static
int dcrypt_gnutls_ctx_hmac_destroy(struct dcrypt_context_hmac **ctx)
{
pool_t pool = (*ctx)->pool;
gnutls_hmac_deinit((*ctx)->ctx, NULL);
pool_unref(&pool);
*ctx = NULL;
return 0;
}
_public_
void dnssec_tsig_free(dnssec_tsig_ctx_t *ctx)
{
if (!ctx) {
return;
}
gnutls_hmac_deinit(ctx->hash, NULL);
free(ctx);
}
static void cipher_mac_bench(int algo, int mac_algo, int size)
{
int ret;
gnutls_cipher_hd_t ctx;
gnutls_hmac_hd_t mac_ctx;
void *_key, *_iv;
gnutls_datum_t key, iv;
int ivsize = gnutls_cipher_get_iv_size(algo);
int keysize = gnutls_cipher_get_key_size(algo);
int step = size * 1024;
struct benchmark_st st;
void *output, *input;
unsigned char c, *i;
_key = malloc(keysize);
if (_key == NULL)
return;
memset(_key, 0xf0, keysize);
_iv = malloc(ivsize);
if (_iv == NULL) {
free(_key);
return;
}
memset(_iv, 0xf0, ivsize);
iv.data = _iv;
iv.size = ivsize;
key.data = _key;
key.size = keysize;
assert(gnutls_rnd(GNUTLS_RND_NONCE, &c, 1) >= 0);
printf("%19s-%s ", gnutls_cipher_get_name(algo),
gnutls_mac_get_name(mac_algo));
fflush(stdout);
ALLOCM(input, MAX_MEM);
ALLOC(output);
i = input;
start_benchmark(&st);
ret = gnutls_hmac_init(&mac_ctx, mac_algo, key.data, key.size);
if (ret < 0) {
fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
goto leave;
}
ret = gnutls_cipher_init(&ctx, algo, &key, &iv);
if (ret < 0) {
fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
goto leave;
}
do {
gnutls_hmac(mac_ctx, i, step);
gnutls_cipher_encrypt2(ctx, i, step, output, step + 64);
st.size += step;
INC(input, i, step);
}
while (benchmark_must_finish == 0);
gnutls_cipher_deinit(ctx);
gnutls_hmac_deinit(mac_ctx, NULL);
stop_benchmark(&st, NULL, 1);
leave:
FREE(input);
FREE(output);
free(_key);
free(_iv);
}
void doit(void)
{
int ret;
unsigned int mode;
gnutls_cipher_hd_t ch;
gnutls_hmac_hd_t mh;
gnutls_session_t session;
gnutls_pubkey_t pubkey;
gnutls_x509_privkey_t xprivkey;
gnutls_privkey_t privkey;
gnutls_datum_t key = { key16, sizeof(key16) };
gnutls_datum_t iv = { iv16, sizeof(iv16) };
fprintf(stderr,
"Please note that if in FIPS140 mode, you need to assure the library's integrity prior to running this test\n");
gnutls_global_set_log_function(tls_log_func);
if (debug)
gnutls_global_set_log_level(4711);
mode = gnutls_fips140_mode_enabled();
if (mode == 0) {
success("We are not in FIPS140 mode\n");
exit(77);
}
ret = global_init();
if (ret < 0) {
fail("Cannot initialize library\n");
}
/* Try crypto.h functionality */
ret =
gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv);
if (ret < 0) {
fail("gnutls_cipher_init failed\n");
}
gnutls_cipher_deinit(ch);
ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size);
if (ret < 0) {
fail("gnutls_hmac_init failed\n");
}
gnutls_hmac_deinit(mh, NULL);
ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16));
if (ret < 0) {
fail("gnutls_rnd failed\n");
}
ret = gnutls_pubkey_init(&pubkey);
if (ret < 0) {
fail("gnutls_pubkey_init failed\n");
}
gnutls_pubkey_deinit(pubkey);
ret = gnutls_privkey_init(&privkey);
if (ret < 0) {
fail("gnutls_privkey_init failed\n");
}
gnutls_privkey_deinit(privkey);
ret = gnutls_x509_privkey_init(&xprivkey);
if (ret < 0) {
fail("gnutls_privkey_init failed\n");
}
gnutls_x509_privkey_deinit(xprivkey);
ret = gnutls_init(&session, 0);
if (ret < 0) {
fail("gnutls_init failed\n");
}
gnutls_deinit(session);
/* Test when FIPS140 is set to error state */
_gnutls_lib_simulate_error();
/* Try crypto.h functionality */
ret =
gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv);
if (ret >= 0) {
fail("gnutls_cipher_init succeeded when in FIPS140 error state\n");
}
ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size);
if (ret >= 0) {
fail("gnutls_hmac_init succeeded when in FIPS140 error state\n");
}
ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16));
if (ret >= 0) {
fail("gnutls_rnd succeeded when in FIPS140 error state\n");
}
ret = gnutls_pubkey_init(&pubkey);
if (ret >= 0) {
fail("gnutls_pubkey_init succeeded when in FIPS140 error state\n");
}
ret = gnutls_privkey_init(&privkey);
if (ret >= 0) {
fail("gnutls_privkey_init succeeded when in FIPS140 error state\n");
}
ret = gnutls_x509_privkey_init(&xprivkey);
if (ret >= 0) {
fail("gnutls_x509_privkey_init succeeded when in FIPS140 error state\n");
}
ret = gnutls_init(&session, 0);
if (ret >= 0) {
fail("gnutls_init succeeded when in FIPS140 error state\n");
}
gnutls_global_deinit();
return;
}
static void cipher_mac_bench(int algo, int mac_algo, int size)
{
int ret;
gnutls_cipher_hd_t ctx;
gnutls_hmac_hd_t mac_ctx;
void *_key, *_iv;
gnutls_datum_t key, iv;
int ivsize = gnutls_cipher_get_iv_size(algo);
int keysize = gnutls_cipher_get_key_size(algo);
int step = size * 1024;
struct benchmark_st st;
_key = malloc(keysize);
if (_key == NULL)
return;
memset(_key, 0xf0, keysize);
_iv = malloc(ivsize);
if (_iv == NULL)
return;
memset(_iv, 0xf0, ivsize);
iv.data = _iv;
iv.size = ivsize;
key.data = _key;
key.size = keysize;
printf("%16s-%s ", gnutls_cipher_get_name(algo),
gnutls_mac_get_name(mac_algo));
fflush(stdout);
start_benchmark(&st);
ret = gnutls_hmac_init(&mac_ctx, mac_algo, key.data, key.size);
if (ret < 0) {
fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
goto leave;
}
ret = gnutls_cipher_init(&ctx, algo, &key, &iv);
if (ret < 0) {
fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
goto leave;
}
gnutls_hmac(mac_ctx, data, 1024);
do {
gnutls_hmac(mac_ctx, data, step);
gnutls_cipher_encrypt2(ctx, data, step, data, step + 64);
st.size += step;
}
while (benchmark_must_finish == 0);
gnutls_cipher_deinit(ctx);
gnutls_hmac_deinit(mac_ctx, NULL);
stop_benchmark(&st, NULL, 1);
leave:
free(_key);
free(_iv);
}
