err_status_t
crypto_kernel_do_load_auth_type(auth_type_t *new_at, auth_type_id_t id,
int replace) {
kernel_auth_type_t *atype, *new_atype;
err_status_t status;
/* defensive coding */
if (new_at == NULL)
return err_status_bad_param;
if (new_at->id != id)
return err_status_bad_param;
/* check auth type by running self-test */
status = auth_type_self_test(new_at);
if (status) {
return status;
}
/* walk down list, checking if this type is in the list already */
atype = crypto_kernel.auth_type_list;
while (atype != NULL) {
if (id == atype->id) {
if (!replace)
return err_status_bad_param;
status = auth_type_test(new_at, atype->auth_type->test_data);
if (status)
return status;
new_atype = atype;
break;
}
else if (new_at == atype->auth_type)
return err_status_bad_param;
atype = atype->next;
}
/* if not found, put new_at at the head of the list */
if (atype == NULL) {
/* allocate memory */
new_atype = (kernel_auth_type_t *)crypto_alloc(sizeof(kernel_auth_type_t));
if (new_atype == NULL)
return err_status_alloc_fail;
new_atype->next = crypto_kernel.auth_type_list;
/* set head of list to new auth type */
crypto_kernel.auth_type_list = new_atype;
}
/* set fields */
new_atype->auth_type = new_at;
new_atype->id = id;
/* load debug module, if there is one present */
if (new_at->debug != NULL)
crypto_kernel_load_debug_module(new_at->debug);
/* we could check for errors here */
return err_status_ok;
}
err_status_t crypto_kernel_load_cipher_type(cipher_type_t *new_ct,
cipher_type_id_t id) {
kernel_cipher_type_t *ctype, *new_ctype;
err_status_t status;
/* defensive coding */
if (new_ct == NULL)
return err_status_bad_param;
/* check cipher type by running self-test */
status = cipher_type_self_test(new_ct);
if (status) {
return status;
}
/* walk down list, checking if this type is in the list already */
ctype = crypto_kernel.cipher_type_list;
while (ctype != NULL) {
if ((new_ct == ctype->cipher_type) || (id == ctype->id))
return err_status_bad_param;
ctype = ctype->next;
}
/* put new_ct at the head of the list */
/* allocate memory */
new_ctype = (kernel_cipher_type_t *) crypto_alloc(
sizeof(kernel_cipher_type_t));
if (new_ctype == NULL)
return err_status_alloc_fail;
/* set fields */
new_ctype->cipher_type = new_ct;
new_ctype->id = id;
new_ctype->next = crypto_kernel.cipher_type_list;
/* set head of list to new cipher type */
crypto_kernel.cipher_type_list = new_ctype;
/* load debug module, if there is one present */
if (new_ct->debug != NULL)
crypto_kernel_load_debug_module(new_ct->debug);
/* we could check for errors here */
return err_status_ok;
}
err_status_t
crypto_kernel_init() {
err_status_t status;
/* initialize error reporting system */
status = err_reporting_init("crypto");
if (status)
return status;
/* load debug modules */
status = crypto_kernel_load_debug_module(&mod_crypto_kernel);
if (status)
return status;
status = crypto_kernel_load_debug_module(&mod_auth);
if (status)
return status;
status = crypto_kernel_load_debug_module(&mod_cipher);
if (status)
return status;
status = crypto_kernel_load_debug_module(&mod_stat);
if (status)
return status;
status = crypto_kernel_load_debug_module(&mod_alloc);
if (status)
return status;
/* initialize random number generator */
status = rand_source_init();
if (status)
return status;
/* run FIPS-140 statistical tests on rand_source */
status = stat_test_rand_source(rand_source_get_octet_string);
if (status)
return status;
/* initialize pseudorandom number generator */
status = ctr_prng_init(rand_source_get_octet_string);
if (status)
return status;
/* run FIPS-140 statistical tests on ctr_prng */
status = stat_test_rand_source(ctr_prng_get_octet_string);
if (status)
return status;
/* load cipher types */
status = crypto_kernel_load_cipher_type(&null_cipher, NULL_CIPHER);
if (status)
return status;
status = crypto_kernel_load_cipher_type(&aes_icm, AES_128_ICM);
if (status)
return status;
status = crypto_kernel_load_cipher_type(&aes_cbc, AES_128_CBC);
if (status)
return status;
/* load auth func types */
status = crypto_kernel_load_auth_type(&null_auth, NULL_AUTH);
if (status)
return status;
status = crypto_kernel_load_auth_type(&hmac, HMAC_SHA1);
if (status)
return status;
/* change state to secure */
crypto_kernel.state = crypto_kernel_state_secure;
return err_status_ok;
}
int
main (int argc, char *argv[]) {
char q;
unsigned do_timing_test = 0;
unsigned do_rejection_test = 0;
unsigned do_codec_timing = 0;
unsigned do_validation = 0;
unsigned do_list_mods = 0;
err_status_t status;
/*
* verify that the compiler has interpreted the header data
* structure srtp_hdr_t correctly
*/
if (sizeof(srtp_hdr_t) != 12) {
printf("error: srtp_hdr_t has incorrect size\n");
exit(1);
}
/* initialize srtp library */
status = srtp_init();
if (status) {
printf("error: srtp init failed with error code %d\n", status);
exit(1);
}
/* load srtp_driver debug module */
status = crypto_kernel_load_debug_module(&mod_driver);
if (status) {
printf("error: load of srtp_driver debug module failed "
"with error code %d\n", status);
exit(1);
}
/* process input arguments */
while (1) {
q = getopt(argc, argv, "trcvld:");
if (q == -1)
break;
switch (q) {
case 't':
do_timing_test = 1;
break;
case 'r':
do_rejection_test = 1;
break;
case 'c':
do_codec_timing = 1;
break;
case 'v':
do_validation = 1;
break;
case 'l':
do_list_mods = 1;
break;
case 'd':
status = crypto_kernel_set_debug_module(optarg, 1);
if (status) {
printf("error: set debug module (%s) failed\n", optarg);
exit(1);
}
break;
default:
usage(argv[0]);
}
}
if (!do_validation && !do_timing_test && !do_codec_timing
&& !do_list_mods && !do_rejection_test)
usage(argv[0]);
if (do_list_mods) {
status = crypto_kernel_list_debug_modules();
if (status) {
printf("error: list of debug modules failed\n");
exit(1);
}
}
if (do_validation) {
const srtp_policy_t **policy = policy_array;
srtp_policy_t *big_policy;
/* loop over policy array, testing srtp and srtcp for each policy */
while (*policy != NULL) {
printf("testing srtp_protect and srtp_unprotect\n");
if (srtp_test(*policy) == err_status_ok)
printf("passed\n\n");
else {
printf("failed\n");
exit(1);
}
printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n");
if (srtcp_test(*policy) == err_status_ok)
printf("passed\n\n");
else {
printf("failed\n");
exit(1);
}
policy++;
}
/* create a big policy list and run tests on it */
status = srtp_create_big_policy(&big_policy);
if (status) {
printf("unexpected failure with error code %d\n", status);
exit(1);
}
printf("testing srtp_protect and srtp_unprotect with big policy\n");
if (srtp_test(big_policy) == err_status_ok)
printf("passed\n\n");
else {
printf("failed\n");
exit(1);
}
/* run test on wildcard policy */
printf("testing srtp_protect and srtp_unprotect on "
"wildcard ssrc policy\n");
if (srtp_test(&wildcard_policy) == err_status_ok)
printf("passed\n\n");
else {
printf("failed\n");
exit(1);
}
/*
* run validation test against the reference packets - note
* that this test only covers the default policy
*/
printf("testing srtp_protect and srtp_unprotect against "
"reference packets\n");
if (srtp_validate() == err_status_ok)
printf("passed\n\n");
else {
printf("failed\n");
exit(1);
}
/*
* test the function srtp_remove_stream()
*/
printf("testing srtp_remove_stream()...");
if (srtp_test_remove_stream() == err_status_ok)
printf("passed\n");
else {
printf("failed\n");
exit(1);
}
}
if (do_timing_test) {
const srtp_policy_t **policy = policy_array;
/* loop over policies, run timing test for each */
while (*policy != NULL) {
srtp_print_policy(*policy);
srtp_do_timing(*policy);
policy++;
}
}
if (do_rejection_test) {
const srtp_policy_t **policy = policy_array;
/* loop over policies, run rejection timing test for each */
while (*policy != NULL) {
srtp_print_policy(*policy);
srtp_do_rejection_timing(*policy);
policy++;
}
}
if (do_codec_timing) {
srtp_policy_t policy;
int ignore;
double mips = mips_estimate(1000000000, &ignore);
crypto_policy_set_rtp_default(&policy.rtp);
crypto_policy_set_rtcp_default(&policy.rtcp);
policy.ssrc.type = ssrc_specific;
policy.ssrc.value = 0xdecafbad;
policy.key = test_key;
policy.next = NULL;
printf("mips estimate: %e\n", mips);
printf("testing srtp processing time for voice codecs:\n");
printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n");
printf("G.711\t\t%d\t\t\t%e\n", 80,
(double) mips * (80 * 8) /
srtp_bits_per_second(80, &policy) / .01 );
printf("G.711\t\t%d\t\t\t%e\n", 160,
(double) mips * (160 * 8) /
srtp_bits_per_second(160, &policy) / .02);
printf("G.726-32\t%d\t\t\t%e\n", 40,
(double) mips * (40 * 8) /
srtp_bits_per_second(40, &policy) / .01 );
printf("G.726-32\t%d\t\t\t%e\n", 80,
(double) mips * (80 * 8) /
srtp_bits_per_second(80, &policy) / .02);
printf("G.729\t\t%d\t\t\t%e\n", 10,
(double) mips * (10 * 8) /
srtp_bits_per_second(10, &policy) / .01 );
printf("G.729\t\t%d\t\t\t%e\n", 20,
(double) mips * (20 * 8) /
srtp_bits_per_second(20, &policy) / .02 );
}
return 0;
}
err_status_t
crypto_kernel_init() {
err_status_t status;
/* check the security state */
if (crypto_kernel.state == crypto_kernel_state_secure) {
/*
* we're already in the secure state, but we've been asked to
* re-initialize, so we just re-run the self-tests and then return
*/
return crypto_kernel_status();
}
/* initialize error reporting system */
status = err_reporting_init("crypto");
if (status)
return status;
/* load debug modules */
status = crypto_kernel_load_debug_module(&mod_crypto_kernel);
if (status)
return status;
status = crypto_kernel_load_debug_module(&mod_auth);
if (status)
return status;
status = crypto_kernel_load_debug_module(&mod_cipher);
if (status)
return status;
status = crypto_kernel_load_debug_module(&mod_stat);
if (status)
return status;
status = crypto_kernel_load_debug_module(&mod_alloc);
if (status)
return status;
/* initialize random number generator */
status = rand_source_init();
if (status)
return status;
/* run FIPS-140 statistical tests on rand_source */
status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS);
if (status)
return status;
/* initialize pseudorandom number generator */
status = ctr_prng_init(rand_source_get_octet_string);
if (status)
return status;
/* run FIPS-140 statistical tests on ctr_prng */
status = stat_test_rand_source_with_repetition(ctr_prng_get_octet_string, MAX_RNG_TRIALS);
if (status)
return status;
/* load cipher types */
status = crypto_kernel_load_cipher_type(&null_cipher, NULL_CIPHER);
if (status)
return status;
status = crypto_kernel_load_cipher_type(&aes_icm, AES_128_ICM);
if (status)
return status;
status = crypto_kernel_load_cipher_type(&aes_cbc_cipher, AES_128_CBC);
if (status)
return status;
/* load auth func types */
status = crypto_kernel_load_auth_type(&null_auth, NULL_AUTH);
if (status)
return status;
status = crypto_kernel_load_auth_type(&hmac, HMAC_SHA1);
if (status)
return status;
/* change state to secure */
crypto_kernel.state = crypto_kernel_state_secure;
return err_status_ok;
}
