static int dcrypt_gnutls_ctx_hmac_destroy(struct dcrypt_context_hmac **ctx) { pool_t pool = (*ctx)->pool; gnutls_hmac_deinit((*ctx)->ctx, NULL); pool_unref(&pool); *ctx = NULL; return 0; }
_public_ void dnssec_tsig_free(dnssec_tsig_ctx_t *ctx) { if (!ctx) { return; } gnutls_hmac_deinit(ctx->hash, NULL); free(ctx); }
static void cipher_mac_bench(int algo, int mac_algo, int size) { int ret; gnutls_cipher_hd_t ctx; gnutls_hmac_hd_t mac_ctx; void *_key, *_iv; gnutls_datum_t key, iv; int ivsize = gnutls_cipher_get_iv_size(algo); int keysize = gnutls_cipher_get_key_size(algo); int step = size * 1024; struct benchmark_st st; void *output, *input; unsigned char c, *i; _key = malloc(keysize); if (_key == NULL) return; memset(_key, 0xf0, keysize); _iv = malloc(ivsize); if (_iv == NULL) { free(_key); return; } memset(_iv, 0xf0, ivsize); iv.data = _iv; iv.size = ivsize; key.data = _key; key.size = keysize; assert(gnutls_rnd(GNUTLS_RND_NONCE, &c, 1) >= 0); printf("%19s-%s ", gnutls_cipher_get_name(algo), gnutls_mac_get_name(mac_algo)); fflush(stdout); ALLOCM(input, MAX_MEM); ALLOC(output); i = input; start_benchmark(&st); ret = gnutls_hmac_init(&mac_ctx, mac_algo, key.data, key.size); if (ret < 0) { fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); goto leave; } ret = gnutls_cipher_init(&ctx, algo, &key, &iv); if (ret < 0) { fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); goto leave; } do { gnutls_hmac(mac_ctx, i, step); gnutls_cipher_encrypt2(ctx, i, step, output, step + 64); st.size += step; INC(input, i, step); } while (benchmark_must_finish == 0); gnutls_cipher_deinit(ctx); gnutls_hmac_deinit(mac_ctx, NULL); stop_benchmark(&st, NULL, 1); leave: FREE(input); FREE(output); free(_key); free(_iv); }
void doit(void) { int ret; unsigned int mode; gnutls_cipher_hd_t ch; gnutls_hmac_hd_t mh; gnutls_session_t session; gnutls_pubkey_t pubkey; gnutls_x509_privkey_t xprivkey; gnutls_privkey_t privkey; gnutls_datum_t key = { key16, sizeof(key16) }; gnutls_datum_t iv = { iv16, sizeof(iv16) }; fprintf(stderr, "Please note that if in FIPS140 mode, you need to assure the library's integrity prior to running this test\n"); gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(4711); mode = gnutls_fips140_mode_enabled(); if (mode == 0) { success("We are not in FIPS140 mode\n"); exit(77); } ret = global_init(); if (ret < 0) { fail("Cannot initialize library\n"); } /* Try crypto.h functionality */ ret = gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv); if (ret < 0) { fail("gnutls_cipher_init failed\n"); } gnutls_cipher_deinit(ch); ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size); if (ret < 0) { fail("gnutls_hmac_init failed\n"); } gnutls_hmac_deinit(mh, NULL); ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16)); if (ret < 0) { fail("gnutls_rnd failed\n"); } ret = gnutls_pubkey_init(&pubkey); if (ret < 0) { fail("gnutls_pubkey_init failed\n"); } gnutls_pubkey_deinit(pubkey); ret = gnutls_privkey_init(&privkey); if (ret < 0) { fail("gnutls_privkey_init failed\n"); } gnutls_privkey_deinit(privkey); ret = gnutls_x509_privkey_init(&xprivkey); if (ret < 0) { fail("gnutls_privkey_init failed\n"); } gnutls_x509_privkey_deinit(xprivkey); ret = gnutls_init(&session, 0); if (ret < 0) { fail("gnutls_init failed\n"); } gnutls_deinit(session); /* Test when FIPS140 is set to error state */ _gnutls_lib_simulate_error(); /* Try crypto.h functionality */ ret = gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv); if (ret >= 0) { fail("gnutls_cipher_init succeeded when in FIPS140 error state\n"); } ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size); if (ret >= 0) { fail("gnutls_hmac_init succeeded when in FIPS140 error state\n"); } ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16)); if (ret >= 0) { fail("gnutls_rnd succeeded when in FIPS140 error state\n"); } ret = gnutls_pubkey_init(&pubkey); if (ret >= 0) { fail("gnutls_pubkey_init succeeded when in FIPS140 error state\n"); } ret = gnutls_privkey_init(&privkey); if (ret >= 0) { fail("gnutls_privkey_init succeeded when in FIPS140 error state\n"); } ret = gnutls_x509_privkey_init(&xprivkey); if (ret >= 0) { fail("gnutls_x509_privkey_init succeeded when in FIPS140 error state\n"); } ret = gnutls_init(&session, 0); if (ret >= 0) { fail("gnutls_init succeeded when in FIPS140 error state\n"); } gnutls_global_deinit(); return; }
static void cipher_mac_bench(int algo, int mac_algo, int size) { int ret; gnutls_cipher_hd_t ctx; gnutls_hmac_hd_t mac_ctx; void *_key, *_iv; gnutls_datum_t key, iv; int ivsize = gnutls_cipher_get_iv_size(algo); int keysize = gnutls_cipher_get_key_size(algo); int step = size * 1024; struct benchmark_st st; _key = malloc(keysize); if (_key == NULL) return; memset(_key, 0xf0, keysize); _iv = malloc(ivsize); if (_iv == NULL) return; memset(_iv, 0xf0, ivsize); iv.data = _iv; iv.size = ivsize; key.data = _key; key.size = keysize; printf("%16s-%s ", gnutls_cipher_get_name(algo), gnutls_mac_get_name(mac_algo)); fflush(stdout); start_benchmark(&st); ret = gnutls_hmac_init(&mac_ctx, mac_algo, key.data, key.size); if (ret < 0) { fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); goto leave; } ret = gnutls_cipher_init(&ctx, algo, &key, &iv); if (ret < 0) { fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); goto leave; } gnutls_hmac(mac_ctx, data, 1024); do { gnutls_hmac(mac_ctx, data, step); gnutls_cipher_encrypt2(ctx, data, step, data, step + 64); st.size += step; } while (benchmark_must_finish == 0); gnutls_cipher_deinit(ctx); gnutls_hmac_deinit(mac_ctx, NULL); stop_benchmark(&st, NULL, 1); leave: free(_key); free(_iv); }