err_status_t crypto_kernel_do_load_auth_type(auth_type_t *new_at, auth_type_id_t id, int replace) { kernel_auth_type_t *atype, *new_atype; err_status_t status; /* defensive coding */ if (new_at == NULL) return err_status_bad_param; if (new_at->id != id) return err_status_bad_param; /* check auth type by running self-test */ status = auth_type_self_test(new_at); if (status) { return status; } /* walk down list, checking if this type is in the list already */ atype = crypto_kernel.auth_type_list; while (atype != NULL) { if (id == atype->id) { if (!replace) return err_status_bad_param; status = auth_type_test(new_at, atype->auth_type->test_data); if (status) return status; new_atype = atype; break; } else if (new_at == atype->auth_type) return err_status_bad_param; atype = atype->next; } /* if not found, put new_at at the head of the list */ if (atype == NULL) { /* allocate memory */ new_atype = (kernel_auth_type_t *)crypto_alloc(sizeof(kernel_auth_type_t)); if (new_atype == NULL) return err_status_alloc_fail; new_atype->next = crypto_kernel.auth_type_list; /* set head of list to new auth type */ crypto_kernel.auth_type_list = new_atype; } /* set fields */ new_atype->auth_type = new_at; new_atype->id = id; /* load debug module, if there is one present */ if (new_at->debug != NULL) crypto_kernel_load_debug_module(new_at->debug); /* we could check for errors here */ return err_status_ok; }
err_status_t crypto_kernel_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) { kernel_cipher_type_t *ctype, *new_ctype; err_status_t status; /* defensive coding */ if (new_ct == NULL) return err_status_bad_param; /* check cipher type by running self-test */ status = cipher_type_self_test(new_ct); if (status) { return status; } /* walk down list, checking if this type is in the list already */ ctype = crypto_kernel.cipher_type_list; while (ctype != NULL) { if ((new_ct == ctype->cipher_type) || (id == ctype->id)) return err_status_bad_param; ctype = ctype->next; } /* put new_ct at the head of the list */ /* allocate memory */ new_ctype = (kernel_cipher_type_t *) crypto_alloc( sizeof(kernel_cipher_type_t)); if (new_ctype == NULL) return err_status_alloc_fail; /* set fields */ new_ctype->cipher_type = new_ct; new_ctype->id = id; new_ctype->next = crypto_kernel.cipher_type_list; /* set head of list to new cipher type */ crypto_kernel.cipher_type_list = new_ctype; /* load debug module, if there is one present */ if (new_ct->debug != NULL) crypto_kernel_load_debug_module(new_ct->debug); /* we could check for errors here */ return err_status_ok; }
err_status_t crypto_kernel_init() { err_status_t status; /* initialize error reporting system */ status = err_reporting_init("crypto"); if (status) return status; /* load debug modules */ status = crypto_kernel_load_debug_module(&mod_crypto_kernel); if (status) return status; status = crypto_kernel_load_debug_module(&mod_auth); if (status) return status; status = crypto_kernel_load_debug_module(&mod_cipher); if (status) return status; status = crypto_kernel_load_debug_module(&mod_stat); if (status) return status; status = crypto_kernel_load_debug_module(&mod_alloc); if (status) return status; /* initialize random number generator */ status = rand_source_init(); if (status) return status; /* run FIPS-140 statistical tests on rand_source */ status = stat_test_rand_source(rand_source_get_octet_string); if (status) return status; /* initialize pseudorandom number generator */ status = ctr_prng_init(rand_source_get_octet_string); if (status) return status; /* run FIPS-140 statistical tests on ctr_prng */ status = stat_test_rand_source(ctr_prng_get_octet_string); if (status) return status; /* load cipher types */ status = crypto_kernel_load_cipher_type(&null_cipher, NULL_CIPHER); if (status) return status; status = crypto_kernel_load_cipher_type(&aes_icm, AES_128_ICM); if (status) return status; status = crypto_kernel_load_cipher_type(&aes_cbc, AES_128_CBC); if (status) return status; /* load auth func types */ status = crypto_kernel_load_auth_type(&null_auth, NULL_AUTH); if (status) return status; status = crypto_kernel_load_auth_type(&hmac, HMAC_SHA1); if (status) return status; /* change state to secure */ crypto_kernel.state = crypto_kernel_state_secure; return err_status_ok; }
int main (int argc, char *argv[]) { char q; unsigned do_timing_test = 0; unsigned do_rejection_test = 0; unsigned do_codec_timing = 0; unsigned do_validation = 0; unsigned do_list_mods = 0; err_status_t status; /* * verify that the compiler has interpreted the header data * structure srtp_hdr_t correctly */ if (sizeof(srtp_hdr_t) != 12) { printf("error: srtp_hdr_t has incorrect size\n"); exit(1); } /* initialize srtp library */ status = srtp_init(); if (status) { printf("error: srtp init failed with error code %d\n", status); exit(1); } /* load srtp_driver debug module */ status = crypto_kernel_load_debug_module(&mod_driver); if (status) { printf("error: load of srtp_driver debug module failed " "with error code %d\n", status); exit(1); } /* process input arguments */ while (1) { q = getopt(argc, argv, "trcvld:"); if (q == -1) break; switch (q) { case 't': do_timing_test = 1; break; case 'r': do_rejection_test = 1; break; case 'c': do_codec_timing = 1; break; case 'v': do_validation = 1; break; case 'l': do_list_mods = 1; break; case 'd': status = crypto_kernel_set_debug_module(optarg, 1); if (status) { printf("error: set debug module (%s) failed\n", optarg); exit(1); } break; default: usage(argv[0]); } } if (!do_validation && !do_timing_test && !do_codec_timing && !do_list_mods && !do_rejection_test) usage(argv[0]); if (do_list_mods) { status = crypto_kernel_list_debug_modules(); if (status) { printf("error: list of debug modules failed\n"); exit(1); } } if (do_validation) { const srtp_policy_t **policy = policy_array; srtp_policy_t *big_policy; /* loop over policy array, testing srtp and srtcp for each policy */ while (*policy != NULL) { printf("testing srtp_protect and srtp_unprotect\n"); if (srtp_test(*policy) == err_status_ok) printf("passed\n\n"); else { printf("failed\n"); exit(1); } printf("testing srtp_protect_rtcp and srtp_unprotect_rtcp\n"); if (srtcp_test(*policy) == err_status_ok) printf("passed\n\n"); else { printf("failed\n"); exit(1); } policy++; } /* create a big policy list and run tests on it */ status = srtp_create_big_policy(&big_policy); if (status) { printf("unexpected failure with error code %d\n", status); exit(1); } printf("testing srtp_protect and srtp_unprotect with big policy\n"); if (srtp_test(big_policy) == err_status_ok) printf("passed\n\n"); else { printf("failed\n"); exit(1); } /* run test on wildcard policy */ printf("testing srtp_protect and srtp_unprotect on " "wildcard ssrc policy\n"); if (srtp_test(&wildcard_policy) == err_status_ok) printf("passed\n\n"); else { printf("failed\n"); exit(1); } /* * run validation test against the reference packets - note * that this test only covers the default policy */ printf("testing srtp_protect and srtp_unprotect against " "reference packets\n"); if (srtp_validate() == err_status_ok) printf("passed\n\n"); else { printf("failed\n"); exit(1); } /* * test the function srtp_remove_stream() */ printf("testing srtp_remove_stream()..."); if (srtp_test_remove_stream() == err_status_ok) printf("passed\n"); else { printf("failed\n"); exit(1); } } if (do_timing_test) { const srtp_policy_t **policy = policy_array; /* loop over policies, run timing test for each */ while (*policy != NULL) { srtp_print_policy(*policy); srtp_do_timing(*policy); policy++; } } if (do_rejection_test) { const srtp_policy_t **policy = policy_array; /* loop over policies, run rejection timing test for each */ while (*policy != NULL) { srtp_print_policy(*policy); srtp_do_rejection_timing(*policy); policy++; } } if (do_codec_timing) { srtp_policy_t policy; int ignore; double mips = mips_estimate(1000000000, &ignore); crypto_policy_set_rtp_default(&policy.rtp); crypto_policy_set_rtcp_default(&policy.rtcp); policy.ssrc.type = ssrc_specific; policy.ssrc.value = 0xdecafbad; policy.key = test_key; policy.next = NULL; printf("mips estimate: %e\n", mips); printf("testing srtp processing time for voice codecs:\n"); printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n"); printf("G.711\t\t%d\t\t\t%e\n", 80, (double) mips * (80 * 8) / srtp_bits_per_second(80, &policy) / .01 ); printf("G.711\t\t%d\t\t\t%e\n", 160, (double) mips * (160 * 8) / srtp_bits_per_second(160, &policy) / .02); printf("G.726-32\t%d\t\t\t%e\n", 40, (double) mips * (40 * 8) / srtp_bits_per_second(40, &policy) / .01 ); printf("G.726-32\t%d\t\t\t%e\n", 80, (double) mips * (80 * 8) / srtp_bits_per_second(80, &policy) / .02); printf("G.729\t\t%d\t\t\t%e\n", 10, (double) mips * (10 * 8) / srtp_bits_per_second(10, &policy) / .01 ); printf("G.729\t\t%d\t\t\t%e\n", 20, (double) mips * (20 * 8) / srtp_bits_per_second(20, &policy) / .02 ); } return 0; }
err_status_t crypto_kernel_init() { err_status_t status; /* check the security state */ if (crypto_kernel.state == crypto_kernel_state_secure) { /* * we're already in the secure state, but we've been asked to * re-initialize, so we just re-run the self-tests and then return */ return crypto_kernel_status(); } /* initialize error reporting system */ status = err_reporting_init("crypto"); if (status) return status; /* load debug modules */ status = crypto_kernel_load_debug_module(&mod_crypto_kernel); if (status) return status; status = crypto_kernel_load_debug_module(&mod_auth); if (status) return status; status = crypto_kernel_load_debug_module(&mod_cipher); if (status) return status; status = crypto_kernel_load_debug_module(&mod_stat); if (status) return status; status = crypto_kernel_load_debug_module(&mod_alloc); if (status) return status; /* initialize random number generator */ status = rand_source_init(); if (status) return status; /* run FIPS-140 statistical tests on rand_source */ status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS); if (status) return status; /* initialize pseudorandom number generator */ status = ctr_prng_init(rand_source_get_octet_string); if (status) return status; /* run FIPS-140 statistical tests on ctr_prng */ status = stat_test_rand_source_with_repetition(ctr_prng_get_octet_string, MAX_RNG_TRIALS); if (status) return status; /* load cipher types */ status = crypto_kernel_load_cipher_type(&null_cipher, NULL_CIPHER); if (status) return status; status = crypto_kernel_load_cipher_type(&aes_icm, AES_128_ICM); if (status) return status; status = crypto_kernel_load_cipher_type(&aes_cbc_cipher, AES_128_CBC); if (status) return status; /* load auth func types */ status = crypto_kernel_load_auth_type(&null_auth, NULL_AUTH); if (status) return status; status = crypto_kernel_load_auth_type(&hmac, HMAC_SHA1); if (status) return status; /* change state to secure */ crypto_kernel.state = crypto_kernel_state_secure; return err_status_ok; }