diff options
| author | David M. Lee <dlee@digium.com> | 2013-01-07 14:24:28 -0600 |
|---|---|---|
| committer | David M. Lee <dlee@digium.com> | 2013-01-07 14:24:28 -0600 |
| commit | f3ab456a17af1c89a6e3be4d20c5944853df1cb0 (patch) | |
| tree | d00e1a332cd038a6d906a1ea0ac91e1a4458e617 /third_party/srtp | |
Import pjproject-2.0.1
Diffstat (limited to 'third_party/srtp')
105 files changed, 36559 insertions, 0 deletions
diff --git a/third_party/srtp/CHANGES b/third_party/srtp/CHANGES new file mode 100644 index 0000000..949c389 --- /dev/null +++ b/third_party/srtp/CHANGES @@ -0,0 +1,223 @@ +Changelog + +1.3.20 + + Lots of changes. Thanks to Jeff Chan for catching a memory leak and + helping track down the endian issues with the SSRCs. + +1.3.8 + + This is an interim release. Several little-endian bugs were identified + and fixed; this means that we can use intel/linux for development again. + + Cleaned up sha1 and hmac code significantly, got rid of some excess + functions and properly documented the fuctions in the .h files. + + Eliminated some vestigial files. + + There is a SIGBUS error in the AES encrypt function on sparc + (observed on both solaris and openbsd) with gcc 2.95. Was unable to + find bad pointer anywhere, so I'm wondering if it isn't a compiler + problem (there's a known problem whose profile it fits). It doesn't + appear on any other platform, even in the cipher_driver stress + tests. + + Planned changes + + Change interface to nonces (xtd_seq_num_t) so that it uses + network byte ordering, and is consistent with other arguments. + + +1.3.6 + + Changed /dev/random (in configure.in and crypto/rng/rand_source.c) to + /dev/urandom; the latter is non-blocking on all known platforms (which + corrects some programs that seem to hang) and is actually present on + Open BSD (unlike /dev/random, which only works in the presence of + hardware supported random number generation). + + Added machine/types.h case in include/integers.h. + +1.3.5 + + Removing srtp_t::template and stream_clone(). + + Adding a new policy structure, which will reflect a complete SRTP + policy (including SRTCP). + + This version is *incomplete* and will undergo more changes. It is + provided only as a basis for discussion. + +1.3.4 + + Removed tmmh.c and tmmh.h, which implemented version one of TMMH. + + Changed srtp_get_trailer_length() to act on streams rather than + sessions, and documented the macro SRTP_MAX_TRAILER_LEN, which should + usually be used rather than that function. + + Removed 'salt' from cipher input. + + Changed rdbx to use err.h error codes. + + Changed malloc() and free() to xalloc() and xfree; these functions + are defined in crypto/kernel/alloc.c and declared in + include/alloc.h. + + Added 'output' functions to cipher, in addition to 'encrypt' + functions. It is no longer necessary to zeroize a buffer before + encrypting in order to get keystream. + + Changed octet_string_hex_string() so that "times two" isn't needed + in its input. + + Added crypto_kernel_init() prior to command-line parsing, so that + kernel can be passed command-line arguments, such as "-d + debug_module". This was done to for the applications + test/srtp-driver, test/kernel-driver, and test/ust-driver. + + Improved srtp_init_aes_128_prf - wrote key derivation function + (srtp_kdf_t). + + Add the tag_len as an argument to the auth_compute() function, but + not the corresponding macro. This change allows the tag length for + a given auth func to be set to different values at initialization + time. Previously, the structure auth_t contained the + output_length, but that value was inaccessible from hmac_compute() + and other functions. + + Re-named files from a-b.c to a_b.c. in order to help portability. + + Re-named rijndael to aes (or aes_128 as appropriate). + + +1.2.1 + + Changes so that 1.2.0 compiles on cygwin-win2k. + + Added better error reporting system. If syslog is present on the + OS, then it is used. + + +1.2.0 Many improvements and additions, and a fex fixes + + Fixed endian issues in RTP header construction in the function + rtp_sendto() in srtp/rtp.c. + + Implemented RIJNDAEL decryption operation, adding the functions + rijndael_decrypt() and rijndael_expand_decryption_key(). Also + re-named rijndael_expand_key() to rijndael_expand_encryption_key() + for consistency. + + Implemented random number source using /dev/random, in the files + crypto/rng/rand_source.c and include/rand_source.h. + + Added index check to SEAL cipher (only values less than 2^32 are + allowed) + + Added test case for null_auth authentication function. + + Added a timing test which tests the effect of CPU cache thrash on + cipher throughput. The test is done by the function + cipher_test_throughput_array(); the function + cipher_array_alloc_init() creates an array of ciphers for use in + this test. This test can be accessed by using the -a flag to + the application cipher-driver in the test subdirectory. + + Added argument processing to ust-driver.c, and added that app to + the 'runtest' target in Makefile.in. + + A minor auth_t API change: last argument of auth_init() eliminated. + + +1.0.6 A small but important fix + + Fixed srtp_init_aes_128_prf() by adding octet_string_set_to_zero() + after buffer allocation. + + Eliminated references to no-longer-existing variables in debugging + code in srtp/srtp.c. This fixes the compilation failure that + occured when using PRINT_DEBUG in that file. + + Corrected spelling of Richard Priestley's name in credits. Sorry + Richard! + + +1.0.5 Many little fixes + + Fixed octet_string_set_to_zero(), which was writing one + more zero octet than it should. This bug caused srtp_protect() + and srtp_unprotect() to overwrite the byte that followed the + srtp packet. + + Changed sizeof(uint32_t) to srtp_get_trailer_length() in + srtp-driver.c. This is just defensive coding. + + Added NULL check to malloc in srtp_alloc(). + + +1.0.4 Many minor fixes and two big ones (thanks for the bug reports!) + + Removed 'ssrc' from the srtp_init_aes_128_prf() function argument + list. This is so that applications which do not a priori know the + ssrc which they will be receiving can still use libsrtp. Now the + SSRC value is gleaned from the rtp header and exored into the + counter mode offset in the srtp_protect() and srtp_unprotect() + functions, if that cipher is used. This change cascaed through + many other functions, including srtp_init_from_hex(), + srtp_sender_init() and srtp_receiver_init() in rtp.c, and also + changing the CLI to test/rtpw. In the future, another function + call will be added to the library that enables multiple ssrc/key + pairs to be installed into the same srtp session, so that libsrtp + works with multiple srtp senders. For now, this functionality is + lacking. + + Removed the GDOI interface to the rtpw demo program. This will be + added again at a later date, after the SRTP and GDOI distributions + stabilize. For now, I've left in the GDOI #defines and autoconf + definitions so that they'll be in place when needed. + + Updated tmmhv2_compute() so that it didn't assume any particular + alginment of the output tag. + + Changed bit field variables in srtp.h to unsigned char from + unsigned int in order to avoid a potential endianness issue. + + Fixed rdbx_estimate_index() to handle all input cases. This solves + the now notorious "abaft" bug in the rtpw demo app on linux/intel, + in which spurious replay protection failures happen after that word + is received. + + Added ntohs(hdr->seq) to srtp_protect and srtp_unprotect, removed + from rijndael_icm_set_segment(). + + Added error checking and handling to srtp_sender_init() and + srtp_receiver_init(). + + Changed srtp_alloc() so that it does what you'd expect: allocate an + srtp_ctx_t structure. This hides the library internals. + + +1.0.1 Many minor fixes + + Added cipher_driver_buffer_test(...) to test/cipher-driver.c. This + function checks that the byte-buffering functions used by a cipher + are correct. + + Fixed SunOS/Solaris build problems: added HAVE_SYS_INT_TYPES_H and + changed index_t to xtd_seq_num_t (see include/rdbx.h). + + Fixed SEAL3.0 output byte buffering, added byte-buffering test to + cipher/cipher-driver.c. + + Fixed roc-driver so that the non-sequential insertion test + automatically recovers from bad estimates. This was required to + prevent spurious failures. + + Made rdbx_estimate_index(...) function smarter, so that initial RTP + sequence numbers greater than 32,768 don't cause it to estimate the + rollover counter of 0xffffffff. + + +1.0.0 Initial release + diff --git a/third_party/srtp/LICENSE b/third_party/srtp/LICENSE new file mode 100644 index 0000000..dd43240 --- /dev/null +++ b/third_party/srtp/LICENSE @@ -0,0 +1,35 @@ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ diff --git a/third_party/srtp/Makefile.in b/third_party/srtp/Makefile.in new file mode 100644 index 0000000..97f5cb8 --- /dev/null +++ b/third_party/srtp/Makefile.in @@ -0,0 +1,232 @@ +# Makefile for secure rtp +# +# David A. McGrew +# Cisco Systems, Inc. + +# targets: +# +# runtest runs test applications +# test builds test applications +# libcrypt.a static library implementing crypto engine +# libsrtp.a static library implementing srtp +# clean removes objects, libs, and executables +# distribution cleans and builds a .tgz +# tags builds etags file from all .c and .h files + +.PHONY: all test build_table_apps + +all: test + +runtest: build_table_apps test + @echo "running libsrtp test applications..." + crypto/test/cipher_driver$(EXE) -v >/dev/null + crypto/test/kernel_driver$(EXE) -v >/dev/null + test/rdbx_driver$(EXE) -v >/dev/null + test/srtp_driver$(EXE) -v >/dev/null + test/roc_driver$(EXE) -v >/dev/null + test/replay_driver$(EXE) -v >/dev/null + test/dtls_srtp_driver$(EXE) >/dev/null + cd test; ./rtpw_test.sh >/dev/null + @echo "libsrtp test applications passed." + $(MAKE) -C crypto runtest + +# makefile variables + +CC = @CC@ +INCDIR = -Icrypto/include -I$(srcdir)/include -I$(srcdir)/crypto/include +DEFS = @DEFS@ +CPPFLAGS= @CPPFLAGS@ +CFLAGS = @CFLAGS@ +LIBS = @LIBS@ +LDFLAGS = @LDFLAGS@ -L. +COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS) +SRTPLIB = -lsrtp + +RANLIB = @RANLIB@ +INSTALL = @INSTALL@ + +# EXE defines the suffix on executables - it's .exe for Windows, and +# null on linux, bsd, and OS X and other OSes. +EXE = @EXE@ +# gdoi is the group domain of interpretation for isakmp, a group key +# management system which can provide keys for srtp +gdoi = @GDOI_OBJS@ +# Random source. +RNG_OBJS = @RNG_OBJS@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +top_builddir = @top_builddir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ +includedir = @includedir@ +libdir = @libdir@ + + +# implicit rules for object files and test apps + +%.o: %.c + $(COMPILE) -c $< -o $@ + +%$(EXE): %.c + $(COMPILE) $(LDFLAGS) $< -o $@ $(SRTPLIB) $(LIBS) + + +# libcrypt.a (the crypto engine) +ciphers = crypto/cipher/cipher.o crypto/cipher/null_cipher.o \ + crypto/cipher/aes.o crypto/cipher/aes_icm.o \ + crypto/cipher/aes_cbc.o + +hashes = crypto/hash/null_auth.o crypto/hash/sha1.o \ + crypto/hash/hmac.o crypto/hash/auth.o # crypto/hash/tmmhv2.o + +replay = crypto/replay/rdb.o crypto/replay/rdbx.o \ + crypto/replay/ut_sim.o + +math = crypto/math/datatypes.o crypto/math/stat.o + +ust = crypto/ust/ust.o + +rng = crypto/rng/$(RNG_OBJS) crypto/rng/prng.o crypto/rng/ctr_prng.o + +err = crypto/kernel/err.o + +kernel = crypto/kernel/crypto_kernel.o crypto/kernel/alloc.o \ + crypto/kernel/key.o $(rng) $(err) # $(ust) + +cryptobj = $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(replay) + +# libsrtp.a (implements srtp processing) + +srtpobj = srtp/srtp.o + +libsrtp.a: $(srtpobj) $(cryptobj) $(gdoi) + ar cr libsrtp.a $^ + $(RANLIB) libsrtp.a + +# libcryptomath.a contains general-purpose routines that are used to +# generate tables and verify cryptoalgorithm implementations - this +# library is not meant to be included in production code + +cryptomath = crypto/math/math.o crypto/math/gf2_8.o + +libcryptomath.a: $(cryptomath) + ar cr libcryptomath.a $(cryptomath) + $(RANLIB) libcryptomath.a + + +# test applications + +crypto_testapp = crypto/test/aes_calc$(EXE) crypto/test/cipher_driver$(EXE) \ + crypto/test/datatypes_driver$(EXE) crypto/test/kernel_driver$(EXE) \ + crypto/test/rand_gen$(EXE) crypto/test/sha1_driver$(EXE) \ + crypto/test/stat_driver$(EXE) + +testapp = $(crypto_testapp) test/srtp_driver$(EXE) test/replay_driver$(EXE) \ + test/roc_driver$(EXE) test/rdbx_driver$(EXE) test/rtpw$(EXE) \ + test/dtls_srtp_driver$(EXE) + +$(testapp): libsrtp.a + +test/rtpw$(EXE): test/rtpw.c test/rtp.c test/getopt_s.c + $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) + +test/srtp_driver$(EXE): test/srtp_driver.c test/getopt_s.c + $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) + +test/rdbx_driver$(EXE): test/rdbx_driver.c test/getopt_s.c + $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) + +test/dtls_srtp_driver$(EXE): test/dtls_srtp_driver.c test/getopt_s.c + $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) + +test: $(testapp) + @echo "Build done. Please run '$(MAKE) runtest' to run self tests." + +memtest: test/srtp_driver + @test/srtp_driver -v -d "alloc" > tmp + @grep freed tmp | wc -l > freed + @grep allocated tmp | wc -l > allocated + @echo "checking for memory leaks (only works with --enable-stdout)" + cmp -s allocated freed + @echo "passed (same number of alloc() and dealloc() calls found)" + @rm freed allocated tmp + +# tables_apps are used to generate the tables used in the crypto +# implementations; these need only be generated during porting, not +# for building libsrtp or the test applications + +table_apps = tables/aes_tables + +build_table_apps: $(table_apps) + +# in the tables/ subdirectory, we use libcryptomath instead of libsrtp + +tables/%: tables/%.c libcryptomath.a + $(COMPILE) $(LDFLAGS) $< -o $@ $(LIBS) libcryptomath.a + +# the target 'plot' runs the timing test (test/srtp_driver -t) then +# uses gnuplot to produce plots of the results - see the script file +# 'timing' + +plot: test/srtp_driver + test/srtp_driver -t > timing.dat + + +# bookkeeping: tags, clean, and distribution + +tags: + etags */*.[ch] */*/*.[ch] + + +# documentation - the target libsrtpdoc builds a PDF file documenting +# libsrtp + +libsrtpdoc: + $(MAKE) -C doc + +.PHONY: clean superclean install + +install: + @if [ -d $(DESTDIR)$(includedir)/srtp ]; then \ + echo "you should run 'make uninstall' first"; exit 1; \ + fi + $(INSTALL) -d $(DESTDIR)$(includedir)/srtp + $(INSTALL) -d $(DESTDIR)$(libdir) + cp include/*.h $(DESTDIR)$(includedir)/srtp + cp crypto/include/*.h $(DESTDIR)$(includedir)/srtp + if [ -f libsrtp.a ]; then cp libsrtp.a $(DESTDIR)$(libdir)/; fi + +uninstall: + rm -rf $(DESTDIR)$(includedir)/srtp + rm -rf $(DESTDIR)$(libdir)/libsrtp.a + +clean: + rm -rf $(cryptobj) $(srtpobj) $(cryptomath) TAGS \ + libcryptomath.a libsrtp.a core *.core test/core + for a in * */* */*/*; do \ + if [ -f "$$a~" ] ; then rm -f $$a~; fi; \ + done; + for a in $(testapp) $(table_apps); do rm -rf $$a$(EXE); done + rm -rf *.pict *.jpg *.dat + rm -rf freed allocated tmp + $(MAKE) -C doc clean + $(MAKE) -C crypto clean + + +superclean: clean + rm -rf crypto/include/config.h config.log config.cache config.status \ + Makefile .gdb_history test/.gdb_history .DS_Store + rm -rf autom4te.cache + +distname = srtp-$(shell cat VERSION) + +distribution: runtest superclean + if ! [ -f VERSION ]; then exit 1; fi + if [ -f ../$(distname).tgz ]; then \ + mv ../$(distname).tgz ../$(distname).tgz.bak; \ + fi + cd ..; tar cvzf $(distname).tgz srtp + +# EOF diff --git a/third_party/srtp/README b/third_party/srtp/README new file mode 100644 index 0000000..08fafae --- /dev/null +++ b/third_party/srtp/README @@ -0,0 +1,174 @@ +Secure RTP (SRTP) Reference Implementation +David A. McGrew +Cisco Systems, Inc. +mcgrew@cisco.com + + +This package provides an implementation of the Secure Real-time +Transport Protocol (SRTP), the Universal Security Transform (UST), and +a supporting cryptographic kernel. These mechanisms are documented in +the Internet Drafts in the doc/ subdirectory. The SRTP API is +documented in include/srtp.h, and the library is in libsrtp.a (after +compilation). An overview and reference manual is available in +doc/libsrtp.pdf. The PDF documentation is more up to date than this +file. + + +Installation: + +./configure [ options ] # GNU autoconf script +make # or gmake if needed; use GNU make + +The configure script accepts the following options: + + --help provides a usage summary + --disable-debug compile without the runtime debugging system + --enable-syslog use syslog for error reporting + --disable-stdout use stdout for error reporting + --enable-console use /dev/console for error reporting + --gdoi use GDOI key management (disabled at present) + +By default, debbuging is enabled and stdout is used for debugging. +You can use the above configure options to have the debugging output +sent to syslog or the system console. Alternatively, you can define +ERR_REPORTING_FILE in include/conf.h to be any other file that can be +opened by libSRTP, and debug messages will be sent to it. + +This package has been tested on Mac OS X (powerpc-apple-darwin1.4), +Cygwin (i686-pc-cygwin), and Sparc (sparc-sun-solaris2.6). Previous +versions have been tested on Linux and OpenBSD on both x86 and sparc +platforms. + +A quick tour of this package: + +Makefile targets: all, clean, ... +README this file +CHANGES change log +VERSION version number of this package +LICENSE legal details (it's a BSD-like license) +crypto/ciphers/ ciphers (null, aes_icm, ...) +crypto/math/ crypto math routines +crypto/hash/ crypto hashing (hmac, tmmhv2, ...) +crypto/replay/ replay protection +doc/ documentation: rfcs, apis, and suchlike +include/ include files for all code in distribution +srtp/ secure real-time transport protocol implementation +tables/ apps for generating tables (useful in porting) +test/ test drivers + + +Applications + + Several test drivers and a simple and portable srtp application + are included in the test/ subdirectory. + + test driver function tested + ------------------------------------------------------------- + kernel_driver crypto kernel (ciphers, auth funcs, rng) + srtp_driver srtp in-memory tests (does not use the network) + rdbx_driver rdbx (extended replay database) + roc_driver extended sequence number functions + replay_driver replay database (n.b. not used in libsrtp) + cipher_driver ciphers + auth_driver hash functions + + The app rtpw is a simple rtp application which reads words from + /usr/dict/words and then sends them out one at a time using [s]rtp. + Manual srtp keying uses the -k option; automated key management + using gdoi will be added later. + +usage: rtpw [-d <debug>]* [-k <key> [-a][-e]] [-s | -r] dest_ip dest_port +or rtpw -l + + Either the -s (sender) or -r (receiver) option must be chosen. + + The values dest_ip, dest_port are the ip address and udp port to + which the dictionary will be sent, respectively. + + options: + + -s (s)rtp sender - causes app to send words + + -r (s)rtp receive - causes app to receve words + + -k <key> use srtp master key <key>, where the + key is a hexadecimal value (without the + leading "0x") + + -e encrypt/decrypt (for data confidentiality) + (requires use of -k option as well) + + -a message authentication + (requires use of -k option as well) + + -l list debug modules + + -d <debug> turn on debugging for module <debug> + + +In order to get random 30-byte values for use as key/salt pairs , you +can use the following bash function to format the output of +/dev/random (where that device is available). + +function randhex() { + cat /dev/random | od --read-bytes=32 --width=32 -x | awk '{ print $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 }' +} + + +An example of an SRTP session using two rtpw programs follows: + +set k=c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451 + +[sh1]$ test/rtpw -s -k $k -ea 0.0.0.0 9999 +Security services: confidentiality message authentication +set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451 +setting SSRC to 2078917053 +sending word: A +sending word: a +sending word: aa +sending word: aal +... + +[sh2]$ test/rtpw -r -k $k -ea 0.0.0.0 9999 +security services: confidentiality message authentication +set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451 +19 octets received from SSRC 2078917053 word: A +19 octets received from SSRC 2078917053 word: a +20 octets received from SSRC 2078917053 word: aa +21 octets received from SSRC 2078917053 word: aal +... + +Implementation Notes + + * The srtp_protect() function assumes that the buffer holding the + rtp packet has enough storage allocated that the authentication + tag can be written to the end of that packet. If this assumption + is not valid, memory corruption will ensue. + + * Automated tests for the crypto functions are provided through + the cipher_type_self_test() and auth_type_self_test() functions. + These functions should be used to test each port of this code + to a new platform. + + * Replay protection is contained in the crypto engine, and + tests for it are provided. + + * This implementation provides calls to initialize, protect, and + unprotect RTP packets, and makes as few as possible assumptions + about how these functions will be called. For example, the + caller is not expected to provide packets in order (though if + they're called more than 65k out of sequence, synchronization + will be lost). + + * The sequence number in the rtp packet is used as the low 16 bits + of the sender's local packet index. Note that RTP will start its + sequence number in a random place, and the SRTP layer just jumps + forward to that number at its first invocation. An earlier + version of this library used initial sequence numbers that are + less than 32,768; this trick is no longer required as the + rdbx_estimate_index(...) function has been made smarter. + + * The replay window is 128 bits in length, and is hard-coded to this + value for now. + + diff --git a/third_party/srtp/TODO b/third_party/srtp/TODO new file mode 100644 index 0000000..18846e8 --- /dev/null +++ b/third_party/srtp/TODO @@ -0,0 +1,66 @@ +TODO List + +1.4.1 + + - document which fields are in NBO/HBO, and check for consistency. + + - move HAVE_U_LONG_LONG inside of datatypes.c, or some other + separate file + + - re-write configure.in to make cross-compilation easier + + - eliminate GENERIC_AESICM by generalizing the code a bit + +Older comments + + - add tests for key_limit_t datatype + + - move octet_get_weight() from datatypes.c to math.c (any other + funcs?) + +Changes and additions planned + + Make cipher and auth dealloc() functions zeroize the key-storage + areas before calling free(). + + Eliminate key_len from auth_init() + + Doucument internal APIs (cipher, auth, srtp_protect, ...) + + +SRTP options not (yet) included in this libaray: + + - the aes-f8-mode cipher + - the Master Key Index + - re-keying using the key derivation function (only the initial + use of the PRF has been implemented, as it's sufficient + for most uses) + + +(OLD) PLANNED CHANGES + + strip out test/lfsr.c + + Write new documentation!!! + + Fix the x86 assembly code in aes.c. + + Eliminate /* DAM */ - there's one in srtp.c + + Change debugging so that it can print more than one line. Or perhaps + just change it so that a single check of the debug-enabled flag is + needed. + + Improve interface between cipher and rdbx - perhaps generalize rdbx + into 'nonce' datatype. + + Make rijndael_icm accept variable sized keys. + + Add rdbx functions that allow different-sized explicit sequence + numbers to be used. + + Write uniform byte-buffering code for PRFs, preferably as macros. + + Consider eliminating low-level alloc functions in favor of len() + functions, so that there need not be multiple allocations within a + particular alloc() function. diff --git a/third_party/srtp/VERSION b/third_party/srtp/VERSION new file mode 100644 index 0000000..1c99cf0 --- /dev/null +++ b/third_party/srtp/VERSION @@ -0,0 +1 @@ +1.4.4 diff --git a/third_party/srtp/config.guess b/third_party/srtp/config.guess new file mode 100644 index 0000000..7d0185e --- /dev/null +++ b/third_party/srtp/config.guess @@ -0,0 +1,1447 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + +timestamp='2004-09-07' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Per Bothner <per@bothner.com>. +# Please send patches to <config-patches@gnu.org>. Submit a context +# diff and a properly formatted ChangeLog entry. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# The plan is that this can be called by configure scripts if you +# don't specify an explicit build system type. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to <config-patches@gnu.org>." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +trap 'exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +set_cc_for_build=' +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +: ${TMPDIR=/tmp} ; + { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +dummy=$tmp/dummy ; +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > $dummy.c ; + for c in cc gcc c89 c99 ; do + if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ;' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + case "${UNAME_MACHINE_ARCH}" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE_ARCH}" in + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep __ELF__ >/dev/null + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "${UNAME_VERSION}" in + Debian*) + release='-gnu' + ;; + *) + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit 0 ;; + amd64:OpenBSD:*:*) + echo x86_64-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + amiga:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + cats:OpenBSD:*:*) + echo arm-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + hp300:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + luna88k:OpenBSD:*:*) + echo m88k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + macppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme88k:OpenBSD:*:*) + echo m88k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvmeppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sgi:OpenBSD:*:*) + echo mips64-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sun3:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + *:OpenBSD:*:*) + echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + *:ekkoBSD:*:*) + echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + exit 0 ;; + macppc:MirBSD:*:*) + echo powerppc-unknown-mirbsd${UNAME_RELEASE} + exit 0 ;; + *:MirBSD:*:*) + echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + exit 0 ;; + alpha:OSF1:*:*) + case $UNAME_RELEASE in + *4.0) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE="alpha" ;; + "EV4.5 (21064)") + UNAME_MACHINE="alpha" ;; + "LCA4 (21066/21068)") + UNAME_MACHINE="alpha" ;; + "EV5 (21164)") + UNAME_MACHINE="alphaev5" ;; + "EV5.6 (21164A)") + UNAME_MACHINE="alphaev56" ;; + "EV5.6 (21164PC)") + UNAME_MACHINE="alphapca56" ;; + "EV5.7 (21164PC)") + UNAME_MACHINE="alphapca57" ;; + "EV6 (21264)") + UNAME_MACHINE="alphaev6" ;; + "EV6.7 (21264A)") + UNAME_MACHINE="alphaev67" ;; + "EV6.8CB (21264C)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8AL (21264B)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8CX (21264D)") + UNAME_MACHINE="alphaev68" ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE="alphaev69" ;; + "EV7 (21364)") + UNAME_MACHINE="alphaev7" ;; + "EV7.9 (21364A)") + UNAME_MACHINE="alphaev79" ;; + esac + # A Pn.n version is a patched version. + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + exit 0 ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix + exit 0 ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit 0 ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit 0;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit 0 ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-morphos + exit 0 ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit 0 ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit 0 ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit 0;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit 0;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit 0 ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit 0 ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit 0 ;; + DRS?6000:UNIX_SV:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7 && exit 0 ;; + esac ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit 0 ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit 0 ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit 0 ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit 0 ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit 0 ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit 0 ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit 0 ;; + m68k:machten:*:*) + echo m68k-apple-machten${UNAME_RELEASE} + exit 0 ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit 0 ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit 0 ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit 0 ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include <stdio.h> /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c \ + && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ + && exit 0 + echo mips-mips-riscos${UNAME_RELEASE} + exit 0 ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit 0 ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit 0 ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit 0 ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit 0 ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit 0 ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit 0 ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit 0 ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} + fi + exit 0 ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit 0 ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit 0 ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit 0 ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit 0 ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit 0 ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit 0 ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include <sys/systemcfg.h> + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 + echo rs6000-ibm-aix3.2.5 + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit 0 ;; + *:AIX:*:[45]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit 0 ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit 0 ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit 0 ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit 0 ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit 0 ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit 0 ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit 0 ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include <stdlib.h> + #include <unistd.h> + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ ${HP_ARCH} = "hppa2.0w" ] + then + # avoid double evaluation of $set_cc_for_build + test -n "$CC_FOR_BUILD" || eval $set_cc_for_build + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null + then + HP_ARCH="hppa2.0w" + else + HP_ARCH="hppa64" + fi + fi + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit 0 ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit 0 ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include <unistd.h> + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 + echo unknown-hitachi-hiuxwe2 + exit 0 ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit 0 ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit 0 ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit 0 ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit 0 ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit 0 ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit 0 ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit 0 ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit 0 ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit 0 ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit 0 ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit 0 ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + *:UNICOS/mp:*:*) + echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit 0 ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit 0 ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit 0 ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:FreeBSD:*:*) + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit 0 ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit 0 ;; + i*:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit 0 ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit 0 ;; + x86:Interix*:[34]*) + echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' + exit 0 ;; + [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) + echo i${UNAME_MACHINE}-pc-mks + exit 0 ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i586-pc-interix + exit 0 ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin + exit 0 ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin + exit 0 ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + *:GNU:*:*) + # the GNU system + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit 0 ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + exit 0 ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit 0 ;; + arm*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + cris:Linux:*:*) + echo cris-axis-linux-gnu + exit 0 ;; + crisv32:Linux:*:*) + echo crisv32-axis-linux-gnu + exit 0 ;; + frv:Linux:*:*) + echo frv-unknown-linux-gnu + exit 0 ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + m32r*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + mips:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips + #undef mipsel + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mipsel + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` + test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + ;; + mips64:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef mips64 + #undef mips64el + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=mips64el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=mips64 + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` + test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit 0 ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit 0 ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit 0 ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-gnu ;; + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; + esac + exit 0 ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit 0 ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux + exit 0 ;; + sh64*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + x86_64:Linux:*:*) + echo x86_64-unknown-linux-gnu + exit 0 ;; + i*86:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. cd to the root directory to prevent + # problems with other programs or directories called `ld' in the path. + # Set LC_ALL=C to ensure ld outputs messages in English. + ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ + | sed -ne '/supported targets:/!d + s/[ ][ ]*/ /g + s/.*supported targets: *// + s/ .*// + p'` + case "$ld_supported_targets" in + elf32-i386) + TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" + ;; + a.out-i386-linux) + echo "${UNAME_MACHINE}-pc-linux-gnuaout" + exit 0 ;; + coff-i386) + echo "${UNAME_MACHINE}-pc-linux-gnucoff" + exit 0 ;; + "") + # Either a pre-BFD a.out linker (linux-gnuoldld) or + # one that does not give us useful --help. + echo "${UNAME_MACHINE}-pc-linux-gnuoldld" + exit 0 ;; + esac + # Determine whether the default compiler is a.out or elf + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include <features.h> + #ifdef __ELF__ + # ifdef __GLIBC__ + # if __GLIBC__ >= 2 + LIBC=gnu + # else + LIBC=gnulibc1 + # endif + # else + LIBC=gnulibc1 + # endif + #else + #ifdef __INTEL_COMPILER + LIBC=gnu + #else + LIBC=gnuaout + #endif + #endif + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` + test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 + test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 + ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit 0 ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit 0 ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit 0 ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop + exit 0 ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos + exit 0 ;; + i*86:syllable:*:*) + echo ${UNAME_MACHINE}-pc-syllable + exit 0 ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit 0 ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi + exit 0 ;; + i*86:*:5:[78]*) + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit 0 ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` + echo ${UNAME_MACHINE}-pc-isc$UNAME_REL + elif /bin/uname -X 2>/dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit 0 ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i386. + echo i386-pc-msdosdjgpp + exit 0 ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit 0 ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit 0 ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit 0 ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit 0 ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit 0 ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit 0 ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4 && exit 0 ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit 0 ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit 0 ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit 0 ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says <Richard.M.Bartel@ccMail.Census.GOV> + echo i586-unisys-sysv4 + exit 0 ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes <hewes@openmarket.com>. + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit 0 ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit 0 ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit 0 ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit 0 ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit 0 ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit 0 ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit 0 ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit 0 ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit 0 ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux${UNAME_RELEASE} + exit 0 ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Darwin:*:*) + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + case $UNAME_PROCESSOR in + *86) UNAME_PROCESSOR=i686 ;; + unknown) UNAME_PROCESSOR=powerpc ;; + esac + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + exit 0 ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = "x86"; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + exit 0 ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit 0 ;; + NSR-?:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit 0 ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit 0 ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit 0 ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit 0 ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit 0 ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit 0 ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit 0 ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit 0 ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit 0 ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit 0 ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit 0 ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux${UNAME_RELEASE} + exit 0 ;; + *:DragonFly:*:*) + echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit 0 ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "${UNAME_MACHINE}" in + A*) echo alpha-dec-vms && exit 0 ;; + I*) echo ia64-dec-vms && exit 0 ;; + V*) echo vax-dec-vms && exit 0 ;; + esac +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +eval $set_cc_for_build +cat >$dummy.c <<EOF +#ifdef _SEQUENT_ +# include <sys/types.h> +# include <sys/utsname.h> +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include <sys/param.h> + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +# if !defined (ultrix) +# include <sys/param.h> +# if defined (BSD) +# if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +# else +# if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# endif +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# else + printf ("vax-dec-ultrix\n"); exit (0); +# endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0 + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit 0 ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + c34*) + echo c34-convex-bsd + exit 0 ;; + c38*) + echo c38-convex-bsd + exit 0 ;; + c4*) + echo c4-convex-bsd + exit 0 ;; + esac +fi + +cat >&2 <<EOF +$0: unable to guess system type + +This script, last modified $timestamp, has failed to recognize +the operating system you are using. It is advised that you +download the most up to date version of the config scripts from + + ftp://ftp.gnu.org/pub/gnu/config/ + +If the version you run ($0) is already up to date, please +send the following data and any information you think might be +pertinent to <config-patches@gnu.org> in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/third_party/srtp/config.h_win32vc7 b/third_party/srtp/config.h_win32vc7 new file mode 100644 index 0000000..b6ae0a7 --- /dev/null +++ b/third_party/srtp/config.h_win32vc7 @@ -0,0 +1,170 @@ +/* Hacked config.h for Windows XP 32-bit & VC7 */ + +/* Define if building for a CISC machine (e.g. Intel). */ +#define CPU_CISC 1 + +/* Define if building for a RISC machine (assume slow byte access). */ +#undef CPU_RISC + +/* Path to random device */ +#undef DEV_URANDOM + +/* Define to compile in dynamic debugging system. */ +#undef ENABLE_DEBUGGING + +/* Report errors to this file. */ +#undef ERR_REPORTING_FILE + +/* Define to use logging to stdout. */ +#undef ERR_REPORTING_STDOUT + +/* Define this to use ISMAcryp code. */ +#undef GENERIC_AESICM + +/* Define to 1 if you have the <arpa/inet.h> header file. */ +#undef HAVE_ARPA_INET_H + +/* Define to 1 if you have the <byteswap.h> header file. */ +#undef HAVE_BYTESWAP_H + +/* Define to 1 if you have the `inet_aton' function. */ +#define HAVE_INET_ATON 1 + +/* Define to 1 if the system has the type `int16_t'. */ +#undef HAVE_INT16_T + +/* Define to 1 if the system has the type `int32_t'. */ +#undef HAVE_INT32_T + +/* Define to 1 if the system has the type `int8_t'. */ +#undef HAVE_INT8_T + +/* Define to 1 if you have the <inttypes.h> header file. */ +#undef HAVE_INTTYPES_H + +/* Define to 1 if you have the `socket' library (-lsocket). */ +#undef HAVE_LIBSOCKET + +/* Define to 1 if you have the <machine/types.h> header file. */ +#undef HAVE_MACHINE_TYPES_H + +/* Define to 1 if you have the <memory.h> header file. */ +#define HAVE_MEMORY_H 1 + +/* Define to 1 if you have the <netinet/in.h> header file. */ +#undef HAVE_NETINET_IN_H + +/* Define to 1 if you have the `socket' function. */ +#define HAVE_SOCKET 1 + +/* Define to 1 if you have the <stdint.h> header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the <stdlib.h> header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the <strings.h> header file. */ +#define HAVE_STRINGS_H 1 + +/* Define to 1 if you have the <string.h> header file. */ +#define HAVE_STRING_H 1 + +/* Define to 1 if you have the <syslog.h> header file. */ +#undef HAVE_SYSLOG_H + +/* Define to 1 if you have the <sys/int_types.h> header file. */ +#undef HAVE_SYS_INT_TYPES_H + +/* Define to 1 if you have the <sys/socket.h> header file. */ +#undef HAVE_SYS_SOCKET_H + +/* Define to 1 if you have the <sys/stat.h> header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the <sys/types.h> header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the <sys/uio.h> header file. */ +#undef HAVE_SYS_UIO_H + +/* Define to 1 if the system has the type `uint16_t'. */ +#undef HAVE_UINT16_T + +/* Define to 1 if the system has the type `uint32_t'. */ +#undef HAVE_UINT32_T + +/* Define to 1 if the system has the type `uint64_t'. */ +#undef HAVE_UINT64_T + +/* Define to 1 if the system has the type `uint8_t'. */ +#undef HAVE_UINT8_T + +/* Define to 1 if you have the <unistd.h> header file. */ +#define HAVE_UNISTD_H 1 + +/* Define to 1 if you have the `usleep' function. */ +#define HAVE_USLEEP 1 + +/* Define to 1 if you have the <windows.h> header file. */ +#define HAVE_WINDOWS_H 1 + +/* Define to 1 if you have the <winsock2.h> header file. */ +#define HAVE_WINSOCK2_H 1 + +/* Define to use X86 inlined assembly code */ +#undef HAVE_X86 + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* The size of a `unsigned long', as computed by sizeof. */ +#define SIZEOF_UNSIGNED_LONG 4 + +/* The size of a `unsigned long long', as computed by sizeof. */ +#define SIZEOF_UNSIGNED_LONG_LONG 8 + +/* Define to use GDOI. */ +#undef SRTP_GDOI + +/* Define to compile for kernel contexts. */ +#undef SRTP_KERNEL + +/* Define to compile for Linux kernel context. */ +#undef SRTP_KERNEL_LINUX + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Write errors to this file */ +#undef USE_ERR_REPORTING_FILE + +/* Define to use syslog logging. */ +#undef USE_SYSLOG + +/* Define to 1 if your processor stores words with the most significant byte + first (like Motorola and SPARC, unlike Intel and VAX). */ +#undef WORDS_BIGENDIAN + +/* Define to empty if `const' does not conform to ANSI C. */ +//#undef const +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +//#ifndef __cplusplus +//#undef inline +//#endif +#define inline __inline + +/* Define to `unsigned' if <sys/types.h> does not define. */ +//#undef size_t diff --git a/third_party/srtp/config.hw b/third_party/srtp/config.hw new file mode 100644 index 0000000..1cc4f5b --- /dev/null +++ b/third_party/srtp/config.hw @@ -0,0 +1,192 @@ +/* crypto/include/config.h. Generated by configure. */ +/* config_in.h. Generated from configure.in by autoheader. */ + +/* Define if building for a CISC machine (e.g. Intel). */ +#define CPU_CISC 1 + +/* Define if building for a RISC machine (assume slow byte access). */ +/* #undef CPU_RISC */ + +/* Path to random device */ +/* #define DEV_URANDOM "/dev/urandom" */ + +/* Define to compile in dynamic debugging system. */ +#define ENABLE_DEBUGGING 1 + +/* Report errors to this file. */ +/* #undef ERR_REPORTING_FILE */ + +/* Define to use logging to stdout. */ +#define ERR_REPORTING_STDOUT 1 + +/* Define this to use ISMAcryp code. */ +/* #undef GENERIC_AESICM */ + +/* Define to 1 if you have the <arpa/inet.h> header file. */ +/* #undef HAVE_ARPA_INET_H */ + +/* Define to 1 if you have the <byteswap.h> header file. */ +/* #undef HAVE_BYTESWAP_H */ + +/* Define to 1 if you have the `inet_aton' function. */ +/* #undef HAVE_INET_ATON */ + +/* Define to 1 if the system has the type `int16_t'. */ +#define HAVE_INT16_T 1 + +/* Define to 1 if the system has the type `int32_t'. */ +#define HAVE_INT32_T 1 + +/* Define to 1 if the system has the type `int8_t'. */ +#define HAVE_INT8_T 1 + +/* Define to 1 if you have the <inttypes.h> header file. */ +/* #undef HAVE_INTTYPES_H */ + +/* Define to 1 if you have the `socket' library (-lsocket). */ +/* #undef HAVE_LIBSOCKET */ + +/* Define to 1 if you have the <machine/types.h> header file. */ +/* #undef HAVE_MACHINE_TYPES_H */ + +/* Define to 1 if you have the <memory.h> header file. */ +#define HAVE_MEMORY_H 1 + +/* Define to 1 if you have the <netinet/in.h> header file. */ +/* #undef HAVE_NETINET_IN_H */ + +/* Define to 1 if you have the `socket' function. */ +/* #undef HAVE_SOCKET */ + +/* Define to 1 if you have the <stdint.h> header file. */ +/* #undef HAVE_STDINT_H */ + +/* Define to 1 if you have the <stdlib.h> header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the <strings.h> header file. */ +#define HAVE_STRINGS_H 1 + +/* Define to 1 if you have the <string.h> header file. */ +#define HAVE_STRING_H 1 + +/* Define to 1 if you have the <syslog.h> header file. */ +/* #undef HAVE_SYSLOG_H */ + +/* Define to 1 if you have the <sys/int_types.h> header file. */ +/* #undef HAVE_SYS_INT_TYPES_H */ + +/* Define to 1 if you have the <sys/socket.h> header file. */ +/* #undef HAVE_SYS_SOCKET_H */ + +/* Define to 1 if you have the <sys/stat.h> header file. */ +#define HAVE_SYS_STAT_H 1 + +/* Define to 1 if you have the <sys/types.h> header file. */ +#define HAVE_SYS_TYPES_H 1 + +/* Define to 1 if you have the <sys/uio.h> header file. */ +/* #undef HAVE_SYS_UIO_H */ + +/* Define to 1 if the system has the type `uint16_t'. */ +#define HAVE_UINT16_T 1 + +/* Define to 1 if the system has the type `uint32_t'. */ +#define HAVE_UINT32_T 1 + +/* Define to 1 if the system has the type `uint64_t'. */ +#define HAVE_UINT64_T 1 + +/* Define to 1 if the system has the type `uint8_t'. */ +#define HAVE_UINT8_T 1 + +/* Define to 1 if you have the <unistd.h> header file. */ +/* #undef HAVE_UNISTD_H */ + +/* Define to 1 if you have the `usleep' function. */ +/* #undef HAVE_USLEEP */ + +/* Define to 1 if you have the <windows.h> header file. */ +#define HAVE_WINDOWS_H 1 + +/* Define to 1 if you have the <winsock2.h> header file. */ +#define HAVE_WINSOCK2_H 1 + +/* Define to use X86 inlined assembly code */ +/* #undef HAVE_X86 */ + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "" + +/* The size of a `unsigned long', as computed by sizeof. */ +#define SIZEOF_UNSIGNED_LONG 4 + +/* The size of a `unsigned long long', as computed by sizeof. */ +#define SIZEOF_UNSIGNED_LONG_LONG 8 + +/* Define to use GDOI. */ +/* #undef SRTP_GDOI */ + +/* Define to compile for kernel contexts. */ +/* #undef SRTP_KERNEL */ + +/* Define to compile for Linux kernel context. */ +/* #undef SRTP_KERNEL_LINUX */ + +/* Define to 1 if you have the ANSI C header files. */ +#define STDC_HEADERS 1 + +/* Write errors to this file */ +/* #undef USE_ERR_REPORTING_FILE */ + +/* Define to use syslog logging. */ +/* #undef USE_SYSLOG */ + +/* Define to 1 if your processor stores words with the most significant byte + first (like Motorola and SPARC, unlike Intel and VAX). */ +/* #undef WORDS_BIGENDIAN */ + +/* Define to empty if `const' does not conform to ANSI C. */ +/* #undef const */ + +/* Define 'inline' to nothing, since the MSVC compiler doesn't support it. */ +#define inline + +/* Define to `unsigned' if <sys/types.h> does not define. */ +/* #undef size_t */ + +#if (_MSC_VER >= 1400) // VC8+ +#ifndef _CRT_SECURE_NO_DEPRECATE +#define _CRT_SECURE_NO_DEPRECATE +#endif +#ifndef _CRT_NONSTDC_NO_DEPRECATE +#define _CRT_NONSTDC_NO_DEPRECATE +#endif +#endif // VC8+ + +#ifndef uint32_t +typedef unsigned __int8 uint8_t; +typedef unsigned __int16 uint16_t; +typedef unsigned __int32 uint32_t; +typedef unsigned __int64 uint64_t; +typedef __int8 int8_t; +typedef __int16 int16_t; +typedef __int32 int32_t; +typedef __int64 int64_t; +#endif + +#ifdef _MSC_VER +#pragma warning(disable:4311) +#endif diff --git a/third_party/srtp/config.sub b/third_party/srtp/config.sub new file mode 100644 index 0000000..edb6b66 --- /dev/null +++ b/third_party/srtp/config.sub @@ -0,0 +1,1555 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + +timestamp='2004-08-29' + +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Please send patches to <config-patches@gnu.org>. Submit a context +# diff and a properly formatted ChangeLog entry. +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to <config-patches@gnu.org>." + +version="\ +GNU config.sub ($timestamp) + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit 0;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \ + kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis | -knuth | -cray) + os= + basic_machine=$1 + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ + | c4x | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | i370 | i860 | i960 | ia64 \ + | ip2k | iq2000 \ + | m32r | m32rle | m68000 | m68k | m88k | mcore \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64vr | mips64vrel \ + | mips64orion | mips64orionel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | msp430 \ + | ns16k | ns32k \ + | openrisc | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ + | pyramid \ + | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv8 | sparcv9 | sparcv9b \ + | strongarm \ + | tahoe | thumb | tic4x | tic80 | tron \ + | v850 | v850e \ + | we32k \ + | x86 | xscale | xstormy16 | xtensa \ + | z8k) + basic_machine=$basic_machine-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12) + # Motorola 68HC11/12. + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* \ + | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ + | clipper-* | craynv-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* | iq2000-* \ + | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | mcore-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipstx39-* | mipstx39el-* \ + | mmix-* \ + | msp430-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ + | pyramid-* \ + | romp-* | rs6000-* \ + | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ + | tahoe-* | thumb-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tron-* \ + | v850-* | v850e-* | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ + | xtensa-* \ + | ymp-* \ + | z8k-*) + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + abacus) + basic_machine=abacus-unknown + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amd64) + basic_machine=x86_64-pc + ;; + amd64-*) + basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | j90) + basic_machine=j90-cray + os=-unicos + ;; + craynv) + basic_machine=craynv-cray + os=-unicosmp + ;; + cr16c) + basic_machine=cr16c-unknown + os=-elf + ;; + crds | unos) + basic_machine=m68k-crds + ;; + crisv32 | crisv32-* | etraxfs*) + basic_machine=crisv32-axis + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + crx) + basic_machine=crx-unknown + os=-elf + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; +# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i*86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i*86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i*86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 + ;; + miniframe) + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; + np1) + basic_machine=np1-gould + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + or32 | or32-*) + basic_machine=or32-unknown + os=-coff + ;; + os400) + basic_machine=powerpc-ibm + os=-os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc + ;; + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc + ;; + pentiumii | pentium2 | pentiumiii | pentium3) + basic_machine=i686-pc + ;; + pentium4) + basic_machine=i786-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium4-*) + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=power-ibm + ;; + ppc) basic_machine=powerpc-unknown + ;; + ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sei) + basic_machine=mips-sei + os=-seiux + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tic54x | c54x*) + basic_machine=tic54x-unknown + os=-coff + ;; + tic55x | c55x*) + basic_machine=tic55x-unknown + os=-coff + ;; + tic6x | c6x*) + basic_machine=tic6x-unknown + os=-coff + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + tpf) + basic_machine=s390x-ibm + os=-tpf + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + ymp) + basic_machine=ymp-cray + os=-unicos + ;; + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; + romp) + basic_machine=romp-ibm + ;; + mmix) + basic_machine=mmix-knuth + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele) + basic_machine=sh-unknown + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparc | sparcv8 | sparcv9 | sparcv9b) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -svr4*) + os=-sysv4 + ;; + -unixware*) + os=-sysv4.2uw + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* \ + | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto-qnx*) + ;; + -nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; + -linux-dietlibc) + os=-linux-dietlibc + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -opened*) + os=-openedition + ;; + -os400*) + os=-os400 + ;; + -wince*) + os=-wince + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -atheos*) + os=-atheos + ;; + -syllable*) + os=-syllable + ;; + -386bsd) + os=-bsd + ;; + -ctix* | -uts*) + os=-sysv + ;; + -nova*) + os=-rtmk-nova + ;; + -ns2 ) + os=-nextstep2 + ;; + -nsk*) + os=-nsk + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -tpf*) + os=-tpf + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; + -xenix) + os=-xenix + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -aros*) + os=-aros + ;; + -kaos*) + os=-kaos + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + *-acorn) + os=-riscix1.2 + ;; + arm*-rebel) + os=-linux + ;; + arm*-semi) + os=-aout + ;; + c4x-* | tic4x-*) + os=-coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + # This also exists in the configure program, but was not the + # default. + # os=-sunos4 + ;; + m68*-cisco) + os=-aout + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or32-*) + os=-coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-be) + os=-beos + ;; + *-ibm) + os=-aix + ;; + *-knuth) + os=-mmixware + ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigaos + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=-uxpv + ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -aix*) + vendor=ibm + ;; + -beos*) + vendor=be + ;; + -hpux*) + vendor=hp + ;; + -mpeix*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs* | -opened*) + vendor=ibm + ;; + -os400*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -tpf*) + vendor=ibm + ;; + -vxsim* | -vxworks* | -windiss*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os +exit 0 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/third_party/srtp/config_in.h b/third_party/srtp/config_in.h new file mode 100644 index 0000000..5951861 --- /dev/null +++ b/third_party/srtp/config_in.h @@ -0,0 +1,170 @@ +/* config_in.h. Generated from configure.in by autoheader. */ + +/* Define if building for a CISC machine (e.g. Intel). */ +#undef CPU_CISC + +/* Define if building for a RISC machine (assume slow byte access). */ +#undef CPU_RISC + +/* Path to random device */ +#undef DEV_URANDOM + +/* Define to compile in dynamic debugging system. */ +#undef ENABLE_DEBUGGING + +/* Report errors to this file. */ +#undef ERR_REPORTING_FILE + +/* Define to use logging to stdout. */ +#undef ERR_REPORTING_STDOUT + +/* Define this to use ISMAcryp code. */ +#undef GENERIC_AESICM + +/* Define to 1 if you have the <arpa/inet.h> header file. */ +#undef HAVE_ARPA_INET_H + +/* Define to 1 if you have the <byteswap.h> header file. */ +#undef HAVE_BYTESWAP_H + +/* Define to 1 if you have the `inet_aton' function. */ +#undef HAVE_INET_ATON + +/* Define to 1 if the system has the type `int16_t'. */ +#undef HAVE_INT16_T + +/* Define to 1 if the system has the type `int32_t'. */ +#undef HAVE_INT32_T + +/* Define to 1 if the system has the type `int8_t'. */ +#undef HAVE_INT8_T + +/* Define to 1 if you have the <inttypes.h> header file. */ +#undef HAVE_INTTYPES_H + +/* Define to 1 if you have the `socket' library (-lsocket). */ +#undef HAVE_LIBSOCKET + +/* Define to 1 if you have the <machine/types.h> header file. */ +#undef HAVE_MACHINE_TYPES_H + +/* Define to 1 if you have the <memory.h> header file. */ +#undef HAVE_MEMORY_H + +/* Define to 1 if you have the <netinet/in.h> header file. */ +#undef HAVE_NETINET_IN_H + +/* Define to 1 if you have the `socket' function. */ +#undef HAVE_SOCKET + +/* Define to 1 if you have the <stdint.h> header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the <stdlib.h> header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the <strings.h> header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the <string.h> header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the <syslog.h> header file. */ +#undef HAVE_SYSLOG_H + +/* Define to 1 if you have the <sys/int_types.h> header file. */ +#undef HAVE_SYS_INT_TYPES_H + +/* Define to 1 if you have the <sys/socket.h> header file. */ +#undef HAVE_SYS_SOCKET_H + +/* Define to 1 if you have the <sys/stat.h> header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the <sys/types.h> header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the <sys/uio.h> header file. */ +#undef HAVE_SYS_UIO_H + +/* Define to 1 if the system has the type `uint16_t'. */ +#undef HAVE_UINT16_T + +/* Define to 1 if the system has the type `uint32_t'. */ +#undef HAVE_UINT32_T + +/* Define to 1 if the system has the type `uint64_t'. */ +#undef HAVE_UINT64_T + +/* Define to 1 if the system has the type `uint8_t'. */ +#undef HAVE_UINT8_T + +/* Define to 1 if you have the <unistd.h> header file. */ +#undef HAVE_UNISTD_H + +/* Define to 1 if you have the `usleep' function. */ +#undef HAVE_USLEEP + +/* Define to 1 if you have the <windows.h> header file. */ +#undef HAVE_WINDOWS_H + +/* Define to 1 if you have the <winsock2.h> header file. */ +#undef HAVE_WINSOCK2_H + +/* Define to use X86 inlined assembly code */ +#undef HAVE_X86 + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* The size of a `unsigned long', as computed by sizeof. */ +#undef SIZEOF_UNSIGNED_LONG + +/* The size of a `unsigned long long', as computed by sizeof. */ +#undef SIZEOF_UNSIGNED_LONG_LONG + +/* Define to use GDOI. */ +#undef SRTP_GDOI + +/* Define to compile for kernel contexts. */ +#undef SRTP_KERNEL + +/* Define to compile for Linux kernel context. */ +#undef SRTP_KERNEL_LINUX + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Write errors to this file */ +#undef USE_ERR_REPORTING_FILE + +/* Define to use syslog logging. */ +#undef USE_SYSLOG + +/* Define to 1 if your processor stores words with the most significant byte + first (like Motorola and SPARC, unlike Intel and VAX). */ +#undef WORDS_BIGENDIAN + +/* Define to empty if `const' does not conform to ANSI C. */ +#undef const + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +#undef inline +#endif + +/* Define to `unsigned' if <sys/types.h> does not define. */ +#undef size_t diff --git a/third_party/srtp/configure b/third_party/srtp/configure new file mode 100644 index 0000000..b959b11 --- /dev/null +++ b/third_party/srtp/configure @@ -0,0 +1,8603 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.59. +# +# Copyright (C) 2003 Free Software Foundation, Inc. +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi +DUALCASE=1; export DUALCASE # for MKS sh + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# Work around bugs in pre-3.0 UWIN ksh. +$as_unset ENV MAIL MAILPATH +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + $as_unset $as_var + fi +done + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)$' \| \ + . : '\(.\)' 2>/dev/null || +echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } + /^X\/\(\/\/\)$/{ s//\1/; q; } + /^X\/\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + + +# PATH needs CR, and LINENO needs CR and PATH. +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' + else + PATH_SEPARATOR=: + fi + rm -f conf$$.sh +fi + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" || { + # Find who we are. Look in the path if we contain no path at all + # relative or not. + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done + + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2 + { (exit 1); exit 1; }; } + fi + case $CONFIG_SHELL in + '') + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for as_base in sh bash ksh sh5; do + case $as_dir in + /*) + if ("$as_dir/$as_base" -c ' + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then + $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } + $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } + CONFIG_SHELL=$as_dir/$as_base + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$0" ${1+"$@"} + fi;; + esac + done +done +;; + esac + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line before each line; the second 'sed' does the real + # work. The second script uses 'N' to pair each line-number line + # with the numbered line, and appends trailing '-' during + # substitution so that $LINENO is not a special case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) + sed '=' <$as_myself | + sed ' + N + s,$,-, + : loop + s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, + t loop + s,-$,, + s,^['$as_cr_digits']*\n,, + ' >$as_me.lineno && + chmod +x $as_me.lineno || + { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensible to this). + . ./$as_me.lineno + # Exit status is that of the last command. + exit +} + + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_executable_p="test -f" + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH + + +# Name of the host. +# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +exec 6>&1 + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_config_libobj_dir=. +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} + +# Maximum number of lines to put in a shell here document. +# This variable seems obsolete. It should probably be removed, and +# only ac_max_sed_lines should be used. +: ${ac_max_here_lines=38} + +# Identity of this package. +PACKAGE_NAME= +PACKAGE_TARNAME= +PACKAGE_VERSION= +PACKAGE_STRING= +PACKAGE_BUGREPORT= + +ac_unique_file="srtp" +# Factoring default headers for most tests. +ac_includes_default="\ +#include <stdio.h> +#if HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif +#if HAVE_SYS_STAT_H +# include <sys/stat.h> +#endif +#if STDC_HEADERS +# include <stdlib.h> +# include <stddef.h> +#else +# if HAVE_STDLIB_H +# include <stdlib.h> +# endif +#endif +#if HAVE_STRING_H +# if !STDC_HEADERS && HAVE_MEMORY_H +# include <memory.h> +# endif +# include <string.h> +#endif +#if HAVE_STRINGS_H +# include <strings.h> +#endif +#if HAVE_INTTYPES_H +# include <inttypes.h> +#else +# if HAVE_STDINT_H +# include <stdint.h> +# endif +#endif +#if HAVE_UNISTD_H +# include <unistd.h> +#endif" + +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS RANLIB ac_ct_RANLIB CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA RNG_OBJS CPP EGREP build build_cpu build_vendor build_os host host_cpu host_vendor host_os EXE GDOI_OBJS LIBOBJS LTLIBOBJS' +ac_subst_files='' + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datadir='${prefix}/share' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +libdir='${exec_prefix}/lib' +includedir='${prefix}/include' +oldincludedir='/usr/include' +infodir='${prefix}/info' +mandir='${prefix}/man' + +ac_prev= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'` + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_option in + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad | --data | --dat | --da) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ + | --da=*) + datadir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + eval "enable_$ac_feature=no" ;; + + -enable-* | --enable-*) + ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + eval "enable_$ac_feature='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package| sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; + *) ac_optarg=yes ;; + esac + eval "with_$ac_package='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package | sed 's/-/_/g'` + eval "with_$ac_package=no" ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) { echo "$as_me: error: unrecognized option: $ac_option +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 + { (exit 1); exit 1; }; } + ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` + eval "$ac_envvar='$ac_optarg'" + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + { echo "$as_me: error: missing argument to $ac_option" >&2 + { (exit 1); exit 1; }; } +fi + +# Be sure to have absolute paths. +for ac_var in exec_prefix prefix +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* | NONE | '' ) ;; + *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; + esac +done + +# Be sure to have absolute paths. +for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \ + localstatedir libdir includedir oldincludedir infodir mandir +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* ) ;; + *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; + esac +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used." >&2 + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then its parent. + ac_confdir=`(dirname "$0") 2>/dev/null || +$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$0" : 'X\(//\)[^/]' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$0" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r $srcdir/$ac_unique_file; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r $srcdir/$ac_unique_file; then + if test "$ac_srcdir_defaulted" = yes; then + { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2 + { (exit 1); exit 1; }; } + else + { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 + { (exit 1); exit 1; }; } + fi +fi +(cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null || + { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2 + { (exit 1); exit 1; }; } +srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'` +ac_env_build_alias_set=${build_alias+set} +ac_env_build_alias_value=$build_alias +ac_cv_env_build_alias_set=${build_alias+set} +ac_cv_env_build_alias_value=$build_alias +ac_env_host_alias_set=${host_alias+set} +ac_env_host_alias_value=$host_alias +ac_cv_env_host_alias_set=${host_alias+set} +ac_cv_env_host_alias_value=$host_alias +ac_env_target_alias_set=${target_alias+set} +ac_env_target_alias_value=$target_alias +ac_cv_env_target_alias_set=${target_alias+set} +ac_cv_env_target_alias_value=$target_alias +ac_env_CC_set=${CC+set} +ac_env_CC_value=$CC +ac_cv_env_CC_set=${CC+set} +ac_cv_env_CC_value=$CC +ac_env_CFLAGS_set=${CFLAGS+set} +ac_env_CFLAGS_value=$CFLAGS +ac_cv_env_CFLAGS_set=${CFLAGS+set} +ac_cv_env_CFLAGS_value=$CFLAGS +ac_env_LDFLAGS_set=${LDFLAGS+set} +ac_env_LDFLAGS_value=$LDFLAGS +ac_cv_env_LDFLAGS_set=${LDFLAGS+set} +ac_cv_env_LDFLAGS_value=$LDFLAGS +ac_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_env_CPPFLAGS_value=$CPPFLAGS +ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_cv_env_CPPFLAGS_value=$CPPFLAGS +ac_env_CPP_set=${CPP+set} +ac_env_CPP_value=$CPP +ac_cv_env_CPP_set=${CPP+set} +ac_cv_env_CPP_value=$CPP + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures this package to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +_ACEOF + + cat <<_ACEOF +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --datadir=DIR read-only architecture-independent data [PREFIX/share] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --infodir=DIR info documentation [PREFIX/info] + --mandir=DIR man documentation [PREFIX/man] +_ACEOF + + cat <<\_ACEOF + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] +_ACEOF +fi + +if test -n "$ac_init_help"; then + + cat <<\_ACEOF + +Optional Features: + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --enable-kernel-linux build library to run in Linux kernel context + --disable-debug do not compile in dynamic debugging system + --enable-generic-aesicm compile in changes for ISMAcryp + --enable-syslog use syslog for error reporting + --disable-stdout don't use stdout for error reporting + --enable-console use /dev/console for error reporting + --enable-gdoi enable GDOI key management + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a + nonstandard directory <lib dir> + CPPFLAGS C/C++ preprocessor flags, e.g. -I<include dir> if you have + headers in a nonstandard directory <include dir> + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +_ACEOF +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + ac_popdir=`pwd` + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d $ac_dir || continue + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + cd $ac_dir + # Check for guested configure; otherwise get Cygnus style configure. + if test -f $ac_srcdir/configure.gnu; then + echo + $SHELL $ac_srcdir/configure.gnu --help=recursive + elif test -f $ac_srcdir/configure; then + echo + $SHELL $ac_srcdir/configure --help=recursive + elif test -f $ac_srcdir/configure.ac || + test -f $ac_srcdir/configure.in; then + echo + $ac_configure --help + else + echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi + cd $ac_popdir + done +fi + +test -n "$ac_init_help" && exit 0 +if $ac_init_version; then + cat <<\_ACEOF + +Copyright (C) 2003 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit 0 +fi +exec 5>config.log +cat >&5 <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by $as_me, which was +generated by GNU Autoconf 2.59. Invocation command line was + + $ $0 $@ + +_ACEOF +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +hostinfo = `(hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + echo "PATH: $as_dir" +done + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_sep= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) + ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; + 2) + ac_configure_args1="$ac_configure_args1 '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'" + # Get rid of the leading space. + ac_sep=" " + ;; + esac + done +done +$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } +$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Be sure not to use single quotes in there, as some shells, +# such as our DU 5.0 friend, will then `close' the trap. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + cat <<\_ASBOX +## ---------------- ## +## Cache variables. ## +## ---------------- ## +_ASBOX + echo + # The following way of writing the cache mishandles newlines in values, +{ + (set) 2>&1 | + case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in + *ac_space=\ *) + sed -n \ + "s/'"'"'/'"'"'\\\\'"'"''"'"'/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p" + ;; + *) + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} + echo + + cat <<\_ASBOX +## ----------------- ## +## Output variables. ## +## ----------------- ## +_ASBOX + echo + for ac_var in $ac_subst_vars + do + eval ac_val=$`echo $ac_var` + echo "$ac_var='"'"'$ac_val'"'"'" + done | sort + echo + + if test -n "$ac_subst_files"; then + cat <<\_ASBOX +## ------------- ## +## Output files. ## +## ------------- ## +_ASBOX + echo + for ac_var in $ac_subst_files + do + eval ac_val=$`echo $ac_var` + echo "$ac_var='"'"'$ac_val'"'"'" + done | sort + echo + fi + + if test -s confdefs.h; then + cat <<\_ASBOX +## ----------- ## +## confdefs.h. ## +## ----------- ## +_ASBOX + echo + sed "/^$/d" confdefs.h | sort + echo + fi + test "$ac_signal" != 0 && + echo "$as_me: caught signal $ac_signal" + echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core && + rm -rf conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status + ' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo >confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer explicitly selected file to automatically selected ones. +if test -z "$CONFIG_SITE"; then + if test "x$prefix" != xNONE; then + CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" + else + CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" + fi +fi +for ac_site_file in $CONFIG_SITE; do + if test -r "$ac_site_file"; then + { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 +echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special + # files actually), so we avoid doing that. + if test -f "$cache_file"; then + { echo "$as_me:$LINENO: loading cache $cache_file" >&5 +echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . $cache_file;; + *) . ./$cache_file;; + esac + fi +else + { echo "$as_me:$LINENO: creating cache $cache_file" >&5 +echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in `(set) 2>&1 | + sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val="\$ac_cv_env_${ac_var}_value" + eval ac_new_val="\$ac_env_${ac_var}_value" + case $ac_old_set,$ac_new_set in + set,) + { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 +echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { echo "$as_me:$LINENO: former value: $ac_old_val" >&5 +echo "$as_me: former value: $ac_old_val" >&2;} + { echo "$as_me:$LINENO: current value: $ac_new_val" >&5 +echo "$as_me: current value: $ac_new_val" >&2;} + ac_cache_corrupted=: + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) + ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 +echo "$as_me: error: changes in the environment can compromise the build" >&2;} + { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 +echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + + + + + + + + + + + + + + + + + +if test -z "$CFLAGS"; then + CFLAGS="-Wall -O4 -fexpensive-optimizations -funroll-loops" +fi + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_RANLIB+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + echo "$as_me:$LINENO: result: $RANLIB" >&5 +echo "${ECHO_T}$RANLIB" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + + test -z "$ac_cv_prog_ac_ct_RANLIB" && ac_cv_prog_ac_ct_RANLIB=":" +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5 +echo "${ECHO_T}$ac_ct_RANLIB" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + RANLIB=$ac_ct_RANLIB +else + RANLIB="$ac_cv_prog_RANLIB" +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + test -n "$ac_ct_CC" && break +done + + CC=$ac_ct_CC +fi + +fi + + +test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&5 +echo "$as_me: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +echo "$as_me:$LINENO:" \ + "checking for C compiler version" >&5 +ac_compiler=`set X $ac_compile; echo $2` +{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5 + (eval $ac_compiler --version </dev/null >&5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5 + (eval $ac_compiler -v </dev/null >&5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5 + (eval $ac_compiler -V </dev/null >&5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 +echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6 +ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` +if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5 + (eval $ac_link_default) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # Find the output, starting from the most likely. This scheme is +# not robust to junk in `.', hence go to wildcards (a.*) only as a last +# resort. + +# Be careful to initialize this variable, since it used to be cached. +# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile. +ac_cv_exeext= +# b.out is created by i960 compilers. +for ac_file in a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) + ;; + conftest.$ac_ext ) + # This is the source file. + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + # FIXME: I believe we export ac_cv_exeext for Libtool, + # but it would be cool to find out if it's true. Does anybody + # maintain Libtool? --akim. + export ac_cv_exeext + break;; + * ) + break;; + esac +done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { echo "$as_me:$LINENO: error: C compiler cannot create executables +See \`config.log' for more details." >&5 +echo "$as_me: error: C compiler cannot create executables +See \`config.log' for more details." >&2;} + { (exit 77); exit 77; }; } +fi + +ac_exeext=$ac_cv_exeext +echo "$as_me:$LINENO: result: $ac_file" >&5 +echo "${ECHO_T}$ac_file" >&6 + +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:$LINENO: checking whether the C compiler works" >&5 +echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6 +# FIXME: These cross compiler hacks should be removed for Autoconf 3.0 +# If not cross compiling, check that we can run a simple program. +if test "$cross_compiling" != yes; then + if { ac_try='./$ac_file' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { echo "$as_me:$LINENO: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + fi + fi +fi +echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +rm -f a.out a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 +echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6 +echo "$as_me:$LINENO: result: $cross_compiling" >&5 +echo "${ECHO_T}$cross_compiling" >&6 + +echo "$as_me:$LINENO: checking for suffix of executables" >&5 +echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6 +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + export ac_cv_exeext + break;; + * ) break;; + esac +done +else + { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest$ac_cv_exeext +echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 +echo "${ECHO_T}$ac_cv_exeext" >&6 + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +echo "$as_me:$LINENO: checking for suffix of object files" >&5 +echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6 +if test "${ac_cv_objext+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 +echo "${ECHO_T}$ac_cv_objext" >&6 +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 +echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6 +if test "${ac_cv_c_compiler_gnu+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_compiler_gnu=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_compiler_gnu=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 +echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6 +GCC=`test $ac_compiler_gnu = yes && echo yes` +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +CFLAGS="-g" +echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 +echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_g+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_g=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_prog_cc_g=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_g" >&6 +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 +echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_prog_cc_stdc=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <stdarg.h> +#include <stdio.h> +#include <sys/types.h> +#include <sys/stat.h> +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std1 is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std1. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +# Don't try gcc -ansi; that turns off useful extensions and +# breaks some systems' header files. +# AIX -qlanglvl=ansi +# Ultrix and OSF/1 -std1 +# HP-UX 10.20 and later -Ae +# HP-UX older versions -Aa -D_HPUX_SOURCE +# SVR4 -Xc -D__EXTENSIONS__ +for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_stdc=$ac_arg +break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext +done +rm -f conftest.$ac_ext conftest.$ac_objext +CC=$ac_save_CC + +fi + +case "x$ac_cv_prog_cc_stdc" in + x|xno) + echo "$as_me:$LINENO: result: none needed" >&5 +echo "${ECHO_T}none needed" >&6 ;; + *) + echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6 + CC="$CC $ac_cv_prog_cc_stdc" ;; +esac + +# Some people use a C++ compiler to compile C. Since we use `exit', +# in C++ we need to declare it. In case someone uses the same compiler +# for both compiling C and C++ we need to have the C++ compiler decide +# the declaration of exit, since it's the most demanding environment. +cat >conftest.$ac_ext <<_ACEOF +#ifndef __cplusplus + choke me +#endif +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + for ac_declaration in \ + '' \ + 'extern "C" void std::exit (int) throw (); using std::exit;' \ + 'extern "C" void std::exit (int); using std::exit;' \ + 'extern "C" void exit (int) throw ();' \ + 'extern "C" void exit (int);' \ + 'void exit (int);' +do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +#include <stdlib.h> +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +continue +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +done +rm -f conftest* +if test -n "$ac_declaration"; then + echo '#ifdef __cplusplus' >>confdefs.h + echo $ac_declaration >>confdefs.h + echo '#endif' >>confdefs.h +fi + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +ac_aux_dir= +for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do + if test -f $ac_dir/install-sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f $ac_dir/install.sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f $ac_dir/shtool; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5 +echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;} + { (exit 1); exit 1; }; } +fi +ac_config_guess="$SHELL $ac_aux_dir/config.guess" +ac_config_sub="$SHELL $ac_aux_dir/config.sub" +ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure. + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 +echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6 +if test -z "$INSTALL"; then +if test "${ac_cv_path_install+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in + ./ | .// | /cC/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + done + done + ;; +esac +done + + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. We don't cache a + # path for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the path is relative. + INSTALL=$ac_install_sh + fi +fi +echo "$as_me:$LINENO: result: $INSTALL" >&5 +echo "${ECHO_T}$INSTALL" >&6 + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + + + +# Check whether --enable-kernel-linux or --disable-kernel-linux was given. +if test "${enable_kernel_linux+set}" = set; then + enableval="$enable_kernel_linux" + +else + enable_kernel_linux=no +fi; +echo "$as_me:$LINENO: checking whether to build for Linux kernel context" >&5 +echo $ECHO_N "checking whether to build for Linux kernel context... $ECHO_C" >&6 +if test "$enable_kernel_linux" = "yes"; then + +cat >>confdefs.h <<\_ACEOF +#define SRTP_KERNEL 1 +_ACEOF + + +cat >>confdefs.h <<\_ACEOF +#define SRTP_KERNEL_LINUX 1 +_ACEOF + +fi +echo "$as_me:$LINENO: result: $enable_kernel_linux" >&5 +echo "${ECHO_T}$enable_kernel_linux" >&6 + +if test "$cross_compiling" != yes; then + echo "$as_me:$LINENO: checking for /dev/urandom" >&5 +echo $ECHO_N "checking for /dev/urandom... $ECHO_C" >&6 +if test "${ac_cv_file__dev_urandom+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + test "$cross_compiling" = yes && + { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5 +echo "$as_me: error: cannot check for file existence when cross compiling" >&2;} + { (exit 1); exit 1; }; } +if test -r "/dev/urandom"; then + ac_cv_file__dev_urandom=yes +else + ac_cv_file__dev_urandom=no +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_file__dev_urandom" >&5 +echo "${ECHO_T}$ac_cv_file__dev_urandom" >&6 +if test $ac_cv_file__dev_urandom = yes; then + DEV_URANDOM=/dev/urandom +else + echo "$as_me:$LINENO: checking for /dev/random" >&5 +echo $ECHO_N "checking for /dev/random... $ECHO_C" >&6 +if test "${ac_cv_file__dev_random+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + test "$cross_compiling" = yes && + { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5 +echo "$as_me: error: cannot check for file existence when cross compiling" >&2;} + { (exit 1); exit 1; }; } +if test -r "/dev/random"; then + ac_cv_file__dev_random=yes +else + ac_cv_file__dev_random=no +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_file__dev_random" >&5 +echo "${ECHO_T}$ac_cv_file__dev_random" >&6 +if test $ac_cv_file__dev_random = yes; then + DEV_URANDOM=/dev/random +fi + +fi + +fi + +echo "$as_me:$LINENO: checking which random device to use" >&5 +echo $ECHO_N "checking which random device to use... $ECHO_C" >&6 +if test "$enable_kernel_linux" = "yes"; then + RNG_OBJS=rand_linux_kernel.o + echo "$as_me:$LINENO: result: Linux kernel builtin" >&5 +echo "${ECHO_T}Linux kernel builtin" >&6 +else + RNG_OBJS=rand_source.o + if test -n "$DEV_URANDOM"; then + +cat >>confdefs.h <<_ACEOF +#define DEV_URANDOM "$DEV_URANDOM" +_ACEOF + + echo "$as_me:$LINENO: result: $DEV_URANDOM" >&5 +echo "${ECHO_T}$DEV_URANDOM" >&6 + else + echo "$as_me:$LINENO: result: standard rand() function..." >&5 +echo "${ECHO_T}standard rand() function..." >&6 + fi +fi + + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 +echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6 +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if test "${ac_cv_prog_CPP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + # <limits.h> exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + Syntax error +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <ac_nonexistent.h> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +echo "$as_me:$LINENO: result: $CPP" >&5 +echo "${ECHO_T}$CPP" >&6 +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + # <limits.h> exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + Syntax error +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <ac_nonexistent.h> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + : +else + { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&5 +echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +echo "$as_me:$LINENO: checking for egrep" >&5 +echo $ECHO_N "checking for egrep... $ECHO_C" >&6 +if test "${ac_cv_prog_egrep+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if echo a | (grep -E '(a|b)') >/dev/null 2>&1 + then ac_cv_prog_egrep='grep -E' + else ac_cv_prog_egrep='egrep' + fi +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5 +echo "${ECHO_T}$ac_cv_prog_egrep" >&6 + EGREP=$ac_cv_prog_egrep + + +echo "$as_me:$LINENO: checking for ANSI C header files" >&5 +echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6 +if test "${ac_cv_header_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <stdlib.h> +#include <stdarg.h> +#include <string.h> +#include <float.h> + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_header_stdc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_header_stdc=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <string.h> + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <stdlib.h> + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then + : +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <ctype.h> +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + exit(2); + exit (0); +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_header_stdc=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 +echo "${ECHO_T}$ac_cv_header_stdc" >&6 +if test $ac_cv_header_stdc = yes; then + +cat >>confdefs.h <<\_ACEOF +#define STDC_HEADERS 1 +_ACEOF + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. + + + + + + + + + +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default + +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_Header=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_Header=no" +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + +for ac_header in stdlib.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in unistd.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in byteswap.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in stdint.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in sys/uio.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in inttypes.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in sys/types.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in machine/types.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in sys/int_types.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + + + +for ac_header in sys/socket.h netinet/in.h arpa/inet.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in windows.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +for ac_header in winsock2.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + +fi + +done + + + +for ac_header in syslog.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +echo "$as_me:$LINENO: checking for int8_t" >&5 +echo $ECHO_N "checking for int8_t... $ECHO_C" >&6 +if test "${ac_cv_type_int8_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((int8_t *) 0) + return 0; +if (sizeof (int8_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_int8_t=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_int8_t=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_int8_t" >&5 +echo "${ECHO_T}$ac_cv_type_int8_t" >&6 +if test $ac_cv_type_int8_t = yes; then + +cat >>confdefs.h <<_ACEOF +#define HAVE_INT8_T 1 +_ACEOF + + +fi +echo "$as_me:$LINENO: checking for uint8_t" >&5 +echo $ECHO_N "checking for uint8_t... $ECHO_C" >&6 +if test "${ac_cv_type_uint8_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((uint8_t *) 0) + return 0; +if (sizeof (uint8_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_uint8_t=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_uint8_t=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_uint8_t" >&5 +echo "${ECHO_T}$ac_cv_type_uint8_t" >&6 +if test $ac_cv_type_uint8_t = yes; then + +cat >>confdefs.h <<_ACEOF +#define HAVE_UINT8_T 1 +_ACEOF + + +fi +echo "$as_me:$LINENO: checking for int16_t" >&5 +echo $ECHO_N "checking for int16_t... $ECHO_C" >&6 +if test "${ac_cv_type_int16_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((int16_t *) 0) + return 0; +if (sizeof (int16_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_int16_t=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_int16_t=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_int16_t" >&5 +echo "${ECHO_T}$ac_cv_type_int16_t" >&6 +if test $ac_cv_type_int16_t = yes; then + +cat >>confdefs.h <<_ACEOF +#define HAVE_INT16_T 1 +_ACEOF + + +fi +echo "$as_me:$LINENO: checking for uint16_t" >&5 +echo $ECHO_N "checking for uint16_t... $ECHO_C" >&6 +if test "${ac_cv_type_uint16_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((uint16_t *) 0) + return 0; +if (sizeof (uint16_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_uint16_t=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_uint16_t=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_uint16_t" >&5 +echo "${ECHO_T}$ac_cv_type_uint16_t" >&6 +if test $ac_cv_type_uint16_t = yes; then + +cat >>confdefs.h <<_ACEOF +#define HAVE_UINT16_T 1 +_ACEOF + + +fi +echo "$as_me:$LINENO: checking for int32_t" >&5 +echo $ECHO_N "checking for int32_t... $ECHO_C" >&6 +if test "${ac_cv_type_int32_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((int32_t *) 0) + return 0; +if (sizeof (int32_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_int32_t=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_int32_t=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_int32_t" >&5 +echo "${ECHO_T}$ac_cv_type_int32_t" >&6 +if test $ac_cv_type_int32_t = yes; then + +cat >>confdefs.h <<_ACEOF +#define HAVE_INT32_T 1 +_ACEOF + + +fi +echo "$as_me:$LINENO: checking for uint32_t" >&5 +echo $ECHO_N "checking for uint32_t... $ECHO_C" >&6 +if test "${ac_cv_type_uint32_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((uint32_t *) 0) + return 0; +if (sizeof (uint32_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_uint32_t=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_uint32_t=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_uint32_t" >&5 +echo "${ECHO_T}$ac_cv_type_uint32_t" >&6 +if test $ac_cv_type_uint32_t = yes; then + +cat >>confdefs.h <<_ACEOF +#define HAVE_UINT32_T 1 +_ACEOF + + +fi +echo "$as_me:$LINENO: checking for uint64_t" >&5 +echo $ECHO_N "checking for uint64_t... $ECHO_C" >&6 +if test "${ac_cv_type_uint64_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((uint64_t *) 0) + return 0; +if (sizeof (uint64_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_uint64_t=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_uint64_t=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_uint64_t" >&5 +echo "${ECHO_T}$ac_cv_type_uint64_t" >&6 +if test $ac_cv_type_uint64_t = yes; then + +cat >>confdefs.h <<_ACEOF +#define HAVE_UINT64_T 1 +_ACEOF + + +fi + +echo "$as_me:$LINENO: checking for unsigned long" >&5 +echo $ECHO_N "checking for unsigned long... $ECHO_C" >&6 +if test "${ac_cv_type_unsigned_long+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((unsigned long *) 0) + return 0; +if (sizeof (unsigned long)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_unsigned_long=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_unsigned_long=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_unsigned_long" >&5 +echo "${ECHO_T}$ac_cv_type_unsigned_long" >&6 + +echo "$as_me:$LINENO: checking size of unsigned long" >&5 +echo $ECHO_N "checking size of unsigned long... $ECHO_C" >&6 +if test "${ac_cv_sizeof_unsigned_long+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test "$ac_cv_type_unsigned_long" = yes; then + # The cast to unsigned long works around a bug in the HP C Compiler + # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects + # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. + # This bug is HP SR number 8606223364. + if test "$cross_compiling" = yes; then + # Depending upon the size, compute the lo and hi bounds. +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static int test_array [1 - 2 * !(((long) (sizeof (unsigned long))) >= 0)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_lo=0 ac_mid=0 + while :; do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static int test_array [1 - 2 * !(((long) (sizeof (unsigned long))) <= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_hi=$ac_mid; break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_lo=`expr $ac_mid + 1` + if test $ac_lo -le $ac_mid; then + ac_lo= ac_hi= + break + fi + ac_mid=`expr 2 '*' $ac_mid + 1` +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static int test_array [1 - 2 * !(((long) (sizeof (unsigned long))) < 0)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_hi=-1 ac_mid=-1 + while :; do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static int test_array [1 - 2 * !(((long) (sizeof (unsigned long))) >= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_lo=$ac_mid; break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_hi=`expr '(' $ac_mid ')' - 1` + if test $ac_mid -le $ac_hi; then + ac_lo= ac_hi= + break + fi + ac_mid=`expr 2 '*' $ac_mid` +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_lo= ac_hi= +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +# Binary search between lo and hi bounds. +while test "x$ac_lo" != "x$ac_hi"; do + ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static int test_array [1 - 2 * !(((long) (sizeof (unsigned long))) <= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_hi=$ac_mid +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_lo=`expr '(' $ac_mid ')' + 1` +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +done +case $ac_lo in +?*) ac_cv_sizeof_unsigned_long=$ac_lo;; +'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (unsigned long), 77 +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute sizeof (unsigned long), 77 +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } ;; +esac +else + if test "$cross_compiling" = yes; then + { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot run test program while cross compiling +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +long longval () { return (long) (sizeof (unsigned long)); } +unsigned long ulongval () { return (long) (sizeof (unsigned long)); } +#include <stdio.h> +#include <stdlib.h> +int +main () +{ + + FILE *f = fopen ("conftest.val", "w"); + if (! f) + exit (1); + if (((long) (sizeof (unsigned long))) < 0) + { + long i = longval (); + if (i != ((long) (sizeof (unsigned long)))) + exit (1); + fprintf (f, "%ld\n", i); + } + else + { + unsigned long i = ulongval (); + if (i != ((long) (sizeof (unsigned long)))) + exit (1); + fprintf (f, "%lu\n", i); + } + exit (ferror (f) || fclose (f) != 0); + + ; + return 0; +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_sizeof_unsigned_long=`cat conftest.val` +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +{ { echo "$as_me:$LINENO: error: cannot compute sizeof (unsigned long), 77 +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute sizeof (unsigned long), 77 +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +rm -f conftest.val +else + ac_cv_sizeof_unsigned_long=0 +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_sizeof_unsigned_long" >&5 +echo "${ECHO_T}$ac_cv_sizeof_unsigned_long" >&6 +cat >>confdefs.h <<_ACEOF +#define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long +_ACEOF + + +echo "$as_me:$LINENO: checking for unsigned long long" >&5 +echo $ECHO_N "checking for unsigned long long... $ECHO_C" >&6 +if test "${ac_cv_type_unsigned_long_long+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((unsigned long long *) 0) + return 0; +if (sizeof (unsigned long long)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_unsigned_long_long=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_unsigned_long_long=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_unsigned_long_long" >&5 +echo "${ECHO_T}$ac_cv_type_unsigned_long_long" >&6 + +echo "$as_me:$LINENO: checking size of unsigned long long" >&5 +echo $ECHO_N "checking size of unsigned long long... $ECHO_C" >&6 +if test "${ac_cv_sizeof_unsigned_long_long+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test "$ac_cv_type_unsigned_long_long" = yes; then + # The cast to unsigned long works around a bug in the HP C Compiler + # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects + # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. + # This bug is HP SR number 8606223364. + if test "$cross_compiling" = yes; then + # Depending upon the size, compute the lo and hi bounds. +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static int test_array [1 - 2 * !(((long) (sizeof (unsigned long long))) >= 0)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_lo=0 ac_mid=0 + while :; do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static int test_array [1 - 2 * !(((long) (sizeof (unsigned long long))) <= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_hi=$ac_mid; break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_lo=`expr $ac_mid + 1` + if test $ac_lo -le $ac_mid; then + ac_lo= ac_hi= + break + fi + ac_mid=`expr 2 '*' $ac_mid + 1` +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static int test_array [1 - 2 * !(((long) (sizeof (unsigned long long))) < 0)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_hi=-1 ac_mid=-1 + while :; do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static int test_array [1 - 2 * !(((long) (sizeof (unsigned long long))) >= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_lo=$ac_mid; break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_hi=`expr '(' $ac_mid ')' - 1` + if test $ac_mid -le $ac_hi; then + ac_lo= ac_hi= + break + fi + ac_mid=`expr 2 '*' $ac_mid` +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_lo= ac_hi= +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +# Binary search between lo and hi bounds. +while test "x$ac_lo" != "x$ac_hi"; do + ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static int test_array [1 - 2 * !(((long) (sizeof (unsigned long long))) <= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_hi=$ac_mid +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_lo=`expr '(' $ac_mid ')' + 1` +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +done +case $ac_lo in +?*) ac_cv_sizeof_unsigned_long_long=$ac_lo;; +'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (unsigned long long), 77 +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute sizeof (unsigned long long), 77 +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } ;; +esac +else + if test "$cross_compiling" = yes; then + { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot run test program while cross compiling +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +long longval () { return (long) (sizeof (unsigned long long)); } +unsigned long ulongval () { return (long) (sizeof (unsigned long long)); } +#include <stdio.h> +#include <stdlib.h> +int +main () +{ + + FILE *f = fopen ("conftest.val", "w"); + if (! f) + exit (1); + if (((long) (sizeof (unsigned long long))) < 0) + { + long i = longval (); + if (i != ((long) (sizeof (unsigned long long)))) + exit (1); + fprintf (f, "%ld\n", i); + } + else + { + unsigned long i = ulongval (); + if (i != ((long) (sizeof (unsigned long long)))) + exit (1); + fprintf (f, "%lu\n", i); + } + exit (ferror (f) || fclose (f) != 0); + + ; + return 0; +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_sizeof_unsigned_long_long=`cat conftest.val` +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +{ { echo "$as_me:$LINENO: error: cannot compute sizeof (unsigned long long), 77 +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute sizeof (unsigned long long), 77 +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +rm -f conftest.val +else + ac_cv_sizeof_unsigned_long_long=0 +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_sizeof_unsigned_long_long" >&5 +echo "${ECHO_T}$ac_cv_sizeof_unsigned_long_long" >&6 +cat >>confdefs.h <<_ACEOF +#define SIZEOF_UNSIGNED_LONG_LONG $ac_cv_sizeof_unsigned_long_long +_ACEOF + + + +echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5 +echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6 +if test "${ac_cv_c_const+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +/* FIXME: Include the comments suggested by Paul. */ +#ifndef __cplusplus + /* Ultrix mips cc rejects this. */ + typedef int charset[2]; + const charset x; + /* SunOS 4.1.1 cc rejects this. */ + char const *const *ccp; + char **p; + /* NEC SVR4.0.2 mips cc rejects this. */ + struct point {int x, y;}; + static struct point const zero = {0,0}; + /* AIX XL C 1.02.0.0 rejects this. + It does not let you subtract one const X* pointer from another in + an arm of an if-expression whose if-part is not a constant + expression */ + const char *g = "string"; + ccp = &g + (g ? g-g : 0); + /* HPUX 7.0 cc rejects these. */ + ++ccp; + p = (char**) ccp; + ccp = (char const *const *) p; + { /* SCO 3.2v4 cc rejects this. */ + char *t; + char const *s = 0 ? (char *) 0 : (char const *) 0; + + *t++ = 0; + } + { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ + int x[] = {25, 17}; + const int *foo = &x[0]; + ++foo; + } + { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ + typedef const int *iptr; + iptr p = 0; + ++p; + } + { /* AIX XL C 1.02.0.0 rejects this saying + "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ + struct s { int j; const int *ap[3]; }; + struct s *b; b->j = 5; + } + { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ + const int foo = 10; + } +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_c_const=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_c_const=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5 +echo "${ECHO_T}$ac_cv_c_const" >&6 +if test $ac_cv_c_const = no; then + +cat >>confdefs.h <<\_ACEOF +#define const +_ACEOF + +fi + +echo "$as_me:$LINENO: checking for inline" >&5 +echo $ECHO_N "checking for inline... $ECHO_C" >&6 +if test "${ac_cv_c_inline+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_c_inline=no +for ac_kw in inline __inline__ __inline; do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifndef __cplusplus +typedef int foo_t; +static $ac_kw foo_t static_foo () {return 0; } +$ac_kw foo_t foo () {return 0; } +#endif + +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_c_inline=$ac_kw; break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +done + +fi +echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5 +echo "${ECHO_T}$ac_cv_c_inline" >&6 + + +case $ac_cv_c_inline in + inline | yes) ;; + *) + case $ac_cv_c_inline in + no) ac_val=;; + *) ac_val=$ac_cv_c_inline;; + esac + cat >>confdefs.h <<_ACEOF +#ifndef __cplusplus +#define inline $ac_val +#endif +_ACEOF + ;; +esac + +echo "$as_me:$LINENO: checking for size_t" >&5 +echo $ECHO_N "checking for size_t... $ECHO_C" >&6 +if test "${ac_cv_type_size_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((size_t *) 0) + return 0; +if (sizeof (size_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_size_t=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_type_size_t=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_size_t" >&5 +echo "${ECHO_T}$ac_cv_type_size_t" >&6 +if test $ac_cv_type_size_t = yes; then + : +else + +cat >>confdefs.h <<_ACEOF +#define size_t unsigned +_ACEOF + +fi + + + + + +for ac_func in socket inet_aton usleep +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func. + For example, HP-UX 11i <limits.h> declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + <limits.h> exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + +#undef $ac_func + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +char (*f) () = $ac_func; +#endif +#ifdef __cplusplus +} +#endif + +int +main () +{ +return f != $ac_func; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_var=no" +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +if test "x$ac_cv_func_socket" = "xno"; then + +echo "$as_me:$LINENO: checking for socket in -lsocket" >&5 +echo $ECHO_N "checking for socket in -lsocket... $ECHO_C" >&6 +if test "${ac_cv_lib_socket_socket+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsocket $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char socket (); +int +main () +{ +socket (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_socket_socket=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_socket_socket=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_socket_socket" >&5 +echo "${ECHO_T}$ac_cv_lib_socket_socket" >&6 +if test $ac_cv_lib_socket_socket = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBSOCKET 1 +_ACEOF + + LIBS="-lsocket $LIBS" + +fi + + echo "$as_me:$LINENO: checking for socket in -lwsock32" >&5 +echo $ECHO_N "checking for socket in -lwsock32... $ECHO_C" >&6 + SAVELIBS="$LIBS" + LIBS="$LIBS -lwsock32" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +#include <winsock2.h> + +int +main () +{ + +socket(0, 0, 0); + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_socket=yes + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +LIBS="$SAVELIBS" + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi + +echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5 +echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6 +if test "${ac_cv_c_bigendian+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # See if sys/param.h defines the BYTE_ORDER macro. +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <sys/types.h> +#include <sys/param.h> + +int +main () +{ +#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN + bogus endian macros +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + # It does; now see whether it defined to BIG_ENDIAN or not. +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <sys/types.h> +#include <sys/param.h> + +int +main () +{ +#if BYTE_ORDER != BIG_ENDIAN + not big endian +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_c_bigendian=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_c_bigendian=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +# It does not; compile a test program. +if test "$cross_compiling" = yes; then + # try to guess the endianness by grepping values into an object file + ac_cv_c_bigendian=unknown + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +short ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; +short ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; +void _ascii () { char *s = (char *) ascii_mm; s = (char *) ascii_ii; } +short ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; +short ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; +void _ebcdic () { char *s = (char *) ebcdic_mm; s = (char *) ebcdic_ii; } +int +main () +{ + _ascii (); _ebcdic (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + if grep BIGenDianSyS conftest.$ac_objext >/dev/null ; then + ac_cv_c_bigendian=yes +fi +if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then + if test "$ac_cv_c_bigendian" = unknown; then + ac_cv_c_bigendian=no + else + # finding both strings is unlikely to happen, but who knows? + ac_cv_c_bigendian=unknown + fi +fi +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +int +main () +{ + /* Are we little or big endian? From Harbison&Steele. */ + union + { + long l; + char c[sizeof (long)]; + } u; + u.l = 1; + exit (u.c[sizeof (long) - 1] == 1); +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_c_bigendian=no +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_c_bigendian=yes +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5 +echo "${ECHO_T}$ac_cv_c_bigendian" >&6 +case $ac_cv_c_bigendian in + yes) + +cat >>confdefs.h <<\_ACEOF +#define WORDS_BIGENDIAN 1 +_ACEOF + ;; + no) + ;; + *) + { { echo "$as_me:$LINENO: error: unknown endianness +presetting ac_cv_c_bigendian=no (or yes) will help" >&5 +echo "$as_me: error: unknown endianness +presetting ac_cv_c_bigendian=no (or yes) will help" >&2;} + { (exit 1); exit 1; }; } ;; +esac + + +# Make sure we can run config.sub. +$ac_config_sub sun4 >/dev/null 2>&1 || + { { echo "$as_me:$LINENO: error: cannot run $ac_config_sub" >&5 +echo "$as_me: error: cannot run $ac_config_sub" >&2;} + { (exit 1); exit 1; }; } + +echo "$as_me:$LINENO: checking build system type" >&5 +echo $ECHO_N "checking build system type... $ECHO_C" >&6 +if test "${ac_cv_build+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_build_alias=$build_alias +test -z "$ac_cv_build_alias" && + ac_cv_build_alias=`$ac_config_guess` +test -z "$ac_cv_build_alias" && + { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5 +echo "$as_me: error: cannot guess build type; you must specify one" >&2;} + { (exit 1); exit 1; }; } +ac_cv_build=`$ac_config_sub $ac_cv_build_alias` || + { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_build_alias failed" >&5 +echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed" >&2;} + { (exit 1); exit 1; }; } + +fi +echo "$as_me:$LINENO: result: $ac_cv_build" >&5 +echo "${ECHO_T}$ac_cv_build" >&6 +build=$ac_cv_build +build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` + + +echo "$as_me:$LINENO: checking host system type" >&5 +echo $ECHO_N "checking host system type... $ECHO_C" >&6 +if test "${ac_cv_host+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_host_alias=$host_alias +test -z "$ac_cv_host_alias" && + ac_cv_host_alias=$ac_cv_build_alias +ac_cv_host=`$ac_config_sub $ac_cv_host_alias` || + { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_host_alias failed" >&5 +echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;} + { (exit 1); exit 1; }; } + +fi +echo "$as_me:$LINENO: result: $ac_cv_host" >&5 +echo "${ECHO_T}$ac_cv_host" >&6 +host=$ac_cv_host +host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` + + + +case $host_cpu in + i*86 ) + +cat >>confdefs.h <<\_ACEOF +#define CPU_CISC 1 +_ACEOF + + +cat >>confdefs.h <<\_ACEOF +#define HAVE_X86 1 +_ACEOF +;; + * ) + # CPU_RISC is only supported for big endian machines. + if test "$ac_cv_c_bigendian" = "yes"; then + +cat >>confdefs.h <<\_ACEOF +#define CPU_RISC 1 +_ACEOF + + else + cat >>confdefs.h <<\_ACEOF +#define CPU_CISC 1 +_ACEOF + + fi + ;; +esac + +case $host_os in + *cygwin*|*mingw* ) + EXE=.exe;; + * ) EXE="";; +esac + + # define executable suffix; this is needed for `make clean' + +echo "$as_me:$LINENO: checking whether to compile in debugging" >&5 +echo $ECHO_N "checking whether to compile in debugging... $ECHO_C" >&6 +# Check whether --enable-debug or --disable-debug was given. +if test "${enable_debug+set}" = set; then + enableval="$enable_debug" + +else + enable_debug=yes +fi; +if test "$enable_debug" = "yes"; then + +cat >>confdefs.h <<\_ACEOF +#define ENABLE_DEBUGGING 1 +_ACEOF + +fi +echo "$as_me:$LINENO: result: $enable_debug" >&5 +echo "${ECHO_T}$enable_debug" >&6 + +echo "$as_me:$LINENO: checking whether to use ISMAcryp code" >&5 +echo $ECHO_N "checking whether to use ISMAcryp code... $ECHO_C" >&6 +# Check whether --enable-generic-aesicm or --disable-generic-aesicm was given. +if test "${enable_generic_aesicm+set}" = set; then + enableval="$enable_generic_aesicm" + +else + enable_generic_aesicm=no +fi; +if test "$enable_generic_aesicm" = "yes"; then + +cat >>confdefs.h <<\_ACEOF +#define GENERIC_AESICM 1 +_ACEOF + +fi +echo "$as_me:$LINENO: result: $enable_generic_aesicm" >&5 +echo "${ECHO_T}$enable_generic_aesicm" >&6 + +echo "$as_me:$LINENO: checking whether to use syslog for error reporting" >&5 +echo $ECHO_N "checking whether to use syslog for error reporting... $ECHO_C" >&6 +# Check whether --enable-syslog or --disable-syslog was given. +if test "${enable_syslog+set}" = set; then + enableval="$enable_syslog" + +else + enable_syslog=no +fi; +if test "$enable_syslog" = "yes"; then + +cat >>confdefs.h <<\_ACEOF +#define USE_SYSLOG 1 +_ACEOF + +fi +echo "$as_me:$LINENO: result: $enable_syslog" >&5 +echo "${ECHO_T}$enable_syslog" >&6 + +echo "$as_me:$LINENO: checking whether to use stdout for error reporting" >&5 +echo $ECHO_N "checking whether to use stdout for error reporting... $ECHO_C" >&6 +# Check whether --enable-stdout or --disable-stdout was given. +if test "${enable_stdout+set}" = set; then + enableval="$enable_stdout" + +else + enable_stdout=yes +fi; +if test "$enable_stdout" = "yes"; then + +cat >>confdefs.h <<\_ACEOF +#define ERR_REPORTING_STDOUT 1 +_ACEOF + +fi +echo "$as_me:$LINENO: result: $enable_stdout" >&5 +echo "${ECHO_T}$enable_stdout" >&6 + +echo "$as_me:$LINENO: checking whether to use /dev/console for error reporting" >&5 +echo $ECHO_N "checking whether to use /dev/console for error reporting... $ECHO_C" >&6 +# Check whether --enable-console or --disable-console was given. +if test "${enable_console+set}" = set; then + enableval="$enable_console" + +else + enable_console=no +fi; +if test "$enable_console" = "yes"; then + +cat >>confdefs.h <<\_ACEOF +#define USE_ERR_REPORTING_FILE 1 +_ACEOF + + +cat >>confdefs.h <<\_ACEOF +#define ERR_REPORTING_FILE "/dev/console" +_ACEOF + +fi +echo "$as_me:$LINENO: result: $enable_console" >&5 +echo "${ECHO_T}$enable_console" >&6 + +echo "$as_me:$LINENO: checking whether to use GDOI key management" >&5 +echo $ECHO_N "checking whether to use GDOI key management... $ECHO_C" >&6 +# Check whether --enable-gdoi or --disable-gdoi was given. +if test "${enable_gdoi+set}" = set; then + enableval="$enable_gdoi" + +else + enable_gdoi=no +fi; +if test "$enable_gdoi" = "yes"; then + +cat >>confdefs.h <<\_ACEOF +#define SRTP_GDOI 1 +_ACEOF + + GDOI_OBJS=gdoi/srtp+gdoi.o + +fi +echo "$as_me:$LINENO: result: $enable_gdoi" >&5 +echo "${ECHO_T}$enable_gdoi" >&6 + + ac_config_headers="$ac_config_headers crypto/include/config.h:config_in.h" + + + ac_config_files="$ac_config_files Makefile crypto/Makefile doc/Makefile" +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +{ + (set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} | + sed ' + t clear + : clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + : end' >>confcache +if diff $cache_file confcache >/dev/null 2>&1; then :; else + if test -w $cache_file; then + test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" + cat confcache >$cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# VPATH may cause trouble with some makes, so we remove $(srcdir), +# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=/{ +s/:*\$(srcdir):*/:/; +s/:*\${srcdir}:*/:/; +s/:*@srcdir@:*/:/; +s/^\([^=]*=[ ]*\):*/\1/; +s/:*$//; +s/^[^=]*=[ ]*$//; +}' +fi + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_i=`echo "$ac_i" | + sed 's/\$U\././;s/\.o$//;s/\.obj$//'` + # 2. Add them. + ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext" + ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + +: ${CONFIG_STATUS=./config.status} +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 +echo "$as_me: creating $CONFIG_STATUS" >&6;} +cat >$CONFIG_STATUS <<_ACEOF +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false +SHELL=\${CONFIG_SHELL-$SHELL} +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi +DUALCASE=1; export DUALCASE # for MKS sh + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# Work around bugs in pre-3.0 UWIN ksh. +$as_unset ENV MAIL MAILPATH +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + $as_unset $as_var + fi +done + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)$' \| \ + . : '\(.\)' 2>/dev/null || +echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } + /^X\/\(\/\/\)$/{ s//\1/; q; } + /^X\/\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + + +# PATH needs CR, and LINENO needs CR and PATH. +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' + else + PATH_SEPARATOR=: + fi + rm -f conf$$.sh +fi + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" || { + # Find who we are. Look in the path if we contain no path at all + # relative or not. + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done + + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5 +echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;} + { (exit 1); exit 1; }; } + fi + case $CONFIG_SHELL in + '') + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for as_base in sh bash ksh sh5; do + case $as_dir in + /*) + if ("$as_dir/$as_base" -c ' + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then + $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } + $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } + CONFIG_SHELL=$as_dir/$as_base + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$0" ${1+"$@"} + fi;; + esac + done +done +;; + esac + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line before each line; the second 'sed' does the real + # work. The second script uses 'N' to pair each line-number line + # with the numbered line, and appends trailing '-' during + # substitution so that $LINENO is not a special case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) + sed '=' <$as_myself | + sed ' + N + s,$,-, + : loop + s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, + t loop + s,-$,, + s,^['$as_cr_digits']*\n,, + ' >$as_me.lineno && + chmod +x $as_me.lineno || + { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5 +echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;} + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensible to this). + . ./$as_me.lineno + # Exit status is that of the last command. + exit +} + + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_executable_p="test -f" + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH + +exec 6>&1 + +# Open the log real soon, to keep \$[0] and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. Logging --version etc. is OK. +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX +} >&5 +cat >&5 <<_CSEOF + +This file was extended by $as_me, which was +generated by GNU Autoconf 2.59. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +_CSEOF +echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5 +echo >&5 +_ACEOF + +# Files that config.status was made for. +if test -n "$ac_config_files"; then + echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_headers"; then + echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_links"; then + echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_commands"; then + echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS +fi + +cat >>$CONFIG_STATUS <<\_ACEOF + +ac_cs_usage="\ +\`$as_me' instantiates files from templates according to the +current configuration. + +Usage: $0 [OPTIONS] [FILE]... + + -h, --help print this help, then exit + -V, --version print version number, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Report bugs to <bug-autoconf@gnu.org>." +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF +ac_cs_version="\\ +config.status +configured by $0, generated by GNU Autoconf 2.59, + with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" + +Copyright (C) 2003 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." +srcdir=$srcdir +INSTALL="$INSTALL" +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +# If no file are specified by the user, then we need to provide default +# value. By we need to know if files were specified by the user. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=*) + ac_option=`expr "x$1" : 'x\([^=]*\)='` + ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` + ac_shift=: + ;; + -*) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + *) # This is not an option, so the user has probably given explicit + # arguments. + ac_option=$1 + ac_need_defaults=false;; + esac + + case $ac_option in + # Handling of the options. +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --vers* | -V ) + echo "$ac_cs_version"; exit 0 ;; + --he | --h) + # Conflict between --help and --header + { { echo "$as_me:$LINENO: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; };; + --help | --hel | -h ) + echo "$ac_cs_usage"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + CONFIG_FILES="$CONFIG_FILES $ac_optarg" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" + ac_need_defaults=false;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; } ;; + + *) ac_config_targets="$ac_config_targets $1" ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF +if \$ac_cs_recheck; then + echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 + exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion +fi + +_ACEOF + + + + + +cat >>$CONFIG_STATUS <<\_ACEOF +for ac_config_target in $ac_config_targets +do + case "$ac_config_target" in + # Handling of arguments. + "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "crypto/Makefile" ) CONFIG_FILES="$CONFIG_FILES crypto/Makefile" ;; + "doc/Makefile" ) CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; + "crypto/include/config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS crypto/include/config.h:config_in.h" ;; + *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 +echo "$as_me: error: invalid argument: $ac_config_target" >&2;} + { (exit 1); exit 1; }; };; + esac +done + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason to put it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Create a temporary directory, and hook for its removal unless debugging. +$debug || +{ + trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 + trap '{ (exit 1); exit 1; }' 1 2 13 15 +} + +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" +} || +{ + tmp=./confstat$$-$RANDOM + (umask 077 && mkdir $tmp) +} || +{ + echo "$me: cannot create a temporary directory in ." >&2 + { (exit 1); exit 1; } +} + +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF + +# +# CONFIG_FILES section. +# + +# No need to generate the scripts if there are no CONFIG_FILES. +# This happens for instance when ./config.status config.h +if test -n "\$CONFIG_FILES"; then + # Protect against being on the right side of a sed subst in config.status. + sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g; + s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF +s,@SHELL@,$SHELL,;t t +s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t +s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t +s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t +s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t +s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t +s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t +s,@exec_prefix@,$exec_prefix,;t t +s,@prefix@,$prefix,;t t +s,@program_transform_name@,$program_transform_name,;t t +s,@bindir@,$bindir,;t t +s,@sbindir@,$sbindir,;t t +s,@libexecdir@,$libexecdir,;t t +s,@datadir@,$datadir,;t t +s,@sysconfdir@,$sysconfdir,;t t +s,@sharedstatedir@,$sharedstatedir,;t t +s,@localstatedir@,$localstatedir,;t t +s,@libdir@,$libdir,;t t +s,@includedir@,$includedir,;t t +s,@oldincludedir@,$oldincludedir,;t t +s,@infodir@,$infodir,;t t +s,@mandir@,$mandir,;t t +s,@build_alias@,$build_alias,;t t +s,@host_alias@,$host_alias,;t t +s,@target_alias@,$target_alias,;t t +s,@DEFS@,$DEFS,;t t +s,@ECHO_C@,$ECHO_C,;t t +s,@ECHO_N@,$ECHO_N,;t t +s,@ECHO_T@,$ECHO_T,;t t +s,@LIBS@,$LIBS,;t t +s,@RANLIB@,$RANLIB,;t t +s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t +s,@CC@,$CC,;t t +s,@CFLAGS@,$CFLAGS,;t t +s,@LDFLAGS@,$LDFLAGS,;t t +s,@CPPFLAGS@,$CPPFLAGS,;t t +s,@ac_ct_CC@,$ac_ct_CC,;t t +s,@EXEEXT@,$EXEEXT,;t t +s,@OBJEXT@,$OBJEXT,;t t +s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t +s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t +s,@INSTALL_DATA@,$INSTALL_DATA,;t t +s,@RNG_OBJS@,$RNG_OBJS,;t t +s,@CPP@,$CPP,;t t +s,@EGREP@,$EGREP,;t t +s,@build@,$build,;t t +s,@build_cpu@,$build_cpu,;t t +s,@build_vendor@,$build_vendor,;t t +s,@build_os@,$build_os,;t t +s,@host@,$host,;t t +s,@host_cpu@,$host_cpu,;t t +s,@host_vendor@,$host_vendor,;t t +s,@host_os@,$host_os,;t t +s,@EXE@,$EXE,;t t +s,@GDOI_OBJS@,$GDOI_OBJS,;t t +s,@LIBOBJS@,$LIBOBJS,;t t +s,@LTLIBOBJS@,$LTLIBOBJS,;t t +CEOF + +_ACEOF + + cat >>$CONFIG_STATUS <<\_ACEOF + # Split the substitutions into bite-sized pieces for seds with + # small command number limits, like on Digital OSF/1 and HP-UX. + ac_max_sed_lines=48 + ac_sed_frag=1 # Number of current file. + ac_beg=1 # First line for current file. + ac_end=$ac_max_sed_lines # Line after last line for current file. + ac_more_lines=: + ac_sed_cmds= + while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + else + sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + fi + if test ! -s $tmp/subs.frag; then + ac_more_lines=false + else + # The purpose of the label and of the branching condition is to + # speed up the sed processing (if there are no `@' at all, there + # is no need to browse any of the substitutions). + # These are the two extra sed commands mentioned above. + (echo ':t + /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" + else + ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" + fi + ac_sed_frag=`expr $ac_sed_frag + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_lines` + fi + done + if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat + fi +fi # test -n "$CONFIG_FILES" + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. + ac_dir=`(dirname "$ac_file") 2>/dev/null || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_builddir$INSTALL ;; + esac + + if test x"$ac_file" != x-; then + { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + rm -f "$ac_file" + fi + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + configure_input= + else + configure_input="$ac_file. " + fi + configure_input=$configure_input"Generated from `echo $ac_file_in | + sed 's,.*/,,'` by configure." + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF + sed "$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s,@configure_input@,$configure_input,;t t +s,@srcdir@,$ac_srcdir,;t t +s,@abs_srcdir@,$ac_abs_srcdir,;t t +s,@top_srcdir@,$ac_top_srcdir,;t t +s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t +s,@builddir@,$ac_builddir,;t t +s,@abs_builddir@,$ac_abs_builddir,;t t +s,@top_builddir@,$ac_top_builddir,;t t +s,@abs_top_builddir@,$ac_abs_top_builddir,;t t +s,@INSTALL@,$ac_INSTALL,;t t +" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out + rm -f $tmp/stdin + if test x"$ac_file" != x-; then + mv $tmp/out $ac_file + else + cat $tmp/out + rm -f $tmp/out + fi + +done +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + +# +# CONFIG_HEADER section. +# + +# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where +# NAME is the cpp macro being defined and VALUE is the value it is being given. +# +# ac_d sets the value in "#define NAME VALUE" lines. +ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)' +ac_dB='[ ].*$,\1#\2' +ac_dC=' ' +ac_dD=',;t' +# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE". +ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_uB='$,\1#\2define\3' +ac_uC=' ' +ac_uD=',;t' + +for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac + + test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + # Do quote $f, to prevent DOS paths from being IFS'd. + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } + # Remove the trailing spaces. + sed 's/[ ]*$//' $ac_file_inputs >$tmp/in + +_ACEOF + +# Transform confdefs.h into two sed scripts, `conftest.defines' and +# `conftest.undefs', that substitutes the proper values into +# config.h.in to produce config.h. The first handles `#define' +# templates, and the second `#undef' templates. +# And first: Protect against being on the right side of a sed subst in +# config.status. Protect against being in an unquoted here document +# in config.status. +rm -f conftest.defines conftest.undefs +# Using a here document instead of a string reduces the quoting nightmare. +# Putting comments in sed scripts is not portable. +# +# `end' is used to avoid that the second main sed command (meant for +# 0-ary CPP macros) applies to n-ary macro definitions. +# See the Autoconf documentation for `clear'. +cat >confdef2sed.sed <<\_ACEOF +s/[\\&,]/\\&/g +s,[\\$`],\\&,g +t clear +: clear +s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp +t end +s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp +: end +_ACEOF +# If some macros were called several times there might be several times +# the same #defines, which is useless. Nevertheless, we may not want to +# sort them, since we want the *last* AC-DEFINE to be honored. +uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines +sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs +rm -f confdef2sed.sed + +# This sed command replaces #undef with comments. This is necessary, for +# example, in the case of _POSIX_SOURCE, which is predefined and required +# on some systems where configure will not decide to define it. +cat >>conftest.undefs <<\_ACEOF +s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */, +_ACEOF + +# Break up conftest.defines because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS +echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS +echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS +echo ' :' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.defines >/dev/null +do + # Write a limited-size here document to $tmp/defines.sed. + echo ' cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS + # Speed up: don't consider the non `#define' lines. + echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/defines.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail + rm -f conftest.defines + mv conftest.tail conftest.defines +done +rm -f conftest.defines +echo ' fi # grep' >>$CONFIG_STATUS +echo >>$CONFIG_STATUS + +# Break up conftest.undefs because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #undef templates' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.undefs >/dev/null +do + # Write a limited-size here document to $tmp/undefs.sed. + echo ' cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS + # Speed up: don't consider the non `#undef' + echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/undefs.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail + rm -f conftest.undefs + mv conftest.tail conftest.undefs +done +rm -f conftest.undefs + +cat >>$CONFIG_STATUS <<\_ACEOF + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + echo "/* Generated by configure. */" >$tmp/config.h + else + echo "/* $ac_file. Generated by configure. */" >$tmp/config.h + fi + cat $tmp/in >>$tmp/config.h + rm -f $tmp/in + if test x"$ac_file" != x-; then + if diff $ac_file $tmp/config.h >/dev/null 2>&1; then + { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 +echo "$as_me: $ac_file is unchanged" >&6;} + else + ac_dir=`(dirname "$ac_file") 2>/dev/null || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + rm -f $ac_file + mv $tmp/config.h $ac_file + fi + else + cat $tmp/config.h + rm -f $tmp/config.h + fi +done +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF + +{ (exit 0); exit 0; } +_ACEOF +chmod +x $CONFIG_STATUS +ac_clean_files=$ac_clean_files_save + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || { (exit 1); exit 1; } +fi + + +# This is needed when building outside the source dir. +{ if $as_mkdir_p; then + mkdir -p crypto/ae_xfm + else + as_dir=crypto/ae_xfm + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/ae_xfm" >&5 +echo "$as_me: error: cannot create directory crypto/ae_xfm" >&2;} + { (exit 1); exit 1; }; }; } + +{ if $as_mkdir_p; then + mkdir -p crypto/cipher + else + as_dir=crypto/cipher + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/cipher" >&5 +echo "$as_me: error: cannot create directory crypto/cipher" >&2;} + { (exit 1); exit 1; }; }; } + +{ if $as_mkdir_p; then + mkdir -p crypto/hash + else + as_dir=crypto/hash + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/hash" >&5 +echo "$as_me: error: cannot create directory crypto/hash" >&2;} + { (exit 1); exit 1; }; }; } + +{ if $as_mkdir_p; then + mkdir -p crypto/kernel + else + as_dir=crypto/kernel + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/kernel" >&5 +echo "$as_me: error: cannot create directory crypto/kernel" >&2;} + { (exit 1); exit 1; }; }; } + +{ if $as_mkdir_p; then + mkdir -p crypto/math + else + as_dir=crypto/math + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/math" >&5 +echo "$as_me: error: cannot create directory crypto/math" >&2;} + { (exit 1); exit 1; }; }; } + +{ if $as_mkdir_p; then + mkdir -p crypto/replay + else + as_dir=crypto/replay + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/replay" >&5 +echo "$as_me: error: cannot create directory crypto/replay" >&2;} + { (exit 1); exit 1; }; }; } + +{ if $as_mkdir_p; then + mkdir -p crypto/rng + else + as_dir=crypto/rng + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/rng" >&5 +echo "$as_me: error: cannot create directory crypto/rng" >&2;} + { (exit 1); exit 1; }; }; } + +{ if $as_mkdir_p; then + mkdir -p crypto/test + else + as_dir=crypto/test + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory crypto/test" >&5 +echo "$as_me: error: cannot create directory crypto/test" >&2;} + { (exit 1); exit 1; }; }; } + +{ if $as_mkdir_p; then + mkdir -p doc + else + as_dir=doc + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory doc" >&5 +echo "$as_me: error: cannot create directory doc" >&2;} + { (exit 1); exit 1; }; }; } + +{ if $as_mkdir_p; then + mkdir -p srtp + else + as_dir=srtp + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory srtp" >&5 +echo "$as_me: error: cannot create directory srtp" >&2;} + { (exit 1); exit 1; }; }; } + +{ if $as_mkdir_p; then + mkdir -p tables + else + as_dir=tables + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory tables" >&5 +echo "$as_me: error: cannot create directory tables" >&2;} + { (exit 1); exit 1; }; }; } + +{ if $as_mkdir_p; then + mkdir -p test + else + as_dir=test + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory test" >&5 +echo "$as_me: error: cannot create directory test" >&2;} + { (exit 1); exit 1; }; }; } + diff --git a/third_party/srtp/configure.in b/third_party/srtp/configure.in new file mode 100644 index 0000000..49aaf8e --- /dev/null +++ b/third_party/srtp/configure.in @@ -0,0 +1,206 @@ +dnl Process this file with autoconf to produce a configure script. +AC_INIT(srtp) + +dnl Must come before AC_PROG_CC +if test -z "$CFLAGS"; then + dnl Default value for CFLAGS if not specified. + CFLAGS="-Wall -O4 -fexpensive-optimizations -funroll-loops" +fi + +dnl Checks for programs. +AC_PROG_RANLIB +AC_PROG_CC +AC_PROG_INSTALL + + +AC_ARG_ENABLE(kernel-linux, + [AS_HELP_STRING([--enable-kernel-linux], + [build library to run in Linux kernel context])], + [], enable_kernel_linux=no) +AC_MSG_CHECKING(whether to build for Linux kernel context) +if test "$enable_kernel_linux" = "yes"; then + AC_DEFINE(SRTP_KERNEL, 1, + [Define to compile for kernel contexts.]) + AC_DEFINE(SRTP_KERNEL_LINUX, 1, + [Define to compile for Linux kernel context.]) +fi +AC_MSG_RESULT($enable_kernel_linux) + +if test "$cross_compiling" != yes; then + dnl Check for /dev/urandom + AC_CHECK_FILE(/dev/urandom, DEV_URANDOM=/dev/urandom, + [AC_CHECK_FILE(/dev/random, DEV_URANDOM=/dev/random)]) +fi + +AC_MSG_CHECKING(which random device to use) +if test "$enable_kernel_linux" = "yes"; then + RNG_OBJS=rand_linux_kernel.o + AC_MSG_RESULT([Linux kernel builtin]) +else + RNG_OBJS=rand_source.o + if test -n "$DEV_URANDOM"; then + AC_DEFINE_UNQUOTED(DEV_URANDOM, "$DEV_URANDOM",[Path to random device]) + AC_MSG_RESULT([$DEV_URANDOM]) + else + AC_MSG_RESULT([standard rand() function...]) + fi +fi +AC_SUBST(RNG_OBJS) + + +dnl Checks for header files. +AC_HEADER_STDC +AC_CHECK_HEADERS(stdlib.h) +AC_CHECK_HEADERS(unistd.h) +AC_CHECK_HEADERS(byteswap.h) +AC_CHECK_HEADERS(stdint.h) +AC_CHECK_HEADERS(sys/uio.h) +AC_CHECK_HEADERS(inttypes.h) +AC_CHECK_HEADERS(sys/types.h) +AC_CHECK_HEADERS(machine/types.h) +AC_CHECK_HEADERS(sys/int_types.h) + +dnl socket() and friends +AC_CHECK_HEADERS(sys/socket.h netinet/in.h arpa/inet.h) +AC_CHECK_HEADERS(windows.h, [AC_CHECK_HEADERS(winsock2.h)]) + +AC_CHECK_HEADERS(syslog.h) + +AC_CHECK_TYPES([int8_t,uint8_t,int16_t,uint16_t,int32_t,uint32_t,uint64_t]) +AC_CHECK_SIZEOF(unsigned long) +AC_CHECK_SIZEOF(unsigned long long) + +dnl Checks for typedefs, structures, and compiler characteristics. +AC_C_CONST +AC_C_INLINE +AC_TYPE_SIZE_T + +dnl Checks for library functions. +AC_CHECK_FUNCS(socket inet_aton usleep) + +dnl Find socket function if not found yet. +if test "x$ac_cv_func_socket" = "xno"; then + AC_CHECK_LIB(socket, socket) + AC_MSG_CHECKING([for socket in -lwsock32]) + SAVELIBS="$LIBS" + LIBS="$LIBS -lwsock32" + AC_TRY_LINK([ +#include <winsock2.h> +],[ +socket(0, 0, 0); +], + ac_cv_func_socket=yes + AC_MSG_RESULT(yes), + LIBS="$SAVELIBS" + AC_MSG_RESULT(no)) +fi + +dnl Check the byte order +AC_C_BIGENDIAN + +AC_CANONICAL_HOST + +dnl check host_cpu type, set defines appropriately +case $host_cpu in + i*86 ) + AC_DEFINE(CPU_CISC, 1, + [Define if building for a CISC machine (e.g. Intel).]) + AC_DEFINE(HAVE_X86, 1, + [Define to use X86 inlined assembly code]);; + * ) + # CPU_RISC is only supported for big endian machines. + if test "$ac_cv_c_bigendian" = "yes"; then + AC_DEFINE(CPU_RISC, 1, + [Define if building for a RISC machine (assume slow byte access).]) + else + AC_DEFINE(CPU_CISC, 1) + fi + ;; +esac + +dnl Check if we're on a Windows platform. +case $host_os in + *cygwin*|*mingw* ) + EXE=.exe;; + * ) EXE="";; +esac + +AC_SUBST(EXE) # define executable suffix; this is needed for `make clean' + +AC_MSG_CHECKING(whether to compile in debugging) +AC_ARG_ENABLE(debug, + [AS_HELP_STRING([--disable-debug], + [do not compile in dynamic debugging system])], + [], enable_debug=yes) +if test "$enable_debug" = "yes"; then + AC_DEFINE(ENABLE_DEBUGGING, 1, + [Define to compile in dynamic debugging system.]) +fi +AC_MSG_RESULT($enable_debug) + +AC_MSG_CHECKING(whether to use ISMAcryp code) +AC_ARG_ENABLE(generic-aesicm, + [AS_HELP_STRING([--enable-generic-aesicm], + [compile in changes for ISMAcryp])], + [], enable_generic_aesicm=no) +if test "$enable_generic_aesicm" = "yes"; then + AC_DEFINE(GENERIC_AESICM, 1, [Define this to use ISMAcryp code.]) +fi +AC_MSG_RESULT($enable_generic_aesicm) + +AC_MSG_CHECKING(whether to use syslog for error reporting) +AC_ARG_ENABLE(syslog, + [AS_HELP_STRING([--enable-syslog], [use syslog for error reporting])], + [], enable_syslog=no) +if test "$enable_syslog" = "yes"; then + AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog logging.]) +fi +AC_MSG_RESULT($enable_syslog) + +AC_MSG_CHECKING(whether to use stdout for error reporting) +AC_ARG_ENABLE(stdout, + [AS_HELP_STRING([--disable-stdout], [don't use stdout for error reporting])], + [], enable_stdout=yes) +if test "$enable_stdout" = "yes"; then + AC_DEFINE(ERR_REPORTING_STDOUT, 1, [Define to use logging to stdout.]) +fi +AC_MSG_RESULT($enable_stdout) + +AC_MSG_CHECKING(whether to use /dev/console for error reporting) +AC_ARG_ENABLE(console, + [AS_HELP_STRING([--enable-console], [use /dev/console for error reporting])], + [], enable_console=no) +if test "$enable_console" = "yes"; then + AC_DEFINE(USE_ERR_REPORTING_FILE, 1, [Write errors to this file]) + AC_DEFINE(ERR_REPORTING_FILE, "/dev/console", [Report errors to this file.]) +fi +AC_MSG_RESULT($enable_console) + +AC_MSG_CHECKING(whether to use GDOI key management) +AC_ARG_ENABLE(gdoi, + [AS_HELP_STRING([--enable-gdoi], [enable GDOI key management])], + [], enable_gdoi=no) +if test "$enable_gdoi" = "yes"; then + AC_DEFINE(SRTP_GDOI, 1, [Define to use GDOI.]) + GDOI_OBJS=gdoi/srtp+gdoi.o + AC_SUBST(GDOI_OBJS) +fi +AC_MSG_RESULT($enable_gdoi) + +AC_CONFIG_HEADER(crypto/include/config.h:config_in.h) + +AC_OUTPUT(Makefile crypto/Makefile doc/Makefile) + +# This is needed when building outside the source dir. +AS_MKDIR_P(crypto/ae_xfm) +AS_MKDIR_P(crypto/cipher) +AS_MKDIR_P(crypto/hash) +AS_MKDIR_P(crypto/kernel) +AS_MKDIR_P(crypto/math) +AS_MKDIR_P(crypto/replay) +AS_MKDIR_P(crypto/rng) +AS_MKDIR_P(crypto/test) +AS_MKDIR_P(doc) +AS_MKDIR_P(srtp) +AS_MKDIR_P(tables) +AS_MKDIR_P(test) diff --git a/third_party/srtp/crypto/Makefile b/third_party/srtp/crypto/Makefile new file mode 100644 index 0000000..d7ac61f --- /dev/null +++ b/third_party/srtp/crypto/Makefile @@ -0,0 +1,130 @@ +# Makefile for libcryptomodule.a +# +# David A. McGrew +# Cisco Systems, Inc. + +srcdir = . +top_srcdir = .. +top_builddir = ../ + + +CC = gcc +INCDIR = -Iinclude -I$(srcdir)/include +DEFS = -DHAVE_CONFIG_H +CPPFLAGS= +CFLAGS = -Wall -O4 -fexpensive-optimizations -funroll-loops +LIBS = +LDFLAGS = -L. +COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS) +CRYPTOLIB = -lcryptomodule + +RANLIB = ranlib + +# EXE defines the suffix on executables - it's .exe for cygwin, and +# null on linux, bsd, and OS X and other OSes. we define this so that +# `make clean` will work on the cygwin platform +EXE = +# Random source. +RNG_OBJS = rand_source.o + +ifdef ARCH + DEFS += -D$(ARCH)=1 +endif + +ifdef sysname + DEFS += -D$(sysname)=1 +endif + +.PHONY: dummy all runtest clean superclean + +dummy : all runtest + +# test applications + +testapp = test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \ + test/stat_driver$(EXE) test/sha1_driver$(EXE) \ + test/kernel_driver$(EXE) test/aes_calc$(EXE) test/rand_gen$(EXE) \ + test/env$(EXE) + +# data values used to test the aes_calc application + +k=000102030405060708090a0b0c0d0e0f +p=00112233445566778899aabbccddeeff +c=69c4e0d86a7b0430d8cdb78070b4c55a + +runtest: libcryptomodule.a $(testapp) + test/env$(EXE) # print out information on the build environment + @echo "running libcryptomodule test applications..." + test `test/aes_calc $k $p` = $c + test/cipher_driver$(EXE) -v >/dev/null + test/datatypes_driver$(EXE) -v >/dev/null + test/stat_driver$(EXE) >/dev/null + test/sha1_driver$(EXE) -v >/dev/null + test/kernel_driver$(EXE) -v >/dev/null + test/rand_gen$(EXE) -n 256 >/dev/null + @echo "libcryptomodule test applications passed." + +# libcryptomodule.a (the crypto engine) + +ciphers = cipher/cipher.o cipher/null_cipher.o \ + cipher/aes.o cipher/aes_icm.o \ + cipher/aes_cbc.o + +hashes = hash/null_auth.o hash/sha1.o \ + hash/hmac.o hash/auth.o + +math = math/datatypes.o math/stat.o + +rng = rng/$(RNG_OBJS) rng/rand_source.o rng/prng.o rng/ctr_prng.o + +err = kernel/err.o + +kernel = kernel/crypto_kernel.o kernel/alloc.o \ + kernel/key.o $(rng) $(err) + +xfm = ae_xfm/xfm.o + +cryptobj = $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(xfm) + +# the rule for making object files and test apps + +%.o: %.c + $(COMPILE) -c $< -o $@ + +%$(EXE): %.c libcryptomodule.a + $(COMPILE) $(LDFLAGS) $< -o $@ $(CRYPTOLIB) $(LIBS) + +ifndef AR + AR=ar +endif + +# and the crypto module library itself + +libcryptomodule.a: $(cryptobj) + $(AR) cr libcryptomodule.a $(cryptobj) + $(RANLIB) libcryptomodule.a + +all: libcryptomodule.a $(testapp) + +# housekeeping functions + +clean: + rm -f libcryptomodule.a + rm -f $(testapp) *.o */*.o + for a in * .* */*; do if [ -f "$$a~" ] ; then rm $$a~; fi; done; + rm -f `find . -name "*.[ch]~*~"` + rm -rf latex + +superclean: clean + rm -f *core TAGS ktrace.out + + +# the target 'package' builds a compressed tar archive of the source code + +distname = crypto-$(shell cat VERSION) + +package: superclean + cd ..; tar cvzf $(distname).tgz crypto/ + + +# EOF diff --git a/third_party/srtp/crypto/Makefile.in b/third_party/srtp/crypto/Makefile.in new file mode 100644 index 0000000..c14dba5 --- /dev/null +++ b/third_party/srtp/crypto/Makefile.in @@ -0,0 +1,130 @@ +# Makefile for libcryptomodule.a +# +# David A. McGrew +# Cisco Systems, Inc. + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +top_builddir = @top_builddir@ +VPATH = @srcdir@ + +CC = @CC@ +INCDIR = -Iinclude -I$(srcdir)/include +DEFS = @DEFS@ +CPPFLAGS= @CPPFLAGS@ +CFLAGS = @CFLAGS@ +LIBS = @LIBS@ +LDFLAGS = @LDFLAGS@ -L. +COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS) +CRYPTOLIB = -lcryptomodule + +RANLIB = @RANLIB@ + +# EXE defines the suffix on executables - it's .exe for cygwin, and +# null on linux, bsd, and OS X and other OSes. we define this so that +# `make clean` will work on the cygwin platform +EXE = @EXE@ +# Random source. +RNG_OBJS = @RNG_OBJS@ + +ifdef ARCH + DEFS += -D$(ARCH)=1 +endif + +ifdef sysname + DEFS += -D$(sysname)=1 +endif + +.PHONY: dummy all runtest clean superclean + +dummy : all runtest + +# test applications + +testapp = test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \ + test/stat_driver$(EXE) test/sha1_driver$(EXE) \ + test/kernel_driver$(EXE) test/aes_calc$(EXE) test/rand_gen$(EXE) \ + test/env$(EXE) + +# data values used to test the aes_calc application + +k=000102030405060708090a0b0c0d0e0f +p=00112233445566778899aabbccddeeff +c=69c4e0d86a7b0430d8cdb78070b4c55a + +runtest: libcryptomodule.a $(testapp) + test/env$(EXE) # print out information on the build environment + @echo "running libcryptomodule test applications..." + test `test/aes_calc $k $p` = $c + test/cipher_driver$(EXE) -v >/dev/null + test/datatypes_driver$(EXE) -v >/dev/null + test/stat_driver$(EXE) >/dev/null + test/sha1_driver$(EXE) -v >/dev/null + test/kernel_driver$(EXE) -v >/dev/null + test/rand_gen$(EXE) -n 256 >/dev/null + @echo "libcryptomodule test applications passed." + +# libcryptomodule.a (the crypto engine) + +ciphers = cipher/cipher.o cipher/null_cipher.o \ + cipher/aes.o cipher/aes_icm.o \ + cipher/aes_cbc.o + +hashes = hash/null_auth.o hash/sha1.o \ + hash/hmac.o hash/auth.o + +math = math/datatypes.o math/stat.o + +rng = rng/$(RNG_OBJS) rng/rand_source.o rng/prng.o rng/ctr_prng.o + +err = kernel/err.o + +kernel = kernel/crypto_kernel.o kernel/alloc.o \ + kernel/key.o $(rng) $(err) + +xfm = ae_xfm/xfm.o + +cryptobj = $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(xfm) + +# the rule for making object files and test apps + +%.o: %.c + $(COMPILE) -c $< -o $@ + +%$(EXE): %.c libcryptomodule.a + $(COMPILE) $(LDFLAGS) $< -o $@ $(CRYPTOLIB) $(LIBS) + +ifndef AR + AR=ar +endif + +# and the crypto module library itself + +libcryptomodule.a: $(cryptobj) + $(AR) cr libcryptomodule.a $(cryptobj) + $(RANLIB) libcryptomodule.a + +all: libcryptomodule.a $(testapp) + +# housekeeping functions + +clean: + rm -f libcryptomodule.a + rm -f $(testapp) *.o */*.o + for a in * .* */*; do if [ -f "$$a~" ] ; then rm $$a~; fi; done; + rm -f `find . -name "*.[ch]~*~"` + rm -rf latex + +superclean: clean + rm -f *core TAGS ktrace.out + + +# the target 'package' builds a compressed tar archive of the source code + +distname = crypto-$(shell cat VERSION) + +package: superclean + cd ..; tar cvzf $(distname).tgz crypto/ + + +# EOF diff --git a/third_party/srtp/crypto/VERSION b/third_party/srtp/crypto/VERSION new file mode 100644 index 0000000..3eefcb9 --- /dev/null +++ b/third_party/srtp/crypto/VERSION @@ -0,0 +1 @@ +1.0.0 diff --git a/third_party/srtp/crypto/ae_xfm/xfm.c b/third_party/srtp/crypto/ae_xfm/xfm.c new file mode 100644 index 0000000..0655aca --- /dev/null +++ b/third_party/srtp/crypto/ae_xfm/xfm.c @@ -0,0 +1,573 @@ +/* + * xfm.c + * + * Crypto transform implementation + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +#include "cryptoalg.h" +#include "aes_cbc.h" +#include "hmac.h" +#include "crypto_kernel.h" /* for crypto_get_random() */ + +#define KEY_LEN 16 +#define ENC_KEY_LEN 16 +#define MAC_KEY_LEN 16 +#define IV_LEN 16 +#define TAG_LEN 12 +#define MAX_EXPAND 27 + +err_status_t +aes_128_cbc_hmac_sha1_96_func(void *key, + void *clear, + unsigned clear_len, + void *iv, + void *opaque, + unsigned *opaque_len, + void *auth_tag) { + aes_cbc_ctx_t aes_ctx; + hmac_ctx_t hmac_ctx; + unsigned char enc_key[ENC_KEY_LEN]; + unsigned char mac_key[MAC_KEY_LEN]; + err_status_t status; + + /* check if we're doing authentication only */ + if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) { + + /* perform authentication only */ + + } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { + + /* + * bad parameter - we expect either all three pointers to be NULL, + * or none of those pointers to be NULL + */ + return err_status_fail; + + } else { + + /* derive encryption and authentication keys from the input key */ + status = hmac_init(&hmac_ctx, key, KEY_LEN); + if (status) return status; + status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key); + if (status) return status; + + status = hmac_init(&hmac_ctx, key, KEY_LEN); + if (status) return status; + status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key); + if (status) return status; + + + /* perform encryption and authentication */ + + /* set aes key */ + status = aes_cbc_context_init(&aes_ctx, key, direction_encrypt); + if (status) return status; + + /* set iv */ + status = crypto_get_random(iv, IV_LEN); + if (status) return status; + status = aes_cbc_set_iv(&aes_ctx, iv); + + /* encrypt the opaque data */ + status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len); + if (status) return status; + + /* authenticate clear and opaque data */ + status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN); + if (status) return status; + + status = hmac_start(&hmac_ctx); + if (status) return status; + + status = hmac_update(&hmac_ctx, clear, clear_len); + if (status) return status; + + status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag); + if (status) return status; + + } + + return err_status_ok; +} + +err_status_t +aes_128_cbc_hmac_sha1_96_inv(void *key, + void *clear, + unsigned clear_len, + void *iv, + void *opaque, + unsigned *opaque_len, + void *auth_tag) { + aes_cbc_ctx_t aes_ctx; + hmac_ctx_t hmac_ctx; + unsigned char enc_key[ENC_KEY_LEN]; + unsigned char mac_key[MAC_KEY_LEN]; + unsigned char tmp_tag[TAG_LEN]; + unsigned char *tag = auth_tag; + err_status_t status; + int i; + + /* check if we're doing authentication only */ + if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) { + + /* perform authentication only */ + + } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { + + /* + * bad parameter - we expect either all three pointers to be NULL, + * or none of those pointers to be NULL + */ + return err_status_fail; + + } else { + + /* derive encryption and authentication keys from the input key */ + status = hmac_init(&hmac_ctx, key, KEY_LEN); + if (status) return status; + status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key); + if (status) return status; + + status = hmac_init(&hmac_ctx, key, KEY_LEN); + if (status) return status; + status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key); + if (status) return status; + + /* perform encryption and authentication */ + + /* set aes key */ + status = aes_cbc_context_init(&aes_ctx, key, direction_decrypt); + if (status) return status; + + /* set iv */ + status = rand_source_get_octet_string(iv, IV_LEN); + if (status) return status; + status = aes_cbc_set_iv(&aes_ctx, iv); + + /* encrypt the opaque data */ + status = aes_cbc_nist_decrypt(&aes_ctx, opaque, opaque_len); + if (status) return status; + + /* authenticate clear and opaque data */ + status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN); + if (status) return status; + + status = hmac_start(&hmac_ctx); + if (status) return status; + + status = hmac_update(&hmac_ctx, clear, clear_len); + if (status) return status; + + status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, tmp_tag); + if (status) return status; + + /* compare the computed tag with the one provided as input */ + for (i=0; i < TAG_LEN; i++) + if (tmp_tag[i] != tag[i]) + return err_status_auth_fail; + + } + + return err_status_ok; +} + + +#define ENC 1 +
+// eVC4 declares DEBUG
+#undef DEBUG
+ +#define DEBUG 0 + +err_status_t +aes_128_cbc_hmac_sha1_96_enc(void *key, + const void *clear, + unsigned clear_len, + void *iv, + void *opaque, + unsigned *opaque_len) { + aes_cbc_ctx_t aes_ctx; + hmac_ctx_t hmac_ctx; + unsigned char enc_key[ENC_KEY_LEN]; + unsigned char mac_key[MAC_KEY_LEN]; + unsigned char *auth_tag; + err_status_t status; + + /* check if we're doing authentication only */ + if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) { + + /* perform authentication only */ + + } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { + + /* + * bad parameter - we expect either all three pointers to be NULL, + * or none of those pointers to be NULL + */ + return err_status_fail; + + } else { + +#if DEBUG + printf("ENC using key %s\n", octet_string_hex_string(key, KEY_LEN)); +#endif + + /* derive encryption and authentication keys from the input key */ + status = hmac_init(&hmac_ctx, key, KEY_LEN); + if (status) return status; + status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key); + if (status) return status; + + status = hmac_init(&hmac_ctx, key, KEY_LEN); + if (status) return status; + status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key); + if (status) return status; + + + /* perform encryption and authentication */ + + /* set aes key */ + status = aes_cbc_context_init(&aes_ctx, key, direction_encrypt); + if (status) return status; + + /* set iv */ + status = rand_source_get_octet_string(iv, IV_LEN); + if (status) return status; + status = aes_cbc_set_iv(&aes_ctx, iv); + if (status) return status; + +#if DEBUG + printf("plaintext len: %d\n", *opaque_len); + printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN)); + printf("plaintext: %s\n", octet_string_hex_string(opaque, *opaque_len)); +#endif + +#if ENC + /* encrypt the opaque data */ + status = aes_cbc_nist_encrypt(&aes_ctx, opaque, opaque_len); + if (status) return status; +#endif + +#if DEBUG + printf("ciphertext len: %d\n", *opaque_len); + printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len)); +#endif + + /* + * authenticate clear and opaque data, then write the + * authentication tag to the location immediately following the + * ciphertext + */ + status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN); + if (status) return status; + + status = hmac_start(&hmac_ctx); + if (status) return status; + + status = hmac_update(&hmac_ctx, clear, clear_len); + if (status) return status; +#if DEBUG + printf("hmac input: %s\n", + octet_string_hex_string(clear, clear_len)); +#endif + auth_tag = (unsigned char *)opaque; + auth_tag += *opaque_len; + status = hmac_compute(&hmac_ctx, opaque, *opaque_len, TAG_LEN, auth_tag); + if (status) return status; +#if DEBUG + printf("hmac input: %s\n", + octet_string_hex_string(opaque, *opaque_len)); +#endif + /* bump up the opaque_len to reflect the authentication tag */ + *opaque_len += TAG_LEN; + +#if DEBUG + printf("prot data len: %d\n", *opaque_len); + printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len)); +#endif + } + + return err_status_ok; +} + +err_status_t +aes_128_cbc_hmac_sha1_96_dec(void *key, + const void *clear, + unsigned clear_len, + void *iv, + void *opaque, + unsigned *opaque_len) { + aes_cbc_ctx_t aes_ctx; + hmac_ctx_t hmac_ctx; + unsigned char enc_key[ENC_KEY_LEN]; + unsigned char mac_key[MAC_KEY_LEN]; + unsigned char tmp_tag[TAG_LEN]; + unsigned char *auth_tag; + unsigned ciphertext_len; + err_status_t status; + int i; + + /* check if we're doing authentication only */ + if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) { + + /* perform authentication only */ + + } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { + + /* + * bad parameter - we expect either all three pointers to be NULL, + * or none of those pointers to be NULL + */ + return err_status_fail; + + } else { +#if DEBUG + printf("DEC using key %s\n", octet_string_hex_string(key, KEY_LEN)); +#endif + + /* derive encryption and authentication keys from the input key */ + status = hmac_init(&hmac_ctx, key, KEY_LEN); + if (status) return status; + status = hmac_compute(&hmac_ctx, "ENC", 3, ENC_KEY_LEN, enc_key); + if (status) return status; + + status = hmac_init(&hmac_ctx, key, KEY_LEN); + if (status) return status; + status = hmac_compute(&hmac_ctx, "MAC", 3, MAC_KEY_LEN, mac_key); + if (status) return status; + +#if DEBUG + printf("prot data len: %d\n", *opaque_len); + printf("prot data: %s\n", octet_string_hex_string(opaque, *opaque_len)); +#endif + + /* + * set the protected data length to that of the ciphertext, by + * subtracting out the length of the authentication tag + */ + ciphertext_len = *opaque_len - TAG_LEN; + +#if DEBUG + printf("ciphertext len: %d\n", ciphertext_len); +#endif + /* verify the authentication tag */ + + /* + * compute the authentication tag for the clear and opaque data, + * and write it to a temporary location + */ + status = hmac_init(&hmac_ctx, mac_key, MAC_KEY_LEN); + if (status) return status; + + status = hmac_start(&hmac_ctx); + if (status) return status; + + status = hmac_update(&hmac_ctx, clear, clear_len); + if (status) return status; + +#if DEBUG + printf("hmac input: %s\n", + octet_string_hex_string(clear, clear_len)); +#endif + + status = hmac_compute(&hmac_ctx, opaque, ciphertext_len, TAG_LEN, tmp_tag); + if (status) return status; + +#if DEBUG + printf("hmac input: %s\n", + octet_string_hex_string(opaque, ciphertext_len)); +#endif + + /* + * compare the computed tag with the one provided as input (which + * immediately follows the ciphertext) + */ + auth_tag = (unsigned char *)opaque; + auth_tag += ciphertext_len; +#if DEBUG + printf("auth_tag: %s\n", octet_string_hex_string(auth_tag, TAG_LEN)); + printf("tmp_tag: %s\n", octet_string_hex_string(tmp_tag, TAG_LEN)); +#endif + for (i=0; i < TAG_LEN; i++) { + if (tmp_tag[i] != auth_tag[i]) + return err_status_auth_fail; + } + + /* bump down the opaque_len to reflect the authentication tag */ + *opaque_len -= TAG_LEN; + + /* decrypt the confidential data */ + status = aes_cbc_context_init(&aes_ctx, key, direction_decrypt); + if (status) return status; + status = aes_cbc_set_iv(&aes_ctx, iv); + if (status) return status; + +#if DEBUG + printf("ciphertext: %s\n", octet_string_hex_string(opaque, *opaque_len)); + printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN)); +#endif + +#if ENC + status = aes_cbc_nist_decrypt(&aes_ctx, opaque, &ciphertext_len); + if (status) return status; +#endif + +#if DEBUG + printf("plaintext len: %d\n", ciphertext_len); + printf("plaintext: %s\n", + octet_string_hex_string(opaque, ciphertext_len)); +#endif + + /* indicate the length of the plaintext */ + *opaque_len = ciphertext_len; + } + + return err_status_ok; +} + +cryptoalg_ctx_t cryptoalg_ctx = { + aes_128_cbc_hmac_sha1_96_enc, + aes_128_cbc_hmac_sha1_96_dec, + KEY_LEN, + IV_LEN, + TAG_LEN, + MAX_EXPAND, +}; + +cryptoalg_t cryptoalg = &cryptoalg_ctx; + +#define NULL_TAG_LEN 12 + +err_status_t +null_enc(void *key, + const void *clear, + unsigned clear_len, + void *iv, + void *opaque, + unsigned *opaque_len) { + int i; + unsigned char *auth_tag; + unsigned char *init_vec = iv; + + /* check if we're doing authentication only */ + if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) { + + /* perform authentication only */ + + } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { + + /* + * bad parameter - we expect either all three pointers to be NULL, + * or none of those pointers to be NULL + */ + return err_status_fail; + + } else { + +#if DEBUG + printf("NULL ENC using key %s\n", octet_string_hex_string(key, KEY_LEN)); + printf("NULL_TAG_LEN: %d\n", NULL_TAG_LEN); + printf("plaintext len: %d\n", *opaque_len); +#endif + for (i=0; i < IV_LEN; i++) + init_vec[i] = i + (i * 16); +#if DEBUG + printf("iv: %s\n", + octet_string_hex_string(iv, IV_LEN)); + printf("plaintext: %s\n", + octet_string_hex_string(opaque, *opaque_len)); +#endif + auth_tag = opaque; + auth_tag += *opaque_len; + for (i=0; i < NULL_TAG_LEN; i++) + auth_tag[i] = i + (i * 16); + *opaque_len += NULL_TAG_LEN; +#if DEBUG + printf("protected data len: %d\n", *opaque_len); + printf("protected data: %s\n", + octet_string_hex_string(opaque, *opaque_len)); +#endif + + } + + return err_status_ok; +} + +err_status_t +null_dec(void *key, + const void *clear, + unsigned clear_len, + void *iv, + void *opaque, + unsigned *opaque_len) { + unsigned char *auth_tag; + + /* check if we're doing authentication only */ + if ((iv == NULL) && (opaque == NULL) && (opaque_len == NULL)) { + + /* perform authentication only */ + + } else if ((iv == NULL) || (opaque == NULL) || (opaque_len == NULL)) { + + /* + * bad parameter - we expect either all three pointers to be NULL, + * or none of those pointers to be NULL + */ + return err_status_fail; + + } else { + +#if DEBUG + printf("NULL DEC using key %s\n", octet_string_hex_string(key, KEY_LEN)); + + printf("protected data len: %d\n", *opaque_len); + printf("protected data: %s\n", + octet_string_hex_string(opaque, *opaque_len)); +#endif + auth_tag = opaque; + auth_tag += (*opaque_len - NULL_TAG_LEN); +#if DEBUG + printf("iv: %s\n", octet_string_hex_string(iv, IV_LEN)); +#endif + *opaque_len -= NULL_TAG_LEN; +#if DEBUG + printf("plaintext len: %d\n", *opaque_len); + printf("plaintext: %s\n", + octet_string_hex_string(opaque, *opaque_len)); +#endif + } + + return err_status_ok; +} + +cryptoalg_ctx_t null_cryptoalg_ctx = { + null_enc, + null_dec, + KEY_LEN, + IV_LEN, + NULL_TAG_LEN, + MAX_EXPAND, +}; + +cryptoalg_t null_cryptoalg = &null_cryptoalg_ctx; + +int +cryptoalg_get_id(cryptoalg_t c) { + if (c == cryptoalg) + return 1; + return 0; +} + +cryptoalg_t +cryptoalg_find_by_id(int id) { + switch(id) { + case 1: + return cryptoalg; + default: + break; + } + return 0; +} diff --git a/third_party/srtp/crypto/cipher/aes.c b/third_party/srtp/crypto/cipher/aes.c new file mode 100644 index 0000000..f1286c3 --- /dev/null +++ b/third_party/srtp/crypto/cipher/aes.c @@ -0,0 +1,1951 @@ +/* + * aes.c + * + * An implemnetation of the AES block cipher. + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "aes.h" +#include "err.h" + +/* + * we use the tables T0, T1, T2, T3, and T4 to compute AES, and + * the tables U0, U1, U2, and U4 to compute its inverse + * + * different tables are used on little-endian (Intel, VMS) and + * big-endian processors (everything else) + * + * these tables are computed using the program tables/aes_tables; use + * this program to generate different tables for porting or + * optimization on a different platform + */ + +#ifndef WORDS_BIGENDIAN + +static uint32_t T0[256] = { + 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, + 0xdf2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, + 0x50303060, 0x3010102, 0xa96767ce, 0x7d2b2b56, + 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, + 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, + 0x15fafaef, 0xeb5959b2, 0xc947478e, 0xbf0f0fb, + 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, + 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, + 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, + 0x5a36366c, 0x413f3f7e, 0x2f7f7f5, 0x4fcccc83, + 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x8f1f1f9, + 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, + 0xc040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, + 0x28181830, 0xa1969637, 0xf05050a, 0xb59a9a2f, + 0x907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, + 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, + 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, + 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, + 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, + 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, + 0xf55353a6, 0x68d1d1b9, 0x0, 0x2cededc1, + 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, + 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, + 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, + 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, + 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, + 0xcf45458a, 0x10f9f9e9, 0x6020204, 0x817f7ffe, + 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, + 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, + 0xad92923f, 0xbc9d9d21, 0x48383870, 0x4f5f5f1, + 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, + 0x30101020, 0x1affffe5, 0xef3f3fd, 0x6dd2d2bf, + 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, + 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, + 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, + 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, + 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, + 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, + 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, + 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, + 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, + 0xdb494992, 0xa06060c, 0x6c242448, 0xe45c5cb8, + 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, + 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, + 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, + 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, + 0xb46c6cd8, 0xfa5656ac, 0x7f4f4f3, 0x25eaeacf, + 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, + 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, + 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, + 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, + 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, + 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, + 0xd8484890, 0x5030306, 0x1f6f6f7, 0x120e0e1c, + 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, + 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, + 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, + 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, + 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, + 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, + 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, + 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, + 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, + 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c, +}; + +static uint32_t T1[256] = { + 0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d, + 0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154, + 0x30306050, 0x1010203, 0x6767cea9, 0x2b2b567d, + 0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a, + 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87, + 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b, + 0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea, + 0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b, + 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a, + 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f, + 0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908, + 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f, + 0x404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e, + 0x18183028, 0x969637a1, 0x5050a0f, 0x9a9a2fb5, + 0x7070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d, + 0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f, + 0x909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e, + 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb, + 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce, + 0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397, + 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c, + 0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed, + 0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b, + 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a, + 0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16, + 0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194, + 0x45458acf, 0xf9f9e910, 0x2020406, 0x7f7ffe81, + 0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3, + 0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a, + 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104, + 0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263, + 0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d, + 0xcdcd814c, 0xc0c1814, 0x13132635, 0xececc32f, + 0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39, + 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47, + 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695, + 0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f, + 0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83, + 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c, + 0xdedea779, 0x5e5ebce2, 0xb0b161d, 0xdbdbad76, + 0xe0e0db3b, 0x32326456, 0x3a3a744e, 0xa0a141e, + 0x494992db, 0x6060c0a, 0x2424486c, 0x5c5cb8e4, + 0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6, + 0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b, + 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7, + 0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0, + 0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25, + 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x8081018, + 0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72, + 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751, + 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21, + 0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85, + 0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa, + 0x484890d8, 0x3030605, 0xf6f6f701, 0xe0e1c12, + 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0, + 0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9, + 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233, + 0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7, + 0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920, + 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a, + 0x8c8c038f, 0xa1a159f8, 0x89890980, 0xd0d1a17, + 0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8, + 0x414182c3, 0x999929b0, 0x2d2d5a77, 0xf0f1e11, + 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a, +}; + +static uint32_t T2[256] = { + 0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b, + 0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5, + 0x30605030, 0x1020301, 0x67cea967, 0x2b567d2b, + 0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76, + 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d, + 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0, + 0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf, + 0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0, + 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26, + 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc, + 0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1, + 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15, + 0x4080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3, + 0x18302818, 0x9637a196, 0x50a0f05, 0x9a2fb59a, + 0x70e0907, 0x12243612, 0x801b9b80, 0xe2df3de2, + 0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75, + 0x9121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a, + 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0, + 0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3, + 0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784, + 0x53a6f553, 0xd1b968d1, 0x0, 0xedc12ced, + 0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b, + 0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39, + 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf, + 0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb, + 0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485, + 0x458acf45, 0xf9e910f9, 0x2040602, 0x7ffe817f, + 0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8, + 0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f, + 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5, + 0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321, + 0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2, + 0xcd814ccd, 0xc18140c, 0x13263513, 0xecc32fec, + 0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917, + 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d, + 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573, + 0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc, + 0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388, + 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14, + 0xdea779de, 0x5ebce25e, 0xb161d0b, 0xdbad76db, + 0xe0db3be0, 0x32645632, 0x3a744e3a, 0xa141e0a, + 0x4992db49, 0x60c0a06, 0x24486c24, 0x5cb8e45c, + 0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662, + 0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79, + 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d, + 0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9, + 0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea, + 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x8101808, + 0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e, + 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6, + 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f, + 0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a, + 0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66, + 0x4890d848, 0x3060503, 0xf6f701f6, 0xe1c120e, + 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9, + 0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e, + 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311, + 0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794, + 0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9, + 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf, + 0x8c038f8c, 0xa159f8a1, 0x89098089, 0xd1a170d, + 0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868, + 0x4182c341, 0x9929b099, 0x2d5a772d, 0xf1e110f, + 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16, +}; + +static uint32_t T3[256] = { + 0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b, + 0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5, + 0x60503030, 0x2030101, 0xcea96767, 0x567d2b2b, + 0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676, + 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d, + 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0, + 0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf, + 0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0, + 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626, + 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc, + 0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1, + 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515, + 0x80c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3, + 0x30281818, 0x37a19696, 0xa0f0505, 0x2fb59a9a, + 0xe090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2, + 0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575, + 0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a, + 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0, + 0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3, + 0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484, + 0xa6f55353, 0xb968d1d1, 0x0, 0xc12ceded, + 0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b, + 0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939, + 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf, + 0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb, + 0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585, + 0x8acf4545, 0xe910f9f9, 0x4060202, 0xfe817f7f, + 0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8, + 0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x58a8f8f, + 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5, + 0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121, + 0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2, + 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec, + 0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717, + 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d, + 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373, + 0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc, + 0x44662222, 0x547e2a2a, 0x3bab9090, 0xb838888, + 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414, + 0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb, + 0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a, + 0x92db4949, 0xc0a0606, 0x486c2424, 0xb8e45c5c, + 0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262, + 0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979, + 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d, + 0x18c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9, + 0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea, + 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808, + 0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e, + 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6, + 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f, + 0x96dd4b4b, 0x61dcbdbd, 0xd868b8b, 0xf858a8a, + 0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666, + 0x90d84848, 0x6050303, 0xf701f6f6, 0x1c120e0e, + 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9, + 0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e, + 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111, + 0xd2bb6969, 0xa970d9d9, 0x7898e8e, 0x33a79494, + 0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9, + 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf, + 0x38f8c8c, 0x59f8a1a1, 0x9808989, 0x1a170d0d, + 0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868, + 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f, + 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616, +}; + +static uint32_t U0[256] = { + 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, + 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b, + 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5, + 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5, + 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d, + 0x2752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b, + 0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295, + 0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e, + 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927, + 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, + 0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362, + 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9, + 0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52, + 0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566, + 0x728ebb2, 0x3c2b52f, 0x9a7bc586, 0xa50837d3, + 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, + 0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e, + 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4, + 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4, + 0x39ec830b, 0xaaef6040, 0x69f715e, 0x51106ebd, + 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d, + 0xb58d5491, 0x55dc471, 0x6fd40604, 0xff155060, + 0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967, + 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879, + 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x0, + 0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c, + 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36, + 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624, + 0xb1670a0c, 0xfe75793, 0xd296eeb4, 0x9e919b1b, + 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c, + 0xaba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, + 0xb0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14, + 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3, + 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b, + 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8, + 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684, + 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, + 0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177, + 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947, + 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, + 0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498, + 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f, + 0xe49d3a2c, 0xd927850, 0x9bcc5f6a, 0x62467e54, + 0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382, + 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf, + 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, + 0x97826cd, 0xf418596e, 0x1b79aec, 0xa89a4f83, + 0x656e95e6, 0x7ee6ffaa, 0x8cfbc21, 0xe6e815ef, + 0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029, + 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235, + 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733, + 0x4a9804f1, 0xf7daec41, 0xe50cd7f, 0x2ff69117, + 0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4, + 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546, + 0x4ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, + 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d, + 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb, + 0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a, + 0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773, + 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478, + 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, + 0x72c31d16, 0xc25e2bc, 0x8b493c28, 0x41950dff, + 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664, + 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0, +}; + +static uint32_t U1[256] = { + 0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96, + 0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x3e34b93, + 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525, + 0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f, + 0x5ab1de49, 0x1bba2567, 0xeea4598, 0xc0fe5de1, + 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6, + 0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da, + 0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44, + 0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd, + 0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4, + 0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245, + 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994, + 0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7, + 0xd373ab23, 0x24b72e2, 0x8f1fe357, 0xab55662a, + 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x837d3a5, + 0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c, + 0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1, + 0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a, + 0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475, + 0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51, + 0x8a213ef9, 0x6dd963d, 0x53eddae, 0xbde64d46, + 0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff, + 0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777, + 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db, + 0xa7ca147, 0xf427ce9, 0x1e84f8c9, 0x0, + 0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e, + 0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627, + 0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a, + 0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e, + 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16, + 0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d, + 0xd090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8, + 0x19f15785, 0x775af4c, 0xdd99eebb, 0x607fa3fd, + 0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34, + 0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863, + 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420, + 0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d, + 0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0, + 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722, + 0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef, + 0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0xbd49836, + 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4, + 0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462, + 0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5, + 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3, + 0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b, + 0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8, + 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6, + 0x9be7bad9, 0x366f4ace, 0x99fead4, 0x7cb029d6, + 0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0, + 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315, + 0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f, + 0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x496e4df, + 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f, + 0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e, + 0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13, + 0x61d79a8c, 0xca1377a, 0x14f8598e, 0x3c13eb89, + 0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c, + 0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf, + 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886, + 0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f, + 0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41, + 0x1a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490, + 0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042, +}; + +static uint32_t U2[256] = { + 0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e, + 0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303, + 0x302055fa, 0x76adf66d, 0xcc889176, 0x2f5254c, + 0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3, + 0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0, + 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9, + 0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59, + 0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8, + 0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71, + 0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a, + 0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f, + 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x8f9942b, + 0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8, + 0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab, + 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508, + 0x2830f287, 0xbf23b2a5, 0x302ba6a, 0x16ed5c82, + 0xcf8a2b1c, 0x79a792b4, 0x7f3f0f2, 0x694ea1e2, + 0xda65cdf4, 0x506d5be, 0x34d11f62, 0xa6c48afe, + 0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb, + 0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110, + 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd, + 0x5491b58d, 0xc471055d, 0x6046fd4, 0x5060ff15, + 0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e, + 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee, + 0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x0, + 0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72, + 0xefdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739, + 0xf0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e, + 0xa0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91, + 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a, + 0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17, + 0x90e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9, + 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60, + 0x1f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e, + 0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1, + 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011, + 0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1, + 0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3, + 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264, + 0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90, + 0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b, + 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf, + 0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246, + 0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af, + 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312, + 0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb, + 0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a, + 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8, + 0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c, + 0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066, + 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8, + 0x4f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6, + 0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04, + 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51, + 0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0xbfb2e41, + 0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347, + 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c, + 0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1, + 0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37, + 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db, + 0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40, + 0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0xdff4195, + 0xa8397101, 0xc08deb3, 0xb4d89ce4, 0x566490c1, + 0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257, +}; + +static uint32_t U3[256] = { + 0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27, + 0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3, + 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02, + 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362, + 0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe, + 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3, + 0x3e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952, + 0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9, + 0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9, + 0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace, + 0x63184adf, 0xe582311a, 0x97603351, 0x62457f53, + 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08, + 0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b, + 0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55, + 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837, + 0x30f28728, 0x23b2a5bf, 0x2ba6a03, 0xed5c8216, + 0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269, + 0x65cdf4da, 0x6d5be05, 0xd11f6234, 0xc48afea6, + 0x349d532e, 0xa2a055f3, 0x532e18a, 0xa475ebf6, + 0xb39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e, + 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6, + 0x91b58d54, 0x71055dc4, 0x46fd406, 0x60ff1550, + 0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9, + 0xb0bd42e8, 0x7888b89, 0xe7385b19, 0x79dbeec8, + 0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x0, + 0x9838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a, + 0xfdfbff0e, 0xf563885, 0x3d1ed5ae, 0x3627392d, + 0xa64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36, + 0xcb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b, + 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12, + 0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b, + 0xe0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e, + 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f, + 0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb, + 0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4, + 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6, + 0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129, + 0x1d4b2f9e, 0xdcf330b2, 0xdec5286, 0x77d0e3c1, + 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9, + 0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033, + 0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4, + 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad, + 0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e, + 0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3, + 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225, + 0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b, + 0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f, + 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815, + 0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0, + 0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2, + 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7, + 0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691, + 0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496, + 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165, + 0x9d04ea5e, 0x15d358c, 0xfa737487, 0xfb2e410b, + 0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6, + 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13, + 0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147, + 0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7, + 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44, + 0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3, + 0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d, + 0x397101a8, 0x8deb30c, 0xd89ce4b4, 0x6490c156, + 0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8, +}; + +#else /* assume big endian */ + +static uint32_t T0[256] = { + 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, + 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, + 0x60303050, 0x2010103, 0xce6767a9, 0x562b2b7d, + 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, + 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87, + 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, + 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, + 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b, + 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, + 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, + 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108, + 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, + 0x804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, + 0x30181828, 0x379696a1, 0xa05050f, 0x2f9a9ab5, + 0xe070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, + 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, + 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e, + 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, + 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, + 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497, + 0xa65353f5, 0xb9d1d168, 0x0, 0xc1eded2c, + 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, + 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b, + 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, + 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, + 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594, + 0x8a4545cf, 0xe9f9f910, 0x4020206, 0xfe7f7f81, + 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, + 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x58f8f8a, + 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, + 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, + 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d, + 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, + 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, + 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47, + 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, + 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, + 0x44222266, 0x542a2a7e, 0x3b9090ab, 0xb888883, + 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, + 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, + 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e, + 0x924949db, 0xc06060a, 0x4824246c, 0xb85c5ce4, + 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, + 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b, + 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, + 0x18d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, + 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25, + 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, + 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, + 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651, + 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, + 0x964b4bdd, 0x61bdbddc, 0xd8b8b86, 0xf8a8a85, + 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa, + 0x904848d8, 0x6030305, 0xf7f6f601, 0x1c0e0e12, + 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, + 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9, + 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, + 0xd26969bb, 0xa9d9d970, 0x78e8e89, 0x339494a7, + 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920, + 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, + 0x38c8c8f, 0x59a1a1f8, 0x9898980, 0x1a0d0d17, + 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8, + 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, + 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a, +}; + +static uint32_t T1[256] = { + 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, + 0xdfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, + 0x50603030, 0x3020101, 0xa9ce6767, 0x7d562b2b, + 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676, + 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d, + 0x15effafa, 0xebb25959, 0xc98e4747, 0xbfbf0f0, + 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf, + 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0, + 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626, + 0x5a6c3636, 0x417e3f3f, 0x2f5f7f7, 0x4f83cccc, + 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x8f9f1f1, + 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515, + 0xc080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3, + 0x28301818, 0xa1379696, 0xf0a0505, 0xb52f9a9a, + 0x90e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2, + 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575, + 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a, + 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0, + 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3, + 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484, + 0xf5a65353, 0x68b9d1d1, 0x0, 0x2cc1eded, + 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b, + 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939, + 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf, + 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb, + 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585, + 0xcf8a4545, 0x10e9f9f9, 0x6040202, 0x81fe7f7f, + 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8, + 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f, + 0xad3f9292, 0xbc219d9d, 0x48703838, 0x4f1f5f5, + 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121, + 0x30201010, 0x1ae5ffff, 0xefdf3f3, 0x6dbfd2d2, + 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec, + 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717, + 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d, + 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373, + 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc, + 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888, + 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414, + 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb, + 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a, + 0xdb924949, 0xa0c0606, 0x6c482424, 0xe4b85c5c, + 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262, + 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979, + 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d, + 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9, + 0xb4d86c6c, 0xfaac5656, 0x7f3f4f4, 0x25cfeaea, + 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808, + 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e, + 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6, + 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f, + 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a, + 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666, + 0xd8904848, 0x5060303, 0x1f7f6f6, 0x121c0e0e, + 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9, + 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e, + 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111, + 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494, + 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9, + 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf, + 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d, + 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868, + 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f, + 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616, +}; + +static uint32_t T2[256] = { + 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b, + 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5, + 0x30506030, 0x1030201, 0x67a9ce67, 0x2b7d562b, + 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76, + 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d, + 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0, + 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af, + 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0, + 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26, + 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc, + 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1, + 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15, + 0x40c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3, + 0x18283018, 0x96a13796, 0x50f0a05, 0x9ab52f9a, + 0x7090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2, + 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75, + 0x91b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a, + 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0, + 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3, + 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384, + 0x53f5a653, 0xd168b9d1, 0x0, 0xed2cc1ed, + 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b, + 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239, + 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf, + 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb, + 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185, + 0x45cf8a45, 0xf910e9f9, 0x2060402, 0x7f81fe7f, + 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8, + 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f, + 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5, + 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221, + 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2, + 0xcd4c81cd, 0xc14180c, 0x13352613, 0xec2fc3ec, + 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17, + 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d, + 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673, + 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc, + 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88, + 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814, + 0xde79a7de, 0x5ee2bc5e, 0xb1d160b, 0xdb76addb, + 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0xa1e140a, + 0x49db9249, 0x60a0c06, 0x246c4824, 0x5ce4b85c, + 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462, + 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279, + 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d, + 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9, + 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea, + 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x8181008, + 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e, + 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6, + 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f, + 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a, + 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66, + 0x48d89048, 0x3050603, 0xf601f7f6, 0xe121c0e, + 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9, + 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e, + 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211, + 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394, + 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9, + 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df, + 0x8c8f038c, 0xa1f859a1, 0x89800989, 0xd171a0d, + 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068, + 0x41c38241, 0x99b02999, 0x2d775a2d, 0xf111e0f, + 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16, +}; + +static uint32_t T3[256] = { + 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6, + 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491, + 0x30305060, 0x1010302, 0x6767a9ce, 0x2b2b7d56, + 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec, + 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa, + 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb, + 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45, + 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b, + 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c, + 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83, + 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9, + 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a, + 0x4040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d, + 0x18182830, 0x9696a137, 0x5050f0a, 0x9a9ab52f, + 0x707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf, + 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea, + 0x9091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34, + 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b, + 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d, + 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713, + 0x5353f5a6, 0xd1d168b9, 0x0, 0xeded2cc1, + 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6, + 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72, + 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85, + 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed, + 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411, + 0x4545cf8a, 0xf9f910e9, 0x2020604, 0x7f7f81fe, + 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b, + 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05, + 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1, + 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342, + 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf, + 0xcdcd4c81, 0xc0c1418, 0x13133526, 0xecec2fc3, + 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e, + 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a, + 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6, + 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3, + 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b, + 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28, + 0xdede79a7, 0x5e5ee2bc, 0xb0b1d16, 0xdbdb76ad, + 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0xa0a1e14, + 0x4949db92, 0x6060a0c, 0x24246c48, 0x5c5ce4b8, + 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4, + 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2, + 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da, + 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049, + 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf, + 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x8081810, + 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c, + 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197, + 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e, + 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f, + 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc, + 0x4848d890, 0x3030506, 0xf6f601f7, 0xe0e121c, + 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069, + 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927, + 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322, + 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733, + 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9, + 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5, + 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0xd0d171a, + 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0, + 0x4141c382, 0x9999b029, 0x2d2d775a, 0xf0f111e, + 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c, +}; + +static uint32_t U0[256] = { + 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, + 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, + 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25, + 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, + 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1, + 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6, + 0x38f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, + 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844, + 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd, + 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, + 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45, + 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94, + 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, + 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a, + 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5, + 0x302887f2, 0x23bfa5b2, 0x2036aba, 0xed16825c, + 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1, + 0x65daf4cd, 0x605bed5, 0xd134621f, 0xc4a6fe8a, + 0x342e539d, 0xa2f355a0, 0x58ae132, 0xa4f6eb75, + 0xb83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051, + 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46, + 0x91548db5, 0x71c45d05, 0x406d46f, 0x605015ff, + 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77, + 0xb0e842bd, 0x7898b88, 0xe7195b38, 0x79c8eedb, + 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x0, + 0x9808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e, + 0xfd0efffb, 0xf853856, 0x3daed51e, 0x362d3927, + 0xa0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, + 0xc0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e, + 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16, + 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, + 0xe090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8, + 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd, + 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, + 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163, + 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120, + 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, + 0x1d9e2f4b, 0xdcb230f3, 0xd8652ec, 0x77c1e3d0, + 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422, + 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, + 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36, + 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4, + 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, + 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5, + 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3, + 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, + 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8, + 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6, + 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, + 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0, + 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815, + 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f, + 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df, + 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f, + 0x9d5eea04, 0x18c355d, 0xfa877473, 0xfb0b412e, + 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713, + 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89, + 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, + 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf, + 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86, + 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, + 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541, + 0x39a80171, 0x80cb3de, 0xd8b4e49c, 0x6456c190, + 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 +}; + +static uint32_t U1[256] = { + 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, + 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, + 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c, + 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3, + 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0, + 0x2c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9, + 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259, + 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8, + 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971, + 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a, + 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f, + 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b, + 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8, + 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab, + 0x7b2eb28, 0x32fb5c2, 0x9a86c57b, 0xa5d33708, + 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682, + 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2, + 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe, + 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb, + 0x390b83ec, 0xaa4060ef, 0x65e719f, 0x51bd6e10, + 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd, + 0xb591548d, 0x571c45d, 0x6f0406d4, 0xff605015, + 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e, + 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee, + 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x0, + 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72, + 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39, + 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e, + 0xb10c0a67, 0xf9357e7, 0xd2b4ee96, 0x9e1b9b91, + 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a, + 0xae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17, + 0xb0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9, + 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60, + 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e, + 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1, + 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611, + 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1, + 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3, + 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964, + 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390, + 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b, + 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf, + 0xe42c3a9d, 0xd507892, 0x9b6a5fcc, 0x62547e46, + 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af, + 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512, + 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb, + 0x9cd2678, 0xf46e5918, 0x1ec9ab7, 0xa8834f9a, + 0x65e6956e, 0x7eaaffe6, 0x821bccf, 0xe6ef15e8, + 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c, + 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266, + 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8, + 0x4af10498, 0xf741ecda, 0xe7fcd50, 0x2f1791f6, + 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604, + 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551, + 0x49d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41, + 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647, + 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c, + 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1, + 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737, + 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db, + 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340, + 0x72161dc3, 0xcbce225, 0x8b283c49, 0x41ff0d95, + 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1, + 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857 +}; + +static uint32_t U2[256] = { + 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27, + 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x3934be3, + 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502, + 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562, + 0x5a49deb1, 0x1b6725ba, 0xe9845ea, 0xc0e15dfe, + 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3, + 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552, + 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9, + 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9, + 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce, + 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253, + 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908, + 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b, + 0xd323ab73, 0x2e2724b, 0x8f57e31f, 0xab2a6655, + 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x8a5d337, + 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16, + 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69, + 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6, + 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6, + 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e, + 0x8af93e21, 0x63d96dd, 0x5aedd3e, 0xbd464de6, + 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050, + 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9, + 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8, + 0xa47a17c, 0xfe97c42, 0x1ec9f884, 0x0, + 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a, + 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d, + 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436, + 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b, + 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12, + 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b, + 0xd0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e, + 0x198557f1, 0x74caf75, 0xddbbee99, 0x60fda37f, + 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb, + 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4, + 0xdccad731, 0x85104263, 0x22401397, 0x112084c6, + 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729, + 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1, + 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9, + 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233, + 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0xb3698d4, + 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad, + 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e, + 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3, + 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25, + 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b, + 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f, + 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15, + 0x9bd9bae7, 0x36ce4a6f, 0x9d4ea9f, 0x7cd629b0, + 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2, + 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7, + 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791, + 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x4dfe496, + 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665, + 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b, + 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6, + 0x618c9ad7, 0xc7a37a1, 0x148e59f8, 0x3c89eb13, + 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47, + 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7, + 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844, + 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3, + 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d, + 0x17139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456, + 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8 +}; + +static uint32_t U3[256] = { + 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a, + 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b, + 0x30fa5520, 0x766df6ad, 0xcc769188, 0x24c25f5, + 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5, + 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d, + 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b, + 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95, + 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e, + 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27, + 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d, + 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562, + 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x82b94f9, + 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752, + 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66, + 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3, + 0x2887f230, 0xbfa5b223, 0x36aba02, 0x16825ced, + 0xcf1c2b8a, 0x79b492a7, 0x7f2f0f3, 0x69e2a14e, + 0xdaf4cd65, 0x5bed506, 0x34621fd1, 0xa6fe8ac4, + 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4, + 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd, + 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d, + 0x548db591, 0xc45d0571, 0x6d46f04, 0x5015ff60, + 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767, + 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79, + 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x0, + 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c, + 0xefffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736, + 0xfd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24, + 0xa67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b, + 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c, + 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12, + 0x90d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814, + 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3, + 0x1269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b, + 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8, + 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084, + 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7, + 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077, + 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247, + 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22, + 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698, + 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f, + 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254, + 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582, + 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf, + 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb, + 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883, + 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef, + 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629, + 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035, + 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533, + 0x4984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17, + 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4, + 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46, + 0x5eea049d, 0x8c355d01, 0x877473fa, 0xb412efb, + 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d, + 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb, + 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a, + 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73, + 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678, + 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2, + 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0xd9541ff, + 0xa8017139, 0xcb3de08, 0xb4e49cd8, 0x56c19064, + 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0 +}; + +#endif + +/* + * the following tables (aes_sbox, aes_inv_sbox, T4, U4) are + * endian-neutral + */ + +static uint8_t +aes_sbox[256] = { + 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, + 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, + 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, + 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, + 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, + 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, + 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, + 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, + 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, + 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, + 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, + 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, + 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, + 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, + 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, + 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, + 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, + 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, + 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, + 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, + 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, + 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, + 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, + 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, + 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, + 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, + 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, + 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, + 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, + 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, + 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, + 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 +}; + +#ifndef CPU_RISC +static uint8_t +aes_inv_sbox[256] = { + 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, + 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, + 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, + 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, + 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, + 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, + 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, + 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, + 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, + 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, + 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, + 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, + 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, + 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, + 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, + 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, + 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, + 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, + 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, + 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, + 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, + 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, + 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, + 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, + 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, + 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, + 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, + 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, + 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, + 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, + 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d +}; +#endif /* ! CPU_RISC */ + +#ifdef CPU_RISC +static uint32_t +T4[256] = { + 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b, + 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5, + 0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b, + 0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676, + 0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d, + 0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0, + 0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf, + 0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0, + 0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626, + 0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc, + 0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1, + 0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515, + 0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3, + 0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a, + 0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2, + 0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575, + 0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a, + 0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0, + 0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3, + 0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484, + 0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed, + 0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b, + 0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939, + 0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf, + 0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb, + 0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585, + 0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f, + 0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8, + 0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f, + 0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5, + 0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121, + 0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2, + 0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec, + 0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717, + 0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d, + 0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373, + 0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc, + 0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888, + 0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414, + 0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb, + 0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a, + 0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c, + 0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262, + 0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979, + 0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d, + 0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9, + 0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea, + 0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808, + 0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e, + 0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6, + 0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f, + 0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a, + 0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666, + 0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e, + 0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9, + 0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e, + 0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111, + 0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494, + 0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9, + 0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf, + 0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d, + 0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868, + 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f, + 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616 +}; + +static uint32_t U4[256] = { + 0x52525252, 0x9090909, 0x6a6a6a6a, 0xd5d5d5d5, + 0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838, + 0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e, + 0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb, + 0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282, + 0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787, + 0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444, + 0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb, + 0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232, + 0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d, + 0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0xb0b0b0b, + 0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e, + 0x8080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666, + 0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2, + 0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949, + 0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525, + 0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464, + 0x86868686, 0x68686868, 0x98989898, 0x16161616, + 0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc, + 0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292, + 0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050, + 0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada, + 0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757, + 0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484, + 0x90909090, 0xd8d8d8d8, 0xabababab, 0x0, + 0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0xa0a0a0a, + 0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x5050505, + 0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x6060606, + 0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f, + 0xcacacaca, 0x3f3f3f3f, 0xf0f0f0f, 0x2020202, + 0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x3030303, + 0x1010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b, + 0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141, + 0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea, + 0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece, + 0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373, + 0x96969696, 0xacacacac, 0x74747474, 0x22222222, + 0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585, + 0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8, + 0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e, + 0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171, + 0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989, + 0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0xe0e0e0e, + 0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b, + 0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b, + 0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020, + 0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe, + 0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4, + 0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333, + 0x88888888, 0x7070707, 0xc7c7c7c7, 0x31313131, + 0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959, + 0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f, + 0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9, + 0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0xd0d0d0d, + 0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f, + 0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef, + 0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d, + 0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0, + 0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c, + 0x83838383, 0x53535353, 0x99999999, 0x61616161, + 0x17171717, 0x2b2b2b2b, 0x4040404, 0x7e7e7e7e, + 0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626, + 0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363, + 0x55555555, 0x21212121, 0xc0c0c0c, 0x7d7d7d7d +}; +#endif /* CPU_RISC */ + + +/* aes internals */ + +extern debug_module_t mod_aes_icm; + +void +aes_expand_encryption_key(const v128_t *key, + aes_expanded_key_t expanded_key) { + int i; + gf2_8 rc; + + /* initialize round constant */ + rc = 1; + + expanded_key[0].v32[0] = key->v32[0]; + expanded_key[0].v32[1] = key->v32[1]; + expanded_key[0].v32[2] = key->v32[2]; + expanded_key[0].v32[3] = key->v32[3]; + +#if 0 + debug_print(mod_aes_icm, + "expanded key[0]: %s", v128_hex_string(&expanded_key[0])); +#endif + + /* loop over round keys */ + for (i=1; i < 11; i++) { + + /* munge first word of round key */ + expanded_key[i].v8[0] = aes_sbox[expanded_key[i-1].v8[13]] ^ rc; + expanded_key[i].v8[1] = aes_sbox[expanded_key[i-1].v8[14]]; + expanded_key[i].v8[2] = aes_sbox[expanded_key[i-1].v8[15]]; + expanded_key[i].v8[3] = aes_sbox[expanded_key[i-1].v8[12]]; + + expanded_key[i].v32[0] ^= expanded_key[i-1].v32[0]; + + /* set remaining 32 bit words to the exor of the one previous with + * the one four words previous */ + + expanded_key[i].v32[1] = + expanded_key[i].v32[0] ^ expanded_key[i-1].v32[1]; + + expanded_key[i].v32[2] = + expanded_key[i].v32[1] ^ expanded_key[i-1].v32[2]; + + expanded_key[i].v32[3] = + expanded_key[i].v32[2] ^ expanded_key[i-1].v32[3]; + +#if 0 + debug_print2(mod_aes_icm, + "expanded key[%d]: %s", i,v128_hex_string(&expanded_key[i])); +#endif + + /* modify round constant */ + rc = gf2_8_shift(rc); + + } +} + +void +aes_expand_decryption_key(const v128_t *key, + aes_expanded_key_t expanded_key) { + int i; + + aes_expand_encryption_key(key, expanded_key); + + /* invert the order of the round keys */ + for (i=0; i < 5; i++) { + v128_t tmp; + v128_copy(&tmp, &expanded_key[10-i]); + v128_copy(&expanded_key[10-i], &expanded_key[i]); + v128_copy(&expanded_key[i], &tmp); + } + + /* + * apply the inverse mixColumn transform to the round keys (except + * for the first and the last) + * + * mixColumn is implemented by using the tables U0, U1, U2, U3, + * followed by the T4 table (which cancels out the use of the sbox + * in the U-tables) + */ + for (i=1; i < 10; i++) { +#ifdef CPU_RISC + uint32_t tmp; + + tmp = expanded_key[i].v32[0]; + expanded_key[i].v32[0] = + U0[T4[(tmp >> 24) ] & 0xff] ^ + U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ + U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ + U3[T4[(tmp) & 0xff] & 0xff]; + + tmp = expanded_key[i].v32[1]; + expanded_key[i].v32[1] = + U0[T4[(tmp >> 24) ] & 0xff] ^ + U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ + U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ + U3[T4[(tmp) & 0xff] & 0xff]; + + tmp = expanded_key[i].v32[2]; + expanded_key[i].v32[2] = + U0[T4[(tmp >> 24) ] & 0xff] ^ + U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ + U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ + U3[T4[(tmp) & 0xff] & 0xff]; + + tmp = expanded_key[i].v32[3]; + expanded_key[i].v32[3] = + U0[T4[(tmp >> 24) ] & 0xff] ^ + U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ + U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ + U3[T4[(tmp) & 0xff] & 0xff]; +#else /* assume CPU_CISC */ + + uint32_t c0, c1, c2, c3; + + c0 = U0[aes_sbox[expanded_key[i].v8[0]]] + ^ U1[aes_sbox[expanded_key[i].v8[1]]] + ^ U2[aes_sbox[expanded_key[i].v8[2]]] + ^ U3[aes_sbox[expanded_key[i].v8[3]]]; + + c1 = U0[aes_sbox[expanded_key[i].v8[4]]] + ^ U1[aes_sbox[expanded_key[i].v8[5]]] + ^ U2[aes_sbox[expanded_key[i].v8[6]]] + ^ U3[aes_sbox[expanded_key[i].v8[7]]]; + + c2 = U0[aes_sbox[expanded_key[i].v8[8]]] + ^ U1[aes_sbox[expanded_key[i].v8[9]]] + ^ U2[aes_sbox[expanded_key[i].v8[10]]] + ^ U3[aes_sbox[expanded_key[i].v8[11]]]; + + c3 = U0[aes_sbox[expanded_key[i].v8[12]]] + ^ U1[aes_sbox[expanded_key[i].v8[13]]] + ^ U2[aes_sbox[expanded_key[i].v8[14]]] + ^ U3[aes_sbox[expanded_key[i].v8[15]]]; + + expanded_key[i].v32[0] = c0; + expanded_key[i].v32[1] = c1; + expanded_key[i].v32[2] = c2; + expanded_key[i].v32[3] = c3; + +#endif + } +} + +#ifdef CPU_CISC + + +static inline void +aes_round(v128_t *state, const v128_t *round_key) { + uint32_t column0, column1, column2, column3; + + /* compute the columns of the output square in terms of the octets + of state, using the tables T0, T1, T2, T3 */ + + column0 = T0[state->v8[0]] ^ T1[state->v8[5]] + ^ T2[state->v8[10]] ^ T3[state->v8[15]]; + + column1 = T0[state->v8[4]] ^ T1[state->v8[9]] + ^ T2[state->v8[14]] ^ T3[state->v8[3]]; + + column2 = T0[state->v8[8]] ^ T1[state->v8[13]] + ^ T2[state->v8[2]] ^ T3[state->v8[7]]; + + column3 = T0[state->v8[12]] ^ T1[state->v8[1]] + ^ T2[state->v8[6]] ^ T3[state->v8[11]]; + + state->v32[0] = column0 ^ round_key->v32[0]; + state->v32[1] = column1 ^ round_key->v32[1]; + state->v32[2] = column2 ^ round_key->v32[2]; + state->v32[3] = column3 ^ round_key->v32[3]; + +} + + +static inline void +aes_inv_round(v128_t *state, const v128_t *round_key) { + uint32_t column0, column1, column2, column3; + + /* compute the columns of the output square in terms of the octets + of state, using the tables U0, U1, U2, U3 */ + + column0 = U0[state->v8[0]] ^ U1[state->v8[13]] + ^ U2[state->v8[10]] ^ U3[state->v8[7]]; + + column1 = U0[state->v8[4]] ^ U1[state->v8[1]] + ^ U2[state->v8[14]] ^ U3[state->v8[11]]; + + column2 = U0[state->v8[8]] ^ U1[state->v8[5]] + ^ U2[state->v8[2]] ^ U3[state->v8[15]]; + + column3 = U0[state->v8[12]] ^ U1[state->v8[9]] + ^ U2[state->v8[6]] ^ U3[state->v8[3]]; + + state->v32[0] = column0 ^ round_key->v32[0]; + state->v32[1] = column1 ^ round_key->v32[1]; + state->v32[2] = column2 ^ round_key->v32[2]; + state->v32[3] = column3 ^ round_key->v32[3]; + +} + +static inline void +aes_final_round(v128_t *state, const v128_t *round_key) { + uint8_t tmp; + + /* byte substitutions and row shifts */ + /* first row - no shift */ + state->v8[0] = aes_sbox[state->v8[0]]; + state->v8[4] = aes_sbox[state->v8[4]]; + state->v8[8] = aes_sbox[state->v8[8]]; + state->v8[12] = aes_sbox[state->v8[12]]; + + /* second row - shift one left */ + tmp = aes_sbox[state->v8[1]]; + state->v8[1] = aes_sbox[state->v8[5]]; + state->v8[5] = aes_sbox[state->v8[9]]; + state->v8[9] = aes_sbox[state->v8[13]]; + state->v8[13] = tmp; + + /* third row - shift two left */ + tmp = aes_sbox[state->v8[10]]; + state->v8[10] = aes_sbox[state->v8[2]]; + state->v8[2] = tmp; + tmp = aes_sbox[state->v8[14]]; + state->v8[14] = aes_sbox[state->v8[6]]; + state->v8[6] = tmp; + + /* fourth row - shift three left */ + tmp = aes_sbox[state->v8[15]]; + state->v8[15] = aes_sbox[state->v8[11]]; + state->v8[11] = aes_sbox[state->v8[7]]; + state->v8[7] = aes_sbox[state->v8[3]]; + state->v8[3] = tmp; + + v128_xor_eq(state, round_key); +} + +static inline void +aes_inv_final_round(v128_t *state, const v128_t *round_key) { + uint8_t tmp; + + /* byte substitutions and row shifts */ + /* first row - no shift */ + state->v8[0] = aes_inv_sbox[state->v8[0]]; + state->v8[4] = aes_inv_sbox[state->v8[4]]; + state->v8[8] = aes_inv_sbox[state->v8[8]]; + state->v8[12] = aes_inv_sbox[state->v8[12]]; + + /* second row - shift one right */ + tmp = aes_inv_sbox[state->v8[13]]; + state->v8[13] = aes_inv_sbox[state->v8[9]]; + state->v8[9] = aes_inv_sbox[state->v8[5]]; + state->v8[5] = aes_inv_sbox[state->v8[1]]; + state->v8[1] = tmp; + + /* third row - shift two right */ + tmp = aes_inv_sbox[state->v8[2]]; + state->v8[2] = aes_inv_sbox[state->v8[10]]; + state->v8[10] = tmp; + tmp = aes_inv_sbox[state->v8[6]]; + state->v8[6] = aes_inv_sbox[state->v8[14]]; + state->v8[14] = tmp; + + /* fourth row - shift three right */ + tmp = aes_inv_sbox[state->v8[3]]; + state->v8[3] = aes_inv_sbox[state->v8[7]]; + state->v8[7] = aes_inv_sbox[state->v8[11]]; + state->v8[11] = aes_inv_sbox[state->v8[15]]; + state->v8[15] = tmp; + + v128_xor_eq(state, round_key); +} + + +#elif CPU_RISC + +static inline void +aes_round(v128_t *state, const v128_t *round_key) { + uint32_t column0, column1, column2, column3; + + /* compute the columns of the output square in terms of the octets + of state, using the tables T0, T1, T2, T3 */ +#ifdef WORDS_BIGENDIAN + column0 = T0[state->v32[0] >> 24] ^ T1[(state->v32[1] >> 16) & 0xff] + ^ T2[(state->v32[2] >> 8) & 0xff] ^ T3[state->v32[3] & 0xff]; + + column1 = T0[state->v32[1] >> 24] ^ T1[(state->v32[2] >> 16) & 0xff] + ^ T2[(state->v32[3] >> 8) & 0xff] ^ T3[state->v32[0] & 0xff]; + + column2 = T0[state->v32[2] >> 24] ^ T1[(state->v32[3] >> 16) & 0xff] + ^ T2[(state->v32[0] >> 8) & 0xff] ^ T3[state->v32[1] & 0xff]; + + column3 = T0[state->v32[3] >> 24] ^ T1[(state->v32[0] >> 16) & 0xff] + ^ T2[(state->v32[1] >> 8) & 0xff] ^ T3[state->v32[2] & 0xff]; +#else + column0 = T0[state->v32[0] & 0xff] ^ T1[(state->v32[1] >> 8) & 0xff] + ^ T2[(state->v32[2] >> 16) & 0xff] ^ T3[state->v32[3] >> 24]; + + column1 = T0[state->v32[1] & 0xff] ^ T1[(state->v32[2] >> 8) & 0xff] + ^ T2[(state->v32[3] >> 16) & 0xff] ^ T3[state->v32[0] >> 24]; + + column2 = T0[state->v32[2] & 0xff] ^ T1[(state->v32[3] >> 8) & 0xff] + ^ T2[(state->v32[0] >> 16) & 0xff] ^ T3[state->v32[1] >> 24]; + + column3 = T0[state->v32[3] & 0xff] ^ T1[(state->v32[0] >> 8) & 0xff] + ^ T2[(state->v32[1] >> 16) & 0xff] ^ T3[state->v32[2] >> 24]; +#endif /* WORDS_BIGENDIAN */ + + state->v32[0] = column0 ^ round_key->v32[0]; + state->v32[1] = column1 ^ round_key->v32[1]; + state->v32[2] = column2 ^ round_key->v32[2]; + state->v32[3] = column3 ^ round_key->v32[3]; + +} + +static inline void +aes_inv_round(v128_t *state, const v128_t *round_key) { + uint32_t column0, column1, column2, column3; + + /* compute the columns of the output square in terms of the octets + of state, using the tables U0, U1, U2, U3 */ + +#ifdef WORDS_BIGENDIAN + /* FIX! WRong indexes */ + column0 = U0[state->v32[0] >> 24] ^ U1[(state->v32[3] >> 16) & 0xff] + ^ U2[(state->v32[2] >> 8) & 0xff] ^ U3[state->v32[1] & 0xff]; + + column1 = U0[state->v32[1] >> 24] ^ U1[(state->v32[0] >> 16) & 0xff] + ^ U2[(state->v32[3] >> 8) & 0xff] ^ U3[state->v32[2] & 0xff]; + + column2 = U0[state->v32[2] >> 24] ^ U1[(state->v32[1] >> 16) & 0xff] + ^ U2[(state->v32[0] >> 8) & 0xff] ^ U3[state->v32[3] & 0xff]; + + column3 = U0[state->v32[3] >> 24] ^ U1[(state->v32[2] >> 16) & 0xff] + ^ U2[(state->v32[1] >> 8) & 0xff] ^ U3[state->v32[0] & 0xff]; +#else + column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff] + ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[state->v32[3] >> 24]; + + column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff] + ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[state->v32[0] >> 24]; + + column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff] + ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[state->v32[1] >> 24]; + + column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff] + ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[state->v32[2] >> 24]; +#endif /* WORDS_BIGENDIAN */ + + state->v32[0] = column0 ^ round_key->v32[0]; + state->v32[1] = column1 ^ round_key->v32[1]; + state->v32[2] = column2 ^ round_key->v32[2]; + state->v32[3] = column3 ^ round_key->v32[3]; + +} + +static inline void +aes_final_round(v128_t *state, const v128_t *round_key) { + uint32_t tmp0, tmp1, tmp2, tmp3; + + tmp0 = (T4[(state->v32[0] >> 24)] & 0xff000000) + ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) + ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) + ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff) + ^ round_key->v32[0]; + + tmp1 = (T4[(state->v32[1] >> 24)] & 0xff000000) + ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) + ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) + ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff) + ^ round_key->v32[1]; + + tmp2 = (T4[(state->v32[2] >> 24)] & 0xff000000) + ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) + ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) + ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff) + ^ round_key->v32[2]; + + tmp3 = (T4[(state->v32[3] >> 24)] & 0xff000000) + ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) + ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) + ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff) + ^ round_key->v32[3]; + + state->v32[0] = tmp0; + state->v32[1] = tmp1; + state->v32[2] = tmp2; + state->v32[3] = tmp3; + +} + +static inline void +aes_inv_final_round(v128_t *state, const v128_t *round_key) { + uint32_t tmp0, tmp1, tmp2, tmp3; + + tmp0 = (U4[(state->v32[0] >> 24)] & 0xff000000) + ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) + ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) + ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff) + ^ round_key->v32[0]; + + tmp1 = (U4[(state->v32[1] >> 24)] & 0xff000000) + ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) + ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) + ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff) + ^ round_key->v32[1]; + + tmp2 = (U4[(state->v32[2] >> 24)] & 0xff000000) + ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) + ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) + ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff) + ^ round_key->v32[2]; + + tmp3 = (U4[(state->v32[3] >> 24)] & 0xff000000) + ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) + ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) + ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff) + ^ round_key->v32[3]; + + state->v32[0] = tmp0; + state->v32[1] = tmp1; + state->v32[2] = tmp2; + state->v32[3] = tmp3; + +} + +#elif CPU_16 /* assume 16-bit word size on processor */ + +static inline void +aes_round(v128_t *state, const v128_t *round_key) { + uint32_t column0, column1, column2, column3; + uint16_t c + /* compute the columns of the output square in terms of the octets + of state, using the tables T0, T1, T2, T3 */ + + column0 = T0[state->v8[0]] ^ T1[state->v8[5]] + ^ T2[state->v8[10]] ^ T3[state->v8[15]]; + + column1 = T0[state->v8[4]] ^ T1[state->v8[9]] + ^ T2[state->v8[14]] ^ T3[state->v8[3]]; + + column2 = T0[state->v8[8]] ^ T1[state->v8[13]] + ^ T2[state->v8[2]] ^ T3[state->v8[7]]; + + column3 = T0[state->v8[12]] ^ T1[state->v8[1]] + ^ T2[state->v8[6]] ^ T3[state->v8[11]]; + + state->v32[0] = column0 ^ round_key->v32[0]; + state->v32[1] = column1 ^ round_key->v32[1]; + state->v32[2] = column2 ^ round_key->v32[2]; + state->v32[3] = column3 ^ round_key->v32[3]; + +} + + +static inline void +aes_inv_round(v128_t *state, const v128_t *round_key) { + uint32_t column0, column1, column2, column3; + + /* compute the columns of the output square in terms of the octets + of state, using the tables U0, U1, U2, U3 */ + + column0 = U0[state->v8[0]] ^ U1[state->v8[5]] + ^ U2[state->v8[10]] ^ U3[state->v8[15]]; + + column1 = U0[state->v8[4]] ^ U1[state->v8[9]] + ^ U2[state->v8[14]] ^ U3[state->v8[3]]; + + column2 = U0[state->v8[8]] ^ U1[state->v8[13]] + ^ U2[state->v8[2]] ^ U3[state->v8[7]]; + + column3 = U0[state->v8[12]] ^ U1[state->v8[1]] + ^ U2[state->v8[6]] ^ U3[state->v8[11]]; + + state->v32[0] = column0 ^ round_key->v32[0]; + state->v32[1] = column1 ^ round_key->v32[1]; + state->v32[2] = column2 ^ round_key->v32[2]; + state->v32[3] = column3 ^ round_key->v32[3]; + +} + +static inline void +aes_final_round(v128_t *state, const v128_t *round_key) { + uint8_t tmp; + + /* byte substitutions and row shifts */ + /* first row - no shift */ + state->v8[0] = aes_sbox[state->v8[0]]; + state->v8[4] = aes_sbox[state->v8[4]]; + state->v8[8] = aes_sbox[state->v8[8]]; + state->v8[12] = aes_sbox[state->v8[12]]; + + /* second row - shift one left */ + tmp = aes_sbox[state->v8[1]]; + state->v8[1] = aes_sbox[state->v8[5]]; + state->v8[5] = aes_sbox[state->v8[9]]; + state->v8[9] = aes_sbox[state->v8[13]]; + state->v8[13] = tmp; + + /* third row - shift two left */ + tmp = aes_sbox[state->v8[10]]; + state->v8[10] = aes_sbox[state->v8[2]]; + state->v8[2] = tmp; + tmp = aes_sbox[state->v8[14]]; + state->v8[14] = aes_sbox[state->v8[6]]; + state->v8[6] = tmp; + + /* fourth row - shift three left */ + tmp = aes_sbox[state->v8[15]]; + state->v8[15] = aes_sbox[state->v8[11]]; + state->v8[11] = aes_sbox[state->v8[7]]; + state->v8[7] = aes_sbox[state->v8[3]]; + state->v8[3] = tmp; + + v128_xor_eq(state, round_key); +} + +static inline void +aes_inv_final_round(v128_t *state, const v128_t *round_key) { + uint8_t tmp; + + /* byte substitutions and row shifts */ + /* first row - no shift */ + state->v8[0] = aes_inv_sbox[state->v8[0]]; + state->v8[4] = aes_inv_sbox[state->v8[4]]; + state->v8[8] = aes_inv_sbox[state->v8[8]]; + state->v8[12] = aes_inv_sbox[state->v8[12]]; + + /* second row - shift one left */ + tmp = aes_inv_sbox[state->v8[1]]; + state->v8[1] = aes_inv_sbox[state->v8[5]]; + state->v8[5] = aes_inv_sbox[state->v8[9]]; + state->v8[9] = aes_inv_sbox[state->v8[13]]; + state->v8[13] = tmp; + + /* third row - shift two left */ + tmp = aes_inv_sbox[state->v8[10]]; + state->v8[10] = aes_inv_sbox[state->v8[2]]; + state->v8[2] = tmp; + tmp = aes_inv_sbox[state->v8[14]]; + state->v8[14] = aes_inv_sbox[state->v8[6]]; + state->v8[6] = tmp; + + /* fourth row - shift three left */ + tmp = aes_inv_sbox[state->v8[15]]; + state->v8[15] = aes_inv_sbox[state->v8[11]]; + state->v8[11] = aes_inv_sbox[state->v8[7]]; + state->v8[7] = aes_inv_sbox[state->v8[3]]; + state->v8[3] = tmp; + + v128_xor_eq(state, round_key); +} + +#endif /* CPU type */ + + +void +aes_encrypt(v128_t *plaintext, const aes_expanded_key_t exp_key) { + + /* add in the subkey */ + v128_xor_eq(plaintext, exp_key + 0); + + /* now do nine rounds */ + aes_round(plaintext, exp_key + 1); + aes_round(plaintext, exp_key + 2); + aes_round(plaintext, exp_key + 3); + aes_round(plaintext, exp_key + 4); + aes_round(plaintext, exp_key + 5); + aes_round(plaintext, exp_key + 6); + aes_round(plaintext, exp_key + 7); + aes_round(plaintext, exp_key + 8); + aes_round(plaintext, exp_key + 9); + /* the last round is different */ + + aes_final_round(plaintext, exp_key + 10); +} + +void +aes_decrypt(v128_t *plaintext, const aes_expanded_key_t exp_key) { + + /* add in the subkey */ + v128_xor_eq(plaintext, exp_key + 0); + + /* now do nine rounds */ + aes_inv_round(plaintext, exp_key + 1); + aes_inv_round(plaintext, exp_key + 2); + aes_inv_round(plaintext, exp_key + 3); + aes_inv_round(plaintext, exp_key + 4); + aes_inv_round(plaintext, exp_key + 5); + aes_inv_round(plaintext, exp_key + 6); + aes_inv_round(plaintext, exp_key + 7); + aes_inv_round(plaintext, exp_key + 8); + aes_inv_round(plaintext, exp_key + 9); + /* the last round is different */ + aes_inv_final_round(plaintext, exp_key + 10); +} diff --git a/third_party/srtp/crypto/cipher/aes_cbc.c b/third_party/srtp/crypto/cipher/aes_cbc.c new file mode 100644 index 0000000..8fc6a32 --- /dev/null +++ b/third_party/srtp/crypto/cipher/aes_cbc.c @@ -0,0 +1,444 @@ +/* + * aes_cbc.c + * + * AES Cipher Block Chaining Mode + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "aes_cbc.h" +#include "alloc.h" + +debug_module_t mod_aes_cbc = { + 0, /* debugging is off by default */ + "aes cbc" /* printable module name */ +}; + + + +err_status_t +aes_cbc_alloc(cipher_t **c, int key_len) { + extern cipher_type_t aes_cbc; + uint8_t *pointer; + int tmp; + + debug_print(mod_aes_cbc, + "allocating cipher with key length %d", key_len); + + if (key_len != 16) + return err_status_bad_param; + + /* allocate memory a cipher of type aes_icm */ + tmp = (sizeof(aes_cbc_ctx_t) + sizeof(cipher_t)); + pointer = (uint8_t*)crypto_alloc(tmp); + if (pointer == NULL) + return err_status_alloc_fail; + + /* set pointers */ + *c = (cipher_t *)pointer; + (*c)->type = &aes_cbc; + (*c)->state = pointer + sizeof(cipher_t); + + /* increment ref_count */ + aes_cbc.ref_count++; + + /* set key size */ + (*c)->key_len = key_len; + + return err_status_ok; +} + +err_status_t +aes_cbc_dealloc(cipher_t *c) { + extern cipher_type_t aes_cbc; + + /* zeroize entire state*/ + octet_string_set_to_zero((uint8_t *)c, + sizeof(aes_cbc_ctx_t) + sizeof(cipher_t)); + + /* free memory */ + crypto_free(c); + + /* decrement ref_count */ + aes_cbc.ref_count--; + + return err_status_ok; +} + +err_status_t +aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, + cipher_direction_t dir) { + v128_t tmp_key; + + /* set tmp_key (for alignment) */ + v128_copy_octet_string(&tmp_key, key); + + debug_print(mod_aes_cbc, + "key: %s", v128_hex_string(&tmp_key)); + + /* expand key for the appropriate direction */ + switch (dir) { + case (direction_encrypt): + aes_expand_encryption_key(&tmp_key, c->expanded_key); + break; + case (direction_decrypt): + aes_expand_decryption_key(&tmp_key, c->expanded_key); + break; + default: + return err_status_bad_param; + } + + + return err_status_ok; +} + + +err_status_t +aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv) { + int i; +/* v128_t *input = iv; */ + uint8_t *input = (uint8_t*) iv; + + /* set state and 'previous' block to iv */ + for (i=0; i < 16; i++) + c->previous.v8[i] = c->state.v8[i] = input[i]; + + debug_print(mod_aes_cbc, "setting iv: %s", v128_hex_string(&c->state)); + + return err_status_ok; +} + +err_status_t +aes_cbc_encrypt(aes_cbc_ctx_t *c, + unsigned char *data, + unsigned int *bytes_in_data) { + int i; + unsigned char *input = data; /* pointer to data being read */ + unsigned char *output = data; /* pointer to data being written */ + int bytes_to_encr = *bytes_in_data; + + /* + * verify that we're 16-octet aligned + */ + if (*bytes_in_data & 0xf) + return err_status_bad_param; + + /* + * note that we assume that the initialization vector has already + * been set, e.g. by calling aes_cbc_set_iv() + */ + debug_print(mod_aes_cbc, "iv: %s", + v128_hex_string(&c->state)); + + /* + * loop over plaintext blocks, exoring state into plaintext then + * encrypting and writing to output + */ + while (bytes_to_encr > 0) { + + /* exor plaintext into state */ + for (i=0; i < 16; i++) + c->state.v8[i] ^= *input++; + + debug_print(mod_aes_cbc, "inblock: %s", + v128_hex_string(&c->state)); + + aes_encrypt(&c->state, c->expanded_key); + + debug_print(mod_aes_cbc, "outblock: %s", + v128_hex_string(&c->state)); + + /* copy ciphertext to output */ + for (i=0; i < 16; i++) + *output++ = c->state.v8[i]; + + bytes_to_encr -= 16; + } + + return err_status_ok; +} + +err_status_t +aes_cbc_decrypt(aes_cbc_ctx_t *c, + unsigned char *data, + unsigned int *bytes_in_data) { + int i; + v128_t state, previous; + unsigned char *input = data; /* pointer to data being read */ + unsigned char *output = data; /* pointer to data being written */ + int bytes_to_encr = *bytes_in_data; + uint8_t tmp; + + /* + * verify that we're 16-octet aligned + */ + if (*bytes_in_data & 0x0f) + return err_status_bad_param; + + /* set 'previous' block to iv*/ + for (i=0; i < 16; i++) { + previous.v8[i] = c->previous.v8[i]; + } + + debug_print(mod_aes_cbc, "iv: %s", + v128_hex_string(&previous)); + + /* + * loop over ciphertext blocks, decrypting then exoring with state + * then writing plaintext to output + */ + while (bytes_to_encr > 0) { + + /* set state to ciphertext input block */ + for (i=0; i < 16; i++) { + state.v8[i] = *input++; + } + + debug_print(mod_aes_cbc, "inblock: %s", + v128_hex_string(&state)); + + /* decrypt state */ + aes_decrypt(&state, c->expanded_key); + + debug_print(mod_aes_cbc, "outblock: %s", + v128_hex_string(&state)); + + /* + * exor previous ciphertext block out of plaintext, and write new + * plaintext block to output, while copying old ciphertext block + * to the 'previous' block + */ + for (i=0; i < 16; i++) { + tmp = *output; + *output++ = state.v8[i] ^ previous.v8[i]; + previous.v8[i] = tmp; + } + + bytes_to_encr -= 16; + } + + return err_status_ok; +} + + +err_status_t +aes_cbc_nist_encrypt(aes_cbc_ctx_t *c, + unsigned char *data, + unsigned int *bytes_in_data) { + int i; + unsigned char *pad_start; + int num_pad_bytes; + err_status_t status; + + /* + * determine the number of padding bytes that we need to add - + * this value is always between 1 and 16, inclusive. + */ + num_pad_bytes = 16 - (*bytes_in_data & 0xf); + pad_start = data; + pad_start += *bytes_in_data; + *pad_start++ = 0xa0; + for (i=0; i < num_pad_bytes; i++) + *pad_start++ = 0x00; + + /* + * increment the data size + */ + *bytes_in_data += num_pad_bytes; + + /* + * now cbc encrypt the padded data + */ + status = aes_cbc_encrypt(c, data, bytes_in_data); + if (status) + return status; + + return err_status_ok; +} + + +err_status_t +aes_cbc_nist_decrypt(aes_cbc_ctx_t *c, + unsigned char *data, + unsigned int *bytes_in_data) { + unsigned char *pad_end; + int num_pad_bytes; + err_status_t status; + + /* + * cbc decrypt the padded data + */ + status = aes_cbc_decrypt(c, data, bytes_in_data); + if (status) + return status; + + /* + * determine the number of padding bytes in the decrypted plaintext + * - this value is always between 1 and 16, inclusive. + */ + num_pad_bytes = 1; + pad_end = data + (*bytes_in_data - 1); + while (*pad_end != 0xa0) { /* note: should check padding correctness */ + pad_end--; + num_pad_bytes++; + } + + /* decrement data size */ + *bytes_in_data -= num_pad_bytes; + + return err_status_ok; +} + + +char +aes_cbc_description[] = "aes cipher block chaining (cbc) mode"; + +/* + * Test case 0 is derived from FIPS 197 Appendix A; it uses an + * all-zero IV, so that the first block encryption matches the test + * case in that appendix. This property provides a check of the base + * AES encryption and decryption algorithms; if CBC fails on some + * particular platform, then you should print out AES intermediate + * data and compare with the detailed info provided in that appendix. + * + */ + + +uint8_t aes_cbc_test_case_0_key[16] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f +}; + +uint8_t aes_cbc_test_case_0_plaintext[64] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff +}; + +uint8_t aes_cbc_test_case_0_ciphertext[80] = { + 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30, + 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a, + 0x03, 0x35, 0xed, 0x27, 0x67, 0xf2, 0x6d, 0xf1, + 0x64, 0x83, 0x2e, 0x23, 0x44, 0x38, 0x70, 0x8b + +}; + +uint8_t aes_cbc_test_case_0_iv[16] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +}; + + +cipher_test_case_t aes_cbc_test_case_0 = { + 16, /* octets in key */ + aes_cbc_test_case_0_key, /* key */ + aes_cbc_test_case_0_iv, /* initialization vector */ + 16, /* octets in plaintext */ + aes_cbc_test_case_0_plaintext, /* plaintext */ + 32, /* octets in ciphertext */ + aes_cbc_test_case_0_ciphertext, /* ciphertext */ + NULL /* pointer to next testcase */ +}; + + +/* + * this test case is taken directly from Appendix F.2 of NIST Special + * Publication SP 800-38A + */ + +uint8_t aes_cbc_test_case_1_key[16] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, +}; + +uint8_t aes_cbc_test_case_1_plaintext[64] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 +}; + +uint8_t aes_cbc_test_case_1_ciphertext[80] = { + 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, + 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, + 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, + 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2, + 0x73, 0xbe, 0xd6, 0xb8, 0xe3, 0xc1, 0x74, 0x3b, + 0x71, 0x16, 0xe6, 0x9e, 0x22, 0x22, 0x95, 0x16, + 0x3f, 0xf1, 0xca, 0xa1, 0x68, 0x1f, 0xac, 0x09, + 0x12, 0x0e, 0xca, 0x30, 0x75, 0x86, 0xe1, 0xa7, + 0x39, 0x34, 0x07, 0x03, 0x36, 0xd0, 0x77, 0x99, + 0xe0, 0xc4, 0x2f, 0xdd, 0xa8, 0xdf, 0x4c, 0xa3 +}; + +uint8_t aes_cbc_test_case_1_iv[16] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f +}; + +cipher_test_case_t aes_cbc_test_case_1 = { + 16, /* octets in key */ + aes_cbc_test_case_1_key, /* key */ + aes_cbc_test_case_1_iv, /* initialization vector */ + 64, /* octets in plaintext */ + aes_cbc_test_case_1_plaintext, /* plaintext */ + 80, /* octets in ciphertext */ + aes_cbc_test_case_1_ciphertext, /* ciphertext */ + &aes_cbc_test_case_0 /* pointer to next testcase */ +}; + +cipher_type_t aes_cbc = { + (cipher_alloc_func_t) aes_cbc_alloc, + (cipher_dealloc_func_t) aes_cbc_dealloc, + (cipher_init_func_t) aes_cbc_context_init, + (cipher_encrypt_func_t) aes_cbc_nist_encrypt, + (cipher_decrypt_func_t) aes_cbc_nist_decrypt, + (cipher_set_iv_func_t) aes_cbc_set_iv, + (char *) aes_cbc_description, + (int) 0, /* instance count */ + (cipher_test_case_t *) &aes_cbc_test_case_0, + (debug_module_t *) &mod_aes_cbc +}; + + diff --git a/third_party/srtp/crypto/cipher/aes_icm.c b/third_party/srtp/crypto/cipher/aes_icm.c new file mode 100644 index 0000000..b466ca9 --- /dev/null +++ b/third_party/srtp/crypto/cipher/aes_icm.c @@ -0,0 +1,511 @@ +/* + * aes_icm.c + * + * AES Integer Counter Mode + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#define ALIGN_32 0 + +#include "aes_icm.h" +#include "alloc.h" + + +debug_module_t mod_aes_icm = { + 0, /* debugging is off by default */ + "aes icm" /* printable module name */ +}; + +/* + * integer counter mode works as follows: + * + * 16 bits + * <-----> + * +------+------+------+------+------+------+------+------+ + * | nonce | pakcet index | ctr |---+ + * +------+------+------+------+------+------+------+------+ | + * | + * +------+------+------+------+------+------+------+------+ v + * | salt |000000|->(+) + * +------+------+------+------+------+------+------+------+ | + * | + * +---------+ + * | encrypt | + * +---------+ + * | + * +------+------+------+------+------+------+------+------+ | + * | keystream block |<--+ + * +------+------+------+------+------+------+------+------+ + * + * All fields are big-endian + * + * ctr is the block counter, which increments from zero for + * each packet (16 bits wide) + * + * packet index is distinct for each packet (48 bits wide) + * + * nonce can be distinct across many uses of the same key, or + * can be a fixed value per key, or can be per-packet randomness + * (64 bits) + * + */ + +err_status_t +aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int forIsmacryp) { + extern cipher_type_t aes_icm; + uint8_t *pointer; + int tmp; + + debug_print(mod_aes_icm, + "allocating cipher with key length %d", key_len); + + /* + * Ismacryp, for example, uses 16 byte key + 8 byte + * salt so this function is called with key_len = 24. + * The check for key_len = 30 does not apply. Our usage + * of aes functions with key_len = values other than 30 + * has not broken anything. Don't know what would be the + * effect of skipping this check for srtp in general. + */ + if (!forIsmacryp && key_len != 30) + return err_status_bad_param; + + /* allocate memory a cipher of type aes_icm */ + tmp = (sizeof(aes_icm_ctx_t) + sizeof(cipher_t)); + pointer = (uint8_t*)crypto_alloc(tmp); + if (pointer == NULL) + return err_status_alloc_fail; + + /* set pointers */ + *c = (cipher_t *)pointer; + (*c)->type = &aes_icm; + (*c)->state = pointer + sizeof(cipher_t); + + /* increment ref_count */ + aes_icm.ref_count++; + + /* set key size */ + (*c)->key_len = key_len; + + return err_status_ok; +} + +err_status_t aes_icm_alloc(cipher_t **c, int key_len, int forIsmacryp) { + return aes_icm_alloc_ismacryp(c, key_len, 0); +} + +err_status_t +aes_icm_dealloc(cipher_t *c) { + extern cipher_type_t aes_icm; + + /* zeroize entire state*/ + octet_string_set_to_zero((uint8_t *)c, + sizeof(aes_icm_ctx_t) + sizeof(cipher_t)); + + /* free memory */ + crypto_free(c); + + /* decrement ref_count */ + aes_icm.ref_count--; + + return err_status_ok; +} + + +/* + * aes_icm_context_init(...) initializes the aes_icm_context + * using the value in key[]. + * + * the key is the secret key + * + * the salt is unpredictable (but not necessarily secret) data which + * randomizes the starting point in the keystream + */ + +err_status_t +aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key) { + v128_t tmp_key; + + /* set counter and initial values to 'offset' value */ + /* FIX!!! this assumes the salt is at key + 16, and thus that the */ + /* FIX!!! cipher key length is 16! Also note this copies past the + end of the 'key' array by 2 bytes! */ + v128_copy_octet_string(&c->counter, key + 16); + v128_copy_octet_string(&c->offset, key + 16); + + /* force last two octets of the offset to zero (for srtp compatibility) */ + c->offset.v8[14] = c->offset.v8[15] = 0; + c->counter.v8[14] = c->counter.v8[15] = 0; + + /* set tmp_key (for alignment) */ + v128_copy_octet_string(&tmp_key, key); + + debug_print(mod_aes_icm, + "key: %s", v128_hex_string(&tmp_key)); + debug_print(mod_aes_icm, + "offset: %s", v128_hex_string(&c->offset)); + + /* expand key */ + aes_expand_encryption_key(&tmp_key, c->expanded_key); + + /* indicate that the keystream_buffer is empty */ + c->bytes_in_buffer = 0; + + return err_status_ok; +} + +/* + * aes_icm_set_octet(c, i) sets the counter of the context which it is + * passed so that the next octet of keystream that will be generated + * is the ith octet + */ + +err_status_t +aes_icm_set_octet(aes_icm_ctx_t *c, + uint64_t octet_num) { + +#ifdef NO_64BIT_MATH + int tail_num = low32(octet_num) & 0x0f; + /* 64-bit right-shift 4 */ + uint64_t block_num = make64(high32(octet_num) >> 4, + ((high32(octet_num) & 0x0f)<<(32-4)) | + (low32(octet_num) >> 4)); +#else + int tail_num = octet_num % 16; + uint64_t block_num = octet_num / 16; +#endif + + + /* set counter value */ + /* FIX - There's no way this is correct */ + c->counter.v64[0] = c->offset.v64[0]; +#ifdef NO_64BIT_MATH + c->counter.v64[0] = make64(high32(c->offset.v64[0]) ^ high32(block_num), + low32(c->offset.v64[0]) ^ low32(block_num)); +#else + c->counter.v64[0] = c->offset.v64[0] ^ block_num; +#endif + + debug_print(mod_aes_icm, + "set_octet: %s", v128_hex_string(&c->counter)); + + /* fill keystream buffer, if needed */ + if (tail_num) { + v128_copy(&c->keystream_buffer, &c->counter); + aes_encrypt(&c->keystream_buffer, c->expanded_key); + c->bytes_in_buffer = sizeof(v128_t); + + debug_print(mod_aes_icm, "counter: %s", + v128_hex_string(&c->counter)); + debug_print(mod_aes_icm, "ciphertext: %s", + v128_hex_string(&c->keystream_buffer)); + + /* indicate number of bytes in keystream_buffer */ + c->bytes_in_buffer = sizeof(v128_t) - tail_num; + + } else { + + /* indicate that keystream_buffer is empty */ + c->bytes_in_buffer = 0; + } + + return err_status_ok; +} + +/* + * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with + * the offset + */ + +err_status_t +aes_icm_set_iv(aes_icm_ctx_t *c, void *iv) { + v128_t *nonce = (v128_t *) iv; + + debug_print(mod_aes_icm, + "setting iv: %s", v128_hex_string(nonce)); + + v128_xor(&c->counter, &c->offset, nonce); + + debug_print(mod_aes_icm, + "set_counter: %s", v128_hex_string(&c->counter)); + + /* indicate that the keystream_buffer is empty */ + c->bytes_in_buffer = 0; + + return err_status_ok; +} + + + +/* + * aes_icm_advance(...) refills the keystream_buffer and + * advances the block index of the sicm_context forward by one + * + * this is an internal, hopefully inlined function + */ + +inline void +aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) { + /* fill buffer with new keystream */ + v128_copy(&c->keystream_buffer, &c->counter); + aes_encrypt(&c->keystream_buffer, c->expanded_key); + c->bytes_in_buffer = sizeof(v128_t); + + debug_print(mod_aes_icm, "counter: %s", + v128_hex_string(&c->counter)); + debug_print(mod_aes_icm, "ciphertext: %s", + v128_hex_string(&c->keystream_buffer)); + + /* clock counter forward */ + + if (forIsmacryp) { + uint32_t temp; + //alex's clock counter forward + temp = ntohl(c->counter.v32[3]); + c->counter.v32[3] = htonl(++temp); + } else { + if (!++(c->counter.v8[15])) + ++(c->counter.v8[14]); + } +} + +inline void aes_icm_advance(aes_icm_ctx_t *c) { + aes_icm_advance_ismacryp(c, 0); +} + + +/*e + * icm_encrypt deals with the following cases: + * + * bytes_to_encr < bytes_in_buffer + * - add keystream into data + * + * bytes_to_encr > bytes_in_buffer + * - add keystream into data until keystream_buffer is depleted + * - loop over blocks, filling keystream_buffer and then + * adding keystream into data + * - fill buffer then add in remaining (< 16) bytes of keystream + */ + +err_status_t +aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c, + unsigned char *buf, unsigned int *enc_len, + int forIsmacryp) { + unsigned int bytes_to_encr = *enc_len; + unsigned int i; + uint32_t *b; + + /* check that there's enough segment left but not for ismacryp*/ + if (!forIsmacryp && (bytes_to_encr + htons(c->counter.v16[7])) > 0xffff) + return err_status_terminus; + + debug_print(mod_aes_icm, "block index: %d", + htons(c->counter.v16[7])); + if (bytes_to_encr <= (unsigned int)c->bytes_in_buffer) { + + /* deal with odd case of small bytes_to_encr */ + for (i = (sizeof(v128_t) - c->bytes_in_buffer); + i < (sizeof(v128_t) - c->bytes_in_buffer + bytes_to_encr); i++) + { + *buf++ ^= c->keystream_buffer.v8[i]; + } + + c->bytes_in_buffer -= bytes_to_encr; + + /* return now to avoid the main loop */ + return err_status_ok; + + } else { + + /* encrypt bytes until the remaining data is 16-byte aligned */ + for (i=(sizeof(v128_t) - c->bytes_in_buffer); i < sizeof(v128_t); i++) + *buf++ ^= c->keystream_buffer.v8[i]; + + bytes_to_encr -= c->bytes_in_buffer; + c->bytes_in_buffer = 0; + + } + + /* now loop over entire 16-byte blocks of keystream */ + for (i=0; i < (bytes_to_encr/sizeof(v128_t)); i++) { + + /* fill buffer with new keystream */ + aes_icm_advance_ismacryp(c, forIsmacryp); + + /* + * add keystream into the data buffer (this would be a lot faster + * if we could assume 32-bit alignment!) + */ + +#if ALIGN_32 + b = (uint32_t *)buf; + *b++ ^= c->keystream_buffer.v32[0]; + *b++ ^= c->keystream_buffer.v32[1]; + *b++ ^= c->keystream_buffer.v32[2]; + *b++ ^= c->keystream_buffer.v32[3]; + buf = (uint8_t *)b; +#else + if ((((unsigned long) buf) & 0x03) != 0) { + *buf++ ^= c->keystream_buffer.v8[0]; + *buf++ ^= c->keystream_buffer.v8[1]; + *buf++ ^= c->keystream_buffer.v8[2]; + *buf++ ^= c->keystream_buffer.v8[3]; + *buf++ ^= c->keystream_buffer.v8[4]; + *buf++ ^= c->keystream_buffer.v8[5]; + *buf++ ^= c->keystream_buffer.v8[6]; + *buf++ ^= c->keystream_buffer.v8[7]; + *buf++ ^= c->keystream_buffer.v8[8]; + *buf++ ^= c->keystream_buffer.v8[9]; + *buf++ ^= c->keystream_buffer.v8[10]; + *buf++ ^= c->keystream_buffer.v8[11]; + *buf++ ^= c->keystream_buffer.v8[12]; + *buf++ ^= c->keystream_buffer.v8[13]; + *buf++ ^= c->keystream_buffer.v8[14]; + *buf++ ^= c->keystream_buffer.v8[15]; + } else { + b = (uint32_t *)buf; + *b++ ^= c->keystream_buffer.v32[0]; + *b++ ^= c->keystream_buffer.v32[1]; + *b++ ^= c->keystream_buffer.v32[2]; + *b++ ^= c->keystream_buffer.v32[3]; + buf = (uint8_t *)b; + } +#endif /* #if ALIGN_32 */ + + } + + /* if there is a tail end of the data, process it */ + if ((bytes_to_encr & 0xf) != 0) { + + /* fill buffer with new keystream */ + aes_icm_advance_ismacryp(c, forIsmacryp); + + for (i=0; i < (bytes_to_encr & 0xf); i++) + *buf++ ^= c->keystream_buffer.v8[i]; + + /* reset the keystream buffer size to right value */ + c->bytes_in_buffer = sizeof(v128_t) - i; + } else { + + /* no tail, so just reset the keystream buffer size to zero */ + c->bytes_in_buffer = 0; + + } + + return err_status_ok; +} + +err_status_t +aes_icm_encrypt(aes_icm_ctx_t *c, unsigned char *buf, unsigned int *enc_len) { + return aes_icm_encrypt_ismacryp(c, buf, enc_len, 0); +} + +err_status_t +aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output) { + unsigned int len = num_octets_to_output; + + /* zeroize the buffer */ + octet_string_set_to_zero(buffer, num_octets_to_output); + + /* exor keystream into buffer */ + return aes_icm_encrypt(c, buffer, &len); +} + + +char +aes_icm_description[] = "aes integer counter mode"; + +uint8_t aes_icm_test_case_0_key[30] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd +}; + +uint8_t aes_icm_test_case_0_nonce[16] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +}; + +uint8_t aes_icm_test_case_0_plaintext[32] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +}; + +uint8_t aes_icm_test_case_0_ciphertext[32] = { + 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, + 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, + 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, + 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab +}; + +cipher_test_case_t aes_icm_test_case_0 = { + 30, /* octets in key */ + aes_icm_test_case_0_key, /* key */ + aes_icm_test_case_0_nonce, /* packet index */ + 32, /* octets in plaintext */ + aes_icm_test_case_0_plaintext, /* plaintext */ + 32, /* octets in ciphertext */ + aes_icm_test_case_0_ciphertext, /* ciphertext */ + NULL /* pointer to next testcase */ +}; + + +/* + * note: the encrypt function is identical to the decrypt function + */ + +cipher_type_t aes_icm = { + (cipher_alloc_func_t) aes_icm_alloc, + (cipher_dealloc_func_t) aes_icm_dealloc, + (cipher_init_func_t) aes_icm_context_init, + (cipher_encrypt_func_t) aes_icm_encrypt, + (cipher_decrypt_func_t) aes_icm_encrypt, + (cipher_set_iv_func_t) aes_icm_set_iv, + (char *) aes_icm_description, + (int) 0, /* instance count */ + (cipher_test_case_t *) &aes_icm_test_case_0, + (debug_module_t *) &mod_aes_icm +}; + diff --git a/third_party/srtp/crypto/cipher/cipher.c b/third_party/srtp/crypto/cipher/cipher.c new file mode 100644 index 0000000..489a52d --- /dev/null +++ b/third_party/srtp/crypto/cipher/cipher.c @@ -0,0 +1,409 @@ +/* + * cipher.c + * + * cipher meta-functions + * + * David A. McGrew + * Cisco Systems, Inc. + * + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "cipher.h" +#include "rand_source.h" /* used in invertibiltiy tests */ +#include "alloc.h" /* for crypto_alloc(), crypto_free() */ + +debug_module_t mod_cipher = { + 0, /* debugging is off by default */ + "cipher" /* printable module name */ +}; + +err_status_t +cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output) { + + /* zeroize the buffer */ + octet_string_set_to_zero(buffer, num_octets_to_output); + + /* exor keystream into buffer */ + return cipher_encrypt(c, buffer, (unsigned int *) &num_octets_to_output); +} + +/* some bookkeeping functions */ + +int +cipher_get_key_length(const cipher_t *c) { + return c->key_len; +} + +/* + * cipher_type_self_test(ct) tests a cipher of type ct against test cases + * provided in an array of values of key, salt, xtd_seq_num_t, + * plaintext, and ciphertext that is known to be good + */ + +#define SELF_TEST_BUF_OCTETS 128 +#define NUM_RAND_TESTS 128 +#define MAX_KEY_LEN 64 + +err_status_t +cipher_type_self_test(const cipher_type_t *ct) { + const cipher_test_case_t *test_case = ct->test_data; + cipher_t *c; + err_status_t status; + uint8_t buffer[SELF_TEST_BUF_OCTETS]; + uint8_t buffer2[SELF_TEST_BUF_OCTETS]; + unsigned int len; + int i, j, case_num = 0; + + debug_print(mod_cipher, "running self-test for cipher %s", + ct->description); + + /* + * check to make sure that we have at least one test case, and + * return an error if we don't - we need to be paranoid here + */ + if (test_case == NULL) + return err_status_cant_check; + + /* + * loop over all test cases, perform known-answer tests of both the + * encryption and decryption functions + */ + while (test_case != NULL) { + + /* allocate cipher */ + status = cipher_type_alloc(ct, &c, test_case->key_length_octets); + if (status) + return status; + + /* + * test the encrypt function + */ + debug_print(mod_cipher, "testing encryption", NULL); + + /* initialize cipher */ + status = cipher_init(c, test_case->key, direction_encrypt); + if (status) { + cipher_dealloc(c); + return status; + } + + /* copy plaintext into test buffer */ + if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) { + cipher_dealloc(c); + return err_status_bad_param; + } + for (i=0; i < test_case->plaintext_length_octets; i++) + buffer[i] = test_case->plaintext[i]; + + debug_print(mod_cipher, "plaintext: %s", + octet_string_hex_string(buffer, + test_case->plaintext_length_octets)); + + /* set the initialization vector */ + status = cipher_set_iv(c, test_case->idx); + if (status) { + cipher_dealloc(c); + return status; + } + + /* encrypt */ + len = test_case->plaintext_length_octets; + status = cipher_encrypt(c, buffer, &len); + if (status) { + cipher_dealloc(c); + return status; + } + + debug_print(mod_cipher, "ciphertext: %s", + octet_string_hex_string(buffer, + test_case->ciphertext_length_octets)); + + /* compare the resulting ciphertext with that in the test case */ + if (len != test_case->ciphertext_length_octets) + return err_status_algo_fail; + status = err_status_ok; + for (i=0; i < test_case->ciphertext_length_octets; i++) + if (buffer[i] != test_case->ciphertext[i]) { + status = err_status_algo_fail; + debug_print(mod_cipher, "test case %d failed", case_num); + debug_print(mod_cipher, "(failure at byte %d)", i); + break; + } + if (status) { + + debug_print(mod_cipher, "c computed: %s", + octet_string_hex_string(buffer, + 2*test_case->plaintext_length_octets)); + debug_print(mod_cipher, "c expected: %s", + octet_string_hex_string(test_case->ciphertext, + 2*test_case->plaintext_length_octets)); + + cipher_dealloc(c); + return err_status_algo_fail; + } + + /* + * test the decrypt function + */ + debug_print(mod_cipher, "testing decryption", NULL); + + /* re-initialize cipher for decryption */ + status = cipher_init(c, test_case->key, direction_decrypt); + if (status) { + cipher_dealloc(c); + return status; + } + + /* copy ciphertext into test buffer */ + if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) { + cipher_dealloc(c); + return err_status_bad_param; + } + for (i=0; i < test_case->ciphertext_length_octets; i++) + buffer[i] = test_case->ciphertext[i]; + + debug_print(mod_cipher, "ciphertext: %s", + octet_string_hex_string(buffer, + test_case->plaintext_length_octets)); + + /* set the initialization vector */ + status = cipher_set_iv(c, test_case->idx); + if (status) { + cipher_dealloc(c); + return status; + } + + /* decrypt */ + len = test_case->ciphertext_length_octets; + status = cipher_decrypt(c, buffer, &len); + if (status) { + cipher_dealloc(c); + return status; + } + + debug_print(mod_cipher, "plaintext: %s", + octet_string_hex_string(buffer, + test_case->plaintext_length_octets)); + + /* compare the resulting plaintext with that in the test case */ + if (len != test_case->plaintext_length_octets) + return err_status_algo_fail; + status = err_status_ok; + for (i=0; i < test_case->plaintext_length_octets; i++) + if (buffer[i] != test_case->plaintext[i]) { + status = err_status_algo_fail; + debug_print(mod_cipher, "test case %d failed", case_num); + debug_print(mod_cipher, "(failure at byte %d)", i); + } + if (status) { + + debug_print(mod_cipher, "p computed: %s", + octet_string_hex_string(buffer, + 2*test_case->plaintext_length_octets)); + debug_print(mod_cipher, "p expected: %s", + octet_string_hex_string(test_case->plaintext, + 2*test_case->plaintext_length_octets)); + + cipher_dealloc(c); + return err_status_algo_fail; + } + + /* deallocate the cipher */ + status = cipher_dealloc(c); + if (status) + return status; + + /* + * the cipher passed the test case, so move on to the next test + * case in the list; if NULL, we'l proceed to the next test + */ + test_case = test_case->next_test_case; + ++case_num; + } + + /* now run some random invertibility tests */ + + /* allocate cipher, using paramaters from the first test case */ + test_case = ct->test_data; + status = cipher_type_alloc(ct, &c, test_case->key_length_octets); + if (status) + return status; + + rand_source_init(); + + for (j=0; j < NUM_RAND_TESTS; j++) { + unsigned length; + unsigned plaintext_len; + uint8_t key[MAX_KEY_LEN]; + uint8_t iv[MAX_KEY_LEN]; + + /* choose a length at random (leaving room for IV and padding) */ + length = rand() % (SELF_TEST_BUF_OCTETS - 64); + debug_print(mod_cipher, "random plaintext length %d\n", length); + status = rand_source_get_octet_string(buffer, length); + if (status) return status; + + debug_print(mod_cipher, "plaintext: %s", + octet_string_hex_string(buffer, length)); + + /* copy plaintext into second buffer */ + for (i=0; (unsigned int)i < length; i++) + buffer2[i] = buffer[i]; + + /* choose a key at random */ + if (test_case->key_length_octets > MAX_KEY_LEN) + return err_status_cant_check; + status = rand_source_get_octet_string(key, test_case->key_length_octets); + if (status) return status; + + /* chose a random initialization vector */ + status = rand_source_get_octet_string(iv, MAX_KEY_LEN); + if (status) return status; + + /* initialize cipher */ + status = cipher_init(c, key, direction_encrypt); + if (status) { + cipher_dealloc(c); + return status; + } + + /* set initialization vector */ + status = cipher_set_iv(c, test_case->idx); + if (status) { + cipher_dealloc(c); + return status; + } + + /* encrypt buffer with cipher */ + plaintext_len = length; + status = cipher_encrypt(c, buffer, &length); + if (status) { + cipher_dealloc(c); + return status; + } + debug_print(mod_cipher, "ciphertext: %s", + octet_string_hex_string(buffer, length)); + + /* + * re-initialize cipher for decryption, re-set the iv, then + * decrypt the ciphertext + */ + status = cipher_init(c, key, direction_decrypt); + if (status) { + cipher_dealloc(c); + return status; + } + status = cipher_set_iv(c, test_case->idx); + if (status) { + cipher_dealloc(c); + return status; + } + status = cipher_decrypt(c, buffer, &length); + if (status) { + cipher_dealloc(c); + return status; + } + + debug_print(mod_cipher, "plaintext[2]: %s", + octet_string_hex_string(buffer, length)); + + /* compare the resulting plaintext with the original one */ + if (length != plaintext_len) + return err_status_algo_fail; + status = err_status_ok; + for (i=0; i < plaintext_len; i++) + if (buffer[i] != buffer2[i]) { + status = err_status_algo_fail; + debug_print(mod_cipher, "random test case %d failed", case_num); + debug_print(mod_cipher, "(failure at byte %d)", i); + } + if (status) { + cipher_dealloc(c); + return err_status_algo_fail; + } + + } +
+ cipher_dealloc(c);
+ + return err_status_ok; +} + + +/* + * cipher_bits_per_second(c, l, t) computes (an estimate of) the + * number of bits that a cipher implementation can encrypt in a second + * + * c is a cipher (which MUST be allocated and initialized already), l + * is the length in octets of the test data to be encrypted, and t is + * the number of trials + * + * if an error is encountered, the value 0 is returned + */ + +uint64_t +cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials) { + int i; + v128_t nonce; + clock_t timer; + unsigned char *enc_buf; + unsigned int len = octets_in_buffer; + + enc_buf = (unsigned char*) crypto_alloc(octets_in_buffer); + if (enc_buf == NULL) + return 0; /* indicate bad parameters by returning null */ + + /* time repeated trials */ + v128_set_to_zero(&nonce); + timer = clock(); + for(i=0; i < num_trials; i++, nonce.v32[3] = i) { + cipher_set_iv(c, &nonce); + cipher_encrypt(c, enc_buf, &len); + } + timer = clock() - timer; + + crypto_free(enc_buf); + + if (timer == 0) { + /* Too fast! */ + return 0; + } + + return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer; +} diff --git a/third_party/srtp/crypto/cipher/null_cipher.c b/third_party/srtp/crypto/cipher/null_cipher.c new file mode 100644 index 0000000..721f50c --- /dev/null +++ b/third_party/srtp/crypto/cipher/null_cipher.c @@ -0,0 +1,152 @@ +/* + * null_cipher.c + * + * A null cipher implementation. This cipher leaves the plaintext + * unchanged. + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "datatypes.h" +#include "null_cipher.h" +#include "alloc.h" + +/* the null_cipher uses the cipher debug module */ + +extern debug_module_t mod_cipher; + +err_status_t +null_cipher_alloc(cipher_t **c, int key_len) { + extern cipher_type_t null_cipher; + uint8_t *pointer; + + debug_print(mod_cipher, + "allocating cipher with key length %d", key_len); + + /* allocate memory a cipher of type null_cipher */ + pointer = (uint8_t*)crypto_alloc(sizeof(null_cipher_ctx_t) + sizeof(cipher_t)); + if (pointer == NULL) + return err_status_alloc_fail; + + /* set pointers */ + *c = (cipher_t *)pointer; + (*c)->type = &null_cipher; + (*c)->state = pointer + sizeof(cipher_t); + + /* set key size */ + (*c)->key_len = key_len; + + /* increment ref_count */ + null_cipher.ref_count++; + + return err_status_ok; + +} + +err_status_t +null_cipher_dealloc(cipher_t *c) { + extern cipher_type_t null_cipher; + + /* zeroize entire state*/ + octet_string_set_to_zero((uint8_t *)c, + sizeof(null_cipher_ctx_t) + sizeof(cipher_t)); + + /* free memory of type null_cipher */ + crypto_free(c); + + /* decrement reference count */ + null_cipher.ref_count--; + + return err_status_ok; + +} + +err_status_t +null_cipher_init(null_cipher_ctx_t *ctx, const uint8_t *key) { + + debug_print(mod_cipher, "initializing null cipher", NULL); + + return err_status_ok; +} + +err_status_t +null_cipher_set_iv(null_cipher_ctx_t *c, void *iv) { + return err_status_ok; +} + +err_status_t +null_cipher_encrypt(null_cipher_ctx_t *c, + unsigned char *buf, unsigned int *bytes_to_encr) { + return err_status_ok; +} + +char +null_cipher_description[] = "null cipher"; + +cipher_test_case_t +null_cipher_test_0 = { + 0, /* octets in key */ + NULL, /* key */ + 0, /* packet index */ + 0, /* octets in plaintext */ + NULL, /* plaintext */ + 0, /* octets in plaintext */ + NULL, /* ciphertext */ + NULL /* pointer to next testcase */ +}; + + +/* + * note: the decrypt function is idential to the encrypt function + */ + +cipher_type_t null_cipher = { + (cipher_alloc_func_t) null_cipher_alloc, + (cipher_dealloc_func_t) null_cipher_dealloc, + (cipher_init_func_t) null_cipher_init, + (cipher_encrypt_func_t) null_cipher_encrypt, + (cipher_decrypt_func_t) null_cipher_encrypt, + (cipher_set_iv_func_t) null_cipher_set_iv, + (char *) null_cipher_description, + (int) 0, + (cipher_test_case_t *) &null_cipher_test_0, + (debug_module_t *) NULL +}; + diff --git a/third_party/srtp/crypto/hash/auth.c b/third_party/srtp/crypto/hash/auth.c new file mode 100644 index 0000000..8eb722d --- /dev/null +++ b/third_party/srtp/crypto/hash/auth.c @@ -0,0 +1,173 @@ +/* + * auth.c + * + * some bookkeeping functions for authentication functions + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "auth.h" + +/* the debug module for authentiation */ + +debug_module_t mod_auth = { + 0, /* debugging is off by default */ + "auth func" /* printable name for module */ +}; + + +int +auth_get_key_length(const auth_t *a) { + return a->key_len; +} + +int +auth_get_tag_length(const auth_t *a) { + return a->out_len; +} + +int +auth_get_prefix_length(const auth_t *a) { + return a->prefix_len; +} + +int +auth_type_get_ref_count(const auth_type_t *at) { + return at->ref_count; +} + +/* + * auth_type_self_test() tests an auth function of type ct against + * test cases provided in an array of values of key, data, and tag + * that is known to be good + */ + +/* should be big enough for most occasions */ +#define SELF_TEST_TAG_BUF_OCTETS 32 + +err_status_t +auth_type_self_test(const auth_type_t *at) { + auth_test_case_t *test_case = at->test_data; + auth_t *a; + err_status_t status; + uint8_t tag[SELF_TEST_TAG_BUF_OCTETS]; + int i, case_num = 0; + + debug_print(mod_auth, "running self-test for auth function %s", + at->description); + + /* + * check to make sure that we have at least one test case, and + * return an error if we don't - we need to be paranoid here + */ + if (test_case == NULL) + return err_status_cant_check; + + /* loop over all test cases */ + while (test_case != NULL) { + + /* check test case parameters */ + if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS) + return err_status_bad_param; + + /* allocate auth */ + status = auth_type_alloc(at, &a, test_case->key_length_octets, + test_case->tag_length_octets); + if (status) + return status; + + /* initialize auth */ + status = auth_init(a, test_case->key); + if (status) { + auth_dealloc(a); + return status; + } + + /* zeroize tag then compute */ + octet_string_set_to_zero(tag, test_case->tag_length_octets); + status = auth_compute(a, test_case->data, + test_case->data_length_octets, tag); + if (status) { + auth_dealloc(a); + return status; + } + + debug_print(mod_auth, "key: %s", + octet_string_hex_string(test_case->key, + test_case->key_length_octets)); + debug_print(mod_auth, "data: %s", + octet_string_hex_string(test_case->data, + test_case->data_length_octets)); + debug_print(mod_auth, "tag computed: %s", + octet_string_hex_string(tag, test_case->tag_length_octets)); + debug_print(mod_auth, "tag expected: %s", + octet_string_hex_string(test_case->tag, + test_case->tag_length_octets)); + + /* check the result */ + status = err_status_ok; + for (i=0; i < test_case->tag_length_octets; i++) + if (tag[i] != test_case->tag[i]) { + status = err_status_algo_fail; + debug_print(mod_auth, "test case %d failed", case_num); + debug_print(mod_auth, " (mismatch at octet %d)", i); + } + if (status) { + auth_dealloc(a); + return err_status_algo_fail; + } + + /* deallocate the auth function */ + status = auth_dealloc(a); + if (status) + return status; + + /* + * the auth function passed the test case, so move on to the next test + * case in the list; if NULL, we'll quit and return an OK + */ + test_case = test_case->next_test_case; + ++case_num; + } + + return err_status_ok; +} + + diff --git a/third_party/srtp/crypto/hash/hmac.c b/third_party/srtp/crypto/hash/hmac.c new file mode 100644 index 0000000..4336cf0 --- /dev/null +++ b/third_party/srtp/crypto/hash/hmac.c @@ -0,0 +1,267 @@ +/* + * hmac.c + * + * implementation of hmac auth_type_t + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "hmac.h" +#include "alloc.h" + +/* the debug module for authentiation */ + +debug_module_t mod_hmac = { + 0, /* debugging is off by default */ + "hmac sha-1" /* printable name for module */ +}; + + +err_status_t +hmac_alloc(auth_t **a, int key_len, int out_len) { + extern auth_type_t hmac; + uint8_t *pointer; + + debug_print(mod_hmac, "allocating auth func with key length %d", key_len); + debug_print(mod_hmac, " tag length %d", out_len); + + /* + * check key length - note that we don't support keys larger + * than 20 bytes yet + */ + if (key_len > 20) + return err_status_bad_param; + + /* check output length - should be less than 20 bytes */ + if (out_len > 20) + return err_status_bad_param; + + /* allocate memory for auth and hmac_ctx_t structures */ + pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t)); + if (pointer == NULL) + return err_status_alloc_fail; + + /* set pointers */ + *a = (auth_t *)pointer; + (*a)->type = &hmac; + (*a)->state = pointer + sizeof(auth_t); + (*a)->out_len = out_len; + (*a)->key_len = key_len; + (*a)->prefix_len = 0; + + /* increment global count of all hmac uses */ + hmac.ref_count++; + + return err_status_ok; +} + +err_status_t +hmac_dealloc(auth_t *a) { + extern auth_type_t hmac; + + /* zeroize entire state*/ + octet_string_set_to_zero((uint8_t *)a, + sizeof(hmac_ctx_t) + sizeof(auth_t)); + + /* free memory */ + crypto_free(a); + + /* decrement global count of all hmac uses */ + hmac.ref_count--; + + return err_status_ok; +} + +err_status_t +hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len) { + int i; + uint8_t ipad[64]; + + /* + * check key length - note that we don't support keys larger + * than 20 bytes yet + */ + if (key_len > 20) + return err_status_bad_param; + + /* + * set values of ipad and opad by exoring the key into the + * appropriate constant values + */ + for (i=0; i < key_len; i++) { + ipad[i] = key[i] ^ 0x36; + state->opad[i] = key[i] ^ 0x5c; + } + /* set the rest of ipad, opad to constant values */ + for ( ; i < 64; i++) { + ipad[i] = 0x36; + ((uint8_t *)state->opad)[i] = 0x5c; + } + + debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64)); + + /* initialize sha1 context */ + sha1_init(&state->init_ctx); + + /* hash ipad ^ key */ + sha1_update(&state->init_ctx, ipad, 64); + memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t)); + + return err_status_ok; +} + +err_status_t +hmac_start(hmac_ctx_t *state) { + + memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t)); + + return err_status_ok; +} + +err_status_t +hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets) { + + debug_print(mod_hmac, "input: %s", + octet_string_hex_string(message, msg_octets)); + + /* hash message into sha1 context */ + sha1_update(&state->ctx, message, msg_octets); + + return err_status_ok; +} + +err_status_t +hmac_compute(hmac_ctx_t *state, const void *message, + int msg_octets, int tag_len, uint8_t *result) { + uint32_t hash_value[5]; + uint32_t H[5]; + int i; + + /* check tag length, return error if we can't provide the value expected */ + if (tag_len > 20) + return err_status_bad_param; + + /* hash message, copy output into H */ + hmac_update(state, (const uint8_t*)message, msg_octets); + sha1_final(&state->ctx, H); + + /* + * note that we don't need to debug_print() the input, since the + * function hmac_update() already did that for us + */ + debug_print(mod_hmac, "intermediate state: %s", + octet_string_hex_string((uint8_t *)H, 20)); + + /* re-initialize hash context */ + sha1_init(&state->ctx); + + /* hash opad ^ key */ + sha1_update(&state->ctx, (uint8_t *)state->opad, 64); + + /* hash the result of the inner hash */ + sha1_update(&state->ctx, (uint8_t *)H, 20); + + /* the result is returned in the array hash_value[] */ + sha1_final(&state->ctx, hash_value); + + /* copy hash_value to *result */ + for (i=0; i < tag_len; i++) + result[i] = ((uint8_t *)hash_value)[i]; + + debug_print(mod_hmac, "output: %s", + octet_string_hex_string((uint8_t *)hash_value, tag_len)); + + return err_status_ok; +} + + +/* begin test case 0 */ + +uint8_t +hmac_test_case_0_key[20] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b +}; + +uint8_t +hmac_test_case_0_data[8] = { + 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */ +}; + +uint8_t +hmac_test_case_0_tag[20] = { + 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, + 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, + 0xf1, 0x46, 0xbe, 0x00 +}; + +auth_test_case_t +hmac_test_case_0 = { + 20, /* octets in key */ + hmac_test_case_0_key, /* key */ + 8, /* octets in data */ + hmac_test_case_0_data, /* data */ + 20, /* octets in tag */ + hmac_test_case_0_tag, /* tag */ + NULL /* pointer to next testcase */ +}; + +/* end test case 0 */ + +char hmac_description[] = "hmac sha-1 authentication function"; + +/* + * auth_type_t hmac is the hmac metaobject + */ + +auth_type_t +hmac = { + (auth_alloc_func) hmac_alloc, + (auth_dealloc_func) hmac_dealloc, + (auth_init_func) hmac_init, + (auth_compute_func) hmac_compute, + (auth_update_func) hmac_update, + (auth_start_func) hmac_start, + (char *) hmac_description, + (int) 0, /* instance count */ + (auth_test_case_t *) &hmac_test_case_0, + (debug_module_t *) &mod_hmac +}; + diff --git a/third_party/srtp/crypto/hash/null_auth.c b/third_party/srtp/crypto/hash/null_auth.c new file mode 100644 index 0000000..301348b --- /dev/null +++ b/third_party/srtp/crypto/hash/null_auth.c @@ -0,0 +1,160 @@ +/* + * null_auth.c + * + * implements the do-nothing auth algorithm + * + * David A. McGrew + * Cisco Systems, Inc. + * + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "null_auth.h" +#include "alloc.h" + +/* null_auth uses the auth debug module */ + +extern debug_module_t mod_auth; + +err_status_t +null_auth_alloc(auth_t **a, int key_len, int out_len) { + extern auth_type_t null_auth; + uint8_t *pointer; + + debug_print(mod_auth, "allocating auth func with key length %d", key_len); + debug_print(mod_auth, " tag length %d", out_len); + + /* allocate memory for auth and null_auth_ctx_t structures */ + pointer = (uint8_t*)crypto_alloc(sizeof(null_auth_ctx_t) + sizeof(auth_t)); + if (pointer == NULL) + return err_status_alloc_fail; + + /* set pointers */ + *a = (auth_t *)pointer; + (*a)->type = &null_auth; + (*a)->state = pointer + sizeof (auth_t); + (*a)->out_len = out_len; + (*a)->prefix_len = out_len; + (*a)->key_len = key_len; + + /* increment global count of all null_auth uses */ + null_auth.ref_count++; + + return err_status_ok; +} + +err_status_t +null_auth_dealloc(auth_t *a) { + extern auth_type_t null_auth; + + /* zeroize entire state*/ + octet_string_set_to_zero((uint8_t *)a, + sizeof(null_auth_ctx_t) + sizeof(auth_t)); + + /* free memory */ + crypto_free(a); + + /* decrement global count of all null_auth uses */ + null_auth.ref_count--; + + return err_status_ok; +} + +err_status_t +null_auth_init(null_auth_ctx_t *state, const uint8_t *key, int key_len) { + + /* accept any length of key, and do nothing */ + + return err_status_ok; +} + +err_status_t +null_auth_compute(null_auth_ctx_t *state, uint8_t *message, + int msg_octets, int tag_len, uint8_t *result) { + + return err_status_ok; +} + +err_status_t +null_auth_update(null_auth_ctx_t *state, uint8_t *message, + int msg_octets) { + + return err_status_ok; +} + +err_status_t +null_auth_start(null_auth_ctx_t *state) { + return err_status_ok; +} + +/* + * auth_type_t - defines description, test case, and null_auth + * metaobject + */ + +/* begin test case 0 */ + +auth_test_case_t +null_auth_test_case_0 = { + 0, /* octets in key */ + NULL, /* key */ + 0, /* octets in data */ + NULL, /* data */ + 0, /* octets in tag */ + NULL, /* tag */ + NULL /* pointer to next testcase */ +}; + +/* end test case 0 */ + +char null_auth_description[] = "null authentication function"; + +auth_type_t +null_auth = { + (auth_alloc_func) null_auth_alloc, + (auth_dealloc_func) null_auth_dealloc, + (auth_init_func) null_auth_init, + (auth_compute_func) null_auth_compute, + (auth_update_func) null_auth_update, + (auth_start_func) null_auth_start, + (char *) null_auth_description, + (int) 0, /* instance count */ + (auth_test_case_t *) &null_auth_test_case_0 +}; + diff --git a/third_party/srtp/crypto/hash/sha1.c b/third_party/srtp/crypto/hash/sha1.c new file mode 100644 index 0000000..566672d --- /dev/null +++ b/third_party/srtp/crypto/hash/sha1.c @@ -0,0 +1,404 @@ +/* + * sha1.c + * + * an implementation of the Secure Hash Algorithm v.1 (SHA-1), + * specified in FIPS 180-1 + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "sha1.h" + +debug_module_t mod_sha1 = { + 0, /* debugging is off by default */ + "sha-1" /* printable module name */ +}; + +/* SN == Rotate left N bits */ +#define S1(X) ((X << 1) | (X >> 31)) +#define S5(X) ((X << 5) | (X >> 27)) +#define S30(X) ((X << 30) | (X >> 2)) + +#define f0(B,C,D) ((B & C) | (~B & D)) +#define f1(B,C,D) (B ^ C ^ D) +#define f2(B,C,D) ((B & C) | (B & D) | (C & D)) +#define f3(B,C,D) (B ^ C ^ D) + +/* + * nota bene: the variable K0 appears in the curses library, so we + * give longer names to these variables to avoid spurious warnings + * on systems that uses curses + */ + +uint32_t SHA_K0 = 0x5A827999; /* Kt for 0 <= t <= 19 */ +uint32_t SHA_K1 = 0x6ED9EBA1; /* Kt for 20 <= t <= 39 */ +uint32_t SHA_K2 = 0x8F1BBCDC; /* Kt for 40 <= t <= 59 */ +uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */ + +void +sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) { + sha1_ctx_t ctx; + + sha1_init(&ctx); + sha1_update(&ctx, msg, octets_in_msg); + sha1_final(&ctx, hash_value); + +} + +/* + * sha1_core(M, H) computes the core compression function, where M is + * the next part of the message (in network byte order) and H is the + * intermediate state { H0, H1, ...} (in host byte order) + * + * this function does not do any of the padding required in the + * complete SHA1 function + * + * this function is used in the SEAL 3.0 key setup routines + * (crypto/cipher/seal.c) + */ + +void +sha1_core(const uint32_t M[16], uint32_t hash_value[5]) { + uint32_t H0; + uint32_t H1; + uint32_t H2; + uint32_t H3; + uint32_t H4; + uint32_t W[80]; + uint32_t A, B, C, D, E, TEMP; + int t; + + /* copy hash_value into H0, H1, H2, H3, H4 */ + H0 = hash_value[0]; + H1 = hash_value[1]; + H2 = hash_value[2]; + H3 = hash_value[3]; + H4 = hash_value[4]; + + /* copy/xor message into array */ + + W[0] = be32_to_cpu(M[0]); + W[1] = be32_to_cpu(M[1]); + W[2] = be32_to_cpu(M[2]); + W[3] = be32_to_cpu(M[3]); + W[4] = be32_to_cpu(M[4]); + W[5] = be32_to_cpu(M[5]); + W[6] = be32_to_cpu(M[6]); + W[7] = be32_to_cpu(M[7]); + W[8] = be32_to_cpu(M[8]); + W[9] = be32_to_cpu(M[9]); + W[10] = be32_to_cpu(M[10]); + W[11] = be32_to_cpu(M[11]); + W[12] = be32_to_cpu(M[12]); + W[13] = be32_to_cpu(M[13]); + W[14] = be32_to_cpu(M[14]); + W[15] = be32_to_cpu(M[15]); + TEMP = W[13] ^ W[8] ^ W[2] ^ W[0]; W[16] = S1(TEMP); + TEMP = W[14] ^ W[9] ^ W[3] ^ W[1]; W[17] = S1(TEMP); + TEMP = W[15] ^ W[10] ^ W[4] ^ W[2]; W[18] = S1(TEMP); + TEMP = W[16] ^ W[11] ^ W[5] ^ W[3]; W[19] = S1(TEMP); + TEMP = W[17] ^ W[12] ^ W[6] ^ W[4]; W[20] = S1(TEMP); + TEMP = W[18] ^ W[13] ^ W[7] ^ W[5]; W[21] = S1(TEMP); + TEMP = W[19] ^ W[14] ^ W[8] ^ W[6]; W[22] = S1(TEMP); + TEMP = W[20] ^ W[15] ^ W[9] ^ W[7]; W[23] = S1(TEMP); + TEMP = W[21] ^ W[16] ^ W[10] ^ W[8]; W[24] = S1(TEMP); + TEMP = W[22] ^ W[17] ^ W[11] ^ W[9]; W[25] = S1(TEMP); + TEMP = W[23] ^ W[18] ^ W[12] ^ W[10]; W[26] = S1(TEMP); + TEMP = W[24] ^ W[19] ^ W[13] ^ W[11]; W[27] = S1(TEMP); + TEMP = W[25] ^ W[20] ^ W[14] ^ W[12]; W[28] = S1(TEMP); + TEMP = W[26] ^ W[21] ^ W[15] ^ W[13]; W[29] = S1(TEMP); + TEMP = W[27] ^ W[22] ^ W[16] ^ W[14]; W[30] = S1(TEMP); + TEMP = W[28] ^ W[23] ^ W[17] ^ W[15]; W[31] = S1(TEMP); + + /* process the remainder of the array */ + for (t=32; t < 80; t++) { + TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; + W[t] = S1(TEMP); + } + + A = H0; B = H1; C = H2; D = H3; E = H4; + + for (t=0; t < 20; t++) { + TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0; + E = D; D = C; C = S30(B); B = A; A = TEMP; + } + for ( ; t < 40; t++) { + TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1; + E = D; D = C; C = S30(B); B = A; A = TEMP; + } + for ( ; t < 60; t++) { + TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2; + E = D; D = C; C = S30(B); B = A; A = TEMP; + } + for ( ; t < 80; t++) { + TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3; + E = D; D = C; C = S30(B); B = A; A = TEMP; + } + + hash_value[0] = H0 + A; + hash_value[1] = H1 + B; + hash_value[2] = H2 + C; + hash_value[3] = H3 + D; + hash_value[4] = H4 + E; + + return; +} + +void +sha1_init(sha1_ctx_t *ctx) { + + /* initialize state vector */ + ctx->H[0] = 0x67452301; + ctx->H[1] = 0xefcdab89; + ctx->H[2] = 0x98badcfe; + ctx->H[3] = 0x10325476; + ctx->H[4] = 0xc3d2e1f0; + + /* indicate that message buffer is empty */ + ctx->octets_in_buffer = 0; + + /* reset message bit-count to zero */ + ctx->num_bits_in_msg = 0; + +} + +void +sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) { + int i; + uint8_t *buf = (uint8_t *)ctx->M; + + /* update message bit-count */ + ctx->num_bits_in_msg += octets_in_msg * 8; + + /* loop over 16-word blocks of M */ + while (octets_in_msg > 0) { + + if (octets_in_msg + ctx->octets_in_buffer >= 64) { + + /* + * copy words of M into msg buffer until that buffer is full, + * converting them into host byte order as needed + */ + octets_in_msg -= (64 - ctx->octets_in_buffer); + for (i=ctx->octets_in_buffer; i < 64; i++) + buf[i] = *msg++; + ctx->octets_in_buffer = 0; + + /* process a whole block */ + + debug_print(mod_sha1, "(update) running sha1_core()", NULL); + + sha1_core(ctx->M, ctx->H); + + } else { + + debug_print(mod_sha1, "(update) not running sha1_core()", NULL); + + for (i=ctx->octets_in_buffer; + i < (ctx->octets_in_buffer + octets_in_msg); i++) + buf[i] = *msg++; + ctx->octets_in_buffer += octets_in_msg; + octets_in_msg = 0; + } + + } + +} + +/* + * sha1_final(ctx, output) computes the result for ctx and copies it + * into the twenty octets located at *output + */ + +void +sha1_final(sha1_ctx_t *ctx, uint32_t *output) { + uint32_t A, B, C, D, E, TEMP; + uint32_t W[80]; + int i, t; + + /* + * process the remaining octets_in_buffer, padding and terminating as + * necessary + */ + { + int tail = ctx->octets_in_buffer % 4; + + /* copy/xor message into array */ + for (i=0; i < (ctx->octets_in_buffer+3)/4; i++) + W[i] = be32_to_cpu(ctx->M[i]); + + /* set the high bit of the octet immediately following the message */ + switch (tail) { + case (3): + W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xffffff00) | 0x80; + W[i] = 0x0; + break; + case (2): + W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xffff0000) | 0x8000; + W[i] = 0x0; + break; + case (1): + W[i-1] = (be32_to_cpu(ctx->M[i-1]) & 0xff000000) | 0x800000; + W[i] = 0x0; + break; + case (0): + W[i] = 0x80000000; + break; + } + + /* zeroize remaining words */ + for (i++ ; i < 15; i++) + W[i] = 0x0; + + /* + * if there is room at the end of the word array, then set the + * last word to the bit-length of the message; otherwise, set that + * word to zero and then we need to do one more run of the + * compression algo. + */ + if (ctx->octets_in_buffer < 56) + W[15] = ctx->num_bits_in_msg; + else if (ctx->octets_in_buffer < 60) + W[15] = 0x0; + + /* process the word array */ for (t=16; t < 80; t++) { + TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; + W[t] = S1(TEMP); + } + + A = ctx->H[0]; + B = ctx->H[1]; + C = ctx->H[2]; + D = ctx->H[3]; + E = ctx->H[4]; + + for (t=0; t < 20; t++) { + TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0; + E = D; D = C; C = S30(B); B = A; A = TEMP; + } + for ( ; t < 40; t++) { + TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1; + E = D; D = C; C = S30(B); B = A; A = TEMP; + } + for ( ; t < 60; t++) { + TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2; + E = D; D = C; C = S30(B); B = A; A = TEMP; + } + for ( ; t < 80; t++) { + TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3; + E = D; D = C; C = S30(B); B = A; A = TEMP; + } + + ctx->H[0] += A; + ctx->H[1] += B; + ctx->H[2] += C; + ctx->H[3] += D; + ctx->H[4] += E; + + } + + debug_print(mod_sha1, "(final) running sha1_core()", NULL); + + if (ctx->octets_in_buffer >= 56) { + + debug_print(mod_sha1, "(final) running sha1_core() again", NULL); + + /* we need to do one final run of the compression algo */ + + /* + * set initial part of word array to zeros, and set the + * final part to the number of bits in the message + */ + for (i=0; i < 15; i++) + W[i] = 0x0; + W[15] = ctx->num_bits_in_msg; + + /* process the word array */ + for (t=16; t < 80; t++) { + TEMP = W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]; + W[t] = S1(TEMP); + } + + A = ctx->H[0]; + B = ctx->H[1]; + C = ctx->H[2]; + D = ctx->H[3]; + E = ctx->H[4]; + + for (t=0; t < 20; t++) { + TEMP = S5(A) + f0(B,C,D) + E + W[t] + SHA_K0; + E = D; D = C; C = S30(B); B = A; A = TEMP; + } + for ( ; t < 40; t++) { + TEMP = S5(A) + f1(B,C,D) + E + W[t] + SHA_K1; + E = D; D = C; C = S30(B); B = A; A = TEMP; + } + for ( ; t < 60; t++) { + TEMP = S5(A) + f2(B,C,D) + E + W[t] + SHA_K2; + E = D; D = C; C = S30(B); B = A; A = TEMP; + } + for ( ; t < 80; t++) { + TEMP = S5(A) + f3(B,C,D) + E + W[t] + SHA_K3; + E = D; D = C; C = S30(B); B = A; A = TEMP; + } + + ctx->H[0] += A; + ctx->H[1] += B; + ctx->H[2] += C; + ctx->H[3] += D; + ctx->H[4] += E; + } + + /* copy result into output buffer */ + output[0] = be32_to_cpu(ctx->H[0]); + output[1] = be32_to_cpu(ctx->H[1]); + output[2] = be32_to_cpu(ctx->H[2]); + output[3] = be32_to_cpu(ctx->H[3]); + output[4] = be32_to_cpu(ctx->H[4]); + + /* indicate that message buffer in context is empty */ + ctx->octets_in_buffer = 0; + + return; +} + + + diff --git a/third_party/srtp/crypto/include/aes.h b/third_party/srtp/crypto/include/aes.h new file mode 100644 index 0000000..20d2804 --- /dev/null +++ b/third_party/srtp/crypto/include/aes.h @@ -0,0 +1,84 @@ +/* + * aes.h + * + * header file for the AES block cipher + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef _AES_H +#define _AES_H + +#include "srtp_config.h" + +#include "datatypes.h" +#include "gf2_8.h" + +/* aes internals */ + +typedef v128_t aes_expanded_key_t[11]; + +void +aes_expand_encryption_key(const v128_t *key, + aes_expanded_key_t expanded_key); + +void +aes_expand_decryption_key(const v128_t *key, + aes_expanded_key_t expanded_key); + +void +aes_encrypt(v128_t *plaintext, const aes_expanded_key_t exp_key); + +void +aes_decrypt(v128_t *plaintext, const aes_expanded_key_t exp_key); + +#if 0 +/* + * internal functions + */ + +void +aes_init_sbox(void); + +void +aes_compute_tables(void); +#endif + +#endif /* _AES_H */ diff --git a/third_party/srtp/crypto/include/aes_cbc.h b/third_party/srtp/crypto/include/aes_cbc.h new file mode 100644 index 0000000..9fb6682 --- /dev/null +++ b/third_party/srtp/crypto/include/aes_cbc.h @@ -0,0 +1,50 @@ +/* + * aes_cbc.h + * + * Header for AES Cipher Blobk Chaining Mode. + * + * David A. McGrew + * Cisco Systems, Inc. + * + */ + +#ifndef AES_CBC_H +#define AES_CBC_H + +#include "aes.h" +#include "cipher.h" + +typedef struct { + v128_t state; /* cipher chaining state */ + v128_t previous; /* previous ciphertext block */ + aes_expanded_key_t expanded_key; /* the cipher key */ +} aes_cbc_ctx_t; + +err_status_t +aes_cbc_set_key(aes_cbc_ctx_t *c, + const unsigned char *key); + +err_status_t +aes_cbc_encrypt(aes_cbc_ctx_t *c, + unsigned char *buf, + unsigned int *bytes_in_data); + +err_status_t +aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, + cipher_direction_t dir); + +err_status_t +aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv); + +err_status_t +aes_cbc_nist_encrypt(aes_cbc_ctx_t *c, + unsigned char *data, + unsigned int *bytes_in_data); + +err_status_t +aes_cbc_nist_decrypt(aes_cbc_ctx_t *c, + unsigned char *data, + unsigned int *bytes_in_data); + +#endif /* AES_CBC_H */ + diff --git a/third_party/srtp/crypto/include/aes_icm.h b/third_party/srtp/crypto/include/aes_icm.h new file mode 100644 index 0000000..17a1ddb --- /dev/null +++ b/third_party/srtp/crypto/include/aes_icm.h @@ -0,0 +1,56 @@ +/* + * aes_icm.h + * + * Header for AES Integer Counter Mode. + * + * David A. McGrew + * Cisco Systems, Inc. + * + */ + +#ifndef AES_ICM_H +#define AES_ICM_H + +#include "aes.h" +#include "cipher.h" + +typedef struct { + v128_t counter; /* holds the counter value */ + v128_t offset; /* initial offset value */ + v128_t keystream_buffer; /* buffers bytes of keystream */ + aes_expanded_key_t expanded_key; /* the cipher key */ + int bytes_in_buffer; /* number of unused bytes in buffer */ +} aes_icm_ctx_t; + + +err_status_t +aes_icm_context_init(aes_icm_ctx_t *c, + const unsigned char *key); + +err_status_t +aes_icm_set_iv(aes_icm_ctx_t *c, void *iv); + +err_status_t +aes_icm_encrypt(aes_icm_ctx_t *c, + unsigned char *buf, unsigned int *bytes_to_encr); + +err_status_t +aes_icm_output(aes_icm_ctx_t *c, + unsigned char *buf, int bytes_to_output); + +err_status_t +aes_icm_dealloc(cipher_t *c); + +err_status_t +aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c, + unsigned char *buf, + unsigned int *enc_len, + int forIsmacryp); + +err_status_t +aes_icm_alloc_ismacryp(cipher_t **c, + int key_len, + int forIsmacryp); + +#endif /* AES_ICM_H */ + diff --git a/third_party/srtp/crypto/include/alloc.h b/third_party/srtp/crypto/include/alloc.h new file mode 100644 index 0000000..5980eed --- /dev/null +++ b/third_party/srtp/crypto/include/alloc.h @@ -0,0 +1,57 @@ +/* + * alloc.h + * + * interface to memory allocation and deallocation, with optional debugging + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef CRYPTO_ALLOC_H +#define CRYPTO_ALLOC_H + +#include "datatypes.h" + +void * +crypto_alloc(size_t size); + +void +crypto_free(void *ptr); + +#endif /* CRYPTO_ALLOC_H */ diff --git a/third_party/srtp/crypto/include/auth.h b/third_party/srtp/crypto/include/auth.h new file mode 100644 index 0000000..295b5f6 --- /dev/null +++ b/third_party/srtp/crypto/include/auth.h @@ -0,0 +1,159 @@ +/* + * auth.h + * + * common interface to authentication functions + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef AUTH_H +#define AUTH_H + +#include "datatypes.h" +#include "err.h" /* error codes */ + +typedef struct auth_type_t *auth_type_pointer; +typedef struct auth_t *auth_pointer_t; + +typedef err_status_t (*auth_alloc_func) + (auth_pointer_t *ap, int key_len, int out_len); + +typedef err_status_t (*auth_init_func) + (void *state, const uint8_t *key, int key_len); + +typedef err_status_t (*auth_dealloc_func)(auth_pointer_t ap); + +typedef err_status_t (*auth_compute_func) + (void *state, uint8_t *buffer, int octets_to_auth, + int tag_len, uint8_t *tag); + +typedef err_status_t (*auth_update_func) + (void *state, uint8_t *buffer, int octets_to_auth); + +typedef err_status_t (*auth_start_func)(void *state); + +/* some syntactic sugar on these function types */ + +#define auth_type_alloc(at, a, klen, outlen) \ + ((at)->alloc((a), (klen), (outlen))) + +#define auth_init(a, key) \ + (((a)->type)->init((a)->state, (key), ((a)->key_len))) + +#define auth_compute(a, buf, len, res) \ + (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res))) + +#define auth_update(a, buf, len) \ + (((a)->type)->update((a)->state, (buf), (len))) + +#define auth_start(a)(((a)->type)->start((a)->state)) + +#define auth_dealloc(c) (((c)->type)->dealloc(c)) + +/* functions to get information about a particular auth_t */ + +int +auth_get_key_length(const struct auth_t *a); + +int +auth_get_tag_length(const struct auth_t *a); + +int +auth_get_prefix_length(const struct auth_t *a); + +/* + * auth_test_case_t is a (list of) key/message/tag values that are + * known to be correct for a particular cipher. this data can be used + * to test an implementation in an on-the-fly self test of the + * correcness of the implementation. (see the auth_type_self_test() + * function below) + */ + +typedef struct auth_test_case_t { + int key_length_octets; /* octets in key */ + uint8_t *key; /* key */ + int data_length_octets; /* octets in data */ + uint8_t *data; /* data */ + int tag_length_octets; /* octets in tag */ + uint8_t *tag; /* tag */ + struct auth_test_case_t *next_test_case; /* pointer to next testcase */ +} auth_test_case_t; + +/* auth_type_t */ + +typedef struct auth_type_t { + auth_alloc_func alloc; + auth_dealloc_func dealloc; + auth_init_func init; + auth_compute_func compute; + auth_update_func update; + auth_start_func start; + char *description; + int ref_count; + auth_test_case_t *test_data; + debug_module_t *debug; +} auth_type_t; + +typedef struct auth_t { + auth_type_t *type; + void *state; + int out_len; /* length of output tag in octets */ + int key_len; /* length of key in octets */ + int prefix_len; /* length of keystream prefix */ +} auth_t; + +/* + * auth_type_self_test() tests an auth_type against test cases + * provided in an array of values of key/message/tag that is known to + * be good + */ + +err_status_t +auth_type_self_test(const auth_type_t *at); + +/* + * auth_type_get_ref_count(at) returns the reference count (the number + * of instantiations) of the auth_type_t at + */ + +int +auth_type_get_ref_count(const auth_type_t *at); + +#endif /* AUTH_H */ diff --git a/third_party/srtp/crypto/include/cipher.h b/third_party/srtp/crypto/include/cipher.h new file mode 100644 index 0000000..f485660 --- /dev/null +++ b/third_party/srtp/crypto/include/cipher.h @@ -0,0 +1,218 @@ +/* + * cipher.h + * + * common interface to ciphers + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef CIPHER_H +#define CIPHER_H + +#include "datatypes.h" +#include "rdbx.h" /* for xtd_seq_num_t */ +#include "err.h" /* for error codes */ + + +/** + * @brief cipher_direction_t defines a particular cipher operation. + * + * A cipher_direction_t is an enum that describes a particular cipher + * operation, i.e. encryption or decryption. For some ciphers, this + * distinction does not matter, but for others, it is essential. + */ + +typedef enum { + direction_encrypt, /**< encryption (convert plaintext to ciphertext) */ + direction_decrypt, /**< decryption (convert ciphertext to plaintext) */ + direction_any /**< encryption or decryption */ +} cipher_direction_t; + +/* + * the cipher_pointer and cipher_type_pointer definitions are needed + * as cipher_t and cipher_type_t are not yet defined + */ + +typedef struct cipher_type_t *cipher_type_pointer_t; +typedef struct cipher_t *cipher_pointer_t; + +/* + * a cipher_alloc_func_t allocates (but does not initialize) a cipher_t + */ + +typedef err_status_t (*cipher_alloc_func_t) + (cipher_pointer_t *cp, int key_len); + +/* + * a cipher_init_func_t [re-]initializes a cipher_t with a given key + * and direction (i.e., encrypt or decrypt) + */ + +typedef err_status_t (*cipher_init_func_t) + (void *state, const uint8_t *key, cipher_direction_t dir); + +/* a cipher_dealloc_func_t de-allocates a cipher_t */ + +typedef err_status_t (*cipher_dealloc_func_t)(cipher_pointer_t cp); + +/* a cipher_set_segment_func_t sets the segment index of a cipher_t */ + +typedef err_status_t (*cipher_set_segment_func_t) + (void *state, xtd_seq_num_t idx); + +/* a cipher_encrypt_func_t encrypts data in-place */ + +typedef err_status_t (*cipher_encrypt_func_t) + (void *state, uint8_t *buffer, unsigned int *octets_to_encrypt); + +/* a cipher_decrypt_func_t decrypts data in-place */ + +typedef err_status_t (*cipher_decrypt_func_t) + (void *state, uint8_t *buffer, unsigned int *octets_to_decrypt); + +/* + * a cipher_set_nonce_seq_func_t function sets both the nonce + * and the extended sequence number + */ + +typedef err_status_t (*cipher_set_iv_func_t) + (cipher_pointer_t cp, void *iv); + +/* + * cipher_test_case_t is a (list of) key, salt, xtd_seq_num_t, + * plaintext, and ciphertext values that are known to be correct for a + * particular cipher. this data can be used to test an implementation + * in an on-the-fly self test of the correcness of the implementation. + * (see the cipher_type_self_test() function below) + */ + +typedef struct cipher_test_case_t { + int key_length_octets; /* octets in key */ + uint8_t *key; /* key */ + uint8_t *idx; /* packet index */ + unsigned int plaintext_length_octets; /* octets in plaintext */ + uint8_t *plaintext; /* plaintext */ + unsigned int ciphertext_length_octets; /* octets in plaintext */ + uint8_t *ciphertext; /* ciphertext */ + struct cipher_test_case_t *next_test_case; /* pointer to next testcase */ +} cipher_test_case_t; + +/* cipher_type_t defines the 'metadata' for a particular cipher type */ + +typedef struct cipher_type_t { + cipher_alloc_func_t alloc; + cipher_dealloc_func_t dealloc; + cipher_init_func_t init; + cipher_encrypt_func_t encrypt; + cipher_encrypt_func_t decrypt; + cipher_set_iv_func_t set_iv; + char *description; + int ref_count; + cipher_test_case_t *test_data; + debug_module_t *debug; +} cipher_type_t; + +/* + * cipher_t defines an instantiation of a particular cipher, with fixed + * key length, key and salt values + */ + +typedef struct cipher_t { + cipher_type_t *type; + void *state; + int key_len; +#ifdef FORCE_64BIT_ALIGN + int pad; +#endif +} cipher_t; + +/* some syntactic sugar on these function types */ + +#define cipher_type_alloc(ct, c, klen) ((ct)->alloc((c), (klen))) + +#define cipher_dealloc(c) (((c)->type)->dealloc(c)) + +#define cipher_init(c, k, dir) (((c)->type)->init(((c)->state), (k), (dir))) + +#define cipher_encrypt(c, buf, len) \ + (((c)->type)->encrypt(((c)->state), (buf), (len))) + +#define cipher_decrypt(c, buf, len) \ + (((c)->type)->decrypt(((c)->state), (buf), (len))) + +#define cipher_set_iv(c, n) \ + ((c) ? (((c)->type)->set_iv(((cipher_pointer_t)(c)->state), (n))) : \ + err_status_no_such_op) + +err_status_t +cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output); + + +/* some bookkeeping functions */ + +int +cipher_get_key_length(const cipher_t *c); + + +/* + * cipher_type_self_test() tests a cipher against test cases provided in + * an array of values of key/xtd_seq_num_t/plaintext/ciphertext + * that is known to be good + */ + +err_status_t +cipher_type_self_test(const cipher_type_t *ct); + + +/* + * cipher_bits_per_second(c, l, t) computes (and estimate of) the + * number of bits that a cipher implementation can encrypt in a second + * + * c is a cipher (which MUST be allocated and initialized already), l + * is the length in octets of the test data to be encrypted, and t is + * the number of trials + * + * if an error is encountered, then the value 0 is returned + */ + +uint64_t +cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials); + +#endif /* CIPHER_H */ diff --git a/third_party/srtp/crypto/include/crypto.h b/third_party/srtp/crypto/include/crypto.h new file mode 100644 index 0000000..0e9667d --- /dev/null +++ b/third_party/srtp/crypto/include/crypto.h @@ -0,0 +1,43 @@ +/* + * crypto.h + * + * API for libcrypto + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +#ifndef CRYPTO_H +#define CRYPTO_H + +/** + * @brief A cipher_type_id_t is an identifier for a particular cipher + * type. + * + * A cipher_type_id_t is an integer that represents a particular + * cipher type, e.g. the Advanced Encryption Standard (AES). A + * NULL_CIPHER is avaliable; this cipher leaves the data unchanged, + * and can be selected to indicate that no encryption is to take + * place. + * + * @ingroup Ciphers + */ +typedef uint32_t cipher_type_id_t; + +/** + * @brief An auth_type_id_t is an identifier for a particular authentication + * function. + * + * An auth_type_id_t is an integer that represents a particular + * authentication function type, e.g. HMAC-SHA1. A NULL_AUTH is + * avaliable; this authentication function performs no computation, + * and can be selected to indicate that no authentication is to take + * place. + * + * @ingroup Authentication + */ +typedef uint32_t auth_type_id_t; + +#endif /* CRYPTO_H */ + + diff --git a/third_party/srtp/crypto/include/crypto_kernel.h b/third_party/srtp/crypto/include/crypto_kernel.h new file mode 100644 index 0000000..b8cd9be --- /dev/null +++ b/third_party/srtp/crypto/include/crypto_kernel.h @@ -0,0 +1,258 @@ +/* + * crypto_kernel.h + * + * header for the cryptographic kernel + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef CRYPTO_KERNEL +#define CRYPTO_KERNEL + +#include "rand_source.h" +#include "prng.h" +#include "cipher.h" +#include "auth.h" +#include "cryptoalg.h" +#include "stat.h" +#include "err.h" +#include "crypto_types.h" +#include "key.h" +#include "crypto.h" + +/* + * crypto_kernel_state_t defines the possible states: + * + * insecure - not yet initialized + * secure - initialized and passed self-tests + */ + +typedef enum { + crypto_kernel_state_insecure, + crypto_kernel_state_secure +} crypto_kernel_state_t; + +/* + * linked list of cipher types + */ + +typedef struct kernel_cipher_type { + cipher_type_id_t id; + cipher_type_t *cipher_type; + struct kernel_cipher_type *next; +} kernel_cipher_type_t; + +/* + * linked list of auth types + */ + +typedef struct kernel_auth_type { + auth_type_id_t id; + auth_type_t *auth_type; + struct kernel_auth_type *next; +} kernel_auth_type_t; + +/* + * linked list of debug modules + */ + +typedef struct kernel_debug_module { + debug_module_t *mod; + struct kernel_debug_module *next; +} kernel_debug_module_t; + + +/* + * crypto_kernel_t is the data structure for the crypto kernel + * + * note that there is *exactly one* instance of this data type, + * a global variable defined in crypto_kernel.c + */ + +typedef struct { + crypto_kernel_state_t state; /* current state of kernel */ + kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */ + kernel_auth_type_t *auth_type_list; /* list of all auth func types */ + kernel_debug_module_t *debug_module_list; /* list of all debug modules */ +} crypto_kernel_t; + + +/* + * crypto_kernel_t external api + */ + + +/* + * The function crypto_kernel_init() initialized the crypto kernel and + * runs the self-test operations on the random number generators and + * crypto algorithms. Possible return values are: + * + * err_status_ok initialization successful + * <other> init failure + * + * If any value other than err_status_ok is returned, the + * crypto_kernel MUST NOT be used. + */ + +err_status_t +crypto_kernel_init(void); + + +/* + * The function crypto_kernel_shutdown() de-initializes the + * crypto_kernel, zeroizes keys and other cryptographic material, and + * deallocates any dynamically allocated memory. Possible return + * values are: + * + * err_status_ok shutdown successful + * <other> shutdown failure + * + */ + +err_status_t +crypto_kernel_shutdown(void); + +/* + * The function crypto_kernel_stats() checks the the crypto_kernel, + * running tests on the ciphers, auth funcs, and rng, and prints out a + * status report. Possible return values are: + * + * err_status_ok all tests were passed + * <other> a test failed + * + */ + +err_status_t +crypto_kernel_status(void); + + +/* + * crypto_kernel_list_debug_modules() outputs a list of debugging modules + * + */ + +err_status_t +crypto_kernel_list_debug_modules(void); + +/* + * crypto_kernel_load_cipher_type() + * + */ + +err_status_t +crypto_kernel_load_cipher_type(cipher_type_t *ct, cipher_type_id_t id); + +err_status_t +crypto_kernel_load_auth_type(auth_type_t *ct, auth_type_id_t id); + +err_status_t +crypto_kernel_load_debug_module(debug_module_t *new_dm); + +/* + * crypto_kernel_alloc_cipher(id, cp, key_len); + * + * allocates a cipher of type id at location *cp, with key length + * key_len octets. Return values are: + * + * err_status_ok no problems + * err_status_alloc_fail an allocation failure occured + * err_status_fail couldn't find cipher with identifier 'id' + */ + +err_status_t +crypto_kernel_alloc_cipher(cipher_type_id_t id, + cipher_pointer_t *cp, + int key_len); + +/* + * crypto_kernel_alloc_auth(id, ap, key_len, tag_len); + * + * allocates an auth function of type id at location *ap, with key + * length key_len octets and output tag length of tag_len. Return + * values are: + * + * err_status_ok no problems + * err_status_alloc_fail an allocation failure occured + * err_status_fail couldn't find auth with identifier 'id' + */ + +err_status_t +crypto_kernel_alloc_auth(auth_type_id_t id, + auth_pointer_t *ap, + int key_len, + int tag_len); + + +/* + * crypto_kernel_set_debug_module(mod_name, v) + * + * sets dynamic debugging to the value v (0 for off, 1 for on) for the + * debug module with the name mod_name + * + * returns err_status_ok on success, err_status_fail otherwise + */ + +err_status_t +crypto_kernel_set_debug_module(char *mod_name, int v); + +/** + * @brief writes a random octet string. + * + * The function call crypto_get_random(dest, len) writes len octets of + * random data to the location to which dest points, and returns an + * error code. This error code @b must be checked, and if a failure is + * reported, the data in the buffer @b must @b not be used. + * + * @warning If the return code is not checked, then non-random + * data may be in the buffer. This function will fail + * unless it is called after crypto_kernel_init(). + * + * @return + * - err_status_ok if no problems occured. + * - [other] a problem occured, and no assumptions should + * be made about the contents of the destination + * buffer. + * + * @ingroup SRTP + */ +err_status_t +crypto_get_random(unsigned char *buffer, unsigned int length); + +#endif /* CRYPTO_KERNEL */ diff --git a/third_party/srtp/crypto/include/crypto_math.h b/third_party/srtp/crypto/include/crypto_math.h new file mode 100644 index 0000000..c3e7b76 --- /dev/null +++ b/third_party/srtp/crypto/include/crypto_math.h @@ -0,0 +1,273 @@ +/* + * math.h + * + * crypto math operations and data types + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef MATH_H +#define MATH_H + +#include "datatypes.h" + +unsigned char +v32_weight(v32_t a); + +unsigned char +v32_distance(v32_t x, v32_t y); + +unsigned int +v32_dot_product(v32_t a, v32_t b); + +char * +v16_bit_string(v16_t x); + +char * +v32_bit_string(v32_t x); + +char * +v64_bit_string(const v64_t *x); + +char * +octet_hex_string(uint8_t x); + +char * +v16_hex_string(v16_t x); + +char * +v32_hex_string(v32_t x); + +char * +v64_hex_string(const v64_t *x); + +int +hex_char_to_nibble(uint8_t c); + +int +is_hex_string(char *s); + +v16_t +hex_string_to_v16(char *s); + +v32_t +hex_string_to_v32(char *s); + +v64_t +hex_string_to_v64(char *s); + +/* the matrix A[] is stored in column format, i.e., A[i] is + the ith column of the matrix */ + +uint8_t +A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b); + +void +v16_copy_octet_string(v16_t *x, const uint8_t s[2]); + +void +v32_copy_octet_string(v32_t *x, const uint8_t s[4]); + +void +v64_copy_octet_string(v64_t *x, const uint8_t s[8]); + +void +v128_add(v128_t *z, v128_t *x, v128_t *y); + +int +octet_string_is_eq(uint8_t *a, uint8_t *b, int len); + +void +octet_string_set_to_zero(uint8_t *s, int len); + + + +/* + * the matrix A[] is stored in column format, i.e., A[i] is the ith + * column of the matrix +*/ +uint8_t +A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b); + + +#if 0 +#if WORDS_BIGENDIAN + +#define _v128_add(z, x, y) { \ + uint64_t tmp; \ + \ + tmp = x->v32[3] + y->v32[3]; \ + z->v32[3] = (uint32_t) tmp; \ + \ + tmp = x->v32[2] + y->v32[2] + (tmp >> 32); \ + z->v32[2] = (uint32_t) tmp; \ + \ + tmp = x->v32[1] + y->v32[1] + (tmp >> 32); \ + z->v32[1] = (uint32_t) tmp; \ + \ + tmp = x->v32[0] + y->v32[0] + (tmp >> 32); \ + z->v32[0] = (uint32_t) tmp; \ +} + +#else /* assume little endian architecture */ + +#define _v128_add(z, x, y) { \ + uint64_t tmp; \ + \ + tmp = htonl(x->v32[3]) + htonl(y->v32[3]); \ + z->v32[3] = ntohl((uint32_t) tmp); \ + \ + tmp = htonl(x->v32[2]) + htonl(y->v32[2]) \ + + htonl(tmp >> 32); \ + z->v32[2] = ntohl((uint32_t) tmp); \ + \ + tmp = htonl(x->v32[1]) + htonl(y->v32[1]) \ + + htonl(tmp >> 32); \ + z->v32[1] = ntohl((uint32_t) tmp); \ + \ + tmp = htonl(x->v32[0]) + htonl(y->v32[0]) \ + + htonl(tmp >> 32); \ + z->v32[0] = ntohl((uint32_t) tmp); \ +} + +#endif /* WORDS_BIGENDIAN */ +#endif + +#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ + +#define v128_set_to_zero(z) _v128_set_to_zero(z) +#define v128_copy(z, x) _v128_copy(z, x) +#define v128_xor(z, x, y) _v128_xor(z, x, y) +#define v128_and(z, x, y) _v128_and(z, x, y) +#define v128_or(z, x, y) _v128_or(z, x, y) +#define v128_complement(x) _v128_complement(x) +#define v128_is_eq(x, y) _v128_is_eq(x, y) +#define v128_xor_eq(x, y) _v128_xor_eq(x, y) +#define v128_get_bit(x, i) _v128_get_bit(x, i) +#define v128_set_bit(x, i) _v128_set_bit(x, i) +#define v128_clear_bit(x, i) _v128_clear_bit(x, i) +#define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y) + +#else + +void +v128_set_to_zero(v128_t *x); + +int +v128_is_eq(const v128_t *x, const v128_t *y); + +void +v128_copy(v128_t *x, const v128_t *y); + +void +v128_xor(v128_t *z, v128_t *x, v128_t *y); + +void +v128_and(v128_t *z, v128_t *x, v128_t *y); + +void +v128_or(v128_t *z, v128_t *x, v128_t *y); + +void +v128_complement(v128_t *x); + +int +v128_get_bit(const v128_t *x, int i); + +void +v128_set_bit(v128_t *x, int i) ; + +void +v128_clear_bit(v128_t *x, int i); + +void +v128_set_bit_to(v128_t *x, int i, int y); + +#endif /* DATATYPES_USE_MACROS */ + +/* + * octet_string_is_eq(a,b, len) returns 1 if the length len strings a + * and b are not equal, returns 0 otherwise + */ + +int +octet_string_is_eq(uint8_t *a, uint8_t *b, int len); + +void +octet_string_set_to_zero(uint8_t *s, int len); + + +/* + * functions manipulating bit_vector_t + * + * A bitvector_t consists of an array of words and an integer + * representing the number of significant bits stored in the array. + * The bits are packed as follows: the least significant bit is that + * of word[0], while the most significant bit is the nth most + * significant bit of word[m], where length = bits_per_word * m + n. + * + */ + +#define bits_per_word 32 +#define bytes_per_word 4 + +typedef struct { + uint32_t length; + uint32_t *word; +} bitvector_t; + +int +bitvector_alloc(bitvector_t *v, unsigned long length); + +void +bitvector_set_bit(bitvector_t *v, int bit_index); + +int +bitvector_get_bit(const bitvector_t *v, int bit_index); + +int +bitvector_print_hex(const bitvector_t *v, FILE *stream); + +int +bitvector_set_from_hex(bitvector_t *v, char *string); + +#endif /* MATH_H */ + + + diff --git a/third_party/srtp/crypto/include/crypto_types.h b/third_party/srtp/crypto/include/crypto_types.h new file mode 100644 index 0000000..0ce50f4 --- /dev/null +++ b/third_party/srtp/crypto/include/crypto_types.h @@ -0,0 +1,206 @@ +/* + * crypto_types.h + * + * constants for cipher types and auth func types + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CRYPTO_TYPES_H +#define CRYPTO_TYPES_H + +/** + * @defgroup Algos Cryptographic Algorithms + * + * + * This library provides several different cryptographic algorithms, + * each of which can be selected by using the cipher_type_id_t and + * auth_type_id_t. These algorithms are documented below. + * + * Authentication functions that use the Universal Security Transform + * (UST) must be used in conjunction with a cipher other than the null + * cipher. These functions require a per-message pseudorandom input + * that is generated by the cipher. + * + * The identifiers STRONGHOLD_AUTH and STRONGHOLD_CIPHER identify the + * strongest available authentication function and cipher, + * respectively. They are resolved at compile time to the strongest + * available algorithm. The stronghold algorithms can serve as did + * the keep of a medieval fortification; they provide the strongest + * defense (or the last refuge). + * + * @{ + */ + +/** + * @defgroup Ciphers Cipher Types + * + * @brief Each cipher type is identified by an unsigned integer. The + * cipher types available in this edition of libSRTP are given + * by the #defines below. + * + * A cipher_type_id_t is an identifier for a cipher_type; only values + * given by the #defines above (or those present in the file + * crypto_types.h) should be used. + * + * The identifier STRONGHOLD_CIPHER indicates the strongest available + * cipher, allowing an application to choose the strongest available + * algorithm without any advance knowledge about the avaliable + * algorithms. + * + * @{ + */ + +/** + * @brief The null cipher performs no encryption. + * + * The NULL_CIPHER leaves its inputs unaltered, during both the + * encryption and decryption operations. This cipher can be chosen + * to indicate that no encryption is to be performed. + */ +#define NULL_CIPHER 0 + +/** + * @brief AES-128 Integer Counter Mode (AES ICM) + * + * AES-128 ICM is the variant of counter mode that is used by Secure RTP. + * This cipher uses a 16-octet key and a 30-octet offset (or salt) value. + */ +#define AES_128_ICM 1 + +/** + * @brief SEAL 3.0 + * + * SEAL is the Software-Optimized Encryption Algorithm of Coppersmith + * and Rogaway. Nota bene: this cipher is IBM proprietary. + */ +#define SEAL 2 + +/** + * @brief AES-128 Integer Counter Mode (AES ICM) + * + * AES-128 ICM is the variant of counter mode that is used by Secure RTP. + * This cipher uses a 16-octet key and a 30-octet offset (or salt) value. + */ +#define AES_128_CBC 3 + +/** + * @brief Strongest available cipher. + * + * This identifier resolves to the strongest cipher type available. + */ +#define STRONGHOLD_CIPHER AES_128_ICM + +/** + * @} + */ + + + +/** + * @defgroup Authentication Authentication Function Types + * + * @brief Each authentication function type is identified by an + * unsigned integer. The authentication function types available in + * this edition of libSRTP are given by the #defines below. + * + * An auth_type_id_t is an identifier for an authentication function type; + * only values given by the #defines above (or those present in the + * file crypto_types.h) should be used. + * + * The identifier STRONGHOLD_AUTH indicates the strongest available + * authentication function, allowing an application to choose the + * strongest available algorithm without any advance knowledge about + * the avaliable algorithms. The stronghold algorithms can serve as + * did the keep of a medieval fortification; they provide the + * strongest defense (or the last refuge). + * + * @{ + */ + +/** + * @brief The null authentication function performs no authentication. + * + * The NULL_AUTH function does nothing, and can be selected to indicate + * that authentication should not be performed. + */ +#define NULL_AUTH 0 + +/** + * @brief UST with TMMH Version 2 + * + * UST_TMMHv2 implements the Truncated Multi-Modular Hash using + * UST. This function must be used in conjunction with a cipher other + * than the null cipher. + * with a cipher. + */ +#define UST_TMMHv2 1 + +/** + * @brief (UST) AES-128 XORMAC + * + * UST_AES_128_XMAC implements AES-128 XORMAC, using UST. Nota bene: + * the XORMAC algorithm is IBM proprietary. + */ +#define UST_AES_128_XMAC 2 + +/** + * @brief HMAC-SHA1 + * + * HMAC_SHA1 implements the Hash-based MAC using the NIST Secure + * Hash Algorithm version 1 (SHA1). + */ +#define HMAC_SHA1 3 + +/** + * @brief Strongest available authentication function. + * + * This identifier resolves to the strongest available authentication + * function. + */ +#define STRONGHOLD_AUTH HMAC_SHA1 + +/** + * @} + */ +/** + * @} + */ + +#endif /* CRYPTO_TYPES_H */ diff --git a/third_party/srtp/crypto/include/cryptoalg.h b/third_party/srtp/crypto/include/cryptoalg.h new file mode 100644 index 0000000..d9f0441 --- /dev/null +++ b/third_party/srtp/crypto/include/cryptoalg.h @@ -0,0 +1,133 @@ +/* + * cryptoalg.h + * + * API for authenticated encryption crypto algorithms + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef CRYPTOALG_H +#define CRYPTOALG_H + +#include "err.h" + +/** + * @defgroup Crypto Cryptography + * + * Zed uses a simple interface to a cryptographic transform. + * + * @{ + */ + +/** + * @brief applies a crypto algorithm + * + * The function pointer cryptoalg_func_t points to a function that + * implements a crypto transform, and provides a uniform API for + * accessing crypto mechanisms. + * + * @param key location of secret key + * + * @param clear data to be authenticated but not encrypted + * + * @param clear_len length of data to be authenticated but not encrypted + * + * @param iv location to write the Initialization Vector (IV) + * + * @param protect location of the data to be encrypted and + * authenticated (before the function call), and the ciphertext + * and authentication tag (after the call) + * + * @param protected_len location of the length of the data to be + * encrypted and authenticated (before the function call), and the + * length of the ciphertext (after the call) + * + */ + +typedef err_status_t (*cryptoalg_func_t) + (void *key, + const void *clear, + unsigned clear_len, + void *iv, + void *protect, + unsigned *protected_len); + +typedef +err_status_t (*cryptoalg_inv_t) + (void *key, /* location of secret key */ + const void *clear, /* data to be authenticated only */ + unsigned clear_len, /* length of data to be authenticated only */ + void *iv, /* location of iv */ + void *opaque, /* data to be decrypted and authenticated */ + unsigned *opaque_len /* location of the length of data to be + * decrypted and authd (before and after) + */ + ); + +typedef struct cryptoalg_ctx_t { + cryptoalg_func_t enc; + cryptoalg_inv_t dec; + unsigned key_len; + unsigned iv_len; + unsigned auth_tag_len; + unsigned max_expansion; +} cryptoalg_ctx_t; + +typedef cryptoalg_ctx_t *cryptoalg_t; + +#define cryptoalg_get_key_len(cryptoalg) ((cryptoalg)->key_len) + +#define cryptoalg_get_iv_len(cryptoalg) ((cryptoalg)->iv_len) + +#define cryptoalg_get_auth_tag_len(cryptoalg) ((cryptoalg)->auth_tag_len) + +int +cryptoalg_get_id(cryptoalg_t c); + +cryptoalg_t +cryptoalg_find_by_id(int id); + + +/** + * @} + */ + +#endif /* CRYPTOALG_H */ + + diff --git a/third_party/srtp/crypto/include/datatypes.h b/third_party/srtp/crypto/include/datatypes.h new file mode 100644 index 0000000..4f86b55 --- /dev/null +++ b/third_party/srtp/crypto/include/datatypes.h @@ -0,0 +1,427 @@ +/* + * datatypes.h + * + * data types for bit vectors and finite fields + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef _DATATYPES_H +#define _DATATYPES_H + +#include "integers.h" /* definitions of uint32_t, et cetera */ +#include "alloc.h" + +#include <stdarg.h> + +#ifndef SRTP_KERNEL +# include <stdio.h> +# include <string.h> +# include <time.h> +# ifdef HAVE_NETINET_IN_H +# include <netinet/in.h> +# elif defined HAVE_WINSOCK2_H +# include <winsock2.h> +# endif +#endif + + +/* if DATATYPES_USE_MACROS is defined, then little functions are macros */ +#define DATATYPES_USE_MACROS + +typedef union { + uint8_t v8[2]; + uint16_t value; +} v16_t; + +typedef union { + uint8_t v8[4]; + uint16_t v16[2]; + uint32_t value; +} v32_t; + +typedef union { + uint8_t v8[8]; + uint16_t v16[4]; + uint32_t v32[2]; + uint64_t value; +} v64_t; + +typedef union { + uint8_t v8[16]; + uint16_t v16[8]; + uint32_t v32[4]; + uint64_t v64[2]; +} v128_t; + + + +/* some useful and simple math functions */ + +#define pow_2(X) ( (unsigned int)1 << (X) ) /* 2^X */ + +#define pow_minus_one(X) ( (X) ? -1 : 1 ) /* (-1)^X */ + + +/* + * octet_get_weight(x) returns the hamming weight (number of bits equal to + * one) in the octet x + */ + +int +octet_get_weight(uint8_t octet); + +char * +octet_bit_string(uint8_t x); + +#define MAX_PRINT_STRING_LEN 1024 + +char * +octet_string_hex_string(const void *str, int length); + +char * +v128_bit_string(v128_t *x); + +char * +v128_hex_string(v128_t *x); + +uint8_t +nibble_to_hex_char(uint8_t nibble); + +char * +char_to_hex_string(char *x, int num_char); + +uint8_t +hex_string_to_octet(char *s); + +/* + * hex_string_to_octet_string(raw, hex, len) converts the hexadecimal + * string at *hex (of length len octets) to the equivalent raw data + * and writes it to *raw. + * + * if a character in the hex string that is not a hexadeciaml digit + * (0123456789abcdefABCDEF) is encountered, the function stops writing + * data to *raw + * + * the number of hex digits copied (which is two times the number of + * octets in *raw) is returned + */ + +int +hex_string_to_octet_string(char *raw, char *hex, int len); + +v128_t +hex_string_to_v128(char *s); + +void +v128_copy_octet_string(v128_t *x, const uint8_t s[16]); + +void +v128_left_shift(v128_t *x, int index); + +void +v128_right_shift(v128_t *x, int index); + +/* + * the following macros define the data manipulation functions + * + * If DATATYPES_USE_MACROS is defined, then these macros are used + * directly (and function call overhead is avoided). Otherwise, + * the macros are used through the functions defined in datatypes.c + * (and the compiler provides better warnings). + */ + +#define _v128_set_to_zero(x) \ +( \ + (x)->v32[0] = 0, \ + (x)->v32[1] = 0, \ + (x)->v32[2] = 0, \ + (x)->v32[3] = 0 \ +) + +#define _v128_copy(x, y) \ +( \ + (x)->v32[0] = (y)->v32[0], \ + (x)->v32[1] = (y)->v32[1], \ + (x)->v32[2] = (y)->v32[2], \ + (x)->v32[3] = (y)->v32[3] \ +) + +#define _v128_xor(z, x, y) \ +( \ + (z)->v32[0] = (x)->v32[0] ^ (y)->v32[0], \ + (z)->v32[1] = (x)->v32[1] ^ (y)->v32[1], \ + (z)->v32[2] = (x)->v32[2] ^ (y)->v32[2], \ + (z)->v32[3] = (x)->v32[3] ^ (y)->v32[3] \ +) + +#define _v128_and(z, x, y) \ +( \ + (z)->v32[0] = (x)->v32[0] & (y)->v32[0], \ + (z)->v32[1] = (x)->v32[1] & (y)->v32[1], \ + (z)->v32[2] = (x)->v32[2] & (y)->v32[2], \ + (z)->v32[3] = (x)->v32[3] & (y)->v32[3] \ +) + +#define _v128_or(z, x, y) \ +( \ + (z)->v32[0] = (x)->v32[0] | (y)->v32[0], \ + (z)->v32[1] = (x)->v32[1] | (y)->v32[1], \ + (z)->v32[2] = (x)->v32[2] | (y)->v32[2], \ + (z)->v32[3] = (x)->v32[3] | (y)->v32[3] \ +) + +#define _v128_complement(x) \ +( \ + (x)->v32[0] = ~(x)->v32[0], \ + (x)->v32[1] = ~(x)->v32[1], \ + (x)->v32[2] = ~(x)->v32[2], \ + (x)->v32[3] = ~(x)->v32[3] \ +) + +/* ok for NO_64BIT_MATH if it can compare uint64_t's (even as structures) */ +#define _v128_is_eq(x, y) \ + (((x)->v64[0] == (y)->v64[0]) && ((x)->v64[1] == (y)->v64[1])) + + +#ifdef NO_64BIT_MATH +#define _v128_xor_eq(z, x) \ +( \ + (z)->v32[0] ^= (x)->v32[0], \ + (z)->v32[1] ^= (x)->v32[1], \ + (z)->v32[2] ^= (x)->v32[2], \ + (z)->v32[3] ^= (x)->v32[3] \ +) +#else +#define _v128_xor_eq(z, x) \ +( \ + (z)->v64[0] ^= (x)->v64[0], \ + (z)->v64[1] ^= (x)->v64[1] \ +) +#endif + +/* NOTE! This assumes an odd ordering! */ +/* This will not be compatible directly with math on some processors */ +/* bit 0 is first 32-bit word, low order bit. in little-endian, that's + the first byte of the first 32-bit word. In big-endian, that's + the 3rd byte of the first 32-bit word */ +/* The get/set bit code is used by the replay code ONLY, and it doesn't + really care which bit is which. AES does care which bit is which, but + doesn't use the 128-bit get/set or 128-bit shifts */ + +#define _v128_get_bit(x, bit) \ +( \ + ((((x)->v32[(bit) >> 5]) >> ((bit) & 31)) & 1) \ +) + +#define _v128_set_bit(x, bit) \ +( \ + (((x)->v32[(bit) >> 5]) |= ((uint32_t)1 << ((bit) & 31))) \ +) + +#define _v128_clear_bit(x, bit) \ +( \ + (((x)->v32[(bit) >> 5]) &= ~((uint32_t)1 << ((bit) & 31))) \ +) + +#define _v128_set_bit_to(x, bit, value) \ +( \ + (value) ? _v128_set_bit(x, bit) : \ + _v128_clear_bit(x, bit) \ +) + + +#if 0 +/* nothing uses this */ +#ifdef WORDS_BIGENDIAN + +#define _v128_add(z, x, y) { \ + uint64_t tmp; \ + \ + tmp = x->v32[3] + y->v32[3]; \ + z->v32[3] = (uint32_t) tmp; \ + \ + tmp = x->v32[2] + y->v32[2] + (tmp >> 32); \ + z->v32[2] = (uint32_t) tmp; \ + \ + tmp = x->v32[1] + y->v32[1] + (tmp >> 32); \ + z->v32[1] = (uint32_t) tmp; \ + \ + tmp = x->v32[0] + y->v32[0] + (tmp >> 32); \ + z->v32[0] = (uint32_t) tmp; \ +} + +#else /* assume little endian architecture */ + +#define _v128_add(z, x, y) { \ + uint64_t tmp; \ + \ + tmp = htonl(x->v32[3]) + htonl(y->v32[3]); \ + z->v32[3] = ntohl((uint32_t) tmp); \ + \ + tmp = htonl(x->v32[2]) + htonl(y->v32[2]) \ + + htonl(tmp >> 32); \ + z->v32[2] = ntohl((uint32_t) tmp); \ + \ + tmp = htonl(x->v32[1]) + htonl(y->v32[1]) \ + + htonl(tmp >> 32); \ + z->v32[1] = ntohl((uint32_t) tmp); \ + \ + tmp = htonl(x->v32[0]) + htonl(y->v32[0]) \ + + htonl(tmp >> 32); \ + z->v32[0] = ntohl((uint32_t) tmp); \ +} +#endif /* WORDS_BIGENDIAN */ +#endif /* 0 */ + + +#ifdef DATATYPES_USE_MACROS /* little functions are really macros */ + +#define v128_set_to_zero(z) _v128_set_to_zero(z) +#define v128_copy(z, x) _v128_copy(z, x) +#define v128_xor(z, x, y) _v128_xor(z, x, y) +#define v128_and(z, x, y) _v128_and(z, x, y) +#define v128_or(z, x, y) _v128_or(z, x, y) +#define v128_complement(x) _v128_complement(x) +#define v128_is_eq(x, y) _v128_is_eq(x, y) +#define v128_xor_eq(x, y) _v128_xor_eq(x, y) +#define v128_get_bit(x, i) _v128_get_bit(x, i) +#define v128_set_bit(x, i) _v128_set_bit(x, i) +#define v128_clear_bit(x, i) _v128_clear_bit(x, i) +#define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y) + +#else + +void +v128_set_to_zero(v128_t *x); + +int +v128_is_eq(const v128_t *x, const v128_t *y); + +void +v128_copy(v128_t *x, const v128_t *y); + +void +v128_xor(v128_t *z, v128_t *x, v128_t *y); + +void +v128_and(v128_t *z, v128_t *x, v128_t *y); + +void +v128_or(v128_t *z, v128_t *x, v128_t *y); + +void +v128_complement(v128_t *x); + +int +v128_get_bit(const v128_t *x, int i); + +void +v128_set_bit(v128_t *x, int i) ; + +void +v128_clear_bit(v128_t *x, int i); + +void +v128_set_bit_to(v128_t *x, int i, int y); + +#endif /* DATATYPES_USE_MACROS */ + +/* + * octet_string_is_eq(a,b, len) returns 1 if the length len strings a + * and b are not equal, returns 0 otherwise + */ + +int +octet_string_is_eq(uint8_t *a, uint8_t *b, int len); + +void +octet_string_set_to_zero(uint8_t *s, int len); + + +#ifndef SRTP_KERNEL_LINUX + +/* + * Convert big endian integers to CPU byte order. + */ +#ifdef WORDS_BIGENDIAN +/* Nothing to do. */ +# define be32_to_cpu(x) (x) +# define be64_to_cpu(x) (x) +#elif defined(HAVE_BYTESWAP_H) +/* We have (hopefully) optimized versions in byteswap.h */ +# include <byteswap.h> +# define be32_to_cpu(x) bswap_32((x)) +# define be64_to_cpu(x) bswap_64((x)) +#else + +#if defined(__GNUC__) && defined(HAVE_X86) +/* Fall back. */ +static inline uint32_t be32_to_cpu(uint32_t v) { + /* optimized for x86. */ + asm("bswap %0" : "=r" (v) : "0" (v)); + return v; +} +# else /* HAVE_X86 */ +# ifdef HAVE_NETINET_IN_H +# include <netinet/in.h> +# elif defined HAVE_WINSOCK2_H +# include <winsock2.h> +# endif +# define be32_to_cpu(x) ntohl((x)) +# endif /* HAVE_X86 */ + +static inline uint64_t be64_to_cpu(uint64_t v) { +# ifdef NO_64BIT_MATH + /* use the make64 functions to do 64-bit math */ + v = make64(htonl(low32(v)),htonl(high32(v))); +# else + /* use the native 64-bit math */ + v= (uint64_t)((be32_to_cpu((uint32_t)(v >> 32))) | (((uint64_t)be32_to_cpu((uint32_t)v)) << 32)); +# endif + return v; +} + +#endif /* ! SRTP_KERNEL_LINUX */ + +#endif /* WORDS_BIGENDIAN */ + +#endif /* _DATATYPES_H */ diff --git a/third_party/srtp/crypto/include/err.h b/third_party/srtp/crypto/include/err.h new file mode 100644 index 0000000..1a6e170 --- /dev/null +++ b/third_party/srtp/crypto/include/err.h @@ -0,0 +1,174 @@ +/* + * err.h + * + * error status codes + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef ERR_H +#define ERR_H + +#include "datatypes.h" + +/** + * @defgroup Error Error Codes + * + * Error status codes are represented by the enumeration err_status_t. + * + * @{ + */ + + +/* + * @brief err_status_t defines error codes. + * + * The enumeration err_status_t defines error codes. Note that the + * value of err_status_ok is equal to zero, which can simplify error + * checking somewhat. + * + */ +typedef enum { + err_status_ok = 0, /**< nothing to report */ + err_status_fail = 1, /**< unspecified failure */ + err_status_bad_param = 2, /**< unsupported parameter */ + err_status_alloc_fail = 3, /**< couldn't allocate memory */ + err_status_dealloc_fail = 4, /**< couldn't deallocate properly */ + err_status_init_fail = 5, /**< couldn't initialize */ + err_status_terminus = 6, /**< can't process as much data as requested */ + err_status_auth_fail = 7, /**< authentication failure */ + err_status_cipher_fail = 8, /**< cipher failure */ + err_status_replay_fail = 9, /**< replay check failed (bad index) */ + err_status_replay_old = 10, /**< replay check failed (index too old) */ + err_status_algo_fail = 11, /**< algorithm failed test routine */ + err_status_no_such_op = 12, /**< unsupported operation */ + err_status_no_ctx = 13, /**< no appropriate context found */ + err_status_cant_check = 14, /**< unable to perform desired validation */ + err_status_key_expired = 15, /**< can't use key any more */ + err_status_socket_err = 16, /**< error in use of socket */ + err_status_signal_err = 17, /**< error in use POSIX signals */ + err_status_nonce_bad = 18, /**< nonce check failed */ + err_status_read_fail = 19, /**< couldn't read data */ + err_status_write_fail = 20, /**< couldn't write data */ + err_status_parse_err = 21, /**< error pasring data */ + err_status_encode_err = 22, /**< error encoding data */ + err_status_semaphore_err = 23,/**< error while using semaphores */ + err_status_pfkey_err = 24 /**< error while using pfkey */ +} err_status_t; + +/** + * @} + */ + +typedef enum { + err_level_emergency = 0, + err_level_alert, + err_level_critical, + err_level_error, + err_level_warning, + err_level_notice, + err_level_info, + err_level_debug, + err_level_none +} err_reporting_level_t; + +/* + * err_reporting_init prepares the error system. If + * ERR_REPORTING_SYSLOG is defined, it will open syslog. + * + * The ident argument is a string that will be prepended to + * all syslog messages. It is conventionally argv[0]. + */ + +err_status_t +err_reporting_init(char *ident); + +#ifdef SRTP_KERNEL_LINUX +extern err_reporting_level_t err_level; +#else + +/* + * keydaemon_report_error reports a 'printf' formatted error + * string, followed by a an arg list. The priority argument + * is equivalent to that defined for syslog. + * + * Errors will be reported to ERR_REPORTING_FILE, if defined, and to + * syslog, if ERR_REPORTING_SYSLOG is defined. + * + */ + +void +err_report(int priority, char *format, ...); +#endif /* ! SRTP_KERNEL_LINUX */ + + +/* + * debug_module_t defines a debug module + */ + +typedef struct { + int on; /* 1 if debugging is on, 0 if it is off */ + char *name; /* printable name for debug module */ +} debug_module_t; + +#ifdef ENABLE_DEBUGGING + +#define debug_on(mod) (mod).on = 1 + +#define debug_off(mod) (mod).on = 0 + +/* use err_report() to report debug message */ +#define debug_print(mod, format, arg) \ + if (mod.on) err_report(err_level_debug, ("%s: " format "\n"), mod.name, arg) +#define debug_print2(mod, format, arg1,arg2) \ + if (mod.on) err_report(err_level_debug, ("%s: " format "\n"), mod.name, arg1,arg2) + +#else + +/* define macros to do nothing */ +#define debug_print(mod, format, arg) + +#define debug_on(mod) + +#define debug_off(mod) + +#endif + +#endif /* ERR_H */ diff --git a/third_party/srtp/crypto/include/gf2_8.h b/third_party/srtp/crypto/include/gf2_8.h new file mode 100644 index 0000000..098d37c --- /dev/null +++ b/third_party/srtp/crypto/include/gf2_8.h @@ -0,0 +1,79 @@ +/* + * gf2_8.h + * + * GF(256) implementation + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef GF2_8_H +#define GF2_8_H + +#include "datatypes.h" /* for uint8_t definition */ + +typedef uint8_t gf2_8; + +#define gf2_8_field_polynomial 0x1B + +/* + * gf2_8_shift(x) returns + */ + +/* + * gf2_8_shift(z) returns the result of the GF(2^8) 'multiply by x' + * operation, using the field representation from AES; that is, the + * next gf2_8 value in the cyclic representation of that field. The + * value z should be an uint8_t. + */ + +#define gf2_8_shift(z) (((z) & 128) ? \ + (((z) << 1) ^ gf2_8_field_polynomial) : ((z) << 1)) + +gf2_8 +gf2_8_compute_inverse(gf2_8 x); + +void +test_gf2_8(void); + +gf2_8 +gf2_8_multiply(gf2_8 x, gf2_8 y); + +#endif /* GF2_8_H */ diff --git a/third_party/srtp/crypto/include/hmac.h b/third_party/srtp/crypto/include/hmac.h new file mode 100644 index 0000000..262c0e2 --- /dev/null +++ b/third_party/srtp/crypto/include/hmac.h @@ -0,0 +1,78 @@ +/* + * hmac.h + * + * interface to hmac auth_type_t + * + * David A. McGrew + * Cisco Systems, Inc. + * + */ +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef HMAC_H +#define HMAC_H + +#include "auth.h" +#include "sha1.h" + +typedef struct { + uint8_t opad[64]; + sha1_ctx_t ctx; + sha1_ctx_t init_ctx; +} hmac_ctx_t; + +err_status_t +hmac_alloc(auth_t **a, int key_len, int out_len); + +err_status_t +hmac_dealloc(auth_t *a); + +err_status_t +hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len); + +err_status_t +hmac_start(hmac_ctx_t *state); + +err_status_t +hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets); + +err_status_t +hmac_compute(hmac_ctx_t *state, const void *message, + int msg_octets, int tag_len, uint8_t *result); + + +#endif /* HMAC_H */ diff --git a/third_party/srtp/crypto/include/integers.h b/third_party/srtp/crypto/include/integers.h new file mode 100644 index 0000000..138ea9c --- /dev/null +++ b/third_party/srtp/crypto/include/integers.h @@ -0,0 +1,147 @@ +/* + * integers.h + * + * defines integer types (or refers to their definitions) + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef INTEGERS_H +#define INTEGERS_H + +#include "srtp_config.h" /* configuration file, using autoconf */ + +#ifdef SRTP_KERNEL + +#include "kernel_compat.h" + +#else /* SRTP_KERNEL */ + +/* use standard integer definitions, if they're available */ +#ifdef HAVE_STDLIB_H +# include <stdlib.h> +#endif +#ifdef HAVE_STDINT_H +# include <stdint.h> +#endif +#ifdef HAVE_INTTYPES_H +# include <inttypes.h> +#endif +#ifdef HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif +#ifdef HAVE_SYS_INT_TYPES_H +# include <sys/int_types.h> /* this exists on Sun OS */ +#endif +#ifdef HAVE_MACHINE_TYPES_H +# include <machine/types.h> +#endif + +/* Can we do 64 bit integers? */ +#ifndef HAVE_UINT64_T +# if SIZEOF_UNSIGNED_LONG == 8 +typedef unsigned long uint64_t; +# elif SIZEOF_UNSIGNED_LONG_LONG == 8 +typedef unsigned long long uint64_t; +# else +# define NO_64BIT_MATH 1 +# endif +#endif + +/* Reasonable defaults for 32 bit machines - you may need to + * edit these definitions for your own machine. */ +#ifndef HAVE_UINT8_T +typedef unsigned char uint8_t; +#endif +#ifndef HAVE_UINT16_T +typedef unsigned short int uint16_t; +#endif +#ifndef HAVE_UINT32_T +typedef unsigned int uint32_t; +#endif + + +#ifdef NO_64BIT_MATH +typedef double uint64_t; +/* assert that sizeof(double) == 8 */ +extern uint64_t make64(uint32_t high, uint32_t low); +extern uint32_t high32(uint64_t value); +extern uint32_t low32(uint64_t value); +#endif + +#endif /* SRTP_KERNEL */ + +/* These macros are to load and store 32-bit values from un-aligned + addresses. This is required for processors that do not allow unaligned + loads. */ +#ifdef ALIGNMENT_32BIT_REQUIRED +/* Note that if it's in a variable, you can memcpy it */ +#ifdef WORDS_BIGENDIAN +#define PUT_32(addr,value) \ + { \ + ((unsigned char *) (addr))[0] = (value >> 24); \ + ((unsigned char *) (addr))[1] = (value >> 16) & 0xff; \ + ((unsigned char *) (addr))[2] = (value >> 8) & 0xff; \ + ((unsigned char *) (addr))[3] = (value) & 0xff; \ + } +#define GET_32(addr) ((((unsigned char *) (addr))[0] << 24) | \ + (((unsigned char *) (addr))[1] << 16) | \ + (((unsigned char *) (addr))[2] << 8) | \ + (((unsigned char *) (addr))[3])) +#else +#define PUT_32(addr,value) \ + { \ + ((unsigned char *) (addr))[3] = (value >> 24); \ + ((unsigned char *) (addr))[2] = (value >> 16) & 0xff; \ + ((unsigned char *) (addr))[1] = (value >> 8) & 0xff; \ + ((unsigned char *) (addr))[0] = (value) & 0xff; \ + } +#define GET_32(addr) ((((unsigned char *) (addr))[3] << 24) | \ + (((unsigned char *) (addr))[2] << 16) | \ + (((unsigned char *) (addr))[1] << 8) | \ + (((unsigned char *) (addr))[0])) +#endif // WORDS_BIGENDIAN +#else +#define PUT_32(addr,value) *(((uint32_t *) (addr)) = (value) +#define GET_32(addr) (*(((uint32_t *) (addr))) +#endif + +#endif /* INTEGERS_H */ diff --git a/third_party/srtp/crypto/include/kernel_compat.h b/third_party/srtp/crypto/include/kernel_compat.h new file mode 100644 index 0000000..59d1898 --- /dev/null +++ b/third_party/srtp/crypto/include/kernel_compat.h @@ -0,0 +1,84 @@ +/* + * kernel_compat.h + * + * Compatibility stuff for building in kernel context where standard + * C headers and library are not available. + * + * Marcus Sundberg + * Ingate Systems AB + */ +/* + * + * Copyright(c) 2005 Ingate Systems AB + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the author(s) nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef KERNEL_COMPAT_H +#define KERNEL_COMPAT_H + +#ifdef SRTP_KERNEL_LINUX + +#include <linux/kernel.h> +#include <linux/slab.h> +#include <linux/sched.h> +#include <linux/random.h> +#include <linux/byteorder/generic.h> + + +#define err_report(priority, ...) \ + do {\ + if (priority <= err_level) {\ + printk(__VA_ARGS__);\ + }\ + }while(0) + +#define clock() (jiffies) +#define time(x) (jiffies) + +/* rand() implementation. */ +#define RAND_MAX 32767 + +static inline int rand(void) +{ + uint32_t temp; + get_random_bytes(&temp, sizeof(temp)); + return temp % (RAND_MAX+1); +} + +/* stdio/stdlib implementation. */ +#define printf(...) printk(__VA_ARGS__) +#define exit(n) panic("%s:%d: exit(%d)\n", __FILE__, __LINE__, (n)) + +#endif /* SRTP_KERNEL_LINUX */ + +#endif /* KERNEL_COMPAT_H */ diff --git a/third_party/srtp/crypto/include/key.h b/third_party/srtp/crypto/include/key.h new file mode 100644 index 0000000..e7e0744 --- /dev/null +++ b/third_party/srtp/crypto/include/key.h @@ -0,0 +1,82 @@ +/* + * key.h + * + * key usage limits enforcement + * + * David A. Mcgrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef KEY_H +#define KEY_H + +#include "rdbx.h" /* for xtd_seq_num_t */ +#include "err.h" + +typedef struct key_limit_ctx_t *key_limit_t; + +typedef enum { + key_event_normal, + key_event_soft_limit, + key_event_hard_limit +} key_event_t; + +err_status_t +key_limit_set(key_limit_t key, const xtd_seq_num_t s); + +err_status_t +key_limit_clone(key_limit_t original, key_limit_t *new_key); + +err_status_t +key_limit_check(const key_limit_t key); + +key_event_t +key_limit_update(key_limit_t key); + +typedef enum { + key_state_normal, + key_state_past_soft_limit, + key_state_expired +} key_state_t; + +typedef struct key_limit_ctx_t { + xtd_seq_num_t num_left; + key_state_t state; +} key_limit_ctx_t; + +#endif /* KEY_H */ diff --git a/third_party/srtp/crypto/include/null_auth.h b/third_party/srtp/crypto/include/null_auth.h new file mode 100644 index 0000000..44f9a4a --- /dev/null +++ b/third_party/srtp/crypto/include/null_auth.h @@ -0,0 +1,68 @@ +/* + * null-auth.h + * + * David A. McGrew + * Cisco Systems, Inc. + * + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef NULL_AUTH_H +#define NULL_AUTH_H + +#include "auth.h" + +typedef struct { + char foo; +} null_auth_ctx_t; + +err_status_t +null_auth_alloc(auth_t **a, int key_len, int out_len); + +err_status_t +null_auth_dealloc(auth_t *a); + +err_status_t +null_auth_init(null_auth_ctx_t *state, const uint8_t *key, int key_len); + +err_status_t +null_auth_compute (null_auth_ctx_t *state, uint8_t *message, + int msg_octets, int tag_len, uint8_t *result); + + +#endif /* NULL_AUTH_H */ diff --git a/third_party/srtp/crypto/include/null_cipher.h b/third_party/srtp/crypto/include/null_cipher.h new file mode 100644 index 0000000..7d6bbdd --- /dev/null +++ b/third_party/srtp/crypto/include/null_cipher.h @@ -0,0 +1,80 @@ +/* + * null-cipher.h + * + * header file for the null cipher + * + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef NULL_CIPHER_H +#define NULL_CIPHER_H + +#include "datatypes.h" +#include "cipher.h" + +typedef struct { + char foo ;/* empty, for now */ +} null_cipher_ctx_t; + + +/* + * none of these functions do anything (though future versions may keep + * track of bytes encrypted, number of instances, and/or other info). + */ + +err_status_t +null_cipher_init(null_cipher_ctx_t *c, const uint8_t *key); + +err_status_t +null_cipher_set_segment(null_cipher_ctx_t *c, + unsigned long index); + +err_status_t +null_cipher_encrypt(null_cipher_ctx_t *c, + unsigned char *buf, unsigned int *bytes_to_encr); + + +err_status_t +null_cipher_encrypt_aligned(null_cipher_ctx_t *c, + unsigned char *buf, int bytes_to_encr); + +#endif /* NULL_CIPHER_H */ diff --git a/third_party/srtp/crypto/include/prng.h b/third_party/srtp/crypto/include/prng.h new file mode 100644 index 0000000..fb96b5e --- /dev/null +++ b/third_party/srtp/crypto/include/prng.h @@ -0,0 +1,54 @@ +/* + * prng.h + * + * pseudorandom source + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +#ifndef PRNG_H +#define PRNG_H + +#include "rand_source.h" /* for rand_source_func_t definition */ +#include "aes.h" /* for aes */ +#include "aes_icm.h" /* for aes ctr */ + +#define MAX_PRNG_OUT_LEN 0xffffffffU + +/* + * x917_prng is an ANSI X9.17-like AES-based PRNG + */ + +typedef struct { + v128_t state; /* state data */ + aes_expanded_key_t key; /* secret key */ + uint32_t octet_count; /* number of octets output since last init */ + rand_source_func_t rand; /* random source for re-initialization */ +} x917_prng_t; + +err_status_t +x917_prng_init(rand_source_func_t random_source); + +err_status_t +x917_prng_get_octet_string(uint8_t *dest, uint32_t len); + + +/* + * ctr_prng is an AES-CTR based PRNG + */ + +typedef struct { + uint32_t octet_count; /* number of octets output since last init */ + aes_icm_ctx_t state; /* state data */ + rand_source_func_t rand; /* random source for re-initialization */ +} ctr_prng_t; + +err_status_t +ctr_prng_init(rand_source_func_t random_source); + +err_status_t +ctr_prng_get_octet_string(void *dest, uint32_t len); + + +#endif diff --git a/third_party/srtp/crypto/include/rand_source.h b/third_party/srtp/crypto/include/rand_source.h new file mode 100644 index 0000000..b4c2110 --- /dev/null +++ b/third_party/srtp/crypto/include/rand_source.h @@ -0,0 +1,91 @@ +/* + * rand_source.h + * + * implements a random source based on /dev/random + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef RAND_SOURCE +#define RAND_SOURCE + +#include "err.h" +#include "datatypes.h" + +err_status_t +rand_source_init(void); + +/* + * rand_source_get_octet_string() writes a random octet string. + * + * The function call rand_source_get_octet_string(dest, len) writes + * len octets of random data to the location to which dest points, + * and returns an error code. This error code should be checked, + * and if a failure is reported, the data in the buffer MUST NOT + * be used. + * + * warning: If the return code is not checked, then non-random + * data may inadvertently be used. + * + * returns: + * - err_status_ok if no problems occured. + * - [other] a problem occured, and no assumptions should + * be made about the contents of the destination + * buffer. + */ + +err_status_t +rand_source_get_octet_string(void *dest, uint32_t length); + +err_status_t +rand_source_deinit(void); + +/* + * function prototype for a random source function + * + * A rand_source_func_t writes num_octets at the location indicated by + * dest and returns err_status_ok. Any other return value indicates + * failure. + */ + +typedef err_status_t (*rand_source_func_t) + (void *dest, uint32_t num_octets); + +#endif /* RAND_SOURCE */ diff --git a/third_party/srtp/crypto/include/rdb.h b/third_party/srtp/crypto/include/rdb.h new file mode 100644 index 0000000..5a26c5e --- /dev/null +++ b/third_party/srtp/crypto/include/rdb.h @@ -0,0 +1,94 @@ +/* + * replay-database.h + * + * interface for a replay database for packet security + * + * David A. McGrew + * Cisco Systems, Inc. + */ + + +#ifndef REPLAY_DB_H +#define REPLAY_DB_H + +#include "integers.h" /* for uint32_t */ +#include "datatypes.h" /* for v128_t */ +#include "err.h" /* for err_status_t */ + +/* + * if the ith least significant bit is one, then the packet index + * window_end-i is in the database + */ + +typedef struct { + uint32_t window_start; /* packet index of the first bit in bitmask */ + v128_t bitmask; +} rdb_t; + +#define rdb_bits_in_bitmask (8*sizeof(v128_t)) + +/* + * rdb init + * + * initalizes rdb + * + * returns err_status_ok on success, err_status_t_fail otherwise + */ + +err_status_t +rdb_init(rdb_t *rdb); + + +/* + * rdb_check + * + * checks to see if index appears in rdb + * + * returns err_status_fail if the index already appears in rdb, + * returns err_status_ok otherwise + */ + +err_status_t +rdb_check(const rdb_t *rdb, uint32_t index); + +/* + * rdb_add_index + * + * adds index to rdb_t (and does *not* check if index appears in db) + * + * returns err_status_ok on success, err_status_fail otherwise + * + */ + +err_status_t +rdb_add_index(rdb_t *rdb, uint32_t index); + +/* + * the functions rdb_increment() and rdb_get_value() are for use by + * senders, not receivers - DO NOT use these functions on the same + * rdb_t upon which rdb_add_index is used! + */ + + +/* + * rdb_increment(db) increments the sequence number in db, if it is + * not too high + * + * return values: + * + * err_status_ok no problem + * err_status_key_expired sequence number too high + * + */ +err_status_t +rdb_increment(rdb_t *rdb); + +/* + * rdb_get_value(db) returns the current sequence number of db + */ + +uint32_t +rdb_get_value(const rdb_t *rdb); + + +#endif /* REPLAY_DB_H */ diff --git a/third_party/srtp/crypto/include/rdbx.h b/third_party/srtp/crypto/include/rdbx.h new file mode 100644 index 0000000..ce9ecf6 --- /dev/null +++ b/third_party/srtp/crypto/include/rdbx.h @@ -0,0 +1,146 @@ +/* + * rdbx.h + * + * replay database with extended packet indices, using a rollover counter + * + * David A. McGrew + * Cisco Systems, Inc. + * + */ + +#ifndef RDBX_H +#define RDBX_H + +#include "datatypes.h" +#include "err.h" + +/* #define ROC_TEST */ + +#ifndef ROC_TEST + +typedef uint16_t sequence_number_t; /* 16 bit sequence number */ +typedef uint32_t rollover_counter_t; /* 32 bit rollover counter */ + +#else /* use small seq_num and roc datatypes for testing purposes */ + +typedef unsigned char sequence_number_t; /* 8 bit sequence number */ +typedef uint16_t rollover_counter_t; /* 16 bit rollover counter */ + +#endif + +#define seq_num_median (1 << (8*sizeof(sequence_number_t) - 1)) +#define seq_num_max (1 << (8*sizeof(sequence_number_t))) + +/* + * An xtd_seq_num_t is a 64-bit unsigned integer used as an 'extended' + * sequence number. + */ + +typedef uint64_t xtd_seq_num_t; + + +/* + * An rdbx_t is a replay database with extended range; it uses an + * xtd_seq_num_t and a bitmask of recently received indices. + */ + +typedef struct { + xtd_seq_num_t index; + v128_t bitmask; +} rdbx_t; + + +/* + * rdbx_init(rdbx_ptr) + * + * initializes the rdbx pointed to by its argument, setting the + * rollover counter and sequence number to zero + */ + +err_status_t +rdbx_init(rdbx_t *rdbx); + + +/* + * rdbx_estimate_index(rdbx, guess, s) + * + * given an rdbx and a sequence number s (from a newly arrived packet), + * sets the contents of *guess to contain the best guess of the packet + * index to which s corresponds, and returns the difference between + * *guess and the locally stored synch info + */ + +int +rdbx_estimate_index(const rdbx_t *rdbx, + xtd_seq_num_t *guess, + sequence_number_t s); + +/* + * rdbx_check(rdbx, delta); + * + * rdbx_check(&r, delta) checks to see if the xtd_seq_num_t + * which is at rdbx->window_start + delta is in the rdb + * + */ + +err_status_t +rdbx_check(const rdbx_t *rdbx, int difference); + +/* + * replay_add_index(rdbx, delta) + * + * adds the xtd_seq_num_t at rdbx->window_start + delta to replay_db + * (and does *not* check if that xtd_seq_num_t appears in db) + * + * this function should be called *only* after replay_check has + * indicated that the index does not appear in the rdbx, and a mutex + * should protect the rdbx between these calls if necessary. + */ + +err_status_t +rdbx_add_index(rdbx_t *rdbx, int delta); + +/* + * xtd_seq_num_t functions - these are *internal* functions of rdbx, and + * shouldn't be used to manipulate rdbx internal values. use the rdbx + * api instead! + */ + + +/* index_init(&pi) initializes a packet index pi (sets it to zero) */ + +void +index_init(xtd_seq_num_t *pi); + +/* index_advance(&pi, s) advances a xtd_seq_num_t forward by s */ + +void +index_advance(xtd_seq_num_t *pi, sequence_number_t s); + + +/* + * index_guess(local, guess, s) + * + * given a xtd_seq_num_t local (which represents the highest + * known-to-be-good index) and a sequence number s (from a newly + * arrived packet), sets the contents of *guess to contain the best + * guess of the packet index to which s corresponds, and returns the + * difference between *guess and *local + */ + +int +index_guess(const xtd_seq_num_t *local, + xtd_seq_num_t *guess, + sequence_number_t s); + + +#endif /* RDBX_H */ + + + + + + + + + diff --git a/third_party/srtp/crypto/include/sha1.h b/third_party/srtp/crypto/include/sha1.h new file mode 100644 index 0000000..e3af4d4 --- /dev/null +++ b/third_party/srtp/crypto/include/sha1.h @@ -0,0 +1,108 @@ +/* + * sha1.h + * + * interface to the Secure Hash Algorithm v.1 (SHA-1), specified in + * FIPS 180-1 + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef SHA1_H +#define SHA1_H + +#include "err.h" +#include "datatypes.h" + +typedef struct { + uint32_t H[5]; /* state vector */ + uint32_t M[16]; /* message buffer */ + int octets_in_buffer; /* octets of message in buffer */ + uint32_t num_bits_in_msg; /* total number of bits in message */ +} sha1_ctx_t; + +/* + * sha1(&ctx, msg, len, output) hashes the len octets starting at msg + * into the SHA1 context, then writes the result to the 20 octets at + * output + * + */ + +void +sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]); + +/* + * sha1_init(&ctx) initializes the SHA1 context ctx + * + * sha1_update(&ctx, msg, len) hashes the len octets starting at msg + * into the SHA1 context + * + * sha1_final(&ctx, output) performs the final processing of the SHA1 + * context and writes the result to the 20 octets at output + * + */ + +void +sha1_init(sha1_ctx_t *ctx); + +void +sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg); + +void +sha1_final(sha1_ctx_t *ctx, uint32_t output[5]); + +/* + * The sha1_core function is INTERNAL to SHA-1, but it is declared + * here because it is also used by the cipher SEAL 3.0 in its key + * setup algorithm. + */ + +/* + * sha1_core(M, H) computes the core sha1 compression function, where M is + * the next part of the message and H is the intermediate state {H0, + * H1, ...} + * + * this function does not do any of the padding required in the + * complete sha1 function + */ + +void +sha1_core(const uint32_t M[16], uint32_t hash_value[5]); + +#endif /* SHA1_H */ diff --git a/third_party/srtp/crypto/include/stat.h b/third_party/srtp/crypto/include/stat.h new file mode 100644 index 0000000..e28b131 --- /dev/null +++ b/third_party/srtp/crypto/include/stat.h @@ -0,0 +1,69 @@ +/* + * stats.h + * + * interface to statistical test functions + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright(c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef STAT_H +#define STAT_H + +#include "datatypes.h" /* for uint8_t */ +#include "err.h" /* for err_status_t */ +#include "rand_source.h" /* for rand_source_func_t definition */ + +err_status_t +stat_test_monobit(uint8_t *data); + +err_status_t +stat_test_poker(uint8_t *data); + +err_status_t +stat_test_runs(uint8_t *data); + +err_status_t +stat_test_rand_source(rand_source_func_t rs); + +err_status_t +stat_test_rand_source_with_repetition(rand_source_func_t source, unsigned num_trials); + +#endif /* STAT_H */ diff --git a/third_party/srtp/crypto/include/xfm.h b/third_party/srtp/crypto/include/xfm.h new file mode 100644 index 0000000..5837149 --- /dev/null +++ b/third_party/srtp/crypto/include/xfm.h @@ -0,0 +1,139 @@ +/* + * xfm.h + * + * interface for abstract crypto transform + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +#ifndef XFM_H +#define XFM_H + +#include "crypto_kernel.h" +#include "err.h" + +/** + * @defgroup Crypto Cryptography + * + * A simple interface to an abstract cryptographic transform that + * provides both confidentiality and message authentication. + * + * @{ + */ + +/** + * @brief applies a crypto transform + * + * The function pointer xfm_func_t points to a function that + * implements a crypto transform, and provides a uniform API for + * accessing crypto mechanisms. + * + * @param key location of secret key + * + * @param clear data to be authenticated only + * + * @param clear_len length of data to be authenticated only + * + * @param iv location to write the Initialization Vector (IV) + * + * @param protect location of the data to be encrypted and + * authenticated (before the function call), and the ciphertext + * and authentication tag (after the call) + * + * @param protected_len location of the length of the data to be + * encrypted and authenticated (before the function call), and the + * length of the ciphertext (after the call) + * + * @param auth_tag location to write auth tag + */ + +typedef err_status_t (*xfm_func_t) + (void *key, + void *clear, + unsigned clear_len, + void *iv, + void *protect, + unsigned *protected_len, + void *auth_tag + ); + +typedef +err_status_t (*xfm_inv_t) + (void *key, /* location of secret key */ + void *clear, /* data to be authenticated only */ + unsigned clear_len, /* length of data to be authenticated only */ + void *iv, /* location of iv */ + void *opaque, /* data to be decrypted and authenticated */ + unsigned *opaque_len, /* location of the length of data to be + * decrypted and authd (before and after) + */ + void *auth_tag /* location of auth tag */ + ); + +typedef struct xfm_ctx_t { + xfm_func_t func; + xfm_inv_t inv; + unsigned key_len; + unsigned iv_len; + unsigned auth_tag_len; +} xfm_ctx_t; + +typedef xfm_ctx_t *xfm_t; + +#define xfm_get_key_len(xfm) ((xfm)->key_len) + +#define xfm_get_iv_len(xfm) ((xfm)->iv_len) + +#define xfm_get_auth_tag_len(xfm) ((xfm)->auth_tag_len) + + +/* cryptoalgo - 5/28 */ + +typedef err_status_t (*cryptoalg_func_t) + (void *key, + void *clear, + unsigned clear_len, + void *iv, + void *opaque, + unsigned *opaque_len + ); + +typedef +err_status_t (*cryptoalg_inv_t) + (void *key, /* location of secret key */ + void *clear, /* data to be authenticated only */ + unsigned clear_len, /* length of data to be authenticated only */ + void *iv, /* location of iv */ + void *opaque, /* data to be decrypted and authenticated */ + unsigned *opaque_len /* location of the length of data to be + * decrypted and authd (before and after) + */ + ); + +typedef struct cryptoalg_ctx_t { + cryptoalg_func_t enc; + cryptoalg_inv_t dec; + unsigned key_len; + unsigned iv_len; + unsigned auth_tag_len; + unsigned max_expansion; +} cryptoalg_ctx_t; + +typedef cryptoalg_ctx_t *cryptoalg_t; + +#define cryptoalg_get_key_len(cryptoalg) ((cryptoalg)->key_len) + +#define cryptoalg_get_iv_len(cryptoalg) ((cryptoalg)->iv_len) + +#define cryptoalg_get_auth_tag_len(cryptoalg) ((cryptoalg)->auth_tag_len) + + + +/** + * @} + */ + +#endif /* XFM_H */ + + diff --git a/third_party/srtp/crypto/kernel/alloc.c b/third_party/srtp/crypto/kernel/alloc.c new file mode 100644 index 0000000..5dd0947 --- /dev/null +++ b/third_party/srtp/crypto/kernel/alloc.c @@ -0,0 +1,119 @@ +/* + * alloc.c + * + * memory allocation and deallocation + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "alloc.h" +#include "crypto_kernel.h" + +/* the debug module for memory allocation */ + +debug_module_t mod_alloc = { + 0, /* debugging is off by default */ + "alloc" /* printable name for module */ +}; + +/* + * Nota bene: the debugging statements for crypto_alloc() and + * crypto_free() have identical prefixes, which include the addresses + * of the memory locations on which they are operating. This fact can + * be used to locate memory leaks, by turning on memory debugging, + * grepping for 'alloc', then matching alloc and free calls by + * address. + */ + +#ifdef SRTP_KERNEL_LINUX + +#include <linux/interrupt.h> + +void * +crypto_alloc(size_t size) { + void *ptr; + + ptr = kmalloc(size, in_interrupt() ? GFP_ATOMIC : GFP_KERNEL); + + if (ptr) { + debug_print(mod_alloc, "(location: %p) allocated", ptr); + } else + debug_print(mod_alloc, "allocation failed (asked for %d bytes)\n", size); + + return ptr; +} + +void +crypto_free(void *ptr) { + + debug_print(mod_alloc, "(location: %p) freed", ptr); + + kfree(ptr); +} + + +#elif defined(HAVE_STDLIB_H) + +void * +crypto_alloc(size_t size) { + void *ptr; + + ptr = malloc(size); + + if (ptr) { + debug_print(mod_alloc, "(location: %p) allocated", ptr); + } else + debug_print(mod_alloc, "allocation failed (asked for %d bytes)\n", size); + + return ptr; +} + +void +crypto_free(void *ptr) { + + debug_print(mod_alloc, "(location: %p) freed", ptr); + + free(ptr); +} + +#else /* we need to define our own memory allocation routines */ + +#error no memory allocation defined yet + +#endif diff --git a/third_party/srtp/crypto/kernel/crypto_kernel.c b/third_party/srtp/crypto/kernel/crypto_kernel.c new file mode 100644 index 0000000..230dda6 --- /dev/null +++ b/third_party/srtp/crypto/kernel/crypto_kernel.c @@ -0,0 +1,523 @@ +/* + * crypto_kernel.c + * + * header for the cryptographic kernel + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "alloc.h" + +#include "crypto_kernel.h" + +/* the debug module for the crypto_kernel */ + +debug_module_t mod_crypto_kernel = { + 0, /* debugging is off by default */ + "crypto kernel" /* printable name for module */ +}; + +/* + * other debug modules that can be included in the kernel + */ + +extern debug_module_t mod_auth; +extern debug_module_t mod_cipher; +extern debug_module_t mod_stat; +extern debug_module_t mod_alloc; + +/* + * cipher types that can be included in the kernel + */ + +extern cipher_type_t null_cipher; +extern cipher_type_t aes_icm; +extern cipher_type_t aes_cbc; + + +/* + * auth func types that can be included in the kernel + */ + +extern auth_type_t null_auth; +extern auth_type_t hmac; + +/* crypto_kernel is a global variable, the only one of its datatype */ + +crypto_kernel_t +crypto_kernel = { + crypto_kernel_state_insecure, /* start off in insecure state */ + NULL, /* no cipher types yet */ + NULL, /* no auth types yet */ + NULL /* no debug modules yet */ +}; + +#define MAX_RNG_TRIALS 25 + +err_status_t +crypto_kernel_init() { + err_status_t status; + + /* check the security state */ + if (crypto_kernel.state == crypto_kernel_state_secure) { + + /* + * we're already in the secure state, but we've been asked to + * re-initialize, so we just re-run the self-tests and then return + */ + return crypto_kernel_status(); + } + + /* initialize error reporting system */ + status = err_reporting_init("crypto"); + if (status) + return status; + + /* load debug modules */ + status = crypto_kernel_load_debug_module(&mod_crypto_kernel); + if (status) + return status; + status = crypto_kernel_load_debug_module(&mod_auth); + if (status) + return status; + status = crypto_kernel_load_debug_module(&mod_cipher); + if (status) + return status; + status = crypto_kernel_load_debug_module(&mod_stat); + if (status) + return status; + status = crypto_kernel_load_debug_module(&mod_alloc); + if (status) + return status; + + /* initialize random number generator */ + status = rand_source_init(); + if (status) + return status; + + /* run FIPS-140 statistical tests on rand_source */ + status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS); + if (status) + return status; + + /* initialize pseudorandom number generator */ + status = ctr_prng_init(rand_source_get_octet_string); + if (status) + return status; + + /* run FIPS-140 statistical tests on ctr_prng */ + status = stat_test_rand_source_with_repetition(ctr_prng_get_octet_string, MAX_RNG_TRIALS); + if (status) + return status; + + /* load cipher types */ + status = crypto_kernel_load_cipher_type(&null_cipher, NULL_CIPHER); + if (status) + return status; + status = crypto_kernel_load_cipher_type(&aes_icm, AES_128_ICM); + if (status) + return status; + status = crypto_kernel_load_cipher_type(&aes_cbc, AES_128_CBC); + if (status) + return status; + + /* load auth func types */ + status = crypto_kernel_load_auth_type(&null_auth, NULL_AUTH); + if (status) + return status; + status = crypto_kernel_load_auth_type(&hmac, HMAC_SHA1); + if (status) + return status; + + /* change state to secure */ + crypto_kernel.state = crypto_kernel_state_secure; + + return err_status_ok; +} + +err_status_t +crypto_kernel_status() { + err_status_t status; + kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; + kernel_auth_type_t *atype = crypto_kernel.auth_type_list; + kernel_debug_module_t *dm = crypto_kernel.debug_module_list; + + /* run FIPS-140 statistical tests on rand_source */ + printf("testing rand_source..."); + status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS); + if (status) { + printf("failed\n"); + crypto_kernel.state = crypto_kernel_state_insecure; + return status; + } + printf("passed\n"); + + /* for each cipher type, describe and test */ + while(ctype != NULL) { + printf("cipher: %s\n", ctype->cipher_type->description); + printf(" instance count: %d\n", ctype->cipher_type->ref_count); + printf(" self-test: "); + status = cipher_type_self_test(ctype->cipher_type); + if (status) { + printf("failed with error code %d\n", status); + exit(status); + } + printf("passed\n"); + ctype = ctype->next; + } + + /* for each auth type, describe and test */ + while(atype != NULL) { + printf("auth func: %s\n", atype->auth_type->description); + printf(" instance count: %d\n", atype->auth_type->ref_count); + printf(" self-test: "); + status = auth_type_self_test(atype->auth_type); + if (status) { + printf("failed with error code %d\n", status); + exit(status); + } + printf("passed\n"); + atype = atype->next; + } + + /* describe each debug module */ + printf("debug modules loaded:\n"); + while (dm != NULL) { + printf(" %s ", dm->mod->name); + if (dm->mod->on) + printf("(on)\n"); + else + printf("(off)\n"); + dm = dm->next; + } + + return err_status_ok; +} + +err_status_t +crypto_kernel_list_debug_modules() { + kernel_debug_module_t *dm = crypto_kernel.debug_module_list; + + /* describe each debug module */ + printf("debug modules loaded:\n"); + while (dm != NULL) { + printf(" %s ", dm->mod->name); + if (dm->mod->on) + printf("(on)\n"); + else + printf("(off)\n"); + dm = dm->next; + } + + return err_status_ok; +} + +err_status_t +crypto_kernel_shutdown() { + err_status_t status; + + /* + * free dynamic memory used in crypto_kernel at present + */ + + /* walk down cipher type list, freeing memory */ + while (crypto_kernel.cipher_type_list != NULL) { + kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; + crypto_kernel.cipher_type_list = ctype->next; + debug_print(mod_crypto_kernel, + "freeing memory for cipher %s", + ctype->cipher_type->description); + crypto_free(ctype); + } + + /* walk down authetication module list, freeing memory */ + while (crypto_kernel.auth_type_list != NULL) { + kernel_auth_type_t *atype = crypto_kernel.auth_type_list; + crypto_kernel.auth_type_list = atype->next; + debug_print(mod_crypto_kernel, + "freeing memory for authentication %s", + atype->auth_type->description); + crypto_free(atype); + } + + /* walk down debug module list, freeing memory */ + while (crypto_kernel.debug_module_list != NULL) { + kernel_debug_module_t *kdm = crypto_kernel.debug_module_list; + crypto_kernel.debug_module_list = kdm->next; + debug_print(mod_crypto_kernel, + "freeing memory for debug module %s", + kdm->mod->name); + crypto_free(kdm); + } + + /* de-initialize random number generator */ status = rand_source_deinit(); + if (status) + return status; + + /* return to insecure state */ + crypto_kernel.state = crypto_kernel_state_insecure; + + return err_status_ok; +} + +err_status_t +crypto_kernel_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) { + kernel_cipher_type_t *ctype, *new_ctype; + err_status_t status; + + /* defensive coding */ + if (new_ct == NULL) + return err_status_bad_param; + + /* check cipher type by running self-test */ + status = cipher_type_self_test(new_ct); + if (status) { + return status; + } + + /* walk down list, checking if this type is in the list already */ + ctype = crypto_kernel.cipher_type_list; + while (ctype != NULL) { + if ((new_ct == ctype->cipher_type) || (id == ctype->id)) + return err_status_bad_param; + ctype = ctype->next; + } + + /* put new_ct at the head of the list */ + /* allocate memory */ + new_ctype = (kernel_cipher_type_t *) crypto_alloc(sizeof(kernel_cipher_type_t)); + if (new_ctype == NULL) + return err_status_alloc_fail; + + /* set fields */ + new_ctype->cipher_type = new_ct; + new_ctype->id = id; + new_ctype->next = crypto_kernel.cipher_type_list; + + /* set head of list to new cipher type */ + crypto_kernel.cipher_type_list = new_ctype; + + /* load debug module, if there is one present */ + if (new_ct->debug != NULL) + crypto_kernel_load_debug_module(new_ct->debug); + /* we could check for errors here */ + + return err_status_ok; +} + +err_status_t +crypto_kernel_load_auth_type(auth_type_t *new_at, auth_type_id_t id) { + kernel_auth_type_t *atype, *new_atype; + err_status_t status; + + /* defensive coding */ + if (new_at == NULL) + return err_status_bad_param; + + /* check auth type by running self-test */ + status = auth_type_self_test(new_at); + if (status) { + return status; + } + + /* walk down list, checking if this type is in the list already */ + atype = crypto_kernel.auth_type_list; + while (atype != NULL) { + if ((new_at == atype->auth_type) || (id == atype->id)) + return err_status_bad_param; + atype = atype->next; + } + + /* put new_at at the head of the list */ + /* allocate memory */ + new_atype = (kernel_auth_type_t *)crypto_alloc(sizeof(kernel_auth_type_t)); + if (new_atype == NULL) + return err_status_alloc_fail; + + /* set fields */ + new_atype->auth_type = new_at; + new_atype->id = id; + new_atype->next = crypto_kernel.auth_type_list; + + /* set head of list to new auth type */ + crypto_kernel.auth_type_list = new_atype; + + /* load debug module, if there is one present */ + if (new_at->debug != NULL) + crypto_kernel_load_debug_module(new_at->debug); + /* we could check for errors here */ + + return err_status_ok; + +} + + +cipher_type_t * +crypto_kernel_get_cipher_type(cipher_type_id_t id) { + kernel_cipher_type_t *ctype; + + /* walk down list, looking for id */ + ctype = crypto_kernel.cipher_type_list; + while (ctype != NULL) { + if (id == ctype->id) + return ctype->cipher_type; + ctype = ctype->next; + } + + /* haven't found the right one, indicate failure by returning NULL */ + return NULL; +} + + +err_status_t +crypto_kernel_alloc_cipher(cipher_type_id_t id, + cipher_pointer_t *cp, + int key_len) { + cipher_type_t *ct; + + /* + * if the crypto_kernel is not yet initialized, we refuse to allocate + * any ciphers - this is a bit extra-paranoid + */ + if (crypto_kernel.state != crypto_kernel_state_secure) + return err_status_init_fail; + + ct = crypto_kernel_get_cipher_type(id); + if (!ct) + return err_status_fail; + + return ((ct)->alloc(cp, key_len)); +} + + + +auth_type_t * +crypto_kernel_get_auth_type(auth_type_id_t id) { + kernel_auth_type_t *atype; + + /* walk down list, looking for id */ + atype = crypto_kernel.auth_type_list; + while (atype != NULL) { + if (id == atype->id) + return atype->auth_type; + atype = atype->next; + } + + /* haven't found the right one, indicate failure by returning NULL */ + return NULL; +} + +err_status_t +crypto_kernel_alloc_auth(auth_type_id_t id, + auth_pointer_t *ap, + int key_len, + int tag_len) { + auth_type_t *at; + + /* + * if the crypto_kernel is not yet initialized, we refuse to allocate + * any auth functions - this is a bit extra-paranoid + */ + if (crypto_kernel.state != crypto_kernel_state_secure) + return err_status_init_fail; + + at = crypto_kernel_get_auth_type(id); + if (!at) + return err_status_fail; + + return ((at)->alloc(ap, key_len, tag_len)); +} + +err_status_t +crypto_kernel_load_debug_module(debug_module_t *new_dm) { + kernel_debug_module_t *kdm, *new; + + /* defensive coding */ + if (new_dm == NULL) + return err_status_bad_param; + + /* walk down list, checking if this type is in the list already */ + kdm = crypto_kernel.debug_module_list; + while (kdm != NULL) { + if (strncmp(new_dm->name, kdm->mod->name, 64) == 0) + return err_status_bad_param; + kdm = kdm->next; + } + + /* put new_dm at the head of the list */ + /* allocate memory */ + new = (kernel_debug_module_t *)crypto_alloc(sizeof(kernel_debug_module_t)); + if (new == NULL) + return err_status_alloc_fail; + + /* set fields */ + new->mod = new_dm; + new->next = crypto_kernel.debug_module_list; + + /* set head of list to new cipher type */ + crypto_kernel.debug_module_list = new; + + return err_status_ok; +} + +err_status_t +crypto_kernel_set_debug_module(char *name, int on) { + kernel_debug_module_t *kdm; + + /* walk down list, checking if this type is in the list already */ + kdm = crypto_kernel.debug_module_list; + while (kdm != NULL) { + if (strncmp(name, kdm->mod->name, 64) == 0) { + kdm->mod->on = on; + return err_status_ok; + } + kdm = kdm->next; + } + + return err_status_fail; +} + +err_status_t +crypto_get_random(unsigned char *buffer, unsigned int length) { + if (crypto_kernel.state == crypto_kernel_state_secure) + return ctr_prng_get_octet_string(buffer, length); + else + return err_status_fail; +} diff --git a/third_party/srtp/crypto/kernel/err.c b/third_party/srtp/crypto/kernel/err.c new file mode 100644 index 0000000..4a3a858 --- /dev/null +++ b/third_party/srtp/crypto/kernel/err.c @@ -0,0 +1,148 @@ +/* + * err.c + * + * error status reporting functions + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "err.h" + +#ifdef ERR_REPORTING_SYSLOG +# ifdef HAVE_SYSLOG_H +# include <syslog.h> +# endif +#endif + + +/* err_level reflects the level of errors that are reported */ + +err_reporting_level_t err_level = err_level_none; + +#ifdef SRTP_KERNEL_LINUX +err_status_t +err_reporting_init(char *ident) { + + return err_status_ok; +} + +#else /* SRTP_KERNEL_LINUX */ + +/* err_file is the FILE to which errors are reported */ + +static FILE *err_file = NULL; + +err_status_t +err_reporting_init(char *ident) { +#ifdef ERR_REPORTING_SYSLOG + openlog(ident, LOG_PID, LOG_AUTHPRIV); +#endif + + /* + * Believe it or not, openlog doesn't return an error on failure. + * But then, neither does the syslog() call... + */ + +#ifdef ERR_REPORTING_STDOUT + err_file = stdout; +#elif defined(USE_ERR_REPORTING_FILE) + /* open file for error reporting */ + err_file = fopen(ERR_REPORTING_FILE, "w"); + if (err_file == NULL) + return err_status_init_fail; +#endif + + return err_status_ok; +} + +void +err_report(int priority, char *format, ...) { + va_list args; + + if (priority <= err_level) { + + va_start(args, format); + if (err_file != NULL) { + vfprintf(err_file, format, args); + /* fprintf(err_file, "\n"); */ + } +#ifdef ERR_REPORTING_SYSLOG + if (1) { /* FIXME: Make this a runtime option. */ + int syslogpri; + + switch (priority) { + case err_level_emergency: + syslogpri = LOG_EMERG; + break; + case err_level_alert: + syslogpri = LOG_ALERT; + break; + case err_level_critical: + syslogpri = LOG_CRIT; + break; + case err_level_error: + syslogpri = LOG_ERR; + break; + case err_level_warning: + syslogpri = LOG_WARNING; + break; + case err_level_notice: + syslogpri = LOG_NOTICE; + break; + case err_level_info: + syslogpri = LOG_INFO; + break; + case err_level_debug: + case err_level_none: + default: + syslogpri = LOG_DEBUG; + break; + } + + vsyslog(syslogpri, format, args); +#endif + va_end(args); + } +} +#endif /* SRTP_KERNEL_LINUX */ + +void +err_reporting_set_level(err_reporting_level_t lvl) { + err_level = lvl; +} diff --git a/third_party/srtp/crypto/kernel/key.c b/third_party/srtp/crypto/kernel/key.c new file mode 100644 index 0000000..9f63b22 --- /dev/null +++ b/third_party/srtp/crypto/kernel/key.c @@ -0,0 +1,115 @@ +/* + * key.c + * + * key usage limits enforcement + * + * David A. Mcgrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "key.h" + +#define soft_limit 0x10000 + +err_status_t +key_limit_set(key_limit_t key, const xtd_seq_num_t s) { +#ifdef NO_64BIT_MATH + if (high32(s) == 0 && low32(s) < soft_limit) + return err_status_bad_param; +#else + if (s < soft_limit) + return err_status_bad_param; +#endif + key->num_left = s; + key->state = key_state_normal; + return err_status_ok; +} + +err_status_t +key_limit_clone(key_limit_t original, key_limit_t *new_key) { + if (original == NULL) + return err_status_bad_param; + *new_key = original; + return err_status_ok; +} + +err_status_t +key_limit_check(const key_limit_t key) { + if (key->state == key_state_expired) + return err_status_key_expired; + return err_status_ok; +} + +key_event_t +key_limit_update(key_limit_t key) { +#ifdef NO_64BIT_MATH + if (low32(key->num_left) == 0) + { + // carry + key->num_left = make64(high32(key->num_left)-1,low32(key->num_left) - 1); + } + else + { + // no carry + key->num_left = make64(high32(key->num_left),low32(key->num_left) - 1); + } + if (high32(key->num_left) != 0 || low32(key->num_left) >= soft_limit) { + return key_event_normal; /* we're above the soft limit */ + } +#else + key->num_left--; + if (key->num_left >= soft_limit) { + return key_event_normal; /* we're above the soft limit */ + } +#endif + if (key->state == key_state_normal) { + /* we just passed the soft limit, so change the state */ + key->state = key_state_past_soft_limit; + } +#ifdef NO_64BIT_MATH + if (low32(key->num_left) == 0 && high32(key->num_left == 0)) +#else + if (key->num_left < 1) +#endif + { /* we just hit the hard limit */ + key->state = key_state_expired; + return key_event_hard_limit; + } + return key_event_soft_limit; +} + diff --git a/third_party/srtp/crypto/math/datatypes.c b/third_party/srtp/crypto/math/datatypes.c new file mode 100644 index 0000000..331aed8 --- /dev/null +++ b/third_party/srtp/crypto/math/datatypes.c @@ -0,0 +1,599 @@ +/* + * datatypes.c + * + * data types for finite fields and functions for input, output, and + * manipulation + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "datatypes.h" + +int +octet_weight[256] = { + 0, 1, 1, 2, 1, 2, 2, 3, + 1, 2, 2, 3, 2, 3, 3, 4, + 1, 2, 2, 3, 2, 3, 3, 4, + 2, 3, 3, 4, 3, 4, 4, 5, + 1, 2, 2, 3, 2, 3, 3, 4, + 2, 3, 3, 4, 3, 4, 4, 5, + 2, 3, 3, 4, 3, 4, 4, 5, + 3, 4, 4, 5, 4, 5, 5, 6, + 1, 2, 2, 3, 2, 3, 3, 4, + 2, 3, 3, 4, 3, 4, 4, 5, + 2, 3, 3, 4, 3, 4, 4, 5, + 3, 4, 4, 5, 4, 5, 5, 6, + 2, 3, 3, 4, 3, 4, 4, 5, + 3, 4, 4, 5, 4, 5, 5, 6, + 3, 4, 4, 5, 4, 5, 5, 6, + 4, 5, 5, 6, 5, 6, 6, 7, + 1, 2, 2, 3, 2, 3, 3, 4, + 2, 3, 3, 4, 3, 4, 4, 5, + 2, 3, 3, 4, 3, 4, 4, 5, + 3, 4, 4, 5, 4, 5, 5, 6, + 2, 3, 3, 4, 3, 4, 4, 5, + 3, 4, 4, 5, 4, 5, 5, 6, + 3, 4, 4, 5, 4, 5, 5, 6, + 4, 5, 5, 6, 5, 6, 6, 7, + 2, 3, 3, 4, 3, 4, 4, 5, + 3, 4, 4, 5, 4, 5, 5, 6, + 3, 4, 4, 5, 4, 5, 5, 6, + 4, 5, 5, 6, 5, 6, 6, 7, + 3, 4, 4, 5, 4, 5, 5, 6, + 4, 5, 5, 6, 5, 6, 6, 7, + 4, 5, 5, 6, 5, 6, 6, 7, + 5, 6, 6, 7, 6, 7, 7, 8 +}; + +int +octet_get_weight(uint8_t octet) { + extern int octet_weight[256]; + + return octet_weight[octet]; +} + +/* + * bit_string is a buffer that is used to hold output strings, e.g. + * for printing. + */ + +/* the value MAX_PRINT_STRING_LEN is defined in datatypes.h */ + +char bit_string[MAX_PRINT_STRING_LEN]; + +uint8_t +nibble_to_hex_char(uint8_t nibble) { + char buf[16] = {'0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; + return buf[nibble & 0xF]; +} + +char * +octet_string_hex_string(const void *s, int length) { + const uint8_t *str = (const uint8_t *)s; + int i; + + /* double length, since one octet takes two hex characters */ + length *= 2; + + /* truncate string if it would be too long */ + if (length > MAX_PRINT_STRING_LEN) + length = MAX_PRINT_STRING_LEN-1; + + for (i=0; i < length; i+=2) { + bit_string[i] = nibble_to_hex_char(*str >> 4); + bit_string[i+1] = nibble_to_hex_char(*str++ & 0xF); + } + bit_string[i] = 0; /* null terminate string */ + return bit_string; +} + +inline int +hex_char_to_nibble(uint8_t c) { + switch(c) { + case ('0'): return 0x0; + case ('1'): return 0x1; + case ('2'): return 0x2; + case ('3'): return 0x3; + case ('4'): return 0x4; + case ('5'): return 0x5; + case ('6'): return 0x6; + case ('7'): return 0x7; + case ('8'): return 0x8; + case ('9'): return 0x9; + case ('a'): return 0xa; + case ('A'): return 0xa; + case ('b'): return 0xb; + case ('B'): return 0xb; + case ('c'): return 0xc; + case ('C'): return 0xc; + case ('d'): return 0xd; + case ('D'): return 0xd; + case ('e'): return 0xe; + case ('E'): return 0xe; + case ('f'): return 0xf; + case ('F'): return 0xf; + default: break; /* this flags an error */ + } + return -1; +} + +int +is_hex_string(char *s) { + while(*s != 0) + if (hex_char_to_nibble(*s++) == -1) + return 0; + return 1; +} + +/* + * hex_string_to_octet_string converts a hexadecimal string + * of length 2 * len to a raw octet string of length len + */ + +int +hex_string_to_octet_string(char *raw, char *hex, int len) { + uint8_t x; + int tmp; + int hex_len; + + hex_len = 0; + while (hex_len < len) { + tmp = hex_char_to_nibble(hex[0]); + if (tmp == -1) + return hex_len; + x = (tmp << 4); + hex_len++; + tmp = hex_char_to_nibble(hex[1]); + if (tmp == -1) + return hex_len; + x |= (tmp & 0xff); + hex_len++; + *raw++ = x; + hex += 2; + } + return hex_len; +} + +char * +v128_hex_string(v128_t *x) { + int i, j; + + for (i=j=0; i < 16; i++) { + bit_string[j++] = nibble_to_hex_char(x->v8[i] >> 4); + bit_string[j++] = nibble_to_hex_char(x->v8[i] & 0xF); + } + + bit_string[j] = 0; /* null terminate string */ + return bit_string; +} + +char * +v128_bit_string(v128_t *x) { + int j, index; + uint32_t mask; + + for (j=index=0; j < 4; j++) { + for (mask=0x80000000; mask > 0; mask >>= 1) { + if (x->v32[j] & mask) + bit_string[index] = '1'; + else + bit_string[index] = '0'; + ++index; + } + } + bit_string[128] = 0; /* null terminate string */ + + return bit_string; +} + +void +v128_copy_octet_string(v128_t *x, const uint8_t s[16]) { +#ifdef ALIGNMENT_32BIT_REQUIRED + if ((((uint32_t) &s[0]) & 0x3) != 0) +#endif + { + x->v8[0] = s[0]; + x->v8[1] = s[1]; + x->v8[2] = s[2]; + x->v8[3] = s[3]; + x->v8[4] = s[4]; + x->v8[5] = s[5]; + x->v8[6] = s[6]; + x->v8[7] = s[7]; + x->v8[8] = s[8]; + x->v8[9] = s[9]; + x->v8[10] = s[10]; + x->v8[11] = s[11]; + x->v8[12] = s[12]; + x->v8[13] = s[13]; + x->v8[14] = s[14]; + x->v8[15] = s[15]; + } +#ifdef ALIGNMENT_32BIT_REQUIRED + else + { + v128_t *v = (v128_t *) &s[0]; + + v128_copy(x,v); + } +#endif +} + +#ifndef DATATYPES_USE_MACROS /* little functions are not macros */ + +void +v128_set_to_zero(v128_t *x) { + _v128_set_to_zero(x); +} + +void +v128_copy(v128_t *x, const v128_t *y) { + _v128_copy(x, y); +} + +void +v128_xor(v128_t *z, v128_t *x, v128_t *y) { + _v128_xor(z, x, y); +} + +void +v128_and(v128_t *z, v128_t *x, v128_t *y) { + _v128_and(z, x, y); +} + +void +v128_or(v128_t *z, v128_t *x, v128_t *y) { + _v128_or(z, x, y); +} + +void +v128_complement(v128_t *x) { + _v128_complement(x); +} + +int +v128_is_eq(const v128_t *x, const v128_t *y) { + return _v128_is_eq(x, y); +} + +int +v128_xor_eq(v128_t *x, const v128_t *y) { + return _v128_xor_eq(x, y); +} + +int +v128_get_bit(const v128_t *x, int i) { + return _v128_get_bit(x, i); +} + +void +v128_set_bit(v128_t *x, int i) { + _v128_set_bit(x, i); +} + +void +v128_clear_bit(v128_t *x, int i){ + _v128_clear_bit(x, i); +} + +void +v128_set_bit_to(v128_t *x, int i, int y){ + _v128_set_bit_to(x, i, y); +} + + +#endif /* DATATYPES_USE_MACROS */ + +void +v128_right_shift(v128_t *x, int index) { + const int base_index = index >> 5; + const int bit_index = index & 31; + int i, from; + uint32_t b; + + if (index > 127) { + v128_set_to_zero(x); + return; + } + + if (bit_index == 0) { + + /* copy each word from left size to right side */ + x->v32[4-1] = x->v32[4-1-base_index]; + for (i=4-1; i > base_index; i--) + x->v32[i-1] = x->v32[i-1-base_index]; + + } else { + + /* set each word to the "or" of the two bit-shifted words */ + for (i = 4; i > base_index; i--) { + from = i-1 - base_index; + b = x->v32[from] << bit_index; + if (from > 0) + b |= x->v32[from-1] >> (32-bit_index); + x->v32[i-1] = b; + } + + } + + /* now wrap up the final portion */ + for (i=0; i < base_index; i++) + x->v32[i] = 0; + +} + +void +v128_left_shift(v128_t *x, int index) { + int i; + const int base_index = index >> 5; + const int bit_index = index & 31; + + if (index > 127) { + v128_set_to_zero(x); + return; + } + + if (bit_index == 0) { + for (i=0; i < 4 - base_index; i++) + x->v32[i] = x->v32[i+base_index]; + } else { + for (i=0; i < 4 - base_index - 1; i++) + x->v32[i] = (x->v32[i+base_index] >> bit_index) ^ + (x->v32[i+base_index+1] << (32 - bit_index)); + x->v32[4 - base_index-1] = x->v32[4-1] >> bit_index; + } + + /* now wrap up the final portion */ + for (i = 4 - base_index; i < 4; i++) + x->v32[i] = 0; + +} + + +int +octet_string_is_eq(uint8_t *a, uint8_t *b, int len) { + uint8_t *end = b + len; + while (b < end) + if (*a++ != *b++) + return 1; + return 0; +} + +void +octet_string_set_to_zero(uint8_t *s, int len) { + uint8_t *end = s + len; + + do { + *s = 0; + } while (++s < end); + +} + + +/* + * From RFC 1521: The Base64 Alphabet + * + * Value Encoding Value Encoding Value Encoding Value Encoding + * 0 A 17 R 34 i 51 z + * 1 B 18 S 35 j 52 0 + * 2 C 19 T 36 k 53 1 + * 3 D 20 U 37 l 54 2 + * 4 E 21 V 38 m 55 3 + * 5 F 22 W 39 n 56 4 + * 6 G 23 X 40 o 57 5 + * 7 H 24 Y 41 p 58 6 + * 8 I 25 Z 42 q 59 7 + * 9 J 26 a 43 r 60 8 + * 10 K 27 b 44 s 61 9 + * 11 L 28 c 45 t 62 + + * 12 M 29 d 46 u 63 / + * 13 N 30 e 47 v + * 14 O 31 f 48 w (pad) = + * 15 P 32 g 49 x + * 16 Q 33 h 50 y + */ + +int +base64_char_to_sextet(uint8_t c) { + switch(c) { + case 'A': + return 0; + case 'B': + return 1; + case 'C': + return 2; + case 'D': + return 3; + case 'E': + return 4; + case 'F': + return 5; + case 'G': + return 6; + case 'H': + return 7; + case 'I': + return 8; + case 'J': + return 9; + case 'K': + return 10; + case 'L': + return 11; + case 'M': + return 12; + case 'N': + return 13; + case 'O': + return 14; + case 'P': + return 15; + case 'Q': + return 16; + case 'R': + return 17; + case 'S': + return 18; + case 'T': + return 19; + case 'U': + return 20; + case 'V': + return 21; + case 'W': + return 22; + case 'X': + return 23; + case 'Y': + return 24; + case 'Z': + return 25; + case 'a': + return 26; + case 'b': + return 27; + case 'c': + return 28; + case 'd': + return 29; + case 'e': + return 30; + case 'f': + return 31; + case 'g': + return 32; + case 'h': + return 33; + case 'i': + return 34; + case 'j': + return 35; + case 'k': + return 36; + case 'l': + return 37; + case 'm': + return 38; + case 'n': + return 39; + case 'o': + return 40; + case 'p': + return 41; + case 'q': + return 42; + case 'r': + return 43; + case 's': + return 44; + case 't': + return 45; + case 'u': + return 46; + case 'v': + return 47; + case 'w': + return 48; + case 'x': + return 49; + case 'y': + return 50; + case 'z': + return 51; + case '0': + return 52; + case '1': + return 53; + case '2': + return 54; + case '3': + return 55; + case '4': + return 56; + case '5': + return 57; + case '6': + return 58; + case '7': + return 59; + case '8': + return 60; + case '9': + return 61; + case '+': + return 62; + case '/': + return 63; + case '=': + return 64; + default: + break; + } + return -1; +} + +/* + * base64_string_to_octet_string converts a hexadecimal string + * of length 2 * len to a raw octet string of length len + */ + +int +base64_string_to_octet_string(char *raw, char *base64, int len) { + uint8_t x; + int tmp; + int base64_len; + + base64_len = 0; + while (base64_len < len) { + tmp = base64_char_to_sextet(base64[0]); + if (tmp == -1) + return base64_len; + x = (tmp << 6); + base64_len++; + tmp = base64_char_to_sextet(base64[1]); + if (tmp == -1) + return base64_len; + x |= (tmp & 0xffff); + base64_len++; + *raw++ = x; + base64 += 2; + } + return base64_len; +} diff --git a/third_party/srtp/crypto/math/gf2_8.c b/third_party/srtp/crypto/math/gf2_8.c new file mode 100644 index 0000000..8a112ba --- /dev/null +++ b/third_party/srtp/crypto/math/gf2_8.c @@ -0,0 +1,83 @@ +/* + * gf2_8.c + * + * GF(256) finite field implementation, with the representation used + * in the AES cipher. + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "datatypes.h" +#include "gf2_8.h" + +/* gf2_8_shift() moved to gf2_8.h as an inline function */ + +inline gf2_8 +gf2_8_multiply(gf2_8 x, gf2_8 y) { + gf2_8 z = 0; + + if (y & 1) z ^= x; x = gf2_8_shift(x); + if (y & 2) z ^= x; x = gf2_8_shift(x); + if (y & 4) z ^= x; x = gf2_8_shift(x); + if (y & 8) z ^= x; x = gf2_8_shift(x); + if (y & 16) z ^= x; x = gf2_8_shift(x); + if (y & 32) z ^= x; x = gf2_8_shift(x); + if (y & 64) z ^= x; x = gf2_8_shift(x); + if (y & 128) z ^= x; + + return z; +} + + +/* this should use the euclidean algorithm */ + +gf2_8 +gf2_8_compute_inverse(gf2_8 x) { + unsigned int i; + + if (x == 0) return 0; /* zero is a special case */ + for (i=0; i < 256; i++) + if (gf2_8_multiply((gf2_8) i, x) == 1) + return (gf2_8) i; + + return 0; +} + diff --git a/third_party/srtp/crypto/math/math.c b/third_party/srtp/crypto/math/math.c new file mode 100644 index 0000000..3e61997 --- /dev/null +++ b/third_party/srtp/crypto/math/math.c @@ -0,0 +1,962 @@ +/* + * math.c + * + * crypto math operations and data types + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "crypto_math.h" +#include <stdlib.h> /* malloc() used in bitvector_alloc */ + +int +octet_weight[256] = { + 0, 1, 1, 2, 1, 2, 2, 3, + 1, 2, 2, 3, 2, 3, 3, 4, + 1, 2, 2, 3, 2, 3, 3, 4, + 2, 3, 3, 4, 3, 4, 4, 5, + 1, 2, 2, 3, 2, 3, 3, 4, + 2, 3, 3, 4, 3, 4, 4, 5, + 2, 3, 3, 4, 3, 4, 4, 5, + 3, 4, 4, 5, 4, 5, 5, 6, + 1, 2, 2, 3, 2, 3, 3, 4, + 2, 3, 3, 4, 3, 4, 4, 5, + 2, 3, 3, 4, 3, 4, 4, 5, + 3, 4, 4, 5, 4, 5, 5, 6, + 2, 3, 3, 4, 3, 4, 4, 5, + 3, 4, 4, 5, 4, 5, 5, 6, + 3, 4, 4, 5, 4, 5, 5, 6, + 4, 5, 5, 6, 5, 6, 6, 7, + 1, 2, 2, 3, 2, 3, 3, 4, + 2, 3, 3, 4, 3, 4, 4, 5, + 2, 3, 3, 4, 3, 4, 4, 5, + 3, 4, 4, 5, 4, 5, 5, 6, + 2, 3, 3, 4, 3, 4, 4, 5, + 3, 4, 4, 5, 4, 5, 5, 6, + 3, 4, 4, 5, 4, 5, 5, 6, + 4, 5, 5, 6, 5, 6, 6, 7, + 2, 3, 3, 4, 3, 4, 4, 5, + 3, 4, 4, 5, 4, 5, 5, 6, + 3, 4, 4, 5, 4, 5, 5, 6, + 4, 5, 5, 6, 5, 6, 6, 7, + 3, 4, 4, 5, 4, 5, 5, 6, + 4, 5, 5, 6, 5, 6, 6, 7, + 4, 5, 5, 6, 5, 6, 6, 7, + 5, 6, 6, 7, 6, 7, 7, 8 +}; + +int +low_bit[256] = { + -1, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0, + 4, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0, + 5, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0, + 4, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0, + 6, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0, + 4, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0, + 5, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0, + 4, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0, + 7, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0, + 4, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0, + 5, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0, + 4, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0, + 6, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0, + 4, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0, + 5, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0, + 4, 0, 1, 0, 2, 0, 1, 0, + 3, 0, 1, 0, 2, 0, 1, 0 +}; + + +int +high_bit[256] = { + -1, 0, 1, 1, 2, 2, 2, 2, + 3, 3, 3, 3, 3, 3, 3, 3, + 4, 4, 4, 4, 4, 4, 4, 4, + 4, 4, 4, 4, 4, 4, 4, 4, + 5, 5, 5, 5, 5, 5, 5, 5, + 5, 5, 5, 5, 5, 5, 5, 5, + 5, 5, 5, 5, 5, 5, 5, 5, + 5, 5, 5, 5, 5, 5, 5, 5, + 6, 6, 6, 6, 6, 6, 6, 6, + 6, 6, 6, 6, 6, 6, 6, 6, + 6, 6, 6, 6, 6, 6, 6, 6, + 6, 6, 6, 6, 6, 6, 6, 6, + 6, 6, 6, 6, 6, 6, 6, 6, + 6, 6, 6, 6, 6, 6, 6, 6, + 6, 6, 6, 6, 6, 6, 6, 6, + 6, 6, 6, 6, 6, 6, 6, 6, + 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7 +}; + +int +octet_get_weight(uint8_t octet) { + extern int octet_weight[256]; + + return octet_weight[octet]; +} + +unsigned char +v32_weight(v32_t a) { + unsigned int wt = 0; + + wt += octet_weight[a.v8[0]]; /* note: endian-ness makes no difference */ + wt += octet_weight[a.v8[1]]; + wt += octet_weight[a.v8[2]]; + wt += octet_weight[a.v8[3]]; + + return wt; +} + +inline unsigned char +v32_distance(v32_t x, v32_t y) { + x.value ^= y.value; + return v32_weight(x); +} + +unsigned int +v32_dot_product(v32_t a, v32_t b) { + a.value &= b.value; + return v32_weight(a) & 1; +} + +/* + * _bit_string returns a NULL-terminated character string suitable for + * printing + */ + +#define MAX_STRING_LENGTH 1024 + +char bit_string[MAX_STRING_LENGTH]; + +char * +octet_bit_string(uint8_t x) { + int mask, index; + + for (mask = 1, index = 0; mask < 256; mask <<= 1) + if ((x & mask) == 0) + bit_string[index++] = '0'; + else + bit_string[index++] = '1'; + + bit_string[index++] = 0; /* NULL terminate string */ + + return bit_string; +} + +char * +v16_bit_string(v16_t x) { + int i, mask, index; + + for (i = index = 0; i < 2; i++) { + for (mask = 1; mask < 256; mask <<= 1) + if ((x.v8[i] & mask) == 0) + bit_string[index++] = '0'; + else + bit_string[index++] = '1'; + } + bit_string[index++] = 0; /* NULL terminate string */ + return bit_string; +} + +char * +v32_bit_string(v32_t x) { + int i, mask, index; + + for (i = index = 0; i < 4; i++) { + for (mask = 128; mask > 0; mask >>= 1) + if ((x.v8[i] & mask) == 0) + bit_string[index++] = '0'; + else + bit_string[index++] = '1'; + } + bit_string[index++] = 0; /* NULL terminate string */ + return bit_string; +} + +char * +v64_bit_string(const v64_t *x) { + int i, mask, index; + + for (i = index = 0; i < 8; i++) { + for (mask = 1; mask < 256; mask <<= 1) + if ((x->v8[i] & mask) == 0) + bit_string[index++] = '0'; + else + bit_string[index++] = '1'; + } + bit_string[index++] = 0; /* NULL terminate string */ + return bit_string; +} + +char * +v128_bit_string(v128_t *x) { + int j, index; + uint32_t mask; + + for (j=index=0; j < 4; j++) { + for (mask=0x80000000; mask > 0; mask >>= 1) { + if (x->v32[j] & mask) + bit_string[index] = '1'; + else + bit_string[index] = '0'; + ++index; + } + } + bit_string[128] = 0; /* null terminate string */ + + return bit_string; +} + +uint8_t +nibble_to_hex_char(uint8_t nibble) { + char buf[16] = {'0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; + return buf[nibble & 0xF]; +} + +char * +octet_hex_string(uint8_t x) { + + bit_string[0] = nibble_to_hex_char(x >> 4); + bit_string[1] = nibble_to_hex_char(x & 0xF); + + bit_string[2] = 0; /* null terminate string */ + return bit_string; +} + +char * +octet_string_hex_string(const void *str, int length) { + const uint8_t *s = str; + int i; + + /* double length, since one octet takes two hex characters */ + length *= 2; + + /* truncate string if it would be too long */ + if (length > MAX_STRING_LENGTH) + length = MAX_STRING_LENGTH-1; + + for (i=0; i < length; i+=2) { + bit_string[i] = nibble_to_hex_char(*s >> 4); + bit_string[i+1] = nibble_to_hex_char(*s++ & 0xF); + } + bit_string[i] = 0; /* null terminate string */ + return bit_string; +} + +char * +v16_hex_string(v16_t x) { + int i, j; + + for (i=j=0; i < 2; i++) { + bit_string[j++] = nibble_to_hex_char(x.v8[i] >> 4); + bit_string[j++] = nibble_to_hex_char(x.v8[i] & 0xF); + } + + bit_string[j] = 0; /* null terminate string */ + return bit_string; +} + +char * +v32_hex_string(v32_t x) { + int i, j; + + for (i=j=0; i < 4; i++) { + bit_string[j++] = nibble_to_hex_char(x.v8[i] >> 4); + bit_string[j++] = nibble_to_hex_char(x.v8[i] & 0xF); + } + + bit_string[j] = 0; /* null terminate string */ + return bit_string; +} + +char * +v64_hex_string(const v64_t *x) { + int i, j; + + for (i=j=0; i < 8; i++) { + bit_string[j++] = nibble_to_hex_char(x->v8[i] >> 4); + bit_string[j++] = nibble_to_hex_char(x->v8[i] & 0xF); + } + + bit_string[j] = 0; /* null terminate string */ + return bit_string; +} + +char * +v128_hex_string(v128_t *x) { + int i, j; + + for (i=j=0; i < 16; i++) { + bit_string[j++] = nibble_to_hex_char(x->v8[i] >> 4); + bit_string[j++] = nibble_to_hex_char(x->v8[i] & 0xF); + } + + bit_string[j] = 0; /* null terminate string */ + return bit_string; +} + +char * +char_to_hex_string(char *x, int num_char) { + int i, j; + + if (num_char >= 16) + num_char = 16; + for (i=j=0; i < num_char; i++) { + bit_string[j++] = nibble_to_hex_char(x[i] >> 4); + bit_string[j++] = nibble_to_hex_char(x[i] & 0xF); + } + + bit_string[j] = 0; /* null terminate string */ + return bit_string; +} + +int +hex_char_to_nibble(uint8_t c) { + switch(c) { + case ('0'): return 0x0; + case ('1'): return 0x1; + case ('2'): return 0x2; + case ('3'): return 0x3; + case ('4'): return 0x4; + case ('5'): return 0x5; + case ('6'): return 0x6; + case ('7'): return 0x7; + case ('8'): return 0x8; + case ('9'): return 0x9; + case ('a'): return 0xa; + case ('A'): return 0xa; + case ('b'): return 0xb; + case ('B'): return 0xb; + case ('c'): return 0xc; + case ('C'): return 0xc; + case ('d'): return 0xd; + case ('D'): return 0xd; + case ('e'): return 0xe; + case ('E'): return 0xe; + case ('f'): return 0xf; + case ('F'): return 0xf; + default: return -1; /* this flags an error */ + } + /* NOTREACHED */ + return -1; /* this keeps compilers from complaining */ +} + +int +is_hex_string(char *s) { + while(*s != 0) + if (hex_char_to_nibble(*s++) == -1) + return 0; + return 1; +} + +uint8_t +hex_string_to_octet(char *s) { + uint8_t x; + + x = (hex_char_to_nibble(s[0]) << 4) + | hex_char_to_nibble(s[1] & 0xFF); + + return x; +} + +/* + * hex_string_to_octet_string converts a hexadecimal string + * of length 2 * len to a raw octet string of length len + */ + +int +hex_string_to_octet_string(char *raw, char *hex, int len) { + uint8_t x; + int tmp; + int hex_len; + + hex_len = 0; + while (hex_len < len) { + tmp = hex_char_to_nibble(hex[0]); + if (tmp == -1) + return hex_len; + x = (tmp << 4); + hex_len++; + tmp = hex_char_to_nibble(hex[1]); + if (tmp == -1) + return hex_len; + x |= (tmp & 0xff); + hex_len++; + *raw++ = x; + hex += 2; + } + return hex_len; +} + +v16_t +hex_string_to_v16(char *s) { + v16_t x; + int i, j; + + for (i=j=0; i < 4; i += 2, j++) { + x.v8[j] = (hex_char_to_nibble(s[i]) << 4) + | hex_char_to_nibble(s[i+1] & 0xFF); + } + return x; +} + +v32_t +hex_string_to_v32(char *s) { + v32_t x; + int i, j; + + for (i=j=0; i < 8; i += 2, j++) { + x.v8[j] = (hex_char_to_nibble(s[i]) << 4) + | hex_char_to_nibble(s[i+1] & 0xFF); + } + return x; +} + +v64_t +hex_string_to_v64(char *s) { + v64_t x; + int i, j; + + for (i=j=0; i < 16; i += 2, j++) { + x.v8[j] = (hex_char_to_nibble(s[i]) << 4) + | hex_char_to_nibble(s[i+1] & 0xFF); + } + return x; +} + +v128_t +hex_string_to_v128(char *s) { + v128_t x; + int i, j; + + for (i=j=0; i < 32; i += 2, j++) { + x.v8[j] = (hex_char_to_nibble(s[i]) << 4) + | hex_char_to_nibble(s[i+1] & 0xFF); + } + return x; +} + + + +/* + * the matrix A[] is stored in column format, i.e., A[i] is the ith + * column of the matrix + */ + +uint8_t +A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b) { + int index = 0; + unsigned mask; + + for (mask=1; mask < 256; mask *= 2) { + if (x & mask) + b^= A[index]; + ++index; + } + + return b; +} + +inline void +v16_copy_octet_string(v16_t *x, const uint8_t s[2]) { + x->v8[0] = s[0]; + x->v8[1] = s[1]; +} + +inline void +v32_copy_octet_string(v32_t *x, const uint8_t s[4]) { + x->v8[0] = s[0]; + x->v8[1] = s[1]; + x->v8[2] = s[2]; + x->v8[3] = s[3]; +} + +inline void +v64_copy_octet_string(v64_t *x, const uint8_t s[8]) { + x->v8[0] = s[0]; + x->v8[1] = s[1]; + x->v8[2] = s[2]; + x->v8[3] = s[3]; + x->v8[4] = s[4]; + x->v8[5] = s[5]; + x->v8[6] = s[6]; + x->v8[7] = s[7]; +} + +void +v128_copy_octet_string(v128_t *x, const uint8_t s[16]) { + x->v8[0] = s[0]; + x->v8[1] = s[1]; + x->v8[2] = s[2]; + x->v8[3] = s[3]; + x->v8[4] = s[4]; + x->v8[5] = s[5]; + x->v8[6] = s[6]; + x->v8[7] = s[7]; + x->v8[8] = s[8]; + x->v8[9] = s[9]; + x->v8[10] = s[10]; + x->v8[11] = s[11]; + x->v8[12] = s[12]; + x->v8[13] = s[13]; + x->v8[14] = s[14]; + x->v8[15] = s[15]; + +} + +#ifndef DATATYPES_USE_MACROS /* little functions are not macros */ + +void +v128_set_to_zero(v128_t *x) { + _v128_set_to_zero(x); +} + +void +v128_copy(v128_t *x, const v128_t *y) { + _v128_copy(x, y); +} + +void +v128_xor(v128_t *z, v128_t *x, v128_t *y) { + _v128_xor(z, x, y); +} + +void +v128_and(v128_t *z, v128_t *x, v128_t *y) { + _v128_and(z, x, y); +} + +void +v128_or(v128_t *z, v128_t *x, v128_t *y) { + _v128_or(z, x, y); +} + +void +v128_complement(v128_t *x) { + _v128_complement(x); +} + +int +v128_is_eq(const v128_t *x, const v128_t *y) { + return _v128_is_eq(x, y); +} + +int +v128_get_bit(const v128_t *x, int i) { + return _v128_get_bit(x, i); +} + +void +v128_set_bit(v128_t *x, int i) { + _v128_set_bit(x, i); +} + +void +v128_clear_bit(v128_t *x, int i){ + _v128_clear_bit(x, i); +} + +void +v128_set_bit_to(v128_t *x, int i, int y){ + _v128_set_bit_to(x, i, y); +} + + +#endif /* DATATYPES_USE_MACROS */ + + +inline void +v128_left_shift2(v128_t *x, int num_bits) { + int i; + int word_shift = num_bits >> 5; + int bit_shift = num_bits & 31; + + for (i=0; i < (4-word_shift); i++) { + x->v32[i] = x->v32[i+word_shift] << bit_shift; + } + + for ( ; i < word_shift; i++) { + x->v32[i] = 0; + } + +} + +void +v128_right_shift(v128_t *x, int index) { + const int base_index = index >> 5; + const int bit_index = index & 31; + int i, from; + uint32_t b; + + if (index > 127) { + v128_set_to_zero(x); + return; + } + + if (bit_index == 0) { + + /* copy each word from left size to right side */ + x->v32[4-1] = x->v32[4-1-base_index]; + for (i=4-1; i > base_index; i--) + x->v32[i-1] = x->v32[i-1-base_index]; + + } else { + + /* set each word to the "or" of the two bit-shifted words */ + for (i = 4; i > base_index; i--) { + from = i-1 - base_index; + b = x->v32[from] << bit_index; + if (from > 0) + b |= x->v32[from-1] >> (32-bit_index); + x->v32[i-1] = b; + } + + } + + /* now wrap up the final portion */ + for (i=0; i < base_index; i++) + x->v32[i] = 0; + +} + +void +v128_left_shift(v128_t *x, int index) { + int i; + const int base_index = index >> 5; + const int bit_index = index & 31; + + if (index > 127) { + v128_set_to_zero(x); + return; + } + + if (bit_index == 0) { + for (i=0; i < 4 - base_index; i++) + x->v32[i] = x->v32[i+base_index]; + } else { + for (i=0; i < 4 - base_index - 1; i++) + x->v32[i] = (x->v32[i+base_index] << bit_index) ^ + (x->v32[i+base_index+1] >> (32 - bit_index)); + x->v32[4 - base_index-1] = x->v32[4-1] << bit_index; + } + + /* now wrap up the final portion */ + for (i = 4 - base_index; i < 4; i++) + x->v32[i] = 0; + +} + + +#if 0 +void +v128_add(v128_t *z, v128_t *x, v128_t *y) { + /* integer addition modulo 2^128 */ + +#ifdef WORDS_BIGENDIAN + uint64_t tmp; + + tmp = x->v32[3] + y->v32[3]; + z->v32[3] = (uint32_t) tmp; + + tmp = x->v32[2] + y->v32[2] + (tmp >> 32); + z->v32[2] = (uint32_t) tmp; + + tmp = x->v32[1] + y->v32[1] + (tmp >> 32); + z->v32[1] = (uint32_t) tmp; + + tmp = x->v32[0] + y->v32[0] + (tmp >> 32); + z->v32[0] = (uint32_t) tmp; + +#else /* assume little endian architecture */ + uint64_t tmp; + + tmp = htonl(x->v32[3]) + htonl(y->v32[3]); + z->v32[3] = ntohl((uint32_t) tmp); + + tmp = htonl(x->v32[2]) + htonl(y->v32[2]) + htonl(tmp >> 32); + z->v32[2] = ntohl((uint32_t) tmp); + + tmp = htonl(x->v32[1]) + htonl(y->v32[1]) + htonl(tmp >> 32); + z->v32[1] = ntohl((uint32_t) tmp); + + tmp = htonl(x->v32[0]) + htonl(y->v32[0]) + htonl(tmp >> 32); + z->v32[0] = ntohl((uint32_t) tmp); + +#endif /* WORDS_BIGENDIAN */ + +} +#endif + +int +octet_string_is_eq(uint8_t *a, uint8_t *b, int len) { + uint8_t *end = b + len; + while (b < end) + if (*a++ != *b++) + return 1; + return 0; +} + +void +octet_string_set_to_zero(uint8_t *s, int len) { + uint8_t *end = s + len; + + do { + *s = 0; + } while (++s < end); + +} + +/* functions manipulating bit_vector_t */ + +#define BITVECTOR_MAX_WORDS 5 + +int +bitvector_alloc(bitvector_t *v, unsigned long length) { + unsigned long l = (length + bytes_per_word - 1) / bytes_per_word; + int i; + + /* allocate memory, then set parameters */ + if (l > BITVECTOR_MAX_WORDS) + return -1; + else + l = BITVECTOR_MAX_WORDS; + v->word = malloc(l); + if (v->word == NULL) + return -1; + v->length = length; + + /* initialize bitvector to zero */ + for (i=0; i < (length >> 5); i++) { + v->word = 0; + } + + return 0; +} + +void +bitvector_set_bit(bitvector_t *v, int bit_index) { + + v->word[(bit_index >> 5)] |= (1 << (bit_index & 31)); + +} + +int +bitvector_get_bit(const bitvector_t *v, int bit_index) { + + return ((v->word[(bit_index >> 5)]) >> (bit_index & 31)) & 1; + +} + +#include <stdio.h> + +int +bitvector_print_hex(const bitvector_t *v, FILE *stream) { + int i; + int m = v->length >> 5; + int n = v->length & 31; + char string[9]; + uint32_t tmp; + + /* if length isn't a multiple of four, we can't hex_print */ + if (n & 3) + return -1; + + /* if the length is zero, do nothing */ + if (v->length == 0) + return 0; + + /* + * loop over words from most significant to least significant - + */ + + for (i=m; i > 0; i++) { + char *str = string + 7; + tmp = v->word[i]; + + /* null terminate string */ + string[8] = 0; + + /* loop over nibbles */ + *str-- = nibble_to_hex_char(tmp & 0xf); tmp >>= 4; + *str-- = nibble_to_hex_char(tmp & 0xf); tmp >>= 4; + *str-- = nibble_to_hex_char(tmp & 0xf); tmp >>= 4; + *str-- = nibble_to_hex_char(tmp & 0xf); tmp >>= 4; + *str-- = nibble_to_hex_char(tmp & 0xf); tmp >>= 4; + *str-- = nibble_to_hex_char(tmp & 0xf); tmp >>= 4; + *str-- = nibble_to_hex_char(tmp & 0xf); tmp >>= 4; + *str-- = nibble_to_hex_char(tmp & 0xf); + + /* now print stream */ + fprintf(stream, string); + } + + return 0; + +} + + +int +hex_string_length(char *s) { + int count = 0; + + /* ignore leading zeros */ + while ((*s != 0) && *s == '0') + s++; + + /* count remaining characters */ + while (*s != 0) { + if (hex_char_to_nibble(*s++) == -1) + return -1; + count++; + } + + return count; +} + +int +bitvector_set_from_hex(bitvector_t *v, char *string) { + int num_hex_chars, m, n, i, j; + uint32_t tmp; + + num_hex_chars = hex_string_length(string); + if (num_hex_chars == -1) + return -1; + + /* set length */ + v->length = num_hex_chars * 4; + /* + * at this point, we should subtract away a bit if the high + * bit of the first character is zero, but we ignore that + * for now and assume that we're four-bit aligned - DAM + */ + + + m = num_hex_chars / 8; /* number of words */ + n = num_hex_chars % 8; /* number of nibbles in last word */ + + /* if the length is greater than the bitvector, return an error */ + if (m > BITVECTOR_MAX_WORDS) + return -1; + + /* + * loop over words from most significant - first word is a special + * case + */ + + if (n) { + tmp = 0; + for (i=0; i < n; i++) { + tmp = hex_char_to_nibble(*string++); + tmp <<= 4; + } + v->word[m] = tmp; + } + + /* now loop over the rest of the words */ + for (i=m-1; i >= 0; i--) { + tmp = 0; + for (j=0; j < 8; j++) { + tmp = hex_char_to_nibble(*string++); + tmp <<= 4; + } + v->word[i] = tmp; + } + + return 0; +} + + +/* functions below not yet tested! */ + +int +v32_low_bit(v32_t *w) { + int value; + + value = low_bit[w->v8[0]]; + if (value != -1) + return value; + value = low_bit[w->v8[1]]; + if (value != -1) + return value + 8; + value = low_bit[w->v8[2]]; + if (value != -1) + return value + 16; + value = low_bit[w->v8[3]]; + if (value == -1) + return -1; + return value + 24; +} + +/* high_bit not done yet */ + + + + + diff --git a/third_party/srtp/crypto/math/stat.c b/third_party/srtp/crypto/math/stat.c new file mode 100644 index 0000000..5e46c20 --- /dev/null +++ b/third_party/srtp/crypto/math/stat.c @@ -0,0 +1,367 @@ +/* + * stats.c + * + * statistical tests for randomness (FIPS 140-2, Section 4.9) + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +#include "stat.h" + +debug_module_t mod_stat = { + 0, /* debugging is off by default */ + (char *)"stat test" /* printable module name */ +}; + +/* + * each test assumes that 20,000 bits (2500 octets) of data is + * provided as input + */ + +#define STAT_TEST_DATA_LEN 2500 + +err_status_t +stat_test_monobit(uint8_t *data) { + uint8_t *data_end = data + STAT_TEST_DATA_LEN; + uint16_t ones_count; + + ones_count = 0; + while (data < data_end) { + ones_count += octet_get_weight(*data); + data++; + } + + debug_print(mod_stat, "bit count: %d", ones_count); + + if ((ones_count < 9725) || (ones_count > 10275)) + return err_status_algo_fail; + + return err_status_ok; +} + +err_status_t +stat_test_poker(uint8_t *data) { + int i; + uint8_t *data_end = data + STAT_TEST_DATA_LEN; + double poker; + uint16_t f[16] = { + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0 + }; + + while (data < data_end) { + f[*data & 0x0f]++; /* increment freq. count for low nibble */ + f[(*data) >> 4]++; /* increment freq. count for high nibble */ + data++; + } + + poker = 0.0; + for (i=0; i < 16; i++) + poker += (double) f[i] * f[i]; + + poker *= (16.0 / 5000.0); + poker -= 5000.0; + + debug_print(mod_stat, "poker test: %f\n", poker); + + if ((poker < 2.16) || (poker > 46.17)) + return err_status_algo_fail; + + return err_status_ok; +} + + +/* + * runs[i] holds the number of runs of size (i-1) + */ + +err_status_t +stat_test_runs(uint8_t *data) { + uint8_t *data_end = data + STAT_TEST_DATA_LEN; + uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 }; + uint16_t gaps[6] = { 0, 0, 0, 0, 0, 0 }; + uint16_t lo_value[6] = { 2315, 1114, 527, 240, 103, 103 }; + uint16_t hi_value[6] = { 2685, 1386, 723, 384, 209, 209 }; + int state = 0; + uint16_t mask; + int i; + + /* + * the state variable holds the number of bits in the + * current run (or gap, if negative) + */ + + while (data < data_end) { + + /* loop over the bits of this byte */ + for (mask = 1; mask < 256; mask <<= 1) { + if (*data & mask) { + + /* next bit is a one */ + if (state > 0) { + + /* prefix is a run, so increment the run-count */ + state++; + + /* check for long runs */ + if (state > 25) { + debug_print(mod_stat, ">25 runs: %d", state); + return err_status_algo_fail; + } + + } else if (state < 0) { + + /* prefix is a gap */ + if (state < -25) { + debug_print(mod_stat, ">25 gaps: %d", state); + return err_status_algo_fail; /* long-runs test failed */ + } + if (state < -6) { + state = -6; /* group together gaps > 5 */ + } + gaps[-1-state]++; /* increment gap count */ + state = 1; /* set state at one set bit */ + } else { + + /* state is zero; this happens only at initialization */ + state = 1; + } + } else { + + /* next bit is a zero */ + if (state > 0) { + + /* prefix is a run */ + if (state > 25) { + debug_print(mod_stat, ">25 runs (2): %d", state); + return err_status_algo_fail; /* long-runs test failed */ + } + if (state > 6) { + state = 6; /* group together runs > 5 */ + } + runs[state-1]++; /* increment run count */ + state = -1; /* set state at one zero bit */ + } else if (state < 0) { + + /* prefix is a gap, so increment gap-count (decrement state) */ + state--; + + /* check for long gaps */ + if (state < -25) { + debug_print(mod_stat, ">25 gaps (2): %d", state); + return err_status_algo_fail; + } + + } else { + + /* state is zero; this happens only at initialization */ + state = -1; + } + } + } + + /* move along to next octet */ + data++; + } + + if (mod_stat.on) { + debug_print(mod_stat, "runs test", NULL); + for (i=0; i < 6; i++) + debug_print(mod_stat, " runs[]: %d", runs[i]); + for (i=0; i < 6; i++) + debug_print(mod_stat, " gaps[]: %d", gaps[i]); + } + + /* check run and gap counts against the fixed limits */ + for (i=0; i < 6; i++) + if ( (runs[i] < lo_value[i] ) || (runs[i] > hi_value[i]) + || (gaps[i] < lo_value[i] ) || (gaps[i] > hi_value[i])) + return err_status_algo_fail; + + + return err_status_ok; +} + + +/* + * the function stat_test_rand_source applys the FIPS-140-2 statistical + * tests to the random source defined by rs + * + */ + +#define RAND_SRC_BUF_OCTETS 50 /* this value MUST divide 2500! */ + +err_status_t +stat_test_rand_source(rand_source_func_t get_rand_bytes) { + int i; + double poker; + uint8_t *data, *data_end; + uint16_t f[16] = { + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0 + }; + uint8_t buffer[RAND_SRC_BUF_OCTETS]; + err_status_t status; + int ones_count = 0; + uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 }; + uint16_t gaps[6] = { 0, 0, 0, 0, 0, 0 }; + uint16_t lo_value[6] = { 2315, 1114, 527, 240, 103, 103 }; + uint16_t hi_value[6] = { 2685, 1386, 723, 384, 209, 209 }; + int state = 0; + uint16_t mask; + + /* counters for monobit, poker, and runs tests are initialized above */ + + /* main loop: fill buffer, update counters for stat tests */ + for (i=0; i < 2500; i+=RAND_SRC_BUF_OCTETS) { + + /* fill data buffer */ + status = get_rand_bytes(buffer, RAND_SRC_BUF_OCTETS); + if (status) { + debug_print(mod_stat, "couldn't get rand bytes: %d",status); + return status; + } + +#if 0 + debug_print(mod_stat, "%s", + octet_string_hex_string(buffer, RAND_SRC_BUF_OCTETS)); +#endif + + data = buffer; + data_end = data + RAND_SRC_BUF_OCTETS; + while (data < data_end) { + + /* update monobit test counter */ + ones_count += octet_get_weight(*data); + + /* update poker test counters */ + f[*data & 0x0f]++; /* increment freq. count for low nibble */ + f[(*data) >> 4]++; /* increment freq. count for high nibble */ + + /* update runs test counters */ + /* loop over the bits of this byte */ + for (mask = 1; mask < 256; mask <<= 1) { + if (*data & mask) { + + /* next bit is a one */ + if (state > 0) { + + /* prefix is a run, so increment the run-count */ + state++; + + /* check for long runs */ + if (state > 25) { + debug_print(mod_stat, ">25 runs (3): %d", state); + return err_status_algo_fail; + } + + } else if (state < 0) { + + /* prefix is a gap */ + if (state < -25) { + debug_print(mod_stat, ">25 gaps (3): %d", state); + return err_status_algo_fail; /* long-runs test failed */ + } + if (state < -6) { + state = -6; /* group together gaps > 5 */ + } + gaps[-1-state]++; /* increment gap count */ + state = 1; /* set state at one set bit */ + } else { + + /* state is zero; this happens only at initialization */ + state = 1; + } + } else { + + /* next bit is a zero */ + if (state > 0) { + + /* prefix is a run */ + if (state > 25) { + debug_print(mod_stat, ">25 runs (4): %d", state); + return err_status_algo_fail; /* long-runs test failed */ + } + if (state > 6) { + state = 6; /* group together runs > 5 */ + } + runs[state-1]++; /* increment run count */ + state = -1; /* set state at one zero bit */ + } else if (state < 0) { + + /* prefix is a gap, so increment gap-count (decrement state) */ + state--; + + /* check for long gaps */ + if (state < -25) { + debug_print(mod_stat, ">25 gaps (4): %d", state); + return err_status_algo_fail; + } + + } else { + + /* state is zero; this happens only at initialization */ + state = -1; + } + } + } + + /* advance data pointer */ + data++; + } + } + + /* check to see if test data is within bounds */ + + /* check monobit test data */ + + debug_print(mod_stat, "stat: bit count: %d", ones_count); + + if ((ones_count < 9725) || (ones_count > 10275)) { + debug_print(mod_stat, "stat: failed monobit test %d", ones_count); + return err_status_algo_fail; + } + + /* check poker test data */ + poker = 0.0; + for (i=0; i < 16; i++) + poker += (double) f[i] * f[i]; + + poker *= (16.0 / 5000.0); + poker -= 5000.0; + + debug_print(mod_stat, "stat: poker test: %f", poker); + + if ((poker < 2.16) || (poker > 46.17)) { + debug_print(mod_stat, "stat: failed poker test", NULL); + return err_status_algo_fail; + } + + /* check run and gap counts against the fixed limits */ + for (i=0; i < 6; i++) + if ((runs[i] < lo_value[i] ) || (runs[i] > hi_value[i]) + || (gaps[i] < lo_value[i] ) || (gaps[i] > hi_value[i])) { + debug_print(mod_stat, "stat: failed run/gap test", NULL); + return err_status_algo_fail; + } + + debug_print(mod_stat, "passed random stat test", NULL); + return err_status_ok; +} + +err_status_t +stat_test_rand_source_with_repetition(rand_source_func_t source, unsigned num_trials) { + unsigned int i; + err_status_t err = err_status_algo_fail; + + for (i=0; i < num_trials; i++) { + err = stat_test_rand_source(source); + if (err == err_status_ok) { + return err_status_ok; + } + debug_print(mod_stat, "failed stat test (try number %d)\n", i); + } + + return err; +} diff --git a/third_party/srtp/crypto/replay/rdb.c b/third_party/srtp/crypto/replay/rdb.c new file mode 100644 index 0000000..c826912 --- /dev/null +++ b/third_party/srtp/crypto/replay/rdb.c @@ -0,0 +1,137 @@ +/* + * rdb.c + * + * Implements a replay database for packet security + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "rdb.h" + + +/* + * this implementation of a replay database works as follows: + * + * window_start is the index of the first packet in the window + * bitmask a bit-buffer, containing the most recently entered + * index as the leftmost bit + * + */ + +/* rdb_init initalizes rdb */ + +err_status_t +rdb_init(rdb_t *rdb) { + v128_set_to_zero(&rdb->bitmask); + rdb->window_start = 0; + return err_status_ok; +} + +/* + * rdb_check checks to see if index appears in rdb + */ + +err_status_t +rdb_check(const rdb_t *rdb, uint32_t index) { + + /* if the index appears after (or at very end of) the window, its good */ + if (index >= rdb->window_start + rdb_bits_in_bitmask) + return err_status_ok; + + /* if the index appears before the window, its bad */ + if (index < rdb->window_start) + return err_status_replay_old; + + /* otherwise, the index appears within the window, so check the bitmask */ + if (v128_get_bit(&rdb->bitmask, (index - rdb->window_start)) == 1) + return err_status_replay_fail; + + /* otherwise, the index is okay */ + return err_status_ok; +} + +/* + * rdb_add_index adds index to rdb_t (and does *not* check if + * index appears in db) + * + * this function should be called only after rdb_check has + * indicated that the index does not appear in the rdb, e.g., a mutex + * should protect the rdb between these calls + */ + +err_status_t +rdb_add_index(rdb_t *rdb, uint32_t index) { + int delta; + + /* here we *assume* that index > rdb->window_start */ + + delta = (index - rdb->window_start); + if (delta < rdb_bits_in_bitmask) { + + /* if the index is within the window, set the appropriate bit */ + v128_set_bit(&rdb->bitmask, delta); + + } else { + + delta -= rdb_bits_in_bitmask - 1; + + /* shift the window forward by delta bits*/ + v128_left_shift(&rdb->bitmask, delta); + v128_set_bit(&rdb->bitmask, rdb_bits_in_bitmask-1); + rdb->window_start += delta; + + } + + return err_status_ok; +} + +err_status_t +rdb_increment(rdb_t *rdb) { + + if (rdb->window_start++ > 0x7fffffff) + return err_status_key_expired; + return err_status_ok; +} + +uint32_t +rdb_get_value(const rdb_t *rdb) { + return rdb->window_start; +} diff --git a/third_party/srtp/crypto/replay/rdbx.c b/third_party/srtp/crypto/replay/rdbx.c new file mode 100644 index 0000000..12e4e8f --- /dev/null +++ b/third_party/srtp/crypto/replay/rdbx.c @@ -0,0 +1,289 @@ +/* + * rdbx.c + * + * a replay database with extended range, using a rollover counter + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "rdbx.h" + +#define rdbx_high_bit_in_bitmask 127 + +/* + * from draft-ietf-avt-srtp-00.txt: + * + * A receiver reconstructs the index i of a packet with sequence + * number s using the estimate + * + * i = 65,536 * t + s, + * + * where t is chosen from the set { r-1, r, r+1 } such that i is + * closest to the value 65,536 * r + s_l. If the value r+1 is used, + * then the rollover counter r in the cryptographic context is + * incremented by one (if the packet containing s is authentic). + */ + + + +/* + * rdbx implementation notes + * + * A xtd_seq_num_t is essentially a sequence number for which some of + * the data on the wire are implicit. It logically consists of a + * rollover counter and a sequence number; the sequence number is the + * explicit part, and the rollover counter is the implicit part. + * + * Upon receiving a sequence_number (e.g. in a newly received SRTP + * packet), the complete xtd_seq_num_t can be estimated by using a + * local xtd_seq_num_t as a basis. This is done using the function + * index_guess(&local, &guess, seq_from_packet). This function + * returns the difference of the guess and the local value. The local + * xtd_seq_num_t can be moved forward to the guess using the function + * index_advance(&guess, delta), where delta is the difference. + * + * + * A rdbx_t consists of a xtd_seq_num_t and a bitmask. The index is highest + * sequence number that has been received, and the bitmask indicates + * which of the recent indicies have been received as well. The + * highest bit in the bitmask corresponds to the index in the bitmask. + */ + + +void +index_init(xtd_seq_num_t *pi) { +#ifdef NO_64BIT_MATH + *pi = make64(0,0); +#else + *pi = 0; +#endif +} + +void +index_advance(xtd_seq_num_t *pi, sequence_number_t s) { +#ifdef NO_64BIT_MATH + /* a > ~b means a+b will generate a carry */ + /* s is uint16 here */ + *pi = make64(high32(*pi) + (s > ~low32(*pi) ? 1 : 0),low32(*pi) + s); +#else + *pi += s; +#endif +} + + +/* + * index_guess(local, guess, s) + * + * given a xtd_seq_num_t local (which represents the last + * known-to-be-good received xtd_seq_num_t) and a sequence number s + * (from a newly arrived packet), sets the contents of *guess to + * contain the best guess of the packet index to which s corresponds, + * and returns the difference between *guess and *local + * + * nota bene - the output is a signed integer, DON'T cast it to a + * unsigned integer! + */ + +int +index_guess(const xtd_seq_num_t *local, + xtd_seq_num_t *guess, + sequence_number_t s) { +#ifdef NO_64BIT_MATH + uint32_t local_roc = ((high32(*local) << 16) | + (low32(*local) >> 16)); + uint16_t local_seq = (uint16_t) (low32(*local)); +#else + uint32_t local_roc = (uint32_t)(*local >> 16); + uint16_t local_seq = (uint16_t) *local; +#endif +#ifdef NO_64BIT_MATH + uint32_t guess_roc = ((high32(*guess) << 16) | + (low32(*guess) >> 16)); + uint16_t guess_seq = (uint16_t) (low32(*guess)); +#else + uint32_t guess_roc = (uint32_t)(*guess >> 16); + uint16_t guess_seq = (uint16_t) *guess; +#endif + int difference; + + if (local_seq < seq_num_median) { + if (s - local_seq > seq_num_median) { + guess_roc = local_roc - 1; + difference = seq_num_max - s + local_seq; + } else { + guess_roc = local_roc; + difference = s - local_seq; + } + } else { + if (local_seq - seq_num_median > s) { + guess_roc = local_roc+1; + difference = seq_num_max - local_seq + s; + } else { + difference = s - local_seq; + guess_roc = local_roc; + } + } + guess_seq = s; + + /* Note: guess_roc is 32 bits, so this generates a 48-bit result! */ +#ifdef NO_64BIT_MATH + *guess = make64(guess_roc >> 16, + (guess_roc << 16) | guess_seq); +#else + *guess = (((uint64_t) guess_roc) << 16) | guess_seq; +#endif + + return difference; +} + +/* + * rdbx + * + */ + + +/* + * rdbx_init(&r) initalizes the rdbx_t pointed to by r + */ + +err_status_t +rdbx_init(rdbx_t *rdbx) { + v128_set_to_zero(&rdbx->bitmask); + index_init(&rdbx->index); + + return err_status_ok; +} + + +/* + * rdbx_check(&r, delta) checks to see if the xtd_seq_num_t + * which is at rdbx->index + delta is in the rdb + */ + +err_status_t +rdbx_check(const rdbx_t *rdbx, int delta) { + + if (delta > 0) { /* if delta is positive, it's good */ + return err_status_ok; + } else if (rdbx_high_bit_in_bitmask + delta < 0) { + /* if delta is lower than the bitmask, it's bad */ + return err_status_replay_old; + } else if (v128_get_bit(&rdbx->bitmask, + rdbx_high_bit_in_bitmask + delta) == 1) { + /* delta is within the window, so check the bitmask */ + return err_status_replay_fail; + } + /* otherwise, the index is okay */ + + return err_status_ok; +} + +/* + * rdbx_add_index adds the xtd_seq_num_t at rdbx->window_start + d to + * replay_db (and does *not* check if that xtd_seq_num_t appears in db) + * + * this function should be called only after replay_check has + * indicated that the index does not appear in the rdbx, e.g., a mutex + * should protect the rdbx between these calls if need be + */ + +err_status_t +rdbx_add_index(rdbx_t *rdbx, int delta) { + + if (delta > 0) { + /* shift forward by delta */ + index_advance(&rdbx->index, delta); + v128_left_shift(&rdbx->bitmask, delta); + v128_set_bit(&rdbx->bitmask, 127); + } else { + /* delta is in window, so flip bit in bitmask */ + v128_set_bit(&rdbx->bitmask, -delta); + } + + /* note that we need not consider the case that delta == 0 */ + + return err_status_ok; +} + + + +/* + * rdbx_estimate_index(rdbx, guess, s) + * + * given an rdbx and a sequence number s (from a newly arrived packet), + * sets the contents of *guess to contain the best guess of the packet + * index to which s corresponds, and returns the difference between + * *guess and the locally stored synch info + */ + +int +rdbx_estimate_index(const rdbx_t *rdbx, + xtd_seq_num_t *guess, + sequence_number_t s) { + + /* + * if the sequence number and rollover counter in the rdbx are + * non-zero, then use the index_guess(...) function, otherwise, just + * set the rollover counter to zero (since the index_guess(...) + * function might incorrectly guess that the rollover counter is + * 0xffffffff) + */ + +#ifdef NO_64BIT_MATH + /* seq_num_median = 0x8000 */ + if (high32(rdbx->index) > 0 || + low32(rdbx->index) > seq_num_median) +#else + if (rdbx->index > seq_num_median) +#endif + return index_guess(&rdbx->index, guess, s); + +#ifdef NO_64BIT_MATH + *guess = make64(0,(uint32_t) s); +#else + *guess = s; +#endif + +#ifdef NO_64BIT_MATH + return s - (uint16_t) low32(rdbx->index); +#else + return s - (uint16_t) rdbx->index; +#endif +} diff --git a/third_party/srtp/crypto/replay/ut_sim.c b/third_party/srtp/crypto/replay/ut_sim.c new file mode 100644 index 0000000..43c411e --- /dev/null +++ b/third_party/srtp/crypto/replay/ut_sim.c @@ -0,0 +1,105 @@ +/* + * ut_sim.c + * + * an unreliable transport simulator + * (for testing replay databases and suchlike) + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "ut_sim.h" + + +int +ut_compar(const void *a, const void *b) { + return rand() > (RAND_MAX/2) ? -1 : 1; +} + +void +ut_init(ut_connection *utc) { + int i; + utc->index = 0; + + for (i=0; i < UT_BUF; i++) + utc->buffer[i] = i; + + qsort(utc->buffer, UT_BUF, sizeof(uint32_t), ut_compar); + + utc->index = UT_BUF - 1; +} + +uint32_t +ut_next_index(ut_connection *utc) { + uint32_t tmp; + + tmp = utc->buffer[0]; + utc->index++; + utc->buffer[0] = utc->index; + + qsort(utc->buffer, UT_BUF, sizeof(uint32_t), ut_compar); + + return tmp; +} + + + +#ifdef UT_TEST + +#include <stdio.h> + +int +main() { + uint32_t i, irecvd, idiff; + ut_connection utc; + + ut_init(&utc); + + for (i=0; i < 1000; i++) { + irecvd = ut_next_index(&utc); + idiff = i - irecvd; + printf("%lu\t%lu\t%d\n", i, irecvd, idiff); + } + + return 0; +} + + +#endif diff --git a/third_party/srtp/crypto/rng/ctr_prng.c b/third_party/srtp/crypto/rng/ctr_prng.c new file mode 100644 index 0000000..ab76df3 --- /dev/null +++ b/third_party/srtp/crypto/rng/ctr_prng.c @@ -0,0 +1,108 @@ +/* + * ctr_prng.c + * + * counter mode based pseudorandom source + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "prng.h" + +/* single, global prng structure */ + +ctr_prng_t ctr_prng; + +err_status_t +ctr_prng_init(rand_source_func_t random_source) { + uint8_t tmp_key[32]; + err_status_t status; + + /* initialize output count to zero */ + ctr_prng.octet_count = 0; + + /* set random source */ + ctr_prng.rand = random_source; + + /* initialize secret key from random source */ + status = random_source(tmp_key, 32); + if (status) + return status; + + /* initialize aes ctr context with random key */ + status = aes_icm_context_init(&ctr_prng.state, tmp_key); + if (status) + return status; + + return err_status_ok; +} + +err_status_t +ctr_prng_get_octet_string(void *dest, uint32_t len) { + err_status_t status; + + /* + * if we need to re-initialize the prng, do so now + * + * avoid 32-bit overflows by subtracting instead of adding + */ + if (ctr_prng.octet_count > MAX_PRNG_OUT_LEN - len) { + status = ctr_prng_init(ctr_prng.rand); + if (status) + return status; + } + ctr_prng.octet_count += len; + + /* + * write prng output + */ + status = aes_icm_output(&ctr_prng.state, (uint8_t*)dest, len); + if (status) + return status; + + return err_status_ok; +} + +err_status_t +ctr_prng_deinit(void) { + + /* nothing */ + + return err_status_ok; +} diff --git a/third_party/srtp/crypto/rng/prng.c b/third_party/srtp/crypto/rng/prng.c new file mode 100644 index 0000000..69350a4 --- /dev/null +++ b/third_party/srtp/crypto/rng/prng.c @@ -0,0 +1,180 @@ +/* + * prng.c + * + * pseudorandom source + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "prng.h" + +/* single, global prng structure */ + +x917_prng_t x917_prng; + +err_status_t +x917_prng_init(rand_source_func_t random_source) { + v128_t tmp_key; + err_status_t status; + + /* initialize output count to zero */ + x917_prng.octet_count = 0; + + /* set random source */ + x917_prng.rand = random_source; + + /* initialize secret key from random source */ + status = random_source((uint8_t *)&tmp_key, 16); + if (status) + return status; + + /* expand aes key */ + aes_expand_encryption_key(&tmp_key, x917_prng.key); + + /* initialize prng state from random source */ + status = x917_prng.rand((uint8_t *)&x917_prng.state, 16); + if (status) + return status; + + return err_status_ok; +} + +err_status_t +x917_prng_get_octet_string(uint8_t *dest, uint32_t len) { + uint32_t t; + v128_t buffer; + uint32_t i, tail_len; + err_status_t status; + + /* + * if we need to re-initialize the prng, do so now + * + * avoid overflows by subtracting instead of adding + */ + if (x917_prng.octet_count > MAX_PRNG_OUT_LEN - len) { + status = x917_prng_init(x917_prng.rand); + if (status) + return status; + } + x917_prng.octet_count += len; + + /* find out the time */ + t = (uint32_t)time(NULL); + + /* loop until we have output enough data */ + for (i=0; i < len/16; i++) { + + /* exor time into state */ + x917_prng.state.v32[0] ^= t; + + /* copy state into buffer */ + v128_copy(&buffer, &x917_prng.state); + + /* apply aes to buffer */ + aes_encrypt(&buffer, x917_prng.key); + + /* write data to output */ + *dest++ = buffer.v8[0]; + *dest++ = buffer.v8[1]; + *dest++ = buffer.v8[2]; + *dest++ = buffer.v8[3]; + *dest++ = buffer.v8[4]; + *dest++ = buffer.v8[5]; + *dest++ = buffer.v8[6]; + *dest++ = buffer.v8[7]; + *dest++ = buffer.v8[8]; + *dest++ = buffer.v8[9]; + *dest++ = buffer.v8[10]; + *dest++ = buffer.v8[11]; + *dest++ = buffer.v8[12]; + *dest++ = buffer.v8[13]; + *dest++ = buffer.v8[14]; + *dest++ = buffer.v8[15]; + + /* exor time into buffer */ + buffer.v32[0] ^= t; + + /* encrypt buffer */ + aes_encrypt(&buffer, x917_prng.key); + + /* copy buffer into state */ + v128_copy(&x917_prng.state, &buffer); + + } + + /* if we need to output any more octets, we'll do so now */ + tail_len = len % 16; + if (tail_len) { + + /* exor time into state */ + x917_prng.state.v32[0] ^= t; + + /* copy value into buffer */ + v128_copy(&buffer, &x917_prng.state); + + /* apply aes to buffer */ + aes_encrypt(&buffer, x917_prng.key); + + /* write data to output */ + for (i=0; i < tail_len; i++) { + *dest++ = buffer.v8[i]; + } + + /* now update the state one more time */ + + /* exor time into buffer */ + buffer.v32[0] ^= t; + + /* encrypt buffer */ + aes_encrypt(&buffer, x917_prng.key); + + /* copy buffer into state */ + v128_copy(&x917_prng.state, &buffer); + + } + + return err_status_ok; +} + +err_status_t +x917_prng_deinit(void) { + + return err_status_ok; +} diff --git a/third_party/srtp/crypto/rng/rand_linux_kernel.c b/third_party/srtp/crypto/rng/rand_linux_kernel.c new file mode 100644 index 0000000..c51978e --- /dev/null +++ b/third_party/srtp/crypto/rng/rand_linux_kernel.c @@ -0,0 +1,65 @@ +/* + * rand_linux_kernel.c + * + * implements a random source using Linux kernel functions + * + * Marcus Sundberg + * Ingate Systems AB + */ +/* + * + * Copyright(c) 2005 Ingate Systems AB + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the author(s) nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "config.h" +#include "rand_source.h" + + +err_status_t +rand_source_init(void) { + return err_status_ok; +} + +err_status_t +rand_source_get_octet_string(void *dest, uint32_t len) { + + get_random_bytes(dest, len); + + return err_status_ok; +} + +err_status_t +rand_source_deinit(void) { + return err_status_ok; +} diff --git a/third_party/srtp/crypto/rng/rand_source.c b/third_party/srtp/crypto/rng/rand_source.c new file mode 100644 index 0000000..3d01d25 --- /dev/null +++ b/third_party/srtp/crypto/rng/rand_source.c @@ -0,0 +1,175 @@ +/* + * rand_source.c + * + * implements a random source based on /dev/random + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "srtp_config.h" + +#if defined(DEV_URANDOM) || defined(PJ_DEV_URANDOM) +# include <fcntl.h> /* for open() */ +# include <unistd.h> /* for close() */ +#elif (_MSC_VER >= 1400) +#define _CRT_RAND_S +# include <stdlib.h> +# include <stdio.h> +#else +# include <stdio.h> +#endif + +#include "rand_source.h" + + +/* + * global dev_rand_fdes is file descriptor for /dev/random + * + * This variable is also used to indicate that the random source has + * been initialized. When this variable is set to the value of the + * #define RAND_SOURCE_NOT_READY, it indicates that the random source + * is not ready to be used. The value of the #define + * RAND_SOURCE_READY is for use whenever that variable is used as an + * indicator of the state of the random source, but not as a file + * descriptor. + */ + +#define RAND_SOURCE_NOT_READY (-1) +#define RAND_SOURCE_READY (17) + +static int dev_random_fdes = RAND_SOURCE_NOT_READY; + + +err_status_t +rand_source_init(void) { + if (dev_random_fdes >= 0) { + /* already open */ + return err_status_ok; + } +#ifdef DEV_URANDOM + /* open random source for reading */ + dev_random_fdes = open(DEV_URANDOM, O_RDONLY); + if (dev_random_fdes < 0) + return err_status_init_fail; +#elif defined(PJ_DEV_URANDOM) + /* open random source for reading */ + dev_random_fdes = open(PJ_DEV_URANDOM, O_RDONLY); + if (dev_random_fdes < 0) { + err_report(3,"Ugh: /dev/urandom not present, using rand() instead"); + return err_status_ok; /* it's ok, it'll fallback to using rand() */ + } +#elif (_MSC_VER >= 1400) + dev_random_fdes = RAND_SOURCE_READY; +#else + /* no random source available; let the user know */
+ err_report(err_level_info, "WARNING: no real random source present!\n"); + dev_random_fdes = RAND_SOURCE_READY; +#endif + return err_status_ok; +} + +err_status_t +rand_source_get_octet_string(void *dest, uint32_t len) { + + /* + * read len octets from /dev/random to dest, and + * check return value to make sure enough octets were + * written + */ +#ifdef DEV_URANDOM + if (read(dev_random_fdes, dest, len) != len) + return err_status_fail; +#elif 0 && (_MSC_VER >= 1400) /* disabled rand_s, causing assertion 'rand_s not supported' in vs8 */ + unsigned int *dst = dest; + while (len) + { + unsigned int val = 0; + errno_t err = rand_s(&val); + if (err != 0) + { + return err_status_fail; + } + + *dst++ = val; + len--; + } +#else + uint8_t *dst = (uint8_t *)dest; +
+#ifdef PJ_DEV_URANDOM + /* First try with /dev/urandom, if it's opened */ + if (dev_random_fdes >= 0) { + if (read(dev_random_fdes, dest, len) == len) + return err_status_ok; /* success */ + }
+#endif + + /* Generic C-library (rand()) version */ + /* This is a random source of last resort */ + while (len) + { + int val = rand(); + /* rand() returns 0-32767 (ugh) */ + /* Is this a good enough way to get random bytes? + It is if it passes FIPS-140... */ + *dst++ = val & 0xff; + len--; + } +#endif + return err_status_ok; +} + +err_status_t +rand_source_deinit(void) { +#ifndef PJ_DEV_URANDOM + if (dev_random_fdes < 0) + return err_status_dealloc_fail; /* well, we haven't really failed, * + * but there is something wrong */ +#endif +
+#if defined(DEV_URANDOM) || defined(PJ_DEV_URANDOM) + if (dev_random_fdes >= 0) + close(dev_random_fdes); + + dev_random_fdes = RAND_SOURCE_NOT_READY;
+#endif + + return err_status_ok; +} + diff --git a/third_party/srtp/crypto/test/aes_calc.c b/third_party/srtp/crypto/test/aes_calc.c new file mode 100644 index 0000000..2fac07a --- /dev/null +++ b/third_party/srtp/crypto/test/aes_calc.c @@ -0,0 +1,111 @@ +/* + * aes_calc.c + * + * A simple AES calculator for generating AES encryption values + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + + Example usage (with first NIST FIPS 197 test case): + +[sh]$ test/aes_calc 000102030405060708090a0b0c0d0e0f 00112233445566778899aabbccddeeff -v + plaintext: 00112233445566778899aabbccddeeff + key: 000102030405060708090a0b0c0d0e0f + ciphertext: 69c4e0d86a7b0430d8cdb78070b4c55a + + */ + +#include "aes.h" +#include <stdio.h> +#include <string.h> + +void +usage(char *prog_name) { + printf("usage: %s <key> <plaintext> [-v]\n", prog_name); + exit(255); +} + +#define AES_KEY_LEN 16 + +int +main (int argc, char *argv[]) { + v128_t data, key; + aes_expanded_key_t exp_key; + int len; + int verbose; + + if (argc == 3) { + /* we're not in verbose mode */ + verbose = 0; + } else if (argc == 4) { + if (strncmp(argv[3], "-v", 2) == 0) { + /* we're in verbose mode */ + verbose = 1; + } else { + /* unrecognized flag, complain and exit */ + usage(argv[0]); + } + } else { + /* we've been fed the wrong number of arguments - compain and exit */ + usage(argv[0]); + } + + /* read in key, checking length */ + if (strlen(argv[1]) > AES_KEY_LEN*2) { + fprintf(stderr, + "error: too many digits in key " + "(should be %d hexadecimal digits, found %u)\n", + AES_KEY_LEN*2, (unsigned)strlen(argv[1])); + exit(1); + } + len = hex_string_to_octet_string((char *)&key, argv[1], AES_KEY_LEN*2); + /* check that hex string is the right length */ + if (len < AES_KEY_LEN*2) { + fprintf(stderr, + "error: too few digits in key " + "(should be %d hexadecimal digits, found %d)\n", + AES_KEY_LEN*2, len); + exit(1); + } + + /* read in plaintext, checking length */ + if (strlen(argv[2]) > 16*2) { + fprintf(stderr, + "error: too many digits in plaintext " + "(should be %d hexadecimal digits, found %u)\n", + 16*2, (unsigned)strlen(argv[2])); + exit(1); + } + len = hex_string_to_octet_string((char *)(&data), argv[2], 16*2); + /* check that hex string is the right length */ + if (len < 16*2) { + fprintf(stderr, + "error: too few digits in plaintext " + "(should be %d hexadecimal digits, found %d)\n", + 16*2, len); + exit(1); + } + + if (verbose) { + /* print out plaintext */ + printf("plaintext:\t%s\n", octet_string_hex_string((uint8_t *)&data, 16)); + } + + /* encrypt plaintext */ + aes_expand_encryption_key(&key, exp_key); + + aes_encrypt(&data, exp_key); + + /* write ciphertext to output */ + if (verbose) { + printf("key:\t\t%s\n", v128_hex_string(&key)); + printf("ciphertext:\t"); + } + printf("%s\n", v128_hex_string(&data)); + + return 0; +} + diff --git a/third_party/srtp/crypto/test/auth_driver.c b/third_party/srtp/crypto/test/auth_driver.c new file mode 100644 index 0000000..cd8a75d --- /dev/null +++ b/third_party/srtp/crypto/test/auth_driver.c @@ -0,0 +1,200 @@ +/* + * auth_driver.c + * + * a driver for auth functions + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include <stdio.h> /* for printf() */ +#include <stdlib.h> /* for xalloc() */ +#include <unistd.h> /* for getopt() */ + +#include "auth.h" +#include "null_auth.h" + +#define PRINT_DEBUG_DATA 0 + +extern auth_type_t tmmhv2; + +const uint16_t msg0[9] = { + 0x6015, 0xf141, 0x5ba1, 0x29a0, 0xf604, 0xd1c, 0x2d9, 0xaa8a, 0x7931 +}; + +/* key1 is for TAG_WORDS = 2 */ + +const uint16_t key1[47] = { + 0xe627, 0x6a01, 0x5ea7, 0xf27a, 0xc536, 0x2192, 0x11be, 0xea35, + 0xdb9d, 0x63d6, 0xfa8a, 0xfc45, 0xe08b, 0xd216, 0xced2, 0x7853, + 0x1a82, 0x22f5, 0x90fb, 0x1c29, 0x708e, 0xd06f, 0x82c3, 0xbee6, + 0x4f21, 0x6f33, 0x65c0, 0xd211, 0xc25e, 0x9138, 0x4fa3, 0x7c1f, + 0x61ac, 0x3489, 0x2976, 0x8c19, 0x8252, 0xddbf, 0xcad3, 0xc28f, + 0x68d6, 0x58dd, 0x504f, 0x2bbf, 0x0278, 0x70b7, 0xcfca +}; + +double +auth_bits_per_second(auth_t *h, int msg_len); + + +void +usage(char *prog_name) { + printf("usage: %s [ -t | -v ]\n", prog_name); + exit(255); +} + +#define MAX_MSG_LEN 2048 + +int +main (int argc, char *argv[]) { + auth_t *a = NULL; + err_status_t status; + int i; + int c; + unsigned do_timing_test = 0; + unsigned do_validation = 0; + + /* process input arguments */ + while (1) { + c = getopt(argc, argv, "tv"); + if (c == -1) + break; + switch (c) { + case 't': + do_timing_test = 1; + break; + case 'v': + do_validation = 1; + break; + default: + usage(argv[0]); + } + } + + printf("auth driver\nDavid A. McGrew\nCisco Systems, Inc.\n"); + + if (!do_validation && !do_timing_test) + usage(argv[0]); + + if (do_validation) { + printf("running self-test for %s...", tmmhv2.description); + status = tmmhv2_add_big_test(); + if (status) { + printf("tmmhv2_add_big_test failed with error code %d\n", status); + exit(status); + } + status = auth_type_self_test(&tmmhv2); + if (status) { + printf("failed with error code %d\n", status); + exit(status); + } + printf("passed\n"); + } + + if (do_timing_test) { + + /* tmmhv2 timing test */ + status = auth_type_alloc(&tmmhv2, &a, 94, 4); + if (status) { + fprintf(stderr, "can't allocate tmmhv2\n"); + exit(status); + } + status = auth_init(a, (uint8_t *)key1); + if (status) { + printf("error initializaing auth function\n"); + exit(status); + } + + printf("timing %s (tag length %d)\n", + tmmhv2.description, auth_get_tag_length(a)); + for (i=8; i <= MAX_MSG_LEN; i *= 2) + printf("msg len: %d\tgigabits per second: %f\n", + i, auth_bits_per_second(a, i) / 1E9); + + status = auth_dealloc(a); + if (status) { + printf("error deallocating auth function\n"); + exit(status); + } + + } + + return 0; +} + +#define NUM_TRIALS 100000 + +#include <time.h> + +double +auth_bits_per_second(auth_t *a, int msg_len_octets) { + int i; + clock_t timer; + uint8_t *result; + int msg_len = (msg_len_octets + 1)/2; + uint16_t *msg_string; + + /* create random message */ + msg_string = (uint16_t *) crypto_alloc(msg_len_octets); + if (msg_string == NULL) + return 0.0; /* indicate failure */ + for (i=0; i < msg_len; i++) + msg_string[i] = (uint16_t) random(); + + /* allocate temporary storage for authentication tag */ + result = crypto_alloc(auth_get_tag_length(a)); + if (result == NULL) { + free(msg_string); + return 0.0; /* indicate failure */ + } + + timer = clock(); + for (i=0; i < NUM_TRIALS; i++) { + auth_compute(a, (uint8_t *)msg_string, msg_len_octets, (uint8_t *)result); + } + timer = clock() - timer; + + free(msg_string); + free(result); + + return (double) NUM_TRIALS * 8 * msg_len_octets * CLOCKS_PER_SEC / timer; +} + + diff --git a/third_party/srtp/crypto/test/cipher_driver.c b/third_party/srtp/crypto/test/cipher_driver.c new file mode 100644 index 0000000..25ca90a --- /dev/null +++ b/third_party/srtp/crypto/test/cipher_driver.c @@ -0,0 +1,491 @@ +/* + * cipher_driver.c + * + * A driver for the generic cipher type + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include <stdio.h> /* for printf() */ +#include <stdlib.h> /* for rand() */ +#include <string.h> /* for memset() */ +#include <unistd.h> /* for getopt() */ +#include "cipher.h" +#include "aes_icm.h" +#include "null_cipher.h" + +#define PRINT_DEBUG 0 + +void +cipher_driver_test_throughput(cipher_t *c); + +err_status_t +cipher_driver_self_test(cipher_type_t *ct); + + +/* + * cipher_driver_test_buffering(ct) tests the cipher's output + * buffering for correctness by checking the consistency of succesive + * calls + */ + +err_status_t +cipher_driver_test_buffering(cipher_t *c); + + +/* + * functions for testing cipher cache thrash + */ +err_status_t +cipher_driver_test_array_throughput(cipher_type_t *ct, + int klen, int num_cipher); + +void +cipher_array_test_throughput(cipher_t *ca[], int num_cipher); + +uint64_t +cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher, + unsigned octets_in_buffer, int num_trials); + +err_status_t +cipher_array_delete(cipher_t *cipher_array[], int num_cipher); + +err_status_t +cipher_array_alloc_init(cipher_t ***cipher_array, int num_ciphers, + cipher_type_t *ctype, int klen); + +void +usage(char *prog_name) { + printf("usage: %s [ -t | -v | -a ]\n", prog_name); + exit(255); +} + +void +check_status(err_status_t s) { + if (s) { + printf("error (code %d)\n", s); + exit(s); + } + return; +} + +/* + * null_cipher, aes_icm, and aes_cbc are the cipher meta-objects + * defined in the files in crypto/cipher subdirectory. these are + * declared external so that we can use these cipher types here + */ + +extern cipher_type_t null_cipher; +extern cipher_type_t aes_icm; +extern cipher_type_t aes_cbc; + +int +main(int argc, char *argv[]) { + cipher_t *c = NULL; + err_status_t status; + unsigned char test_key[20] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13 + }; + int q; + unsigned do_timing_test = 0; + unsigned do_validation = 0; + unsigned do_array_timing_test = 0; + + /* process input arguments */ + while (1) { + q = getopt(argc, argv, "tva"); + if (q == -1) + break; + switch (q) { + case 't': + do_timing_test = 1; + break; + case 'v': + do_validation = 1; + break; + case 'a': + do_array_timing_test = 1; + break; + default: + usage(argv[0]); + } + } + + printf("cipher test driver\n" + "David A. McGrew\n" + "Cisco Systems, Inc.\n"); + + if (!do_validation && !do_timing_test && !do_array_timing_test) + usage(argv[0]); + + /* arry timing (cache thrash) test */ + if (do_array_timing_test) { + int max_num_cipher = 1 << 16; /* number of ciphers in cipher_array */ + int num_cipher; + + for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) + cipher_driver_test_array_throughput(&null_cipher, 0, num_cipher); + + for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) + cipher_driver_test_array_throughput(&aes_icm, 30, num_cipher); + + for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) + cipher_driver_test_array_throughput(&aes_cbc, 16, num_cipher); + + } + + if (do_validation) { + cipher_driver_self_test(&null_cipher); + cipher_driver_self_test(&aes_icm); + cipher_driver_self_test(&aes_cbc); + } + + /* do timing and/or buffer_test on null_cipher */ + status = cipher_type_alloc(&null_cipher, &c, 0); + check_status(status); + + status = cipher_init(c, NULL, direction_encrypt); + check_status(status); + + if (do_timing_test) + cipher_driver_test_throughput(c); + if (do_validation) { + status = cipher_driver_test_buffering(c); + check_status(status); + } + status = cipher_dealloc(c); + check_status(status); + + + /* run the throughput test on the aes_icm cipher */ + status = cipher_type_alloc(&aes_icm, &c, 30); + if (status) { + fprintf(stderr, "error: can't allocate cipher\n"); + exit(status); + } + + status = cipher_init(c, test_key, direction_encrypt); + check_status(status); + + if (do_timing_test) + cipher_driver_test_throughput(c); + + if (do_validation) { + status = cipher_driver_test_buffering(c); + check_status(status); + } + + status = cipher_dealloc(c); + check_status(status); + + return 0; +} + +void +cipher_driver_test_throughput(cipher_t *c) { + int i; + int min_enc_len = 32; + int max_enc_len = 2048; /* should be a power of two */ + int num_trials = 100000; + + printf("timing %s throughput:\n", c->type->description); + fflush(stdout); + for (i=min_enc_len; i <= max_enc_len; i = i * 2) + printf("msg len: %d\tgigabits per second: %f\n", + i, cipher_bits_per_second(c, i, num_trials) / 1e9); + +} + +err_status_t +cipher_driver_self_test(cipher_type_t *ct) { + err_status_t status; + + printf("running cipher self-test for %s...", ct->description); + status = cipher_type_self_test(ct); + if (status) { + printf("failed with error code %d\n", status); + exit(status); + } + printf("passed\n"); + + return err_status_ok; +} + +/* + * cipher_driver_test_buffering(ct) tests the cipher's output + * buffering for correctness by checking the consistency of succesive + * calls + */ + +err_status_t +cipher_driver_test_buffering(cipher_t *c) { + int i, j, num_trials = 1000; + unsigned len, buflen = 1024; + uint8_t buffer0[buflen], buffer1[buflen], *current, *end; + uint8_t idx[16] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x34 + }; + err_status_t status; + + printf("testing output buffering for cipher %s...", + c->type->description); + + for (i=0; i < num_trials; i++) { + + /* set buffers to zero */ + for (j=0; j < buflen; j++) + buffer0[j] = buffer1[j] = 0; + + /* initialize cipher */ + status = cipher_set_iv(c, idx); + if (status) + return status; + + /* generate 'reference' value by encrypting all at once */ + status = cipher_encrypt(c, buffer0, &buflen); + if (status) + return status; + + /* re-initialize cipher */ + status = cipher_set_iv(c, idx); + if (status) + return status; + + /* now loop over short lengths until buffer1 is encrypted */ + current = buffer1; + end = buffer1 + buflen; + while (current < end) { + + /* choose a short length */ + len = rand() & 0x01f; + + /* make sure that len doesn't cause us to overreach the buffer */ + if (current + len > end) + len = end - current; + + status = cipher_encrypt(c, current, &len); + if (status) + return status; + + /* advance pointer into buffer1 to reflect encryption */ + current += len; + + /* if buffer1 is all encrypted, break out of loop */ + if (current == end) + break; + } + + /* compare buffers */ + for (j=0; j < buflen; j++) + if (buffer0[j] != buffer1[j]) { +#if PRINT_DEBUG + printf("test case %d failed at byte %d\n", i, j); + printf("computed: %s\n", octet_string_hex_string(buffer1, buflen)); + printf("expected: %s\n", octet_string_hex_string(buffer0, buflen)); +#endif + return err_status_algo_fail; + } + } + + printf("passed\n"); + + return err_status_ok; +} + + +/* + * The function cipher_test_throughput_array() tests the effect of CPU + * cache thrash on cipher throughput. + * + * cipher_array_alloc_init(ctype, array, num_ciphers) creates an array + * of cipher_t of type ctype + */ + +err_status_t +cipher_array_alloc_init(cipher_t ***ca, int num_ciphers, + cipher_type_t *ctype, int klen) { + int i, j; + err_status_t status; + uint8_t *key; + cipher_t **cipher_array; + + /* allocate array of pointers to ciphers */ + cipher_array = (cipher_t **) malloc(sizeof(cipher_t *) * num_ciphers); + if (cipher_array == NULL) + return err_status_alloc_fail; + + /* set ca to location of cipher_array */ + *ca = cipher_array; + + /* allocate key */ + key = crypto_alloc(klen); + if (key == NULL) { + free(cipher_array); + return err_status_alloc_fail; + } + + /* allocate and initialize an array of ciphers */ + for (i=0; i < num_ciphers; i++) { + + /* allocate cipher */ + status = cipher_type_alloc(ctype, cipher_array, klen); + if (status) + return status; + + /* generate random key and initialize cipher */ + for (j=0; j < klen; j++) + key[j] = (uint8_t) rand(); + status = cipher_init(*cipher_array, key, direction_encrypt); + if (status) + return status; + +/* printf("%dth cipher is at %p\n", i, *cipher_array); */ +/* printf("%dth cipher description: %s\n", i, */ +/* (*cipher_array)->type->description); */ + + /* advance cipher array pointer */ + cipher_array++; + } + + return err_status_ok; +} + +err_status_t +cipher_array_delete(cipher_t *cipher_array[], int num_cipher) { + int i; + + for (i=0; i < num_cipher; i++) { + cipher_dealloc(cipher_array[i]); + } + + free(cipher_array); + + return err_status_ok; +} + + +/* + * cipher_array_bits_per_second(c, l, t) computes (an estimate of) the + * number of bits that a cipher implementation can encrypt in a second + * when distinct keys are used to encrypt distinct messages + * + * c is a cipher (which MUST be allocated an initialized already), l + * is the length in octets of the test data to be encrypted, and t is + * the number of trials + * + * if an error is encountered, the value 0 is returned + */ + +uint64_t +cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher, + unsigned octets_in_buffer, int num_trials) { + int i; + v128_t nonce; + clock_t timer; + unsigned char *enc_buf; + int cipher_index = 0; + + + enc_buf = crypto_alloc(octets_in_buffer); + if (enc_buf == NULL) + return 0; /* indicate bad parameters by returning null */ + + /* time repeated trials */ + v128_set_to_zero(&nonce); + timer = clock(); + for(i=0; i < num_trials; i++, nonce.v32[3] = i) { + + /* choose a cipher at random from the array*/ + cipher_index = (*((uint32_t *)enc_buf)) % num_cipher; + + /* encrypt buffer with cipher */ + cipher_set_iv(cipher_array[cipher_index], &nonce); + cipher_encrypt(cipher_array[cipher_index], enc_buf, &octets_in_buffer); + } + timer = clock() - timer; + + free(enc_buf); + + if (timer == 0) { + /* Too fast! */ + return 0; + } + + return CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer; +} + +void +cipher_array_test_throughput(cipher_t *ca[], int num_cipher) { + int i; + int min_enc_len = 16; + int max_enc_len = 2048; /* should be a power of two */ + int num_trials = 10000; + + printf("timing %s throughput with array size %d:\n", + (ca[0])->type->description, num_cipher); + fflush(stdout); + for (i=min_enc_len; i <= max_enc_len; i = i * 4) + printf("msg len: %d\tgigabits per second: %f\n", i, + cipher_array_bits_per_second(ca, num_cipher, i, num_trials) / 1e9); + +} + +err_status_t +cipher_driver_test_array_throughput(cipher_type_t *ct, + int klen, int num_cipher) { + cipher_t **ca = NULL; + err_status_t status; + + status = cipher_array_alloc_init(&ca, num_cipher, ct, klen); + if (status) { + printf("error: cipher_array_alloc_init() failed with error code %d\n", + status); + return status; + } + + cipher_array_test_throughput(ca, num_cipher); + + cipher_array_delete(ca, num_cipher); + + return err_status_ok; +} diff --git a/third_party/srtp/crypto/test/datatypes_driver.c b/third_party/srtp/crypto/test/datatypes_driver.c new file mode 100644 index 0000000..f186652 --- /dev/null +++ b/third_party/srtp/crypto/test/datatypes_driver.c @@ -0,0 +1,237 @@ +/* + * datatypes_driver.c + * + * a test driver for crypto/math datatypes + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include <stdio.h> /* for printf() */ +#include <string.h> /* for strlen() */ +#include "datatypes.h" + +void +byte_order(void); + +void +test_hex_string_funcs(void); + +void +print_string(char *s); + +void +test_bswap(void); + +int +main (void) { + + /* + * this program includes various and sundry tests for fundamental + * datatypes. it's a grab-bag of throwaway code, retained only in + * case of future problems + */ + + int i, j; + v128_t x; + char *r = + "The Moving Finger writes; and, having writ,\n" + "Moves on: nor all thy Piety nor Wit\n" + "Shall lure it back to cancel half a Line,\n" + "Nor all thy Tears wash out a Word of it."; + char *s = "incomplet"; + + print_string(r); + print_string(s); + + byte_order(); + test_hex_string_funcs(); + + for (j=0; j < 128; j++) { + v128_set_to_zero(&x); + /* x.v32[0] = (1 << j); */ + v128_set_bit(&x, j); + printf("%s\n", v128_bit_string(&x)); + v128_clear_bit(&x, j); + printf("%s\n", v128_bit_string(&x)); + + } + + printf("----------------------------------------------\n"); + v128_set_to_zero(&x); + for (i=0; i < 128; i++) { + v128_set_bit(&x, i); + } + printf("%s\n", v128_bit_string(&x)); + + printf("----------------------------------------------\n"); + v128_set_to_zero(&x); + v128_set_bit(&x, 0); + for (i=0; i < 128; i++) { + printf("%s\n", v128_bit_string(&x)); + v128_right_shift(&x, 1); + } + printf("----------------------------------------------\n"); + v128_set_to_zero(&x); + v128_set_bit(&x, 127); + for (i=0; i < 128; i++) { + printf("%s\n", v128_bit_string(&x)); + v128_left_shift(&x, 1); + } + printf("----------------------------------------------\n"); + for (i=0; i < 128; i++) { + v128_set_to_zero(&x); + v128_set_bit(&x, 127); + v128_left_shift(&x, i); + printf("%s\n", v128_bit_string(&x)); + } + printf("----------------------------------------------\n"); + v128_set_to_zero(&x); + for (i=0; i < 128; i+=2) { + v128_set_bit(&x, i); + } + printf("bit_string: { %s }\n", v128_bit_string(&x)); + printf("get_bit: { "); + for (i=0; i < 128; i++) { + if (v128_get_bit(&x, i) == 1) + printf("1"); + else + printf("0"); + } + printf(" } \n"); + + test_bswap(); + + return 0; +} + + +/* byte_order() prints out byte ordering of datatypes */ + +void +byte_order(void) { + int i; + v128_t e; +#if 0 + v16_t b; + v32_t c; + v64_t d; + + for (i=0; i < sizeof(b); i++) + b.octet[i] = i; + for (i=0; i < sizeof(c); i++) + c.octet[i] = i; + for (i=0; i < sizeof(d); i++) + d.octet[i] = i; + + printf("v128_t:\t%s\n", v128_hex_string(&e)); + printf("v64_t:\t%s\n", v64_hex_string(&d)); + printf("v32_t:\t%s\n", v32_hex_string(c)); + printf("v16_t:\t%s\n", v16_hex_string(b)); + + c.value = 0x01020304; + printf("v32_t:\t%s\n", v32_hex_string(c)); + b.value = 0x0102; + printf("v16_t:\t%s\n", v16_hex_string(b)); + + printf("uint16_t ordering:\n"); + + c.value = 0x00010002; + printf("v32_t:\t%x%x\n", c.v16[0], c.v16[1]); +#endif + + printf("byte ordering of crypto/math datatypes:\n"); + for (i=0; i < sizeof(e); i++) + e.v8[i] = i; + printf("v128_t: %s\n", v128_hex_string(&e)); + +} + +void +test_hex_string_funcs(void) { + char hex1[] = "abadcafe"; + char hex2[] = "0123456789abcdefqqqqq"; + char raw[10]; + int len; + + len = hex_string_to_octet_string(raw, hex1, strlen(hex1)); + printf("computed length: %d\tstring: %s\n", len, + octet_string_hex_string(raw, len/2)); + printf("expected length: %u\tstring: %s\n", (unsigned)strlen(hex1), hex1); + + len = hex_string_to_octet_string(raw, hex2, strlen(hex2)); + printf("computed length: %d\tstring: %s\n", len, + octet_string_hex_string(raw, len/2)); + printf("expected length: %d\tstring: %s\n", 16, "0123456789abcdef"); + +} + +void +print_string(char *s) { + int i; + printf("%s\n", s); + printf("strlen(s) = %u\n", (unsigned)strlen(s)); + printf("{ "); + for (i=0; i < strlen(s); i++) { + printf("0x%x, ", s[i]); + if (((i+1) % 8) == 0) + printf("\n "); + } + printf("}\n"); +} + +void +test_bswap(void) { + uint32_t x = 0x11223344; + uint64_t y = 0x1122334455667788LL; + + printf("before: %0x\nafter: %0x\n", x, be32_to_cpu(x)); + printf("before: %0llx\nafter: %0llx\n", (unsigned long long)y, + (unsigned long long)be64_to_cpu(y)); + + y = 1234; + + printf("1234: %0llx\n", (unsigned long long)y); + printf("as octet string: %s\n", + octet_string_hex_string((uint8_t *) &y, 8)); + y = be64_to_cpu(y); + printf("bswapped octet string: %s\n", + octet_string_hex_string((uint8_t *) &y, 8)); +} diff --git a/third_party/srtp/crypto/test/env.c b/third_party/srtp/crypto/test/env.c new file mode 100644 index 0000000..37a6e27 --- /dev/null +++ b/third_party/srtp/crypto/test/env.c @@ -0,0 +1,99 @@ +/* + * env.c + * + * prints out a brief report on the build environment + * + * David McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include <stdio.h> +#include <string.h> /* for srtcmp() */ +#include "config.h" + +int +main(void) { + int err_count = 0; + char *str; + +#ifdef WORDS_BIGENDIAN + printf("CPU set to big-endian\t\t\t(WORDS_BIGENDIAN == 1)\n"); +#else + printf("CPU set to little-endian\t\t(WORDS_BIGENDIAN == 0)\n"); +#endif + +#ifdef CPU_RISC + printf("CPU set to RISC\t\t\t\t(CPU_RISC == 1)\n"); +#elif defined(CPU_CISC) + printf("CPU set to CISC\t\t\t\t(CPU_CISC == 1)\n"); +#else + printf("CPU set to an unknown type, probably due to a configuration error\n"); + err_count++; +#endif + +#ifdef CPU_ALTIVEC + printf("CPU set to ALTIVEC\t\t\t\t(CPU_ALTIVEC == 0)\n"); +#endif + +#ifndef NO_64BIT_MATH + printf("using native 64-bit type\t\t(NO_64_BIT_MATH == 0)\n"); +#else + printf("using built-in 64-bit math\t\t(NO_64_BIT_MATH == 1)\n"); +#endif + +#ifdef ERR_REPORTING_STDOUT + printf("using stdout for error reporting\t(ERR_REPORTING_STDOUT == 1)\n"); +#endif + +#ifdef DEV_URANDOM + str = DEV_URANDOM; +#else + str = ""; +#endif + printf("using %s as a random source\t(DEV_URANDOM == %s)\n", + str, str); + if (strcmp("", str) == 0) { + err_count++; + } + + if (err_count) + printf("warning: configuration is probably in error " + "(found %d problems)\n", err_count); + + return err_count; +} diff --git a/third_party/srtp/crypto/test/kernel_driver.c b/third_party/srtp/crypto/test/kernel_driver.c new file mode 100644 index 0000000..8ef8a5f --- /dev/null +++ b/third_party/srtp/crypto/test/kernel_driver.c @@ -0,0 +1,126 @@ +/* + * kernel_driver.c + * + * a test driver for the crypto_kernel + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include <stdio.h> /* for printf() */ +#include <unistd.h> /* for getopt() */ +#include "crypto_kernel.h" + +void +usage(char *prog_name) { + printf("usage: %s [ -v ][ -d debug_module ]*\n", prog_name); + exit(255); +} + +int +main (int argc, char *argv[]) { + extern char *optarg; + int q; + int do_validation = 0; + err_status_t status; + + if (argc == 1) + usage(argv[0]); + + /* initialize kernel - we need to do this before anything else */ + status = crypto_kernel_init(); + if (status) { + printf("error: crypto_kernel init failed\n"); + exit(1); + } + printf("crypto_kernel successfully initalized\n"); + + /* process input arguments */ + while (1) { + q = getopt(argc, argv, "vd:"); + if (q == -1) + break; + switch (q) { + case 'v': + do_validation = 1; + break; + case 'd': + status = crypto_kernel_set_debug_module(optarg, 1); + if (status) { + printf("error: set debug module (%s) failed\n", optarg); + exit(1); + } + break; + default: + usage(argv[0]); + } + } + + if (do_validation) { + printf("checking crypto_kernel status...\n"); + status = crypto_kernel_status(); + if (status) { + printf("failed\n"); + exit(1); + } + printf("crypto_kernel passed self-tests\n"); + } + + status = crypto_kernel_shutdown(); + if (status) { + printf("error: crypto_kernel shutdown failed\n"); + exit(1); + } + printf("crypto_kernel successfully shut down\n"); + + return 0; +} + +/* + * crypto_kernel_cipher_test() is a test of the cipher interface + * of the crypto_kernel + */ + +err_status_t +crypto_kernel_cipher_test(void) { + + /* not implemented yet! */ + + return err_status_ok; +} diff --git a/third_party/srtp/crypto/test/rand_gen.c b/third_party/srtp/crypto/test/rand_gen.c new file mode 100644 index 0000000..ccea097 --- /dev/null +++ b/third_party/srtp/crypto/test/rand_gen.c @@ -0,0 +1,140 @@ +/* + * rand_gen.c + * + * a random source (random number generator) + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include <stdio.h> /* for printf() */ +#include <unistd.h> /* for getopt() */ +#include "crypto_kernel.h" + +/* + * MAX_PRINT_STRING_LEN is defined in datatypes.h, and is the length + * of the largest hexadecimal string that can be generated by the + * function octet_string_hex_string(). + */ + +#define BUF_LEN (MAX_PRINT_STRING_LEN/2) + +void +usage(char *prog_name) { + printf("usage: %s -n <num_bytes> [-l][ -d debug_module ]*\n" + " -n <num> output <num> random bytes, where <num>" + " is between zero and %d\n" + " -l list the avaliable debug modules\n" + " -d <mod> turn on debugging module <mod>\n", + prog_name, BUF_LEN); + exit(255); +} + +int +main (int argc, char *argv[]) { + extern char *optarg; + int q; + int num_octets = 0; + unsigned do_list_mods = 0; + err_status_t status; + + if (argc == 1) + usage(argv[0]); + + /* initialize kernel - we need to do this before anything else */ + status = crypto_kernel_init(); + if (status) { + printf("error: crypto_kernel init failed\n"); + exit(1); + } + + /* process input arguments */ + while (1) { + q = getopt(argc, argv, "ld:n:"); + if (q == -1) + break; + switch (q) { + case 'd': + status = crypto_kernel_set_debug_module(optarg, 1); + if (status) { + printf("error: set debug module (%s) failed\n", optarg); + exit(1); + } + break; + case 'l': + do_list_mods = 1; + break; + case 'n': + num_octets = atoi(optarg); + if (num_octets < 0 || num_octets > BUF_LEN) + usage(argv[0]); + break; + default: + usage(argv[0]); + } + } + + if (do_list_mods) { + status = crypto_kernel_list_debug_modules(); + if (status) { + printf("error: list of debug modules failed\n"); + exit(1); + } + } + + if (num_octets > 0) { + uint8_t buffer[BUF_LEN]; + + status = crypto_get_random(buffer, num_octets); + if (status) { + printf("error: failure in random source\n"); + } else { + printf("%s\n", octet_string_hex_string(buffer, num_octets)); + } + } + + status = crypto_kernel_shutdown(); + if (status) { + printf("error: crypto_kernel shutdown failed\n"); + exit(1); + } + + return 0; +} + diff --git a/third_party/srtp/crypto/test/sha1_driver.c b/third_party/srtp/crypto/test/sha1_driver.c new file mode 100644 index 0000000..f7cb6ca --- /dev/null +++ b/third_party/srtp/crypto/test/sha1_driver.c @@ -0,0 +1,533 @@ +/* + * sha1_driver.c + * + * a test driver for SHA-1 + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include <stdio.h> +#include "sha1.h" + +#define SHA_PASS 0 +#define SHA_FAIL 1 + +#define MAX_HASH_DATA_LEN 1024 +#define MAX_HASH_OUT_LEN 20 + +typedef struct hash_test_case_t { + unsigned data_len; /* number of octets in data */ + unsigned hash_len; /* number of octets output by hash */ + uint8_t data[MAX_HASH_DATA_LEN]; /* message data */ + uint8_t hash[MAX_HASH_OUT_LEN]; /* expected hash output */ + struct hash_test_case_t *next_test_case; +} hash_test_case_t; + +hash_test_case_t *sha1_test_case_list; + +err_status_t +hash_test_case_add(hash_test_case_t **list_ptr, + char *hex_data, + unsigned data_len, + char *hex_hash, + unsigned hash_len) { + hash_test_case_t *list_head = *list_ptr; + hash_test_case_t *test_case; + unsigned tmp_len; + + test_case = malloc(sizeof(hash_test_case_t)); + if (test_case == NULL) + return err_status_alloc_fail; + + tmp_len = hex_string_to_octet_string((char *)test_case->data, hex_data, data_len*2); + if (tmp_len != data_len*2) + return err_status_parse_err; + + tmp_len = hex_string_to_octet_string((char *)test_case->hash, hex_hash, hash_len*2); + if (tmp_len != hash_len*2) + return err_status_parse_err; + + test_case->data_len = data_len; + test_case->hash_len = hash_len; + + /* add the new test case to the head of the list */ + test_case->next_test_case = list_head; + *list_ptr = test_case; + + return err_status_ok; +} + +err_status_t +sha1_test_case_validate(const hash_test_case_t *test_case) { + sha1_ctx_t ctx; + uint32_t hash_value[5]; + + if (test_case == NULL) + return err_status_bad_param; + + if (test_case->hash_len != 20) + return err_status_bad_param; + if (test_case->data_len > MAX_HASH_DATA_LEN) + return err_status_bad_param; + + sha1_init(&ctx); + sha1_update(&ctx, test_case->data, test_case->data_len); + sha1_final(&ctx, hash_value); + if (0 == memcmp(test_case->hash, hash_value, 20)) { +#if VERBOSE + printf("PASSED: reference value: %s\n", + octet_string_hex_string((uint8_t *)test_case->hash, 20)); + printf("PASSED: computed value: %s\n", + octet_string_hex_string((uint8_t *)hash_value, 20)); +#endif + return err_status_ok; + } + + printf("reference value: %s\n", + octet_string_hex_string((uint8_t *)test_case->hash, 20)); + printf("computed value: %s\n", + octet_string_hex_string((uint8_t *)hash_value, 20)); + + return err_status_algo_fail; + +} + +struct hex_sha1_test_case_t { + unsigned bit_len; + char hex_data[MAX_HASH_DATA_LEN*2]; + char hex_hash[40]; +}; + +err_status_t +sha1_add_test_cases() { + int i; + err_status_t err; + + /* + * these test cases are taken from the "SHA-1 Sample Vectors" + * provided by NIST at http://csrc.nist.gov/cryptval/shs.html + */ + + struct hex_sha1_test_case_t tc[] = { + { + 0, + "", + "da39a3ee5e6b4b0d3255bfef95601890afd80709" + }, + { + 8, + "a8", + "99f2aa95e36f95c2acb0eaf23998f030638f3f15" + }, + { + 16, + "3000", + "f944dcd635f9801f7ac90a407fbc479964dec024" + }, + { + 24, + "42749e", + "a444319e9b6cc1e8464c511ec0969c37d6bb2619" + }, + { + 32, + "9fc3fe08", + "16a0ff84fcc156fd5d3ca3a744f20a232d172253" + }, + { + 40, + "b5c1c6f1af", + "fec9deebfcdedaf66dda525e1be43597a73a1f93" + }, + { + 48, + "e47571e5022e", + "8ce051181f0ed5e9d0c498f6bc4caf448d20deb5" + }, + { + 56, + "3e1b28839fb758", + "67da53837d89e03bf652ef09c369a3415937cfd3" + }, + { + 64, + "a81350cbb224cb90", + "305e4ff9888ad855a78573cddf4c5640cce7e946" + }, + { + 72, "c243d167923dec3ce1", + "5902b77b3265f023f9bbc396ba1a93fa3509bde7" + }, + { + 80, + "50ac18c59d6a37a29bf4", + "fcade5f5d156bf6f9af97bdfa9c19bccfb4ff6ab" + }, + { + 88, + "98e2b611ad3b1cccf634f6", + "1d20fbe00533c10e3cbd6b27088a5de0c632c4b5" + }, + { + 96, + "73fe9afb68e1e8712e5d4eec", + "7e1b7e0f7a8f3455a9c03e9580fd63ae205a2d93" + }, + { + 104, + "9e701ed7d412a9226a2a130e66", + "706f0677146307b20bb0e8d6311e329966884d13" + }, + { + 112, + "6d3ee90413b0a7cbf69e5e6144ca", + "a7241a703aaf0d53fe142f86bf2e849251fa8dff" + }, + { + 120, + "fae24d56514efcb530fd4802f5e71f", + "400f53546916d33ad01a5e6df66822dfbdc4e9e6" + }, + { + 128, + "c5a22dd6eda3fe2bdc4ddb3ce6b35fd1", + "fac8ab93c1ae6c16f0311872b984f729dc928ccd" + }, + { + 136, + "d98cded2adabf08fda356445c781802d95", + "fba6d750c18da58f6e2aab10112b9a5ef3301b3b" + }, + { + 144, + "bcc6d7087a84f00103ccb32e5f5487a751a2", + "29d27c2d44c205c8107f0351b05753ac708226b6" + }, + { + 152, + "36ecacb1055434190dbbc556c48bafcb0feb0d", + "b971bfc1ebd6f359e8d74cb7ecfe7f898d0ba845" + }, + { + 160, + "5ff9edb69e8f6bbd498eb4537580b7fba7ad31d0", + "96d08c430094b9fcc164ad2fb6f72d0a24268f68" + }, + { + 168, "c95b441d8270822a46a798fae5defcf7b26abace36", + "a287ea752a593d5209e287881a09c49fa3f0beb1" + }, + { + 176, + "83104c1d8a55b28f906f1b72cb53f68cbb097b44f860", + "a06c713779cbd88519ed4a585ac0cb8a5e9d612b" + }, + { + 184, + "755175528d55c39c56493d697b790f099a5ce741f7754b", + "bff7d52c13a3688132a1d407b1ab40f5b5ace298" + }, + { + 192, + "088fc38128bbdb9fd7d65228b3184b3faac6c8715f07272f", + "c7566b91d7b6f56bdfcaa9781a7b6841aacb17e9" + }, + { + 200, + "a4a586eb9245a6c87e3adf1009ac8a49f46c07e14185016895", + "ffa30c0b5c550ea4b1e34f8a60ec9295a1e06ac1" + }, + { + 208, + "8e7c555270c006092c2a3189e2a526b873e2e269f0fb28245256", + "29e66ed23e914351e872aa761df6e4f1a07f4b81" + }, + { + 216, + "a5f3bfa6bb0ba3b59f6b9cbdef8a558ec565e8aa3121f405e7f2f0", + "b28cf5e5b806a01491d41f69bd9248765c5dc292" + }, + { + 224, + "589054f0d2bd3c2c85b466bfd8ce18e6ec3e0b87d944cd093ba36469", + "60224fb72c46069652cd78bcd08029ef64da62f3" + }, + { + 232, + "a0abb12083b5bbc78128601bf1cbdbc0fdf4b862b24d899953d8da0ff3", + "b72c4a86f72608f24c05f3b9088ef92fba431df7" + }, + { + 240, + "82143f4cea6fadbf998e128a8811dc75301cf1db4f079501ea568da68eeb", + "73779ad5d6b71b9b8328ef7220ff12eb167076ac" + }, + { + 248, + "9f1231dd6df1ff7bc0b0d4f989d048672683ce35d956d2f57913046267e6f3", + "a09671d4452d7cf50015c914a1e31973d20cc1a0" + }, + { + 256, + "041c512b5eed791f80d3282f3a28df263bb1df95e1239a7650e5670fc2187919", + "e88cdcd233d99184a6fd260b8fca1b7f7687aee0" + }, + { + 264, + "17e81f6ae8c2e5579d69dafa6e070e7111461552d314b691e7a3e7a4feb3fae418", + "010def22850deb1168d525e8c84c28116cb8a269" + }, + { + 272, + "d15976b23a1d712ad28fad04d805f572026b54dd64961fda94d5355a0cc98620cf77", + "aeaa40ba1717ed5439b1e6ea901b294ba500f9ad" + }, + { + 280, + "09fce4d434f6bd32a44e04b848ff50ec9f642a8a85b37a264dc73f130f22838443328f", + "c6433791238795e34f080a5f1f1723f065463ca0" + }, + { + 288, "f17af27d776ec82a257d8d46d2b46b639462c56984cc1be9c1222eadb8b26594a25c709d", + "e21e22b89c1bb944a32932e6b2a2f20d491982c3" + }, + { + 296, + "b13ce635d6f8758143ffb114f2f601cb20b6276951416a2f94fbf4ad081779d79f4f195b22", + "575323a9661f5d28387964d2ba6ab92c17d05a8a" + }, + { + 304, + "5498793f60916ff1c918dde572cdea76da8629ba4ead6d065de3dfb48de94d234cc1c5002910", + "feb44494af72f245bfe68e86c4d7986d57c11db7" + }, + { + 312, + "498a1e0b39fa49582ae688cd715c86fbaf8a81b8b11b4d1594c49c902d197c8ba8a621fd6e3be5", + "cff2290b3648ba2831b98dde436a72f9ebf51eee" + }, + { + 320, + "3a36ae71521f9af628b3e34dcb0d4513f84c78ee49f10416a98857150b8b15cb5c83afb4b570376e", + "9b4efe9d27b965905b0c3dab67b8d7c9ebacd56c" + }, + { + 328, + "dcc76b40ae0ea3ba253e92ac50fcde791662c5b6c948538cffc2d95e9de99cac34dfca38910db2678f", + "afedb0ff156205bcd831cbdbda43db8b0588c113" + }, + { + 336, + "5b5ec6ec4fd3ad9c4906f65c747fd4233c11a1736b6b228b92e90cddabb0c7c2fcf9716d3fad261dff33", + "8deb1e858f88293a5e5e4d521a34b2a4efa70fc4" + }, + { + 344, + "df48a37b29b1d6de4e94717d60cdb4293fcf170bba388bddf7a9035a15d433f20fd697c3e4c8b8c5f590ab", + "95cbdac0f74afa69cebd0e5c7defbc6faf0cbeaf" + }, + { + 352, + "1f179b3b82250a65e1b0aee949e218e2f45c7a8dbfd6ba08de05c55acfc226b48c68d7f7057e5675cd96fcfc", + "f0307bcb92842e5ae0cd4f4f14f3df7f877fbef2" + }, + { + 360, + "ee3d72da3a44d971578972a8e6780ce64941267e0f7d0179b214fa97855e1790e888e09fbe3a70412176cb3b54", + "7b13bb0dbf14964bd63b133ac85e22100542ef55" + }, + { + 368, + "d4d4c7843d312b30f610b3682254c8be96d5f6684503f8fbfbcd15774fc1b084d3741afb8d24aaa8ab9c104f7258", + "c314d2b6cf439be678d2a74e890d96cfac1c02ed" + }, + { + 376, + "32c094944f5936a190a0877fb9178a7bf60ceae36fd530671c5b38c5dbd5e6a6c0d615c2ac8ad04b213cc589541cf6", + "4d0be361e410b47a9d67d8ce0bb6a8e01c53c078" + }, + { + 384, + "e5d3180c14bf27a5409fa12b104a8fd7e9639609bfde6ee82bbf9648be2546d29688a65e2e3f3da47a45ac14343c9c02", + "e5353431ffae097f675cbf498869f6fbb6e1c9f2" + }, + { + 392, + "e7b6e4b69f724327e41e1188a37f4fe38b1dba19cbf5a7311d6e32f1038e97ab506ee05aebebc1eed09fc0e357109818b9", + "b8720a7068a085c018ab18961de2765aa6cd9ac4" + }, + { + 400, + "bc880cb83b8ac68ef2fedc2da95e7677ce2aa18b0e2d8b322701f67af7d5e7a0d96e9e33326ccb7747cfff0852b961bfd475", + "b0732181568543ba85f2b6da602b4b065d9931aa" + }, + { + 408, + "235ea9c2ba7af25400f2e98a47a291b0bccdaad63faa2475721fda5510cc7dad814bce8dabb611790a6abe56030b798b75c944", + "9c22674cf3222c3ba921672694aafee4ce67b96b" + }, + { + 416, + "07e3e29fed63104b8410f323b975fd9fba53f636af8c4e68a53fb202ca35dd9ee07cb169ec5186292e44c27e5696a967f5e67709", + "d128335f4cecca9066cdae08958ce656ff0b4cfc" + }, + { + 424, + "65d2a1dd60a517eb27bfbf530cf6a5458f9d5f4730058bd9814379547f34241822bf67e6335a6d8b5ed06abf8841884c636a25733f", + "0b67c57ac578de88a2ae055caeaec8bb9b0085a0" + }, + { + 432, + "dcc86b3bd461615bab739d8daafac231c0f462e819ad29f9f14058f3ab5b75941d4241ea2f17ebb8a458831b37a9b16dead4a76a9b0e", + "c766f912a89d4ccda88e0cce6a713ef5f178b596" + }, + { + 440, + "4627d54f0568dc126b62a8c35fb46a9ac5024400f2995e51635636e1afc4373dbb848eb32df23914230560b82477e9c3572647a7f2bb92", + "9aa3925a9dcb177b15ccff9b78e70cf344858779" + }, + { + 448, + "ba531affd4381168ef24d8b275a84d9254c7f5cc55fded53aa8024b2c5c5c8aa7146fe1d1b83d62b70467e9a2e2cb67b3361830adbab28d7", + "4811fa30042fc076acf37c8e2274d025307e5943" + }, + { + 456, + "8764dcbcf89dcf4282eb644e3d568bdccb4b13508bfa7bfe0ffc05efd1390be22109969262992d377691eb4f77f3d59ea8466a74abf57b2ef4", + "6743018450c9730761ee2b130df9b91c1e118150" + }, + { + 464, + "497d9df9ddb554f3d17870b1a31986c1be277bc44feff713544217a9f579623d18b5ffae306c25a45521d2759a72c0459b58957255ab592f3be4", + "71ad4a19d37d92a5e6ef3694ddbeb5aa61ada645" + }, + { + 472, + "72c3c2e065aefa8d9f7a65229e818176eef05da83f835107ba90ec2e95472e73e538f783b416c04654ba8909f26a12db6e5c4e376b7615e4a25819", + "a7d9dc68dacefb7d6116186048cb355cc548e11d" + }, + { + 480, + "7cc9894454d0055ab5069a33984e2f712bef7e3124960d33559f5f3b81906bb66fe64da13c153ca7f5cabc89667314c32c01036d12ecaf5f9a78de98", + "142e429f0522ba5abf5131fa81df82d355b96909" + }, + { + 488, + "74e8404d5a453c5f4d306f2cfa338ca65501c840ddab3fb82117933483afd6913c56aaf8a0a0a6b2a342fc3d9dc7599f4a850dfa15d06c61966d74ea59", + "ef72db70dcbcab991e9637976c6faf00d22caae9" + }, + { + 496, + "46fe5ed326c8fe376fcc92dc9e2714e2240d3253b105adfbb256ff7a19bc40975c604ad7c0071c4fd78a7cb64786e1bece548fa4833c04065fe593f6fb10", + "f220a7457f4588d639dc21407c942e9843f8e26b" + }, + { + 504, + "836dfa2524d621cf07c3d2908835de859e549d35030433c796b81272fd8bc0348e8ddbc7705a5ad1fdf2155b6bc48884ac0cd376925f069a37849c089c8645", + "ddd2117b6e309c233ede85f962a0c2fc215e5c69" + }, + { + 512, + "7e3a4c325cb9c52b88387f93d01ae86d42098f5efa7f9457388b5e74b6d28b2438d42d8b64703324d4aa25ab6aad153ae30cd2b2af4d5e5c00a8a2d0220c6116", + "a3054427cdb13f164a610b348702724c808a0dcc" + } + }; + + + for (i=0; i < 65; i++) { + err = hash_test_case_add(&sha1_test_case_list, + tc[i].hex_data, + tc[i].bit_len/8, + tc[i].hex_hash, 20); + if (err) { + printf("error adding hash test case (code %d)\n", err); + return err; + } + } + + return err_status_ok; +} + + +err_status_t +sha1_validate(void) { + hash_test_case_t *test_case; + err_status_t err; + + err = sha1_add_test_cases(); + if (err) { + printf("error adding SHA1 test cases (error code %d)\n", err); + return err; + } + + if (sha1_test_case_list == NULL) + return err_status_cant_check; + + test_case = sha1_test_case_list; + while (test_case != NULL) { + err = sha1_test_case_validate(test_case); + if (err) { + printf("error validating hash test case (error code %d)\n", err); + return err; + } + test_case = test_case->next_test_case; + } + + return err_status_ok; +} + + + +int +main (void) { + err_status_t err; + + printf("sha1 test driver\n"); + + err = sha1_validate(); + if (err) { + printf("SHA1 did not pass validation testing\n"); + return 1; + } + printf("SHA1 passed validation tests\n"); + + return 0; + +} diff --git a/third_party/srtp/crypto/test/stat_driver.c b/third_party/srtp/crypto/test/stat_driver.c new file mode 100644 index 0000000..09cc44a --- /dev/null +++ b/third_party/srtp/crypto/test/stat_driver.c @@ -0,0 +1,101 @@ +/* + * stat-driver.c + * + * test driver for the stat_test functions + * + * David A. McGrew + * Cisco Systems, Inc. + */ + + +#include <stdio.h> /* for printf() */ + +#include "err.h" +#include "stat.h" + +#include "cipher.h" + +typedef struct { + void *state; +} random_source_t; + +err_status_t +random_source_alloc(void); + +void +err_check(err_status_t s) { + if (s) { + printf("error (code %d)\n", s); + exit(1); + } +} + +int +main (int argc, char *argv[]) { + uint8_t buffer[2500]; + unsigned int buf_len = 2500; + int i, j; + extern cipher_type_t aes_icm; + cipher_t *c; + uint8_t key[30] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 + }; + v128_t nonce; + int num_trials = 500; + int num_fail; + + printf("statistical tests driver\n"); + + for (i=0; i < 2500; i++) + buffer[i] = 0; + + /* run tests */ + printf("running stat_tests on all-null buffer, expecting failure\n"); + printf("monobit %d\n", stat_test_monobit(buffer)); + printf("poker %d\n", stat_test_poker(buffer)); + printf("runs %d\n", stat_test_runs(buffer)); + + for (i=0; i < 2500; i++) + buffer[i] = rand(); + printf("running stat_tests on rand(), expecting success\n"); + printf("monobit %d\n", stat_test_monobit(buffer)); + printf("poker %d\n", stat_test_poker(buffer)); + printf("runs %d\n", stat_test_runs(buffer)); + + printf("running stat_tests on AES-128-ICM, expecting success\n"); + /* set buffer to cipher output */ + for (i=0; i < 2500; i++) + buffer[i] = 0; + err_check(cipher_type_alloc(&aes_icm, &c, 30)); + err_check(cipher_init(c, key, direction_encrypt)); + err_check(cipher_set_iv(c, &nonce)); + err_check(cipher_encrypt(c, buffer, &buf_len)); + /* run tests on cipher outout */ + printf("monobit %d\n", stat_test_monobit(buffer)); + printf("poker %d\n", stat_test_poker(buffer)); + printf("runs %d\n", stat_test_runs(buffer)); + + printf("runs test (please be patient): "); + fflush(stdout); + num_fail = 0; + v128_set_to_zero(&nonce); + for(j=0; j < num_trials; j++) { + for (i=0; i < 2500; i++) + buffer[i] = 0; + nonce.v32[3] = i; + err_check(cipher_set_iv(c, &nonce)); + err_check(cipher_encrypt(c, buffer, &buf_len)); + if (stat_test_runs(buffer)) { + num_fail++; + } + } + + printf("%d failures in %d tests\n", num_fail, num_trials); + printf("(nota bene: a small fraction of stat_test failures does not \n" + "indicate that the random source is invalid)\n"); + + return 0; +} diff --git a/third_party/srtp/doc/.keep b/third_party/srtp/doc/.keep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/third_party/srtp/doc/.keep diff --git a/third_party/srtp/include/getopt_s.h b/third_party/srtp/include/getopt_s.h new file mode 100644 index 0000000..2a6ece3 --- /dev/null +++ b/third_party/srtp/include/getopt_s.h @@ -0,0 +1,60 @@ +/* + * getopt.h + * + * interface to a minimal implementation of the getopt() function, + * written so that test applications that use that function can run on + * non-POSIX platforms + * + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef GETOPT_S_H +#define GETOPT_S_H + +/* + * getopt_s(), optarg_s, and optind_s are small, locally defined + * versions of the POSIX standard getopt() interface. + */ + +int +getopt_s(int argc, char * const argv[], const char *optstring); + +extern char *optarg_s; /* defined in getopt.c */ + +extern int optind_s; /* defined in getopt.c */ + +#endif /* GETOPT_S_H */ diff --git a/third_party/srtp/include/rtp.h b/third_party/srtp/include/rtp.h new file mode 100644 index 0000000..94279f5 --- /dev/null +++ b/third_party/srtp/include/rtp.h @@ -0,0 +1,127 @@ +/* + * rtp.h + * + * rtp interface for srtp reference implementation + * + * David A. McGrew + * Cisco Systems, Inc. + * + * data types: + * + * rtp_msg_t an rtp message (the data that goes on the wire) + * rtp_sender_t sender side socket and rtp info + * rtp_receiver_t receiver side socket and rtp info + * + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef RTP_H +#define RTP_H + +#ifdef HAVE_NETINET_IN_H +# include <netinet/in.h> +#elif defined HAVE_WINSOCK2_H +# include <winsock2.h> +#endif + +#include "srtp.h" + +typedef struct rtp_sender_ctx_t *rtp_sender_t; + +typedef struct rtp_receiver_ctx_t *rtp_receiver_t; + +unsigned int +rtp_sendto(rtp_sender_t sender, const void* msg, int len); + +unsigned int +rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len); + +int +rtp_receiver_init(rtp_receiver_t rcvr, int socket, + struct sockaddr_in addr, unsigned int ssrc); + +int +rtp_sender_init(rtp_sender_t sender, int socket, + struct sockaddr_in addr, unsigned int ssrc); + +/* + * srtp_sender_init(...) initializes an rtp_sender_t + */ + +int +srtp_sender_init(rtp_sender_t rtp_ctx, /* structure to be init'ed */ + struct sockaddr_in name, /* socket name */ + sec_serv_t security_services, /* sec. servs. to be used */ + unsigned char *input_key /* master key/salt in hex */ + ); + +int +srtp_receiver_init(rtp_receiver_t rtp_ctx, /* structure to be init'ed */ + struct sockaddr_in name, /* socket name */ + sec_serv_t security_services, /* sec. servs. to be used */ + unsigned char *input_key /* master key/salt in hex */ + ); + + +int +rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy); + +int +rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy); + + +rtp_sender_t +rtp_sender_alloc(); + +rtp_receiver_t +rtp_receiver_alloc(); + + +/* + * RTP_HEADER_LEN indicates the size of an RTP header + */ +#define RTP_HEADER_LEN 12 + +/* + * RTP_MAX_BUF_LEN defines the largest RTP packet in the rtp.c implementation + */ +#define RTP_MAX_BUF_LEN 16384 + + +#endif /* RTP_H */ diff --git a/third_party/srtp/include/rtp_priv.h b/third_party/srtp/include/rtp_priv.h new file mode 100644 index 0000000..1421386 --- /dev/null +++ b/third_party/srtp/include/rtp_priv.h @@ -0,0 +1,74 @@ +/* + * rtp_priv.h + * + * private, internal header file for RTP + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef RTP_PRIV_H +#define RTP_PRIV_H + +#include "srtp_priv.h" +#include "rtp.h" + +typedef srtp_hdr_t rtp_hdr_t; + +typedef struct { + srtp_hdr_t header; + char body[RTP_MAX_BUF_LEN]; +} rtp_msg_t; + +typedef struct rtp_sender_ctx_t { + rtp_msg_t message; + int socket; + srtp_ctx_t *srtp_ctx; + struct sockaddr_in addr; /* reciever's address */ +} rtp_sender_ctx_t; + +typedef struct rtp_receiver_ctx_t { + rtp_msg_t message; + int socket; + srtp_ctx_t *srtp_ctx; + struct sockaddr_in addr; /* receiver's address */ +} rtp_receiver_ctx_t; + + +#endif /* RTP_PRIV_H */ diff --git a/third_party/srtp/include/srtp.h b/third_party/srtp/include/srtp.h new file mode 100644 index 0000000..9fd3a57 --- /dev/null +++ b/third_party/srtp/include/srtp.h @@ -0,0 +1,929 @@ +/* + * srtp.h + * + * interface to libsrtp + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef SRTP_H +#define SRTP_H + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef _MSC_VER +#pragma pack(4) +#endif + +#include "crypto_kernel.h" + +/** + * @defgroup SRTP Secure RTP + * + * @brief libSRTP provides functions for protecting RTP and RTCP. See + * Section @ref Overview for an introduction to the use of the library. + * + * @{ + */ + +/* + * SRTP_MASTER_KEY_LEN is the nominal master key length supported by libSRTP + */ + +#define SRTP_MASTER_KEY_LEN 30 + +/* + * SRTP_MAX_KEY_LEN is the maximum key length supported by libSRTP + */ +#define SRTP_MAX_KEY_LEN 64 + +/* + * SRTP_MAX_TAG_LEN is the maximum tag length supported by libSRTP + */ + +#define SRTP_MAX_TAG_LEN 12 + +/** + * SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer + * (authentication tag and MKI) supported by libSRTP. This value is + * the maximum number of octets that will be added to an RTP packet by + * srtp_protect(). + * + * @brief the maximum number of octets added by srtp_protect(). + */ +#define SRTP_MAX_TRAILER_LEN SRTP_MAX_TAG_LEN + +/* + * nota bene: since libSRTP doesn't support the use of the MKI, the + * SRTP_MAX_TRAILER_LEN value is just the maximum tag length + */ + +/** + * @brief sec_serv_t describes a set of security services. + * + * A sec_serv_t enumeration is used to describe the particular + * security services that will be applied by a particular crypto + * policy (or other mechanism). + */ + +typedef enum { + sec_serv_none = 0, /**< no services */ + sec_serv_conf = 1, /**< confidentiality */ + sec_serv_auth = 2, /**< authentication */ + sec_serv_conf_and_auth = 3 /**< confidentiality and authentication */ +} sec_serv_t; + +/** + * @brief crypto_policy_t describes a particular crypto policy that + * can be applied to an SRTP stream. + * + * A crypto_policy_t describes a particular cryptographic policy that + * can be applied to an SRTP or SRTCP stream. An SRTP session policy + * consists of a list of these policies, one for each SRTP stream + * in the session. + */ + +typedef struct crypto_policy_t { + cipher_type_id_t cipher_type; /**< An integer representing + * the type of cipher. */ + int cipher_key_len; /**< The length of the cipher key + * in octets. */ + auth_type_id_t auth_type; /**< An integer representing the + * authentication function. */ + int auth_key_len; /**< The length of the authentication + * function key in octets. */ + int auth_tag_len; /**< The length of the authentication + * tag in octets. */ + sec_serv_t sec_serv; /**< The flag indicating the security + * services to be applied. */ +} crypto_policy_t; + + +/** + * @brief ssrc_type_t describes the type of an SSRC. + * + * An ssrc_type_t enumeration is used to indicate a type of SSRC. See + * @ref srtp_policy_t for more informataion. + */ + +typedef enum { + ssrc_undefined = 0, /**< Indicates an undefined SSRC type. */ + ssrc_specific = 1, /**< Indicates a specific SSRC value */ + ssrc_any_inbound = 2, /**< Indicates any inbound SSRC value + (i.e. a value that is used in the + function srtp_unprotect()) */ + ssrc_any_outbound = 3 /**< Indicates any outbound SSRC value + (i.e. a value that is used in the + function srtp_protect()) */ +} ssrc_type_t; + +/** + * @brief An ssrc_t represents a particular SSRC value, or a `wildcard' SSRC. + * + * An ssrc_t represents a particular SSRC value (if its type is + * ssrc_specific), or a wildcard SSRC value that will match all + * outbound SSRCs (if its type is ssrc_any_outbound) or all inbound + * SSRCs (if its type is ssrc_any_inbound). + * + */ + +typedef struct { + ssrc_type_t type; /**< The type of this particular SSRC */ + unsigned int value; /**< The value of this SSRC, if it is not a wildcard */ +} ssrc_t; + + +/** + * @brief represents the policy for an SRTP session. + * + * A single srtp_policy_t struct represents the policy for a single + * SRTP stream, and a linked list of these elements represents the + * policy for an entire SRTP session. Each element contains the SRTP + * and SRTCP crypto policies for that stream, a pointer to the SRTP + * master key for that stream, the SSRC describing that stream, or a + * flag indicating a `wildcard' SSRC value, and a `next' field that + * holds a pointer to the next element in the list of policy elements, + * or NULL if it is the last element. + * + * The wildcard value SSRC_ANY_INBOUND matches any SSRC from an + * inbound stream that for which there is no explicit SSRC entry in + * another policy element. Similarly, the value SSRC_ANY_OUTBOUND + * will matches any SSRC from an outbound stream that does not appear + * in another policy element. Note that wildcard SSRCs &b cannot be + * used to match both inbound and outbound traffic. This restriction + * is intentional, and it allows libSRTP to ensure that no security + * lapses result from accidental re-use of SSRC values during key + * sharing. + * + * + * @warning The final element of the list @b must have its `next' pointer + * set to NULL. + */ + +typedef struct srtp_policy_t { + ssrc_t ssrc; /**< The SSRC value of stream, or the + * flags SSRC_ANY_INBOUND or + * SSRC_ANY_OUTBOUND if key sharing + * is used for this policy element. + */ + crypto_policy_t rtp; /**< SRTP crypto policy. */ + crypto_policy_t rtcp; /**< SRTCP crypto policy. */ + unsigned char *key; /**< Pointer to the SRTP master key for + * this stream. */ + struct srtp_policy_t *next; /**< Pointer to next stream policy. */ +} srtp_policy_t; + + + + +/** + * @brief An srtp_t points to an SRTP session structure. + * + * The typedef srtp_t is a pointer to a structure that represents + * an SRTP session. This datatype is intentially opaque in + * order to separate the interface from the implementation. + * + * An SRTP session consists of all of the traffic sent to the RTP and + * RTCP destination transport addresses, using the RTP/SAVP (Secure + * Audio/Video Profile). A session can be viewed as a set of SRTP + * streams, each of which originates with a different participant. + */ + +typedef struct srtp_ctx_t *srtp_t; + + +/** + * @brief An srtp_stream_t points to an SRTP stream structure. + * + * The typedef srtp_stream_t is a pointer to a structure that + * represents an SRTP stream. This datatype is intentionally + * opaque in order to separate the interface from the implementation. + * + * An SRTP stream consists of all of the traffic sent to an SRTP + * session by a single participant. A session can be viewed as + * a set of streams. + * + */ +typedef struct srtp_stream_ctx_t *srtp_stream_t; + + + +/** + * @brief srtp_init() initializes the srtp library. + * + * @warning This function @b must be called before any other srtp + * functions. + */ + +err_status_t +srtp_init(void); + +/** + * @brief srtp_deinit() deinitializes the srtp library. + * + * @warning This function @b must be called on quitting application or + * after srtp is no longer used. + */ + +err_status_t +srtp_deinit(void); + +/** + * @brief srtp_protect() is the Secure RTP sender-side packet processing + * function. + * + * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP + * protection to the RTP packet rtp_hdr (which has length *len_ptr) using + * the SRTP context ctx. If err_status_ok is returned, then rtp_hdr + * points to the resulting SRTP packet and *len_ptr is the number of + * octets in that packet; otherwise, no assumptions should be made + * about the value of either data elements. + * + * The sequence numbers of the RTP packets presented to this function + * need not be consecutive, but they @b must be out of order by less + * than 2^15 = 32,768 packets. + * + * @warning This function assumes that it can write the authentication + * tag into the location in memory immediately following the RTP + * packet, and assumes that the RTP packet is aligned on a 32-bit + * boundary. + * + * @param ctx is the SRTP context to use in processing the packet. + * + * @param rtp_hdr is a pointer to the RTP packet (before the call); after + * the function returns, it points to the srtp packet. + * + * @param len_ptr is a pointer to the length in octets of the complete + * RTP packet (header and body) before the function call, and of the + * complete SRTP packet after the call, if err_status_ok was returned. + * Otherwise, the value of the data to which it points is undefined. + * + * @return + * - err_status_ok no problems + * - err_status_replay_fail rtp sequence number was non-increasing + * - @e other failure in cryptographic mechanisms + */ + +err_status_t +srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr); + +/** + * @brief srtp_unprotect() is the Secure RTP receiver-side packet + * processing function. + * + * The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies + * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr + * (which has length *len_ptr), using the SRTP context ctx. If + * err_status_ok is returned, then srtp_hdr points to the resulting + * RTP packet and *len_ptr is the number of octets in that packet; + * otherwise, no assumptions should be made about the value of either + * data elements. + * + * The sequence numbers of the RTP packets presented to this function + * need not be consecutive, but they @b must be out of order by less + * than 2^15 = 32,768 packets. + * + * @warning This function assumes that the SRTP packet is aligned on a + * 32-bit boundary. + * + * @param ctx is a pointer to the srtp_t which applies to the + * particular packet. + * + * @param srtp_hdr is a pointer to the header of the SRTP packet + * (before the call). after the function returns, it points to the + * rtp packet if err_status_ok was returned; otherwise, the value of + * the data to which it points is undefined. + * + * @param len_ptr is a pointer to the length in octets of the complete + * srtp packet (header and body) before the function call, and of the + * complete rtp packet after the call, if err_status_ok was returned. + * Otherwise, the value of the data to which it points is undefined. + * + * @return + * - err_status_ok if the RTP packet is valid. + * - err_status_auth_fail if the SRTP packet failed the message + * authentication check. + * - err_status_replay_fail if the SRTP packet is a replay (e.g. packet has + * already been processed and accepted). + * - [other] if there has been an error in the cryptographic mechanisms. + * + */ + +err_status_t +srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr); + + +/** + * @brief srtp_create() allocates and initializes an SRTP session. + + * The function call srtp_create(session, policy, key) allocates and + * initializes an SRTP session context, applying the given policy and + * key. + * + * @param session is the SRTP session to which the policy is to be added. + * + * @param policy is the srtp_policy_t struct that describes the policy + * for the session. The struct may be a single element, or it may be + * the head of a list, in which case each element of the list is + * processed. It may also be NULL, in which case streams should be added + * later using srtp_add_stream(). The final element of the list @b must + * have its `next' field set to NULL. + * + * @return + * - err_status_ok if creation succeded. + * - err_status_alloc_fail if allocation failed. + * - err_status_init_fail if initialization failed. + */ + +err_status_t +srtp_create(srtp_t *session, const srtp_policy_t *policy); + + +/** + * @brief srtp_add_stream() allocates and initializes an SRTP stream + * within a given SRTP session. + * + * The function call srtp_add_stream(session, policy) allocates and + * initializes a new SRTP stream within a given, previously created + * session, applying the policy given as the other argument to that + * stream. + * + * @return values: + * - err_status_ok if stream creation succeded. + * - err_status_alloc_fail if stream allocation failed + * - err_status_init_fail if stream initialization failed. + */ + +err_status_t +srtp_add_stream(srtp_t session, + const srtp_policy_t *policy); + + +/** + * @brief srtp_remove_stream() deallocates an SRTP stream. + * + * The function call srtp_remove_stream(session, ssrc) removes + * the SRTP stream with the SSRC value ssrc from the SRTP session + * context given by the argument session. + * + * @param session is the SRTP session from which the stream + * will be removed. + * + * @param ssrc is the SSRC value of the stream to be removed. + * + * @warning Wildcard SSRC values cannot be removed from a + * session. + * + * @return + * - err_status_ok if the stream deallocation succeded. + * - [other] otherwise. + * + */ + +err_status_t +srtp_remove_stream(srtp_t session, unsigned int ssrc); + +/** + * @brief crypto_policy_set_rtp_default() sets a crypto policy + * structure to the SRTP default policy for RTP protection. + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_rtp_default(&p) sets the + * crypto_policy_t at location p to the SRTP default policy for RTP + * protection, as defined in the specification. This function is a + * convenience that helps to avoid dealing directly with the policy + * data structure. You are encouraged to initialize policy elements + * with this function call. Doing so may allow your code to be + * forward compatible with later versions of libSRTP that include more + * elements in the crypto_policy_t datatype. + * + * @return void. + * + */ + +void +crypto_policy_set_rtp_default(crypto_policy_t *p); + +/** + * @brief crypto_policy_set_rtcp_default() sets a crypto policy + * structure to the SRTP default policy for RTCP protection. + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_rtcp_default(&p) sets the + * crypto_policy_t at location p to the SRTP default policy for RTCP + * protection, as defined in the specification. This function is a + * convenience that helps to avoid dealing directly with the policy + * data structure. You are encouraged to initialize policy elements + * with this function call. Doing so may allow your code to be + * forward compatible with later versions of libSRTP that include more + * elements in the crypto_policy_t datatype. + * + * @return void. + * + */ + +void +crypto_policy_set_rtcp_default(crypto_policy_t *p); + +/** + * @brief crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto + * policy structure to the SRTP default policy for RTP protection. + * + * @param p is a pointer to the policy structure to be set + * + * The function crypto_policy_set_aes_cm_128_hmac_sha1_80() is a + * synonym for crypto_policy_set_rtp_default(). It conforms to the + * naming convention used in + * http://www.ietf.org/internet-drafts/draft-ietf-mmusic-sdescriptions-12.txt + * + * @return void. + * + */ + +#define crypto_policy_set_aes_cm_128_hmac_sha1_80(p) crypto_policy_set_rtp_default(p) + + +/** + * @brief crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto + * policy structure to a short-authentication tag policy + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_aes_cm_128_hmac_sha1_32(&p) + * sets the crypto_policy_t at location p to use policy + * AES_CM_128_HMAC_SHA1_32 as defined in + * draft-ietf-mmusic-sdescriptions-12.txt. This policy uses AES-128 + * Counter Mode encryption and HMAC-SHA1 authentication, with an + * authentication tag that is only 32 bits long. This length is + * considered adequate only for protecting audio and video media that + * use a stateless playback function. See Section 7.5 of RFC 3711 + * (http://www.ietf.org/rfc/rfc3711.txt). + * + * This function is a convenience that helps to avoid dealing directly + * with the policy data structure. You are encouraged to initialize + * policy elements with this function call. Doing so may allow your + * code to be forward compatible with later versions of libSRTP that + * include more elements in the crypto_policy_t datatype. + * + * @warning This crypto policy is intended for use in SRTP, but not in + * SRTCP. It is recommended that a policy that uses longer + * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711 + * (http://www.ietf.org/rfc/rfc3711.txt). + * + * @return void. + * + */ + +void +crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p); + + + +/** + * @brief crypto_policy_set_aes_cm_128_null_auth() sets a crypto + * policy structure to an encryption-only policy + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_aes_cm_128_null_auth(&p) sets + * the crypto_policy_t at location p to use the SRTP default cipher + * (AES-128 Counter Mode), but to use no authentication method. This + * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 + * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). + * + * This function is a convenience that helps to avoid dealing directly + * with the policy data structure. You are encouraged to initialize + * policy elements with this function call. Doing so may allow your + * code to be forward compatible with later versions of libSRTP that + * include more elements in the crypto_policy_t datatype. + * + * @warning This policy is NOT RECOMMENDED for SRTP unless it is + * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see + * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). + * + * @return void. + * + */ + +void +crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p); + + +/** + * @brief crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto + * policy structure to an authentication-only policy + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_null_cipher_hmac_sha1_80(&p) + * sets the crypto_policy_t at location p to use HMAC-SHA1 with an 80 + * bit authentication tag to provide message authentication, but to + * use no encryption. This policy is NOT RECOMMENDED for SRTP unless + * there is a requirement to forego encryption. + * + * This function is a convenience that helps to avoid dealing directly + * with the policy data structure. You are encouraged to initialize + * policy elements with this function call. Doing so may allow your + * code to be forward compatible with later versions of libSRTP that + * include more elements in the crypto_policy_t datatype. + * + * @warning This policy is NOT RECOMMENDED for SRTP unless there is a + * requirement to forego encryption. + * + * @return void. + * + */ + +void +crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p); + +/** + * @brief srtp_dealloc() deallocates storage for an SRTP session + * context. + * + * The function call srtp_dealloc(s) deallocates storage for the + * SRTP session context s. This function should be called no more + * than one time for each of the contexts allocated by the function + * srtp_create(). + * + * @param s is the srtp_t for the session to be deallocated. + * + * @return + * - err_status_ok if there no problems. + * - err_status_dealloc_fail a memory deallocation failure occured. + */ + +err_status_t +srtp_dealloc(srtp_t s); + + +/* + * @brief identifies a particular SRTP profile + * + * An srtp_profile_t enumeration is used to identify a particular SRTP + * profile (that is, a set of algorithms and parameters). These + * profiles are defined in the DTLS-SRTP draft. + */ + +typedef enum { + srtp_profile_reserved = 0, + srtp_profile_aes128_cm_sha1_80 = 1, + srtp_profile_aes128_cm_sha1_32 = 2, + srtp_profile_aes256_cm_sha1_80 = 3, + srtp_profile_aes256_cm_sha1_32 = 4, + srtp_profile_null_sha1_80 = 5, + srtp_profile_null_sha1_32 = 6, +} srtp_profile_t; + + +/** + * @brief crypto_policy_set_from_profile_for_rtp() sets a crypto policy + * structure to the appropriate value for RTP based on an srtp_profile_t + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_rtp_default(&policy, profile) + * sets the crypto_policy_t at location policy to the policy for RTP + * protection, as defined by the srtp_profile_t profile. + * + * This function is a convenience that helps to avoid dealing directly + * with the policy data structure. You are encouraged to initialize + * policy elements with this function call. Doing so may allow your + * code to be forward compatible with later versions of libSRTP that + * include more elements in the crypto_policy_t datatype. + * + * @return values + * - err_status_ok no problems were encountered + * - err_status_bad_param the profile is not supported + * + */ +err_status_t +crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy, + srtp_profile_t profile); + + + + +/** + * @brief crypto_policy_set_from_profile_for_rtcp() sets a crypto policy + * structure to the appropriate value for RTCP based on an srtp_profile_t + * + * @param p is a pointer to the policy structure to be set + * + * The function call crypto_policy_set_rtcp_default(&policy, profile) + * sets the crypto_policy_t at location policy to the policy for RTCP + * protection, as defined by the srtp_profile_t profile. + * + * This function is a convenience that helps to avoid dealing directly + * with the policy data structure. You are encouraged to initialize + * policy elements with this function call. Doing so may allow your + * code to be forward compatible with later versions of libSRTP that + * include more elements in the crypto_policy_t datatype. + * + * @return values + * - err_status_ok no problems were encountered + * - err_status_bad_param the profile is not supported + * + */ +err_status_t +crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy, + srtp_profile_t profile); + +/** + * @brief returns the master key length for a given SRTP profile + */ +unsigned int +srtp_profile_get_master_key_length(srtp_profile_t profile); + + +/** + * @brief returns the master salt length for a given SRTP profile + */ +unsigned int +srtp_profile_get_master_salt_length(srtp_profile_t profile); + +/** + * @brief appends the salt to the key + * + * The function call append_salt_to_key(k, klen, s, slen) + * copies the string s to the location at klen bytes following + * the location k. + * + * @warning There must be at least bytes_in_salt + bytes_in_key bytes + * available at the location pointed to by key. + * + */ + +void +append_salt_to_key(unsigned char *key, unsigned int bytes_in_key, + unsigned char *salt, unsigned int bytes_in_salt); + + + +/** + * @} + */ + + + +/** + * @defgroup SRTCP Secure RTCP + * @ingroup SRTP + * + * @brief Secure RTCP functions are used to protect RTCP traffic. + * + * RTCP is the control protocol for RTP. libSRTP protects RTCP + * traffic in much the same way as it does RTP traffic. The function + * srtp_protect_rtcp() applies cryptographic protections to outbound + * RTCP packets, and srtp_unprotect_rtcp() verifies the protections on + * inbound RTCP packets. + * + * A note on the naming convention: srtp_protect_rtcp() has an srtp_t + * as its first argument, and thus has `srtp_' as its prefix. The + * trailing `_rtcp' indicates the protocol on which it acts. + * + * @{ + */ + +/** + * @brief srtp_protect_rtcp() is the Secure RTCP sender-side packet + * processing function. + * + * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies + * SRTCP protection to the RTCP packet rtcp_hdr (which has length + * *len_ptr) using the SRTP session context ctx. If err_status_ok is + * returned, then rtp_hdr points to the resulting SRTCP packet and + * *len_ptr is the number of octets in that packet; otherwise, no + * assumptions should be made about the value of either data elements. + * + * @warning This function assumes that it can write the authentication + * tag into the location in memory immediately following the RTCP + * packet, and assumes that the RTCP packet is aligned on a 32-bit + * boundary. + * + * @param ctx is the SRTP context to use in processing the packet. + * + * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after + * the function returns, it points to the srtp packet. + * + * @param pkt_octet_len is a pointer to the length in octets of the + * complete RTCP packet (header and body) before the function call, + * and of the complete SRTCP packet after the call, if err_status_ok + * was returned. Otherwise, the value of the data to which it points + * is undefined. + * + * @return + * - err_status_ok if there were no problems. + * - [other] if there was a failure in + * the cryptographic mechanisms. + */ + + +err_status_t +srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len); + +/** + * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet + * processing function. + * + * The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr) + * verifies the Secure RTCP protection of the SRTCP packet pointed to + * by srtcp_hdr (which has length *len_ptr), using the SRTP session + * context ctx. If err_status_ok is returned, then srtcp_hdr points + * to the resulting RTCP packet and *len_ptr is the number of octets + * in that packet; otherwise, no assumptions should be made about the + * value of either data elements. + * + * @warning This function assumes that the SRTCP packet is aligned on a + * 32-bit boundary. + * + * @param ctx is a pointer to the srtp_t which applies to the + * particular packet. + * + * @param srtcp_hdr is a pointer to the header of the SRTCP packet + * (before the call). After the function returns, it points to the + * rtp packet if err_status_ok was returned; otherwise, the value of + * the data to which it points is undefined. + * + * @param pkt_octet_len is a pointer to the length in octets of the + * complete SRTCP packet (header and body) before the function call, + * and of the complete rtp packet after the call, if err_status_ok was + * returned. Otherwise, the value of the data to which it points is + * undefined. + * + * @return + * - err_status_ok if the RTCP packet is valid. + * - err_status_auth_fail if the SRTCP packet failed the message + * authentication check. + * - err_status_replay_fail if the SRTCP packet is a replay (e.g. has + * already been processed and accepted). + * - [other] if there has been an error in the cryptographic mechanisms. + * + */ + +err_status_t +srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len); + +/** + * @} + */ + +/** + * @defgroup SRTPevents SRTP events and callbacks + * @ingroup SRTP + * + * @brief libSRTP can use a user-provided callback function to + * handle events. + * + * + * libSRTP allows a user to provide a callback function to handle + * events that need to be dealt with outside of the data plane (see + * the enum srtp_event_t for a description of these events). Dealing + * with these events is not a strict necessity; they are not + * security-critical, but the application may suffer if they are not + * handled. The function srtp_set_event_handler() is used to provide + * the callback function. + * + * A default event handler that merely reports on the events as they + * happen is included. It is also possible to set the event handler + * function to NULL, in which case all events will just be silently + * ignored. + * + * @{ + */ + +/** + * @brief srtp_event_t defines events that need to be handled + * + * The enum srtp_event_t defines events that need to be handled + * outside the `data plane', such as SSRC collisions and + * key expirations. + * + * When a key expires or the maximum number of packets has been + * reached, an SRTP stream will enter an `expired' state in which no + * more packets can be protected or unprotected. When this happens, + * it is likely that you will want to either deallocate the stream + * (using srtp_stream_dealloc()), and possibly allocate a new one. + * + * When an SRTP stream expires, the other streams in the same session + * are unaffected, unless key sharing is used by that stream. In the + * latter case, all of the streams in the session will expire. + */ + +typedef enum { + event_ssrc_collision, /**< + * An SSRC collision occured. + */ + event_key_soft_limit, /**< An SRTP stream reached the soft key + * usage limit and will expire soon. + */ + event_key_hard_limit, /**< An SRTP stream reached the hard + * key usage limit and has expired. + */ + event_packet_index_limit /**< An SRTP stream reached the hard + * packet limit (2^48 packets). + */ +} srtp_event_t; + +/** + * @brief srtp_event_data_t is the structure passed as a callback to + * the event handler function + * + * The struct srtp_event_data_t holds the data passed to the event + * handler function. + */ + +typedef struct srtp_event_data_t { + srtp_t session; /**< The session in which the event happend. */ + srtp_stream_t stream; /**< The stream in which the event happend. */ + srtp_event_t event; /**< An enum indicating the type of event. */ +} srtp_event_data_t; + +/** + * @brief srtp_event_handler_func_t is the function prototype for + * the event handler. + * + * The typedef srtp_event_handler_func_t is the prototype for the + * event handler function. It has as its only argument an + * srtp_event_data_t which describes the event that needs to be handled. + * There can only be a single, global handler for all events in + * libSRTP. + */ + +typedef void (srtp_event_handler_func_t)(srtp_event_data_t *data); + +/** + * @brief sets the event handler to the function supplied by the caller. + * + * The function call srtp_install_event_handler(func) sets the event + * handler function to the value func. The value NULL is acceptable + * as an argument; in this case, events will be ignored rather than + * handled. + * + * @param func is a pointer to a fuction that takes an srtp_event_data_t + * pointer as an argument and returns void. This function + * will be used by libSRTP to handle events. + */ + +err_status_t +srtp_install_event_handler(srtp_event_handler_func_t func); + +/** + * @} + */ +/* in host order, so outside the #if */ +#define SRTCP_E_BIT 0x80000000 +/* for byte-access */ +#define SRTCP_E_BYTE_BIT 0x80 +#define SRTCP_INDEX_MASK 0x7fffffff + +#ifdef _MSC_VER +#pragma pack() +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* SRTP_H */ diff --git a/third_party/srtp/include/srtp_priv.h b/third_party/srtp/include/srtp_priv.h new file mode 100644 index 0000000..9214a65 --- /dev/null +++ b/third_party/srtp/include/srtp_priv.h @@ -0,0 +1,255 @@ +/* + * srtp_priv.h + * + * private internal data structures and functions for libSRTP + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef SRTP_PRIV_H +#define SRTP_PRIV_H + +#include "srtp.h" +#include "rdbx.h" +#include "rdb.h" +#include "integers.h" + +/* + * an srtp_hdr_t represents the srtp header + * + * in this implementation, an srtp_hdr_t is assumed to be 32-bit aligned + * + * (note that this definition follows that of RFC 1889 Appendix A, but + * is not identical) + */ + +#ifdef _MSC_VER
+# pragma warning(push)
+# pragma warning(disable:4214) // bit field types other than int
+#endif + +#ifndef WORDS_BIGENDIAN + +/* + * srtp_hdr_t represents an RTP or SRTP header. The bit-fields in + * this structure should be declared "unsigned int" instead of + * "unsigned char", but doing so causes the MS compiler to not + * fully pack the bit fields. + */ +typedef struct { + unsigned char cc:4; /* CSRC count */ + unsigned char x:1; /* header extension flag */ + unsigned char p:1; /* padding flag */ + unsigned char version:2; /* protocol version */ + unsigned char pt:7; /* payload type */ + unsigned char m:1; /* marker bit */ + uint16_t seq; /* sequence number */ + uint32_t ts; /* timestamp */ + uint32_t ssrc; /* synchronization source */ +} srtp_hdr_t; + +#else /* BIG_ENDIAN */ + +typedef struct { + unsigned char version:2; /* protocol version */ + unsigned char p:1; /* padding flag */ + unsigned char x:1; /* header extension flag */ + unsigned char cc:4; /* CSRC count */ + unsigned char m:1; /* marker bit */ + unsigned pt:7; /* payload type */ + uint16_t seq; /* sequence number */ + uint32_t ts; /* timestamp */ + uint32_t ssrc; /* synchronization source */ +} srtp_hdr_t; + +#endif +
+ +typedef struct { + uint16_t profile_specific; /* profile-specific info */ + uint16_t length; /* number of 32-bit words in extension */ +} srtp_hdr_xtnd_t; + + +/* + * srtcp_hdr_t represents a secure rtcp header + * + * in this implementation, an srtcp header is assumed to be 32-bit + * alinged + */ + +#ifndef WORDS_BIGENDIAN + +typedef struct { + unsigned char rc:5; /* reception report count */ + unsigned char p:1; /* padding flag */ + unsigned char version:2; /* protocol version */ + unsigned char pt:8; /* payload type */ + uint16_t len; /* length */ + uint32_t ssrc; /* synchronization source */ +} srtcp_hdr_t; + +typedef struct { + unsigned int index:31; /* srtcp packet index in network order! */ + unsigned int e:1; /* encrypted? 1=yes */ + /* optional mikey/etc go here */ + /* and then the variable-length auth tag */ +} srtcp_trailer_t; + + +#else /* BIG_ENDIAN */ + +typedef struct { + unsigned char version:2; /* protocol version */ + unsigned char p:1; /* padding flag */ + unsigned char rc:5; /* reception report count */ + unsigned char pt:8; /* payload type */ + uint16_t len; /* length */ + uint32_t ssrc; /* synchronization source */ +} srtcp_hdr_t; + +typedef struct { + unsigned int version:2; /* protocol version */ + unsigned int p:1; /* padding flag */ + unsigned int count:5; /* varies by packet type */ + unsigned int pt:8; /* payload type */ + uint16_t length; /* len of uint32s of packet less header */ +} rtcp_common_t; + +typedef struct { + unsigned int e:1; /* encrypted? 1=yes */ + unsigned int index:31; /* srtcp packet index */ + /* optional mikey/etc go here */ + /* and then the variable-length auth tag */ +} srtcp_trailer_t; + +#endif + + +#ifdef _MSC_VER
+# pragma warning( pop ) +#endif + + +/* + * the following declarations are libSRTP internal functions + */ + +/* + * srtp_get_stream(ssrc) returns a pointer to the stream corresponding + * to ssrc, or NULL if no stream exists for that ssrc + */ + +srtp_stream_t +srtp_get_stream(srtp_t srtp, uint32_t ssrc); + + +/* + * srtp_stream_init_keys(s, k) (re)initializes the srtp_stream_t s by + * deriving all of the needed keys using the KDF and the key k. + */ + + +err_status_t +srtp_stream_init_keys(srtp_stream_t srtp, const void *key); + +/* + * libsrtp internal datatypes + */ + +typedef enum direction_t { + dir_unknown = 0, + dir_srtp_sender = 1, + dir_srtp_receiver = 2 +} direction_t; + +/* + * an srtp_stream_t has its own SSRC, encryption key, authentication + * key, sequence number, and replay database + * + * note that the keys might not actually be unique, in which case the + * cipher_t and auth_t pointers will point to the same structures + */ + +typedef struct srtp_stream_ctx_t { + uint32_t ssrc; + cipher_t *rtp_cipher; + auth_t *rtp_auth; + rdbx_t rtp_rdbx; + sec_serv_t rtp_services; + cipher_t *rtcp_cipher; + auth_t *rtcp_auth; + rdb_t rtcp_rdb; + sec_serv_t rtcp_services; + key_limit_ctx_t *limit; + direction_t direction; + struct srtp_stream_ctx_t *next; /* linked list of streams */ +} srtp_stream_ctx_t; + + +/* + * an srtp_ctx_t holds a stream list and a service description + */ + +typedef struct srtp_ctx_t { + srtp_stream_ctx_t *stream_list; /* linked list of streams */ + srtp_stream_ctx_t *stream_template; /* act as template for other streams */ +} srtp_ctx_t; + + + +/* + * srtp_handle_event(srtp, srtm, evnt) calls the event handling + * function, if there is one. + * + * This macro is not included in the documentation as it is + * an internal-only function. + */ + +#define srtp_handle_event(srtp, strm, evnt) \ + if(srtp_event_handler) { \ + srtp_event_data_t data; \ + data.session = srtp; \ + data.stream = strm; \ + data.event = evnt; \ + srtp_event_handler(&data); \ +} + + +#endif /* SRTP_PRIV_H */ diff --git a/third_party/srtp/include/ut_sim.h b/third_party/srtp/include/ut_sim.h new file mode 100644 index 0000000..c25feeb --- /dev/null +++ b/third_party/srtp/include/ut_sim.h @@ -0,0 +1,80 @@ +/* + * ut-sim.h + * + * an unreliable transport simulator + * (for testing replay databases and suchlike) + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + + +#ifndef UT_SIM_H +#define UT_SIM_H + +#include "integers.h" /* for uint32_t */ + +#define UT_BUF 160 /* maximum amount of packet reorder */ + +typedef struct { + uint32_t index; + uint32_t buffer[UT_BUF]; +} ut_connection; + +/* + * ut_init(&u) initializes the ut_connection + * + * this function should always be the first one called on a new + * ut_connection + */ + +void +ut_init(ut_connection *utc); + +/* + * ut_next_index(&u) returns the next index from the simulated + * unreliable connection + */ + +uint32_t +ut_next_index(ut_connection *utc); + + +#endif /* UT_SIM_H */ diff --git a/third_party/srtp/install-sh b/third_party/srtp/install-sh new file mode 100644 index 0000000..e9de238 --- /dev/null +++ b/third_party/srtp/install-sh @@ -0,0 +1,251 @@ +#!/bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + chmodcmd="" + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 diff --git a/third_party/srtp/pjlib/srtp_err.c b/third_party/srtp/pjlib/srtp_err.c new file mode 100644 index 0000000..ce038eb --- /dev/null +++ b/third_party/srtp/pjlib/srtp_err.c @@ -0,0 +1,49 @@ +/* $Id: srtp_err.c 1907 2008-04-03 22:03:14Z bennylp $ */ +/* + * Copyright (C) 2003-2007 Benny Prijono <benny@prijono.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ +#include "err.h" +#include <pj/log.h> + +/* Redirect libsrtp error to PJ_LOG */ + +err_reporting_level_t err_level = err_level_none; + +err_status_t +err_reporting_init(char *ident) { + return err_status_ok; +} + +void +err_report(int priority, char *format, ...) { + va_list args; + +#if PJ_LOG_MAX_LEVEL >= 1 + if (priority <= err_level) { + + va_start(args, format); + pj_log("libsrtp", priority, format, args); + va_end(args); + } +#endif +} + +void +err_reporting_set_level(err_reporting_level_t lvl) { + err_level = lvl; +} + diff --git a/third_party/srtp/srtp.def b/third_party/srtp/srtp.def new file mode 100644 index 0000000..c1198c5 --- /dev/null +++ b/third_party/srtp/srtp.def @@ -0,0 +1,92 @@ +EXPORTS +srtp_init +srtp_protect +srtp_unprotect +srtp_create +srtp_add_stream +srtp_remove_stream +crypto_policy_set_rtp_default +crypto_policy_set_rtcp_default +crypto_policy_set_aes_cm_128_hmac_sha1_32 +crypto_policy_set_aes_cm_128_null_auth +crypto_policy_set_null_cipher_hmac_sha1_80 +srtp_dealloc +srtp_get_stream +srtp_protect_rtcp +srtp_unprotect_rtcp +srtp_install_event_handler +crypto_kernel_init +crypto_kernel_shutdown +crypto_kernel_status +crypto_kernel_list_debug_modules +crypto_kernel_load_cipher_type +crypto_kernel_load_auth_type +crypto_kernel_load_debug_module +crypto_kernel_alloc_cipher +crypto_kernel_alloc_auth +crypto_kernel_set_debug_module +crypto_get_random +rand_source_init +rand_source_get_octet_string +rand_source_deinit +x917_prng_init +x917_prng_get_octet_string +ctr_prng_init +ctr_prng_get_octet_string +cipher_output +cipher_get_key_length +cipher_type_self_test +cipher_bits_per_second +auth_get_key_length +auth_get_tag_length +auth_get_prefix_length +auth_type_self_test +auth_type_get_ref_count +stat_test_monobit +stat_test_poker +stat_test_runs +stat_test_rand_source +stat_test_rand_source_with_repetition +err_reporting_init +err_report +key_limit_set +key_limit_clone +key_limit_check +key_limit_update +rdbx_init +rdbx_estimate_index +rdbx_check +rdbx_add_index +index_init +index_advance +index_guess +octet_get_weight +octet_string_hex_string +v128_bit_string +v128_hex_string +nibble_to_hex_char +hex_string_to_octet_string +v128_copy_octet_string +v128_left_shift +v128_right_shift +octet_string_is_eq +octet_string_set_to_zero +rdb_init +rdb_check +rdb_add_index +rdb_increment +rdb_get_value +aes_expand_encryption_key +aes_expand_decryption_key +aes_encrypt +aes_decrypt +aes_icm_context_init +aes_icm_set_iv +aes_icm_encrypt +aes_icm_output +aes_icm_dealloc +aes_icm_encrypt_ismacryp +aes_icm_alloc_ismacryp +crypto_alloc +crypto_free +\ No newline at end of file
\ No newline at end of file diff --git a/third_party/srtp/srtp.vcproj b/third_party/srtp/srtp.vcproj new file mode 100644 index 0000000..989646e --- /dev/null +++ b/third_party/srtp/srtp.vcproj @@ -0,0 +1,588 @@ +<?xml version="1.0" encoding="Windows-1252"?> +<VisualStudioProject + ProjectType="Visual C++" + Version="8.00" + Name="srtp" + ProjectGUID="{EEF031CB-FED8-451E-A471-91EC8D4F6750}" + RootNamespace="srtp" + Keyword="Win32Proj" + > + <Platforms> + <Platform + Name="Win32" + /> + </Platforms> + <ToolFiles> + </ToolFiles> + <Configurations> + <Configuration + Name="Debug|Win32" + OutputDirectory="$(SolutionDir)$(ConfigurationName)" + IntermediateDirectory="$(ConfigurationName)" + ConfigurationType="4" + CharacterSet="1" + > + <Tool + Name="VCPreBuildEventTool" + Description="Creating config.h from config.hw" + CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL" + /> + <Tool + Name="VCCustomBuildTool" + Description="" + CommandLine="" + Outputs="" + /> + <Tool + Name="VCXMLDataGeneratorTool" + /> + <Tool + Name="VCWebServiceProxyGeneratorTool" + /> + <Tool + Name="VCMIDLTool" + /> + <Tool + Name="VCCLCompilerTool" + Optimization="0" + AdditionalIncludeDirectories="crypto/include;include" + PreprocessorDefinitions="WIN32;_DEBUG;_LIB;HAVE_CONFIG_H" + MinimalRebuild="true" + BasicRuntimeChecks="3" + RuntimeLibrary="3" + StructMemberAlignment="0" + UsePrecompiledHeader="0" + WarningLevel="3" + Detect64BitPortabilityProblems="true" + DebugInformationFormat="4" + /> + <Tool + Name="VCManagedResourceCompilerTool" + /> + <Tool + Name="VCResourceCompilerTool" + /> + <Tool + Name="VCPreLinkEventTool" + /> + <Tool + Name="VCLibrarianTool" + /> + <Tool + Name="VCALinkTool" + /> + <Tool + Name="VCXDCMakeTool" + /> + <Tool + Name="VCBscMakeTool" + /> + <Tool + Name="VCFxCopTool" + /> + <Tool + Name="VCPostBuildEventTool" + /> + </Configuration> + <Configuration + Name="Release|Win32" + OutputDirectory="$(SolutionDir)$(ConfigurationName)" + IntermediateDirectory="$(ConfigurationName)" + ConfigurationType="4" + CharacterSet="1" + WholeProgramOptimization="1" + > + <Tool + Name="VCPreBuildEventTool" + Description="Creating config.h from config.hw" + CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL" + /> + <Tool + Name="VCCustomBuildTool" + Description="" + CommandLine="" + Outputs="" + /> + <Tool + Name="VCXMLDataGeneratorTool" + /> + <Tool + Name="VCWebServiceProxyGeneratorTool" + /> + <Tool + Name="VCMIDLTool" + /> + <Tool + Name="VCCLCompilerTool" + AdditionalIncludeDirectories="crypto/include;include" + PreprocessorDefinitions="WIN32;NDEBUG;_LIB;HAVE_CONFIG_H" + RuntimeLibrary="2" + StructMemberAlignment="0" + UsePrecompiledHeader="0" + WarningLevel="3" + Detect64BitPortabilityProblems="true" + DebugInformationFormat="3" + /> + <Tool + Name="VCManagedResourceCompilerTool" + /> + <Tool + Name="VCResourceCompilerTool" + /> + <Tool + Name="VCPreLinkEventTool" + /> + <Tool + Name="VCLibrarianTool" + /> + <Tool + Name="VCALinkTool" + /> + <Tool + Name="VCXDCMakeTool" + /> + <Tool + Name="VCBscMakeTool" + /> + <Tool + Name="VCFxCopTool" + /> + <Tool + Name="VCPostBuildEventTool" + /> + </Configuration> + <Configuration + Name="Debug Dll|Win32" + OutputDirectory="$(SolutionDir)$(ConfigurationName)" + IntermediateDirectory="$(ConfigurationName)" + ConfigurationType="2" + CharacterSet="1" + > + <Tool + Name="VCPreBuildEventTool" + Description="Creating config.h from config.hw" + CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL" + /> + <Tool + Name="VCCustomBuildTool" + Description="" + CommandLine="" + Outputs="" + /> + <Tool + Name="VCXMLDataGeneratorTool" + /> + <Tool + Name="VCWebServiceProxyGeneratorTool" + /> + <Tool + Name="VCMIDLTool" + /> + <Tool + Name="VCCLCompilerTool" + Optimization="0" + EnableIntrinsicFunctions="true" + AdditionalIncludeDirectories="crypto/include;include" + PreprocessorDefinitions="WIN32;_DEBUG;_LIB;HAVE_CONFIG_H" + MinimalRebuild="true" + BasicRuntimeChecks="3" + RuntimeLibrary="3" + StructMemberAlignment="0" + UsePrecompiledHeader="0" + WarningLevel="3" + Detect64BitPortabilityProblems="true" + DebugInformationFormat="4" + /> + <Tool + Name="VCManagedResourceCompilerTool" + /> + <Tool + Name="VCResourceCompilerTool" + /> + <Tool + Name="VCPreLinkEventTool" + /> + <Tool + Name="VCLinkerTool" + AdditionalDependencies="Ws2_32.lib" + ModuleDefinitionFile="srtp.def" + OptimizeReferences="1" + EnableCOMDATFolding="1" + OptimizeForWindows98="1" + LinkTimeCodeGeneration="0" + /> + <Tool + Name="VCALinkTool" + /> + <Tool + Name="VCManifestTool" + /> + <Tool + Name="VCXDCMakeTool" + /> + <Tool + Name="VCBscMakeTool" + /> + <Tool + Name="VCFxCopTool" + /> + <Tool + Name="VCAppVerifierTool" + /> + <Tool + Name="VCWebDeploymentTool" + /> + <Tool + Name="VCPostBuildEventTool" + /> + </Configuration> + <Configuration + Name="Release Dll|Win32" + OutputDirectory="$(SolutionDir)$(ConfigurationName)" + IntermediateDirectory="$(ConfigurationName)" + ConfigurationType="2" + CharacterSet="1" + WholeProgramOptimization="1" + > + <Tool + Name="VCPreBuildEventTool" + Description="Creating config.h from config.hw" + CommandLine="copy /Y "$(InputDir)config.hw" "$(InputDir)crypto\include\config.h" > NUL" + /> + <Tool + Name="VCCustomBuildTool" + Description="" + CommandLine="" + Outputs="" + /> + <Tool + Name="VCXMLDataGeneratorTool" + /> + <Tool + Name="VCWebServiceProxyGeneratorTool" + /> + <Tool + Name="VCMIDLTool" + /> + <Tool + Name="VCCLCompilerTool" + AdditionalIncludeDirectories="crypto/include;include" + PreprocessorDefinitions="WIN32;NDEBUG;_LIB;HAVE_CONFIG_H" + RuntimeLibrary="2" + StructMemberAlignment="0" + UsePrecompiledHeader="0" + WarningLevel="3" + Detect64BitPortabilityProblems="true" + DebugInformationFormat="3" + /> + <Tool + Name="VCManagedResourceCompilerTool" + /> + <Tool + Name="VCResourceCompilerTool" + /> + <Tool + Name="VCPreLinkEventTool" + /> + <Tool + Name="VCLinkerTool" + AdditionalDependencies="Ws2_32.lib" + ModuleDefinitionFile="srtp.def" + /> + <Tool + Name="VCALinkTool" + /> + <Tool + Name="VCManifestTool" + /> + <Tool + Name="VCXDCMakeTool" + /> + <Tool + Name="VCBscMakeTool" + /> + <Tool + Name="VCFxCopTool" + /> + <Tool + Name="VCAppVerifierTool" + /> + <Tool + Name="VCWebDeploymentTool" + /> + <Tool + Name="VCPostBuildEventTool" + /> + </Configuration> + </Configurations> + <References> + </References> + <Files> + <Filter + Name="Source Files" + Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx" + UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}" + > + <File + RelativePath=".\srtp\srtp.c" + > + </File> + <Filter + Name="Kernel" + > + <File + RelativePath=".\crypto\kernel\alloc.c" + > + </File> + <File + RelativePath=".\crypto\kernel\crypto_kernel.c" + > + </File> + <File + RelativePath=".\crypto\rng\ctr_prng.c" + > + </File> + <File + RelativePath=".\crypto\kernel\err.c" + > + </File> + <File + RelativePath=".\crypto\kernel\key.c" + > + </File> + <File + RelativePath=".\crypto\rng\prng.c" + > + </File> + <File + RelativePath=".\crypto\rng\rand_source.c" + > + </File> + </Filter> + <Filter + Name="Ciphers" + > + <File + RelativePath=".\crypto\cipher\aes.c" + > + <FileConfiguration + Name="Debug Dll|Win32" + > + <Tool + Name="VCCLCompilerTool" + InlineFunctionExpansion="0" + EnableIntrinsicFunctions="false" + EnableFunctionLevelLinking="false" + /> + </FileConfiguration> + </File> + <File + RelativePath=".\crypto\cipher\aes_cbc.c" + > + </File> + <File + RelativePath=".\crypto\cipher\aes_icm.c" + > + </File> + <File + RelativePath=".\crypto\cipher\cipher.c" + > + </File> + <File + RelativePath=".\crypto\cipher\null_cipher.c" + > + </File> + </Filter> + <Filter + Name="Hashes" + > + <File + RelativePath=".\crypto\hash\auth.c" + > + </File> + <File + RelativePath=".\crypto\hash\hmac.c" + > + </File> + <File + RelativePath=".\crypto\hash\null_auth.c" + > + </File> + <File + RelativePath=".\crypto\hash\sha1.c" + > + </File> + </Filter> + <Filter + Name="Replay" + > + <File + RelativePath=".\crypto\replay\rdb.c" + > + </File> + <File + RelativePath=".\crypto\replay\rdbx.c" + > + </File> + <File + RelativePath=".\crypto\replay\ut_sim.c" + > + </File> + </Filter> + <Filter + Name="Math" + > + <File + RelativePath=".\crypto\math\datatypes.c" + > + </File> + <File + RelativePath=".\crypto\math\stat.c" + > + </File> + </Filter> + </Filter> + <Filter + Name="Header Files" + Filter="h;hpp;hxx;hm;inl;inc;xsd" + UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}" + > + <File + RelativePath=".\crypto\include\aes.h" + > + </File> + <File + RelativePath=".\crypto\include\aes_cbc.h" + > + </File> + <File + RelativePath=".\crypto\include\aes_icm.h" + > + </File> + <File + RelativePath=".\crypto\include\alloc.h" + > + </File> + <File + RelativePath=".\crypto\include\auth.h" + > + </File> + <File + RelativePath=".\crypto\include\cipher.h" + > + </File> + <File + RelativePath=".\crypto\include\config.h" + > + </File> + <File + RelativePath=".\crypto\include\crypto.h" + > + </File> + <File + RelativePath=".\crypto\include\crypto_kernel.h" + > + </File> + <File + RelativePath=".\crypto\include\crypto_math.h" + > + </File> + <File + RelativePath=".\crypto\include\crypto_types.h" + > + </File> + <File + RelativePath=".\crypto\include\cryptoalg.h" + > + </File> + <File + RelativePath=".\crypto\include\datatypes.h" + > + </File> + <File + RelativePath=".\crypto\include\err.h" + > + </File> + <File + RelativePath=".\crypto\include\gf2_8.h" + > + </File> + <File + RelativePath=".\crypto\include\hmac.h" + > + </File> + <File + RelativePath=".\crypto\include\integers.h" + > + </File> + <File + RelativePath=".\crypto\include\kernel_compat.h" + > + </File> + <File + RelativePath=".\crypto\include\key.h" + > + </File> + <File + RelativePath=".\crypto\include\null_auth.h" + > + </File> + <File + RelativePath=".\crypto\include\null_cipher.h" + > + </File> + <File + RelativePath=".\crypto\include\prng.h" + > + </File> + <File + RelativePath=".\crypto\include\rand_source.h" + > + </File> + <File + RelativePath=".\crypto\include\rdb.h" + > + </File> + <File + RelativePath=".\crypto\include\rdbx.h" + > + </File> + <File + RelativePath=".\include\rtp.h" + > + </File> + <File + RelativePath=".\crypto\include\sha1.h" + > + </File> + <File + RelativePath=".\include\srtp.h" + > + </File> + <File + RelativePath=".\crypto\include\stat.h" + > + </File> + <File + RelativePath=".\include\ut_sim.h" + > + </File> + <File + RelativePath=".\crypto\include\xfm.h" + > + </File> + </Filter> + <Filter + Name="Resource Files" + Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav" + UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}" + > + </Filter> + <File + RelativePath=".\srtp.def" + > + </File> + </Files> + <Globals> + </Globals> +</VisualStudioProject> diff --git a/third_party/srtp/srtp/srtp.c b/third_party/srtp/srtp/srtp.c new file mode 100644 index 0000000..b30f6d3 --- /dev/null +++ b/third_party/srtp/srtp/srtp.c @@ -0,0 +1,1913 @@ +/* + * srtp.c + * + * the secure real-time transport protocol + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "srtp_priv.h" +#include "aes_icm.h" /* aes_icm is used in the KDF */ +#include "alloc.h" /* for crypto_alloc() */ + +#ifndef SRTP_KERNEL +# include <limits.h> +# ifdef HAVE_NETINET_IN_H +# include <netinet/in.h> +# elif defined(HAVE_WINSOCK2_H) +# include <winsock2.h> +# endif +#endif /* ! SRTP_KERNEL */ + + +extern cipher_type_t aes_icm; +extern auth_type_t tmmhv2; + +/* the debug module for srtp */ + +debug_module_t mod_srtp = { + 0, /* debugging is off by default */ + "srtp" /* printable name for module */ +}; + +#define octets_in_rtp_header 12 +#define uint32s_in_rtp_header 3 +#define octets_in_rtcp_header 8 +#define uint32s_in_rtcp_header 2 + + +err_status_t +srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, + const srtp_policy_t *p) { + srtp_stream_ctx_t *str; + err_status_t stat; + + /* + * This function allocates the stream context, rtp and rtcp ciphers + * and auth functions, and key limit structure. If there is a + * failure during allocation, we free all previously allocated + * memory and return a failure code. The code could probably + * be improved, but it works and should be clear. + */ + + /* allocate srtp stream and set str_ptr */ + str = (srtp_stream_ctx_t *) crypto_alloc(sizeof(srtp_stream_ctx_t)); + if (str == NULL) + return err_status_alloc_fail; + *str_ptr = str; + + /* allocate cipher */ + stat = crypto_kernel_alloc_cipher(p->rtp.cipher_type, + &str->rtp_cipher, + p->rtp.cipher_key_len); + if (stat) { + crypto_free(str); + return stat; + } + + /* allocate auth function */ + stat = crypto_kernel_alloc_auth(p->rtp.auth_type, + &str->rtp_auth, + p->rtp.auth_key_len, + p->rtp.auth_tag_len); + if (stat) { + cipher_dealloc(str->rtp_cipher); + crypto_free(str); + return stat; + } + + /* allocate key limit structure */ + str->limit = (key_limit_ctx_t*) crypto_alloc(sizeof(key_limit_ctx_t)); + if (str->limit == NULL) { + auth_dealloc(str->rtp_auth); + cipher_dealloc(str->rtp_cipher); + crypto_free(str); + return err_status_alloc_fail; + } + + /* + * ...and now the RTCP-specific initialization - first, allocate + * the cipher + */ + stat = crypto_kernel_alloc_cipher(p->rtcp.cipher_type, + &str->rtcp_cipher, + p->rtcp.cipher_key_len); + if (stat) { + auth_dealloc(str->rtp_auth); + cipher_dealloc(str->rtp_cipher); + crypto_free(str->limit); + crypto_free(str); + return stat; + } + + /* allocate auth function */ + stat = crypto_kernel_alloc_auth(p->rtcp.auth_type, + &str->rtcp_auth, + p->rtcp.auth_key_len, + p->rtcp.auth_tag_len); + if (stat) { + cipher_dealloc(str->rtcp_cipher); + auth_dealloc(str->rtp_auth); + cipher_dealloc(str->rtp_cipher); + crypto_free(str->limit); + crypto_free(str); + return stat; + } + + return err_status_ok; +} + +err_status_t +srtp_stream_dealloc(srtp_t session, srtp_stream_ctx_t *stream) { + err_status_t status; + + /* + * we use a conservative deallocation strategy - if any deallocation + * fails, then we report that fact without trying to deallocate + * anything else + */ + + /* deallocate cipher, if it is not the same as that in template */ + if (session->stream_template + && stream->rtp_cipher == session->stream_template->rtp_cipher) { + /* do nothing */ + } else { + status = cipher_dealloc(stream->rtp_cipher); + if (status) + return status; + } + + /* deallocate auth function, if it is not the same as that in template */ + if (session->stream_template + && stream->rtp_auth == session->stream_template->rtp_auth) { + /* do nothing */ + } else { + status = auth_dealloc(stream->rtp_auth); + if (status) + return status; + } + + /* deallocate key usage limit, if it is not the same as that in template */ + if (session->stream_template + && stream->limit == session->stream_template->limit) { + /* do nothing */ + } else { + crypto_free(stream->limit); + } + + /* + * deallocate rtcp cipher, if it is not the same as that in + * template + */ + if (session->stream_template + && stream->rtcp_cipher == session->stream_template->rtcp_cipher) { + /* do nothing */ + } else { + status = cipher_dealloc(stream->rtcp_cipher); + if (status) + return status; + } + + /* + * deallocate rtcp auth function, if it is not the same as that in + * template + */ + if (session->stream_template + && stream->rtcp_auth == session->stream_template->rtcp_auth) { + /* do nothing */ + } else { + status = auth_dealloc(stream->rtcp_auth); + if (status) + return status; + } + + /* deallocate srtp stream context */ + crypto_free(stream); + + return err_status_ok; +} + + +/* + * srtp_stream_clone(stream_template, new) allocates a new stream and + * initializes it using the cipher and auth of the stream_template + * + * the only unique data in a cloned stream is the replay database and + * the SSRC + */ + +err_status_t +srtp_stream_clone(const srtp_stream_ctx_t *stream_template, + uint32_t ssrc, + srtp_stream_ctx_t **str_ptr) { + err_status_t status; + srtp_stream_ctx_t *str; + + debug_print(mod_srtp, "cloning stream (SSRC: 0x%08x)", ssrc); + + /* allocate srtp stream and set str_ptr */ + str = (srtp_stream_ctx_t *) crypto_alloc(sizeof(srtp_stream_ctx_t)); + if (str == NULL) + return err_status_alloc_fail; + *str_ptr = str; + + /* set cipher and auth pointers to those of the template */ + str->rtp_cipher = stream_template->rtp_cipher; + str->rtp_auth = stream_template->rtp_auth; + str->rtcp_cipher = stream_template->rtcp_cipher; + str->rtcp_auth = stream_template->rtcp_auth; + + /* set key limit to point to that of the template */ + status = key_limit_clone(stream_template->limit, &str->limit); + if (status) + return status; + + /* initialize replay databases */ + rdbx_init(&str->rtp_rdbx); + rdb_init(&str->rtcp_rdb); + + /* set ssrc to that provided */ + str->ssrc = ssrc; + + /* set direction and security services */ + str->direction = stream_template->direction; + str->rtp_services = stream_template->rtp_services; + str->rtcp_services = stream_template->rtcp_services; + + /* defensive coding */ + str->next = NULL; + + return err_status_ok; +} + + +/* + * key derivation functions, internal to libSRTP + * + * srtp_kdf_t is a key derivation context + * + * srtp_kdf_init(&kdf, k) initializes kdf with the key k + * + * srtp_kdf_generate(&kdf, l, kl, keylen) derives the key + * corresponding to label l and puts it into kl; the length + * of the key in octets is provided as keylen. this function + * should be called once for each subkey that is derived. + * + * srtp_kdf_clear(&kdf) zeroizes the kdf state + */ + +typedef enum { + label_rtp_encryption = 0x00, + label_rtp_msg_auth = 0x01, + label_rtp_salt = 0x02, + label_rtcp_encryption = 0x03, + label_rtcp_msg_auth = 0x04, + label_rtcp_salt = 0x05 +} srtp_prf_label; + + +/* + * srtp_kdf_t represents a key derivation function. The SRTP + * default KDF is the only one implemented at present. + */ + +typedef struct { + aes_icm_ctx_t c; /* cipher used for key derivation */ +} srtp_kdf_t; + +err_status_t +srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t key[30]) { + + aes_icm_context_init(&kdf->c, key); + + return err_status_ok; +} + +err_status_t +srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label, + uint8_t *key, int length) { + + v128_t nonce; + + /* set eigth octet of nonce to <label>, set the rest of it to zero */ + v128_set_to_zero(&nonce); + nonce.v8[7] = label; + + aes_icm_set_iv(&kdf->c, &nonce); + + /* generate keystream output */ + aes_icm_output(&kdf->c, key, length); + + return err_status_ok; +} + +err_status_t +srtp_kdf_clear(srtp_kdf_t *kdf) { + + /* zeroize aes context */ + octet_string_set_to_zero((uint8_t *)kdf, sizeof(srtp_kdf_t)); + + return err_status_ok; +} + +/* + * end of key derivation functions + */ + +#define MAX_SRTP_KEY_LEN 256 + + +err_status_t +srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) { + err_status_t stat; + srtp_kdf_t kdf; + uint8_t tmp_key[MAX_SRTP_KEY_LEN]; + + /* initialize KDF state */ + srtp_kdf_init(&kdf, (const uint8_t *)key); + + /* generate encryption key */ + srtp_kdf_generate(&kdf, label_rtp_encryption, + tmp_key, cipher_get_key_length(srtp->rtp_cipher)); + /* + * if the cipher in the srtp context is aes_icm, then we need + * to generate the salt value + */ + if (srtp->rtp_cipher->type == &aes_icm) { + /* FIX!!! this is really the cipher key length; rest is salt */ + int base_key_len = 16; + int salt_len = cipher_get_key_length(srtp->rtp_cipher) - base_key_len; + + debug_print(mod_srtp, "found aes_icm, generating salt", NULL); + + /* generate encryption salt, put after encryption key */ + srtp_kdf_generate(&kdf, label_rtp_salt, + tmp_key + base_key_len, salt_len); + } + debug_print(mod_srtp, "cipher key: %s", + octet_string_hex_string(tmp_key, + cipher_get_key_length(srtp->rtp_cipher))); + + /* initialize cipher */ + stat = cipher_init(srtp->rtp_cipher, tmp_key, direction_any); + if (stat) { + /* zeroize temp buffer */ + octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); + return err_status_init_fail; + } + + /* generate authentication key */ + srtp_kdf_generate(&kdf, label_rtp_msg_auth, + tmp_key, auth_get_key_length(srtp->rtp_auth)); + debug_print(mod_srtp, "auth key: %s", + octet_string_hex_string(tmp_key, + auth_get_key_length(srtp->rtp_auth))); + + /* initialize auth function */ + stat = auth_init(srtp->rtp_auth, tmp_key); + if (stat) { + /* zeroize temp buffer */ + octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); + return err_status_init_fail; + } + + /* + * ...now initialize SRTCP keys + */ + + /* generate encryption key */ + srtp_kdf_generate(&kdf, label_rtcp_encryption, + tmp_key, cipher_get_key_length(srtp->rtcp_cipher)); + /* + * if the cipher in the srtp context is aes_icm, then we need + * to generate the salt value + */ + if (srtp->rtcp_cipher->type == &aes_icm) { + /* FIX!!! this is really the cipher key length; rest is salt */ + int base_key_len = 16; + int salt_len = cipher_get_key_length(srtp->rtcp_cipher) - base_key_len; + + debug_print(mod_srtp, "found aes_icm, generating rtcp salt", NULL); + + /* generate encryption salt, put after encryption key */ + srtp_kdf_generate(&kdf, label_rtcp_salt, + tmp_key + base_key_len, salt_len); + } + debug_print(mod_srtp, "rtcp cipher key: %s", + octet_string_hex_string(tmp_key, + cipher_get_key_length(srtp->rtcp_cipher))); + + /* initialize cipher */ + stat = cipher_init(srtp->rtcp_cipher, tmp_key, direction_any); + if (stat) { + /* zeroize temp buffer */ + octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); + return err_status_init_fail; + } + + /* generate authentication key */ + srtp_kdf_generate(&kdf, label_rtcp_msg_auth, + tmp_key, auth_get_key_length(srtp->rtcp_auth)); + debug_print(mod_srtp, "rtcp auth key: %s", + octet_string_hex_string(tmp_key, + auth_get_key_length(srtp->rtcp_auth))); + + /* initialize auth function */ + stat = auth_init(srtp->rtcp_auth, tmp_key); + if (stat) { + /* zeroize temp buffer */ + octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); + return err_status_init_fail; + } + + /* clear memory then return */ + srtp_kdf_clear(&kdf); + octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); + + return err_status_ok; +} + +err_status_t +srtp_stream_init(srtp_stream_ctx_t *srtp, + const srtp_policy_t *p) { + err_status_t err; + + debug_print(mod_srtp, "initializing stream (SSRC: 0x%08x)", + p->ssrc.value); + + /* initialize replay database */ + rdbx_init(&srtp->rtp_rdbx); + + /* initialize key limit to maximum value */ +#ifdef NO_64BIT_MATH +{ + uint64_t temp; + temp = make64(UINT_MAX,UINT_MAX); + key_limit_set(srtp->limit, temp); +} +#else + key_limit_set(srtp->limit, PJ_UINT64(0xffffffffffff)); +#endif + + /* set the SSRC value */ + srtp->ssrc = htonl(p->ssrc.value); + + /* set the security service flags */ + srtp->rtp_services = p->rtp.sec_serv; + srtp->rtcp_services = p->rtcp.sec_serv; + + /* + * set direction to unknown - this flag gets checked in srtp_protect(), + * srtp_unprotect(), srtp_protect_rtcp(), and srtp_unprotect_rtcp(), and + * gets set appropriately if it is set to unknown. + */ + srtp->direction = dir_unknown; + + /* initialize SRTCP replay database */ + rdb_init(&srtp->rtcp_rdb); + + /* DAM - no RTCP key limit at present */ + + /* initialize keys */ + err = srtp_stream_init_keys(srtp, p->key); + if (err) return err; + + return err_status_ok; + } + + + /* + * srtp_event_reporter is an event handler function that merely + * reports the events that are reported by the callbacks + */ + + void + srtp_event_reporter(srtp_event_data_t *data) { + + err_report(err_level_warning, "srtp: in stream 0x%x: ", + data->stream->ssrc); + + switch(data->event) { + case event_ssrc_collision: + err_report(err_level_warning, "\tSSRC collision\n"); + break; + case event_key_soft_limit: + err_report(err_level_warning, "\tkey usage soft limit reached\n"); + break; + case event_key_hard_limit: + err_report(err_level_warning, "\tkey usage hard limit reached\n"); + break; + case event_packet_index_limit: + err_report(err_level_warning, "\tpacket index limit reached\n"); + break; + default: + err_report(err_level_warning, "\tunknown event reported to handler\n"); + } + } + + /* + * srtp_event_handler is a global variable holding a pointer to the + * event handler function; this function is called for any unexpected + * event that needs to be handled out of the SRTP data path. see + * srtp_event_t in srtp.h for more info + * + * it is okay to set srtp_event_handler to NULL, but we set + * it to the srtp_event_reporter. + */ + + static srtp_event_handler_func_t *srtp_event_handler = srtp_event_reporter; + + err_status_t + srtp_install_event_handler(srtp_event_handler_func_t func) { + + /* + * note that we accept NULL arguments intentionally - calling this + * function with a NULL arguments removes an event handler that's + * been previously installed + */ + + /* set global event handling function */ + srtp_event_handler = func; + return err_status_ok; + } + + err_status_t + srtp_protect(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len) { + srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; + uint32_t *enc_start; /* pointer to start of encrypted portion */ + uint32_t *auth_start; /* pointer to start of auth. portion */ + unsigned enc_octet_len = 0; /* number of octets in encrypted portion */ + xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ + int delta; /* delta of local pkt idx and that in hdr */ + uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ + err_status_t status; + int tag_len; + srtp_stream_ctx_t *stream; + int prefix_len; + + debug_print(mod_srtp, "function srtp_protect", NULL); + + /* we assume the hdr is 32-bit aligned to start */ + + /* check the packet length - it must at least contain a full header */ + if (*pkt_octet_len < octets_in_rtp_header) + return err_status_bad_param; + + /* + * look up ssrc in srtp_stream list, and process the packet with + * the appropriate stream. if we haven't seen this stream before, + * there's a template key for this srtp_session, and the cipher + * supports key-sharing, then we assume that a new stream using + * that key has just started up + */ + stream = srtp_get_stream(ctx, hdr->ssrc); + if (stream == NULL) { + if (ctx->stream_template != NULL) { + srtp_stream_ctx_t *new_stream; + + /* allocate and initialize a new stream */ + status = srtp_stream_clone(ctx->stream_template, + hdr->ssrc, &new_stream); + if (status) + return status; + + /* add new stream to the head of the stream_list */ + new_stream->next = ctx->stream_list; + ctx->stream_list = new_stream; + + /* set direction to outbound */ + new_stream->direction = dir_srtp_sender; + + /* set stream (the pointer used in this function) */ + stream = new_stream; + } else { + /* no template stream, so we return an error */ + return err_status_no_ctx; + } + } + + /* + * verify that stream is for sending traffic - this check will + * detect SSRC collisions, since a stream that appears in both + * srtp_protect() and srtp_unprotect() will fail this test in one of + * those functions. + */ + if (stream->direction != dir_srtp_sender) { + if (stream->direction == dir_unknown) { + stream->direction = dir_srtp_sender; + } else { + srtp_handle_event(ctx, stream, event_ssrc_collision); + } + } + + /* + * update the key usage limit, and check it to make sure that we + * didn't just hit either the soft limit or the hard limit, and call + * the event handler if we hit either. + */ + switch(key_limit_update(stream->limit)) { + case key_event_normal: + break; + case key_event_soft_limit: + srtp_handle_event(ctx, stream, event_key_soft_limit); + break; + case key_event_hard_limit: + srtp_handle_event(ctx, stream, event_key_hard_limit); + return err_status_key_expired; + default: + break; + } + + /* get tag length from stream */ + tag_len = auth_get_tag_length(stream->rtp_auth); + + /* + * find starting point for encryption and length of data to be + * encrypted - the encrypted portion starts after the rtp header + * extension, if present; otherwise, it starts after the last csrc, + * if any are present + * + * if we're not providing confidentiality, set enc_start to NULL + */ + if (stream->rtp_services & sec_serv_conf) { + enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; + if (hdr->x == 1) { + srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; + enc_start += (ntohs(xtn_hdr->length) + 1); + } + enc_octet_len = (unsigned int)(*pkt_octet_len + - ((enc_start - (uint32_t *)hdr) << 2)); + } else { + enc_start = NULL; + } + + /* + * if we're providing authentication, set the auth_start and auth_tag + * pointers to the proper locations; otherwise, set auth_start to NULL + * to indicate that no authentication is needed + */ + if (stream->rtp_services & sec_serv_auth) { + auth_start = (uint32_t *)hdr; + auth_tag = (uint8_t *)hdr + *pkt_octet_len; + } else { + auth_start = NULL; + auth_tag = NULL; + } + + /* + * estimate the packet index using the start of the replay window + * and the sequence number from the header + */ + delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); + status = rdbx_check(&stream->rtp_rdbx, delta); + if (status) + return status; /* we've been asked to reuse an index */ + rdbx_add_index(&stream->rtp_rdbx, delta); + +#ifdef NO_64BIT_MATH + debug_print2(mod_srtp, "estimated packet index: %08x%08x", + high32(est),low32(est)); +#else + debug_print(mod_srtp, "estimated packet index: %016llx", est); +#endif + + /* + * if we're using rindael counter mode, set nonce and seq + */ + if (stream->rtp_cipher->type == &aes_icm) { + v128_t iv; + + iv.v32[0] = 0; + iv.v32[1] = hdr->ssrc; +#ifdef NO_64BIT_MATH + iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), + low32(est) << 16)); +#else + iv.v64[1] = be64_to_cpu(est << 16); +#endif + status = cipher_set_iv(stream->rtp_cipher, &iv); + + } else { + v128_t iv; + + /* otherwise, set the index to est */ +#ifdef NO_64BIT_MATH + iv.v32[0] = 0; + iv.v32[1] = 0; +#else + iv.v64[0] = 0; +#endif + iv.v64[1] = be64_to_cpu(est); + status = cipher_set_iv(stream->rtp_cipher, &iv); + } + if (status) + return err_status_cipher_fail; + + /* shift est, put into network byte order */ +#ifdef NO_64BIT_MATH + est = be64_to_cpu(make64((high32(est) << 16) | + (low32(est) >> 16), + low32(est) << 16)); +#else + est = be64_to_cpu(est << 16); +#endif + + /* + * if we're authenticating using a universal hash, put the keystream + * prefix into the authentication tag + */ + if (auth_start) { + + prefix_len = auth_get_prefix_length(stream->rtp_auth); + if (prefix_len) { + status = cipher_output(stream->rtp_cipher, auth_tag, prefix_len); + if (status) + return err_status_cipher_fail; + debug_print(mod_srtp, "keystream prefix: %s", + octet_string_hex_string(auth_tag, prefix_len)); + } + } + + /* if we're encrypting, exor keystream into the message */ + if (enc_start) { + status = cipher_encrypt(stream->rtp_cipher, + (uint8_t *)enc_start, &enc_octet_len); + if (status) + return err_status_cipher_fail; + } + + /* + * if we're authenticating, run authentication function and put result + * into the auth_tag + */ + if (auth_start) { + + /* initialize auth func context */ + status = auth_start(stream->rtp_auth); + if (status) return status; + + /* run auth func over packet */ + status = auth_update(stream->rtp_auth, + (uint8_t *)auth_start, *pkt_octet_len); + if (status) return status; + + /* run auth func over ROC, put result into auth_tag */ + debug_print(mod_srtp, "estimated packet index: %016llx", est); + status = auth_compute(stream->rtp_auth, (uint8_t *)&est, 4, auth_tag); + debug_print(mod_srtp, "srtp auth tag: %s", + octet_string_hex_string(auth_tag, tag_len)); + if (status) + return err_status_auth_fail; + + } + + if (auth_tag) { + + /* increase the packet length by the length of the auth tag */ + *pkt_octet_len += tag_len; + } + + return err_status_ok; +} + + +err_status_t +srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { + srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr; + uint32_t *enc_start; /* pointer to start of encrypted portion */ + uint32_t *auth_start; /* pointer to start of auth. portion */ + unsigned enc_octet_len = 0;/* number of octets in encrypted portion */ + uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ + xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ + int delta; /* delta of local pkt idx and that in hdr */ + v128_t iv; + err_status_t status; + srtp_stream_ctx_t *stream; + uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; + int tag_len, prefix_len; + + debug_print(mod_srtp, "function srtp_unprotect", NULL); + + /* we assume the hdr is 32-bit aligned to start */ + + /* check the packet length - it must at least contain a full header */ + if (*pkt_octet_len < octets_in_rtp_header) + return err_status_bad_param; + + /* + * look up ssrc in srtp_stream list, and process the packet with + * the appropriate stream. if we haven't seen this stream before, + * there's only one key for this srtp_session, and the cipher + * supports key-sharing, then we assume that a new stream using + * that key has just started up + */ + stream = srtp_get_stream(ctx, hdr->ssrc); + if (stream == NULL) { + if (ctx->stream_template != NULL) { + stream = ctx->stream_template; + debug_print(mod_srtp, "using provisional stream (SSRC: 0x%08x)", + hdr->ssrc); + + /* + * set estimated packet index to sequence number from header, + * and set delta equal to the same value + */ +#ifdef NO_64BIT_MATH + est = (xtd_seq_num_t) make64(0,ntohs(hdr->seq)); + delta = low32(est); +#else + est = (xtd_seq_num_t) ntohs(hdr->seq); + delta = (int)est; +#endif + } else { + + /* + * no stream corresponding to SSRC found, and we don't do + * key-sharing, so return an error + */ + return err_status_no_ctx; + } + } else { + + /* estimate packet index from seq. num. in header */ + delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); + + /* check replay database */ + status = rdbx_check(&stream->rtp_rdbx, delta); + if (status) + return status; + } + +#ifdef NO_64BIT_MATH + debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est),low32(est)); +#else + debug_print(mod_srtp, "estimated u_packet index: %016llx", est); +#endif + + /* get tag length from stream */ + tag_len = auth_get_tag_length(stream->rtp_auth); + + /* + * set the cipher's IV properly, depending on whatever cipher we + * happen to be using + */ + if (stream->rtp_cipher->type == &aes_icm) { + + /* aes counter mode */ + iv.v32[0] = 0; + iv.v32[1] = hdr->ssrc; /* still in network order */ +#ifdef NO_64BIT_MATH + iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), + low32(est) << 16)); +#else + iv.v64[1] = be64_to_cpu(est << 16); +#endif + status = aes_icm_set_iv((aes_icm_ctx_t*)stream->rtp_cipher->state, &iv); + } else { + + /* no particular format - set the iv to the pakcet index */ +#ifdef NO_64BIT_MATH + iv.v32[0] = 0; + iv.v32[1] = 0; +#else + iv.v64[0] = 0; +#endif + iv.v64[1] = be64_to_cpu(est); + status = cipher_set_iv(stream->rtp_cipher, &iv); + } + if (status) + return err_status_cipher_fail; + + /* shift est, put into network byte order */ +#ifdef NO_64BIT_MATH + est = be64_to_cpu(make64((high32(est) << 16) | + (low32(est) >> 16), + low32(est) << 16)); +#else + est = be64_to_cpu(est << 16); +#endif + + /* + * find starting point for decryption and length of data to be + * decrypted - the encrypted portion starts after the rtp header + * extension, if present; otherwise, it starts after the last csrc, + * if any are present + * + * if we're not providing confidentiality, set enc_start to NULL + */ + if (stream->rtp_services & sec_serv_conf) { + enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; + if (hdr->x == 1) { + srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; + enc_start += (ntohs(xtn_hdr->length) + 1); + } + enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len + - ((enc_start - (uint32_t *)hdr) << 2)); + } else { + enc_start = NULL; + } + + /* + * if we're providing authentication, set the auth_start and auth_tag + * pointers to the proper locations; otherwise, set auth_start to NULL + * to indicate that no authentication is needed + */ + if (stream->rtp_services & sec_serv_auth) { + auth_start = (uint32_t *)hdr; + auth_tag = (uint8_t *)hdr + *pkt_octet_len - tag_len; + } else { + auth_start = NULL; + auth_tag = NULL; + } + + /* + * if we expect message authentication, run the authentication + * function and compare the result with the value of the auth_tag + */ + if (auth_start) { + + /* + * if we're using a universal hash, then we need to compute the + * keystream prefix for encrypting the universal hash output + * + * if the keystream prefix length is zero, then we know that + * the authenticator isn't using a universal hash function + */ + if (stream->rtp_auth->prefix_len != 0) { + + prefix_len = auth_get_prefix_length(stream->rtp_auth); + status = cipher_output(stream->rtp_cipher, tmp_tag, prefix_len); + debug_print(mod_srtp, "keystream prefix: %s", + octet_string_hex_string(tmp_tag, prefix_len)); + if (status) + return err_status_cipher_fail; + } + + /* initialize auth func context */ + status = auth_start(stream->rtp_auth); + if (status) return status; + + /* now compute auth function over packet */ + status = auth_update(stream->rtp_auth, (uint8_t *)auth_start, + *pkt_octet_len - tag_len); + + /* run auth func over ROC, then write tmp tag */ + status = auth_compute(stream->rtp_auth, (uint8_t *)&est, 4, tmp_tag); + + debug_print(mod_srtp, "computed auth tag: %s", + octet_string_hex_string(tmp_tag, tag_len)); + debug_print(mod_srtp, "packet auth tag: %s", + octet_string_hex_string(auth_tag, tag_len)); + if (status) + return err_status_auth_fail; + + if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) + return err_status_auth_fail; + } + + /* + * update the key usage limit, and check it to make sure that we + * didn't just hit either the soft limit or the hard limit, and call + * the event handler if we hit either. + */ + switch(key_limit_update(stream->limit)) { + case key_event_normal: + break; + case key_event_soft_limit: + srtp_handle_event(ctx, stream, event_key_soft_limit); + break; + case key_event_hard_limit: + srtp_handle_event(ctx, stream, event_key_hard_limit); + return err_status_key_expired; + default: + break; + } + + /* if we're encrypting, add keystream into ciphertext */ + if (enc_start) { + status = cipher_encrypt(stream->rtp_cipher, + (uint8_t *)enc_start, &enc_octet_len); + if (status) + return err_status_cipher_fail; + } + + /* + * verify that stream is for received traffic - this check will + * detect SSRC collisions, since a stream that appears in both + * srtp_protect() and srtp_unprotect() will fail this test in one of + * those functions. + * + * we do this check *after* the authentication check, so that the + * latter check will catch any attempts to fool us into thinking + * that we've got a collision + */ + if (stream->direction != dir_srtp_receiver) { + if (stream->direction == dir_unknown) { + stream->direction = dir_srtp_receiver; + } else { + srtp_handle_event(ctx, stream, event_ssrc_collision); + } + } + + /* + * if the stream is a 'provisional' one, in which the template context + * is used, then we need to allocate a new stream at this point, since + * the authentication passed + */ + if (stream == ctx->stream_template) { + srtp_stream_ctx_t *new_stream; + + /* + * allocate and initialize a new stream + * + * note that we indicate failure if we can't allocate the new + * stream, and some implementations will want to not return + * failure here + */ + status = srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); + if (status) + return status; + + /* add new stream to the head of the stream_list */ + new_stream->next = ctx->stream_list; + ctx->stream_list = new_stream; + + /* set stream (the pointer used in this function) */ + stream = new_stream; + } + + /* + * the message authentication function passed, so add the packet + * index into the replay database + */ + rdbx_add_index(&stream->rtp_rdbx, delta); + + /* decrease the packet length by the length of the auth tag */ + *pkt_octet_len -= tag_len; + + return err_status_ok; +} + +err_status_t +srtp_init() { + err_status_t status; + + /* initialize crypto kernel */ + status = crypto_kernel_init(); + if (status) + return status; + + /* load srtp debug module into the kernel */ + status = crypto_kernel_load_debug_module(&mod_srtp); + if (status) + return status; + + return err_status_ok; +} + +err_status_t +srtp_deinit() { + err_status_t status; + + status = crypto_kernel_shutdown(); + + return status; +} + +/* + * The following code is under consideration for removal. See + * SRTP_MAX_TRAILER_LEN + */ +#if 0 + +/* + * srtp_get_trailer_length(&a) returns the number of octets that will + * be added to an RTP packet by the SRTP processing. This value + * is constant for a given srtp_stream_t (i.e. between initializations). + */ + +int +srtp_get_trailer_length(const srtp_stream_t s) { + return auth_get_tag_length(s->rtp_auth); +} + +#endif + +/* + * srtp_get_stream(ssrc) returns a pointer to the stream corresponding + * to ssrc, or NULL if no stream exists for that ssrc + * + * this is an internal function + */ + +srtp_stream_ctx_t * +srtp_get_stream(srtp_t srtp, uint32_t ssrc) { + srtp_stream_ctx_t *stream; + + /* walk down list until ssrc is found */ + stream = srtp->stream_list; + while (stream != NULL) { + if (stream->ssrc == ssrc) + return stream; + stream = stream->next; + } + + /* we haven't found our ssrc, so return a null */ + return NULL; +} + +err_status_t +srtp_dealloc(srtp_t session) { + srtp_stream_ctx_t *stream; + err_status_t status; + + /* + * we take a conservative deallocation strategy - if we encounter an + * error deallocating a stream, then we stop trying to deallocate + * memory and just return an error + */ + + /* walk list of streams, deallocating as we go */ + stream = session->stream_list; + while (stream != NULL) { + srtp_stream_t next = stream->next; + status = srtp_stream_dealloc(session, stream); + if (status) + return status; + stream = next; + } + + /* deallocate stream template, if there is one */ + if (session->stream_template != NULL) { + status = auth_dealloc(session->stream_template->rtcp_auth); + if (status) + return status; + status = cipher_dealloc(session->stream_template->rtcp_cipher); + if (status) + return status; + crypto_free(session->stream_template->limit); + status = cipher_dealloc(session->stream_template->rtp_cipher); + if (status) + return status; + status = auth_dealloc(session->stream_template->rtp_auth); + if (status) + return status; + crypto_free(session->stream_template); + } + + /* deallocate session context */ + crypto_free(session); + + return err_status_ok; +} + + +err_status_t +srtp_add_stream(srtp_t session, + const srtp_policy_t *policy) { + err_status_t status; + srtp_stream_t tmp; + + /* sanity check arguments */ + if ((session == NULL) || (policy == NULL) || (policy->key == NULL)) + return err_status_bad_param; + + /* allocate stream */ + status = srtp_stream_alloc(&tmp, policy); + if (status) { + return status; + } + + /* initialize stream */ + status = srtp_stream_init(tmp, policy); + if (status) { + crypto_free(tmp); + return status; + } + + /* + * set the head of the stream list or the template to point to the + * stream that we've just alloced and init'ed, depending on whether + * or not it has a wildcard SSRC value or not + * + * if the template stream has already been set, then the policy is + * inconsistent, so we return a bad_param error code + */ + switch (policy->ssrc.type) { + case (ssrc_any_outbound): + if (session->stream_template) { + return err_status_bad_param; + } + session->stream_template = tmp; + session->stream_template->direction = dir_srtp_sender; + break; + case (ssrc_any_inbound): + if (session->stream_template) { + return err_status_bad_param; + } + session->stream_template = tmp; + session->stream_template->direction = dir_srtp_receiver; + break; + case (ssrc_specific): + tmp->next = session->stream_list; + session->stream_list = tmp; + break; + case (ssrc_undefined): + default: + crypto_free(tmp); + return err_status_bad_param; + } + + return err_status_ok; +} + + +err_status_t +srtp_create(srtp_t *session, /* handle for session */ + const srtp_policy_t *policy) { /* SRTP policy (list) */ + err_status_t stat; + srtp_ctx_t *ctx; + + /* sanity check arguments */ + if (session == NULL) + return err_status_bad_param; + + /* allocate srtp context and set ctx_ptr */ + ctx = (srtp_ctx_t *) crypto_alloc(sizeof(srtp_ctx_t)); + if (ctx == NULL) + return err_status_alloc_fail; + *session = ctx; + + /* + * loop over elements in the policy list, allocating and + * initializing a stream for each element + */ + ctx->stream_template = NULL; + ctx->stream_list = NULL; + while (policy != NULL) { + + stat = srtp_add_stream(ctx, policy); + if (stat) { + /* clean up everything */ + srtp_dealloc(*session); + return stat; + } + + /* set policy to next item in list */ + policy = policy->next; + } + + return err_status_ok; +} + + +err_status_t +srtp_remove_stream(srtp_t session, uint32_t ssrc) { + srtp_stream_ctx_t *stream, *last_stream; + err_status_t status; + + /* sanity check arguments */ + if (session == NULL) + return err_status_bad_param; + + /* find stream in list; complain if not found */ + last_stream = stream = session->stream_list; + while ((stream != NULL) && (ssrc != stream->ssrc)) { + last_stream = stream; + stream = stream->next; + } + if (stream == NULL) + return err_status_no_ctx; + + /* remove stream from the list */ + last_stream->next = stream->next; + + /* deallocate the stream */ + status = srtp_stream_dealloc(session, stream); + if (status) + return status; + + return err_status_ok; +} + + +/* + * the default policy - provides a convenient way for callers to use + * the default security policy + * + * this policy is that defined in the current SRTP internet draft. + * + */ + +/* + * NOTE: cipher_key_len is really key len (128 bits) plus salt len + * (112 bits) + */ +/* There are hard-coded 16's for base_key_len in the key generation code */ + +void +crypto_policy_set_rtp_default(crypto_policy_t *p) { + + p->cipher_type = AES_128_ICM; + p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */ + p->auth_type = HMAC_SHA1; + p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ + p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ + p->sec_serv = sec_serv_conf_and_auth; + +} + +void +crypto_policy_set_rtcp_default(crypto_policy_t *p) { + + p->cipher_type = AES_128_ICM; + p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */ + p->auth_type = HMAC_SHA1; + p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ + p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ + p->sec_serv = sec_serv_conf_and_auth; + +} + +void +crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p) { + + /* + * corresponds to draft-ietf-mmusic-sdescriptions-12.txt + * + * note that this crypto policy is intended for SRTP, but not SRTCP + */ + + p->cipher_type = AES_128_ICM; + p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */ + p->auth_type = HMAC_SHA1; + p->auth_key_len = 20; /* 160 bit key */ + p->auth_tag_len = 4; /* 32 bit tag */ + p->sec_serv = sec_serv_conf_and_auth; + +} + + +void +crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p) { + + /* + * corresponds to draft-ietf-mmusic-sdescriptions-12.txt + * + * note that this crypto policy is intended for SRTP, but not SRTCP + */ + + p->cipher_type = AES_128_ICM; + p->cipher_key_len = 30; /* 128 bit key, 112 bit salt */ + p->auth_type = NULL_AUTH; + p->auth_key_len = 0; + p->auth_tag_len = 0; + p->sec_serv = sec_serv_conf; + +} + + +void +crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p) { + + /* + * corresponds to draft-ietf-mmusic-sdescriptions-12.txt + */ + + p->cipher_type = NULL_CIPHER; + p->cipher_key_len = 0; + p->auth_type = HMAC_SHA1; + p->auth_key_len = 20; + p->auth_tag_len = 10; + p->sec_serv = sec_serv_auth; + +} + + +/* + * secure rtcp functions + */ + +err_status_t +srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) { + srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr; + uint32_t *enc_start; /* pointer to start of encrypted portion */ + uint32_t *auth_start; /* pointer to start of auth. portion */ + uint32_t *trailer; /* pointer to start of trailer */ + unsigned enc_octet_len = 0;/* number of octets in encrypted portion */ + uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ + err_status_t status; + int tag_len; + srtp_stream_ctx_t *stream; + int prefix_len; + uint32_t seq_num; + + /* we assume the hdr is 32-bit aligned to start */ + /* + * look up ssrc in srtp_stream list, and process the packet with + * the appropriate stream. if we haven't seen this stream before, + * there's only one key for this srtp_session, and the cipher + * supports key-sharing, then we assume that a new stream using + * that key has just started up + */ + stream = srtp_get_stream(ctx, hdr->ssrc); + if (stream == NULL) { + if (ctx->stream_template != NULL) { + srtp_stream_ctx_t *new_stream; + + /* allocate and initialize a new stream */ + status = srtp_stream_clone(ctx->stream_template, + hdr->ssrc, &new_stream); + if (status) + return status; + + /* add new stream to the head of the stream_list */ + new_stream->next = ctx->stream_list; + ctx->stream_list = new_stream; + + /* set stream (the pointer used in this function) */ + stream = new_stream; + } else { + /* no template stream, so we return an error */ + return err_status_no_ctx; + } + } + + /* + * verify that stream is for sending traffic - this check will + * detect SSRC collisions, since a stream that appears in both + * srtp_protect() and srtp_unprotect() will fail this test in one of + * those functions. + */ + if (stream->direction != dir_srtp_sender) { + if (stream->direction == dir_unknown) { + stream->direction = dir_srtp_sender; + } else { + srtp_handle_event(ctx, stream, event_ssrc_collision); + } + } + + /* get tag length from stream context */ + tag_len = auth_get_tag_length(stream->rtcp_auth); + + /* + * set encryption start and encryption length - if we're not + * providing confidentiality, set enc_start to NULL + */ + enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; + enc_octet_len = *pkt_octet_len - octets_in_rtcp_header; + + /* all of the packet, except the header, gets encrypted */ + /* NOTE: hdr->length is not usable - it refers to only the first + RTCP report in the compound packet! */ + /* NOTE: trailer is 32-bit aligned because RTCP 'packets' are always + multiples of 32-bits (RFC 3550 6.1) */ + trailer = (uint32_t *) ((char *)enc_start + enc_octet_len); + + if (stream->rtcp_services & sec_serv_conf) { + *trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */ + } else { + enc_start = NULL; + enc_octet_len = 0; + /* 0 is network-order independant */ + *trailer = 0x00000000; /* set encrypt bit */ + } + + /* + * set the auth_start and auth_tag pointers to the proper locations + * (note that srtpc *always* provides authentication, unlike srtp) + */ + /* Note: This would need to change for optional mikey data */ + auth_start = (uint32_t *)hdr; + auth_tag = (uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t); + + /* + * check sequence number for overruns, and copy it into the packet + * if its value isn't too big + */ + status = rdb_increment(&stream->rtcp_rdb); + if (status) + return status; + seq_num = rdb_get_value(&stream->rtcp_rdb); + *trailer |= htonl(seq_num); + debug_print(mod_srtp, "srtcp index: %x", seq_num); + + /* + * if we're using rindael counter mode, set nonce and seq + */ + if (stream->rtcp_cipher->type == &aes_icm) { + v128_t iv; + + iv.v32[0] = 0; + iv.v32[1] = hdr->ssrc; /* still in network order! */ + iv.v32[2] = htonl(seq_num >> 16); + iv.v32[3] = htonl(seq_num << 16); + status = aes_icm_set_iv((aes_icm_ctx_t*)stream->rtcp_cipher->state, &iv); + + } else { + v128_t iv; + + /* otherwise, just set the index to seq_num */ + iv.v32[0] = 0; + iv.v32[1] = 0; + iv.v32[2] = 0; + iv.v32[3] = htonl(seq_num); + status = cipher_set_iv(stream->rtcp_cipher, &iv); + } + if (status) + return err_status_cipher_fail; + + /* + * if we're authenticating using a universal hash, put the keystream + * prefix into the authentication tag + */ + + /* if auth_start is non-null, then put keystream into tag */ + if (auth_start) { + + /* put keystream prefix into auth_tag */ + prefix_len = auth_get_prefix_length(stream->rtcp_auth); + status = cipher_output(stream->rtcp_cipher, auth_tag, prefix_len); + + debug_print(mod_srtp, "keystream prefix: %s", + octet_string_hex_string(auth_tag, prefix_len)); + + if (status) + return err_status_cipher_fail; + } + + /* if we're encrypting, exor keystream into the message */ + if (enc_start) { + status = cipher_encrypt(stream->rtcp_cipher, + (uint8_t *)enc_start, &enc_octet_len); + if (status) + return err_status_cipher_fail; + } + + /* initialize auth func context */ + auth_start(stream->rtcp_auth); + + /* + * run auth func over packet (including trailer), and write the + * result at auth_tag + */ + status = auth_compute(stream->rtcp_auth, + (uint8_t *)auth_start, + (*pkt_octet_len) + sizeof(srtcp_trailer_t), + auth_tag); + debug_print(mod_srtp, "srtcp auth tag: %s", + octet_string_hex_string(auth_tag, tag_len)); + if (status) + return err_status_auth_fail; + + /* increase the packet length by the length of the auth tag and seq_num*/ + *pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t)); + + return err_status_ok; +} + + +err_status_t +srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { + srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr; + uint32_t *enc_start; /* pointer to start of encrypted portion */ + uint32_t *auth_start; /* pointer to start of auth. portion */ + uint32_t *trailer; /* pointer to start of trailer */ + unsigned enc_octet_len = 0;/* number of octets in encrypted portion */ + uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ + uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; + err_status_t status; + int tag_len; + srtp_stream_ctx_t *stream; + int prefix_len; + uint32_t seq_num; + + /* we assume the hdr is 32-bit aligned to start */ + /* + * look up ssrc in srtp_stream list, and process the packet with + * the appropriate stream. if we haven't seen this stream before, + * there's only one key for this srtp_session, and the cipher + * supports key-sharing, then we assume that a new stream using + * that key has just started up + */ + stream = srtp_get_stream(ctx, hdr->ssrc); + if (stream == NULL) { + if (ctx->stream_template != NULL) { + stream = ctx->stream_template; + debug_print(mod_srtp, "srtcp using provisional stream (SSRC: 0x%08x)", + hdr->ssrc); + } else { + /* no template stream, so we return an error */ + return err_status_no_ctx; + } + } + + /* get tag length from stream context */ + tag_len = auth_get_tag_length(stream->rtcp_auth); + + /* + * set encryption start, encryption length, and trailer + */ + enc_octet_len = *pkt_octet_len - + (octets_in_rtcp_header + tag_len + sizeof(srtcp_trailer_t)); + /* index & E (encryption) bit follow normal data. hdr->len + is the number of words (32-bit) in the normal packet minus 1 */ + /* This should point trailer to the word past the end of the + normal data. */ + /* This would need to be modified for optional mikey data */ + /* + * NOTE: trailer is 32-bit aligned because RTCP 'packets' are always + * multiples of 32-bits (RFC 3550 6.1) + */ + trailer = (uint32_t *) ((char *) hdr + + *pkt_octet_len -(tag_len + sizeof(srtcp_trailer_t))); + if (*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) { + enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; + } else { + enc_octet_len = 0; + enc_start = NULL; /* this indicates that there's no encryption */ + } + + /* + * set the auth_start and auth_tag pointers to the proper locations + * (note that srtcp *always* uses authentication, unlike srtp) + */ + auth_start = (uint32_t *)hdr; + auth_tag = (uint8_t *)hdr + *pkt_octet_len - tag_len; + + /* + * check the sequence number for replays + */ + /* this is easier than dealing with bitfield access */ + seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; + debug_print(mod_srtp, "srtcp index: %x", seq_num); + status = rdb_check(&stream->rtcp_rdb, seq_num); + if (status) + return status; + + /* + * if we're using aes counter mode, set nonce and seq + */ + if (stream->rtcp_cipher->type == &aes_icm) { + v128_t iv; + + iv.v32[0] = 0; + iv.v32[1] = hdr->ssrc; /* still in network order! */ + iv.v32[2] = htonl(seq_num >> 16); + iv.v32[3] = htonl(seq_num << 16); + status = aes_icm_set_iv((aes_icm_ctx_t*)stream->rtcp_cipher->state, &iv); + + } else { + v128_t iv; + + /* otherwise, just set the index to seq_num */ + iv.v32[0] = 0; + iv.v32[1] = 0; + iv.v32[2] = 0; + iv.v32[3] = htonl(seq_num); + status = cipher_set_iv(stream->rtcp_cipher, &iv); + + } + if (status) + return err_status_cipher_fail; + + /* initialize auth func context */ + auth_start(stream->rtcp_auth); + + /* run auth func over packet, put result into tmp_tag */ + status = auth_compute(stream->rtcp_auth, (uint8_t *)auth_start, + *pkt_octet_len - tag_len, + tmp_tag); + debug_print(mod_srtp, "srtcp computed tag: %s", + octet_string_hex_string(tmp_tag, tag_len)); + if (status) + return err_status_auth_fail; + + /* compare the tag just computed with the one in the packet */ + debug_print(mod_srtp, "srtcp tag from packet: %s", + octet_string_hex_string(auth_tag, tag_len)); + if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) + return err_status_auth_fail; + + /* + * if we're authenticating using a universal hash, put the keystream + * prefix into the authentication tag + */ + prefix_len = auth_get_prefix_length(stream->rtcp_auth); + if (prefix_len) { + status = cipher_output(stream->rtcp_cipher, auth_tag, prefix_len); + debug_print(mod_srtp, "keystream prefix: %s", + octet_string_hex_string(auth_tag, prefix_len)); + if (status) + return err_status_cipher_fail; + } + + /* if we're decrypting, exor keystream into the message */ + if (enc_start) { + status = cipher_encrypt(stream->rtcp_cipher, + (uint8_t *)enc_start, &enc_octet_len); + if (status) + return err_status_cipher_fail; + } + + /* decrease the packet length by the length of the auth tag and seq_num*/ + *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t)); + + /* + * verify that stream is for received traffic - this check will + * detect SSRC collisions, since a stream that appears in both + * srtp_protect() and srtp_unprotect() will fail this test in one of + * those functions. + * + * we do this check *after* the authentication check, so that the + * latter check will catch any attempts to fool us into thinking + * that we've got a collision + */ + if (stream->direction != dir_srtp_receiver) { + if (stream->direction == dir_unknown) { + stream->direction = dir_srtp_receiver; + } else { + srtp_handle_event(ctx, stream, event_ssrc_collision); + } + } + + /* + * if the stream is a 'provisional' one, in which the template context + * is used, then we need to allocate a new stream at this point, since + * the authentication passed + */ + if (stream == ctx->stream_template) { + srtp_stream_ctx_t *new_stream; + + /* + * allocate and initialize a new stream + * + * note that we indicate failure if we can't allocate the new + * stream, and some implementations will want to not return + * failure here + */ + status = srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); + if (status) + return status; + + /* add new stream to the head of the stream_list */ + new_stream->next = ctx->stream_list; + ctx->stream_list = new_stream; + + /* set stream (the pointer used in this function) */ + stream = new_stream; + } + + /* we've passed the authentication check, so add seq_num to the rdb */ + rdb_add_index(&stream->rtcp_rdb, seq_num); + + + return err_status_ok; +} + + + +/* + * dtls keying for srtp + */ + +err_status_t +crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy, + srtp_profile_t profile) { + + /* set SRTP policy from the SRTP profile in the key set */ + switch(profile) { + case srtp_profile_aes128_cm_sha1_80: + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_aes128_cm_sha1_32: + crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); + break; + case srtp_profile_null_sha1_80: + crypto_policy_set_null_cipher_hmac_sha1_80(policy); + break; + /* the following profiles are not (yet) supported */ + case srtp_profile_null_sha1_32: + case srtp_profile_aes256_cm_sha1_80: + case srtp_profile_aes256_cm_sha1_32: + default: + return err_status_bad_param; + } + + return err_status_ok; +} + +err_status_t +crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy, + srtp_profile_t profile) { + + /* set SRTP policy from the SRTP profile in the key set */ + switch(profile) { + case srtp_profile_aes128_cm_sha1_80: + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_aes128_cm_sha1_32: + crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); + break; + case srtp_profile_null_sha1_80: + crypto_policy_set_null_cipher_hmac_sha1_80(policy); + break; + /* the following profiles are not (yet) supported */ + case srtp_profile_null_sha1_32: + case srtp_profile_aes256_cm_sha1_80: + case srtp_profile_aes256_cm_sha1_32: + default: + return err_status_bad_param; + } + + return err_status_ok; +} + +void +append_salt_to_key(uint8_t *key, unsigned int bytes_in_key, + uint8_t *salt, unsigned int bytes_in_salt) { + + memcpy(key + bytes_in_key, salt, bytes_in_salt); + +} + +unsigned int +srtp_profile_get_master_key_length(srtp_profile_t profile) { + + switch(profile) { + case srtp_profile_aes128_cm_sha1_80: + return 16; + break; + case srtp_profile_aes128_cm_sha1_32: + return 16; + break; + case srtp_profile_null_sha1_80: + return 16; + break; + /* the following profiles are not (yet) supported */ + case srtp_profile_null_sha1_32: + case srtp_profile_aes256_cm_sha1_80: + case srtp_profile_aes256_cm_sha1_32: + default: + return 0; /* indicate error by returning a zero */ + } +} + +unsigned int +srtp_profile_get_master_salt_length(srtp_profile_t profile) { + + switch(profile) { + case srtp_profile_aes128_cm_sha1_80: + return 14; + break; + case srtp_profile_aes128_cm_sha1_32: + return 14; + break; + case srtp_profile_null_sha1_80: + return 14; + break; + /* the following profiles are not (yet) supported */ + case srtp_profile_null_sha1_32: + case srtp_profile_aes256_cm_sha1_80: + case srtp_profile_aes256_cm_sha1_32: + default: + return 0; /* indicate error by returning a zero */ + } +} diff --git a/third_party/srtp/srtp7.sln b/third_party/srtp/srtp7.sln new file mode 100644 index 0000000..5afac6b --- /dev/null +++ b/third_party/srtp/srtp7.sln @@ -0,0 +1,21 @@ +Microsoft Visual Studio Solution File, Format Version 8.00
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libSRTP", "srtp7.vcproj", "{7E1E1308-F82E-4DD3-B25C-CD12756A1DD9}"
+ ProjectSection(ProjectDependencies) = postProject
+ EndProjectSection
+EndProject
+Global
+ GlobalSection(SolutionConfiguration) = preSolution
+ Debug = Debug
+ Release = Release
+ EndGlobalSection
+ GlobalSection(ProjectConfiguration) = postSolution
+ {7E1E1308-F82E-4DD3-B25C-CD12756A1DD9}.Debug.ActiveCfg = Debug|Win32
+ {7E1E1308-F82E-4DD3-B25C-CD12756A1DD9}.Debug.Build.0 = Debug|Win32
+ {7E1E1308-F82E-4DD3-B25C-CD12756A1DD9}.Release.ActiveCfg = Release|Win32
+ {7E1E1308-F82E-4DD3-B25C-CD12756A1DD9}.Release.Build.0 = Release|Win32
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ EndGlobalSection
+ GlobalSection(ExtensibilityAddIns) = postSolution
+ EndGlobalSection
+EndGlobal
diff --git a/third_party/srtp/srtp7.vcproj b/third_party/srtp/srtp7.vcproj new file mode 100644 index 0000000..5ca0a69 --- /dev/null +++ b/third_party/srtp/srtp7.vcproj @@ -0,0 +1,298 @@ +<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+ ProjectType="Visual C++"
+ Version="7.10"
+ Name="libSRTP"
+ ProjectGUID="{7E1E1308-F82E-4DD3-B25C-CD12756A1DD9}"
+ Keyword="Win32Proj">
+ <Platforms>
+ <Platform
+ Name="Win32"/>
+ </Platforms>
+ <Configurations>
+ <Configuration
+ Name="Debug|Win32"
+ OutputDirectory="Debug"
+ IntermediateDirectory="Debug"
+ ConfigurationType="1"
+ CharacterSet="2">
+ <Tool
+ Name="VCCLCompilerTool"
+ Optimization="0"
+ InlineFunctionExpansion="0"
+ AdditionalIncludeDirectories="C:\dev\foo\srtp;"$(SolutionDir)";.\include;.\crypto\include;"..\..\OpenSSL\openssl-0.9.7i\inc32";"C:Library\OpenSSL\openssl-0.9.8\inc32""
+ PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE;DEBUG"
+ ExceptionHandling="FALSE"
+ BasicRuntimeChecks="0"
+ RuntimeLibrary="1"
+ UsePrecompiledHeader="0"
+ WarningLevel="3"
+ Detect64BitPortabilityProblems="TRUE"
+ DebugInformationFormat="4"
+ CompileAs="1"/>
+ <Tool
+ Name="VCCustomBuildTool"/>
+ <Tool
+ Name="VCLinkerTool"
+ AdditionalDependencies="Ws2_32.lib libeay32.lib ssleay32.lib"
+ AdditionalLibraryDirectories=""Library\OpenSSL\openssl-0.9.8\libs""
+ GenerateDebugInformation="TRUE"/>
+ <Tool
+ Name="VCMIDLTool"/>
+ <Tool
+ Name="VCPostBuildEventTool"/>
+ <Tool
+ Name="VCPreBuildEventTool"/>
+ <Tool
+ Name="VCPreLinkEventTool"/>
+ <Tool
+ Name="VCResourceCompilerTool"/>
+ <Tool
+ Name="VCWebServiceProxyGeneratorTool"/>
+ <Tool
+ Name="VCXMLDataGeneratorTool"/>
+ <Tool
+ Name="VCWebDeploymentTool"/>
+ <Tool
+ Name="VCManagedWrapperGeneratorTool"/>
+ <Tool
+ Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+ </Configuration>
+ <Configuration
+ Name="Release|Win32"
+ OutputDirectory="Release"
+ IntermediateDirectory="Release"
+ ConfigurationType="4"
+ CharacterSet="2">
+ <Tool
+ Name="VCCLCompilerTool"
+ AdditionalIncludeDirectories="".\include";".\crypto\include";"..\..\OpenSSL\openssl-0.9.7i\inc32""
+ PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
+ BasicRuntimeChecks="0"
+ RuntimeLibrary="0"
+ UsePrecompiledHeader="0"
+ ObjectFile="$(IntDir)/"
+ WarningLevel="3"
+ Detect64BitPortabilityProblems="TRUE"
+ DebugInformationFormat="3"/>
+ <Tool
+ Name="VCCustomBuildTool"/>
+ <Tool
+ Name="VCLibrarianTool"/>
+ <Tool
+ Name="VCMIDLTool"/>
+ <Tool
+ Name="VCPostBuildEventTool"/>
+ <Tool
+ Name="VCPreBuildEventTool"/>
+ <Tool
+ Name="VCPreLinkEventTool"/>
+ <Tool
+ Name="VCResourceCompilerTool"/>
+ <Tool
+ Name="VCWebServiceProxyGeneratorTool"/>
+ <Tool
+ Name="VCXMLDataGeneratorTool"/>
+ <Tool
+ Name="VCManagedWrapperGeneratorTool"/>
+ <Tool
+ Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+ </Configuration>
+ </Configurations>
+ <References>
+ </References>
+ <Files>
+ <Filter
+ Name="Source Files"
+ Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
+ UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+ <File
+ RelativePath=".\test\getopt.c">
+ </File>
+ <File
+ RelativePath=".\srtp\srtp.c">
+ </File>
+ <File
+ RelativePath=".\test\srtp_driver.c">
+ </File>
+ <Filter
+ Name="Kernel">
+ <File
+ RelativePath=".\crypto\kernel\alloc.c">
+ </File>
+ <File
+ RelativePath=".\crypto\kernel\crypto_kernel.c">
+ </File>
+ <File
+ RelativePath=".\crypto\rng\ctr_prng.c">
+ </File>
+ <File
+ RelativePath=".\crypto\kernel\err.c">
+ </File>
+ <File
+ RelativePath=".\crypto\kernel\key.c">
+ </File>
+ <File
+ RelativePath=".\crypto\rng\prng.c">
+ </File>
+ <File
+ RelativePath=".\crypto\rng\rand_source.c">
+ </File>
+ </Filter>
+ <Filter
+ Name="Ciphers">
+ <File
+ RelativePath=".\crypto\cipher\aes.c">
+ </File>
+ <File
+ RelativePath=".\crypto\cipher\aes_cbc.c">
+ </File>
+ <File
+ RelativePath=".\crypto\cipher\aes_icm.c">
+ </File>
+ <File
+ RelativePath=".\crypto\cipher\cipher.c">
+ </File>
+ <File
+ RelativePath=".\crypto\cipher\null_cipher.c">
+ </File>
+ </Filter>
+ <Filter
+ Name="Hashes">
+ <File
+ RelativePath=".\crypto\hash\auth.c">
+ </File>
+ <File
+ RelativePath=".\crypto\hash\hmac.c">
+ </File>
+ <File
+ RelativePath=".\crypto\hash\null_auth.c">
+ </File>
+ <File
+ RelativePath=".\crypto\hash\sha1.c">
+ </File>
+ </Filter>
+ <Filter
+ Name="Replay">
+ <File
+ RelativePath=".\crypto\replay\rdb.c">
+ </File>
+ <File
+ RelativePath=".\crypto\replay\rdbx.c">
+ </File>
+ <File
+ RelativePath=".\crypto\replay\ut_sim.c">
+ </File>
+ </Filter>
+ <Filter
+ Name="Math">
+ <File
+ RelativePath=".\crypto\math\datatypes.c">
+ </File>
+ <File
+ RelativePath=".\crypto\math\stat.c">
+ </File>
+ </Filter>
+ </Filter>
+ <Filter
+ Name="Header Files"
+ Filter="h;hpp;hxx;hm;inl;inc;xsd"
+ UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+ <File
+ RelativePath=".\crypto\include\aes.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\aes_cbc.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\aes_icm.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\alloc.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\auth.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\cipher.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\config.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\crypto.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\crypto_kernel.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\crypto_math.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\crypto_types.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\cryptoalg.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\datatypes.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\err.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\gf2_8.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\hmac.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\integers.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\kernel_compat.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\key.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\null_auth.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\null_cipher.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\prng.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\rand_source.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\rdb.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\rdbx.h">
+ </File>
+ <File
+ RelativePath=".\include\rtp.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\sha1.h">
+ </File>
+ <File
+ RelativePath=".\include\srtp.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\stat.h">
+ </File>
+ <File
+ RelativePath=".\include\ut_sim.h">
+ </File>
+ <File
+ RelativePath=".\crypto\include\xfm.h">
+ </File>
+ </Filter>
+ </Files>
+ <Globals>
+ </Globals>
+</VisualStudioProject>
diff --git a/third_party/srtp/tables/aes_tables.c b/third_party/srtp/tables/aes_tables.c new file mode 100644 index 0000000..b2bc1d7 --- /dev/null +++ b/third_party/srtp/tables/aes_tables.c @@ -0,0 +1,346 @@ +/* + * aes_tables.c + * + * generate tables for the AES cipher + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include <stdio.h> +#include "gf2_8.h" +#include "crypto_math.h" + + +unsigned char aes_sbox[256]; + +unsigned char aes_inv_sbox[256]; + +uint32_t T0[256], T1[256], T2[256], T3[256], T4[256]; + + +#define AES_INVERSE_TEST 0 /* set to 1 to test forward/backwards aes */ + +/* functions for precomputing AES values */ + +/* + * A[] is the 8 x 8 binary matrix (represented as an array of columns, + * where each column is an octet) which defines the affine + * transformation used in the AES substitution table (Section + * 4.2.1 of the spec). + */ + +uint8_t A[8] = { 31, 62, 124, 248, 241, 227, 199, 143 }; + +/* + * b is the 8 bit vector (represented as an octet) used in the affine + * transform described above. + */ + +uint8_t b = 99; + + +void +aes_init_sbox(void) { + unsigned int i; + uint8_t x; + + for (i=0; i < 256; i++) { + x = gf2_8_compute_inverse((gf2_8)i); + x = A_times_x_plus_b(A, x, b); + aes_sbox[i] = x; + aes_inv_sbox[x] = i; + } +} + +void +aes_compute_tables(void) { + int i; + uint32_t x1, x2, x3; + v32_t tmp; + + /* initialize substitution table */ + aes_init_sbox(); + + /* combine sbox with linear operations to form 8-bit to 32-bit tables */ + for (i=0; i < 256; i++) { + x1 = aes_sbox[i]; + x2 = gf2_8_shift(x1); + x3 = x2 ^ x1; + + tmp.v8[0] = x2; + tmp.v8[1] = x1; + tmp.v8[2] = x1; + tmp.v8[3] = x3; + T0[i] = tmp.value; + + tmp.v8[0] = x3; + tmp.v8[1] = x2; + tmp.v8[2] = x1; + tmp.v8[3] = x1; + T1[i] = tmp.value; + + tmp.v8[0] = x1; + tmp.v8[1] = x3; + tmp.v8[2] = x2; + tmp.v8[3] = x1; + T2[i] = tmp.value; + + tmp.v8[0] = x1; + tmp.v8[1] = x1; + tmp.v8[2] = x3; + tmp.v8[3] = x2; + T3[i] = tmp.value; + + } +} + + +/* + * the tables U0, U1, U2, U3 implement the aes operations invSubBytes, + * invMixColumns, and invShiftRows + */ + +uint32_t U0[256], U1[256], U2[256], U3[256], U4[256]; + +extern uint8_t aes_inv_sbox[256]; + +void +aes_compute_inv_tables(void) { + int i; + uint8_t x, xe, x9, xd, xb; + v32_t tmp; + + /* combine sbox with linear operations to form 8-bit to 32-bit tables */ + for (i=0; i < 256; i++) { + x = aes_inv_sbox[i]; + + xe = gf2_8_multiply(0x0e, x); + x9 = gf2_8_multiply(0x09, x); + xd = gf2_8_multiply(0x0d, x); + xb = gf2_8_multiply(0x0b, x); + + tmp.v8[0] = xe; + tmp.v8[1] = x9; + tmp.v8[2] = xd; + tmp.v8[3] = xb; + U0[i] = tmp.value; + + tmp.v8[0] = xb; + tmp.v8[1] = xe; + tmp.v8[2] = x9; + tmp.v8[3] = xd; + U1[i] = tmp.value; + + tmp.v8[0] = xd; + tmp.v8[1] = xb; + tmp.v8[2] = xe; + tmp.v8[3] = x9; + U2[i] = tmp.value; + + tmp.v8[0] = x9; + tmp.v8[1] = xd; + tmp.v8[2] = xb; + tmp.v8[3] = xe; + U3[i] = tmp.value; + + tmp.v8[0] = tmp.v8[1] = tmp.v8[2] = tmp.v8[3] = x; + U4[i] = tmp.value; + } +} + + +/* + * aes_test_inverse() returns err_status_ok if aes + * encryption and decryption are true inverses of each other, and + * returns err_status_algo_fail otherwise + */ + +#include "err.h" + +err_status_t +aes_test_inverse(void); + +#define TABLES_32BIT 1 + +int +main(void) { + int i; + + aes_init_sbox(); + aes_compute_inv_tables(); + +#if TABLES_32BIT + printf("uint32_t U0 = {"); + for (i=0; i < 256; i++) { + if ((i % 4) == 0) + printf("\n"); + printf("0x%0x, ", U0[i]); + } + printf("\n}\n"); + + printf("uint32_t U1 = {"); + for (i=0; i < 256; i++) { + if ((i % 4) == 0) + printf("\n"); + printf("0x%x, ", U1[i]); + } + printf("\n}\n"); + + printf("uint32_t U2 = {"); + for (i=0; i < 256; i++) { + if ((i % 4) == 0) + printf("\n"); + printf("0x%x, ", U2[i]); + } + printf("\n}\n"); + + printf("uint32_t U3 = {"); + for (i=0; i < 256; i++) { + if ((i % 4) == 0) + printf("\n"); + printf("0x%x, ", U3[i]); + } + printf("\n}\n"); + + printf("uint32_t U4 = {"); + for (i=0; i < 256; i++) { + if ((i % 4) == 0) + printf("\n"); + printf("0x%x, ", U4[i]); + } + printf("\n}\n"); + +#else + + printf("uint32_t U0 = {"); + for (i=0; i < 256; i++) { + if ((i % 4) == 0) + printf("\n"); + printf("0x%lx, ", U0[i]); + } + printf("\n}\n"); + + printf("uint32_t U1 = {"); + for (i=0; i < 256; i++) { + if ((i % 4) == 0) + printf("\n"); + printf("0x%lx, ", U1[i]); + } + printf("\n}\n"); + + printf("uint32_t U2 = {"); + for (i=0; i < 256; i++) { + if ((i % 4) == 0) + printf("\n"); + printf("0x%lx, ", U2[i]); + } + printf("\n}\n"); + + printf("uint32_t U3 = {"); + for (i=0; i < 256; i++) { + if ((i % 4) == 0) + printf("\n"); + printf("0x%lx, ", U3[i]); + } + printf("\n}\n"); + + printf("uint32_t U4 = {"); + for (i=0; i < 256; i++) { + if ((i % 4) == 0) + printf("\n"); + printf("0x%lx, ", U4[i]); + } + printf("\n}\n"); + + +#endif /* TABLES_32BIT */ + + +#if AES_INVERSE_TEST + /* + * test that aes_encrypt and aes_decrypt are actually + * inverses of each other + */ + + printf("aes inverse test: "); + if (aes_test_inverse() == err_status_ok) + printf("passed\n"); + else { + printf("failed\n"); + exit(1); + } +#endif + + return 0; +} + +#if AES_INVERSE_TEST + +err_status_t +aes_test_inverse(void) { + v128_t x, y; + aes_expanded_key_t expanded_key, decrypt_key; + uint8_t plaintext[16] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff + }; + uint8_t key[16] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + }; + v128_t k; + v128_set_to_zero(&x); + + v128_copy_octet_string(&k, key); + v128_copy_octet_string(&x, plaintext); + aes_expand_encryption_key(k, expanded_key); + aes_expand_decryption_key(k, decrypt_key); + aes_encrypt(&x, expanded_key); + aes_decrypt(&x, decrypt_key); + + /* compare to expected value then report */ + v128_copy_octet_string(&y, plaintext); + + if (v128_is_eq(&x, &y)) + return err_status_ok; + return err_status_algo_fail; + +} + +#endif diff --git a/third_party/srtp/test/dtls_srtp_driver.c b/third_party/srtp/test/dtls_srtp_driver.c new file mode 100644 index 0000000..a8eddc0 --- /dev/null +++ b/third_party/srtp/test/dtls_srtp_driver.c @@ -0,0 +1,245 @@ +/* + * dtls_srtp_driver.c + * + * test driver for DTLS-SRTP functions + * + * David McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include <stdio.h> /* for printf() */ +#include "getopt_s.h" /* for local getopt() */ +#include "srtp_priv.h" + +err_status_t +test_dtls_srtp(); + +srtp_hdr_t * +srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc); + +void +usage(char *prog_name) { + printf("usage: %s [ -t ][ -c ][ -v ][-d <debug_module> ]* [ -l ]\n" + " -d <mod> turn on debugging module <mod>\n" + " -l list debugging modules\n", prog_name); + exit(1); +} + +int +main(int argc, char *argv[]) { + unsigned do_list_mods = 0; + char q; + err_status_t err; + + printf("dtls_srtp_driver\n"); + + /* initialize srtp library */ + err = srtp_init(); + if (err) { + printf("error: srtp init failed with error code %d\n", err); + exit(1); + } + + /* process input arguments */ + while (1) { + q = getopt_s(argc, argv, "ld:"); + if (q == -1) + break; + switch (q) { + case 'l': + do_list_mods = 1; + break; + case 'd': + err = crypto_kernel_set_debug_module(optarg_s, 1); + if (err) { + printf("error: set debug module (%s) failed\n", optarg_s); + exit(1); + } + break; + default: + usage(argv[0]); + } + } + + if (do_list_mods) { + err = crypto_kernel_list_debug_modules(); + if (err) { + printf("error: list of debug modules failed\n"); + exit(1); + } + } + + printf("testing dtls_srtp..."); + err = test_dtls_srtp(); + if (err) { + printf("\nerror (code %d)\n", err); + exit(1); + } + printf("passed\n"); + + return 0; +} + + +err_status_t +test_dtls_srtp() { + srtp_hdr_t *test_packet; + int test_packet_len = 80; + srtp_t s; + srtp_policy_t policy; + uint8_t key[SRTP_MAX_KEY_LEN]; + uint8_t salt[SRTP_MAX_KEY_LEN]; + unsigned int key_len, salt_len; + srtp_profile_t profile; + err_status_t err; + + /* create a 'null' SRTP session */ + err = srtp_create(&s, NULL); + if (err) + return err; + + /* + * verify that packet-processing functions behave properly - we + * expect that these functions will return err_status_no_ctx + */ + test_packet = srtp_create_test_packet(80, 0xa5a5a5a5); + if (test_packet == NULL) + return err_status_alloc_fail; + err = srtp_protect(s, test_packet, &test_packet_len); + if (err != err_status_no_ctx) { + printf("wrong return value from srtp_protect() (got code %d)\n", + err); + return err_status_fail; + } + err = srtp_unprotect(s, test_packet, &test_packet_len); + if (err != err_status_no_ctx) { + printf("wrong return value from srtp_unprotect() (got code %d)\n", + err); + return err_status_fail; + } + err = srtp_protect_rtcp(s, test_packet, &test_packet_len); + if (err != err_status_no_ctx) { + printf("wrong return value from srtp_protect_rtcp() (got code %d)\n", + err); + return err_status_fail; + } + err = srtp_unprotect_rtcp(s, test_packet, &test_packet_len); + if (err != err_status_no_ctx) { + printf("wrong return value from srtp_unprotect_rtcp() (got code %d)\n", + err); + return err_status_fail; + } + + + /* + * set keys to known values for testing + */ + profile = srtp_profile_aes128_cm_sha1_80; + key_len = srtp_profile_get_master_key_length(profile); + salt_len = srtp_profile_get_master_salt_length(profile); + memset(key, 0xff, key_len); + memset(salt, 0xee, salt_len); + append_salt_to_key(key, key_len, salt, salt_len); + policy.key = key; + + /* initialize SRTP policy from profile */ + err = crypto_policy_set_from_profile_for_rtp(&policy.rtp, profile); + if (err) return err; + err = crypto_policy_set_from_profile_for_rtcp(&policy.rtcp, profile); + if (err) return err; + policy.ssrc.type = ssrc_any_inbound; + policy.next = NULL; + + err = srtp_add_stream(s, &policy); + if (err) + return err; + + return err_status_ok; +} + + + +/* + * srtp_create_test_packet(len, ssrc) returns a pointer to a + * (malloced) example RTP packet whose data field has the length given + * by pkt_octet_len and the SSRC value ssrc. The total length of the + * packet is twelve octets longer, since the header is at the + * beginning. There is room at the end of the packet for a trailer, + * and the four octets following the packet are filled with 0xff + * values to enable testing for overwrites. + * + * note that the location of the test packet can (and should) be + * deallocated with the free() call once it is no longer needed. + */ + +srtp_hdr_t * +srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc) { + int i; + uint8_t *buffer; + srtp_hdr_t *hdr; + int bytes_in_hdr = 12; + + /* allocate memory for test packet */ + hdr = malloc(pkt_octet_len + bytes_in_hdr + + SRTP_MAX_TRAILER_LEN + 4); + if (!hdr) + return NULL; + + hdr->version = 2; /* RTP version two */ + hdr->p = 0; /* no padding needed */ + hdr->x = 0; /* no header extension */ + hdr->cc = 0; /* no CSRCs */ + hdr->m = 0; /* marker bit */ + hdr->pt = 0xf; /* payload type */ + hdr->seq = htons(0x1234); /* sequence number */ + hdr->ts = htonl(0xdecafbad); /* timestamp */ + hdr->ssrc = htonl(ssrc); /* synch. source */ + + buffer = (uint8_t *)hdr; + buffer += bytes_in_hdr; + + /* set RTP data to 0xab */ + for (i=0; i < pkt_octet_len; i++) + *buffer++ = 0xab; + + /* set post-data value to 0xffff to enable overrun checking */ + for (i=0; i < SRTP_MAX_TRAILER_LEN+4; i++) + *buffer++ = 0xff; + + return hdr; +} diff --git a/third_party/srtp/test/getopt_s.c b/third_party/srtp/test/getopt_s.c new file mode 100644 index 0000000..243ad6e --- /dev/null +++ b/third_party/srtp/test/getopt_s.c @@ -0,0 +1,112 @@ +/* + * getopt.c + * + * a minimal implementation of the getopt() function, written so that + * test applications that use that function can run on non-POSIX + * platforms + * + */ +/* + * + * Copyright (c) 2001-2006 Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include <stdlib.h> /* for NULL */ + +int optind_s = 0; + +char *optarg_s; + +#define GETOPT_FOUND_WITHOUT_ARGUMENT 2 +#define GETOPT_FOUND_WITH_ARGUMENT 1 +#define GETOPT_NOT_FOUND 0 + +static int +getopt_check_character(char c, const char *string) { + unsigned int max_string_len = 128; + + while (*string != 0) { + if (max_string_len == 0) { + return '?'; + } + if (*string++ == c) { + if (*string == ':') { + return GETOPT_FOUND_WITH_ARGUMENT; + } else { + return GETOPT_FOUND_WITHOUT_ARGUMENT; + } + } + } + return GETOPT_NOT_FOUND; +} + +int +getopt_s(int argc, + char * const argv[], + const char *optstring) { + + + while (optind_s + 1 < argc) { + char *string; + + /* move 'string' on to next argument */ + optind_s++; + string = argv[optind_s]; + + if (string == NULL) + return '?'; /* NULL argument string */ + + if (string[0] != '-') + return -1; /* found an unexpected character */ + + switch(getopt_check_character(string[1], optstring)) { + case GETOPT_FOUND_WITH_ARGUMENT: + if (optind_s + 1 < argc) { + optind_s++; + optarg_s = argv[optind_s]; + return string[1]; + } else { + return '?'; /* argument missing */ + } + case GETOPT_FOUND_WITHOUT_ARGUMENT: + return string[1]; + case GETOPT_NOT_FOUND: + default: + return '?'; /* didn't find expected character */ + break; + } + } + + return -1; +} diff --git a/third_party/srtp/test/lfsr.c b/third_party/srtp/test/lfsr.c new file mode 100644 index 0000000..28ea02e --- /dev/null +++ b/third_party/srtp/test/lfsr.c @@ -0,0 +1,310 @@ +/* + * lfsr.c + * + */ + + +#include <stdio.h> +#include "datatypes.h" + +uint32_t +parity(uint32_t x) { + + x ^= (x >> 16); + x ^= (x >> 8); + x ^= (x >> 4); + x ^= (x >> 2); + x ^= (x >> 1); + + return x & 1; +} + + +/* typedef struct { */ +/* uint32_t register[8]; */ +/* } lfsr_t; */ + +void +compute_period(uint32_t feedback_polynomial) { + int i; + v32_t lfsr; + v32_t mask; + + mask.value = feedback_polynomial; + lfsr.value = 1; + + printf("polynomial: %s\t", v32_bit_string(mask)); + + for (i=0; i < 256; i++) { +/* printf("%s\n", v32_bit_string(lfsr)); */ + if (parity(mask.value & lfsr.value)) + lfsr.value = ((lfsr.value << 1) | 1) & 0xff; + else + lfsr.value = (lfsr.value << 1) & 0xff; + + /* now halt if we're back at the initial state */ + if (lfsr.value == 1) { + printf("period: %d\n", i); + break; + } + } +} + +uint32_t poly0 = 223; + + +uint32_t polynomials[39] = { +31, +47, +55, +59, +61, +79, +87, +91, +103, +107, +109, +115, +117, +121, +143, +151, +157, +167, +171, +173, +179, +181, +185, +199, +203, +205, +211, +213, +227, +229, +233, +241, +127, +191, +223, +239, +247, +251, +253 +}; + +char binary_string[32]; + +char * +u32_bit_string(uint32_t x, unsigned int length) { + unsigned int mask; + int index; + + mask = 1 << length; + index = 0; + for (; mask > 0; mask >>= 1) + if ((x & mask) == 0) + binary_string[index++] = '0'; + else + binary_string[index++] = '1'; + + binary_string[index++] = 0; /* NULL terminate string */ + return binary_string; +} + +extern int octet_weight[256]; + +unsigned int +weight(uint32_t poly) { + int wt = 0; + + /* note: endian-ness makes no difference */ + wt += octet_weight[poly & 0xff]; + wt += octet_weight[(poly >> 8) & 0xff]; + wt += octet_weight[(poly >> 16) & 0xff]; + wt += octet_weight[(poly >> 24)]; + + return wt; +} + +#define MAX_PERIOD 65535 + +#define debug_print 0 + +int +period(uint32_t poly) { + int i; + uint32_t x; + + + /* set lfsr to 1 */ + x = 1; +#if debug_print + printf("%d:\t%s\n", 0, u32_bit_string(x,8)); +#endif + for (i=1; i < MAX_PERIOD; i++) { + if (x & 1) + x = (x >> 1) ^ poly; + else + x = (x >> 1); + +#if debug_print + /* print for a sanity check */ + printf("%d:\t%s\n", i, u32_bit_string(x,8)); +#endif + + /* check for return to original value */ + if (x == 1) + return i; + } + return i; +} + +/* + * weight distribution computes the weight distribution of the + * code generated by the polynomial poly + */ + +#define MAX_LEN 8 +#define MAX_WEIGHT (1 << MAX_LEN) + +int A[MAX_WEIGHT+1]; + +void +weight_distribution2(uint32_t poly, int *A) { + int i; + uint32_t x; + + /* zeroize array */ + for (i=0; i < MAX_WEIGHT+1; i++) + A[i] = 0; + + /* loop over all input sequences */ + + + /* set lfsr to 1 */ + x = 1; +#if debug_print + printf("%d:\t%s\n", 0, u32_bit_string(x,8)); +#endif + for (i=1; i < MAX_PERIOD; i++) { + if (x & 1) + x = (x >> 1) ^ poly; + else + x = (x >> 1); + +#if debug_print + /* print for a sanity check */ + printf("%d:\t%s\n", i, u32_bit_string(x,8)); +#endif + + /* increment weight */ + wt += (x & 1); + + /* check for return to original value */ + if (x == 1) + break; + } + + /* set zero */ + A[0] = 0; +} + + +void +weight_distribution(uint32_t poly, int *A) { + int i; + uint32_t x; + + /* zeroize array */ + for (i=0; i < MAX_WEIGHT+1; i++) + A[i] = 0; + + /* set lfsr to 1 */ + x = 1; +#if debug_print + printf("%d:\t%s\n", 0, u32_bit_string(x,8)); +#endif + for (i=1; i < MAX_PERIOD; i++) { + if (x & 1) + x = (x >> 1) ^ poly; + else + x = (x >> 1); + +#if debug_print + /* print for a sanity check */ + printf("%d:\t%s\n", i, u32_bit_string(x,8)); +#endif + + /* compute weight, increment proper element */ + A[weight(x)]++; + + /* check for return to original value */ + if (x == 1) + break; + } + + /* set zero */ + A[0] = 0; +} + + + + +int +main () { + + int i,j; + v32_t x; + v32_t p; + + /* originally 0xaf */ + p.value = 0x9; + + printf("polynomial: %s\tperiod: %d\n", + u32_bit_string(p.value,8), period(p.value)); + + /* compute weight distribution */ + weight_distribution(p.value, A); + + /* print weight distribution */ + for (i=0; i <= 8; i++) { + printf("A[%d]: %d\n", i, A[i]); + } + +#if 0 + for (i=0; i < 39; i++) { + printf("polynomial: %s\tperiod: %d\n", + u32_bit_string(polynomials[i],8), period(polynomials[i])); + + /* compute weight distribution */ + weight_distribution(p.value, A); + + /* print weight distribution */ + for (j=0; j <= 8; j++) { + printf("A[%d]: %d\n", j, A[j]); + } + } +#endif + + { + int bits = 8; + uint32_t y; + for (y=0; y < (1 << bits); y++) { + printf("polynomial: %s\tweight: %d\tperiod: %d\n", + u32_bit_string(y,bits), weight(y), period(y)); + + /* compute weight distribution */ + weight_distribution(y, A); + + /* print weight distribution */ + for (j=0; j <= 8; j++) { + printf("A[%d]: %d\n", j, A[j]); + } + } + } + + return 0; +} diff --git a/third_party/srtp/test/rdbx_driver.c b/third_party/srtp/test/rdbx_driver.c new file mode 100644 index 0000000..7db67a2 --- /dev/null +++ b/third_party/srtp/test/rdbx_driver.c @@ -0,0 +1,306 @@ +/* + * rdbx_driver.c + * + * driver for the rdbx implementation (replay database with extended range) + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include <stdio.h> /* for printf() */ +#include "getopt_s.h" /* for local getopt() */ + +#include "rdbx.h" + +#ifdef ROC_TEST +#error "rdbx_t won't work with ROC_TEST - bitmask same size as seq_median" +#endif + +#include "ut_sim.h" + +err_status_t +test_replay_dbx(int num_trials); + +double +rdbx_check_adds_per_second(int num_trials); + +void +usage(char *prog_name) { + printf("usage: %s [ -t | -v ]\n", prog_name); + exit(255); +} + +int +main (int argc, char *argv[]) { + double rate; + err_status_t status; + char q; + unsigned do_timing_test = 0; + unsigned do_validation = 0; + + /* process input arguments */ + while (1) { + q = getopt_s(argc, argv, "tv"); + if (q == -1) + break; + switch (q) { + case 't': + do_timing_test = 1; + break; + case 'v': + do_validation = 1; + break; + default: + usage(argv[0]); + } + } + + printf("rdbx (replay database w/ extended range) test driver\n" + "David A. McGrew\n" + "Cisco Systems, Inc.\n"); + + if (!do_validation && !do_timing_test) + usage(argv[0]); + + if (do_validation) { + printf("testing rdbx_t...\n"); + + status = test_replay_dbx(1 << 12); + if (status) { + printf("failed\n"); + exit(1); + } + printf("passed\n"); + } + + if (do_timing_test) { + rate = rdbx_check_adds_per_second(1 << 18); + printf("rdbx_check/replay_adds per second: %e\n", rate); + } + + return 0; +} + +void +print_rdbx(rdbx_t *rdbx) { + printf("rdbx: {%llu, %s}\n", + (unsigned long long)(rdbx->index), v128_bit_string(&rdbx->bitmask)); +} + + +/* + * rdbx_check_add(rdbx, idx) checks a known-to-be-good idx against + * rdbx, then adds it. if a failure is detected (i.e., the check + * indicates that the value is already in rdbx) then + * err_status_algo_fail is returned. + * + */ + +err_status_t +rdbx_check_add(rdbx_t *rdbx, uint32_t idx) { + int delta; + xtd_seq_num_t est; + + delta = index_guess(&rdbx->index, &est, idx); + + if (rdbx_check(rdbx, delta) != err_status_ok) { + printf("replay_check failed at index %u\n", idx); + return err_status_algo_fail; + } + + /* + * in practice, we'd authenticate the packet containing idx, using + * the estimated value est, at this point + */ + + if (rdbx_add_index(rdbx, delta) != err_status_ok) { + printf("rdbx_add_index failed at index %u\n", idx); + return err_status_algo_fail; + } + + return err_status_ok; +} + +/* + * rdbx_check_expect_failure(rdbx_t *rdbx, uint32_t idx) + * + * checks that a sequence number idx is in the replay database + * and thus will be rejected + */ + +err_status_t +rdbx_check_expect_failure(rdbx_t *rdbx, uint32_t idx) { + int delta; + xtd_seq_num_t est; + err_status_t status; + + delta = index_guess(&rdbx->index, &est, idx); + + status = rdbx_check(rdbx, delta); + if (status == err_status_ok) { + printf("delta: %d ", delta); + printf("replay_check failed at index %u (false positive)\n", idx); + return err_status_algo_fail; + } + + return err_status_ok; +} + +err_status_t +rdbx_check_unordered(rdbx_t *rdbx, uint32_t idx) { + err_status_t rstat; + + rstat = rdbx_check(rdbx, idx); + if ((rstat != err_status_ok) && (rstat != err_status_replay_old)) { + printf("replay_check_unordered failed at index %u\n", idx); + return err_status_algo_fail; + } + return err_status_ok; +} + +#define MAX_IDX 160 + +err_status_t +test_replay_dbx(int num_trials) { + rdbx_t rdbx; + uint32_t idx, ircvd; + ut_connection utc; + err_status_t status; + int num_fp_trials; + + status = rdbx_init(&rdbx); + if (status) { + printf("replay_init failed with error code %d\n", status); + exit(1); + } + + /* + * test sequential insertion + */ + printf("\ttesting sequential insertion..."); + for (idx=0; idx < num_trials; idx++) { + status = rdbx_check_add(&rdbx, idx); + if (status) + return status; + } + printf("passed\n"); + + /* + * test for false positives by checking all of the index + * values which we've just added + * + * note that we limit the number of trials here, since allowing the + * rollover counter to roll over would defeat this test + */ + num_fp_trials = num_trials % 0x10000; + if (num_fp_trials == 0) { + printf("warning: no false positive tests performed\n"); + } + printf("\ttesting for false positives..."); + for (idx=0; idx < num_fp_trials; idx++) { + status = rdbx_check_expect_failure(&rdbx, idx); + if (status) + return status; + } + printf("passed\n"); + + /* re-initialize */ + if (rdbx_init(&rdbx) != err_status_ok) { + printf("replay_init failed\n"); + return err_status_init_fail; + } + + /* + * test non-sequential insertion + * + * this test covers only fase negatives, since the values returned + * by ut_next_index(...) are distinct + */ + ut_init(&utc); + + printf("\ttesting non-sequential insertion..."); + for (idx=0; idx < num_trials; idx++) { + ircvd = ut_next_index(&utc); + status = rdbx_check_unordered(&rdbx, ircvd); + if (status) + return status; + } + printf("passed\n"); + + return err_status_ok; +} + + + +#include <time.h> /* for clock() */ +#include <stdlib.h> /* for random() */ + +double +rdbx_check_adds_per_second(int num_trials) { + uint32_t i; + int delta; + rdbx_t rdbx; + xtd_seq_num_t est; + clock_t timer; + int failures; /* count number of failures */ + + if (rdbx_init(&rdbx) != err_status_ok) { + printf("replay_init failed\n"); + exit(1); + } + + failures = 0; + timer = clock(); + for(i=0; i < num_trials; i++) { + + delta = index_guess(&rdbx.index, &est, i); + + if (rdbx_check(&rdbx, delta) != err_status_ok) + ++failures; + else + if (rdbx_add_index(&rdbx, delta) != err_status_ok) + ++failures; + } + timer = clock() - timer; + + printf("number of failures: %d \n", failures); + + return (double) CLOCKS_PER_SEC * num_trials / timer; +} + diff --git a/third_party/srtp/test/replay_driver.c b/third_party/srtp/test/replay_driver.c new file mode 100644 index 0000000..369a77a --- /dev/null +++ b/third_party/srtp/test/replay_driver.c @@ -0,0 +1,209 @@ +/* + * replay_driver.c + * + * A driver for the replay_database implementation + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include <stdio.h> + +#include "rdb.h" +#include "ut_sim.h" + +/* + * num_trials defines the number of trials that are used in the + * validation functions below + */ + +unsigned num_trials = 1 << 16; + +err_status_t +test_rdb_db(void); + +double +rdb_check_adds_per_second(void); + +int +main (void) { + err_status_t err; + + printf("testing anti-replay database (rdb_t)...\n"); + err = test_rdb_db(); + if (err) { + printf("failed\n"); + exit(1); + } + printf("done\n"); + + printf("rdb_check/rdb_adds per second: %e\n", + rdb_check_adds_per_second()); + + return 0; +} + + +void +print_rdb(rdb_t *rdb) { + printf("rdb: {%u, %s}\n", rdb->window_start, v128_bit_string(&rdb->bitmask)); +} + +err_status_t +rdb_check_add(rdb_t *rdb, uint32_t idx) { + + if (rdb_check(rdb, idx) != err_status_ok) { + printf("rdb_check failed at index %u\n", idx); + return err_status_fail; + } + if (rdb_add_index(rdb, idx) != err_status_ok) { + printf("rdb_add_index failed at index %u\n", idx); + return err_status_fail; + } + + return err_status_ok; +} + +err_status_t +rdb_check_expect_failure(rdb_t *rdb, uint32_t idx) { + err_status_t err; + + err = rdb_check(rdb, idx); + if ((err != err_status_replay_old) && (err != err_status_replay_fail)) { + printf("rdb_check failed at index %u (false positive)\n", idx); + return err_status_fail; + } + + return err_status_ok; +} + +err_status_t +rdb_check_unordered(rdb_t *rdb, uint32_t idx) { + err_status_t rstat; + + /* printf("index: %u\n", idx); */ + rstat = rdb_check(rdb, idx); + if ((rstat != err_status_ok) && (rstat != err_status_replay_old)) { + printf("rdb_check_unordered failed at index %u\n", idx); + return rstat; + } + return err_status_ok; +} + +err_status_t +test_rdb_db() { + rdb_t rdb; + uint32_t idx, ircvd; + ut_connection utc; + err_status_t err; + + if (rdb_init(&rdb) != err_status_ok) { + printf("rdb_init failed\n"); + return err_status_init_fail; + } + + /* test sequential insertion */ + for (idx=0; idx < num_trials; idx++) { + err = rdb_check_add(&rdb, idx); + if (err) + return err; + } + + /* test for false positives */ + for (idx=0; idx < num_trials; idx++) { + err = rdb_check_expect_failure(&rdb, idx); + if (err) + return err; + } + + /* re-initialize */ + if (rdb_init(&rdb) != err_status_ok) { + printf("rdb_init failed\n"); + return err_status_fail; + } + + /* test non-sequential insertion */ + ut_init(&utc); + + for (idx=0; idx < num_trials; idx++) { + ircvd = ut_next_index(&utc); + err = rdb_check_unordered(&rdb, ircvd); + if (err) + return err; + } + + return err_status_ok; +} + +#include <time.h> /* for clock() */ +#include <stdlib.h> /* for random() */ + +#define REPLAY_NUM_TRIALS 10000000 + +double +rdb_check_adds_per_second(void) { + uint32_t i; + rdb_t rdb; + clock_t timer; + int failures; /* count number of failures */ + + if (rdb_init(&rdb) != err_status_ok) { + printf("rdb_init failed\n"); + exit(1); + } + + timer = clock(); + for(i=0; i < REPLAY_NUM_TRIALS; i+=3) { + if (rdb_check(&rdb, i+2) != err_status_ok) + ++failures; + if (rdb_add_index(&rdb, i+2) != err_status_ok) + ++failures; + if (rdb_check(&rdb, i+1) != err_status_ok) + ++failures; + if (rdb_add_index(&rdb, i+1) != err_status_ok) + ++failures; + if (rdb_check(&rdb, i) != err_status_ok) + ++failures; + if (rdb_add_index(&rdb, i) != err_status_ok) + ++failures; + } + timer = clock() - timer; + + return (double) CLOCKS_PER_SEC * REPLAY_NUM_TRIALS / timer; +} diff --git a/third_party/srtp/test/roc_driver.c b/third_party/srtp/test/roc_driver.c new file mode 100644 index 0000000..396c9a7 --- /dev/null +++ b/third_party/srtp/test/roc_driver.c @@ -0,0 +1,165 @@ +/* + * roc_driver.c + * + * test driver for rollover counter replay implementation + * + * David A. McGrew + * Cisco Systems, Inc. + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include <stdio.h> + +/* + * defining ROC_TEST causes small datatypes to be used in + * xtd_seq_num_t - this allows the functions to be exhaustively tested. + */ +#if ROC_NEEDS_TO_BE_TESTED +#define ROC_TEST +#endif + +#include "rdbx.h" +#include "ut_sim.h" + +err_status_t +roc_test(int num_trials); + +int +main (void) { + err_status_t status; + + printf("rollover counter test driver\n" + "David A. McGrew\n" + "Cisco Systems, Inc.\n"); + + printf("testing index functions..."); + status = roc_test(1 << 18); + if (status) { + printf("failed\n"); + exit(status); + } + printf("passed\n"); + return 0; +} + + +#define ROC_VERBOSE 0 + +err_status_t +roc_test(int num_trials) { + xtd_seq_num_t local, est, ref; + ut_connection utc; + int i, num_bad_est = 0; + int delta; + uint32_t ircvd; + double failure_rate; + + index_init(&local); + index_init(&ref); + index_init(&est); + + printf("\n\ttesting sequential insertion..."); + for (i=0; i < 2048; i++) { + delta = index_guess(&local, &est, (uint16_t) ref); +#if ROC_VERBOSE + printf("%lld, %lld, %d\n", ref, est, i); +#endif + if (ref != est) { +#if ROC_VERBOSE + printf(" *bad estimate*\n"); +#endif + ++num_bad_est; + } + index_advance(&ref, 1); + } + failure_rate = (double) num_bad_est / num_trials; + if (failure_rate > 0.01) { + printf("error: failure rate too high (%d bad estimates in %d trials)\n", + num_bad_est, num_trials); + return err_status_algo_fail; + } + printf("done\n"); + + + printf("\ttesting non-sequential insertion..."); + index_init(&local); + index_init(&ref); + index_init(&est); + ut_init(&utc); + + for (i=0; i < num_trials; i++) { + + /* get next seq num from unreliable transport simulator */ + ircvd = ut_next_index(&utc); + + /* set ref to value of ircvd */ + ref = ircvd; + + /* estimate index based on low bits of ircvd */ + delta = index_guess(&local, &est, (uint16_t) ref); +#if ROC_VERBOSE + printf("ref: %lld, local: %lld, est: %lld, ircvd: %d, delta: %d\n", + ref, local, est, ircvd, delta); +#endif + + /* now update local xtd_seq_num_t as necessary */ + if (delta > 0) + index_advance(&local, delta); + + if (ref != est) { +#if ROC_VERBOSE + printf(" *bad estimate*\n"); +#endif + /* record failure event */ + ++num_bad_est; + + /* reset local value to correct value */ + local = ref; + } + } + failure_rate = (double) num_bad_est / num_trials; + if (failure_rate > 0.01) { + printf("error: failure rate too high (%d bad estimates in %d trials)\n", + num_bad_est, num_trials); + return err_status_algo_fail; + } + printf("done\n"); + + return err_status_ok; +} diff --git a/third_party/srtp/test/rtp.c b/third_party/srtp/test/rtp.c new file mode 100644 index 0000000..69968f3 --- /dev/null +++ b/third_party/srtp/test/rtp.c @@ -0,0 +1,167 @@ +/* + * rtp.c + * + * library functions for the real-time transport protocol + * + * David A. McGrew + * Cisco Systems, Inc. + */ + + +#include "rtp_priv.h" + +#include <stdio.h> +#include <string.h> + +#include <sys/types.h> +#ifdef HAVE_SYS_SOCKET_H +# include <sys/socket.h> +#endif + +#define PRINT_DEBUG 0 /* set to 1 to print out debugging data */ +#define VERBOSE_DEBUG 0 /* set to 1 to print out more data */ + +unsigned int +rtp_sendto(rtp_sender_t sender, const void* msg, int len) { + int octets_sent; + err_status_t stat; + int pkt_len = len + RTP_HEADER_LEN; + + /* marshal data */ + strncpy(sender->message.body, msg, len); + + /* update header */ + sender->message.header.seq = ntohs(sender->message.header.seq) + 1; + sender->message.header.seq = htons(sender->message.header.seq); + sender->message.header.ts = ntohl(sender->message.header.ts) + 1; + sender->message.header.ts = htonl(sender->message.header.ts); + + /* apply srtp */ + stat = srtp_protect(sender->srtp_ctx, &sender->message.header, &pkt_len); + if (stat) { +#if PRINT_DEBUG + fprintf(stderr, "error: srtp protection failed with code %d\n", stat); +#endif + return -1; + } +#if VERBOSE_DEBUG + srtp_print_packet(&sender->message.header, pkt_len); +#endif + octets_sent = sendto(sender->socket, (void*)&sender->message, + pkt_len, 0, (struct sockaddr *)&sender->addr, + sizeof (struct sockaddr_in)); + + if (octets_sent != pkt_len) { +#if PRINT_DEBUG + fprintf(stderr, "error: couldn't send message %s", (char *)msg); + perror(""); +#endif + } + + return octets_sent; +} + +unsigned int +rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len) { + int octets_recvd; + err_status_t stat; + + octets_recvd = recvfrom(receiver->socket, (void *)&receiver->message, + *len, 0, (struct sockaddr *) NULL, 0); + + /* verify rtp header */ + if (receiver->message.header.version != 2) { + *len = 0; + return -1; + } + +#if PRINT_DEBUG + fprintf(stderr, "%d octets received from SSRC %u\n", + octets_recvd, receiver->message.header.ssrc); +#endif +#if VERBOSE_DEBUG + srtp_print_packet(&receiver->message.header, octets_recvd); +#endif + + /* apply srtp */ + stat = srtp_unprotect(receiver->srtp_ctx, + &receiver->message.header, &octets_recvd); + if (stat) { + fprintf(stderr, + "error: srtp unprotection failed with code %d%s\n", stat, + stat == err_status_replay_fail ? " (replay check failed)" : + stat == err_status_auth_fail ? " (auth check failed)" : ""); + return -1; + } + strncpy(msg, receiver->message.body, octets_recvd); + + return octets_recvd; +} + +int +rtp_sender_init(rtp_sender_t sender, + int socket, + struct sockaddr_in addr, + unsigned int ssrc) { + + /* set header values */ + sender->message.header.ssrc = htonl(ssrc); + sender->message.header.ts = 0; + sender->message.header.seq = (uint16_t) rand(); + sender->message.header.m = 0; + sender->message.header.pt = 0x1; + sender->message.header.version = 2; + sender->message.header.p = 0; + sender->message.header.x = 0; + sender->message.header.cc = 0; + + /* set other stuff */ + sender->socket = socket; + sender->addr = addr; + + return 0; +} + +int +rtp_receiver_init(rtp_receiver_t rcvr, + int socket, + struct sockaddr_in addr, + unsigned int ssrc) { + + /* set header values */ + rcvr->message.header.ssrc = htonl(ssrc); + rcvr->message.header.ts = 0; + rcvr->message.header.seq = 0; + rcvr->message.header.m = 0; + rcvr->message.header.pt = 0x1; + rcvr->message.header.version = 2; + rcvr->message.header.p = 0; + rcvr->message.header.x = 0; + rcvr->message.header.cc = 0; + + /* set other stuff */ + rcvr->socket = socket; + rcvr->addr = addr; + + return 0; +} + +int +rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy) { + return srtp_create(&sender->srtp_ctx, policy); +} + +int +rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy) { + return srtp_create(&sender->srtp_ctx, policy); +} + +rtp_sender_t +rtp_sender_alloc() { + return (rtp_sender_t)malloc(sizeof(rtp_sender_ctx_t)); +} + +rtp_receiver_t +rtp_receiver_alloc() { + return (rtp_receiver_t)malloc(sizeof(rtp_receiver_ctx_t)); +} diff --git a/third_party/srtp/test/rtpw.c b/third_party/srtp/test/rtpw.c new file mode 100644 index 0000000..e477a77 --- /dev/null +++ b/third_party/srtp/test/rtpw.c @@ -0,0 +1,519 @@ +/* + * rtpw.c + * + * rtp word sender/receiver + * + * David A. McGrew + * Cisco Systems, Inc. + * + * This app is a simple RTP application intended only for testing + * libsrtp. It reads one word at a time from /usr/dict/words (or + * whatever file is specified as DICT_FILE), and sends one word out + * each USEC_RATE microseconds. Secure RTP protections can be + * applied. See the usage() function for more details. + * + */ + +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "datatypes.h" +#include "getopt_s.h" /* for local getopt() */ + +#include <stdio.h> /* for printf, fprintf */ +#include <stdlib.h> /* for atoi() */ +#include <errno.h> +#include <unistd.h> /* for close() */ + +#include <string.h> /* for strncpy() */ +#include <time.h> /* for usleep() */ +#ifdef HAVE_SYS_SOCKET_H +# include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +# include <netinet/in.h> +#elif defined HAVE_WINSOCK2_H +# include <winsock2.h> +# include <ws2tcpip.h> +# define RTPW_USE_WINSOCK2 1 +#endif +#ifdef HAVE_ARPA_INET_H +# include <arpa/inet.h> +#endif + +#include "srtp.h" +#include "rtp.h" + +#ifdef RTPW_USE_WINSOCK2 +# define DICT_FILE "words.txt" +#else +# define DICT_FILE "/usr/share/dict/words" +#endif +#define USEC_RATE (5e5) +#define MAX_WORD_LEN 128 +#define ADDR_IS_MULTICAST(a) IN_MULTICAST(htonl(a)) +#define MAX_KEY_LEN 64 +#define MASTER_KEY_LEN 30 + + +#ifndef HAVE_USLEEP +# ifdef HAVE_WINDOWS_H +# define usleep(us) Sleep((us)/1000) +# else +# define usleep(us) sleep((us)/1000000) +# endif +#endif + + +/* + * the function usage() prints an error message describing how this + * program should be called, then calls exit() + */ + +void +usage(char *prog_name); + +/* + * leave_group(...) de-registers from a multicast group + */ + +void +leave_group(int sock, struct ip_mreq mreq, char *name); + + +/* + * program_type distinguishes the [s]rtp sender and receiver cases + */ + +typedef enum { sender, receiver, unknown } program_type; + +int +main (int argc, char *argv[]) { + char *dictfile = DICT_FILE; + FILE *dict; + char word[MAX_WORD_LEN]; + int sock, ret; + struct in_addr rcvr_addr; + struct sockaddr_in name; + struct ip_mreq mreq; +#if BEW + struct sockaddr_in local; +#endif + program_type prog_type = unknown; + sec_serv_t sec_servs = sec_serv_none; + unsigned char ttl = 5; + int c; + char *input_key = NULL; + char *address = NULL; + char key[MAX_KEY_LEN]; + unsigned short port = 0; + rtp_sender_t snd; + srtp_policy_t policy; + err_status_t status; + int len; + int do_list_mods = 0; + uint32_t ssrc = 0xdeadbeef; /* ssrc value hardcoded for now */ +#ifdef RTPW_USE_WINSOCK2 + WORD wVersionRequested = MAKEWORD(2, 0); + WSADATA wsaData; + + ret = WSAStartup(wVersionRequested, &wsaData); + if (ret != 0) { + fprintf(stderr, "error: WSAStartup() failed: %d\n", ret); + exit(1); + } +#endif + + /* initialize srtp library */ + status = srtp_init(); + if (status) { + printf("error: srtp initialization failed with error code %d\n", status); + exit(1); + } + + /* check args */ + while (1) { + c = getopt_s(argc, argv, "k:rsaeld:"); + if (c == -1) { + break; + } + switch (c) { + case 'k': + input_key = optarg_s; + break; + case 'e': + sec_servs |= sec_serv_conf; + break; + case 'a': + sec_servs |= sec_serv_auth; + break; + case 'r': + prog_type = receiver; + break; + case 's': + prog_type = sender; + break; + case 'd': + status = crypto_kernel_set_debug_module(optarg_s, 1); + if (status) { + printf("error: set debug module (%s) failed\n", optarg_s); + exit(1); + } + break; + case 'l': + do_list_mods = 1; + break; + default: + usage(argv[0]); + } + } + + if (prog_type == unknown) { + if (do_list_mods) { + status = crypto_kernel_list_debug_modules(); + if (status) { + printf("error: list of debug modules failed\n"); + exit(1); + } + return 0; + } else { + printf("error: neither sender [-s] nor receiver [-r] specified\n"); + usage(argv[0]); + } + } + + if ((sec_servs && !input_key) || (!sec_servs && input_key)) { + /* + * a key must be provided if and only if security services have + * been requested + */ + usage(argv[0]); + } + + if (argc != optind_s + 2) { + /* wrong number of arguments */ + usage(argv[0]); + } + + /* get address from arg */ + address = argv[optind_s++]; + + /* get port from arg */ + port = atoi(argv[optind_s++]); + + /* set address */ +#ifdef HAVE_INET_ATON + if (0 == inet_aton(address, &rcvr_addr)) { + fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0], address); + exit(1); + } + if (rcvr_addr.s_addr == INADDR_NONE) { + fprintf(stderr, "%s: address error", argv[0]); + exit(1); + } +#else + rcvr_addr.s_addr = inet_addr(address); + if (0xffffffff == rcvr_addr.s_addr) { + fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0], address); + exit(1); + } +#endif + + /* open socket */ + sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); + if (sock < 0) { + int err; +#ifdef RTPW_USE_WINSOCK2 + err = WSAGetLastError(); +#else + err = errno; +#endif + fprintf(stderr, "%s: couldn't open socket: %d\n", argv[0], err); + exit(1); + } + + name.sin_addr = rcvr_addr; + name.sin_family = PF_INET; + name.sin_port = htons(port); + + if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { + if (prog_type == sender) { + ret = setsockopt(sock, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, + sizeof(ttl)); + if (ret < 0) { + fprintf(stderr, "%s: Failed to set TTL for multicast group", argv[0]); + perror(""); + exit(1); + } + } + + mreq.imr_multiaddr.s_addr = rcvr_addr.s_addr; + mreq.imr_interface.s_addr = htonl(INADDR_ANY); + ret = setsockopt(sock, IPPROTO_IP, IP_ADD_MEMBERSHIP, (void*)&mreq, + sizeof(mreq)); + if (ret < 0) { + fprintf(stderr, "%s: Failed to join multicast group", argv[0]); + perror(""); + exit(1); + } + } + + /* report security services selected on the command line */ + printf("security services: "); + if (sec_servs & sec_serv_conf) + printf("confidentiality "); + if (sec_servs & sec_serv_auth) + printf("message authentication"); + if (sec_servs == sec_serv_none) + printf("none"); + printf("\n"); + + /* set up the srtp policy and master key */ + if (sec_servs) { + /* + * create policy structure, using the default mechanisms but + * with only the security services requested on the command line, + * using the right SSRC value + */ + switch (sec_servs) { + case sec_serv_conf_and_auth: + crypto_policy_set_rtp_default(&policy.rtp); + crypto_policy_set_rtcp_default(&policy.rtcp); + break; + case sec_serv_conf: + crypto_policy_set_aes_cm_128_null_auth(&policy.rtp); + crypto_policy_set_rtcp_default(&policy.rtcp); + break; + case sec_serv_auth: + crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp); + crypto_policy_set_rtcp_default(&policy.rtcp); + break; + default: + printf("error: unknown security service requested\n"); + return -1; + } + policy.ssrc.type = ssrc_specific; + policy.ssrc.value = ssrc; + policy.key = (uint8_t *) key; + policy.next = NULL; + policy.rtp.sec_serv = sec_servs; + policy.rtcp.sec_serv = sec_serv_none; /* we don't do RTCP anyway */ + + /* + * read key from hexadecimal on command line into an octet string + */ + len = hex_string_to_octet_string(key, input_key, MASTER_KEY_LEN*2); + + /* check that hex string is the right length */ + if (len < MASTER_KEY_LEN*2) { + fprintf(stderr, + "error: too few digits in key/salt " + "(should be %d hexadecimal digits, found %d)\n", + MASTER_KEY_LEN*2, len); + exit(1); + } + if (strlen(input_key) > MASTER_KEY_LEN*2) { + fprintf(stderr, + "error: too many digits in key/salt " + "(should be %d hexadecimal digits, found %u)\n", + MASTER_KEY_LEN*2, (unsigned)strlen(input_key)); + exit(1); + } + + printf("set master key/salt to %s/", octet_string_hex_string(key, 16)); + printf("%s\n", octet_string_hex_string(key+16, 14)); + + } else { + /* + * we're not providing security services, so set the policy to the + * null policy + * + * Note that this policy does not conform to the SRTP + * specification, since RTCP authentication is required. However, + * the effect of this policy is to turn off SRTP, so that this + * application is now a vanilla-flavored RTP application. + */ + policy.key = (uint8_t *)key; + policy.ssrc.type = ssrc_specific; + policy.ssrc.value = ssrc; + policy.rtp.cipher_type = NULL_CIPHER; + policy.rtp.cipher_key_len = 0; + policy.rtp.auth_type = NULL_AUTH; + policy.rtp.auth_key_len = 0; + policy.rtp.auth_tag_len = 0; + policy.rtp.sec_serv = sec_serv_none; + policy.rtcp.cipher_type = NULL_CIPHER; + policy.rtcp.cipher_key_len = 0; + policy.rtcp.auth_type = NULL_AUTH; + policy.rtcp.auth_key_len = 0; + policy.rtcp.auth_tag_len = 0; + policy.rtcp.sec_serv = sec_serv_none; + policy.next = NULL; + } + + if (prog_type == sender) { + +#if BEW + /* bind to local socket (to match crypto policy, if need be) */ + memset(&local, 0, sizeof(struct sockaddr_in)); + local.sin_addr.s_addr = htonl(INADDR_ANY); + local.sin_port = htons(port); + ret = bind(sock, (struct sockaddr *) &local, sizeof(struct sockaddr_in)); + if (ret < 0) { + fprintf(stderr, "%s: bind failed\n", argv[0]); + perror(""); + exit(1); + } +#endif /* BEW */ + + /* initialize sender's rtp and srtp contexts */ + snd = rtp_sender_alloc(); + if (snd == NULL) { + fprintf(stderr, "error: malloc() failed\n"); + exit(1); + } + rtp_sender_init(snd, sock, name, ssrc); + status = rtp_sender_init_srtp(snd, &policy); + if (status) { + fprintf(stderr, + "error: srtp_create() failed with code %d\n", + status); + exit(1); + } + + /* open dictionary */ + dict = fopen (dictfile, "r"); + if (dict == NULL) { + fprintf(stderr, "%s: couldn't open file %s\n", argv[0], dictfile); + if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { + leave_group(sock, mreq, argv[0]); + } + exit(1); + } + + /* read words from dictionary, then send them off */ + while (fgets(word, MAX_WORD_LEN, dict) != NULL) { + len = strlen(word) + 1; /* plus one for null */ + + if (len > MAX_WORD_LEN) + printf("error: word %s too large to send\n", word); + else { + rtp_sendto(snd, word, len); + printf("sending word: %s", word); + } + usleep(USEC_RATE); + } + + } else { /* prog_type == receiver */ + rtp_receiver_t rcvr; + + if (bind(sock, (struct sockaddr *)&name, sizeof(name)) < 0) { + close(sock); + fprintf(stderr, "%s: socket bind error\n", argv[0]); + perror(NULL); + if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { + leave_group(sock, mreq, argv[0]); + } + exit(1); + } + + rcvr = rtp_receiver_alloc(); + if (rcvr == NULL) { + fprintf(stderr, "error: malloc() failed\n"); + exit(1); + } + rtp_receiver_init(rcvr, sock, name, ssrc); + status = rtp_receiver_init_srtp(rcvr, &policy); + if (status) { + fprintf(stderr, + "error: srtp_create() failed with code %d\n", + status); + exit(1); + } + + /* get next word and loop */ + while (1) { + len = MAX_WORD_LEN; + if (rtp_recvfrom(rcvr, word, &len) > -1) + printf("\tword: %s", word); + } + + } + + if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { + leave_group(sock, mreq, argv[0]); + } + +#ifdef RTPW_USE_WINSOCK2 + WSACleanup(); +#endif + + return 0; +} + + +void +usage(char *string) { + + printf("usage: %s [-d <debug>]* [-k <key> [-a][-e]] " + "[-s | -r] dest_ip dest_port\n" + "or %s -l\n" + "where -a use message authentication\n" + " -e use encryption\n" + " -k <key> sets the srtp master key\n" + " -s act as rtp sender\n" + " -r act as rtp receiver\n" + " -l list debug modules\n" + " -d <debug> turn on debugging for module <debug>\n", + string, string); + exit(1); + +} + + +void +leave_group(int sock, struct ip_mreq mreq, char *name) { + int ret; + + ret = setsockopt(sock, IPPROTO_IP, IP_DROP_MEMBERSHIP, (void*)&mreq, + sizeof(mreq)); + if (ret < 0) { + fprintf(stderr, "%s: Failed to leave multicast group", name); + perror(""); + } +} + diff --git a/third_party/srtp/test/rtpw_test.sh b/third_party/srtp/test/rtpw_test.sh new file mode 100644 index 0000000..f82e937 --- /dev/null +++ b/third_party/srtp/test/rtpw_test.sh @@ -0,0 +1,77 @@ +#!/bin/sh +# +# usage: rtpw_test <rtpw_commands> +# +# tests the rtpw sender and receiver functions + +RTPW=rtpw +DEST_PORT=9999 +DURATION=3 + +key=2b2edc5034f61a72345ca5986d7bfd0189aa6dc2ecab32fd9af74df6dfc6 + +ARGS="-k $key -ae" + +# First, we run "killall" to get rid of all existing rtpw processes. +# This step also enables this script to clean up after itself; if this +# script is interrupted after the rtpw processes are started but before +# they are killed, those processes will linger. Re-running the script +# will get rid of them. + +killall rtpw 2&>/dev/null + +if test -x $RTPW; then + +echo $0 ": starting rtpw receiver process... " + +$RTPW $* $ARGS -r 0.0.0.0 $DEST_PORT & + +receiver_pid=$! + +echo $0 ": receiver PID = $receiver_pid" + +sleep 1 + +# verify that the background job is running +ps | grep -q $receiver_pid +retval=$? +echo $retval +if [ $retval != 0 ]; then + echo $0 ": error" + exit 254 +fi + +echo $0 ": starting rtpw sender process..." + +$RTPW $* $ARGS -s 127.0.0.1 $DEST_PORT & + +sender_pid=$! + +echo $0 ": sender PID = $sender_pid" + +# verify that the background job is running +ps | grep -q $sender_pid +retval=$? +echo $retval +if [ $retval != 0 ]; then + echo $0 ": error" + exit 255 +fi + +sleep $DURATION + +kill $receiver_pid +kill $sender_pid + +echo $0 ": done (test passed)" + +else + +echo "error: can't find executable" $RTPW +exit 1 + +fi + +# EOF + + diff --git a/third_party/srtp/test/srtp_driver.c b/third_party/srtp/test/srtp_driver.c new file mode 100644 index 0000000..12d1c8c --- /dev/null +++ b/third_party/srtp/test/srtp_driver.c @@ -0,0 +1,1491 @@ +/* + * srtp_driver.c + * + * a test driver for libSRTP + * + * David A. McGrew + * Cisco Systems, Inc. + */ +/* + * + * Copyright (c) 2001-2006, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include <string.h> /* for memcpy() */ +#include <time.h> /* for clock() */ +#include <stdlib.h> /* for malloc(), free() */ +#include <stdio.h> /* for print(), fflush() */ +#include "getopt_s.h" /* for local getopt() */ + +#include "srtp_priv.h" + +#ifdef HAVE_NETINET_IN_H +# include <netinet/in.h> +#elif defined HAVE_WINSOCK2_H +# include <winsock2.h> +#endif + +#define PRINT_REFERENCE_PACKET 1 + +err_status_t +srtp_validate(void); + +err_status_t +srtp_create_big_policy(srtp_policy_t **list); + +err_status_t +srtp_test_remove_stream(void); + +double +srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy); + +double +srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy); + +void +srtp_do_timing(const srtp_policy_t *policy); + +void +srtp_do_rejection_timing(const srtp_policy_t *policy); + +err_status_t +srtp_test(const srtp_policy_t *policy); + +err_status_t +srtcp_test(const srtp_policy_t *policy); + +err_status_t +srtp_session_print_policy(srtp_t srtp); + +err_status_t +srtp_print_policy(const srtp_policy_t *policy); + +char * +srtp_packet_to_string(srtp_hdr_t *hdr, int packet_len); + +double +mips_estimate(int num_trials, int *ignore); + +extern uint8_t test_key[30]; + +void +usage(char *prog_name) { + printf("usage: %s [ -t ][ -c ][ -v ][-d <debug_module> ]* [ -l ]\n" + " -t run timing test\n" + " -r run rejection timing test\n" + " -c run codec timing test\n" + " -v run validation tests\n" + " -d <mod> turn on debugging module <mod>\n" + " -l list debugging modules\n", prog_name); + exit(1); +} + +/* + * The policy_array is a null-terminated array of policy structs. it + * is declared at the end of this file + */ + +extern const srtp_policy_t *policy_array[]; + + +/* the wildcard_policy is declared below; it has a wildcard ssrc */ + +extern const srtp_policy_t wildcard_policy; + +/* + * mod_driver debug module - debugging module for this test driver + * + * we use the crypto_kernel debugging system in this driver, which + * makes the interface uniform and increases portability + */ + +debug_module_t mod_driver = { + 0, /* debugging is off by default */ + "driver" /* printable name for module */ +}; + +int +main (int argc, char *argv[]) { + char q; + unsigned do_timing_test = 0; + unsigned do_rejection_test = 0; + unsigned do_codec_timing = 0; + unsigned do_validation = 0; + unsigned do_list_mods = 0; + err_status_t status; + + /* + * verify that the compiler has interpreted the header data + * structure srtp_hdr_t correctly + */ + if (sizeof(srtp_hdr_t) != 12) { + printf("error: srtp_hdr_t has incorrect size" + "(size is %ld bytes, expected 12)\n", + sizeof(srtp_hdr_t)); + exit(1); + } + + /* initialize srtp library */ + status = srtp_init(); + if (status) { + printf("error: srtp init failed with error code %d\n", status); + exit(1); + } + + /* load srtp_driver debug module */ + status = crypto_kernel_load_debug_module(&mod_driver); + if (status) { + printf("error: load of srtp_driver debug module failed " + "with error code %d\n", status); + exit(1); + } + + /* process input arguments */ + while (1) { + q = getopt_s(argc, argv, "trcvld:"); + if (q == -1) + break; + switch (q) { + case 't': + do_timing_test = 1; + break; + case 'r': + do_rejection_test = 1; + break; + case 'c': + do_codec_timing = 1; + break; + case 'v': + do_validation = 1; + break; + case 'l': + do_list_mods = 1; + break; + case 'd': + status = crypto_kernel_set_debug_module(optarg_s, 1); + if (status) { + printf("error: set debug module (%s) failed\n", optarg_s); + exit(1); + } + break; + default: + usage(argv[0]); + } + } + + if (!do_validation && !do_timing_test && !do_codec_timing + && !do_list_mods && !do_rejection_test) + usage(argv[0]); + + if (do_list_mods) { + status = crypto_kernel_list_debug_modules(); + if (status) { + printf("error: list of debug modules failed\n"); + exit(1); + } + } + + if (do_validation) { + const srtp_policy_t **policy = policy_array; + srtp_policy_t *big_policy; + + /* loop over policy array, testing srtp and srtcp for each policy */ + while (*policy != NULL) { + printf("testing srtp_protect and srtp_unprotect\n"); + if (srtp_test(*policy) == err_status_ok) + printf("passed\n\n"); + else { + printf("failed\n"); + exit(1); + } + printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n"); + if (srtcp_test(*policy) == err_status_ok) + printf("passed\n\n"); + else { + printf("failed\n"); + exit(1); + } + policy++; + } + + /* create a big policy list and run tests on it */ + status = srtp_create_big_policy(&big_policy); + if (status) { + printf("unexpected failure with error code %d\n", status); + exit(1); + } + printf("testing srtp_protect and srtp_unprotect with big policy\n"); + if (srtp_test(big_policy) == err_status_ok) + printf("passed\n\n"); + else { + printf("failed\n"); + exit(1); + } + + /* run test on wildcard policy */ + printf("testing srtp_protect and srtp_unprotect on " + "wildcard ssrc policy\n"); + if (srtp_test(&wildcard_policy) == err_status_ok) + printf("passed\n\n"); + else { + printf("failed\n"); + exit(1); + } + + /* + * run validation test against the reference packets - note + * that this test only covers the default policy + */ + printf("testing srtp_protect and srtp_unprotect against " + "reference packets\n"); + if (srtp_validate() == err_status_ok) + printf("passed\n\n"); + else { + printf("failed\n"); + exit(1); + } + + /* + * test the function srtp_remove_stream() + */ + printf("testing srtp_remove_stream()..."); + if (srtp_test_remove_stream() == err_status_ok) + printf("passed\n"); + else { + printf("failed\n"); + exit(1); + } + } + + if (do_timing_test) { + const srtp_policy_t **policy = policy_array; + + /* loop over policies, run timing test for each */ + while (*policy != NULL) { + srtp_print_policy(*policy); + srtp_do_timing(*policy); + policy++; + } + } + + if (do_rejection_test) { + const srtp_policy_t **policy = policy_array; + + /* loop over policies, run rejection timing test for each */ + while (*policy != NULL) { + srtp_print_policy(*policy); + srtp_do_rejection_timing(*policy); + policy++; + } + } + + if (do_codec_timing) { + srtp_policy_t policy; + int ignore; + double mips = mips_estimate(1000000000, &ignore); + + crypto_policy_set_rtp_default(&policy.rtp); + crypto_policy_set_rtcp_default(&policy.rtcp); + policy.ssrc.type = ssrc_specific; + policy.ssrc.value = 0xdecafbad; + policy.key = test_key; + policy.next = NULL; + + printf("mips estimate: %e\n", mips); + + printf("testing srtp processing time for voice codecs:\n"); + printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n"); + printf("G.711\t\t%d\t\t\t%e\n", 80, + (double) mips * (80 * 8) / + srtp_bits_per_second(80, &policy) / .01 ); + printf("G.711\t\t%d\t\t\t%e\n", 160, + (double) mips * (160 * 8) / + srtp_bits_per_second(160, &policy) / .02); + printf("G.726-32\t%d\t\t\t%e\n", 40, + (double) mips * (40 * 8) / + srtp_bits_per_second(40, &policy) / .01 ); + printf("G.726-32\t%d\t\t\t%e\n", 80, + (double) mips * (80 * 8) / + srtp_bits_per_second(80, &policy) / .02); + printf("G.729\t\t%d\t\t\t%e\n", 10, + (double) mips * (10 * 8) / + srtp_bits_per_second(10, &policy) / .01 ); + printf("G.729\t\t%d\t\t\t%e\n", 20, + (double) mips * (20 * 8) / + srtp_bits_per_second(20, &policy) / .02 ); + printf("Wideband\t%d\t\t\t%e\n", 320, + (double) mips * (320 * 8) / + srtp_bits_per_second(320, &policy) / .01 ); + printf("Wideband\t%d\t\t\t%e\n", 640, + (double) mips * (640 * 8) / + srtp_bits_per_second(640, &policy) / .02 ); + } + + return 0; +} + + + +/* + * srtp_create_test_packet(len, ssrc) returns a pointer to a + * (malloced) example RTP packet whose data field has the length given + * by pkt_octet_len and the SSRC value ssrc. The total length of the + * packet is twelve octets longer, since the header is at the + * beginning. There is room at the end of the packet for a trailer, + * and the four octets following the packet are filled with 0xff + * values to enable testing for overwrites. + * + * note that the location of the test packet can (and should) be + * deallocated with the free() call once it is no longer needed. + */ + +srtp_hdr_t * +srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc) { + int i; + uint8_t *buffer; + srtp_hdr_t *hdr; + int bytes_in_hdr = 12; + + /* allocate memory for test packet */ + hdr = (srtp_hdr_t*) malloc(pkt_octet_len + bytes_in_hdr + + SRTP_MAX_TRAILER_LEN + 4); + if (!hdr) + return NULL; + + hdr->version = 2; /* RTP version two */ + hdr->p = 0; /* no padding needed */ + hdr->x = 0; /* no header extension */ + hdr->cc = 0; /* no CSRCs */ + hdr->m = 0; /* marker bit */ + hdr->pt = 0xf; /* payload type */ + hdr->seq = htons(0x1234); /* sequence number */ + hdr->ts = htonl(0xdecafbad); /* timestamp */ + hdr->ssrc = htonl(ssrc); /* synch. source */ + + buffer = (uint8_t *)hdr; + buffer += bytes_in_hdr; + + /* set RTP data to 0xab */ + for (i=0; i < pkt_octet_len; i++) + *buffer++ = 0xab; + + /* set post-data value to 0xffff to enable overrun checking */ + for (i=0; i < SRTP_MAX_TRAILER_LEN+4; i++) + *buffer++ = 0xff; + + return hdr; +} + +void +srtp_do_timing(const srtp_policy_t *policy) { + int len; + + /* + * note: the output of this function is formatted so that it + * can be used in gnuplot. '#' indicates a comment, and "\r\n" + * terminates a record + */ + + printf("# testing srtp throughput:\r\n"); + printf("# mesg length (octets)\tthroughput (megabits per second)\r\n"); + + for (len=16; len <= 2048; len *= 2) + printf("%d\t\t\t%f\r\n", len, + srtp_bits_per_second(len, policy) / 1.0E6); + + /* these extra linefeeds let gnuplot know that a dataset is done */ + printf("\r\n\r\n"); + +} + +void +srtp_do_rejection_timing(const srtp_policy_t *policy) { + int len; + + /* + * note: the output of this function is formatted so that it + * can be used in gnuplot. '#' indicates a comment, and "\r\n" + * terminates a record + */ + + printf("# testing srtp rejection throughput:\r\n"); + printf("# mesg length (octets)\trejections per second\r\n"); + + for (len=8; len <= 2048; len *= 2) + printf("%d\t\t\t%e\r\n", len, srtp_rejections_per_second(len, policy)); + + /* these extra linefeeds let gnuplot know that a dataset is done */ + printf("\r\n\r\n"); + +} + + +#define MAX_MSG_LEN 1024 + +double +srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy) { + srtp_t srtp; + srtp_hdr_t *mesg; + int i; + clock_t timer; + int num_trials = 100000; + int len; + uint32_t ssrc; + err_status_t status; + + /* + * allocate and initialize an srtp session + */ + status = srtp_create(&srtp, policy); + if (status) { + printf("error: srtp_create() failed with error code %d\n", status); + exit(1); + } + + /* + * if the ssrc is unspecified, use a predetermined one + */ + if (policy->ssrc.type != ssrc_specific) { + ssrc = 0xdeadbeef; + } else { + ssrc = policy->ssrc.value; + } + + /* + * create a test packet + */ + mesg = srtp_create_test_packet(msg_len_octets, ssrc); + if (mesg == NULL) + return 0.0; /* indicate failure by returning zero */ + + timer = clock(); + for (i=0; i < num_trials; i++) { + err_status_t status; + len = msg_len_octets + 12; /* add in rtp header length */ + + /* srtp protect message */ + status = srtp_protect(srtp, mesg, &len); + if (status) { + printf("error: srtp_protect() failed with error code %d\n", status); + exit(1); + } + + /* increment message number */ + mesg->seq = htons(ntohs(mesg->seq) + 1); + + } + timer = clock() - timer; + + free(mesg); + + return (double) (msg_len_octets) * 8 * + num_trials * CLOCKS_PER_SEC / timer; +} + +double +srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy) { + srtp_ctx_t *srtp; + srtp_hdr_t *mesg; + int i; + int len; + clock_t timer; + int num_trials = 1000000; + uint32_t ssrc = policy->ssrc.value; + err_status_t status; + + /* + * allocate and initialize an srtp session + */ + status = srtp_create(&srtp, policy); + if (status) { + printf("error: srtp_create() failed with error code %d\n", status); + exit(1); + } + + mesg = srtp_create_test_packet(msg_len_octets, ssrc); + if (mesg == NULL) + return 0.0; /* indicate failure by returning zero */ + + len = msg_len_octets; + srtp_protect(srtp, (srtp_hdr_t *)mesg, &len); + + timer = clock(); + for (i=0; i < num_trials; i++) { + len = msg_len_octets; + srtp_unprotect(srtp, (srtp_hdr_t *)mesg, &len); + } + timer = clock() - timer; + + free(mesg); + + return (double) num_trials * CLOCKS_PER_SEC / timer; +} + + +void +err_check(err_status_t s) { + if (s == err_status_ok) + return; + else + fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s); + exit (1); +} + +err_status_t +srtp_test(const srtp_policy_t *policy) { + int i; + srtp_t srtp_sender; + srtp_t srtp_rcvr; + err_status_t status = err_status_ok; + srtp_hdr_t *hdr, *hdr2; + uint8_t hdr_enc[64]; + uint8_t *pkt_end; + int msg_len_octets, msg_len_enc; + int len; + int tag_length = policy->rtp.auth_tag_len; + uint32_t ssrc; + srtp_policy_t *rcvr_policy; + + err_check(srtp_create(&srtp_sender, policy)); + + /* print out policy */ + err_check(srtp_session_print_policy(srtp_sender)); + + /* + * initialize data buffer, using the ssrc in the policy unless that + * value is a wildcard, in which case we'll just use an arbitrary + * one + */ + if (policy->ssrc.type != ssrc_specific) + ssrc = 0xdecafbad; + else + ssrc = policy->ssrc.value; + msg_len_octets = 28; + hdr = srtp_create_test_packet(msg_len_octets, ssrc); + + if (hdr == NULL) + return err_status_alloc_fail; + hdr2 = srtp_create_test_packet(msg_len_octets, ssrc); + if (hdr2 == NULL) { + free(hdr); + return err_status_alloc_fail; + } + + /* set message length */ + len = msg_len_octets; + + debug_print(mod_driver, "before protection:\n%s", + srtp_packet_to_string(hdr, len)); + +#if PRINT_REFERENCE_PACKET + debug_print(mod_driver, "reference packet before protection:\n%s", + octet_string_hex_string((uint8_t *)hdr, len)); +#endif + err_check(srtp_protect(srtp_sender, hdr, &len)); + + debug_print(mod_driver, "after protection:\n%s", + srtp_packet_to_string(hdr, len)); +#if PRINT_REFERENCE_PACKET + debug_print(mod_driver, "after protection:\n%s", + octet_string_hex_string((uint8_t *)hdr, len)); +#endif + + /* save protected message and length */ + memcpy(hdr_enc, hdr, len); + msg_len_enc = len; + + /* + * check for overrun of the srtp_protect() function + * + * The packet is followed by a value of 0xfffff; if the value of the + * data following the packet is different, then we know that the + * protect function is overwriting the end of the packet. + */ + pkt_end = (uint8_t *)hdr + sizeof(srtp_hdr_t) + + msg_len_octets + tag_length; + for (i = 0; i < 4; i++) + if (pkt_end[i] != 0xff) { + fprintf(stdout, "overwrite in srtp_protect() function " + "(expected %x, found %x in trailing octet %d)\n", + 0xff, ((uint8_t *)hdr)[i], i); + free(hdr); + free(hdr2); + return err_status_algo_fail; + } + + /* + * if the policy includes confidentiality, check that ciphertext is + * different than plaintext + * + * Note that this check will give false negatives, with some small + * probability, especially if the packets are short. For that + * reason, we skip this check if the plaintext is less than four + * octets long. + */ + if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) { + printf("testing that ciphertext is distinct from plaintext..."); + status = err_status_algo_fail; + for (i=12; i < msg_len_octets+12; i++) + if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) { + status = err_status_ok; + } + if (status) { + printf("failed\n"); + free(hdr); + free(hdr2); + return status; + } + printf("passed\n"); + } + + /* + * if the policy uses a 'wildcard' ssrc, then we need to make a copy + * of the policy that changes the direction to inbound + * + * we always copy the policy into the rcvr_policy, since otherwise + * the compiler would fret about the constness of the policy + */ + rcvr_policy = (srtp_policy_t*) malloc(sizeof(srtp_policy_t)); + if (rcvr_policy == NULL) + return err_status_alloc_fail; + memcpy(rcvr_policy, policy, sizeof(srtp_policy_t)); + if (policy->ssrc.type == ssrc_any_outbound) { + rcvr_policy->ssrc.type = ssrc_any_inbound; + } + + err_check(srtp_create(&srtp_rcvr, rcvr_policy)); + + err_check(srtp_unprotect(srtp_rcvr, hdr, &len)); + + debug_print(mod_driver, "after unprotection:\n%s", + srtp_packet_to_string(hdr, len)); + + /* verify that the unprotected packet matches the origial one */ + for (i=0; i < msg_len_octets; i++) + if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) { + fprintf(stdout, "mismatch at octet %d\n", i); + status = err_status_algo_fail; + } + if (status) { + free(hdr); + free(hdr2); + return status; + } + + /* + * if the policy includes authentication, then test for false positives + */ + if (policy->rtp.sec_serv & sec_serv_auth) { + char *data = ((char *)hdr) + 12; + + printf("testing for false positives in replay check..."); + + /* set message length */ + len = msg_len_enc; + + /* unprotect a second time - should fail with a replay error */ + status = srtp_unprotect(srtp_rcvr, hdr_enc, &len); + if (status != err_status_replay_fail) { + printf("failed with error code %d\n", status); + free(hdr); + free(hdr2); + return status; + } else { + printf("passed\n"); + } + + printf("testing for false positives in auth check..."); + + /* increment sequence number in header */ + hdr->seq++; + + /* set message length */ + len = msg_len_octets; + + /* apply protection */ + err_check(srtp_protect(srtp_sender, hdr, &len)); + + /* flip bits in packet */ + data[0] ^= 0xff; + + /* unprotect, and check for authentication failure */ + status = srtp_unprotect(srtp_rcvr, hdr, &len); + if (status != err_status_auth_fail) { + printf("failed\n"); + free(hdr); + free(hdr2); + return status; + } else { + printf("passed\n"); + } + + } + + err_check(srtp_dealloc(srtp_sender)); + err_check(srtp_dealloc(srtp_rcvr)); + + free(hdr); + free(hdr2); + return err_status_ok; +} + + +err_status_t +srtcp_test(const srtp_policy_t *policy) { + int i; + srtp_t srtcp_sender; + srtp_t srtcp_rcvr; + err_status_t status = err_status_ok; + srtp_hdr_t *hdr, *hdr2; + uint8_t hdr_enc[64]; + uint8_t *pkt_end; + int msg_len_octets, msg_len_enc; + int len; + int tag_length = policy->rtp.auth_tag_len; + uint32_t ssrc; + srtp_policy_t *rcvr_policy; + + err_check(srtp_create(&srtcp_sender, policy)); + + /* print out policy */ + err_check(srtp_session_print_policy(srtcp_sender)); + + /* + * initialize data buffer, using the ssrc in the policy unless that + * value is a wildcard, in which case we'll just use an arbitrary + * one + */ + if (policy->ssrc.type != ssrc_specific) + ssrc = 0xdecafbad; + else + ssrc = policy->ssrc.value; + msg_len_octets = 28; + hdr = srtp_create_test_packet(msg_len_octets, ssrc); + + if (hdr == NULL) + return err_status_alloc_fail; + hdr2 = srtp_create_test_packet(msg_len_octets, ssrc); + if (hdr2 == NULL) { + free(hdr); + return err_status_alloc_fail; + } + + /* set message length */ + len = msg_len_octets; + + debug_print(mod_driver, "before protection:\n%s", + srtp_packet_to_string(hdr, len)); + +#if PRINT_REFERENCE_PACKET + debug_print(mod_driver, "reference packet before protection:\n%s", + octet_string_hex_string((uint8_t *)hdr, len)); +#endif + err_check(srtp_protect_rtcp(srtcp_sender, hdr, &len)); + + debug_print(mod_driver, "after protection:\n%s", + srtp_packet_to_string(hdr, len)); +#if PRINT_REFERENCE_PACKET + debug_print(mod_driver, "after protection:\n%s", + octet_string_hex_string((uint8_t *)hdr, len)); +#endif + + /* save protected message and length */ + memcpy(hdr_enc, hdr, len); + msg_len_enc = len; + + /* + * check for overrun of the srtp_protect() function + * + * The packet is followed by a value of 0xfffff; if the value of the + * data following the packet is different, then we know that the + * protect function is overwriting the end of the packet. + */ + pkt_end = (uint8_t *)hdr + sizeof(srtp_hdr_t) + + msg_len_octets + tag_length; + for (i = 0; i < 4; i++) + if (pkt_end[i] != 0xff) { + fprintf(stdout, "overwrite in srtp_protect_rtcp() function " + "(expected %x, found %x in trailing octet %d)\n", + 0xff, ((uint8_t *)hdr)[i], i); + free(hdr); + free(hdr2); + return err_status_algo_fail; + } + + /* + * if the policy includes confidentiality, check that ciphertext is + * different than plaintext + * + * Note that this check will give false negatives, with some small + * probability, especially if the packets are short. For that + * reason, we skip this check if the plaintext is less than four + * octets long. + */ + if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) { + printf("testing that ciphertext is distinct from plaintext..."); + status = err_status_algo_fail; + for (i=12; i < msg_len_octets+12; i++) + if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) { + status = err_status_ok; + } + if (status) { + printf("failed\n"); + free(hdr); + free(hdr2); + return status; + } + printf("passed\n"); + } + + /* + * if the policy uses a 'wildcard' ssrc, then we need to make a copy + * of the policy that changes the direction to inbound + * + * we always copy the policy into the rcvr_policy, since otherwise + * the compiler would fret about the constness of the policy + */ + rcvr_policy = (srtp_policy_t*) malloc(sizeof(srtp_policy_t)); + if (rcvr_policy == NULL) + return err_status_alloc_fail; + memcpy(rcvr_policy, policy, sizeof(srtp_policy_t)); + if (policy->ssrc.type == ssrc_any_outbound) { + rcvr_policy->ssrc.type = ssrc_any_inbound; + } + + err_check(srtp_create(&srtcp_rcvr, rcvr_policy)); + + err_check(srtp_unprotect_rtcp(srtcp_rcvr, hdr, &len)); + + debug_print(mod_driver, "after unprotection:\n%s", + srtp_packet_to_string(hdr, len)); + + /* verify that the unprotected packet matches the origial one */ + for (i=0; i < msg_len_octets; i++) + if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) { + fprintf(stdout, "mismatch at octet %d\n", i); + status = err_status_algo_fail; + } + if (status) { + free(hdr); + free(hdr2); + return status; + } + + /* + * if the policy includes authentication, then test for false positives + */ + if (policy->rtp.sec_serv & sec_serv_auth) { + char *data = ((char *)hdr) + 12; + + printf("testing for false positives in replay check..."); + + /* set message length */ + len = msg_len_enc; + + /* unprotect a second time - should fail with a replay error */ + status = srtp_unprotect_rtcp(srtcp_rcvr, hdr_enc, &len); + if (status != err_status_replay_fail) { + printf("failed with error code %d\n", status); + free(hdr); + free(hdr2); + return status; + } else { + printf("passed\n"); + } + + printf("testing for false positives in auth check..."); + + /* increment sequence number in header */ + hdr->seq++; + + /* set message length */ + len = msg_len_octets; + + /* apply protection */ + err_check(srtp_protect_rtcp(srtcp_sender, hdr, &len)); + + /* flip bits in packet */ + data[0] ^= 0xff; + + /* unprotect, and check for authentication failure */ + status = srtp_unprotect_rtcp(srtcp_rcvr, hdr, &len); + if (status != err_status_auth_fail) { + printf("failed\n"); + free(hdr); + free(hdr2); + return status; + } else { + printf("passed\n"); + } + + } + + err_check(srtp_dealloc(srtcp_sender)); + err_check(srtp_dealloc(srtcp_rcvr)); + + free(hdr); + free(hdr2); + return err_status_ok; +} + + +err_status_t +srtp_session_print_policy(srtp_t srtp) { + char *serv_descr[4] = { + "none", + "confidentiality", + "authentication", + "confidentiality and authentication" + }; + char *direction[3] = { + "unknown", + "outbound", + "inbound" + }; + srtp_stream_t stream; + + /* sanity checking */ + if (srtp == NULL) + return err_status_fail; + + /* if there's a template stream, print it out */ + if (srtp->stream_template != NULL) { + stream = srtp->stream_template; + printf("# SSRC: any %s\r\n" + "# rtp cipher: %s\r\n" + "# rtp auth: %s\r\n" + "# rtp services: %s\r\n" + "# rtcp cipher: %s\r\n" + "# rtcp auth: %s\r\n" + "# rtcp services: %s\r\n", + direction[stream->direction], + stream->rtp_cipher->type->description, + stream->rtp_auth->type->description, + serv_descr[stream->rtp_services], + stream->rtcp_cipher->type->description, + stream->rtcp_auth->type->description, + serv_descr[stream->rtcp_services]); + } + + /* loop over streams in session, printing the policy of each */ + stream = srtp->stream_list; + while (stream != NULL) { + if (stream->rtp_services > sec_serv_conf_and_auth) + return err_status_bad_param; + + printf("# SSRC: 0x%08x\r\n" + "# rtp cipher: %s\r\n" + "# rtp auth: %s\r\n" + "# rtp services: %s\r\n" + "# rtcp cipher: %s\r\n" + "# rtcp auth: %s\r\n" + "# rtcp services: %s\r\n", + stream->ssrc, + stream->rtp_cipher->type->description, + stream->rtp_auth->type->description, + serv_descr[stream->rtp_services], + stream->rtcp_cipher->type->description, + stream->rtcp_auth->type->description, + serv_descr[stream->rtcp_services]); + + /* advance to next stream in the list */ + stream = stream->next; + } + return err_status_ok; +} + +err_status_t +srtp_print_policy(const srtp_policy_t *policy) { + err_status_t status; + srtp_t session; + + status = srtp_create(&session, policy); + if (status) + return status; + status = srtp_session_print_policy(session); + if (status) + return status; + status = srtp_dealloc(session); + if (status) + return status; + return err_status_ok; +} + +/* + * srtp_print_packet(...) is for debugging only + * it prints an RTP packet to the stdout + * + * note that this function is *not* threadsafe + */ + +#include <stdio.h> + +#define MTU 2048 + +char packet_string[MTU]; + +char * +srtp_packet_to_string(srtp_hdr_t *hdr, int pkt_octet_len) { + int octets_in_rtp_header = 12; + uint8_t *data = ((uint8_t *)hdr)+octets_in_rtp_header; + int hex_len = pkt_octet_len-octets_in_rtp_header; + + /* sanity checking */ + if ((hdr == NULL) || (pkt_octet_len > MTU)) + return NULL; + + /* write packet into string */ + sprintf(packet_string, + "(s)rtp packet: {\n" + " version:\t%d\n" + " p:\t\t%d\n" + " x:\t\t%d\n" + " cc:\t\t%d\n" + " m:\t\t%d\n" + " pt:\t\t%x\n" + " seq:\t\t%x\n" + " ts:\t\t%x\n" + " ssrc:\t%x\n" + " data:\t%s\n" + "} (%d octets in total)\n", + hdr->version, + hdr->p, + hdr->x, + hdr->cc, + hdr->m, + hdr->pt, + hdr->seq, + hdr->ts, + hdr->ssrc, + octet_string_hex_string(data, hex_len), + pkt_octet_len); + + return packet_string; +} + +/* + * mips_estimate() is a simple function to estimate the number of + * instructions per second that the host can perform. note that this + * function can be grossly wrong; you may want to have a manual sanity + * check of its output! + * + * the 'ignore' pointer is there to convince the compiler to not just + * optimize away the function + */ + +double +mips_estimate(int num_trials, int *ignore) { + clock_t t; + int i, sum; + + sum = 0; + t = clock(); + for (i=0; i<num_trials; i++) + sum += i; + t = clock() - t; + +/* printf("%d\n", sum); */ + *ignore = sum; + + return (double) num_trials * CLOCKS_PER_SEC / t; +} + + +/* + * srtp_validate() verifies the correctness of libsrtp by comparing + * some computed packets against some pre-computed reference values. + * These packets were made with the default SRTP policy. + */ + + +err_status_t +srtp_validate() { + unsigned char test_key[30] = { + 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0, + 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39, + 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb, + 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6 + }; + uint8_t srtp_plaintext_ref[28] = { + 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, + 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab + }; + uint8_t srtp_plaintext[38] = { + 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, + 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + uint8_t srtp_ciphertext[38] = { + 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, + 0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c, + 0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15, + 0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc, + 0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb + }; + srtp_t srtp_snd, srtp_recv; + err_status_t status; + int len; + srtp_policy_t policy; + + /* + * create a session with a single stream using the default srtp + * policy and with the SSRC value 0xcafebabe + */ + crypto_policy_set_rtp_default(&policy.rtp); + crypto_policy_set_rtcp_default(&policy.rtcp); + policy.ssrc.type = ssrc_specific; + policy.ssrc.value = 0xcafebabe; + policy.key = test_key; + policy.next = NULL; + + status = srtp_create(&srtp_snd, &policy); + if (status) + return status; + + /* + * protect plaintext, then compare with ciphertext + */ + len = 28; + status = srtp_protect(srtp_snd, srtp_plaintext, &len); + if (status || (len != 38)) + return err_status_fail; + + debug_print(mod_driver, "ciphertext:\n %s", + octet_string_hex_string(srtp_plaintext, len)); + debug_print(mod_driver, "ciphertext reference:\n %s", + octet_string_hex_string(srtp_ciphertext, len)); + + if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) + return err_status_fail; + + /* + * create a receiver session context comparable to the one created + * above - we need to do this so that the replay checking doesn't + * complain + */ + status = srtp_create(&srtp_recv, &policy); + if (status) + return status; + + /* + * unprotect ciphertext, then compare with plaintext + */ + status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len); + if (status || (len != 28)) + return status; + + if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) + return err_status_fail; + + return err_status_ok; +} + + +err_status_t +srtp_create_big_policy(srtp_policy_t **list) { + extern const srtp_policy_t *policy_array[]; + srtp_policy_t *p, *tmp; + int i = 0; + uint32_t ssrc = 0; + + /* sanity checking */ + if ((list == NULL) || (policy_array[0] == NULL)) + return err_status_bad_param; + + /* + * loop over policy list, mallocing a new list and copying values + * into it (and incrementing the SSRC value as we go along) + */ + tmp = NULL; + while (policy_array[i] != NULL) { + p = (srtp_policy_t*) malloc(sizeof(srtp_policy_t)); + if (p == NULL) + return err_status_bad_param; + memcpy(p, policy_array[i], sizeof(srtp_policy_t)); + p->ssrc.type = ssrc_specific; + p->ssrc.value = ssrc++; + p->next = tmp; + tmp = p; + i++; + } + *list = p; + + return err_status_ok; +} + +err_status_t +srtp_test_remove_stream() { + err_status_t status; + srtp_policy_t *policy_list; + srtp_t session; + srtp_stream_t stream; + /* + * srtp_get_stream() is a libSRTP internal function that we declare + * here so that we can use it to verify the correct operation of the + * library + */ + extern srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc); + + + status = srtp_create_big_policy(&policy_list); + if (status) + return status; + + status = srtp_create(&session, policy_list); + if (status) + return status; + + /* + * check for false positives by trying to remove a stream that's not + * in the session + */ + status = srtp_remove_stream(session, htonl(0xaaaaaaaa)); + if (status != err_status_no_ctx) + return err_status_fail; + + /* + * check for false negatives by removing stream 0x1, then + * searching for streams 0x0 and 0x2 + */ + status = srtp_remove_stream(session, htonl(0x1)); + if (status != err_status_ok) + return err_status_fail; + stream = srtp_get_stream(session, htonl(0x0)); + if (stream == NULL) + return err_status_fail; + stream = srtp_get_stream(session, htonl(0x2)); + if (stream == NULL) + return err_status_fail; + + return err_status_ok; +} + +/* + * srtp policy definitions - these definitions are used above + */ + +unsigned char test_key[30] = { + 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0, + 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39, + 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb, + 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6 +}; + + +const srtp_policy_t default_policy = { + { ssrc_any_outbound, 0 }, /* SSRC */ + { /* SRTP policy */ + AES_128_ICM, /* cipher type */ + 30, /* cipher key length in octets */ + HMAC_SHA1, /* authentication func type */ + 16, /* auth key length in octets */ + 10, /* auth tag length in octets */ + sec_serv_conf_and_auth /* security services flag */ + }, + { /* SRTCP policy */ + AES_128_ICM, /* cipher type */ + 30, /* cipher key length in octets */ + HMAC_SHA1, /* authentication func type */ + 16, /* auth key length in octets */ + 10, /* auth tag length in octets */ + sec_serv_conf_and_auth /* security services flag */ + }, + test_key, + NULL +}; + +const srtp_policy_t aes_tmmh_policy = { + { ssrc_any_outbound, 0 }, /* SSRC */ + { + AES_128_ICM, /* cipher type */ + 30, /* cipher key length in octets */ + UST_TMMHv2, /* authentication func type */ + 94, /* auth key length in octets */ + 4, /* auth tag length in octets */ + sec_serv_conf_and_auth /* security services flag */ + }, + { + AES_128_ICM, /* cipher type */ + 30, /* cipher key length in octets */ + UST_TMMHv2, /* authentication func type */ + 94, /* auth key length in octets */ + 4, /* auth tag length in octets */ + sec_serv_conf_and_auth /* security services flag */ + }, + test_key, + NULL +}; + +const srtp_policy_t tmmh_only_policy = { + { ssrc_any_outbound, 0 }, /* SSRC */ + { + AES_128_ICM, /* cipher type */ + 30, /* cipher key length in octets */ + UST_TMMHv2, /* authentication func type */ + 94, /* auth key length in octets */ + 4, /* auth tag length in octets */ + sec_serv_auth /* security services flag */ + }, + { + AES_128_ICM, /* cipher type */ + 30, /* cipher key length in octets */ + UST_TMMHv2, /* authentication func type */ + 94, /* auth key length in octets */ + 4, /* auth tag length in octets */ + sec_serv_auth /* security services flag */ + }, + test_key, + NULL +}; + +const srtp_policy_t aes_only_policy = { + { ssrc_any_outbound, 0 }, /* SSRC */ + { + AES_128_ICM, /* cipher type */ + 30, /* cipher key length in octets */ + NULL_AUTH, /* authentication func type */ + 0, /* auth key length in octets */ + 0, /* auth tag length in octets */ + sec_serv_conf /* security services flag */ + }, + { + AES_128_ICM, /* cipher type */ + 30, /* cipher key length in octets */ + NULL_AUTH, /* authentication func type */ + 0, /* auth key length in octets */ + 0, /* auth tag length in octets */ + sec_serv_conf /* security services flag */ + }, + test_key, + NULL +}; + +const srtp_policy_t hmac_only_policy = { + { ssrc_any_outbound, 0 }, /* SSRC */ + { + NULL_CIPHER, /* cipher type */ + 0, /* cipher key length in octets */ + HMAC_SHA1, /* authentication func type */ + 20, /* auth key length in octets */ + 4, /* auth tag length in octets */ + sec_serv_auth /* security services flag */ + }, + { + NULL_CIPHER, /* cipher type */ + 0, /* cipher key length in octets */ + HMAC_SHA1, /* authentication func type */ + 20, /* auth key length in octets */ + 4, /* auth tag length in octets */ + sec_serv_auth /* security services flag */ + }, + test_key, + NULL +}; + +const srtp_policy_t null_policy = { + { ssrc_any_outbound, 0 }, /* SSRC */ + { + NULL_CIPHER, /* cipher type */ + 0, /* cipher key length in octets */ + NULL_AUTH, /* authentication func type */ + 0, /* auth key length in octets */ + 0, /* auth tag length in octets */ + sec_serv_none /* security services flag */ + }, + { + NULL_CIPHER, /* cipher type */ + 0, /* cipher key length in octets */ + NULL_AUTH, /* authentication func type */ + 0, /* auth key length in octets */ + 0, /* auth tag length in octets */ + sec_serv_none /* security services flag */ + }, + test_key, + NULL +}; + + +/* + * an array of pointers to the policies listed above + * + * This array is used to test various aspects of libSRTP for + * different cryptographic policies. The order of the elements + * matters - the timing test generates output that can be used + * in a plot (see the gnuplot script file 'timing'). If you + * add to this list, you should do it at the end. + */ + +#define USE_TMMH 0 + +const srtp_policy_t * +policy_array[] = { + &hmac_only_policy, +#if USE_TMMH + &tmmh_only_policy, +#endif + &aes_only_policy, +#if USE_TMMH + &aes_tmmh_policy, +#endif + &default_policy, + &null_policy, + NULL +}; + +const srtp_policy_t wildcard_policy = { + { ssrc_any_outbound, 0 }, /* SSRC */ + { /* SRTP policy */ + AES_128_ICM, /* cipher type */ + 30, /* cipher key length in octets */ + HMAC_SHA1, /* authentication func type */ + 16, /* auth key length in octets */ + 10, /* auth tag length in octets */ + sec_serv_conf_and_auth /* security services flag */ + }, + { /* SRTCP policy */ + AES_128_ICM, /* cipher type */ + 30, /* cipher key length in octets */ + HMAC_SHA1, /* authentication func type */ + 16, /* auth key length in octets */ + 10, /* auth tag length in octets */ + sec_serv_conf_and_auth /* security services flag */ + }, + test_key, + NULL +}; diff --git a/third_party/srtp/timing b/third_party/srtp/timing new file mode 100644 index 0000000..66b00c4 --- /dev/null +++ b/third_party/srtp/timing @@ -0,0 +1 @@ +# timing.plt
#
# gnuplot script file for plotting the output generated by srtp_driver -t
#
# David A. McGrew
# Cisco Systems, Inc.
#
set xrange [0:2500]
set term pict "Times-Roman" 9
#
# plot authentication-only data
#
set title "Authentication Only"
set ylabel "Megabits per second"
set xlabel "Octets in packet"
set yrange [0:2000]
set output "plot-auth.pict"
plot "timing.dat" index 0 title "HMAC SHA1" with lines, "timing.dat" index 1 title "TMMH/AES" with lines, "timing.dat" index 2 title "TMMH/SEAL" with lines
#
# plot encryption-only data
#
set title "Encryption Only"
set ylabel "Megabits per second"
set xlabel "Octets in packet"
set output "plot-enc.pict"
set yrange [0:1200]
plot "timing.dat" index 3 title "SEAL" with lines, "timing.dat" index 4 title "AES ICM" with lines
#
# plot encryption and authentication data
#
set title "Encryption and Authentication"
set ylabel "Megabits per second"
set xlabel "Octets in packet"
set yrange [0:1000]
set output "plot-enc-auth.pict"
plot "timing.dat" index 5 title "TMMH/SEAL" with lines, "timing.dat" index 6 title "TMMH/AES" with lines, "timing.dat" index 7 title "HMAC/AES" with lines
\ No newline at end of file diff --git a/third_party/srtp/undos.sh b/third_party/srtp/undos.sh new file mode 100644 index 0000000..db12064 --- /dev/null +++ b/third_party/srtp/undos.sh @@ -0,0 +1,10 @@ +#!/bin/sh +# +# usage: undos <file> +# +# strips CRs from a file - useful when moving DOS-created files +# onto UN*X machines + +cat $1 | tr -d "\r" > $1.tmp +mv $1.tmp $1 + diff --git a/third_party/srtp/update.sh b/third_party/srtp/update.sh new file mode 100644 index 0000000..595b647 --- /dev/null +++ b/third_party/srtp/update.sh @@ -0,0 +1,15 @@ +#!/bin/sh +# +# update.sh +# +# update copyright dates in files + +a=`find . -name "*.[ch]"` +for x in $a; do + sed 's/(c) 2001-2005/(c) 2001-2006/' $x > $x.tmp; + mv $x.tmp $x; +done + + + + |