err_status_t crypto_kernel_do_load_auth_type(auth_type_t *new_at, auth_type_id_t id, int replace) { kernel_auth_type_t *atype, *new_atype; err_status_t status; /* defensive coding */ if (new_at == NULL) return err_status_bad_param; if (new_at->id != id) return err_status_bad_param; /* check auth type by running self-test */ status = auth_type_self_test(new_at); if (status) { return status; } /* walk down list, checking if this type is in the list already */ atype = crypto_kernel.auth_type_list; while (atype != NULL) { if (id == atype->id) { if (!replace) return err_status_bad_param; status = auth_type_test(new_at, atype->auth_type->test_data); if (status) return status; new_atype = atype; break; } else if (new_at == atype->auth_type) return err_status_bad_param; atype = atype->next; } /* if not found, put new_at at the head of the list */ if (atype == NULL) { /* allocate memory */ new_atype = (kernel_auth_type_t *)crypto_alloc(sizeof(kernel_auth_type_t)); if (new_atype == NULL) return err_status_alloc_fail; new_atype->next = crypto_kernel.auth_type_list; /* set head of list to new auth type */ crypto_kernel.auth_type_list = new_atype; } /* set fields */ new_atype->auth_type = new_at; new_atype->id = id; /* load debug module, if there is one present */ if (new_at->debug != NULL) crypto_kernel_load_debug_module(new_at->debug); /* we could check for errors here */ return err_status_ok; }
err_status_t crypto_kernel_status() { err_status_t status; kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; kernel_auth_type_t *atype = crypto_kernel.auth_type_list; kernel_debug_module_t *dm = crypto_kernel.debug_module_list; /* run FIPS-140 statistical tests on rand_source */ printf("testing rand_source..."); status = stat_test_rand_source(rand_source_get_octet_string); if (status) { printf("failed\n"); crypto_kernel.state = crypto_kernel_state_insecure; return status; } printf("passed\n"); /* for each cipher type, describe and test */ while(ctype != NULL) { printf("cipher: %s\n", ctype->cipher_type->description); printf(" instance count: %d\n", ctype->cipher_type->ref_count); printf(" self-test: "); status = cipher_type_self_test(ctype->cipher_type); if (status) { printf("failed with error code %d\n", status); exit(status); } printf("passed\n"); ctype = ctype->next; } /* for each auth type, describe and test */ while(atype != NULL) { printf("auth func: %s\n", atype->auth_type->description); printf(" instance count: %d\n", atype->auth_type->ref_count); printf(" self-test: "); status = auth_type_self_test(atype->auth_type); if (status) { printf("failed with error code %d\n", status); exit(status); } printf("passed\n"); atype = atype->next; } /* describe each debug module */ printf("debug modules loaded:\n"); while (dm != NULL) { printf(" %s ", dm->mod->name); if (dm->mod->on) printf("(on)\n"); else printf("(off)\n"); dm = dm->next; } return err_status_ok; }
int main (int argc, char *argv[]) { auth_t *a = NULL; err_status_t status; int i; int c; unsigned do_timing_test = 0; unsigned do_validation = 0; /* process input arguments */ while (1) { c = getopt(argc, argv, "tv"); if (c == -1) break; switch (c) { case 't': do_timing_test = 1; break; case 'v': do_validation = 1; break; default: usage(argv[0]); } } printf("auth driver\nDavid A. McGrew\nCisco Systems, Inc.\n"); if (!do_validation && !do_timing_test) usage(argv[0]); if (do_validation) { printf("running self-test for %s...", tmmhv2.description); status = tmmhv2_add_big_test(); if (status) { printf("tmmhv2_add_big_test failed with error code %d\n", status); exit(status); } status = auth_type_self_test(&tmmhv2); if (status) { printf("failed with error code %d\n", status); exit(status); } printf("passed\n"); } if (do_timing_test) { /* tmmhv2 timing test */ status = auth_type_alloc(&tmmhv2, &a, 94, 4); if (status) { fprintf(stderr, "can't allocate tmmhv2\n"); exit(status); } status = auth_init(a, (uint8_t *)key1); if (status) { printf("error initializaing auth function\n"); exit(status); } printf("timing %s (tag length %d)\n", tmmhv2.description, auth_get_tag_length(a)); for (i=8; i <= MAX_MSG_LEN; i *= 2) printf("msg len: %d\tgigabits per second: %f\n", i, auth_bits_per_second(a, i) / 1E9); status = auth_dealloc(a); if (status) { printf("error deallocating auth function\n"); exit(status); } } return 0; }