1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/netwerk/srtp/src/crypto/hash/auth.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,183 @@
1.4 +/*
1.5 + * auth.c
1.6 + *
1.7 + * some bookkeeping functions for authentication functions
1.8 + *
1.9 + * David A. McGrew
1.10 + * Cisco Systems, Inc.
1.11 + */
1.12 +
1.13 +/*
1.14 + *
1.15 + * Copyright (c) 2001-2006, Cisco Systems, Inc.
1.16 + * All rights reserved.
1.17 + *
1.18 + * Redistribution and use in source and binary forms, with or without
1.19 + * modification, are permitted provided that the following conditions
1.20 + * are met:
1.21 + *
1.22 + * Redistributions of source code must retain the above copyright
1.23 + * notice, this list of conditions and the following disclaimer.
1.24 + *
1.25 + * Redistributions in binary form must reproduce the above
1.26 + * copyright notice, this list of conditions and the following
1.27 + * disclaimer in the documentation and/or other materials provided
1.28 + * with the distribution.
1.29 + *
1.30 + * Neither the name of the Cisco Systems, Inc. nor the names of its
1.31 + * contributors may be used to endorse or promote products derived
1.32 + * from this software without specific prior written permission.
1.33 + *
1.34 + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
1.35 + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
1.36 + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
1.37 + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
1.38 + * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
1.39 + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
1.40 + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
1.41 + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.42 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.43 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.44 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.45 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.46 + *
1.47 + */
1.48 +
1.49 +#include "auth.h"
1.50 +
1.51 +/* the debug module for authentiation */
1.52 +
1.53 +debug_module_t mod_auth = {
1.54 + 0, /* debugging is off by default */
1.55 + "auth func" /* printable name for module */
1.56 +};
1.57 +
1.58 +
1.59 +int
1.60 +auth_get_key_length(const auth_t *a) {
1.61 + return a->key_len;
1.62 +}
1.63 +
1.64 +int
1.65 +auth_get_tag_length(const auth_t *a) {
1.66 + return a->out_len;
1.67 +}
1.68 +
1.69 +int
1.70 +auth_get_prefix_length(const auth_t *a) {
1.71 + return a->prefix_len;
1.72 +}
1.73 +
1.74 +int
1.75 +auth_type_get_ref_count(const auth_type_t *at) {
1.76 + return at->ref_count;
1.77 +}
1.78 +
1.79 +/*
1.80 + * auth_type_test() tests an auth function of type ct against
1.81 + * test cases provided in a list test_data of values of key, data, and tag
1.82 + * that is known to be good
1.83 + */
1.84 +
1.85 +/* should be big enough for most occasions */
1.86 +#define SELF_TEST_TAG_BUF_OCTETS 32
1.87 +
1.88 +err_status_t
1.89 +auth_type_test(const auth_type_t *at, const auth_test_case_t *test_data) {
1.90 + const auth_test_case_t *test_case = test_data;
1.91 + auth_t *a;
1.92 + err_status_t status;
1.93 + uint8_t tag[SELF_TEST_TAG_BUF_OCTETS];
1.94 + int i, case_num = 0;
1.95 +
1.96 + debug_print(mod_auth, "running self-test for auth function %s",
1.97 + at->description);
1.98 +
1.99 + /*
1.100 + * check to make sure that we have at least one test case, and
1.101 + * return an error if we don't - we need to be paranoid here
1.102 + */
1.103 + if (test_case == NULL)
1.104 + return err_status_cant_check;
1.105 +
1.106 + /* loop over all test cases */
1.107 + while (test_case != NULL) {
1.108 +
1.109 + /* check test case parameters */
1.110 + if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS)
1.111 + return err_status_bad_param;
1.112 +
1.113 + /* allocate auth */
1.114 + status = auth_type_alloc(at, &a, test_case->key_length_octets,
1.115 + test_case->tag_length_octets);
1.116 + if (status)
1.117 + return status;
1.118 +
1.119 + /* initialize auth */
1.120 + status = auth_init(a, test_case->key);
1.121 + if (status) {
1.122 + auth_dealloc(a);
1.123 + return status;
1.124 + }
1.125 +
1.126 + /* zeroize tag then compute */
1.127 + octet_string_set_to_zero(tag, test_case->tag_length_octets);
1.128 + status = auth_compute(a, test_case->data,
1.129 + test_case->data_length_octets, tag);
1.130 + if (status) {
1.131 + auth_dealloc(a);
1.132 + return status;
1.133 + }
1.134 +
1.135 + debug_print(mod_auth, "key: %s",
1.136 + octet_string_hex_string(test_case->key,
1.137 + test_case->key_length_octets));
1.138 + debug_print(mod_auth, "data: %s",
1.139 + octet_string_hex_string(test_case->data,
1.140 + test_case->data_length_octets));
1.141 + debug_print(mod_auth, "tag computed: %s",
1.142 + octet_string_hex_string(tag, test_case->tag_length_octets));
1.143 + debug_print(mod_auth, "tag expected: %s",
1.144 + octet_string_hex_string(test_case->tag,
1.145 + test_case->tag_length_octets));
1.146 +
1.147 + /* check the result */
1.148 + status = err_status_ok;
1.149 + for (i=0; i < test_case->tag_length_octets; i++)
1.150 + if (tag[i] != test_case->tag[i]) {
1.151 + status = err_status_algo_fail;
1.152 + debug_print(mod_auth, "test case %d failed", case_num);
1.153 + debug_print(mod_auth, " (mismatch at octet %d)", i);
1.154 + }
1.155 + if (status) {
1.156 + auth_dealloc(a);
1.157 + return err_status_algo_fail;
1.158 + }
1.159 +
1.160 + /* deallocate the auth function */
1.161 + status = auth_dealloc(a);
1.162 + if (status)
1.163 + return status;
1.164 +
1.165 + /*
1.166 + * the auth function passed the test case, so move on to the next test
1.167 + * case in the list; if NULL, we'll quit and return an OK
1.168 + */
1.169 + test_case = test_case->next_test_case;
1.170 + ++case_num;
1.171 + }
1.172 +
1.173 + return err_status_ok;
1.174 +}
1.175 +
1.176 +
1.177 +/*
1.178 + * auth_type_self_test(at) performs auth_type_test on at's internal
1.179 + * list of test data.
1.180 + */
1.181 +
1.182 +err_status_t
1.183 +auth_type_self_test(const auth_type_t *at) {
1.184 + return auth_type_test(at, at->test_data);
1.185 +}
1.186 +
