static void mac_bench(int algo, int size)
{
void *_key;
int blocksize = gnutls_hmac_get_len(algo);
int step = size * 1024;
struct benchmark_st st;
_key = malloc(blocksize);
if (_key == NULL)
return;
memset(_key, 0xf0, blocksize);
printf("%16s ", gnutls_mac_get_name(algo));
fflush(stdout);
start_benchmark(&st);
do {
gnutls_hmac_fast(algo, _key, blocksize, data, step, _key);
st.size += step;
}
while (benchmark_must_finish == 0);
stop_benchmark(&st, NULL, 1);
free(_key);
}
static void
mac_bench (int algo, int size)
{
void *_key;
struct timespec start, stop;
double secs;
double data_size = 0;
double ddata, dspeed;
int blocksize = gnutls_hmac_get_len (algo);
char metric[16];
_key = malloc (blocksize);
if (_key == NULL)
return;
memset (_key, 0xf0, blocksize);
printf ("Checking %s (%dkb payload)... ", gnutls_mac_get_name (algo), size);
fflush (stdout);
must_finish = 0;
alarm (5);
gettime (&start);
do
{
gnutls_hmac_fast (algo, _key, blocksize, data, size * 1024, _key);
data_size += size * 1024;
}
while (must_finish == 0);
gettime (&stop);
secs =
(stop.tv_sec * 1000 + stop.tv_nsec / (1000 * 1000) -
(start.tv_sec * 1000 + start.tv_nsec / (1000 * 1000)));
secs /= 1000;
value2human (data_size, secs, &ddata, &dspeed, metric);
printf ("Hashed %.2f %s in %.2f secs: ", ddata, metric, secs);
printf ("%.2f %s/sec\n", dspeed, metric);
free (_key);
}
static void mac_bench(int algo, int size)
{
void *_key;
int blocksize = gnutls_hmac_get_len(algo);
int step = size * 1024;
struct benchmark_st st;
void *input;
unsigned char c, *i;
ALLOCM(input, MAX_MEM);
i = input;
_key = malloc(blocksize);
if (_key == NULL)
return;
memset(_key, 0xf0, blocksize);
printf("%16s ", gnutls_mac_get_name(algo));
fflush(stdout);
assert(gnutls_rnd(GNUTLS_RND_NONCE, &c, 1) >= 0);
start_benchmark(&st);
do {
gnutls_hmac_fast(algo, _key, blocksize, i, step, _key);
st.size += step;
INC(input, i, step);
}
while (benchmark_must_finish == 0);
stop_benchmark(&st, NULL, 1);
FREE(input);
free(_key);
}
void
doit (void)
{
unsigned char digest[20];
int err;
/* XXX: We need this to fix secure memory. */
global_init ();
gnutls_global_set_log_function (tls_log_func);
if (debug)
gnutls_global_set_log_level (4711);
err =
gnutls_hmac_fast (GNUTLS_MAC_MD5, "keykeykey", 9, "abcdefgh", 8, digest);
if (err < 0)
fail ("gnutls_hmac_fast(MD5) failed: %d\n", err);
else
{
if (memcmp (digest, "\x3c\xb0\x9d\x83\x28\x01\xef\xc0"
"\x7b\xb3\xaf\x42\x69\xe5\x93\x9a", 16) == 0)
{
if (debug)
success ("gnutls_hmac_fast(MD5) OK\n");
}
else
{
hexprint (digest, 16);
fail ("gnutls_hmac_fast(MD5) failure\n");
}
}
err =
gnutls_hmac_fast (GNUTLS_MAC_SHA1, "keykeykey", 9, "abcdefgh", 8,
digest);
if (err < 0)
fail ("gnutls_hmac_fast(SHA1) failed: %d\n", err);
else
{
if (memcmp (digest, "\x58\x93\x7a\x58\xfe\xea\x82\xf8"
"\x0e\x64\x62\x01\x40\x2b\x2c\xed\x5d\x54\xc1\xfa",
20) == 0)
{
if (debug)
success ("gnutls_hmac_fast(SHA1) OK\n");
}
else
{
hexprint (digest, 20);
fail ("gnutls_hmac_fast(SHA1) failure\n");
}
}
err = _gnutls_pbkdf2_sha1 ("password", 8, (unsigned char*)"salt", 4, 4711, digest, 16);
if (err < 0)
fail ("_gnutls_pkcs5_pbkdf2_sha1() failed: %d\n", err);
else
{
if (memcmp (digest, "\x09\xb7\x85\x57\xdd\xf6\x07\x15"
"\x1c\x52\x34\xde\xba\x5c\xdc\x59", 16) == 0)
{
if (debug)
success ("_gnutls_pkcs5_pbkdf2_sha1() OK\n");
}
else
{
hexprint (digest, 16);
fail ("_gnutls_pkcs5_pbkdf2_sha1() failure\n");
}
}
gnutls_global_deinit ();
}
/* Run an HMAC using the key above on the library binary data.
* Returns true on success and false on error.
*/
static unsigned check_binary_integrity(const char* libname, const char* symbol)
{
int ret;
unsigned prev;
char mac_file[GNUTLS_PATH_MAX];
char file[GNUTLS_PATH_MAX];
uint8_t hmac[HMAC_SIZE];
uint8_t new_hmac[HMAC_SIZE];
size_t hmac_size;
gnutls_datum_t data;
ret = get_library_path(libname, symbol, file, sizeof(file));
if (ret < 0) {
_gnutls_debug_log("Could not get path for library %s\n", libname);
return 0;
}
_gnutls_debug_log("Loading: %s\n", file);
ret = gnutls_load_file(file, &data);
if (ret < 0) {
_gnutls_debug_log("Could not load: %s\n", file);
return gnutls_assert_val(0);
}
prev = _gnutls_get_lib_state();
_gnutls_switch_lib_state(LIB_STATE_OPERATIONAL);
ret = gnutls_hmac_fast(HMAC_ALGO, FIPS_KEY, sizeof(FIPS_KEY)-1,
data.data, data.size, new_hmac);
_gnutls_switch_lib_state(prev);
gnutls_free(data.data);
if (ret < 0)
return gnutls_assert_val(0);
/* now open the .hmac file and compare */
get_hmac_file(mac_file, sizeof(mac_file), file);
ret = gnutls_load_file(mac_file, &data);
if (ret < 0) {
get_hmac_file2(mac_file, sizeof(mac_file), file);
ret = gnutls_load_file(mac_file, &data);
if (ret < 0) {
_gnutls_debug_log("Could not open %s for MAC testing: %s\n", mac_file, gnutls_strerror(ret));
return gnutls_assert_val(0);
}
}
hmac_size = hex_data_size(data.size);
ret = gnutls_hex_decode(&data, hmac, &hmac_size);
gnutls_free(data.data);
if (ret < 0) {
_gnutls_debug_log("Could not convert hex data to binary for MAC testing for %s.\n", libname);
return gnutls_assert_val(0);
}
if (hmac_size != sizeof(hmac) ||
memcmp(hmac, new_hmac, sizeof(hmac)) != 0) {
_gnutls_debug_log("Calculated MAC for %s does not match\n", libname);
return gnutls_assert_val(0);
}
_gnutls_debug_log("Successfully verified MAC for %s (%s)\n", mac_file, libname);
return 1;
}
