err_status_t
crypto_kernel_status() {
err_status_t status;
kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
kernel_debug_module_t *dm = crypto_kernel.debug_module_list;
/* run FIPS-140 statistical tests on rand_source */
printf("testing rand_source...");
status = stat_test_rand_source(rand_source_get_octet_string);
if (status) {
printf("failed\n");
crypto_kernel.state = crypto_kernel_state_insecure;
return status;
}
printf("passed\n");
/* for each cipher type, describe and test */
while(ctype != NULL) {
printf("cipher: %s\n", ctype->cipher_type->description);
printf(" instance count: %d\n", ctype->cipher_type->ref_count);
printf(" self-test: ");
status = cipher_type_self_test(ctype->cipher_type);
if (status) {
printf("failed with error code %d\n", status);
exit(status);
}
printf("passed\n");
ctype = ctype->next;
}
/* for each auth type, describe and test */
while(atype != NULL) {
printf("auth func: %s\n", atype->auth_type->description);
printf(" instance count: %d\n", atype->auth_type->ref_count);
printf(" self-test: ");
status = auth_type_self_test(atype->auth_type);
if (status) {
printf("failed with error code %d\n", status);
exit(status);
}
printf("passed\n");
atype = atype->next;
}
/* describe each debug module */
printf("debug modules loaded:\n");
while (dm != NULL) {
printf(" %s ", dm->mod->name);
if (dm->mod->on)
printf("(on)\n");
else
printf("(off)\n");
dm = dm->next;
}
return err_status_ok;
}
err_status_t
stat_test_rand_source_with_repetition(rand_source_func_t source, unsigned num_trials) {
unsigned int i;
err_status_t err = err_status_algo_fail;
for (i=0; i < num_trials; i++) {
err = stat_test_rand_source(source);
if (err == err_status_ok) {
return err_status_ok;
}
debug_print(mod_stat, "failed stat test (try number %d)\n", i);
}
return err;
}
err_status_t
crypto_kernel_init() {
err_status_t status;
/* initialize error reporting system */
status = err_reporting_init("crypto");
if (status)
return status;
/* load debug modules */
status = crypto_kernel_load_debug_module(&mod_crypto_kernel);
if (status)
return status;
status = crypto_kernel_load_debug_module(&mod_auth);
if (status)
return status;
status = crypto_kernel_load_debug_module(&mod_cipher);
if (status)
return status;
status = crypto_kernel_load_debug_module(&mod_stat);
if (status)
return status;
status = crypto_kernel_load_debug_module(&mod_alloc);
if (status)
return status;
/* initialize random number generator */
status = rand_source_init();
if (status)
return status;
/* run FIPS-140 statistical tests on rand_source */
status = stat_test_rand_source(rand_source_get_octet_string);
if (status)
return status;
/* initialize pseudorandom number generator */
status = ctr_prng_init(rand_source_get_octet_string);
if (status)
return status;
/* run FIPS-140 statistical tests on ctr_prng */
status = stat_test_rand_source(ctr_prng_get_octet_string);
if (status)
return status;
/* load cipher types */
status = crypto_kernel_load_cipher_type(&null_cipher, NULL_CIPHER);
if (status)
return status;
status = crypto_kernel_load_cipher_type(&aes_icm, AES_128_ICM);
if (status)
return status;
status = crypto_kernel_load_cipher_type(&aes_cbc, AES_128_CBC);
if (status)
return status;
/* load auth func types */
status = crypto_kernel_load_auth_type(&null_auth, NULL_AUTH);
if (status)
return status;
status = crypto_kernel_load_auth_type(&hmac, HMAC_SHA1);
if (status)
return status;
/* change state to secure */
crypto_kernel.state = crypto_kernel_state_secure;
return err_status_ok;
}