_public_ int dnssec_tsig_new(dnssec_tsig_ctx_t **ctx_ptr, dnssec_tsig_algorithm_t algorithm, const dnssec_binary_t *key) { if (!ctx_ptr || !key) { return DNSSEC_EINVAL; } dnssec_tsig_ctx_t *ctx = calloc(1, sizeof(*ctx)); if (!ctx) { return DNSSEC_ENOMEM; } ctx->algorithm = algorithm_to_gnutls(algorithm); if (ctx->algorithm == GNUTLS_MAC_UNKNOWN) { free(ctx); return DNSSEC_INVALID_KEY_ALGORITHM; } int result = gnutls_hmac_init(&ctx->hash, ctx->algorithm, key->data, key->size); if (result != 0) { free(ctx); return DNSSEC_SIGN_INIT_ERROR; } *ctx_ptr = ctx; return DNSSEC_EOK; }
static int dcrypt_gnutls_ctx_hmac_init(struct dcrypt_context_hmac *ctx, const char **error_r) { int ec; ec = gnutls_hmac_init(&ctx->ctx, ctx->md, ctx->key.data, ctx->key.size); if (ec < 0) return dcrypt_gnutls_error(ec, error_r); return 0; }
static void cipher_mac_bench(int algo, int mac_algo, int size) { int ret; gnutls_cipher_hd_t ctx; gnutls_hmac_hd_t mac_ctx; void *_key, *_iv; gnutls_datum_t key, iv; int ivsize = gnutls_cipher_get_iv_size(algo); int keysize = gnutls_cipher_get_key_size(algo); int step = size * 1024; struct benchmark_st st; void *output, *input; unsigned char c, *i; _key = malloc(keysize); if (_key == NULL) return; memset(_key, 0xf0, keysize); _iv = malloc(ivsize); if (_iv == NULL) { free(_key); return; } memset(_iv, 0xf0, ivsize); iv.data = _iv; iv.size = ivsize; key.data = _key; key.size = keysize; assert(gnutls_rnd(GNUTLS_RND_NONCE, &c, 1) >= 0); printf("%19s-%s ", gnutls_cipher_get_name(algo), gnutls_mac_get_name(mac_algo)); fflush(stdout); ALLOCM(input, MAX_MEM); ALLOC(output); i = input; start_benchmark(&st); ret = gnutls_hmac_init(&mac_ctx, mac_algo, key.data, key.size); if (ret < 0) { fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); goto leave; } ret = gnutls_cipher_init(&ctx, algo, &key, &iv); if (ret < 0) { fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); goto leave; } do { gnutls_hmac(mac_ctx, i, step); gnutls_cipher_encrypt2(ctx, i, step, output, step + 64); st.size += step; INC(input, i, step); } while (benchmark_must_finish == 0); gnutls_cipher_deinit(ctx); gnutls_hmac_deinit(mac_ctx, NULL); stop_benchmark(&st, NULL, 1); leave: FREE(input); FREE(output); free(_key); free(_iv); }
void doit(void) { int ret; unsigned int mode; gnutls_cipher_hd_t ch; gnutls_hmac_hd_t mh; gnutls_session_t session; gnutls_pubkey_t pubkey; gnutls_x509_privkey_t xprivkey; gnutls_privkey_t privkey; gnutls_datum_t key = { key16, sizeof(key16) }; gnutls_datum_t iv = { iv16, sizeof(iv16) }; fprintf(stderr, "Please note that if in FIPS140 mode, you need to assure the library's integrity prior to running this test\n"); gnutls_global_set_log_function(tls_log_func); if (debug) gnutls_global_set_log_level(4711); mode = gnutls_fips140_mode_enabled(); if (mode == 0) { success("We are not in FIPS140 mode\n"); exit(77); } ret = global_init(); if (ret < 0) { fail("Cannot initialize library\n"); } /* Try crypto.h functionality */ ret = gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv); if (ret < 0) { fail("gnutls_cipher_init failed\n"); } gnutls_cipher_deinit(ch); ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size); if (ret < 0) { fail("gnutls_hmac_init failed\n"); } gnutls_hmac_deinit(mh, NULL); ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16)); if (ret < 0) { fail("gnutls_rnd failed\n"); } ret = gnutls_pubkey_init(&pubkey); if (ret < 0) { fail("gnutls_pubkey_init failed\n"); } gnutls_pubkey_deinit(pubkey); ret = gnutls_privkey_init(&privkey); if (ret < 0) { fail("gnutls_privkey_init failed\n"); } gnutls_privkey_deinit(privkey); ret = gnutls_x509_privkey_init(&xprivkey); if (ret < 0) { fail("gnutls_privkey_init failed\n"); } gnutls_x509_privkey_deinit(xprivkey); ret = gnutls_init(&session, 0); if (ret < 0) { fail("gnutls_init failed\n"); } gnutls_deinit(session); /* Test when FIPS140 is set to error state */ _gnutls_lib_simulate_error(); /* Try crypto.h functionality */ ret = gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv); if (ret >= 0) { fail("gnutls_cipher_init succeeded when in FIPS140 error state\n"); } ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size); if (ret >= 0) { fail("gnutls_hmac_init succeeded when in FIPS140 error state\n"); } ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16)); if (ret >= 0) { fail("gnutls_rnd succeeded when in FIPS140 error state\n"); } ret = gnutls_pubkey_init(&pubkey); if (ret >= 0) { fail("gnutls_pubkey_init succeeded when in FIPS140 error state\n"); } ret = gnutls_privkey_init(&privkey); if (ret >= 0) { fail("gnutls_privkey_init succeeded when in FIPS140 error state\n"); } ret = gnutls_x509_privkey_init(&xprivkey); if (ret >= 0) { fail("gnutls_x509_privkey_init succeeded when in FIPS140 error state\n"); } ret = gnutls_init(&session, 0); if (ret >= 0) { fail("gnutls_init succeeded when in FIPS140 error state\n"); } gnutls_global_deinit(); return; }
static void cipher_mac_bench(int algo, int mac_algo, int size) { int ret; gnutls_cipher_hd_t ctx; gnutls_hmac_hd_t mac_ctx; void *_key, *_iv; gnutls_datum_t key, iv; int ivsize = gnutls_cipher_get_iv_size(algo); int keysize = gnutls_cipher_get_key_size(algo); int step = size * 1024; struct benchmark_st st; _key = malloc(keysize); if (_key == NULL) return; memset(_key, 0xf0, keysize); _iv = malloc(ivsize); if (_iv == NULL) return; memset(_iv, 0xf0, ivsize); iv.data = _iv; iv.size = ivsize; key.data = _key; key.size = keysize; printf("%16s-%s ", gnutls_cipher_get_name(algo), gnutls_mac_get_name(mac_algo)); fflush(stdout); start_benchmark(&st); ret = gnutls_hmac_init(&mac_ctx, mac_algo, key.data, key.size); if (ret < 0) { fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); goto leave; } ret = gnutls_cipher_init(&ctx, algo, &key, &iv); if (ret < 0) { fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); goto leave; } gnutls_hmac(mac_ctx, data, 1024); do { gnutls_hmac(mac_ctx, data, step); gnutls_cipher_encrypt2(ctx, data, step, data, step + 64); st.size += step; } while (benchmark_must_finish == 0); gnutls_cipher_deinit(ctx); gnutls_hmac_deinit(mac_ctx, NULL); stop_benchmark(&st, NULL, 1); leave: free(_key); free(_iv); }