* #35924 (zrtp): switch to libzrtpcpp
diff --git a/jni/libzrtp/sources/zrtp/crypto/aesCFB.cpp b/jni/libzrtp/sources/zrtp/crypto/aesCFB.cpp
new file mode 100644
index 0000000..f3042f8
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/aesCFB.cpp
@@ -0,0 +1,73 @@
+/*
+ Copyright (C) 2012-2013 by Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+
+/**
+ * @author Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#include <string.h>
+
+#include <zrtp/crypto/aesCFB.h>
+#include <cryptcommon/aescpp.h>
+
+void aesCfbEncrypt(uint8_t *key, int32_t keyLength, uint8_t* IV, uint8_t *data, int32_t dataLength)
+{
+ AESencrypt *saAes = new AESencrypt();
+
+ if (keyLength == 16)
+ saAes->key128(key);
+ else if (keyLength == 32)
+ saAes->key256(key);
+ else
+ return;
+
+ // Note: maybe copy IV to an internal array if we encounter strange things.
+ // the cfb encrypt modify the IV on return. Same for output data (inplace encryption)
+ saAes->cfb_encrypt(data, data, dataLength, IV);
+ delete saAes;
+}
+
+
+void aesCfbDecrypt(uint8_t *key, int32_t keyLength, uint8_t* IV, uint8_t *data, int32_t dataLength)
+{
+ AESencrypt *saAes = new AESencrypt();
+ if (keyLength == 16)
+ saAes->key128(key);
+ else if (keyLength == 32)
+ saAes->key256(key);
+ else
+ return;
+
+ // Note: maybe copy IV to an internal array if we encounter strange things.
+ // the cfb encrypt modify the IV on return. Same for output data (inplace encryption)
+ saAes->cfb_decrypt(data, data, dataLength, IV);
+ delete saAes;
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/aesCFB.h b/jni/libzrtp/sources/zrtp/crypto/aesCFB.h
new file mode 100644
index 0000000..7223bdf
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/aesCFB.h
@@ -0,0 +1,87 @@
+/*
+ Copyright (C) 2006-2013 Werner Dittmann
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * Authors: Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#ifndef _AESCFB_H__
+#define _AESCFB_H__
+
+#include <stdint.h>
+
+/**
+ * @file aesCFB.h
+ * @brief Function that provide AES CFB mode support
+ *
+ * @ingroup GNU_ZRTP
+ * @{
+ */
+
+#ifndef AES_BLOCK_SIZE
+#define AES_BLOCK_SIZE 16
+#endif
+
+/**
+ * Encrypt data with AES CFB mode, full block feedback size.
+ *
+ * This functions takes one data chunk and encrypts it with
+ * AES CFB mode. The lenght of the data may be arbitrary and
+ * it is not needed to be a multiple of AES blocksize.
+ *
+ * @param key
+ * Points to the key bytes.
+ * @param keyLength
+ * Length of the key in bytes
+ * @param IV
+ * The initialization vector which must be AES_BLOCKSIZE (16) bytes.
+ * @param data
+ * Points to a buffer that contains and receives the computed
+ * the data (in-place encryption).
+ * @param dataLength
+ * Length of the data in bytes
+ */
+
+void aesCfbEncrypt(uint8_t* key, int32_t keyLength, uint8_t* IV, uint8_t *data,
+ int32_t dataLength);
+
+/**
+ * Decrypt data with AES CFB mode, full block feedback size.
+ *
+ * This functions takes one data chunk and decrypts it with
+ * AES CFB mode. The lenght of the data may be arbitrary and
+ * it is not needed to be a multiple of AES blocksize.
+ *
+ * @param key
+ * Points to the key bytes.
+ * @param keyLength
+ * Length of the key in bytes
+ * @param IV
+ * The initialization vector which must be AES_BLOCKSIZE (16) bytes.
+ * @param data
+ * Points to a buffer that contains and receives the computed
+ * the data (in-place decryption).
+ * @param dataLength
+ * Length of the data in bytes
+ */
+
+void aesCfbDecrypt(uint8_t* key, int32_t keyLength, uint8_t* IV, uint8_t *data,
+ int32_t dataLength);
+/**
+ * @}
+ */
+#endif
diff --git a/jni/libzrtp/sources/zrtp/crypto/gcrypt/InitializeGcrypt.cpp b/jni/libzrtp/sources/zrtp/crypto/gcrypt/InitializeGcrypt.cpp
new file mode 100644
index 0000000..1c743d2
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/gcrypt/InitializeGcrypt.cpp
@@ -0,0 +1,84 @@
+/*
+ Copyright (C) 2006-2013 Werner Dittmann
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdio.h>
+
+#include <string.h>
+#include <pthread.h>
+#include <errno.h>
+#include <gcrypt.h>
+
+/*
+ * The following macro was copied from gcrypt.h and modified to explicitly
+ * cast the pointer types to keep the compiler happy.
+ */
+#define GCRY_THREAD_OPTION_PTHREAD_CPP_IMPL \
+static int gcry_pthread_mutex_init (void **priv) \
+{ \
+ int err = 0; \
+ pthread_mutex_t *lock = (pthread_mutex_t *)malloc (sizeof (pthread_mutex_t)); \
+ \
+ if (!lock) \
+ err = ENOMEM; \
+ if (!err) \
+{ \
+ err = pthread_mutex_init (lock, NULL); \
+ if (err) \
+ free (lock); \
+ else \
+ *priv = lock; \
+} \
+ return err; \
+} \
+static int gcry_pthread_mutex_destroy (void **lock) \
+{ int err = pthread_mutex_destroy ((pthread_mutex_t *)*lock); free (*lock); return err; } \
+static int gcry_pthread_mutex_lock (void **lock) \
+{ return pthread_mutex_lock ((pthread_mutex_t *)*lock); } \
+static int gcry_pthread_mutex_unlock (void **lock) \
+{ return pthread_mutex_unlock ((pthread_mutex_t *)*lock); } \
+ \
+static struct gcry_thread_cbs gcry_threads_pthread = \
+{ GCRY_THREAD_OPTION_PTHREAD, NULL, \
+ gcry_pthread_mutex_init, gcry_pthread_mutex_destroy, \
+ gcry_pthread_mutex_lock, gcry_pthread_mutex_unlock }
+
+/** Implement the locking callback functions for libgcrypt.
+ *
+ */
+
+static int initialized = 0;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+GCRY_THREAD_OPTION_PTHREAD_CPP_IMPL;
+#ifdef __cplusplus
+}
+#endif
+
+int initializeGcrypt ()
+{
+
+ if (initialized) {
+ return 1;
+ }
+ gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+ gcry_check_version(NULL);
+ gcry_control(GCRYCTL_DISABLE_SECMEM);
+ initialized = 1;
+ return 1;
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcryptAesCFB.cpp b/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcryptAesCFB.cpp
new file mode 100644
index 0000000..066035f
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcryptAesCFB.cpp
@@ -0,0 +1,77 @@
+/*
+ Copyright (C) 2006-2013 Werner Dittmann
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/** Copyright (C) 2006, 2007
+ *
+ * @author Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#include <gcrypt.h>
+#include <crypto/aesCFB.h>
+
+
+extern void initializeGcrypt();
+
+void aesCfbEncrypt(uint8_t* key, int32_t keyLength, uint8_t* IV, uint8_t *data,
+ int32_t dataLength);
+{
+ gcry_error_t err = 0;
+ int algo;
+
+ initializeGcrypt();
+
+ if (keyLength == 16) {
+ algo = GCRY_CIPHER_AES;
+ }
+ else if (keyLength == 32) {
+ algo = GCRY_CIPHER_AES256;
+ }
+ else {
+ return;
+ }
+ gcry_cipher_hd_t tmp;
+ err = gcry_cipher_open(&tmp, algo, GCRY_CIPHER_MODE_CFB, 0);
+ err = gcry_cipher_setkey(tmp, key, keyLength);
+ err = gcry_cipher_setiv (tmp, IV, AES_BLOCK_SIZE);
+ err = gcry_cipher_encrypt (tmp, data, dataLength, data, dataLength);
+ gcry_cipher_close(tmp);
+}
+
+void aesCfbDecrypt(uint8_t* key, int32_t keyLength, uint8_t* IV, uint8_t *data,
+ int32_t dataLength);
+{
+ gcry_error_t err = 0;
+ int algo;
+
+ initializeGcrypt();
+
+ if (keyLength == 16) {
+ algo = GCRY_CIPHER_AES;
+ }
+ else if (keyLength == 32) {
+ algo = GCRY_CIPHER_AES256;
+ }
+ else {
+ return;
+ }
+ gcry_cipher_hd_t tmp;
+ err = gcry_cipher_open(&tmp, algo, GCRY_CIPHER_MODE_CFB, 0);
+ err = gcry_cipher_setkey(tmp, key, keyLength);
+ err = gcry_cipher_setiv (tmp, IV, AES_BLOCK_SIZE);
+ err = gcry_cipher_decrypt (tmp, data, dataLength, data, dataLength);
+ gcry_cipher_close(tmp);
+}
\ No newline at end of file
diff --git a/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcryptZrtpDH.cpp b/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcryptZrtpDH.cpp
new file mode 100644
index 0000000..bc8897a
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcryptZrtpDH.cpp
@@ -0,0 +1,349 @@
+/*
+ Copyright (C) 2006, 2013 Werner Dittmann
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/** Copyright (C) 2006, 2009
+ *
+ * @author Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#include <gcrypt.h>
+#include <zrtp/crypto/zrtpDH.h>
+#include <zrtp/libzrtpcpp/ZrtpTextData.h>
+#include <sstream>
+
+struct gcryptCtx {
+ gcry_mpi_t privKey;
+ gcry_mpi_t pubKey;
+// int32_t pLength;
+};
+
+extern void initializeGcrypt();
+
+static gcry_mpi_t bnP2048 = NULL;
+static gcry_mpi_t bnP3072 = NULL;
+// static gcry_mpi_t bnP4096 = NULL;
+static gcry_mpi_t two = NULL;
+static gcry_mpi_t bnP2048MinusOne = NULL;
+static gcry_mpi_t bnP3072MinusOne = NULL;
+// static gcry_mpi_t bnP4096MinusOne = NULL;
+
+static uint8_t dhinit = 0;
+
+void randomZRTP(uint8_t *buf, int32_t length) {
+ initializeGcrypt();
+ gcry_randomize(buf, length, GCRY_STRONG_RANDOM);
+}
+
+static const uint8_t P2048[] =
+{
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF
+};
+
+static const uint8_t P3072[] =
+ {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+ 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+ };
+
+ /* *************
+static const uint8_t P4096[] =
+{
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+ 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
+ 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
+ 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
+ 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
+ 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
+ 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+ *************** */
+#define DH3K 1
+#define DH2K 0
+ZrtpDH::ZrtpDH(const char* type){
+
+ // Well - the algo type is only 4 char thus cast to int32 and compare
+ if (*(int32_t*)type == *(int32_t*)dh2k) {
+ pkType = DH2K;
+ }
+ else if (*(int32_t*)type == *(int32_t*)dh3k) {
+ pkType = DH3K;
+ }
+ else {
+ fprintf(stderr, "Unknown pubkey algo: %d\n", pkType);
+ }
+ ctx = static_cast<void*>(new gcryptCtx);
+ gcryptCtx* tmpCtx = static_cast<gcryptCtx*>(ctx);
+ tmpCtx->privKey = NULL;
+ tmpCtx->pubKey = NULL;
+
+ initializeGcrypt();
+
+ if (!dhinit) {
+ gcry_mpi_scan(&bnP2048, GCRYMPI_FMT_USG, P2048, sizeof(P2048), NULL);
+ gcry_mpi_scan(&bnP3072, GCRYMPI_FMT_USG, P3072, sizeof(P3072), NULL);
+// gcry_mpi_scan(&bnP4096, GCRYMPI_FMT_USG, P4096, sizeof(P4096), NULL);
+ two = gcry_mpi_set_ui(NULL, 2);
+
+ bnP2048MinusOne = gcry_mpi_new(sizeof(P2048)*8);
+ gcry_mpi_sub_ui(bnP2048MinusOne, bnP2048, 1);
+
+ bnP3072MinusOne = gcry_mpi_new(sizeof(P3072)*8);
+ gcry_mpi_sub_ui(bnP3072MinusOne, bnP3072, 1);
+
+// bnP4096MinusOne = gcry_mpi_new(sizeof(P4096)*8);
+// gcry_mpi_sub_ui(bnP4096MinusOne, bnP4096, 1);
+ dhinit = 1;
+ }
+
+ if (pkType == DH3K) {
+ tmpCtx->privKey = gcry_mpi_new(256);
+ gcry_mpi_randomize(tmpCtx->privKey, 256, GCRY_STRONG_RANDOM);
+ }
+ else if (pkType == DH2K) {
+ tmpCtx->privKey = gcry_mpi_new(512);
+ gcry_mpi_randomize(tmpCtx->privKey, 512, GCRY_STRONG_RANDOM);
+ }
+// else {
+// tmpCtx->privKey = gcry_mpi_new(512);
+// gcry_mpi_randomize(tmpCtx->privKey, 512, GCRY_STRONG_RANDOM);
+// }
+}
+
+ZrtpDH::~ZrtpDH() {
+ gcryptCtx* tmpCtx = static_cast<gcryptCtx*>(ctx);
+
+ if (tmpCtx != NULL) {
+ gcry_mpi_release(tmpCtx->privKey);
+ tmpCtx->privKey = NULL;
+ gcry_mpi_release(tmpCtx->pubKey);
+ tmpCtx->pubKey = NULL;
+ delete tmpCtx;
+ ctx = NULL;
+ }
+}
+
+int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) {
+
+ int32_t length = getDhSize();
+ gcryptCtx* tmpCtx = static_cast<gcryptCtx*>(ctx);
+
+ gcry_mpi_t pubKeyOther;
+ gcry_mpi_t sec = gcry_mpi_new(0);
+ gcry_mpi_scan(&pubKeyOther, GCRYMPI_FMT_USG, pubKeyBytes, length, NULL);
+
+ if (pkType == DH2K) {
+ gcry_mpi_powm(sec, pubKeyOther, tmpCtx->privKey, bnP2048);
+ }
+ else if (pkType == DH3K) {
+ gcry_mpi_powm(sec, pubKeyOther, tmpCtx->privKey, bnP3072);
+ }
+ else {
+// gcry_mpi_powm(sec, pubKeyOther, tmpCtx->privKey, bnP4096);
+ return 0;
+ }
+ gcry_mpi_release(pubKeyOther);
+
+ size_t result;
+ gcry_mpi_print(GCRYMPI_FMT_USG, secret, length, &result, sec);
+ gcry_mpi_release(sec);
+
+ return result;
+}
+
+int32_t ZrtpDH::generatePublicKey()
+{
+ gcryptCtx* tmpCtx = static_cast<gcryptCtx*>(ctx);
+
+ tmpCtx->pubKey = gcry_mpi_new(0);
+ if (pkType == DH2K) {
+ gcry_mpi_powm(tmpCtx->pubKey, two, tmpCtx->privKey, bnP2048);
+ }
+ else if (pkType == DH3K) {
+ gcry_mpi_powm(tmpCtx->pubKey, two, tmpCtx->privKey, bnP3072);
+ }
+ else {
+// gcry_mpi_powm(tmpCtx->pubKey, two, tmpCtx->privKey, bnP4096);
+ return 0;
+ }
+ return 1;
+}
+
+int32_t ZrtpDH::getPubKeyBytes(uint8_t *buf) const
+{
+ gcryptCtx* tmpCtx = static_cast<gcryptCtx*>(ctx);
+ int32_t len = getPubKeySize();
+
+ // get length of Dh in bytes, prepend buffer with zeros if necessary
+ int32_t prepend = getDhSize() - getPubKeySize();
+ if (prepend > 0) {
+ memset(buf, 0, prepend);
+ }
+ size_t i = 0;
+ gcry_mpi_print(GCRYMPI_FMT_USG, buf + prepend, len, &i, tmpCtx->pubKey);
+ return i;
+}
+
+int32_t ZrtpDH::getDhSize() const
+{
+ switch (pkType) {
+ case DH2K:
+ return 2048/8;
+ break;
+ case DH3K:
+ return 3072/8;
+ break;
+ }
+ return 0;
+}
+
+int32_t ZrtpDH::getPubKeySize() const
+{
+ return ((gcry_mpi_get_nbits(static_cast<gcryptCtx*>(ctx)->pubKey) + 7) / 8);
+}
+
+int32_t ZrtpDH::checkPubKey(uint8_t *pubKeyBytes) const
+{
+ gcry_mpi_t pubKeyOther = NULL;
+ gcry_mpi_scan(&pubKeyOther, GCRYMPI_FMT_USG, pubKeyBytes, getDhSize(), NULL);
+
+ if (pkType == DH2K) {
+ if (gcry_mpi_cmp(bnP2048MinusOne, pubKeyOther) == 0)
+ return 0;
+ }
+ else if (pkType == DH3K) {
+ if (gcry_mpi_cmp(bnP3072MinusOne, pubKeyOther) == 0)
+ return 0;
+ }
+ else {
+// if (gcry_mpi_cmp(bnP4096MinusOne, pubKeyOther) == 0)
+ return 0;
+ }
+ if (gcry_mpi_cmp_ui(pubKeyOther, 1) == 0) {
+ return 0;
+ }
+
+ gcry_mpi_release(pubKeyOther);
+ return 1;
+}
+
+const char* ZrtpDH::getDHtype()
+{
+ switch (pkType) {
+ case DH2K:
+ return dh2k;
+ break;
+ case DH3K:
+ return dh3k;
+ break;
+ }
+ return NULL;
+}
+
+/** EMACS **
+ * Local variables:
+ * mode: c++
+ * c-default-style: ellemtel
+ * c-basic-offset: 4
+ * End:
+ */
diff --git a/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcrypthmac256.cpp b/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcrypthmac256.cpp
new file mode 100644
index 0000000..a0ecc65
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcrypthmac256.cpp
@@ -0,0 +1,68 @@
+/*
+ Copyright (C) 2006-2013 Werner Dittmann
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson@it.kth.se>
+ * Johan Bilien <jobi@via.ecp.fr>
+ */
+
+#include <gcrypt.h>
+#include <crypto/hmac256.h>
+
+void hmac_sha256(uint8_t* key, uint32_t keyLength,
+ uint8_t* data, int32_t dataLength,
+ uint8_t* mac, uint32_t* macLength)
+{
+ gcry_md_hd_t hd;
+ gcry_error_t err = 0;
+
+ err = gcry_md_open(&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
+ gcry_md_setkey(hd, key, keyLength);
+
+ gcry_md_write (hd, data, dataLength);
+
+ uint8_t* p = gcry_md_read (hd, GCRY_MD_SHA256);
+ memcpy(mac, p, SHA256_DIGEST_LENGTH);
+ if (macLength != NULL) {
+ *macLength = SHA256_DIGEST_LENGTH;
+ }
+ gcry_md_close (hd);
+}
+
+void hmac_sha256( uint8_t* key, uint32_t keyLength,
+ uint8_t* dataChunks[],
+ uint32_t dataChunkLength[],
+ uint8_t* mac, uint32_t* macLength )
+{
+ gcry_md_hd_t hd;
+ gcry_error_t err = 0;
+
+ err = gcry_md_open(&hd, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
+ gcry_md_setkey(hd, key, keyLength);
+
+ while (*dataChunks) {
+ gcry_md_write (hd, *dataChunks, (uint32_t)(*dataChunkLength));
+ dataChunks++;
+ dataChunkLength++;
+ }
+ uint8_t* p = gcry_md_read (hd, GCRY_MD_SHA256);
+ memcpy(mac, p, SHA256_DIGEST_LENGTH);
+ if (macLength != NULL) {
+ *macLength = SHA256_DIGEST_LENGTH;
+ }
+ gcry_md_close (hd);
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcrypthmac384.cpp b/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcrypthmac384.cpp
new file mode 100644
index 0000000..aa852c4
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcrypthmac384.cpp
@@ -0,0 +1,68 @@
+/*
+ Copyright (C) 2006-2009 Werner Dittmann
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson@it.kth.se>
+ * Johan Bilien <jobi@via.ecp.fr>
+ */
+
+#include <gcrypt.h>
+#include <crypto/hmac384.h>
+
+void hmac_sha384(uint8_t* key, uint32_t keyLength,
+ uint8_t* data, int32_t dataLength,
+ uint8_t* mac, uint32_t* macLength)
+{
+ gcry_md_hd_t hd;
+ gcry_error_t err = 0;
+
+ err = gcry_md_open(&hd, GCRY_MD_SHA384, GCRY_MD_FLAG_HMAC);
+ gcry_md_setkey(hd, key, keyLength);
+
+ gcry_md_write (hd, data, dataLength);
+
+ uint8_t* p = gcry_md_read (hd, GCRY_MD_SHA384);
+ memcpy(mac, p, SHA384_DIGEST_LENGTH);
+ if (macLength != NULL) {
+ *macLength = SHA384_DIGEST_LENGTH;
+ }
+ gcry_md_close (hd);
+}
+
+void hmac_sha384( uint8_t* key, uint32_t keyLength,
+ uint8_t* dataChunks[],
+ uint32_t dataChunkLength[],
+ uint8_t* mac, uint32_t* macLength )
+{
+ gcry_md_hd_t hd;
+ gcry_error_t err = 0;
+
+ err = gcry_md_open(&hd, GCRY_MD_SHA384, GCRY_MD_FLAG_HMAC);
+ gcry_md_setkey(hd, key, keyLength);
+
+ while (*dataChunks) {
+ gcry_md_write (hd, *dataChunks, (uint32_t)(*dataChunkLength));
+ dataChunks++;
+ dataChunkLength++;
+ }
+ uint8_t* p = gcry_md_read (hd, GCRY_MD_SHA384);
+ memcpy(mac, p, SHA384_DIGEST_LENGTH);
+ if (macLength != NULL) {
+ *macLength = SHA384_DIGEST_LENGTH;
+ }
+ gcry_md_close (hd);
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcryptsha256.cpp b/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcryptsha256.cpp
new file mode 100644
index 0000000..b20bfe6
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcryptsha256.cpp
@@ -0,0 +1,89 @@
+/*
+ Copyright (C) 2006-2013 Werner Dittmann
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @author Erik Eliasson <eliasson@it.kth.se>
+ * Johan Bilien <jobi@via.ecp.fr>
+ * Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#include <gcrypt.h>
+#include <crypto/sha256.h>
+
+void sha256(unsigned char* data, unsigned int dataLength,
+ unsigned char* mac)
+{
+ gcry_md_hash_buffer(GCRY_MD_SHA256, mac, data, dataLength);
+}
+
+void sha256(unsigned char* dataChunks[],
+ unsigned int dataChunkLength[],
+ unsigned char* mac)
+{
+ gcry_md_hd_t hd;
+ gcry_error_t err = 0;
+
+ err = gcry_md_open(&hd, GCRY_MD_SHA256, 0);
+ while (*dataChunks) {
+ gcry_md_write (hd, *dataChunks, (uint32_t)(*dataChunkLength));
+ dataChunks++;
+ dataChunkLength++;
+ }
+ uint8_t* p = gcry_md_read (hd, GCRY_MD_SHA256);
+ memcpy(mac, p, SHA256_DIGEST_LENGTH);
+ gcry_md_close (hd);
+}
+
+void* createSha256Context()
+{
+ gcry_error_t err = 0;
+ gcry_md_hd_t hd;
+
+ err = gcry_md_open(&hd, GCRY_MD_SHA256, 0);
+ return (void*)hd;
+}
+
+void closeSha256Context(void* ctx, unsigned char* digest)
+{
+ gcry_md_hd_t hd = (gcry_md_hd_t)ctx;
+
+ if (digest != NULL) {
+ uint8_t* p = gcry_md_read (hd, GCRY_MD_SHA256);
+ memcpy(digest, p, SHA256_DIGEST_LENGTH);
+ }
+ gcry_md_close (hd);
+}
+
+void sha256Ctx(void* ctx, unsigned char* data,
+ unsigned int dataLength)
+{
+ gcry_md_hd_t hd = (gcry_md_hd_t)ctx;
+
+ gcry_md_write (hd, data, dataLength);
+}
+
+void sha256Ctx(void* ctx, unsigned char* dataChunks[],
+ unsigned int dataChunkLength[])
+{
+ gcry_md_hd_t hd = (gcry_md_hd_t)ctx;
+
+ while (*dataChunks) {
+ gcry_md_write (hd, *dataChunks, (uint32_t)(*dataChunkLength));
+ dataChunks++;
+ dataChunkLength++;
+ }
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcryptsha384.cpp b/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcryptsha384.cpp
new file mode 100644
index 0000000..c26a23c
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/gcrypt/gcryptsha384.cpp
@@ -0,0 +1,89 @@
+/*
+ Copyright (C) 2006-2013 Werner Dittmann
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @author Erik Eliasson <eliasson@it.kth.se>
+ * Johan Bilien <jobi@via.ecp.fr>
+ * Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#include <gcrypt.h>
+#include <crypto/sha384.h>
+
+void sha384(unsigned char* data, unsigned int dataLength,
+ unsigned char* mac)
+{
+ gcry_md_hash_buffer(GCRY_MD_SHA384, mac, data, dataLength);
+}
+
+void sha384(unsigned char* dataChunks[],
+ unsigned int dataChunkLength[],
+ unsigned char* mac)
+{
+ gcry_md_hd_t hd;
+ gcry_error_t err = 0;
+
+ err = gcry_md_open(&hd, GCRY_MD_SHA384, 0);
+ while (*dataChunks) {
+ gcry_md_write (hd, *dataChunks, (uint32_t)(*dataChunkLength));
+ dataChunks++;
+ dataChunkLength++;
+ }
+ uint8_t* p = gcry_md_read (hd, GCRY_MD_SHA384);
+ memcpy(mac, p, SHA384_DIGEST_LENGTH);
+ gcry_md_close (hd);
+}
+
+void* createSha384Context()
+{
+ gcry_error_t err = 0;
+ gcry_md_hd_t hd;
+
+ err = gcry_md_open(&hd, GCRY_MD_SHA384, 0);
+ return (void*)hd;
+}
+
+void closeSha384Context(void* ctx, unsigned char* digest)
+{
+ gcry_md_hd_t hd = (gcry_md_hd_t)ctx;
+
+ if (digest != NULL) {
+ uint8_t* p = gcry_md_read (hd, GCRY_MD_SHA384);
+ memcpy(digest, p, SHA384_DIGEST_LENGTH);
+ }
+ gcry_md_close (hd);
+}
+
+void sha384Ctx(void* ctx, unsigned char* data,
+ unsigned int dataLength)
+{
+ gcry_md_hd_t hd = (gcry_md_hd_t)ctx;
+
+ gcry_md_write (hd, data, dataLength);
+}
+
+void sha384Ctx(void* ctx, unsigned char* dataChunks[],
+ unsigned int dataChunkLength[])
+{
+ gcry_md_hd_t hd = (gcry_md_hd_t)ctx;
+
+ while (*dataChunks) {
+ gcry_md_write (hd, *dataChunks, (uint32_t)(*dataChunkLength));
+ dataChunks++;
+ dataChunkLength++;
+ }
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/hmac256.cpp b/jni/libzrtp/sources/zrtp/crypto/hmac256.cpp
new file mode 100644
index 0000000..1e3ceb7
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/hmac256.cpp
@@ -0,0 +1,186 @@
+/*
+ Copyright (C) 2012-2013 Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+
+/*
+ * Authors: Werner Dittmann
+ */
+
+#include <stdint.h>
+#include <string.h>
+#include <stdio.h>
+#include "zrtp/crypto/sha2.h"
+#include "zrtp/crypto/hmac256.h"
+
+typedef struct _hmacSha256Context {
+ sha256_ctx ctx;
+ sha256_ctx innerCtx;
+ sha256_ctx outerCtx;
+} hmacSha256Context;
+
+static int32_t hmacSha256Init(hmacSha256Context *ctx, const uint8_t *key, uint32_t kLength)
+{
+ int32_t i;
+ uint8_t localPad[SHA256_BLOCK_SIZE] = {0};
+ uint8_t localKey[SHA256_BLOCK_SIZE] = {0};
+
+ if (key == NULL)
+ return 0;
+
+ memset(ctx, 0, sizeof(hmacSha256Context));
+
+ /* check key length and reduce it if necessary */
+ if (kLength > SHA256_BLOCK_SIZE) {
+ sha256_begin(&ctx->ctx);
+ sha256_hash(key, kLength, &ctx->ctx);
+ sha256_end(localKey, &ctx->ctx);
+ }
+ else {
+ memcpy(localKey, key, kLength);
+ }
+ /* prepare inner hash and hold the context */
+ for (i = 0; i < SHA256_BLOCK_SIZE; i++)
+ localPad[i] = localKey[i] ^ 0x36;
+
+ sha256_begin(&ctx->innerCtx);
+ sha256_hash(localPad, SHA256_BLOCK_SIZE, &ctx->innerCtx);
+
+ /* prepare outer hash and hold the context */
+ for (i = 0; i < SHA256_BLOCK_SIZE; i++)
+ localPad[i] = localKey[i] ^ 0x5c;
+
+ sha256_begin(&ctx->outerCtx);
+ sha256_hash(localPad, SHA256_BLOCK_SIZE, &ctx->outerCtx);
+
+ /* copy prepared inner hash to work hash - ready to process data */
+ memcpy(&ctx->ctx, &ctx->innerCtx, sizeof(sha256_ctx));
+
+ memset(localKey, 0, sizeof(localKey));
+
+ return 1;
+}
+
+static void hmacSha256Reset(hmacSha256Context *ctx)
+{
+ /* copy prepared inner hash to work hash context */
+ memcpy(&ctx->ctx, &ctx->innerCtx, sizeof(sha256_ctx));
+}
+
+static void hmacSha256Update(hmacSha256Context *ctx, const uint8_t *data, uint32_t dLength)
+{
+ /* hash new data to work hash context */
+ sha256_hash(data, dLength, &ctx->ctx);
+}
+
+static void hmacSha256Final(hmacSha256Context *ctx, uint8_t *mac)
+{
+ uint8_t tmpDigest[SHA256_DIGEST_SIZE];
+
+ /* finalize work hash context */
+ sha256_end(tmpDigest, &ctx->ctx);
+
+ /* copy prepared outer hash to work hash */
+ memcpy(&ctx->ctx, &ctx->outerCtx, sizeof(sha256_ctx));
+
+ /* hash inner digest to work (outer) hash context */
+ sha256_hash(tmpDigest, SHA256_DIGEST_SIZE, &ctx->ctx);
+
+ /* finalize work hash context to get the hmac*/
+ sha256_end(mac, &ctx->ctx);
+}
+
+
+void hmac_sha256(uint8_t *key, uint32_t keyLength, uint8_t* data, int32_t dataLength, uint8_t* mac, uint32_t* macLength)
+{
+ hmacSha256Context ctx;
+
+ hmacSha256Init(&ctx, key, keyLength);
+ hmacSha256Update(&ctx, data, dataLength);
+ hmacSha256Final(&ctx, mac);
+ *macLength = SHA256_DIGEST_SIZE;
+}
+
+void hmac_sha256(uint8_t* key, uint32_t keyLength, uint8_t* dataChunks[], uint32_t dataChunckLength[],
+ uint8_t* mac, uint32_t* macLength )
+{
+ hmacSha256Context ctx;
+
+ hmacSha256Init(&ctx, key, keyLength);
+
+ while (*dataChunks) {
+ hmacSha256Update(&ctx, *dataChunks, *dataChunckLength);
+ dataChunks ++;
+ dataChunckLength ++;
+ }
+ hmacSha256Final(&ctx, mac);
+ *macLength = SHA256_DIGEST_SIZE;
+}
+
+void* createSha256HmacContext(uint8_t* key, int32_t keyLength)
+{
+ hmacSha256Context *ctx = reinterpret_cast<hmacSha256Context*>(malloc(sizeof(hmacSha256Context)));
+
+ hmacSha256Init(ctx, key, keyLength);
+ return ctx;
+}
+
+void hmacSha256Ctx(void* ctx, const uint8_t* data, uint32_t dataLength,
+ uint8_t* mac, int32_t* macLength)
+{
+ hmacSha256Context *pctx = (hmacSha256Context*)ctx;
+
+ hmacSha256Reset(pctx);
+ hmacSha256Update(pctx, data, dataLength);
+ hmacSha256Final(pctx, mac);
+ *macLength = SHA256_DIGEST_SIZE;
+}
+
+void hmacSha256Ctx(void* ctx, const uint8_t* data[], uint32_t dataLength[],
+ uint8_t* mac, int32_t* macLength )
+{
+ hmacSha256Context *pctx = (hmacSha256Context*)ctx;
+
+ hmacSha256Reset(pctx);
+ while (*data) {
+ hmacSha256Update(pctx, *data, *dataLength);
+ data++;
+ dataLength++;
+ }
+ hmacSha256Final(pctx, mac);
+ *macLength = SHA256_DIGEST_SIZE;
+}
+
+void freeSha256HmacContext(void* ctx)
+{
+ if (ctx) {
+ memset(ctx, 0, sizeof(hmacSha256Context));
+ free(ctx);
+ }
+}
\ No newline at end of file
diff --git a/jni/libzrtp/sources/zrtp/crypto/hmac256.h b/jni/libzrtp/sources/zrtp/crypto/hmac256.h
new file mode 100644
index 0000000..f9110a6
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/hmac256.h
@@ -0,0 +1,96 @@
+/*
+ Copyright (C) 2006, 2005, 2004 Erik Eliasson, Johan Bilien, Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+*/
+
+/**
+ * Methods to compute a SHA256 HMAC.
+ *
+ * @author Erik Eliasson <eliasson@it.kth.se>
+ * @author Johan Bilien <jobi@via.ecp.fr>
+ * @author Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#ifndef HMAC_SHA256_H
+#define HMAC_SHA256_H
+
+/**
+ * @file hmac256.h
+ * @brief Function that provide SHA256 HMAC support
+ *
+ * @ingroup GNU_ZRTP
+ * @{
+ */
+
+#include <stdint.h>
+
+#ifndef SHA256_DIGEST_LENGTH
+#define SHA256_DIGEST_LENGTH 32
+#endif
+
+/**
+ * Compute SHA256 HMAC.
+ *
+ * This functions takes one data chunk and computes its SHA256 HMAC.
+ *
+ * @param key
+ * The MAC key.
+ * @param key_length
+ * Lneght of the MAC key in bytes
+ * @param data
+ * Points to the data chunk.
+ * @param data_length
+ * Length of the data in bytes
+ * @param mac
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 32 bytes (SHA256_DIGEST_LENGTH).
+ * @param mac_length
+ * Point to an integer that receives the length of the computed HMAC.
+ */
+void hmac_sha256( uint8_t* key, uint32_t key_length,
+ uint8_t* data, int32_t data_length,
+ uint8_t* mac, uint32_t* mac_length );
+
+/**
+ * Compute SHA256 HMAC over several data cunks.
+ *
+ * This functions takes several data chunk and computes the SHA256 HAMAC. It
+ * uses the openSSL HAMAC SHA256 implementation.
+ *
+ * @param key
+ * The MAC key.
+ * @param key_length
+ * Lneght of the MAC key in bytes
+ * @param data
+ * Points to an array of pointers that point to the data chunks. A NULL
+ * pointer in an array element terminates the data chunks.
+ * @param data_length
+ * Points to an array of integers that hold the length of each data chunk.
+ * @param mac
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 32 bytes (SHA256_DIGEST_LENGTH).
+ * @param mac_length
+ * Point to an integer that receives the length of the computed HMAC.
+ */
+
+void hmac_sha256( uint8_t* key, uint32_t key_length,
+ uint8_t* data[], uint32_t data_length[],
+ uint8_t* mac, uint32_t* mac_length );
+/**
+ * @}
+ */
+#endif
diff --git a/jni/libzrtp/sources/zrtp/crypto/hmac384.cpp b/jni/libzrtp/sources/zrtp/crypto/hmac384.cpp
new file mode 100644
index 0000000..c7a7abd
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/hmac384.cpp
@@ -0,0 +1,186 @@
+/*
+ Copyright (C) 2012 Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+
+/*
+ * Authors: Werner Dittmann
+ */
+
+#include <stdint.h>
+#include <string.h>
+#include <stdio.h>
+#include "zrtp/crypto/sha2.h"
+#include "zrtp/crypto/hmac384.h"
+
+typedef struct _hmacSha384Context {
+ sha384_ctx ctx;
+ sha384_ctx innerCtx;
+ sha384_ctx outerCtx;
+} hmacSha384Context;
+
+static int32_t hmacSha384Init(hmacSha384Context *ctx, const uint8_t *key, uint32_t kLength)
+{
+ int32_t i;
+ uint8_t localPad[SHA384_BLOCK_SIZE] = {0};
+ uint8_t localKey[SHA384_BLOCK_SIZE] = {0};
+
+ if (key == NULL)
+ return 0;
+
+ memset(ctx, 0, sizeof(hmacSha384Context));
+
+ /* check key length and reduce it if necessary */
+ if (kLength > SHA384_BLOCK_SIZE) {
+ sha384_begin(&ctx->ctx);
+ sha384_hash(key, kLength, &ctx->ctx);
+ sha384_end(localKey, &ctx->ctx);
+ }
+ else {
+ memcpy(localKey, key, kLength);
+ }
+ /* prepare inner hash and hold the context */
+ for (i = 0; i < SHA384_BLOCK_SIZE; i++)
+ localPad[i] = localKey[i] ^ 0x36;
+
+ sha384_begin(&ctx->innerCtx);
+ sha384_hash(localPad, SHA384_BLOCK_SIZE, &ctx->innerCtx);
+
+ /* prepare outer hash and hold the context */
+ for (i = 0; i < SHA384_BLOCK_SIZE; i++)
+ localPad[i] = localKey[i] ^ 0x5c;
+
+ sha384_begin(&ctx->outerCtx);
+ sha384_hash(localPad, SHA384_BLOCK_SIZE, &ctx->outerCtx);
+
+ /* copy prepared inner hash to work hash - ready to process data */
+ memcpy(&ctx->ctx, &ctx->innerCtx, sizeof(sha384_ctx));
+
+ memset(localKey, 0, sizeof(localKey));
+
+ return 1;
+}
+
+static void hmacSha384Reset(hmacSha384Context *ctx)
+{
+ /* copy prepared inner hash to work hash context */
+ memcpy(&ctx->ctx, &ctx->innerCtx, sizeof(sha384_ctx));
+}
+
+static void hmacSha384Update(hmacSha384Context *ctx, const uint8_t *data, uint32_t dLength)
+{
+ /* hash new data to work hash context */
+ sha384_hash(data, dLength, &ctx->ctx);
+}
+
+static void hmacSha384Final(hmacSha384Context *ctx, uint8_t *mac)
+{
+ uint8_t tmpDigest[SHA384_DIGEST_SIZE];
+
+ /* finalize work hash context */
+ sha384_end(tmpDigest, &ctx->ctx);
+
+ /* copy prepared outer hash to work hash */
+ memcpy(&ctx->ctx, &ctx->outerCtx, sizeof(sha384_ctx));
+
+ /* hash inner digest to work (outer) hash context */
+ sha384_hash(tmpDigest, SHA384_DIGEST_SIZE, &ctx->ctx);
+
+ /* finalize work hash context to get the hmac*/
+ sha384_end(mac, &ctx->ctx);
+}
+
+
+void hmac_sha384(uint8_t *key, uint32_t keyLength, uint8_t* data, int32_t dataLength, uint8_t* mac, uint32_t* macLength)
+{
+ hmacSha384Context ctx;
+
+ hmacSha384Init(&ctx, key, keyLength);
+ hmacSha384Update(&ctx, data, dataLength);
+ hmacSha384Final(&ctx, mac);
+ *macLength = SHA384_DIGEST_SIZE;
+}
+
+void hmac_sha384( uint8_t* key, uint32_t keyLength, uint8_t* dataChunks[], uint32_t dataChunckLength[],
+ uint8_t* mac, uint32_t* macLength )
+{
+ hmacSha384Context ctx;
+
+ hmacSha384Init(&ctx, key, keyLength);
+
+ while (*dataChunks) {
+ hmacSha384Update(&ctx, *dataChunks, *dataChunckLength);
+ dataChunks ++;
+ dataChunckLength ++;
+ }
+ hmacSha384Final(&ctx, mac);
+ *macLength = SHA384_DIGEST_SIZE;
+}
+
+void* createSha384HmacContext(uint8_t* key, int32_t keyLength)
+{
+ hmacSha384Context *ctx = reinterpret_cast<hmacSha384Context*>(malloc(sizeof(hmacSha384Context)));
+
+ hmacSha384Init(ctx, key, keyLength);
+ return ctx;
+}
+
+void hmacSha384Ctx(void* ctx, const uint8_t* data, uint32_t dataLength,
+ uint8_t* mac, int32_t* macLength)
+{
+ hmacSha384Context *pctx = (hmacSha384Context*)ctx;
+
+ hmacSha384Reset(pctx);
+ hmacSha384Update(pctx, data, dataLength);
+ hmacSha384Final(pctx, mac);
+ *macLength = SHA384_DIGEST_SIZE;
+}
+
+void hmacSha384Ctx(void* ctx, const uint8_t* data[], uint32_t dataLength[],
+ uint8_t* mac, int32_t* macLength )
+{
+ hmacSha384Context *pctx = (hmacSha384Context*)ctx;
+
+ hmacSha384Reset(pctx);
+ while (*data) {
+ hmacSha384Update(pctx, *data, *dataLength);
+ data++;
+ dataLength++;
+ }
+ hmacSha384Final(pctx, mac);
+ *macLength = SHA384_DIGEST_SIZE;
+}
+
+void freeSha384HmacContext(void* ctx)
+{
+ if (ctx) {
+ memset(ctx, 0, sizeof(hmacSha384Context));
+ free(ctx);
+ }
+}
\ No newline at end of file
diff --git a/jni/libzrtp/sources/zrtp/crypto/hmac384.h b/jni/libzrtp/sources/zrtp/crypto/hmac384.h
new file mode 100644
index 0000000..223444a
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/hmac384.h
@@ -0,0 +1,96 @@
+/*
+ Copyright (C) 2009, 2006, 2005, 2004 Erik Eliasson, Johan Bilien, Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+*/
+
+/**
+ * Methods to compute a SHA384 HMAC.
+ *
+ * @author Erik Eliasson <eliasson@it.kth.se>
+ * @author Johan Bilien <jobi@via.ecp.fr>
+ * @author Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#ifndef HMAC_SHA384_H
+#define HMAC_SHA384_H
+
+/**
+ * @file hmac384.h
+ * @brief Function that provide SHA384 HMAC support
+ *
+ * @ingroup GNU_ZRTP
+ * @{
+ */
+
+#include <stdint.h>
+
+#ifndef SHA384_DIGEST_LENGTH
+#define SHA384_DIGEST_LENGTH 48
+#endif
+
+/**
+ * Compute SHA384 HMAC.
+ *
+ * This functions takes one data chunk and computes its SHA384 HMAC.
+ *
+ * @param key
+ * The MAC key.
+ * @param key_length
+ * Lneght of the MAC key in bytes
+ * @param data
+ * Points to the data chunk.
+ * @param data_length
+ * Length of the data in bytes
+ * @param mac
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 48 bytes (SHA384_DIGEST_LENGTH).
+ * @param mac_length
+ * Point to an integer that receives the length of the computed HMAC.
+ */
+void hmac_sha384( uint8_t* key, uint32_t key_length,
+ uint8_t* data, int32_t data_length,
+ uint8_t* mac, uint32_t* mac_length );
+
+/**
+ * Compute SHA384 HMAC over several data cunks.
+ *
+ * This functions takes several data chunk and computes the SHA384 HAMAC. It
+ * uses the openSSL HAMAC SHA384 implementation.
+ *
+ * @param key
+ * The MAC key.
+ * @param key_length
+ * Lneght of the MAC key in bytes
+ * @param data
+ * Points to an array of pointers that point to the data chunks. A NULL
+ * pointer in an array element terminates the data chunks.
+ * @param data_length
+ * Points to an array of integers that hold the length of each data chunk.
+ * @param mac
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 48 bytes (SHA384_DIGEST_LENGTH).
+ * @param mac_length
+ * Point to an integer that receives the length of the computed HMAC.
+ */
+
+void hmac_sha384( uint8_t* key, uint32_t key_length,
+ uint8_t* data[], uint32_t data_length[],
+ uint8_t* mac, uint32_t* mac_length );
+/**
+ * @}
+ */
+#endif
diff --git a/jni/libzrtp/sources/zrtp/crypto/openssl/InitializeOpenSSL.cpp b/jni/libzrtp/sources/zrtp/crypto/openssl/InitializeOpenSSL.cpp
new file mode 100755
index 0000000..2c5c8de
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/openssl/InitializeOpenSSL.cpp
@@ -0,0 +1,236 @@
+/*
+ Copyright (C) 2006-2013 Werner Dittmann
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Boston, MA 02111.
+*/
+
+#include <stdio.h>
+#include <openssl/evp.h>
+#include <config.h>
+
+#ifdef _MSWINDOWS_
+#include <windows.h>
+#endif
+#if defined SOLARIS && !defined HAVE_PTHREAD_H
+#include <synch.h>
+#include <thread.h>
+#endif
+#if !defined _MSWINDOWS_ && !defined SOLARIS
+#include <pthread.h>
+#endif
+
+#ifdef const
+#undef const
+#endif
+
+static void threadLockSetup(void);
+static void threadLockCleanup(void);
+static void myLockingCallback(int, int, const char *, int);
+
+/**
+ * Implement the locking callback functions for openSSL.
+ *
+ * Unfortunatly we can't use the Commonc++ Mutex here because the
+ * Mutex may use (for some cases) the Commonc++ Thread class. OpenSSL
+ * does not use this Thread class.
+ */
+
+static int initialized = 0;
+
+int initializeOpenSSL ()
+{
+
+ if (initialized) {
+ return 1;
+ }
+ initialized = 1;
+ threadLockSetup();
+ return 1;
+}
+
+int finalizeOpenSSL ()
+{
+ if(!initialized)
+ return 1;
+
+ initialized = 0;
+ threadLockCleanup();
+ return 1;
+}
+
+#ifdef _MSWINDOWS_
+
+static HANDLE *lock_cs;
+
+static void threadLockSetup(void) {
+ int i;
+
+ lock_cs=(HANDLE*)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ lock_cs[i] = CreateMutex(NULL,FALSE,NULL);
+ }
+
+ CRYPTO_set_locking_callback((void (*)(int,int,const char *,int))myLockingCallback);
+ /* id callback defined */
+}
+
+static void threadLockCleanup(void) {
+ int i;
+
+ CRYPTO_set_locking_callback(NULL);
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ CloseHandle(lock_cs[i]);
+ }
+ OPENSSL_free(lock_cs);
+}
+
+static void myLockingCallback(int mode, int type, const char *file, int line) {
+ if (mode & CRYPTO_LOCK) {
+ WaitForSingleObject(lock_cs[type], INFINITE);
+ }
+ else {
+ ReleaseMutex(lock_cs[type]);
+ }
+}
+
+#endif /* OPENSSL_SYS_WIN32 */
+
+
+#if defined SOLARIS && !defined HAVE_PTHREAD_H
+
+static mutex_t *lock_cs;
+static long *lock_count;
+
+static void threadLockSetup(void) {
+ int i;
+
+ lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
+ lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ lock_count[i] = 0;
+ /* rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL); */
+ mutex_init(&(lock_cs[i]), USYNC_THREAD, NULL);
+ }
+ CRYPTO_set_locking_callback((void (*)(int, int ,const char *, int))myLockingCallback);
+}
+
+static void threadLockCleanup(void) {
+ int i;
+
+ CRYPTO_set_locking_callback(NULL);
+
+ fprintf(stderr,"cleanup\n");
+
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ /* rwlock_destroy(&(lock_cs[i])); */
+ mutex_destroy(&(lock_cs[i]));
+ fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));
+ }
+ OPENSSL_free(lock_cs);
+ OPENSSL_free(lock_count);
+}
+
+static void myLockingCallback(int mode, int type, const char *file, int line)
+{
+#ifdef undef
+ fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode&CRYPTO_LOCK)?"l":"u",
+ (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+
+ /*
+ if (CRYPTO_LOCK_SSL_CERT == type)
+ fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+ CRYPTO_thread_id(),
+ mode,file,line);
+ */
+ if (mode & CRYPTO_LOCK) {
+ mutex_lock(&(lock_cs[type]));
+ lock_count[type]++;
+ }
+ else {
+ mutex_unlock(&(lock_cs[type]));
+ }
+}
+
+static unsigned long solaris_thread_id(void) {
+ unsigned long ret;
+
+ ret=(unsigned long)thr_self();
+ return(ret);
+}
+#endif /* SOLARIS */
+
+
+static pthread_mutex_t* lock_cs;
+static long* lock_count;
+
+static void threadLockSetup(void) {
+ int i;
+
+ lock_cs = (pthread_mutex_t*)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
+ lock_count = (long*)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ lock_count[i] = 0;
+ pthread_mutex_init(&(lock_cs[i]),NULL);
+ }
+
+ // CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
+ CRYPTO_set_locking_callback((void (*)(int,int,const char *, int))myLockingCallback);
+}
+
+static void threadLockCleanup(void)
+{
+ int i;
+
+ CRYPTO_set_locking_callback(NULL);
+ fprintf(stderr,"cleanup\n");
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ pthread_mutex_destroy(&(lock_cs[i]));
+ fprintf(stderr,"%8ld:%s\n",lock_count[i],
+ CRYPTO_get_lock_name(i));
+ }
+ OPENSSL_free(lock_cs);
+ OPENSSL_free(lock_count);
+}
+
+static void myLockingCallback(int mode, int type, const char *file,
+ int line) {
+#ifdef undef
+ fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode&CRYPTO_LOCK)?"l":"u",
+ (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+ if (mode & CRYPTO_LOCK) {
+ pthread_mutex_lock(&(lock_cs[type]));
+ lock_count[type]++;
+ }
+ else {
+ pthread_mutex_unlock(&(lock_cs[type]));
+ }
+}
+
+/*
+static unsigned long pthreads_thread_id(void)
+{
+ unsigned long ret;
+
+ ret = (unsigned long)pthread_self();
+ return(ret);
+}
+*/
+
diff --git a/jni/libzrtp/sources/zrtp/crypto/openssl/aesCFB.cpp b/jni/libzrtp/sources/zrtp/crypto/openssl/aesCFB.cpp
new file mode 100644
index 0000000..bac29f5
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/openssl/aesCFB.cpp
@@ -0,0 +1,89 @@
+/*
+ Copyright (C) 2006, 2007 by Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+
+/** Copyright (C) 2006, 2007
+ *
+ * @author Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/aes.h>
+#include <string.h>
+
+#include <zrtp/crypto/aesCFB.h>
+
+// extern void initializeOpenSSL();
+
+
+void aesCfbEncrypt(uint8_t* key, int32_t keyLength, uint8_t* IV, uint8_t *data,
+ int32_t dataLength)
+{
+ AES_KEY aesKey;
+ int usedBytes = 0;
+
+// initializeOpenSSL();
+
+ memset(&aesKey, 0, sizeof( AES_KEY ) );
+ if (keyLength == 16) {
+ AES_set_encrypt_key(key, 128, &aesKey);
+ }
+ else if (keyLength == 32) {
+ AES_set_encrypt_key(key, 256, &aesKey);
+ }
+ else {
+ return;
+ }
+ AES_cfb128_encrypt(data, data, dataLength, &aesKey,
+ IV, &usedBytes, AES_ENCRYPT);
+}
+
+
+void aesCfbDecrypt(uint8_t* key, int32_t keyLength, uint8_t* IV, uint8_t *data,
+ int32_t dataLength)
+{
+ AES_KEY aesKey;
+ int usedBytes = 0;
+
+// initializeOpenSSL();
+
+ memset(&aesKey, 0, sizeof( AES_KEY ) );
+ if (keyLength == 16) {
+ AES_set_encrypt_key(key, 128, &aesKey);
+ }
+ else if (keyLength == 32) {
+ AES_set_encrypt_key(key, 256, &aesKey);
+ }
+ else {
+ return;
+ }
+ AES_cfb128_encrypt(data, data, dataLength, &aesKey,
+ IV, &usedBytes, AES_DECRYPT);
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/openssl/hmac256.cpp b/jni/libzrtp/sources/zrtp/crypto/openssl/hmac256.cpp
new file mode 100644
index 0000000..40e4e82
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/openssl/hmac256.cpp
@@ -0,0 +1,67 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson@it.kth.se>
+ * Johan Bilien <jobi@via.ecp.fr>
+ */
+
+#include <openssl/hmac.h>
+#include <crypto/hmac256.h>
+
+void hmac_sha256(uint8_t* key, uint32_t key_length,
+ uint8_t* data, int32_t data_length,
+ uint8_t* mac, uint32_t* mac_length)
+{
+ unsigned int tmp;
+ HMAC( EVP_sha256(), key, key_length, data, data_length, mac, &tmp );
+ *mac_length = tmp;
+}
+
+void hmac_sha256(uint8_t* key, uint32_t key_length,
+ uint8_t* data_chunks[],
+ uint32_t data_chunck_length[],
+ uint8_t* mac, uint32_t* mac_length )
+{
+ unsigned int tmp;
+ HMAC_CTX ctx;
+ HMAC_CTX_init( &ctx );
+ HMAC_Init_ex( &ctx, key, key_length, EVP_sha256(), NULL );
+ while( *data_chunks ){
+ HMAC_Update( &ctx, *data_chunks, *data_chunck_length );
+ data_chunks ++;
+ data_chunck_length ++;
+ }
+ HMAC_Final( &ctx, mac, &tmp);
+ *mac_length = tmp;
+ HMAC_CTX_cleanup( &ctx );
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/openssl/hmac384.cpp b/jni/libzrtp/sources/zrtp/crypto/openssl/hmac384.cpp
new file mode 100644
index 0000000..8181cd6
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/openssl/hmac384.cpp
@@ -0,0 +1,65 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+
+*/
+
+/*
+ * Authors: Erik Eliasson <eliasson@it.kth.se>
+ * Johan Bilien <jobi@via.ecp.fr>
+ */
+
+#include <openssl/hmac.h>
+#include <zrtp/crypto/hmac256.h>
+
+void hmac_sha384(uint8_t* key, uint32_t key_length, uint8_t* data, int32_t data_length, uint8_t* mac, uint32_t* mac_length)
+{
+ unsigned int tmp;
+ HMAC( EVP_sha384(), key, key_length, data, data_length, mac, &tmp );
+ *mac_length = tmp;
+}
+
+void hmac_sha384(uint8_t* key, uint32_t key_length,
+ uint8_t* data_chunks[],
+ uint32_t data_chunck_length[],
+ uint8_t* mac, uint32_t* mac_length )
+{
+ unsigned int tmp;
+ HMAC_CTX ctx;
+ HMAC_CTX_init( &ctx );
+ HMAC_Init_ex( &ctx, key, key_length, EVP_sha384(), NULL );
+ while( *data_chunks ){
+ HMAC_Update( &ctx, *data_chunks, *data_chunck_length );
+ data_chunks ++;
+ data_chunck_length ++;
+ }
+ HMAC_Final( &ctx, mac, &tmp);
+ *mac_length = tmp;
+ HMAC_CTX_cleanup( &ctx );
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/openssl/sha256.cpp b/jni/libzrtp/sources/zrtp/crypto/openssl/sha256.cpp
new file mode 100644
index 0000000..bc2e222
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/openssl/sha256.cpp
@@ -0,0 +1,97 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+
+/**
+ * @author Erik Eliasson <eliasson@it.kth.se>
+ * Johan Bilien <jobi@via.ecp.fr>
+ * Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+
+#include <crypto/sha256.h>
+
+void sha256(unsigned char *data, unsigned int data_length,
+ unsigned char *digest )
+{
+ SHA256(data, data_length, digest);
+}
+
+void sha256(unsigned char * data_chunks[],
+ unsigned int data_chunck_length[],
+ unsigned char *digest)
+{
+ SHA256_CTX ctx;
+ SHA256_Init( &ctx);
+ while(*data_chunks) {
+ SHA256_Update(&ctx, *data_chunks, *data_chunck_length);
+ data_chunks++;
+ data_chunck_length++;
+ }
+ SHA256_Final(digest, &ctx);
+}
+
+void* createSha256Context()
+{
+ SHA256_CTX* ctx = (SHA256_CTX*)malloc(sizeof (SHA256_CTX));
+ SHA256_Init(ctx);
+ return (void*)ctx;
+}
+
+void closeSha256Context(void* ctx, unsigned char* digest)
+{
+ SHA256_CTX* hd = (SHA256_CTX*)ctx;
+
+ if (digest != NULL) {
+ SHA256_Final(digest, hd);
+ }
+ free(hd);
+}
+
+void sha256Ctx(void* ctx, unsigned char* data,
+ unsigned int dataLength)
+{
+ SHA256_CTX* hd = (SHA256_CTX*)ctx;
+ SHA256_Update(hd, data, dataLength);
+}
+
+void sha256Ctx(void* ctx, unsigned char* dataChunks[],
+ unsigned int dataChunkLength[])
+{
+ SHA256_CTX* hd = (SHA256_CTX*)ctx;
+
+ while (*dataChunks) {
+ SHA256_Update (hd, *dataChunks, *dataChunkLength);
+ dataChunks++;
+ dataChunkLength++;
+ }
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/openssl/sha384.cpp b/jni/libzrtp/sources/zrtp/crypto/openssl/sha384.cpp
new file mode 100644
index 0000000..9fcf316
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/openssl/sha384.cpp
@@ -0,0 +1,97 @@
+/*
+ Copyright (C) 2005, 2004 Erik Eliasson, Johan Bilien
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+
+/**
+ * @author Erik Eliasson <eliasson@it.kth.se>
+ * Johan Bilien <jobi@via.ecp.fr>
+ * Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+
+#include <crypto/sha384.h>
+
+void sha384(unsigned char *data, unsigned int data_length,
+ unsigned char *digest )
+{
+ SHA384(data, data_length, digest);
+}
+
+void sha384(unsigned char * data_chunks[],
+ unsigned int data_chunck_length[],
+ unsigned char *digest)
+{
+ SHA512_CTX ctx;
+ SHA384_Init( &ctx);
+ while(*data_chunks) {
+ SHA384_Update(&ctx, *data_chunks, *data_chunck_length);
+ data_chunks++;
+ data_chunck_length++;
+ }
+ SHA384_Final(digest, &ctx);
+}
+
+void* createSha384Context()
+{
+ SHA512_CTX* ctx = (SHA512_CTX*)malloc(sizeof (SHA512_CTX));
+ SHA384_Init(ctx);
+ return (void*)ctx;
+}
+
+void closeSha384Context(void* ctx, unsigned char* digest)
+{
+ SHA512_CTX* hd = (SHA512_CTX*)ctx;
+
+ if (digest != NULL) {
+ SHA384_Final(digest, hd);
+ }
+ free(hd);
+}
+
+void sha384Ctx(void* ctx, unsigned char* data,
+ unsigned int dataLength)
+{
+ SHA512_CTX* hd = (SHA512_CTX*)ctx;
+ SHA384_Update(hd, data, dataLength);
+}
+
+void sha384Ctx(void* ctx, unsigned char* dataChunks[],
+ unsigned int dataChunkLength[])
+{
+ SHA512_CTX* hd = (SHA512_CTX*)ctx;
+
+ while (*dataChunks) {
+ SHA384_Update (hd, *dataChunks, *dataChunkLength);
+ dataChunks++;
+ dataChunkLength++;
+ }
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/openssl/zrtpDH.cpp b/jni/libzrtp/sources/zrtp/crypto/openssl/zrtpDH.cpp
new file mode 100644
index 0000000..d5b8cc9
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/openssl/zrtpDH.cpp
@@ -0,0 +1,426 @@
+/*
+ Copyright (C) 2006, 2009 by Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+
+/** Copyright (C) 2006, 2009
+ *
+ * @author Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/dh.h>
+#include <openssl/evp.h>
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+
+#include <zrtp/crypto/zrtpDH.h>
+#include <zrtp/libzrtpcpp/ZrtpTextData.h>
+
+// extern void initializeOpenSSL();
+
+static BIGNUM* bnP2048 = NULL;
+static BIGNUM* bnP3072 = NULL;
+// static BIGNUM* bnP4096 = NULL;
+
+static BIGNUM* bnP2048MinusOne = NULL;
+static BIGNUM* bnP3072MinusOne = NULL;
+// static BIGNUM* bnP4096MinusOne = NULL;
+
+static uint8_t dhinit = 0;
+
+void randomZRTP(uint8_t *buf, int32_t length)
+{
+// initializeOpenSSL();
+ RAND_bytes(buf, length);
+}
+
+static const uint8_t P2048[] =
+{
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF
+};
+
+static const uint8_t P3072[] =
+{
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+ 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+
+/* **************
+static const uint8_t P4096[] =
+{
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
+0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
+0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
+0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
+0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
+0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+*************** */
+
+ZrtpDH::ZrtpDH(const char* type) {
+
+ uint8_t random[64];
+
+ // Well - the algo type is only 4 char thus cast to int32 and compare
+ if (*(int32_t*)type == *(int32_t*)dh2k) {
+ pkType = DH2K;
+ }
+ else if (*(int32_t*)type == *(int32_t*)dh3k) {
+ pkType = DH3K;
+ }
+ else if (*(int32_t*)type == *(int32_t*)ec25) {
+ pkType = EC25;
+ }
+ else if (*(int32_t*)type == *(int32_t*)ec38) {
+ pkType = EC38;
+ }
+ else {
+ return;
+ }
+
+// initializeOpenSSL();
+
+ if (!dhinit) {
+ bnP2048 = BN_bin2bn(P2048,sizeof(P2048),NULL);
+ bnP3072 = BN_bin2bn(P3072,sizeof(P3072),NULL);
+// bnP4096 = BN_bin2bn(P4096,sizeof(P4096),NULL);
+
+ bnP2048MinusOne = BN_dup(bnP2048);
+ BN_sub_word(bnP2048MinusOne, 1);
+
+ bnP3072MinusOne = BN_dup(bnP3072);
+ BN_sub_word(bnP3072MinusOne, 1);
+
+// bnP4096MinusOne = BN_dup(bnP4096);
+// BN_sub_word(bnP4096MinusOne, 1);
+ dhinit = 1;
+ }
+
+ DH* tmpCtx = NULL;
+ switch (pkType) {
+ case DH2K:
+ case DH3K:
+ ctx = static_cast<void*>(DH_new());
+ tmpCtx = static_cast<DH*>(ctx);
+ tmpCtx->g = BN_new();
+ BN_set_word(tmpCtx->g, DH_GENERATOR_2);
+
+ if (pkType == DH2K) {
+ tmpCtx->p = BN_dup(bnP2048);
+ RAND_bytes(random, 32);
+ tmpCtx->priv_key = BN_bin2bn(random, 32, NULL);
+ }
+ else if (pkType == DH3K) {
+ tmpCtx->p = BN_dup(bnP3072);
+ RAND_bytes(random, 64);
+ tmpCtx->priv_key = BN_bin2bn(random, 32, NULL);
+ }
+ break;
+
+ case EC25:
+ ctx = static_cast<void*>(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+ break;
+ case EC38:
+ ctx = static_cast<void*>(EC_KEY_new_by_curve_name(NID_secp384r1));
+ break;
+ }
+}
+
+ZrtpDH::~ZrtpDH() {
+ if (ctx == NULL)
+ return;
+
+ switch (pkType) {
+ case DH2K:
+ case DH3K:
+ DH_free(static_cast<DH*>(ctx));
+ break;
+
+ case EC25:
+ case EC38:
+ EC_KEY_free(static_cast<EC_KEY*>(ctx));
+ break;
+ }
+}
+
+int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) {
+
+ if (pkType == DH2K || pkType == DH3K) {
+ DH* tmpCtx = static_cast<DH*>(ctx);
+
+ if (tmpCtx->pub_key != NULL) {
+ BN_free(tmpCtx->pub_key);
+ }
+ tmpCtx->pub_key = BN_bin2bn(pubKeyBytes, getDhSize(), NULL);
+ return DH_compute_key(secret, tmpCtx->pub_key, tmpCtx);
+ }
+ if (pkType == EC25 || pkType == EC38) {
+ uint8_t buffer[100];
+ int32_t ret;
+ int32_t len = getPubKeySize();
+
+ buffer[0] = POINT_CONVERSION_UNCOMPRESSED;
+ memcpy(buffer+1, pubKeyBytes, len);
+
+ EC_POINT* point = EC_POINT_new(EC_KEY_get0_group(static_cast<EC_KEY*>(ctx)));
+ EC_POINT_oct2point(EC_KEY_get0_group(static_cast<EC_KEY*>(ctx)),
+ point, buffer, len+1, NULL);
+ ret = ECDH_compute_key(secret, getDhSize(), point, static_cast<EC_KEY*>(ctx), NULL);
+ EC_POINT_free(point);
+ return ret;
+ }
+ return -1;
+}
+
+int32_t ZrtpDH::generatePublicKey()
+{
+ if (pkType == DH2K || pkType == DH3K)
+ return DH_generate_key(static_cast<DH*>(ctx));
+
+ if (pkType == EC25 || pkType == EC38)
+ return EC_KEY_generate_key(static_cast<EC_KEY*>(ctx));
+ return 0;
+}
+
+int32_t ZrtpDH::getDhSize() const
+{
+ if (pkType == DH2K || pkType == DH3K)
+ return DH_size(static_cast<DH*>(ctx));
+
+ if (pkType == EC25)
+ return 32;
+ if (pkType == EC38)
+ return 48;
+
+ return 0;
+}
+
+int32_t ZrtpDH::getPubKeySize() const
+{
+ if (pkType == DH2K || pkType == DH3K)
+ return BN_num_bytes(static_cast<DH*>(ctx)->pub_key);
+
+ if (pkType == EC25 || pkType == EC38)
+ return EC_POINT_point2oct(EC_KEY_get0_group(static_cast<EC_KEY*>(ctx)),
+ EC_KEY_get0_public_key(static_cast<EC_KEY*>(ctx)),
+ POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL) - 1;
+ return 0;
+
+}
+
+int32_t ZrtpDH::getPubKeyBytes(uint8_t *buf) const
+{
+
+ if (pkType == DH2K || pkType == DH3K) {
+ // get len of pub_key, prepend with zeros to DH size
+ int32_t prepend = getDhSize() - getPubKeySize();
+ if (prepend > 0) {
+ memset(buf, 0, prepend);
+ }
+ return BN_bn2bin(static_cast<DH*>(ctx)->pub_key, buf + prepend);
+ }
+ if (pkType == EC25 || pkType == EC38) {
+ uint8_t buffer[100];
+
+ int len = EC_POINT_point2oct(EC_KEY_get0_group(static_cast<EC_KEY*>(ctx)),
+ EC_KEY_get0_public_key(static_cast<EC_KEY*>(ctx)),
+ POINT_CONVERSION_UNCOMPRESSED, buffer, 100, NULL);
+ memcpy(buf, buffer+1, len-1);
+ return len-1;
+ }
+ return 0;
+}
+
+int32_t ZrtpDH::checkPubKey(uint8_t *pubKeyBytes) const
+{
+ if (pkType == EC25 || pkType == EC38) {
+ uint8_t buffer[100];
+ int32_t ret;
+ int32_t len = getPubKeySize();
+
+ buffer[0] = POINT_CONVERSION_UNCOMPRESSED;
+ memcpy(buffer+1, pubKeyBytes, len);
+
+ EC_POINT* point = EC_POINT_new(EC_KEY_get0_group(static_cast<EC_KEY*>(ctx)));
+ EC_POINT_oct2point(EC_KEY_get0_group(static_cast<EC_KEY*>(ctx)),
+ point, buffer, len+1, NULL);
+ EC_KEY* chkKey = EC_KEY_new();
+ EC_KEY_set_group(chkKey, EC_KEY_get0_group(static_cast<EC_KEY*>(ctx)));
+ EC_KEY_set_public_key(chkKey, point);
+ ret = EC_KEY_check_key(chkKey);
+
+ EC_POINT_free(point);
+ EC_KEY_free(chkKey);
+
+ return ret;
+ }
+
+ BIGNUM* pubKeyOther = BN_bin2bn(pubKeyBytes, getDhSize(), NULL);
+
+ if (pkType == DH2K) {
+ if (BN_cmp(bnP2048MinusOne, pubKeyOther) == 0)
+ return 0;
+ }
+ else if (pkType == DH3K) {
+ if (BN_cmp(bnP3072MinusOne, pubKeyOther) == 0)
+ return 0;
+ }
+ else {
+// if (BN_cmp(bnP4096MinusOne, pubKeyOther) == 0)
+ return 0;
+ }
+ int one = BN_is_one(pubKeyOther);
+ if (one == 1)
+ return 0;
+
+ BN_free(pubKeyOther);
+ return 1;
+}
+
+const char* ZrtpDH::getDHtype()
+{
+ switch (pkType) {
+ case DH2K:
+ return dh2k;
+ break;
+ case DH3K:
+ return dh3k;
+ break;
+ case EC25:
+ return ec25;
+ break;
+ case EC38:
+ return ec38;
+ break;
+ }
+ return NULL;
+}
+
+/** EMACS **
+ * Local variables:
+ * mode: c++
+ * c-default-style: ellemtel
+ * c-basic-offset: 4
+ * End:
+ */
diff --git a/jni/libzrtp/sources/zrtp/crypto/sha2.c b/jni/libzrtp/sources/zrtp/crypto/sha2.c
new file mode 100644
index 0000000..22761f3
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/sha2.c
@@ -0,0 +1,773 @@
+/*
+ ---------------------------------------------------------------------------
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
+
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 01/08/2005
+
+ This is a byte oriented version of SHA2 that operates on arrays of bytes
+ stored in memory. This code implements sha256, sha384 and sha512 but the
+ latter two functions rely on efficient 64-bit integer operations that
+ may not be very efficient on 32-bit machines
+
+ The sha256 functions use a type 'sha256_ctx' to hold details of the
+ current hash state and uses the following three calls:
+
+ void sha256_begin(sha256_ctx ctx[1])
+ void sha256_hash(const unsigned char data[],
+ unsigned long len, sha256_ctx ctx[1])
+ void sha_end1(unsigned char hval[], sha256_ctx ctx[1])
+
+ The first subroutine initialises a hash computation by setting up the
+ context in the sha256_ctx context. The second subroutine hashes 8-bit
+ bytes from array data[] into the hash state withinh sha256_ctx context,
+ the number of bytes to be hashed being given by the the unsigned long
+ integer len. The third subroutine completes the hash calculation and
+ places the resulting digest value in the array of 8-bit bytes hval[].
+
+ The sha384 and sha512 functions are similar and use the interfaces:
+
+ void sha384_begin(sha384_ctx ctx[1]);
+ void sha384_hash(const unsigned char data[],
+ unsigned long len, sha384_ctx ctx[1]);
+ void sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
+
+ void sha512_begin(sha512_ctx ctx[1]);
+ void sha512_hash(const unsigned char data[],
+ unsigned long len, sha512_ctx ctx[1]);
+ void sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
+
+ In addition there is a function sha2 that can be used to call all these
+ functions using a call with a hash length parameter as follows:
+
+ int sha2_begin(unsigned long len, sha2_ctx ctx[1]);
+ void sha2_hash(const unsigned char data[],
+ unsigned long len, sha2_ctx ctx[1]);
+ void sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
+
+ My thanks to Erik Andersen <andersen@codepoet.org> for testing this code
+ on big-endian systems and for his assistance with corrections
+*/
+
+#if 0
+#define UNROLL_SHA2 /* for SHA2 loop unroll */
+#endif
+
+#include <string.h> /* for memcpy() etc. */
+
+#include "sha2.h"
+
+#include <cryptcommon/brg_endian.h>
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+#if defined( _MSC_VER ) && ( _MSC_VER > 800 )
+#pragma intrinsic(memcpy)
+#endif
+
+#if 0 && defined(_MSC_VER)
+#define rotl32 _lrotl
+#define rotr32 _lrotr
+#else
+#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
+#define rotr32(x,n) (((x) >> n) | ((x) << (32 - n)))
+#endif
+
+#if !defined(bswap_32)
+#define bswap_32(x) ((rotr32((x), 24) & 0x00ff00ff) | (rotr32((x), 8) & 0xff00ff00))
+#endif
+
+#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
+#define SWAP_BYTES
+#else
+#undef SWAP_BYTES
+#endif
+
+#if 0
+
+#define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
+#define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#else /* Thanks to Rich Schroeppel and Colin Plumb for the following */
+
+#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
+#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y))))
+
+#endif
+
+/* round transforms for SHA256 and SHA512 compression functions */
+
+#define vf(n,i) v[(n - i) & 7]
+
+#define hf(i) (p[i & 15] += \
+ g_1(p[(i + 14) & 15]) + p[(i + 9) & 15] + g_0(p[(i + 1) & 15]))
+
+#define v_cycle(i,j) \
+ vf(7,i) += (j ? hf(i) : p[i]) + k_0[i+j] \
+ + s_1(vf(4,i)) + ch(vf(4,i),vf(5,i),vf(6,i)); \
+ vf(3,i) += vf(7,i); \
+ vf(7,i) += s_0(vf(0,i))+ maj(vf(0,i),vf(1,i),vf(2,i))
+
+#if defined(SHA_224) || defined(SHA_256)
+
+#define SHA256_MASK (SHA256_BLOCK_SIZE - 1)
+
+#if defined(SWAP_BYTES)
+#define bsw_32(p,n) \
+ { int _i = (n); while(_i--) ((uint_32t*)p)[_i] = bswap_32(((uint_32t*)p)[_i]); }
+#else
+#define bsw_32(p,n)
+#endif
+
+#define s_0(x) (rotr32((x), 2) ^ rotr32((x), 13) ^ rotr32((x), 22))
+#define s_1(x) (rotr32((x), 6) ^ rotr32((x), 11) ^ rotr32((x), 25))
+#define g_0(x) (rotr32((x), 7) ^ rotr32((x), 18) ^ ((x) >> 3))
+#define g_1(x) (rotr32((x), 17) ^ rotr32((x), 19) ^ ((x) >> 10))
+#define k_0 k256
+
+/* rotated SHA256 round definition. Rather than swapping variables as in */
+/* FIPS-180, different variables are 'rotated' on each round, returning */
+/* to their starting positions every eight rounds */
+
+#define q(n) v##n
+
+#define one_cycle(a,b,c,d,e,f,g,h,k,w) \
+ q(h) += s_1(q(e)) + ch(q(e), q(f), q(g)) + k + w; \
+ q(d) += q(h); q(h) += s_0(q(a)) + maj(q(a), q(b), q(c))
+
+/* SHA256 mixing data */
+
+const uint_32t k256[64] =
+{ 0x428a2f98ul, 0x71374491ul, 0xb5c0fbcful, 0xe9b5dba5ul,
+ 0x3956c25bul, 0x59f111f1ul, 0x923f82a4ul, 0xab1c5ed5ul,
+ 0xd807aa98ul, 0x12835b01ul, 0x243185beul, 0x550c7dc3ul,
+ 0x72be5d74ul, 0x80deb1feul, 0x9bdc06a7ul, 0xc19bf174ul,
+ 0xe49b69c1ul, 0xefbe4786ul, 0x0fc19dc6ul, 0x240ca1ccul,
+ 0x2de92c6ful, 0x4a7484aaul, 0x5cb0a9dcul, 0x76f988daul,
+ 0x983e5152ul, 0xa831c66dul, 0xb00327c8ul, 0xbf597fc7ul,
+ 0xc6e00bf3ul, 0xd5a79147ul, 0x06ca6351ul, 0x14292967ul,
+ 0x27b70a85ul, 0x2e1b2138ul, 0x4d2c6dfcul, 0x53380d13ul,
+ 0x650a7354ul, 0x766a0abbul, 0x81c2c92eul, 0x92722c85ul,
+ 0xa2bfe8a1ul, 0xa81a664bul, 0xc24b8b70ul, 0xc76c51a3ul,
+ 0xd192e819ul, 0xd6990624ul, 0xf40e3585ul, 0x106aa070ul,
+ 0x19a4c116ul, 0x1e376c08ul, 0x2748774cul, 0x34b0bcb5ul,
+ 0x391c0cb3ul, 0x4ed8aa4aul, 0x5b9cca4ful, 0x682e6ff3ul,
+ 0x748f82eeul, 0x78a5636ful, 0x84c87814ul, 0x8cc70208ul,
+ 0x90befffaul, 0xa4506cebul, 0xbef9a3f7ul, 0xc67178f2ul,
+};
+
+/* Compile 64 bytes of hash data into SHA256 digest value */
+/* NOTE: this routine assumes that the byte order in the */
+/* ctx->wbuf[] at this point is such that low address bytes */
+/* in the ORIGINAL byte stream will go into the high end of */
+/* words on BOTH big and little endian systems */
+
+VOID_RETURN sha256_compile(sha256_ctx ctx[1])
+{
+#if !defined(UNROLL_SHA2)
+
+ uint_32t j, *p = ctx->wbuf, v[8];
+
+ memcpy(v, ctx->hash, 8 * sizeof(uint_32t));
+
+ for(j = 0; j < 64; j += 16)
+ {
+ v_cycle( 0, j); v_cycle( 1, j);
+ v_cycle( 2, j); v_cycle( 3, j);
+ v_cycle( 4, j); v_cycle( 5, j);
+ v_cycle( 6, j); v_cycle( 7, j);
+ v_cycle( 8, j); v_cycle( 9, j);
+ v_cycle(10, j); v_cycle(11, j);
+ v_cycle(12, j); v_cycle(13, j);
+ v_cycle(14, j); v_cycle(15, j);
+ }
+
+ ctx->hash[0] += v[0]; ctx->hash[1] += v[1];
+ ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
+ ctx->hash[4] += v[4]; ctx->hash[5] += v[5];
+ ctx->hash[6] += v[6]; ctx->hash[7] += v[7];
+
+#else
+
+ uint_32t *p = ctx->wbuf,v0,v1,v2,v3,v4,v5,v6,v7;
+
+ v0 = ctx->hash[0]; v1 = ctx->hash[1];
+ v2 = ctx->hash[2]; v3 = ctx->hash[3];
+ v4 = ctx->hash[4]; v5 = ctx->hash[5];
+ v6 = ctx->hash[6]; v7 = ctx->hash[7];
+
+ one_cycle(0,1,2,3,4,5,6,7,k256[ 0],p[ 0]);
+ one_cycle(7,0,1,2,3,4,5,6,k256[ 1],p[ 1]);
+ one_cycle(6,7,0,1,2,3,4,5,k256[ 2],p[ 2]);
+ one_cycle(5,6,7,0,1,2,3,4,k256[ 3],p[ 3]);
+ one_cycle(4,5,6,7,0,1,2,3,k256[ 4],p[ 4]);
+ one_cycle(3,4,5,6,7,0,1,2,k256[ 5],p[ 5]);
+ one_cycle(2,3,4,5,6,7,0,1,k256[ 6],p[ 6]);
+ one_cycle(1,2,3,4,5,6,7,0,k256[ 7],p[ 7]);
+ one_cycle(0,1,2,3,4,5,6,7,k256[ 8],p[ 8]);
+ one_cycle(7,0,1,2,3,4,5,6,k256[ 9],p[ 9]);
+ one_cycle(6,7,0,1,2,3,4,5,k256[10],p[10]);
+ one_cycle(5,6,7,0,1,2,3,4,k256[11],p[11]);
+ one_cycle(4,5,6,7,0,1,2,3,k256[12],p[12]);
+ one_cycle(3,4,5,6,7,0,1,2,k256[13],p[13]);
+ one_cycle(2,3,4,5,6,7,0,1,k256[14],p[14]);
+ one_cycle(1,2,3,4,5,6,7,0,k256[15],p[15]);
+
+ one_cycle(0,1,2,3,4,5,6,7,k256[16],hf( 0));
+ one_cycle(7,0,1,2,3,4,5,6,k256[17],hf( 1));
+ one_cycle(6,7,0,1,2,3,4,5,k256[18],hf( 2));
+ one_cycle(5,6,7,0,1,2,3,4,k256[19],hf( 3));
+ one_cycle(4,5,6,7,0,1,2,3,k256[20],hf( 4));
+ one_cycle(3,4,5,6,7,0,1,2,k256[21],hf( 5));
+ one_cycle(2,3,4,5,6,7,0,1,k256[22],hf( 6));
+ one_cycle(1,2,3,4,5,6,7,0,k256[23],hf( 7));
+ one_cycle(0,1,2,3,4,5,6,7,k256[24],hf( 8));
+ one_cycle(7,0,1,2,3,4,5,6,k256[25],hf( 9));
+ one_cycle(6,7,0,1,2,3,4,5,k256[26],hf(10));
+ one_cycle(5,6,7,0,1,2,3,4,k256[27],hf(11));
+ one_cycle(4,5,6,7,0,1,2,3,k256[28],hf(12));
+ one_cycle(3,4,5,6,7,0,1,2,k256[29],hf(13));
+ one_cycle(2,3,4,5,6,7,0,1,k256[30],hf(14));
+ one_cycle(1,2,3,4,5,6,7,0,k256[31],hf(15));
+
+ one_cycle(0,1,2,3,4,5,6,7,k256[32],hf( 0));
+ one_cycle(7,0,1,2,3,4,5,6,k256[33],hf( 1));
+ one_cycle(6,7,0,1,2,3,4,5,k256[34],hf( 2));
+ one_cycle(5,6,7,0,1,2,3,4,k256[35],hf( 3));
+ one_cycle(4,5,6,7,0,1,2,3,k256[36],hf( 4));
+ one_cycle(3,4,5,6,7,0,1,2,k256[37],hf( 5));
+ one_cycle(2,3,4,5,6,7,0,1,k256[38],hf( 6));
+ one_cycle(1,2,3,4,5,6,7,0,k256[39],hf( 7));
+ one_cycle(0,1,2,3,4,5,6,7,k256[40],hf( 8));
+ one_cycle(7,0,1,2,3,4,5,6,k256[41],hf( 9));
+ one_cycle(6,7,0,1,2,3,4,5,k256[42],hf(10));
+ one_cycle(5,6,7,0,1,2,3,4,k256[43],hf(11));
+ one_cycle(4,5,6,7,0,1,2,3,k256[44],hf(12));
+ one_cycle(3,4,5,6,7,0,1,2,k256[45],hf(13));
+ one_cycle(2,3,4,5,6,7,0,1,k256[46],hf(14));
+ one_cycle(1,2,3,4,5,6,7,0,k256[47],hf(15));
+
+ one_cycle(0,1,2,3,4,5,6,7,k256[48],hf( 0));
+ one_cycle(7,0,1,2,3,4,5,6,k256[49],hf( 1));
+ one_cycle(6,7,0,1,2,3,4,5,k256[50],hf( 2));
+ one_cycle(5,6,7,0,1,2,3,4,k256[51],hf( 3));
+ one_cycle(4,5,6,7,0,1,2,3,k256[52],hf( 4));
+ one_cycle(3,4,5,6,7,0,1,2,k256[53],hf( 5));
+ one_cycle(2,3,4,5,6,7,0,1,k256[54],hf( 6));
+ one_cycle(1,2,3,4,5,6,7,0,k256[55],hf( 7));
+ one_cycle(0,1,2,3,4,5,6,7,k256[56],hf( 8));
+ one_cycle(7,0,1,2,3,4,5,6,k256[57],hf( 9));
+ one_cycle(6,7,0,1,2,3,4,5,k256[58],hf(10));
+ one_cycle(5,6,7,0,1,2,3,4,k256[59],hf(11));
+ one_cycle(4,5,6,7,0,1,2,3,k256[60],hf(12));
+ one_cycle(3,4,5,6,7,0,1,2,k256[61],hf(13));
+ one_cycle(2,3,4,5,6,7,0,1,k256[62],hf(14));
+ one_cycle(1,2,3,4,5,6,7,0,k256[63],hf(15));
+
+ ctx->hash[0] += v0; ctx->hash[1] += v1;
+ ctx->hash[2] += v2; ctx->hash[3] += v3;
+ ctx->hash[4] += v4; ctx->hash[5] += v5;
+ ctx->hash[6] += v6; ctx->hash[7] += v7;
+#endif
+}
+
+/* SHA256 hash data in an array of bytes into hash buffer */
+/* and call the hash_compile function as required. */
+
+VOID_RETURN sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1])
+{ uint_32t pos = (uint_32t)(ctx->count[0] & SHA256_MASK),
+ space = SHA256_BLOCK_SIZE - pos;
+ const unsigned char *sp = data;
+
+ if((ctx->count[0] += len) < len)
+ ++(ctx->count[1]);
+
+ while(len >= space) /* tranfer whole blocks while possible */
+ {
+ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
+ sp += space; len -= space; space = SHA256_BLOCK_SIZE; pos = 0;
+ bsw_32(ctx->wbuf, SHA256_BLOCK_SIZE >> 2)
+ sha256_compile(ctx);
+ }
+
+ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
+}
+
+/* SHA256 Final padding and digest calculation */
+
+static void sha_end1(unsigned char hval[], sha256_ctx ctx[1], const unsigned int hlen)
+{ uint_32t i = (uint_32t)(ctx->count[0] & SHA256_MASK);
+
+ /* put bytes in the buffer in an order in which references to */
+ /* 32-bit words will put bytes with lower addresses into the */
+ /* top of 32 bit words on BOTH big and little endian machines */
+ bsw_32(ctx->wbuf, (i + 3) >> 2)
+
+ /* we now need to mask valid bytes and add the padding which is */
+ /* a single 1 bit and as many zero bits as necessary. Note that */
+ /* we can always add the first padding byte here because the */
+ /* buffer always has at least one empty slot */
+ ctx->wbuf[i >> 2] &= 0xffffff80 << 8 * (~i & 3);
+ ctx->wbuf[i >> 2] |= 0x00000080 << 8 * (~i & 3);
+
+ /* we need 9 or more empty positions, one for the padding byte */
+ /* (above) and eight for the length count. If there is not */
+ /* enough space pad and empty the buffer */
+ if(i > SHA256_BLOCK_SIZE - 9)
+ {
+ if(i < 60) ctx->wbuf[15] = 0;
+ sha256_compile(ctx);
+ i = 0;
+ }
+ else /* compute a word index for the empty buffer positions */
+ i = (i >> 2) + 1;
+
+ while(i < 14) /* and zero pad all but last two positions */
+ ctx->wbuf[i++] = 0;
+
+ /* the following 32-bit length fields are assembled in the */
+ /* wrong byte order on little endian machines but this is */
+ /* corrected later since they are only ever used as 32-bit */
+ /* word values. */
+ ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 29);
+ ctx->wbuf[15] = ctx->count[0] << 3;
+ sha256_compile(ctx);
+
+ /* extract the hash value as bytes in case the hash buffer is */
+ /* mislaigned for 32-bit words */
+ for(i = 0; i < hlen; ++i)
+ hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3)));
+}
+
+#endif
+
+#if defined(SHA_224)
+
+const uint_32t i224[8] =
+{
+ 0xc1059ed8ul, 0x367cd507ul, 0x3070dd17ul, 0xf70e5939ul,
+ 0xffc00b31ul, 0x68581511ul, 0x64f98fa7ul, 0xbefa4fa4ul
+};
+
+VOID_RETURN sha224_begin(sha224_ctx ctx[1])
+{
+ ctx->count[0] = ctx->count[1] = 0;
+ memcpy(ctx->hash, i224, 8 * sizeof(uint_32t));
+}
+
+VOID_RETURN sha224_end(unsigned char hval[], sha224_ctx ctx[1])
+{
+ sha_end1(hval, ctx, SHA224_DIGEST_SIZE);
+}
+
+VOID_RETURN sha224(unsigned char hval[], const unsigned char data[], unsigned long len)
+{ sha224_ctx cx[1];
+
+ sha224_begin(cx);
+ sha224_hash(data, len, cx);
+ sha_end1(hval, cx, SHA224_DIGEST_SIZE);
+}
+
+#endif
+
+#if defined(SHA_256)
+
+const uint_32t i256[8] =
+{
+ 0x6a09e667ul, 0xbb67ae85ul, 0x3c6ef372ul, 0xa54ff53aul,
+ 0x510e527ful, 0x9b05688cul, 0x1f83d9abul, 0x5be0cd19ul
+};
+
+VOID_RETURN sha256_begin(sha256_ctx ctx[1])
+{
+ ctx->count[0] = ctx->count[1] = 0;
+ memcpy(ctx->hash, i256, 8 * sizeof(uint_32t));
+}
+
+VOID_RETURN sha256_end(unsigned char hval[], sha256_ctx ctx[1])
+{
+ sha_end1(hval, ctx, SHA256_DIGEST_SIZE);
+}
+
+VOID_RETURN sha256(unsigned char hval[], const unsigned char data[], unsigned long len)
+{ sha256_ctx cx[1];
+
+ sha256_begin(cx);
+ sha256_hash(data, len, cx);
+ sha_end1(hval, cx, SHA256_DIGEST_SIZE);
+}
+
+#endif
+
+#if defined(SHA_384) || defined(SHA_512)
+
+#define SHA512_MASK (SHA512_BLOCK_SIZE - 1)
+
+#define rotr64(x,n) (((x) >> n) | ((x) << (64 - n)))
+
+#if !defined(bswap_64)
+#define bswap_64(x) (((uint_64t)(bswap_32((uint_32t)(x)))) << 32 | bswap_32((uint_32t)((x) >> 32)))
+#endif
+
+#if defined(SWAP_BYTES)
+#define bsw_64(p,n) \
+ { int _i = (n); while(_i--) ((uint_64t*)p)[_i] = bswap_64(((uint_64t*)p)[_i]); }
+#else
+#define bsw_64(p,n)
+#endif
+
+/* SHA512 mixing function definitions */
+
+#ifdef s_0
+# undef s_0
+# undef s_1
+# undef g_0
+# undef g_1
+# undef k_0
+#endif
+
+#define s_0(x) (rotr64((x), 28) ^ rotr64((x), 34) ^ rotr64((x), 39))
+#define s_1(x) (rotr64((x), 14) ^ rotr64((x), 18) ^ rotr64((x), 41))
+#define g_0(x) (rotr64((x), 1) ^ rotr64((x), 8) ^ ((x) >> 7))
+#define g_1(x) (rotr64((x), 19) ^ rotr64((x), 61) ^ ((x) >> 6))
+#define k_0 k512
+
+/* SHA384/SHA512 mixing data */
+
+const uint_64t k512[80] =
+{
+ li_64(428a2f98d728ae22), li_64(7137449123ef65cd),
+ li_64(b5c0fbcfec4d3b2f), li_64(e9b5dba58189dbbc),
+ li_64(3956c25bf348b538), li_64(59f111f1b605d019),
+ li_64(923f82a4af194f9b), li_64(ab1c5ed5da6d8118),
+ li_64(d807aa98a3030242), li_64(12835b0145706fbe),
+ li_64(243185be4ee4b28c), li_64(550c7dc3d5ffb4e2),
+ li_64(72be5d74f27b896f), li_64(80deb1fe3b1696b1),
+ li_64(9bdc06a725c71235), li_64(c19bf174cf692694),
+ li_64(e49b69c19ef14ad2), li_64(efbe4786384f25e3),
+ li_64(0fc19dc68b8cd5b5), li_64(240ca1cc77ac9c65),
+ li_64(2de92c6f592b0275), li_64(4a7484aa6ea6e483),
+ li_64(5cb0a9dcbd41fbd4), li_64(76f988da831153b5),
+ li_64(983e5152ee66dfab), li_64(a831c66d2db43210),
+ li_64(b00327c898fb213f), li_64(bf597fc7beef0ee4),
+ li_64(c6e00bf33da88fc2), li_64(d5a79147930aa725),
+ li_64(06ca6351e003826f), li_64(142929670a0e6e70),
+ li_64(27b70a8546d22ffc), li_64(2e1b21385c26c926),
+ li_64(4d2c6dfc5ac42aed), li_64(53380d139d95b3df),
+ li_64(650a73548baf63de), li_64(766a0abb3c77b2a8),
+ li_64(81c2c92e47edaee6), li_64(92722c851482353b),
+ li_64(a2bfe8a14cf10364), li_64(a81a664bbc423001),
+ li_64(c24b8b70d0f89791), li_64(c76c51a30654be30),
+ li_64(d192e819d6ef5218), li_64(d69906245565a910),
+ li_64(f40e35855771202a), li_64(106aa07032bbd1b8),
+ li_64(19a4c116b8d2d0c8), li_64(1e376c085141ab53),
+ li_64(2748774cdf8eeb99), li_64(34b0bcb5e19b48a8),
+ li_64(391c0cb3c5c95a63), li_64(4ed8aa4ae3418acb),
+ li_64(5b9cca4f7763e373), li_64(682e6ff3d6b2b8a3),
+ li_64(748f82ee5defb2fc), li_64(78a5636f43172f60),
+ li_64(84c87814a1f0ab72), li_64(8cc702081a6439ec),
+ li_64(90befffa23631e28), li_64(a4506cebde82bde9),
+ li_64(bef9a3f7b2c67915), li_64(c67178f2e372532b),
+ li_64(ca273eceea26619c), li_64(d186b8c721c0c207),
+ li_64(eada7dd6cde0eb1e), li_64(f57d4f7fee6ed178),
+ li_64(06f067aa72176fba), li_64(0a637dc5a2c898a6),
+ li_64(113f9804bef90dae), li_64(1b710b35131c471b),
+ li_64(28db77f523047d84), li_64(32caab7b40c72493),
+ li_64(3c9ebe0a15c9bebc), li_64(431d67c49c100d4c),
+ li_64(4cc5d4becb3e42b6), li_64(597f299cfc657e2a),
+ li_64(5fcb6fab3ad6faec), li_64(6c44198c4a475817)
+};
+
+/* Compile 128 bytes of hash data into SHA384/512 digest */
+/* NOTE: this routine assumes that the byte order in the */
+/* ctx->wbuf[] at this point is such that low address bytes */
+/* in the ORIGINAL byte stream will go into the high end of */
+/* words on BOTH big and little endian systems */
+
+VOID_RETURN sha512_compile(sha512_ctx ctx[1])
+{ uint_64t v[8], *p = ctx->wbuf;
+ uint_32t j;
+
+ memcpy(v, ctx->hash, 8 * sizeof(uint_64t));
+
+ for(j = 0; j < 80; j += 16)
+ {
+ v_cycle( 0, j); v_cycle( 1, j);
+ v_cycle( 2, j); v_cycle( 3, j);
+ v_cycle( 4, j); v_cycle( 5, j);
+ v_cycle( 6, j); v_cycle( 7, j);
+ v_cycle( 8, j); v_cycle( 9, j);
+ v_cycle(10, j); v_cycle(11, j);
+ v_cycle(12, j); v_cycle(13, j);
+ v_cycle(14, j); v_cycle(15, j);
+ }
+
+ ctx->hash[0] += v[0]; ctx->hash[1] += v[1];
+ ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
+ ctx->hash[4] += v[4]; ctx->hash[5] += v[5];
+ ctx->hash[6] += v[6]; ctx->hash[7] += v[7];
+}
+
+/* Compile 128 bytes of hash data into SHA256 digest value */
+/* NOTE: this routine assumes that the byte order in the */
+/* ctx->wbuf[] at this point is in such an order that low */
+/* address bytes in the ORIGINAL byte stream placed in this */
+/* buffer will now go to the high end of words on BOTH big */
+/* and little endian systems */
+
+VOID_RETURN sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1])
+{ uint_32t pos = (uint_32t)(ctx->count[0] & SHA512_MASK),
+ space = SHA512_BLOCK_SIZE - pos;
+ const unsigned char *sp = data;
+
+ if((ctx->count[0] += len) < len)
+ ++(ctx->count[1]);
+
+ while(len >= space) /* tranfer whole blocks while possible */
+ {
+ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
+ sp += space; len -= space; space = SHA512_BLOCK_SIZE; pos = 0;
+ bsw_64(ctx->wbuf, SHA512_BLOCK_SIZE >> 3);
+ sha512_compile(ctx);
+ }
+
+ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
+}
+
+/* SHA384/512 Final padding and digest calculation */
+
+static void sha_end2(unsigned char hval[], sha512_ctx ctx[1], const unsigned int hlen)
+{ uint_32t i = (uint_32t)(ctx->count[0] & SHA512_MASK);
+
+ /* put bytes in the buffer in an order in which references to */
+ /* 32-bit words will put bytes with lower addresses into the */
+ /* top of 32 bit words on BOTH big and little endian machines */
+ bsw_64(ctx->wbuf, (i + 7) >> 3);
+
+ /* we now need to mask valid bytes and add the padding which is */
+ /* a single 1 bit and as many zero bits as necessary. Note that */
+ /* we can always add the first padding byte here because the */
+ /* buffer always has at least one empty slot */
+ ctx->wbuf[i >> 3] &= li_64(ffffffffffffff00) << 8 * (~i & 7);
+ ctx->wbuf[i >> 3] |= li_64(0000000000000080) << 8 * (~i & 7);
+
+ /* we need 17 or more empty byte positions, one for the padding */
+ /* byte (above) and sixteen for the length count. If there is */
+ /* not enough space pad and empty the buffer */
+ if(i > SHA512_BLOCK_SIZE - 17)
+ {
+ if(i < 120) ctx->wbuf[15] = 0;
+ sha512_compile(ctx);
+ i = 0;
+ }
+ else
+ i = (i >> 3) + 1;
+
+ while(i < 14)
+ ctx->wbuf[i++] = 0;
+
+ /* the following 64-bit length fields are assembled in the */
+ /* wrong byte order on little endian machines but this is */
+ /* corrected later since they are only ever used as 64-bit */
+ /* word values. */
+ ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 61);
+ ctx->wbuf[15] = ctx->count[0] << 3;
+ sha512_compile(ctx);
+
+ /* extract the hash value as bytes in case the hash buffer is */
+ /* misaligned for 32-bit words */
+ for(i = 0; i < hlen; ++i)
+ hval[i] = (unsigned char)(ctx->hash[i >> 3] >> (8 * (~i & 7)));
+}
+
+#endif
+
+#if defined(SHA_384)
+
+/* SHA384 initialisation data */
+
+const uint_64t i384[80] =
+{
+ li_64(cbbb9d5dc1059ed8), li_64(629a292a367cd507),
+ li_64(9159015a3070dd17), li_64(152fecd8f70e5939),
+ li_64(67332667ffc00b31), li_64(8eb44a8768581511),
+ li_64(db0c2e0d64f98fa7), li_64(47b5481dbefa4fa4)
+};
+
+VOID_RETURN sha384_begin(sha384_ctx ctx[1])
+{
+ ctx->count[0] = ctx->count[1] = 0;
+ memcpy(ctx->hash, i384, 8 * sizeof(uint_64t));
+}
+
+VOID_RETURN sha384_end(unsigned char hval[], sha384_ctx ctx[1])
+{
+ sha_end2(hval, ctx, SHA384_DIGEST_SIZE);
+}
+
+VOID_RETURN sha384(unsigned char hval[], const unsigned char data[], unsigned long len)
+{ sha384_ctx cx[1];
+
+ sha384_begin(cx);
+ sha384_hash(data, len, cx);
+ sha_end2(hval, cx, SHA384_DIGEST_SIZE);
+}
+
+#endif
+
+#if defined(SHA_512)
+
+/* SHA512 initialisation data */
+
+const uint_64t i512[80] =
+{
+ li_64(6a09e667f3bcc908), li_64(bb67ae8584caa73b),
+ li_64(3c6ef372fe94f82b), li_64(a54ff53a5f1d36f1),
+ li_64(510e527fade682d1), li_64(9b05688c2b3e6c1f),
+ li_64(1f83d9abfb41bd6b), li_64(5be0cd19137e2179)
+};
+
+VOID_RETURN sha512_begin(sha512_ctx ctx[1])
+{
+ ctx->count[0] = ctx->count[1] = 0;
+ memcpy(ctx->hash, i512, 8 * sizeof(uint_64t));
+}
+
+VOID_RETURN sha512_end(unsigned char hval[], sha512_ctx ctx[1])
+{
+ sha_end2(hval, ctx, SHA512_DIGEST_SIZE);
+}
+
+VOID_RETURN sha512(unsigned char hval[], const unsigned char data[], unsigned long len)
+{ sha512_ctx cx[1];
+
+ sha512_begin(cx);
+ sha512_hash(data, len, cx);
+ sha_end2(hval, cx, SHA512_DIGEST_SIZE);
+}
+
+#endif
+
+#if defined(SHA_2)
+
+#define CTX_224(x) ((x)->uu->ctx256)
+#define CTX_256(x) ((x)->uu->ctx256)
+#define CTX_384(x) ((x)->uu->ctx512)
+#define CTX_512(x) ((x)->uu->ctx512)
+
+/* SHA2 initialisation */
+
+INT_RETURN sha2_begin(unsigned long len, sha2_ctx ctx[1])
+{
+ switch(len)
+ {
+#if defined(SHA_224)
+ case 224:
+ case 28: CTX_256(ctx)->count[0] = CTX_256(ctx)->count[1] = 0;
+ memcpy(CTX_256(ctx)->hash, i224, 32);
+ ctx->sha2_len = 28; return EXIT_SUCCESS;
+#endif
+#if defined(SHA_256)
+ case 256:
+ case 32: CTX_256(ctx)->count[0] = CTX_256(ctx)->count[1] = 0;
+ memcpy(CTX_256(ctx)->hash, i256, 32);
+ ctx->sha2_len = 32; return EXIT_SUCCESS;
+#endif
+#if defined(SHA_384)
+ case 384:
+ case 48: CTX_384(ctx)->count[0] = CTX_384(ctx)->count[1] = 0;
+ memcpy(CTX_384(ctx)->hash, i384, 64);
+ ctx->sha2_len = 48; return EXIT_SUCCESS;
+#endif
+#if defined(SHA_512)
+ case 512:
+ case 64: CTX_512(ctx)->count[0] = CTX_512(ctx)->count[1] = 0;
+ memcpy(CTX_512(ctx)->hash, i512, 64);
+ ctx->sha2_len = 64; return EXIT_SUCCESS;
+#endif
+ default: return EXIT_FAILURE;
+ }
+}
+
+VOID_RETURN sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1])
+{
+ switch(ctx->sha2_len)
+ {
+#if defined(SHA_224)
+ case 28: sha224_hash(data, len, CTX_224(ctx)); return;
+#endif
+#if defined(SHA_256)
+ case 32: sha256_hash(data, len, CTX_256(ctx)); return;
+#endif
+#if defined(SHA_384)
+ case 48: sha384_hash(data, len, CTX_384(ctx)); return;
+#endif
+#if defined(SHA_512)
+ case 64: sha512_hash(data, len, CTX_512(ctx)); return;
+#endif
+ }
+}
+
+VOID_RETURN sha2_end(unsigned char hval[], sha2_ctx ctx[1])
+{
+ switch(ctx->sha2_len)
+ {
+#if defined(SHA_224)
+ case 28: sha_end1(hval, CTX_224(ctx), SHA224_DIGEST_SIZE); return;
+#endif
+#if defined(SHA_256)
+ case 32: sha_end1(hval, CTX_256(ctx), SHA256_DIGEST_SIZE); return;
+#endif
+#if defined(SHA_384)
+ case 48: sha_end2(hval, CTX_384(ctx), SHA384_DIGEST_SIZE); return;
+#endif
+#if defined(SHA_512)
+ case 64: sha_end2(hval, CTX_512(ctx), SHA512_DIGEST_SIZE); return;
+#endif
+ }
+}
+
+INT_RETURN sha2_all(unsigned char hval[], unsigned long size,
+ const unsigned char data[], unsigned long len)
+{ sha2_ctx cx[1];
+
+ if(sha2_begin(size, cx) == EXIT_SUCCESS)
+ {
+ sha2_hash(data, len, cx); sha2_end(hval, cx); return EXIT_SUCCESS;
+ }
+ else
+ return EXIT_FAILURE;
+}
+
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
diff --git a/jni/libzrtp/sources/zrtp/crypto/sha2.h b/jni/libzrtp/sources/zrtp/crypto/sha2.h
new file mode 100644
index 0000000..1ad3889
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/sha2.h
@@ -0,0 +1,151 @@
+/*
+ ---------------------------------------------------------------------------
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
+
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 01/08/2005
+*/
+
+#ifndef _SHA2_H
+#define _SHA2_H
+
+#include <stdlib.h>
+
+#define SHA_64BIT
+
+/* define the hash functions that you need */
+#define SHA_2 /* for dynamic hash length */
+#define SHA_224
+#define SHA_256
+#ifdef SHA_64BIT
+# define SHA_384
+# define SHA_512
+# define NEED_UINT_64T
+#endif
+
+#include <cryptcommon/brg_types.h>
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+/* Note that the following function prototypes are the same */
+/* for both the bit and byte oriented implementations. But */
+/* the length fields are in bytes or bits as is appropriate */
+/* for the version used. Bit sequences are arrays of bytes */
+/* in which bit sequence indexes increase from the most to */
+/* the least significant end of each byte */
+
+#define SHA224_DIGEST_SIZE 28
+#define SHA224_BLOCK_SIZE 64
+#define SHA256_DIGEST_SIZE 32
+#define SHA256_BLOCK_SIZE 64
+
+/* type to hold the SHA256 (and SHA224) context */
+
+typedef struct
+{ uint_32t count[2];
+ uint_32t hash[8];
+ uint_32t wbuf[16];
+} sha256_ctx;
+
+typedef sha256_ctx sha224_ctx;
+
+VOID_RETURN sha256_compile(sha256_ctx ctx[1]);
+
+VOID_RETURN sha224_begin(sha224_ctx ctx[1]);
+#define sha224_hash sha256_hash
+VOID_RETURN sha224_end(unsigned char hval[], sha224_ctx ctx[1]);
+VOID_RETURN sha224(unsigned char hval[], const unsigned char data[], unsigned long len);
+
+VOID_RETURN sha256_begin(sha256_ctx ctx[1]);
+VOID_RETURN sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1]);
+VOID_RETURN sha256_end(unsigned char hval[], sha256_ctx ctx[1]);
+VOID_RETURN sha256(unsigned char hval[], const unsigned char data[], unsigned long len);
+
+#ifndef SHA_64BIT
+
+typedef struct
+{ union
+ { sha256_ctx ctx256[1];
+ } uu[1];
+ uint_32t sha2_len;
+} sha2_ctx;
+
+#define SHA2_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
+
+#else
+
+#define SHA384_DIGEST_SIZE 48
+#define SHA384_BLOCK_SIZE 128
+#define SHA512_DIGEST_SIZE 64
+#define SHA512_BLOCK_SIZE 128
+#define SHA2_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
+
+/* type to hold the SHA384 (and SHA512) context */
+
+typedef struct
+{ uint_64t count[2];
+ uint_64t hash[8];
+ uint_64t wbuf[16];
+} sha512_ctx;
+
+typedef sha512_ctx sha384_ctx;
+
+typedef struct
+{ union
+ { sha256_ctx ctx256[1];
+ sha512_ctx ctx512[1];
+ } uu[1];
+ uint_32t sha2_len;
+} sha2_ctx;
+
+VOID_RETURN sha512_compile(sha512_ctx ctx[1]);
+
+VOID_RETURN sha384_begin(sha384_ctx ctx[1]);
+#define sha384_hash sha512_hash
+VOID_RETURN sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
+VOID_RETURN sha384(unsigned char hval[], const unsigned char data[], unsigned long len);
+
+VOID_RETURN sha512_begin(sha512_ctx ctx[1]);
+VOID_RETURN sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1]);
+VOID_RETURN sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
+VOID_RETURN sha512(unsigned char hval[], const unsigned char data[], unsigned long len);
+
+INT_RETURN sha2_begin(unsigned long size, sha2_ctx ctx[1]);
+VOID_RETURN sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1]);
+VOID_RETURN sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
+INT_RETURN sha2_all(unsigned char hval[], unsigned long size, const unsigned char data[], unsigned long len);
+
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
diff --git a/jni/libzrtp/sources/zrtp/crypto/sha256.cpp b/jni/libzrtp/sources/zrtp/crypto/sha256.cpp
new file mode 100644
index 0000000..593b5e5
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/sha256.cpp
@@ -0,0 +1,94 @@
+/*
+ Copyright (C) 2012 Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+
+/**
+ * @author: Werner Dittmann
+ */
+
+#include <zrtp/crypto/sha2.h>
+#include <zrtp/crypto/sha256.h>
+
+void sha256(unsigned char *data, unsigned int dataLength, unsigned char *digest )
+{
+ sha256_ctx ctx;
+
+ sha256_begin(&ctx);
+ sha256_hash(data, dataLength, &ctx);
+ sha256_end(digest, &ctx);
+}
+
+void sha256(unsigned char *dataChunks[], unsigned int dataChunckLength[], unsigned char *digest)
+{
+ sha256_ctx ctx;
+
+ sha256_begin(&ctx);
+ while(*dataChunks) {
+ sha256_hash(*dataChunks, *dataChunckLength, &ctx);
+ dataChunks++;
+ dataChunckLength++;
+ }
+ sha256_end(digest, &ctx);
+}
+
+void* createSha256Context()
+{
+ sha256_ctx *ctx = reinterpret_cast<sha256_ctx*>(malloc(sizeof(sha256_ctx)));
+ sha256_begin(ctx);
+ return (void*)ctx;
+}
+
+void closeSha256Context(void* ctx, unsigned char* digest)
+{
+ sha256_ctx* hd = reinterpret_cast<sha256_ctx*>(ctx);
+
+ if (digest != NULL) {
+ sha256_end(digest, hd);
+ }
+ free(hd);
+}
+
+void sha256Ctx(void* ctx, unsigned char* data, unsigned int dataLength)
+{
+ sha256_ctx* hd = reinterpret_cast<sha256_ctx*>(ctx);
+
+ sha256_hash(data, dataLength, hd);
+}
+
+void sha256Ctx(void* ctx, unsigned char* dataChunks[], unsigned int dataChunkLength[])
+{
+ sha256_ctx* hd = reinterpret_cast<sha256_ctx*>(ctx);
+
+ while (*dataChunks) {
+ sha256_hash(*dataChunks, *dataChunkLength, hd);
+ dataChunks++;
+ dataChunkLength++;
+ }
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/sha256.h b/jni/libzrtp/sources/zrtp/crypto/sha256.h
new file mode 100644
index 0000000..36127b9
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/sha256.h
@@ -0,0 +1,144 @@
+/*
+ Copyright (C) 2006-2013 Werner Dittmann
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * Functions to compute SHA256 digest.
+ *
+ * @author: Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#ifndef _SHA256_H
+#define _SHA256_H
+
+/**
+ * @file sha256.h
+ * @brief Function that provide SHA256 support
+ *
+ * @ingroup GNU_ZRTP
+ * @{
+ */
+
+#include <stdint.h>
+
+#ifndef SHA256_DIGEST_LENGTH
+#define SHA256_DIGEST_LENGTH 32
+#endif
+
+/**
+ * Compute SHA256 digest.
+ *
+ * This functions takes one data chunk and computes its SHA256 digest. This
+ * function creates and deletes an own SHA256 context to perform the SHA256
+ * operations.
+ *
+ * @param data
+ * Points to the data chunk.
+ * @param data_length
+ * Length of the data in bytes
+ * @param digest
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 32 bytes (SHA256_DIGEST_LENGTH).
+ */
+void sha256(unsigned char *data,
+ unsigned int data_length,
+ unsigned char *digest);
+
+/**
+ * Compute SHA256 digest over several data cunks.
+ *
+ * This functions takes several data chunks and computes the SHA256 digest.
+ * This function creates and deletes an own SHA256 context to perform the
+ * SHA256 operations.
+ *
+ * @param data
+ * Points to an array of pointers that point to the data chunks. A NULL
+ * pointer in an array element terminates the data chunks.
+ * @param data_length
+ * Points to an array of integers that hold the length of each data chunk.
+ * @param digest
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 32 bytes (SHA256_DIGEST_LENGTH).
+ */
+void sha256(unsigned char *data[],
+ unsigned int data_length[],
+ unsigned char *digest);
+/**
+ * Create and initialize a SHA256 context.
+ *
+ * An application uses this context to hash several data into one SHA256
+ * digest. See also sha256Ctx(...) and closeSha256Context(...).
+ *
+ * @return Returns a pointer to the initialized SHA256 context
+ */
+void* createSha256Context();
+
+/**
+ * Compute a digest and close the SHa256 digest.
+ *
+ * An application uses this function to compute the SHA256 digest and to
+ * close the SHA256 context.
+ *
+ * @param ctx
+ * Points to the SHA256 context.
+ * @param digest
+ * If this pointer is not NULL then it must point to a byte array that
+ * is big enough to hold the SHA256 digest (256 bit = 32 Bytes). If this
+ * pointer is NULL then the functions does not compute the digest but
+ * closes the context only. The context cannot be used anymore.
+ */
+void closeSha256Context(void* ctx,
+ unsigned char* digest);
+
+/**
+ * Update the SHA256 context with data.
+ *
+ * This functions updates the SHA256 context with some data.
+ * See also CloseSha256Context(...) how to get the digest.
+ *
+ * @param ctx
+ * Points to the SHA256 context.
+ * @param data
+ * Points to the data to update the context.
+ * @param dataLength
+ * The length of the data in bytes.
+ */
+void sha256Ctx(void* ctx, unsigned char* data,
+ unsigned int dataLength);
+
+/**
+ * Update the SHA256 context with several data chunks.
+ *
+ * This functions updates the SHA256 context with some data.
+ * See also CloseSha256Context(...) how to get the digest.
+ *
+ * @param ctx
+ * Points to the SHA256 context.
+ * @param dataChunks
+ * Points to an array of pointers that point to the data chunks. A NULL
+ * pointer in an array element terminates the data chunks.
+ * @param dataChunkLength
+ * Points to an array of integers that hold the length of each data chunk.
+ *
+ */
+void sha256Ctx(void* ctx, unsigned char* dataChunks[],
+ unsigned int dataChunkLength[]);
+
+/**
+ * @}
+ */
+#endif
+
diff --git a/jni/libzrtp/sources/zrtp/crypto/sha384.cpp b/jni/libzrtp/sources/zrtp/crypto/sha384.cpp
new file mode 100644
index 0000000..d6b9085
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/sha384.cpp
@@ -0,0 +1,94 @@
+/*
+ Copyright (C) 2012 Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+
+/**
+ * @author: Werner Dittmann
+ */
+
+#include <zrtp/crypto/sha2.h>
+#include <zrtp/crypto/sha384.h>
+
+void sha384(unsigned char *data, unsigned int dataLength, unsigned char *digest )
+{
+ sha384_ctx ctx;
+
+ sha384_begin(&ctx);
+ sha384_hash(data, dataLength, &ctx);
+ sha384_end(digest, &ctx);
+}
+
+void sha384(unsigned char *dataChunks[], unsigned int dataChunckLength[], unsigned char *digest)
+{
+ sha384_ctx ctx;
+
+ sha384_begin(&ctx);
+ while(*dataChunks) {
+ sha384_hash(*dataChunks, *dataChunckLength, &ctx);
+ dataChunks++;
+ dataChunckLength++;
+ }
+ sha384_end(digest, &ctx);
+}
+
+void* createSha384Context()
+{
+ sha384_ctx *ctx = reinterpret_cast<sha384_ctx*>(malloc(sizeof(sha384_ctx)));
+ sha384_begin(ctx);
+ return (void*)ctx;
+}
+
+void closeSha384Context(void* ctx, unsigned char* digest)
+{
+ sha384_ctx* hd = reinterpret_cast<sha384_ctx*>(ctx);
+
+ if (digest != NULL) {
+ sha384_end(digest, hd);
+ }
+ free(hd);
+}
+
+void sha384Ctx(void* ctx, unsigned char* data, unsigned int dataLength)
+{
+ sha384_ctx* hd = reinterpret_cast<sha384_ctx*>(ctx);
+
+ sha384_hash(data, dataLength, hd);
+}
+
+void sha384Ctx(void* ctx, unsigned char* dataChunks[], unsigned int dataChunkLength[])
+{
+ sha384_ctx* hd = reinterpret_cast<sha384_ctx*>(ctx);
+
+ while (*dataChunks) {
+ sha384_hash(*dataChunks, *dataChunkLength, hd);
+ dataChunks++;
+ dataChunkLength++;
+ }
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/sha384.h b/jni/libzrtp/sources/zrtp/crypto/sha384.h
new file mode 100644
index 0000000..d4ccce5
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/sha384.h
@@ -0,0 +1,144 @@
+/*
+ Copyright (C) 2006-2013 Werner Dittmann
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * Functions to compute SHA384 digest.
+ *
+ * @author: Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#ifndef _SHA384_H
+#define _SHA384_H
+
+/**
+ * @file sha384.h
+ * @brief Function that provide SHA384 support
+ *
+ * @ingroup GNU_ZRTP
+ * @{
+ */
+
+#include <stdint.h>
+
+#ifndef SHA384_DIGEST_LENGTH
+#define SHA384_DIGEST_LENGTH 48
+#endif
+
+/**
+ * Compute SHA384 digest.
+ *
+ * This functions takes one data chunk and computes its SHA384 digest. This
+ * function creates and deletes an own SHA384 context to perform the SHA384
+ * operations.
+ *
+ * @param data
+ * Points to the data chunk.
+ * @param data_length
+ * Length of the data in bytes
+ * @param digest
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 48 bytes (SHA384_DIGEST_LENGTH).
+ */
+void sha384(unsigned char *data,
+ unsigned int data_length,
+ unsigned char *digest);
+
+/**
+ * Compute SHA384 digest over several data cunks.
+ *
+ * This functions takes several data chunks and computes the SHA384 digest.
+ * This function creates and deletes an own SHA384 context to perform the
+ * SHA384 operations.
+ *
+ * @param data
+ * Points to an array of pointers that point to the data chunks. A NULL
+ * pointer in an array element terminates the data chunks.
+ * @param data_length
+ * Points to an array of integers that hold the length of each data chunk.
+ * @param digest
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 48 bytes (SHA384_DIGEST_LENGTH).
+ */
+void sha384(unsigned char *data[],
+ unsigned int data_length[],
+ unsigned char *digest);
+/**
+ * Create and initialize a SHA384 context.
+ *
+ * An application uses this context to hash several data into one SHA384
+ * digest. See also sha384Ctx(...) and closeSha384Context(...).
+ *
+ * @return Returns a pointer to the initialized SHA384 context
+ */
+void* createSha384Context();
+
+/**
+ * Compute a digest and close the SHA384 digest.
+ *
+ * An application uses this function to compute the SHA384 digest and to
+ * close the SHA384 context.
+ *
+ * @param ctx
+ * Points to the SHA384 context.
+ * @param digest
+ * If this pointer is not NULL then it must point to a byte array that
+ * is big enough to hold the SHA384 digest (384 bit = 48 Bytes). If this
+ * pointer is NULL then the functions does not compute the digest but
+ * closes the context only. The context cannot be used anymore.
+ */
+void closeSha384Context(void* ctx,
+ unsigned char* digest);
+
+/**
+ * Update the SHA384 context with data.
+ *
+ * This functions updates the SHA384 context with some data.
+ * See also CloseSha384Context(...) how to get the digest.
+ *
+ * @param ctx
+ * Points to the SHA384 context.
+ * @param data
+ * Points to the data to update the context.
+ * @param dataLength
+ * The length of the data in bytes.
+ */
+void sha384Ctx(void* ctx, unsigned char* data,
+ unsigned int dataLength);
+
+/**
+ * Update the SHA384 context with several data chunks.
+ *
+ * This functions updates the SHA384 context with some data.
+ * See also CloseSha384Context(...) how to get the digest.
+ *
+ * @param ctx
+ * Points to the SHA384 context.
+ * @param dataChunks
+ * Points to an array of pointers that point to the data chunks. A NULL
+ * pointer in an array element terminates the data chunks.
+ * @param dataChunkLength
+ * Points to an array of integers that hold the length of each data chunk.
+ *
+ */
+void sha384Ctx(void* ctx, unsigned char* dataChunks[],
+ unsigned int dataChunkLength[]);
+
+/**
+ * @}
+ */
+#endif
+
diff --git a/jni/libzrtp/sources/zrtp/crypto/skein256.cpp b/jni/libzrtp/sources/zrtp/crypto/skein256.cpp
new file mode 100644
index 0000000..94cff63
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/skein256.cpp
@@ -0,0 +1,100 @@
+/*
+ Copyright (C) 2013 Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+
+/**
+ * @author: Werner Dittmann
+ */
+
+#include <cryptcommon/skeinApi.h>
+#include <zrtp/crypto/skein256.h>
+
+#include <stdlib.h>
+
+void skein256(unsigned char *data, unsigned int dataLength, unsigned char *digest )
+{
+ SkeinCtx_t ctx;
+
+ skeinCtxPrepare(&ctx, SKEIN_SIZE);
+ skeinInit(&ctx, SKEIN256_DIGEST_LENGTH*8);
+ skeinUpdate(&ctx, data, dataLength);
+
+ skeinFinal(&ctx, digest);
+}
+
+void skein256(unsigned char *dataChunks[], unsigned int dataChunckLength[], unsigned char *digest)
+{
+ SkeinCtx_t ctx;
+
+ skeinCtxPrepare(&ctx, SKEIN_SIZE);
+ skeinInit(&ctx, SKEIN256_DIGEST_LENGTH*8);
+ while(*dataChunks) {
+ skeinUpdate(&ctx, *dataChunks, *dataChunckLength);
+ dataChunks++;
+ dataChunckLength++;
+ }
+ skeinFinal(&ctx, digest);
+}
+
+void* createSkein256Context()
+{
+ SkeinCtx_t *ctx = reinterpret_cast<SkeinCtx_t *>(malloc(sizeof(SkeinCtx_t )));
+ skeinCtxPrepare(ctx, SKEIN_SIZE);
+ skeinInit(ctx, SKEIN256_DIGEST_LENGTH*8);
+ return (void*)ctx;
+}
+
+void closeSkein256Context(void* ctx, unsigned char* digest)
+{
+ SkeinCtx_t* hd = reinterpret_cast<SkeinCtx_t*>(ctx);
+
+ if (digest != NULL) {
+ skeinFinal(hd, digest);
+ }
+ free(hd);
+}
+
+void skein256Ctx(void* ctx, unsigned char* data, unsigned int dataLength)
+{
+ SkeinCtx_t* hd = reinterpret_cast<SkeinCtx_t*>(ctx);
+
+ skeinUpdate(hd, data, dataLength);
+}
+
+void skein256Ctx(void* ctx, unsigned char* dataChunks[], unsigned int dataChunkLength[])
+{
+ SkeinCtx_t* hd = reinterpret_cast<SkeinCtx_t*>(ctx);
+
+ while (*dataChunks) {
+ skeinUpdate(hd, *dataChunks, *dataChunkLength);
+ dataChunks++;
+ dataChunkLength++;
+ }
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/skein256.h b/jni/libzrtp/sources/zrtp/crypto/skein256.h
new file mode 100644
index 0000000..6d4e722
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/skein256.h
@@ -0,0 +1,146 @@
+/*
+ Copyright (C) 2013 Werner Dittmann
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * Functions to compute Skein256 digest.
+ *
+ * @author: Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#ifndef _SKEIN256_H
+#define _SKEIN256_H
+
+/**
+ * @file skein256.h
+ * @brief Functions that provide Skein256 support
+ *
+ * @ingroup GNU_ZRTP
+ * @{
+ */
+
+#include <stdint.h>
+
+#ifndef SKEIN256_DIGEST_LENGTH
+#define SKEIN256_DIGEST_LENGTH 32
+#endif
+#define SKEIN_SIZE Skein512
+
+
+/**
+ * Compute Skein256 digest.
+ *
+ * This functions takes one data chunk and computes its Skein256 digest. This
+ * function creates and deletes an own Skein256 context to perform the Skein256
+ * operations.
+ *
+ * @param data
+ * Points to the data chunk.
+ * @param data_length
+ * Length of the data in bytes
+ * @param digest
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 32 bytes (Skein256_DIGEST_LENGTH).
+ */
+void skein256(unsigned char *data,
+ unsigned int data_length,
+ unsigned char *digest);
+
+/**
+ * Compute Skein256 digest over several data cunks.
+ *
+ * This functions takes several data chunks and computes the Skein256 digest.
+ * This function creates and deletes an own Skein256 context to perform the
+ * Skein256 operations.
+ *
+ * @param data
+ * Points to an array of pointers that point to the data chunks. A NULL
+ * pointer in an array element terminates the data chunks.
+ * @param data_length
+ * Points to an array of integers that hold the length of each data chunk.
+ * @param digest
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 32 bytes (Skein256_DIGEST_LENGTH).
+ */
+void skein256(unsigned char *data[],
+ unsigned int data_length[],
+ unsigned char *digest);
+/**
+ * Create and initialize a Skein256 context.
+ *
+ * An application uses this context to hash several data into one Skein256
+ * digest. See also skein256Ctx(...) and closeSha256Context(...).
+ *
+ * @return Returns a pointer to the initialized Skein256 context
+ */
+void* createSkein256Context();
+
+/**
+ * Compute a digest and close the SHa256 digest.
+ *
+ * An application uses this function to compute the Skein256 digest and to
+ * close the Skein256 context.
+ *
+ * @param ctx
+ * Points to the Skein256 context.
+ * @param digest
+ * If this pointer is not NULL then it must point to a byte array that
+ * is big enough to hold the Skein256 digest (256 bit = 32 Bytes). If this
+ * pointer is NULL then the functions does not compute the digest but
+ * closes the context only. The context cannot be used anymore.
+ */
+void closeSkein256Context(void* ctx,
+ unsigned char* digest);
+
+/**
+ * Update the Skein256 context with data.
+ *
+ * This functions updates the Skein256 context with some data.
+ * See also CloseSha256Context(...) how to get the digest.
+ *
+ * @param ctx
+ * Points to the Skein256 context.
+ * @param data
+ * Points to the data to update the context.
+ * @param dataLength
+ * The length of the data in bytes.
+ */
+void skein256Ctx(void* ctx, unsigned char* data,
+ unsigned int dataLength);
+
+/**
+ * Update the Skein256 context with several data chunks.
+ *
+ * This functions updates the Skein256 context with some data.
+ * See also CloseSha256Context(...) how to get the digest.
+ *
+ * @param ctx
+ * Points to the Skein256 context.
+ * @param dataChunks
+ * Points to an array of pointers that point to the data chunks. A NULL
+ * pointer in an array element terminates the data chunks.
+ * @param dataChunkLength
+ * Points to an array of integers that hold the length of each data chunk.
+ *
+ */
+void skein256Ctx(void* ctx, unsigned char* dataChunks[],
+ unsigned int dataChunkLength[]);
+
+/**
+ * @}
+ */
+#endif
+
diff --git a/jni/libzrtp/sources/zrtp/crypto/skein384.cpp b/jni/libzrtp/sources/zrtp/crypto/skein384.cpp
new file mode 100644
index 0000000..1dbe608
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/skein384.cpp
@@ -0,0 +1,103 @@
+/*
+ Copyright (C) 2013 Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+
+/**
+ * @author: Werner Dittmann
+ */
+
+#include <cryptcommon/skeinApi.h>
+#include <zrtp/crypto/skein384.h>
+
+#include <stdlib.h>
+
+#define SKEIN_SIZE Skein512
+#define SKEIN384_DIGEST_LENGTH 48
+
+void skein384(unsigned char *data, unsigned int dataLength, unsigned char *digest )
+{
+ SkeinCtx_t ctx;
+
+ skeinCtxPrepare(&ctx, SKEIN_SIZE);
+ skeinInit(&ctx, SKEIN384_DIGEST_LENGTH*8);
+ skeinUpdate(&ctx, data, dataLength);
+
+ skeinFinal(&ctx, digest);
+}
+
+void skein384(unsigned char *dataChunks[], unsigned int dataChunckLength[], unsigned char *digest)
+{
+ SkeinCtx_t ctx;
+
+ skeinCtxPrepare(&ctx, SKEIN_SIZE);
+ skeinInit(&ctx, SKEIN384_DIGEST_LENGTH*8);
+ while(*dataChunks) {
+ skeinUpdate(&ctx, *dataChunks, *dataChunckLength);
+ dataChunks++;
+ dataChunckLength++;
+ }
+ skeinFinal(&ctx, digest);
+}
+
+void* createSkein384Context()
+{
+ SkeinCtx_t *ctx = reinterpret_cast<SkeinCtx_t *>(malloc(sizeof(SkeinCtx_t )));
+ skeinCtxPrepare(ctx, SKEIN_SIZE);
+ skeinInit(ctx, SKEIN384_DIGEST_LENGTH*8);
+ return (void*)ctx;
+}
+
+void closeSkein384Context(void* ctx, unsigned char* digest)
+{
+ SkeinCtx_t* hd = reinterpret_cast<SkeinCtx_t*>(ctx);
+
+ if (digest != NULL) {
+ skeinFinal(hd, digest);
+ }
+ free(hd);
+}
+
+void skein384Ctx(void* ctx, unsigned char* data, unsigned int dataLength)
+{
+ SkeinCtx_t* hd = reinterpret_cast<SkeinCtx_t*>(ctx);
+
+ skeinUpdate(hd, data, dataLength);
+}
+
+void skein384Ctx(void* ctx, unsigned char* dataChunks[], unsigned int dataChunkLength[])
+{
+ SkeinCtx_t* hd = reinterpret_cast<SkeinCtx_t*>(ctx);
+
+ while (*dataChunks) {
+ skeinUpdate(hd, *dataChunks, *dataChunkLength);
+ dataChunks++;
+ dataChunkLength++;
+ }
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/skein384.h b/jni/libzrtp/sources/zrtp/crypto/skein384.h
new file mode 100644
index 0000000..61fd64e
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/skein384.h
@@ -0,0 +1,146 @@
+/*
+ Copyright (C) 2013 Werner Dittmann
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * Functions to compute Skein384 digest.
+ *
+ * @author: Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#ifndef _SKEIN384_H
+#define _SKEIN384_H
+
+/**
+ * @file skein384.h
+ * @brief Functions that provide Skein384 support
+ *
+ * @ingroup GNU_ZRTP
+ * @{
+ */
+
+#include <stdint.h>
+
+#ifndef SKEIN384_DIGEST_LENGTH
+#define SKEIN384_DIGEST_LENGTH 48
+#endif
+#define SKEIN_SIZE Skein512
+
+
+/**
+ * Compute Skein384 digest.
+ *
+ * This functions takes one data chunk and computes its Skein384 digest. This
+ * function creates and deletes an own Skein384 context to perform the Skein384
+ * operations.
+ *
+ * @param data
+ * Points to the data chunk.
+ * @param data_length
+ * Length of the data in bytes
+ * @param digest
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 48 bytes (Skein384_DIGEST_LENGTH).
+ */
+void skein384(unsigned char *data,
+ unsigned int data_length,
+ unsigned char *digest);
+
+/**
+ * Compute Skein384 digest over several data cunks.
+ *
+ * This functions takes several data chunks and computes the Skein384 digest.
+ * This function creates and deletes an own Skein384 context to perform the
+ * Skein384 operations.
+ *
+ * @param data
+ * Points to an array of pointers that point to the data chunks. A NULL
+ * pointer in an array element terminates the data chunks.
+ * @param data_length
+ * Points to an array of integers that hold the length of each data chunk.
+ * @param digest
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 48 bytes (Skein384_DIGEST_LENGTH).
+ */
+void skein384(unsigned char *data[],
+ unsigned int data_length[],
+ unsigned char *digest);
+/**
+ * Create and initialize a Skein384 context.
+ *
+ * An application uses this context to hash several data into one Skein384
+ * digest. See also skein384Ctx(...) and closeSha384Context(...).
+ *
+ * @return Returns a pointer to the initialized Skein384 context
+ */
+void* createSkein384Context();
+
+/**
+ * Compute a digest and close the SHa384 digest.
+ *
+ * An application uses this function to compute the Skein384 digest and to
+ * close the Skein384 context.
+ *
+ * @param ctx
+ * Points to the Skein384 context.
+ * @param digest
+ * If this pointer is not NULL then it must point to a byte array that
+ * is big enough to hold the Skein384 digest (384 bit = 48 Bytes). If this
+ * pointer is NULL then the functions does not compute the digest but
+ * closes the context only. The context cannot be used anymore.
+ */
+void closeSkein384Context(void* ctx,
+ unsigned char* digest);
+
+/**
+ * Update the Skein384 context with data.
+ *
+ * This functions updates the Skein384 context with some data.
+ * See also CloseSha384Context(...) how to get the digest.
+ *
+ * @param ctx
+ * Points to the Skein384 context.
+ * @param data
+ * Points to the data to update the context.
+ * @param dataLength
+ * The length of the data in bytes.
+ */
+void skein384Ctx(void* ctx, unsigned char* data,
+ unsigned int dataLength);
+
+/**
+ * Update the Skein384 context with several data chunks.
+ *
+ * This functions updates the Skein384 context with some data.
+ * See also CloseSha384Context(...) how to get the digest.
+ *
+ * @param ctx
+ * Points to the Skein384 context.
+ * @param dataChunks
+ * Points to an array of pointers that point to the data chunks. A NULL
+ * pointer in an array element terminates the data chunks.
+ * @param dataChunkLength
+ * Points to an array of integers that hold the length of each data chunk.
+ *
+ */
+void skein384Ctx(void* ctx, unsigned char* dataChunks[],
+ unsigned int dataChunkLength[]);
+
+/**
+ * @}
+ */
+#endif
+
diff --git a/jni/libzrtp/sources/zrtp/crypto/skeinMac256.cpp b/jni/libzrtp/sources/zrtp/crypto/skeinMac256.cpp
new file mode 100644
index 0000000..b4234e5
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/skeinMac256.cpp
@@ -0,0 +1,73 @@
+/*
+ Copyright (C) 2013 Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+
+/*
+ * Authors: Werner Dittmann
+ */
+
+#include <cryptcommon/macSkein.h>
+#include <zrtp/crypto/skeinMac256.h>
+
+void macSkein256(uint8_t *key, uint32_t keyLength, uint8_t* data, int32_t dataLength, uint8_t* mac, uint32_t* macLength)
+{
+ macSkein(key, keyLength, data, dataLength, mac, SKEIN256_DIGEST_LENGTH*8, SKEIN_SIZE);
+ *macLength = SKEIN256_DIGEST_LENGTH;
+}
+
+
+void macSkein256( uint8_t* key, uint32_t keyLength, uint8_t* dataChunks[], uint32_t dataChunkLength[], uint8_t* mac, uint32_t* macLength )
+{
+ macSkein(key, keyLength, (const uint8_t**)dataChunks, dataChunkLength, mac, SKEIN256_DIGEST_LENGTH*8, SKEIN_SIZE);
+ *macLength = SKEIN256_DIGEST_LENGTH;
+}
+
+void* createMacSkein256Context(uint8_t* key, int32_t keyLength)
+{
+ return createSkeinMacContext(key, keyLength, SKEIN256_DIGEST_LENGTH*8, SKEIN_SIZE);
+}
+
+void macSkein256Ctx(void* ctx, const uint8_t* data, uint32_t dataLength, uint8_t* mac, int32_t* macLength)
+{
+
+ macSkeinCtx(ctx, data, dataLength, mac);
+ *macLength = SKEIN256_DIGEST_LENGTH;
+}
+
+void macSkein256Ctx(void* ctx, const uint8_t* data[], uint32_t dataLength[], uint8_t* mac, int32_t* macLength )
+{
+ macSkeinCtx(ctx, data, dataLength, mac);
+ *macLength = SKEIN256_DIGEST_LENGTH;
+}
+
+void freeMacSkein256Context(void* ctx)
+{
+ freeSkeinMacContext(ctx);
+}
\ No newline at end of file
diff --git a/jni/libzrtp/sources/zrtp/crypto/skeinMac256.h b/jni/libzrtp/sources/zrtp/crypto/skeinMac256.h
new file mode 100644
index 0000000..e87a1e1
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/skeinMac256.h
@@ -0,0 +1,91 @@
+/*
+ Copyright (C) 2013 Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+*/
+
+/**
+ * Methods to compute a Skein256 HMAC.
+ *
+ * @author Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#ifndef HMAC_SKEIN256_H
+#define HMAC_SKEIN256_H
+
+/**
+ * @file skeinMac256.h
+ * @brief Function that provide Skein256 HMAC support
+ *
+ * @ingroup GNU_ZRTP
+ * @{
+ */
+
+#include <stdint.h>
+
+#ifndef SKEIN256_DIGEST_LENGTH
+#define SKEIN256_DIGEST_LENGTH 32
+#endif
+
+#define SKEIN_SIZE Skein512
+
+/**
+ * Compute Skein256 HMAC.
+ *
+ * This functions takes one data chunk and computes its Skein256 HMAC.
+ *
+ * @param key
+ * The MAC key.
+ * @param key_length
+ * Lneght of the MAC key in bytes
+ * @param data
+ * Points to the data chunk.
+ * @param data_length
+ * Length of the data in bytes
+ * @param mac
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 32 bytes (SKEIN256_DIGEST_LENGTH).
+ * @param mac_length
+ * Point to an integer that receives the length of the computed HMAC.
+ */
+void macSkein256( uint8_t* key, uint32_t key_length, uint8_t* data, int32_t data_length, uint8_t* mac, uint32_t* mac_length );
+
+/**
+ * Compute Skein256 HMAC over several data cunks.
+ *
+ * This functions takes several data chunk and computes the Skein256 HAMAC.
+ *
+ * @param key
+ * The MAC key.
+ * @param key_length
+ * Lneght of the MAC key in bytes
+ * @param data
+ * Points to an array of pointers that point to the data chunks. A NULL
+ * pointer in an array element terminates the data chunks.
+ * @param data_length
+ * Points to an array of integers that hold the length of each data chunk.
+ * @param mac
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 32 bytes (SKEIN256_DIGEST_LENGTH).
+ * @param mac_length
+ * Point to an integer that receives the length of the computed HMAC.
+ */
+
+void macSkein256( uint8_t* key, uint32_t key_length, uint8_t* data[], uint32_t data_length[], uint8_t* mac, uint32_t* mac_length );
+/**
+ * @}
+ */
+#endif
diff --git a/jni/libzrtp/sources/zrtp/crypto/skeinMac384.cpp b/jni/libzrtp/sources/zrtp/crypto/skeinMac384.cpp
new file mode 100644
index 0000000..57c7ad1
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/skeinMac384.cpp
@@ -0,0 +1,76 @@
+/*
+ Copyright (C) 2013 Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+
+/*
+ * Authors: Werner Dittmann
+ */
+
+#define SKEIN_SIZE Skein512
+#define SKEIN384_DIGEST_LENGTH 48
+
+#include <cryptcommon/macSkein.h>
+#include <zrtp/crypto/skeinMac384.h>
+
+void macSkein384(uint8_t *key, uint32_t keyLength, uint8_t* data, int32_t dataLength, uint8_t* mac, uint32_t* macLength)
+{
+ macSkein(key, keyLength, data, dataLength, mac, SKEIN384_DIGEST_LENGTH*8, SKEIN_SIZE);
+ *macLength = SKEIN384_DIGEST_LENGTH;
+}
+
+
+void macSkein384( uint8_t* key, uint32_t keyLength, uint8_t* dataChunks[], uint32_t dataChunkLength[], uint8_t* mac, uint32_t* macLength )
+{
+ macSkein(key, keyLength, (const uint8_t**)dataChunks, dataChunkLength, mac, SKEIN384_DIGEST_LENGTH*8, SKEIN_SIZE);
+ *macLength = SKEIN384_DIGEST_LENGTH;
+}
+
+void* createMacSkein384Context(uint8_t* key, int32_t keyLength)
+{
+ return createSkeinMacContext(key, keyLength, SKEIN384_DIGEST_LENGTH*8, SKEIN_SIZE);
+}
+
+void macSkein384Ctx(void* ctx, const uint8_t* data, uint32_t dataLength, uint8_t* mac, int32_t* macLength)
+{
+
+ macSkeinCtx(ctx, data, dataLength, mac);
+ *macLength = SKEIN384_DIGEST_LENGTH;
+}
+
+void macSkein384Ctx(void* ctx, const uint8_t* data[], uint32_t dataLength[], uint8_t* mac, int32_t* macLength )
+{
+ macSkeinCtx(ctx, data, dataLength, mac);
+ *macLength = SKEIN384_DIGEST_LENGTH;
+}
+
+void freeMacSkein384Context(void* ctx)
+{
+ freeSkeinMacContext(ctx);
+}
\ No newline at end of file
diff --git a/jni/libzrtp/sources/zrtp/crypto/skeinMac384.h b/jni/libzrtp/sources/zrtp/crypto/skeinMac384.h
new file mode 100644
index 0000000..2065899
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/skeinMac384.h
@@ -0,0 +1,91 @@
+/*
+ Copyright (C) 2013 Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+*/
+
+/**
+ * Methods to compute a Skein384 HMAC.
+ *
+ * @author Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#ifndef HMAC_SKEIN384_H
+#define HMAC_SKEIN384_H
+
+/**
+ * @file skeinMac384.h
+ * @brief Function that provide Skein384 HMAC support
+ *
+ * @ingroup GNU_ZRTP
+ * @{
+ */
+
+#include <stdint.h>
+
+#ifndef SKEIN384_DIGEST_LENGTH
+#define SKEIN384_DIGEST_LENGTH 48
+#endif
+
+#define SKEIN_SIZE Skein512
+
+/**
+ * Compute Skein384 HMAC.
+ *
+ * This functions takes one data chunk and computes its Skein384 HMAC.
+ *
+ * @param key
+ * The MAC key.
+ * @param key_length
+ * Lneght of the MAC key in bytes
+ * @param data
+ * Points to the data chunk.
+ * @param data_length
+ * Length of the data in bytes
+ * @param mac
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 48 bytes (SKEIN384_DIGEST_LENGTH).
+ * @param mac_length
+ * Point to an integer that receives the length of the computed HMAC.
+ */
+void macSkein384( uint8_t* key, uint32_t key_length, uint8_t* data, int32_t data_length, uint8_t* mac, uint32_t* mac_length );
+
+/**
+ * Compute Skein384 HMAC over several data cunks.
+ *
+ * This functions takes several data chunk and computes the Skein384 HAMAC.
+ *
+ * @param key
+ * The MAC key.
+ * @param key_length
+ * Lneght of the MAC key in bytes
+ * @param data
+ * Points to an array of pointers that point to the data chunks. A NULL
+ * pointer in an array element terminates the data chunks.
+ * @param data_length
+ * Points to an array of integers that hold the length of each data chunk.
+ * @param mac
+ * Points to a buffer that receives the computed digest. This
+ * buffer must have a size of at least 48 bytes (SKEIN384_DIGEST_LENGTH).
+ * @param mac_length
+ * Point to an integer that receives the length of the computed HMAC.
+ */
+
+void macSkein384( uint8_t* key, uint32_t key_length, uint8_t* data[], uint32_t data_length[], uint8_t* mac, uint32_t* mac_length );
+/**
+ * @}
+ */
+#endif
diff --git a/jni/libzrtp/sources/zrtp/crypto/twoCFB.cpp b/jni/libzrtp/sources/zrtp/crypto/twoCFB.cpp
new file mode 100755
index 0000000..d4f7042
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/twoCFB.cpp
@@ -0,0 +1,77 @@
+/*
+ Copyright (C) 2011 by Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+
+/** Copyright (C) 2011
+ *
+ * @author Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#include <string.h>
+
+#include <zrtp/crypto/twoCFB.h>
+#include <cryptcommon/twofish.h>
+
+static int initialized = 0;
+
+void twoCfbEncrypt(uint8_t* key, int32_t keyLength, uint8_t* IV, uint8_t *data, int32_t dataLength)
+{
+ Twofish_key keyCtx;
+ int usedBytes = 0;
+
+ if (!initialized) {
+ Twofish_initialise();
+ initialized = 1;
+ }
+
+ memset(&keyCtx, 0, sizeof(Twofish_key));
+ Twofish_prepare_key(key, keyLength, &keyCtx);
+
+ Twofish_cfb128_encrypt(&keyCtx, (Twofish_Byte*)data, (Twofish_Byte*)data,
+ (size_t)dataLength, (Twofish_Byte*)IV, &usedBytes);
+}
+
+
+void twoCfbDecrypt(uint8_t* key, int32_t keyLength, uint8_t* IV, uint8_t *data, int32_t dataLength)
+{
+ Twofish_key keyCtx;
+ int usedBytes = 0;
+
+ if (!initialized) {
+ Twofish_initialise();
+ initialized = 1;
+ }
+
+ memset(&keyCtx, 0, sizeof(Twofish_key));
+ Twofish_prepare_key(key, keyLength, &keyCtx);
+
+ Twofish_cfb128_decrypt(&keyCtx, (Twofish_Byte*)data, (Twofish_Byte*)data,
+ (size_t)dataLength, (Twofish_Byte*)IV, &usedBytes);
+}
diff --git a/jni/libzrtp/sources/zrtp/crypto/twoCFB.h b/jni/libzrtp/sources/zrtp/crypto/twoCFB.h
new file mode 100755
index 0000000..595d19d
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/twoCFB.h
@@ -0,0 +1,85 @@
+/*
+ Copyright (C) 2006-2013 Werner Dittmann
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * Authors: Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#ifndef _TWOCFB_H__
+#define _TWOCFB_H__
+
+#include <stdint.h>
+
+/**
+ * @file aesCFB.h
+ * @brief Function that provide AES CFB mode support
+ *
+ * @ingroup GNU_ZRTP
+ * @{
+ */
+
+#ifndef TWO_BLOCK_SIZE
+#define TWO_BLOCK_SIZE 16
+#endif
+
+/**
+ * Encrypt data with Twofish CFB mode, full block feedback size.
+ *
+ * This functions takes one data chunk and encrypts it with
+ * Twofish CFB mode. The lenght of the data may be arbitrary and
+ * it is not needed to be a multiple of Twofish blocksize.
+ *
+ * @param key
+ * Points to the key bytes.
+ * @param keyLength
+ * Length of the key in bytes
+ * @param IV
+ * The initialization vector which must be TWO_BLOCKSIZE (16) bytes.
+ * @param data
+ * Points to a buffer that contains and receives the computed
+ * the data (in-place encryption).
+ * @param dataLength
+ * Length of the data in bytes
+ */
+
+void twoCfbEncrypt(uint8_t* key, int32_t keyLength, uint8_t* IV, uint8_t *data, int32_t dataLength);
+
+/**
+ * Decrypt data with Twofish CFB mode, full block feedback size.
+ *
+ * This functions takes one data chunk and decrypts it with
+ * Twofish CFB mode. The lenght of the data may be arbitrary and
+ * it is not needed to be a multiple of Twofish blocksize.
+ *
+ * @param key
+ * Points to the key bytes.
+ * @param keyLength
+ * Length of the key in bytes
+ * @param IV
+ * The initialization vector which must be TWO_BLOCKSIZE (16) bytes.
+ * @param data
+ * Points to a buffer that contains and receives the computed
+ * the data (in-place decryption).
+ * @param dataLength
+ * Length of the data in bytes
+ */
+
+void twoCfbDecrypt(uint8_t* key, int32_t keyLength, uint8_t* IV, uint8_t *data, int32_t dataLength);
+/**
+ * @}
+ */
+#endif
diff --git a/jni/libzrtp/sources/zrtp/crypto/zrtpDH.cpp b/jni/libzrtp/sources/zrtp/crypto/zrtpDH.cpp
new file mode 100644
index 0000000..d718f24
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/zrtpDH.cpp
@@ -0,0 +1,532 @@
+/*
+ Copyright (C) 2006, 2009 by Werner Dittmann
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ * In addition, as a special exception, the copyright holders give
+ * permission to link the code of portions of this program with the
+ * OpenSSL library under certain conditions as described in each
+ * individual source file, and distribute linked combinations
+ * including the two.
+ * You must obey the GNU General Public License in all respects
+ * for all of the code used other than OpenSSL. If you modify
+ * file(s) with this exception, you may extend this exception to your
+ * version of the file(s), but you are not obligated to do so. If you
+ * do not wish to do so, delete this exception statement from your
+ * version. If you delete this exception statement from all source
+ * files in the program, then also delete it here.
+ */
+
+/** Copyright (C) 2006, 2009
+ *
+ * @author Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#include <bn.h>
+#include <bnprint.h>
+#include <ec/ec.h>
+#include <ec/ecdh.h>
+#include <zrtp/crypto/zrtpDH.h>
+#include <zrtp/libzrtpcpp/ZrtpTextData.h>
+#include <cryptcommon/aes.h>
+#include <cryptcommon/ZrtpRandom.h>
+
+
+static BigNum bnP2048 = {0};
+static BigNum bnP3072 = {0};
+
+static BigNum bnP2048MinusOne = {0};
+static BigNum bnP3072MinusOne = {0};
+
+static BigNum two = {0};
+
+static uint8_t dhinit = 0;
+
+typedef struct _dhCtx {
+ BigNum privKey;
+ BigNum pubKey;
+ EcCurve curve;
+ EcPoint pubPoint;
+} dhCtx;
+
+void randomZRTP(uint8_t *buf, int32_t length)
+{
+ ZrtpRandom::getRandomData(buf, length);
+}
+
+static const uint8_t P2048[] =
+{
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF
+};
+
+static const uint8_t P3072[] =
+{
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+ 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+ 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+ 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+ 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+ 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+ 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+ 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+ 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+ 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+ 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+ 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+ 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+ 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+ 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+ 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+ 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+
+/* **************
+static const uint8_t P4096[] =
+{
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
+0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
+0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D,
+0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9,
+0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
+0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36,
+0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56,
+0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08,
+0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2,
+0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C,
+0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D,
+0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57,
+0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0,
+0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73,
+0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0,
+0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20,
+0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18,
+0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB,
+0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F,
+0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76,
+0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC,
+0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
+0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+};
+*************** */
+
+ZrtpDH::ZrtpDH(const char* type) {
+
+ uint8_t random[64];
+
+ ctx = static_cast<void*>(new dhCtx);
+ dhCtx* tmpCtx = static_cast<dhCtx*>(ctx);
+
+ // Well - the algo type is only 4 char thus cast to int32 and compare
+ if (*(int32_t*)type == *(int32_t*)dh2k) {
+ pkType = DH2K;
+ }
+ else if (*(int32_t*)type == *(int32_t*)dh3k) {
+ pkType = DH3K;
+ }
+ else if (*(int32_t*)type == *(int32_t*)ec25) {
+ pkType = EC25;
+ }
+ else if (*(int32_t*)type == *(int32_t*)ec38) {
+ pkType = EC38;
+ }
+ else if (*(int32_t*)type == *(int32_t*)e255) {
+ pkType = E255;
+ }
+ else if (*(int32_t*)type == *(int32_t*)e414) {
+ pkType = E414;
+ }
+ else {
+ return;
+ }
+
+ randomZRTP(random, sizeof(random));
+
+ if (!dhinit) {
+ bnBegin(&two);
+ bnSetQ(&two, 2);
+
+ bnBegin(&bnP2048);
+ bnInsertBigBytes(&bnP2048, P2048, 0, sizeof(P2048));
+ bnBegin(&bnP3072);
+ bnInsertBigBytes(&bnP3072, P3072, 0, sizeof(P3072));
+
+ bnBegin(&bnP2048MinusOne);
+ bnCopy(&bnP2048MinusOne, &bnP2048);
+ bnSubQ(&bnP2048MinusOne, 1);
+
+ bnBegin(&bnP3072MinusOne);
+ bnCopy(&bnP3072MinusOne, &bnP3072);
+ bnSubQ(&bnP3072MinusOne, 1);
+
+ dhinit = 1;
+ }
+
+ bnBegin(&tmpCtx->privKey);
+ INIT_EC_POINT(&tmpCtx->pubPoint);
+
+ switch (pkType) {
+ case DH2K:
+ case DH3K:
+ bnInsertBigBytes(&tmpCtx->privKey, random, 0, 256/8);
+ break;
+
+ case EC25:
+ ecGetCurveNistECp(NIST256P, &tmpCtx->curve);
+ ecGenerateRandomNumber(&tmpCtx->curve, &tmpCtx->privKey);
+ break;
+
+ case EC38:
+ ecGetCurveNistECp(NIST384P, &tmpCtx->curve);
+ ecGenerateRandomNumber(&tmpCtx->curve, &tmpCtx->privKey);
+ break;
+
+ case E255:
+ ecGetCurvesCurve(Curve25519, &tmpCtx->curve);
+ ecGenerateRandomNumber(&tmpCtx->curve, &tmpCtx->privKey);
+ break;
+
+ case E414:
+ ecGetCurvesCurve(Curve3617, &tmpCtx->curve);
+ ecGenerateRandomNumber(&tmpCtx->curve, &tmpCtx->privKey);
+ break;
+ }
+}
+
+ZrtpDH::~ZrtpDH() {
+ if (ctx == NULL)
+ return;
+
+ dhCtx* tmpCtx = static_cast<dhCtx*>(ctx);
+ FREE_EC_POINT(&tmpCtx->pubPoint);
+ bnEnd(&tmpCtx->privKey);
+
+ switch (pkType) {
+ case DH2K:
+ case DH3K:
+ bnEnd(&tmpCtx->pubKey);
+ break;
+
+ case EC25:
+ case EC38:
+ ecFreeCurveNistECp(&tmpCtx->curve);
+ break;
+
+ case E255:
+ case E414:
+ ecFreeCurvesCurve(&tmpCtx->curve);
+ break;
+ }
+}
+
+int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) {
+
+ dhCtx* tmpCtx = static_cast<dhCtx*>(ctx);
+
+ int32_t length = getDhSize();
+
+ BigNum sec;
+ if (pkType == DH2K || pkType == DH3K) {
+ BigNum pubKeyOther;
+ bnBegin(&pubKeyOther);
+ bnBegin(&sec);
+
+ bnInsertBigBytes(&pubKeyOther, pubKeyBytes, 0, length);
+
+ if (pkType == DH2K) {
+ bnExpMod(&sec, &pubKeyOther, &tmpCtx->privKey, &bnP2048);
+ }
+ else if (pkType == DH3K) {
+ bnExpMod(&sec, &pubKeyOther, &tmpCtx->privKey, &bnP3072);
+ }
+ else {
+ return 0;
+ }
+ bnEnd(&pubKeyOther);
+ bnExtractBigBytes(&sec, secret, 0, length);
+ bnEnd(&sec);
+
+ return length;
+ }
+
+ if (pkType == EC25 || pkType == EC38 || pkType == E414) {
+ int32_t len = getPubKeySize() / 2;
+ EcPoint pub;
+
+ bnBegin(&sec);
+ INIT_EC_POINT(&pub);
+ bnSetQ(pub.z, 1); // initialze Z to one, these are affine coords
+
+ bnInsertBigBytes(pub.x, pubKeyBytes, 0, len);
+ bnInsertBigBytes(pub.y, pubKeyBytes+len, 0, len);
+
+ /* Generate agreement for responder: sec = pub * privKey */
+ ecdhComputeAgreement(&tmpCtx->curve, &sec, &pub, &tmpCtx->privKey);
+ bnExtractBigBytes(&sec, secret, 0, length);
+ bnEnd(&sec);
+ FREE_EC_POINT(&pub);
+
+ return length;
+ }
+ if (pkType == E255) {
+ int32_t len = getPubKeySize();
+ EcPoint pub;
+
+ bnBegin(&sec);
+ INIT_EC_POINT(&pub);
+
+ bnInsertLittleBytes(pub.x, pubKeyBytes, 0, len);
+
+ /* Generate agreement for responder: sec = pub * privKey */
+ ecdhComputeAgreement(&tmpCtx->curve, &sec, &pub, &tmpCtx->privKey);
+ bnExtractLittleBytes(&sec, secret, 0, length);
+ bnEnd(&sec);
+ FREE_EC_POINT(&pub);
+
+ return length;
+ }
+ return -1;
+}
+
+int32_t ZrtpDH::generatePublicKey()
+{
+ dhCtx* tmpCtx = static_cast<dhCtx*>(ctx);
+
+ bnBegin(&tmpCtx->pubKey);
+ switch (pkType) {
+ case DH2K:
+ bnExpMod(&tmpCtx->pubKey, &two, &tmpCtx->privKey, &bnP2048);
+ break;
+
+ case DH3K:
+ bnExpMod(&tmpCtx->pubKey, &two, &tmpCtx->privKey, &bnP3072);
+ break;
+
+ case EC25:
+ case EC38:
+ case E255:
+ case E414:
+ while (!ecdhGeneratePublic(&tmpCtx->curve, &tmpCtx->pubPoint, &tmpCtx->privKey))
+ ecGenerateRandomNumber(&tmpCtx->curve, &tmpCtx->privKey);
+ }
+ return 0;
+}
+
+int32_t ZrtpDH::getDhSize() const
+{
+ switch (pkType) {
+ case DH2K:
+ return 2048/8;
+ break;
+ case DH3K:
+ return 3072/8;
+ break;
+
+ case EC25:
+ return 32;
+ break;
+ case EC38:
+ return 48;
+ break;
+
+ case E255:
+ return 32;
+ break;
+ case E414:
+ return 52;
+ break;
+ }
+ return 0;
+}
+
+int32_t ZrtpDH::getPubKeySize() const
+{
+ dhCtx* tmpCtx = static_cast<dhCtx*>(ctx);
+ if (pkType == DH2K || pkType == DH3K)
+ return bnBytes(&tmpCtx->pubKey);
+
+ if (pkType == EC25 || pkType == EC38 || pkType == E414)
+ return bnBytes(tmpCtx->curve.p) * 2; // *2 -> x and y coordinate
+
+ if (pkType == E255)
+ return bnBytes(tmpCtx->curve.p);
+ return 0;
+
+}
+
+int32_t ZrtpDH::getPubKeyBytes(uint8_t *buf) const
+{
+ dhCtx* tmpCtx = static_cast<dhCtx*>(ctx);
+
+ if (pkType == DH2K || pkType == DH3K) {
+ // get len of pub_key, prepend with zeros to DH size
+ int size = getPubKeySize();
+ int32_t prepend = getDhSize() - size;
+ if (prepend > 0) {
+ memset(buf, 0, prepend);
+ }
+ bnExtractBigBytes(&tmpCtx->pubKey, buf + prepend, 0, size);
+ return size;
+ }
+
+ if (pkType == EC25 || pkType == EC38 || pkType == E414) {
+ int32_t len = getPubKeySize() / 2;
+
+ bnExtractBigBytes(tmpCtx->pubPoint.x, buf, 0, len);
+ bnExtractBigBytes(tmpCtx->pubPoint.y, buf+len, 0, len);
+ return len * 2;
+ }
+ if (pkType == E255) {
+ int32_t len = getPubKeySize();
+ bnExtractLittleBytes(tmpCtx->pubPoint.x, buf, 0, len);
+ return len;
+ }
+ return 0;
+}
+
+int32_t ZrtpDH::checkPubKey(uint8_t *pubKeyBytes) const
+{
+
+ /* ECC validation (partial), NIST SP800-56A, section 5.6.2.6 */
+ if (pkType == EC25 || pkType == EC38 || pkType == E414) {
+
+ dhCtx* tmpCtx = static_cast<dhCtx*>(ctx);
+ EcPoint pub;
+
+ INIT_EC_POINT(&pub);
+ int32_t len = getPubKeySize() / 2;
+
+ bnInsertBigBytes(pub.x, pubKeyBytes, 0, len);
+ bnInsertBigBytes(pub.y, pubKeyBytes+len, 0, len);
+
+ return ecCheckPubKey(&tmpCtx->curve, &pub);
+ }
+
+ if (pkType == E255) {
+ return 1;
+ }
+
+ BigNum pubKeyOther;
+ bnBegin(&pubKeyOther);
+ bnInsertBigBytes(&pubKeyOther, pubKeyBytes, 0, getDhSize());
+
+ if (pkType == DH2K) {
+ if (bnCmp(&bnP2048MinusOne, &pubKeyOther) == 0) {
+ return 0;
+ }
+ }
+ else if (pkType == DH3K) {
+ if (bnCmp(&bnP3072MinusOne, &pubKeyOther) == 0) {
+ return 0;
+
+ }
+ }
+ else {
+ return 0;
+ }
+ if (bnCmpQ(&pubKeyOther, 1) == 0) {
+ return 0;
+ }
+
+ bnEnd(&pubKeyOther);
+ return 1;
+}
+
+const char* ZrtpDH::getDHtype()
+{
+ switch (pkType) {
+ case DH2K:
+ return dh2k;
+ case DH3K:
+ return dh3k;
+ case EC25:
+ return ec25;
+ case EC38:
+ return ec38;
+ case E255:
+ return e255;
+ case E414:
+ return e414;
+ }
+ return NULL;
+}
+
+/** EMACS **
+ * Local variables:
+ * mode: c++
+ * c-default-style: ellemtel
+ * c-basic-offset: 4
+ * End:
+ */
diff --git a/jni/libzrtp/sources/zrtp/crypto/zrtpDH.h b/jni/libzrtp/sources/zrtp/crypto/zrtpDH.h
new file mode 100644
index 0000000..d2a3a40
--- /dev/null
+++ b/jni/libzrtp/sources/zrtp/crypto/zrtpDH.h
@@ -0,0 +1,180 @@
+/*
+ Copyright (C) 2006-2009 Werner Dittmann
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * Authors: Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+#ifndef _ZRTPDH_H__
+#define _ZRTPDH_H__
+
+#include <stdint.h>
+
+/**
+ * @file zrtpDH.h
+ * @brief Class that implemets Diffie-Helman key agreement for ZRTP
+ *
+ * @ingroup GNU_ZRTP
+ * @{
+ */
+
+/**
+ * Generates a number of random bytes.
+ *
+ * @param buf
+ * Pointer to a buffer that receives the random data. Must have a size
+ * of at least <code>length</code> bytes.
+ *
+ * @param length
+ * Number of random bytes to produce.
+ */
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+void randomZRTP(uint8_t *buf, int32_t length);
+#if defined(__cplusplus)
+}
+#endif
+
+#if defined(__cplusplus)
+
+#include <libzrtpcpp/ZrtpConfigure.h>
+
+const int32_t DH2K = 0;
+const int32_t DH3K = 1;
+const int32_t EC25 = 2;
+const int32_t EC38 = 3;
+const int32_t E255 = 4;
+const int32_t E414 = 5;
+
+
+/**
+ * Implementation of Diffie-Helman for ZRTP
+ *
+ * This class defines functions to generate and compute the
+ * Diffie-Helman public and secret data and the shared secret. According to
+ * the ZRTP specification we use the MODP groups as defined by RFC 3526 for
+ * length 3072 and 4096.
+ *
+ * @author Werner Dittmann <Werner.Dittmann@t-online.de>
+ */
+
+class ZrtpDH {
+
+private:
+ void* ctx; ///< Context the DH
+ int pkType; ///< Which type of DH to use
+
+public:
+ /**
+ * Create a Diffie-Helman key agreement algorithm
+ *
+ * @param type
+ * Name of the DH algorithm to use
+ */
+ ZrtpDH(const char* type);
+
+ ~ZrtpDH();
+
+ /**
+ * Generates a public key based on the DH parameters and a random
+ * private key.
+ *
+ * @return 1 on success, 0 on failure
+ */
+ int32_t generatePublicKey();
+
+ /**
+ * Returns the size in bytes of the DH parameter p.
+ *
+ * @return Size in bytes.
+ */
+ int32_t getDhSize() const;
+
+ /**
+ * Returns the size in bytes of computed public key.
+ *
+ * @return Size in bytes.
+ */
+ int32_t getPubKeySize() const;
+
+ /**
+ * Returns the bytes of computed secret key.
+ *
+ * Returns the bytes of the public key in network (big endian) order.#
+ *
+ * @param buf
+ * Pointer to a buffer of at least <code>getPubKeySize()</code> bytes.
+ *
+ * @return Size in bytes.
+ */
+ int32_t getPubKeyBytes(uint8_t *buf) const;
+
+ /**
+ * Compute the secret key and returns it to caller.
+ *
+ * This method computes the secret key based on the DH parameters, the
+ * private key and the peer's public key.
+ *
+ * @param pubKeyBytes
+ * Pointer to the peer's public key bytes. Must be in big endian order.
+ *
+ * @param secret
+ * Pointer to a buffer that receives the secret key. This buffer must
+ * have a length of at least <code>getSecretSize()</code> bytes.
+ *
+ * @return the size of the shared secret on success, -1 on error.
+ */
+ int32_t computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret);
+
+ /**
+ * Check and validate the public key received from peer.
+ *
+ * Check if this is a correct Diffie-Helman public key. If the public
+ * key value is either one or (P-1) then this is a wrong public key
+ * value.
+ *
+ * @param pubKeyBytes
+ * Pointer to the peer's public key bytes. Must be in big endian order.
+ *
+ * @return 0 if check faild, 1 if public key value is ok.
+ */
+ int32_t checkPubKey(uint8_t* pubKeyBytes) const;
+
+ /**
+ * Get type of DH algorithm.
+ *
+ * @return
+ * Pointer to DH algorithm name
+ */
+ const char* getDHtype();
+};
+#endif /*__cpluscplus */
+#endif
+
+/**
+ * @}
+ */
+
+/** EMACS **
+ * Local variables:
+ * mode: c++
+ * c-default-style: ellemtel
+ * c-basic-offset: 4
+ * End:
+ */