OLD | NEW |
| (Empty) |
1 /* | |
2 * auth.c | |
3 * | |
4 * some bookkeeping functions for authentication functions | |
5 * | |
6 * David A. McGrew | |
7 * Cisco Systems, Inc. | |
8 */ | |
9 | |
10 /* | |
11 * | |
12 * Copyright (c) 2001-2006, Cisco Systems, Inc. | |
13 * All rights reserved. | |
14 * | |
15 * Redistribution and use in source and binary forms, with or without | |
16 * modification, are permitted provided that the following conditions | |
17 * are met: | |
18 * | |
19 * Redistributions of source code must retain the above copyright | |
20 * notice, this list of conditions and the following disclaimer. | |
21 * | |
22 * Redistributions in binary form must reproduce the above | |
23 * copyright notice, this list of conditions and the following | |
24 * disclaimer in the documentation and/or other materials provided | |
25 * with the distribution. | |
26 * | |
27 * Neither the name of the Cisco Systems, Inc. nor the names of its | |
28 * contributors may be used to endorse or promote products derived | |
29 * from this software without specific prior written permission. | |
30 * | |
31 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
32 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
33 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS | |
34 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE | |
35 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | |
36 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES | |
37 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
38 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
39 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
40 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
41 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
42 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
43 * | |
44 */ | |
45 | |
46 #ifdef HAVE_CONFIG_H | |
47 #include <config.h> | |
48 #endif | |
49 | |
50 #include "auth.h" | |
51 | |
52 /* the debug module for authentiation */ | |
53 | |
54 debug_module_t mod_auth = { | |
55 0, /* debugging is off by default */ | |
56 "auth func" /* printable name for module */ | |
57 }; | |
58 | |
59 | |
60 int | |
61 auth_get_key_length(const auth_t *a) { | |
62 return a->key_len; | |
63 } | |
64 | |
65 int | |
66 auth_get_tag_length(const auth_t *a) { | |
67 return a->out_len; | |
68 } | |
69 | |
70 int | |
71 auth_get_prefix_length(const auth_t *a) { | |
72 return a->prefix_len; | |
73 } | |
74 | |
75 int | |
76 auth_type_get_ref_count(const auth_type_t *at) { | |
77 return at->ref_count; | |
78 } | |
79 | |
80 /* | |
81 * auth_type_test() tests an auth function of type ct against | |
82 * test cases provided in a list test_data of values of key, data, and tag | |
83 * that is known to be good | |
84 */ | |
85 | |
86 /* should be big enough for most occasions */ | |
87 #define SELF_TEST_TAG_BUF_OCTETS 32 | |
88 | |
89 err_status_t | |
90 auth_type_test(const auth_type_t *at, const auth_test_case_t *test_data) { | |
91 const auth_test_case_t *test_case = test_data; | |
92 auth_t *a; | |
93 err_status_t status; | |
94 uint8_t tag[SELF_TEST_TAG_BUF_OCTETS]; | |
95 int i, case_num = 0; | |
96 | |
97 debug_print(mod_auth, "running self-test for auth function %s", | |
98 at->description); | |
99 | |
100 /* | |
101 * check to make sure that we have at least one test case, and | |
102 * return an error if we don't - we need to be paranoid here | |
103 */ | |
104 if (test_case == NULL) | |
105 return err_status_cant_check; | |
106 | |
107 /* loop over all test cases */ | |
108 while (test_case != NULL) { | |
109 | |
110 /* check test case parameters */ | |
111 if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS) | |
112 return err_status_bad_param; | |
113 | |
114 /* allocate auth */ | |
115 status = auth_type_alloc(at, &a, test_case->key_length_octets, | |
116 test_case->tag_length_octets); | |
117 if (status) | |
118 return status; | |
119 | |
120 /* initialize auth */ | |
121 status = auth_init(a, test_case->key); | |
122 if (status) { | |
123 auth_dealloc(a); | |
124 return status; | |
125 } | |
126 | |
127 /* zeroize tag then compute */ | |
128 octet_string_set_to_zero(tag, test_case->tag_length_octets); | |
129 status = auth_compute(a, test_case->data, | |
130 test_case->data_length_octets, tag); | |
131 if (status) { | |
132 auth_dealloc(a); | |
133 return status; | |
134 } | |
135 | |
136 debug_print(mod_auth, "key: %s", | |
137 octet_string_hex_string(test_case->key, | |
138 test_case->key_length_octets)); | |
139 debug_print(mod_auth, "data: %s", | |
140 octet_string_hex_string(test_case->data, | |
141 test_case->data_length_octets)); | |
142 debug_print(mod_auth, "tag computed: %s", | |
143 octet_string_hex_string(tag, test_case->tag_length_octets)); | |
144 debug_print(mod_auth, "tag expected: %s", | |
145 octet_string_hex_string(test_case->tag, | |
146 test_case->tag_length_octets)); | |
147 | |
148 /* check the result */ | |
149 status = err_status_ok; | |
150 for (i=0; i < test_case->tag_length_octets; i++) | |
151 if (tag[i] != test_case->tag[i]) { | |
152 status = err_status_algo_fail; | |
153 debug_print(mod_auth, "test case %d failed", case_num); | |
154 debug_print(mod_auth, " (mismatch at octet %d)", i); | |
155 } | |
156 if (status) { | |
157 auth_dealloc(a); | |
158 return err_status_algo_fail; | |
159 } | |
160 | |
161 /* deallocate the auth function */ | |
162 status = auth_dealloc(a); | |
163 if (status) | |
164 return status; | |
165 | |
166 /* | |
167 * the auth function passed the test case, so move on to the next test | |
168 * case in the list; if NULL, we'll quit and return an OK | |
169 */ | |
170 test_case = test_case->next_test_case; | |
171 ++case_num; | |
172 } | |
173 | |
174 return err_status_ok; | |
175 } | |
176 | |
177 | |
178 /* | |
179 * auth_type_self_test(at) performs auth_type_test on at's internal | |
180 * list of test data. | |
181 */ | |
182 | |
183 err_status_t | |
184 auth_type_self_test(const auth_type_t *at) { | |
185 return auth_type_test(at, at->test_data); | |
186 } | |
187 | |
OLD | NEW |