Merge branch 'master' into configure-log-options

cisco · Feb 17, 2017 · beaf9d8 · beaf9d8
2 parents 1b333ec + a3c68bc
commit beaf9d8
Show file tree

Hide file tree

Showing 8 changed files with 15 additions and 87 deletions.
diff --git a/README.md b/README.md
@@ -15,7 +15,7 @@ and authentication to the RTP header and payload. SRTP is an IETF Standard,
 defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt), and was developed
 in the IETF Audio/Video Transport (AVT) Working Group. This library supports
 all of the mandatory features of SRTP, but not all of the optional features. See
-the [Supported Features](#license) section for more detailed information.
+the [Supported Features](#supported-features) section for more detailed information.
 
 This document is also used to generate the documentation files in the /doc/
 folder where a more detailed reference to the libSRTP API and related functions
@@ -282,7 +282,6 @@ Option                    | Description
 ---------                 | -------
 \-\-help                  | provides a usage summary
 \-\-enable-debug-logging  | enable debug logging in all modules
-\-\-enable-generic-aesicm | in changes for ismacryp
 \-\-enable-log-stdout     | redirecting logging to stdout
 \-\-with-log-file <file>  | use file for logging
 \-\-enable-openssl        | use OpenSSL crypto primitives
@@ -439,9 +438,7 @@ contributed support for building under MSVC. Andris Pavenis
 contributed many important fixes. Brian West contributed changes to
 enable dynamic linking. Yves Shumann reported documentation bugs.
 Randell Jesup contributed a working SRTCP implementation and other
-fixes. Alex Vanzella and Will Clark contributed changes so that the
-AES ICM implementation can be used for ISMA media encryption. Steve
-Underwood contributed x86_64 portability changes. We also give
+fixes. Steve Underwood contributed x86_64 portability changes. We also give
 thanks to Fredrik Thulin, Brian Weis, Mark Baugher, Jeff Chan, Bill
 Simon, Douglas Smith, Bill May, Richard Preistley, Joe Tardo and
 others for contributions, comments, and corrections.
@@ -467,8 +464,3 @@ SHA-1 is defined in FIPS-180-1, available online at the NIST website.
 HMAC is defined in [RFC2104](https://www.ietf.org/rfc/rfc2104.txt)
 and HMAC-SHA1 test vectors are available
 in [RFC2202](https://www.ietf.org/rfc/rfc2202.txt).
-
-ICM is defined by draft-irtf-cfrg-icm-00.txt, and its application in
-ISMAcryp (the Internet Streaming Media Alliance 1.0 Encryption and
-Authentication) is defined in that specification.  It is available
-from http://www.isma.tv/.
diff --git a/config.h_win32vc7 b/config.h_win32vc7
@@ -22,9 +22,6 @@
 /* Define to use logging to stdout. */
 #undef ERR_REPORTING_STDOUT
 
-/* Define this to use ISMAcryp code. */
-#undef GENERIC_AESICM
-
 /* Define to 1 if you have the <arpa/inet.h> header file. */
 #undef HAVE_ARPA_INET_H
 

diff --git a/config.hw b/config.hw
@@ -21,9 +21,6 @@
 /* Define to use logging to stdout. */
 #define ERR_REPORTING_STDOUT 1
 
-/* Define this to use ISMAcryp code. */
-/* #undef GENERIC_AESICM */
-
 /* Define to 1 if you have the <arpa/inet.h> header file. */
 /* #undef HAVE_ARPA_INET_H */
 

diff --git a/config_in.h b/config_in.h
@@ -18,9 +18,6 @@
 /* Define to use logging to stdout. */
 #undef ERR_REPORTING_STDOUT
 
-/* Define this to use ISMAcryp code. */
-#undef GENERIC_AESICM
-
 /* Define to 1 if you have the <arpa/inet.h> header file. */
 #undef HAVE_ARPA_INET_H
 

diff --git a/configure b/configure
@@ -700,7 +700,6 @@ ac_subst_files=''
 ac_user_opts='
 enable_option_checking
 enable_debug
-enable_generic_aesicm
 enable_openssl
 with_openssl_dir
 enable_openssl_kdf
@@ -1335,7 +1334,6 @@ Optional Features:
   --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
   --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
   --disable-debug         do not compile in dynamic debugging system
-  --enable-generic-aesicm compile in changes for ISMAcryp
   --enable-openssl        compile in OpenSSL crypto engine
   --enable-openssl-kdf    Use OpenSSL KDF algorithm
   --enable-stdout         use stdout for debug/error reporting
@@ -5579,23 +5577,6 @@ fi
 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_debug" >&5
 $as_echo "$enable_debug" >&6; }
 
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use ISMAcryp code" >&5
-$as_echo_n "checking whether to use ISMAcryp code... " >&6; }
-# Check whether --enable-generic-aesicm was given.
-if test "${enable_generic_aesicm+set}" = set; then :
-  enableval=$enable_generic_aesicm;
-else
-  enable_generic_aesicm=no
-fi
-
-if test "$enable_generic_aesicm" = "yes"; then
-
-$as_echo "#define GENERIC_AESICM 1" >>confdefs.h
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_generic_aesicm" >&5
-$as_echo "$enable_generic_aesicm" >&6; }
-
 
 
 

diff --git a/configure.in b/configure.in
@@ -184,15 +184,6 @@ if test "$enable_debug_logging" = "yes"; then
 fi
 AC_MSG_RESULT([$enable_debug_logging])
 
-AC_MSG_CHECKING([whether to use ISMAcryp code])
-AC_ARG_ENABLE([generic-aesicm],
-  [AS_HELP_STRING([--enable-generic-aesicm], [compile in changes for ISMAcryp])],
-  [], [enable_generic_aesicm=no])
-if test "$enable_generic_aesicm" = "yes"; then
-   AC_DEFINE([GENERIC_AESICM], [1], [Define this to use ISMAcryp code.])
-fi
-AC_MSG_RESULT([$enable_generic_aesicm])
-
 PKG_PROG_PKG_CONFIG
 AS_IF([test "x$PKG_CONFIG" != "x"], [PKG_CONFIG="$PKG_CONFIG --static"])
 

diff --git a/crypto/cipher/aes_icm.c b/crypto/cipher/aes_icm.c
@@ -92,7 +92,7 @@ srtp_debug_module_t srtp_mod_aes_icm = {
  *
  */
 
-static srtp_err_status_t srtp_aes_icm_alloc_ismacryp (srtp_cipher_t **c, int key_len, int forIsmacryp)
+static srtp_err_status_t srtp_aes_icm_alloc (srtp_cipher_t **c, int key_len, int tlen)
 {
     extern const srtp_cipher_type_t srtp_aes_icm;
     srtp_aes_icm_ctx_t *icm;
@@ -101,15 +101,12 @@ static srtp_err_status_t srtp_aes_icm_alloc_ismacryp (srtp_cipher_t **c, int key
                 "allocating cipher with key length %d", key_len);
 
     /*
-     * Ismacryp, for example, uses 16 byte key + 8 byte
-     * salt  so this function is called with key_len = 24.
      * The check for key_len = 30/38/46 does not apply. Our usage
      * of aes functions with key_len = values other than 30
      * has not broken anything. Don't know what would be the
      * effect of skipping this check for srtp in general.
      */
-    if (!(forIsmacryp && key_len > 16 && key_len < 30) &&
-        key_len != 30 && key_len != 38 && key_len != 46) {
+    if (key_len != 30 && key_len != 38 && key_len != 46) {
         return srtp_err_status_bad_param;
     }
 
@@ -150,11 +147,6 @@ static srtp_err_status_t srtp_aes_icm_alloc_ismacryp (srtp_cipher_t **c, int key
     return srtp_err_status_ok;
 }
 
-static srtp_err_status_t srtp_aes_icm_alloc (srtp_cipher_t **c, int key_len, int forIsmacryp)
-{
-    return srtp_aes_icm_alloc_ismacryp(c, key_len, 0);
-}
-
 static srtp_err_status_t srtp_aes_icm_dealloc (srtp_cipher_t *c)
 {
     srtp_aes_icm_ctx_t *ctx;
@@ -193,9 +185,7 @@ static srtp_err_status_t srtp_aes_icm_context_init (void *cv, const uint8_t *key
     srtp_err_status_t status;
     int base_key_len, copy_len;
 
-    if (c->key_size > 16 && c->key_size < 30) { /* Ismacryp */
-        base_key_len = 16;
-    } else if (c->key_size == 30 || c->key_size == 38 || c->key_size == 46) {
+    if (c->key_size == 30 || c->key_size == 38 || c->key_size == 46) {
         base_key_len = c->key_size - 14;
     } else{
         return srtp_err_status_bad_param;
@@ -271,7 +261,7 @@ static srtp_err_status_t srtp_aes_icm_set_iv (void *cv, uint8_t *iv, srtp_cipher
  *
  * this is an internal, hopefully inlined function
  */
-static void srtp_aes_icm_advance_ismacryp (srtp_aes_icm_ctx_t *c, uint8_t forIsmacryp)
+static void srtp_aes_icm_advance (srtp_aes_icm_ctx_t *c)
 {
     /* fill buffer with new keystream */
     v128_copy(&c->keystream_buffer, &c->counter);
@@ -284,17 +274,8 @@ static void srtp_aes_icm_advance_ismacryp (srtp_aes_icm_ctx_t *c, uint8_t forIsm
                 v128_hex_string(&c->keystream_buffer));
 
     /* clock counter forward */
-
-    if (forIsmacryp) {
-        uint32_t temp;
-        //alex's clock counter forward
-        temp = ntohl(c->counter.v32[3]);
-	++temp;
-        c->counter.v32[3] = htonl(temp);
-    } else {
-        if (!++(c->counter.v8[15])) {
-            ++(c->counter.v8[14]);
-        }
+    if (!++(c->counter.v8[15])) {
+        ++(c->counter.v8[14]);
     }
 }
 
@@ -311,16 +292,16 @@ static void srtp_aes_icm_advance_ismacryp (srtp_aes_icm_ctx_t *c, uint8_t forIsm
  *  - fill buffer then add in remaining (< 16) bytes of keystream
  */
 
-static srtp_err_status_t srtp_aes_icm_encrypt_ismacryp (srtp_aes_icm_ctx_t *c,
-                                                 unsigned char *buf, unsigned int *enc_len,
-                                                 int forIsmacryp)
+static srtp_err_status_t srtp_aes_icm_encrypt (void *cv,
+                                               unsigned char *buf, unsigned int *enc_len)
 {
+    srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t*)cv;
     unsigned int bytes_to_encr = *enc_len;
     unsigned int i;
     uint32_t *b;
 
-    /* check that there's enough segment left but not for ismacryp*/
-    if (!forIsmacryp && (bytes_to_encr + htons(c->counter.v16[7])) > 0xffff) {
+    /* check that there's enough segment left*/
+    if ((bytes_to_encr + htons(c->counter.v16[7])) > 0xffff) {
         return srtp_err_status_terminus;
     }
 
@@ -355,7 +336,7 @@ static srtp_err_status_t srtp_aes_icm_encrypt_ismacryp (srtp_aes_icm_ctx_t *c,
     for (i = 0; i < (bytes_to_encr / sizeof(v128_t)); i++) {
 
         /* fill buffer with new keystream */
-        srtp_aes_icm_advance_ismacryp(c, forIsmacryp);
+        srtp_aes_icm_advance(c);
 
         /*
          * add keystream into the data buffer (this would be a lot faster
@@ -403,7 +384,7 @@ static srtp_err_status_t srtp_aes_icm_encrypt_ismacryp (srtp_aes_icm_ctx_t *c,
     if ((bytes_to_encr & 0xf) != 0) {
 
         /* fill buffer with new keystream */
-        srtp_aes_icm_advance_ismacryp(c, forIsmacryp);
+        srtp_aes_icm_advance(c);
 
         for (i = 0; i < (bytes_to_encr & 0xf); i++) {
             *buf++ ^= c->keystream_buffer.v8[i];
@@ -421,12 +402,6 @@ static srtp_err_status_t srtp_aes_icm_encrypt_ismacryp (srtp_aes_icm_ctx_t *c,
     return srtp_err_status_ok;
 }
 
-static srtp_err_status_t srtp_aes_icm_encrypt (void *cv, unsigned char *buf, unsigned int *enc_len)
-{
-    srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv;
-    return srtp_aes_icm_encrypt_ismacryp(c, buf, enc_len, 0);
-}
-
 static const char srtp_aes_icm_description[] = "aes integer counter mode";
 
 static const uint8_t srtp_aes_icm_test_case_0_key[30] = {

diff --git a/srtp/srtp.c b/srtp/srtp.c
@@ -634,8 +634,6 @@ static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) {
 
 /* Get the base key length corresponding to a given combined key+salt
  * length for the given cipher.
- * Assumption is that for AES-ICM a key length < 30 is Ismacryp using
- * AES-128 and short salts; everything else uses a salt length of 14.
  * TODO: key and salt lengths should be separate fields in the policy.  */
 static inline int base_key_length(const srtp_cipher_type_t *cipher, int key_length)
 {