seal.c

srtp 1.0.1 比较适用于头一次看。其他版本的有需要也可以传上来。

/*
 * seal.c
 *
 * SEAL (Software-optimized Encryption Algorithm) implementation
 *
 * David A. McGrew
 * Cisco Systems, Inc.
 *
 * Note that SEAL is covered by U.S. Patents.  YOU ARE SOLELY
 * RESPONSIBLE FOR USING THIS CODE IN A MANNER CONSISTENT WITH THE
 * LICENSING TERMS AND CONDITIONS.
 *
 */

/*
 *
 * Copyright  (c) 2001, 2002, Cisco Systems, Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 *
 *   Redistributions in binary form must reproduce the above
 *   copyright notice, this list of conditions and the following
 *   disclaimer in the documentation and/or other materials provided
 *   with the distribution.
 *
 *   Neither the name of the Cisco Systems, Inc. nor the names of its
 *   contributors may be used to endorse or promote products derived
 *   from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */


#include "seal.h"

#define PRINT_DEBUG 0   /* set to 1 for debugging output */

#if PRINT_DEBUG
#include <stdio.h>
#endif

/* 
 * bswap_32() is an optimized version of htonl/ntohl
 */

inline uint32_t
bswap_32(uint32_t v) {
#if CPU_CISC                     
  /* assume that we're on an Intel x86 with x > 3 */
  asm("bswap %0" : "=r" (v) : "0" (v));
#endif
  /* assume that we're on a big-endian machine */
  return v;
}


/* seal internal functions */

#define ROT8(X)  ((X >> 8)  | (X << 24))
#define ROT9(X)  ((X >> 9)  | (X << 23))
#define ROT16(X) ((X >> 16) | (X << 16))
#define ROT24(X) ((X >> 24) | (X << 8))

err_status_t
seal_alloc(cipher_t **c, int key_len) {
  extern cipher_type_t seal;
  void *pointer;

  /* check key length - SEAL only accepts 160-bit keys */
  if (key_len != 20)
    return err_status_bad_param;

  /* allocate memory a cipher of type seal */
  pointer = malloc(sizeof(seal_ctx_t) + sizeof(cipher_t));
  if (pointer == NULL)
    return err_status_alloc_fail;
#if PRINT_DEBUG
  fprintf(stderr, "allocated memory at %p\n", pointer);
#endif

  /* set pointers */
  *c = pointer;
  (*c)->type = &seal;
  (*c)->state = pointer + sizeof(cipher_t);

  /* set key size */
  (*c)->key_len = key_len;

  /* increment ref_count */
  seal.ref_count++;

  return err_status_ok;
}

err_status_t
seal_dealloc(cipher_t *c) {
  extern cipher_type_t seal;

  /* free memory of type seal */
#if PRINT_DEBUG
  fprintf(stderr, "freeing memory at %p\n", c);
#endif
  free(c);

  /* decrement reference count */
  seal.ref_count--;

  return err_status_ok;
}

err_status_t
seal_init(seal_ctx_t *ctx, const octet_t *key, const octet_t *salt) {
  int i;
  const uint32_t *k = (uint32_t *)key;
  uint32_t *R = ctx->R;
  uint32_t *S = ctx->S;
  uint32_t *T = ctx->T;
  uint32_t hash_state[5];
  uint32_t counter[16] = {
    0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0,
  };

#if PRINT_DEBUG
  fprintf(stderr, "initializing seal cipher\n");
#endif

  /* initialize the counters to zero */
  ctx->bytes_in_buffer = 0;
  ctx->l = 0;
  
  /* initialize the R, S, and T tables */

  /* compute the 512 words of T by running sha_core in counter mode */
  for (i=0; i<510; i+=5) {
    /* copy the key into the hash_state */
    hash_state[0] = ntohl(k[0]);
    hash_state[1] = ntohl(k[1]);
    hash_state[2] = ntohl(k[2]);
    hash_state[3] = ntohl(k[3]);
    hash_state[4] = ntohl(k[4]);
    /* apply core sha1 compression function */
    sha1_core(counter, hash_state);
#if PRINT_DEBUG
    printf("T: %x%x%x%x%x\n", hash_state[0], hash_state[1],
           hash_state[2], hash_state[3], hash_state[4]);
#endif
    *T++ = hash_state[0];
    *T++ = hash_state[1];
    *T++ = hash_state[2];
    *T++ = hash_state[3];
    *T++ = hash_state[4];
    counter[0]++;
  }
  /* copy the key into the hash_state */
  hash_state[0] = ntohl(k[0]);
  hash_state[1] = ntohl(k[1]);
  hash_state[2] = ntohl(k[2]);
  hash_state[3] = ntohl(k[3]);
  hash_state[4] = ntohl(k[4]);
  /* apply core sha1 compression function */
  sha1_core(counter, hash_state);
#if PRINT_DEBUG
    printf("T: %x%x%x%x%x\n", hash_state[0], hash_state[1],
           hash_state[2], hash_state[3], hash_state[4]);
#endif
  *T++ = hash_state[0];
  *T++ = hash_state[1];

  /* compute the 256 words of S using sha1_core counter mode */

  counter[0] = 819;
  /* copy the key into the hash_state */
  hash_state[0] = ntohl(k[0]);
  hash_state[1] = ntohl(k[1]);
  hash_state[2] = ntohl(k[2]);
  hash_state[3] = ntohl(k[3]);
  hash_state[4] = ntohl(k[4]);
  /* apply core sha1 compression function */
  sha1_core(counter, hash_state);
  *S++ = hash_state[1];
  *S++ = hash_state[2];
  *S++ = hash_state[3];
  *S++ = hash_state[4];
  /* advance the counter */
  counter[0]++;
  for (i=0; i<50; i++) {
    /* copy the key into the hash_state */
    hash_state[0] = ntohl(k[0]);
    hash_state[1] = ntohl(k[1]);
    hash_state[2] = ntohl(k[2]);
    hash_state[3] = ntohl(k[3]);
    hash_state[4] = ntohl(k[4]);
    /* apply core sha1 compression function */
    sha1_core(counter, hash_state);
#if PRINT_DEBUG
    printf("counter: %d\n", counter[0]);
    printf("S: %x%x%x%x%x\n", hash_state[0], hash_state[1],
           hash_state[2], hash_state[3], hash_state[4]);
#endif
    *S++ = hash_state[0];
    *S++ = hash_state[1];
    *S++ = hash_state[2];
    *S++ = hash_state[3];
    *S++ = hash_state[4];
    counter[0]++;
  }
  /* copy the key into the hash_state */
  hash_state[0] = ntohl(k[0]);
  hash_state[1] = ntohl(k[1]);
  hash_state[2] = ntohl(k[2]);
  hash_state[3] = ntohl(k[3]);
  hash_state[4] = ntohl(k[4]);
  /* apply core sha1 compression function */
  sha1_core(counter, hash_state);
  *S++ = hash_state[0];
  *S++ = hash_state[1];

  /* compute the 16 words of R using sha1_core counter mode */

  /* set the counter */
  counter[0] = 1638;
  /* copy the key into the hash_state */
  hash_state[0] = ntohl(k[0]);
  hash_state[1] = ntohl(k[1]);
  hash_state[2] = ntohl(k[2]);
  hash_state[3] = ntohl(k[3]);
  hash_state[4] = ntohl(k[4]);
  /* apply core sha1 compression function */
  sha1_core(counter, hash_state);
  /* copy into R table */
  *R++ = hash_state[2];
  *R++ = hash_state[3];
  *R++ = hash_state[4];
  /* advance the counter */
  counter[0]++;
  for (i=0; i<2; i++) {
    /* copy the key into the hash_state */
  hash_state[0] = ntohl(k[0]);
  hash_state[1] = ntohl(k[1]);
  hash_state[2] = ntohl(k[2]);
  hash_state[3] = ntohl(k[3]);
  hash_state[4] = ntohl(k[4]);
    /* apply core sha1 compression function */
    sha1_core(counter, hash_state);
#if PRINT_DEBUG
    printf("counter: %d\n", counter[0]);
    printf("R: %x%x%x%x%x\n", hash_state[0], hash_state[1],
           hash_state[2], hash_state[3], hash_state[4]);
#endif
    *R++ = hash_state[0];
    *R++ = hash_state[1];
    *R++ = hash_state[2];
    *R++ = hash_state[3];
    *R++ = hash_state[4];
    counter[0]++;
  }
  /* copy the key into the hash_state */
  hash_state[0] = ntohl(k[0]);
  hash_state[1] = ntohl(k[1]);
  hash_state[2] = ntohl(k[2]);
  hash_state[3] = ntohl(k[3]);
  hash_state[4] = ntohl(k[4]);
  /* apply core sha1 compression function */
  sha1_core(counter, hash_state);
  *R++ = hash_state[0];
  *R++ = hash_state[1];
  *R++ = hash_state[2];