Sync latest changes from master.
diff --git a/Makefile.in b/Makefile.in
index eb4ce65..8286550 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -7,7 +7,6 @@
#
# runtest runs test applications
# test builds test applications
-# libcrypt.a static library implementing crypto engine
# libsrtp.a static library implementing srtp
# libsrtp.so shared library implementing srtp
# clean removes objects, libs, and executables
@@ -18,11 +17,11 @@
HAVE_PCAP = @HAVE_PCAP@
HAVE_PKG_CONFIG = @HAVE_PKG_CONFIG@
-.PHONY: all test build_table_apps
+.PHONY: all test
all: test
-runtest: build_table_apps test
+runtest: test
@echo "running libsrtp test applications..."
crypto/test/cipher_driver$(EXE) -v >/dev/null
crypto/test/kernel_driver$(EXE) -v >/dev/null
@@ -31,7 +30,6 @@
test/roc_driver$(EXE) -v >/dev/null
test/replay_driver$(EXE) -v >/dev/null
test/dtls_srtp_driver$(EXE) >/dev/null
- crypto/test/rand_gen_soak$(EXE) -v >/dev/null
cd test; $(abspath $(srcdir))/test/rtpw_test.sh >/dev/null
ifeq (1, $(USE_OPENSSL))
cd test; $(abspath $(srcdir))/test/rtpw_test_gcm.sh >/dev/null
@@ -58,10 +56,6 @@
# null on linux, bsd, and OS X and other OSes.
EXE = @EXE@
-# gdoi is the group domain of interpretation for isakmp, a group key
-# management system which can provide keys for srtp
-gdoi = @GDOI_OBJS@
-
# Random source.
RNG_OBJS = @RNG_OBJS@
HMAC_OBJS = @HMAC_OBJS@
@@ -90,8 +84,6 @@
%$(EXE): %.c
$(COMPILE) $(LDFLAGS) $< -o $@ $(SRTPLIB) $(LIBS)
-
-# libcrypt.a (the crypto engine)
ciphers = crypto/cipher/cipher.o crypto/cipher/null_cipher.o \
$(AES_ICM_OBJS)
@@ -118,25 +110,14 @@
srtpobj = srtp/srtp.o srtp/ekt.o
-libsrtp.a: $(srtpobj) $(cryptobj) $(gdoi)
+libsrtp.a: $(srtpobj) $(cryptobj)
ar cr libsrtp.a $^
$(RANLIB) libsrtp.a
-libsrtp.so: $(srtpobj) $(cryptobj) $(gdoi)
+libsrtp.so: $(srtpobj) $(cryptobj)
$(CC) -shared -Wl,-soname,libsrtp.so \
-o libsrtp.so $^ $(LDFLAGS)
-# libcryptomath.a contains general-purpose routines that are used to
-# generate tables and verify cryptoalgorithm implementations - this
-# library is not meant to be included in production code
-
-cryptomath = crypto/math/math.o crypto/math/gf2_8.o
-
-libcryptomath.a: $(cryptomath)
- ar cr libcryptomath.a $(cryptomath)
- $(RANLIB) libcryptomath.a
-
-
# test applications
ifneq (1, $(USE_OPENSSL))
AES_CALC = crypto/test/aes_calc$(EXE)
@@ -144,8 +125,8 @@
crypto_testapp = $(AES_CALC) crypto/test/cipher_driver$(EXE) \
crypto/test/datatypes_driver$(EXE) crypto/test/kernel_driver$(EXE) \
- crypto/test/rand_gen$(EXE) crypto/test/sha1_driver$(EXE) \
- crypto/test/stat_driver$(EXE) crypto/test/rand_gen_soak$(EXE)
+ crypto/test/sha1_driver$(EXE) \
+ crypto/test/stat_driver$(EXE)
testapp = $(crypto_testapp) test/srtp_driver$(EXE) test/replay_driver$(EXE) \
test/roc_driver$(EXE) test/rdbx_driver$(EXE) test/rtpw$(EXE) \
@@ -188,19 +169,6 @@
@echo "passed (same number of alloc() and dealloc() calls found)"
@rm freed allocated tmp
-# tables_apps are used to generate the tables used in the crypto
-# implementations; these need only be generated during porting, not
-# for building libsrtp or the test applications
-
-table_apps = tables/aes_tables
-
-build_table_apps: $(table_apps)
-
-# in the tables/ subdirectory, we use libcryptomath instead of libsrtp
-
-tables/%: tables/%.c libcryptomath.a
- $(COMPILE) $(LDFLAGS) $< -o $@ $(LIBS) libcryptomath.a
-
# the target 'plot' runs the timing test (test/srtp_driver -t) then
# uses gnuplot to produce plots of the results - see the script file
# 'timing'
@@ -229,9 +197,9 @@
fi
$(INSTALL) -d $(DESTDIR)$(includedir)/srtp
$(INSTALL) -d $(DESTDIR)$(libdir)
- cp $(srcdir)/include/*.h $(DESTDIR)$(includedir)/srtp
- cp $(srcdir)/crypto/include/*.h $(DESTDIR)$(includedir)/srtp
- if [ "$(srcdir)" != "." ]; then cp crypto/include/*.h $(DESTDIR)$(includedir)/srtp; fi
+ cp $(srcdir)/include/srtp.h $(DESTDIR)$(includedir)/srtp
+ cp $(srcdir)/include/ekt.h $(DESTDIR)$(includedir)/srtp
+ cp $(srcdir)/include/rtp.h $(DESTDIR)$(includedir)/srtp
if [ -f libsrtp.a ]; then cp libsrtp.a $(DESTDIR)$(libdir)/; fi
if [ -f libsrtp.so ]; then cp libsrtp.so $(DESTDIR)$(libdir)/; fi
if [ "$(pkgconfig_DATA)" != "" ]; then \
@@ -249,17 +217,15 @@
fi
clean:
- rm -rf $(cryptobj) $(srtpobj) $(cryptomath) TAGS \
- libcryptomath.a libsrtp.a libsrtp.so core *.core test/core
+ rm -rf $(cryptobj) $(srtpobj) TAGS \
+ libsrtp.a libsrtp.so core *.core test/core
for a in * */* */*/*; do \
if [ -f "$$a~" ] ; then rm -f $$a~; fi; \
done;
- for a in $(testapp) $(table_apps); do rm -rf $$a$(EXE); done
+ for a in $(testapp); do rm -rf $$a$(EXE); done
rm -rf *.pict *.jpg *.dat
rm -rf freed allocated tmp
$(MAKE) -C doc clean
- $(MAKE) -C crypto clean
-
superclean: clean
rm -rf crypto/include/config.h config.log config.cache config.status \
diff --git a/VERSION b/VERSION
index e996078..4e6987a 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.5.1-pre
+2.0.0-pre
diff --git a/config_in.h b/config_in.h
index d5415fc..f798dc2 100644
--- a/config_in.h
+++ b/config_in.h
@@ -138,9 +138,6 @@
/* The size of a `unsigned long long', as computed by sizeof. */
#undef SIZEOF_UNSIGNED_LONG_LONG
-/* Define to use GDOI. */
-#undef SRTP_GDOI
-
/* Define to use OpenSSL crypto. */
#undef OPENSSL
diff --git a/configure b/configure
index 40396d9..a38a47b 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libsrtp 1.5.1-pre.
+# Generated by GNU Autoconf 2.69 for libsrtp 2.0.0-pre.
#
# Report bugs to <https://github.com/cisco/libsrtp/issues>.
#
@@ -580,8 +580,8 @@
# Identity of this package.
PACKAGE_NAME='libsrtp'
PACKAGE_TARNAME='libsrtp'
-PACKAGE_VERSION='1.5.1-pre'
-PACKAGE_STRING='libsrtp 1.5.1-pre'
+PACKAGE_VERSION='2.0.0-pre'
+PACKAGE_STRING='libsrtp 2.0.0-pre'
PACKAGE_BUGREPORT='https://github.com/cisco/libsrtp/issues'
PACKAGE_URL=''
@@ -625,7 +625,6 @@
LIBOBJS
HAVE_PKG_CONFIG
PKG_CONFIG
-GDOI_OBJS
HAVE_PCAP
HMAC_OBJS
RNG_EXTRA_OBJS
@@ -700,10 +699,8 @@
enable_debug
enable_generic_aesicm
enable_openssl
-enable_syslog
enable_stdout
enable_console
-enable_gdoi
'
ac_precious_vars='build_alias
host_alias
@@ -1254,7 +1251,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libsrtp 1.5.1-pre to adapt to many kinds of systems.
+\`configure' configures libsrtp 2.0.0-pre to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1319,7 +1316,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libsrtp 1.5.1-pre:";;
+ short | recursive ) echo "Configuration of libsrtp 2.0.0-pre:";;
esac
cat <<\_ACEOF
@@ -1331,10 +1328,8 @@
--disable-debug do not compile in dynamic debugging system
--enable-generic-aesicm compile in changes for ISMAcryp
--enable-openssl compile in OpenSSL crypto engine
- --enable-syslog use syslog for error reporting
- --disable-stdout don't use stdout for error reporting
+ --enable-stdout use stdout for debug/error reporting
--enable-console use /dev/console for error reporting
- --enable-gdoi enable GDOI key management
Some influential environment variables:
CC C compiler command
@@ -1412,7 +1407,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libsrtp configure 1.5.1-pre
+libsrtp configure 2.0.0-pre
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2018,7 +2013,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libsrtp $as_me 1.5.1-pre, which was
+It was created by libsrtp $as_me 2.0.0-pre, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -4425,19 +4420,6 @@
done
-for ac_header in syslog.h
-do :
- ac_fn_c_check_header_mongrel "$LINENO" "syslog.h" "ac_cv_header_syslog_h" "$ac_includes_default"
-if test "x$ac_cv_header_syslog_h" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_SYSLOG_H 1
-_ACEOF
-
-fi
-
-done
-
-
ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" "$ac_includes_default"
if test "x$ac_cv_type_int8_t" = xyes; then :
@@ -5081,30 +5063,13 @@
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use syslog for error reporting" >&5
-$as_echo_n "checking whether to use syslog for error reporting... " >&6; }
-# Check whether --enable-syslog was given.
-if test "${enable_syslog+set}" = set; then :
- enableval=$enable_syslog;
-else
- enable_syslog=no
-fi
-
-if test "$enable_syslog" = "yes"; then
-
-$as_echo "#define USE_SYSLOG 1" >>confdefs.h
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_syslog" >&5
-$as_echo "$enable_syslog" >&6; }
-
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use stdout for error reporting" >&5
$as_echo_n "checking whether to use stdout for error reporting... " >&6; }
# Check whether --enable-stdout was given.
if test "${enable_stdout+set}" = set; then :
enableval=$enable_stdout;
else
- enable_stdout=yes
+ enable_stdout=no
fi
if test "$enable_stdout" = "yes"; then
@@ -5135,25 +5100,6 @@
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_console" >&5
$as_echo "$enable_console" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use GDOI key management" >&5
-$as_echo_n "checking whether to use GDOI key management... " >&6; }
-# Check whether --enable-gdoi was given.
-if test "${enable_gdoi+set}" = set; then :
- enableval=$enable_gdoi;
-else
- enable_gdoi=no
-fi
-
-if test "$enable_gdoi" = "yes"; then
-
-$as_echo "#define SRTP_GDOI 1" >>confdefs.h
-
- GDOI_OBJS=gdoi/srtp+gdoi.o
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_gdoi" >&5
-$as_echo "$enable_gdoi" >&6; }
-
ac_config_headers="$ac_config_headers crypto/include/config.h:config_in.h"
@@ -5711,7 +5657,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libsrtp $as_me 1.5.1-pre, which was
+This file was extended by libsrtp $as_me 2.0.0-pre, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -5773,7 +5719,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libsrtp config.status 1.5.1-pre
+libsrtp config.status 2.0.0-pre
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
@@ -6488,7 +6434,6 @@
# This is needed when building outside the source dir.
-as_dir=crypto/ae_xfm; as_fn_mkdir_p
as_dir=crypto/cipher; as_fn_mkdir_p
as_dir=crypto/hash; as_fn_mkdir_p
as_dir=crypto/kernel; as_fn_mkdir_p
@@ -6498,5 +6443,4 @@
as_dir=crypto/test; as_fn_mkdir_p
as_dir=doc; as_fn_mkdir_p
as_dir=srtp; as_fn_mkdir_p
-as_dir=tables; as_fn_mkdir_p
as_dir=test; as_fn_mkdir_p
diff --git a/configure.in b/configure.in
index 33bd935..15167f8 100644
--- a/configure.in
+++ b/configure.in
@@ -1,5 +1,5 @@
dnl Process this file with autoconf to produce a configure script.
-AC_INIT([libsrtp], [1.5.1-pre], [https://github.com/cisco/libsrtp/issues])
+AC_INIT([libsrtp], [2.0.0-pre], [https://github.com/cisco/libsrtp/issues])
dnl Must come before AC_PROG_CC
if test -z "$CFLAGS"; then
@@ -85,8 +85,6 @@
AC_CHECK_HEADERS(sys/socket.h netinet/in.h arpa/inet.h)
AC_CHECK_HEADERS(windows.h, [AC_CHECK_HEADERS(winsock2.h)])
-AC_CHECK_HEADERS(syslog.h)
-
AC_CHECK_TYPES([int8_t,uint8_t,int16_t,uint16_t,int32_t,uint32_t,uint64_t])
AC_CHECK_SIZEOF(unsigned long)
AC_CHECK_SIZEOF(unsigned long long)
@@ -191,19 +189,10 @@
AC_SUBST(HAVE_PCAP)
])
-AC_MSG_CHECKING(whether to use syslog for error reporting)
-AC_ARG_ENABLE(syslog,
- [AS_HELP_STRING([--enable-syslog], [use syslog for error reporting])],
- [], enable_syslog=no)
-if test "$enable_syslog" = "yes"; then
- AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog logging.])
-fi
-AC_MSG_RESULT($enable_syslog)
-
AC_MSG_CHECKING(whether to use stdout for error reporting)
AC_ARG_ENABLE(stdout,
- [AS_HELP_STRING([--disable-stdout], [don't use stdout for error reporting])],
- [], enable_stdout=yes)
+ [AS_HELP_STRING([--enable-stdout], [use stdout for debug/error reporting])],
+ [], enable_stdout=no)
if test "$enable_stdout" = "yes"; then
AC_DEFINE(ERR_REPORTING_STDOUT, 1, [Define to use logging to stdout.])
fi
@@ -219,17 +208,6 @@
fi
AC_MSG_RESULT($enable_console)
-AC_MSG_CHECKING(whether to use GDOI key management)
-AC_ARG_ENABLE(gdoi,
- [AS_HELP_STRING([--enable-gdoi], [enable GDOI key management])],
- [], enable_gdoi=no)
-if test "$enable_gdoi" = "yes"; then
- AC_DEFINE(SRTP_GDOI, 1, [Define to use GDOI.])
- GDOI_OBJS=gdoi/srtp+gdoi.o
- AC_SUBST(GDOI_OBJS)
-fi
-AC_MSG_RESULT($enable_gdoi)
-
AC_CONFIG_HEADER(crypto/include/config.h:config_in.h)
AC_CHECK_PROG(PKG_CONFIG, pkg-config, yes)
@@ -244,7 +222,6 @@
AC_OUTPUT
# This is needed when building outside the source dir.
-AS_MKDIR_P(crypto/ae_xfm)
AS_MKDIR_P(crypto/cipher)
AS_MKDIR_P(crypto/hash)
AS_MKDIR_P(crypto/kernel)
@@ -254,5 +231,4 @@
AS_MKDIR_P(crypto/test)
AS_MKDIR_P(doc)
AS_MKDIR_P(srtp)
-AS_MKDIR_P(tables)
AS_MKDIR_P(test)
diff --git a/crypto/Makefile.in b/crypto/Makefile.in
index b6d6fcf..e421e54 100644
--- a/crypto/Makefile.in
+++ b/crypto/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile for libcryptomodule.a
+# Makefile for crypto test suite
#
# David A. McGrew
# Cisco Systems, Inc.
@@ -46,7 +46,7 @@
testapp = test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \
test/stat_driver$(EXE) test/sha1_driver$(EXE) \
- test/kernel_driver$(EXE) $(AES_CALC) test/rand_gen$(EXE) \
+ test/kernel_driver$(EXE) $(AES_CALC) \
test/env$(EXE)
# data values used to test the aes_calc application for AES-128
@@ -73,7 +73,6 @@
test/stat_driver$(EXE) >/dev/null
test/sha1_driver$(EXE) -v >/dev/null
test/kernel_driver$(EXE) -v >/dev/null
- test/rand_gen$(EXE) -n 256 >/dev/null
@echo "crypto test applications passed."
@@ -90,7 +89,6 @@
# housekeeping functions
clean:
- rm -f libcryptomodule.a
rm -f $(testapp) *.o */*.o
for a in * .* */*; do if [ -f "$$a~" ] ; then rm $$a~; fi; done;
rm -f `find . -name "*.[ch]~*~"`
@@ -99,13 +97,4 @@
superclean: clean
rm -f *core TAGS ktrace.out
-
-# the target 'package' builds a compressed tar archive of the source code
-
-distname = crypto-$(shell cat VERSION)
-
-package: superclean
- cd ..; tar cvzf $(distname).tgz crypto/
-
-
# EOF
diff --git a/crypto/VERSION b/crypto/VERSION
deleted file mode 100644
index 3eefcb9..0000000
--- a/crypto/VERSION
+++ /dev/null
@@ -1 +0,0 @@
-1.0.0
diff --git a/crypto/cipher/aes.c b/crypto/cipher/aes.c
index a279682..6b0a2ad 100644
--- a/crypto/cipher/aes.c
+++ b/crypto/cipher/aes.c
@@ -1476,32 +1476,32 @@
}
}
-err_status_t
+srtp_err_status_t
aes_expand_encryption_key(const uint8_t *key,
int key_len,
aes_expanded_key_t *expanded_key) {
if (key_len == 16) {
aes_128_expand_encryption_key(key, expanded_key);
- return err_status_ok;
+ return srtp_err_status_ok;
}
else if (key_len == 24) {
/* AES-192 not yet supported */
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
else if (key_len == 32) {
aes_256_expand_encryption_key(key, expanded_key);
- return err_status_ok;
+ return srtp_err_status_ok;
}
else
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
-err_status_t
+srtp_err_status_t
aes_expand_decryption_key(const uint8_t *key,
int key_len,
aes_expanded_key_t *expanded_key) {
int i;
- err_status_t status;
+ srtp_err_status_t status;
int num_rounds = expanded_key->num_rounds;
status = aes_expand_encryption_key(key, key_len, expanded_key);
@@ -1587,7 +1587,7 @@
#endif
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
#ifdef CPU_CISC
diff --git a/crypto/cipher/aes_cbc.c b/crypto/cipher/aes_cbc.c
index 11953bf..0209aa4 100644
--- a/crypto/cipher/aes_cbc.c
+++ b/crypto/cipher/aes_cbc.c
@@ -57,7 +57,7 @@
-err_status_t
+srtp_err_status_t
aes_cbc_alloc(cipher_t **c, int key_len, int tlen) {
extern cipher_type_t aes_cbc;
uint8_t *pointer;
@@ -67,13 +67,13 @@
"allocating cipher with key length %d", key_len);
if (key_len != 16 && key_len != 24 && key_len != 32)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/* allocate memory a cipher of type aes_cbc */
tmp = (sizeof(aes_cbc_ctx_t) + sizeof(cipher_t));
pointer = (uint8_t*)crypto_alloc(tmp);
if (pointer == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
/* set pointers */
*c = (cipher_t *)pointer;
@@ -81,16 +81,13 @@
(*c)->type = &aes_cbc;
(*c)->state = pointer + sizeof(cipher_t);
- /* increment ref_count */
- aes_cbc.ref_count++;
-
/* set key size */
(*c)->key_len = key_len;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
aes_cbc_dealloc(cipher_t *c) {
extern cipher_type_t aes_cbc;
@@ -101,13 +98,10 @@
/* free memory */
crypto_free(c);
- /* decrement ref_count */
- aes_cbc.ref_count--;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, int key_len) {
debug_print(mod_aes_cbc,
@@ -120,13 +114,13 @@
c->key_len = (key_len <= 32 ? key_len : 32);
memcpy(c->key, key, c->key_len);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv, int direction) {
- err_status_t status;
+ srtp_err_status_t status;
int i;
/* v128_t *input = iv; */
uint8_t *input = (uint8_t*) iv;
@@ -152,13 +146,13 @@
return status;
break;
default:
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
aes_cbc_encrypt(aes_cbc_ctx_t *c,
unsigned char *data,
unsigned int *bytes_in_data) {
@@ -171,7 +165,7 @@
* verify that we're 16-octet aligned
*/
if (*bytes_in_data & 0xf)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/*
* note that we assume that the initialization vector has already
@@ -205,10 +199,10 @@
bytes_to_encr -= 16;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
aes_cbc_decrypt(aes_cbc_ctx_t *c,
unsigned char *data,
unsigned int *bytes_in_data) {
@@ -223,7 +217,7 @@
* verify that we're 16-octet aligned
*/
if (*bytes_in_data & 0x0f)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/* set 'previous' block to iv*/
for (i=0; i < 16; i++) {
@@ -267,18 +261,18 @@
bytes_to_encr -= 16;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
aes_cbc_nist_encrypt(aes_cbc_ctx_t *c,
unsigned char *data,
unsigned int *bytes_in_data) {
int i;
unsigned char *pad_start;
int num_pad_bytes;
- err_status_t status;
+ srtp_err_status_t status;
/*
* determine the number of padding bytes that we need to add -
@@ -303,17 +297,17 @@
if (status)
return status;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
aes_cbc_nist_decrypt(aes_cbc_ctx_t *c,
unsigned char *data,
unsigned int *bytes_in_data) {
unsigned char *pad_end;
int num_pad_bytes;
- err_status_t status;
+ srtp_err_status_t status;
/*
* cbc decrypt the padded data
@@ -336,7 +330,7 @@
/* decrement data size */
*bytes_in_data -= num_pad_bytes;
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -556,10 +550,9 @@
(cipher_set_iv_func_t) aes_cbc_set_iv,
(cipher_get_tag_func_t) 0,
(char *) aes_cbc_description,
- (int) 0, /* instance count */
(cipher_test_case_t *) &aes_cbc_test_case_3,
(debug_module_t *) &mod_aes_cbc,
- (cipher_type_id_t) AES_CBC
+ (srtp_cipher_type_id_t) AES_CBC
};
diff --git a/crypto/cipher/aes_gcm_ossl.c b/crypto/cipher/aes_gcm_ossl.c
index dce2a33..2a97ce2 100644
--- a/crypto/cipher/aes_gcm_ossl.c
+++ b/crypto/cipher/aes_gcm_ossl.c
@@ -82,7 +82,7 @@
* key length includes the 14 byte salt value that is used when
* initializing the KDF.
*/
-err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)
+srtp_err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen)
{
aes_gcm_ctx_t *gcm;
int tmp;
@@ -94,21 +94,21 @@
/*
* Verify the key_len is valid for one of: AES-128/256
*/
- if (key_len != AES_128_GCM_KEYSIZE_WSALT &&
- key_len != AES_256_GCM_KEYSIZE_WSALT) {
- return (err_status_bad_param);
+ if (key_len != SRTP_AES_128_GCM_KEYSIZE_WSALT &&
+ key_len != SRTP_AES_256_GCM_KEYSIZE_WSALT) {
+ return (srtp_err_status_bad_param);
}
if (tlen != GCM_AUTH_TAG_LEN &&
tlen != GCM_AUTH_TAG_LEN_8) {
- return (err_status_bad_param);
+ return (srtp_err_status_bad_param);
}
/* allocate memory a cipher of type aes_gcm */
tmp = sizeof(cipher_t) + sizeof(aes_gcm_ctx_t);
allptr = crypto_alloc(tmp);
if (allptr == NULL) {
- return (err_status_alloc_fail);
+ return (srtp_err_status_alloc_fail);
}
/* set pointers */
@@ -116,19 +116,17 @@
(*c)->state = allptr + sizeof(cipher_t);
gcm = (aes_gcm_ctx_t *)(*c)->state;
- /* increment ref_count */
+ /* setup cipher attributes */
switch (key_len) {
- case AES_128_GCM_KEYSIZE_WSALT:
+ case SRTP_AES_128_GCM_KEYSIZE_WSALT:
(*c)->type = &aes_gcm_128_openssl;
(*c)->algorithm = AES_128_GCM;
- aes_gcm_128_openssl.ref_count++;
((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE;
((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen;
break;
- case AES_256_GCM_KEYSIZE_WSALT:
+ case SRTP_AES_256_GCM_KEYSIZE_WSALT:
(*c)->type = &aes_gcm_256_openssl;
(*c)->algorithm = AES_256_GCM;
- aes_gcm_256_openssl.ref_count++;
((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE;
((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen;
break;
@@ -138,32 +136,20 @@
(*c)->key_len = key_len;
EVP_CIPHER_CTX_init(&gcm->ctx);
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
/*
* This function deallocates a GCM session
*/
-err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
+srtp_err_status_t aes_gcm_openssl_dealloc (cipher_t *c)
{
aes_gcm_ctx_t *ctx;
ctx = (aes_gcm_ctx_t*)c->state;
if (ctx) {
EVP_CIPHER_CTX_cleanup(&ctx->ctx);
- /* decrement ref_count for the appropriate engine */
- switch (ctx->key_size) {
- case AES_256_KEYSIZE:
- aes_gcm_256_openssl.ref_count--;
- break;
- case AES_128_KEYSIZE:
- aes_gcm_128_openssl.ref_count--;
- break;
- default:
- return (err_status_dealloc_fail);
- break;
- }
}
/* zeroize entire state*/
@@ -172,7 +158,7 @@
/* free memory */
crypto_free(c);
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
/*
@@ -181,7 +167,7 @@
*
* the key is the secret key
*/
-err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key)
+srtp_err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key)
{
c->dir = direction_any;
@@ -199,7 +185,7 @@
EVP_CIPHER_CTX_cleanup(&c->ctx);
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
@@ -207,13 +193,13 @@
* aes_gcm_openssl_set_iv(c, iv) sets the counter value to the exor of iv with
* the offset
*/
-err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv,
+srtp_err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv,
int direction)
{
const EVP_CIPHER *evp;
if (direction != direction_encrypt && direction != direction_decrypt) {
- return (err_status_bad_param);
+ return (srtp_err_status_bad_param);
}
c->dir = direction;
@@ -227,27 +213,27 @@
evp = EVP_aes_128_gcm();
break;
default:
- return (err_status_bad_param);
+ return (srtp_err_status_bad_param);
break;
}
if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8,
NULL, (c->dir == direction_encrypt ? 1 : 0))) {
- return (err_status_init_fail);
+ return (srtp_err_status_init_fail);
}
/* set IV len and the IV value, the followiong 3 calls are required */
if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) {
- return (err_status_init_fail);
+ return (srtp_err_status_init_fail);
}
if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) {
- return (err_status_init_fail);
+ return (srtp_err_status_init_fail);
}
if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) {
- return (err_status_init_fail);
+ return (srtp_err_status_init_fail);
}
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
/*
@@ -258,7 +244,7 @@
* aad Additional data to process for AEAD cipher suites
* aad_len length of aad buffer
*/
-err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad,
+srtp_err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad,
unsigned int aad_len)
{
int rv;
@@ -271,9 +257,9 @@
rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len);
if (rv != aad_len) {
- return (err_status_algo_fail);
+ return (srtp_err_status_algo_fail);
} else {
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
}
@@ -285,11 +271,11 @@
* buf data to encrypt
* enc_len length of encrypt buffer
*/
-err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf,
+srtp_err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf,
unsigned int *enc_len)
{
if (c->dir != direction_encrypt && c->dir != direction_decrypt) {
- return (err_status_bad_param);
+ return (srtp_err_status_bad_param);
}
/*
@@ -297,7 +283,7 @@
*/
EVP_Cipher(&c->ctx, buf, buf, *enc_len);
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
/*
@@ -311,7 +297,7 @@
* buf data to encrypt
* len length of encrypt buffer
*/
-err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf,
+srtp_err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf,
int *len)
{
/*
@@ -329,7 +315,7 @@
*/
*len = c->tag_len;
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
@@ -341,11 +327,11 @@
* buf data to encrypt
* enc_len length of encrypt buffer
*/
-err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf,
+srtp_err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf,
unsigned int *enc_len)
{
if (c->dir != direction_encrypt && c->dir != direction_decrypt) {
- return (err_status_bad_param);
+ return (srtp_err_status_bad_param);
}
/*
@@ -359,7 +345,7 @@
* Check the tag
*/
if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) {
- return (err_status_auth_fail);
+ return (srtp_err_status_auth_fail);
}
/*
@@ -368,7 +354,7 @@
*/
*enc_len -= c->tag_len;
- return (err_status_ok);
+ return (srtp_err_status_ok);
}
@@ -385,7 +371,7 @@
* values we're derived from independent test code
* using OpenSSL.
*/
-uint8_t aes_gcm_test_case_0_key[AES_128_GCM_KEYSIZE_WSALT] = {
+uint8_t aes_gcm_test_case_0_key[SRTP_AES_128_GCM_KEYSIZE_WSALT] = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
@@ -429,7 +415,7 @@
};
cipher_test_case_t aes_gcm_test_case_0a = {
- AES_128_GCM_KEYSIZE_WSALT, /* octets in key */
+ SRTP_AES_128_GCM_KEYSIZE_WSALT, /* octets in key */
aes_gcm_test_case_0_key, /* key */
aes_gcm_test_case_0_iv, /* packet index */
60, /* octets in plaintext */
@@ -443,7 +429,7 @@
};
cipher_test_case_t aes_gcm_test_case_0 = {
- AES_128_GCM_KEYSIZE_WSALT, /* octets in key */
+ SRTP_AES_128_GCM_KEYSIZE_WSALT, /* octets in key */
aes_gcm_test_case_0_key, /* key */
aes_gcm_test_case_0_iv, /* packet index */
60, /* octets in plaintext */
@@ -456,7 +442,7 @@
&aes_gcm_test_case_0a /* pointer to next testcase */
};
-uint8_t aes_gcm_test_case_1_key[AES_256_GCM_KEYSIZE_WSALT] = {
+uint8_t aes_gcm_test_case_1_key[SRTP_AES_256_GCM_KEYSIZE_WSALT] = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0xa5, 0x59, 0x09, 0xc5, 0x54, 0x66, 0x93, 0x1c,
0xaf, 0xf5, 0x26, 0x9a, 0x21, 0xd5, 0x14, 0xb2,
@@ -503,7 +489,7 @@
};
cipher_test_case_t aes_gcm_test_case_1a = {
- AES_256_GCM_KEYSIZE_WSALT, /* octets in key */
+ SRTP_AES_256_GCM_KEYSIZE_WSALT, /* octets in key */
aes_gcm_test_case_1_key, /* key */
aes_gcm_test_case_1_iv, /* packet index */
60, /* octets in plaintext */
@@ -517,7 +503,7 @@
};
cipher_test_case_t aes_gcm_test_case_1 = {
- AES_256_GCM_KEYSIZE_WSALT, /* octets in key */
+ SRTP_AES_256_GCM_KEYSIZE_WSALT, /* octets in key */
aes_gcm_test_case_1_key, /* key */
aes_gcm_test_case_1_iv, /* packet index */
60, /* octets in plaintext */
@@ -543,10 +529,9 @@
(cipher_set_iv_func_t) aes_gcm_openssl_set_iv,
(cipher_get_tag_func_t) aes_gcm_openssl_get_tag,
(char*) aes_gcm_128_openssl_description,
- (int) 0, /* instance count */
(cipher_test_case_t*) &aes_gcm_test_case_0,
(debug_module_t*) &mod_aes_gcm,
- (cipher_type_id_t) AES_128_GCM
+ (srtp_cipher_type_id_t) AES_128_GCM
};
/*
@@ -562,9 +547,8 @@
(cipher_set_iv_func_t) aes_gcm_openssl_set_iv,
(cipher_get_tag_func_t) aes_gcm_openssl_get_tag,
(char*) aes_gcm_256_openssl_description,
- (int) 0, /* instance count */
(cipher_test_case_t*) &aes_gcm_test_case_1,
(debug_module_t*) &mod_aes_gcm,
- (cipher_type_id_t) AES_256_GCM
+ (srtp_cipher_type_id_t) AES_256_GCM
};
diff --git a/crypto/cipher/aes_icm.c b/crypto/cipher/aes_icm.c
index d251901..0ab2b83 100644
--- a/crypto/cipher/aes_icm.c
+++ b/crypto/cipher/aes_icm.c
@@ -92,7 +92,7 @@
*
*/
-err_status_t
+srtp_err_status_t
aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int forIsmacryp) {
extern cipher_type_t aes_icm;
uint8_t *pointer;
@@ -111,13 +111,13 @@
*/
if (!(forIsmacryp && key_len > 16 && key_len < 30) &&
key_len != 30 && key_len != 38 && key_len != 46)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/* allocate memory a cipher of type aes_icm */
tmp = (sizeof(aes_icm_ctx_t) + sizeof(cipher_t));
pointer = (uint8_t*)crypto_alloc(tmp);
if (pointer == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
/* set pointers */
*c = (cipher_t *)pointer;
@@ -135,20 +135,17 @@
(*c)->type = &aes_icm;
(*c)->state = pointer + sizeof(cipher_t);
- /* increment ref_count */
- aes_icm.ref_count++;
-
/* set key size */
(*c)->key_len = key_len;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t aes_icm_alloc(cipher_t **c, int key_len, int forIsmacryp) {
+srtp_err_status_t aes_icm_alloc(cipher_t **c, int key_len, int forIsmacryp) {
return aes_icm_alloc_ismacryp(c, key_len, 0);
}
-err_status_t
+srtp_err_status_t
aes_icm_dealloc(cipher_t *c) {
extern cipher_type_t aes_icm;
@@ -159,10 +156,7 @@
/* free memory */
crypto_free(c);
- /* decrement ref_count */
- aes_icm.ref_count--;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -176,9 +170,9 @@
* randomizes the starting point in the keystream
*/
-err_status_t
+srtp_err_status_t
aes_icm_context_init(aes_icm_ctx_t *c, const uint8_t *key, int key_len) {
- err_status_t status;
+ srtp_err_status_t status;
int base_key_len, copy_len;
if (key_len > 16 && key_len < 30) /* Ismacryp */
@@ -186,7 +180,7 @@
else if (key_len == 30 || key_len == 38 || key_len == 46)
base_key_len = key_len - 14;
else
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/*
* set counter and initial values to 'offset' value, being careful not to
@@ -219,7 +213,7 @@
/* indicate that the keystream_buffer is empty */
c->bytes_in_buffer = 0;
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -228,7 +222,7 @@
* is the ith octet
*/
-err_status_t
+srtp_err_status_t
aes_icm_set_octet(aes_icm_ctx_t *c,
uint64_t octet_num) {
@@ -277,7 +271,7 @@
c->bytes_in_buffer = 0;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -285,7 +279,7 @@
* the offset
*/
-err_status_t
+srtp_err_status_t
aes_icm_set_iv(aes_icm_ctx_t *c, void *iv, int direction) {
v128_t nonce;
@@ -303,7 +297,7 @@
/* indicate that the keystream_buffer is empty */
c->bytes_in_buffer = 0;
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -353,7 +347,7 @@
* - fill buffer then add in remaining (< 16) bytes of keystream
*/
-err_status_t
+srtp_err_status_t
aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
unsigned char *buf, unsigned int *enc_len,
int forIsmacryp) {
@@ -363,7 +357,7 @@
/* check that there's enough segment left but not for ismacryp*/
if (!forIsmacryp && (bytes_to_encr + htons(c->counter.v16[7])) > 0xffff)
- return err_status_terminus;
+ return srtp_err_status_terminus;
debug_print(mod_aes_icm, "block index: %d",
htons(c->counter.v16[7]));
@@ -379,7 +373,7 @@
c->bytes_in_buffer -= bytes_to_encr;
/* return now to avoid the main loop */
- return err_status_ok;
+ return srtp_err_status_ok;
} else {
@@ -458,15 +452,15 @@
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
aes_icm_encrypt(aes_icm_ctx_t *c, unsigned char *buf, unsigned int *enc_len) {
return aes_icm_encrypt_ismacryp(c, buf, enc_len, 0);
}
-err_status_t
+srtp_err_status_t
aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, unsigned int num_octets_to_output) {
unsigned int len = num_octets_to_output;
@@ -583,9 +577,8 @@
(cipher_set_iv_func_t) aes_icm_set_iv,
(cipher_get_tag_func_t) 0,
(char *) aes_icm_description,
- (int) 0, /* instance count */
(cipher_test_case_t *) &aes_icm_test_case_1,
(debug_module_t *) &mod_aes_icm,
- (cipher_type_id_t) AES_ICM
+ (srtp_cipher_type_id_t) AES_ICM
};
diff --git a/crypto/cipher/aes_icm_ossl.c b/crypto/cipher/aes_icm_ossl.c
index 694e06b..c1dce96 100644
--- a/crypto/cipher/aes_icm_ossl.c
+++ b/crypto/cipher/aes_icm_ossl.c
@@ -110,7 +110,7 @@
* value. The tlen argument is for the AEAD tag length, which
* isn't used in counter mode.
*/
-err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)
+srtp_err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen)
{
aes_icm_ctx_t *icm;
int tmp;
@@ -123,14 +123,14 @@
*/
if (key_len != AES_128_KEYSIZE_WSALT && key_len != AES_192_KEYSIZE_WSALT &&
key_len != AES_256_KEYSIZE_WSALT) {
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
/* allocate memory a cipher of type aes_icm */
tmp = sizeof(cipher_t) + sizeof(aes_icm_ctx_t);
allptr = (uint8_t*)crypto_alloc(tmp);
if (allptr == NULL) {
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
}
/* set pointers */
@@ -138,24 +138,21 @@
(*c)->state = allptr + sizeof(cipher_t);
icm = (aes_icm_ctx_t*)(*c)->state;
- /* increment ref_count */
+ /* setup cipher parameters */
switch (key_len) {
case AES_128_KEYSIZE_WSALT:
(*c)->algorithm = AES_128_ICM;
(*c)->type = &aes_icm;
- aes_icm.ref_count++;
((aes_icm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE;
break;
case AES_192_KEYSIZE_WSALT:
(*c)->algorithm = AES_192_ICM;
(*c)->type = &aes_icm_192;
- aes_icm_192.ref_count++;
((aes_icm_ctx_t*)(*c)->state)->key_size = AES_192_KEYSIZE;
break;
case AES_256_KEYSIZE_WSALT:
(*c)->algorithm = AES_256_ICM;
(*c)->type = &aes_icm_256;
- aes_icm_256.ref_count++;
((aes_icm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE;
break;
}
@@ -164,19 +161,19 @@
(*c)->key_len = key_len;
EVP_CIPHER_CTX_init(&icm->ctx);
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
* This function deallocates an instance of this engine
*/
-err_status_t aes_icm_openssl_dealloc (cipher_t *c)
+srtp_err_status_t aes_icm_openssl_dealloc (cipher_t *c)
{
aes_icm_ctx_t *ctx;
if (c == NULL) {
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
/*
@@ -185,21 +182,6 @@
ctx = (aes_icm_ctx_t*)c->state;
if (ctx != NULL) {
EVP_CIPHER_CTX_cleanup(&ctx->ctx);
- /* decrement ref_count for the appropriate engine */
- switch (ctx->key_size) {
- case AES_256_KEYSIZE:
- aes_icm_256.ref_count--;
- break;
- case AES_192_KEYSIZE:
- aes_icm_192.ref_count--;
- break;
- case AES_128_KEYSIZE:
- aes_icm.ref_count--;
- break;
- default:
- return err_status_dealloc_fail;
- break;
- }
}
/* zeroize entire state*/
@@ -209,7 +191,7 @@
/* free memory */
crypto_free(c);
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -221,7 +203,7 @@
* the salt is unpredictable (but not necessarily secret) data which
* randomizes the starting point in the keystream
*/
-err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key, int len)
+srtp_err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key, int len)
{
/*
* set counter and initial values to 'offset' value, being careful not to
@@ -229,7 +211,7 @@
*/
if (c->key_size + SALT_SIZE != len)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
v128_set_to_zero(&c->counter);
v128_set_to_zero(&c->offset);
@@ -260,7 +242,7 @@
EVP_CIPHER_CTX_cleanup(&c->ctx);
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -268,7 +250,7 @@
* aes_icm_set_iv(c, iv) sets the counter value to the exor of iv with
* the offset
*/
-err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)
+srtp_err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir)
{
const EVP_CIPHER *evp;
v128_t nonce;
@@ -293,15 +275,15 @@
evp = EVP_aes_128_ctr();
break;
default:
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
break;
}
if (!EVP_EncryptInit_ex(&c->ctx, evp,
NULL, c->key.v8, c->counter.v8)) {
- return err_status_fail;
+ return srtp_err_status_fail;
} else {
- return err_status_ok;
+ return srtp_err_status_ok;
}
}
@@ -313,23 +295,23 @@
* buf data to encrypt
* enc_len length of encrypt buffer
*/
-err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsigned int *enc_len)
+srtp_err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsigned int *enc_len)
{
int len = 0;
debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter));
if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
*enc_len = len;
if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
*enc_len += len;
- return err_status_ok;
+ return srtp_err_status_ok;
}
uint16_t aes_icm_bytes_encrypted(aes_icm_ctx_t *c)
@@ -495,10 +477,9 @@
(cipher_set_iv_func_t) aes_icm_openssl_set_iv,
(cipher_get_tag_func_t) 0,
(char*) aes_icm_openssl_description,
- (int) 0, /* instance count */
(cipher_test_case_t*) &aes_icm_test_case_0,
(debug_module_t*) &mod_aes_icm,
- (cipher_type_id_t) AES_ICM
+ (srtp_cipher_type_id_t) AES_ICM
};
/*
@@ -515,10 +496,9 @@
(cipher_set_iv_func_t) aes_icm_openssl_set_iv,
(cipher_get_tag_func_t) 0,
(char*) aes_icm_192_openssl_description,
- (int) 0, /* instance count */
(cipher_test_case_t*) &aes_icm_192_test_case_1,
(debug_module_t*) &mod_aes_icm,
- (cipher_type_id_t) AES_192_ICM
+ (srtp_cipher_type_id_t) AES_192_ICM
};
/*
@@ -535,9 +515,8 @@
(cipher_set_iv_func_t) aes_icm_openssl_set_iv,
(cipher_get_tag_func_t) 0,
(char*) aes_icm_256_openssl_description,
- (int) 0, /* instance count */
(cipher_test_case_t*) &aes_icm_256_test_case_2,
(debug_module_t*) &mod_aes_icm,
- (cipher_type_id_t) AES_256_ICM
+ (srtp_cipher_type_id_t) AES_256_ICM
};
diff --git a/crypto/cipher/cipher.c b/crypto/cipher/cipher.c
index 15b9088..f66d32b 100644
--- a/crypto/cipher/cipher.c
+++ b/crypto/cipher/cipher.c
@@ -58,7 +58,7 @@
"cipher" /* printable module name */
};
-err_status_t
+srtp_err_status_t
cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output) {
/* zeroize the buffer */
@@ -85,11 +85,11 @@
#define NUM_RAND_TESTS 128
#define MAX_KEY_LEN 64
-err_status_t
+srtp_err_status_t
cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data) {
const cipher_test_case_t *test_case = test_data;
cipher_t *c;
- err_status_t status;
+ srtp_err_status_t status;
uint8_t buffer[SELF_TEST_BUF_OCTETS];
uint8_t buffer2[SELF_TEST_BUF_OCTETS];
int tag_len;
@@ -104,7 +104,7 @@
* return an error if we don't - we need to be paranoid here
*/
if (test_case == NULL)
- return err_status_cant_check;
+ return srtp_err_status_cant_check;
/*
* loop over all test cases, perform known-answer tests of both the
@@ -131,7 +131,7 @@
/* copy plaintext into test buffer */
if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) {
cipher_dealloc(c);
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
for (i=0; i < test_case->plaintext_length_octets; i++)
buffer[i] = test_case->plaintext[i];
@@ -191,11 +191,11 @@
/* compare the resulting ciphertext with that in the test case */
if (len != test_case->ciphertext_length_octets)
- return err_status_algo_fail;
- status = err_status_ok;
+ return srtp_err_status_algo_fail;
+ status = srtp_err_status_ok;
for (i=0; i < test_case->ciphertext_length_octets; i++)
if (buffer[i] != test_case->ciphertext[i]) {
- status = err_status_algo_fail;
+ status = srtp_err_status_algo_fail;
debug_print(mod_cipher, "test case %d failed", case_num);
debug_print(mod_cipher, "(failure at byte %d)", i);
break;
@@ -210,7 +210,7 @@
2*test_case->plaintext_length_octets));
cipher_dealloc(c);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
/*
@@ -228,7 +228,7 @@
/* copy ciphertext into test buffer */
if (test_case->ciphertext_length_octets > SELF_TEST_BUF_OCTETS) {
cipher_dealloc(c);
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
for (i=0; i < test_case->ciphertext_length_octets; i++)
buffer[i] = test_case->ciphertext[i];
@@ -273,11 +273,11 @@
/* compare the resulting plaintext with that in the test case */
if (len != test_case->plaintext_length_octets)
- return err_status_algo_fail;
- status = err_status_ok;
+ return srtp_err_status_algo_fail;
+ status = srtp_err_status_ok;
for (i=0; i < test_case->plaintext_length_octets; i++)
if (buffer[i] != test_case->plaintext[i]) {
- status = err_status_algo_fail;
+ status = srtp_err_status_algo_fail;
debug_print(mod_cipher, "test case %d failed", case_num);
debug_print(mod_cipher, "(failure at byte %d)", i);
}
@@ -291,7 +291,7 @@
2*test_case->plaintext_length_octets));
cipher_dealloc(c);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
/* deallocate the cipher */
@@ -338,7 +338,7 @@
/* choose a key at random */
if (test_case->key_length_octets > MAX_KEY_LEN)
- return err_status_cant_check;
+ return srtp_err_status_cant_check;
status = rand_source_get_octet_string(key, test_case->key_length_octets);
if (status) return status;
@@ -435,18 +435,18 @@
/* compare the resulting plaintext with the original one */
if (length != plaintext_len) {
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
- status = err_status_ok;
+ status = srtp_err_status_ok;
for (i=0; i < plaintext_len; i++)
if (buffer[i] != buffer2[i]) {
- status = err_status_algo_fail;
+ status = srtp_err_status_algo_fail;
debug_print(mod_cipher, "random test case %d failed", case_num);
debug_print(mod_cipher, "(failure at byte %d)", i);
}
if (status) {
cipher_dealloc(c);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
}
@@ -455,7 +455,7 @@
if (status)
return status;
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -464,7 +464,7 @@
* list of test data.
*/
-err_status_t
+srtp_err_status_t
cipher_type_self_test(const cipher_type_t *ct) {
return cipher_type_test(ct, ct->test_data);
}
diff --git a/crypto/cipher/null_cipher.c b/crypto/cipher/null_cipher.c
index 3cd49fb..6fcb365 100644
--- a/crypto/cipher/null_cipher.c
+++ b/crypto/cipher/null_cipher.c
@@ -56,7 +56,7 @@
extern debug_module_t mod_cipher;
-err_status_t
+srtp_err_status_t
null_cipher_alloc(cipher_t **c, int key_len, int tlen) {
extern cipher_type_t null_cipher;
uint8_t *pointer;
@@ -67,7 +67,7 @@
/* allocate memory a cipher of type null_cipher */
pointer = (uint8_t*)crypto_alloc(sizeof(null_cipher_ctx_t) + sizeof(cipher_t));
if (pointer == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
/* set pointers */
*c = (cipher_t *)pointer;
@@ -78,14 +78,11 @@
/* set key size */
(*c)->key_len = key_len;
- /* increment ref_count */
- null_cipher.ref_count++;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
null_cipher_dealloc(cipher_t *c) {
extern cipher_type_t null_cipher;
@@ -96,30 +93,27 @@
/* free memory of type null_cipher */
crypto_free(c);
- /* decrement reference count */
- null_cipher.ref_count--;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
null_cipher_init(null_cipher_ctx_t *ctx, const uint8_t *key, int key_len) {
debug_print(mod_cipher, "initializing null cipher", NULL);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
null_cipher_set_iv(null_cipher_ctx_t *c, void *iv) {
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
null_cipher_encrypt(null_cipher_ctx_t *c,
unsigned char *buf, unsigned int *bytes_to_encr) {
- return err_status_ok;
+ return srtp_err_status_ok;
}
char
@@ -155,9 +149,8 @@
(cipher_set_iv_func_t) null_cipher_set_iv,
(cipher_get_tag_func_t) 0,
(char *) null_cipher_description,
- (int) 0,
(cipher_test_case_t *) &null_cipher_test_0,
(debug_module_t *) NULL,
- (cipher_type_id_t) NULL_CIPHER
+ (srtp_cipher_type_id_t) NULL_CIPHER
};
diff --git a/crypto/hash/auth.c b/crypto/hash/auth.c
index 4ca0f03..c72024c 100644
--- a/crypto/hash/auth.c
+++ b/crypto/hash/auth.c
@@ -72,11 +72,6 @@
return a->prefix_len;
}
-int
-auth_type_get_ref_count(const auth_type_t *at) {
- return at->ref_count;
-}
-
/*
* auth_type_test() tests an auth function of type ct against
* test cases provided in a list test_data of values of key, data, and tag
@@ -86,11 +81,11 @@
/* should be big enough for most occasions */
#define SELF_TEST_TAG_BUF_OCTETS 32
-err_status_t
+srtp_err_status_t
auth_type_test(const auth_type_t *at, const auth_test_case_t *test_data) {
const auth_test_case_t *test_case = test_data;
auth_t *a;
- err_status_t status;
+ srtp_err_status_t status;
uint8_t tag[SELF_TEST_TAG_BUF_OCTETS];
int i, case_num = 0;
@@ -102,14 +97,14 @@
* return an error if we don't - we need to be paranoid here
*/
if (test_case == NULL)
- return err_status_cant_check;
+ return srtp_err_status_cant_check;
/* loop over all test cases */
while (test_case != NULL) {
/* check test case parameters */
if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/* allocate auth */
status = auth_type_alloc(at, &a, test_case->key_length_octets,
@@ -146,16 +141,16 @@
test_case->tag_length_octets));
/* check the result */
- status = err_status_ok;
+ status = srtp_err_status_ok;
for (i=0; i < test_case->tag_length_octets; i++)
if (tag[i] != test_case->tag[i]) {
- status = err_status_algo_fail;
+ status = srtp_err_status_algo_fail;
debug_print(mod_auth, "test case %d failed", case_num);
debug_print(mod_auth, " (mismatch at octet %d)", i);
}
if (status) {
auth_dealloc(a);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
/* deallocate the auth function */
@@ -171,7 +166,7 @@
++case_num;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -180,7 +175,7 @@
* list of test data.
*/
-err_status_t
+srtp_err_status_t
auth_type_self_test(const auth_type_t *at) {
return auth_type_test(at, at->test_data);
}
diff --git a/crypto/hash/hmac.c b/crypto/hash/hmac.c
index ddb75ea..b90b924 100644
--- a/crypto/hash/hmac.c
+++ b/crypto/hash/hmac.c
@@ -57,7 +57,7 @@
};
-err_status_t
+srtp_err_status_t
hmac_alloc(auth_t **a, int key_len, int out_len) {
extern auth_type_t hmac;
uint8_t *pointer;
@@ -70,16 +70,16 @@
* than 20 bytes yet
*/
if (key_len > 20)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/* check output length - should be less than 20 bytes */
if (out_len > 20)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/* allocate memory for auth and hmac_ctx_t structures */
pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t));
if (pointer == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
/* set pointers */
*a = (auth_t *)pointer;
@@ -89,13 +89,10 @@
(*a)->key_len = key_len;
(*a)->prefix_len = 0;
- /* increment global count of all hmac uses */
- hmac.ref_count++;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
hmac_dealloc(auth_t *a) {
extern auth_type_t hmac;
@@ -106,13 +103,10 @@
/* free memory */
crypto_free(a);
- /* decrement global count of all hmac uses */
- hmac.ref_count--;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len) {
int i;
uint8_t ipad[64];
@@ -122,7 +116,7 @@
* than 20 bytes yet
*/
if (key_len > 20)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/*
* set values of ipad and opad by exoring the key into the
@@ -141,36 +135,36 @@
debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64));
/* initialize sha1 context */
- sha1_init(&state->init_ctx);
+ srtp_sha1_init(&state->init_ctx);
/* hash ipad ^ key */
- sha1_update(&state->init_ctx, ipad, 64);
- memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t));
+ srtp_sha1_update(&state->init_ctx, ipad, 64);
+ memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t));
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
hmac_start(hmac_ctx_t *state) {
- memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t));
+ memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t));
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets) {
debug_print(mod_hmac, "input: %s",
octet_string_hex_string(message, msg_octets));
/* hash message into sha1 context */
- sha1_update(&state->ctx, message, msg_octets);
+ srtp_sha1_update(&state->ctx, message, msg_octets);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
hmac_compute(hmac_ctx_t *state, const void *message,
int msg_octets, int tag_len, uint8_t *result) {
uint32_t hash_value[5];
@@ -179,11 +173,11 @@
/* check tag length, return error if we can't provide the value expected */
if (tag_len > 20)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/* hash message, copy output into H */
hmac_update(state, (const uint8_t*)message, msg_octets);
- sha1_final(&state->ctx, H);
+ srtp_sha1_final(&state->ctx, H);
/*
* note that we don't need to debug_print() the input, since the
@@ -193,16 +187,16 @@
octet_string_hex_string((uint8_t *)H, 20));
/* re-initialize hash context */
- sha1_init(&state->ctx);
+ srtp_sha1_init(&state->ctx);
/* hash opad ^ key */
- sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
+ srtp_sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
/* hash the result of the inner hash */
- sha1_update(&state->ctx, (uint8_t *)H, 20);
+ srtp_sha1_update(&state->ctx, (uint8_t *)H, 20);
/* the result is returned in the array hash_value[] */
- sha1_final(&state->ctx, hash_value);
+ srtp_sha1_final(&state->ctx, hash_value);
/* copy hash_value to *result */
for (i=0; i < tag_len; i++)
@@ -211,7 +205,7 @@
debug_print(mod_hmac, "output: %s",
octet_string_hex_string((uint8_t *)hash_value, tag_len));
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -264,9 +258,8 @@
(auth_update_func) hmac_update,
(auth_start_func) hmac_start,
(char *) hmac_description,
- (int) 0, /* instance count */
(auth_test_case_t *) &hmac_test_case_0,
(debug_module_t *) &mod_hmac,
- (auth_type_id_t) HMAC_SHA1
+ (srtp_auth_type_id_t) HMAC_SHA1
};
diff --git a/crypto/hash/hmac_ossl.c b/crypto/hash/hmac_ossl.c
index f62ce57..d99efc6 100644
--- a/crypto/hash/hmac_ossl.c
+++ b/crypto/hash/hmac_ossl.c
@@ -60,7 +60,7 @@
};
-err_status_t
+srtp_err_status_t
hmac_alloc (auth_t **a, int key_len, int out_len)
{
extern auth_type_t hmac;
@@ -75,18 +75,18 @@
* than 20 bytes yet
*/
if (key_len > HMAC_KEYLEN_MAX) {
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
/* check output length - should be less than 20 bytes */
if (out_len > HMAC_KEYLEN_MAX) {
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
/* allocate memory for auth and hmac_ctx_t structures */
pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t));
if (pointer == NULL) {
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
}
/* set pointers */
@@ -99,13 +99,10 @@
new_hmac_ctx = (hmac_ctx_t*)((*a)->state);
memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t));
- /* increment global count of all hmac uses */
- hmac.ref_count++;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
hmac_dealloc (auth_t *a)
{
extern auth_type_t hmac;
@@ -126,13 +123,10 @@
/* free memory */
crypto_free(a);
- /* decrement global count of all hmac uses */
- hmac.ref_count--;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len)
{
int i;
@@ -143,7 +137,7 @@
* than 20 bytes yet
*/
if (key_len > HMAC_KEYLEN_MAX) {
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
/*
@@ -163,41 +157,41 @@
debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, sizeof(ipad)));
/* initialize sha1 context */
- sha1_init(&state->init_ctx);
+ srtp_sha1_init(&state->init_ctx);
state->init_ctx_initialized = 1;
/* hash ipad ^ key */
- sha1_update(&state->init_ctx, ipad, sizeof(ipad));
+ srtp_sha1_update(&state->init_ctx, ipad, sizeof(ipad));
return (hmac_start(state));
}
-err_status_t
+srtp_err_status_t
hmac_start (hmac_ctx_t *state)
{
if (state->ctx_initialized) {
EVP_MD_CTX_cleanup(&state->ctx);
}
if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) {
- return err_status_auth_fail;
+ return srtp_err_status_auth_fail;
} else {
state->ctx_initialized = 1;
- return err_status_ok;
+ return srtp_err_status_ok;
}
}
-err_status_t
+srtp_err_status_t
hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets)
{
debug_print(mod_hmac, "input: %s",
octet_string_hex_string(message, msg_octets));
/* hash message into sha1 context */
- sha1_update(&state->ctx, message, msg_octets);
+ srtp_sha1_update(&state->ctx, message, msg_octets);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
hmac_compute (hmac_ctx_t *state, const void *message,
int msg_octets, int tag_len, uint8_t *result)
{
@@ -207,12 +201,12 @@
/* check tag length, return error if we can't provide the value expected */
if (tag_len > HMAC_KEYLEN_MAX) {
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
/* hash message, copy output into H */
- sha1_update(&state->ctx, message, msg_octets);
- sha1_final(&state->ctx, H);
+ srtp_sha1_update(&state->ctx, message, msg_octets);
+ srtp_sha1_final(&state->ctx, H);
/*
* note that we don't need to debug_print() the input, since the
@@ -222,16 +216,16 @@
octet_string_hex_string((uint8_t*)H, sizeof(H)));
/* re-initialize hash context */
- sha1_init(&state->ctx);
+ srtp_sha1_init(&state->ctx);
/* hash opad ^ key */
- sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad));
+ srtp_sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad));
/* hash the result of the inner hash */
- sha1_update(&state->ctx, (uint8_t*)H, sizeof(H));
+ srtp_sha1_update(&state->ctx, (uint8_t*)H, sizeof(H));
/* the result is returned in the array hash_value[] */
- sha1_final(&state->ctx, hash_value);
+ srtp_sha1_final(&state->ctx, hash_value);
/* copy hash_value to *result */
for (i = 0; i < tag_len; i++) {
@@ -241,7 +235,7 @@
debug_print(mod_hmac, "output: %s",
octet_string_hex_string((uint8_t*)hash_value, tag_len));
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -294,9 +288,8 @@
(auth_update_func) hmac_update,
(auth_start_func) hmac_start,
(char*) hmac_description,
- (int) 0, /* instance count */
(auth_test_case_t*) &hmac_test_case_0,
(debug_module_t*) &mod_hmac,
- (auth_type_id_t) HMAC_SHA1
+ (srtp_auth_type_id_t) HMAC_SHA1
};
diff --git a/crypto/hash/null_auth.c b/crypto/hash/null_auth.c
index 73fd918..26032d7 100644
--- a/crypto/hash/null_auth.c
+++ b/crypto/hash/null_auth.c
@@ -55,7 +55,7 @@
extern debug_module_t mod_auth;
-err_status_t
+srtp_err_status_t
null_auth_alloc(auth_t **a, int key_len, int out_len) {
extern auth_type_t null_auth;
uint8_t *pointer;
@@ -66,7 +66,7 @@
/* allocate memory for auth and null_auth_ctx_t structures */
pointer = (uint8_t*)crypto_alloc(sizeof(null_auth_ctx_t) + sizeof(auth_t));
if (pointer == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
/* set pointers */
*a = (auth_t *)pointer;
@@ -76,13 +76,10 @@
(*a)->prefix_len = out_len;
(*a)->key_len = key_len;
- /* increment global count of all null_auth uses */
- null_auth.ref_count++;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
null_auth_dealloc(auth_t *a) {
extern auth_type_t null_auth;
@@ -93,37 +90,34 @@
/* free memory */
crypto_free(a);
- /* decrement global count of all null_auth uses */
- null_auth.ref_count--;
-
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
null_auth_init(null_auth_ctx_t *state, const uint8_t *key, int key_len) {
/* accept any length of key, and do nothing */
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
null_auth_compute(null_auth_ctx_t *state, uint8_t *message,
int msg_octets, int tag_len, uint8_t *result) {
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
null_auth_update(null_auth_ctx_t *state, uint8_t *message,
int msg_octets) {
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
null_auth_start(null_auth_ctx_t *state) {
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -157,9 +151,8 @@
(auth_update_func) null_auth_update,
(auth_start_func) null_auth_start,
(char *) null_auth_description,
- (int) 0, /* instance count */
(auth_test_case_t *) &null_auth_test_case_0,
(debug_module_t *) NULL,
- (auth_type_id_t) NULL_AUTH
+ (srtp_auth_type_id_t) NULL_AUTH
};
diff --git a/crypto/hash/sha1.c b/crypto/hash/sha1.c
index c200437..29c2e62 100644
--- a/crypto/hash/sha1.c
+++ b/crypto/hash/sha1.c
@@ -77,17 +77,17 @@
uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */
void
-sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) {
- sha1_ctx_t ctx;
+srtp_sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) {
+ srtp_sha1_ctx_t ctx;
- sha1_init(&ctx);
- sha1_update(&ctx, msg, octets_in_msg);
- sha1_final(&ctx, hash_value);
+ srtp_sha1_init(&ctx);
+ srtp_sha1_update(&ctx, msg, octets_in_msg);
+ srtp_sha1_final(&ctx, hash_value);
}
/*
- * sha1_core(M, H) computes the core compression function, where M is
+ * srtp_sha1_core(M, H) computes the core compression function, where M is
* the next part of the message (in network byte order) and H is the
* intermediate state { H0, H1, ...} (in host byte order)
*
@@ -99,7 +99,7 @@
*/
void
-sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
+srtp_sha1_core(const uint32_t M[16], uint32_t hash_value[5]) {
uint32_t H0;
uint32_t H1;
uint32_t H2;
@@ -186,7 +186,7 @@
}
void
-sha1_init(sha1_ctx_t *ctx) {
+srtp_sha1_init(srtp_sha1_ctx_t *ctx) {
/* initialize state vector */
ctx->H[0] = 0x67452301;
@@ -204,7 +204,7 @@
}
void
-sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
+srtp_sha1_update(srtp_sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) {
int i;
uint8_t *buf = (uint8_t *)ctx->M;
@@ -227,13 +227,13 @@
/* process a whole block */
- debug_print(mod_sha1, "(update) running sha1_core()", NULL);
+ debug_print(mod_sha1, "(update) running srtp_sha1_core()", NULL);
- sha1_core(ctx->M, ctx->H);
+ srtp_sha1_core(ctx->M, ctx->H);
} else {
- debug_print(mod_sha1, "(update) not running sha1_core()", NULL);
+ debug_print(mod_sha1, "(update) not running srtp_sha1_core()", NULL);
for (i=ctx->octets_in_buffer;
i < (ctx->octets_in_buffer + octets_in_msg); i++)
@@ -247,12 +247,12 @@
}
/*
- * sha1_final(ctx, output) computes the result for ctx and copies it
+ * srtp_sha1_final(ctx, output) computes the result for ctx and copies it
* into the twenty octets located at *output
*/
void
-sha1_final(sha1_ctx_t *ctx, uint32_t *output) {
+srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t *output) {
uint32_t A, B, C, D, E, TEMP;
uint32_t W[80];
int i, t;
@@ -339,11 +339,11 @@
}
- debug_print(mod_sha1, "(final) running sha1_core()", NULL);
+ debug_print(mod_sha1, "(final) running srtp_sha1_core()", NULL);
if (ctx->octets_in_buffer >= 56) {
- debug_print(mod_sha1, "(final) running sha1_core() again", NULL);
+ debug_print(mod_sha1, "(final) running srtp_sha1_core() again", NULL);
/* we need to do one final run of the compression algo */
diff --git a/crypto/include/aes.h b/crypto/include/aes.h
index d88ce40..5fc7767 100644
--- a/crypto/include/aes.h
+++ b/crypto/include/aes.h
@@ -57,15 +57,15 @@
int num_rounds;
} aes_expanded_key_t;
-err_status_t
-aes_expand_encryption_key(const uint8_t *key,
- int key_len,
- aes_expanded_key_t *expanded_key);
+srtp_err_status_t aes_expand_encryption_key(
+ const uint8_t *key,
+ int key_len,
+ aes_expanded_key_t *expanded_key);
-err_status_t
-aes_expand_decryption_key(const uint8_t *key,
- int key_len,
- aes_expanded_key_t *expanded_key);
+srtp_err_status_t aes_expand_decryption_key(
+ const uint8_t *key,
+ int key_len,
+ aes_expanded_key_t *expanded_key);
void
aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key);
diff --git a/crypto/include/aes_cbc.h b/crypto/include/aes_cbc.h
index f92591d..81a0409 100644
--- a/crypto/include/aes_cbc.h
+++ b/crypto/include/aes_cbc.h
@@ -22,31 +22,17 @@
aes_expanded_key_t expanded_key; /* the cipher key */
} aes_cbc_ctx_t;
-err_status_t
-aes_cbc_set_key(aes_cbc_ctx_t *c,
- const unsigned char *key);
+srtp_err_status_t aes_cbc_set_key(aes_cbc_ctx_t *c, const unsigned char *key);
-err_status_t
-aes_cbc_encrypt(aes_cbc_ctx_t *c,
- unsigned char *buf,
- unsigned int *bytes_in_data);
+srtp_err_status_t aes_cbc_encrypt(aes_cbc_ctx_t *c, unsigned char *buf, unsigned int *bytes_in_data);
-err_status_t
-aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key,
- int key_len);
+srtp_err_status_t aes_cbc_context_init(aes_cbc_ctx_t *c, const uint8_t *key, int key_len);
-err_status_t
-aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv, int direction);
+srtp_err_status_t aes_cbc_set_iv(aes_cbc_ctx_t *c, void *iv, int direction);
-err_status_t
-aes_cbc_nist_encrypt(aes_cbc_ctx_t *c,
- unsigned char *data,
- unsigned int *bytes_in_data);
+srtp_err_status_t aes_cbc_nist_encrypt(aes_cbc_ctx_t *c, unsigned char *data, unsigned int *bytes_in_data);
-err_status_t
-aes_cbc_nist_decrypt(aes_cbc_ctx_t *c,
- unsigned char *data,
- unsigned int *bytes_in_data);
+srtp_err_status_t aes_cbc_nist_decrypt(aes_cbc_ctx_t *c, unsigned char *data, unsigned int *bytes_in_data);
#endif /* AES_CBC_H */
diff --git a/crypto/include/aes_icm.h b/crypto/include/aes_icm.h
index 8b9f4ce..1356486 100644
--- a/crypto/include/aes_icm.h
+++ b/crypto/include/aes_icm.h
@@ -23,38 +23,26 @@
} aes_icm_ctx_t;
-err_status_t
-aes_icm_context_init(aes_icm_ctx_t *c,
- const unsigned char *key,
- int key_len);
+srtp_err_status_t aes_icm_context_init(aes_icm_ctx_t *c,
+ const unsigned char *key,
+ int key_len);
-err_status_t
-aes_icm_set_iv(aes_icm_ctx_t *c, void *iv, int direction);
+srtp_err_status_t aes_icm_set_iv(aes_icm_ctx_t *c, void *iv, int direction);
-err_status_t
-aes_icm_encrypt(aes_icm_ctx_t *c,
- unsigned char *buf, unsigned int *bytes_to_encr);
+srtp_err_status_t aes_icm_encrypt(aes_icm_ctx_t *c, unsigned char *buf, unsigned int *bytes_to_encr);
-err_status_t
-aes_icm_output(aes_icm_ctx_t *c,
- unsigned char *buf, unsigned int bytes_to_output);
+srtp_err_status_t aes_icm_output(aes_icm_ctx_t *c, unsigned char *buf, unsigned int bytes_to_output);
-err_status_t
-aes_icm_dealloc(cipher_t *c);
+srtp_err_status_t aes_icm_dealloc(cipher_t *c);
-err_status_t
-aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
- unsigned char *buf,
- unsigned int *enc_len,
- int forIsmacryp);
+srtp_err_status_t aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
+ unsigned char *buf,
+ unsigned int *enc_len,
+ int forIsmacryp);
-err_status_t
-aes_icm_alloc_ismacryp(cipher_t **c,
- int key_len,
- int forIsmacryp);
+srtp_err_status_t aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int forIsmacryp);
-uint16_t
-aes_icm_bytes_encrypted(aes_icm_ctx_t *c);
+uint16_t aes_icm_bytes_encrypted(aes_icm_ctx_t *c);
#endif /* AES_ICM_H */
diff --git a/crypto/include/aes_icm_ossl.h b/crypto/include/aes_icm_ossl.h
index 90ec954..3d3864e 100644
--- a/crypto/include/aes_icm_ossl.h
+++ b/crypto/include/aes_icm_ossl.h
@@ -66,9 +66,9 @@
EVP_CIPHER_CTX ctx;
} aes_icm_ctx_t;
-err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir);
-err_status_t aes_icm_openssl_context_init(aes_icm_ctx_t *c, const uint8_t *key, int len);
-err_status_t aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output);
+srtp_err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir);
+srtp_err_status_t aes_icm_openssl_context_init(aes_icm_ctx_t *c, const uint8_t *key, int len);
+srtp_err_status_t aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output);
uint16_t aes_icm_bytes_encrypted(aes_icm_ctx_t *c);
diff --git a/crypto/include/auth.h b/crypto/include/auth.h
index 5b5e4b2..84f9ad2 100644
--- a/crypto/include/auth.h
+++ b/crypto/include/auth.h
@@ -46,33 +46,32 @@
#ifndef AUTH_H
#define AUTH_H
+#include "srtp.h"
#include "datatypes.h"
#include "err.h" /* error codes */
-#include "crypto.h" /* for auth_type_id_t */
#include "crypto_types.h" /* for values of auth_type_id_t */
typedef struct auth_type_t *auth_type_pointer;
typedef struct auth_t *auth_pointer_t;
-typedef err_status_t (*auth_alloc_func)
+typedef srtp_err_status_t (*auth_alloc_func)
(auth_pointer_t *ap, int key_len, int out_len);
-typedef err_status_t (*auth_init_func)
+typedef srtp_err_status_t (*auth_init_func)
(void *state, const uint8_t *key, int key_len);
-typedef err_status_t (*auth_dealloc_func)(auth_pointer_t ap);
+typedef srtp_err_status_t (*auth_dealloc_func)(auth_pointer_t ap);
-typedef err_status_t (*auth_compute_func)
+typedef srtp_err_status_t (*auth_compute_func)
(void *state, uint8_t *buffer, int octets_to_auth,
int tag_len, uint8_t *tag);
-typedef err_status_t (*auth_update_func)
+typedef srtp_err_status_t (*auth_update_func)
(void *state, uint8_t *buffer, int octets_to_auth);
-typedef err_status_t (*auth_start_func)(void *state);
+typedef srtp_err_status_t (*auth_start_func)(void *state);
/* some syntactic sugar on these function types */
-
#define auth_type_alloc(at, a, klen, outlen) \
((at)->alloc((a), (klen), (outlen)))
@@ -90,7 +89,6 @@
#define auth_dealloc(c) (((c)->type)->dealloc(c))
/* functions to get information about a particular auth_t */
-
int
auth_get_key_length(const struct auth_t *a);
@@ -107,7 +105,6 @@
* correcness of the implementation. (see the auth_type_self_test()
* function below)
*/
-
typedef struct auth_test_case_t {
int key_length_octets; /* octets in key */
uint8_t *key; /* key */
@@ -119,7 +116,6 @@
} auth_test_case_t;
/* auth_type_t */
-
typedef struct auth_type_t {
auth_alloc_func alloc;
auth_dealloc_func dealloc;
@@ -128,10 +124,9 @@
auth_update_func update;
auth_start_func start;
char *description;
- int ref_count;
auth_test_case_t *test_data;
debug_module_t *debug;
- auth_type_id_t id;
+ srtp_auth_type_id_t id;
} auth_type_t;
typedef struct auth_t {
@@ -147,25 +142,13 @@
* provided in an array of values of key/message/tag that is known to
* be good
*/
-
-err_status_t
-auth_type_self_test(const auth_type_t *at);
+srtp_err_status_t auth_type_self_test(const auth_type_t *at);
/*
* auth_type_test() tests an auth_type against external test cases
* provided in an array of values of key/message/tag that is known to
* be good
*/
-
-err_status_t
-auth_type_test(const auth_type_t *at, const auth_test_case_t *test_data);
-
-/*
- * auth_type_get_ref_count(at) returns the reference count (the number
- * of instantiations) of the auth_type_t at
- */
-
-int
-auth_type_get_ref_count(const auth_type_t *at);
+srtp_err_status_t auth_type_test(const auth_type_t *at, const auth_test_case_t *test_data);
#endif /* AUTH_H */
diff --git a/crypto/include/cipher.h b/crypto/include/cipher.h
index d0d6b57..2db7183 100644
--- a/crypto/include/cipher.h
+++ b/crypto/include/cipher.h
@@ -46,21 +46,20 @@
#ifndef CIPHER_H
#define CIPHER_H
+#include "srtp.h"
#include "datatypes.h"
#include "rdbx.h" /* for xtd_seq_num_t */
#include "err.h" /* for error codes */
-#include "crypto.h" /* for cipher_type_id_t */
#include "crypto_types.h" /* for values of cipher_type_id_t */
-/**
- * @brief cipher_direction_t defines a particular cipher operation.
+/*
+ * cipher_direction_t defines a particular cipher operation.
*
* A cipher_direction_t is an enum that describes a particular cipher
* operation, i.e. encryption or decryption. For some ciphers, this
* distinction does not matter, but for others, it is essential.
*/
-
typedef enum {
direction_encrypt, /**< encryption (convert plaintext to ciphertext) */
direction_decrypt, /**< decryption (convert ciphertext to plaintext) */
@@ -71,62 +70,54 @@
* the cipher_pointer and cipher_type_pointer definitions are needed
* as cipher_t and cipher_type_t are not yet defined
*/
-
typedef struct cipher_type_t *cipher_type_pointer_t;
typedef struct cipher_t *cipher_pointer_t;
/*
* a cipher_alloc_func_t allocates (but does not initialize) a cipher_t
*/
-
-typedef err_status_t (*cipher_alloc_func_t)
+typedef srtp_err_status_t (*cipher_alloc_func_t)
(cipher_pointer_t *cp, int key_len, int tag_len);
/*
* a cipher_init_func_t [re-]initializes a cipher_t with a given key
*/
-
-typedef err_status_t (*cipher_init_func_t)
+typedef srtp_err_status_t (*cipher_init_func_t)
(void *state, const uint8_t *key, int key_len);
/* a cipher_dealloc_func_t de-allocates a cipher_t */
-
-typedef err_status_t (*cipher_dealloc_func_t)(cipher_pointer_t cp);
+typedef srtp_err_status_t (*cipher_dealloc_func_t)(cipher_pointer_t cp);
/* a cipher_set_segment_func_t sets the segment index of a cipher_t */
-
-typedef err_status_t (*cipher_set_segment_func_t)
+typedef srtp_err_status_t (*cipher_set_segment_func_t)
(void *state, xtd_seq_num_t idx);
/*
* a cipher_set_aad_func_t processes the AAD data for AEAD ciphers
*/
-typedef err_status_t (*cipher_set_aad_func_t)
+typedef srtp_err_status_t (*cipher_set_aad_func_t)
(void *state, uint8_t *aad, unsigned int aad_len);
/* a cipher_encrypt_func_t encrypts data in-place */
-
-typedef err_status_t (*cipher_encrypt_func_t)
+typedef srtp_err_status_t (*cipher_encrypt_func_t)
(void *state, uint8_t *buffer, unsigned int *octets_to_encrypt);
/* a cipher_decrypt_func_t decrypts data in-place */
-
-typedef err_status_t (*cipher_decrypt_func_t)
+typedef srtp_err_status_t (*cipher_decrypt_func_t)
(void *state, uint8_t *buffer, unsigned int *octets_to_decrypt);
/*
* a cipher_set_iv_func_t function sets the current initialization vector
*/
-
-typedef err_status_t (*cipher_set_iv_func_t)
+typedef srtp_err_status_t (*cipher_set_iv_func_t)
(cipher_pointer_t cp, void *iv, cipher_direction_t direction);
/*
* a cipher_get_tag_funct_t function is used to get the authentication
* tag that was calculated by an AEAD cipher.
*/
-typedef err_status_t (*cipher_get_tag_func_t)
+typedef srtp_err_status_t (*cipher_get_tag_func_t)
(void *state, void *tag, int *len);
@@ -137,7 +128,6 @@
* in an on-the-fly self test of the correcness of the implementation.
* (see the cipher_type_self_test() function below)
*/
-
typedef struct cipher_test_case_t {
int key_length_octets; /* octets in key */
uint8_t *key; /* key */
@@ -153,7 +143,6 @@
} cipher_test_case_t;
/* cipher_type_t defines the 'metadata' for a particular cipher type */
-
typedef struct cipher_type_t {
cipher_alloc_func_t alloc;
cipher_dealloc_func_t dealloc;
@@ -164,17 +153,15 @@
cipher_set_iv_func_t set_iv;
cipher_get_tag_func_t get_tag;
char *description;
- int ref_count;
cipher_test_case_t *test_data;
debug_module_t *debug;
- cipher_type_id_t id;
+ srtp_cipher_type_id_t id;
} cipher_type_t;
/*
* cipher_t defines an instantiation of a particular cipher, with fixed
* key length, key and salt values
*/
-
typedef struct cipher_t {
cipher_type_t *type;
void *state;
@@ -183,7 +170,6 @@
} cipher_t;
/* some syntactic sugar on these function types */
-
#define cipher_type_alloc(ct, c, klen, tlen) ((ct)->alloc((c), (klen), (tlen)))
#define cipher_dealloc(c) (((c)->type)->dealloc(c))
@@ -201,20 +187,17 @@
#define cipher_set_iv(c, n, dir) \
((c) ? (((c)->type)->set_iv(((cipher_pointer_t)(c)->state), (n), (dir))) : \
- err_status_no_such_op)
+ srtp_err_status_no_such_op)
#define cipher_set_aad(c, a, l) \
(((c) && (((c)->type)->set_aad)) ? \
(((c)->type)->set_aad(((c)->state), (a), (l))) : \
- err_status_no_such_op)
+ srtp_err_status_no_such_op)
-err_status_t
-cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output);
+srtp_err_status_t cipher_output(cipher_t *c, uint8_t *buffer, int num_octets_to_output);
/* some bookkeeping functions */
-
-int
-cipher_get_key_length(const cipher_t *c);
+int cipher_get_key_length(const cipher_t *c);
/*
@@ -222,9 +205,7 @@
* an array of values of key/xtd_seq_num_t/plaintext/ciphertext
* that is known to be good
*/
-
-err_status_t
-cipher_type_self_test(const cipher_type_t *ct);
+srtp_err_status_t cipher_type_self_test(const cipher_type_t *ct);
/*
@@ -232,9 +213,7 @@
* an array of values of key/xtd_seq_num_t/plaintext/ciphertext
* that is known to be good
*/
-
-err_status_t
-cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data);
+srtp_err_status_t cipher_type_test(const cipher_type_t *ct, const cipher_test_case_t *test_data);
/*
@@ -247,8 +226,6 @@
*
* if an error is encountered, then the value 0 is returned
*/
-
-uint64_t
-cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials);
+uint64_t cipher_bits_per_second(cipher_t *c, int octets_in_buffer, int num_trials);
#endif /* CIPHER_H */
diff --git a/crypto/include/crypto.h b/crypto/include/crypto.h
deleted file mode 100644
index 0e9667d..0000000
--- a/crypto/include/crypto.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * crypto.h
- *
- * API for libcrypto
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-#ifndef CRYPTO_H
-#define CRYPTO_H
-
-/**
- * @brief A cipher_type_id_t is an identifier for a particular cipher
- * type.
- *
- * A cipher_type_id_t is an integer that represents a particular
- * cipher type, e.g. the Advanced Encryption Standard (AES). A
- * NULL_CIPHER is avaliable; this cipher leaves the data unchanged,
- * and can be selected to indicate that no encryption is to take
- * place.
- *
- * @ingroup Ciphers
- */
-typedef uint32_t cipher_type_id_t;
-
-/**
- * @brief An auth_type_id_t is an identifier for a particular authentication
- * function.
- *
- * An auth_type_id_t is an integer that represents a particular
- * authentication function type, e.g. HMAC-SHA1. A NULL_AUTH is
- * avaliable; this authentication function performs no computation,
- * and can be selected to indicate that no authentication is to take
- * place.
- *
- * @ingroup Authentication
- */
-typedef uint32_t auth_type_id_t;
-
-#endif /* CRYPTO_H */
-
-
diff --git a/crypto/include/crypto_kernel.h b/crypto/include/crypto_kernel.h
index caccfa0..b4b9886 100644
--- a/crypto/include/crypto_kernel.h
+++ b/crypto/include/crypto_kernel.h
@@ -55,7 +55,6 @@
#include "err.h"
#include "crypto_types.h"
#include "key.h"
-#include "crypto.h"
/*
* crypto_kernel_state_t defines the possible states:
@@ -63,7 +62,6 @@
* insecure - not yet initialized
* secure - initialized and passed self-tests
*/
-
typedef enum {
crypto_kernel_state_insecure,
crypto_kernel_state_secure
@@ -72,9 +70,8 @@
/*
* linked list of cipher types
*/
-
typedef struct kernel_cipher_type {
- cipher_type_id_t id;
+ srtp_cipher_type_id_t id;
cipher_type_t *cipher_type;
struct kernel_cipher_type *next;
} kernel_cipher_type_t;
@@ -82,9 +79,8 @@
/*
* linked list of auth types
*/
-
typedef struct kernel_auth_type {
- auth_type_id_t id;
+ srtp_auth_type_id_t id;
auth_type_t *auth_type;
struct kernel_auth_type *next;
} kernel_auth_type_t;
@@ -92,7 +88,6 @@
/*
* linked list of debug modules
*/
-
typedef struct kernel_debug_module {
debug_module_t *mod;
struct kernel_debug_module *next;
@@ -105,7 +100,6 @@
* note that there is *exactly one* instance of this data type,
* a global variable defined in crypto_kernel.c
*/
-
typedef struct {
crypto_kernel_state_t state; /* current state of kernel */
kernel_cipher_type_t *cipher_type_list; /* list of all cipher types */
@@ -130,9 +124,7 @@
* If any value other than err_status_ok is returned, the
* crypto_kernel MUST NOT be used.
*/
-
-err_status_t
-crypto_kernel_init(void);
+srtp_err_status_t crypto_kernel_init(void);
/*
@@ -145,9 +137,7 @@
* <other> shutdown failure
*
*/
-
-err_status_t
-crypto_kernel_shutdown(void);
+srtp_err_status_t crypto_kernel_shutdown(void);
/*
* The function crypto_kernel_stats() checks the the crypto_kernel,
@@ -158,29 +148,22 @@
* <other> a test failed
*
*/
-
-err_status_t
-crypto_kernel_status(void);
+srtp_err_status_t crypto_kernel_status(void);
/*
* crypto_kernel_list_debug_modules() outputs a list of debugging modules
*
*/
-
-err_status_t
-crypto_kernel_list_debug_modules(void);
+srtp_err_status_t crypto_kernel_list_debug_modules(void);
/*
* crypto_kernel_load_cipher_type()
*
*/
+srtp_err_status_t crypto_kernel_load_cipher_type(cipher_type_t *ct, srtp_cipher_type_id_t id);
-err_status_t
-crypto_kernel_load_cipher_type(cipher_type_t *ct, cipher_type_id_t id);
-
-err_status_t
-crypto_kernel_load_auth_type(auth_type_t *ct, auth_type_id_t id);
+srtp_err_status_t crypto_kernel_load_auth_type(auth_type_t *ct, srtp_auth_type_id_t id);
/*
* crypto_kernel_replace_cipher_type(ct, id)
@@ -189,8 +172,7 @@
* with a new one passed in externally. The new cipher must pass all the
* existing cipher_type's self tests as well as its own.
*/
-err_status_t
-crypto_kernel_replace_cipher_type(cipher_type_t *ct, cipher_type_id_t id);
+srtp_err_status_t crypto_kernel_replace_cipher_type(cipher_type_t *ct, srtp_cipher_type_id_t id);
/*
@@ -200,12 +182,10 @@
* with a new one passed in externally. The new auth type must pass all the
* existing auth_type's self tests as well as its own.
*/
-err_status_t
-crypto_kernel_replace_auth_type(auth_type_t *ct, auth_type_id_t id);
+srtp_err_status_t crypto_kernel_replace_auth_type(auth_type_t *ct, srtp_auth_type_id_t id);
-err_status_t
-crypto_kernel_load_debug_module(debug_module_t *new_dm);
+srtp_err_status_t crypto_kernel_load_debug_module(debug_module_t *new_dm);
/*
* crypto_kernel_alloc_cipher(id, cp, key_len);
@@ -217,12 +197,7 @@
* err_status_alloc_fail an allocation failure occured
* err_status_fail couldn't find cipher with identifier 'id'
*/
-
-err_status_t
-crypto_kernel_alloc_cipher(cipher_type_id_t id,
- cipher_pointer_t *cp,
- int key_len,
- int tag_len);
+srtp_err_status_t crypto_kernel_alloc_cipher(srtp_cipher_type_id_t id, cipher_pointer_t *cp, int key_len, int tag_len);
/*
* crypto_kernel_alloc_auth(id, ap, key_len, tag_len);
@@ -235,12 +210,7 @@
* err_status_alloc_fail an allocation failure occured
* err_status_fail couldn't find auth with identifier 'id'
*/
-
-err_status_t
-crypto_kernel_alloc_auth(auth_type_id_t id,
- auth_pointer_t *ap,
- int key_len,
- int tag_len);
+srtp_err_status_t crypto_kernel_alloc_auth(srtp_auth_type_id_t id, auth_pointer_t *ap, int key_len, int tag_len);
/*
@@ -251,31 +221,6 @@
*
* returns err_status_ok on success, err_status_fail otherwise
*/
+srtp_err_status_t crypto_kernel_set_debug_module(char *mod_name, int v);
-err_status_t
-crypto_kernel_set_debug_module(char *mod_name, int v);
-
-/**
- * @brief writes a random octet string.
- *
- * The function call crypto_get_random(dest, len) writes len octets of
- * random data to the location to which dest points, and returns an
- * error code. This error code @b must be checked, and if a failure is
- * reported, the data in the buffer @b must @b not be used.
- *
- * @warning If the return code is not checked, then non-random
- * data may be in the buffer. This function will fail
- * unless it is called after crypto_kernel_init().
- *
- * @return
- * - err_status_ok if no problems occured.
- * - [other] a problem occured, and no assumptions should
- * be made about the contents of the destination
- * buffer.
- *
- * @ingroup SRTP
- */
-err_status_t
-crypto_get_random(unsigned char *buffer, unsigned int length);
-
#endif /* CRYPTO_KERNEL */
diff --git a/crypto/include/crypto_types.h b/crypto/include/crypto_types.h
index dbb50c3..40961d8 100644
--- a/crypto/include/crypto_types.h
+++ b/crypto/include/crypto_types.h
@@ -45,50 +45,8 @@
#ifndef CRYPTO_TYPES_H
#define CRYPTO_TYPES_H
-/**
- * @defgroup Algos Cryptographic Algorithms
- *
- *
- * This library provides several different cryptographic algorithms,
- * each of which can be selected by using the cipher_type_id_t and
- * auth_type_id_t. These algorithms are documented below.
- *
- * Authentication functions that use the Universal Security Transform
- * (UST) must be used in conjunction with a cipher other than the null
- * cipher. These functions require a per-message pseudorandom input
- * that is generated by the cipher.
- *
- * The identifiers STRONGHOLD_AUTH and STRONGHOLD_CIPHER identify the
- * strongest available authentication function and cipher,
- * respectively. They are resolved at compile time to the strongest
- * available algorithm. The stronghold algorithms can serve as did
- * the keep of a medieval fortification; they provide the strongest
- * defense (or the last refuge).
- *
- * @{
- */
-
-/**
- * @defgroup Ciphers Cipher Types
- *
- * @brief Each cipher type is identified by an unsigned integer. The
- * cipher types available in this edition of libSRTP are given
- * by the #defines below.
- *
- * A cipher_type_id_t is an identifier for a cipher_type; only values
- * given by the #defines above (or those present in the file
- * crypto_types.h) should be used.
- *
- * The identifier STRONGHOLD_CIPHER indicates the strongest available
- * cipher, allowing an application to choose the strongest available
- * algorithm without any advance knowledge about the avaliable
- * algorithms.
- *
- * @{
- */
-
-/**
- * @brief The null cipher performs no encryption.
+/*
+ * The null cipher performs no encryption.
*
* The NULL_CIPHER leaves its inputs unaltered, during both the
* encryption and decryption operations. This cipher can be chosen
@@ -96,8 +54,8 @@
*/
#define NULL_CIPHER 0
-/**
- * @brief AES Integer Counter Mode (AES ICM)
+/*
+ * AES Integer Counter Mode (AES ICM)
*
* AES ICM is the variant of counter mode that is used by Secure RTP.
* This cipher uses a 16-, 24-, or 32-octet key concatenated with a
@@ -105,107 +63,80 @@
*/
#define AES_ICM 1
-/**
- * @brief AES-128 Integer Counter Mode (AES ICM)
+/*
+ * AES-128 Integer Counter Mode (AES ICM)
* AES-128 ICM is a deprecated alternate name for AES ICM.
*/
#define AES_128_ICM AES_ICM
-/**
- * @brief SEAL 3.0
+/*
+ * SEAL 3.0
*
* SEAL is the Software-Optimized Encryption Algorithm of Coppersmith
* and Rogaway. Nota bene: this cipher is IBM proprietary.
*/
#define SEAL 2
-/**
- * @brief AES Cipher Block Chaining mode (AES CBC)
+/*
+ * AES Cipher Block Chaining mode (AES CBC)
*
* AES CBC is the AES Cipher Block Chaining mode.
* This cipher uses a 16-, 24-, or 32-octet key.
*/
#define AES_CBC 3
-/**
- * @brief AES-128 Cipher Block Chaining mode (AES CBC)
+/*
+ * AES-128 Cipher Block Chaining mode (AES CBC)
*
* AES-128 CBC is a deprecated alternate name for AES CBC.
*/
#define AES_128_CBC AES_CBC
-/**
- * @brief Strongest available cipher.
+/*
+ * Strongest available cipher.
*
* This identifier resolves to the strongest cipher type available.
*/
#define STRONGHOLD_CIPHER AES_ICM
-/**
- * @brief AES-192 Integer Counter Mode (AES ICM)
+/*
+ * AES-192 Integer Counter Mode (AES ICM)
* AES-192 ICM is a deprecated alternate name for AES ICM.
*/
#define AES_192_ICM 4
-/**
- * @brief AES-256 Integer Counter Mode (AES ICM)
+/*
+ * AES-256 Integer Counter Mode (AES ICM)
* AES-256 ICM is a deprecated alternate name for AES ICM.
*/
#define AES_256_ICM 5
-/**
- * @brief AES-128_GCM Galois Counter Mode (AES GCM)
+/*
+ * AES-128_GCM Galois Counter Mode (AES GCM)
*
* AES-128 GCM is the variant of galois counter mode that is used by
* Secure RTP. This cipher uses a 16-octet key.
*/
#define AES_128_GCM 6
-/**
- * @brief AES-256_GCM Galois Counter Mode (AES GCM)
+/*
+ * AES-256_GCM Galois Counter Mode (AES GCM)
*
* AES-256 GCM is the variant of galois counter mode that is used by
* Secure RTP. This cipher uses a 32-octet key.
*/
#define AES_256_GCM 7
-/**
- * @}
- */
-
-
-
-/**
- * @defgroup Authentication Authentication Function Types
- *
- * @brief Each authentication function type is identified by an
- * unsigned integer. The authentication function types available in
- * this edition of libSRTP are given by the #defines below.
- *
- * An auth_type_id_t is an identifier for an authentication function type;
- * only values given by the #defines above (or those present in the
- * file crypto_types.h) should be used.
- *
- * The identifier STRONGHOLD_AUTH indicates the strongest available
- * authentication function, allowing an application to choose the
- * strongest available algorithm without any advance knowledge about
- * the avaliable algorithms. The stronghold algorithms can serve as
- * did the keep of a medieval fortification; they provide the
- * strongest defense (or the last refuge).
- *
- * @{
- */
-
-/**
- * @brief The null authentication function performs no authentication.
+/*
+ * The null authentication function performs no authentication.
*
* The NULL_AUTH function does nothing, and can be selected to indicate
* that authentication should not be performed.
*/
#define NULL_AUTH 0
-/**
- * @brief UST with TMMH Version 2
+/*
+ * UST with TMMH Version 2
*
* UST_TMMHv2 implements the Truncated Multi-Modular Hash using
* UST. This function must be used in conjunction with a cipher other
@@ -214,35 +145,28 @@
*/
#define UST_TMMHv2 1
-/**
- * @brief (UST) AES-128 XORMAC
+/*
+ * (UST) AES-128 XORMAC
*
* UST_AES_128_XMAC implements AES-128 XORMAC, using UST. Nota bene:
* the XORMAC algorithm is IBM proprietary.
*/
#define UST_AES_128_XMAC 2
-/**
- * @brief HMAC-SHA1
+/*
+ * HMAC-SHA1
*
* HMAC_SHA1 implements the Hash-based MAC using the NIST Secure
* Hash Algorithm version 1 (SHA1).
*/
#define HMAC_SHA1 3
-/**
- * @brief Strongest available authentication function.
+/*
+ * Strongest available authentication function.
*
* This identifier resolves to the strongest available authentication
* function.
*/
#define STRONGHOLD_AUTH HMAC_SHA1
-/**
- * @}
- */
-/**
- * @}
- */
-
#endif /* CRYPTO_TYPES_H */
diff --git a/crypto/include/cryptoalg.h b/crypto/include/cryptoalg.h
index d9f0441..bba9844 100644
--- a/crypto/include/cryptoalg.h
+++ b/crypto/include/cryptoalg.h
@@ -80,7 +80,7 @@
*
*/
-typedef err_status_t (*cryptoalg_func_t)
+typedef srtp_err_status_t (*cryptoalg_func_t)
(void *key,
const void *clear,
unsigned clear_len,
@@ -88,8 +88,7 @@
void *protect,
unsigned *protected_len);
-typedef
-err_status_t (*cryptoalg_inv_t)
+typedef srtp_err_status_t (*cryptoalg_inv_t)
(void *key, /* location of secret key */
const void *clear, /* data to be authenticated only */
unsigned clear_len, /* length of data to be authenticated only */
diff --git a/crypto/include/err.h b/crypto/include/err.h
index 4f401a6..7858d47 100644
--- a/crypto/include/err.h
+++ b/crypto/include/err.h
@@ -48,52 +48,17 @@
#include <stdio.h>
#include <stdarg.h>
+#include "srtp.h"
/**
* @defgroup Error Error Codes
*
- * Error status codes are represented by the enumeration err_status_t.
+ * Error status codes are represented by the enumeration srtp_err_status_t.
*
* @{
*/
-/*
- * @brief err_status_t defines error codes.
- *
- * The enumeration err_status_t defines error codes. Note that the
- * value of err_status_ok is equal to zero, which can simplify error
- * checking somewhat.
- *
- */
-typedef enum {
- err_status_ok = 0, /**< nothing to report */
- err_status_fail = 1, /**< unspecified failure */
- err_status_bad_param = 2, /**< unsupported parameter */
- err_status_alloc_fail = 3, /**< couldn't allocate memory */
- err_status_dealloc_fail = 4, /**< couldn't deallocate properly */
- err_status_init_fail = 5, /**< couldn't initialize */
- err_status_terminus = 6, /**< can't process as much data as requested */
- err_status_auth_fail = 7, /**< authentication failure */
- err_status_cipher_fail = 8, /**< cipher failure */
- err_status_replay_fail = 9, /**< replay check failed (bad index) */
- err_status_replay_old = 10, /**< replay check failed (index too old) */
- err_status_algo_fail = 11, /**< algorithm failed test routine */
- err_status_no_such_op = 12, /**< unsupported operation */
- err_status_no_ctx = 13, /**< no appropriate context found */
- err_status_cant_check = 14, /**< unable to perform desired validation */
- err_status_key_expired = 15, /**< can't use key any more */
- err_status_socket_err = 16, /**< error in use of socket */
- err_status_signal_err = 17, /**< error in use POSIX signals */
- err_status_nonce_bad = 18, /**< nonce check failed */
- err_status_read_fail = 19, /**< couldn't read data */
- err_status_write_fail = 20, /**< couldn't write data */
- err_status_parse_err = 21, /**< error parsing data */
- err_status_encode_err = 22, /**< error encoding data */
- err_status_semaphore_err = 23,/**< error while using semaphores */
- err_status_pfkey_err = 24 /**< error while using pfkey */
-} err_status_t;
-
/**
* @}
*/
@@ -118,8 +83,7 @@
* all syslog messages. It is conventionally argv[0].
*/
-err_status_t
-err_reporting_init(const char *ident);
+srtp_err_status_t err_reporting_init(const char *ident);
#ifdef SRTP_KERNEL_LINUX
extern err_reporting_level_t err_level;
diff --git a/crypto/include/hmac.h b/crypto/include/hmac.h
index 875f45c..73c38b6 100644
--- a/crypto/include/hmac.h
+++ b/crypto/include/hmac.h
@@ -51,32 +51,25 @@
typedef struct {
uint8_t opad[64];
- sha1_ctx_t ctx;
- sha1_ctx_t init_ctx;
+ srtp_sha1_ctx_t ctx;
+ srtp_sha1_ctx_t init_ctx;
#ifdef OPENSSL
int ctx_initialized;
int init_ctx_initialized;
#endif
} hmac_ctx_t;
-err_status_t
-hmac_alloc(auth_t **a, int key_len, int out_len);
+srtp_err_status_t hmac_alloc(auth_t **a, int key_len, int out_len);
-err_status_t
-hmac_dealloc(auth_t *a);
+srtp_err_status_t hmac_dealloc(auth_t *a);
-err_status_t
-hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len);
+srtp_err_status_t hmac_init(hmac_ctx_t *state, const uint8_t *key, int key_len);
-err_status_t
-hmac_start(hmac_ctx_t *state);
+srtp_err_status_t hmac_start(hmac_ctx_t *state);
-err_status_t
-hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets);
+srtp_err_status_t hmac_update(hmac_ctx_t *state, const uint8_t *message, int msg_octets);
-err_status_t
-hmac_compute(hmac_ctx_t *state, const void *message,
- int msg_octets, int tag_len, uint8_t *result);
+srtp_err_status_t hmac_compute(hmac_ctx_t *state, const void *message, int msg_octets, int tag_len, uint8_t *result);
#endif /* HMAC_H */
diff --git a/crypto/include/key.h b/crypto/include/key.h
index e7e0744..f17e086 100644
--- a/crypto/include/key.h
+++ b/crypto/include/key.h
@@ -56,17 +56,13 @@
key_event_hard_limit
} key_event_t;
-err_status_t
-key_limit_set(key_limit_t key, const xtd_seq_num_t s);
+srtp_err_status_t key_limit_set(key_limit_t key, const xtd_seq_num_t s);
-err_status_t
-key_limit_clone(key_limit_t original, key_limit_t *new_key);
+srtp_err_status_t key_limit_clone(key_limit_t original, key_limit_t *new_key);
-err_status_t
-key_limit_check(const key_limit_t key);
+srtp_err_status_t key_limit_check(const key_limit_t key);
-key_event_t
-key_limit_update(key_limit_t key);
+key_event_t key_limit_update(key_limit_t key);
typedef enum {
key_state_normal,
diff --git a/crypto/include/null_auth.h b/crypto/include/null_auth.h
index 44f9a4a..84ea1e3 100644
--- a/crypto/include/null_auth.h
+++ b/crypto/include/null_auth.h
@@ -51,18 +51,13 @@
char foo;
} null_auth_ctx_t;
-err_status_t
-null_auth_alloc(auth_t **a, int key_len, int out_len);
+srtp_err_status_t null_auth_alloc(auth_t **a, int key_len, int out_len);
-err_status_t
-null_auth_dealloc(auth_t *a);
+srtp_err_status_t null_auth_dealloc(auth_t *a);
-err_status_t
-null_auth_init(null_auth_ctx_t *state, const uint8_t *key, int key_len);
+srtp_err_status_t null_auth_init(null_auth_ctx_t *state, const uint8_t *key, int key_len);
-err_status_t
-null_auth_compute (null_auth_ctx_t *state, uint8_t *message,
- int msg_octets, int tag_len, uint8_t *result);
+srtp_err_status_t null_auth_compute (null_auth_ctx_t *state, uint8_t *message, int msg_octets, int tag_len, uint8_t *result);
#endif /* NULL_AUTH_H */
diff --git a/crypto/include/null_cipher.h b/crypto/include/null_cipher.h
index 39da59a..d7d6dbb 100644
--- a/crypto/include/null_cipher.h
+++ b/crypto/include/null_cipher.h
@@ -60,21 +60,12 @@
* none of these functions do anything (though future versions may keep
* track of bytes encrypted, number of instances, and/or other info).
*/
+srtp_err_status_t null_cipher_init(null_cipher_ctx_t *c, const uint8_t *key, int key_len);
-err_status_t
-null_cipher_init(null_cipher_ctx_t *c, const uint8_t *key, int key_len);
+srtp_err_status_t null_cipher_set_segment(null_cipher_ctx_t *c, unsigned long segment_index);
-err_status_t
-null_cipher_set_segment(null_cipher_ctx_t *c,
- unsigned long segment_index);
+srtp_err_status_t null_cipher_encrypt(null_cipher_ctx_t *c, unsigned char *buf, unsigned int *bytes_to_encr);
-err_status_t
-null_cipher_encrypt(null_cipher_ctx_t *c,
- unsigned char *buf, unsigned int *bytes_to_encr);
-
-
-err_status_t
-null_cipher_encrypt_aligned(null_cipher_ctx_t *c,
- unsigned char *buf, int bytes_to_encr);
+srtp_err_status_t null_cipher_encrypt_aligned(null_cipher_ctx_t *c, unsigned char *buf, int bytes_to_encr);
#endif /* NULL_CIPHER_H */
diff --git a/crypto/include/prng.h b/crypto/include/prng.h
index c493383..1bcd471 100644
--- a/crypto/include/prng.h
+++ b/crypto/include/prng.h
@@ -32,11 +32,9 @@
rand_source_func_t rand; /* random source for re-initialization */
} x917_prng_t;
-err_status_t
-x917_prng_init(rand_source_func_t random_source);
+srtp_err_status_t x917_prng_init(rand_source_func_t random_source);
-err_status_t
-x917_prng_get_octet_string(uint8_t *dest, uint32_t len);
+srtp_err_status_t x917_prng_get_octet_string(uint8_t *dest, uint32_t len);
/*
@@ -49,11 +47,9 @@
rand_source_func_t rand; /* random source for re-initialization */
} ctr_prng_t;
-err_status_t
-ctr_prng_init(rand_source_func_t random_source);
+srtp_err_status_t ctr_prng_init(rand_source_func_t random_source);
-err_status_t
-ctr_prng_get_octet_string(void *dest, uint32_t len);
+srtp_err_status_t ctr_prng_get_octet_string(void *dest, uint32_t len);
#endif
diff --git a/crypto/include/rand_source.h b/crypto/include/rand_source.h
index b4c2110..3e45311 100644
--- a/crypto/include/rand_source.h
+++ b/crypto/include/rand_source.h
@@ -49,8 +49,7 @@
#include "err.h"
#include "datatypes.h"
-err_status_t
-rand_source_init(void);
+srtp_err_status_t rand_source_init(void);
/*
* rand_source_get_octet_string() writes a random octet string.
@@ -70,12 +69,9 @@
* be made about the contents of the destination
* buffer.
*/
+srtp_err_status_t rand_source_get_octet_string(void *dest, uint32_t length);
-err_status_t
-rand_source_get_octet_string(void *dest, uint32_t length);
-
-err_status_t
-rand_source_deinit(void);
+srtp_err_status_t rand_source_deinit(void);
/*
* function prototype for a random source function
@@ -84,8 +80,6 @@
* dest and returns err_status_ok. Any other return value indicates
* failure.
*/
-
-typedef err_status_t (*rand_source_func_t)
- (void *dest, uint32_t num_octets);
+typedef srtp_err_status_t (*rand_source_func_t) (void *dest, uint32_t num_octets);
#endif /* RAND_SOURCE */
diff --git a/crypto/include/rdb.h b/crypto/include/rdb.h
index 2ccb144..654b1c4 100644
--- a/crypto/include/rdb.h
+++ b/crypto/include/rdb.h
@@ -13,7 +13,7 @@
#include "integers.h" /* for uint32_t */
#include "datatypes.h" /* for v128_t */
-#include "err.h" /* for err_status_t */
+#include "err.h" /* for srtp_err_status_t */
/*
* if the ith least significant bit is one, then the packet index
@@ -32,11 +32,9 @@
*
* initalizes rdb
*
- * returns err_status_ok on success, err_status_t_fail otherwise
+ * returns srtp_err_status_ok on success, srtp_err_status_t_fail otherwise
*/
-
-err_status_t
-rdb_init(rdb_t *rdb);
+srtp_err_status_t rdb_init(rdb_t *rdb);
/*
@@ -44,24 +42,20 @@
*
* checks to see if index appears in rdb
*
- * returns err_status_fail if the index already appears in rdb,
- * returns err_status_ok otherwise
+ * returns srtp_err_status_fail if the index already appears in rdb,
+ * returns srtp_err_status_ok otherwise
*/
-
-err_status_t
-rdb_check(const rdb_t *rdb, uint32_t rdb_index);
+srtp_err_status_t rdb_check(const rdb_t *rdb, uint32_t rdb_index);
/*
* rdb_add_index
*
* adds index to rdb_t (and does *not* check if index appears in db)
*
- * returns err_status_ok on success, err_status_fail otherwise
+ * returns srtp_err_status_ok on success, srtp_err_status_fail otherwise
*
*/
-
-err_status_t
-rdb_add_index(rdb_t *rdb, uint32_t rdb_index);
+srtp_err_status_t rdb_add_index(rdb_t *rdb, uint32_t rdb_index);
/*
* the functions rdb_increment() and rdb_get_value() are for use by
@@ -76,12 +70,11 @@
*
* return values:
*
- * err_status_ok no problem
- * err_status_key_expired sequence number too high
+ * srtp_err_status_ok no problem
+ * srtp_err_status_key_expired sequence number too high
*
*/
-err_status_t
-rdb_increment(rdb_t *rdb);
+srtp_err_status_t rdb_increment(rdb_t *rdb);
/*
* rdb_get_value(db) returns the current sequence number of db
diff --git a/crypto/include/rdbx.h b/crypto/include/rdbx.h
index 146fb42..e9e99d5 100644
--- a/crypto/include/rdbx.h
+++ b/crypto/include/rdbx.h
@@ -56,9 +56,7 @@
* initializes the rdbx pointed to by its argument with the window size ws,
* setting the rollover counter and sequence number to zero
*/
-
-err_status_t
-rdbx_init(rdbx_t *rdbx, unsigned long ws);
+srtp_err_status_t rdbx_init(rdbx_t *rdbx, unsigned long ws);
/*
@@ -66,9 +64,7 @@
*
* frees memory associated with the rdbx
*/
-
-err_status_t
-rdbx_dealloc(rdbx_t *rdbx);
+srtp_err_status_t rdbx_dealloc(rdbx_t *rdbx);
/*
@@ -92,9 +88,7 @@
* which is at rdbx->window_start + delta is in the rdb
*
*/
-
-err_status_t
-rdbx_check(const rdbx_t *rdbx, int difference);
+srtp_err_status_t rdbx_check(const rdbx_t *rdbx, int difference);
/*
* replay_add_index(rdbx, delta)
@@ -106,21 +100,17 @@
* indicated that the index does not appear in the rdbx, and a mutex
* should protect the rdbx between these calls if necessary.
*/
-
-err_status_t
-rdbx_add_index(rdbx_t *rdbx, int delta);
+srtp_err_status_t rdbx_add_index(rdbx_t *rdbx, int delta);
/*
* rdbx_set_roc(rdbx, roc) initalizes the rdbx_t at the location rdbx
* to have the rollover counter value roc. If that value is less than
* the current rollover counter value, then the function returns
- * err_status_replay_old; otherwise, err_status_ok is returned.
+ * srtp_err_status_replay_old; otherwise, srtp_err_status_ok is returned.
*
*/
-
-err_status_t
-rdbx_set_roc(rdbx_t *rdbx, uint32_t roc);
+srtp_err_status_t rdbx_set_roc(rdbx_t *rdbx, uint32_t roc);
/*
* rdbx_get_roc(rdbx) returns the value of the rollover counter for
diff --git a/crypto/include/sha1.h b/crypto/include/sha1.h
index 9b6cfed..9d27587 100644
--- a/crypto/include/sha1.h
+++ b/crypto/include/sha1.h
@@ -52,15 +52,15 @@
#include <openssl/evp.h>
#include <stdint.h>
-typedef EVP_MD_CTX sha1_ctx_t;
+typedef EVP_MD_CTX srtp_sha1_ctx_t;
/*
- * sha1_init(&ctx) initializes the SHA1 context ctx
+ * srtp_sha1_init(&ctx) initializes the SHA1 context ctx
*
- * sha1_update(&ctx, msg, len) hashes the len octets starting at msg
+ * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg
* into the SHA1 context
*
- * sha1_final(&ctx, output) performs the final processing of the SHA1
+ * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1
* context and writes the result to the 20 octets at output
*
* Return values are ignored on the EVP functions since all three
@@ -68,18 +68,18 @@
*
*/
-static inline void sha1_init (sha1_ctx_t *ctx)
+static inline void srtp_sha1_init (srtp_sha1_ctx_t *ctx)
{
EVP_MD_CTX_init(ctx);
EVP_DigestInit(ctx, EVP_sha1());
}
-static inline void sha1_update (sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
+static inline void srtp_sha1_update (srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg)
{
EVP_DigestUpdate(ctx, M, octets_in_msg);
}
-static inline void sha1_final (sha1_ctx_t *ctx, uint32_t *output)
+static inline void srtp_sha1_final (srtp_sha1_ctx_t *ctx, uint32_t *output)
{
unsigned int len = 0;
@@ -93,7 +93,7 @@
uint32_t M[16]; /* message buffer */
int octets_in_buffer; /* octets of message in buffer */
uint32_t num_bits_in_msg; /* total number of bits in message */
-} sha1_ctx_t;
+} srtp_sha1_ctx_t;
/*
* sha1(&ctx, msg, len, output) hashes the len octets starting at msg
@@ -106,33 +106,33 @@
sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]);
/*
- * sha1_init(&ctx) initializes the SHA1 context ctx
+ * srtp_sha1_init(&ctx) initializes the SHA1 context ctx
*
- * sha1_update(&ctx, msg, len) hashes the len octets starting at msg
+ * srtp_sha1_update(&ctx, msg, len) hashes the len octets starting at msg
* into the SHA1 context
*
- * sha1_final(&ctx, output) performs the final processing of the SHA1
+ * srtp_sha1_final(&ctx, output) performs the final processing of the SHA1
* context and writes the result to the 20 octets at output
*
*/
void
-sha1_init(sha1_ctx_t *ctx);
+srtp_sha1_init(srtp_sha1_ctx_t *ctx);
void
-sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
+srtp_sha1_update(srtp_sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg);
void
-sha1_final(sha1_ctx_t *ctx, uint32_t output[5]);
+srtp_sha1_final(srtp_sha1_ctx_t *ctx, uint32_t output[5]);
/*
- * The sha1_core function is INTERNAL to SHA-1, but it is declared
+ * The srtp_sha1_core function is INTERNAL to SHA-1, but it is declared
* here because it is also used by the cipher SEAL 3.0 in its key
* setup algorithm.
*/
/*
- * sha1_core(M, H) computes the core sha1 compression function, where M is
+ * srtp_sha1_core(M, H) computes the core sha1 compression function, where M is
* the next part of the message and H is the intermediate state {H0,
* H1, ...}
*
@@ -141,7 +141,7 @@
*/
void
-sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
+srtp_sha1_core(const uint32_t M[16], uint32_t hash_value[5]);
#endif /* else OPENSSL */
diff --git a/crypto/include/stat.h b/crypto/include/stat.h
index e28b131..1f02b54 100644
--- a/crypto/include/stat.h
+++ b/crypto/include/stat.h
@@ -48,22 +48,17 @@
#define STAT_H
#include "datatypes.h" /* for uint8_t */
-#include "err.h" /* for err_status_t */
+#include "err.h" /* for srtp_err_status_t */
#include "rand_source.h" /* for rand_source_func_t definition */
-err_status_t
-stat_test_monobit(uint8_t *data);
+srtp_err_status_t stat_test_monobit(uint8_t *data);
-err_status_t
-stat_test_poker(uint8_t *data);
+srtp_err_status_t stat_test_poker(uint8_t *data);
-err_status_t
-stat_test_runs(uint8_t *data);
+srtp_err_status_t stat_test_runs(uint8_t *data);
-err_status_t
-stat_test_rand_source(rand_source_func_t rs);
+srtp_err_status_t stat_test_rand_source(rand_source_func_t rs);
-err_status_t
-stat_test_rand_source_with_repetition(rand_source_func_t source, unsigned num_trials);
+srtp_err_status_t stat_test_rand_source_with_repetition(rand_source_func_t source, unsigned num_trials);
#endif /* STAT_H */
diff --git a/crypto/include/xfm.h b/crypto/include/xfm.h
deleted file mode 100644
index 5837149..0000000
--- a/crypto/include/xfm.h
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * xfm.h
- *
- * interface for abstract crypto transform
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-#ifndef XFM_H
-#define XFM_H
-
-#include "crypto_kernel.h"
-#include "err.h"
-
-/**
- * @defgroup Crypto Cryptography
- *
- * A simple interface to an abstract cryptographic transform that
- * provides both confidentiality and message authentication.
- *
- * @{
- */
-
-/**
- * @brief applies a crypto transform
- *
- * The function pointer xfm_func_t points to a function that
- * implements a crypto transform, and provides a uniform API for
- * accessing crypto mechanisms.
- *
- * @param key location of secret key
- *
- * @param clear data to be authenticated only
- *
- * @param clear_len length of data to be authenticated only
- *
- * @param iv location to write the Initialization Vector (IV)
- *
- * @param protect location of the data to be encrypted and
- * authenticated (before the function call), and the ciphertext
- * and authentication tag (after the call)
- *
- * @param protected_len location of the length of the data to be
- * encrypted and authenticated (before the function call), and the
- * length of the ciphertext (after the call)
- *
- * @param auth_tag location to write auth tag
- */
-
-typedef err_status_t (*xfm_func_t)
- (void *key,
- void *clear,
- unsigned clear_len,
- void *iv,
- void *protect,
- unsigned *protected_len,
- void *auth_tag
- );
-
-typedef
-err_status_t (*xfm_inv_t)
- (void *key, /* location of secret key */
- void *clear, /* data to be authenticated only */
- unsigned clear_len, /* length of data to be authenticated only */
- void *iv, /* location of iv */
- void *opaque, /* data to be decrypted and authenticated */
- unsigned *opaque_len, /* location of the length of data to be
- * decrypted and authd (before and after)
- */
- void *auth_tag /* location of auth tag */
- );
-
-typedef struct xfm_ctx_t {
- xfm_func_t func;
- xfm_inv_t inv;
- unsigned key_len;
- unsigned iv_len;
- unsigned auth_tag_len;
-} xfm_ctx_t;
-
-typedef xfm_ctx_t *xfm_t;
-
-#define xfm_get_key_len(xfm) ((xfm)->key_len)
-
-#define xfm_get_iv_len(xfm) ((xfm)->iv_len)
-
-#define xfm_get_auth_tag_len(xfm) ((xfm)->auth_tag_len)
-
-
-/* cryptoalgo - 5/28 */
-
-typedef err_status_t (*cryptoalg_func_t)
- (void *key,
- void *clear,
- unsigned clear_len,
- void *iv,
- void *opaque,
- unsigned *opaque_len
- );
-
-typedef
-err_status_t (*cryptoalg_inv_t)
- (void *key, /* location of secret key */
- void *clear, /* data to be authenticated only */
- unsigned clear_len, /* length of data to be authenticated only */
- void *iv, /* location of iv */
- void *opaque, /* data to be decrypted and authenticated */
- unsigned *opaque_len /* location of the length of data to be
- * decrypted and authd (before and after)
- */
- );
-
-typedef struct cryptoalg_ctx_t {
- cryptoalg_func_t enc;
- cryptoalg_inv_t dec;
- unsigned key_len;
- unsigned iv_len;
- unsigned auth_tag_len;
- unsigned max_expansion;
-} cryptoalg_ctx_t;
-
-typedef cryptoalg_ctx_t *cryptoalg_t;
-
-#define cryptoalg_get_key_len(cryptoalg) ((cryptoalg)->key_len)
-
-#define cryptoalg_get_iv_len(cryptoalg) ((cryptoalg)->iv_len)
-
-#define cryptoalg_get_auth_tag_len(cryptoalg) ((cryptoalg)->auth_tag_len)
-
-
-
-/**
- * @}
- */
-
-#endif /* XFM_H */
-
-
diff --git a/crypto/kernel/crypto_kernel.c b/crypto/kernel/crypto_kernel.c
index f01a72a..fad8acc 100644
--- a/crypto/kernel/crypto_kernel.c
+++ b/crypto/kernel/crypto_kernel.c
@@ -100,9 +100,9 @@
#define MAX_RNG_TRIALS 25
-err_status_t
+srtp_err_status_t
crypto_kernel_init() {
- err_status_t status;
+ srtp_err_status_t status;
/* check the security state */
if (crypto_kernel.state == crypto_kernel_state_secure) {
@@ -191,12 +191,12 @@
/* change state to secure */
crypto_kernel.state = crypto_kernel_state_secure;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
crypto_kernel_status() {
- err_status_t status;
+ srtp_err_status_t status;
kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
kernel_debug_module_t *dm = crypto_kernel.debug_module_list;
@@ -214,7 +214,6 @@
/* for each cipher type, describe and test */
while(ctype != NULL) {
printf("cipher: %s\n", ctype->cipher_type->description);
- printf(" instance count: %d\n", ctype->cipher_type->ref_count);
printf(" self-test: ");
status = cipher_type_self_test(ctype->cipher_type);
if (status) {
@@ -228,7 +227,6 @@
/* for each auth type, describe and test */
while(atype != NULL) {
printf("auth func: %s\n", atype->auth_type->description);
- printf(" instance count: %d\n", atype->auth_type->ref_count);
printf(" self-test: ");
status = auth_type_self_test(atype->auth_type);
if (status) {
@@ -250,10 +248,10 @@
dm = dm->next;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
crypto_kernel_list_debug_modules() {
kernel_debug_module_t *dm = crypto_kernel.debug_module_list;
@@ -268,12 +266,12 @@
dm = dm->next;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
crypto_kernel_shutdown() {
- err_status_t status;
+ srtp_err_status_t status;
/*
* free dynamic memory used in crypto_kernel at present
@@ -316,21 +314,21 @@
/* return to insecure state */
crypto_kernel.state = crypto_kernel_state_insecure;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-static inline err_status_t
-crypto_kernel_do_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id,
+static inline srtp_err_status_t
+crypto_kernel_do_load_cipher_type(cipher_type_t *new_ct, srtp_cipher_type_id_t id,
int replace) {
kernel_cipher_type_t *ctype, *new_ctype;
- err_status_t status;
+ srtp_err_status_t status;
/* defensive coding */
if (new_ct == NULL)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
if (new_ct->id != id)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/* check cipher type by running self-test */
status = cipher_type_self_test(new_ct);
@@ -343,7 +341,7 @@
while (ctype != NULL) {
if (id == ctype->id) {
if (!replace)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
status = cipher_type_test(new_ct, ctype->cipher_type->test_data);
if (status)
return status;
@@ -351,7 +349,7 @@
break;
}
else if (new_ct == ctype->cipher_type)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
ctype = ctype->next;
}
@@ -360,7 +358,7 @@
/* allocate memory */
new_ctype = (kernel_cipher_type_t *) crypto_alloc(sizeof(kernel_cipher_type_t));
if (new_ctype == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
new_ctype->next = crypto_kernel.cipher_type_list;
/* set head of list to new cipher type */
@@ -376,31 +374,31 @@
crypto_kernel_load_debug_module(new_ct->debug);
/* we could check for errors here */
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-crypto_kernel_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) {
+srtp_err_status_t
+crypto_kernel_load_cipher_type(cipher_type_t *new_ct, srtp_cipher_type_id_t id) {
return crypto_kernel_do_load_cipher_type(new_ct, id, 0);
}
-err_status_t
-crypto_kernel_replace_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) {
+srtp_err_status_t
+crypto_kernel_replace_cipher_type(cipher_type_t *new_ct, srtp_cipher_type_id_t id) {
return crypto_kernel_do_load_cipher_type(new_ct, id, 1);
}
-err_status_t
-crypto_kernel_do_load_auth_type(auth_type_t *new_at, auth_type_id_t id,
+srtp_err_status_t
+crypto_kernel_do_load_auth_type(auth_type_t *new_at, srtp_auth_type_id_t id,
int replace) {
kernel_auth_type_t *atype, *new_atype;
- err_status_t status;
+ srtp_err_status_t status;
/* defensive coding */
if (new_at == NULL)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
if (new_at->id != id)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/* check auth type by running self-test */
status = auth_type_self_test(new_at);
@@ -413,7 +411,7 @@
while (atype != NULL) {
if (id == atype->id) {
if (!replace)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
status = auth_type_test(new_at, atype->auth_type->test_data);
if (status)
return status;
@@ -421,7 +419,7 @@
break;
}
else if (new_at == atype->auth_type)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
atype = atype->next;
}
@@ -430,7 +428,7 @@
/* allocate memory */
new_atype = (kernel_auth_type_t *)crypto_alloc(sizeof(kernel_auth_type_t));
if (new_atype == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
new_atype->next = crypto_kernel.auth_type_list;
/* set head of list to new auth type */
@@ -446,23 +444,23 @@
crypto_kernel_load_debug_module(new_at->debug);
/* we could check for errors here */
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-crypto_kernel_load_auth_type(auth_type_t *new_at, auth_type_id_t id) {
+srtp_err_status_t
+crypto_kernel_load_auth_type(auth_type_t *new_at, srtp_auth_type_id_t id) {
return crypto_kernel_do_load_auth_type(new_at, id, 0);
}
-err_status_t
-crypto_kernel_replace_auth_type(auth_type_t *new_at, auth_type_id_t id) {
+srtp_err_status_t
+crypto_kernel_replace_auth_type(auth_type_t *new_at, srtp_auth_type_id_t id) {
return crypto_kernel_do_load_auth_type(new_at, id, 1);
}
cipher_type_t *
-crypto_kernel_get_cipher_type(cipher_type_id_t id) {
+crypto_kernel_get_cipher_type(srtp_cipher_type_id_t id) {
kernel_cipher_type_t *ctype;
/* walk down list, looking for id */
@@ -478,8 +476,8 @@
}
-err_status_t
-crypto_kernel_alloc_cipher(cipher_type_id_t id,
+srtp_err_status_t
+crypto_kernel_alloc_cipher(srtp_cipher_type_id_t id,
cipher_pointer_t *cp,
int key_len,
int tag_len) {
@@ -490,11 +488,11 @@
* any ciphers - this is a bit extra-paranoid
*/
if (crypto_kernel.state != crypto_kernel_state_secure)
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
ct = crypto_kernel_get_cipher_type(id);
if (!ct)
- return err_status_fail;
+ return srtp_err_status_fail;
return ((ct)->alloc(cp, key_len, tag_len));
}
@@ -502,7 +500,7 @@
auth_type_t *
-crypto_kernel_get_auth_type(auth_type_id_t id) {
+crypto_kernel_get_auth_type(srtp_auth_type_id_t id) {
kernel_auth_type_t *atype;
/* walk down list, looking for id */
@@ -517,8 +515,8 @@
return NULL;
}
-err_status_t
-crypto_kernel_alloc_auth(auth_type_id_t id,
+srtp_err_status_t
+crypto_kernel_alloc_auth(srtp_auth_type_id_t id,
auth_pointer_t *ap,
int key_len,
int tag_len) {
@@ -529,28 +527,28 @@
* any auth functions - this is a bit extra-paranoid
*/
if (crypto_kernel.state != crypto_kernel_state_secure)
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
at = crypto_kernel_get_auth_type(id);
if (!at)
- return err_status_fail;
+ return srtp_err_status_fail;
return ((at)->alloc(ap, key_len, tag_len));
}
-err_status_t
+srtp_err_status_t
crypto_kernel_load_debug_module(debug_module_t *new_dm) {
kernel_debug_module_t *kdm, *new;
/* defensive coding */
if (new_dm == NULL)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/* walk down list, checking if this type is in the list already */
kdm = crypto_kernel.debug_module_list;
while (kdm != NULL) {
if (strncmp(new_dm->name, kdm->mod->name, 64) == 0)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
kdm = kdm->next;
}
@@ -558,7 +556,7 @@
/* allocate memory */
new = (kernel_debug_module_t *)crypto_alloc(sizeof(kernel_debug_module_t));
if (new == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
/* set fields */
new->mod = new_dm;
@@ -567,10 +565,10 @@
/* set head of list to new cipher type */
crypto_kernel.debug_module_list = new;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
crypto_kernel_set_debug_module(char *name, int on) {
kernel_debug_module_t *kdm;
@@ -579,22 +577,10 @@
while (kdm != NULL) {
if (strncmp(name, kdm->mod->name, 64) == 0) {
kdm->mod->on = on;
- return err_status_ok;
+ return srtp_err_status_ok;
}
kdm = kdm->next;
}
- return err_status_fail;
-}
-
-err_status_t
-crypto_get_random(unsigned char *buffer, unsigned int length) {
- if (crypto_kernel.state == crypto_kernel_state_secure)
-#ifdef OPENSSL
- return rand_source_get_octet_string(buffer, length);
-#else
- return ctr_prng_get_octet_string(buffer, length);
-#endif
- else
- return err_status_fail;
+ return srtp_err_status_fail;
}
diff --git a/crypto/kernel/err.c b/crypto/kernel/err.c
index fcd9078..4a6142a 100644
--- a/crypto/kernel/err.c
+++ b/crypto/kernel/err.c
@@ -48,22 +48,16 @@
#include "err.h"
-#ifdef ERR_REPORTING_SYSLOG
-# ifdef HAVE_SYSLOG_H
-# include <syslog.h>
-# endif
-#endif
-
/* err_level reflects the level of errors that are reported */
err_reporting_level_t err_level = err_level_none;
#ifdef SRTP_KERNEL_LINUX
-err_status_t
+srtp_err_status_t
err_reporting_init(const char *ident) {
- return err_status_ok;
+ return srtp_err_status_ok;
}
#else /* SRTP_KERNEL_LINUX */
@@ -72,11 +66,8 @@
static FILE *err_file = NULL;
-err_status_t
+srtp_err_status_t
err_reporting_init(const char *ident) {
-#ifdef ERR_REPORTING_SYSLOG
- openlog(ident, LOG_PID, LOG_AUTHPRIV);
-#endif
/*
* Believe it or not, openlog doesn't return an error on failure.
@@ -89,10 +80,10 @@
/* open file for error reporting */
err_file = fopen(ERR_REPORTING_FILE, "w");
if (err_file == NULL)
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
#endif
- return err_status_ok;
+ return srtp_err_status_ok;
}
void
@@ -106,41 +97,6 @@
vfprintf(err_file, format, args);
/* fprintf(err_file, "\n"); */
}
-#ifdef ERR_REPORTING_SYSLOG
- if (1) { /* FIXME: Make this a runtime option. */
- int syslogpri;
-
- switch (priority) {
- case err_level_emergency:
- syslogpri = LOG_EMERG;
- break;
- case err_level_alert:
- syslogpri = LOG_ALERT;
- break;
- case err_level_critical:
- syslogpri = LOG_CRIT;
- break;
- case err_level_error:
- syslogpri = LOG_ERR;
- break;
- case err_level_warning:
- syslogpri = LOG_WARNING;
- break;
- case err_level_notice:
- syslogpri = LOG_NOTICE;
- break;
- case err_level_info:
- syslogpri = LOG_INFO;
- break;
- case err_level_debug:
- case err_level_none:
- default:
- syslogpri = LOG_DEBUG;
- break;
- }
-
- vsyslog(syslogpri, format, args);
-#endif
va_end(args);
}
}
diff --git a/crypto/kernel/key.c b/crypto/kernel/key.c
index 3521e2f..9f82027 100644
--- a/crypto/kernel/key.c
+++ b/crypto/kernel/key.c
@@ -50,33 +50,33 @@
#define soft_limit 0x10000
-err_status_t
+srtp_err_status_t
key_limit_set(key_limit_t key, const xtd_seq_num_t s) {
#ifdef NO_64BIT_MATH
if (high32(s) == 0 && low32(s) < soft_limit)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
#else
if (s < soft_limit)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
#endif
key->num_left = s;
key->state = key_state_normal;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
key_limit_clone(key_limit_t original, key_limit_t *new_key) {
if (original == NULL)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
*new_key = original;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
key_limit_check(const key_limit_t key) {
if (key->state == key_state_expired)
- return err_status_key_expired;
- return err_status_ok;
+ return srtp_err_status_key_expired;
+ return srtp_err_status_ok;
}
key_event_t
diff --git a/crypto/math/gf2_8.c b/crypto/math/gf2_8.c
deleted file mode 100644
index c57f8d2..0000000
--- a/crypto/math/gf2_8.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * gf2_8.c
- *
- * GF(256) finite field implementation, with the representation used
- * in the AES cipher.
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-
-/*
- *
- * Copyright (c) 2001-2006, Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include "datatypes.h"
-#include "gf2_8.h"
-
-/* gf2_8_shift() moved to gf2_8.h as an inline function */
-
-gf2_8
-gf2_8_multiply(gf2_8 x, gf2_8 y) {
- gf2_8 z = 0;
-
- if (y & 1) z ^= x; x = gf2_8_shift(x);
- if (y & 2) z ^= x; x = gf2_8_shift(x);
- if (y & 4) z ^= x; x = gf2_8_shift(x);
- if (y & 8) z ^= x; x = gf2_8_shift(x);
- if (y & 16) z ^= x; x = gf2_8_shift(x);
- if (y & 32) z ^= x; x = gf2_8_shift(x);
- if (y & 64) z ^= x; x = gf2_8_shift(x);
- if (y & 128) z ^= x;
-
- return z;
-}
-
-
-/* this should use the euclidean algorithm */
-
-gf2_8
-gf2_8_compute_inverse(gf2_8 x) {
- unsigned int i;
-
- if (x == 0) return 0; /* zero is a special case */
- for (i=0; i < 256; i++)
- if (gf2_8_multiply((gf2_8) i, x) == 1)
- return (gf2_8) i;
-
- return 0;
-}
-
diff --git a/crypto/math/math.c b/crypto/math/math.c
deleted file mode 100644
index 7f0bcd2..0000000
--- a/crypto/math/math.c
+++ /dev/null
@@ -1,806 +0,0 @@
-/*
- * math.c
- *
- * crypto math operations and data types
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright (c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include "crypto_math.h"
-
-int
-octet_weight[256] = {
- 0, 1, 1, 2, 1, 2, 2, 3,
- 1, 2, 2, 3, 2, 3, 3, 4,
- 1, 2, 2, 3, 2, 3, 3, 4,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 1, 2, 2, 3, 2, 3, 3, 4,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 1, 2, 2, 3, 2, 3, 3, 4,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 4, 5, 5, 6, 5, 6, 6, 7,
- 1, 2, 2, 3, 2, 3, 3, 4,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 4, 5, 5, 6, 5, 6, 6, 7,
- 2, 3, 3, 4, 3, 4, 4, 5,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 4, 5, 5, 6, 5, 6, 6, 7,
- 3, 4, 4, 5, 4, 5, 5, 6,
- 4, 5, 5, 6, 5, 6, 6, 7,
- 4, 5, 5, 6, 5, 6, 6, 7,
- 5, 6, 6, 7, 6, 7, 7, 8
-};
-
-int
-low_bit[256] = {
- -1, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 5, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 6, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 5, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 7, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 5, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 6, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 5, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0,
- 4, 0, 1, 0, 2, 0, 1, 0,
- 3, 0, 1, 0, 2, 0, 1, 0
-};
-
-
-int
-high_bit[256] = {
- -1, 0, 1, 1, 2, 2, 2, 2,
- 3, 3, 3, 3, 3, 3, 3, 3,
- 4, 4, 4, 4, 4, 4, 4, 4,
- 4, 4, 4, 4, 4, 4, 4, 4,
- 5, 5, 5, 5, 5, 5, 5, 5,
- 5, 5, 5, 5, 5, 5, 5, 5,
- 5, 5, 5, 5, 5, 5, 5, 5,
- 5, 5, 5, 5, 5, 5, 5, 5,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 6, 6, 6, 6, 6, 6, 6, 6,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7,
- 7, 7, 7, 7, 7, 7, 7, 7
-};
-
-int
-octet_get_weight(uint8_t octet) {
- extern int octet_weight[256];
-
- return octet_weight[octet];
-}
-
-unsigned char
-v32_weight(v32_t a) {
- unsigned int wt = 0;
-
- wt += octet_weight[a.v8[0]]; /* note: endian-ness makes no difference */
- wt += octet_weight[a.v8[1]];
- wt += octet_weight[a.v8[2]];
- wt += octet_weight[a.v8[3]];
-
- return wt;
-}
-
-unsigned char
-v32_distance(v32_t x, v32_t y) {
- x.value ^= y.value;
- return v32_weight(x);
-}
-
-unsigned int
-v32_dot_product(v32_t a, v32_t b) {
- a.value &= b.value;
- return v32_weight(a) & 1;
-}
-
-/*
- * _bit_string returns a NULL-terminated character string suitable for
- * printing
- */
-
-#define MAX_STRING_LENGTH 1024
-
-char bit_string[MAX_STRING_LENGTH];
-
-char *
-octet_bit_string(uint8_t x) {
- int mask, index;
-
- for (mask = 1, index = 0; mask < 256; mask <<= 1)
- if ((x & mask) == 0)
- bit_string[index++] = '0';
- else
- bit_string[index++] = '1';
-
- bit_string[index++] = 0; /* NULL terminate string */
-
- return bit_string;
-}
-
-char *
-v16_bit_string(v16_t x) {
- int i, mask, index;
-
- for (i = index = 0; i < 2; i++) {
- for (mask = 1; mask < 256; mask <<= 1)
- if ((x.v8[i] & mask) == 0)
- bit_string[index++] = '0';
- else
- bit_string[index++] = '1';
- }
- bit_string[index++] = 0; /* NULL terminate string */
- return bit_string;
-}
-
-char *
-v32_bit_string(v32_t x) {
- int i, mask, index;
-
- for (i = index = 0; i < 4; i++) {
- for (mask = 128; mask > 0; mask >>= 1)
- if ((x.v8[i] & mask) == 0)
- bit_string[index++] = '0';
- else
- bit_string[index++] = '1';
- }
- bit_string[index++] = 0; /* NULL terminate string */
- return bit_string;
-}
-
-char *
-v64_bit_string(const v64_t *x) {
- int i, mask, index;
-
- for (i = index = 0; i < 8; i++) {
- for (mask = 1; mask < 256; mask <<= 1)
- if ((x->v8[i] & mask) == 0)
- bit_string[index++] = '0';
- else
- bit_string[index++] = '1';
- }
- bit_string[index++] = 0; /* NULL terminate string */
- return bit_string;
-}
-
-char *
-v128_bit_string(v128_t *x) {
- int j, index;
- uint32_t mask;
-
- for (j=index=0; j < 4; j++) {
- for (mask=0x80000000; mask > 0; mask >>= 1) {
- if (x->v32[j] & mask)
- bit_string[index] = '1';
- else
- bit_string[index] = '0';
- ++index;
- }
- }
- bit_string[128] = 0; /* null terminate string */
-
- return bit_string;
-}
-
-uint8_t
-nibble_to_hex_char(uint8_t nibble) {
- char buf[16] = {'0', '1', '2', '3', '4', '5', '6', '7',
- '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
- return buf[nibble & 0xF];
-}
-
-char *
-octet_hex_string(uint8_t x) {
-
- bit_string[0] = nibble_to_hex_char(x >> 4);
- bit_string[1] = nibble_to_hex_char(x & 0xF);
-
- bit_string[2] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-octet_string_hex_string(const void *str, int length) {
- const uint8_t *s = str;
- int i;
-
- /* double length, since one octet takes two hex characters */
- length *= 2;
-
- /* truncate string if it would be too long */
- if (length > MAX_STRING_LENGTH)
- length = MAX_STRING_LENGTH-1;
-
- for (i=0; i < length; i+=2) {
- bit_string[i] = nibble_to_hex_char(*s >> 4);
- bit_string[i+1] = nibble_to_hex_char(*s++ & 0xF);
- }
- bit_string[i] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-v16_hex_string(v16_t x) {
- int i, j;
-
- for (i=j=0; i < 2; i++) {
- bit_string[j++] = nibble_to_hex_char(x.v8[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x.v8[i] & 0xF);
- }
-
- bit_string[j] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-v32_hex_string(v32_t x) {
- int i, j;
-
- for (i=j=0; i < 4; i++) {
- bit_string[j++] = nibble_to_hex_char(x.v8[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x.v8[i] & 0xF);
- }
-
- bit_string[j] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-v64_hex_string(const v64_t *x) {
- int i, j;
-
- for (i=j=0; i < 8; i++) {
- bit_string[j++] = nibble_to_hex_char(x->v8[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x->v8[i] & 0xF);
- }
-
- bit_string[j] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-v128_hex_string(v128_t *x) {
- int i, j;
-
- for (i=j=0; i < 16; i++) {
- bit_string[j++] = nibble_to_hex_char(x->v8[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x->v8[i] & 0xF);
- }
-
- bit_string[j] = 0; /* null terminate string */
- return bit_string;
-}
-
-char *
-char_to_hex_string(char *x, int num_char) {
- int i, j;
-
- if (num_char >= 16)
- num_char = 16;
- for (i=j=0; i < num_char; i++) {
- bit_string[j++] = nibble_to_hex_char(x[i] >> 4);
- bit_string[j++] = nibble_to_hex_char(x[i] & 0xF);
- }
-
- bit_string[j] = 0; /* null terminate string */
- return bit_string;
-}
-
-int
-hex_char_to_nibble(uint8_t c) {
- switch(c) {
- case ('0'): return 0x0;
- case ('1'): return 0x1;
- case ('2'): return 0x2;
- case ('3'): return 0x3;
- case ('4'): return 0x4;
- case ('5'): return 0x5;
- case ('6'): return 0x6;
- case ('7'): return 0x7;
- case ('8'): return 0x8;
- case ('9'): return 0x9;
- case ('a'): return 0xa;
- case ('A'): return 0xa;
- case ('b'): return 0xb;
- case ('B'): return 0xb;
- case ('c'): return 0xc;
- case ('C'): return 0xc;
- case ('d'): return 0xd;
- case ('D'): return 0xd;
- case ('e'): return 0xe;
- case ('E'): return 0xe;
- case ('f'): return 0xf;
- case ('F'): return 0xf;
- default: return -1; /* this flags an error */
- }
- /* NOTREACHED */
- return -1; /* this keeps compilers from complaining */
-}
-
-int
-is_hex_string(char *s) {
- while(*s != 0)
- if (hex_char_to_nibble(*s++) == -1)
- return 0;
- return 1;
-}
-
-uint8_t
-hex_string_to_octet(char *s) {
- uint8_t x;
-
- x = (hex_char_to_nibble(s[0]) << 4)
- | hex_char_to_nibble(s[1] & 0xFF);
-
- return x;
-}
-
-/*
- * hex_string_to_octet_string converts a hexadecimal string
- * of length 2 * len to a raw octet string of length len
- */
-
-int
-hex_string_to_octet_string(char *raw, char *hex, int len) {
- uint8_t x;
- int tmp;
- int hex_len;
-
- hex_len = 0;
- while (hex_len < len) {
- tmp = hex_char_to_nibble(hex[0]);
- if (tmp == -1)
- return hex_len;
- x = (tmp << 4);
- hex_len++;
- tmp = hex_char_to_nibble(hex[1]);
- if (tmp == -1)
- return hex_len;
- x |= (tmp & 0xff);
- hex_len++;
- *raw++ = x;
- hex += 2;
- }
- return hex_len;
-}
-
-v16_t
-hex_string_to_v16(char *s) {
- v16_t x;
- int i, j;
-
- for (i=j=0; i < 4; i += 2, j++) {
- x.v8[j] = (hex_char_to_nibble(s[i]) << 4)
- | hex_char_to_nibble(s[i+1] & 0xFF);
- }
- return x;
-}
-
-v32_t
-hex_string_to_v32(char *s) {
- v32_t x;
- int i, j;
-
- for (i=j=0; i < 8; i += 2, j++) {
- x.v8[j] = (hex_char_to_nibble(s[i]) << 4)
- | hex_char_to_nibble(s[i+1] & 0xFF);
- }
- return x;
-}
-
-v64_t
-hex_string_to_v64(char *s) {
- v64_t x;
- int i, j;
-
- for (i=j=0; i < 16; i += 2, j++) {
- x.v8[j] = (hex_char_to_nibble(s[i]) << 4)
- | hex_char_to_nibble(s[i+1] & 0xFF);
- }
- return x;
-}
-
-v128_t
-hex_string_to_v128(char *s) {
- v128_t x;
- int i, j;
-
- for (i=j=0; i < 32; i += 2, j++) {
- x.v8[j] = (hex_char_to_nibble(s[i]) << 4)
- | hex_char_to_nibble(s[i+1] & 0xFF);
- }
- return x;
-}
-
-
-
-/*
- * the matrix A[] is stored in column format, i.e., A[i] is the ith
- * column of the matrix
- */
-
-uint8_t
-A_times_x_plus_b(uint8_t A[8], uint8_t x, uint8_t b) {
- int index = 0;
- unsigned mask;
-
- for (mask=1; mask < 256; mask *= 2) {
- if (x & mask)
- b^= A[index];
- ++index;
- }
-
- return b;
-}
-
-void
-v16_copy_octet_string(v16_t *x, const uint8_t s[2]) {
- x->v8[0] = s[0];
- x->v8[1] = s[1];
-}
-
-void
-v32_copy_octet_string(v32_t *x, const uint8_t s[4]) {
- x->v8[0] = s[0];
- x->v8[1] = s[1];
- x->v8[2] = s[2];
- x->v8[3] = s[3];
-}
-
-void
-v64_copy_octet_string(v64_t *x, const uint8_t s[8]) {
- x->v8[0] = s[0];
- x->v8[1] = s[1];
- x->v8[2] = s[2];
- x->v8[3] = s[3];
- x->v8[4] = s[4];
- x->v8[5] = s[5];
- x->v8[6] = s[6];
- x->v8[7] = s[7];
-}
-
-void
-v128_copy_octet_string(v128_t *x, const uint8_t s[16]) {
- x->v8[0] = s[0];
- x->v8[1] = s[1];
- x->v8[2] = s[2];
- x->v8[3] = s[3];
- x->v8[4] = s[4];
- x->v8[5] = s[5];
- x->v8[6] = s[6];
- x->v8[7] = s[7];
- x->v8[8] = s[8];
- x->v8[9] = s[9];
- x->v8[10] = s[10];
- x->v8[11] = s[11];
- x->v8[12] = s[12];
- x->v8[13] = s[13];
- x->v8[14] = s[14];
- x->v8[15] = s[15];
-
-}
-
-#ifndef DATATYPES_USE_MACROS /* little functions are not macros */
-
-void
-v128_set_to_zero(v128_t *x) {
- _v128_set_to_zero(x);
-}
-
-void
-v128_copy(v128_t *x, const v128_t *y) {
- _v128_copy(x, y);
-}
-
-void
-v128_xor(v128_t *z, v128_t *x, v128_t *y) {
- _v128_xor(z, x, y);
-}
-
-void
-v128_and(v128_t *z, v128_t *x, v128_t *y) {
- _v128_and(z, x, y);
-}
-
-void
-v128_or(v128_t *z, v128_t *x, v128_t *y) {
- _v128_or(z, x, y);
-}
-
-void
-v128_complement(v128_t *x) {
- _v128_complement(x);
-}
-
-int
-v128_is_eq(const v128_t *x, const v128_t *y) {
- return _v128_is_eq(x, y);
-}
-
-int
-v128_get_bit(const v128_t *x, int i) {
- return _v128_get_bit(x, i);
-}
-
-void
-v128_set_bit(v128_t *x, int i) {
- _v128_set_bit(x, i);
-}
-
-void
-v128_clear_bit(v128_t *x, int i){
- _v128_clear_bit(x, i);
-}
-
-void
-v128_set_bit_to(v128_t *x, int i, int y){
- _v128_set_bit_to(x, i, y);
-}
-
-
-#endif /* DATATYPES_USE_MACROS */
-
-
-static inline void
-v128_left_shift2(v128_t *x, int num_bits) {
- int i;
- int word_shift = num_bits >> 5;
- int bit_shift = num_bits & 31;
-
- for (i=0; i < (4-word_shift); i++) {
- x->v32[i] = x->v32[i+word_shift] << bit_shift;
- }
-
- for ( ; i < word_shift; i++) {
- x->v32[i] = 0;
- }
-
-}
-
-void
-v128_right_shift(v128_t *x, int index) {
- const int base_index = index >> 5;
- const int bit_index = index & 31;
- int i, from;
- uint32_t b;
-
- if (index > 127) {
- v128_set_to_zero(x);
- return;
- }
-
- if (bit_index == 0) {
-
- /* copy each word from left size to right side */
- x->v32[4-1] = x->v32[4-1-base_index];
- for (i=4-1; i > base_index; i--)
- x->v32[i-1] = x->v32[i-1-base_index];
-
- } else {
-
- /* set each word to the "or" of the two bit-shifted words */
- for (i = 4; i > base_index; i--) {
- from = i-1 - base_index;
- b = x->v32[from] << bit_index;
- if (from > 0)
- b |= x->v32[from-1] >> (32-bit_index);
- x->v32[i-1] = b;
- }
-
- }
-
- /* now wrap up the final portion */
- for (i=0; i < base_index; i++)
- x->v32[i] = 0;
-
-}
-
-void
-v128_left_shift(v128_t *x, int index) {
- int i;
- const int base_index = index >> 5;
- const int bit_index = index & 31;
-
- if (index > 127) {
- v128_set_to_zero(x);
- return;
- }
-
- if (bit_index == 0) {
- for (i=0; i < 4 - base_index; i++)
- x->v32[i] = x->v32[i+base_index];
- } else {
- for (i=0; i < 4 - base_index - 1; i++)
- x->v32[i] = (x->v32[i+base_index] << bit_index) ^
- (x->v32[i+base_index+1] >> (32 - bit_index));
- x->v32[4 - base_index-1] = x->v32[4-1] << bit_index;
- }
-
- /* now wrap up the final portion */
- for (i = 4 - base_index; i < 4; i++)
- x->v32[i] = 0;
-
-}
-
-
-#if 0
-void
-v128_add(v128_t *z, v128_t *x, v128_t *y) {
- /* integer addition modulo 2^128 */
-
-#ifdef WORDS_BIGENDIAN
- uint64_t tmp;
-
- tmp = x->v32[3] + y->v32[3];
- z->v32[3] = (uint32_t) tmp;
-
- tmp = x->v32[2] + y->v32[2] + (tmp >> 32);
- z->v32[2] = (uint32_t) tmp;
-
- tmp = x->v32[1] + y->v32[1] + (tmp >> 32);
- z->v32[1] = (uint32_t) tmp;
-
- tmp = x->v32[0] + y->v32[0] + (tmp >> 32);
- z->v32[0] = (uint32_t) tmp;
-
-#else /* assume little endian architecture */
- uint64_t tmp;
-
- tmp = htonl(x->v32[3]) + htonl(y->v32[3]);
- z->v32[3] = ntohl((uint32_t) tmp);
-
- tmp = htonl(x->v32[2]) + htonl(y->v32[2]) + htonl(tmp >> 32);
- z->v32[2] = ntohl((uint32_t) tmp);
-
- tmp = htonl(x->v32[1]) + htonl(y->v32[1]) + htonl(tmp >> 32);
- z->v32[1] = ntohl((uint32_t) tmp);
-
- tmp = htonl(x->v32[0]) + htonl(y->v32[0]) + htonl(tmp >> 32);
- z->v32[0] = ntohl((uint32_t) tmp);
-
-#endif /* WORDS_BIGENDIAN */
-
-}
-#endif
-
-int
-octet_string_is_eq(uint8_t *a, uint8_t *b, int len) {
- uint8_t *end = b + len;
- while (b < end)
- if (*a++ != *b++)
- return 1;
- return 0;
-}
-
-void
-octet_string_set_to_zero(uint8_t *s, int len) {
- uint8_t *end = s + len;
-
- do {
- *s = 0;
- } while (++s < end);
-
-}
-
-
-/* functions below not yet tested! */
-
-int
-v32_low_bit(v32_t *w) {
- int value;
-
- value = low_bit[w->v8[0]];
- if (value != -1)
- return value;
- value = low_bit[w->v8[1]];
- if (value != -1)
- return value + 8;
- value = low_bit[w->v8[2]];
- if (value != -1)
- return value + 16;
- value = low_bit[w->v8[3]];
- if (value == -1)
- return -1;
- return value + 24;
-}
-
-/* high_bit not done yet */
-
-
-
-
-
diff --git a/crypto/math/stat.c b/crypto/math/stat.c
index 84cdf2f..4b92e81 100644
--- a/crypto/math/stat.c
+++ b/crypto/math/stat.c
@@ -25,7 +25,7 @@
#define STAT_TEST_DATA_LEN 2500
-err_status_t
+srtp_err_status_t
stat_test_monobit(uint8_t *data) {
uint8_t *data_end = data + STAT_TEST_DATA_LEN;
uint16_t ones_count;
@@ -39,12 +39,12 @@
debug_print(mod_stat, "bit count: %d", ones_count);
if ((ones_count < 9725) || (ones_count > 10275))
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
stat_test_poker(uint8_t *data) {
int i;
uint8_t *data_end = data + STAT_TEST_DATA_LEN;
@@ -70,9 +70,9 @@
debug_print(mod_stat, "poker test: %f\n", poker);
if ((poker < 2.16) || (poker > 46.17))
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -80,7 +80,7 @@
* runs[i] holds the number of runs of size (i-1)
*/
-err_status_t
+srtp_err_status_t
stat_test_runs(uint8_t *data) {
uint8_t *data_end = data + STAT_TEST_DATA_LEN;
uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 };
@@ -111,7 +111,7 @@
/* check for long runs */
if (state > 25) {
debug_print(mod_stat, ">25 runs: %d", state);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
} else if (state < 0) {
@@ -119,7 +119,7 @@
/* prefix is a gap */
if (state < -25) {
debug_print(mod_stat, ">25 gaps: %d", state);
- return err_status_algo_fail; /* long-runs test failed */
+ return srtp_err_status_algo_fail; /* long-runs test failed */
}
if (state < -6) {
state = -6; /* group together gaps > 5 */
@@ -139,7 +139,7 @@
/* prefix is a run */
if (state > 25) {
debug_print(mod_stat, ">25 runs (2): %d", state);
- return err_status_algo_fail; /* long-runs test failed */
+ return srtp_err_status_algo_fail; /* long-runs test failed */
}
if (state > 6) {
state = 6; /* group together runs > 5 */
@@ -154,7 +154,7 @@
/* check for long gaps */
if (state < -25) {
debug_print(mod_stat, ">25 gaps (2): %d", state);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
} else {
@@ -181,10 +181,10 @@
for (i=0; i < 6; i++)
if ( (runs[i] < lo_value[i] ) || (runs[i] > hi_value[i])
|| (gaps[i] < lo_value[i] ) || (gaps[i] > hi_value[i]))
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -196,7 +196,7 @@
#define RAND_SRC_BUF_OCTETS 50 /* this value MUST divide 2500! */
-err_status_t
+srtp_err_status_t
stat_test_rand_source(rand_source_func_t get_rand_bytes) {
int i;
double poker;
@@ -206,7 +206,7 @@
0, 0, 0, 0, 0, 0, 0, 0
};
uint8_t buffer[RAND_SRC_BUF_OCTETS];
- err_status_t status;
+ srtp_err_status_t status;
int ones_count = 0;
uint16_t runs[6] = { 0, 0, 0, 0, 0, 0 };
uint16_t gaps[6] = { 0, 0, 0, 0, 0, 0 };
@@ -257,7 +257,7 @@
/* check for long runs */
if (state > 25) {
debug_print(mod_stat, ">25 runs (3): %d", state);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
} else if (state < 0) {
@@ -265,7 +265,7 @@
/* prefix is a gap */
if (state < -25) {
debug_print(mod_stat, ">25 gaps (3): %d", state);
- return err_status_algo_fail; /* long-runs test failed */
+ return srtp_err_status_algo_fail; /* long-runs test failed */
}
if (state < -6) {
state = -6; /* group together gaps > 5 */
@@ -285,7 +285,7 @@
/* prefix is a run */
if (state > 25) {
debug_print(mod_stat, ">25 runs (4): %d", state);
- return err_status_algo_fail; /* long-runs test failed */
+ return srtp_err_status_algo_fail; /* long-runs test failed */
}
if (state > 6) {
state = 6; /* group together runs > 5 */
@@ -300,7 +300,7 @@
/* check for long gaps */
if (state < -25) {
debug_print(mod_stat, ">25 gaps (4): %d", state);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
} else {
@@ -324,7 +324,7 @@
if ((ones_count < 9725) || (ones_count > 10275)) {
debug_print(mod_stat, "stat: failed monobit test %d", ones_count);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
/* check poker test data */
@@ -339,7 +339,7 @@
if ((poker < 2.16) || (poker > 46.17)) {
debug_print(mod_stat, "stat: failed poker test", NULL);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
/* check run and gap counts against the fixed limits */
@@ -347,22 +347,22 @@
if ((runs[i] < lo_value[i] ) || (runs[i] > hi_value[i])
|| (gaps[i] < lo_value[i] ) || (gaps[i] > hi_value[i])) {
debug_print(mod_stat, "stat: failed run/gap test", NULL);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
debug_print(mod_stat, "passed random stat test", NULL);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
stat_test_rand_source_with_repetition(rand_source_func_t source, unsigned num_trials) {
unsigned int i;
- err_status_t err = err_status_algo_fail;
+ srtp_err_status_t err = srtp_err_status_algo_fail;
for (i=0; i < num_trials; i++) {
err = stat_test_rand_source(source);
- if (err == err_status_ok) {
- return err_status_ok;
+ if (err == srtp_err_status_ok) {
+ return srtp_err_status_ok;
}
debug_print(mod_stat, "failed stat test (try number %d)\n", i);
}
diff --git a/crypto/replay/rdb.c b/crypto/replay/rdb.c
index c84222f..cb35b8a 100644
--- a/crypto/replay/rdb.c
+++ b/crypto/replay/rdb.c
@@ -62,34 +62,34 @@
/* rdb_init initalizes rdb */
-err_status_t
+srtp_err_status_t
rdb_init(rdb_t *rdb) {
v128_set_to_zero(&rdb->bitmask);
rdb->window_start = 0;
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
* rdb_check checks to see if index appears in rdb
*/
-err_status_t
+srtp_err_status_t
rdb_check(const rdb_t *rdb, uint32_t p_index) {
/* if the index appears after (or at very end of) the window, its good */
if (p_index >= rdb->window_start + rdb_bits_in_bitmask)
- return err_status_ok;
+ return srtp_err_status_ok;
/* if the index appears before the window, its bad */
if (p_index < rdb->window_start)
- return err_status_replay_old;
+ return srtp_err_status_replay_old;
/* otherwise, the index appears within the window, so check the bitmask */
if (v128_get_bit(&rdb->bitmask, (p_index - rdb->window_start)) == 1)
- return err_status_replay_fail;
+ return srtp_err_status_replay_fail;
/* otherwise, the index is okay */
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -101,7 +101,7 @@
* should protect the rdb between these calls
*/
-err_status_t
+srtp_err_status_t
rdb_add_index(rdb_t *rdb, uint32_t p_index) {
int delta;
@@ -124,15 +124,15 @@
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
rdb_increment(rdb_t *rdb) {
if (rdb->window_start++ > 0x7fffffff)
- return err_status_key_expired;
- return err_status_ok;
+ return srtp_err_status_key_expired;
+ return srtp_err_status_ok;
}
uint32_t
diff --git a/crypto/replay/rdbx.c b/crypto/replay/rdbx.c
index 153676f..fce8f0a 100644
--- a/crypto/replay/rdbx.c
+++ b/crypto/replay/rdbx.c
@@ -186,39 +186,39 @@
* rdbx_init(&r, ws) initializes the rdbx_t pointed to by r with window size ws
*/
-err_status_t
+srtp_err_status_t
rdbx_init(rdbx_t *rdbx, unsigned long ws) {
if (ws == 0)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
if (bitvector_alloc(&rdbx->bitmask, ws) != 0)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
index_init(&rdbx->index);
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
* rdbx_dealloc(&r) frees memory for the rdbx_t pointed to by r
*/
-err_status_t
+srtp_err_status_t
rdbx_dealloc(rdbx_t *rdbx) {
bitvector_dealloc(&rdbx->bitmask);
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
* rdbx_set_roc(rdbx, roc) initalizes the rdbx_t at the location rdbx
* to have the rollover counter value roc. If that value is less than
* the current rollover counter value, then the function returns
- * err_status_replay_old; otherwise, err_status_ok is returned.
+ * srtp_err_status_replay_old; otherwise, srtp_err_status_ok is returned.
*
*/
-err_status_t
+srtp_err_status_t
rdbx_set_roc(rdbx_t *rdbx, uint32_t roc) {
bitvector_set_to_zero(&rdbx->bitmask);
@@ -228,13 +228,13 @@
/* make sure that we're not moving backwards */
if (roc < (rdbx->index >> 16))
- return err_status_replay_old;
+ return srtp_err_status_replay_old;
rdbx->index &= 0xffff; /* retain lowest 16 bits */
rdbx->index |= ((uint64_t)roc) << 16; /* set ROC */
#endif
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -264,22 +264,22 @@
* which is at rdbx->index + delta is in the rdb
*/
-err_status_t
+srtp_err_status_t
rdbx_check(const rdbx_t *rdbx, int delta) {
if (delta > 0) { /* if delta is positive, it's good */
- return err_status_ok;
+ return srtp_err_status_ok;
} else if ((int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta < 0) {
/* if delta is lower than the bitmask, it's bad */
- return err_status_replay_old;
+ return srtp_err_status_replay_old;
} else if (bitvector_get_bit(&rdbx->bitmask,
(int)(bitvector_get_length(&rdbx->bitmask) - 1) + delta) == 1) {
/* delta is within the window, so check the bitmask */
- return err_status_replay_fail;
+ return srtp_err_status_replay_fail;
}
/* otherwise, the index is okay */
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -291,7 +291,7 @@
* should protect the rdbx between these calls if need be
*/
-err_status_t
+srtp_err_status_t
rdbx_add_index(rdbx_t *rdbx, int delta) {
if (delta > 0) {
@@ -306,7 +306,7 @@
/* note that we need not consider the case that delta == 0 */
- return err_status_ok;
+ return srtp_err_status_ok;
}
diff --git a/crypto/rng/ctr_prng.c b/crypto/rng/ctr_prng.c
index e24b0ab..cc6fcf6 100644
--- a/crypto/rng/ctr_prng.c
+++ b/crypto/rng/ctr_prng.c
@@ -53,10 +53,10 @@
ctr_prng_t ctr_prng;
-err_status_t
+srtp_err_status_t
ctr_prng_init(rand_source_func_t random_source) {
uint8_t tmp_key[32];
- err_status_t status;
+ srtp_err_status_t status;
/* initialize output count to zero */
ctr_prng.octet_count = 0;
@@ -78,12 +78,12 @@
if (status)
return status;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
ctr_prng_get_octet_string(void *dest, uint32_t len) {
- err_status_t status;
+ srtp_err_status_t status;
/*
* if we need to re-initialize the prng, do so now
@@ -102,13 +102,13 @@
if (status)
return status;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
ctr_prng_deinit(void) {
/* nothing */
- return err_status_ok;
+ return srtp_err_status_ok;
}
diff --git a/crypto/rng/prng.c b/crypto/rng/prng.c
index 208e268..80ff53e 100644
--- a/crypto/rng/prng.c
+++ b/crypto/rng/prng.c
@@ -53,10 +53,10 @@
x917_prng_t x917_prng;
-err_status_t
+srtp_err_status_t
x917_prng_init(rand_source_func_t random_source) {
uint8_t tmp_key[16];
- err_status_t status;
+ srtp_err_status_t status;
/* initialize output count to zero */
x917_prng.octet_count = 0;
@@ -77,15 +77,15 @@
if (status)
return status;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
uint32_t t;
v128_t buffer;
uint32_t i, tail_len;
- err_status_t status;
+ srtp_err_status_t status;
/*
* if we need to re-initialize the prng, do so now
@@ -174,11 +174,11 @@
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
x917_prng_deinit(void) {
- return err_status_ok;
+ return srtp_err_status_ok;
}
diff --git a/crypto/rng/rand_source.c b/crypto/rng/rand_source.c
index 1eb6fbb..fe4e0a1 100644
--- a/crypto/rng/rand_source.c
+++ b/crypto/rng/rand_source.c
@@ -75,17 +75,17 @@
static int dev_random_fdes = RAND_SOURCE_NOT_READY;
-err_status_t
+srtp_err_status_t
rand_source_init(void) {
if (dev_random_fdes >= 0) {
/* already open */
- return err_status_ok;
+ return srtp_err_status_ok;
}
#ifdef DEV_URANDOM
/* open random source for reading */
dev_random_fdes = open(DEV_URANDOM, O_RDONLY);
if (dev_random_fdes < 0)
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
#elif defined(HAVE_RAND_S)
dev_random_fdes = RAND_SOURCE_READY;
#else
@@ -93,10 +93,10 @@
fprintf(stderr, "WARNING: no real random source present!\n");
dev_random_fdes = RAND_SOURCE_READY;
#endif
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
rand_source_get_octet_string(void *dest, uint32_t len) {
/*
@@ -110,7 +110,7 @@
{
ssize_t num_read = read(dev_random_fdes, dst, len);
if (num_read <= 0 || num_read > len)
- return err_status_fail;
+ return srtp_err_status_fail;
len -= num_read;
dst += num_read;
}
@@ -122,7 +122,7 @@
errno_t err = rand_s(&val);
if (err != 0)
- return err_status_fail;
+ return srtp_err_status_fail;
*dst++ = val & 0xff;
len--;
@@ -141,18 +141,18 @@
len--;
}
#endif
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
rand_source_deinit(void) {
if (dev_random_fdes < 0)
- return err_status_dealloc_fail; /* well, we haven't really failed, *
+ return srtp_err_status_dealloc_fail; /* well, we haven't really failed, *
* but there is something wrong */
#ifdef DEV_URANDOM
close(dev_random_fdes);
#endif
dev_random_fdes = RAND_SOURCE_NOT_READY;
- return err_status_ok;
+ return srtp_err_status_ok;
}
diff --git a/crypto/rng/rand_source_ossl.c b/crypto/rng/rand_source_ossl.c
index 4bca6ac..56d138c 100644
--- a/crypto/rng/rand_source_ossl.c
+++ b/crypto/rng/rand_source_ossl.c
@@ -50,21 +50,21 @@
#include <openssl/rand.h>
-err_status_t rand_source_init (void)
+srtp_err_status_t rand_source_init (void)
{
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t rand_source_get_octet_string (void *dest, uint32_t len)
+srtp_err_status_t rand_source_get_octet_string (void *dest, uint32_t len)
{
if (RAND_bytes(dest, len) == 1) {
- return err_status_ok;
+ return srtp_err_status_ok;
} else {
- return err_status_fail;
+ return srtp_err_status_fail;
}
}
-err_status_t rand_source_deinit (void)
+srtp_err_status_t rand_source_deinit (void)
{
- return err_status_ok;
+ return srtp_err_status_ok;
}
diff --git a/crypto/test/aes_calc.c b/crypto/test/aes_calc.c
index 64c79db..b647418 100644
--- a/crypto/test/aes_calc.c
+++ b/crypto/test/aes_calc.c
@@ -41,7 +41,7 @@
aes_expanded_key_t exp_key;
int key_len, len;
int verbose = 0;
- err_status_t status;
+ srtp_err_status_t status;
if (argc == 3) {
/* we're not in verbose mode */
diff --git a/crypto/test/cipher_driver.c b/crypto/test/cipher_driver.c
index a85cdc1..4fe9370 100644
--- a/crypto/test/cipher_driver.c
+++ b/crypto/test/cipher_driver.c
@@ -65,7 +65,7 @@
void
cipher_driver_test_throughput(cipher_t *c);
-err_status_t
+srtp_err_status_t
cipher_driver_self_test(cipher_type_t *ct);
@@ -75,14 +75,14 @@
* calls
*/
-err_status_t
+srtp_err_status_t
cipher_driver_test_buffering(cipher_t *c);
/*
* functions for testing cipher cache thrash
*/
-err_status_t
+srtp_err_status_t
cipher_driver_test_array_throughput(cipher_type_t *ct,
int klen, int num_cipher);
@@ -93,10 +93,10 @@
cipher_array_bits_per_second(cipher_t *cipher_array[], int num_cipher,
unsigned octets_in_buffer, int num_trials);
-err_status_t
+srtp_err_status_t
cipher_array_delete(cipher_t *cipher_array[], int num_cipher);
-err_status_t
+srtp_err_status_t
cipher_array_alloc_init(cipher_t ***cipher_array, int num_ciphers,
cipher_type_t *ctype, int klen);
@@ -107,7 +107,7 @@
}
void
-check_status(err_status_t s) {
+check_status(srtp_err_status_t s) {
if (s) {
printf("error (code %d)\n", s);
exit(s);
@@ -135,7 +135,7 @@
int
main(int argc, char *argv[]) {
cipher_t *c = NULL;
- err_status_t status;
+ srtp_err_status_t status;
unsigned char test_key[48] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
@@ -204,11 +204,11 @@
cipher_driver_test_array_throughput(&aes_icm_256, 46, num_cipher);
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) {
- cipher_driver_test_array_throughput(&aes_gcm_128_openssl, AES_128_GCM_KEYSIZE_WSALT, num_cipher);
+ cipher_driver_test_array_throughput(&aes_gcm_128_openssl, SRTP_AES_128_GCM_KEYSIZE_WSALT, num_cipher);
}
for (num_cipher=1; num_cipher < max_num_cipher; num_cipher *=8) {
- cipher_driver_test_array_throughput(&aes_gcm_256_openssl, AES_256_GCM_KEYSIZE_WSALT, num_cipher);
+ cipher_driver_test_array_throughput(&aes_gcm_256_openssl, SRTP_AES_256_GCM_KEYSIZE_WSALT, num_cipher);
}
#endif
}
@@ -291,7 +291,7 @@
#ifdef OPENSSL
/* run the throughput test on the aes_gcm_128_openssl cipher */
- status = cipher_type_alloc(&aes_gcm_128_openssl, &c, AES_128_GCM_KEYSIZE_WSALT, 8);
+ status = cipher_type_alloc(&aes_gcm_128_openssl, &c, SRTP_AES_128_GCM_KEYSIZE_WSALT, 8);
if (status) {
fprintf(stderr, "error: can't allocate GCM 128 cipher\n");
exit(status);
@@ -310,7 +310,7 @@
check_status(status);
/* run the throughput test on the aes_gcm_256_openssl cipher */
- status = cipher_type_alloc(&aes_gcm_256_openssl, &c, AES_256_GCM_KEYSIZE_WSALT, 16);
+ status = cipher_type_alloc(&aes_gcm_256_openssl, &c, SRTP_AES_256_GCM_KEYSIZE_WSALT, 16);
if (status) {
fprintf(stderr, "error: can't allocate GCM 256 cipher\n");
exit(status);
@@ -347,9 +347,9 @@
}
-err_status_t
+srtp_err_status_t
cipher_driver_self_test(cipher_type_t *ct) {
- err_status_t status;
+ srtp_err_status_t status;
printf("running cipher self-test for %s...", ct->description);
status = cipher_type_self_test(ct);
@@ -359,7 +359,7 @@
}
printf("passed\n");
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -368,7 +368,7 @@
* calls
*/
-err_status_t
+srtp_err_status_t
cipher_driver_test_buffering(cipher_t *c) {
int i, j, num_trials = 1000;
unsigned len, buflen = 1024;
@@ -377,7 +377,7 @@
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x34
};
- err_status_t status;
+ srtp_err_status_t status;
printf("testing output buffering for cipher %s...",
c->type->description);
@@ -435,13 +435,13 @@
printf("computed: %s\n", octet_string_hex_string(buffer1, buflen));
printf("expected: %s\n", octet_string_hex_string(buffer0, buflen));
#endif
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
}
printf("passed\n");
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -453,11 +453,11 @@
* of cipher_t of type ctype
*/
-err_status_t
+srtp_err_status_t
cipher_array_alloc_init(cipher_t ***ca, int num_ciphers,
cipher_type_t *ctype, int klen) {
int i, j;
- err_status_t status;
+ srtp_err_status_t status;
uint8_t *key;
cipher_t **cipher_array;
/* pad klen allocation, to handle aes_icm reading 16 bytes for the
@@ -467,7 +467,7 @@
/* allocate array of pointers to ciphers */
cipher_array = (cipher_t **) malloc(sizeof(cipher_t *) * num_ciphers);
if (cipher_array == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
/* set ca to location of cipher_array */
*ca = cipher_array;
@@ -476,7 +476,7 @@
key = crypto_alloc(klen_pad);
if (key == NULL) {
free(cipher_array);
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
}
/* allocate and initialize an array of ciphers */
@@ -506,10 +506,10 @@
crypto_free(key);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
cipher_array_delete(cipher_t *cipher_array[], int num_cipher) {
int i;
@@ -519,7 +519,7 @@
free(cipher_array);
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -593,11 +593,11 @@
}
-err_status_t
+srtp_err_status_t
cipher_driver_test_array_throughput(cipher_type_t *ct,
int klen, int num_cipher) {
cipher_t **ca = NULL;
- err_status_t status;
+ srtp_err_status_t status;
status = cipher_array_alloc_init(&ca, num_cipher, ct, klen);
if (status) {
@@ -610,5 +610,5 @@
cipher_array_delete(ca, num_cipher);
- return err_status_ok;
+ return srtp_err_status_ok;
}
diff --git a/crypto/test/kernel_driver.c b/crypto/test/kernel_driver.c
index c0f12c1..e4b604e 100644
--- a/crypto/test/kernel_driver.c
+++ b/crypto/test/kernel_driver.c
@@ -62,7 +62,7 @@
extern char *optarg;
int q;
int do_validation = 0;
- err_status_t status;
+ srtp_err_status_t status;
if (argc == 1)
usage(argv[0]);
@@ -121,10 +121,10 @@
* of the crypto_kernel
*/
-err_status_t
+srtp_err_status_t
crypto_kernel_cipher_test(void) {
/* not implemented yet! */
- return err_status_ok;
+ return srtp_err_status_ok;
}
diff --git a/crypto/test/rand_gen.c b/crypto/test/rand_gen.c
deleted file mode 100644
index 8bb8b88..0000000
--- a/crypto/test/rand_gen.c
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * rand_gen.c
- *
- * a random source (random number generator)
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <stdio.h> /* for printf() */
-#include <unistd.h> /* for getopt() */
-#include "crypto_kernel.h"
-
-/*
- * MAX_PRINT_STRING_LEN is defined in datatypes.h, and is the length
- * of the largest hexadecimal string that can be generated by the
- * function octet_string_hex_string().
- */
-
-#define BUF_LEN (MAX_PRINT_STRING_LEN/2)
-
-void
-usage(char *prog_name) {
- printf("usage: %s -n <num_bytes> [-l][ -d debug_module ]*\n"
- " -n <num> output <num> random bytes, where <num>"
- " is between zero and %d\n"
- " -l list the avaliable debug modules\n"
- " -d <mod> turn on debugging module <mod>\n",
- prog_name, BUF_LEN);
- exit(255);
-}
-
-int
-main (int argc, char *argv[]) {
- extern char *optarg;
- int q;
- int num_octets = 0;
- unsigned do_list_mods = 0;
- err_status_t status;
-
- if (argc == 1)
- usage(argv[0]);
-
- /* initialize kernel - we need to do this before anything else */
- status = crypto_kernel_init();
- if (status) {
- printf("error: crypto_kernel init failed\n");
- exit(1);
- }
-
- /* process input arguments */
- while (1) {
- q = getopt(argc, argv, "ld:n:");
- if (q == -1)
- break;
- switch (q) {
- case 'd':
- status = crypto_kernel_set_debug_module(optarg, 1);
- if (status) {
- printf("error: set debug module (%s) failed\n", optarg);
- exit(1);
- }
- break;
- case 'l':
- do_list_mods = 1;
- break;
- case 'n':
- num_octets = atoi(optarg);
- if (num_octets < 0 || num_octets > BUF_LEN)
- usage(argv[0]);
- break;
- default:
- usage(argv[0]);
- }
- }
-
- if (do_list_mods) {
- status = crypto_kernel_list_debug_modules();
- if (status) {
- printf("error: list of debug modules failed\n");
- exit(1);
- }
- }
-
- if (num_octets > 0) {
- uint8_t buffer[BUF_LEN];
-
- status = crypto_get_random(buffer, num_octets);
- if (status) {
- printf("error: failure in random source\n");
- } else {
- printf("%s\n", octet_string_hex_string(buffer, num_octets));
- }
- }
-
- status = crypto_kernel_shutdown();
- if (status) {
- printf("error: crypto_kernel shutdown failed\n");
- exit(1);
- }
-
- return 0;
-}
-
diff --git a/crypto/test/rand_gen_soak.c b/crypto/test/rand_gen_soak.c
deleted file mode 100644
index 993e7f1..0000000
--- a/crypto/test/rand_gen_soak.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Soak test the RNG for exhaustion failures
- */
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <stdio.h> /* for printf() */
-#include <unistd.h> /* for getopt() */
-#include "crypto_kernel.h"
-
-#define BUF_LEN (MAX_PRINT_STRING_LEN/2)
-
-int main(int argc, char *argv[])
-{
- int q;
- extern char *optarg;
- int num_octets = 0;
- err_status_t status;
- uint32_t iterations = 0;
- int print_values = 0;
-
- if (argc == 1) {
- exit(255);
- }
-
- status = crypto_kernel_init();
- if (status) {
- printf("error: crypto_kernel init failed\n");
- exit(1);
- }
-
- while (1) {
- q = getopt(argc, argv, "pvn:");
- if (q == -1) {
- break;
- }
- switch (q) {
- case 'p':
- print_values = 1;
- break;
- case 'n':
- num_octets = atoi(optarg);
- if (num_octets < 0 || num_octets > BUF_LEN) {
- exit(255);
- }
- break;
- case 'v':
- num_octets = 30;
- print_values = 0;
- break;
- default:
- exit(255);
- }
- }
-
- if (num_octets > 0) {
- while (iterations < 300000) {
- uint8_t buffer[BUF_LEN];
-
- status = crypto_get_random(buffer, num_octets);
- if (status) {
- printf("iteration %d error: failure in random source\n", iterations);
- exit(255);
- } else if (print_values) {
- printf("%s\n", octet_string_hex_string(buffer, num_octets));
- }
- iterations++;
- }
- }
-
- status = crypto_kernel_shutdown();
- if (status) {
- printf("error: crypto_kernel shutdown failed\n");
- exit(1);
- }
-
- return 0;
-}
-
diff --git a/crypto/test/sha1_driver.c b/crypto/test/sha1_driver.c
index 6adfad1..9bfa8c4 100644
--- a/crypto/test/sha1_driver.c
+++ b/crypto/test/sha1_driver.c
@@ -68,7 +68,7 @@
hash_test_case_t *sha1_test_case_list;
-err_status_t
+srtp_err_status_t
hash_test_case_add(hash_test_case_t **list_ptr,
char *hex_data,
unsigned data_len,
@@ -80,15 +80,15 @@
test_case = malloc(sizeof(hash_test_case_t));
if (test_case == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
tmp_len = hex_string_to_octet_string((char *)test_case->data, hex_data, data_len*2);
if (tmp_len != data_len*2)
- return err_status_parse_err;
+ return srtp_err_status_parse_err;
tmp_len = hex_string_to_octet_string((char *)test_case->hash, hex_hash, hash_len*2);
if (tmp_len != hash_len*2)
- return err_status_parse_err;
+ return srtp_err_status_parse_err;
test_case->data_len = data_len;
test_case->hash_len = hash_len;
@@ -97,25 +97,25 @@
test_case->next_test_case = list_head;
*list_ptr = test_case;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
sha1_test_case_validate(const hash_test_case_t *test_case) {
- sha1_ctx_t ctx;
+ srtp_sha1_ctx_t ctx;
uint32_t hash_value[5];
if (test_case == NULL)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
if (test_case->hash_len != 20)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
if (test_case->data_len > MAX_HASH_DATA_LEN)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
- sha1_init(&ctx);
- sha1_update(&ctx, test_case->data, test_case->data_len);
- sha1_final(&ctx, hash_value);
+ srtp_sha1_init(&ctx);
+ srtp_sha1_update(&ctx, test_case->data, test_case->data_len);
+ srtp_sha1_final(&ctx, hash_value);
if (0 == memcmp(test_case->hash, hash_value, 20)) {
#if VERBOSE
printf("PASSED: reference value: %s\n",
@@ -123,7 +123,7 @@
printf("PASSED: computed value: %s\n",
octet_string_hex_string((const uint8_t *)hash_value, 20));
#endif
- return err_status_ok;
+ return srtp_err_status_ok;
}
printf("reference value: %s\n",
@@ -131,7 +131,7 @@
printf("computed value: %s\n",
octet_string_hex_string((const uint8_t *)hash_value, 20));
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
@@ -141,10 +141,10 @@
char hex_hash[40];
};
-err_status_t
+srtp_err_status_t
sha1_add_test_cases(void) {
int i;
- err_status_t err;
+ srtp_err_status_t err;
/*
* these test cases are taken from the "SHA-1 Sample Vectors"
@@ -488,10 +488,10 @@
}
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
sha1_dealloc_test_cases(void) {
hash_test_case_t *t, *next;
@@ -502,15 +502,15 @@
sha1_test_case_list = NULL;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
sha1_validate(void) {
hash_test_case_t *test_case;
- err_status_t err;
+ srtp_err_status_t err;
err = sha1_add_test_cases();
if (err) {
@@ -519,7 +519,7 @@
}
if (sha1_test_case_list == NULL)
- return err_status_cant_check;
+ return srtp_err_status_cant_check;
test_case = sha1_test_case_list;
while (test_case != NULL) {
@@ -533,14 +533,14 @@
sha1_dealloc_test_cases();
- return err_status_ok;
+ return srtp_err_status_ok;
}
int
main (void) {
- err_status_t err;
+ srtp_err_status_t err;
printf("sha1 test driver\n");
diff --git a/crypto/test/stat_driver.c b/crypto/test/stat_driver.c
index 6e92f93..ec6361d 100644
--- a/crypto/test/stat_driver.c
+++ b/crypto/test/stat_driver.c
@@ -24,11 +24,11 @@
void *state;
} random_source_t;
-err_status_t
+srtp_err_status_t
random_source_alloc(void);
void
-err_check(err_status_t s) {
+err_check(srtp_err_status_t s) {
if (s) {
printf("error (code %d)\n", s);
exit(1);
@@ -146,7 +146,7 @@
for (i=0; i < 2500; i++) {
buffer[i] = 0;
}
- err_check(cipher_type_alloc(&aes_gcm_128_openssl, &c, AES_128_GCM_KEYSIZE_WSALT, 8));
+ err_check(cipher_type_alloc(&aes_gcm_128_openssl, &c, SRTP_AES_128_GCM_KEYSIZE_WSALT, 8));
err_check(cipher_init(c, key));
err_check(cipher_set_iv(c, &nonce, direction_encrypt));
err_check(cipher_encrypt(c, buffer, &buf_len));
@@ -175,7 +175,7 @@
for (i=0; i < 2500; i++) {
buffer[i] = 0;
}
- err_check(cipher_type_alloc(&aes_gcm_256_openssl, &c, AES_256_GCM_KEYSIZE_WSALT, 16));
+ err_check(cipher_type_alloc(&aes_gcm_256_openssl, &c, SRTP_AES_256_GCM_KEYSIZE_WSALT, 16));
err_check(cipher_init(c, key));
err_check(cipher_set_iv(c, &nonce, direction_encrypt));
err_check(cipher_encrypt(c, buffer, &buf_len));
diff --git a/include/ekt.h b/include/ekt.h
index b0d888b..7e00c33 100644
--- a/include/ekt.h
+++ b/include/ekt.h
@@ -68,87 +68,72 @@
#include "srtp_priv.h"
-#define EKT_CIPHER_DEFAULT 1
-#define EKT_CIPHER_AES_128_ECB 1
-#define EKT_CIPHER_AES_192_KEY_WRAP 2
-#define EKT_CIPHER_AES_256_KEY_WRAP 3
+#define SRTP_EKT_CIPHER_DEFAULT 1
+#define SRTP_EKT_CIPHER_AES_128_ECB 1
+#define SRTP_EKT_CIPHER_AES_192_KEY_WRAP 2
+#define SRTP_EKT_CIPHER_AES_256_KEY_WRAP 3
-typedef uint16_t ekt_spi_t;
+typedef uint16_t srtp_ekt_spi_t;
-unsigned
-ekt_octets_after_base_tag(ekt_stream_t ekt);
+unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt);
/*
* an srtp_policy_t structure can contain a pointer to an
- * ekt_policy_t structure
+ * srtp_ekt_policy_t structure
*
* this structure holds all of the high level EKT information, and it
* is passed into libsrtp to indicate what policy should be in effect
*/
-typedef struct ekt_policy_ctx_t {
- ekt_spi_t spi; /* security parameter index */
+typedef struct srtp_ekt_policy_ctx_t {
+ srtp_ekt_spi_t spi; /* security parameter index */
uint8_t ekt_cipher_type;
uint8_t *ekt_key;
- struct ekt_policy_ctx_t *next_ekt_policy;
-} ekt_policy_ctx_t;
+ struct srtp_ekt_policy_ctx_t *next_ekt_policy;
+} srtp_ekt_policy_ctx_t;
/*
- * an ekt_data_t structure holds the data corresponding to an ekt key,
+ * an srtp_ekt_data_t structure holds the data corresponding to an ekt key,
* spi, and so on
*/
-typedef struct ekt_data_t {
- ekt_spi_t spi;
+typedef struct srtp_ekt_data_t {
+ srtp_ekt_spi_t spi;
uint8_t ekt_cipher_type;
aes_expanded_key_t ekt_enc_key;
aes_expanded_key_t ekt_dec_key;
struct ekt_data_t *next_ekt_data;
-} ekt_data_t;
+} srtp_ekt_data_t;
/*
- * an srtp_stream_ctx_t can contain an ekt_stream_ctx_t
+ * an srtp_stream_ctx_t can contain an srtp_ekt_stream_ctx_t
*
- * an ekt_stream_ctx_t structure holds all of the EKT information for
+ * an srtp_ekt_stream_ctx_t structure holds all of the EKT information for
* a specific SRTP stream
*/
-typedef struct ekt_stream_ctx_t {
- ekt_data_t *data;
- uint16_t isn; /* initial sequence number */
- uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN];
-} ekt_stream_ctx_t;
+typedef struct srtp_ekt_stream_ctx_t {
+ srtp_ekt_data_t *data;
+ uint16_t isn; /* initial sequence number */
+ uint8_t encrypted_master_key[SRTP_MAX_KEY_LEN];
+} srtp_ekt_stream_ctx_t;
-err_status_t
-ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy);
+srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, srtp_ekt_policy_t policy);
-err_status_t
-ekt_stream_init(ekt_stream_t e,
- ekt_spi_t spi,
- void *ekt_key,
- unsigned ekt_cipher_type);
+srtp_err_status_t srtp_ekt_stream_init(srtp_ekt_stream_t e, srtp_ekt_spi_t spi, void *ekt_key, unsigned ekt_cipher_type);
-err_status_t
-ekt_stream_init_from_policy(ekt_stream_t e, ekt_policy_t p);
+srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t e, srtp_ekt_policy_t p);
-err_status_t
-srtp_stream_init_from_ekt(srtp_stream_t stream,
- const void *srtcp_hdr,
- unsigned pkt_octet_len);
+srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, const void *srtcp_hdr, unsigned pkt_octet_len);
-void
-ekt_write_data(ekt_stream_t ekt,
- uint8_t *base_tag,
- unsigned base_tag_len,
- int *packet_len,
- xtd_seq_num_t pkt_index);
+void srtp_ekt_write_data(srtp_ekt_stream_t ekt, uint8_t *base_tag, unsigned base_tag_len, int *packet_len, xtd_seq_num_t pkt_index);
/*
* We handle EKT by performing some additional steps before
@@ -158,16 +143,9 @@
* With EKT, the tag_len parameter is actually the base tag
* length
*/
+srtp_err_status_t srtp_ekt_tag_verification_preproces(uint8_t *pkt_tag, uint8_t *pkt_tag_copy, unsigned tag_len);
-err_status_t
-ekt_tag_verification_preproces(uint8_t *pkt_tag,
- uint8_t *pkt_tag_copy,
- unsigned tag_len);
-
-err_status_t
-ekt_tag_verification_postproces(uint8_t *pkt_tag,
- uint8_t *pkt_tag_copy,
- unsigned tag_len);
+srtp_err_status_t srtp_ekt_tag_verification_postproces(uint8_t *pkt_tag, uint8_t *pkt_tag_copy, unsigned tag_len);
/*
@@ -182,16 +160,10 @@
* When EKT is not used, this function is a no-op.
*
*/
-
-err_status_t
-srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_stream_t *s,
- uint8_t *pkt_tag,
- unsigned pkt_octet_len);
+srtp_err_status_t srtp_stream_srtcp_auth_tag_generation_preprocess(const srtp_stream_t *s, uint8_t *pkt_tag, unsigned pkt_octet_len);
/* it's not clear that a tag_generation_postprocess function is needed */
-
-err_status_t
-srtcp_auth_tag_generation_postprocess(void);
+srtp_err_status_t srtcp_auth_tag_generation_postprocess(void);
#ifdef __cplusplus
diff --git a/include/rtp.h b/include/rtp.h
index 0e0119c..58d9ab2 100644
--- a/include/rtp.h
+++ b/include/rtp.h
@@ -60,7 +60,40 @@
# include <winsock2.h>
#endif
+//#include "srtp_priv.h"
#include "srtp.h"
+/*
+ * RTP_HEADER_LEN indicates the size of an RTP header
+ */
+#define RTP_HEADER_LEN 12
+
+/*
+ * RTP_MAX_BUF_LEN defines the largest RTP packet in the rtp.c implementation
+ */
+#define RTP_MAX_BUF_LEN 16384
+
+
+typedef srtp_hdr_t rtp_hdr_t;
+
+typedef struct {
+ srtp_hdr_t header;
+ char body[RTP_MAX_BUF_LEN];
+} rtp_msg_t;
+
+typedef struct rtp_sender_ctx_t {
+ rtp_msg_t message;
+ int socket;
+ srtp_ctx_t *srtp_ctx;
+ struct sockaddr_in addr; /* reciever's address */
+} rtp_sender_ctx_t;
+
+typedef struct rtp_receiver_ctx_t {
+ rtp_msg_t message;
+ int socket;
+ srtp_ctx_t *srtp_ctx;
+ struct sockaddr_in addr; /* receiver's address */
+} rtp_receiver_ctx_t;
+
typedef struct rtp_sender_ctx_t *rtp_sender_t;
@@ -87,14 +120,14 @@
int
srtp_sender_init(rtp_sender_t rtp_ctx, /* structure to be init'ed */
struct sockaddr_in name, /* socket name */
- sec_serv_t security_services, /* sec. servs. to be used */
+ srtp_sec_serv_t security_services, /* sec. servs. to be used */
unsigned char *input_key /* master key/salt in hex */
);
int
srtp_receiver_init(rtp_receiver_t rtp_ctx, /* structure to be init'ed */
struct sockaddr_in name, /* socket name */
- sec_serv_t security_services, /* sec. servs. to be used */
+ srtp_sec_serv_t security_services, /* sec. servs. to be used */
unsigned char *input_key /* master key/salt in hex */
);
@@ -125,15 +158,5 @@
rtp_receiver_dealloc(rtp_receiver_t rtp_ctx);
-/*
- * RTP_HEADER_LEN indicates the size of an RTP header
- */
-#define RTP_HEADER_LEN 12
-
-/*
- * RTP_MAX_BUF_LEN defines the largest RTP packet in the rtp.c implementation
- */
-#define RTP_MAX_BUF_LEN 16384
-
#endif /* RTP_H */
diff --git a/include/rtp_priv.h b/include/rtp_priv.h
index 1421386..2501846 100644
--- a/include/rtp_priv.h
+++ b/include/rtp_priv.h
@@ -49,26 +49,5 @@
#include "srtp_priv.h"
#include "rtp.h"
-typedef srtp_hdr_t rtp_hdr_t;
-
-typedef struct {
- srtp_hdr_t header;
- char body[RTP_MAX_BUF_LEN];
-} rtp_msg_t;
-
-typedef struct rtp_sender_ctx_t {
- rtp_msg_t message;
- int socket;
- srtp_ctx_t *srtp_ctx;
- struct sockaddr_in addr; /* reciever's address */
-} rtp_sender_ctx_t;
-
-typedef struct rtp_receiver_ctx_t {
- rtp_msg_t message;
- int socket;
- srtp_ctx_t *srtp_ctx;
- struct sockaddr_in addr; /* receiver's address */
-} rtp_receiver_ctx_t;
-
#endif /* RTP_PRIV_H */
diff --git a/include/srtp.h b/include/srtp.h
index 48416d3..a1e2ac8 100644
--- a/include/srtp.h
+++ b/include/srtp.h
@@ -51,9 +51,6 @@
#endif
#include <stdint.h>
-#include "crypto.h"
-#include "crypto_types.h"
-#include "err.h"
/**
* @defgroup SRTP Secure RTP
@@ -97,11 +94,184 @@
* as part of the IV formation logic applied to each RTP packet.
*/
#define SRTP_AEAD_SALT_LEN 12
-#define AES_128_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 16
-#define AES_192_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 24
-#define AES_256_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 32
+#define SRTP_AES_128_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 16
+#define SRTP_AES_192_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 24
+#define SRTP_AES_256_GCM_KEYSIZE_WSALT SRTP_AEAD_SALT_LEN + 32
+
+/*
+ * an srtp_hdr_t represents the srtp header
+ *
+ * in this implementation, an srtp_hdr_t is assumed to be 32-bit aligned
+ *
+ * (note that this definition follows that of RFC 1889 Appendix A, but
+ * is not identical)
+ */
+
+#ifndef WORDS_BIGENDIAN
+
+/*
+ * srtp_hdr_t represents an RTP or SRTP header. The bit-fields in
+ * this structure should be declared "unsigned int" instead of
+ * "unsigned char", but doing so causes the MS compiler to not
+ * fully pack the bit fields.
+ */
+
+typedef struct {
+ unsigned char cc:4; /* CSRC count */
+ unsigned char x:1; /* header extension flag */
+ unsigned char p:1; /* padding flag */
+ unsigned char version:2; /* protocol version */
+ unsigned char pt:7; /* payload type */
+ unsigned char m:1; /* marker bit */
+ uint16_t seq; /* sequence number */
+ uint32_t ts; /* timestamp */
+ uint32_t ssrc; /* synchronization source */
+} srtp_hdr_t;
+
+#else /* BIG_ENDIAN */
+
+typedef struct {
+ unsigned char version:2; /* protocol version */
+ unsigned char p:1; /* padding flag */
+ unsigned char x:1; /* header extension flag */
+ unsigned char cc:4; /* CSRC count */
+ unsigned char m:1; /* marker bit */
+ unsigned char pt:7; /* payload type */
+ uint16_t seq; /* sequence number */
+ uint32_t ts; /* timestamp */
+ uint32_t ssrc; /* synchronization source */
+} srtp_hdr_t;
+
+#endif
+
+typedef struct {
+ uint16_t profile_specific; /* profile-specific info */
+ uint16_t length; /* number of 32-bit words in extension */
+} srtp_hdr_xtnd_t;
+/*
+ * srtcp_hdr_t represents a secure rtcp header
+ *
+ * in this implementation, an srtcp header is assumed to be 32-bit
+ * alinged
+ */
+
+#ifndef WORDS_BIGENDIAN
+
+typedef struct {
+ unsigned char rc:5; /* reception report count */
+ unsigned char p:1; /* padding flag */
+ unsigned char version:2; /* protocol version */
+ unsigned char pt:8; /* payload type */
+ uint16_t len; /* length */
+ uint32_t ssrc; /* synchronization source */
+} srtcp_hdr_t;
+
+typedef struct {
+ unsigned int index:31; /* srtcp packet index in network order! */
+ unsigned int e:1; /* encrypted? 1=yes */
+ /* optional mikey/etc go here */
+ /* and then the variable-length auth tag */
+} srtcp_trailer_t;
+
+
+#else /* BIG_ENDIAN */
+
+typedef struct {
+ unsigned char version:2; /* protocol version */
+ unsigned char p:1; /* padding flag */
+ unsigned char rc:5; /* reception report count */
+ unsigned char pt:8; /* payload type */
+ uint16_t len; /* length */
+ uint32_t ssrc; /* synchronization source */
+} srtcp_hdr_t;
+
+typedef struct {
+ unsigned int version:2; /* protocol version */
+ unsigned int p:1; /* padding flag */
+ unsigned int count:5; /* varies by packet type */
+ unsigned int pt:8; /* payload type */
+ uint16_t length; /* len of uint32s of packet less header */
+} rtcp_common_t;
+
+typedef struct {
+ unsigned int e:1; /* encrypted? 1=yes */
+ unsigned int index:31; /* srtcp packet index */
+ /* optional mikey/etc go here */
+ /* and then the variable-length auth tag */
+} srtcp_trailer_t;
+
+#endif
+
+
+
+/**
+ * @brief A srtp_cipher_type_id_t is an identifier for a particular cipher
+ * type.
+ *
+ * A srtp_cipher_type_id_t is an integer that represents a particular
+ * cipher type, e.g. the Advanced Encryption Standard (AES). A
+ * NULL_CIPHER is avaliable; this cipher leaves the data unchanged,
+ * and can be selected to indicate that no encryption is to take
+ * place.
+ *
+ * @ingroup Ciphers
+ */
+typedef uint32_t srtp_cipher_type_id_t;
+
+/**
+ * @brief An srtp_auth_type_id_t is an identifier for a particular authentication
+ * function.
+ *
+ * An srtp_auth_type_id_t is an integer that represents a particular
+ * authentication function type, e.g. HMAC-SHA1. A NULL_AUTH is
+ * avaliable; this authentication function performs no computation,
+ * and can be selected to indicate that no authentication is to take
+ * place.
+ *
+ * @ingroup Authentication
+ */
+typedef uint32_t srtp_auth_type_id_t;
+
+/*
+ * @brief srtp_err_status_t defines error codes.
+ *
+ * The enumeration srtp_err_status_t defines error codes. Note that the
+ * value of srtp_err_status_ok is equal to zero, which can simplify error
+ * checking somewhat.
+ *
+ */
+typedef enum {
+ srtp_err_status_ok = 0, /**< nothing to report */
+ srtp_err_status_fail = 1, /**< unspecified failure */
+ srtp_err_status_bad_param = 2, /**< unsupported parameter */
+ srtp_err_status_alloc_fail = 3, /**< couldn't allocate memory */
+ srtp_err_status_dealloc_fail = 4, /**< couldn't deallocate properly */
+ srtp_err_status_init_fail = 5, /**< couldn't initialize */
+ srtp_err_status_terminus = 6, /**< can't process as much data as requested */
+ srtp_err_status_auth_fail = 7, /**< authentication failure */
+ srtp_err_status_cipher_fail = 8, /**< cipher failure */
+ srtp_err_status_replay_fail = 9, /**< replay check failed (bad index) */
+ srtp_err_status_replay_old = 10, /**< replay check failed (index too old) */
+ srtp_err_status_algo_fail = 11, /**< algorithm failed test routine */
+ srtp_err_status_no_such_op = 12, /**< unsupported operation */
+ srtp_err_status_no_ctx = 13, /**< no appropriate context found */
+ srtp_err_status_cant_check = 14, /**< unable to perform desired validation */
+ srtp_err_status_key_expired = 15, /**< can't use key any more */
+ srtp_err_status_socket_err = 16, /**< error in use of socket */
+ srtp_err_status_signal_err = 17, /**< error in use POSIX signals */
+ srtp_err_status_nonce_bad = 18, /**< nonce check failed */
+ srtp_err_status_read_fail = 19, /**< couldn't read data */
+ srtp_err_status_write_fail = 20, /**< couldn't write data */
+ srtp_err_status_parse_err = 21, /**< error parsing data */
+ srtp_err_status_encode_err = 22, /**< error encoding data */
+ srtp_err_status_semaphore_err = 23,/**< error while using semaphores */
+ srtp_err_status_pfkey_err = 24 /**< error while using pfkey */
+} srtp_err_status_t;
+
+typedef struct srtp_stream_ctx_t_ srtp_stream_ctx_t;
+typedef struct srtp_ctx_t_ srtp_ctx_t;
/*
* nota bene: since libSRTP doesn't support the use of the MKI, the
@@ -109,9 +279,9 @@
*/
/**
- * @brief sec_serv_t describes a set of security services.
+ * @brief srtp_sec_serv_t describes a set of security services.
*
- * A sec_serv_t enumeration is used to describe the particular
+ * A srtp_sec_serv_t enumeration is used to describe the particular
* security services that will be applied by a particular crypto
* policy (or other mechanism).
*/
@@ -121,38 +291,38 @@
sec_serv_conf = 1, /**< confidentiality */
sec_serv_auth = 2, /**< authentication */
sec_serv_conf_and_auth = 3 /**< confidentiality and authentication */
-} sec_serv_t;
+} srtp_sec_serv_t;
/**
- * @brief crypto_policy_t describes a particular crypto policy that
+ * @brief srtp_crypto_policy_t describes a particular crypto policy that
* can be applied to an SRTP stream.
*
- * A crypto_policy_t describes a particular cryptographic policy that
+ * A srtp_crypto_policy_t describes a particular cryptographic policy that
* can be applied to an SRTP or SRTCP stream. An SRTP session policy
* consists of a list of these policies, one for each SRTP stream
* in the session.
*/
-typedef struct crypto_policy_t {
- cipher_type_id_t cipher_type; /**< An integer representing
- * the type of cipher. */
+typedef struct srtp_crypto_policy_t {
+ srtp_cipher_type_id_t cipher_type; /**< An integer representing
+ * the type of cipher. */
int cipher_key_len; /**< The length of the cipher key
* in octets. */
- auth_type_id_t auth_type; /**< An integer representing the
- * authentication function. */
+ srtp_auth_type_id_t auth_type; /**< An integer representing the
+ * authentication function. */
int auth_key_len; /**< The length of the authentication
* function key in octets. */
int auth_tag_len; /**< The length of the authentication
* tag in octets. */
- sec_serv_t sec_serv; /**< The flag indicating the security
+ srtp_sec_serv_t sec_serv; /**< The flag indicating the security
* services to be applied. */
-} crypto_policy_t;
+} srtp_crypto_policy_t;
/**
- * @brief ssrc_type_t describes the type of an SSRC.
+ * @brief srtp_ssrc_type_t describes the type of an SSRC.
*
- * An ssrc_type_t enumeration is used to indicate a type of SSRC. See
+ * An srtp_ssrc_type_t enumeration is used to indicate a type of SSRC. See
* @ref srtp_policy_t for more informataion.
*/
@@ -165,12 +335,12 @@
ssrc_any_outbound = 3 /**< Indicates any outbound SSRC value
(i.e. a value that is used in the
function srtp_protect()) */
-} ssrc_type_t;
+} srtp_ssrc_type_t;
/**
- * @brief An ssrc_t represents a particular SSRC value, or a `wildcard' SSRC.
+ * @brief An srtp_ssrc_t represents a particular SSRC value, or a `wildcard' SSRC.
*
- * An ssrc_t represents a particular SSRC value (if its type is
+ * An srtp_ssrc_t represents a particular SSRC value (if its type is
* ssrc_specific), or a wildcard SSRC value that will match all
* outbound SSRCs (if its type is ssrc_any_outbound) or all inbound
* SSRCs (if its type is ssrc_any_inbound).
@@ -178,21 +348,21 @@
*/
typedef struct {
- ssrc_type_t type; /**< The type of this particular SSRC */
- unsigned int value; /**< The value of this SSRC, if it is not a wildcard */
-} ssrc_t;
+ srtp_ssrc_type_t type; /**< The type of this particular SSRC */
+ unsigned int value; /**< The value of this SSRC, if it is not a wildcard */
+} srtp_ssrc_t;
/**
* @brief points to an EKT policy
*/
-typedef struct ekt_policy_ctx_t *ekt_policy_t;
+typedef struct srtp_ekt_policy_ctx_t *srtp_ekt_policy_t;
/**
* @brief points to EKT stream data
*/
-typedef struct ekt_stream_ctx_t *ekt_stream_t;
+typedef struct srtp_ekt_stream_ctx_t *srtp_ekt_stream_t;
/**
@@ -223,16 +393,16 @@
*/
typedef struct srtp_policy_t {
- ssrc_t ssrc; /**< The SSRC value of stream, or the
+ srtp_ssrc_t ssrc; /**< The SSRC value of stream, or the
* flags SSRC_ANY_INBOUND or
* SSRC_ANY_OUTBOUND if key sharing
* is used for this policy element.
*/
- crypto_policy_t rtp; /**< SRTP crypto policy. */
- crypto_policy_t rtcp; /**< SRTCP crypto policy. */
+ srtp_crypto_policy_t rtp; /**< SRTP crypto policy. */
+ srtp_crypto_policy_t rtcp; /**< SRTCP crypto policy. */
unsigned char *key; /**< Pointer to the SRTP master key for
* this stream. */
- ekt_policy_t ekt; /**< Pointer to the EKT policy structure
+ srtp_ekt_policy_t ekt; /**< Pointer to the EKT policy structure
* for this stream (if any) */
unsigned long window_size; /**< The window size to use for replay
* protection. */
@@ -261,7 +431,7 @@
* streams, each of which originates with a different participant.
*/
-typedef struct srtp_ctx_t *srtp_t;
+typedef srtp_ctx_t *srtp_t;
/**
@@ -276,7 +446,7 @@
* a set of streams.
*
*/
-typedef struct srtp_stream_ctx_t *srtp_stream_t;
+typedef srtp_stream_ctx_t *srtp_stream_t;
@@ -287,8 +457,7 @@
* functions.
*/
-err_status_t
-srtp_init(void);
+srtp_err_status_t srtp_init(void);
/**
* @brief srtp_shutdown() de-initializes the srtp library.
@@ -296,8 +465,7 @@
* @warning No srtp functions may be called after calling this function.
*/
-err_status_t
-srtp_shutdown(void);
+srtp_err_status_t srtp_shutdown(void);
/**
* @brief srtp_protect() is the Secure RTP sender-side packet processing
@@ -305,7 +473,7 @@
*
* The function call srtp_protect(ctx, rtp_hdr, len_ptr) applies SRTP
* protection to the RTP packet rtp_hdr (which has length *len_ptr) using
- * the SRTP context ctx. If err_status_ok is returned, then rtp_hdr
+ * the SRTP context ctx. If srtp_err_status_ok is returned, then rtp_hdr
* points to the resulting SRTP packet and *len_ptr is the number of
* octets in that packet; otherwise, no assumptions should be made
* about the value of either data elements.
@@ -331,17 +499,16 @@
*
* @param len_ptr is a pointer to the length in octets of the complete
* RTP packet (header and body) before the function call, and of the
- * complete SRTP packet after the call, if err_status_ok was returned.
+ * complete SRTP packet after the call, if srtp_err_status_ok was returned.
* Otherwise, the value of the data to which it points is undefined.
*
* @return
- * - err_status_ok no problems
- * - err_status_replay_fail rtp sequence number was non-increasing
+ * - srtp_err_status_ok no problems
+ * - srtp_err_status_replay_fail rtp sequence number was non-increasing
* - @e other failure in cryptographic mechanisms
*/
-err_status_t
-srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr);
+srtp_err_status_t srtp_protect(srtp_t ctx, void *rtp_hdr, int *len_ptr);
/**
* @brief srtp_unprotect() is the Secure RTP receiver-side packet
@@ -350,7 +517,7 @@
* The function call srtp_unprotect(ctx, srtp_hdr, len_ptr) verifies
* the Secure RTP protection of the SRTP packet pointed to by srtp_hdr
* (which has length *len_ptr), using the SRTP context ctx. If
- * err_status_ok is returned, then srtp_hdr points to the resulting
+ * srtp_err_status_ok is returned, then srtp_hdr points to the resulting
* RTP packet and *len_ptr is the number of octets in that packet;
* otherwise, no assumptions should be made about the value of either
* data elements.
@@ -366,26 +533,25 @@
*
* @param srtp_hdr is a pointer to the header of the SRTP packet
* (before the call). after the function returns, it points to the
- * rtp packet if err_status_ok was returned; otherwise, the value of
+ * rtp packet if srtp_err_status_ok was returned; otherwise, the value of
* the data to which it points is undefined.
*
* @param len_ptr is a pointer to the length in octets of the complete
* srtp packet (header and body) before the function call, and of the
- * complete rtp packet after the call, if err_status_ok was returned.
+ * complete rtp packet after the call, if srtp_err_status_ok was returned.
* Otherwise, the value of the data to which it points is undefined.
*
* @return
- * - err_status_ok if the RTP packet is valid.
- * - err_status_auth_fail if the SRTP packet failed the message
+ * - srtp_err_status_ok if the RTP packet is valid.
+ * - srtp_err_status_auth_fail if the SRTP packet failed the message
* authentication check.
- * - err_status_replay_fail if the SRTP packet is a replay (e.g. packet has
+ * - srtp_err_status_replay_fail if the SRTP packet is a replay (e.g. packet has
* already been processed and accepted).
* - [other] if there has been an error in the cryptographic mechanisms.
*
*/
-err_status_t
-srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr);
+srtp_err_status_t srtp_unprotect(srtp_t ctx, void *srtp_hdr, int *len_ptr);
/**
@@ -406,13 +572,12 @@
* have its `next' field set to NULL.
*
* @return
- * - err_status_ok if creation succeded.
- * - err_status_alloc_fail if allocation failed.
- * - err_status_init_fail if initialization failed.
+ * - srtp_err_status_ok if creation succeded.
+ * - srtp_err_status_alloc_fail if allocation failed.
+ * - srtp_err_status_init_fail if initialization failed.
*/
-err_status_t
-srtp_create(srtp_t *session, const srtp_policy_t *policy);
+srtp_err_status_t srtp_create(srtp_t *session, const srtp_policy_t *policy);
/**
@@ -425,14 +590,12 @@
* stream.
*
* @return values:
- * - err_status_ok if stream creation succeded.
- * - err_status_alloc_fail if stream allocation failed
- * - err_status_init_fail if stream initialization failed.
+ * - srtp_err_status_ok if stream creation succeded.
+ * - srtp_err_status_alloc_fail if stream allocation failed
+ * - srtp_err_status_init_fail if stream initialization failed.
*/
-err_status_t
-srtp_add_stream(srtp_t session,
- const srtp_policy_t *policy);
+srtp_err_status_t srtp_add_stream(srtp_t session, const srtp_policy_t *policy);
/**
@@ -451,16 +614,15 @@
* session.
*
* @return
- * - err_status_ok if the stream deallocation succeded.
+ * - srtp_err_status_ok if the stream deallocation succeded.
* - [other] otherwise.
*
*/
-err_status_t
-srtp_remove_stream(srtp_t session, unsigned int ssrc);
+srtp_err_status_t srtp_remove_stream(srtp_t session, unsigned int ssrc);
/**
- * @brief crypto_policy_set_rtp_default() sets a crypto policy
+ * @brief srtp_crypto_policy_set_rtp_default() sets a crypto policy
* structure to the SRTP default policy for RTP protection.
*
* @param p is a pointer to the policy structure to be set
@@ -478,39 +640,37 @@
*
*/
-void
-crypto_policy_set_rtp_default(crypto_policy_t *p);
+void srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_rtcp_default() sets a crypto policy
+ * @brief srtp_crypto_policy_set_rtcp_default() sets a crypto policy
* structure to the SRTP default policy for RTCP protection.
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_rtcp_default(&p) sets the
- * crypto_policy_t at location p to the SRTP default policy for RTCP
+ * The function call srtp_crypto_policy_set_rtcp_default(&p) sets the
+ * srtp_crypto_policy_t at location p to the SRTP default policy for RTCP
* protection, as defined in the specification. This function is a
* convenience that helps to avoid dealing directly with the policy
* data structure. You are encouraged to initialize policy elements
* with this function call. Doing so may allow your code to be
* forward compatible with later versions of libSRTP that include more
- * elements in the crypto_policy_t datatype.
+ * elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void
-crypto_policy_set_rtcp_default(crypto_policy_t *p);
+void srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80() sets a crypto
* policy structure to the SRTP default policy for RTP protection.
*
* @param p is a pointer to the policy structure to be set
*
- * The function crypto_policy_set_aes_cm_128_hmac_sha1_80() is a
- * synonym for crypto_policy_set_rtp_default(). It conforms to the
+ * The function srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80() is a
+ * synonym for srtp_crypto_policy_set_rtp_default(). It conforms to the
* naming convention used in RFC 4568 (SDP Security Descriptions for
* Media Streams).
*
@@ -518,17 +678,17 @@
*
*/
-#define crypto_policy_set_aes_cm_128_hmac_sha1_80(p) crypto_policy_set_rtp_default(p)
+#define srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(p) srtp_crypto_policy_set_rtp_default(p)
/**
- * @brief crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32() sets a crypto
* policy structure to a short-authentication tag policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_cm_128_hmac_sha1_32(&p)
- * sets the crypto_policy_t at location p to use policy
+ * The function call srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(&p)
+ * sets the srtp_crypto_policy_t at location p to use policy
* AES_CM_128_HMAC_SHA1_32 as defined in RFC 4568.
* This policy uses AES-128
* Counter Mode encryption and HMAC-SHA1 authentication, with an
@@ -541,7 +701,7 @@
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @warning This crypto policy is intended for use in SRTP, but not in
* SRTCP. It is recommended that a policy that uses longer
@@ -552,19 +712,18 @@
*
*/
-void
-crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_cm_128_null_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_cm_128_null_auth() sets a crypto
* policy structure to an encryption-only policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_cm_128_null_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_cm_128_null_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-128 Counter Mode), but to use no authentication method. This
* policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
* of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
@@ -573,7 +732,7 @@
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @warning This policy is NOT RECOMMENDED for SRTP unless it is
* unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
@@ -583,18 +742,17 @@
*
*/
-void
-crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto
+ * @brief srtp_crypto_policy_set_null_cipher_hmac_sha1_80() sets a crypto
* policy structure to an authentication-only policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_null_cipher_hmac_sha1_80(&p)
- * sets the crypto_policy_t at location p to use HMAC-SHA1 with an 80
+ * The function call srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&p)
+ * sets the srtp_crypto_policy_t at location p to use HMAC-SHA1 with an 80
* bit authentication tag to provide message authentication, but to
* use no encryption. This policy is NOT RECOMMENDED for SRTP unless
* there is a requirement to forego encryption.
@@ -603,7 +761,7 @@
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @warning This policy is NOT RECOMMENDED for SRTP unless there is a
* requirement to forego encryption.
@@ -611,20 +769,43 @@
* @return void.
*
*/
+void srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p);
-void
-crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p);
+/**
+ * @brief srtp_crypto_policy_set_null_cipher_hmac_null() sets a crypto
+ * policy structure to use no encryption or authentication.
+ *
+ * @param p is a pointer to the policy structure to be set
+ *
+ * The function call srtp_crypto_policy_set_null_cipher_hmac_null(&p)
+ * sets the srtp_crypto_policy_t at location p to use no encryption and
+ * no authentication. This policy should only be used for testing and
+ * troubleshootingl.
+ *
+ * This function is a convenience that helps to avoid dealing directly
+ * with the policy data structure. You are encouraged to initialize
+ * policy elements with this function call. Doing so may allow your
+ * code to be forward compatible with later versions of libSRTP that
+ * include more elements in the srtp_crypto_policy_t datatype.
+ *
+ * @warning This policy is NOT RECOMMENDED for SRTP unless there is a
+ * requirement to forego encryption and authentication.
+ *
+ * @return void.
+ *
+ */
+void srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80() sets a crypto
* policy structure to a encryption and authentication policy using AES-256
* for RTP protection.
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_cm_256_hmac_sha1_80(&p)
- * sets the crypto_policy_t at location p to use policy
+ * The function call srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&p)
+ * sets the srtp_crypto_policy_t at location p to use policy
* AES_CM_256_HMAC_SHA1_80 as defined in
* draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256
* Counter Mode encryption and HMAC-SHA1 authentication, with an 80 bit
@@ -634,24 +815,24 @@
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32() sets a crypto
* policy structure to a short-authentication tag policy using AES-256
* encryption.
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_cm_256_hmac_sha1_32(&p)
- * sets the crypto_policy_t at location p to use policy
+ * The function call srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(&p)
+ * sets the srtp_crypto_policy_t at location p to use policy
* AES_CM_256_HMAC_SHA1_32 as defined in
* draft-ietf-avt-srtp-big-aes-03.txt. This policy uses AES-256
* Counter Mode encryption and HMAC-SHA1 authentication, with an
@@ -664,7 +845,7 @@
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @warning This crypto policy is intended for use in SRTP, but not in
* SRTCP. It is recommended that a policy that uses longer
@@ -675,17 +856,16 @@
*
*/
-void
-crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_cm_256_null_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_cm_256_null_auth() sets a crypto
* policy structure to an encryption-only policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_cm_256_null_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_cm_256_null_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-256 Counter Mode), but to use no authentication method. This
* policy is NOT RECOMMENDED unless it is unavoidable; see Section 7.5
* of RFC 3711 (http://www.ietf.org/rfc/rfc3711.txt).
@@ -694,7 +874,7 @@
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @warning This policy is NOT RECOMMENDED for SRTP unless it is
* unavoidable, and it is NOT RECOMMENDED at all for SRTCP; see
@@ -703,17 +883,16 @@
* @return void.
*
*/
-void
-crypto_policy_set_aes_cm_256_null_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_cm_256_null_auth(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_gcm_128_8_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_gcm_128_8_auth() sets a crypto
* policy structure to an AEAD encryption policy.
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_gcm_128_8_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_gcm_128_8_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-128 Galois Counter Mode) with 8 octet auth tag. This
* policy applies confidentiality and authentication to both the
* RTP and RTCP packets.
@@ -722,22 +901,21 @@
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void
-crypto_policy_set_aes_gcm_128_8_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_gcm_256_8_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_gcm_256_8_auth() sets a crypto
* policy structure to an AEAD encryption policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_gcm_256_8_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_gcm_256_8_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-256 Galois Counter Mode) with 8 octet auth tag. This
* policy applies confidentiality and authentication to both the
* RTP and RTCP packets.
@@ -746,22 +924,21 @@
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void
-crypto_policy_set_aes_gcm_256_8_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_gcm_128_8_only_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_gcm_128_8_only_auth() sets a crypto
* policy structure to an AEAD authentication-only policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_gcm_128_8_only_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-128 Galois Counter Mode) with 8 octet auth tag. This policy
* applies confidentiality and authentication to the RTP packets,
* but only authentication to the RTCP packets.
@@ -770,22 +947,21 @@
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void
-crypto_policy_set_aes_gcm_128_8_only_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_gcm_256_8_only_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_gcm_256_8_only_auth() sets a crypto
* policy structure to an AEAD authentication-only policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_gcm_256_8_only_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-256 Galois Counter Mode) with 8 octet auth tag. This policy
* applies confidentiality and authentication to the RTP packets,
* but only authentication to the RTCP packets.
@@ -794,22 +970,21 @@
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void
-crypto_policy_set_aes_gcm_256_8_only_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_gcm_128_16_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_gcm_128_16_auth() sets a crypto
* policy structure to an AEAD encryption policy.
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_gcm_128_16_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_gcm_128_16_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-128 Galois Counter Mode) with 16 octet auth tag. This
* policy applies confidentiality and authentication to both the
* RTP and RTCP packets.
@@ -818,22 +993,21 @@
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void
-crypto_policy_set_aes_gcm_128_16_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p);
/**
- * @brief crypto_policy_set_aes_gcm_256_16_auth() sets a crypto
+ * @brief srtp_crypto_policy_set_aes_gcm_256_16_auth() sets a crypto
* policy structure to an AEAD encryption policy
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_aes_gcm_256_16_auth(&p) sets
- * the crypto_policy_t at location p to use the SRTP default cipher
+ * The function call srtp_crypto_policy_set_aes_gcm_256_16_auth(&p) sets
+ * the srtp_crypto_policy_t at location p to use the SRTP default cipher
* (AES-256 Galois Counter Mode) with 16 octet auth tag. This
* policy applies confidentiality and authentication to both the
* RTP and RTCP packets.
@@ -842,13 +1016,12 @@
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return void.
*
*/
-void
-crypto_policy_set_aes_gcm_256_16_auth(crypto_policy_t *p);
+void srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p);
/**
@@ -863,12 +1036,11 @@
* @param s is the srtp_t for the session to be deallocated.
*
* @return
- * - err_status_ok if there no problems.
- * - err_status_dealloc_fail a memory deallocation failure occured.
+ * - srtp_err_status_ok if there no problems.
+ * - srtp_err_status_dealloc_fail a memory deallocation failure occured.
*/
-err_status_t
-srtp_dealloc(srtp_t s);
+srtp_err_status_t srtp_dealloc(srtp_t s);
/*
@@ -891,57 +1063,53 @@
/**
- * @brief crypto_policy_set_from_profile_for_rtp() sets a crypto policy
+ * @brief srtp_crypto_policy_set_from_profile_for_rtp() sets a crypto policy
* structure to the appropriate value for RTP based on an srtp_profile_t
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_rtp_default(&policy, profile)
- * sets the crypto_policy_t at location policy to the policy for RTP
+ * The function call srtp_crypto_policy_set_rtp_default(&policy, profile)
+ * sets the srtp_crypto_policy_t at location policy to the policy for RTP
* protection, as defined by the srtp_profile_t profile.
*
* This function is a convenience that helps to avoid dealing directly
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return values
- * - err_status_ok no problems were encountered
- * - err_status_bad_param the profile is not supported
+ * - srtp_err_status_ok no problems were encountered
+ * - srtp_err_status_bad_param the profile is not supported
*
*/
-err_status_t
-crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy,
- srtp_profile_t profile);
+srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtp(srtp_crypto_policy_t *policy, srtp_profile_t profile);
/**
- * @brief crypto_policy_set_from_profile_for_rtcp() sets a crypto policy
+ * @brief srtp_crypto_policy_set_from_profile_for_rtcp() sets a crypto policy
* structure to the appropriate value for RTCP based on an srtp_profile_t
*
* @param p is a pointer to the policy structure to be set
*
- * The function call crypto_policy_set_rtcp_default(&policy, profile)
- * sets the crypto_policy_t at location policy to the policy for RTCP
+ * The function call srtp_crypto_policy_set_rtcp_default(&policy, profile)
+ * sets the srtp_crypto_policy_t at location policy to the policy for RTCP
* protection, as defined by the srtp_profile_t profile.
*
* This function is a convenience that helps to avoid dealing directly
* with the policy data structure. You are encouraged to initialize
* policy elements with this function call. Doing so may allow your
* code to be forward compatible with later versions of libSRTP that
- * include more elements in the crypto_policy_t datatype.
+ * include more elements in the srtp_crypto_policy_t datatype.
*
* @return values
- * - err_status_ok no problems were encountered
- * - err_status_bad_param the profile is not supported
+ * - srtp_err_status_ok no problems were encountered
+ * - srtp_err_status_bad_param the profile is not supported
*
*/
-err_status_t
-crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy,
- srtp_profile_t profile);
+srtp_err_status_t srtp_crypto_policy_set_from_profile_for_rtcp(srtp_crypto_policy_t *policy, srtp_profile_t profile);
/**
* @brief returns the master key length for a given SRTP profile
@@ -959,7 +1127,7 @@
/**
* @brief appends the salt to the key
*
- * The function call append_salt_to_key(k, klen, s, slen)
+ * The function call srtp_append_salt_to_key(k, klen, s, slen)
* copies the string s to the location at klen bytes following
* the location k.
*
@@ -969,8 +1137,8 @@
*/
void
-append_salt_to_key(unsigned char *key, unsigned int bytes_in_key,
- unsigned char *salt, unsigned int bytes_in_salt);
+srtp_append_salt_to_key(unsigned char *key, unsigned int bytes_in_key,
+ unsigned char *salt, unsigned int bytes_in_salt);
@@ -1005,7 +1173,7 @@
*
* The function call srtp_protect_rtcp(ctx, rtp_hdr, len_ptr) applies
* SRTCP protection to the RTCP packet rtcp_hdr (which has length
- * *len_ptr) using the SRTP session context ctx. If err_status_ok is
+ * *len_ptr) using the SRTP session context ctx. If srtp_err_status_ok is
* returned, then rtp_hdr points to the resulting SRTCP packet and
* *len_ptr is the number of octets in that packet; otherwise, no
* assumptions should be made about the value of either data elements.
@@ -1027,19 +1195,18 @@
*
* @param pkt_octet_len is a pointer to the length in octets of the
* complete RTCP packet (header and body) before the function call,
- * and of the complete SRTCP packet after the call, if err_status_ok
+ * and of the complete SRTCP packet after the call, if srtp_err_status_ok
* was returned. Otherwise, the value of the data to which it points
* is undefined.
*
* @return
- * - err_status_ok if there were no problems.
+ * - srtp_err_status_ok if there were no problems.
* - [other] if there was a failure in
* the cryptographic mechanisms.
*/
-err_status_t
-srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len);
+srtp_err_status_t srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len);
/**
* @brief srtp_unprotect_rtcp() is the Secure RTCP receiver-side packet
@@ -1048,7 +1215,7 @@
* The function call srtp_unprotect_rtcp(ctx, srtp_hdr, len_ptr)
* verifies the Secure RTCP protection of the SRTCP packet pointed to
* by srtcp_hdr (which has length *len_ptr), using the SRTP session
- * context ctx. If err_status_ok is returned, then srtcp_hdr points
+ * context ctx. If srtp_err_status_ok is returned, then srtcp_hdr points
* to the resulting RTCP packet and *len_ptr is the number of octets
* in that packet; otherwise, no assumptions should be made about the
* value of either data elements.
@@ -1061,27 +1228,26 @@
*
* @param srtcp_hdr is a pointer to the header of the SRTCP packet
* (before the call). After the function returns, it points to the
- * rtp packet if err_status_ok was returned; otherwise, the value of
+ * rtp packet if srtp_err_status_ok was returned; otherwise, the value of
* the data to which it points is undefined.
*
* @param pkt_octet_len is a pointer to the length in octets of the
* complete SRTCP packet (header and body) before the function call,
- * and of the complete rtp packet after the call, if err_status_ok was
+ * and of the complete rtp packet after the call, if srtp_err_status_ok was
* returned. Otherwise, the value of the data to which it points is
* undefined.
*
* @return
- * - err_status_ok if the RTCP packet is valid.
- * - err_status_auth_fail if the SRTCP packet failed the message
+ * - srtp_err_status_ok if the RTCP packet is valid.
+ * - srtp_err_status_auth_fail if the SRTCP packet failed the message
* authentication check.
- * - err_status_replay_fail if the SRTCP packet is a replay (e.g. has
+ * - srtp_err_status_replay_fail if the SRTCP packet is a replay (e.g. has
* already been processed and accepted).
* - [other] if there has been an error in the cryptographic mechanisms.
*
*/
-err_status_t
-srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len);
+srtp_err_status_t srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len);
/**
* @}
@@ -1235,8 +1401,7 @@
* will be used by libSRTP to handle events.
*/
-err_status_t
-srtp_install_event_handler(srtp_event_handler_func_t func);
+srtp_err_status_t srtp_install_event_handler(srtp_event_handler_func_t func);
/**
* @brief Returns the version string of the library.
diff --git a/include/srtp_priv.h b/include/srtp_priv.h
index 170df5b..33f8905 100644
--- a/include/srtp_priv.h
+++ b/include/srtp_priv.h
@@ -50,7 +50,6 @@
#include "rdbx.h"
#include "rdb.h"
#include "integers.h"
-#include "crypto.h"
#include "cipher.h"
#include "auth.h"
#include "aes.h"
@@ -61,113 +60,6 @@
#define SRTP_VERSION PACKAGE_VERSION
/*
- * an srtp_hdr_t represents the srtp header
- *
- * in this implementation, an srtp_hdr_t is assumed to be 32-bit aligned
- *
- * (note that this definition follows that of RFC 1889 Appendix A, but
- * is not identical)
- */
-
-#ifndef WORDS_BIGENDIAN
-
-/*
- * srtp_hdr_t represents an RTP or SRTP header. The bit-fields in
- * this structure should be declared "unsigned int" instead of
- * "unsigned char", but doing so causes the MS compiler to not
- * fully pack the bit fields.
- */
-
-typedef struct {
- unsigned char cc:4; /* CSRC count */
- unsigned char x:1; /* header extension flag */
- unsigned char p:1; /* padding flag */
- unsigned char version:2; /* protocol version */
- unsigned char pt:7; /* payload type */
- unsigned char m:1; /* marker bit */
- uint16_t seq; /* sequence number */
- uint32_t ts; /* timestamp */
- uint32_t ssrc; /* synchronization source */
-} srtp_hdr_t;
-
-#else /* BIG_ENDIAN */
-
-typedef struct {
- unsigned char version:2; /* protocol version */
- unsigned char p:1; /* padding flag */
- unsigned char x:1; /* header extension flag */
- unsigned char cc:4; /* CSRC count */
- unsigned char m:1; /* marker bit */
- unsigned char pt:7; /* payload type */
- uint16_t seq; /* sequence number */
- uint32_t ts; /* timestamp */
- uint32_t ssrc; /* synchronization source */
-} srtp_hdr_t;
-
-#endif
-
-typedef struct {
- uint16_t profile_specific; /* profile-specific info */
- uint16_t length; /* number of 32-bit words in extension */
-} srtp_hdr_xtnd_t;
-
-
-/*
- * srtcp_hdr_t represents a secure rtcp header
- *
- * in this implementation, an srtcp header is assumed to be 32-bit
- * alinged
- */
-
-#ifndef WORDS_BIGENDIAN
-
-typedef struct {
- unsigned char rc:5; /* reception report count */
- unsigned char p:1; /* padding flag */
- unsigned char version:2; /* protocol version */
- unsigned char pt:8; /* payload type */
- uint16_t len; /* length */
- uint32_t ssrc; /* synchronization source */
-} srtcp_hdr_t;
-
-typedef struct {
- unsigned int index:31; /* srtcp packet index in network order! */
- unsigned int e:1; /* encrypted? 1=yes */
- /* optional mikey/etc go here */
- /* and then the variable-length auth tag */
-} srtcp_trailer_t;
-
-
-#else /* BIG_ENDIAN */
-
-typedef struct {
- unsigned char version:2; /* protocol version */
- unsigned char p:1; /* padding flag */
- unsigned char rc:5; /* reception report count */
- unsigned char pt:8; /* payload type */
- uint16_t len; /* length */
- uint32_t ssrc; /* synchronization source */
-} srtcp_hdr_t;
-
-typedef struct {
- unsigned int version:2; /* protocol version */
- unsigned int p:1; /* padding flag */
- unsigned int count:5; /* varies by packet type */
- unsigned int pt:8; /* payload type */
- uint16_t length; /* len of uint32s of packet less header */
-} rtcp_common_t;
-
-typedef struct {
- unsigned int e:1; /* encrypted? 1=yes */
- unsigned int index:31; /* srtcp packet index */
- /* optional mikey/etc go here */
- /* and then the variable-length auth tag */
-} srtcp_trailer_t;
-
-#endif
-
-
-/*
* the following declarations are libSRTP internal functions
*/
@@ -175,27 +67,20 @@
* srtp_get_stream(ssrc) returns a pointer to the stream corresponding
* to ssrc, or NULL if no stream exists for that ssrc
*/
-
-srtp_stream_t
-srtp_get_stream(srtp_t srtp, uint32_t ssrc);
+srtp_stream_t srtp_get_stream(srtp_t srtp, uint32_t ssrc);
/*
* srtp_stream_init_keys(s, k) (re)initializes the srtp_stream_t s by
* deriving all of the needed keys using the KDF and the key k.
*/
-
-
-err_status_t
-srtp_stream_init_keys(srtp_stream_t srtp, const void *key);
+srtp_err_status_t srtp_stream_init_keys(srtp_stream_t srtp, const void *key);
/*
* srtp_stream_init(s, p) initializes the srtp_stream_t s to
* use the policy at the location p
*/
-err_status_t
-srtp_stream_init(srtp_stream_t srtp,
- const srtp_policy_t *p);
+srtp_err_status_t srtp_stream_init(srtp_stream_t srtp, const srtp_policy_t *p);
/*
@@ -216,35 +101,35 @@
* cipher_t and auth_t pointers will point to the same structures
*/
-typedef struct srtp_stream_ctx_t {
+typedef struct srtp_stream_ctx_t_ {
uint32_t ssrc;
cipher_t *rtp_cipher;
auth_t *rtp_auth;
rdbx_t rtp_rdbx;
- sec_serv_t rtp_services;
+ srtp_sec_serv_t rtp_services;
cipher_t *rtcp_cipher;
auth_t *rtcp_auth;
rdb_t rtcp_rdb;
- sec_serv_t rtcp_services;
+ srtp_sec_serv_t rtcp_services;
key_limit_ctx_t *limit;
direction_t direction;
int allow_repeat_tx;
- ekt_stream_t ekt;
+ srtp_ekt_stream_t ekt;
uint8_t salt[SRTP_AEAD_SALT_LEN]; /* used with GCM mode for SRTP */
uint8_t c_salt[SRTP_AEAD_SALT_LEN]; /* used with GCM mode for SRTCP */
- struct srtp_stream_ctx_t *next; /* linked list of streams */
-} srtp_stream_ctx_t;
+ struct srtp_stream_ctx_t_ *next; /* linked list of streams */
+} strp_stream_ctx_t_;
/*
* an srtp_ctx_t holds a stream list and a service description
*/
-typedef struct srtp_ctx_t {
- srtp_stream_ctx_t *stream_list; /* linked list of streams */
- srtp_stream_ctx_t *stream_template; /* act as template for other streams */
+typedef struct srtp_ctx_t_ {
+ struct srtp_stream_ctx_t_ *stream_list; /* linked list of streams */
+ struct srtp_stream_ctx_t_ *stream_template; /* act as template for other streams */
void *user_data; /* user custom data */
-} srtp_ctx_t;
+} srtp_ctx_t_;
diff --git a/srtp/ekt.c b/srtp/ekt.c
index 335a21f..fe906dc 100644
--- a/srtp/ekt.c
+++ b/srtp/ekt.c
@@ -71,8 +71,7 @@
#define EKT_OCTETS_AFTER_ROC 4
#define EKT_SPI_LEN 2
-unsigned
-ekt_octets_after_base_tag(ekt_stream_t ekt) {
+unsigned srtp_ekt_octets_after_base_tag(srtp_ekt_stream_t ekt) {
/*
* if the pointer ekt is NULL, then EKT is not in effect, so we
* indicate this by returning zero
@@ -81,7 +80,7 @@
return 0;
switch(ekt->data->ekt_cipher_type) {
- case EKT_CIPHER_AES_128_ECB:
+ case SRTP_EKT_CIPHER_AES_128_ECB:
return 16 + EKT_OCTETS_AFTER_EMK;
break;
default:
@@ -90,17 +89,15 @@
return 0;
}
-static inline ekt_spi_t
-srtcp_packet_get_ekt_spi(const uint8_t *packet_start, unsigned pkt_octet_len) {
+static inline srtp_ekt_spi_t srtcp_packet_get_ekt_spi(const uint8_t *packet_start, unsigned pkt_octet_len) {
const uint8_t *spi_location;
spi_location = packet_start + (pkt_octet_len - EKT_SPI_LEN);
- return *((const ekt_spi_t *)spi_location);
+ return *((const srtp_ekt_spi_t *)spi_location);
}
-static inline uint32_t
-srtcp_packet_get_ekt_roc(const uint8_t *packet_start, unsigned pkt_octet_len) {
+static inline uint32_t srtcp_packet_get_ekt_roc(const uint8_t *packet_start, unsigned pkt_octet_len) {
const uint8_t *roc_location;
roc_location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_ROC);
@@ -108,9 +105,7 @@
return *((const uint32_t *)roc_location);
}
-static inline const uint8_t *
-srtcp_packet_get_emk_location(const uint8_t *packet_start,
- unsigned pkt_octet_len) {
+static inline const uint8_t * srtcp_packet_get_emk_location(const uint8_t *packet_start, unsigned pkt_octet_len) {
const uint8_t *location;
location = packet_start + (pkt_octet_len - EKT_OCTETS_AFTER_BASE_TAG);
@@ -119,8 +114,7 @@
}
-err_status_t
-ekt_alloc(ekt_stream_t *stream_data, ekt_policy_t policy) {
+srtp_err_status_t srtp_ekt_alloc(srtp_ekt_stream_t *stream_data, srtp_ekt_policy_t policy) {
/*
* if the policy pointer is NULL, then EKT is not in use
@@ -128,26 +122,24 @@
*/
if (!policy) {
*stream_data = NULL;
- return err_status_ok;
+ return srtp_err_status_ok;
}
/* TODO */
*stream_data = NULL;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-ekt_stream_init_from_policy(ekt_stream_t stream_data, ekt_policy_t policy) {
+srtp_err_status_t srtp_ekt_stream_init_from_policy(srtp_ekt_stream_t stream_data, srtp_ekt_policy_t policy) {
if (!stream_data)
- return err_status_ok;
+ return srtp_err_status_ok;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-void
-aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len) {
+void aes_decrypt_with_raw_key(void *ciphertext, const void *key, int key_len) {
#ifndef OPENSSL
//FIXME: need to get this working through the crypto module interface
aes_expanded_key_t expanded_key;
@@ -162,11 +154,8 @@
* the EKT data from an SRTCP trailer.
*/
-err_status_t
-srtp_stream_init_from_ekt(srtp_stream_t stream,
- const void *srtcp_hdr,
- unsigned pkt_octet_len) {
- err_status_t err;
+srtp_err_status_t srtp_stream_init_from_ekt(srtp_stream_t stream, const void *srtcp_hdr, unsigned pkt_octet_len) {
+ srtp_err_status_t err;
const uint8_t *master_key;
srtp_policy_t srtp_policy;
uint32_t roc;
@@ -176,10 +165,10 @@
*/
if (stream->ekt->data->spi !=
srtcp_packet_get_ekt_spi(srtcp_hdr, pkt_octet_len))
- return err_status_no_ctx;
+ return srtp_err_status_no_ctx;
- if (stream->ekt->data->ekt_cipher_type != EKT_CIPHER_AES_128_ECB)
- return err_status_bad_param;
+ if (stream->ekt->data->ekt_cipher_type != SRTP_EKT_CIPHER_AES_128_ECB)
+ return srtp_err_status_bad_param;
/* decrypt the Encrypted Master Key field */
master_key = srtcp_packet_get_emk_location(srtcp_hdr, pkt_octet_len);
@@ -196,15 +185,10 @@
err = srtp_stream_init(stream, &srtp_policy);
if (err) return err;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-void
-ekt_write_data(ekt_stream_t ekt,
- uint8_t *base_tag,
- unsigned base_tag_len,
- int *packet_len,
- xtd_seq_num_t pkt_index) {
+void srtp_ekt_write_data(srtp_ekt_stream_t ekt, uint8_t *base_tag, unsigned base_tag_len, int *packet_len, xtd_seq_num_t pkt_index) {
uint32_t roc;
uint16_t isn;
unsigned emk_len;
@@ -221,7 +205,7 @@
packet = base_tag + base_tag_len;
/* copy encrypted master key into packet */
- emk_len = ekt_octets_after_base_tag(ekt);
+ emk_len = srtp_ekt_octets_after_base_tag(ekt);
memcpy(packet, ekt->encrypted_master_key, emk_len);
debug_print(mod_srtp, "writing EKT EMK: %s,",
octet_string_hex_string(packet, emk_len));
@@ -261,12 +245,7 @@
* auth_tag pointer is set to the location
*/
-void
-srtcp_ekt_trailer(ekt_stream_t ekt,
- unsigned *auth_len,
- void **auth_tag,
- void *tag_copy) {
-
+void srtcp_ekt_trailer(srtp_ekt_stream_t ekt, unsigned *auth_len, void **auth_tag, void *tag_copy) {
/*
* if there is no EKT policy, then the other inputs are unaffected
*/
diff --git a/srtp/srtp.c b/srtp/srtp.c
index 8841a9e..15226ad 100644
--- a/srtp/srtp.c
+++ b/srtp/srtp.c
@@ -42,8 +42,10 @@
*
*/
-
+#include "srtp.h"
#include "srtp_priv.h"
+#include "crypto_types.h"
+#include "err.h"
#include "ekt.h" /* for SRTP Encrypted Key Transport */
#include "alloc.h" /* for crypto_alloc() */
#ifdef OPENSSL
@@ -111,11 +113,11 @@
return rv;
}
-err_status_t
+srtp_err_status_t
srtp_stream_alloc(srtp_stream_ctx_t **str_ptr,
const srtp_policy_t *p) {
srtp_stream_ctx_t *str;
- err_status_t stat;
+ srtp_err_status_t stat;
/*
* This function allocates the stream context, rtp and rtcp ciphers
@@ -128,7 +130,7 @@
/* allocate srtp stream and set str_ptr */
str = (srtp_stream_ctx_t *) crypto_alloc(sizeof(srtp_stream_ctx_t));
if (str == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
*str_ptr = str;
/* allocate cipher */
@@ -158,7 +160,7 @@
auth_dealloc(str->rtp_auth);
cipher_dealloc(str->rtp_cipher);
crypto_free(str);
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
}
/*
@@ -192,7 +194,7 @@
}
/* allocate ekt data associated with stream */
- stat = ekt_alloc(&str->ekt, p->ekt);
+ stat = srtp_ekt_alloc(&str->ekt, p->ekt);
if (stat) {
auth_dealloc(str->rtcp_auth);
cipher_dealloc(str->rtcp_cipher);
@@ -203,12 +205,12 @@
return stat;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_stream_dealloc(srtp_t session, srtp_stream_ctx_t *stream) {
- err_status_t status;
+ srtp_err_status_t status;
/*
* we use a conservative deallocation strategy - if any deallocation
@@ -286,7 +288,7 @@
/* deallocate srtp stream context */
crypto_free(stream);
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -298,11 +300,11 @@
* the SSRC
*/
-err_status_t
+srtp_err_status_t
srtp_stream_clone(const srtp_stream_ctx_t *stream_template,
uint32_t ssrc,
srtp_stream_ctx_t **str_ptr) {
- err_status_t status;
+ srtp_err_status_t status;
srtp_stream_ctx_t *str;
debug_print(mod_srtp, "cloning stream (SSRC: 0x%08x)", ssrc);
@@ -310,7 +312,7 @@
/* allocate srtp stream and set str_ptr */
str = (srtp_stream_ctx_t *) crypto_alloc(sizeof(srtp_stream_ctx_t));
if (str == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
*str_ptr = str;
/* set cipher and auth pointers to those of the template */
@@ -356,7 +358,7 @@
/* defensive coding */
str->next = NULL;
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -395,10 +397,10 @@
cipher_t *cipher; /* cipher used for key derivation */
} srtp_kdf_t;
-err_status_t
-srtp_kdf_init(srtp_kdf_t *kdf, cipher_type_id_t cipher_id, const uint8_t *key, int length) {
+srtp_err_status_t
+srtp_kdf_init(srtp_kdf_t *kdf, srtp_cipher_type_id_t cipher_id, const uint8_t *key, int length) {
- err_status_t stat;
+ srtp_err_status_t stat;
stat = crypto_kernel_alloc_cipher(cipher_id, &kdf->cipher, length, 0);
if (stat)
return stat;
@@ -409,15 +411,15 @@
return stat;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_kdf_generate(srtp_kdf_t *kdf, srtp_prf_label label,
uint8_t *key, unsigned int length) {
v128_t nonce;
- err_status_t status;
+ srtp_err_status_t status;
/* set eigth octet of nonce to <label>, set the rest of it to zero */
v128_set_to_zero(&nonce);
@@ -433,18 +435,18 @@
if (status)
return status;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_kdf_clear(srtp_kdf_t *kdf) {
- err_status_t status;
+ srtp_err_status_t status;
status = cipher_dealloc(kdf->cipher);
if (status)
return status;
kdf->cipher = NULL;
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -481,9 +483,9 @@
}
}
-err_status_t
+srtp_err_status_t
srtp_stream_init_keys(srtp_stream_ctx_t *srtp, const void *key) {
- err_status_t stat;
+ srtp_err_status_t stat;
srtp_kdf_t kdf;
uint8_t tmp_key[MAX_SRTP_KEY_LEN];
int kdf_keylen = 30, rtp_keylen, rtcp_keylen;
@@ -523,7 +525,7 @@
/* initialize KDF state */
stat = srtp_kdf_init(&kdf, AES_ICM, (const uint8_t *)tmp_key, kdf_keylen);
if (stat) {
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/* generate encryption key */
@@ -532,7 +534,7 @@
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
debug_print(mod_srtp, "cipher key: %s",
octet_string_hex_string(tmp_key, rtp_base_key_len));
@@ -550,7 +552,7 @@
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
memcpy(srtp->salt, tmp_key + rtp_base_key_len, SRTP_AEAD_SALT_LEN);
}
@@ -564,7 +566,7 @@
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/* generate authentication key */
@@ -573,7 +575,7 @@
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
debug_print(mod_srtp, "auth key: %s",
octet_string_hex_string(tmp_key,
@@ -584,7 +586,7 @@
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/*
@@ -601,7 +603,7 @@
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/*
@@ -618,7 +620,7 @@
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
memcpy(srtp->c_salt, tmp_key + rtcp_base_key_len, SRTP_AEAD_SALT_LEN);
}
@@ -634,7 +636,7 @@
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/* generate authentication key */
@@ -643,7 +645,7 @@
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
debug_print(mod_srtp, "rtcp auth key: %s",
@@ -655,22 +657,22 @@
if (stat) {
/* zeroize temp buffer */
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/* clear memory then return */
stat = srtp_kdf_clear(&kdf);
octet_string_set_to_zero(tmp_key, MAX_SRTP_KEY_LEN);
if (stat)
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_stream_init(srtp_stream_ctx_t *srtp,
const srtp_policy_t *p) {
- err_status_t err;
+ srtp_err_status_t err;
debug_print(mod_srtp, "initializing stream (SSRC: 0x%08x)",
p->ssrc.value);
@@ -681,7 +683,7 @@
* calculated. Let a window size of 0 imply the default value. */
if (p->window_size != 0 && (p->window_size < 64 || p->window_size >= 0x8000))
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
if (p->window_size != 0)
err = rdbx_init(&srtp->rtp_rdbx, p->window_size);
@@ -721,7 +723,7 @@
/* guard against uninitialized memory: allow only 0 or 1 here */
if (p->allow_repeat_tx != 0 && p->allow_repeat_tx != 1) {
rdbx_dealloc(&srtp->rtp_rdbx);
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
srtp->allow_repeat_tx = p->allow_repeat_tx;
@@ -738,13 +740,13 @@
* if EKT is in use, then initialize the EKT data associated with
* the stream
*/
- err = ekt_stream_init_from_policy(srtp->ekt, p->ekt);
+ err = srtp_ekt_stream_init_from_policy(srtp->ekt, p->ekt);
if (err) {
rdbx_dealloc(&srtp->rtp_rdbx);
return err;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -789,7 +791,7 @@
static srtp_event_handler_func_t *srtp_event_handler = srtp_event_reporter;
- err_status_t
+ srtp_err_status_t
srtp_install_event_handler(srtp_event_handler_func_t func) {
/*
@@ -800,7 +802,7 @@
/* set global event handling function */
srtp_event_handler = func;
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -877,7 +879,7 @@
* which currently supports AES-GCM encryption. All packets are
* encrypted and authenticated.
*/
-static err_status_t
+static srtp_err_status_t
srtp_protect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream,
void *rtp_hdr, unsigned int *pkt_octet_len)
{
@@ -886,7 +888,7 @@
unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */
int delta; /* delta of local pkt idx and that in hdr */
- err_status_t status;
+ srtp_err_status_t status;
int tag_len;
v128_t iv;
unsigned int aad_len;
@@ -903,7 +905,7 @@
break;
case key_event_hard_limit:
srtp_handle_event(ctx, stream, event_key_hard_limit);
- return err_status_key_expired;
+ return srtp_err_status_key_expired;
case key_event_soft_limit:
default:
srtp_handle_event(ctx, stream, event_key_soft_limit);
@@ -925,7 +927,7 @@
enc_start += (ntohs(xtn_hdr->length) + 1);
}
if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
- return err_status_parse_err;
+ return srtp_err_status_parse_err;
enc_octet_len = (unsigned int)(*pkt_octet_len -
((uint8_t*)enc_start - (uint8_t*)hdr));
@@ -936,7 +938,7 @@
delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq));
status = rdbx_check(&stream->rtp_rdbx, delta);
if (status) {
- if (status != err_status_replay_fail || !stream->allow_repeat_tx) {
+ if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx) {
return status; /* we've been asked to reuse an index */
}
} else {
@@ -956,7 +958,7 @@
srtp_calc_aead_iv(stream, &iv, &est, hdr);
status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt);
if (status) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/* shift est, put into network byte order */
@@ -974,14 +976,14 @@
aad_len = (uint8_t *)enc_start - (uint8_t *)hdr;
status = cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len);
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
/* Encrypt the payload */
status = cipher_encrypt(stream->rtp_cipher,
(uint8_t*)enc_start, &enc_octet_len);
if (status) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/*
* If we're doing GCM, we need to get the tag
@@ -990,14 +992,14 @@
status = cipher_get_tag(stream->rtp_cipher,
(uint8_t*)enc_start+enc_octet_len, &tag_len);
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
enc_octet_len += tag_len;
/* increase the packet length by the length of the auth tag */
*pkt_octet_len += tag_len;
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -1008,7 +1010,7 @@
* of the packet stream and is automatically checked by GCM
* when decrypting the payload.
*/
-static err_status_t
+static srtp_err_status_t
srtp_unprotect_aead (srtp_ctx_t *ctx, srtp_stream_ctx_t *stream, int delta,
xtd_seq_num_t est, void *srtp_hdr, unsigned int *pkt_octet_len)
{
@@ -1016,7 +1018,7 @@
uint32_t *enc_start; /* pointer to start of encrypted portion */
unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
v128_t iv;
- err_status_t status;
+ srtp_err_status_t status;
int tag_len;
unsigned int aad_len;
@@ -1037,7 +1039,7 @@
srtp_calc_aead_iv(stream, &iv, &est, hdr);
status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt);
if (status) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/*
@@ -1052,7 +1054,7 @@
enc_start += (ntohs(xtn_hdr->length) + 1);
}
if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
- return err_status_parse_err;
+ return srtp_err_status_parse_err;
/*
* We pass the tag down to the cipher when doing GCM mode
*/
@@ -1065,7 +1067,7 @@
* as the tag length.
*/
if (enc_octet_len < tag_len) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/*
@@ -1081,7 +1083,7 @@
break;
case key_event_hard_limit:
srtp_handle_event(ctx, stream, event_key_hard_limit);
- return err_status_key_expired;
+ return srtp_err_status_key_expired;
default:
break;
}
@@ -1092,7 +1094,7 @@
aad_len = (uint8_t *)enc_start - (uint8_t *)hdr;
status = cipher_set_aad(stream->rtp_cipher, (uint8_t*)hdr, aad_len);
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
/* Decrypt the ciphertext. This also checks the auth tag based
@@ -1158,13 +1160,13 @@
/* decrease the packet length by the length of the auth tag */
*pkt_octet_len -= tag_len;
- return err_status_ok;
+ return srtp_err_status_ok;
}
- err_status_t
+ srtp_err_status_t
srtp_protect(srtp_ctx_t *ctx, void *rtp_hdr, int *pkt_octet_len) {
srtp_hdr_t *hdr = (srtp_hdr_t *)rtp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
@@ -1173,7 +1175,7 @@
xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */
int delta; /* delta of local pkt idx and that in hdr */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
- err_status_t status;
+ srtp_err_status_t status;
int tag_len;
srtp_stream_ctx_t *stream;
int prefix_len;
@@ -1184,7 +1186,7 @@
/* check the packet length - it must at least contain a full header */
if (*pkt_octet_len < octets_in_rtp_header)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/*
* look up ssrc in srtp_stream list, and process the packet with
@@ -1215,7 +1217,7 @@
stream = new_stream;
} else {
/* no template stream, so we return an error */
- return err_status_no_ctx;
+ return srtp_err_status_no_ctx;
}
}
@@ -1255,7 +1257,7 @@
break;
case key_event_hard_limit:
srtp_handle_event(ctx, stream, event_key_hard_limit);
- return err_status_key_expired;
+ return srtp_err_status_key_expired;
default:
break;
}
@@ -1277,7 +1279,7 @@
srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start;
enc_start += (ntohs(xtn_hdr->length) + 1);
if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
- return err_status_parse_err;
+ return srtp_err_status_parse_err;
}
enc_octet_len = (unsigned int)(*pkt_octet_len -
((uint8_t*)enc_start - (uint8_t*)hdr));
@@ -1305,7 +1307,7 @@
delta = rdbx_estimate_index(&stream->rtp_rdbx, &est, ntohs(hdr->seq));
status = rdbx_check(&stream->rtp_rdbx, delta);
if (status) {
- if (status != err_status_replay_fail || !stream->allow_repeat_tx)
+ if (status != srtp_err_status_replay_fail || !stream->allow_repeat_tx)
return status; /* we've been asked to reuse an index */
}
else
@@ -1349,7 +1351,7 @@
status = cipher_set_iv(stream->rtp_cipher, &iv, direction_encrypt);
}
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
/* shift est, put into network byte order */
#ifdef NO_64BIT_MATH
@@ -1370,7 +1372,7 @@
if (prefix_len) {
status = cipher_output(stream->rtp_cipher, auth_tag, prefix_len);
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
debug_print(mod_srtp, "keystream prefix: %s",
octet_string_hex_string(auth_tag, prefix_len));
}
@@ -1381,7 +1383,7 @@
status = cipher_encrypt(stream->rtp_cipher,
(uint8_t *)enc_start, &enc_octet_len);
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/*
@@ -1405,7 +1407,7 @@
debug_print(mod_srtp, "srtp auth tag: %s",
octet_string_hex_string(auth_tag, tag_len));
if (status)
- return err_status_auth_fail;
+ return srtp_err_status_auth_fail;
}
@@ -1415,11 +1417,11 @@
*pkt_octet_len += tag_len;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_unprotect(srtp_ctx_t *ctx, void *srtp_hdr, int *pkt_octet_len) {
srtp_hdr_t *hdr = (srtp_hdr_t *)srtp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
@@ -1429,7 +1431,7 @@
xtd_seq_num_t est; /* estimated xtd_seq_num_t of *hdr */
int delta; /* delta of local pkt idx and that in hdr */
v128_t iv;
- err_status_t status;
+ srtp_err_status_t status;
srtp_stream_ctx_t *stream;
uint8_t tmp_tag[SRTP_MAX_TAG_LEN];
int tag_len, prefix_len;
@@ -1440,7 +1442,7 @@
/* check the packet length - it must at least contain a full header */
if (*pkt_octet_len < octets_in_rtp_header)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/*
* look up ssrc in srtp_stream list, and process the packet with
@@ -1473,7 +1475,7 @@
* no stream corresponding to SSRC found, and we don't do
* key-sharing, so return an error
*/
- return err_status_no_ctx;
+ return srtp_err_status_no_ctx;
}
} else {
@@ -1534,7 +1536,7 @@
status = cipher_set_iv(stream->rtp_cipher, &iv, direction_decrypt);
}
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
/* shift est, put into network byte order */
#ifdef NO_64BIT_MATH
@@ -1560,7 +1562,7 @@
enc_start += (ntohs(xtn_hdr->length) + 1);
}
if (!((uint8_t*)enc_start < (uint8_t*)hdr + *pkt_octet_len))
- return err_status_parse_err;
+ return srtp_err_status_parse_err;
enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len -
((uint8_t*)enc_start - (uint8_t*)hdr));
} else {
@@ -1600,7 +1602,7 @@
debug_print(mod_srtp, "keystream prefix: %s",
octet_string_hex_string(tmp_tag, prefix_len));
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/* initialize auth func context */
@@ -1619,10 +1621,10 @@
debug_print(mod_srtp, "packet auth tag: %s",
octet_string_hex_string(auth_tag, tag_len));
if (status)
- return err_status_auth_fail;
+ return srtp_err_status_auth_fail;
if (octet_string_is_eq(tmp_tag, auth_tag, tag_len))
- return err_status_auth_fail;
+ return srtp_err_status_auth_fail;
}
/*
@@ -1638,7 +1640,7 @@
break;
case key_event_hard_limit:
srtp_handle_event(ctx, stream, event_key_hard_limit);
- return err_status_key_expired;
+ return srtp_err_status_key_expired;
default:
break;
}
@@ -1648,7 +1650,7 @@
status = cipher_decrypt(stream->rtp_cipher,
(uint8_t *)enc_start, &enc_octet_len);
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/*
@@ -1705,12 +1707,12 @@
/* decrease the packet length by the length of the auth tag */
*pkt_octet_len -= tag_len;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_init() {
- err_status_t status;
+ srtp_err_status_t status;
/* initialize crypto kernel */
status = crypto_kernel_init();
@@ -1722,12 +1724,12 @@
if (status)
return status;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_shutdown() {
- err_status_t status;
+ srtp_err_status_t status;
/* shut down crypto kernel */
status = crypto_kernel_shutdown();
@@ -1736,7 +1738,7 @@
/* shutting down crypto kernel frees the srtp debug module as well */
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -1782,10 +1784,10 @@
return NULL;
}
-err_status_t
+srtp_err_status_t
srtp_dealloc(srtp_t session) {
srtp_stream_ctx_t *stream;
- err_status_t status;
+ srtp_err_status_t status;
/*
* we take a conservative deallocation strategy - if we encounter an
@@ -1827,19 +1829,19 @@
/* deallocate session context */
crypto_free(session);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_add_stream(srtp_t session,
const srtp_policy_t *policy) {
- err_status_t status;
+ srtp_err_status_t status;
srtp_stream_t tmp;
/* sanity check arguments */
if ((session == NULL) || (policy == NULL) || (policy->key == NULL))
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/* allocate stream */
status = srtp_stream_alloc(&tmp, policy);
@@ -1865,14 +1867,14 @@
switch (policy->ssrc.type) {
case (ssrc_any_outbound):
if (session->stream_template) {
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
session->stream_template = tmp;
session->stream_template->direction = dir_srtp_sender;
break;
case (ssrc_any_inbound):
if (session->stream_template) {
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
session->stream_template = tmp;
session->stream_template->direction = dir_srtp_receiver;
@@ -1884,27 +1886,27 @@
case (ssrc_undefined):
default:
crypto_free(tmp);
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_create(srtp_t *session, /* handle for session */
const srtp_policy_t *policy) { /* SRTP policy (list) */
- err_status_t stat;
+ srtp_err_status_t stat;
srtp_ctx_t *ctx;
/* sanity check arguments */
if (session == NULL)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/* allocate srtp context and set ctx_ptr */
ctx = (srtp_ctx_t *) crypto_alloc(sizeof(srtp_ctx_t));
if (ctx == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
*session = ctx;
/*
@@ -1927,18 +1929,18 @@
policy = policy->next;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_remove_stream(srtp_t session, uint32_t ssrc) {
srtp_stream_ctx_t *stream, *last_stream;
- err_status_t status;
+ srtp_err_status_t status;
/* sanity check arguments */
if (session == NULL)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/* find stream in list; complain if not found */
last_stream = stream = session->stream_list;
@@ -1947,7 +1949,7 @@
stream = stream->next;
}
if (stream == NULL)
- return err_status_no_ctx;
+ return srtp_err_status_no_ctx;
/* remove stream from the list */
if (last_stream == stream)
@@ -1961,7 +1963,7 @@
if (status)
return status;
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -1980,7 +1982,7 @@
/* There are hard-coded 16's for base_key_len in the key generation code */
void
-crypto_policy_set_rtp_default(crypto_policy_t *p) {
+srtp_crypto_policy_set_rtp_default(srtp_crypto_policy_t *p) {
p->cipher_type = AES_ICM;
p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */
@@ -1992,7 +1994,7 @@
}
void
-crypto_policy_set_rtcp_default(crypto_policy_t *p) {
+srtp_crypto_policy_set_rtcp_default(srtp_crypto_policy_t *p) {
p->cipher_type = AES_ICM;
p->cipher_key_len = 30; /* default 128 bits per RFC 3711 */
@@ -2004,7 +2006,7 @@
}
void
-crypto_policy_set_aes_cm_128_hmac_sha1_32(crypto_policy_t *p) {
+srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(srtp_crypto_policy_t *p) {
/*
* corresponds to RFC 4568
@@ -2023,7 +2025,7 @@
void
-crypto_policy_set_aes_cm_128_null_auth(crypto_policy_t *p) {
+srtp_crypto_policy_set_aes_cm_128_null_auth(srtp_crypto_policy_t *p) {
/*
* corresponds to RFC 4568
@@ -2042,7 +2044,7 @@
void
-crypto_policy_set_null_cipher_hmac_sha1_80(crypto_policy_t *p) {
+srtp_crypto_policy_set_null_cipher_hmac_sha1_80(srtp_crypto_policy_t *p) {
/*
* corresponds to RFC 4568
@@ -2057,9 +2059,25 @@
}
+void
+srtp_crypto_policy_set_null_cipher_hmac_null(srtp_crypto_policy_t *p) {
+
+ /*
+ * Should only be used for testing
+ */
+
+ p->cipher_type = NULL_CIPHER;
+ p->cipher_key_len = 0;
+ p->auth_type = NULL_AUTH;
+ p->auth_key_len = 0;
+ p->auth_tag_len = 0;
+ p->sec_serv = sec_serv_none;
+
+}
+
void
-crypto_policy_set_aes_cm_256_hmac_sha1_80(crypto_policy_t *p) {
+srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(srtp_crypto_policy_t *p) {
/*
* corresponds to draft-ietf-avt-big-aes-03.txt
@@ -2075,7 +2093,7 @@
void
-crypto_policy_set_aes_cm_256_hmac_sha1_32(crypto_policy_t *p) {
+srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(srtp_crypto_policy_t *p) {
/*
* corresponds to draft-ietf-avt-big-aes-03.txt
@@ -2095,7 +2113,7 @@
* AES-256 with no authentication.
*/
void
-crypto_policy_set_aes_cm_256_null_auth (crypto_policy_t *p)
+srtp_crypto_policy_set_aes_cm_256_null_auth (srtp_crypto_policy_t *p)
{
p->cipher_type = AES_ICM;
p->cipher_key_len = 46;
@@ -2110,9 +2128,9 @@
* AES-128 GCM mode with 8 octet auth tag.
*/
void
-crypto_policy_set_aes_gcm_128_8_auth(crypto_policy_t *p) {
+srtp_crypto_policy_set_aes_gcm_128_8_auth(srtp_crypto_policy_t *p) {
p->cipher_type = AES_128_GCM;
- p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT;
+ p->cipher_key_len = SRTP_AES_128_GCM_KEYSIZE_WSALT;
p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
p->auth_key_len = 0;
p->auth_tag_len = 8; /* 8 octet tag length */
@@ -2123,9 +2141,9 @@
* AES-256 GCM mode with 8 octet auth tag.
*/
void
-crypto_policy_set_aes_gcm_256_8_auth(crypto_policy_t *p) {
+srtp_crypto_policy_set_aes_gcm_256_8_auth(srtp_crypto_policy_t *p) {
p->cipher_type = AES_256_GCM;
- p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT;
+ p->cipher_key_len = SRTP_AES_256_GCM_KEYSIZE_WSALT;
p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
p->auth_key_len = 0;
p->auth_tag_len = 8; /* 8 octet tag length */
@@ -2136,9 +2154,9 @@
* AES-128 GCM mode with 8 octet auth tag, no RTCP encryption.
*/
void
-crypto_policy_set_aes_gcm_128_8_only_auth(crypto_policy_t *p) {
+srtp_crypto_policy_set_aes_gcm_128_8_only_auth(srtp_crypto_policy_t *p) {
p->cipher_type = AES_128_GCM;
- p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT;
+ p->cipher_key_len = SRTP_AES_128_GCM_KEYSIZE_WSALT;
p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
p->auth_key_len = 0;
p->auth_tag_len = 8; /* 8 octet tag length */
@@ -2149,9 +2167,9 @@
* AES-256 GCM mode with 8 octet auth tag, no RTCP encryption.
*/
void
-crypto_policy_set_aes_gcm_256_8_only_auth(crypto_policy_t *p) {
+srtp_crypto_policy_set_aes_gcm_256_8_only_auth(srtp_crypto_policy_t *p) {
p->cipher_type = AES_256_GCM;
- p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT;
+ p->cipher_key_len = SRTP_AES_256_GCM_KEYSIZE_WSALT;
p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
p->auth_key_len = 0;
p->auth_tag_len = 8; /* 8 octet tag length */
@@ -2162,9 +2180,9 @@
* AES-128 GCM mode with 16 octet auth tag.
*/
void
-crypto_policy_set_aes_gcm_128_16_auth(crypto_policy_t *p) {
+srtp_crypto_policy_set_aes_gcm_128_16_auth(srtp_crypto_policy_t *p) {
p->cipher_type = AES_128_GCM;
- p->cipher_key_len = AES_128_GCM_KEYSIZE_WSALT;
+ p->cipher_key_len = SRTP_AES_128_GCM_KEYSIZE_WSALT;
p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
p->auth_key_len = 0;
p->auth_tag_len = 16; /* 16 octet tag length */
@@ -2175,9 +2193,9 @@
* AES-256 GCM mode with 16 octet auth tag.
*/
void
-crypto_policy_set_aes_gcm_256_16_auth(crypto_policy_t *p) {
+srtp_crypto_policy_set_aes_gcm_256_16_auth(srtp_crypto_policy_t *p) {
p->cipher_type = AES_256_GCM;
- p->cipher_key_len = AES_256_GCM_KEYSIZE_WSALT;
+ p->cipher_key_len = SRTP_AES_256_GCM_KEYSIZE_WSALT;
p->auth_type = NULL_AUTH; /* GCM handles the auth for us */
p->auth_key_len = 0;
p->auth_tag_len = 16; /* 16 octet tag length */
@@ -2247,7 +2265,7 @@
* This code handles AEAD ciphers for outgoing RTCP. We currently support
* AES-GCM mode with 128 or 256 bit keys.
*/
-static err_status_t
+static srtp_err_status_t
srtp_protect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream,
void *rtcp_hdr, unsigned int *pkt_octet_len)
{
@@ -2256,7 +2274,7 @@
uint32_t *trailer; /* pointer to start of trailer */
unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
- err_status_t status;
+ srtp_err_status_t status;
int tag_len;
uint32_t seq_num;
v128_t iv;
@@ -2313,7 +2331,7 @@
srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr);
status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt);
if (status) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/*
@@ -2327,7 +2345,7 @@
status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr,
octets_in_rtcp_header);
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
} else {
/*
@@ -2338,7 +2356,7 @@
status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr,
*pkt_octet_len);
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
}
/*
@@ -2348,7 +2366,7 @@
status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq,
sizeof(srtcp_trailer_t));
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
/* if we're encrypting, exor keystream into the message */
@@ -2356,7 +2374,7 @@
status = cipher_encrypt(stream->rtcp_cipher,
(uint8_t*)enc_start, &enc_octet_len);
if (status) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/*
* Get the tag and append that to the output
@@ -2364,7 +2382,7 @@
status = cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag,
&tag_len);
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
enc_octet_len += tag_len;
} else {
@@ -2375,7 +2393,7 @@
unsigned int nolen = 0;
status = cipher_encrypt(stream->rtcp_cipher, NULL, &nolen);
if (status) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/*
* Get the tag and append that to the output
@@ -2383,7 +2401,7 @@
status = cipher_get_tag(stream->rtcp_cipher, (uint8_t*)auth_tag,
&tag_len);
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
enc_octet_len += tag_len;
}
@@ -2391,7 +2409,7 @@
/* increase the packet length by the length of the auth tag and seq_num*/
*pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t));
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -2400,7 +2418,7 @@
* at the end of the packet stream and is automatically checked by GCM
* when decrypting the payload.
*/
-static err_status_t
+static srtp_err_status_t
srtp_unprotect_rtcp_aead (srtp_t ctx, srtp_stream_ctx_t *stream,
void *srtcp_hdr, unsigned int *pkt_octet_len)
{
@@ -2409,7 +2427,7 @@
uint32_t *trailer; /* pointer to start of trailer */
unsigned int enc_octet_len = 0; /* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
- err_status_t status;
+ srtp_err_status_t status;
int tag_len;
unsigned int tmp_len;
uint32_t seq_num;
@@ -2463,7 +2481,7 @@
srtp_calc_aead_iv_srtcp(stream, &iv, seq_num, hdr);
status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_decrypt);
if (status) {
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/*
@@ -2477,7 +2495,7 @@
status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr,
octets_in_rtcp_header);
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
} else {
/*
@@ -2488,7 +2506,7 @@
status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)hdr,
(*pkt_octet_len - tag_len - sizeof(srtcp_trailer_t)));
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
}
@@ -2499,7 +2517,7 @@
status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq,
sizeof(srtcp_trailer_t));
if (status) {
- return ( err_status_cipher_fail);
+ return ( srtp_err_status_cipher_fail);
}
/* if we're decrypting, exor keystream into the message */
@@ -2573,10 +2591,10 @@
/* we've passed the authentication check, so add seq_num to the rdb */
rdb_add_index(&stream->rtcp_rdb, seq_num);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_protect_rtcp(srtp_t ctx, void *rtcp_hdr, int *pkt_octet_len) {
srtcp_hdr_t *hdr = (srtcp_hdr_t *)rtcp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
@@ -2584,7 +2602,7 @@
uint32_t *trailer; /* pointer to start of trailer */
unsigned int enc_octet_len = 0;/* number of octets in encrypted portion */
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
- err_status_t status;
+ srtp_err_status_t status;
int tag_len;
srtp_stream_ctx_t *stream;
int prefix_len;
@@ -2594,7 +2612,7 @@
/* check the packet length - it must at least contain a full header */
if (*pkt_octet_len < octets_in_rtcp_header)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/*
* look up ssrc in srtp_stream list, and process the packet with
@@ -2622,7 +2640,7 @@
stream = new_stream;
} else {
/* no template stream, so we return an error */
- return err_status_no_ctx;
+ return srtp_err_status_no_ctx;
}
}
@@ -2684,8 +2702,8 @@
auth_tag = (uint8_t *)hdr + *pkt_octet_len + sizeof(srtcp_trailer_t);
/* perform EKT processing if needed */
- ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len,
- rdbx_get_packet_index(&stream->rtp_rdbx));
+ srtp_ekt_write_data(stream->ekt, auth_tag, tag_len, pkt_octet_len,
+ rdbx_get_packet_index(&stream->rtp_rdbx));
/*
* check sequence number for overruns, and copy it into the packet
@@ -2721,7 +2739,7 @@
status = cipher_set_iv(stream->rtcp_cipher, &iv, direction_encrypt);
}
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
/*
* if we're authenticating using a universal hash, put the keystream
@@ -2739,7 +2757,7 @@
octet_string_hex_string(auth_tag, prefix_len));
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/* if we're encrypting, exor keystream into the message */
@@ -2747,7 +2765,7 @@
status = cipher_encrypt(stream->rtcp_cipher,
(uint8_t *)enc_start, &enc_octet_len);
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/* initialize auth func context */
@@ -2764,16 +2782,16 @@
debug_print(mod_srtp, "srtcp auth tag: %s",
octet_string_hex_string(auth_tag, tag_len));
if (status)
- return err_status_auth_fail;
+ return srtp_err_status_auth_fail;
/* increase the packet length by the length of the auth tag and seq_num*/
*pkt_octet_len += (tag_len + sizeof(srtcp_trailer_t));
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_unprotect_rtcp(srtp_t ctx, void *srtcp_hdr, int *pkt_octet_len) {
srtcp_hdr_t *hdr = (srtcp_hdr_t *)srtcp_hdr;
uint32_t *enc_start; /* pointer to start of encrypted portion */
@@ -2783,7 +2801,7 @@
uint8_t *auth_tag = NULL; /* location of auth_tag within packet */
uint8_t tmp_tag[SRTP_MAX_TAG_LEN];
uint8_t tag_copy[SRTP_MAX_TAG_LEN];
- err_status_t status;
+ srtp_err_status_t status;
unsigned int auth_len;
int tag_len;
srtp_stream_ctx_t *stream;
@@ -2798,7 +2816,7 @@
know the tag length, but we at least want to know that it is
a positive value */
if (*pkt_octet_len < octets_in_rtcp_header + sizeof(srtcp_trailer_t))
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/*
* look up ssrc in srtp_stream list, and process the packet with
@@ -2832,7 +2850,7 @@
hdr->ssrc);
} else {
/* no template stream, so we return an error */
- return err_status_no_ctx;
+ return srtp_err_status_no_ctx;
}
}
@@ -2843,7 +2861,7 @@
header, an auth tag (if applicable), and the SRTCP encrypted flag
and 31-bit index value */
if (*pkt_octet_len < (octets_in_rtcp_header + tag_len + sizeof(srtcp_trailer_t))) {
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
/*
@@ -2877,7 +2895,7 @@
e_bit_in_packet =
(*((unsigned char *) trailer) & SRTCP_E_BYTE_BIT) == SRTCP_E_BYTE_BIT;
if (e_bit_in_packet != sec_serv_confidentiality) {
- return err_status_cant_check;
+ return srtp_err_status_cant_check;
}
if (sec_serv_confidentiality) {
enc_start = (uint32_t *)hdr + uint32s_in_rtcp_header;
@@ -2902,7 +2920,7 @@
* the base tag
*/
if (stream->ekt) {
- auth_tag -= ekt_octets_after_base_tag(stream->ekt);
+ auth_tag -= srtp_ekt_octets_after_base_tag(stream->ekt);
memcpy(tag_copy, auth_tag, tag_len);
octet_string_set_to_zero(auth_tag, tag_len);
auth_tag = tag_copy;
@@ -2943,7 +2961,7 @@
}
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
/* initialize auth func context */
auth_start(stream->rtcp_auth);
@@ -2954,13 +2972,13 @@
debug_print(mod_srtp, "srtcp computed tag: %s",
octet_string_hex_string(tmp_tag, tag_len));
if (status)
- return err_status_auth_fail;
+ return srtp_err_status_auth_fail;
/* compare the tag just computed with the one in the packet */
debug_print(mod_srtp, "srtcp tag from packet: %s",
octet_string_hex_string(auth_tag, tag_len));
if (octet_string_is_eq(tmp_tag, auth_tag, tag_len))
- return err_status_auth_fail;
+ return srtp_err_status_auth_fail;
/*
* if we're authenticating using a universal hash, put the keystream
@@ -2972,7 +2990,7 @@
debug_print(mod_srtp, "keystream prefix: %s",
octet_string_hex_string(auth_tag, prefix_len));
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/* if we're decrypting, exor keystream into the message */
@@ -2980,7 +2998,7 @@
status = cipher_decrypt(stream->rtcp_cipher,
(uint8_t *)enc_start, &enc_octet_len);
if (status)
- return err_status_cipher_fail;
+ return srtp_err_status_cipher_fail;
}
/* decrease the packet length by the length of the auth tag and seq_num */
@@ -2990,7 +3008,7 @@
* if EKT is in effect, subtract the EKT data out of the packet
* length
*/
- *pkt_octet_len -= ekt_octets_after_base_tag(stream->ekt);
+ *pkt_octet_len -= srtp_ekt_octets_after_base_tag(stream->ekt);
/*
* verify that stream is for received traffic - this check will
@@ -3041,7 +3059,7 @@
rdb_add_index(&stream->rtcp_rdb, seq_num);
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -3064,76 +3082,72 @@
* dtls keying for srtp
*/
-err_status_t
-crypto_policy_set_from_profile_for_rtp(crypto_policy_t *policy,
- srtp_profile_t profile) {
+srtp_err_status_t
+srtp_crypto_policy_set_from_profile_for_rtp(srtp_crypto_policy_t *policy,
+ srtp_profile_t profile) {
/* set SRTP policy from the SRTP profile in the key set */
switch(profile) {
case srtp_profile_aes128_cm_sha1_80:
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
break;
case srtp_profile_aes128_cm_sha1_32:
- crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
break;
case srtp_profile_null_sha1_80:
- crypto_policy_set_null_cipher_hmac_sha1_80(policy);
+ srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy);
break;
case srtp_profile_aes256_cm_sha1_80:
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
break;
case srtp_profile_aes256_cm_sha1_32:
- crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
break;
/* the following profiles are not (yet) supported */
case srtp_profile_null_sha1_32:
default:
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
-crypto_policy_set_from_profile_for_rtcp(crypto_policy_t *policy,
- srtp_profile_t profile) {
+srtp_err_status_t
+srtp_crypto_policy_set_from_profile_for_rtcp(srtp_crypto_policy_t *policy,
+ srtp_profile_t profile) {
/* set SRTP policy from the SRTP profile in the key set */
switch(profile) {
case srtp_profile_aes128_cm_sha1_80:
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
break;
case srtp_profile_aes128_cm_sha1_32:
/* We do not honor the 32-bit auth tag request since
* this is not compliant with RFC 3711 */
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+ srtp_crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
break;
case srtp_profile_null_sha1_80:
- crypto_policy_set_null_cipher_hmac_sha1_80(policy);
+ srtp_crypto_policy_set_null_cipher_hmac_sha1_80(policy);
break;
case srtp_profile_aes256_cm_sha1_80:
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
break;
case srtp_profile_aes256_cm_sha1_32:
/* We do not honor the 32-bit auth tag request since
* this is not compliant with RFC 3711 */
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
break;
/* the following profiles are not (yet) supported */
case srtp_profile_null_sha1_32:
default:
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-void
-append_salt_to_key(uint8_t *key, unsigned int bytes_in_key,
- uint8_t *salt, unsigned int bytes_in_salt) {
-
+void srtp_append_salt_to_key(uint8_t *key, unsigned int bytes_in_key, uint8_t *salt, unsigned int bytes_in_salt) {
memcpy(key + bytes_in_key, salt, bytes_in_salt);
-
}
unsigned int
diff --git a/tables/.cvsignore b/tables/.cvsignore
deleted file mode 100644
index 45492b4..0000000
--- a/tables/.cvsignore
+++ /dev/null
@@ -1 +0,0 @@
-aes_tables
diff --git a/tables/aes_tables.c b/tables/aes_tables.c
deleted file mode 100644
index 96d28ce..0000000
--- a/tables/aes_tables.c
+++ /dev/null
@@ -1,350 +0,0 @@
-/*
- * aes_tables.c
- *
- * generate tables for the AES cipher
- *
- * David A. McGrew
- * Cisco Systems, Inc.
- */
-/*
- *
- * Copyright(c) 2001-2006 Cisco Systems, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided
- * with the distribution.
- *
- * Neither the name of the Cisco Systems, Inc. nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifdef HAVE_CONFIG_H
- #include <config.h>
-#endif
-
-#include <stdio.h>
-#include "gf2_8.h"
-#include "crypto_math.h"
-
-
-unsigned char aes_sbox[256];
-
-unsigned char aes_inv_sbox[256];
-
-uint32_t T0[256], T1[256], T2[256], T3[256], T4[256];
-
-
-#define AES_INVERSE_TEST 0 /* set to 1 to test forward/backwards aes */
-
-/* functions for precomputing AES values */
-
-/*
- * A[] is the 8 x 8 binary matrix (represented as an array of columns,
- * where each column is an octet) which defines the affine
- * transformation used in the AES substitution table (Section
- * 4.2.1 of the spec).
- */
-
-uint8_t A[8] = { 31, 62, 124, 248, 241, 227, 199, 143 };
-
-/*
- * b is the 8 bit vector (represented as an octet) used in the affine
- * transform described above.
- */
-
-uint8_t b = 99;
-
-
-void
-aes_init_sbox(void) {
- unsigned int i;
- uint8_t x;
-
- for (i=0; i < 256; i++) {
- x = gf2_8_compute_inverse((gf2_8)i);
- x = A_times_x_plus_b(A, x, b);
- aes_sbox[i] = x;
- aes_inv_sbox[x] = i;
- }
-}
-
-void
-aes_compute_tables(void) {
- int i;
- uint32_t x1, x2, x3;
- v32_t tmp;
-
- /* initialize substitution table */
- aes_init_sbox();
-
- /* combine sbox with linear operations to form 8-bit to 32-bit tables */
- for (i=0; i < 256; i++) {
- x1 = aes_sbox[i];
- x2 = gf2_8_shift(x1);
- x3 = x2 ^ x1;
-
- tmp.v8[0] = x2;
- tmp.v8[1] = x1;
- tmp.v8[2] = x1;
- tmp.v8[3] = x3;
- T0[i] = tmp.value;
-
- tmp.v8[0] = x3;
- tmp.v8[1] = x2;
- tmp.v8[2] = x1;
- tmp.v8[3] = x1;
- T1[i] = tmp.value;
-
- tmp.v8[0] = x1;
- tmp.v8[1] = x3;
- tmp.v8[2] = x2;
- tmp.v8[3] = x1;
- T2[i] = tmp.value;
-
- tmp.v8[0] = x1;
- tmp.v8[1] = x1;
- tmp.v8[2] = x3;
- tmp.v8[3] = x2;
- T3[i] = tmp.value;
-
- }
-}
-
-
-/*
- * the tables U0, U1, U2, U3 implement the aes operations invSubBytes,
- * invMixColumns, and invShiftRows
- */
-
-uint32_t U0[256], U1[256], U2[256], U3[256], U4[256];
-
-extern uint8_t aes_inv_sbox[256];
-
-void
-aes_compute_inv_tables(void) {
- int i;
- uint8_t x, xe, x9, xd, xb;
- v32_t tmp;
-
- /* combine sbox with linear operations to form 8-bit to 32-bit tables */
- for (i=0; i < 256; i++) {
- x = aes_inv_sbox[i];
-
- xe = gf2_8_multiply(0x0e, x);
- x9 = gf2_8_multiply(0x09, x);
- xd = gf2_8_multiply(0x0d, x);
- xb = gf2_8_multiply(0x0b, x);
-
- tmp.v8[0] = xe;
- tmp.v8[1] = x9;
- tmp.v8[2] = xd;
- tmp.v8[3] = xb;
- U0[i] = tmp.value;
-
- tmp.v8[0] = xb;
- tmp.v8[1] = xe;
- tmp.v8[2] = x9;
- tmp.v8[3] = xd;
- U1[i] = tmp.value;
-
- tmp.v8[0] = xd;
- tmp.v8[1] = xb;
- tmp.v8[2] = xe;
- tmp.v8[3] = x9;
- U2[i] = tmp.value;
-
- tmp.v8[0] = x9;
- tmp.v8[1] = xd;
- tmp.v8[2] = xb;
- tmp.v8[3] = xe;
- U3[i] = tmp.value;
-
- tmp.v8[0] = tmp.v8[1] = tmp.v8[2] = tmp.v8[3] = x;
- U4[i] = tmp.value;
- }
-}
-
-
-/*
- * aes_test_inverse() returns err_status_ok if aes
- * encryption and decryption are true inverses of each other, and
- * returns err_status_algo_fail otherwise
- */
-
-#include "err.h"
-
-err_status_t
-aes_test_inverse(void);
-
-#define TABLES_32BIT 1
-
-int
-main(void) {
- int i;
-
- aes_init_sbox();
- aes_compute_inv_tables();
-
-#if TABLES_32BIT
- printf("uint32_t U0 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%0x, ", U0[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U1 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%x, ", U1[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U2 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%x, ", U2[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U3 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%x, ", U3[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U4 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%x, ", U4[i]);
- }
- printf("\n}\n");
-
-#else
-
- printf("uint32_t U0 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%lx, ", U0[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U1 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%lx, ", U1[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U2 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%lx, ", U2[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U3 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%lx, ", U3[i]);
- }
- printf("\n}\n");
-
- printf("uint32_t U4 = {");
- for (i=0; i < 256; i++) {
- if ((i % 4) == 0)
- printf("\n");
- printf("0x%lx, ", U4[i]);
- }
- printf("\n}\n");
-
-
-#endif /* TABLES_32BIT */
-
-
-#if AES_INVERSE_TEST
- /*
- * test that aes_encrypt and aes_decrypt are actually
- * inverses of each other
- */
-
- printf("aes inverse test: ");
- if (aes_test_inverse() == err_status_ok)
- printf("passed\n");
- else {
- printf("failed\n");
- exit(1);
- }
-#endif
-
- return 0;
-}
-
-#if AES_INVERSE_TEST
-
-err_status_t
-aes_test_inverse(void) {
- v128_t x, y;
- aes_expanded_key_t expanded_key, decrypt_key;
- uint8_t plaintext[16] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
- };
- uint8_t key[16] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
- };
- v128_t k;
- v128_set_to_zero(&x);
-
- v128_copy_octet_string(&k, key);
- v128_copy_octet_string(&x, plaintext);
- aes_expand_encryption_key(k, expanded_key);
- aes_expand_decryption_key(k, decrypt_key);
- aes_encrypt(&x, expanded_key);
- aes_decrypt(&x, decrypt_key);
-
- /* compare to expected value then report */
- v128_copy_octet_string(&y, plaintext);
-
- if (v128_is_eq(&x, &y))
- return err_status_ok;
- return err_status_algo_fail;
-
-}
-
-#endif
diff --git a/test/dtls_srtp_driver.c b/test/dtls_srtp_driver.c
index 48e72fb..616669e 100644
--- a/test/dtls_srtp_driver.c
+++ b/test/dtls_srtp_driver.c
@@ -46,7 +46,7 @@
#include "getopt_s.h" /* for local getopt() */
#include "srtp_priv.h"
-err_status_t
+srtp_err_status_t
test_dtls_srtp(void);
srtp_hdr_t *
@@ -64,7 +64,7 @@
main(int argc, char *argv[]) {
unsigned do_list_mods = 0;
int q;
- err_status_t err;
+ srtp_err_status_t err;
printf("dtls_srtp_driver\n");
@@ -123,7 +123,7 @@
}
-err_status_t
+srtp_err_status_t
test_dtls_srtp(void) {
srtp_hdr_t *test_packet;
int test_packet_len = 80;
@@ -133,7 +133,7 @@
uint8_t salt[SRTP_MAX_KEY_LEN];
unsigned int key_len, salt_len;
srtp_profile_t profile;
- err_status_t err;
+ srtp_err_status_t err;
/* create a 'null' SRTP session */
err = srtp_create(&s, NULL);
@@ -142,34 +142,34 @@
/*
* verify that packet-processing functions behave properly - we
- * expect that these functions will return err_status_no_ctx
+ * expect that these functions will return srtp_err_status_no_ctx
*/
test_packet = srtp_create_test_packet(80, 0xa5a5a5a5);
if (test_packet == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
err = srtp_protect(s, test_packet, &test_packet_len);
- if (err != err_status_no_ctx) {
+ if (err != srtp_err_status_no_ctx) {
printf("wrong return value from srtp_protect() (got code %d)\n",
err);
- return err_status_fail;
+ return srtp_err_status_fail;
}
err = srtp_unprotect(s, test_packet, &test_packet_len);
- if (err != err_status_no_ctx) {
+ if (err != srtp_err_status_no_ctx) {
printf("wrong return value from srtp_unprotect() (got code %d)\n",
err);
- return err_status_fail;
+ return srtp_err_status_fail;
}
err = srtp_protect_rtcp(s, test_packet, &test_packet_len);
- if (err != err_status_no_ctx) {
+ if (err != srtp_err_status_no_ctx) {
printf("wrong return value from srtp_protect_rtcp() (got code %d)\n",
err);
- return err_status_fail;
+ return srtp_err_status_fail;
}
err = srtp_unprotect_rtcp(s, test_packet, &test_packet_len);
- if (err != err_status_no_ctx) {
+ if (err != srtp_err_status_no_ctx) {
printf("wrong return value from srtp_unprotect_rtcp() (got code %d)\n",
err);
- return err_status_fail;
+ return srtp_err_status_fail;
}
@@ -181,13 +181,13 @@
salt_len = srtp_profile_get_master_salt_length(profile);
memset(key, 0xff, key_len);
memset(salt, 0xee, salt_len);
- append_salt_to_key(key, key_len, salt, salt_len);
+ srtp_append_salt_to_key(key, key_len, salt, salt_len);
policy.key = key;
/* initialize SRTP policy from profile */
- err = crypto_policy_set_from_profile_for_rtp(&policy.rtp, profile);
+ err = srtp_crypto_policy_set_from_profile_for_rtp(&policy.rtp, profile);
if (err) return err;
- err = crypto_policy_set_from_profile_for_rtcp(&policy.rtcp, profile);
+ err = srtp_crypto_policy_set_from_profile_for_rtcp(&policy.rtcp, profile);
if (err) return err;
policy.ssrc.type = ssrc_any_inbound;
policy.ekt = NULL;
@@ -205,7 +205,7 @@
free(test_packet);
- return err_status_ok;
+ return srtp_err_status_ok;
}
diff --git a/test/rdbx_driver.c b/test/rdbx_driver.c
index 37a3c85..d745851 100644
--- a/test/rdbx_driver.c
+++ b/test/rdbx_driver.c
@@ -58,7 +58,7 @@
#include "ut_sim.h"
-err_status_t
+srtp_err_status_t
test_replay_dbx(int num_trials, unsigned long ws);
double
@@ -73,7 +73,7 @@
int
main (int argc, char *argv[]) {
double rate;
- err_status_t status;
+ srtp_err_status_t status;
int q;
unsigned do_timing_test = 0;
unsigned do_validation = 0;
@@ -146,20 +146,20 @@
* rdbx_check_add(rdbx, idx) checks a known-to-be-good idx against
* rdbx, then adds it. if a failure is detected (i.e., the check
* indicates that the value is already in rdbx) then
- * err_status_algo_fail is returned.
+ * srtp_err_status_algo_fail is returned.
*
*/
-err_status_t
+srtp_err_status_t
rdbx_check_add(rdbx_t *rdbx, uint32_t idx) {
int delta;
xtd_seq_num_t est;
delta = index_guess(&rdbx->index, &est, idx);
- if (rdbx_check(rdbx, delta) != err_status_ok) {
+ if (rdbx_check(rdbx, delta) != srtp_err_status_ok) {
printf("replay_check failed at index %u\n", idx);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
/*
@@ -167,12 +167,12 @@
* the estimated value est, at this point
*/
- if (rdbx_add_index(rdbx, delta) != err_status_ok) {
+ if (rdbx_add_index(rdbx, delta) != srtp_err_status_ok) {
printf("rdbx_add_index failed at index %u\n", idx);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -182,54 +182,54 @@
* and thus will be rejected
*/
-err_status_t
+srtp_err_status_t
rdbx_check_expect_failure(rdbx_t *rdbx, uint32_t idx) {
int delta;
xtd_seq_num_t est;
- err_status_t status;
+ srtp_err_status_t status;
delta = index_guess(&rdbx->index, &est, idx);
status = rdbx_check(rdbx, delta);
- if (status == err_status_ok) {
+ if (status == srtp_err_status_ok) {
printf("delta: %d ", delta);
printf("replay_check failed at index %u (false positive)\n", idx);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
rdbx_check_add_unordered(rdbx_t *rdbx, uint32_t idx) {
int delta;
xtd_seq_num_t est;
- err_status_t rstat;
+ srtp_err_status_t rstat;
delta = index_guess(&rdbx->index, &est, idx);
rstat = rdbx_check(rdbx, delta);
- if ((rstat != err_status_ok) && (rstat != err_status_replay_old)) {
+ if ((rstat != srtp_err_status_ok) && (rstat != srtp_err_status_replay_old)) {
printf("replay_check_add_unordered failed at index %u\n", idx);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
- if (rstat == err_status_replay_old) {
- return err_status_ok;
+ if (rstat == srtp_err_status_replay_old) {
+ return srtp_err_status_ok;
}
- if (rdbx_add_index(rdbx, delta) != err_status_ok) {
+ if (rdbx_add_index(rdbx, delta) != srtp_err_status_ok) {
printf("rdbx_add_index failed at index %u\n", idx);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
test_replay_dbx(int num_trials, unsigned long ws) {
rdbx_t rdbx;
uint32_t idx, ircvd;
ut_connection utc;
- err_status_t status;
+ srtp_err_status_t status;
int num_fp_trials;
status = rdbx_init(&rdbx, ws);
@@ -271,9 +271,9 @@
/* re-initialize */
rdbx_dealloc(&rdbx);
- if (rdbx_init(&rdbx, ws) != err_status_ok) {
+ if (rdbx_init(&rdbx, ws) != srtp_err_status_ok) {
printf("replay_init failed\n");
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/*
@@ -299,9 +299,9 @@
/* re-initialize */
rdbx_dealloc(&rdbx);
- if (rdbx_init(&rdbx, ws) != err_status_ok) {
+ if (rdbx_init(&rdbx, ws) != srtp_err_status_ok) {
printf("replay_init failed\n");
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/*
@@ -321,7 +321,7 @@
rdbx_dealloc(&rdbx);
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -338,7 +338,7 @@
clock_t timer;
int failures; /* count number of failures */
- if (rdbx_init(&rdbx, ws) != err_status_ok) {
+ if (rdbx_init(&rdbx, ws) != srtp_err_status_ok) {
printf("replay_init failed\n");
exit(1);
}
@@ -349,10 +349,10 @@
delta = index_guess(&rdbx.index, &est, i);
- if (rdbx_check(&rdbx, delta) != err_status_ok)
+ if (rdbx_check(&rdbx, delta) != srtp_err_status_ok)
++failures;
else
- if (rdbx_add_index(&rdbx, delta) != err_status_ok)
+ if (rdbx_add_index(&rdbx, delta) != srtp_err_status_ok)
++failures;
}
timer = clock() - timer;
diff --git a/test/replay_driver.c b/test/replay_driver.c
index e4d1701..a2b6dc4 100644
--- a/test/replay_driver.c
+++ b/test/replay_driver.c
@@ -59,7 +59,7 @@
unsigned num_trials = 1 << 16;
-err_status_t
+srtp_err_status_t
test_rdb_db(void);
double
@@ -67,7 +67,7 @@
int
main (void) {
- err_status_t err;
+ srtp_err_status_t err;
printf("testing anti-replay database (rdb_t)...\n");
err = test_rdb_db();
@@ -89,65 +89,65 @@
printf("rdb: {%u, %s}\n", rdb->window_start, v128_bit_string(&rdb->bitmask));
}
-err_status_t
+srtp_err_status_t
rdb_check_add(rdb_t *rdb, uint32_t idx) {
- if (rdb_check(rdb, idx) != err_status_ok) {
+ if (rdb_check(rdb, idx) != srtp_err_status_ok) {
printf("rdb_check failed at index %u\n", idx);
- return err_status_fail;
+ return srtp_err_status_fail;
}
- if (rdb_add_index(rdb, idx) != err_status_ok) {
+ if (rdb_add_index(rdb, idx) != srtp_err_status_ok) {
printf("rdb_add_index failed at index %u\n", idx);
- return err_status_fail;
+ return srtp_err_status_fail;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
rdb_check_expect_failure(rdb_t *rdb, uint32_t idx) {
- err_status_t err;
+ srtp_err_status_t err;
err = rdb_check(rdb, idx);
- if ((err != err_status_replay_old) && (err != err_status_replay_fail)) {
+ if ((err != srtp_err_status_replay_old) && (err != srtp_err_status_replay_fail)) {
printf("rdb_check failed at index %u (false positive)\n", idx);
- return err_status_fail;
+ return srtp_err_status_fail;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
rdb_check_add_unordered(rdb_t *rdb, uint32_t idx) {
- err_status_t rstat;
+ srtp_err_status_t rstat;
/* printf("index: %u\n", idx); */
rstat = rdb_check(rdb, idx);
- if ((rstat != err_status_ok) && (rstat != err_status_replay_old)) {
+ if ((rstat != srtp_err_status_ok) && (rstat != srtp_err_status_replay_old)) {
printf("rdb_check_add_unordered failed at index %u\n", idx);
return rstat;
}
- if (rstat == err_status_replay_old) {
- return err_status_ok;
+ if (rstat == srtp_err_status_replay_old) {
+ return srtp_err_status_ok;
}
- if (rdb_add_index(rdb, idx) != err_status_ok) {
+ if (rdb_add_index(rdb, idx) != srtp_err_status_ok) {
printf("rdb_add_index failed at index %u\n", idx);
- return err_status_fail;
+ return srtp_err_status_fail;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
test_rdb_db() {
rdb_t rdb;
uint32_t idx, ircvd;
ut_connection utc;
- err_status_t err;
+ srtp_err_status_t err;
- if (rdb_init(&rdb) != err_status_ok) {
+ if (rdb_init(&rdb) != srtp_err_status_ok) {
printf("rdb_init failed\n");
- return err_status_init_fail;
+ return srtp_err_status_init_fail;
}
/* test sequential insertion */
@@ -165,9 +165,9 @@
}
/* re-initialize */
- if (rdb_init(&rdb) != err_status_ok) {
+ if (rdb_init(&rdb) != srtp_err_status_ok) {
printf("rdb_init failed\n");
- return err_status_fail;
+ return srtp_err_status_fail;
}
/* test non-sequential insertion */
@@ -184,9 +184,9 @@
}
/* re-initialize */
- if (rdb_init(&rdb) != err_status_ok) {
+ if (rdb_init(&rdb) != srtp_err_status_ok) {
printf("rdb_init failed\n");
- return err_status_fail;
+ return srtp_err_status_fail;
}
/* test insertion with large gaps */
@@ -200,9 +200,9 @@
}
/* re-initialize */
- if (rdb_init(&rdb) != err_status_ok) {
+ if (rdb_init(&rdb) != srtp_err_status_ok) {
printf("rdb_init failed\n");
- return err_status_fail;
+ return srtp_err_status_fail;
}
/* test loss of first 513 packets */
@@ -220,7 +220,7 @@
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
#include <time.h> /* for clock() */
@@ -235,24 +235,24 @@
clock_t timer;
int failures; /* count number of failures */
- if (rdb_init(&rdb) != err_status_ok) {
+ if (rdb_init(&rdb) != srtp_err_status_ok) {
printf("rdb_init failed\n");
exit(1);
}
timer = clock();
for(i=0; i < REPLAY_NUM_TRIALS; i+=3) {
- if (rdb_check(&rdb, i+2) != err_status_ok)
+ if (rdb_check(&rdb, i+2) != srtp_err_status_ok)
++failures;
- if (rdb_add_index(&rdb, i+2) != err_status_ok)
+ if (rdb_add_index(&rdb, i+2) != srtp_err_status_ok)
++failures;
- if (rdb_check(&rdb, i+1) != err_status_ok)
+ if (rdb_check(&rdb, i+1) != srtp_err_status_ok)
++failures;
- if (rdb_add_index(&rdb, i+1) != err_status_ok)
+ if (rdb_add_index(&rdb, i+1) != srtp_err_status_ok)
++failures;
- if (rdb_check(&rdb, i) != err_status_ok)
+ if (rdb_check(&rdb, i) != srtp_err_status_ok)
++failures;
- if (rdb_add_index(&rdb, i) != err_status_ok)
+ if (rdb_add_index(&rdb, i) != srtp_err_status_ok)
++failures;
}
timer = clock() - timer;
diff --git a/test/roc_driver.c b/test/roc_driver.c
index 6fdc6f1..d75b58f 100644
--- a/test/roc_driver.c
+++ b/test/roc_driver.c
@@ -61,12 +61,12 @@
#include "rdbx.h"
#include "ut_sim.h"
-err_status_t
+srtp_err_status_t
roc_test(int num_trials);
int
main (void) {
- err_status_t status;
+ srtp_err_status_t status;
printf("rollover counter test driver\n"
"David A. McGrew\n"
@@ -85,7 +85,7 @@
#define ROC_VERBOSE 0
-err_status_t
+srtp_err_status_t
roc_test(int num_trials) {
xtd_seq_num_t local, est, ref;
ut_connection utc;
@@ -116,7 +116,7 @@
if (failure_rate > 0.01) {
printf("error: failure rate too high (%d bad estimates in %d trials)\n",
num_bad_est, num_trials);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
printf("done\n");
@@ -145,7 +145,7 @@
if (local + delta != est) {
printf(" *bad delta*: local %llu + delta %d != est %llu\n",
(unsigned long long)local, delta, (unsigned long long)est);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
/* now update local xtd_seq_num_t as necessary */
@@ -167,9 +167,9 @@
if (failure_rate > 0.01) {
printf("error: failure rate too high (%d bad estimates in %d trials)\n",
num_bad_est, num_trials);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
printf("done\n");
- return err_status_ok;
+ return srtp_err_status_ok;
}
diff --git a/test/rtp.c b/test/rtp.c
index 8f65698..fe2b1b3 100644
--- a/test/rtp.c
+++ b/test/rtp.c
@@ -24,7 +24,7 @@
int
rtp_sendto(rtp_sender_t sender, const void* msg, int len) {
int octets_sent;
- err_status_t stat;
+ srtp_err_status_t stat;
int pkt_len = len + RTP_HEADER_LEN;
/* marshal data */
@@ -64,7 +64,7 @@
int
rtp_recvfrom(rtp_receiver_t receiver, void *msg, int *len) {
int octets_recvd;
- err_status_t stat;
+ srtp_err_status_t stat;
octets_recvd = recvfrom(receiver->socket, (void *)&receiver->message,
*len, 0, (struct sockaddr *) NULL, 0);
@@ -94,8 +94,8 @@
if (stat) {
fprintf(stderr,
"error: srtp unprotection failed with code %d%s\n", stat,
- stat == err_status_replay_fail ? " (replay check failed)" :
- stat == err_status_auth_fail ? " (auth check failed)" : "");
+ stat == srtp_err_status_replay_fail ? " (replay check failed)" :
+ stat == srtp_err_status_auth_fail ? " (auth check failed)" : "");
return -1;
}
strncpy(msg, receiver->message.body, octets_recvd);
diff --git a/test/rtp_decoder.c b/test/rtp_decoder.c
index 60b8d18..c999eaf 100644
--- a/test/rtp_decoder.c
+++ b/test/rtp_decoder.c
@@ -64,7 +64,7 @@
#if BEW
struct sockaddr_in local;
#endif
- sec_serv_t sec_servs = sec_serv_none;
+ srtp_sec_serv_t sec_servs = sec_serv_none;
int c;
int key_size = 128;
int tag_size = 8;
@@ -76,7 +76,7 @@
char filter_exp[MAX_FILTER] = "";
rtp_decoder_t dec;
srtp_policy_t policy;
- err_status_t status;
+ srtp_err_status_t status;
int len;
int expected_len;
int do_list_mods = 0;
@@ -190,12 +190,12 @@
#ifdef OPENSSL
switch (key_size) {
case 128:
- crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
break;
case 256:
- crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
break;
}
#else
@@ -205,12 +205,12 @@
} else {
switch (key_size) {
case 128:
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
case 256:
- crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
}
}
@@ -222,12 +222,12 @@
} else {
switch (key_size) {
case 128:
- crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
case 256:
- crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
}
}
@@ -237,12 +237,12 @@
#ifdef OPENSSL
switch (key_size) {
case 128:
- crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp);
+ srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp);
break;
case 256:
- crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp);
+ srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp);
break;
}
#else
@@ -250,8 +250,8 @@
return 0;
#endif
} else {
- crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
}
break;
default:
@@ -309,33 +309,8 @@
fprintf(stderr, "%s\n", octet_string_hex_string(key+16, 14));
} else {
- /*
- * we're not providing security services, so set the policy to the
- * null policy
- *
- * Note that this policy does not conform to the SRTP
- * specification, since RTCP authentication is required. However,
- * the effect of this policy is to turn off SRTP, so that this
- * application is now a vanilla-flavored RTP application.
- */
- policy.key = (uint8_t *)key;
- policy.ssrc.type = ssrc_specific;
- policy.rtp.cipher_type = NULL_CIPHER;
- policy.rtp.cipher_key_len = 0;
- policy.rtp.auth_type = NULL_AUTH;
- policy.rtp.auth_key_len = 0;
- policy.rtp.auth_tag_len = 0;
- policy.rtp.sec_serv = sec_serv_none;
- policy.rtcp.cipher_type = NULL_CIPHER;
- policy.rtcp.cipher_key_len = 0;
- policy.rtcp.auth_type = NULL_AUTH;
- policy.rtcp.auth_key_len = 0;
- policy.rtcp.auth_tag_len = 0;
- policy.rtcp.sec_serv = sec_serv_none;
- policy.window_size = 0;
- policy.allow_repeat_tx = 0;
- policy.ekt = NULL;
- policy.next = NULL;
+ fprintf(stderr, "error: neither encryption or authentication were selected");
+ exit(1);
}
pcap_handle = pcap_open_offline("-", errbuf);
@@ -406,7 +381,7 @@
free(rtp_ctx);
}
-err_status_t
+srtp_err_status_t
rtp_decoder_init_srtp(rtp_decoder_t decoder, unsigned int ssrc) {
decoder->policy.ssrc.value = htonl(ssrc);
return srtp_create(&decoder->srtp_ctx, &decoder->policy);
@@ -453,7 +428,7 @@
int pktsize;
struct timeval delta;
int octets_recvd;
- err_status_t status;
+ srtp_err_status_t status;
dcdr->frame_nr++;
if (dcdr->start_tv.tv_sec == 0 && dcdr->start_tv.tv_sec == 0) {
@@ -494,13 +469,13 @@
hexdump(&dcdr->message, pktsize);
}
-void rtp_print_error(err_status_t status, char *message){
+void rtp_print_error(srtp_err_status_t status, char *message){
fprintf(stderr,
"error: %s %d%s\n", message, status,
- status == err_status_replay_fail ? " (replay check failed)" :
- status == err_status_bad_param ? " (bad param)" :
- status == err_status_no_ctx ? " (no context)" :
- status == err_status_cipher_fail ? " (cipher failed)" :
- status == err_status_key_expired ? " (key expired)" :
- status == err_status_auth_fail ? " (auth check failed)" : "");
+ status == srtp_err_status_replay_fail ? " (replay check failed)" :
+ status == srtp_err_status_bad_param ? " (bad param)" :
+ status == srtp_err_status_no_ctx ? " (no context)" :
+ status == srtp_err_status_cipher_fail ? " (cipher failed)" :
+ status == srtp_err_status_key_expired ? " (key expired)" :
+ status == srtp_err_status_auth_fail ? " (auth check failed)" : "");
}
diff --git a/test/rtp_decoder.h b/test/rtp_decoder.h
index 3a92d8a..7a9c9b8 100644
--- a/test/rtp_decoder.h
+++ b/test/rtp_decoder.h
@@ -51,7 +51,6 @@
#include "srtp_priv.h"
#include "rtp_priv.h"
#include "rtp.h"
-#include "datatypes.h"
#define DEFAULT_RTP_OFFSET 42
@@ -69,49 +68,36 @@
/*
* error to string
*/
-
-void rtp_print_error(err_status_t status, char *message);
+void rtp_print_error(srtp_err_status_t status, char *message);
/*
* prints the output of a random buffer in hexadecimal
*/
-
-void
-hexdump(const void *ptr, size_t size);
+void hexdump(const void *ptr, size_t size);
/*
* the function usage() prints an error message describing how this
* program should be called, then calls exit()
*/
-
-void
-usage(char *prog_name);
+void usage(char *prog_name);
/*
* transforms base64 key into octet
*/
-
char *decode_sdes(char *in, char *out);
/*
* pcap handling
*/
+void rtp_decoder_handle_pkt(u_char *arg, const struct pcap_pkthdr *hdr, const u_char *bytes);
-void
-rtp_decoder_handle_pkt(u_char *arg, const struct pcap_pkthdr *hdr,
- const u_char *bytes);
+rtp_decoder_t rtp_decoder_alloc(void);
-rtp_decoder_t
-rtp_decoder_alloc(void);
+void rtp_decoder_dealloc(rtp_decoder_t rtp_ctx);
-void
-rtp_decoder_dealloc(rtp_decoder_t rtp_ctx);
+int rtp_decoder_init(rtp_decoder_t dcdr, srtp_policy_t policy);
-int
-rtp_decoder_init(rtp_decoder_t dcdr, srtp_policy_t policy);
-
-err_status_t
-rtp_decoder_init_srtp(rtp_decoder_t decoder, unsigned int ssrc);
+srtp_err_status_t rtp_decoder_init_srtp(rtp_decoder_t decoder, unsigned int ssrc);
int
rtp_decoder_deinit_srtp(rtp_decoder_t decoder);
diff --git a/test/rtpw.c b/test/rtpw.c
index 17f27f2..446ea1f 100644
--- a/test/rtpw.c
+++ b/test/rtpw.c
@@ -55,7 +55,6 @@
#include <config.h>
#endif
-#include "datatypes.h"
#include "getopt_s.h" /* for local getopt() */
#include <stdio.h> /* for printf, fprintf */
@@ -85,6 +84,8 @@
#include "srtp.h"
#include "rtp.h"
+//FIXME: the following header file is not public. we still need to
+// move the crypto_kernel_*debug* API to the public header files.
#include "crypto_kernel.h"
#ifdef RTPW_USE_WINSOCK2
@@ -154,7 +155,7 @@
struct sockaddr_in local;
#endif
program_type prog_type = unknown;
- sec_serv_t sec_servs = sec_serv_none;
+ srtp_sec_serv_t sec_servs = sec_serv_none;
unsigned char ttl = 5;
int c;
int key_size = 128;
@@ -167,7 +168,7 @@
unsigned short port = 0;
rtp_sender_t snd;
srtp_policy_t policy;
- err_status_t status;
+ srtp_err_status_t status;
int len;
int expected_len;
int do_list_mods = 0;
@@ -365,12 +366,12 @@
#ifdef OPENSSL
switch (key_size) {
case 128:
- crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_auth(&policy.rtcp);
break;
case 256:
- crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_256_8_auth(&policy.rtcp);
break;
}
#else
@@ -380,12 +381,12 @@
} else {
switch (key_size) {
case 128:
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
case 256:
- crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
}
}
@@ -397,12 +398,12 @@
} else {
switch (key_size) {
case 128:
- crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_aes_cm_128_null_auth(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
case 256:
- crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_aes_cm_256_null_auth(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
break;
}
}
@@ -412,12 +413,12 @@
#ifdef OPENSSL
switch (key_size) {
case 128:
- crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp);
+ srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_128_8_only_auth(&policy.rtcp);
break;
case 256:
- crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
- crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp);
+ srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtp);
+ srtp_crypto_policy_set_aes_gcm_256_8_only_auth(&policy.rtcp);
break;
}
#else
@@ -425,8 +426,8 @@
return 0;
#endif
} else {
- crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_null_cipher_hmac_sha1_80(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
}
break;
default:
@@ -491,21 +492,11 @@
* the effect of this policy is to turn off SRTP, so that this
* application is now a vanilla-flavored RTP application.
*/
+ srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtp);
+ srtp_crypto_policy_set_null_cipher_hmac_null(&policy.rtcp);
policy.key = (uint8_t *)key;
policy.ssrc.type = ssrc_specific;
policy.ssrc.value = ssrc;
- policy.rtp.cipher_type = NULL_CIPHER;
- policy.rtp.cipher_key_len = 0;
- policy.rtp.auth_type = NULL_AUTH;
- policy.rtp.auth_key_len = 0;
- policy.rtp.auth_tag_len = 0;
- policy.rtp.sec_serv = sec_serv_none;
- policy.rtcp.cipher_type = NULL_CIPHER;
- policy.rtcp.cipher_key_len = 0;
- policy.rtcp.auth_type = NULL_AUTH;
- policy.rtcp.auth_key_len = 0;
- policy.rtcp.auth_tag_len = 0;
- policy.rtcp.sec_serv = sec_serv_none;
policy.window_size = 0;
policy.allow_repeat_tx = 0;
policy.ekt = NULL;
diff --git a/test/srtp_driver.c b/test/srtp_driver.c
index 8872971..ce80ee0 100644
--- a/test/srtp_driver.c
+++ b/test/srtp_driver.c
@@ -59,19 +59,19 @@
#define PRINT_REFERENCE_PACKET 1
-err_status_t
+srtp_err_status_t
srtp_validate(void);
-err_status_t
+srtp_err_status_t
srtp_validate_aes_256(void);
-err_status_t
+srtp_err_status_t
srtp_create_big_policy(srtp_policy_t **list);
-err_status_t
+srtp_err_status_t
srtp_dealloc_big_policy(srtp_policy_t *list);
-err_status_t
+srtp_err_status_t
srtp_test_remove_stream(void);
double
@@ -86,16 +86,16 @@
void
srtp_do_rejection_timing(const srtp_policy_t *policy);
-err_status_t
+srtp_err_status_t
srtp_test(const srtp_policy_t *policy);
-err_status_t
+srtp_err_status_t
srtcp_test(const srtp_policy_t *policy);
-err_status_t
+srtp_err_status_t
srtp_session_print_policy(srtp_t srtp);
-err_status_t
+srtp_err_status_t
srtp_print_policy(const srtp_policy_t *policy);
char *
@@ -150,7 +150,7 @@
unsigned do_codec_timing = 0;
unsigned do_validation = 0;
unsigned do_list_mods = 0;
- err_status_t status;
+ srtp_err_status_t status;
/*
* verify that the compiler has interpreted the header data
@@ -230,14 +230,14 @@
/* loop over policy array, testing srtp and srtcp for each policy */
while (*policy != NULL) {
printf("testing srtp_protect and srtp_unprotect\n");
- if (srtp_test(*policy) == err_status_ok)
+ if (srtp_test(*policy) == srtp_err_status_ok)
printf("passed\n\n");
else {
printf("failed\n");
exit(1);
}
printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n");
- if (srtcp_test(*policy) == err_status_ok)
+ if (srtcp_test(*policy) == srtp_err_status_ok)
printf("passed\n\n");
else {
printf("failed\n");
@@ -253,7 +253,7 @@
exit(1);
}
printf("testing srtp_protect and srtp_unprotect with big policy\n");
- if (srtp_test(big_policy) == err_status_ok)
+ if (srtp_test(big_policy) == srtp_err_status_ok)
printf("passed\n\n");
else {
printf("failed\n");
@@ -268,7 +268,7 @@
/* run test on wildcard policy */
printf("testing srtp_protect and srtp_unprotect on "
"wildcard ssrc policy\n");
- if (srtp_test(&wildcard_policy) == err_status_ok)
+ if (srtp_test(&wildcard_policy) == srtp_err_status_ok)
printf("passed\n\n");
else {
printf("failed\n");
@@ -281,7 +281,7 @@
*/
printf("testing srtp_protect and srtp_unprotect against "
"reference packets\n");
- if (srtp_validate() == err_status_ok)
+ if (srtp_validate() == srtp_err_status_ok)
printf("passed\n\n");
else {
printf("failed\n");
@@ -296,7 +296,7 @@
*/
printf("testing srtp_protect and srtp_unprotect against "
"reference packets (AES-256)\n");
- if (srtp_validate_aes_256() == err_status_ok)
+ if (srtp_validate_aes_256() == srtp_err_status_ok)
printf("passed\n\n");
else {
printf("failed\n");
@@ -308,7 +308,7 @@
* test the function srtp_remove_stream()
*/
printf("testing srtp_remove_stream()...");
- if (srtp_test_remove_stream() == err_status_ok)
+ if (srtp_test_remove_stream() == srtp_err_status_ok)
printf("passed\n");
else {
printf("failed\n");
@@ -343,8 +343,8 @@
int ignore;
double mips = mips_estimate(1000000000, &ignore);
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
policy.ssrc.type = ssrc_specific;
policy.ssrc.value = 0xdecafbad;
policy.key = test_key;
@@ -499,7 +499,7 @@
int num_trials = 100000;
int len;
uint32_t ssrc;
- err_status_t status;
+ srtp_err_status_t status;
/*
* allocate and initialize an srtp session
@@ -567,7 +567,7 @@
clock_t timer;
int num_trials = 1000000;
uint32_t ssrc = policy->ssrc.value;
- err_status_t status;
+ srtp_err_status_t status;
/*
* allocate and initialize an srtp session
@@ -605,20 +605,20 @@
void
-err_check(err_status_t s) {
- if (s == err_status_ok)
+err_check(srtp_err_status_t s) {
+ if (s == srtp_err_status_ok)
return;
else
fprintf(stderr, "error: unexpected srtp failure (code %d)\n", s);
exit (1);
}
-err_status_t
+srtp_err_status_t
srtp_test(const srtp_policy_t *policy) {
int i;
srtp_t srtp_sender;
srtp_t srtp_rcvr;
- err_status_t status = err_status_ok;
+ srtp_err_status_t status = srtp_err_status_ok;
srtp_hdr_t *hdr, *hdr2;
uint8_t hdr_enc[64];
uint8_t *pkt_end;
@@ -646,11 +646,11 @@
hdr = srtp_create_test_packet(msg_len_octets, ssrc);
if (hdr == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
if (hdr2 == NULL) {
free(hdr);
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
}
/* set message length */
@@ -692,7 +692,7 @@
0xff, ((uint8_t *)hdr)[i], i);
free(hdr);
free(hdr2);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
/*
@@ -706,10 +706,10 @@
*/
if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
printf("testing that ciphertext is distinct from plaintext...");
- status = err_status_algo_fail;
+ status = srtp_err_status_algo_fail;
for (i=12; i < msg_len_octets+12; i++)
if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
- status = err_status_ok;
+ status = srtp_err_status_ok;
}
if (status) {
printf("failed\n");
@@ -731,7 +731,7 @@
if (rcvr_policy == NULL) {
free(hdr);
free(hdr2);
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
}
memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
if (policy->ssrc.type == ssrc_any_outbound) {
@@ -749,7 +749,7 @@
for (i=0; i < msg_len_octets; i++)
if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
fprintf(stdout, "mismatch at octet %d\n", i);
- status = err_status_algo_fail;
+ status = srtp_err_status_algo_fail;
}
if (status) {
free(hdr);
@@ -771,7 +771,7 @@
/* unprotect a second time - should fail with a replay error */
status = srtp_unprotect(srtp_rcvr, hdr_enc, &len);
- if (status != err_status_replay_fail) {
+ if (status != srtp_err_status_replay_fail) {
printf("failed with error code %d\n", status);
free(hdr);
free(hdr2);
@@ -797,7 +797,7 @@
/* unprotect, and check for authentication failure */
status = srtp_unprotect(srtp_rcvr, hdr, &len);
- if (status != err_status_auth_fail) {
+ if (status != srtp_err_status_auth_fail) {
printf("failed\n");
free(hdr);
free(hdr2);
@@ -815,16 +815,16 @@
free(hdr);
free(hdr2);
free(rcvr_policy);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtcp_test(const srtp_policy_t *policy) {
int i;
srtp_t srtcp_sender;
srtp_t srtcp_rcvr;
- err_status_t status = err_status_ok;
+ srtp_err_status_t status = srtp_err_status_ok;
srtp_hdr_t *hdr, *hdr2;
uint8_t hdr_enc[64];
uint8_t *pkt_end;
@@ -852,11 +852,11 @@
hdr = srtp_create_test_packet(msg_len_octets, ssrc);
if (hdr == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
hdr2 = srtp_create_test_packet(msg_len_octets, ssrc);
if (hdr2 == NULL) {
free(hdr);
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
}
/* set message length */
@@ -898,7 +898,7 @@
0xff, ((uint8_t *)hdr)[i], i);
free(hdr);
free(hdr2);
- return err_status_algo_fail;
+ return srtp_err_status_algo_fail;
}
/*
@@ -912,10 +912,10 @@
*/
if ((policy->rtp.sec_serv & sec_serv_conf) && (msg_len_octets >= 4)) {
printf("testing that ciphertext is distinct from plaintext...");
- status = err_status_algo_fail;
+ status = srtp_err_status_algo_fail;
for (i=12; i < msg_len_octets+12; i++)
if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
- status = err_status_ok;
+ status = srtp_err_status_ok;
}
if (status) {
printf("failed\n");
@@ -935,7 +935,7 @@
*/
rcvr_policy = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
if (rcvr_policy == NULL)
- return err_status_alloc_fail;
+ return srtp_err_status_alloc_fail;
memcpy(rcvr_policy, policy, sizeof(srtp_policy_t));
if (policy->ssrc.type == ssrc_any_outbound) {
rcvr_policy->ssrc.type = ssrc_any_inbound;
@@ -952,7 +952,7 @@
for (i=0; i < msg_len_octets; i++)
if (((uint8_t *)hdr)[i] != ((uint8_t *)hdr2)[i]) {
fprintf(stdout, "mismatch at octet %d\n", i);
- status = err_status_algo_fail;
+ status = srtp_err_status_algo_fail;
}
if (status) {
free(hdr);
@@ -974,7 +974,7 @@
/* unprotect a second time - should fail with a replay error */
status = srtp_unprotect_rtcp(srtcp_rcvr, hdr_enc, &len);
- if (status != err_status_replay_fail) {
+ if (status != srtp_err_status_replay_fail) {
printf("failed with error code %d\n", status);
free(hdr);
free(hdr2);
@@ -1000,7 +1000,7 @@
/* unprotect, and check for authentication failure */
status = srtp_unprotect_rtcp(srtcp_rcvr, hdr, &len);
- if (status != err_status_auth_fail) {
+ if (status != srtp_err_status_auth_fail) {
printf("failed\n");
free(hdr);
free(hdr2);
@@ -1018,11 +1018,11 @@
free(hdr);
free(hdr2);
free(rcvr_policy);
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_session_print_policy(srtp_t srtp) {
char *serv_descr[4] = {
"none",
@@ -1039,7 +1039,7 @@
/* sanity checking */
if (srtp == NULL)
- return err_status_fail;
+ return srtp_err_status_fail;
/* if there's a template stream, print it out */
if (srtp->stream_template != NULL) {
@@ -1068,7 +1068,7 @@
stream = srtp->stream_list;
while (stream != NULL) {
if (stream->rtp_services > sec_serv_conf_and_auth)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
printf("# SSRC: 0x%08x\r\n"
"# rtp cipher: %s\r\n"
@@ -1092,12 +1092,12 @@
/* advance to next stream in the list */
stream = stream->next;
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_print_policy(const srtp_policy_t *policy) {
- err_status_t status;
+ srtp_err_status_t status;
srtp_t session;
status = srtp_create(&session, policy);
@@ -1109,7 +1109,7 @@
status = srtp_dealloc(session);
if (status)
return status;
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -1199,7 +1199,7 @@
*/
-err_status_t
+srtp_err_status_t
srtp_validate() {
uint8_t srtp_plaintext_ref[28] = {
0x80, 0x0f, 0x12, 0x34, 0xde, 0xca, 0xfb, 0xad,
@@ -1222,7 +1222,7 @@
0x99, 0xea, 0x17, 0x9b, 0x8d, 0xbb
};
srtp_t srtp_snd, srtp_recv;
- err_status_t status;
+ srtp_err_status_t status;
int len;
srtp_policy_t policy;
@@ -1230,8 +1230,8 @@
* create a session with a single stream using the default srtp
* policy and with the SSRC value 0xcafebabe
*/
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
policy.ssrc.type = ssrc_specific;
policy.ssrc.value = 0xcafebabe;
policy.key = test_key;
@@ -1250,7 +1250,7 @@
len = 28;
status = srtp_protect(srtp_snd, srtp_plaintext, &len);
if (status || (len != 38))
- return err_status_fail;
+ return srtp_err_status_fail;
debug_print(mod_driver, "ciphertext:\n %s",
octet_string_hex_string(srtp_plaintext, len));
@@ -1258,7 +1258,7 @@
octet_string_hex_string(srtp_ciphertext, len));
if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
- return err_status_fail;
+ return srtp_err_status_fail;
/*
* create a receiver session context comparable to the one created
@@ -1277,7 +1277,7 @@
return status;
if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
- return err_status_fail;
+ return srtp_err_status_fail;
status = srtp_dealloc(srtp_snd);
if (status)
@@ -1287,7 +1287,7 @@
if (status)
return status;
- return err_status_ok;
+ return srtp_err_status_ok;
}
@@ -1298,7 +1298,7 @@
*/
-err_status_t
+srtp_err_status_t
srtp_validate_aes_256() {
unsigned char aes_256_test_key[46] = {
0xf0, 0xf0, 0x49, 0x14, 0xb5, 0x13, 0xf2, 0x76,
@@ -1330,7 +1330,7 @@
0x5b, 0x3a, 0x55, 0xd8, 0x87, 0x3b
};
srtp_t srtp_snd, srtp_recv;
- err_status_t status;
+ srtp_err_status_t status;
int len;
srtp_policy_t policy;
@@ -1338,8 +1338,8 @@
* create a session with a single stream using the default srtp
* policy and with the SSRC value 0xcafebabe
*/
- crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
- crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtcp);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtp);
+ srtp_crypto_policy_set_aes_cm_256_hmac_sha1_80(&policy.rtcp);
policy.ssrc.type = ssrc_specific;
policy.ssrc.value = 0xcafebabe;
policy.key = aes_256_test_key;
@@ -1358,7 +1358,7 @@
len = 28;
status = srtp_protect(srtp_snd, srtp_plaintext, &len);
if (status || (len != 38))
- return err_status_fail;
+ return srtp_err_status_fail;
debug_print(mod_driver, "ciphertext:\n %s",
octet_string_hex_string(srtp_plaintext, len));
@@ -1366,7 +1366,7 @@
octet_string_hex_string(srtp_ciphertext, len));
if (octet_string_is_eq(srtp_plaintext, srtp_ciphertext, len))
- return err_status_fail;
+ return srtp_err_status_fail;
/*
* create a receiver session context comparable to the one created
@@ -1385,7 +1385,7 @@
return status;
if (octet_string_is_eq(srtp_ciphertext, srtp_plaintext_ref, len))
- return err_status_fail;
+ return srtp_err_status_fail;
status = srtp_dealloc(srtp_snd);
if (status)
@@ -1395,11 +1395,11 @@
if (status)
return status;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_create_big_policy(srtp_policy_t **list) {
extern const srtp_policy_t *policy_array[];
srtp_policy_t *p, *tmp;
@@ -1408,7 +1408,7 @@
/* sanity checking */
if ((list == NULL) || (policy_array[0] == NULL))
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
/*
* loop over policy list, mallocing a new list and copying values
@@ -1418,7 +1418,7 @@
while (policy_array[i] != NULL) {
p = (srtp_policy_t*) malloc(sizeof(srtp_policy_t));
if (p == NULL)
- return err_status_bad_param;
+ return srtp_err_status_bad_param;
memcpy(p, policy_array[i], sizeof(srtp_policy_t));
p->ssrc.type = ssrc_specific;
p->ssrc.value = ssrc++;
@@ -1428,10 +1428,10 @@
}
*list = p;
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_dealloc_big_policy(srtp_policy_t *list) {
srtp_policy_t *p, *next;
@@ -1440,13 +1440,13 @@
free(p);
}
- return err_status_ok;
+ return srtp_err_status_ok;
}
-err_status_t
+srtp_err_status_t
srtp_test_remove_stream() {
- err_status_t status;
+ srtp_err_status_t status;
srtp_policy_t *policy_list, policy;
srtp_t session;
srtp_stream_t stream;
@@ -1471,34 +1471,34 @@
* in the session
*/
status = srtp_remove_stream(session, htonl(0xaaaaaaaa));
- if (status != err_status_no_ctx)
- return err_status_fail;
+ if (status != srtp_err_status_no_ctx)
+ return srtp_err_status_fail;
/*
* check for false negatives by removing stream 0x1, then
* searching for streams 0x0 and 0x2
*/
status = srtp_remove_stream(session, htonl(0x1));
- if (status != err_status_ok)
- return err_status_fail;
+ if (status != srtp_err_status_ok)
+ return srtp_err_status_fail;
stream = srtp_get_stream(session, htonl(0x0));
if (stream == NULL)
- return err_status_fail;
+ return srtp_err_status_fail;
stream = srtp_get_stream(session, htonl(0x2));
if (stream == NULL)
- return err_status_fail;
+ return srtp_err_status_fail;
status = srtp_dealloc(session);
- if (status != err_status_ok)
+ if (status != srtp_err_status_ok)
return status;
status = srtp_dealloc_big_policy(policy_list);
- if (status != err_status_ok)
+ if (status != srtp_err_status_ok)
return status;
/* Now test adding and removing a single stream */
- crypto_policy_set_rtp_default(&policy.rtp);
- crypto_policy_set_rtcp_default(&policy.rtcp);
+ srtp_crypto_policy_set_rtp_default(&policy.rtp);
+ srtp_crypto_policy_set_rtcp_default(&policy.rtcp);
policy.ssrc.type = ssrc_specific;
policy.ssrc.value = 0xcafebabe;
policy.key = test_key;
@@ -1508,22 +1508,22 @@
policy.next = NULL;
status = srtp_create(&session, NULL);
- if (status != err_status_ok)
+ if (status != srtp_err_status_ok)
return status;
status = srtp_add_stream(session, &policy);
- if (status != err_status_ok)
+ if (status != srtp_err_status_ok)
return status;
status = srtp_remove_stream(session, htonl(0xcafebabe));
- if (status != err_status_ok)
+ if (status != srtp_err_status_ok)
return status;
status = srtp_dealloc(session);
- if (status != err_status_ok)
+ if (status != srtp_err_status_ok)
return status;
- return err_status_ok;
+ return srtp_err_status_ok;
}
/*
@@ -1670,7 +1670,7 @@
{ ssrc_any_outbound, 0 }, /* SSRC */
{ /* SRTP policy */
AES_128_GCM, /* cipher type */
- AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ SRTP_AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
NULL_AUTH, /* authentication func type */
0, /* auth key length in octets */
8, /* auth tag length in octets */
@@ -1678,7 +1678,7 @@
},
{ /* SRTCP policy */
AES_128_GCM, /* cipher type */
- AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ SRTP_AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
NULL_AUTH, /* authentication func type */
0, /* auth key length in octets */
8, /* auth tag length in octets */
@@ -1695,7 +1695,7 @@
{ ssrc_any_outbound, 0 }, /* SSRC */
{ /* SRTP policy */
AES_128_GCM, /* cipher type */
- AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ SRTP_AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
NULL_AUTH, /* authentication func type */
0, /* auth key length in octets */
8, /* auth tag length in octets */
@@ -1703,7 +1703,7 @@
},
{ /* SRTCP policy */
AES_128_GCM, /* cipher type */
- AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ SRTP_AES_128_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
NULL_AUTH, /* authentication func type */
0, /* auth key length in octets */
8, /* auth tag length in octets */
@@ -1720,7 +1720,7 @@
{ ssrc_any_outbound, 0 }, /* SSRC */
{ /* SRTP policy */
AES_256_GCM, /* cipher type */
- AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ SRTP_AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
NULL_AUTH, /* authentication func type */
0, /* auth key length in octets */
8, /* auth tag length in octets */
@@ -1728,7 +1728,7 @@
},
{ /* SRTCP policy */
AES_256_GCM, /* cipher type */
- AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ SRTP_AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
NULL_AUTH, /* authentication func type */
0, /* auth key length in octets */
8, /* auth tag length in octets */
@@ -1745,7 +1745,7 @@
{ ssrc_any_outbound, 0 }, /* SSRC */
{ /* SRTP policy */
AES_256_GCM, /* cipher type */
- AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ SRTP_AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
NULL_AUTH, /* authentication func type */
0, /* auth key length in octets */
8, /* auth tag length in octets */
@@ -1753,7 +1753,7 @@
},
{ /* SRTCP policy */
AES_256_GCM, /* cipher type */
- AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
+ SRTP_AES_256_GCM_KEYSIZE_WSALT, /* cipher key length in octets */
NULL_AUTH, /* authentication func type */
0, /* auth key length in octets */
8, /* auth tag length in octets */
@@ -1834,9 +1834,9 @@
#include "ekt.h"
-ekt_policy_ctx_t ekt_test_policy = {
+srtp_ekt_policy_ctx_t ekt_test_policy = {
0xa5a5, /* SPI */
- EKT_CIPHER_AES_128_ECB,
+ SRTP_EKT_CIPHER_AES_128_ECB,
ekt_test_key,
NULL
};