err_status_t ctr_prng_get_octet_string(void *dest, uint32_t len) { err_status_t status; /* * if we need to re-initialize the prng, do so now * * avoid 32-bit overflows by subtracting instead of adding */ if (ctr_prng.octet_count > MAX_PRNG_OUT_LEN - len) { status = ctr_prng_init(ctr_prng.rand); if (status) return status; } ctr_prng.octet_count += len; /* * write prng output */ status = aes_icm_output(&ctr_prng.state, (uint8_t*)dest, len); if (status) return status; return err_status_ok; }
err_status_t ctr_prng_get_octet_string(void *dest, int len) { err_status_t status; /* * if we need to re-initialize the prng, do so now * * we cast to a 64-bit integer in order to avoid overflows */ if ((uint64_t) ctr_prng.octet_count + len > MAX_PRNG_OUT_LEN) { status = ctr_prng_init(ctr_prng.rand); if (status) return status; } ctr_prng.octet_count += len; /* * write prng output */ status = aes_icm_output(&ctr_prng.state, dest, len); if (status) return status; return err_status_ok; }
err_status_t crypto_kernel_init() { err_status_t status; /* initialize error reporting system */ status = err_reporting_init("crypto"); if (status) return status; /* load debug modules */ status = crypto_kernel_load_debug_module(&mod_crypto_kernel); if (status) return status; status = crypto_kernel_load_debug_module(&mod_auth); if (status) return status; status = crypto_kernel_load_debug_module(&mod_cipher); if (status) return status; status = crypto_kernel_load_debug_module(&mod_stat); if (status) return status; status = crypto_kernel_load_debug_module(&mod_alloc); if (status) return status; /* initialize random number generator */ status = rand_source_init(); if (status) return status; /* run FIPS-140 statistical tests on rand_source */ status = stat_test_rand_source(rand_source_get_octet_string); if (status) return status; /* initialize pseudorandom number generator */ status = ctr_prng_init(rand_source_get_octet_string); if (status) return status; /* run FIPS-140 statistical tests on ctr_prng */ status = stat_test_rand_source(ctr_prng_get_octet_string); if (status) return status; /* load cipher types */ status = crypto_kernel_load_cipher_type(&null_cipher, NULL_CIPHER); if (status) return status; status = crypto_kernel_load_cipher_type(&aes_icm, AES_128_ICM); if (status) return status; status = crypto_kernel_load_cipher_type(&aes_cbc, AES_128_CBC); if (status) return status; /* load auth func types */ status = crypto_kernel_load_auth_type(&null_auth, NULL_AUTH); if (status) return status; status = crypto_kernel_load_auth_type(&hmac, HMAC_SHA1); if (status) return status; /* change state to secure */ crypto_kernel.state = crypto_kernel_state_secure; return err_status_ok; }
err_status_t crypto_kernel_init() { err_status_t status; /* check the security state */ if (crypto_kernel.state == crypto_kernel_state_secure) { /* * we're already in the secure state, but we've been asked to * re-initialize, so we just re-run the self-tests and then return */ return crypto_kernel_status(); } /* initialize error reporting system */ status = err_reporting_init("crypto"); if (status) return status; /* load debug modules */ status = crypto_kernel_load_debug_module(&mod_crypto_kernel); if (status) return status; status = crypto_kernel_load_debug_module(&mod_auth); if (status) return status; status = crypto_kernel_load_debug_module(&mod_cipher); if (status) return status; status = crypto_kernel_load_debug_module(&mod_stat); if (status) return status; status = crypto_kernel_load_debug_module(&mod_alloc); if (status) return status; /* initialize random number generator */ status = rand_source_init(); if (status) return status; /* run FIPS-140 statistical tests on rand_source */ status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS); if (status) return status; /* initialize pseudorandom number generator */ status = ctr_prng_init(rand_source_get_octet_string); if (status) return status; /* run FIPS-140 statistical tests on ctr_prng */ status = stat_test_rand_source_with_repetition(ctr_prng_get_octet_string, MAX_RNG_TRIALS); if (status) return status; /* load cipher types */ status = crypto_kernel_load_cipher_type(&null_cipher, NULL_CIPHER); if (status) return status; status = crypto_kernel_load_cipher_type(&aes_icm, AES_128_ICM); if (status) return status; status = crypto_kernel_load_cipher_type(&aes_cbc_cipher, AES_128_CBC); if (status) return status; /* load auth func types */ status = crypto_kernel_load_auth_type(&null_auth, NULL_AUTH); if (status) return status; status = crypto_kernel_load_auth_type(&hmac, HMAC_SHA1); if (status) return status; /* change state to secure */ crypto_kernel.state = crypto_kernel_state_secure; return err_status_ok; }