diff options
author | Nanang Izzuddin <nanang@teluu.com> | 2016-03-15 03:57:39 +0000 |
---|---|---|
committer | Nanang Izzuddin <nanang@teluu.com> | 2016-03-15 03:57:39 +0000 |
commit | 26d978a556ae9099f6610ace9834991636e4a71b (patch) | |
tree | d8789c5afbe3920f3f7ef46ad73aa34f48173591 /third_party/srtp/crypto/rng | |
parent | 8b9358503884ec1901d807ff56c2fc588be896a2 (diff) |
Close #1847: Upgraded libsrtp version to 1.5.4 and added support for AES-CM-256 crypto.
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5261 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'third_party/srtp/crypto/rng')
-rw-r--r-- | third_party/srtp/crypto/rng/ctr_prng.c | 14 | ||||
-rw-r--r-- | third_party/srtp/crypto/rng/prng.c | 18 | ||||
-rw-r--r-- | third_party/srtp/crypto/rng/rand_source.c | 75 | ||||
-rw-r--r-- | third_party/srtp/crypto/rng/rand_source_ossl.c | 70 |
4 files changed, 120 insertions, 57 deletions
diff --git a/third_party/srtp/crypto/rng/ctr_prng.c b/third_party/srtp/crypto/rng/ctr_prng.c index ab76df36..e24b0aba 100644 --- a/third_party/srtp/crypto/rng/ctr_prng.c +++ b/third_party/srtp/crypto/rng/ctr_prng.c @@ -43,6 +43,10 @@ */ +#ifdef HAVE_CONFIG_H + #include <config.h> +#endif + #include "prng.h" /* single, global prng structure */ @@ -66,7 +70,11 @@ ctr_prng_init(rand_source_func_t random_source) { return status; /* initialize aes ctr context with random key */ - status = aes_icm_context_init(&ctr_prng.state, tmp_key); +#ifdef OPENSSL + status = aes_icm_openssl_context_init(&ctr_prng.state, tmp_key, 30); +#else + status = aes_icm_context_init(&ctr_prng.state, tmp_key, 30); +#endif if (status) return status; @@ -79,10 +87,8 @@ ctr_prng_get_octet_string(void *dest, uint32_t len) { /* * if we need to re-initialize the prng, do so now - * - * avoid 32-bit overflows by subtracting instead of adding */ - if (ctr_prng.octet_count > MAX_PRNG_OUT_LEN - len) { + if ((aes_icm_bytes_encrypted(&ctr_prng.state) + len) > 0xffff) { status = ctr_prng_init(ctr_prng.rand); if (status) return status; diff --git a/third_party/srtp/crypto/rng/prng.c b/third_party/srtp/crypto/rng/prng.c index 69350a48..208e2680 100644 --- a/third_party/srtp/crypto/rng/prng.c +++ b/third_party/srtp/crypto/rng/prng.c @@ -43,6 +43,10 @@ */ +#ifdef HAVE_CONFIG_H + #include <config.h> +#endif + #include "prng.h" /* single, global prng structure */ @@ -51,7 +55,7 @@ x917_prng_t x917_prng; err_status_t x917_prng_init(rand_source_func_t random_source) { - v128_t tmp_key; + uint8_t tmp_key[16]; err_status_t status; /* initialize output count to zero */ @@ -61,12 +65,12 @@ x917_prng_init(rand_source_func_t random_source) { x917_prng.rand = random_source; /* initialize secret key from random source */ - status = random_source((uint8_t *)&tmp_key, 16); + status = random_source(tmp_key, 16); if (status) return status; /* expand aes key */ - aes_expand_encryption_key(&tmp_key, x917_prng.key); + aes_expand_encryption_key(tmp_key, 16, &x917_prng.key); /* initialize prng state from random source */ status = x917_prng.rand((uint8_t *)&x917_prng.state, 16); @@ -108,7 +112,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) { v128_copy(&buffer, &x917_prng.state); /* apply aes to buffer */ - aes_encrypt(&buffer, x917_prng.key); + aes_encrypt(&buffer, &x917_prng.key); /* write data to output */ *dest++ = buffer.v8[0]; @@ -132,7 +136,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) { buffer.v32[0] ^= t; /* encrypt buffer */ - aes_encrypt(&buffer, x917_prng.key); + aes_encrypt(&buffer, &x917_prng.key); /* copy buffer into state */ v128_copy(&x917_prng.state, &buffer); @@ -150,7 +154,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) { v128_copy(&buffer, &x917_prng.state); /* apply aes to buffer */ - aes_encrypt(&buffer, x917_prng.key); + aes_encrypt(&buffer, &x917_prng.key); /* write data to output */ for (i=0; i < tail_len; i++) { @@ -163,7 +167,7 @@ x917_prng_get_octet_string(uint8_t *dest, uint32_t len) { buffer.v32[0] ^= t; /* encrypt buffer */ - aes_encrypt(&buffer, x917_prng.key); + aes_encrypt(&buffer, &x917_prng.key); /* copy buffer into state */ v128_copy(&x917_prng.state, &buffer); diff --git a/third_party/srtp/crypto/rng/rand_source.c b/third_party/srtp/crypto/rng/rand_source.c index 3d01d25a..1eb6fbb0 100644 --- a/third_party/srtp/crypto/rng/rand_source.c +++ b/third_party/srtp/crypto/rng/rand_source.c @@ -42,15 +42,14 @@ * */ -#include "srtp_config.h" +#include "config.h" -#if defined(DEV_URANDOM) || defined(PJ_DEV_URANDOM) +#ifdef DEV_URANDOM # include <fcntl.h> /* for open() */ # include <unistd.h> /* for close() */ -#elif (_MSC_VER >= 1400) -#define _CRT_RAND_S +#elif defined(HAVE_RAND_S) +# define _CRT_RAND_S # include <stdlib.h> -# include <stdio.h> #else # include <stdio.h> #endif @@ -87,18 +86,11 @@ rand_source_init(void) { dev_random_fdes = open(DEV_URANDOM, O_RDONLY); if (dev_random_fdes < 0) return err_status_init_fail; -#elif defined(PJ_DEV_URANDOM) - /* open random source for reading */ - dev_random_fdes = open(PJ_DEV_URANDOM, O_RDONLY); - if (dev_random_fdes < 0) { - err_report(3,"Ugh: /dev/urandom not present, using rand() instead"); - return err_status_ok; /* it's ok, it'll fallback to using rand() */ - } -#elif (_MSC_VER >= 1400) +#elif defined(HAVE_RAND_S) dev_random_fdes = RAND_SOURCE_READY; #else - /* no random source available; let the user know */
- err_report(err_level_info, "WARNING: no real random source present!\n"); + /* no random source available; let the user know */ + fprintf(stderr, "WARNING: no real random source present!\n"); dev_random_fdes = RAND_SOURCE_READY; #endif return err_status_ok; @@ -113,35 +105,32 @@ rand_source_get_octet_string(void *dest, uint32_t len) { * written */ #ifdef DEV_URANDOM - if (read(dev_random_fdes, dest, len) != len) - return err_status_fail; -#elif 0 && (_MSC_VER >= 1400) /* disabled rand_s, causing assertion 'rand_s not supported' in vs8 */ - unsigned int *dst = dest; + uint8_t *dst = (uint8_t *)dest; while (len) { - unsigned int val = 0; - errno_t err = rand_s(&val); - if (err != 0) - { - return err_status_fail; - } - - *dst++ = val; - len--; + ssize_t num_read = read(dev_random_fdes, dst, len); + if (num_read <= 0 || num_read > len) + return err_status_fail; + len -= num_read; + dst += num_read; } -#else +#elif defined(HAVE_RAND_S) uint8_t *dst = (uint8_t *)dest; -
-#ifdef PJ_DEV_URANDOM - /* First try with /dev/urandom, if it's opened */ - if (dev_random_fdes >= 0) { - if (read(dev_random_fdes, dest, len) == len) - return err_status_ok; /* success */ - }
-#endif + while (len) + { + unsigned int val; + errno_t err = rand_s(&val); + if (err != 0) + return err_status_fail; + + *dst++ = val & 0xff; + len--; + } +#else /* Generic C-library (rand()) version */ /* This is a random source of last resort */ + uint8_t *dst = (uint8_t *)dest; while (len) { int val = rand(); @@ -157,19 +146,13 @@ rand_source_get_octet_string(void *dest, uint32_t len) { err_status_t rand_source_deinit(void) { -#ifndef PJ_DEV_URANDOM if (dev_random_fdes < 0) return err_status_dealloc_fail; /* well, we haven't really failed, * * but there is something wrong */ +#ifdef DEV_URANDOM + close(dev_random_fdes); #endif -
-#if defined(DEV_URANDOM) || defined(PJ_DEV_URANDOM) - if (dev_random_fdes >= 0) - close(dev_random_fdes); - - dev_random_fdes = RAND_SOURCE_NOT_READY;
-#endif + dev_random_fdes = RAND_SOURCE_NOT_READY; return err_status_ok; } - diff --git a/third_party/srtp/crypto/rng/rand_source_ossl.c b/third_party/srtp/crypto/rng/rand_source_ossl.c new file mode 100644 index 00000000..4bca6ac8 --- /dev/null +++ b/third_party/srtp/crypto/rng/rand_source_ossl.c @@ -0,0 +1,70 @@ +/* + * rand_source_ossl.c + * + * implements a random source based on OpenSSL RAND_bytes() + * + * John A. Foley + * Cisco Systems, Inc. + */ +/* + * + * Copyright(c) 2013, Cisco Systems, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met:crypto/test/aes_calc.c + * + * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * Neither the name of the Cisco Systems, Inc. nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifdef HAVE_CONFIG_H + #include <config.h> +#endif + +#include "rand_source.h" +#include <openssl/rand.h> + + +err_status_t rand_source_init (void) +{ + return err_status_ok; +} + +err_status_t rand_source_get_octet_string (void *dest, uint32_t len) +{ + if (RAND_bytes(dest, len) == 1) { + return err_status_ok; + } else { + return err_status_fail; + } +} + +err_status_t rand_source_deinit (void) +{ + return err_status_ok; +} |