Skip to content
Browse files

continuing merge from jesup, several minor fixes

  • Loading branch information...
1 parent 28b5915 commit fec49ddc1df930773054cffb9b4c5ba3f4a3af59 @davidmcgrew davidmcgrew committed
View
2 LICENSE
@@ -1,6 +1,6 @@
/*
*
- * Copyright (c) 2001-2003 Cisco Systems, Inc.
+ * Copyright (c) 2001-2005 Cisco Systems, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
View
6 Makefile.in
@@ -70,6 +70,10 @@ kernel = crypto/kernel/crypto_kernel.o crypto/kernel/alloc.o \
cryptobj = $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(replay)
+aesicm = crypto/cipher/cipher.o crypto/cipher/aes.o crypto/cipher/aes_icm.o \
+ crypto/hash/auth.o crypto/kernel/alloc.o crypto/kernel/err.o \
+ crypto/math/datatypes.o crypto/replay/rdbx.o
+
aesicmobj = $(aesicm) $(rng)
# gdoi is the group domain of interpretation for isakmp, a group key
@@ -176,7 +180,7 @@ install:
uninstall:
rm -rf /usr/local/include/srtp
rm -rf /usr/local/lib/libsrtp.a
- if [ -f libaesicm.a ]; then rm -rf /usr/local/lib/libaesicm.a; fi
+ rm -rf /usr/local/lib/libaesicm.a
clean:
rm -rf $(cryptobj) $(srtpobj) $(cryptomath) $(table_apps) TAGS \
View
28 TODO
@@ -1,5 +1,18 @@
TODO List
+1.4.1
+
+ - document which fields are in NBO/HBO, and check for consistency.
+
+ - move HAVE_U_LONG_LONG inside of datatypes.c, or some other
+ separate file
+
+ - re-write configure.in to make cross-compilation easier
+
+ - eliminate GENERIC_AESICM by generalizing the code a bit
+
+Older comments
+
- add tests for key_limit_t datatype
- move octet_get_weight() from datatypes.c to math.c (any other
@@ -10,11 +23,6 @@ Changes and additions planned
Make cipher and auth dealloc() functions zeroize the key-storage
areas before calling free().
- Fix UST
- - implement scatter/gather API
- - SRTP using UST
- - possibly add legacy SHA1 usage
-
Eliminate key_len from auth_init()
Doucument internal APIs (cipher, auth, srtp_protect, ...)
@@ -23,18 +31,13 @@ Changes and additions planned
SRTP options not (yet) included in this libaray:
- the aes-f8-mode cipher
- - HMAC-SHA-1
- the Master Key Index
- re-keying using the key derivation function (only the initial
use of the PRF has been implemented, as it's sufficient
for most uses)
-INCOMPLETE ADDITIONS
-
- Added DES and 3DES ICM.
-
-PLANNED CHANGES
+(OLD) PLANNED CHANGES
strip out test/lfsr.c
@@ -61,6 +64,3 @@ PLANNED CHANGES
Consider eliminating low-level alloc functions in favor of len()
functions, so that there need not be multiple allocations within a
particular alloc() function.
-
- Update test/stat-driver.c so that it tests the rand_source API.
- Add a pseudorandom rand_source.
View
2 VERSION
@@ -1 +1 @@
-1.4.0
+1.4.2
View
14 config_in.h
@@ -1,7 +1,7 @@
/*
* config_in.h
*
- * template for header config file for Secure RTP and UST implementation
+ * template for header config file for Secure RTP and libcryptomodule
*
* David A. McGrew
* Cisco Systems, Inc.
@@ -21,6 +21,10 @@
#define HAVE_MACHINE_TYPES_H 0
#define HAVE_SYS_INT_TYPES_H 0
+/* check if an unsigned 64-bit integer is supported natively */
+
+#define HAVE_U_LONG_LONG 0
+
/* check for microsoft integer definitions (e.g., cygwin) */
#define HAVE_MS_TYPES 1
@@ -82,15 +86,15 @@
#define CPU_ALTIVEC 0
/*
- * if /dev/random is available, then DEV_RANDOM == 1
+ * if /dev/urandom is available, then DEV_URANDOM == 1
*
- * /dev/random is a (true) random number generator which is
+ * /dev/urandom is a (true) random number generator which is
* implemented in many modern operating systems
*/
-#define DEV_RANDOM 0
+#define DEV_URANDOM 0
-/* check for stdlib.h - we use it for xalloc() and free() */
+/* check for stdlib.h - we use it for alloc() and free() */
#define HAVE_STDLIB_H 0
View
1,743 configure
1,258 additions, 485 deletions not shown because the diff is too large. Please use a local Git client to view these changes.
View
10 configure.in
@@ -30,7 +30,13 @@ AC_CHECK_HEADERS(sys/int_types.h)
AC_CHECK_HEADERS(syslog.h)
-AC_CHECK_TYPE(uint16_t)
+AC_CHECK_TYPES([int8,uint8,int16,uint16,int32,uint32,unit64])
+
+AC_CHECK_TYPE(unsigned long long, HAVE_U_LONG_LONG=1, HAVE_U_LONG_LONG=0)
+
+if test $HAVE_U_LONG_LONG = 1; then
+ AC_DEFINE(HAVE_U_LONG_LONG)
+fi
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
@@ -108,7 +114,7 @@ if test $GDOI = 1; then
AC_SUBST(GDOI_OBJS)
fi
-AC_CONFIG_HEADER(include/config.h:config_in.h)
+AC_CONFIG_HEADER(crypto/include/config.h:config_in.h)
AC_OUTPUT(Makefile)
View
5 crypto/Makefile
@@ -1,4 +1,4 @@
-# Makefile for libcryptokernel.a
+# Makefile for libcryptomodule.a
#
# David A. McGrew
# Cisco Systems, Inc.
@@ -27,6 +27,7 @@ p=00112233445566778899aabbccddeeff
c=69c4e0d86a7b0430d8cdb78070b4c55a
runtest: $(testapp)
+ test/env # print out information on the build environment
@echo "running libcryptomodule test applications..."
test `test/aes_calc $k $p` = $c
test/cipher_driver -v >/dev/null
@@ -85,7 +86,7 @@ libcryptomodule.a: $(cryptobj)
testapp = test/cipher_driver test/datatypes_driver \
test/stat_driver test/sha1_driver test/kernel_driver \
- test/aes_calc test/rand_gen
+ test/aes_calc test/rand_gen test/env
all: libcryptomodule.a $(testapp)
View
296 crypto/cipher/aes.c
@@ -1353,19 +1353,7 @@ uint32_t U4[256] = {
/* aes internals */
-/*
- * gf2_8_shift(x) returns the result of the GF(2^8) 'multiply by x'
- * operation, using the field representation from AES. This function
- * is used in the AES key expansion routine.
- */
-
-inline gf2_8
-gf2_8_shift(gf2_8 input) {
- if ((input & 128) == 0)
- return input << 1;
- else
- return (input << 1) ^ gf2_8_field_polynomial;
-}
+extern debug_module_t mod_aes_icm;
inline void
aes_expand_encryption_key(const v128_t key,
@@ -1381,6 +1369,11 @@ aes_expand_encryption_key(const v128_t key,
expanded_key[0].v32[2] = key.v32[2];
expanded_key[0].v32[3] = key.v32[3];
+#if 0
+ debug_print(mod_aes_icm,
+ "expanded key[0]: %s", v128_hex_string(&expanded_key[0]));
+#endif
+
/* loop over round keys */
for (i=1; i < 11; i++) {
@@ -1400,10 +1393,15 @@ aes_expand_encryption_key(const v128_t key,
expanded_key[i].v32[2] =
expanded_key[i].v32[1] ^ expanded_key[i-1].v32[2];
-
+
expanded_key[i].v32[3] =
expanded_key[i].v32[2] ^ expanded_key[i-1].v32[3];
+#if 0
+ debug_print2(mod_aes_icm,
+ "expanded key[%d]: %s", i,v128_hex_string(&expanded_key[i]));
+#endif
+
/* modify round constant */
rc = gf2_8_shift(rc);
@@ -1467,7 +1465,7 @@ aes_expand_decryption_key(const v128_t key,
#else /* assume CPU_CISC */
uint32_t c0, c1, c2, c3;
-
+
c0 = U0[aes_sbox[expanded_key[i].octet[0]]]
^ U1[aes_sbox[expanded_key[i].octet[1]]]
^ U2[aes_sbox[expanded_key[i].octet[2]]]
@@ -1628,17 +1626,13 @@ aes_inv_final_round(v128_t *state, v128_t round_key) {
#elif CPU_RISC
-#if !WORDS_BIGENDIAN
-#error "only big-endian RISC is supported, please choose CPU_CISC in config.h"
-#endif
-
inline void
aes_round(v128_t *state, const v128_t round_key) {
uint32_t column0, column1, column2, column3;
/* compute the columns of the output square in terms of the octets
of state, using the tables T0, T1, T2, T3 */
-
+#if WORDS_BIGENDIAN
column0 = T0[state->v32[0] >> 24] ^ T1[(state->v32[1] >> 16) & 0xff]
^ T2[(state->v32[2] >> 8) & 0xff] ^ T3[state->v32[3] & 0xff];
@@ -1650,6 +1644,19 @@ aes_round(v128_t *state, const v128_t round_key) {
column3 = T0[state->v32[3] >> 24] ^ T1[(state->v32[0] >> 16) & 0xff]
^ T2[(state->v32[1] >> 8) & 0xff] ^ T3[state->v32[2] & 0xff];
+#elif !WORDS_BIGENDIAN
+ column0 = T0[state->v32[0] & 0xff] ^ T1[(state->v32[1] >> 8) & 0xff]
+ ^ T2[(state->v32[2] >> 16) & 0xff] ^ T3[state->v32[3] >> 24];
+
+ column1 = T0[state->v32[1] & 0xff] ^ T1[(state->v32[2] >> 8) & 0xff]
+ ^ T2[(state->v32[3] >> 16) & 0xff] ^ T3[state->v32[0] >> 24];
+
+ column2 = T0[state->v32[2] & 0xff] ^ T1[(state->v32[3] >> 8) & 0xff]
+ ^ T2[(state->v32[0] >> 16) & 0xff] ^ T3[state->v32[1] >> 24];
+
+ column3 = T0[state->v32[3] & 0xff] ^ T1[(state->v32[0] >> 8) & 0xff]
+ ^ T2[(state->v32[1] >> 16) & 0xff] ^ T3[state->v32[2] >> 24];
+#endif /* WORDS_BIGENDIAN */
state->v32[0] = column0 ^ round_key.v32[0];
state->v32[1] = column1 ^ round_key.v32[1];
@@ -1660,11 +1667,13 @@ aes_round(v128_t *state, const v128_t round_key) {
inline void
aes_inv_round(v128_t *state, const v128_t round_key) {
- unsigned long column0, column1, column2, column3;
+ uint32_t column0, column1, column2, column3;
/* compute the columns of the output square in terms of the octets
of state, using the tables U0, U1, U2, U3 */
+#if WORDS_BIGENDIAN
+ /* FIX! WRong indexes */
column0 = U0[state->v32[0] >> 24] ^ U1[(state->v32[3] >> 16) & 0xff]
^ U2[(state->v32[2] >> 8) & 0xff] ^ U3[state->v32[1] & 0xff];
@@ -1676,6 +1685,19 @@ aes_inv_round(v128_t *state, const v128_t round_key) {
column3 = U0[state->v32[3] >> 24] ^ U1[(state->v32[2] >> 16) & 0xff]
^ U2[(state->v32[1] >> 8) & 0xff] ^ U3[state->v32[0] & 0xff];
+#elif !WORDS_BIGENDIAN
+ column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff]
+ ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[state->v32[3] >> 24];
+
+ column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff]
+ ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[state->v32[0] >> 24];
+
+ column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff]
+ ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[state->v32[1] >> 24];
+
+ column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff]
+ ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[state->v32[2] >> 24];
+#endif /* WORDS_BIGENDIAN */
state->v32[0] = column0 ^ round_key.v32[0];
state->v32[1] = column1 ^ round_key.v32[1];
@@ -1785,7 +1807,7 @@ aes_round(v128_t *state, const v128_t round_key) {
inline void
aes_inv_round(v128_t *state, const v128_t round_key) {
- unsigned long column0, column1, column2, column3;
+ uint32_t column0, column1, column2, column3;
/* compute the columns of the output square in terms of the octets
of state, using the tables U0, U1, U2, U3 */
@@ -1892,233 +1914,6 @@ aes_add_in_subkey(v128_t *state, v128_t round_key) {
}
-#if THIS_ASM_CODE_WORKS /* DAM - fix this! */
-
-/*
- * T0 starts at 0x804e600
- * T1 starts at 0x804ea00
- * T2 starts at 0x804ee00
- * T3 starts at 0x804f200
- *
- * Interface:
- *
- * ebp pointer to the stack
- * 0x8(%ebp) pointer to message
- * 0xc(%ebp) pointer to key
- * eax pointer to data (loaded with 0x8(%ebp))
- * ebx temp used for address computation
- * ecx column0
- * edx column1
- * esi column2
- * edi column3
- */
-
-#define ROUND(ADD0,ADD1,ADD2,ADD3) \
-asm ("mov (%eax),%eax"); \
-asm ("movzx %al, %ebx"); \
-asm ("mov T0(,%ebx,4),%ecx"); \
-asm ("movzx %ah,%ebx"); \
-asm ("mov T1(,%ebx,4),%edi"); \
-asm ("bswap %eax"); \
-asm ("movzx %ah,%ebx"); \
-asm ("mov T2(,%ebx,4),%esi"); \
-asm ("movzx %al,%ebx"); \
-asm ("mov T3(,%ebx,4),%edx"); \
-asm ("mov 0x8(%ebp),%eax"); \
-asm ("mov 0x4(%eax),%eax"); \
-asm ("movzx %al, %ebx"); \
-asm ("xor T0(,%ebx,4),%edx"); \
-asm ("movzx %ah,%ebx"); \
-asm ("xor T1(,%ebx,4),%ecx"); \
-asm ("bswap %eax"); \
-asm ("movzx %ah,%ebx"); \
-asm ("xor T2(,%ebx,4),%edi"); \
-asm ("movzx %al,%ebx"); \
-asm ("xor T3(,%ebx,4),%esi"); \
-asm ("mov 0x8(%ebp),%eax"); \
-asm ("mov 0x8(%eax),%eax"); \
-asm ("movzx %al, %ebx"); \
-asm ("xor T0(,%ebx,4),%esi"); \
-asm ("movzx %ah,%ebx"); \
-asm ("xor T1(,%ebx,4),%edx"); \
-asm ("bswap %eax"); \
-asm ("movzx %ah,%ebx"); \
-asm ("xor T2(,%ebx,4),%ecx"); \
-asm ("movzx %al,%ebx"); \
-asm ("xor T3(,%ebx,4),%edi"); \
-asm ("mov 0x8(%ebp),%eax"); \
-asm ("mov 0xc(%eax),%eax"); \
-asm ("movzx %al, %ebx"); \
-asm ("xor T0(,%ebx,4),%edi"); \
-asm ("movzx %ah,%ebx"); \
-asm ("xor T1(,%ebx,4),%esi"); \
-asm ("bswap %eax"); \
-asm ("movzx %ah,%ebx"); \
-asm ("xor T2(,%ebx,4),%edx"); \
-asm ("movzx %al,%ebx"); \
-asm ("xor T3(,%ebx,4),%ecx"); \
-asm ("mov 0x8(%ebp),%eax"); \
-asm ("mov 0xc(%ebp),%ebx"); \
-asm ("xor "#ADD0"(%ebx),%ecx"); \
-asm ("mov %ecx,(%eax)"); \
-asm ("xor "#ADD1"(%ebx),%edx"); \
-asm ("mov %edx,0x4(%eax)"); \
-asm ("xor "#ADD2"(%ebx),%esi"); \
-asm ("mov %esi,0x8(%eax)"); \
-asm ("xor "#ADD3"(%ebx),%edi"); \
-asm ("mov %edi,0xc(%eax)");
-
-void
-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t exp_key) {
- extern uint32_t T0[256], T1[256], T2[256], T3[256], T4[256];
-
-
- asm ("sub $0x5c,%esp");
- asm ("push %edi");
- asm ("push %esi");
- asm ("push %ebx");
- asm ("mov 0x8(%ebp),%ecx");
- asm ("mov (%ecx),%eax");
- asm ("mov 0x4(%ecx),%edx");
- asm ("mov 0xc(%ebp),%ecx");
- asm ("xor (%ecx),%eax");
- asm ("xor 0x4(%ecx),%edx");
- asm ("mov 0x8(%ebp),%ecx");
- asm ("mov %eax,(%ecx)");
- asm ("mov %edx,0x4(%ecx)");
- asm ("mov 0x8(%ebp),%eax");
- asm ("mov 0x8(%eax),%ebx");
- asm ("mov 0xc(%eax),%esi");
- asm ("mov 0xc(%ebp),%eax");
- asm ("xor 0x8(%eax),%ebx");
- asm ("xor 0xc(%eax),%esi");
- asm ("mov 0x8(%ebp),%eax");
- asm ("mov %ebx,0x8(%eax)");
- asm ("mov %esi,0xc(%eax)");
- // Initialize column0, 1, 2, & 3 (ROUND assumes them loaded)
- asm ("mov (%eax),%ecx");
- asm ("mov 0x4(%eax),%edx");
- asm ("mov 0x8(%eax),%esi");
- asm ("mov 0xc(%eax),%edi");
- //
- // ROUND 1
- //
- ROUND(0x10,0x14,0x18,0x1c)
- //
- // ROUND 2
- //
- ROUND(0x20,0x24,0x28,0x2c)
- //
- // ROUND 3
- //
- ROUND(0x30,0x34,0x38,0x3c)
- //
- // ROUND 4
- //
- ROUND(0x40,0x44,0x48,0x4c)
- //
- // ROUND 5
- //
- ROUND(0x50,0x54,0x58,0x5c)
- //
- // ROUND 6
- //
- ROUND(0x60,0x64,0x68,0x6c)
- //
- // ROUND 7
- //
- ROUND(0x70,0x74,0x78,0x7c)
- //
- // ROUND 8
- //
- ROUND(0x80,0x84,0x88,0x8c)
- //
- // ROUND 9
- //
- ROUND(0x90,0x94,0x98,0x9c)
- asm ("mov 0xc(%ebp),%eax");
- asm ("mov 0x8(%ebp),%esi");
- //
- // LAST ROUND (10)
- //
- asm ("mov 0xa0(%eax),%edx");
- asm ("mov %edx,0xfffffff0(%ebp)");
- asm ("mov 0xa4(%eax),%edx");
- asm ("mov %edx,0xfffffff4(%ebp)");
- asm ("mov 0xa8(%eax),%edx");
- asm ("mov %edx,0xfffffff8(%ebp)");
- asm ("mov 0xac(%eax),%edx");
- asm ("mov %edx,0xfffffffc(%ebp)");
- asm ("movzbl (%esi),%edx");
- asm ("mov aes_sbox(%edx),%dl");
- asm ("mov %dl,(%esi)");
- asm ("movzbl 0x4(%esi),%edx");
- asm ("mov aes_sbox(%edx),%dl");
- asm ("mov %dl,0x4(%esi)");
- asm ("movzbl 0x8(%esi),%edx");
- asm ("mov aes_sbox(%edx),%dl");
- asm ("mov %dl,0x8(%esi)");
- asm ("movzbl 0xc(%esi),%edx");
- asm ("mov aes_sbox(%edx),%dl");
- asm ("mov %dl,0xc(%esi)");
- asm ("movzbl 0x1(%esi),%edx");
- asm ("mov aes_sbox(%edx),%cl");
- asm ("movzbl 0x5(%esi),%edx");
- asm ("mov aes_sbox(%edx),%dl");
- asm ("mov %dl,0x1(%esi)");
- asm ("movzbl 0x9(%esi),%edx");
- asm ("mov aes_sbox(%edx),%dl");
- asm ("mov %dl,0x5(%esi)");
- asm ("movzbl 0xd(%esi),%edx");
- asm ("mov aes_sbox(%edx),%dl");
- asm ("mov %dl,0x9(%esi)");
- asm ("mov %cl,0xd(%esi)");
- asm ("movzbl 0xa(%esi),%edx");
- asm ("mov aes_sbox(%edx),%cl");
- asm ("movzbl 0x2(%esi),%edx");
- asm ("mov aes_sbox(%edx),%dl");
- asm ("mov %dl,0xa(%esi)");
- asm ("mov %cl,0x2(%esi)");
- asm ("movzbl 0xe(%esi),%edx");
- asm ("mov aes_sbox(%edx),%cl");
- asm ("movzbl 0x6(%esi),%edx");
- asm ("mov aes_sbox(%edx),%dl");
- asm ("mov %dl,0xe(%esi)");
- asm ("mov %cl,0x6(%esi)");
- asm ("movzbl 0xf(%esi),%edx");
- asm ("mov aes_sbox(%edx),%cl");
- asm ("movzbl 0xb(%esi),%edx");
- asm ("mov aes_sbox(%edx),%dl");
- asm ("mov %dl,0xf(%esi)");
- asm ("movzbl 0x7(%esi),%edx");
- asm ("mov aes_sbox(%edx),%dl");
- asm ("mov %dl,0xb(%esi)");
- asm ("movzbl 0x3(%esi),%edx");
- asm ("mov aes_sbox(%edx),%dl");
- asm ("mov %dl,0x7(%esi)");
- asm ("mov %cl,0x3(%esi)");
- asm ("mov 0x8(%ebp),%eax");
- asm ("mov (%eax),%ebx");
- asm ("mov 0x4(%eax),%esi");
- asm ("xor 0xfffffff0(%ebp),%ebx");
- asm ("xor 0xfffffff4(%ebp),%esi");
- asm ("mov %ebx,(%eax)");
- asm ("mov %esi,0x4(%eax)");
- asm ("mov 0x8(%ebp),%eax");
- asm ("mov 0x8(%eax),%ebx");
- asm ("mov 0xc(%eax),%esi");
- asm ("xor 0xfffffff8(%ebp),%ebx");
- asm ("xor 0xfffffffc(%ebp),%esi");
- asm ("mov %ebx,0x8(%eax)");
- asm ("mov %esi,0xc(%eax)");
- asm ("pop %ebx");
- asm ("pop %esi");
- asm ("pop %edi");
- asm ("add $0x5c,%esp");
-}
-
-#else /* unknown CPU type */
-
void
aes_encrypt(v128_t *plaintext, const aes_expanded_key_t exp_key) {
@@ -2140,7 +1935,7 @@ aes_encrypt(v128_t *plaintext, const aes_expanded_key_t exp_key) {
aes_final_round(plaintext, exp_key[10]);
- }
+}
void
aes_decrypt(v128_t *plaintext, const aes_expanded_key_t exp_key) {
@@ -2164,5 +1959,4 @@ aes_decrypt(v128_t *plaintext, const aes_expanded_key_t exp_key) {
}
-#endif /* THIS_ASM_CODE_WORKS */
View
10 crypto/cipher/aes_cbc.c
@@ -220,13 +220,13 @@ aes_cbc_decrypt(aes_cbc_ctx_t *c,
debug_print(mod_aes_cbc, "iv: %s",
v128_hex_string(&previous));
-
+
/*
* loop over ciphertext blocks, decrypting then exoring with state
* then writing plaintext to output
*/
while (bytes_to_encr > 0) {
-
+
/* set state to ciphertext input block */
for (i=0; i < 16; i++) {
state.octet[i] = *input++;
@@ -234,7 +234,7 @@ aes_cbc_decrypt(aes_cbc_ctx_t *c,
debug_print(mod_aes_cbc, "inblock: %s",
v128_hex_string(&state));
-
+
/* decrypt state */
aes_decrypt(&state, c->expanded_key);
@@ -268,7 +268,7 @@ aes_cbc_nist_encrypt(aes_cbc_ctx_t *c,
int num_pad_bytes;
err_status_t status;
- /*
+ /*
* determine the number of padding bytes that we need to add -
* this value is always between 1 and 16, inclusive.
*/
@@ -320,7 +320,7 @@ aes_cbc_nist_decrypt(aes_cbc_ctx_t *c,
pad_end--;
num_pad_bytes++;
}
-
+
/* decrement data size */
*bytes_in_data -= num_pad_bytes;
View
32 crypto/cipher/aes_icm.c
@@ -198,13 +198,27 @@ err_status_t
aes_icm_set_octet(aes_icm_ctx_t *c,
uint64_t octet_num) {
+#if (HAVE_U_LONG_LONG == 0)
+ int tail_num = low32(octet_num) & 0x0f;
+ /* 64-bit right-shift 4 */
+ uint64_t block_num = make64(high32(octet_num) >> 4,
+ ((high32(octet_num) & 0x0f)<<(32-4)) |
+ (low32(octet_num) >> 4));
+#else
int tail_num = octet_num % 16;
uint64_t block_num = octet_num / 16;
+#endif
/* set counter value */
+ /* FIX - There's no way this is correct */
c->counter.v64[0] = c->offset.v64[0];
+#if (HAVE_U_LONG_LONG == 0)
+ c->counter.v64[0] = make64(high32(c->offset.v64[0]) ^ high32(block_num),
+ low32(c->offset.v64[0]) ^ low32(block_num));
+#else
c->counter.v64[0] = c->offset.v64[0] ^ block_num;
+#endif
debug_print(mod_aes_icm,
"set_octet: %s", v128_hex_string(&c->counter));
@@ -213,7 +227,7 @@ aes_icm_set_octet(aes_icm_ctx_t *c,
if (tail_num) {
v128_copy(&c->keystream_buffer, &c->counter);
aes_encrypt(&c->keystream_buffer, c->expanded_key);
- c->bytes_in_buffer = 16;
+ c->bytes_in_buffer = sizeof(v128_t);
debug_print(mod_aes_icm, "counter: %s",
v128_hex_string(&c->counter));
@@ -274,7 +288,7 @@ aes_icm_advance(aes_icm_ctx_t *c) {
/* fill buffer with new keystream */
v128_copy(&c->keystream_buffer, &c->counter);
aes_encrypt(&c->keystream_buffer, c->expanded_key);
- c->bytes_in_buffer = 16;
+ c->bytes_in_buffer = sizeof(v128_t);
debug_print(mod_aes_icm, "counter: %s",
v128_hex_string(&c->counter));
@@ -323,9 +337,11 @@ aes_icm_encrypt(aes_icm_ctx_t *c,
if (bytes_to_encr <= c->bytes_in_buffer) {
/* deal with odd case of small bytes_to_encr */
- for (i = (16 - c->bytes_in_buffer);
- i < (16 - c->bytes_in_buffer + bytes_to_encr); i++)
+ for (i = (sizeof(v128_t) - c->bytes_in_buffer);
+ i < (sizeof(v128_t) - c->bytes_in_buffer + bytes_to_encr); i++)
+ {
*buf++ ^= c->keystream_buffer.octet[i];
+ }
c->bytes_in_buffer -= bytes_to_encr;
@@ -335,7 +351,7 @@ aes_icm_encrypt(aes_icm_ctx_t *c,
} else {
/* encrypt bytes until the remaining data is 16-byte aligned */
- for (i=(16 - c->bytes_in_buffer); i < 16; i++)
+ for (i=(sizeof(v128_t) - c->bytes_in_buffer); i < sizeof(v128_t); i++)
*buf++ ^= c->keystream_buffer.octet[i];
bytes_to_encr -= c->bytes_in_buffer;
@@ -344,7 +360,7 @@ aes_icm_encrypt(aes_icm_ctx_t *c,
}
/* now loop over entire 16-byte blocks of keystream */
- for (i=0; i < (bytes_to_encr/16); i++) {
+ for (i=0; i < (bytes_to_encr/sizeof(v128_t)); i++) {
/* fill buffer with new keystream */
aes_icm_advance(c);
@@ -401,7 +417,7 @@ aes_icm_encrypt(aes_icm_ctx_t *c,
*buf++ ^= c->keystream_buffer.octet[i];
/* reset the keystream buffer size to right value */
- c->bytes_in_buffer = 16 - i;
+ c->bytes_in_buffer = sizeof(v128_t) - i;
} else {
/* no tail, so just reset the keystream buffer size to zero */
@@ -464,7 +480,7 @@ cipher_test_case_t aes_icm_test_case_0 = {
NULL /* pointer to next testcase */
};
-
+
/*
* note: the encrypt function is identical to the decrypt function
*/
View
11 crypto/cipher/cipher.c
@@ -93,7 +93,7 @@ cipher_type_self_test(const cipher_type_t *ct) {
debug_print(mod_cipher, "running self-test for cipher %s",
ct->description);
-
+
/*
* check to make sure that we have at least one test case, and
* return an error if we don't - we need to be paranoid here
@@ -123,7 +123,7 @@ cipher_type_self_test(const cipher_type_t *ct) {
cipher_dealloc(c);
return status;
}
-
+
/* copy plaintext into test buffer */
if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) {
cipher_dealloc(c);
@@ -178,7 +178,7 @@ cipher_type_self_test(const cipher_type_t *ct) {
cipher_dealloc(c);
return err_status_algo_fail;
}
-
+
/*
* test the decrypt function
*/
@@ -257,7 +257,7 @@ cipher_type_self_test(const cipher_type_t *ct) {
test_case = test_case->next_test_case;
++case_num;
}
-
+
/* now run some random invertibility tests */
/* allocate cipher, using paramaters from the first test case */
@@ -269,7 +269,8 @@ cipher_type_self_test(const cipher_type_t *ct) {
rand_source_init();
for (j=0; j < NUM_RAND_TESTS; j++) {
- int length, plaintext_len;
+ unsigned length;
+ int plaintext_len;
octet_t key[MAX_KEY_LEN];
octet_t iv[MAX_KEY_LEN];
View
2 crypto/hash/hmac.c
@@ -171,7 +171,7 @@ hmac_update(hmac_ctx_t *state, const octet_t *message, int msg_octets) {
}
err_status_t
-hmac_compute(hmac_ctx_t *state, const octet_t *message,
+hmac_compute(hmac_ctx_t *state, const void *message,
int msg_octets, int tag_len, octet_t *result) {
uint32_t hash_value[5];
uint32_t H[5];
View
8 crypto/include/aes.h
@@ -69,14 +69,6 @@ aes_encrypt(v128_t *plaintext, const aes_expanded_key_t exp_key);
void
aes_decrypt(v128_t *plaintext, const aes_expanded_key_t exp_key);
-/*
- * gf2_8_shift(x) returns the next gf2_8 value in the cyclic
- * representation of that field
- */
-
-gf2_8
-gf2_8_shift(octet_t input);
-
#if 0
/*
* internal functions
View
2 crypto/include/aes_icm.h
@@ -18,8 +18,8 @@ typedef struct {
v128_t counter; /* holds the counter value */
v128_t offset; /* initial offset value */
v128_t keystream_buffer; /* buffers bytes of keystream */
- int bytes_in_buffer; /* number of unused bytes in buffer */
aes_expanded_key_t expanded_key; /* the cipher key */
+ int bytes_in_buffer; /* number of unused bytes in buffer */
} aes_icm_ctx_t;
View
66 crypto/include/config.h
@@ -1,8 +1,8 @@
-/* include/config.h. Generated automatically by configure. */
+/* crypto/include/config.h. Generated by configure. */
/*
- * config.h
+ * config_in.h
*
- * template for header config file for Secure RTP and UST implementation
+ * template for header config file for Secure RTP and libcryptomodule
*
* David A. McGrew
* Cisco Systems, Inc.
@@ -14,38 +14,37 @@
/* if we're on a big endian machine, we need to define this */
-#include <sys/types.h>
-#if (BYTE_ORDER == BIG_ENDIAN)
-#define WORDS_BIGENDIAN 1
-#else
-#define WORDS_BIGENDIAN 0
-#endif
+#define WORDS_BIGENDIAN 1
/* check for <stdint.h> or <machine/types.h> */
-#define HAVE_STDINT_H 1
+#define HAVE_STDINT_H 1
#define HAVE_MACHINE_TYPES_H 1
#define HAVE_SYS_INT_TYPES_H 0
+/* check if an unsigned 64-bit integer is supported natively */
+
+#define HAVE_U_LONG_LONG 1
+
/* check for microsoft integer definitions (e.g., cygwin) */
#define HAVE_MS_TYPES 1
/* if we don't have uio.h, we'll need to define struct iovec */
-#define HAVE_SYS_UIO_H 1
+#define HAVE_SYS_UIO_H 1
/* <unistd.h> is used by some test/ apps */
-#define HAVE_UNISTD_H 1
+#define HAVE_UNISTD_H 1
/* test apps should use inet_aton(), if it's available */
-#define HAVE_INET_ATON 1
+#define HAVE_INET_ATON 1
/* check if we have syslog functions */
-#define HAVE_SYSLOG_H 1
+#define HAVE_SYSLOG_H 1
/* check to see if the user has requested the use of syslog */
@@ -57,15 +56,15 @@
/* define ERR_REPORTING_FILE to have messages sent to file */
-#define ERR_REPORTING_FILE
+#define ERR_REPORTING_FILE
-/*
+/*
* set ENABLE_DEBUGGING to 1 to compile in dynamic debugging system,
* set it to 0 to not compile in dynamic debugging (for a slight
* performance improvement)
*/
-#define ENABLE_DEBUGGING 1
+#define ENABLE_DEBUGGING 1
/* if we're going to use GDOI, define SRTP_GDOI to 1 */
@@ -76,44 +75,33 @@
* Note that more than one type can be defined at once; this is so
* that special instructions and other optimizations can be handled
* independently.
- *
+ *
* CPU_RISC RISC machines (assume slow byte access)
* CPU_CISC CISC machines (e.g. Intel)
- *
- */
-
-#if WORDS_BIGENDIAN
-#define CPU_RISC 1
-#else
-#define CPU_CISC 1
-#endif
-
-/*
- * define CPU_16 if cryptoalgorithms should use 16-bit operations -
- * this is probably only the case on very low-end devices
+ * CPU_ALTIVEC Motorola's SIMD instruction set
+ *
*/
-#define CPU_16 0
-/*
- * define CPU_ALTIVEC in order to use the G4/G5 processor's AltiVec
- * SIMD instruction set where possible
- */
+#define CPU_RISC 1
+#define CPU_CISC 0
#define CPU_ALTIVEC 0
-
/*
- * if /dev/random is available, then DEV_RANDOM == 1
+ * if /dev/urandom is available, then DEV_URANDOM == 1
*
- * /dev/random is a (true) random number generator which is
+ * /dev/urandom is a (true) random number generator which is
* implemented in many modern operating systems
*/
-#define DEV_RANDOM 0
+#define DEV_URANDOM 1
/* check for stdlib.h - we use it for alloc() and free() */
#define HAVE_STDLIB_H 1
+/* whether to use ismacryp code */
+#define GENERIC_AESICM 1
+
#endif /* CONFIG_H */
View
2 crypto/include/datatypes.h
@@ -209,7 +209,7 @@ v128_right_shift(v128_t *x, int index);
(((x)->v64[0] == (y)->v64[0]) && ((x)->v64[1] == (y)->v64[1]))
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
#define _v128_xor_eq(z, x) \
( \
(z)->v32[0] ^= (x)->v32[0], \
View
6 crypto/include/err.h
@@ -48,7 +48,9 @@
#include "config.h" /* check for ERR_REPORTING_SYSLOG */
+#ifdef ERR_REPORTING_FILE
#include <stdio.h>
+#endif
#include <stdarg.h>
@@ -163,8 +165,8 @@ err_report(int priority, char *format, ...);
*/
typedef struct {
- unsigned int on; /* 1 if debugging is on, 0 if it is off */
- char *name; /* printable name for debug module */
+ int on; /* 1 if debugging is on, 0 if it is off */
+ char *name; /* printable name for debug module */
} debug_module_t;
#if ENABLE_DEBUGGING
View
14 crypto/include/gf2_8.h
@@ -54,12 +54,18 @@ typedef octet_t gf2_8;
#define gf2_8_field_polynomial 0x1B
/*
- * gf2_8_shift(x) returns the next gf2_8 value in the cyclic
- * representation of that field
+ * gf2_8_shift(x) returns
*/
-gf2_8
-gf2_8_shift(octet_t input);
+/*
+ * gf2_8_shift(z) returns the result of the GF(2^8) 'multiply by x'
+ * operation, using the field representation from AES; that is, the
+ * next gf2_8 value in the cyclic representation of that field. The
+ * value z should be an octet_t.
+ */
+
+#define gf2_8_shift(z) (((z) & 128) ? \
+ (((z) << 1) ^ gf2_8_field_polynomial) : ((z) << 1))
gf2_8
gf2_8_compute_inverse(gf2_8 x);
View
2 crypto/include/hmac.h
@@ -70,7 +70,7 @@ err_status_t
hmac_update(hmac_ctx_t *state, const octet_t *message, int msg_octets);
err_status_t
-hmac_compute(hmac_ctx_t *state, const octet_t *message,
+hmac_compute(hmac_ctx_t *state, const void *message,
int msg_octets, int tag_len, octet_t *result);
View
8 crypto/include/integers.h
@@ -51,6 +51,10 @@
#include <stdlib.h> /* standard integers should be referenced here */
+#ifndef HAVE_U_LONG_LONG
+/* Used instead of #ifndef HAVE_UINT64 since we're going to define uint64_t */
+#define NO_64BIT_MATH 1
+#endif
/* use standard integer definitions, if they're available */
#if HAVE_STDINT_H
@@ -74,7 +78,7 @@
typedef unsigned short int uint16_t;
typedef unsigned int uint32_t;
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
typedef double uint64_t;
/* assert that sizeof(double) == 8 */
#else
@@ -90,7 +94,7 @@ typedef unsigned long long int uint64_t;
typedef short int int16_t;
typedef int int32_t;
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
typedef double int64_t;
/* assert that sizeof(double) == 8 */
#else
View
20 crypto/include/math.h
@@ -229,20 +229,32 @@ v128_right_shift(v128_t *x, int index);
(x)->v32[3] = ~(x)->v32[3] \
)
+/* ok for NO_64BIT_MATH if it can compare uint64_t's (even as structures) */
#define _v128_is_eq(x, y) \
(((x)->v64[0] == (y)->v64[0]) && ((x)->v64[1] == (y)->v64[1]))
+#if (HAVE_U_LONG_LONG == 0)
+#define _v128_xor_eq(z, x) \
+( \
+ (z)->v32[0] ^= (x)->v32[0], \
+ (z)->v32[1] ^= (x)->v32[1], \
+ (z)->v32[2] ^= (x)->v32[2], \
+ (z)->v32[3] ^= (x)->v32[3] \
+)
+#else
#define _v128_xor_eq(z, x) \
( \
(z)->v64[0] ^= (x)->v64[0], \
(z)->v64[1] ^= (x)->v64[1] \
)
+#endif
+#if 0
#define _v128_get_bit(x, bit) \
( \
- (x->v32[3-((bit) >> 5)] >> ((bit) & 31)) & 1 \
+ (((x)->v32[3-((bit) >> 5)] >> ((bit) & 31)) & 1) \
)
#define _v128_set_bit(x, bit) \
@@ -252,8 +264,9 @@ v128_right_shift(v128_t *x, int index);
#define _v128_clear_bit(x, bit) \
( \
- (((x)->v32[(bit) >> 5]) &= ~((unsigned long)1 << ((bit) & 31))) \
+ (((x)->v32[3-((bit) >> 5])) &= ~((uint32_t)1 << ((bit) & 31))) \
)
+#endif
#define _v128_set_bit_to(x, bit, value) \
( \
@@ -287,6 +300,7 @@ v128_right_shift(v128_t *x, int index);
#endif /* OLD */
+#if 0
#if WORDS_BIGENDIAN
#define _v128_add(z, x, y) { \
@@ -327,7 +341,7 @@ v128_right_shift(v128_t *x, int index);
}
#endif /* WORDS_BIGENDIAN */
-
+#endif
#ifdef DATATYPES_USE_MACROS /* little functions are really macros */
View
6 crypto/kernel/key.c
@@ -48,7 +48,7 @@
err_status_t
key_limit_set(key_limit_t key, const xtd_seq_num_t s) {
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
if (high32(s) == 0 && low32(s) < soft_limit)
return err_status_bad_param;
#else
@@ -77,7 +77,7 @@ key_limit_check(const key_limit_t key) {
key_event_t
key_limit_update(key_limit_t key) {
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
if (low32(key->num_left) == 0)
{
// carry
@@ -101,7 +101,7 @@ key_limit_update(key_limit_t key) {
/* we just passed the soft limit, so change the state */
key->state = key_state_past_soft_limit;
}
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
if (low32(key->num_left) == 0 && high32(key->num_left == 0))
#else
if (key->num_left < 1)
View
20 crypto/math/datatypes.c
@@ -413,25 +413,33 @@ octet_string_set_to_zero(octet_t *s, int len) {
inline uint32_t
bswap_32(uint32_t v) {
+#ifdef WORDS_BIGENDIAN
+ /* assume that we're on a big-endian machine */
+ /* htonl() does nothing */
+#else
#if CPU_CISC
-#ifndef MIPSEL /* MIPSEL stands for MIPS Endian Little, but it's not x86,
- * so ignore the assembly language */
/* assume that we're on an Intel x86 with x > 3 */
asm("bswap %0" : "=r" (v) : "0" (v));
+#else
+ /* little-endian; we can use htonl() */
+ v = htonl(v);
#endif
#endif
- /* assume that we're on a big-endian or non-intel machine */
return v;
}
inline uint64_t
bswap_64(uint64_t v) {
+#ifdef WORDS_BIGENDIAN
+ /* assume that we're on a big-endian machine */
+ /* FIX? */
+#else
#if CPU_CISC /* assume that we're on an Intel x86 with x > 3 */
-#ifndef MIPSEL /* MIPSEL stands for MIPS Endian Little, but it's not x86,
- * so ignore the assembly language */
v= (bswap_32(v >> 32)) | ((uint64_t)bswap_32((uint32_t)v)) << 32 ;
+#else
+ v = make64(htonl(low32(v)),htonl(high32(v)));
+#endif
#endif
-#endif /* assume that we're on a big-endian or non-intel machine */
return v;
}
View
13 crypto/math/gf2_8.c
@@ -48,18 +48,7 @@
#include "datatypes.h"
#include "gf2_8.h"
-/*
- * gf2_8_shift(x) returns the result of the GF(2^8) 'multiply by x'
- * operation, using the field representation from AES.
- */
-
-inline gf2_8
-gf2_8_shift(gf2_8 input) {
- if ((input & 128) == 0)
- return input << 1;
- else
- return (input << 1) ^ gf2_8_field_polynomial;
-}
+/* gf2_8_shift() moved to gf2_8.h as an inline function */
inline gf2_8
gf2_8_multiply(gf2_8 x, gf2_8 y) {
View
4 crypto/math/stat.c
@@ -11,7 +11,7 @@
debug_module_t mod_stat = {
0, /* debugging is off by default */
- "stat test" /* printable module name */
+ (char *)"stat test" /* printable module name */
};
/*
@@ -334,7 +334,7 @@ stat_test_rand_source(rand_source_func_t get_rand_bytes) {
debug_print(mod_stat, "stat: poker test: %f", poker);
if ((poker < 2.16) || (poker > 46.17)) {
- debug_print(mod_stat, "stat: failed poker test", NULL);
+ debug_print(mod_stat, "stat: failed poker test", NULL);
return err_status_algo_fail;
}
View
12 crypto/replay/rdbx.c
@@ -89,7 +89,7 @@
void
index_init(xtd_seq_num_t *pi) {
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
*pi = make64(0,0);
#else
*pi = 0;
@@ -98,7 +98,7 @@ index_init(xtd_seq_num_t *pi) {
void
index_advance(xtd_seq_num_t *pi, sequence_number_t s) {
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
/* a > ~b means a+b will generate a carry */
/* s is uint16 here */
*pi = make64(high32(*pi) + (s > ~low32(*pi) ? 1 : 0),low32(*pi) + s);
@@ -125,7 +125,7 @@ int
index_guess(const xtd_seq_num_t *local,
xtd_seq_num_t *guess,
sequence_number_t s) {
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
uint32_t local_roc = ((high32(*local) << 16) |
(low32(*local) >> 16));
uint16_t local_seq = (uint16_t) (low32(*local));
@@ -133,7 +133,7 @@ index_guess(const xtd_seq_num_t *local,
uint32_t local_roc = (uint32_t)(*local >> 16);
uint16_t local_seq = (uint16_t) *local;
#endif
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
uint32_t guess_roc = ((high32(*guess) << 16) |
(low32(*guess) >> 16));
uint16_t guess_seq = (uint16_t) (low32(*guess));
@@ -163,7 +163,7 @@ index_guess(const xtd_seq_num_t *local,
guess_seq = s;
/* Note: guess_roc is 32 bits, so this generates a 48-bit result! */
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
*guess = make64(guess_roc >> 16,
(guess_roc << 16) | guess_seq);
#else
@@ -274,7 +274,7 @@ rdbx_estimate_index(const rdbx_t *rdbx,
if (rdbx->index > seq_num_median)
#endif
return index_guess(&rdbx->index, guess, s);
-
+
#if NO_64BIT_MATH
*guess = make64(0,(uint32_t) s);
#else
View
4 crypto/rng/prng.c
@@ -86,9 +86,9 @@ x917_prng_get_octet_string(octet_t *dest, uint32_t len) {
/*
* if we need to re-initialize the prng, do so now
*
- * we cast to a 64-bit integer in order to avoid overflows
+ * avoid overflows by subtracting instead of adding
*/
- if ((uint64_t) x917_prng.octet_count + len > MAX_PRNG_OUT_LEN) {
+ if (x917_prng.octet_count > MAX_PRNG_OUT_LEN - len) {
status = x917_prng_init(x917_prng.rand);
if (status)
return status;
View
29 crypto/rng/rand_source.c
@@ -45,20 +45,32 @@
#include "rand_source.h"
+/* FIX! move to configuration file */
+#define HAS_DEV_RANDOM
+
+#ifdef HAS_DEV_RANDOM
#include <fcntl.h> /* for open() */
#include <unistd.h> /* for close() */
+#endif
/* global dev_rand_fdes is file descriptor for /dev/random */
int dev_random_fdes = 0;
+
err_status_t
rand_source_init() {
+#ifdef HAS_DEV_RANDOM
/* open /dev/random for reading */
dev_random_fdes = open("/dev/urandom", O_RDONLY, 0);
if (dev_random_fdes == 0)
return err_status_init_fail;
+#else
+ /* Generic C-library (rand()) version */
+ /* call srand() here if needed */
+ /* FIX libsrtp needs a goodrandom value source/seed */
+#endif
return err_status_ok;
}
@@ -71,19 +83,34 @@ rand_source_get_octet_string(void *dest, int len) {
* check return value to make sure enough octets were
* written
*/
+#ifdef HAS_DEV_RANDOM
if (read(dev_random_fdes, dest, len) != len)
return err_status_fail;
-
+#else
+ /* Generic C-library (rand()) version */
+ /* This is a random source of last resort */
+ while (len)
+ {
+ int val = rand();
+ /* rand() returns 0-32767 (ugh) */
+ /* Is this a good enough way to get random bytes?
+ It is if it passes FIPS-140... */
+ *dest++ = val & 0xff;
+ len--;
+ }
+#endif
return err_status_ok;
}
err_status_t
rand_source_deinit() {
+#ifdef HAS_DEV_RANDOM
if (dev_random_fdes == 0)
return err_status_dealloc_fail; /* well, we haven't really failed, *
* but there is something wrong */
close(dev_random_fdes);
+#endif
return err_status_ok;
}
View
4 crypto/test/aes_calc.c
@@ -61,7 +61,7 @@ main (int argc, char *argv[]) {
AES_KEY_LEN*2, (unsigned)strlen(argv[1]));
exit(1);
}
- len = hex_string_to_octet_string((octet_t *)&key, argv[1], AES_KEY_LEN*2);
+ len = hex_string_to_octet_string((char *)&key, argv[1], AES_KEY_LEN*2);
/* check that hex string is the right length */
if (len < AES_KEY_LEN*2) {
fprintf(stderr,
@@ -79,7 +79,7 @@ main (int argc, char *argv[]) {
16*2, (unsigned)strlen(argv[2]));
exit(1);
}
- len = hex_string_to_octet_string((octet_t *)(&data), argv[2], 16*2);
+ len = hex_string_to_octet_string((char *)(&data), argv[2], 16*2);
/* check that hex string is the right length */
if (len < 16*2) {
fprintf(stderr,
View
8 crypto/test/cipher_driver.c
@@ -82,7 +82,7 @@ cipher_array_test_throughput(cipher_t *ca[], int num_cipher);
double
cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
- int octets_in_buffer, int num_trials);
+ unsigned octets_in_buffer, int num_trials);
err_status_t
cipher_array_delete(cipher_t *cipher_array[], int num_cipher);
@@ -258,8 +258,8 @@ cipher_driver_self_test(cipher_type_t *ct) {
err_status_t
cipher_driver_test_buffering(cipher_t *c) {
- int i, j, len, num_trials = 1000;
- int buflen = 1024;
+ int i, j, num_trials = 1000;
+ unsigned len, buflen = 1024;
octet_t buffer0[buflen], buffer1[buflen], *current, *end;
octet_t idx[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -420,7 +420,7 @@ cipher_array_delete(cipher_t *cipher_array[], int num_cipher) {
double
cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
- int octets_in_buffer, int num_trials) {
+ unsigned octets_in_buffer, int num_trials) {
int i;
v128_t nonce;
clock_t timer;
View
14 crypto/test/datatypes_driver.c
@@ -55,7 +55,7 @@ void
test_hex_string_funcs();
void
-print_string(octet_t *s);
+print_string(char *s);
void
test_bswap();
@@ -71,12 +71,12 @@ main () {
int i, j;
v128_t x;
- octet_t *r =
+ char *r =
"The Moving Finger writes; and, having writ,\n"
"Moves on: nor all thy Piety nor Wit\n"
"Shall lure it back to cancel half a Line,\n"
"Nor all thy Tears wash out a Word of it.";
- octet_t *s = "incomplet";
+ char *s = "incomplet";
print_string(r);
print_string(s);
@@ -186,9 +186,9 @@ byte_order() {
void
test_hex_string_funcs() {
- octet_t hex1[] = "abadcafe";
- octet_t hex2[] = "0123456789abcdefqqqqq";
- octet_t raw[10];
+ char hex1[] = "abadcafe";
+ char hex2[] = "0123456789abcdefqqqqq";
+ char raw[10];
int len;
len = hex_string_to_octet_string(raw, hex1, strlen(hex1));
@@ -204,7 +204,7 @@ test_hex_string_funcs() {
}
void
-print_string(octet_t *s) {
+print_string(char *s) {
int i;
printf("%s\n", s);
printf("strlen(s) = %u\n", (unsigned)strlen(s));
View
19 doc/intro.txt
@@ -372,5 +372,24 @@ length as its second argument.
}
@endverbatim
+@section ISMAcryp ISMA Encryption Support
+
+The Internet Streaming Media Alliance (ISMA) specifies a way
+to pre-encrypt a media file prior to streaming. This method
+is an alternative to SRTP encryption, which is potentially
+useful when a particular media file will be streamed
+multiple times. The specification is available online
+at http://www.isma.tv/specreq.nsf/SpecRequest.
+
+libSRTP provides the encryption and decryption functions needed for ISMAcryp
+in the library @t libaesicm.a, which is included in the default
+Makefile target. This library is used by the MPEG4IP project; see
+http://mpeg4ip.sourceforge.net/.
+
+Note that ISMAcryp does not provide authentication for
+RTP nor RTCP, nor confidentiality for RTCP.
+ISMAcryp RECOMMENDS the use of SRTP message authentication for ISMAcryp
+streams while using ISMAcryp encryption to protect the media itself.
+
*/
View
17 include/err.h
@@ -87,7 +87,16 @@ typedef enum {
err_status_no_such_op = 12, /**< unsupported operation */
err_status_no_ctx = 13, /**< no appropriate context found */
err_status_cant_check = 14, /**< unable to perform desired validation */
- err_status_key_expired = 15 /**< can't use key any more */
+ err_status_key_expired = 15, /**< can't use key any more */
+ err_status_socket_err = 16, /**< error in use of socket */
+ err_status_signal_err = 17, /**< error in use POSIX signals */
+ err_status_nonce_bad = 18, /**< nonce check failed */
+ err_status_read_fail = 19, /**< couldn't read data */
+ err_status_write_fail = 20, /**< couldn't write data */
+ err_status_parse_err = 21, /**< error pasring data */
+ err_status_encode_err = 22, /**< error encoding data */
+ err_status_semaphore_err = 23,/**< error while using semaphores */
+ err_status_pfkey_err = 24 ,/**< error while using pfkey */
} err_status_t;
/**
@@ -156,8 +165,8 @@ err_report(int priority, char *format, ...);
*/
typedef struct {
- unsigned int on; /* 1 if debugging is on, 0 if it is off */
- unsigned char *name; /* printable name for debug module */
+ int on; /* 1 if debugging is on, 0 if it is off */
+ char *name; /* printable name for debug module */
} debug_module_t;
#if ENABLE_DEBUGGING
@@ -169,6 +178,8 @@ typedef struct {
/* use err_report() to report debug message */
#define debug_print(mod, format, arg) \
if (mod.on) err_report(err_level_debug, ("%s: " format), mod.name, arg)
+#define debug_print2(mod, format, arg1,arg2) \
+ if (mod.on) err_report(err_level_debug, ("%s: " format), mod.name, arg1,arg2)
#else
View
6 include/rdbx.h
@@ -18,13 +18,13 @@
#ifndef ROC_TEST
-typedef unsigned short int sequence_number_t; /* 16 bit sequence number */
-typedef unsigned long int rollover_counter_t; /* 32 bit rollover counter */
+typedef uint16_t sequence_number_t; /* 16 bit sequence number */
+typedef uint32_t rollover_counter_t; /* 32 bit rollover counter */
#else /* use small seq_num and roc datatypes for testing purposes */
typedef unsigned char sequence_number_t; /* 8 bit sequence number */
-typedef unsigned short int rollover_counter_t; /* 16 bit rollover counter */
+typedef uint16_t rollover_counter_t; /* 16 bit rollover counter */
#endif
View
52 srtp/srtp.c
@@ -171,13 +171,13 @@ srtp_stream_dealloc(srtp_t session, srtp_stream_ctx_t *stream) {
*/
/* deallocate cipher, if it is not the same as that in template */
- if (session->stream_template
+ if (session->stream_template
&& stream->rtp_cipher == session->stream_template->rtp_cipher) {
/* do nothing */
} else {
status = cipher_dealloc(stream->rtp_cipher);
if (status)
- return status;
+ return status;
}
/* deallocate auth function, if it is not the same as that in template */
@@ -190,10 +190,13 @@ srtp_stream_dealloc(srtp_t session, srtp_stream_ctx_t *stream) {
return status;
}
- /* if the key usage limit strucutre is present, deallocate it */
- if (stream->limit != NULL
- && (session->stream_template == NULL || stream->next == NULL))
+ /* deallocate key usage limit, if it is not the same as that in template */
+ if (session->stream_template
+ && stream->limit == session->stream_template->limit) {
+ /* do nothing */
+ } else {
crypto_free(stream->limit);
+ }
/*
* deallocate rtcp cipher, if it is not the same as that in
@@ -373,7 +376,7 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
rdbx_init(&srtp->rtp_rdbx);
/* initialize key limit to maximum value */
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
{
uint64_t temp;
temp = make64(UINT_MAX,UINT_MAX);
@@ -597,7 +600,7 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
/* allocate and initialize a new stream */
status = srtp_stream_clone(ctx->stream_template,
- ntohl(hdr->ssrc), &new_stream);
+ hdr->ssrc, &new_stream);
if (status)
return status;
@@ -643,7 +646,7 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
break;
case key_event_hard_limit:
srtp_handle_event(ctx, stream, event_key_hard_limit);
- return err_status_key_expired;
+ return err_status_key_expired;
default:
break;
}
@@ -691,7 +694,7 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
return status; /* we've been asked to reuse an index */
rdbx_add_index(&stream->rtp_rdbx, delta);
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
debug_print2(mod_srtp, "estimated packet index: %08x%08x",
high32(est),low32(est));
#else
@@ -706,9 +709,9 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
iv.v32[0] = 0;
iv.v32[1] = hdr->ssrc;
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
iv.v64[1] = bswap_64(make64((high32(est) << 16) | (low32(est) >> 16),
- low32(est) << 16));
+ low32(est) << 16));
#else
iv.v64[1] = bswap_64(est << 16);
#endif
@@ -718,7 +721,7 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
v128_t iv;
/* otherwise, set the index to est */
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
iv.v32[0] = 0;
iv.v32[1] = 0;
#else
@@ -731,7 +734,7 @@ srtp_stream_init(srtp_stream_ctx_t *srtp,
return err_status_cipher_fail;
/* shift est, put into network byte order */
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
est = bswap_64(make64((high32(est) << 16) |
(low32(est) >> 16),
lo32(est) << 16));
@@ -838,7 +841,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
* set estimated packet index to sequence number from header,
* and set delta equal to the same value
*/
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
est = (xtd_seq_num_t) make64(0,ntohs(hdr->seq));
delta = low32(est);
#else
@@ -864,7 +867,11 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
return status;
}
- debug_print(mod_srtp, "estimated packet index: %016llx", est);
+#if (HAVE_U_LONG_LONG == 0)
+ debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est),low32(est));
+#else
+ debug_print(mod_srtp, "estimated u_packet index: %016llx", est);
+#endif
/*
* update the key usage limit, and check it to make sure that we
@@ -896,7 +903,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
/* aes counter mode */
iv.v32[0] = 0;
iv.v32[1] = hdr->ssrc; /* still in network order */
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
iv.v64[1] = bswap_64(make64((high32(est) << 16) | (low32(est) >> 16),
low32(est) << 16));
#else
@@ -906,7 +913,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
} else {
/* no particular format - set the iv to the pakcet index */
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
iv.v32[0] = 0;
iv.v32[1] = 0;
#else
@@ -919,7 +926,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
return err_status_cipher_fail;
/* shift est, put into network byte order */
-#ifdef NO_64BIT_MATH
+#if (HAVE_U_LONG_LONG == 0)
est = bswap_64(make64((high32(est) << 16) |
(low32(est) >> 16),
low32(est) << 16));
@@ -984,7 +991,7 @@ srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
/* initialize auth func context */
status = auth_start(stream->rtp_auth);
if (status) return status;
-
+
/* now compute auth function over packet */
status = auth_update(stream->rtp_auth, (octet_t *)auth_start,
*pkt_octet_len - tag_len);
@@ -1150,6 +1157,13 @@ srtp_dealloc(srtp_t session) {
/* deallocate stream template, if there is one */
if (session->stream_template != NULL) {
+ status = auth_dealloc(session->stream_template->rtcp_auth);
+ if (status)
+ return status;
+ status = cipher_dealloc(session->stream_template->rtcp_cipher);
+ if (status)
+ return status;
+ crypto_free(session->stream_template->limit);
status = cipher_dealloc(session->stream_template->rtp_cipher);
if (status)
return status;
View
46 srtp/srtp_ust.c
@@ -45,10 +45,10 @@
#include "alloc.h" /* for crypto_alloc() */
#include "srtp.h"
-#include "rijndael-icm.h" /* for rijndael_icm */
+#include "aes_icm.h" /* for rijndael_icm */
-extern cipher_type_t rijndael_icm;
+extern cipher_type_t aes_icm;
extern auth_type_t tmmhv2;
/* the debug module for srtp */
@@ -121,7 +121,7 @@ typedef enum {
err_status_t
srtp_init_aes_128_prf(srtp_ctx_t *srtp, const octet_t key[30]) {
err_status_t stat;
- rijndael_icm_context c;
+ aes_icm_context c;
xtd_seq_num_t idx = 0; /* for setting icm to zero-index */
octet_t *buffer; /* temporary storage for keystream */
octet_t *enc_key_buf, *enc_salt_buf, *auth_key_buf;
@@ -135,8 +135,8 @@ srtp_init_aes_128_prf(srtp_ctx_t *srtp, const octet_t key[30]) {
buffer_size = cipher_get_key_length(srtp->ust.c)
+ auth_get_key_length(srtp->ust.h);
- /* if we're using rijndael_icm, we need to allocate room for the salt */
- if (srtp->ust.c->type == &rijndael_icm)
+ /* if we're using aes_icm, we need to allocate room for the salt */
+ if (srtp->ust.c->type == &aes_icm)
buffer_size += 16;
buffer = crypto_alloc(buffer_size);
if (buffer == NULL)
@@ -150,11 +150,11 @@ srtp_init_aes_128_prf(srtp_ctx_t *srtp, const octet_t key[30]) {
/* note that we assume that index DIV t == 0 in this implementation */
- rijndael_icm_context_init(&c, key);
+ aes_icm_context_init(&c, key);
/* exor <label> into the eigth octet of the state */
- rijndael_icm_set_div_param(&c, (uint64_t) label_encryption);
- rijndael_icm_set_segment(&c, idx);
+ aes_icm_set_div_param(&c, (uint64_t) label_encryption);
+ aes_icm_set_segment(&c, idx);
debug_print(mod_srtp, "master key: %s",
octet_string_hex_string((octet_t *)&c.expanded_key[0], 60));
@@ -162,34 +162,34 @@ srtp_init_aes_128_prf(srtp_ctx_t *srtp, const octet_t key[30]) {
debug_print(mod_srtp, "cipher ctr: %s",
octet_string_hex_string((octet_t *)&c.counter, 32));
- rijndael_icm_encrypt(&c, enc_key_buf,
+ aes_icm_encrypt(&c, enc_key_buf,
cipher_get_key_length(srtp->ust.c));
debug_print(mod_srtp, "cipher key: %s",
octet_string_hex_string(enc_key_buf, 32));
/* generate encryption salt, putting it into enc_salt_buf */
- rijndael_icm_context_init(&c, key);
+ aes_icm_context_init(&c, key);
/*
- * if the cipher in the srtp context is rijndael_icm, then we need
+ * if the cipher in the srtp context is aes_icm, then we need
* to generate the salt value
*/
- if (srtp->ust.c->type == &rijndael_icm) {
+ if (srtp->ust.c->type == &aes_icm) {
-/* printf("found rijndael_icm, generating salt\n"); */
+/* printf("found aes_icm, generating salt\n"); */
/* exor <label> into the eigth octet of the state */
- rijndael_icm_set_div_param(&c, (uint64_t) label_salt);
- rijndael_icm_set_segment(&c, idx);
+ aes_icm_set_div_param(&c, (uint64_t) label_salt);
+ aes_icm_set_segment(&c, idx);
debug_print(mod_srtp, "generating cipher salt", NULL);
debug_print(mod_srtp, "cr slt ctr: %s",
octet_string_hex_string((octet_t *)&c.counter, 32));
- rijndael_icm_encrypt(&c, enc_salt_buf, 14);
+ aes_icm_encrypt(&c, enc_salt_buf, 14);
debug_print(mod_srtp, "cipher slt: %s",
octet_string_hex_string(enc_salt_buf, 32));
@@ -202,17 +202,17 @@ srtp_init_aes_128_prf(srtp_ctx_t *srtp, const octet_t key[30]) {
/* generate authentication key, putting it into auth_key_buf */
- rijndael_icm_context_init(&c, key);
+ aes_icm_context_init(&c, key);
/* exor <label> into the eigth octet of the state */
- rijndael_icm_set_div_param(&c, (uint64_t) label_message_authentication);
- rijndael_icm_set_segment(&c, idx);
+ aes_icm_set_div_param(&c, (uint64_t) label_message_authentication);
+ aes_icm_set_segment(&c, idx);
debug_print(mod_srtp, "generating auth key", NULL);
debug_print(mod_srtp, "auth ctr: %s",
octet_string_hex_string((octet_t *)&c.counter, 32));
- rijndael_icm_encrypt(&c, auth_key_buf,
+ aes_icm_encrypt(&c, auth_key_buf,
auth_get_key_length(srtp->ust.h));
debug_print(mod_srtp, "auth key: %s",
@@ -244,10 +244,10 @@ srtp_protect(srtp_ctx_t *ctx, srtp_hdr_t *hdr, int *pkt_octet_len) {
int tag_len = ust_get_tag_len(&ctx->ust);
/* if we're using rindael counter mode, exor the ssrc into the salt */
- if (ctx->ust.c->type == &rijndael_icm) {
+ if (ctx->ust.c->type == &aes_icm) {
uint32_t ssrc = ntohl(hdr->ssrc);
- rijndael_icm_context *cipher
- = (rijndael_icm_context *)ctx->ust.c->state;
+ aes_icm_context *cipher
+ = (aes_icm_context *)ctx->ust.c->state;
/* exor the ssrc into bytes four through seven of the salt */
cipher->offset.octet[4] ^= (ssrc >> 24);
View
4 test/aes_calc.c
@@ -61,7 +61,7 @@ main (int argc, char *argv[]) {
AES_KEY_LEN*2, (unsigned)strlen(argv[1]));
exit(1);
}
- len = hex_string_to_octet_string((octet_t *)&key, argv[1], AES_KEY_LEN*2);
+ len = hex_string_to_octet_string((char *)&key, argv[1], AES_KEY_LEN*2);
/* check that hex string is the right length */
if (len < AES_KEY_LEN*2) {
fprintf(stderr,
@@ -79,7 +79,7 @@ main (int argc, char *argv[]) {
16*2, (unsigned)strlen(argv[2]));
exit(1);
}
- len = hex_string_to_octet_string((octet_t *)(&data), argv[2], 16*2);
+ len = hex_string_to_octet_string((char *)(&data), argv[2], 16*2);
/* check that hex string is the right length */
if (len < 16*2) {
fprintf(stderr,