tmmhv2.c

srtp-1.3.20 security RTP source

#endif

  /* compute first level, compressing msg info buffer */
  msg = (uint16_t*)message;
  len_octets = msg_octets;
  msg_len = (msg_octets + 1)/2;
  j = 0;       /* set j to zero; it points into the temp buffer */
  subkey = (keypointer + TAG_WORDS);
  while (len_octets >= 16) {
  
    /* multiply and acuumulate next eight words */
    sum =  (uint32_t) subkey[1] * ntohs(*msg); msg++;
    sum += (uint32_t) subkey[2] * ntohs(*msg); msg++;
    sum += (uint32_t) subkey[3] * ntohs(*msg); msg++;
    sum += (uint32_t) subkey[4] * ntohs(*msg); msg++;
    sum += (uint32_t) subkey[5] * ntohs(*msg); msg++;
    sum += (uint32_t) subkey[6] * ntohs(*msg); msg++;
    sum += (uint32_t) subkey[7] * ntohs(*msg); msg++;
    sum += (uint32_t) subkey[8] * ntohs(*msg); msg++;
   
    /* reduce and set next-level value */
    buffer[j++] = (uint16_t) (sum % tmmh_16_prime);
    
    len_octets -= 16;  
  }

  /*
   * if len_octets isn't zero, then multiply and accumulate remaining
   * (len_octets+1)/2 words, masking the last octet of the last word
   * to avoid including it in the message
   */
  if (len_octets) {
    sum = 0;
    for (i=0; i < (len_octets/2); i++) {
      sum += (uint32_t) subkey[i+1] * ntohs(msg[i]);
    }

    /*  handle odd-octet-length message case  */
    if (msg_octets & 1) {
      sum += (uint32_t) subkey[i+1] * (ntohs(msg[i]) & 0xff00); 
    }

    /* set next-level value */
    buffer[j++] = (uint16_t) (sum % tmmh_16_prime);  
  }

  msg_len = j;    /* set msg_len to number of words in buffer */

  /* now loop over upper levels, compressing buffer into buffer */

  while (msg_len > 1) {
    j = 0;                             /* reset j to zero          */
    subkey += SUBKEY_LEN;              /* increment level          */

#if DEBUG_VERBOSE /* define this for lots of debugging output */
    debug_print(mod_tmmhv2, "computing next level (tag two)\n");
#endif

    msg = buffer;                      /* set hash-start to buffer */
    while (msg_len >= 8) {
      
      /* multiply and acuumulate next eight words */
      sum =  (uint32_t) subkey[1] * *msg++;
      sum += (uint32_t) subkey[2] * *msg++;
      sum += (uint32_t) subkey[3] * *msg++;
      sum += (uint32_t) subkey[4] * *msg++;
      sum += (uint32_t) subkey[5] * *msg++;
      sum += (uint32_t) subkey[6] * *msg++;
      sum += (uint32_t) subkey[7] * *msg++;
      sum += (uint32_t) subkey[8] * *msg++;
      
      /* reduce and set next-level value */
      buffer[j++] = (uint16_t) (sum % tmmh_16_prime);
      
      msg_len -= 8;  
    }
    /* multiply and accumulate remaining msg_len words */
    sum = 0;
    switch (msg_len) {
    case (7):
      sum += (uint32_t) subkey[7] * msg[6];
    case (6):			       
      sum += (uint32_t) subkey[6] * msg[5];
    case (5):			       
      sum += (uint32_t) subkey[5] * msg[4];
    case (4):			       
      sum += (uint32_t) subkey[4] * msg[3];
    case (3):			       
      sum += (uint32_t) subkey[3] * msg[2];
    case (2):			       
      sum += (uint32_t) subkey[2] * msg[1];
    case (1):			       
      sum += (uint32_t) subkey[1] * msg[0];
      buffer[j++] = (uint16_t) (sum % tmmh_16_prime);
    default:
      break;                             /* defensive coding */
    }
    msg_len = j;         /* set to number of words in buffer */

#if DEBUG_VERBOSE /* define this for lots of debugging output */
    debug_print(mod_tmmhv2, "buffer: %d\tsum: %x\n", buffer[0], sum);
    debug_print(mod_tmmhv2, "remaining message length: %d\n", msg_len);
#endif
  }

  /* multiply and accumulate message length */
  sum = (uint32_t) buffer[0] + (uint32_t) L[1] * msg_octets;

  /* reduce, then this is the final output */
  /* don't assume an alignment for octet_t *result */
  tmp = (((uint16_t) result[2]) << 8) & ((uint16_t) result[3]);
  tmp = (uint16_t) (sum % tmmh_16_prime);
  result[2] = (octet_t) (tmp >> 8);
  result[3] = (octet_t) tmp;
 
#if DEBUG_VERBOSE /* define this for lots of debugging output */
  /* print tag */
  debug_print(mod_tmmhv2, "tag: { ");
  for (i=0; i < 2*TAG_WORDS; i++)
    debug_print(mod_tmmhv2, "0x%x ", result[i]);
  debug_print(mod_tmmhv2, "}\n");
#endif
  
  return err_status_ok;
}


/*
 * tmmhv2_add_big_test()
 * 
 * generates the tmmhv2 large-message test case and adds it to the
 * head of the linked list of test cases
 */

err_status_t
tmmhv2_add_big_test() {
  extern auth_type_t tmmhv2;
  int i;
  uint16_t *key, *message;
  auth_test_case_t *big_test, *list;
  int msg_len_octets = 65536;
  octet_t tag[4] = { 0x7f, 0xff, 0x7f, 0xff };
  octet_t *test_tag;

  key = (uint16_t *) xalloc(94);
  if (key == NULL)
    return err_status_alloc_fail;

  /* 
   * set key to forty-seven uint16_t values all equal to 0001 (in
   * network byte order) 
   */
  for (i=0; i < 47; i++)
    key[i] = htons(0x0001);

  /*
   * set message so that all uint16_t values equal 0001 (in network
   * byte order)
   */
  message = (uint16_t *) xalloc(msg_len_octets);
  if (message == NULL) {
    return err_status_alloc_fail;
  }
  for (i=0; i < msg_len_octets/2; i++)
    message[i] = htons(0x0001);

  /* set tag */
  test_tag = xalloc(4);
  if (!test_tag)
    return err_status_alloc_fail;
  test_tag[0] = tag[0];
  test_tag[1] = tag[1];
  test_tag[2] = tag[2];
  test_tag[3] = tag[3];

  /* create test case structure */
  big_test = xalloc(sizeof(auth_test_case_t));
  if (!big_test)
    return err_status_alloc_fail;
  big_test->key_length_octets  = 94;
  big_test->key                = (octet_t *)key;
  big_test->data_length_octets = msg_len_octets;
  big_test->data               = (octet_t *)message;
  big_test->tag_length_octets  = 4;
  big_test->tag                = test_tag;
  big_test->next_test_case     = NULL;

  /* add test case to the tail of the list */
  list = tmmhv2.test_data;
  while (list->next_test_case != NULL)
    list = list->next_test_case;
  list->next_test_case = big_test;

  return err_status_ok;
}


/*
 * test cases for TMMHv2
 *
 * these data use the auth_test_case_t structure defined in auth.h
 *
 * there is a linked list of test cases, each of which is tested
 * in turn by the auth_type_self_test.  these cases are in defined
 * in reverse order so that the ultimate case can be pointed to
 * by the penultimate case, and so on.
 */

octet_t tmmhv2_test_case_2_key[94] = {
   0x23, 0x37, 0x47, 0xe0, 0x15, 0x64, 0x67, 0x1b,
   0x6f, 0x80, 0xdc, 0xdd, 0xa6, 0xcc, 0x5f, 0xf1,
   0x3e, 0x5d, 0x88, 0xeb, 0x61, 0x2e, 0x7c, 0x99,
   0x02, 0xe8, 0xd8, 0xb2, 0x77, 0xa5, 0x09, 0xf9,
   0xf0, 0xbc, 0x99, 0x97, 0x1d, 0xc9, 0xd4, 0x78,
   0x39, 0x6f, 0x96, 0x02, 0x85, 0x38, 0xaa, 0x7f,
   0x16, 0xa0, 0xa4, 0x56, 0xe7, 0x7e, 0x52, 0x62,
   0xa1, 0xdc, 0x6b, 0x06, 0x5e, 0x67, 0xb2, 0xd5,
   0x74, 0xee, 0x50, 0x45, 0x82, 0xc1, 0x31, 0x0a,
   0x28, 0xa5, 0xbb, 0x49, 0xf1, 0x5a, 0x38, 0x34,
   0x59, 0xc8, 0x0f, 0x3a, 0x36, 0xf7, 0x1b, 0x8c,
   0x95, 0x3d, 0xbf, 0x74, 0x20, 0x80      
};


/*
 * tmmhv2_test_case_2_data is equivalent to the 169-octet ASCII string
 *
 *   "When there is a gap between one's real and one's declared aims,
 *   one turns as it were instinctively to long words and exhausted
 *   idioms, like a cuttlefish spurting out ink"
 *
 *                - George Orwell, Politics and the English Language
 *
 */

octet_t tmmhv2_test_case_2_data[169] = {
  0x57, 0x68, 0x65, 0x6E, 0x20, 0x74, 0x68, 0x65,
  0x72, 0x65, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20,
  0x67, 0x61, 0x70, 0x20, 0x62, 0x65, 0x74, 0x77,
  0x65, 0x65, 0x6E, 0x20, 0x6F, 0x6E, 0x65, 0x27,
  0x73, 0x20, 0x72, 0x65, 0x61, 0x6C, 0x20, 0x61,
  0x6E, 0x64, 0x20, 0x6F, 0x6E, 0x65, 0x27, 0x73,
  0x20, 0x64, 0x65, 0x63, 0x6C, 0x61, 0x72, 0x65,
  0x64, 0x20, 0x61, 0x69, 0x6D, 0x73, 0x2C, 0x20,
  0x6F, 0x6E, 0x65, 0x20, 0x74, 0x75, 0x72, 0x6E,
  0x73, 0x20, 0x61, 0x73, 0x20, 0x69, 0x74, 0x20,
  0x77, 0x65, 0x72, 0x65, 0x20, 0x69, 0x6E, 0x73,
  0x74, 0x69, 0x6E, 0x63, 0x74, 0x69, 0x76, 0x65,
  0x6C, 0x79, 0x20, 0x74, 0x6F, 0x20, 0x6C, 0x6F,
  0x6E, 0x67, 0x20, 0x77, 0x6F, 0x72, 0x64, 0x73,
  0x20, 0x61, 0x6E, 0x64, 0x20, 0x65, 0x78, 0x68,
  0x61, 0x75, 0x73, 0x74, 0x65, 0x64, 0x20, 0x69,
  0x64, 0x69, 0x6F, 0x6D, 0x73, 0x2C, 0x20, 0x6C,
  0x69, 0x6B, 0x65, 0x20, 0x61, 0x20, 0x63, 0x75,
  0x74, 0x74, 0x6C, 0x65, 0x66, 0x69, 0x73, 0x68,
  0x20, 0x73, 0x70, 0x75, 0x72, 0x74, 0x69, 0x6E,
  0x67, 0x20, 0x6F, 0x75, 0x74, 0x20, 0x69, 0x6E,
  0x6B, 
};

octet_t tmmhv2_test_case_2_tag[4] = {
  0x32, 0xA4, 0x27, 0xD2
};

auth_test_case_t tmmhv2_test_case_2 = {
  94,                                       /* octets in key            */
  tmmhv2_test_case_2_key,                   /* key                      */
  169,                                      /* octets in data           */ 
  tmmhv2_test_case_2_data,                  /* data                     */
  4,                                        /* octets in tag            */
  tmmhv2_test_case_2_tag,                   /* tag                      */
  NULL                                      /* pointer to next testcase */
};

/* end test case 2 */
/* begin test case 1 */

/* note: the key used in case 1 is identical to that used in case 2 */

octet_t tmmhv2_test_case_1_data[56] = {
  0x57, 0x41, 0x52, 0x20, 0x49, 0x53, 0x20, 0x50,
  0x45, 0x41, 0x43, 0x45, 0x2c, 0x20, 0x46, 0x52,
  0x45, 0x45, 0x44, 0x4f, 0x4d, 0x20, 0x49, 0x53,
  0x20, 0x53, 0x4c, 0x41, 0x56, 0x45, 0x52, 0x59,
  0x2c, 0x20, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x41,
  0x4e, 0x43, 0x45, 0x20, 0x49, 0x53, 0x20, 0x53,
  0x54, 0x52, 0x45, 0x4e, 0x47, 0x54, 0x48, 0x00 
};

octet_t tmmhv2_test_case_1_tag[4] = { 0x1d, 0x0f, 0x75, 0x36 };

auth_test_case_t tmmhv2_test_case_1 = {
  94,                                       /* octets in key            */
  tmmhv2_test_case_2_key,                   /* key                      */
  56,                                       /* octets in data           */ 
  tmmhv2_test_case_1_data,                  /* data                     */
  4,                                        /* octets in tag            */
  tmmhv2_test_case_1_tag,                   /* tag                      */
  &tmmhv2_test_case_2                       /* pointer to next testcase */
};

/* end of test case 1 */
/* begin test case 0 */

 octet_t tmmhv2_test_case_0_key[94] = {
  0xe6, 0x27, 0x6a, 0x01, 0x5e, 0xa7, 0xf2, 0x7a,
  0xc5, 0x36, 0x21, 0x92, 0x11, 0xbe, 0xea, 0x35, 
  0xdb, 0x9d, 0x63, 0xd6, 0xfa, 0x8a, 0xfc, 0x45,
  0xe0, 0x8b, 0xd2, 0x16, 0xce, 0xd2, 0x78, 0x53, 
  0x1a, 0x82, 0x22, 0xf5, 0x90, 0xfb, 0x1c, 0x29,
  0x70, 0x8e, 0xd0, 0x6f, 0x82, 0xc3, 0xbe, 0xe6, 
  0x4f, 0x21, 0x6f, 0x33, 0x65, 0xc0, 0xd2, 0x11,
  0xc2, 0x5e, 0x91, 0x38, 0x4f, 0xa3, 0x7c, 0x1f, 
  0x61, 0xac, 0x34, 0x89, 0x29, 0x76, 0x8c, 0x19,
  0x82, 0x52, 0xdd, 0xbf, 0xca, 0xd3, 0xc2, 0x8f, 
  0x68, 0xd6, 0x58, 0xdd, 0x50, 0x4f, 0x2b, 0xbf,
  0x02, 0x78, 0x70, 0xb7, 0xcf, 0xca
};

octet_t tmmhv2_test_case_0_data[18] = {
  0x60, 0x15, 0xf1, 0x41, 0x5b, 0xa1, 0x29, 0xa0,
  0xf6, 0x04, 0x0d, 0x1c, 0x02, 0xd9, 0xaa, 0x8a,
  0x79, 0x31
};

octet_t tmmhv2_test_case_0_tag[4] = {
 0x8a, 0x82, 0x4b, 0xb0
};

auth_test_case_t tmmhv2_test_case_0 = {
  94,                                       /* octets in key            */
  tmmhv2_test_case_0_key,                   /* key                      */
  18,                                       /* octets in data           */ 
  tmmhv2_test_case_0_data,                  /* data                     */
  4,                                        /* octets in tag            */
  tmmhv2_test_case_0_tag,                   /* tag                      */
  &tmmhv2_test_case_1                       /* pointer to next testcase */
};

/* end of test case 0 */

char tmmhv2_description[] = "truncated multi-modular hash (version two)";

auth_type_t
tmmhv2  = {
  (auth_alloc_func)      tmmhv2_alloc,
  (auth_dealloc_func)    tmmhv2_dealloc,
  (auth_init_func)       tmmhv2_init,
  (auth_compute_func)    tmmhv2_compute,
  (auth_update_func)     tmmhv2_update,
  (auth_start_func)      tmmhv2_start,
  (char *)               tmmhv2_description,
  (int)                  0,   /* instance count */
  (auth_test_case_t *)  &tmmhv2_test_case_0,
  (debug_module_t *)    &mod_tmmhv2
};