTP_KERNEL
-
-#include "kernel_compat.h"
-
-#else /* SRTP_KERNEL */
/* use standard integer definitions, if they're available */
#ifdef HAVE_STDLIB_H
@@ -75,8 +68,12 @@
# include
#endif
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* Can we do 64 bit integers? */
-#ifndef HAVE_UINT64_T
+#if !defined(HAVE_UINT64_T)
# if SIZEOF_UNSIGNED_LONG == 8
typedef unsigned long uint64_t;
# elif SIZEOF_UNSIGNED_LONG_LONG == 8
@@ -97,9 +94,12 @@ typedef unsigned short int uint16_t;
#ifndef HAVE_UINT32_T
typedef unsigned int uint32_t;
#endif
+#ifndef HAVE_INT32_T
+typedef int int32_t;
+#endif
-#ifdef NO_64BIT_MATH
+#if defined(NO_64BIT_MATH) && defined(HAVE_CONFIG_H)
typedef double uint64_t;
/* assert that sizeof(double) == 8 */
extern uint64_t make64(uint32_t high, uint32_t low);
@@ -107,7 +107,6 @@ extern uint32_t high32(uint64_t value);
extern uint32_t low32(uint64_t value);
#endif
-#endif /* SRTP_KERNEL */
/* These macros are to load and store 32-bit values from un-aligned
addresses. This is required for processors that do not allow unaligned
@@ -144,4 +143,8 @@ extern uint32_t low32(uint64_t value);
#define GET_32(addr) (*(((uint32_t *) (addr)))
#endif
+#ifdef __cplusplus
+}
+#endif
+
#endif /* INTEGERS_H */
diff --git a/libs/srtp/crypto/include/kernel_compat.h b/libs/srtp/crypto/include/kernel_compat.h
deleted file mode 100644
index 59d1898e1b..0000000000
--- a/libs/srtp/crypto/include/kernel_compat.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * kernel_compat.h
- *
- * Compatibility stuff for building in kernel context where standard
- * C headers and library are not available.
- *
- * Marcus Sundberg
- * Ingate Systems AB
- */
-/*
- *
- * Copyright(c) 2005 Ingate Systems AB
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the author(s) nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifndef KERNEL_COMPAT_H
-#define KERNEL_COMPAT_H
-
-#ifdef SRTP_KERNEL_LINUX
-
-#include
-#include
-#include
-#include
-#include
-
-
-#define err_report(priority, ...) \
- do {\
- if (priority <= err_level) {\
- printk(__VA_ARGS__);\
- }\
- }while(0)
-
-#define clock() (jiffies)
-#define time(x) (jiffies)
-
-/* rand() implementation. */
-#define RAND_MAX 32767
-
-static inline int rand(void)
-{
- uint32_t temp;
- get_random_bytes(&temp, sizeof(temp));
- return temp % (RAND_MAX+1);
-}
-
-/* stdio/stdlib implementation. */
-#define printf(...) printk(__VA_ARGS__)
-#define exit(n) panic("%s:%d: exit(%d)\n", __FILE__, __LINE__, (n))
-
-#endif /* SRTP_KERNEL_LINUX */
-
-#endif /* KERNEL_COMPAT_H */
diff --git a/libs/srtp/crypto/include/key.h b/libs/srtp/crypto/include/key.h
index e7e07448e7..55ba126435 100644
--- a/libs/srtp/crypto/include/key.h
+++ b/libs/srtp/crypto/include/key.h
@@ -2,31 +2,31 @@
* key.h
*
* key usage limits enforcement
- *
+ *
* David A. Mcgrew
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -45,38 +45,42 @@
#ifndef KEY_H
#define KEY_H
-#include "rdbx.h" /* for xtd_seq_num_t */
+#include "rdbx.h" /* for srtp_xtd_seq_num_t */
#include "err.h"
-typedef struct key_limit_ctx_t *key_limit_t;
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct srtp_key_limit_ctx_t *srtp_key_limit_t;
typedef enum {
- key_event_normal,
- key_event_soft_limit,
- key_event_hard_limit
-} key_event_t;
+ srtp_key_event_normal,
+ srtp_key_event_soft_limit,
+ srtp_key_event_hard_limit
+} srtp_key_event_t;
-err_status_t
-key_limit_set(key_limit_t key, const xtd_seq_num_t s);
+srtp_err_status_t srtp_key_limit_set(srtp_key_limit_t key, const srtp_xtd_seq_num_t s);
-err_status_t
-key_limit_clone(key_limit_t original, key_limit_t *new_key);
+srtp_err_status_t srtp_key_limit_clone(srtp_key_limit_t original, srtp_key_limit_t *new_key);
-err_status_t
-key_limit_check(const key_limit_t key);
+srtp_err_status_t srtp_key_limit_check(const srtp_key_limit_t key);
-key_event_t
-key_limit_update(key_limit_t key);
+srtp_key_event_t srtp_key_limit_update(srtp_key_limit_t key);
-typedef enum {
- key_state_normal,
- key_state_past_soft_limit,
- key_state_expired
-} key_state_t;
+typedef enum {
+ srtp_key_state_normal,
+ srtp_key_state_past_soft_limit,
+ srtp_key_state_expired
+} srtp_key_state_t;
-typedef struct key_limit_ctx_t {
- xtd_seq_num_t num_left;
- key_state_t state;
-} key_limit_ctx_t;
+typedef struct srtp_key_limit_ctx_t {
+ srtp_xtd_seq_num_t num_left;
+ srtp_key_state_t state;
+} srtp_key_limit_ctx_t;
+
+#ifdef __cplusplus
+}
+#endif
#endif /* KEY_H */
diff --git a/libs/srtp/crypto/include/null_auth.h b/libs/srtp/crypto/include/null_auth.h
index 44f9a4a2ba..490dd7bc0f 100644
--- a/libs/srtp/crypto/include/null_auth.h
+++ b/libs/srtp/crypto/include/null_auth.h
@@ -7,26 +7,26 @@
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -47,22 +47,27 @@
#include "auth.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
typedef struct {
- char foo;
-} null_auth_ctx_t;
+ char foo;
+} srtp_null_auth_ctx_t;
-err_status_t
-null_auth_alloc(auth_t **a, int key_len, int out_len);
+#if 0
+srtp_err_status_t srtp_null_auth_alloc(srtp_auth_t **a, int key_len, int out_len);
-err_status_t
-null_auth_dealloc(auth_t *a);
+srtp_err_status_t srtp_null_auth_dealloc(srtp_auth_t *a);
-err_status_t
-null_auth_init(null_auth_ctx_t *state, const uint8_t *key, int key_len);
+srtp_err_status_t srtp_null_auth_init(srtp_null_auth_ctx_t *state, const uint8_t *key, int key_len);
-err_status_t
-null_auth_compute (null_auth_ctx_t *state, uint8_t *message,
- int msg_octets, int tag_len, uint8_t *result);
+srtp_err_status_t srtp_null_auth_compute(srtp_null_auth_ctx_t *state, uint8_t *message, int msg_octets, int tag_len, uint8_t *result);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
#endif /* NULL_AUTH_H */
diff --git a/libs/srtp/crypto/include/null_cipher.h b/libs/srtp/crypto/include/null_cipher.h
index 39da59a812..4e168f1a77 100644
--- a/libs/srtp/crypto/include/null_cipher.h
+++ b/libs/srtp/crypto/include/null_cipher.h
@@ -9,26 +9,26 @@
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -52,29 +52,7 @@
#include "cipher.h"
typedef struct {
- char foo ;/* empty, for now */
-} null_cipher_ctx_t;
-
-
-/*
- * none of these functions do anything (though future versions may keep
- * track of bytes encrypted, number of instances, and/or other info).
- */
-
-err_status_t
-null_cipher_init(null_cipher_ctx_t *c, const uint8_t *key, int key_len);
-
-err_status_t
-null_cipher_set_segment(null_cipher_ctx_t *c,
- unsigned long segment_index);
-
-err_status_t
-null_cipher_encrypt(null_cipher_ctx_t *c,
- unsigned char *buf, unsigned int *bytes_to_encr);
-
-
-err_status_t
-null_cipher_encrypt_aligned(null_cipher_ctx_t *c,
- unsigned char *buf, int bytes_to_encr);
+ char foo; /* empty, for now */
+} srtp_null_cipher_ctx_t;
#endif /* NULL_CIPHER_H */
diff --git a/libs/srtp/crypto/include/prng.h b/libs/srtp/crypto/include/prng.h
deleted file mode 100644
index c493383cba..0000000000
--- a/libs/srtp/crypto/include/prng.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * prng.h
- *
- * pseudorandom source
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-#ifndef PRNG_H
-#define PRNG_H
-
-#include "rand_source.h" /* for rand_source_func_t definition */
-#include "aes.h" /* for aes */
-//FIXME: this is temporary until we pull in the code to use OpenSSL for RNG
-#ifdef OPENSSL
-#include "aes_icm_ossl.h" /* for aes ctr */
-#else
-#include "aes_icm.h" /* for aes ctr */
-#endif
-
-#define MAX_PRNG_OUT_LEN 0xffffffffU
-
-/*
- * x917_prng is an ANSI X9.17-like AES-based PRNG
- */
-
-typedef struct {
- v128_t state; /* state data */
- aes_expanded_key_t key; /* secret key */
- uint32_t octet_count; /* number of octets output since last init */
- rand_source_func_t rand; /* random source for re-initialization */
-} x917_prng_t;
-
-err_status_t
-x917_prng_init(rand_source_func_t random_source);
-
-err_status_t
-x917_prng_get_octet_string(uint8_t *dest, uint32_t len);
-
-
-/*
- * ctr_prng is an AES-CTR based PRNG
- */
-
-typedef struct {
- uint32_t octet_count; /* number of octets output since last init */
- aes_icm_ctx_t state; /* state data */
- rand_source_func_t rand; /* random source for re-initialization */
-} ctr_prng_t;
-
-err_status_t
-ctr_prng_init(rand_source_func_t random_source);
-
-err_status_t
-ctr_prng_get_octet_string(void *dest, uint32_t len);
-
-
-#endif
diff --git a/libs/srtp/crypto/include/rdb.h b/libs/srtp/crypto/include/rdb.h
index 2ccb1448e2..4671a0a0d9 100644
--- a/libs/srtp/crypto/include/rdb.h
+++ b/libs/srtp/crypto/include/rdb.h
@@ -8,12 +8,52 @@
*/
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
#ifndef REPLAY_DB_H
#define REPLAY_DB_H
#include "integers.h" /* for uint32_t */
#include "datatypes.h" /* for v128_t */
-#include "err.h" /* for err_status_t */
+#include "err.h" /* for srtp_err_status_t */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
/*
* if the ith least significant bit is one, then the packet index
@@ -21,74 +61,69 @@
*/
typedef struct {
- uint32_t window_start; /* packet index of the first bit in bitmask */
- v128_t bitmask;
-} rdb_t;
+ uint32_t window_start; /* packet index of the first bit in bitmask */
+ v128_t bitmask;
+} srtp_rdb_t;
-#define rdb_bits_in_bitmask (8*sizeof(v128_t))
+#define rdb_bits_in_bitmask (8 * sizeof(v128_t))
/*
- * rdb init
+ * srtp_rdb_init
*
* initalizes rdb
*
- * returns err_status_ok on success, err_status_t_fail otherwise
+ * returns srtp_err_status_ok on success, srtp_err_status_t_fail otherwise
*/
-
-err_status_t
-rdb_init(rdb_t *rdb);
+srtp_err_status_t srtp_rdb_init(srtp_rdb_t *rdb);
/*
- * rdb_check
+ * srtp_rdb_check
*
* checks to see if index appears in rdb
*
- * returns err_status_fail if the index already appears in rdb,
- * returns err_status_ok otherwise
+ * returns srtp_err_status_fail if the index already appears in rdb,
+ * returns srtp_err_status_ok otherwise
*/
-
-err_status_t
-rdb_check(const rdb_t *rdb, uint32_t rdb_index);
+srtp_err_status_t srtp_rdb_check(const srtp_rdb_t *rdb, uint32_t rdb_index);
/*
- * rdb_add_index
+ * srtp_rdb_add_index
*
- * adds index to rdb_t (and does *not* check if index appears in db)
+ * adds index to srtp_rdb_t (and does *not* check if index appears in db)
*
- * returns err_status_ok on success, err_status_fail otherwise
+ * returns srtp_err_status_ok on success, srtp_err_status_fail otherwise
*
*/
-
-err_status_t
-rdb_add_index(rdb_t *rdb, uint32_t rdb_index);
+srtp_err_status_t srtp_rdb_add_index(srtp_rdb_t *rdb, uint32_t rdb_index);
/*
- * the functions rdb_increment() and rdb_get_value() are for use by
+ * the functions srtp_rdb_increment() and srtp_rdb_get_value() are for use by
* senders, not receivers - DO NOT use these functions on the same
- * rdb_t upon which rdb_add_index is used!
+ * srtp_rdb_t upon which srtp_rdb_add_index is used!
*/
/*
- * rdb_increment(db) increments the sequence number in db, if it is
+ * srtp_rdb_increment(db) increments the sequence number in db, if it is
* not too high
*
* return values:
- *
- * err_status_ok no problem
- * err_status_key_expired sequence number too high
+ *
+ * srtp_err_status_ok no problem
+ * srtp_err_status_key_expired sequence number too high
*
*/
-err_status_t
-rdb_increment(rdb_t *rdb);
+srtp_err_status_t srtp_rdb_increment(srtp_rdb_t *rdb);
/*
- * rdb_get_value(db) returns the current sequence number of db
+ * srtp_rdb_get_value(db) returns the current sequence number of db
*/
-
-uint32_t
-rdb_get_value(const rdb_t *rdb);
+uint32_t srtp_rdb_get_value(const srtp_rdb_t *rdb);
-#endif /* REPLAY_DB_H */
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* REPLAY_DB_H */
diff --git a/libs/srtp/crypto/include/rdbx.h b/libs/srtp/crypto/include/rdbx.h
index 146fb42f25..010eb012d7 100644
--- a/libs/srtp/crypto/include/rdbx.h
+++ b/libs/srtp/crypto/include/rdbx.h
@@ -8,179 +8,204 @@
*
*/
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
#ifndef RDBX_H
#define RDBX_H
#include "datatypes.h"
#include "err.h"
-/* #define ROC_TEST */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* #define ROC_TEST */
#ifndef ROC_TEST
-typedef uint16_t sequence_number_t; /* 16 bit sequence number */
-typedef uint32_t rollover_counter_t; /* 32 bit rollover counter */
+typedef uint16_t srtp_sequence_number_t; /* 16 bit sequence number */
+typedef uint32_t srtp_rollover_counter_t; /* 32 bit rollover counter */
#else /* use small seq_num and roc datatypes for testing purposes */
-typedef unsigned char sequence_number_t; /* 8 bit sequence number */
-typedef uint16_t rollover_counter_t; /* 16 bit rollover counter */
+typedef unsigned char srtp_sequence_number_t; /* 8 bit sequence number */
+typedef uint16_t srtp_rollover_counter_t; /* 16 bit rollover counter */
#endif
-#define seq_num_median (1 << (8*sizeof(sequence_number_t) - 1))
-#define seq_num_max (1 << (8*sizeof(sequence_number_t)))
+#define seq_num_median (1 << (8 * sizeof(srtp_sequence_number_t) - 1))
+#define seq_num_max (1 << (8 * sizeof(srtp_sequence_number_t)))
/*
- * An xtd_seq_num_t is a 64-bit unsigned integer used as an 'extended'
- * sequence number.
+ * An rtp_xtd_seq_num_t is a 64-bit unsigned integer used as an 'extended'
+ * sequence number.
*/
-
-typedef uint64_t xtd_seq_num_t;
+typedef uint64_t srtp_xtd_seq_num_t;
/*
- * An rdbx_t is a replay database with extended range; it uses an
+ * An srtp_rdbx_t is a replay database with extended range; it uses an
* xtd_seq_num_t and a bitmask of recently received indices.
*/
-
typedef struct {
- xtd_seq_num_t index;
- bitvector_t bitmask;
-} rdbx_t;
+ srtp_xtd_seq_num_t index;
+ bitvector_t bitmask;
+} srtp_rdbx_t;
/*
- * rdbx_init(rdbx_ptr, ws)
+ * srtp_rdbx_init(rdbx_ptr, ws)
*
* initializes the rdbx pointed to by its argument with the window size ws,
* setting the rollover counter and sequence number to zero
*/
-
-err_status_t
-rdbx_init(rdbx_t *rdbx, unsigned long ws);
+srtp_err_status_t srtp_rdbx_init(srtp_rdbx_t *rdbx, unsigned long ws);
/*
- * rdbx_dealloc(rdbx_ptr)
+ * srtp_rdbx_dealloc(rdbx_ptr)
*
* frees memory associated with the rdbx
*/
-
-err_status_t
-rdbx_dealloc(rdbx_t *rdbx);
+srtp_err_status_t srtp_rdbx_dealloc(srtp_rdbx_t *rdbx);
/*
- * rdbx_estimate_index(rdbx, guess, s)
- *
+ * srtp_rdbx_estimate_index(rdbx, guess, s)
+ *
* given an rdbx and a sequence number s (from a newly arrived packet),
* sets the contents of *guess to contain the best guess of the packet
* index to which s corresponds, and returns the difference between
* *guess and the locally stored synch info
*/
-
-int
-rdbx_estimate_index(const rdbx_t *rdbx,
- xtd_seq_num_t *guess,
- sequence_number_t s);
+int32_t srtp_rdbx_estimate_index(const srtp_rdbx_t *rdbx, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s);
/*
- * rdbx_check(rdbx, delta);
+ * srtp_rdbx_check(rdbx, delta);
*
- * rdbx_check(&r, delta) checks to see if the xtd_seq_num_t
+ * srtp_rdbx_check(&r, delta) checks to see if the xtd_seq_num_t
* which is at rdbx->window_start + delta is in the rdb
*
*/
-
-err_status_t
-rdbx_check(const rdbx_t *rdbx, int difference);
+srtp_err_status_t srtp_rdbx_check(const srtp_rdbx_t *rdbx, int difference);
/*
- * replay_add_index(rdbx, delta)
- *
- * adds the xtd_seq_num_t at rdbx->window_start + delta to replay_db
+ * srtp_replay_add_index(rdbx, delta)
+ *
+ * adds the srtp_xtd_seq_num_t at rdbx->window_start + delta to replay_db
* (and does *not* check if that xtd_seq_num_t appears in db)
*
* this function should be called *only* after replay_check has
* indicated that the index does not appear in the rdbx, and a mutex
* should protect the rdbx between these calls if necessary.
*/
-
-err_status_t
-rdbx_add_index(rdbx_t *rdbx, int delta);
+srtp_err_status_t srtp_rdbx_add_index(srtp_rdbx_t *rdbx, int delta);
/*
- * rdbx_set_roc(rdbx, roc) initalizes the rdbx_t at the location rdbx
+ * srtp_rdbx_set_roc(rdbx, roc) initalizes the srtp_rdbx_t at the location rdbx
* to have the rollover counter value roc. If that value is less than
* the current rollover counter value, then the function returns
- * err_status_replay_old; otherwise, err_status_ok is returned.
- *
+ * srtp_err_status_replay_old; otherwise, srtp_err_status_ok is returned.
+ *
*/
-
-err_status_t
-rdbx_set_roc(rdbx_t *rdbx, uint32_t roc);
+srtp_err_status_t srtp_rdbx_set_roc(srtp_rdbx_t *rdbx, uint32_t roc);
/*
- * rdbx_get_roc(rdbx) returns the value of the rollover counter for
- * the rdbx_t pointed to by rdbx
- *
+ * srtp_rdbx_get_packet_index(rdbx) returns the value of the rollover counter for
+ * the srtp_rdbx_t pointed to by rdbx
+ *
*/
-
-xtd_seq_num_t
-rdbx_get_packet_index(const rdbx_t *rdbx);
+srtp_xtd_seq_num_t srtp_rdbx_get_packet_index(const srtp_rdbx_t *rdbx);
/*
- * xtd_seq_num_t functions - these are *internal* functions of rdbx, and
+ * srtp_xtd_seq_num_t functions - these are *internal* functions of rdbx, and
* shouldn't be used to manipulate rdbx internal values. use the rdbx
* api instead!
*/
/*
- * rdbx_get_ws(rdbx_ptr)
+ * srtp_rdbx_get_ws(rdbx_ptr)
*
* gets the window size which was used to initialize the rdbx
*/
-
-unsigned long
-rdbx_get_window_size(const rdbx_t *rdbx);
+unsigned long srtp_rdbx_get_window_size(const srtp_rdbx_t *rdbx);
/* index_init(&pi) initializes a packet index pi (sets it to zero) */
-
-void
-index_init(xtd_seq_num_t *pi);
+void srtp_index_init(srtp_xtd_seq_num_t *pi);
/* index_advance(&pi, s) advances a xtd_seq_num_t forward by s */
-
-void
-index_advance(xtd_seq_num_t *pi, sequence_number_t s);
+void srtp_index_advance(srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s);
/*
- * index_guess(local, guess, s)
- *
- * given a xtd_seq_num_t local (which represents the highest
+ * srtp_index_guess(local, guess, s)
+ *
+ * given a srtp_xtd_seq_num_t local (which represents the highest
* known-to-be-good index) and a sequence number s (from a newly
* arrived packet), sets the contents of *guess to contain the best
* guess of the packet index to which s corresponds, and returns the
* difference between *guess and *local
*/
+int32_t srtp_index_guess(const srtp_xtd_seq_num_t *local, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s);
-int
-index_guess(const xtd_seq_num_t *local,
- xtd_seq_num_t *guess,
- sequence_number_t s);
+/*
+ * srtp_rdbx_get_roc(rdbx)
+ *
+ * Get the current rollover counter
+ *
+ */
+uint32_t srtp_rdbx_get_roc(const srtp_rdbx_t *rdbx);
+/*
+ * srtp_rdbx_set_roc_seq(rdbx, roc, seq) initalizes the srtp_rdbx_t at the
+ * location rdbx to have the rollover counter value roc and packet sequence
+ * number seq. If the new rollover counter value is less than the current
+ * rollover counter value, then the function returns
+ * srtp_err_status_replay_old, otherwise, srtp_err_status_ok is returned.
+ */
+srtp_err_status_t srtp_rdbx_set_roc_seq (srtp_rdbx_t *rdbx,
+ uint32_t roc,
+ uint16_t seq);
+
+#ifdef __cplusplus
+}
+#endif
#endif /* RDBX_H */
-
-
-
-
-
-
-
-
-
diff --git a/libs/srtp/crypto/include/sha1.h b/libs/srtp/crypto/include/sha1.h
index 3708fd9cdb..3dc8d91039 100644
--- a/libs/srtp/crypto/include/sha1.h
+++ b/libs/srtp/crypto/include/sha1.h
@@ -9,26 +9,26 @@
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -47,19 +47,31 @@
#ifndef SHA1_H
#define SHA1_H
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include "err.h"
#ifdef OPENSSL
#include
+#include
+#else
+#include "datatypes.h"
+#endif
-typedef EVP_MD_CTX sha1_ctx_t;
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL
/*
- * sha1_init(&ctx) initializes the SHA1 context ctx
+ * srtp_sha1_init(&ctx) initializes the SHA1 context ctx
*
- * sha1_update(&ctx, msg, len) hashes the len octets starting at msg
+ * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg
* into the SHA1 context
*
- * sha1_final(&ctx, output) performs the final processing of the SHA1
+ * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1
* context and writes the result to the 20 octets at output
*
* Return values are ignored on the EVP functions since all three
@@ -67,81 +79,101 @@ typedef EVP_MD_CTX sha1_ctx_t;
*
*/
-static inline void sha1_init (sha1_ctx_t *ctx)
+/* OpenSSL 1.1.0 made EVP_MD_CTX an opaque structure, which must be allocated
+ using EVP_MD_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+typedef EVP_MD_CTX srtp_sha1_ctx_t;
+
+static inline void srtp_sha1_init (srtp_sha1_ctx_t *ctx)
{
EVP_MD_CTX_init(ctx);
EVP_DigestInit(ctx, EVP_sha1());
}
-static inline void sha1_update (sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
+static inline void srtp_sha1_update (srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
{
EVP_DigestUpdate(ctx, M, octets_in_msg);
}
-static inline void sha1_final (sha1_ctx_t *ctx, uint32_t *output)
+static inline void srtp_sha1_final (srtp_sha1_ctx_t *ctx, uint32_t *output)
{
unsigned int len = 0;
EVP_DigestFinal(ctx, (unsigned char*)output, &len);
+ EVP_MD_CTX_cleanup(ctx);
}
+
+#else
+
+typedef EVP_MD_CTX* srtp_sha1_ctx_t;
+
+static inline void srtp_sha1_init (srtp_sha1_ctx_t *ctx)
+{
+ *ctx = EVP_MD_CTX_new();
+ EVP_DigestInit(*ctx, EVP_sha1());
+}
+
+static inline void srtp_sha1_update (srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
+{
+ EVP_DigestUpdate(*ctx, M, octets_in_msg);
+}
+
+static inline void srtp_sha1_final (srtp_sha1_ctx_t *ctx, uint32_t *output)
+{
+ unsigned int len = 0;
+
+ EVP_DigestFinal(*ctx, (unsigned char*)output, &len);
+ EVP_MD_CTX_free(*ctx);
+}
+#endif
+
#else
-#include "datatypes.h"
typedef struct {
- uint32_t H[5]; /* state vector */
- uint32_t M[16]; /* message buffer */
- int octets_in_buffer; /* octets of message in buffer */
- uint32_t num_bits_in_msg; /* total number of bits in message */
-} sha1_ctx_t;
+ uint32_t H[5]; /* state vector */
+ uint32_t M[16]; /* message buffer */
+ int octets_in_buffer; /* octets of message in buffer */
+ uint32_t num_bits_in_msg; /* total number of bits in message */
+} srtp_sha1_ctx_t;
+
/*
- * sha1(&ctx, msg, len, output) hashes the len octets starting at msg
- * into the SHA1 context, then writes the result to the 20 octets at
- * output
- *
- */
-
-void
-sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]);
-
-/*
- * sha1_init(&ctx) initializes the SHA1 context ctx
- *
- * sha1_update(&ctx, msg, len) hashes the len octets starting at msg
+ * srtp_sha1_init(&ctx) initializes the SHA1 context ctx
+ *
+ * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg
* into the SHA1 context
- *
- * sha1_final(&ctx, output) performs the final processing of the SHA1
+ *
+ * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1
* context and writes the result to the 20 octets at output
*
*/
+void srtp_sha1_init(srtp_sha1_ctx_t *ctx);
-void
-sha1_init(sha1_ctx_t *ctx);
+void srtp_sha1_update(srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
-void
-sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
-
-void
-sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
+void srtp_sha1_final(srtp_sha1_ctx_t * ctx, uint32_t output[5]);
/*
- * The sha1_core function is INTERNAL to SHA-1, but it is declared
+ * The srtp_sha1_core function is INTERNAL to SHA-1, but it is declared
* here because it is also used by the cipher SEAL 3.0 in its key
- * setup algorithm.
+ * setup algorithm.
*/
/*
- * sha1_core(M, H) computes the core sha1 compression function, where M is
+ * srtp_sha1_core(M, H) computes the core sha1 compression function, where M is
* the next part of the message and H is the intermediate state {H0,
* H1, ...}
*
* this function does not do any of the padding required in the
* complete sha1 function
*/
-
-void
-sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
+void srtp_sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
#endif /* else OPENSSL */
-
+
+#ifdef __cplusplus
+}
+#endif
+
#endif /* SHA1_H */
diff --git a/libs/srtp/crypto/include/stat.h b/libs/srtp/crypto/include/stat.h
index e28b1314a8..e8cf3605a8 100644
--- a/libs/srtp/crypto/include/stat.h
+++ b/libs/srtp/crypto/include/stat.h
@@ -9,7 +9,7 @@
/*
*
- * Copyright(c) 2001-2006, Cisco Systems, Inc.
+ * Copyright(c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -48,22 +48,20 @@
#define STAT_H
#include "datatypes.h" /* for uint8_t */
-#include "err.h" /* for err_status_t */
-#include "rand_source.h" /* for rand_source_func_t definition */
+#include "err.h" /* for srtp_err_status_t */
-err_status_t
-stat_test_monobit(uint8_t *data);
+#ifdef __cplusplus
+extern "C" {
+#endif
-err_status_t
-stat_test_poker(uint8_t *data);
+srtp_err_status_t stat_test_monobit(uint8_t *data);
-err_status_t
-stat_test_runs(uint8_t *data);
+srtp_err_status_t stat_test_poker(uint8_t *data);
-err_status_t
-stat_test_rand_source(rand_source_func_t rs);
+srtp_err_status_t stat_test_runs(uint8_t *data);
-err_status_t
-stat_test_rand_source_with_repetition(rand_source_func_t source, unsigned num_trials);
+#ifdef __cplusplus
+}
+#endif
#endif /* STAT_H */
diff --git a/libs/srtp/crypto/include/xfm.h b/libs/srtp/crypto/include/xfm.h
deleted file mode 100644
index 5837149b61..0000000000
--- a/libs/srtp/crypto/include/xfm.h
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * xfm.h
- *
- * interface for abstract crypto transform
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-#ifndef XFM_H
-#define XFM_H
-
-#include "crypto_kernel.h"
-#include "err.h"
-
-/**
- * @defgroup Crypto Cryptography
- *
- * A simple interface to an abstract cryptographic transform that
- * provides both confidentiality and message authentication.
- *
- * @{
- */
-
-/**
- * @brief applies a crypto transform
- *
- * The function pointer xfm_func_t points to a function that
- * implements a crypto transform, and provides a uniform API for
- * accessing crypto mechanisms.
- *
- * @param key location of secret key
- *
- * @param clear data to be authenticated only
- *
- * @param clear_len length of data to be authenticated only
- *
- * @param iv location to write the Initialization Vector (IV)
- *
- * @param protect location of the data to be encrypted and
- * authenticated (before the function call), and the ciphertext
- * and authentication tag (after the call)
- *
- * @param protected_len location of the length of the data to be
- * encrypted and authenticated (before the function call), and the
- * length of the ciphertext (after the call)
- *
- * @param auth_tag location to write auth tag
- */
-
-typedef err_status_t (*xfm_func_t)
- (void *key,
- void *clear,
- unsigned clear_len,
- void *iv,
- void *protect,
- unsigned *protected_len,
- void *auth_tag
- );
-
-typedef
-err_status_t (*xfm_inv_t)
- (void *key, /* location of secret key */
- void *clear, /* data to be authenticated only */
- unsigned clear_len, /* length of data to be authenticated only */
- void *iv, /* location of iv */
- void *opaque, /* data to be decrypted and authenticated */
- unsigned *opaque_len, /* location of the length of data to be
- * decrypted and authd (before and after)
- */
- void *auth_tag /* location of auth tag */
- );
-
-typedef struct xfm_ctx_t {
- xfm_func_t func;
- xfm_inv_t inv;
- unsigned key_len;
- unsigned iv_len;
- unsigned auth_tag_len;
-} xfm_ctx_t;
-
-typedef xfm_ctx_t *xfm_t;
-
-#define xfm_get_key_len(xfm) ((xfm)->key_len)
-
-#define xfm_get_iv_len(xfm) ((xfm)->iv_len)
-
-#define xfm_get_auth_tag_len(xfm) ((xfm)->auth_tag_len)
-
-
-/* cryptoalgo - 5/28 */
-
-typedef err_status_t (*cryptoalg_func_t)
- (void *key,
- void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len
- );
-
-typedef
-err_status_t (*cryptoalg_inv_t)
- (void *key, /* location of secret key */
- void *clear, /* data to be authenticated only */
- unsigned clear_len, /* length of data to be authenticated only */
- void *iv, /* location of iv */
- void *opaque, /* data to be decrypted and authenticated */
- unsigned *opaque_len /* location of the length of data to be
- * decrypted and authd (before and after)
- */
- );
-
-typedef struct cryptoalg_ctx_t {
- cryptoalg_func_t enc;
- cryptoalg_inv_t dec;
- unsigned key_len;
- unsigned iv_len;
- unsigned auth_tag_len;
- unsigned max_expansion;
-} cryptoalg_ctx_t;
-
-typedef cryptoalg_ctx_t *cryptoalg_t;
-
-#define cryptoalg_get_key_len(cryptoalg) ((cryptoalg)->key_len)
-
-#define cryptoalg_get_iv_len(cryptoalg) ((cryptoalg)->iv_len)
-
-#define cryptoalg_get_auth_tag_len(cryptoalg) ((cryptoalg)->auth_tag_len)
-
-
-
-/**
- * @}
- */
-
-#endif /* XFM_H */
-
-
diff --git a/libs/srtp/crypto/kernel/alloc.c b/libs/srtp/crypto/kernel/alloc.c
index 150d60af82..cbd8877c87 100644
--- a/libs/srtp/crypto/kernel/alloc.c
+++ b/libs/srtp/crypto/kernel/alloc.c
@@ -8,7 +8,7 @@
*/
/*
*
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -42,35 +42,36 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include "alloc.h"
#include "crypto_kernel.h"
/* the debug module for memory allocation */
-debug_module_t mod_alloc = {
+srtp_debug_module_t mod_alloc = {
0, /* debugging is off by default */
"alloc" /* printable name for module */
};
/*
- * Nota bene: the debugging statements for crypto_alloc() and
- * crypto_free() have identical prefixes, which include the addresses
+ * Nota bene: the debugging statements for srtp_crypto_alloc() and
+ * srtp_crypto_free() have identical prefixes, which include the addresses
* of the memory locations on which they are operating. This fact can
* be used to locate memory leaks, by turning on memory debugging,
* grepping for 'alloc', then matching alloc and free calls by
* address.
*/
-#ifdef SRTP_KERNEL_LINUX
+#if defined(HAVE_STDLIB_H)
-#include
-
-void *
-crypto_alloc(size_t size) {
+void * srtp_crypto_alloc(size_t size) {
void *ptr;
- ptr = kmalloc(size, in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
-
+ ptr = malloc(size);
+
if (ptr) {
debug_print(mod_alloc, "(location: %p) allocated", ptr);
} else {
@@ -80,33 +81,7 @@ crypto_alloc(size_t size) {
return ptr;
}
-void
-crypto_free(void *ptr) {
-
- debug_print(mod_alloc, "(location: %p) freed", ptr);
-
- kfree(ptr);
-}
-
-
-#elif defined(HAVE_STDLIB_H)
-
-void *
-crypto_alloc(size_t size) {
- void *ptr;
-
- ptr = malloc(size);
-
- if (ptr) {
- debug_print(mod_alloc, "(location: %p) allocated", ptr);
- } else
- debug_print(mod_alloc, "allocation failed (asked for %d bytes)\n", size);
-
- return ptr;
-}
-
-void
-crypto_free(void *ptr) {
+void srtp_crypto_free(void *ptr) {
debug_print(mod_alloc, "(location: %p) freed", ptr);
diff --git a/libs/srtp/crypto/kernel/crypto_kernel.c b/libs/srtp/crypto/kernel/crypto_kernel.c
index 8542be0b84..3caff0e123 100644
--- a/libs/srtp/crypto/kernel/crypto_kernel.c
+++ b/libs/srtp/crypto/kernel/crypto_kernel.c
@@ -7,26 +7,26 @@
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright(c) 2001-2006,2013 Cisco Systems, Inc.
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -43,554 +43,531 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include "alloc.h"
#include "crypto_kernel.h"
/* the debug module for the crypto_kernel */
-debug_module_t mod_crypto_kernel = {
- 0, /* debugging is off by default */
- "crypto kernel" /* printable name for module */
+srtp_debug_module_t srtp_mod_crypto_kernel = {
+ 0, /* debugging is off by default */
+ "crypto kernel" /* printable name for module */
};
/*
- * other debug modules that can be included in the kernel
+ * other generic debug modules that can be included in the kernel
*/
-extern debug_module_t mod_auth;
-extern debug_module_t mod_cipher;
-extern debug_module_t mod_stat;
-extern debug_module_t mod_alloc;
+extern srtp_debug_module_t srtp_mod_auth;
+extern srtp_debug_module_t srtp_mod_cipher;
+extern srtp_debug_module_t mod_stat;
+extern srtp_debug_module_t mod_alloc;
-/*
+/*
* cipher types that can be included in the kernel
- */
+ */
-extern cipher_type_t null_cipher;
-extern cipher_type_t aes_icm;
-#ifndef OPENSSL
-extern cipher_type_t aes_cbc;
-#else
-extern cipher_type_t aes_gcm_128_openssl;
-extern cipher_type_t aes_gcm_256_openssl;
+extern srtp_cipher_type_t srtp_null_cipher;
+extern srtp_cipher_type_t srtp_aes_icm_128;
+extern srtp_cipher_type_t srtp_aes_icm_256;
+#ifdef OPENSSL
+extern srtp_cipher_type_t srtp_aes_icm_192;
+extern srtp_cipher_type_t srtp_aes_gcm_128_openssl;
+extern srtp_cipher_type_t srtp_aes_gcm_256_openssl;
#endif
+/* debug modules for cipher types */
+extern srtp_debug_module_t srtp_mod_aes_icm;
+#ifdef OPENSSL
+extern srtp_debug_module_t srtp_mod_aes_gcm;
+#endif
/*
* auth func types that can be included in the kernel
*/
-extern auth_type_t null_auth;
-extern auth_type_t hmac;
+extern srtp_auth_type_t srtp_null_auth;
+extern srtp_auth_type_t srtp_hmac;
+
+/* debug modules for auth types */
+extern srtp_debug_module_t srtp_mod_hmac;
/* crypto_kernel is a global variable, the only one of its datatype */
-crypto_kernel_t
-crypto_kernel = {
- crypto_kernel_state_insecure, /* start off in insecure state */
- NULL, /* no cipher types yet */
- NULL, /* no auth types yet */
- NULL /* no debug modules yet */
+srtp_crypto_kernel_t crypto_kernel = {
+ srtp_crypto_kernel_state_insecure, /* start off in insecure state */
+ NULL, /* no cipher types yet */
+ NULL, /* no auth types yet */
+ NULL /* no debug modules yet */
};
#define MAX_RNG_TRIALS 25
-err_status_t
-crypto_kernel_init() {
- err_status_t status;
+srtp_err_status_t srtp_crypto_kernel_init ()
+{
+ srtp_err_status_t status;
- /* check the security state */
- if (crypto_kernel.state == crypto_kernel_state_secure) {
-
+ /* check the security state */
+ if (crypto_kernel.state == srtp_crypto_kernel_state_secure) {
+
+ /*
+ * we're already in the secure state, but we've been asked to
+ * re-initialize, so we just re-run the self-tests and then return
+ */
+ return srtp_crypto_kernel_status();
+ }
+
+ /* initialize error reporting system */
+ status = srtp_err_reporting_init();
+ if (status) {
+ return status;
+ }
+
+ /* load debug modules */
+ status = srtp_crypto_kernel_load_debug_module(&srtp_mod_crypto_kernel);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_debug_module(&srtp_mod_auth);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_debug_module(&srtp_mod_cipher);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_debug_module(&mod_stat);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_debug_module(&mod_alloc);
+ if (status) {
+ return status;
+ }
+
+ /* load cipher types */
+ status = srtp_crypto_kernel_load_cipher_type(&srtp_null_cipher, SRTP_NULL_CIPHER);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_128, SRTP_AES_ICM_128);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_256, SRTP_AES_ICM_256);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_debug_module(&srtp_mod_aes_icm);
+ if (status) {
+ return status;
+ }
+#ifdef OPENSSL
+ status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_192, SRTP_AES_ICM_192);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_128_openssl, SRTP_AES_GCM_128);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_256_openssl, SRTP_AES_GCM_256);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_debug_module(&srtp_mod_aes_gcm);
+ if (status) {
+ return status;
+ }
+#endif
+
+ /* load auth func types */
+ status = srtp_crypto_kernel_load_auth_type(&srtp_null_auth, SRTP_NULL_AUTH);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_auth_type(&srtp_hmac, SRTP_HMAC_SHA1);
+ if (status) {
+ return status;
+ }
+ status = srtp_crypto_kernel_load_debug_module(&srtp_mod_hmac);
+ if (status) {
+ return status;
+ }
+
+ /* change state to secure */
+ crypto_kernel.state = srtp_crypto_kernel_state_secure;
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_crypto_kernel_status ()
+{
+ srtp_err_status_t status;
+ srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
+ srtp_kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
+
+ /* for each cipher type, describe and test */
+ while (ctype != NULL) {
+ srtp_err_report(srtp_err_level_info, "cipher: %s\n", ctype->cipher_type->description);
+ srtp_err_report(srtp_err_level_info, " self-test: ");
+ status = srtp_cipher_type_self_test(ctype->cipher_type);
+ if (status) {
+ srtp_err_report(srtp_err_level_error, "failed with error code %d\n", status);
+ exit(status);
+ }
+ srtp_err_report(srtp_err_level_info, "passed\n");
+ ctype = ctype->next;
+ }
+
+ /* for each auth type, describe and test */
+ while (atype != NULL) {
+ srtp_err_report(srtp_err_level_info, "auth func: %s\n", atype->auth_type->description);
+ srtp_err_report(srtp_err_level_info, " self-test: ");
+ status = srtp_auth_type_self_test(atype->auth_type);
+ if (status) {
+ srtp_err_report(srtp_err_level_error, "failed with error code %d\n", status);
+ exit(status);
+ }
+ srtp_err_report(srtp_err_level_info, "passed\n");
+ atype = atype->next;
+ }
+
+ srtp_crypto_kernel_list_debug_modules();
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_crypto_kernel_list_debug_modules ()
+{
+ srtp_kernel_debug_module_t *dm = crypto_kernel.debug_module_list;
+
+ /* describe each debug module */
+ srtp_err_report(srtp_err_level_info, "debug modules loaded:\n");
+ while (dm != NULL) {
+ srtp_err_report(srtp_err_level_info, " %s ", dm->mod->name);
+ if (dm->mod->on) {
+ srtp_err_report(srtp_err_level_info, "(on)\n");
+ } else{
+ srtp_err_report(srtp_err_level_info, "(off)\n");
+ }
+ dm = dm->next;
+ }
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_crypto_kernel_shutdown ()
+{
/*
- * we're already in the secure state, but we've been asked to
- * re-initialize, so we just re-run the self-tests and then return
+ * free dynamic memory used in crypto_kernel at present
*/
- return crypto_kernel_status();
- }
- /* initialize error reporting system */
- status = err_reporting_init("crypto");
- if (status)
- return status;
+ /* walk down cipher type list, freeing memory */
+ while (crypto_kernel.cipher_type_list != NULL) {
+ srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
+ crypto_kernel.cipher_type_list = ctype->next;
+ debug_print(srtp_mod_crypto_kernel,
+ "freeing memory for cipher %s",
+ ctype->cipher_type->description);
+ srtp_crypto_free(ctype);
+ }
- /* load debug modules */
- status = crypto_kernel_load_debug_module(&mod_crypto_kernel);
- if (status)
- return status;
- status = crypto_kernel_load_debug_module(&mod_auth);
- if (status)
- return status;
- status = crypto_kernel_load_debug_module(&mod_cipher);
- if (status)
- return status;
- status = crypto_kernel_load_debug_module(&mod_stat);
- if (status)
- return status;
- status = crypto_kernel_load_debug_module(&mod_alloc);
- if (status)
- return status;
-
- /* initialize random number generator */
- status = rand_source_init();
- if (status)
- return status;
+ /* walk down authetication module list, freeing memory */
+ while (crypto_kernel.auth_type_list != NULL) {
+ srtp_kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
+ crypto_kernel.auth_type_list = atype->next;
+ debug_print(srtp_mod_crypto_kernel,
+ "freeing memory for authentication %s",
+ atype->auth_type->description);
+ srtp_crypto_free(atype);
+ }
- /* run FIPS-140 statistical tests on rand_source */
- status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS);
- if (status)
- return status;
+ /* walk down debug module list, freeing memory */
+ while (crypto_kernel.debug_module_list != NULL) {
+ srtp_kernel_debug_module_t *kdm = crypto_kernel.debug_module_list;
+ crypto_kernel.debug_module_list = kdm->next;
+ debug_print(srtp_mod_crypto_kernel,
+ "freeing memory for debug module %s",
+ kdm->mod->name);
+ srtp_crypto_free(kdm);
+ }
-#ifndef OPENSSL
- /* initialize pseudorandom number generator */
- status = ctr_prng_init(rand_source_get_octet_string);
- if (status)
- return status;
+ /* return to insecure state */
+ crypto_kernel.state = srtp_crypto_kernel_state_insecure;
- /* run FIPS-140 statistical tests on ctr_prng */
- status = stat_test_rand_source_with_repetition(ctr_prng_get_octet_string, MAX_RNG_TRIALS);
- if (status)
- return status;
-#endif
-
- /* load cipher types */
- status = crypto_kernel_load_cipher_type(&null_cipher, NULL_CIPHER);
- if (status)
- return status;
- status = crypto_kernel_load_cipher_type(&aes_icm, AES_ICM);
- if (status)
- return status;
-#ifndef OPENSSL
- status = crypto_kernel_load_cipher_type(&aes_cbc, AES_CBC);
- if (status)
- return status;
-#else
- status = crypto_kernel_load_cipher_type(&aes_gcm_128_openssl, AES_128_GCM);
- if (status) {
- return status;
- }
- status = crypto_kernel_load_cipher_type(&aes_gcm_256_openssl, AES_256_GCM);
- if (status) {
- return status;
- }
-#endif
-
- /* load auth func types */
- status = crypto_kernel_load_auth_type(&null_auth, NULL_AUTH);
- if (status)
- return status;
- status = crypto_kernel_load_auth_type(&hmac, HMAC_SHA1);
- if (status)
- return status;
-
- /* change state to secure */
- crypto_kernel.state = crypto_kernel_state_secure;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-crypto_kernel_status() {
- err_status_t status;
- kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
- kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
- kernel_debug_module_t *dm = crypto_kernel.debug_module_list;
+static inline srtp_err_status_t srtp_crypto_kernel_do_load_cipher_type (const srtp_cipher_type_t *new_ct, srtp_cipher_type_id_t id, int replace)
+{
+ srtp_kernel_cipher_type_t *ctype, *new_ctype;
+ srtp_err_status_t status;
- /* run FIPS-140 statistical tests on rand_source */
- printf("testing rand_source...");
- status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS);
- if (status) {
- printf("failed\n");
- crypto_kernel.state = crypto_kernel_state_insecure;
- return status;
- }
- printf("passed\n");
+ /* defensive coding */
+ if (new_ct == NULL) {
+ return srtp_err_status_bad_param;
+ }
- /* for each cipher type, describe and test */
- while(ctype != NULL) {
- printf("cipher: %s\n", ctype->cipher_type->description);
- printf(" instance count: %d\n", ctype->cipher_type->ref_count);
- printf(" self-test: ");
- status = cipher_type_self_test(ctype->cipher_type);
+ if (new_ct->id != id) {
+ return srtp_err_status_bad_param;
+ }
+
+ /* check cipher type by running self-test */
+ status = srtp_cipher_type_self_test(new_ct);
if (status) {
- printf("failed with error code %d\n", status);
- exit(status);
+ return status;
}
- printf("passed\n");
- ctype = ctype->next;
- }
-
- /* for each auth type, describe and test */
- while(atype != NULL) {
- printf("auth func: %s\n", atype->auth_type->description);
- printf(" instance count: %d\n", atype->auth_type->ref_count);
- printf(" self-test: ");
- status = auth_type_self_test(atype->auth_type);
+
+ /* walk down list, checking if this type is in the list already */
+ ctype = crypto_kernel.cipher_type_list;
+ while (ctype != NULL) {
+ if (id == ctype->id) {
+ if (!replace) {
+ return srtp_err_status_bad_param;
+ }
+ status = srtp_cipher_type_test(new_ct, ctype->cipher_type->test_data);
+ if (status) {
+ return status;
+ }
+ new_ctype = ctype;
+ break;
+ }else if (new_ct == ctype->cipher_type) {
+ return srtp_err_status_bad_param;
+ }
+ ctype = ctype->next;
+ }
+
+ /* if not found, put new_ct at the head of the list */
+ if (ctype == NULL) {
+ /* allocate memory */
+ new_ctype = (srtp_kernel_cipher_type_t*)srtp_crypto_alloc(sizeof(srtp_kernel_cipher_type_t));
+ if (new_ctype == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+ new_ctype->next = crypto_kernel.cipher_type_list;
+
+ /* set head of list to new cipher type */
+ crypto_kernel.cipher_type_list = new_ctype;
+ }
+
+ /* set fields */
+ new_ctype->cipher_type = new_ct;
+ new_ctype->id = id;
+
+ return srtp_err_status_ok;
+}
+
+srtp_err_status_t srtp_crypto_kernel_load_cipher_type (const srtp_cipher_type_t *new_ct, srtp_cipher_type_id_t id)
+{
+ return srtp_crypto_kernel_do_load_cipher_type(new_ct, id, 0);
+}
+
+srtp_err_status_t srtp_replace_cipher_type (const srtp_cipher_type_t *new_ct, srtp_cipher_type_id_t id)
+{
+ return srtp_crypto_kernel_do_load_cipher_type(new_ct, id, 1);
+}
+
+srtp_err_status_t srtp_crypto_kernel_do_load_auth_type (const srtp_auth_type_t *new_at, srtp_auth_type_id_t id, int replace)
+{
+ srtp_kernel_auth_type_t *atype, *new_atype;
+ srtp_err_status_t status;
+
+ /* defensive coding */
+ if (new_at == NULL) {
+ return srtp_err_status_bad_param;
+ }
+
+ if (new_at->id != id) {
+ return srtp_err_status_bad_param;
+ }
+
+ /* check auth type by running self-test */
+ status = srtp_auth_type_self_test(new_at);
if (status) {
- printf("failed with error code %d\n", status);
- exit(status);
+ return status;
}
- printf("passed\n");
- atype = atype->next;
- }
- /* describe each debug module */
- printf("debug modules loaded:\n");
- while (dm != NULL) {
- printf(" %s ", dm->mod->name);
- if (dm->mod->on)
- printf("(on)\n");
- else
- printf("(off)\n");
- dm = dm->next;
- }
-
- return err_status_ok;
-}
-
-err_status_t
-crypto_kernel_list_debug_modules() {
- kernel_debug_module_t *dm = crypto_kernel.debug_module_list;
-
- /* describe each debug module */
- printf("debug modules loaded:\n");
- while (dm != NULL) {
- printf(" %s ", dm->mod->name);
- if (dm->mod->on)
- printf("(on)\n");
- else
- printf("(off)\n");
- dm = dm->next;
- }
-
- return err_status_ok;
-}
-
-err_status_t
-crypto_kernel_shutdown() {
- err_status_t status;
-
- /*
- * free dynamic memory used in crypto_kernel at present
- */
-
- /* walk down cipher type list, freeing memory */
- while (crypto_kernel.cipher_type_list != NULL) {
- kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
- crypto_kernel.cipher_type_list = ctype->next;
- debug_print(mod_crypto_kernel,
- "freeing memory for cipher %s",
- ctype->cipher_type->description);
- crypto_free(ctype);
- }
-
- /* walk down authetication module list, freeing memory */
- while (crypto_kernel.auth_type_list != NULL) {
- kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
- crypto_kernel.auth_type_list = atype->next;
- debug_print(mod_crypto_kernel,
- "freeing memory for authentication %s",
- atype->auth_type->description);
- crypto_free(atype);
- }
-
- /* walk down debug module list, freeing memory */
- while (crypto_kernel.debug_module_list != NULL) {
- kernel_debug_module_t *kdm = crypto_kernel.debug_module_list;
- crypto_kernel.debug_module_list = kdm->next;
- debug_print(mod_crypto_kernel,
- "freeing memory for debug module %s",
- kdm->mod->name);
- crypto_free(kdm);
- }
-
- /* de-initialize random number generator */ status = rand_source_deinit();
- if (status)
- return status;
-
- /* return to insecure state */
- crypto_kernel.state = crypto_kernel_state_insecure;
-
- return err_status_ok;
-}
-
-static inline err_status_t
-crypto_kernel_do_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id,
- int replace) {
- kernel_cipher_type_t *ctype, *new_ctype = 0;
- err_status_t status;
-
- /* defensive coding */
- if (new_ct == NULL)
- return err_status_bad_param;
-
- if (new_ct->id != id)
- return err_status_bad_param;
-
- /* check cipher type by running self-test */
- status = cipher_type_self_test(new_ct);
- if (status) {
- return status;
- }
-
- /* walk down list, checking if this type is in the list already */
- ctype = crypto_kernel.cipher_type_list;
- while (ctype != NULL) {
- if (id == ctype->id) {
- if (!replace)
- return err_status_bad_param;
- status = cipher_type_test(new_ct, ctype->cipher_type->test_data);
- if (status)
- return status;
- new_ctype = ctype;
- break;
+ /* walk down list, checking if this type is in the list already */
+ atype = crypto_kernel.auth_type_list;
+ while (atype != NULL) {
+ if (id == atype->id) {
+ if (!replace) {
+ return srtp_err_status_bad_param;
+ }
+ status = srtp_auth_type_test(new_at, atype->auth_type->test_data);
+ if (status) {
+ return status;
+ }
+ new_atype = atype;
+ break;
+ }else if (new_at == atype->auth_type) {
+ return srtp_err_status_bad_param;
+ }
+ atype = atype->next;
}
- else if (new_ct == ctype->cipher_type)
- return err_status_bad_param;
- ctype = ctype->next;
- }
- /* if not found, put new_ct at the head of the list */
- if (ctype == NULL) {
- /* allocate memory */
- new_ctype = (kernel_cipher_type_t *) crypto_alloc(sizeof(kernel_cipher_type_t));
- if (new_ctype == NULL)
- return err_status_alloc_fail;
- new_ctype->next = crypto_kernel.cipher_type_list;
+ /* if not found, put new_at at the head of the list */
+ if (atype == NULL) {
+ /* allocate memory */
+ new_atype = (srtp_kernel_auth_type_t*)srtp_crypto_alloc(sizeof(srtp_kernel_auth_type_t));
+ if (new_atype == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+
+ new_atype->next = crypto_kernel.auth_type_list;
+ /* set head of list to new auth type */
+ crypto_kernel.auth_type_list = new_atype;
+ }
+
+ /* set fields */
+ new_atype->auth_type = new_at;
+ new_atype->id = id;
+
+ return srtp_err_status_ok;
+
+}
+
+srtp_err_status_t srtp_crypto_kernel_load_auth_type (const srtp_auth_type_t *new_at, srtp_auth_type_id_t id)
+{
+ return srtp_crypto_kernel_do_load_auth_type(new_at, id, 0);
+}
+
+srtp_err_status_t srtp_replace_auth_type (const srtp_auth_type_t *new_at, srtp_auth_type_id_t id)
+{
+ return srtp_crypto_kernel_do_load_auth_type(new_at, id, 1);
+}
+
+
+const srtp_cipher_type_t * srtp_crypto_kernel_get_cipher_type (srtp_cipher_type_id_t id)
+{
+ srtp_kernel_cipher_type_t *ctype;
+
+ /* walk down list, looking for id */
+ ctype = crypto_kernel.cipher_type_list;
+ while (ctype != NULL) {
+ if (id == ctype->id) {
+ return ctype->cipher_type;
+ }
+ ctype = ctype->next;
+ }
+
+ /* haven't found the right one, indicate failure by returning NULL */
+ return NULL;
+}
+
+
+srtp_err_status_t srtp_crypto_kernel_alloc_cipher (srtp_cipher_type_id_t id, srtp_cipher_pointer_t *cp, int key_len, int tag_len)
+{
+ const srtp_cipher_type_t *ct;
+
+ /*
+ * if the crypto_kernel is not yet initialized, we refuse to allocate
+ * any ciphers - this is a bit extra-paranoid
+ */
+ if (crypto_kernel.state != srtp_crypto_kernel_state_secure) {
+ return srtp_err_status_init_fail;
+ }
+
+ ct = srtp_crypto_kernel_get_cipher_type(id);
+ if (!ct) {
+ return srtp_err_status_fail;
+ }
+
+ return ((ct)->alloc(cp, key_len, tag_len));
+}
+
+
+
+const srtp_auth_type_t * srtp_crypto_kernel_get_auth_type (srtp_auth_type_id_t id)
+{
+ srtp_kernel_auth_type_t *atype;
+
+ /* walk down list, looking for id */
+ atype = crypto_kernel.auth_type_list;
+ while (atype != NULL) {
+ if (id == atype->id) {
+ return atype->auth_type;
+ }
+ atype = atype->next;
+ }
+
+ /* haven't found the right one, indicate failure by returning NULL */
+ return NULL;
+}
+
+srtp_err_status_t srtp_crypto_kernel_alloc_auth (srtp_auth_type_id_t id, srtp_auth_pointer_t *ap, int key_len, int tag_len)
+{
+ const srtp_auth_type_t *at;
+
+ /*
+ * if the crypto_kernel is not yet initialized, we refuse to allocate
+ * any auth functions - this is a bit extra-paranoid
+ */
+ if (crypto_kernel.state != srtp_crypto_kernel_state_secure) {
+ return srtp_err_status_init_fail;
+ }
+
+ at = srtp_crypto_kernel_get_auth_type(id);
+ if (!at) {
+ return srtp_err_status_fail;
+ }
+
+ return ((at)->alloc(ap, key_len, tag_len));
+}
+
+srtp_err_status_t srtp_crypto_kernel_load_debug_module (srtp_debug_module_t *new_dm)
+{
+ srtp_kernel_debug_module_t *kdm, *new;
+
+ /* defensive coding */
+ if (new_dm == NULL) {
+ return srtp_err_status_bad_param;
+ }
+
+ /* walk down list, checking if this type is in the list already */
+ kdm = crypto_kernel.debug_module_list;
+ while (kdm != NULL) {
+ if (strncmp(new_dm->name, kdm->mod->name, 64) == 0) {
+ return srtp_err_status_bad_param;
+ }
+ kdm = kdm->next;
+ }
+
+ /* put new_dm at the head of the list */
+ /* allocate memory */
+ new = (srtp_kernel_debug_module_t*)srtp_crypto_alloc(sizeof(srtp_kernel_debug_module_t));
+ if (new == NULL) {
+ return srtp_err_status_alloc_fail;
+ }
+
+ /* set fields */
+ new->mod = new_dm;
+ new->next = crypto_kernel.debug_module_list;
/* set head of list to new cipher type */
- crypto_kernel.cipher_type_list = new_ctype;
- }
-
- /* set fields */
- new_ctype->cipher_type = new_ct;
- new_ctype->id = id;
+ crypto_kernel.debug_module_list = new;
- /* load debug module, if there is one present */
- if (new_ct->debug != NULL)
- crypto_kernel_load_debug_module(new_ct->debug);
- /* we could check for errors here */
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-crypto_kernel_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) {
- return crypto_kernel_do_load_cipher_type(new_ct, id, 0);
-}
+srtp_err_status_t srtp_crypto_kernel_set_debug_module (const char *name, int on)
+{
+ srtp_kernel_debug_module_t *kdm;
-err_status_t
-crypto_kernel_replace_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) {
- return crypto_kernel_do_load_cipher_type(new_ct, id, 1);
-}
-
-err_status_t
-crypto_kernel_do_load_auth_type(auth_type_t *new_at, auth_type_id_t id,
- int replace) {
- kernel_auth_type_t *atype, *new_atype = 0;
- err_status_t status;
-
- /* defensive coding */
- if (new_at == NULL)
- return err_status_bad_param;
-
- if (new_at->id != id)
- return err_status_bad_param;
-
- /* check auth type by running self-test */
- status = auth_type_self_test(new_at);
- if (status) {
- return status;
- }
-
- /* walk down list, checking if this type is in the list already */
- atype = crypto_kernel.auth_type_list;
- while (atype != NULL) {
- if (id == atype->id) {
- if (!replace)
- return err_status_bad_param;
- status = auth_type_test(new_at, atype->auth_type->test_data);
- if (status)
- return status;
- new_atype = atype;
- break;
+ /* walk down list, checking if this type is in the list already */
+ kdm = crypto_kernel.debug_module_list;
+ while (kdm != NULL) {
+ if (strncmp(name, kdm->mod->name, 64) == 0) {
+ kdm->mod->on = on;
+ return srtp_err_status_ok;
+ }
+ kdm = kdm->next;
}
- else if (new_at == atype->auth_type)
- return err_status_bad_param;
- atype = atype->next;
- }
-
- /* if not found, put new_at at the head of the list */
- if (atype == NULL) {
- /* allocate memory */
- new_atype = (kernel_auth_type_t *)crypto_alloc(sizeof(kernel_auth_type_t));
- if (new_atype == NULL)
- return err_status_alloc_fail;
-
- new_atype->next = crypto_kernel.auth_type_list;
- /* set head of list to new auth type */
- crypto_kernel.auth_type_list = new_atype;
- }
-
- /* set fields */
- new_atype->auth_type = new_at;
- new_atype->id = id;
-
- /* load debug module, if there is one present */
- if (new_at->debug != NULL)
- crypto_kernel_load_debug_module(new_at->debug);
- /* we could check for errors here */
-
- return err_status_ok;
-}
-
-err_status_t
-crypto_kernel_load_auth_type(auth_type_t *new_at, auth_type_id_t id) {
- return crypto_kernel_do_load_auth_type(new_at, id, 0);
-}
-
-err_status_t
-crypto_kernel_replace_auth_type(auth_type_t *new_at, auth_type_id_t id) {
- return crypto_kernel_do_load_auth_type(new_at, id, 1);
-}
-
-
-cipher_type_t *
-crypto_kernel_get_cipher_type(cipher_type_id_t id) {
- kernel_cipher_type_t *ctype;
-
- /* walk down list, looking for id */
- ctype = crypto_kernel.cipher_type_list;
- while (ctype != NULL) {
- if (id == ctype->id)
- return ctype->cipher_type;
- ctype = ctype->next;
- }
-
- /* haven't found the right one, indicate failure by returning NULL */
- return NULL;
-}
-
-
-err_status_t
-crypto_kernel_alloc_cipher(cipher_type_id_t id,
- cipher_pointer_t *cp,
- int key_len,
- int tag_len) {
- cipher_type_t *ct;
-
- /*
- * if the crypto_kernel is not yet initialized, we refuse to allocate
- * any ciphers - this is a bit extra-paranoid
- */
- if (crypto_kernel.state != crypto_kernel_state_secure)
- return err_status_init_fail;
-
- ct = crypto_kernel_get_cipher_type(id);
- if (!ct)
- return err_status_fail;
-
- return ((ct)->alloc(cp, key_len, tag_len));
-}
-
-
-
-auth_type_t *
-crypto_kernel_get_auth_type(auth_type_id_t id) {
- kernel_auth_type_t *atype;
-
- /* walk down list, looking for id */
- atype = crypto_kernel.auth_type_list;
- while (atype != NULL) {
- if (id == atype->id)
- return atype->auth_type;
- atype = atype->next;
- }
-
- /* haven't found the right one, indicate failure by returning NULL */
- return NULL;
-}
-
-err_status_t
-crypto_kernel_alloc_auth(auth_type_id_t id,
- auth_pointer_t *ap,
- int key_len,
- int tag_len) {
- auth_type_t *at;
-
- /*
- * if the crypto_kernel is not yet initialized, we refuse to allocate
- * any auth functions - this is a bit extra-paranoid
- */
- if (crypto_kernel.state != crypto_kernel_state_secure)
- return err_status_init_fail;
-
- at = crypto_kernel_get_auth_type(id);
- if (!at)
- return err_status_fail;
-
- return ((at)->alloc(ap, key_len, tag_len));
-}
-
-err_status_t
-crypto_kernel_load_debug_module(debug_module_t *new_dm) {
- kernel_debug_module_t *kdm, *new;
-
- /* defensive coding */
- if (new_dm == NULL)
- return err_status_bad_param;
-
- /* walk down list, checking if this type is in the list already */
- kdm = crypto_kernel.debug_module_list;
- while (kdm != NULL) {
- if (strncmp(new_dm->name, kdm->mod->name, 64) == 0)
- return err_status_bad_param;
- kdm = kdm->next;
- }
-
- /* put new_dm at the head of the list */
- /* allocate memory */
- new = (kernel_debug_module_t *)crypto_alloc(sizeof(kernel_debug_module_t));
- if (new == NULL)
- return err_status_alloc_fail;
-
- /* set fields */
- new->mod = new_dm;
- new->next = crypto_kernel.debug_module_list;
-
- /* set head of list to new cipher type */
- crypto_kernel.debug_module_list = new;
-
- return err_status_ok;
-}
-
-err_status_t
-crypto_kernel_set_debug_module(char *name, int on) {
- kernel_debug_module_t *kdm;
-
- /* walk down list, checking if this type is in the list already */
- kdm = crypto_kernel.debug_module_list;
- while (kdm != NULL) {
- if (strncmp(name, kdm->mod->name, 64) == 0) {
- kdm->mod->on = on;
- return err_status_ok;
- }
- kdm = kdm->next;
- }
-
- return err_status_fail;
-}
-
-err_status_t
-crypto_get_random(unsigned char *buffer, unsigned int length) {
- if (crypto_kernel.state == crypto_kernel_state_secure)
-#ifdef OPENSSL
- return rand_source_get_octet_string(buffer, length);
-#else
- return ctr_prng_get_octet_string(buffer, length);
-#endif
- else
- return err_status_fail;
+ return srtp_err_status_fail;
}
diff --git a/libs/srtp/crypto/kernel/err.c b/libs/srtp/crypto/kernel/err.c
index 4a3a8589e9..9dcecbadd5 100644
--- a/libs/srtp/crypto/kernel/err.c
+++ b/libs/srtp/crypto/kernel/err.c
@@ -7,26 +7,26 @@
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
+ *
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -42,107 +42,65 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include "err.h"
+#include "datatypes.h"
+#include
-#ifdef ERR_REPORTING_SYSLOG
-# ifdef HAVE_SYSLOG_H
-# include
-# endif
-#endif
+/* srtp_err_file is the FILE to which errors are reported */
+static FILE *srtp_err_file = NULL;
-/* err_level reflects the level of errors that are reported */
-
-err_reporting_level_t err_level = err_level_none;
-
-#ifdef SRTP_KERNEL_LINUX
-err_status_t
-err_reporting_init(char *ident) {
-
- return err_status_ok;
-}
-
-#else /* SRTP_KERNEL_LINUX */
-
-/* err_file is the FILE to which errors are reported */
-
-static FILE *err_file = NULL;
-
-err_status_t
-err_reporting_init(char *ident) {
-#ifdef ERR_REPORTING_SYSLOG
- openlog(ident, LOG_PID, LOG_AUTHPRIV);
-#endif
-
- /*
- * Believe it or not, openlog doesn't return an error on failure.
- * But then, neither does the syslog() call...
- */
-
+srtp_err_status_t srtp_err_reporting_init ()
+{
#ifdef ERR_REPORTING_STDOUT
- err_file = stdout;
-#elif defined(USE_ERR_REPORTING_FILE)
- /* open file for error reporting */
- err_file = fopen(ERR_REPORTING_FILE, "w");
- if (err_file == NULL)
- return err_status_init_fail;
-#endif
-
- return err_status_ok;
-}
-
-void
-err_report(int priority, char *format, ...) {
- va_list args;
-
- if (priority <= err_level) {
-
- va_start(args, format);
- if (err_file != NULL) {
- vfprintf(err_file, format, args);
- /* fprintf(err_file, "\n"); */
+ srtp_err_file = stdout;
+#elif defined(ERR_REPORTING_FILE)
+ /* open file for error reporting */
+ srtp_err_file = fopen(ERR_REPORTING_FILE, "w");
+ if (srtp_err_file == NULL) {
+ return srtp_err_status_init_fail;
}
-#ifdef ERR_REPORTING_SYSLOG
- if (1) { /* FIXME: Make this a runtime option. */
- int syslogpri;
-
- switch (priority) {
- case err_level_emergency:
- syslogpri = LOG_EMERG;
- break;
- case err_level_alert:
- syslogpri = LOG_ALERT;
- break;
- case err_level_critical:
- syslogpri = LOG_CRIT;
- break;
- case err_level_error:
- syslogpri = LOG_ERR;
- break;
- case err_level_warning:
- syslogpri = LOG_WARNING;
- break;
- case err_level_notice:
- syslogpri = LOG_NOTICE;
- break;
- case err_level_info:
- syslogpri = LOG_INFO;
- break;
- case err_level_debug:
- case err_level_none:
- default:
- syslogpri = LOG_DEBUG;
- break;
- }
-
- vsyslog(syslogpri, format, args);
#endif
- va_end(args);
- }
-}
-#endif /* SRTP_KERNEL_LINUX */
-void
-err_reporting_set_level(err_reporting_level_t lvl) {
- err_level = lvl;
+ return srtp_err_status_ok;
+}
+
+static srtp_err_report_handler_func_t * srtp_err_report_handler = NULL;
+
+srtp_err_status_t srtp_install_err_report_handler(srtp_err_report_handler_func_t func)
+{
+ srtp_err_report_handler = func;
+ return srtp_err_status_ok;
+}
+
+void srtp_err_report (srtp_err_reporting_level_t level, const char *format, ...)
+{
+ va_list args;
+ if (srtp_err_file != NULL) {
+ va_start(args, format);
+ vfprintf(srtp_err_file, format, args);
+ va_end(args);
+ }
+ if (srtp_err_report_handler != NULL) {
+ va_start(args, format);
+ char msg[512];
+ if (vsnprintf(msg, sizeof(msg), format, args) > 0) {
+ /* strip trailing \n, callback should not have one */
+ size_t l = strlen(msg);
+ if (l && msg[l-1] == '\n') {
+ msg[l-1] = '\0';
+ }
+ srtp_err_report_handler(level, msg);
+ /*
+ * NOTE, need to be carefull, there is a potential that octet_string_set_to_zero() could
+ * call srtp_err_report() in the future, leading to recursion
+ */
+ octet_string_set_to_zero(msg, sizeof(msg));
+ }
+ va_end(args);
+ }
}
diff --git a/libs/srtp/crypto/kernel/key.c b/libs/srtp/crypto/kernel/key.c
index 9f63b22c21..1430f0df67 100644
--- a/libs/srtp/crypto/kernel/key.c
+++ b/libs/srtp/crypto/kernel/key.c
@@ -2,31 +2,31 @@
* key.c
*
* key usage limits enforcement
- *
+ *
* David A. Mcgrew
* Cisco Systems, Inc.
*/
/*
- *
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -42,74 +42,79 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include "key.h"
#define soft_limit 0x10000
-err_status_t
-key_limit_set(key_limit_t key, const xtd_seq_num_t s) {
+srtp_err_status_t srtp_key_limit_set (srtp_key_limit_t key, const srtp_xtd_seq_num_t s)
+{
#ifdef NO_64BIT_MATH
- if (high32(s) == 0 && low32(s) < soft_limit)
- return err_status_bad_param;
+ if (high32(s) == 0 && low32(s) < soft_limit) {
+ return srtp_err_status_bad_param;
+ }
#else
- if (s < soft_limit)
- return err_status_bad_param;
+ if (s < soft_limit) {
+ return srtp_err_status_bad_param;
+ }
#endif
- key->num_left = s;
- key->state = key_state_normal;
- return err_status_ok;
+ key->num_left = s;
+ key->state = srtp_key_state_normal;
+ return srtp_err_status_ok;
}
-err_status_t
-key_limit_clone(key_limit_t original, key_limit_t *new_key) {
- if (original == NULL)
- return err_status_bad_param;
- *new_key = original;
- return err_status_ok;
+srtp_err_status_t srtp_key_limit_clone (srtp_key_limit_t original, srtp_key_limit_t *new_key)
+{
+ if (original == NULL) {
+ return srtp_err_status_bad_param;
+ }
+ *new_key = original;
+ return srtp_err_status_ok;
}
-err_status_t
-key_limit_check(const key_limit_t key) {
- if (key->state == key_state_expired)
- return err_status_key_expired;
- return err_status_ok;
+srtp_err_status_t srtp_key_limit_check (const srtp_key_limit_t key)
+{
+ if (key->state == srtp_key_state_expired) {
+ return srtp_err_status_key_expired;
+ }
+ return srtp_err_status_ok;
}
-key_event_t
-key_limit_update(key_limit_t key) {
+srtp_key_event_t srtp_key_limit_update (srtp_key_limit_t key)
+{
#ifdef NO_64BIT_MATH
- if (low32(key->num_left) == 0)
- {
- // carry
- key->num_left = make64(high32(key->num_left)-1,low32(key->num_left) - 1);
- }
- else
- {
- // no carry
- key->num_left = make64(high32(key->num_left),low32(key->num_left) - 1);
- }
- if (high32(key->num_left) != 0 || low32(key->num_left) >= soft_limit) {
- return key_event_normal; /* we're above the soft limit */
- }
+ if (low32(key->num_left) == 0) {
+ // carry
+ key->num_left = make64(high32(key->num_left) - 1, low32(key->num_left) - 1);
+ }else {
+ // no carry
+ key->num_left = make64(high32(key->num_left), low32(key->num_left) - 1);
+ }
+ if (high32(key->num_left) != 0 || low32(key->num_left) >= soft_limit) {
+ return srtp_key_event_normal; /* we're above the soft limit */
+ }
#else
- key->num_left--;
- if (key->num_left >= soft_limit) {
- return key_event_normal; /* we're above the soft limit */
- }
+ key->num_left--;
+ if (key->num_left >= soft_limit) {
+ return srtp_key_event_normal; /* we're above the soft limit */
+ }
#endif
- if (key->state == key_state_normal) {
- /* we just passed the soft limit, so change the state */
- key->state = key_state_past_soft_limit;
- }
+ if (key->state == srtp_key_state_normal) {
+ /* we just passed the soft limit, so change the state */
+ key->state = srtp_key_state_past_soft_limit;
+ }
#ifdef NO_64BIT_MATH
- if (low32(key->num_left) == 0 && high32(key->num_left == 0))
+ if (low32(key->num_left) == 0 && high32(key->num_left == 0))
#else
- if (key->num_left < 1)
+ if (key->num_left < 1)
#endif
- { /* we just hit the hard limit */
- key->state = key_state_expired;
- return key_event_hard_limit;
- }
- return key_event_soft_limit;
+ { /* we just hit the hard limit */
+ key->state = srtp_key_state_expired;
+ return srtp_key_event_hard_limit;
+ }
+ return srtp_key_event_soft_limit;
}
diff --git a/libs/srtp/crypto/math/datatypes.c b/libs/srtp/crypto/math/datatypes.c
index c329eb122b..bb4b56e307 100644
--- a/libs/srtp/crypto/math/datatypes.c
+++ b/libs/srtp/crypto/math/datatypes.c
@@ -9,7 +9,7 @@
*/
/*
*
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -43,6 +43,14 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
+#ifdef OPENSSL
+#include
+#endif
+
#include "datatypes.h"
int
@@ -98,14 +106,13 @@ octet_get_weight(uint8_t octet) {
char bit_string[MAX_PRINT_STRING_LEN];
uint8_t
-nibble_to_hex_char(uint8_t nibble) {
+srtp_nibble_to_hex_char(uint8_t nibble) {
char buf[16] = {'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
return buf[nibble & 0xF];
}
-char *
-octet_string_hex_string(const void *s, int length) {
+char * srtp_octet_string_hex_string(const void *s, int length) {
const uint8_t *str = (const uint8_t *)s;
int i;
@@ -114,93 +121,23 @@ octet_string_hex_string(const void *s, int length) {
/* truncate string if it would be too long */
if (length > MAX_PRINT_STRING_LEN)
- length = MAX_PRINT_STRING_LEN-1;
+ length = MAX_PRINT_STRING_LEN-2;
for (i=0; i < length; i+=2) {
- bit_string[i] = nibble_to_hex_char(*str >> 4);
- bit_string[i+1] = nibble_to_hex_char(*str++ & 0xF);
+ bit_string[i] = srtp_nibble_to_hex_char(*str >> 4);
+ bit_string[i+1] = srtp_nibble_to_hex_char(*str++ & 0xF);
}
bit_string[i] = 0; /* null terminate string */
return bit_string;
}
-static inline int
-hex_char_to_nibble(uint8_t c) {
- switch(c) {
- case ('0'): return 0x0;
- case ('1'): return 0x1;
- case ('2'): return 0x2;
- case ('3'): return 0x3;
- case ('4'): return 0x4;
- case ('5'): return 0x5;
- case ('6'): return 0x6;
- case ('7'): return 0x7;
- case ('8'): return 0x8;
- case ('9'): return 0x9;
- case ('a'): return 0xa;
- case ('A'): return 0xa;
- case ('b'): return 0xb;
- case ('B'): return 0xb;
- case ('c'): return 0xc;
- case ('C'): return 0xc;
- case ('d'): return 0xd;
- case ('D'): return 0xd;
- case ('e'): return 0xe;
- case ('E'): return 0xe;
- case ('f'): return 0xf;
- case ('F'): return 0xf;
- default: return -1; /* this flags an error */
- }
- /* NOTREACHED */
-#ifndef WIN32
- return -1; /* this keeps compilers from complaining */
-#endif
-}
-
-int
-is_hex_string(char *s) {
- while(*s != 0)
- if (hex_char_to_nibble(*s++) == -1)
- return 0;
- return 1;
-}
-
-/*
- * hex_string_to_octet_string converts a hexadecimal string
- * of length 2 * len to a raw octet string of length len
- */
-
-int
-hex_string_to_octet_string(char *raw, char *hex, int len) {
- uint8_t x;
- int tmp;
- int hex_len;
-
- hex_len = 0;
- while (hex_len < len) {
- tmp = hex_char_to_nibble(hex[0]);
- if (tmp == -1)
- return hex_len;
- x = (uint8_t)(tmp << 4);
- hex_len++;
- tmp = hex_char_to_nibble(hex[1]);
- if (tmp == -1)
- return hex_len;
- x |= (tmp & 0xff);
- hex_len++;
- *raw++ = x;
- hex += 2;
- }
- return hex_len;
-}
-
char *
v128_hex_string(v128_t *x) {
int i, j;
for (i=j=0; i < 16; i++) {
- bit_string[j++] = nibble_to_hex_char(x->v8[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x->v8[i] & 0xF);
+ bit_string[j++] = srtp_nibble_to_hex_char(x->v8[i] >> 4);
+ bit_string[j++] = srtp_nibble_to_hex_char(x->v8[i] & 0xF);
}
bit_string[j] = 0; /* null terminate string */
@@ -427,7 +364,7 @@ bitvector_alloc(bitvector_t *v, unsigned long length) {
if (l == 0)
v->word = NULL;
else {
- v->word = (uint32_t*)crypto_alloc(l);
+ v->word = (uint32_t*)srtp_crypto_alloc(l);
if (v->word == NULL) {
v->word = NULL;
v->length = 0;
@@ -446,7 +383,7 @@ bitvector_alloc(bitvector_t *v, unsigned long length) {
void
bitvector_dealloc(bitvector_t *v) {
if (v->word != NULL)
- crypto_free(v->word);
+ srtp_crypto_free(v->word);
v->word = NULL;
v->length = 0;
}
@@ -507,214 +444,75 @@ bitvector_left_shift(bitvector_t *x, int shift) {
}
-
int
octet_string_is_eq(uint8_t *a, uint8_t *b, int len) {
uint8_t *end = b + len;
+ uint8_t accumulator = 0;
+
+ /*
+ * We use this somewhat obscure implementation to try to ensure the running
+ * time only depends on len, even accounting for compiler optimizations.
+ * The accumulator ends up zero iff the strings are equal.
+ */
while (b < end)
- if (*a++ != *b++)
- return 1;
- return 0;
+ accumulator |= (*a++ ^ *b++);
+
+ /* Return 1 if *not* equal. */
+ return accumulator != 0;
}
void
-octet_string_set_to_zero(uint8_t *s, int len) {
- uint8_t *end = s + len;
-
- do {
- *s = 0;
- } while (++s < end);
-
+srtp_cleanse(void *s, size_t len)
+{
+ volatile unsigned char *p = (volatile unsigned char *)s;
+ while(len--) *p++ = 0;
}
-
-/*
- * From RFC 1521: The Base64 Alphabet
- *
- * Value Encoding Value Encoding Value Encoding Value Encoding
- * 0 A 17 R 34 i 51 z
- * 1 B 18 S 35 j 52 0
- * 2 C 19 T 36 k 53 1
- * 3 D 20 U 37 l 54 2
- * 4 E 21 V 38 m 55 3
- * 5 F 22 W 39 n 56 4
- * 6 G 23 X 40 o 57 5
- * 7 H 24 Y 41 p 58 6
- * 8 I 25 Z 42 q 59 7
- * 9 J 26 a 43 r 60 8
- * 10 K 27 b 44 s 61 9
- * 11 L 28 c 45 t 62 +
- * 12 M 29 d 46 u 63 /
- * 13 N 30 e 47 v
- * 14 O 31 f 48 w (pad) =
- * 15 P 32 g 49 x
- * 16 Q 33 h 50 y
- */
-
-int
-base64_char_to_sextet(uint8_t c) {
- switch(c) {
- case 'A':
- return 0;
- case 'B':
- return 1;
- case 'C':
- return 2;
- case 'D':
- return 3;
- case 'E':
- return 4;
- case 'F':
- return 5;
- case 'G':
- return 6;
- case 'H':
- return 7;
- case 'I':
- return 8;
- case 'J':
- return 9;
- case 'K':
- return 10;
- case 'L':
- return 11;
- case 'M':
- return 12;
- case 'N':
- return 13;
- case 'O':
- return 14;
- case 'P':
- return 15;
- case 'Q':
- return 16;
- case 'R':
- return 17;
- case 'S':
- return 18;
- case 'T':
- return 19;
- case 'U':
- return 20;
- case 'V':
- return 21;
- case 'W':
- return 22;
- case 'X':
- return 23;
- case 'Y':
- return 24;
- case 'Z':
- return 25;
- case 'a':
- return 26;
- case 'b':
- return 27;
- case 'c':
- return 28;
- case 'd':
- return 29;
- case 'e':
- return 30;
- case 'f':
- return 31;
- case 'g':
- return 32;
- case 'h':
- return 33;
- case 'i':
- return 34;
- case 'j':
- return 35;
- case 'k':
- return 36;
- case 'l':
- return 37;
- case 'm':
- return 38;
- case 'n':
- return 39;
- case 'o':
- return 40;
- case 'p':
- return 41;
- case 'q':
- return 42;
- case 'r':
- return 43;
- case 's':
- return 44;
- case 't':
- return 45;
- case 'u':
- return 46;
- case 'v':
- return 47;
- case 'w':
- return 48;
- case 'x':
- return 49;
- case 'y':
- return 50;
- case 'z':
- return 51;
- case '0':
- return 52;
- case '1':
- return 53;
- case '2':
- return 54;
- case '3':
- return 55;
- case '4':
- return 56;
- case '5':
- return 57;
- case '6':
- return 58;
- case '7':
- return 59;
- case '8':
- return 60;
- case '9':
- return 61;
- case '+':
- return 62;
- case '/':
- return 63;
- case '=':
- return 64;
- default:
- break;
- }
- return -1;
+void
+octet_string_set_to_zero(void *s, size_t len)
+{
+#ifdef OPENSSL
+ OPENSSL_cleanse(s, len);
+#else
+ srtp_cleanse(s, len);
+#endif
}
-/*
- * base64_string_to_octet_string converts a hexadecimal string
- * of length 2 * len to a raw octet string of length len
- */
+#ifdef TESTAPP_SOURCE
-int
-base64_string_to_octet_string(char *raw, char *base64, int len) {
- uint8_t x;
- int tmp;
- int base64_len;
+static const char b64chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz0123456789+/";
- base64_len = 0;
- while (base64_len < len) {
- tmp = base64_char_to_sextet(base64[0]);
- if (tmp == -1)
- return base64_len;
- x = (uint8_t)(tmp << 6);
- base64_len++;
- tmp = base64_char_to_sextet(base64[1]);
- if (tmp == -1)
- return base64_len;
- x |= (tmp & 0xffff);
- base64_len++;
- *raw++ = x;
- base64 += 2;
+static int base64_block_to_octet_triple(char *out, char *in) {
+ unsigned char sextets[4] = {0};
+ int j = 0;
+ int i;
+
+ for (i = 0; i < 4; i++) {
+ char *p = strchr(b64chars, in[i]);
+ if (p != NULL) sextets[i] = p - b64chars;
+ else j++;
}
- return base64_len;
+
+ out[0] = (sextets[0]<<2)|(sextets[1]>>4);
+ if (j < 2) out[1] = (sextets[1]<<4)|(sextets[2]>>2);
+ if (j < 1) out[2] = (sextets[2]<<6)|sextets[3];
+ return j;
}
+
+int base64_string_to_octet_string(char *out, int *pad, char *in, int len) {
+ int k = 0;
+ int i = 0;
+ int j = 0;
+ if (len % 4 != 0) return 0;
+
+ while (i < len && j == 0) {
+ j = base64_block_to_octet_triple(out + k, in + i);
+ k += 3;
+ i += 4;
+ }
+ *pad = j;
+ return i;
+}
+
+#endif
diff --git a/libs/srtp/crypto/math/gf2_8.c b/libs/srtp/crypto/math/gf2_8.c
deleted file mode 100644
index f1f45bdd56..0000000000
--- a/libs/srtp/crypto/math/gf2_8.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * gf2_8.c
- *
- * GF(256) finite field implementation, with the representation used
- * in the AES cipher.
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include "datatypes.h"
-#include "gf2_8.h"
-
-/* gf2_8_shift() moved to gf2_8.h as an inline function */
-
-gf2_8
-gf2_8_multiply(gf2_8 x, gf2_8 y) {
- gf2_8 z = 0;
-
- if (y & 1) z ^= x; x = gf2_8_shift(x);
- if (y & 2) z ^= x; x = gf2_8_shift(x);
- if (y & 4) z ^= x; x = gf2_8_shift(x);
- if (y & 8) z ^= x; x = gf2_8_shift(x);
- if (y & 16) z ^= x; x = gf2_8_shift(x);
- if (y & 32) z ^= x; x = gf2_8_shift(x);
- if (y & 64) z ^= x; x = gf2_8_shift(x);
- if (y & 128) z ^= x;
-
- return z;
-}
-
-
-/* this should use the euclidean algorithm */
-
-gf2_8
-gf2_8_compute_inverse(gf2_8 x) {
- unsigned int i;
-
- if (x == 0) return 0; /* zero is a special case */
- for (i=0; i < 256; i++)
- if (gf2_8_multiply((gf2_8) i, x) == 1)
- return (gf2_8) i;
-
- return 0;
-}
-
diff --git a/libs/srtp/crypto/math/math.c b/libs/srtp/crypto/math/math.c
deleted file mode 100644
index 9e3e78ed12..0000000000
--- a/libs/srtp/crypto/math/math.c
+++ /dev/null
@@ -1,802 +0,0 @@
-/*
- * math.c
- *
- * crypto math operations and data types
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include "crypto_math.h"
-
-int
-octet_weight[256] = {
- 0, 1, 1, 2, 1, 2, 2, 3,
- 1, 2, 2, 3, 2, 3, 3, 4,
- 1, 2, 2, 3, 2, 3, 3, 4,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 1, 2, 2, 3, 2, 3, 3, 4,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 1, 2, 2, 3, 2, 3, 3, 4,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 4, 5, 5, 6, 5, 6, 6, 7,
- 1, 2, 2, 3, 2, 3, 3, 4,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 4, 5, 5, 6, 5, 6, 6, 7,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 4, 5, 5, 6, 5, 6, 6, 7,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 4, 5, 5, 6, 5, 6, 6, 7,
- 4, 5, 5, 6, 5, 6, 6, 7,
- 5, 6, 6, 7, 6, 7, 7, 8
-};
-
-int
-low_bit[256] = {
- -1, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 5, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 6, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 5, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 7, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 5, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 6, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 5, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0
-};
-
-
-int
-high_bit[256] = {
- -1, 0, 1, 1, 2, 2, 2, 2,
- 3, 3, 3, 3, 3, 3, 3, 3,
- 4, 4, 4, 4, 4, 4, 4, 4,
- 4, 4, 4, 4, 4, 4, 4, 4,
- 5, 5, 5, 5, 5, 5, 5, 5,
- 5, 5, 5, 5, 5, 5, 5, 5,
- 5, 5, 5, 5, 5, 5, 5, 5,
- 5, 5, 5, 5, 5, 5, 5, 5,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7
-};
-
-int
-octet_get_weight(uint8_t octet) {
- extern int octet_weight[256];
-
- return octet_weight[octet];
-}
-
-unsigned char
-v32_weight(v32_t a) {
- unsigned int wt = 0;
-
- wt += octet_weight[a.v8[0]]; /* note: endian-ness makes no difference */
- wt += octet_weight[a.v8[1]];
- wt += octet_weight[a.v8[2]];
- wt += octet_weight[a.v8[3]];
-
- return wt;
-}
-
-unsigned char
-v32_distance(v32_t x, v32_t y) {
- x.value ^= y.value;
- return v32_weight(x);
-}
-
-unsigned int
-v32_dot_product(v32_t a, v32_t b) {
- a.value &= b.value;
- return v32_weight(a) & 1;
-}
-
-/*
- * _bit_string returns a NULL-terminated character string suitable for
- * printing
- */
-
-#define MAX_STRING_LENGTH 1024
-
-char bit_string[MAX_STRING_LENGTH];
-
-char *
-octet_bit_string(uint8_t x) {
- int mask, index;
-
- for (mask = 1, index = 0; mask < 256; mask <<= 1)
- if ((x & mask) == 0)
- bit_string[index++] = '0';
- else
- bit_string[index++] = '1';
-
- bit_string[index++] = 0; /* NULL terminate string */
-
- return bit_string;
-}
-
-char *
-v16_bit_string(v16_t x) {
- int i, mask, index;
-
- for (i = index = 0; i < 2; i++) {
- for (mask = 1; mask < 256; mask <<= 1)
- if ((x.v8[i] & mask) == 0)
- bit_string[index++] = '0';
- else
- bit_string[index++] = '1';
- }
- bit_string[index++] = 0; /* NULL terminate string */
- return bit_string;
-}
-
-char *
-v32_bit_string(v32_t x) {
- int i, mask, index;
-
- for (i = index = 0; i < 4; i++) {
- for (mask = 128; mask > 0; mask >>= 1)
- if ((x.v8[i] & mask) == 0)
- bit_string[index++] = '0';
- else
- bit_string[index++] = '1';
- }
- bit_string[index++] = 0; /* NULL terminate string */
- return bit_string;
-}
-
-char *
-v64_bit_string(const v64_t *x) {
- int i, mask, index;
-
- for (i = index = 0; i < 8; i++) {
- for (mask = 1; mask < 256; mask <<= 1)
- if ((x->v8[i] & mask) == 0)
- bit_string[index++] = '0';
- else
- bit_string[index++] = '1';
- }
- bit_string[index++] = 0; /* NULL terminate string */
- return bit_string;
-}
-
-char *
-v128_bit_string(v128_t *x) {
- int j, index;
- uint32_t mask;
-
- for (j=index=0; j < 4; j++) {
- for (mask=0x80000000; mask > 0; mask >>= 1) {
- if (x->v32[j] & mask)
- bit_string[index] = '1';
- else
- bit_string[index] = '0';
- ++index;
- }
- }
- bit_string[128] = 0; /* null terminate string */
-
- return bit_string;
-}
-
-uint8_t
-nibble_to_hex_char(uint8_t nibble) {
- char buf[16] = {'0', '1', '2', '3', '4', '5', '6', '7',
- '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
- return buf[nibble & 0xF];
-}
-
-char *
-octet_hex_string(uint8_t x) {
-
- bit_string[0] = nibble_to_hex_char(x >> 4);
- bit_string[1] = nibble_to_hex_char(x & 0xF);
-
- bit_string[2] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-octet_string_hex_string(const void *str, int length) {
- const uint8_t *s = str;
- int i;
-
- /* double length, since one octet takes two hex characters */
- length *= 2;
-
- /* truncate string if it would be too long */
- if (length > MAX_STRING_LENGTH)
- length = MAX_STRING_LENGTH-1;
-
- for (i=0; i < length; i+=2) {
- bit_string[i] = nibble_to_hex_char(*s >> 4);
- bit_string[i+1] = nibble_to_hex_char(*s++ & 0xF);
- }
- bit_string[i] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-v16_hex_string(v16_t x) {
- int i, j;
-
- for (i=j=0; i < 2; i++) {
- bit_string[j++] = nibble_to_hex_char(x.v8[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x.v8[i] & 0xF);
- }
-
- bit_string[j] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-v32_hex_string(v32_t x) {
- int i, j;
-
- for (i=j=0; i < 4; i++) {
- bit_string[j++] = nibble_to_hex_char(x.v8[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x.v8[i] & 0xF);
- }
-
- bit_string[j] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-v64_hex_string(const v64_t *x) {
- int i, j;
-
- for (i=j=0; i < 8; i++) {
- bit_string[j++] = nibble_to_hex_char(x->v8[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x->v8[i] & 0xF);
- }
-
- bit_string[j] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-v128_hex_string(v128_t *x) {
- int i, j;
-
- for (i=j=0; i < 16; i++) {
- bit_string[j++] = nibble_to_hex_char(x->v8[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x->v8[i] & 0xF);
- }
-
- bit_string[j] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-char_to_hex_string(char *x, int num_char) {
- int i, j;
-
- if (num_char >= 16)
- num_char = 16;
- for (i=j=0; i < num_char; i++) {
- bit_string[j++] = nibble_to_hex_char(x[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x[i] & 0xF);
- }
-
- bit_string[j] = 0; /* null terminate string */
- return bit_string;
-}
-
-int
-hex_char_to_nibble(uint8_t c) {
- switch(c) {
- case ('0'): return 0x0;
- case ('1'): return 0x1;
- case ('2'): return 0x2;
- case ('3'): return 0x3;
- case ('4'): return 0x4;
- case ('5'): return 0x5;
- case ('6'): return 0x6;
- case ('7'): return 0x7;
- case ('8'): return 0x8;
- case ('9'): return 0x9;
- case ('a'): return 0xa;
- case ('A'): return 0xa;
- case ('b'): return 0xb;
- case ('B'): return 0xb;
- case ('c'): return 0xc;
- case ('C'): return 0xc;
- case ('d'): return 0xd;
- case ('D'): return 0xd;
- case ('e'): return 0xe;
- case ('E'): return 0xe;
- case ('f'): return 0xf;
- case ('F'): return 0xf;
- default: return -1; /* this flags an error */
- }
- /* NOTREACHED */
- return -1; /* this keeps compilers from complaining */
-}
-
-int
-is_hex_string(char *s) {
- while(*s != 0)
- if (hex_char_to_nibble(*s++) == -1)
- return 0;
- return 1;
-}
-
-uint8_t
-hex_string_to_octet(char *s) {
- uint8_t x;
-
- x = (hex_char_to_nibble(s[0]) << 4)
- | hex_char_to_nibble(s[1] & 0xFF);
-
- return x;
-}
-
-/*
- * hex_string_to_octet_string converts a hexadecimal string
- * of length 2 * len to a raw octet string of length len
- */
-
-int
-hex_string_to_octet_string(char *raw, char *hex, int len) {
- uint8_t x;
- int tmp;
- int hex_len;
-
- hex_len = 0;
- while (hex_len < len) {
- tmp = hex_char_to_nibble(hex[0]);
- if (tmp == -1)
- return hex_len;
- x = (tmp << 4);
- hex_len++;
- tmp = hex_char_to_nibble(hex[1]);
- if (tmp == -1)
- return hex_len;
- x |= (tmp & 0xff);
- hex_len++;
- *raw++ = x;
- hex += 2;
- }
- return hex_len;
-}
-
-v16_t
-hex_string_to_v16(char *s) {
- v16_t x;
- int i, j;
-
- for (i=j=0; i < 4; i += 2, j++) {
- x.v8[j] = (hex_char_to_nibble(s[i]) << 4)
- | hex_char_to_nibble(s[i+1] & 0xFF);
- }
- return x;
-}
-
-v32_t
-hex_string_to_v32(char *s) {
- v32_t x;
- int i, j;
-
- for (i=j=0; i < 8; i += 2, j++) {
- x.v8[j] = (hex_char_to_nibble(s[i]) << 4)
- | hex_char_to_nibble(s[i+1] & 0xFF);
- }
- return x;
-}
-
-v64_t
-hex_string_to_v64(char *s) {
- v64_t x;
- int i, j;
-
- for (i=j=0; i < 16; i += 2, j++) {
- x.v8[j] = (hex_char_to_nibble(s[i]) << 4)
- | hex_char_to_nibble(s[i+1] & 0xFF);
- }
- return x;
-}
-
-v128_t
-hex_string_to_v128(char *s) {
- v128_t x;
- int i, j;
-
- for (i=j=0; i < 32; i += 2, j++) {
- x.v8[j] = (hex_char_to_nibble(s[i]) << 4)
- | hex_char_to_nibble(s[i+1] & 0xFF);
- }
- return x;
-}
-
-
-
-/*
- * the matrix A[] is stored in column format, i.e., A[i] is the ith
- * column of the matrix
- */
-
-uint8_t
-A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b) {
- int index = 0;
- unsigned mask;
-
- for (mask=1; mask < 256; mask *= 2) {
- if (x & mask)
- b^= A[index];
- ++index;
- }
-
- return b;
-}
-
-void
-v16_copy_octet_string(v16_t *x, const uint8_t s[2]) {
- x->v8[0] = s[0];
- x->v8[1] = s[1];
-}
-
-void
-v32_copy_octet_string(v32_t *x, const uint8_t s[4]) {
- x->v8[0] = s[0];
- x->v8[1] = s[1];
- x->v8[2] = s[2];
- x->v8[3] = s[3];
-}
-
-void
-v64_copy_octet_string(v64_t *x, const uint8_t s[8]) {
- x->v8[0] = s[0];
- x->v8[1] = s[1];
- x->v8[2] = s[2];
- x->v8[3] = s[3];
- x->v8[4] = s[4];
- x->v8[5] = s[5];
- x->v8[6] = s[6];
- x->v8[7] = s[7];
-}
-
-void
-v128_copy_octet_string(v128_t *x, const uint8_t s[16]) {
- x->v8[0] = s[0];
- x->v8[1] = s[1];
- x->v8[2] = s[2];
- x->v8[3] = s[3];
- x->v8[4] = s[4];
- x->v8[5] = s[5];
- x->v8[6] = s[6];
- x->v8[7] = s[7];
- x->v8[8] = s[8];
- x->v8[9] = s[9];
- x->v8[10] = s[10];
- x->v8[11] = s[11];
- x->v8[12] = s[12];
- x->v8[13] = s[13];
- x->v8[14] = s[14];
- x->v8[15] = s[15];
-
-}
-
-#ifndef DATATYPES_USE_MACROS /* little functions are not macros */
-
-void
-v128_set_to_zero(v128_t *x) {
- _v128_set_to_zero(x);
-}
-
-void
-v128_copy(v128_t *x, const v128_t *y) {
- _v128_copy(x, y);
-}
-
-void
-v128_xor(v128_t *z, v128_t *x, v128_t *y) {
- _v128_xor(z, x, y);
-}
-
-void
-v128_and(v128_t *z, v128_t *x, v128_t *y) {
- _v128_and(z, x, y);
-}
-
-void
-v128_or(v128_t *z, v128_t *x, v128_t *y) {
- _v128_or(z, x, y);
-}
-
-void
-v128_complement(v128_t *x) {
- _v128_complement(x);
-}
-
-int
-v128_is_eq(const v128_t *x, const v128_t *y) {
- return _v128_is_eq(x, y);
-}
-
-int
-v128_get_bit(const v128_t *x, int i) {
- return _v128_get_bit(x, i);
-}
-
-void
-v128_set_bit(v128_t *x, int i) {
- _v128_set_bit(x, i);
-}
-
-void
-v128_clear_bit(v128_t *x, int i){
- _v128_clear_bit(x, i);
-}
-
-void
-v128_set_bit_to(v128_t *x, int i, int y){
- _v128_set_bit_to(x, i, y);
-}
-
-
-#endif /* DATATYPES_USE_MACROS */
-
-
-static inline void
-v128_left_shift2(v128_t *x, int num_bits) {
- int i;
- int word_shift = num_bits >> 5;
- int bit_shift = num_bits & 31;
-
- for (i=0; i < (4-word_shift); i++) {
- x->v32[i] = x->v32[i+word_shift] << bit_shift;
- }
-
- for ( ; i < word_shift; i++) {
- x->v32[i] = 0;
- }
-
-}
-
-void
-v128_right_shift(v128_t *x, int index) {
- const int base_index = index >> 5;
- const int bit_index = index & 31;
- int i, from;
- uint32_t b;
-
- if (index > 127) {
- v128_set_to_zero(x);
- return;
- }
-
- if (bit_index == 0) {
-
- /* copy each word from left size to right side */
- x->v32[4-1] = x->v32[4-1-base_index];
- for (i=4-1; i > base_index; i--)
- x->v32[i-1] = x->v32[i-1-base_index];
-
- } else {
-
- /* set each word to the "or" of the two bit-shifted words */
- for (i = 4; i > base_index; i--) {
- from = i-1 - base_index;
- b = x->v32[from] << bit_index;
- if (from > 0)
- b |= x->v32[from-1] >> (32-bit_index);
- x->v32[i-1] = b;
- }
-
- }
-
- /* now wrap up the final portion */
- for (i=0; i < base_index; i++)
- x->v32[i] = 0;
-
-}
-
-void
-v128_left_shift(v128_t *x, int index) {
- int i;
- const int base_index = index >> 5;
- const int bit_index = index & 31;
-
- if (index > 127) {
- v128_set_to_zero(x);
- return;
- }
-
- if (bit_index == 0) {
- for (i=0; i < 4 - base_index; i++)
- x->v32[i] = x->v32[i+base_index];
- } else {
- for (i=0; i < 4 - base_index - 1; i++)
- x->v32[i] = (x->v32[i+base_index] << bit_index) ^
- (x->v32[i+base_index+1] >> (32 - bit_index));
- x->v32[4 - base_index-1] = x->v32[4-1] << bit_index;
- }
-
- /* now wrap up the final portion */
- for (i = 4 - base_index; i < 4; i++)
- x->v32[i] = 0;
-
-}
-
-
-#if 0
-void
-v128_add(v128_t *z, v128_t *x, v128_t *y) {
- /* integer addition modulo 2^128 */
-
-#ifdef WORDS_BIGENDIAN
- uint64_t tmp;
-
- tmp = x->v32[3] + y->v32[3];
- z->v32[3] = (uint32_t) tmp;
-
- tmp = x->v32[2] + y->v32[2] + (tmp >> 32);
- z->v32[2] = (uint32_t) tmp;
-
- tmp = x->v32[1] + y->v32[1] + (tmp >> 32);
- z->v32[1] = (uint32_t) tmp;
-
- tmp = x->v32[0] + y->v32[0] + (tmp >> 32);
- z->v32[0] = (uint32_t) tmp;
-
-#else /* assume little endian architecture */
- uint64_t tmp;
-
- tmp = htonl(x->v32[3]) + htonl(y->v32[3]);
- z->v32[3] = ntohl((uint32_t) tmp);
-
- tmp = htonl(x->v32[2]) + htonl(y->v32[2]) + htonl(tmp >> 32);
- z->v32[2] = ntohl((uint32_t) tmp);
-
- tmp = htonl(x->v32[1]) + htonl(y->v32[1]) + htonl(tmp >> 32);
- z->v32[1] = ntohl((uint32_t) tmp);
-
- tmp = htonl(x->v32[0]) + htonl(y->v32[0]) + htonl(tmp >> 32);
- z->v32[0] = ntohl((uint32_t) tmp);
-
-#endif /* WORDS_BIGENDIAN */
-
-}
-#endif
-
-int
-octet_string_is_eq(uint8_t *a, uint8_t *b, int len) {
- uint8_t *end = b + len;
- while (b < end)
- if (*a++ != *b++)
- return 1;
- return 0;
-}
-
-void
-octet_string_set_to_zero(uint8_t *s, int len) {
- uint8_t *end = s + len;
-
- do {
- *s = 0;
- } while (++s < end);
-
-}
-
-
-/* functions below not yet tested! */
-
-int
-v32_low_bit(v32_t *w) {
- int value;
-
- value = low_bit[w->v8[0]];
- if (value != -1)
- return value;
- value = low_bit[w->v8[1]];
- if (value != -1)
- return value + 8;
- value = low_bit[w->v8[2]];
- if (value != -1)
- return value + 16;
- value = low_bit[w->v8[3]];
- if (value == -1)
- return -1;
- return value + 24;
-}
-
-/* high_bit not done yet */
-
-
-
-
-
diff --git a/libs/srtp/crypto/math/stat.c b/libs/srtp/crypto/math/stat.c
index cf928a80f6..0b4aec3764 100644
--- a/libs/srtp/crypto/math/stat.c
+++ b/libs/srtp/crypto/math/stat.c
@@ -1,15 +1,55 @@
/*
* stats.c
*
- * statistical tests for randomness (FIPS 140-2, Section 4.9)
+ * statistical tests
*
* David A. McGrew
* Cisco Systems, Inc.
*/
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include "stat.h"
-debug_module_t mod_stat = {
+srtp_debug_module_t mod_stat = {
0, /* debugging is off by default */
(char *)"stat test" /* printable module name */
};
@@ -21,26 +61,26 @@ debug_module_t mod_stat = {
#define STAT_TEST_DATA_LEN 2500
-err_status_t
+srtp_err_status_t
stat_test_monobit(uint8_t *data) {
uint8_t *data_end = data + STAT_TEST_DATA_LEN;
uint16_t ones_count;
ones_count = 0;
while (data < data_end) {
- ones_count += (uint16_t)octet_get_weight(*data);
+ ones_count += octet_get_weight(*data);
data++;
}
debug_print(mod_stat, "bit count: %d", ones_count);
if ((ones_count < 9725) || (ones_count > 10275))
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
stat_test_poker(uint8_t *data) {
int i;
uint8_t *data_end = data + STAT_TEST_DATA_LEN;
@@ -66,9 +106,9 @@ stat_test_poker(uint8_t *data) {
debug_print(mod_stat, "poker test: %f\n", poker);
if ((poker < 2.16) || (poker > 46.17))
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -76,7 +116,7 @@ stat_test_poker(uint8_t *data) {
* runs[i] holds the number of runs of size (i-1)
*/
-err_status_t
+srtp_err_status_t
stat_test_runs(uint8_t *data) {
uint8_t *data_end = data + STAT_TEST_DATA_LEN;
uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 };
@@ -107,7 +147,7 @@ stat_test_runs(uint8_t *data) {
/* check for long runs */
if (state > 25) {
debug_print(mod_stat, ">25 runs: %d", state);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
} else if (state < 0) {
@@ -115,7 +155,7 @@ stat_test_runs(uint8_t *data) {
/* prefix is a gap */
if (state < -25) {
debug_print(mod_stat, ">25 gaps: %d", state);
- return err_status_algo_fail; /* long-runs test failed */
+ return srtp_err_status_algo_fail; /* long-runs test failed */
}
if (state < -6) {
state = -6; /* group together gaps > 5 */
@@ -135,7 +175,7 @@ stat_test_runs(uint8_t *data) {
/* prefix is a run */
if (state > 25) {
debug_print(mod_stat, ">25 runs (2): %d", state);
- return err_status_algo_fail; /* long-runs test failed */
+ return srtp_err_status_algo_fail; /* long-runs test failed */
}
if (state > 6) {
state = 6; /* group together runs > 5 */
@@ -150,7 +190,7 @@ stat_test_runs(uint8_t *data) {
/* check for long gaps */
if (state < -25) {
debug_print(mod_stat, ">25 gaps (2): %d", state);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
} else {
@@ -177,191 +217,10 @@ stat_test_runs(uint8_t *data) {
for (i=0; i < 6; i++)
if ( (runs[i] < lo_value[i] ) || (runs[i] > hi_value[i])
|| (gaps[i] < lo_value[i] ) || (gaps[i] > hi_value[i]))
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-/*
- * the function stat_test_rand_source applys the FIPS-140-2 statistical
- * tests to the random source defined by rs
- *
- */
-
-#define RAND_SRC_BUF_OCTETS 50 /* this value MUST divide 2500! */
-
-err_status_t
-stat_test_rand_source(rand_source_func_t get_rand_bytes) {
- int i;
- double poker;
- uint8_t *data, *data_end;
- uint16_t f[16] = {
- 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0
- };
- uint8_t buffer[RAND_SRC_BUF_OCTETS];
- err_status_t status;
- int ones_count = 0;
- uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 };
- uint16_t gaps[6] = { 0, 0, 0, 0, 0, 0 };
- uint16_t lo_value[6] = { 2315, 1114, 527, 240, 103, 103 };
- uint16_t hi_value[6] = { 2685, 1386, 723, 384, 209, 209 };
- int state = 0;
- uint16_t mask;
-
- /* counters for monobit, poker, and runs tests are initialized above */
-
- /* main loop: fill buffer, update counters for stat tests */
- for (i=0; i < 2500; i+=RAND_SRC_BUF_OCTETS) {
-
- /* fill data buffer */
- status = get_rand_bytes(buffer, RAND_SRC_BUF_OCTETS);
- if (status) {
- debug_print(mod_stat, "couldn't get rand bytes: %d",status);
- return status;
- }
-
-#if 0
- debug_print(mod_stat, "%s",
- octet_string_hex_string(buffer, RAND_SRC_BUF_OCTETS));
-#endif
-
- data = buffer;
- data_end = data + RAND_SRC_BUF_OCTETS;
- while (data < data_end) {
-
- /* update monobit test counter */
- ones_count += octet_get_weight(*data);
-
- /* update poker test counters */
- f[*data & 0x0f]++; /* increment freq. count for low nibble */
- f[(*data) >> 4]++; /* increment freq. count for high nibble */
-
- /* update runs test counters */
- /* loop over the bits of this byte */
- for (mask = 1; mask < 256; mask <<= 1) {
- if (*data & mask) {
-
- /* next bit is a one */
- if (state > 0) {
-
- /* prefix is a run, so increment the run-count */
- state++;
-
- /* check for long runs */
- if (state > 25) {
- debug_print(mod_stat, ">25 runs (3): %d", state);
- return err_status_algo_fail;
- }
-
- } else if (state < 0) {
-
- /* prefix is a gap */
- if (state < -25) {
- debug_print(mod_stat, ">25 gaps (3): %d", state);
- return err_status_algo_fail; /* long-runs test failed */
- }
- if (state < -6) {
- state = -6; /* group together gaps > 5 */
- }
- gaps[-1-state]++; /* increment gap count */
- state = 1; /* set state at one set bit */
- } else {
-
- /* state is zero; this happens only at initialization */
- state = 1;
- }
- } else {
-
- /* next bit is a zero */
- if (state > 0) {
-
- /* prefix is a run */
- if (state > 25) {
- debug_print(mod_stat, ">25 runs (4): %d", state);
- return err_status_algo_fail; /* long-runs test failed */
- }
- if (state > 6) {
- state = 6; /* group together runs > 5 */
- }
- runs[state-1]++; /* increment run count */
- state = -1; /* set state at one zero bit */
- } else if (state < 0) {
-
- /* prefix is a gap, so increment gap-count (decrement state) */
- state--;
-
- /* check for long gaps */
- if (state < -25) {
- debug_print(mod_stat, ">25 gaps (4): %d", state);
- return err_status_algo_fail;
- }
-
- } else {
-
- /* state is zero; this happens only at initialization */
- state = -1;
- }
- }
- }
-
- /* advance data pointer */
- data++;
- }
- }
-
- /* check to see if test data is within bounds */
-
- /* check monobit test data */
-
- debug_print(mod_stat, "stat: bit count: %d", ones_count);
-
- if ((ones_count < 9725) || (ones_count > 10275)) {
- debug_print(mod_stat, "stat: failed monobit test %d", ones_count);
- return err_status_algo_fail;
- }
-
- /* check poker test data */
- poker = 0.0;
- for (i=0; i < 16; i++)
- poker += (double) f[i] * f[i];
-
- poker *= (16.0 / 5000.0);
- poker -= 5000.0;
-
- debug_print(mod_stat, "stat: poker test: %f", poker);
-
- if ((poker < 2.16) || (poker > 46.17)) {
- debug_print(mod_stat, "stat: failed poker test", NULL);
- return err_status_algo_fail;
- }
-
- /* check run and gap counts against the fixed limits */
- for (i=0; i < 6; i++)
- if ((runs[i] < lo_value[i] ) || (runs[i] > hi_value[i])
- || (gaps[i] < lo_value[i] ) || (gaps[i] > hi_value[i])) {
- debug_print(mod_stat, "stat: failed run/gap test", NULL);
- return err_status_algo_fail;
- }
-
- debug_print(mod_stat, "passed random stat test", NULL);
- return err_status_ok;
-}
-
-err_status_t
-stat_test_rand_source_with_repetition(rand_source_func_t source, unsigned num_trials) {
- unsigned int i;
- err_status_t err = err_status_algo_fail;
-
- for (i=0; i < num_trials; i++) {
- err = stat_test_rand_source(source);
- if (err == err_status_ok) {
- return err_status_ok;
- }
- debug_print(mod_stat, "failed stat test (try number %d)\n", i);
- }
-
- return err;
-}
diff --git a/libs/srtp/crypto/replay/rdb.c b/libs/srtp/crypto/replay/rdb.c
index 5d204ec0e1..3741367f68 100644
--- a/libs/srtp/crypto/replay/rdb.c
+++ b/libs/srtp/crypto/replay/rdb.c
@@ -8,26 +8,26 @@
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -44,94 +44,100 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include "rdb.h"
/*
* this implementation of a replay database works as follows:
- *
+ *
* window_start is the index of the first packet in the window
* bitmask a bit-buffer, containing the most recently entered
- * index as the leftmost bit
+ * index as the leftmost bit
*
*/
-/* rdb_init initalizes rdb */
-
-err_status_t
-rdb_init(rdb_t *rdb) {
- v128_set_to_zero(&rdb->bitmask);
- rdb->window_start = 0;
- return err_status_ok;
+/* srtp_rdb_init initalizes rdb */
+srtp_err_status_t srtp_rdb_init (srtp_rdb_t *rdb)
+{
+ v128_set_to_zero(&rdb->bitmask);
+ rdb->window_start = 0;
+ return srtp_err_status_ok;
}
/*
- * rdb_check checks to see if index appears in rdb
+ * srtp_rdb_check checks to see if index appears in rdb
*/
+srtp_err_status_t srtp_rdb_check (const srtp_rdb_t *rdb, uint32_t p_index)
+{
-err_status_t
-rdb_check(const rdb_t *rdb, uint32_t p_index) {
-
- /* if the index appears after (or at very end of) the window, its good */
- if (p_index >= rdb->window_start + rdb_bits_in_bitmask)
- return err_status_ok;
-
- /* if the index appears before the window, its bad */
- if (p_index < rdb->window_start)
- return err_status_replay_old;
+ /* if the index appears after (or at very end of) the window, its good */
+ if (p_index >= rdb->window_start + rdb_bits_in_bitmask) {
+ return srtp_err_status_ok;
+ }
- /* otherwise, the index appears within the window, so check the bitmask */
- if (v128_get_bit(&rdb->bitmask, (p_index - rdb->window_start)) == 1)
- return err_status_replay_fail;
-
- /* otherwise, the index is okay */
- return err_status_ok;
+ /* if the index appears before the window, its bad */
+ if (p_index < rdb->window_start) {
+ return srtp_err_status_replay_old;
+ }
+
+ /* otherwise, the index appears within the window, so check the bitmask */
+ if (v128_get_bit(&rdb->bitmask, (p_index - rdb->window_start)) == 1) {
+ return srtp_err_status_replay_fail;
+ }
+
+ /* otherwise, the index is okay */
+ return srtp_err_status_ok;
}
/*
- * rdb_add_index adds index to rdb_t (and does *not* check if
+ * srtp_rdb_add_index adds index to srtp_rdb_t (and does *not* check if
* index appears in db)
*
- * this function should be called only after rdb_check has
+ * this function should be called only after srtp_rdb_check has
* indicated that the index does not appear in the rdb, e.g., a mutex
* should protect the rdb between these calls
*/
+srtp_err_status_t srtp_rdb_add_index (srtp_rdb_t *rdb, uint32_t p_index)
+{
+ int delta;
-err_status_t
-rdb_add_index(rdb_t *rdb, uint32_t p_index) {
- int delta;
+ /* here we *assume* that p_index > rdb->window_start */
- /* here we *assume* that p_index > rdb->window_start */
+ delta = (p_index - rdb->window_start);
+ if (delta < rdb_bits_in_bitmask) {
- delta = (p_index - rdb->window_start);
- if (delta < rdb_bits_in_bitmask) {
+ /* if the p_index is within the window, set the appropriate bit */
+ v128_set_bit(&rdb->bitmask, delta);
- /* if the p_index is within the window, set the appropriate bit */
- v128_set_bit(&rdb->bitmask, delta);
+ } else {
- } else {
-
- delta -= rdb_bits_in_bitmask - 1;
+ delta -= rdb_bits_in_bitmask - 1;
- /* shift the window forward by delta bits*/
- v128_left_shift(&rdb->bitmask, delta);
- v128_set_bit(&rdb->bitmask, rdb_bits_in_bitmask-1);
- rdb->window_start += delta;
+ /* shift the window forward by delta bits*/
+ v128_left_shift(&rdb->bitmask, delta);
+ v128_set_bit(&rdb->bitmask, rdb_bits_in_bitmask - 1);
+ rdb->window_start += delta;
- }
+ }
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-rdb_increment(rdb_t *rdb) {
+srtp_err_status_t srtp_rdb_increment (srtp_rdb_t *rdb)
+{
- if (rdb->window_start++ > 0x7fffffff)
- return err_status_key_expired;
- return err_status_ok;
+ if (rdb->window_start >= 0x7fffffff) {
+ return srtp_err_status_key_expired;
+ }
+ ++rdb->window_start;
+ return srtp_err_status_ok;
}
-uint32_t
-rdb_get_value(const rdb_t *rdb) {
- return rdb->window_start;
+uint32_t srtp_rdb_get_value (const srtp_rdb_t *rdb)
+{
+ return rdb->window_start;
}
diff --git a/libs/srtp/crypto/replay/rdbx.c b/libs/srtp/crypto/replay/rdbx.c
index f13e334bf8..63f66ff024 100644
--- a/libs/srtp/crypto/replay/rdbx.c
+++ b/libs/srtp/crypto/replay/rdbx.c
@@ -8,26 +8,26 @@
*/
/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
- *
+ *
* Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
- *
+ *
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
- *
+ *
* Neither the name of the Cisco Systems, Inc. nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
@@ -43,6 +43,10 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include "rdbx.h"
@@ -65,111 +69,109 @@
/*
* rdbx implementation notes
*
- * A xtd_seq_num_t is essentially a sequence number for which some of
+ * A srtp_xtd_seq_num_t is essentially a sequence number for which some of
* the data on the wire are implicit. It logically consists of a
* rollover counter and a sequence number; the sequence number is the
* explicit part, and the rollover counter is the implicit part.
*
* Upon receiving a sequence_number (e.g. in a newly received SRTP
- * packet), the complete xtd_seq_num_t can be estimated by using a
- * local xtd_seq_num_t as a basis. This is done using the function
- * index_guess(&local, &guess, seq_from_packet). This function
+ * packet), the complete srtp_xtd_seq_num_t can be estimated by using a
+ * local srtp_xtd_seq_num_t as a basis. This is done using the function
+ * srtp_index_guess(&local, &guess, seq_from_packet). This function
* returns the difference of the guess and the local value. The local
- * xtd_seq_num_t can be moved forward to the guess using the function
- * index_advance(&guess, delta), where delta is the difference.
- *
+ * srtp_xtd_seq_num_t can be moved forward to the guess using the function
+ * srtp_index_advance(&guess, delta), where delta is the difference.
*
- * A rdbx_t consists of a xtd_seq_num_t and a bitmask. The index is highest
+ *
+ * A srtp_rdbx_t consists of a srtp_xtd_seq_num_t and a bitmask. The index is highest
* sequence number that has been received, and the bitmask indicates
* which of the recent indicies have been received as well. The
* highest bit in the bitmask corresponds to the index in the bitmask.
*/
-void
-index_init(xtd_seq_num_t *pi) {
+void srtp_index_init (srtp_xtd_seq_num_t *pi)
+{
#ifdef NO_64BIT_MATH
- *pi = make64(0,0);
+ *pi = make64(0, 0);
#else
- *pi = 0;
+ *pi = 0;
#endif
}
-void
-index_advance(xtd_seq_num_t *pi, sequence_number_t s) {
+void srtp_index_advance (srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s)
+{
#ifdef NO_64BIT_MATH
- /* a > ~b means a+b will generate a carry */
- /* s is uint16 here */
- *pi = make64(high32(*pi) + (s > ~low32(*pi) ? 1 : 0),low32(*pi) + s);
+ /* a > ~b means a+b will generate a carry */
+ /* s is uint16 here */
+ *pi = make64(high32(*pi) + (s > ~low32(*pi) ? 1 : 0), low32(*pi) + s);
#else
- *pi += s;
+ *pi += s;
#endif
}
/*
- * index_guess(local, guess, s)
- *
- * given a xtd_seq_num_t local (which represents the last
- * known-to-be-good received xtd_seq_num_t) and a sequence number s
+ * srtp_index_guess(local, guess, s)
+ *
+ * given a srtp_xtd_seq_num_t local (which represents the last
+ * known-to-be-good received srtp_xtd_seq_num_t) and a sequence number s
* (from a newly arrived packet), sets the contents of *guess to
* contain the best guess of the packet index to which s corresponds,
* and returns the difference between *guess and *local
*
* nota bene - the output is a signed integer, DON'T cast it to a
- * unsigned integer!
+ * unsigned integer!
*/
-int
-index_guess(const xtd_seq_num_t *local,
- xtd_seq_num_t *guess,
- sequence_number_t s) {
+int32_t srtp_index_guess (const srtp_xtd_seq_num_t *local, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s)
+{
#ifdef NO_64BIT_MATH
- uint32_t local_roc = ((high32(*local) << 16) |
- (low32(*local) >> 16));
- uint16_t local_seq = (uint16_t) (low32(*local));
+ uint32_t local_roc = ((high32(*local) << 16) |
+ (low32(*local) >> 16));
+ uint16_t local_seq = (uint16_t)(low32(*local));
#else
- uint32_t local_roc = (uint32_t)(*local >> 16);
- uint16_t local_seq = (uint16_t) *local;
+ uint32_t local_roc = (uint32_t)(*local >> 16);
+ uint16_t local_seq = (uint16_t)*local;
#endif
#ifdef NO_64BIT_MATH
- uint32_t guess_roc = ((high32(*guess) << 16) |
- (low32(*guess) >> 16));
- uint16_t guess_seq = (uint16_t) (low32(*guess));
+ uint32_t guess_roc = ((high32(*guess) << 16) |
+ (low32(*guess) >> 16));
+ uint16_t guess_seq = (uint16_t)(low32(*guess));
#else
- uint32_t guess_roc = (uint32_t)(*guess >> 16);
- uint16_t guess_seq = (uint16_t) *guess;
+ uint32_t guess_roc = (uint32_t)(*guess >> 16);
+ uint16_t guess_seq = (uint16_t)*guess;
#endif
- int difference;
-
- if (local_seq < seq_num_median) {
- if (s - local_seq > seq_num_median) {
- guess_roc = local_roc - 1;
- difference = s - local_seq - seq_num_max;
+ int32_t difference;
+
+ if (local_seq < seq_num_median) {
+ if (s - local_seq > seq_num_median) {
+ guess_roc = local_roc - 1;
+ difference = s - local_seq - seq_num_max;
+ } else {
+ guess_roc = local_roc;
+ difference = s - local_seq;
+ }
} else {
- guess_roc = local_roc;
- difference = s - local_seq;
+ if (local_seq - seq_num_median > s) {
+ guess_roc = local_roc + 1;
+ difference = s - local_seq + seq_num_max;
+ } else {
+ guess_roc = local_roc;
+ difference = s - local_seq;
+ }
}
- } else {
- if (local_seq - seq_num_median > s) {
- guess_roc = local_roc + 1;
- difference = s - local_seq + seq_num_max;
- } else {
- guess_roc = local_roc;
- difference = s - local_seq;
- }
- }
- guess_seq = s;
-
- /* Note: guess_roc is 32 bits, so this generates a 48-bit result! */
+ guess_seq = s;
+
+ /* Note: guess_roc is 32 bits, so this generates a 48-bit result! */
#ifdef NO_64BIT_MATH
- *guess = make64(guess_roc >> 16,
- (guess_roc << 16) | guess_seq);
+ *guess = make64(guess_roc >> 16,
+ (guess_roc << 16) | guess_seq);
#else
- *guess = (((uint64_t) guess_roc) << 16) | guess_seq;
+ *guess = (((uint64_t)guess_roc) << 16) | guess_seq;
#endif
- return difference;
+ return difference;
}
/*
@@ -179,174 +181,216 @@ index_guess(const xtd_seq_num_t *local,
/*
- * rdbx_init(&r, ws) initializes the rdbx_t pointed to by r with window size ws
+ * srtp_rdbx_init(&r, ws) initializes the srtp_rdbx_t pointed to by r with window size ws
*/
+srtp_err_status_t srtp_rdbx_init (srtp_rdbx_t *rdbx, unsigned long ws)
+{
+ if (ws == 0) {
+ return srtp_err_status_bad_param;
+ }
-err_status_t
-rdbx_init(rdbx_t *rdbx, unsigned long ws) {
- if (ws == 0)
- return err_status_bad_param;
+ if (bitvector_alloc(&rdbx->bitmask, ws) != 0) {
+ return srtp_err_status_alloc_fail;
+ }
- if (bitvector_alloc(&rdbx->bitmask, ws) != 0)
- return err_status_alloc_fail;
+ srtp_index_init(&rdbx->index);
- index_init(&rdbx->index);
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
- * rdbx_dealloc(&r) frees memory for the rdbx_t pointed to by r
+ * srtp_rdbx_dealloc(&r) frees memory for the srtp_rdbx_t pointed to by r
*/
+srtp_err_status_t srtp_rdbx_dealloc (srtp_rdbx_t *rdbx)
+{
+ bitvector_dealloc(&rdbx->bitmask);
-err_status_t
-rdbx_dealloc(rdbx_t *rdbx) {
- bitvector_dealloc(&rdbx->bitmask);
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
- * rdbx_set_roc(rdbx, roc) initalizes the rdbx_t at the location rdbx
+ * srtp_rdbx_set_roc(rdbx, roc) initalizes the srtp_rdbx_t at the location rdbx
* to have the rollover counter value roc. If that value is less than
* the current rollover counter value, then the function returns
- * err_status_replay_old; otherwise, err_status_ok is returned.
- *
+ * srtp_err_status_replay_old; otherwise, srtp_err_status_ok is returned.
+ *
*/
-
-err_status_t
-rdbx_set_roc(rdbx_t *rdbx, uint32_t roc) {
- bitvector_set_to_zero(&rdbx->bitmask);
+srtp_err_status_t srtp_rdbx_set_roc (srtp_rdbx_t *rdbx, uint32_t roc)
+{
+ bitvector_set_to_zero(&rdbx->bitmask);
#ifdef NO_64BIT_MATH
#error not yet implemented
#else
- /* make sure that we're not moving backwards */
- if (roc < (rdbx->index >> 16))
- return err_status_replay_old;
+ /* make sure that we're not moving backwards */
+ if (roc < (rdbx->index >> 16)) {
+ return srtp_err_status_replay_old;
+ }
- rdbx->index &= 0xffff; /* retain lowest 16 bits */
- rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */
+ rdbx->index &= 0xffff; /* retain lowest 16 bits */
+ rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */
#endif
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
- * rdbx_get_packet_index(rdbx) returns the value of the packet index
- * for the rdbx_t pointed to by rdbx
- *
+ * srtp_rdbx_get_packet_index(rdbx) returns the value of the packet index
+ * for the srtp_rdbx_t pointed to by rdbx
+ *
*/
-
-xtd_seq_num_t
-rdbx_get_packet_index(const rdbx_t *rdbx) {
- return rdbx->index;
+srtp_xtd_seq_num_t srtp_rdbx_get_packet_index (const srtp_rdbx_t *rdbx)
+{
+ return rdbx->index;
}
/*
- * rdbx_get_window_size(rdbx) returns the value of the window size
- * for the rdbx_t pointed to by rdbx
- *
+ * srtp_rdbx_get_window_size(rdbx) returns the value of the window size
+ * for the srtp_rdbx_t pointed to by rdbx
+ *
*/
-
-unsigned long
-rdbx_get_window_size(const rdbx_t *rdbx) {
- return bitvector_get_length(&rdbx->bitmask);
+unsigned long srtp_rdbx_get_window_size (const srtp_rdbx_t *rdbx)
+{
+ return bitvector_get_length(&rdbx->bitmask);
}
/*
- * rdbx_check(&r, delta) checks to see if the xtd_seq_num_t
+ * srtp_rdbx_check(&r, delta) checks to see if the srtp_xtd_seq_num_t
* which is at rdbx->index + delta is in the rdb
*/
+srtp_err_status_t srtp_rdbx_check (const srtp_rdbx_t *rdbx, int delta)
+{
-err_status_t
-rdbx_check(const rdbx_t *rdbx, int delta) {
-
- if (delta > 0) { /* if delta is positive, it's good */
- return err_status_ok;
- } else if ((int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta < 0) {
- /* if delta is lower than the bitmask, it's bad */
- return err_status_replay_old;
- } else if (bitvector_get_bit(&rdbx->bitmask,
- (int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta) == 1) {
- /* delta is within the window, so check the bitmask */
- return err_status_replay_fail;
- }
- /* otherwise, the index is okay */
+ if (delta > 0) { /* if delta is positive, it's good */
+ return srtp_err_status_ok;
+ } else if ((int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta < 0) {
+ /* if delta is lower than the bitmask, it's bad */
+ return srtp_err_status_replay_old;
+ } else if (bitvector_get_bit(&rdbx->bitmask,
+ (int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta) == 1) {
+ /* delta is within the window, so check the bitmask */
+ return srtp_err_status_replay_fail;
+ }
+ /* otherwise, the index is okay */
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
- * rdbx_add_index adds the xtd_seq_num_t at rdbx->window_start + d to
- * replay_db (and does *not* check if that xtd_seq_num_t appears in db)
+ * srtp_rdbx_add_index adds the srtp_xtd_seq_num_t at rdbx->window_start + d to
+ * replay_db (and does *not* check if that srtp_xtd_seq_num_t appears in db)
*
* this function should be called only after replay_check has
* indicated that the index does not appear in the rdbx, e.g., a mutex
* should protect the rdbx between these calls if need be
*/
+srtp_err_status_t srtp_rdbx_add_index (srtp_rdbx_t *rdbx, int delta)
+{
-err_status_t
-rdbx_add_index(rdbx_t *rdbx, int delta) {
-
- if (delta > 0) {
- /* shift forward by delta */
- index_advance(&rdbx->index, (sequence_number_t)delta);
- bitvector_left_shift(&rdbx->bitmask, delta);
- bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1);
- } else {
- /* delta is in window */
- bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) -1 + delta);
- }
+ if (delta > 0) {
+ /* shift forward by delta */
+ srtp_index_advance(&rdbx->index, delta);
+ bitvector_left_shift(&rdbx->bitmask, delta);
+ bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1);
+ } else {
+ /* delta is in window */
+ bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1 + delta);
+ }
- /* note that we need not consider the case that delta == 0 */
-
- return err_status_ok;
+ /* note that we need not consider the case that delta == 0 */
+
+ return srtp_err_status_ok;
}
/*
- * rdbx_estimate_index(rdbx, guess, s)
- *
+ * srtp_rdbx_estimate_index(rdbx, guess, s)
+ *
* given an rdbx and a sequence number s (from a newly arrived packet),
* sets the contents of *guess to contain the best guess of the packet
* index to which s corresponds, and returns the difference between
* *guess and the locally stored synch info
*/
+int32_t srtp_rdbx_estimate_index (const srtp_rdbx_t *rdbx, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s)
+{
-int
-rdbx_estimate_index(const rdbx_t *rdbx,
- xtd_seq_num_t *guess,
- sequence_number_t s) {
-
- /*
- * if the sequence number and rollover counter in the rdbx are
- * non-zero, then use the index_guess(...) function, otherwise, just
- * set the rollover counter to zero (since the index_guess(...)
- * function might incorrectly guess that the rollover counter is
- * 0xffffffff)
- */
+ /*
+ * if the sequence number and rollover counter in the rdbx are
+ * non-zero, then use the srtp_index_guess(...) function, otherwise, just
+ * set the rollover counter to zero (since the srtp_index_guess(...)
+ * function might incorrectly guess that the rollover counter is
+ * 0xffffffff)
+ */
#ifdef NO_64BIT_MATH
- /* seq_num_median = 0x8000 */
- if (high32(rdbx->index) > 0 ||
- low32(rdbx->index) > seq_num_median)
+ /* seq_num_median = 0x8000 */
+ if (high32(rdbx->index) > 0 ||
+ low32(rdbx->index) > seq_num_median)
#else
- if (rdbx->index > seq_num_median)
+ if (rdbx->index > seq_num_median)
#endif
- return index_guess(&rdbx->index, guess, s);
-
+ { return srtp_index_guess(&rdbx->index, guess, s); }
+
#ifdef NO_64BIT_MATH
- *guess = make64(0,(uint32_t) s);
-#else
- *guess = s;
+ *guess = make64(0, (uint32_t)s);
+#else
+ *guess = s;
#endif
#ifdef NO_64BIT_MATH
- return s - (uint16_t) low32(rdbx->index);
+ return s - (uint16_t)low32(rdbx->index);
#else
- return s - (uint16_t) rdbx->index;
+ return s - (uint16_t)rdbx->index;
#endif
}
+
+/*
+ * srtp_rdbx_get_roc(rdbx)
+ *
+ * Get the current rollover counter
+ *
+ */
+uint32_t srtp_rdbx_get_roc(const srtp_rdbx_t *rdbx)
+{
+ uint32_t roc;
+
+#ifdef NO_64BIT_MATH
+ roc = ((high32(rdbx->index) << 16) | (low32(rdbx->index) >> 16));
+#else
+ roc = (uint32_t)(rdbx->index >> 16);
+#endif
+
+ return roc;
+}
+
+/*
+ * srtp_rdbx_set_roc_seq(rdbx, roc, seq) initalizes the srtp_rdbx_t at the
+ * location rdbx to have the rollover counter value roc and packet sequence
+ * number seq. If the new rollover counter value is less than the current
+ * rollover counter value, then the function returns
+ * srtp_err_status_replay_old, otherwise, srtp_err_status_ok is returned.
+ */
+srtp_err_status_t srtp_rdbx_set_roc_seq (srtp_rdbx_t *rdbx,
+ uint32_t roc,
+ uint16_t seq)
+{
+#ifdef NO_64BIT_MATH
+ #error not yet implemented
+#else
+
+ /* make sure that we're not moving backwards */
+ if (roc < (rdbx->index >> 16)) {
+ return srtp_err_status_replay_old;
+ }
+
+ rdbx->index = seq;
+ rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */
+#endif
+
+ bitvector_set_to_zero(&rdbx->bitmask);
+
+ return srtp_err_status_ok;
+}
+
diff --git a/libs/srtp/crypto/replay/ut_sim.c b/libs/srtp/crypto/replay/ut_sim.c
index 43c411e46b..b50164ced1 100644
--- a/libs/srtp/crypto/replay/ut_sim.c
+++ b/libs/srtp/crypto/replay/ut_sim.c
@@ -10,7 +10,7 @@
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -45,6 +45,10 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include "ut_sim.h"
diff --git a/libs/srtp/crypto/rng/ctr_prng.c b/libs/srtp/crypto/rng/ctr_prng.c
deleted file mode 100644
index 69a1f37ab5..0000000000
--- a/libs/srtp/crypto/rng/ctr_prng.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * ctr_prng.c
- *
- * counter mode based pseudorandom source
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include "prng.h"
-
-/* single, global prng structure */
-
-ctr_prng_t ctr_prng;
-
-err_status_t
-ctr_prng_init(rand_source_func_t random_source) {
- uint8_t tmp_key[32];
- err_status_t status;
-
- /* initialize output count to zero */
- ctr_prng.octet_count = 0;
-
- /* set random source */
- ctr_prng.rand = random_source;
-
- /* initialize secret key from random source */
- status = random_source(tmp_key, 32);
- if (status)
- return status;
-
- /* initialize aes ctr context with random key */
-#ifdef OPENSSL
- status = aes_icm_openssl_context_init(&ctr_prng.state, tmp_key, 30);
-#else
- status = aes_icm_context_init(&ctr_prng.state, tmp_key, 30);
-#endif
- if (status)
- return status;
-
- return err_status_ok;
-}
-
-err_status_t
-ctr_prng_get_octet_string(void *dest, uint32_t len) {
- err_status_t status;
-
- /*
- * if we need to re-initialize the prng, do so now
- */
- if ((aes_icm_bytes_encrypted(&ctr_prng.state) + len) > 0xffff) {
- status = ctr_prng_init(ctr_prng.rand);
- if (status)
- return status;
- }
- ctr_prng.octet_count += len;
-
- /*
- * write prng output
- */
- status = aes_icm_output(&ctr_prng.state, (uint8_t*)dest, len);
- if (status)
- return status;
-
- return err_status_ok;
-}
-
-err_status_t
-ctr_prng_deinit(void) {
-
- /* nothing */
-
- return err_status_ok;
-}
diff --git a/libs/srtp/crypto/rng/prng.c b/libs/srtp/crypto/rng/prng.c
deleted file mode 100644
index 62b5e11d4e..0000000000
--- a/libs/srtp/crypto/rng/prng.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * prng.c
- *
- * pseudorandom source
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include "prng.h"
-
-/* single, global prng structure */
-
-x917_prng_t x917_prng;
-
-err_status_t
-x917_prng_init(rand_source_func_t random_source) {
- uint8_t tmp_key[16];
- err_status_t status;
-
- /* initialize output count to zero */
- x917_prng.octet_count = 0;
-
- /* set random source */
- x917_prng.rand = random_source;
-
- /* initialize secret key from random source */
- status = random_source(tmp_key, 16);
- if (status)
- return status;
-
- /* expand aes key */
- aes_expand_encryption_key(tmp_key, 16, &x917_prng.key);
-
- /* initialize prng state from random source */
- status = x917_prng.rand((uint8_t *)&x917_prng.state, 16);
- if (status)
- return status;
-
- return err_status_ok;
-}
-
-err_status_t
-x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
- uint32_t t;
- v128_t buffer;
- uint32_t i, tail_len;
- err_status_t status;
-
- /*
- * if we need to re-initialize the prng, do so now
- *
- * avoid overflows by subtracting instead of adding
- */
- if (x917_prng.octet_count > MAX_PRNG_OUT_LEN - len) {
- status = x917_prng_init(x917_prng.rand);
- if (status)
- return status;
- }
- x917_prng.octet_count += len;
-
- /* find out the time */
- t = (uint32_t)time(NULL);
-
- /* loop until we have output enough data */
- for (i=0; i < len/16; i++) {
-
- /* exor time into state */
- x917_prng.state.v32[0] ^= t;
-
- /* copy state into buffer */
- v128_copy(&buffer, &x917_prng.state);
-
- /* apply aes to buffer */
- aes_encrypt(&buffer, &x917_prng.key);
-
- /* write data to output */
- *dest++ = buffer.v8[0];
- *dest++ = buffer.v8[1];
- *dest++ = buffer.v8[2];
- *dest++ = buffer.v8[3];
- *dest++ = buffer.v8[4];
- *dest++ = buffer.v8[5];
- *dest++ = buffer.v8[6];
- *dest++ = buffer.v8[7];
- *dest++ = buffer.v8[8];
- *dest++ = buffer.v8[9];
- *dest++ = buffer.v8[10];
- *dest++ = buffer.v8[11];
- *dest++ = buffer.v8[12];
- *dest++ = buffer.v8[13];
- *dest++ = buffer.v8[14];
- *dest++ = buffer.v8[15];
-
- /* exor time into buffer */
- buffer.v32[0] ^= t;
-
- /* encrypt buffer */
- aes_encrypt(&buffer, &x917_prng.key);
-
- /* copy buffer into state */
- v128_copy(&x917_prng.state, &buffer);
-
- }
-
- /* if we need to output any more octets, we'll do so now */
- tail_len = len % 16;
- if (tail_len) {
-
- /* exor time into state */
- x917_prng.state.v32[0] ^= t;
-
- /* copy value into buffer */
- v128_copy(&buffer, &x917_prng.state);
-
- /* apply aes to buffer */
- aes_encrypt(&buffer, &x917_prng.key);
-
- /* write data to output */
- for (i=0; i < tail_len; i++) {
- *dest++ = buffer.v8[i];
- }
-
- /* now update the state one more time */
-
- /* exor time into buffer */
- buffer.v32[0] ^= t;
-
- /* encrypt buffer */
- aes_encrypt(&buffer, &x917_prng.key);
-
- /* copy buffer into state */
- v128_copy(&x917_prng.state, &buffer);
-
- }
-
- return err_status_ok;
-}
-
-err_status_t
-x917_prng_deinit(void) {
-
- return err_status_ok;
-}
diff --git a/libs/srtp/crypto/rng/rand_linux_kernel.c b/libs/srtp/crypto/rng/rand_linux_kernel.c
deleted file mode 100644
index c51978e5e5..0000000000
--- a/libs/srtp/crypto/rng/rand_linux_kernel.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * rand_linux_kernel.c
- *
- * implements a random source using Linux kernel functions
- *
- * Marcus Sundberg
- * Ingate Systems AB
- */
-/*
- *
- * Copyright(c) 2005 Ingate Systems AB
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the author(s) nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include "config.h"
-#include "rand_source.h"
-
-
-err_status_t
-rand_source_init(void) {
- return err_status_ok;
-}
-
-err_status_t
-rand_source_get_octet_string(void *dest, uint32_t len) {
-
- get_random_bytes(dest, len);
-
- return err_status_ok;
-}
-
-err_status_t
-rand_source_deinit(void) {
- return err_status_ok;
-}
diff --git a/libs/srtp/crypto/rng/rand_source.c b/libs/srtp/crypto/rng/rand_source.c
deleted file mode 100644
index 1eb6fbb09c..0000000000
--- a/libs/srtp/crypto/rng/rand_source.c
+++ /dev/null
@@ -1,158 +0,0 @@
-/*
- * rand_source.c
- *
- * implements a random source based on /dev/random
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include "config.h"
-
-#ifdef DEV_URANDOM
-# include /* for open() */
-# include /* for close() */
-#elif defined(HAVE_RAND_S)
-# define _CRT_RAND_S
-# include
-#else
-# include
-#endif
-
-#include "rand_source.h"
-
-
-/*
- * global dev_rand_fdes is file descriptor for /dev/random
- *
- * This variable is also used to indicate that the random source has
- * been initialized. When this variable is set to the value of the
- * #define RAND_SOURCE_NOT_READY, it indicates that the random source
- * is not ready to be used. The value of the #define
- * RAND_SOURCE_READY is for use whenever that variable is used as an
- * indicator of the state of the random source, but not as a file
- * descriptor.
- */
-
-#define RAND_SOURCE_NOT_READY (-1)
-#define RAND_SOURCE_READY (17)
-
-static int dev_random_fdes = RAND_SOURCE_NOT_READY;
-
-
-err_status_t
-rand_source_init(void) {
- if (dev_random_fdes >= 0) {
- /* already open */
- return err_status_ok;
- }
-#ifdef DEV_URANDOM
- /* open random source for reading */
- dev_random_fdes = open(DEV_URANDOM, O_RDONLY);
- if (dev_random_fdes < 0)
- return err_status_init_fail;
-#elif defined(HAVE_RAND_S)
- dev_random_fdes = RAND_SOURCE_READY;
-#else
- /* no random source available; let the user know */
- fprintf(stderr, "WARNING: no real random source present!\n");
- dev_random_fdes = RAND_SOURCE_READY;
-#endif
- return err_status_ok;
-}
-
-err_status_t
-rand_source_get_octet_string(void *dest, uint32_t len) {
-
- /*
- * read len octets from /dev/random to dest, and
- * check return value to make sure enough octets were
- * written
- */
-#ifdef DEV_URANDOM
- uint8_t *dst = (uint8_t *)dest;
- while (len)
- {
- ssize_t num_read = read(dev_random_fdes, dst, len);
- if (num_read <= 0 || num_read > len)
- return err_status_fail;
- len -= num_read;
- dst += num_read;
- }
-#elif defined(HAVE_RAND_S)
- uint8_t *dst = (uint8_t *)dest;
- while (len)
- {
- unsigned int val;
- errno_t err = rand_s(&val);
-
- if (err != 0)
- return err_status_fail;
-
- *dst++ = val & 0xff;
- len--;
- }
-#else
- /* Generic C-library (rand()) version */
- /* This is a random source of last resort */
- uint8_t *dst = (uint8_t *)dest;
- while (len)
- {
- int val = rand();
- /* rand() returns 0-32767 (ugh) */
- /* Is this a good enough way to get random bytes?
- It is if it passes FIPS-140... */
- *dst++ = val & 0xff;
- len--;
- }
-#endif
- return err_status_ok;
-}
-
-err_status_t
-rand_source_deinit(void) {
- if (dev_random_fdes < 0)
- return err_status_dealloc_fail; /* well, we haven't really failed, *
- * but there is something wrong */
-#ifdef DEV_URANDOM
- close(dev_random_fdes);
-#endif
- dev_random_fdes = RAND_SOURCE_NOT_READY;
-
- return err_status_ok;
-}
diff --git a/libs/srtp/crypto/test/.cvsignore b/libs/srtp/crypto/test/.cvsignore
deleted file mode 100644
index 888bf597e1..0000000000
--- a/libs/srtp/crypto/test/.cvsignore
+++ /dev/null
@@ -1,8 +0,0 @@
-aes_calc
-cipher_driver
-datatypes_driver
-env
-kernel_driver
-rand_gen
-sha1_driver
-stat_driver
diff --git a/libs/srtp/crypto/test/aes_calc.c b/libs/srtp/crypto/test/aes_calc.c
index d1e900876a..08a0541a1b 100644
--- a/libs/srtp/crypto/test/aes_calc.c
+++ b/libs/srtp/crypto/test/aes_calc.c
@@ -7,6 +7,42 @@
* Cisco Systems, Inc.
*/
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
/*
Example usage (with first NIST FIPS 197 test case):
@@ -18,9 +54,14 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include "aes.h"
#include
#include
+#include "util.h"
void
usage(char *prog_name) {
@@ -34,10 +75,10 @@ int
main (int argc, char *argv[]) {
v128_t data;
uint8_t key[AES_MAX_KEY_LEN];
- aes_expanded_key_t exp_key;
+ srtp_aes_expanded_key_t exp_key;
int key_len, len;
int verbose = 0;
- err_status_t status;
+ srtp_err_status_t status;
if (argc == 3) {
/* we're not in verbose mode */
@@ -98,14 +139,14 @@ main (int argc, char *argv[]) {
}
/* encrypt plaintext */
- status = aes_expand_encryption_key(key, key_len, &exp_key);
+ status = srtp_aes_expand_encryption_key(key, key_len, &exp_key);
if (status) {
fprintf(stderr,
"error: AES key expansion failed.\n");
exit(1);
}
- aes_encrypt(&data, &exp_key);
+ srtp_aes_encrypt(&data, &exp_key);
/* write ciphertext to output */
if (verbose) {
diff --git a/libs/srtp/crypto/test/auth_driver.c b/libs/srtp/crypto/test/auth_driver.c
deleted file mode 100644
index cd8a75dd09..0000000000
--- a/libs/srtp/crypto/test/auth_driver.c
+++ /dev/null
@@ -1,200 +0,0 @@
-/*
- * auth_driver.c
- *
- * a driver for auth functions
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include /* for printf() */
-#include /* for xalloc() */
-#include /* for getopt() */
-
-#include "auth.h"
-#include "null_auth.h"
-
-#define PRINT_DEBUG_DATA 0
-
-extern auth_type_t tmmhv2;
-
-const uint16_t msg0[9] = {
- 0x6015, 0xf141, 0x5ba1, 0x29a0, 0xf604, 0xd1c, 0x2d9, 0xaa8a, 0x7931
-};
-
-/* key1 is for TAG_WORDS = 2 */
-
-const uint16_t key1[47] = {
- 0xe627, 0x6a01, 0x5ea7, 0xf27a, 0xc536, 0x2192, 0x11be, 0xea35,
- 0xdb9d, 0x63d6, 0xfa8a, 0xfc45, 0xe08b, 0xd216, 0xced2, 0x7853,
- 0x1a82, 0x22f5, 0x90fb, 0x1c29, 0x708e, 0xd06f, 0x82c3, 0xbee6,
- 0x4f21, 0x6f33, 0x65c0, 0xd211, 0xc25e, 0x9138, 0x4fa3, 0x7c1f,
- 0x61ac, 0x3489, 0x2976, 0x8c19, 0x8252, 0xddbf, 0xcad3, 0xc28f,
- 0x68d6, 0x58dd, 0x504f, 0x2bbf, 0x0278, 0x70b7, 0xcfca
-};
-
-double
-auth_bits_per_second(auth_t *h, int msg_len);
-
-
-void
-usage(char *prog_name) {
- printf("usage: %s [ -t | -v ]\n", prog_name);
- exit(255);
-}
-
-#define MAX_MSG_LEN 2048
-
-int
-main (int argc, char *argv[]) {
- auth_t *a = NULL;
- err_status_t status;
- int i;
- int c;
- unsigned do_timing_test = 0;
- unsigned do_validation = 0;
-
- /* process input arguments */
- while (1) {
- c = getopt(argc, argv, "tv");
- if (c == -1)
- break;
- switch (c) {
- case 't':
- do_timing_test = 1;
- break;
- case 'v':
- do_validation = 1;
- break;
- default:
- usage(argv[0]);
- }
- }
-
- printf("auth driver\nDavid A. McGrew\nCisco Systems, Inc.\n");
-
- if (!do_validation && !do_timing_test)
- usage(argv[0]);
-
- if (do_validation) {
- printf("running self-test for %s...", tmmhv2.description);
- status = tmmhv2_add_big_test();
- if (status) {
- printf("tmmhv2_add_big_test failed with error code %d\n", status);
- exit(status);
- }
- status = auth_type_self_test(&tmmhv2);
- if (status) {
- printf("failed with error code %d\n", status);
- exit(status);
- }
- printf("passed\n");
- }
-
- if (do_timing_test) {
-
- /* tmmhv2 timing test */
- status = auth_type_alloc(&tmmhv2, &a, 94, 4);
- if (status) {
- fprintf(stderr, "can't allocate tmmhv2\n");
- exit(status);
- }
- status = auth_init(a, (uint8_t *)key1);
- if (status) {
- printf("error initializaing auth function\n");
- exit(status);
- }
-
- printf("timing %s (tag length %d)\n",
- tmmhv2.description, auth_get_tag_length(a));
- for (i=8; i <= MAX_MSG_LEN; i *= 2)
- printf("msg len: %d\tgigabits per second: %f\n",
- i, auth_bits_per_second(a, i) / 1E9);
-
- status = auth_dealloc(a);
- if (status) {
- printf("error deallocating auth function\n");
- exit(status);
- }
-
- }
-
- return 0;
-}
-
-#define NUM_TRIALS 100000
-
-#include
-
-double
-auth_bits_per_second(auth_t *a, int msg_len_octets) {
- int i;
- clock_t timer;
- uint8_t *result;
- int msg_len = (msg_len_octets + 1)/2;
- uint16_t *msg_string;
-
- /* create random message */
- msg_string = (uint16_t *) crypto_alloc(msg_len_octets);
- if (msg_string == NULL)
- return 0.0; /* indicate failure */
- for (i=0; i < msg_len; i++)
- msg_string[i] = (uint16_t) random();
-
- /* allocate temporary storage for authentication tag */
- result = crypto_alloc(auth_get_tag_length(a));
- if (result == NULL) {
- free(msg_string);
- return 0.0; /* indicate failure */
- }
-
- timer = clock();
- for (i=0; i < NUM_TRIALS; i++) {
- auth_compute(a, (uint8_t *)msg_string, msg_len_octets, (uint8_t *)result);
- }
- timer = clock() - timer;
-
- free(msg_string);
- free(result);
-
- return (double) NUM_TRIALS * 8 * msg_len_octets * CLOCKS_PER_SEC / timer;
-}
-
-
diff --git a/libs/srtp/crypto/test/cipher_driver.c b/libs/srtp/crypto/test/cipher_driver.c
index d015b45523..b63cd5ba0a 100644
--- a/libs/srtp/crypto/test/cipher_driver.c
+++ b/libs/srtp/crypto/test/cipher_driver.c
@@ -9,7 +9,7 @@
/*
*
- * Copyright (c) 2001-2006,2013 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -43,10 +43,14 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include /* for printf() */
#include /* for rand() */
#include /* for memset() */
-#include /* for getopt() */
+#include "getopt_s.h"
#include "cipher.h"
#ifdef OPENSSL
#include "aes_icm_ossl.h"
@@ -54,15 +58,14 @@
#else
#include "aes_icm.h"
#endif
-#include "null_cipher.h"
#define PRINT_DEBUG 0
void
-cipher_driver_test_throughput(cipher_t *c);
+cipher_driver_test_throughput(srtp_cipher_t *c);
-err_status_t
-cipher_driver_self_test(cipher_type_t *ct);
+srtp_err_status_t
+cipher_driver_self_test(srtp_cipher_type_t *ct);
/*
@@ -71,30 +74,30 @@ cipher_driver_self_test(cipher_type_t *ct);
* calls
*/
-err_status_t
-cipher_driver_test_buffering(cipher_t *c);
+srtp_err_status_t
+cipher_driver_test_buffering(srtp_cipher_t *c);
/*
* functions for testing cipher cache thrash
*/
-err_status_t
-cipher_driver_test_array_throughput(cipher_type_t *ct,
+srtp_err_status_t
+cipher_driver_test_array_throughput(srtp_cipher_type_t *ct,
int klen, int num_cipher);
void
-cipher_array_test_throughput(cipher_t *ca[], int num_cipher);
+cipher_array_test_throughput(srtp_cipher_t *ca[], int num_cipher);
uint64_t
-cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
+cipher_array_bits_per_second(srtp_cipher_t *cipher_array[], int num_cipher,
unsigned octets_in_buffer, int num_trials);
-err_status_t
-cipher_array_delete(cipher_t *cipher_array[], int num_cipher);
+srtp_err_status_t
+cipher_array_delete(srtp_cipher_t *cipher_array[], int num_cipher);
-err_status_t
-cipher_array_alloc_init(cipher_t ***cipher_array, int num_ciphers,
- cipher_type_t *ctype, int klen);
+srtp_err_status_t
+cipher_array_alloc_init(srtp_cipher_t ***cipher_array, int num_ciphers,
+ srtp_cipher_type_t *ctype, int klen);
void
usage(char *prog_name) {
@@ -103,7 +106,7 @@ usage(char *prog_name) {
}
void
-check_status(err_status_t s) {
+check_status(srtp_err_status_t s) {
if (s) {
printf("error (code %d)\n", s);
exit(s);
@@ -112,26 +115,24 @@ check_status(err_status_t s) {
}
/*
- * null_cipher, aes_icm, and aes_cbc are the cipher meta-objects
+ * null_cipher and srtp_aes_icm are the cipher meta-objects
* defined in the files in crypto/cipher subdirectory. these are
* declared external so that we can use these cipher types here
*/
-extern cipher_type_t null_cipher;
-extern cipher_type_t aes_icm;
-#ifndef OPENSSL
-extern cipher_type_t aes_cbc;
-#else
-extern cipher_type_t aes_icm_192;
-extern cipher_type_t aes_icm_256;
-extern cipher_type_t aes_gcm_128_openssl;
-extern cipher_type_t aes_gcm_256_openssl;
+extern srtp_cipher_type_t srtp_null_cipher;
+extern srtp_cipher_type_t srtp_aes_icm_128;
+extern srtp_cipher_type_t srtp_aes_icm_256;
+#ifdef OPENSSL
+extern srtp_cipher_type_t srtp_aes_icm_192;
+extern srtp_cipher_type_t srtp_aes_gcm_128_openssl;
+extern srtp_cipher_type_t srtp_aes_gcm_256_openssl;
#endif
int
main(int argc, char *argv[]) {
- cipher_t *c = NULL;
- err_status_t status;
+ srtp_cipher_t *c = NULL;
+ srtp_err_status_t status;
unsigned char test_key[48] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
@@ -147,7 +148,7 @@ main(int argc, char *argv[]) {
/* process input arguments */
while (1) {
- q = getopt(argc, argv, "tva");
+ q = getopt_s(argc, argv, "tva");
if (q == -1)
break;
switch (q) {
@@ -164,7 +165,7 @@ main(int argc, char *argv[]) {
usage(argv[0]);
}
}
-
+
printf("cipher test driver\n"
"David A. McGrew\n"
"Cisco Systems, Inc.\n");
@@ -178,55 +179,44 @@ main(int argc, char *argv[]) {
int num_cipher;
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&null_cipher, 0, num_cipher);
+ cipher_driver_test_array_throughput(&srtp_null_cipher, 0, num_cipher);
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&aes_icm, 30, num_cipher);
-
-#ifndef OPENSSL
- for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&aes_icm, 46, num_cipher);
+ cipher_driver_test_array_throughput(&srtp_aes_icm_128, SRTP_AES_ICM_128_KEY_LEN_WSALT, num_cipher);
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&aes_cbc, 16, num_cipher);
-
- for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&aes_cbc, 32, num_cipher);
-#else
- for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&aes_icm_192, 38, num_cipher);
+ cipher_driver_test_array_throughput(&srtp_aes_icm_256, SRTP_AES_ICM_256_KEY_LEN_WSALT, num_cipher);
+#ifdef OPENSSL
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8)
- cipher_driver_test_array_throughput(&aes_icm_256, 46, num_cipher);
+ cipher_driver_test_array_throughput(&srtp_aes_icm_192, SRTP_AES_ICM_192_KEY_LEN_WSALT, num_cipher);
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) {
- cipher_driver_test_array_throughput(&aes_gcm_128_openssl, AES_128_GCM_KEYSIZE_WSALT, num_cipher);
+ cipher_driver_test_array_throughput(&srtp_aes_gcm_128_openssl, SRTP_AES_GCM_128_KEY_LEN_WSALT, num_cipher);
}
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) {
- cipher_driver_test_array_throughput(&aes_gcm_256_openssl, AES_256_GCM_KEYSIZE_WSALT, num_cipher);
+ cipher_driver_test_array_throughput(&srtp_aes_gcm_256_openssl, SRTP_AES_GCM_256_KEY_LEN_WSALT, num_cipher);
}
#endif
}
if (do_validation) {
- cipher_driver_self_test(&null_cipher);
- cipher_driver_self_test(&aes_icm);
-#ifndef OPENSSL
- cipher_driver_self_test(&aes_cbc);
-#else
- cipher_driver_self_test(&aes_icm_192);
- cipher_driver_self_test(&aes_icm_256);
- cipher_driver_self_test(&aes_gcm_128_openssl);
- cipher_driver_self_test(&aes_gcm_256_openssl);
+ cipher_driver_self_test(&srtp_null_cipher);
+ cipher_driver_self_test(&srtp_aes_icm_128);
+ cipher_driver_self_test(&srtp_aes_icm_256);
+#ifdef OPENSSL
+ cipher_driver_self_test(&srtp_aes_icm_192);
+ cipher_driver_self_test(&srtp_aes_gcm_128_openssl);
+ cipher_driver_self_test(&srtp_aes_gcm_256_openssl);
#endif
}
- /* do timing and/or buffer_test on null_cipher */
- status = cipher_type_alloc(&null_cipher, &c, 0, 0);
+ /* do timing and/or buffer_test on srtp_null_cipher */
+ status = srtp_cipher_type_alloc(&srtp_null_cipher, &c, 0, 0);
check_status(status);
- status = cipher_init(c, NULL);
+ status = srtp_cipher_init(c, NULL);
check_status(status);
if (do_timing_test)
@@ -235,18 +225,18 @@ main(int argc, char *argv[]) {
status = cipher_driver_test_buffering(c);
check_status(status);
}
- status = cipher_dealloc(c);
+ status = srtp_cipher_dealloc(c);
check_status(status);
/* run the throughput test on the aes_icm cipher (128-bit key) */
- status = cipher_type_alloc(&aes_icm, &c, 30, 0);
+ status = srtp_cipher_type_alloc(&srtp_aes_icm_128, &c, SRTP_AES_ICM_128_KEY_LEN_WSALT, 0);
if (status) {
fprintf(stderr, "error: can't allocate cipher\n");
exit(status);
}
- status = cipher_init(c, test_key);
+ status = srtp_cipher_init(c, test_key);
check_status(status);
if (do_timing_test)
@@ -257,21 +247,17 @@ main(int argc, char *argv[]) {
check_status(status);
}
- status = cipher_dealloc(c);
+ status = srtp_cipher_dealloc(c);
check_status(status);
/* repeat the tests with 256-bit keys */
-#ifndef OPENSSL
- status = cipher_type_alloc(&aes_icm, &c, 46, 0);
-#else
- status = cipher_type_alloc(&aes_icm_256, &c, 46, 0);
-#endif
+ status = srtp_cipher_type_alloc(&srtp_aes_icm_256, &c, SRTP_AES_ICM_256_KEY_LEN_WSALT, 0);
if (status) {
fprintf(stderr, "error: can't allocate cipher\n");
exit(status);
}
- status = cipher_init(c, test_key);
+ status = srtp_cipher_init(c, test_key);
check_status(status);
if (do_timing_test)
@@ -282,17 +268,17 @@ main(int argc, char *argv[]) {
check_status(status);
}
- status = cipher_dealloc(c);
+ status = srtp_cipher_dealloc(c);
check_status(status);
#ifdef OPENSSL
/* run the throughput test on the aes_gcm_128_openssl cipher */
- status = cipher_type_alloc(&aes_gcm_128_openssl, &c, AES_128_GCM_KEYSIZE_WSALT, 8);
+ status = srtp_cipher_type_alloc(&srtp_aes_gcm_128_openssl, &c, SRTP_AES_GCM_128_KEY_LEN_WSALT, 8);
if (status) {
fprintf(stderr, "error: can't allocate GCM 128 cipher\n");
exit(status);
}
- status = cipher_init(c, test_key);
+ status = srtp_cipher_init(c, test_key);
check_status(status);
if (do_timing_test) {
cipher_driver_test_throughput(c);
@@ -302,16 +288,16 @@ main(int argc, char *argv[]) {
status = cipher_driver_test_buffering(c);
check_status(status);
}
- status = cipher_dealloc(c);
+ status = srtp_cipher_dealloc(c);
check_status(status);
/* run the throughput test on the aes_gcm_256_openssl cipher */
- status = cipher_type_alloc(&aes_gcm_256_openssl, &c, AES_256_GCM_KEYSIZE_WSALT, 16);
+ status = srtp_cipher_type_alloc(&srtp_aes_gcm_256_openssl, &c, SRTP_AES_GCM_256_KEY_LEN_WSALT, 16);
if (status) {
fprintf(stderr, "error: can't allocate GCM 256 cipher\n");
exit(status);
}
- status = cipher_init(c, test_key);
+ status = srtp_cipher_init(c, test_key);
check_status(status);
if (do_timing_test) {
cipher_driver_test_throughput(c);
@@ -321,7 +307,7 @@ main(int argc, char *argv[]) {
status = cipher_driver_test_buffering(c);
check_status(status);
}
- status = cipher_dealloc(c);
+ status = srtp_cipher_dealloc(c);
check_status(status);
#endif
@@ -329,7 +315,7 @@ main(int argc, char *argv[]) {
}
void
-cipher_driver_test_throughput(cipher_t *c) {
+cipher_driver_test_throughput(srtp_cipher_t *c) {
int i;
int min_enc_len = 32;
int max_enc_len = 2048; /* should be a power of two */
@@ -339,23 +325,23 @@ cipher_driver_test_throughput(cipher_t *c) {
fflush(stdout);
for (i=min_enc_len; i <= max_enc_len; i = i * 2)
printf("msg len: %d\tgigabits per second: %f\n",
- i, cipher_bits_per_second(c, i, num_trials) / 1e9);
+ i, srtp_cipher_bits_per_second(c, i, num_trials) / 1e9);
}
-err_status_t
-cipher_driver_self_test(cipher_type_t *ct) {
- err_status_t status;
+srtp_err_status_t
+cipher_driver_self_test(srtp_cipher_type_t *ct) {
+ srtp_err_status_t status;
printf("running cipher self-test for %s...", ct->description);
- status = cipher_type_self_test(ct);
+ status = srtp_cipher_type_self_test(ct);
if (status) {
printf("failed with error code %d\n", status);
exit(status);
}
printf("passed\n");
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -364,16 +350,17 @@ cipher_driver_self_test(cipher_type_t *ct) {
* calls
*/
-err_status_t
-cipher_driver_test_buffering(cipher_t *c) {
+#define INITIAL_BUFLEN 1024
+srtp_err_status_t
+cipher_driver_test_buffering(srtp_cipher_t *c) {
int i, j, num_trials = 1000;
- unsigned len, buflen = 1024;
- uint8_t buffer0[buflen], buffer1[buflen], *current, *end;
+ unsigned len, buflen = INITIAL_BUFLEN;
+ uint8_t buffer0[INITIAL_BUFLEN], buffer1[INITIAL_BUFLEN], *current, *end;
uint8_t idx[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x34
};
- err_status_t status;
+ srtp_err_status_t status;
printf("testing output buffering for cipher %s...",
c->type->description);
@@ -381,21 +368,22 @@ cipher_driver_test_buffering(cipher_t *c) {
for (i=0; i < num_trials; i++) {
/* set buffers to zero */
- for (j=0; j < buflen; j++)
+ for (j=0; j < (int) buflen; j++) {
buffer0[j] = buffer1[j] = 0;
+ }
/* initialize cipher */
- status = cipher_set_iv(c, idx, direction_encrypt);
+ status = srtp_cipher_set_iv(c, (uint8_t*)idx, srtp_direction_encrypt);
if (status)
return status;
/* generate 'reference' value by encrypting all at once */
- status = cipher_encrypt(c, buffer0, &buflen);
+ status = srtp_cipher_encrypt(c, buffer0, &buflen);
if (status)
return status;
/* re-initialize cipher */
- status = cipher_set_iv(c, idx, direction_encrypt);
+ status = srtp_cipher_set_iv(c, (uint8_t*)idx, srtp_direction_encrypt);
if (status)
return status;
@@ -411,7 +399,7 @@ cipher_driver_test_buffering(cipher_t *c) {
if (current + len > end)
len = end - current;
- status = cipher_encrypt(c, current, &len);
+ status = srtp_cipher_encrypt(c, current, &len);
if (status)
return status;
@@ -424,20 +412,21 @@ cipher_driver_test_buffering(cipher_t *c) {
}
/* compare buffers */
- for (j=0; j < buflen; j++)
+ for (j=0; j < (int) buflen; j++) {
if (buffer0[j] != buffer1[j]) {
#if PRINT_DEBUG
printf("test case %d failed at byte %d\n", i, j);
printf("computed: %s\n", octet_string_hex_string(buffer1, buflen));
printf("expected: %s\n", octet_string_hex_string(buffer0, buflen));
#endif
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
+ }
}
printf("passed\n");
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -446,40 +435,40 @@ cipher_driver_test_buffering(cipher_t *c) {
* cache thrash on cipher throughput.
*
* cipher_array_alloc_init(ctype, array, num_ciphers) creates an array
- * of cipher_t of type ctype
+ * of srtp_cipher_t of type ctype
*/
-err_status_t
-cipher_array_alloc_init(cipher_t ***ca, int num_ciphers,
- cipher_type_t *ctype, int klen) {
+srtp_err_status_t
+cipher_array_alloc_init(srtp_cipher_t ***ca, int num_ciphers,
+ srtp_cipher_type_t *ctype, int klen) {
int i, j;
- err_status_t status;
+ srtp_err_status_t status;
uint8_t *key;
- cipher_t **cipher_array;
+ srtp_cipher_t **cipher_array;
/* pad klen allocation, to handle aes_icm reading 16 bytes for the
14-byte salt */
int klen_pad = ((klen + 15) >> 4) << 4;
/* allocate array of pointers to ciphers */
- cipher_array = (cipher_t **) malloc(sizeof(cipher_t *) * num_ciphers);
+ cipher_array = (srtp_cipher_t **) malloc(sizeof(srtp_cipher_t *) * num_ciphers);
if (cipher_array == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
/* set ca to location of cipher_array */
*ca = cipher_array;
/* allocate key */
- key = crypto_alloc(klen_pad);
+ key = srtp_crypto_alloc(klen_pad);
if (key == NULL) {
free(cipher_array);
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
}
/* allocate and initialize an array of ciphers */
for (i=0; i < num_ciphers; i++) {
/* allocate cipher */
- status = cipher_type_alloc(ctype, cipher_array, klen, 16);
+ status = srtp_cipher_type_alloc(ctype, cipher_array, klen, 16);
if (status)
return status;
@@ -488,7 +477,7 @@ cipher_array_alloc_init(cipher_t ***ca, int num_ciphers,
key[j] = (uint8_t) rand();
for (; j < klen_pad; j++)
key[j] = 0;
- status = cipher_init(*cipher_array, key);
+ status = srtp_cipher_init(*cipher_array, key);
if (status)
return status;
@@ -500,22 +489,22 @@ cipher_array_alloc_init(cipher_t ***ca, int num_ciphers,
cipher_array++;
}
- crypto_free(key);
+ srtp_crypto_free(key);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-cipher_array_delete(cipher_t *cipher_array[], int num_cipher) {
+srtp_err_status_t
+cipher_array_delete(srtp_cipher_t *cipher_array[], int num_cipher) {
int i;
for (i=0; i < num_cipher; i++) {
- cipher_dealloc(cipher_array[i]);
+ srtp_cipher_dealloc(cipher_array[i]);
}
free(cipher_array);
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -532,7 +521,7 @@ cipher_array_delete(cipher_t *cipher_array[], int num_cipher) {
*/
uint64_t
-cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
+cipher_array_bits_per_second(srtp_cipher_t *cipher_array[], int num_cipher,
unsigned octets_in_buffer, int num_trials) {
int i;
v128_t nonce;
@@ -541,7 +530,7 @@ cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
int cipher_index = rand() % num_cipher;
/* Over-alloc, for NIST CBC padding */
- enc_buf = crypto_alloc(octets_in_buffer+17);
+ enc_buf = srtp_crypto_alloc(octets_in_buffer+17);
if (enc_buf == NULL)
return 0; /* indicate bad parameters by returning null */
memset(enc_buf, 0, octets_in_buffer);
@@ -550,13 +539,13 @@ cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
v128_set_to_zero(&nonce);
timer = clock();
for(i=0; i < num_trials; i++, nonce.v32[3] = i) {
- /* length parameter to cipher_encrypt is in/out -- out is total, padded
+ /* length parameter to srtp_cipher_encrypt is in/out -- out is total, padded
* length -- so reset it each time. */
unsigned octets_to_encrypt = octets_in_buffer;
/* encrypt buffer with cipher */
- cipher_set_iv(cipher_array[cipher_index], &nonce, direction_encrypt);
- cipher_encrypt(cipher_array[cipher_index], enc_buf, &octets_to_encrypt);
+ srtp_cipher_set_iv(cipher_array[cipher_index], (uint8_t*)&nonce, srtp_direction_encrypt);
+ srtp_cipher_encrypt(cipher_array[cipher_index], enc_buf, &octets_to_encrypt);
/* choose a cipher at random from the array*/
cipher_index = (*((uint32_t *)enc_buf)) % num_cipher;
@@ -574,7 +563,7 @@ cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
}
void
-cipher_array_test_throughput(cipher_t *ca[], int num_cipher) {
+cipher_array_test_throughput(srtp_cipher_t *ca[], int num_cipher) {
int i;
int min_enc_len = 16;
int max_enc_len = 2048; /* should be a power of two */
@@ -589,11 +578,11 @@ cipher_array_test_throughput(cipher_t *ca[], int num_cipher) {
}
-err_status_t
-cipher_driver_test_array_throughput(cipher_type_t *ct,
+srtp_err_status_t
+cipher_driver_test_array_throughput(srtp_cipher_type_t *ct,
int klen, int num_cipher) {
- cipher_t **ca = NULL;
- err_status_t status;
+ srtp_cipher_t **ca = NULL;
+ srtp_err_status_t status;
status = cipher_array_alloc_init(&ca, num_cipher, ct, klen);
if (status) {
@@ -606,5 +595,5 @@ cipher_driver_test_array_throughput(cipher_type_t *ct,
cipher_array_delete(ca, num_cipher);
- return err_status_ok;
+ return srtp_err_status_ok;
}
diff --git a/libs/srtp/crypto/test/datatypes_driver.c b/libs/srtp/crypto/test/datatypes_driver.c
index f1866524c7..d847c2f802 100644
--- a/libs/srtp/crypto/test/datatypes_driver.c
+++ b/libs/srtp/crypto/test/datatypes_driver.c
@@ -9,7 +9,7 @@
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -44,9 +44,14 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include /* for printf() */
#include /* for strlen() */
#include "datatypes.h"
+#include "util.h"
void
byte_order(void);
@@ -205,7 +210,7 @@ test_hex_string_funcs(void) {
void
print_string(char *s) {
- int i;
+ size_t i;
printf("%s\n", s);
printf("strlen(s) = %u\n", (unsigned)strlen(s));
printf("{ ");
@@ -222,7 +227,7 @@ test_bswap(void) {
uint32_t x = 0x11223344;
uint64_t y = 0x1122334455667788LL;
- printf("before: %0x\nafter: %0x\n", x, be32_to_cpu(x));
+ printf("before: %0x\nafter: %0x\n", x, (unsigned int)be32_to_cpu(x));
printf("before: %0llx\nafter: %0llx\n", (unsigned long long)y,
(unsigned long long)be64_to_cpu(y));
diff --git a/libs/srtp/crypto/test/env.c b/libs/srtp/crypto/test/env.c
index 4967ad5050..669e3d66c1 100644
--- a/libs/srtp/crypto/test/env.c
+++ b/libs/srtp/crypto/test/env.c
@@ -8,7 +8,7 @@
*/
/*
*
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
+ * Copyright (c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -49,7 +49,6 @@
int
main(void) {
int err_count = 0;
- char *str;
#ifdef WORDS_BIGENDIAN
printf("CPU set to big-endian\t\t\t(WORDS_BIGENDIAN == 1)\n");
@@ -80,19 +79,6 @@ main(void) {
printf("using stdout for error reporting\t(ERR_REPORTING_STDOUT == 1)\n");
#endif
-#ifndef OPENSSL
-#ifdef DEV_URANDOM
- str = DEV_URANDOM;
-#else
- str = "";
-#endif
- printf("using %s as a random source\t(DEV_URANDOM == %s)\n",
- str, str);
- if (strcmp("", str) == 0) {
- err_count++;
- }
-#endif
-
if (err_count)
printf("warning: configuration is probably in error "
"(found %d problems)\n", err_count);
diff --git a/libs/srtp/crypto/test/kernel_driver.c b/libs/srtp/crypto/test/kernel_driver.c
index 8ef8a5f4b3..92b7240249 100644
--- a/libs/srtp/crypto/test/kernel_driver.c
+++ b/libs/srtp/crypto/test/kernel_driver.c
@@ -8,7 +8,7 @@
*/
/*
*
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
+ * Copyright(c) 2001-2017 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -43,8 +43,12 @@
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include /* for printf() */
-#include /* for getopt() */
+#include "getopt_s.h"
#include "crypto_kernel.h"
void
@@ -55,25 +59,24 @@ usage(char *prog_name) {
int
main (int argc, char *argv[]) {
- extern char *optarg;
int q;
int do_validation = 0;
- err_status_t status;
+ srtp_err_status_t status;
if (argc == 1)
usage(argv[0]);
/* initialize kernel - we need to do this before anything else */
- status = crypto_kernel_init();
+ status = srtp_crypto_kernel_init();
if (status) {
- printf("error: crypto_kernel init failed\n");
+ printf("error: srtp_crypto_kernel init failed\n");
exit(1);
}
- printf("crypto_kernel successfully initalized\n");
+ printf("srtp_crypto_kernel successfully initalized\n");
/* process input arguments */
while (1) {
- q = getopt(argc, argv, "vd:");
+ q = getopt_s(argc, argv, "vd:");
if (q == -1)
break;
switch (q) {
@@ -81,9 +84,9 @@ main (int argc, char *argv[]) {
do_validation = 1;
break;
case 'd':
- status = crypto_kernel_set_debug_module(optarg, 1);
+ status = srtp_crypto_kernel_set_debug_module(optarg_s, 1);
if (status) {
- printf("error: set debug module (%s) failed\n", optarg);
+ printf("error: set debug module (%s) failed\n", optarg_s);
exit(1);
}
break;
@@ -93,21 +96,21 @@ main (int argc, char *argv[]) {
}
if (do_validation) {
- printf("checking crypto_kernel status...\n");
- status = crypto_kernel_status();
+ printf("checking srtp_crypto_kernel status...\n");
+ status = srtp_crypto_kernel_status();
if (status) {
printf("failed\n");
exit(1);
}
- printf("crypto_kernel passed self-tests\n");
+ printf("srtp_crypto_kernel passed self-tests\n");
}
- status = crypto_kernel_shutdown();
+ status = srtp_crypto_kernel_shutdown();
if (status) {
- printf("error: crypto_kernel shutdown failed\n");
+ printf("error: srtp_crypto_kernel shutdown failed\n");
exit(1);
}
- printf("crypto_kernel successfully shut down\n");
+ printf("srtp_crypto_kernel successfully shut down\n");
return 0;
}
@@ -117,10 +120,10 @@ main (int argc, char *argv[]) {
* of the crypto_kernel
*/
-err_status_t
+srtp_err_status_t
crypto_kernel_cipher_test(void) {
/* not implemented yet! */
- return err_status_ok;
+ return srtp_err_status_ok;
}
diff --git a/libs/srtp/crypto/test/rand_gen.c b/libs/srtp/crypto/test/rand_gen.c
deleted file mode 100644
index ccea097f26..0000000000
--- a/libs/srtp/crypto/test/rand_gen.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/*
- * rand_gen.c
- *
- * a random source (random number generator)
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include /* for printf() */
-#include /* for getopt() */
-#include "crypto_kernel.h"
-
-/*
- * MAX_PRINT_STRING_LEN is defined in datatypes.h, and is the length
- * of the largest hexadecimal string that can be generated by the
- * function octet_string_hex_string().
- */
-
-#define BUF_LEN (MAX_PRINT_STRING_LEN/2)
-
-void
-usage(char *prog_name) {
- printf("usage: %s -n [-l][ -d debug_module ]*\n"
- " -n output random bytes, where "
- " is between zero and %d\n"
- " -l list the avaliable debug modules\n"
- " -d turn on debugging module \n",
- prog_name, BUF_LEN);
- exit(255);
-}
-
-int
-main (int argc, char *argv[]) {
- extern char *optarg;
- int q;
- int num_octets = 0;
- unsigned do_list_mods = 0;
- err_status_t status;
-
- if (argc == 1)
- usage(argv[0]);
-
- /* initialize kernel - we need to do this before anything else */
- status = crypto_kernel_init();
- if (status) {
- printf("error: crypto_kernel init failed\n");
- exit(1);
- }
-
- /* process input arguments */
- while (1) {
- q = getopt(argc, argv, "ld:n:");
- if (q == -1)
- break;
- switch (q) {
- case 'd':
- status = crypto_kernel_set_debug_module(optarg, 1);
- if (status) {
- printf("error: set debug module (%s) failed\n", optarg);
- exit(1);
- }
- break;
- case 'l':
- do_list_mods = 1;
- break;
- case 'n':
- num_octets = atoi(optarg);
- if (num_octets < 0 || num_octets > BUF_LEN)
- usage(argv[0]);
- break;
- default:
- usage(argv[0]);
- }
- }
-
- if (do_list_mods) {
- status = crypto_kernel_list_debug_modules();
- if (status) {
- printf("error: list of debug modules failed\n");
- exit(1);
- }
- }
-
- if (num_octets > 0) {
- uint8_t buffer[BUF_LEN];
-
- status = crypto_get_random(buffer, num_octets);
- if (status) {
- printf("error: failure in random source\n");
- } else {
- printf("%s\n", octet_string_hex_string(buffer, num_octets));
- }
- }
-
- status = crypto_kernel_shutdown();
- if (status) {
- printf("error: crypto_kernel shutdown failed\n");
- exit(1);
- }
-
- return 0;
-}
-
diff --git a/libs/srtp/crypto/test/rand_gen_soak.c b/libs/srtp/crypto/test/rand_gen_soak.c
deleted file mode 100644
index 81a640853c..0000000000
--- a/libs/srtp/crypto/test/rand_gen_soak.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Soak test the RNG for exhaustion failures
- */
-#include /* for printf() */
-#include /* for getopt() */
-#include "crypto_kernel.h"
-
-#define BUF_LEN (MAX_PRINT_STRING_LEN/2)
-
-int main(int argc, char *argv[])
-{
- int q;
- extern char *optarg;
- int num_octets = 0;
- err_status_t status;
- uint32_t iterations = 0;
- int print_values = 0;
-
- if (argc == 1) {
- exit(255);
- }
-
- status = crypto_kernel_init();
- if (status) {
- printf("error: crypto_kernel init failed\n");
- exit(1);
- }
-
- while (1) {
- q = getopt(argc, argv, "pvn:");
- if (q == -1) {
- break;
- }
- switch (q) {
- case 'p':
- print_values = 1;
- break;
- case 'n':
- num_octets = atoi(optarg);
- if (num_octets < 0 || num_octets > BUF_LEN) {
- exit(255);
- }
- break;
- case 'v':
- num_octets = 30;
- print_values = 0;
- break;
- default:
- exit(255);
- }
- }
-
- if (num_octets > 0) {
- while (iterations < 300000) {
- uint8_t buffer[BUF_LEN];
-
- status = crypto_get_random(buffer, num_octets);
- if (status) {
- printf("iteration %d error: failure in random source\n", iterations);
- exit(255);
- } else if (print_values) {
- printf("%s\n", octet_string_hex_string(buffer, num_octets));
- }
- iterations++;
- }
- }
-
- status = crypto_kernel_shutdown();
- if (status) {
- printf("error: crypto_kernel shutdown failed\n");
- exit(1);
- }
-
- return 0;
-}
-
diff --git a/libs/srtp/crypto/test/sha1_driver.c b/libs/srtp/crypto/test/sha1_driver.c
index 6036022e93..e22c2b57e5 100644
--- a/libs/srtp/crypto/test/sha1_driver.c
+++ b/libs/srtp/crypto/test/sha1_driver.c
@@ -9,7 +9,7 @@
/*
*
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -43,8 +43,14 @@
*
*/
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
+
#include
+#include
#include "sha1.h"
+#include "util.h"
#define SHA_PASS 0
#define SHA_FAIL 1
@@ -62,7 +68,7 @@ typedef struct hash_test_case_t {
hash_test_case_t *sha1_test_case_list;
-err_status_t
+srtp_err_status_t
hash_test_case_add(hash_test_case_t **list_ptr,
char *hex_data,
unsigned data_len,
@@ -74,15 +80,19 @@ hash_test_case_add(hash_test_case_t **list_ptr,
test_case = malloc(sizeof(hash_test_case_t));
if (test_case == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
tmp_len = hex_string_to_octet_string((char *)test_case->data, hex_data, data_len*2);
- if (tmp_len != data_len*2)
- return err_status_parse_err;
+ if (tmp_len != data_len*2) {
+ free(test_case);
+ return srtp_err_status_parse_err;
+ }
tmp_len = hex_string_to_octet_string((char *)test_case->hash, hex_hash, hash_len*2);
- if (tmp_len != hash_len*2)
- return err_status_parse_err;
+ if (tmp_len != hash_len*2) {
+ free(test_case);
+ return srtp_err_status_parse_err;
+ }
test_case->data_len = data_len;
test_case->hash_len = hash_len;
@@ -91,25 +101,25 @@ hash_test_case_add(hash_test_case_t **list_ptr,
test_case->next_test_case = list_head;
*list_ptr = test_case;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
sha1_test_case_validate(const hash_test_case_t *test_case) {
- sha1_ctx_t ctx;
+ srtp_sha1_ctx_t ctx;
uint32_t hash_value[5];
if (test_case == NULL)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
if (test_case->hash_len != 20)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
if (test_case->data_len > MAX_HASH_DATA_LEN)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
- sha1_init(&ctx);
- sha1_update(&ctx, test_case->data, test_case->data_len);
- sha1_final(&ctx, hash_value);
+ srtp_sha1_init(&ctx);
+ srtp_sha1_update(&ctx, test_case->data, test_case->data_len);
+ srtp_sha1_final(&ctx, hash_value);
if (0 == memcmp(test_case->hash, hash_value, 20)) {
#if VERBOSE
printf("PASSED: reference value: %s\n",
@@ -117,7 +127,7 @@ sha1_test_case_validate(const hash_test_case_t *test_case) {
printf("PASSED: computed value: %s\n",
octet_string_hex_string((const uint8_t *)hash_value, 20));
#endif
- return err_status_ok;
+ return srtp_err_status_ok;
}
printf("reference value: %s\n",
@@ -125,7 +135,7 @@ sha1_test_case_validate(const hash_test_case_t *test_case) {
printf("computed value: %s\n",
octet_string_hex_string((const uint8_t *)hash_value, 20));
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
@@ -135,10 +145,10 @@ struct hex_sha1_test_case_t {
char hex_hash[40];
};
-err_status_t
+srtp_err_status_t
sha1_add_test_cases(void) {
int i;
- err_status_t err;
+ srtp_err_status_t err;
/*
* these test cases are taken from the "SHA-1 Sample Vectors"
@@ -482,10 +492,10 @@ sha1_add_test_cases(void) {
}
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
sha1_dealloc_test_cases(void) {
hash_test_case_t *t, *next;
@@ -496,15 +506,15 @@ sha1_dealloc_test_cases(void) {
sha1_test_case_list = NULL;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
sha1_validate(void) {
hash_test_case_t *test_case;
- err_status_t err;
+ srtp_err_status_t err;
err = sha1_add_test_cases();
if (err) {
@@ -513,7 +523,7 @@ sha1_validate(void) {
}
if (sha1_test_case_list == NULL)
- return err_status_cant_check;
+ return srtp_err_status_cant_check;
test_case = sha1_test_case_list;
while (test_case != NULL) {
@@ -527,14 +537,14 @@ sha1_validate(void) {
sha1_dealloc_test_cases();
- return err_status_ok;
+ return srtp_err_status_ok;
}
int
main (void) {
- err_status_t err;
+ srtp_err_status_t err;
printf("sha1 test driver\n");
diff --git a/libs/srtp/crypto/test/stat_driver.c b/libs/srtp/crypto/test/stat_driver.c
index c53423ff5d..a8939b2830 100644
--- a/libs/srtp/crypto/test/stat_driver.c
+++ b/libs/srtp/crypto/test/stat_driver.c
@@ -7,6 +7,45 @@
* Cisco Systems, Inc.
*/
+/*
+ *
+ * Copyright (c) 2001-2017, Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include
+#endif
#include /* for printf() */
@@ -20,11 +59,11 @@ typedef struct {
void *state;
} random_source_t;
-err_status_t
+srtp_err_status_t
random_source_alloc(void);
void
-err_check(err_status_t s) {
+err_check(srtp_err_status_t s) {
if (s) {
printf("error (code %d)\n", s);
exit(1);
@@ -36,12 +75,13 @@ main (int argc, char *argv[]) {
uint8_t buffer[2532];
unsigned int buf_len = 2500;
int i, j;
- extern cipher_type_t aes_icm;
+ extern srtp_cipher_type_t srtp_aes_icm_128;
+ extern srtp_cipher_type_t srtp_aes_icm_256;
#ifdef OPENSSL
- extern cipher_type_t aes_gcm_128_openssl;
- extern cipher_type_t aes_gcm_256_openssl;
+ extern srtp_cipher_type_t srtp_aes_gcm_128_openssl;
+ extern srtp_cipher_type_t srtp_aes_gcm_256_openssl;
#endif
- cipher_t *c;
+ srtp_cipher_t *c;
uint8_t key[46] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
@@ -77,10 +117,10 @@ main (int argc, char *argv[]) {
/* set buffer to cipher output */
for (i=0; i < 2500; i++)
buffer[i] = 0;
- err_check(cipher_type_alloc(&aes_icm, &c, 30, 0));
- err_check(cipher_init(c, key));
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_type_alloc(&srtp_aes_icm_128, &c, SRTP_AES_ICM_128_KEY_LEN_WSALT, 0));
+ err_check(srtp_cipher_init(c, key));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
/* run tests on cipher outout */
printf("monobit %d\n", stat_test_monobit(buffer));
printf("poker %d\n", stat_test_poker(buffer));
@@ -94,8 +134,8 @@ main (int argc, char *argv[]) {
for (i=0; i < 2500; i++)
buffer[i] = 0;
nonce.v32[3] = i;
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
if (stat_test_runs(buffer)) {
num_fail++;
}
@@ -105,16 +145,16 @@ main (int argc, char *argv[]) {
printf("(nota bene: a small fraction of stat_test failures does not \n"
"indicate that the random source is invalid)\n");
- err_check(cipher_dealloc(c));
+ err_check(srtp_cipher_dealloc(c));
printf("running stat_tests on AES-256-ICM, expecting success\n");
/* set buffer to cipher output */
for (i=0; i < 2500; i++)
buffer[i] = 0;
- err_check(cipher_type_alloc(&aes_icm, &c, 46, 0));
- err_check(cipher_init(c, key));
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_type_alloc(&srtp_aes_icm_256, &c, SRTP_AES_ICM_256_KEY_LEN_WSALT, 0));
+ err_check(srtp_cipher_init(c, key));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
/* run tests on cipher outout */
printf("monobit %d\n", stat_test_monobit(buffer));
printf("poker %d\n", stat_test_poker(buffer));
@@ -128,8 +168,8 @@ main (int argc, char *argv[]) {
for (i=0; i < 2500; i++)
buffer[i] = 0;
nonce.v32[3] = i;
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
if (stat_test_runs(buffer)) {
num_fail++;
}
@@ -142,10 +182,10 @@ main (int argc, char *argv[]) {
for (i=0; i < 2500; i++) {
buffer[i] = 0;
}
- err_check(cipher_type_alloc(&aes_gcm_128_openssl, &c, AES_128_GCM_KEYSIZE_WSALT, 8));
- err_check(cipher_init(c, key));
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_type_alloc(&srtp_aes_gcm_128_openssl, &c, SRTP_AES_GCM_128_KEY_LEN_WSALT, 8));
+ err_check(srtp_cipher_init(c, key));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
/* run tests on cipher outout */
printf("monobit %d\n", stat_test_monobit(buffer));
printf("poker %d\n", stat_test_poker(buffer));
@@ -158,8 +198,8 @@ main (int argc, char *argv[]) {
buffer[i] = 0;
}
nonce.v32[3] = i;
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
buf_len = 2500;
if (stat_test_runs(buffer)) {
num_fail++;
@@ -171,10 +211,10 @@ main (int argc, char *argv[]) {
for (i=0; i < 2500; i++) {
buffer[i] = 0;
}
- err_check(cipher_type_alloc(&aes_gcm_256_openssl, &c, AES_256_GCM_KEYSIZE_WSALT, 16));
- err_check(cipher_init(c, key));
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_type_alloc(&srtp_aes_gcm_256_openssl, &c, SRTP_AES_GCM_256_KEY_LEN_WSALT, 16));
+ err_check(srtp_cipher_init(c, key));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
/* run tests on cipher outout */
printf("monobit %d\n", stat_test_monobit(buffer));
printf("poker %d\n", stat_test_poker(buffer));
@@ -187,8 +227,8 @@ main (int argc, char *argv[]) {
buffer[i] = 0;
}
nonce.v32[3] = i;
- err_check(cipher_set_iv(c, &nonce, direction_encrypt));
- err_check(cipher_encrypt(c, buffer, &buf_len));
+ err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt));
+ err_check(srtp_cipher_encrypt(c, buffer, &buf_len));
buf_len = 2500;
if (stat_test_runs(buffer)) {
num_fail++;
@@ -201,7 +241,7 @@ main (int argc, char *argv[]) {
printf("(nota bene: a small fraction of stat_test failures does not \n"
"indicate that the random source is invalid)\n");
- err_check(cipher_dealloc(c));
+ err_check(srtp_cipher_dealloc(c));
return 0;
}
diff --git a/libs/srtp/doc/Doxyfile b/libs/srtp/doc/Doxyfile
deleted file mode 100644
index c6e6a6d238..0000000000
--- a/libs/srtp/doc/Doxyfile
+++ /dev/null
@@ -1,1042 +0,0 @@
-# Doxyfile 1.3-rc3
-
-# This file describes the settings to be used by the documentation system
-# doxygen (www.doxygen.org) for a project
-#
-# All text after a hash (#) is considered a comment and will be ignored
-# The format is:
-# TAG = value [value, ...]
-# For lists items can also be appended using:
-# TAG += value [value, ...]
-# Values that contain spaces should be placed between quotes (" ")
-
-#---------------------------------------------------------------------------
-# General configuration options
-#---------------------------------------------------------------------------
-
-# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
-# by quotes) that should identify the project.
-
-PROJECT_NAME = libSRTP
-
-# The PROJECT_NUMBER tag can be used to enter a project or revision number.
-# This could be handy for archiving the generated documentation or
-# if some version control system is used.
-
-PROJECT_NUMBER = 1.3.22
-
-# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
-# base path where the generated documentation will be put.
-# If a relative path is entered, it will be relative to the location
-# where doxygen was started. If left blank the current directory will be used.
-
-OUTPUT_DIRECTORY =
-
-# The OUTPUT_LANGUAGE tag is used to specify the language in which all
-# documentation generated by doxygen is written. Doxygen will use this
-# information to generate all constant output in the proper language.
-# The default language is English, other supported languages are:
-# Brazilian, Catalan, Chinese, Chinese-Traditional, Croatian, Czech, Danish, Dutch,
-# Finnish, French, German, Greek, Hungarian, Italian, Japanese, Japanese-en
-# (Japanese with english messages), Korean, Norwegian, Polish, Portuguese,
-# Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish and Ukrainian.
-
-OUTPUT_LANGUAGE = English
-
-# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
-# documentation are documented, even if no documentation was available.
-# Private class members and static file members will be hidden unless
-# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
-
-EXTRACT_ALL = NO
-
-# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
-# will be included in the documentation.
-
-EXTRACT_PRIVATE = NO
-
-# If the EXTRACT_STATIC tag is set to YES all static members of a file
-# will be included in the documentation.
-
-EXTRACT_STATIC = NO
-
-# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
-# defined locally in source files will be included in the documentation.
-# If set to NO only classes defined in header files are included.
-
-EXTRACT_LOCAL_CLASSES = YES
-
-# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
-# undocumented members of documented classes, files or namespaces.
-# If set to NO (the default) these members will be included in the
-# various overviews, but no documentation section is generated.
-# This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_MEMBERS = YES
-
-# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
-# undocumented classes that are normally visible in the class hierarchy.
-# If set to NO (the default) these class will be included in the various
-# overviews. This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_CLASSES = NO
-
-# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
-# friend (class|struct|union) declarations.
-# If set to NO (the default) these declarations will be included in the
-# documentation.
-
-HIDE_FRIEND_COMPOUNDS = NO
-
-# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
-# documentation blocks found inside the body of a function.
-# If set to NO (the default) these blocks will be appended to the
-# function's detailed documentation block.
-
-HIDE_IN_BODY_DOCS = NO
-
-# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
-# include brief member descriptions after the members that are listed in
-# the file and class documentation (similar to JavaDoc).
-# Set to NO to disable this.
-
-BRIEF_MEMBER_DESC = YES
-
-# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
-# the brief description of a member or function before the detailed description.
-# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
-# brief descriptions will be completely suppressed.
-
-REPEAT_BRIEF = NO
-
-# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
-# Doxygen will generate a detailed section even if there is only a brief
-# description.
-
-ALWAYS_DETAILED_SEC = NO
-
-# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show
-# all inherited members of a class in the documentation of that class
-# as if those members were ordinary class members. Constructors,
-# destructors and assignment operators of the base classes will not be
-# shown.
-
-INLINE_INHERITED_MEMB = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
-# path before files name in the file list and in the header files. If set
-# to NO the shortest path that makes the file name unique will be used.
-
-FULL_PATH_NAMES = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
-# can be used to strip a user defined part of the path. Stripping is
-# only done if one of the specified strings matches the left-hand part of
-# the path. It is allowed to use relative paths in the argument list.
-
-STRIP_FROM_PATH =
-
-# The INTERNAL_DOCS tag determines if documentation
-# that is typed after a \internal command is included. If the tag is set
-# to NO (the default) then the documentation will be excluded.
-# Set it to YES to include the internal documentation.
-
-INTERNAL_DOCS = NO
-
-# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
-# file names in lower case letters. If set to YES upper case letters are also
-# allowed. This is useful if you have classes or files whose names only differ
-# in case and if your file system supports case sensitive file names. Windows
-# users are adviced to set this option to NO.
-
-CASE_SENSE_NAMES = YES
-
-# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
-# (but less readable) file names. This can be useful is your file systems
-# doesn't support long names like on DOS, Mac, or CD-ROM.
-
-SHORT_NAMES = NO
-
-# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
-# will show members with their full class and namespace scopes in the
-# documentation. If set to YES the scope will be hidden.
-
-HIDE_SCOPE_NAMES = NO
-
-# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
-# will generate a verbatim copy of the header file for each class for
-# which an include is specified. Set to NO to disable this.
-
-VERBATIM_HEADERS = YES
-
-# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
-# will put list of the files that are included by a file in the documentation
-# of that file.
-
-SHOW_INCLUDE_FILES = NO
-
-# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
-# will interpret the first line (until the first dot) of a JavaDoc-style
-# comment as the brief description. If set to NO, the JavaDoc
-# comments will behave just like the Qt-style comments (thus requiring an
-# explict @brief command for a brief description.
-
-JAVADOC_AUTOBRIEF = NO
-
-# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
-# treat a multi-line C++ special comment block (i.e. a block of //! or ///
-# comments) as a brief description. This used to be the default behaviour.
-# The new default is to treat a multi-line C++ comment block as a detailed
-# description. Set this tag to YES if you prefer the old behaviour instead.
-
-MULTILINE_CPP_IS_BRIEF = NO
-
-# If the DETAILS_AT_TOP tag is set to YES then Doxygen
-# will output the detailed description near the top, like JavaDoc.
-# If set to NO, the detailed description appears after the member
-# documentation.
-
-DETAILS_AT_TOP = NO
-
-# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
-# member inherits the documentation from any documented member that it
-# reimplements.
-
-INHERIT_DOCS = YES
-
-# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
-# is inserted in the documentation for inline members.
-
-INLINE_INFO = YES
-
-# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
-# will sort the (detailed) documentation of file and class members
-# alphabetically by member name. If set to NO the members will appear in
-# declaration order.
-
-SORT_MEMBER_DOCS = YES
-
-# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
-# tag is set to YES, then doxygen will reuse the documentation of the first
-# member in the group (if any) for the other members of the group. By default
-# all members of a group must be documented explicitly.
-
-DISTRIBUTE_GROUP_DOC = NO
-
-# The TAB_SIZE tag can be used to set the number of spaces in a tab.
-# Doxygen uses this value to replace tabs by spaces in code fragments.
-
-TAB_SIZE = 3
-
-# The GENERATE_TODOLIST tag can be used to enable (YES) or
-# disable (NO) the todo list. This list is created by putting \todo
-# commands in the documentation.
-
-GENERATE_TODOLIST = YES
-
-# The GENERATE_TESTLIST tag can be used to enable (YES) or
-# disable (NO) the test list. This list is created by putting \test
-# commands in the documentation.
-
-GENERATE_TESTLIST = YES
-
-# The GENERATE_BUGLIST tag can be used to enable (YES) or
-# disable (NO) the bug list. This list is created by putting \bug
-# commands in the documentation.
-
-GENERATE_BUGLIST = YES
-
-# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
-# disable (NO) the deprecated list. This list is created by putting
-# \deprecated commands in the documentation.
-
-GENERATE_DEPRECATEDLIST= YES
-
-# This tag can be used to specify a number of aliases that acts
-# as commands in the documentation. An alias has the form "name=value".
-# For example adding "sideeffect=\par Side Effects:\n" will allow you to
-# put the command \sideeffect (or @sideeffect) in the documentation, which
-# will result in a user defined paragraph with heading "Side Effects:".
-# You can put \n's in the value part of an alias to insert newlines.
-
-ALIASES =
-
-# The ENABLED_SECTIONS tag can be used to enable conditional
-# documentation sections, marked by \if sectionname ... \endif.
-
-ENABLED_SECTIONS =
-
-# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
-# the initial value of a variable or define consist of for it to appear in
-# the documentation. If the initializer consists of more lines than specified
-# here it will be hidden. Use a value of 0 to hide initializers completely.
-# The appearance of the initializer of individual variables and defines in the
-# documentation can be controlled using \showinitializer or \hideinitializer
-# command in the documentation regardless of this setting.
-
-MAX_INITIALIZER_LINES = 30
-
-# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources
-# only. Doxygen will then generate output that is more tailored for C.
-# For instance some of the names that are used will be different. The list
-# of all members will be omitted, etc.
-
-OPTIMIZE_OUTPUT_FOR_C = YES
-
-# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java sources
-# only. Doxygen will then generate output that is more tailored for Java.
-# For instance namespaces will be presented as packages, qualified scopes
-# will look different, etc.
-
-OPTIMIZE_OUTPUT_JAVA = NO
-
-# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
-# at the bottom of the documentation of classes and structs. If set to YES the
-# list will mention the files that were used to generate the documentation.
-
-SHOW_USED_FILES = YES
-
-#---------------------------------------------------------------------------
-# configuration options related to warning and progress messages
-#---------------------------------------------------------------------------
-
-# The QUIET tag can be used to turn on/off the messages that are generated
-# by doxygen. Possible values are YES and NO. If left blank NO is used.
-
-QUIET = NO
-
-# The WARNINGS tag can be used to turn on/off the warning messages that are
-# generated by doxygen. Possible values are YES and NO. If left blank
-# NO is used.
-
-WARNINGS = YES
-
-# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
-# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
-# automatically be disabled.
-
-WARN_IF_UNDOCUMENTED = YES
-
-# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
-# potential errors in the documentation, such as not documenting some
-# parameters in a documented function, or documenting parameters that
-# don't exist or using markup commands wrongly.
-
-WARN_IF_DOC_ERROR = YES
-
-# The WARN_FORMAT tag determines the format of the warning messages that
-# doxygen can produce. The string should contain the $file, $line, and $text
-# tags, which will be replaced by the file and line number from which the
-# warning originated and the warning text.
-
-WARN_FORMAT = "$file:$line: $text"
-
-# The WARN_LOGFILE tag can be used to specify a file to which warning
-# and error messages should be written. If left blank the output is written
-# to stderr.
-
-WARN_LOGFILE =
-
-#---------------------------------------------------------------------------
-# configuration options related to the input files
-#---------------------------------------------------------------------------
-
-# The INPUT tag can be used to specify the files and/or directories that contain
-# documented source files. You may enter file names like "myfile.cpp" or
-# directories like "/usr/src/myproject". Separate the files or directories
-# with spaces.
-
-INPUT = intro.txt ../include/srtp.h ../crypto/include/crypto_types.h ../crypto/include/err.h ../crypto/include/crypto.h crypto_kernel.txt
-
-# If the value of the INPUT tag contains directories, you can use the
-# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank the following patterns are tested:
-# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx *.hpp
-# *.h++ *.idl *.odl
-
-FILE_PATTERNS =
-
-# The RECURSIVE tag can be used to turn specify whether or not subdirectories
-# should be searched for input files as well. Possible values are YES and NO.
-# If left blank NO is used.
-
-RECURSIVE = NO
-
-# The EXCLUDE tag can be used to specify files and/or directories that should
-# excluded from the INPUT source files. This way you can easily exclude a
-# subdirectory from a directory tree whose root is specified with the INPUT tag.
-
-EXCLUDE =
-
-# The EXCLUDE_SYMLINKS tag can be used select whether or not files or directories
-# that are symbolic links (a Unix filesystem feature) are excluded from the input.
-
-EXCLUDE_SYMLINKS = NO
-
-# If the value of the INPUT tag contains directories, you can use the
-# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
-# certain files from those directories.
-
-EXCLUDE_PATTERNS =
-
-# The EXAMPLE_PATH tag can be used to specify one or more files or
-# directories that contain example code fragments that are included (see
-# the \include command).
-
-EXAMPLE_PATH =
-
-# If the value of the EXAMPLE_PATH tag contains directories, you can use the
-# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank all files are included.
-
-EXAMPLE_PATTERNS =
-
-# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
-# searched for input files to be used with the \include or \dontinclude
-# commands irrespective of the value of the RECURSIVE tag.
-# Possible values are YES and NO. If left blank NO is used.
-
-EXAMPLE_RECURSIVE = NO
-
-# The IMAGE_PATH tag can be used to specify one or more files or
-# directories that contain image that are included in the documentation (see
-# the \image command).
-
-IMAGE_PATH =
-
-# The INPUT_FILTER tag can be used to specify a program that doxygen should
-# invoke to filter for each input file. Doxygen will invoke the filter program
-# by executing (via popen()) the command , where
-# is the value of the INPUT_FILTER tag, and is the name of an
-# input file. Doxygen will then use the output that the filter program writes
-# to standard output.
-
-INPUT_FILTER =
-
-# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
-# INPUT_FILTER) will be used to filter the input files when producing source
-# files to browse (i.e. when SOURCE_BROWSER is set to YES).
-
-FILTER_SOURCE_FILES = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to source browsing
-#---------------------------------------------------------------------------
-
-# If the SOURCE_BROWSER tag is set to YES then a list of source files will
-# be generated. Documented entities will be cross-referenced with these sources.
-
-SOURCE_BROWSER = NO
-
-# Setting the INLINE_SOURCES tag to YES will include the body
-# of functions and classes directly in the documentation.
-
-INLINE_SOURCES = NO
-
-# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
-# doxygen to hide any special comment blocks from generated source code
-# fragments. Normal C and C++ comments will always remain visible.
-
-STRIP_CODE_COMMENTS = YES
-
-# If the REFERENCED_BY_RELATION tag is set to YES (the default)
-# then for each documented function all documented
-# functions referencing it will be listed.
-
-REFERENCED_BY_RELATION = YES
-
-# If the REFERENCES_RELATION tag is set to YES (the default)
-# then for each documented function all documented entities
-# called/used by that function will be listed.
-
-REFERENCES_RELATION = YES
-
-#---------------------------------------------------------------------------
-# configuration options related to the alphabetical class index
-#---------------------------------------------------------------------------
-
-# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
-# of all compounds will be generated. Enable this if the project
-# contains a lot of classes, structs, unions or interfaces.
-
-ALPHABETICAL_INDEX = NO
-
-# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
-# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
-# in which this list will be split (can be a number in the range [1..20])
-
-COLS_IN_ALPHA_INDEX = 5
-
-# In case all classes in a project start with a common prefix, all
-# classes will be put under the same header in the alphabetical index.
-# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
-# should be ignored while generating the index headers.
-
-IGNORE_PREFIX =
-
-#---------------------------------------------------------------------------
-# configuration options related to the HTML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
-# generate HTML output.
-
-GENERATE_HTML = NO
-
-# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `html' will be used as the default path.
-
-HTML_OUTPUT = html
-
-# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
-# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
-# doxygen will generate files with .html extension.
-
-HTML_FILE_EXTENSION = .html
-
-# The HTML_HEADER tag can be used to specify a personal HTML header for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard header.
-
-HTML_HEADER =
-
-# The HTML_FOOTER tag can be used to specify a personal HTML footer for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard footer.
-
-HTML_FOOTER =
-
-# The HTML_STYLESHEET tag can be used to specify a user defined cascading
-# style sheet that is used by each HTML page. It can be used to
-# fine-tune the look of the HTML output. If the tag is left blank doxygen
-# will generate a default style sheet
-
-HTML_STYLESHEET =
-
-# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
-# files or namespaces will be aligned in HTML using tables. If set to
-# NO a bullet list will be used.
-
-HTML_ALIGN_MEMBERS = YES
-
-# If the GENERATE_HTMLHELP tag is set to YES, additional index files
-# will be generated that can be used as input for tools like the
-# Microsoft HTML help workshop to generate a compressed HTML help file (.chm)
-# of the generated HTML documentation.
-
-GENERATE_HTMLHELP = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
-# be used to specify the file name of the resulting .chm file. You
-# can add a path in front of the file if the result should not be
-# written to the html output dir.
-
-CHM_FILE =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
-# be used to specify the location (absolute path including file name) of
-# the HTML help compiler (hhc.exe). If non empty doxygen will try to run
-# the html help compiler on the generated index.hhp.
-
-HHC_LOCATION =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
-# controls if a separate .chi index file is generated (YES) or that
-# it should be included in the master .chm file (NO).
-
-GENERATE_CHI = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
-# controls whether a binary table of contents is generated (YES) or a
-# normal table of contents (NO) in the .chm file.
-
-BINARY_TOC = NO
-
-# The TOC_EXPAND flag can be set to YES to add extra items for group members
-# to the contents of the Html help documentation and to the tree view.
-
-TOC_EXPAND = NO
-
-# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
-# top of each HTML page. The value NO (the default) enables the index and
-# the value YES disables it.
-
-DISABLE_INDEX = NO
-
-# This tag can be used to set the number of enum values (range [1..20])
-# that doxygen will group on one line in the generated HTML documentation.
-
-ENUM_VALUES_PER_LINE = 4
-
-# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
-# generated containing a tree-like index structure (just like the one that
-# is generated for HTML Help). For this to work a browser that supports
-# JavaScript, DHTML, CSS and frames is required (for instance Mozilla,
-# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are
-# probably better off using the HTML help feature.
-
-GENERATE_TREEVIEW = NO
-
-# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
-# used to set the initial width (in pixels) of the frame in which the tree
-# is shown.
-
-TREEVIEW_WIDTH = 250
-
-#---------------------------------------------------------------------------
-# configuration options related to the LaTeX output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
-# generate Latex output.
-
-GENERATE_LATEX = YES
-
-# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `latex' will be used as the default path.
-
-LATEX_OUTPUT = latex
-
-# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
-# invoked. If left blank `latex' will be used as the default command name.
-
-LATEX_CMD_NAME = latex
-
-# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
-# generate index for LaTeX. If left blank `makeindex' will be used as the
-# default command name.
-
-MAKEINDEX_CMD_NAME = makeindex
-
-# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
-# LaTeX documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_LATEX = NO
-
-# The PAPER_TYPE tag can be used to set the paper type that is used
-# by the printer. Possible values are: a4, a4wide, letter, legal and
-# executive. If left blank a4wide will be used.
-
-PAPER_TYPE = letter
-
-# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
-# packages that should be included in the LaTeX output.
-
-EXTRA_PACKAGES =
-
-# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
-# the generated latex document. The header should contain everything until
-# the first chapter. If it is left blank doxygen will generate a
-# standard header. Notice: only use this tag if you know what you are doing!
-
-LATEX_HEADER = header.tex
-
-# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
-# is prepared for conversion to pdf (using ps2pdf). The pdf file will
-# contain links (just like the HTML output) instead of page references
-# This makes the output suitable for online browsing using a pdf viewer.
-
-PDF_HYPERLINKS = YES
-
-# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
-# plain latex in the generated Makefile. Set this option to YES to get a
-# higher quality PDF documentation.
-
-USE_PDFLATEX = YES
-
-# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
-# command to the generated LaTeX files. This will instruct LaTeX to keep
-# running if errors occur, instead of asking the user for help.
-# This option is also used when generating formulas in HTML.
-
-LATEX_BATCHMODE = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the RTF output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
-# The RTF output is optimised for Word 97 and may not look very pretty with
-# other RTF readers or editors.
-
-GENERATE_RTF = NO
-
-# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `rtf' will be used as the default path.
-
-RTF_OUTPUT = rtf
-
-# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
-# RTF documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_RTF = NO
-
-# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
-# will contain hyperlink fields. The RTF file will
-# contain links (just like the HTML output) instead of page references.
-# This makes the output suitable for online browsing using WORD or other
-# programs which support those fields.
-# Note: wordpad (write) and others do not support links.
-
-RTF_HYPERLINKS = NO
-
-# Load stylesheet definitions from file. Syntax is similar to doxygen's
-# config file, i.e. a series of assigments. You only have to provide
-# replacements, missing definitions are set to their default value.
-
-RTF_STYLESHEET_FILE =
-
-# Set optional variables used in the generation of an rtf document.
-# Syntax is similar to doxygen's config file.
-
-RTF_EXTENSIONS_FILE =
-
-#---------------------------------------------------------------------------
-# configuration options related to the man page output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
-# generate man pages
-
-GENERATE_MAN = NO
-
-# The MAN_OUTPUT tag is used to specify where the man pages will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `man' will be used as the default path.
-
-MAN_OUTPUT = man
-
-# The MAN_EXTENSION tag determines the extension that is added to
-# the generated man pages (default is the subroutine's section .3)
-
-MAN_EXTENSION = .3
-
-# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
-# then it will generate one additional man file for each entity
-# documented in the real man page(s). These additional files
-# only source the real man page, but without them the man command
-# would be unable to find the correct page. The default is NO.
-
-MAN_LINKS = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the XML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_XML tag is set to YES Doxygen will
-# generate an XML file that captures the structure of
-# the code including all documentation. Note that this
-# feature is still experimental and incomplete at the
-# moment.
-
-GENERATE_XML = NO
-
-# The XML_SCHEMA tag can be used to specify an XML schema,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-XML_SCHEMA =
-
-# The XML_DTD tag can be used to specify an XML DTD,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-XML_DTD =
-
-#---------------------------------------------------------------------------
-# configuration options for the AutoGen Definitions output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
-# generate an AutoGen Definitions (see autogen.sf.net) file
-# that captures the structure of the code including all
-# documentation. Note that this feature is still experimental
-# and incomplete at the moment.
-
-GENERATE_AUTOGEN_DEF = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the Perl module output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_PERLMOD tag is set to YES Doxygen will
-# generate a Perl module file that captures the structure of
-# the code including all documentation. Note that this
-# feature is still experimental and incomplete at the
-# moment.
-
-GENERATE_PERLMOD = NO
-
-# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
-# the necessary Makefile rules, Perl scripts and LaTeX code to be able
-# to generate PDF and DVI output from the Perl module output.
-
-PERLMOD_LATEX = NO
-
-# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
-# nicely formatted so it can be parsed by a human reader. This is useful
-# if you want to understand what is going on. On the other hand, if this
-# tag is set to NO the size of the Perl module output will be much smaller
-# and Perl will parse it just the same.
-
-PERLMOD_PRETTY = YES
-
-# The names of the make variables in the generated doxyrules.make file
-# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
-# This is useful so different doxyrules.make files included by the same
-# Makefile don't overwrite each other's variables.
-
-PERLMOD_MAKEVAR_PREFIX =
-
-#---------------------------------------------------------------------------
-# Configuration options related to the preprocessor
-#---------------------------------------------------------------------------
-
-# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
-# evaluate all C-preprocessor directives found in the sources and include
-# files.
-
-ENABLE_PREPROCESSING = YES
-
-# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
-# names in the source code. If set to NO (the default) only conditional
-# compilation will be performed. Macro expansion can be done in a controlled
-# way by setting EXPAND_ONLY_PREDEF to YES.
-
-MACRO_EXPANSION = NO
-
-# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
-# then the macro expansion is limited to the macros specified with the
-# PREDEFINED and EXPAND_AS_PREDEFINED tags.
-
-EXPAND_ONLY_PREDEF = NO
-
-# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
-# in the INCLUDE_PATH (see below) will be search if a #include is found.
-
-SEARCH_INCLUDES = YES
-
-# The INCLUDE_PATH tag can be used to specify one or more directories that
-# contain include files that are not input files but should be processed by
-# the preprocessor.
-
-INCLUDE_PATH =
-
-# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
-# patterns (like *.h and *.hpp) to filter out the header-files in the
-# directories. If left blank, the patterns specified with FILE_PATTERNS will
-# be used.
-
-INCLUDE_FILE_PATTERNS =
-
-# The PREDEFINED tag can be used to specify one or more macro names that
-# are defined before the preprocessor is started (similar to the -D option of
-# gcc). The argument of the tag is a list of macros of the form: name
-# or name=definition (no spaces). If the definition and the = are
-# omitted =1 is assumed.
-
-PREDEFINED =
-
-# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
-# this tag can be used to specify a list of macro names that should be expanded.
-# The macro definition that is found in the sources will be used.
-# Use the PREDEFINED tag if you want to use a different macro definition.
-
-EXPAND_AS_DEFINED =
-
-# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
-# doxygen's preprocessor will remove all function-like macros that are alone
-# on a line, have an all uppercase name, and do not end with a semicolon. Such
-# function macros are typically used for boiler-plate code, and will confuse the
-# parser if not removed.
-
-SKIP_FUNCTION_MACROS = YES
-
-#---------------------------------------------------------------------------
-# Configuration::addtions related to external references
-#---------------------------------------------------------------------------
-
-# The TAGFILES tag can be used to specify one or more tagfiles.
-
-TAGFILES =
-
-# When a file name is specified after GENERATE_TAGFILE, doxygen will create
-# a tag file that is based on the input files it reads.
-
-GENERATE_TAGFILE =
-
-# If the ALLEXTERNALS tag is set to YES all external classes will be listed
-# in the class index. If set to NO only the inherited external classes
-# will be listed.
-
-ALLEXTERNALS = NO
-
-# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
-# in the modules index. If set to NO, only the current project's groups will
-# be listed.
-
-EXTERNAL_GROUPS = YES
-
-# The PERL_PATH should be the absolute path and name of the perl script
-# interpreter (i.e. the result of `which perl').
-
-PERL_PATH = /usr/bin/perl
-
-#---------------------------------------------------------------------------
-# Configuration options related to the dot tool
-#---------------------------------------------------------------------------
-
-# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
-# generate a inheritance diagram (in Html, RTF and LaTeX) for classes with base or
-# super classes. Setting the tag to NO turns the diagrams off. Note that this
-# option is superceded by the HAVE_DOT option below. This is only a fallback. It is
-# recommended to install and use dot, since it yield more powerful graphs.
-
-CLASS_DIAGRAMS = YES
-
-# If set to YES, the inheritance and collaboration graphs will hide
-# inheritance and usage relations if the target is undocumented
-# or is not a class.
-
-HIDE_UNDOC_RELATIONS = YES
-
-# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
-# available from the path. This tool is part of Graphviz, a graph visualization
-# toolkit from AT&T and Lucent Bell Labs. The other options in this section
-# have no effect if this option is set to NO (the default)
-
-HAVE_DOT = NO
-
-# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect inheritance relations. Setting this tag to YES will force the
-# the CLASS_DIAGRAMS tag to NO.
-
-CLASS_GRAPH = YES
-
-# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect implementation dependencies (inheritance, containment, and
-# class references variables) of the class with other documented classes.
-
-COLLABORATION_GRAPH = YES
-
-# If set to YES, the inheritance and collaboration graphs will show the
-# relations between templates and their instances.
-
-TEMPLATE_RELATIONS = YES
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
-# tags are set to YES then doxygen will generate a graph for each documented
-# file showing the direct and indirect include dependencies of the file with
-# other documented files.
-
-INCLUDE_GRAPH = YES
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
-# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
-# documented header file showing the documented files that directly or
-# indirectly include this file.
-
-INCLUDED_BY_GRAPH = YES
-
-# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
-# will graphical hierarchy of all classes instead of a textual one.
-
-GRAPHICAL_HIERARCHY = YES
-
-# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
-# generated by dot. Possible values are png, jpg, or gif
-# If left blank png will be used.
-
-DOT_IMAGE_FORMAT = png
-
-# The tag DOT_PATH can be used to specify the path where the dot tool can be
-# found. If left blank, it is assumed the dot tool can be found on the path.
-
-DOT_PATH =
-
-# The DOTFILE_DIRS tag can be used to specify one or more directories that
-# contain dot files that are included in the documentation (see the
-# \dotfile command).
-
-DOTFILE_DIRS =
-
-# The MAX_DOT_GRAPH_WIDTH tag can be used to set the maximum allowed width
-# (in pixels) of the graphs generated by dot. If a graph becomes larger than
-# this value, doxygen will try to truncate the graph, so that it fits within
-# the specified constraint. Beware that most browsers cannot cope with very
-# large images.
-
-MAX_DOT_GRAPH_WIDTH = 1024
-
-# The MAX_DOT_GRAPH_HEIGHT tag can be used to set the maximum allows height
-# (in pixels) of the graphs generated by dot. If a graph becomes larger than
-# this value, doxygen will try to truncate the graph, so that it fits within
-# the specified constraint. Beware that most browsers cannot cope with very
-# large images.
-
-MAX_DOT_GRAPH_HEIGHT = 1024
-
-# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
-# generate a legend page explaining the meaning of the various boxes and
-# arrows in the dot generated graphs.
-
-GENERATE_LEGEND = YES
-
-# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
-# remove the intermedate dot files that are used to generate
-# the various graphs.
-
-DOT_CLEANUP = YES
-
-#---------------------------------------------------------------------------
-# Configuration::addtions related to the search engine
-#---------------------------------------------------------------------------
-
-# The SEARCHENGINE tag specifies whether or not a search engine should be
-# used. If set to NO the values of all tags below this one will be ignored.
-
-SEARCHENGINE = NO
-
-# The CGI_NAME tag should be the name of the CGI script that
-# starts the search engine (doxysearch) with the correct parameters.
-# A script with this name will be generated by doxygen.
-
-CGI_NAME = search.cgi
-
-# The CGI_URL tag should be the absolute URL to the directory where the
-# cgi binaries are located. See the documentation of your http daemon for
-# details.
-
-CGI_URL =
-
-# The DOC_URL tag should be the absolute URL to the directory where the
-# documentation is located. If left blank the absolute path to the
-# documentation, with file:// prepended to it, will be used.
-
-DOC_URL =
-
-# The DOC_ABSPATH tag should be the absolute path to the directory where the
-# documentation is located. If left blank the directory on the local machine
-# will be used.
-
-DOC_ABSPATH =
-
-# The BIN_ABSPATH tag must point to the directory where the doxysearch binary
-# is installed.
-
-BIN_ABSPATH = /usr/local/bin/
-
-# The EXT_DOC_PATHS tag can be used to specify one or more paths to
-# documentation generated for other projects. This allows doxysearch to search
-# the documentation for these projects as well.
-
-EXT_DOC_PATHS =
diff --git a/libs/srtp/doc/Doxyfile.in b/libs/srtp/doc/Doxyfile.in
new file mode 100644
index 0000000000..129a03d6db
--- /dev/null
+++ b/libs/srtp/doc/Doxyfile.in
@@ -0,0 +1,2412 @@
+# Doxyfile 1.8.11
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project.
+#
+# All text after a double hash (##) is considered a comment and is placed in
+# front of the TAG it is preceding.
+#
+# All text after a single hash (#) is considered a comment and will be ignored.
+# The format is:
+# TAG = value [value, ...]
+# For lists, items can also be appended using:
+# TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (\" \").
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# This tag specifies the encoding used for all characters in the config file
+# that follow. The default is UTF-8 which is also the encoding used for all text
+# before the first occurrence of this tag. Doxygen uses libiconv (or the iconv
+# built into libc) for the transcoding. See http://www.gnu.org/software/libiconv
+# for the list of possible encodings.
+# The default value is: UTF-8.
+
+DOXYFILE_ENCODING = UTF-8
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded by
+# double-quotes, unless you are using Doxywizard) that should identify the
+# project for which the documentation is generated. This name is used in the
+# title of most generated pages and in a few other places.
+# The default value is: My Project.
+
+PROJECT_NAME = libSRTP
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number. This
+# could be handy for archiving the generated documentation or if some version
+# control system is used.
+
+PROJECT_NUMBER = LIBSRTPVERSIONNUMBER
+
+# Using the PROJECT_BRIEF tag one can provide an optional one line description
+# for a project that appears at the top of each page and should give viewer a
+# quick idea about the purpose of the project. Keep the description short.
+
+PROJECT_BRIEF =
+
+# With the PROJECT_LOGO tag one can specify a logo or an icon that is included
+# in the documentation. The maximum height of the logo should not exceed 55
+# pixels and the maximum width should not exceed 200 pixels. Doxygen will copy
+# the logo to the output directory.
+
+PROJECT_LOGO =
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path
+# into which the generated documentation will be written. If a relative path is
+# entered, it will be relative to the location where doxygen was started. If
+# left blank the current directory will be used.
+
+OUTPUT_DIRECTORY =
+
+# If the CREATE_SUBDIRS tag is set to YES then doxygen will create 4096 sub-
+# directories (in 2 levels) under the output directory of each output format and
+# will distribute the generated files over these directories. Enabling this
+# option can be useful when feeding doxygen a huge amount of source files, where
+# putting all generated files in the same directory would otherwise causes
+# performance problems for the file system.
+# The default value is: NO.
+
+CREATE_SUBDIRS = NO
+
+# If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII
+# characters to appear in the names of generated files. If set to NO, non-ASCII
+# characters will be escaped, for example _xE3_x81_x84 will be used for Unicode
+# U+3044.
+# The default value is: NO.
+
+ALLOW_UNICODE_NAMES = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all
+# documentation generated by doxygen is written. Doxygen will use this
+# information to generate all constant output in the proper language.
+# Possible values are: Afrikaans, Arabic, Armenian, Brazilian, Catalan, Chinese,
+# Chinese-Traditional, Croatian, Czech, Danish, Dutch, English (United States),
+# Esperanto, Farsi (Persian), Finnish, French, German, Greek, Hungarian,
+# Indonesian, Italian, Japanese, Japanese-en (Japanese with English messages),
+# Korean, Korean-en (Korean with English messages), Latvian, Lithuanian,
+# Macedonian, Norwegian, Persian (Farsi), Polish, Portuguese, Romanian, Russian,
+# Serbian, Serbian-Cyrillic, Slovak, Slovene, Spanish, Swedish, Turkish,
+# Ukrainian and Vietnamese.
+# The default value is: English.
+
+OUTPUT_LANGUAGE = English
+
+# If the BRIEF_MEMBER_DESC tag is set to YES, doxygen will include brief member
+# descriptions after the members that are listed in the file and class
+# documentation (similar to Javadoc). Set to NO to disable this.
+# The default value is: YES.
+
+BRIEF_MEMBER_DESC = YES
+
+# If the REPEAT_BRIEF tag is set to YES, doxygen will prepend the brief
+# description of a member or function before the detailed description
+#
+# Note: If both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
+# brief descriptions will be completely suppressed.
+# The default value is: YES.
+
+REPEAT_BRIEF = NO
+
+# This tag implements a quasi-intelligent brief description abbreviator that is
+# used to form the text in various listings. Each string in this list, if found
+# as the leading text of the brief description, will be stripped from the text
+# and the result, after processing the whole list, is used as the annotated
+# text. Otherwise, the brief description is used as-is. If left blank, the
+# following values are used ($name is automatically replaced with the name of
+# the entity):The $name class, The $name widget, The $name file, is, provides,
+# specifies, contains, represents, a, an and the.
+
+ABBREVIATE_BRIEF =
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
+# doxygen will generate a detailed section even if there is only a brief
+# description.
+# The default value is: NO.
+
+ALWAYS_DETAILED_SEC = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
+# inherited members of a class in the documentation of that class as if those
+# members were ordinary class members. Constructors, destructors and assignment
+# operators of the base classes will not be shown.
+# The default value is: NO.
+
+INLINE_INHERITED_MEMB = NO
+
+# If the FULL_PATH_NAMES tag is set to YES, doxygen will prepend the full path
+# before files name in the file list and in the header files. If set to NO the
+# shortest path that makes the file name unique will be used
+# The default value is: YES.
+
+FULL_PATH_NAMES = NO
+
+# The STRIP_FROM_PATH tag can be used to strip a user-defined part of the path.
+# Stripping is only done if one of the specified strings matches the left-hand
+# part of the path. The tag can be used to show relative paths in the file list.
+# If left blank the directory from which doxygen is run is used as the path to
+# strip.
+#
+# Note that you can specify absolute paths here, but also relative paths, which
+# will be relative from the directory where doxygen is started.
+# This tag requires that the tag FULL_PATH_NAMES is set to YES.
+
+STRIP_FROM_PATH =
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of the
+# path mentioned in the documentation of a class, which tells the reader which
+# header file to include in order to use a class. If left blank only the name of
+# the header file containing the class definition is used. Otherwise one should
+# specify the list of include paths that are normally passed to the compiler
+# using the -I flag.
+
+STRIP_FROM_INC_PATH =
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter (but
+# less readable) file names. This can be useful is your file systems doesn't
+# support long names like on DOS, Mac, or CD-ROM.
+# The default value is: NO.
+
+SHORT_NAMES = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then doxygen will interpret the
+# first line (until the first dot) of a Javadoc-style comment as the brief
+# description. If set to NO, the Javadoc-style will behave just like regular Qt-
+# style comments (thus requiring an explicit @brief command for a brief
+# description.)
+# The default value is: NO.
+
+JAVADOC_AUTOBRIEF = NO
+
+# If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first
+# line (until the first dot) of a Qt-style comment as the brief description. If
+# set to NO, the Qt-style will behave just like regular Qt-style comments (thus
+# requiring an explicit \brief command for a brief description.)
+# The default value is: NO.
+
+QT_AUTOBRIEF = NO
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make doxygen treat a
+# multi-line C++ special comment block (i.e. a block of //! or /// comments) as
+# a brief description. This used to be the default behavior. The new default is
+# to treat a multi-line C++ comment block as a detailed description. Set this
+# tag to YES if you prefer the old behavior instead.
+#
+# Note that setting this tag to YES also means that rational rose comments are
+# not recognized any more.
+# The default value is: NO.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the
+# documentation from any documented member that it re-implements.
+# The default value is: YES.
+
+INHERIT_DOCS = YES
+
+# If the SEPARATE_MEMBER_PAGES tag is set to YES then doxygen will produce a new
+# page for each member. If set to NO, the documentation of a member will be part
+# of the file/class/namespace that contains it.
+# The default value is: NO.
+
+SEPARATE_MEMBER_PAGES = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab. Doxygen
+# uses this value to replace tabs by spaces in code fragments.
+# Minimum value: 1, maximum value: 16, default value: 4.
+
+TAB_SIZE = 4
+
+# This tag can be used to specify a number of aliases that act as commands in
+# the documentation. An alias has the form:
+# name=value
+# For example adding
+# "sideeffect=@par Side Effects:\n"
+# will allow you to put the command \sideeffect (or @sideeffect) in the
+# documentation, which will result in a user-defined paragraph with heading
+# "Side Effects:". You can put \n's in the value part of an alias to insert
+# newlines.
+
+ALIASES =
+
+# This tag can be used to specify a number of word-keyword mappings (TCL only).
+# A mapping has the form "name=value". For example adding "class=itcl::class"
+# will allow you to use the command class in the itcl::class meaning.
+
+TCL_SUBST =
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources
+# only. Doxygen will then generate output that is more tailored for C. For
+# instance, some of the names that are used will be different. The list of all
+# members will be omitted, etc.
+# The default value is: NO.
+
+OPTIMIZE_OUTPUT_FOR_C = YES
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java or
+# Python sources only. Doxygen will then generate output that is more tailored
+# for that language. For instance, namespaces will be presented as packages,
+# qualified scopes will look different, etc.
+# The default value is: NO.
+
+OPTIMIZE_OUTPUT_JAVA = NO
+
+# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran
+# sources. Doxygen will then generate output that is tailored for Fortran.
+# The default value is: NO.
+
+OPTIMIZE_FOR_FORTRAN = NO
+
+# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL
+# sources. Doxygen will then generate output that is tailored for VHDL.
+# The default value is: NO.
+
+OPTIMIZE_OUTPUT_VHDL = NO
+
+# Doxygen selects the parser to use depending on the extension of the files it
+# parses. With this tag you can assign which parser to use for a given
+# extension. Doxygen has a built-in mapping, but you can override or extend it
+# using this tag. The format is ext=language, where ext is a file extension, and
+# language is one of the parsers supported by doxygen: IDL, Java, Javascript,
+# C#, C, C++, D, PHP, Objective-C, Python, Fortran (fixed format Fortran:
+# FortranFixed, free formatted Fortran: FortranFree, unknown formatted Fortran:
+# Fortran. In the later case the parser tries to guess whether the code is fixed
+# or free formatted code, this is the default for Fortran type files), VHDL. For
+# instance to make doxygen treat .inc files as Fortran files (default is PHP),
+# and .f files as C (default is Fortran), use: inc=Fortran f=C.
+#
+# Note: For files without extension you can use no_extension as a placeholder.
+#
+# Note that for custom extensions you also need to set FILE_PATTERNS otherwise
+# the files are not read by doxygen.
+
+EXTENSION_MAPPING =
+
+# If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments
+# according to the Markdown format, which allows for more readable
+# documentation. See http://daringfireball.net/projects/markdown/ for details.
+# The output of markdown processing is further processed by doxygen, so you can
+# mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in
+# case of backward compatibilities issues.
+# The default value is: YES.
+
+MARKDOWN_SUPPORT = YES
+
+# When enabled doxygen tries to link words that correspond to documented
+# classes, or namespaces to their corresponding documentation. Such a link can
+# be prevented in individual cases by putting a % sign in front of the word or
+# globally by setting AUTOLINK_SUPPORT to NO.
+# The default value is: YES.
+
+AUTOLINK_SUPPORT = YES
+
+# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want
+# to include (a tag file for) the STL sources as input, then you should set this
+# tag to YES in order to let doxygen match functions declarations and
+# definitions whose arguments contain STL classes (e.g. func(std::string);
+# versus func(std::string) {}). This also make the inheritance and collaboration
+# diagrams that involve STL classes more complete and accurate.
+# The default value is: NO.
+
+BUILTIN_STL_SUPPORT = NO
+
+# If you use Microsoft's C++/CLI language, you should set this option to YES to
+# enable parsing support.
+# The default value is: NO.
+
+CPP_CLI_SUPPORT = NO
+
+# Set the SIP_SUPPORT tag to YES if your project consists of sip (see:
+# http://www.riverbankcomputing.co.uk/software/sip/intro) sources only. Doxygen
+# will parse them like normal C++ but will assume all classes use public instead
+# of private inheritance when no explicit protection keyword is present.
+# The default value is: NO.
+
+SIP_SUPPORT = NO
+
+# For Microsoft's IDL there are propget and propput attributes to indicate
+# getter and setter methods for a property. Setting this option to YES will make
+# doxygen to replace the get and set methods by a property in the documentation.
+# This will only work if the methods are indeed getting or setting a simple
+# type. If this is not the case, or you want to show the methods anyway, you
+# should set this option to NO.
+# The default value is: YES.
+
+IDL_PROPERTY_SUPPORT = YES
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
+# tag is set to YES then doxygen will reuse the documentation of the first
+# member in the group (if any) for the other members of the group. By default
+# all members of a group must be documented explicitly.
+# The default value is: NO.
+
+DISTRIBUTE_GROUP_DOC = NO
+
+# If one adds a struct or class to a group and this option is enabled, then also
+# any nested class or struct is added to the same group. By default this option
+# is disabled and one has to add nested compounds explicitly via \ingroup.
+# The default value is: NO.
+
+GROUP_NESTED_COMPOUNDS = NO
+
+# Set the SUBGROUPING tag to YES to allow class member groups of the same type
+# (for instance a group of public functions) to be put as a subgroup of that
+# type (e.g. under the Public Functions section). Set it to NO to prevent
+# subgrouping. Alternatively, this can be done per class using the
+# \nosubgrouping command.
+# The default value is: YES.
+
+SUBGROUPING = YES
+
+# When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and unions
+# are shown inside the group in which they are included (e.g. using \ingroup)
+# instead of on a separate page (for HTML and Man pages) or section (for LaTeX
+# and RTF).
+#
+# Note that this feature does not work in combination with
+# SEPARATE_MEMBER_PAGES.
+# The default value is: NO.
+
+INLINE_GROUPED_CLASSES = NO
+
+# When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and unions
+# with only public data fields or simple typedef fields will be shown inline in
+# the documentation of the scope in which they are defined (i.e. file,
+# namespace, or group documentation), provided this scope is documented. If set
+# to NO, structs, classes, and unions are shown on a separate page (for HTML and
+# Man pages) or section (for LaTeX and RTF).
+# The default value is: NO.
+
+INLINE_SIMPLE_STRUCTS = NO
+
+# When TYPEDEF_HIDES_STRUCT tag is enabled, a typedef of a struct, union, or
+# enum is documented as struct, union, or enum with the name of the typedef. So
+# typedef struct TypeS {} TypeT, will appear in the documentation as a struct
+# with name TypeT. When disabled the typedef will appear as a member of a file,
+# namespace, or class. And the struct will be named TypeS. This can typically be
+# useful for C code in case the coding convention dictates that all compound
+# types are typedef'ed and only the typedef is referenced, never the tag name.
+# The default value is: NO.
+
+TYPEDEF_HIDES_STRUCT = NO
+
+# The size of the symbol lookup cache can be set using LOOKUP_CACHE_SIZE. This
+# cache is used to resolve symbols given their name and scope. Since this can be
+# an expensive process and often the same symbol appears multiple times in the
+# code, doxygen keeps a cache of pre-resolved symbols. If the cache is too small
+# doxygen will become slower. If the cache is too large, memory is wasted. The
+# cache size is given by this formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range
+# is 0..9, the default is 0, corresponding to a cache size of 2^16=65536
+# symbols. At the end of a run doxygen will report the cache usage and suggest
+# the optimal cache size from a speed point of view.
+# Minimum value: 0, maximum value: 9, default value: 0.
+
+LOOKUP_CACHE_SIZE = 0
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES, doxygen will assume all entities in
+# documentation are documented, even if no documentation was available. Private
+# class members and static file members will be hidden unless the
+# EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES.
+# Note: This will also disable the warnings about undocumented members that are
+# normally produced when WARNINGS is set to YES.
+# The default value is: NO.
+
+EXTRACT_ALL = NO
+
+# If the EXTRACT_PRIVATE tag is set to YES, all private members of a class will
+# be included in the documentation.
+# The default value is: NO.
+
+EXTRACT_PRIVATE = NO
+
+# If the EXTRACT_PACKAGE tag is set to YES, all members with package or internal
+# scope will be included in the documentation.
+# The default value is: NO.
+
+EXTRACT_PACKAGE = NO
+
+# If the EXTRACT_STATIC tag is set to YES, all static members of a file will be
+# included in the documentation.
+# The default value is: NO.
+
+EXTRACT_STATIC = NO
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES, classes (and structs) defined
+# locally in source files will be included in the documentation. If set to NO,
+# only classes defined in header files are included. Does not have any effect
+# for Java sources.
+# The default value is: YES.
+
+EXTRACT_LOCAL_CLASSES = YES
+
+# This flag is only useful for Objective-C code. If set to YES, local methods,
+# which are defined in the implementation section but not in the interface are
+# included in the documentation. If set to NO, only methods in the interface are
+# included.
+# The default value is: NO.
+
+EXTRACT_LOCAL_METHODS = NO
+
+# If this flag is set to YES, the members of anonymous namespaces will be
+# extracted and appear in the documentation as a namespace called
+# 'anonymous_namespace{file}', where file will be replaced with the base name of
+# the file that contains the anonymous namespace. By default anonymous namespace
+# are hidden.
+# The default value is: NO.
+
+EXTRACT_ANON_NSPACES = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all
+# undocumented members inside documented classes or files. If set to NO these
+# members will be included in the various overviews, but no documentation
+# section is generated. This option has no effect if EXTRACT_ALL is enabled.
+# The default value is: NO.
+
+HIDE_UNDOC_MEMBERS = YES
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all
+# undocumented classes that are normally visible in the class hierarchy. If set
+# to NO, these classes will be included in the various overviews. This option
+# has no effect if EXTRACT_ALL is enabled.
+# The default value is: NO.
+
+HIDE_UNDOC_CLASSES = NO
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend
+# (class|struct|union) declarations. If set to NO, these declarations will be
+# included in the documentation.
+# The default value is: NO.
+
+HIDE_FRIEND_COMPOUNDS = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, doxygen will hide any
+# documentation blocks found inside the body of a function. If set to NO, these
+# blocks will be appended to the function's detailed documentation block.
+# The default value is: NO.
+
+HIDE_IN_BODY_DOCS = NO
+
+# The INTERNAL_DOCS tag determines if documentation that is typed after a
+# \internal command is included. If the tag is set to NO then the documentation
+# will be excluded. Set it to YES to include the internal documentation.
+# The default value is: NO.
+
+INTERNAL_DOCS = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file
+# names in lower-case letters. If set to YES, upper-case letters are also
+# allowed. This is useful if you have classes or files whose names only differ
+# in case and if your file system supports case sensitive file names. Windows
+# and Mac users are advised to set this option to NO.
+# The default value is: system dependent.
+
+CASE_SENSE_NAMES = YES
+
+# If the HIDE_SCOPE_NAMES tag is set to NO then doxygen will show members with
+# their full class and namespace scopes in the documentation. If set to YES, the
+# scope will be hidden.
+# The default value is: NO.
+
+HIDE_SCOPE_NAMES = NO
+
+# If the HIDE_COMPOUND_REFERENCE tag is set to NO (default) then doxygen will
+# append additional text to a page's title, such as Class Reference. If set to
+# YES the compound reference will be hidden.
+# The default value is: NO.
+
+HIDE_COMPOUND_REFERENCE= NO
+
+# If the SHOW_INCLUDE_FILES tag is set to YES then doxygen will put a list of
+# the files that are included by a file in the documentation of that file.
+# The default value is: YES.
+
+SHOW_INCLUDE_FILES = NO
+
+# If the SHOW_GROUPED_MEMB_INC tag is set to YES then Doxygen will add for each
+# grouped member an include statement to the documentation, telling the reader
+# which file to include in order to use the member.
+# The default value is: NO.
+
+SHOW_GROUPED_MEMB_INC = NO
+
+# If the FORCE_LOCAL_INCLUDES tag is set to YES then doxygen will list include
+# files with double quotes in the documentation rather than with sharp brackets.
+# The default value is: NO.
+
+FORCE_LOCAL_INCLUDES = NO
+
+# If the INLINE_INFO tag is set to YES then a tag [inline] is inserted in the
+# documentation for inline members.
+# The default value is: YES.
+
+INLINE_INFO = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES then doxygen will sort the
+# (detailed) documentation of file and class members alphabetically by member
+# name. If set to NO, the members will appear in declaration order.
+# The default value is: YES.
+
+SORT_MEMBER_DOCS = YES
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the brief
+# descriptions of file, namespace and class members alphabetically by member
+# name. If set to NO, the members will appear in declaration order. Note that
+# this will also influence the order of the classes in the class list.
+# The default value is: NO.
+
+SORT_BRIEF_DOCS = NO
+
+# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the
+# (brief and detailed) documentation of class members so that constructors and
+# destructors are listed first. If set to NO the constructors will appear in the
+# respective orders defined by SORT_BRIEF_DOCS and SORT_MEMBER_DOCS.
+# Note: If SORT_BRIEF_DOCS is set to NO this option is ignored for sorting brief
+# member documentation.
+# Note: If SORT_MEMBER_DOCS is set to NO this option is ignored for sorting
+# detailed member documentation.
+# The default value is: NO.
+
+SORT_MEMBERS_CTORS_1ST = NO
+
+# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the hierarchy
+# of group names into alphabetical order. If set to NO the group names will
+# appear in their defined order.
+# The default value is: NO.
+
+SORT_GROUP_NAMES = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be sorted by
+# fully-qualified names, including namespaces. If set to NO, the class list will
+# be sorted only by class name, not including the namespace part.
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the alphabetical
+# list.
+# The default value is: NO.
+
+SORT_BY_SCOPE_NAME = NO
+
+# If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to do proper
+# type resolution of all parameters of a function it will reject a match between
+# the prototype and the implementation of a member function even if there is
+# only one candidate or it is obvious which candidate to choose by doing a
+# simple string match. By disabling STRICT_PROTO_MATCHING doxygen will still
+# accept a match between prototype and implementation in such cases.
+# The default value is: NO.
+
+STRICT_PROTO_MATCHING = NO
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or disable (NO) the todo
+# list. This list is created by putting \todo commands in the documentation.
+# The default value is: YES.
+
+GENERATE_TODOLIST = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or disable (NO) the test
+# list. This list is created by putting \test commands in the documentation.
+# The default value is: YES.
+
+GENERATE_TESTLIST = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or disable (NO) the bug
+# list. This list is created by putting \bug commands in the documentation.
+# The default value is: YES.
+
+GENERATE_BUGLIST = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or disable (NO)
+# the deprecated list. This list is created by putting \deprecated commands in
+# the documentation.
+# The default value is: YES.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional documentation
+# sections, marked by \if ... \endif and \cond
+# ... \endcond blocks.
+
+ENABLED_SECTIONS =
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines that the
+# initial value of a variable or macro / define can have for it to appear in the
+# documentation. If the initializer consists of more lines than specified here
+# it will be hidden. Use a value of 0 to hide initializers completely. The
+# appearance of the value of individual variables and macros / defines can be
+# controlled using \showinitializer or \hideinitializer command in the
+# documentation regardless of this setting.
+# Minimum value: 0, maximum value: 10000, default value: 30.
+
+MAX_INITIALIZER_LINES = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated at
+# the bottom of the documentation of classes and structs. If set to YES, the
+# list will mention the files that were used to generate the documentation.
+# The default value is: YES.
+
+SHOW_USED_FILES = YES
+
+# Set the SHOW_FILES tag to NO to disable the generation of the Files page. This
+# will remove the Files entry from the Quick Index and from the Folder Tree View
+# (if specified).
+# The default value is: YES.
+
+SHOW_FILES = YES
+
+# Set the SHOW_NAMESPACES tag to NO to disable the generation of the Namespaces
+# page. This will remove the Namespaces entry from the Quick Index and from the
+# Folder Tree View (if specified).
+# The default value is: YES.
+
+SHOW_NAMESPACES = YES
+
+# The FILE_VERSION_FILTER tag can be used to specify a program or script that
+# doxygen should invoke to get the current version for each file (typically from
+# the version control system). Doxygen will invoke the program by executing (via
+# popen()) the command command input-file, where command is the value of the
+# FILE_VERSION_FILTER tag, and input-file is the name of an input file provided
+# by doxygen. Whatever the program writes to standard output is used as the file
+# version. For an example see the documentation.
+
+FILE_VERSION_FILTER =
+
+# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed
+# by doxygen. The layout file controls the global structure of the generated
+# output files in an output format independent way. To create the layout file
+# that represents doxygen's defaults, run doxygen with the -l option. You can
+# optionally specify a file name after the option, if omitted DoxygenLayout.xml
+# will be used as the name of the layout file.
+#
+# Note that if you run doxygen from a directory containing a file called
+# DoxygenLayout.xml, doxygen will parse it automatically even if the LAYOUT_FILE
+# tag is left empty.
+
+LAYOUT_FILE =
+
+# The CITE_BIB_FILES tag can be used to specify one or more bib files containing
+# the reference definitions. This must be a list of .bib files. The .bib
+# extension is automatically appended if omitted. This requires the bibtex tool
+# to be installed. See also http://en.wikipedia.org/wiki/BibTeX for more info.
+# For LaTeX the style of the bibliography can be controlled using
+# LATEX_BIB_STYLE. To use this feature you need bibtex and perl available in the
+# search path. See also \cite for info how to create references.
+
+CITE_BIB_FILES =
+
+#---------------------------------------------------------------------------
+# Configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated to
+# standard output by doxygen. If QUIET is set to YES this implies that the
+# messages are off.
+# The default value is: NO.
+
+QUIET = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are
+# generated to standard error (stderr) by doxygen. If WARNINGS is set to YES
+# this implies that the warnings are on.
+#
+# Tip: Turn warnings on while writing the documentation.
+# The default value is: YES.
+
+WARNINGS = YES
+
+# If the WARN_IF_UNDOCUMENTED tag is set to YES then doxygen will generate
+# warnings for undocumented members. If EXTRACT_ALL is set to YES then this flag
+# will automatically be disabled.
+# The default value is: YES.
+
+WARN_IF_UNDOCUMENTED = YES
+
+# If the WARN_IF_DOC_ERROR tag is set to YES, doxygen will generate warnings for
+# potential errors in the documentation, such as not documenting some parameters
+# in a documented function, or documenting parameters that don't exist or using
+# markup commands wrongly.
+# The default value is: YES.
+
+WARN_IF_DOC_ERROR = YES
+
+# This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that
+# are documented, but have no documentation for their parameters or return
+# value. If set to NO, doxygen will only warn about wrong or incomplete
+# parameter documentation, but not about the absence of documentation.
+# The default value is: NO.
+
+WARN_NO_PARAMDOC = NO
+
+# If the WARN_AS_ERROR tag is set to YES then doxygen will immediately stop when
+# a warning is encountered.
+# The default value is: NO.
+
+WARN_AS_ERROR = NO
+
+# The WARN_FORMAT tag determines the format of the warning messages that doxygen
+# can produce. The string should contain the $file, $line, and $text tags, which
+# will be replaced by the file and line number from which the warning originated
+# and the warning text. Optionally the format may contain $version, which will
+# be replaced by the version of the file (if it could be obtained via
+# FILE_VERSION_FILTER)
+# The default value is: $file:$line: $text.
+
+WARN_FORMAT = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning and error
+# messages should be written. If left blank the output is written to standard
+# error (stderr).
+
+WARN_LOGFILE =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag is used to specify the files and/or directories that contain
+# documented source files. You may enter file names like myfile.cpp or
+# directories like /usr/src/myproject. Separate the files or directories with
+# spaces. See also FILE_PATTERNS and EXTENSION_MAPPING
+# Note: If this tag is empty the current directory is searched.
+
+INPUT = ../README.md \
+ ../include/srtp.h \
+ ../crypto/include/auth.h \
+ ../crypto/include/cipher.h \
+ ../crypto/include/crypto_types.h \
+ ../crypto/include/err.h \
+ crypto_kernel.txt
+
+# This tag can be used to specify the character encoding of the source files
+# that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses
+# libiconv (or the iconv built into libc) for the transcoding. See the libiconv
+# documentation (see: http://www.gnu.org/software/libiconv) for the list of
+# possible encodings.
+# The default value is: UTF-8.
+
+INPUT_ENCODING = UTF-8
+
+# If the value of the INPUT tag contains directories, you can use the
+# FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and
+# *.h) to filter out the source-files in the directories.
+#
+# Note that for custom extensions or not directly supported extensions you also
+# need to set EXTENSION_MAPPING for the extension otherwise the files are not
+# read by doxygen.
+#
+# If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cpp,
+# *.c++, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h,
+# *.hh, *.hxx, *.hpp, *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc,
+# *.m, *.markdown, *.md, *.mm, *.dox, *.py, *.pyw, *.f90, *.f, *.for, *.tcl,
+# *.vhd, *.vhdl, *.ucf, *.qsf, *.as and *.js.
+
+FILE_PATTERNS =
+
+# The RECURSIVE tag can be used to specify whether or not subdirectories should
+# be searched for input files as well.
+# The default value is: NO.
+
+RECURSIVE = NO
+
+# The EXCLUDE tag can be used to specify files and/or directories that should be
+# excluded from the INPUT source files. This way you can easily exclude a
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+#
+# Note that relative paths are relative to the directory from which doxygen is
+# run.
+
+EXCLUDE =
+
+# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
+# directories that are symbolic links (a Unix file system feature) are excluded
+# from the input.
+# The default value is: NO.
+
+EXCLUDE_SYMLINKS = NO
+
+# If the value of the INPUT tag contains directories, you can use the
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
+# certain files from those directories.
+#
+# Note that the wildcards are matched against the file with absolute path, so to
+# exclude all test directories for example use the pattern */test/*
+
+EXCLUDE_PATTERNS =
+
+# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
+# (namespaces, classes, functions, etc.) that should be excluded from the
+# output. The symbol name can be a fully qualified name, a word, or if the
+# wildcard * is used, a substring. Examples: ANamespace, AClass,
+# AClass::ANamespace, ANamespace::*Test
+#
+# Note that the wildcards are matched against the file with absolute path, so to
+# exclude all test directories use the pattern */test/*
+
+EXCLUDE_SYMBOLS =
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or directories
+# that contain example code fragments that are included (see the \include
+# command).
+
+EXAMPLE_PATH =
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp and
+# *.h) to filter out the source-files in the directories. If left blank all
+# files are included.
+
+EXAMPLE_PATTERNS =
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
+# searched for input files to be used with the \include or \dontinclude commands
+# irrespective of the value of the RECURSIVE tag.
+# The default value is: NO.
+
+EXAMPLE_RECURSIVE = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or directories
+# that contain images that are to be included in the documentation (see the
+# \image command).
+
+IMAGE_PATH =
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should
+# invoke to filter for each input file. Doxygen will invoke the filter program
+# by executing (via popen()) the command:
+#
+#
+#
+# where is the value of the INPUT_FILTER tag, and is the
+# name of an input file. Doxygen will then use the output that the filter
+# program writes to standard output. If FILTER_PATTERNS is specified, this tag
+# will be ignored.
+#
+# Note that the filter must not add or remove lines; it is applied before the
+# code is scanned, but not when the output code is generated. If lines are added
+# or removed, the anchors will not be placed correctly.
+#
+# Note that for custom extensions or not directly supported extensions you also
+# need to set EXTENSION_MAPPING for the extension otherwise the files are not
+# properly processed by doxygen.
+
+INPUT_FILTER =
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
+# basis. Doxygen will compare the file name with each pattern and apply the
+# filter if there is a match. The filters are a list of the form: pattern=filter
+# (like *.cpp=my_cpp_filter). See INPUT_FILTER for further information on how
+# filters are used. If the FILTER_PATTERNS tag is empty or if none of the
+# patterns match the file name, INPUT_FILTER is applied.
+#
+# Note that for custom extensions or not directly supported extensions you also
+# need to set EXTENSION_MAPPING for the extension otherwise the files are not
+# properly processed by doxygen.
+
+FILTER_PATTERNS =
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
+# INPUT_FILTER) will also be used to filter the input files that are used for
+# producing the source files to browse (i.e. when SOURCE_BROWSER is set to YES).
+# The default value is: NO.
+
+FILTER_SOURCE_FILES = NO
+
+# The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file
+# pattern. A pattern will override the setting for FILTER_PATTERN (if any) and
+# it is also possible to disable source filtering for a specific pattern using
+# *.ext= (so without naming a filter).
+# This tag requires that the tag FILTER_SOURCE_FILES is set to YES.
+
+FILTER_SOURCE_PATTERNS =
+
+# If the USE_MDFILE_AS_MAINPAGE tag refers to the name of a markdown file that
+# is part of the input, its contents will be placed on the main page
+# (index.html). This can be useful if you have a project on for instance GitHub
+# and want to reuse the introduction page also for the doxygen output.
+
+USE_MDFILE_AS_MAINPAGE = README.md
+
+#---------------------------------------------------------------------------
+# Configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will be
+# generated. Documented entities will be cross-referenced with these sources.
+#
+# Note: To get rid of all source code in the generated output, make sure that
+# also VERBATIM_HEADERS is set to NO.
+# The default value is: NO.
+
+SOURCE_BROWSER = NO
+
+# Setting the INLINE_SOURCES tag to YES will include the body of functions,
+# classes and enums directly into the documentation.
+# The default value is: NO.
+
+INLINE_SOURCES = NO
+
+# Setting the STRIP_CODE_COMMENTS tag to YES will instruct doxygen to hide any
+# special comment blocks from generated source code fragments. Normal C, C++ and
+# Fortran comments will always remain visible.
+# The default value is: YES.
+
+STRIP_CODE_COMMENTS = YES
+
+# If the REFERENCED_BY_RELATION tag is set to YES then for each documented
+# function all documented functions referencing it will be listed.
+# The default value is: NO.
+
+REFERENCED_BY_RELATION = YES
+
+# If the REFERENCES_RELATION tag is set to YES then for each documented function
+# all documented entities called/used by that function will be listed.
+# The default value is: NO.
+
+REFERENCES_RELATION = YES
+
+# If the REFERENCES_LINK_SOURCE tag is set to YES and SOURCE_BROWSER tag is set
+# to YES then the hyperlinks from functions in REFERENCES_RELATION and
+# REFERENCED_BY_RELATION lists will link to the source code. Otherwise they will
+# link to the documentation.
+# The default value is: YES.
+
+REFERENCES_LINK_SOURCE = YES
+
+# If SOURCE_TOOLTIPS is enabled (the default) then hovering a hyperlink in the
+# source code will show a tooltip with additional information such as prototype,
+# brief description and links to the definition and documentation. Since this
+# will make the HTML file larger and loading of large files a bit slower, you
+# can opt to disable this feature.
+# The default value is: YES.
+# This tag requires that the tag SOURCE_BROWSER is set to YES.
+
+SOURCE_TOOLTIPS = YES
+
+# If the USE_HTAGS tag is set to YES then the references to source code will
+# point to the HTML generated by the htags(1) tool instead of doxygen built-in
+# source browser. The htags tool is part of GNU's global source tagging system
+# (see http://www.gnu.org/software/global/global.html). You will need version
+# 4.8.6 or higher.
+#
+# To use it do the following:
+# - Install the latest version of global
+# - Enable SOURCE_BROWSER and USE_HTAGS in the config file
+# - Make sure the INPUT points to the root of the source tree
+# - Run doxygen as normal
+#
+# Doxygen will invoke htags (and that will in turn invoke gtags), so these
+# tools must be available from the command line (i.e. in the search path).
+#
+# The result: instead of the source browser generated by doxygen, the links to
+# source code will now point to the output of htags.
+# The default value is: NO.
+# This tag requires that the tag SOURCE_BROWSER is set to YES.
+
+USE_HTAGS = NO
+
+# If the VERBATIM_HEADERS tag is set the YES then doxygen will generate a
+# verbatim copy of the header file for each class for which an include is
+# specified. Set to NO to disable this.
+# See also: Section \class.
+# The default value is: YES.
+
+VERBATIM_HEADERS = YES
+
+#---------------------------------------------------------------------------
+# Configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index of all
+# compounds will be generated. Enable this if the project contains a lot of
+# classes, structs, unions or interfaces.
+# The default value is: YES.
+
+ALPHABETICAL_INDEX = NO
+
+# The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in
+# which the alphabetical index list will be split.
+# Minimum value: 1, maximum value: 20, default value: 5.
+# This tag requires that the tag ALPHABETICAL_INDEX is set to YES.
+
+COLS_IN_ALPHA_INDEX = 5
+
+# In case all classes in a project start with a common prefix, all classes will
+# be put under the same header in the alphabetical index. The IGNORE_PREFIX tag
+# can be used to specify a prefix (or a list of prefixes) that should be ignored
+# while generating the index headers.
+# This tag requires that the tag ALPHABETICAL_INDEX is set to YES.
+
+IGNORE_PREFIX =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES, doxygen will generate HTML output
+# The default value is: YES.
+
+GENERATE_HTML = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. If a
+# relative path is entered the value of OUTPUT_DIRECTORY will be put in front of
+# it.
+# The default directory is: html.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_OUTPUT = html
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for each
+# generated HTML page (for example: .htm, .php, .asp).
+# The default value is: .html.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_FILE_EXTENSION = .html
+
+# The HTML_HEADER tag can be used to specify a user-defined HTML header file for
+# each generated HTML page. If the tag is left blank doxygen will generate a
+# standard header.
+#
+# To get valid HTML the header file that includes any scripts and style sheets
+# that doxygen needs, which is dependent on the configuration options used (e.g.
+# the setting GENERATE_TREEVIEW). It is highly recommended to start with a
+# default header using
+# doxygen -w html new_header.html new_footer.html new_stylesheet.css
+# YourConfigFile
+# and then modify the file new_header.html. See also section "Doxygen usage"
+# for information on how to generate the default header that doxygen normally
+# uses.
+# Note: The header is subject to change so you typically have to regenerate the
+# default header when upgrading to a newer version of doxygen. For a description
+# of the possible markers and block names see the documentation.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_HEADER =
+
+# The HTML_FOOTER tag can be used to specify a user-defined HTML footer for each
+# generated HTML page. If the tag is left blank doxygen will generate a standard
+# footer. See HTML_HEADER for more information on how to generate a default
+# footer and what special commands can be used inside the footer. See also
+# section "Doxygen usage" for information on how to generate the default footer
+# that doxygen normally uses.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_FOOTER =
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading style
+# sheet that is used by each HTML page. It can be used to fine-tune the look of
+# the HTML output. If left blank doxygen will generate a default style sheet.
+# See also section "Doxygen usage" for information on how to generate the style
+# sheet that doxygen normally uses.
+# Note: It is recommended to use HTML_EXTRA_STYLESHEET instead of this tag, as
+# it is more robust and this tag (HTML_STYLESHEET) will in the future become
+# obsolete.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_STYLESHEET = docs.css
+
+# The HTML_EXTRA_STYLESHEET tag can be used to specify additional user-defined
+# cascading style sheets that are included after the standard style sheets
+# created by doxygen. Using this option one can overrule certain style aspects.
+# This is preferred over using HTML_STYLESHEET since it does not replace the
+# standard style sheet and is therefore more robust against future updates.
+# Doxygen will copy the style sheet files to the output directory.
+# Note: The order of the extra style sheet files is of importance (e.g. the last
+# style sheet in the list overrules the setting of the previous ones in the
+# list). For an example see the documentation.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_EXTRA_STYLESHEET =
+
+# The HTML_EXTRA_FILES tag can be used to specify one or more extra images or
+# other source files which should be copied to the HTML output directory. Note
+# that these files will be copied to the base HTML output directory. Use the
+# $relpath^ marker in the HTML_HEADER and/or HTML_FOOTER files to load these
+# files. In the HTML_STYLESHEET file, use the file name only. Also note that the
+# files will be copied as-is; there are no commands or markers available.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_EXTRA_FILES =
+
+# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen
+# will adjust the colors in the style sheet and background images according to
+# this color. Hue is specified as an angle on a colorwheel, see
+# http://en.wikipedia.org/wiki/Hue for more information. For instance the value
+# 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300
+# purple, and 360 is red again.
+# Minimum value: 0, maximum value: 359, default value: 220.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_COLORSTYLE_HUE = 220
+
+# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of the colors
+# in the HTML output. For a value of 0 the output will use grayscales only. A
+# value of 255 will produce the most vivid colors.
+# Minimum value: 0, maximum value: 255, default value: 100.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_COLORSTYLE_SAT = 100
+
+# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to the
+# luminance component of the colors in the HTML output. Values below 100
+# gradually make the output lighter, whereas values above 100 make the output
+# darker. The value divided by 100 is the actual gamma applied, so 80 represents
+# a gamma of 0.8, The value 220 represents a gamma of 2.2, and 100 does not
+# change the gamma.
+# Minimum value: 40, maximum value: 240, default value: 80.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_COLORSTYLE_GAMMA = 80
+
+# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML
+# page will contain the date and time when the page was generated. Setting this
+# to YES can help to show when doxygen was last run and thus if the
+# documentation is up to date.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_TIMESTAMP = NO
+
+# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
+# documentation will contain sections that can be hidden and shown after the
+# page has loaded.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_DYNAMIC_SECTIONS = NO
+
+# With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries
+# shown in the various tree structured indices initially; the user can expand
+# and collapse entries dynamically later on. Doxygen will expand the tree to
+# such a level that at most the specified number of entries are visible (unless
+# a fully collapsed tree already exceeds this amount). So setting the number of
+# entries 1 will produce a full collapsed tree by default. 0 is a special value
+# representing an infinite number of entries and will result in a full expanded
+# tree by default.
+# Minimum value: 0, maximum value: 9999, default value: 100.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_INDEX_NUM_ENTRIES = 100
+
+# If the GENERATE_DOCSET tag is set to YES, additional index files will be
+# generated that can be used as input for Apple's Xcode 3 integrated development
+# environment (see: http://developer.apple.com/tools/xcode/), introduced with
+# OSX 10.5 (Leopard). To create a documentation set, doxygen will generate a
+# Makefile in the HTML output directory. Running make will produce the docset in
+# that directory and running make install will install the docset in
+# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at
+# startup. See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html
+# for more information.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+GENERATE_DOCSET = NO
+
+# This tag determines the name of the docset feed. A documentation feed provides
+# an umbrella under which multiple documentation sets from a single provider
+# (such as a company or product suite) can be grouped.
+# The default value is: Doxygen generated docs.
+# This tag requires that the tag GENERATE_DOCSET is set to YES.
+
+DOCSET_FEEDNAME = "Doxygen generated docs"
+
+# This tag specifies a string that should uniquely identify the documentation
+# set bundle. This should be a reverse domain-name style string, e.g.
+# com.mycompany.MyDocSet. Doxygen will append .docset to the name.
+# The default value is: org.doxygen.Project.
+# This tag requires that the tag GENERATE_DOCSET is set to YES.
+
+DOCSET_BUNDLE_ID = org.doxygen.Project
+
+# The DOCSET_PUBLISHER_ID tag specifies a string that should uniquely identify
+# the documentation publisher. This should be a reverse domain-name style
+# string, e.g. com.mycompany.MyDocSet.documentation.
+# The default value is: org.doxygen.Publisher.
+# This tag requires that the tag GENERATE_DOCSET is set to YES.
+
+DOCSET_PUBLISHER_ID = org.doxygen.Publisher
+
+# The DOCSET_PUBLISHER_NAME tag identifies the documentation publisher.
+# The default value is: Publisher.
+# This tag requires that the tag GENERATE_DOCSET is set to YES.
+
+DOCSET_PUBLISHER_NAME = Publisher
+
+# If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three
+# additional HTML index files: index.hhp, index.hhc, and index.hhk. The
+# index.hhp is a project file that can be read by Microsoft's HTML Help Workshop
+# (see: http://www.microsoft.com/en-us/download/details.aspx?id=21138) on
+# Windows.
+#
+# The HTML Help Workshop contains a compiler that can convert all HTML output
+# generated by doxygen into a single compiled HTML file (.chm). Compiled HTML
+# files are now used as the Windows 98 help format, and will replace the old
+# Windows help format (.hlp) on all Windows platforms in the future. Compressed
+# HTML files also contain an index, a table of contents, and you can search for
+# words in the documentation. The HTML workshop also contains a viewer for
+# compressed HTML files.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+GENERATE_HTMLHELP = NO
+
+# The CHM_FILE tag can be used to specify the file name of the resulting .chm
+# file. You can add a path in front of the file if the result should not be
+# written to the html output directory.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+CHM_FILE =
+
+# The HHC_LOCATION tag can be used to specify the location (absolute path
+# including file name) of the HTML help compiler (hhc.exe). If non-empty,
+# doxygen will try to run the HTML help compiler on the generated index.hhp.
+# The file has to be specified with full path.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+HHC_LOCATION =
+
+# The GENERATE_CHI flag controls if a separate .chi index file is generated
+# (YES) or that it should be included in the master .chm file (NO).
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+GENERATE_CHI = NO
+
+# The CHM_INDEX_ENCODING is used to encode HtmlHelp index (hhk), content (hhc)
+# and project file content.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+CHM_INDEX_ENCODING =
+
+# The BINARY_TOC flag controls whether a binary table of contents is generated
+# (YES) or a normal table of contents (NO) in the .chm file. Furthermore it
+# enables the Previous and Next buttons.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+BINARY_TOC = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members to
+# the table of contents of the HTML help documentation and to the tree view.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+TOC_EXPAND = NO
+
+# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and
+# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated that
+# can be used as input for Qt's qhelpgenerator to generate a Qt Compressed Help
+# (.qch) of the generated HTML documentation.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+GENERATE_QHP = NO
+
+# If the QHG_LOCATION tag is specified, the QCH_FILE tag can be used to specify
+# the file name of the resulting .qch file. The path specified is relative to
+# the HTML output folder.
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QCH_FILE =
+
+# The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help
+# Project output. For more information please see Qt Help Project / Namespace
+# (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#namespace).
+# The default value is: org.doxygen.Project.
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHP_NAMESPACE = org.doxygen.Project
+
+# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt
+# Help Project output. For more information please see Qt Help Project / Virtual
+# Folders (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#virtual-
+# folders).
+# The default value is: doc.
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHP_VIRTUAL_FOLDER = doc
+
+# If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom
+# filter to add. For more information please see Qt Help Project / Custom
+# Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom-
+# filters).
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHP_CUST_FILTER_NAME =
+
+# The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the
+# custom filter to add. For more information please see Qt Help Project / Custom
+# Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom-
+# filters).
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHP_CUST_FILTER_ATTRS =
+
+# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this
+# project's filter section matches. Qt Help Project / Filter Attributes (see:
+# http://qt-project.org/doc/qt-4.8/qthelpproject.html#filter-attributes).
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHP_SECT_FILTER_ATTRS =
+
+# The QHG_LOCATION tag can be used to specify the location of Qt's
+# qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the
+# generated .qhp file.
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHG_LOCATION =
+
+# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files will be
+# generated, together with the HTML files, they form an Eclipse help plugin. To
+# install this plugin and make it available under the help contents menu in
+# Eclipse, the contents of the directory containing the HTML and XML files needs
+# to be copied into the plugins directory of eclipse. The name of the directory
+# within the plugins directory should be the same as the ECLIPSE_DOC_ID value.
+# After copying Eclipse needs to be restarted before the help appears.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+GENERATE_ECLIPSEHELP = NO
+
+# A unique identifier for the Eclipse help plugin. When installing the plugin
+# the directory name containing the HTML and XML files should also have this
+# name. Each documentation set should have its own identifier.
+# The default value is: org.doxygen.Project.
+# This tag requires that the tag GENERATE_ECLIPSEHELP is set to YES.
+
+ECLIPSE_DOC_ID = org.doxygen.Project
+
+# If you want full control over the layout of the generated HTML pages it might
+# be necessary to disable the index and replace it with your own. The
+# DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) at top
+# of each HTML page. A value of NO enables the index and the value YES disables
+# it. Since the tabs in the index contain the same information as the navigation
+# tree, you can set this option to YES if you also set GENERATE_TREEVIEW to YES.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+DISABLE_INDEX = NO
+
+# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index
+# structure should be generated to display hierarchical information. If the tag
+# value is set to YES, a side panel will be generated containing a tree-like
+# index structure (just like the one that is generated for HTML Help). For this
+# to work a browser that supports JavaScript, DHTML, CSS and frames is required
+# (i.e. any modern browser). Windows users are probably better off using the
+# HTML help feature. Via custom style sheets (see HTML_EXTRA_STYLESHEET) one can
+# further fine-tune the look of the index. As an example, the default style
+# sheet generated by doxygen has an example that shows how to put an image at
+# the root of the tree instead of the PROJECT_NAME. Since the tree basically has
+# the same information as the tab index, you could consider setting
+# DISABLE_INDEX to YES when enabling this option.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+GENERATE_TREEVIEW = NO
+
+# The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values that
+# doxygen will group on one line in the generated HTML documentation.
+#
+# Note that a value of 0 will completely suppress the enum values from appearing
+# in the overview section.
+# Minimum value: 0, maximum value: 20, default value: 4.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+ENUM_VALUES_PER_LINE = 4
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be used
+# to set the initial width (in pixels) of the frame in which the tree is shown.
+# Minimum value: 0, maximum value: 1500, default value: 250.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+TREEVIEW_WIDTH = 250
+
+# If the EXT_LINKS_IN_WINDOW option is set to YES, doxygen will open links to
+# external symbols imported via tag files in a separate window.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+EXT_LINKS_IN_WINDOW = NO
+
+# Use this tag to change the font size of LaTeX formulas included as images in
+# the HTML documentation. When you change the font size after a successful
+# doxygen run you need to manually remove any form_*.png images from the HTML
+# output directory to force them to be regenerated.
+# Minimum value: 8, maximum value: 50, default value: 10.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+FORMULA_FONTSIZE = 10
+
+# Use the FORMULA_TRANPARENT tag to determine whether or not the images
+# generated for formulas are transparent PNGs. Transparent PNGs are not
+# supported properly for IE 6.0, but are supported on all modern browsers.
+#
+# Note that when changing this option you need to delete any form_*.png files in
+# the HTML output directory before the changes have effect.
+# The default value is: YES.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+FORMULA_TRANSPARENT = YES
+
+# Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see
+# http://www.mathjax.org) which uses client side Javascript for the rendering
+# instead of using pre-rendered bitmaps. Use this if you do not have LaTeX
+# installed or if you want to formulas look prettier in the HTML output. When
+# enabled you may also need to install MathJax separately and configure the path
+# to it using the MATHJAX_RELPATH option.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+USE_MATHJAX = NO
+
+# When MathJax is enabled you can set the default output format to be used for
+# the MathJax output. See the MathJax site (see:
+# http://docs.mathjax.org/en/latest/output.html) for more details.
+# Possible values are: HTML-CSS (which is slower, but has the best
+# compatibility), NativeMML (i.e. MathML) and SVG.
+# The default value is: HTML-CSS.
+# This tag requires that the tag USE_MATHJAX is set to YES.
+
+MATHJAX_FORMAT = HTML-CSS
+
+# When MathJax is enabled you need to specify the location relative to the HTML
+# output directory using the MATHJAX_RELPATH option. The destination directory
+# should contain the MathJax.js script. For instance, if the mathjax directory
+# is located at the same level as the HTML output directory, then
+# MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax
+# Content Delivery Network so you can quickly see the result without installing
+# MathJax. However, it is strongly recommended to install a local copy of
+# MathJax from http://www.mathjax.org before deployment.
+# The default value is: http://cdn.mathjax.org/mathjax/latest.
+# This tag requires that the tag USE_MATHJAX is set to YES.
+
+MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest
+
+# The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax
+# extension names that should be enabled during MathJax rendering. For example
+# MATHJAX_EXTENSIONS = TeX/AMSmath TeX/AMSsymbols
+# This tag requires that the tag USE_MATHJAX is set to YES.
+
+MATHJAX_EXTENSIONS =
+
+# The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces
+# of code that will be used on startup of the MathJax code. See the MathJax site
+# (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an
+# example see the documentation.
+# This tag requires that the tag USE_MATHJAX is set to YES.
+
+MATHJAX_CODEFILE =
+
+# When the SEARCHENGINE tag is enabled doxygen will generate a search box for
+# the HTML output. The underlying search engine uses javascript and DHTML and
+# should work on any modern browser. Note that when using HTML help
+# (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets (GENERATE_DOCSET)
+# there is already a search function so this one should typically be disabled.
+# For large projects the javascript based search engine can be slow, then
+# enabling SERVER_BASED_SEARCH may provide a better solution. It is possible to
+# search using the keyboard; to jump to the search box use + S
+# (what the is depends on the OS and browser, but it is typically
+# , /