7 files changed, 513 insertions, 0 deletions

diff --git a/srtp/crypto/rng/CVS/Entries b/srtp/crypto/rng/CVS/Entries
new file mode 100644
index 0000000..f256876
--- /dev/null
+++ b/srtp/crypto/rng/CVS/Entries
@@ -0,0 +1,5 @@
+/ctr_prng.c/1.6/Wed Jul 12 22:22:09 2006//
+/prng.c/1.8/Thu Jun  8 18:51:28 2006//
+/rand_linux_kernel.c/1.1/Mon Oct  3 15:29:10 2005//
+/rand_source.c/1.8/Wed Jul 12 22:22:09 2006//
+D
diff --git a/srtp/crypto/rng/CVS/Repository b/srtp/crypto/rng/CVS/Repository
new file mode 100644
index 0000000..aeb47c2
--- /dev/null
+++ b/srtp/crypto/rng/CVS/Repository
@@ -0,0 +1 @@
+srtp/crypto/rng
diff --git a/srtp/crypto/rng/CVS/Root b/srtp/crypto/rng/CVS/Root
new file mode 100644
index 0000000..05e15d8
--- /dev/null
+++ b/srtp/crypto/rng/CVS/Root
@@ -0,0 +1 @@
+srtp.cvs.sourceforge.net:/cvsroot/srtp
diff --git a/srtp/crypto/rng/ctr_prng.c b/srtp/crypto/rng/ctr_prng.c
new file mode 100644
index 0000000..ab76df3
--- /dev/null
+++ b/srtp/crypto/rng/ctr_prng.c
@@ -0,0 +1,108 @@
+/*
+ * ctr_prng.c 
+ *
+ * counter mode based pseudorandom source
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *	
+ * Copyright(c) 2001-2006 Cisco Systems, Inc.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ * 
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "prng.h"
+
+/* single, global prng structure */
+
+ctr_prng_t ctr_prng;
+
+err_status_t
+ctr_prng_init(rand_source_func_t random_source) {
+  uint8_t tmp_key[32];
+  err_status_t status;
+
+  /* initialize output count to zero */
+  ctr_prng.octet_count = 0;
+
+  /* set random source */
+  ctr_prng.rand = random_source;
+  
+  /* initialize secret key from random source */
+  status = random_source(tmp_key, 32);
+  if (status) 
+    return status;
+
+  /* initialize aes ctr context with random key */
+  status = aes_icm_context_init(&ctr_prng.state, tmp_key);
+  if (status) 
+    return status;
+
+  return err_status_ok;
+}
+
+err_status_t
+ctr_prng_get_octet_string(void *dest, uint32_t len) {
+  err_status_t status;
+
+  /* 
+   * if we need to re-initialize the prng, do so now 
+   *
+   * avoid 32-bit overflows by subtracting instead of adding
+   */
+  if (ctr_prng.octet_count > MAX_PRNG_OUT_LEN - len) {
+    status = ctr_prng_init(ctr_prng.rand);    
+    if (status)
+      return status;
+  }
+  ctr_prng.octet_count += len;
+
+  /*
+   * write prng output 
+   */
+  status = aes_icm_output(&ctr_prng.state, (uint8_t*)dest, len);
+  if (status)
+    return status;
+  
+  return err_status_ok;
+}
+
+err_status_t
+ctr_prng_deinit(void) {
+
+  /* nothing */
+  
+  return err_status_ok;  
+}
diff --git a/srtp/crypto/rng/prng.c b/srtp/crypto/rng/prng.c
new file mode 100644
index 0000000..69350a4
--- /dev/null
+++ b/srtp/crypto/rng/prng.c
@@ -0,0 +1,180 @@
+/*
+ * prng.c 
+ *
+ * pseudorandom source
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *	
+ * Copyright(c) 2001-2006 Cisco Systems, Inc.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ * 
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "prng.h"
+
+/* single, global prng structure */
+
+x917_prng_t x917_prng;
+
+err_status_t
+x917_prng_init(rand_source_func_t random_source) {
+  v128_t tmp_key;
+  err_status_t status;
+
+  /* initialize output count to zero */
+  x917_prng.octet_count = 0;
+
+  /* set random source */
+  x917_prng.rand = random_source;
+  
+  /* initialize secret key from random source */
+  status = random_source((uint8_t *)&tmp_key, 16);
+  if (status) 
+    return status;
+
+  /* expand aes key */
+  aes_expand_encryption_key(&tmp_key, x917_prng.key);
+
+  /* initialize prng state from random source */
+  status = x917_prng.rand((uint8_t *)&x917_prng.state, 16);
+  if (status) 
+    return status;
+
+  return err_status_ok;
+}
+
+err_status_t
+x917_prng_get_octet_string(uint8_t *dest, uint32_t len) {
+  uint32_t t;
+  v128_t buffer;
+  uint32_t i, tail_len;
+  err_status_t status;
+
+  /* 
+   * if we need to re-initialize the prng, do so now 
+   *
+   * avoid overflows by subtracting instead of adding
+   */
+  if (x917_prng.octet_count > MAX_PRNG_OUT_LEN - len) {
+    status = x917_prng_init(x917_prng.rand);    
+    if (status)
+      return status;
+  }
+  x917_prng.octet_count += len;
+  
+  /* find out the time */
+  t = (uint32_t)time(NULL);
+  
+  /* loop until we have output enough data */
+  for (i=0; i < len/16; i++) {
+    
+    /* exor time into state */
+    x917_prng.state.v32[0] ^= t; 
+ 
+    /* copy state into buffer */
+    v128_copy(&buffer, &x917_prng.state);
+
+    /* apply aes to buffer */
+    aes_encrypt(&buffer, x917_prng.key);
+    
+    /* write data to output */
+    *dest++ = buffer.v8[0];
+    *dest++ = buffer.v8[1];
+    *dest++ = buffer.v8[2];
+    *dest++ = buffer.v8[3];
+    *dest++ = buffer.v8[4];
+    *dest++ = buffer.v8[5];
+    *dest++ = buffer.v8[6];
+    *dest++ = buffer.v8[7];
+    *dest++ = buffer.v8[8];
+    *dest++ = buffer.v8[9];
+    *dest++ = buffer.v8[10];
+    *dest++ = buffer.v8[11];
+    *dest++ = buffer.v8[12];
+    *dest++ = buffer.v8[13];
+    *dest++ = buffer.v8[14];
+    *dest++ = buffer.v8[15];
+
+    /* exor time into buffer */
+    buffer.v32[0] ^= t;
+
+    /* encrypt buffer */
+    aes_encrypt(&buffer, x917_prng.key);
+
+    /* copy buffer into state */
+    v128_copy(&x917_prng.state, &buffer);
+    
+  }
+  
+  /* if we need to output any more octets, we'll do so now */
+  tail_len = len % 16;
+  if (tail_len) {
+    
+    /* exor time into state */
+    x917_prng.state.v32[0] ^= t; 
+ 
+    /* copy value into buffer */
+    v128_copy(&buffer, &x917_prng.state);
+
+    /* apply aes to buffer */
+    aes_encrypt(&buffer, x917_prng.key);
+
+    /* write data to output */
+    for (i=0; i < tail_len; i++) {
+      *dest++ = buffer.v8[i];
+    }
+
+    /* now update the state one more time */
+
+    /* exor time into buffer */
+    buffer.v32[0] ^= t;
+
+    /* encrypt buffer */
+    aes_encrypt(&buffer, x917_prng.key);
+
+    /* copy buffer into state */
+    v128_copy(&x917_prng.state, &buffer);
+
+  }
+  
+  return err_status_ok;
+}
+
+err_status_t
+x917_prng_deinit(void) {
+  
+  return err_status_ok;  
+}
diff --git a/srtp/crypto/rng/rand_linux_kernel.c b/srtp/crypto/rng/rand_linux_kernel.c
new file mode 100644
index 0000000..c51978e
--- /dev/null
+++ b/srtp/crypto/rng/rand_linux_kernel.c
@@ -0,0 +1,65 @@
+/*
+ * rand_linux_kernel.c
+ *
+ * implements a random source using Linux kernel functions
+ *
+ * Marcus Sundberg
+ * Ingate Systems AB
+ */
+/*
+ *	
+ * Copyright(c) 2005 Ingate Systems AB
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ * 
+ *   Neither the name of the author(s) nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "config.h"
+#include "rand_source.h"
+
+
+err_status_t
+rand_source_init(void) {
+  return err_status_ok;
+}
+
+err_status_t
+rand_source_get_octet_string(void *dest, uint32_t len) {
+
+  get_random_bytes(dest, len);
+
+  return err_status_ok;
+}
+
+err_status_t
+rand_source_deinit(void) {
+  return err_status_ok;  
+}
diff --git a/srtp/crypto/rng/rand_source.c b/srtp/crypto/rng/rand_source.c
new file mode 100644
index 0000000..4de5105
--- /dev/null
+++ b/srtp/crypto/rng/rand_source.c
@@ -0,0 +1,153 @@
+/*
+ * rand_source.c
+ *
+ * implements a random source based on /dev/random
+ *
+ * David A. McGrew
+ * Cisco Systems, Inc.
+ */
+/*
+ *	
+ * Copyright(c) 2001-2006 Cisco Systems, Inc.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ *   Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * 
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials provided
+ *   with the distribution.
+ * 
+ *   Neither the name of the Cisco Systems, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived
+ *   from this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "config.h"
+
+#ifdef DEV_URANDOM
+# include <fcntl.h>          /* for open()  */
+# include <unistd.h>         /* for close() */
+#elif (_MSC_VER >= 1400)
+#define _CRT_RAND_S
+# include <stdlib.h>         
+# include <stdio.h>
+#else
+# include <stdio.h>
+#endif
+
+#include "rand_source.h"
+
+
+/* 
+ * global dev_rand_fdes is file descriptor for /dev/random 
+ * 
+ * This variable is also used to indicate that the random source has
+ * been initialized.  When this variable is set to the value of the
+ * #define RAND_SOURCE_NOT_READY, it indicates that the random source
+ * is not ready to be used.  The value of the #define
+ * RAND_SOURCE_READY is for use whenever that variable is used as an
+ * indicator of the state of the random source, but not as a file
+ * descriptor.
+ */
+
+#define RAND_SOURCE_NOT_READY (-1)
+#define RAND_SOURCE_READY     (17)
+
+static int dev_random_fdes = RAND_SOURCE_NOT_READY;
+
+
+err_status_t
+rand_source_init(void) {
+  if (dev_random_fdes >= 0) {
+    /* already open */
+    return err_status_ok;
+  }
+#ifdef DEV_URANDOM
+  /* open random source for reading */
+  dev_random_fdes = open(DEV_URANDOM, O_RDONLY);
+  if (dev_random_fdes < 0)
+    return err_status_init_fail;
+#elif (_MSC_VER >= 1400)
+  dev_random_fdes = RAND_SOURCE_READY;
+#else
+  /* no random source available; let the user know */
+  fprintf(stderr, "WARNING: no real random source present!\n");
+  dev_random_fdes = RAND_SOURCE_READY;
+#endif
+  return err_status_ok;
+}
+
+err_status_t
+rand_source_get_octet_string(void *dest, uint32_t len) {
+
+  /* 
+   * read len octets from /dev/random to dest, and
+   * check return value to make sure enough octets were
+   * written 
+   */
+#ifdef DEV_URANDOM
+  if (read(dev_random_fdes, dest, len) != len)
+    return err_status_fail;
+#elif (_MSC_VER >= 1400)
+  unsigned int *dst = dest;
+  while (len)
+  {
+      unsigned int val = 0;
+	  errno_t err = rand_s(&val);
+      if (err != 0)
+	      {
+              return err_status_fail;
+          }
+  
+      *dst++ = val;
+	  len--;
+  }
+#else
+  /* Generic C-library (rand()) version */
+  /* This is a random source of last resort */
+  uint8_t *dst = (uint8_t *)dest;
+  while (len)
+  {
+	  int val = rand();
+	  /* rand() returns 0-32767 (ugh) */
+	  /* Is this a good enough way to get random bytes?
+	     It is if it passes FIPS-140... */
+	  *dst++ = val & 0xff;
+	  len--;
+  }
+#endif
+  return err_status_ok;
+}
+ 
+err_status_t
+rand_source_deinit(void) {
+  if (dev_random_fdes < 0)
+    return err_status_dealloc_fail;  /* well, we haven't really failed, *
+				      * but there is something wrong    */
+#ifdef DEV_URANDOM
+  close(dev_random_fdes);  
+#endif
+  dev_random_fdes = RAND_SOURCE_NOT_READY;
+  
+  return err_status_ok;  
+}