static inline err_status_t crypto_kernel_do_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id, int replace) { kernel_cipher_type_t *ctype, *new_ctype; err_status_t status; /* defensive coding */ if (new_ct == NULL) return err_status_bad_param; if (new_ct->id != id) return err_status_bad_param; /* check cipher type by running self-test */ status = cipher_type_self_test(new_ct); if (status) { return status; } /* walk down list, checking if this type is in the list already */ ctype = crypto_kernel.cipher_type_list; while (ctype != NULL) { if (id == ctype->id) { if (!replace) return err_status_bad_param; status = cipher_type_test(new_ct, ctype->cipher_type->test_data); if (status) return status; new_ctype = ctype; break; } else if (new_ct == ctype->cipher_type) return err_status_bad_param; ctype = ctype->next; } /* if not found, put new_ct at the head of the list */ if (ctype == NULL) { /* allocate memory */ new_ctype = (kernel_cipher_type_t *) crypto_alloc(sizeof(kernel_cipher_type_t)); if (new_ctype == NULL) return err_status_alloc_fail; new_ctype->next = crypto_kernel.cipher_type_list; /* set head of list to new cipher type */ crypto_kernel.cipher_type_list = new_ctype; } /* set fields */ new_ctype->cipher_type = new_ct; new_ctype->id = id; /* load debug module, if there is one present */ if (new_ct->debug != NULL) crypto_kernel_load_debug_module(new_ct->debug); /* we could check for errors here */ return err_status_ok; }
err_status_t crypto_kernel_status() { err_status_t status; kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; kernel_auth_type_t *atype = crypto_kernel.auth_type_list; kernel_debug_module_t *dm = crypto_kernel.debug_module_list; /* run FIPS-140 statistical tests on rand_source */ printf("testing rand_source..."); status = stat_test_rand_source(rand_source_get_octet_string); if (status) { printf("failed\n"); crypto_kernel.state = crypto_kernel_state_insecure; return status; } printf("passed\n"); /* for each cipher type, describe and test */ while(ctype != NULL) { printf("cipher: %s\n", ctype->cipher_type->description); printf(" instance count: %d\n", ctype->cipher_type->ref_count); printf(" self-test: "); status = cipher_type_self_test(ctype->cipher_type); if (status) { printf("failed with error code %d\n", status); exit(status); } printf("passed\n"); ctype = ctype->next; } /* for each auth type, describe and test */ while(atype != NULL) { printf("auth func: %s\n", atype->auth_type->description); printf(" instance count: %d\n", atype->auth_type->ref_count); printf(" self-test: "); status = auth_type_self_test(atype->auth_type); if (status) { printf("failed with error code %d\n", status); exit(status); } printf("passed\n"); atype = atype->next; } /* describe each debug module */ printf("debug modules loaded:\n"); while (dm != NULL) { printf(" %s ", dm->mod->name); if (dm->mod->on) printf("(on)\n"); else printf("(off)\n"); dm = dm->next; } return err_status_ok; }
err_status_t cipher_driver_self_test(cipher_type_t *ct) { err_status_t status; printf("running cipher self-test for %s...", ct->description); status = cipher_type_self_test(ct); if (status) { printf("failed with error code %d\n", status); exit(status); } printf("passed\n"); return err_status_ok; }