diff options
| author | Jorge E. Moreira <jemoreira@google.com> | 2019-12-11 15:08:34 -0800 |
|---|---|---|
| committer | Jorge E. Moreira <jemoreira@google.com> | 2019-12-17 14:37:35 -0800 |
| commit | 1904160d088401788daf6b5d1130819f087ff946 (patch) | |
| tree | e2ae02b85987f58f3b30bac84dfee8c0681cccfa /crypto/include | |
| parent | 235513aa13d973d931202dfcca8b47a4a750a5e4 (diff) | |
| parent | c5a5f74e15e9b36507b6aa8009edfd81566f052f (diff) | |
| download | platform_external_libsrtp2-android10-gsi.tar.gz platform_external_libsrtp2-android10-gsi.tar.bz2 platform_external_libsrtp2-android10-gsi.zip | |
Merge remote-tracking branch 'goog/qt-gsi'platform-tools-30.0.1platform-tools-30.0.0platform-tools-29.0.6android-vts-11.0_r5android-vts-11.0_r4android-vts-11.0_r3android-vts-11.0_r2android-vts-11.0_r1android-security-11.0.0_r1android-r-preview-4android-r-preview-3android-r-preview-2android-r-preview-1android-platform-11.0.0_r9android-platform-11.0.0_r8android-platform-11.0.0_r7android-platform-11.0.0_r6android-platform-11.0.0_r5android-platform-11.0.0_r4android-platform-11.0.0_r3android-platform-11.0.0_r2android-platform-11.0.0_r10android-platform-11.0.0_r1android-mainline-11.0.0_r9android-mainline-11.0.0_r8android-mainline-11.0.0_r7android-mainline-11.0.0_r6android-mainline-11.0.0_r5android-mainline-11.0.0_r44android-mainline-11.0.0_r43android-mainline-11.0.0_r42android-mainline-11.0.0_r41android-mainline-11.0.0_r40android-mainline-11.0.0_r4android-mainline-11.0.0_r39android-mainline-11.0.0_r38android-mainline-11.0.0_r37android-mainline-11.0.0_r36android-mainline-11.0.0_r35android-mainline-11.0.0_r34android-mainline-11.0.0_r33android-mainline-11.0.0_r32android-mainline-11.0.0_r31android-mainline-11.0.0_r30android-mainline-11.0.0_r3android-mainline-11.0.0_r29android-mainline-11.0.0_r28android-mainline-11.0.0_r27android-mainline-11.0.0_r26android-mainline-11.0.0_r25android-mainline-11.0.0_r24android-mainline-11.0.0_r23android-mainline-11.0.0_r22android-mainline-11.0.0_r21android-mainline-11.0.0_r20android-mainline-11.0.0_r2android-mainline-11.0.0_r19android-mainline-11.0.0_r18android-mainline-11.0.0_r17android-mainline-11.0.0_r16android-mainline-11.0.0_r15android-mainline-11.0.0_r14android-mainline-11.0.0_r13android-mainline-11.0.0_r12android-mainline-11.0.0_r10android-mainline-11.0.0_r1android-cts-11.0_r5android-cts-11.0_r4android-cts-11.0_r3android-cts-11.0_r2android-cts-11.0_r1android-11.0.0_r9android-11.0.0_r8android-11.0.0_r7android-11.0.0_r5android-11.0.0_r45android-11.0.0_r44android-11.0.0_r43android-11.0.0_r42android-11.0.0_r41android-11.0.0_r40android-11.0.0_r4android-11.0.0_r39android-11.0.0_r38android-11.0.0_r37android-11.0.0_r36android-11.0.0_r35android-11.0.0_r34android-11.0.0_r33android-11.0.0_r32android-11.0.0_r31android-11.0.0_r30android-11.0.0_r3android-11.0.0_r29android-11.0.0_r28android-11.0.0_r27android-11.0.0_r26android-11.0.0_r25android-11.0.0_r24android-11.0.0_r23android-11.0.0_r22android-11.0.0_r21android-11.0.0_r20android-11.0.0_r2android-11.0.0_r19android-11.0.0_r18android-11.0.0_r17android-11.0.0_r16android-11.0.0_r15android-11.0.0_r14android-11.0.0_r13android-11.0.0_r12android-11.0.0_r11android-11.0.0_r10android-11.0.0_r1android11-tests-releaseandroid11-security-releaseandroid11-s1-releaseandroid11-releaseandroid11-qpr3-s1-releaseandroid11-qpr3-releaseandroid11-qpr2-releaseandroid11-qpr1-s2-releaseandroid11-qpr1-s1-releaseandroid11-qpr1-releaseandroid11-qpr1-d-s1-releaseandroid11-qpr1-d-releaseandroid11-qpr1-c-releaseandroid11-platform-releaseandroid11-mainline-tethering-releaseandroid11-mainline-sparse-2021-jan-releaseandroid11-mainline-sparse-2020-dec-releaseandroid11-mainline-releaseandroid11-mainline-permission-releaseandroid11-mainline-os-statsd-releaseandroid11-mainline-networkstack-releaseandroid11-mainline-media-swcodec-releaseandroid11-mainline-media-releaseandroid11-mainline-extservices-releaseandroid11-mainline-documentsui-releaseandroid11-mainline-conscrypt-releaseandroid11-mainline-cellbroadcast-releaseandroid11-mainline-captiveportallogin-releaseandroid11-devandroid11-d2-releaseandroid11-d1-s7-releaseandroid11-d1-s6-releaseandroid11-d1-s5-releaseandroid11-d1-s1-releaseandroid11-d1-releaseandroid11-d1-b-releaseandroid10-gsi
Change-Id: I3510ee0d511351112102c8f8e851097066597a4b
Diffstat (limited to 'crypto/include')
29 files changed, 1763 insertions, 2286 deletions
diff --git a/crypto/include/aes.h b/crypto/include/aes.h index 126f970..779c3ac 100644 --- a/crypto/include/aes.h +++ b/crypto/include/aes.h @@ -8,26 +8,26 @@ */ /* - * - * Copyright (c) 2001-2005, Cisco Systems, Inc. + * + * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -43,50 +43,41 @@ * */ -#ifndef _AES_H -#define _AES_H - -#include "config.h" +#ifndef AES_H +#define AES_H #include "datatypes.h" -#include "gf2_8.h" - -/* aes internals */ - -typedef v128_t aes_expanded_key_t[11]; +#include "err.h" -void -aes_expand_encryption_key(v128_t key, - aes_expanded_key_t expanded_key); +#ifdef __cplusplus +extern "C" { +#endif -inline void -aes_expand_decryption_key(const v128_t key, - aes_expanded_key_t expanded_key); - -void -aes_encrypt(v128_t *plaintext, const aes_expanded_key_t exp_key); +/* aes internals */ -void -aes_decrypt(v128_t *plaintext, const aes_expanded_key_t exp_key); +typedef struct { + v128_t round[15]; + int num_rounds; +} srtp_aes_expanded_key_t; -/* - * gf2_8_shift(x) returns the next gf2_8 value in the cyclic - * representation of that field - */ +srtp_err_status_t srtp_aes_expand_encryption_key( + const uint8_t *key, + int key_len, + srtp_aes_expanded_key_t *expanded_key); -gf2_8 -gf2_8_shift(octet_t input); +srtp_err_status_t srtp_aes_expand_decryption_key( + const uint8_t *key, + int key_len, + srtp_aes_expanded_key_t *expanded_key); -#if 0 -/* - * internal functions - */ +void srtp_aes_encrypt(v128_t *plaintext, + const srtp_aes_expanded_key_t *exp_key); -void -aes_init_sbox(void); +void srtp_aes_decrypt(v128_t *plaintext, + const srtp_aes_expanded_key_t *exp_key); -void -aes_compute_tables(void); -#endif +#ifdef __cplusplus +} +#endif -#endif /* _AES_H */ +#endif /* AES_H */ diff --git a/crypto/include/aes_cbc.h b/crypto/include/aes_cbc.h deleted file mode 100644 index b45d601..0000000 --- a/crypto/include/aes_cbc.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * aes_cbc.h - * - * Header for AES Cipher Blobk Chaining Mode. - * - * David A. McGrew - * Cisco Systems, Inc. - * - */ - -#ifndef AES_CBC_H -#define AES_CBC_H - -#include "aes.h" -#include "cipher.h" - -typedef struct { - v128_t state; /* cipher chaining state */ - v128_t previous; /* previous ciphertext block */ - aes_expanded_key_t expanded_key; /* the cipher key */ -} aes_cbc_ctx_t; - -err_status_t -aes_cbc_set_key(aes_cbc_ctx_t *c, - const unsigned char *key); - -err_status_t -aes_cbc_encrypt(aes_cbc_ctx_t *c, - unsigned char *buf, - unsigned int *bytes_in_data); - -err_status_t -aes_cbc_context_init(aes_cbc_ctx_t *c, const octet_t *key, - cipher_direction_t dir); - -err_status_t -aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv); - -err_status_t -aes_cbc_nist_encrypt(aes_cbc_ctx_t *c, - unsigned char *data, - unsigned int *bytes_in_data); - -err_status_t -aes_cbc_nist_decrypt(aes_cbc_ctx_t *c, - unsigned char *data, - unsigned int *bytes_in_data); - -#endif /* AES_CBC_H */ - diff --git a/crypto/include/aes_gcm.h b/crypto/include/aes_gcm.h new file mode 100644 index 0000000..4d6031f --- /dev/null +++ b/crypto/include/aes_gcm.h @@ -0,0 +1,89 @@ +/* + * aes_gcm.h + * + * Header for AES Galois Counter Mode. + * + * John A. Foley + * Cisco Systems, Inc. + * + */ +/* + * + * Copyright (c) 2013-2017, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef AES_GCM_H +#define AES_GCM_H + +#include "cipher.h" +#include "srtp.h" +#include "datatypes.h" + +#ifdef OPENSSL + +#include <openssl/evp.h> +#include <openssl/aes.h> + +typedef struct { + int key_size; + int tag_len; + EVP_CIPHER_CTX *ctx; + srtp_cipher_direction_t dir; +} srtp_aes_gcm_ctx_t; + +#endif /* OPENSSL */ + +#ifdef NSS + +#include <nss.h> +#include <pk11pub.h> + +#define MAX_AD_SIZE 2048 + +typedef struct { + int key_size; + int tag_size; + srtp_cipher_direction_t dir; + NSSInitContext *nss; + PK11SymKey *key; + uint8_t iv[12]; + uint8_t aad[MAX_AD_SIZE]; + int aad_size; + CK_GCM_PARAMS params; + uint8_t tag[16]; +} srtp_aes_gcm_ctx_t; + +#endif /* NSS */ + +#endif /* AES_GCM_H */ diff --git a/crypto/include/aes_icm.h b/crypto/include/aes_icm.h index bbfee2c..8ded156 100644 --- a/crypto/include/aes_icm.h +++ b/crypto/include/aes_icm.h @@ -8,6 +8,42 @@ * */ +/* + * + * Copyright (c) 2001-2017, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #ifndef AES_ICM_H #define AES_ICM_H @@ -15,28 +51,12 @@ #include "cipher.h" typedef struct { - v128_t counter; /* holds the counter value */ - v128_t offset; /* initial offset value */ - v128_t keystream_buffer; /* buffers bytes of keystream */ - int bytes_in_buffer; /* number of unused bytes in buffer */ - aes_expanded_key_t expanded_key; /* the cipher key */ -} aes_icm_ctx_t; - - -err_status_t -aes_icm_context_init(aes_icm_ctx_t *c, - const unsigned char *key); - -err_status_t -aes_icm_set_iv(aes_icm_ctx_t *c, void *iv); - -err_status_t -aes_icm_encrypt(aes_icm_ctx_t *c, - unsigned char *buf, unsigned int *bytes_to_encr); - -err_status_t -aes_icm_output(aes_icm_ctx_t *c, - unsigned char *buf, int bytes_to_output); + v128_t counter; /* holds the counter value */ + v128_t offset; /* initial offset value */ + v128_t keystream_buffer; /* buffers bytes of keystream */ + srtp_aes_expanded_key_t expanded_key; /* the cipher key */ + int bytes_in_buffer; /* number of unused bytes in buffer */ + int key_size; /* AES key size + 14 byte SALT */ +} srtp_aes_icm_ctx_t; #endif /* AES_ICM_H */ - diff --git a/crypto/include/rand_source.h b/crypto/include/aes_icm_ext.h index 575a2bc..ad306dd 100644 --- a/crypto/include/rand_source.h +++ b/crypto/include/aes_icm_ext.h @@ -1,32 +1,33 @@ /* - * rand_source.h + * aes_icm.h * - * implements a random source based on /dev/random + * Header for AES Integer Counter Mode. * * David A. McGrew * Cisco Systems, Inc. + * */ /* - * - * Copyright(c) 2001-2005 Cisco Systems, Inc. + * + * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -42,50 +43,41 @@ * */ +#ifndef AES_ICM_H +#define AES_ICM_H -#ifndef RAND_SOURCE -#define RAND_SOURCE - -#include "err.h" +#include "cipher.h" #include "datatypes.h" -err_status_t -rand_source_init(); +#ifdef OPENSSL -/* - * rand_source_get_octet_string() writes a random octet string. - * - * The function call rand_source_get_octet_string(dest, len) writes - * len octets of random data to the location to which dest points, - * and returns an error code. This error code should be checked, - * and if a failure is reported, the data in the buffer MUST NOT - * be used. - * - * warning: If the return code is not checked, then non-random - * data may inadvertently be used. - * - * returns: - * - err_status_ok if no problems occured. - * - [other] a problem occured, and no assumptions should - * be made about the contents of the destination - * buffer. - */ +#include <openssl/evp.h> +#include <openssl/aes.h> -err_status_t -rand_source_get_octet_string(void *dest, int length); +typedef struct { + v128_t counter; /* holds the counter value */ + v128_t offset; /* initial offset value */ + int key_size; + EVP_CIPHER_CTX *ctx; +} srtp_aes_icm_ctx_t; -err_status_t -rand_source_deinit(); +#endif /* OPENSSL */ -/* - * function prototype for a random source function - * - * A rand_source_func_t writes num_octets at the location indicated by - * dest and returns err_status_ok. Any other return value indicates - * failure. - */ +#ifdef NSS + +#include <nss.h> +#include <pk11pub.h> + +typedef struct { + v128_t counter; + v128_t offset; + int key_size; + uint8_t iv[16]; + NSSInitContext *nss; + PK11SymKey *key; + PK11Context *ctx; +} srtp_aes_icm_ctx_t; -typedef err_status_t (*rand_source_func_t) - (void *dest, int num_octets); +#endif /* NSS */ -#endif /* RAND_SOURCE */ +#endif /* AES_ICM_H */ diff --git a/crypto/include/alloc.h b/crypto/include/alloc.h index 843a7f8..1fc0410 100644 --- a/crypto/include/alloc.h +++ b/crypto/include/alloc.h @@ -1,32 +1,32 @@ /* * alloc.h * - * interface to memory allocation and deallocation, with optional debugging + * interface to memory allocation and deallocation, with optional debugging * * David A. McGrew * Cisco Systems, Inc. */ /* - * - * Copyright (c) 2001-2005 Cisco Systems, Inc. + * + * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -42,20 +42,35 @@ * */ - #ifndef CRYPTO_ALLOC_H #define CRYPTO_ALLOC_H -#include "config.h" +#include "datatypes.h" -#if HAVE_STDLIB_H -#include <stdlib.h> -#endif +#ifdef __cplusplus +extern "C" { +#endif -void * -crypto_alloc(size_t size); +/* + * srtp_crypto_alloc + * + * Allocates a block of memory of given size. The memory will be + * initialized to zero's. Free the memory with a call to srtp_crypto_free. + * + * returns pointer to memory on success or else NULL + */ +void *srtp_crypto_alloc(size_t size); + +/* + * srtp_crypto_free + * + * Frees the block of memory ptr previously allocated with + * srtp_crypto_alloc + */ +void srtp_crypto_free(void *ptr); -void -crypto_free(void *ptr); +#ifdef __cplusplus +} +#endif #endif /* CRYPTO_ALLOC_H */ diff --git a/crypto/include/auth.h b/crypto/include/auth.h index 50e6032..774ea16 100644 --- a/crypto/include/auth.h +++ b/crypto/include/auth.h @@ -8,26 +8,26 @@ */ /* - * - * Copyright (c) 2001-2005, Cisco Systems, Inc. + * + * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -43,117 +43,131 @@ * */ -#ifndef AUTH_H -#define AUTH_H +#ifndef SRTP_AUTH_H +#define SRTP_AUTH_H -#include "datatypes.h" -#include "err.h" /* error codes */ +#include "srtp.h" +#include "crypto_types.h" /* for values of auth_type_id_t */ -typedef struct auth_type_t *auth_type_pointer; -typedef struct auth_t *auth_pointer_t; +#ifdef __cplusplus +extern "C" { +#endif -typedef err_status_t (*auth_alloc_func) - (auth_pointer_t *ap, int key_len, int out_len); +typedef const struct srtp_auth_type_t *srtp_auth_type_pointer; +typedef struct srtp_auth_t *srtp_auth_pointer_t; -typedef err_status_t (*auth_init_func) - (void *state, const octet_t *key, int key_len); +typedef srtp_err_status_t (*srtp_auth_alloc_func)(srtp_auth_pointer_t *ap, + int key_len, + int out_len); -typedef err_status_t (*auth_dealloc_func)(auth_pointer_t ap); +typedef srtp_err_status_t (*srtp_auth_init_func)(void *state, + const uint8_t *key, + int key_len); -typedef err_status_t (*auth_compute_func) - (void *state, octet_t *buffer, int octets_to_auth, - int tag_len, octet_t *tag); +typedef srtp_err_status_t (*srtp_auth_dealloc_func)(srtp_auth_pointer_t ap); -typedef err_status_t (*auth_update_func) - (void *state, octet_t *buffer, int octets_to_auth); +typedef srtp_err_status_t (*srtp_auth_compute_func)(void *state, + const uint8_t *buffer, + int octets_to_auth, + int tag_len, + uint8_t *tag); -typedef err_status_t (*auth_start_func)(void *state); - -/* some syntactic sugar on these function types */ +typedef srtp_err_status_t (*srtp_auth_update_func)(void *state, + const uint8_t *buffer, + int octets_to_auth); + +typedef srtp_err_status_t (*srtp_auth_start_func)(void *state); -#define auth_type_alloc(at, a, klen, outlen) \ - ((at)->alloc((a), (klen), (outlen))) +/* some syntactic sugar on these function types */ +#define srtp_auth_type_alloc(at, a, klen, outlen) \ + ((at)->alloc((a), (klen), (outlen))) -#define auth_init(a, key) \ - (((a)->type)->init((a)->state, (key), ((a)->key_len))) +#define srtp_auth_init(a, key) \ + (((a)->type)->init((a)->state, (key), ((a)->key_len))) -#define auth_compute(a, buf, len, res) \ - (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res))) +#define srtp_auth_compute(a, buf, len, res) \ + (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res))) -#define auth_update(a, buf, len) \ - (((a)->type)->update((a)->state, (buf), (len))) +#define srtp_auth_update(a, buf, len) \ + (((a)->type)->update((a)->state, (buf), (len))) -#define auth_start(a)(((a)->type)->start((a)->state)) +#define srtp_auth_start(a) (((a)->type)->start((a)->state)) -#define auth_dealloc(c) (((c)->type)->dealloc(c)) +#define srtp_auth_dealloc(c) (((c)->type)->dealloc(c)) /* functions to get information about a particular auth_t */ +int srtp_auth_get_key_length(const struct srtp_auth_t *a); -int -auth_get_key_length(const struct auth_t *a); - -int -auth_get_tag_length(const struct auth_t *a); +int srtp_auth_get_tag_length(const struct srtp_auth_t *a); -int -auth_get_prefix_length(const struct auth_t *a); +int srtp_auth_get_prefix_length(const struct srtp_auth_t *a); /* - * auth_test_case_t is a (list of) key/message/tag values that are + * srtp_auth_test_case_t is a (list of) key/message/tag values that are * known to be correct for a particular cipher. this data can be used * to test an implementation in an on-the-fly self test of the - * correcness of the implementation. (see the auth_type_self_test() + * correctness of the implementation. (see the srtp_auth_type_self_test() * function below) */ +typedef struct srtp_auth_test_case_t { + int key_length_octets; /* octets in key */ + const uint8_t *key; /* key */ + int data_length_octets; /* octets in data */ + const uint8_t *data; /* data */ + int tag_length_octets; /* octets in tag */ + const uint8_t *tag; /* tag */ + const struct srtp_auth_test_case_t + *next_test_case; /* pointer to next testcase */ +} srtp_auth_test_case_t; + +/* srtp_auth_type_t */ +typedef struct srtp_auth_type_t { + srtp_auth_alloc_func alloc; + srtp_auth_dealloc_func dealloc; + srtp_auth_init_func init; + srtp_auth_compute_func compute; + srtp_auth_update_func update; + srtp_auth_start_func start; + const char *description; + const srtp_auth_test_case_t *test_data; + srtp_auth_type_id_t id; +} srtp_auth_type_t; + +typedef struct srtp_auth_t { + const srtp_auth_type_t *type; + void *state; + int out_len; /* length of output tag in octets */ + int key_len; /* length of key in octets */ + int prefix_len; /* length of keystream prefix */ +} srtp_auth_t; -typedef struct auth_test_case_t { - int key_length_octets; /* octets in key */ - octet_t *key; /* key */ - int data_length_octets; /* octets in data */ - octet_t *data; /* data */ - int tag_length_octets; /* octets in tag */ - octet_t *tag; /* tag */ - struct auth_test_case_t *next_test_case; /* pointer to next testcase */ -} auth_test_case_t; - -/* auth_type_t */ - -typedef struct auth_type_t { - auth_alloc_func alloc; - auth_dealloc_func dealloc; - auth_init_func init; - auth_compute_func compute; - auth_update_func update; - auth_start_func start; - char *description; - int ref_count; - auth_test_case_t *test_data; - debug_module_t *debug; -} auth_type_t; - -typedef struct auth_t { - auth_type_t *type; - void *state; - int out_len; /* length of output tag in octets */ - int key_len; /* length of key in octets */ - int prefix_len; /* length of keystream prefix */ -} auth_t; - -/* - * auth_type_self_test() tests an auth_type against test cases +/* + * srtp_auth_type_self_test() tests an auth_type against test cases * provided in an array of values of key/message/tag that is known to * be good */ +srtp_err_status_t srtp_auth_type_self_test(const srtp_auth_type_t *at); -err_status_t -auth_type_self_test(const auth_type_t *at); +/* + * srtp_auth_type_test() tests an auth_type against external test cases + * provided in an array of values of key/message/tag that is known to + * be good + */ +srtp_err_status_t srtp_auth_type_test(const srtp_auth_type_t *at, + const srtp_auth_test_case_t *test_data); /* - * auth_type_get_ref_count(at) returns the reference count (the number - * of instantiations) of the auth_type_t at + * srtp_replace_auth_type(ct, id) + * + * replaces srtp's kernel's auth type implementation for the auth_type id + * with a new one passed in externally. The new auth type must pass all the + * existing auth_type's self tests as well as its own. */ +srtp_err_status_t srtp_replace_auth_type(const srtp_auth_type_t *ct, + srtp_auth_type_id_t id); -int -auth_type_get_ref_count(const auth_type_t *at); +#ifdef __cplusplus +} +#endif -#endif /* AUTH_H */ +#endif /* SRTP_AUTH_H */ diff --git a/crypto/include/cipher.h b/crypto/include/cipher.h index b2bc88b..4f14e35 100644 --- a/crypto/include/cipher.h +++ b/crypto/include/cipher.h @@ -7,26 +7,26 @@ * Cisco Systems, Inc. */ /* - * - * Copyright (c) 2001-2005, Cisco Systems, Inc. + * + * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -42,178 +42,207 @@ * */ +#ifndef SRTP_CIPHER_H +#define SRTP_CIPHER_H -#ifndef CIPHER_H -#define CIPHER_H - -#include "datatypes.h" -#include "rdbx.h" /* for xtd_seq_num_t */ -#include "err.h" /* for error codes */ +#include "srtp.h" +#include "crypto_types.h" /* for values of cipher_type_id_t */ +#ifdef __cplusplus +extern "C" { +#endif -/** - * @brief cipher_direction_t defines a particular cipher operation. +/* + * srtp_cipher_direction_t defines a particular cipher operation. * - * A cipher_direction_t is an enum that describes a particular cipher + * A srtp_cipher_direction_t is an enum that describes a particular cipher * operation, i.e. encryption or decryption. For some ciphers, this * distinction does not matter, but for others, it is essential. */ - -typedef enum { - direction_encrypt, /**< encryption (convert plaintext to ciphertext) */ - direction_decrypt, /**< decryption (convert ciphertext to plaintext) */ - direction_any /**< encryption or decryption */ -} cipher_direction_t; +typedef enum { + srtp_direction_encrypt, /**< encryption (convert plaintext to ciphertext) */ + srtp_direction_decrypt, /**< decryption (convert ciphertext to plaintext) */ + srtp_direction_any /**< encryption or decryption */ +} srtp_cipher_direction_t; /* - * the cipher_pointer and cipher_type_pointer definitions are needed - * as cipher_t and cipher_type_t are not yet defined + * the srtp_cipher_pointer_t definition is needed + * as srtp_cipher_t is not yet defined */ - -typedef struct cipher_type_t *cipher_type_pointer_t; -typedef struct cipher_t *cipher_pointer_t; +typedef struct srtp_cipher_t *srtp_cipher_pointer_t; /* - * a cipher_alloc_func_t allocates (but does not initialize) a cipher_t + * a srtp_cipher_alloc_func_t allocates (but does not initialize) a + * srtp_cipher_t */ +typedef srtp_err_status_t (*srtp_cipher_alloc_func_t)(srtp_cipher_pointer_t *cp, + int key_len, + int tag_len); -typedef err_status_t (*cipher_alloc_func_t) - (cipher_pointer_t *cp, int key_len); - -/* - * a cipher_init_func_t [re-]initializes a cipher_t with a given key - * and direction (i.e., encrypt or decrypt) +/* + * a srtp_cipher_init_func_t [re-]initializes a cipher_t with a given key */ +typedef srtp_err_status_t (*srtp_cipher_init_func_t)(void *state, + const uint8_t *key); -typedef err_status_t (*cipher_init_func_t) - (void *state, const octet_t *key, cipher_direction_t dir); +/* a srtp_cipher_dealloc_func_t de-allocates a cipher_t */ +typedef srtp_err_status_t (*srtp_cipher_dealloc_func_t)( + srtp_cipher_pointer_t cp); -/* a cipher_dealloc_func_t de-allocates a cipher_t */ - -typedef err_status_t (*cipher_dealloc_func_t)(cipher_pointer_t cp); - -/* a cipher_set_segment_func_t sets the segment index of a cipher_t */ - -typedef err_status_t (*cipher_set_segment_func_t) - (void *state, xtd_seq_num_t idx); - -/* a cipher_encrypt_func_t encrypts data in-place */ - -typedef err_status_t (*cipher_encrypt_func_t) - (void *state, octet_t *buffer, unsigned int *octets_to_encrypt); - -/* a cipher_decrypt_func_t decrypts data in-place */ - -typedef err_status_t (*cipher_decrypt_func_t) - (void *state, octet_t *buffer, unsigned int *octets_to_decrypt); +/* + * a srtp_cipher_set_aad_func_t processes the AAD data for AEAD ciphers + */ +typedef srtp_err_status_t (*srtp_cipher_set_aad_func_t)(void *state, + const uint8_t *aad, + uint32_t aad_len); + +/* a srtp_cipher_encrypt_func_t encrypts data in-place */ +typedef srtp_err_status_t (*srtp_cipher_encrypt_func_t)( + void *state, + uint8_t *buffer, + unsigned int *octets_to_encrypt); + +/* a srtp_cipher_decrypt_func_t decrypts data in-place */ +typedef srtp_err_status_t (*srtp_cipher_decrypt_func_t)( + void *state, + uint8_t *buffer, + unsigned int *octets_to_decrypt); -/* - * a cipher_set_nonce_seq_func_t function sets both the nonce - * and the extended sequence number +/* + * a srtp_cipher_set_iv_func_t function sets the current initialization vector */ +typedef srtp_err_status_t (*srtp_cipher_set_iv_func_t)( + void *state, + uint8_t *iv, + srtp_cipher_direction_t direction); -typedef err_status_t (*cipher_set_iv_func_t) - (cipher_pointer_t cp, void *iv); +/* + * a cipher_get_tag_func_t function is used to get the authentication + * tag that was calculated by an AEAD cipher. + */ +typedef srtp_err_status_t (*srtp_cipher_get_tag_func_t)(void *state, + uint8_t *tag, + uint32_t *len); /* - * cipher_test_case_t is a (list of) key, salt, xtd_seq_num_t, - * plaintext, and ciphertext values that are known to be correct for a + * srtp_cipher_test_case_t is a (list of) key, salt, plaintext, ciphertext, + * and aad values that are known to be correct for a * particular cipher. this data can be used to test an implementation - * in an on-the-fly self test of the correcness of the implementation. - * (see the cipher_type_self_test() function below) + * in an on-the-fly self test of the correctness of the implementation. + * (see the srtp_cipher_type_self_test() function below) */ - -typedef struct cipher_test_case_t { - int key_length_octets; /* octets in key */ - octet_t *key; /* key */ - octet_t *idx; /* packet index */ - int plaintext_length_octets; /* octets in plaintext */ - octet_t *plaintext; /* plaintext */ - int ciphertext_length_octets; /* octets in plaintext */ - octet_t *ciphertext; /* ciphertext */ - struct cipher_test_case_t *next_test_case; /* pointer to next testcase */ -} cipher_test_case_t; - -/* cipher_type_t defines the 'metadata' for a particular cipher type */ - -typedef struct cipher_type_t { - cipher_alloc_func_t alloc; - cipher_dealloc_func_t dealloc; - cipher_init_func_t init; - cipher_encrypt_func_t encrypt; - cipher_encrypt_func_t decrypt; - cipher_set_iv_func_t set_iv; - char *description; - int ref_count; - cipher_test_case_t *test_data; - debug_module_t *debug; -} cipher_type_t; +typedef struct srtp_cipher_test_case_t { + int key_length_octets; /* octets in key */ + const uint8_t *key; /* key */ + uint8_t *idx; /* packet index */ + unsigned int plaintext_length_octets; /* octets in plaintext */ + const uint8_t *plaintext; /* plaintext */ + unsigned int ciphertext_length_octets; /* octets in plaintext */ + const uint8_t *ciphertext; /* ciphertext */ + int aad_length_octets; /* octets in AAD */ + const uint8_t *aad; /* AAD */ + int tag_length_octets; /* Length of AEAD tag */ + const struct srtp_cipher_test_case_t + *next_test_case; /* pointer to next testcase */ +} srtp_cipher_test_case_t; + +/* srtp_cipher_type_t defines the 'metadata' for a particular cipher type */ +typedef struct srtp_cipher_type_t { + srtp_cipher_alloc_func_t alloc; + srtp_cipher_dealloc_func_t dealloc; + srtp_cipher_init_func_t init; + srtp_cipher_set_aad_func_t set_aad; + srtp_cipher_encrypt_func_t encrypt; + srtp_cipher_encrypt_func_t decrypt; + srtp_cipher_set_iv_func_t set_iv; + srtp_cipher_get_tag_func_t get_tag; + const char *description; + const srtp_cipher_test_case_t *test_data; + srtp_cipher_type_id_t id; +} srtp_cipher_type_t; /* - * cipher_t defines an instantiation of a particular cipher, with fixed + * srtp_cipher_t defines an instantiation of a particular cipher, with fixed * key length, key and salt values */ - -typedef struct cipher_t { - cipher_type_t *type; - void *state; - int key_len; -#if FORCE_64BIT_ALIGN - int pad; -#endif -} cipher_t; - -/* some syntactic sugar on these function types */ - -#define cipher_type_alloc(ct, c, klen) ((ct)->alloc((c), (klen))) - -#define cipher_dealloc(c) (((c)->type)->dealloc(c)) - -#define cipher_init(c, k, dir) (((c)->type)->init(((c)->state), (k), (dir))) - -#define cipher_encrypt(c, buf, len) \ - (((c)->type)->encrypt(((c)->state), (buf), (len))) - -#define cipher_decrypt(c, buf, len) \ - (((c)->type)->decrypt(((c)->state), (buf), (len))) - -#define cipher_set_iv(c, n) \ - ((c) ? (((c)->type)->set_iv(((c)->state), (n))) : \ - err_status_no_such_op) - -err_status_t -cipher_output(cipher_t *c, octet_t *buffer, int num_octets_to_output); - +typedef struct srtp_cipher_t { + const srtp_cipher_type_t *type; + void *state; + int key_len; + int algorithm; +} srtp_cipher_t; /* some bookkeeping functions */ +int srtp_cipher_get_key_length(const srtp_cipher_t *c); -int -cipher_get_key_length(const cipher_t *c); - - -/* - * cipher_type_self_test() tests a cipher against test cases provided in - * an array of values of key/xtd_seq_num_t/plaintext/ciphertext +/* + * srtp_cipher_type_self_test() tests a cipher against test cases provided in + * an array of values of key/srtp_xtd_seq_num_t/plaintext/ciphertext * that is known to be good */ +srtp_err_status_t srtp_cipher_type_self_test(const srtp_cipher_type_t *ct); -err_status_t -cipher_type_self_test(const cipher_type_t *ct); - +/* + * srtp_cipher_type_test() tests a cipher against external test cases provided + * in + * an array of values of key/srtp_xtd_seq_num_t/plaintext/ciphertext + * that is known to be good + */ +srtp_err_status_t srtp_cipher_type_test( + const srtp_cipher_type_t *ct, + const srtp_cipher_test_case_t *test_data); /* - * cipher_bits_per_second(c, l, t) computes (and estimate of) the + * srtp_cipher_bits_per_second(c, l, t) computes (an estimate of) the * number of bits that a cipher implementation can encrypt in a second - * + * * c is a cipher (which MUST be allocated and initialized already), l * is the length in octets of the test data to be encrypted, and t is * the number of trials * - * if an error is encountered, then the value 0.0 is returned + * if an error is encountered, then the value 0 is returned */ +uint64_t srtp_cipher_bits_per_second(srtp_cipher_t *c, + int octets_in_buffer, + int num_trials); + +srtp_err_status_t srtp_cipher_type_alloc(const srtp_cipher_type_t *ct, + srtp_cipher_t **c, + int key_len, + int tlen); +srtp_err_status_t srtp_cipher_dealloc(srtp_cipher_t *c); +srtp_err_status_t srtp_cipher_init(srtp_cipher_t *c, const uint8_t *key); +srtp_err_status_t srtp_cipher_set_iv(srtp_cipher_t *c, + uint8_t *iv, + int direction); +srtp_err_status_t srtp_cipher_output(srtp_cipher_t *c, + uint8_t *buffer, + uint32_t *num_octets_to_output); +srtp_err_status_t srtp_cipher_encrypt(srtp_cipher_t *c, + uint8_t *buffer, + uint32_t *num_octets_to_output); +srtp_err_status_t srtp_cipher_decrypt(srtp_cipher_t *c, + uint8_t *buffer, + uint32_t *num_octets_to_output); +srtp_err_status_t srtp_cipher_get_tag(srtp_cipher_t *c, + uint8_t *buffer, + uint32_t *tag_len); +srtp_err_status_t srtp_cipher_set_aad(srtp_cipher_t *c, + const uint8_t *aad, + uint32_t aad_len); -double -cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials); +/* + * srtp_replace_cipher_type(ct, id) + * + * replaces srtp's existing cipher implementation for the cipher_type id + * with a new one passed in externally. The new cipher must pass all the + * existing cipher_type's self tests as well as its own. + */ +srtp_err_status_t srtp_replace_cipher_type(const srtp_cipher_type_t *ct, + srtp_cipher_type_id_t id); -#endif /* CIPHER_H */ +#ifdef __cplusplus +} +#endif +#endif /* SRTP_CIPHER_H */ diff --git a/crypto/include/gf2_8.h b/crypto/include/cipher_priv.h index ee08da6..46848ea 100644 --- a/crypto/include/gf2_8.h +++ b/crypto/include/cipher_priv.h @@ -1,33 +1,24 @@ /* - * gf2_8.h * - * GF(256) implementation - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -/* - * - * Copyright (c) 2001-2005, Cisco Systems, Inc. + * Copyright(c) 2001-2017 Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -43,31 +34,29 @@ * */ +#ifndef SRTP_CIHPER_PRIV_H +#define SRTP_CIHPER_PRIV_H -#ifndef GF2_8_H -#define GF2_8_H - -#include "datatypes.h" /* for octet_t definition */ +#include "cipher.h" -typedef octet_t gf2_8; - -#define gf2_8_field_polynomial 0x1B +#ifdef __cplusplus +extern "C" { +#endif /* - * gf2_8_shift(x) returns the next gf2_8 value in the cyclic - * representation of that field + * A trivial platform independent random source. + * For use in test only. */ +void srtp_cipher_rand_for_tests(void *dest, uint32_t len); -gf2_8 -gf2_8_shift(octet_t input); - -gf2_8 -gf2_8_compute_inverse(gf2_8 x); - -void -test_gf2_8(void); +/* + * A trivial platform independent 32 bit random number. + * For use in test only. + */ +uint32_t srtp_cipher_rand_u32_for_tests(void); -gf2_8 -gf2_8_multiply(gf2_8 x, gf2_8 y); +#ifdef __cplusplus +} +#endif -#endif /* GF2_8_H */ +#endif /* SRTP_CIPHER_PRIV_H */ diff --git a/crypto/include/cipher_types.h b/crypto/include/cipher_types.h new file mode 100644 index 0000000..18f0328 --- /dev/null +++ b/crypto/include/cipher_types.h @@ -0,0 +1,84 @@ +/* + * + * Copyright(c) 2001-2017 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CIHPER_TYPES_H +#define CIHPER_TYPES_H + +#include "cipher.h" +#include "auth.h" + +/* + * cipher types that can be included in the kernel + */ + +extern const srtp_cipher_type_t srtp_null_cipher; +extern const srtp_cipher_type_t srtp_aes_icm_128; +extern const srtp_cipher_type_t srtp_aes_icm_256; +#ifdef GCM +extern const srtp_cipher_type_t srtp_aes_icm_192; +extern const srtp_cipher_type_t srtp_aes_gcm_128; +extern const srtp_cipher_type_t srtp_aes_gcm_256; +#endif + +/* + * auth func types that can be included in the kernel + */ + +extern const srtp_auth_type_t srtp_null_auth; +extern const srtp_auth_type_t srtp_hmac; + +/* + * other generic debug modules that can be included in the kernel + */ + +extern srtp_debug_module_t srtp_mod_auth; +extern srtp_debug_module_t srtp_mod_cipher; +extern srtp_debug_module_t srtp_mod_stat; +extern srtp_debug_module_t srtp_mod_alloc; + +/* debug modules for cipher types */ +extern srtp_debug_module_t srtp_mod_aes_icm; +#ifdef OPENSSL +extern srtp_debug_module_t srtp_mod_aes_gcm; +#endif +#ifdef NSS +extern srtp_debug_module_t srtp_mod_aes_gcm; +#endif + +/* debug modules for auth types */ +extern srtp_debug_module_t srtp_mod_hmac; + +#endif diff --git a/crypto/include/config.h b/crypto/include/config.h index 2dee171..333cf43 100644 --- a/crypto/include/config.h +++ b/crypto/include/config.h @@ -1,121 +1,197 @@ -/* include/config.h. Generated automatically by configure. */ -/* - * config.h - * - * template for header config file for Secure RTP and UST implementation - * - * David A. McGrew - * Cisco Systems, Inc. - */ +/* crypto/include/config.h. Generated from config_in.h by configure. */ +/* config_in.h. Generated from configure.ac by autoheader. */ +/* Define if building universal (internal helper macro) */ +/* #undef AC_APPLE_UNIVERSAL_BUILD */ -#ifndef CONFIG_H -#define CONFIG_H +/* Define if building for a CISC machine (e.g. Intel). */ +#define CPU_CISC 1 -/* if we're on a big endian machine, we need to define this */ +/* Define if building for a RISC machine (assume slow byte access). */ +/* #undef CPU_RISC */ -#include <sys/types.h> -#if (BYTE_ORDER == BIG_ENDIAN) -#define WORDS_BIGENDIAN 1 -#else -#define WORDS_BIGENDIAN 0 -#endif +/* Define to enabled debug logging for all mudules. */ +/* #undef ENABLE_DEBUG_LOGGING */ -/* check for <stdint.h> or <machine/types.h> */ +/* Logging statments will be writen to this file. */ +/* #undef ERR_REPORTING_FILE */ -#define HAVE_STDINT_H 1 -#define HAVE_MACHINE_TYPES_H 1 -#define HAVE_SYS_INT_TYPES_H 0 +/* Define to redirect logging to stdout. */ +/* #undef ERR_REPORTING_STDOUT */ -/* check for microsoft integer definitions (e.g., cygwin) */ +/* Define this to use AES-GCM. */ +/* #undef GCM */ -#define HAVE_MS_TYPES 1 +/* Define to 1 if you have the <arpa/inet.h> header file. */ +#define HAVE_ARPA_INET_H 1 -/* if we don't have uio.h, we'll need to define struct iovec */ +/* Define to 1 if you have the <byteswap.h> header file. */ +#define HAVE_BYTESWAP_H 1 -#define HAVE_SYS_UIO_H 1 +/* Define to 1 if you have the `inet_aton' function. */ +#define HAVE_INET_ATON 1 -/* <unistd.h> is used by some test/ apps */ +/* Define to 1 if the system has the type `int16_t'. */ +#define HAVE_INT16_T 1 -#define HAVE_UNISTD_H 1 +/* Define to 1 if the system has the type `int32_t'. */ +#define HAVE_INT32_T 1 -/* test apps should use inet_aton(), if it's available */ +/* Define to 1 if the system has the type `int8_t'. */ +#define HAVE_INT8_T 1 -#define HAVE_INET_ATON 1 +/* Define to 1 if you have the <inttypes.h> header file. */ +#define HAVE_INTTYPES_H 1 -/* check if we have syslog functions */ +/* Define to 1 if you have the `dl' library (-ldl). */ +/* #undef HAVE_LIBDL */ -#define HAVE_SYSLOG_H 1 +/* Define to 1 if you have the `nspr4' library (-lnspr4). */ +/* #undef HAVE_LIBNSPR4 */ -/* check to see if the user has requested the use of syslog */ +/* Define to 1 if you have the `nss3' library (-lnss3). */ +/* #undef HAVE_LIBNSS3 */ -#define USE_SYSLOG 0 +/* Define to 1 if you have the `socket' library (-lsocket). */ +/* #undef HAVE_LIBSOCKET */ -#define ERR_REPORTING_STDOUT 1 +/* Define to 1 if you have the `z' library (-lz). */ +/* #undef HAVE_LIBZ */ -#define ERR_REPORTING_SYSLOG (HAVE_SYSLOG_H & USE_SYSLOG) +/* Define to 1 if you have the <machine/types.h> header file. */ +/* #undef HAVE_MACHINE_TYPES_H */ -/* define ERR_REPORTING_FILE to have messages sent to file */ +/* Define to 1 if you have the <memory.h> header file. */ +#define HAVE_MEMORY_H 1 -#define ERR_REPORTING_FILE +/* Define to 1 if you have the <netinet/in.h> header file. */ +#define HAVE_NETINET_IN_H 1 -/* - * set ENABLE_DEBUGGING to 1 to compile in dynamic debugging system, - * set it to 0 to not compile in dynamic debugging (for a slight - * performance improvement) - */ +/* Define to 1 if you have the <nss.h> header file. */ +/* #undef HAVE_NSS_H */ -#define ENABLE_DEBUGGING 1 +/* Define to 1 if you have the `winpcap' library (-lwpcap) */ +/* #undef HAVE_PCAP */ -/* if we're going to use GDOI, define SRTP_GDOI to 1 */ +/* Define to 1 if you have the `sigaction' function. */ +#define HAVE_SIGACTION 1 -#define SRTP_GDOI 0 +/* Define to 1 if you have the `socket' function. */ +#define HAVE_SOCKET 1 -/* - * CPU_type is defined as 1 if the host processor is of that type. - * Note that more than one type can be defined at once; this is so - * that special instructions and other optimizations can be handled - * independently. - * - * CPU_RISC RISC machines (assume slow byte access) - * CPU_CISC CISC machines (e.g. Intel) - * - */ +/* Define to 1 if you have the <stdint.h> header file. */ +#define HAVE_STDINT_H 1 -#if WORDS_BIGENDIAN -#define CPU_RISC 1 -#else -#define CPU_CISC 1 -#endif +/* Define to 1 if you have the <stdlib.h> header file. */ +#define HAVE_STDLIB_H 1 -/* - * define CPU_16 if cryptoalgorithms should use 16-bit operations - - * this is probably only the case on very low-end devices - */ -#define CPU_16 0 +/* Define to 1 if you have the <strings.h> header file. */ +#define HAVE_STRINGS_H 1 -/* - * define CPU_ALTIVEC in order to use the G4/G5 processor's AltiVec - * SIMD instruction set where possible - */ -#define CPU_ALTIVEC 0 +/* Define to 1 if you have the <string.h> header file. */ +#define HAVE_STRING_H 1 +/* Define to 1 if you have the <sys/int_types.h> header file. */ +/* #undef HAVE_SYS_INT_TYPES_H */ -/* - * if /dev/random is available, then DEV_RANDOM == 1 - * - * /dev/random is a (true) random number generator which is - * implemented in many modern operating systems - */ +/* Define to 1 if you have the <sys/socket.h> header file. */ +#define HAVE_SYS_SOCKET_H 1 -#define DEV_RANDOM 0 +/* Define to 1 if you have the <sys/stat.h> header file. */ +#define HAVE_SYS_STAT_H 1 -/* check for stdlib.h - we use it for alloc() and free() */ +/* Define to 1 if you have the <sys/types.h> header file. */ +#define HAVE_SYS_TYPES_H 1 -#define HAVE_STDLIB_H 1 +/* Define to 1 if you have the <sys/uio.h> header file. */ +#define HAVE_SYS_UIO_H 1 + +/* Define to 1 if the system has the type `uint16_t'. */ +#define HAVE_UINT16_T 1 + +/* Define to 1 if the system has the type `uint32_t'. */ +#define HAVE_UINT32_T 1 + +/* Define to 1 if the system has the type `uint64_t'. */ +#define HAVE_UINT64_T 1 + +/* Define to 1 if the system has the type `uint8_t'. */ +#define HAVE_UINT8_T 1 + +/* Define to 1 if you have the <unistd.h> header file. */ +#define HAVE_UNISTD_H 1 + +/* Define to 1 if you have the `usleep' function. */ +#define HAVE_USLEEP 1 + +/* Define to 1 if you have the <windows.h> header file. */ +/* #undef HAVE_WINDOWS_H */ + +/* Define to 1 if you have the <winsock2.h> header file. */ +/* #undef HAVE_WINSOCK2_H */ + +/* Define to use X86 inlined assembly code */ +#define HAVE_X86 1 -#endif /* CONFIG_H */ +/* Define this to use NSS crypto. */ +/* #undef NSS */ +/* Define this to use OpenSSL crypto. */ +/* #undef OPENSSL */ +/* Define this if OPENSSL_cleanse is broken. */ +/* #undef OPENSSL_CLEANSE_BROKEN */ +/* Define this to use OpenSSL KDF for SRTP. */ +/* #undef OPENSSL_KDF */ + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "https://github.com/cisco/libsrtp/issues" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "libsrtp2" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "libsrtp2 2.3.0-pre" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "libsrtp2" + +/* Define to the home page for this package. */ +#define PACKAGE_URL "" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "2.3.0-pre" + +/* The size of `unsigned long', as computed by sizeof. */ +#define SIZEOF_UNSIGNED_LONG 8 + +/* The size of `unsigned long long', as computed by sizeof. */ +#define SIZEOF_UNSIGNED_LONG_LONG 8 + +/* Define to 1 if you have the ANSI C header files. */ +#define STDC_HEADERS 1 + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +/* # undef WORDS_BIGENDIAN */ +# endif +#endif + +/* Define to empty if `const' does not conform to ANSI C. */ +/* #undef const */ + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +/* #undef inline */ +#endif +/* Define to `unsigned int' if <sys/types.h> does not define. */ +/* #undef size_t */ diff --git a/crypto/include/crypto.h b/crypto/include/crypto.h deleted file mode 100644 index dc52821..0000000 --- a/crypto/include/crypto.h +++ /dev/null @@ -1,17 +0,0 @@ -/* - * crypto.h - * - * API for libcrypto - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -#ifndef CRYPTO_H -#define CRYPTO_H - -#include "crypto_kernel.h" - -#endif /* CRYPTO_H */ - - diff --git a/crypto/include/crypto_kernel.h b/crypto/include/crypto_kernel.h index 0f3f7ee..1f8dfa7 100644 --- a/crypto/include/crypto_kernel.h +++ b/crypto/include/crypto_kernel.h @@ -7,26 +7,26 @@ * Cisco Systems, Inc. */ /* - * - * Copyright(c) 2001-2005 Cisco Systems, Inc. + * + * Copyright(c) 2001-2017 Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -42,20 +42,18 @@ * */ - #ifndef CRYPTO_KERNEL #define CRYPTO_KERNEL -#include "rand_source.h" -#include "prng.h" -#include "cipher.h" +#include "cipher.h" #include "auth.h" -#include "cryptoalg.h" -#include "stat.h" #include "err.h" #include "crypto_types.h" #include "key.h" +#ifdef __cplusplus +extern "C" { +#endif /* * crypto_kernel_state_t defines the possible states: @@ -63,71 +61,36 @@ * insecure - not yet initialized * secure - initialized and passed self-tests */ - typedef enum { - crypto_kernel_state_insecure, - crypto_kernel_state_secure -} crypto_kernel_state_t; - + srtp_crypto_kernel_state_insecure, + srtp_crypto_kernel_state_secure +} srtp_crypto_kernel_state_t; -/** - * @brief A cipher_type_id_t is an identifier for a particular cipher - * type. - * - * A cipher_type_id_t is an integer that represents a particular - * cipher type, e.g. the Advanced Encryption Standard (AES). A - * NULL_CIPHER is avaliable; this cipher leaves the data unchanged, - * and can be selected to indicate that no encryption is to take - * place. - * - * @ingroup Ciphers - */ -typedef uint32_t cipher_type_id_t; - -/** - * @brief An auth_type_id_t is an identifier for a particular authentication - * function. - * - * An auth_type_id_t is an integer that represents a particular - * authentication function type, e.g. HMAC-SHA1. A NULL_AUTH is - * avaliable; this authentication function performs no computation, - * and can be selected to indicate that no authentication is to take - * place. - * - * @ingroup Authentication - */ -typedef uint32_t auth_type_id_t; - - -/* - * linked list of cipher types +/* + * linked list of cipher types */ +typedef struct srtp_kernel_cipher_type { + srtp_cipher_type_id_t id; + const srtp_cipher_type_t *cipher_type; + struct srtp_kernel_cipher_type *next; +} srtp_kernel_cipher_type_t; -typedef struct kernel_cipher_type { - cipher_type_id_t id; - cipher_type_t *cipher_type; - struct kernel_cipher_type *next; -} kernel_cipher_type_t; - -/* - * linked list of auth types +/* + * linked list of auth types */ - -typedef struct kernel_auth_type { - auth_type_id_t id; - auth_type_t *auth_type; - struct kernel_auth_type *next; -} kernel_auth_type_t; +typedef struct srtp_kernel_auth_type { + srtp_auth_type_id_t id; + const srtp_auth_type_t *auth_type; + struct srtp_kernel_auth_type *next; +} srtp_kernel_auth_type_t; /* - * linked list of debug modules + * linked list of debug modules */ - -typedef struct kernel_debug_module { - debug_module_t *mod; - struct kernel_debug_module *next; -} kernel_debug_module_t; - +typedef struct srtp_kernel_debug_module { + srtp_debug_module_t *mod; + struct srtp_kernel_debug_module *next; +} srtp_kernel_debug_module_t; /* * crypto_kernel_t is the data structure for the crypto kernel @@ -135,154 +98,118 @@ typedef struct kernel_debug_module { * note that there is *exactly one* instance of this data type, * a global variable defined in crypto_kernel.c */ - typedef struct { - crypto_kernel_state_t state; /* current state of kernel */ - kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */ - kernel_auth_type_t *auth_type_list; /* list of all auth func types */ - kernel_debug_module_t *debug_module_list; /* list of all debug modules */ -} crypto_kernel_t; - + srtp_crypto_kernel_state_t state; /* current state of kernel */ + srtp_kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */ + srtp_kernel_auth_type_t *auth_type_list; /* list of all auth func types */ + srtp_kernel_debug_module_t + *debug_module_list; /* list of all debug modules */ +} srtp_crypto_kernel_t; /* - * crypto_kernel_t external api + * srtp_crypto_kernel_t external api */ - /* - * The function crypto_kernel_init() initialized the crypto kernel and + * The function srtp_crypto_kernel_init() initialized the crypto kernel and * runs the self-test operations on the random number generators and * crypto algorithms. Possible return values are: * - * err_status_ok initialization successful - * <other> init failure + * srtp_err_status_ok initialization successful + * <other> init failure * - * If any value other than err_status_ok is returned, the - * crypto_kernel MUST NOT be used. + * If any value other than srtp_err_status_ok is returned, the + * crypto_kernel MUST NOT be used. */ - -err_status_t -crypto_kernel_init(); - +srtp_err_status_t srtp_crypto_kernel_init(void); /* - * The function crypto_kernel_shutdown() de-initializes the + * The function srtp_crypto_kernel_shutdown() de-initializes the * crypto_kernel, zeroizes keys and other cryptographic material, and * deallocates any dynamically allocated memory. Possible return * values are: * - * err_status_ok shutdown successful - * <other> shutdown failure + * srtp_err_status_ok shutdown successful + * <other> shutdown failure * */ - -err_status_t -crypto_kernel_shutdown(); +srtp_err_status_t srtp_crypto_kernel_shutdown(void); /* - * The function crypto_kernel_stats() checks the the crypto_kernel, + * The function srtp_crypto_kernel_stats() checks the the crypto_kernel, * running tests on the ciphers, auth funcs, and rng, and prints out a * status report. Possible return values are: * - * err_status_ok all tests were passed - * <other> a test failed + * srtp_err_status_ok all tests were passed + * <other> a test failed * */ - -err_status_t -crypto_kernel_status(); - +srtp_err_status_t srtp_crypto_kernel_status(void); /* - * crypto_kernel_list_debug_modules() outputs a list of debugging modules + * srtp_crypto_kernel_list_debug_modules() outputs a list of debugging modules * */ - -err_status_t -crypto_kernel_list_debug_modules(); +srtp_err_status_t srtp_crypto_kernel_list_debug_modules(void); /* - * crypto_kernel_load_cipher_type() + * srtp_crypto_kernel_load_cipher_type() * */ +srtp_err_status_t srtp_crypto_kernel_load_cipher_type( + const srtp_cipher_type_t *ct, + srtp_cipher_type_id_t id); -err_status_t -crypto_kernel_load_cipher_type(cipher_type_t *ct, cipher_type_id_t id); - -err_status_t -crypto_kernel_load_auth_type(auth_type_t *ct, auth_type_id_t id); +srtp_err_status_t srtp_crypto_kernel_load_auth_type(const srtp_auth_type_t *ct, + srtp_auth_type_id_t id); -err_status_t -crypto_kernel_load_debug_module(debug_module_t *new_dm); +srtp_err_status_t srtp_crypto_kernel_load_debug_module( + srtp_debug_module_t *new_dm); /* - * crypto_kernel_alloc_cipher(id, cp, key_len); + * srtp_crypto_kernel_alloc_cipher(id, cp, key_len); * * allocates a cipher of type id at location *cp, with key length * key_len octets. Return values are: - * - * err_status_ok no problems - * err_status_alloc_fail an allocation failure occured - * err_status_fail couldn't find cipher with identifier 'id' + * + * srtp_err_status_ok no problems + * srtp_err_status_alloc_fail an allocation failure occured + * srtp_err_status_fail couldn't find cipher with identifier 'id' */ - -err_status_t -crypto_kernel_alloc_cipher(cipher_type_id_t id, - cipher_pointer_t *cp, - int key_len); +srtp_err_status_t srtp_crypto_kernel_alloc_cipher(srtp_cipher_type_id_t id, + srtp_cipher_pointer_t *cp, + int key_len, + int tag_len); /* - * crypto_kernel_alloc_auth(id, ap, key_len, tag_len); + * srtp_crypto_kernel_alloc_auth(id, ap, key_len, tag_len); * * allocates an auth function of type id at location *ap, with key * length key_len octets and output tag length of tag_len. Return * values are: - * - * err_status_ok no problems - * err_status_alloc_fail an allocation failure occured - * err_status_fail couldn't find auth with identifier 'id' + * + * srtp_err_status_ok no problems + * srtp_err_status_alloc_fail an allocation failure occured + * srtp_err_status_fail couldn't find auth with identifier 'id' */ - -err_status_t -crypto_kernel_alloc_auth(auth_type_id_t id, - auth_pointer_t *ap, - int key_len, - int tag_len); - +srtp_err_status_t srtp_crypto_kernel_alloc_auth(srtp_auth_type_id_t id, + srtp_auth_pointer_t *ap, + int key_len, + int tag_len); /* - * crypto_kernel_set_debug_module(mod_name, v) - * + * srtp_crypto_kernel_set_debug_module(mod_name, v) + * * sets dynamic debugging to the value v (0 for off, 1 for on) for the * debug module with the name mod_name * - * returns err_status_ok on success, err_status_fail otherwise + * returns srtp_err_status_ok on success, srtp_err_status_fail otherwise */ +srtp_err_status_t srtp_crypto_kernel_set_debug_module(const char *mod_name, + int v); -err_status_t -crypto_kernel_set_debug_module(char *mod_name, int v); +#ifdef __cplusplus +} +#endif -/** - * @brief writes a random octet string. - * - * The function call crypto_get_random(dest, len) writes len octets of - * random data to the location to which dest points, and returns an - * error code. This error code @b must be checked, and if a failure is - * reported, the data in the buffer @b must @b not be used. - * - * @warning If the return code is not checked, then non-random - * data may be in the buffer. This function will fail - * unless it is called after crypto_kernel_init(). - * - * @return - * - err_status_ok if no problems occured. - * - [other] a problem occured, and no assumptions should - * be made about the contents of the destination - * buffer. - * - * @ingroup SRTP - */ -err_status_t -crypto_get_random(unsigned char *buffer, unsigned int length); - #endif /* CRYPTO_KERNEL */ diff --git a/crypto/include/crypto_types.h b/crypto/include/crypto_types.h index e20c771..7fd3178 100644 --- a/crypto/include/crypto_types.h +++ b/crypto/include/crypto_types.h @@ -7,26 +7,26 @@ * Cisco Systems, Inc. */ /* - * - * Copyright(c) 2001-2005 Cisco Systems, Inc. + * + * Copyright(c) 2001-2017 Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -42,165 +42,75 @@ * */ -#ifndef CRYPTO_TYPES_H -#define CRYPTO_TYPES_H - -/** - * @defgroup Algos Cryptographic Algorithms - * - * - * This library provides several different cryptographic algorithms, - * each of which can be selected by using the cipher_type_id_t and - * auth_type_id_t. These algorithms are documented below. - * - * Authentication functions that use the Universal Security Transform - * (UST) must be used in conjunction with a cipher other than the null - * cipher. These functions require a per-message pseudorandom input - * that is generated by the cipher. - * - * The identifiers STRONGHOLD_AUTH and STRONGHOLD_CIPHER identify the - * strongest available authentication function and cipher, - * respectively. They are resolved at compile time to the strongest - * available algorithm. The stronghold algorithms can serve as did - * the keep of a medieval fortification; they provide the strongest - * defense (or the last refuge). - * - * @{ - */ - -/** - * @defgroup Ciphers Cipher Types - * - * @brief Each cipher type is identified by an unsigned integer. The - * cipher types available in this edition of libSRTP are given - * by the #defines below. - * - * A cipher_type_id_t is an identifier for a cipher_type; only values - * given by the #defines above (or those present in the file - * crypto_types.h) should be used. - * - * The identifier STRONGHOLD_CIPHER indicates the strongest available - * cipher, allowing an application to choose the strongest available - * algorithm without any advance knowledge about the avaliable - * algorithms. - * - * @{ - */ +#ifndef SRTP_CRYPTO_TYPES_H +#define SRTP_CRYPTO_TYPES_H -/** - * @brief The null cipher performs no encryption. +/* + * The null cipher performs no encryption. * - * The NULL_CIPHER leaves its inputs unaltered, during both the + * The SRTP_NULL_CIPHER leaves its inputs unaltered, during both the * encryption and decryption operations. This cipher can be chosen * to indicate that no encryption is to be performed. */ -#define NULL_CIPHER 0 +#define SRTP_NULL_CIPHER 0 -/** - * @brief AES-128 Integer Counter Mode (AES ICM) +/* + * AES-128 Integer Counter Mode (AES ICM) * - * AES-128 ICM is the variant of counter mode that is used by Secure RTP. - * This cipher uses a 16-octet key and a 30-octet offset (or salt) value. - */ -#define AES_128_ICM 1 - -/** - * @brief SEAL 3.0 - * - * SEAL is the Software-Optimized Encryption Algorithm of Coppersmith - * and Rogaway. Nota bene: this cipher is IBM proprietary. + * AES-128 ICM is the variant of counter mode that is used by + * Secure RTP. This cipher uses a 16-octet key concatenated with a + * 14-octet offset (or salt) value. */ -#define SEAL 2 +#define SRTP_AES_ICM_128 1 -/** - * @brief AES-128 Integer Counter Mode (AES ICM) +/* + * AES-192 Integer Counter Mode (AES ICM) * - * AES-128 ICM is the variant of counter mode that is used by Secure RTP. - * This cipher uses a 16-octet key and a 30-octet offset (or salt) value. + * AES-128 ICM is the variant of counter mode that is used by + * Secure RTP. This cipher uses a 24-octet key concatenated with a + * 14-octet offset (or salt) value. */ -#define AES_128_CBC 3 +#define SRTP_AES_ICM_192 4 -/** - * @brief Strongest available cipher. +/* + * AES-256 Integer Counter Mode (AES ICM) * - * This identifier resolves to the strongest cipher type available. + * AES-128 ICM is the variant of counter mode that is used by + * Secure RTP. This cipher uses a 32-octet key concatenated with a + * 14-octet offset (or salt) value. */ -#define STRONGHOLD_CIPHER AES_128_ICM +#define SRTP_AES_ICM_256 5 -/** - * @} +/* + * AES-128_GCM Galois Counter Mode (AES GCM) + * + * AES-128 GCM is the variant of galois counter mode that is used by + * Secure RTP. This cipher uses a 16-octet key. */ +#define SRTP_AES_GCM_128 6 - - -/** - * @defgroup Authentication Authentication Function Types - * - * @brief Each authentication function type is identified by an - * unsigned integer. The authentication function types available in - * this edition of libSRTP are given by the #defines below. - * - * An auth_type_id_t is an identifier for an authentication function type; - * only values given by the #defines above (or those present in the - * file crypto_types.h) should be used. - * - * The identifier STRONGHOLD_AUTH indicates the strongest available - * authentication function, allowing an application to choose the - * strongest available algorithm without any advance knowledge about - * the avaliable algorithms. The stronghold algorithms can serve as - * did the keep of a medieval fortification; they provide the - * strongest defense (or the last refuge). - * - * @{ +/* + * AES-256_GCM Galois Counter Mode (AES GCM) + * + * AES-256 GCM is the variant of galois counter mode that is used by + * Secure RTP. This cipher uses a 32-octet key. */ +#define SRTP_AES_GCM_256 7 -/** - * @brief The null authentication function performs no authentication. +/* + * The null authentication function performs no authentication. * * The NULL_AUTH function does nothing, and can be selected to indicate * that authentication should not be performed. - */ -#define NULL_AUTH 0 - -/** - * @brief UST with TMMH Version 2 - * - * UST_TMMHv2 implements the Truncated Multi-Modular Hash using - * UST. This function must be used in conjunction with a cipher other - * than the null cipher. - * with a cipher. */ -#define UST_TMMHv2 1 +#define SRTP_NULL_AUTH 0 -/** - * @brief (UST) AES-128 XORMAC - * - * UST_AES_128_XMAC implements AES-128 XORMAC, using UST. Nota bene: - * the XORMAC algorithm is IBM proprietary. - */ -#define UST_AES_128_XMAC 2 - -/** - * @brief HMAC-SHA1 +/* + * HMAC-SHA1 * - * HMAC_SHA1 implements the Hash-based MAC using the NIST Secure + * SRTP_HMAC_SHA1 implements the Hash-based MAC using the NIST Secure * Hash Algorithm version 1 (SHA1). */ -#define HMAC_SHA1 3 - -/** - * @brief Strongest available authentication function. - * - * This identifier resolves to the strongest available authentication - * function. - */ -#define STRONGHOLD_AUTH HMAC_SHA1 - -/** - * @} - */ -/** - * @} - */ +#define SRTP_HMAC_SHA1 3 -#endif /* CRYPTO_TYPES_H */ +#endif /* SRTP_CRYPTO_TYPES_H */ diff --git a/crypto/include/cryptoalg.h b/crypto/include/cryptoalg.h deleted file mode 100644 index b5bf3b3..0000000 --- a/crypto/include/cryptoalg.h +++ /dev/null @@ -1,133 +0,0 @@ -/* - * cryptoalg.h - * - * API for authenticated encryption crypto algorithms - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2005 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef CRYPTOALG_H -#define CRYPTOALG_H - -#include "err.h" - -/** - * @defgroup Crypto Cryptography - * - * Zed uses a simple interface to a cryptographic transform. - * - * @{ - */ - -/** - * @brief applies a crypto algorithm - * - * The function pointer cryptoalg_func_t points to a function that - * implements a crypto transform, and provides a uniform API for - * accessing crypto mechanisms. - * - * @param key location of secret key - * - * @param clear data to be authenticated but not encrypted - * - * @param clear_len length of data to be authenticated but not encrypted - * - * @param iv location to write the Initialization Vector (IV) - * - * @param protected location of the data to be encrypted and - * authenticated (before the function call), and the ciphertext - * and authentication tag (after the call) - * - * @param protected_len location of the length of the data to be - * encrypted and authenticated (before the function call), and the - * length of the ciphertext (after the call) - * - */ - -typedef err_status_t (*cryptoalg_func_t) - (void *key, - const void *clear, - unsigned clear_len, - void *iv, - void *protected, - unsigned *protected_len); - -typedef -err_status_t (*cryptoalg_inv_t) - (void *key, /* location of secret key */ - const void *clear, /* data to be authenticated only */ - unsigned clear_len, /* length of data to be authenticated only */ - void *iv, /* location of iv */ - void *opaque, /* data to be decrypted and authenticated */ - unsigned *opaque_len /* location of the length of data to be - * decrypted and authd (before and after) - */ - ); - -typedef struct cryptoalg_ctx_t { - cryptoalg_func_t enc; - cryptoalg_inv_t dec; - unsigned key_len; - unsigned iv_len; - unsigned auth_tag_len; - unsigned max_expansion; -} cryptoalg_ctx_t; - -typedef cryptoalg_ctx_t *cryptoalg_t; - -#define cryptoalg_get_key_len(cryptoalg) ((cryptoalg)->key_len) - -#define cryptoalg_get_iv_len(cryptoalg) ((cryptoalg)->iv_len) - -#define cryptoalg_get_auth_tag_len(cryptoalg) ((cryptoalg)->auth_tag_len) - -int -cryptoalg_get_id(cryptoalg_t c); - -cryptoalg_t -cryptoalg_find_by_id(int id); - - -/** - * @} - */ - -#endif /* CRYPTOALG_H */ - - diff --git a/crypto/include/datatypes.h b/crypto/include/datatypes.h index f7ef3f8..6a588d0 100644 --- a/crypto/include/datatypes.h +++ b/crypto/include/datatypes.h @@ -1,6 +1,6 @@ /* * datatypes.h - * + * * data types for bit vectors and finite fields * * David A. McGrew @@ -8,26 +8,26 @@ */ /* - * - * Copyright (c) 2001-2005, Cisco Systems, Inc. + * + * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -43,186 +43,140 @@ * */ +#ifndef DATATYPES_H +#define DATATYPES_H -#ifndef _DATATYPES_H -#define _DATATYPES_H - -#include "integers.h" /* definitions of uint32_t, et cetera */ +#include "integers.h" /* definitions of uint32_t, et cetera */ #include "alloc.h" -/* if DATATYPES_USE_MACROS is defined, then little functions are macros */ -#define DATATYPES_USE_MACROS +#include <stdarg.h> -typedef unsigned char octet_t; +#include <stdio.h> +#include <string.h> +#include <time.h> +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#elif defined HAVE_WINSOCK2_H +#include <winsock2.h> +#else +#error "Platform not recognized" +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* if DATATYPES_USE_MACROS is defined, then little functions are macros */ +#define DATATYPES_USE_MACROS typedef union { - unsigned char octet[2]; - uint16_t value; + uint8_t v8[2]; + uint16_t value; } v16_t; typedef union { - unsigned char octet[4]; - uint16_t v16[2]; - uint32_t value; + uint8_t v8[4]; + uint16_t v16[2]; + uint32_t value; } v32_t; typedef union { - unsigned char octet[8]; - uint16_t v16[4]; - uint32_t v32[2]; - uint64_t value; + uint8_t v8[8]; + uint16_t v16[4]; + uint32_t v32[2]; + uint64_t value; } v64_t; typedef union { - unsigned char octet[16]; - uint16_t v16[8]; - uint32_t v32[4]; - uint64_t v64[2]; + uint8_t v8[16]; + uint16_t v16[8]; + uint32_t v32[4]; + uint64_t v64[2]; } v128_t; +typedef union { + uint8_t v8[32]; + uint16_t v16[16]; + uint32_t v32[8]; + uint64_t v64[4]; +} v256_t; /* some useful and simple math functions */ -#define pow_2(X) ( (unsigned int)1 << (X) ) /* 2^X */ - -#define pow_minus_one(X) ( (X) ? -1 : 1 ) /* (-1)^X */ +#define pow_2(X) ((unsigned int)1 << (X)) /* 2^X */ +#define pow_minus_one(X) ((X) ? -1 : 1) /* (-1)^X */ /* - * octet_weight(x) returns the hamming weight (number of bits equal to + * octet_get_weight(x) returns the hamming weight (number of bits equal to * one) in the octet x */ -int -octet_get_weight(octet_t octet); - -char * -octet_bit_string(octet_t x); +int octet_get_weight(uint8_t octet); #define MAX_PRINT_STRING_LEN 1024 -char * -octet_string_hex_string(const void *str, int length); +char *srtp_octet_string_hex_string(const void *str, int length); -char * -v128_bit_string(v128_t *x); +char *v128_bit_string(v128_t *x); -char * -v128_hex_string(v128_t *x); +char *v128_hex_string(v128_t *x); -octet_t -nibble_to_hex_char(octet_t nibble); +void v128_copy_octet_string(v128_t *x, const uint8_t s[16]); -char * -char_to_hex_string(char *x, int num_char); +void v128_left_shift(v128_t *x, int shift_index); -octet_t -hex_string_to_octet(char *s); +void v128_right_shift(v128_t *x, int shift_index); /* - * hex_string_to_octet_string(raw, hex, len) converts the hexadecimal - * string at *hex (of length len octets) to the equivalent raw data - * and writes it to *raw. - * - * if a character in the hex string that is not a hexadeciaml digit - * (0123456789abcdefABCDEF) is encountered, the function stops writing - * data to *raw + * the following macros define the data manipulation functions * - * the number of hex digits copied (which is two times the number of - * octets in *raw) is returned + * If DATATYPES_USE_MACROS is defined, then these macros are used + * directly (and function call overhead is avoided). Otherwise, + * the macros are used through the functions defined in datatypes.c + * (and the compiler provides better warnings). */ -int -hex_string_to_octet_string(char *raw, char *hex, int len); +#define _v128_set_to_zero(x) \ + ((x)->v32[0] = 0, (x)->v32[1] = 0, (x)->v32[2] = 0, (x)->v32[3] = 0) -v128_t -hex_string_to_v128(char *s); +#define _v128_copy(x, y) \ + ((x)->v32[0] = (y)->v32[0], (x)->v32[1] = (y)->v32[1], \ + (x)->v32[2] = (y)->v32[2], (x)->v32[3] = (y)->v32[3]) -void -v128_copy_octet_string(v128_t *x, const octet_t s[16]); +#define _v128_xor(z, x, y) \ + ((z)->v32[0] = (x)->v32[0] ^ (y)->v32[0], \ + (z)->v32[1] = (x)->v32[1] ^ (y)->v32[1], \ + (z)->v32[2] = (x)->v32[2] ^ (y)->v32[2], \ + (z)->v32[3] = (x)->v32[3] ^ (y)->v32[3]) -void -v128_left_shift(v128_t *x, int index); +#define _v128_and(z, x, y) \ + ((z)->v32[0] = (x)->v32[0] & (y)->v32[0], \ + (z)->v32[1] = (x)->v32[1] & (y)->v32[1], \ + (z)->v32[2] = (x)->v32[2] & (y)->v32[2], \ + (z)->v32[3] = (x)->v32[3] & (y)->v32[3]) -void -v128_right_shift(v128_t *x, int index); - -/* - * the following macros define the data manipulation functions - * - * If DATATYPES_USE_MACROS is defined, then these macros are used - * directly (and function call overhead is avoided). Otherwise, - * the macros are used through the functions defined in datatypes.c - * (and the compiler provides better warnings). - */ +#define _v128_or(z, x, y) \ + ((z)->v32[0] = (x)->v32[0] | (y)->v32[0], \ + (z)->v32[1] = (x)->v32[1] | (y)->v32[1], \ + (z)->v32[2] = (x)->v32[2] | (y)->v32[2], \ + (z)->v32[3] = (x)->v32[3] | (y)->v32[3]) -#define _v128_set_to_zero(x) \ -( \ - (x)->v32[0] = 0, \ - (x)->v32[1] = 0, \ - (x)->v32[2] = 0, \ - (x)->v32[3] = 0 \ -) - -#define _v128_copy(x, y) \ -( \ - (x)->v32[0] = (y)->v32[0], \ - (x)->v32[1] = (y)->v32[1], \ - (x)->v32[2] = (y)->v32[2], \ - (x)->v32[3] = (y)->v32[3] \ -) - -#define _v128_xor(z, x, y) \ -( \ - (z)->v32[0] = (x)->v32[0] ^ (y)->v32[0], \ - (z)->v32[1] = (x)->v32[1] ^ (y)->v32[1], \ - (z)->v32[2] = (x)->v32[2] ^ (y)->v32[2], \ - (z)->v32[3] = (x)->v32[3] ^ (y)->v32[3] \ -) - -#define _v128_and(z, x, y) \ -( \ - (z)->v32[0] = (x)->v32[0] & (y)->v32[0], \ - (z)->v32[1] = (x)->v32[1] & (y)->v32[1], \ - (z)->v32[2] = (x)->v32[2] & (y)->v32[2], \ - (z)->v32[3] = (x)->v32[3] & (y)->v32[3] \ -) - -#define _v128_or(z, x, y) \ -( \ - (z)->v32[0] = (x)->v32[0] | (y)->v32[0], \ - (z)->v32[1] = (x)->v32[1] | (y)->v32[1], \ - (z)->v32[2] = (x)->v32[2] | (y)->v32[2], \ - (z)->v32[3] = (x)->v32[3] | (y)->v32[3] \ -) - -#define _v128_complement(x) \ -( \ - (x)->v32[0] = ~(x)->v32[0], \ - (x)->v32[1] = ~(x)->v32[1], \ - (x)->v32[2] = ~(x)->v32[2], \ - (x)->v32[3] = ~(x)->v32[3] \ -) +#define _v128_complement(x) \ + ((x)->v32[0] = ~(x)->v32[0], (x)->v32[1] = ~(x)->v32[1], \ + (x)->v32[2] = ~(x)->v32[2], (x)->v32[3] = ~(x)->v32[3]) /* ok for NO_64BIT_MATH if it can compare uint64_t's (even as structures) */ -#define _v128_is_eq(x, y) \ - (((x)->v64[0] == (y)->v64[0]) && ((x)->v64[1] == (y)->v64[1])) - +#define _v128_is_eq(x, y) \ + (((x)->v64[0] == (y)->v64[0]) && ((x)->v64[1] == (y)->v64[1])) #ifdef NO_64BIT_MATH -#define _v128_xor_eq(z, x) \ -( \ - (z)->v32[0] ^= (x)->v32[0], \ - (z)->v32[1] ^= (x)->v32[1], \ - (z)->v32[2] ^= (x)->v32[2], \ - (z)->v32[3] ^= (x)->v32[3] \ -) +#define _v128_xor_eq(z, x) \ + ((z)->v32[0] ^= (x)->v32[0], (z)->v32[1] ^= (x)->v32[1], \ + (z)->v32[2] ^= (x)->v32[2], (z)->v32[3] ^= (x)->v32[3]) #else -#define _v128_xor_eq(z, x) \ -( \ - (z)->v64[0] ^= (x)->v64[0], \ - (z)->v64[1] ^= (x)->v64[1] \ -) +#define _v128_xor_eq(z, x) \ + ((z)->v64[0] ^= (x)->v64[0], (z)->v64[1] ^= (x)->v64[1]) #endif /* NOTE! This assumes an odd ordering! */ @@ -234,145 +188,191 @@ v128_right_shift(v128_t *x, int index); really care which bit is which. AES does care which bit is which, but doesn't use the 128-bit get/set or 128-bit shifts */ -#define _v128_get_bit(x, bit) \ -( \ - ((((x)->v32[(bit) >> 5]) >> ((bit) & 31)) & 1) \ -) - -#define _v128_set_bit(x, bit) \ -( \ - (((x)->v32[(bit) >> 5]) |= ((uint32_t)1 << ((bit) & 31))) \ -) - -#define _v128_clear_bit(x, bit) \ -( \ - (((x)->v32[(bit) >> 5]) &= ~((uint32_t)1 << ((bit) & 31))) \ -) - -#define _v128_set_bit_to(x, bit, value) \ -( \ - (value) ? _v128_set_bit(x, bit) : \ - _v128_clear_bit(x, bit) \ -) - - -#if 0 -/* nothing uses this */ -#if WORDS_BIGENDIAN - -#define _v128_add(z, x, y) { \ - uint64_t tmp; \ - \ - tmp = x->v32[3] + y->v32[3]; \ - z->v32[3] = (uint32_t) tmp; \ - \ - tmp = x->v32[2] + y->v32[2] + (tmp >> 32); \ - z->v32[2] = (uint32_t) tmp; \ - \ - tmp = x->v32[1] + y->v32[1] + (tmp >> 32); \ - z->v32[1] = (uint32_t) tmp; \ - \ - tmp = x->v32[0] + y->v32[0] + (tmp >> 32); \ - z->v32[0] = (uint32_t) tmp; \ -} +#define _v128_get_bit(x, bit) (((((x)->v32[(bit) >> 5]) >> ((bit)&31)) & 1)) -#else /* assume little endian architecture */ - -#define _v128_add(z, x, y) { \ - uint64_t tmp; \ - \ - tmp = htonl(x->v32[3]) + htonl(y->v32[3]); \ - z->v32[3] = ntohl((uint32_t) tmp); \ - \ - tmp = htonl(x->v32[2]) + htonl(y->v32[2]) \ - + htonl(tmp >> 32); \ - z->v32[2] = ntohl((uint32_t) tmp); \ - \ - tmp = htonl(x->v32[1]) + htonl(y->v32[1]) \ - + htonl(tmp >> 32); \ - z->v32[1] = ntohl((uint32_t) tmp); \ - \ - tmp = htonl(x->v32[0]) + htonl(y->v32[0]) \ - + htonl(tmp >> 32); \ - z->v32[0] = ntohl((uint32_t) tmp); \ -} -#endif /* WORDS_BIGENDIAN */ -#endif /* 0 */ +#define _v128_set_bit(x, bit) \ + ((((x)->v32[(bit) >> 5]) |= ((uint32_t)1 << ((bit)&31)))) +#define _v128_clear_bit(x, bit) \ + ((((x)->v32[(bit) >> 5]) &= ~((uint32_t)1 << ((bit)&31)))) -#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ +#define _v128_set_bit_to(x, bit, value) \ + ((value) ? _v128_set_bit(x, bit) : _v128_clear_bit(x, bit)) -#define v128_set_to_zero(z) _v128_set_to_zero(z) -#define v128_copy(z, x) _v128_copy(z, x) -#define v128_xor(z, x, y) _v128_xor(z, x, y) -#define v128_and(z, x, y) _v128_and(z, x, y) -#define v128_or(z, x, y) _v128_or(z, x, y) -#define v128_complement(x) _v128_complement(x) -#define v128_is_eq(x, y) _v128_is_eq(x, y) -#define v128_xor_eq(x, y) _v128_xor_eq(x, y) -#define v128_get_bit(x, i) _v128_get_bit(x, i) -#define v128_set_bit(x, i) _v128_set_bit(x, i) -#define v128_clear_bit(x, i) _v128_clear_bit(x, i) -#define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y) +#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ + +#define v128_set_to_zero(z) _v128_set_to_zero(z) +#define v128_copy(z, x) _v128_copy(z, x) +#define v128_xor(z, x, y) _v128_xor(z, x, y) +#define v128_and(z, x, y) _v128_and(z, x, y) +#define v128_or(z, x, y) _v128_or(z, x, y) +#define v128_complement(x) _v128_complement(x) +#define v128_is_eq(x, y) _v128_is_eq(x, y) +#define v128_xor_eq(x, y) _v128_xor_eq(x, y) +#define v128_get_bit(x, i) _v128_get_bit(x, i) +#define v128_set_bit(x, i) _v128_set_bit(x, i) +#define v128_clear_bit(x, i) _v128_clear_bit(x, i) +#define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y) #else -void -v128_set_to_zero(v128_t *x); +void v128_set_to_zero(v128_t *x); -int -v128_is_eq(const v128_t *x, const v128_t *y); +int v128_is_eq(const v128_t *x, const v128_t *y); -void -v128_copy(v128_t *x, const v128_t *y); +void v128_copy(v128_t *x, const v128_t *y); -void -v128_xor(v128_t *z, v128_t *x, v128_t *y); +void v128_xor(v128_t *z, v128_t *x, v128_t *y); -void -v128_and(v128_t *z, v128_t *x, v128_t *y); +void v128_and(v128_t *z, v128_t *x, v128_t *y); -void -v128_or(v128_t *z, v128_t *x, v128_t *y); +void v128_or(v128_t *z, v128_t *x, v128_t *y); -void -v128_complement(v128_t *x); +void v128_complement(v128_t *x); -int -v128_get_bit(const v128_t *x, int i); +int v128_get_bit(const v128_t *x, int i); -void -v128_set_bit(v128_t *x, int i) ; +void v128_set_bit(v128_t *x, int i); -void -v128_clear_bit(v128_t *x, int i); +void v128_clear_bit(v128_t *x, int i); -void -v128_set_bit_to(v128_t *x, int i, int y); +void v128_set_bit_to(v128_t *x, int i, int y); #endif /* DATATYPES_USE_MACROS */ /* - * octet_string_is_eq(a,b, len) returns 1 if the length len strings a - * and b are not equal, returns 0 otherwise + * srtp_octet_string_is_eq(a, b, len) returns 1 if the length len strings + * a and b are not equal. It returns 0 otherwise. The running time of the + * comparison depends only on len, making this safe to use for (e.g.) + * verifying authentication tags. */ -int -octet_string_is_eq(octet_t *a, octet_t *b, int len); +int srtp_octet_string_is_eq(uint8_t *a, uint8_t *b, int len); -void -octet_string_set_to_zero(octet_t *s, int len); +/* + * A portable way to zero out memory as recommended by + * https://cryptocoding.net/index.php/Coding_rules#Clean_memory_of_secret_data + * This is used to zero memory when OPENSSL_cleanse() is not available. + */ +void srtp_cleanse(void *s, size_t len); + +/* + * Functions as a wrapper that delegates to either srtp_cleanse() or + * OPENSSL_cleanse() if available to zero memory. + */ +void octet_string_set_to_zero(void *s, size_t len); + +#if defined(HAVE_CONFIG_H) + +/* + * Convert big endian integers to CPU byte order. + */ +#ifdef WORDS_BIGENDIAN +/* Nothing to do. */ +#define be32_to_cpu(x) (x) +#define be64_to_cpu(x) (x) +#elif defined(HAVE_BYTESWAP_H) +/* We have (hopefully) optimized versions in byteswap.h */ +#include <byteswap.h> +#define be32_to_cpu(x) bswap_32((x)) +#define be64_to_cpu(x) bswap_64((x)) +#else /* WORDS_BIGENDIAN */ + +#if defined(__GNUC__) && defined(HAVE_X86) +/* Fall back. */ +static inline uint32_t be32_to_cpu(uint32_t v) +{ + /* optimized for x86. */ + asm("bswap %0" : "=r"(v) : "0"(v)); + return v; +} +#else /* HAVE_X86 */ +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#elif defined HAVE_WINSOCK2_H +#include <winsock2.h> +#endif /* HAVE_NETINET_IN_H */ +#define be32_to_cpu(x) ntohl((x)) +#endif /* HAVE_X86 */ + +static inline uint64_t be64_to_cpu(uint64_t v) +{ +#ifdef NO_64BIT_MATH + /* use the make64 functions to do 64-bit math */ + v = make64(htonl(low32(v)), htonl(high32(v))); +#else /* NO_64BIT_MATH */ + /* use the native 64-bit math */ + v = (uint64_t)((be32_to_cpu((uint32_t)(v >> 32))) | + (((uint64_t)be32_to_cpu((uint32_t)v)) << 32)); +#endif /* NO_64BIT_MATH */ + return v; +} + +#endif /* WORDS_BIGENDIAN */ +#endif /* HAVE_CONFIG_H */ -/* - * bswap_32() is an optimized version of htonl/ntohl +/* + * functions manipulating bitvector_t + * + * A bitvector_t consists of an array of words and an integer + * representing the number of significant bits stored in the array. + * The bits are packed as follows: the least significant bit is that + * of word[0], while the most significant bit is the nth most + * significant bit of word[m], where length = bits_per_word * m + n. + * */ -uint32_t -bswap_32(uint32_t v); +#define bits_per_word 32 +#define bytes_per_word 4 + +typedef struct { + uint32_t length; + uint32_t *word; +} bitvector_t; + +#define _bitvector_get_bit(v, bit_index) \ + (((((v)->word[((bit_index) >> 5)]) >> ((bit_index)&31)) & 1)) + +#define _bitvector_set_bit(v, bit_index) \ + ((((v)->word[((bit_index) >> 5)] |= ((uint32_t)1 << ((bit_index)&31))))) -uint64_t -bswap_64(uint64_t v); +#define _bitvector_clear_bit(v, bit_index) \ + ((((v)->word[((bit_index) >> 5)] &= ~((uint32_t)1 << ((bit_index)&31))))) +#define _bitvector_get_length(v) (((v)->length)) + +#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ + +#define bitvector_get_bit(v, bit_index) _bitvector_get_bit(v, bit_index) +#define bitvector_set_bit(v, bit_index) _bitvector_set_bit(v, bit_index) +#define bitvector_clear_bit(v, bit_index) _bitvector_clear_bit(v, bit_index) +#define bitvector_get_length(v) _bitvector_get_length(v) + +#else + +int bitvector_get_bit(const bitvector_t *v, int bit_index); + +void bitvector_set_bit(bitvector_t *v, int bit_index); + +void bitvector_clear_bit(bitvector_t *v, int bit_index); + +unsigned long bitvector_get_length(const bitvector_t *v); + +#endif + +int bitvector_alloc(bitvector_t *v, unsigned long length); + +void bitvector_dealloc(bitvector_t *v); + +void bitvector_set_to_zero(bitvector_t *x); + +void bitvector_left_shift(bitvector_t *x, int index); + +char *bitvector_bit_string(bitvector_t *x, char *buf, int len); + +#ifdef __cplusplus +} +#endif -#endif /* _DATATYPES_H */ +#endif /* DATATYPES_H */ diff --git a/crypto/include/err.h b/crypto/include/err.h index c5b6127..66a1023 100644 --- a/crypto/include/err.h +++ b/crypto/include/err.h @@ -1,32 +1,32 @@ /* * err.h - * + * * error status codes * * David A. McGrew * Cisco Systems, Inc. */ /* - * - * Copyright (c) 2001-2005, Cisco Systems, Inc. + * + * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -42,152 +42,93 @@ * */ - #ifndef ERR_H #define ERR_H -#include "config.h" /* check for ERR_REPORTING_SYSLOG */ - #include <stdio.h> - #include <stdarg.h> +#include "srtp.h" + +#ifdef __cplusplus +extern "C" { +#endif /** * @defgroup Error Error Codes - * - * Error status codes are represented by the enumeration err_status_t. - * - * @{ - */ - - -/* - * @brief err_status_t defines error codes. * - * The enumeration err_status_t defines error codes. Note that the - * value of err_status_ok is equal to zero, which can simplify error - * checking somewhat. + * Error status codes are represented by the enumeration srtp_err_status_t. * + * @{ */ -typedef enum { - err_status_ok = 0, /**< nothing to report */ - err_status_fail = 1, /**< unspecified failure */ - err_status_bad_param = 2, /**< unsupported parameter */ - err_status_alloc_fail = 3, /**< couldn't allocate memory */ - err_status_dealloc_fail = 4, /**< couldn't deallocate properly */ - err_status_init_fail = 5, /**< couldn't initialize */ - err_status_terminus = 6, /**< can't process as much data as requested */ - err_status_auth_fail = 7, /**< authentication failure */ - err_status_cipher_fail = 8, /**< cipher failure */ - err_status_replay_fail = 9, /**< replay check failed (bad index) */ - err_status_replay_old = 10, /**< replay check failed (index too old) */ - err_status_algo_fail = 11, /**< algorithm failed test routine */ - err_status_no_such_op = 12, /**< unsupported operation */ - err_status_no_ctx = 13, /**< no appropriate context found */ - err_status_cant_check = 14, /**< unable to perform desired validation */ - err_status_key_expired = 15, /**< can't use key any more */ - err_status_socket_err = 16, /**< error in use of socket */ - err_status_signal_err = 17, /**< error in use POSIX signals */ - err_status_nonce_bad = 18, /**< nonce check failed */ - err_status_read_fail = 19, /**< couldn't read data */ - err_status_write_fail = 20, /**< couldn't write data */ - err_status_parse_err = 21, /**< error pasring data */ - err_status_encode_err = 22, /**< error encoding data */ - err_status_semaphore_err = 23,/**< error while using semaphores */ - err_status_pfkey_err = 24 ,/**< error while using pfkey */ -} err_status_t; /** * @} */ -#if (ERR_REPORTING_SYSLOG) - -#include <syslog.h> - typedef enum { - err_level_emergency = LOG_EMERG, - err_level_alert = LOG_ALERT, - err_level_critical = LOG_CRIT, - err_level_error = LOG_ERR, - err_level_warning = LOG_WARNING, - err_level_notice = LOG_NOTICE, - err_level_info = LOG_INFO, - err_level_debug = LOG_DEBUG, - err_level_none -} err_reporting_level_t; - -#else - -typedef enum { - err_level_emergency, - err_level_alert, - err_level_critical, - err_level_error, - err_level_warning, - err_level_notice, - err_level_info, - err_level_debug, - err_level_none -} err_reporting_level_t; - -#endif + srtp_err_level_error, + srtp_err_level_warning, + srtp_err_level_info, + srtp_err_level_debug +} srtp_err_reporting_level_t; /* * err_reporting_init prepares the error system. If - * ERR_REPORTING_SYSLOG is defined, it will open syslog. + * ERR_REPORTING_STDOUT is defined, it will log to stdout. * - * The ident argument is a string that will be prepended to - * all syslog messages. It is conventionally argv[0]. */ -err_status_t -err_reporting_init(char *ident); - +srtp_err_status_t srtp_err_reporting_init(void); + +typedef void(srtp_err_report_handler_func_t)(srtp_err_reporting_level_t level, + const char *msg); + +srtp_err_status_t srtp_install_err_report_handler( + srtp_err_report_handler_func_t func); + /* - * keydaemon_report_error reports a 'printf' formatted error - * string, followed by a an arg list. The priority argument - * is equivalent to that defined for syslog. + * srtp_err_report reports a 'printf' formatted error + * string, followed by a an arg list. The level argument + * is one of srtp_err_reporting_level_t. * - * Errors will be reported to ERR_REPORTING_FILE, if defined, and to - * syslog, if ERR_REPORTING_SYSLOG is defined. + * Errors will be reported to stdout, if ERR_REPORTING_STDOUT + * is defined. * */ -void -err_report(int priority, char *format, ...); - +void srtp_err_report(srtp_err_reporting_level_t level, const char *format, ...); /* - * debug_module_t defines a debug module + * debug_module_t defines a debug module */ -typedef struct { - unsigned int on; /* 1 if debugging is on, 0 if it is off */ - char *name; /* printable name for debug module */ -} debug_module_t; +typedef struct { + int on; /* 1 if debugging is on, 0 if it is off */ + const char *name; /* printable name for debug module */ +} srtp_debug_module_t; -#if ENABLE_DEBUGGING +#ifdef ENABLE_DEBUG_LOGGING -#define debug_on(mod) (mod).on = 1 - -#define debug_off(mod) (mod).on = 0 - -/* use err_report() to report debug message */ -#define debug_print(mod, format, arg) \ - if (mod.on) err_report(err_level_debug, ("%s: " format), mod.name, arg) -#define debug_print2(mod, format, arg1,arg2) \ - if (mod.on) err_report(err_level_debug, ("%s: " format), mod.name, arg1,arg2) +#define debug_print(mod, format, arg) \ + srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg) +#define debug_print2(mod, format, arg1, arg2) \ + srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, \ + arg1, arg2) #else -/* define macros to do nothing */ -#define debug_print(mod, format, arg) +#define debug_print(mod, format, arg) \ + if (mod.on) \ + srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg) +#define debug_print2(mod, format, arg1, arg2) \ + if (mod.on) \ + srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, \ + arg1, arg2) -#define debug_on(mod) - -#define debug_off(mod) +#endif +#ifdef __cplusplus +} #endif #endif /* ERR_H */ diff --git a/crypto/include/hmac.h b/crypto/include/hmac.h index 569a175..1488181 100644 --- a/crypto/include/hmac.h +++ b/crypto/include/hmac.h @@ -1,33 +1,33 @@ /* * hmac.h * - * interface to hmac auth_type_t + * interface to hmac srtp_auth_type_t * * David A. McGrew * Cisco Systems, Inc. * */ /* - * - * Copyright (c) 2001-2005, Cisco Systems, Inc. + * + * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -50,28 +50,9 @@ #include "sha1.h" typedef struct { - octet_t ipad[64], opad[64]; - sha1_ctx_t ctx; -} hmac_ctx_t; - -err_status_t -hmac_alloc(auth_t **a, int key_len, int out_len); - -err_status_t -hmac_dealloc(auth_t *a); - -err_status_t -hmac_init(hmac_ctx_t *state, const octet_t *key, int key_len); - -err_status_t -hmac_start(hmac_ctx_t *state); - -err_status_t -hmac_update(hmac_ctx_t *state, const octet_t *message, int msg_octets); - -err_status_t -hmac_compute(hmac_ctx_t *state, const octet_t *message, - int msg_octets, int tag_len, octet_t *result); - + uint8_t opad[64]; + srtp_sha1_ctx_t ctx; + srtp_sha1_ctx_t init_ctx; +} srtp_hmac_ctx_t; #endif /* HMAC_H */ diff --git a/crypto/include/integers.h b/crypto/include/integers.h index 5e3dada..f2cd7c0 100644 --- a/crypto/include/integers.h +++ b/crypto/include/integers.h @@ -8,26 +8,26 @@ */ /* - * - * Copyright (c) 2001-2005, Cisco Systems, Inc. + * + * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -43,104 +43,104 @@ * */ - #ifndef INTEGERS_H #define INTEGERS_H -#include "config.h" /* configuration file, using autoconf */ - -#include <stdlib.h> /* standard integers should be referenced here */ - - /* use standard integer definitions, if they're available */ -#if HAVE_STDINT_H - +#ifdef HAVE_STDLIB_H +#include <stdlib.h> +#endif +#ifdef HAVE_STDINT_H #include <stdint.h> - -#elif HAVE_SYS_INT_TYPES_H - -#include <sys/int_types.h> /* this exists on Sun OS */ - -#elif (HAVE_MACHINE_TYPES_H && !HAVE_MS_TYPES) /* Open BSD, not Cygwin */ - +#endif +#ifdef HAVE_INTTYPES_H +#include <inttypes.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_INT_TYPES_H +#include <sys/int_types.h> /* this exists on Sun OS */ +#endif +#ifdef HAVE_MACHINE_TYPES_H #include <machine/types.h> - -#else /* if all else fails, use these definitions */ - -/* - * machine-specific definitions for 32 bit machines - you may need to - * edit these definitions for your own machine - */ - -typedef unsigned short int uint16_t; -typedef unsigned int uint32_t; -#ifdef NO_64BIT_MATH -typedef double uint64_t; -/* assert that sizeof(double) == 8 */ -#else -typedef unsigned long long int uint64_t; #endif -/* - * if we're on MS, avoid re-defining the following mirosoft types - * - * these are present in cygwin - */ - -#if (HAVE_MS_TYPES == 0) - -typedef short int int16_t; -typedef int int32_t; -#ifdef NO_64BIT_MATH -typedef double int64_t; -/* assert that sizeof(double) == 8 */ -#else -typedef long long int int64_t; +#ifdef __cplusplus +extern "C" { #endif +/* Can we do 64 bit integers? */ +#if !defined(HAVE_UINT64_T) +#if SIZEOF_UNSIGNED_LONG == 8 +typedef unsigned long uint64_t; +#elif SIZEOF_UNSIGNED_LONG_LONG == 8 +typedef unsigned long long uint64_t; #else +#define NO_64BIT_MATH 1 +#endif +#endif -#include <sys/types.h> /* pick up cygwin definitions */ - +/* Reasonable defaults for 32 bit machines - you may need to + * edit these definitions for your own machine. */ +#ifndef HAVE_UINT8_T +typedef unsigned char uint8_t; +#endif +#ifndef HAVE_UINT16_T +typedef unsigned short int uint16_t; +#endif +#ifndef HAVE_UINT32_T +typedef unsigned int uint32_t; +#endif +#ifndef HAVE_INT32_T +typedef int int32_t; #endif +#if defined(NO_64BIT_MATH) && defined(HAVE_CONFIG_H) +typedef double uint64_t; +/* assert that sizeof(double) == 8 */ +extern uint64_t make64(uint32_t high, uint32_t low); +extern uint32_t high32(uint64_t value); +extern uint32_t low32(uint64_t value); #endif /* These macros are to load and store 32-bit values from un-aligned addresses. This is required for processors that do not allow unaligned loads. */ -#if ALIGNMENT_32BIT_REQUIRED -// Note that if it's in a variable, you can memcpy it -#if WORDS_BIGENDIAN == 1 -#define PUT_32(addr,value) \ - { \ - ((unsigned char *) (addr))[0] = (value >> 24); \ - ((unsigned char *) (addr))[1] = (value >> 16) & 0xff; \ - ((unsigned char *) (addr))[2] = (value >> 8) & 0xff; \ - ((unsigned char *) (addr))[3] = (value) & 0xff; \ +#ifdef ALIGNMENT_32BIT_REQUIRED +/* Note that if it's in a variable, you can memcpy it */ +#ifdef WORDS_BIGENDIAN +#define PUT_32(addr, value) \ + { \ + ((unsigned char *)(addr))[0] = (value >> 24); \ + ((unsigned char *)(addr))[1] = (value >> 16) & 0xff; \ + ((unsigned char *)(addr))[2] = (value >> 8) & 0xff; \ + ((unsigned char *)(addr))[3] = (value)&0xff; \ } -#define GET_32(addr) ((((unsigned char *) (addr))[0] << 24) | \ - (((unsigned char *) (addr))[1] << 16) | \ - (((unsigned char *) (addr))[2] << 8) | \ - (((unsigned char *) (addr))[3])) +#define GET_32(addr) \ + ((((unsigned char *)(addr))[0] << 24) | \ + (((unsigned char *)(addr))[1] << 16) | \ + (((unsigned char *)(addr))[2] << 8) | (((unsigned char *)(addr))[3])) #else -#define PUT_32(addr,value) \ - { \ - ((unsigned char *) (addr))[3] = (value >> 24); \ - ((unsigned char *) (addr))[2] = (value >> 16) & 0xff; \ - ((unsigned char *) (addr))[1] = (value >> 8) & 0xff; \ - ((unsigned char *) (addr))[0] = (value) & 0xff; \ +#define PUT_32(addr, value) \ + { \ + ((unsigned char *)(addr))[3] = (value >> 24); \ + ((unsigned char *)(addr))[2] = (value >> 16) & 0xff; \ + ((unsigned char *)(addr))[1] = (value >> 8) & 0xff; \ + ((unsigned char *)(addr))[0] = (value)&0xff; \ } -#define GET_32(addr) ((((unsigned char *) (addr))[3] << 24) | \ - (((unsigned char *) (addr))[2] << 16) | \ - (((unsigned char *) (addr))[1] << 8) | \ - (((unsigned char *) (addr))[0])) +#define GET_32(addr) \ + ((((unsigned char *)(addr))[3] << 24) | \ + (((unsigned char *)(addr))[2] << 16) | \ + (((unsigned char *)(addr))[1] << 8) | (((unsigned char *)(addr))[0])) #endif // WORDS_BIGENDIAN #else -#define PUT_32(addr,value) *(((uint32_t *) (addr)) = (value) +#define PUT_32(addr, value) *(((uint32_t *) (addr)) = (value) #define GET_32(addr) (*(((uint32_t *) (addr))) #endif -#include <sys/types.h> -#include <netinet/in.h> +#ifdef __cplusplus +} +#endif #endif /* INTEGERS_H */ diff --git a/crypto/include/key.h b/crypto/include/key.h index 05a0669..3498114 100644 --- a/crypto/include/key.h +++ b/crypto/include/key.h @@ -2,31 +2,31 @@ * key.h * * key usage limits enforcement - * + * * David A. Mcgrew * Cisco Systems, Inc. */ /* - * - * Copyright (c) 2001-2005 Cisco Systems, Inc. + * + * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -45,38 +45,44 @@ #ifndef KEY_H #define KEY_H -#include "rdbx.h" /* for xtd_seq_num_t */ +#include "rdbx.h" /* for srtp_xtd_seq_num_t */ #include "err.h" -typedef struct key_limit_ctx_t *key_limit_t; +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct srtp_key_limit_ctx_t *srtp_key_limit_t; typedef enum { - key_event_normal, - key_event_soft_limit, - key_event_hard_limit -} key_event_t; + srtp_key_event_normal, + srtp_key_event_soft_limit, + srtp_key_event_hard_limit +} srtp_key_event_t; -err_status_t -key_limit_set(key_limit_t key, xtd_seq_num_t s); +srtp_err_status_t srtp_key_limit_set(srtp_key_limit_t key, + const srtp_xtd_seq_num_t s); -err_status_t -key_limit_clone(key_limit_t original, key_limit_t *new_key); +srtp_err_status_t srtp_key_limit_clone(srtp_key_limit_t original, + srtp_key_limit_t *new_key); -err_status_t -key_limit_check(const key_limit_t key); +srtp_err_status_t srtp_key_limit_check(const srtp_key_limit_t key); -key_event_t -key_limit_update(key_limit_t key); +srtp_key_event_t srtp_key_limit_update(srtp_key_limit_t key); + +typedef enum { + srtp_key_state_normal, + srtp_key_state_past_soft_limit, + srtp_key_state_expired +} srtp_key_state_t; -typedef enum { - key_state_normal, - key_state_past_soft_limit, - key_state_expired -} key_state_t; +typedef struct srtp_key_limit_ctx_t { + srtp_xtd_seq_num_t num_left; + srtp_key_state_t state; +} srtp_key_limit_ctx_t; -typedef struct key_limit_ctx_t { - xtd_seq_num_t num_left; - key_state_t state; -} key_limit_ctx_t; +#ifdef __cplusplus +} +#endif #endif /* KEY_H */ diff --git a/crypto/include/math.h b/crypto/include/math.h deleted file mode 100644 index 55ed775..0000000 --- a/crypto/include/math.h +++ /dev/null @@ -1,435 +0,0 @@ -/* - * math.h - * - * crypto math operations and data types - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2005 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#ifndef MATH_H -#define MATH_H - -#include "datatypes.h" - -inline int -octet_get_weight(octet_t octet); - -unsigned char -v32_weight(v32_t a); - -unsigned char -v32_distance(v32_t x, v32_t y); - -unsigned int -v32_dot_product(v32_t a, v32_t b); - -char * -octet_bit_string(octet_t x); - -char * -v16_bit_string(v16_t x); - -char * -v32_bit_string(v32_t x); - -char * -v64_bit_string(v64_t x); - -char * -v128_bit_string(v128_t x); - -octet_t -nibble_to_hex_char(octet_t nibble); - -char * -octet_hex_string(octet_t x); - -char * -octet_string_hex_string(const octet_t *str, int length); - -char * -v16_hex_string(v16_t x); - -char * -v32_hex_string(v32_t x); - -char * -v64_hex_string(v64_t x); - -char * -v128_hex_string(v128_t x); - -char * -char_to_hex_string(char *x, int num_char); - -int -hex_char_to_nibble(octet_t c); - -int -is_hex_string(char *s); - -octet_t -hex_string_to_octet(char *s); - -/* - * hex_string_to_octet_string converts a hexadecimal string - * of length 2 * len to a raw octet string of length len - */ - -int -hex_string_to_octet_string(char *raw, char *hex, int len); - -v16_t -hex_string_to_v16(char *s); - -v32_t -hex_string_to_v32(char *s); - -v64_t -hex_string_to_v64(char *s); - -v128_t -hex_string_to_v128(char *s); - -/* the matrix A[] is stored in column format, i.e., A[i] is - the ith column of the matrix */ - -octet_t -A_times_x_plus_b(octet_t A[8], octet_t x, octet_t b); - -void -v16_copy_octet_string(v16_t *x, const octet_t s[2]); - -void -v32_copy_octet_string(v32_t *x, const octet_t s[4]); - -void -v64_copy_octet_string(v64_t *x, const octet_t s[8]); - -void -v128_copy_octet_string(v128_t *x, const octet_t s[16]); - -void -v128_add(v128_t *z, v128_t *x, v128_t *y); - -int -octet_string_is_eq(octet_t *a, octet_t *b, int len); - -void -octet_string_set_to_zero(octet_t *s, int len); - - - -/* - * the matrix A[] is stored in column format, i.e., A[i] is the ith - * column of the matrix -*/ -octet_t -A_times_x_plus_b(octet_t A[8], octet_t x, octet_t b); - -void -v128_copy_octet_string(v128_t *x, const octet_t s[16]); - -void -v128_left_shift(v128_t *x, int index); - -void -v128_right_shift(v128_t *x, int index); - -/* - * the following macros define the data manipulation functions - * - * If DATATYPES_USE_MACROS is defined, then these macros are used - * directly (and function call overhead is avoided). Otherwise, - * the macros are used through the functions defined in datatypes.c - * (and the compiler provides better warnings). - */ - -#define _v128_set_to_zero(x) \ -( \ - (x)->v32[0] = 0, \ - (x)->v32[1] = 0, \ - (x)->v32[2] = 0, \ - (x)->v32[3] = 0 \ -) - -#define _v128_copy(x, y) \ -( \ - (x)->v32[0] = (y)->v32[0], \ - (x)->v32[1] = (y)->v32[1], \ - (x)->v32[2] = (y)->v32[2], \ - (x)->v32[3] = (y)->v32[3] \ -) - -#define _v128_xor(z, x, y) \ -( \ - (z)->v32[0] = (x)->v32[0] ^ (y)->v32[0], \ - (z)->v32[1] = (x)->v32[1] ^ (y)->v32[1], \ - (z)->v32[2] = (x)->v32[2] ^ (y)->v32[2], \ - (z)->v32[3] = (x)->v32[3] ^ (y)->v32[3] \ -) - -#define _v128_and(z, x, y) \ -( \ - (z)->v32[0] = (x)->v32[0] & (y)->v32[0], \ - (z)->v32[1] = (x)->v32[1] & (y)->v32[1], \ - (z)->v32[2] = (x)->v32[2] & (y)->v32[2], \ - (z)->v32[3] = (x)->v32[3] & (y)->v32[3] \ -) - -#define _v128_or(z, x, y) \ -( \ - (z)->v32[0] = (x)->v32[0] | (y)->v32[0], \ - (z)->v32[1] = (x)->v32[1] | (y)->v32[1], \ - (z)->v32[2] = (x)->v32[2] | (y)->v32[2], \ - (z)->v32[3] = (x)->v32[3] | (y)->v32[3] \ -) - -#define _v128_complement(x) \ -( \ - (x)->v32[0] = ~(x)->v32[0], \ - (x)->v32[1] = ~(x)->v32[1], \ - (x)->v32[2] = ~(x)->v32[2], \ - (x)->v32[3] = ~(x)->v32[3] \ -) - -#define _v128_is_eq(x, y) \ - (((x)->v64[0] == (y)->v64[0]) && ((x)->v64[1] == (y)->v64[1])) - - -#define _v128_xor_eq(z, x) \ -( \ - (z)->v64[0] ^= (x)->v64[0], \ - (z)->v64[1] ^= (x)->v64[1] \ -) - - -#define _v128_get_bit(x, bit) \ -( \ - (x->v32[3-((bit) >> 5)] >> ((bit) & 31)) & 1 \ -) - -#define _v128_set_bit(x, bit) \ -( \ - (((x)->v32[3-((bit) >> 5)]) |= ((uint32_t)1 << ((bit) & 31))) \ -) - -#define _v128_clear_bit(x, bit) \ -( \ - (((x)->v32[(bit) >> 5]) &= ~((unsigned long)1 << ((bit) & 31))) \ -) - -#define _v128_set_bit_to(x, bit, value) \ -( \ - (value) ? _v128_set_bit(x, bit) : \ - _v128_clear_bit(x, bit) \ -) - - -#if OLD - -#define _v128_get_bit(x, bit) \ -( \ - ((((x)->v32[(bit) >> 5]) >> ((bit) & 31)) & 1) \ -) - -#define _v128_set_bit(x, bit) \ -( \ - (((x)->v32[(bit) >> 5]) |= ((unsigned long)1 << ((bit) & 31))) \ -) - -#define _v128_clear_bit(x, bit) \ -( \ - (((x)->v32[(bit) >> 5]) &= ~((unsigned long)1 << ((bit) & 31))) \ -) - -#define _v128_set_bit_to(x, bit, value) \ -( \ - (value) ? _v128_set_bit(x, bit) : \ - _v128_clear_bit(x, bit) \ -) - -#endif /* OLD */ - -#if WORDS_BIGENDIAN - -#define _v128_add(z, x, y) { \ - uint64_t tmp; \ - \ - tmp = x->v32[3] + y->v32[3]; \ - z->v32[3] = (uint32_t) tmp; \ - \ - tmp = x->v32[2] + y->v32[2] + (tmp >> 32); \ - z->v32[2] = (uint32_t) tmp; \ - \ - tmp = x->v32[1] + y->v32[1] + (tmp >> 32); \ - z->v32[1] = (uint32_t) tmp; \ - \ - tmp = x->v32[0] + y->v32[0] + (tmp >> 32); \ - z->v32[0] = (uint32_t) tmp; \ -} - -#else /* assume little endian architecture */ - -#define _v128_add(z, x, y) { \ - uint64_t tmp; \ - \ - tmp = htonl(x->v32[3]) + htonl(y->v32[3]); \ - z->v32[3] = ntohl((uint32_t) tmp); \ - \ - tmp = htonl(x->v32[2]) + htonl(y->v32[2]) \ - + htonl(tmp >> 32); \ - z->v32[2] = ntohl((uint32_t) tmp); \ - \ - tmp = htonl(x->v32[1]) + htonl(y->v32[1]) \ - + htonl(tmp >> 32); \ - z->v32[1] = ntohl((uint32_t) tmp); \ - \ - tmp = htonl(x->v32[0]) + htonl(y->v32[0]) \ - + htonl(tmp >> 32); \ - z->v32[0] = ntohl((uint32_t) tmp); \ -} - -#endif /* WORDS_BIGENDIAN */ - - -#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ - -#define v128_set_to_zero(z) _v128_set_to_zero(z) -#define v128_copy(z, x) _v128_copy(z, x) -#define v128_xor(z, x, y) _v128_xor(z, x, y) -#define v128_and(z, x, y) _v128_and(z, x, y) -#define v128_or(z, x, y) _v128_or(z, x, y) -#define v128_complement(x) _v128_complement(x) -#define v128_is_eq(x, y) _v128_is_eq(x, y) -#define v128_xor_eq(x, y) _v128_xor_eq(x, y) -#define v128_get_bit(x, i) _v128_get_bit(x, i) -#define v128_set_bit(x, i) _v128_set_bit(x, i) -#define v128_clear_bit(x, i) _v128_clear_bit(x, i) -#define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y) - -#else - -void -v128_set_to_zero(v128_t *x); - -int -v128_is_eq(const v128_t *x, const v128_t *y); - -void -v128_copy(v128_t *x, const v128_t *y); - -void -v128_xor(v128_t *z, v128_t *x, v128_t *y); - -void -v128_and(v128_t *z, v128_t *x, v128_t *y); - -void -v128_or(v128_t *z, v128_t *x, v128_t *y); - -void -v128_complement(v128_t *x); - -int -v128_get_bit(const v128_t *x, int i); - -void -v128_set_bit(v128_t *x, int i) ; - -void -v128_clear_bit(v128_t *x, int i); - -void -v128_set_bit_to(v128_t *x, int i, int y); - -#endif /* DATATYPES_USE_MACROS */ - -/* - * octet_string_is_eq(a,b, len) returns 1 if the length len strings a - * and b are not equal, returns 0 otherwise - */ - -int -octet_string_is_eq(octet_t *a, octet_t *b, int len); - -void -octet_string_set_to_zero(octet_t *s, int len); - - -/* - * functions manipulating bit_vector_t - * - * A bitvector_t consists of an array of words and an integer - * representing the number of significant bits stored in the array. - * The bits are packed as follows: the least significant bit is that - * of word[0], while the most significant bit is the nth most - * significant bit of word[m], where length = bits_per_word * m + n. - * - */ - -#define bits_per_word 32 -#define bytes_per_word 4 - -typedef struct { - uint32_t length; - uint32_t *word; -} bitvector_t; - -#include <stdio.h> - -int -bitvector_alloc(bitvector_t *v, unsigned long length); - -void -bitvector_set_bit(bitvector_t *v, int bit_index); - -int -bitvector_get_bit(const bitvector_t *v, int bit_index); - -int -bitvector_print_hex(const bitvector_t *v, FILE *stream); - -int -bitvector_set_from_hex(bitvector_t *v, char *string); - -#endif /* MATH_H */ - - - diff --git a/crypto/include/null_auth.h b/crypto/include/null_auth.h index adb6052..490dd7b 100644 --- a/crypto/include/null_auth.h +++ b/crypto/include/null_auth.h @@ -7,26 +7,26 @@ */ /* - * - * Copyright (c) 2001-2005, Cisco Systems, Inc. + * + * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -47,22 +47,27 @@ #include "auth.h" +#ifdef __cplusplus +extern "C" { +#endif + typedef struct { - char foo; -} null_auth_ctx_t; + char foo; +} srtp_null_auth_ctx_t; + +#if 0 +srtp_err_status_t srtp_null_auth_alloc(srtp_auth_t **a, int key_len, int out_len); -err_status_t -null_auth_alloc(auth_t **a, int key_len, int out_len); +srtp_err_status_t srtp_null_auth_dealloc(srtp_auth_t *a); -err_status_t -null_auth_dealloc(auth_t *a); +srtp_err_status_t srtp_null_auth_init(srtp_null_auth_ctx_t *state, const uint8_t *key, int key_len); -err_status_t -null_auth_init(null_auth_ctx_t *state, const octet_t *key, int key_len); +srtp_err_status_t srtp_null_auth_compute(srtp_null_auth_ctx_t *state, uint8_t *message, int msg_octets, int tag_len, uint8_t *result); -err_status_t -null_auth_compute (null_auth_ctx_t *state, octet_t *message, - int msg_octets, int tag_len, octet_t *result); +#endif +#ifdef __cplusplus +} +#endif #endif /* NULL_AUTH_H */ diff --git a/crypto/include/null_cipher.h b/crypto/include/null_cipher.h index cfbefe9..5e8c91c 100644 --- a/crypto/include/null_cipher.h +++ b/crypto/include/null_cipher.h @@ -9,26 +9,26 @@ */ /* - * - * Copyright (c) 2001-2005, Cisco Systems, Inc. + * + * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -44,7 +44,6 @@ * */ - #ifndef NULL_CIPHER_H #define NULL_CIPHER_H @@ -52,29 +51,7 @@ #include "cipher.h" typedef struct { - char foo ;/* empty, for now */ -} null_cipher_ctx_t; - - -/* - * none of these functions do anything (though future versions may keep - * track of bytes encrypted, number of instances, and/or other info). - */ - -err_status_t -null_cipher_init(null_cipher_ctx_t *c, const octet_t *key); - -err_status_t -null_cipher_set_segment(null_cipher_ctx_t *c, - unsigned long index); - -err_status_t -null_cipher_encrypt(null_cipher_ctx_t *c, - unsigned char *buf, unsigned int *bytes_to_encr); - - -err_status_t -null_cipher_encrypt_aligned(null_cipher_ctx_t *c, - unsigned char *buf, int bytes_to_encr); + char foo; /* empty, for now */ +} srtp_null_cipher_ctx_t; #endif /* NULL_CIPHER_H */ diff --git a/crypto/include/prng.h b/crypto/include/prng.h deleted file mode 100644 index 25a06af..0000000 --- a/crypto/include/prng.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * prng.h - * - * pseudorandom source - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -#ifndef PRNG_H -#define PRNG_H - -#ifndef CLOCKS_PER_SEC -#include <time.h> /* for time() */ -#endif - -#include "rand_source.h" /* for rand_source_func_t definition */ -#include "aes.h" /* for aes */ -#include "aes_icm.h" /* for aes ctr */ - -#define MAX_PRNG_OUT_LEN 0xffffffffU - -/* - * x917_prng is an ANSI X9.17-like AES-based PRNG - */ - -typedef struct { - v128_t state; /* state data */ - aes_expanded_key_t key; /* secret key */ - uint32_t octet_count; /* number of octets output since last init */ - rand_source_func_t rand; /* random source for re-initialization */ -} x917_prng_t; - -err_status_t -x917_prng_init(); - -err_status_t -x917_prng_get_octet_string(octet_t *dest, uint32_t len); - - -/* - * ctr_prng is an AES-CTR based PRNG - */ - -typedef struct { - uint32_t octet_count; /* number of octets output since last init */ - aes_icm_ctx_t state; /* state data */ - rand_source_func_t rand; /* random source for re-initialization */ -} ctr_prng_t; - -err_status_t -ctr_prng_init(); - -err_status_t -ctr_prng_get_octet_string(void *dest, int len); - - -#endif diff --git a/crypto/include/rdb.h b/crypto/include/rdb.h new file mode 100644 index 0000000..98314c1 --- /dev/null +++ b/crypto/include/rdb.h @@ -0,0 +1,125 @@ +/* + * replay-database.h + * + * interface for a replay database for packet security + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2017, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef REPLAY_DB_H +#define REPLAY_DB_H + +#include "integers.h" /* for uint32_t */ +#include "datatypes.h" /* for v128_t */ +#include "err.h" /* for srtp_err_status_t */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * if the ith least significant bit is one, then the packet index + * window_end-i is in the database + */ + +typedef struct { + uint32_t window_start; /* packet index of the first bit in bitmask */ + v128_t bitmask; +} srtp_rdb_t; + +#define rdb_bits_in_bitmask (8 * sizeof(v128_t)) + +/* + * srtp_rdb_init + * + * initalizes rdb + * + * returns srtp_err_status_ok on success, srtp_err_status_t_fail otherwise + */ +srtp_err_status_t srtp_rdb_init(srtp_rdb_t *rdb); + +/* + * srtp_rdb_check + * + * checks to see if index appears in rdb + * + * returns srtp_err_status_fail if the index already appears in rdb, + * returns srtp_err_status_ok otherwise + */ +srtp_err_status_t srtp_rdb_check(const srtp_rdb_t *rdb, uint32_t rdb_index); + +/* + * srtp_rdb_add_index + * + * adds index to srtp_rdb_t (and does *not* check if index appears in db) + * + * returns srtp_err_status_ok on success, srtp_err_status_fail otherwise + * + */ +srtp_err_status_t srtp_rdb_add_index(srtp_rdb_t *rdb, uint32_t rdb_index); + +/* + * the functions srtp_rdb_increment() and srtp_rdb_get_value() are for use by + * senders, not receivers - DO NOT use these functions on the same + * srtp_rdb_t upon which srtp_rdb_add_index is used! + */ + +/* + * srtp_rdb_increment(db) increments the sequence number in db, if it is + * not too high + * + * return values: + * + * srtp_err_status_ok no problem + * srtp_err_status_key_expired sequence number too high + * + */ +srtp_err_status_t srtp_rdb_increment(srtp_rdb_t *rdb); + +/* + * srtp_rdb_get_value(db) returns the current sequence number of db + */ +uint32_t srtp_rdb_get_value(const srtp_rdb_t *rdb); + +#ifdef __cplusplus +} +#endif + +#endif /* REPLAY_DB_H */ diff --git a/crypto/include/rdbx.h b/crypto/include/rdbx.h index ce9ecf6..2194178 100644 --- a/crypto/include/rdbx.h +++ b/crypto/include/rdbx.h @@ -8,139 +8,202 @@ * */ +/* + * + * Copyright (c) 2001-2017, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + #ifndef RDBX_H #define RDBX_H #include "datatypes.h" #include "err.h" -/* #define ROC_TEST */ +#ifdef __cplusplus +extern "C" { +#endif + +/* #define ROC_TEST */ #ifndef ROC_TEST -typedef uint16_t sequence_number_t; /* 16 bit sequence number */ -typedef uint32_t rollover_counter_t; /* 32 bit rollover counter */ +typedef uint16_t srtp_sequence_number_t; /* 16 bit sequence number */ +typedef uint32_t srtp_rollover_counter_t; /* 32 bit rollover counter */ -#else /* use small seq_num and roc datatypes for testing purposes */ +#else /* use small seq_num and roc datatypes for testing purposes */ -typedef unsigned char sequence_number_t; /* 8 bit sequence number */ -typedef uint16_t rollover_counter_t; /* 16 bit rollover counter */ +typedef unsigned char srtp_sequence_number_t; /* 8 bit sequence number */ +typedef uint16_t srtp_rollover_counter_t; /* 16 bit rollover counter */ #endif -#define seq_num_median (1 << (8*sizeof(sequence_number_t) - 1)) -#define seq_num_max (1 << (8*sizeof(sequence_number_t))) +#define seq_num_median (1 << (8 * sizeof(srtp_sequence_number_t) - 1)) +#define seq_num_max (1 << (8 * sizeof(srtp_sequence_number_t))) /* - * An xtd_seq_num_t is a 64-bit unsigned integer used as an 'extended' - * sequence number. + * An rtp_xtd_seq_num_t is a 64-bit unsigned integer used as an 'extended' + * sequence number. */ - -typedef uint64_t xtd_seq_num_t; - +typedef uint64_t srtp_xtd_seq_num_t; /* - * An rdbx_t is a replay database with extended range; it uses an + * An srtp_rdbx_t is a replay database with extended range; it uses an * xtd_seq_num_t and a bitmask of recently received indices. */ - typedef struct { - xtd_seq_num_t index; - v128_t bitmask; -} rdbx_t; - + srtp_xtd_seq_num_t index; + bitvector_t bitmask; +} srtp_rdbx_t; /* - * rdbx_init(rdbx_ptr) + * srtp_rdbx_init(rdbx_ptr, ws) * - * initializes the rdbx pointed to by its argument, setting the - * rollover counter and sequence number to zero + * initializes the rdbx pointed to by its argument with the window size ws, + * setting the rollover counter and sequence number to zero */ +srtp_err_status_t srtp_rdbx_init(srtp_rdbx_t *rdbx, unsigned long ws); -err_status_t -rdbx_init(rdbx_t *rdbx); - +/* + * srtp_rdbx_dealloc(rdbx_ptr) + * + * frees memory associated with the rdbx + */ +srtp_err_status_t srtp_rdbx_dealloc(srtp_rdbx_t *rdbx); /* - * rdbx_estimate_index(rdbx, guess, s) - * + * srtp_rdbx_estimate_index(rdbx, guess, s) + * * given an rdbx and a sequence number s (from a newly arrived packet), * sets the contents of *guess to contain the best guess of the packet * index to which s corresponds, and returns the difference between * *guess and the locally stored synch info */ - -int -rdbx_estimate_index(const rdbx_t *rdbx, - xtd_seq_num_t *guess, - sequence_number_t s); +int32_t srtp_rdbx_estimate_index(const srtp_rdbx_t *rdbx, + srtp_xtd_seq_num_t *guess, + srtp_sequence_number_t s); /* - * rdbx_check(rdbx, delta); + * srtp_rdbx_check(rdbx, delta); * - * rdbx_check(&r, delta) checks to see if the xtd_seq_num_t + * srtp_rdbx_check(&r, delta) checks to see if the xtd_seq_num_t * which is at rdbx->window_start + delta is in the rdb * */ - -err_status_t -rdbx_check(const rdbx_t *rdbx, int difference); +srtp_err_status_t srtp_rdbx_check(const srtp_rdbx_t *rdbx, int difference); /* - * replay_add_index(rdbx, delta) - * - * adds the xtd_seq_num_t at rdbx->window_start + delta to replay_db + * srtp_replay_add_index(rdbx, delta) + * + * adds the srtp_xtd_seq_num_t at rdbx->window_start + delta to replay_db * (and does *not* check if that xtd_seq_num_t appears in db) * * this function should be called *only* after replay_check has * indicated that the index does not appear in the rdbx, and a mutex * should protect the rdbx between these calls if necessary. */ +srtp_err_status_t srtp_rdbx_add_index(srtp_rdbx_t *rdbx, int delta); -err_status_t -rdbx_add_index(rdbx_t *rdbx, int delta); +/* + * srtp_rdbx_set_roc(rdbx, roc) initalizes the srtp_rdbx_t at the location rdbx + * to have the rollover counter value roc. If that value is less than + * the current rollover counter value, then the function returns + * srtp_err_status_replay_old; otherwise, srtp_err_status_ok is returned. + * + */ +srtp_err_status_t srtp_rdbx_set_roc(srtp_rdbx_t *rdbx, uint32_t roc); /* - * xtd_seq_num_t functions - these are *internal* functions of rdbx, and + * srtp_rdbx_get_packet_index(rdbx) returns the value of the rollover counter + * for + * the srtp_rdbx_t pointed to by rdbx + * + */ +srtp_xtd_seq_num_t srtp_rdbx_get_packet_index(const srtp_rdbx_t *rdbx); + +/* + * srtp_xtd_seq_num_t functions - these are *internal* functions of rdbx, and * shouldn't be used to manipulate rdbx internal values. use the rdbx * api instead! */ +/* + * srtp_rdbx_get_ws(rdbx_ptr) + * + * gets the window size which was used to initialize the rdbx + */ +unsigned long srtp_rdbx_get_window_size(const srtp_rdbx_t *rdbx); /* index_init(&pi) initializes a packet index pi (sets it to zero) */ - -void -index_init(xtd_seq_num_t *pi); +void srtp_index_init(srtp_xtd_seq_num_t *pi); /* index_advance(&pi, s) advances a xtd_seq_num_t forward by s */ - -void -index_advance(xtd_seq_num_t *pi, sequence_number_t s); - +void srtp_index_advance(srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s); /* - * index_guess(local, guess, s) - * - * given a xtd_seq_num_t local (which represents the highest + * srtp_index_guess(local, guess, s) + * + * given a srtp_xtd_seq_num_t local (which represents the highest * known-to-be-good index) and a sequence number s (from a newly * arrived packet), sets the contents of *guess to contain the best * guess of the packet index to which s corresponds, and returns the * difference between *guess and *local */ +int32_t srtp_index_guess(const srtp_xtd_seq_num_t *local, + srtp_xtd_seq_num_t *guess, + srtp_sequence_number_t s); -int -index_guess(const xtd_seq_num_t *local, - xtd_seq_num_t *guess, - sequence_number_t s); - - -#endif /* RDBX_H */ - - - - - - +/* + * srtp_rdbx_get_roc(rdbx) + * + * Get the current rollover counter + * + */ +uint32_t srtp_rdbx_get_roc(const srtp_rdbx_t *rdbx); +/* + * srtp_rdbx_set_roc_seq(rdbx, roc, seq) initalizes the srtp_rdbx_t at the + * location rdbx to have the rollover counter value roc and packet sequence + * number seq. If the new rollover counter value is less than the current + * rollover counter value, then the function returns + * srtp_err_status_replay_old, otherwise, srtp_err_status_ok is returned. + */ +srtp_err_status_t srtp_rdbx_set_roc_seq(srtp_rdbx_t *rdbx, + uint32_t roc, + uint16_t seq); +#ifdef __cplusplus +} +#endif +#endif /* RDBX_H */ diff --git a/crypto/include/sha1.h b/crypto/include/sha1.h index 2f508cb..933c146 100644 --- a/crypto/include/sha1.h +++ b/crypto/include/sha1.h @@ -9,26 +9,26 @@ */ /* - * - * Copyright (c) 2001-2005, Cisco Systems, Inc. + * + * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -47,63 +47,138 @@ #ifndef SHA1_H #define SHA1_H +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + #include "err.h" +#ifdef OPENSSL +#include <openssl/evp.h> +#include <stdint.h> +#else #include "datatypes.h" +#endif -typedef struct { - uint32_t H[5]; /* state vector */ - uint32_t M[16]; /* message buffer */ - int octets_in_buffer; /* octets of message in buffer */ - uint32_t num_bits_in_msg; /* total number of bits in message */ -} sha1_ctx_t; +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL /* - * sha1(&ctx, msg, len, output) hashes the len octets starting at msg - * into the SHA1 context, then writes the result to the 20 octets at - * output - * + * srtp_sha1_init(&ctx) initializes the SHA1 context ctx + * + * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg + * into the SHA1 context + * + * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1 + * context and writes the result to the 20 octets at output + * + * Return values are ignored on the EVP functions since all three + * of these functions return void. + * */ -void -sha1(const octet_t *message, int octets_in_msg, uint32_t output[5]); +/* OpenSSL 1.1.0 made EVP_MD_CTX an opaque structure, which must be allocated + using EVP_MD_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER + +typedef EVP_MD_CTX srtp_sha1_ctx_t; + +static inline void srtp_sha1_init(srtp_sha1_ctx_t *ctx) +{ + EVP_MD_CTX_init(ctx); + EVP_DigestInit(ctx, EVP_sha1()); +} + +static inline void srtp_sha1_update(srtp_sha1_ctx_t *ctx, + const uint8_t *M, + int octets_in_msg) +{ + EVP_DigestUpdate(ctx, M, octets_in_msg); +} + +static inline void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t *output) +{ + unsigned int len = 0; + + EVP_DigestFinal(ctx, (unsigned char *)output, &len); + EVP_MD_CTX_cleanup(ctx); +} + +#else + +typedef EVP_MD_CTX *srtp_sha1_ctx_t; + +static inline void srtp_sha1_init(srtp_sha1_ctx_t *ctx) +{ + *ctx = EVP_MD_CTX_new(); + EVP_DigestInit(*ctx, EVP_sha1()); +} + +static inline void srtp_sha1_update(srtp_sha1_ctx_t *ctx, + const uint8_t *M, + int octets_in_msg) +{ + EVP_DigestUpdate(*ctx, M, octets_in_msg); +} + +static inline void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t *output) +{ + unsigned int len = 0; + + EVP_DigestFinal(*ctx, (unsigned char *)output, &len); + EVP_MD_CTX_free(*ctx); +} +#endif + +#else + +typedef struct { + uint32_t H[5]; /* state vector */ + uint32_t M[16]; /* message buffer */ + int octets_in_buffer; /* octets of message in buffer */ + uint32_t num_bits_in_msg; /* total number of bits in message */ +} srtp_sha1_ctx_t; /* - * sha1_init(&ctx) initializes the SHA1 context ctx - * - * sha1_update(&ctx, msg, len) hashes the len octets starting at msg + * srtp_sha1_init(&ctx) initializes the SHA1 context ctx + * + * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg * into the SHA1 context - * - * sha1_final(&ctx, output) performs the final processing of the SHA1 + * + * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1 * context and writes the result to the 20 octets at output * */ +void srtp_sha1_init(srtp_sha1_ctx_t *ctx); -void -sha1_init(sha1_ctx_t *ctx); - -void -sha1_update(sha1_ctx_t *ctx, const octet_t *M, int octets_in_msg); - -void -sha1_final(sha1_ctx_t *ctx, uint32_t output[5]); +void srtp_sha1_update(srtp_sha1_ctx_t *ctx, + const uint8_t *M, + int octets_in_msg); +void srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t output[5]); /* - * The sha1_core function is INTERNAL to SHA-1, but it is declared + * The srtp_sha1_core function is INTERNAL to SHA-1, but it is declared * here because it is also used by the cipher SEAL 3.0 in its key - * setup algorithm. + * setup algorithm. */ /* - * sha1_core(M, H) computes the core sha1 compression function, where M is + * srtp_sha1_core(M, H) computes the core sha1 compression function, where M is * the next part of the message and H is the intermediate state {H0, * H1, ...} * * this function does not do any of the padding required in the * complete sha1 function */ +void srtp_sha1_core(const uint32_t M[16], uint32_t hash_value[5]); + +#endif /* else OPENSSL */ + +#ifdef __cplusplus +} +#endif -void -sha1_core(const uint32_t M[16], uint32_t hash_value[5]); - #endif /* SHA1_H */ diff --git a/crypto/include/stat.h b/crypto/include/stat.h index 6d5e4a4..1894e04 100644 --- a/crypto/include/stat.h +++ b/crypto/include/stat.h @@ -1,6 +1,6 @@ /* * stats.h - * + * * interface to statistical test functions * * David A. McGrew @@ -8,26 +8,26 @@ */ /* - * - * Copyright(c) 2001-2005, Cisco Systems, Inc. + * + * Copyright(c) 2001-2017, Cisco Systems, Inc. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * + * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. - * + * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. - * + * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS @@ -43,24 +43,24 @@ * */ - #ifndef STAT_H #define STAT_H -#include "datatypes.h" /* for octet_t */ -#include "err.h" /* for err_status_t */ -#include "rand_source.h" /* for rand_source_func_t definition */ +#include "datatypes.h" /* for uint8_t */ +#include "err.h" /* for srtp_err_status_t */ + +#ifdef __cplusplus +extern "C" { +#endif -err_status_t -stat_test_monobit(octet_t *data); +srtp_err_status_t stat_test_monobit(uint8_t *data); -err_status_t -stat_test_poker(octet_t *data); +srtp_err_status_t stat_test_poker(uint8_t *data); -err_status_t -stat_test_runs(octet_t *data); +srtp_err_status_t stat_test_runs(uint8_t *data); -err_status_t -stat_test_rand_source(rand_source_func_t rs); +#ifdef __cplusplus +} +#endif #endif /* STAT_H */ diff --git a/crypto/include/xfm.h b/crypto/include/xfm.h deleted file mode 100644 index 4d5449e..0000000 --- a/crypto/include/xfm.h +++ /dev/null @@ -1,139 +0,0 @@ -/* - * xfm.h - * - * interface for abstract crypto transform - * - * David A. McGrew - * Cisco Systems, Inc. - */ - -#ifndef XFM_H -#define XFM_H - -#include "crypto_kernel.h" -#include "err.h" - -/** - * @defgroup Crypto Cryptography - * - * A simple interface to an abstract cryptographic transform that - * provides both confidentiality and message authentication. - * - * @{ - */ - -/** - * @brief applies a crypto transform - * - * The function pointer xfm_func_t points to a function that - * implements a crypto transform, and provides a uniform API for - * accessing crypto mechanisms. - * - * @param key location of secret key - * - * @param clear data to be authenticated only - * - * @param clear_len length of data to be authenticated only - * - * @param iv location to write the Initialization Vector (IV) - * - * @param protected location of the data to be encrypted and - * authenticated (before the function call), and the ciphertext - * and authentication tag (after the call) - * - * @param protected_len location of the length of the data to be - * encrypted and authenticated (before the function call), and the - * length of the ciphertext (after the call) - * - * @param auth_tag location to write auth tag - */ - -typedef err_status_t (*xfm_func_t) - (void *key, - void *clear, - unsigned clear_len, - void *iv, - void *opaque, - unsigned *opaque_len, - void *auth_tag - ); - -typedef -err_status_t (*xfm_inv_t) - (void *key, /* location of secret key */ - void *clear, /* data to be authenticated only */ - unsigned clear_len, /* length of data to be authenticated only */ - void *iv, /* location of iv */ - void *opaque, /* data to be decrypted and authenticated */ - unsigned *opaque_len, /* location of the length of data to be - * decrypted and authd (before and after) - */ - void *auth_tag /* location of auth tag */ - ); - -typedef struct xfm_ctx_t { - xfm_func_t func; - xfm_inv_t inv; - unsigned key_len; - unsigned iv_len; - unsigned auth_tag_len; -} xfm_ctx_t; - -typedef xfm_ctx_t *xfm_t; - -#define xfm_get_key_len(xfm) ((xfm)->key_len) - -#define xfm_get_iv_len(xfm) ((xfm)->iv_len) - -#define xfm_get_auth_tag_len(xfm) ((xfm)->auth_tag_len) - - -/* cryptoalgo - 5/28 */ - -typedef err_status_t (*cryptoalg_func_t) - (void *key, - void *clear, - unsigned clear_len, - void *iv, - void *opaque, - unsigned *opaque_len - ); - -typedef -err_status_t (*cryptoalg_inv_t) - (void *key, /* location of secret key */ - void *clear, /* data to be authenticated only */ - unsigned clear_len, /* length of data to be authenticated only */ - void *iv, /* location of iv */ - void *opaque, /* data to be decrypted and authenticated */ - unsigned *opaque_len /* location of the length of data to be - * decrypted and authd (before and after) - */ - ); - -typedef struct cryptoalg_ctx_t { - cryptoalg_func_t enc; - cryptoalg_inv_t dec; - unsigned key_len; - unsigned iv_len; - unsigned auth_tag_len; - unsigned max_expansion; -} cryptoalg_ctx_t; - -typedef cryptoalg_ctx_t *cryptoalg_t; - -#define cryptoalg_get_key_len(cryptoalg) ((cryptoalg)->key_len) - -#define cryptoalg_get_iv_len(cryptoalg) ((cryptoalg)->iv_len) - -#define cryptoalg_get_auth_tag_len(cryptoalg) ((cryptoalg)->auth_tag_len) - - - -/** - * @} - */ - -#endif /* XFM_H */ - - |