pax_global_header00006660000000000000000000000064131203110000014467gustar00rootroot0000000000000052 comment=93aba3e767502343c255fad8962dbf0ff29c4ca6 libsrtp-2.1.0/000077500000000000000000000000001312031100000131465ustar00rootroot00000000000000libsrtp-2.1.0/.gitignore000066400000000000000000000011701312031100000151350ustar00rootroot00000000000000# Misc crap *~ old old? *.pc # Object files *.o # Libraries *.lib *.a # Shared objects (inc. Windows DLLs) *.dll *.so *.so.* *.dylib # Executables *.exe *.out *.app # srtp things Debug Makefile Root autom4te.cache config.log config.status crypto/include/config.h crypto/test/aes_calc crypto/test/cipher_driver crypto/test/datatypes_driver crypto/test/env crypto/test/kernel_driver crypto/test/rand_gen crypto/test/sha1_driver crypto/test/stat_driver crypto/test/rand_gen_soak tables/aes_tables test/dtls_srtp_driver test/rdbx_driver test/replay_driver test/roc_driver test/rtp_decoder test/rtpw test/srtp_driver test/test_srtp libsrtp-2.1.0/.travis.yml000066400000000000000000000006121312031100000152560ustar00rootroot00000000000000sudo: false language: c cache: ccache osx_image: xcode8.2 compiler: - clang - gcc os: - linux - osx env: - CONFIGURE_FLAGS= - CONFIGURE_FLAGS=--enable-openssl matrix: exclude: - os: osx env: CONFIGURE_FLAGS=--enable-openssl before_script: - if [ $TRAVIS_OS_NAME == osx ]; then brew install ccache; fi script: - ./configure $CONFIGURE_FLAGS - make - make runtest libsrtp-2.1.0/CHANGES000066400000000000000000000131111312031100000141360ustar00rootroot00000000000000Changelog 2.1.0 Compatibility changes PR #253 - Cipher type cleanup for AES When libSRTP is compiled with OpenSSL and the AES 256 ICM cipher is used with RTCP an incorrect initialization vector is formed. This change will break backwards compatibility with older versions (1.5, 2.0) of libSRTP when using the AES 256 ICM cipher with OpenSSL for RTCP. PR #259 - Sequence number incorrectly masked for AES GCM IV The initialization vector for AES GCM encryption was incorrectly formed on little endian machines. This change will break backwards compatibility with older versions (1.5, 2.0) of libSRTP when using the AES GCM cipher for RTCP. PR #287 - Fix OOB read in key generation for encrypted headers with GCM ciphers Adds padding of GCM salt to the corresponding ICM length used for header encryption. This change will break backwards compatibility with version 2.0 of libSRTP when using the header encryption extension with the AES GCM cipher. Major changes PR #204 - OpenSSL performance improvements Changed key expansion to occur once per key instead of once per packet. PR #209 - Restore AES-192 under BoringSSL BoringSSL supports AES-192 and is now enabled in libSRTP. PR #224 - Master Key Identifiers (MKI) Support patch Adds MKI support with up to 4 keys. PR #234 - Report SSRC instead of srtp_stream_t in srtp_event_data_t srtp_stream_t is an opaque type making the event framework almost useless. Now the SSRC is returned instead for use as a key in the public API. PR #238 - Configure changes and improvements CFLAGS check more shell neutral, quotation fixes, always generate and install pkg-config file, improved OpenSSL discovery and linking, remove -fPIC flag on Windows, fix shared library generation under Cygwin, replace hardcoded CFLAGS with compiler checks, and regenerate configure after configure.in changes. PR #241 & PR #261 - Improved logging API to receive log messages from libSRTP Provides a logging API and the ability to enable logging to stdout and a file, as well as a switch to enable all internal debug modules. PR #289 - Added support for set and get the roll-over-counter Adds an API to set and get the ROC in an (S)RTP session. PR #304 - Fix (S)RTP and (S)RTCP for big endian machines The structures srtp_hdr_t, srtcp_hdr_t and srtcp_trailer_t were defined incorrectly on big endian systems. Other changes PR #149 - Don't create a symlink if there is no $(SHAREDLIBVERSION) PR #151 - Make srtp_driver compile for MIPS PR #160 - Use PKG_PROG_PKG_CONFIG to find correct pkg-config PR #167 - Additional RTCP and SRTCP tests PR #169 - Identified merge conflict created by commit 6b71fb9 PR #173 - Avoid error 'possibly undefined macro: AM_PROG_AR' PR #174 - Avoid warning 'The macro AC_TRY_LINK is obsolete.' PR #175 - Remove 2nd -fPIC PR #182 - Add a length check before reading packet data PR #191 - On debug, output correct endianness of SSRC PR #192 - Replace octet_string_is_eq with a constant-time implementation PR #195 - Add missing __cplusplus header guards PR #198 - Update sha1_driver.c to avoid memory leaks PR #202 - Add an explicit cast to avoid a printf format warning on macOS PR #205 - Update Windows build files to Visual Studio 2015 PR #207 - Fix to install-win.bat syntax, and add installation of x64 libraries PR #208 - Make replace_cipher and replace_auth public again PR #211 - Changes for OpenSSL 1.1.0 compatibility PR #213 - Add cast to `unsigned int` in call to printf in test PR #214 - Avoid empty initializer braces PR #222 - Fix issue: No consistency when use some srtp_* functions PR #231 - Advance version on master in preparation for 2.1 release PR #232 - Update Travis, do not build with OpenSSL on OSX PR #233 - crypto/replay/rdbx.c: Return type of srtp_index_guess from int to int32_t PR #236 - test/rtp_decoder.c: Removed superfluous conditional PR #237 - test/rtp_decoder.c: spring cleaning PR #239 - octet_string_set_to_zero() delegates to OPENSSL_cleanse() if available, if not it will use srtp_cleanse() to zero memory PR #243 - EKT is not really supported yet, remove from install PR #244 - Add simple error checking in timing test to avoid false results PR #245 - Add missing srtp_cipher_dealloc calls when test fails PR #246 - test/rtp_decoder: Add missing conditional PR #248 - New README.md that integrates intro, credits and references from /doc/ and is used to generate documentation PR #249 - Remove support for generic aesicm from configure.in PR #250 - Update README.md, incorrect tag for link PR #255 - Cleanup outdated comment related to MKI PR #258 - Add AES-GCM to DTLS-SRTP Protection Profiles PR #263 - Cleaning up and removing duplicated and outdated code PR #265 - Introduction of unit test framework: CUTest PR #267 - crypto/kernel/err.c: Include datatypes.h PR #272 - Reduce literal constants PR #273 - SRTP AEAD SRTCP initialization vector regression tests PR #274 - Update Travis build - add ccache PR #276 - Reference and docs updates PR #278 - Removed crypto/test/auth_driver.c and test/lfsr.c PR #279 - Bump copyright year PR #283 - Add missing docs in srtp.h PR #284 - Add strict-prototypes warning if supported PR #291 - Use const char * for srtp_set_debug_module() PR #294 - Fix incorrect result of rdb_increment on overflow PR #300 - Standalone tests PR #301 - Configure fixes PR #302 - Fix warning regarding unused variable PR #303 - Makefile.in: Add gnu as match for shared lib suffixlibsrtp-2.1.0/LICENSE000066400000000000000000000031161312031100000141540ustar00rootroot00000000000000/* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ libsrtp-2.1.0/Makefile.in000066400000000000000000000215651312031100000152240ustar00rootroot00000000000000# Makefile for secure rtp # # David A. McGrew # Cisco Systems, Inc. # targets: # # runtest runs test applications # test builds test applications # libsrtp2.a static library implementing srtp # libsrtp2.so shared library implementing srtp # clean removes objects, libs, and executables # distribution cleans and builds a .tgz # tags builds etags file from all .c and .h files USE_OPENSSL = @USE_OPENSSL@ HAVE_PCAP = @HAVE_PCAP@ .PHONY: all shared_library test all: test runtest: test @echo "running libsrtp2 test applications..." crypto/test/cipher_driver$(EXE) -v >/dev/null crypto/test/kernel_driver$(EXE) -v >/dev/null test/test_srtp$(EXE) >/dev/null test/rdbx_driver$(EXE) -v >/dev/null test/srtp_driver$(EXE) -v >/dev/null test/roc_driver$(EXE) -v >/dev/null test/replay_driver$(EXE) -v >/dev/null test/dtls_srtp_driver$(EXE) >/dev/null cd test; $(abspath $(srcdir))/test/rtpw_test.sh >/dev/null ifeq (1, $(USE_OPENSSL)) cd test; $(abspath $(srcdir))/test/rtpw_test_gcm.sh >/dev/null endif @echo "libsrtp2 test applications passed." $(MAKE) -C crypto runtest # makefile variables CC = @CC@ INCDIR = -Icrypto/include -I$(srcdir)/include -I$(srcdir)/crypto/include DEFS = @DEFS@ CPPFLAGS= @CPPFLAGS@ CFLAGS = @CFLAGS@ LIBS = @LIBS@ LDFLAGS = -L. @LDFLAGS@ COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS) SRTPLIB = -lsrtp2 AR = @AR@ RANLIB = @RANLIB@ INSTALL = @INSTALL@ # EXE defines the suffix on executables - it's .exe for Windows, and # null on linux, bsd, and OS X and other OSes. EXE = @EXE@ HMAC_OBJS = @HMAC_OBJS@ AES_ICM_OBJS = @AES_ICM_OBJS@ srcdir = @srcdir@ top_srcdir = @top_srcdir@ top_builddir = @top_builddir@ VPATH = @srcdir@ prefix = @prefix@ exec_prefix = @exec_prefix@ includedir = @includedir@ libdir = @libdir@ bindir = @bindir@ pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libsrtp2.pc SHAREDLIBVERSION = 1 ifneq (,$(or $(findstring linux,@host@), $(findstring gnu,@host@))) SHAREDLIB_DIR = $(libdir) SHAREDLIB_LDFLAGS = -shared -Wl,-soname,$@ SHAREDLIBSUFFIXNOVER = so SHAREDLIBSUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBVERSION) else ifneq (,$(or $(findstring cygwin,@host@), $(findstring mingw,@host@))) SHAREDLIB_DIR = $(bindir) SHAREDLIB_LDFLAGS = -shared -Wl,--out-implib,libsrtp2.dll.a SHAREDLIBVERSION = SHAREDLIBSUFFIXNOVER = dll SHAREDLIBSUFFIX = $(SHAREDLIBSUFFIXNOVER) else ifeq (darwin,$(findstring darwin,@host@)) SHAREDLIB_DIR = $(libdir) SHAREDLIB_LDFLAGS = -dynamiclib -twolevel_namespace -undefined dynamic_lookup \ -fno-common -headerpad_max_install_names -install_name $(libdir)/$@ SHAREDLIBSUFFIXNOVER = dylib SHAREDLIBSUFFIX = $(SHAREDLIBVERSION).$(SHAREDLIBSUFFIXNOVER) endif # implicit rules for object files and test apps %.o: %.c $(COMPILE) -c $< -o $@ %$(EXE): %.c $(COMPILE) $(LDFLAGS) $< -o $@ $(SRTPLIB) $(LIBS) ciphers = crypto/cipher/cipher.o crypto/cipher/null_cipher.o \ $(AES_ICM_OBJS) hashes = crypto/hash/null_auth.o crypto/hash/auth.o \ $(HMAC_OBJS) replay = crypto/replay/rdb.o crypto/replay/rdbx.o \ crypto/replay/ut_sim.o math = crypto/math/datatypes.o crypto/math/stat.o ust = crypto/ust/ust.o err = crypto/kernel/err.o kernel = crypto/kernel/crypto_kernel.o crypto/kernel/alloc.o \ crypto/kernel/key.o $(err) # $(ust) cryptobj = $(ciphers) $(hashes) $(math) $(kernel) $(replay) # libsrtp2.a (implements srtp processing) srtpobj = srtp/srtp.o srtp/ekt.o libsrtp2.a: $(srtpobj) $(cryptobj) $(gdoi) $(AR) cr libsrtp2.a $^ $(RANLIB) libsrtp2.a libsrtp2.$(SHAREDLIBSUFFIX): $(srtpobj) $(cryptobj) $(gdoi) $(CC) -shared -o $@ $(SHAREDLIB_LDFLAGS) \ $^ $(LDFLAGS) $(LIBS) if [ -n "$(SHAREDLIBVERSION)" ]; then \ ln -sfn $@ libsrtp2.$(SHAREDLIBSUFFIXNOVER); \ fi shared_library: libsrtp2.$(SHAREDLIBSUFFIX) libsrtp2.so: $(srtpobj) $(cryptobj) $(CC) -shared -Wl,-soname,libsrtp2.so \ -o libsrtp2.so $^ $(LDFLAGS) # test applications ifneq (1, $(USE_OPENSSL)) AES_CALC = crypto/test/aes_calc$(EXE) endif crypto_testapp = $(AES_CALC) crypto/test/cipher_driver$(EXE) \ crypto/test/datatypes_driver$(EXE) crypto/test/kernel_driver$(EXE) \ crypto/test/sha1_driver$(EXE) \ crypto/test/stat_driver$(EXE) testapp = $(crypto_testapp) test/srtp_driver$(EXE) test/replay_driver$(EXE) \ test/roc_driver$(EXE) test/rdbx_driver$(EXE) test/rtpw$(EXE) \ test/dtls_srtp_driver$(EXE) test/test_srtp$(EXE) ifeq (1, $(HAVE_PCAP)) testapp += test/rtp_decoder$(EXE) endif $(testapp): libsrtp2.a test/rtpw$(EXE): test/rtpw.c test/rtp.c test/util.c test/getopt_s.c \ crypto/math/datatypes.c $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) ifeq (1, $(HAVE_PCAP)) test/rtp_decoder$(EXE): test/rtp_decoder.c test/rtp.c test/util.c test/getopt_s.c \ crypto/math/datatypes.c $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) endif crypto/test/aes_calc$(EXE): crypto/test/aes_calc.c test/util.c $(COMPILE) -I$(srcdir)/test $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) test/test_srtp$(EXE): test/test_srtp.c $(COMPILE) -I$(srcdir)/test $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) crypto/test/datatypes_driver$(EXE): crypto/test/datatypes_driver.c test/util.c $(COMPILE) -I$(srcdir)/test $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) crypto/test/sha1_driver$(EXE): crypto/test/sha1_driver.c test/util.c $(COMPILE) -I$(srcdir)/test $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) test/srtp_driver$(EXE): test/srtp_driver.c test/util.c test/getopt_s.c $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) test/rdbx_driver$(EXE): test/rdbx_driver.c test/getopt_s.c $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) test/dtls_srtp_driver$(EXE): test/dtls_srtp_driver.c test/getopt_s.c test/util.c $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) crypto/test/cipher_driver$(EXE): crypto/test/cipher_driver.c test/getopt_s.c $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) crypto/test/kernel_driver$(EXE): crypto/test/kernel_driver.c test/getopt_s.c $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) crypto/test/rand_gen$(EXE): crypto/test/rand_gen.c test/getopt_s.c $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) crypto/test/rand_gen_soak$(EXE): crypto/test/rand_gen_soak.c test/getopt_s.c $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) test: $(testapp) @echo "Build done. Please run '$(MAKE) runtest' to run self tests." memtest: test/srtp_driver @test/srtp_driver -v -d "alloc" > tmp @grep freed tmp | wc -l > freed @grep allocated tmp | wc -l > allocated @echo "checking for memory leaks (only works with --enable-stdout)" cmp -s allocated freed @echo "passed (same number of alloc() and dealloc() calls found)" @rm freed allocated tmp # the target 'plot' runs the timing test (test/srtp_driver -t) then # uses gnuplot to produce plots of the results - see the script file # 'timing' plot: test/srtp_driver test/srtp_driver -t > timing.dat # bookkeeping: tags, clean, and distribution tags: etags */*.[ch] */*/*.[ch] # documentation - the target libsrtp2doc builds html documentation libsrtp2doc: $(MAKE) -C doc .PHONY: clean superclean distclean install install: $(INSTALL) -d $(DESTDIR)$(includedir)/srtp2 $(INSTALL) -d $(DESTDIR)$(libdir) cp $(srcdir)/include/srtp.h $(DESTDIR)$(includedir)/srtp2 cp $(srcdir)/crypto/include/cipher.h $(DESTDIR)$(includedir)/srtp2 cp $(srcdir)/crypto/include/auth.h $(DESTDIR)$(includedir)/srtp2 cp $(srcdir)/crypto/include/crypto_types.h $(DESTDIR)$(includedir)/srtp2 if [ -f libsrtp2.a ]; then cp libsrtp2.a $(DESTDIR)$(libdir)/; fi if [ -f libsrtp2.dll.a ]; then cp libsrtp2.dll.a $(DESTDIR)$(libdir)/; fi if [ -f libsrtp2.$(SHAREDLIBSUFFIX) ]; then \ $(INSTALL) -d $(DESTDIR)$(SHAREDLIB_DIR); \ cp libsrtp2.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/; \ cp libsrtp2.$(SHAREDLIBSUFFIXNOVER) $(DESTDIR)$(SHAREDLIB_DIR)/; \ if [ -n "$(SHAREDLIBVERSION)" ]; then \ ln -sfn libsrtp2.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp2.$(SHAREDLIBSUFFIXNOVER); \ fi; \ fi $(INSTALL) -d $(DESTDIR)$(pkgconfigdir) cp $(top_builddir)/$(pkgconfig_DATA) $(DESTDIR)$(pkgconfigdir)/ uninstall: rm -f $(DESTDIR)$(includedir)/srtp2/*.h rm -f $(DESTDIR)$(libdir)/libsrtp2.* -rmdir $(DESTDIR)$(includedir)/srtp2 rm -f $(DESTDIR)$(pkgconfigdir)/$(pkgconfig_DATA) clean: rm -rf $(cryptobj) $(srtpobj) TAGS \ libsrtp2.a libsrtp2.so libsrtp2.dll.a core *.core test/core for a in * */* */*/*; do \ if [ -f "$$a~" ] ; then rm -f $$a~; fi; \ done; for a in $(testapp); do rm -rf $$a$(EXE); done rm -rf *.pict *.jpg *.dat rm -rf freed allocated tmp $(MAKE) -C doc clean superclean: clean rm -rf crypto/include/config.h config.log config.cache config.status \ Makefile crypto/Makefile doc/Makefile \ .gdb_history test/.gdb_history .DS_Store rm -rf autom4te.cache distclean: superclean distname = libsrtp-$(shell cat VERSION) distribution: runtest superclean if ! [ -f VERSION ]; then exit 1; fi if [ -f ../$(distname).tgz ]; then \ mv ../$(distname).tgz ../$(distname).tgz.bak; \ fi cd ..; tar cvzf $(distname).tgz libsrtp # EOF libsrtp-2.1.0/README.md000066400000000000000000000505451312031100000144360ustar00rootroot00000000000000 # Introduction to libSRTP This package provides an implementation of the Secure Real-time Transport Protocol (SRTP), the Universal Security Transform (UST), and a supporting cryptographic kernel. The SRTP API is documented in include/srtp.h, and the library is in libsrtp2.a (after compilation). This document describes libSRTP, the Open Source Secure RTP library from Cisco Systems, Inc. RTP is the Real-time Transport Protocol, an IETF standard for the transport of real-time data such as telephony, audio, and video, defined by [RFC 3550](https://www.ietf.org/rfc/rfc3550.txt). Secure RTP (SRTP) is an RTP profile for providing confidentiality to RTP data and authentication to the RTP header and payload. SRTP is an IETF Standard, defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt), and was developed in the IETF Audio/Video Transport (AVT) Working Group. This library supports all of the mandatory features of SRTP, but not all of the optional features. See the [Supported Features](#supported-features) section for more detailed information. This document is also used to generate the documentation files in the /doc/ folder where a more detailed reference to the libSRTP API and related functions can be created (requires installing doxygen.). The reference material is created automatically from comments embedded in some of the C header files. The documentation is organized into modules in order to improve its clarity. These modules do not directly correspond to files. An underlying cryptographic kernel provides much of the basic functionality of libSRTP but is mostly undocumented because it does its work behind the scenes. -------------------------------------------------------------------------------- # Contact Us - [libsrtp@lists.packetizer.com](mailto:libsrtp@lists.packetizer.com) general mailing list for news / announcements / discussions. This is an open list, see [https://lists.packetizer.com/mailman/listinfo/libsrtp](https://lists.packetizer.com/mailman/listinfo/libsrtp) for singing up. - [libsrtp-security@lists.packetizer.com](mailto:libsrtp-security@lists.packetizer.com) for disclosing security issues to the libsrtp maintenance team. This is a closed list but anyone can send to it. -------------------------------------------------------------------------------- ## Contents - [Introduction to libSRTP](#introduction-to-libsrtp) - [Contact Us](#contact) - [Contents](#contents) - [License and Disclaimer](#license-and-disclaimer) - [libSRTP Overview](#libsrtp-overview) - [Secure RTP Background](#secure-rtp-background) - [Supported Features](#supported-features) - [Implementation Notes](#implementation-notes) - [Installing and Building libSRTP](#installing-and-building-libsrtp) - [Applications](#applications) - [Example Code](#example-code) - [Credits](#credits) - [References](#references) -------------------------------------------------------------------------------- # License and Disclaimer libSRTP is distributed under the following license, which is included in the source code distribution. It is reproduced in the manual in case you got the library from another source. > Copyright (c) 2001-2017 Cisco Systems, Inc. All rights reserved. > > Redistribution and use in source and binary forms, with or without > modification, are permitted provided that the following conditions > are met: > > - Redistributions of source code must retain the above copyright > notice, this list of conditions and the following disclaimer. > - Redistributions in binary form must reproduce the above copyright > notice, this list of conditions and the following disclaimer in > the documentation and/or other materials provided with the distribution. > - Neither the name of the Cisco Systems, Inc. nor the names of its > contributors may be used to endorse or promote products derived > from this software without specific prior written permission. > > THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS > FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE > COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, > INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES > (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR > SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) > HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, > STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) > ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED > OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- # libSRTP Overview libSRTP provides functions for protecting RTP and RTCP. RTP packets can be encrypted and authenticated (using the `srtp_protect()` function), turning them into SRTP packets. Similarly, SRTP packets can be decrypted and have their authentication verified (using the `srtp_unprotect()` function), turning them into RTP packets. Similar functions apply security to RTCP packets. The typedef `srtp_stream_t` points to a structure holding all of the state associated with an SRTP stream, including the keys and parameters for cipher and message authentication functions and the anti-replay data. A particular `srtp_stream_t` holds the information needed to protect a particular RTP and RTCP stream. This datatype is intentionally opaque in order to better seperate the libSRTP API from its implementation. Within an SRTP session, there can be multiple streams, each originating from a particular sender. Each source uses a distinct stream context to protect the RTP and RTCP stream that it is originating. The typedef `srtp_t` points to a structure holding all of the state associated with an SRTP session. There can be multiple stream contexts associated with a single `srtp_t`. A stream context cannot exist indepent from an `srtp_t`, though of course an `srtp_t` can be created that contains only a single stream context. A device participating in an SRTP session must have a stream context for each source in that session, so that it can process the data that it receives from each sender. In libSRTP, a session is created using the function `srtp_create()`. The policy to be implemented in the session is passed into this function as an `srtp_policy_t` structure. A single one of these structures describes the policy of a single stream. These structures can also be linked together to form an entire session policy. A linked list of `srtp_policy_t` structures is equivalent to a session policy. In such a policy, we refer to a single `srtp_policy_t` as an *element*. An `srtp_policy_t` strucutre contains two `crypto_policy_t` structures that describe the cryptograhic policies for RTP and RTCP, as well as the SRTP master key and the SSRC value. The SSRC describes what to protect (e.g. which stream), and the `crypto_policy_t` structures describe how to protect it. The key is contained in a policy element because it simplifies the interface to the library. In many cases, it is desirable to use the same cryptographic policies across all of the streams in a session, but to use a distinct key for each stream. A `crypto_policy_t` structure can be initialized by using either the `crypto_policy_set_rtp_default()` or `crypto_policy_set_rtcp_default()` functions, which set a crypto policy structure to the default policies for RTP and RTCP protection, respectively. -------------------------------------------------------------------------------- ## Secure RTP Background In this section we review SRTP and introduce some terms that are used in libSRTP. An RTP session is defined by a pair of destination transport addresses, that is, a network address plus a pair of UDP ports for RTP and RTCP. RTCP, the RTP control protocol, is used to coordinate between the participants in an RTP session, e.g. to provide feedback from receivers to senders. An *SRTP session* is similarly defined; it is just an RTP session for which the SRTP profile is being used. An SRTP session consists of the traffic sent to the SRTP or SRTCP destination transport addresses. Each participant in a session is identified by a synchronization source (SSRC) identifier. Some participants may not send any SRTP traffic; they are called receivers, even though they send out SRTCP traffic, such as receiver reports. RTP allows multiple sources to send RTP and RTCP traffic during the same session. The synchronization source identifier (SSRC) is used to distinguish these sources. In libSRTP, we call the SRTP and SRTCP traffic from a particular source a *stream*. Each stream has its own SSRC, sequence number, rollover counter, and other data. A particular choice of options, cryptographic mechanisms, and keys is called a *policy*. Each stream within a session can have a distinct policy applied to it. A session policy is a collection of stream policies. A single policy can be used for all of the streams in a given session, though the case in which a single *key* is shared across multiple streams requires care. When key sharing is used, the SSRC values that identify the streams **must** be distinct. This requirement can be enforced by using the convention that each SRTP and SRTCP key is used for encryption by only a single sender. In other words, the key is shared only across streams that originate from a particular device (of course, other SRTP participants will need to use the key for decryption). libSRTP supports this enforcement by detecting the case in which a key is used for both inbound and outbound data. -------------------------------------------------------------------------------- ## Supported Features This library supports all of the mandatory-to-implement features of SRTP (as defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt)). Some of these features can be selected (or de-selected) at run time by setting an appropriate policy; this is done using the structure `srtp_policy_t`. Some other behaviors of the protocol can be adapted by defining an approriate event handler for the exceptional events; see the SRTPevents section in the generated documentation. Some options that are described in the SRTP specification are not supported. This includes - key derivation rates other than zero, - the cipher F8, - the use of the packet index to select between master keys. The user should be aware that it is possible to misuse this libary, and that the result may be that the security level it provides is inadequate. If you are implementing a feature using this library, you will want to read the Security Considerations section of [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt). In addition, it is important that you read and understand the terms outlined in the [License and Disclaimer](#license-and-disclaimer) section. -------------------------------------------------------------------------------- ## Implementation Notes * The `srtp_protect()` function assumes that the buffer holding the rtp packet has enough storage allocated that the authentication tag can be written to the end of that packet. If this assumption is not valid, memory corruption will ensue. * Automated tests for the crypto functions are provided through the `cipher_type_self_test()` and `auth_type_self_test()` functions. These functions should be used to test each port of this code to a new platform. * Replay protection is contained in the crypto engine, and tests for it are provided. * This implementation provides calls to initialize, protect, and unprotect RTP packets, and makes as few as possible assumptions about how these functions will be called. For example, the caller is not expected to provide packets in order (though if they're called more than 65k out of sequence, synchronization will be lost). * The sequence number in the rtp packet is used as the low 16 bits of the sender's local packet index. Note that RTP will start its sequence number in a random place, and the SRTP layer just jumps forward to that number at its first invocation. An earlier version of this library used initial sequence numbers that are less than 32,768; this trick is no longer required as the `rdbx_estimate_index(...)` function has been made smarter. * The replay window for (S)RTCP is hardcoded to 128 bits in length. -------------------------------------------------------------------------------- # Installing and Building libSRTP To install libSRTP, download the latest release of the distribution from [https://github.com/cisco/libsrtp/releases](https://github.com/cisco/libsrtp/releases). You probably want to get the most recent release. Unpack the distribution and extract the source files; the directory into which the source files will go is named `libsrtp-A-B-C` where `A` is the version number, `B` is the major release number and `C` is the minor release number. libSRTP uses the GNU `autoconf` and `make` utilities (BSD make will not work; if both versions of make are on your platform, you can invoke GNU make as `gmake`.). In the `libsrtp` directory, run the configure script and then make: ~~~.txt ./configure [ options ] make ~~~ The configure script accepts the following options: Option | Description -------------------------------|-------------------- \-\-help \-h | Display help \-\-enable-debug-logging | Enable debug logging in all modules \-\-enable-log-stdout | Enable logging to stdout \-\-enable-openssl | Enable OpenSSL crypto engine \-\-enable-openssl-kdf | Enable OpenSSL KDF algorithm \-\-with-log-file | Use file for logging \-\-with-openssl-dir | Location of OpenSSL installation By default there is no log output, logging can be enabled to be output to stdout or a given file using the configure options. This package has been tested on the following platforms: Mac OS X (powerpc-apple-darwin1.4), Cygwin (i686-pc-cygwin), Solaris (sparc-sun-solaris2.6), RedHat Linux 7.1 and 9 (i686-pc-linux), and OpenBSD (sparc-unknown-openbsd2.7). -------------------------------------------------------------------------------- # Applications Several test drivers and a simple and portable srtp application are included in the `test/` subdirectory. Test driver | Function tested --------- | ------- kernel_driver | crypto kernel (ciphers, auth funcs, rng) srtp_driver | srtp in-memory tests (does not use the network) rdbx_driver | rdbx (extended replay database) roc_driver | extended sequence number functions replay_driver | replay database cipher_driver | ciphers auth_driver | hash functions The app `rtpw` is a simple rtp application which reads words from `/usr/dict/words` and then sends them out one at a time using [s]rtp. Manual srtp keying uses the -k option; automated key management using gdoi will be added later. usage: ~~~.txt rtpw [[-d ]* [-k|b [-a][-e ][-g]] [-s | -r] dest_ip dest_port] | [-l] ~~~ Either the -s (sender) or -r (receiver) option must be chosen. The values `dest_ip`, `dest_port` are the IP address and UDP port to which the dictionary will be sent, respectively. The options are: Option | Description --------- | ------- -s | (S)RTP sender - causes app to send words -r | (S)RTP receive - causes app to receive words -k | use SRTP master key , where the key is a hexadecimal (without the leading "0x") -b | same as -k but with base64 encoded key -e | encrypt/decrypt (for data confidentiality) (requires use of -k option as well) (use 128, 192, or 256 for keysize) -g | use AES-GCM mode (must be used with -e) -a | message authentication (requires use of -k option as well) -l | list the available debug modules -d | turn on debugging for module In order to get random 30-byte values for use as key/salt pairs , you can use the following bash function to format the output of `/dev/random` (where that device is available). ~~~.txt function randhex() { cat /dev/random | od --read-bytes=32 --width=32 -x | awk '{ print $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16 }' } ~~~ An example of an SRTP session using two rtpw programs follows: ~~~.txt set k=c1eec3717da76195bb878578790af71c4ee9f859e197a414a78d5abc7451 [sh1]$ test/rtpw -s -k $k -e 128 -a 0.0.0.0 9999 Security services: confidentiality message authentication set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451 setting SSRC to 2078917053 sending word: A sending word: a sending word: aa sending word: aal ... [sh2]$ test/rtpw -r -k $k -e 128 -a 0.0.0.0 9999 security services: confidentiality message authentication set master key/salt to C1EEC3717DA76195BB878578790AF71C/4EE9F859E197A414A78D5ABC7451 19 octets received from SSRC 2078917053 word: A 19 octets received from SSRC 2078917053 word: a 20 octets received from SSRC 2078917053 word: aa 21 octets received from SSRC 2078917053 word: aal ... ~~~ -------------------------------------------------------------------------------- ## Example Code This section provides a simple example of how to use libSRTP. The example code lacks error checking, but is functional. Here we assume that the value ssrc is already set to describe the SSRC of the stream that we are sending, and that the functions `get_rtp_packet()` and `send_srtp_packet()` are available to us. The former puts an RTP packet into the buffer and returns the number of octets written to that buffer. The latter sends the RTP packet in the buffer, given the length as its second argument. ~~~.c srtp_t session; srtp_policy_t policy; // Set key to predetermined value uint8_t key[30] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D}; // initialize libSRTP srtp_init(); // set policy to describe a policy for an SRTP stream crypto_policy_set_rtp_default(&policy.rtp); crypto_policy_set_rtcp_default(&policy.rtcp); policy.ssrc = ssrc; policy.key = key; policy.next = NULL; // allocate and initialize the SRTP session srtp_create(&session, &policy); // main loop: get rtp packets, send srtp packets while (1) { char rtp_buffer[2048]; unsigned len; len = get_rtp_packet(rtp_buffer); srtp_protect(session, rtp_buffer, &len); send_srtp_packet(rtp_buffer, len); } ~~~ -------------------------------------------------------------------------------- # Credits The original implementation and documentation of libSRTP was written by David McGrew of Cisco Systems, Inc. in order to promote the use, understanding, and interoperability of Secure RTP. Michael Jerris contributed support for building under MSVC. Andris Pavenis contributed many important fixes. Brian West contributed changes to enable dynamic linking. Yves Shumann reported documentation bugs. Randell Jesup contributed a working SRTCP implementation and other fixes. Steve Underwood contributed x86_64 portability changes. We also give thanks to Fredrik Thulin, Brian Weis, Mark Baugher, Jeff Chan, Bill Simon, Douglas Smith, Bill May, Richard Preistley, Joe Tardo and others for contributions, comments, and corrections. This reference material, when applicable, in this documenation was generated using the doxygen utility for automatic documentation of source code. Copyright 2001-2005 by David A. McGrew, Cisco Systems, Inc. -------------------------------------------------------------------------------- # References SRTP and ICM References September, 2005 Secure RTP is defined in [RFC 3711](https://www.ietf.org/rfc/rfc3711.txt). The counter mode definition is in Section 4.1.1. SHA-1 is defined in [FIPS PUB 180-4](http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf). HMAC is defined in [RFC 2104](https://www.ietf.org/rfc/rfc2104.txt) and HMAC-SHA1 test vectors are available in [RFC 2202](https://www.ietf.org/rfc/rfc2202.txt). AES-GCM usage in SRTP is defined in [RFC 7714](https://www.ietf.org/html/rfc7714) libsrtp-2.1.0/VERSION000066400000000000000000000000121312031100000142070ustar00rootroot000000000000002.1.0-pre libsrtp-2.1.0/config.guess000077500000000000000000001253651312031100000155020ustar00rootroot00000000000000#! /bin/sh # Attempt to guess a canonical system name. # Copyright 1992-2016 Free Software Foundation, Inc. timestamp='2016-05-15' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # # Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess # # Please send patches to . me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright 1992-2016 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" >&2 exit 1 ;; * ) break ;; esac done if test $# != 0; then echo "$me: too many arguments$help" >&2 exit 1 fi trap 'exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. # Portable tmp directory creation inspired by the Autoconf team. set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int x;" > $dummy.c ; for c in cc gcc c89 c99 ; do if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found ; fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown case "${UNAME_SYSTEM}" in Linux|GNU|GNU/*) # If the system lacks a compiler, then just pick glibc. # We could probably try harder. LIBC=gnu eval $set_cc_for_build cat <<-EOF > $dummy.c #include #if defined(__UCLIBC__) LIBC=uclibc #elif defined(__dietlibc__) LIBC=dietlibc #else LIBC=gnu #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` ;; esac # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward # compatibility and a consistent mechanism for selecting the # object file format. # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ /sbin/$sysctl 2>/dev/null || \ /usr/sbin/$sysctl 2>/dev/null || \ echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; earmv*) arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'` endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'` machine=${arch}${endian}-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently (or will in the future) and ABI. case "${UNAME_MACHINE_ARCH}" in earm*) os=netbsdelf ;; arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? os=netbsd else os=netbsdelf fi ;; *) os=netbsd ;; esac # Determine ABI tags. case "${UNAME_MACHINE_ARCH}" in earm*) expr='s/^earmv[0-9]/-eabi/;s/eb$//' abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"` ;; esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. case "${UNAME_VERSION}" in Debian*) release='-gnu' ;; *) release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}${abi}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; *:LibertyBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE} exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; *:SolidBSD:*:*) echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) echo powerpc-unknown-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; *:Sortix:*:*) echo ${UNAME_MACHINE}-unknown-sortix exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") UNAME_MACHINE=alpha ;; "EV4.5 (21064)") UNAME_MACHINE=alpha ;; "LCA4 (21066/21068)") UNAME_MACHINE=alpha ;; "EV5 (21164)") UNAME_MACHINE=alphaev5 ;; "EV5.6 (21164A)") UNAME_MACHINE=alphaev56 ;; "EV5.6 (21164PC)") UNAME_MACHINE=alphapca56 ;; "EV5.7 (21164PC)") UNAME_MACHINE=alphapca57 ;; "EV6 (21264)") UNAME_MACHINE=alphaev6 ;; "EV6.7 (21264A)") UNAME_MACHINE=alphaev67 ;; "EV6.8CB (21264C)") UNAME_MACHINE=alphaev68 ;; "EV6.8AL (21264B)") UNAME_MACHINE=alphaev68 ;; "EV6.8CX (21264D)") UNAME_MACHINE=alphaev68 ;; "EV6.9A (21264/EV69A)") UNAME_MACHINE=alphaev69 ;; "EV7 (21364)") UNAME_MACHINE=alphaev7 ;; "EV7.9 (21364A)") UNAME_MACHINE=alphaev79 ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 exit $exitcode ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition exit ;; *:z/VM:*:*) echo s390-ibm-zvmoe exit ;; *:OS400:*:*) echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 exit ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; s390x:SunOS:*:*) echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) echo i386-pc-auroraux${UNAME_RELEASE} exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build SUN_ARCH=i386 # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then SUN_ARCH=x86_64 fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} ;; sun4) echo sparc-sun-sunos${UNAME_RELEASE} ;; esac exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor # > m68000). The system name ranges from "MiNT" over "FreeMiNT" # to the lowercase version "mint" (or "freemint"). Finally # the system name "TOS" denotes a system which is actually not # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} exit ;; m68k:machten:*:*) echo m68k-apple-machten${UNAME_RELEASE} exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && SYSTEM_NAME=`$dummy $dummyarg` && { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ [ ${TARGET_BINARY_INTERFACE}x = x ] then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` then echo "$SYSTEM_NAME" else echo rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit ;; *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/lslpp ] ; then IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in 32) HP_ARCH=hppa2.0n ;; 64) HP_ARCH=hppa2.0w ;; '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 esac ;; esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #define _HPUX_SOURCE #include #include int main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); #endif long cpu = sysconf (_SC_CPU_VERSION); switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0"); break; case CPU_PA_RISC1_1: puts ("hppa1.1"); break; case CPU_PA_RISC2_0: #if defined(_SC_KERNEL_BITS) switch (bits) { case 64: puts ("hppa2.0w"); break; case 32: puts ("hppa2.0n"); break; default: puts ("hppa2.0"); break; } break; #else /* !defined(_SC_KERNEL_BITS) */ puts ("hppa2.0"); break; #endif default: puts ("hppa1.0"); break; } exit (0); } EOF (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac if [ ${HP_ARCH} = hppa2.0w ] then eval $set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler # generating 64-bit code. GNU and HP use different nomenclature: # # $ CC_FOR_BUILD=cc ./config.guess # => hppa2.0w-hp-hpux11.23 # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then HP_ARCH=hppa2.0w else HP_ARCH=hppa64 fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} exit ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` case ${UNAME_PROCESSOR} in amd64) echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; *:MINGW64*:*) echo ${UNAME_MACHINE}-pc-mingw64 exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; *:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; authenticamd | genuineintel | EM64T) echo x86_64-unknown-interix${UNAME_RELEASE} exit ;; IA64) echo ia64-unknown-interix${UNAME_RELEASE} exit ;; esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; 8664:Windows_NT:*) echo x86_64-pc-mks exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) echo x86_64-unknown-cygwin exit ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin exit ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; *:GNU:*:*) # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; aarch64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; PCA57) UNAME_MACHINE=alphapca56 ;; EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC=gnulibc1 ; fi echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arc:Linux:*:* | arceb:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then echo ${UNAME_MACHINE}-unknown-linux-${LIBC} else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi else echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf fi fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; cris:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; crisv32:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; e2k:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; frv:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; hexagon:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:Linux:*:*) echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; k1om:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef ${UNAME_MACHINE} #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; openrisc*:Linux:*:*) echo or1k-unknown-linux-${LIBC} exit ;; or32:Linux:*:* | or1k*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) echo sparc-unknown-linux-${LIBC} exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; *) echo hppa-unknown-linux-${LIBC} ;; esac exit ;; ppc64:Linux:*:*) echo powerpc64-unknown-linux-${LIBC} exit ;; ppc:Linux:*:*) echo powerpc-unknown-linux-${LIBC} exit ;; ppc64le:Linux:*:*) echo powerpc64le-unknown-linux-${LIBC} exit ;; ppcle:Linux:*:*) echo powerpcle-unknown-linux-${LIBC} exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux-${LIBC} exit ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; tile*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos exit ;; i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-unknown-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configure will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit ;; paragon:*:*:*) echo i860-intel-osf1 exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix exit ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; NCR*:*:4.2:* | MPRAS*:*:4.2:*) OS_REL='.3' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} exit ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. echo ${UNAME_MACHINE}-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; x86_64:Haiku:*:*) echo x86_64-unknown-haiku exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; SX-7:SUPER-UX:*:*) echo sx7-nec-superux${UNAME_RELEASE} exit ;; SX-8:SUPER-UX:*:*) echo sx8-nec-superux${UNAME_RELEASE} exit ;; SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; SX-ACE:SUPER-UX:*:*) echo sxace-nec-superux${UNAME_RELEASE} exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown eval $set_cc_for_build if test "$UNAME_PROCESSOR" = unknown ; then UNAME_PROCESSOR=powerpc fi if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then case $UNAME_PROCESSOR in i386) UNAME_PROCESSOR=x86_64 ;; powerpc) UNAME_PROCESSOR=powerpc64 ;; esac fi fi elif test "$UNAME_PROCESSOR" = i386 ; then # Avoid executing cc on OS X 10.9, as it ships with a stub # that puts up a graphical alert prompting to install # developer tools. Any system running Mac OS X 10.7 or # later (Darwin 11 and later) is required to have a 64-bit # processor. This is not true of the ARM version of Darwin # that Apple uses in portable devices. UNAME_PROCESSOR=x86_64 fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = x86; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; NEO-?:NONSTOP_KERNEL:*:*) echo neo-tandem-nsk${UNAME_RELEASE} exit ;; NSE-*:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. if test "$cputype" = 386; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 exit ;; *:TENEX:*:*) echo pdp10-unknown-tenex exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 exit ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 exit ;; *:ITS:*:*) echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} exit ;; *:DragonFly:*:*) echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` case "${UNAME_MACHINE}" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; esac ;; *:XENIX:*:SysV) echo i386-pc-xenix exit ;; i*86:skyos:*:*) echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'` exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; i*86:AROS:*:*) echo ${UNAME_MACHINE}-pc-aros exit ;; x86_64:VMkernel:*:*) echo ${UNAME_MACHINE}-unknown-esx exit ;; amd64:Isilon\ OneFS:*:*) echo x86_64-unknown-onefs exit ;; esac cat >&2 </dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` /bin/uname -X = `(/bin/uname -X) 2>/dev/null` hostinfo = `(hostinfo) 2>/dev/null` /bin/universe = `(/bin/universe) 2>/dev/null` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` /bin/arch = `(/bin/arch) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = ${UNAME_MACHINE} UNAME_RELEASE = ${UNAME_RELEASE} UNAME_SYSTEM = ${UNAME_SYSTEM} UNAME_VERSION = ${UNAME_VERSION} EOF exit 1 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: libsrtp-2.1.0/config.h_win32vc7000066400000000000000000000105051312031100000162270ustar00rootroot00000000000000/* Hacked config.h for Windows XP 32-bit & VC7 */ #ifdef (_MSC_VER >= 1400) # define HAVE_RAND_S 1 #endif /* Define if building for a CISC machine (e.g. Intel). */ #define CPU_CISC 1 /* Define if building for a RISC machine (assume slow byte access). */ #undef CPU_RISC /* Path to random device */ #undef DEV_URANDOM /* Define to enabled debug logging for all mudules. */ #undef ENABLE_DEBUG_LOGGING /* Logging statments will be writen to this file. */ #undef ERR_REPORTING_FILE /* Define to redirect logging to stdout. */ #undef ERR_REPORTING_STDOUT /* Define to 1 if you have the header file. */ #undef HAVE_ARPA_INET_H /* Define to 1 if you have the header file. */ #undef HAVE_BYTESWAP_H /* Define to 1 if you have the `inet_aton' function. */ #define HAVE_INET_ATON 1 /* Define to 1 if the system has the type `int16_t'. */ #undef HAVE_INT16_T /* Define to 1 if the system has the type `int32_t'. */ #undef HAVE_INT32_T /* Define to 1 if the system has the type `int8_t'. */ #undef HAVE_INT8_T /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H /* Define to 1 if you have the `socket' library (-lsocket). */ #undef HAVE_LIBSOCKET /* Define to 1 if you have the header file. */ #undef HAVE_MACHINE_TYPES_H /* Define to 1 if you have the header file. */ #define HAVE_MEMORY_H 1 /* Define to 1 if you have the header file. */ #undef HAVE_NETINET_IN_H /* Define to 1 if you have the `socket' function. */ #define HAVE_SOCKET 1 /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ #define HAVE_STDLIB_H 1 /* Define to 1 if you have the header file. */ #define HAVE_STRINGS_H 1 /* Define to 1 if you have the header file. */ #define HAVE_STRING_H 1 /* Define to 1 if you have the header file. */ #undef HAVE_SYS_INT_TYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SOCKET_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_UIO_H /* Define to 1 if the system has the type `uint16_t'. */ #undef HAVE_UINT16_T /* Define to 1 if the system has the type `uint32_t'. */ #undef HAVE_UINT32_T /* Define to 1 if the system has the type `uint64_t'. */ #undef HAVE_UINT64_T /* Define to 1 if the system has the type `uint8_t'. */ #undef HAVE_UINT8_T /* Define to 1 if you have the header file. */ #define HAVE_UNISTD_H 1 /* Define to 1 if you have the `usleep' function. */ #define HAVE_USLEEP 1 /* Define to 1 if you have the header file. */ #define HAVE_WINDOWS_H 1 /* Define to 1 if you have the header file. */ #define HAVE_WINSOCK2_H 1 /* Define to use X86 inlined assembly code */ #undef HAVE_X86 /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT /* Define to the full name of this package. */ #undef PACKAGE_NAME /* Define to the full name and version of this package. */ #undef PACKAGE_STRING /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME /* Define to the version of this package. */ #undef PACKAGE_VERSION /* The size of a `unsigned long', as computed by sizeof. */ #define SIZEOF_UNSIGNED_LONG 4 /* The size of a `unsigned long long', as computed by sizeof. */ #define SIZEOF_UNSIGNED_LONG_LONG 8 /* Define to use GDOI. */ #undef SRTP_GDOI /* Define to compile for kernel contexts. */ #undef SRTP_KERNEL /* Define to compile for Linux kernel context. */ #undef SRTP_KERNEL_LINUX /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS /* Define to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel and VAX). */ #undef WORDS_BIGENDIAN /* Define to empty if `const' does not conform to ANSI C. */ //#undef const /* Define to `__inline__' or `__inline' if that's what the C compiler calls it, or to nothing if 'inline' is not supported under any name. */ //#ifndef __cplusplus //#undef inline //#endif #define inline __inline /* Define to `unsigned' if does not define. */ //#undef size_t libsrtp-2.1.0/config.hw000066400000000000000000000116451312031100000147620ustar00rootroot00000000000000/* crypto/include/config.h. Generated by configure. */ /* config_in.h. Generated from configure.in by autoheader. */ #if (_MSC_VER >= 1400) # define HAVE_RAND_S 1 # define _CRT_RAND_S #endif /* Define if building for a CISC machine (e.g. Intel). */ #define CPU_CISC 1 /* Define if building for a RISC machine (assume slow byte access). */ /* #undef CPU_RISC */ /* Define to enabled debug logging for all mudules. */ #undef ENABLE_DEBUG_LOGGING /* Logging statments will be writen to this file. */ /* #undef ERR_REPORTING_FILE */ /* Define to redirect logging to stdout. */ #undef ERR_REPORTING_STDOUT /* Define to 1 if you have the header file. */ /* #undef HAVE_ARPA_INET_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_BYTESWAP_H */ /* Define to 1 if you have the `inet_aton' function. */ /* #undef HAVE_INET_ATON */ /* Define to 1 if the system has the type `int16_t'. */ #define HAVE_INT16_T 1 /* Define to 1 if the system has the type `int32_t'. */ #define HAVE_INT32_T 1 /* Define to 1 if the system has the type `int8_t'. */ #define HAVE_INT8_T 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_INTTYPES_H */ /* Define to 1 if you have the `socket' library (-lsocket). */ /* #undef HAVE_LIBSOCKET */ /* Define to 1 if you have the header file. */ /* #undef HAVE_MACHINE_TYPES_H */ /* Define to 1 if you have the header file. */ #define HAVE_MEMORY_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_NETINET_IN_H */ /* Define to 1 if you have the `socket' function. */ /* #undef HAVE_SOCKET */ /* Define to 1 if you have the header file. */ /* #undef HAVE_STDINT_H */ /* Define to 1 if you have the header file. */ #define HAVE_STDLIB_H 1 /* Define to 1 if you have the header file. */ #define HAVE_STRINGS_H 1 /* Define to 1 if you have the header file. */ #define HAVE_STRING_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_INT_TYPES_H */ /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_SOCKET_H */ /* Define to 1 if you have the header file. */ #define HAVE_SYS_STAT_H 1 /* Define to 1 if you have the header file. */ #define HAVE_SYS_TYPES_H 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_SYS_UIO_H */ /* Define to 1 if the system has the type `uint16_t'. */ #define HAVE_UINT16_T 1 /* Define to 1 if the system has the type `uint32_t'. */ #define HAVE_UINT32_T 1 /* Define to 1 if the system has the type `uint64_t'. */ #define HAVE_UINT64_T 1 /* Define to 1 if the system has the type `uint8_t'. */ #define HAVE_UINT8_T 1 /* Define to 1 if you have the header file. */ /* #undef HAVE_UNISTD_H */ /* Define to 1 if you have the `usleep' function. */ /* #undef HAVE_USLEEP */ /* Define to 1 if you have the header file. */ #define HAVE_WINDOWS_H 1 /* Define to 1 if you have the header file. */ #define HAVE_WINSOCK2_H 1 /* Define to use X86 inlined assembly code */ /* #undef HAVE_X86 */ /* Define to the address where bug reports for this package should be sent. */ #define PACKAGE_BUGREPORT "" /* Define to the full name of this package. */ #define PACKAGE_NAME "" /* Define to the full name and version of this package. */ #define PACKAGE_STRING "" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "" /* Define to the version of this package. */ #define PACKAGE_VERSION "" /* The size of a `unsigned long', as computed by sizeof. */ #define SIZEOF_UNSIGNED_LONG 4 /* The size of a `unsigned long long', as computed by sizeof. */ #define SIZEOF_UNSIGNED_LONG_LONG 8 /* Define to use GDOI. */ /* #undef SRTP_GDOI */ /* Define to compile for kernel contexts. */ /* #undef SRTP_KERNEL */ /* Define to compile for Linux kernel context. */ /* #undef SRTP_KERNEL_LINUX */ /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 /* Define to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel and VAX). */ /* #undef WORDS_BIGENDIAN */ /* Define to empty if `const' does not conform to ANSI C. */ /* #undef const */ /* Define 'inline' to nothing, since the MSVC compiler doesn't support it. */ #define inline /* Define to `unsigned' if does not define. */ /* #undef size_t */ #if (_MSC_VER >= 1400) // VC8+ #ifndef _CRT_SECURE_NO_DEPRECATE #define _CRT_SECURE_NO_DEPRECATE #endif #ifndef _CRT_NONSTDC_NO_DEPRECATE #define _CRT_NONSTDC_NO_DEPRECATE #endif #endif // VC8+ #ifndef uint32_t typedef unsigned __int8 uint8_t; typedef unsigned __int16 uint16_t; typedef unsigned __int32 uint32_t; typedef unsigned __int64 uint64_t; typedef __int8 int8_t; typedef __int16 int16_t; typedef __int32 int32_t; typedef __int64 int64_t; #endif #ifdef _MSC_VER #pragma warning(disable:4311) #endif libsrtp-2.1.0/config.sub000077500000000000000000001065131312031100000151370ustar00rootroot00000000000000#! /bin/sh # Configuration validation subroutine script. # Copyright 1992-2016 Free Software Foundation, Inc. timestamp='2016-05-10' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # Please send patches to . # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS Canonicalize a configuration name. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.sub ($timestamp) Copyright 1992-2016 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" exit 1 ;; *local*) # First pass through any local machine types. echo $1 exit ;; * ) break ;; esac done case $# in 0) echo "$me: missing argument$help" >&2 exit 1;; 1) ;; *) echo "$me: too many arguments$help" >&2 exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; android-linux) os=-linux-android basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple | -axis | -knuth | -cray | -microblaze*) os= basic_machine=$1 ;; -bluegene*) os=-cnk ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 ;; -scout) ;; -wrs) os=-vxworks basic_machine=$1 ;; -chorusos*) os=-chorusos basic_machine=$1 ;; -chorusrdb) os=-chorusrdb basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco6) os=-sco5v6 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5) os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5v6*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -udk*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*178) os=-lynxos178 ;; -lynx*5) os=-lynxos5 ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; -mint | -mint[0-9]*) basic_machine=m68k-atari os=-mint ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. 1750a | 580 \ | a29k \ | aarch64 | aarch64_be \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ | arc | arceb \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | avr | avr32 \ | ba \ | be32 | be64 \ | bfin \ | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ | e2k | epiphany \ | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ | k1om \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ | mips64octeon | mips64octeonel \ | mips64orion | mips64orionel \ | mips64r5900 | mips64r5900el \ | mips64vr | mips64vrel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ | mipsisa32r6 | mipsisa32r6el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ | mipsisa64r6 | mipsisa64r6el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipsr5900 | mipsr5900el \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ | nds32 | nds32le | nds32be \ | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ | open8 | or1k | or1knd | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ | riscv32 | riscv64 \ | rl78 | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu \ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ | visium \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown ;; c54x) basic_machine=tic54x-unknown ;; c55x) basic_machine=tic55x-unknown ;; c6x) basic_machine=tic6x-unknown ;; leon|leon[3-9]) basic_machine=sparc-$basic_machine ;; m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ;; ms1) basic_machine=mt-unknown ;; strongarm | thumb | xscale) basic_machine=arm-unknown ;; xgate) basic_machine=$basic_machine-unknown os=-none ;; xscaleeb) basic_machine=armeb-unknown ;; xscaleel) basic_machine=armel-unknown ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i*86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. 580-* \ | a29k-* \ | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | ba-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | e2k-* | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ | k1om-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ | microblaze-* | microblazeel-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ | mips64octeon-* | mips64octeonel-* \ | mips64orion-* | mips64orionel-* \ | mips64r5900-* | mips64r5900el-* \ | mips64vr-* | mips64vrel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ | mipsisa32r6-* | mipsisa32r6el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64r6-* | mipsisa64r6el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipsr5900-* | mipsr5900el-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nds32-* | nds32le-* | nds32be-* \ | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ | or1k*-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | pyramid-* \ | riscv32-* | riscv64-* \ | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tile*-* \ | tron-* \ | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ | visium-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-* | z80-*) ;; # Recognize the basic CPU types without company name, with glob match. xtensa*) basic_machine=$basic_machine-unknown ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) basic_machine=i386-unknown os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; a29khif) basic_machine=a29k-amd os=-udi ;; abacus) basic_machine=abacus-unknown ;; adobe68k) basic_machine=m68010-adobe os=-scout ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amd64) basic_machine=x86_64-pc ;; amd64-*) basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-unknown ;; amigaos | amigados) basic_machine=m68k-unknown os=-amigaos ;; amigaunix | amix) basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; apollo68bsd) basic_machine=m68k-apollo os=-bsd ;; aros) basic_machine=i386-pc os=-aros ;; asmjs) basic_machine=asmjs-unknown ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; blackfin) basic_machine=bfin-unknown os=-linux ;; blackfin-*) basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; bluegene*) basic_machine=powerpc-ibm os=-cnk ;; c54x-*) basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c55x-*) basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c6x-*) basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` ;; c90) basic_machine=c90-cray os=-unicos ;; cegcc) basic_machine=arm-unknown os=-cegcc ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | j90) basic_machine=j90-cray os=-unicos ;; craynv) basic_machine=craynv-cray os=-unicosmp ;; cr16 | cr16-*) basic_machine=cr16-unknown os=-elf ;; crds | unos) basic_machine=m68k-crds ;; crisv32 | crisv32-* | etraxfs*) basic_machine=crisv32-axis ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; crx) basic_machine=crx-unknown os=-elf ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; decsystem10* | dec10*) basic_machine=pdp10-dec os=-tops10 ;; decsystem20* | dec20*) basic_machine=pdp10-dec os=-tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; dicos) basic_machine=i686-pc os=-dicos ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; es1800 | OSE68k | ose68k | ose | OSE) basic_machine=m68k-ericsson os=-ose ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; go32) basic_machine=i386-pc os=-go32 ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; h8300xray) basic_machine=h8300-hitachi os=-xray ;; h8500hms) basic_machine=h8500-hitachi os=-hms ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) basic_machine=hppa1.1-hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; hppaosf) basic_machine=hppa1.1-hp os=-osf ;; hppro) basic_machine=hppa1.1-hp os=-proelf ;; i370-ibm* | ibm*) basic_machine=i370-ibm ;; i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; i386-vsta | vsta) basic_machine=i386-unknown os=-vsta ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; leon-*|leon[3-9]-*) basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` ;; m68knommu) basic_machine=m68k-unknown os=-linux ;; m68knommu-*) basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; microblaze*) basic_machine=microblaze-xilinx ;; mingw64) basic_machine=x86_64-pc os=-mingw64 ;; mingw32) basic_machine=i686-pc os=-mingw32 ;; mingw32ce) basic_machine=arm-unknown os=-mingw32ce ;; miniframe) basic_machine=m68000-convergent ;; *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) basic_machine=m68k-atari os=-mint ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; monitor) basic_machine=m68k-rom68k os=-coff ;; morphos) basic_machine=powerpc-unknown os=-morphos ;; moxiebox) basic_machine=moxie-unknown os=-moxiebox ;; msdos) basic_machine=i386-pc os=-msdos ;; ms1-*) basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; msys) basic_machine=i686-pc os=-msys ;; mvs) basic_machine=i370-ibm os=-mvs ;; nacl) basic_machine=le32-unknown os=-nacl ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; netbsd386) basic_machine=i386-unknown os=-netbsd ;; netwinder) basic_machine=armv4l-rebel os=-linux ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; necv70) basic_machine=v70-nec os=-sysv ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; mon960) basic_machine=i960-intel os=-mon960 ;; nonstopux) basic_machine=mips-compaq os=-nonstopux ;; np1) basic_machine=np1-gould ;; neo-tandem) basic_machine=neo-tandem ;; nse-tandem) basic_machine=nse-tandem ;; nsr-tandem) basic_machine=nsr-tandem ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf ;; openrisc | openrisc-*) basic_machine=or32-unknown ;; os400) basic_machine=powerpc-ibm os=-os400 ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose ;; os68k) basic_machine=m68k-none os=-os68k ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; parisc) basic_machine=hppa-unknown os=-linux ;; parisc-*) basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pc98) basic_machine=i386-pc ;; pc98-*) basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc ;; pentiumpro | p6 | 6x86 | athlon | athlon_*) basic_machine=i686-pc ;; pentiumii | pentium2 | pentiumiii | pentium3) basic_machine=i686-pc ;; pentium4) basic_machine=i786-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium4-*) basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; power) basic_machine=power-ibm ;; ppc | ppcbe) basic_machine=powerpc-unknown ;; ppc-* | ppcbe-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64le | powerpc64little | ppc64-le | powerpc64-little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; pw32) basic_machine=i586-unknown os=-pw32 ;; rdos | rdos64) basic_machine=x86_64-pc os=-rdos ;; rdos32) basic_machine=i386-pc os=-rdos ;; rom68k) basic_machine=m68k-rom68k os=-coff ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; s390 | s390-*) basic_machine=s390-ibm ;; s390x | s390x-*) basic_machine=s390x-ibm ;; sa29200) basic_machine=a29k-amd os=-udi ;; sb1) basic_machine=mipsisa64sb1-unknown ;; sb1el) basic_machine=mipsisa64sb1el-unknown ;; sde) basic_machine=mipsisa32-sde os=-elf ;; sei) basic_machine=mips-sei os=-seiux ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sh5el) basic_machine=sh5le-unknown ;; sh64) basic_machine=sh64-unknown ;; sparclite-wrs | simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; st2000) basic_machine=m68k-tandem ;; stratus) basic_machine=i860-stratus os=-sysv4 ;; strongarm-* | thumb-*) basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; sv1) basic_machine=sv1-cray os=-unicos ;; symmetry) basic_machine=i386-sequent os=-dynix ;; t3e) basic_machine=alphaev5-cray os=-unicos ;; t90) basic_machine=t90-cray os=-unicos ;; tile*) basic_machine=$basic_machine-unknown os=-linux-gnu ;; tx39) basic_machine=mipstx39-unknown ;; tx39el) basic_machine=mipstx39el-unknown ;; toad1) basic_machine=pdp10-xkl os=-tops20 ;; tower | tower-32) basic_machine=m68k-ncr ;; tpf) basic_machine=s390x-ibm os=-tpf ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; v810 | necv810) basic_machine=v810-nec os=-none ;; vaxv) basic_machine=vax-dec os=-sysv ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; w65*) basic_machine=w65-wdc os=-none ;; w89k-*) basic_machine=hppa1.1-winbond os=-proelf ;; xbox) basic_machine=i686-pc os=-mingw32 ;; xps | xps100) basic_machine=xps100-honeywell ;; xscale-* | xscalee[bl]-*) basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` ;; ymp) basic_machine=ymp-cray os=-unicos ;; z8k-*-coff) basic_machine=z8k-unknown os=-sim ;; z80-*-coff) basic_machine=z80-unknown os=-sim ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. w89k) basic_machine=hppa1.1-winbond ;; op50n) basic_machine=hppa1.1-oki ;; op60c) basic_machine=hppa1.1-oki ;; romp) basic_machine=romp-ibm ;; mmix) basic_machine=mmix-knuth ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp10) # there are many clones, so DEC is not a safe bet basic_machine=pdp10-unknown ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; mac | mpw | mac-mpw) basic_machine=m68k-apple ;; pmac | pmac-mpw) basic_machine=powerpc-apple ;; *-unknown) # Make sure to match an already-canonicalized machine name. ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -auroraux) os=-auroraux ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; -svr4*) os=-sysv4 ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* | -cloudabi* | -sortix* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \ | -onefs* | -tirtos* | -phoenix*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) case $basic_machine in x86-* | i*86-*) ;; *) os=-nto$os ;; esac ;; -nto-qnx*) ;; -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; -linux-dietlibc) os=-linux-dietlibc ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition ;; -os400*) os=-os400 ;; -wince*) os=-wince ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -atheos*) os=-atheos ;; -syllable*) os=-syllable ;; -386bsd) os=-bsd ;; -ctix* | -uts*) os=-sysv ;; -nova*) os=-rtmk-nova ;; -ns2 ) os=-nextstep2 ;; -nsk*) os=-nsk ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -tpf*) os=-tpf ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -ose*) os=-ose ;; -es1800*) os=-ose ;; -xenix) os=-xenix ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; -aros*) os=-aros ;; -zvmoe) os=-zvmoe ;; -dicos*) os=-dicos ;; -nacl*) ;; -ios) ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in score-*) os=-elf ;; spu-*) os=-elf ;; *-acorn) os=-riscix1.2 ;; arm*-rebel) os=-linux ;; arm*-semi) os=-aout ;; c4x-* | tic4x-*) os=-coff ;; c8051-*) os=-elf ;; hexagon-*) os=-elf ;; tic54x-*) os=-coff ;; tic55x-*) os=-coff ;; tic6x-*) os=-coff ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 ;; m68*-cisco) os=-aout ;; mep-*) os=-elf ;; mips*-cisco) os=-elf ;; mips*-*) os=-elf ;; or32-*) os=-coff ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-be) os=-beos ;; *-haiku) os=-haiku ;; *-ibm) os=-aix ;; *-knuth) os=-mmixware ;; *-wec) os=-proelf ;; *-winbond) os=-proelf ;; *-oki) os=-proelf ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) os=-amigaos ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f30[01]-fujitsu | f700-fujitsu) os=-uxpv ;; *-rom68k) os=-coff ;; *-*bug) os=-coff ;; *-apple) os=-macos ;; *-atari*) os=-mint ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -cnk*|-aix*) vendor=ibm ;; -beos*) vendor=be ;; -hpux*) vendor=hp ;; -mpeix*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs* | -opened*) vendor=ibm ;; -os400*) vendor=ibm ;; -ptx*) vendor=sequent ;; -tpf*) vendor=ibm ;; -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; -aux*) vendor=apple ;; -hms*) vendor=hitachi ;; -mpw* | -macos*) vendor=apple ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) vendor=atari ;; -vos*) vendor=stratus ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os exit # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: libsrtp-2.1.0/config_in.h000066400000000000000000000113141312031100000152520ustar00rootroot00000000000000/* config_in.h. Generated from configure.in by autoheader. */ /* Define if building universal (internal helper macro) */ #undef AC_APPLE_UNIVERSAL_BUILD /* Define if building for a CISC machine (e.g. Intel). */ #undef CPU_CISC /* Define if building for a RISC machine (assume slow byte access). */ #undef CPU_RISC /* Define to enabled debug logging for all mudules. */ #undef ENABLE_DEBUG_LOGGING /* Logging statments will be writen to this file. */ #undef ERR_REPORTING_FILE /* Define to redirect logging to stdout. */ #undef ERR_REPORTING_STDOUT /* Define to 1 if you have the header file. */ #undef HAVE_ARPA_INET_H /* Define to 1 if you have the header file. */ #undef HAVE_BYTESWAP_H /* Define to 1 if you have the `inet_aton' function. */ #undef HAVE_INET_ATON /* Define to 1 if the system has the type `int16_t'. */ #undef HAVE_INT16_T /* Define to 1 if the system has the type `int32_t'. */ #undef HAVE_INT32_T /* Define to 1 if the system has the type `int8_t'. */ #undef HAVE_INT8_T /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H /* Define to 1 if you have the `dl' library (-ldl). */ #undef HAVE_LIBDL /* Define to 1 if you have the `socket' library (-lsocket). */ #undef HAVE_LIBSOCKET /* Define to 1 if you have the `z' library (-lz). */ #undef HAVE_LIBZ /* Define to 1 if you have the header file. */ #undef HAVE_MACHINE_TYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H /* Define to 1 if you have the header file. */ #undef HAVE_NETINET_IN_H /* Define to 1 if you have the `pcap' library (-lpcap) */ #undef HAVE_PCAP /* Define to 1 if you have the `sigaction' function. */ #undef HAVE_SIGACTION /* Define to 1 if you have the `socket' function. */ #undef HAVE_SOCKET /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H /* Define to 1 if you have the header file. */ #undef HAVE_STRINGS_H /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_INT_TYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SOCKET_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_UIO_H /* Define to 1 if the system has the type `uint16_t'. */ #undef HAVE_UINT16_T /* Define to 1 if the system has the type `uint32_t'. */ #undef HAVE_UINT32_T /* Define to 1 if the system has the type `uint64_t'. */ #undef HAVE_UINT64_T /* Define to 1 if the system has the type `uint8_t'. */ #undef HAVE_UINT8_T /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H /* Define to 1 if you have the `usleep' function. */ #undef HAVE_USLEEP /* Define to 1 if you have the header file. */ #undef HAVE_WINDOWS_H /* Define to 1 if you have the header file. */ #undef HAVE_WINSOCK2_H /* Define to use X86 inlined assembly code */ #undef HAVE_X86 /* Define this to use OpenSSL crypto. */ #undef OPENSSL /* Define this to use OpenSSL KDF for SRTP. */ #undef OPENSSL_KDF /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT /* Define to the full name of this package. */ #undef PACKAGE_NAME /* Define to the full name and version of this package. */ #undef PACKAGE_STRING /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME /* Define to the home page for this package. */ #undef PACKAGE_URL /* Define to the version of this package. */ #undef PACKAGE_VERSION /* The size of `unsigned long', as computed by sizeof. */ #undef SIZEOF_UNSIGNED_LONG /* The size of `unsigned long long', as computed by sizeof. */ #undef SIZEOF_UNSIGNED_LONG_LONG /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel). */ #if defined AC_APPLE_UNIVERSAL_BUILD # if defined __BIG_ENDIAN__ # define WORDS_BIGENDIAN 1 # endif #else # ifndef WORDS_BIGENDIAN # undef WORDS_BIGENDIAN # endif #endif /* Define to empty if `const' does not conform to ANSI C. */ #undef const /* Define to `__inline__' or `__inline' if that's what the C compiler calls it, or to nothing if 'inline' is not supported under any name. */ #ifndef __cplusplus #undef inline #endif /* Define to `unsigned int' if does not define. */ #undef size_t libsrtp-2.1.0/configure000077500000000000000000006110521312031100000150620ustar00rootroot00000000000000#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.69 for libsrtp2 2.1.0. # # Report bugs to . # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Use a proper internal environment variable to ensure we don't fall # into an infinite loop, continuously re-executing ourselves. if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then _as_can_reexec=no; export _as_can_reexec; # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 as_fn_exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org and $0: https://github.com/cisco/libsrtp/issues about your $0: system, including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libsrtp2' PACKAGE_TARNAME='libsrtp2' PACKAGE_VERSION='2.1.0' PACKAGE_STRING='libsrtp2 2.1.0' PACKAGE_BUGREPORT='https://github.com/cisco/libsrtp/issues' PACKAGE_URL='' # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif #ifdef HAVE_STRING_H # if !defined STDC_HEADERS && defined HAVE_MEMORY_H # include # endif # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" ac_subst_vars='LTLIBOBJS LIBOBJS HAVE_PCAP HMAC_OBJS AES_ICM_OBJS USE_OPENSSL crypto_LIBS crypto_CFLAGS PKG_CONFIG_LIBDIR PKG_CONFIG_PATH PKG_CONFIG EXE host_os host_vendor host_cpu host build_os build_vendor build_cpu build EGREP GREP SED INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM RANLIB ac_ct_AR AR EXTRA_CFLAGS CPP OBJEXT EXEEXT ac_ct_CC CPPFLAGS LDFLAGS CFLAGS CC target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localedir libdir psdir pdfdir dvidir htmldir infodir docdir oldincludedir includedir localstatedir sharedstatedir sysconfdir datadir datarootdir libexecdir sbindir bindir program_transform_name prefix exec_prefix PACKAGE_URL PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking enable_debug_logging enable_openssl with_openssl_dir enable_openssl_kdf enable_log_stdout with_log_file ' ac_precious_vars='build_alias host_alias target_alias CC CFLAGS LDFLAGS LIBS CPPFLAGS CPP EXTRA_CFLAGS PKG_CONFIG PKG_CONFIG_PATH PKG_CONFIG_LIBDIR crypto_CFLAGS crypto_LIBS' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *=) ac_optarg= ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) as_fn_error $? "unrecognized option: \`$ac_option' Try \`$0 --help' for more information" ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi # Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. case $ac_val in */ ) ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` eval $ac_var=\$ac_val;; esac # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures libsrtp2 2.1.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/libsrtp2] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF System types: --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in short | recursive ) echo "Configuration of libsrtp2 2.1.0:";; esac cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-debug-logging Enable debug logging in all modules --enable-openssl compile in OpenSSL crypto engine --enable-openssl-kdf Use OpenSSL KDF algorithm --enable-log-stdout redirecting logging to stdout Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-openssl-dir Location of OpenSSL installation --with-log-file Use file for logging Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor EXTRA_CFLAGS C compiler flags appended to the regular C compiler flags instead of overriding them PKG_CONFIG path to pkg-config utility PKG_CONFIG_PATH directories to add to pkg-config's search path PKG_CONFIG_LIBDIR path overriding pkg-config's built-in search path crypto_CFLAGS C compiler flags for crypto, overriding pkg-config crypto_LIBS linker flags for crypto, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to . _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF libsrtp2 configure 2.1.0 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi ## ------------------------ ## ## Autoconf initialization. ## ## ------------------------ ## # ac_fn_c_try_compile LINENO # -------------------------- # Try to compile conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_compile # ac_fn_c_try_cpp LINENO # ---------------------- # Try to preprocess conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_cpp () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } > conftest.i && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_cpp # ac_fn_c_try_run LINENO # ---------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes # that executables *can* be run. ac_fn_c_try_run () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then : ac_retval=0 else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=$ac_status fi rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_run # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in # INCLUDES, setting the cache variable VAR accordingly. ac_fn_c_check_header_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_compile # ac_fn_c_check_type LINENO TYPE VAR INCLUDES # ------------------------------------------- # Tests whether TYPE exists after having included INCLUDES, setting cache # variable VAR accordingly. ac_fn_c_check_type () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof ($2)) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof (($2))) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else eval "$3=yes" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_type # ac_fn_c_compute_int LINENO EXPR VAR INCLUDES # -------------------------------------------- # Tries to find the compile-time value of EXPR in a program that includes # INCLUDES, setting VAR accordingly. Returns whether the value could be # computed ac_fn_c_compute_int () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) >= 0)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_lo=0 ac_mid=0 while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_hi=$ac_mid; break else as_fn_arith $ac_mid + 1 && ac_lo=$as_val if test $ac_lo -le $ac_mid; then ac_lo= ac_hi= break fi as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) < 0)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_hi=-1 ac_mid=-1 while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) >= $ac_mid)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_lo=$ac_mid; break else as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val if test $ac_mid -le $ac_hi; then ac_lo= ac_hi= break fi as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done else ac_lo= ac_hi= fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext # Binary search between lo and hi bounds. while test "x$ac_lo" != "x$ac_hi"; do as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_hi=$ac_mid else as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done case $ac_lo in #(( ?*) eval "$3=\$ac_lo"; ac_retval=0 ;; '') ac_retval=1 ;; esac else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 static long int longval () { return $2; } static unsigned long int ulongval () { return $2; } #include #include int main () { FILE *f = fopen ("conftest.val", "w"); if (! f) return 1; if (($2) < 0) { long int i = longval (); if (i != ($2)) return 1; fprintf (f, "%ld", i); } else { unsigned long int i = ulongval (); if (i != ($2)) return 1; fprintf (f, "%lu", i); } /* Do not output a trailing newline, as this causes \r\n confusion on some platforms. */ return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : echo >>conftest.val; read $3 &5 (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || test -x conftest$ac_exeext }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would # interfere with the next link command; also delete a directory that is # left behind by Apple's compiler. We do this before executing the actions. rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_link # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly ac_fn_c_check_func () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. For example, HP-UX 11i declares gettimeofday. */ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $2 (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $2 /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $2 (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$2 || defined __stub___$2 choke me #endif int main () { return $2 (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_func cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by libsrtp2 $as_me 2.1.0, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done { ac_configure_args0=; unset ac_configure_args0;} { ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo $as_echo "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo $as_echo "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then $as_echo "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then $as_echo "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo cat confdefs.h echo fi test "$ac_signal" != 0 && $as_echo "$as_me: caught signal $ac_signal" $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h $as_echo "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_URL "$PACKAGE_URL" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then # We do not want a PATH search for config.site. case $CONFIG_SITE in #(( -*) ac_site_file1=./$CONFIG_SITE;; */*) ac_site_file1=$CONFIG_SITE;; *) ac_site_file1=./$CONFIG_SITE;; esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site else ac_site_file1=$ac_default_prefix/share/config.site ac_site_file2=$ac_default_prefix/etc/config.site fi for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu EMPTY_CFLAGS="no" if test "x$CFLAGS" = "x"; then EMPTY_CFLAGS="yes" fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 for ac_option in --version -v -V -qversion; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then sed '10a\ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 $as_echo_n "checking whether the C compiler works... " >&6; } ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { { ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi if test -z "$ac_file"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables See \`config.log' for more details" "$LINENO" 5; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 $as_echo_n "checking for C compiler default output file name... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 $as_echo "$ac_file" >&6; } ac_exeext=$ac_cv_exeext rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 $as_echo_n "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 $as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { FILE *f = fopen ("conftest.out", "w"); return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF ac_clean_files="$ac_clean_files conftest.out" # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 $as_echo_n "checking whether we are cross compiling... " >&6; } if test "$cross_compiling" != yes; then { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if { ac_try='./conftest$ac_cv_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details" "$LINENO" 5; } fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 $as_echo "$cross_compiling" >&6; } rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 $as_echo_n "checking for suffix of object files... " >&6; } if ${ac_cv_objext+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 $as_echo "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } if ${ac_cv_c_compiler_gnu+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_compiler_gnu=yes else ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 $as_echo "$ac_cv_c_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 $as_echo_n "checking whether $CC accepts -g... " >&6; } if ${ac_cv_prog_cc_g+:} false; then : $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes else CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 $as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if ${ac_cv_prog_cc_c89+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include struct stat; /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_c89=$ac_arg fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 $as_echo "none needed" >&6; } ;; xno) { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 $as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac if test "x$ac_cv_prog_cc_c89" != xno; then : fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 $as_echo_n "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if ${ac_cv_prog_CPP+:} false; then : $as_echo_n "(cached) " >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 $as_echo "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details" "$LINENO" 5; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` if test -n "$ac_tool_prefix"; then for ac_prog in ar lib "link -lib" do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AR+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AR="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AR=$ac_cv_prog_AR if test -n "$AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 $as_echo "$AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AR" && break done fi if test -z "$AR"; then ac_ct_AR=$AR for ac_prog in ar lib "link -lib" do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_AR+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_AR="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 $as_echo "$ac_ct_AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_AR" && break done if test "x$ac_ct_AR" = x; then AR="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac AR=$ac_ct_AR fi fi : ${AR=ar} { $as_echo "$as_me:${as_lineno-$LINENO}: checking the archiver ($AR) interface" >&5 $as_echo_n "checking the archiver ($AR) interface... " >&6; } if ${am_cv_ar_interface+:} false; then : $as_echo_n "(cached) " >&6 else ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu am_cv_ar_interface=ar cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int some_variable = 0; _ACEOF if ac_fn_c_try_compile "$LINENO"; then : am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&5' { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5 (eval $am_ar_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test "$ac_status" -eq 0; then am_cv_ar_interface=ar else am_ar_try='$AR -NOLOGO -OUT:conftest.lib conftest.$ac_objext >&5' { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5 (eval $am_ar_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test "$ac_status" -eq 0; then am_cv_ar_interface=lib else am_cv_ar_interface=unknown fi fi rm -f conftest.lib libconftest.a fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_ar_interface" >&5 $as_echo "$am_cv_ar_interface" >&6; } case $am_cv_ar_interface in ar) ;; lib) # Microsoft lib, so override with the ar-lib wrapper script. # FIXME: It is wrong to rewrite AR. # But if we don't then we get into trouble of one sort or another. # A longer-term fix would be to have automake use am__AR in this case, # and then we could set am__AR="$am_aux_dir/ar-lib \$(AR)" or something # similar. AR="$am_aux_dir/ar-lib $AR" ;; unknown) as_fn_error $? "could not determine $AR interface" "$LINENO" 5 ;; esac if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 $as_echo "$RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_RANLIB"; then ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_RANLIB="ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 $as_echo "$ac_ct_RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_RANLIB" = x; then RANLIB=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac RANLIB=$ac_ct_RANLIB fi else RANLIB="$ac_cv_prog_RANLIB" fi ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f "$ac_dir/install.sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f "$ac_dir/shtool"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 $as_echo_n "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then if ${ac_cv_path_install+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in #(( ./ | .// | /[cC]/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else rm -rf conftest.one conftest.two conftest.dir echo one > conftest.one echo two > conftest.two mkdir conftest.dir if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && test -s conftest.one && test -s conftest.two && test -s conftest.dir/conftest.one && test -s conftest.dir/conftest.two then ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi fi done done ;; esac done IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 $as_echo "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 $as_echo_n "checking for a sed that does not truncate output... " >&6; } if ${ac_cv_path_SED+:} false; then : $as_echo_n "(cached) " >&6 else ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ for ac_i in 1 2 3 4 5 6 7; do ac_script="$ac_script$as_nl$ac_script" done echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed { ac_script=; unset ac_script;} if test -z "$SED"; then ac_path_SED_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_SED" || continue # Check for GNU ac_path_SED and select it if it is found. # Check for GNU $ac_path_SED case `"$ac_path_SED" --version 2>&1` in *GNU*) ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo '' >> "conftest.nl" "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_SED_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_SED="$ac_path_SED" ac_path_SED_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_SED_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_SED"; then as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 fi else ac_cv_path_SED=$SED fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 $as_echo "$ac_cv_path_SED" >&6; } SED="$ac_cv_path_SED" rm -f conftest.sed { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if ${ac_cv_path_GREP+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 $as_echo_n "checking for egrep... " >&6; } if ${ac_cv_path_EGREP+:} false; then : $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then ac_path_EGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_EGREP" || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_EGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 $as_echo_n "checking whether byte ordering is bigendian... " >&6; } if ${ac_cv_c_bigendian+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_c_bigendian=unknown # See if we're dealing with a universal compiler. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifndef __APPLE_CC__ not a universal capable compiler #endif typedef int dummy; _ACEOF if ac_fn_c_try_compile "$LINENO"; then : # Check for potential -arch flags. It is not universal unless # there are at least two -arch flags with different values. ac_arch= ac_prev= for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do if test -n "$ac_prev"; then case $ac_word in i?86 | x86_64 | ppc | ppc64) if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then ac_arch=$ac_word else ac_cv_c_bigendian=universal break fi ;; esac ac_prev= elif test "x$ac_word" = "x-arch"; then ac_prev=arch fi done fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_c_bigendian = unknown; then # See if sys/param.h defines the BYTE_ORDER macro. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { #if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ && LITTLE_ENDIAN) bogus endian macros #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : # It does; now see whether it defined to BIG_ENDIAN or not. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { #if BYTE_ORDER != BIG_ENDIAN not big endian #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_bigendian=yes else ac_cv_c_bigendian=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test $ac_cv_c_bigendian = unknown; then # See if defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { #if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) bogus endian macros #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : # It does; now see whether it defined to _BIG_ENDIAN or not. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { #ifndef _BIG_ENDIAN not big endian #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_bigendian=yes else ac_cv_c_bigendian=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test $ac_cv_c_bigendian = unknown; then # Compile a test program. if test "$cross_compiling" = yes; then : # Try to guess by grepping values from an object file. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ short int ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; short int ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; int use_ascii (int i) { return ascii_mm[i] + ascii_ii[i]; } short int ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; short int ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; int use_ebcdic (int i) { return ebcdic_mm[i] + ebcdic_ii[i]; } extern int foo; int main () { return use_ascii (foo) == use_ebcdic (foo); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then ac_cv_c_bigendian=yes fi if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then if test "$ac_cv_c_bigendian" = unknown; then ac_cv_c_bigendian=no else # finding both strings is unlikely to happen, but who knows? ac_cv_c_bigendian=unknown fi fi fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { /* Are we little or big endian? From Harbison&Steele. */ union { long int l; char c[sizeof (long int)]; } u; u.l = 1; return u.c[sizeof (long int) - 1] == 1; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_c_bigendian=no else ac_cv_c_bigendian=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 $as_echo "$ac_cv_c_bigendian" >&6; } case $ac_cv_c_bigendian in #( yes) $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h ;; #( no) ;; #( universal) $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h ;; #( *) as_fn_error $? "unknown endianness presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; esac # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 $as_echo_n "checking build system type... " >&6; } if ${ac_cv_build+:} false; then : $as_echo_n "(cached) " >&6 else ac_build_alias=$build_alias test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; *) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' set x $ac_cv_build shift build_cpu=$1 build_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: build_os=$* IFS=$ac_save_IFS case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 $as_echo_n "checking host system type... " >&6; } if ${ac_cv_host+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; *) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' set x $ac_cv_host shift host_cpu=$1 host_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: host_os=$* IFS=$ac_save_IFS case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac case $host_cpu in i*86 | x86_64 ) $as_echo "#define CPU_CISC 1" >>confdefs.h $as_echo "#define HAVE_X86 1" >>confdefs.h ;; * ) $as_echo "#define CPU_RISC 1" >>confdefs.h ;; esac case $host_os in *cygwin*|*mingw* ) EXE=.exe ;; * ) EXE="" ;; esac # define executable suffix; this is needed for `make clean' supported_cflags="" if test "$EMPTY_CFLAGS" = "no"; then supported_cflags="$CFLAGS" fi WERROR="" for w in -Werror -errwarn; do if test "x$WERROR" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC-c} accepts $w" >&5 $as_echo_n "checking whether ${CC-c} accepts $w... " >&6; } save_cflags="$CFLAGS" if test "x$CFLAGS" = "x"; then : CFLAGS="$w" else CFLAGS="$CFLAGS $w" fi cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main(void) { return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : WERROR="$w" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else CFLAGS="$save_cflags" { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC-c} accepts -fPIC" >&5 $as_echo_n "checking whether ${CC-c} accepts -fPIC... " >&6; } save_cflags="$CFLAGS" if test "x$CFLAGS" = "x"; then : CFLAGS="-fPIC" else CFLAGS="$CFLAGS -fPIC" fi cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main(void) { return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : if test "x$supported_cflags" = "x"; then : supported_cflags="-fPIC" else supported_cflags="$supported_cflags -fPIC" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else CFLAGS="$save_cflags" { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test "$EMPTY_CFLAGS" = "yes"; then for f in -Wall -pedantic -Wstrict-prototypes; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC-c} accepts $f" >&5 $as_echo_n "checking whether ${CC-c} accepts $f... " >&6; } save_cflags="$CFLAGS" if test "x$CFLAGS" = "x"; then : CFLAGS="$f" else CFLAGS="$CFLAGS $f" fi cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main(void) { return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : if test "x$supported_cflags" = "x"; then : supported_cflags="$f" else supported_cflags="$supported_cflags $f" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else CFLAGS="$save_cflags" { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done OOPT="" for f in -O4 -O3; do if test "x$OOPT" = "x"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC-c} accepts $f" >&5 $as_echo_n "checking whether ${CC-c} accepts $f... " >&6; } save_cflags="$CFLAGS" if test "x$CFLAGS" = "x"; then : CFLAGS="$f" else CFLAGS="$CFLAGS $f" fi cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main(void) { return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : if test "x$supported_cflags" = "x"; then : supported_cflags="$f" else supported_cflags="$supported_cflags $f" fi OOPT="$f" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else CFLAGS="$save_cflags" { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi done for f in -fexpensive-optimizations -funroll-loops; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC-c} accepts $f" >&5 $as_echo_n "checking whether ${CC-c} accepts $f... " >&6; } save_cflags="$CFLAGS" if test "x$CFLAGS" = "x"; then : CFLAGS="$f" else CFLAGS="$CFLAGS $f" fi cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main(void) { return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : if test "x$supported_cflags" = "x"; then : supported_cflags="$f" else supported_cflags="$supported_cflags $f" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else CFLAGS="$save_cflags" { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done fi for f in -Wno-language-extension-token; do { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC-c} accepts $f" >&5 $as_echo_n "checking whether ${CC-c} accepts $f... " >&6; } save_cflags="$CFLAGS" testf=$(echo "$f" | $SED 's|-Wno-\(.*\)|-W\1|g') if test "x$CFLAGS" = "x"; then : CFLAGS="$testf" else CFLAGS="$CFLAGS $testf" fi cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main(void) { return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : if test "x$supported_cflags" = "x"; then : supported_cflags="$f" else supported_cflags="$supported_cflags $f" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else CFLAGS="$save_cflags" { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done CFLAGS="$supported_cflags" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi for ac_header in unistd.h byteswap.h stdint.h sys/uio.h inttypes.h sys/types.h machine/types.h sys/int_types.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in sys/socket.h netinet/in.h arpa/inet.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in windows.h do : ac_fn_c_check_header_compile "$LINENO" "windows.h" "ac_cv_header_windows_h" "$ac_includes_default " if test "x$ac_cv_header_windows_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_WINDOWS_H 1 _ACEOF for ac_header in winsock2.h do : ac_fn_c_check_header_compile "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default " if test "x$ac_cv_header_winsock2_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_WINSOCK2_H 1 _ACEOF fi done fi done ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" "$ac_includes_default" if test "x$ac_cv_type_int8_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_INT8_T 1 _ACEOF fi ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" "$ac_includes_default" if test "x$ac_cv_type_uint8_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UINT8_T 1 _ACEOF fi ac_fn_c_check_type "$LINENO" "int16_t" "ac_cv_type_int16_t" "$ac_includes_default" if test "x$ac_cv_type_int16_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_INT16_T 1 _ACEOF fi ac_fn_c_check_type "$LINENO" "uint16_t" "ac_cv_type_uint16_t" "$ac_includes_default" if test "x$ac_cv_type_uint16_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UINT16_T 1 _ACEOF fi ac_fn_c_check_type "$LINENO" "int32_t" "ac_cv_type_int32_t" "$ac_includes_default" if test "x$ac_cv_type_int32_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_INT32_T 1 _ACEOF fi ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" "$ac_includes_default" if test "x$ac_cv_type_uint32_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UINT32_T 1 _ACEOF fi ac_fn_c_check_type "$LINENO" "uint64_t" "ac_cv_type_uint64_t" "$ac_includes_default" if test "x$ac_cv_type_uint64_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UINT64_T 1 _ACEOF fi # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5 $as_echo_n "checking size of unsigned long... " >&6; } if ${ac_cv_sizeof_unsigned_long+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long" "$ac_includes_default"; then : else if test "$ac_cv_type_unsigned_long" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (unsigned long) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_unsigned_long=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5 $as_echo "$ac_cv_sizeof_unsigned_long" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long _ACEOF # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. { $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long long" >&5 $as_echo_n "checking size of unsigned long long... " >&6; } if ${ac_cv_sizeof_unsigned_long_long+:} false; then : $as_echo_n "(cached) " >&6 else if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long long))" "ac_cv_sizeof_unsigned_long_long" "$ac_includes_default"; then : else if test "$ac_cv_type_unsigned_long_long" = yes; then { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (unsigned long long) See \`config.log' for more details" "$LINENO" 5; } else ac_cv_sizeof_unsigned_long_long=0 fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long_long" >&5 $as_echo "$ac_cv_sizeof_unsigned_long_long" >&6; } cat >>confdefs.h <<_ACEOF #define SIZEOF_UNSIGNED_LONG_LONG $ac_cv_sizeof_unsigned_long_long _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 $as_echo_n "checking for an ANSI C-conforming const... " >&6; } if ${ac_cv_c_const+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __cplusplus /* Ultrix mips cc rejects this sort of thing. */ typedef int charset[2]; const charset cs = { 0, 0 }; /* SunOS 4.1.1 cc rejects this. */ char const *const *pcpcc; char **ppc; /* NEC SVR4.0.2 mips cc rejects this. */ struct point {int x, y;}; static struct point const zero = {0,0}; /* AIX XL C 1.02.0.0 rejects this. It does not let you subtract one const X* pointer from another in an arm of an if-expression whose if-part is not a constant expression */ const char *g = "string"; pcpcc = &g + (g ? g-g : 0); /* HPUX 7.0 cc rejects these. */ ++pcpcc; ppc = (char**) pcpcc; pcpcc = (char const *const *) ppc; { /* SCO 3.2v4 cc rejects this sort of thing. */ char tx; char *t = &tx; char const *s = 0 ? (char *) 0 : (char const *) 0; *t++ = 0; if (s) return 0; } { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ int x[] = {25, 17}; const int *foo = &x[0]; ++foo; } { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ typedef const int *iptr; iptr p = 0; ++p; } { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ struct s { int j; const int *ap[3]; } bx; struct s *b = &bx; b->j = 5; } { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ const int foo = 10; if (!foo) return 0; } return !cs[0] && !zero.x; #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_const=yes else ac_cv_c_const=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 $as_echo "$ac_cv_c_const" >&6; } if test $ac_cv_c_const = no; then $as_echo "#define const /**/" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 $as_echo_n "checking for inline... " >&6; } if ${ac_cv_c_inline+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifndef __cplusplus typedef int foo_t; static $ac_kw foo_t static_foo () {return 0; } $ac_kw foo_t foo () {return 0; } #endif _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_inline=$ac_kw fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext test "$ac_cv_c_inline" != no && break done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 $as_echo "$ac_cv_c_inline" >&6; } case $ac_cv_c_inline in inline | yes) ;; *) case $ac_cv_c_inline in no) ac_val=;; *) ac_val=$ac_cv_c_inline;; esac cat >>confdefs.h <<_ACEOF #ifndef __cplusplus #define inline $ac_val #endif _ACEOF ;; esac ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" if test "x$ac_cv_type_size_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define size_t unsigned int _ACEOF fi for ac_func in socket inet_aton usleep sigaction do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done if test "x$ac_cv_func_socket" = "xno"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5 $as_echo_n "checking for socket in -lsocket... " >&6; } if ${ac_cv_lib_socket_socket+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char socket (); int main () { return socket (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_socket_socket=yes else ac_cv_lib_socket_socket=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket" >&5 $as_echo "$ac_cv_lib_socket_socket" >&6; } if test "x$ac_cv_lib_socket_socket" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBSOCKET 1 _ACEOF LIBS="-lsocket $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lwsock32" >&5 $as_echo_n "checking for socket in -lwsock32... " >&6; } SAVELIBS="$LIBS" LIBS="$LIBS -lwsock32" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main(void) { int fd = socket(0, 0, 0); if (fd < 0) return -1; else return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_func_socket=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else LIBS="$SAVELIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable debug logging in all modules" >&5 $as_echo_n "checking whether to enable debug logging in all modules... " >&6; } # Check whether --enable-debug-logging was given. if test "${enable_debug_logging+set}" = set; then : enableval=$enable_debug_logging; else enable_debug_logging=no fi if test "$enable_debug_logging" = "yes"; then $as_echo "#define ENABLE_DEBUG_LOGGING 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_debug_logging" >&5 $as_echo "$enable_debug_logging" >&6; } if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_PKG_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else case $PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi PKG_CONFIG=$ac_cv_path_PKG_CONFIG if test -n "$PKG_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 $as_echo "$PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_path_PKG_CONFIG"; then ac_pt_PKG_CONFIG=$PKG_CONFIG # Extract the first word of "pkg-config", so it can be a program name with args. set dummy pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else case $ac_pt_PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG if test -n "$ac_pt_PKG_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 $as_echo "$ac_pt_PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_pt_PKG_CONFIG" = x; then PKG_CONFIG="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac PKG_CONFIG=$ac_pt_PKG_CONFIG fi else PKG_CONFIG="$ac_cv_path_PKG_CONFIG" fi fi if test -n "$PKG_CONFIG"; then _pkg_min_version=0.9.0 { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 $as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } PKG_CONFIG="" fi fi if test "x$PKG_CONFIG" != "x"; then : PKG_CONFIG="$PKG_CONFIG --static" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to leverage OpenSSL crypto" >&5 $as_echo_n "checking whether to leverage OpenSSL crypto... " >&6; } # Check whether --enable-openssl was given. if test "${enable_openssl+set}" = set; then : enableval=$enable_openssl; else enable_openssl=no fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_openssl" >&5 $as_echo "$enable_openssl" >&6; } if test "$enable_openssl" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for user specified OpenSSL directory" >&5 $as_echo_n "checking for user specified OpenSSL directory... " >&6; } # Check whether --with-openssl-dir was given. if test "${with_openssl_dir+set}" = set; then : withval=$with_openssl_dir; if test "x$PKG_CONFIG" != "x" && test -f $with_openssl_dir/lib/pkgconfig/libcrypto.pc; then if test "x$PKG_CONFIG_PATH" = "x"; then export PKG_CONFIG_PATH="$with_openssl_dir/lib/pkgconfig" else export PKG_CONFIG_PATH="$with_openssl_dir/lib/pkgconfig:$PKG_CONFIG_PATH" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_openssl_dir" >&5 $as_echo "$with_openssl_dir" >&6; } elif test -d $with_openssl_dir/lib; then CFLAGS="$CFLAGS -I$with_openssl_dir/include" if test "x$LDFLAGS" = "x"; then LDFLAGS="-L$with_openssl_dir/lib" else LDFLAGS="$LDFLAGS -L$with_openssl_dir/lib" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_openssl_dir" >&5 $as_echo "$with_openssl_dir" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: invalid" >&5 $as_echo "invalid" >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "Invalid OpenSSL location: $with_openssl_dir See \`config.log' for more details" "$LINENO" 5; } fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$PKG_CONFIG" != "x"; then pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for crypto" >&5 $as_echo_n "checking for crypto... " >&6; } if test -n "$crypto_CFLAGS"; then pkg_cv_crypto_CFLAGS="$crypto_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto >= 1.0.1\""; } >&5 ($PKG_CONFIG --exists --print-errors "libcrypto >= 1.0.1") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_crypto_CFLAGS=`$PKG_CONFIG --cflags "libcrypto >= 1.0.1" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes fi else pkg_failed=untried fi if test -n "$crypto_LIBS"; then pkg_cv_crypto_LIBS="$crypto_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcrypto >= 1.0.1\""; } >&5 ($PKG_CONFIG --exists --print-errors "libcrypto >= 1.0.1") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_crypto_LIBS=`$PKG_CONFIG --libs "libcrypto >= 1.0.1" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes else pkg_failed=yes fi else pkg_failed=untried fi if test $pkg_failed = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then crypto_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libcrypto >= 1.0.1" 2>&1` else crypto_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libcrypto >= 1.0.1" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$crypto_PKG_ERRORS" >&5 as_fn_error $? "Package requirements (libcrypto >= 1.0.1) were not met: $crypto_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables crypto_CFLAGS and crypto_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details." "$LINENO" 5 elif test $pkg_failed = untried; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. Alternatively, you may set the environment variables crypto_CFLAGS and crypto_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. To get pkg-config, see . See \`config.log' for more details" "$LINENO" 5; } else crypto_CFLAGS=$pkg_cv_crypto_CFLAGS crypto_LIBS=$pkg_cv_crypto_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } CFLAGS="$CFLAGS $crypto_CFLAGS" LIBS="$crypto_LIBS $LIBS" fi else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if ${ac_cv_lib_dl_dlopen+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBDL 1 _ACEOF LIBS="-ldl $LIBS" else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: can't find libdl" >&5 $as_echo "$as_me: WARNING: can't find libdl" >&2;} fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inflate in -lz" >&5 $as_echo_n "checking for inflate in -lz... " >&6; } if ${ac_cv_lib_z_inflate+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lz $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char inflate (); int main () { return inflate (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_z_inflate=yes else ac_cv_lib_z_inflate=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflate" >&5 $as_echo "$ac_cv_lib_z_inflate" >&6; } if test "x$ac_cv_lib_z_inflate" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBZ 1 _ACEOF LIBS="-lz $LIBS" else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: can't find libz" >&5 $as_echo "$as_me: WARNING: can't find libz" >&2;} fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_EncryptInit" >&5 $as_echo_n "checking for library containing EVP_EncryptInit... " >&6; } if ${ac_cv_search_EVP_EncryptInit+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char EVP_EncryptInit (); int main () { return EVP_EncryptInit (); ; return 0; } _ACEOF for ac_lib in '' crypto; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_EVP_EncryptInit=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_EVP_EncryptInit+:} false; then : break fi done if ${ac_cv_search_EVP_EncryptInit+:} false; then : else ac_cv_search_EVP_EncryptInit=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_EncryptInit" >&5 $as_echo "$ac_cv_search_EVP_EncryptInit" >&6; } ac_res=$ac_cv_search_EVP_EncryptInit if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "can't find openssl >= 1.0.1 crypto lib See \`config.log' for more details" "$LINENO" 5; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_aes_128_ctr" >&5 $as_echo_n "checking for library containing EVP_aes_128_ctr... " >&6; } if ${ac_cv_search_EVP_aes_128_ctr+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char EVP_aes_128_ctr (); int main () { return EVP_aes_128_ctr (); ; return 0; } _ACEOF for ac_lib in '' crypto; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_EVP_aes_128_ctr=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_EVP_aes_128_ctr+:} false; then : break fi done if ${ac_cv_search_EVP_aes_128_ctr+:} false; then : else ac_cv_search_EVP_aes_128_ctr=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_aes_128_ctr" >&5 $as_echo "$ac_cv_search_EVP_aes_128_ctr" >&6; } ac_res=$ac_cv_search_EVP_aes_128_ctr if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "can't find openssl >= 1.0.1 crypto lib See \`config.log' for more details" "$LINENO" 5; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_aes_128_gcm" >&5 $as_echo_n "checking for library containing EVP_aes_128_gcm... " >&6; } if ${ac_cv_search_EVP_aes_128_gcm+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char EVP_aes_128_gcm (); int main () { return EVP_aes_128_gcm (); ; return 0; } _ACEOF for ac_lib in '' crypto; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_EVP_aes_128_gcm=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_EVP_aes_128_gcm+:} false; then : break fi done if ${ac_cv_search_EVP_aes_128_gcm+:} false; then : else ac_cv_search_EVP_aes_128_gcm=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_aes_128_gcm" >&5 $as_echo "$ac_cv_search_EVP_aes_128_gcm" >&6; } ac_res=$ac_cv_search_EVP_aes_128_gcm if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "can't find openssl >= 1.0.1 crypto lib See \`config.log' for more details" "$LINENO" 5; } fi $as_echo "#define OPENSSL 1" >>confdefs.h AES_ICM_OBJS="crypto/cipher/aes_icm_ossl.o crypto/cipher/aes_gcm_ossl.o" HMAC_OBJS=crypto/hash/hmac_ossl.o USE_OPENSSL=1 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to leverage OpenSSL KDF algorithm" >&5 $as_echo_n "checking whether to leverage OpenSSL KDF algorithm... " >&6; } # Check whether --enable-openssl-kdf was given. if test "${enable_openssl_kdf+set}" = set; then : enableval=$enable_openssl_kdf; else enable_openssl_kdf=no fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_openssl_kdf" >&5 $as_echo "$enable_openssl_kdf" >&6; } if test "$enable_openssl_kdf" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing kdf_srtp" >&5 $as_echo_n "checking for library containing kdf_srtp... " >&6; } if ${ac_cv_search_kdf_srtp+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char kdf_srtp (); int main () { return kdf_srtp (); ; return 0; } _ACEOF for ac_lib in '' crypto; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_kdf_srtp=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_kdf_srtp+:} false; then : break fi done if ${ac_cv_search_kdf_srtp+:} false; then : else ac_cv_search_kdf_srtp=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_kdf_srtp" >&5 $as_echo "$ac_cv_search_kdf_srtp" >&6; } ac_res=$ac_cv_search_kdf_srtp if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "can't find openssl KDF lib See \`config.log' for more details" "$LINENO" 5; } fi $as_echo "#define OPENSSL_KDF 1" >>confdefs.h fi else AES_ICM_OBJS="crypto/cipher/aes_icm.o crypto/cipher/aes.o" HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcap_create in -lpcap" >&5 $as_echo_n "checking for pcap_create in -lpcap... " >&6; } if ${ac_cv_lib_pcap_pcap_create+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpcap $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char pcap_create (); int main () { return pcap_create (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_pcap_pcap_create=yes else ac_cv_lib_pcap_pcap_create=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pcap_pcap_create" >&5 $as_echo "$ac_cv_lib_pcap_pcap_create" >&6; } if test "x$ac_cv_lib_pcap_pcap_create" = xyes; then : LIBS="-lpcap $LIBS" $as_echo "#define HAVE_PCAP 1" >>confdefs.h HAVE_PCAP=1 fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to redirect logging to stdout" >&5 $as_echo_n "checking whether to redirect logging to stdout... " >&6; } # Check whether --enable-log-stdout was given. if test "${enable_log_stdout+set}" = set; then : enableval=$enable_log_stdout; else enable_log_stdout=no fi if test "$enable_log_stdout" = "yes"; then $as_echo "#define ERR_REPORTING_STDOUT 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_log_stdout" >&5 $as_echo "$enable_log_stdout" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking wheather to use a file for logging" >&5 $as_echo_n "checking wheather to use a file for logging... " >&6; } # Check whether --with-log-file was given. if test "${with_log_file+set}" = set; then : withval=$with_log_file; case x$with_log_file in #( x) : valid_with_log_file="no" ;; #( xyes) : valid_with_log_file="no" ;; #( *) : valid_with_error_file="yes" ;; esac if test "$valid_with_log_file" = "no"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: invalid" >&5 $as_echo "invalid" >&6; } { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "Invalid value for --with-log-file: \"$with_log_file\" See \`config.log' for more details" "$LINENO" 5; } else cat >>confdefs.h <<_ACEOF #define ERR_REPORTING_FILE "$with_log_file" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: using log file: \"$with_log_file\"" >&5 $as_echo "using log file: \"$with_log_file\"" >&6; } fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "$enable_log_stdout" = "yes" && test "x$with_log_file" != "x"; then : { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "Can only use one of --enable-log-stdout and --with-log-file; they are mutually exclusive See \`config.log' for more details" "$LINENO" 5; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for extra C compiler flags" >&5 $as_echo_n "checking for extra C compiler flags... " >&6; } if test "x$EXTRA_CFLAGS" != "x"; then : if test "x$CFLAGS" = "x"; then : CFLAGS="$EXTRA_CFLAGS" else CFLAGS="$CFLAGS $EXTRA_CFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $EXTRA_CFLAGS" >&5 $as_echo "$EXTRA_CFLAGS" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi ac_config_headers="$ac_config_headers crypto/include/config.h:config_in.h" ac_config_files="$ac_config_files Makefile crypto/Makefile doc/Makefile libsrtp2.pc" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else case $cache_file in #( */* | ?:*) mv -f confcache "$cache_file"$$ && mv -f "$cache_file"$$ "$cache_file" ;; #( *) mv -f confcache "$cache_file" ;; esac fi fi else { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## ## ----------------------------------- ## _ASEOF test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by libsrtp2 $as_me 2.1.0, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac case $ac_config_headers in *" "*) set x $ac_config_headers; shift; ac_config_headers=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE --header=FILE[:TEMPLATE] instantiate the configuration header FILE Configuration files: $config_files Configuration headers: $config_headers Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ libsrtp2 config.status 2.1.0 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Copyright (C) 2012 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; --*=) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg= ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append CONFIG_HEADERS " '$ac_optarg'" ac_need_defaults=false;; --he | --h) # Conflict between --help and --header as_fn_error $? "ambiguous option: \`$1' Try \`$0 --help' for more information.";; --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX $as_echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "crypto/include/config.h") CONFIG_HEADERS="$CONFIG_HEADERS crypto/include/config.h:config_in.h" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "crypto/Makefile") CONFIG_FILES="$CONFIG_FILES crypto/Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; "libsrtp2.pc") CONFIG_FILES="$CONFIG_FILES libsrtp2.pc" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= ac_tmp= trap 'exit_status=$? : "${ac_tmp:=$tmp}" { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status ' 0 trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. # But we know of no other shell where ac_cr would be empty at this # point, so we can use a bashism as a fallback. if test "x$ac_cr" = x; then eval ac_cr=\$\'\\r\' fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$ac_tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF # VPATH may cause trouble with some makes, so we remove sole $(srcdir), # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ h s/// s/^/:/ s/[ ]*$/:/ s/:\$(srcdir):/:/g s/:\${srcdir}:/:/g s/:@srcdir@:/:/g s/^:*// s/:*$// x s/\(=[ ]*\).*/\1/ G s/\n// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" # Set up the scripts for CONFIG_HEADERS section. # No need to generate them if there are no CONFIG_HEADERS. # This happens for instance with `./config.status Makefile'. if test -n "$CONFIG_HEADERS"; then cat >"$ac_tmp/defines.awk" <<\_ACAWK || BEGIN { _ACEOF # Transform confdefs.h into an awk script `defines.awk', embedded as # here-document in config.status, that substitutes the proper values into # config.h.in to produce config.h. # Create a delimiter string that does not exist in confdefs.h, to ease # handling of long lines. ac_delim='%!_!# ' for ac_last_try in false false :; do ac_tt=`sed -n "/$ac_delim/p" confdefs.h` if test -z "$ac_tt"; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done # For the awk script, D is an array of macro values keyed by name, # likewise P contains macro parameters if any. Preserve backslash # newline sequences. ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* sed -n ' s/.\{148\}/&'"$ac_delim"'/g t rset :rset s/^[ ]*#[ ]*define[ ][ ]*/ / t def d :def s/\\$// t bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3"/p s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p d :bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3\\\\\\n"\\/p t cont s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p t cont d :cont n s/.\{148\}/&'"$ac_delim"'/g t clear :clear s/\\$// t bsnlc s/["\\]/\\&/g; s/^/"/; s/$/"/p d :bsnlc s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p b cont ' >$CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 for (key in D) D_is_set[key] = 1 FS = "" } /^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { line = \$ 0 split(line, arg, " ") if (arg[1] == "#") { defundef = arg[2] mac1 = arg[3] } else { defundef = substr(arg[1], 2) mac1 = arg[2] } split(mac1, mac2, "(") #) macro = mac2[1] prefix = substr(line, 1, index(line, defundef) - 1) if (D_is_set[macro]) { # Preserve the white space surrounding the "#". print prefix "define", macro P[macro] D[macro] next } else { # Replace #undef with comments. This is necessary, for example, # in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. if (defundef == "undef") { print "/*", prefix defundef, macro, "*/" next } } } { print } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 fi # test -n "$CONFIG_HEADERS" eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS " shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`$as_echo "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$ac_tmp/stdin" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # case $INSTALL in [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" case $ac_file in -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; :H) # # CONFIG_HEADER # if test x"$ac_file" != x-; then { $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" } >"$ac_tmp/config.h" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 $as_echo "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$ac_tmp/config.h" "$ac_file" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 fi else $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ || as_fn_error $? "could not create -" "$LINENO" 5 fi ;; esac done # for ac_tag as_fn_exit 0 _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi # This is needed when building outside the source dir. as_dir=crypto/cipher; as_fn_mkdir_p as_dir=crypto/hash; as_fn_mkdir_p as_dir=crypto/kernel; as_fn_mkdir_p as_dir=crypto/math; as_fn_mkdir_p as_dir=crypto/replay; as_fn_mkdir_p as_dir=crypto/test; as_fn_mkdir_p as_dir=doc; as_fn_mkdir_p as_dir=srtp; as_fn_mkdir_p as_dir=test; as_fn_mkdir_p libsrtp-2.1.0/configure.in000066400000000000000000000271661312031100000154730ustar00rootroot00000000000000dnl Process this file with autoconf to produce a configure script. AC_INIT([libsrtp2], [2.1.0], [https://github.com/cisco/libsrtp/issues]) dnl Must come before AC_PROG_CC EMPTY_CFLAGS="no" if test "x$CFLAGS" = "x"; then dnl Default value for CFLAGS if not specified. EMPTY_CFLAGS="yes" fi dnl Checks for programs. AC_PROG_CC AC_PROG_CPP AC_ARG_VAR( [EXTRA_CFLAGS], [C compiler flags appended to the regular C compiler flags instead of overriding them]) AM_PROG_AR AC_PROG_RANLIB AC_PROG_INSTALL AC_PROG_SED dnl Check the byte order AC_C_BIGENDIAN AC_CANONICAL_HOST dnl check host_cpu type, set defines appropriately case $host_cpu in i*86 | x86_64 ) AC_DEFINE([CPU_CISC], [1], [Define if building for a CISC machine (e.g. Intel).]) AC_DEFINE([HAVE_X86], [1], [Define to use X86 inlined assembly code]) ;; * ) AC_DEFINE([CPU_RISC], [1], [Define if building for a RISC machine (assume slow byte access).]) ;; esac dnl Check if we are on a Windows platform. case $host_os in *cygwin*|*mingw* ) EXE=.exe ;; * ) EXE="" ;; esac AC_SUBST([EXE]) # define executable suffix; this is needed for `make clean' dnl Checks for supported compiler flags. supported_cflags="" if test "$EMPTY_CFLAGS" = "no"; then supported_cflags="$CFLAGS" fi dnl For accurate detection, we need warnings as errors. dnl I.e. Clang will issue a warning about unsupported flags. dnl For the compilation to fail, those warnings needs to be upgraded to errors. dnl This will be removed again once the tests are complete (see below). WERROR="" for w in -Werror -errwarn; do if test "x$WERROR" = "x"; then AC_MSG_CHECKING([whether ${CC-c} accepts $w]) save_cflags="$CFLAGS" AS_IF([test "x$CFLAGS" = "x"], [CFLAGS="$w"], [CFLAGS="$CFLAGS $w"]) AC_COMPILE_IFELSE([AC_LANG_SOURCE([int main(void) { return 0; }])], [WERROR="$w" AC_MSG_RESULT([yes])], [CFLAGS="$save_cflags" AC_MSG_RESULT([no])]) fi done dnl Note that -fPIC is not explicitly added to LDFLAGS. dnl Since the compiler is used as the link driver, CFLAGS will be part of the dnl link line as well and the linker will get the flag from there. dnl Adding it to LDFLAGS explicitly would duplicate the flag on the link line, dnl but otherwise do no harm. AC_MSG_CHECKING([whether ${CC-c} accepts -fPIC]) save_cflags="$CFLAGS" AS_IF([test "x$CFLAGS" = "x"], [CFLAGS="-fPIC"], [CFLAGS="$CFLAGS -fPIC"]) AC_COMPILE_IFELSE([AC_LANG_SOURCE([int main(void) { return 0; }])], [AS_IF([test "x$supported_cflags" = "x"], [supported_cflags="-fPIC"], [supported_cflags="$supported_cflags -fPIC"]) AC_MSG_RESULT([yes])], [CFLAGS="$save_cflags" AC_MSG_RESULT([no])]) if test "$EMPTY_CFLAGS" = "yes"; then for f in -Wall -pedantic -Wstrict-prototypes; do AC_MSG_CHECKING([whether ${CC-c} accepts $f]) save_cflags="$CFLAGS" AS_IF([test "x$CFLAGS" = "x"], [CFLAGS="$f"], [CFLAGS="$CFLAGS $f"]) AC_COMPILE_IFELSE([AC_LANG_SOURCE([int main(void) { return 0; }])], [AS_IF([test "x$supported_cflags" = "x"], [supported_cflags="$f"], [supported_cflags="$supported_cflags $f"]) AC_MSG_RESULT([yes])], [CFLAGS="$save_cflags" AC_MSG_RESULT([no])]) done OOPT="" for f in -O4 -O3; do if test "x$OOPT" = "x"; then AC_MSG_CHECKING([whether ${CC-c} accepts $f]) save_cflags="$CFLAGS" AS_IF([test "x$CFLAGS" = "x"], [CFLAGS="$f"], [CFLAGS="$CFLAGS $f"]) AC_COMPILE_IFELSE([AC_LANG_SOURCE([int main(void) { return 0; }])], [AS_IF([test "x$supported_cflags" = "x"], [supported_cflags="$f"], [supported_cflags="$supported_cflags $f"]) OOPT="$f" AC_MSG_RESULT([yes])], [CFLAGS="$save_cflags" AC_MSG_RESULT([no])]) fi done for f in -fexpensive-optimizations -funroll-loops; do AC_MSG_CHECKING([whether ${CC-c} accepts $f]) save_cflags="$CFLAGS" AS_IF([test "x$CFLAGS" = "x"], [CFLAGS="$f"], [CFLAGS="$CFLAGS $f"]) AC_COMPILE_IFELSE([AC_LANG_SOURCE([int main(void) { return 0; }])], [AS_IF([test "x$supported_cflags" = "x"], [supported_cflags="$f"], [supported_cflags="$supported_cflags $f"]) AC_MSG_RESULT([yes])], [CFLAGS="$save_cflags" AC_MSG_RESULT([no])]) done fi dnl When turning off warnigns, we're expecting unrecognized command line option errors if they're not dnl supported. However, the -Wno- form isn't consulted unless a warning is triggered. dnl At least that's the case for GCC. So to check which warnings we can turn off, we need to check dnl if they can be turned on, thereby forcing GCC to take the argument into account right away. for f in -Wno-language-extension-token; do AC_MSG_CHECKING([whether ${CC-c} accepts $f]) save_cflags="$CFLAGS" testf=$(echo "$f" | $SED 's|-Wno-\(.*\)|-W\1|g') AS_IF([test "x$CFLAGS" = "x"], [CFLAGS="$testf"], [CFLAGS="$CFLAGS $testf"]) AC_COMPILE_IFELSE([AC_LANG_SOURCE([int main(void) { return 0; }])], [AS_IF([test "x$supported_cflags" = "x"], [supported_cflags="$f"], [supported_cflags="$supported_cflags $f"]) AC_MSG_RESULT([yes])], [CFLAGS="$save_cflags" AC_MSG_RESULT([no])]) done dnl Remowing -Werror again CFLAGS="$supported_cflags" dnl Checks for header files. AC_HEADER_STDC AC_CHECK_HEADERS( [unistd.h byteswap.h stdint.h sys/uio.h inttypes.h sys/types.h machine/types.h sys/int_types.h], [], [], [AC_INCLUDES_DEFAULT]) dnl socket() and friends AC_CHECK_HEADERS([sys/socket.h netinet/in.h arpa/inet.h], [], [], [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS( [windows.h], [AC_CHECK_HEADERS([winsock2.h], [], [], [AC_INCLUDES_DEFAULT])], [], [AC_INCLUDES_DEFAULT]) AC_CHECK_TYPES([int8_t, uint8_t, int16_t, uint16_t, int32_t, uint32_t, uint64_t]) AC_CHECK_SIZEOF([unsigned long]) AC_CHECK_SIZEOF([unsigned long long]) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST AC_C_INLINE AC_TYPE_SIZE_T dnl Checks for library functions. AC_CHECK_FUNCS([socket inet_aton usleep sigaction]) dnl Find socket function if not found yet. if test "x$ac_cv_func_socket" = "xno"; then AC_CHECK_LIB([socket], [socket]) AC_MSG_CHECKING([for socket in -lwsock32]) SAVELIBS="$LIBS" LIBS="$LIBS -lwsock32" AC_LINK_IFELSE( [AC_LANG_SOURCE([ #include int main(void) { int fd = socket(0, 0, 0); if (fd < 0) return -1; else return 0; } ])], [ac_cv_func_socket=yes AC_MSG_RESULT([yes])], [LIBS="$SAVELIBS" AC_MSG_RESULT([no])]) fi AC_MSG_CHECKING([whether to enable debug logging in all modules]) AC_ARG_ENABLE([debug-logging], [AS_HELP_STRING([--enable-debug-logging], [Enable debug logging in all modules])], [], enable_debug_logging=no) if test "$enable_debug_logging" = "yes"; then AC_DEFINE([ENABLE_DEBUG_LOGGING], [1], [Define to enabled debug logging for all mudules.]) fi AC_MSG_RESULT([$enable_debug_logging]) PKG_PROG_PKG_CONFIG AS_IF([test "x$PKG_CONFIG" != "x"], [PKG_CONFIG="$PKG_CONFIG --static"]) AC_MSG_CHECKING([whether to leverage OpenSSL crypto]) AC_ARG_ENABLE([openssl], [AS_HELP_STRING([--enable-openssl], [compile in OpenSSL crypto engine])], [], [enable_openssl=no]) AC_MSG_RESULT([$enable_openssl]) if test "$enable_openssl" = "yes"; then AC_MSG_CHECKING([for user specified OpenSSL directory]) AC_ARG_WITH([openssl-dir], [AS_HELP_STRING([--with-openssl-dir], [Location of OpenSSL installation])], [if test "x$PKG_CONFIG" != "x" && test -f $with_openssl_dir/lib/pkgconfig/libcrypto.pc; then if test "x$PKG_CONFIG_PATH" = "x"; then export PKG_CONFIG_PATH="$with_openssl_dir/lib/pkgconfig" else export PKG_CONFIG_PATH="$with_openssl_dir/lib/pkgconfig:$PKG_CONFIG_PATH" fi AC_MSG_RESULT([$with_openssl_dir]) elif test -d $with_openssl_dir/lib; then CFLAGS="$CFLAGS -I$with_openssl_dir/include" if test "x$LDFLAGS" = "x"; then LDFLAGS="-L$with_openssl_dir/lib" else LDFLAGS="$LDFLAGS -L$with_openssl_dir/lib" fi AC_MSG_RESULT([$with_openssl_dir]) else AC_MSG_RESULT([invalid]) AC_MSG_FAILURE([Invalid OpenSSL location: $with_openssl_dir]) fi], [AC_MSG_RESULT([no])]) if test "x$PKG_CONFIG" != "x"; then PKG_CHECK_MODULES([crypto], [libcrypto >= 1.0.1], [CFLAGS="$CFLAGS $crypto_CFLAGS" LIBS="$crypto_LIBS $LIBS"]) else AC_CHECK_LIB([dl], [dlopen], [], [AC_MSG_WARN([can't find libdl])]) AC_CHECK_LIB([z], [inflate], [], [AC_MSG_WARN([can't find libz])]) fi AC_SEARCH_LIBS([EVP_EncryptInit], [crypto], [], [AC_MSG_FAILURE([can't find openssl >= 1.0.1 crypto lib])]) AC_SEARCH_LIBS([EVP_aes_128_ctr], [crypto], [], [AC_MSG_FAILURE([can't find openssl >= 1.0.1 crypto lib])]) AC_SEARCH_LIBS([EVP_aes_128_gcm], [crypto], [], [AC_MSG_FAILURE([can't find openssl >= 1.0.1 crypto lib])]) AC_DEFINE([OPENSSL], [1], [Define this to use OpenSSL crypto.]) AES_ICM_OBJS="crypto/cipher/aes_icm_ossl.o crypto/cipher/aes_gcm_ossl.o" HMAC_OBJS=crypto/hash/hmac_ossl.o AC_SUBST([USE_OPENSSL], [1]) AC_MSG_CHECKING([whether to leverage OpenSSL KDF algorithm]) AC_ARG_ENABLE([openssl-kdf], [AS_HELP_STRING([--enable-openssl-kdf], [Use OpenSSL KDF algorithm])], [], [enable_openssl_kdf=no]) AC_MSG_RESULT([$enable_openssl_kdf]) if test "$enable_openssl_kdf" = "yes"; then AC_SEARCH_LIBS([kdf_srtp], [crypto], [], [AC_MSG_FAILURE([can't find openssl KDF lib])]) AC_DEFINE([OPENSSL_KDF], [1], [Define this to use OpenSSL KDF for SRTP.]) fi else AES_ICM_OBJS="crypto/cipher/aes_icm.o crypto/cipher/aes.o" HMAC_OBJS="crypto/hash/hmac.o crypto/hash/sha1.o" fi AC_SUBST([AES_ICM_OBJS]) AC_SUBST([HMAC_OBJS]) dnl Checking for PCAP AC_CHECK_LIB([pcap], [pcap_create], [LIBS="-lpcap $LIBS" AC_DEFINE([HAVE_PCAP], [1], [Define to 1 if you have the `pcap' library (-lpcap)]) AC_SUBST([HAVE_PCAP], [1])]) AC_MSG_CHECKING([whether to redirect logging to stdout]) AC_ARG_ENABLE([log-stdout], [AS_HELP_STRING([--enable-log-stdout], [redirecting logging to stdout])], [], [enable_log_stdout=no]) if test "$enable_log_stdout" = "yes"; then AC_DEFINE([ERR_REPORTING_STDOUT], [1], [Define to redirect logging to stdout.]) fi AC_MSG_RESULT([$enable_log_stdout]) AC_MSG_CHECKING([wheather to use a file for logging]) AC_ARG_WITH([log-file], [AS_HELP_STRING([--with-log-file], [Use file for logging])], [AS_CASE([x$with_log_file], [x], [valid_with_log_file="no"], [xyes], [valid_with_log_file="no"], [valid_with_error_file="yes"]) AS_IF([test "$valid_with_log_file" = "no"], [AC_MSG_RESULT([invalid]) AC_MSG_FAILURE([Invalid value for --with-log-file: "$with_log_file"])], [AC_DEFINE_UNQUOTED([ERR_REPORTING_FILE], ["$with_log_file"], [Logging statments will be writen to this file.]) AC_MSG_RESULT([using log file: "$with_log_file"])])], [AC_MSG_RESULT([no])]) AS_IF( [test "$enable_log_stdout" = "yes" && test "x$with_log_file" != "x"], [AC_MSG_FAILURE([Can only use one of --enable-log-stdout and --with-log-file; they are mutually exclusive])]) dnl Appending EXTRA_CFLAGS, if given AC_MSG_CHECKING([for extra C compiler flags]) AS_IF([test "x$EXTRA_CFLAGS" != "x"], [AS_IF([test "x$CFLAGS" = "x"], [CFLAGS="$EXTRA_CFLAGS"], [CFLAGS="$CFLAGS $EXTRA_CFLAGS"]) AC_MSG_RESULT([$EXTRA_CFLAGS])], [AC_MSG_RESULT(no)]) AC_CONFIG_HEADER([crypto/include/config.h:config_in.h]) AC_CONFIG_FILES([Makefile crypto/Makefile doc/Makefile libsrtp2.pc]) AC_OUTPUT # This is needed when building outside the source dir. AS_MKDIR_P([crypto/cipher]) AS_MKDIR_P([crypto/hash]) AS_MKDIR_P([crypto/kernel]) AS_MKDIR_P([crypto/math]) AS_MKDIR_P([crypto/replay]) AS_MKDIR_P([crypto/test]) AS_MKDIR_P([doc]) AS_MKDIR_P([srtp]) AS_MKDIR_P([test]) libsrtp-2.1.0/crypto/000077500000000000000000000000001312031100000144665ustar00rootroot00000000000000libsrtp-2.1.0/crypto/Makefile.in000066400000000000000000000046041312031100000165370ustar00rootroot00000000000000# Makefile for crypto test suite # # David A. McGrew # Cisco Systems, Inc. srcdir = @srcdir@ top_srcdir = @top_srcdir@ top_builddir = @top_builddir@ VPATH = @srcdir@ CC = @CC@ INCDIR = -Iinclude -I$(srcdir)/include -I$(top_srcdir)/include DEFS = @DEFS@ CPPFLAGS= @CPPFLAGS@ CFLAGS = @CFLAGS@ LIBS = @LIBS@ LDFLAGS = @LDFLAGS@ -L. -L.. COMPILE = $(CC) $(DEFS) $(INCDIR) $(CPPFLAGS) $(CFLAGS) CRYPTOLIB = -lsrtp2 RANLIB = @RANLIB@ # EXE defines the suffix on executables - it's .exe for cygwin, and # null on linux, bsd, and OS X and other OSes. we define this so that # `make clean` will work on the cygwin platform EXE = @EXE@ # Random source. USE_OPENSSL = @USE_OPENSSL@ ifdef ARCH DEFS += -D$(ARCH)=1 endif ifdef sysname DEFS += -D$(sysname)=1 endif .PHONY: dummy all runtest clean superclean dummy : all runtest # test applications ifneq (1, $(USE_OPENSSL)) AES_CALC = test/aes_calc$(EXE) endif testapp = test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \ test/stat_driver$(EXE) test/sha1_driver$(EXE) \ test/kernel_driver$(EXE) $(AES_CALC) \ test/env$(EXE) # data values used to test the aes_calc application for AES-128 k128=000102030405060708090a0b0c0d0e0f p128=00112233445566778899aabbccddeeff c128=69c4e0d86a7b0430d8cdb78070b4c55a # data values used to test the aes_calc application for AES-256 k256=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f p256=00112233445566778899aabbccddeeff c256=8ea2b7ca516745bfeafc49904b496089 runtest: $(testapp) test/env$(EXE) # print out information on the build environment @echo "running crypto test applications..." ifneq (1, $(USE_OPENSSL)) test `test/aes_calc $(k128) $(p128)` = $(c128) test `test/aes_calc $(k256) $(p256)` = $(c256) endif test/cipher_driver$(EXE) -v >/dev/null test/datatypes_driver$(EXE) -v >/dev/null test/stat_driver$(EXE) >/dev/null test/sha1_driver$(EXE) -v >/dev/null test/kernel_driver$(EXE) -v >/dev/null @echo "crypto test applications passed." # the rule for making object files and test apps %.o: %.c $(COMPILE) -c $< -o $@ %$(EXE): %.c $(srcdir)/../test/getopt_s.c $(COMPILE) $(LDFLAGS) $< $(srcdir)/../test/getopt_s.c -o $@ $(CRYPTOLIB) $(LIBS) all: $(testapp) # housekeeping functions clean: rm -f $(testapp) *.o */*.o for a in * .* */*; do if [ -f "$$a~" ] ; then rm $$a~; fi; done; rm -f `find . -name "*.[ch]~*~"` rm -rf latex superclean: clean rm -f *core TAGS ktrace.out # EOF libsrtp-2.1.0/crypto/cipher/000077500000000000000000000000001312031100000157405ustar00rootroot00000000000000libsrtp-2.1.0/crypto/cipher/aes.c000066400000000000000000002756651312031100000167010ustar00rootroot00000000000000/* * aes.c * * An implemnetation of the AES block cipher. * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "aes.h" #include "err.h" /* * we use the tables T0, T1, T2, T3, and T4 to compute AES, and * the tables U0, U1, U2, and U4 to compute its inverse * * different tables are used on little-endian (Intel, VMS) and * big-endian processors (everything else) * * these tables are computed using the program tables/aes_tables; use * this program to generate different tables for porting or * optimization on a different platform */ #ifndef WORDS_BIGENDIAN static const uint32_t T0[256] = { 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0xdf2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, 0x50303060, 0x3010102, 0xa96767ce, 0x7d2b2b56, 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, 0x15fafaef, 0xeb5959b2, 0xc947478e, 0xbf0f0fb, 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, 0x5a36366c, 0x413f3f7e, 0x2f7f7f5, 0x4fcccc83, 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x8f1f1f9, 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, 0xc040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, 0x28181830, 0xa1969637, 0xf05050a, 0xb59a9a2f, 0x907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, 0xf55353a6, 0x68d1d1b9, 0x0, 0x2cededc1, 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, 0xcf45458a, 0x10f9f9e9, 0x6020204, 0x817f7ffe, 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, 0xad92923f, 0xbc9d9d21, 0x48383870, 0x4f5f5f1, 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 0x30101020, 0x1affffe5, 0xef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, 0xdb494992, 0xa06060c, 0x6c242448, 0xe45c5cb8, 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 0xb46c6cd8, 0xfa5656ac, 0x7f4f4f3, 0x25eaeacf, 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, 0xd8484890, 0x5030306, 0x1f6f6f7, 0x120e0e1c, 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c, }; static const uint32_t T1[256] = { 0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d, 0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154, 0x30306050, 0x1010203, 0x6767cea9, 0x2b2b567d, 0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a, 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87, 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b, 0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea, 0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b, 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a, 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f, 0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908, 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f, 0x404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e, 0x18183028, 0x969637a1, 0x5050a0f, 0x9a9a2fb5, 0x7070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d, 0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f, 0x909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e, 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb, 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce, 0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397, 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c, 0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed, 0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b, 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a, 0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16, 0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194, 0x45458acf, 0xf9f9e910, 0x2020406, 0x7f7ffe81, 0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3, 0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a, 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104, 0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263, 0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d, 0xcdcd814c, 0xc0c1814, 0x13132635, 0xececc32f, 0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39, 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47, 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695, 0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f, 0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83, 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c, 0xdedea779, 0x5e5ebce2, 0xb0b161d, 0xdbdbad76, 0xe0e0db3b, 0x32326456, 0x3a3a744e, 0xa0a141e, 0x494992db, 0x6060c0a, 0x2424486c, 0x5c5cb8e4, 0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6, 0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b, 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7, 0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0, 0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25, 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x8081018, 0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72, 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751, 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21, 0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85, 0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa, 0x484890d8, 0x3030605, 0xf6f6f701, 0xe0e1c12, 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0, 0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9, 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233, 0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7, 0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920, 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a, 0x8c8c038f, 0xa1a159f8, 0x89890980, 0xd0d1a17, 0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8, 0x414182c3, 0x999929b0, 0x2d2d5a77, 0xf0f1e11, 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a, }; static const uint32_t T2[256] = { 0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b, 0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5, 0x30605030, 0x1020301, 0x67cea967, 0x2b567d2b, 0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76, 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d, 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0, 0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf, 0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0, 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26, 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc, 0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1, 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15, 0x4080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3, 0x18302818, 0x9637a196, 0x50a0f05, 0x9a2fb59a, 0x70e0907, 0x12243612, 0x801b9b80, 0xe2df3de2, 0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75, 0x9121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a, 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0, 0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3, 0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784, 0x53a6f553, 0xd1b968d1, 0x0, 0xedc12ced, 0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b, 0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39, 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf, 0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb, 0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485, 0x458acf45, 0xf9e910f9, 0x2040602, 0x7ffe817f, 0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8, 0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f, 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5, 0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321, 0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2, 0xcd814ccd, 0xc18140c, 0x13263513, 0xecc32fec, 0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917, 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d, 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573, 0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc, 0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388, 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14, 0xdea779de, 0x5ebce25e, 0xb161d0b, 0xdbad76db, 0xe0db3be0, 0x32645632, 0x3a744e3a, 0xa141e0a, 0x4992db49, 0x60c0a06, 0x24486c24, 0x5cb8e45c, 0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662, 0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79, 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d, 0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9, 0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea, 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x8101808, 0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e, 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6, 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f, 0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a, 0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66, 0x4890d848, 0x3060503, 0xf6f701f6, 0xe1c120e, 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9, 0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e, 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311, 0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794, 0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9, 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf, 0x8c038f8c, 0xa159f8a1, 0x89098089, 0xd1a170d, 0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868, 0x4182c341, 0x9929b099, 0x2d5a772d, 0xf1e110f, 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16, }; static const uint32_t T3[256] = { 0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b, 0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5, 0x60503030, 0x2030101, 0xcea96767, 0x567d2b2b, 0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676, 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d, 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0, 0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf, 0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0, 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626, 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc, 0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1, 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515, 0x80c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3, 0x30281818, 0x37a19696, 0xa0f0505, 0x2fb59a9a, 0xe090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2, 0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575, 0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a, 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0, 0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3, 0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484, 0xa6f55353, 0xb968d1d1, 0x0, 0xc12ceded, 0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b, 0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939, 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf, 0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb, 0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585, 0x8acf4545, 0xe910f9f9, 0x4060202, 0xfe817f7f, 0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8, 0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x58a8f8f, 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5, 0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121, 0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2, 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec, 0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717, 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d, 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373, 0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc, 0x44662222, 0x547e2a2a, 0x3bab9090, 0xb838888, 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414, 0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb, 0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a, 0x92db4949, 0xc0a0606, 0x486c2424, 0xb8e45c5c, 0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262, 0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979, 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d, 0x18c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9, 0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea, 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808, 0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e, 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6, 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f, 0x96dd4b4b, 0x61dcbdbd, 0xd868b8b, 0xf858a8a, 0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666, 0x90d84848, 0x6050303, 0xf701f6f6, 0x1c120e0e, 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9, 0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e, 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111, 0xd2bb6969, 0xa970d9d9, 0x7898e8e, 0x33a79494, 0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9, 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf, 0x38f8c8c, 0x59f8a1a1, 0x9808989, 0x1a170d0d, 0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868, 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f, 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616, }; static const uint32_t U0[256] = { 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b, 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5, 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5, 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d, 0x2752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b, 0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295, 0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e, 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927, 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, 0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362, 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9, 0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52, 0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566, 0x728ebb2, 0x3c2b52f, 0x9a7bc586, 0xa50837d3, 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, 0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e, 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4, 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4, 0x39ec830b, 0xaaef6040, 0x69f715e, 0x51106ebd, 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d, 0xb58d5491, 0x55dc471, 0x6fd40604, 0xff155060, 0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967, 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879, 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x0, 0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c, 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36, 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624, 0xb1670a0c, 0xfe75793, 0xd296eeb4, 0x9e919b1b, 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c, 0xaba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, 0xb0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14, 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3, 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b, 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8, 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684, 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177, 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947, 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, 0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498, 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f, 0xe49d3a2c, 0xd927850, 0x9bcc5f6a, 0x62467e54, 0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382, 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf, 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, 0x97826cd, 0xf418596e, 0x1b79aec, 0xa89a4f83, 0x656e95e6, 0x7ee6ffaa, 0x8cfbc21, 0xe6e815ef, 0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029, 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235, 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733, 0x4a9804f1, 0xf7daec41, 0xe50cd7f, 0x2ff69117, 0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4, 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546, 0x4ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d, 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb, 0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a, 0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773, 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478, 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, 0xc25e2bc, 0x8b493c28, 0x41950dff, 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664, 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0, }; static const uint32_t U1[256] = { 0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96, 0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x3e34b93, 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525, 0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f, 0x5ab1de49, 0x1bba2567, 0xeea4598, 0xc0fe5de1, 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6, 0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da, 0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44, 0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd, 0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4, 0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245, 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994, 0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7, 0xd373ab23, 0x24b72e2, 0x8f1fe357, 0xab55662a, 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x837d3a5, 0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c, 0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1, 0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a, 0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475, 0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51, 0x8a213ef9, 0x6dd963d, 0x53eddae, 0xbde64d46, 0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff, 0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777, 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db, 0xa7ca147, 0xf427ce9, 0x1e84f8c9, 0x0, 0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e, 0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627, 0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a, 0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e, 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16, 0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d, 0xd090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8, 0x19f15785, 0x775af4c, 0xdd99eebb, 0x607fa3fd, 0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34, 0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863, 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420, 0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d, 0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0, 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722, 0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef, 0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0xbd49836, 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4, 0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462, 0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5, 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3, 0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b, 0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8, 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6, 0x9be7bad9, 0x366f4ace, 0x99fead4, 0x7cb029d6, 0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0, 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315, 0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f, 0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x496e4df, 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f, 0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e, 0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13, 0x61d79a8c, 0xca1377a, 0x14f8598e, 0x3c13eb89, 0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c, 0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf, 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886, 0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f, 0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41, 0x1a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490, 0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042, }; static const uint32_t U2[256] = { 0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e, 0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303, 0x302055fa, 0x76adf66d, 0xcc889176, 0x2f5254c, 0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3, 0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0, 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9, 0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59, 0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8, 0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71, 0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a, 0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f, 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x8f9942b, 0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8, 0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab, 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508, 0x2830f287, 0xbf23b2a5, 0x302ba6a, 0x16ed5c82, 0xcf8a2b1c, 0x79a792b4, 0x7f3f0f2, 0x694ea1e2, 0xda65cdf4, 0x506d5be, 0x34d11f62, 0xa6c48afe, 0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb, 0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110, 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd, 0x5491b58d, 0xc471055d, 0x6046fd4, 0x5060ff15, 0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e, 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee, 0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x0, 0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72, 0xefdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739, 0xf0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e, 0xa0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91, 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a, 0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17, 0x90e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9, 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60, 0x1f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e, 0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1, 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011, 0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1, 0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3, 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264, 0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90, 0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b, 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf, 0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246, 0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af, 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312, 0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb, 0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a, 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8, 0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c, 0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066, 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8, 0x4f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6, 0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04, 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51, 0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0xbfb2e41, 0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347, 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c, 0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1, 0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37, 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db, 0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40, 0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0xdff4195, 0xa8397101, 0xc08deb3, 0xb4d89ce4, 0x566490c1, 0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257, }; static const uint32_t U3[256] = { 0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27, 0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3, 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02, 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362, 0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe, 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3, 0x3e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952, 0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9, 0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9, 0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace, 0x63184adf, 0xe582311a, 0x97603351, 0x62457f53, 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08, 0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b, 0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55, 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837, 0x30f28728, 0x23b2a5bf, 0x2ba6a03, 0xed5c8216, 0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269, 0x65cdf4da, 0x6d5be05, 0xd11f6234, 0xc48afea6, 0x349d532e, 0xa2a055f3, 0x532e18a, 0xa475ebf6, 0xb39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e, 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6, 0x91b58d54, 0x71055dc4, 0x46fd406, 0x60ff1550, 0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9, 0xb0bd42e8, 0x7888b89, 0xe7385b19, 0x79dbeec8, 0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x0, 0x9838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a, 0xfdfbff0e, 0xf563885, 0x3d1ed5ae, 0x3627392d, 0xa64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36, 0xcb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b, 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12, 0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b, 0xe0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e, 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f, 0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb, 0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4, 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6, 0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129, 0x1d4b2f9e, 0xdcf330b2, 0xdec5286, 0x77d0e3c1, 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9, 0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033, 0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4, 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad, 0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e, 0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3, 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225, 0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b, 0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f, 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815, 0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0, 0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2, 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7, 0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691, 0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496, 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165, 0x9d04ea5e, 0x15d358c, 0xfa737487, 0xfb2e410b, 0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6, 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13, 0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147, 0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7, 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44, 0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3, 0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d, 0x397101a8, 0x8deb30c, 0xd89ce4b4, 0x6490c156, 0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8, }; #else /* assume big endian */ static const uint32_t T0[256] = { 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, 0x60303050, 0x2010103, 0xce6767a9, 0x562b2b7d, 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87, 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b, 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108, 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, 0x804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1, 0xa05050f, 0x2f9a9ab5, 0xe070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e, 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497, 0xa65353f5, 0xb9d1d168, 0x0, 0xc1eded2c, 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b, 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594, 0x8a4545cf, 0xe9f9f910, 0x4020206, 0xfe7f7f81, 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x58f8f8a, 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d, 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47, 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e, 0x3b9090ab, 0xb888883, 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e, 0x924949db, 0xc06060a, 0x4824246c, 0xb85c5ce4, 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b, 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, 0x18d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25, 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651, 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, 0x964b4bdd, 0x61bdbddc, 0xd8b8b86, 0xf8a8a85, 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa, 0x904848d8, 0x6030305, 0xf7f6f601, 0x1c0e0e12, 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9, 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, 0xd26969bb, 0xa9d9d970, 0x78e8e89, 0x339494a7, 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920, 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, 0x38c8c8f, 0x59a1a1f8, 0x9898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8, 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a, }; static const uint32_t T1[256] = { 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, 0xdfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, 0x50603030, 0x3020101, 0xa9ce6767, 0x7d562b2b, 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676, 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d, 0x15effafa, 0xebb25959, 0xc98e4747, 0xbfbf0f0, 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf, 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0, 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626, 0x5a6c3636, 0x417e3f3f, 0x2f5f7f7, 0x4f83cccc, 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x8f9f1f1, 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515, 0xc080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3, 0x28301818, 0xa1379696, 0xf0a0505, 0xb52f9a9a, 0x90e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2, 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575, 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a, 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0, 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3, 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484, 0xf5a65353, 0x68b9d1d1, 0x0, 0x2cc1eded, 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b, 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939, 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf, 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb, 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585, 0xcf8a4545, 0x10e9f9f9, 0x6040202, 0x81fe7f7f, 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8, 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f, 0xad3f9292, 0xbc219d9d, 0x48703838, 0x4f1f5f5, 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121, 0x30201010, 0x1ae5ffff, 0xefdf3f3, 0x6dbfd2d2, 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec, 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717, 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d, 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373, 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc, 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888, 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414, 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb, 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a, 0xdb924949, 0xa0c0606, 0x6c482424, 0xe4b85c5c, 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262, 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979, 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d, 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9, 0xb4d86c6c, 0xfaac5656, 0x7f3f4f4, 0x25cfeaea, 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808, 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e, 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6, 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f, 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a, 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666, 0xd8904848, 0x5060303, 0x1f7f6f6, 0x121c0e0e, 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9, 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e, 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111, 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494, 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9, 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf, 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d, 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868, 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f, 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616, }; static const uint32_t T2[256] = { 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b, 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5, 0x30506030, 0x1030201, 0x67a9ce67, 0x2b7d562b, 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76, 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d, 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0, 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af, 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0, 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26, 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc, 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1, 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15, 0x40c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3, 0x18283018, 0x96a13796, 0x50f0a05, 0x9ab52f9a, 0x7090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2, 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75, 0x91b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a, 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0, 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3, 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384, 0x53f5a653, 0xd168b9d1, 0x0, 0xed2cc1ed, 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b, 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239, 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf, 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb, 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185, 0x45cf8a45, 0xf910e9f9, 0x2060402, 0x7f81fe7f, 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8, 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f, 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5, 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221, 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2, 0xcd4c81cd, 0xc14180c, 0x13352613, 0xec2fc3ec, 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17, 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d, 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673, 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc, 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88, 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814, 0xde79a7de, 0x5ee2bc5e, 0xb1d160b, 0xdb76addb, 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0xa1e140a, 0x49db9249, 0x60a0c06, 0x246c4824, 0x5ce4b85c, 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462, 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279, 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d, 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9, 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea, 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x8181008, 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e, 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6, 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f, 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a, 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66, 0x48d89048, 0x3050603, 0xf601f7f6, 0xe121c0e, 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9, 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e, 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211, 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394, 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9, 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df, 0x8c8f038c, 0xa1f859a1, 0x89800989, 0xd171a0d, 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068, 0x41c38241, 0x99b02999, 0x2d775a2d, 0xf111e0f, 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16, }; static const uint32_t T3[256] = { 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6, 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491, 0x30305060, 0x1010302, 0x6767a9ce, 0x2b2b7d56, 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec, 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa, 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb, 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45, 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b, 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c, 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83, 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9, 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a, 0x4040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d, 0x18182830, 0x9696a137, 0x5050f0a, 0x9a9ab52f, 0x707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf, 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea, 0x9091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34, 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b, 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d, 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713, 0x5353f5a6, 0xd1d168b9, 0x0, 0xeded2cc1, 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6, 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72, 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85, 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed, 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411, 0x4545cf8a, 0xf9f910e9, 0x2020604, 0x7f7f81fe, 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b, 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05, 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1, 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342, 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf, 0xcdcd4c81, 0xc0c1418, 0x13133526, 0xecec2fc3, 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e, 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a, 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6, 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3, 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b, 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28, 0xdede79a7, 0x5e5ee2bc, 0xb0b1d16, 0xdbdb76ad, 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0xa0a1e14, 0x4949db92, 0x6060a0c, 0x24246c48, 0x5c5ce4b8, 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4, 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2, 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da, 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049, 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf, 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x8081810, 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c, 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197, 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e, 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f, 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc, 0x4848d890, 0x3030506, 0xf6f601f7, 0xe0e121c, 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069, 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927, 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322, 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733, 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9, 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5, 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0xd0d171a, 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0, 0x4141c382, 0x9999b029, 0x2d2d775a, 0xf0f111e, 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c, }; static const uint32_t U0[256] = { 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25, 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1, 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6, 0x38f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844, 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd, 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45, 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94, 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a, 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5, 0x302887f2, 0x23bfa5b2, 0x2036aba, 0xed16825c, 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1, 0x65daf4cd, 0x605bed5, 0xd134621f, 0xc4a6fe8a, 0x342e539d, 0xa2f355a0, 0x58ae132, 0xa4f6eb75, 0xb83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051, 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46, 0x91548db5, 0x71c45d05, 0x406d46f, 0x605015ff, 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77, 0xb0e842bd, 0x7898b88, 0xe7195b38, 0x79c8eedb, 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x0, 0x9808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e, 0xfd0efffb, 0xf853856, 0x3daed51e, 0x362d3927, 0xa0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, 0xc0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e, 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16, 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, 0xe090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8, 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd, 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163, 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120, 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, 0x1d9e2f4b, 0xdcb230f3, 0xd8652ec, 0x77c1e3d0, 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422, 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36, 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4, 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5, 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3, 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8, 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6, 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0, 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815, 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f, 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df, 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f, 0x9d5eea04, 0x18c355d, 0xfa877473, 0xfb0b412e, 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713, 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89, 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf, 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86, 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541, 0x39a80171, 0x80cb3de, 0xd8b4e49c, 0x6456c190, 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 }; static const uint32_t U1[256] = { 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c, 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3, 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0, 0x2c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9, 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259, 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8, 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971, 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a, 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f, 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b, 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8, 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab, 0x7b2eb28, 0x32fb5c2, 0x9a86c57b, 0xa5d33708, 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682, 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2, 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe, 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb, 0x390b83ec, 0xaa4060ef, 0x65e719f, 0x51bd6e10, 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd, 0xb591548d, 0x571c45d, 0x6f0406d4, 0xff605015, 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e, 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee, 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x0, 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72, 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39, 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e, 0xb10c0a67, 0xf9357e7, 0xd2b4ee96, 0x9e1b9b91, 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a, 0xae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17, 0xb0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9, 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60, 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e, 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1, 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611, 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1, 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3, 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964, 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390, 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b, 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf, 0xe42c3a9d, 0xd507892, 0x9b6a5fcc, 0x62547e46, 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af, 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512, 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb, 0x9cd2678, 0xf46e5918, 0x1ec9ab7, 0xa8834f9a, 0x65e6956e, 0x7eaaffe6, 0x821bccf, 0xe6ef15e8, 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c, 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266, 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8, 0x4af10498, 0xf741ecda, 0xe7fcd50, 0x2f1791f6, 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604, 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551, 0x49d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41, 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647, 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c, 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1, 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737, 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db, 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340, 0x72161dc3, 0xcbce225, 0x8b283c49, 0x41ff0d95, 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1, 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857 }; static const uint32_t U2[256] = { 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27, 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x3934be3, 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502, 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562, 0x5a49deb1, 0x1b6725ba, 0xe9845ea, 0xc0e15dfe, 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3, 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552, 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9, 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9, 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce, 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253, 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908, 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b, 0xd323ab73, 0x2e2724b, 0x8f57e31f, 0xab2a6655, 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x8a5d337, 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16, 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69, 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6, 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6, 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e, 0x8af93e21, 0x63d96dd, 0x5aedd3e, 0xbd464de6, 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050, 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9, 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8, 0xa47a17c, 0xfe97c42, 0x1ec9f884, 0x0, 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a, 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d, 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436, 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b, 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12, 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b, 0xd0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e, 0x198557f1, 0x74caf75, 0xddbbee99, 0x60fda37f, 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb, 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4, 0xdccad731, 0x85104263, 0x22401397, 0x112084c6, 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729, 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1, 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9, 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233, 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0xb3698d4, 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad, 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e, 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3, 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25, 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b, 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f, 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15, 0x9bd9bae7, 0x36ce4a6f, 0x9d4ea9f, 0x7cd629b0, 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2, 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7, 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791, 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x4dfe496, 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665, 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b, 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6, 0x618c9ad7, 0xc7a37a1, 0x148e59f8, 0x3c89eb13, 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47, 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7, 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844, 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3, 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d, 0x17139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456, 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8 }; static const uint32_t U3[256] = { 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a, 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b, 0x30fa5520, 0x766df6ad, 0xcc769188, 0x24c25f5, 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5, 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d, 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b, 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95, 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e, 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27, 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d, 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562, 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x82b94f9, 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752, 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66, 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3, 0x2887f230, 0xbfa5b223, 0x36aba02, 0x16825ced, 0xcf1c2b8a, 0x79b492a7, 0x7f2f0f3, 0x69e2a14e, 0xdaf4cd65, 0x5bed506, 0x34621fd1, 0xa6fe8ac4, 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4, 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd, 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d, 0x548db591, 0xc45d0571, 0x6d46f04, 0x5015ff60, 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767, 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79, 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x0, 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c, 0xefffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736, 0xfd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24, 0xa67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b, 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c, 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12, 0x90d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814, 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3, 0x1269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b, 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8, 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084, 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7, 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077, 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247, 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22, 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698, 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f, 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254, 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582, 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf, 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb, 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883, 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef, 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629, 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035, 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533, 0x4984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17, 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4, 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46, 0x5eea049d, 0x8c355d01, 0x877473fa, 0xb412efb, 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d, 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb, 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a, 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73, 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678, 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2, 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0xd9541ff, 0xa8017139, 0xcb3de08, 0xb4e49cd8, 0x56c19064, 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0 }; #endif /* * the following tables (aes_sbox, aes_inv_sbox, T4, U4) are * endian-neutral */ static const uint8_t aes_sbox[256] = { 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 }; #ifndef CPU_RISC static const uint8_t aes_inv_sbox[256] = { 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d }; #endif /* ! CPU_RISC */ #ifdef CPU_RISC static const uint32_t T4[256] = { 0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b, 0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5, 0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b, 0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676, 0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d, 0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0, 0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf, 0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0, 0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626, 0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc, 0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1, 0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515, 0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3, 0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a, 0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2, 0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575, 0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a, 0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0, 0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3, 0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484, 0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed, 0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b, 0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939, 0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf, 0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb, 0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585, 0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f, 0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8, 0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f, 0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5, 0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121, 0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2, 0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec, 0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717, 0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d, 0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373, 0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc, 0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888, 0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414, 0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb, 0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a, 0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c, 0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262, 0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979, 0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d, 0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9, 0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea, 0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808, 0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e, 0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6, 0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f, 0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a, 0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666, 0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e, 0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9, 0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e, 0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111, 0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494, 0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9, 0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf, 0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d, 0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868, 0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f, 0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616 }; static const uint32_t U4[256] = { 0x52525252, 0x9090909, 0x6a6a6a6a, 0xd5d5d5d5, 0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838, 0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e, 0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb, 0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282, 0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787, 0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444, 0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb, 0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232, 0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d, 0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0xb0b0b0b, 0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e, 0x8080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666, 0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2, 0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949, 0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525, 0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464, 0x86868686, 0x68686868, 0x98989898, 0x16161616, 0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc, 0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292, 0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050, 0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada, 0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757, 0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484, 0x90909090, 0xd8d8d8d8, 0xabababab, 0x0, 0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0xa0a0a0a, 0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x5050505, 0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x6060606, 0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f, 0xcacacaca, 0x3f3f3f3f, 0xf0f0f0f, 0x2020202, 0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x3030303, 0x1010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b, 0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141, 0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea, 0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece, 0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373, 0x96969696, 0xacacacac, 0x74747474, 0x22222222, 0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585, 0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8, 0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e, 0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171, 0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989, 0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0xe0e0e0e, 0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b, 0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b, 0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020, 0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe, 0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4, 0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333, 0x88888888, 0x7070707, 0xc7c7c7c7, 0x31313131, 0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959, 0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f, 0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9, 0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0xd0d0d0d, 0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f, 0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef, 0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d, 0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0, 0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c, 0x83838383, 0x53535353, 0x99999999, 0x61616161, 0x17171717, 0x2b2b2b2b, 0x4040404, 0x7e7e7e7e, 0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626, 0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363, 0x55555555, 0x21212121, 0xc0c0c0c, 0x7d7d7d7d }; #endif /* CPU_RISC */ #define gf2_8_field_polynomial 0x1B /* * gf2_8_shift(z) returns the result of the GF(2^8) 'multiply by x' * operation, using the field representation from AES; that is, the * next gf2_8 value in the cyclic representation of that field. The * value z should be an uint8_t. */ #define gf2_8_shift(z) (((z) & 128) ? \ (((z) << 1) ^ gf2_8_field_polynomial) : ((z) << 1)) /* aes internals */ extern srtp_debug_module_t srtp_mod_aes_icm; static void aes_128_expand_encryption_key (const uint8_t *key, srtp_aes_expanded_key_t *expanded_key) { int i; uint8_t rc; /* initialize round constant */ rc = 1; expanded_key->num_rounds = 10; v128_copy_octet_string(&expanded_key->round[0], key); #if 0 debug_print(srtp_mod_aes_icm, "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0])); #endif /* loop over round keys */ for (i = 1; i < 11; i++) { /* munge first word of round key */ expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i - 1].v8[13]] ^ rc; expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i - 1].v8[14]]; expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i - 1].v8[15]]; expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i - 1].v8[12]]; expanded_key->round[i].v32[0] ^= expanded_key->round[i - 1].v32[0]; /* set remaining 32 bit words to the exor of the one previous with * the one four words previous */ expanded_key->round[i].v32[1] = expanded_key->round[i].v32[0] ^ expanded_key->round[i - 1].v32[1]; expanded_key->round[i].v32[2] = expanded_key->round[i].v32[1] ^ expanded_key->round[i - 1].v32[2]; expanded_key->round[i].v32[3] = expanded_key->round[i].v32[2] ^ expanded_key->round[i - 1].v32[3]; #if 0 debug_print2(srtp_mod_aes_icm, "expanded key[%d]: %s", i, v128_hex_string(&expanded_key->round[i])); #endif /* modify round constant */ rc = gf2_8_shift(rc); } } static void aes_256_expand_encryption_key (const unsigned char *key, srtp_aes_expanded_key_t *expanded_key) { int i; uint8_t rc; /* initialize round constant */ rc = 1; expanded_key->num_rounds = 14; v128_copy_octet_string(&expanded_key->round[0], key); v128_copy_octet_string(&expanded_key->round[1], key + 16); #if 0 debug_print(srtp_mod_aes_icm, "expanded key[0]: %s", v128_hex_string(&expanded_key->round[0])); debug_print(srtp_mod_aes_icm, "expanded key[1]: %s", v128_hex_string(&expanded_key->round[1])); #endif /* loop over rest of round keys */ for (i = 2; i < 15; i++) { /* munge first word of round key */ if ((i & 1) == 0) { expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i - 1].v8[13]] ^ rc; expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i - 1].v8[14]]; expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i - 1].v8[15]]; expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i - 1].v8[12]]; /* modify round constant */ rc = gf2_8_shift(rc); }else { expanded_key->round[i].v8[0] = aes_sbox[expanded_key->round[i - 1].v8[12]]; expanded_key->round[i].v8[1] = aes_sbox[expanded_key->round[i - 1].v8[13]]; expanded_key->round[i].v8[2] = aes_sbox[expanded_key->round[i - 1].v8[14]]; expanded_key->round[i].v8[3] = aes_sbox[expanded_key->round[i - 1].v8[15]]; } expanded_key->round[i].v32[0] ^= expanded_key->round[i - 2].v32[0]; /* set remaining 32 bit words to the exor of the one previous with * the one eight words previous */ expanded_key->round[i].v32[1] = expanded_key->round[i].v32[0] ^ expanded_key->round[i - 2].v32[1]; expanded_key->round[i].v32[2] = expanded_key->round[i].v32[1] ^ expanded_key->round[i - 2].v32[2]; expanded_key->round[i].v32[3] = expanded_key->round[i].v32[2] ^ expanded_key->round[i - 2].v32[3]; #if 0 debug_print2(srtp_mod_aes_icm, "expanded key[%d]: %s", i, v128_hex_string(&expanded_key->round[i])); #endif } } srtp_err_status_t srtp_aes_expand_encryption_key (const uint8_t *key, int key_len, srtp_aes_expanded_key_t *expanded_key) { if (key_len == 16) { aes_128_expand_encryption_key(key, expanded_key); return srtp_err_status_ok; }else if (key_len == 24) { /* AES-192 not yet supported */ return srtp_err_status_bad_param; }else if (key_len == 32) { aes_256_expand_encryption_key(key, expanded_key); return srtp_err_status_ok; }else { return srtp_err_status_bad_param; } } srtp_err_status_t srtp_aes_expand_decryption_key (const uint8_t *key, int key_len, srtp_aes_expanded_key_t *expanded_key) { int i; srtp_err_status_t status; int num_rounds = expanded_key->num_rounds; status = srtp_aes_expand_encryption_key(key, key_len, expanded_key); if (status) { return status; } /* invert the order of the round keys */ for (i = 0; i < num_rounds / 2; i++) { v128_t tmp; v128_copy(&tmp, &expanded_key->round[num_rounds - i]); v128_copy(&expanded_key->round[num_rounds - i], &expanded_key->round[i]); v128_copy(&expanded_key->round[i], &tmp); } /* * apply the inverse mixColumn transform to the round keys (except * for the first and the last) * * mixColumn is implemented by using the tables U0, U1, U2, U3, * followed by the T4 table (which cancels out the use of the sbox * in the U-tables) */ for (i = 1; i < num_rounds; i++) { #ifdef CPU_RISC uint32_t tmp; #ifdef WORDS_BIGENDIAN tmp = expanded_key->round[i].v32[0]; expanded_key->round[i].v32[0] = U0[T4[(tmp >> 24) ] & 0xff] ^ U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ U3[T4[(tmp) & 0xff] & 0xff]; tmp = expanded_key->round[i].v32[1]; expanded_key->round[i].v32[1] = U0[T4[(tmp >> 24) ] & 0xff] ^ U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ U3[T4[(tmp) & 0xff] & 0xff]; tmp = expanded_key->round[i].v32[2]; expanded_key->round[i].v32[2] = U0[T4[(tmp >> 24) ] & 0xff] ^ U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ U3[T4[(tmp) & 0xff] & 0xff]; tmp = expanded_key->round[i].v32[3]; expanded_key->round[i].v32[3] = U0[T4[(tmp >> 24) ] & 0xff] ^ U1[T4[(tmp >> 16) & 0xff] & 0xff] ^ U2[T4[(tmp >> 8) & 0xff] & 0xff] ^ U3[T4[(tmp) & 0xff] & 0xff]; #else tmp = expanded_key->round[i].v32[0]; expanded_key->round[i].v32[0] = U3[T4[(tmp >> 24) ] & 0xff] ^ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ U0[T4[(tmp) & 0xff] & 0xff]; tmp = expanded_key->round[i].v32[1]; expanded_key->round[i].v32[1] = U3[T4[(tmp >> 24) ] & 0xff] ^ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ U0[T4[(tmp) & 0xff] & 0xff]; tmp = expanded_key->round[i].v32[2]; expanded_key->round[i].v32[2] = U3[T4[(tmp >> 24) ] & 0xff] ^ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ U0[T4[(tmp) & 0xff] & 0xff]; tmp = expanded_key->round[i].v32[3]; expanded_key->round[i].v32[3] = U3[T4[(tmp >> 24) ] & 0xff] ^ U2[T4[(tmp >> 16) & 0xff] & 0xff] ^ U1[T4[(tmp >> 8) & 0xff] & 0xff] ^ U0[T4[(tmp) & 0xff] & 0xff]; #endif /* WORDS_BIGENDIAN */ #else /* assume CPU_CISC */ uint32_t c0, c1, c2, c3; c0 = U0[aes_sbox[expanded_key->round[i].v8[0]]] ^ U1[aes_sbox[expanded_key->round[i].v8[1]]] ^ U2[aes_sbox[expanded_key->round[i].v8[2]]] ^ U3[aes_sbox[expanded_key->round[i].v8[3]]]; c1 = U0[aes_sbox[expanded_key->round[i].v8[4]]] ^ U1[aes_sbox[expanded_key->round[i].v8[5]]] ^ U2[aes_sbox[expanded_key->round[i].v8[6]]] ^ U3[aes_sbox[expanded_key->round[i].v8[7]]]; c2 = U0[aes_sbox[expanded_key->round[i].v8[8]]] ^ U1[aes_sbox[expanded_key->round[i].v8[9]]] ^ U2[aes_sbox[expanded_key->round[i].v8[10]]] ^ U3[aes_sbox[expanded_key->round[i].v8[11]]]; c3 = U0[aes_sbox[expanded_key->round[i].v8[12]]] ^ U1[aes_sbox[expanded_key->round[i].v8[13]]] ^ U2[aes_sbox[expanded_key->round[i].v8[14]]] ^ U3[aes_sbox[expanded_key->round[i].v8[15]]]; expanded_key->round[i].v32[0] = c0; expanded_key->round[i].v32[1] = c1; expanded_key->round[i].v32[2] = c2; expanded_key->round[i].v32[3] = c3; #endif } return srtp_err_status_ok; } #ifdef CPU_CISC static inline void aes_round (v128_t *state, const v128_t *round_key) { uint32_t column0, column1, column2, column3; /* compute the columns of the output square in terms of the octets of state, using the tables T0, T1, T2, T3 */ column0 = T0[state->v8[0]] ^ T1[state->v8[5]] ^ T2[state->v8[10]] ^ T3[state->v8[15]]; column1 = T0[state->v8[4]] ^ T1[state->v8[9]] ^ T2[state->v8[14]] ^ T3[state->v8[3]]; column2 = T0[state->v8[8]] ^ T1[state->v8[13]] ^ T2[state->v8[2]] ^ T3[state->v8[7]]; column3 = T0[state->v8[12]] ^ T1[state->v8[1]] ^ T2[state->v8[6]] ^ T3[state->v8[11]]; state->v32[0] = column0 ^ round_key->v32[0]; state->v32[1] = column1 ^ round_key->v32[1]; state->v32[2] = column2 ^ round_key->v32[2]; state->v32[3] = column3 ^ round_key->v32[3]; } static inline void aes_inv_round (v128_t *state, const v128_t *round_key) { uint32_t column0, column1, column2, column3; /* compute the columns of the output square in terms of the octets of state, using the tables U0, U1, U2, U3 */ column0 = U0[state->v8[0]] ^ U1[state->v8[13]] ^ U2[state->v8[10]] ^ U3[state->v8[7]]; column1 = U0[state->v8[4]] ^ U1[state->v8[1]] ^ U2[state->v8[14]] ^ U3[state->v8[11]]; column2 = U0[state->v8[8]] ^ U1[state->v8[5]] ^ U2[state->v8[2]] ^ U3[state->v8[15]]; column3 = U0[state->v8[12]] ^ U1[state->v8[9]] ^ U2[state->v8[6]] ^ U3[state->v8[3]]; state->v32[0] = column0 ^ round_key->v32[0]; state->v32[1] = column1 ^ round_key->v32[1]; state->v32[2] = column2 ^ round_key->v32[2]; state->v32[3] = column3 ^ round_key->v32[3]; } static inline void aes_final_round (v128_t *state, const v128_t *round_key) { uint8_t tmp; /* byte substitutions and row shifts */ /* first row - no shift */ state->v8[0] = aes_sbox[state->v8[0]]; state->v8[4] = aes_sbox[state->v8[4]]; state->v8[8] = aes_sbox[state->v8[8]]; state->v8[12] = aes_sbox[state->v8[12]]; /* second row - shift one left */ tmp = aes_sbox[state->v8[1]]; state->v8[1] = aes_sbox[state->v8[5]]; state->v8[5] = aes_sbox[state->v8[9]]; state->v8[9] = aes_sbox[state->v8[13]]; state->v8[13] = tmp; /* third row - shift two left */ tmp = aes_sbox[state->v8[10]]; state->v8[10] = aes_sbox[state->v8[2]]; state->v8[2] = tmp; tmp = aes_sbox[state->v8[14]]; state->v8[14] = aes_sbox[state->v8[6]]; state->v8[6] = tmp; /* fourth row - shift three left */ tmp = aes_sbox[state->v8[15]]; state->v8[15] = aes_sbox[state->v8[11]]; state->v8[11] = aes_sbox[state->v8[7]]; state->v8[7] = aes_sbox[state->v8[3]]; state->v8[3] = tmp; v128_xor_eq(state, round_key); } static inline void aes_inv_final_round (v128_t *state, const v128_t *round_key) { uint8_t tmp; /* byte substitutions and row shifts */ /* first row - no shift */ state->v8[0] = aes_inv_sbox[state->v8[0]]; state->v8[4] = aes_inv_sbox[state->v8[4]]; state->v8[8] = aes_inv_sbox[state->v8[8]]; state->v8[12] = aes_inv_sbox[state->v8[12]]; /* second row - shift one right */ tmp = aes_inv_sbox[state->v8[13]]; state->v8[13] = aes_inv_sbox[state->v8[9]]; state->v8[9] = aes_inv_sbox[state->v8[5]]; state->v8[5] = aes_inv_sbox[state->v8[1]]; state->v8[1] = tmp; /* third row - shift two right */ tmp = aes_inv_sbox[state->v8[2]]; state->v8[2] = aes_inv_sbox[state->v8[10]]; state->v8[10] = tmp; tmp = aes_inv_sbox[state->v8[6]]; state->v8[6] = aes_inv_sbox[state->v8[14]]; state->v8[14] = tmp; /* fourth row - shift three right */ tmp = aes_inv_sbox[state->v8[3]]; state->v8[3] = aes_inv_sbox[state->v8[7]]; state->v8[7] = aes_inv_sbox[state->v8[11]]; state->v8[11] = aes_inv_sbox[state->v8[15]]; state->v8[15] = tmp; v128_xor_eq(state, round_key); } #elif CPU_RISC static inline void aes_round (v128_t *state, const v128_t *round_key) { uint32_t column0, column1, column2, column3; /* compute the columns of the output square in terms of the octets of state, using the tables T0, T1, T2, T3 */ #ifdef WORDS_BIGENDIAN column0 = T0[state->v32[0] >> 24] ^ T1[(state->v32[1] >> 16) & 0xff] ^ T2[(state->v32[2] >> 8) & 0xff] ^ T3[state->v32[3] & 0xff]; column1 = T0[state->v32[1] >> 24] ^ T1[(state->v32[2] >> 16) & 0xff] ^ T2[(state->v32[3] >> 8) & 0xff] ^ T3[state->v32[0] & 0xff]; column2 = T0[state->v32[2] >> 24] ^ T1[(state->v32[3] >> 16) & 0xff] ^ T2[(state->v32[0] >> 8) & 0xff] ^ T3[state->v32[1] & 0xff]; column3 = T0[state->v32[3] >> 24] ^ T1[(state->v32[0] >> 16) & 0xff] ^ T2[(state->v32[1] >> 8) & 0xff] ^ T3[state->v32[2] & 0xff]; #else column0 = T0[state->v32[0] & 0xff] ^ T1[(state->v32[1] >> 8) & 0xff] ^ T2[(state->v32[2] >> 16) & 0xff] ^ T3[state->v32[3] >> 24]; column1 = T0[state->v32[1] & 0xff] ^ T1[(state->v32[2] >> 8) & 0xff] ^ T2[(state->v32[3] >> 16) & 0xff] ^ T3[state->v32[0] >> 24]; column2 = T0[state->v32[2] & 0xff] ^ T1[(state->v32[3] >> 8) & 0xff] ^ T2[(state->v32[0] >> 16) & 0xff] ^ T3[state->v32[1] >> 24]; column3 = T0[state->v32[3] & 0xff] ^ T1[(state->v32[0] >> 8) & 0xff] ^ T2[(state->v32[1] >> 16) & 0xff] ^ T3[state->v32[2] >> 24]; #endif /* WORDS_BIGENDIAN */ state->v32[0] = column0 ^ round_key->v32[0]; state->v32[1] = column1 ^ round_key->v32[1]; state->v32[2] = column2 ^ round_key->v32[2]; state->v32[3] = column3 ^ round_key->v32[3]; } static inline void aes_inv_round (v128_t *state, const v128_t *round_key) { uint32_t column0, column1, column2, column3; /* compute the columns of the output square in terms of the octets of state, using the tables U0, U1, U2, U3 */ #ifdef WORDS_BIGENDIAN column0 = U0[state->v32[0] >> 24] ^ U1[(state->v32[3] >> 16) & 0xff] ^ U2[(state->v32[2] >> 8) & 0xff] ^ U3[state->v32[1] & 0xff]; column1 = U0[state->v32[1] >> 24] ^ U1[(state->v32[0] >> 16) & 0xff] ^ U2[(state->v32[3] >> 8) & 0xff] ^ U3[state->v32[2] & 0xff]; column2 = U0[state->v32[2] >> 24] ^ U1[(state->v32[1] >> 16) & 0xff] ^ U2[(state->v32[0] >> 8) & 0xff] ^ U3[state->v32[3] & 0xff]; column3 = U0[state->v32[3] >> 24] ^ U1[(state->v32[2] >> 16) & 0xff] ^ U2[(state->v32[1] >> 8) & 0xff] ^ U3[state->v32[0] & 0xff]; #else column0 = U0[state->v32[0] & 0xff] ^ U1[(state->v32[3] >> 8) & 0xff] ^ U2[(state->v32[2] >> 16) & 0xff] ^ U3[(state->v32[1] >> 24) & 0xff]; column1 = U0[state->v32[1] & 0xff] ^ U1[(state->v32[0] >> 8) & 0xff] ^ U2[(state->v32[3] >> 16) & 0xff] ^ U3[(state->v32[2] >> 24) & 0xff]; column2 = U0[state->v32[2] & 0xff] ^ U1[(state->v32[1] >> 8) & 0xff] ^ U2[(state->v32[0] >> 16) & 0xff] ^ U3[(state->v32[3] >> 24) & 0xff]; column3 = U0[state->v32[3] & 0xff] ^ U1[(state->v32[2] >> 8) & 0xff] ^ U2[(state->v32[1] >> 16) & 0xff] ^ U3[(state->v32[0] >> 24) & 0xff]; #endif /* WORDS_BIGENDIAN */ state->v32[0] = column0 ^ round_key->v32[0]; state->v32[1] = column1 ^ round_key->v32[1]; state->v32[2] = column2 ^ round_key->v32[2]; state->v32[3] = column3 ^ round_key->v32[3]; } static inline void aes_final_round (v128_t *state, const v128_t *round_key) { uint32_t tmp0, tmp1, tmp2, tmp3; #ifdef WORDS_BIGENDIAN tmp0 = (T4[(state->v32[0] >> 24)] & 0xff000000) ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff) ^ round_key->v32[0]; tmp1 = (T4[(state->v32[1] >> 24)] & 0xff000000) ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff) ^ round_key->v32[1]; tmp2 = (T4[(state->v32[2] >> 24)] & 0xff000000) ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff) ^ round_key->v32[2]; tmp3 = (T4[(state->v32[3] >> 24)] & 0xff000000) ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff) ^ round_key->v32[3]; #else tmp0 = (T4[(state->v32[3] >> 24)] & 0xff000000) ^ (T4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) ^ (T4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) ^ (T4[(state->v32[0] ) & 0xff] & 0x000000ff) ^ round_key->v32[0]; tmp1 = (T4[(state->v32[0] >> 24)] & 0xff000000) ^ (T4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) ^ (T4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) ^ (T4[(state->v32[1] ) & 0xff] & 0x000000ff) ^ round_key->v32[1]; tmp2 = (T4[(state->v32[1] >> 24)] & 0xff000000) ^ (T4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) ^ (T4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) ^ (T4[(state->v32[2] ) & 0xff] & 0x000000ff) ^ round_key->v32[2]; tmp3 = (T4[(state->v32[2] >> 24)] & 0xff000000) ^ (T4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) ^ (T4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) ^ (T4[(state->v32[3] ) & 0xff] & 0x000000ff) ^ round_key->v32[3]; #endif /* WORDS_BIGENDIAN */ state->v32[0] = tmp0; state->v32[1] = tmp1; state->v32[2] = tmp2; state->v32[3] = tmp3; } static inline void aes_inv_final_round (v128_t *state, const v128_t *round_key) { uint32_t tmp0, tmp1, tmp2, tmp3; #ifdef WORDS_BIGENDIAN tmp0 = (U4[(state->v32[0] >> 24)] & 0xff000000) ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff) ^ round_key->v32[0]; tmp1 = (U4[(state->v32[1] >> 24)] & 0xff000000) ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff) ^ round_key->v32[1]; tmp2 = (U4[(state->v32[2] >> 24)] & 0xff000000) ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff) ^ round_key->v32[2]; tmp3 = (U4[(state->v32[3] >> 24)] & 0xff000000) ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff) ^ round_key->v32[3]; #else tmp0 = (U4[(state->v32[1] >> 24)] & 0xff000000) ^ (U4[(state->v32[2] >> 16) & 0xff] & 0x00ff0000) ^ (U4[(state->v32[3] >> 8) & 0xff] & 0x0000ff00) ^ (U4[(state->v32[0] ) & 0xff] & 0x000000ff) ^ round_key->v32[0]; tmp1 = (U4[(state->v32[2] >> 24)] & 0xff000000) ^ (U4[(state->v32[3] >> 16) & 0xff] & 0x00ff0000) ^ (U4[(state->v32[0] >> 8) & 0xff] & 0x0000ff00) ^ (U4[(state->v32[1] ) & 0xff] & 0x000000ff) ^ round_key->v32[1]; tmp2 = (U4[(state->v32[3] >> 24)] & 0xff000000) ^ (U4[(state->v32[0] >> 16) & 0xff] & 0x00ff0000) ^ (U4[(state->v32[1] >> 8) & 0xff] & 0x0000ff00) ^ (U4[(state->v32[2] ) & 0xff] & 0x000000ff) ^ round_key->v32[2]; tmp3 = (U4[(state->v32[0] >> 24)] & 0xff000000) ^ (U4[(state->v32[1] >> 16) & 0xff] & 0x00ff0000) ^ (U4[(state->v32[2] >> 8) & 0xff] & 0x0000ff00) ^ (U4[(state->v32[3] ) & 0xff] & 0x000000ff) ^ round_key->v32[3]; #endif /* WORDS_BIGENDIAN */ state->v32[0] = tmp0; state->v32[1] = tmp1; state->v32[2] = tmp2; state->v32[3] = tmp3; } #elif CPU_16 /* assume 16-bit word size on processor */ static inline void aes_round (v128_t *state, const v128_t *round_key) { uint32_t column0, column1, column2, column3; uint16_t c /* compute the columns of the output square in terms of the octets of state, using the tables T0, T1, T2, T3 */ column0 = T0[state->v8[0]] ^ T1[state->v8[5]] ^ T2[state->v8[10]] ^ T3[state->v8[15]]; column1 = T0[state->v8[4]] ^ T1[state->v8[9]] ^ T2[state->v8[14]] ^ T3[state->v8[3]]; column2 = T0[state->v8[8]] ^ T1[state->v8[13]] ^ T2[state->v8[2]] ^ T3[state->v8[7]]; column3 = T0[state->v8[12]] ^ T1[state->v8[1]] ^ T2[state->v8[6]] ^ T3[state->v8[11]]; state->v32[0] = column0 ^ round_key->v32[0]; state->v32[1] = column1 ^ round_key->v32[1]; state->v32[2] = column2 ^ round_key->v32[2]; state->v32[3] = column3 ^ round_key->v32[3]; } static inline void aes_inv_round (v128_t *state, const v128_t *round_key) { uint32_t column0, column1, column2, column3; /* compute the columns of the output square in terms of the octets of state, using the tables U0, U1, U2, U3 */ column0 = U0[state->v8[0]] ^ U1[state->v8[5]] ^ U2[state->v8[10]] ^ U3[state->v8[15]]; column1 = U0[state->v8[4]] ^ U1[state->v8[9]] ^ U2[state->v8[14]] ^ U3[state->v8[3]]; column2 = U0[state->v8[8]] ^ U1[state->v8[13]] ^ U2[state->v8[2]] ^ U3[state->v8[7]]; column3 = U0[state->v8[12]] ^ U1[state->v8[1]] ^ U2[state->v8[6]] ^ U3[state->v8[11]]; state->v32[0] = column0 ^ round_key->v32[0]; state->v32[1] = column1 ^ round_key->v32[1]; state->v32[2] = column2 ^ round_key->v32[2]; state->v32[3] = column3 ^ round_key->v32[3]; } static inline void aes_final_round (v128_t *state, const v128_t *round_key) { uint8_t tmp; /* byte substitutions and row shifts */ /* first row - no shift */ state->v8[0] = aes_sbox[state->v8[0]]; state->v8[4] = aes_sbox[state->v8[4]]; state->v8[8] = aes_sbox[state->v8[8]]; state->v8[12] = aes_sbox[state->v8[12]]; /* second row - shift one left */ tmp = aes_sbox[state->v8[1]]; state->v8[1] = aes_sbox[state->v8[5]]; state->v8[5] = aes_sbox[state->v8[9]]; state->v8[9] = aes_sbox[state->v8[13]]; state->v8[13] = tmp; /* third row - shift two left */ tmp = aes_sbox[state->v8[10]]; state->v8[10] = aes_sbox[state->v8[2]]; state->v8[2] = tmp; tmp = aes_sbox[state->v8[14]]; state->v8[14] = aes_sbox[state->v8[6]]; state->v8[6] = tmp; /* fourth row - shift three left */ tmp = aes_sbox[state->v8[15]]; state->v8[15] = aes_sbox[state->v8[11]]; state->v8[11] = aes_sbox[state->v8[7]]; state->v8[7] = aes_sbox[state->v8[3]]; state->v8[3] = tmp; v128_xor_eq(state, round_key); } static inline void aes_inv_final_round (v128_t *state, const v128_t *round_key) { uint8_t tmp; /* byte substitutions and row shifts */ /* first row - no shift */ state->v8[0] = aes_inv_sbox[state->v8[0]]; state->v8[4] = aes_inv_sbox[state->v8[4]]; state->v8[8] = aes_inv_sbox[state->v8[8]]; state->v8[12] = aes_inv_sbox[state->v8[12]]; /* second row - shift one left */ tmp = aes_inv_sbox[state->v8[1]]; state->v8[1] = aes_inv_sbox[state->v8[5]]; state->v8[5] = aes_inv_sbox[state->v8[9]]; state->v8[9] = aes_inv_sbox[state->v8[13]]; state->v8[13] = tmp; /* third row - shift two left */ tmp = aes_inv_sbox[state->v8[10]]; state->v8[10] = aes_inv_sbox[state->v8[2]]; state->v8[2] = tmp; tmp = aes_inv_sbox[state->v8[14]]; state->v8[14] = aes_inv_sbox[state->v8[6]]; state->v8[6] = tmp; /* fourth row - shift three left */ tmp = aes_inv_sbox[state->v8[15]]; state->v8[15] = aes_inv_sbox[state->v8[11]]; state->v8[11] = aes_inv_sbox[state->v8[7]]; state->v8[7] = aes_inv_sbox[state->v8[3]]; state->v8[3] = tmp; v128_xor_eq(state, round_key); } #endif /* CPU type */ void srtp_aes_encrypt (v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key) { /* add in the subkey */ v128_xor_eq(plaintext, &exp_key->round[0]); /* now do the rounds */ aes_round(plaintext, &exp_key->round[1]); aes_round(plaintext, &exp_key->round[2]); aes_round(plaintext, &exp_key->round[3]); aes_round(plaintext, &exp_key->round[4]); aes_round(plaintext, &exp_key->round[5]); aes_round(plaintext, &exp_key->round[6]); aes_round(plaintext, &exp_key->round[7]); aes_round(plaintext, &exp_key->round[8]); aes_round(plaintext, &exp_key->round[9]); if (exp_key->num_rounds == 10) { aes_final_round(plaintext, &exp_key->round[10]); }else if (exp_key->num_rounds == 12) { aes_round(plaintext, &exp_key->round[10]); aes_round(plaintext, &exp_key->round[11]); aes_final_round(plaintext, &exp_key->round[12]); }else if (exp_key->num_rounds == 14) { aes_round(plaintext, &exp_key->round[10]); aes_round(plaintext, &exp_key->round[11]); aes_round(plaintext, &exp_key->round[12]); aes_round(plaintext, &exp_key->round[13]); aes_final_round(plaintext, &exp_key->round[14]); } } void srtp_aes_decrypt (v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key) { /* add in the subkey */ v128_xor_eq(plaintext, &exp_key->round[0]); /* now do the rounds */ aes_inv_round(plaintext, &exp_key->round[1]); aes_inv_round(plaintext, &exp_key->round[2]); aes_inv_round(plaintext, &exp_key->round[3]); aes_inv_round(plaintext, &exp_key->round[4]); aes_inv_round(plaintext, &exp_key->round[5]); aes_inv_round(plaintext, &exp_key->round[6]); aes_inv_round(plaintext, &exp_key->round[7]); aes_inv_round(plaintext, &exp_key->round[8]); aes_inv_round(plaintext, &exp_key->round[9]); if (exp_key->num_rounds == 10) { aes_inv_final_round(plaintext, &exp_key->round[10]); }else if (exp_key->num_rounds == 12) { aes_inv_round(plaintext, &exp_key->round[10]); aes_inv_round(plaintext, &exp_key->round[11]); aes_inv_final_round(plaintext, &exp_key->round[12]); }else if (exp_key->num_rounds == 14) { aes_inv_round(plaintext, &exp_key->round[10]); aes_inv_round(plaintext, &exp_key->round[11]); aes_inv_round(plaintext, &exp_key->round[12]); aes_inv_round(plaintext, &exp_key->round[13]); aes_inv_final_round(plaintext, &exp_key->round[14]); } } libsrtp-2.1.0/crypto/cipher/aes_gcm_ossl.c000066400000000000000000000445321312031100000205520ustar00rootroot00000000000000/* * aes_gcm_ossl.c * * AES Galois Counter Mode * * John A. Foley * Cisco Systems, Inc. * */ /* * * Copyright (c) 2013-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include #include "aes_icm_ossl.h" #include "aes_gcm_ossl.h" #include "alloc.h" #include "err.h" /* for srtp_debug */ #include "crypto_types.h" srtp_debug_module_t srtp_mod_aes_gcm = { 0, /* debugging is off by default */ "aes gcm" /* printable module name */ }; /* * The following are the global singleton instances for the * 128-bit and 256-bit GCM ciphers. */ extern const srtp_cipher_type_t srtp_aes_gcm_128_openssl; extern const srtp_cipher_type_t srtp_aes_gcm_256_openssl; /* * For now we only support 8 and 16 octet tags. The spec allows for * optional 12 byte tag, which may be supported in the future. */ #define GCM_AUTH_TAG_LEN 16 #define GCM_AUTH_TAG_LEN_8 8 /* * This function allocates a new instance of this crypto engine. * The key_len parameter should be one of 28 or 44 for * AES-128-GCM or AES-256-GCM respectively. Note that the * key length includes the 14 byte salt value that is used when * initializing the KDF. */ static srtp_err_status_t srtp_aes_gcm_openssl_alloc (srtp_cipher_t **c, int key_len, int tlen) { srtp_aes_gcm_ctx_t *gcm; debug_print(srtp_mod_aes_gcm, "allocating cipher with key length %d", key_len); debug_print(srtp_mod_aes_gcm, "allocating cipher with tag length %d", tlen); /* * Verify the key_len is valid for one of: AES-128/256 */ if (key_len != SRTP_AES_GCM_128_KEY_LEN_WSALT && key_len != SRTP_AES_GCM_256_KEY_LEN_WSALT) { return (srtp_err_status_bad_param); } if (tlen != GCM_AUTH_TAG_LEN && tlen != GCM_AUTH_TAG_LEN_8) { return (srtp_err_status_bad_param); } /* allocate memory a cipher of type aes_gcm */ *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); if (*c == NULL) { return (srtp_err_status_alloc_fail); } memset(*c, 0x0, sizeof(srtp_cipher_t)); gcm = (srtp_aes_gcm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_gcm_ctx_t)); if (gcm == NULL) { srtp_crypto_free(*c); *c = NULL; return (srtp_err_status_alloc_fail); } memset(gcm, 0x0, sizeof(srtp_aes_gcm_ctx_t)); gcm->ctx = EVP_CIPHER_CTX_new(); if (gcm->ctx == NULL) { srtp_crypto_free(gcm); srtp_crypto_free(*c); *c = NULL; return srtp_err_status_alloc_fail; } /* set pointers */ (*c)->state = gcm; /* setup cipher attributes */ switch (key_len) { case SRTP_AES_GCM_128_KEY_LEN_WSALT: (*c)->type = &srtp_aes_gcm_128_openssl; (*c)->algorithm = SRTP_AES_GCM_128; gcm->key_size = SRTP_AES_128_KEY_LEN; gcm->tag_len = tlen; break; case SRTP_AES_GCM_256_KEY_LEN_WSALT: (*c)->type = &srtp_aes_gcm_256_openssl; (*c)->algorithm = SRTP_AES_GCM_256; gcm->key_size = SRTP_AES_256_KEY_LEN; gcm->tag_len = tlen; break; } /* set key size */ (*c)->key_len = key_len; return (srtp_err_status_ok); } /* * This function deallocates a GCM session */ static srtp_err_status_t srtp_aes_gcm_openssl_dealloc (srtp_cipher_t *c) { srtp_aes_gcm_ctx_t *ctx; ctx = (srtp_aes_gcm_ctx_t*)c->state; if (ctx) { EVP_CIPHER_CTX_free(ctx->ctx); /* zeroize the key material */ octet_string_set_to_zero(ctx, sizeof(srtp_aes_gcm_ctx_t)); srtp_crypto_free(ctx); } /* free memory */ srtp_crypto_free(c); return (srtp_err_status_ok); } /* * aes_gcm_openssl_context_init(...) initializes the aes_gcm_context * using the value in key[]. * * the key is the secret key */ static srtp_err_status_t srtp_aes_gcm_openssl_context_init (void* cv, const uint8_t *key) { srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; const EVP_CIPHER *evp; c->dir = srtp_direction_any; debug_print(srtp_mod_aes_gcm, "key: %s", srtp_octet_string_hex_string(key, c->key_size)); switch (c->key_size) { case SRTP_AES_256_KEY_LEN: evp = EVP_aes_256_gcm(); break; case SRTP_AES_128_KEY_LEN: evp = EVP_aes_128_gcm(); break; default: return (srtp_err_status_bad_param); break; } if (!EVP_CipherInit_ex(c->ctx, evp, NULL, key, NULL, 0)) { return (srtp_err_status_init_fail); } return (srtp_err_status_ok); } /* * aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with * the offset */ static srtp_err_status_t srtp_aes_gcm_openssl_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t direction) { srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; if (direction != srtp_direction_encrypt && direction != srtp_direction_decrypt) { return (srtp_err_status_bad_param); } c->dir = direction; debug_print(srtp_mod_aes_gcm, "setting iv: %s", v128_hex_string((v128_t*)iv)); if (!EVP_CipherInit_ex(c->ctx, NULL, NULL, NULL, NULL, (c->dir == srtp_direction_encrypt ? 1 : 0))) { return (srtp_err_status_init_fail); } /* set IV len and the IV value, the followiong 3 calls are required */ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { return (srtp_err_status_init_fail); } if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, (void*)iv)) { return (srtp_err_status_init_fail); } if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, (void*)iv)) { return (srtp_err_status_init_fail); } return (srtp_err_status_ok); } /* * This function processes the AAD * * Parameters: * c Crypto context * aad Additional data to process for AEAD cipher suites * aad_len length of aad buffer */ static srtp_err_status_t srtp_aes_gcm_openssl_set_aad (void *cv, const uint8_t *aad, uint32_t aad_len) { srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; int rv; /* * Set dummy tag, OpenSSL requires the Tag to be set before * processing AAD */ /* * OpenSSL never write to address pointed by the last parameter of * EVP_CIPHER_CTX_ctrl while EVP_CTRL_GCM_SET_TAG (in reality, * OpenSSL copy its content to the context), so we can make * aad read-only in this function and all its wrappers. */ unsigned char dummy_tag[GCM_AUTH_TAG_LEN]; memset(dummy_tag, 0x0, GCM_AUTH_TAG_LEN); EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, &dummy_tag); rv = EVP_Cipher(c->ctx, NULL, aad, aad_len); if (rv != aad_len) { return (srtp_err_status_algo_fail); } else { return (srtp_err_status_ok); } } /* * This function encrypts a buffer using AES GCM mode * * Parameters: * c Crypto context * buf data to encrypt * enc_len length of encrypt buffer */ static srtp_err_status_t srtp_aes_gcm_openssl_encrypt (void *cv, unsigned char *buf, unsigned int *enc_len) { srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) { return (srtp_err_status_bad_param); } /* * Encrypt the data */ EVP_Cipher(c->ctx, buf, buf, *enc_len); return (srtp_err_status_ok); } /* * This function calculates and returns the GCM tag for a given context. * This should be called after encrypting the data. The *len value * is increased by the tag size. The caller must ensure that *buf has * enough room to accept the appended tag. * * Parameters: * c Crypto context * buf data to encrypt * len length of encrypt buffer */ static srtp_err_status_t srtp_aes_gcm_openssl_get_tag (void *cv, uint8_t *buf, uint32_t *len) { srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; /* * Calculate the tag */ EVP_Cipher(c->ctx, NULL, NULL, 0); /* * Retreive the tag */ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf); /* * Increase encryption length by desired tag size */ *len = c->tag_len; return (srtp_err_status_ok); } /* * This function decrypts a buffer using AES GCM mode * * Parameters: * c Crypto context * buf data to encrypt * enc_len length of encrypt buffer */ static srtp_err_status_t srtp_aes_gcm_openssl_decrypt (void *cv, unsigned char *buf, unsigned int *enc_len) { srtp_aes_gcm_ctx_t *c = (srtp_aes_gcm_ctx_t *)cv; if (c->dir != srtp_direction_encrypt && c->dir != srtp_direction_decrypt) { return (srtp_err_status_bad_param); } /* * Set the tag before decrypting */ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, buf + (*enc_len - c->tag_len)); EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len); /* * Check the tag */ if (EVP_Cipher(c->ctx, NULL, NULL, 0)) { return (srtp_err_status_auth_fail); } /* * Reduce the buffer size by the tag length since the tag * is not part of the original payload */ *enc_len -= c->tag_len; return (srtp_err_status_ok); } /* * Name of this crypto engine */ static const char srtp_aes_gcm_128_openssl_description[] = "AES-128 GCM using openssl"; static const char srtp_aes_gcm_256_openssl_description[] = "AES-256 GCM using openssl"; /* * KAT values for AES self-test. These * values we're derived from independent test code * using OpenSSL. */ static const uint8_t srtp_aes_gcm_test_case_0_key[SRTP_AES_GCM_128_KEY_LEN_WSALT] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, }; static uint8_t srtp_aes_gcm_test_case_0_iv[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 }; static const uint8_t srtp_aes_gcm_test_case_0_plaintext[60] = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39 }; static const uint8_t srtp_aes_gcm_test_case_0_aad[20] = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 }; static const uint8_t srtp_aes_gcm_test_case_0_ciphertext[76] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 0x3d, 0x58, 0xe0, 0x91, /* the last 16 bytes are the tag */ 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47, }; static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0a = { SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */ srtp_aes_gcm_test_case_0_key, /* key */ srtp_aes_gcm_test_case_0_iv, /* packet index */ 60, /* octets in plaintext */ srtp_aes_gcm_test_case_0_plaintext, /* plaintext */ 68, /* octets in ciphertext */ srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ 20, /* octets in AAD */ srtp_aes_gcm_test_case_0_aad, /* AAD */ GCM_AUTH_TAG_LEN_8, NULL /* pointer to next testcase */ }; static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_0 = { SRTP_AES_GCM_128_KEY_LEN_WSALT, /* octets in key */ srtp_aes_gcm_test_case_0_key, /* key */ srtp_aes_gcm_test_case_0_iv, /* packet index */ 60, /* octets in plaintext */ srtp_aes_gcm_test_case_0_plaintext, /* plaintext */ 76, /* octets in ciphertext */ srtp_aes_gcm_test_case_0_ciphertext, /* ciphertext + tag */ 20, /* octets in AAD */ srtp_aes_gcm_test_case_0_aad, /* AAD */ GCM_AUTH_TAG_LEN, &srtp_aes_gcm_test_case_0a /* pointer to next testcase */ }; static const uint8_t srtp_aes_gcm_test_case_1_key[SRTP_AES_GCM_256_KEY_LEN_WSALT] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c, 0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2, 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, }; static uint8_t srtp_aes_gcm_test_case_1_iv[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 }; static const uint8_t srtp_aes_gcm_test_case_1_plaintext[60] = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39 }; static const uint8_t srtp_aes_gcm_test_case_1_aad[20] = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 }; static const uint8_t srtp_aes_gcm_test_case_1_ciphertext[76] = { 0x0b, 0x11, 0xcf, 0xaf, 0x68, 0x4d, 0xae, 0x46, 0xc7, 0x90, 0xb8, 0x8e, 0xb7, 0x6a, 0x76, 0x2a, 0x94, 0x82, 0xca, 0xab, 0x3e, 0x39, 0xd7, 0x86, 0x1b, 0xc7, 0x93, 0xed, 0x75, 0x7f, 0x23, 0x5a, 0xda, 0xfd, 0xd3, 0xe2, 0x0e, 0x80, 0x87, 0xa9, 0x6d, 0xd7, 0xe2, 0x6a, 0x7d, 0x5f, 0xb4, 0x80, 0xef, 0xef, 0xc5, 0x29, 0x12, 0xd1, 0xaa, 0x10, 0x09, 0xc9, 0x86, 0xc1, /* the last 16 bytes are the tag */ 0x45, 0xbc, 0x03, 0xe6, 0xe1, 0xac, 0x0a, 0x9f, 0x81, 0xcb, 0x8e, 0x5b, 0x46, 0x65, 0x63, 0x1d, }; static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1a = { SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */ srtp_aes_gcm_test_case_1_key, /* key */ srtp_aes_gcm_test_case_1_iv, /* packet index */ 60, /* octets in plaintext */ srtp_aes_gcm_test_case_1_plaintext, /* plaintext */ 68, /* octets in ciphertext */ srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ 20, /* octets in AAD */ srtp_aes_gcm_test_case_1_aad, /* AAD */ GCM_AUTH_TAG_LEN_8, NULL /* pointer to next testcase */ }; static const srtp_cipher_test_case_t srtp_aes_gcm_test_case_1 = { SRTP_AES_GCM_256_KEY_LEN_WSALT, /* octets in key */ srtp_aes_gcm_test_case_1_key, /* key */ srtp_aes_gcm_test_case_1_iv, /* packet index */ 60, /* octets in plaintext */ srtp_aes_gcm_test_case_1_plaintext, /* plaintext */ 76, /* octets in ciphertext */ srtp_aes_gcm_test_case_1_ciphertext, /* ciphertext + tag */ 20, /* octets in AAD */ srtp_aes_gcm_test_case_1_aad, /* AAD */ GCM_AUTH_TAG_LEN, &srtp_aes_gcm_test_case_1a /* pointer to next testcase */ }; /* * This is the vector function table for this crypto engine. */ const srtp_cipher_type_t srtp_aes_gcm_128_openssl = { srtp_aes_gcm_openssl_alloc, srtp_aes_gcm_openssl_dealloc, srtp_aes_gcm_openssl_context_init, srtp_aes_gcm_openssl_set_aad, srtp_aes_gcm_openssl_encrypt, srtp_aes_gcm_openssl_decrypt, srtp_aes_gcm_openssl_set_iv, srtp_aes_gcm_openssl_get_tag, srtp_aes_gcm_128_openssl_description, &srtp_aes_gcm_test_case_0, SRTP_AES_GCM_128 }; /* * This is the vector function table for this crypto engine. */ const srtp_cipher_type_t srtp_aes_gcm_256_openssl = { srtp_aes_gcm_openssl_alloc, srtp_aes_gcm_openssl_dealloc, srtp_aes_gcm_openssl_context_init, srtp_aes_gcm_openssl_set_aad, srtp_aes_gcm_openssl_encrypt, srtp_aes_gcm_openssl_decrypt, srtp_aes_gcm_openssl_set_iv, srtp_aes_gcm_openssl_get_tag, srtp_aes_gcm_256_openssl_description, &srtp_aes_gcm_test_case_1, SRTP_AES_GCM_256 }; libsrtp-2.1.0/crypto/cipher/aes_icm.c000066400000000000000000000412441312031100000175110ustar00rootroot00000000000000/* * aes_icm.c * * AES Integer Counter Mode * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #define ALIGN_32 0 #include "aes_icm.h" #include "alloc.h" srtp_debug_module_t srtp_mod_aes_icm = { 0, /* debugging is off by default */ "aes icm" /* printable module name */ }; extern const srtp_cipher_type_t srtp_aes_icm_128; extern const srtp_cipher_type_t srtp_aes_icm_256; /* * integer counter mode works as follows: * * 16 bits * <-----> * +------+------+------+------+------+------+------+------+ * | nonce | pakcet index | ctr |---+ * +------+------+------+------+------+------+------+------+ | * | * +------+------+------+------+------+------+------+------+ v * | salt |000000|->(+) * +------+------+------+------+------+------+------+------+ | * | * +---------+ * | encrypt | * +---------+ * | * +------+------+------+------+------+------+------+------+ | * | keystream block |<--+ * +------+------+------+------+------+------+------+------+ * * All fields are big-endian * * ctr is the block counter, which increments from zero for * each packet (16 bits wide) * * packet index is distinct for each packet (48 bits wide) * * nonce can be distinct across many uses of the same key, or * can be a fixed value per key, or can be per-packet randomness * (64 bits) * */ static srtp_err_status_t srtp_aes_icm_alloc (srtp_cipher_t **c, int key_len, int tlen) { srtp_aes_icm_ctx_t *icm; debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d", key_len); /* * The check for key_len = 30/46 does not apply. Our usage * of aes functions with key_len = values other than 30 * has not broken anything. Don't know what would be the * effect of skipping this check for srtp in general. */ if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT && key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) { return srtp_err_status_bad_param; } /* allocate memory a cipher of type aes_icm */ *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); if (*c == NULL) { return srtp_err_status_alloc_fail; } memset(*c, 0x0, sizeof(srtp_cipher_t)); icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t)); if (icm == NULL) { srtp_crypto_free(*c); return srtp_err_status_alloc_fail; } memset(icm, 0x0, sizeof(srtp_aes_icm_ctx_t)); /* set pointers */ (*c)->state = icm; switch (key_len) { case SRTP_AES_ICM_256_KEY_LEN_WSALT: (*c)->algorithm = SRTP_AES_ICM_256; (*c)->type = &srtp_aes_icm_256; break; default: (*c)->algorithm = SRTP_AES_ICM_128; (*c)->type = &srtp_aes_icm_128; break; } /* set key size */ icm->key_size = key_len; (*c)->key_len = key_len; return srtp_err_status_ok; } static srtp_err_status_t srtp_aes_icm_dealloc (srtp_cipher_t *c) { srtp_aes_icm_ctx_t *ctx; if (c == NULL) { return srtp_err_status_bad_param; } ctx = (srtp_aes_icm_ctx_t *)c->state; if (ctx) { /* zeroize the key material */ octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t)); srtp_crypto_free(ctx); } /* free the cipher context */ srtp_crypto_free(c); return srtp_err_status_ok; } /* * aes_icm_context_init(...) initializes the aes_icm_context * using the value in key[]. * * the key is the secret key * * the salt is unpredictable (but not necessarily secret) data which * randomizes the starting point in the keystream */ static srtp_err_status_t srtp_aes_icm_context_init (void *cv, const uint8_t *key) { srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; srtp_err_status_t status; int base_key_len, copy_len; if (c->key_size == SRTP_AES_ICM_128_KEY_LEN_WSALT || c->key_size == SRTP_AES_ICM_256_KEY_LEN_WSALT) { base_key_len = c->key_size - SRTP_SALT_LEN; } else{ return srtp_err_status_bad_param; } /* * set counter and initial values to 'offset' value, being careful not to * go past the end of the key buffer */ v128_set_to_zero(&c->counter); v128_set_to_zero(&c->offset); copy_len = c->key_size - base_key_len; /* force last two octets of the offset to be left zero (for srtp compatibility) */ if (copy_len > SRTP_SALT_LEN) { copy_len = SRTP_SALT_LEN; } memcpy(&c->counter, key + base_key_len, copy_len); memcpy(&c->offset, key + base_key_len, copy_len); debug_print(srtp_mod_aes_icm, "key: %s", srtp_octet_string_hex_string(key, base_key_len)); debug_print(srtp_mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); /* expand key */ status = srtp_aes_expand_encryption_key(key, base_key_len, &c->expanded_key); if (status) { v128_set_to_zero(&c->counter); v128_set_to_zero(&c->offset); return status; } /* indicate that the keystream_buffer is empty */ c->bytes_in_buffer = 0; return srtp_err_status_ok; } /* * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with * the offset */ static srtp_err_status_t srtp_aes_icm_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t direction) { srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; v128_t nonce; /* set nonce (for alignment) */ v128_copy_octet_string(&nonce, iv); debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce)); v128_xor(&c->counter, &c->offset, &nonce); debug_print(srtp_mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter)); /* indicate that the keystream_buffer is empty */ c->bytes_in_buffer = 0; return srtp_err_status_ok; } /* * aes_icm_advance(...) refills the keystream_buffer and * advances the block index of the sicm_context forward by one * * this is an internal, hopefully inlined function */ static void srtp_aes_icm_advance (srtp_aes_icm_ctx_t *c) { /* fill buffer with new keystream */ v128_copy(&c->keystream_buffer, &c->counter); srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key); c->bytes_in_buffer = sizeof(v128_t); debug_print(srtp_mod_aes_icm, "counter: %s", v128_hex_string(&c->counter)); debug_print(srtp_mod_aes_icm, "ciphertext: %s", v128_hex_string(&c->keystream_buffer)); /* clock counter forward */ if (!++(c->counter.v8[15])) { ++(c->counter.v8[14]); } } /*e * icm_encrypt deals with the following cases: * * bytes_to_encr < bytes_in_buffer * - add keystream into data * * bytes_to_encr > bytes_in_buffer * - add keystream into data until keystream_buffer is depleted * - loop over blocks, filling keystream_buffer and then * adding keystream into data * - fill buffer then add in remaining (< 16) bytes of keystream */ static srtp_err_status_t srtp_aes_icm_encrypt (void *cv, unsigned char *buf, unsigned int *enc_len) { srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t*)cv; unsigned int bytes_to_encr = *enc_len; unsigned int i; uint32_t *b; /* check that there's enough segment left*/ if ((bytes_to_encr + htons(c->counter.v16[7])) > 0xffff) { return srtp_err_status_terminus; } debug_print(srtp_mod_aes_icm, "block index: %d", htons(c->counter.v16[7])); if (bytes_to_encr <= (unsigned int)c->bytes_in_buffer) { /* deal with odd case of small bytes_to_encr */ for (i = (sizeof(v128_t) - c->bytes_in_buffer); i < (sizeof(v128_t) - c->bytes_in_buffer + bytes_to_encr); i++) { *buf++ ^= c->keystream_buffer.v8[i]; } c->bytes_in_buffer -= bytes_to_encr; /* return now to avoid the main loop */ return srtp_err_status_ok; } else { /* encrypt bytes until the remaining data is 16-byte aligned */ for (i = (sizeof(v128_t) - c->bytes_in_buffer); i < sizeof(v128_t); i++) { *buf++ ^= c->keystream_buffer.v8[i]; } bytes_to_encr -= c->bytes_in_buffer; c->bytes_in_buffer = 0; } /* now loop over entire 16-byte blocks of keystream */ for (i = 0; i < (bytes_to_encr / sizeof(v128_t)); i++) { /* fill buffer with new keystream */ srtp_aes_icm_advance(c); /* * add keystream into the data buffer (this would be a lot faster * if we could assume 32-bit alignment!) */ #if ALIGN_32 b = (uint32_t*)buf; *b++ ^= c->keystream_buffer.v32[0]; *b++ ^= c->keystream_buffer.v32[1]; *b++ ^= c->keystream_buffer.v32[2]; *b++ ^= c->keystream_buffer.v32[3]; buf = (uint8_t*)b; #else if ((((unsigned long)buf) & 0x03) != 0) { *buf++ ^= c->keystream_buffer.v8[0]; *buf++ ^= c->keystream_buffer.v8[1]; *buf++ ^= c->keystream_buffer.v8[2]; *buf++ ^= c->keystream_buffer.v8[3]; *buf++ ^= c->keystream_buffer.v8[4]; *buf++ ^= c->keystream_buffer.v8[5]; *buf++ ^= c->keystream_buffer.v8[6]; *buf++ ^= c->keystream_buffer.v8[7]; *buf++ ^= c->keystream_buffer.v8[8]; *buf++ ^= c->keystream_buffer.v8[9]; *buf++ ^= c->keystream_buffer.v8[10]; *buf++ ^= c->keystream_buffer.v8[11]; *buf++ ^= c->keystream_buffer.v8[12]; *buf++ ^= c->keystream_buffer.v8[13]; *buf++ ^= c->keystream_buffer.v8[14]; *buf++ ^= c->keystream_buffer.v8[15]; } else { b = (uint32_t*)buf; *b++ ^= c->keystream_buffer.v32[0]; *b++ ^= c->keystream_buffer.v32[1]; *b++ ^= c->keystream_buffer.v32[2]; *b++ ^= c->keystream_buffer.v32[3]; buf = (uint8_t*)b; } #endif /* #if ALIGN_32 */ } /* if there is a tail end of the data, process it */ if ((bytes_to_encr & 0xf) != 0) { /* fill buffer with new keystream */ srtp_aes_icm_advance(c); for (i = 0; i < (bytes_to_encr & 0xf); i++) { *buf++ ^= c->keystream_buffer.v8[i]; } /* reset the keystream buffer size to right value */ c->bytes_in_buffer = sizeof(v128_t) - i; } else { /* no tail, so just reset the keystream buffer size to zero */ c->bytes_in_buffer = 0; } return srtp_err_status_ok; } static const char srtp_aes_icm_128_description[] = "AES-128 integer counter mode"; static const char srtp_aes_icm_256_description[] = "AES-256 integer counter mode"; static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd }; static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = { 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab }; static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = { SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */ srtp_aes_icm_128_test_case_0_key, /* key */ srtp_aes_icm_128_test_case_0_nonce, /* packet index */ 32, /* octets in plaintext */ srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */ 32, /* octets in ciphertext */ srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */ 0, NULL, 0, NULL /* pointer to next testcase */ }; static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = { 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82, 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd }; static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = { 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac }; static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = { SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */ srtp_aes_icm_256_test_case_0_key, /* key */ srtp_aes_icm_256_test_case_0_nonce, /* packet index */ 32, /* octets in plaintext */ srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */ 32, /* octets in ciphertext */ srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */ 0, NULL, 0, NULL, /* pointer to next testcase */ }; /* * note: the encrypt function is identical to the decrypt function */ const srtp_cipher_type_t srtp_aes_icm_128 = { srtp_aes_icm_alloc, srtp_aes_icm_dealloc, srtp_aes_icm_context_init, 0, /* set_aad */ srtp_aes_icm_encrypt, srtp_aes_icm_encrypt, srtp_aes_icm_set_iv, 0, /* get_tag */ srtp_aes_icm_128_description, &srtp_aes_icm_128_test_case_0, SRTP_AES_ICM_128 }; const srtp_cipher_type_t srtp_aes_icm_256 = { srtp_aes_icm_alloc, srtp_aes_icm_dealloc, srtp_aes_icm_context_init, 0, /* set_aad */ srtp_aes_icm_encrypt, srtp_aes_icm_encrypt, srtp_aes_icm_set_iv, 0, /* get_tag */ srtp_aes_icm_256_description, &srtp_aes_icm_256_test_case_0, SRTP_AES_ICM_256 }; libsrtp-2.1.0/crypto/cipher/aes_icm_ossl.c000066400000000000000000000420511312031100000205460ustar00rootroot00000000000000/* * aes_icm_ossl.c * * AES Integer Counter Mode * * John A. Foley * Cisco Systems, Inc. * * 2/24/2012: This module was modified to use CiscoSSL for AES counter * mode. Eddy Lem contributed the code to allow this. * * 12/20/2012: Added support for AES-192 and AES-256. */ /* * * Copyright (c) 2013-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include #include "aes_icm_ossl.h" #include "crypto_types.h" #include "err.h" /* for srtp_debug */ #include "alloc.h" srtp_debug_module_t srtp_mod_aes_icm = { 0, /* debugging is off by default */ "aes icm ossl" /* printable module name */ }; extern const srtp_cipher_type_t srtp_aes_icm_128; extern const srtp_cipher_type_t srtp_aes_icm_192; extern const srtp_cipher_type_t srtp_aes_icm_256; /* * integer counter mode works as follows: * * 16 bits * <-----> * +------+------+------+------+------+------+------+------+ * | nonce | packet index | ctr |---+ * +------+------+------+------+------+------+------+------+ | * | * +------+------+------+------+------+------+------+------+ v * | salt |000000|->(+) * +------+------+------+------+------+------+------+------+ | * | * +---------+ * | encrypt | * +---------+ * | * +------+------+------+------+------+------+------+------+ | * | keystream block |<--+ * +------+------+------+------+------+------+------+------+ * * All fields are big-endian * * ctr is the block counter, which increments from zero for * each packet (16 bits wide) * * packet index is distinct for each packet (48 bits wide) * * nonce can be distinct across many uses of the same key, or * can be a fixed value per key, or can be per-packet randomness * (64 bits) * */ /* * This function allocates a new instance of this crypto engine. * The key_len parameter should be one of 30, 38, or 46 for * AES-128, AES-192, and AES-256 respectively. Note, this key_len * value is inflated, as it also accounts for the 112 bit salt * value. The tlen argument is for the AEAD tag length, which * isn't used in counter mode. */ static srtp_err_status_t srtp_aes_icm_openssl_alloc (srtp_cipher_t **c, int key_len, int tlen) { srtp_aes_icm_ctx_t *icm; debug_print(srtp_mod_aes_icm, "allocating cipher with key length %d", key_len); /* * Verify the key_len is valid for one of: AES-128/192/256 */ if (key_len != SRTP_AES_ICM_128_KEY_LEN_WSALT && key_len != SRTP_AES_ICM_192_KEY_LEN_WSALT && key_len != SRTP_AES_ICM_256_KEY_LEN_WSALT) { return srtp_err_status_bad_param; } /* allocate memory a cipher of type aes_icm */ *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); if (*c == NULL) { return srtp_err_status_alloc_fail; } memset(*c, 0x0, sizeof(srtp_cipher_t)); icm = (srtp_aes_icm_ctx_t *)srtp_crypto_alloc(sizeof(srtp_aes_icm_ctx_t)); if (icm == NULL) { srtp_crypto_free(*c); *c = NULL; return srtp_err_status_alloc_fail; } memset(icm, 0x0, sizeof(srtp_aes_icm_ctx_t)); icm->ctx = EVP_CIPHER_CTX_new(); if (icm->ctx == NULL) { srtp_crypto_free(icm); srtp_crypto_free(*c); *c = NULL; return srtp_err_status_alloc_fail; } /* set pointers */ (*c)->state = icm; /* setup cipher parameters */ switch (key_len) { case SRTP_AES_ICM_128_KEY_LEN_WSALT: (*c)->algorithm = SRTP_AES_ICM_128; (*c)->type = &srtp_aes_icm_128; icm->key_size = SRTP_AES_128_KEY_LEN; break; case SRTP_AES_ICM_192_KEY_LEN_WSALT: (*c)->algorithm = SRTP_AES_ICM_192; (*c)->type = &srtp_aes_icm_192; icm->key_size = SRTP_AES_192_KEY_LEN; break; case SRTP_AES_ICM_256_KEY_LEN_WSALT: (*c)->algorithm = SRTP_AES_ICM_256; (*c)->type = &srtp_aes_icm_256; icm->key_size = SRTP_AES_256_KEY_LEN; break; } /* set key size */ (*c)->key_len = key_len; return srtp_err_status_ok; } /* * This function deallocates an instance of this engine */ static srtp_err_status_t srtp_aes_icm_openssl_dealloc (srtp_cipher_t *c) { srtp_aes_icm_ctx_t *ctx; if (c == NULL) { return srtp_err_status_bad_param; } /* * Free the EVP context */ ctx = (srtp_aes_icm_ctx_t*)c->state; if (ctx != NULL) { EVP_CIPHER_CTX_free(ctx->ctx); /* zeroize the key material */ octet_string_set_to_zero(ctx, sizeof(srtp_aes_icm_ctx_t)); srtp_crypto_free(ctx); } /* free memory */ srtp_crypto_free(c); return srtp_err_status_ok; } /* * aes_icm_openssl_context_init(...) initializes the aes_icm_context * using the value in key[]. * * the key is the secret key * * the salt is unpredictable (but not necessarily secret) data which * randomizes the starting point in the keystream */ static srtp_err_status_t srtp_aes_icm_openssl_context_init (void* cv, const uint8_t *key) { srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; const EVP_CIPHER *evp; /* * set counter and initial values to 'offset' value, being careful not to * go past the end of the key buffer */ v128_set_to_zero(&c->counter); v128_set_to_zero(&c->offset); memcpy(&c->counter, key + c->key_size, SRTP_SALT_LEN); memcpy(&c->offset, key + c->key_size, SRTP_SALT_LEN); /* force last two octets of the offset to zero (for srtp compatibility) */ c->offset.v8[SRTP_SALT_LEN] = c->offset.v8[SRTP_SALT_LEN + 1] = 0; c->counter.v8[SRTP_SALT_LEN] = c->counter.v8[SRTP_SALT_LEN + 1] = 0; debug_print(srtp_mod_aes_icm, "key: %s", srtp_octet_string_hex_string(key, c->key_size)); debug_print(srtp_mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); switch (c->key_size) { case SRTP_AES_256_KEY_LEN: evp = EVP_aes_256_ctr(); break; case SRTP_AES_192_KEY_LEN: evp = EVP_aes_192_ctr(); break; case SRTP_AES_128_KEY_LEN: evp = EVP_aes_128_ctr(); break; default: return srtp_err_status_bad_param; break; } if (!EVP_EncryptInit_ex(c->ctx, evp, NULL, key, NULL)) { return srtp_err_status_fail; } else { return srtp_err_status_ok; } return srtp_err_status_ok; } /* * aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with * the offset */ static srtp_err_status_t srtp_aes_icm_openssl_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t dir) { srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; v128_t nonce; /* set nonce (for alignment) */ v128_copy_octet_string(&nonce, iv); debug_print(srtp_mod_aes_icm, "setting iv: %s", v128_hex_string(&nonce)); v128_xor(&c->counter, &c->offset, &nonce); debug_print(srtp_mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter)); if (!EVP_EncryptInit_ex(c->ctx, NULL, NULL, NULL, c->counter.v8)) { return srtp_err_status_fail; } else { return srtp_err_status_ok; } } /* * This function encrypts a buffer using AES CTR mode * * Parameters: * c Crypto context * buf data to encrypt * enc_len length of encrypt buffer */ static srtp_err_status_t srtp_aes_icm_openssl_encrypt (void *cv, unsigned char *buf, unsigned int *enc_len) { srtp_aes_icm_ctx_t *c = (srtp_aes_icm_ctx_t *)cv; int len = 0; debug_print(srtp_mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter)); if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) { return srtp_err_status_cipher_fail; } *enc_len = len; if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) { return srtp_err_status_cipher_fail; } *enc_len += len; return srtp_err_status_ok; } /* * Name of this crypto engine */ static const char srtp_aes_icm_128_openssl_description[] = "AES-128 counter mode using openssl"; static const char srtp_aes_icm_192_openssl_description[] = "AES-192 counter mode using openssl"; static const char srtp_aes_icm_256_openssl_description[] = "AES-256 counter mode using openssl"; /* * KAT values for AES self-test. These * values came from the legacy libsrtp code. */ static const uint8_t srtp_aes_icm_128_test_case_0_key[SRTP_AES_ICM_128_KEY_LEN_WSALT] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd }; static uint8_t srtp_aes_icm_128_test_case_0_nonce[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; static const uint8_t srtp_aes_icm_128_test_case_0_plaintext[32] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; static const uint8_t srtp_aes_icm_128_test_case_0_ciphertext[32] = { 0xe0, 0x3e, 0xad, 0x09, 0x35, 0xc9, 0x5e, 0x80, 0xe1, 0x66, 0xb1, 0x6d, 0xd9, 0x2b, 0x4e, 0xb4, 0xd2, 0x35, 0x13, 0x16, 0x2b, 0x02, 0xd0, 0xf7, 0x2a, 0x43, 0xa2, 0xfe, 0x4a, 0x5f, 0x97, 0xab }; static const srtp_cipher_test_case_t srtp_aes_icm_128_test_case_0 = { SRTP_AES_ICM_128_KEY_LEN_WSALT, /* octets in key */ srtp_aes_icm_128_test_case_0_key, /* key */ srtp_aes_icm_128_test_case_0_nonce, /* packet index */ 32, /* octets in plaintext */ srtp_aes_icm_128_test_case_0_plaintext, /* plaintext */ 32, /* octets in ciphertext */ srtp_aes_icm_128_test_case_0_ciphertext, /* ciphertext */ 0, NULL, 0, NULL /* pointer to next testcase */ }; /* * KAT values for AES-192-CTR self-test. These * values came from section 7 of RFC 6188. */ static const uint8_t srtp_aes_icm_192_test_case_0_key[SRTP_AES_ICM_192_KEY_LEN_WSALT] = { 0xea, 0xb2, 0x34, 0x76, 0x4e, 0x51, 0x7b, 0x2d, 0x3d, 0x16, 0x0d, 0x58, 0x7d, 0x8c, 0x86, 0x21, 0x97, 0x40, 0xf6, 0x5f, 0x99, 0xb6, 0xbc, 0xf7, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd }; static uint8_t srtp_aes_icm_192_test_case_0_nonce[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; static const uint8_t srtp_aes_icm_192_test_case_0_plaintext[32] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; static const uint8_t srtp_aes_icm_192_test_case_0_ciphertext[32] = { 0x35, 0x09, 0x6c, 0xba, 0x46, 0x10, 0x02, 0x8d, 0xc1, 0xb5, 0x75, 0x03, 0x80, 0x4c, 0xe3, 0x7c, 0x5d, 0xe9, 0x86, 0x29, 0x1d, 0xcc, 0xe1, 0x61, 0xd5, 0x16, 0x5e, 0xc4, 0x56, 0x8f, 0x5c, 0x9a }; static const srtp_cipher_test_case_t srtp_aes_icm_192_test_case_0 = { SRTP_AES_ICM_192_KEY_LEN_WSALT, /* octets in key */ srtp_aes_icm_192_test_case_0_key, /* key */ srtp_aes_icm_192_test_case_0_nonce, /* packet index */ 32, /* octets in plaintext */ srtp_aes_icm_192_test_case_0_plaintext, /* plaintext */ 32, /* octets in ciphertext */ srtp_aes_icm_192_test_case_0_ciphertext, /* ciphertext */ 0, NULL, 0, NULL /* pointer to next testcase */ }; /* * KAT values for AES-256-CTR self-test. These * values came from section 7 of RFC 6188. */ static const uint8_t srtp_aes_icm_256_test_case_0_key[SRTP_AES_ICM_256_KEY_LEN_WSALT] = { 0x57, 0xf8, 0x2f, 0xe3, 0x61, 0x3f, 0xd1, 0x70, 0xa8, 0x5e, 0xc9, 0x3c, 0x40, 0xb1, 0xf0, 0x92, 0x2e, 0xc4, 0xcb, 0x0d, 0xc0, 0x25, 0xb5, 0x82, 0x72, 0x14, 0x7c, 0xc4, 0x38, 0x94, 0x4a, 0x98, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd }; static uint8_t srtp_aes_icm_256_test_case_0_nonce[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; static const uint8_t srtp_aes_icm_256_test_case_0_plaintext[32] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; static const uint8_t srtp_aes_icm_256_test_case_0_ciphertext[32] = { 0x92, 0xbd, 0xd2, 0x8a, 0x93, 0xc3, 0xf5, 0x25, 0x11, 0xc6, 0x77, 0xd0, 0x8b, 0x55, 0x15, 0xa4, 0x9d, 0xa7, 0x1b, 0x23, 0x78, 0xa8, 0x54, 0xf6, 0x70, 0x50, 0x75, 0x6d, 0xed, 0x16, 0x5b, 0xac }; static const srtp_cipher_test_case_t srtp_aes_icm_256_test_case_0 = { SRTP_AES_ICM_256_KEY_LEN_WSALT, /* octets in key */ srtp_aes_icm_256_test_case_0_key, /* key */ srtp_aes_icm_256_test_case_0_nonce, /* packet index */ 32, /* octets in plaintext */ srtp_aes_icm_256_test_case_0_plaintext, /* plaintext */ 32, /* octets in ciphertext */ srtp_aes_icm_256_test_case_0_ciphertext, /* ciphertext */ 0, NULL, 0, NULL /* pointer to next testcase */ }; /* * This is the function table for this crypto engine. * note: the encrypt function is identical to the decrypt function */ const srtp_cipher_type_t srtp_aes_icm_128 = { srtp_aes_icm_openssl_alloc, srtp_aes_icm_openssl_dealloc, srtp_aes_icm_openssl_context_init, 0, /* set_aad */ srtp_aes_icm_openssl_encrypt, srtp_aes_icm_openssl_encrypt, srtp_aes_icm_openssl_set_iv, 0, /* get_tag */ srtp_aes_icm_128_openssl_description, &srtp_aes_icm_128_test_case_0, SRTP_AES_ICM_128 }; /* * This is the function table for this crypto engine. * note: the encrypt function is identical to the decrypt function */ const srtp_cipher_type_t srtp_aes_icm_192 = { srtp_aes_icm_openssl_alloc, srtp_aes_icm_openssl_dealloc, srtp_aes_icm_openssl_context_init, 0, /* set_aad */ srtp_aes_icm_openssl_encrypt, srtp_aes_icm_openssl_encrypt, srtp_aes_icm_openssl_set_iv, 0, /* get_tag */ srtp_aes_icm_192_openssl_description, &srtp_aes_icm_192_test_case_0, SRTP_AES_ICM_192 }; /* * This is the function table for this crypto engine. * note: the encrypt function is identical to the decrypt function */ const srtp_cipher_type_t srtp_aes_icm_256 = { srtp_aes_icm_openssl_alloc, srtp_aes_icm_openssl_dealloc, srtp_aes_icm_openssl_context_init, 0, /* set_aad */ srtp_aes_icm_openssl_encrypt, srtp_aes_icm_openssl_encrypt, srtp_aes_icm_openssl_set_iv, 0, /* get_tag */ srtp_aes_icm_256_openssl_description, &srtp_aes_icm_256_test_case_0, SRTP_AES_ICM_256 }; libsrtp-2.1.0/crypto/cipher/cipher.c000066400000000000000000000513701312031100000173640ustar00rootroot00000000000000/* * cipher.c * * cipher meta-functions * * David A. McGrew * Cisco Systems, Inc. * */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "cipher.h" #include "crypto_types.h" #include "err.h" /* for srtp_debug */ #include "alloc.h" /* for crypto_alloc(), crypto_free() */ srtp_debug_module_t srtp_mod_cipher = { 0, /* debugging is off by default */ "cipher" /* printable module name */ }; srtp_err_status_t srtp_cipher_type_alloc (const srtp_cipher_type_t *ct, srtp_cipher_t **c, int key_len, int tlen) { if (!ct || !ct->alloc) { return (srtp_err_status_bad_param); } return ((ct)->alloc((c), (key_len), (tlen))); } srtp_err_status_t srtp_cipher_dealloc (srtp_cipher_t *c) { if (!c || !c->type) { return (srtp_err_status_bad_param); } return (((c)->type)->dealloc(c)); } srtp_err_status_t srtp_cipher_init (srtp_cipher_t *c, const uint8_t *key) { if (!c || !c->type || !c->state) { return (srtp_err_status_bad_param); } return (((c)->type)->init(((c)->state), (key))); } srtp_err_status_t srtp_cipher_set_iv (srtp_cipher_t *c, uint8_t *iv, int direction) { if (!c || !c->type || !c->state) { return (srtp_err_status_bad_param); } return (((c)->type)->set_iv(((c)->state), iv, direction)); } srtp_err_status_t srtp_cipher_output (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output) { /* zeroize the buffer */ octet_string_set_to_zero(buffer, *num_octets_to_output); /* exor keystream into buffer */ return (((c)->type)->encrypt(((c)->state), buffer, num_octets_to_output)); } srtp_err_status_t srtp_cipher_encrypt (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output) { if (!c || !c->type || !c->state) { return (srtp_err_status_bad_param); } return (((c)->type)->encrypt(((c)->state), buffer, num_octets_to_output)); } srtp_err_status_t srtp_cipher_decrypt (srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output) { if (!c || !c->type || !c->state) { return (srtp_err_status_bad_param); } return (((c)->type)->decrypt(((c)->state), buffer, num_octets_to_output)); } srtp_err_status_t srtp_cipher_get_tag (srtp_cipher_t *c, uint8_t *buffer, uint32_t *tag_len) { if (!c || !c->type || !c->state) { return (srtp_err_status_bad_param); } if (!((c)->type)->get_tag) { return (srtp_err_status_no_such_op); } return (((c)->type)->get_tag(((c)->state), buffer, tag_len)); } srtp_err_status_t srtp_cipher_set_aad (srtp_cipher_t *c, const uint8_t *aad, uint32_t aad_len) { if (!c || !c->type || !c->state) { return (srtp_err_status_bad_param); } if (!((c)->type)->set_aad) { return (srtp_err_status_no_such_op); } return (((c)->type)->set_aad(((c)->state), aad, aad_len)); } /* some bookkeeping functions */ int srtp_cipher_get_key_length (const srtp_cipher_t *c) { return c->key_len; } /* * A trivial platform independent random source. The random * data is used for some of the cipher self-tests. */ static srtp_err_status_t srtp_cipher_rand (void *dest, uint32_t len) { #if defined(HAVE_RAND_S) uint8_t *dst = (uint8_t *)dest; while (len) { unsigned int val; errno_t err = rand_s(&val); if (err != 0) return srtp_err_status_fail; *dst++ = val & 0xff; len--; } #else /* Generic C-library (rand()) version */ /* This is a random source of last resort */ uint8_t *dst = (uint8_t *)dest; while (len) { int val = rand(); /* rand() returns 0-32767 (ugh) */ /* Is this a good enough way to get random bytes? It is if it passes FIPS-140... */ *dst++ = val & 0xff; len--; } #endif return srtp_err_status_ok; } #define SELF_TEST_BUF_OCTETS 128 #define NUM_RAND_TESTS 128 #define MAX_KEY_LEN 64 /* * srtp_cipher_type_test(ct, test_data) tests a cipher of type ct against * test cases provided in a list test_data of values of key, salt, iv, * plaintext, and ciphertext that is known to be good */ srtp_err_status_t srtp_cipher_type_test (const srtp_cipher_type_t *ct, const srtp_cipher_test_case_t *test_data) { const srtp_cipher_test_case_t *test_case = test_data; srtp_cipher_t *c; srtp_err_status_t status; uint8_t buffer[SELF_TEST_BUF_OCTETS]; uint8_t buffer2[SELF_TEST_BUF_OCTETS]; uint32_t tag_len; unsigned int len; int i, j, case_num = 0; debug_print(srtp_mod_cipher, "running self-test for cipher %s", ct->description); /* * check to make sure that we have at least one test case, and * return an error if we don't - we need to be paranoid here */ if (test_case == NULL) { return srtp_err_status_cant_check; } /* * loop over all test cases, perform known-answer tests of both the * encryption and decryption functions */ while (test_case != NULL) { /* allocate cipher */ status = srtp_cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets); if (status) { return status; } /* * test the encrypt function */ debug_print(srtp_mod_cipher, "testing encryption", NULL); /* initialize cipher */ status = srtp_cipher_init(c, test_case->key); if (status) { srtp_cipher_dealloc(c); return status; } /* copy plaintext into test buffer */ if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) { srtp_cipher_dealloc(c); return srtp_err_status_bad_param; } for (i = 0; i < test_case->plaintext_length_octets; i++) { buffer[i] = test_case->plaintext[i]; } debug_print(srtp_mod_cipher, "plaintext: %s", srtp_octet_string_hex_string(buffer, test_case->plaintext_length_octets)); /* set the initialization vector */ status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_encrypt); if (status) { srtp_cipher_dealloc(c); return status; } if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { debug_print(srtp_mod_cipher, "IV: %s", srtp_octet_string_hex_string(test_case->idx, 12)); /* * Set the AAD */ status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets); if (status) { srtp_cipher_dealloc(c); return status; } debug_print(srtp_mod_cipher, "AAD: %s", srtp_octet_string_hex_string(test_case->aad, test_case->aad_length_octets)); } /* encrypt */ len = test_case->plaintext_length_octets; status = srtp_cipher_encrypt(c, buffer, &len); if (status) { srtp_cipher_dealloc(c); return status; } if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { /* * Get the GCM tag */ status = srtp_cipher_get_tag(c, buffer + len, &tag_len); if (status) { srtp_cipher_dealloc(c); return status; } len += tag_len; } debug_print(srtp_mod_cipher, "ciphertext: %s", srtp_octet_string_hex_string(buffer, test_case->ciphertext_length_octets)); /* compare the resulting ciphertext with that in the test case */ if (len != test_case->ciphertext_length_octets) { srtp_cipher_dealloc(c); return srtp_err_status_algo_fail; } status = srtp_err_status_ok; for (i = 0; i < test_case->ciphertext_length_octets; i++) { if (buffer[i] != test_case->ciphertext[i]) { status = srtp_err_status_algo_fail; debug_print(srtp_mod_cipher, "test case %d failed", case_num); debug_print(srtp_mod_cipher, "(failure at byte %d)", i); break; } } if (status) { debug_print(srtp_mod_cipher, "c computed: %s", srtp_octet_string_hex_string(buffer, 2 * test_case->plaintext_length_octets)); debug_print(srtp_mod_cipher, "c expected: %s", srtp_octet_string_hex_string(test_case->ciphertext, 2 * test_case->plaintext_length_octets)); srtp_cipher_dealloc(c); return srtp_err_status_algo_fail; } /* * test the decrypt function */ debug_print(srtp_mod_cipher, "testing decryption", NULL); /* re-initialize cipher for decryption */ status = srtp_cipher_init(c, test_case->key); if (status) { srtp_cipher_dealloc(c); return status; } /* copy ciphertext into test buffer */ if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) { srtp_cipher_dealloc(c); return srtp_err_status_bad_param; } for (i = 0; i < test_case->ciphertext_length_octets; i++) { buffer[i] = test_case->ciphertext[i]; } debug_print(srtp_mod_cipher, "ciphertext: %s", srtp_octet_string_hex_string(buffer, test_case->plaintext_length_octets)); /* set the initialization vector */ status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_decrypt); if (status) { srtp_cipher_dealloc(c); return status; } if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { /* * Set the AAD */ status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets); if (status) { srtp_cipher_dealloc(c); return status; } debug_print(srtp_mod_cipher, "AAD: %s", srtp_octet_string_hex_string(test_case->aad, test_case->aad_length_octets)); } /* decrypt */ len = test_case->ciphertext_length_octets; status = srtp_cipher_decrypt(c, buffer, &len); if (status) { srtp_cipher_dealloc(c); return status; } debug_print(srtp_mod_cipher, "plaintext: %s", srtp_octet_string_hex_string(buffer, test_case->plaintext_length_octets)); /* compare the resulting plaintext with that in the test case */ if (len != test_case->plaintext_length_octets) { srtp_cipher_dealloc(c); return srtp_err_status_algo_fail; } status = srtp_err_status_ok; for (i = 0; i < test_case->plaintext_length_octets; i++) { if (buffer[i] != test_case->plaintext[i]) { status = srtp_err_status_algo_fail; debug_print(srtp_mod_cipher, "test case %d failed", case_num); debug_print(srtp_mod_cipher, "(failure at byte %d)", i); } } if (status) { debug_print(srtp_mod_cipher, "p computed: %s", srtp_octet_string_hex_string(buffer, 2 * test_case->plaintext_length_octets)); debug_print(srtp_mod_cipher, "p expected: %s", srtp_octet_string_hex_string(test_case->plaintext, 2 * test_case->plaintext_length_octets)); srtp_cipher_dealloc(c); return srtp_err_status_algo_fail; } /* deallocate the cipher */ status = srtp_cipher_dealloc(c); if (status) { return status; } /* * the cipher passed the test case, so move on to the next test * case in the list; if NULL, we'l proceed to the next test */ test_case = test_case->next_test_case; ++case_num; } /* now run some random invertibility tests */ /* allocate cipher, using paramaters from the first test case */ test_case = test_data; status = srtp_cipher_type_alloc(ct, &c, test_case->key_length_octets, test_case->tag_length_octets); if (status) { return status; } for (j = 0; j < NUM_RAND_TESTS; j++) { unsigned length; int plaintext_len; uint8_t key[MAX_KEY_LEN]; uint8_t iv[MAX_KEY_LEN]; /* choose a length at random (leaving room for IV and padding) */ length = rand() % (SELF_TEST_BUF_OCTETS - 64); debug_print(srtp_mod_cipher, "random plaintext length %d\n", length); status = srtp_cipher_rand(buffer, length); if (status) { srtp_cipher_dealloc(c); return status; } debug_print(srtp_mod_cipher, "plaintext: %s", srtp_octet_string_hex_string(buffer, length)); /* copy plaintext into second buffer */ for (i = 0; (unsigned int)i < length; i++) { buffer2[i] = buffer[i]; } /* choose a key at random */ if (test_case->key_length_octets > MAX_KEY_LEN) { srtp_cipher_dealloc(c); return srtp_err_status_cant_check; } status = srtp_cipher_rand(key, test_case->key_length_octets); if (status) { srtp_cipher_dealloc(c); return status; } /* chose a random initialization vector */ status = srtp_cipher_rand(iv, MAX_KEY_LEN); if (status) { srtp_cipher_dealloc(c); return status; } /* initialize cipher */ status = srtp_cipher_init(c, key); if (status) { srtp_cipher_dealloc(c); return status; } /* set initialization vector */ status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_encrypt); if (status) { srtp_cipher_dealloc(c); return status; } if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { /* * Set the AAD */ status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets); if (status) { srtp_cipher_dealloc(c); return status; } debug_print(srtp_mod_cipher, "AAD: %s", srtp_octet_string_hex_string(test_case->aad, test_case->aad_length_octets)); } /* encrypt buffer with cipher */ plaintext_len = length; status = srtp_cipher_encrypt(c, buffer, &length); if (status) { srtp_cipher_dealloc(c); return status; } if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { /* * Get the GCM tag */ status = srtp_cipher_get_tag(c, buffer + length, &tag_len); if (status) { srtp_cipher_dealloc(c); return status; } length += tag_len; } debug_print(srtp_mod_cipher, "ciphertext: %s", srtp_octet_string_hex_string(buffer, length)); /* * re-initialize cipher for decryption, re-set the iv, then * decrypt the ciphertext */ status = srtp_cipher_init(c, key); if (status) { srtp_cipher_dealloc(c); return status; } status = srtp_cipher_set_iv(c, (uint8_t*)test_case->idx, srtp_direction_decrypt); if (status) { srtp_cipher_dealloc(c); return status; } if (c->algorithm == SRTP_AES_GCM_128 || c->algorithm == SRTP_AES_GCM_256) { /* * Set the AAD */ status = srtp_cipher_set_aad(c, test_case->aad, test_case->aad_length_octets); if (status) { srtp_cipher_dealloc(c); return status; } debug_print(srtp_mod_cipher, "AAD: %s", srtp_octet_string_hex_string(test_case->aad, test_case->aad_length_octets)); } status = srtp_cipher_decrypt(c, buffer, &length); if (status) { srtp_cipher_dealloc(c); return status; } debug_print(srtp_mod_cipher, "plaintext[2]: %s", srtp_octet_string_hex_string(buffer, length)); /* compare the resulting plaintext with the original one */ if (length != plaintext_len) { srtp_cipher_dealloc(c); return srtp_err_status_algo_fail; } status = srtp_err_status_ok; for (i = 0; i < plaintext_len; i++) { if (buffer[i] != buffer2[i]) { status = srtp_err_status_algo_fail; debug_print(srtp_mod_cipher, "random test case %d failed", case_num); debug_print(srtp_mod_cipher, "(failure at byte %d)", i); } } if (status) { srtp_cipher_dealloc(c); return srtp_err_status_algo_fail; } } status = srtp_cipher_dealloc(c); if (status) { return status; } return srtp_err_status_ok; } /* * srtp_cipher_type_self_test(ct) performs srtp_cipher_type_test on ct's internal * list of test data. */ srtp_err_status_t srtp_cipher_type_self_test (const srtp_cipher_type_t *ct) { return srtp_cipher_type_test(ct, ct->test_data); } /* * cipher_bits_per_second(c, l, t) computes (an estimate of) the * number of bits that a cipher implementation can encrypt in a second * * c is a cipher (which MUST be allocated and initialized already), l * is the length in octets of the test data to be encrypted, and t is * the number of trials * * if an error is encountered, the value 0 is returned */ uint64_t srtp_cipher_bits_per_second (srtp_cipher_t *c, int octets_in_buffer, int num_trials) { int i; v128_t nonce; clock_t timer; unsigned char *enc_buf; unsigned int len = octets_in_buffer; enc_buf = (unsigned char*)srtp_crypto_alloc(octets_in_buffer); if (enc_buf == NULL) { return 0; /* indicate bad parameters by returning null */ } /* time repeated trials */ v128_set_to_zero(&nonce); timer = clock(); for (i = 0; i < num_trials; i++, nonce.v32[3] = i) { if (srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt) != srtp_err_status_ok) { srtp_crypto_free(enc_buf); return 0; } if (srtp_cipher_encrypt(c, enc_buf, &len) != srtp_err_status_ok) { srtp_crypto_free(enc_buf); return 0; } } timer = clock() - timer; srtp_crypto_free(enc_buf); if (timer == 0) { /* Too fast! */ return 0; } return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer; } libsrtp-2.1.0/crypto/cipher/null_cipher.c000066400000000000000000000112501312031100000204070ustar00rootroot00000000000000/* * null_cipher.c * * A null cipher implementation. This cipher leaves the plaintext * unchanged. * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "datatypes.h" #include "null_cipher.h" #include "err.h" /* for srtp_debug */ #include "alloc.h" /* the null_cipher uses the cipher debug module */ extern srtp_debug_module_t srtp_mod_cipher; static srtp_err_status_t srtp_null_cipher_alloc (srtp_cipher_t **c, int key_len, int tlen) { extern const srtp_cipher_type_t srtp_null_cipher; debug_print(srtp_mod_cipher, "allocating cipher with key length %d", key_len); /* allocate memory a cipher of type null_cipher */ *c = (srtp_cipher_t *)srtp_crypto_alloc(sizeof(srtp_cipher_t)); if (*c == NULL) { return srtp_err_status_alloc_fail; } memset(*c, 0x0, sizeof(srtp_cipher_t)); /* set pointers */ (*c)->algorithm = SRTP_NULL_CIPHER; (*c)->type = &srtp_null_cipher; (*c)->state = (void *) 0x1; /* The null cipher does not maintain state */ /* set key size */ (*c)->key_len = key_len; return srtp_err_status_ok; } static srtp_err_status_t srtp_null_cipher_dealloc (srtp_cipher_t *c) { extern const srtp_cipher_type_t srtp_null_cipher; /* zeroize entire state*/ octet_string_set_to_zero(c, sizeof(srtp_cipher_t)); /* free memory of type null_cipher */ srtp_crypto_free(c); return srtp_err_status_ok; } static srtp_err_status_t srtp_null_cipher_init (void *cv, const uint8_t *key) { /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */ debug_print(srtp_mod_cipher, "initializing null cipher", NULL); return srtp_err_status_ok; } static srtp_err_status_t srtp_null_cipher_set_iv (void *cv, uint8_t *iv, srtp_cipher_direction_t dir) { /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */ return srtp_err_status_ok; } static srtp_err_status_t srtp_null_cipher_encrypt (void *cv, unsigned char *buf, unsigned int *bytes_to_encr) { /* srtp_null_cipher_ctx_t *c = (srtp_null_cipher_ctx_t *)cv; */ return srtp_err_status_ok; } static const char srtp_null_cipher_description[] = "null cipher"; static const srtp_cipher_test_case_t srtp_null_cipher_test_0 = { 0, /* octets in key */ NULL, /* key */ 0, /* packet index */ 0, /* octets in plaintext */ NULL, /* plaintext */ 0, /* octets in plaintext */ NULL, /* ciphertext */ 0, NULL, 0, NULL /* pointer to next testcase */ }; /* * note: the decrypt function is idential to the encrypt function */ const srtp_cipher_type_t srtp_null_cipher = { srtp_null_cipher_alloc, srtp_null_cipher_dealloc, srtp_null_cipher_init, 0, /* set_aad */ srtp_null_cipher_encrypt, srtp_null_cipher_encrypt, srtp_null_cipher_set_iv, 0, /* get_tag */ srtp_null_cipher_description, &srtp_null_cipher_test_0, SRTP_NULL_CIPHER }; libsrtp-2.1.0/crypto/hash/000077500000000000000000000000001312031100000154115ustar00rootroot00000000000000libsrtp-2.1.0/crypto/hash/auth.c000066400000000000000000000137231312031100000165240ustar00rootroot00000000000000/* * auth.c * * some bookkeeping functions for authentication functions * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "auth.h" #include "err.h" /* for srtp_debug */ #include "datatypes.h" /* for octet_string */ /* the debug module for authentiation */ srtp_debug_module_t srtp_mod_auth = { 0, /* debugging is off by default */ "auth func" /* printable name for module */ }; int srtp_auth_get_key_length (const srtp_auth_t *a) { return a->key_len; } int srtp_auth_get_tag_length (const srtp_auth_t *a) { return a->out_len; } int srtp_auth_get_prefix_length (const srtp_auth_t *a) { return a->prefix_len; } /* * srtp_auth_type_test() tests an auth function of type ct against * test cases provided in a list test_data of values of key, data, and tag * that is known to be good */ /* should be big enough for most occasions */ #define SELF_TEST_TAG_BUF_OCTETS 32 srtp_err_status_t srtp_auth_type_test (const srtp_auth_type_t *at, const srtp_auth_test_case_t *test_data) { const srtp_auth_test_case_t *test_case = test_data; srtp_auth_t *a; srtp_err_status_t status; uint8_t tag[SELF_TEST_TAG_BUF_OCTETS]; int i, case_num = 0; debug_print(srtp_mod_auth, "running self-test for auth function %s", at->description); /* * check to make sure that we have at least one test case, and * return an error if we don't - we need to be paranoid here */ if (test_case == NULL) { return srtp_err_status_cant_check; } /* loop over all test cases */ while (test_case != NULL) { /* check test case parameters */ if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS) { return srtp_err_status_bad_param; } /* allocate auth */ status = srtp_auth_type_alloc(at, &a, test_case->key_length_octets, test_case->tag_length_octets); if (status) { return status; } /* initialize auth */ status = srtp_auth_init(a, test_case->key); if (status) { srtp_auth_dealloc(a); return status; } /* zeroize tag then compute */ octet_string_set_to_zero(tag, test_case->tag_length_octets); status = srtp_auth_compute(a, test_case->data, test_case->data_length_octets, tag); if (status) { srtp_auth_dealloc(a); return status; } debug_print(srtp_mod_auth, "key: %s", srtp_octet_string_hex_string(test_case->key, test_case->key_length_octets)); debug_print(srtp_mod_auth, "data: %s", srtp_octet_string_hex_string(test_case->data, test_case->data_length_octets)); debug_print(srtp_mod_auth, "tag computed: %s", srtp_octet_string_hex_string(tag, test_case->tag_length_octets)); debug_print(srtp_mod_auth, "tag expected: %s", srtp_octet_string_hex_string(test_case->tag, test_case->tag_length_octets)); /* check the result */ status = srtp_err_status_ok; for (i = 0; i < test_case->tag_length_octets; i++) { if (tag[i] != test_case->tag[i]) { status = srtp_err_status_algo_fail; debug_print(srtp_mod_auth, "test case %d failed", case_num); debug_print(srtp_mod_auth, " (mismatch at octet %d)", i); } } if (status) { srtp_auth_dealloc(a); return srtp_err_status_algo_fail; } /* deallocate the auth function */ status = srtp_auth_dealloc(a); if (status) { return status; } /* * the auth function passed the test case, so move on to the next test * case in the list; if NULL, we'll quit and return an OK */ test_case = test_case->next_test_case; ++case_num; } return srtp_err_status_ok; } /* * auth_type_self_test(at) performs srtp_auth_type_test on at's internal * list of test data. */ srtp_err_status_t srtp_auth_type_self_test (const srtp_auth_type_t *at) { return srtp_auth_type_test(at, at->test_data); } libsrtp-2.1.0/crypto/hash/hmac.c000066400000000000000000000175071312031100000164770ustar00rootroot00000000000000/* * hmac.c * * implementation of hmac srtp_auth_type_t * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright(c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "hmac.h" #include "alloc.h" /* the debug module for authentiation */ srtp_debug_module_t srtp_mod_hmac = { 0, /* debugging is off by default */ "hmac sha-1" /* printable name for module */ }; static srtp_err_status_t srtp_hmac_alloc (srtp_auth_t **a, int key_len, int out_len) { extern const srtp_auth_type_t srtp_hmac; uint8_t *pointer; debug_print(srtp_mod_hmac, "allocating auth func with key length %d", key_len); debug_print(srtp_mod_hmac, " tag length %d", out_len); /* * check key length - note that we don't support keys larger * than 20 bytes yet */ if (key_len > 20) { return srtp_err_status_bad_param; } /* check output length - should be less than 20 bytes */ if (out_len > 20) { return srtp_err_status_bad_param; } /* allocate memory for auth and srtp_hmac_ctx_t structures */ pointer = (uint8_t*)srtp_crypto_alloc(sizeof(srtp_hmac_ctx_t) + sizeof(srtp_auth_t)); if (pointer == NULL) { return srtp_err_status_alloc_fail; } /* set pointers */ *a = (srtp_auth_t*)pointer; (*a)->type = &srtp_hmac; (*a)->state = pointer + sizeof(srtp_auth_t); (*a)->out_len = out_len; (*a)->key_len = key_len; (*a)->prefix_len = 0; return srtp_err_status_ok; } static srtp_err_status_t srtp_hmac_dealloc (srtp_auth_t *a) { /* zeroize entire state*/ octet_string_set_to_zero(a, sizeof(srtp_hmac_ctx_t) + sizeof(srtp_auth_t)); /* free memory */ srtp_crypto_free(a); return srtp_err_status_ok; } static srtp_err_status_t srtp_hmac_init (void *statev, const uint8_t *key, int key_len) { srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev; int i; uint8_t ipad[64]; /* * check key length - note that we don't support keys larger * than 20 bytes yet */ if (key_len > 20) { return srtp_err_status_bad_param; } /* * set values of ipad and opad by exoring the key into the * appropriate constant values */ for (i = 0; i < key_len; i++) { ipad[i] = key[i] ^ 0x36; state->opad[i] = key[i] ^ 0x5c; } /* set the rest of ipad, opad to constant values */ for (; i < 64; i++) { ipad[i] = 0x36; ((uint8_t*)state->opad)[i] = 0x5c; } debug_print(srtp_mod_hmac, "ipad: %s", srtp_octet_string_hex_string(ipad, 64)); /* initialize sha1 context */ srtp_sha1_init(&state->init_ctx); /* hash ipad ^ key */ srtp_sha1_update(&state->init_ctx, ipad, 64); memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t)); return srtp_err_status_ok; } static srtp_err_status_t srtp_hmac_start (void *statev) { srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev; memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t)); return srtp_err_status_ok; } static srtp_err_status_t srtp_hmac_update (void *statev, const uint8_t *message, int msg_octets) { srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev; debug_print(srtp_mod_hmac, "input: %s", srtp_octet_string_hex_string(message, msg_octets)); /* hash message into sha1 context */ srtp_sha1_update(&state->ctx, message, msg_octets); return srtp_err_status_ok; } static srtp_err_status_t srtp_hmac_compute (void *statev, const uint8_t *message, int msg_octets, int tag_len, uint8_t *result) { srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev; uint32_t hash_value[5]; uint32_t H[5]; int i; /* check tag length, return error if we can't provide the value expected */ if (tag_len > 20) { return srtp_err_status_bad_param; } /* hash message, copy output into H */ srtp_hmac_update(state, message, msg_octets); srtp_sha1_final(&state->ctx, H); /* * note that we don't need to debug_print() the input, since the * function hmac_update() already did that for us */ debug_print(srtp_mod_hmac, "intermediate state: %s", srtp_octet_string_hex_string((uint8_t*)H, 20)); /* re-initialize hash context */ srtp_sha1_init(&state->ctx); /* hash opad ^ key */ srtp_sha1_update(&state->ctx, (uint8_t*)state->opad, 64); /* hash the result of the inner hash */ srtp_sha1_update(&state->ctx, (uint8_t*)H, 20); /* the result is returned in the array hash_value[] */ srtp_sha1_final(&state->ctx, hash_value); /* copy hash_value to *result */ for (i = 0; i < tag_len; i++) { result[i] = ((uint8_t*)hash_value)[i]; } debug_print(srtp_mod_hmac, "output: %s", srtp_octet_string_hex_string((uint8_t*)hash_value, tag_len)); return srtp_err_status_ok; } /* begin test case 0 */ static const uint8_t srtp_hmac_test_case_0_key[20] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; static const uint8_t srtp_hmac_test_case_0_data[8] = { 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */ }; static const uint8_t srtp_hmac_test_case_0_tag[20] = { 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, 0xf1, 0x46, 0xbe, 0x00 }; static const srtp_auth_test_case_t srtp_hmac_test_case_0 = { 20, /* octets in key */ srtp_hmac_test_case_0_key, /* key */ 8, /* octets in data */ srtp_hmac_test_case_0_data, /* data */ 20, /* octets in tag */ srtp_hmac_test_case_0_tag, /* tag */ NULL /* pointer to next testcase */ }; /* end test case 0 */ static const char srtp_hmac_description[] = "hmac sha-1 authentication function"; /* * srtp_auth_type_t hmac is the hmac metaobject */ const srtp_auth_type_t srtp_hmac = { srtp_hmac_alloc, srtp_hmac_dealloc, srtp_hmac_init, srtp_hmac_compute, srtp_hmac_update, srtp_hmac_start, srtp_hmac_description, &srtp_hmac_test_case_0, SRTP_HMAC_SHA1 }; libsrtp-2.1.0/crypto/hash/hmac_ossl.c000066400000000000000000000170501312031100000175300ustar00rootroot00000000000000/* * hmac_ossl.c * * Implementation of hmac srtp_auth_type_t that leverages OpenSSL * * John A. Foley * Cisco Systems, Inc. */ /* * * Copyright(c) 2013-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "auth.h" #include "alloc.h" #include "err.h" /* for srtp_debug */ #include #include #define SHA1_DIGEST_SIZE 20 /* the debug module for authentiation */ srtp_debug_module_t srtp_mod_hmac = { 0, /* debugging is off by default */ "hmac sha-1 openssl" /* printable name for module */ }; static srtp_err_status_t srtp_hmac_alloc (srtp_auth_t **a, int key_len, int out_len) { extern const srtp_auth_type_t srtp_hmac; debug_print(srtp_mod_hmac, "allocating auth func with key length %d", key_len); debug_print(srtp_mod_hmac, " tag length %d", out_len); /* check output length - should be less than 20 bytes */ if (out_len > SHA1_DIGEST_SIZE) { return srtp_err_status_bad_param; } /* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */ #if OPENSSL_VERSION_NUMBER < 0x10100000L { /* allocate memory for auth and HMAC_CTX structures */ uint8_t* pointer; HMAC_CTX *new_hmac_ctx; pointer = (uint8_t*)srtp_crypto_alloc(sizeof(HMAC_CTX) + sizeof(srtp_auth_t)); if (pointer == NULL) { return srtp_err_status_alloc_fail; } *a = (srtp_auth_t*)pointer; (*a)->state = pointer + sizeof(srtp_auth_t); new_hmac_ctx = (HMAC_CTX*)((*a)->state); HMAC_CTX_init(new_hmac_ctx); } #else *a = (srtp_auth_t*)srtp_crypto_alloc(sizeof(srtp_auth_t)); if (*a == NULL) { return srtp_err_status_alloc_fail; } (*a)->state = HMAC_CTX_new(); if ((*a)->state == NULL) { srtp_crypto_free(*a); *a = NULL; return srtp_err_status_alloc_fail; } #endif /* set pointers */ (*a)->type = &srtp_hmac; (*a)->out_len = out_len; (*a)->key_len = key_len; (*a)->prefix_len = 0; return srtp_err_status_ok; } static srtp_err_status_t srtp_hmac_dealloc (srtp_auth_t *a) { HMAC_CTX *hmac_ctx; hmac_ctx = (HMAC_CTX*)a->state; #if OPENSSL_VERSION_NUMBER < 0x10100000L HMAC_CTX_cleanup(hmac_ctx); /* zeroize entire state*/ octet_string_set_to_zero(a, sizeof(HMAC_CTX) + sizeof(srtp_auth_t)); #else HMAC_CTX_free(hmac_ctx); /* zeroize entire state*/ octet_string_set_to_zero(a, sizeof(srtp_auth_t)); #endif /* free memory */ srtp_crypto_free(a); return srtp_err_status_ok; } static srtp_err_status_t srtp_hmac_start (void *statev) { HMAC_CTX *state = (HMAC_CTX *)statev; if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0) return srtp_err_status_auth_fail; return srtp_err_status_ok; } static srtp_err_status_t srtp_hmac_init (void *statev, const uint8_t *key, int key_len) { HMAC_CTX *state = (HMAC_CTX *)statev; if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0) return srtp_err_status_auth_fail; return srtp_err_status_ok; } static srtp_err_status_t srtp_hmac_update (void *statev, const uint8_t *message, int msg_octets) { HMAC_CTX *state = (HMAC_CTX *)statev; debug_print(srtp_mod_hmac, "input: %s", srtp_octet_string_hex_string(message, msg_octets)); if (HMAC_Update(state, message, msg_octets) == 0) return srtp_err_status_auth_fail; return srtp_err_status_ok; } static srtp_err_status_t srtp_hmac_compute (void *statev, const uint8_t *message, int msg_octets, int tag_len, uint8_t *result) { HMAC_CTX *state = (HMAC_CTX *)statev; uint8_t hash_value[SHA1_DIGEST_SIZE]; int i; unsigned int len; /* check tag length, return error if we can't provide the value expected */ if (tag_len > SHA1_DIGEST_SIZE) { return srtp_err_status_bad_param; } /* hash message, copy output into H */ if (HMAC_Update(state, message, msg_octets) == 0) return srtp_err_status_auth_fail; if (HMAC_Final(state, hash_value, &len) == 0) return srtp_err_status_auth_fail; if (len < tag_len) return srtp_err_status_auth_fail; /* copy hash_value to *result */ for (i = 0; i < tag_len; i++) { result[i] = hash_value[i]; } debug_print(srtp_mod_hmac, "output: %s", srtp_octet_string_hex_string(hash_value, tag_len)); return srtp_err_status_ok; } /* begin test case 0 */ static const uint8_t srtp_hmac_test_case_0_key[SHA1_DIGEST_SIZE] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; static const uint8_t srtp_hmac_test_case_0_data[8] = { 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */ }; static const uint8_t srtp_hmac_test_case_0_tag[SHA1_DIGEST_SIZE] = { 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, 0xf1, 0x46, 0xbe, 0x00 }; static const srtp_auth_test_case_t srtp_hmac_test_case_0 = { sizeof(srtp_hmac_test_case_0_key), /* octets in key */ srtp_hmac_test_case_0_key, /* key */ sizeof(srtp_hmac_test_case_0_data), /* octets in data */ srtp_hmac_test_case_0_data, /* data */ sizeof(srtp_hmac_test_case_0_tag), /* octets in tag */ srtp_hmac_test_case_0_tag, /* tag */ NULL /* pointer to next testcase */ }; /* end test case 0 */ static const char srtp_hmac_description[] = "hmac sha-1 authentication function"; /* * srtp_auth_type_t hmac is the hmac metaobject */ const srtp_auth_type_t srtp_hmac = { srtp_hmac_alloc, srtp_hmac_dealloc, srtp_hmac_init, srtp_hmac_compute, srtp_hmac_update, srtp_hmac_start, srtp_hmac_description, &srtp_hmac_test_case_0, SRTP_HMAC_SHA1 }; libsrtp-2.1.0/crypto/hash/null_auth.c000066400000000000000000000120721312031100000175520ustar00rootroot00000000000000/* * null_auth.c * * implements the do-nothing auth algorithm * * David A. McGrew * Cisco Systems, Inc. * */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "null_auth.h" #include "err.h" /* for srtp_debug */ #include "alloc.h" /* null_auth uses the auth debug module */ extern srtp_debug_module_t srtp_mod_auth; static srtp_err_status_t srtp_null_auth_alloc (srtp_auth_t **a, int key_len, int out_len) { extern const srtp_auth_type_t srtp_null_auth; uint8_t *pointer; debug_print(srtp_mod_auth, "allocating auth func with key length %d", key_len); debug_print(srtp_mod_auth, " tag length %d", out_len); /* allocate memory for auth and srtp_null_auth_ctx_t structures */ pointer = (uint8_t*)srtp_crypto_alloc(sizeof(srtp_null_auth_ctx_t) + sizeof(srtp_auth_t)); if (pointer == NULL) { return srtp_err_status_alloc_fail; } /* set pointers */ *a = (srtp_auth_t*)pointer; (*a)->type = &srtp_null_auth; (*a)->state = pointer + sizeof(srtp_auth_t); (*a)->out_len = out_len; (*a)->prefix_len = out_len; (*a)->key_len = key_len; return srtp_err_status_ok; } static srtp_err_status_t srtp_null_auth_dealloc (srtp_auth_t *a) { extern const srtp_auth_type_t srtp_null_auth; /* zeroize entire state*/ octet_string_set_to_zero(a, sizeof(srtp_null_auth_ctx_t) + sizeof(srtp_auth_t)); /* free memory */ srtp_crypto_free(a); return srtp_err_status_ok; } static srtp_err_status_t srtp_null_auth_init (void *statev, const uint8_t *key, int key_len) { /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */ /* accept any length of key, and do nothing */ return srtp_err_status_ok; } static srtp_err_status_t srtp_null_auth_compute (void *statev, const uint8_t *message, int msg_octets, int tag_len, uint8_t *result) { /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */ return srtp_err_status_ok; } static srtp_err_status_t srtp_null_auth_update (void *statev, const uint8_t *message, int msg_octets) { /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */ return srtp_err_status_ok; } static srtp_err_status_t srtp_null_auth_start (void *statev) { /* srtp_null_auth_ctx_t *state = (srtp_null_auth_ctx_t *)statev; */ return srtp_err_status_ok; } /* * srtp_auth_type_t - defines description, test case, and null_auth * metaobject */ /* begin test case 0 */ static const srtp_auth_test_case_t srtp_null_auth_test_case_0 = { 0, /* octets in key */ NULL, /* key */ 0, /* octets in data */ NULL, /* data */ 0, /* octets in tag */ NULL, /* tag */ NULL /* pointer to next testcase */ }; /* end test case 0 */ static const char srtp_null_auth_description[] = "null authentication function"; const srtp_auth_type_t srtp_null_auth = { srtp_null_auth_alloc, srtp_null_auth_dealloc, srtp_null_auth_init, srtp_null_auth_compute, srtp_null_auth_update, srtp_null_auth_start, srtp_null_auth_description, &srtp_null_auth_test_case_0, SRTP_NULL_AUTH }; libsrtp-2.1.0/crypto/hash/sha1.c000066400000000000000000000302621312031100000164140ustar00rootroot00000000000000/* * sha1.c * * an implementation of the Secure Hash Algorithm v.1 (SHA-1), * specified in FIPS 180-1 * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "sha1.h" srtp_debug_module_t srtp_mod_sha1 = { 0, /* debugging is off by default */ "sha-1" /* printable module name */ }; /* SN == Rotate left N bits */ #define S1(X) ((X << 1) | (X >> 31)) #define S5(X) ((X << 5) | (X >> 27)) #define S30(X) ((X << 30) | (X >> 2)) #define f0(B, C, D) ((B & C) | (~B & D)) #define f1(B, C, D) (B ^ C ^ D) #define f2(B, C, D) ((B & C) | (B & D) | (C & D)) #define f3(B, C, D) (B ^ C ^ D) /* * nota bene: the variable K0 appears in the curses library, so we * give longer names to these variables to avoid spurious warnings * on systems that uses curses */ uint32_t SHA_K0 = 0x5A827999; /* Kt for 0 <= t <= 19 */ uint32_t SHA_K1 = 0x6ED9EBA1; /* Kt for 20 <= t <= 39 */ uint32_t SHA_K2 = 0x8F1BBCDC; /* Kt for 40 <= t <= 59 */ uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */ void srtp_sha1 (const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) { srtp_sha1_ctx_t ctx; srtp_sha1_init(&ctx); srtp_sha1_update(&ctx, msg, octets_in_msg); srtp_sha1_final(&ctx, hash_value); } /* * srtp_sha1_core(M, H) computes the core compression function, where M is * the next part of the message (in network byte order) and H is the * intermediate state { H0, H1, ...} (in host byte order) * * this function does not do any of the padding required in the * complete SHA1 function * * this function is used in the SEAL 3.0 key setup routines * (crypto/cipher/seal.c) */ void srtp_sha1_core (const uint32_t M[16], uint32_t hash_value[5]) { uint32_t H0; uint32_t H1; uint32_t H2; uint32_t H3; uint32_t H4; uint32_t W[80]; uint32_t A, B, C, D, E, TEMP; int t; /* copy hash_value into H0, H1, H2, H3, H4 */ H0 = hash_value[0]; H1 = hash_value[1]; H2 = hash_value[2]; H3 = hash_value[3]; H4 = hash_value[4]; /* copy/xor message into array */ W[0] = be32_to_cpu(M[0]); W[1] = be32_to_cpu(M[1]); W[2] = be32_to_cpu(M[2]); W[3] = be32_to_cpu(M[3]); W[4] = be32_to_cpu(M[4]); W[5] = be32_to_cpu(M[5]); W[6] = be32_to_cpu(M[6]); W[7] = be32_to_cpu(M[7]); W[8] = be32_to_cpu(M[8]); W[9] = be32_to_cpu(M[9]); W[10] = be32_to_cpu(M[10]); W[11] = be32_to_cpu(M[11]); W[12] = be32_to_cpu(M[12]); W[13] = be32_to_cpu(M[13]); W[14] = be32_to_cpu(M[14]); W[15] = be32_to_cpu(M[15]); TEMP = W[13] ^ W[8] ^ W[2] ^ W[0]; W[16] = S1(TEMP); TEMP = W[14] ^ W[9] ^ W[3] ^ W[1]; W[17] = S1(TEMP); TEMP = W[15] ^ W[10] ^ W[4] ^ W[2]; W[18] = S1(TEMP); TEMP = W[16] ^ W[11] ^ W[5] ^ W[3]; W[19] = S1(TEMP); TEMP = W[17] ^ W[12] ^ W[6] ^ W[4]; W[20] = S1(TEMP); TEMP = W[18] ^ W[13] ^ W[7] ^ W[5]; W[21] = S1(TEMP); TEMP = W[19] ^ W[14] ^ W[8] ^ W[6]; W[22] = S1(TEMP); TEMP = W[20] ^ W[15] ^ W[9] ^ W[7]; W[23] = S1(TEMP); TEMP = W[21] ^ W[16] ^ W[10] ^ W[8]; W[24] = S1(TEMP); TEMP = W[22] ^ W[17] ^ W[11] ^ W[9]; W[25] = S1(TEMP); TEMP = W[23] ^ W[18] ^ W[12] ^ W[10]; W[26] = S1(TEMP); TEMP = W[24] ^ W[19] ^ W[13] ^ W[11]; W[27] = S1(TEMP); TEMP = W[25] ^ W[20] ^ W[14] ^ W[12]; W[28] = S1(TEMP); TEMP = W[26] ^ W[21] ^ W[15] ^ W[13]; W[29] = S1(TEMP); TEMP = W[27] ^ W[22] ^ W[16] ^ W[14]; W[30] = S1(TEMP); TEMP = W[28] ^ W[23] ^ W[17] ^ W[15]; W[31] = S1(TEMP); /* process the remainder of the array */ for (t = 32; t < 80; t++) { TEMP = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; W[t] = S1(TEMP); } A = H0; B = H1; C = H2; D = H3; E = H4; for (t = 0; t < 20; t++) { TEMP = S5(A) + f0(B, C, D) + E + W[t] + SHA_K0; E = D; D = C; C = S30(B); B = A; A = TEMP; } for (; t < 40; t++) { TEMP = S5(A) + f1(B, C, D) + E + W[t] + SHA_K1; E = D; D = C; C = S30(B); B = A; A = TEMP; } for (; t < 60; t++) { TEMP = S5(A) + f2(B, C, D) + E + W[t] + SHA_K2; E = D; D = C; C = S30(B); B = A; A = TEMP; } for (; t < 80; t++) { TEMP = S5(A) + f3(B, C, D) + E + W[t] + SHA_K3; E = D; D = C; C = S30(B); B = A; A = TEMP; } hash_value[0] = H0 + A; hash_value[1] = H1 + B; hash_value[2] = H2 + C; hash_value[3] = H3 + D; hash_value[4] = H4 + E; return; } void srtp_sha1_init (srtp_sha1_ctx_t *ctx) { /* initialize state vector */ ctx->H[0] = 0x67452301; ctx->H[1] = 0xefcdab89; ctx->H[2] = 0x98badcfe; ctx->H[3] = 0x10325476; ctx->H[4] = 0xc3d2e1f0; /* indicate that message buffer is empty */ ctx->octets_in_buffer = 0; /* reset message bit-count to zero */ ctx->num_bits_in_msg = 0; } void srtp_sha1_update (srtp_sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) { int i; uint8_t *buf = (uint8_t*)ctx->M; /* update message bit-count */ ctx->num_bits_in_msg += octets_in_msg * 8; /* loop over 16-word blocks of M */ while (octets_in_msg > 0) { if (octets_in_msg + ctx->octets_in_buffer >= 64) { /* * copy words of M into msg buffer until that buffer is full, * converting them into host byte order as needed */ octets_in_msg -= (64 - ctx->octets_in_buffer); for (i = ctx->octets_in_buffer; i < 64; i++) { buf[i] = *msg++; } ctx->octets_in_buffer = 0; /* process a whole block */ debug_print(srtp_mod_sha1, "(update) running srtp_sha1_core()", NULL); srtp_sha1_core(ctx->M, ctx->H); } else { debug_print(srtp_mod_sha1, "(update) not running srtp_sha1_core()", NULL); for (i = ctx->octets_in_buffer; i < (ctx->octets_in_buffer + octets_in_msg); i++) { buf[i] = *msg++; } ctx->octets_in_buffer += octets_in_msg; octets_in_msg = 0; } } } /* * srtp_sha1_final(ctx, output) computes the result for ctx and copies it * into the twenty octets located at *output */ void srtp_sha1_final (srtp_sha1_ctx_t *ctx, uint32_t *output) { uint32_t A, B, C, D, E, TEMP; uint32_t W[80]; int i, t; /* * process the remaining octets_in_buffer, padding and terminating as * necessary */ { int tail = ctx->octets_in_buffer % 4; /* copy/xor message into array */ for (i = 0; i < (ctx->octets_in_buffer + 3) / 4; i++) { W[i] = be32_to_cpu(ctx->M[i]); } /* set the high bit of the octet immediately following the message */ switch (tail) { case (3): W[i - 1] = (be32_to_cpu(ctx->M[i - 1]) & 0xffffff00) | 0x80; W[i] = 0x0; break; case (2): W[i - 1] = (be32_to_cpu(ctx->M[i - 1]) & 0xffff0000) | 0x8000; W[i] = 0x0; break; case (1): W[i - 1] = (be32_to_cpu(ctx->M[i - 1]) & 0xff000000) | 0x800000; W[i] = 0x0; break; case (0): W[i] = 0x80000000; break; } /* zeroize remaining words */ for (i++; i < 15; i++) { W[i] = 0x0; } /* * if there is room at the end of the word array, then set the * last word to the bit-length of the message; otherwise, set that * word to zero and then we need to do one more run of the * compression algo. */ if (ctx->octets_in_buffer < 56) { W[15] = ctx->num_bits_in_msg; } else if (ctx->octets_in_buffer < 60) { W[15] = 0x0; } /* process the word array */ for (t = 16; t < 80; t++) { TEMP = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; W[t] = S1(TEMP); } A = ctx->H[0]; B = ctx->H[1]; C = ctx->H[2]; D = ctx->H[3]; E = ctx->H[4]; for (t = 0; t < 20; t++) { TEMP = S5(A) + f0(B, C, D) + E + W[t] + SHA_K0; E = D; D = C; C = S30(B); B = A; A = TEMP; } for (; t < 40; t++) { TEMP = S5(A) + f1(B, C, D) + E + W[t] + SHA_K1; E = D; D = C; C = S30(B); B = A; A = TEMP; } for (; t < 60; t++) { TEMP = S5(A) + f2(B, C, D) + E + W[t] + SHA_K2; E = D; D = C; C = S30(B); B = A; A = TEMP; } for (; t < 80; t++) { TEMP = S5(A) + f3(B, C, D) + E + W[t] + SHA_K3; E = D; D = C; C = S30(B); B = A; A = TEMP; } ctx->H[0] += A; ctx->H[1] += B; ctx->H[2] += C; ctx->H[3] += D; ctx->H[4] += E; } debug_print(srtp_mod_sha1, "(final) running srtp_sha1_core()", NULL); if (ctx->octets_in_buffer >= 56) { debug_print(srtp_mod_sha1, "(final) running srtp_sha1_core() again", NULL); /* we need to do one final run of the compression algo */ /* * set initial part of word array to zeros, and set the * final part to the number of bits in the message */ for (i = 0; i < 15; i++) { W[i] = 0x0; } W[15] = ctx->num_bits_in_msg; /* process the word array */ for (t = 16; t < 80; t++) { TEMP = W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16]; W[t] = S1(TEMP); } A = ctx->H[0]; B = ctx->H[1]; C = ctx->H[2]; D = ctx->H[3]; E = ctx->H[4]; for (t = 0; t < 20; t++) { TEMP = S5(A) + f0(B, C, D) + E + W[t] + SHA_K0; E = D; D = C; C = S30(B); B = A; A = TEMP; } for (; t < 40; t++) { TEMP = S5(A) + f1(B, C, D) + E + W[t] + SHA_K1; E = D; D = C; C = S30(B); B = A; A = TEMP; } for (; t < 60; t++) { TEMP = S5(A) + f2(B, C, D) + E + W[t] + SHA_K2; E = D; D = C; C = S30(B); B = A; A = TEMP; } for (; t < 80; t++) { TEMP = S5(A) + f3(B, C, D) + E + W[t] + SHA_K3; E = D; D = C; C = S30(B); B = A; A = TEMP; } ctx->H[0] += A; ctx->H[1] += B; ctx->H[2] += C; ctx->H[3] += D; ctx->H[4] += E; } /* copy result into output buffer */ output[0] = be32_to_cpu(ctx->H[0]); output[1] = be32_to_cpu(ctx->H[1]); output[2] = be32_to_cpu(ctx->H[2]); output[3] = be32_to_cpu(ctx->H[3]); output[4] = be32_to_cpu(ctx->H[4]); /* indicate that message buffer in context is empty */ ctx->octets_in_buffer = 0; return; } libsrtp-2.1.0/crypto/include/000077500000000000000000000000001312031100000161115ustar00rootroot00000000000000libsrtp-2.1.0/crypto/include/aes.h000066400000000000000000000045631312031100000170420ustar00rootroot00000000000000/* * aes.h * * header file for the AES block cipher * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef AES_H #define AES_H #include "datatypes.h" #include "err.h" #ifdef __cplusplus extern "C" { #endif /* aes internals */ typedef struct { v128_t round[15]; int num_rounds; } srtp_aes_expanded_key_t; srtp_err_status_t srtp_aes_expand_encryption_key( const uint8_t *key, int key_len, srtp_aes_expanded_key_t *expanded_key); srtp_err_status_t srtp_aes_expand_decryption_key( const uint8_t *key, int key_len, srtp_aes_expanded_key_t *expanded_key); void srtp_aes_encrypt(v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key); void srtp_aes_decrypt(v128_t *plaintext, const srtp_aes_expanded_key_t *exp_key); #ifdef __cplusplus } #endif #endif /* AES_H */ libsrtp-2.1.0/crypto/include/aes_gcm_ossl.h000066400000000000000000000037741312031100000207330ustar00rootroot00000000000000/* * aes_gcm_ossl.h * * Header for AES Galois Counter Mode. * * John A. Foley * Cisco Systems, Inc. * */ /* * * Copyright (c) 2013-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef AES_GCM_OSSL_H #define AES_GCM_OSSL_H #include "cipher.h" #include "srtp.h" #include "datatypes.h" #include #include typedef struct { int key_size; int tag_len; EVP_CIPHER_CTX* ctx; srtp_cipher_direction_t dir; } srtp_aes_gcm_ctx_t; #endif /* AES_GCM_OSSL_H */ libsrtp-2.1.0/crypto/include/aes_icm.h000066400000000000000000000044541312031100000176710ustar00rootroot00000000000000/* * aes_icm.h * * Header for AES Integer Counter Mode. * * David A. McGrew * Cisco Systems, Inc. * */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef AES_ICM_H #define AES_ICM_H #include "aes.h" #include "cipher.h" typedef struct { v128_t counter; /* holds the counter value */ v128_t offset; /* initial offset value */ v128_t keystream_buffer; /* buffers bytes of keystream */ srtp_aes_expanded_key_t expanded_key; /* the cipher key */ int bytes_in_buffer; /* number of unused bytes in buffer */ int key_size; /* AES key size + 14 byte SALT */ } srtp_aes_icm_ctx_t; #endif /* AES_ICM_H */ libsrtp-2.1.0/crypto/include/aes_icm_ossl.h000066400000000000000000000040731312031100000207260ustar00rootroot00000000000000/* * aes_icm.h * * Header for AES Integer Counter Mode. * * David A. McGrew * Cisco Systems, Inc. * */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef AES_ICM_H #define AES_ICM_H #include "cipher.h" #include "datatypes.h" #include #include typedef struct { v128_t counter; /* holds the counter value */ v128_t offset; /* initial offset value */ int key_size; EVP_CIPHER_CTX* ctx; } srtp_aes_icm_ctx_t; #endif /* AES_ICM_H */ libsrtp-2.1.0/crypto/include/alloc.h000066400000000000000000000037221312031100000173600ustar00rootroot00000000000000/* * alloc.h * * interface to memory allocation and deallocation, with optional debugging * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef CRYPTO_ALLOC_H #define CRYPTO_ALLOC_H #include "datatypes.h" #ifdef __cplusplus extern "C" { #endif void * srtp_crypto_alloc(size_t size); void srtp_crypto_free(void *ptr); #ifdef __cplusplus } #endif #endif /* CRYPTO_ALLOC_H */ libsrtp-2.1.0/crypto/include/auth.h000066400000000000000000000137711312031100000172340ustar00rootroot00000000000000/* * auth.h * * common interface to authentication functions * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef SRTP_AUTH_H #define SRTP_AUTH_H #include "srtp.h" #include "crypto_types.h" /* for values of auth_type_id_t */ #ifdef __cplusplus extern "C" { #endif typedef const struct srtp_auth_type_t *srtp_auth_type_pointer; typedef struct srtp_auth_t *srtp_auth_pointer_t; typedef srtp_err_status_t (*srtp_auth_alloc_func) (srtp_auth_pointer_t *ap, int key_len, int out_len); typedef srtp_err_status_t (*srtp_auth_init_func) (void *state, const uint8_t *key, int key_len); typedef srtp_err_status_t (*srtp_auth_dealloc_func)(srtp_auth_pointer_t ap); typedef srtp_err_status_t (*srtp_auth_compute_func) (void *state, const uint8_t *buffer, int octets_to_auth, int tag_len, uint8_t *tag); typedef srtp_err_status_t (*srtp_auth_update_func) (void *state, const uint8_t *buffer, int octets_to_auth); typedef srtp_err_status_t (*srtp_auth_start_func)(void *state); /* some syntactic sugar on these function types */ #define srtp_auth_type_alloc(at, a, klen, outlen) \ ((at)->alloc((a), (klen), (outlen))) #define srtp_auth_init(a, key) \ (((a)->type)->init((a)->state, (key), ((a)->key_len))) #define srtp_auth_compute(a, buf, len, res) \ (((a)->type)->compute((a)->state, (buf), (len), (a)->out_len, (res))) #define srtp_auth_update(a, buf, len) \ (((a)->type)->update((a)->state, (buf), (len))) #define srtp_auth_start(a)(((a)->type)->start((a)->state)) #define srtp_auth_dealloc(c) (((c)->type)->dealloc(c)) /* functions to get information about a particular auth_t */ int srtp_auth_get_key_length(const struct srtp_auth_t *a); int srtp_auth_get_tag_length(const struct srtp_auth_t *a); int srtp_auth_get_prefix_length(const struct srtp_auth_t *a); /* * srtp_auth_test_case_t is a (list of) key/message/tag values that are * known to be correct for a particular cipher. this data can be used * to test an implementation in an on-the-fly self test of the * correctness of the implementation. (see the srtp_auth_type_self_test() * function below) */ typedef struct srtp_auth_test_case_t { int key_length_octets; /* octets in key */ const uint8_t *key; /* key */ int data_length_octets; /* octets in data */ const uint8_t *data; /* data */ int tag_length_octets; /* octets in tag */ const uint8_t *tag; /* tag */ const struct srtp_auth_test_case_t *next_test_case; /* pointer to next testcase */ } srtp_auth_test_case_t; /* srtp_auth_type_t */ typedef struct srtp_auth_type_t { srtp_auth_alloc_func alloc; srtp_auth_dealloc_func dealloc; srtp_auth_init_func init; srtp_auth_compute_func compute; srtp_auth_update_func update; srtp_auth_start_func start; const char *description; const srtp_auth_test_case_t *test_data; srtp_auth_type_id_t id; } srtp_auth_type_t; typedef struct srtp_auth_t { const srtp_auth_type_t *type; void *state; int out_len; /* length of output tag in octets */ int key_len; /* length of key in octets */ int prefix_len; /* length of keystream prefix */ } srtp_auth_t; /* * srtp_auth_type_self_test() tests an auth_type against test cases * provided in an array of values of key/message/tag that is known to * be good */ srtp_err_status_t srtp_auth_type_self_test(const srtp_auth_type_t *at); /* * srtp_auth_type_test() tests an auth_type against external test cases * provided in an array of values of key/message/tag that is known to * be good */ srtp_err_status_t srtp_auth_type_test(const srtp_auth_type_t *at, const srtp_auth_test_case_t *test_data); /* * srtp_replace_auth_type(ct, id) * * replaces srtp's kernel's auth type implementation for the auth_type id * with a new one passed in externally. The new auth type must pass all the * existing auth_type's self tests as well as its own. */ srtp_err_status_t srtp_replace_auth_type(const srtp_auth_type_t *ct, srtp_auth_type_id_t id); #ifdef __cplusplus } #endif #endif /* SRTP_AUTH_H */ libsrtp-2.1.0/crypto/include/cipher.h000066400000000000000000000207641312031100000175450ustar00rootroot00000000000000/* * cipher.h * * common interface to ciphers * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef SRTP_CIPHER_H #define SRTP_CIPHER_H #include "srtp.h" #include "crypto_types.h" /* for values of cipher_type_id_t */ #ifdef __cplusplus extern "C" { #endif /* * srtp_cipher_direction_t defines a particular cipher operation. * * A srtp_cipher_direction_t is an enum that describes a particular cipher * operation, i.e. encryption or decryption. For some ciphers, this * distinction does not matter, but for others, it is essential. */ typedef enum { srtp_direction_encrypt, /**< encryption (convert plaintext to ciphertext) */ srtp_direction_decrypt, /**< decryption (convert ciphertext to plaintext) */ srtp_direction_any /**< encryption or decryption */ } srtp_cipher_direction_t; /* * the srtp_cipher_pointer_t definition is needed * as srtp_cipher_t is not yet defined */ typedef struct srtp_cipher_t *srtp_cipher_pointer_t; /* * a srtp_cipher_alloc_func_t allocates (but does not initialize) a srtp_cipher_t */ typedef srtp_err_status_t (*srtp_cipher_alloc_func_t) (srtp_cipher_pointer_t *cp, int key_len, int tag_len); /* * a srtp_cipher_init_func_t [re-]initializes a cipher_t with a given key */ typedef srtp_err_status_t (*srtp_cipher_init_func_t) (void *state, const uint8_t *key); /* a srtp_cipher_dealloc_func_t de-allocates a cipher_t */ typedef srtp_err_status_t (*srtp_cipher_dealloc_func_t)(srtp_cipher_pointer_t cp); /* * a srtp_cipher_set_aad_func_t processes the AAD data for AEAD ciphers */ typedef srtp_err_status_t (*srtp_cipher_set_aad_func_t) (void *state, const uint8_t *aad, uint32_t aad_len); /* a srtp_cipher_encrypt_func_t encrypts data in-place */ typedef srtp_err_status_t (*srtp_cipher_encrypt_func_t) (void *state, uint8_t *buffer, unsigned int *octets_to_encrypt); /* a srtp_cipher_decrypt_func_t decrypts data in-place */ typedef srtp_err_status_t (*srtp_cipher_decrypt_func_t) (void *state, uint8_t *buffer, unsigned int *octets_to_decrypt); /* * a srtp_cipher_set_iv_func_t function sets the current initialization vector */ typedef srtp_err_status_t (*srtp_cipher_set_iv_func_t) (void *state, uint8_t *iv, srtp_cipher_direction_t direction); /* * a cipher_get_tag_func_t function is used to get the authentication * tag that was calculated by an AEAD cipher. */ typedef srtp_err_status_t (*srtp_cipher_get_tag_func_t) (void *state, uint8_t *tag, uint32_t *len); /* * srtp_cipher_test_case_t is a (list of) key, salt, plaintext, ciphertext, * and aad values that are known to be correct for a * particular cipher. this data can be used to test an implementation * in an on-the-fly self test of the correctness of the implementation. * (see the srtp_cipher_type_self_test() function below) */ typedef struct srtp_cipher_test_case_t { int key_length_octets; /* octets in key */ const uint8_t *key; /* key */ uint8_t *idx; /* packet index */ int plaintext_length_octets; /* octets in plaintext */ const uint8_t *plaintext; /* plaintext */ int ciphertext_length_octets; /* octets in plaintext */ const uint8_t *ciphertext; /* ciphertext */ int aad_length_octets; /* octets in AAD */ const uint8_t *aad; /* AAD */ int tag_length_octets; /* Length of AEAD tag */ const struct srtp_cipher_test_case_t *next_test_case; /* pointer to next testcase */ } srtp_cipher_test_case_t; /* srtp_cipher_type_t defines the 'metadata' for a particular cipher type */ typedef struct srtp_cipher_type_t { srtp_cipher_alloc_func_t alloc; srtp_cipher_dealloc_func_t dealloc; srtp_cipher_init_func_t init; srtp_cipher_set_aad_func_t set_aad; srtp_cipher_encrypt_func_t encrypt; srtp_cipher_encrypt_func_t decrypt; srtp_cipher_set_iv_func_t set_iv; srtp_cipher_get_tag_func_t get_tag; const char *description; const srtp_cipher_test_case_t *test_data; srtp_cipher_type_id_t id; } srtp_cipher_type_t; /* * srtp_cipher_t defines an instantiation of a particular cipher, with fixed * key length, key and salt values */ typedef struct srtp_cipher_t { const srtp_cipher_type_t *type; void *state; int key_len; int algorithm; } srtp_cipher_t; /* some bookkeeping functions */ int srtp_cipher_get_key_length(const srtp_cipher_t *c); /* * srtp_cipher_type_self_test() tests a cipher against test cases provided in * an array of values of key/srtp_xtd_seq_num_t/plaintext/ciphertext * that is known to be good */ srtp_err_status_t srtp_cipher_type_self_test(const srtp_cipher_type_t *ct); /* * srtp_cipher_type_test() tests a cipher against external test cases provided in * an array of values of key/srtp_xtd_seq_num_t/plaintext/ciphertext * that is known to be good */ srtp_err_status_t srtp_cipher_type_test(const srtp_cipher_type_t *ct, const srtp_cipher_test_case_t *test_data); /* * srtp_cipher_bits_per_second(c, l, t) computes (an estimate of) the * number of bits that a cipher implementation can encrypt in a second * * c is a cipher (which MUST be allocated and initialized already), l * is the length in octets of the test data to be encrypted, and t is * the number of trials * * if an error is encountered, then the value 0 is returned */ uint64_t srtp_cipher_bits_per_second(srtp_cipher_t *c, int octets_in_buffer, int num_trials); srtp_err_status_t srtp_cipher_type_alloc(const srtp_cipher_type_t *ct, srtp_cipher_t **c, int key_len, int tlen); srtp_err_status_t srtp_cipher_dealloc(srtp_cipher_t *c); srtp_err_status_t srtp_cipher_init(srtp_cipher_t *c, const uint8_t *key); srtp_err_status_t srtp_cipher_set_iv(srtp_cipher_t *c, uint8_t *iv, int direction); srtp_err_status_t srtp_cipher_output(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output); srtp_err_status_t srtp_cipher_encrypt(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output); srtp_err_status_t srtp_cipher_decrypt(srtp_cipher_t *c, uint8_t *buffer, uint32_t *num_octets_to_output); srtp_err_status_t srtp_cipher_get_tag(srtp_cipher_t *c, uint8_t *buffer, uint32_t *tag_len); srtp_err_status_t srtp_cipher_set_aad(srtp_cipher_t *c, const uint8_t *aad, uint32_t aad_len); /* * srtp_replace_cipher_type(ct, id) * * replaces srtp's existing cipher implementation for the cipher_type id * with a new one passed in externally. The new cipher must pass all the * existing cipher_type's self tests as well as its own. */ srtp_err_status_t srtp_replace_cipher_type(const srtp_cipher_type_t *ct, srtp_cipher_type_id_t id); #ifdef __cplusplus } #endif #endif /* SRTP_CIPHER_H */ libsrtp-2.1.0/crypto/include/crypto_kernel.h000066400000000000000000000145741312031100000211550ustar00rootroot00000000000000/* * crypto_kernel.h * * header for the cryptographic kernel * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright(c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef CRYPTO_KERNEL #define CRYPTO_KERNEL #include "cipher.h" #include "auth.h" #include "err.h" #include "crypto_types.h" #include "key.h" #ifdef __cplusplus extern "C" { #endif /* * crypto_kernel_state_t defines the possible states: * * insecure - not yet initialized * secure - initialized and passed self-tests */ typedef enum { srtp_crypto_kernel_state_insecure, srtp_crypto_kernel_state_secure } srtp_crypto_kernel_state_t; /* * linked list of cipher types */ typedef struct srtp_kernel_cipher_type { srtp_cipher_type_id_t id; const srtp_cipher_type_t *cipher_type; struct srtp_kernel_cipher_type *next; } srtp_kernel_cipher_type_t; /* * linked list of auth types */ typedef struct srtp_kernel_auth_type { srtp_auth_type_id_t id; const srtp_auth_type_t *auth_type; struct srtp_kernel_auth_type *next; } srtp_kernel_auth_type_t; /* * linked list of debug modules */ typedef struct srtp_kernel_debug_module { srtp_debug_module_t *mod; struct srtp_kernel_debug_module *next; } srtp_kernel_debug_module_t; /* * crypto_kernel_t is the data structure for the crypto kernel * * note that there is *exactly one* instance of this data type, * a global variable defined in crypto_kernel.c */ typedef struct { srtp_crypto_kernel_state_t state; /* current state of kernel */ srtp_kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */ srtp_kernel_auth_type_t *auth_type_list; /* list of all auth func types */ srtp_kernel_debug_module_t *debug_module_list; /* list of all debug modules */ } srtp_crypto_kernel_t; /* * srtp_crypto_kernel_t external api */ /* * The function srtp_crypto_kernel_init() initialized the crypto kernel and * runs the self-test operations on the random number generators and * crypto algorithms. Possible return values are: * * srtp_err_status_ok initialization successful * init failure * * If any value other than srtp_err_status_ok is returned, the * crypto_kernel MUST NOT be used. */ srtp_err_status_t srtp_crypto_kernel_init(void); /* * The function srtp_crypto_kernel_shutdown() de-initializes the * crypto_kernel, zeroizes keys and other cryptographic material, and * deallocates any dynamically allocated memory. Possible return * values are: * * srtp_err_status_ok shutdown successful * shutdown failure * */ srtp_err_status_t srtp_crypto_kernel_shutdown(void); /* * The function srtp_crypto_kernel_stats() checks the the crypto_kernel, * running tests on the ciphers, auth funcs, and rng, and prints out a * status report. Possible return values are: * * srtp_err_status_ok all tests were passed * a test failed * */ srtp_err_status_t srtp_crypto_kernel_status(void); /* * srtp_crypto_kernel_list_debug_modules() outputs a list of debugging modules * */ srtp_err_status_t srtp_crypto_kernel_list_debug_modules(void); /* * srtp_crypto_kernel_load_cipher_type() * */ srtp_err_status_t srtp_crypto_kernel_load_cipher_type(const srtp_cipher_type_t *ct, srtp_cipher_type_id_t id); srtp_err_status_t srtp_crypto_kernel_load_auth_type(const srtp_auth_type_t *ct, srtp_auth_type_id_t id); srtp_err_status_t srtp_crypto_kernel_load_debug_module(srtp_debug_module_t *new_dm); /* * srtp_crypto_kernel_alloc_cipher(id, cp, key_len); * * allocates a cipher of type id at location *cp, with key length * key_len octets. Return values are: * * srtp_err_status_ok no problems * srtp_err_status_alloc_fail an allocation failure occured * srtp_err_status_fail couldn't find cipher with identifier 'id' */ srtp_err_status_t srtp_crypto_kernel_alloc_cipher(srtp_cipher_type_id_t id, srtp_cipher_pointer_t *cp, int key_len, int tag_len); /* * srtp_crypto_kernel_alloc_auth(id, ap, key_len, tag_len); * * allocates an auth function of type id at location *ap, with key * length key_len octets and output tag length of tag_len. Return * values are: * * srtp_err_status_ok no problems * srtp_err_status_alloc_fail an allocation failure occured * srtp_err_status_fail couldn't find auth with identifier 'id' */ srtp_err_status_t srtp_crypto_kernel_alloc_auth(srtp_auth_type_id_t id, srtp_auth_pointer_t *ap, int key_len, int tag_len); /* * srtp_crypto_kernel_set_debug_module(mod_name, v) * * sets dynamic debugging to the value v (0 for off, 1 for on) for the * debug module with the name mod_name * * returns srtp_err_status_ok on success, srtp_err_status_fail otherwise */ srtp_err_status_t srtp_crypto_kernel_set_debug_module(const char *mod_name, int v); #ifdef __cplusplus } #endif #endif /* CRYPTO_KERNEL */ libsrtp-2.1.0/crypto/include/crypto_types.h000066400000000000000000000072371312031100000210370ustar00rootroot00000000000000/* * crypto_types.h * * constants for cipher types and auth func types * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright(c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef SRTP_CRYPTO_TYPES_H #define SRTP_CRYPTO_TYPES_H /* * The null cipher performs no encryption. * * The SRTP_NULL_CIPHER leaves its inputs unaltered, during both the * encryption and decryption operations. This cipher can be chosen * to indicate that no encryption is to be performed. */ #define SRTP_NULL_CIPHER 0 /* * AES-128 Integer Counter Mode (AES ICM) * * AES-128 ICM is the variant of counter mode that is used by * Secure RTP. This cipher uses a 16-octet key concatenated with a * 14-octet offset (or salt) value. */ #define SRTP_AES_ICM_128 1 /* * AES-192 Integer Counter Mode (AES ICM) * * AES-128 ICM is the variant of counter mode that is used by * Secure RTP. This cipher uses a 24-octet key concatenated with a * 14-octet offset (or salt) value. */ #define SRTP_AES_ICM_192 4 /* * AES-256 Integer Counter Mode (AES ICM) * * AES-128 ICM is the variant of counter mode that is used by * Secure RTP. This cipher uses a 32-octet key concatenated with a * 14-octet offset (or salt) value. */ #define SRTP_AES_ICM_256 5 /* * AES-128_GCM Galois Counter Mode (AES GCM) * * AES-128 GCM is the variant of galois counter mode that is used by * Secure RTP. This cipher uses a 16-octet key. */ #define SRTP_AES_GCM_128 6 /* * AES-256_GCM Galois Counter Mode (AES GCM) * * AES-256 GCM is the variant of galois counter mode that is used by * Secure RTP. This cipher uses a 32-octet key. */ #define SRTP_AES_GCM_256 7 /* * The null authentication function performs no authentication. * * The NULL_AUTH function does nothing, and can be selected to indicate * that authentication should not be performed. */ #define SRTP_NULL_AUTH 0 /* * HMAC-SHA1 * * SRTP_HMAC_SHA1 implements the Hash-based MAC using the NIST Secure * Hash Algorithm version 1 (SHA1). */ #define SRTP_HMAC_SHA1 3 #endif /* SRTP_CRYPTO_TYPES_H */ libsrtp-2.1.0/crypto/include/datatypes.h000066400000000000000000000275471312031100000202770ustar00rootroot00000000000000/* * datatypes.h * * data types for bit vectors and finite fields * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef DATATYPES_H #define DATATYPES_H #include "integers.h" /* definitions of uint32_t, et cetera */ #include "alloc.h" #include #include #include #include #ifdef HAVE_NETINET_IN_H # include #elif defined HAVE_WINSOCK2_H # include #endif #ifdef __cplusplus extern "C" { #endif /* if DATATYPES_USE_MACROS is defined, then little functions are macros */ #define DATATYPES_USE_MACROS typedef union { uint8_t v8[2]; uint16_t value; } v16_t; typedef union { uint8_t v8[4]; uint16_t v16[2]; uint32_t value; } v32_t; typedef union { uint8_t v8[8]; uint16_t v16[4]; uint32_t v32[2]; uint64_t value; } v64_t; typedef union { uint8_t v8[16]; uint16_t v16[8]; uint32_t v32[4]; uint64_t v64[2]; } v128_t; typedef union { uint8_t v8[32]; uint16_t v16[16]; uint32_t v32[8]; uint64_t v64[4]; } v256_t; /* some useful and simple math functions */ #define pow_2(X) ( (unsigned int)1 << (X) ) /* 2^X */ #define pow_minus_one(X) ( (X) ? -1 : 1 ) /* (-1)^X */ /* * octet_get_weight(x) returns the hamming weight (number of bits equal to * one) in the octet x */ int octet_get_weight(uint8_t octet); #define MAX_PRINT_STRING_LEN 1024 char * srtp_octet_string_hex_string(const void *str, int length); char * v128_bit_string(v128_t *x); char * v128_hex_string(v128_t *x); void v128_copy_octet_string(v128_t *x, const uint8_t s[16]); void v128_left_shift(v128_t *x, int shift_index); void v128_right_shift(v128_t *x, int shift_index); /* * the following macros define the data manipulation functions * * If DATATYPES_USE_MACROS is defined, then these macros are used * directly (and function call overhead is avoided). Otherwise, * the macros are used through the functions defined in datatypes.c * (and the compiler provides better warnings). */ #define _v128_set_to_zero(x) \ ( \ (x)->v32[0] = 0, \ (x)->v32[1] = 0, \ (x)->v32[2] = 0, \ (x)->v32[3] = 0 \ ) #define _v128_copy(x, y) \ ( \ (x)->v32[0] = (y)->v32[0], \ (x)->v32[1] = (y)->v32[1], \ (x)->v32[2] = (y)->v32[2], \ (x)->v32[3] = (y)->v32[3] \ ) #define _v128_xor(z, x, y) \ ( \ (z)->v32[0] = (x)->v32[0] ^ (y)->v32[0], \ (z)->v32[1] = (x)->v32[1] ^ (y)->v32[1], \ (z)->v32[2] = (x)->v32[2] ^ (y)->v32[2], \ (z)->v32[3] = (x)->v32[3] ^ (y)->v32[3] \ ) #define _v128_and(z, x, y) \ ( \ (z)->v32[0] = (x)->v32[0] & (y)->v32[0], \ (z)->v32[1] = (x)->v32[1] & (y)->v32[1], \ (z)->v32[2] = (x)->v32[2] & (y)->v32[2], \ (z)->v32[3] = (x)->v32[3] & (y)->v32[3] \ ) #define _v128_or(z, x, y) \ ( \ (z)->v32[0] = (x)->v32[0] | (y)->v32[0], \ (z)->v32[1] = (x)->v32[1] | (y)->v32[1], \ (z)->v32[2] = (x)->v32[2] | (y)->v32[2], \ (z)->v32[3] = (x)->v32[3] | (y)->v32[3] \ ) #define _v128_complement(x) \ ( \ (x)->v32[0] = ~(x)->v32[0], \ (x)->v32[1] = ~(x)->v32[1], \ (x)->v32[2] = ~(x)->v32[2], \ (x)->v32[3] = ~(x)->v32[3] \ ) /* ok for NO_64BIT_MATH if it can compare uint64_t's (even as structures) */ #define _v128_is_eq(x, y) \ (((x)->v64[0] == (y)->v64[0]) && ((x)->v64[1] == (y)->v64[1])) #ifdef NO_64BIT_MATH #define _v128_xor_eq(z, x) \ ( \ (z)->v32[0] ^= (x)->v32[0], \ (z)->v32[1] ^= (x)->v32[1], \ (z)->v32[2] ^= (x)->v32[2], \ (z)->v32[3] ^= (x)->v32[3] \ ) #else #define _v128_xor_eq(z, x) \ ( \ (z)->v64[0] ^= (x)->v64[0], \ (z)->v64[1] ^= (x)->v64[1] \ ) #endif /* NOTE! This assumes an odd ordering! */ /* This will not be compatible directly with math on some processors */ /* bit 0 is first 32-bit word, low order bit. in little-endian, that's the first byte of the first 32-bit word. In big-endian, that's the 3rd byte of the first 32-bit word */ /* The get/set bit code is used by the replay code ONLY, and it doesn't really care which bit is which. AES does care which bit is which, but doesn't use the 128-bit get/set or 128-bit shifts */ #define _v128_get_bit(x, bit) \ ( \ ((((x)->v32[(bit) >> 5]) >> ((bit) & 31)) & 1) \ ) #define _v128_set_bit(x, bit) \ ( \ (((x)->v32[(bit) >> 5]) |= ((uint32_t)1 << ((bit) & 31))) \ ) #define _v128_clear_bit(x, bit) \ ( \ (((x)->v32[(bit) >> 5]) &= ~((uint32_t)1 << ((bit) & 31))) \ ) #define _v128_set_bit_to(x, bit, value) \ ( \ (value) ? _v128_set_bit(x, bit) : \ _v128_clear_bit(x, bit) \ ) #ifdef DATATYPES_USE_MACROS /* little functions are really macros */ #define v128_set_to_zero(z) _v128_set_to_zero(z) #define v128_copy(z, x) _v128_copy(z, x) #define v128_xor(z, x, y) _v128_xor(z, x, y) #define v128_and(z, x, y) _v128_and(z, x, y) #define v128_or(z, x, y) _v128_or(z, x, y) #define v128_complement(x) _v128_complement(x) #define v128_is_eq(x, y) _v128_is_eq(x, y) #define v128_xor_eq(x, y) _v128_xor_eq(x, y) #define v128_get_bit(x, i) _v128_get_bit(x, i) #define v128_set_bit(x, i) _v128_set_bit(x, i) #define v128_clear_bit(x, i) _v128_clear_bit(x, i) #define v128_set_bit_to(x, i, y) _v128_set_bit_to(x, i, y) #else void v128_set_to_zero(v128_t *x); int v128_is_eq(const v128_t *x, const v128_t *y); void v128_copy(v128_t *x, const v128_t *y); void v128_xor(v128_t *z, v128_t *x, v128_t *y); void v128_and(v128_t *z, v128_t *x, v128_t *y); void v128_or(v128_t *z, v128_t *x, v128_t *y); void v128_complement(v128_t *x); int v128_get_bit(const v128_t *x, int i); void v128_set_bit(v128_t *x, int i) ; void v128_clear_bit(v128_t *x, int i); void v128_set_bit_to(v128_t *x, int i, int y); #endif /* DATATYPES_USE_MACROS */ /* * octet_string_is_eq(a, b, len) returns 1 if the length len strings a * and b are not equal. It returns 0 otherwise. The running time of the * comparison depends only on len, making this safe to use for (e.g.) * verifying authentication tags. */ int octet_string_is_eq(uint8_t *a, uint8_t *b, int len); /* * A portable way to zero out memory as recommended by * https://cryptocoding.net/index.php/Coding_rules#Clean_memory_of_secret_data * This is used to zero memory when OPENSSL_cleanse() is not available. */ void srtp_cleanse(void *s, size_t len); /* * Functions as a wrapper that delegates to either srtp_cleanse() or * OPENSSL_cleanse() if available to zero memory. */ void octet_string_set_to_zero(void *s, size_t len); #if defined(HAVE_CONFIG_H) /* * Convert big endian integers to CPU byte order. */ #ifdef WORDS_BIGENDIAN /* Nothing to do. */ # define be32_to_cpu(x) (x) # define be64_to_cpu(x) (x) #elif defined(HAVE_BYTESWAP_H) /* We have (hopefully) optimized versions in byteswap.h */ # include # define be32_to_cpu(x) bswap_32((x)) # define be64_to_cpu(x) bswap_64((x)) #else #if defined(__GNUC__) && defined(HAVE_X86) /* Fall back. */ static inline uint32_t be32_to_cpu(uint32_t v) { /* optimized for x86. */ asm("bswap %0" : "=r" (v) : "0" (v)); return v; } # else /* HAVE_X86 */ # ifdef HAVE_NETINET_IN_H # include # elif defined HAVE_WINSOCK2_H # include # endif # define be32_to_cpu(x) ntohl((x)) # endif /* HAVE_X86 */ static inline uint64_t be64_to_cpu(uint64_t v) { # ifdef NO_64BIT_MATH /* use the make64 functions to do 64-bit math */ v = make64(htonl(low32(v)),htonl(high32(v))); # else /* use the native 64-bit math */ v= (uint64_t)((be32_to_cpu((uint32_t)(v >> 32))) | (((uint64_t)be32_to_cpu((uint32_t)v)) << 32)); # endif return v; } #endif #endif /* WORDS_BIGENDIAN */ /* * functions manipulating bitvector_t * * A bitvector_t consists of an array of words and an integer * representing the number of significant bits stored in the array. * The bits are packed as follows: the least significant bit is that * of word[0], while the most significant bit is the nth most * significant bit of word[m], where length = bits_per_word * m + n. * */ #define bits_per_word 32 #define bytes_per_word 4 typedef struct { uint32_t length; uint32_t *word; } bitvector_t; #define _bitvector_get_bit(v, bit_index) \ ( \ ((((v)->word[((bit_index) >> 5)]) >> ((bit_index) & 31)) & 1) \ ) #define _bitvector_set_bit(v, bit_index) \ ( \ (((v)->word[((bit_index) >> 5)] |= ((uint32_t)1 << ((bit_index) & 31)))) \ ) #define _bitvector_clear_bit(v, bit_index) \ ( \ (((v)->word[((bit_index) >> 5)] &= ~((uint32_t)1 << ((bit_index) & 31)))) \ ) #define _bitvector_get_length(v) \ ( \ ((v)->length) \ ) #ifdef DATATYPES_USE_MACROS /* little functions are really macros */ #define bitvector_get_bit(v, bit_index) _bitvector_get_bit(v, bit_index) #define bitvector_set_bit(v, bit_index) _bitvector_set_bit(v, bit_index) #define bitvector_clear_bit(v, bit_index) _bitvector_clear_bit(v, bit_index) #define bitvector_get_length(v) _bitvector_get_length(v) #else int bitvector_get_bit(const bitvector_t *v, int bit_index); void bitvector_set_bit(bitvector_t *v, int bit_index); void bitvector_clear_bit(bitvector_t *v, int bit_index); unsigned long bitvector_get_length(const bitvector_t *v); #endif int bitvector_alloc(bitvector_t *v, unsigned long length); void bitvector_dealloc(bitvector_t *v); void bitvector_set_to_zero(bitvector_t *x); void bitvector_left_shift(bitvector_t *x, int index); char * bitvector_bit_string(bitvector_t *x, char* buf, int len); #ifdef __cplusplus } #endif #endif /* DATATYPES_H */ libsrtp-2.1.0/crypto/include/err.h000066400000000000000000000072071312031100000170600ustar00rootroot00000000000000/* * err.h * * error status codes * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef ERR_H #define ERR_H #include #include #include "srtp.h" #ifdef __cplusplus extern "C" { #endif /** * @defgroup Error Error Codes * * Error status codes are represented by the enumeration srtp_err_status_t. * * @{ */ /** * @} */ typedef enum { srtp_err_level_error, srtp_err_level_warning, srtp_err_level_info, srtp_err_level_debug } srtp_err_reporting_level_t; /* * err_reporting_init prepares the error system. If * ERR_REPORTING_STDOUT is defined, it will log to stdout. * */ srtp_err_status_t srtp_err_reporting_init(void); typedef void (srtp_err_report_handler_func_t)(srtp_err_reporting_level_t level, const char * msg); srtp_err_status_t srtp_install_err_report_handler(srtp_err_report_handler_func_t func); /* * srtp_err_report reports a 'printf' formatted error * string, followed by a an arg list. The level argument * is one of srtp_err_reporting_level_t. * * Errors will be reported to stdout, if ERR_REPORTING_STDOUT * is defined. * */ void srtp_err_report(srtp_err_reporting_level_t level, const char *format, ...); /* * debug_module_t defines a debug module */ typedef struct { int on; /* 1 if debugging is on, 0 if it is off */ const char *name; /* printable name for debug module */ } srtp_debug_module_t; #ifdef ENABLE_DEBUG_LOGGING #define debug_print(mod, format, arg) \ srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg) #define debug_print2(mod, format, arg1, arg2) \ srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg1, arg2) #else #define debug_print(mod, format, arg) \ if (mod.on) srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg) #define debug_print2(mod, format, arg1, arg2) \ if (mod.on) srtp_err_report(srtp_err_level_debug, ("%s: " format "\n"), mod.name, arg1, arg2) #endif #ifdef __cplusplus } #endif #endif /* ERR_H */ libsrtp-2.1.0/crypto/include/hmac.h000066400000000000000000000035761312031100000172050ustar00rootroot00000000000000/* * hmac.h * * interface to hmac srtp_auth_type_t * * David A. McGrew * Cisco Systems, Inc. * */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef HMAC_H #define HMAC_H #include "auth.h" #include "sha1.h" typedef struct { uint8_t opad[64]; srtp_sha1_ctx_t ctx; srtp_sha1_ctx_t init_ctx; } srtp_hmac_ctx_t; #endif /* HMAC_H */ libsrtp-2.1.0/crypto/include/integers.h000066400000000000000000000110701312031100000201010ustar00rootroot00000000000000/* * integers.h * * defines integer types (or refers to their definitions) * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef INTEGERS_H #define INTEGERS_H /* use standard integer definitions, if they're available */ #ifdef HAVE_STDLIB_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_INT_TYPES_H # include /* this exists on Sun OS */ #endif #ifdef HAVE_MACHINE_TYPES_H # include #endif #ifdef __cplusplus extern "C" { #endif /* Can we do 64 bit integers? */ #if !defined(HAVE_UINT64_T) # if SIZEOF_UNSIGNED_LONG == 8 typedef unsigned long uint64_t; # elif SIZEOF_UNSIGNED_LONG_LONG == 8 typedef unsigned long long uint64_t; # else # define NO_64BIT_MATH 1 # endif #endif /* Reasonable defaults for 32 bit machines - you may need to * edit these definitions for your own machine. */ #ifndef HAVE_UINT8_T typedef unsigned char uint8_t; #endif #ifndef HAVE_UINT16_T typedef unsigned short int uint16_t; #endif #ifndef HAVE_UINT32_T typedef unsigned int uint32_t; #endif #ifndef HAVE_INT32_T typedef int int32_t; #endif #if defined(NO_64BIT_MATH) && defined(HAVE_CONFIG_H) typedef double uint64_t; /* assert that sizeof(double) == 8 */ extern uint64_t make64(uint32_t high, uint32_t low); extern uint32_t high32(uint64_t value); extern uint32_t low32(uint64_t value); #endif /* These macros are to load and store 32-bit values from un-aligned addresses. This is required for processors that do not allow unaligned loads. */ #ifdef ALIGNMENT_32BIT_REQUIRED /* Note that if it's in a variable, you can memcpy it */ #ifdef WORDS_BIGENDIAN #define PUT_32(addr,value) \ { \ ((unsigned char *) (addr))[0] = (value >> 24); \ ((unsigned char *) (addr))[1] = (value >> 16) & 0xff; \ ((unsigned char *) (addr))[2] = (value >> 8) & 0xff; \ ((unsigned char *) (addr))[3] = (value) & 0xff; \ } #define GET_32(addr) ((((unsigned char *) (addr))[0] << 24) | \ (((unsigned char *) (addr))[1] << 16) | \ (((unsigned char *) (addr))[2] << 8) | \ (((unsigned char *) (addr))[3])) #else #define PUT_32(addr,value) \ { \ ((unsigned char *) (addr))[3] = (value >> 24); \ ((unsigned char *) (addr))[2] = (value >> 16) & 0xff; \ ((unsigned char *) (addr))[1] = (value >> 8) & 0xff; \ ((unsigned char *) (addr))[0] = (value) & 0xff; \ } #define GET_32(addr) ((((unsigned char *) (addr))[3] << 24) | \ (((unsigned char *) (addr))[2] << 16) | \ (((unsigned char *) (addr))[1] << 8) | \ (((unsigned char *) (addr))[0])) #endif // WORDS_BIGENDIAN #else #define PUT_32(addr,value) *(((uint32_t *) (addr)) = (value) #define GET_32(addr) (*(((uint32_t *) (addr))) #endif #ifdef __cplusplus } #endif #endif /* INTEGERS_H */ libsrtp-2.1.0/crypto/include/key.h000066400000000000000000000051131312031100000170520ustar00rootroot00000000000000/* * key.h * * key usage limits enforcement * * David A. Mcgrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef KEY_H #define KEY_H #include "rdbx.h" /* for srtp_xtd_seq_num_t */ #include "err.h" #ifdef __cplusplus extern "C" { #endif typedef struct srtp_key_limit_ctx_t *srtp_key_limit_t; typedef enum { srtp_key_event_normal, srtp_key_event_soft_limit, srtp_key_event_hard_limit } srtp_key_event_t; srtp_err_status_t srtp_key_limit_set(srtp_key_limit_t key, const srtp_xtd_seq_num_t s); srtp_err_status_t srtp_key_limit_clone(srtp_key_limit_t original, srtp_key_limit_t *new_key); srtp_err_status_t srtp_key_limit_check(const srtp_key_limit_t key); srtp_key_event_t srtp_key_limit_update(srtp_key_limit_t key); typedef enum { srtp_key_state_normal, srtp_key_state_past_soft_limit, srtp_key_state_expired } srtp_key_state_t; typedef struct srtp_key_limit_ctx_t { srtp_xtd_seq_num_t num_left; srtp_key_state_t state; } srtp_key_limit_ctx_t; #ifdef __cplusplus } #endif #endif /* KEY_H */ libsrtp-2.1.0/crypto/include/null_auth.h000066400000000000000000000043561312031100000202650ustar00rootroot00000000000000/* * null-auth.h * * David A. McGrew * Cisco Systems, Inc. * */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef NULL_AUTH_H #define NULL_AUTH_H #include "auth.h" #ifdef __cplusplus extern "C" { #endif typedef struct { char foo; } srtp_null_auth_ctx_t; #if 0 srtp_err_status_t srtp_null_auth_alloc(srtp_auth_t **a, int key_len, int out_len); srtp_err_status_t srtp_null_auth_dealloc(srtp_auth_t *a); srtp_err_status_t srtp_null_auth_init(srtp_null_auth_ctx_t *state, const uint8_t *key, int key_len); srtp_err_status_t srtp_null_auth_compute(srtp_null_auth_ctx_t *state, uint8_t *message, int msg_octets, int tag_len, uint8_t *result); #endif #ifdef __cplusplus } #endif #endif /* NULL_AUTH_H */ libsrtp-2.1.0/crypto/include/null_cipher.h000066400000000000000000000035751312031100000206000ustar00rootroot00000000000000/* * null-cipher.h * * header file for the null cipher * * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef NULL_CIPHER_H #define NULL_CIPHER_H #include "datatypes.h" #include "cipher.h" typedef struct { char foo; /* empty, for now */ } srtp_null_cipher_ctx_t; #endif /* NULL_CIPHER_H */ libsrtp-2.1.0/crypto/include/rdb.h000066400000000000000000000071041312031100000170330ustar00rootroot00000000000000/* * replay-database.h * * interface for a replay database for packet security * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef REPLAY_DB_H #define REPLAY_DB_H #include "integers.h" /* for uint32_t */ #include "datatypes.h" /* for v128_t */ #include "err.h" /* for srtp_err_status_t */ #ifdef __cplusplus extern "C" { #endif /* * if the ith least significant bit is one, then the packet index * window_end-i is in the database */ typedef struct { uint32_t window_start; /* packet index of the first bit in bitmask */ v128_t bitmask; } srtp_rdb_t; #define rdb_bits_in_bitmask (8 * sizeof(v128_t)) /* * srtp_rdb_init * * initalizes rdb * * returns srtp_err_status_ok on success, srtp_err_status_t_fail otherwise */ srtp_err_status_t srtp_rdb_init(srtp_rdb_t *rdb); /* * srtp_rdb_check * * checks to see if index appears in rdb * * returns srtp_err_status_fail if the index already appears in rdb, * returns srtp_err_status_ok otherwise */ srtp_err_status_t srtp_rdb_check(const srtp_rdb_t *rdb, uint32_t rdb_index); /* * srtp_rdb_add_index * * adds index to srtp_rdb_t (and does *not* check if index appears in db) * * returns srtp_err_status_ok on success, srtp_err_status_fail otherwise * */ srtp_err_status_t srtp_rdb_add_index(srtp_rdb_t *rdb, uint32_t rdb_index); /* * the functions srtp_rdb_increment() and srtp_rdb_get_value() are for use by * senders, not receivers - DO NOT use these functions on the same * srtp_rdb_t upon which srtp_rdb_add_index is used! */ /* * srtp_rdb_increment(db) increments the sequence number in db, if it is * not too high * * return values: * * srtp_err_status_ok no problem * srtp_err_status_key_expired sequence number too high * */ srtp_err_status_t srtp_rdb_increment(srtp_rdb_t *rdb); /* * srtp_rdb_get_value(db) returns the current sequence number of db */ uint32_t srtp_rdb_get_value(const srtp_rdb_t *rdb); #ifdef __cplusplus } #endif #endif /* REPLAY_DB_H */ libsrtp-2.1.0/crypto/include/rdbx.h000066400000000000000000000150111312031100000172170ustar00rootroot00000000000000/* * rdbx.h * * replay database with extended packet indices, using a rollover counter * * David A. McGrew * Cisco Systems, Inc. * */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef RDBX_H #define RDBX_H #include "datatypes.h" #include "err.h" #ifdef __cplusplus extern "C" { #endif /* #define ROC_TEST */ #ifndef ROC_TEST typedef uint16_t srtp_sequence_number_t; /* 16 bit sequence number */ typedef uint32_t srtp_rollover_counter_t; /* 32 bit rollover counter */ #else /* use small seq_num and roc datatypes for testing purposes */ typedef unsigned char srtp_sequence_number_t; /* 8 bit sequence number */ typedef uint16_t srtp_rollover_counter_t; /* 16 bit rollover counter */ #endif #define seq_num_median (1 << (8 * sizeof(srtp_sequence_number_t) - 1)) #define seq_num_max (1 << (8 * sizeof(srtp_sequence_number_t))) /* * An rtp_xtd_seq_num_t is a 64-bit unsigned integer used as an 'extended' * sequence number. */ typedef uint64_t srtp_xtd_seq_num_t; /* * An srtp_rdbx_t is a replay database with extended range; it uses an * xtd_seq_num_t and a bitmask of recently received indices. */ typedef struct { srtp_xtd_seq_num_t index; bitvector_t bitmask; } srtp_rdbx_t; /* * srtp_rdbx_init(rdbx_ptr, ws) * * initializes the rdbx pointed to by its argument with the window size ws, * setting the rollover counter and sequence number to zero */ srtp_err_status_t srtp_rdbx_init(srtp_rdbx_t *rdbx, unsigned long ws); /* * srtp_rdbx_dealloc(rdbx_ptr) * * frees memory associated with the rdbx */ srtp_err_status_t srtp_rdbx_dealloc(srtp_rdbx_t *rdbx); /* * srtp_rdbx_estimate_index(rdbx, guess, s) * * given an rdbx and a sequence number s (from a newly arrived packet), * sets the contents of *guess to contain the best guess of the packet * index to which s corresponds, and returns the difference between * *guess and the locally stored synch info */ int32_t srtp_rdbx_estimate_index(const srtp_rdbx_t *rdbx, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s); /* * srtp_rdbx_check(rdbx, delta); * * srtp_rdbx_check(&r, delta) checks to see if the xtd_seq_num_t * which is at rdbx->window_start + delta is in the rdb * */ srtp_err_status_t srtp_rdbx_check(const srtp_rdbx_t *rdbx, int difference); /* * srtp_replay_add_index(rdbx, delta) * * adds the srtp_xtd_seq_num_t at rdbx->window_start + delta to replay_db * (and does *not* check if that xtd_seq_num_t appears in db) * * this function should be called *only* after replay_check has * indicated that the index does not appear in the rdbx, and a mutex * should protect the rdbx between these calls if necessary. */ srtp_err_status_t srtp_rdbx_add_index(srtp_rdbx_t *rdbx, int delta); /* * srtp_rdbx_set_roc(rdbx, roc) initalizes the srtp_rdbx_t at the location rdbx * to have the rollover counter value roc. If that value is less than * the current rollover counter value, then the function returns * srtp_err_status_replay_old; otherwise, srtp_err_status_ok is returned. * */ srtp_err_status_t srtp_rdbx_set_roc(srtp_rdbx_t *rdbx, uint32_t roc); /* * srtp_rdbx_get_packet_index(rdbx) returns the value of the rollover counter for * the srtp_rdbx_t pointed to by rdbx * */ srtp_xtd_seq_num_t srtp_rdbx_get_packet_index(const srtp_rdbx_t *rdbx); /* * srtp_xtd_seq_num_t functions - these are *internal* functions of rdbx, and * shouldn't be used to manipulate rdbx internal values. use the rdbx * api instead! */ /* * srtp_rdbx_get_ws(rdbx_ptr) * * gets the window size which was used to initialize the rdbx */ unsigned long srtp_rdbx_get_window_size(const srtp_rdbx_t *rdbx); /* index_init(&pi) initializes a packet index pi (sets it to zero) */ void srtp_index_init(srtp_xtd_seq_num_t *pi); /* index_advance(&pi, s) advances a xtd_seq_num_t forward by s */ void srtp_index_advance(srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s); /* * srtp_index_guess(local, guess, s) * * given a srtp_xtd_seq_num_t local (which represents the highest * known-to-be-good index) and a sequence number s (from a newly * arrived packet), sets the contents of *guess to contain the best * guess of the packet index to which s corresponds, and returns the * difference between *guess and *local */ int32_t srtp_index_guess(const srtp_xtd_seq_num_t *local, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s); /* * srtp_rdbx_get_roc(rdbx) * * Get the current rollover counter * */ uint32_t srtp_rdbx_get_roc(const srtp_rdbx_t *rdbx); /* * srtp_rdbx_set_roc_seq(rdbx, roc, seq) initalizes the srtp_rdbx_t at the * location rdbx to have the rollover counter value roc and packet sequence * number seq. If the new rollover counter value is less than the current * rollover counter value, then the function returns * srtp_err_status_replay_old, otherwise, srtp_err_status_ok is returned. */ srtp_err_status_t srtp_rdbx_set_roc_seq (srtp_rdbx_t *rdbx, uint32_t roc, uint16_t seq); #ifdef __cplusplus } #endif #endif /* RDBX_H */ libsrtp-2.1.0/crypto/include/sha1.h000066400000000000000000000116541312031100000171250ustar00rootroot00000000000000/* * sha1.h * * interface to the Secure Hash Algorithm v.1 (SHA-1), specified in * FIPS 180-1 * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef SHA1_H #define SHA1_H #ifdef HAVE_CONFIG_H #include #endif #include "err.h" #ifdef OPENSSL #include #include #else #include "datatypes.h" #endif #ifdef __cplusplus extern "C" { #endif #ifdef OPENSSL /* * srtp_sha1_init(&ctx) initializes the SHA1 context ctx * * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg * into the SHA1 context * * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1 * context and writes the result to the 20 octets at output * * Return values are ignored on the EVP functions since all three * of these functions return void. * */ /* OpenSSL 1.1.0 made EVP_MD_CTX an opaque structure, which must be allocated using EVP_MD_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */ #if OPENSSL_VERSION_NUMBER < 0x10100000L typedef EVP_MD_CTX srtp_sha1_ctx_t; static inline void srtp_sha1_init (srtp_sha1_ctx_t *ctx) { EVP_MD_CTX_init(ctx); EVP_DigestInit(ctx, EVP_sha1()); } static inline void srtp_sha1_update (srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg) { EVP_DigestUpdate(ctx, M, octets_in_msg); } static inline void srtp_sha1_final (srtp_sha1_ctx_t *ctx, uint32_t *output) { unsigned int len = 0; EVP_DigestFinal(ctx, (unsigned char*)output, &len); EVP_MD_CTX_cleanup(ctx); } #else typedef EVP_MD_CTX* srtp_sha1_ctx_t; static inline void srtp_sha1_init (srtp_sha1_ctx_t *ctx) { *ctx = EVP_MD_CTX_new(); EVP_DigestInit(*ctx, EVP_sha1()); } static inline void srtp_sha1_update (srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg) { EVP_DigestUpdate(*ctx, M, octets_in_msg); } static inline void srtp_sha1_final (srtp_sha1_ctx_t *ctx, uint32_t *output) { unsigned int len = 0; EVP_DigestFinal(*ctx, (unsigned char*)output, &len); EVP_MD_CTX_free(*ctx); } #endif #else typedef struct { uint32_t H[5]; /* state vector */ uint32_t M[16]; /* message buffer */ int octets_in_buffer; /* octets of message in buffer */ uint32_t num_bits_in_msg; /* total number of bits in message */ } srtp_sha1_ctx_t; /* * srtp_sha1_init(&ctx) initializes the SHA1 context ctx * * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg * into the SHA1 context * * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1 * context and writes the result to the 20 octets at output * */ void srtp_sha1_init(srtp_sha1_ctx_t *ctx); void srtp_sha1_update(srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg); void srtp_sha1_final(srtp_sha1_ctx_t * ctx, uint32_t output[5]); /* * The srtp_sha1_core function is INTERNAL to SHA-1, but it is declared * here because it is also used by the cipher SEAL 3.0 in its key * setup algorithm. */ /* * srtp_sha1_core(M, H) computes the core sha1 compression function, where M is * the next part of the message and H is the intermediate state {H0, * H1, ...} * * this function does not do any of the padding required in the * complete sha1 function */ void srtp_sha1_core(const uint32_t M[16], uint32_t hash_value[5]); #endif /* else OPENSSL */ #ifdef __cplusplus } #endif #endif /* SHA1_H */ libsrtp-2.1.0/crypto/include/stat.h000066400000000000000000000041341312031100000172370ustar00rootroot00000000000000/* * stats.h * * interface to statistical test functions * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright(c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef STAT_H #define STAT_H #include "datatypes.h" /* for uint8_t */ #include "err.h" /* for srtp_err_status_t */ #ifdef __cplusplus extern "C" { #endif srtp_err_status_t stat_test_monobit(uint8_t *data); srtp_err_status_t stat_test_poker(uint8_t *data); srtp_err_status_t stat_test_runs(uint8_t *data); #ifdef __cplusplus } #endif #endif /* STAT_H */ libsrtp-2.1.0/crypto/kernel/000077500000000000000000000000001312031100000157465ustar00rootroot00000000000000libsrtp-2.1.0/crypto/kernel/alloc.c000066400000000000000000000055211312031100000172070ustar00rootroot00000000000000/* * alloc.c * * memory allocation and deallocation * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "alloc.h" #include "crypto_kernel.h" /* the debug module for memory allocation */ srtp_debug_module_t mod_alloc = { 0, /* debugging is off by default */ "alloc" /* printable name for module */ }; /* * Nota bene: the debugging statements for srtp_crypto_alloc() and * srtp_crypto_free() have identical prefixes, which include the addresses * of the memory locations on which they are operating. This fact can * be used to locate memory leaks, by turning on memory debugging, * grepping for 'alloc', then matching alloc and free calls by * address. */ #if defined(HAVE_STDLIB_H) void * srtp_crypto_alloc(size_t size) { void *ptr; ptr = malloc(size); if (ptr) { debug_print(mod_alloc, "(location: %p) allocated", ptr); } else { debug_print(mod_alloc, "allocation failed (asked for %d bytes)\n", size); } return ptr; } void srtp_crypto_free(void *ptr) { debug_print(mod_alloc, "(location: %p) freed", ptr); free(ptr); } #else /* we need to define our own memory allocation routines */ #error no memory allocation defined yet #endif libsrtp-2.1.0/crypto/kernel/crypto_kernel.c000066400000000000000000000417051312031100000210010ustar00rootroot00000000000000/* * crypto_kernel.c * * header for the cryptographic kernel * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright(c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "alloc.h" #include "crypto_kernel.h" /* the debug module for the crypto_kernel */ srtp_debug_module_t srtp_mod_crypto_kernel = { 0, /* debugging is off by default */ "crypto kernel" /* printable name for module */ }; /* * other generic debug modules that can be included in the kernel */ extern srtp_debug_module_t srtp_mod_auth; extern srtp_debug_module_t srtp_mod_cipher; extern srtp_debug_module_t mod_stat; extern srtp_debug_module_t mod_alloc; /* * cipher types that can be included in the kernel */ extern srtp_cipher_type_t srtp_null_cipher; extern srtp_cipher_type_t srtp_aes_icm_128; extern srtp_cipher_type_t srtp_aes_icm_256; #ifdef OPENSSL extern srtp_cipher_type_t srtp_aes_icm_192; extern srtp_cipher_type_t srtp_aes_gcm_128_openssl; extern srtp_cipher_type_t srtp_aes_gcm_256_openssl; #endif /* debug modules for cipher types */ extern srtp_debug_module_t srtp_mod_aes_icm; #ifdef OPENSSL extern srtp_debug_module_t srtp_mod_aes_gcm; #endif /* * auth func types that can be included in the kernel */ extern srtp_auth_type_t srtp_null_auth; extern srtp_auth_type_t srtp_hmac; /* debug modules for auth types */ extern srtp_debug_module_t srtp_mod_hmac; /* crypto_kernel is a global variable, the only one of its datatype */ srtp_crypto_kernel_t crypto_kernel = { srtp_crypto_kernel_state_insecure, /* start off in insecure state */ NULL, /* no cipher types yet */ NULL, /* no auth types yet */ NULL /* no debug modules yet */ }; #define MAX_RNG_TRIALS 25 srtp_err_status_t srtp_crypto_kernel_init () { srtp_err_status_t status; /* check the security state */ if (crypto_kernel.state == srtp_crypto_kernel_state_secure) { /* * we're already in the secure state, but we've been asked to * re-initialize, so we just re-run the self-tests and then return */ return srtp_crypto_kernel_status(); } /* initialize error reporting system */ status = srtp_err_reporting_init(); if (status) { return status; } /* load debug modules */ status = srtp_crypto_kernel_load_debug_module(&srtp_mod_crypto_kernel); if (status) { return status; } status = srtp_crypto_kernel_load_debug_module(&srtp_mod_auth); if (status) { return status; } status = srtp_crypto_kernel_load_debug_module(&srtp_mod_cipher); if (status) { return status; } status = srtp_crypto_kernel_load_debug_module(&mod_stat); if (status) { return status; } status = srtp_crypto_kernel_load_debug_module(&mod_alloc); if (status) { return status; } /* load cipher types */ status = srtp_crypto_kernel_load_cipher_type(&srtp_null_cipher, SRTP_NULL_CIPHER); if (status) { return status; } status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_128, SRTP_AES_ICM_128); if (status) { return status; } status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_256, SRTP_AES_ICM_256); if (status) { return status; } status = srtp_crypto_kernel_load_debug_module(&srtp_mod_aes_icm); if (status) { return status; } #ifdef OPENSSL status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_192, SRTP_AES_ICM_192); if (status) { return status; } status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_128_openssl, SRTP_AES_GCM_128); if (status) { return status; } status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_256_openssl, SRTP_AES_GCM_256); if (status) { return status; } status = srtp_crypto_kernel_load_debug_module(&srtp_mod_aes_gcm); if (status) { return status; } #endif /* load auth func types */ status = srtp_crypto_kernel_load_auth_type(&srtp_null_auth, SRTP_NULL_AUTH); if (status) { return status; } status = srtp_crypto_kernel_load_auth_type(&srtp_hmac, SRTP_HMAC_SHA1); if (status) { return status; } status = srtp_crypto_kernel_load_debug_module(&srtp_mod_hmac); if (status) { return status; } /* change state to secure */ crypto_kernel.state = srtp_crypto_kernel_state_secure; return srtp_err_status_ok; } srtp_err_status_t srtp_crypto_kernel_status () { srtp_err_status_t status; srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; srtp_kernel_auth_type_t *atype = crypto_kernel.auth_type_list; /* for each cipher type, describe and test */ while (ctype != NULL) { srtp_err_report(srtp_err_level_info, "cipher: %s\n", ctype->cipher_type->description); srtp_err_report(srtp_err_level_info, " self-test: "); status = srtp_cipher_type_self_test(ctype->cipher_type); if (status) { srtp_err_report(srtp_err_level_error, "failed with error code %d\n", status); exit(status); } srtp_err_report(srtp_err_level_info, "passed\n"); ctype = ctype->next; } /* for each auth type, describe and test */ while (atype != NULL) { srtp_err_report(srtp_err_level_info, "auth func: %s\n", atype->auth_type->description); srtp_err_report(srtp_err_level_info, " self-test: "); status = srtp_auth_type_self_test(atype->auth_type); if (status) { srtp_err_report(srtp_err_level_error, "failed with error code %d\n", status); exit(status); } srtp_err_report(srtp_err_level_info, "passed\n"); atype = atype->next; } srtp_crypto_kernel_list_debug_modules(); return srtp_err_status_ok; } srtp_err_status_t srtp_crypto_kernel_list_debug_modules () { srtp_kernel_debug_module_t *dm = crypto_kernel.debug_module_list; /* describe each debug module */ srtp_err_report(srtp_err_level_info, "debug modules loaded:\n"); while (dm != NULL) { srtp_err_report(srtp_err_level_info, " %s ", dm->mod->name); if (dm->mod->on) { srtp_err_report(srtp_err_level_info, "(on)\n"); } else{ srtp_err_report(srtp_err_level_info, "(off)\n"); } dm = dm->next; } return srtp_err_status_ok; } srtp_err_status_t srtp_crypto_kernel_shutdown () { /* * free dynamic memory used in crypto_kernel at present */ /* walk down cipher type list, freeing memory */ while (crypto_kernel.cipher_type_list != NULL) { srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; crypto_kernel.cipher_type_list = ctype->next; debug_print(srtp_mod_crypto_kernel, "freeing memory for cipher %s", ctype->cipher_type->description); srtp_crypto_free(ctype); } /* walk down authetication module list, freeing memory */ while (crypto_kernel.auth_type_list != NULL) { srtp_kernel_auth_type_t *atype = crypto_kernel.auth_type_list; crypto_kernel.auth_type_list = atype->next; debug_print(srtp_mod_crypto_kernel, "freeing memory for authentication %s", atype->auth_type->description); srtp_crypto_free(atype); } /* walk down debug module list, freeing memory */ while (crypto_kernel.debug_module_list != NULL) { srtp_kernel_debug_module_t *kdm = crypto_kernel.debug_module_list; crypto_kernel.debug_module_list = kdm->next; debug_print(srtp_mod_crypto_kernel, "freeing memory for debug module %s", kdm->mod->name); srtp_crypto_free(kdm); } /* return to insecure state */ crypto_kernel.state = srtp_crypto_kernel_state_insecure; return srtp_err_status_ok; } static inline srtp_err_status_t srtp_crypto_kernel_do_load_cipher_type (const srtp_cipher_type_t *new_ct, srtp_cipher_type_id_t id, int replace) { srtp_kernel_cipher_type_t *ctype, *new_ctype; srtp_err_status_t status; /* defensive coding */ if (new_ct == NULL) { return srtp_err_status_bad_param; } if (new_ct->id != id) { return srtp_err_status_bad_param; } /* check cipher type by running self-test */ status = srtp_cipher_type_self_test(new_ct); if (status) { return status; } /* walk down list, checking if this type is in the list already */ ctype = crypto_kernel.cipher_type_list; while (ctype != NULL) { if (id == ctype->id) { if (!replace) { return srtp_err_status_bad_param; } status = srtp_cipher_type_test(new_ct, ctype->cipher_type->test_data); if (status) { return status; } new_ctype = ctype; break; }else if (new_ct == ctype->cipher_type) { return srtp_err_status_bad_param; } ctype = ctype->next; } /* if not found, put new_ct at the head of the list */ if (ctype == NULL) { /* allocate memory */ new_ctype = (srtp_kernel_cipher_type_t*)srtp_crypto_alloc(sizeof(srtp_kernel_cipher_type_t)); if (new_ctype == NULL) { return srtp_err_status_alloc_fail; } new_ctype->next = crypto_kernel.cipher_type_list; /* set head of list to new cipher type */ crypto_kernel.cipher_type_list = new_ctype; } /* set fields */ new_ctype->cipher_type = new_ct; new_ctype->id = id; return srtp_err_status_ok; } srtp_err_status_t srtp_crypto_kernel_load_cipher_type (const srtp_cipher_type_t *new_ct, srtp_cipher_type_id_t id) { return srtp_crypto_kernel_do_load_cipher_type(new_ct, id, 0); } srtp_err_status_t srtp_replace_cipher_type (const srtp_cipher_type_t *new_ct, srtp_cipher_type_id_t id) { return srtp_crypto_kernel_do_load_cipher_type(new_ct, id, 1); } srtp_err_status_t srtp_crypto_kernel_do_load_auth_type (const srtp_auth_type_t *new_at, srtp_auth_type_id_t id, int replace) { srtp_kernel_auth_type_t *atype, *new_atype; srtp_err_status_t status; /* defensive coding */ if (new_at == NULL) { return srtp_err_status_bad_param; } if (new_at->id != id) { return srtp_err_status_bad_param; } /* check auth type by running self-test */ status = srtp_auth_type_self_test(new_at); if (status) { return status; } /* walk down list, checking if this type is in the list already */ atype = crypto_kernel.auth_type_list; while (atype != NULL) { if (id == atype->id) { if (!replace) { return srtp_err_status_bad_param; } status = srtp_auth_type_test(new_at, atype->auth_type->test_data); if (status) { return status; } new_atype = atype; break; }else if (new_at == atype->auth_type) { return srtp_err_status_bad_param; } atype = atype->next; } /* if not found, put new_at at the head of the list */ if (atype == NULL) { /* allocate memory */ new_atype = (srtp_kernel_auth_type_t*)srtp_crypto_alloc(sizeof(srtp_kernel_auth_type_t)); if (new_atype == NULL) { return srtp_err_status_alloc_fail; } new_atype->next = crypto_kernel.auth_type_list; /* set head of list to new auth type */ crypto_kernel.auth_type_list = new_atype; } /* set fields */ new_atype->auth_type = new_at; new_atype->id = id; return srtp_err_status_ok; } srtp_err_status_t srtp_crypto_kernel_load_auth_type (const srtp_auth_type_t *new_at, srtp_auth_type_id_t id) { return srtp_crypto_kernel_do_load_auth_type(new_at, id, 0); } srtp_err_status_t srtp_replace_auth_type (const srtp_auth_type_t *new_at, srtp_auth_type_id_t id) { return srtp_crypto_kernel_do_load_auth_type(new_at, id, 1); } const srtp_cipher_type_t * srtp_crypto_kernel_get_cipher_type (srtp_cipher_type_id_t id) { srtp_kernel_cipher_type_t *ctype; /* walk down list, looking for id */ ctype = crypto_kernel.cipher_type_list; while (ctype != NULL) { if (id == ctype->id) { return ctype->cipher_type; } ctype = ctype->next; } /* haven't found the right one, indicate failure by returning NULL */ return NULL; } srtp_err_status_t srtp_crypto_kernel_alloc_cipher (srtp_cipher_type_id_t id, srtp_cipher_pointer_t *cp, int key_len, int tag_len) { const srtp_cipher_type_t *ct; /* * if the crypto_kernel is not yet initialized, we refuse to allocate * any ciphers - this is a bit extra-paranoid */ if (crypto_kernel.state != srtp_crypto_kernel_state_secure) { return srtp_err_status_init_fail; } ct = srtp_crypto_kernel_get_cipher_type(id); if (!ct) { return srtp_err_status_fail; } return ((ct)->alloc(cp, key_len, tag_len)); } const srtp_auth_type_t * srtp_crypto_kernel_get_auth_type (srtp_auth_type_id_t id) { srtp_kernel_auth_type_t *atype; /* walk down list, looking for id */ atype = crypto_kernel.auth_type_list; while (atype != NULL) { if (id == atype->id) { return atype->auth_type; } atype = atype->next; } /* haven't found the right one, indicate failure by returning NULL */ return NULL; } srtp_err_status_t srtp_crypto_kernel_alloc_auth (srtp_auth_type_id_t id, srtp_auth_pointer_t *ap, int key_len, int tag_len) { const srtp_auth_type_t *at; /* * if the crypto_kernel is not yet initialized, we refuse to allocate * any auth functions - this is a bit extra-paranoid */ if (crypto_kernel.state != srtp_crypto_kernel_state_secure) { return srtp_err_status_init_fail; } at = srtp_crypto_kernel_get_auth_type(id); if (!at) { return srtp_err_status_fail; } return ((at)->alloc(ap, key_len, tag_len)); } srtp_err_status_t srtp_crypto_kernel_load_debug_module (srtp_debug_module_t *new_dm) { srtp_kernel_debug_module_t *kdm, *new; /* defensive coding */ if (new_dm == NULL) { return srtp_err_status_bad_param; } /* walk down list, checking if this type is in the list already */ kdm = crypto_kernel.debug_module_list; while (kdm != NULL) { if (strncmp(new_dm->name, kdm->mod->name, 64) == 0) { return srtp_err_status_bad_param; } kdm = kdm->next; } /* put new_dm at the head of the list */ /* allocate memory */ new = (srtp_kernel_debug_module_t*)srtp_crypto_alloc(sizeof(srtp_kernel_debug_module_t)); if (new == NULL) { return srtp_err_status_alloc_fail; } /* set fields */ new->mod = new_dm; new->next = crypto_kernel.debug_module_list; /* set head of list to new cipher type */ crypto_kernel.debug_module_list = new; return srtp_err_status_ok; } srtp_err_status_t srtp_crypto_kernel_set_debug_module (const char *name, int on) { srtp_kernel_debug_module_t *kdm; /* walk down list, checking if this type is in the list already */ kdm = crypto_kernel.debug_module_list; while (kdm != NULL) { if (strncmp(name, kdm->mod->name, 64) == 0) { kdm->mod->on = on; return srtp_err_status_ok; } kdm = kdm->next; } return srtp_err_status_fail; } libsrtp-2.1.0/crypto/kernel/err.c000066400000000000000000000065651312031100000167160ustar00rootroot00000000000000/* * err.c * * error status reporting functions * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright(c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "err.h" #include "datatypes.h" #include /* srtp_err_file is the FILE to which errors are reported */ static FILE *srtp_err_file = NULL; srtp_err_status_t srtp_err_reporting_init () { #ifdef ERR_REPORTING_STDOUT srtp_err_file = stdout; #elif defined(ERR_REPORTING_FILE) /* open file for error reporting */ srtp_err_file = fopen(ERR_REPORTING_FILE, "w"); if (srtp_err_file == NULL) { return srtp_err_status_init_fail; } #endif return srtp_err_status_ok; } static srtp_err_report_handler_func_t * srtp_err_report_handler = NULL; srtp_err_status_t srtp_install_err_report_handler(srtp_err_report_handler_func_t func) { srtp_err_report_handler = func; return srtp_err_status_ok; } void srtp_err_report (srtp_err_reporting_level_t level, const char *format, ...) { va_list args; if (srtp_err_file != NULL) { va_start(args, format); vfprintf(srtp_err_file, format, args); va_end(args); } if (srtp_err_report_handler != NULL) { va_start(args, format); char msg[512]; if (vsnprintf(msg, sizeof(msg), format, args) > 0) { /* strip trailing \n, callback should not have one */ size_t l = strlen(msg); if (l && msg[l-1] == '\n') { msg[l-1] = '\0'; } srtp_err_report_handler(level, msg); /* * NOTE, need to be carefull, there is a potential that octet_string_set_to_zero() could * call srtp_err_report() in the future, leading to recursion */ octet_string_set_to_zero(msg, sizeof(msg)); } va_end(args); } } libsrtp-2.1.0/crypto/kernel/key.c000066400000000000000000000072461312031100000167130ustar00rootroot00000000000000/* * key.c * * key usage limits enforcement * * David A. Mcgrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "key.h" #define soft_limit 0x10000 srtp_err_status_t srtp_key_limit_set (srtp_key_limit_t key, const srtp_xtd_seq_num_t s) { #ifdef NO_64BIT_MATH if (high32(s) == 0 && low32(s) < soft_limit) { return srtp_err_status_bad_param; } #else if (s < soft_limit) { return srtp_err_status_bad_param; } #endif key->num_left = s; key->state = srtp_key_state_normal; return srtp_err_status_ok; } srtp_err_status_t srtp_key_limit_clone (srtp_key_limit_t original, srtp_key_limit_t *new_key) { if (original == NULL) { return srtp_err_status_bad_param; } *new_key = original; return srtp_err_status_ok; } srtp_err_status_t srtp_key_limit_check (const srtp_key_limit_t key) { if (key->state == srtp_key_state_expired) { return srtp_err_status_key_expired; } return srtp_err_status_ok; } srtp_key_event_t srtp_key_limit_update (srtp_key_limit_t key) { #ifdef NO_64BIT_MATH if (low32(key->num_left) == 0) { // carry key->num_left = make64(high32(key->num_left) - 1, low32(key->num_left) - 1); }else { // no carry key->num_left = make64(high32(key->num_left), low32(key->num_left) - 1); } if (high32(key->num_left) != 0 || low32(key->num_left) >= soft_limit) { return srtp_key_event_normal; /* we're above the soft limit */ } #else key->num_left--; if (key->num_left >= soft_limit) { return srtp_key_event_normal; /* we're above the soft limit */ } #endif if (key->state == srtp_key_state_normal) { /* we just passed the soft limit, so change the state */ key->state = srtp_key_state_past_soft_limit; } #ifdef NO_64BIT_MATH if (low32(key->num_left) == 0 && high32(key->num_left == 0)) #else if (key->num_left < 1) #endif { /* we just hit the hard limit */ key->state = srtp_key_state_expired; return srtp_key_event_hard_limit; } return srtp_key_event_soft_limit; } libsrtp-2.1.0/crypto/math/000077500000000000000000000000001312031100000154175ustar00rootroot00000000000000libsrtp-2.1.0/crypto/math/datatypes.c000066400000000000000000000262751312031100000175750ustar00rootroot00000000000000/* * datatypes.c * * data types for finite fields and functions for input, output, and * manipulation * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #ifdef OPENSSL #include #endif #include "datatypes.h" int octet_weight[256] = { 0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4, 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, 4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8 }; int octet_get_weight(uint8_t octet) { extern int octet_weight[256]; return octet_weight[octet]; } /* * bit_string is a buffer that is used to hold output strings, e.g. * for printing. */ /* the value MAX_PRINT_STRING_LEN is defined in datatypes.h */ char bit_string[MAX_PRINT_STRING_LEN]; uint8_t srtp_nibble_to_hex_char(uint8_t nibble) { char buf[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; return buf[nibble & 0xF]; } char * srtp_octet_string_hex_string(const void *s, int length) { const uint8_t *str = (const uint8_t *)s; int i; /* double length, since one octet takes two hex characters */ length *= 2; /* truncate string if it would be too long */ if (length > MAX_PRINT_STRING_LEN) length = MAX_PRINT_STRING_LEN-2; for (i=0; i < length; i+=2) { bit_string[i] = srtp_nibble_to_hex_char(*str >> 4); bit_string[i+1] = srtp_nibble_to_hex_char(*str++ & 0xF); } bit_string[i] = 0; /* null terminate string */ return bit_string; } char * v128_hex_string(v128_t *x) { int i, j; for (i=j=0; i < 16; i++) { bit_string[j++] = srtp_nibble_to_hex_char(x->v8[i] >> 4); bit_string[j++] = srtp_nibble_to_hex_char(x->v8[i] & 0xF); } bit_string[j] = 0; /* null terminate string */ return bit_string; } char * v128_bit_string(v128_t *x) { int j, i; uint32_t mask; for (j=i=0; j < 4; j++) { for (mask=0x80000000; mask > 0; mask >>= 1) { if (x->v32[j] & mask) bit_string[i] = '1'; else bit_string[i] = '0'; ++i; } } bit_string[128] = 0; /* null terminate string */ return bit_string; } void v128_copy_octet_string(v128_t *x, const uint8_t s[16]) { #ifdef ALIGNMENT_32BIT_REQUIRED if ((((uint32_t) &s[0]) & 0x3) != 0) #endif { x->v8[0] = s[0]; x->v8[1] = s[1]; x->v8[2] = s[2]; x->v8[3] = s[3]; x->v8[4] = s[4]; x->v8[5] = s[5]; x->v8[6] = s[6]; x->v8[7] = s[7]; x->v8[8] = s[8]; x->v8[9] = s[9]; x->v8[10] = s[10]; x->v8[11] = s[11]; x->v8[12] = s[12]; x->v8[13] = s[13]; x->v8[14] = s[14]; x->v8[15] = s[15]; } #ifdef ALIGNMENT_32BIT_REQUIRED else { v128_t *v = (v128_t *) &s[0]; v128_copy(x,v); } #endif } #ifndef DATATYPES_USE_MACROS /* little functions are not macros */ void v128_set_to_zero(v128_t *x) { _v128_set_to_zero(x); } void v128_copy(v128_t *x, const v128_t *y) { _v128_copy(x, y); } void v128_xor(v128_t *z, v128_t *x, v128_t *y) { _v128_xor(z, x, y); } void v128_and(v128_t *z, v128_t *x, v128_t *y) { _v128_and(z, x, y); } void v128_or(v128_t *z, v128_t *x, v128_t *y) { _v128_or(z, x, y); } void v128_complement(v128_t *x) { _v128_complement(x); } int v128_is_eq(const v128_t *x, const v128_t *y) { return _v128_is_eq(x, y); } int v128_xor_eq(v128_t *x, const v128_t *y) { return _v128_xor_eq(x, y); } int v128_get_bit(const v128_t *x, int i) { return _v128_get_bit(x, i); } void v128_set_bit(v128_t *x, int i) { _v128_set_bit(x, i); } void v128_clear_bit(v128_t *x, int i){ _v128_clear_bit(x, i); } void v128_set_bit_to(v128_t *x, int i, int y){ _v128_set_bit_to(x, i, y); } #endif /* DATATYPES_USE_MACROS */ void v128_right_shift(v128_t *x, int shift) { const int base_index = shift >> 5; const int bit_index = shift & 31; int i, from; uint32_t b; if (shift > 127) { v128_set_to_zero(x); return; } if (bit_index == 0) { /* copy each word from left size to right side */ x->v32[4-1] = x->v32[4-1-base_index]; for (i=4-1; i > base_index; i--) x->v32[i-1] = x->v32[i-1-base_index]; } else { /* set each word to the "or" of the two bit-shifted words */ for (i = 4; i > base_index; i--) { from = i-1 - base_index; b = x->v32[from] << bit_index; if (from > 0) b |= x->v32[from-1] >> (32-bit_index); x->v32[i-1] = b; } } /* now wrap up the final portion */ for (i=0; i < base_index; i++) x->v32[i] = 0; } void v128_left_shift(v128_t *x, int shift) { int i; const int base_index = shift >> 5; const int bit_index = shift & 31; if (shift > 127) { v128_set_to_zero(x); return; } if (bit_index == 0) { for (i=0; i < 4 - base_index; i++) x->v32[i] = x->v32[i+base_index]; } else { for (i=0; i < 4 - base_index - 1; i++) x->v32[i] = (x->v32[i+base_index] >> bit_index) ^ (x->v32[i+base_index+1] << (32 - bit_index)); x->v32[4 - base_index-1] = x->v32[4-1] >> bit_index; } /* now wrap up the final portion */ for (i = 4 - base_index; i < 4; i++) x->v32[i] = 0; } /* functions manipulating bitvector_t */ #ifndef DATATYPES_USE_MACROS /* little functions are not macros */ int bitvector_get_bit(const bitvector_t *v, int bit_index) { return _bitvector_get_bit(v, bit_index); } void bitvector_set_bit(bitvector_t *v, int bit_index) { _bitvector_set_bit(v, bit_index); } void bitvector_clear_bit(bitvector_t *v, int bit_index) { _bitvector_clear_bit(v, bit_index); } #endif /* DATATYPES_USE_MACROS */ int bitvector_alloc(bitvector_t *v, unsigned long length) { unsigned long l; /* Round length up to a multiple of bits_per_word */ length = (length + bits_per_word - 1) & ~(unsigned long)((bits_per_word - 1)); l = length / bits_per_word * bytes_per_word; /* allocate memory, then set parameters */ if (l == 0) v->word = NULL; else { v->word = (uint32_t*)srtp_crypto_alloc(l); if (v->word == NULL) { v->word = NULL; v->length = 0; return -1; } } v->length = length; /* initialize bitvector to zero */ bitvector_set_to_zero(v); return 0; } void bitvector_dealloc(bitvector_t *v) { if (v->word != NULL) srtp_crypto_free(v->word); v->word = NULL; v->length = 0; } void bitvector_set_to_zero(bitvector_t *x) { /* C99 guarantees that memset(0) will set the value 0 for uint32_t */ memset(x->word, 0, x->length >> 3); } char * bitvector_bit_string(bitvector_t *x, char* buf, int len) { int j, i; uint32_t mask; for (j=i=0; j < (int)(x->length>>5) && i < len-1; j++) { for (mask=0x80000000; mask > 0; mask >>= 1) { if (x->word[j] & mask) buf[i] = '1'; else buf[i] = '0'; ++i; if (i >= len-1) break; } } buf[i] = 0; /* null terminate string */ return buf; } void bitvector_left_shift(bitvector_t *x, int shift) { int i; const int base_index = shift >> 5; const int bit_index = shift & 31; const int word_length = x->length >> 5; if (shift >= (int)x->length) { bitvector_set_to_zero(x); return; } if (bit_index == 0) { for (i=0; i < word_length - base_index; i++) x->word[i] = x->word[i+base_index]; } else { for (i=0; i < word_length - base_index - 1; i++) x->word[i] = (x->word[i+base_index] >> bit_index) ^ (x->word[i+base_index+1] << (32 - bit_index)); x->word[word_length - base_index-1] = x->word[word_length-1] >> bit_index; } /* now wrap up the final portion */ for (i = word_length - base_index; i < word_length; i++) x->word[i] = 0; } int octet_string_is_eq(uint8_t *a, uint8_t *b, int len) { uint8_t *end = b + len; uint8_t accumulator = 0; /* * We use this somewhat obscure implementation to try to ensure the running * time only depends on len, even accounting for compiler optimizations. * The accumulator ends up zero iff the strings are equal. */ while (b < end) accumulator |= (*a++ ^ *b++); /* Return 1 if *not* equal. */ return accumulator != 0; } void srtp_cleanse(void *s, size_t len) { volatile unsigned char *p = (volatile unsigned char *)s; while(len--) *p++ = 0; } void octet_string_set_to_zero(void *s, size_t len) { #ifdef OPENSSL OPENSSL_cleanse(s, len); #else srtp_cleanse(s, len); #endif } #ifdef TESTAPP_SOURCE static const char b64chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz0123456789+/"; static int base64_block_to_octet_triple(char *out, char *in) { unsigned char sextets[4] = {0}; int j = 0; int i; for (i = 0; i < 4; i++) { char *p = strchr(b64chars, in[i]); if (p != NULL) sextets[i] = p - b64chars; else j++; } out[0] = (sextets[0]<<2)|(sextets[1]>>4); if (j < 2) out[1] = (sextets[1]<<4)|(sextets[2]>>2); if (j < 1) out[2] = (sextets[2]<<6)|sextets[3]; return j; } int base64_string_to_octet_string(char *out, int *pad, char *in, int len) { int k = 0; int i = 0; int j = 0; if (len % 4 != 0) return 0; while (i < len && j == 0) { j = base64_block_to_octet_triple(out + k, in + i); k += 3; i += 4; } *pad = j; return i; } #endif libsrtp-2.1.0/crypto/math/stat.c000066400000000000000000000136421312031100000165440ustar00rootroot00000000000000/* * stats.c * * statistical tests * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "stat.h" srtp_debug_module_t mod_stat = { 0, /* debugging is off by default */ (char *)"stat test" /* printable module name */ }; /* * each test assumes that 20,000 bits (2500 octets) of data is * provided as input */ #define STAT_TEST_DATA_LEN 2500 srtp_err_status_t stat_test_monobit(uint8_t *data) { uint8_t *data_end = data + STAT_TEST_DATA_LEN; uint16_t ones_count; ones_count = 0; while (data < data_end) { ones_count += octet_get_weight(*data); data++; } debug_print(mod_stat, "bit count: %d", ones_count); if ((ones_count < 9725) || (ones_count > 10275)) return srtp_err_status_algo_fail; return srtp_err_status_ok; } srtp_err_status_t stat_test_poker(uint8_t *data) { int i; uint8_t *data_end = data + STAT_TEST_DATA_LEN; double poker; uint16_t f[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; while (data < data_end) { f[*data & 0x0f]++; /* increment freq. count for low nibble */ f[(*data) >> 4]++; /* increment freq. count for high nibble */ data++; } poker = 0.0; for (i=0; i < 16; i++) poker += (double) f[i] * f[i]; poker *= (16.0 / 5000.0); poker -= 5000.0; debug_print(mod_stat, "poker test: %f\n", poker); if ((poker < 2.16) || (poker > 46.17)) return srtp_err_status_algo_fail; return srtp_err_status_ok; } /* * runs[i] holds the number of runs of size (i-1) */ srtp_err_status_t stat_test_runs(uint8_t *data) { uint8_t *data_end = data + STAT_TEST_DATA_LEN; uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 }; uint16_t gaps[6] = { 0, 0, 0, 0, 0, 0 }; uint16_t lo_value[6] = { 2315, 1114, 527, 240, 103, 103 }; uint16_t hi_value[6] = { 2685, 1386, 723, 384, 209, 209 }; int state = 0; uint16_t mask; int i; /* * the state variable holds the number of bits in the * current run (or gap, if negative) */ while (data < data_end) { /* loop over the bits of this byte */ for (mask = 1; mask < 256; mask <<= 1) { if (*data & mask) { /* next bit is a one */ if (state > 0) { /* prefix is a run, so increment the run-count */ state++; /* check for long runs */ if (state > 25) { debug_print(mod_stat, ">25 runs: %d", state); return srtp_err_status_algo_fail; } } else if (state < 0) { /* prefix is a gap */ if (state < -25) { debug_print(mod_stat, ">25 gaps: %d", state); return srtp_err_status_algo_fail; /* long-runs test failed */ } if (state < -6) { state = -6; /* group together gaps > 5 */ } gaps[-1-state]++; /* increment gap count */ state = 1; /* set state at one set bit */ } else { /* state is zero; this happens only at initialization */ state = 1; } } else { /* next bit is a zero */ if (state > 0) { /* prefix is a run */ if (state > 25) { debug_print(mod_stat, ">25 runs (2): %d", state); return srtp_err_status_algo_fail; /* long-runs test failed */ } if (state > 6) { state = 6; /* group together runs > 5 */ } runs[state-1]++; /* increment run count */ state = -1; /* set state at one zero bit */ } else if (state < 0) { /* prefix is a gap, so increment gap-count (decrement state) */ state--; /* check for long gaps */ if (state < -25) { debug_print(mod_stat, ">25 gaps (2): %d", state); return srtp_err_status_algo_fail; } } else { /* state is zero; this happens only at initialization */ state = -1; } } } /* move along to next octet */ data++; } if (mod_stat.on) { debug_print(mod_stat, "runs test", NULL); for (i=0; i < 6; i++) debug_print(mod_stat, " runs[]: %d", runs[i]); for (i=0; i < 6; i++) debug_print(mod_stat, " gaps[]: %d", gaps[i]); } /* check run and gap counts against the fixed limits */ for (i=0; i < 6; i++) if ( (runs[i] < lo_value[i] ) || (runs[i] > hi_value[i]) || (gaps[i] < lo_value[i] ) || (gaps[i] > hi_value[i])) return srtp_err_status_algo_fail; return srtp_err_status_ok; } libsrtp-2.1.0/crypto/replay/000077500000000000000000000000001312031100000157625ustar00rootroot00000000000000libsrtp-2.1.0/crypto/replay/rdb.c000066400000000000000000000101661312031100000167010ustar00rootroot00000000000000/* * rdb.c * * Implements a replay database for packet security * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "rdb.h" /* * this implementation of a replay database works as follows: * * window_start is the index of the first packet in the window * bitmask a bit-buffer, containing the most recently entered * index as the leftmost bit * */ /* srtp_rdb_init initalizes rdb */ srtp_err_status_t srtp_rdb_init (srtp_rdb_t *rdb) { v128_set_to_zero(&rdb->bitmask); rdb->window_start = 0; return srtp_err_status_ok; } /* * srtp_rdb_check checks to see if index appears in rdb */ srtp_err_status_t srtp_rdb_check (const srtp_rdb_t *rdb, uint32_t p_index) { /* if the index appears after (or at very end of) the window, its good */ if (p_index >= rdb->window_start + rdb_bits_in_bitmask) { return srtp_err_status_ok; } /* if the index appears before the window, its bad */ if (p_index < rdb->window_start) { return srtp_err_status_replay_old; } /* otherwise, the index appears within the window, so check the bitmask */ if (v128_get_bit(&rdb->bitmask, (p_index - rdb->window_start)) == 1) { return srtp_err_status_replay_fail; } /* otherwise, the index is okay */ return srtp_err_status_ok; } /* * srtp_rdb_add_index adds index to srtp_rdb_t (and does *not* check if * index appears in db) * * this function should be called only after srtp_rdb_check has * indicated that the index does not appear in the rdb, e.g., a mutex * should protect the rdb between these calls */ srtp_err_status_t srtp_rdb_add_index (srtp_rdb_t *rdb, uint32_t p_index) { int delta; /* here we *assume* that p_index > rdb->window_start */ delta = (p_index - rdb->window_start); if (delta < rdb_bits_in_bitmask) { /* if the p_index is within the window, set the appropriate bit */ v128_set_bit(&rdb->bitmask, delta); } else { delta -= rdb_bits_in_bitmask - 1; /* shift the window forward by delta bits*/ v128_left_shift(&rdb->bitmask, delta); v128_set_bit(&rdb->bitmask, rdb_bits_in_bitmask - 1); rdb->window_start += delta; } return srtp_err_status_ok; } srtp_err_status_t srtp_rdb_increment (srtp_rdb_t *rdb) { if (rdb->window_start >= 0x7fffffff) { return srtp_err_status_key_expired; } ++rdb->window_start; return srtp_err_status_ok; } uint32_t srtp_rdb_get_value (const srtp_rdb_t *rdb) { return rdb->window_start; } libsrtp-2.1.0/crypto/replay/rdbx.c000066400000000000000000000270301312031100000170670ustar00rootroot00000000000000/* * rdbx.c * * a replay database with extended range, using a rollover counter * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "rdbx.h" /* * from RFC 3711: * * A receiver reconstructs the index i of a packet with sequence * number SEQ using the estimate * * i = 2^16 * v + SEQ, * * where v is chosen from the set { ROC-1, ROC, ROC+1 } such that i is * closest to the value 2^16 * ROC + s_l. If the value r+1 is used, * then the rollover counter r in the cryptographic context is * incremented by one (if the packet containing s is authentic). */ /* * rdbx implementation notes * * A srtp_xtd_seq_num_t is essentially a sequence number for which some of * the data on the wire are implicit. It logically consists of a * rollover counter and a sequence number; the sequence number is the * explicit part, and the rollover counter is the implicit part. * * Upon receiving a sequence_number (e.g. in a newly received SRTP * packet), the complete srtp_xtd_seq_num_t can be estimated by using a * local srtp_xtd_seq_num_t as a basis. This is done using the function * srtp_index_guess(&local, &guess, seq_from_packet). This function * returns the difference of the guess and the local value. The local * srtp_xtd_seq_num_t can be moved forward to the guess using the function * srtp_index_advance(&guess, delta), where delta is the difference. * * * A srtp_rdbx_t consists of a srtp_xtd_seq_num_t and a bitmask. The index is highest * sequence number that has been received, and the bitmask indicates * which of the recent indicies have been received as well. The * highest bit in the bitmask corresponds to the index in the bitmask. */ void srtp_index_init (srtp_xtd_seq_num_t *pi) { #ifdef NO_64BIT_MATH *pi = make64(0, 0); #else *pi = 0; #endif } void srtp_index_advance (srtp_xtd_seq_num_t *pi, srtp_sequence_number_t s) { #ifdef NO_64BIT_MATH /* a > ~b means a+b will generate a carry */ /* s is uint16 here */ *pi = make64(high32(*pi) + (s > ~low32(*pi) ? 1 : 0), low32(*pi) + s); #else *pi += s; #endif } /* * srtp_index_guess(local, guess, s) * * given a srtp_xtd_seq_num_t local (which represents the last * known-to-be-good received srtp_xtd_seq_num_t) and a sequence number s * (from a newly arrived packet), sets the contents of *guess to * contain the best guess of the packet index to which s corresponds, * and returns the difference between *guess and *local * * nota bene - the output is a signed integer, DON'T cast it to a * unsigned integer! */ int32_t srtp_index_guess (const srtp_xtd_seq_num_t *local, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s) { #ifdef NO_64BIT_MATH uint32_t local_roc = ((high32(*local) << 16) | (low32(*local) >> 16)); uint16_t local_seq = (uint16_t)(low32(*local)); #else uint32_t local_roc = (uint32_t)(*local >> 16); uint16_t local_seq = (uint16_t)*local; #endif #ifdef NO_64BIT_MATH uint32_t guess_roc = ((high32(*guess) << 16) | (low32(*guess) >> 16)); uint16_t guess_seq = (uint16_t)(low32(*guess)); #else uint32_t guess_roc = (uint32_t)(*guess >> 16); uint16_t guess_seq = (uint16_t)*guess; #endif int32_t difference; if (local_seq < seq_num_median) { if (s - local_seq > seq_num_median) { guess_roc = local_roc - 1; difference = s - local_seq - seq_num_max; } else { guess_roc = local_roc; difference = s - local_seq; } } else { if (local_seq - seq_num_median > s) { guess_roc = local_roc + 1; difference = s - local_seq + seq_num_max; } else { guess_roc = local_roc; difference = s - local_seq; } } guess_seq = s; /* Note: guess_roc is 32 bits, so this generates a 48-bit result! */ #ifdef NO_64BIT_MATH *guess = make64(guess_roc >> 16, (guess_roc << 16) | guess_seq); #else *guess = (((uint64_t)guess_roc) << 16) | guess_seq; #endif return difference; } /* * rdbx * */ /* * srtp_rdbx_init(&r, ws) initializes the srtp_rdbx_t pointed to by r with window size ws */ srtp_err_status_t srtp_rdbx_init (srtp_rdbx_t *rdbx, unsigned long ws) { if (ws == 0) { return srtp_err_status_bad_param; } if (bitvector_alloc(&rdbx->bitmask, ws) != 0) { return srtp_err_status_alloc_fail; } srtp_index_init(&rdbx->index); return srtp_err_status_ok; } /* * srtp_rdbx_dealloc(&r) frees memory for the srtp_rdbx_t pointed to by r */ srtp_err_status_t srtp_rdbx_dealloc (srtp_rdbx_t *rdbx) { bitvector_dealloc(&rdbx->bitmask); return srtp_err_status_ok; } /* * srtp_rdbx_set_roc(rdbx, roc) initalizes the srtp_rdbx_t at the location rdbx * to have the rollover counter value roc. If that value is less than * the current rollover counter value, then the function returns * srtp_err_status_replay_old; otherwise, srtp_err_status_ok is returned. * */ srtp_err_status_t srtp_rdbx_set_roc (srtp_rdbx_t *rdbx, uint32_t roc) { bitvector_set_to_zero(&rdbx->bitmask); #ifdef NO_64BIT_MATH #error not yet implemented #else /* make sure that we're not moving backwards */ if (roc < (rdbx->index >> 16)) { return srtp_err_status_replay_old; } rdbx->index &= 0xffff; /* retain lowest 16 bits */ rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */ #endif return srtp_err_status_ok; } /* * srtp_rdbx_get_packet_index(rdbx) returns the value of the packet index * for the srtp_rdbx_t pointed to by rdbx * */ srtp_xtd_seq_num_t srtp_rdbx_get_packet_index (const srtp_rdbx_t *rdbx) { return rdbx->index; } /* * srtp_rdbx_get_window_size(rdbx) returns the value of the window size * for the srtp_rdbx_t pointed to by rdbx * */ unsigned long srtp_rdbx_get_window_size (const srtp_rdbx_t *rdbx) { return bitvector_get_length(&rdbx->bitmask); } /* * srtp_rdbx_check(&r, delta) checks to see if the srtp_xtd_seq_num_t * which is at rdbx->index + delta is in the rdb */ srtp_err_status_t srtp_rdbx_check (const srtp_rdbx_t *rdbx, int delta) { if (delta > 0) { /* if delta is positive, it's good */ return srtp_err_status_ok; } else if ((int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta < 0) { /* if delta is lower than the bitmask, it's bad */ return srtp_err_status_replay_old; } else if (bitvector_get_bit(&rdbx->bitmask, (int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta) == 1) { /* delta is within the window, so check the bitmask */ return srtp_err_status_replay_fail; } /* otherwise, the index is okay */ return srtp_err_status_ok; } /* * srtp_rdbx_add_index adds the srtp_xtd_seq_num_t at rdbx->window_start + d to * replay_db (and does *not* check if that srtp_xtd_seq_num_t appears in db) * * this function should be called only after replay_check has * indicated that the index does not appear in the rdbx, e.g., a mutex * should protect the rdbx between these calls if need be */ srtp_err_status_t srtp_rdbx_add_index (srtp_rdbx_t *rdbx, int delta) { if (delta > 0) { /* shift forward by delta */ srtp_index_advance(&rdbx->index, delta); bitvector_left_shift(&rdbx->bitmask, delta); bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1); } else { /* delta is in window */ bitvector_set_bit(&rdbx->bitmask, bitvector_get_length(&rdbx->bitmask) - 1 + delta); } /* note that we need not consider the case that delta == 0 */ return srtp_err_status_ok; } /* * srtp_rdbx_estimate_index(rdbx, guess, s) * * given an rdbx and a sequence number s (from a newly arrived packet), * sets the contents of *guess to contain the best guess of the packet * index to which s corresponds, and returns the difference between * *guess and the locally stored synch info */ int32_t srtp_rdbx_estimate_index (const srtp_rdbx_t *rdbx, srtp_xtd_seq_num_t *guess, srtp_sequence_number_t s) { /* * if the sequence number and rollover counter in the rdbx are * non-zero, then use the srtp_index_guess(...) function, otherwise, just * set the rollover counter to zero (since the srtp_index_guess(...) * function might incorrectly guess that the rollover counter is * 0xffffffff) */ #ifdef NO_64BIT_MATH /* seq_num_median = 0x8000 */ if (high32(rdbx->index) > 0 || low32(rdbx->index) > seq_num_median) #else if (rdbx->index > seq_num_median) #endif { return srtp_index_guess(&rdbx->index, guess, s); } #ifdef NO_64BIT_MATH *guess = make64(0, (uint32_t)s); #else *guess = s; #endif #ifdef NO_64BIT_MATH return s - (uint16_t)low32(rdbx->index); #else return s - (uint16_t)rdbx->index; #endif } /* * srtp_rdbx_get_roc(rdbx) * * Get the current rollover counter * */ uint32_t srtp_rdbx_get_roc(const srtp_rdbx_t *rdbx) { uint32_t roc; #ifdef NO_64BIT_MATH roc = ((high32(rdbx->index) << 16) | (low32(rdbx->index) >> 16)); #else roc = (uint32_t)(rdbx->index >> 16); #endif return roc; } /* * srtp_rdbx_set_roc_seq(rdbx, roc, seq) initalizes the srtp_rdbx_t at the * location rdbx to have the rollover counter value roc and packet sequence * number seq. If the new rollover counter value is less than the current * rollover counter value, then the function returns * srtp_err_status_replay_old, otherwise, srtp_err_status_ok is returned. */ srtp_err_status_t srtp_rdbx_set_roc_seq (srtp_rdbx_t *rdbx, uint32_t roc, uint16_t seq) { #ifdef NO_64BIT_MATH #error not yet implemented #else /* make sure that we're not moving backwards */ if (roc < (rdbx->index >> 16)) { return srtp_err_status_replay_old; } rdbx->index = seq; rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */ #endif bitvector_set_to_zero(&rdbx->bitmask); return srtp_err_status_ok; } libsrtp-2.1.0/crypto/replay/ut_sim.c000066400000000000000000000051221312031100000174260ustar00rootroot00000000000000/* * ut_sim.c * * an unreliable transport simulator * (for testing replay databases and suchlike) * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include "ut_sim.h" int ut_compar(const void *a, const void *b) { return rand() > (RAND_MAX/2) ? -1 : 1; } void ut_init(ut_connection *utc) { int i; utc->index = 0; for (i=0; i < UT_BUF; i++) utc->buffer[i] = i; qsort(utc->buffer, UT_BUF, sizeof(uint32_t), ut_compar); utc->index = UT_BUF - 1; } uint32_t ut_next_index(ut_connection *utc) { uint32_t tmp; tmp = utc->buffer[0]; utc->index++; utc->buffer[0] = utc->index; qsort(utc->buffer, UT_BUF, sizeof(uint32_t), ut_compar); return tmp; } #ifdef UT_TEST #include int main() { uint32_t i, irecvd, idiff; ut_connection utc; ut_init(&utc); for (i=0; i < 1000; i++) { irecvd = ut_next_index(&utc); idiff = i - irecvd; printf("%lu\t%lu\t%d\n", i, irecvd, idiff); } return 0; } #endif libsrtp-2.1.0/crypto/test/000077500000000000000000000000001312031100000154455ustar00rootroot00000000000000libsrtp-2.1.0/crypto/test/aes_calc.c000066400000000000000000000110501312031100000173400ustar00rootroot00000000000000/* * aes_calc.c * * A simple AES calculator for generating AES encryption values * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ /* Example usage (with first NIST FIPS 197 test case): [sh]$ test/aes_calc 000102030405060708090a0b0c0d0e0f 00112233445566778899aabbccddeeff -v plaintext: 00112233445566778899aabbccddeeff key: 000102030405060708090a0b0c0d0e0f ciphertext: 69c4e0d86a7b0430d8cdb78070b4c55a */ #ifdef HAVE_CONFIG_H #include #endif #include "aes.h" #include #include #include "util.h" void usage(char *prog_name) { printf("usage: %s [-v]\n", prog_name); exit(255); } #define AES_MAX_KEY_LEN 32 int main (int argc, char *argv[]) { v128_t data; uint8_t key[AES_MAX_KEY_LEN]; srtp_aes_expanded_key_t exp_key; int key_len, len; int verbose = 0; srtp_err_status_t status; if (argc == 3) { /* we're not in verbose mode */ verbose = 0; } else if (argc == 4) { if (strncmp(argv[3], "-v", 2) == 0) { /* we're in verbose mode */ verbose = 1; } else { /* unrecognized flag, complain and exit */ usage(argv[0]); } } else { /* we've been fed the wrong number of arguments - compain and exit */ usage(argv[0]); } /* read in key, checking length */ if (strlen(argv[1]) > AES_MAX_KEY_LEN*2) { fprintf(stderr, "error: too many digits in key " "(should be at most %d hexadecimal digits, found %u)\n", AES_MAX_KEY_LEN*2, (unsigned)strlen(argv[1])); exit(1); } len = hex_string_to_octet_string((char*)key, argv[1], AES_MAX_KEY_LEN*2); /* check that hex string is the right length */ if (len != 32 && len != 48 && len != 64) { fprintf(stderr, "error: bad number of digits in key " "(should be 32/48/64 hexadecimal digits, found %d)\n", len); exit(1); } key_len = len/2; /* read in plaintext, checking length */ if (strlen(argv[2]) > 16*2) { fprintf(stderr, "error: too many digits in plaintext " "(should be %d hexadecimal digits, found %u)\n", 16*2, (unsigned)strlen(argv[2])); exit(1); } len = hex_string_to_octet_string((char *)(&data), argv[2], 16*2); /* check that hex string is the right length */ if (len < 16*2) { fprintf(stderr, "error: too few digits in plaintext " "(should be %d hexadecimal digits, found %d)\n", 16*2, len); exit(1); } if (verbose) { /* print out plaintext */ printf("plaintext:\t%s\n", octet_string_hex_string((uint8_t *)&data, 16)); } /* encrypt plaintext */ status = srtp_aes_expand_encryption_key(key, key_len, &exp_key); if (status) { fprintf(stderr, "error: AES key expansion failed.\n"); exit(1); } srtp_aes_encrypt(&data, &exp_key); /* write ciphertext to output */ if (verbose) { printf("key:\t\t%s\n", octet_string_hex_string(key, key_len)); printf("ciphertext:\t"); } printf("%s\n", v128_hex_string(&data)); return 0; } ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/crypto/test/cipher_driver.c�����������������������������������������������������������0000664�0000000�0000000�00000041252�13120311000�0020442�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * cipher_driver.c * * A driver for the generic cipher type * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include <stdio.h> /* for printf() */ #include <stdlib.h> /* for rand() */ #include <string.h> /* for memset() */ #include "getopt_s.h" #include "cipher.h" #ifdef OPENSSL #include "aes_icm_ossl.h" #include "aes_gcm_ossl.h" #else #include "aes_icm.h" #endif #define PRINT_DEBUG 0 void cipher_driver_test_throughput(srtp_cipher_t *c); srtp_err_status_t cipher_driver_self_test(srtp_cipher_type_t *ct); /* * cipher_driver_test_buffering(ct) tests the cipher's output * buffering for correctness by checking the consistency of succesive * calls */ srtp_err_status_t cipher_driver_test_buffering(srtp_cipher_t *c); /* * functions for testing cipher cache thrash */ srtp_err_status_t cipher_driver_test_array_throughput(srtp_cipher_type_t *ct, int klen, int num_cipher); void cipher_array_test_throughput(srtp_cipher_t *ca[], int num_cipher); uint64_t cipher_array_bits_per_second(srtp_cipher_t *cipher_array[], int num_cipher, unsigned octets_in_buffer, int num_trials); srtp_err_status_t cipher_array_delete(srtp_cipher_t *cipher_array[], int num_cipher); srtp_err_status_t cipher_array_alloc_init(srtp_cipher_t ***cipher_array, int num_ciphers, srtp_cipher_type_t *ctype, int klen); void usage(char *prog_name) { printf("usage: %s [ -t | -v | -a ]\n", prog_name); exit(255); } void check_status(srtp_err_status_t s) { if (s) { printf("error (code %d)\n", s); exit(s); } return; } /* * null_cipher and srtp_aes_icm are the cipher meta-objects * defined in the files in crypto/cipher subdirectory. these are * declared external so that we can use these cipher types here */ extern srtp_cipher_type_t srtp_null_cipher; extern srtp_cipher_type_t srtp_aes_icm_128; extern srtp_cipher_type_t srtp_aes_icm_256; #ifdef OPENSSL extern srtp_cipher_type_t srtp_aes_icm_192; extern srtp_cipher_type_t srtp_aes_gcm_128_openssl; extern srtp_cipher_type_t srtp_aes_gcm_256_openssl; #endif int main(int argc, char *argv[]) { srtp_cipher_t *c = NULL; srtp_err_status_t status; unsigned char test_key[48] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, }; int q; unsigned do_timing_test = 0; unsigned do_validation = 0; unsigned do_array_timing_test = 0; /* process input arguments */ while (1) { q = getopt_s(argc, argv, "tva"); if (q == -1) break; switch (q) { case 't': do_timing_test = 1; break; case 'v': do_validation = 1; break; case 'a': do_array_timing_test = 1; break; default: usage(argv[0]); } } printf("cipher test driver\n" "David A. McGrew\n" "Cisco Systems, Inc.\n"); if (!do_validation && !do_timing_test && !do_array_timing_test) usage(argv[0]); /* arry timing (cache thrash) test */ if (do_array_timing_test) { int max_num_cipher = 1 << 16; /* number of ciphers in cipher_array */ int num_cipher; for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) cipher_driver_test_array_throughput(&srtp_null_cipher, 0, num_cipher); for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) cipher_driver_test_array_throughput(&srtp_aes_icm_128, SRTP_AES_ICM_128_KEY_LEN_WSALT, num_cipher); for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) cipher_driver_test_array_throughput(&srtp_aes_icm_256, SRTP_AES_ICM_256_KEY_LEN_WSALT, num_cipher); #ifdef OPENSSL for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) cipher_driver_test_array_throughput(&srtp_aes_icm_192, SRTP_AES_ICM_192_KEY_LEN_WSALT, num_cipher); for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) { cipher_driver_test_array_throughput(&srtp_aes_gcm_128_openssl, SRTP_AES_GCM_128_KEY_LEN_WSALT, num_cipher); } for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) { cipher_driver_test_array_throughput(&srtp_aes_gcm_256_openssl, SRTP_AES_GCM_256_KEY_LEN_WSALT, num_cipher); } #endif } if (do_validation) { cipher_driver_self_test(&srtp_null_cipher); cipher_driver_self_test(&srtp_aes_icm_128); cipher_driver_self_test(&srtp_aes_icm_256); #ifdef OPENSSL cipher_driver_self_test(&srtp_aes_icm_192); cipher_driver_self_test(&srtp_aes_gcm_128_openssl); cipher_driver_self_test(&srtp_aes_gcm_256_openssl); #endif } /* do timing and/or buffer_test on srtp_null_cipher */ status = srtp_cipher_type_alloc(&srtp_null_cipher, &c, 0, 0); check_status(status); status = srtp_cipher_init(c, NULL); check_status(status); if (do_timing_test) cipher_driver_test_throughput(c); if (do_validation) { status = cipher_driver_test_buffering(c); check_status(status); } status = srtp_cipher_dealloc(c); check_status(status); /* run the throughput test on the aes_icm cipher (128-bit key) */ status = srtp_cipher_type_alloc(&srtp_aes_icm_128, &c, SRTP_AES_ICM_128_KEY_LEN_WSALT, 0); if (status) { fprintf(stderr, "error: can't allocate cipher\n"); exit(status); } status = srtp_cipher_init(c, test_key); check_status(status); if (do_timing_test) cipher_driver_test_throughput(c); if (do_validation) { status = cipher_driver_test_buffering(c); check_status(status); } status = srtp_cipher_dealloc(c); check_status(status); /* repeat the tests with 256-bit keys */ status = srtp_cipher_type_alloc(&srtp_aes_icm_256, &c, SRTP_AES_ICM_256_KEY_LEN_WSALT, 0); if (status) { fprintf(stderr, "error: can't allocate cipher\n"); exit(status); } status = srtp_cipher_init(c, test_key); check_status(status); if (do_timing_test) cipher_driver_test_throughput(c); if (do_validation) { status = cipher_driver_test_buffering(c); check_status(status); } status = srtp_cipher_dealloc(c); check_status(status); #ifdef OPENSSL /* run the throughput test on the aes_gcm_128_openssl cipher */ status = srtp_cipher_type_alloc(&srtp_aes_gcm_128_openssl, &c, SRTP_AES_GCM_128_KEY_LEN_WSALT, 8); if (status) { fprintf(stderr, "error: can't allocate GCM 128 cipher\n"); exit(status); } status = srtp_cipher_init(c, test_key); check_status(status); if (do_timing_test) { cipher_driver_test_throughput(c); } if (do_validation) { status = cipher_driver_test_buffering(c); check_status(status); } status = srtp_cipher_dealloc(c); check_status(status); /* run the throughput test on the aes_gcm_256_openssl cipher */ status = srtp_cipher_type_alloc(&srtp_aes_gcm_256_openssl, &c, SRTP_AES_GCM_256_KEY_LEN_WSALT, 16); if (status) { fprintf(stderr, "error: can't allocate GCM 256 cipher\n"); exit(status); } status = srtp_cipher_init(c, test_key); check_status(status); if (do_timing_test) { cipher_driver_test_throughput(c); } if (do_validation) { status = cipher_driver_test_buffering(c); check_status(status); } status = srtp_cipher_dealloc(c); check_status(status); #endif return 0; } void cipher_driver_test_throughput(srtp_cipher_t *c) { int i; int min_enc_len = 32; int max_enc_len = 2048; /* should be a power of two */ int num_trials = 1000000; printf("timing %s throughput, key length %d:\n", c->type->description, c->key_len); fflush(stdout); for (i=min_enc_len; i <= max_enc_len; i = i * 2) printf("msg len: %d\tgigabits per second: %f\n", i, srtp_cipher_bits_per_second(c, i, num_trials) / 1e9); } srtp_err_status_t cipher_driver_self_test(srtp_cipher_type_t *ct) { srtp_err_status_t status; printf("running cipher self-test for %s...", ct->description); status = srtp_cipher_type_self_test(ct); if (status) { printf("failed with error code %d\n", status); exit(status); } printf("passed\n"); return srtp_err_status_ok; } /* * cipher_driver_test_buffering(ct) tests the cipher's output * buffering for correctness by checking the consistency of succesive * calls */ #define INITIAL_BUFLEN 1024 srtp_err_status_t cipher_driver_test_buffering(srtp_cipher_t *c) { int i, j, num_trials = 1000; unsigned len, buflen = INITIAL_BUFLEN; uint8_t buffer0[INITIAL_BUFLEN], buffer1[INITIAL_BUFLEN], *current, *end; uint8_t idx[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x34 }; srtp_err_status_t status; printf("testing output buffering for cipher %s...", c->type->description); for (i=0; i < num_trials; i++) { /* set buffers to zero */ for (j=0; j < (int) buflen; j++) { buffer0[j] = buffer1[j] = 0; } /* initialize cipher */ status = srtp_cipher_set_iv(c, (uint8_t*)idx, srtp_direction_encrypt); if (status) return status; /* generate 'reference' value by encrypting all at once */ status = srtp_cipher_encrypt(c, buffer0, &buflen); if (status) return status; /* re-initialize cipher */ status = srtp_cipher_set_iv(c, (uint8_t*)idx, srtp_direction_encrypt); if (status) return status; /* now loop over short lengths until buffer1 is encrypted */ current = buffer1; end = buffer1 + buflen; while (current < end) { /* choose a short length */ len = rand() & 0x01f; /* make sure that len doesn't cause us to overreach the buffer */ if (current + len > end) len = end - current; status = srtp_cipher_encrypt(c, current, &len); if (status) return status; /* advance pointer into buffer1 to reflect encryption */ current += len; /* if buffer1 is all encrypted, break out of loop */ if (current == end) break; } /* compare buffers */ for (j=0; j < (int) buflen; j++) { if (buffer0[j] != buffer1[j]) { #if PRINT_DEBUG printf("test case %d failed at byte %d\n", i, j); printf("computed: %s\n", octet_string_hex_string(buffer1, buflen)); printf("expected: %s\n", octet_string_hex_string(buffer0, buflen)); #endif return srtp_err_status_algo_fail; } } } printf("passed\n"); return srtp_err_status_ok; } /* * The function cipher_test_throughput_array() tests the effect of CPU * cache thrash on cipher throughput. * * cipher_array_alloc_init(ctype, array, num_ciphers) creates an array * of srtp_cipher_t of type ctype */ srtp_err_status_t cipher_array_alloc_init(srtp_cipher_t ***ca, int num_ciphers, srtp_cipher_type_t *ctype, int klen) { int i, j; srtp_err_status_t status; uint8_t *key; srtp_cipher_t **cipher_array; /* pad klen allocation, to handle aes_icm reading 16 bytes for the 14-byte salt */ int klen_pad = ((klen + 15) >> 4) << 4; /* allocate array of pointers to ciphers */ cipher_array = (srtp_cipher_t **) malloc(sizeof(srtp_cipher_t *) * num_ciphers); if (cipher_array == NULL) return srtp_err_status_alloc_fail; /* set ca to location of cipher_array */ *ca = cipher_array; /* allocate key */ key = srtp_crypto_alloc(klen_pad); if (key == NULL) { free(cipher_array); return srtp_err_status_alloc_fail; } /* allocate and initialize an array of ciphers */ for (i=0; i < num_ciphers; i++) { /* allocate cipher */ status = srtp_cipher_type_alloc(ctype, cipher_array, klen, 16); if (status) return status; /* generate random key and initialize cipher */ for (j=0; j < klen; j++) key[j] = (uint8_t) rand(); for (; j < klen_pad; j++) key[j] = 0; status = srtp_cipher_init(*cipher_array, key); if (status) return status; /* printf("%dth cipher is at %p\n", i, *cipher_array); */ /* printf("%dth cipher description: %s\n", i, */ /* (*cipher_array)->type->description); */ /* advance cipher array pointer */ cipher_array++; } srtp_crypto_free(key); return srtp_err_status_ok; } srtp_err_status_t cipher_array_delete(srtp_cipher_t *cipher_array[], int num_cipher) { int i; for (i=0; i < num_cipher; i++) { srtp_cipher_dealloc(cipher_array[i]); } free(cipher_array); return srtp_err_status_ok; } /* * cipher_array_bits_per_second(c, l, t) computes (an estimate of) the * number of bits that a cipher implementation can encrypt in a second * when distinct keys are used to encrypt distinct messages * * c is a cipher (which MUST be allocated an initialized already), l * is the length in octets of the test data to be encrypted, and t is * the number of trials * * if an error is encountered, the value 0 is returned */ uint64_t cipher_array_bits_per_second(srtp_cipher_t *cipher_array[], int num_cipher, unsigned octets_in_buffer, int num_trials) { int i; v128_t nonce; clock_t timer; unsigned char *enc_buf; int cipher_index = rand() % num_cipher; /* Over-alloc, for NIST CBC padding */ enc_buf = srtp_crypto_alloc(octets_in_buffer+17); if (enc_buf == NULL) return 0; /* indicate bad parameters by returning null */ memset(enc_buf, 0, octets_in_buffer); /* time repeated trials */ v128_set_to_zero(&nonce); timer = clock(); for(i=0; i < num_trials; i++, nonce.v32[3] = i) { /* length parameter to srtp_cipher_encrypt is in/out -- out is total, padded * length -- so reset it each time. */ unsigned octets_to_encrypt = octets_in_buffer; /* encrypt buffer with cipher */ srtp_cipher_set_iv(cipher_array[cipher_index], (uint8_t*)&nonce, srtp_direction_encrypt); srtp_cipher_encrypt(cipher_array[cipher_index], enc_buf, &octets_to_encrypt); /* choose a cipher at random from the array*/ cipher_index = (*((uint32_t *)enc_buf)) % num_cipher; } timer = clock() - timer; free(enc_buf); if (timer == 0) { /* Too fast! */ return 0; } return (uint64_t)CLOCKS_PER_SEC * num_trials * 8 * octets_in_buffer / timer; } void cipher_array_test_throughput(srtp_cipher_t *ca[], int num_cipher) { int i; int min_enc_len = 16; int max_enc_len = 2048; /* should be a power of two */ int num_trials = 1000000; printf("timing %s throughput with key length %d, array size %d:\n", (ca[0])->type->description, (ca[0])->key_len, num_cipher); fflush(stdout); for (i=min_enc_len; i <= max_enc_len; i = i * 4) printf("msg len: %d\tgigabits per second: %f\n", i, cipher_array_bits_per_second(ca, num_cipher, i, num_trials) / 1e9); } srtp_err_status_t cipher_driver_test_array_throughput(srtp_cipher_type_t *ct, int klen, int num_cipher) { srtp_cipher_t **ca = NULL; srtp_err_status_t status; status = cipher_array_alloc_init(&ca, num_cipher, ct, klen); if (status) { printf("error: cipher_array_alloc_init() failed with error code %d\n", status); return status; } cipher_array_test_throughput(ca, num_cipher); cipher_array_delete(ca, num_cipher); return srtp_err_status_ok; } ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/crypto/test/datatypes_driver.c��������������������������������������������������������0000664�0000000�0000000�00000014263�13120311000�0021170�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * datatypes_driver.c * * a test driver for crypto/math datatypes * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include <stdio.h> /* for printf() */ #include <string.h> /* for strlen() */ #include "datatypes.h" #include "util.h" void byte_order(void); void test_hex_string_funcs(void); void print_string(char *s); void test_bswap(void); int main (void) { /* * this program includes various and sundry tests for fundamental * datatypes. it's a grab-bag of throwaway code, retained only in * case of future problems */ int i, j; v128_t x; char *r = "The Moving Finger writes; and, having writ,\n" "Moves on: nor all thy Piety nor Wit\n" "Shall lure it back to cancel half a Line,\n" "Nor all thy Tears wash out a Word of it."; char *s = "incomplet"; print_string(r); print_string(s); byte_order(); test_hex_string_funcs(); for (j=0; j < 128; j++) { v128_set_to_zero(&x); /* x.v32[0] = (1 << j); */ v128_set_bit(&x, j); printf("%s\n", v128_bit_string(&x)); v128_clear_bit(&x, j); printf("%s\n", v128_bit_string(&x)); } printf("----------------------------------------------\n"); v128_set_to_zero(&x); for (i=0; i < 128; i++) { v128_set_bit(&x, i); } printf("%s\n", v128_bit_string(&x)); printf("----------------------------------------------\n"); v128_set_to_zero(&x); v128_set_bit(&x, 0); for (i=0; i < 128; i++) { printf("%s\n", v128_bit_string(&x)); v128_right_shift(&x, 1); } printf("----------------------------------------------\n"); v128_set_to_zero(&x); v128_set_bit(&x, 127); for (i=0; i < 128; i++) { printf("%s\n", v128_bit_string(&x)); v128_left_shift(&x, 1); } printf("----------------------------------------------\n"); for (i=0; i < 128; i++) { v128_set_to_zero(&x); v128_set_bit(&x, 127); v128_left_shift(&x, i); printf("%s\n", v128_bit_string(&x)); } printf("----------------------------------------------\n"); v128_set_to_zero(&x); for (i=0; i < 128; i+=2) { v128_set_bit(&x, i); } printf("bit_string: { %s }\n", v128_bit_string(&x)); printf("get_bit: { "); for (i=0; i < 128; i++) { if (v128_get_bit(&x, i) == 1) printf("1"); else printf("0"); } printf(" } \n"); test_bswap(); return 0; } /* byte_order() prints out byte ordering of datatypes */ void byte_order(void) { int i; v128_t e; #if 0 v16_t b; v32_t c; v64_t d; for (i=0; i < sizeof(b); i++) b.octet[i] = i; for (i=0; i < sizeof(c); i++) c.octet[i] = i; for (i=0; i < sizeof(d); i++) d.octet[i] = i; printf("v128_t:\t%s\n", v128_hex_string(&e)); printf("v64_t:\t%s\n", v64_hex_string(&d)); printf("v32_t:\t%s\n", v32_hex_string(c)); printf("v16_t:\t%s\n", v16_hex_string(b)); c.value = 0x01020304; printf("v32_t:\t%s\n", v32_hex_string(c)); b.value = 0x0102; printf("v16_t:\t%s\n", v16_hex_string(b)); printf("uint16_t ordering:\n"); c.value = 0x00010002; printf("v32_t:\t%x%x\n", c.v16[0], c.v16[1]); #endif printf("byte ordering of crypto/math datatypes:\n"); for (i=0; i < sizeof(e); i++) e.v8[i] = i; printf("v128_t: %s\n", v128_hex_string(&e)); } void test_hex_string_funcs(void) { char hex1[] = "abadcafe"; char hex2[] = "0123456789abcdefqqqqq"; char raw[10]; int len; len = hex_string_to_octet_string(raw, hex1, strlen(hex1)); printf("computed length: %d\tstring: %s\n", len, octet_string_hex_string(raw, len/2)); printf("expected length: %u\tstring: %s\n", (unsigned)strlen(hex1), hex1); len = hex_string_to_octet_string(raw, hex2, strlen(hex2)); printf("computed length: %d\tstring: %s\n", len, octet_string_hex_string(raw, len/2)); printf("expected length: %d\tstring: %s\n", 16, "0123456789abcdef"); } void print_string(char *s) { size_t i; printf("%s\n", s); printf("strlen(s) = %u\n", (unsigned)strlen(s)); printf("{ "); for (i=0; i < strlen(s); i++) { printf("0x%x, ", s[i]); if (((i+1) % 8) == 0) printf("\n "); } printf("}\n"); } void test_bswap(void) { uint32_t x = 0x11223344; uint64_t y = 0x1122334455667788LL; printf("before: %0x\nafter: %0x\n", x, (unsigned int)be32_to_cpu(x)); printf("before: %0llx\nafter: %0llx\n", (unsigned long long)y, (unsigned long long)be64_to_cpu(y)); y = 1234; printf("1234: %0llx\n", (unsigned long long)y); printf("as octet string: %s\n", octet_string_hex_string((uint8_t *) &y, 8)); y = be64_to_cpu(y); printf("bswapped octet string: %s\n", octet_string_hex_string((uint8_t *) &y, 8)); } ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/crypto/test/env.c���������������������������������������������������������������������0000664�0000000�0000000�00000005342�13120311000�0016405�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * env.c * * prints out a brief report on the build environment * * David McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include <stdio.h> #include <string.h> /* for srtcmp() */ #include "config.h" int main(void) { int err_count = 0; #ifdef WORDS_BIGENDIAN printf("CPU set to big-endian\t\t\t(WORDS_BIGENDIAN == 1)\n"); #else printf("CPU set to little-endian\t\t(WORDS_BIGENDIAN == 0)\n"); #endif #ifdef CPU_RISC printf("CPU set to RISC\t\t\t\t(CPU_RISC == 1)\n"); #elif defined(CPU_CISC) printf("CPU set to CISC\t\t\t\t(CPU_CISC == 1)\n"); #else printf("CPU set to an unknown type, probably due to a configuration error\n"); err_count++; #endif #ifdef CPU_ALTIVEC printf("CPU set to ALTIVEC\t\t\t\t(CPU_ALTIVEC == 0)\n"); #endif #ifndef NO_64BIT_MATH printf("using native 64-bit type\t\t(NO_64_BIT_MATH == 0)\n"); #else printf("using built-in 64-bit math\t\t(NO_64_BIT_MATH == 1)\n"); #endif #ifdef ERR_REPORTING_STDOUT printf("using stdout for error reporting\t(ERR_REPORTING_STDOUT == 1)\n"); #endif if (err_count) printf("warning: configuration is probably in error " "(found %d problems)\n", err_count); return err_count; } ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/crypto/test/kernel_driver.c�����������������������������������������������������������0000664�0000000�0000000�00000006617�13120311000�0020456�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * kernel_driver.c * * a test driver for the crypto_kernel * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright(c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include <stdio.h> /* for printf() */ #include "getopt_s.h" #include "crypto_kernel.h" void usage(char *prog_name) { printf("usage: %s [ -v ][ -d debug_module ]*\n", prog_name); exit(255); } int main (int argc, char *argv[]) { int q; int do_validation = 0; srtp_err_status_t status; if (argc == 1) usage(argv[0]); /* initialize kernel - we need to do this before anything else */ status = srtp_crypto_kernel_init(); if (status) { printf("error: srtp_crypto_kernel init failed\n"); exit(1); } printf("srtp_crypto_kernel successfully initalized\n"); /* process input arguments */ while (1) { q = getopt_s(argc, argv, "vd:"); if (q == -1) break; switch (q) { case 'v': do_validation = 1; break; case 'd': status = srtp_crypto_kernel_set_debug_module(optarg_s, 1); if (status) { printf("error: set debug module (%s) failed\n", optarg_s); exit(1); } break; default: usage(argv[0]); } } if (do_validation) { printf("checking srtp_crypto_kernel status...\n"); status = srtp_crypto_kernel_status(); if (status) { printf("failed\n"); exit(1); } printf("srtp_crypto_kernel passed self-tests\n"); } status = srtp_crypto_kernel_shutdown(); if (status) { printf("error: srtp_crypto_kernel shutdown failed\n"); exit(1); } printf("srtp_crypto_kernel successfully shut down\n"); return 0; } /* * crypto_kernel_cipher_test() is a test of the cipher interface * of the crypto_kernel */ srtp_err_status_t crypto_kernel_cipher_test(void) { /* not implemented yet! */ return srtp_err_status_ok; } �����������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/crypto/test/sha1_driver.c�������������������������������������������������������������0000664�0000000�0000000�00000036731�13120311000�0020032�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * sha1_driver.c * * a test driver for SHA-1 * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include <stdio.h> #include <string.h> #include "sha1.h" #include "util.h" #define SHA_PASS 0 #define SHA_FAIL 1 #define MAX_HASH_DATA_LEN 1024 #define MAX_HASH_OUT_LEN 20 typedef struct hash_test_case_t { unsigned data_len; /* number of octets in data */ unsigned hash_len; /* number of octets output by hash */ uint8_t data[MAX_HASH_DATA_LEN]; /* message data */ uint8_t hash[MAX_HASH_OUT_LEN]; /* expected hash output */ struct hash_test_case_t *next_test_case; } hash_test_case_t; hash_test_case_t *sha1_test_case_list; srtp_err_status_t hash_test_case_add(hash_test_case_t **list_ptr, char *hex_data, unsigned data_len, char *hex_hash, unsigned hash_len) { hash_test_case_t *list_head = *list_ptr; hash_test_case_t *test_case; unsigned tmp_len; test_case = malloc(sizeof(hash_test_case_t)); if (test_case == NULL) return srtp_err_status_alloc_fail; tmp_len = hex_string_to_octet_string((char *)test_case->data, hex_data, data_len*2); if (tmp_len != data_len*2) { free(test_case); return srtp_err_status_parse_err; } tmp_len = hex_string_to_octet_string((char *)test_case->hash, hex_hash, hash_len*2); if (tmp_len != hash_len*2) { free(test_case); return srtp_err_status_parse_err; } test_case->data_len = data_len; test_case->hash_len = hash_len; /* add the new test case to the head of the list */ test_case->next_test_case = list_head; *list_ptr = test_case; return srtp_err_status_ok; } srtp_err_status_t sha1_test_case_validate(const hash_test_case_t *test_case) { srtp_sha1_ctx_t ctx; uint32_t hash_value[5]; if (test_case == NULL) return srtp_err_status_bad_param; if (test_case->hash_len != 20) return srtp_err_status_bad_param; if (test_case->data_len > MAX_HASH_DATA_LEN) return srtp_err_status_bad_param; srtp_sha1_init(&ctx); srtp_sha1_update(&ctx, test_case->data, test_case->data_len); srtp_sha1_final(&ctx, hash_value); if (0 == memcmp(test_case->hash, hash_value, 20)) { #if VERBOSE printf("PASSED: reference value: %s\n", octet_string_hex_string((const uint8_t *)test_case->hash, 20)); printf("PASSED: computed value: %s\n", octet_string_hex_string((const uint8_t *)hash_value, 20)); #endif return srtp_err_status_ok; } printf("reference value: %s\n", octet_string_hex_string((const uint8_t *)test_case->hash, 20)); printf("computed value: %s\n", octet_string_hex_string((const uint8_t *)hash_value, 20)); return srtp_err_status_algo_fail; } struct hex_sha1_test_case_t { unsigned bit_len; char hex_data[MAX_HASH_DATA_LEN*2]; char hex_hash[40]; }; srtp_err_status_t sha1_add_test_cases(void) { int i; srtp_err_status_t err; /* * these test cases are taken from the "SHA-1 Sample Vectors" * provided by NIST at http://csrc.nist.gov/cryptval/shs.html */ struct hex_sha1_test_case_t tc[] = { { 0, "", "da39a3ee5e6b4b0d3255bfef95601890afd80709" }, { 8, "a8", "99f2aa95e36f95c2acb0eaf23998f030638f3f15" }, { 16, "3000", "f944dcd635f9801f7ac90a407fbc479964dec024" }, { 24, "42749e", "a444319e9b6cc1e8464c511ec0969c37d6bb2619" }, { 32, "9fc3fe08", "16a0ff84fcc156fd5d3ca3a744f20a232d172253" }, { 40, "b5c1c6f1af", "fec9deebfcdedaf66dda525e1be43597a73a1f93" }, { 48, "e47571e5022e", "8ce051181f0ed5e9d0c498f6bc4caf448d20deb5" }, { 56, "3e1b28839fb758", "67da53837d89e03bf652ef09c369a3415937cfd3" }, { 64, "a81350cbb224cb90", "305e4ff9888ad855a78573cddf4c5640cce7e946" }, { 72, "c243d167923dec3ce1", "5902b77b3265f023f9bbc396ba1a93fa3509bde7" }, { 80, "50ac18c59d6a37a29bf4", "fcade5f5d156bf6f9af97bdfa9c19bccfb4ff6ab" }, { 88, "98e2b611ad3b1cccf634f6", "1d20fbe00533c10e3cbd6b27088a5de0c632c4b5" }, { 96, "73fe9afb68e1e8712e5d4eec", "7e1b7e0f7a8f3455a9c03e9580fd63ae205a2d93" }, { 104, "9e701ed7d412a9226a2a130e66", "706f0677146307b20bb0e8d6311e329966884d13" }, { 112, "6d3ee90413b0a7cbf69e5e6144ca", "a7241a703aaf0d53fe142f86bf2e849251fa8dff" }, { 120, "fae24d56514efcb530fd4802f5e71f", "400f53546916d33ad01a5e6df66822dfbdc4e9e6" }, { 128, "c5a22dd6eda3fe2bdc4ddb3ce6b35fd1", "fac8ab93c1ae6c16f0311872b984f729dc928ccd" }, { 136, "d98cded2adabf08fda356445c781802d95", "fba6d750c18da58f6e2aab10112b9a5ef3301b3b" }, { 144, "bcc6d7087a84f00103ccb32e5f5487a751a2", "29d27c2d44c205c8107f0351b05753ac708226b6" }, { 152, "36ecacb1055434190dbbc556c48bafcb0feb0d", "b971bfc1ebd6f359e8d74cb7ecfe7f898d0ba845" }, { 160, "5ff9edb69e8f6bbd498eb4537580b7fba7ad31d0", "96d08c430094b9fcc164ad2fb6f72d0a24268f68" }, { 168, "c95b441d8270822a46a798fae5defcf7b26abace36", "a287ea752a593d5209e287881a09c49fa3f0beb1" }, { 176, "83104c1d8a55b28f906f1b72cb53f68cbb097b44f860", "a06c713779cbd88519ed4a585ac0cb8a5e9d612b" }, { 184, "755175528d55c39c56493d697b790f099a5ce741f7754b", "bff7d52c13a3688132a1d407b1ab40f5b5ace298" }, { 192, "088fc38128bbdb9fd7d65228b3184b3faac6c8715f07272f", "c7566b91d7b6f56bdfcaa9781a7b6841aacb17e9" }, { 200, "a4a586eb9245a6c87e3adf1009ac8a49f46c07e14185016895", "ffa30c0b5c550ea4b1e34f8a60ec9295a1e06ac1" }, { 208, "8e7c555270c006092c2a3189e2a526b873e2e269f0fb28245256", "29e66ed23e914351e872aa761df6e4f1a07f4b81" }, { 216, "a5f3bfa6bb0ba3b59f6b9cbdef8a558ec565e8aa3121f405e7f2f0", "b28cf5e5b806a01491d41f69bd9248765c5dc292" }, { 224, "589054f0d2bd3c2c85b466bfd8ce18e6ec3e0b87d944cd093ba36469", "60224fb72c46069652cd78bcd08029ef64da62f3" }, { 232, "a0abb12083b5bbc78128601bf1cbdbc0fdf4b862b24d899953d8da0ff3", "b72c4a86f72608f24c05f3b9088ef92fba431df7" }, { 240, "82143f4cea6fadbf998e128a8811dc75301cf1db4f079501ea568da68eeb", "73779ad5d6b71b9b8328ef7220ff12eb167076ac" }, { 248, "9f1231dd6df1ff7bc0b0d4f989d048672683ce35d956d2f57913046267e6f3", "a09671d4452d7cf50015c914a1e31973d20cc1a0" }, { 256, "041c512b5eed791f80d3282f3a28df263bb1df95e1239a7650e5670fc2187919", "e88cdcd233d99184a6fd260b8fca1b7f7687aee0" }, { 264, "17e81f6ae8c2e5579d69dafa6e070e7111461552d314b691e7a3e7a4feb3fae418", "010def22850deb1168d525e8c84c28116cb8a269" }, { 272, "d15976b23a1d712ad28fad04d805f572026b54dd64961fda94d5355a0cc98620cf77", "aeaa40ba1717ed5439b1e6ea901b294ba500f9ad" }, { 280, "09fce4d434f6bd32a44e04b848ff50ec9f642a8a85b37a264dc73f130f22838443328f", "c6433791238795e34f080a5f1f1723f065463ca0" }, { 288, "f17af27d776ec82a257d8d46d2b46b639462c56984cc1be9c1222eadb8b26594a25c709d", "e21e22b89c1bb944a32932e6b2a2f20d491982c3" }, { 296, "b13ce635d6f8758143ffb114f2f601cb20b6276951416a2f94fbf4ad081779d79f4f195b22", "575323a9661f5d28387964d2ba6ab92c17d05a8a" }, { 304, "5498793f60916ff1c918dde572cdea76da8629ba4ead6d065de3dfb48de94d234cc1c5002910", "feb44494af72f245bfe68e86c4d7986d57c11db7" }, { 312, "498a1e0b39fa49582ae688cd715c86fbaf8a81b8b11b4d1594c49c902d197c8ba8a621fd6e3be5", "cff2290b3648ba2831b98dde436a72f9ebf51eee" }, { 320, "3a36ae71521f9af628b3e34dcb0d4513f84c78ee49f10416a98857150b8b15cb5c83afb4b570376e", "9b4efe9d27b965905b0c3dab67b8d7c9ebacd56c" }, { 328, "dcc76b40ae0ea3ba253e92ac50fcde791662c5b6c948538cffc2d95e9de99cac34dfca38910db2678f", "afedb0ff156205bcd831cbdbda43db8b0588c113" }, { 336, "5b5ec6ec4fd3ad9c4906f65c747fd4233c11a1736b6b228b92e90cddabb0c7c2fcf9716d3fad261dff33", "8deb1e858f88293a5e5e4d521a34b2a4efa70fc4" }, { 344, "df48a37b29b1d6de4e94717d60cdb4293fcf170bba388bddf7a9035a15d433f20fd697c3e4c8b8c5f590ab", "95cbdac0f74afa69cebd0e5c7defbc6faf0cbeaf" }, { 352, "1f179b3b82250a65e1b0aee949e218e2f45c7a8dbfd6ba08de05c55acfc226b48c68d7f7057e5675cd96fcfc", "f0307bcb92842e5ae0cd4f4f14f3df7f877fbef2" }, { 360, "ee3d72da3a44d971578972a8e6780ce64941267e0f7d0179b214fa97855e1790e888e09fbe3a70412176cb3b54", "7b13bb0dbf14964bd63b133ac85e22100542ef55" }, { 368, "d4d4c7843d312b30f610b3682254c8be96d5f6684503f8fbfbcd15774fc1b084d3741afb8d24aaa8ab9c104f7258", "c314d2b6cf439be678d2a74e890d96cfac1c02ed" }, { 376, "32c094944f5936a190a0877fb9178a7bf60ceae36fd530671c5b38c5dbd5e6a6c0d615c2ac8ad04b213cc589541cf6", "4d0be361e410b47a9d67d8ce0bb6a8e01c53c078" }, { 384, "e5d3180c14bf27a5409fa12b104a8fd7e9639609bfde6ee82bbf9648be2546d29688a65e2e3f3da47a45ac14343c9c02", "e5353431ffae097f675cbf498869f6fbb6e1c9f2" }, { 392, "e7b6e4b69f724327e41e1188a37f4fe38b1dba19cbf5a7311d6e32f1038e97ab506ee05aebebc1eed09fc0e357109818b9", "b8720a7068a085c018ab18961de2765aa6cd9ac4" }, { 400, "bc880cb83b8ac68ef2fedc2da95e7677ce2aa18b0e2d8b322701f67af7d5e7a0d96e9e33326ccb7747cfff0852b961bfd475", "b0732181568543ba85f2b6da602b4b065d9931aa" }, { 408, "235ea9c2ba7af25400f2e98a47a291b0bccdaad63faa2475721fda5510cc7dad814bce8dabb611790a6abe56030b798b75c944", "9c22674cf3222c3ba921672694aafee4ce67b96b" }, { 416, "07e3e29fed63104b8410f323b975fd9fba53f636af8c4e68a53fb202ca35dd9ee07cb169ec5186292e44c27e5696a967f5e67709", "d128335f4cecca9066cdae08958ce656ff0b4cfc" }, { 424, "65d2a1dd60a517eb27bfbf530cf6a5458f9d5f4730058bd9814379547f34241822bf67e6335a6d8b5ed06abf8841884c636a25733f", "0b67c57ac578de88a2ae055caeaec8bb9b0085a0" }, { 432, "dcc86b3bd461615bab739d8daafac231c0f462e819ad29f9f14058f3ab5b75941d4241ea2f17ebb8a458831b37a9b16dead4a76a9b0e", "c766f912a89d4ccda88e0cce6a713ef5f178b596" }, { 440, "4627d54f0568dc126b62a8c35fb46a9ac5024400f2995e51635636e1afc4373dbb848eb32df23914230560b82477e9c3572647a7f2bb92", "9aa3925a9dcb177b15ccff9b78e70cf344858779" }, { 448, "ba531affd4381168ef24d8b275a84d9254c7f5cc55fded53aa8024b2c5c5c8aa7146fe1d1b83d62b70467e9a2e2cb67b3361830adbab28d7", "4811fa30042fc076acf37c8e2274d025307e5943" }, { 456, "8764dcbcf89dcf4282eb644e3d568bdccb4b13508bfa7bfe0ffc05efd1390be22109969262992d377691eb4f77f3d59ea8466a74abf57b2ef4", "6743018450c9730761ee2b130df9b91c1e118150" }, { 464, "497d9df9ddb554f3d17870b1a31986c1be277bc44feff713544217a9f579623d18b5ffae306c25a45521d2759a72c0459b58957255ab592f3be4", "71ad4a19d37d92a5e6ef3694ddbeb5aa61ada645" }, { 472, "72c3c2e065aefa8d9f7a65229e818176eef05da83f835107ba90ec2e95472e73e538f783b416c04654ba8909f26a12db6e5c4e376b7615e4a25819", "a7d9dc68dacefb7d6116186048cb355cc548e11d" }, { 480, "7cc9894454d0055ab5069a33984e2f712bef7e3124960d33559f5f3b81906bb66fe64da13c153ca7f5cabc89667314c32c01036d12ecaf5f9a78de98", "142e429f0522ba5abf5131fa81df82d355b96909" }, { 488, "74e8404d5a453c5f4d306f2cfa338ca65501c840ddab3fb82117933483afd6913c56aaf8a0a0a6b2a342fc3d9dc7599f4a850dfa15d06c61966d74ea59", "ef72db70dcbcab991e9637976c6faf00d22caae9" }, { 496, "46fe5ed326c8fe376fcc92dc9e2714e2240d3253b105adfbb256ff7a19bc40975c604ad7c0071c4fd78a7cb64786e1bece548fa4833c04065fe593f6fb10", "f220a7457f4588d639dc21407c942e9843f8e26b" }, { 504, "836dfa2524d621cf07c3d2908835de859e549d35030433c796b81272fd8bc0348e8ddbc7705a5ad1fdf2155b6bc48884ac0cd376925f069a37849c089c8645", "ddd2117b6e309c233ede85f962a0c2fc215e5c69" }, { 512, "7e3a4c325cb9c52b88387f93d01ae86d42098f5efa7f9457388b5e74b6d28b2438d42d8b64703324d4aa25ab6aad153ae30cd2b2af4d5e5c00a8a2d0220c6116", "a3054427cdb13f164a610b348702724c808a0dcc" } }; for (i=0; i < 65; i++) { err = hash_test_case_add(&sha1_test_case_list, tc[i].hex_data, tc[i].bit_len/8, tc[i].hex_hash, 20); if (err) { printf("error adding hash test case (code %d)\n", err); return err; } } return srtp_err_status_ok; } srtp_err_status_t sha1_dealloc_test_cases(void) { hash_test_case_t *t, *next; for (t = sha1_test_case_list; t != NULL; t = next) { next = t->next_test_case; free(t); } sha1_test_case_list = NULL; return srtp_err_status_ok; } srtp_err_status_t sha1_validate(void) { hash_test_case_t *test_case; srtp_err_status_t err; err = sha1_add_test_cases(); if (err) { printf("error adding SHA1 test cases (error code %d)\n", err); return err; } if (sha1_test_case_list == NULL) return srtp_err_status_cant_check; test_case = sha1_test_case_list; while (test_case != NULL) { err = sha1_test_case_validate(test_case); if (err) { printf("error validating hash test case (error code %d)\n", err); return err; } test_case = test_case->next_test_case; } sha1_dealloc_test_cases(); return srtp_err_status_ok; } int main (void) { srtp_err_status_t err; printf("sha1 test driver\n"); err = sha1_validate(); if (err) { printf("SHA1 did not pass validation testing\n"); return 1; } printf("SHA1 passed validation tests\n"); return 0; } ���������������������������������������libsrtp-2.1.0/crypto/test/stat_driver.c�������������������������������������������������������������0000664�0000000�0000000�00000017566�13120311000�0020156�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * stat-driver.c * * test driver for the stat_test functions * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include <stdio.h> /* for printf() */ #include "err.h" #include "stat.h" #include "srtp.h" #include "cipher.h" typedef struct { void *state; } random_source_t; srtp_err_status_t random_source_alloc(void); void err_check(srtp_err_status_t s) { if (s) { printf("error (code %d)\n", s); exit(1); } } int main (int argc, char *argv[]) { uint8_t buffer[2532]; unsigned int buf_len = 2500; int i, j; extern srtp_cipher_type_t srtp_aes_icm_128; extern srtp_cipher_type_t srtp_aes_icm_256; #ifdef OPENSSL extern srtp_cipher_type_t srtp_aes_gcm_128_openssl; extern srtp_cipher_type_t srtp_aes_gcm_256_openssl; #endif srtp_cipher_t *c; uint8_t key[46] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 }; v128_t nonce; int num_trials = 500; int num_fail; printf("statistical tests driver\n"); v128_set_to_zero(&nonce); for (i=0; i < 2500; i++) buffer[i] = 0; /* run tests */ printf("running stat_tests on all-null buffer, expecting failure\n"); printf("monobit %d\n", stat_test_monobit(buffer)); printf("poker %d\n", stat_test_poker(buffer)); printf("runs %d\n", stat_test_runs(buffer)); for (i=0; i < 2500; i++) buffer[i] = rand(); printf("running stat_tests on rand(), expecting success\n"); printf("monobit %d\n", stat_test_monobit(buffer)); printf("poker %d\n", stat_test_poker(buffer)); printf("runs %d\n", stat_test_runs(buffer)); printf("running stat_tests on AES-128-ICM, expecting success\n"); /* set buffer to cipher output */ for (i=0; i < 2500; i++) buffer[i] = 0; err_check(srtp_cipher_type_alloc(&srtp_aes_icm_128, &c, SRTP_AES_ICM_128_KEY_LEN_WSALT, 0)); err_check(srtp_cipher_init(c, key)); err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt)); err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); /* run tests on cipher outout */ printf("monobit %d\n", stat_test_monobit(buffer)); printf("poker %d\n", stat_test_poker(buffer)); printf("runs %d\n", stat_test_runs(buffer)); printf("runs test (please be patient): "); fflush(stdout); num_fail = 0; v128_set_to_zero(&nonce); for(j=0; j < num_trials; j++) { for (i=0; i < 2500; i++) buffer[i] = 0; nonce.v32[3] = i; err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt)); err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); if (stat_test_runs(buffer)) { num_fail++; } } printf("%d failures in %d tests\n", num_fail, num_trials); printf("(nota bene: a small fraction of stat_test failures does not \n" "indicate that the random source is invalid)\n"); err_check(srtp_cipher_dealloc(c)); printf("running stat_tests on AES-256-ICM, expecting success\n"); /* set buffer to cipher output */ for (i=0; i < 2500; i++) buffer[i] = 0; err_check(srtp_cipher_type_alloc(&srtp_aes_icm_256, &c, SRTP_AES_ICM_256_KEY_LEN_WSALT, 0)); err_check(srtp_cipher_init(c, key)); err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt)); err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); /* run tests on cipher outout */ printf("monobit %d\n", stat_test_monobit(buffer)); printf("poker %d\n", stat_test_poker(buffer)); printf("runs %d\n", stat_test_runs(buffer)); printf("runs test (please be patient): "); fflush(stdout); num_fail = 0; v128_set_to_zero(&nonce); for(j=0; j < num_trials; j++) { for (i=0; i < 2500; i++) buffer[i] = 0; nonce.v32[3] = i; err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt)); err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); if (stat_test_runs(buffer)) { num_fail++; } } #ifdef OPENSSL { printf("running stat_tests on AES-128-GCM, expecting success\n"); /* set buffer to cipher output */ for (i=0; i < 2500; i++) { buffer[i] = 0; } err_check(srtp_cipher_type_alloc(&srtp_aes_gcm_128_openssl, &c, SRTP_AES_GCM_128_KEY_LEN_WSALT, 8)); err_check(srtp_cipher_init(c, key)); err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt)); err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); /* run tests on cipher outout */ printf("monobit %d\n", stat_test_monobit(buffer)); printf("poker %d\n", stat_test_poker(buffer)); printf("runs %d\n", stat_test_runs(buffer)); fflush(stdout); num_fail = 0; v128_set_to_zero(&nonce); for(j=0; j < num_trials; j++) { for (i=0; i < 2500; i++) { buffer[i] = 0; } nonce.v32[3] = i; err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt)); err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); buf_len = 2500; if (stat_test_runs(buffer)) { num_fail++; } } printf("running stat_tests on AES-256-GCM, expecting success\n"); /* set buffer to cipher output */ for (i=0; i < 2500; i++) { buffer[i] = 0; } err_check(srtp_cipher_type_alloc(&srtp_aes_gcm_256_openssl, &c, SRTP_AES_GCM_256_KEY_LEN_WSALT, 16)); err_check(srtp_cipher_init(c, key)); err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt)); err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); /* run tests on cipher outout */ printf("monobit %d\n", stat_test_monobit(buffer)); printf("poker %d\n", stat_test_poker(buffer)); printf("runs %d\n", stat_test_runs(buffer)); fflush(stdout); num_fail = 0; v128_set_to_zero(&nonce); for(j=0; j < num_trials; j++) { for (i=0; i < 2500; i++) { buffer[i] = 0; } nonce.v32[3] = i; err_check(srtp_cipher_set_iv(c, (uint8_t*)&nonce, srtp_direction_encrypt)); err_check(srtp_cipher_encrypt(c, buffer, &buf_len)); buf_len = 2500; if (stat_test_runs(buffer)) { num_fail++; } } } #endif printf("%d failures in %d tests\n", num_fail, num_trials); printf("(nota bene: a small fraction of stat_test failures does not \n" "indicate that the random source is invalid)\n"); err_check(srtp_cipher_dealloc(c)); return 0; } ������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/doc/����������������������������������������������������������������������������������0000775�0000000�0000000�00000000000�13120311000�0013713�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/doc/Doxyfile.in�����������������������������������������������������������������������0000664�0000000�0000000�00000315775�13120311000�0016050�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Doxyfile 1.8.11 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. # # All text after a double hash (##) is considered a comment and is placed in # front of the TAG it is preceding. # # All text after a single hash (#) is considered a comment and will be ignored. # The format is: # TAG = value [value, ...] # For lists, items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (\" \"). #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # This tag specifies the encoding used for all characters in the config file # that follow. The default is UTF-8 which is also the encoding used for all text # before the first occurrence of this tag. Doxygen uses libiconv (or the iconv # built into libc) for the transcoding. See http://www.gnu.org/software/libiconv # for the list of possible encodings. # The default value is: UTF-8. DOXYFILE_ENCODING = UTF-8 # The PROJECT_NAME tag is a single word (or a sequence of words surrounded by # double-quotes, unless you are using Doxywizard) that should identify the # project for which the documentation is generated. This name is used in the # title of most generated pages and in a few other places. # The default value is: My Project. PROJECT_NAME = libSRTP # The PROJECT_NUMBER tag can be used to enter a project or revision number. This # could be handy for archiving the generated documentation or if some version # control system is used. PROJECT_NUMBER = LIBSRTPVERSIONNUMBER # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a # quick idea about the purpose of the project. Keep the description short. PROJECT_BRIEF = # With the PROJECT_LOGO tag one can specify a logo or an icon that is included # in the documentation. The maximum height of the logo should not exceed 55 # pixels and the maximum width should not exceed 200 pixels. Doxygen will copy # the logo to the output directory. PROJECT_LOGO = # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path # into which the generated documentation will be written. If a relative path is # entered, it will be relative to the location where doxygen was started. If # left blank the current directory will be used. OUTPUT_DIRECTORY = # If the CREATE_SUBDIRS tag is set to YES then doxygen will create 4096 sub- # directories (in 2 levels) under the output directory of each output format and # will distribute the generated files over these directories. Enabling this # option can be useful when feeding doxygen a huge amount of source files, where # putting all generated files in the same directory would otherwise causes # performance problems for the file system. # The default value is: NO. CREATE_SUBDIRS = NO # If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII # characters to appear in the names of generated files. If set to NO, non-ASCII # characters will be escaped, for example _xE3_x81_x84 will be used for Unicode # U+3044. # The default value is: NO. ALLOW_UNICODE_NAMES = NO # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # Possible values are: Afrikaans, Arabic, Armenian, Brazilian, Catalan, Chinese, # Chinese-Traditional, Croatian, Czech, Danish, Dutch, English (United States), # Esperanto, Farsi (Persian), Finnish, French, German, Greek, Hungarian, # Indonesian, Italian, Japanese, Japanese-en (Japanese with English messages), # Korean, Korean-en (Korean with English messages), Latvian, Lithuanian, # Macedonian, Norwegian, Persian (Farsi), Polish, Portuguese, Romanian, Russian, # Serbian, Serbian-Cyrillic, Slovak, Slovene, Spanish, Swedish, Turkish, # Ukrainian and Vietnamese. # The default value is: English. OUTPUT_LANGUAGE = English # If the BRIEF_MEMBER_DESC tag is set to YES, doxygen will include brief member # descriptions after the members that are listed in the file and class # documentation (similar to Javadoc). Set to NO to disable this. # The default value is: YES. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES, doxygen will prepend the brief # description of a member or function before the detailed description # # Note: If both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. # The default value is: YES. REPEAT_BRIEF = NO # This tag implements a quasi-intelligent brief description abbreviator that is # used to form the text in various listings. Each string in this list, if found # as the leading text of the brief description, will be stripped from the text # and the result, after processing the whole list, is used as the annotated # text. Otherwise, the brief description is used as-is. If left blank, the # following values are used ($name is automatically replaced with the name of # the entity):The $name class, The $name widget, The $name file, is, provides, # specifies, contains, represents, a, an and the. ABBREVIATE_BRIEF = # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # doxygen will generate a detailed section even if there is only a brief # description. # The default value is: NO. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all # inherited members of a class in the documentation of that class as if those # members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. # The default value is: NO. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES, doxygen will prepend the full path # before files name in the file list and in the header files. If set to NO the # shortest path that makes the file name unique will be used # The default value is: YES. FULL_PATH_NAMES = NO # The STRIP_FROM_PATH tag can be used to strip a user-defined part of the path. # Stripping is only done if one of the specified strings matches the left-hand # part of the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the path to # strip. # # Note that you can specify absolute paths here, but also relative paths, which # will be relative from the directory where doxygen is started. # This tag requires that the tag FULL_PATH_NAMES is set to YES. STRIP_FROM_PATH = # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of the # path mentioned in the documentation of a class, which tells the reader which # header file to include in order to use a class. If left blank only the name of # the header file containing the class definition is used. Otherwise one should # specify the list of include paths that are normally passed to the compiler # using the -I flag. STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter (but # less readable) file names. This can be useful is your file systems doesn't # support long names like on DOS, Mac, or CD-ROM. # The default value is: NO. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then doxygen will interpret the # first line (until the first dot) of a Javadoc-style comment as the brief # description. If set to NO, the Javadoc-style will behave just like regular Qt- # style comments (thus requiring an explicit @brief command for a brief # description.) # The default value is: NO. JAVADOC_AUTOBRIEF = NO # If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first # line (until the first dot) of a Qt-style comment as the brief description. If # set to NO, the Qt-style will behave just like regular Qt-style comments (thus # requiring an explicit \brief command for a brief description.) # The default value is: NO. QT_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make doxygen treat a # multi-line C++ special comment block (i.e. a block of //! or /// comments) as # a brief description. This used to be the default behavior. The new default is # to treat a multi-line C++ comment block as a detailed description. Set this # tag to YES if you prefer the old behavior instead. # # Note that setting this tag to YES also means that rational rose comments are # not recognized any more. # The default value is: NO. MULTILINE_CPP_IS_BRIEF = NO # If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the # documentation from any documented member that it re-implements. # The default value is: YES. INHERIT_DOCS = YES # If the SEPARATE_MEMBER_PAGES tag is set to YES then doxygen will produce a new # page for each member. If set to NO, the documentation of a member will be part # of the file/class/namespace that contains it. # The default value is: NO. SEPARATE_MEMBER_PAGES = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. Doxygen # uses this value to replace tabs by spaces in code fragments. # Minimum value: 1, maximum value: 16, default value: 4. TAB_SIZE = 4 # This tag can be used to specify a number of aliases that act as commands in # the documentation. An alias has the form: # name=value # For example adding # "sideeffect=@par Side Effects:\n" # will allow you to put the command \sideeffect (or @sideeffect) in the # documentation, which will result in a user-defined paragraph with heading # "Side Effects:". You can put \n's in the value part of an alias to insert # newlines. ALIASES = # This tag can be used to specify a number of word-keyword mappings (TCL only). # A mapping has the form "name=value". For example adding "class=itcl::class" # will allow you to use the command class in the itcl::class meaning. TCL_SUBST = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources # only. Doxygen will then generate output that is more tailored for C. For # instance, some of the names that are used will be different. The list of all # members will be omitted, etc. # The default value is: NO. OPTIMIZE_OUTPUT_FOR_C = YES # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java or # Python sources only. Doxygen will then generate output that is more tailored # for that language. For instance, namespaces will be presented as packages, # qualified scopes will look different, etc. # The default value is: NO. OPTIMIZE_OUTPUT_JAVA = NO # Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran # sources. Doxygen will then generate output that is tailored for Fortran. # The default value is: NO. OPTIMIZE_FOR_FORTRAN = NO # Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL # sources. Doxygen will then generate output that is tailored for VHDL. # The default value is: NO. OPTIMIZE_OUTPUT_VHDL = NO # Doxygen selects the parser to use depending on the extension of the files it # parses. With this tag you can assign which parser to use for a given # extension. Doxygen has a built-in mapping, but you can override or extend it # using this tag. The format is ext=language, where ext is a file extension, and # language is one of the parsers supported by doxygen: IDL, Java, Javascript, # C#, C, C++, D, PHP, Objective-C, Python, Fortran (fixed format Fortran: # FortranFixed, free formatted Fortran: FortranFree, unknown formatted Fortran: # Fortran. In the later case the parser tries to guess whether the code is fixed # or free formatted code, this is the default for Fortran type files), VHDL. For # instance to make doxygen treat .inc files as Fortran files (default is PHP), # and .f files as C (default is Fortran), use: inc=Fortran f=C. # # Note: For files without extension you can use no_extension as a placeholder. # # Note that for custom extensions you also need to set FILE_PATTERNS otherwise # the files are not read by doxygen. EXTENSION_MAPPING = # If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments # according to the Markdown format, which allows for more readable # documentation. See http://daringfireball.net/projects/markdown/ for details. # The output of markdown processing is further processed by doxygen, so you can # mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in # case of backward compatibilities issues. # The default value is: YES. MARKDOWN_SUPPORT = YES # When enabled doxygen tries to link words that correspond to documented # classes, or namespaces to their corresponding documentation. Such a link can # be prevented in individual cases by putting a % sign in front of the word or # globally by setting AUTOLINK_SUPPORT to NO. # The default value is: YES. AUTOLINK_SUPPORT = YES # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should set this # tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); # versus func(std::string) {}). This also make the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. # The default value is: NO. BUILTIN_STL_SUPPORT = NO # If you use Microsoft's C++/CLI language, you should set this option to YES to # enable parsing support. # The default value is: NO. CPP_CLI_SUPPORT = NO # Set the SIP_SUPPORT tag to YES if your project consists of sip (see: # http://www.riverbankcomputing.co.uk/software/sip/intro) sources only. Doxygen # will parse them like normal C++ but will assume all classes use public instead # of private inheritance when no explicit protection keyword is present. # The default value is: NO. SIP_SUPPORT = NO # For Microsoft's IDL there are propget and propput attributes to indicate # getter and setter methods for a property. Setting this option to YES will make # doxygen to replace the get and set methods by a property in the documentation. # This will only work if the methods are indeed getting or setting a simple # type. If this is not the case, or you want to show the methods anyway, you # should set this option to NO. # The default value is: YES. IDL_PROPERTY_SUPPORT = YES # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. # The default value is: NO. DISTRIBUTE_GROUP_DOC = NO # If one adds a struct or class to a group and this option is enabled, then also # any nested class or struct is added to the same group. By default this option # is disabled and one has to add nested compounds explicitly via \ingroup. # The default value is: NO. GROUP_NESTED_COMPOUNDS = NO # Set the SUBGROUPING tag to YES to allow class member groups of the same type # (for instance a group of public functions) to be put as a subgroup of that # type (e.g. under the Public Functions section). Set it to NO to prevent # subgrouping. Alternatively, this can be done per class using the # \nosubgrouping command. # The default value is: YES. SUBGROUPING = YES # When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and unions # are shown inside the group in which they are included (e.g. using \ingroup) # instead of on a separate page (for HTML and Man pages) or section (for LaTeX # and RTF). # # Note that this feature does not work in combination with # SEPARATE_MEMBER_PAGES. # The default value is: NO. INLINE_GROUPED_CLASSES = NO # When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and unions # with only public data fields or simple typedef fields will be shown inline in # the documentation of the scope in which they are defined (i.e. file, # namespace, or group documentation), provided this scope is documented. If set # to NO, structs, classes, and unions are shown on a separate page (for HTML and # Man pages) or section (for LaTeX and RTF). # The default value is: NO. INLINE_SIMPLE_STRUCTS = NO # When TYPEDEF_HIDES_STRUCT tag is enabled, a typedef of a struct, union, or # enum is documented as struct, union, or enum with the name of the typedef. So # typedef struct TypeS {} TypeT, will appear in the documentation as a struct # with name TypeT. When disabled the typedef will appear as a member of a file, # namespace, or class. And the struct will be named TypeS. This can typically be # useful for C code in case the coding convention dictates that all compound # types are typedef'ed and only the typedef is referenced, never the tag name. # The default value is: NO. TYPEDEF_HIDES_STRUCT = NO # The size of the symbol lookup cache can be set using LOOKUP_CACHE_SIZE. This # cache is used to resolve symbols given their name and scope. Since this can be # an expensive process and often the same symbol appears multiple times in the # code, doxygen keeps a cache of pre-resolved symbols. If the cache is too small # doxygen will become slower. If the cache is too large, memory is wasted. The # cache size is given by this formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range # is 0..9, the default is 0, corresponding to a cache size of 2^16=65536 # symbols. At the end of a run doxygen will report the cache usage and suggest # the optimal cache size from a speed point of view. # Minimum value: 0, maximum value: 9, default value: 0. LOOKUP_CACHE_SIZE = 0 #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES, doxygen will assume all entities in # documentation are documented, even if no documentation was available. Private # class members and static file members will be hidden unless the # EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES. # Note: This will also disable the warnings about undocumented members that are # normally produced when WARNINGS is set to YES. # The default value is: NO. EXTRACT_ALL = NO # If the EXTRACT_PRIVATE tag is set to YES, all private members of a class will # be included in the documentation. # The default value is: NO. EXTRACT_PRIVATE = NO # If the EXTRACT_PACKAGE tag is set to YES, all members with package or internal # scope will be included in the documentation. # The default value is: NO. EXTRACT_PACKAGE = NO # If the EXTRACT_STATIC tag is set to YES, all static members of a file will be # included in the documentation. # The default value is: NO. EXTRACT_STATIC = NO # If the EXTRACT_LOCAL_CLASSES tag is set to YES, classes (and structs) defined # locally in source files will be included in the documentation. If set to NO, # only classes defined in header files are included. Does not have any effect # for Java sources. # The default value is: YES. EXTRACT_LOCAL_CLASSES = YES # This flag is only useful for Objective-C code. If set to YES, local methods, # which are defined in the implementation section but not in the interface are # included in the documentation. If set to NO, only methods in the interface are # included. # The default value is: NO. EXTRACT_LOCAL_METHODS = NO # If this flag is set to YES, the members of anonymous namespaces will be # extracted and appear in the documentation as a namespace called # 'anonymous_namespace{file}', where file will be replaced with the base name of # the file that contains the anonymous namespace. By default anonymous namespace # are hidden. # The default value is: NO. EXTRACT_ANON_NSPACES = NO # If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all # undocumented members inside documented classes or files. If set to NO these # members will be included in the various overviews, but no documentation # section is generated. This option has no effect if EXTRACT_ALL is enabled. # The default value is: NO. HIDE_UNDOC_MEMBERS = YES # If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. If set # to NO, these classes will be included in the various overviews. This option # has no effect if EXTRACT_ALL is enabled. # The default value is: NO. HIDE_UNDOC_CLASSES = NO # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend # (class|struct|union) declarations. If set to NO, these declarations will be # included in the documentation. # The default value is: NO. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, doxygen will hide any # documentation blocks found inside the body of a function. If set to NO, these # blocks will be appended to the function's detailed documentation block. # The default value is: NO. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation that is typed after a # \internal command is included. If the tag is set to NO then the documentation # will be excluded. Set it to YES to include the internal documentation. # The default value is: NO. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file # names in lower-case letters. If set to YES, upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. # The default value is: system dependent. CASE_SENSE_NAMES = YES # If the HIDE_SCOPE_NAMES tag is set to NO then doxygen will show members with # their full class and namespace scopes in the documentation. If set to YES, the # scope will be hidden. # The default value is: NO. HIDE_SCOPE_NAMES = NO # If the HIDE_COMPOUND_REFERENCE tag is set to NO (default) then doxygen will # append additional text to a page's title, such as Class Reference. If set to # YES the compound reference will be hidden. # The default value is: NO. HIDE_COMPOUND_REFERENCE= NO # If the SHOW_INCLUDE_FILES tag is set to YES then doxygen will put a list of # the files that are included by a file in the documentation of that file. # The default value is: YES. SHOW_INCLUDE_FILES = NO # If the SHOW_GROUPED_MEMB_INC tag is set to YES then Doxygen will add for each # grouped member an include statement to the documentation, telling the reader # which file to include in order to use the member. # The default value is: NO. SHOW_GROUPED_MEMB_INC = NO # If the FORCE_LOCAL_INCLUDES tag is set to YES then doxygen will list include # files with double quotes in the documentation rather than with sharp brackets. # The default value is: NO. FORCE_LOCAL_INCLUDES = NO # If the INLINE_INFO tag is set to YES then a tag [inline] is inserted in the # documentation for inline members. # The default value is: YES. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES then doxygen will sort the # (detailed) documentation of file and class members alphabetically by member # name. If set to NO, the members will appear in declaration order. # The default value is: YES. SORT_MEMBER_DOCS = YES # If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the brief # descriptions of file, namespace and class members alphabetically by member # name. If set to NO, the members will appear in declaration order. Note that # this will also influence the order of the classes in the class list. # The default value is: NO. SORT_BRIEF_DOCS = NO # If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the # (brief and detailed) documentation of class members so that constructors and # destructors are listed first. If set to NO the constructors will appear in the # respective orders defined by SORT_BRIEF_DOCS and SORT_MEMBER_DOCS. # Note: If SORT_BRIEF_DOCS is set to NO this option is ignored for sorting brief # member documentation. # Note: If SORT_MEMBER_DOCS is set to NO this option is ignored for sorting # detailed member documentation. # The default value is: NO. SORT_MEMBERS_CTORS_1ST = NO # If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the hierarchy # of group names into alphabetical order. If set to NO the group names will # appear in their defined order. # The default value is: NO. SORT_GROUP_NAMES = NO # If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be sorted by # fully-qualified names, including namespaces. If set to NO, the class list will # be sorted only by class name, not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. # Note: This option applies only to the class list, not to the alphabetical # list. # The default value is: NO. SORT_BY_SCOPE_NAME = NO # If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to do proper # type resolution of all parameters of a function it will reject a match between # the prototype and the implementation of a member function even if there is # only one candidate or it is obvious which candidate to choose by doing a # simple string match. By disabling STRICT_PROTO_MATCHING doxygen will still # accept a match between prototype and implementation in such cases. # The default value is: NO. STRICT_PROTO_MATCHING = NO # The GENERATE_TODOLIST tag can be used to enable (YES) or disable (NO) the todo # list. This list is created by putting \todo commands in the documentation. # The default value is: YES. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable (YES) or disable (NO) the test # list. This list is created by putting \test commands in the documentation. # The default value is: YES. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable (YES) or disable (NO) the bug # list. This list is created by putting \bug commands in the documentation. # The default value is: YES. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or disable (NO) # the deprecated list. This list is created by putting \deprecated commands in # the documentation. # The default value is: YES. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional documentation # sections, marked by \if <section_label> ... \endif and \cond <section_label> # ... \endcond blocks. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines that the # initial value of a variable or macro / define can have for it to appear in the # documentation. If the initializer consists of more lines than specified here # it will be hidden. Use a value of 0 to hide initializers completely. The # appearance of the value of individual variables and macros / defines can be # controlled using \showinitializer or \hideinitializer command in the # documentation regardless of this setting. # Minimum value: 0, maximum value: 10000, default value: 30. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated at # the bottom of the documentation of classes and structs. If set to YES, the # list will mention the files that were used to generate the documentation. # The default value is: YES. SHOW_USED_FILES = YES # Set the SHOW_FILES tag to NO to disable the generation of the Files page. This # will remove the Files entry from the Quick Index and from the Folder Tree View # (if specified). # The default value is: YES. SHOW_FILES = YES # Set the SHOW_NAMESPACES tag to NO to disable the generation of the Namespaces # page. This will remove the Namespaces entry from the Quick Index and from the # Folder Tree View (if specified). # The default value is: YES. SHOW_NAMESPACES = YES # The FILE_VERSION_FILTER tag can be used to specify a program or script that # doxygen should invoke to get the current version for each file (typically from # the version control system). Doxygen will invoke the program by executing (via # popen()) the command command input-file, where command is the value of the # FILE_VERSION_FILTER tag, and input-file is the name of an input file provided # by doxygen. Whatever the program writes to standard output is used as the file # version. For an example see the documentation. FILE_VERSION_FILTER = # The LAYOUT_FILE tag can be used to specify a layout file which will be parsed # by doxygen. The layout file controls the global structure of the generated # output files in an output format independent way. To create the layout file # that represents doxygen's defaults, run doxygen with the -l option. You can # optionally specify a file name after the option, if omitted DoxygenLayout.xml # will be used as the name of the layout file. # # Note that if you run doxygen from a directory containing a file called # DoxygenLayout.xml, doxygen will parse it automatically even if the LAYOUT_FILE # tag is left empty. LAYOUT_FILE = # The CITE_BIB_FILES tag can be used to specify one or more bib files containing # the reference definitions. This must be a list of .bib files. The .bib # extension is automatically appended if omitted. This requires the bibtex tool # to be installed. See also http://en.wikipedia.org/wiki/BibTeX for more info. # For LaTeX the style of the bibliography can be controlled using # LATEX_BIB_STYLE. To use this feature you need bibtex and perl available in the # search path. See also \cite for info how to create references. CITE_BIB_FILES = #--------------------------------------------------------------------------- # Configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated to # standard output by doxygen. If QUIET is set to YES this implies that the # messages are off. # The default value is: NO. QUIET = NO # The WARNINGS tag can be used to turn on/off the warning messages that are # generated to standard error (stderr) by doxygen. If WARNINGS is set to YES # this implies that the warnings are on. # # Tip: Turn warnings on while writing the documentation. # The default value is: YES. WARNINGS = YES # If the WARN_IF_UNDOCUMENTED tag is set to YES then doxygen will generate # warnings for undocumented members. If EXTRACT_ALL is set to YES then this flag # will automatically be disabled. # The default value is: YES. WARN_IF_UNDOCUMENTED = YES # If the WARN_IF_DOC_ERROR tag is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some parameters # in a documented function, or documenting parameters that don't exist or using # markup commands wrongly. # The default value is: YES. WARN_IF_DOC_ERROR = YES # This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that # are documented, but have no documentation for their parameters or return # value. If set to NO, doxygen will only warn about wrong or incomplete # parameter documentation, but not about the absence of documentation. # The default value is: NO. WARN_NO_PARAMDOC = NO # If the WARN_AS_ERROR tag is set to YES then doxygen will immediately stop when # a warning is encountered. # The default value is: NO. WARN_AS_ERROR = NO # The WARN_FORMAT tag determines the format of the warning messages that doxygen # can produce. The string should contain the $file, $line, and $text tags, which # will be replaced by the file and line number from which the warning originated # and the warning text. Optionally the format may contain $version, which will # be replaced by the version of the file (if it could be obtained via # FILE_VERSION_FILTER) # The default value is: $file:$line: $text. WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning and error # messages should be written. If left blank the output is written to standard # error (stderr). WARN_LOGFILE = #--------------------------------------------------------------------------- # Configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag is used to specify the files and/or directories that contain # documented source files. You may enter file names like myfile.cpp or # directories like /usr/src/myproject. Separate the files or directories with # spaces. See also FILE_PATTERNS and EXTENSION_MAPPING # Note: If this tag is empty the current directory is searched. INPUT = ../README.md \ ../include/srtp.h \ ../crypto/include/auth.h \ ../crypto/include/cipher.h \ ../crypto/include/crypto_types.h \ ../crypto/include/err.h \ crypto_kernel.txt # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses # libiconv (or the iconv built into libc) for the transcoding. See the libiconv # documentation (see: http://www.gnu.org/software/libiconv) for the list of # possible encodings. # The default value is: UTF-8. INPUT_ENCODING = UTF-8 # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and # *.h) to filter out the source-files in the directories. # # Note that for custom extensions or not directly supported extensions you also # need to set EXTENSION_MAPPING for the extension otherwise the files are not # read by doxygen. # # If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cpp, # *.c++, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h, # *.hh, *.hxx, *.hpp, *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc, # *.m, *.markdown, *.md, *.mm, *.dox, *.py, *.pyw, *.f90, *.f, *.for, *.tcl, # *.vhd, *.vhdl, *.ucf, *.qsf, *.as and *.js. FILE_PATTERNS = # The RECURSIVE tag can be used to specify whether or not subdirectories should # be searched for input files as well. # The default value is: NO. RECURSIVE = NO # The EXCLUDE tag can be used to specify files and/or directories that should be # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. # # Note that relative paths are relative to the directory from which doxygen is # run. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded # from the input. # The default value is: NO. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. # # Note that the wildcards are matched against the file with absolute path, so to # exclude all test directories for example use the pattern */test/* EXCLUDE_PATTERNS = # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the # output. The symbol name can be a fully qualified name, a word, or if the # wildcard * is used, a substring. Examples: ANamespace, AClass, # AClass::ANamespace, ANamespace::*Test # # Note that the wildcards are matched against the file with absolute path, so to # exclude all test directories use the pattern */test/* EXCLUDE_SYMBOLS = # The EXAMPLE_PATH tag can be used to specify one or more files or directories # that contain example code fragments that are included (see the \include # command). EXAMPLE_PATH = # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp and # *.h) to filter out the source-files in the directories. If left blank all # files are included. EXAMPLE_PATTERNS = # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude commands # irrespective of the value of the RECURSIVE tag. # The default value is: NO. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or directories # that contain images that are to be included in the documentation (see the # \image command). IMAGE_PATH = # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command: # # <filter> <input-file> # # where <filter> is the value of the INPUT_FILTER tag, and <input-file> is the # name of an input file. Doxygen will then use the output that the filter # program writes to standard output. If FILTER_PATTERNS is specified, this tag # will be ignored. # # Note that the filter must not add or remove lines; it is applied before the # code is scanned, but not when the output code is generated. If lines are added # or removed, the anchors will not be placed correctly. # # Note that for custom extensions or not directly supported extensions you also # need to set EXTENSION_MAPPING for the extension otherwise the files are not # properly processed by doxygen. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern # basis. Doxygen will compare the file name with each pattern and apply the # filter if there is a match. The filters are a list of the form: pattern=filter # (like *.cpp=my_cpp_filter). See INPUT_FILTER for further information on how # filters are used. If the FILTER_PATTERNS tag is empty or if none of the # patterns match the file name, INPUT_FILTER is applied. # # Note that for custom extensions or not directly supported extensions you also # need to set EXTENSION_MAPPING for the extension otherwise the files are not # properly processed by doxygen. FILTER_PATTERNS = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER) will also be used to filter the input files that are used for # producing the source files to browse (i.e. when SOURCE_BROWSER is set to YES). # The default value is: NO. FILTER_SOURCE_FILES = NO # The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file # pattern. A pattern will override the setting for FILTER_PATTERN (if any) and # it is also possible to disable source filtering for a specific pattern using # *.ext= (so without naming a filter). # This tag requires that the tag FILTER_SOURCE_FILES is set to YES. FILTER_SOURCE_PATTERNS = # If the USE_MDFILE_AS_MAINPAGE tag refers to the name of a markdown file that # is part of the input, its contents will be placed on the main page # (index.html). This can be useful if you have a project on for instance GitHub # and want to reuse the introduction page also for the doxygen output. USE_MDFILE_AS_MAINPAGE = README.md #--------------------------------------------------------------------------- # Configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will be # generated. Documented entities will be cross-referenced with these sources. # # Note: To get rid of all source code in the generated output, make sure that # also VERBATIM_HEADERS is set to NO. # The default value is: NO. SOURCE_BROWSER = NO # Setting the INLINE_SOURCES tag to YES will include the body of functions, # classes and enums directly into the documentation. # The default value is: NO. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES will instruct doxygen to hide any # special comment blocks from generated source code fragments. Normal C, C++ and # Fortran comments will always remain visible. # The default value is: YES. STRIP_CODE_COMMENTS = YES # If the REFERENCED_BY_RELATION tag is set to YES then for each documented # function all documented functions referencing it will be listed. # The default value is: NO. REFERENCED_BY_RELATION = YES # If the REFERENCES_RELATION tag is set to YES then for each documented function # all documented entities called/used by that function will be listed. # The default value is: NO. REFERENCES_RELATION = YES # If the REFERENCES_LINK_SOURCE tag is set to YES and SOURCE_BROWSER tag is set # to YES then the hyperlinks from functions in REFERENCES_RELATION and # REFERENCED_BY_RELATION lists will link to the source code. Otherwise they will # link to the documentation. # The default value is: YES. REFERENCES_LINK_SOURCE = YES # If SOURCE_TOOLTIPS is enabled (the default) then hovering a hyperlink in the # source code will show a tooltip with additional information such as prototype, # brief description and links to the definition and documentation. Since this # will make the HTML file larger and loading of large files a bit slower, you # can opt to disable this feature. # The default value is: YES. # This tag requires that the tag SOURCE_BROWSER is set to YES. SOURCE_TOOLTIPS = YES # If the USE_HTAGS tag is set to YES then the references to source code will # point to the HTML generated by the htags(1) tool instead of doxygen built-in # source browser. The htags tool is part of GNU's global source tagging system # (see http://www.gnu.org/software/global/global.html). You will need version # 4.8.6 or higher. # # To use it do the following: # - Install the latest version of global # - Enable SOURCE_BROWSER and USE_HTAGS in the config file # - Make sure the INPUT points to the root of the source tree # - Run doxygen as normal # # Doxygen will invoke htags (and that will in turn invoke gtags), so these # tools must be available from the command line (i.e. in the search path). # # The result: instead of the source browser generated by doxygen, the links to # source code will now point to the output of htags. # The default value is: NO. # This tag requires that the tag SOURCE_BROWSER is set to YES. USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set the YES then doxygen will generate a # verbatim copy of the header file for each class for which an include is # specified. Set to NO to disable this. # See also: Section \class. # The default value is: YES. VERBATIM_HEADERS = YES #--------------------------------------------------------------------------- # Configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index of all # compounds will be generated. Enable this if the project contains a lot of # classes, structs, unions or interfaces. # The default value is: YES. ALPHABETICAL_INDEX = NO # The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in # which the alphabetical index list will be split. # Minimum value: 1, maximum value: 20, default value: 5. # This tag requires that the tag ALPHABETICAL_INDEX is set to YES. COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all classes will # be put under the same header in the alphabetical index. The IGNORE_PREFIX tag # can be used to specify a prefix (or a list of prefixes) that should be ignored # while generating the index headers. # This tag requires that the tag ALPHABETICAL_INDEX is set to YES. IGNORE_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES, doxygen will generate HTML output # The default value is: YES. GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. If a # relative path is entered the value of OUTPUT_DIRECTORY will be put in front of # it. # The default directory is: html. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_OUTPUT = html # The HTML_FILE_EXTENSION tag can be used to specify the file extension for each # generated HTML page (for example: .htm, .php, .asp). # The default value is: .html. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a user-defined HTML header file for # each generated HTML page. If the tag is left blank doxygen will generate a # standard header. # # To get valid HTML the header file that includes any scripts and style sheets # that doxygen needs, which is dependent on the configuration options used (e.g. # the setting GENERATE_TREEVIEW). It is highly recommended to start with a # default header using # doxygen -w html new_header.html new_footer.html new_stylesheet.css # YourConfigFile # and then modify the file new_header.html. See also section "Doxygen usage" # for information on how to generate the default header that doxygen normally # uses. # Note: The header is subject to change so you typically have to regenerate the # default header when upgrading to a newer version of doxygen. For a description # of the possible markers and block names see the documentation. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_HEADER = # The HTML_FOOTER tag can be used to specify a user-defined HTML footer for each # generated HTML page. If the tag is left blank doxygen will generate a standard # footer. See HTML_HEADER for more information on how to generate a default # footer and what special commands can be used inside the footer. See also # section "Doxygen usage" for information on how to generate the default footer # that doxygen normally uses. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_FOOTER = # The HTML_STYLESHEET tag can be used to specify a user-defined cascading style # sheet that is used by each HTML page. It can be used to fine-tune the look of # the HTML output. If left blank doxygen will generate a default style sheet. # See also section "Doxygen usage" for information on how to generate the style # sheet that doxygen normally uses. # Note: It is recommended to use HTML_EXTRA_STYLESHEET instead of this tag, as # it is more robust and this tag (HTML_STYLESHEET) will in the future become # obsolete. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_STYLESHEET = docs.css # The HTML_EXTRA_STYLESHEET tag can be used to specify additional user-defined # cascading style sheets that are included after the standard style sheets # created by doxygen. Using this option one can overrule certain style aspects. # This is preferred over using HTML_STYLESHEET since it does not replace the # standard style sheet and is therefore more robust against future updates. # Doxygen will copy the style sheet files to the output directory. # Note: The order of the extra style sheet files is of importance (e.g. the last # style sheet in the list overrules the setting of the previous ones in the # list). For an example see the documentation. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_EXTRA_STYLESHEET = # The HTML_EXTRA_FILES tag can be used to specify one or more extra images or # other source files which should be copied to the HTML output directory. Note # that these files will be copied to the base HTML output directory. Use the # $relpath^ marker in the HTML_HEADER and/or HTML_FOOTER files to load these # files. In the HTML_STYLESHEET file, use the file name only. Also note that the # files will be copied as-is; there are no commands or markers available. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_EXTRA_FILES = # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen # will adjust the colors in the style sheet and background images according to # this color. Hue is specified as an angle on a colorwheel, see # http://en.wikipedia.org/wiki/Hue for more information. For instance the value # 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300 # purple, and 360 is red again. # Minimum value: 0, maximum value: 359, default value: 220. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_HUE = 220 # The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of the colors # in the HTML output. For a value of 0 the output will use grayscales only. A # value of 255 will produce the most vivid colors. # Minimum value: 0, maximum value: 255, default value: 100. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_SAT = 100 # The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to the # luminance component of the colors in the HTML output. Values below 100 # gradually make the output lighter, whereas values above 100 make the output # darker. The value divided by 100 is the actual gamma applied, so 80 represents # a gamma of 0.8, The value 220 represents a gamma of 2.2, and 100 does not # change the gamma. # Minimum value: 40, maximum value: 240, default value: 80. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_GAMMA = 80 # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML # page will contain the date and time when the page was generated. Setting this # to YES can help to show when doxygen was last run and thus if the # documentation is up to date. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_TIMESTAMP = NO # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the # page has loaded. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_DYNAMIC_SECTIONS = NO # With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries # shown in the various tree structured indices initially; the user can expand # and collapse entries dynamically later on. Doxygen will expand the tree to # such a level that at most the specified number of entries are visible (unless # a fully collapsed tree already exceeds this amount). So setting the number of # entries 1 will produce a full collapsed tree by default. 0 is a special value # representing an infinite number of entries and will result in a full expanded # tree by default. # Minimum value: 0, maximum value: 9999, default value: 100. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_INDEX_NUM_ENTRIES = 100 # If the GENERATE_DOCSET tag is set to YES, additional index files will be # generated that can be used as input for Apple's Xcode 3 integrated development # environment (see: http://developer.apple.com/tools/xcode/), introduced with # OSX 10.5 (Leopard). To create a documentation set, doxygen will generate a # Makefile in the HTML output directory. Running make will produce the docset in # that directory and running make install will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at # startup. See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html # for more information. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_DOCSET = NO # This tag determines the name of the docset feed. A documentation feed provides # an umbrella under which multiple documentation sets from a single provider # (such as a company or product suite) can be grouped. # The default value is: Doxygen generated docs. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_FEEDNAME = "Doxygen generated docs" # This tag specifies a string that should uniquely identify the documentation # set bundle. This should be a reverse domain-name style string, e.g. # com.mycompany.MyDocSet. Doxygen will append .docset to the name. # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_BUNDLE_ID = org.doxygen.Project # The DOCSET_PUBLISHER_ID tag specifies a string that should uniquely identify # the documentation publisher. This should be a reverse domain-name style # string, e.g. com.mycompany.MyDocSet.documentation. # The default value is: org.doxygen.Publisher. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_PUBLISHER_ID = org.doxygen.Publisher # The DOCSET_PUBLISHER_NAME tag identifies the documentation publisher. # The default value is: Publisher. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three # additional HTML index files: index.hhp, index.hhc, and index.hhk. The # index.hhp is a project file that can be read by Microsoft's HTML Help Workshop # (see: http://www.microsoft.com/en-us/download/details.aspx?id=21138) on # Windows. # # The HTML Help Workshop contains a compiler that can convert all HTML output # generated by doxygen into a single compiled HTML file (.chm). Compiled HTML # files are now used as the Windows 98 help format, and will replace the old # Windows help format (.hlp) on all Windows platforms in the future. Compressed # HTML files also contain an index, a table of contents, and you can search for # words in the documentation. The HTML workshop also contains a viewer for # compressed HTML files. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_HTMLHELP = NO # The CHM_FILE tag can be used to specify the file name of the resulting .chm # file. You can add a path in front of the file if the result should not be # written to the html output directory. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. CHM_FILE = # The HHC_LOCATION tag can be used to specify the location (absolute path # including file name) of the HTML help compiler (hhc.exe). If non-empty, # doxygen will try to run the HTML help compiler on the generated index.hhp. # The file has to be specified with full path. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. HHC_LOCATION = # The GENERATE_CHI flag controls if a separate .chi index file is generated # (YES) or that it should be included in the master .chm file (NO). # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. GENERATE_CHI = NO # The CHM_INDEX_ENCODING is used to encode HtmlHelp index (hhk), content (hhc) # and project file content. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. CHM_INDEX_ENCODING = # The BINARY_TOC flag controls whether a binary table of contents is generated # (YES) or a normal table of contents (NO) in the .chm file. Furthermore it # enables the Previous and Next buttons. # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members to # the table of contents of the HTML help documentation and to the tree view. # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. TOC_EXPAND = NO # If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and # QHP_VIRTUAL_FOLDER are set, an additional index file will be generated that # can be used as input for Qt's qhelpgenerator to generate a Qt Compressed Help # (.qch) of the generated HTML documentation. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_QHP = NO # If the QHG_LOCATION tag is specified, the QCH_FILE tag can be used to specify # the file name of the resulting .qch file. The path specified is relative to # the HTML output folder. # This tag requires that the tag GENERATE_QHP is set to YES. QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help # Project output. For more information please see Qt Help Project / Namespace # (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#namespace). # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_QHP is set to YES. QHP_NAMESPACE = org.doxygen.Project # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt # Help Project output. For more information please see Qt Help Project / Virtual # Folders (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#virtual- # folders). # The default value is: doc. # This tag requires that the tag GENERATE_QHP is set to YES. QHP_VIRTUAL_FOLDER = doc # If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom # filter to add. For more information please see Qt Help Project / Custom # Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- # filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_NAME = # The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the # custom filter to add. For more information please see Qt Help Project / Custom # Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- # filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this # project's filter section matches. Qt Help Project / Filter Attributes (see: # http://qt-project.org/doc/qt-4.8/qthelpproject.html#filter-attributes). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_SECT_FILTER_ATTRS = # The QHG_LOCATION tag can be used to specify the location of Qt's # qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the # generated .qhp file. # This tag requires that the tag GENERATE_QHP is set to YES. QHG_LOCATION = # If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files will be # generated, together with the HTML files, they form an Eclipse help plugin. To # install this plugin and make it available under the help contents menu in # Eclipse, the contents of the directory containing the HTML and XML files needs # to be copied into the plugins directory of eclipse. The name of the directory # within the plugins directory should be the same as the ECLIPSE_DOC_ID value. # After copying Eclipse needs to be restarted before the help appears. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_ECLIPSEHELP = NO # A unique identifier for the Eclipse help plugin. When installing the plugin # the directory name containing the HTML and XML files should also have this # name. Each documentation set should have its own identifier. # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_ECLIPSEHELP is set to YES. ECLIPSE_DOC_ID = org.doxygen.Project # If you want full control over the layout of the generated HTML pages it might # be necessary to disable the index and replace it with your own. The # DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) at top # of each HTML page. A value of NO enables the index and the value YES disables # it. Since the tabs in the index contain the same information as the navigation # tree, you can set this option to YES if you also set GENERATE_TREEVIEW to YES. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. DISABLE_INDEX = NO # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. If the tag # value is set to YES, a side panel will be generated containing a tree-like # index structure (just like the one that is generated for HTML Help). For this # to work a browser that supports JavaScript, DHTML, CSS and frames is required # (i.e. any modern browser). Windows users are probably better off using the # HTML help feature. Via custom style sheets (see HTML_EXTRA_STYLESHEET) one can # further fine-tune the look of the index. As an example, the default style # sheet generated by doxygen has an example that shows how to put an image at # the root of the tree instead of the PROJECT_NAME. Since the tree basically has # the same information as the tab index, you could consider setting # DISABLE_INDEX to YES when enabling this option. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_TREEVIEW = NO # The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values that # doxygen will group on one line in the generated HTML documentation. # # Note that a value of 0 will completely suppress the enum values from appearing # in the overview section. # Minimum value: 0, maximum value: 20, default value: 4. # This tag requires that the tag GENERATE_HTML is set to YES. ENUM_VALUES_PER_LINE = 4 # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be used # to set the initial width (in pixels) of the frame in which the tree is shown. # Minimum value: 0, maximum value: 1500, default value: 250. # This tag requires that the tag GENERATE_HTML is set to YES. TREEVIEW_WIDTH = 250 # If the EXT_LINKS_IN_WINDOW option is set to YES, doxygen will open links to # external symbols imported via tag files in a separate window. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. EXT_LINKS_IN_WINDOW = NO # Use this tag to change the font size of LaTeX formulas included as images in # the HTML documentation. When you change the font size after a successful # doxygen run you need to manually remove any form_*.png images from the HTML # output directory to force them to be regenerated. # Minimum value: 8, maximum value: 50, default value: 10. # This tag requires that the tag GENERATE_HTML is set to YES. FORMULA_FONTSIZE = 10 # Use the FORMULA_TRANPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are not # supported properly for IE 6.0, but are supported on all modern browsers. # # Note that when changing this option you need to delete any form_*.png files in # the HTML output directory before the changes have effect. # The default value is: YES. # This tag requires that the tag GENERATE_HTML is set to YES. FORMULA_TRANSPARENT = YES # Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see # http://www.mathjax.org) which uses client side Javascript for the rendering # instead of using pre-rendered bitmaps. Use this if you do not have LaTeX # installed or if you want to formulas look prettier in the HTML output. When # enabled you may also need to install MathJax separately and configure the path # to it using the MATHJAX_RELPATH option. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. USE_MATHJAX = NO # When MathJax is enabled you can set the default output format to be used for # the MathJax output. See the MathJax site (see: # http://docs.mathjax.org/en/latest/output.html) for more details. # Possible values are: HTML-CSS (which is slower, but has the best # compatibility), NativeMML (i.e. MathML) and SVG. # The default value is: HTML-CSS. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_FORMAT = HTML-CSS # When MathJax is enabled you need to specify the location relative to the HTML # output directory using the MATHJAX_RELPATH option. The destination directory # should contain the MathJax.js script. For instance, if the mathjax directory # is located at the same level as the HTML output directory, then # MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax # Content Delivery Network so you can quickly see the result without installing # MathJax. However, it is strongly recommended to install a local copy of # MathJax from http://www.mathjax.org before deployment. # The default value is: http://cdn.mathjax.org/mathjax/latest. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest # The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax # extension names that should be enabled during MathJax rendering. For example # MATHJAX_EXTENSIONS = TeX/AMSmath TeX/AMSsymbols # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_EXTENSIONS = # The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces # of code that will be used on startup of the MathJax code. See the MathJax site # (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an # example see the documentation. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_CODEFILE = # When the SEARCHENGINE tag is enabled doxygen will generate a search box for # the HTML output. The underlying search engine uses javascript and DHTML and # should work on any modern browser. Note that when using HTML help # (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets (GENERATE_DOCSET) # there is already a search function so this one should typically be disabled. # For large projects the javascript based search engine can be slow, then # enabling SERVER_BASED_SEARCH may provide a better solution. It is possible to # search using the keyboard; to jump to the search box use <access key> + S # (what the <access key> is depends on the OS and browser, but it is typically # <CTRL>, <ALT>/<option>, or both). Inside the search box use the <cursor down # key> to jump into the search results window, the results can be navigated # using the <cursor keys>. Press <Enter> to select an item or <escape> to cancel # the search. The filter options can be selected when the cursor is inside the # search box by pressing <Shift>+<cursor down>. Also here use the <cursor keys> # to select a filter and <Enter> or <escape> to activate or cancel the filter # option. # The default value is: YES. # This tag requires that the tag GENERATE_HTML is set to YES. SEARCHENGINE = NO # When the SERVER_BASED_SEARCH tag is enabled the search engine will be # implemented using a web server instead of a web client using Javascript. There # are two flavors of web server based searching depending on the EXTERNAL_SEARCH # setting. When disabled, doxygen will generate a PHP script for searching and # an index file used by the script. When EXTERNAL_SEARCH is enabled the indexing # and searching needs to be provided by external tools. See the section # "External Indexing and Searching" for details. # The default value is: NO. # This tag requires that the tag SEARCHENGINE is set to YES. SERVER_BASED_SEARCH = NO # When EXTERNAL_SEARCH tag is enabled doxygen will no longer generate the PHP # script for searching. Instead the search results are written to an XML file # which needs to be processed by an external indexer. Doxygen will invoke an # external search engine pointed to by the SEARCHENGINE_URL option to obtain the # search results. # # Doxygen ships with an example indexer (doxyindexer) and search engine # (doxysearch.cgi) which are based on the open source search engine library # Xapian (see: http://xapian.org/). # # See the section "External Indexing and Searching" for details. # The default value is: NO. # This tag requires that the tag SEARCHENGINE is set to YES. EXTERNAL_SEARCH = NO # The SEARCHENGINE_URL should point to a search engine hosted by a web server # which will return the search results when EXTERNAL_SEARCH is enabled. # # Doxygen ships with an example indexer (doxyindexer) and search engine # (doxysearch.cgi) which are based on the open source search engine library # Xapian (see: http://xapian.org/). See the section "External Indexing and # Searching" for details. # This tag requires that the tag SEARCHENGINE is set to YES. SEARCHENGINE_URL = # When SERVER_BASED_SEARCH and EXTERNAL_SEARCH are both enabled the unindexed # search data is written to a file for indexing by an external tool. With the # SEARCHDATA_FILE tag the name of this file can be specified. # The default file is: searchdata.xml. # This tag requires that the tag SEARCHENGINE is set to YES. SEARCHDATA_FILE = searchdata.xml # When SERVER_BASED_SEARCH and EXTERNAL_SEARCH are both enabled the # EXTERNAL_SEARCH_ID tag can be used as an identifier for the project. This is # useful in combination with EXTRA_SEARCH_MAPPINGS to search through multiple # projects and redirect the results back to the right project. # This tag requires that the tag SEARCHENGINE is set to YES. EXTERNAL_SEARCH_ID = # The EXTRA_SEARCH_MAPPINGS tag can be used to enable searching through doxygen # projects other than the one defined by this configuration file, but that are # all added to the same external search index. Each project needs to have a # unique id set via EXTERNAL_SEARCH_ID. The search mapping then maps the id of # to a relative location where the documentation can be found. The format is: # EXTRA_SEARCH_MAPPINGS = tagname1=loc1 tagname2=loc2 ... # This tag requires that the tag SEARCHENGINE is set to YES. EXTRA_SEARCH_MAPPINGS = #--------------------------------------------------------------------------- # Configuration options related to the LaTeX output #--------------------------------------------------------------------------- # If the GENERATE_LATEX tag is set to YES, doxygen will generate LaTeX output. # The default value is: YES. GENERATE_LATEX = NO # The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. If a # relative path is entered the value of OUTPUT_DIRECTORY will be put in front of # it. # The default directory is: latex. # This tag requires that the tag GENERATE_LATEX is set to YES. LATEX_OUTPUT = latex # The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be # invoked. # # Note that when enabling USE_PDFLATEX this option is only used for generating # bitmaps for formulas in the HTML output, but not in the Makefile that is # written to the output directory. # The default file is: latex. # This tag requires that the tag GENERATE_LATEX is set to YES. LATEX_CMD_NAME = latex # The MAKEINDEX_CMD_NAME tag can be used to specify the command name to generate # index for LaTeX. # The default file is: makeindex. # This tag requires that the tag GENERATE_LATEX is set to YES. MAKEINDEX_CMD_NAME = makeindex # If the COMPACT_LATEX tag is set to YES, doxygen generates more compact LaTeX # documents. This may be useful for small projects and may help to save some # trees in general. # The default value is: NO. # This tag requires that the tag GENERATE_LATEX is set to YES. COMPACT_LATEX = NO # The PAPER_TYPE tag can be used to set the paper type that is used by the # printer. # Possible values are: a4 (210 x 297 mm), letter (8.5 x 11 inches), legal (8.5 x # 14 inches) and executive (7.25 x 10.5 inches). # The default value is: a4. # This tag requires that the tag GENERATE_LATEX is set to YES. PAPER_TYPE = letter # The EXTRA_PACKAGES tag can be used to specify one or more LaTeX package names # that should be included in the LaTeX output. The package can be specified just # by its name or with the correct syntax as to be used with the LaTeX # \usepackage command. To get the times font for instance you can specify : # EXTRA_PACKAGES=times or EXTRA_PACKAGES={times} # To use the option intlimits with the amsmath package you can specify: # EXTRA_PACKAGES=[intlimits]{amsmath} # If left blank no extra packages will be included. # This tag requires that the tag GENERATE_LATEX is set to YES. EXTRA_PACKAGES = # The LATEX_HEADER tag can be used to specify a personal LaTeX header for the # generated LaTeX document. The header should contain everything until the first # chapter. If it is left blank doxygen will generate a standard header. See # section "Doxygen usage" for information on how to let doxygen write the # default header to a separate file. # # Note: Only use a user-defined header if you know what you are doing! The # following commands have a special meaning inside the header: $title, # $datetime, $date, $doxygenversion, $projectname, $projectnumber, # $projectbrief, $projectlogo. Doxygen will replace $title with the empty # string, for the replacement values of the other commands the user is referred # to HTML_HEADER. # This tag requires that the tag GENERATE_LATEX is set to YES. LATEX_HEADER = # The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for the # generated LaTeX document. The footer should contain everything after the last # chapter. If it is left blank doxygen will generate a standard footer. See # LATEX_HEADER for more information on how to generate a default footer and what # special commands can be used inside the footer. # # Note: Only use a user-defined footer if you know what you are doing! # This tag requires that the tag GENERATE_LATEX is set to YES. LATEX_FOOTER = # The LATEX_EXTRA_STYLESHEET tag can be used to specify additional user-defined # LaTeX style sheets that are included after the standard style sheets created # by doxygen. Using this option one can overrule certain style aspects. Doxygen # will copy the style sheet files to the output directory. # Note: The order of the extra style sheet files is of importance (e.g. the last # style sheet in the list overrules the setting of the previous ones in the # list). # This tag requires that the tag GENERATE_LATEX is set to YES. LATEX_EXTRA_STYLESHEET = # The LATEX_EXTRA_FILES tag can be used to specify one or more extra images or # other source files which should be copied to the LATEX_OUTPUT output # directory. Note that the files will be copied as-is; there are no commands or # markers available. # This tag requires that the tag GENERATE_LATEX is set to YES. LATEX_EXTRA_FILES = # If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated is # prepared for conversion to PDF (using ps2pdf or pdflatex). The PDF file will # contain links (just like the HTML output) instead of page references. This # makes the output suitable for online browsing using a PDF viewer. # The default value is: YES. # This tag requires that the tag GENERATE_LATEX is set to YES. PDF_HYPERLINKS = YES # If the USE_PDFLATEX tag is set to YES, doxygen will use pdflatex to generate # the PDF file directly from the LaTeX files. Set this option to YES, to get a # higher quality PDF documentation. # The default value is: YES. # This tag requires that the tag GENERATE_LATEX is set to YES. USE_PDFLATEX = YES # If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \batchmode # command to the generated LaTeX files. This will instruct LaTeX to keep running # if errors occur, instead of asking the user for help. This option is also used # when generating formulas in HTML. # The default value is: NO. # This tag requires that the tag GENERATE_LATEX is set to YES. LATEX_BATCHMODE = NO # If the LATEX_HIDE_INDICES tag is set to YES then doxygen will not include the # index chapters (such as File Index, Compound Index, etc.) in the output. # The default value is: NO. # This tag requires that the tag GENERATE_LATEX is set to YES. LATEX_HIDE_INDICES = NO # If the LATEX_SOURCE_CODE tag is set to YES then doxygen will include source # code with syntax highlighting in the LaTeX output. # # Note that which sources are shown also depends on other settings such as # SOURCE_BROWSER. # The default value is: NO. # This tag requires that the tag GENERATE_LATEX is set to YES. LATEX_SOURCE_CODE = NO # The LATEX_BIB_STYLE tag can be used to specify the style to use for the # bibliography, e.g. plainnat, or ieeetr. See # http://en.wikipedia.org/wiki/BibTeX and \cite for more info. # The default value is: plain. # This tag requires that the tag GENERATE_LATEX is set to YES. LATEX_BIB_STYLE = plain # If the LATEX_TIMESTAMP tag is set to YES then the footer of each generated # page will contain the date and time when the page was generated. Setting this # to NO can help when comparing the output of multiple runs. # The default value is: NO. # This tag requires that the tag GENERATE_LATEX is set to YES. LATEX_TIMESTAMP = NO #--------------------------------------------------------------------------- # Configuration options related to the RTF output #--------------------------------------------------------------------------- # If the GENERATE_RTF tag is set to YES, doxygen will generate RTF output. The # RTF output is optimized for Word 97 and may not look too pretty with other RTF # readers/editors. # The default value is: NO. GENERATE_RTF = NO # The RTF_OUTPUT tag is used to specify where the RTF docs will be put. If a # relative path is entered the value of OUTPUT_DIRECTORY will be put in front of # it. # The default directory is: rtf. # This tag requires that the tag GENERATE_RTF is set to YES. RTF_OUTPUT = rtf # If the COMPACT_RTF tag is set to YES, doxygen generates more compact RTF # documents. This may be useful for small projects and may help to save some # trees in general. # The default value is: NO. # This tag requires that the tag GENERATE_RTF is set to YES. COMPACT_RTF = NO # If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated will # contain hyperlink fields. The RTF file will contain links (just like the HTML # output) instead of page references. This makes the output suitable for online # browsing using Word or some other Word compatible readers that support those # fields. # # Note: WordPad (write) and others do not support links. # The default value is: NO. # This tag requires that the tag GENERATE_RTF is set to YES. RTF_HYPERLINKS = NO # Load stylesheet definitions from file. Syntax is similar to doxygen's config # file, i.e. a series of assignments. You only have to provide replacements, # missing definitions are set to their default value. # # See also section "Doxygen usage" for information on how to generate the # default style sheet that doxygen normally uses. # This tag requires that the tag GENERATE_RTF is set to YES. RTF_STYLESHEET_FILE = # Set optional variables used in the generation of an RTF document. Syntax is # similar to doxygen's config file. A template extensions file can be generated # using doxygen -e rtf extensionFile. # This tag requires that the tag GENERATE_RTF is set to YES. RTF_EXTENSIONS_FILE = # If the RTF_SOURCE_CODE tag is set to YES then doxygen will include source code # with syntax highlighting in the RTF output. # # Note that which sources are shown also depends on other settings such as # SOURCE_BROWSER. # The default value is: NO. # This tag requires that the tag GENERATE_RTF is set to YES. RTF_SOURCE_CODE = NO #--------------------------------------------------------------------------- # Configuration options related to the man page output #--------------------------------------------------------------------------- # If the GENERATE_MAN tag is set to YES, doxygen will generate man pages for # classes and files. # The default value is: NO. GENERATE_MAN = NO # The MAN_OUTPUT tag is used to specify where the man pages will be put. If a # relative path is entered the value of OUTPUT_DIRECTORY will be put in front of # it. A directory man3 will be created inside the directory specified by # MAN_OUTPUT. # The default directory is: man. # This tag requires that the tag GENERATE_MAN is set to YES. MAN_OUTPUT = man # The MAN_EXTENSION tag determines the extension that is added to the generated # man pages. In case the manual section does not start with a number, the number # 3 is prepended. The dot (.) at the beginning of the MAN_EXTENSION tag is # optional. # The default value is: .3. # This tag requires that the tag GENERATE_MAN is set to YES. MAN_EXTENSION = .3 # The MAN_SUBDIR tag determines the name of the directory created within # MAN_OUTPUT in which the man pages are placed. If defaults to man followed by # MAN_EXTENSION with the initial . removed. # This tag requires that the tag GENERATE_MAN is set to YES. MAN_SUBDIR = # If the MAN_LINKS tag is set to YES and doxygen generates man output, then it # will generate one additional man file for each entity documented in the real # man page(s). These additional files only source the real man page, but without # them the man command would be unable to find the correct page. # The default value is: NO. # This tag requires that the tag GENERATE_MAN is set to YES. MAN_LINKS = NO #--------------------------------------------------------------------------- # Configuration options related to the XML output #--------------------------------------------------------------------------- # If the GENERATE_XML tag is set to YES, doxygen will generate an XML file that # captures the structure of the code including all documentation. # The default value is: NO. GENERATE_XML = NO # The XML_OUTPUT tag is used to specify where the XML pages will be put. If a # relative path is entered the value of OUTPUT_DIRECTORY will be put in front of # it. # The default directory is: xml. # This tag requires that the tag GENERATE_XML is set to YES. XML_OUTPUT = xml # If the XML_PROGRAMLISTING tag is set to YES, doxygen will dump the program # listings (including syntax highlighting and cross-referencing information) to # the XML output. Note that enabling this will significantly increase the size # of the XML output. # The default value is: YES. # This tag requires that the tag GENERATE_XML is set to YES. XML_PROGRAMLISTING = YES #--------------------------------------------------------------------------- # Configuration options related to the DOCBOOK output #--------------------------------------------------------------------------- # If the GENERATE_DOCBOOK tag is set to YES, doxygen will generate Docbook files # that can be used to generate PDF. # The default value is: NO. GENERATE_DOCBOOK = NO # The DOCBOOK_OUTPUT tag is used to specify where the Docbook pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be put in # front of it. # The default directory is: docbook. # This tag requires that the tag GENERATE_DOCBOOK is set to YES. DOCBOOK_OUTPUT = docbook # If the DOCBOOK_PROGRAMLISTING tag is set to YES, doxygen will include the # program listings (including syntax highlighting and cross-referencing # information) to the DOCBOOK output. Note that enabling this will significantly # increase the size of the DOCBOOK output. # The default value is: NO. # This tag requires that the tag GENERATE_DOCBOOK is set to YES. DOCBOOK_PROGRAMLISTING = NO #--------------------------------------------------------------------------- # Configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- # If the GENERATE_AUTOGEN_DEF tag is set to YES, doxygen will generate an # AutoGen Definitions (see http://autogen.sf.net) file that captures the # structure of the code including all documentation. Note that this feature is # still experimental and incomplete at the moment. # The default value is: NO. GENERATE_AUTOGEN_DEF = NO #--------------------------------------------------------------------------- # Configuration options related to the Perl module output #--------------------------------------------------------------------------- # If the GENERATE_PERLMOD tag is set to YES, doxygen will generate a Perl module # file that captures the structure of the code including all documentation. # # Note that this feature is still experimental and incomplete at the moment. # The default value is: NO. GENERATE_PERLMOD = NO # If the PERLMOD_LATEX tag is set to YES, doxygen will generate the necessary # Makefile rules, Perl scripts and LaTeX code to be able to generate PDF and DVI # output from the Perl module output. # The default value is: NO. # This tag requires that the tag GENERATE_PERLMOD is set to YES. PERLMOD_LATEX = NO # If the PERLMOD_PRETTY tag is set to YES, the Perl module output will be nicely # formatted so it can be parsed by a human reader. This is useful if you want to # understand what is going on. On the other hand, if this tag is set to NO, the # size of the Perl module output will be much smaller and Perl will parse it # just the same. # The default value is: YES. # This tag requires that the tag GENERATE_PERLMOD is set to YES. PERLMOD_PRETTY = YES # The names of the make variables in the generated doxyrules.make file are # prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. This is useful # so different doxyrules.make files included by the same Makefile don't # overwrite each other's variables. # This tag requires that the tag GENERATE_PERLMOD is set to YES. PERLMOD_MAKEVAR_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the preprocessor #--------------------------------------------------------------------------- # If the ENABLE_PREPROCESSING tag is set to YES, doxygen will evaluate all # C-preprocessor directives found in the sources and include files. # The default value is: YES. ENABLE_PREPROCESSING = YES # If the MACRO_EXPANSION tag is set to YES, doxygen will expand all macro names # in the source code. If set to NO, only conditional compilation will be # performed. Macro expansion can be done in a controlled way by setting # EXPAND_ONLY_PREDEF to YES. # The default value is: NO. # This tag requires that the tag ENABLE_PREPROCESSING is set to YES. MACRO_EXPANSION = NO # If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES then # the macro expansion is limited to the macros specified with the PREDEFINED and # EXPAND_AS_DEFINED tags. # The default value is: NO. # This tag requires that the tag ENABLE_PREPROCESSING is set to YES. EXPAND_ONLY_PREDEF = NO # If the SEARCH_INCLUDES tag is set to YES, the include files in the # INCLUDE_PATH will be searched if a #include is found. # The default value is: YES. # This tag requires that the tag ENABLE_PREPROCESSING is set to YES. SEARCH_INCLUDES = YES # The INCLUDE_PATH tag can be used to specify one or more directories that # contain include files that are not input files but should be processed by the # preprocessor. # This tag requires that the tag SEARCH_INCLUDES is set to YES. INCLUDE_PATH = # You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard # patterns (like *.h and *.hpp) to filter out the header-files in the # directories. If left blank, the patterns specified with FILE_PATTERNS will be # used. # This tag requires that the tag ENABLE_PREPROCESSING is set to YES. INCLUDE_FILE_PATTERNS = # The PREDEFINED tag can be used to specify one or more macro names that are # defined before the preprocessor is started (similar to the -D option of e.g. # gcc). The argument of the tag is a list of macros of the form: name or # name=definition (no spaces). If the definition and the "=" are omitted, "=1" # is assumed. To prevent a macro definition from being undefined via #undef or # recursively expanded use the := operator instead of the = operator. # This tag requires that the tag ENABLE_PREPROCESSING is set to YES. PREDEFINED = # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then this # tag can be used to specify a list of macro names that should be expanded. The # macro definition that is found in the sources will be used. Use the PREDEFINED # tag if you want to use a different macro definition that overrules the # definition found in the source code. # This tag requires that the tag ENABLE_PREPROCESSING is set to YES. EXPAND_AS_DEFINED = # If the SKIP_FUNCTION_MACROS tag is set to YES then doxygen's preprocessor will # remove all references to function-like macros that are alone on a line, have # an all uppercase name, and do not end with a semicolon. Such function macros # are typically used for boiler-plate code, and will confuse the parser if not # removed. # The default value is: YES. # This tag requires that the tag ENABLE_PREPROCESSING is set to YES. SKIP_FUNCTION_MACROS = YES #--------------------------------------------------------------------------- # Configuration options related to external references #--------------------------------------------------------------------------- # The TAGFILES tag can be used to specify one or more tag files. For each tag # file the location of the external documentation should be added. The format of # a tag file without this location is as follows: # TAGFILES = file1 file2 ... # Adding location for the tag files is done as follows: # TAGFILES = file1=loc1 "file2 = loc2" ... # where loc1 and loc2 can be relative or absolute paths or URLs. See the # section "Linking to external documentation" for more information about the use # of tag files. # Note: Each tag file must have a unique name (where the name does NOT include # the path). If a tag file is not located in the directory in which doxygen is # run, you must also specify the path to the tagfile here. TAGFILES = # When a file name is specified after GENERATE_TAGFILE, doxygen will create a # tag file that is based on the input files it reads. See section "Linking to # external documentation" for more information about the usage of tag files. GENERATE_TAGFILE = # If the ALLEXTERNALS tag is set to YES, all external class will be listed in # the class index. If set to NO, only the inherited external classes will be # listed. # The default value is: NO. ALLEXTERNALS = NO # If the EXTERNAL_GROUPS tag is set to YES, all external groups will be listed # in the modules index. If set to NO, only the current project's groups will be # listed. # The default value is: YES. EXTERNAL_GROUPS = YES # If the EXTERNAL_PAGES tag is set to YES, all external pages will be listed in # the related pages index. If set to NO, only the current project's pages will # be listed. # The default value is: YES. EXTERNAL_PAGES = YES # The PERL_PATH should be the absolute path and name of the perl script # interpreter (i.e. the result of 'which perl'). # The default file (with absolute path) is: /usr/bin/perl. PERL_PATH = /usr/bin/perl #--------------------------------------------------------------------------- # Configuration options related to the dot tool #--------------------------------------------------------------------------- # If the CLASS_DIAGRAMS tag is set to YES, doxygen will generate a class diagram # (in HTML and LaTeX) for classes with base or super classes. Setting the tag to # NO turns the diagrams off. Note that this option also works with HAVE_DOT # disabled, but it is recommended to install and use dot, since it yields more # powerful graphs. # The default value is: YES. CLASS_DIAGRAMS = YES # You can define message sequence charts within doxygen comments using the \msc # command. Doxygen will then run the mscgen tool (see: # http://www.mcternan.me.uk/mscgen/)) to produce the chart and insert it in the # documentation. The MSCGEN_PATH tag allows you to specify the directory where # the mscgen tool resides. If left empty the tool is assumed to be found in the # default search path. MSCGEN_PATH = # You can include diagrams made with dia in doxygen documentation. Doxygen will # then run dia to produce the diagram and insert it in the documentation. The # DIA_PATH tag allows you to specify the directory where the dia binary resides. # If left empty dia is assumed to be found in the default search path. DIA_PATH = # If set to YES the inheritance and collaboration graphs will hide inheritance # and usage relations if the target is undocumented or is not a class. # The default value is: YES. HIDE_UNDOC_RELATIONS = YES # If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is # available from the path. This tool is part of Graphviz (see: # http://www.graphviz.org/), a graph visualization toolkit from AT&T and Lucent # Bell Labs. The other options in this section have no effect if this option is # set to NO # The default value is: NO. HAVE_DOT = NO # The DOT_NUM_THREADS specifies the number of dot invocations doxygen is allowed # to run in parallel. When set to 0 doxygen will base this on the number of # processors available in the system. You can set it explicitly to a value # larger than 0 to get control over the balance between CPU load and processing # speed. # Minimum value: 0, maximum value: 32, default value: 0. # This tag requires that the tag HAVE_DOT is set to YES. DOT_NUM_THREADS = 0 # When you want a differently looking font in the dot files that doxygen # generates you can specify the font name using DOT_FONTNAME. You need to make # sure dot is able to find the font, which can be done by putting it in a # standard location or by setting the DOTFONTPATH environment variable or by # setting DOT_FONTPATH to the directory containing the font. # The default value is: Helvetica. # This tag requires that the tag HAVE_DOT is set to YES. DOT_FONTNAME = Helvetica # The DOT_FONTSIZE tag can be used to set the size (in points) of the font of # dot graphs. # Minimum value: 4, maximum value: 24, default value: 10. # This tag requires that the tag HAVE_DOT is set to YES. DOT_FONTSIZE = 10 # By default doxygen will tell dot to use the default font as specified with # DOT_FONTNAME. If you specify a different font using DOT_FONTNAME you can set # the path where dot can find it using this tag. # This tag requires that the tag HAVE_DOT is set to YES. DOT_FONTPATH = # If the CLASS_GRAPH tag is set to YES then doxygen will generate a graph for # each documented class showing the direct and indirect inheritance relations. # Setting this tag to YES will force the CLASS_DIAGRAMS tag to NO. # The default value is: YES. # This tag requires that the tag HAVE_DOT is set to YES. CLASS_GRAPH = YES # If the COLLABORATION_GRAPH tag is set to YES then doxygen will generate a # graph for each documented class showing the direct and indirect implementation # dependencies (inheritance, containment, and class references variables) of the # class with other documented classes. # The default value is: YES. # This tag requires that the tag HAVE_DOT is set to YES. COLLABORATION_GRAPH = YES # If the GROUP_GRAPHS tag is set to YES then doxygen will generate a graph for # groups, showing the direct groups dependencies. # The default value is: YES. # This tag requires that the tag HAVE_DOT is set to YES. GROUP_GRAPHS = YES # If the UML_LOOK tag is set to YES, doxygen will generate inheritance and # collaboration diagrams in a style similar to the OMG's Unified Modeling # Language. # The default value is: NO. # This tag requires that the tag HAVE_DOT is set to YES. UML_LOOK = NO # If the UML_LOOK tag is enabled, the fields and methods are shown inside the # class node. If there are many fields or methods and many nodes the graph may # become too big to be useful. The UML_LIMIT_NUM_FIELDS threshold limits the # number of items for each type to make the size more manageable. Set this to 0 # for no limit. Note that the threshold may be exceeded by 50% before the limit # is enforced. So when you set the threshold to 10, up to 15 fields may appear, # but if the number exceeds 15, the total amount of fields shown is limited to # 10. # Minimum value: 0, maximum value: 100, default value: 10. # This tag requires that the tag HAVE_DOT is set to YES. UML_LIMIT_NUM_FIELDS = 10 # If the TEMPLATE_RELATIONS tag is set to YES then the inheritance and # collaboration graphs will show the relations between templates and their # instances. # The default value is: NO. # This tag requires that the tag HAVE_DOT is set to YES. TEMPLATE_RELATIONS = YES # If the INCLUDE_GRAPH, ENABLE_PREPROCESSING and SEARCH_INCLUDES tags are set to # YES then doxygen will generate a graph for each documented file showing the # direct and indirect include dependencies of the file with other documented # files. # The default value is: YES. # This tag requires that the tag HAVE_DOT is set to YES. INCLUDE_GRAPH = YES # If the INCLUDED_BY_GRAPH, ENABLE_PREPROCESSING and SEARCH_INCLUDES tags are # set to YES then doxygen will generate a graph for each documented file showing # the direct and indirect include dependencies of the file with other documented # files. # The default value is: YES. # This tag requires that the tag HAVE_DOT is set to YES. INCLUDED_BY_GRAPH = YES # If the CALL_GRAPH tag is set to YES then doxygen will generate a call # dependency graph for every global function or class method. # # Note that enabling this option will significantly increase the time of a run. # So in most cases it will be better to enable call graphs for selected # functions only using the \callgraph command. Disabling a call graph can be # accomplished by means of the command \hidecallgraph. # The default value is: NO. # This tag requires that the tag HAVE_DOT is set to YES. CALL_GRAPH = NO # If the CALLER_GRAPH tag is set to YES then doxygen will generate a caller # dependency graph for every global function or class method. # # Note that enabling this option will significantly increase the time of a run. # So in most cases it will be better to enable caller graphs for selected # functions only using the \callergraph command. Disabling a caller graph can be # accomplished by means of the command \hidecallergraph. # The default value is: NO. # This tag requires that the tag HAVE_DOT is set to YES. CALLER_GRAPH = NO # If the GRAPHICAL_HIERARCHY tag is set to YES then doxygen will graphical # hierarchy of all classes instead of a textual one. # The default value is: YES. # This tag requires that the tag HAVE_DOT is set to YES. GRAPHICAL_HIERARCHY = YES # If the DIRECTORY_GRAPH tag is set to YES then doxygen will show the # dependencies a directory has on other directories in a graphical way. The # dependency relations are determined by the #include relations between the # files in the directories. # The default value is: YES. # This tag requires that the tag HAVE_DOT is set to YES. DIRECTORY_GRAPH = YES # The DOT_IMAGE_FORMAT tag can be used to set the image format of the images # generated by dot. For an explanation of the image formats see the section # output formats in the documentation of the dot tool (Graphviz (see: # http://www.graphviz.org/)). # Note: If you choose svg you need to set HTML_FILE_EXTENSION to xhtml in order # to make the SVG files visible in IE 9+ (other browsers do not have this # requirement). # Possible values are: png, jpg, gif, svg, png:gd, png:gd:gd, png:cairo, # png:cairo:gd, png:cairo:cairo, png:cairo:gdiplus, png:gdiplus and # png:gdiplus:gdiplus. # The default value is: png. # This tag requires that the tag HAVE_DOT is set to YES. DOT_IMAGE_FORMAT = png # If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to # enable generation of interactive SVG images that allow zooming and panning. # # Note that this requires a modern browser other than Internet Explorer. Tested # and working are Firefox, Chrome, Safari, and Opera. # Note: For IE 9+ you need to set HTML_FILE_EXTENSION to xhtml in order to make # the SVG files visible. Older versions of IE do not have SVG support. # The default value is: NO. # This tag requires that the tag HAVE_DOT is set to YES. INTERACTIVE_SVG = NO # The DOT_PATH tag can be used to specify the path where the dot tool can be # found. If left blank, it is assumed the dot tool can be found in the path. # This tag requires that the tag HAVE_DOT is set to YES. DOT_PATH = # The DOTFILE_DIRS tag can be used to specify one or more directories that # contain dot files that are included in the documentation (see the \dotfile # command). # This tag requires that the tag HAVE_DOT is set to YES. DOTFILE_DIRS = # The MSCFILE_DIRS tag can be used to specify one or more directories that # contain msc files that are included in the documentation (see the \mscfile # command). MSCFILE_DIRS = # The DIAFILE_DIRS tag can be used to specify one or more directories that # contain dia files that are included in the documentation (see the \diafile # command). DIAFILE_DIRS = # When using plantuml, the PLANTUML_JAR_PATH tag should be used to specify the # path where java can find the plantuml.jar file. If left blank, it is assumed # PlantUML is not used or called during a preprocessing step. Doxygen will # generate a warning when it encounters a \startuml command in this case and # will not generate output for the diagram. PLANTUML_JAR_PATH = # When using plantuml, the specified paths are searched for files specified by # the !include statement in a plantuml block. PLANTUML_INCLUDE_PATH = # The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of nodes # that will be shown in the graph. If the number of nodes in a graph becomes # larger than this value, doxygen will truncate the graph, which is visualized # by representing a node as a red box. Note that doxygen if the number of direct # children of the root node in a graph is already larger than # DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note that # the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. # Minimum value: 0, maximum value: 10000, default value: 50. # This tag requires that the tag HAVE_DOT is set to YES. DOT_GRAPH_MAX_NODES = 50 # The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the graphs # generated by dot. A depth value of 3 means that only nodes reachable from the # root by following a path via at most 3 edges will be shown. Nodes that lay # further from the root node will be omitted. Note that setting this option to 1 # or 2 may greatly reduce the computation time needed for large code bases. Also # note that the size of a graph can be further restricted by # DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. # Minimum value: 0, maximum value: 1000, default value: 0. # This tag requires that the tag HAVE_DOT is set to YES. MAX_DOT_GRAPH_DEPTH = 0 # Set the DOT_TRANSPARENT tag to YES to generate images with a transparent # background. This is disabled by default, because dot on Windows does not seem # to support this out of the box. # # Warning: Depending on the platform used, enabling this option may lead to # badly anti-aliased labels on the edges of a graph (i.e. they become hard to # read). # The default value is: NO. # This tag requires that the tag HAVE_DOT is set to YES. DOT_TRANSPARENT = NO # Set the DOT_MULTI_TARGETS tag to YES to allow dot to generate multiple output # files in one run (i.e. multiple -o and -T options on the command line). This # makes dot run faster, but since only newer versions of dot (>1.8.10) support # this, this feature is disabled by default. # The default value is: NO. # This tag requires that the tag HAVE_DOT is set to YES. DOT_MULTI_TARGETS = NO # If the GENERATE_LEGEND tag is set to YES doxygen will generate a legend page # explaining the meaning of the various boxes and arrows in the dot generated # graphs. # The default value is: YES. # This tag requires that the tag HAVE_DOT is set to YES. GENERATE_LEGEND = YES # If the DOT_CLEANUP tag is set to YES, doxygen will remove the intermediate dot # files that are used to generate the various graphs. # The default value is: YES. # This tag requires that the tag HAVE_DOT is set to YES. DOT_CLEANUP = YES ���libsrtp-2.1.0/doc/Makefile.in�����������������������������������������������������������������������0000664�0000000�0000000�00000001377�13120311000�0015770�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Makefile for libSRTP documentation # # David A. McGrew # Cisco Systems, Inc. # # This makefile does not use the autoconf system; we don't really need # it. We just run doxygen. # The most up to date documentation can be found at www.github.com/cisco/libsrtp srcdir = @srcdir@ top_srcdir = @top_srcdir@ top_builddir = @top_builddir@ VPATH = @srcdir@ # Determine the version of the library version = $(shell cat $(top_srcdir)/VERSION) .PHONY: libsrtpdoc clean libsrtpdoc: @if test ! -e Doxyfile.in; then \ echo "*** Sorry, can't build doc outside source dir"; exit 1; \ fi sed 's/LIBSRTPVERSIONNUMBER/$(version)/' Doxyfile.in > Doxyfile doxygen clean: rm -rf html/ Doxyfile for a in * ; do \ if [ -f "$$a~" ] ; then rm -f $$a~; fi; \ done; �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/doc/crypto_kernel.txt�����������������������������������������������������������������0000664�0000000�0000000�00000003067�13120311000�0017342�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/** @defgroup CryptoKernel Cryptographic Kernel All of the cryptographic functions are contained in a kernel. */ /** @defgroup CipherImplementations Ciphers @ingroup CryptoKernel @brief A generic cipher type enables cipher agility, that is, the ability to write code that runs with multiple cipher types. Ciphers can be used through the crypto kernel, or can be accessed directly, if need be. @{ */ /** * @brief Allocates a cipher of a particular type. * @warning May be implemented as a macro. */ err_status_t cipher_type_alloc(cipher_type_t *ctype, cipher_t **cipher, unsigned key_len); /** * @brief Initialized a cipher to use a particular key. May * be invoked more than once on the same cipher. * @warning May be implemented as a macro. */ err_status_t cipher_init(cipher_t *cipher, const uint8_t *key); /** * @brief Sets the initialization vector of a given cipher. * @warning May be implemented as a macro. */ err_status_t cipher_set_iv(cipher_t *cipher, void *iv); /** * @brief Encrypts a buffer with a given cipher. * @warning May be implemented as a macro. */ err_status_t cipher_encrypt(cipher_t *cipher, void *buf, unsigned int *len); /** * @brief Sets a buffer to the keystream generated by the cipher. * @warning May be implemented as a macro. */ err_status_t cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output); /** * @brief Deallocates a cipher. * @warning May be implemented as a macro. */ err_status_t cipher_dealloc(cipher_t *cipher); /** * @} */ */�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/doc/docs.css��������������������������������������������������������������������������0000664�0000000�0000000�00000062506�13120311000�0015366�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* The standard CSS for doxygen 1.8.11 */ body, table, div, p, dl { font: 400 14px/22px Roboto,sans-serif; } body { max-width: 800px; margin: 0 auto; } /* @group Heading Levels */ h1.groupheader { font-size: 150%; } .title { font: 400 14px/28px Roboto,sans-serif; font-size: 150%; font-weight: bold; margin: 10px 2px; } h2.groupheader { border-bottom: 1px solid #879ECB; color: #354C7B; font-size: 150%; font-weight: normal; margin-top: 1.75em; padding-top: 8px; padding-bottom: 4px; width: 100%; } h3.groupheader { font-size: 100%; } h1, h2, h3, h4, h5, h6 { -webkit-transition: text-shadow 0.5s linear; -moz-transition: text-shadow 0.5s linear; -ms-transition: text-shadow 0.5s linear; -o-transition: text-shadow 0.5s linear; transition: text-shadow 0.5s linear; margin-right: 15px; } h1.glow, h2.glow, h3.glow, h4.glow, h5.glow, h6.glow { text-shadow: 0 0 15px cyan; } dt { font-weight: bold; } div.multicol { -moz-column-gap: 1em; -webkit-column-gap: 1em; -moz-column-count: 3; -webkit-column-count: 3; } p.startli, p.startdd { margin-top: 2px; } p.starttd { margin-top: 0px; } p.endli { margin-bottom: 0px; } p.enddd { margin-bottom: 4px; } p.endtd { margin-bottom: 2px; } /* @end */ caption { font-weight: bold; } span.legend { font-size: 70%; text-align: center; } h3.version { font-size: 90%; text-align: center; } div.qindex, div.navtab{ background-color: #EBEFF6; border: 1px solid #A3B4D7; text-align: center; } div.qindex, div.navpath { width: 100%; line-height: 140%; } div.navtab { margin-right: 15px; } /* @group Link Styling */ a { color: #3D578C; font-weight: normal; text-decoration: none; } .contents a:visited { color: #4665A2; } a:hover { text-decoration: underline; } a.qindex { font-weight: bold; } a.qindexHL { font-weight: bold; background-color: #9CAFD4; color: #ffffff; border: 1px double #869DCA; } .contents a.qindexHL:visited { color: #ffffff; } a.el { font-weight: bold; } a.elRef { } a.code, a.code:visited, a.line, a.line:visited { color: #4665A2; } a.codeRef, a.codeRef:visited, a.lineRef, a.lineRef:visited { color: #4665A2; } /* @end */ dl.el { margin-left: -1cm; } pre.fragment { border: 1px solid #C4CFE5; background-color: #FBFCFD; padding: 4px 6px; margin: 4px 8px 4px 2px; overflow: auto; word-wrap: break-word; font-size: 9pt; line-height: 125%; font-family: monospace, fixed; font-size: 105%; } div.fragment { padding: 4px 6px; margin: 4px 8px 4px 2px; background-color: #FBFCFD; border: 1px solid #C4CFE5; } div.line { font-family: monospace, fixed; font-size: 13px; min-height: 13px; line-height: 1.0; text-wrap: unrestricted; white-space: -moz-pre-wrap; /* Moz */ white-space: -pre-wrap; /* Opera 4-6 */ white-space: -o-pre-wrap; /* Opera 7 */ white-space: pre-wrap; /* CSS3 */ word-wrap: break-word; /* IE 5.5+ */ text-indent: -53px; padding-left: 53px; padding-bottom: 0px; margin: 0px; -webkit-transition-property: background-color, box-shadow; -webkit-transition-duration: 0.5s; -moz-transition-property: background-color, box-shadow; -moz-transition-duration: 0.5s; -ms-transition-property: background-color, box-shadow; -ms-transition-duration: 0.5s; -o-transition-property: background-color, box-shadow; -o-transition-duration: 0.5s; transition-property: background-color, box-shadow; transition-duration: 0.5s; } div.line:after { content:"\000A"; white-space: pre; } div.line.glow { background-color: cyan; box-shadow: 0 0 10px cyan; } span.lineno { padding-right: 4px; text-align: right; border-right: 2px solid #0F0; background-color: #E8E8E8; white-space: pre; } span.lineno a { background-color: #D8D8D8; } span.lineno a:hover { background-color: #C8C8C8; } div.ah, span.ah { background-color: black; font-weight: bold; color: #ffffff; margin-bottom: 3px; margin-top: 3px; padding: 0.2em; border: solid thin #333; border-radius: 0.5em; -webkit-border-radius: .5em; -moz-border-radius: .5em; box-shadow: 2px 2px 3px #999; -webkit-box-shadow: 2px 2px 3px #999; -moz-box-shadow: rgba(0, 0, 0, 0.15) 2px 2px 2px; background-image: -webkit-gradient(linear, left top, left bottom, from(#eee), to(#000),color-stop(0.3, #444)); background-image: -moz-linear-gradient(center top, #eee 0%, #444 40%, #000 110%); } div.classindex ul { list-style: none; padding-left: 0; } div.classindex span.ai { display: inline-block; } div.groupHeader { margin-left: 16px; margin-top: 12px; font-weight: bold; } div.groupText { margin-left: 16px; font-style: italic; } body { background-color: white; color: black; } div.contents { margin-top: 10px; margin-left: 12px; margin-right: 8px; } td.indexkey { background-color: #EBEFF6; font-weight: bold; border: 1px solid #C4CFE5; margin: 2px 0px 2px 0; padding: 2px 10px; white-space: nowrap; vertical-align: top; } td.indexvalue { background-color: #EBEFF6; border: 1px solid #C4CFE5; padding: 2px 10px; margin: 2px 0px; } tr.memlist { background-color: #EEF1F7; } p.formulaDsp { text-align: center; } img.formulaDsp { } img.formulaInl { vertical-align: middle; } div.center { text-align: center; margin-top: 0px; margin-bottom: 0px; padding: 0px; } div.center img { border: 0px; } address.footer { text-align: right; padding-right: 12px; } img.footer { border: 0px; vertical-align: middle; } /* @group Code Colorization */ span.keyword { color: #008000 } span.keywordtype { color: #604020 } span.keywordflow { color: #e08000 } span.comment { color: #800000 } span.preprocessor { color: #806020 } span.stringliteral { color: #002080 } span.charliteral { color: #008080 } span.vhdldigit { color: #ff00ff } span.vhdlchar { color: #000000 } span.vhdlkeyword { color: #700070 } span.vhdllogic { color: #ff0000 } blockquote { background-color: #F7F8FB; border-left: 2px solid #9CAFD4; margin: 0 24px 0 4px; padding: 0 12px 0 16px; } /* @end */ .search { color: #003399; font-weight: bold; } form.search { margin-bottom: 0px; margin-top: 0px; } input.search { font-size: 75%; color: #000080; font-weight: normal; background-color: #e8eef2; } td.tiny { font-size: 75%; } .dirtab { padding: 4px; border-collapse: collapse; border: 1px solid #A3B4D7; } th.dirtab { background: #EBEFF6; font-weight: bold; } hr { height: 0px; border: none; border-top: 1px solid #4A6AAA; } hr.footer { height: 1px; } /* @group Member Descriptions */ table.memberdecls { border-spacing: 0px; padding: 0px; } .memberdecls td, .fieldtable tr { -webkit-transition-property: background-color, box-shadow; -webkit-transition-duration: 0.5s; -moz-transition-property: background-color, box-shadow; -moz-transition-duration: 0.5s; -ms-transition-property: background-color, box-shadow; -ms-transition-duration: 0.5s; -o-transition-property: background-color, box-shadow; -o-transition-duration: 0.5s; transition-property: background-color, box-shadow; transition-duration: 0.5s; } .memberdecls td.glow, .fieldtable tr.glow { background-color: cyan; box-shadow: 0 0 15px cyan; } .mdescLeft, .mdescRight, .memItemLeft, .memItemRight, .memTemplItemLeft, .memTemplItemRight, .memTemplParams { background-color: #F9FAFC; border: none; margin: 4px; padding: 1px 0 0 8px; } .mdescLeft, .mdescRight { padding: 0px 8px 4px 8px; color: #555; } .memSeparator { border-bottom: 1px solid #DEE4F0; line-height: 1px; margin: 0px; padding: 0px; } .memItemLeft, .memTemplItemLeft { white-space: nowrap; } .memItemRight { width: 100%; } .memTemplParams { color: #4665A2; white-space: nowrap; font-size: 80%; } /* @end */ /* @group Member Details */ /* Styles for detailed member documentation */ .memtemplate { font-size: 80%; color: #4665A2; font-weight: normal; margin-left: 9px; } .memnav { background-color: #EBEFF6; border: 1px solid #A3B4D7; text-align: center; margin: 2px; margin-right: 15px; padding: 2px; } .mempage { width: 100%; } .memitem { padding: 0; margin-bottom: 10px; margin-right: 5px; -webkit-transition: box-shadow 0.5s linear; -moz-transition: box-shadow 0.5s linear; -ms-transition: box-shadow 0.5s linear; -o-transition: box-shadow 0.5s linear; transition: box-shadow 0.5s linear; display: table !important; width: 100%; } .memitem.glow { box-shadow: 0 0 15px cyan; } .memname { font-weight: bold; margin-left: 6px; } .memname td { vertical-align: bottom; } .memproto, dl.reflist dt { border-top: 1px solid #A8B8D9; border-left: 1px solid #A8B8D9; border-right: 1px solid #A8B8D9; padding: 6px 0px 6px 0px; color: #253555; font-weight: bold; text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.9); background-image:url('nav_f.png'); background-repeat:repeat-x; background-color: #E2E8F2; /* opera specific markup */ box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15); border-top-right-radius: 4px; border-top-left-radius: 4px; /* firefox specific markup */ -moz-box-shadow: rgba(0, 0, 0, 0.15) 5px 5px 5px; -moz-border-radius-topright: 4px; -moz-border-radius-topleft: 4px; /* webkit specific markup */ -webkit-box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15); -webkit-border-top-right-radius: 4px; -webkit-border-top-left-radius: 4px; } .memdoc, dl.reflist dd { border-bottom: 1px solid #A8B8D9; border-left: 1px solid #A8B8D9; border-right: 1px solid #A8B8D9; padding: 6px 10px 2px 10px; background-color: #FBFCFD; border-top-width: 0; background-image:url('nav_g.png'); background-repeat:repeat-x; background-color: #FFFFFF; /* opera specific markup */ border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15); /* firefox specific markup */ -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -moz-box-shadow: rgba(0, 0, 0, 0.15) 5px 5px 5px; /* webkit specific markup */ -webkit-border-bottom-left-radius: 4px; -webkit-border-bottom-right-radius: 4px; -webkit-box-shadow: 5px 5px 5px rgba(0, 0, 0, 0.15); } dl.reflist dt { padding: 5px; } dl.reflist dd { margin: 0px 0px 10px 0px; padding: 5px; } .paramkey { text-align: right; } .paramtype { white-space: nowrap; } .paramname { color: #602020; white-space: nowrap; } .paramname em { font-style: normal; } .paramname code { line-height: 14px; } .params, .retval, .exception, .tparams { margin-left: 0px; padding-left: 0px; } .params .paramname, .retval .paramname { font-weight: bold; vertical-align: top; } .params .paramtype { font-style: italic; vertical-align: top; } .params .paramdir { font-family: "courier new",courier,monospace; vertical-align: top; } table.mlabels { border-spacing: 0px; } td.mlabels-left { width: 100%; padding: 0px; } td.mlabels-right { vertical-align: bottom; padding: 0px; white-space: nowrap; } span.mlabels { margin-left: 8px; } span.mlabel { background-color: #728DC1; border-top:1px solid #5373B4; border-left:1px solid #5373B4; border-right:1px solid #C4CFE5; border-bottom:1px solid #C4CFE5; text-shadow: none; color: white; margin-right: 4px; padding: 2px 3px; border-radius: 3px; font-size: 7pt; white-space: nowrap; vertical-align: middle; } /* @end */ /* these are for tree view inside a (index) page */ div.directory { margin: 10px 0px; border-top: 1px solid #9CAFD4; border-bottom: 1px solid #9CAFD4; width: 100%; } .directory table { border-collapse:collapse; } .directory td { margin: 0px; padding: 0px; vertical-align: top; } .directory td.entry { white-space: nowrap; padding-right: 6px; padding-top: 3px; } .directory td.entry a { outline:none; } .directory td.entry a img { border: none; } .directory td.desc { width: 100%; padding-left: 6px; padding-right: 6px; padding-top: 3px; border-left: 1px solid rgba(0,0,0,0.05); } .directory tr.even { padding-left: 6px; background-color: #F7F8FB; } .directory img { vertical-align: -30%; } .directory .levels { white-space: nowrap; width: 100%; text-align: right; font-size: 9pt; } .directory .levels span { cursor: pointer; padding-left: 2px; padding-right: 2px; color: #3D578C; } .arrow { color: #9CAFD4; -webkit-user-select: none; -khtml-user-select: none; -moz-user-select: none; -ms-user-select: none; user-select: none; cursor: pointer; font-size: 80%; display: inline-block; width: 16px; height: 22px; } .icon { font-family: Arial, Helvetica; font-weight: bold; font-size: 12px; height: 14px; width: 16px; display: inline-block; background-color: #728DC1; color: white; text-align: center; border-radius: 4px; margin-left: 2px; margin-right: 2px; } .icona { width: 24px; height: 22px; display: inline-block; } .iconfopen { width: 24px; height: 18px; margin-bottom: 4px; background-image:url('folderopen.png'); background-position: 0px -4px; background-repeat: repeat-y; vertical-align:top; display: inline-block; } .iconfclosed { width: 24px; height: 18px; margin-bottom: 4px; background-image:url('folderclosed.png'); background-position: 0px -4px; background-repeat: repeat-y; vertical-align:top; display: inline-block; } .icondoc { width: 24px; height: 18px; margin-bottom: 4px; background-image:url('doc.png'); background-position: 0px -4px; background-repeat: repeat-y; vertical-align:top; display: inline-block; } table.directory { font: 400 14px Roboto,sans-serif; } /* @end */ div.dynheader { margin-top: 8px; -webkit-touch-callout: none; -webkit-user-select: none; -khtml-user-select: none; -moz-user-select: none; -ms-user-select: none; user-select: none; } address { font-style: normal; color: #2A3D61; } table.doxtable caption { caption-side: top; } table.doxtable { border-collapse:collapse; margin-top: 4px; margin-bottom: 4px; } table.doxtable td, table.doxtable th { border: 1px solid #2D4068; padding: 3px 7px 2px; } table.doxtable th { background-color: #374F7F; color: #FFFFFF; font-size: 110%; padding-bottom: 4px; padding-top: 5px; } table.fieldtable { width: 100%; margin-bottom: 10px; border: 1px solid #A8B8D9; border-spacing: 0px; -moz-border-radius: 4px; -webkit-border-radius: 4px; border-radius: 4px; -moz-box-shadow: rgba(0, 0, 0, 0.15) 2px 2px 2px; -webkit-box-shadow: 2px 2px 2px rgba(0, 0, 0, 0.15); box-shadow: 2px 2px 2px rgba(0, 0, 0, 0.15); } .fieldtable td, .fieldtable th { padding: 3px 7px 2px; } .fieldtable td.fieldtype, .fieldtable td.fieldname { white-space: nowrap; border-right: 1px solid #A8B8D9; border-bottom: 1px solid #A8B8D9; vertical-align: top; } .fieldtable td.fieldname { padding-top: 3px; } .fieldtable td.fielddoc { border-bottom: 1px solid #A8B8D9; width: 100%; } .fieldtable td.fielddoc p:first-child { margin-top: 0px; } .fieldtable td.fielddoc p:last-child { margin-bottom: 2px; } .fieldtable tr:last-child td { border-bottom: none; } .fieldtable th { background-image:url('nav_f.png'); background-repeat:repeat-x; background-color: #E2E8F2; font-size: 90%; color: #253555; padding-bottom: 4px; padding-top: 5px; text-align:left; -moz-border-radius-topleft: 4px; -moz-border-radius-topright: 4px; -webkit-border-top-left-radius: 4px; -webkit-border-top-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; border-bottom: 1px solid #A8B8D9; } .tabsearch { top: 0px; left: 10px; height: 36px; background-image: url('tab_b.png'); z-index: 101; overflow: hidden; font-size: 13px; } .navpath ul { font-size: 11px; background-image:url('tab_b.png'); background-repeat:repeat-x; background-position: 0 -5px; height:30px; line-height:30px; color:#8AA0CC; border:solid 1px #C2CDE4; overflow:hidden; margin:0px; padding:0px; } .navpath li { list-style-type:none; float:left; padding-left:10px; padding-right:15px; background-image:url('bc_s.png'); background-repeat:no-repeat; background-position:right; color:#364D7C; } .navpath li.navelem a { height:32px; display:block; text-decoration: none; outline: none; color: #283A5D; font-family: 'Lucida Grande',Geneva,Helvetica,Arial,sans-serif; text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.9); text-decoration: none; } .navpath li.navelem a:hover { color:#6884BD; } .navpath li.footer { list-style-type:none; float:right; padding-left:10px; padding-right:15px; background-image:none; background-repeat:no-repeat; background-position:right; color:#364D7C; font-size: 8pt; } div.summary { float: right; font-size: 8pt; padding-right: 5px; width: 50%; text-align: right; } div.summary a { white-space: nowrap; } table.classindex { margin: 10px; white-space: nowrap; margin-left: 3%; margin-right: 3%; width: 94%; border: 0; border-spacing: 0; padding: 0; } div.ingroups { font-size: 8pt; width: 50%; text-align: left; } div.ingroups a { white-space: nowrap; } div.header { background-image:url('nav_h.png'); background-repeat:repeat-x; background-color: #F9FAFC; margin: 0px; border-bottom: 1px solid #C4CFE5; } div.headertitle { padding: 5px 5px 5px 10px; } dl { padding: 0 0 0 10px; } /* dl.note, dl.warning, dl.attention, dl.pre, dl.post, dl.invariant, dl.deprecated, dl.todo, dl.test, dl.bug */ dl.section { margin-left: 0px; padding-left: 0px; } dl.note { margin-left:-7px; padding-left: 3px; border-left:4px solid; border-color: #D0C000; } dl.warning, dl.attention { margin-left:-7px; padding-left: 3px; border-left:4px solid; border-color: #FF0000; } dl.pre, dl.post, dl.invariant { margin-left:-7px; padding-left: 3px; border-left:4px solid; border-color: #00D000; } dl.deprecated { margin-left:-7px; padding-left: 3px; border-left:4px solid; border-color: #505050; } dl.todo { margin-left:-7px; padding-left: 3px; border-left:4px solid; border-color: #00C0E0; } dl.test { margin-left:-7px; padding-left: 3px; border-left:4px solid; border-color: #3030E0; } dl.bug { margin-left:-7px; padding-left: 3px; border-left:4px solid; border-color: #C08050; } dl.section dd { margin-bottom: 6px; } #projectlogo { text-align: center; vertical-align: bottom; border-collapse: separate; } #projectlogo img { border: 0px none; } #projectalign { vertical-align: middle; } #projectname { font: 300% Tahoma, Arial,sans-serif; margin: 0px; padding: 2px 0px; } #projectbrief { font: 120% Tahoma, Arial,sans-serif; margin: 0px; padding: 0px; } #projectnumber { font: 50% Tahoma, Arial,sans-serif; margin: 0px; padding: 0px; } #titlearea { padding: 0px; margin: 0px; width: 100%; border-bottom: 1px solid #5373B4; } .image { text-align: center; } .dotgraph { text-align: center; } .mscgraph { text-align: center; } .diagraph { text-align: center; } .caption { font-weight: bold; } div.zoom { border: 1px solid #90A5CE; } dl.citelist { margin-bottom:50px; } dl.citelist dt { color:#334975; float:left; font-weight:bold; margin-right:10px; padding:5px; } dl.citelist dd { margin:2px 0; padding:5px 0; } div.toc { padding: 14px 25px; background-color: #F4F6FA; border: 1px solid #D8DFEE; border-radius: 7px 7px 7px 7px; float: right; height: auto; margin: 0 8px 10px 10px; width: 200px; } div.toc li { background: url("bdwn.png") no-repeat scroll 0 5px transparent; font: 10px/1.2 Verdana,DejaVu Sans,Geneva,sans-serif; margin-top: 5px; padding-left: 10px; padding-top: 2px; } div.toc h3 { font: bold 12px/1.2 Arial,FreeSans,sans-serif; color: #4665A2; border-bottom: 0 none; margin: 0; } div.toc ul { list-style: none outside none; border: medium none; padding: 0px; } div.toc li.level1 { margin-left: 0px; } div.toc li.level2 { margin-left: 15px; } div.toc li.level3 { margin-left: 30px; } div.toc li.level4 { margin-left: 45px; } .inherit_header { font-weight: bold; color: gray; cursor: pointer; -webkit-touch-callout: none; -webkit-user-select: none; -khtml-user-select: none; -moz-user-select: none; -ms-user-select: none; user-select: none; } .inherit_header td { padding: 6px 0px 2px 5px; } .inherit { display: none; } tr.heading h2 { margin-top: 12px; margin-bottom: 4px; } /* tooltip related style info */ .ttc { position: absolute; display: none; } #powerTip { cursor: default; white-space: nowrap; background-color: white; border: 1px solid gray; border-radius: 4px 4px 4px 4px; box-shadow: 1px 1px 7px gray; display: none; font-size: smaller; max-width: 80%; opacity: 0.9; padding: 1ex 1em 1em; position: absolute; z-index: 2147483647; } #powerTip div.ttdoc { color: grey; font-style: italic; } #powerTip div.ttname a { font-weight: bold; } #powerTip div.ttname { font-weight: bold; } #powerTip div.ttdeci { color: #006318; } #powerTip div { margin: 0px; padding: 0px; font: 12px/16px Roboto,sans-serif; } #powerTip:before, #powerTip:after { content: ""; position: absolute; margin: 0px; } #powerTip.n:after, #powerTip.n:before, #powerTip.s:after, #powerTip.s:before, #powerTip.w:after, #powerTip.w:before, #powerTip.e:after, #powerTip.e:before, #powerTip.ne:after, #powerTip.ne:before, #powerTip.se:after, #powerTip.se:before, #powerTip.nw:after, #powerTip.nw:before, #powerTip.sw:after, #powerTip.sw:before { border: solid transparent; content: " "; height: 0; width: 0; position: absolute; } #powerTip.n:after, #powerTip.s:after, #powerTip.w:after, #powerTip.e:after, #powerTip.nw:after, #powerTip.ne:after, #powerTip.sw:after, #powerTip.se:after { border-color: rgba(255, 255, 255, 0); } #powerTip.n:before, #powerTip.s:before, #powerTip.w:before, #powerTip.e:before, #powerTip.nw:before, #powerTip.ne:before, #powerTip.sw:before, #powerTip.se:before { border-color: rgba(128, 128, 128, 0); } #powerTip.n:after, #powerTip.n:before, #powerTip.ne:after, #powerTip.ne:before, #powerTip.nw:after, #powerTip.nw:before { top: 100%; } #powerTip.n:after, #powerTip.ne:after, #powerTip.nw:after { border-top-color: #ffffff; border-width: 10px; margin: 0px -10px; } #powerTip.n:before { border-top-color: #808080; border-width: 11px; margin: 0px -11px; } #powerTip.n:after, #powerTip.n:before { left: 50%; } #powerTip.nw:after, #powerTip.nw:before { right: 14px; } #powerTip.ne:after, #powerTip.ne:before { left: 14px; } #powerTip.s:after, #powerTip.s:before, #powerTip.se:after, #powerTip.se:before, #powerTip.sw:after, #powerTip.sw:before { bottom: 100%; } #powerTip.s:after, #powerTip.se:after, #powerTip.sw:after { border-bottom-color: #ffffff; border-width: 10px; margin: 0px -10px; } #powerTip.s:before, #powerTip.se:before, #powerTip.sw:before { border-bottom-color: #808080; border-width: 11px; margin: 0px -11px; } #powerTip.s:after, #powerTip.s:before { left: 50%; } #powerTip.sw:after, #powerTip.sw:before { right: 14px; } #powerTip.se:after, #powerTip.se:before { left: 14px; } #powerTip.e:after, #powerTip.e:before { left: 100%; } #powerTip.e:after { border-left-color: #ffffff; border-width: 10px; top: 50%; margin-top: -10px; } #powerTip.e:before { border-left-color: #808080; border-width: 11px; top: 50%; margin-top: -11px; } #powerTip.w:after, #powerTip.w:before { right: 100%; } #powerTip.w:after { border-right-color: #ffffff; border-width: 10px; top: 50%; margin-top: -10px; } #powerTip.w:before { border-right-color: #808080; border-width: 11px; top: 50%; margin-top: -11px; } @media print { #top { display: none; } #side-nav { display: none; } #nav-path { display: none; } body { overflow:visible; } h1, h2, h3, h4, h5, h6 { page-break-after: avoid; } .summary { display: none; } .memitem { page-break-inside: avoid; } #doc-content { margin-left:0 !important; height:auto !important; width:auto !important; overflow:inherit; display:inline; } } ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/include/������������������������������������������������������������������������������0000775�0000000�0000000�00000000000�13120311000�0014571�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/include/ekt.h�������������������������������������������������������������������������0000664�0000000�0000000�00000012632�13120311000�0015531�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * ekt.h * * interface to Encrypted Key Transport for SRTP * * David McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ /* * EKT implementation strategy * * use stream_template approach * * in srtp_unprotect, when a new stream appears, check if template has * EKT defined, and if it does, then apply EKT processing * * question: will we want to allow key-sharing templates in addition * to EKT templates? could define a new ssrc_type_t that's associated * with an EKT, e.g. ssrc_any_ekt. * * */ #ifndef SRTP_EKT_H #define SRTP_EKT_H // left in commented out as reminder to not include private headers //#include "srtp_priv.h" #ifdef __cplusplus extern "C" { #endif #define SRTP_EKT_CIPHER_DEFAULT 1 #define SRTP_EKT_CIPHER_AES_128_ECB 1 #define SRTP_EKT_CIPHER_AES_192_KEY_WRAP 2 #define SRTP_EKT_CIPHER_AES_256_KEY_WRAP 3 typedef uint16_t srtp_ekt_spi_t; unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt); /* * an srtp_policy_t structure can contain a pointer to an * srtp_ekt_policy_t structure * * this structure holds all of the high level EKT information, and it * is passed into libsrtp to indicate what policy should be in effect */ typedef struct srtp_ekt_policy_ctx_t { srtp_ekt_spi_t spi; /* security parameter index */ uint8_t ekt_cipher_type; uint8_t *ekt_key; struct srtp_ekt_policy_ctx_t *next_ekt_policy; } srtp_ekt_policy_ctx_t; /* * an srtp_ekt_data_t structure holds the data corresponding to an ekt key, * spi, and so on */ typedef struct srtp_ekt_data_t { srtp_ekt_spi_t spi; uint8_t ekt_cipher_type; srtp_aes_expanded_key_t ekt_enc_key; srtp_aes_expanded_key_t ekt_dec_key; struct ekt_data_t *next_ekt_data; } srtp_ekt_data_t; /* * an srtp_stream_ctx_t can contain an srtp_ekt_stream_ctx_t * * an srtp_ekt_stream_ctx_t structure holds all of the EKT information for * a specific SRTP stream */ typedef struct srtp_ekt_stream_ctx_t { srtp_ekt_data_t *data; uint16_t isn; /* initial sequence number */ uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN]; } srtp_ekt_stream_ctx_t; srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, srtp_ekt_policy_t policy); srtp_err_status_t srtp_ekt_stream_init(srtp_ekt_stream_t e, srtp_ekt_spi_t spi, void *ekt_key, unsigned ekt_cipher_type); srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t e, srtp_ekt_policy_t p); srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, const void *srtcp_hdr, unsigned pkt_octet_len); void srtp_ekt_write_data(srtp_ekt_stream_t ekt, uint8_t *base_tag, unsigned base_tag_len, int *packet_len, srtp_xtd_seq_num_t pkt_index); /* * We handle EKT by performing some additional steps before * authentication (copying the auth tag into a temporary location, * zeroizing the "base tag" field in the packet) * * With EKT, the tag_len parameter is actually the base tag * length */ srtp_err_status_t srtp_ekt_tag_verification_preproces(uint8_t *pkt_tag, uint8_t *pkt_tag_copy, unsigned tag_len); srtp_err_status_t srtp_ekt_tag_verification_postproces(uint8_t *pkt_tag, uint8_t *pkt_tag_copy, unsigned tag_len); /* * @brief EKT pre-processing for srtcp tag generation * * This function does the pre-processing of the SRTCP authentication * tag format. When EKT is used, it consists of writing the Encrypted * Master Key, the SRTP ROC, the Initial Sequence Number, and SPI * fields. The Base Authentication Tag field is set to the all-zero * value * * When EKT is not used, this function is a no-op. * */ srtp_err_status_t srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_stream_t *s, uint8_t *pkt_tag, unsigned pkt_octet_len); /* it's not clear that a tag_generation_postprocess function is needed */ srtp_err_status_t srtcp_auth_tag_generation_postprocess(void); #ifdef __cplusplus } #endif #endif /* SRTP_EKT_H */ ������������������������������������������������������������������������������������������������������libsrtp-2.1.0/include/getopt_s.h��������������������������������������������������������������������0000664�0000000�0000000�00000004275�13120311000�0016576�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * getopt.h * * interface to a minimal implementation of the getopt() function, * written so that test applications that use that function can run on * non-POSIX platforms * */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef GETOPT_S_H #define GETOPT_S_H #ifdef __cplusplus extern "C" { #endif /* * getopt_s(), optarg_s, and optind_s are small, locally defined * versions of the POSIX standard getopt() interface. */ int getopt_s(int argc, char * const argv[], const char *optstring); extern char *optarg_s; /* defined in getopt.c */ extern int optind_s; /* defined in getopt.c */ #ifdef __cplusplus } #endif #endif /* GETOPT_S_H */ �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/include/srtp.h������������������������������������������������������������������������0000664�0000000�0000000�00000207001�13120311000�0015732�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * srtp.h * * interface to libsrtp * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef SRTP_SRTP_H #define SRTP_SRTP_H #include <stdint.h> #ifdef __cplusplus extern "C" { #endif /** * @defgroup SRTP Secure RTP * * @brief libSRTP provides functions for protecting RTP and RTCP. See * Section @ref Overview for an introduction to the use of the library. * * @{ */ /* * SRTP_MASTER_KEY_LEN is the nominal master key length supported by libSRTP */ #define SRTP_MASTER_KEY_LEN 30 /* * SRTP_MAX_KEY_LEN is the maximum key length supported by libSRTP */ #define SRTP_MAX_KEY_LEN 64 /* * SRTP_MAX_TAG_LEN is the maximum tag length supported by libSRTP */ #define SRTP_MAX_TAG_LEN 16 /** * SRTP_MAX_MKI_LEN is the maximum size the MKI could be which is * 128 bytes */ #define SRTP_MAX_MKI_LEN 128 /** * SRTP_MAX_TRAILER_LEN is the maximum length of the SRTP trailer * (authentication tag and MKI) supported by libSRTP. This value is * the maixmum number of octets that will be added to an RTP packet by * srtp_protect(). * * @brief the maximum number of octets added by srtp_protect(). */ #define SRTP_MAX_TRAILER_LEN (SRTP_MAX_TAG_LEN + SRTP_MAX_MKI_LEN) /** * SRTP_MAX_NUM_MASTER_KEYS is the maximum number of Master keys for * MKI supported by libSRTP. * */ #define SRTP_MAX_NUM_MASTER_KEYS 16 #define SRTP_SALT_LEN 14 /* * SRTP_AEAD_SALT_LEN is the length of the SALT values used with * GCM mode. GCM mode requires an IV. The SALT value is used * as part of the IV formation logic applied to each RTP packet. */ #define SRTP_AEAD_SALT_LEN 12 #define SRTP_AES_128_KEY_LEN 16 #define SRTP_AES_192_KEY_LEN 24 #define SRTP_AES_256_KEY_LEN 32 #define SRTP_AES_ICM_128_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_128_KEY_LEN) #define SRTP_AES_ICM_192_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_192_KEY_LEN) #define SRTP_AES_ICM_256_KEY_LEN_WSALT (SRTP_SALT_LEN + SRTP_AES_256_KEY_LEN) #define SRTP_AES_GCM_128_KEY_LEN_WSALT (SRTP_AEAD_SALT_LEN + SRTP_AES_128_KEY_LEN) #define SRTP_AES_GCM_192_KEY_LEN_WSALT (SRTP_AEAD_SALT_LEN + SRTP_AES_192_KEY_LEN) #define SRTP_AES_GCM_256_KEY_LEN_WSALT (SRTP_AEAD_SALT_LEN + SRTP_AES_256_KEY_LEN) /** * @brief A srtp_cipher_type_id_t is an identifier for a particular cipher * type. * * A srtp_cipher_type_id_t is an integer that represents a particular * cipher type, e.g. the Advanced Encryption Standard (AES). A * SRTP_NULL_CIPHER is avaliable; this cipher leaves the data unchanged, * and can be selected to indicate that no encryption is to take * place. * * @ingroup Ciphers */ typedef uint32_t srtp_cipher_type_id_t; /** * @brief An srtp_auth_type_id_t is an identifier for a particular authentication * function. * * An srtp_auth_type_id_t is an integer that represents a particular * authentication function type, e.g. HMAC-SHA1. A SRTP_NULL_AUTH is * avaliable; this authentication function performs no computation, * and can be selected to indicate that no authentication is to take * place. * * @ingroup Authentication */ typedef uint32_t srtp_auth_type_id_t; /** * @brief srtp_err_status_t defines error codes. * * The enumeration srtp_err_status_t defines error codes. Note that the * value of srtp_err_status_ok is equal to zero, which can simplify error * checking somewhat. * */ typedef enum { srtp_err_status_ok = 0, /**< nothing to report */ srtp_err_status_fail = 1, /**< unspecified failure */ srtp_err_status_bad_param = 2, /**< unsupported parameter */ srtp_err_status_alloc_fail = 3, /**< couldn't allocate memory */ srtp_err_status_dealloc_fail = 4, /**< couldn't deallocate properly */ srtp_err_status_init_fail = 5, /**< couldn't initialize */ srtp_err_status_terminus = 6, /**< can't process as much data as requested */ srtp_err_status_auth_fail = 7, /**< authentication failure */ srtp_err_status_cipher_fail = 8, /**< cipher failure */ srtp_err_status_replay_fail = 9, /**< replay check failed (bad index) */ srtp_err_status_replay_old = 10, /**< replay check failed (index too old) */ srtp_err_status_algo_fail = 11, /**< algorithm failed test routine */ srtp_err_status_no_such_op = 12, /**< unsupported operation */ srtp_err_status_no_ctx = 13, /**< no appropriate context found */ srtp_err_status_cant_check = 14, /**< unable to perform desired validation */ srtp_err_status_key_expired = 15, /**< can't use key any more */ srtp_err_status_socket_err = 16, /**< error in use of socket */ srtp_err_status_signal_err = 17, /**< error in use POSIX signals */ srtp_err_status_nonce_bad = 18, /**< nonce check failed */ srtp_err_status_read_fail = 19, /**< couldn't read data */ srtp_err_status_write_fail = 20, /**< couldn't write data */ srtp_err_status_parse_err = 21, /**< error parsing data */ srtp_err_status_encode_err = 22, /**< error encoding data */ srtp_err_status_semaphore_err = 23,/**< error while using semaphores */ srtp_err_status_pfkey_err = 24, /**< error while using pfkey */ srtp_err_status_bad_mki = 25, /**< error MKI present in packet is invalid */ srtp_err_status_pkt_idx_old = 26, /**< packet index is too old to consider */ srtp_err_status_pkt_idx_adv = 27 /**< packet index advanced, reset needed */ } srtp_err_status_t; typedef struct srtp_ctx_t_ srtp_ctx_t; /** * @brief srtp_sec_serv_t describes a set of security services. * * A srtp_sec_serv_t enumeration is used to describe the particular * security services that will be applied by a particular crypto * policy (or other mechanism). */ typedef enum { sec_serv_none = 0, /**< no services */ sec_serv_conf = 1, /**< confidentiality */ sec_serv_auth = 2, /**< authentication */ sec_serv_conf_and_auth = 3 /**< confidentiality and authentication */ } srtp_sec_serv_t; /** * @brief srtp_crypto_policy_t describes a particular crypto policy that * can be applied to an SRTP stream. * * A srtp_crypto_policy_t describes a particular cryptographic policy that * can be applied to an SRTP or SRTCP stream. An SRTP session policy * consists of a list of these policies, one for each SRTP stream * in the session. */ typedef struct srtp_crypto_policy_t { srtp_cipher_type_id_t cipher_type; /**< An integer representing * the type of cipher. */ int cipher_key_len; /**< The length of the cipher key * in octets. */ srtp_auth_type_id_t auth_type; /**< An integer representing the * authentication function. */ int auth_key_len; /**< The length of the authentication * function key in octets. */ int auth_tag_len; /**< The length of the authentication * tag in octets. */ srtp_sec_serv_t sec_serv; /**< The flag indicating the security * services to be applied. */ } srtp_crypto_policy_t; /** * @brief srtp_ssrc_type_t describes the type of an SSRC. * * An srtp_ssrc_type_t enumeration is used to indicate a type of SSRC. See * @ref srtp_policy_t for more informataion. */ typedef enum { ssrc_undefined = 0, /**< Indicates an undefined SSRC type. */ ssrc_specific = 1, /**< Indicates a specific SSRC value */ ssrc_any_inbound = 2, /**< Indicates any inbound SSRC value (i.e. a value that is used in the function srtp_unprotect()) */ ssrc_any_outbound = 3 /**< Indicates any outbound SSRC value (i.e. a value that is used in the function srtp_protect()) */ } srtp_ssrc_type_t; /** * @brief An srtp_ssrc_t represents a particular SSRC value, or a `wildcard' SSRC. * * An srtp_ssrc_t represents a particular SSRC value (if its type is * ssrc_specific), or a wildcard SSRC value that will match all * outbound SSRCs (if its type is ssrc_any_outbound) or all inbound * SSRCs (if its type is ssrc_any_inbound). * */ typedef struct { srtp_ssrc_type_t type; /**< The type of this particular SSRC */ unsigned int value; /**< The value of this SSRC, if it is not a wildcard */ } srtp_ssrc_t; /** * @brief points to an EKT policy */ typedef struct srtp_ekt_policy_ctx_t *srtp_ekt_policy_t; /** * @brief points to EKT stream data */ typedef struct srtp_ekt_stream_ctx_t *srtp_ekt_stream_t; /** * @brief srtp_master_key_t represents a master key. There will * be a Master Key Index and the Master Key associated with the * Master Key Index. Need to also keep track of the Master Key * Index Size to correctly read it from a packet. */ typedef struct srtp_master_key_t { unsigned char *key; unsigned char *mki_id; unsigned int mki_size; } srtp_master_key_t; /** * @brief represents the policy for an SRTP session. * * A single srtp_policy_t struct represents the policy for a single * SRTP stream, and a linked list of these elements represents the * policy for an entire SRTP session. Each element contains the SRTP * and SRTCP crypto policies for that stream, a pointer to the SRTP * master key for that stream, the SSRC describing that stream, or a * flag indicating a `wildcard' SSRC value, and a `next' field that * holds a pointer to the next element in the list of policy elements, * or NULL if it is the last element. * * The wildcard value SSRC_ANY_INBOUND matches any SSRC from an * inbound stream that for which there is no explicit SSRC entry in * another policy element. Similarly, the value SSRC_ANY_OUTBOUND * will matches any SSRC from an outbound stream that does not appear * in another policy element. Note that wildcard SSRCs &b cannot be * used to match both inbound and outbound traffic. This restriction * is intentional, and it allows libSRTP to ensure that no security * lapses result from accidental re-use of SSRC values during key * sharing. * * * @warning The final element of the list @b must have its `next' pointer * set to NULL. */ typedef struct srtp_policy_t { srtp_ssrc_t ssrc; /**< The SSRC value of stream, or the * flags SSRC_ANY_INBOUND or * SSRC_ANY_OUTBOUND if key sharing * is used for this policy element. */ srtp_crypto_policy_t rtp; /**< SRTP crypto policy. */ srtp_crypto_policy_t rtcp; /**< SRTCP crypto policy. */ unsigned char *key; /**< Pointer to the SRTP master key for * this stream. */ srtp_master_key_t **keys; /** Array of Master Key structures */ unsigned long num_master_keys; /** Number of master keys */ srtp_ekt_policy_t ekt; /**< Pointer to the EKT policy structure * for this stream (if any) */ unsigned long window_size; /**< The window size to use for replay * protection. */ int allow_repeat_tx; /**< Whether retransmissions of * packets with the same sequence number * are allowed. (Note that such repeated * transmissions must have the same RTP * payload, or a severe security weakness * is introduced!) */ int *enc_xtn_hdr; /**< List of header ids to encrypt. */ int enc_xtn_hdr_count; /**< Number of entries in list of header ids. */ struct srtp_policy_t *next; /**< Pointer to next stream policy. */ } srtp_policy_t; /** * @brief An srtp_t points to an SRTP session structure. * * The typedef srtp_t is a pointer to a structure that represents * an SRTP session. This datatype is intentially opaque in * order to separate the interface from the implementation. * * An SRTP session consists of all of the traffic sent to the RTP and * RTCP destination transport addresses, using the RTP/SAVP (Secure * Audio/Video Profile). A session can be viewed as a set of SRTP * streams, each of which originates with a different participant. */ typedef srtp_ctx_t *srtp_t; /** * @brief srtp_init() initializes the srtp library. * * @warning This function @b must be called before any other srtp * functions. */ srtp_err_status_t srtp_init(void); /** * @brief srtp_shutdown() de-initializes the srtp library. * * @warning No srtp functions may be called after calling this function. */ srtp_err_status_t srtp_shutdown(void); /** * @brief srtp_protect() is the Secure RTP sender-side packet processing * function. * * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP * protection to the RTP packet rtp_hdr (which has length *len_ptr) using * the SRTP context ctx. If srtp_err_status_ok is returned, then rtp_hdr * points to the resulting SRTP packet and *len_ptr is the number of * octets in that packet; otherwise, no assumptions should be made * about the value of either data elements. * * The sequence numbers of the RTP packets presented to this function * need not be consecutive, but they @b must be out of order by less * than 2^15 = 32,768 packets. * * @warning This function assumes that it can write the authentication * tag into the location in memory immediately following the RTP * packet, and assumes that the RTP packet is aligned on a 32-bit * boundary. * * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN * into the location in memory immediately following the RTP packet. * Callers MUST ensure that this much writable memory is available in * the buffer that holds the RTP packet. * * @param ctx is the SRTP context to use in processing the packet. * * @param rtp_hdr is a pointer to the RTP packet (before the call); after * the function returns, it points to the srtp packet. * * @param len_ptr is a pointer to the length in octets of the complete * RTP packet (header and body) before the function call, and of the * complete SRTP packet after the call, if srtp_err_status_ok was returned. * Otherwise, the value of the data to which it points is undefined. * * @return * - srtp_err_status_ok no problems * - srtp_err_status_replay_fail rtp sequence number was non-increasing * - @e other failure in cryptographic mechanisms */ srtp_err_status_t srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr); /** * @brief srtp_protect_mki() is the Secure RTP sender-side packet processing * function that can utilize MKI. * * The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP * protection to the RTP packet rtp_hdr (which has length *len_ptr) using * the SRTP context ctx. If srtp_err_status_ok is returned, then rtp_hdr * points to the resulting SRTP packet and *len_ptr is the number of * octets in that packet; otherwise, no assumptions should be made * about the value of either data elements. * * The sequence numbers of the RTP packets presented to this function * need not be consecutive, but they @b must be out of order by less * than 2^15 = 32,768 packets. * * @warning This function assumes that it can write the authentication * tag into the location in memory immediately following the RTP * packet, and assumes that the RTP packet is aligned on a 32-bit * boundary. * * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN * into the location in memory immediately following the RTP packet. * Callers MUST ensure that this much writable memory is available in * the buffer that holds the RTP packet. * * @param ctx is the SRTP context to use in processing the packet. * * @param rtp_hdr is a pointer to the RTP packet (before the call); after * the function returns, it points to the srtp packet. * * @param pkt_octet_len is a pointer to the length in octets of the complete * RTP packet (header and body) before the function call, and of the * complete SRTP packet after the call, if srtp_err_status_ok was returned. * Otherwise, the value of the data to which it points is undefined. * * @param use_mki is a boolean to tell the system if mki is being used. If * set to false then will use the first set of session keys. If set to true will * use the session keys identified by the mki_index * * @param mki_index integer value specifying which set of session keys should be * used if use_mki is set to true. * * @return * - srtp_err_status_ok no problems * - srtp_err_status_replay_fail rtp sequence number was non-increasing * - @e other failure in cryptographic mechanisms */ srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len, unsigned int use_mki, unsigned int mki_index); /** * @brief srtp_unprotect() is the Secure RTP receiver-side packet * processing function. * * The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr * (which has length *len_ptr), using the SRTP context ctx. If * srtp_err_status_ok is returned, then srtp_hdr points to the resulting * RTP packet and *len_ptr is the number of octets in that packet; * otherwise, no assumptions should be made about the value of either * data elements. * * The sequence numbers of the RTP packets presented to this function * need not be consecutive, but they @b must be out of order by less * than 2^15 = 32,768 packets. * * @warning This function assumes that the SRTP packet is aligned on a * 32-bit boundary. * * @param ctx is the SRTP session which applies to the particular packet. * * @param srtp_hdr is a pointer to the header of the SRTP packet * (before the call). after the function returns, it points to the * rtp packet if srtp_err_status_ok was returned; otherwise, the value of * the data to which it points is undefined. * * @param len_ptr is a pointer to the length in octets of the complete * srtp packet (header and body) before the function call, and of the * complete rtp packet after the call, if srtp_err_status_ok was returned. * Otherwise, the value of the data to which it points is undefined. * * @return * - srtp_err_status_ok if the RTP packet is valid. * - srtp_err_status_auth_fail if the SRTP packet failed the message * authentication check. * - srtp_err_status_replay_fail if the SRTP packet is a replay (e.g. packet has * already been processed and accepted). * - [other] if there has been an error in the cryptographic mechanisms. * */ srtp_err_status_t srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr); /** * @brief srtp_unprotect_mki() is the Secure RTP receiver-side packet * processing function that checks for MKI. * * The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies * the Secure RTP protection of the SRTP packet pointed to by srtp_hdr * (which has length *len_ptr), using the SRTP context ctx. If * srtp_err_status_ok is returned, then srtp_hdr points to the resulting * RTP packet and *len_ptr is the number of octets in that packet; * otherwise, no assumptions should be made about the value of either * data elements. * * The sequence numbers of the RTP packets presented to this function * need not be consecutive, but they @b must be out of order by less * than 2^15 = 32,768 packets. * * @warning This function assumes that the SRTP packet is aligned on a * 32-bit boundary. * * @param ctx is the SRTP session which applies to the particular packet. * * @param srtp_hdr is a pointer to the header of the SRTP packet * (before the call). after the function returns, it points to the * rtp packet if srtp_err_status_ok was returned; otherwise, the value of * the data to which it points is undefined. * * @param len_ptr is a pointer to the length in octets of the complete * srtp packet (header and body) before the function call, and of the * complete rtp packet after the call, if srtp_err_status_ok was returned. * Otherwise, the value of the data to which it points is undefined. * * @param use_mki is a boolean to tell the system if mki is being used. If * set to false then will use the first set of session keys. If set to true will * use the session keys identified by the mki_index * * @return * - srtp_err_status_ok if the RTP packet is valid. * - srtp_err_status_auth_fail if the SRTP packet failed the message * authentication check. * - srtp_err_status_replay_fail if the SRTP packet is a replay (e.g. packet has * already been processed and accepted). * - srtp_err_status_bad_mki if the MKI in the packet is not a known MKI id * - [other] if there has been an error in the cryptographic mechanisms. * */ srtp_err_status_t srtp_unprotect_mki(srtp_t ctx, void *srtp_hdr, int *len_ptr, unsigned int use_mki); /** * @brief srtp_create() allocates and initializes an SRTP session. * The function call srtp_create(session, policy) allocates and * initializes an SRTP session context, applying the given policy. * * @param session is a pointer to the SRTP session to which the policy is * to be added. * * @param policy is the srtp_policy_t struct that describes the policy * for the session. The struct may be a single element, or it may be * the head of a list, in which case each element of the list is * processed. It may also be NULL, in which case streams should be added * later using srtp_add_stream(). The final element of the list @b must * have its `next' field set to NULL. * * @return * - srtp_err_status_ok if creation succeded. * - srtp_err_status_alloc_fail if allocation failed. * - srtp_err_status_init_fail if initialization failed. */ srtp_err_status_t srtp_create(srtp_t *session, const srtp_policy_t *policy); /** * @brief srtp_add_stream() allocates and initializes an SRTP stream * within a given SRTP session. * * The function call srtp_add_stream(session, policy) allocates and * initializes a new SRTP stream within a given, previously created * session, applying the policy given as the other argument to that * stream. * * @return values: * - srtp_err_status_ok if stream creation succeded. * - srtp_err_status_alloc_fail if stream allocation failed * - srtp_err_status_init_fail if stream initialization failed. */ srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy); /** * @brief srtp_remove_stream() deallocates an SRTP stream. * * The function call srtp_remove_stream(session, ssrc) removes * the SRTP stream with the SSRC value ssrc from the SRTP session * context given by the argument session. * * @param session is the SRTP session from which the stream * will be removed. * * @param ssrc is the SSRC value of the stream to be removed * in network byte order. * * @warning Wildcard SSRC values cannot be removed from a * session. * * @return * - srtp_err_status_ok if the stream deallocation succeded. * - [other] otherwise. * */ srtp_err_status_t srtp_remove_stream(srtp_t session, unsigned int ssrc); /** * @brief srtp_update() udpates all streams in the session. * * The function call srtp_update(session, policy) updates * all the streams in the session applying the given policy * and key. The exsisting ROC value of all streams will be * preserved. * * @param session is the SRTP session that contains the streams * to be updated. * * @param policy is the srtp_policy_t struct that describes the policy * for the session. The struct may be a single element, or it may be * the head of a list, in which case each element of the list is * processed. The final element of the list @b must * have its `next' field set to NULL. * * @return * - srtp_err_status_ok if stream creation succeded. * - srtp_err_status_alloc_fail if stream allocation failed * - srtp_err_status_init_fail if stream initialization failed. * - [other] otherwise. * */ srtp_err_status_t srtp_update(srtp_t session, const srtp_policy_t *policy); /** * @brief srtp_update_stream() udpates a SRTP stream. * * The function call srtp_update_stream(session, policy) updates * the stream(s) in the session that match applying the given * policy and key. The exsisting ROC value of all stream(s) will * be preserved. * * @param session is the SRTP session that contains the streams * to be updated. * * @param policy is the srtp_policy_t struct that describes the policy * for the session. * * @return * - srtp_err_status_ok if stream creation succeded. * - srtp_err_status_alloc_fail if stream allocation failed * - srtp_err_status_init_fail if stream initialization failed. * - [other] otherwise. * */ srtp_err_status_t srtp_update_stream(srtp_t session, const srtp_policy_t *policy); /** * @brief srtp_crypto_policy_set_rtp_default() sets a crypto policy * structure to the SRTP default policy for RTP protection. * * @param p is a pointer to the policy structure to be set * * The function call crypto_policy_set_rtp_default(&p) sets the * crypto_policy_t at location p to the SRTP default policy for RTP * protection, as defined in the specification. This function is a * convenience that helps to avoid dealing directly with the policy * data structure. You are encouraged to initialize policy elements * with this function call. Doing so may allow your code to be * forward compatible with later versions of libSRTP that include more * elements in the crypto_policy_t datatype. * * @return void. * */ void srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_rtcp_default() sets a crypto policy * structure to the SRTP default policy for RTCP protection. * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_rtcp_default(&p) sets the * srtp_crypto_policy_t at location p to the SRTP default policy for RTCP * protection, as defined in the specification. This function is a * convenience that helps to avoid dealing directly with the policy * data structure. You are encouraged to initialize policy elements * with this function call. Doing so may allow your code to be * forward compatible with later versions of libSRTP that include more * elements in the srtp_crypto_policy_t datatype. * * @return void. * */ void srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto * policy structure to the SRTP default policy for RTP protection. * * @param p is a pointer to the policy structure to be set * * The function srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80() is a * synonym for srtp_crypto_policy_set_rtp_default(). It conforms to the * naming convention used in RFC 4568 (SDP Security Descriptions for * Media Streams). * * @return void. * */ #define srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(p) srtp_crypto_policy_set_rtp_default(p) /** * @brief srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto * policy structure to a short-authentication tag policy * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&p) * sets the srtp_crypto_policy_t at location p to use policy * AES_CM_128_HMAC_SHA1_32 as defined in RFC 4568. * This policy uses AES-128 * Counter Mode encryption and HMAC-SHA1 authentication, with an * authentication tag that is only 32 bits long. This length is * considered adequate only for protecting audio and video media that * use a stateless playback function. See Section 7.5 of RFC 3711 * (http://www.ietf.org/rfc/rfc3711.txt). * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the srtp_crypto_policy_t datatype. * * @warning This crypto policy is intended for use in SRTP, but not in * SRTCP. It is recommended that a policy that uses longer * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711 * (http://www.ietf.org/rfc/rfc3711.txt). * * @return void. * */ void srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_aes_cm_128_null_auth() sets a crypto * policy structure to an encryption-only policy * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_cm_128_null_auth(&p) sets * the srtp_crypto_policy_t at location p to use the SRTP default cipher * (AES-128 Counter Mode), but to use no authentication method. This * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the srtp_crypto_policy_t datatype. * * @warning This policy is NOT RECOMMENDED for SRTP unless it is * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). * * @return void. * */ void srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto * policy structure to an authentication-only policy * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&p) * sets the srtp_crypto_policy_t at location p to use HMAC-SHA1 with an 80 * bit authentication tag to provide message authentication, but to * use no encryption. This policy is NOT RECOMMENDED for SRTP unless * there is a requirement to forego encryption. * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the srtp_crypto_policy_t datatype. * * @warning This policy is NOT RECOMMENDED for SRTP unless there is a * requirement to forego encryption. * * @return void. * */ void srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_null_cipher_hmac_null() sets a crypto * policy structure to use no encryption or authentication. * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_null_cipher_hmac_null(&p) * sets the srtp_crypto_policy_t at location p to use no encryption and * no authentication. This policy should only be used for testing and * troubleshootingl. * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the srtp_crypto_policy_t datatype. * * @warning This policy is NOT RECOMMENDED for SRTP unless there is a * requirement to forego encryption and authentication. * * @return void. * */ void srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto * policy structure to a encryption and authentication policy using AES-256 * for RTP protection. * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&p) * sets the srtp_crypto_policy_t at location p to use policy * AES_CM_256_HMAC_SHA1_80 as defined in RFC 6188. This policy uses AES-256 * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit * authentication tag. * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the srtp_crypto_policy_t datatype. * * @return void. * */ void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto * policy structure to a short-authentication tag policy using AES-256 * encryption. * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(&p) * sets the srtp_crypto_policy_t at location p to use policy * AES_CM_256_HMAC_SHA1_32 as defined in RFC 6188. This policy uses AES-256 * Counter Mode encryption and HMAC-SHA1 authentication, with an * authentication tag that is only 32 bits long. This length is * considered adequate only for protecting audio and video media that * use a stateless playback function. See Section 7.5 of RFC 3711 * (http://www.ietf.org/rfc/rfc3711.txt). * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the srtp_crypto_policy_t datatype. * * @warning This crypto policy is intended for use in SRTP, but not in * SRTCP. It is recommended that a policy that uses longer * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711 * (http://www.ietf.org/rfc/rfc3711.txt). * * @return void. * */ void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_aes_cm_256_null_auth() sets a crypto * policy structure to an encryption-only policy * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_cm_256_null_auth(&p) sets * the srtp_crypto_policy_t at location p to use the SRTP default cipher * (AES-256 Counter Mode), but to use no authentication method. This * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the srtp_crypto_policy_t datatype. * * @warning This policy is NOT RECOMMENDED for SRTP unless it is * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). * * @return void. * */ void srtp_crypto_policy_set_aes_cm_256_null_auth(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80() sets a crypto * policy structure to a encryption and authentication policy using AES-192 * for RTP protection. * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(&p) * sets the crypto_policy_t at location p to use policy * AES_CM_192_HMAC_SHA1_80 as defined in RFC 6188. This policy uses AES-192 * Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit * authentication tag. * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the crypto_policy_t datatype. * * @return void. * */ void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32() sets a crypto * policy structure to a short-authentication tag policy using AES-192 * encryption. * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(&p) * sets the crypto_policy_t at location p to use policy * AES_CM_192_HMAC_SHA1_32 as defined in RFC 6188. This policy uses AES-192 * Counter Mode encryption and HMAC-SHA1 authentication, with an * authentication tag that is only 32 bits long. This length is * considered adequate only for protecting audio and video media that * use a stateless playback function. See Section 7.5 of RFC 3711 * (http://www.ietf.org/rfc/rfc3711.txt). * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the crypto_policy_t datatype. * * @warning This crypto policy is intended for use in SRTP, but not in * SRTCP. It is recommended that a policy that uses longer * authentication tags be used for SRTCP. See Section 7.5 of RFC 3711 * (http://www.ietf.org/rfc/rfc3711.txt). * * @return void. * */ void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_aes_cm_192_null_auth() sets a crypto * policy structure to an encryption-only policy * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_cm_192_null_auth(&p) sets * the crypto_policy_t at location p to use the SRTP default cipher * (AES-192 Counter Mode), but to use no authentication method. This * policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5 * of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the crypto_policy_t datatype. * * @warning This policy is NOT RECOMMENDED for SRTP unless it is * unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see * Section 7.5 of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt). * * @return void. * */ void srtp_crypto_policy_set_aes_cm_192_null_auth(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_aes_gcm_128_8_auth() sets a crypto * policy structure to an AEAD encryption policy. * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_gcm_128_8_auth(&p) sets * the srtp_crypto_policy_t at location p to use the SRTP default cipher * (AES-128 Galois Counter Mode) with 8 octet auth tag. This * policy applies confidentiality and authentication to both the * RTP and RTCP packets. * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the srtp_crypto_policy_t datatype. * * @return void. * */ void srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_aes_gcm_256_8_auth() sets a crypto * policy structure to an AEAD encryption policy * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_gcm_256_8_auth(&p) sets * the srtp_crypto_policy_t at location p to use the SRTP default cipher * (AES-256 Galois Counter Mode) with 8 octet auth tag. This * policy applies confidentiality and authentication to both the * RTP and RTCP packets. * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the srtp_crypto_policy_t datatype. * * @return void. * */ void srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_aes_gcm_128_8_only_auth() sets a crypto * policy structure to an AEAD authentication-only policy * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&p) sets * the srtp_crypto_policy_t at location p to use the SRTP default cipher * (AES-128 Galois Counter Mode) with 8 octet auth tag. This policy * applies confidentiality and authentication to the RTP packets, * but only authentication to the RTCP packets. * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the srtp_crypto_policy_t datatype. * * @return void. * */ void srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_aes_gcm_256_8_only_auth() sets a crypto * policy structure to an AEAD authentication-only policy * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&p) sets * the srtp_crypto_policy_t at location p to use the SRTP default cipher * (AES-256 Galois Counter Mode) with 8 octet auth tag. This policy * applies confidentiality and authentication to the RTP packets, * but only authentication to the RTCP packets. * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the srtp_crypto_policy_t datatype. * * @return void. * */ void srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_aes_gcm_128_16_auth() sets a crypto * policy structure to an AEAD encryption policy. * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_gcm_128_16_auth(&p) sets * the srtp_crypto_policy_t at location p to use the SRTP default cipher * (AES-128 Galois Counter Mode) with 16 octet auth tag. This * policy applies confidentiality and authentication to both the * RTP and RTCP packets. * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the srtp_crypto_policy_t datatype. * * @return void. * */ void srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p); /** * @brief srtp_crypto_policy_set_aes_gcm_256_16_auth() sets a crypto * policy structure to an AEAD encryption policy * * @param p is a pointer to the policy structure to be set * * The function call srtp_crypto_policy_set_aes_gcm_256_16_auth(&p) sets * the srtp_crypto_policy_t at location p to use the SRTP default cipher * (AES-256 Galois Counter Mode) with 16 octet auth tag. This * policy applies confidentiality and authentication to both the * RTP and RTCP packets. * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the srtp_crypto_policy_t datatype. * * @return void. * */ void srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p); /** * @brief srtp_dealloc() deallocates storage for an SRTP session * context. * * The function call srtp_dealloc(s) deallocates storage for the * SRTP session context s. This function should be called no more * than one time for each of the contexts allocated by the function * srtp_create(). * * @param s is the srtp_t for the session to be deallocated. * * @return * - srtp_err_status_ok if there no problems. * - srtp_err_status_dealloc_fail a memory deallocation failure occured. */ srtp_err_status_t srtp_dealloc(srtp_t s); /* * @brief identifies a particular SRTP profile * * An srtp_profile_t enumeration is used to identify a particular SRTP * profile (that is, a set of algorithms and parameters). These profiles * are defined for DTLS-SRTP: * https://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml */ typedef enum { srtp_profile_reserved = 0, srtp_profile_aes128_cm_sha1_80 = 1, srtp_profile_aes128_cm_sha1_32 = 2, srtp_profile_null_sha1_80 = 5, srtp_profile_null_sha1_32 = 6, srtp_profile_aead_aes_128_gcm = 7, srtp_profile_aead_aes_256_gcm = 8, } srtp_profile_t; /** * @brief srtp_crypto_policy_set_from_profile_for_rtp() sets a crypto policy * structure to the appropriate value for RTP based on an srtp_profile_t * * @param policy is a pointer to the policy structure to be set * * @param profile is an enumeration for the policy to be set * * The function call srtp_crypto_policy_set_rtp_default(&policy, profile) * sets the srtp_crypto_policy_t at location policy to the policy for RTP * protection, as defined by the srtp_profile_t profile. * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the srtp_crypto_policy_t datatype. * * @return values * - srtp_err_status_ok no problems were encountered * - srtp_err_status_bad_param the profile is not supported * */ srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtp(srtp_crypto_policy_t *policy, srtp_profile_t profile); /** * @brief srtp_crypto_policy_set_from_profile_for_rtcp() sets a crypto policy * structure to the appropriate value for RTCP based on an srtp_profile_t * * @param policy is a pointer to the policy structure to be set * * @param profile is an enumeration for the policy to be set * * The function call srtp_crypto_policy_set_rtcp_default(&policy, profile) * sets the srtp_crypto_policy_t at location policy to the policy for RTCP * protection, as defined by the srtp_profile_t profile. * * This function is a convenience that helps to avoid dealing directly * with the policy data structure. You are encouraged to initialize * policy elements with this function call. Doing so may allow your * code to be forward compatible with later versions of libSRTP that * include more elements in the srtp_crypto_policy_t datatype. * * @return values * - srtp_err_status_ok no problems were encountered * - srtp_err_status_bad_param the profile is not supported * */ srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtcp(srtp_crypto_policy_t *policy, srtp_profile_t profile); /** * @brief returns the master key length for a given SRTP profile */ unsigned int srtp_profile_get_master_key_length(srtp_profile_t profile); /** * @brief returns the master salt length for a given SRTP profile */ unsigned int srtp_profile_get_master_salt_length(srtp_profile_t profile); /** * @brief appends the salt to the key * * The function call srtp_append_salt_to_key(k, klen, s, slen) * copies the string s to the location at klen bytes following * the location k. * * @warning There must be at least bytes_in_salt + bytes_in_key bytes * available at the location pointed to by key. * */ void srtp_append_salt_to_key(unsigned char *key, unsigned int bytes_in_key, unsigned char *salt, unsigned int bytes_in_salt); /** * @} */ /** * @defgroup SRTCP Secure RTCP * @ingroup SRTP * * @brief Secure RTCP functions are used to protect RTCP traffic. * * RTCP is the control protocol for RTP. libSRTP protects RTCP * traffic in much the same way as it does RTP traffic. The function * srtp_protect_rtcp() applies cryptographic protections to outbound * RTCP packets, and srtp_unprotect_rtcp() verifies the protections on * inbound RTCP packets. * * A note on the naming convention: srtp_protect_rtcp() has an srtp_t * as its first argument, and thus has `srtp_' as its prefix. The * trailing `_rtcp' indicates the protocol on which it acts. * * @{ */ /** * @brief srtp_protect_rtcp() is the Secure RTCP sender-side packet * processing function. * * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies * SRTCP protection to the RTCP packet rtcp_hdr (which has length * *len_ptr) using the SRTP session context ctx. If srtp_err_status_ok is * returned, then rtp_hdr points to the resulting SRTCP packet and * *len_ptr is the number of octets in that packet; otherwise, no * assumptions should be made about the value of either data elements. * * @warning This function assumes that it can write the authentication * tag into the location in memory immediately following the RTCP * packet, and assumes that the RTCP packet is aligned on a 32-bit * boundary. * * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN+4 * into the location in memory immediately following the RTCP packet. * Callers MUST ensure that this much writable memory is available in * the buffer that holds the RTCP packet. * * @param ctx is the SRTP context to use in processing the packet. * * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after * the function returns, it points to the srtp packet. * * @param pkt_octet_len is a pointer to the length in octets of the * complete RTCP packet (header and body) before the function call, * and of the complete SRTCP packet after the call, if srtp_err_status_ok * was returned. Otherwise, the value of the data to which it points * is undefined. * * @return * - srtp_err_status_ok if there were no problems. * - [other] if there was a failure in * the cryptographic mechanisms. */ srtp_err_status_t srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len); /** * @brief srtp_protect_rtcp_mki() is the Secure RTCP sender-side packet * processing function that can utilize mki. * * The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies * SRTCP protection to the RTCP packet rtcp_hdr (which has length * *len_ptr) using the SRTP session context ctx. If srtp_err_status_ok is * returned, then rtp_hdr points to the resulting SRTCP packet and * *len_ptr is the number of octets in that packet; otherwise, no * assumptions should be made about the value of either data elements. * * @warning This function assumes that it can write the authentication * tag into the location in memory immediately following the RTCP * packet, and assumes that the RTCP packet is aligned on a 32-bit * boundary. * * @warning This function assumes that it can write SRTP_MAX_TRAILER_LEN+4 * into the location in memory immediately following the RTCP packet. * Callers MUST ensure that this much writable memory is available in * the buffer that holds the RTCP packet. * * @param ctx is the SRTP context to use in processing the packet. * * @param rtcp_hdr is a pointer to the RTCP packet (before the call); after * the function returns, it points to the srtp packet. * * @param pkt_octet_len is a pointer to the length in octets of the * complete RTCP packet (header and body) before the function call, * and of the complete SRTCP packet after the call, if srtp_err_status_ok * was returned. Otherwise, the value of the data to which it points * is undefined. * * @param use_mki is a boolean to tell the system if mki is being used. If * set to false then will use the first set of session keys. If set to true will * use the session keys identified by the mki_index * * @param mki_index integer value specifying which set of session kesy should be * used if use_mki is set to true. * * @return * - srtp_err_status_ok if there were no problems. * - [other] if there was a failure in * the cryptographic mechanisms. */ srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len, unsigned int use_mki, unsigned int mki_index); /** * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet * processing function. * * The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr) * verifies the Secure RTCP protection of the SRTCP packet pointed to * by srtcp_hdr (which has length *len_ptr), using the SRTP session * context ctx. If srtp_err_status_ok is returned, then srtcp_hdr points * to the resulting RTCP packet and *len_ptr is the number of octets * in that packet; otherwise, no assumptions should be made about the * value of either data elements. * * @warning This function assumes that the SRTCP packet is aligned on a * 32-bit boundary. * * @param ctx is a pointer to the srtp_t which applies to the * particular packet. * * @param srtcp_hdr is a pointer to the header of the SRTCP packet * (before the call). After the function returns, it points to the * rtp packet if srtp_err_status_ok was returned; otherwise, the value of * the data to which it points is undefined. * * @param pkt_octet_len is a pointer to the length in octets of the * complete SRTCP packet (header and body) before the function call, * and of the complete rtp packet after the call, if srtp_err_status_ok was * returned. Otherwise, the value of the data to which it points is * undefined. * * @return * - srtp_err_status_ok if the RTCP packet is valid. * - srtp_err_status_auth_fail if the SRTCP packet failed the message * authentication check. * - srtp_err_status_replay_fail if the SRTCP packet is a replay (e.g. has * already been processed and accepted). * - [other] if there has been an error in the cryptographic mechanisms. * */ srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len); /** * @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet * processing function. * * The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr) * verifies the Secure RTCP protection of the SRTCP packet pointed to * by srtcp_hdr (which has length *len_ptr), using the SRTP session * context ctx. If srtp_err_status_ok is returned, then srtcp_hdr points * to the resulting RTCP packet and *len_ptr is the number of octets * in that packet; otherwise, no assumptions should be made about the * value of either data elements. * * @warning This function assumes that the SRTCP packet is aligned on a * 32-bit boundary. * * @param ctx is a pointer to the srtp_t which applies to the * particular packet. * * @param srtcp_hdr is a pointer to the header of the SRTCP packet * (before the call). After the function returns, it points to the * rtp packet if srtp_err_status_ok was returned; otherwise, the value of * the data to which it points is undefined. * * @param pkt_octet_len is a pointer to the length in octets of the * complete SRTCP packet (header and body) before the function call, * and of the complete rtp packet after the call, if srtp_err_status_ok was * returned. Otherwise, the value of the data to which it points is * undefined. * * @param use_mki is a boolean to tell the system if mki is being used. If * set to false then will use the first set of session keys. If set to true will * use the session keys identified by the mki_index * * @return * - srtp_err_status_ok if the RTCP packet is valid. * - srtp_err_status_auth_fail if the SRTCP packet failed the message * authentication check. * - srtp_err_status_replay_fail if the SRTCP packet is a replay (e.g. has * already been processed and accepted). * - srtp_err_status_bad_mki if the MKI in the packet is not a known MKI id * - [other] if there has been an error in the cryptographic mechanisms. * */ srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len, unsigned int use_mki); /** * @} */ /** * @defgroup User data associated to a SRTP session. * @ingroup SRTP * * @brief Store custom user data within a SRTP session. * * @{ */ /** * @brief srtp_set_user_data() stores the given pointer into the SRTP * session for later retrieval. * * @param ctx is the srtp_t context in which the given data pointer is * stored. * * @param data is a pointer to the custom information (struct, function, * etc) associated with the SRTP session. * * @return void. * */ void srtp_set_user_data(srtp_t ctx, void *data); /** * @brief srtp_get_user_data() retrieves the pointer to the custom data * previously stored with srtp_set_user_data(). * * This function is mostly useful for retrieving data associated to a * SRTP session when an event fires. The user can then get such a custom * data by calling this function with the session field of the * srtp_event_data_t struct as argument. * * @param ctx is the srtp_t context in which the given data pointer was * stored. * * @return void* pointer to the user data. * */ void* srtp_get_user_data(srtp_t ctx); /** * @} */ /** * @defgroup SRTPevents SRTP events and callbacks * @ingroup SRTP * * @brief libSRTP can use a user-provided callback function to * handle events. * * * libSRTP allows a user to provide a callback function to handle * events that need to be dealt with outside of the data plane (see * the enum srtp_event_t for a description of these events). Dealing * with these events is not a strict necessity; they are not * security-critical, but the application may suffer if they are not * handled. The function srtp_set_event_handler() is used to provide * the callback function. * * A default event handler that merely reports on the events as they * happen is included. It is also possible to set the event handler * function to NULL, in which case all events will just be silently * ignored. * * @{ */ /** * @brief srtp_event_t defines events that need to be handled * * The enum srtp_event_t defines events that need to be handled * outside the `data plane', such as SSRC collisions and * key expirations. * * When a key expires or the maximum number of packets has been * reached, an SRTP stream will enter an `expired' state in which no * more packets can be protected or unprotected. When this happens, * it is likely that you will want to either deallocate the stream * (using srtp_remove_stream()), and possibly allocate a new one. * * When an SRTP stream expires, the other streams in the same session * are unaffected, unless key sharing is used by that stream. In the * latter case, all of the streams in the session will expire. */ typedef enum { event_ssrc_collision, /**< * An SSRC collision occured. */ event_key_soft_limit, /**< An SRTP stream reached the soft key * usage limit and will expire soon. */ event_key_hard_limit, /**< An SRTP stream reached the hard * key usage limit and has expired. */ event_packet_index_limit /**< An SRTP stream reached the hard * packet limit (2^48 packets). */ } srtp_event_t; /** * @brief srtp_event_data_t is the structure passed as a callback to * the event handler function * * The struct srtp_event_data_t holds the data passed to the event * handler function. */ typedef struct srtp_event_data_t { srtp_t session; /**< The session in which the event happend. */ uint32_t ssrc; /**< The ssrc in host order of the stream in which the event happend */ srtp_event_t event; /**< An enum indicating the type of event. */ } srtp_event_data_t; /** * @brief srtp_event_handler_func_t is the function prototype for * the event handler. * * The typedef srtp_event_handler_func_t is the prototype for the * event handler function. It has as its only argument an * srtp_event_data_t which describes the event that needs to be handled. * There can only be a single, global handler for all events in * libSRTP. */ typedef void (srtp_event_handler_func_t)(srtp_event_data_t *data); /** * @brief sets the event handler to the function supplied by the caller. * * The function call srtp_install_event_handler(func) sets the event * handler function to the value func. The value NULL is acceptable * as an argument; in this case, events will be ignored rather than * handled. * * @param func is a pointer to a fuction that takes an srtp_event_data_t * pointer as an argument and returns void. This function * will be used by libSRTP to handle events. */ srtp_err_status_t srtp_install_event_handler(srtp_event_handler_func_t func); /** * @brief Returns the version string of the library. * */ const char *srtp_get_version_string(void); /** * @brief Returns the numeric representation of the library version. * */ unsigned int srtp_get_version(void); /** * @brief srtp_set_debug_module(mod_name, v) * * sets dynamic debugging to the value v (0 for off, 1 for on) for the * debug module with the name mod_name * * returns err_status_ok on success, err_status_fail otherwise */ srtp_err_status_t srtp_set_debug_module(const char *mod_name, int v); /** * @brief srtp_list_debug_modules() outputs a list of debugging modules * */ srtp_err_status_t srtp_list_debug_modules(void); /** * @brief srtp_log_level_t defines log levels. * * The enumeration srtp_log_level_t defines log levels reported * in the srtp_log_handler_func_t. * */ typedef enum { srtp_log_level_error, /**< log level is reporting an error message */ srtp_log_level_warning, /**< log level is reporting a warning message */ srtp_log_level_info, /**< log level is reporting an info message */ srtp_log_level_debug /**< log level is reporting a debug message */ } srtp_log_level_t; /** * @brief srtp_log_handler_func_t is the function prototype for * the log handler. * * The typedef srtp_event_handler_func_t is the prototype for the * event handler function. It has as srtp_log_level_t, log * message and data as arguments. * There can only be a single, global handler for all log messages in * libSRTP. */ typedef void (srtp_log_handler_func_t)(srtp_log_level_t level, const char * msg, void *data); /** * @brief sets the log handler to the function supplied by the caller. * * The function call srtp_install_log_handler(func) sets the log * handler function to the value func. The value NULL is acceptable * as an argument; in this case, log messages will be ignored. * This function can be called before srtp_init() inorder to capture * any logging during start up. * * @param func is a pointer to a fuction of type srtp_log_handler_func_t. * This function will be used by libSRTP to output log messages. * @param data is a user pointer that will be returned as the data argument in func. */ srtp_err_status_t srtp_install_log_handler(srtp_log_handler_func_t func, void *data); /** * @brief srtp_get_protect_trailer_length(session, use_mki, mki_index, length) * * Determines the length of the amount of data Lib SRTP will add to the * packet during the protect process. The length is returned in the length parameter * * returns err_status_ok on success, err_status_bad_mki if the MKI index is invalid * */ srtp_err_status_t srtp_get_protect_trailer_length(srtp_t session, uint32_t use_mki, uint32_t mki_index, uint32_t *length); /** * @brief srtp_get_protect_rtcp_trailer_length(session, use_mki, mki_index, length) * * Determines the length of the amount of data Lib SRTP will add to the * packet during the protect process. The length is returned in the length parameter * * returns err_status_ok on success, err_status_bad_mki if the MKI index is invalid * */ srtp_err_status_t srtp_get_protect_rtcp_trailer_length(srtp_t session, uint32_t use_mki, uint32_t mki_index, uint32_t *length); /** * @brief srtp_set_stream_roc(session, ssrc, roc) * * Set the roll-over-counter on a session for a given SSRC * * returns err_status_ok on success, srtp_err_status_bad_param if there is no * stream found * */ srtp_err_status_t srtp_set_stream_roc(srtp_t session, uint32_t ssrc, uint32_t roc); /** * @brief srtp_get_stream_roc(session, ssrc, roc) * * Get the roll-over-counter on a session for a given SSRC * * returns err_status_ok on success, srtp_err_status_bad_param if there is no * stream found * */ srtp_err_status_t srtp_get_stream_roc(srtp_t session, uint32_t ssrc, uint32_t *roc); /** * @} */ /* in host order, so outside the #if */ #define SRTCP_E_BIT 0x80000000 /* for byte-access */ #define SRTCP_E_BYTE_BIT 0x80 #define SRTCP_INDEX_MASK 0x7fffffff #ifdef __cplusplus } #endif #endif /* SRTP_SRTP_H */ �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/include/srtp_priv.h�������������������������������������������������������������������0000664�0000000�0000000�00000022457�13120311000�0017004�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * srtp_priv.h * * private internal data structures and functions for libSRTP * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef SRTP_PRIV_H #define SRTP_PRIV_H // Leave this as the top level import. Ensures the existence of defines #include "config.h" #include "srtp.h" #include "rdbx.h" #include "rdb.h" #include "integers.h" #include "cipher.h" #include "auth.h" #include "aes.h" #include "key.h" #include "crypto_kernel.h" #ifdef __cplusplus extern "C" { #endif #define SRTP_VER_STRING PACKAGE_STRING #define SRTP_VERSION PACKAGE_VERSION typedef struct srtp_stream_ctx_t_ srtp_stream_ctx_t; typedef srtp_stream_ctx_t *srtp_stream_t; /* * the following declarations are libSRTP internal functions */ /* * srtp_get_stream(ssrc) returns a pointer to the stream corresponding * to ssrc, or NULL if no stream exists for that ssrc */ srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc); /* * srtp_stream_init_keys(s, k) (re)initializes the srtp_stream_t s by * deriving all of the needed keys using the KDF and the key k. */ srtp_err_status_t srtp_stream_init_keys(srtp_stream_ctx_t *srtp, srtp_master_key_t *master_key, const unsigned int current_mki_index); /* * srtp_stream_init_all_master_keys(s, k, m) (re)initializes the srtp_stream_t s by * deriving all of the needed keys for all the master keys using the KDF and the keys from k. */ srtp_err_status_t srtp_steam_init_all_master_keys(srtp_stream_ctx_t *srtp, unsigned char *key, srtp_master_key_t **keys, const unsigned int max_master_keys); /* * srtp_stream_init(s, p) initializes the srtp_stream_t s to * use the policy at the location p */ srtp_err_status_t srtp_stream_init(srtp_stream_t srtp, const srtp_policy_t *p); /* * libsrtp internal datatypes */ typedef enum direction_t { dir_unknown = 0, dir_srtp_sender = 1, dir_srtp_receiver = 2 } direction_t; /* * srtp_session_keys_t will contain the encryption, hmac, salt keys * for both SRTP and SRTCP. The session keys will also contain the * MKI ID which is used to identify the session keys. */ typedef struct srtp_session_keys_t { srtp_cipher_t *rtp_cipher; srtp_cipher_t *rtp_xtn_hdr_cipher; srtp_auth_t *rtp_auth; srtp_cipher_t *rtcp_cipher; srtp_auth_t *rtcp_auth; uint8_t salt[SRTP_AEAD_SALT_LEN]; uint8_t c_salt[SRTP_AEAD_SALT_LEN]; uint8_t *mki_id; unsigned int mki_size; srtp_key_limit_ctx_t *limit; } srtp_session_keys_t; /* * an srtp_stream_t has its own SSRC, encryption key, authentication * key, sequence number, and replay database * * note that the keys might not actually be unique, in which case the * srtp_cipher_t and srtp_auth_t pointers will point to the same structures */ typedef struct srtp_stream_ctx_t_ { uint32_t ssrc; srtp_session_keys_t *session_keys; unsigned int num_master_keys; srtp_rdbx_t rtp_rdbx; srtp_sec_serv_t rtp_services; srtp_rdb_t rtcp_rdb; srtp_sec_serv_t rtcp_services; direction_t direction; int allow_repeat_tx; srtp_ekt_stream_t ekt; int *enc_xtn_hdr; int enc_xtn_hdr_count; uint32_t pending_roc; struct srtp_stream_ctx_t_ *next; /* linked list of streams */ } strp_stream_ctx_t_; /* * an srtp_ctx_t holds a stream list and a service description */ typedef struct srtp_ctx_t_ { struct srtp_stream_ctx_t_ *stream_list; /* linked list of streams */ struct srtp_stream_ctx_t_ *stream_template; /* act as template for other streams */ void *user_data; /* user custom data */ } srtp_ctx_t_; /* * srtp_hdr_t represents an RTP or SRTP header. The bit-fields in * this structure should be declared "unsigned int" instead of * "unsigned char", but doing so causes the MS compiler to not * fully pack the bit fields. * * In this implementation, an srtp_hdr_t is assumed to be 32-bit aligned * * (note that this definition follows that of RFC 1889 Appendix A, but * is not identical) */ #ifndef WORDS_BIGENDIAN typedef struct { unsigned char cc : 4; /* CSRC count */ unsigned char x : 1; /* header extension flag */ unsigned char p : 1; /* padding flag */ unsigned char version : 2; /* protocol version */ unsigned char pt : 7; /* payload type */ unsigned char m : 1; /* marker bit */ uint16_t seq; /* sequence number */ uint32_t ts; /* timestamp */ uint32_t ssrc; /* synchronization source */ } srtp_hdr_t; #else /* BIG_ENDIAN */ typedef struct { unsigned char version : 2; /* protocol version */ unsigned char p : 1; /* padding flag */ unsigned char x : 1; /* header extension flag */ unsigned char cc : 4; /* CSRC count */ unsigned char m : 1; /* marker bit */ unsigned char pt : 7; /* payload type */ uint16_t seq; /* sequence number */ uint32_t ts; /* timestamp */ uint32_t ssrc; /* synchronization source */ } srtp_hdr_t; #endif typedef struct { uint16_t profile_specific; /* profile-specific info */ uint16_t length; /* number of 32-bit words in extension */ } srtp_hdr_xtnd_t; /* * srtcp_hdr_t represents a secure rtcp header * * in this implementation, an srtcp header is assumed to be 32-bit * alinged */ #ifndef WORDS_BIGENDIAN typedef struct { unsigned char rc : 5; /* reception report count */ unsigned char p : 1; /* padding flag */ unsigned char version : 2; /* protocol version */ unsigned char pt : 8; /* payload type */ uint16_t len; /* length */ uint32_t ssrc; /* synchronization source */ } srtcp_hdr_t; typedef struct { unsigned int index : 31; /* srtcp packet index in network order! */ unsigned int e : 1; /* encrypted? 1=yes */ /* optional mikey/etc go here */ /* and then the variable-length auth tag */ } srtcp_trailer_t; #else /* BIG_ENDIAN */ typedef struct { unsigned char version : 2; /* protocol version */ unsigned char p : 1; /* padding flag */ unsigned char rc : 5; /* reception report count */ unsigned char pt : 8; /* payload type */ uint16_t len; /* length */ uint32_t ssrc; /* synchronization source */ } srtcp_hdr_t; typedef struct { unsigned int e : 1; /* encrypted? 1=yes */ unsigned int index : 31; /* srtcp packet index */ /* optional mikey/etc go here */ /* and then the variable-length auth tag */ } srtcp_trailer_t; #endif /* * srtp_handle_event(srtp, srtm, evnt) calls the event handling * function, if there is one. * * This macro is not included in the documentation as it is * an internal-only function. */ #define srtp_handle_event(srtp, strm, evnt) \ if(srtp_event_handler) { \ srtp_event_data_t data; \ data.session = srtp; \ data.ssrc = ntohl(strm->ssrc); \ data.event = evnt; \ srtp_event_handler(&data); \ } #ifdef __cplusplus } #endif #endif /* SRTP_PRIV_H */ �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/include/ut_sim.h����������������������������������������������������������������������0000664�0000000�0000000�00000004535�13120311000�0016251�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * ut-sim.h * * an unreliable transport simulator * (for testing replay databases and suchlike) * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef UT_SIM_H #define UT_SIM_H #include "integers.h" /* for uint32_t */ #ifdef __cplusplus extern "C" { #endif #define UT_BUF 160 /* maximum amount of packet reorder */ typedef struct { uint32_t index; uint32_t buffer[UT_BUF]; } ut_connection; /* * ut_init(&u) initializes the ut_connection * * this function should always be the first one called on a new * ut_connection */ void ut_init(ut_connection *utc); /* * ut_next_index(&u) returns the next index from the simulated * unreliable connection */ uint32_t ut_next_index(ut_connection *utc); #ifdef __cplusplus } #endif #endif /* UT_SIM_H */ �������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/install-sh����������������������������������������������������������������������������0000775�0000000�0000000�00000034523�13120311000�0015161�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh # install - install a program, script, or datafile scriptversion=2013-12-25.23; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the # following copyright and license. # # Copyright (C) 1994 X Consortium # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to # deal in the Software without restriction, including without limitation the # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or # sell copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN # AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- # TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # # Except as contained in this notice, the name of the X Consortium shall not # be used in advertising or otherwise to promote the sale, use or other deal- # ings in this Software without prior written authorization from the X Consor- # tium. # # # FSF changes to this file are in the public domain. # # Calling this script install-sh is preferred over install.sh, to prevent # 'make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. tab=' ' nl=' ' IFS=" $tab$nl" # Set DOITPROG to "echo" to test this script. doit=${DOITPROG-} doit_exec=${doit:-exec} # Put in absolute file names if you don't have them in your path; # or use environment vars. chgrpprog=${CHGRPPROG-chgrp} chmodprog=${CHMODPROG-chmod} chownprog=${CHOWNPROG-chown} cmpprog=${CMPPROG-cmp} cpprog=${CPPROG-cp} mkdirprog=${MKDIRPROG-mkdir} mvprog=${MVPROG-mv} rmprog=${RMPROG-rm} stripprog=${STRIPPROG-strip} posix_mkdir= # Desired mode of installed file. mode=0755 chgrpcmd= chmodcmd=$chmodprog chowncmd= mvcmd=$mvprog rmcmd="$rmprog -f" stripcmd= src= dst= dir_arg= dst_arg= copy_on_change=false is_target_a_directory=possibly usage="\ Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE or: $0 [OPTION]... SRCFILES... DIRECTORY or: $0 [OPTION]... -t DIRECTORY SRCFILES... or: $0 [OPTION]... -d DIRECTORIES... In the 1st form, copy SRCFILE to DSTFILE. In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. In the 4th, create DIRECTORIES. Options: --help display this help and exit. --version display version info and exit. -c (ignored) -C install only if different (preserve the last data modification time) -d create directories instead of installing files. -g GROUP $chgrpprog installed files to GROUP. -m MODE $chmodprog installed files to MODE. -o USER $chownprog installed files to USER. -s $stripprog installed files. -t DIRECTORY install into DIRECTORY. -T report an error if DSTFILE is a directory. Environment variables override the default commands: CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG " while test $# -ne 0; do case $1 in -c) ;; -C) copy_on_change=true;; -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 case $mode in *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*) echo "$0: invalid mode: $mode" >&2 exit 1;; esac shift;; -o) chowncmd="$chownprog $2" shift;; -s) stripcmd=$stripprog;; -t) is_target_a_directory=always dst_arg=$2 # Protect names problematic for 'test' and other utilities. case $dst_arg in -* | [=\(\)!]) dst_arg=./$dst_arg;; esac shift;; -T) is_target_a_directory=never;; --version) echo "$0 $scriptversion"; exit $?;; --) shift break;; -*) echo "$0: invalid option: $1" >&2 exit 1;; *) break;; esac shift done # We allow the use of options -d and -T together, by making -d # take the precedence; this is for compatibility with GNU install. if test -n "$dir_arg"; then if test -n "$dst_arg"; then echo "$0: target directory not allowed when installing a directory." >&2 exit 1 fi fi if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. # Otherwise, the last argument is the destination. Remove it from $@. for arg do if test -n "$dst_arg"; then # $@ is not empty: it contains at least $arg. set fnord "$@" "$dst_arg" shift # fnord fi shift # arg dst_arg=$arg # Protect names problematic for 'test' and other utilities. case $dst_arg in -* | [=\(\)!]) dst_arg=./$dst_arg;; esac done fi if test $# -eq 0; then if test -z "$dir_arg"; then echo "$0: no input file specified." >&2 exit 1 fi # It's OK to call 'install-sh -d' without argument. # This can happen when creating conditional directories. exit 0 fi if test -z "$dir_arg"; then if test $# -gt 1 || test "$is_target_a_directory" = always; then if test ! -d "$dst_arg"; then echo "$0: $dst_arg: Is not a directory." >&2 exit 1 fi fi fi if test -z "$dir_arg"; then do_exit='(exit $ret); exit $ret' trap "ret=129; $do_exit" 1 trap "ret=130; $do_exit" 2 trap "ret=141; $do_exit" 13 trap "ret=143; $do_exit" 15 # Set umask so as not to create temps with too-generous modes. # However, 'strip' requires both read and write access to temps. case $mode in # Optimize common cases. *644) cp_umask=133;; *755) cp_umask=22;; *[0-7]) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw='% 200' fi cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; *) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw=,u+rw fi cp_umask=$mode$u_plus_rw;; esac fi for src do # Protect names problematic for 'test' and other utilities. case $src in -* | [=\(\)!]) src=./$src;; esac if test -n "$dir_arg"; then dst=$src dstdir=$dst test -d "$dstdir" dstdir_status=$? else # Waiting for this to be detected by the "$cpprog $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if test ! -f "$src" && test ! -d "$src"; then echo "$0: $src does not exist." >&2 exit 1 fi if test -z "$dst_arg"; then echo "$0: no destination specified." >&2 exit 1 fi dst=$dst_arg # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then if test "$is_target_a_directory" = never; then echo "$0: $dst_arg: Is a directory" >&2 exit 1 fi dstdir=$dst dst=$dstdir/`basename "$src"` dstdir_status=0 else dstdir=`dirname "$dst"` test -d "$dstdir" dstdir_status=$? fi fi obsolete_mkdir_used=false if test $dstdir_status != 0; then case $posix_mkdir in '') # Create intermediate dirs using mode 755 as modified by the umask. # This is like FreeBSD 'install' as of 1997-10-28. umask=`umask` case $stripcmd.$umask in # Optimize common cases. *[2367][2367]) mkdir_umask=$umask;; .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; *[0-7]) mkdir_umask=`expr $umask + 22 \ - $umask % 100 % 40 + $umask % 20 \ - $umask % 10 % 4 + $umask % 2 `;; *) mkdir_umask=$umask,go-w;; esac # With -d, create the new directory with the user-specified mode. # Otherwise, rely on $mkdir_umask. if test -n "$dir_arg"; then mkdir_mode=-m$mode else mkdir_mode= fi posix_mkdir=false case $umask in *[123567][0-7][0-7]) # POSIX mkdir -p sets u+wx bits regardless of umask, which # is incompatible with FreeBSD 'install' when (umask & 300) != 0. ;; *) tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 if (umask $mkdir_umask && exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 then if test -z "$dir_arg" || { # Check for POSIX incompatibilities with -m. # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or # other-writable bit of parent directory when it shouldn't. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. ls_ld_tmpdir=`ls -ld "$tmpdir"` case $ls_ld_tmpdir in d????-?r-*) different_mode=700;; d????-?--*) different_mode=755;; *) false;; esac && $mkdirprog -m$different_mode -p -- "$tmpdir" && { ls_ld_tmpdir_1=`ls -ld "$tmpdir"` test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" } } then posix_mkdir=: fi rmdir "$tmpdir/d" "$tmpdir" else # Remove any dirs left behind by ancient mkdir implementations. rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null fi trap '' 0;; esac;; esac if $posix_mkdir && ( umask $mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" ) then : else # The umask is ridiculous, or mkdir does not conform to POSIX, # or it failed possibly due to a race condition. Create the # directory the slow way, step by step, checking for races as we go. case $dstdir in /*) prefix='/';; [-=\(\)!]*) prefix='./';; *) prefix='';; esac oIFS=$IFS IFS=/ set -f set fnord $dstdir shift set +f IFS=$oIFS prefixes= for d do test X"$d" = X && continue prefix=$prefix$d if test -d "$prefix"; then prefixes= else if $posix_mkdir; then (umask=$mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break # Don't fail if two instances are running concurrently. test -d "$prefix" || exit 1 else case $prefix in *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; *) qprefix=$prefix;; esac prefixes="$prefixes '$qprefix'" fi fi prefix=$prefix/ done if test -n "$prefixes"; then # Don't fail if two instances are running concurrently. (umask $mkdir_umask && eval "\$doit_exec \$mkdirprog $prefixes") || test -d "$dstdir" || exit 1 obsolete_mkdir_used=true fi fi fi if test -n "$dir_arg"; then { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 else # Make a couple of temp file names in the proper directory. dsttmp=$dstdir/_inst.$$_ rmtmp=$dstdir/_rm.$$_ # Trap to clean up those temp files at exit. trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 # Copy the file name to the temp name. (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && # and set any options; do chmod last to preserve setuid bits. # # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $cpprog $src $dsttmp" command. # { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && # If -C, don't bother to copy if it wouldn't change the file. if $copy_on_change && old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && set -f && set X $old && old=:$2:$4:$5:$6 && set X $new && new=:$2:$4:$5:$6 && set +f && test "$old" = "$new" && $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 then rm -f "$dsttmp" else # Rename the file to the real destination. $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || # The rename failed, perhaps because mv can't rename something else # to itself, or perhaps because mv is so ancient that it does not # support -f. { # Now remove or move aside any old file at destination location. # We try this two ways since rm can't unlink itself on some # systems and the destination file might be busy for other # reasons. In this case, the final cleanup might fail but the new # file should still install successfully. { test ! -f "$dst" || $doit $rmcmd -f "$dst" 2>/dev/null || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } } || { echo "$0: cannot unlink or rename $dst" >&2 (exit 1); exit 1 } } && # Now rename the file to the real destination. $doit $mvcmd "$dsttmp" "$dst" } fi || exit 1 trap '' 0 fi done # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/install-win.bat�����������������������������������������������������������������������0000664�0000000�0000000�00000001653�13120311000�0016104�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������:: Installs from srtp windows build directory to directory specified on :: command line @if "%1"=="" ( echo "Usage: %~nx0 destdir" exit /b 1 ) else ( set destdir=%1 ) @if not exist %destdir% ( echo %destdir% not found exit /b 1 ) @for %%d in (include\srtp.h crypto\include\cipher.h Debug\srtp2.lib Release\srtp2.lib x64\Debug\srtp2.lib x64\Release\srtp2.lib) do ( if not exist "%%d" ( echo "%%d not found: are you in the right directory?" exit /b 1 ) ) mkdir %destdir%\include mkdir %destdir%\include\srtp2 mkdir %destdir%\lib mkdir %destdir%\lib\x64 @for %%d in (include\srtp.h include\ekt.h crypto\include\cipher.h crypto\include\auth.h crypto\include\crypto_types.h) do ( copy %%d %destdir%\include\srtp2 ) copy Release\srtp2.lib %destdir%\lib\srtp2.lib copy Debug\srtp2.lib %destdir%\lib\srtp2d.lib copy x64\Release\srtp2.lib %destdir%\lib\x64\srtp2.lib copy x64\Debug\srtp2.lib %destdir%\lib\x64\srtp2d.lib �������������������������������������������������������������������������������������libsrtp-2.1.0/libsrtp2.pc.in������������������������������������������������������������������������0000664�0000000�0000000�00000000373�13120311000�0015643�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������prefix=@prefix@ exec_prefix=@prefix@ libdir=@libdir@ includedir=@includedir@ Name: @PACKAGE_NAME@ Version: @PACKAGE_VERSION@ Description: Library for SRTP (Secure Realtime Transport Protocol) Libs: -L${libdir} -lsrtp2 @LIBS@ Cflags: -I${includedir} ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/srtp.def������������������������������������������������������������������������������0000664�0000000�0000000�00000003401�13120311000�0014614�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������EXPORTS srtp_init srtp_shutdown srtp_protect srtp_unprotect srtp_create srtp_add_stream srtp_remove_stream srtp_update srtp_update_stream srtp_crypto_policy_set_rtp_default srtp_crypto_policy_set_rtcp_default srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32 srtp_crypto_policy_set_aes_cm_128_null_auth srtp_crypto_policy_set_null_cipher_hmac_sha1_80 srtp_crypto_policy_set_null_cipher_hmac_null srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80 srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32 srtp_crypto_policy_set_aes_cm_256_null_auth ; TODO - GCM module not yet supported on Win32 ; srtp_crypto_policy_set_aes_gcm_128_8_auth ; srtp_crypto_policy_set_aes_gcm_256_8_auth ; srtp_crypto_policy_set_aes_gcm_128_8_only_auth ; srtp_crypto_policy_set_aes_gcm_256_8_only_auth ; srtp_crypto_policy_set_aes_gcm_128_16_auth ; srtp_crypto_policy_set_aes_gcm_256_16_auth srtp_dealloc srtp_crypto_policy_set_from_profile_for_rtp srtp_crypto_policy_set_from_profile_for_rtcp srtp_profile_get_master_key_length srtp_profile_get_master_salt_length srtp_append_salt_to_key srtp_protect_rtcp srtp_unprotect_rtcp srtp_set_user_data srtp_get_user_data srtp_install_event_handler srtp_get_version_string srtp_get_version srtp_set_debug_module srtp_list_debug_modules srtp_ekt_octets_after_base_tag srtp_ekt_alloc srtp_ekt_stream_init_from_policy srtp_ekt_write_data srtp_cipher_get_key_length srtp_cipher_type_self_test srtp_cipher_type_test srtp_cipher_bits_per_second srtp_cipher_type_alloc srtp_cipher_dealloc srtp_cipher_init srtp_cipher_set_iv srtp_cipher_output srtp_cipher_encrypt srtp_cipher_decrypt srtp_cipher_get_tag srtp_cipher_set_aad srtp_replace_cipher_type srtp_auth_get_key_length srtp_auth_get_tag_length srtp_auth_get_prefix_length srtp_auth_type_self_test srtp_auth_type_test srtp_replace_auth_type ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/srtp.sln������������������������������������������������������������������������������0000664�0000000�0000000�00000004113�13120311000�0014653�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������ Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio Express 14 for Windows Desktop VisualStudioVersion = 14.0.25123.0 MinimumVisualStudioVersion = 10.0.40219.1 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "srtp2", "srtp2.vcxproj", "{EEF031CB-FED8-451E-A471-91EC8D4F6750}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug Dll|Win32 = Debug Dll|Win32 Debug Dll|x64 = Debug Dll|x64 Debug|Win32 = Debug|Win32 Debug|x64 = Debug|x64 Release Dll|Win32 = Release Dll|Win32 Release Dll|x64 = Release Dll|x64 Release|Win32 = Release|Win32 Release|x64 = Release|x64 EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug Dll|Win32.ActiveCfg = Debug Dll|Win32 {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug Dll|Win32.Build.0 = Debug Dll|Win32 {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug Dll|x64.ActiveCfg = Debug Dll|x64 {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug Dll|x64.Build.0 = Debug Dll|x64 {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug|Win32.ActiveCfg = Debug|Win32 {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug|Win32.Build.0 = Debug|Win32 {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug|x64.ActiveCfg = Debug|x64 {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Debug|x64.Build.0 = Debug|x64 {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release Dll|Win32.ActiveCfg = Release Dll|Win32 {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release Dll|Win32.Build.0 = Release Dll|Win32 {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release Dll|x64.ActiveCfg = Release Dll|x64 {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release Dll|x64.Build.0 = Release Dll|x64 {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release|Win32.ActiveCfg = Release|Win32 {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release|Win32.Build.0 = Release|Win32 {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release|x64.ActiveCfg = Release|x64 {EEF031CB-FED8-451E-A471-91EC8D4F6750}.Release|x64.Build.0 = Release|x64 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE EndGlobalSection EndGlobal �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/srtp/���������������������������������������������������������������������������������0000775�0000000�0000000�00000000000�13120311000�0014136�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/srtp/ekt.c����������������������������������������������������������������������������0000664�0000000�0000000�00000020134�13120311000�0015065�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * ekt.c * * Encrypted Key Transport for SRTP * * David McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include "srtp_priv.h" #include "err.h" #include "ekt.h" extern srtp_debug_module_t mod_srtp; /* * The EKT Authentication Tag format. * * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * : Base Authentication Tag : * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * : Encrypted Master Key : * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Rollover Counter | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Initial Sequence Number | Security Parameter Index | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * */ #define EKT_OCTETS_AFTER_BASE_TAG 24 #define EKT_OCTETS_AFTER_EMK 8 #define EKT_OCTETS_AFTER_ROC 4 #define EKT_SPI_LEN 2 unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt) { /* * if the pointer ekt is NULL, then EKT is not in effect, so we * indicate this by returning zero */ if (!ekt) return 0; switch(ekt->data->ekt_cipher_type) { case SRTP_EKT_CIPHER_AES_128_ECB: return 16 + EKT_OCTETS_AFTER_EMK; break; default: break; } return 0; } static inline srtp_ekt_spi_t srtcp_packet_get_ekt_spi(const uint8_t *packet_start, unsigned pkt_octet_len) { const uint8_t *spi_location; spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN); return *((const srtp_ekt_spi_t *)spi_location); } static inline uint32_t srtcp_packet_get_ekt_roc(const uint8_t *packet_start, unsigned pkt_octet_len) { const uint8_t *roc_location; roc_location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_ROC); return *((const uint32_t *)roc_location); } static inline const uint8_t * srtcp_packet_get_emk_location(const uint8_t *packet_start, unsigned pkt_octet_len) { const uint8_t *location; location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_BASE_TAG); return location; } srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, srtp_ekt_policy_t policy) { /* * if the policy pointer is NULL, then EKT is not in use * so we just set the EKT stream data pointer to NULL */ if (!policy) { *stream_data = NULL; return srtp_err_status_ok; } /* TODO */ *stream_data = NULL; return srtp_err_status_ok; } srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t stream_data, srtp_ekt_policy_t policy) { if (!stream_data) return srtp_err_status_ok; return srtp_err_status_ok; } void aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len) { #ifndef OPENSSL //FIXME: need to get this working through the crypto module interface srtp_aes_expanded_key_t expanded_key; srtp_aes_expand_decryption_key(key, key_len, &expanded_key); srtp_aes_decrypt(ciphertext, &expanded_key); #endif } /* * The function srtp_stream_init_from_ekt() initializes a stream using * the EKT data from an SRTCP trailer. */ srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, const void *srtcp_hdr, unsigned pkt_octet_len) { srtp_err_status_t err; const uint8_t *master_key; srtp_policy_t srtp_policy; uint32_t roc; /* * NOTE: at present, we only support a single ekt_policy at a time. */ if (stream->ekt->data->spi != srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len)) return srtp_err_status_no_ctx; if (stream->ekt->data->ekt_cipher_type != SRTP_EKT_CIPHER_AES_128_ECB) return srtp_err_status_bad_param; /* decrypt the Encrypted Master Key field */ master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len); /* FIX!? This decrypts the master key in-place, and never uses it */ /* FIX!? It's also passing to ekt_dec_key (which is an aes_expanded_key_t) * to a function which expects a raw (unexpanded) key */ aes_decrypt_with_raw_key((void*)master_key, &stream->ekt->data->ekt_dec_key, 16); /* set the SRTP ROC */ roc = srtcp_packet_get_ekt_roc(srtcp_hdr, pkt_octet_len); err = srtp_rdbx_set_roc(&stream->rtp_rdbx, roc); if (err) return err; err = srtp_stream_init(stream, &srtp_policy); if (err) return err; return srtp_err_status_ok; } void srtp_ekt_write_data(srtp_ekt_stream_t ekt, uint8_t *base_tag, unsigned base_tag_len, int *packet_len, srtp_xtd_seq_num_t pkt_index) { uint32_t roc; uint16_t isn; unsigned emk_len; uint8_t *packet; /* if the pointer ekt is NULL, then EKT is not in effect */ if (!ekt) { debug_print(mod_srtp, "EKT not in use", NULL); return; } /* write zeros into the location of the base tag */ octet_string_set_to_zero(base_tag, base_tag_len); packet = base_tag + base_tag_len; /* copy encrypted master key into packet */ emk_len = srtp_ekt_octets_after_base_tag(ekt); memcpy(packet, ekt->encrypted_master_key, emk_len); debug_print(mod_srtp, "writing EKT EMK: %s,", srtp_octet_string_hex_string(packet, emk_len)); packet += emk_len; /* copy ROC into packet */ roc = (uint32_t)(pkt_index >> 16); *((uint32_t *)packet) = be32_to_cpu(roc); debug_print(mod_srtp, "writing EKT ROC: %s,", srtp_octet_string_hex_string(packet, sizeof(roc))); packet += sizeof(roc); /* copy ISN into packet */ isn = (uint16_t)pkt_index; *((uint16_t *)packet) = htons(isn); debug_print(mod_srtp, "writing EKT ISN: %s,", srtp_octet_string_hex_string(packet, sizeof(isn))); packet += sizeof(isn); /* copy SPI into packet */ *((uint16_t *)packet) = htons(ekt->data->spi); debug_print(mod_srtp, "writing EKT SPI: %s,", srtp_octet_string_hex_string(packet, sizeof(ekt->data->spi))); /* increase packet length appropriately */ *packet_len += EKT_OCTETS_AFTER_EMK + emk_len; } /* * The function call srtcp_ekt_trailer(ekt, auth_len, auth_tag ) * * If the pointer ekt is NULL, then the other inputs are unaffected. * * auth_tag is a pointer to the pointer to the location of the * authentication tag in the packet. If EKT is in effect, then the * auth_tag pointer is set to the location */ void srtcp_ekt_trailer(srtp_ekt_stream_t ekt, unsigned *auth_len, void **auth_tag, void *tag_copy) { /* * if there is no EKT policy, then the other inputs are unaffected */ if (!ekt) return; /* copy auth_tag into temporary location */ } ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/srtp/srtp.c���������������������������������������������������������������������������0000664�0000000�0000000�00000435424�13120311000�0015306�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * srtp.c * * the secure real-time transport protocol * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ // Leave this as the top level import. Ensures the existence of defines #include "config.h" #include "srtp_priv.h" #include "crypto_types.h" #include "err.h" #include "ekt.h" /* for SRTP Encrypted Key Transport */ #include "alloc.h" /* for srtp_crypto_alloc() */ #ifdef OPENSSL #include "aes_gcm_ossl.h" /* for AES GCM mode */ # ifdef OPENSSL_KDF # include <openssl/kdf.h> # include "aes_icm_ossl.h" /* for AES GCM mode */ # endif #endif #include <limits.h> #ifdef HAVE_NETINET_IN_H # include <netinet/in.h> #elif defined(HAVE_WINSOCK2_H) # include <winsock2.h> #endif /* the debug module for srtp */ srtp_debug_module_t mod_srtp = { 0, /* debugging is off by default */ "srtp" /* printable name for module */ }; #define octets_in_rtp_header 12 #define uint32s_in_rtp_header 3 #define octets_in_rtcp_header 8 #define uint32s_in_rtcp_header 2 #define octets_in_rtp_extn_hdr 4 static srtp_err_status_t srtp_validate_rtp_header(void *rtp_hdr, int *pkt_octet_len) { if (*pkt_octet_len < octets_in_rtp_header) return srtp_err_status_bad_param; srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; /* Check RTP header length */ int rtp_header_len = octets_in_rtp_header + 4 * hdr->cc; if (hdr->x == 1) rtp_header_len += octets_in_rtp_extn_hdr; if (*pkt_octet_len < rtp_header_len) return srtp_err_status_bad_param; /* Verifing profile length. */ if (hdr->x == 1) { srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)((uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc); int profile_len = ntohs(xtn_hdr->length); rtp_header_len += profile_len * 4; /* profile length counts the number of 32-bit words */ if (*pkt_octet_len < rtp_header_len) return srtp_err_status_bad_param; } return srtp_err_status_ok; } const char *srtp_get_version_string () { /* * Simply return the autotools generated string */ return SRTP_VER_STRING; } unsigned int srtp_get_version () { unsigned int major = 0, minor = 0, micro = 0; unsigned int rv = 0; int parse_rv; /* * Parse the autotools generated version */ parse_rv = sscanf(SRTP_VERSION, "%u.%u.%u", &major, &minor, &micro); if (parse_rv != 3) { /* * We're expected to parse all 3 version levels. * If not, then this must not be an official release. * Return all zeros on the version */ return (0); } /* * We allow 8 bits for the major and minor, while * allowing 16 bits for the micro. 16 bits for the micro * may be beneficial for a continuous delivery model * in the future. */ rv |= (major & 0xFF) << 24; rv |= (minor & 0xFF) << 16; rv |= micro & 0xFF; return rv; } /* Release (maybe partially allocated) stream. */ static void srtp_stream_free(srtp_stream_ctx_t *str) { unsigned int i = 0; srtp_session_keys_t *session_keys = NULL; for (i = 0; i < str->num_master_keys; i++) { session_keys = &str->session_keys[i]; if (session_keys->rtp_xtn_hdr_cipher) { srtp_cipher_dealloc(session_keys->rtp_xtn_hdr_cipher); } if (session_keys->rtcp_cipher) { srtp_cipher_dealloc(session_keys->rtcp_cipher); } if (session_keys->rtcp_auth) { srtp_auth_dealloc(session_keys->rtcp_auth); } if (session_keys->rtp_cipher) { srtp_cipher_dealloc(session_keys->rtp_cipher); } if (session_keys->rtp_auth) { srtp_auth_dealloc(session_keys->rtp_auth); } if (session_keys->mki_id) { srtp_crypto_free(session_keys->mki_id); } if (session_keys->limit) { srtp_crypto_free(session_keys->limit); } } srtp_crypto_free(str->session_keys); if (str->enc_xtn_hdr) { srtp_crypto_free(str->enc_xtn_hdr); } srtp_crypto_free(str); } srtp_err_status_t srtp_stream_alloc(srtp_stream_ctx_t **str_ptr, const srtp_policy_t *p) { srtp_stream_ctx_t *str; srtp_err_status_t stat; unsigned int i = 0; srtp_session_keys_t *session_keys = NULL; /* * This function allocates the stream context, rtp and rtcp ciphers * and auth functions, and key limit structure. If there is a * failure during allocation, we free all previously allocated * memory and return a failure code. The code could probably * be improved, but it works and should be clear. */ /* allocate srtp stream and set str_ptr */ str = (srtp_stream_ctx_t *) srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); if (str == NULL) return srtp_err_status_alloc_fail; memset(str, 0, sizeof(srtp_stream_ctx_t)); *str_ptr = str; /* To keep backwards API compatible if someone is using multiple master * keys then key should be set to NULL */ if (p->key != NULL) { str->num_master_keys = 1; } else { str->num_master_keys = p->num_master_keys; } str->session_keys = (srtp_session_keys_t *)srtp_crypto_alloc( sizeof(srtp_session_keys_t) * str->num_master_keys); if (str->session_keys == NULL) { srtp_stream_free(str); return srtp_err_status_alloc_fail; } memset(str->session_keys, 0, sizeof(srtp_session_keys_t) * str->num_master_keys); for (i = 0; i < str->num_master_keys; i++) { session_keys = &str->session_keys[i]; /* allocate cipher */ stat = srtp_crypto_kernel_alloc_cipher(p->rtp.cipher_type, &session_keys->rtp_cipher, p->rtp.cipher_key_len, p->rtp.auth_tag_len); if (stat) { srtp_stream_free(str); return stat; } /* allocate auth function */ stat = srtp_crypto_kernel_alloc_auth(p->rtp.auth_type, &session_keys->rtp_auth, p->rtp.auth_key_len, p->rtp.auth_tag_len); if (stat) { srtp_stream_free(str); return stat; } /* * ...and now the RTCP-specific initialization - first, allocate * the cipher */ stat = srtp_crypto_kernel_alloc_cipher(p->rtcp.cipher_type, &session_keys->rtcp_cipher, p->rtcp.cipher_key_len, p->rtcp.auth_tag_len); if (stat) { srtp_stream_free(str); return stat; } /* allocate auth function */ stat = srtp_crypto_kernel_alloc_auth(p->rtcp.auth_type, &session_keys->rtcp_auth, p->rtcp.auth_key_len, p->rtcp.auth_tag_len); if (stat) { srtp_stream_free(str); return stat; } session_keys->mki_id = NULL; /* allocate key limit structure */ session_keys->limit = (srtp_key_limit_ctx_t*) srtp_crypto_alloc(sizeof(srtp_key_limit_ctx_t)); if (session_keys->limit == NULL) { srtp_stream_free(str); return srtp_err_status_alloc_fail; } } /* allocate ekt data associated with stream */ stat = srtp_ekt_alloc(&str->ekt, p->ekt); if (stat) { srtp_stream_free(str); return stat; } if (p->enc_xtn_hdr && p->enc_xtn_hdr_count > 0) { srtp_cipher_type_id_t enc_xtn_hdr_cipher_type; int enc_xtn_hdr_cipher_key_len; str->enc_xtn_hdr = (int*) srtp_crypto_alloc(p->enc_xtn_hdr_count * sizeof(p->enc_xtn_hdr[0])); if (!str->enc_xtn_hdr) { srtp_stream_free(str); return srtp_err_status_alloc_fail; } memcpy(str->enc_xtn_hdr, p->enc_xtn_hdr, p->enc_xtn_hdr_count * sizeof(p->enc_xtn_hdr[0])); str->enc_xtn_hdr_count = p->enc_xtn_hdr_count; /* For GCM ciphers, the corresponding ICM cipher is used for header extensions encryption. */ switch (p->rtp.cipher_type) { case SRTP_AES_GCM_128: enc_xtn_hdr_cipher_type = SRTP_AES_ICM_128; enc_xtn_hdr_cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; break; case SRTP_AES_GCM_256: enc_xtn_hdr_cipher_type = SRTP_AES_ICM_256; enc_xtn_hdr_cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; break; default: enc_xtn_hdr_cipher_type = p->rtp.cipher_type; enc_xtn_hdr_cipher_key_len = p->rtp.cipher_key_len; break; } for (i = 0; i < str->num_master_keys; i++) { session_keys = &str->session_keys[i]; /* allocate cipher for extensions header encryption */ stat = srtp_crypto_kernel_alloc_cipher(enc_xtn_hdr_cipher_type, &session_keys->rtp_xtn_hdr_cipher, enc_xtn_hdr_cipher_key_len, 0); if (stat) { srtp_stream_free(str); return stat; } } } else { for (i = 0; i < str->num_master_keys; i++) { session_keys = &str->session_keys[i]; session_keys->rtp_xtn_hdr_cipher = NULL; } str->enc_xtn_hdr = NULL; str->enc_xtn_hdr_count = 0; } return srtp_err_status_ok; } srtp_err_status_t srtp_stream_dealloc(srtp_stream_ctx_t *stream, srtp_stream_ctx_t *stream_template) { srtp_err_status_t status; unsigned int i = 0; srtp_session_keys_t *session_keys = NULL; srtp_session_keys_t *template_session_keys = NULL; /* * we use a conservative deallocation strategy - if any deallocation * fails, then we report that fact without trying to deallocate * anything else */ for ( i = 0; i < stream->num_master_keys; i++) { session_keys = &stream->session_keys[i]; if (stream_template) { template_session_keys = &stream_template->session_keys[i]; } else { template_session_keys = NULL; } /* deallocate cipher, if it is not the same as that in template */ if (template_session_keys && session_keys->rtp_cipher == template_session_keys->rtp_cipher) { /* do nothing */ } else { status = srtp_cipher_dealloc(session_keys->rtp_cipher); if (status) return status; } /* deallocate auth function, if it is not the same as that in template */ if (template_session_keys && session_keys->rtp_auth == template_session_keys->rtp_auth) { /* do nothing */ } else { status = srtp_auth_dealloc(session_keys->rtp_auth); if (status) return status; } if (template_session_keys && session_keys->rtp_xtn_hdr_cipher == template_session_keys->rtp_xtn_hdr_cipher) { /* do nothing */ } else if (session_keys->rtp_xtn_hdr_cipher) { status = srtp_cipher_dealloc(session_keys->rtp_xtn_hdr_cipher); if (status) return status; } /* * deallocate rtcp cipher, if it is not the same as that in * template */ if (template_session_keys && session_keys->rtcp_cipher == template_session_keys->rtcp_cipher) { /* do nothing */ } else { status = srtp_cipher_dealloc(session_keys->rtcp_cipher); if (status) return status; } /* * deallocate rtcp auth function, if it is not the same as that in * template */ if (template_session_keys && session_keys->rtcp_auth == template_session_keys->rtcp_auth) { /* do nothing */ } else { status = srtp_auth_dealloc(session_keys->rtcp_auth); if (status) return status; } /* * zeroize the salt value */ octet_string_set_to_zero(session_keys->salt, SRTP_AEAD_SALT_LEN); octet_string_set_to_zero(session_keys->c_salt, SRTP_AEAD_SALT_LEN); if (session_keys->mki_id) { octet_string_set_to_zero(session_keys->mki_id, session_keys->mki_size); srtp_crypto_free(session_keys->mki_id); session_keys->mki_id = NULL; } /* deallocate key usage limit, if it is not the same as that in template */ if (template_session_keys && session_keys->limit == template_session_keys->limit) { /* do nothing */ } else { srtp_crypto_free(session_keys->limit); } } if (stream_template && stream->session_keys == stream_template->session_keys) { /* do nothing */ } else { srtp_crypto_free(stream->session_keys); } status = srtp_rdbx_dealloc(&stream->rtp_rdbx); if (status) return status; /* DAM - need to deallocate EKT here */ if (stream_template && stream->enc_xtn_hdr == stream_template->enc_xtn_hdr) { /* do nothing */ } else if (stream->enc_xtn_hdr) { srtp_crypto_free(stream->enc_xtn_hdr); } /* deallocate srtp stream context */ srtp_crypto_free(stream); return srtp_err_status_ok; } /* * srtp_stream_clone(stream_template, new) allocates a new stream and * initializes it using the cipher and auth of the stream_template * * the only unique data in a cloned stream is the replay database and * the SSRC */ srtp_err_status_t srtp_stream_clone(const srtp_stream_ctx_t *stream_template, uint32_t ssrc, srtp_stream_ctx_t **str_ptr) { srtp_err_status_t status; srtp_stream_ctx_t *str; unsigned int i = 0; srtp_session_keys_t *session_keys = NULL; const srtp_session_keys_t *template_session_keys = NULL; debug_print(mod_srtp, "cloning stream (SSRC: 0x%08x)", ntohl(ssrc)); /* allocate srtp stream and set str_ptr */ str = (srtp_stream_ctx_t *) srtp_crypto_alloc(sizeof(srtp_stream_ctx_t)); if (str == NULL) return srtp_err_status_alloc_fail; *str_ptr = str; str->num_master_keys = stream_template->num_master_keys; str->session_keys = (srtp_session_keys_t *)srtp_crypto_alloc( sizeof(srtp_session_keys_t) * str->num_master_keys); if (str->session_keys == NULL) { srtp_crypto_free(*str_ptr); *str_ptr = NULL; return srtp_err_status_alloc_fail; } for (i = 0; i < stream_template->num_master_keys; i++){ session_keys = &str->session_keys[i]; template_session_keys = &stream_template->session_keys[i]; /* set cipher and auth pointers to those of the template */ session_keys->rtp_cipher = template_session_keys->rtp_cipher; session_keys->rtp_auth = template_session_keys->rtp_auth; session_keys->rtp_xtn_hdr_cipher = template_session_keys->rtp_xtn_hdr_cipher; session_keys->rtcp_cipher = template_session_keys->rtcp_cipher; session_keys->rtcp_auth = template_session_keys->rtcp_auth; session_keys->mki_size = template_session_keys->mki_size; if (template_session_keys->mki_size == 0) { session_keys->mki_id = NULL; } else { session_keys->mki_id = srtp_crypto_alloc(template_session_keys->mki_size); if (session_keys->mki_id == NULL) { return srtp_err_status_init_fail; } memset(session_keys->mki_id, 0x0, session_keys->mki_size); memcpy(session_keys->mki_id, template_session_keys->mki_id, session_keys->mki_size); } /* Copy the salt values */ memcpy(session_keys->salt, template_session_keys->salt, SRTP_AEAD_SALT_LEN); memcpy(session_keys->c_salt, template_session_keys->c_salt, SRTP_AEAD_SALT_LEN); /* set key limit to point to that of the template */ status = srtp_key_limit_clone(template_session_keys->limit, &session_keys->limit); if (status) { srtp_crypto_free(*str_ptr); *str_ptr = NULL; return status; } } /* initialize replay databases */ status = srtp_rdbx_init(&str->rtp_rdbx, srtp_rdbx_get_window_size(&stream_template->rtp_rdbx)); if (status) { srtp_crypto_free(*str_ptr); *str_ptr = NULL; return status; } srtp_rdb_init(&str->rtcp_rdb); str->allow_repeat_tx = stream_template->allow_repeat_tx; /* set ssrc to that provided */ str->ssrc = ssrc; /* reset pending ROC */ str->pending_roc = 0; /* set direction and security services */ str->direction = stream_template->direction; str->rtp_services = stream_template->rtp_services; str->rtcp_services = stream_template->rtcp_services; /* set pointer to EKT data associated with stream */ str->ekt = stream_template->ekt; /* copy information about extensions header encryption */ str->enc_xtn_hdr = stream_template->enc_xtn_hdr; str->enc_xtn_hdr_count = stream_template->enc_xtn_hdr_count; /* defensive coding */ str->next = NULL; return srtp_err_status_ok; } /* * key derivation functions, internal to libSRTP * * srtp_kdf_t is a key derivation context * * srtp_kdf_init(&kdf, cipher_id, k, keylen) initializes kdf to use cipher * described by cipher_id, with the master key k with length in octets keylen. * * srtp_kdf_generate(&kdf, l, kl, keylen) derives the key * corresponding to label l and puts it into kl; the length * of the key in octets is provided as keylen. this function * should be called once for each subkey that is derived. * * srtp_kdf_clear(&kdf) zeroizes and deallocates the kdf state */ typedef enum { label_rtp_encryption = 0x00, label_rtp_msg_auth = 0x01, label_rtp_salt = 0x02, label_rtcp_encryption = 0x03, label_rtcp_msg_auth = 0x04, label_rtcp_salt = 0x05, label_rtp_header_encryption = 0x06, label_rtp_header_salt = 0x07 } srtp_prf_label; #define MAX_SRTP_KEY_LEN 256 #if defined(OPENSSL) && defined(OPENSSL_KDF) #define MAX_SRTP_AESKEY_LEN 32 #define MAX_SRTP_SALT_LEN 14 /* * srtp_kdf_t represents a key derivation function. The SRTP * default KDF is the only one implemented at present. */ typedef struct { uint8_t master_key[MAX_SRTP_AESKEY_LEN]; uint8_t master_salt[MAX_SRTP_SALT_LEN]; const EVP_CIPHER *evp; } srtp_kdf_t; static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t *key, int key_len, int salt_len) { memset(kdf, 0x0, sizeof(srtp_kdf_t)); /* The NULL cipher has zero key length */ if (key_len == 0) return srtp_err_status_ok; if ((key_len > MAX_SRTP_AESKEY_LEN) || (salt_len > MAX_SRTP_SALT_LEN)) { return srtp_err_status_bad_param; } switch (key_len) { case SRTP_AES_256_KEYSIZE: kdf->evp = EVP_aes_256_ctr(); break; case SRTP_AES_192_KEYSIZE: kdf->evp = EVP_aes_192_ctr(); break; case SRTP_AES_128_KEYSIZE: kdf->evp = EVP_aes_128_ctr(); break; default: return srtp_err_status_bad_param; break; } memcpy(kdf->master_key, key, key_len); memcpy(kdf->master_salt, key+key_len, salt_len); return srtp_err_status_ok; } static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label, uint8_t *key, unsigned int length) { int ret; /* The NULL cipher will not have an EVP */ if (!kdf->evp) return srtp_err_status_ok; octet_string_set_to_zero(key, length); /* * Invoke the OpenSSL SRTP KDF function * This is useful if OpenSSL is in FIPS mode and FIP * compliance is required for SRTP. */ ret = kdf_srtp(kdf->evp, (char *)&kdf->master_key, (char *)&kdf->master_salt, NULL, NULL, label, (char *)key); if (ret == -1) { return (srtp_err_status_algo_fail); } return srtp_err_status_ok; } static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) { octet_string_set_to_zero(kdf->master_key, MAX_SRTP_AESKEY_LEN); octet_string_set_to_zero(kdf->master_salt, MAX_SRTP_SALT_LEN); kdf->evp = NULL; return srtp_err_status_ok; } #else /* if OPENSSL_KDF */ /* * srtp_kdf_t represents a key derivation function. The SRTP * default KDF is the only one implemented at present. */ typedef struct { srtp_cipher_t *cipher; /* cipher used for key derivation */ } srtp_kdf_t; static srtp_err_status_t srtp_kdf_init(srtp_kdf_t *kdf, const uint8_t *key, int key_len) { srtp_cipher_type_id_t cipher_id; switch (key_len) { case SRTP_AES_ICM_256_KEY_LEN_WSALT: cipher_id = SRTP_AES_ICM_256; break; case SRTP_AES_ICM_192_KEY_LEN_WSALT: cipher_id = SRTP_AES_ICM_192; break; case SRTP_AES_ICM_128_KEY_LEN_WSALT: cipher_id = SRTP_AES_ICM_128; break; default: return srtp_err_status_bad_param; break; } srtp_err_status_t stat; stat = srtp_crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, key_len, 0); if (stat) return stat; stat = srtp_cipher_init(kdf->cipher, key); if (stat) { srtp_cipher_dealloc(kdf->cipher); return stat; } return srtp_err_status_ok; } static srtp_err_status_t srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label, uint8_t *key, unsigned int length) { srtp_err_status_t status; v128_t nonce; /* set eigth octet of nonce to <label>, set the rest of it to zero */ v128_set_to_zero(&nonce); nonce.v8[7] = label; status = srtp_cipher_set_iv(kdf->cipher, (uint8_t*)&nonce, srtp_direction_encrypt); if (status) return status; /* generate keystream output */ octet_string_set_to_zero(key, length); status = srtp_cipher_encrypt(kdf->cipher, key, &length); if (status) return status; return srtp_err_status_ok; } static srtp_err_status_t srtp_kdf_clear(srtp_kdf_t *kdf) { srtp_err_status_t status; status = srtp_cipher_dealloc(kdf->cipher); if (status) return status; kdf->cipher = NULL; return srtp_err_status_ok; } #endif /* else OPENSSL_KDF */ /* * end of key derivation functions */ /* Get the base key length corresponding to a given combined key+salt * length for the given cipher. * TODO: key and salt lengths should be separate fields in the policy. */ static inline int base_key_length(const srtp_cipher_type_t *cipher, int key_length) { switch (cipher->id) { case SRTP_AES_ICM_128: case SRTP_AES_ICM_192: case SRTP_AES_ICM_256: /* The legacy modes are derived from * the configured key length on the policy */ return key_length - SRTP_SALT_LEN; break; case SRTP_AES_GCM_128: return key_length - SRTP_AEAD_SALT_LEN; break; case SRTP_AES_GCM_256: return key_length - SRTP_AEAD_SALT_LEN; break; default: return key_length; break; } } unsigned int srtp_validate_policy_master_keys(const srtp_policy_t *policy) { int i = 0; if (policy->key == NULL) { if (policy->num_master_keys <= 0) return 0; if (policy->num_master_keys > SRTP_MAX_NUM_MASTER_KEYS) return 0; for (i = 0; i < policy->num_master_keys; i++) { if (policy->keys[i]->key == NULL) return 0; if (policy->keys[i]->mki_size > SRTP_MAX_MKI_LEN) return 0; } } return 1; } srtp_session_keys_t* srtp_get_session_keys_with_mki_index(srtp_stream_ctx_t *stream, unsigned int use_mki, unsigned int mki_index) { if (use_mki) { if (mki_index < stream->num_master_keys) { return &stream->session_keys[mki_index]; } } return &stream->session_keys[0]; } unsigned int srtp_inject_mki(uint8_t *mki_tag_location, srtp_session_keys_t* session_keys, unsigned int use_mki) { unsigned int mki_size = 0; if (use_mki) { mki_size = session_keys->mki_size; if (mki_size != 0) { // Write MKI into memory memcpy(mki_tag_location, session_keys->mki_id, mki_size); } } return mki_size; } srtp_err_status_t srtp_stream_init_all_master_keys(srtp_stream_ctx_t *srtp, unsigned char *key, srtp_master_key_t **keys, const unsigned int max_master_keys) { int i = 0; srtp_err_status_t status = srtp_err_status_ok; srtp_master_key_t single_master_key; if ( key != NULL ) { srtp->num_master_keys = 1; single_master_key.key = key; single_master_key.mki_id = NULL; single_master_key.mki_size = 0; status = srtp_stream_init_keys(srtp, &single_master_key, 0); } else { srtp->num_master_keys = max_master_keys; for (i = 0; i < srtp->num_master_keys && i < SRTP_MAX_NUM_MASTER_KEYS; i++) { status = srtp_stream_init_keys(srtp, keys[i], i); if (status) { return status; } } } return status; } srtp_err_status_t srtp_stream_init_keys(srtp_stream_ctx_t *srtp, srtp_master_key_t *master_key, const unsigned int current_mki_index) { srtp_err_status_t stat; srtp_kdf_t kdf; uint8_t tmp_key[MAX_SRTP_KEY_LEN]; int kdf_keylen = 30, rtp_keylen, rtcp_keylen; int rtp_base_key_len, rtp_salt_len; int rtcp_base_key_len, rtcp_salt_len; srtp_session_keys_t *session_keys = NULL; unsigned char *key = master_key->key; /* If RTP or RTCP have a key length > AES-128, assume matching kdf. */ /* TODO: kdf algorithm, master key length, and master salt length should * be part of srtp_policy_t. */ session_keys = &srtp->session_keys[current_mki_index]; /* initialize key limit to maximum value */ #ifdef NO_64BIT_MATH { uint64_t temp; temp = make64(UINT_MAX,UINT_MAX); srtp_key_limit_set(session_keys->limit, temp); } #else srtp_key_limit_set(session_keys->limit, 0xffffffffffffLL); #endif if ( master_key->mki_size != 0 ) { session_keys->mki_id = srtp_crypto_alloc(master_key->mki_size); if (session_keys->mki_id == NULL) { return srtp_err_status_init_fail; } memset(session_keys->mki_id, 0x0, master_key->mki_size); memcpy(session_keys->mki_id, master_key->mki_id, master_key->mki_size); } else { session_keys->mki_id = NULL; } session_keys->mki_size = master_key->mki_size; rtp_keylen = srtp_cipher_get_key_length(session_keys->rtp_cipher); rtcp_keylen = srtp_cipher_get_key_length(session_keys->rtcp_cipher); rtp_base_key_len = base_key_length(session_keys->rtp_cipher->type, rtp_keylen); rtp_salt_len = rtp_keylen - rtp_base_key_len; if (rtp_keylen > kdf_keylen) { kdf_keylen = 46; /* AES-CTR mode is always used for KDF */ } if (rtcp_keylen > kdf_keylen) { kdf_keylen = 46; /* AES-CTR mode is always used for KDF */ } debug_print(mod_srtp, "srtp key len: %d", rtp_keylen); debug_print(mod_srtp, "srtcp key len: %d", rtcp_keylen); debug_print(mod_srtp, "base key len: %d", rtp_base_key_len); debug_print(mod_srtp, "kdf key len: %d", kdf_keylen); debug_print(mod_srtp, "rtp salt len: %d", rtp_salt_len); /* * Make sure the key given to us is 'zero' appended. GCM * mode uses a shorter master SALT (96 bits), but still relies on * the legacy CTR mode KDF, which uses a 112 bit master SALT. */ memset(tmp_key, 0x0, MAX_SRTP_KEY_LEN); memcpy(tmp_key, key, (rtp_base_key_len + rtp_salt_len)); /* initialize KDF state */ #if defined(OPENSSL) && defined(OPENSSL_KDF) stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, rtp_base_key_len, rtp_salt_len); #else stat = srtp_kdf_init(&kdf, (const uint8_t *)tmp_key, kdf_keylen); #endif if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } /* generate encryption key */ stat = srtp_kdf_generate(&kdf, label_rtp_encryption, tmp_key, rtp_base_key_len); if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } debug_print(mod_srtp, "cipher key: %s", srtp_octet_string_hex_string(tmp_key, rtp_base_key_len)); /* * if the cipher in the srtp context uses a salt, then we need * to generate the salt value */ if (rtp_salt_len > 0) { debug_print(mod_srtp, "found rtp_salt_len > 0, generating salt", NULL); /* generate encryption salt, put after encryption key */ stat = srtp_kdf_generate(&kdf, label_rtp_salt, tmp_key + rtp_base_key_len, rtp_salt_len); if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } memcpy(session_keys->salt, tmp_key + rtp_base_key_len, SRTP_AEAD_SALT_LEN); } if (rtp_salt_len > 0) { debug_print(mod_srtp, "cipher salt: %s", srtp_octet_string_hex_string(tmp_key + rtp_base_key_len, rtp_salt_len)); } /* initialize cipher */ stat = srtp_cipher_init(session_keys->rtp_cipher, tmp_key); if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } if (session_keys->rtp_xtn_hdr_cipher) { /* generate extensions header encryption key */ int rtp_xtn_hdr_keylen; int rtp_xtn_hdr_base_key_len; int rtp_xtn_hdr_salt_len; srtp_kdf_t tmp_kdf; srtp_kdf_t *xtn_hdr_kdf; if (session_keys->rtp_xtn_hdr_cipher->type != session_keys->rtp_cipher->type) { /* With GCM ciphers, the header extensions are still encrypted using the corresponding ICM cipher. */ /* See https://tools.ietf.org/html/rfc7714#section-8.3 */ uint8_t tmp_xtn_hdr_key[MAX_SRTP_KEY_LEN]; rtp_xtn_hdr_keylen = srtp_cipher_get_key_length(session_keys->rtp_xtn_hdr_cipher); rtp_xtn_hdr_base_key_len = base_key_length(session_keys->rtp_xtn_hdr_cipher->type, rtp_xtn_hdr_keylen); rtp_xtn_hdr_salt_len = rtp_xtn_hdr_keylen - rtp_xtn_hdr_base_key_len; if (rtp_xtn_hdr_salt_len > rtp_salt_len) { switch (session_keys->rtp_cipher->type->id) { case SRTP_AES_GCM_128: case SRTP_AES_GCM_256: /* The shorter GCM salt is padded to the required ICM salt length. */ rtp_xtn_hdr_salt_len = rtp_salt_len; break; default: /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_bad_param; } } memset(tmp_xtn_hdr_key, 0x0, MAX_SRTP_KEY_LEN); memcpy(tmp_xtn_hdr_key, key, (rtp_xtn_hdr_base_key_len + rtp_xtn_hdr_salt_len)); xtn_hdr_kdf = &tmp_kdf; /* initialize KDF state */ #if defined(OPENSSL) && defined(OPENSSL_KDF) stat = srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key, rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len); #else stat = srtp_kdf_init(xtn_hdr_kdf, (const uint8_t *)tmp_xtn_hdr_key, kdf_keylen); #endif octet_string_set_to_zero(tmp_xtn_hdr_key, MAX_SRTP_KEY_LEN); if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } } else { /* Reuse main KDF. */ rtp_xtn_hdr_keylen = rtp_keylen; rtp_xtn_hdr_base_key_len = rtp_base_key_len; rtp_xtn_hdr_salt_len = rtp_salt_len; xtn_hdr_kdf = &kdf; } stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_encryption, tmp_key, rtp_xtn_hdr_base_key_len); if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } debug_print(mod_srtp, "extensions cipher key: %s", srtp_octet_string_hex_string(tmp_key, rtp_xtn_hdr_base_key_len)); /* * if the cipher in the srtp context uses a salt, then we need * to generate the salt value */ if (rtp_xtn_hdr_salt_len > 0) { debug_print(mod_srtp, "found rtp_xtn_hdr_salt_len > 0, generating salt", NULL); /* generate encryption salt, put after encryption key */ stat = srtp_kdf_generate(xtn_hdr_kdf, label_rtp_header_salt, tmp_key + rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len); if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } } if (rtp_xtn_hdr_salt_len > 0) { debug_print(mod_srtp, "extensions cipher salt: %s", srtp_octet_string_hex_string(tmp_key + rtp_xtn_hdr_base_key_len, rtp_xtn_hdr_salt_len)); } /* initialize extensions header cipher */ stat = srtp_cipher_init(session_keys->rtp_xtn_hdr_cipher, tmp_key); if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } if (xtn_hdr_kdf != &kdf) { /* release memory for custom header extension encryption kdf */ stat = srtp_kdf_clear(xtn_hdr_kdf); if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } } } /* generate authentication key */ stat = srtp_kdf_generate(&kdf, label_rtp_msg_auth, tmp_key, srtp_auth_get_key_length(session_keys->rtp_auth)); if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } debug_print(mod_srtp, "auth key: %s", srtp_octet_string_hex_string(tmp_key, srtp_auth_get_key_length(session_keys->rtp_auth))); /* initialize auth function */ stat = srtp_auth_init(session_keys->rtp_auth, tmp_key); if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } /* * ...now initialize SRTCP keys */ rtcp_base_key_len = base_key_length(session_keys->rtcp_cipher->type, rtcp_keylen); rtcp_salt_len = rtcp_keylen - rtcp_base_key_len; debug_print(mod_srtp, "rtcp salt len: %d", rtcp_salt_len); /* generate encryption key */ stat = srtp_kdf_generate(&kdf, label_rtcp_encryption, tmp_key, rtcp_base_key_len); if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } /* * if the cipher in the srtp context uses a salt, then we need * to generate the salt value */ if (rtcp_salt_len > 0) { debug_print(mod_srtp, "found rtcp_salt_len > 0, generating rtcp salt", NULL); /* generate encryption salt, put after encryption key */ stat = srtp_kdf_generate(&kdf, label_rtcp_salt, tmp_key + rtcp_base_key_len, rtcp_salt_len); if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } memcpy(session_keys->c_salt, tmp_key + rtcp_base_key_len, SRTP_AEAD_SALT_LEN); } debug_print(mod_srtp, "rtcp cipher key: %s", srtp_octet_string_hex_string(tmp_key, rtcp_base_key_len)); if (rtcp_salt_len > 0) { debug_print(mod_srtp, "rtcp cipher salt: %s", srtp_octet_string_hex_string(tmp_key + rtcp_base_key_len, rtcp_salt_len)); } /* initialize cipher */ stat = srtp_cipher_init(session_keys->rtcp_cipher, tmp_key); if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } /* generate authentication key */ stat = srtp_kdf_generate(&kdf, label_rtcp_msg_auth, tmp_key, srtp_auth_get_key_length(session_keys->rtcp_auth)); if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } debug_print(mod_srtp, "rtcp auth key: %s", srtp_octet_string_hex_string(tmp_key, srtp_auth_get_key_length(session_keys->rtcp_auth))); /* initialize auth function */ stat = srtp_auth_init(session_keys->rtcp_auth, tmp_key); if (stat) { /* zeroize temp buffer */ octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); return srtp_err_status_init_fail; } /* clear memory then return */ stat = srtp_kdf_clear(&kdf); octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN); if (stat) return srtp_err_status_init_fail; return srtp_err_status_ok; } srtp_err_status_t srtp_stream_init(srtp_stream_ctx_t *srtp, const srtp_policy_t *p) { srtp_err_status_t err; debug_print(mod_srtp, "initializing stream (SSRC: 0x%08x)", p->ssrc.value); /* initialize replay database */ /* window size MUST be at least 64. MAY be larger. Values more than * 2^15 aren't meaningful due to how extended sequence numbers are * calculated. Let a window size of 0 imply the default value. */ if (p->window_size != 0 && (p->window_size < 64 || p->window_size >= 0x8000)) return srtp_err_status_bad_param; if (p->window_size != 0) err = srtp_rdbx_init(&srtp->rtp_rdbx, p->window_size); else err = srtp_rdbx_init(&srtp->rtp_rdbx, 128); if (err) return err; /* set the SSRC value */ srtp->ssrc = htonl(p->ssrc.value); /* reset pending ROC */ srtp->pending_roc = 0; /* set the security service flags */ srtp->rtp_services = p->rtp.sec_serv; srtp->rtcp_services = p->rtcp.sec_serv; /* * set direction to unknown - this flag gets checked in srtp_protect(), * srtp_unprotect(), srtp_protect_rtcp(), and srtp_unprotect_rtcp(), and * gets set appropriately if it is set to unknown. */ srtp->direction = dir_unknown; /* initialize SRTCP replay database */ srtp_rdb_init(&srtp->rtcp_rdb); /* initialize allow_repeat_tx */ /* guard against uninitialized memory: allow only 0 or 1 here */ if (p->allow_repeat_tx != 0 && p->allow_repeat_tx != 1) { srtp_rdbx_dealloc(&srtp->rtp_rdbx); return srtp_err_status_bad_param; } srtp->allow_repeat_tx = p->allow_repeat_tx; /* DAM - no RTCP key limit at present */ /* initialize keys */ err = srtp_stream_init_all_master_keys(srtp, p->key, p->keys, p->num_master_keys); if (err) { srtp_rdbx_dealloc(&srtp->rtp_rdbx); return err; } /* * if EKT is in use, then initialize the EKT data associated with * the stream */ err = srtp_ekt_stream_init_from_policy(srtp->ekt, p->ekt); if (err) { srtp_rdbx_dealloc(&srtp->rtp_rdbx); return err; } return srtp_err_status_ok; } /* * srtp_event_reporter is an event handler function that merely * reports the events that are reported by the callbacks */ void srtp_event_reporter(srtp_event_data_t *data) { srtp_err_report(srtp_err_level_warning, "srtp: in stream 0x%x: ", data->ssrc); switch(data->event) { case event_ssrc_collision: srtp_err_report(srtp_err_level_warning, "\tSSRC collision\n"); break; case event_key_soft_limit: srtp_err_report(srtp_err_level_warning, "\tkey usage soft limit reached\n"); break; case event_key_hard_limit: srtp_err_report(srtp_err_level_warning, "\tkey usage hard limit reached\n"); break; case event_packet_index_limit: srtp_err_report(srtp_err_level_warning, "\tpacket index limit reached\n"); break; default: srtp_err_report(srtp_err_level_warning, "\tunknown event reported to handler\n"); } } /* * srtp_event_handler is a global variable holding a pointer to the * event handler function; this function is called for any unexpected * event that needs to be handled out of the SRTP data path. see * srtp_event_t in srtp.h for more info * * it is okay to set srtp_event_handler to NULL, but we set * it to the srtp_event_reporter. */ static srtp_event_handler_func_t *srtp_event_handler = srtp_event_reporter; srtp_err_status_t srtp_install_event_handler(srtp_event_handler_func_t func) { /* * note that we accept NULL arguments intentionally - calling this * function with a NULL arguments removes an event handler that's * been previously installed */ /* set global event handling function */ srtp_event_handler = func; return srtp_err_status_ok; } /* * Check if the given extension header id is / should be encrypted. * Returns 1 if yes, otherwise 0. */ static int srtp_protect_extension_header(srtp_stream_ctx_t *stream, int id) { int* enc_xtn_hdr = stream->enc_xtn_hdr; int count = stream->enc_xtn_hdr_count; if (!enc_xtn_hdr || count <= 0) { return 0; } while (count > 0) { if (*enc_xtn_hdr == id) { return 1; } enc_xtn_hdr++; count--; } return 0; } /* * extensions header encryption RFC 6904 */ static srtp_err_status_t srtp_process_header_encryption(srtp_stream_ctx_t *stream, srtp_hdr_xtnd_t *xtn_hdr, srtp_session_keys_t *session_keys) { srtp_err_status_t status; uint8_t keystream[257]; /* Maximum 2 bytes header + 255 bytes data. */ int keystream_pos; uint8_t* xtn_hdr_data = ((uint8_t *)xtn_hdr) + octets_in_rtp_extn_hdr; uint8_t* xtn_hdr_end = xtn_hdr_data + (ntohs(xtn_hdr->length) * sizeof(uint32_t)); if (ntohs(xtn_hdr->profile_specific) == 0xbede) { /* RFC 5285, section 4.2. One-Byte Header */ while (xtn_hdr_data < xtn_hdr_end) { uint8_t xid = (*xtn_hdr_data & 0xf0) >> 4; unsigned int xlen = (*xtn_hdr_data & 0x0f) + 1; uint32_t xlen_with_header = 1+xlen; xtn_hdr_data++; if (xtn_hdr_data + xlen > xtn_hdr_end) return srtp_err_status_parse_err; if (xid == 15) { /* found header 15, stop further processing. */ break; } status = srtp_cipher_output(session_keys->rtp_xtn_hdr_cipher, keystream, &xlen_with_header); if (status) return srtp_err_status_cipher_fail; if (srtp_protect_extension_header(stream, xid)) { keystream_pos = 1; while (xlen > 0) { *xtn_hdr_data ^= keystream[keystream_pos++]; xtn_hdr_data++; xlen--; } } else { xtn_hdr_data += xlen; } /* skip padding bytes. */ while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) { xtn_hdr_data++; } } } else if ((ntohs(xtn_hdr->profile_specific) & 0x1fff) == 0x100) { /* RFC 5285, section 4.3. Two-Byte Header */ while (xtn_hdr_data + 1 < xtn_hdr_end) { uint8_t xid = *xtn_hdr_data; unsigned int xlen = *(xtn_hdr_data+1); uint32_t xlen_with_header = 2+xlen; xtn_hdr_data += 2; if (xtn_hdr_data + xlen > xtn_hdr_end) return srtp_err_status_parse_err; status = srtp_cipher_output(session_keys->rtp_xtn_hdr_cipher, keystream, &xlen_with_header); if (status) return srtp_err_status_cipher_fail; if (xlen > 0 && srtp_protect_extension_header(stream, xid)) { keystream_pos = 2; while (xlen > 0) { *xtn_hdr_data ^= keystream[keystream_pos++]; xtn_hdr_data++; xlen--; } } else { xtn_hdr_data += xlen; } /* skip padding bytes. */ while (xtn_hdr_data < xtn_hdr_end && *xtn_hdr_data == 0) { xtn_hdr_data++; } } } else { /* unsupported extension header format. */ return srtp_err_status_parse_err; } return srtp_err_status_ok; } /* * AEAD uses a new IV formation method. This function implements * section 8.1. (SRTP IV Formation for AES-GCM) of RFC7714. * The calculation is defined as, where (+) is the xor operation: * * * 0 0 0 0 0 0 0 0 0 0 1 1 * 0 1 2 3 4 5 6 7 8 9 0 1 * +--+--+--+--+--+--+--+--+--+--+--+--+ * |00|00| SSRC | ROC | SEQ |---+ * +--+--+--+--+--+--+--+--+--+--+--+--+ | * | * +--+--+--+--+--+--+--+--+--+--+--+--+ | * | Encryption Salt |->(+) * +--+--+--+--+--+--+--+--+--+--+--+--+ | * | * +--+--+--+--+--+--+--+--+--+--+--+--+ | * | Initialization Vector |<--+ * +--+--+--+--+--+--+--+--+--+--+--+--+* * * Input: *session_keys - pointer to SRTP stream context session keys, * used to retrieve the SALT * *iv - Pointer to receive the calculated IV * *seq - The ROC and SEQ value to use for the * IV calculation. * *hdr - The RTP header, used to get the SSRC value * */ static void srtp_calc_aead_iv(srtp_session_keys_t *session_keys, v128_t *iv, srtp_xtd_seq_num_t *seq, srtp_hdr_t *hdr) { v128_t in; v128_t salt; #ifdef NO_64BIT_MATH uint32_t local_roc = ((high32(*seq) << 16) | (low32(*seq) >> 16)); uint16_t local_seq = (uint16_t) (low32(*seq)); #else uint32_t local_roc = (uint32_t)(*seq >> 16); uint16_t local_seq = (uint16_t) *seq; #endif memset(&in, 0, sizeof(v128_t)); memset(&salt, 0, sizeof(v128_t)); in.v16[5] = htons(local_seq); local_roc = htonl(local_roc); memcpy(&in.v16[3], &local_roc, sizeof(local_roc)); /* * Copy in the RTP SSRC value */ memcpy(&in.v8[2], &hdr->ssrc, 4); debug_print(mod_srtp, "Pre-salted RTP IV = %s\n", v128_hex_string(&in)); /* * Get the SALT value from the context */ memcpy(salt.v8, session_keys->salt, SRTP_AEAD_SALT_LEN); debug_print(mod_srtp, "RTP SALT = %s\n", v128_hex_string(&salt)); /* * Finally, apply tyhe SALT to the input */ v128_xor(iv, &in, &salt); } srtp_session_keys_t* srtp_get_session_keys(srtp_stream_ctx_t *stream, uint8_t* hdr, const unsigned int* pkt_octet_len, unsigned int* mki_size) { unsigned int base_mki_start_location = *pkt_octet_len; unsigned int mki_start_location = 0; unsigned int tag_len = 0; unsigned int i = 0; // Determine the authentication tag size if (stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_128 || stream->session_keys[0].rtp_cipher->algorithm == SRTP_AES_GCM_256) { tag_len = 0; } else { tag_len = srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth); } if (tag_len > base_mki_start_location) { *mki_size = 0; return NULL; } base_mki_start_location -= tag_len; for (i = 0; i < stream->num_master_keys; i++) { if (stream->session_keys[i].mki_size != 0) { *mki_size = stream->session_keys[i].mki_size; mki_start_location = base_mki_start_location - *mki_size; if ( mki_start_location >= *mki_size && memcmp(hdr + mki_start_location, stream->session_keys[i].mki_id, *mki_size) == 0 ) { return &stream->session_keys[i]; } } } *mki_size = 0; return NULL; } static srtp_err_status_t srtp_estimate_index(srtp_rdbx_t *rdbx, uint32_t roc, srtp_xtd_seq_num_t *est, srtp_sequence_number_t seq, int *delta) { #ifdef NO_64BIT_MATH uint32_t internal_pkt_idx_reduced; uint32_t external_pkt_idx_reduced; uint32_t internal_roc; uint32_t roc_difference; #endif #ifdef NO_64BIT_MATH *est = (srtp_xtd_seq_num_t)make64(roc >> 16, (roc << 16) | seq); *delta = low32(est) - rdbx->index; #else *est = (srtp_xtd_seq_num_t)(((uint64_t)roc) << 16) | seq; *delta = (int)(*est - rdbx->index); #endif if (*est > rdbx->index) { #ifdef NO_64BIT_MATH internal_roc = (uint32_t)(rdbx->index >> 16); roc_difference = roc - internal_roc; if (roc_difference > 1) { *delta = 0; return srtp_err_status_pkt_idx_adv; } internal_pkt_idx_reduced = (uint32_t)(rdbx->index & 0xFFFF); external_pkt_idx_reduced = (uint32_t)((roc_difference << 16) | seq); if (external_pkt_idx_reduced - internal_pkt_idx_reduced > seq_num_median) { *delta = 0; return srtp_err_status_pkt_idx_adv; } #else if (*est - rdbx->index > seq_num_median) { *delta = 0; return srtp_err_status_pkt_idx_adv; } #endif } else if (*est < rdbx->index) { #ifdef NO_64BIT_MATH internal_roc = (uint32_t)(rdbx->index >> 16); roc_difference = internal_roc - roc; if (roc_difference > 1) { *delta = 0; return srtp_err_status_pkt_idx_adv; } internal_pkt_idx_reduced = (uint32_t)((roc_difference << 16) | rdbx->index & 0xFFFF); external_pkt_idx_reduced = (uint32_t)(seq); if (internal_pkt_idx_reduced - external_pkt_idx_reduced > seq_num_median) { *delta = 0; return srtp_err_status_pkt_idx_old; } #else if (rdbx->index - *est > seq_num_median) { *delta = 0; return srtp_err_status_pkt_idx_old; } #endif } return srtp_err_status_ok; } static srtp_err_status_t srtp_get_est_pkt_index(srtp_hdr_t *hdr, srtp_stream_ctx_t *stream, srtp_xtd_seq_num_t *est, int *delta) { srtp_err_status_t result = srtp_err_status_ok; if (stream->pending_roc) { result = srtp_estimate_index(&stream->rtp_rdbx, stream->pending_roc, est, ntohs(hdr->seq), delta); } else { /* estimate packet index from seq. num. in header */ *delta = srtp_rdbx_estimate_index(&stream->rtp_rdbx, est, ntohs(hdr->seq)); } #ifdef NO_64BIT_MATH debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(*est), low32(*est)); #else debug_print(mod_srtp, "estimated u_packet index: %016llx", *est); #endif return result; } /* * This function handles outgoing SRTP packets while in AEAD mode, * which currently supports AES-GCM encryption. All packets are * encrypted and authenticated. */ static srtp_err_status_t srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, void *rtp_hdr, unsigned int *pkt_octet_len, srtp_session_keys_t *session_keys, unsigned int use_mki) { srtp_hdr_t *hdr = (srtp_hdr_t*)rtp_hdr; uint32_t *enc_start; /* pointer to start of encrypted portion */ int enc_octet_len = 0; /* number of octets in encrypted portion */ srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ int delta; /* delta of local pkt idx and that in hdr */ srtp_err_status_t status; uint32_t tag_len; v128_t iv; unsigned int aad_len; srtp_hdr_xtnd_t *xtn_hdr = NULL; unsigned int mki_size = 0; uint8_t *mki_location = NULL; debug_print(mod_srtp, "function srtp_protect_aead", NULL); /* * update the key usage limit, and check it to make sure that we * didn't just hit either the soft limit or the hard limit, and call * the event handler if we hit either. */ switch (srtp_key_limit_update(session_keys->limit)) { case srtp_key_event_normal: break; case srtp_key_event_hard_limit: srtp_handle_event(ctx, stream, event_key_hard_limit); return srtp_err_status_key_expired; case srtp_key_event_soft_limit: default: srtp_handle_event(ctx, stream, event_key_soft_limit); break; } /* get tag length from stream */ tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth); /* * find starting point for encryption and length of data to be * encrypted - the encrypted portion starts after the rtp header * extension, if present; otherwise, it starts after the last csrc, * if any are present */ enc_start = (uint32_t*)hdr + uint32s_in_rtp_header + hdr->cc; if (hdr->x == 1) { xtn_hdr = (srtp_hdr_xtnd_t*)enc_start; enc_start += (ntohs(xtn_hdr->length) + 1); } /* note: the passed size is without the auth tag */ if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len)) return srtp_err_status_parse_err; enc_octet_len = (int)(*pkt_octet_len - ((uint8_t*)enc_start - (uint8_t*)hdr)); if (enc_octet_len < 0) return srtp_err_status_parse_err; /* * estimate the packet index using the start of the replay window * and the sequence number from the header */ delta = srtp_rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq)); status = srtp_rdbx_check(&stream->rtp_rdbx, delta); if (status) { if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx) { return status; /* we've been asked to reuse an index */ } } else { srtp_rdbx_add_index(&stream->rtp_rdbx, delta); } #ifdef NO_64BIT_MATH debug_print2(mod_srtp, "estimated packet index: %08x%08x", high32(est), low32(est)); #else debug_print(mod_srtp, "estimated packet index: %016llx", est); #endif /* * AEAD uses a new IV formation method */ srtp_calc_aead_iv(session_keys, &iv, &est, hdr); /* shift est, put into network byte order */ #ifdef NO_64BIT_MATH est = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16)); #else est = be64_to_cpu(est << 16); #endif status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); if (!status && session_keys->rtp_xtn_hdr_cipher) { iv.v32[0] = 0; iv.v32[1] = hdr->ssrc; iv.v64[1] = est; status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt); } if (status) { return srtp_err_status_cipher_fail; } if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) { /* * extensions header encryption RFC 6904 */ status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); if (status) { return status; } } /* * Set the AAD over the RTP header */ aad_len = (uint8_t *)enc_start - (uint8_t *)hdr; status = srtp_cipher_set_aad(session_keys->rtp_cipher, (uint8_t*)hdr, aad_len); if (status) { return ( srtp_err_status_cipher_fail); } /* Encrypt the payload */ status = srtp_cipher_encrypt(session_keys->rtp_cipher, (uint8_t*)enc_start, (unsigned int *)&enc_octet_len); if (status) { return srtp_err_status_cipher_fail; } /* * If we're doing GCM, we need to get the tag * and append that to the output */ status = srtp_cipher_get_tag(session_keys->rtp_cipher, (uint8_t*)enc_start+enc_octet_len, &tag_len); if (status) { return ( srtp_err_status_cipher_fail); } mki_location = (uint8_t *)hdr + *pkt_octet_len + tag_len; mki_size = srtp_inject_mki(mki_location, session_keys, use_mki); /* increase the packet length by the length of the auth tag */ *pkt_octet_len += tag_len; /* increase the packet length by the length of the mki_size */ *pkt_octet_len += mki_size; return srtp_err_status_ok; } /* * This function handles incoming SRTP packets while in AEAD mode, * which currently supports AES-GCM encryption. All packets are * encrypted and authenticated. Note, the auth tag is at the end * of the packet stream and is automatically checked by GCM * when decrypting the payload. */ static srtp_err_status_t srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta, srtp_xtd_seq_num_t est, void *srtp_hdr, unsigned int *pkt_octet_len, srtp_session_keys_t *session_keys, unsigned int mki_size) { srtp_hdr_t *hdr = (srtp_hdr_t*)srtp_hdr; uint32_t *enc_start; /* pointer to start of encrypted portion */ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ v128_t iv; srtp_err_status_t status; int tag_len; unsigned int aad_len; srtp_hdr_xtnd_t *xtn_hdr = NULL; debug_print(mod_srtp, "function srtp_unprotect_aead", NULL); #ifdef NO_64BIT_MATH debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est), low32(est)); #else debug_print(mod_srtp, "estimated u_packet index: %016llx", est); #endif /* get tag length from stream */ tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth); /* * AEAD uses a new IV formation method */ srtp_calc_aead_iv(session_keys, &iv, &est, hdr); status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t*)&iv, srtp_direction_decrypt); if (!status && session_keys->rtp_xtn_hdr_cipher) { iv.v32[0] = 0; iv.v32[1] = hdr->ssrc; #ifdef NO_64BIT_MATH iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16)); #else iv.v64[1] = be64_to_cpu(est << 16); #endif status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt); } if (status) { return srtp_err_status_cipher_fail; } /* * find starting point for decryption and length of data to be * decrypted - the encrypted portion starts after the rtp header * extension, if present; otherwise, it starts after the last csrc, * if any are present */ enc_start = (uint32_t*)hdr + uint32s_in_rtp_header + hdr->cc; if (hdr->x == 1) { xtn_hdr = (srtp_hdr_xtnd_t*)enc_start; enc_start += (ntohs(xtn_hdr->length) + 1); } if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len - mki_size))) return srtp_err_status_parse_err; /* * We pass the tag down to the cipher when doing GCM mode */ enc_octet_len = (unsigned int)(*pkt_octet_len - mki_size - ((uint8_t*)enc_start - (uint8_t*)hdr)); /* * Sanity check the encrypted payload length against * the tag size. It must always be at least as large * as the tag length. */ if (enc_octet_len < (unsigned int) tag_len) { return srtp_err_status_cipher_fail; } /* * update the key usage limit, and check it to make sure that we * didn't just hit either the soft limit or the hard limit, and call * the event handler if we hit either. */ switch (srtp_key_limit_update(session_keys->limit)) { case srtp_key_event_normal: break; case srtp_key_event_soft_limit: srtp_handle_event(ctx, stream, event_key_soft_limit); break; case srtp_key_event_hard_limit: srtp_handle_event(ctx, stream, event_key_hard_limit); return srtp_err_status_key_expired; default: break; } /* * Set the AAD for AES-GCM, which is the RTP header */ aad_len = (uint8_t *)enc_start - (uint8_t *)hdr; status = srtp_cipher_set_aad(session_keys->rtp_cipher, (uint8_t*)hdr, aad_len); if (status) { return ( srtp_err_status_cipher_fail); } /* Decrypt the ciphertext. This also checks the auth tag based * on the AAD we just specified above */ status = srtp_cipher_decrypt(session_keys->rtp_cipher, (uint8_t*)enc_start, &enc_octet_len); if (status) { return status; } if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) { /* * extensions header encryption RFC 6904 */ status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); if (status) { return status; } } /* * verify that stream is for received traffic - this check will * detect SSRC collisions, since a stream that appears in both * srtp_protect() and srtp_unprotect() will fail this test in one of * those functions. * * we do this check *after* the authentication check, so that the * latter check will catch any attempts to fool us into thinking * that we've got a collision */ if (stream->direction != dir_srtp_receiver) { if (stream->direction == dir_unknown) { stream->direction = dir_srtp_receiver; } else { srtp_handle_event(ctx, stream, event_ssrc_collision); } } /* * if the stream is a 'provisional' one, in which the template context * is used, then we need to allocate a new stream at this point, since * the authentication passed */ if (stream == ctx->stream_template) { srtp_stream_ctx_t *new_stream; /* * allocate and initialize a new stream * * note that we indicate failure if we can't allocate the new * stream, and some implementations will want to not return * failure here */ status = srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); if (status) { return status; } /* add new stream to the head of the stream_list */ new_stream->next = ctx->stream_list; ctx->stream_list = new_stream; /* set stream (the pointer used in this function) */ stream = new_stream; } /* * the message authentication function passed, so add the packet * index into the replay database */ srtp_rdbx_add_index(&stream->rtp_rdbx, delta); /* decrease the packet length by the length of the auth tag */ *pkt_octet_len -= tag_len; /* decrease the packet length by the length of the mki_size */ *pkt_octet_len -= mki_size; return srtp_err_status_ok; } srtp_err_status_t srtp_protect(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len) { return srtp_protect_mki(ctx, rtp_hdr, pkt_octet_len, 0, 0); } srtp_err_status_t srtp_protect_mki(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len, unsigned int use_mki, unsigned int mki_index ) { srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr; uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *auth_start; /* pointer to start of auth. portion */ int enc_octet_len = 0; /* number of octets in encrypted portion */ srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ int delta; /* delta of local pkt idx and that in hdr */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ srtp_err_status_t status; int tag_len; srtp_stream_ctx_t *stream; uint32_t prefix_len; srtp_hdr_xtnd_t *xtn_hdr = NULL; unsigned int mki_size = 0; srtp_session_keys_t *session_keys = NULL; uint8_t* mki_location = NULL; int advance_packet_index = 0; debug_print(mod_srtp, "function srtp_protect", NULL); /* we assume the hdr is 32-bit aligned to start */ /* Verify RTP header */ status = srtp_validate_rtp_header(rtp_hdr, pkt_octet_len); if (status) return status; /* check the packet length - it must at least contain a full header */ if (*pkt_octet_len < octets_in_rtp_header) return srtp_err_status_bad_param; /* * look up ssrc in srtp_stream list, and process the packet with * the appropriate stream. if we haven't seen this stream before, * there's a template key for this srtp_session, and the cipher * supports key-sharing, then we assume that a new stream using * that key has just started up */ stream = srtp_get_stream(ctx, hdr->ssrc); if (stream == NULL) { if (ctx->stream_template != NULL) { srtp_stream_ctx_t *new_stream; /* allocate and initialize a new stream */ status = srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); if (status) return status; /* add new stream to the head of the stream_list */ new_stream->next = ctx->stream_list; ctx->stream_list = new_stream; /* set direction to outbound */ new_stream->direction = dir_srtp_sender; /* set stream (the pointer used in this function) */ stream = new_stream; } else { /* no template stream, so we return an error */ return srtp_err_status_no_ctx; } } /* * verify that stream is for sending traffic - this check will * detect SSRC collisions, since a stream that appears in both * srtp_protect() and srtp_unprotect() will fail this test in one of * those functions. */ if (stream->direction != dir_srtp_sender) { if (stream->direction == dir_unknown) { stream->direction = dir_srtp_sender; } else { srtp_handle_event(ctx, stream, event_ssrc_collision); } } session_keys = srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index); /* * Check if this is an AEAD stream (GCM mode). If so, then dispatch * the request to our AEAD handler. */ if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { return srtp_protect_aead(ctx, stream, rtp_hdr, (unsigned int*)pkt_octet_len, session_keys, use_mki); } /* * update the key usage limit, and check it to make sure that we * didn't just hit either the soft limit or the hard limit, and call * the event handler if we hit either. */ switch(srtp_key_limit_update(session_keys->limit)) { case srtp_key_event_normal: break; case srtp_key_event_soft_limit: srtp_handle_event(ctx, stream, event_key_soft_limit); break; case srtp_key_event_hard_limit: srtp_handle_event(ctx, stream, event_key_hard_limit); return srtp_err_status_key_expired; default: break; } /* get tag length from stream */ tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth); /* * find starting point for encryption and length of data to be * encrypted - the encrypted portion starts after the rtp header * extension, if present; otherwise, it starts after the last csrc, * if any are present * * if we're not providing confidentiality, set enc_start to NULL */ if (stream->rtp_services & sec_serv_conf) { enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; if (hdr->x == 1) { xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; enc_start += (ntohs(xtn_hdr->length) + 1); } /* note: the passed size is without the auth tag */ if (!((uint8_t*)enc_start <= (uint8_t*)hdr + *pkt_octet_len)) return srtp_err_status_parse_err; enc_octet_len = (int)(*pkt_octet_len - ((uint8_t*)enc_start - (uint8_t*)hdr)); if (enc_octet_len < 0) return srtp_err_status_parse_err; } else { enc_start = NULL; } mki_location = (uint8_t *)hdr + *pkt_octet_len; mki_size = srtp_inject_mki(mki_location, session_keys, use_mki); /* * if we're providing authentication, set the auth_start and auth_tag * pointers to the proper locations; otherwise, set auth_start to NULL * to indicate that no authentication is needed */ if (stream->rtp_services & sec_serv_auth) { auth_start = (uint32_t *)hdr; auth_tag = (uint8_t *)hdr + *pkt_octet_len + mki_size; } else { auth_start = NULL; auth_tag = NULL; } /* * estimate the packet index using the start of the replay window * and the sequence number from the header */ status = srtp_get_est_pkt_index(hdr, stream, &est, &delta); if (status && (status != srtp_err_status_pkt_idx_adv)) return status; if (status == srtp_err_status_pkt_idx_adv) advance_packet_index = 1; if (advance_packet_index) { srtp_rdbx_set_roc_seq(&stream->rtp_rdbx, (uint32_t)(est >> 16), (uint16_t)(est & 0xFFFF)); stream->pending_roc = 0; srtp_rdbx_add_index(&stream->rtp_rdbx, 0); } else { status = srtp_rdbx_check(&stream->rtp_rdbx, delta); if (status) { if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx) return status; /* we've been asked to reuse an index */ } srtp_rdbx_add_index(&stream->rtp_rdbx, delta); } #ifdef NO_64BIT_MATH debug_print2(mod_srtp, "estimated packet index: %08x%08x", high32(est),low32(est)); #else debug_print(mod_srtp, "estimated packet index: %016llx", est); #endif /* * if we're using rindael counter mode, set nonce and seq */ if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM_128 || session_keys->rtp_cipher->type->id == SRTP_AES_ICM_192 || session_keys->rtp_cipher->type->id == SRTP_AES_ICM_256) { v128_t iv; iv.v32[0] = 0; iv.v32[1] = hdr->ssrc; #ifdef NO_64BIT_MATH iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16)); #else iv.v64[1] = be64_to_cpu(est << 16); #endif status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); if (!status && session_keys->rtp_xtn_hdr_cipher) { status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt); } } else { v128_t iv; /* otherwise, set the index to est */ #ifdef NO_64BIT_MATH iv.v32[0] = 0; iv.v32[1] = 0; #else iv.v64[0] = 0; #endif iv.v64[1] = be64_to_cpu(est); status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); if (!status && session_keys->rtp_xtn_hdr_cipher) { status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_encrypt); } } if (status) return srtp_err_status_cipher_fail; /* shift est, put into network byte order */ #ifdef NO_64BIT_MATH est = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16)); #else est = be64_to_cpu(est << 16); #endif /* * if we're authenticating using a universal hash, put the keystream * prefix into the authentication tag */ if (auth_start) { prefix_len = srtp_auth_get_prefix_length(session_keys->rtp_auth); if (prefix_len) { status = srtp_cipher_output(session_keys->rtp_cipher, auth_tag, &prefix_len); if (status) return srtp_err_status_cipher_fail; debug_print(mod_srtp, "keystream prefix: %s", srtp_octet_string_hex_string(auth_tag, prefix_len)); } } if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) { /* * extensions header encryption RFC 6904 */ status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); if (status) { return status; } } /* if we're encrypting, exor keystream into the message */ if (enc_start) { status = srtp_cipher_encrypt(session_keys->rtp_cipher, (uint8_t *)enc_start, (unsigned int *)&enc_octet_len); if (status) return srtp_err_status_cipher_fail; } /* * if we're authenticating, run authentication function and put result * into the auth_tag */ if (auth_start) { /* initialize auth func context */ status = srtp_auth_start(session_keys->rtp_auth); if (status) return status; /* run auth func over packet */ status = srtp_auth_update(session_keys->rtp_auth, (uint8_t *)auth_start, *pkt_octet_len); if (status) return status; /* run auth func over ROC, put result into auth_tag */ debug_print(mod_srtp, "estimated packet index: %016llx", est); status = srtp_auth_compute(session_keys->rtp_auth, (uint8_t *)&est, 4, auth_tag); debug_print(mod_srtp, "srtp auth tag: %s", srtp_octet_string_hex_string(auth_tag, tag_len)); if (status) return srtp_err_status_auth_fail; } if (auth_tag) { /* increase the packet length by the length of the auth tag */ *pkt_octet_len += tag_len; } if (use_mki) { /* increate the packet length by the mki size */ *pkt_octet_len += mki_size; } return srtp_err_status_ok; } srtp_err_status_t srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) { return srtp_unprotect_mki(ctx, srtp_hdr, pkt_octet_len, 0); } srtp_err_status_t srtp_unprotect_mki(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len, unsigned int use_mki) { srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr; uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *auth_start; /* pointer to start of auth. portion */ unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ srtp_xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */ int delta; /* delta of local pkt idx and that in hdr */ v128_t iv; srtp_err_status_t status; srtp_stream_ctx_t *stream; uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; uint32_t tag_len, prefix_len; srtp_hdr_xtnd_t *xtn_hdr = NULL; unsigned int mki_size = 0; srtp_session_keys_t *session_keys = NULL; int advance_packet_index = 0; uint32_t roc_to_set = 0; uint16_t seq_to_set = 0; debug_print(mod_srtp, "function srtp_unprotect", NULL); /* we assume the hdr is 32-bit aligned to start */ /* Verify RTP header */ status = srtp_validate_rtp_header(srtp_hdr, pkt_octet_len); if (status) return status; /* check the packet length - it must at least contain a full header */ if (*pkt_octet_len < octets_in_rtp_header) return srtp_err_status_bad_param; /* * look up ssrc in srtp_stream list, and process the packet with * the appropriate stream. if we haven't seen this stream before, * there's only one key for this srtp_session, and the cipher * supports key-sharing, then we assume that a new stream using * that key has just started up */ stream = srtp_get_stream(ctx, hdr->ssrc); if (stream == NULL) { if (ctx->stream_template != NULL) { stream = ctx->stream_template; debug_print(mod_srtp, "using provisional stream (SSRC: 0x%08x)", ntohl(hdr->ssrc)); /* * set estimated packet index to sequence number from header, * and set delta equal to the same value */ #ifdef NO_64BIT_MATH est = (srtp_xtd_seq_num_t) make64(0,ntohs(hdr->seq)); delta = low32(est); #else est = (srtp_xtd_seq_num_t) ntohs(hdr->seq); delta = (int)est; #endif } else { /* * no stream corresponding to SSRC found, and we don't do * key-sharing, so return an error */ return srtp_err_status_no_ctx; } } else { status = srtp_get_est_pkt_index(hdr, stream, &est, &delta); if (status && (status != srtp_err_status_pkt_idx_adv)) return status; if (status == srtp_err_status_pkt_idx_adv) { advance_packet_index = 1; roc_to_set = (uint32_t)(est >> 16); seq_to_set = (uint16_t)(est & 0xFFFF); } /* check replay database */ if (!advance_packet_index) { status = srtp_rdbx_check(&stream->rtp_rdbx, delta); if (status) return status; } } #ifdef NO_64BIT_MATH debug_print2(mod_srtp, "estimated u_packet index: %08x%08x", high32(est),low32(est)); #else debug_print(mod_srtp, "estimated u_packet index: %016llx", est); #endif /* * Determine if MKI is being used and what session keys should be used */ if (use_mki) { session_keys = srtp_get_session_keys(stream, (uint8_t *)hdr, (const unsigned int*)pkt_octet_len, &mki_size); if (session_keys == NULL) return srtp_err_status_bad_mki; } else { session_keys = &stream->session_keys[0]; } /* * Check if this is an AEAD stream (GCM mode). If so, then dispatch * the request to our AEAD handler. */ if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { return srtp_unprotect_aead(ctx, stream, delta, est, srtp_hdr, (unsigned int*)pkt_octet_len, session_keys, mki_size); } /* get tag length from stream */ tag_len = srtp_auth_get_tag_length(session_keys->rtp_auth); /* * set the cipher's IV properly, depending on whatever cipher we * happen to be using */ if (session_keys->rtp_cipher->type->id == SRTP_AES_ICM_128 || session_keys->rtp_cipher->type->id == SRTP_AES_ICM_192 || session_keys->rtp_cipher->type->id == SRTP_AES_ICM_256) { /* aes counter mode */ iv.v32[0] = 0; iv.v32[1] = hdr->ssrc; /* still in network order */ #ifdef NO_64BIT_MATH iv.v64[1] = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16)); #else iv.v64[1] = be64_to_cpu(est << 16); #endif status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t*)&iv, srtp_direction_decrypt); if (!status && session_keys->rtp_xtn_hdr_cipher) { status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_decrypt); } } else { /* no particular format - set the iv to the pakcet index */ #ifdef NO_64BIT_MATH iv.v32[0] = 0; iv.v32[1] = 0; #else iv.v64[0] = 0; #endif iv.v64[1] = be64_to_cpu(est); status = srtp_cipher_set_iv(session_keys->rtp_cipher, (uint8_t*)&iv, srtp_direction_decrypt); if (!status && session_keys->rtp_xtn_hdr_cipher) { status = srtp_cipher_set_iv(session_keys->rtp_xtn_hdr_cipher, (uint8_t*)&iv, srtp_direction_decrypt); } } if (status) return srtp_err_status_cipher_fail; /* shift est, put into network byte order */ #ifdef NO_64BIT_MATH est = be64_to_cpu(make64((high32(est) << 16) | (low32(est) >> 16), low32(est) << 16)); #else est = be64_to_cpu(est << 16); #endif /* * find starting point for decryption and length of data to be * decrypted - the encrypted portion starts after the rtp header * extension, if present; otherwise, it starts after the last csrc, * if any are present * * if we're not providing confidentiality, set enc_start to NULL */ if (stream->rtp_services & sec_serv_conf) { enc_start = (uint32_t *)hdr + uint32s_in_rtp_header + hdr->cc; if (hdr->x == 1) { xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; enc_start += (ntohs(xtn_hdr->length) + 1); } if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len - mki_size))) return srtp_err_status_parse_err; enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len - mki_size - ((uint8_t*)enc_start - (uint8_t*)hdr)); } else { enc_start = NULL; } /* * if we're providing authentication, set the auth_start and auth_tag * pointers to the proper locations; otherwise, set auth_start to NULL * to indicate that no authentication is needed */ if (stream->rtp_services & sec_serv_auth) { auth_start = (uint32_t *)hdr; auth_tag = (uint8_t *)hdr + *pkt_octet_len - tag_len; } else { auth_start = NULL; auth_tag = NULL; } /* * if we expect message authentication, run the authentication * function and compare the result with the value of the auth_tag */ if (auth_start) { /* * if we're using a universal hash, then we need to compute the * keystream prefix for encrypting the universal hash output * * if the keystream prefix length is zero, then we know that * the authenticator isn't using a universal hash function */ if (session_keys->rtp_auth->prefix_len != 0) { prefix_len = srtp_auth_get_prefix_length(session_keys->rtp_auth); status = srtp_cipher_output(session_keys->rtp_cipher, tmp_tag, &prefix_len); debug_print(mod_srtp, "keystream prefix: %s", srtp_octet_string_hex_string(tmp_tag, prefix_len)); if (status) return srtp_err_status_cipher_fail; } /* initialize auth func context */ status = srtp_auth_start(session_keys->rtp_auth); if (status) return status; /* now compute auth function over packet */ status = srtp_auth_update(session_keys->rtp_auth, (uint8_t *)auth_start, *pkt_octet_len - tag_len - mki_size); /* run auth func over ROC, then write tmp tag */ status = srtp_auth_compute(session_keys->rtp_auth, (uint8_t *)&est, 4, tmp_tag); debug_print(mod_srtp, "computed auth tag: %s", srtp_octet_string_hex_string(tmp_tag, tag_len)); debug_print(mod_srtp, "packet auth tag: %s", srtp_octet_string_hex_string(auth_tag, tag_len)); if (status) return srtp_err_status_auth_fail; if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) return srtp_err_status_auth_fail; } /* * update the key usage limit, and check it to make sure that we * didn't just hit either the soft limit or the hard limit, and call * the event handler if we hit either. */ switch(srtp_key_limit_update(session_keys->limit)) { case srtp_key_event_normal: break; case srtp_key_event_soft_limit: srtp_handle_event(ctx, stream, event_key_soft_limit); break; case srtp_key_event_hard_limit: srtp_handle_event(ctx, stream, event_key_hard_limit); return srtp_err_status_key_expired; default: break; } if (xtn_hdr && session_keys->rtp_xtn_hdr_cipher) { /* * extensions header encryption RFC 6904 */ status = srtp_process_header_encryption(stream, xtn_hdr, session_keys); if (status) { return status; } } /* if we're decrypting, add keystream into ciphertext */ if (enc_start) { status = srtp_cipher_decrypt(session_keys->rtp_cipher, (uint8_t *)enc_start, &enc_octet_len); if (status) return srtp_err_status_cipher_fail; } /* * verify that stream is for received traffic - this check will * detect SSRC collisions, since a stream that appears in both * srtp_protect() and srtp_unprotect() will fail this test in one of * those functions. * * we do this check *after* the authentication check, so that the * latter check will catch any attempts to fool us into thinking * that we've got a collision */ if (stream->direction != dir_srtp_receiver) { if (stream->direction == dir_unknown) { stream->direction = dir_srtp_receiver; } else { srtp_handle_event(ctx, stream, event_ssrc_collision); } } /* * if the stream is a 'provisional' one, in which the template context * is used, then we need to allocate a new stream at this point, since * the authentication passed */ if (stream == ctx->stream_template) { srtp_stream_ctx_t *new_stream; /* * allocate and initialize a new stream * * note that we indicate failure if we can't allocate the new * stream, and some implementations will want to not return * failure here */ status = srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); if (status) return status; /* add new stream to the head of the stream_list */ new_stream->next = ctx->stream_list; ctx->stream_list = new_stream; /* set stream (the pointer used in this function) */ stream = new_stream; } /* * the message authentication function passed, so add the packet * index into the replay database */ if (advance_packet_index) { srtp_rdbx_set_roc_seq(&stream->rtp_rdbx, roc_to_set, seq_to_set); stream->pending_roc = 0; srtp_rdbx_add_index(&stream->rtp_rdbx, 0); } else { srtp_rdbx_add_index(&stream->rtp_rdbx, delta); } /* decrease the packet length by the length of the auth tag */ *pkt_octet_len -= tag_len; /* decrease the packet length by the mki size */ *pkt_octet_len -= mki_size; return srtp_err_status_ok; } srtp_err_status_t srtp_init() { srtp_err_status_t status; /* initialize crypto kernel */ status = srtp_crypto_kernel_init(); if (status) return status; /* load srtp debug module into the kernel */ status = srtp_crypto_kernel_load_debug_module(&mod_srtp); if (status) return status; return srtp_err_status_ok; } srtp_err_status_t srtp_shutdown() { srtp_err_status_t status; /* shut down crypto kernel */ status = srtp_crypto_kernel_shutdown(); if (status) return status; /* shutting down crypto kernel frees the srtp debug module as well */ return srtp_err_status_ok; } /* * The following code is under consideration for removal. See * SRTP_MAX_TRAILER_LEN */ #if 0 /* * srtp_get_trailer_length(&a) returns the number of octets that will * be added to an RTP packet by the SRTP processing. This value * is constant for a given srtp_stream_t (i.e. between initializations). */ int srtp_get_trailer_length(const srtp_stream_t s) { return srtp_auth_get_tag_length(s->rtp_auth); } #endif /* * srtp_get_stream(ssrc) returns a pointer to the stream corresponding * to ssrc, or NULL if no stream exists for that ssrc * * this is an internal function */ srtp_stream_ctx_t * srtp_get_stream(srtp_t srtp, uint32_t ssrc) { srtp_stream_ctx_t *stream; /* walk down list until ssrc is found */ stream = srtp->stream_list; while (stream != NULL) { if (stream->ssrc == ssrc) return stream; stream = stream->next; } /* we haven't found our ssrc, so return a null */ return NULL; } srtp_err_status_t srtp_dealloc(srtp_t session) { srtp_stream_ctx_t *stream; srtp_err_status_t status; /* * we take a conservative deallocation strategy - if we encounter an * error deallocating a stream, then we stop trying to deallocate * memory and just return an error */ /* walk list of streams, deallocating as we go */ stream = session->stream_list; while (stream != NULL) { srtp_stream_t next = stream->next; status = srtp_stream_dealloc(stream, session->stream_template); if (status) return status; stream = next; } /* deallocate stream template, if there is one */ if (session->stream_template != NULL) { status = srtp_stream_dealloc(session->stream_template, NULL); if (status) return status; } /* deallocate session context */ srtp_crypto_free(session); return srtp_err_status_ok; } srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy) { srtp_err_status_t status; srtp_stream_t tmp; /* sanity check arguments */ if ((session == NULL) || (policy == NULL) || (!srtp_validate_policy_master_keys(policy))) return srtp_err_status_bad_param; /* allocate stream */ status = srtp_stream_alloc(&tmp, policy); if (status) { return status; } /* initialize stream */ status = srtp_stream_init(tmp, policy); if (status) { srtp_crypto_free(tmp); return status; } /* * set the head of the stream list or the template to point to the * stream that we've just alloced and init'ed, depending on whether * or not it has a wildcard SSRC value or not * * if the template stream has already been set, then the policy is * inconsistent, so we return a bad_param error code */ switch (policy->ssrc.type) { case (ssrc_any_outbound): if (session->stream_template) { return srtp_err_status_bad_param; } session->stream_template = tmp; session->stream_template->direction = dir_srtp_sender; break; case (ssrc_any_inbound): if (session->stream_template) { return srtp_err_status_bad_param; } session->stream_template = tmp; session->stream_template->direction = dir_srtp_receiver; break; case (ssrc_specific): tmp->next = session->stream_list; session->stream_list = tmp; break; case (ssrc_undefined): default: srtp_crypto_free(tmp); return srtp_err_status_bad_param; } return srtp_err_status_ok; } srtp_err_status_t srtp_create(srtp_t *session, /* handle for session */ const srtp_policy_t *policy) { /* SRTP policy (list) */ srtp_err_status_t stat; srtp_ctx_t *ctx; /* sanity check arguments */ if (session == NULL) return srtp_err_status_bad_param; /* allocate srtp context and set ctx_ptr */ ctx = (srtp_ctx_t *) srtp_crypto_alloc(sizeof(srtp_ctx_t)); if (ctx == NULL) return srtp_err_status_alloc_fail; *session = ctx; /* * loop over elements in the policy list, allocating and * initializing a stream for each element */ ctx->stream_template = NULL; ctx->stream_list = NULL; ctx->user_data = NULL; while (policy != NULL) { stat = srtp_add_stream(ctx, policy); if (stat) { /* clean up everything */ srtp_dealloc(*session); *session = NULL; return stat; } /* set policy to next item in list */ policy = policy->next; } return srtp_err_status_ok; } srtp_err_status_t srtp_remove_stream(srtp_t session, uint32_t ssrc) { srtp_stream_ctx_t *stream, *last_stream; srtp_err_status_t status; /* sanity check arguments */ if (session == NULL) return srtp_err_status_bad_param; /* find stream in list; complain if not found */ last_stream = stream = session->stream_list; while ((stream != NULL) && (ssrc != stream->ssrc)) { last_stream = stream; stream = stream->next; } if (stream == NULL) return srtp_err_status_no_ctx; /* remove stream from the list */ if (last_stream == stream) /* stream was first in list */ session->stream_list = stream->next; else last_stream->next = stream->next; /* deallocate the stream */ status = srtp_stream_dealloc(stream, session->stream_template); if (status) return status; return srtp_err_status_ok; } srtp_err_status_t srtp_update(srtp_t session, const srtp_policy_t *policy) { srtp_err_status_t stat; /* sanity check arguments */ if ((session == NULL) || (policy == NULL) || (!srtp_validate_policy_master_keys(policy))) { return srtp_err_status_bad_param; } while (policy != NULL) { stat = srtp_update_stream(session, policy); if (stat) { return stat; } /* set policy to next item in list */ policy = policy->next; } return srtp_err_status_ok; } static srtp_err_status_t update_template_streams(srtp_t session, const srtp_policy_t *policy) { srtp_err_status_t status; srtp_stream_t new_stream_template; srtp_stream_t new_stream_list = NULL; if (session->stream_template == NULL) { return srtp_err_status_bad_param; } /* allocate new template stream */ status = srtp_stream_alloc(&new_stream_template, policy); if (status) { return status; } /* initialize new template stream */ status = srtp_stream_init(new_stream_template, policy); if (status) { srtp_crypto_free(new_stream_template); return status; } /* for all old templated streams */ for (;;) { srtp_stream_t stream; uint32_t ssrc; srtp_xtd_seq_num_t old_index; srtp_rdb_t old_rtcp_rdb; stream = session->stream_list; while ((stream != NULL) && (stream->session_keys[0].rtp_auth != session->stream_template->session_keys[0].rtp_auth)) { stream = stream->next; } if (stream == NULL) { /* no more templated streams */ break; } /* save old extendard seq */ ssrc = stream->ssrc; old_index = stream->rtp_rdbx.index; old_rtcp_rdb = stream->rtcp_rdb; /* remove stream */ status = srtp_remove_stream(session, ssrc); if (status) { /* free new allocations */ while (new_stream_list != NULL) { srtp_stream_t next = new_stream_list->next; srtp_stream_dealloc(new_stream_list, new_stream_template); new_stream_list = next; } srtp_stream_dealloc(new_stream_template, NULL); return status; } /* allocate and initialize a new stream */ status = srtp_stream_clone(new_stream_template, ssrc, &stream); if (status) { /* free new allocations */ while (new_stream_list != NULL) { srtp_stream_t next = new_stream_list->next; srtp_stream_dealloc(new_stream_list, new_stream_template); new_stream_list = next; } srtp_stream_dealloc(new_stream_template, NULL); return status; } /* add new stream to the head of the new_stream_list */ stream->next = new_stream_list; new_stream_list = stream; /* restore old extended seq */ stream->rtp_rdbx.index = old_index; stream->rtcp_rdb = old_rtcp_rdb; } /* dealloc old template */ srtp_stream_dealloc(session->stream_template, NULL); /* set new template */ session->stream_template = new_stream_template; /* add new list */ if (new_stream_list) { srtp_stream_t tail = new_stream_list; while (tail->next) { tail = tail->next; } tail->next = session->stream_list; session->stream_list = new_stream_list; } return status; } static srtp_err_status_t update_stream(srtp_t session, const srtp_policy_t *policy) { srtp_err_status_t status; srtp_xtd_seq_num_t old_index; srtp_rdb_t old_rtcp_rdb; srtp_stream_t stream; stream = srtp_get_stream(session, htonl(policy->ssrc.value)); if (stream == NULL) { return srtp_err_status_bad_param; } /* save old extendard seq */ old_index = stream->rtp_rdbx.index; old_rtcp_rdb = stream->rtcp_rdb; status = srtp_remove_stream(session, htonl(policy->ssrc.value)); if (status) { return status; } status = srtp_add_stream(session, policy); if (status) { return status; } stream = srtp_get_stream(session, htonl(policy->ssrc.value)); if (stream == NULL) { return srtp_err_status_fail; } /* restore old extended seq */ stream->rtp_rdbx.index = old_index; stream->rtcp_rdb = old_rtcp_rdb; return srtp_err_status_ok; } srtp_err_status_t srtp_update_stream(srtp_t session, const srtp_policy_t *policy) { srtp_err_status_t status; /* sanity check arguments */ if ((session == NULL) || (policy == NULL) || (!srtp_validate_policy_master_keys(policy))) return srtp_err_status_bad_param; switch (policy->ssrc.type) { case (ssrc_any_outbound): case (ssrc_any_inbound): status = update_template_streams(session, policy); break; case (ssrc_specific): status = update_stream(session, policy); break; case (ssrc_undefined): default: return srtp_err_status_bad_param; } return status; } /* * The default policy - provides a convenient way for callers to use * the default security policy * * The default policy is defined in RFC 3711 * (Section 5. Default and mandatory-to-implement Transforms) * */ /* * NOTE: cipher_key_len is really key len (128 bits) plus salt len * (112 bits) */ /* There are hard-coded 16's for base_key_len in the key generation code */ void srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p) { p->cipher_type = SRTP_AES_ICM_128; p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* default 128 bits per RFC 3711 */ p->auth_type = SRTP_HMAC_SHA1; p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ p->sec_serv = sec_serv_conf_and_auth; } void srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p) { p->cipher_type = SRTP_AES_ICM_128; p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* default 128 bits per RFC 3711 */ p->auth_type = SRTP_HMAC_SHA1; p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ p->sec_serv = sec_serv_conf_and_auth; } void srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p) { /* * corresponds to RFC 4568 * * note that this crypto policy is intended for SRTP, but not SRTCP */ p->cipher_type = SRTP_AES_ICM_128; p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* 128 bit key, 112 bit salt */ p->auth_type = SRTP_HMAC_SHA1; p->auth_key_len = 20; /* 160 bit key */ p->auth_tag_len = 4; /* 32 bit tag */ p->sec_serv = sec_serv_conf_and_auth; } void srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p) { /* * corresponds to RFC 4568 * * note that this crypto policy is intended for SRTP, but not SRTCP */ p->cipher_type = SRTP_AES_ICM_128; p->cipher_key_len = SRTP_AES_ICM_128_KEY_LEN_WSALT; /* 128 bit key, 112 bit salt */ p->auth_type = SRTP_NULL_AUTH; p->auth_key_len = 0; p->auth_tag_len = 0; p->sec_serv = sec_serv_conf; } void srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p) { /* * corresponds to RFC 4568 */ p->cipher_type = SRTP_NULL_CIPHER; p->cipher_key_len = 0; p->auth_type = SRTP_HMAC_SHA1; p->auth_key_len = 20; p->auth_tag_len = 10; p->sec_serv = sec_serv_auth; } void srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p) { /* * Should only be used for testing */ p->cipher_type = SRTP_NULL_CIPHER; p->cipher_key_len = 0; p->auth_type = SRTP_NULL_AUTH; p->auth_key_len = 0; p->auth_tag_len = 0; p->sec_serv = sec_serv_none; } void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p) { /* * corresponds to RFC 6188 */ p->cipher_type = SRTP_AES_ICM_256; p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; p->auth_type = SRTP_HMAC_SHA1; p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ p->sec_serv = sec_serv_conf_and_auth; } void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p) { /* * corresponds to RFC 6188 * * note that this crypto policy is intended for SRTP, but not SRTCP */ p->cipher_type = SRTP_AES_ICM_256; p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; p->auth_type = SRTP_HMAC_SHA1; p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ p->auth_tag_len = 4; /* default 80 bits per RFC 3711 */ p->sec_serv = sec_serv_conf_and_auth; } /* * AES-256 with no authentication. */ void srtp_crypto_policy_set_aes_cm_256_null_auth (srtp_crypto_policy_t *p) { p->cipher_type = SRTP_AES_ICM_256; p->cipher_key_len = SRTP_AES_ICM_256_KEY_LEN_WSALT; p->auth_type = SRTP_NULL_AUTH; p->auth_key_len = 0; p->auth_tag_len = 0; p->sec_serv = sec_serv_conf; } #ifdef OPENSSL void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_80(srtp_crypto_policy_t *p) { /* * corresponds to RFC 6188 */ p->cipher_type = SRTP_AES_ICM_192; p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT; p->auth_type = SRTP_HMAC_SHA1; p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ p->auth_tag_len = 10; /* default 80 bits per RFC 3711 */ p->sec_serv = sec_serv_conf_and_auth; } void srtp_crypto_policy_set_aes_cm_192_hmac_sha1_32(srtp_crypto_policy_t *p) { /* * corresponds to RFC 6188 * * note that this crypto policy is intended for SRTP, but not SRTCP */ p->cipher_type = SRTP_AES_ICM_192; p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT; p->auth_type = SRTP_HMAC_SHA1; p->auth_key_len = 20; /* default 160 bits per RFC 3711 */ p->auth_tag_len = 4; /* default 80 bits per RFC 3711 */ p->sec_serv = sec_serv_conf_and_auth; } /* * AES-192 with no authentication. */ void srtp_crypto_policy_set_aes_cm_192_null_auth (srtp_crypto_policy_t *p) { p->cipher_type = SRTP_AES_ICM_192; p->cipher_key_len = SRTP_AES_ICM_192_KEY_LEN_WSALT; p->auth_type = SRTP_NULL_AUTH; p->auth_key_len = 0; p->auth_tag_len = 0; p->sec_serv = sec_serv_conf; } /* * AES-128 GCM mode with 8 octet auth tag. */ void srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p) { p->cipher_type = SRTP_AES_GCM_128; p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT; p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ p->auth_key_len = 0; p->auth_tag_len = 8; /* 8 octet tag length */ p->sec_serv = sec_serv_conf_and_auth; } /* * AES-256 GCM mode with 8 octet auth tag. */ void srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p) { p->cipher_type = SRTP_AES_GCM_256; p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT; p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ p->auth_key_len = 0; p->auth_tag_len = 8; /* 8 octet tag length */ p->sec_serv = sec_serv_conf_and_auth; } /* * AES-128 GCM mode with 8 octet auth tag, no RTCP encryption. */ void srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p) { p->cipher_type = SRTP_AES_GCM_128; p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT; p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ p->auth_key_len = 0; p->auth_tag_len = 8; /* 8 octet tag length */ p->sec_serv = sec_serv_auth; /* This only applies to RTCP */ } /* * AES-256 GCM mode with 8 octet auth tag, no RTCP encryption. */ void srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p) { p->cipher_type = SRTP_AES_GCM_256; p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT; p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ p->auth_key_len = 0; p->auth_tag_len = 8; /* 8 octet tag length */ p->sec_serv = sec_serv_auth; /* This only applies to RTCP */ } /* * AES-128 GCM mode with 16 octet auth tag. */ void srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p) { p->cipher_type = SRTP_AES_GCM_128; p->cipher_key_len = SRTP_AES_GCM_128_KEY_LEN_WSALT; p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ p->auth_key_len = 0; p->auth_tag_len = 16; /* 16 octet tag length */ p->sec_serv = sec_serv_conf_and_auth; } /* * AES-256 GCM mode with 16 octet auth tag. */ void srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p) { p->cipher_type = SRTP_AES_GCM_256; p->cipher_key_len = SRTP_AES_GCM_256_KEY_LEN_WSALT; p->auth_type = SRTP_NULL_AUTH; /* GCM handles the auth for us */ p->auth_key_len = 0; p->auth_tag_len = 16; /* 16 octet tag length */ p->sec_serv = sec_serv_conf_and_auth; } #endif /* * secure rtcp functions */ /* * AEAD uses a new IV formation method. This function implements * section 9.1 (SRTCP IV Formation for AES-GCM) from RFC7714. * The calculation is defined as, where (+) is the xor operation: * * 0 1 2 3 4 5 6 7 8 9 10 11 * +--+--+--+--+--+--+--+--+--+--+--+--+ * |00|00| SSRC |00|00|0+SRTCP Idx|---+ * +--+--+--+--+--+--+--+--+--+--+--+--+ | * | * +--+--+--+--+--+--+--+--+--+--+--+--+ | * | Encryption Salt |->(+) * +--+--+--+--+--+--+--+--+--+--+--+--+ | * | * +--+--+--+--+--+--+--+--+--+--+--+--+ | * | Initialization Vector |<--+ * +--+--+--+--+--+--+--+--+--+--+--+--+* * * Input: *session_keys - pointer to SRTP stream context session keys, * used to retrieve the SALT * *iv - Pointer to recieve the calculated IV * seq_num - The SEQ value to use for the IV calculation. * *hdr - The RTP header, used to get the SSRC value * * Returns: srtp_err_status_ok if no error or srtp_err_status_bad_param * if seq_num is invalid * */ static srtp_err_status_t srtp_calc_aead_iv_srtcp(srtp_session_keys_t *session_keys, v128_t *iv, uint32_t seq_num, srtcp_hdr_t *hdr) { v128_t in; v128_t salt; memset(&in, 0, sizeof(v128_t)); memset(&salt, 0, sizeof(v128_t)); in.v16[0] = 0; memcpy(&in.v16[1], &hdr->ssrc, 4); /* still in network order! */ in.v16[3] = 0; /* * The SRTCP index (seq_num) spans bits 0 through 30 inclusive. * The most significant bit should be zero. */ if (seq_num & 0x80000000UL) { return srtp_err_status_bad_param; } in.v32[2] = htonl(seq_num); debug_print(mod_srtp, "Pre-salted RTCP IV = %s\n", v128_hex_string(&in)); /* * Get the SALT value from the context */ memcpy(salt.v8, session_keys->c_salt, 12); debug_print(mod_srtp, "RTCP SALT = %s\n", v128_hex_string(&salt)); /* * Finally, apply the SALT to the input */ v128_xor(iv, &in, &salt); return srtp_err_status_ok; } /* * This code handles AEAD ciphers for outgoing RTCP. We currently support * AES-GCM mode with 128 or 256 bit keys. */ static srtp_err_status_t srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, void *rtcp_hdr, unsigned int *pkt_octet_len, srtp_session_keys_t *session_keys, unsigned int use_mki) { srtcp_hdr_t *hdr = (srtcp_hdr_t*)rtcp_hdr; uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *trailer; /* pointer to start of trailer */ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ srtp_err_status_t status; uint32_t tag_len; uint32_t seq_num; v128_t iv; uint32_t tseq; unsigned int mki_size = 0; /* get tag length from stream context */ tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); /* * set encryption start and encryption length - if we're not * providing confidentiality, set enc_start to NULL */ enc_start = (uint32_t*)hdr + uint32s_in_rtcp_header; enc_octet_len = *pkt_octet_len - octets_in_rtcp_header; /* NOTE: hdr->length is not usable - it refers to only the first RTCP report in the compound packet! */ /* NOTE: trailer is 32-bit aligned because RTCP 'packets' are always multiples of 32-bits (RFC 3550 6.1) */ trailer = (uint32_t*)((char*)enc_start + enc_octet_len + tag_len); if (stream->rtcp_services & sec_serv_conf) { *trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */ } else { enc_start = NULL; enc_octet_len = 0; /* 0 is network-order independant */ *trailer = 0x00000000; /* set encrypt bit */ } mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len + tag_len + sizeof(srtcp_trailer_t), session_keys, use_mki); /* * set the auth_tag pointer to the proper location, which is after * the payload, but before the trailer * (note that srtpc *always* provides authentication, unlike srtp) */ /* Note: This would need to change for optional mikey data */ auth_tag = (uint8_t*)hdr + *pkt_octet_len; /* * check sequence number for overruns, and copy it into the packet * if its value isn't too big */ status = srtp_rdb_increment(&stream->rtcp_rdb); if (status) { return status; } seq_num = srtp_rdb_get_value(&stream->rtcp_rdb); *trailer |= htonl(seq_num); debug_print(mod_srtp, "srtcp index: %x", seq_num); /* * Calculate and set the IV */ status = srtp_calc_aead_iv_srtcp(session_keys, &iv, seq_num, hdr); if (status) { return srtp_err_status_cipher_fail; } status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); if (status) { return srtp_err_status_cipher_fail; } /* * Set the AAD for GCM mode */ if (enc_start) { /* * If payload encryption is enabled, then the AAD consist of * the RTCP header and the seq# at the end of the packet */ status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t*)hdr, octets_in_rtcp_header); if (status) { return ( srtp_err_status_cipher_fail); } } else { /* * Since payload encryption is not enabled, we must authenticate * the entire packet as described in RFC 7714 (Section 9.3. Data * Types in Unencrypted SRTCP Compound Packets) */ status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t*)hdr, *pkt_octet_len); if (status) { return ( srtp_err_status_cipher_fail); } } /* * Process the sequence# as AAD */ tseq = *trailer; status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t*)&tseq, sizeof(srtcp_trailer_t)); if (status) { return ( srtp_err_status_cipher_fail); } /* if we're encrypting, exor keystream into the message */ if (enc_start) { status = srtp_cipher_encrypt(session_keys->rtcp_cipher, (uint8_t*)enc_start, &enc_octet_len); if (status) { return srtp_err_status_cipher_fail; } /* * Get the tag and append that to the output */ status = srtp_cipher_get_tag(session_keys->rtcp_cipher, (uint8_t*)auth_tag, &tag_len); if (status) { return ( srtp_err_status_cipher_fail); } enc_octet_len += tag_len; } else { /* * Even though we're not encrypting the payload, we need * to run the cipher to get the auth tag. */ unsigned int nolen = 0; status = srtp_cipher_encrypt(session_keys->rtcp_cipher, NULL, &nolen); if (status) { return srtp_err_status_cipher_fail; } /* * Get the tag and append that to the output */ status = srtp_cipher_get_tag(session_keys->rtcp_cipher, (uint8_t*)auth_tag, &tag_len); if (status) { return ( srtp_err_status_cipher_fail); } enc_octet_len += tag_len; } /* increase the packet length by the length of the auth tag and seq_num*/ *pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t)); /* increase the packet by the mki_size */ *pkt_octet_len += mki_size; return srtp_err_status_ok; } /* * This function handles incoming SRTCP packets while in AEAD mode, * which currently supports AES-GCM encryption. Note, the auth tag is * at the end of the packet stream and is automatically checked by GCM * when decrypting the payload. */ static srtp_err_status_t srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream, void *srtcp_hdr, unsigned int *pkt_octet_len, srtp_session_keys_t *session_keys, unsigned int use_mki) { srtcp_hdr_t *hdr = (srtcp_hdr_t*)srtcp_hdr; uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *trailer; /* pointer to start of trailer */ unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ srtp_err_status_t status; int tag_len; unsigned int tmp_len; uint32_t seq_num; v128_t iv; uint32_t tseq; unsigned int mki_size = 0; /* get tag length from stream context */ tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); if (use_mki) { mki_size = session_keys->mki_size; } /* * set encryption start, encryption length, and trailer */ /* index & E (encryption) bit follow normal data. hdr->len is the number of words (32-bit) in the normal packet minus 1 */ /* This should point trailer to the word past the end of the normal data. */ /* This would need to be modified for optional mikey data */ /* * NOTE: trailer is 32-bit aligned because RTCP 'packets' are always * multiples of 32-bits (RFC 3550 6.1) */ trailer = (uint32_t*)((char*)hdr + *pkt_octet_len - sizeof(srtcp_trailer_t) - mki_size); /* * We pass the tag down to the cipher when doing GCM mode */ enc_octet_len = *pkt_octet_len - (octets_in_rtcp_header + sizeof(srtcp_trailer_t) + mki_size); auth_tag = (uint8_t*)hdr + *pkt_octet_len - tag_len - mki_size - sizeof(srtcp_trailer_t); if (*((unsigned char*)trailer) & SRTCP_E_BYTE_BIT) { enc_start = (uint32_t*)hdr + uint32s_in_rtcp_header; } else { enc_octet_len = 0; enc_start = NULL; /* this indicates that there's no encryption */ } /* * check the sequence number for replays */ /* this is easier than dealing with bitfield access */ seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; debug_print(mod_srtp, "srtcp index: %x", seq_num); status = srtp_rdb_check(&stream->rtcp_rdb, seq_num); if (status) { return status; } /* * Calculate and set the IV */ status = srtp_calc_aead_iv_srtcp(session_keys, &iv, seq_num, hdr); if (status) { return srtp_err_status_cipher_fail; } status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t*)&iv, srtp_direction_decrypt); if (status) { return srtp_err_status_cipher_fail; } /* * Set the AAD for GCM mode */ if (enc_start) { /* * If payload encryption is enabled, then the AAD consist of * the RTCP header and the seq# at the end of the packet */ status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t*)hdr, octets_in_rtcp_header); if (status) { return ( srtp_err_status_cipher_fail); } } else { /* * Since payload encryption is not enabled, we must authenticate * the entire packet as described in RFC 7714 (Section 9.3. Data * Types in Unencrypted SRTCP Compound Packets) */ status = srtp_cipher_set_aad( session_keys->rtcp_cipher, (uint8_t*)hdr, (*pkt_octet_len - tag_len - sizeof(srtcp_trailer_t) - mki_size)); if (status) { return ( srtp_err_status_cipher_fail); } } /* * Process the sequence# as AAD */ tseq = *trailer; status = srtp_cipher_set_aad(session_keys->rtcp_cipher, (uint8_t*)&tseq, sizeof(srtcp_trailer_t)); if (status) { return ( srtp_err_status_cipher_fail); } /* if we're decrypting, exor keystream into the message */ if (enc_start) { status = srtp_cipher_decrypt(session_keys->rtcp_cipher, (uint8_t*)enc_start, &enc_octet_len); if (status) { return status; } } else { /* * Still need to run the cipher to check the tag */ tmp_len = tag_len; status = srtp_cipher_decrypt(session_keys->rtcp_cipher, (uint8_t*)auth_tag, &tmp_len); if (status) { return status; } } /* decrease the packet length by the length of the auth tag and seq_num*/ *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t) + mki_size); /* * verify that stream is for received traffic - this check will * detect SSRC collisions, since a stream that appears in both * srtp_protect() and srtp_unprotect() will fail this test in one of * those functions. * * we do this check *after* the authentication check, so that the * latter check will catch any attempts to fool us into thinking * that we've got a collision */ if (stream->direction != dir_srtp_receiver) { if (stream->direction == dir_unknown) { stream->direction = dir_srtp_receiver; } else { srtp_handle_event(ctx, stream, event_ssrc_collision); } } /* * if the stream is a 'provisional' one, in which the template context * is used, then we need to allocate a new stream at this point, since * the authentication passed */ if (stream == ctx->stream_template) { srtp_stream_ctx_t *new_stream; /* * allocate and initialize a new stream * * note that we indicate failure if we can't allocate the new * stream, and some implementations will want to not return * failure here */ status = srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); if (status) { return status; } /* add new stream to the head of the stream_list */ new_stream->next = ctx->stream_list; ctx->stream_list = new_stream; /* set stream (the pointer used in this function) */ stream = new_stream; } /* we've passed the authentication check, so add seq_num to the rdb */ srtp_rdb_add_index(&stream->rtcp_rdb, seq_num); return srtp_err_status_ok; } srtp_err_status_t srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) { return srtp_protect_rtcp_mki(ctx, rtcp_hdr, pkt_octet_len, 0, 0); } srtp_err_status_t srtp_protect_rtcp_mki(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len, unsigned int use_mki, unsigned int mki_index) { srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr; uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *auth_start; /* pointer to start of auth. portion */ uint32_t *trailer; /* pointer to start of trailer */ unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ srtp_err_status_t status; int tag_len; srtp_stream_ctx_t *stream; uint32_t prefix_len; uint32_t seq_num; unsigned int mki_size = 0; srtp_session_keys_t *session_keys = NULL; /* we assume the hdr is 32-bit aligned to start */ /* check the packet length - it must at least contain a full header */ if (*pkt_octet_len < octets_in_rtcp_header) return srtp_err_status_bad_param; /* * look up ssrc in srtp_stream list, and process the packet with * the appropriate stream. if we haven't seen this stream before, * there's only one key for this srtp_session, and the cipher * supports key-sharing, then we assume that a new stream using * that key has just started up */ stream = srtp_get_stream(ctx, hdr->ssrc); if (stream == NULL) { if (ctx->stream_template != NULL) { srtp_stream_ctx_t *new_stream; /* allocate and initialize a new stream */ status = srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); if (status) return status; /* add new stream to the head of the stream_list */ new_stream->next = ctx->stream_list; ctx->stream_list = new_stream; /* set stream (the pointer used in this function) */ stream = new_stream; } else { /* no template stream, so we return an error */ return srtp_err_status_no_ctx; } } /* * verify that stream is for sending traffic - this check will * detect SSRC collisions, since a stream that appears in both * srtp_protect() and srtp_unprotect() will fail this test in one of * those functions. */ if (stream->direction != dir_srtp_sender) { if (stream->direction == dir_unknown) { stream->direction = dir_srtp_sender; } else { srtp_handle_event(ctx, stream, event_ssrc_collision); } } session_keys = srtp_get_session_keys_with_mki_index(stream, use_mki, mki_index); /* * Check if this is an AEAD stream (GCM mode). If so, then dispatch * the request to our AEAD handler. */ if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { return srtp_protect_rtcp_aead(ctx, stream, rtcp_hdr, (unsigned int*)pkt_octet_len, session_keys, use_mki); } /* get tag length from stream context */ tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); /* * set encryption start and encryption length - if we're not * providing confidentiality, set enc_start to NULL */ enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; enc_octet_len = *pkt_octet_len - octets_in_rtcp_header; /* all of the packet, except the header, gets encrypted */ /* NOTE: hdr->length is not usable - it refers to only the first RTCP report in the compound packet! */ /* NOTE: trailer is 32-bit aligned because RTCP 'packets' are always multiples of 32-bits (RFC 3550 6.1) */ trailer = (uint32_t *) ((char *)enc_start + enc_octet_len); if (stream->rtcp_services & sec_serv_conf) { *trailer = htonl(SRTCP_E_BIT); /* set encrypt bit */ } else { enc_start = NULL; enc_octet_len = 0; /* 0 is network-order independant */ *trailer = 0x00000000; /* set encrypt bit */ } mki_size = srtp_inject_mki((uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t), session_keys, use_mki); /* * set the auth_start and auth_tag pointers to the proper locations * (note that srtpc *always* provides authentication, unlike srtp) */ /* Note: This would need to change for optional mikey data */ auth_start = (uint32_t *)hdr; auth_tag = (uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t) + mki_size; /* perform EKT processing if needed */ srtp_ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len, srtp_rdbx_get_packet_index(&stream->rtp_rdbx)); /* * check sequence number for overruns, and copy it into the packet * if its value isn't too big */ status = srtp_rdb_increment(&stream->rtcp_rdb); if (status) return status; seq_num = srtp_rdb_get_value(&stream->rtcp_rdb); *trailer |= htonl(seq_num); debug_print(mod_srtp, "srtcp index: %x", seq_num); /* * if we're using rindael counter mode, set nonce and seq */ if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_128 || session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_192 || session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_256) { v128_t iv; iv.v32[0] = 0; iv.v32[1] = hdr->ssrc; /* still in network order! */ iv.v32[2] = htonl(seq_num >> 16); iv.v32[3] = htonl(seq_num << 16); status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); } else { v128_t iv; /* otherwise, just set the index to seq_num */ iv.v32[0] = 0; iv.v32[1] = 0; iv.v32[2] = 0; iv.v32[3] = htonl(seq_num); status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t*)&iv, srtp_direction_encrypt); } if (status) return srtp_err_status_cipher_fail; /* * if we're authenticating using a universal hash, put the keystream * prefix into the authentication tag */ /* if auth_start is non-null, then put keystream into tag */ if (auth_start) { /* put keystream prefix into auth_tag */ prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth); status = srtp_cipher_output(session_keys->rtcp_cipher, auth_tag, &prefix_len); debug_print(mod_srtp, "keystream prefix: %s", srtp_octet_string_hex_string(auth_tag, prefix_len)); if (status) return srtp_err_status_cipher_fail; } /* if we're encrypting, exor keystream into the message */ if (enc_start) { status = srtp_cipher_encrypt(session_keys->rtcp_cipher, (uint8_t *)enc_start, &enc_octet_len); if (status) return srtp_err_status_cipher_fail; } /* initialize auth func context */ srtp_auth_start(session_keys->rtcp_auth); /* * run auth func over packet (including trailer), and write the * result at auth_tag */ status = srtp_auth_compute(session_keys->rtcp_auth, (uint8_t *)auth_start, (*pkt_octet_len) + sizeof(srtcp_trailer_t), auth_tag); debug_print(mod_srtp, "srtcp auth tag: %s", srtp_octet_string_hex_string(auth_tag, tag_len)); if (status) return srtp_err_status_auth_fail; /* increase the packet length by the length of the auth tag and seq_num*/ *pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t)); /* increase the packet by the mki_size */ *pkt_octet_len += mki_size; return srtp_err_status_ok; } srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) { return srtp_unprotect_rtcp_mki(ctx, srtcp_hdr, pkt_octet_len, 0); } srtp_err_status_t srtp_unprotect_rtcp_mki(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len, unsigned int use_mki) { srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr; uint32_t *enc_start; /* pointer to start of encrypted portion */ uint32_t *auth_start; /* pointer to start of auth. portion */ uint32_t *trailer; /* pointer to start of trailer */ unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */ uint8_t *auth_tag = NULL; /* location of auth_tag within packet */ uint8_t tmp_tag[SRTP_MAX_TAG_LEN]; uint8_t tag_copy[SRTP_MAX_TAG_LEN]; srtp_err_status_t status; unsigned int auth_len; int tag_len; srtp_stream_ctx_t *stream; uint32_t prefix_len; uint32_t seq_num; int e_bit_in_packet; /* whether the E-bit was found in the packet */ int sec_serv_confidentiality; /* whether confidentiality was requested */ unsigned int mki_size = 0; srtp_session_keys_t *session_keys = NULL; /* we assume the hdr is 32-bit aligned to start */ /* check that the length value is sane; we'll check again once we know the tag length, but we at least want to know that it is a positive value */ if (*pkt_octet_len < octets_in_rtcp_header + sizeof(srtcp_trailer_t)) return srtp_err_status_bad_param; /* * look up ssrc in srtp_stream list, and process the packet with * the appropriate stream. if we haven't seen this stream before, * there's only one key for this srtp_session, and the cipher * supports key-sharing, then we assume that a new stream using * that key has just started up */ stream = srtp_get_stream(ctx, hdr->ssrc); if (stream == NULL) { if (ctx->stream_template != NULL) { stream = ctx->stream_template; /* * check to see if stream_template has an EKT data structure, in * which case we initialize the template using the EKT policy * referenced by that data (which consists of decrypting the * master key from the EKT field) * * this function initializes a *provisional* stream, and this * stream should not be accepted until and unless the packet * passes its authentication check */ if (stream->ekt != NULL) { status = srtp_stream_init_from_ekt(stream, srtcp_hdr, *pkt_octet_len); if (status) return status; } debug_print(mod_srtp, "srtcp using provisional stream (SSRC: 0x%08x)", ntohl(hdr->ssrc)); } else { /* no template stream, so we return an error */ return srtp_err_status_no_ctx; } } /* * Determine if MKI is being used and what session keys should be used */ if (use_mki) { session_keys = srtp_get_session_keys(stream, (uint8_t *)hdr, (const unsigned int*)pkt_octet_len, &mki_size); if (session_keys == NULL) return srtp_err_status_bad_mki; } else { session_keys = &stream->session_keys[0]; } /* get tag length from stream context */ tag_len = srtp_auth_get_tag_length(session_keys->rtcp_auth); /* check the packet length - it must contain at least a full RTCP header, an auth tag (if applicable), and the SRTCP encrypted flag and 31-bit index value */ if (*pkt_octet_len < (int) (octets_in_rtcp_header + tag_len + mki_size + sizeof(srtcp_trailer_t))) { return srtp_err_status_bad_param; } /* * Check if this is an AEAD stream (GCM mode). If so, then dispatch * the request to our AEAD handler. */ if (session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_128 || session_keys->rtp_cipher->algorithm == SRTP_AES_GCM_256) { return srtp_unprotect_rtcp_aead(ctx, stream, srtcp_hdr, (unsigned int*)pkt_octet_len, session_keys, mki_size); } sec_serv_confidentiality = stream->rtcp_services == sec_serv_conf || stream->rtcp_services == sec_serv_conf_and_auth; /* * set encryption start, encryption length, and trailer */ enc_octet_len = *pkt_octet_len - (octets_in_rtcp_header + tag_len + mki_size + sizeof(srtcp_trailer_t)); /* index & E (encryption) bit follow normal data. hdr->len is the number of words (32-bit) in the normal packet minus 1 */ /* This should point trailer to the word past the end of the normal data. */ /* This would need to be modified for optional mikey data */ /* * NOTE: trailer is 32-bit aligned because RTCP 'packets' are always * multiples of 32-bits (RFC 3550 6.1) */ trailer = (uint32_t *) ((char *) hdr + *pkt_octet_len -(tag_len + mki_size + sizeof(srtcp_trailer_t))); e_bit_in_packet = (*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT; if (e_bit_in_packet != sec_serv_confidentiality) { return srtp_err_status_cant_check; } if (sec_serv_confidentiality) { enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header; } else { enc_octet_len = 0; enc_start = NULL; /* this indicates that there's no encryption */ } /* * set the auth_start and auth_tag pointers to the proper locations * (note that srtcp *always* uses authentication, unlike srtp) */ auth_start = (uint32_t *)hdr; /* * The location of the auth tag in the packet needs to know MKI * could be present. The data needed to calculate the Auth tag * must not include the MKI */ auth_len = *pkt_octet_len - tag_len - mki_size; auth_tag = (uint8_t *)hdr + auth_len + mki_size; /* * if EKT is in use, then we make a copy of the tag from the packet, * and then zeroize the location of the base tag * * we first re-position the auth_tag pointer so that it points to * the base tag */ if (stream->ekt) { auth_tag -= srtp_ekt_octets_after_base_tag(stream->ekt); memcpy(tag_copy, auth_tag, tag_len); octet_string_set_to_zero(auth_tag, tag_len); auth_tag = tag_copy; auth_len += tag_len; } /* * check the sequence number for replays */ /* this is easier than dealing with bitfield access */ seq_num = ntohl(*trailer) & SRTCP_INDEX_MASK; debug_print(mod_srtp, "srtcp index: %x", seq_num); status = srtp_rdb_check(&stream->rtcp_rdb, seq_num); if (status) return status; /* * if we're using aes counter mode, set nonce and seq */ if (session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_128 || session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_192 || session_keys->rtcp_cipher->type->id == SRTP_AES_ICM_256) { v128_t iv; iv.v32[0] = 0; iv.v32[1] = hdr->ssrc; /* still in network order! */ iv.v32[2] = htonl(seq_num >> 16); iv.v32[3] = htonl(seq_num << 16); status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t*)&iv, srtp_direction_decrypt); } else { v128_t iv; /* otherwise, just set the index to seq_num */ iv.v32[0] = 0; iv.v32[1] = 0; iv.v32[2] = 0; iv.v32[3] = htonl(seq_num); status = srtp_cipher_set_iv(session_keys->rtcp_cipher, (uint8_t*)&iv, srtp_direction_decrypt); } if (status) return srtp_err_status_cipher_fail; /* initialize auth func context */ srtp_auth_start(session_keys->rtcp_auth); /* run auth func over packet, put result into tmp_tag */ status = srtp_auth_compute(session_keys->rtcp_auth, (uint8_t *)auth_start, auth_len, tmp_tag); debug_print(mod_srtp, "srtcp computed tag: %s", srtp_octet_string_hex_string(tmp_tag, tag_len)); if (status) return srtp_err_status_auth_fail; /* compare the tag just computed with the one in the packet */ debug_print(mod_srtp, "srtcp tag from packet: %s", srtp_octet_string_hex_string(auth_tag, tag_len)); if (octet_string_is_eq(tmp_tag, auth_tag, tag_len)) return srtp_err_status_auth_fail; /* * if we're authenticating using a universal hash, put the keystream * prefix into the authentication tag */ prefix_len = srtp_auth_get_prefix_length(session_keys->rtcp_auth); if (prefix_len) { status = srtp_cipher_output(session_keys->rtcp_cipher, auth_tag, &prefix_len); debug_print(mod_srtp, "keystream prefix: %s", srtp_octet_string_hex_string(auth_tag, prefix_len)); if (status) return srtp_err_status_cipher_fail; } /* if we're decrypting, exor keystream into the message */ if (enc_start) { status = srtp_cipher_decrypt(session_keys->rtcp_cipher, (uint8_t *)enc_start, &enc_octet_len); if (status) return srtp_err_status_cipher_fail; } /* decrease the packet length by the length of the auth tag and seq_num */ *pkt_octet_len -= (tag_len + sizeof(srtcp_trailer_t)); /* decrease the packet length by the length of the mki_size */ *pkt_octet_len -= mki_size; /* * if EKT is in effect, subtract the EKT data out of the packet * length */ *pkt_octet_len -= srtp_ekt_octets_after_base_tag(stream->ekt); /* * verify that stream is for received traffic - this check will * detect SSRC collisions, since a stream that appears in both * srtp_protect() and srtp_unprotect() will fail this test in one of * those functions. * * we do this check *after* the authentication check, so that the * latter check will catch any attempts to fool us into thinking * that we've got a collision */ if (stream->direction != dir_srtp_receiver) { if (stream->direction == dir_unknown) { stream->direction = dir_srtp_receiver; } else { srtp_handle_event(ctx, stream, event_ssrc_collision); } } /* * if the stream is a 'provisional' one, in which the template context * is used, then we need to allocate a new stream at this point, since * the authentication passed */ if (stream == ctx->stream_template) { srtp_stream_ctx_t *new_stream; /* * allocate and initialize a new stream * * note that we indicate failure if we can't allocate the new * stream, and some implementations will want to not return * failure here */ status = srtp_stream_clone(ctx->stream_template, hdr->ssrc, &new_stream); if (status) return status; /* add new stream to the head of the stream_list */ new_stream->next = ctx->stream_list; ctx->stream_list = new_stream; /* set stream (the pointer used in this function) */ stream = new_stream; } /* we've passed the authentication check, so add seq_num to the rdb */ srtp_rdb_add_index(&stream->rtcp_rdb, seq_num); return srtp_err_status_ok; } /* * user data within srtp_t context */ void srtp_set_user_data(srtp_t ctx, void *data) { ctx->user_data = data; } void* srtp_get_user_data(srtp_t ctx) { return ctx->user_data; } /* * dtls keying for srtp */ srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtp(srtp_crypto_policy_t *policy, srtp_profile_t profile) { /* set SRTP policy from the SRTP profile in the key set */ switch(profile) { case srtp_profile_aes128_cm_sha1_80: srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); break; case srtp_profile_aes128_cm_sha1_32: srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); break; case srtp_profile_null_sha1_80: srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy); break; #if defined(OPENSSL) case srtp_profile_aead_aes_128_gcm: srtp_crypto_policy_set_aes_gcm_128_16_auth(policy); break; case srtp_profile_aead_aes_256_gcm: srtp_crypto_policy_set_aes_gcm_256_16_auth(policy); break; #endif /* the following profiles are not (yet) supported */ case srtp_profile_null_sha1_32: default: return srtp_err_status_bad_param; } return srtp_err_status_ok; } srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtcp(srtp_crypto_policy_t *policy, srtp_profile_t profile) { /* set SRTP policy from the SRTP profile in the key set */ switch(profile) { case srtp_profile_aes128_cm_sha1_80: srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); break; case srtp_profile_aes128_cm_sha1_32: /* We do not honor the 32-bit auth tag request since * this is not compliant with RFC 3711 */ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); break; case srtp_profile_null_sha1_80: srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy); break; #if defined(OPENSSL) case srtp_profile_aead_aes_128_gcm: srtp_crypto_policy_set_aes_gcm_128_16_auth(policy); break; case srtp_profile_aead_aes_256_gcm: srtp_crypto_policy_set_aes_gcm_256_16_auth(policy); break; #endif /* the following profiles are not (yet) supported */ case srtp_profile_null_sha1_32: default: return srtp_err_status_bad_param; } return srtp_err_status_ok; } void srtp_append_salt_to_key(uint8_t *key, unsigned int bytes_in_key, uint8_t *salt, unsigned int bytes_in_salt) { memcpy(key + bytes_in_key, salt, bytes_in_salt); } unsigned int srtp_profile_get_master_key_length(srtp_profile_t profile) { switch(profile) { case srtp_profile_aes128_cm_sha1_80: return SRTP_AES_128_KEY_LEN; break; case srtp_profile_aes128_cm_sha1_32: return SRTP_AES_128_KEY_LEN; break; case srtp_profile_null_sha1_80: return SRTP_AES_128_KEY_LEN; break; case srtp_profile_aead_aes_128_gcm: return SRTP_AES_128_KEY_LEN; break; case srtp_profile_aead_aes_256_gcm: return SRTP_AES_256_KEY_LEN; break; /* the following profiles are not (yet) supported */ case srtp_profile_null_sha1_32: default: return 0; /* indicate error by returning a zero */ } } unsigned int srtp_profile_get_master_salt_length(srtp_profile_t profile) { switch(profile) { case srtp_profile_aes128_cm_sha1_80: return SRTP_SALT_LEN; break; case srtp_profile_aes128_cm_sha1_32: return SRTP_SALT_LEN; break; case srtp_profile_null_sha1_80: return SRTP_SALT_LEN; break; case srtp_profile_aead_aes_128_gcm: return SRTP_AEAD_SALT_LEN; break; case srtp_profile_aead_aes_256_gcm: return SRTP_AEAD_SALT_LEN; break; /* the following profiles are not (yet) supported */ case srtp_profile_null_sha1_32: default: return 0; /* indicate error by returning a zero */ } } srtp_err_status_t srtp_get_protect_trailer_length(srtp_t session, uint32_t use_mki, uint32_t mki_index, uint32_t *length) { srtp_stream_ctx_t *stream; if (session == NULL) return srtp_err_status_bad_param; *length = 0; /* Try obtaining stream from stream_list */ stream = session->stream_list; if (stream == NULL) { /* Try obtaining the template stream */ stream = session->stream_template; } if (stream == NULL) { return srtp_err_status_bad_param; } if (use_mki) { if (mki_index > stream->num_master_keys) return srtp_err_status_bad_mki; *length += stream->session_keys[mki_index].mki_size; *length += srtp_auth_get_tag_length(stream->session_keys[mki_index].rtp_auth); } else { *length += srtp_auth_get_tag_length(stream->session_keys[0].rtp_auth); } return srtp_err_status_ok; } srtp_err_status_t srtp_get_protect_rtcp_trailer_length(srtp_t session, uint32_t use_mki, uint32_t mki_index, uint32_t *length) { srtp_stream_ctx_t *stream; if (session == NULL) return srtp_err_status_bad_param; *length = 0; /* Try obtaining stream from stream_list */ stream = session->stream_list; if (stream == NULL) { /* Try obtaining the template stream */ stream = session->stream_template; } if (stream == NULL) { return srtp_err_status_bad_param; } if (use_mki) { if (mki_index > stream->num_master_keys) return srtp_err_status_bad_mki; *length += stream->session_keys[mki_index].mki_size; *length += srtp_auth_get_tag_length(stream->session_keys[mki_index].rtcp_auth); } else { *length += srtp_auth_get_tag_length(stream->session_keys[0].rtcp_auth); } *length += sizeof(srtcp_trailer_t); return srtp_err_status_ok; } /* * SRTP debug interface */ srtp_err_status_t srtp_set_debug_module(const char *mod_name, int v) { return srtp_crypto_kernel_set_debug_module(mod_name, v); } srtp_err_status_t srtp_list_debug_modules(void) { return srtp_crypto_kernel_list_debug_modules(); } /* * srtp_log_handler is a global variable holding a pointer to the * log handler function; this function is called for any log * output. */ static srtp_log_handler_func_t *srtp_log_handler = NULL; static void * srtp_log_handler_data = NULL; void srtp_err_handler(srtp_err_reporting_level_t level, const char * msg) { if (srtp_log_handler) { srtp_log_level_t log_level = srtp_log_level_error; switch(level) { case srtp_err_level_error: log_level = srtp_log_level_error; break; case srtp_err_level_warning: log_level = srtp_log_level_warning; break; case srtp_err_level_info: log_level = srtp_log_level_info; break; case srtp_err_level_debug: log_level = srtp_log_level_debug; break; } srtp_log_handler(log_level, msg, srtp_log_handler_data); } } srtp_err_status_t srtp_install_log_handler(srtp_log_handler_func_t func, void * data) { /* * note that we accept NULL arguments intentionally - calling this * function with a NULL arguments removes a log handler that's * been previously installed */ if (srtp_log_handler) { srtp_install_err_report_handler(NULL); } srtp_log_handler = func; srtp_log_handler_data = data; if (srtp_log_handler) { srtp_install_err_report_handler(srtp_err_handler); } return srtp_err_status_ok; } srtp_err_status_t srtp_set_stream_roc(srtp_t session, uint32_t ssrc, uint32_t roc) { srtp_stream_t stream; stream = srtp_get_stream(session, htonl(ssrc)); if (stream == NULL) return srtp_err_status_bad_param; stream->pending_roc = roc; return srtp_err_status_ok; } srtp_err_status_t srtp_get_stream_roc(srtp_t session, uint32_t ssrc, uint32_t *roc) { srtp_stream_t stream; stream = srtp_get_stream(session, htonl(ssrc)); if (stream == NULL) return srtp_err_status_bad_param; *roc = srtp_rdbx_get_roc(&stream->rtp_rdbx); return srtp_err_status_ok; } ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/srtp2.vcxproj�������������������������������������������������������������������������0000664�0000000�0000000�00000050045�13120311000�0015641�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?xml version="1.0" encoding="utf-8"?> <Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <ItemGroup Label="ProjectConfigurations"> <ProjectConfiguration Include="Debug Dll|Win32"> <Configuration>Debug Dll</Configuration> <Platform>Win32</Platform> </ProjectConfiguration> <ProjectConfiguration Include="Debug Dll|x64"> <Configuration>Debug Dll</Configuration> <Platform>x64</Platform> </ProjectConfiguration> <ProjectConfiguration Include="Debug|Win32"> <Configuration>Debug</Configuration> <Platform>Win32</Platform> </ProjectConfiguration> <ProjectConfiguration Include="Debug|x64"> <Configuration>Debug</Configuration> <Platform>x64</Platform> </ProjectConfiguration> <ProjectConfiguration Include="Release Dll|Win32"> <Configuration>Release Dll</Configuration> <Platform>Win32</Platform> </ProjectConfiguration> <ProjectConfiguration Include="Release Dll|x64"> <Configuration>Release Dll</Configuration> <Platform>x64</Platform> </ProjectConfiguration> <ProjectConfiguration Include="Release|Win32"> <Configuration>Release</Configuration> <Platform>Win32</Platform> </ProjectConfiguration> <ProjectConfiguration Include="Release|x64"> <Configuration>Release</Configuration> <Platform>x64</Platform> </ProjectConfiguration> </ItemGroup> <PropertyGroup Label="Globals"> <ProjectGuid>{EEF031CB-FED8-451E-A471-91EC8D4F6750}</ProjectGuid> <RootNamespace>srtp2</RootNamespace> <Keyword>Win32Proj</Keyword> </PropertyGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'" Label="Configuration"> <ConfigurationType>DynamicLibrary</ConfigurationType> <PlatformToolset>v140</PlatformToolset> <CharacterSet>Unicode</CharacterSet> <WholeProgramOptimization>true</WholeProgramOptimization> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'" Label="Configuration"> <ConfigurationType>DynamicLibrary</ConfigurationType> <PlatformToolset>v140</PlatformToolset> <CharacterSet>Unicode</CharacterSet> <WholeProgramOptimization>true</WholeProgramOptimization> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'" Label="Configuration"> <ConfigurationType>DynamicLibrary</ConfigurationType> <PlatformToolset>v140</PlatformToolset> <CharacterSet>Unicode</CharacterSet> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'" Label="Configuration"> <ConfigurationType>DynamicLibrary</ConfigurationType> <PlatformToolset>v140</PlatformToolset> <CharacterSet>Unicode</CharacterSet> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration"> <ConfigurationType>StaticLibrary</ConfigurationType> <PlatformToolset>v140</PlatformToolset> <CharacterSet>Unicode</CharacterSet> <WholeProgramOptimization>true</WholeProgramOptimization> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration"> <ConfigurationType>StaticLibrary</ConfigurationType> <PlatformToolset>v140</PlatformToolset> <CharacterSet>Unicode</CharacterSet> <WholeProgramOptimization>true</WholeProgramOptimization> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration"> <ConfigurationType>StaticLibrary</ConfigurationType> <PlatformToolset>v140</PlatformToolset> <CharacterSet>Unicode</CharacterSet> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration"> <ConfigurationType>StaticLibrary</ConfigurationType> <PlatformToolset>v140</PlatformToolset> <CharacterSet>Unicode</CharacterSet> </PropertyGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> <ImportGroup Label="ExtensionSettings"> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> </ImportGroup> <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets"> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> </ImportGroup> <PropertyGroup Label="UserMacros" /> <PropertyGroup> <_ProjectFileVersion>12.0.30501.0</_ProjectFileVersion> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> <OutDir>$(SolutionDir)$(Configuration)\</OutDir> <IntDir>$(Configuration)\</IntDir> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" /> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> <OutDir>$(SolutionDir)$(Configuration)\</OutDir> <IntDir>$(Configuration)\</IntDir> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" /> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'"> <OutDir>$(SolutionDir)$(Configuration)\</OutDir> <IntDir>$(Configuration)\</IntDir> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'" /> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'"> <OutDir>$(SolutionDir)$(Configuration)\</OutDir> <IntDir>$(Configuration)\</IntDir> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'" /> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> <PreBuildEvent> <Message>Creating config.h from config.hw</Message> <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> </PreBuildEvent> <CustomBuildStep> <Message /> <Command /> </CustomBuildStep> <ClCompile> <Optimization>Disabled</Optimization> <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> <MinimalRebuild>true</MinimalRebuild> <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary> <StructMemberAlignment>Default</StructMemberAlignment> <PrecompiledHeader /> <WarningLevel>Level3</WarningLevel> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> </ClCompile> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <PreBuildEvent> <Message>Creating config.h from config.hw</Message> <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> </PreBuildEvent> <CustomBuildStep> <Message> </Message> <Command> </Command> </CustomBuildStep> <ClCompile> <Optimization>Disabled</Optimization> <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary> <StructMemberAlignment>Default</StructMemberAlignment> <PrecompiledHeader> </PrecompiledHeader> <WarningLevel>Level3</WarningLevel> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> </ClCompile> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> <PreBuildEvent> <Message>Creating config.h from config.hw</Message> <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> </PreBuildEvent> <CustomBuildStep> <Message /> <Command /> </CustomBuildStep> <ClCompile> <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> <RuntimeLibrary>MultiThreaded</RuntimeLibrary> <StructMemberAlignment>Default</StructMemberAlignment> <PrecompiledHeader /> <WarningLevel>Level3</WarningLevel> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> </ClCompile> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> <PreBuildEvent> <Message>Creating config.h from config.hw</Message> <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> </PreBuildEvent> <CustomBuildStep> <Message> </Message> <Command> </Command> </CustomBuildStep> <ClCompile> <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> <RuntimeLibrary>MultiThreaded</RuntimeLibrary> <StructMemberAlignment>Default</StructMemberAlignment> <PrecompiledHeader> </PrecompiledHeader> <WarningLevel>Level3</WarningLevel> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> </ClCompile> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'"> <PreBuildEvent> <Message>Creating config.h from config.hw</Message> <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> </PreBuildEvent> <CustomBuildStep> <Message /> <Command /> </CustomBuildStep> <ClCompile> <Optimization>Disabled</Optimization> <IntrinsicFunctions>true</IntrinsicFunctions> <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> <MinimalRebuild>true</MinimalRebuild> <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary> <StructMemberAlignment>Default</StructMemberAlignment> <PrecompiledHeader /> <WarningLevel>Level3</WarningLevel> <DebugInformationFormat>EditAndContinue</DebugInformationFormat> <FunctionLevelLinking>true</FunctionLevelLinking> </ClCompile> <Link> <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile> <OptimizeReferences>false</OptimizeReferences> <EnableCOMDATFolding>false</EnableCOMDATFolding> <LinkTimeCodeGeneration /> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'"> <PreBuildEvent> <Message>Creating config.h from config.hw</Message> <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> </PreBuildEvent> <CustomBuildStep> <Message> </Message> <Command> </Command> </CustomBuildStep> <ClCompile> <Optimization>Disabled</Optimization> <IntrinsicFunctions>true</IntrinsicFunctions> <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary> <StructMemberAlignment>Default</StructMemberAlignment> <PrecompiledHeader> </PrecompiledHeader> <WarningLevel>Level3</WarningLevel> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> </ClCompile> <Link> <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile> <OptimizeReferences>false</OptimizeReferences> <EnableCOMDATFolding>false</EnableCOMDATFolding> <LinkTimeCodeGeneration> </LinkTimeCodeGeneration> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|Win32'"> <PreBuildEvent> <Message>Creating config.h from config.hw</Message> <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> </PreBuildEvent> <CustomBuildStep> <Message /> <Command /> </CustomBuildStep> <ClCompile> <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> <StructMemberAlignment>Default</StructMemberAlignment> <PrecompiledHeader /> <WarningLevel>Level3</WarningLevel> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> </ClCompile> <Link> <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release Dll|x64'"> <PreBuildEvent> <Message>Creating config.h from config.hw</Message> <Command>copy /Y "$(ProjectDir)config.hw" "$(ProjectDir)crypto\include\config.h" &gt; NUL</Command> </PreBuildEvent> <CustomBuildStep> <Message> </Message> <Command> </Command> </CustomBuildStep> <ClCompile> <AdditionalIncludeDirectories>crypto/include;include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;HAVE_CONFIG_H;%(PreprocessorDefinitions)</PreprocessorDefinitions> <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> <StructMemberAlignment>Default</StructMemberAlignment> <PrecompiledHeader> </PrecompiledHeader> <WarningLevel>Level3</WarningLevel> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> </ClCompile> <Link> <AdditionalDependencies>Ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies> <ModuleDefinitionFile>srtp.def</ModuleDefinitionFile> </Link> </ItemDefinitionGroup> <ItemGroup> <ClCompile Include="crypto\cipher\aes.c"> <InlineFunctionExpansion Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">Default</InlineFunctionExpansion> <InlineFunctionExpansion Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">Default</InlineFunctionExpansion> <IntrinsicFunctions Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">false</IntrinsicFunctions> <IntrinsicFunctions Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">false</IntrinsicFunctions> <FunctionLevelLinking Condition="'$(Configuration)|$(Platform)'=='Debug Dll|Win32'">false</FunctionLevelLinking> <FunctionLevelLinking Condition="'$(Configuration)|$(Platform)'=='Debug Dll|x64'">false</FunctionLevelLinking> </ClCompile> <ClCompile Include="crypto\cipher\aes_icm.c" /> <ClCompile Include="crypto\cipher\cipher.c" /> <ClCompile Include="crypto\cipher\null_cipher.c" /> <ClCompile Include="crypto\hash\auth.c" /> <ClCompile Include="crypto\hash\hmac.c" /> <ClCompile Include="crypto\hash\null_auth.c" /> <ClCompile Include="crypto\hash\sha1.c" /> <ClCompile Include="crypto\kernel\alloc.c" /> <ClCompile Include="crypto\kernel\crypto_kernel.c" /> <ClCompile Include="crypto\kernel\err.c" /> <ClCompile Include="crypto\kernel\key.c" /> <ClCompile Include="crypto\math\datatypes.c" /> <ClCompile Include="crypto\math\stat.c" /> <ClCompile Include="crypto\replay\rdb.c" /> <ClCompile Include="crypto\replay\rdbx.c" /> <ClCompile Include="crypto\replay\ut_sim.c" /> <ClCompile Include="srtp\ekt.c" /> <ClCompile Include="srtp\srtp.c" /> </ItemGroup> <ItemGroup> <ClInclude Include="crypto\include\aes.h" /> <ClInclude Include="crypto\include\aes_cbc.h" /> <ClInclude Include="crypto\include\aes_icm.h" /> <ClInclude Include="crypto\include\alloc.h" /> <ClInclude Include="crypto\include\auth.h" /> <ClInclude Include="crypto\include\cipher.h" /> <ClInclude Include="crypto\include\config.h" /> <ClInclude Include="crypto\include\crypto.h" /> <ClInclude Include="crypto\include\cryptoalg.h" /> <ClInclude Include="crypto\include\crypto_kernel.h" /> <ClInclude Include="crypto\include\crypto_types.h" /> <ClInclude Include="crypto\include\datatypes.h" /> <ClInclude Include="crypto\include\err.h" /> <ClInclude Include="crypto\include\gf2_8.h" /> <ClInclude Include="crypto\include\hmac.h" /> <ClInclude Include="crypto\include\integers.h" /> <ClInclude Include="crypto\include\key.h" /> <ClInclude Include="crypto\include\null_auth.h" /> <ClInclude Include="crypto\include\null_cipher.h" /> <ClInclude Include="crypto\include\prng.h" /> <ClInclude Include="crypto\include\rand_source.h" /> <ClInclude Include="crypto\include\rdb.h" /> <ClInclude Include="crypto\include\rdbx.h" /> <ClInclude Include="crypto\include\sha1.h" /> <ClInclude Include="crypto\include\stat.h" /> <ClInclude Include="include\ekt.h" /> <ClInclude Include="include\srtp.h" /> <ClInclude Include="include\srtp_priv.h" /> <ClInclude Include="include\ut_sim.h" /> </ItemGroup> <ItemGroup> <None Include="config.hw" /> <None Include="srtp.def" /> </ItemGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <ImportGroup Label="ExtensionTargets"> </ImportGroup> </Project>�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/srtp2.vcxproj.filters�����������������������������������������������������������������0000664�0000000�0000000�00000015027�13120311000�0017311�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������<?xml version="1.0" encoding="utf-8"?> <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <ItemGroup> <Filter Include="Source Files"> <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier> <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions> </Filter> <Filter Include="Source Files\Kernel"> <UniqueIdentifier>{c23c2703-7a15-4b7e-be1c-0555b7d0f8e1}</UniqueIdentifier> </Filter> <Filter Include="Source Files\Ciphers"> <UniqueIdentifier>{43e45f3f-795e-4f2a-8801-3e19b7801d07}</UniqueIdentifier> </Filter> <Filter Include="Source Files\Hashes"> <UniqueIdentifier>{11a7bf2a-6706-4c35-8e91-f58bef0f8669}</UniqueIdentifier> </Filter> <Filter Include="Source Files\Replay"> <UniqueIdentifier>{237501ce-7043-44c7-a895-df2ceae6c8cd}</UniqueIdentifier> </Filter> <Filter Include="Source Files\Math"> <UniqueIdentifier>{2a11592a-e474-4a50-bb3a-e4f039633257}</UniqueIdentifier> </Filter> <Filter Include="Header Files"> <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier> <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions> </Filter> <Filter Include="Resource Files"> <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions> </Filter> </ItemGroup> <ItemGroup> <ClCompile Include="srtp\ekt.c"> <Filter>Source Files</Filter> </ClCompile> <ClCompile Include="srtp\srtp.c"> <Filter>Source Files</Filter> </ClCompile> <ClCompile Include="crypto\kernel\alloc.c"> <Filter>Source Files\Kernel</Filter> </ClCompile> <ClCompile Include="crypto\kernel\crypto_kernel.c"> <Filter>Source Files\Kernel</Filter> </ClCompile> <ClCompile Include="crypto\kernel\err.c"> <Filter>Source Files\Kernel</Filter> </ClCompile> <ClCompile Include="crypto\kernel\key.c"> <Filter>Source Files\Kernel</Filter> </ClCompile> <ClCompile Include="crypto\cipher\aes.c"> <Filter>Source Files\Ciphers</Filter> </ClCompile> <ClCompile Include="crypto\cipher\aes_icm.c"> <Filter>Source Files\Ciphers</Filter> </ClCompile> <ClCompile Include="crypto\cipher\cipher.c"> <Filter>Source Files\Ciphers</Filter> </ClCompile> <ClCompile Include="crypto\cipher\null_cipher.c"> <Filter>Source Files\Ciphers</Filter> </ClCompile> <ClCompile Include="crypto\hash\auth.c"> <Filter>Source Files\Hashes</Filter> </ClCompile> <ClCompile Include="crypto\hash\hmac.c"> <Filter>Source Files\Hashes</Filter> </ClCompile> <ClCompile Include="crypto\hash\null_auth.c"> <Filter>Source Files\Hashes</Filter> </ClCompile> <ClCompile Include="crypto\hash\sha1.c"> <Filter>Source Files\Hashes</Filter> </ClCompile> <ClCompile Include="crypto\replay\rdb.c"> <Filter>Source Files\Replay</Filter> </ClCompile> <ClCompile Include="crypto\replay\rdbx.c"> <Filter>Source Files\Replay</Filter> </ClCompile> <ClCompile Include="crypto\replay\ut_sim.c"> <Filter>Source Files\Replay</Filter> </ClCompile> <ClCompile Include="crypto\math\datatypes.c"> <Filter>Source Files\Math</Filter> </ClCompile> <ClCompile Include="crypto\math\stat.c"> <Filter>Source Files\Math</Filter> </ClCompile> </ItemGroup> <ItemGroup> <ClInclude Include="crypto\include\aes.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\aes_cbc.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\aes_icm.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\alloc.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\auth.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\cipher.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\config.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\crypto.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\crypto_kernel.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\crypto_types.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\cryptoalg.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\datatypes.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="include\ekt.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\err.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\gf2_8.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\hmac.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\integers.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\key.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\null_auth.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\null_cipher.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\prng.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\rand_source.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\rdb.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\rdbx.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\sha1.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="include\srtp.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="include\srtp_priv.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="crypto\include\stat.h"> <Filter>Header Files</Filter> </ClInclude> <ClInclude Include="include\ut_sim.h"> <Filter>Header Files</Filter> </ClInclude> </ItemGroup> <ItemGroup> <None Include="config.hw" /> <None Include="srtp.def"> <Filter>Source Files</Filter> </None> </ItemGroup> </Project>���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/test/���������������������������������������������������������������������������������0000775�0000000�0000000�00000000000�13120311000�0014125�5����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/test/cutest.h�������������������������������������������������������������������������0000664�0000000�0000000�00000052135�13120311000�0015613�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * CUTest -- C/C++ Unit Test facility * <http://github.com/mity/cutest> * * Copyright (c) 2013-2017 Martin Mitas * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the "Software"), * to deal in the Software without restriction, including without limitation * the rights to use, copy, modify, merge, publish, distribute, sublicense, * and/or sell copies of the Software, and to permit persons to whom the * Software is furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS * IN THE SOFTWARE. */ #ifndef CUTEST_H__ #define CUTEST_H__ /************************ *** Public interface *** ************************/ /* By default, <cutest.h> provides the main program entry point (function * main()). However, if the test suite is composed of multiple source files * which include <cutest.h>, then this causes a problem of multiple main() * definitions. To avoid this problem, #define macro TEST_NO_MAIN in all * compilation units but one. */ /* Macro to specify list of unit tests in the suite. * The unit test implementation MUST provide list of unit tests it implements * with this macro: * * TEST_LIST = { * { "test1_name", test1_func_ptr }, * { "test2_name", test2_func_ptr }, * ... * { 0 } * }; * * The list specifies names of each test (must be unique) and pointer to * a function implementing it. The function does not take any arguments * and has no return values, i.e. every test function has tp be compatible * with this prototype: * * void test_func(void); */ #define TEST_LIST const struct test__ test_list__[] /* Macros for testing whether an unit test succeeds or fails. These macros * can be used arbitrarily in functions implementing the unit tests. * * If any condition fails throughout execution of a test, the test fails. * * TEST_CHECK takes only one argument (the condition), TEST_CHECK_ allows * also to specify an error message to print out if the condition fails. * (It expects printf-like format string and its parameters). The macros * return non-zero (condition passes) or 0 (condition fails). * * That can be useful when more conditions should be checked only if some * preceding condition passes, as illustrated in this code snippet: * * SomeStruct* ptr = allocate_some_struct(); * if(TEST_CHECK(ptr != NULL)) { * TEST_CHECK(ptr->member1 < 100); * TEST_CHECK(ptr->member2 > 200); * } */ #define TEST_CHECK_(cond,...) test_check__((cond), __FILE__, __LINE__, __VA_ARGS__) #define TEST_CHECK(cond) test_check__((cond), __FILE__, __LINE__, "%s", #cond) /********************** *** Implementation *** **********************/ /* The unit test files should not rely on anything below. */ #include <stdarg.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #if defined(unix) || defined(__unix__) || defined(__unix) || defined(__APPLE__) #define CUTEST_UNIX__ 1 #include <errno.h> #include <unistd.h> #include <sys/types.h> #include <sys/wait.h> #include <signal.h> #endif #if defined(_WIN32) || defined(__WIN32__) || defined(__WINDOWS__) #define CUTEST_WIN__ 1 #include <windows.h> #include <io.h> #endif #ifdef __cplusplus #include <exception> #endif /* Note our global private identifiers end with '__' to mitigate risk of clash * with the unit tests implementation. */ #ifdef __cplusplus extern "C" { #endif struct test__ { const char* name; void (*func)(void); }; extern const struct test__ test_list__[]; int test_check__(int cond, const char* file, int line, const char* fmt, ...); #ifndef TEST_NO_MAIN static char* test_argv0__ = NULL; static int test_count__ = 0; static int test_no_exec__ = 0; static int test_no_summary__ = 0; static int test_skip_mode__ = 0; static int test_stat_failed_units__ = 0; static int test_stat_run_units__ = 0; static const struct test__* test_current_unit__ = NULL; static int test_current_already_logged__ = 0; static int test_verbose_level__ = 2; static int test_current_failures__ = 0; static int test_colorize__ = 0; #define CUTEST_COLOR_DEFAULT__ 0 #define CUTEST_COLOR_GREEN__ 1 #define CUTEST_COLOR_RED__ 2 #define CUTEST_COLOR_DEFAULT_INTENSIVE__ 3 #define CUTEST_COLOR_GREEN_INTENSIVE__ 4 #define CUTEST_COLOR_RED_INTENSIVE__ 5 static size_t test_print_in_color__(int color, const char* fmt, ...) { va_list args; char buffer[256]; size_t n; va_start(args, fmt); vsnprintf(buffer, sizeof(buffer), fmt, args); va_end(args); buffer[sizeof(buffer)-1] = '\0'; if(!test_colorize__) { return printf("%s", buffer); } #if defined CUTEST_UNIX__ { const char* col_str; switch(color) { case CUTEST_COLOR_GREEN__: col_str = "\033[0;32m"; break; case CUTEST_COLOR_RED__: col_str = "\033[0;31m"; break; case CUTEST_COLOR_GREEN_INTENSIVE__: col_str = "\033[1;32m"; break; case CUTEST_COLOR_RED_INTENSIVE__: col_str = "\033[1;30m"; break; case CUTEST_COLOR_DEFAULT_INTENSIVE__: col_str = "\033[1m"; break; default: col_str = "\033[0m"; break; } printf("%s", col_str); n = printf("%s", buffer); printf("\033[0m"); return n; } #elif defined CUTEST_WIN__ { HANDLE h; CONSOLE_SCREEN_BUFFER_INFO info; WORD attr; h = GetStdHandle(STD_OUTPUT_HANDLE); GetConsoleScreenBufferInfo(h, &info); switch(color) { case CUTEST_COLOR_GREEN__: attr = FOREGROUND_GREEN; break; case CUTEST_COLOR_RED__: attr = FOREGROUND_RED; break; case CUTEST_COLOR_GREEN_INTENSIVE__: attr = FOREGROUND_GREEN | FOREGROUND_INTENSITY; break; case CUTEST_COLOR_RED_INTENSIVE__: attr = FOREGROUND_RED | FOREGROUND_INTENSITY; break; case CUTEST_COLOR_DEFAULT_INTENSIVE__: attr = FOREGROUND_BLUE | FOREGROUND_GREEN | FOREGROUND_RED | FOREGROUND_INTENSITY; break; default: attr = 0; break; } if(attr != 0) SetConsoleTextAttribute(h, attr); n = printf("%s", buffer); SetConsoleTextAttribute(h, info.wAttributes); return n; } #else n = printf("%s", buffer); return n; #endif } int test_check__(int cond, const char* file, int line, const char* fmt, ...) { const char *result_str; int result_color; int verbose_level; if(cond) { result_str = "ok"; result_color = CUTEST_COLOR_GREEN__; verbose_level = 3; } else { if(!test_current_already_logged__ && test_current_unit__ != NULL) { printf("[ "); test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, "FAILED"); printf(" ]\n"); } result_str = "failed"; result_color = CUTEST_COLOR_RED__; verbose_level = 2; test_current_failures__++; test_current_already_logged__++; } if(test_verbose_level__ >= verbose_level) { size_t n = 0; va_list args; printf(" "); if(file != NULL) n += printf("%s:%d: Check ", file, line); va_start(args, fmt); n += vprintf(fmt, args); va_end(args); printf("... "); test_print_in_color__(result_color, result_str); printf("\n"); test_current_already_logged__++; } return (cond != 0); } static void test_list_names__(void) { const struct test__* test; printf("Unit tests:\n"); for(test = &test_list__[0]; test->func != NULL; test++) printf(" %s\n", test->name); } static const struct test__* test_by_name__(const char* name) { const struct test__* test; for(test = &test_list__[0]; test->func != NULL; test++) { if(strcmp(test->name, name) == 0) return test; } return NULL; } /* Call directly the given test unit function. */ static int test_do_run__(const struct test__* test) { test_current_unit__ = test; test_current_failures__ = 0; test_current_already_logged__ = 0; if(test_verbose_level__ >= 3) { test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__, "Test %s:\n", test->name); test_current_already_logged__++; } else if(test_verbose_level__ >= 1) { size_t n; char spaces[32]; n = test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__, "Test %s... ", test->name); memset(spaces, ' ', sizeof(spaces)); if(n < sizeof(spaces)) printf("%.*s", (int) (sizeof(spaces) - n), spaces); } else { test_current_already_logged__ = 1; } #ifdef __cplusplus try { #endif /* This is good to do for case the test unit e.g. crashes. */ fflush(stdout); fflush(stderr); test->func(); #ifdef __cplusplus } catch(std::exception& e) { const char* what = e.what(); if(what != NULL) test_check__(0, NULL, 0, "Threw std::exception: %s", what); else test_check__(0, NULL, 0, "Threw std::exception"); } catch(...) { test_check__(0, NULL, 0, "Threw an exception"); } #endif if(test_verbose_level__ >= 3) { switch(test_current_failures__) { case 0: test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__, " All conditions have passed.\n\n"); break; case 1: test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, " One condition has FAILED.\n\n"); break; default: test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, " %d conditions have FAILED.\n\n", test_current_failures__); break; } } else if(test_verbose_level__ >= 1 && test_current_failures__ == 0) { printf("[ "); test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__, "OK"); printf(" ]\n"); } test_current_unit__ = NULL; return (test_current_failures__ == 0) ? 0 : -1; } #if defined(CUTEST_UNIX__) || defined(CUTEST_WIN__) /* Called if anything goes bad in cutest, or if the unit test ends in other * way then by normal returning from its function (e.g. exception or some * abnormal child process termination). */ static void test_error__(const char* fmt, ...) { va_list args; if(test_verbose_level__ == 0) return; if(test_verbose_level__ <= 2 && !test_current_already_logged__ && test_current_unit__ != NULL) { printf("[ "); test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, "FAILED"); printf(" ]\n"); } if(test_verbose_level__ >= 2) { test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, " Error: "); va_start(args, fmt); vprintf(fmt, args); va_end(args); printf("\n"); } } #endif /* Trigger the unit test. If possible (and not suppressed) it starts a child * process who calls test_do_run__(), otherwise it calls test_do_run__() * directly. */ static void test_run__(const struct test__* test) { int failed = 1; test_current_unit__ = test; test_current_already_logged__ = 0; if(!test_no_exec__) { #if defined(CUTEST_UNIX__) pid_t pid; int exit_code; pid = fork(); if(pid == (pid_t)-1) { test_error__("Cannot fork. %s [%d]", strerror(errno), errno); failed = 1; } else if(pid == 0) { /* Child: Do the test. */ failed = (test_do_run__(test) != 0); exit(failed ? 1 : 0); } else { /* Parent: Wait until child terminates and analyze its exit code. */ waitpid(pid, &exit_code, 0); if(WIFEXITED(exit_code)) { switch(WEXITSTATUS(exit_code)) { case 0: failed = 0; break; /* test has passed. */ case 1: /* noop */ break; /* "normal" failure. */ default: test_error__("Unexpected exit code [%d]", WEXITSTATUS(exit_code)); } } else if(WIFSIGNALED(exit_code)) { char tmp[32]; const char* signame; switch(WTERMSIG(exit_code)) { case SIGINT: signame = "SIGINT"; break; case SIGHUP: signame = "SIGHUP"; break; case SIGQUIT: signame = "SIGQUIT"; break; case SIGABRT: signame = "SIGABRT"; break; case SIGKILL: signame = "SIGKILL"; break; case SIGSEGV: signame = "SIGSEGV"; break; case SIGILL: signame = "SIGILL"; break; case SIGTERM: signame = "SIGTERM"; break; default: sprintf(tmp, "signal %d", WTERMSIG(exit_code)); signame = tmp; break; } test_error__("Test interrupted by %s", signame); } else { test_error__("Test ended in an unexpected way [%d]", exit_code); } } #elif defined(CUTEST_WIN__) char buffer[512] = {0}; STARTUPINFOA startupInfo = {0}; PROCESS_INFORMATION processInfo; DWORD exitCode; /* Windows has no fork(). So we propagate all info into the child * through a command line arguments. */ _snprintf(buffer, sizeof(buffer)-1, "%s --no-exec --no-summary --verbose=%d --color=%s -- \"%s\"", test_argv0__, test_verbose_level__, test_colorize__ ? "always" : "never", test->name); startupInfo.cb = sizeof(STARTUPINFO); if(CreateProcessA(NULL, buffer, NULL, NULL, FALSE, 0, NULL, NULL, &startupInfo, &processInfo)) { WaitForSingleObject(processInfo.hProcess, INFINITE); GetExitCodeProcess(processInfo.hProcess, &exitCode); CloseHandle(processInfo.hThread); CloseHandle(processInfo.hProcess); failed = (exitCode != 0); } else { test_error__("Cannot create unit test subprocess [%ld].", GetLastError()); failed = 1; } #else /* A platform where we don't know how to run child process. */ failed = (test_do_run__(test) != 0); #endif } else { /* Child processes suppressed through --no-exec. */ failed = (test_do_run__(test) != 0); } test_current_unit__ = NULL; test_stat_run_units__++; if(failed) test_stat_failed_units__++; } #if defined(CUTEST_WIN__) /* Callback for SEH events. */ static LONG CALLBACK test_exception_filter__(EXCEPTION_POINTERS *ptrs) { test_error__("Unhandled SEH exception %08lx at %p.", ptrs->ExceptionRecord->ExceptionCode, ptrs->ExceptionRecord->ExceptionAddress); fflush(stdout); fflush(stderr); return EXCEPTION_EXECUTE_HANDLER; } #endif static void test_help__(void) { printf("Usage: %s [options] [test...]\n", test_argv0__); printf("Run the specified unit tests; or if the option '--skip' is used, run all\n"); printf("tests in the suite but those listed. By default, if no tests are specified\n"); printf("on the command line, all unit tests in the suite are run.\n"); printf("\n"); printf("Options:\n"); printf(" -s, --skip Execute all unit tests but the listed ones\n"); printf(" --no-exec Do not execute unit tests as child processes\n"); printf(" --no-summary Suppress printing of test results summary\n"); printf(" -l, --list List unit tests in the suite and exit\n"); printf(" -v, --verbose Enable more verbose output\n"); printf(" --verbose=LEVEL Set verbose level to LEVEL:\n"); printf(" 0 ... Be silent\n"); printf(" 1 ... Output one line per test (and summary)\n"); printf(" 2 ... As 1 and failed conditions (this is default)\n"); printf(" 3 ... As 1 and all conditions (and extended summary)\n"); printf(" --color=WHEN Enable colorized output (WHEN is one of 'auto', 'always', 'never')\n"); printf(" -h, --help Display this help and exit\n"); printf("\n"); test_list_names__(); } int main(int argc, char** argv) { const struct test__** tests = NULL; int i, j, n = 0; int seen_double_dash = 0; test_argv0__ = argv[0]; #if defined CUTEST_UNIX__ test_colorize__ = isatty(STDOUT_FILENO); #elif defined CUTEST_WIN__ test_colorize__ = _isatty(_fileno(stdout)); #else test_colorize__ = 0; #endif /* Parse options */ for(i = 1; i < argc; i++) { if(seen_double_dash || argv[i][0] != '-') { tests = (const struct test__**) realloc((void*)tests, (n+1) * sizeof(const struct test__*)); if(tests == NULL) { fprintf(stderr, "Out of memory.\n"); exit(2); } tests[n] = test_by_name__(argv[i]); if(tests[n] == NULL) { fprintf(stderr, "%s: Unrecognized unit test '%s'\n", argv[0], argv[i]); fprintf(stderr, "Try '%s --list' for list of unit tests.\n", argv[0]); exit(2); } n++; } else if(strcmp(argv[i], "--") == 0) { seen_double_dash = 1; } else if(strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-h") == 0) { test_help__(); exit(0); } else if(strcmp(argv[i], "--verbose") == 0 || strcmp(argv[i], "-v") == 0) { test_verbose_level__++; } else if(strncmp(argv[i], "--verbose=", 10) == 0) { test_verbose_level__ = atoi(argv[i] + 10); } else if(strcmp(argv[i], "--color=auto") == 0) { /* noop (set from above) */ } else if(strcmp(argv[i], "--color=always") == 0 || strcmp(argv[i], "--color") == 0) { test_colorize__ = 1; } else if(strcmp(argv[i], "--color=never") == 0) { test_colorize__ = 0; } else if(strcmp(argv[i], "--skip") == 0 || strcmp(argv[i], "-s") == 0) { test_skip_mode__ = 1; } else if(strcmp(argv[i], "--no-exec") == 0) { test_no_exec__ = 1; } else if(strcmp(argv[i], "--no-summary") == 0) { test_no_summary__ = 1; } else if(strcmp(argv[i], "--list") == 0 || strcmp(argv[i], "-l") == 0) { test_list_names__(); exit(0); } else { fprintf(stderr, "%s: Unrecognized option '%s'\n", argv[0], argv[i]); fprintf(stderr, "Try '%s --help' for more information.\n", argv[0]); exit(2); } } #if defined(CUTEST_WIN__) SetUnhandledExceptionFilter(test_exception_filter__); #endif /* Count all test units */ test_count__ = 0; for(i = 0; test_list__[i].func != NULL; i++) test_count__++; /* Run the tests */ if(n == 0) { /* Run all tests */ for(i = 0; test_list__[i].func != NULL; i++) test_run__(&test_list__[i]); } else if(!test_skip_mode__) { /* Run the listed tests */ for(i = 0; i < n; i++) test_run__(tests[i]); } else { /* Run all tests except those listed */ for(i = 0; test_list__[i].func != NULL; i++) { int want_skip = 0; for(j = 0; j < n; j++) { if(tests[j] == &test_list__[i]) { want_skip = 1; break; } } if(!want_skip) test_run__(&test_list__[i]); } } /* Write a summary */ if(!test_no_summary__ && test_verbose_level__ >= 1) { test_print_in_color__(CUTEST_COLOR_DEFAULT_INTENSIVE__, "\nSummary:\n"); if(test_verbose_level__ >= 3) { printf(" Count of all unit tests: %4d\n", test_count__); printf(" Count of run unit tests: %4d\n", test_stat_run_units__); printf(" Count of failed unit tests: %4d\n", test_stat_failed_units__); printf(" Count of skipped unit tests: %4d\n", test_count__ - test_stat_run_units__); } if(test_stat_failed_units__ == 0) { test_print_in_color__(CUTEST_COLOR_GREEN_INTENSIVE__, " SUCCESS: All unit tests have passed.\n"); } else { test_print_in_color__(CUTEST_COLOR_RED_INTENSIVE__, " FAILED: %d of %d unit tests have failed.\n", test_stat_failed_units__, test_stat_run_units__); } } if(tests != NULL) free((void*)tests); return (test_stat_failed_units__ == 0) ? 0 : 1; } #endif /* #ifndef TEST_NO_MAIN */ #ifdef __cplusplus } /* extern "C" */ #endif #endif /* #ifndef CUTEST_H__ */ �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/test/dtls_srtp_driver.c���������������������������������������������������������������0000664�0000000�0000000�00000016700�13120311000�0017666�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * dtls_srtp_driver.c * * test driver for DTLS-SRTP functions * * David McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include <stdio.h> /* for printf() */ #include "getopt_s.h" /* for local getopt() */ #include "srtp_priv.h" srtp_err_status_t test_dtls_srtp(void); srtp_hdr_t * srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc); void usage(char *prog_name) { printf("usage: %s [ -t ][ -c ][ -v ][-d <debug_module> ]* [ -l ]\n" " -d <mod> turn on debugging module <mod>\n" " -l list debugging modules\n", prog_name); exit(1); } int main(int argc, char *argv[]) { unsigned do_list_mods = 0; int q; srtp_err_status_t err; printf("dtls_srtp_driver\n"); /* initialize srtp library */ err = srtp_init(); if (err) { printf("error: srtp init failed with error code %d\n", err); exit(1); } /* process input arguments */ while (1) { q = getopt_s(argc, argv, "ld:"); if (q == -1) break; switch (q) { case 'l': do_list_mods = 1; break; case 'd': err = srtp_crypto_kernel_set_debug_module(optarg_s, 1); if (err) { printf("error: set debug module (%s) failed\n", optarg_s); exit(1); } break; default: usage(argv[0]); } } if (do_list_mods) { err = srtp_crypto_kernel_list_debug_modules(); if (err) { printf("error: list of debug modules failed\n"); exit(1); } } printf("testing dtls_srtp..."); err = test_dtls_srtp(); if (err) { printf("\nerror (code %d)\n", err); exit(1); } printf("passed\n"); /* shut down srtp library */ err = srtp_shutdown(); if (err) { printf("error: srtp shutdown failed with error code %d\n", err); exit(1); } return 0; } srtp_err_status_t test_dtls_srtp(void) { srtp_hdr_t *test_packet; int test_packet_len = 80; srtp_t s; srtp_policy_t policy; uint8_t key[SRTP_MAX_KEY_LEN]; uint8_t salt[SRTP_MAX_KEY_LEN]; unsigned int key_len, salt_len; srtp_profile_t profile; srtp_err_status_t err; memset(&policy, 0x0, sizeof(srtp_policy_t)); /* create a 'null' SRTP session */ err = srtp_create(&s, NULL); if (err) return err; /* * verify that packet-processing functions behave properly - we * expect that these functions will return srtp_err_status_no_ctx */ test_packet = srtp_create_test_packet(80, 0xa5a5a5a5); if (test_packet == NULL) return srtp_err_status_alloc_fail; err = srtp_protect(s, test_packet, &test_packet_len); if (err != srtp_err_status_no_ctx) { printf("wrong return value from srtp_protect() (got code %d)\n", err); return srtp_err_status_fail; } err = srtp_unprotect(s, test_packet, &test_packet_len); if (err != srtp_err_status_no_ctx) { printf("wrong return value from srtp_unprotect() (got code %d)\n", err); return srtp_err_status_fail; } err = srtp_protect_rtcp(s, test_packet, &test_packet_len); if (err != srtp_err_status_no_ctx) { printf("wrong return value from srtp_protect_rtcp() (got code %d)\n", err); return srtp_err_status_fail; } err = srtp_unprotect_rtcp(s, test_packet, &test_packet_len); if (err != srtp_err_status_no_ctx) { printf("wrong return value from srtp_unprotect_rtcp() (got code %d)\n", err); return srtp_err_status_fail; } /* * set keys to known values for testing */ profile = srtp_profile_aes128_cm_sha1_80; key_len = srtp_profile_get_master_key_length(profile); salt_len = srtp_profile_get_master_salt_length(profile); memset(key, 0xff, key_len); memset(salt, 0xee, salt_len); srtp_append_salt_to_key(key, key_len, salt, salt_len); policy.key = key; /* initialize SRTP policy from profile */ err = srtp_crypto_policy_set_from_profile_for_rtp(&policy.rtp, profile); if (err) return err; err = srtp_crypto_policy_set_from_profile_for_rtcp(&policy.rtcp, profile); if (err) return err; policy.ssrc.type = ssrc_any_inbound; policy.ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; err = srtp_add_stream(s, &policy); if (err) return err; err = srtp_dealloc(s); if (err) return err; free(test_packet); return srtp_err_status_ok; } /* * srtp_create_test_packet(len, ssrc) returns a pointer to a * (malloced) example RTP packet whose data field has the length given * by pkt_octet_len and the SSRC value ssrc. The total length of the * packet is twelve octets longer, since the header is at the * beginning. There is room at the end of the packet for a trailer, * and the four octets following the packet are filled with 0xff * values to enable testing for overwrites. * * note that the location of the test packet can (and should) be * deallocated with the free() call once it is no longer needed. */ srtp_hdr_t * srtp_create_test_packet(int pkt_octet_len, uint32_t ssrc) { int i; uint8_t *buffer; srtp_hdr_t *hdr; int bytes_in_hdr = 12; /* allocate memory for test packet */ hdr = malloc(pkt_octet_len + bytes_in_hdr + SRTP_MAX_TRAILER_LEN + 4); if (!hdr) return NULL; hdr->version = 2; /* RTP version two */ hdr->p = 0; /* no padding needed */ hdr->x = 0; /* no header extension */ hdr->cc = 0; /* no CSRCs */ hdr->m = 0; /* marker bit */ hdr->pt = 0xf; /* payload type */ hdr->seq = htons(0x1234); /* sequence number */ hdr->ts = htonl(0xdecafbad); /* timestamp */ hdr->ssrc = htonl(ssrc); /* synch. source */ buffer = (uint8_t *)hdr; buffer += bytes_in_hdr; /* set RTP data to 0xab */ for (i=0; i < pkt_octet_len; i++) *buffer++ = 0xab; /* set post-data value to 0xffff to enable overrun checking */ for (i=0; i < SRTP_MAX_TRAILER_LEN+4; i++) *buffer++ = 0xff; return hdr; } ����������������������������������������������������������������libsrtp-2.1.0/test/getopt_s.c�����������������������������������������������������������������������0000664�0000000�0000000�00000006176�13120311000�0016127�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * getopt.c * * a minimal implementation of the getopt() function, written so that * test applications that use that function can run on non-POSIX * platforms * */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include <stdlib.h> /* for NULL */ int optind_s = 0; char *optarg_s; #define GETOPT_FOUND_WITHOUT_ARGUMENT 2 #define GETOPT_FOUND_WITH_ARGUMENT 1 #define GETOPT_NOT_FOUND 0 static int getopt_check_character(char c, const char *string) { unsigned int max_string_len = 128; while (*string != 0) { if (max_string_len == 0) { return '?'; } if (*string++ == c) { if (*string == ':') { return GETOPT_FOUND_WITH_ARGUMENT; } else { return GETOPT_FOUND_WITHOUT_ARGUMENT; } } } return GETOPT_NOT_FOUND; } int getopt_s(int argc, char * const argv[], const char *optstring) { while (optind_s + 1 < argc) { char *string; /* move 'string' on to next argument */ optind_s++; string = argv[optind_s]; if (string == NULL) return '?'; /* NULL argument string */ if (string[0] != '-') return -1; /* found an unexpected character */ switch(getopt_check_character(string[1], optstring)) { case GETOPT_FOUND_WITH_ARGUMENT: if (optind_s + 1 < argc) { optind_s++; optarg_s = argv[optind_s]; return string[1]; } else { return '?'; /* argument missing */ } case GETOPT_FOUND_WITHOUT_ARGUMENT: return string[1]; case GETOPT_NOT_FOUND: default: return '?'; /* didn't find expected character */ break; } } return -1; } ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/test/rdbx_driver.c��������������������������������������������������������������������0000664�0000000�0000000�00000022347�13120311000�0016613�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * rdbx_driver.c * * driver for the rdbx implementation (replay database with extended range) * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include <stdio.h> /* for printf() */ #include "getopt_s.h" /* for local getopt() */ #include "rdbx.h" #ifdef ROC_TEST #error "srtp_rdbx_t won't work with ROC_TEST - bitmask same size as seq_median" #endif #include "ut_sim.h" srtp_err_status_t test_replay_dbx(int num_trials, unsigned long ws); double rdbx_check_adds_per_second(int num_trials, unsigned long ws); void usage(char *prog_name) { printf("usage: %s [ -t | -v ]\n", prog_name); exit(255); } int main (int argc, char *argv[]) { double rate; srtp_err_status_t status; int q; unsigned do_timing_test = 0; unsigned do_validation = 0; /* process input arguments */ while (1) { q = getopt_s(argc, argv, "tv"); if (q == -1) break; switch (q) { case 't': do_timing_test = 1; break; case 'v': do_validation = 1; break; default: usage(argv[0]); } } printf("rdbx (replay database w/ extended range) test driver\n" "David A. McGrew\n" "Cisco Systems, Inc.\n"); if (!do_validation && !do_timing_test) usage(argv[0]); if (do_validation) { printf("testing srtp_rdbx_t (ws=128)...\n"); status = test_replay_dbx(1 << 12, 128); if (status) { printf("failed\n"); exit(1); } printf("passed\n"); printf("testing srtp_rdbx_t (ws=1024)...\n"); status = test_replay_dbx(1 << 12, 1024); if (status) { printf("failed\n"); exit(1); } printf("passed\n"); } if (do_timing_test) { rate = rdbx_check_adds_per_second(1 << 18, 128); printf("rdbx_check/replay_adds per second (ws=128): %e\n", rate); rate = rdbx_check_adds_per_second(1 << 18, 1024); printf("rdbx_check/replay_adds per second (ws=1024): %e\n", rate); } return 0; } void print_rdbx(srtp_rdbx_t *rdbx) { char buf[2048]; printf("rdbx: {%llu, %s}\n", (unsigned long long)(rdbx->index), bitvector_bit_string(&rdbx->bitmask, buf, sizeof(buf)) ); } /* * rdbx_check_add(rdbx, idx) checks a known-to-be-good idx against * rdbx, then adds it. if a failure is detected (i.e., the check * indicates that the value is already in rdbx) then * srtp_err_status_algo_fail is returned. * */ srtp_err_status_t rdbx_check_add(srtp_rdbx_t *rdbx, uint32_t idx) { int delta; srtp_xtd_seq_num_t est; delta = srtp_index_guess(&rdbx->index, &est, idx); if (srtp_rdbx_check(rdbx, delta) != srtp_err_status_ok) { printf("replay_check failed at index %u\n", idx); return srtp_err_status_algo_fail; } /* * in practice, we'd authenticate the packet containing idx, using * the estimated value est, at this point */ if (srtp_rdbx_add_index(rdbx, delta) != srtp_err_status_ok) { printf("rdbx_add_index failed at index %u\n", idx); return srtp_err_status_algo_fail; } return srtp_err_status_ok; } /* * rdbx_check_expect_failure(srtp_rdbx_t *rdbx, uint32_t idx) * * checks that a sequence number idx is in the replay database * and thus will be rejected */ srtp_err_status_t rdbx_check_expect_failure(srtp_rdbx_t *rdbx, uint32_t idx) { int delta; srtp_xtd_seq_num_t est; srtp_err_status_t status; delta = srtp_index_guess(&rdbx->index, &est, idx); status = srtp_rdbx_check(rdbx, delta); if (status == srtp_err_status_ok) { printf("delta: %d ", delta); printf("replay_check failed at index %u (false positive)\n", idx); return srtp_err_status_algo_fail; } return srtp_err_status_ok; } srtp_err_status_t rdbx_check_add_unordered(srtp_rdbx_t *rdbx, uint32_t idx) { int delta; srtp_xtd_seq_num_t est; srtp_err_status_t rstat; delta = srtp_index_guess(&rdbx->index, &est, idx); rstat = srtp_rdbx_check(rdbx, delta); if ((rstat != srtp_err_status_ok) && (rstat != srtp_err_status_replay_old)) { printf("replay_check_add_unordered failed at index %u\n", idx); return srtp_err_status_algo_fail; } if (rstat == srtp_err_status_replay_old) { return srtp_err_status_ok; } if (srtp_rdbx_add_index(rdbx, delta) != srtp_err_status_ok) { printf("rdbx_add_index failed at index %u\n", idx); return srtp_err_status_algo_fail; } return srtp_err_status_ok; } srtp_err_status_t test_replay_dbx(int num_trials, unsigned long ws) { srtp_rdbx_t rdbx; uint32_t idx, ircvd; ut_connection utc; srtp_err_status_t status; int num_fp_trials; status = srtp_rdbx_init(&rdbx, ws); if (status) { printf("replay_init failed with error code %d\n", status); exit(1); } /* * test sequential insertion */ printf("\ttesting sequential insertion..."); for (idx=0; (int) idx < num_trials; idx++) { status = rdbx_check_add(&rdbx, idx); if (status) return status; } printf("passed\n"); /* * test for false positives by checking all of the index * values which we've just added * * note that we limit the number of trials here, since allowing the * rollover counter to roll over would defeat this test */ num_fp_trials = num_trials % 0x10000; if (num_fp_trials == 0) { printf("warning: no false positive tests performed\n"); } printf("\ttesting for false positives..."); for (idx=0; (int) idx < num_fp_trials; idx++) { status = rdbx_check_expect_failure(&rdbx, idx); if (status) return status; } printf("passed\n"); /* re-initialize */ srtp_rdbx_dealloc(&rdbx); if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) { printf("replay_init failed\n"); return srtp_err_status_init_fail; } /* * test non-sequential insertion * * this test covers only fase negatives, since the values returned * by ut_next_index(...) are distinct */ ut_init(&utc); printf("\ttesting non-sequential insertion..."); for (idx=0; (int) idx < num_trials; idx++) { ircvd = ut_next_index(&utc); status = rdbx_check_add_unordered(&rdbx, ircvd); if (status) return status; status = rdbx_check_expect_failure(&rdbx, ircvd); if (status) return status; } printf("passed\n"); /* re-initialize */ srtp_rdbx_dealloc(&rdbx); if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) { printf("replay_init failed\n"); return srtp_err_status_init_fail; } /* * test insertion with large gaps. * check for false positives for each insertion. */ printf("\ttesting insertion with large gaps..."); for (idx=0, ircvd=0; (int) idx < num_trials; idx++, ircvd += (1 << (rand() % 12))) { status = rdbx_check_add(&rdbx, ircvd); if (status) return status; status = rdbx_check_expect_failure(&rdbx, ircvd); if (status) return status; } printf("passed\n"); srtp_rdbx_dealloc(&rdbx); return srtp_err_status_ok; } #include <time.h> /* for clock() */ #include <stdlib.h> /* for random() */ double rdbx_check_adds_per_second(int num_trials, unsigned long ws) { uint32_t i; int delta; srtp_rdbx_t rdbx; srtp_xtd_seq_num_t est; clock_t timer; int failures; /* count number of failures */ if (srtp_rdbx_init(&rdbx, ws) != srtp_err_status_ok) { printf("replay_init failed\n"); exit(1); } failures = 0; timer = clock(); for(i=0; (int) i < num_trials; i++) { delta = srtp_index_guess(&rdbx.index, &est, i); if (srtp_rdbx_check(&rdbx, delta) != srtp_err_status_ok) ++failures; else if (srtp_rdbx_add_index(&rdbx, delta) != srtp_err_status_ok) ++failures; } timer = clock() - timer; printf("number of failures: %d \n", failures); srtp_rdbx_dealloc(&rdbx); return (double) CLOCKS_PER_SEC * num_trials / timer; } �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/test/replay_driver.c������������������������������������������������������������������0000664�0000000�0000000�00000016617�13120311000�0017153�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * replay_driver.c * * A driver for the replay_database implementation * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include <stdio.h> #include "rdb.h" #include "ut_sim.h" /* * num_trials defines the number of trials that are used in the * validation functions below */ unsigned num_trials = 1 << 16; srtp_err_status_t test_rdb_db(void); double rdb_check_adds_per_second(void); int main (void) { srtp_err_status_t err; printf("testing anti-replay database (srtp_rdb_t)...\n"); err = test_rdb_db(); if (err) { printf("failed\n"); exit(1); } printf("done\n"); printf("rdb_check/rdb_adds per second: %e\n", rdb_check_adds_per_second()); return 0; } void print_rdb(srtp_rdb_t *rdb) { printf("rdb: {%u, %s}\n", rdb->window_start, v128_bit_string(&rdb->bitmask)); } srtp_err_status_t rdb_check_add(srtp_rdb_t *rdb, uint32_t idx) { if (srtp_rdb_check(rdb, idx) != srtp_err_status_ok) { printf("rdb_check failed at index %u\n", idx); return srtp_err_status_fail; } if (srtp_rdb_add_index(rdb, idx) != srtp_err_status_ok) { printf("rdb_add_index failed at index %u\n", idx); return srtp_err_status_fail; } return srtp_err_status_ok; } srtp_err_status_t rdb_check_expect_failure(srtp_rdb_t *rdb, uint32_t idx) { srtp_err_status_t err; err = srtp_rdb_check(rdb, idx); if ((err != srtp_err_status_replay_old) && (err != srtp_err_status_replay_fail)) { printf("rdb_check failed at index %u (false positive)\n", idx); return srtp_err_status_fail; } return srtp_err_status_ok; } srtp_err_status_t rdb_check_add_unordered(srtp_rdb_t *rdb, uint32_t idx) { srtp_err_status_t rstat; /* printf("index: %u\n", idx); */ rstat = srtp_rdb_check(rdb, idx); if ((rstat != srtp_err_status_ok) && (rstat != srtp_err_status_replay_old)) { printf("rdb_check_add_unordered failed at index %u\n", idx); return rstat; } if (rstat == srtp_err_status_replay_old) { return srtp_err_status_ok; } if (srtp_rdb_add_index(rdb, idx) != srtp_err_status_ok) { printf("rdb_add_index failed at index %u\n", idx); return srtp_err_status_fail; } return srtp_err_status_ok; } srtp_err_status_t test_rdb_db() { srtp_rdb_t rdb; uint32_t idx, ircvd; ut_connection utc; srtp_err_status_t err; if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { printf("rdb_init failed\n"); return srtp_err_status_init_fail; } /* test sequential insertion */ for (idx=0; idx < num_trials; idx++) { err = rdb_check_add(&rdb, idx); if (err) return err; } /* test for false positives */ for (idx=0; idx < num_trials; idx++) { err = rdb_check_expect_failure(&rdb, idx); if (err) return err; } /* re-initialize */ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { printf("rdb_init failed\n"); return srtp_err_status_fail; } /* test non-sequential insertion */ ut_init(&utc); for (idx=0; idx < num_trials; idx++) { ircvd = ut_next_index(&utc); err = rdb_check_add_unordered(&rdb, ircvd); if (err) return err; err = rdb_check_expect_failure(&rdb, ircvd); if (err) return err; } /* re-initialize */ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { printf("rdb_init failed\n"); return srtp_err_status_fail; } /* test insertion with large gaps */ for (idx=0, ircvd=0; idx < num_trials; idx++, ircvd += (1 << (rand() % 10))) { err = rdb_check_add(&rdb, ircvd); if (err) return err; err = rdb_check_expect_failure(&rdb, ircvd); if (err) return err; } /* re-initialize */ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { printf("rdb_init failed\n"); return srtp_err_status_fail; } /* test loss of first 513 packets */ for (idx=0; idx < num_trials; idx++) { err = rdb_check_add(&rdb, idx + 513); if (err) return err; } /* test for false positives */ for (idx=0; idx < num_trials + 513; idx++) { err = rdb_check_expect_failure(&rdb, idx); if (err) return err; } /* test for key expired */ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { printf("rdb_init failed\n"); return srtp_err_status_fail; } rdb.window_start = 0x7ffffffe; if (srtp_rdb_increment(&rdb) != srtp_err_status_ok) { printf("srtp_rdb_increment of 0x7ffffffe failed\n"); return srtp_err_status_fail; } if (srtp_rdb_get_value(&rdb) != 0x7fffffff) { printf("rdb valiue was not 0x7fffffff\n"); return srtp_err_status_fail; } if (srtp_rdb_increment(&rdb) != srtp_err_status_key_expired) { printf("srtp_rdb_increment of 0x7fffffff did not return srtp_err_status_key_expired\n"); return srtp_err_status_fail; } if (srtp_rdb_get_value(&rdb) != 0x7fffffff) { printf("rdb valiue was not 0x7fffffff\n"); return srtp_err_status_fail; } return srtp_err_status_ok; } #include <time.h> /* for clock() */ #include <stdlib.h> /* for random() */ #define REPLAY_NUM_TRIALS 10000000 double rdb_check_adds_per_second(void) { uint32_t i; srtp_rdb_t rdb; clock_t timer; int failures = 0; /* count number of failures */ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { printf("rdb_init failed\n"); exit(1); } timer = clock(); for(i=0; i < REPLAY_NUM_TRIALS; i+=3) { if (srtp_rdb_check(&rdb, i+2) != srtp_err_status_ok) ++failures; if (srtp_rdb_add_index(&rdb, i+2) != srtp_err_status_ok) ++failures; if (srtp_rdb_check(&rdb, i+1) != srtp_err_status_ok) ++failures; if (srtp_rdb_add_index(&rdb, i+1) != srtp_err_status_ok) ++failures; if (srtp_rdb_check(&rdb, i) != srtp_err_status_ok) ++failures; if (srtp_rdb_add_index(&rdb, i) != srtp_err_status_ok) ++failures; } timer = clock() - timer; return (double) CLOCKS_PER_SEC * REPLAY_NUM_TRIALS / timer; } �����������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/test/roc_driver.c���������������������������������������������������������������������0000664�0000000�0000000�00000011172�13120311000�0016431�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * roc_driver.c * * test driver for rollover counter replay implementation * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include <stdio.h> /* * defining ROC_TEST causes small datatypes to be used in * srtp_xtd_seq_num_t - this allows the functions to be exhaustively tested. */ #if ROC_NEEDS_TO_BE_TESTED #define ROC_TEST #endif #include "rdbx.h" #include "ut_sim.h" srtp_err_status_t roc_test(int num_trials); int main (void) { srtp_err_status_t status; printf("rollover counter test driver\n" "David A. McGrew\n" "Cisco Systems, Inc.\n"); printf("testing index functions..."); status = roc_test(1 << 18); if (status) { printf("failed\n"); exit(status); } printf("passed\n"); return 0; } #define ROC_VERBOSE 0 srtp_err_status_t roc_test(int num_trials) { srtp_xtd_seq_num_t local, est, ref; ut_connection utc; int i, num_bad_est = 0; int delta; uint32_t ircvd; double failure_rate; srtp_index_init(&local); srtp_index_init(&ref); srtp_index_init(&est); printf("\n\ttesting sequential insertion..."); for (i=0; i < 2048; i++) { delta = srtp_index_guess(&local, &est, (uint16_t) ref); #if ROC_VERBOSE printf("%lld, %lld, %d\n", ref, est, i); #endif if (ref != est) { #if ROC_VERBOSE printf(" *bad estimate*\n"); #endif ++num_bad_est; } srtp_index_advance(&ref, 1); } failure_rate = (double) num_bad_est / num_trials; if (failure_rate > 0.01) { printf("error: failure rate too high (%d bad estimates in %d trials)\n", num_bad_est, num_trials); return srtp_err_status_algo_fail; } printf("done\n"); printf("\ttesting non-sequential insertion..."); srtp_index_init(&local); srtp_index_init(&ref); srtp_index_init(&est); ut_init(&utc); for (i=0; i < num_trials; i++) { /* get next seq num from unreliable transport simulator */ ircvd = ut_next_index(&utc); /* set ref to value of ircvd */ ref = ircvd; /* estimate index based on low bits of ircvd */ delta = srtp_index_guess(&local, &est, (uint16_t) ref); #if ROC_VERBOSE printf("ref: %lld, local: %lld, est: %lld, ircvd: %d, delta: %d\n", ref, local, est, ircvd, delta); #endif if (local + delta != est) { printf(" *bad delta*: local %llu + delta %d != est %llu\n", (unsigned long long)local, delta, (unsigned long long)est); return srtp_err_status_algo_fail; } /* now update local srtp_xtd_seq_num_t as necessary */ if (delta > 0) srtp_index_advance(&local, delta); if (ref != est) { #if ROC_VERBOSE printf(" *bad estimate*\n"); #endif /* record failure event */ ++num_bad_est; /* reset local value to correct value */ local = ref; } } failure_rate = (double) num_bad_est / num_trials; if (failure_rate > 0.01) { printf("error: failure rate too high (%d bad estimates in %d trials)\n", num_bad_est, num_trials); return srtp_err_status_algo_fail; } printf("done\n"); return srtp_err_status_ok; } ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/test/rtp.c����������������������������������������������������������������������������0000664�0000000�0000000�00000014044�13120311000�0015101�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * rtp.c * * library functions for the real-time transport protocol * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include "rtp.h" #include <stdio.h> #include <string.h> #include <sys/types.h> #ifdef HAVE_SYS_SOCKET_H # include <sys/socket.h> #endif #define PRINT_DEBUG 0 /* set to 1 to print out debugging data */ #define VERBOSE_DEBUG 0 /* set to 1 to print out more data */ int rtp_sendto(rtp_sender_t sender, const void* msg, int len) { int octets_sent; srtp_err_status_t stat; int pkt_len = len + RTP_HEADER_LEN; /* marshal data */ strncpy(sender->message.body, msg, len); /* update header */ sender->message.header.seq = ntohs(sender->message.header.seq) + 1; sender->message.header.seq = htons(sender->message.header.seq); sender->message.header.ts = ntohl(sender->message.header.ts) + 1; sender->message.header.ts = htonl(sender->message.header.ts); /* apply srtp */ stat = srtp_protect(sender->srtp_ctx, &sender->message.header, &pkt_len); if (stat) { #if PRINT_DEBUG fprintf(stderr, "error: srtp protection failed with code %d\n", stat); #endif return -1; } #if VERBOSE_DEBUG srtp_print_packet(&sender->message.header, pkt_len); #endif octets_sent = sendto(sender->socket, (void*)&sender->message, pkt_len, 0, (struct sockaddr *)&sender->addr, sizeof (struct sockaddr_in)); if (octets_sent != pkt_len) { #if PRINT_DEBUG fprintf(stderr, "error: couldn't send message %s", (char *)msg); perror(""); #endif } return octets_sent; } int rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len) { int octets_recvd; srtp_err_status_t stat; octets_recvd = recvfrom(receiver->socket, (void *)&receiver->message, *len, 0, (struct sockaddr *) NULL, 0); if (octets_recvd == -1) { *len = 0; return -1; } /* verify rtp header */ if (receiver->message.header.version != 2) { *len = 0; return -1; } #if PRINT_DEBUG fprintf(stderr, "%d octets received from SSRC %u\n", octets_recvd, receiver->message.header.ssrc); #endif #if VERBOSE_DEBUG srtp_print_packet(&receiver->message.header, octets_recvd); #endif /* apply srtp */ stat = srtp_unprotect(receiver->srtp_ctx, &receiver->message.header, &octets_recvd); if (stat) { fprintf(stderr, "error: srtp unprotection failed with code %d%s\n", stat, stat == srtp_err_status_replay_fail ? " (replay check failed)" : stat == srtp_err_status_auth_fail ? " (auth check failed)" : ""); return -1; } strncpy(msg, receiver->message.body, octets_recvd); return octets_recvd; } int rtp_sender_init(rtp_sender_t sender, int sock, struct sockaddr_in addr, unsigned int ssrc) { /* set header values */ sender->message.header.ssrc = htonl(ssrc); sender->message.header.ts = 0; sender->message.header.seq = (uint16_t) rand(); sender->message.header.m = 0; sender->message.header.pt = 0x1; sender->message.header.version = 2; sender->message.header.p = 0; sender->message.header.x = 0; sender->message.header.cc = 0; /* set other stuff */ sender->socket = sock; sender->addr = addr; return 0; } int rtp_receiver_init(rtp_receiver_t rcvr, int sock, struct sockaddr_in addr, unsigned int ssrc) { /* set header values */ rcvr->message.header.ssrc = htonl(ssrc); rcvr->message.header.ts = 0; rcvr->message.header.seq = 0; rcvr->message.header.m = 0; rcvr->message.header.pt = 0x1; rcvr->message.header.version = 2; rcvr->message.header.p = 0; rcvr->message.header.x = 0; rcvr->message.header.cc = 0; /* set other stuff */ rcvr->socket = sock; rcvr->addr = addr; return 0; } int rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy) { return srtp_create(&sender->srtp_ctx, policy); } int rtp_sender_deinit_srtp(rtp_sender_t sender) { return srtp_dealloc(sender->srtp_ctx); } int rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy) { return srtp_create(&sender->srtp_ctx, policy); } int rtp_receiver_deinit_srtp(rtp_receiver_t sender) { return srtp_dealloc(sender->srtp_ctx); } rtp_sender_t rtp_sender_alloc(void) { return (rtp_sender_t)malloc(sizeof(rtp_sender_ctx_t)); } void rtp_sender_dealloc(rtp_sender_t rtp_ctx) { free(rtp_ctx); } rtp_receiver_t rtp_receiver_alloc(void) { return (rtp_receiver_t)malloc(sizeof(rtp_receiver_ctx_t)); } void rtp_receiver_dealloc(rtp_receiver_t rtp_ctx) { free(rtp_ctx); } ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/test/rtp.h����������������������������������������������������������������������������0000664�0000000�0000000�00000010446�13120311000�0015110�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * rtp.h * * rtp interface for srtp reference implementation * * David A. McGrew * Cisco Systems, Inc. * * data types: * * rtp_msg_t an rtp message (the data that goes on the wire) * rtp_sender_t sender side socket and rtp info * rtp_receiver_t receiver side socket and rtp info * */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef SRTP_RTP_H #define SRTP_RTP_H #ifdef HAVE_NETINET_IN_H # include <netinet/in.h> #elif defined HAVE_WINSOCK2_H # include <winsock2.h> #endif #include "srtp_priv.h" #ifdef __cplusplus extern "C" { #endif /* * RTP_HEADER_LEN indicates the size of an RTP header */ #define RTP_HEADER_LEN 12 /* * RTP_MAX_BUF_LEN defines the largest RTP packet in the rtp.c implementation */ #define RTP_MAX_BUF_LEN 16384 typedef srtp_hdr_t rtp_hdr_t; typedef struct { srtp_hdr_t header; char body[RTP_MAX_BUF_LEN]; } rtp_msg_t; typedef struct rtp_sender_ctx_t { rtp_msg_t message; int socket; srtp_ctx_t *srtp_ctx; struct sockaddr_in addr; /* reciever's address */ } rtp_sender_ctx_t; typedef struct rtp_receiver_ctx_t { rtp_msg_t message; int socket; srtp_ctx_t *srtp_ctx; struct sockaddr_in addr; /* receiver's address */ } rtp_receiver_ctx_t; typedef struct rtp_sender_ctx_t *rtp_sender_t; typedef struct rtp_receiver_ctx_t *rtp_receiver_t; int rtp_sendto(rtp_sender_t sender, const void* msg, int len); int rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len); int rtp_receiver_init(rtp_receiver_t rcvr, int sock, struct sockaddr_in addr, unsigned int ssrc); int rtp_sender_init(rtp_sender_t sender, int sock, struct sockaddr_in addr, unsigned int ssrc); /* * srtp_sender_init(...) initializes an rtp_sender_t */ int srtp_sender_init(rtp_sender_t rtp_ctx, /* structure to be init'ed */ struct sockaddr_in name, /* socket name */ srtp_sec_serv_t security_services, /* sec. servs. to be used */ unsigned char *input_key /* master key/salt in hex */ ); int srtp_receiver_init(rtp_receiver_t rtp_ctx, /* structure to be init'ed */ struct sockaddr_in name, /* socket name */ srtp_sec_serv_t security_services, /* sec. servs. to be used */ unsigned char *input_key /* master key/salt in hex */ ); int rtp_sender_init_srtp(rtp_sender_t sender, const srtp_policy_t *policy); int rtp_sender_deinit_srtp(rtp_sender_t sender); int rtp_receiver_init_srtp(rtp_receiver_t sender, const srtp_policy_t *policy); int rtp_receiver_deinit_srtp(rtp_receiver_t sender); rtp_sender_t rtp_sender_alloc(void); void rtp_sender_dealloc(rtp_sender_t rtp_ctx); rtp_receiver_t rtp_receiver_alloc(void); void rtp_receiver_dealloc(rtp_receiver_t rtp_ctx); #ifdef __cplusplus } #endif #endif /* SRTP_RTP_H */ ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/test/rtp_decoder.c��������������������������������������������������������������������0000664�0000000�0000000�00000036731�13120311000�0016575�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * rtp_decoder.c * * decoder structures and functions for SRTP pcap decoder * * Example: * $ wget --no-check-certificate https://raw.githubusercontent.com/gteissier/srtp-decrypt/master/marseillaise-srtp.pcap * $ ./test/rtp_decoder -a -t 10 -e 128 -b aSBrbm93IGFsbCB5b3VyIGxpdHRsZSBzZWNyZXRz \ * < ~/marseillaise-srtp.pcap | text2pcap -t "%M:%S." -u 10000,10000 - - > ./marseillaise-rtp.pcap * * There is also a different way of setting up key size and tag size * based upon RFC 4568 crypto suite specification, i.e.: * * $ ./test/rtp_decoder -s AES_CM_128_HMAC_SHA1_80 -b aSBrbm93IGFsbCB5b3VyIGxpdHRsZSBzZWNyZXRz ... * * Audio can be extracted using extractaudio utility from the RTPproxy * package: * * $ extractaudio -A ./marseillaise-rtp.pcap ./marseillaise-out.wav * * Bernardo Torres <bernardo@torresautomacao.com.br> * * Some structure and code from https://github.com/gteissier/srtp-decrypt */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include "getopt_s.h" /* for local getopt() */ #include <assert.h> /* for assert() */ #include <pcap.h> #include "rtp_decoder.h" #include "util.h" #define MAX_KEY_LEN 96 #define MAX_FILTER 256 struct srtp_crypto_suite { const char *can_name; int key_size; int tag_size; }; static struct srtp_crypto_suite srtp_crypto_suites[] = { {.can_name = "AES_CM_128_HMAC_SHA1_32", .key_size = 128, .tag_size = 4}, #if 0 {.can_name = "F8_128_HMAC_SHA1_32", .key_size = 128, .tag_size = 4}, #endif {.can_name = "AES_CM_128_HMAC_SHA1_32", .key_size = 128, .tag_size = 4}, {.can_name = "AES_CM_128_HMAC_SHA1_80", .key_size = 128, .tag_size = 10}, {.can_name = NULL} }; int main (int argc, char *argv[]) { char errbuf[PCAP_ERRBUF_SIZE]; bpf_u_int32 pcap_net = 0; pcap_t *pcap_handle; #if BEW struct sockaddr_in local; #endif srtp_sec_serv_t sec_servs = sec_serv_none; int c; struct srtp_crypto_suite scs, *i_scsp; scs.key_size = 128; scs.tag_size = 8; int gcm_on = 0; char *input_key = NULL; int b64_input = 0; char key[MAX_KEY_LEN]; struct bpf_program fp; char filter_exp[MAX_FILTER] = ""; rtp_decoder_t dec; srtp_policy_t policy; srtp_err_status_t status; int len; int expected_len; int do_list_mods = 0; fprintf(stderr, "Using %s [0x%x]\n", srtp_get_version_string(), srtp_get_version()); /* initialize srtp library */ status = srtp_init(); if (status) { fprintf(stderr, "error: srtp initialization failed with error code %d\n", status); exit(1); } /* check args */ while (1) { c = getopt_s(argc, argv, "b:k:gt:ae:ld:f:s:"); if (c == -1) { break; } switch (c) { case 'b': b64_input = 1; /* fall thru */ case 'k': input_key = optarg_s; break; case 'e': scs.key_size = atoi(optarg_s); if (scs.key_size != 128 && scs.key_size != 256) { fprintf(stderr, "error: encryption key size must be 128 or 256 (%d)\n", scs.key_size); exit(1); } input_key = malloc(scs.key_size); sec_servs |= sec_serv_conf; break; case 't': scs.tag_size = atoi(optarg_s); break; case 'a': sec_servs |= sec_serv_auth; break; case 'g': gcm_on = 1; sec_servs |= sec_serv_auth; break; case 'd': status = srtp_crypto_kernel_set_debug_module(optarg_s, 1); if (status) { fprintf(stderr, "error: set debug module (%s) failed\n", optarg_s); exit(1); } break; case 'f': if(strlen(optarg_s) > MAX_FILTER){ fprintf(stderr, "error: filter bigger than %d characters\n", MAX_FILTER); exit(1); } fprintf(stderr, "Setting filter as %s\n", optarg_s); strcpy(filter_exp, optarg_s); break; case 'l': do_list_mods = 1; break; case 's': for (i_scsp = &srtp_crypto_suites[0]; i_scsp->can_name != NULL; i_scsp++) { if (strcasecmp(i_scsp->can_name, optarg_s) == 0) { break; } } if (i_scsp->can_name == NULL) { fprintf(stderr, "Unknown/unsupported crypto suite name %s\n", optarg_s); exit(1); } scs = *i_scsp; input_key = malloc(scs.key_size); sec_servs |= sec_serv_conf | sec_serv_auth; break; default: usage(argv[0]); } } if (gcm_on && scs.tag_size != 8 && scs.tag_size != 16) { fprintf(stderr, "error: GCM tag size must be 8 or 16 (%d)\n", scs.tag_size); //exit(1); } if (do_list_mods) { status = srtp_crypto_kernel_list_debug_modules(); if (status) { fprintf(stderr, "error: list of debug modules failed\n"); exit(1); } return 0; } if ((sec_servs && !input_key) || (!sec_servs && input_key)) { /* * a key must be provided if and only if security services have * been requested */ if(input_key == NULL){ fprintf(stderr, "key not provided\n"); } if(!sec_servs){ fprintf(stderr, "no secservs\n"); } fprintf(stderr, "provided\n"); usage(argv[0]); } /* report security services selected on the command line */ fprintf(stderr, "security services: "); if (sec_servs & sec_serv_conf) fprintf(stderr, "confidentiality "); if (sec_servs & sec_serv_auth) fprintf(stderr, "message authentication"); if (sec_servs == sec_serv_none) fprintf(stderr, "none"); fprintf(stderr, "\n"); /* set up the srtp policy and master key */ if (sec_servs) { /* * create policy structure, using the default mechanisms but * with only the security services requested on the command line, * using the right SSRC value */ switch (sec_servs) { case sec_serv_conf_and_auth: if (gcm_on) { #ifdef OPENSSL switch (scs.key_size) { case 128: srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp); srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp); break; case 256: srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp); srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp); break; } #else fprintf(stderr, "error: GCM mode only supported when using the OpenSSL crypto engine.\n"); return 0; #endif } else { switch (scs.key_size) { case 128: srtp_crypto_policy_set_rtp_default(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); break; case 256: srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); break; } } break; case sec_serv_conf: if (gcm_on) { fprintf(stderr, "error: GCM mode must always be used with auth enabled\n"); return -1; } else { switch (scs.key_size) { case 128: srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); break; case 256: srtp_crypto_policy_set_aes_cm_256_null_auth(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); break; } } break; case sec_serv_auth: if (gcm_on) { #ifdef OPENSSL switch (scs.key_size) { case 128: srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp); srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp); break; case 256: srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp); srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp); break; } #else printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n"); return 0; #endif } else { srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); } break; default: fprintf(stderr, "error: unknown security service requested\n"); return -1; } policy.key = (uint8_t *) key; policy.ekt = NULL; policy.next = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.rtp.sec_serv = sec_servs; policy.rtcp.sec_serv = sec_servs; //sec_serv_none; /* we don't do RTCP anyway */ fprintf(stderr, "setting tag len %d\n", scs.tag_size); policy.rtp.auth_tag_len = scs.tag_size; if (gcm_on && scs.tag_size != 8) { fprintf(stderr, "setted tag len %d\n", scs.tag_size); policy.rtp.auth_tag_len = scs.tag_size; } /* * read key from hexadecimal or base64 on command line into an octet string */ if (b64_input) { int pad; expected_len = policy.rtp.cipher_key_len*4/3; len = base64_string_to_octet_string(key, &pad, input_key, expected_len); if (pad != 0) { fprintf(stderr, "error: padding in base64 unexpected\n"); exit(1); } } else { expected_len = policy.rtp.cipher_key_len*2; len = hex_string_to_octet_string(key, input_key, expected_len); } /* check that hex string is the right length */ if (len < expected_len) { fprintf(stderr, "error: too few digits in key/salt " "(should be %d digits, found %d)\n", expected_len, len); exit(1); } if (strlen(input_key) > policy.rtp.cipher_key_len*2) { fprintf(stderr, "error: too many digits in key/salt " "(should be %d hexadecimal digits, found %u)\n", policy.rtp.cipher_key_len*2, (unsigned)strlen(input_key)); exit(1); } fprintf(stderr, "set master key/salt to %s/", octet_string_hex_string(key, 16)); fprintf(stderr, "%s\n", octet_string_hex_string(key+16, 14)); } else { fprintf(stderr, "error: neither encryption or authentication were selected"); exit(1); } pcap_handle = pcap_open_offline("-", errbuf); if (!pcap_handle) { fprintf(stderr, "libpcap failed to open file '%s'\n", errbuf); exit(1); } assert(pcap_handle != NULL); if ((pcap_compile(pcap_handle, &fp, filter_exp, 1, pcap_net)) == -1) { fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(pcap_handle)); return (2); } if (pcap_setfilter(pcap_handle, &fp) == -1) { fprintf(stderr, "couldn't install filter %s: %s\n", filter_exp, pcap_geterr(pcap_handle)); return (2); } dec = rtp_decoder_alloc(); if (dec == NULL) { fprintf(stderr, "error: malloc() failed\n"); exit(1); } fprintf(stderr, "Starting decoder\n"); rtp_decoder_init(dec, policy); pcap_loop(pcap_handle, 0, rtp_decoder_handle_pkt, (u_char *)dec); rtp_decoder_deinit_srtp(dec); rtp_decoder_dealloc(dec); status = srtp_shutdown(); if (status) { fprintf(stderr, "error: srtp shutdown failed with error code %d\n", status); exit(1); } return 0; } void usage(char *string) { fprintf(stderr, "usage: %s [-d <debug>]* [[-k][-b] <key> [-a][-e]]\n" "or %s -l\n" "where -a use message authentication\n" " -e <key size> use encryption (use 128 or 256 for key size)\n" " -g Use AES-GCM mode (must be used with -e)\n" " -t <tag size> Tag size to use (in GCM mode use 8 or 16)\n" " -k <key> sets the srtp master key given in hexadecimal\n" " -b <key> sets the srtp master key given in base64\n" " -l list debug modules\n" " -f \"<pcap filter>\" to filter only the desired SRTP packets\n" " -d <debug> turn on debugging for module <debug>\n" " -s \"<srtp-crypto-suite>\" to set both key and tag size based\n" " on RFC4568-style crypto suite specification\n", string, string); exit(1); } rtp_decoder_t rtp_decoder_alloc(void) { return (rtp_decoder_t)malloc(sizeof(rtp_decoder_ctx_t)); } void rtp_decoder_dealloc(rtp_decoder_t rtp_ctx) { free(rtp_ctx); } srtp_err_status_t rtp_decoder_init_srtp(rtp_decoder_t decoder, unsigned int ssrc) { decoder->policy.ssrc.value = htonl(ssrc); return srtp_create(&decoder->srtp_ctx, &decoder->policy); } int rtp_decoder_deinit_srtp(rtp_decoder_t decoder) { return srtp_dealloc(decoder->srtp_ctx); } int rtp_decoder_init(rtp_decoder_t dcdr, srtp_policy_t policy) { dcdr->rtp_offset = DEFAULT_RTP_OFFSET; dcdr->srtp_ctx = NULL; dcdr->start_tv.tv_usec = 0; dcdr->start_tv.tv_sec = 0; dcdr->frame_nr = -1; dcdr->policy = policy; dcdr->policy.ssrc.type = ssrc_specific; return 0; } /* * decodes key as base64 */ void hexdump(const void *ptr, size_t size) { int i, j; const unsigned char *cptr = ptr; for (i = 0; i < size; i += 16) { fprintf(stdout, "%04x ", i); for (j = 0; j < 16 && i+j < size; j++) { fprintf(stdout, "%02x ", cptr[i+j]); } fprintf(stdout, "\n"); } } void rtp_decoder_handle_pkt(u_char *arg, const struct pcap_pkthdr *hdr, const u_char *bytes) { rtp_decoder_t dcdr = (rtp_decoder_t)arg; int pktsize; struct timeval delta; int octets_recvd; srtp_err_status_t status; dcdr->frame_nr++; if ((dcdr->start_tv.tv_sec == 0) && (dcdr->start_tv.tv_usec == 0)) { dcdr->start_tv = hdr->ts; } if (hdr->caplen < dcdr->rtp_offset) { return; } const void *rtp_packet = bytes + dcdr->rtp_offset; memcpy((void *)&dcdr->message, rtp_packet, hdr->caplen - dcdr->rtp_offset); pktsize = hdr->caplen - dcdr->rtp_offset; octets_recvd = pktsize; if (octets_recvd == -1) { return; } /* verify rtp header */ if (dcdr->message.header.version != 2) { return; } if(dcdr->srtp_ctx == NULL) { status = rtp_decoder_init_srtp(dcdr, dcdr->message.header.ssrc); if (status) { exit(1); } } status = srtp_unprotect(dcdr->srtp_ctx, &dcdr->message, &octets_recvd); if (status) { return; } timersub(&hdr->ts, &dcdr->start_tv, &delta); fprintf(stdout, "%02ld:%02ld.%06ld\n", delta.tv_sec/60, delta.tv_sec%60, (long)delta.tv_usec); hexdump(&dcdr->message, octets_recvd); } void rtp_print_error(srtp_err_status_t status, char *message) { fprintf(stderr, "error: %s %d%s\n", message, status, status == srtp_err_status_replay_fail ? " (replay check failed)" : status == srtp_err_status_bad_param ? " (bad param)" : status == srtp_err_status_no_ctx ? " (no context)" : status == srtp_err_status_cipher_fail ? " (cipher failed)" : status == srtp_err_status_key_expired ? " (key expired)" : status == srtp_err_status_auth_fail ? " (auth check failed)" : ""); } ���������������������������������������libsrtp-2.1.0/test/rtp_decoder.h��������������������������������������������������������������������0000664�0000000�0000000�00000005770�13120311000�0016601�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * rtp_decoder.h * * decoder structures and functions for SRTP pcap decoder * * Bernardo Torres <bernardo@torresautomacao.com.br> * * Some structure and code from https://github.com/gteissier/srtp-decrypt * */ /* * * Copyright (c) 2001-2017 Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef RTP_DECODER_H #define RTP_DECODER_H #include "srtp_priv.h" #include "rtp.h" #define DEFAULT_RTP_OFFSET 42 typedef struct rtp_decoder_ctx_t { srtp_policy_t policy; srtp_ctx_t *srtp_ctx; int rtp_offset; struct timeval start_tv; int frame_nr; rtp_msg_t message; } rtp_decoder_ctx_t; typedef struct rtp_decoder_ctx_t *rtp_decoder_t; /* * error to string */ void rtp_print_error(srtp_err_status_t status, char *message); /* * prints the output of a random buffer in hexadecimal */ void hexdump(const void *ptr, size_t size); /* * the function usage() prints an error message describing how this * program should be called, then calls exit() */ void usage(char *prog_name); /* * transforms base64 key into octet */ char *decode_sdes(char *in, char *out); /* * pcap handling */ void rtp_decoder_handle_pkt(u_char *arg, const struct pcap_pkthdr *hdr, const u_char *bytes); rtp_decoder_t rtp_decoder_alloc(void); void rtp_decoder_dealloc(rtp_decoder_t rtp_ctx); int rtp_decoder_init(rtp_decoder_t dcdr, srtp_policy_t policy); srtp_err_status_t rtp_decoder_init_srtp(rtp_decoder_t decoder, unsigned int ssrc); int rtp_decoder_deinit_srtp(rtp_decoder_t decoder); #endif /* RTP_DECODER_H */ ��������libsrtp-2.1.0/test/rtpw.c���������������������������������������������������������������������������0000664�0000000�0000000�00000044454�13120311000�0015300�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * rtpw.c * * rtp word sender/receiver * * David A. McGrew * Cisco Systems, Inc. * * This app is a simple RTP application intended only for testing * libsrtp. It reads one word at a time from words.txt (or * whatever file is specified as DICT_FILE), and sends one word out * each USEC_RATE microseconds. Secure RTP protections can be * applied. See the usage() function for more details. * */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include "getopt_s.h" /* for local getopt() */ #include <stdio.h> /* for printf, fprintf */ #include <stdlib.h> /* for atoi() */ #include <errno.h> #include <signal.h> /* for signal() */ #include <string.h> /* for strncpy() */ #include <time.h> /* for usleep() */ #ifdef HAVE_UNISTD_H #include <unistd.h> /* for close() */ #elif defined(_MSC_VER) #include <io.h> /* for _close() */ #define close _close #endif #ifdef HAVE_SYS_SOCKET_H # include <sys/socket.h> #endif #ifdef HAVE_NETINET_IN_H # include <netinet/in.h> #elif defined HAVE_WINSOCK2_H # include <winsock2.h> # include <ws2tcpip.h> # define RTPW_USE_WINSOCK2 1 #endif #ifdef HAVE_ARPA_INET_H # include <arpa/inet.h> #endif #include "srtp.h" #include "rtp.h" #include "util.h" #define DICT_FILE "words.txt" #define USEC_RATE (5e5) #define MAX_WORD_LEN 128 #define ADDR_IS_MULTICAST(a) IN_MULTICAST(htonl(a)) #define MAX_KEY_LEN 96 #ifndef HAVE_USLEEP # ifdef HAVE_WINDOWS_H # define usleep(us) Sleep((us)/1000) # else # define usleep(us) sleep((us)/1000000) # endif #endif /* * the function usage() prints an error message describing how this * program should be called, then calls exit() */ void usage(char *prog_name); /* * leave_group(...) de-registers from a multicast group */ void leave_group(int sock, struct ip_mreq mreq, char *name); /* * setup_signal_handler() sets up a signal handler to trigger * cleanups after an interrupt */ int setup_signal_handler(char* name); /* * handle_signal(...) handles interrupt signal to trigger cleanups */ volatile int interrupted = 0; /* * program_type distinguishes the [s]rtp sender and receiver cases */ typedef enum { sender, receiver, unknown } program_type; int main (int argc, char *argv[]) { char *dictfile = DICT_FILE; FILE *dict; char word[MAX_WORD_LEN]; int sock, ret; struct in_addr rcvr_addr; struct sockaddr_in name; struct ip_mreq mreq; #if BEW struct sockaddr_in local; #endif program_type prog_type = unknown; srtp_sec_serv_t sec_servs = sec_serv_none; unsigned char ttl = 5; int c; int key_size = 128; int tag_size = 8; int gcm_on = 0; char *input_key = NULL; int b64_input = 0; char *address = NULL; char key[MAX_KEY_LEN]; unsigned short port = 0; rtp_sender_t snd; srtp_policy_t policy; srtp_err_status_t status; int len; int expected_len; int do_list_mods = 0; uint32_t ssrc = 0xdeadbeef; /* ssrc value hardcoded for now */ #ifdef RTPW_USE_WINSOCK2 WORD wVersionRequested = MAKEWORD(2, 0); WSADATA wsaData; ret = WSAStartup(wVersionRequested, &wsaData); if (ret != 0) { fprintf(stderr, "error: WSAStartup() failed: %d\n", ret); exit(1); } #endif memset(&policy, 0x0, sizeof(srtp_policy_t)); printf("Using %s [0x%x]\n", srtp_get_version_string(), srtp_get_version()); if (setup_signal_handler(argv[0]) != 0) { exit(1); } /* initialize srtp library */ status = srtp_init(); if (status) { printf("error: srtp initialization failed with error code %d\n", status); exit(1); } /* check args */ while (1) { c = getopt_s(argc, argv, "b:k:rsgt:ae:ld:"); if (c == -1) { break; } switch (c) { case 'b': b64_input = 1; /* fall thru */ case 'k': input_key = optarg_s; break; case 'e': key_size = atoi(optarg_s); if (key_size != 128 && key_size != 256) { printf("error: encryption key size must be 128 or 256 (%d)\n", key_size); exit(1); } sec_servs |= sec_serv_conf; break; case 't': tag_size = atoi(optarg_s); if (tag_size != 8 && tag_size != 16) { printf("error: GCM tag size must be 8 or 16 (%d)\n", tag_size); exit(1); } break; case 'a': sec_servs |= sec_serv_auth; break; case 'g': gcm_on = 1; sec_servs |= sec_serv_auth; break; case 'r': prog_type = receiver; break; case 's': prog_type = sender; break; case 'd': status = srtp_set_debug_module(optarg_s, 1); if (status) { printf("error: set debug module (%s) failed\n", optarg_s); exit(1); } break; case 'l': do_list_mods = 1; break; default: usage(argv[0]); } } if (prog_type == unknown) { if (do_list_mods) { status = srtp_list_debug_modules(); if (status) { printf("error: list of debug modules failed\n"); exit(1); } return 0; } else { printf("error: neither sender [-s] nor receiver [-r] specified\n"); usage(argv[0]); } } if ((sec_servs && !input_key) || (!sec_servs && input_key)) { /* * a key must be provided if and only if security services have * been requested */ usage(argv[0]); } if (argc != optind_s + 2) { /* wrong number of arguments */ usage(argv[0]); } /* get address from arg */ address = argv[optind_s++]; /* get port from arg */ port = atoi(argv[optind_s++]); /* set address */ #ifdef HAVE_INET_ATON if (0 == inet_aton(address, &rcvr_addr)) { fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0], address); exit(1); } if (rcvr_addr.s_addr == INADDR_NONE) { fprintf(stderr, "%s: address error", argv[0]); exit(1); } #else rcvr_addr.s_addr = inet_addr(address); if (0xffffffff == rcvr_addr.s_addr) { fprintf(stderr, "%s: cannot parse IP v4 address %s\n", argv[0], address); exit(1); } #endif /* open socket */ sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); if (sock < 0) { int err; #ifdef RTPW_USE_WINSOCK2 err = WSAGetLastError(); #else err = errno; #endif fprintf(stderr, "%s: couldn't open socket: %d\n", argv[0], err); exit(1); } name.sin_addr = rcvr_addr; name.sin_family = PF_INET; name.sin_port = htons(port); if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { if (prog_type == sender) { ret = setsockopt(sock, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, sizeof(ttl)); if (ret < 0) { fprintf(stderr, "%s: Failed to set TTL for multicast group", argv[0]); perror(""); exit(1); } } mreq.imr_multiaddr.s_addr = rcvr_addr.s_addr; mreq.imr_interface.s_addr = htonl(INADDR_ANY); ret = setsockopt(sock, IPPROTO_IP, IP_ADD_MEMBERSHIP, (void*)&mreq, sizeof(mreq)); if (ret < 0) { fprintf(stderr, "%s: Failed to join multicast group", argv[0]); perror(""); exit(1); } } /* report security services selected on the command line */ printf("security services: "); if (sec_servs & sec_serv_conf) printf("confidentiality "); if (sec_servs & sec_serv_auth) printf("message authentication"); if (sec_servs == sec_serv_none) printf("none"); printf("\n"); /* set up the srtp policy and master key */ if (sec_servs) { /* * create policy structure, using the default mechanisms but * with only the security services requested on the command line, * using the right SSRC value */ switch (sec_servs) { case sec_serv_conf_and_auth: if (gcm_on) { #ifdef OPENSSL switch (key_size) { case 128: srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp); srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp); break; case 256: srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp); srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp); break; } #else printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n"); return 0; #endif } else { switch (key_size) { case 128: srtp_crypto_policy_set_rtp_default(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); break; case 256: srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); break; } } break; case sec_serv_conf: if (gcm_on) { printf("error: GCM mode must always be used with auth enabled\n"); return -1; } else { switch (key_size) { case 128: srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); break; case 256: srtp_crypto_policy_set_aes_cm_256_null_auth(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); break; } } break; case sec_serv_auth: if (gcm_on) { #ifdef OPENSSL switch (key_size) { case 128: srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp); srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp); break; case 256: srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp); srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp); break; } #else printf("error: GCM mode only supported when using the OpenSSL crypto engine.\n"); return 0; #endif } else { srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); } break; default: printf("error: unknown security service requested\n"); return -1; } policy.ssrc.type = ssrc_specific; policy.ssrc.value = ssrc; policy.key = (uint8_t *)key; policy.ekt = NULL; policy.next = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.rtp.sec_serv = sec_servs; policy.rtcp.sec_serv = sec_serv_none; /* we don't do RTCP anyway */ if (gcm_on && tag_size != 8) { policy.rtp.auth_tag_len = tag_size; } /* * read key from hexadecimal or base64 on command line into an octet string */ if (b64_input) { int pad; expected_len = (policy.rtp.cipher_key_len*4)/3; len = base64_string_to_octet_string(key, &pad, input_key, expected_len); if (pad != 0) { fprintf(stderr, "error: padding in base64 unexpected\n"); exit(1); } } else { expected_len = policy.rtp.cipher_key_len*2; len = hex_string_to_octet_string(key, input_key, expected_len); } /* check that hex string is the right length */ if (len < expected_len) { fprintf(stderr, "error: too few digits in key/salt " "(should be %d digits, found %d)\n", expected_len, len); exit(1); } if ((int) strlen(input_key) > policy.rtp.cipher_key_len*2) { fprintf(stderr, "error: too many digits in key/salt " "(should be %d hexadecimal digits, found %u)\n", policy.rtp.cipher_key_len*2, (unsigned)strlen(input_key)); exit(1); } printf("set master key/salt to %s/", octet_string_hex_string(key, 16)); printf("%s\n", octet_string_hex_string(key+16, 14)); } else { /* * we're not providing security services, so set the policy to the * null policy * * Note that this policy does not conform to the SRTP * specification, since RTCP authentication is required. However, * the effect of this policy is to turn off SRTP, so that this * application is now a vanilla-flavored RTP application. */ srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtp); srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtcp); policy.key = (uint8_t *)key; policy.ssrc.type = ssrc_specific; policy.ssrc.value = ssrc; policy.window_size = 0; policy.allow_repeat_tx = 0; policy.ekt = NULL; policy.next = NULL; } if (prog_type == sender) { #if BEW /* bind to local socket (to match crypto policy, if need be) */ memset(&local, 0, sizeof(struct sockaddr_in)); local.sin_addr.s_addr = htonl(INADDR_ANY); local.sin_port = htons(port); ret = bind(sock, (struct sockaddr *) &local, sizeof(struct sockaddr_in)); if (ret < 0) { fprintf(stderr, "%s: bind failed\n", argv[0]); perror(""); exit(1); } #endif /* BEW */ /* initialize sender's rtp and srtp contexts */ snd = rtp_sender_alloc(); if (snd == NULL) { fprintf(stderr, "error: malloc() failed\n"); exit(1); } rtp_sender_init(snd, sock, name, ssrc); status = rtp_sender_init_srtp(snd, &policy); if (status) { fprintf(stderr, "error: srtp_create() failed with code %d\n", status); exit(1); } /* open dictionary */ dict = fopen (dictfile, "r"); if (dict == NULL) { fprintf(stderr, "%s: couldn't open file %s\n", argv[0], dictfile); if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { leave_group(sock, mreq, argv[0]); } exit(1); } /* read words from dictionary, then send them off */ while (!interrupted && fgets(word, MAX_WORD_LEN, dict) != NULL) { len = strlen(word) + 1; /* plus one for null */ if (len > MAX_WORD_LEN) printf("error: word %s too large to send\n", word); else { rtp_sendto(snd, word, len); printf("sending word: %s", word); } usleep(USEC_RATE); } rtp_sender_deinit_srtp(snd); rtp_sender_dealloc(snd); fclose(dict); } else { /* prog_type == receiver */ rtp_receiver_t rcvr; if (bind(sock, (struct sockaddr *)&name, sizeof(name)) < 0) { close(sock); fprintf(stderr, "%s: socket bind error\n", argv[0]); perror(NULL); if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { leave_group(sock, mreq, argv[0]); } exit(1); } rcvr = rtp_receiver_alloc(); if (rcvr == NULL) { fprintf(stderr, "error: malloc() failed\n"); exit(1); } rtp_receiver_init(rcvr, sock, name, ssrc); status = rtp_receiver_init_srtp(rcvr, &policy); if (status) { fprintf(stderr, "error: srtp_create() failed with code %d\n", status); exit(1); } /* get next word and loop */ while (!interrupted) { len = MAX_WORD_LEN; if (rtp_recvfrom(rcvr, word, &len) > -1) printf("\tword: %s\n", word); } rtp_receiver_deinit_srtp(rcvr); rtp_receiver_dealloc(rcvr); } if (ADDR_IS_MULTICAST(rcvr_addr.s_addr)) { leave_group(sock, mreq, argv[0]); } #ifdef RTPW_USE_WINSOCK2 ret = closesocket(sock); #else ret = close(sock); #endif if (ret < 0) { fprintf(stderr, "%s: Failed to close socket", argv[0]); perror(""); } status = srtp_shutdown(); if (status) { printf("error: srtp shutdown failed with error code %d\n", status); exit(1); } #ifdef RTPW_USE_WINSOCK2 WSACleanup(); #endif return 0; } void usage(char *string) { printf("usage: %s [-d <debug>]* [-k <key> [-a][-e]] " "[-s | -r] dest_ip dest_port\n" "or %s -l\n" "where -a use message authentication\n" " -e <key size> use encryption (use 128 or 256 for key size)\n" " -g Use AES-GCM mode (must be used with -e)\n" " -t <tag size> Tag size to use in GCM mode (use 8 or 16)\n" " -k <key> sets the srtp master key given in hexadecimal\n" " -b <key> sets the srtp master key given in base64\n" " -s act as rtp sender\n" " -r act as rtp receiver\n" " -l list debug modules\n" " -d <debug> turn on debugging for module <debug>\n", string, string); exit(1); } void leave_group(int sock, struct ip_mreq mreq, char *name) { int ret; ret = setsockopt(sock, IPPROTO_IP, IP_DROP_MEMBERSHIP, (void*)&mreq, sizeof(mreq)); if (ret < 0) { fprintf(stderr, "%s: Failed to leave multicast group", name); perror(""); } } void handle_signal(int signum) { interrupted = 1; /* Reset handler explicitly, in case we don't have sigaction() (and signal() has BSD semantics), or we don't have SA_RESETHAND */ signal(signum, SIG_DFL); } int setup_signal_handler(char* name) { #if HAVE_SIGACTION struct sigaction act; memset(&act, 0, sizeof(act)); act.sa_handler = handle_signal; sigemptyset(&act.sa_mask); #if defined(SA_RESETHAND) act.sa_flags = SA_RESETHAND; #else act.sa_flags = 0; #endif /* Note that we're not setting SA_RESTART; we want recvfrom to return * EINTR when we signal the receiver. */ if (sigaction(SIGTERM, &act, NULL) != 0) { fprintf(stderr, "%s: error setting up signal handler", name); perror(""); return -1; } #else if (signal(SIGTERM, handle_signal) == SIG_ERR) { fprintf(stderr, "%s: error setting up signal handler", name); perror(""); return -1; } #endif return 0; } ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/test/rtpw_test.sh���������������������������������������������������������������������0000775�0000000�0000000�00000007567�13120311000�0016536�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh # # usage: rtpw_test <rtpw_commands> # # tests the rtpw sender and receiver functions # # Copyright (c) 2001-2017, Cisco Systems, Inc. # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following # disclaimer in the documentation and/or other materials provided # with the distribution. # # Neither the name of the Cisco Systems, Inc. nor the names of its # contributors may be used to endorse or promote products derived # from this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE # COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, # INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED # OF THE POSSIBILITY OF SUCH DAMAGE. # case $(uname -s) in *CYGWIN*|*MINGW*) EXE=".exe" ;; *) EXE="" ;; esac RTPW=./rtpw$EXE DEST_PORT=9999 DURATION=3 key=Ky7cUDT2GnI0XKWYbXv9AYmqbcLsqzL9mvdN9t/G ARGS="-b $key -a -e 128" # First, we run "killall" to get rid of all existing rtpw processes. # This step also enables this script to clean up after itself; if this # script is interrupted after the rtpw processes are started but before # they are killed, those processes will linger. Re-running the script # will get rid of them. killall rtpw 2>/dev/null if test -x $RTPW; then echo $0 ": starting rtpw receiver process... " $RTPW $* $ARGS -r 0.0.0.0 $DEST_PORT & receiver_pid=$! echo $0 ": receiver PID = $receiver_pid" sleep 1 # verify that the background job is running ps -e | grep -q $receiver_pid retval=$? echo $retval if [ $retval != 0 ]; then echo $0 ": error" exit 254 fi echo $0 ": starting rtpw sender process..." $RTPW $* $ARGS -s 127.0.0.1 $DEST_PORT & sender_pid=$! echo $0 ": sender PID = $sender_pid" # verify that the background job is running ps -e | grep -q $sender_pid retval=$? echo $retval if [ $retval != 0 ]; then echo $0 ": error" exit 255 fi sleep $DURATION kill $receiver_pid kill $sender_pid wait $receiver_pid 2>/dev/null wait $sender_pid 2>/dev/null key=033490ba9e82994fc21013395739038992b2edc5034f61a72345ca598d7bfd0189aa6dc2ecab32fd9af74df6dfc6 ARGS="-k $key -a -e 256" echo $0 ": starting rtpw receiver process... " $RTPW $* $ARGS -r 0.0.0.0 $DEST_PORT & receiver_pid=$! echo $0 ": receiver PID = $receiver_pid" sleep 1 # verify that the background job is running ps -e | grep -q $receiver_pid retval=$? echo $retval if [ $retval != 0 ]; then echo $0 ": error" exit 254 fi echo $0 ": starting rtpw sender process..." $RTPW $* $ARGS -s 127.0.0.1 $DEST_PORT & sender_pid=$! echo $0 ": sender PID = $sender_pid" # verify that the background job is running ps -e | grep -q $sender_pid retval=$? echo $retval if [ $retval != 0 ]; then echo $0 ": error" exit 255 fi sleep $DURATION kill $receiver_pid kill $sender_pid wait $receiver_pid 2>/dev/null wait $sender_pid 2>/dev/null echo $0 ": done (test passed)" else echo "error: can't find executable" $RTPW exit 1 fi # EOF �����������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/test/rtpw_test_gcm.sh�����������������������������������������������������������������0000775�0000000�0000000�00000013427�13120311000�0017354�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh # # usage: rtpw_test <rtpw_commands> # # tests the rtpw sender and receiver functions # # Copyright (c) 2001-2017, Cisco Systems, Inc. # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following # disclaimer in the documentation and/or other materials provided # with the distribution. # # Neither the name of the Cisco Systems, Inc. nor the names of its # contributors may be used to endorse or promote products derived # from this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE # COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, # INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED # OF THE POSSIBILITY OF SUCH DAMAGE. # case $(uname -s) in *CYGWIN*|*MINGW*) EXE=".exe" ;; *) EXE="" ;; esac RTPW=./rtpw$EXE DEST_PORT=9999 DURATION=3 # First, we run "killall" to get rid of all existing rtpw processes. # This step also enables this script to clean up after itself; if this # script is interrupted after the rtpw processes are started but before # they are killed, those processes will linger. Re-running the script # will get rid of them. killall rtpw 2>/dev/null if test -x $RTPW; then GCMARGS128="-k 01234567890123456789012345678901234567890123456789012345 -g -e 128" echo $0 ": starting GCM mode 128-bit rtpw receiver process... " exec $RTPW $* $GCMARGS128 -r 127.0.0.1 $DEST_PORT & receiver_pid=$! echo $0 ": receiver PID = $receiver_pid" sleep 1 # verify that the background job is running ps -e | grep -q $receiver_pid retval=$? echo $retval if [ $retval != 0 ]; then echo $0 ": error" exit 254 fi echo $0 ": starting GCM 128-bit rtpw sender process..." exec $RTPW $* $GCMARGS128 -s 127.0.0.1 $DEST_PORT & sender_pid=$! echo $0 ": sender PID = $sender_pid" # verify that the background job is running ps -e | grep -q $sender_pid retval=$? echo $retval if [ $retval != 0 ]; then echo $0 ": error" exit 255 fi sleep $DURATION kill $receiver_pid kill $sender_pid wait $receiver_pid 2>/dev/null wait $sender_pid 2>/dev/null GCMARGS128="-k 01234567890123456789012345678901234567890123456789012345 -g -t 16 -e 128" echo $0 ": starting GCM mode 128-bit (16 byte tag) rtpw receiver process... " exec $RTPW $* $GCMARGS128 -r 127.0.0.1 $DEST_PORT & receiver_pid=$! echo $0 ": receiver PID = $receiver_pid" sleep 1 # verify that the background job is running ps -e | grep -q $receiver_pid retval=$? echo $retval if [ $retval != 0 ]; then echo $0 ": error" exit 254 fi echo $0 ": starting GCM 128-bit (16 byte tag) rtpw sender process..." exec $RTPW $* $GCMARGS128 -s 127.0.0.1 $DEST_PORT & sender_pid=$! echo $0 ": sender PID = $sender_pid" # verify that the background job is running ps -e | grep -q $sender_pid retval=$? echo $retval if [ $retval != 0 ]; then echo $0 ": error" exit 255 fi sleep $DURATION kill $receiver_pid kill $sender_pid wait $receiver_pid 2>/dev/null wait $sender_pid 2>/dev/null GCMARGS256="-k 0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567 -g -e 256" echo $0 ": starting GCM mode 256-bit rtpw receiver process... " exec $RTPW $* $GCMARGS256 -r 127.0.0.1 $DEST_PORT & receiver_pid=$! echo $0 ": receiver PID = $receiver_pid" sleep 1 # verify that the background job is running ps -e | grep -q $receiver_pid retval=$? echo $retval if [ $retval != 0 ]; then echo $0 ": error" exit 254 fi echo $0 ": starting GCM 256-bit rtpw sender process..." exec $RTPW $* $GCMARGS256 -s 127.0.0.1 $DEST_PORT & sender_pid=$! echo $0 ": sender PID = $sender_pid" # verify that the background job is running ps -e | grep -q $sender_pid retval=$? echo $retval if [ $retval != 0 ]; then echo $0 ": error" exit 255 fi sleep $DURATION kill $receiver_pid kill $sender_pid wait $receiver_pid 2>/dev/null wait $sender_pid 2>/dev/null GCMARGS256="-k a123456789012345678901234567890123456789012345678901234567890123456789012345678901234567 -g -t 16 -e 256" echo $0 ": starting GCM mode 256-bit (16 byte tag) rtpw receiver process... " exec $RTPW $* $GCMARGS256 -r 127.0.0.1 $DEST_PORT & receiver_pid=$! echo $0 ": receiver PID = $receiver_pid" sleep 1 # verify that the background job is running ps -e | grep -q $receiver_pid retval=$? echo $retval if [ $retval != 0 ]; then echo $0 ": error" exit 254 fi echo $0 ": starting GCM 256-bit (16 byte tag) rtpw sender process..." exec $RTPW $* $GCMARGS256 -s 127.0.0.1 $DEST_PORT & sender_pid=$! echo $0 ": sender PID = $sender_pid" # verify that the background job is running ps -e | grep -q $sender_pid retval=$? echo $retval if [ $retval != 0 ]; then echo $0 ": error" exit 255 fi sleep $DURATION kill $receiver_pid kill $sender_pid wait $receiver_pid 2>/dev/null wait $sender_pid 2>/dev/null echo $0 ": done (test passed)" else echo "error: can't find executable" $RTPW exit 1 fi # EOF �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/test/srtp_driver.c��������������������������������������������������������������������0000664�0000000�0000000�00000342317�13120311000�0016646�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������ /* * srtp_driver.c * * a test driver for libSRTP * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include <string.h> /* for memcpy() */ #include <time.h> /* for clock() */ #include <stdlib.h> /* for malloc(), free() */ #include <stdio.h> /* for print(), fflush() */ #include "getopt_s.h" /* for local getopt() */ #include "srtp_priv.h" #include "util.h" #ifdef HAVE_NETINET_IN_H # include <netinet/in.h> #elif defined HAVE_WINSOCK2_H # include <winsock2.h> #endif #define PRINT_REFERENCE_PACKET 1 srtp_err_status_t srtp_validate(void); #ifdef OPENSSL srtp_err_status_t srtp_validate_gcm(void); #endif srtp_err_status_t srtp_validate_encrypted_extensions_headers(void); #ifdef OPENSSL srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm(void); #endif srtp_err_status_t srtp_validate_aes_256(void); srtp_err_status_t srtp_create_big_policy(srtp_policy_t **list); srtp_err_status_t srtp_dealloc_big_policy(srtp_policy_t *list); srtp_err_status_t srtp_test_empty_payload(void); #ifdef OPENSSL srtp_err_status_t srtp_test_empty_payload_gcm(void); #endif srtp_err_status_t srtp_test_remove_stream(void); srtp_err_status_t srtp_test_update(void); srtp_err_status_t srtp_test_protect_trailer_length(void); srtp_err_status_t srtp_test_protect_rtcp_trailer_length(void); srtp_err_status_t srtp_test_get_roc(void); srtp_err_status_t srtp_test_set_receiver_roc(void); srtp_err_status_t srtp_test_set_sender_roc(void); double srtp_bits_per_second(int msg_len_octets, const srtp_policy_t *policy); double srtp_rejections_per_second(int msg_len_octets, const srtp_policy_t *policy); void srtp_do_timing(const srtp_policy_t *policy); void srtp_do_rejection_timing(const srtp_policy_t *policy); srtp_err_status_t srtp_test(const srtp_policy_t *policy, int extension_header, int mki_index); srtp_err_status_t srtcp_test(const srtp_policy_t *policy, int mki_index); srtp_err_status_t srtp_session_print_policy(srtp_t srtp); srtp_err_status_t srtp_print_policy(const srtp_policy_t *policy); char * srtp_packet_to_string(srtp_hdr_t *hdr, int packet_len); double mips_estimate(int num_trials, int *ignore); #define TEST_MKI_ID_SIZE 4 extern uint8_t test_key[46]; extern uint8_t test_key_2[46]; extern uint8_t test_mki_id[TEST_MKI_ID_SIZE]; extern uint8_t test_mki_id_2[TEST_MKI_ID_SIZE]; srtp_master_key_t master_key_1 = { test_key, test_mki_id, TEST_MKI_ID_SIZE }; srtp_master_key_t master_key_2 = { test_key_2, test_mki_id_2, TEST_MKI_ID_SIZE }; srtp_master_key_t *test_keys[2] = { &master_key_1, &master_key_2 }; void usage (char *prog_name) { printf("usage: %s [ -t ][ -c ][ -v ][ -o ][-d <debug_module> ]* [ -l ]\n" " -t run timing test\n" " -r run rejection timing test\n" " -c run codec timing test\n" " -v run validation tests\n" " -o output logging to stdout\n" " -d <mod> turn on debugging module <mod>\n" " -l list debugging modules\n", prog_name); exit(1); } void log_handler (srtp_log_level_t level, const char * msg, void * data) { char level_char = '?'; switch(level) { case srtp_log_level_error: level_char = 'e'; break; case srtp_log_level_warning: level_char = 'w'; break; case srtp_log_level_info: level_char = 'i'; break; case srtp_log_level_debug: level_char = 'd'; break; } printf("SRTP-LOG [%c]: %s\n", level_char, msg); } /* * The policy_array is a null-terminated array of policy structs. it * is declared at the end of this file */ extern const srtp_policy_t *policy_array[]; /* the wildcard_policy is declared below; it has a wildcard ssrc */ extern const srtp_policy_t wildcard_policy; /* * mod_driver debug module - debugging module for this test driver * * we use the crypto_kernel debugging system in this driver, which * makes the interface uniform and increases portability */ srtp_debug_module_t mod_driver = { 0, /* debugging is off by default */ "driver" /* printable name for module */ }; int main (int argc, char *argv[]) { int q; unsigned do_timing_test = 0; unsigned do_rejection_test = 0; unsigned do_codec_timing = 0; unsigned do_validation = 0; unsigned do_list_mods = 0; unsigned do_log_stdout = 0; srtp_err_status_t status; /* * verify that the compiler has interpreted the header data * structure srtp_hdr_t correctly */ if (sizeof(srtp_hdr_t) != 12) { printf("error: srtp_hdr_t has incorrect size" "(size is %ld bytes, expected 12)\n", (long)sizeof(srtp_hdr_t)); exit(1); } /* initialize srtp library */ status = srtp_init(); if (status) { printf("error: srtp init failed with error code %d\n", status); exit(1); } /* load srtp_driver debug module */ status = srtp_crypto_kernel_load_debug_module(&mod_driver); if (status) { printf("error: load of srtp_driver debug module failed " "with error code %d\n", status); exit(1); } /* process input arguments */ while (1) { q = getopt_s(argc, argv, "trcvold:"); if (q == -1) { break; } switch (q) { case 't': do_timing_test = 1; break; case 'r': do_rejection_test = 1; break; case 'c': do_codec_timing = 1; break; case 'v': do_validation = 1; break; case 'o': do_log_stdout = 1; break; case 'l': do_list_mods = 1; break; case 'd': status = srtp_set_debug_module(optarg_s, 1); if (status) { printf("error: set debug module (%s) failed\n", optarg_s); exit(1); } break; default: usage(argv[0]); } } if (!do_validation && !do_timing_test && !do_codec_timing && !do_list_mods && !do_rejection_test) { usage(argv[0]); } if (do_log_stdout) { status = srtp_install_log_handler(log_handler, NULL); if (status) { printf("error: install log handler failed\n"); exit(1); } } if (do_list_mods) { status = srtp_list_debug_modules(); if (status) { printf("error: list of debug modules failed\n"); exit(1); } } if (do_validation) { const srtp_policy_t **policy = policy_array; srtp_policy_t *big_policy; /* loop over policy array, testing srtp and srtcp for each policy */ while (*policy != NULL) { printf("testing srtp_protect and srtp_unprotect\n"); if (srtp_test(*policy, 0, -1) == srtp_err_status_ok) { printf("passed\n\n"); } else{ printf("failed\n"); exit(1); } printf("testing srtp_protect and srtp_unprotect with encrypted extensions headers\n"); if (srtp_test(*policy, 1, -1) == srtp_err_status_ok) { printf("passed\n\n"); } else{ printf("failed\n"); exit(1); } printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n"); if (srtcp_test(*policy, -1) == srtp_err_status_ok) { printf("passed\n\n"); } else{ printf("failed\n"); exit(1); } printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI index set to 0\n"); if (srtp_test(*policy, 0, 0) == srtp_err_status_ok) { printf("passed\n\n"); } else{ printf("failed\n"); exit(1); } printf("testing srtp_protect_rtp and srtp_unprotect_rtp with MKI index set to 1\n"); if (srtp_test(*policy, 0, 1) == srtp_err_status_ok) { printf("passed\n\n"); } else{ printf("failed\n"); exit(1); } printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI index set to 0\n"); if (srtcp_test(*policy, 0) == srtp_err_status_ok) { printf("passed\n\n"); } else{ printf("failed\n"); exit(1); } printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp with MKI index set to 1\n"); if (srtcp_test(*policy, 1) == srtp_err_status_ok) { printf("passed\n\n"); } else{ printf("failed\n"); exit(1); } policy++; } /* create a big policy list and run tests on it */ status = srtp_create_big_policy(&big_policy); if (status) { printf("unexpected failure with error code %d\n", status); exit(1); } printf("testing srtp_protect and srtp_unprotect with big policy\n"); if (srtp_test(big_policy, 0, -1) == srtp_err_status_ok) { printf("passed\n\n"); } else{ printf("failed\n"); exit(1); } printf("testing srtp_protect and srtp_unprotect with big policy and encrypted extensions headers\n"); if (srtp_test(big_policy, 1, -1) == srtp_err_status_ok) { printf("passed\n\n"); } else{ printf("failed\n"); exit(1); } status = srtp_dealloc_big_policy(big_policy); if (status) { printf("unexpected failure with error code %d\n", status); exit(1); } /* run test on wildcard policy */ printf("testing srtp_protect and srtp_unprotect on " "wildcard ssrc policy\n"); if (srtp_test(&wildcard_policy, 0, -1) == srtp_err_status_ok) { printf("passed\n\n"); } else{ printf("failed\n"); exit(1); } printf("testing srtp_protect and srtp_unprotect on " "wildcard ssrc policy and encrypted extensions headers\n"); if (srtp_test(&wildcard_policy, 1, -1) == srtp_err_status_ok) { printf("passed\n\n"); } else{ printf("failed\n"); exit(1); } /* * run validation test against the reference packets - note * that this test only covers the default policy */ printf("testing srtp_protect and srtp_unprotect against " "reference packet\n"); if (srtp_validate() == srtp_err_status_ok) { printf("passed\n\n"); } else{ printf("failed\n"); exit(1); } #ifdef OPENSSL printf("testing srtp_protect and srtp_unprotect against " "reference packet using GCM\n"); if (srtp_validate_gcm() == srtp_err_status_ok) { printf("passed\n\n"); } else{ printf("failed\n"); exit(1); } #endif printf("testing srtp_protect and srtp_unprotect against " "reference packet with encrypted extensions headers\n"); if (srtp_validate_encrypted_extensions_headers() == srtp_err_status_ok) printf("passed\n\n"); else { printf("failed\n"); exit(1); } #ifdef OPENSSL printf("testing srtp_protect and srtp_unprotect against " "reference packet with encrypted extension headers (GCM)\n"); if (srtp_validate_encrypted_extensions_headers_gcm() == srtp_err_status_ok) { printf("passed\n\n"); } else{ printf("failed\n"); exit(1); } #endif /* * run validation test against the reference packets for * AES-256 */ printf("testing srtp_protect and srtp_unprotect against " "reference packet (AES-256)\n"); if (srtp_validate_aes_256() == srtp_err_status_ok) { printf("passed\n\n"); } else{ printf("failed\n"); exit(1); } /* * test packets with empty payload */ printf("testing srtp_protect and srtp_unprotect against " "packet with empty payload\n"); if (srtp_test_empty_payload() == srtp_err_status_ok) { printf("passed\n"); } else{ printf("failed\n"); exit(1); } #ifdef OPENSSL printf("testing srtp_protect and srtp_unprotect against " "packet with empty payload (GCM)\n"); if (srtp_test_empty_payload_gcm() == srtp_err_status_ok) { printf("passed\n"); } else{ printf("failed\n"); exit(1); } #endif /* * test the function srtp_remove_stream() */ printf("testing srtp_remove_stream()..."); if (srtp_test_remove_stream() == srtp_err_status_ok) { printf("passed\n"); } else{ printf("failed\n"); exit(1); } /* * test the function srtp_update() */ printf("testing srtp_update()..."); if (srtp_test_update() == srtp_err_status_ok) { printf("passed\n"); } else { printf("failed\n"); exit(1); } /* * test the functions srtp_get_protect_trailer_length * and srtp_get_protect_rtcp_trailer_length */ printf("testing srtp_get_protect_trailer_length()..."); if (srtp_test_protect_trailer_length() == srtp_err_status_ok) { printf("passed\n"); } else { printf("failed\n"); exit(1); } printf("testing srtp_get_protect_rtcp_trailer_length()..."); if (srtp_test_protect_rtcp_trailer_length() == srtp_err_status_ok) { printf("passed\n"); } else { printf("failed\n"); exit(1); } printf("testing srtp_test_get_roc()..."); if (srtp_test_get_roc() == srtp_err_status_ok) { printf("passed\n"); } else { printf("failed\n"); exit(1); } printf("testing srtp_test_set_receiver_roc()..."); if (srtp_test_set_receiver_roc() == srtp_err_status_ok) { printf("passed\n"); } else { printf("failed\n"); exit(1); } printf("testing srtp_test_set_sender_roc()..."); if (srtp_test_set_sender_roc() == srtp_err_status_ok) { printf("passed\n"); } else { printf("failed\n"); exit(1); } } if (do_timing_test) { const srtp_policy_t **policy = policy_array; /* loop over policies, run timing test for each */ while (*policy != NULL) { srtp_print_policy(*policy); srtp_do_timing(*policy); policy++; } } if (do_rejection_test) { const srtp_policy_t **policy = policy_array; /* loop over policies, run rejection timing test for each */ while (*policy != NULL) { srtp_print_policy(*policy); srtp_do_rejection_timing(*policy); policy++; } } if (do_codec_timing) { srtp_policy_t policy; int ignore; double mips_value = mips_estimate(1000000000, &ignore); memset(&policy, 0, sizeof(policy)); srtp_crypto_policy_set_rtp_default(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xdecafbad; policy.key = test_key; policy.ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; printf("mips estimate: %e\n", mips_value); printf("testing srtp processing time for voice codecs:\n"); printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n"); printf("G.711\t\t%d\t\t\t%e\n", 80, (double)mips_value * (80 * 8) / srtp_bits_per_second(80, &policy) / .01 ); printf("G.711\t\t%d\t\t\t%e\n", 160, (double)mips_value * (160 * 8) / srtp_bits_per_second(160, &policy) / .02); printf("G.726-32\t%d\t\t\t%e\n", 40, (double)mips_value * (40 * 8) / srtp_bits_per_second(40, &policy) / .01 ); printf("G.726-32\t%d\t\t\t%e\n", 80, (double)mips_value * (80 * 8) / srtp_bits_per_second(80, &policy) / .02); printf("G.729\t\t%d\t\t\t%e\n", 10, (double)mips_value * (10 * 8) / srtp_bits_per_second(10, &policy) / .01 ); printf("G.729\t\t%d\t\t\t%e\n", 20, (double)mips_value * (20 * 8) / srtp_bits_per_second(20, &policy) / .02 ); printf("Wideband\t%d\t\t\t%e\n", 320, (double)mips_value * (320 * 8) / srtp_bits_per_second(320, &policy) / .01 ); printf("Wideband\t%d\t\t\t%e\n", 640, (double)mips_value * (640 * 8) / srtp_bits_per_second(640, &policy) / .02 ); } status = srtp_shutdown(); if (status) { printf("error: srtp shutdown failed with error code %d\n", status); exit(1); } return 0; } /* * srtp_create_test_packet(len, ssrc) returns a pointer to a * (malloced) example RTP packet whose data field has the length given * by pkt_octet_len and the SSRC value ssrc. The total length of the * packet is twelve octets longer, since the header is at the * beginning. There is room at the end of the packet for a trailer, * and the four octets following the packet are filled with 0xff * values to enable testing for overwrites. * * note that the location of the test packet can (and should) be * deallocated with the free() call once it is no longer needed. */ srtp_hdr_t * srtp_create_test_packet (int pkt_octet_len, uint32_t ssrc) { int i; uint8_t *buffer; srtp_hdr_t *hdr; int bytes_in_hdr = 12; /* allocate memory for test packet */ hdr = (srtp_hdr_t*)malloc(pkt_octet_len + bytes_in_hdr + SRTP_MAX_TRAILER_LEN + 4); if (!hdr) { return NULL; } hdr->version = 2; /* RTP version two */ hdr->p = 0; /* no padding needed */ hdr->x = 0; /* no header extension */ hdr->cc = 0; /* no CSRCs */ hdr->m = 0; /* marker bit */ hdr->pt = 0xf; /* payload type */ hdr->seq = htons(0x1234); /* sequence number */ hdr->ts = htonl(0xdecafbad); /* timestamp */ hdr->ssrc = htonl(ssrc); /* synch. source */ buffer = (uint8_t*)hdr; buffer += bytes_in_hdr; /* set RTP data to 0xab */ for (i = 0; i < pkt_octet_len; i++) { *buffer++ = 0xab; } /* set post-data value to 0xffff to enable overrun checking */ for (i = 0; i < SRTP_MAX_TRAILER_LEN + 4; i++) { *buffer++ = 0xff; } return hdr; } static srtp_hdr_t * srtp_create_test_packet_extended (int pkt_octet_len, uint32_t ssrc, uint16_t seq, uint32_t ts) { srtp_hdr_t *hdr; hdr = srtp_create_test_packet(pkt_octet_len, ssrc); if (hdr == NULL) return hdr; hdr->seq = htons(seq); hdr->ts = htonl(ts); return hdr; } srtp_hdr_t * srtp_create_test_packet_ext_hdr(int pkt_octet_len, uint32_t ssrc) { int i; uint8_t *buffer; srtp_hdr_t *hdr; int bytes_in_hdr = 12; uint8_t extension_header[12] = { /* one-byte header */ 0xbe, 0xde, /* size */ 0x00, 0x02, /* id 1, length 1 (i.e. 2 bytes) */ 0x11, /* payload */ 0xca, 0xfe, /* padding */ 0x00, /* id 2, length 0 (i.e. 1 byte) */ 0x20, /* payload */ 0xba, /* padding */ 0x00, 0x00 }; /* allocate memory for test packet */ hdr = (srtp_hdr_t*) malloc(pkt_octet_len + bytes_in_hdr + sizeof(extension_header) + SRTP_MAX_TRAILER_LEN + 4); if (!hdr) return NULL; hdr->version = 2; /* RTP version two */ hdr->p = 0; /* no padding needed */ hdr->x = 1; /* no header extension */ hdr->cc = 0; /* no CSRCs */ hdr->m = 0; /* marker bit */ hdr->pt = 0xf; /* payload type */ hdr->seq = htons(0x1234); /* sequence number */ hdr->ts = htonl(0xdecafbad); /* timestamp */ hdr->ssrc = htonl(ssrc); /* synch. source */ buffer = (uint8_t *)hdr; buffer += bytes_in_hdr; memcpy(buffer, extension_header, sizeof(extension_header)); buffer += sizeof(extension_header); /* set RTP data to 0xab */ for (i=0; i < pkt_octet_len; i++) *buffer++ = 0xab; /* set post-data value to 0xffff to enable overrun checking */ for (i=0; i < SRTP_MAX_TRAILER_LEN+4; i++) *buffer++ = 0xff; return hdr; } void srtp_do_timing (const srtp_policy_t *policy) { int len; /* * note: the output of this function is formatted so that it * can be used in gnuplot. '#' indicates a comment, and "\r\n" * terminates a record */ printf("# testing srtp throughput:\r\n"); printf("# mesg length (octets)\tthroughput (megabits per second)\r\n"); for (len = 16; len <= 2048; len *= 2) { printf("%d\t\t\t%f\r\n", len, srtp_bits_per_second(len, policy) / 1.0E6); } /* these extra linefeeds let gnuplot know that a dataset is done */ printf("\r\n\r\n"); } void srtp_do_rejection_timing (const srtp_policy_t *policy) { int len; /* * note: the output of this function is formatted so that it * can be used in gnuplot. '#' indicates a comment, and "\r\n" * terminates a record */ printf("# testing srtp rejection throughput:\r\n"); printf("# mesg length (octets)\trejections per second\r\n"); for (len = 8; len <= 2048; len *= 2) { printf("%d\t\t\t%e\r\n", len, srtp_rejections_per_second(len, policy)); } /* these extra linefeeds let gnuplot know that a dataset is done */ printf("\r\n\r\n"); } #define MAX_MSG_LEN 1024 double srtp_bits_per_second (int msg_len_octets, const srtp_policy_t *policy) { srtp_t srtp; srtp_hdr_t *mesg; int i; clock_t timer; int num_trials = 100000; int len; uint32_t ssrc; srtp_err_status_t status; /* * allocate and initialize an srtp session */ status = srtp_create(&srtp, policy); if (status) { printf("error: srtp_create() failed with error code %d\n", status); exit(1); } /* * if the ssrc is unspecified, use a predetermined one */ if (policy->ssrc.type != ssrc_specific) { ssrc = 0xdeadbeef; } else { ssrc = policy->ssrc.value; } /* * create a test packet */ mesg = srtp_create_test_packet(msg_len_octets, ssrc); if (mesg == NULL) { return 0.0; /* indicate failure by returning zero */ } timer = clock(); for (i = 0; i < num_trials; i++) { len = msg_len_octets + 12; /* add in rtp header length */ /* srtp protect message */ status = srtp_protect(srtp, mesg, &len); if (status) { printf("error: srtp_protect() failed with error code %d\n", status); exit(1); } /* increment message number */ { /* hack sequence to avoid problems with macros for htons/ntohs on some systems */ short new_seq = ntohs(mesg->seq) + 1; mesg->seq = htons(new_seq); } } timer = clock() - timer; free(mesg); status = srtp_dealloc(srtp); if (status) { printf("error: srtp_dealloc() failed with error code %d\n", status); exit(1); } return (double)(msg_len_octets) * 8 * num_trials * CLOCKS_PER_SEC / timer; } double srtp_rejections_per_second (int msg_len_octets, const srtp_policy_t *policy) { srtp_ctx_t *srtp; srtp_hdr_t *mesg; int i; int len; clock_t timer; int num_trials = 1000000; uint32_t ssrc = policy->ssrc.value; srtp_err_status_t status; /* * allocate and initialize an srtp session */ status = srtp_create(&srtp, policy); if (status) { printf("error: srtp_create() failed with error code %d\n", status); exit(1); } mesg = srtp_create_test_packet(msg_len_octets, ssrc); if (mesg == NULL) { return 0.0; /* indicate failure by returning zero */ } len = msg_len_octets; srtp_protect(srtp, (srtp_hdr_t*)mesg, &len); timer = clock(); for (i = 0; i < num_trials; i++) { len = msg_len_octets; srtp_unprotect(srtp, (srtp_hdr_t*)mesg, &len); } timer = clock() - timer; free(mesg); status = srtp_dealloc(srtp); if (status) { printf("error: srtp_dealloc() failed with error code %d\n", status); exit(1); } return (double)num_trials * CLOCKS_PER_SEC / timer; } void err_check (srtp_err_status_t s) { if (s == srtp_err_status_ok) { return; } else{ fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s); } exit(1); } srtp_err_status_t srtp_test_call_protect(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int mki_index) { if (mki_index == -1) { return srtp_protect(srtp_sender, hdr, len); } else { return srtp_protect_mki(srtp_sender, hdr, len, 1, mki_index); } } srtp_err_status_t srtp_test_call_protect_rtcp(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int mki_index) { if (mki_index == -1) { return srtp_protect_rtcp(srtp_sender, hdr, len); } else { return srtp_protect_rtcp_mki(srtp_sender, hdr, len, 1, mki_index); } } srtp_err_status_t srtp_test_call_unprotect(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int use_mki) { if (use_mki == -1) { return srtp_unprotect(srtp_sender, hdr, len); } else { return srtp_unprotect_mki(srtp_sender, hdr, len, use_mki); } } srtp_err_status_t srtp_test_call_unprotect_rtcp(srtp_t srtp_sender, srtp_hdr_t *hdr, int *len, int use_mki) { if (use_mki == -1) { return srtp_unprotect_rtcp(srtp_sender, hdr, len); } else { return srtp_unprotect_rtcp_mki(srtp_sender, hdr, len, use_mki); } } srtp_err_status_t srtp_test (const srtp_policy_t *policy, int extension_header, int mki_index) { int i; srtp_t srtp_sender; srtp_t srtp_rcvr; srtp_err_status_t status = srtp_err_status_ok; srtp_hdr_t *hdr, *hdr2; uint8_t hdr_enc[64]; uint8_t *pkt_end; int msg_len_octets, msg_len_enc; int len; int tag_length = policy->rtp.auth_tag_len; uint32_t ssrc; srtp_policy_t *rcvr_policy; srtp_policy_t tmp_policy; int header = 1; int use_mki = 0; if (mki_index >= 0) use_mki = 1; if (extension_header) { memcpy(&tmp_policy, policy, sizeof(srtp_policy_t)); tmp_policy.enc_xtn_hdr = &header; tmp_policy.enc_xtn_hdr_count = 1; err_check(srtp_create(&srtp_sender, &tmp_policy)); } else { err_check(srtp_create(&srtp_sender, policy)); } /* print out policy */ err_check(srtp_session_print_policy(srtp_sender)); /* * initialize data buffer, using the ssrc in the policy unless that * value is a wildcard, in which case we'll just use an arbitrary * one */ if (policy->ssrc.type != ssrc_specific) { ssrc = 0xdecafbad; } else{ ssrc = policy->ssrc.value; } msg_len_octets = 28; if (extension_header) { hdr = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc); hdr2 = srtp_create_test_packet_ext_hdr(msg_len_octets, ssrc); } else { hdr = srtp_create_test_packet(msg_len_octets, ssrc); hdr2 = srtp_create_test_packet(msg_len_octets, ssrc); } if (hdr == NULL) { free(hdr2); return srtp_err_status_alloc_fail; } if (hdr2 == NULL) { free(hdr); return srtp_err_status_alloc_fail; } /* set message length */ len = msg_len_octets; if (extension_header) { len += 12; } debug_print(mod_driver, "before protection:\n%s", srtp_packet_to_string(hdr, len)); #if PRINT_REFERENCE_PACKET debug_print(mod_driver, "reference packet before protection:\n%s", octet_string_hex_string((uint8_t*)hdr, len)); #endif err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index)); debug_print(mod_driver, "after protection:\n%s", srtp_packet_to_string(hdr, len)); #if PRINT_REFERENCE_PACKET debug_print(mod_driver, "after protection:\n%s", octet_string_hex_string((uint8_t*)hdr, len)); #endif /* save protected message and length */ memcpy(hdr_enc, hdr, len); msg_len_enc = len; /* * check for overrun of the srtp_protect() function * * The packet is followed by a value of 0xfffff; if the value of the * data following the packet is different, then we know that the * protect function is overwriting the end of the packet. */ pkt_end = (uint8_t*)hdr + sizeof(srtp_hdr_t) + msg_len_octets + tag_length; if (extension_header) { pkt_end += 12; } for (i = 0; i < 4; i++) { if (pkt_end[i] != 0xff) { fprintf(stdout, "overwrite in srtp_protect() function " "(expected %x, found %x in trailing octet %d)\n", 0xff, ((uint8_t*)hdr)[i], i); free(hdr); free(hdr2); return srtp_err_status_algo_fail; } } /* * if the policy includes confidentiality, check that ciphertext is * different than plaintext * * Note that this check will give false negatives, with some small * probability, especially if the packets are short. For that * reason, we skip this check if the plaintext is less than four * octets long. */ if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) { printf("testing that ciphertext is distinct from plaintext..."); status = srtp_err_status_algo_fail; for (i = 12; i < msg_len_octets + 12; i++) { if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) { status = srtp_err_status_ok; } } if (status) { printf("failed\n"); free(hdr); free(hdr2); return status; } printf("passed\n"); } /* * if the policy uses a 'wildcard' ssrc, then we need to make a copy * of the policy that changes the direction to inbound * * we always copy the policy into the rcvr_policy, since otherwise * the compiler would fret about the constness of the policy */ rcvr_policy = (srtp_policy_t*)malloc(sizeof(srtp_policy_t)); if (rcvr_policy == NULL) { free(hdr); free(hdr2); return srtp_err_status_alloc_fail; } if (extension_header) { memcpy(rcvr_policy, &tmp_policy, sizeof(srtp_policy_t)); if (tmp_policy.ssrc.type == ssrc_any_outbound) { rcvr_policy->ssrc.type = ssrc_any_inbound; } } else { memcpy(rcvr_policy, policy, sizeof(srtp_policy_t)); if (policy->ssrc.type == ssrc_any_outbound) { rcvr_policy->ssrc.type = ssrc_any_inbound; } } err_check(srtp_create(&srtp_rcvr, rcvr_policy)); err_check(srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki)); debug_print(mod_driver, "after unprotection:\n%s", srtp_packet_to_string(hdr, len)); /* verify that the unprotected packet matches the origial one */ for (i = 0; i < msg_len_octets; i++) { if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) { fprintf(stdout, "mismatch at octet %d\n", i); status = srtp_err_status_algo_fail; } } if (status) { free(hdr); free(hdr2); free(rcvr_policy); return status; } /* * if the policy includes authentication, then test for false positives */ if (policy->rtp.sec_serv & sec_serv_auth) { char *data = ((char*)hdr) + 12; printf("testing for false positives in replay check..."); /* set message length */ len = msg_len_enc; /* unprotect a second time - should fail with a replay error */ status = srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki); if (status != srtp_err_status_replay_fail) { printf("failed with error code %d\n", status); free(hdr); free(hdr2); free(rcvr_policy); return status; } else { printf("passed\n"); } printf("testing for false positives in auth check..."); /* increment sequence number in header */ hdr->seq++; /* set message length */ len = msg_len_octets; if (extension_header) { len += 12; } /* apply protection */ err_check(srtp_test_call_protect(srtp_sender, hdr, &len, mki_index)); /* flip bits in packet */ data[extension_header ? 12 : 0] ^= 0xff; /* unprotect, and check for authentication failure */ status = srtp_test_call_unprotect(srtp_rcvr, hdr, &len, use_mki); if (status != srtp_err_status_auth_fail) { printf("failed\n"); free(hdr); free(hdr2); free(rcvr_policy); return status; } else { printf("passed\n"); } } err_check(srtp_dealloc(srtp_sender)); err_check(srtp_dealloc(srtp_rcvr)); free(hdr); free(hdr2); free(rcvr_policy); return srtp_err_status_ok; } srtp_err_status_t srtcp_test (const srtp_policy_t *policy, int mki_index) { int i; srtp_t srtcp_sender; srtp_t srtcp_rcvr; srtp_err_status_t status = srtp_err_status_ok; srtp_hdr_t *hdr, *hdr2; uint8_t hdr_enc[64]; uint8_t *pkt_end; int msg_len_octets, msg_len_enc; int len; int tag_length = policy->rtp.auth_tag_len; uint32_t ssrc; srtp_policy_t *rcvr_policy; int use_mki = 0; if (mki_index >= 0) use_mki = 1; err_check(srtp_create(&srtcp_sender, policy)); /* print out policy */ err_check(srtp_session_print_policy(srtcp_sender)); /* * initialize data buffer, using the ssrc in the policy unless that * value is a wildcard, in which case we'll just use an arbitrary * one */ if (policy->ssrc.type != ssrc_specific) { ssrc = 0xdecafbad; } else{ ssrc = policy->ssrc.value; } msg_len_octets = 28; hdr = srtp_create_test_packet(msg_len_octets, ssrc); if (hdr == NULL) { return srtp_err_status_alloc_fail; } hdr2 = srtp_create_test_packet(msg_len_octets, ssrc); if (hdr2 == NULL) { free(hdr); return srtp_err_status_alloc_fail; } /* set message length */ len = msg_len_octets; debug_print(mod_driver, "before protection:\n%s", srtp_packet_to_string(hdr, len)); #if PRINT_REFERENCE_PACKET debug_print(mod_driver, "reference packet before protection:\n%s", octet_string_hex_string((uint8_t*)hdr, len)); #endif err_check(srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index)); debug_print(mod_driver, "after protection:\n%s", srtp_packet_to_string(hdr, len)); #if PRINT_REFERENCE_PACKET debug_print(mod_driver, "after protection:\n%s", octet_string_hex_string((uint8_t*)hdr, len)); #endif /* save protected message and length */ memcpy(hdr_enc, hdr, len); msg_len_enc = len; /* * check for overrun of the srtp_protect() function * * The packet is followed by a value of 0xfffff; if the value of the * data following the packet is different, then we know that the * protect function is overwriting the end of the packet. */ pkt_end = (uint8_t*)hdr + sizeof(srtp_hdr_t) + msg_len_octets + tag_length; for (i = 0; i < 4; i++) { if (pkt_end[i] != 0xff) { fprintf(stdout, "overwrite in srtp_protect_rtcp() function " "(expected %x, found %x in trailing octet %d)\n", 0xff, ((uint8_t*)hdr)[i], i); free(hdr); free(hdr2); return srtp_err_status_algo_fail; } } /* * if the policy includes confidentiality, check that ciphertext is * different than plaintext * * Note that this check will give false negatives, with some small * probability, especially if the packets are short. For that * reason, we skip this check if the plaintext is less than four * octets long. */ if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) { printf("testing that ciphertext is distinct from plaintext..."); status = srtp_err_status_algo_fail; for (i = 12; i < msg_len_octets + 12; i++) { if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) { status = srtp_err_status_ok; } } if (status) { printf("failed\n"); free(hdr); free(hdr2); return status; } printf("passed\n"); } /* * if the policy uses a 'wildcard' ssrc, then we need to make a copy * of the policy that changes the direction to inbound * * we always copy the policy into the rcvr_policy, since otherwise * the compiler would fret about the constness of the policy */ rcvr_policy = (srtp_policy_t*)malloc(sizeof(srtp_policy_t)); if (rcvr_policy == NULL) { return srtp_err_status_alloc_fail; } memcpy(rcvr_policy, policy, sizeof(srtp_policy_t)); if (policy->ssrc.type == ssrc_any_outbound) { rcvr_policy->ssrc.type = ssrc_any_inbound; } err_check(srtp_create(&srtcp_rcvr, rcvr_policy)); err_check(srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki)); debug_print(mod_driver, "after unprotection:\n%s", srtp_packet_to_string(hdr, len)); /* verify that the unprotected packet matches the origial one */ for (i = 0; i < msg_len_octets; i++) { if (((uint8_t*)hdr)[i] != ((uint8_t*)hdr2)[i]) { fprintf(stdout, "mismatch at octet %d\n", i); status = srtp_err_status_algo_fail; } } if (status) { free(hdr); free(hdr2); free(rcvr_policy); return status; } /* * if the policy includes authentication, then test for false positives */ if (policy->rtp.sec_serv & sec_serv_auth) { char *data = ((char*)hdr) + 12; printf("testing for false positives in replay check..."); /* set message length */ len = msg_len_enc; /* unprotect a second time - should fail with a replay error */ status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki); if (status != srtp_err_status_replay_fail) { printf("failed with error code %d\n", status); free(hdr); free(hdr2); free(rcvr_policy); return status; } else { printf("passed\n"); } printf("testing for false positives in auth check..."); /* increment sequence number in header */ hdr->seq++; /* set message length */ len = msg_len_octets; /* apply protection */ err_check(srtp_test_call_protect_rtcp(srtcp_sender, hdr, &len, mki_index)); /* flip bits in packet */ data[0] ^= 0xff; /* unprotect, and check for authentication failure */ status = srtp_test_call_unprotect_rtcp(srtcp_rcvr, hdr, &len, use_mki); if (status != srtp_err_status_auth_fail) { printf("failed\n"); free(hdr); free(hdr2); free(rcvr_policy); return status; } else { printf("passed\n"); } } err_check(srtp_dealloc(srtcp_sender)); err_check(srtp_dealloc(srtcp_rcvr)); free(hdr); free(hdr2); free(rcvr_policy); return srtp_err_status_ok; } srtp_err_status_t srtp_session_print_policy (srtp_t srtp) { char *serv_descr[4] = { "none", "confidentiality", "authentication", "confidentiality and authentication" }; char *direction[3] = { "unknown", "outbound", "inbound" }; srtp_stream_t stream; srtp_session_keys_t *session_keys = NULL; /* sanity checking */ if (srtp == NULL) { return srtp_err_status_fail; } /* if there's a template stream, print it out */ if (srtp->stream_template != NULL) { stream = srtp->stream_template; session_keys = &stream->session_keys[0]; printf("# SSRC: any %s\r\n" "# rtp cipher: %s\r\n" "# rtp auth: %s\r\n" "# rtp services: %s\r\n" "# rtcp cipher: %s\r\n" "# rtcp auth: %s\r\n" "# rtcp services: %s\r\n" "# window size: %lu\r\n" "# tx rtx allowed:%s\r\n", direction[stream->direction], session_keys->rtp_cipher->type->description, session_keys->rtp_auth->type->description, serv_descr[stream->rtp_services], session_keys->rtcp_cipher->type->description, session_keys->rtcp_auth->type->description, serv_descr[stream->rtcp_services], srtp_rdbx_get_window_size(&stream->rtp_rdbx), stream->allow_repeat_tx ? "true" : "false"); printf("# Encrypted extension headers: "); if (stream->enc_xtn_hdr && stream->enc_xtn_hdr_count > 0) { int* enc_xtn_hdr = stream->enc_xtn_hdr; int count = stream->enc_xtn_hdr_count; while (count > 0) { printf("%d ", *enc_xtn_hdr); enc_xtn_hdr++; count--; } printf("\n"); } else { printf("none\n"); } } /* loop over streams in session, printing the policy of each */ stream = srtp->stream_list; while (stream != NULL) { if (stream->rtp_services > sec_serv_conf_and_auth) { return srtp_err_status_bad_param; } session_keys = &stream->session_keys[0]; printf("# SSRC: 0x%08x\r\n" "# rtp cipher: %s\r\n" "# rtp auth: %s\r\n" "# rtp services: %s\r\n" "# rtcp cipher: %s\r\n" "# rtcp auth: %s\r\n" "# rtcp services: %s\r\n" "# window size: %lu\r\n" "# tx rtx allowed:%s\r\n", stream->ssrc, session_keys->rtp_cipher->type->description, session_keys->rtp_auth->type->description, serv_descr[stream->rtp_services], session_keys->rtcp_cipher->type->description, session_keys->rtcp_auth->type->description, serv_descr[stream->rtcp_services], srtp_rdbx_get_window_size(&stream->rtp_rdbx), stream->allow_repeat_tx ? "true" : "false"); printf("# Encrypted extension headers: "); if (stream->enc_xtn_hdr && stream->enc_xtn_hdr_count > 0) { int* enc_xtn_hdr = stream->enc_xtn_hdr; int count = stream->enc_xtn_hdr_count; while (count > 0) { printf("%d ", *enc_xtn_hdr); enc_xtn_hdr++; count--; } printf("\n"); } else { printf("none\n"); } /* advance to next stream in the list */ stream = stream->next; } return srtp_err_status_ok; } srtp_err_status_t srtp_print_policy (const srtp_policy_t *policy) { srtp_err_status_t status; srtp_t session; status = srtp_create(&session, policy); if (status) { return status; } status = srtp_session_print_policy(session); if (status) { return status; } status = srtp_dealloc(session); if (status) { return status; } return srtp_err_status_ok; } /* * srtp_print_packet(...) is for debugging only * it prints an RTP packet to the stdout * * note that this function is *not* threadsafe */ #include <stdio.h> #define MTU 2048 char packet_string[MTU]; char * srtp_packet_to_string (srtp_hdr_t *hdr, int pkt_octet_len) { int octets_in_rtp_header = 12; uint8_t *data = ((uint8_t*)hdr) + octets_in_rtp_header; int hex_len = pkt_octet_len - octets_in_rtp_header; /* sanity checking */ if ((hdr == NULL) || (pkt_octet_len > MTU)) { return NULL; } /* write packet into string */ sprintf(packet_string, "(s)rtp packet: {\n" " version:\t%d\n" " p:\t\t%d\n" " x:\t\t%d\n" " cc:\t\t%d\n" " m:\t\t%d\n" " pt:\t\t%x\n" " seq:\t\t%x\n" " ts:\t\t%x\n" " ssrc:\t%x\n" " data:\t%s\n" "} (%d octets in total)\n", hdr->version, hdr->p, hdr->x, hdr->cc, hdr->m, hdr->pt, hdr->seq, hdr->ts, hdr->ssrc, octet_string_hex_string(data, hex_len), pkt_octet_len); return packet_string; } /* * mips_estimate() is a simple function to estimate the number of * instructions per second that the host can perform. note that this * function can be grossly wrong; you may want to have a manual sanity * check of its output! * * the 'ignore' pointer is there to convince the compiler to not just * optimize away the function */ double mips_estimate (int num_trials, int *ignore) { clock_t t; volatile int i, sum; sum = 0; t = clock(); for (i = 0; i < num_trials; i++) { sum += i; } t = clock() - t; /* printf("%d\n", sum); */ *ignore = sum; return (double)num_trials * CLOCKS_PER_SEC / t; } /* * srtp_validate() verifies the correctness of libsrtp by comparing * some computed packets against some pre-computed reference values. * These packets were made with the default SRTP policy. */ srtp_err_status_t srtp_validate () { uint8_t srtp_plaintext_ref[28] = { 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab }; uint8_t srtp_plaintext[38] = { 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t srtp_ciphertext[38] = { 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0x4e, 0x55, 0xdc, 0x4c, 0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15, 0x94, 0x9d, 0x24, 0x02, 0xb7, 0x8d, 0x6a, 0xcc, 0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb }; uint8_t rtcp_plaintext_ref[24] = { 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, }; uint8_t rtcp_plaintext[38] = { 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t srtcp_ciphertext[38] = { 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe, 0x71, 0x28, 0x03, 0x5b, 0xe4, 0x87, 0xb9, 0xbd, 0xbe, 0xf8, 0x90, 0x41, 0xf9, 0x77, 0xa5, 0xa8, 0x80, 0x00, 0x00, 0x01, 0x99, 0x3e, 0x08, 0xcd, 0x54, 0xd6, 0xc1, 0x23, 0x07, 0x98 }; srtp_t srtp_snd, srtp_recv; srtp_err_status_t status; int len; srtp_policy_t policy; /* * create a session with a single stream using the default srtp * policy and with the SSRC value 0xcafebabe */ memset(&policy, 0, sizeof(policy)); srtp_crypto_policy_set_rtp_default(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key; policy.ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; status = srtp_create(&srtp_snd, &policy); if (status) { return status; } /* * protect plaintext, then compare with ciphertext */ len = 28; status = srtp_protect(srtp_snd, srtp_plaintext, &len); if (status || (len != 38)) { return srtp_err_status_fail; } debug_print(mod_driver, "ciphertext:\n %s", octet_string_hex_string(srtp_plaintext, len)); debug_print(mod_driver, "ciphertext reference:\n %s", octet_string_hex_string(srtp_ciphertext, len)); if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) { return srtp_err_status_fail; } /* * protect plaintext rtcp, then compare with srtcp ciphertext */ len = 24; status = srtp_protect_rtcp(srtp_snd, rtcp_plaintext, &len); if (status || (len != 38)) { return srtp_err_status_fail; } debug_print(mod_driver, "srtcp ciphertext:\n %s", octet_string_hex_string(rtcp_plaintext, len)); debug_print(mod_driver, "srtcp ciphertext reference:\n %s", octet_string_hex_string(srtcp_ciphertext, len)); if (octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) { return srtp_err_status_fail; } /* * create a receiver session context comparable to the one created * above - we need to do this so that the replay checking doesn't * complain */ status = srtp_create(&srtp_recv, &policy); if (status) { return status; } /* * unprotect ciphertext, then compare with plaintext */ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len); if (status || (len != 28)) { return status; } if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) { return srtp_err_status_fail; } /* * unprotect srtcp ciphertext, then compare with rtcp plaintext */ len = 38; status = srtp_unprotect_rtcp(srtp_recv, srtcp_ciphertext, &len); if (status || (len != 24)) { return status; } if (octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) { return srtp_err_status_fail; } status = srtp_dealloc(srtp_snd); if (status) { return status; } status = srtp_dealloc(srtp_recv); if (status) { return status; } return srtp_err_status_ok; } #ifdef OPENSSL /* * srtp_validate_gcm() verifies the correctness of libsrtp by comparing * an computed packet against the known ciphertext for the plaintext. */ srtp_err_status_t srtp_validate_gcm () { unsigned char test_key_gcm[28] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab }; uint8_t rtp_plaintext_ref[28] = { 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab }; uint8_t rtp_plaintext[44] = { 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t srtp_ciphertext[44] = { 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xc5, 0x00, 0x2e, 0xde, 0x04, 0xcf, 0xdd, 0x2e, 0xb9, 0x11, 0x59, 0xe0, 0x88, 0x0a, 0xa0, 0x6e, 0xd2, 0x97, 0x68, 0x26, 0xf7, 0x96, 0xb2, 0x01, 0xdf, 0x31, 0x31, 0xa1, 0x27, 0xe8, 0xa3, 0x92 }; uint8_t rtcp_plaintext_ref[24] = { 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, }; uint8_t rtcp_plaintext[44] = { 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t srtcp_ciphertext[44] = { 0x81, 0xc8, 0x00, 0x0b, 0xca, 0xfe, 0xba, 0xbe, 0xc9, 0x8b, 0x8b, 0x5d, 0xf0, 0x39, 0x2a, 0x55, 0x85, 0x2b, 0x6c, 0x21, 0xac, 0x8e, 0x70, 0x25, 0xc5, 0x2c, 0x6f, 0xbe, 0xa2, 0xb3, 0xb4, 0x46, 0xea, 0x31, 0x12, 0x3b, 0xa8, 0x8c, 0xe6, 0x1e, 0x80, 0x00, 0x00, 0x01 }; srtp_t srtp_snd, srtp_recv; srtp_err_status_t status; int len; srtp_policy_t policy; /* * create a session with a single stream using the default srtp * policy and with the SSRC value 0xcafebabe */ memset(&policy, 0, sizeof(policy)); srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtp); srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy.rtcp); policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key_gcm; policy.ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; status = srtp_create(&srtp_snd, &policy); if (status) { return status; } /* * protect plaintext rtp, then compare with srtp ciphertext */ len = 28; status = srtp_protect(srtp_snd, rtp_plaintext, &len); if (status || (len != 44)) { return srtp_err_status_fail; } debug_print(mod_driver, "srtp ciphertext:\n %s", octet_string_hex_string(rtp_plaintext, len)); debug_print(mod_driver, "srtp ciphertext reference:\n %s", octet_string_hex_string(srtp_ciphertext, len)); if (octet_string_is_eq(rtp_plaintext, srtp_ciphertext, len)) { return srtp_err_status_fail; } /* * protect plaintext rtcp, then compare with srtcp ciphertext */ len = 24; status = srtp_protect_rtcp(srtp_snd, rtcp_plaintext, &len); if (status || (len != 44)) { return srtp_err_status_fail; } debug_print(mod_driver, "srtcp ciphertext:\n %s", octet_string_hex_string(rtcp_plaintext, len)); debug_print(mod_driver, "srtcp ciphertext reference:\n %s", octet_string_hex_string(srtcp_ciphertext, len)); if (octet_string_is_eq(rtcp_plaintext, srtcp_ciphertext, len)) { return srtp_err_status_fail; } /* * create a receiver session context comparable to the one created * above - we need to do this so that the replay checking doesn't * complain */ status = srtp_create(&srtp_recv, &policy); if (status) { return status; } /* * unprotect srtp ciphertext, then compare with rtp plaintext */ len = 44; status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len); if (status || (len != 28)) { return status; } if (octet_string_is_eq(srtp_ciphertext, rtp_plaintext_ref, len)) { return srtp_err_status_fail; } /* * unprotect srtcp ciphertext, then compare with rtcp plaintext */ len = 44; status = srtp_unprotect_rtcp(srtp_recv, srtcp_ciphertext, &len); if (status || (len != 24)) { return status; } if (octet_string_is_eq(srtcp_ciphertext, rtcp_plaintext_ref, len)) { return srtp_err_status_fail; } status = srtp_dealloc(srtp_snd); if (status) { return status; } status = srtp_dealloc(srtp_recv); if (status) { return status; } return srtp_err_status_ok; } #endif /* * Test vectors taken from RFC 6904, Appendix A */ srtp_err_status_t srtp_validate_encrypted_extensions_headers() { unsigned char test_key_ext_headers[30] = { 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0, 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39, 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb, 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6 }; uint8_t srtp_plaintext_ref[56] = { 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06, 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27, 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46, 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab }; uint8_t srtp_plaintext[66] = { 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06, 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27, 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46, 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t srtp_ciphertext[66] = { 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06, 0x17, 0x58, 0x8A, 0x92, 0x70, 0xF4, 0xE1, 0x5E, 0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x95, 0x46, 0xA9, 0x94, 0xF0, 0xBC, 0x54, 0x78, 0x97, 0x00, 0x4e, 0x55, 0xdc, 0x4c, 0xe7, 0x99, 0x78, 0xd8, 0x8c, 0xa4, 0xd2, 0x15, 0x94, 0x9d, 0x24, 0x02, 0x5a, 0x46, 0xb3, 0xca, 0x35, 0xc5, 0x35, 0xa8, 0x91, 0xc7 }; srtp_t srtp_snd, srtp_recv; srtp_err_status_t status; int len; srtp_policy_t policy; int headers[3] = {1, 3, 4}; /* * create a session with a single stream using the default srtp * policy and with the SSRC value 0xcafebabe */ memset(&policy, 0, sizeof(policy)); srtp_crypto_policy_set_rtp_default(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key_ext_headers; policy.ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.enc_xtn_hdr = headers; policy.enc_xtn_hdr_count = sizeof(headers) / sizeof(headers[0]); policy.next = NULL; status = srtp_create(&srtp_snd, &policy); if (status) return status; /* * protect plaintext, then compare with ciphertext */ len = sizeof(srtp_plaintext_ref); status = srtp_protect(srtp_snd, srtp_plaintext, &len); if (status || (len != sizeof(srtp_plaintext))) return srtp_err_status_fail; debug_print(mod_driver, "ciphertext:\n %s", srtp_octet_string_hex_string(srtp_plaintext, len)); debug_print(mod_driver, "ciphertext reference:\n %s", srtp_octet_string_hex_string(srtp_ciphertext, len)); if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) return srtp_err_status_fail; /* * create a receiver session context comparable to the one created * above - we need to do this so that the replay checking doesn't * complain */ status = srtp_create(&srtp_recv, &policy); if (status) return status; /* * unprotect ciphertext, then compare with plaintext */ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len); if (status) { return status; } else if (len != sizeof(srtp_plaintext_ref)) { return srtp_err_status_fail; } if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) return srtp_err_status_fail; status = srtp_dealloc(srtp_snd); if (status) return status; status = srtp_dealloc(srtp_recv); if (status) return status; return srtp_err_status_ok; } #ifdef OPENSSL /* * Headers of test vectors taken from RFC 6904, Appendix A */ srtp_err_status_t srtp_validate_encrypted_extensions_headers_gcm() { unsigned char test_key_ext_headers[30] = { 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0, 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39, 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb, 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6 }; uint8_t srtp_plaintext_ref[56] = { 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06, 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27, 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46, 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab }; uint8_t srtp_plaintext[64] = { 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06, 0x17, 0x41, 0x42, 0x73, 0xA4, 0x75, 0x26, 0x27, 0x48, 0x22, 0x00, 0x00, 0xC8, 0x30, 0x8E, 0x46, 0x55, 0x99, 0x63, 0x86, 0xB3, 0x95, 0xFB, 0x00, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t srtp_ciphertext[64] = { 0x90, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xBE, 0xDE, 0x00, 0x06, 0x17, 0x12, 0xe0, 0x20, 0x5b, 0xfa, 0x94, 0x9b, 0x1C, 0x22, 0x00, 0x00, 0xC8, 0x30, 0xbb, 0x46, 0x73, 0x27, 0x78, 0xd9, 0x92, 0x9a, 0xab, 0x00, 0x0e, 0xca, 0x0c, 0xf9, 0x5e, 0xe9, 0x55, 0xb2, 0x6c, 0xd3, 0xd2, 0x88, 0xb4, 0x9f, 0x6c, 0xa9, 0xf4, 0xb1, 0xb7, 0x59, 0x71, 0x9e, 0xb5, 0xbc }; srtp_t srtp_snd, srtp_recv; srtp_err_status_t status; int len; srtp_policy_t policy; int headers[3] = {1, 3, 4}; /* * create a session with a single stream using the default srtp * policy and with the SSRC value 0xcafebabe */ memset(&policy, 0, sizeof(policy)); srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp); srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp); policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key_ext_headers; policy.ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.enc_xtn_hdr = headers; policy.enc_xtn_hdr_count = sizeof(headers) / sizeof(headers[0]); policy.next = NULL; status = srtp_create(&srtp_snd, &policy); if (status) return status; /* * protect plaintext, then compare with ciphertext */ len = sizeof(srtp_plaintext_ref); status = srtp_protect(srtp_snd, srtp_plaintext, &len); if (status || (len != sizeof(srtp_plaintext))) return srtp_err_status_fail; debug_print(mod_driver, "ciphertext:\n %s", srtp_octet_string_hex_string(srtp_plaintext, len)); debug_print(mod_driver, "ciphertext reference:\n %s", srtp_octet_string_hex_string(srtp_ciphertext, len)); if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) return srtp_err_status_fail; /* * create a receiver session context comparable to the one created * above - we need to do this so that the replay checking doesn't * complain */ status = srtp_create(&srtp_recv, &policy); if (status) return status; /* * unprotect ciphertext, then compare with plaintext */ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len); if (status) { return status; } else if (len != sizeof(srtp_plaintext_ref)) { return srtp_err_status_fail; } if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) return srtp_err_status_fail; status = srtp_dealloc(srtp_snd); if (status) return status; status = srtp_dealloc(srtp_recv); if (status) return status; return srtp_err_status_ok; } #endif /* * srtp_validate_aes_256() verifies the correctness of libsrtp by comparing * some computed packets against some pre-computed reference values. * These packets were made with the AES-CM-256/HMAC-SHA-1-80 policy. */ srtp_err_status_t srtp_validate_aes_256 () { unsigned char aes_256_test_key[46] = { 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76, 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29, 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1, 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6, 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9, 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2 }; uint8_t srtp_plaintext_ref[28] = { 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab }; uint8_t srtp_plaintext[38] = { 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0xab, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; uint8_t srtp_ciphertext[38] = { 0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad, 0xca, 0xfe, 0xba, 0xbe, 0xf1, 0xd9, 0xde, 0x17, 0xff, 0x25, 0x1f, 0xf1, 0xaa, 0x00, 0x77, 0x74, 0xb0, 0xb4, 0xb4, 0x0d, 0xa0, 0x8d, 0x9d, 0x9a, 0x5b, 0x3a, 0x55, 0xd8, 0x87, 0x3b }; srtp_t srtp_snd, srtp_recv; srtp_err_status_t status; int len; srtp_policy_t policy; /* * create a session with a single stream using the default srtp * policy and with the SSRC value 0xcafebabe */ memset(&policy, 0, sizeof(policy)); srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp); srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtcp); policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = aes_256_test_key; policy.ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; status = srtp_create(&srtp_snd, &policy); if (status) { return status; } /* * protect plaintext, then compare with ciphertext */ len = 28; status = srtp_protect(srtp_snd, srtp_plaintext, &len); if (status || (len != 38)) { return srtp_err_status_fail; } debug_print(mod_driver, "ciphertext:\n %s", octet_string_hex_string(srtp_plaintext, len)); debug_print(mod_driver, "ciphertext reference:\n %s", octet_string_hex_string(srtp_ciphertext, len)); if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len)) { return srtp_err_status_fail; } /* * create a receiver session context comparable to the one created * above - we need to do this so that the replay checking doesn't * complain */ status = srtp_create(&srtp_recv, &policy); if (status) { return status; } /* * unprotect ciphertext, then compare with plaintext */ status = srtp_unprotect(srtp_recv, srtp_ciphertext, &len); if (status || (len != 28)) { return status; } if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len)) { return srtp_err_status_fail; } status = srtp_dealloc(srtp_snd); if (status) { return status; } status = srtp_dealloc(srtp_recv); if (status) { return status; } return srtp_err_status_ok; } srtp_err_status_t srtp_create_big_policy (srtp_policy_t **list) { extern const srtp_policy_t *policy_array[]; srtp_policy_t *p, *tmp; int i = 0; uint32_t ssrc = 0; /* sanity checking */ if ((list == NULL) || (policy_array[0] == NULL)) { return srtp_err_status_bad_param; } /* * loop over policy list, mallocing a new list and copying values * into it (and incrementing the SSRC value as we go along) */ tmp = NULL; while (policy_array[i] != NULL) { p = (srtp_policy_t*)malloc(sizeof(srtp_policy_t)); if (p == NULL) { return srtp_err_status_bad_param; } memcpy(p, policy_array[i], sizeof(srtp_policy_t)); p->ssrc.type = ssrc_specific; p->ssrc.value = ssrc++; p->next = tmp; tmp = p; i++; } *list = p; return srtp_err_status_ok; } srtp_err_status_t srtp_dealloc_big_policy (srtp_policy_t *list) { srtp_policy_t *p, *next; for (p = list; p != NULL; p = next) { next = p->next; free(p); } return srtp_err_status_ok; } srtp_err_status_t srtp_test_empty_payload() { srtp_t srtp_snd, srtp_recv; srtp_err_status_t status; int len; srtp_policy_t policy; srtp_hdr_t *mesg; /* * create a session with a single stream using the default srtp * policy and with the SSRC value 0xcafebabe */ memset(&policy, 0, sizeof(policy)); srtp_crypto_policy_set_rtp_default(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key; policy.ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; status = srtp_create(&srtp_snd, &policy); if (status) { return status; } mesg = srtp_create_test_packet(0, policy.ssrc.value); if (mesg == NULL) { return srtp_err_status_fail; } len = 12; /* only the header */ status = srtp_protect(srtp_snd, mesg, &len); if (status) { return status; } else if (len != 12 + 10) { return srtp_err_status_fail; } /* * create a receiver session context comparable to the one created * above - we need to do this so that the replay checking doesn't * complain */ status = srtp_create(&srtp_recv, &policy); if (status) { return status; } /* * unprotect ciphertext, then compare with plaintext */ status = srtp_unprotect(srtp_recv, mesg, &len); if (status) { return status; } else if (len != 12) { return srtp_err_status_fail; } status = srtp_dealloc(srtp_snd); if (status) { return status; } status = srtp_dealloc(srtp_recv); if (status) { return status; } free(mesg); return srtp_err_status_ok; } #ifdef OPENSSL srtp_err_status_t srtp_test_empty_payload_gcm() { srtp_t srtp_snd, srtp_recv; srtp_err_status_t status; int len; srtp_policy_t policy; srtp_hdr_t *mesg; /* * create a session with a single stream using the default srtp * policy and with the SSRC value 0xcafebabe */ memset(&policy, 0, sizeof(policy)); srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp); srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp); policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key; policy.ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; status = srtp_create(&srtp_snd, &policy); if (status) { return status; } mesg = srtp_create_test_packet(0, policy.ssrc.value); if (mesg == NULL) { return srtp_err_status_fail; } len = 12; /* only the header */ status = srtp_protect(srtp_snd, mesg, &len); if (status) { return status; } else if (len != 12 + 8) { return srtp_err_status_fail; } /* * create a receiver session context comparable to the one created * above - we need to do this so that the replay checking doesn't * complain */ status = srtp_create(&srtp_recv, &policy); if (status) { return status; } /* * unprotect ciphertext, then compare with plaintext */ status = srtp_unprotect(srtp_recv, mesg, &len); if (status) { return status; } else if (len != 12) { return srtp_err_status_fail; } status = srtp_dealloc(srtp_snd); if (status) { return status; } status = srtp_dealloc(srtp_recv); if (status) { return status; } free(mesg); return srtp_err_status_ok; } #endif // OPENSSL srtp_err_status_t srtp_test_remove_stream () { srtp_err_status_t status; srtp_policy_t *policy_list, policy; srtp_t session; srtp_stream_t stream; /* * srtp_get_stream() is a libSRTP internal function that we declare * here so that we can use it to verify the correct operation of the * library */ extern srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc); status = srtp_create_big_policy(&policy_list); if (status) { return status; } status = srtp_create(&session, policy_list); if (status) { return status; } /* * check for false positives by trying to remove a stream that's not * in the session */ status = srtp_remove_stream(session, htonl(0xaaaaaaaa)); if (status != srtp_err_status_no_ctx) { return srtp_err_status_fail; } /* * check for false negatives by removing stream 0x1, then * searching for streams 0x0 and 0x2 */ status = srtp_remove_stream(session, htonl(0x1)); if (status != srtp_err_status_ok) { return srtp_err_status_fail; } stream = srtp_get_stream(session, htonl(0x0)); if (stream == NULL) { return srtp_err_status_fail; } stream = srtp_get_stream(session, htonl(0x2)); if (stream == NULL) { return srtp_err_status_fail; } status = srtp_dealloc(session); if (status != srtp_err_status_ok) { return status; } status = srtp_dealloc_big_policy(policy_list); if (status != srtp_err_status_ok) { return status; } /* Now test adding and removing a single stream */ memset(&policy, 0, sizeof(policy)); srtp_crypto_policy_set_rtp_default(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key; policy.ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; status = srtp_create(&session, NULL); if (status != srtp_err_status_ok) { return status; } status = srtp_add_stream(session, &policy); if (status != srtp_err_status_ok) { return status; } status = srtp_remove_stream(session, htonl(0xcafebabe)); if (status != srtp_err_status_ok) { return status; } status = srtp_dealloc(session); if (status != srtp_err_status_ok) { return status; } return srtp_err_status_ok; } unsigned char test_alt_key[46] = { 0xe5, 0x19, 0x6f, 0x01, 0x5e, 0xf1, 0x9b, 0xe1, 0xd7, 0x47, 0xa7, 0x27, 0x07, 0xd7, 0x47, 0x33, 0x01, 0xc2, 0x35, 0x4d, 0x59, 0x6a, 0xf7, 0x84, 0x96, 0x98, 0xeb, 0xaa, 0xac, 0xf6, 0xa1, 0x45, 0xc7, 0x15, 0xe2, 0xea, 0xfe, 0x55, 0x67, 0x96, 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6 }; /* * srtp_test_update() verifies updating/rekeying exsisting streams. * As stated in https://tools.ietf.org/html/rfc3711#section-3.3.1 * the value of the ROC must not be reset after a rekey, this test * atempts to prove that srtp_update does not reset the ROC. */ srtp_err_status_t srtp_test_update() { srtp_err_status_t status; uint32_t ssrc = 0x12121212; int msg_len_octets = 32; int protected_msg_len_octets; srtp_hdr_t * msg; srtp_t srtp_snd, srtp_recv; srtp_policy_t policy; memset(&policy, 0, sizeof(policy)); srtp_crypto_policy_set_rtp_default(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); policy.ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; policy.ssrc.type = ssrc_any_outbound; policy.key = test_key; /* create a send and recive ctx with defualt profile and test_key */ status = srtp_create(&srtp_recv, &policy); if (status) return status; policy.ssrc.type = ssrc_any_inbound; status = srtp_create(&srtp_snd, &policy); if (status) return status; /* protect and unprotect two msg's that will cause the ROC to be equal to 1 */ msg = srtp_create_test_packet(msg_len_octets, ssrc); if (msg == NULL) return srtp_err_status_alloc_fail; msg->seq = htons(65535); protected_msg_len_octets = msg_len_octets; status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); if (status) return srtp_err_status_fail; status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); if (status) return status; free(msg); msg = srtp_create_test_packet(msg_len_octets, ssrc); if (msg == NULL) return srtp_err_status_alloc_fail; msg->seq = htons(1); protected_msg_len_octets = msg_len_octets; status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); if (status) return srtp_err_status_fail; status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); if (status) return status; free(msg); /* update send ctx with same test_key t verify update works*/ policy.ssrc.type = ssrc_any_outbound; policy.key = test_key; status = srtp_update(srtp_snd, &policy); if (status) return status; msg = srtp_create_test_packet(msg_len_octets, ssrc); if (msg == NULL) return srtp_err_status_alloc_fail; msg->seq = htons(2); protected_msg_len_octets = msg_len_octets; status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); if (status) return srtp_err_status_fail; status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); if (status) return status; free(msg); /* update send ctx to use test_alt_key */ policy.ssrc.type = ssrc_any_outbound; policy.key = test_alt_key; status = srtp_update(srtp_snd, &policy); if (status) return status; /* create and protect msg with new key and ROC still equal to 1 */ msg = srtp_create_test_packet(msg_len_octets, ssrc); if (msg == NULL) return srtp_err_status_alloc_fail; msg->seq = htons(3); protected_msg_len_octets = msg_len_octets; status = srtp_protect(srtp_snd, msg, &protected_msg_len_octets); if (status) return srtp_err_status_fail; /* verify that recive ctx will fail to unprotect as it still uses test_key */ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); if (status == srtp_err_status_ok) return srtp_err_status_fail; /* create a new recvieve ctx with test_alt_key but since it is new it will have ROC equal to 1 * and therefore should fail to unprotected */ { srtp_t srtp_recv_roc_0; policy.ssrc.type = ssrc_any_inbound; policy.key = test_alt_key; status = srtp_create(&srtp_recv_roc_0, &policy); if (status) return status; status = srtp_unprotect(srtp_recv_roc_0, msg, &protected_msg_len_octets); if (status == srtp_err_status_ok) return srtp_err_status_fail; status = srtp_dealloc(srtp_recv_roc_0); if (status) return status; } /* update recive ctx to use test_alt_key */ policy.ssrc.type = ssrc_any_inbound; policy.key = test_alt_key; status = srtp_update(srtp_recv, &policy); if (status) return status; /* verify that can still unprotect, therfore key is updated and ROC value is preserved */ status = srtp_unprotect(srtp_recv, msg, &protected_msg_len_octets); if (status) return status; free(msg); status = srtp_dealloc(srtp_snd); if (status) return status; status = srtp_dealloc(srtp_recv); if (status) return status; return srtp_err_status_ok; } srtp_err_status_t srtp_test_setup_protect_trailer_streams(srtp_t *srtp_send, srtp_t *srtp_send_mki, srtp_t *srtp_send_aes_gcm, srtp_t *srtp_send_aes_gcm_mki) { srtp_err_status_t status; srtp_policy_t policy; srtp_policy_t policy_mki; #ifdef OPENSSL srtp_policy_t policy_aes_gcm; srtp_policy_t policy_aes_gcm_mki; #endif // OPENSSL memset(&policy, 0, sizeof(policy)); srtp_crypto_policy_set_rtp_default(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); policy.ekt = NULL; policy.window_size = 128; policy.allow_repeat_tx = 0; policy.next = NULL; policy.ssrc.type = ssrc_any_outbound; policy.key = test_key; memset(&policy_mki, 0, sizeof(policy_mki)); srtp_crypto_policy_set_rtp_default(&policy_mki.rtp); srtp_crypto_policy_set_rtcp_default(&policy_mki.rtcp); policy_mki.ekt = NULL; policy_mki.window_size = 128; policy_mki.allow_repeat_tx = 0; policy_mki.next = NULL; policy_mki.ssrc.type = ssrc_any_outbound; policy_mki.key = NULL; policy_mki.keys = test_keys; policy_mki.num_master_keys = 2; #ifdef OPENSSL memset(&policy_aes_gcm, 0, sizeof(policy_aes_gcm)); srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtp); srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm.rtcp); policy_aes_gcm.ekt = NULL; policy_aes_gcm.window_size = 128; policy_aes_gcm.allow_repeat_tx = 0; policy_aes_gcm.next = NULL; policy_aes_gcm.ssrc.type = ssrc_any_outbound; policy_aes_gcm.key = test_key; memset(&policy_aes_gcm_mki, 0, sizeof(policy_aes_gcm_mki)); srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtp); srtp_crypto_policy_set_aes_gcm_128_16_auth(&policy_aes_gcm_mki.rtcp); policy_aes_gcm_mki.ekt = NULL; policy_aes_gcm_mki.window_size = 128; policy_aes_gcm_mki.allow_repeat_tx = 0; policy_aes_gcm_mki.next = NULL; policy_aes_gcm_mki.ssrc.type = ssrc_any_outbound; policy_aes_gcm_mki.key = NULL; policy_aes_gcm_mki.keys = test_keys; policy_aes_gcm_mki.num_master_keys = 2; #endif /* create a send ctx with defualt profile and test_key */ status = srtp_create(srtp_send, &policy); if (status) return status; status = srtp_create(srtp_send_mki, &policy_mki); if (status) return status; #ifdef OPENSSL status = srtp_create(srtp_send_aes_gcm, &policy_aes_gcm); if (status) return status; status = srtp_create(srtp_send_aes_gcm_mki, &policy_aes_gcm_mki); if (status) return status; #endif //OPENSSL return srtp_err_status_ok; } srtp_err_status_t srtp_test_protect_trailer_length() { srtp_t srtp_send; srtp_t srtp_send_mki; srtp_t srtp_send_aes_gcm; srtp_t srtp_send_aes_gcm_mki; uint32_t length = 0; srtp_err_status_t status; srtp_test_setup_protect_trailer_streams(&srtp_send, &srtp_send_mki, &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki); status = srtp_get_protect_trailer_length(srtp_send, 0, 0, &length); if (status) return status; /* TAG Length: 10 bytes */ if (length != 10) return srtp_err_status_fail; status = srtp_get_protect_trailer_length(srtp_send_mki, 1, 1, &length); if (status) return status; /* TAG Length: 10 bytes + MKI length: 4 bytes*/ if (length != 14) return srtp_err_status_fail; #ifdef OPENSSL status = srtp_get_protect_trailer_length(srtp_send_aes_gcm, 0, 0, &length); if (status) return status; /* TAG Length: 16 bytes */ if (length != 16) return srtp_err_status_fail; status = srtp_get_protect_trailer_length(srtp_send_aes_gcm_mki, 1, 1, &length); if (status) return status; /* TAG Length: 16 bytes + MKI length: 4 bytes*/ if (length != 20) return srtp_err_status_fail; #endif //OPENSSL return srtp_err_status_ok; } srtp_err_status_t srtp_test_protect_rtcp_trailer_length() { srtp_t srtp_send; srtp_t srtp_send_mki; srtp_t srtp_send_aes_gcm; srtp_t srtp_send_aes_gcm_mki; uint32_t length = 0; srtp_err_status_t status; srtp_test_setup_protect_trailer_streams(&srtp_send, &srtp_send_mki, &srtp_send_aes_gcm, &srtp_send_aes_gcm_mki); status = srtp_get_protect_rtcp_trailer_length(srtp_send, 0, 0, &length); if (status) return status; /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes*/ if (length != 14) return srtp_err_status_fail; status = srtp_get_protect_rtcp_trailer_length(srtp_send_mki, 1, 1, &length); if (status) return status; /* TAG Length: 10 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/ if (length != 18) return srtp_err_status_fail; #ifdef OPENSSL status = srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm, 0, 0, &length); if (status) return status; /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes*/ if (length != 20) return srtp_err_status_fail; status = srtp_get_protect_rtcp_trailer_length(srtp_send_aes_gcm_mki, 1, 1, &length); if (status) return status; /* TAG Length: 16 bytes + SRTCP Trailer 4 bytes + MKI 4 bytes*/ if (length != 24) return srtp_err_status_fail; #endif //OPENSSL return srtp_err_status_ok; } srtp_err_status_t srtp_test_get_roc() { srtp_err_status_t status; srtp_policy_t policy; srtp_t session; srtp_hdr_t *pkt; uint32_t i; uint32_t roc; uint32_t ts; uint16_t seq; int msg_len_octets = 32; int protected_msg_len_octets; memset(&policy, 0, sizeof(policy)); srtp_crypto_policy_set_rtp_default(&policy.rtp); srtp_crypto_policy_set_rtcp_default(&policy.rtcp); policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xcafebabe; policy.key = test_key; policy.window_size = 128; /* Create a sender session */ status = srtp_create(&session, &policy); if (status) { return status; } /* Set start sequence so we roll over */ seq = 65535; ts = 0; for (i = 0; i < 2; i++) { pkt = srtp_create_test_packet_extended(msg_len_octets, policy.ssrc.value, seq, ts); protected_msg_len_octets = msg_len_octets; status = srtp_protect(session, pkt, &protected_msg_len_octets); free(pkt); if (status) { return status; } status = srtp_get_stream_roc(session, policy.ssrc.value, &roc); if (status) { return status; } if (roc != i) { return srtp_err_status_fail; } seq++; ts++; } /* Cleanup */ status = srtp_dealloc(session); if (status) { return status; } return srtp_err_status_ok; } static srtp_err_status_t test_set_receiver_roc(uint32_t packets, uint32_t roc_to_set) { srtp_err_status_t status; srtp_policy_t sender_policy; srtp_t sender_session; srtp_policy_t receiver_policy; srtp_t receiver_session; srtp_hdr_t *pkt_1; unsigned char *recv_pkt_1; srtp_hdr_t *pkt_2; unsigned char *recv_pkt_2; uint32_t i; uint32_t ts; uint16_t seq; int msg_len_octets = 32; int protected_msg_len_octets_1; int protected_msg_len_octets_2; /* Create sender */ memset(&sender_policy, 0, sizeof(sender_policy)); srtp_crypto_policy_set_rtp_default(&sender_policy.rtp); srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp); sender_policy.ssrc.type = ssrc_specific; sender_policy.ssrc.value = 0xcafebabe; sender_policy.key = test_key; sender_policy.window_size = 128; status = srtp_create(&sender_session, &sender_policy); if (status) { return status; } /* Create and protect packets */ seq = 0; ts = 0; for (i = 0; i < packets; i++) { srtp_hdr_t *tmp_pkt; int tmp_len; tmp_pkt = srtp_create_test_packet_extended(msg_len_octets, sender_policy.ssrc.value, seq, ts); tmp_len = msg_len_octets; status = srtp_protect(sender_session, tmp_pkt, &tmp_len); free(tmp_pkt); if (status) { return status; } seq++; ts++; } /* Create the first packet to decrypt and test for ROC change */ pkt_1 = srtp_create_test_packet_extended(msg_len_octets, sender_policy.ssrc.value, seq, ts); protected_msg_len_octets_1 = msg_len_octets; status = srtp_protect(sender_session, pkt_1, &protected_msg_len_octets_1); if (status) { return status; } /* Create the second packet to decrypt and test for ROC change */ seq++; ts++; pkt_2 = srtp_create_test_packet_extended(msg_len_octets, sender_policy.ssrc.value, seq, ts); protected_msg_len_octets_2 = msg_len_octets; status = srtp_protect(sender_session, pkt_2, &protected_msg_len_octets_2); if (status) { return status; } /* Create the receiver */ memset(&receiver_policy, 0, sizeof(receiver_policy)); srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp); srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp); receiver_policy.ssrc.type = ssrc_specific; receiver_policy.ssrc.value = sender_policy.ssrc.value; receiver_policy.key = test_key; receiver_policy.window_size = 128; status = srtp_create(&receiver_session, &receiver_policy); if (status) { return status; } /* Make a copy of the first sent protected packet */ recv_pkt_1 = malloc(protected_msg_len_octets_1); if (recv_pkt_1 == NULL) { return srtp_err_status_fail; } memcpy(recv_pkt_1, pkt_1, protected_msg_len_octets_1); /* Make a copy of the second sent protected packet */ recv_pkt_2 = malloc(protected_msg_len_octets_2); if (recv_pkt_2 == NULL) { return srtp_err_status_fail; } memcpy(recv_pkt_2, pkt_2, protected_msg_len_octets_2); /* Set the ROC to the wanted value */ status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value, roc_to_set); if (status) { return status; } /* Unprotect the first packet */ status = srtp_unprotect(receiver_session, recv_pkt_1, &protected_msg_len_octets_1); if (status) { return status; } /* Unprotect the second packet */ status = srtp_unprotect(receiver_session, recv_pkt_2, &protected_msg_len_octets_2); if (status) { return status; } /* Cleanup */ status = srtp_dealloc(sender_session); if (status) { return status; } status = srtp_dealloc(receiver_session); if (status) { return status; } free(pkt_1); free(recv_pkt_1); free(pkt_2); free(recv_pkt_2); return srtp_err_status_ok; } static srtp_err_status_t test_set_sender_roc(uint16_t seq, uint32_t roc_to_set) { srtp_err_status_t status; srtp_policy_t sender_policy; srtp_t sender_session; srtp_policy_t receiver_policy; srtp_t receiver_session; srtp_hdr_t *pkt; unsigned char *recv_pkt; uint32_t ts; int msg_len_octets = 32; int protected_msg_len_octets; /* Create sender */ memset(&sender_policy, 0, sizeof(sender_policy)); srtp_crypto_policy_set_rtp_default(&sender_policy.rtp); srtp_crypto_policy_set_rtcp_default(&sender_policy.rtcp); sender_policy.ssrc.type = ssrc_specific; sender_policy.ssrc.value = 0xcafebabe; sender_policy.key = test_key; sender_policy.window_size = 128; status = srtp_create(&sender_session, &sender_policy); if (status) { return status; } /* Set the ROC before encrypting the first packet */ status = srtp_set_stream_roc(sender_session, sender_policy.ssrc.value, roc_to_set); if (status != srtp_err_status_ok) { return status; } /* Create the packet to decrypt */ ts = 0; pkt = srtp_create_test_packet_extended(msg_len_octets, sender_policy.ssrc.value, seq, ts); protected_msg_len_octets = msg_len_octets; status = srtp_protect(sender_session, pkt, &protected_msg_len_octets); if (status) { return status; } /* Create the receiver */ memset(&receiver_policy, 0, sizeof(receiver_policy)); srtp_crypto_policy_set_rtp_default(&receiver_policy.rtp); srtp_crypto_policy_set_rtcp_default(&receiver_policy.rtcp); receiver_policy.ssrc.type = ssrc_specific; receiver_policy.ssrc.value = sender_policy.ssrc.value; receiver_policy.key = test_key; receiver_policy.window_size = 128; status = srtp_create(&receiver_session, &receiver_policy); if (status) { return status; } /* Make a copy of the sent protected packet */ recv_pkt = malloc(protected_msg_len_octets); if (recv_pkt == NULL) { return srtp_err_status_fail; } memcpy(recv_pkt, pkt, protected_msg_len_octets); /* Set the ROC to the wanted value */ status = srtp_set_stream_roc(receiver_session, receiver_policy.ssrc.value, roc_to_set); if (status) { return status; } status = srtp_unprotect(receiver_session, recv_pkt, &protected_msg_len_octets); if (status) { return status; } /* Cleanup */ status = srtp_dealloc(sender_session); if (status) { return status; } status = srtp_dealloc(receiver_session); if (status) { return status; } free(pkt); free(recv_pkt); return srtp_err_status_ok; } srtp_err_status_t srtp_test_set_receiver_roc() { int packets; uint32_t roc; srtp_err_status_t status; /* First test does not rollover */ packets = 1; roc = 0; status = test_set_receiver_roc(packets - 1, roc); if (status) { return status; } status = test_set_receiver_roc(packets, roc); if (status) { return status; } status = test_set_receiver_roc(packets + 1, roc); if (status) { return status; } status = test_set_receiver_roc(packets + 60000, roc); if (status) { return status; } /* Second test should rollover */ packets = 65535; roc = 0; status = test_set_receiver_roc(packets - 1, roc); if (status) { return status; } status = test_set_receiver_roc(packets, roc); if (status) { return status; } /* Now the rollover counter should be 1 */ roc = 1; status = test_set_receiver_roc(packets + 1, roc); if (status) { return status; } status = test_set_receiver_roc(packets + 60000, roc); if (status) { return status; } return srtp_err_status_ok; } srtp_err_status_t srtp_test_set_sender_roc() { uint32_t roc; uint16_t seq; srtp_err_status_t status; seq = 43210; roc = 0; status = test_set_sender_roc(seq, roc); if (status) { return status; } roc = 65535; status = test_set_sender_roc(seq, roc); if (status) { return status; } roc = 0xffff; status = test_set_sender_roc(seq, roc); if (status) { return status; } roc = 0xffff00; status = test_set_sender_roc(seq, roc); if (status) { return status; } roc = 0xfffffff0; status = test_set_sender_roc(seq, roc); if (status) { return status; } return srtp_err_status_ok; } /* * srtp policy definitions - these definitions are used above */ unsigned char test_key[46] = { 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0, 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39, 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb, 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6, 0xc1, 0x73, 0xc3, 0x17, 0xf2, 0xda, 0xbe, 0x35, 0x77, 0x93, 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6 }; unsigned char test_key_2[46] = { 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76, 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29, 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1, 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6, 0xc3, 0x17, 0xf2, 0xda, 0xbe, 0x35, 0x77, 0x93, 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6 }; unsigned char test_mki_id[TEST_MKI_ID_SIZE] = { 0xe1, 0xf9, 0x7a, 0x0d }; unsigned char test_mki_id_2[TEST_MKI_ID_SIZE] = { 0xf3, 0xa1, 0x46, 0x71 }; const srtp_policy_t default_policy = { { ssrc_any_outbound, 0 }, /* SSRC */ { /* SRTP policy */ SRTP_AES_ICM_128, /* cipher type */ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_HMAC_SHA1, /* authentication func type */ 16, /* auth key length in octets */ 10, /* auth tag length in octets */ sec_serv_conf_and_auth /* security services flag */ }, { /* SRTCP policy */ SRTP_AES_ICM_128, /* cipher type */ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_HMAC_SHA1, /* authentication func type */ 16, /* auth key length in octets */ 10, /* auth tag length in octets */ sec_serv_conf_and_auth /* security services flag */ }, NULL, (srtp_master_key_t **)test_keys, 2, /* indicates the number of Master keys */ NULL, /* indicates that EKT is not in use */ 128, /* replay window size */ 0, /* retransmission not allowed */ NULL, /* no encrypted extension headers */ 0, /* list of encrypted extension headers is empty */ NULL }; const srtp_policy_t aes_only_policy = { { ssrc_any_outbound, 0 }, /* SSRC */ { SRTP_AES_ICM_128, /* cipher type */ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_NULL_AUTH, /* authentication func type */ 0, /* auth key length in octets */ 0, /* auth tag length in octets */ sec_serv_conf /* security services flag */ }, { SRTP_AES_ICM_128, /* cipher type */ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_NULL_AUTH, /* authentication func type */ 0, /* auth key length in octets */ 0, /* auth tag length in octets */ sec_serv_conf /* security services flag */ }, NULL, (srtp_master_key_t **)test_keys, 2, /* indicates the number of Master keys */ NULL, /* indicates that EKT is not in use */ 128, /* replay window size */ 0, /* retransmission not allowed */ NULL, /* no encrypted extension headers */ 0, /* list of encrypted extension headers is empty */ NULL }; const srtp_policy_t hmac_only_policy = { { ssrc_any_outbound, 0 }, /* SSRC */ { SRTP_NULL_CIPHER, /* cipher type */ 0, /* cipher key length in octets */ SRTP_HMAC_SHA1, /* authentication func type */ 20, /* auth key length in octets */ 4, /* auth tag length in octets */ sec_serv_auth /* security services flag */ }, { SRTP_NULL_CIPHER, /* cipher type */ 0, /* cipher key length in octets */ SRTP_HMAC_SHA1, /* authentication func type */ 20, /* auth key length in octets */ 4, /* auth tag length in octets */ sec_serv_auth /* security services flag */ }, NULL, (srtp_master_key_t **)test_keys, 2, /* Number of Master keys associated with the policy */ NULL, /* indicates that EKT is not in use */ 128, /* replay window size */ 0, /* retransmission not allowed */ NULL, /* no encrypted extension headers */ 0, /* list of encrypted extension headers is empty */ NULL }; #ifdef OPENSSL const srtp_policy_t aes128_gcm_8_policy = { { ssrc_any_outbound, 0 }, /* SSRC */ { /* SRTP policy */ SRTP_AES_GCM_128, /* cipher type */ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_NULL_AUTH, /* authentication func type */ 0, /* auth key length in octets */ 8, /* auth tag length in octets */ sec_serv_conf_and_auth /* security services flag */ }, { /* SRTCP policy */ SRTP_AES_GCM_128, /* cipher type */ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_NULL_AUTH, /* authentication func type */ 0, /* auth key length in octets */ 8, /* auth tag length in octets */ sec_serv_conf_and_auth /* security services flag */ }, NULL, (srtp_master_key_t **)test_keys, 2, /* indicates the number of Master keys */ NULL, /* indicates that EKT is not in use */ 128, /* replay window size */ 0, /* retransmission not allowed */ NULL, /* no encrypted extension headers */ 0, /* list of encrypted extension headers is empty */ NULL }; const srtp_policy_t aes128_gcm_8_cauth_policy = { { ssrc_any_outbound, 0 }, /* SSRC */ { /* SRTP policy */ SRTP_AES_GCM_128, /* cipher type */ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_NULL_AUTH, /* authentication func type */ 0, /* auth key length in octets */ 8, /* auth tag length in octets */ sec_serv_conf_and_auth /* security services flag */ }, { /* SRTCP policy */ SRTP_AES_GCM_128, /* cipher type */ SRTP_AES_GCM_128_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_NULL_AUTH, /* authentication func type */ 0, /* auth key length in octets */ 8, /* auth tag length in octets */ sec_serv_auth /* security services flag */ }, NULL, (srtp_master_key_t **)test_keys, 2, /* indicates the number of Master keys */ NULL, /* indicates that EKT is not in use */ 128, /* replay window size */ 0, /* retransmission not allowed */ NULL, /* no encrypted extension headers */ 0, /* list of encrypted extension headers is empty */ NULL }; const srtp_policy_t aes256_gcm_8_policy = { { ssrc_any_outbound, 0 }, /* SSRC */ { /* SRTP policy */ SRTP_AES_GCM_256, /* cipher type */ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_NULL_AUTH, /* authentication func type */ 0, /* auth key length in octets */ 8, /* auth tag length in octets */ sec_serv_conf_and_auth /* security services flag */ }, { /* SRTCP policy */ SRTP_AES_GCM_256, /* cipher type */ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_NULL_AUTH, /* authentication func type */ 0, /* auth key length in octets */ 8, /* auth tag length in octets */ sec_serv_conf_and_auth /* security services flag */ }, NULL, (srtp_master_key_t **)test_keys, 2, /* indicates the number of Master keys */ NULL, /* indicates that EKT is not in use */ 128, /* replay window size */ 0, /* retransmission not allowed */ NULL, /* no encrypted extension headers */ 0, /* list of encrypted extension headers is empty */ NULL }; const srtp_policy_t aes256_gcm_8_cauth_policy = { { ssrc_any_outbound, 0 }, /* SSRC */ { /* SRTP policy */ SRTP_AES_GCM_256, /* cipher type */ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_NULL_AUTH, /* authentication func type */ 0, /* auth key length in octets */ 8, /* auth tag length in octets */ sec_serv_conf_and_auth /* security services flag */ }, { /* SRTCP policy */ SRTP_AES_GCM_256, /* cipher type */ SRTP_AES_GCM_256_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_NULL_AUTH, /* authentication func type */ 0, /* auth key length in octets */ 8, /* auth tag length in octets */ sec_serv_auth /* security services flag */ }, NULL, (srtp_master_key_t **)test_keys, 2, /* indicates the number of Master keys */ NULL, /* indicates that EKT is not in use */ 128, /* replay window size */ 0, /* retransmission not allowed */ NULL, /* no encrypted extension headers */ 0, /* list of encrypted extension headers is empty */ NULL }; #endif const srtp_policy_t null_policy = { { ssrc_any_outbound, 0 }, /* SSRC */ { SRTP_NULL_CIPHER, /* cipher type */ 0, /* cipher key length in octets */ SRTP_NULL_AUTH, /* authentication func type */ 0, /* auth key length in octets */ 0, /* auth tag length in octets */ sec_serv_none /* security services flag */ }, { SRTP_NULL_CIPHER, /* cipher type */ 0, /* cipher key length in octets */ SRTP_NULL_AUTH, /* authentication func type */ 0, /* auth key length in octets */ 0, /* auth tag length in octets */ sec_serv_none /* security services flag */ }, NULL, (srtp_master_key_t **)test_keys, 2, /* indicates the number of Master keys */ NULL, /* indicates that EKT is not in use */ 128, /* replay window size */ 0, /* retransmission not allowed */ NULL, /* no encrypted extension headers */ 0, /* list of encrypted extension headers is empty */ NULL }; unsigned char test_256_key[46] = { 0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76, 0x3a, 0x1b, 0x1f, 0xa1, 0x30, 0xf1, 0x0e, 0x29, 0x98, 0xf6, 0xf6, 0xe4, 0x3e, 0x43, 0x09, 0xd1, 0xe6, 0x22, 0xa0, 0xe3, 0x32, 0xb9, 0xf1, 0xb6, 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9, 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2 }; unsigned char test_256_key_2[46] = { 0xe1, 0xf9, 0x7a, 0x0d, 0x3e, 0x01, 0x8b, 0xe0, 0xd6, 0x4f, 0xa3, 0x2c, 0x06, 0xde, 0x41, 0x39, 0x0e, 0xc6, 0x75, 0xad, 0x49, 0x8a, 0xfe, 0xeb, 0xb6, 0x96, 0x0b, 0x3a, 0xab, 0xe6, 0xc1, 0x73, 0x3b, 0x04, 0x80, 0x3d, 0xe5, 0x1e, 0xe7, 0xc9, 0x64, 0x23, 0xab, 0x5b, 0x78, 0xd2 }; srtp_master_key_t master_256_key_1 = { test_256_key, test_mki_id, TEST_MKI_ID_SIZE }; srtp_master_key_t master_256_key_2 = { test_256_key_2, test_mki_id_2, TEST_MKI_ID_SIZE }; srtp_master_key_t *test_256_keys[2] = { &master_key_1, &master_key_2 }; const srtp_policy_t aes_256_hmac_policy = { { ssrc_any_outbound, 0 }, /* SSRC */ { /* SRTP policy */ SRTP_AES_ICM_256, /* cipher type */ SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_HMAC_SHA1, /* authentication func type */ 20, /* auth key length in octets */ 10, /* auth tag length in octets */ sec_serv_conf_and_auth /* security services flag */ }, { /* SRTCP policy */ SRTP_AES_ICM_256, /* cipher type */ SRTP_AES_ICM_256_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_HMAC_SHA1, /* authentication func type */ 20, /* auth key length in octets */ 10, /* auth tag length in octets */ sec_serv_conf_and_auth /* security services flag */ }, NULL, (srtp_master_key_t **)test_256_keys, 2, /* indicates the number of Master keys */ NULL, /* indicates that EKT is not in use */ 128, /* replay window size */ 0, /* retransmission not allowed */ NULL, /* no encrypted extension headers */ 0, /* list of encrypted extension headers is empty */ NULL }; uint8_t ekt_test_key[16] = { 0x77, 0x26, 0x9d, 0xac, 0x16, 0xa3, 0x28, 0xca, 0x8e, 0xc9, 0x68, 0x4b, 0xcc, 0xc4, 0xd2, 0x1b }; #include "ekt.h" srtp_ekt_policy_ctx_t ekt_test_policy = { 0xa5a5, /* SPI */ SRTP_EKT_CIPHER_AES_128_ECB, ekt_test_key, NULL }; const srtp_policy_t hmac_only_with_ekt_policy = { { ssrc_any_outbound, 0 }, /* SSRC */ { SRTP_NULL_CIPHER, /* cipher type */ 0, /* cipher key length in octets */ SRTP_HMAC_SHA1, /* authentication func type */ 20, /* auth key length in octets */ 4, /* auth tag length in octets */ sec_serv_auth /* security services flag */ }, { SRTP_NULL_CIPHER, /* cipher type */ 0, /* cipher key length in octets */ SRTP_HMAC_SHA1, /* authentication func type */ 20, /* auth key length in octets */ 4, /* auth tag length in octets */ sec_serv_auth /* security services flag */ }, NULL, (srtp_master_key_t **)test_keys, 2, /* indicates the number of Master keys */ &ekt_test_policy, /* indicates that EKT is not in use */ 128, /* replay window size */ 0, /* retransmission not allowed */ NULL, /* no encrypted extension headers */ 0, /* list of encrypted extension headers is empty */ NULL }; /* * an array of pointers to the policies listed above * * This array is used to test various aspects of libSRTP for * different cryptographic policies. The order of the elements * matters - the timing test generates output that can be used * in a plot (see the gnuplot script file 'timing'). If you * add to this list, you should do it at the end. */ const srtp_policy_t * policy_array[] = { &hmac_only_policy, &aes_only_policy, &default_policy, #ifdef OPENSSL &aes128_gcm_8_policy, &aes128_gcm_8_cauth_policy, &aes256_gcm_8_policy, &aes256_gcm_8_cauth_policy, #endif &null_policy, &aes_256_hmac_policy, &hmac_only_with_ekt_policy, NULL }; const srtp_policy_t wildcard_policy = { { ssrc_any_outbound, 0 }, /* SSRC */ { /* SRTP policy */ SRTP_AES_ICM_128, /* cipher type */ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_HMAC_SHA1, /* authentication func type */ 16, /* auth key length in octets */ 10, /* auth tag length in octets */ sec_serv_conf_and_auth /* security services flag */ }, { /* SRTCP policy */ SRTP_AES_ICM_128, /* cipher type */ SRTP_AES_ICM_128_KEY_LEN_WSALT, /* cipher key length in octets */ SRTP_HMAC_SHA1, /* authentication func type */ 16, /* auth key length in octets */ 10, /* auth tag length in octets */ sec_serv_conf_and_auth /* security services flag */ }, test_key, NULL, 0, NULL, 128, /* replay window size */ 0, /* retransmission not allowed */ NULL, /* no encrypted extension headers */ 0, /* list of encrypted extension headers is empty */ NULL }; �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/test/test_srtp.c����������������������������������������������������������������������0000664�0000000�0000000�00000013322�13120311000�0016321�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * test_srtp.c * * Unit tests for internal srtp functions * * Cisco Systems, Inc. * */ /* * * Copyright (c) 2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ /* * Test specific. */ #include "cutest.h" /* * libSRTP specific. */ #include "../srtp/srtp.c" // Get access to static functions /* * Standard library. */ /* * Forward declarations for all tests. */ void srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output(void); void srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param(void); void srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number(void); /* * NULL terminated array of tests. * The first item in the array is a char[] which give some information about * what is being tested and is displayed to the user during runtime, the second * item is the test function. */ TEST_LIST = {{"srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output()", srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output}, {"srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param()", srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param}, {"srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number()", srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number}, {NULL} /* End of tests */}; /* * Implementation. */ void srtp_calc_aead_iv_srtcp_all_zero_input_yield_zero_output() { // Preconditions srtp_session_keys_t session_keys; v128_t init_vector; srtcp_hdr_t header; uint32_t sequence_num; // Postconditions srtp_err_status_t status; const v128_t zero_vector; memset((v128_t *)&zero_vector, 0, sizeof(v128_t)); // Given memset(&session_keys, 0, sizeof(srtp_session_keys_t)); memset(&init_vector, 0, sizeof(v128_t)); memset(&header, 0, sizeof(srtcp_hdr_t)); sequence_num = 0x0UL; // When status = srtp_calc_aead_iv_srtcp(&session_keys, &init_vector, sequence_num, &header); // Then TEST_CHECK(status == srtp_err_status_ok); TEST_CHECK(memcmp(&zero_vector, &init_vector, sizeof(v128_t)) == 0); } void srtp_calc_aead_iv_srtcp_seq_num_over_0x7FFFFFFF_bad_param() { // Preconditions srtp_session_keys_t session_keys; v128_t init_vector; srtcp_hdr_t header; uint32_t sequence_num; // Postconditions srtp_err_status_t status; // Given memset(&session_keys, 0, sizeof(srtp_session_keys_t)); memset(&init_vector, 0, sizeof(v128_t)); memset(&header, 0, sizeof(srtcp_hdr_t)); sequence_num = 0x7FFFFFFFUL + 0x1UL; // When status = srtp_calc_aead_iv_srtcp(&session_keys, &init_vector, sequence_num, &header); // Then TEST_CHECK(status == srtp_err_status_bad_param); } /* * Regression test for issue #256: * Srtcp IV calculation incorrectly masks high bit of sequence number for * little-endian platforms. * Ensure that for each valid sequence number where the most significant bit is * high that we get an expected and unique IV. */ void srtp_calc_aead_iv_srtcp_distinct_iv_per_sequence_number() { // Preconditions // Test each significant bit high in each full byte. #define SAMPLE_COUNT (3) srtp_session_keys_t session_keys; srtcp_hdr_t header; v128_t output_iv[SAMPLE_COUNT]; memset(&output_iv, 0, SAMPLE_COUNT * sizeof(v128_t)); uint32_t sequence_num[SAMPLE_COUNT]; sequence_num[0] = 0xFF; sequence_num[1] = 0xFF00; sequence_num[2] = 0xFF0000; // Postconditions v128_t final_iv[SAMPLE_COUNT]; memset(&final_iv, 0, SAMPLE_COUNT * sizeof(v128_t)); final_iv[0].v8[11] = 0xFF; final_iv[1].v8[10] = 0xFF; final_iv[2].v8[9] = 0xFF; // Given memset(&session_keys, 0, sizeof(srtp_session_keys_t)); memset(&header, 0, sizeof(srtcp_hdr_t)); // When size_t i = 0; for (i = 0; i < SAMPLE_COUNT; i++) { TEST_CHECK(srtp_calc_aead_iv_srtcp(&session_keys, &output_iv[i], sequence_num[i], &header) == srtp_err_status_ok); } // Then all IVs are as expected for (i = 0; i < SAMPLE_COUNT; i++) { TEST_CHECK(memcmp(&final_iv[i], &output_iv[i], sizeof(v128_t)) == 0); } #undef SAMPLE_COUNT } ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/test/util.c���������������������������������������������������������������������������0000664�0000000�0000000�00000011663�13120311000�0015255�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * util.c * * Utilities used by the test apps * * John A. Foley * Cisco Systems, Inc. */ /* * * Copyright (c) 2014-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include "util.h" #include <string.h> #include <stdint.h> char bit_string[MAX_PRINT_STRING_LEN]; static inline int hex_char_to_nibble (uint8_t c) { switch (c) { case ('0'): return 0x0; case ('1'): return 0x1; case ('2'): return 0x2; case ('3'): return 0x3; case ('4'): return 0x4; case ('5'): return 0x5; case ('6'): return 0x6; case ('7'): return 0x7; case ('8'): return 0x8; case ('9'): return 0x9; case ('a'): return 0xa; case ('A'): return 0xa; case ('b'): return 0xb; case ('B'): return 0xb; case ('c'): return 0xc; case ('C'): return 0xc; case ('d'): return 0xd; case ('D'): return 0xd; case ('e'): return 0xe; case ('E'): return 0xe; case ('f'): return 0xf; case ('F'): return 0xf; default: return -1; /* this flags an error */ } /* NOTREACHED */ return -1; /* this keeps compilers from complaining */ } uint8_t nibble_to_hex_char (uint8_t nibble) { char buf[16] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; return buf[nibble & 0xF]; } /* * hex_string_to_octet_string converts a hexadecimal string * of length 2 * len to a raw octet string of length len */ int hex_string_to_octet_string (char *raw, char *hex, int len) { uint8_t x; int tmp; int hex_len; hex_len = 0; while (hex_len < len) { tmp = hex_char_to_nibble(hex[0]); if (tmp == -1) { return hex_len; } x = (tmp << 4); hex_len++; tmp = hex_char_to_nibble(hex[1]); if (tmp == -1) { return hex_len; } x |= (tmp & 0xff); hex_len++; *raw++ = x; hex += 2; } return hex_len; } char * octet_string_hex_string (const void *s, int length) { const uint8_t *str = (const uint8_t*)s; int i; /* double length, since one octet takes two hex characters */ length *= 2; /* truncate string if it would be too long */ if (length > MAX_PRINT_STRING_LEN) { length = MAX_PRINT_STRING_LEN - 1; } for (i = 0; i < length; i += 2) { bit_string[i] = nibble_to_hex_char(*str >> 4); bit_string[i + 1] = nibble_to_hex_char(*str++ & 0xF); } bit_string[i] = 0; /* null terminate string */ return bit_string; } static const char b64chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz0123456789+/"; static int base64_block_to_octet_triple (char *out, char *in) { unsigned char sextets[4] = {0}; int j = 0; int i; for (i = 0; i < 4; i++) { char *p = strchr(b64chars, in[i]); if (p != NULL) { sextets[i] = p - b64chars; } else{ j++; } } out[0] = (sextets[0] << 2) | (sextets[1] >> 4); if (j < 2) { out[1] = (sextets[1] << 4) | (sextets[2] >> 2); } if (j < 1) { out[2] = (sextets[2] << 6) | sextets[3]; } return j; } int base64_string_to_octet_string (char *out, int *pad, char *in, int len) { int k = 0; int i = 0; int j = 0; if (len % 4 != 0) { return 0; } while (i < len && j == 0) { j = base64_block_to_octet_triple(out + k, in + i); k += 3; i += 4; } *pad = j; return i; } �����������������������������������������������������������������������������libsrtp-2.1.0/test/util.h���������������������������������������������������������������������������0000664�0000000�0000000�00000003722�13120311000�0015257�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/* * util.h * * Utilities used by the test apps * * John A. Foley * Cisco Systems, Inc. */ /* * * Copyright (c) 2014-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef SRTP_TEST_UTIL_H #define SRTP_TEST_UTIL_H #define MAX_PRINT_STRING_LEN 1024 int hex_string_to_octet_string(char *raw, char *hex, int len); char * octet_string_hex_string(const void *s, int length); int base64_string_to_octet_string(char *raw, int *pad, char *base64, int len); #endif ����������������������������������������������libsrtp-2.1.0/test/words.txt������������������������������������������������������������������������0000664�0000000�0000000�00000004116�13120311000�0016026�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������abducing acidheads acidness actons admixtures affidavit agelastic alated alimentary alleviated allseed annexure arragonite atonements autacoid axe axon ayres beathing blazonry bottom braising brehon brindisi broadcasts buds bulnbulns bushcraft calamander calipee casing caveat chaffings citifies clappers claques clavate colonial colonials commonalty compares consequent consumed contango courtierly creamery cruddiest cue cultish cumin cyclus dahlias dentitions derailers devitrify dibs diphysite disjunes drolleries dubitated dupion earliness eductor elenctic empresses entames epaulettes epicanthic epochal estated eurhythmic exfoliated extremity fayence figgery flaming foes forelays forewings forfeits fratches gardened gentile glumpish glyph goatherd grow gulden gumming hackling hanapers hared hatters hectare hedger heel heterodox hidden histologic howe inglobe inliers inuredness iotacism japed jelled jiffy jollies judgeship karite kart kenophobia kittens lactarian lancets leasable leep leming licorice listing lividly lobectomy lysosome madders maderizing manacle mangels marshiest maulstick meliorates mercy mikados monarchise moultings mucro munnions mystic myxoedemic nointing nong nonsense ochidore octuor officering opaqued oragious outtell oxeye pads palamae pansophy parazoa pepsines perimetric pheasant phonotypy pitarah plaintful poinders poke politer poonces populism pouty praedial presence prompter pummelled punishing quippish radicality radiuses rebuffing recorded redips regulators replay retrocedes rigors risen rootstocks rotenone rudenesses ruggedest runabout ruthfully sagacious scapes sclera sclerotium scumbering secondi serial shampoo showed sights sirenised sized slave socle solidness some spetches spiels squiring staminode stay stewpot stunsails subhumid subprogram supawn surplusage swimming swineherd tabun talliths taroks tensed thinnings three tipper toko tomahawks tombolos torpefy torulae touns travails tsarist unbeseems unblamably unbooked unnailed updates valorise viability virtue vulturns vulvate warran weakness westernise whingeings wrenching written yak yate yaupon zendiks ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/timing��������������������������������������������������������������������������������0000664�0000000�0000000�00000002172�13120311000�0014362�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# timing.plt # # gnuplot script file for plotting the output generated by srtp_driver -t # # David A. McGrew # Cisco Systems, Inc. # set xrange [0:2500] set term pict "Times-Roman" 9 # # plot authentication-only data # set title "Authentication Only" set ylabel "Megabits per second" set xlabel "Octets in packet" set yrange [0:2000] set output "plot-auth.pict" plot "timing.dat" index 0 title "HMAC SHA1" with lines, "timing.dat" index 1 title "TMMH/AES" with lines, "timing.dat" index 2 title "TMMH/SEAL" with lines # # plot encryption-only data # set title "Encryption Only" set ylabel "Megabits per second" set xlabel "Octets in packet" set output "plot-enc.pict" set yrange [0:1200] plot "timing.dat" index 3 title "SEAL" with lines, "timing.dat" index 4 title "AES ICM" with lines # # plot encryption and authentication data # set title "Encryption and Authentication" set ylabel "Megabits per second" set xlabel "Octets in packet" set yrange [0:1000] set output "plot-enc-auth.pict" plot "timing.dat" index 5 title "TMMH/SEAL" with lines, "timing.dat" index 6 title "TMMH/AES" with lines, "timing.dat" index 7 title "HMAC/AES" with lines������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/undos.sh������������������������������������������������������������������������������0000775�0000000�0000000�00000000247�13120311000�0014640�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh # # usage: undos <file> # # strips CRs from a file - useful when moving DOS-created files # onto UN*X machines cat $1 | tr -d "\r" > $1.tmp mv $1.tmp $1 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������libsrtp-2.1.0/update.sh�����������������������������������������������������������������������������0000775�0000000�0000000�00000000274�13120311000�0014772�0����������������������������������������������������������������������������������������������������ustar�00root����������������������������root����������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh # # update.sh # # update copyright dates in files a=`find . -name "*.[ch]"` for x in $a; do sed 's/(c) 2001-2005/(c) 2001-2006/' $x > $x.tmp; mv $x.tmp $x; done ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������