diff options
Diffstat (limited to 'third_party/srtp/crypto/include')
27 files changed, 3457 insertions, 0 deletions
diff --git a/third_party/srtp/crypto/include/aes.h b/third_party/srtp/crypto/include/aes.h new file mode 100644 index 00000000..20d28047 --- /dev/null +++ b/third_party/srtp/crypto/include/aes.h @@ -0,0 +1,84 @@ +/* + * aes.h + * + * header file for the AES block cipher + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef _AES_H +#define _AES_H + +#include "srtp_config.h" + +#include "datatypes.h" +#include "gf2_8.h" + +/* aes internals */ + +typedef v128_t aes_expanded_key_t[11]; + +void +aes_expand_encryption_key(const v128_t *key, + aes_expanded_key_t expanded_key); + +void +aes_expand_decryption_key(const v128_t *key, + aes_expanded_key_t expanded_key); + +void +aes_encrypt(v128_t *plaintext, const aes_expanded_key_t exp_key); + +void +aes_decrypt(v128_t *plaintext, const aes_expanded_key_t exp_key); + +#if 0 +/* + * internal functions + */ + +void +aes_init_sbox(void); + +void +aes_compute_tables(void); +#endif + +#endif /* _AES_H */ diff --git a/third_party/srtp/crypto/include/aes_cbc.h b/third_party/srtp/crypto/include/aes_cbc.h new file mode 100644 index 00000000..9fb6682b --- /dev/null +++ b/third_party/srtp/crypto/include/aes_cbc.h @@ -0,0 +1,50 @@ +/* + * aes_cbc.h + * + * Header for AES Cipher Blobk Chaining Mode. + * + * David A. McGrew + * Cisco Systems, Inc. + * + */ + +#ifndef AES_CBC_H +#define AES_CBC_H + +#include "aes.h" +#include "cipher.h" + +typedef struct { + v128_t state; /* cipher chaining state */ + v128_t previous; /* previous ciphertext block */ + aes_expanded_key_t expanded_key; /* the cipher key */ +} aes_cbc_ctx_t; + +err_status_t +aes_cbc_set_key(aes_cbc_ctx_t *c, + const unsigned char *key); + +err_status_t +aes_cbc_encrypt(aes_cbc_ctx_t *c, + unsigned char *buf, + unsigned int *bytes_in_data); + +err_status_t +aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, + cipher_direction_t dir); + +err_status_t +aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv); + +err_status_t +aes_cbc_nist_encrypt(aes_cbc_ctx_t *c, + unsigned char *data, + unsigned int *bytes_in_data); + +err_status_t +aes_cbc_nist_decrypt(aes_cbc_ctx_t *c, + unsigned char *data, + unsigned int *bytes_in_data); + +#endif /* AES_CBC_H */ + diff --git a/third_party/srtp/crypto/include/aes_icm.h b/third_party/srtp/crypto/include/aes_icm.h new file mode 100644 index 00000000..17a1ddba --- /dev/null +++ b/third_party/srtp/crypto/include/aes_icm.h @@ -0,0 +1,56 @@ +/* + * aes_icm.h + * + * Header for AES Integer Counter Mode. + * + * David A. McGrew + * Cisco Systems, Inc. + * + */ + +#ifndef AES_ICM_H +#define AES_ICM_H + +#include "aes.h" +#include "cipher.h" + +typedef struct { + v128_t counter; /* holds the counter value */ + v128_t offset; /* initial offset value */ + v128_t keystream_buffer; /* buffers bytes of keystream */ + aes_expanded_key_t expanded_key; /* the cipher key */ + int bytes_in_buffer; /* number of unused bytes in buffer */ +} aes_icm_ctx_t; + + +err_status_t +aes_icm_context_init(aes_icm_ctx_t *c, + const unsigned char *key); + +err_status_t +aes_icm_set_iv(aes_icm_ctx_t *c, void *iv); + +err_status_t +aes_icm_encrypt(aes_icm_ctx_t *c, + unsigned char *buf, unsigned int *bytes_to_encr); + +err_status_t +aes_icm_output(aes_icm_ctx_t *c, + unsigned char *buf, int bytes_to_output); + +err_status_t +aes_icm_dealloc(cipher_t *c); + +err_status_t +aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c, + unsigned char *buf, + unsigned int *enc_len, + int forIsmacryp); + +err_status_t +aes_icm_alloc_ismacryp(cipher_t **c, + int key_len, + int forIsmacryp); + +#endif /* AES_ICM_H */ + diff --git a/third_party/srtp/crypto/include/alloc.h b/third_party/srtp/crypto/include/alloc.h new file mode 100644 index 00000000..5980eed6 --- /dev/null +++ b/third_party/srtp/crypto/include/alloc.h @@ -0,0 +1,57 @@ +/* + * alloc.h + * + * interface to memory allocation and deallocation, with optional debugging + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef CRYPTO_ALLOC_H +#define CRYPTO_ALLOC_H + +#include "datatypes.h" + +void * +crypto_alloc(size_t size); + +void +crypto_free(void *ptr); + +#endif /* CRYPTO_ALLOC_H */ diff --git a/third_party/srtp/crypto/include/auth.h b/third_party/srtp/crypto/include/auth.h new file mode 100644 index 00000000..295b5f6f --- /dev/null +++ b/third_party/srtp/crypto/include/auth.h @@ -0,0 +1,159 @@ +/* + * auth.h + * + * common interface to authentication functions + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef AUTH_H +#define AUTH_H + +#include "datatypes.h" +#include "err.h" /* error codes */ + +typedef struct auth_type_t *auth_type_pointer; +typedef struct auth_t *auth_pointer_t; + +typedef err_status_t (*auth_alloc_func) + (auth_pointer_t *ap, int key_len, int out_len); + +typedef err_status_t (*auth_init_func) + (void *state, const uint8_t *key, int key_len); + +typedef err_status_t (*auth_dealloc_func)(auth_pointer_t ap); + +typedef err_status_t (*auth_compute_func) + (void *state, uint8_t *buffer, int octets_to_auth, + int tag_len, uint8_t *tag); + +typedef err_status_t (*auth_update_func) + (void *state, uint8_t *buffer, int octets_to_auth); + +typedef err_status_t (*auth_start_func)(void *state); + +/* some syntactic sugar on these function types */ + +#define auth_type_alloc(at, a, klen, outlen) \ + ((at)->alloc((a), (klen), (outlen))) + +#define auth_init(a, key) \ + (((a)->type)->init((a)->state, (key), ((a)->key_len))) + +#define auth_compute(a, buf, len, res) \ + (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res))) + +#define auth_update(a, buf, len) \ + (((a)->type)->update((a)->state, (buf), (len))) + +#define auth_start(a)(((a)->type)->start((a)->state)) + +#define auth_dealloc(c) (((c)->type)->dealloc(c)) + +/* functions to get information about a particular auth_t */ + +int +auth_get_key_length(const struct auth_t *a); + +int +auth_get_tag_length(const struct auth_t *a); + +int +auth_get_prefix_length(const struct auth_t *a); + +/* + * auth_test_case_t is a (list of) key/message/tag values that are + * known to be correct for a particular cipher. this data can be used + * to test an implementation in an on-the-fly self test of the + * correcness of the implementation. (see the auth_type_self_test() + * function below) + */ + +typedef struct auth_test_case_t { + int key_length_octets; /* octets in key */ + uint8_t *key; /* key */ + int data_length_octets; /* octets in data */ + uint8_t *data; /* data */ + int tag_length_octets; /* octets in tag */ + uint8_t *tag; /* tag */ + struct auth_test_case_t *next_test_case; /* pointer to next testcase */ +} auth_test_case_t; + +/* auth_type_t */ + +typedef struct auth_type_t { + auth_alloc_func alloc; + auth_dealloc_func dealloc; + auth_init_func init; + auth_compute_func compute; + auth_update_func update; + auth_start_func start; + char *description; + int ref_count; + auth_test_case_t *test_data; + debug_module_t *debug; +} auth_type_t; + +typedef struct auth_t { + auth_type_t *type; + void *state; + int out_len; /* length of output tag in octets */ + int key_len; /* length of key in octets */ + int prefix_len; /* length of keystream prefix */ +} auth_t; + +/* + * auth_type_self_test() tests an auth_type against test cases + * provided in an array of values of key/message/tag that is known to + * be good + */ + +err_status_t +auth_type_self_test(const auth_type_t *at); + +/* + * auth_type_get_ref_count(at) returns the reference count (the number + * of instantiations) of the auth_type_t at + */ + +int +auth_type_get_ref_count(const auth_type_t *at); + +#endif /* AUTH_H */ diff --git a/third_party/srtp/crypto/include/cipher.h b/third_party/srtp/crypto/include/cipher.h new file mode 100644 index 00000000..96ee9dc3 --- /dev/null +++ b/third_party/srtp/crypto/include/cipher.h @@ -0,0 +1,218 @@ +/* + * cipher.h + * + * common interface to ciphers + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef CIPHER_H +#define CIPHER_H + +#include "datatypes.h" +#include "rdbx.h" /* for xtd_seq_num_t */ +#include "err.h" /* for error codes */ + + +/** + * @brief cipher_direction_t defines a particular cipher operation. + * + * A cipher_direction_t is an enum that describes a particular cipher + * operation, i.e. encryption or decryption. For some ciphers, this + * distinction does not matter, but for others, it is essential. + */ + +typedef enum { + direction_encrypt, /**< encryption (convert plaintext to ciphertext) */ + direction_decrypt, /**< decryption (convert ciphertext to plaintext) */ + direction_any /**< encryption or decryption */ +} cipher_direction_t; + +/* + * the cipher_pointer and cipher_type_pointer definitions are needed + * as cipher_t and cipher_type_t are not yet defined + */ + +typedef struct cipher_type_t *cipher_type_pointer_t; +typedef struct cipher_t *cipher_pointer_t; + +/* + * a cipher_alloc_func_t allocates (but does not initialize) a cipher_t + */ + +typedef err_status_t (*cipher_alloc_func_t) + (cipher_pointer_t *cp, int key_len); + +/* + * a cipher_init_func_t [re-]initializes a cipher_t with a given key + * and direction (i.e., encrypt or decrypt) + */ + +typedef err_status_t (*cipher_init_func_t) + (void *state, const uint8_t *key, cipher_direction_t dir); + +/* a cipher_dealloc_func_t de-allocates a cipher_t */ + +typedef err_status_t (*cipher_dealloc_func_t)(cipher_pointer_t cp); + +/* a cipher_set_segment_func_t sets the segment index of a cipher_t */ + +typedef err_status_t (*cipher_set_segment_func_t) + (void *state, xtd_seq_num_t idx); + +/* a cipher_encrypt_func_t encrypts data in-place */ + +typedef err_status_t (*cipher_encrypt_func_t) + (void *state, uint8_t *buffer, unsigned int *octets_to_encrypt); + +/* a cipher_decrypt_func_t decrypts data in-place */ + +typedef err_status_t (*cipher_decrypt_func_t) + (void *state, uint8_t *buffer, unsigned int *octets_to_decrypt); + +/* + * a cipher_set_nonce_seq_func_t function sets both the nonce + * and the extended sequence number + */ + +typedef err_status_t (*cipher_set_iv_func_t) + (cipher_pointer_t cp, void *iv); + +/* + * cipher_test_case_t is a (list of) key, salt, xtd_seq_num_t, + * plaintext, and ciphertext values that are known to be correct for a + * particular cipher. this data can be used to test an implementation + * in an on-the-fly self test of the correcness of the implementation. + * (see the cipher_type_self_test() function below) + */ + +typedef struct cipher_test_case_t { + int key_length_octets; /* octets in key */ + uint8_t *key; /* key */ + uint8_t *idx; /* packet index */ + int plaintext_length_octets; /* octets in plaintext */ + uint8_t *plaintext; /* plaintext */ + int ciphertext_length_octets; /* octets in plaintext */ + uint8_t *ciphertext; /* ciphertext */ + struct cipher_test_case_t *next_test_case; /* pointer to next testcase */ +} cipher_test_case_t; + +/* cipher_type_t defines the 'metadata' for a particular cipher type */ + +typedef struct cipher_type_t { + cipher_alloc_func_t alloc; + cipher_dealloc_func_t dealloc; + cipher_init_func_t init; + cipher_encrypt_func_t encrypt; + cipher_encrypt_func_t decrypt; + cipher_set_iv_func_t set_iv; + char *description; + int ref_count; + cipher_test_case_t *test_data; + debug_module_t *debug; +} cipher_type_t; + +/* + * cipher_t defines an instantiation of a particular cipher, with fixed + * key length, key and salt values + */ + +typedef struct cipher_t { + cipher_type_t *type; + void *state; + int key_len; +#ifdef FORCE_64BIT_ALIGN + int pad; +#endif +} cipher_t; + +/* some syntactic sugar on these function types */ + +#define cipher_type_alloc(ct, c, klen) ((ct)->alloc((c), (klen))) + +#define cipher_dealloc(c) (((c)->type)->dealloc(c)) + +#define cipher_init(c, k, dir) (((c)->type)->init(((c)->state), (k), (dir))) + +#define cipher_encrypt(c, buf, len) \ + (((c)->type)->encrypt(((c)->state), (buf), (len))) + +#define cipher_decrypt(c, buf, len) \ + (((c)->type)->decrypt(((c)->state), (buf), (len))) + +#define cipher_set_iv(c, n) \ + ((c) ? (((c)->type)->set_iv(((cipher_pointer_t)(c)->state), (n))) : \ + err_status_no_such_op) + +err_status_t +cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output); + + +/* some bookkeeping functions */ + +int +cipher_get_key_length(const cipher_t *c); + + +/* + * cipher_type_self_test() tests a cipher against test cases provided in + * an array of values of key/xtd_seq_num_t/plaintext/ciphertext + * that is known to be good + */ + +err_status_t +cipher_type_self_test(const cipher_type_t *ct); + + +/* + * cipher_bits_per_second(c, l, t) computes (and estimate of) the + * number of bits that a cipher implementation can encrypt in a second + * + * c is a cipher (which MUST be allocated and initialized already), l + * is the length in octets of the test data to be encrypted, and t is + * the number of trials + * + * if an error is encountered, then the value 0 is returned + */ + +uint64_t +cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials); + +#endif /* CIPHER_H */ diff --git a/third_party/srtp/crypto/include/crypto.h b/third_party/srtp/crypto/include/crypto.h new file mode 100644 index 00000000..0e9667da --- /dev/null +++ b/third_party/srtp/crypto/include/crypto.h @@ -0,0 +1,43 @@ +/* + * crypto.h + * + * API for libcrypto + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +#ifndef CRYPTO_H +#define CRYPTO_H + +/** + * @brief A cipher_type_id_t is an identifier for a particular cipher + * type. + * + * A cipher_type_id_t is an integer that represents a particular + * cipher type, e.g. the Advanced Encryption Standard (AES). A + * NULL_CIPHER is avaliable; this cipher leaves the data unchanged, + * and can be selected to indicate that no encryption is to take + * place. + * + * @ingroup Ciphers + */ +typedef uint32_t cipher_type_id_t; + +/** + * @brief An auth_type_id_t is an identifier for a particular authentication + * function. + * + * An auth_type_id_t is an integer that represents a particular + * authentication function type, e.g. HMAC-SHA1. A NULL_AUTH is + * avaliable; this authentication function performs no computation, + * and can be selected to indicate that no authentication is to take + * place. + * + * @ingroup Authentication + */ +typedef uint32_t auth_type_id_t; + +#endif /* CRYPTO_H */ + + diff --git a/third_party/srtp/crypto/include/crypto_kernel.h b/third_party/srtp/crypto/include/crypto_kernel.h new file mode 100644 index 00000000..b8cd9be1 --- /dev/null +++ b/third_party/srtp/crypto/include/crypto_kernel.h @@ -0,0 +1,258 @@ +/* + * crypto_kernel.h + * + * header for the cryptographic kernel + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef CRYPTO_KERNEL +#define CRYPTO_KERNEL + +#include "rand_source.h" +#include "prng.h" +#include "cipher.h" +#include "auth.h" +#include "cryptoalg.h" +#include "stat.h" +#include "err.h" +#include "crypto_types.h" +#include "key.h" +#include "crypto.h" + +/* + * crypto_kernel_state_t defines the possible states: + * + * insecure - not yet initialized + * secure - initialized and passed self-tests + */ + +typedef enum { + crypto_kernel_state_insecure, + crypto_kernel_state_secure +} crypto_kernel_state_t; + +/* + * linked list of cipher types + */ + +typedef struct kernel_cipher_type { + cipher_type_id_t id; + cipher_type_t *cipher_type; + struct kernel_cipher_type *next; +} kernel_cipher_type_t; + +/* + * linked list of auth types + */ + +typedef struct kernel_auth_type { + auth_type_id_t id; + auth_type_t *auth_type; + struct kernel_auth_type *next; +} kernel_auth_type_t; + +/* + * linked list of debug modules + */ + +typedef struct kernel_debug_module { + debug_module_t *mod; + struct kernel_debug_module *next; +} kernel_debug_module_t; + + +/* + * crypto_kernel_t is the data structure for the crypto kernel + * + * note that there is *exactly one* instance of this data type, + * a global variable defined in crypto_kernel.c + */ + +typedef struct { + crypto_kernel_state_t state; /* current state of kernel */ + kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */ + kernel_auth_type_t *auth_type_list; /* list of all auth func types */ + kernel_debug_module_t *debug_module_list; /* list of all debug modules */ +} crypto_kernel_t; + + +/* + * crypto_kernel_t external api + */ + + +/* + * The function crypto_kernel_init() initialized the crypto kernel and + * runs the self-test operations on the random number generators and + * crypto algorithms. Possible return values are: + * + * err_status_ok initialization successful + * <other> init failure + * + * If any value other than err_status_ok is returned, the + * crypto_kernel MUST NOT be used. + */ + +err_status_t +crypto_kernel_init(void); + + +/* + * The function crypto_kernel_shutdown() de-initializes the + * crypto_kernel, zeroizes keys and other cryptographic material, and + * deallocates any dynamically allocated memory. Possible return + * values are: + * + * err_status_ok shutdown successful + * <other> shutdown failure + * + */ + +err_status_t +crypto_kernel_shutdown(void); + +/* + * The function crypto_kernel_stats() checks the the crypto_kernel, + * running tests on the ciphers, auth funcs, and rng, and prints out a + * status report. Possible return values are: + * + * err_status_ok all tests were passed + * <other> a test failed + * + */ + +err_status_t +crypto_kernel_status(void); + + +/* + * crypto_kernel_list_debug_modules() outputs a list of debugging modules + * + */ + +err_status_t +crypto_kernel_list_debug_modules(void); + +/* + * crypto_kernel_load_cipher_type() + * + */ + +err_status_t +crypto_kernel_load_cipher_type(cipher_type_t *ct, cipher_type_id_t id); + +err_status_t +crypto_kernel_load_auth_type(auth_type_t *ct, auth_type_id_t id); + +err_status_t +crypto_kernel_load_debug_module(debug_module_t *new_dm); + +/* + * crypto_kernel_alloc_cipher(id, cp, key_len); + * + * allocates a cipher of type id at location *cp, with key length + * key_len octets. Return values are: + * + * err_status_ok no problems + * err_status_alloc_fail an allocation failure occured + * err_status_fail couldn't find cipher with identifier 'id' + */ + +err_status_t +crypto_kernel_alloc_cipher(cipher_type_id_t id, + cipher_pointer_t *cp, + int key_len); + +/* + * crypto_kernel_alloc_auth(id, ap, key_len, tag_len); + * + * allocates an auth function of type id at location *ap, with key + * length key_len octets and output tag length of tag_len. Return + * values are: + * + * err_status_ok no problems + * err_status_alloc_fail an allocation failure occured + * err_status_fail couldn't find auth with identifier 'id' + */ + +err_status_t +crypto_kernel_alloc_auth(auth_type_id_t id, + auth_pointer_t *ap, + int key_len, + int tag_len); + + +/* + * crypto_kernel_set_debug_module(mod_name, v) + * + * sets dynamic debugging to the value v (0 for off, 1 for on) for the + * debug module with the name mod_name + * + * returns err_status_ok on success, err_status_fail otherwise + */ + +err_status_t +crypto_kernel_set_debug_module(char *mod_name, int v); + +/** + * @brief writes a random octet string. + * + * The function call crypto_get_random(dest, len) writes len octets of + * random data to the location to which dest points, and returns an + * error code. This error code @b must be checked, and if a failure is + * reported, the data in the buffer @b must @b not be used. + * + * @warning If the return code is not checked, then non-random + * data may be in the buffer. This function will fail + * unless it is called after crypto_kernel_init(). + * + * @return + * - err_status_ok if no problems occured. + * - [other] a problem occured, and no assumptions should + * be made about the contents of the destination + * buffer. + * + * @ingroup SRTP + */ +err_status_t +crypto_get_random(unsigned char *buffer, unsigned int length); + +#endif /* CRYPTO_KERNEL */ diff --git a/third_party/srtp/crypto/include/crypto_math.h b/third_party/srtp/crypto/include/crypto_math.h new file mode 100644 index 00000000..c3e7b76b --- /dev/null +++ b/third_party/srtp/crypto/include/crypto_math.h @@ -0,0 +1,273 @@ +/* + * math.h + * + * crypto math operations and data types + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef MATH_H +#define MATH_H + +#include "datatypes.h" + +unsigned char +v32_weight(v32_t a); + +unsigned char +v32_distance(v32_t x, v32_t y); + +unsigned int +v32_dot_product(v32_t a, v32_t b); + +char * +v16_bit_string(v16_t x); + +char * +v32_bit_string(v32_t x); + +char * +v64_bit_string(const v64_t *x); + +char * +octet_hex_string(uint8_t x); + +char * +v16_hex_string(v16_t x); + +char * +v32_hex_string(v32_t x); + +char * +v64_hex_string(const v64_t *x); + +int +hex_char_to_nibble(uint8_t c); + +int +is_hex_string(char *s); + +v16_t +hex_string_to_v16(char *s); + +v32_t +hex_string_to_v32(char *s); + +v64_t +hex_string_to_v64(char *s); + +/* the matrix A[] is stored in column format, i.e., A[i] is + the ith column of the matrix */ + +uint8_t +A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b); + +void +v16_copy_octet_string(v16_t *x, const uint8_t s[2]); + +void +v32_copy_octet_string(v32_t *x, const uint8_t s[4]); + +void +v64_copy_octet_string(v64_t *x, const uint8_t s[8]); + +void +v128_add(v128_t *z, v128_t *x, v128_t *y); + +int +octet_string_is_eq(uint8_t *a, uint8_t *b, int len); + +void +octet_string_set_to_zero(uint8_t *s, int len); + + + +/* + * the matrix A[] is stored in column format, i.e., A[i] is the ith + * column of the matrix +*/ +uint8_t +A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b); + + +#if 0 +#if WORDS_BIGENDIAN + +#define _v128_add(z, x, y) { \ + uint64_t tmp; \ + \ + tmp = x->v32[3] + y->v32[3]; \ + z->v32[3] = (uint32_t) tmp; \ + \ + tmp = x->v32[2] + y->v32[2] + (tmp >> 32); \ + z->v32[2] = (uint32_t) tmp; \ + \ + tmp = x->v32[1] + y->v32[1] + (tmp >> 32); \ + z->v32[1] = (uint32_t) tmp; \ + \ + tmp = x->v32[0] + y->v32[0] + (tmp >> 32); \ + z->v32[0] = (uint32_t) tmp; \ +} + +#else /* assume little endian architecture */ + +#define _v128_add(z, x, y) { \ + uint64_t tmp; \ + \ + tmp = htonl(x->v32[3]) + htonl(y->v32[3]); \ + z->v32[3] = ntohl((uint32_t) tmp); \ + \ + tmp = htonl(x->v32[2]) + htonl(y->v32[2]) \ + + htonl(tmp >> 32); \ + z->v32[2] = ntohl((uint32_t) tmp); \ + \ + tmp = htonl(x->v32[1]) + htonl(y->v32[1]) \ + + htonl(tmp >> 32); \ + z->v32[1] = ntohl((uint32_t) tmp); \ + \ + tmp = htonl(x->v32[0]) + htonl(y->v32[0]) \ + + htonl(tmp >> 32); \ + z->v32[0] = ntohl((uint32_t) tmp); \ +} + +#endif /* WORDS_BIGENDIAN */ +#endif + +#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ + +#define v128_set_to_zero(z) _v128_set_to_zero(z) +#define v128_copy(z, x) _v128_copy(z, x) +#define v128_xor(z, x, y) _v128_xor(z, x, y) +#define v128_and(z, x, y) _v128_and(z, x, y) +#define v128_or(z, x, y) _v128_or(z, x, y) +#define v128_complement(x) _v128_complement(x) +#define v128_is_eq(x, y) _v128_is_eq(x, y) +#define v128_xor_eq(x, y) _v128_xor_eq(x, y) +#define v128_get_bit(x, i) _v128_get_bit(x, i) +#define v128_set_bit(x, i) _v128_set_bit(x, i) +#define v128_clear_bit(x, i) _v128_clear_bit(x, i) +#define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y) + +#else + +void +v128_set_to_zero(v128_t *x); + +int +v128_is_eq(const v128_t *x, const v128_t *y); + +void +v128_copy(v128_t *x, const v128_t *y); + +void +v128_xor(v128_t *z, v128_t *x, v128_t *y); + +void +v128_and(v128_t *z, v128_t *x, v128_t *y); + +void +v128_or(v128_t *z, v128_t *x, v128_t *y); + +void +v128_complement(v128_t *x); + +int +v128_get_bit(const v128_t *x, int i); + +void +v128_set_bit(v128_t *x, int i) ; + +void +v128_clear_bit(v128_t *x, int i); + +void +v128_set_bit_to(v128_t *x, int i, int y); + +#endif /* DATATYPES_USE_MACROS */ + +/* + * octet_string_is_eq(a,b, len) returns 1 if the length len strings a + * and b are not equal, returns 0 otherwise + */ + +int +octet_string_is_eq(uint8_t *a, uint8_t *b, int len); + +void +octet_string_set_to_zero(uint8_t *s, int len); + + +/* + * functions manipulating bit_vector_t + * + * A bitvector_t consists of an array of words and an integer + * representing the number of significant bits stored in the array. + * The bits are packed as follows: the least significant bit is that + * of word[0], while the most significant bit is the nth most + * significant bit of word[m], where length = bits_per_word * m + n. + * + */ + +#define bits_per_word 32 +#define bytes_per_word 4 + +typedef struct { + uint32_t length; + uint32_t *word; +} bitvector_t; + +int +bitvector_alloc(bitvector_t *v, unsigned long length); + +void +bitvector_set_bit(bitvector_t *v, int bit_index); + +int +bitvector_get_bit(const bitvector_t *v, int bit_index); + +int +bitvector_print_hex(const bitvector_t *v, FILE *stream); + +int +bitvector_set_from_hex(bitvector_t *v, char *string); + +#endif /* MATH_H */ + + + diff --git a/third_party/srtp/crypto/include/crypto_types.h b/third_party/srtp/crypto/include/crypto_types.h new file mode 100644 index 00000000..0ce50f4b --- /dev/null +++ b/third_party/srtp/crypto/include/crypto_types.h @@ -0,0 +1,206 @@ +/* + * crypto_types.h + * + * constants for cipher types and auth func types + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CRYPTO_TYPES_H +#define CRYPTO_TYPES_H + +/** + * @defgroup Algos Cryptographic Algorithms + * + * + * This library provides several different cryptographic algorithms, + * each of which can be selected by using the cipher_type_id_t and + * auth_type_id_t. These algorithms are documented below. + * + * Authentication functions that use the Universal Security Transform + * (UST) must be used in conjunction with a cipher other than the null + * cipher. These functions require a per-message pseudorandom input + * that is generated by the cipher. + * + * The identifiers STRONGHOLD_AUTH and STRONGHOLD_CIPHER identify the + * strongest available authentication function and cipher, + * respectively. They are resolved at compile time to the strongest + * available algorithm. The stronghold algorithms can serve as did + * the keep of a medieval fortification; they provide the strongest + * defense (or the last refuge). + * + * @{ + */ + +/** + * @defgroup Ciphers Cipher Types + * + * @brief Each cipher type is identified by an unsigned integer. The + * cipher types available in this edition of libSRTP are given + * by the #defines below. + * + * A cipher_type_id_t is an identifier for a cipher_type; only values + * given by the #defines above (or those present in the file + * crypto_types.h) should be used. + * + * The identifier STRONGHOLD_CIPHER indicates the strongest available + * cipher, allowing an application to choose the strongest available + * algorithm without any advance knowledge about the avaliable + * algorithms. + * + * @{ + */ + +/** + * @brief The null cipher performs no encryption. + * + * The NULL_CIPHER leaves its inputs unaltered, during both the + * encryption and decryption operations. This cipher can be chosen + * to indicate that no encryption is to be performed. + */ +#define NULL_CIPHER 0 + +/** + * @brief AES-128 Integer Counter Mode (AES ICM) + * + * AES-128 ICM is the variant of counter mode that is used by Secure RTP. + * This cipher uses a 16-octet key and a 30-octet offset (or salt) value. + */ +#define AES_128_ICM 1 + +/** + * @brief SEAL 3.0 + * + * SEAL is the Software-Optimized Encryption Algorithm of Coppersmith + * and Rogaway. Nota bene: this cipher is IBM proprietary. + */ +#define SEAL 2 + +/** + * @brief AES-128 Integer Counter Mode (AES ICM) + * + * AES-128 ICM is the variant of counter mode that is used by Secure RTP. + * This cipher uses a 16-octet key and a 30-octet offset (or salt) value. + */ +#define AES_128_CBC 3 + +/** + * @brief Strongest available cipher. + * + * This identifier resolves to the strongest cipher type available. + */ +#define STRONGHOLD_CIPHER AES_128_ICM + +/** + * @} + */ + + + +/** + * @defgroup Authentication Authentication Function Types + * + * @brief Each authentication function type is identified by an + * unsigned integer. The authentication function types available in + * this edition of libSRTP are given by the #defines below. + * + * An auth_type_id_t is an identifier for an authentication function type; + * only values given by the #defines above (or those present in the + * file crypto_types.h) should be used. + * + * The identifier STRONGHOLD_AUTH indicates the strongest available + * authentication function, allowing an application to choose the + * strongest available algorithm without any advance knowledge about + * the avaliable algorithms. The stronghold algorithms can serve as + * did the keep of a medieval fortification; they provide the + * strongest defense (or the last refuge). + * + * @{ + */ + +/** + * @brief The null authentication function performs no authentication. + * + * The NULL_AUTH function does nothing, and can be selected to indicate + * that authentication should not be performed. + */ +#define NULL_AUTH 0 + +/** + * @brief UST with TMMH Version 2 + * + * UST_TMMHv2 implements the Truncated Multi-Modular Hash using + * UST. This function must be used in conjunction with a cipher other + * than the null cipher. + * with a cipher. + */ +#define UST_TMMHv2 1 + +/** + * @brief (UST) AES-128 XORMAC + * + * UST_AES_128_XMAC implements AES-128 XORMAC, using UST. Nota bene: + * the XORMAC algorithm is IBM proprietary. + */ +#define UST_AES_128_XMAC 2 + +/** + * @brief HMAC-SHA1 + * + * HMAC_SHA1 implements the Hash-based MAC using the NIST Secure + * Hash Algorithm version 1 (SHA1). + */ +#define HMAC_SHA1 3 + +/** + * @brief Strongest available authentication function. + * + * This identifier resolves to the strongest available authentication + * function. + */ +#define STRONGHOLD_AUTH HMAC_SHA1 + +/** + * @} + */ +/** + * @} + */ + +#endif /* CRYPTO_TYPES_H */ diff --git a/third_party/srtp/crypto/include/cryptoalg.h b/third_party/srtp/crypto/include/cryptoalg.h new file mode 100644 index 00000000..d9f0441e --- /dev/null +++ b/third_party/srtp/crypto/include/cryptoalg.h @@ -0,0 +1,133 @@ +/* + * cryptoalg.h + * + * API for authenticated encryption crypto algorithms + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CRYPTOALG_H +#define CRYPTOALG_H + +#include "err.h" + +/** + * @defgroup Crypto Cryptography + * + * Zed uses a simple interface to a cryptographic transform. + * + * @{ + */ + +/** + * @brief applies a crypto algorithm + * + * The function pointer cryptoalg_func_t points to a function that + * implements a crypto transform, and provides a uniform API for + * accessing crypto mechanisms. + * + * @param key location of secret key + * + * @param clear data to be authenticated but not encrypted + * + * @param clear_len length of data to be authenticated but not encrypted + * + * @param iv location to write the Initialization Vector (IV) + * + * @param protect location of the data to be encrypted and + * authenticated (before the function call), and the ciphertext + * and authentication tag (after the call) + * + * @param protected_len location of the length of the data to be + * encrypted and authenticated (before the function call), and the + * length of the ciphertext (after the call) + * + */ + +typedef err_status_t (*cryptoalg_func_t) + (void *key, + const void *clear, + unsigned clear_len, + void *iv, + void *protect, + unsigned *protected_len); + +typedef +err_status_t (*cryptoalg_inv_t) + (void *key, /* location of secret key */ + const void *clear, /* data to be authenticated only */ + unsigned clear_len, /* length of data to be authenticated only */ + void *iv, /* location of iv */ + void *opaque, /* data to be decrypted and authenticated */ + unsigned *opaque_len /* location of the length of data to be + * decrypted and authd (before and after) + */ + ); + +typedef struct cryptoalg_ctx_t { + cryptoalg_func_t enc; + cryptoalg_inv_t dec; + unsigned key_len; + unsigned iv_len; + unsigned auth_tag_len; + unsigned max_expansion; +} cryptoalg_ctx_t; + +typedef cryptoalg_ctx_t *cryptoalg_t; + +#define cryptoalg_get_key_len(cryptoalg) ((cryptoalg)->key_len) + +#define cryptoalg_get_iv_len(cryptoalg) ((cryptoalg)->iv_len) + +#define cryptoalg_get_auth_tag_len(cryptoalg) ((cryptoalg)->auth_tag_len) + +int +cryptoalg_get_id(cryptoalg_t c); + +cryptoalg_t +cryptoalg_find_by_id(int id); + + +/** + * @} + */ + +#endif /* CRYPTOALG_H */ + + diff --git a/third_party/srtp/crypto/include/datatypes.h b/third_party/srtp/crypto/include/datatypes.h new file mode 100644 index 00000000..4f86b556 --- /dev/null +++ b/third_party/srtp/crypto/include/datatypes.h @@ -0,0 +1,427 @@ +/* + * datatypes.h + * + * data types for bit vectors and finite fields + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef _DATATYPES_H +#define _DATATYPES_H + +#include "integers.h" /* definitions of uint32_t, et cetera */ +#include "alloc.h" + +#include <stdarg.h> + +#ifndef SRTP_KERNEL +# include <stdio.h> +# include <string.h> +# include <time.h> +# ifdef HAVE_NETINET_IN_H +# include <netinet/in.h> +# elif defined HAVE_WINSOCK2_H +# include <winsock2.h> +# endif +#endif + + +/* if DATATYPES_USE_MACROS is defined, then little functions are macros */ +#define DATATYPES_USE_MACROS + +typedef union { + uint8_t v8[2]; + uint16_t value; +} v16_t; + +typedef union { + uint8_t v8[4]; + uint16_t v16[2]; + uint32_t value; +} v32_t; + +typedef union { + uint8_t v8[8]; + uint16_t v16[4]; + uint32_t v32[2]; + uint64_t value; +} v64_t; + +typedef union { + uint8_t v8[16]; + uint16_t v16[8]; + uint32_t v32[4]; + uint64_t v64[2]; +} v128_t; + + + +/* some useful and simple math functions */ + +#define pow_2(X) ( (unsigned int)1 << (X) ) /* 2^X */ + +#define pow_minus_one(X) ( (X) ? -1 : 1 ) /* (-1)^X */ + + +/* + * octet_get_weight(x) returns the hamming weight (number of bits equal to + * one) in the octet x + */ + +int +octet_get_weight(uint8_t octet); + +char * +octet_bit_string(uint8_t x); + +#define MAX_PRINT_STRING_LEN 1024 + +char * +octet_string_hex_string(const void *str, int length); + +char * +v128_bit_string(v128_t *x); + +char * +v128_hex_string(v128_t *x); + +uint8_t +nibble_to_hex_char(uint8_t nibble); + +char * +char_to_hex_string(char *x, int num_char); + +uint8_t +hex_string_to_octet(char *s); + +/* + * hex_string_to_octet_string(raw, hex, len) converts the hexadecimal + * string at *hex (of length len octets) to the equivalent raw data + * and writes it to *raw. + * + * if a character in the hex string that is not a hexadeciaml digit + * (0123456789abcdefABCDEF) is encountered, the function stops writing + * data to *raw + * + * the number of hex digits copied (which is two times the number of + * octets in *raw) is returned + */ + +int +hex_string_to_octet_string(char *raw, char *hex, int len); + +v128_t +hex_string_to_v128(char *s); + +void +v128_copy_octet_string(v128_t *x, const uint8_t s[16]); + +void +v128_left_shift(v128_t *x, int index); + +void +v128_right_shift(v128_t *x, int index); + +/* + * the following macros define the data manipulation functions + * + * If DATATYPES_USE_MACROS is defined, then these macros are used + * directly (and function call overhead is avoided). Otherwise, + * the macros are used through the functions defined in datatypes.c + * (and the compiler provides better warnings). + */ + +#define _v128_set_to_zero(x) \ +( \ + (x)->v32[0] = 0, \ + (x)->v32[1] = 0, \ + (x)->v32[2] = 0, \ + (x)->v32[3] = 0 \ +) + +#define _v128_copy(x, y) \ +( \ + (x)->v32[0] = (y)->v32[0], \ + (x)->v32[1] = (y)->v32[1], \ + (x)->v32[2] = (y)->v32[2], \ + (x)->v32[3] = (y)->v32[3] \ +) + +#define _v128_xor(z, x, y) \ +( \ + (z)->v32[0] = (x)->v32[0] ^ (y)->v32[0], \ + (z)->v32[1] = (x)->v32[1] ^ (y)->v32[1], \ + (z)->v32[2] = (x)->v32[2] ^ (y)->v32[2], \ + (z)->v32[3] = (x)->v32[3] ^ (y)->v32[3] \ +) + +#define _v128_and(z, x, y) \ +( \ + (z)->v32[0] = (x)->v32[0] & (y)->v32[0], \ + (z)->v32[1] = (x)->v32[1] & (y)->v32[1], \ + (z)->v32[2] = (x)->v32[2] & (y)->v32[2], \ + (z)->v32[3] = (x)->v32[3] & (y)->v32[3] \ +) + +#define _v128_or(z, x, y) \ +( \ + (z)->v32[0] = (x)->v32[0] | (y)->v32[0], \ + (z)->v32[1] = (x)->v32[1] | (y)->v32[1], \ + (z)->v32[2] = (x)->v32[2] | (y)->v32[2], \ + (z)->v32[3] = (x)->v32[3] | (y)->v32[3] \ +) + +#define _v128_complement(x) \ +( \ + (x)->v32[0] = ~(x)->v32[0], \ + (x)->v32[1] = ~(x)->v32[1], \ + (x)->v32[2] = ~(x)->v32[2], \ + (x)->v32[3] = ~(x)->v32[3] \ +) + +/* ok for NO_64BIT_MATH if it can compare uint64_t's (even as structures) */ +#define _v128_is_eq(x, y) \ + (((x)->v64[0] == (y)->v64[0]) && ((x)->v64[1] == (y)->v64[1])) + + +#ifdef NO_64BIT_MATH +#define _v128_xor_eq(z, x) \ +( \ + (z)->v32[0] ^= (x)->v32[0], \ + (z)->v32[1] ^= (x)->v32[1], \ + (z)->v32[2] ^= (x)->v32[2], \ + (z)->v32[3] ^= (x)->v32[3] \ +) +#else +#define _v128_xor_eq(z, x) \ +( \ + (z)->v64[0] ^= (x)->v64[0], \ + (z)->v64[1] ^= (x)->v64[1] \ +) +#endif + +/* NOTE! This assumes an odd ordering! */ +/* This will not be compatible directly with math on some processors */ +/* bit 0 is first 32-bit word, low order bit. in little-endian, that's + the first byte of the first 32-bit word. In big-endian, that's + the 3rd byte of the first 32-bit word */ +/* The get/set bit code is used by the replay code ONLY, and it doesn't + really care which bit is which. AES does care which bit is which, but + doesn't use the 128-bit get/set or 128-bit shifts */ + +#define _v128_get_bit(x, bit) \ +( \ + ((((x)->v32[(bit) >> 5]) >> ((bit) & 31)) & 1) \ +) + +#define _v128_set_bit(x, bit) \ +( \ + (((x)->v32[(bit) >> 5]) |= ((uint32_t)1 << ((bit) & 31))) \ +) + +#define _v128_clear_bit(x, bit) \ +( \ + (((x)->v32[(bit) >> 5]) &= ~((uint32_t)1 << ((bit) & 31))) \ +) + +#define _v128_set_bit_to(x, bit, value) \ +( \ + (value) ? _v128_set_bit(x, bit) : \ + _v128_clear_bit(x, bit) \ +) + + +#if 0 +/* nothing uses this */ +#ifdef WORDS_BIGENDIAN + +#define _v128_add(z, x, y) { \ + uint64_t tmp; \ + \ + tmp = x->v32[3] + y->v32[3]; \ + z->v32[3] = (uint32_t) tmp; \ + \ + tmp = x->v32[2] + y->v32[2] + (tmp >> 32); \ + z->v32[2] = (uint32_t) tmp; \ + \ + tmp = x->v32[1] + y->v32[1] + (tmp >> 32); \ + z->v32[1] = (uint32_t) tmp; \ + \ + tmp = x->v32[0] + y->v32[0] + (tmp >> 32); \ + z->v32[0] = (uint32_t) tmp; \ +} + +#else /* assume little endian architecture */ + +#define _v128_add(z, x, y) { \ + uint64_t tmp; \ + \ + tmp = htonl(x->v32[3]) + htonl(y->v32[3]); \ + z->v32[3] = ntohl((uint32_t) tmp); \ + \ + tmp = htonl(x->v32[2]) + htonl(y->v32[2]) \ + + htonl(tmp >> 32); \ + z->v32[2] = ntohl((uint32_t) tmp); \ + \ + tmp = htonl(x->v32[1]) + htonl(y->v32[1]) \ + + htonl(tmp >> 32); \ + z->v32[1] = ntohl((uint32_t) tmp); \ + \ + tmp = htonl(x->v32[0]) + htonl(y->v32[0]) \ + + htonl(tmp >> 32); \ + z->v32[0] = ntohl((uint32_t) tmp); \ +} +#endif /* WORDS_BIGENDIAN */ +#endif /* 0 */ + + +#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ + +#define v128_set_to_zero(z) _v128_set_to_zero(z) +#define v128_copy(z, x) _v128_copy(z, x) +#define v128_xor(z, x, y) _v128_xor(z, x, y) +#define v128_and(z, x, y) _v128_and(z, x, y) +#define v128_or(z, x, y) _v128_or(z, x, y) +#define v128_complement(x) _v128_complement(x) +#define v128_is_eq(x, y) _v128_is_eq(x, y) +#define v128_xor_eq(x, y) _v128_xor_eq(x, y) +#define v128_get_bit(x, i) _v128_get_bit(x, i) +#define v128_set_bit(x, i) _v128_set_bit(x, i) +#define v128_clear_bit(x, i) _v128_clear_bit(x, i) +#define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y) + +#else + +void +v128_set_to_zero(v128_t *x); + +int +v128_is_eq(const v128_t *x, const v128_t *y); + +void +v128_copy(v128_t *x, const v128_t *y); + +void +v128_xor(v128_t *z, v128_t *x, v128_t *y); + +void +v128_and(v128_t *z, v128_t *x, v128_t *y); + +void +v128_or(v128_t *z, v128_t *x, v128_t *y); + +void +v128_complement(v128_t *x); + +int +v128_get_bit(const v128_t *x, int i); + +void +v128_set_bit(v128_t *x, int i) ; + +void +v128_clear_bit(v128_t *x, int i); + +void +v128_set_bit_to(v128_t *x, int i, int y); + +#endif /* DATATYPES_USE_MACROS */ + +/* + * octet_string_is_eq(a,b, len) returns 1 if the length len strings a + * and b are not equal, returns 0 otherwise + */ + +int +octet_string_is_eq(uint8_t *a, uint8_t *b, int len); + +void +octet_string_set_to_zero(uint8_t *s, int len); + + +#ifndef SRTP_KERNEL_LINUX + +/* + * Convert big endian integers to CPU byte order. + */ +#ifdef WORDS_BIGENDIAN +/* Nothing to do. */ +# define be32_to_cpu(x) (x) +# define be64_to_cpu(x) (x) +#elif defined(HAVE_BYTESWAP_H) +/* We have (hopefully) optimized versions in byteswap.h */ +# include <byteswap.h> +# define be32_to_cpu(x) bswap_32((x)) +# define be64_to_cpu(x) bswap_64((x)) +#else + +#if defined(__GNUC__) && defined(HAVE_X86) +/* Fall back. */ +static inline uint32_t be32_to_cpu(uint32_t v) { + /* optimized for x86. */ + asm("bswap %0" : "=r" (v) : "0" (v)); + return v; +} +# else /* HAVE_X86 */ +# ifdef HAVE_NETINET_IN_H +# include <netinet/in.h> +# elif defined HAVE_WINSOCK2_H +# include <winsock2.h> +# endif +# define be32_to_cpu(x) ntohl((x)) +# endif /* HAVE_X86 */ + +static inline uint64_t be64_to_cpu(uint64_t v) { +# ifdef NO_64BIT_MATH + /* use the make64 functions to do 64-bit math */ + v = make64(htonl(low32(v)),htonl(high32(v))); +# else + /* use the native 64-bit math */ + v= (uint64_t)((be32_to_cpu((uint32_t)(v >> 32))) | (((uint64_t)be32_to_cpu((uint32_t)v)) << 32)); +# endif + return v; +} + +#endif /* ! SRTP_KERNEL_LINUX */ + +#endif /* WORDS_BIGENDIAN */ + +#endif /* _DATATYPES_H */ diff --git a/third_party/srtp/crypto/include/err.h b/third_party/srtp/crypto/include/err.h new file mode 100644 index 00000000..1a6e1701 --- /dev/null +++ b/third_party/srtp/crypto/include/err.h @@ -0,0 +1,174 @@ +/* + * err.h + * + * error status codes + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef ERR_H +#define ERR_H + +#include "datatypes.h" + +/** + * @defgroup Error Error Codes + * + * Error status codes are represented by the enumeration err_status_t. + * + * @{ + */ + + +/* + * @brief err_status_t defines error codes. + * + * The enumeration err_status_t defines error codes. Note that the + * value of err_status_ok is equal to zero, which can simplify error + * checking somewhat. + * + */ +typedef enum { + err_status_ok = 0, /**< nothing to report */ + err_status_fail = 1, /**< unspecified failure */ + err_status_bad_param = 2, /**< unsupported parameter */ + err_status_alloc_fail = 3, /**< couldn't allocate memory */ + err_status_dealloc_fail = 4, /**< couldn't deallocate properly */ + err_status_init_fail = 5, /**< couldn't initialize */ + err_status_terminus = 6, /**< can't process as much data as requested */ + err_status_auth_fail = 7, /**< authentication failure */ + err_status_cipher_fail = 8, /**< cipher failure */ + err_status_replay_fail = 9, /**< replay check failed (bad index) */ + err_status_replay_old = 10, /**< replay check failed (index too old) */ + err_status_algo_fail = 11, /**< algorithm failed test routine */ + err_status_no_such_op = 12, /**< unsupported operation */ + err_status_no_ctx = 13, /**< no appropriate context found */ + err_status_cant_check = 14, /**< unable to perform desired validation */ + err_status_key_expired = 15, /**< can't use key any more */ + err_status_socket_err = 16, /**< error in use of socket */ + err_status_signal_err = 17, /**< error in use POSIX signals */ + err_status_nonce_bad = 18, /**< nonce check failed */ + err_status_read_fail = 19, /**< couldn't read data */ + err_status_write_fail = 20, /**< couldn't write data */ + err_status_parse_err = 21, /**< error pasring data */ + err_status_encode_err = 22, /**< error encoding data */ + err_status_semaphore_err = 23,/**< error while using semaphores */ + err_status_pfkey_err = 24 /**< error while using pfkey */ +} err_status_t; + +/** + * @} + */ + +typedef enum { + err_level_emergency = 0, + err_level_alert, + err_level_critical, + err_level_error, + err_level_warning, + err_level_notice, + err_level_info, + err_level_debug, + err_level_none +} err_reporting_level_t; + +/* + * err_reporting_init prepares the error system. If + * ERR_REPORTING_SYSLOG is defined, it will open syslog. + * + * The ident argument is a string that will be prepended to + * all syslog messages. It is conventionally argv[0]. + */ + +err_status_t +err_reporting_init(char *ident); + +#ifdef SRTP_KERNEL_LINUX +extern err_reporting_level_t err_level; +#else + +/* + * keydaemon_report_error reports a 'printf' formatted error + * string, followed by a an arg list. The priority argument + * is equivalent to that defined for syslog. + * + * Errors will be reported to ERR_REPORTING_FILE, if defined, and to + * syslog, if ERR_REPORTING_SYSLOG is defined. + * + */ + +void +err_report(int priority, char *format, ...); +#endif /* ! SRTP_KERNEL_LINUX */ + + +/* + * debug_module_t defines a debug module + */ + +typedef struct { + int on; /* 1 if debugging is on, 0 if it is off */ + char *name; /* printable name for debug module */ +} debug_module_t; + +#ifdef ENABLE_DEBUGGING + +#define debug_on(mod) (mod).on = 1 + +#define debug_off(mod) (mod).on = 0 + +/* use err_report() to report debug message */ +#define debug_print(mod, format, arg) \ + if (mod.on) err_report(err_level_debug, ("%s: " format "\n"), mod.name, arg) +#define debug_print2(mod, format, arg1,arg2) \ + if (mod.on) err_report(err_level_debug, ("%s: " format "\n"), mod.name, arg1,arg2) + +#else + +/* define macros to do nothing */ +#define debug_print(mod, format, arg) + +#define debug_on(mod) + +#define debug_off(mod) + +#endif + +#endif /* ERR_H */ diff --git a/third_party/srtp/crypto/include/gf2_8.h b/third_party/srtp/crypto/include/gf2_8.h new file mode 100644 index 00000000..098d37c9 --- /dev/null +++ b/third_party/srtp/crypto/include/gf2_8.h @@ -0,0 +1,79 @@ +/* + * gf2_8.h + * + * GF(256) implementation + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef GF2_8_H +#define GF2_8_H + +#include "datatypes.h" /* for uint8_t definition */ + +typedef uint8_t gf2_8; + +#define gf2_8_field_polynomial 0x1B + +/* + * gf2_8_shift(x) returns + */ + +/* + * gf2_8_shift(z) returns the result of the GF(2^8) 'multiply by x' + * operation, using the field representation from AES; that is, the + * next gf2_8 value in the cyclic representation of that field. The + * value z should be an uint8_t. + */ + +#define gf2_8_shift(z) (((z) & 128) ? \ + (((z) << 1) ^ gf2_8_field_polynomial) : ((z) << 1)) + +gf2_8 +gf2_8_compute_inverse(gf2_8 x); + +void +test_gf2_8(void); + +gf2_8 +gf2_8_multiply(gf2_8 x, gf2_8 y); + +#endif /* GF2_8_H */ diff --git a/third_party/srtp/crypto/include/hmac.h b/third_party/srtp/crypto/include/hmac.h new file mode 100644 index 00000000..262c0e2d --- /dev/null +++ b/third_party/srtp/crypto/include/hmac.h @@ -0,0 +1,78 @@ +/* + * hmac.h + * + * interface to hmac auth_type_t + * + * David A. McGrew + * Cisco Systems, Inc. + * + */ +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef HMAC_H +#define HMAC_H + +#include "auth.h" +#include "sha1.h" + +typedef struct { + uint8_t opad[64]; + sha1_ctx_t ctx; + sha1_ctx_t init_ctx; +} hmac_ctx_t; + +err_status_t +hmac_alloc(auth_t **a, int key_len, int out_len); + +err_status_t +hmac_dealloc(auth_t *a); + +err_status_t +hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len); + +err_status_t +hmac_start(hmac_ctx_t *state); + +err_status_t +hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets); + +err_status_t +hmac_compute(hmac_ctx_t *state, const void *message, + int msg_octets, int tag_len, uint8_t *result); + + +#endif /* HMAC_H */ diff --git a/third_party/srtp/crypto/include/integers.h b/third_party/srtp/crypto/include/integers.h new file mode 100644 index 00000000..138ea9c5 --- /dev/null +++ b/third_party/srtp/crypto/include/integers.h @@ -0,0 +1,147 @@ +/* + * integers.h + * + * defines integer types (or refers to their definitions) + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef INTEGERS_H +#define INTEGERS_H + +#include "srtp_config.h" /* configuration file, using autoconf */ + +#ifdef SRTP_KERNEL + +#include "kernel_compat.h" + +#else /* SRTP_KERNEL */ + +/* use standard integer definitions, if they're available */ +#ifdef HAVE_STDLIB_H +# include <stdlib.h> +#endif +#ifdef HAVE_STDINT_H +# include <stdint.h> +#endif +#ifdef HAVE_INTTYPES_H +# include <inttypes.h> +#endif +#ifdef HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif +#ifdef HAVE_SYS_INT_TYPES_H +# include <sys/int_types.h> /* this exists on Sun OS */ +#endif +#ifdef HAVE_MACHINE_TYPES_H +# include <machine/types.h> +#endif + +/* Can we do 64 bit integers? */ +#ifndef HAVE_UINT64_T +# if SIZEOF_UNSIGNED_LONG == 8 +typedef unsigned long uint64_t; +# elif SIZEOF_UNSIGNED_LONG_LONG == 8 +typedef unsigned long long uint64_t; +# else +# define NO_64BIT_MATH 1 +# endif +#endif + +/* Reasonable defaults for 32 bit machines - you may need to + * edit these definitions for your own machine. */ +#ifndef HAVE_UINT8_T +typedef unsigned char uint8_t; +#endif +#ifndef HAVE_UINT16_T +typedef unsigned short int uint16_t; +#endif +#ifndef HAVE_UINT32_T +typedef unsigned int uint32_t; +#endif + + +#ifdef NO_64BIT_MATH +typedef double uint64_t; +/* assert that sizeof(double) == 8 */ +extern uint64_t make64(uint32_t high, uint32_t low); +extern uint32_t high32(uint64_t value); +extern uint32_t low32(uint64_t value); +#endif + +#endif /* SRTP_KERNEL */ + +/* These macros are to load and store 32-bit values from un-aligned + addresses. This is required for processors that do not allow unaligned + loads. */ +#ifdef ALIGNMENT_32BIT_REQUIRED +/* Note that if it's in a variable, you can memcpy it */ +#ifdef WORDS_BIGENDIAN +#define PUT_32(addr,value) \ + { \ + ((unsigned char *) (addr))[0] = (value >> 24); \ + ((unsigned char *) (addr))[1] = (value >> 16) & 0xff; \ + ((unsigned char *) (addr))[2] = (value >> 8) & 0xff; \ + ((unsigned char *) (addr))[3] = (value) & 0xff; \ + } +#define GET_32(addr) ((((unsigned char *) (addr))[0] << 24) | \ + (((unsigned char *) (addr))[1] << 16) | \ + (((unsigned char *) (addr))[2] << 8) | \ + (((unsigned char *) (addr))[3])) +#else +#define PUT_32(addr,value) \ + { \ + ((unsigned char *) (addr))[3] = (value >> 24); \ + ((unsigned char *) (addr))[2] = (value >> 16) & 0xff; \ + ((unsigned char *) (addr))[1] = (value >> 8) & 0xff; \ + ((unsigned char *) (addr))[0] = (value) & 0xff; \ + } +#define GET_32(addr) ((((unsigned char *) (addr))[3] << 24) | \ + (((unsigned char *) (addr))[2] << 16) | \ + (((unsigned char *) (addr))[1] << 8) | \ + (((unsigned char *) (addr))[0])) +#endif // WORDS_BIGENDIAN +#else +#define PUT_32(addr,value) *(((uint32_t *) (addr)) = (value) +#define GET_32(addr) (*(((uint32_t *) (addr))) +#endif + +#endif /* INTEGERS_H */ diff --git a/third_party/srtp/crypto/include/kernel_compat.h b/third_party/srtp/crypto/include/kernel_compat.h new file mode 100644 index 00000000..59d1898e --- /dev/null +++ b/third_party/srtp/crypto/include/kernel_compat.h @@ -0,0 +1,84 @@ +/* + * kernel_compat.h + * + * Compatibility stuff for building in kernel context where standard + * C headers and library are not available. + * + * Marcus Sundberg + * Ingate Systems AB + */ +/* + * + * Copyright(c) 2005 Ingate Systems AB + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the author(s) nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef KERNEL_COMPAT_H +#define KERNEL_COMPAT_H + +#ifdef SRTP_KERNEL_LINUX + +#include <linux/kernel.h> +#include <linux/slab.h> +#include <linux/sched.h> +#include <linux/random.h> +#include <linux/byteorder/generic.h> + + +#define err_report(priority, ...) \ + do {\ + if (priority <= err_level) {\ + printk(__VA_ARGS__);\ + }\ + }while(0) + +#define clock() (jiffies) +#define time(x) (jiffies) + +/* rand() implementation. */ +#define RAND_MAX 32767 + +static inline int rand(void) +{ + uint32_t temp; + get_random_bytes(&temp, sizeof(temp)); + return temp % (RAND_MAX+1); +} + +/* stdio/stdlib implementation. */ +#define printf(...) printk(__VA_ARGS__) +#define exit(n) panic("%s:%d: exit(%d)\n", __FILE__, __LINE__, (n)) + +#endif /* SRTP_KERNEL_LINUX */ + +#endif /* KERNEL_COMPAT_H */ diff --git a/third_party/srtp/crypto/include/key.h b/third_party/srtp/crypto/include/key.h new file mode 100644 index 00000000..e7e07448 --- /dev/null +++ b/third_party/srtp/crypto/include/key.h @@ -0,0 +1,82 @@ +/* + * key.h + * + * key usage limits enforcement + * + * David A. Mcgrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef KEY_H +#define KEY_H + +#include "rdbx.h" /* for xtd_seq_num_t */ +#include "err.h" + +typedef struct key_limit_ctx_t *key_limit_t; + +typedef enum { + key_event_normal, + key_event_soft_limit, + key_event_hard_limit +} key_event_t; + +err_status_t +key_limit_set(key_limit_t key, const xtd_seq_num_t s); + +err_status_t +key_limit_clone(key_limit_t original, key_limit_t *new_key); + +err_status_t +key_limit_check(const key_limit_t key); + +key_event_t +key_limit_update(key_limit_t key); + +typedef enum { + key_state_normal, + key_state_past_soft_limit, + key_state_expired +} key_state_t; + +typedef struct key_limit_ctx_t { + xtd_seq_num_t num_left; + key_state_t state; +} key_limit_ctx_t; + +#endif /* KEY_H */ diff --git a/third_party/srtp/crypto/include/null_auth.h b/third_party/srtp/crypto/include/null_auth.h new file mode 100644 index 00000000..44f9a4a2 --- /dev/null +++ b/third_party/srtp/crypto/include/null_auth.h @@ -0,0 +1,68 @@ +/* + * null-auth.h + * + * David A. McGrew + * Cisco Systems, Inc. + * + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef NULL_AUTH_H +#define NULL_AUTH_H + +#include "auth.h" + +typedef struct { + char foo; +} null_auth_ctx_t; + +err_status_t +null_auth_alloc(auth_t **a, int key_len, int out_len); + +err_status_t +null_auth_dealloc(auth_t *a); + +err_status_t +null_auth_init(null_auth_ctx_t *state, const uint8_t *key, int key_len); + +err_status_t +null_auth_compute (null_auth_ctx_t *state, uint8_t *message, + int msg_octets, int tag_len, uint8_t *result); + + +#endif /* NULL_AUTH_H */ diff --git a/third_party/srtp/crypto/include/null_cipher.h b/third_party/srtp/crypto/include/null_cipher.h new file mode 100644 index 00000000..7d6bbdd6 --- /dev/null +++ b/third_party/srtp/crypto/include/null_cipher.h @@ -0,0 +1,80 @@ +/* + * null-cipher.h + * + * header file for the null cipher + * + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef NULL_CIPHER_H +#define NULL_CIPHER_H + +#include "datatypes.h" +#include "cipher.h" + +typedef struct { + char foo ;/* empty, for now */ +} null_cipher_ctx_t; + + +/* + * none of these functions do anything (though future versions may keep + * track of bytes encrypted, number of instances, and/or other info). + */ + +err_status_t +null_cipher_init(null_cipher_ctx_t *c, const uint8_t *key); + +err_status_t +null_cipher_set_segment(null_cipher_ctx_t *c, + unsigned long index); + +err_status_t +null_cipher_encrypt(null_cipher_ctx_t *c, + unsigned char *buf, unsigned int *bytes_to_encr); + + +err_status_t +null_cipher_encrypt_aligned(null_cipher_ctx_t *c, + unsigned char *buf, int bytes_to_encr); + +#endif /* NULL_CIPHER_H */ diff --git a/third_party/srtp/crypto/include/prng.h b/third_party/srtp/crypto/include/prng.h new file mode 100644 index 00000000..fb96b5eb --- /dev/null +++ b/third_party/srtp/crypto/include/prng.h @@ -0,0 +1,54 @@ +/* + * prng.h + * + * pseudorandom source + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +#ifndef PRNG_H +#define PRNG_H + +#include "rand_source.h" /* for rand_source_func_t definition */ +#include "aes.h" /* for aes */ +#include "aes_icm.h" /* for aes ctr */ + +#define MAX_PRNG_OUT_LEN 0xffffffffU + +/* + * x917_prng is an ANSI X9.17-like AES-based PRNG + */ + +typedef struct { + v128_t state; /* state data */ + aes_expanded_key_t key; /* secret key */ + uint32_t octet_count; /* number of octets output since last init */ + rand_source_func_t rand; /* random source for re-initialization */ +} x917_prng_t; + +err_status_t +x917_prng_init(rand_source_func_t random_source); + +err_status_t +x917_prng_get_octet_string(uint8_t *dest, uint32_t len); + + +/* + * ctr_prng is an AES-CTR based PRNG + */ + +typedef struct { + uint32_t octet_count; /* number of octets output since last init */ + aes_icm_ctx_t state; /* state data */ + rand_source_func_t rand; /* random source for re-initialization */ +} ctr_prng_t; + +err_status_t +ctr_prng_init(rand_source_func_t random_source); + +err_status_t +ctr_prng_get_octet_string(void *dest, uint32_t len); + + +#endif diff --git a/third_party/srtp/crypto/include/rand_source.h b/third_party/srtp/crypto/include/rand_source.h new file mode 100644 index 00000000..b4c21103 --- /dev/null +++ b/third_party/srtp/crypto/include/rand_source.h @@ -0,0 +1,91 @@ +/* + * rand_source.h + * + * implements a random source based on /dev/random + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef RAND_SOURCE +#define RAND_SOURCE + +#include "err.h" +#include "datatypes.h" + +err_status_t +rand_source_init(void); + +/* + * rand_source_get_octet_string() writes a random octet string. + * + * The function call rand_source_get_octet_string(dest, len) writes + * len octets of random data to the location to which dest points, + * and returns an error code. This error code should be checked, + * and if a failure is reported, the data in the buffer MUST NOT + * be used. + * + * warning: If the return code is not checked, then non-random + * data may inadvertently be used. + * + * returns: + * - err_status_ok if no problems occured. + * - [other] a problem occured, and no assumptions should + * be made about the contents of the destination + * buffer. + */ + +err_status_t +rand_source_get_octet_string(void *dest, uint32_t length); + +err_status_t +rand_source_deinit(void); + +/* + * function prototype for a random source function + * + * A rand_source_func_t writes num_octets at the location indicated by + * dest and returns err_status_ok. Any other return value indicates + * failure. + */ + +typedef err_status_t (*rand_source_func_t) + (void *dest, uint32_t num_octets); + +#endif /* RAND_SOURCE */ diff --git a/third_party/srtp/crypto/include/rdb.h b/third_party/srtp/crypto/include/rdb.h new file mode 100644 index 00000000..5a26c5e3 --- /dev/null +++ b/third_party/srtp/crypto/include/rdb.h @@ -0,0 +1,94 @@ +/* + * replay-database.h + * + * interface for a replay database for packet security + * + * David A. McGrew + * Cisco Systems, Inc. + */ + + +#ifndef REPLAY_DB_H +#define REPLAY_DB_H + +#include "integers.h" /* for uint32_t */ +#include "datatypes.h" /* for v128_t */ +#include "err.h" /* for err_status_t */ + +/* + * if the ith least significant bit is one, then the packet index + * window_end-i is in the database + */ + +typedef struct { + uint32_t window_start; /* packet index of the first bit in bitmask */ + v128_t bitmask; +} rdb_t; + +#define rdb_bits_in_bitmask (8*sizeof(v128_t)) + +/* + * rdb init + * + * initalizes rdb + * + * returns err_status_ok on success, err_status_t_fail otherwise + */ + +err_status_t +rdb_init(rdb_t *rdb); + + +/* + * rdb_check + * + * checks to see if index appears in rdb + * + * returns err_status_fail if the index already appears in rdb, + * returns err_status_ok otherwise + */ + +err_status_t +rdb_check(const rdb_t *rdb, uint32_t index); + +/* + * rdb_add_index + * + * adds index to rdb_t (and does *not* check if index appears in db) + * + * returns err_status_ok on success, err_status_fail otherwise + * + */ + +err_status_t +rdb_add_index(rdb_t *rdb, uint32_t index); + +/* + * the functions rdb_increment() and rdb_get_value() are for use by + * senders, not receivers - DO NOT use these functions on the same + * rdb_t upon which rdb_add_index is used! + */ + + +/* + * rdb_increment(db) increments the sequence number in db, if it is + * not too high + * + * return values: + * + * err_status_ok no problem + * err_status_key_expired sequence number too high + * + */ +err_status_t +rdb_increment(rdb_t *rdb); + +/* + * rdb_get_value(db) returns the current sequence number of db + */ + +uint32_t +rdb_get_value(const rdb_t *rdb); + + +#endif /* REPLAY_DB_H */ diff --git a/third_party/srtp/crypto/include/rdbx.h b/third_party/srtp/crypto/include/rdbx.h new file mode 100644 index 00000000..ce9ecf6f --- /dev/null +++ b/third_party/srtp/crypto/include/rdbx.h @@ -0,0 +1,146 @@ +/* + * rdbx.h + * + * replay database with extended packet indices, using a rollover counter + * + * David A. McGrew + * Cisco Systems, Inc. + * + */ + +#ifndef RDBX_H +#define RDBX_H + +#include "datatypes.h" +#include "err.h" + +/* #define ROC_TEST */ + +#ifndef ROC_TEST + +typedef uint16_t sequence_number_t; /* 16 bit sequence number */ +typedef uint32_t rollover_counter_t; /* 32 bit rollover counter */ + +#else /* use small seq_num and roc datatypes for testing purposes */ + +typedef unsigned char sequence_number_t; /* 8 bit sequence number */ +typedef uint16_t rollover_counter_t; /* 16 bit rollover counter */ + +#endif + +#define seq_num_median (1 << (8*sizeof(sequence_number_t) - 1)) +#define seq_num_max (1 << (8*sizeof(sequence_number_t))) + +/* + * An xtd_seq_num_t is a 64-bit unsigned integer used as an 'extended' + * sequence number. + */ + +typedef uint64_t xtd_seq_num_t; + + +/* + * An rdbx_t is a replay database with extended range; it uses an + * xtd_seq_num_t and a bitmask of recently received indices. + */ + +typedef struct { + xtd_seq_num_t index; + v128_t bitmask; +} rdbx_t; + + +/* + * rdbx_init(rdbx_ptr) + * + * initializes the rdbx pointed to by its argument, setting the + * rollover counter and sequence number to zero + */ + +err_status_t +rdbx_init(rdbx_t *rdbx); + + +/* + * rdbx_estimate_index(rdbx, guess, s) + * + * given an rdbx and a sequence number s (from a newly arrived packet), + * sets the contents of *guess to contain the best guess of the packet + * index to which s corresponds, and returns the difference between + * *guess and the locally stored synch info + */ + +int +rdbx_estimate_index(const rdbx_t *rdbx, + xtd_seq_num_t *guess, + sequence_number_t s); + +/* + * rdbx_check(rdbx, delta); + * + * rdbx_check(&r, delta) checks to see if the xtd_seq_num_t + * which is at rdbx->window_start + delta is in the rdb + * + */ + +err_status_t +rdbx_check(const rdbx_t *rdbx, int difference); + +/* + * replay_add_index(rdbx, delta) + * + * adds the xtd_seq_num_t at rdbx->window_start + delta to replay_db + * (and does *not* check if that xtd_seq_num_t appears in db) + * + * this function should be called *only* after replay_check has + * indicated that the index does not appear in the rdbx, and a mutex + * should protect the rdbx between these calls if necessary. + */ + +err_status_t +rdbx_add_index(rdbx_t *rdbx, int delta); + +/* + * xtd_seq_num_t functions - these are *internal* functions of rdbx, and + * shouldn't be used to manipulate rdbx internal values. use the rdbx + * api instead! + */ + + +/* index_init(&pi) initializes a packet index pi (sets it to zero) */ + +void +index_init(xtd_seq_num_t *pi); + +/* index_advance(&pi, s) advances a xtd_seq_num_t forward by s */ + +void +index_advance(xtd_seq_num_t *pi, sequence_number_t s); + + +/* + * index_guess(local, guess, s) + * + * given a xtd_seq_num_t local (which represents the highest + * known-to-be-good index) and a sequence number s (from a newly + * arrived packet), sets the contents of *guess to contain the best + * guess of the packet index to which s corresponds, and returns the + * difference between *guess and *local + */ + +int +index_guess(const xtd_seq_num_t *local, + xtd_seq_num_t *guess, + sequence_number_t s); + + +#endif /* RDBX_H */ + + + + + + + + + diff --git a/third_party/srtp/crypto/include/sha1.h b/third_party/srtp/crypto/include/sha1.h new file mode 100644 index 00000000..e3af4d4b --- /dev/null +++ b/third_party/srtp/crypto/include/sha1.h @@ -0,0 +1,108 @@ +/* + * sha1.h + * + * interface to the Secure Hash Algorithm v.1 (SHA-1), specified in + * FIPS 180-1 + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef SHA1_H +#define SHA1_H + +#include "err.h" +#include "datatypes.h" + +typedef struct { + uint32_t H[5]; /* state vector */ + uint32_t M[16]; /* message buffer */ + int octets_in_buffer; /* octets of message in buffer */ + uint32_t num_bits_in_msg; /* total number of bits in message */ +} sha1_ctx_t; + +/* + * sha1(&ctx, msg, len, output) hashes the len octets starting at msg + * into the SHA1 context, then writes the result to the 20 octets at + * output + * + */ + +void +sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]); + +/* + * sha1_init(&ctx) initializes the SHA1 context ctx + * + * sha1_update(&ctx, msg, len) hashes the len octets starting at msg + * into the SHA1 context + * + * sha1_final(&ctx, output) performs the final processing of the SHA1 + * context and writes the result to the 20 octets at output + * + */ + +void +sha1_init(sha1_ctx_t *ctx); + +void +sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg); + +void +sha1_final(sha1_ctx_t *ctx, uint32_t output[5]); + +/* + * The sha1_core function is INTERNAL to SHA-1, but it is declared + * here because it is also used by the cipher SEAL 3.0 in its key + * setup algorithm. + */ + +/* + * sha1_core(M, H) computes the core sha1 compression function, where M is + * the next part of the message and H is the intermediate state {H0, + * H1, ...} + * + * this function does not do any of the padding required in the + * complete sha1 function + */ + +void +sha1_core(const uint32_t M[16], uint32_t hash_value[5]); + +#endif /* SHA1_H */ diff --git a/third_party/srtp/crypto/include/stat.h b/third_party/srtp/crypto/include/stat.h new file mode 100644 index 00000000..e28b1314 --- /dev/null +++ b/third_party/srtp/crypto/include/stat.h @@ -0,0 +1,69 @@ +/* + * stats.h + * + * interface to statistical test functions + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright(c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef STAT_H +#define STAT_H + +#include "datatypes.h" /* for uint8_t */ +#include "err.h" /* for err_status_t */ +#include "rand_source.h" /* for rand_source_func_t definition */ + +err_status_t +stat_test_monobit(uint8_t *data); + +err_status_t +stat_test_poker(uint8_t *data); + +err_status_t +stat_test_runs(uint8_t *data); + +err_status_t +stat_test_rand_source(rand_source_func_t rs); + +err_status_t +stat_test_rand_source_with_repetition(rand_source_func_t source, unsigned num_trials); + +#endif /* STAT_H */ diff --git a/third_party/srtp/crypto/include/xfm.h b/third_party/srtp/crypto/include/xfm.h new file mode 100644 index 00000000..5837149b --- /dev/null +++ b/third_party/srtp/crypto/include/xfm.h @@ -0,0 +1,139 @@ +/* + * xfm.h + * + * interface for abstract crypto transform + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +#ifndef XFM_H +#define XFM_H + +#include "crypto_kernel.h" +#include "err.h" + +/** + * @defgroup Crypto Cryptography + * + * A simple interface to an abstract cryptographic transform that + * provides both confidentiality and message authentication. + * + * @{ + */ + +/** + * @brief applies a crypto transform + * + * The function pointer xfm_func_t points to a function that + * implements a crypto transform, and provides a uniform API for + * accessing crypto mechanisms. + * + * @param key location of secret key + * + * @param clear data to be authenticated only + * + * @param clear_len length of data to be authenticated only + * + * @param iv location to write the Initialization Vector (IV) + * + * @param protect location of the data to be encrypted and + * authenticated (before the function call), and the ciphertext + * and authentication tag (after the call) + * + * @param protected_len location of the length of the data to be + * encrypted and authenticated (before the function call), and the + * length of the ciphertext (after the call) + * + * @param auth_tag location to write auth tag + */ + +typedef err_status_t (*xfm_func_t) + (void *key, + void *clear, + unsigned clear_len, + void *iv, + void *protect, + unsigned *protected_len, + void *auth_tag + ); + +typedef +err_status_t (*xfm_inv_t) + (void *key, /* location of secret key */ + void *clear, /* data to be authenticated only */ + unsigned clear_len, /* length of data to be authenticated only */ + void *iv, /* location of iv */ + void *opaque, /* data to be decrypted and authenticated */ + unsigned *opaque_len, /* location of the length of data to be + * decrypted and authd (before and after) + */ + void *auth_tag /* location of auth tag */ + ); + +typedef struct xfm_ctx_t { + xfm_func_t func; + xfm_inv_t inv; + unsigned key_len; + unsigned iv_len; + unsigned auth_tag_len; +} xfm_ctx_t; + +typedef xfm_ctx_t *xfm_t; + +#define xfm_get_key_len(xfm) ((xfm)->key_len) + +#define xfm_get_iv_len(xfm) ((xfm)->iv_len) + +#define xfm_get_auth_tag_len(xfm) ((xfm)->auth_tag_len) + + +/* cryptoalgo - 5/28 */ + +typedef err_status_t (*cryptoalg_func_t) + (void *key, + void *clear, + unsigned clear_len, + void *iv, + void *opaque, + unsigned *opaque_len + ); + +typedef +err_status_t (*cryptoalg_inv_t) + (void *key, /* location of secret key */ + void *clear, /* data to be authenticated only */ + unsigned clear_len, /* length of data to be authenticated only */ + void *iv, /* location of iv */ + void *opaque, /* data to be decrypted and authenticated */ + unsigned *opaque_len /* location of the length of data to be + * decrypted and authd (before and after) + */ + ); + +typedef struct cryptoalg_ctx_t { + cryptoalg_func_t enc; + cryptoalg_inv_t dec; + unsigned key_len; + unsigned iv_len; + unsigned auth_tag_len; + unsigned max_expansion; +} cryptoalg_ctx_t; + +typedef cryptoalg_ctx_t *cryptoalg_t; + +#define cryptoalg_get_key_len(cryptoalg) ((cryptoalg)->key_len) + +#define cryptoalg_get_iv_len(cryptoalg) ((cryptoalg)->iv_len) + +#define cryptoalg_get_auth_tag_len(cryptoalg) ((cryptoalg)->auth_tag_len) + + + +/** + * @} + */ + +#endif /* XFM_H */ + + |