crypto_kernel.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561
  1. /*
  2. * crypto_kernel.c
  3. *
  4. * header for the cryptographic kernel
  5. *
  6. * David A. McGrew
  7. * Cisco Systems, Inc.
  8. */
  9. /*
  10. *
  11. * Copyright(c) 2001-2017 Cisco Systems, Inc.
  12. * All rights reserved.
  13. *
  14. * Redistribution and use in source and binary forms, with or without
  15. * modification, are permitted provided that the following conditions
  16. * are met:
  17. *
  18. * Redistributions of source code must retain the above copyright
  19. * notice, this list of conditions and the following disclaimer.
  20. *
  21. * Redistributions in binary form must reproduce the above
  22. * copyright notice, this list of conditions and the following
  23. * disclaimer in the documentation and/or other materials provided
  24. * with the distribution.
  25. *
  26. * Neither the name of the Cisco Systems, Inc. nor the names of its
  27. * contributors may be used to endorse or promote products derived
  28. * from this software without specific prior written permission.
  29. *
  30. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  31. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  32. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  33. * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
  34. * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
  35. * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  36. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  37. * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  38. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  39. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  40. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  41. * OF THE POSSIBILITY OF SUCH DAMAGE.
  42. *
  43. */
  44. #ifdef HAVE_CONFIG_H
  45. #include <config.h>
  46. #endif
  47. #include "alloc.h"
  48. #include "crypto_kernel.h"
  49. #include "cipher_types.h"
  50. /* the debug module for the crypto_kernel */
  51. srtp_debug_module_t srtp_mod_crypto_kernel = {
  52. 0, /* debugging is off by default */
  53. "crypto kernel" /* printable name for module */
  54. };
  55. /* crypto_kernel is a global variable, the only one of its datatype */
  56. srtp_crypto_kernel_t crypto_kernel = {
  57. srtp_crypto_kernel_state_insecure, /* start off in insecure state */
  58. NULL, /* no cipher types yet */
  59. NULL, /* no auth types yet */
  60. NULL /* no debug modules yet */
  61. };
  62. #define MAX_RNG_TRIALS 25
  63. srtp_err_status_t srtp_crypto_kernel_init()
  64. {
  65. srtp_err_status_t status;
  66. /* check the security state */
  67. if (crypto_kernel.state == srtp_crypto_kernel_state_secure) {
  68. /*
  69. * we're already in the secure state, but we've been asked to
  70. * re-initialize, so we just re-run the self-tests and then return
  71. */
  72. return srtp_crypto_kernel_status();
  73. }
  74. /* initialize error reporting system */
  75. status = srtp_err_reporting_init();
  76. if (status) {
  77. return status;
  78. }
  79. /* load debug modules */
  80. status = srtp_crypto_kernel_load_debug_module(&srtp_mod_crypto_kernel);
  81. if (status) {
  82. return status;
  83. }
  84. status = srtp_crypto_kernel_load_debug_module(&srtp_mod_auth);
  85. if (status) {
  86. return status;
  87. }
  88. status = srtp_crypto_kernel_load_debug_module(&srtp_mod_cipher);
  89. if (status) {
  90. return status;
  91. }
  92. status = srtp_crypto_kernel_load_debug_module(&srtp_mod_stat);
  93. if (status) {
  94. return status;
  95. }
  96. status = srtp_crypto_kernel_load_debug_module(&srtp_mod_alloc);
  97. if (status) {
  98. return status;
  99. }
  100. /* load cipher types */
  101. status = srtp_crypto_kernel_load_cipher_type(&srtp_null_cipher,
  102. SRTP_NULL_CIPHER);
  103. if (status) {
  104. return status;
  105. }
  106. status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_128,
  107. SRTP_AES_ICM_128);
  108. if (status) {
  109. return status;
  110. }
  111. status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_256,
  112. SRTP_AES_ICM_256);
  113. if (status) {
  114. return status;
  115. }
  116. status = srtp_crypto_kernel_load_debug_module(&srtp_mod_aes_icm);
  117. if (status) {
  118. return status;
  119. }
  120. #ifdef GCM
  121. status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_icm_192,
  122. SRTP_AES_ICM_192);
  123. if (status) {
  124. return status;
  125. }
  126. status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_128,
  127. SRTP_AES_GCM_128);
  128. if (status) {
  129. return status;
  130. }
  131. status = srtp_crypto_kernel_load_cipher_type(&srtp_aes_gcm_256,
  132. SRTP_AES_GCM_256);
  133. if (status) {
  134. return status;
  135. }
  136. status = srtp_crypto_kernel_load_debug_module(&srtp_mod_aes_gcm);
  137. if (status) {
  138. return status;
  139. }
  140. #endif
  141. /* load auth func types */
  142. status = srtp_crypto_kernel_load_auth_type(&srtp_null_auth, SRTP_NULL_AUTH);
  143. if (status) {
  144. return status;
  145. }
  146. status = srtp_crypto_kernel_load_auth_type(&srtp_hmac, SRTP_HMAC_SHA1);
  147. if (status) {
  148. return status;
  149. }
  150. status = srtp_crypto_kernel_load_debug_module(&srtp_mod_hmac);
  151. if (status) {
  152. return status;
  153. }
  154. /* change state to secure */
  155. crypto_kernel.state = srtp_crypto_kernel_state_secure;
  156. return srtp_err_status_ok;
  157. }
  158. srtp_err_status_t srtp_crypto_kernel_status()
  159. {
  160. srtp_err_status_t status;
  161. srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
  162. srtp_kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
  163. /* for each cipher type, describe and test */
  164. while (ctype != NULL) {
  165. srtp_err_report(srtp_err_level_info, "cipher: %s\n",
  166. ctype->cipher_type->description);
  167. srtp_err_report(srtp_err_level_info, " self-test: ");
  168. status = srtp_cipher_type_self_test(ctype->cipher_type);
  169. if (status) {
  170. srtp_err_report(srtp_err_level_error, "failed with error code %d\n",
  171. status);
  172. exit(status);
  173. }
  174. srtp_err_report(srtp_err_level_info, "passed\n");
  175. ctype = ctype->next;
  176. }
  177. /* for each auth type, describe and test */
  178. while (atype != NULL) {
  179. srtp_err_report(srtp_err_level_info, "auth func: %s\n",
  180. atype->auth_type->description);
  181. srtp_err_report(srtp_err_level_info, " self-test: ");
  182. status = srtp_auth_type_self_test(atype->auth_type);
  183. if (status) {
  184. srtp_err_report(srtp_err_level_error, "failed with error code %d\n",
  185. status);
  186. exit(status);
  187. }
  188. srtp_err_report(srtp_err_level_info, "passed\n");
  189. atype = atype->next;
  190. }
  191. srtp_crypto_kernel_list_debug_modules();
  192. return srtp_err_status_ok;
  193. }
  194. srtp_err_status_t srtp_crypto_kernel_list_debug_modules()
  195. {
  196. srtp_kernel_debug_module_t *dm = crypto_kernel.debug_module_list;
  197. /* describe each debug module */
  198. srtp_err_report(srtp_err_level_info, "debug modules loaded:\n");
  199. while (dm != NULL) {
  200. srtp_err_report(srtp_err_level_info, " %s ", dm->mod->name);
  201. if (dm->mod->on) {
  202. srtp_err_report(srtp_err_level_info, "(on)\n");
  203. } else {
  204. srtp_err_report(srtp_err_level_info, "(off)\n");
  205. }
  206. dm = dm->next;
  207. }
  208. return srtp_err_status_ok;
  209. }
  210. srtp_err_status_t srtp_crypto_kernel_shutdown()
  211. {
  212. /*
  213. * free dynamic memory used in crypto_kernel at present
  214. */
  215. /* walk down cipher type list, freeing memory */
  216. while (crypto_kernel.cipher_type_list != NULL) {
  217. srtp_kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
  218. crypto_kernel.cipher_type_list = ctype->next;
  219. debug_print(srtp_mod_crypto_kernel, "freeing memory for cipher %s",
  220. ctype->cipher_type->description);
  221. srtp_crypto_free(ctype);
  222. }
  223. /* walk down authetication module list, freeing memory */
  224. while (crypto_kernel.auth_type_list != NULL) {
  225. srtp_kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
  226. crypto_kernel.auth_type_list = atype->next;
  227. debug_print(srtp_mod_crypto_kernel,
  228. "freeing memory for authentication %s",
  229. atype->auth_type->description);
  230. srtp_crypto_free(atype);
  231. }
  232. /* walk down debug module list, freeing memory */
  233. while (crypto_kernel.debug_module_list != NULL) {
  234. srtp_kernel_debug_module_t *kdm = crypto_kernel.debug_module_list;
  235. crypto_kernel.debug_module_list = kdm->next;
  236. debug_print(srtp_mod_crypto_kernel,
  237. "freeing memory for debug module %s", kdm->mod->name);
  238. srtp_crypto_free(kdm);
  239. }
  240. /* return to insecure state */
  241. crypto_kernel.state = srtp_crypto_kernel_state_insecure;
  242. return srtp_err_status_ok;
  243. }
  244. static inline srtp_err_status_t srtp_crypto_kernel_do_load_cipher_type(
  245. const srtp_cipher_type_t *new_ct,
  246. srtp_cipher_type_id_t id,
  247. int replace)
  248. {
  249. srtp_kernel_cipher_type_t *ctype, *new_ctype;
  250. srtp_err_status_t status;
  251. /* defensive coding */
  252. if (new_ct == NULL) {
  253. return srtp_err_status_bad_param;
  254. }
  255. if (new_ct->id != id) {
  256. return srtp_err_status_bad_param;
  257. }
  258. /* check cipher type by running self-test */
  259. status = srtp_cipher_type_self_test(new_ct);
  260. if (status) {
  261. return status;
  262. }
  263. /* walk down list, checking if this type is in the list already */
  264. ctype = crypto_kernel.cipher_type_list;
  265. while (ctype != NULL) {
  266. if (id == ctype->id) {
  267. if (!replace) {
  268. return srtp_err_status_bad_param;
  269. }
  270. status =
  271. srtp_cipher_type_test(new_ct, ctype->cipher_type->test_data);
  272. if (status) {
  273. return status;
  274. }
  275. new_ctype = ctype;
  276. break;
  277. } else if (new_ct == ctype->cipher_type) {
  278. return srtp_err_status_bad_param;
  279. }
  280. ctype = ctype->next;
  281. }
  282. /* if not found, put new_ct at the head of the list */
  283. if (ctype == NULL) {
  284. /* allocate memory */
  285. new_ctype = (srtp_kernel_cipher_type_t *)srtp_crypto_alloc(
  286. sizeof(srtp_kernel_cipher_type_t));
  287. if (new_ctype == NULL) {
  288. return srtp_err_status_alloc_fail;
  289. }
  290. new_ctype->next = crypto_kernel.cipher_type_list;
  291. /* set head of list to new cipher type */
  292. crypto_kernel.cipher_type_list = new_ctype;
  293. }
  294. /* set fields */
  295. new_ctype->cipher_type = new_ct;
  296. new_ctype->id = id;
  297. return srtp_err_status_ok;
  298. }
  299. srtp_err_status_t srtp_crypto_kernel_load_cipher_type(
  300. const srtp_cipher_type_t *new_ct,
  301. srtp_cipher_type_id_t id)
  302. {
  303. return srtp_crypto_kernel_do_load_cipher_type(new_ct, id, 0);
  304. }
  305. srtp_err_status_t srtp_replace_cipher_type(const srtp_cipher_type_t *new_ct,
  306. srtp_cipher_type_id_t id)
  307. {
  308. return srtp_crypto_kernel_do_load_cipher_type(new_ct, id, 1);
  309. }
  310. srtp_err_status_t srtp_crypto_kernel_do_load_auth_type(
  311. const srtp_auth_type_t *new_at,
  312. srtp_auth_type_id_t id,
  313. int replace)
  314. {
  315. srtp_kernel_auth_type_t *atype, *new_atype;
  316. srtp_err_status_t status;
  317. /* defensive coding */
  318. if (new_at == NULL) {
  319. return srtp_err_status_bad_param;
  320. }
  321. if (new_at->id != id) {
  322. return srtp_err_status_bad_param;
  323. }
  324. /* check auth type by running self-test */
  325. status = srtp_auth_type_self_test(new_at);
  326. if (status) {
  327. return status;
  328. }
  329. /* walk down list, checking if this type is in the list already */
  330. atype = crypto_kernel.auth_type_list;
  331. while (atype != NULL) {
  332. if (id == atype->id) {
  333. if (!replace) {
  334. return srtp_err_status_bad_param;
  335. }
  336. status = srtp_auth_type_test(new_at, atype->auth_type->test_data);
  337. if (status) {
  338. return status;
  339. }
  340. new_atype = atype;
  341. break;
  342. } else if (new_at == atype->auth_type) {
  343. return srtp_err_status_bad_param;
  344. }
  345. atype = atype->next;
  346. }
  347. /* if not found, put new_at at the head of the list */
  348. if (atype == NULL) {
  349. /* allocate memory */
  350. new_atype = (srtp_kernel_auth_type_t *)srtp_crypto_alloc(
  351. sizeof(srtp_kernel_auth_type_t));
  352. if (new_atype == NULL) {
  353. return srtp_err_status_alloc_fail;
  354. }
  355. new_atype->next = crypto_kernel.auth_type_list;
  356. /* set head of list to new auth type */
  357. crypto_kernel.auth_type_list = new_atype;
  358. }
  359. /* set fields */
  360. new_atype->auth_type = new_at;
  361. new_atype->id = id;
  362. return srtp_err_status_ok;
  363. }
  364. srtp_err_status_t srtp_crypto_kernel_load_auth_type(
  365. const srtp_auth_type_t *new_at,
  366. srtp_auth_type_id_t id)
  367. {
  368. return srtp_crypto_kernel_do_load_auth_type(new_at, id, 0);
  369. }
  370. srtp_err_status_t srtp_replace_auth_type(const srtp_auth_type_t *new_at,
  371. srtp_auth_type_id_t id)
  372. {
  373. return srtp_crypto_kernel_do_load_auth_type(new_at, id, 1);
  374. }
  375. const srtp_cipher_type_t *srtp_crypto_kernel_get_cipher_type(
  376. srtp_cipher_type_id_t id)
  377. {
  378. srtp_kernel_cipher_type_t *ctype;
  379. /* walk down list, looking for id */
  380. ctype = crypto_kernel.cipher_type_list;
  381. while (ctype != NULL) {
  382. if (id == ctype->id) {
  383. return ctype->cipher_type;
  384. }
  385. ctype = ctype->next;
  386. }
  387. /* haven't found the right one, indicate failure by returning NULL */
  388. return NULL;
  389. }
  390. srtp_err_status_t srtp_crypto_kernel_alloc_cipher(srtp_cipher_type_id_t id,
  391. srtp_cipher_pointer_t *cp,
  392. int key_len,
  393. int tag_len)
  394. {
  395. const srtp_cipher_type_t *ct;
  396. /*
  397. * if the crypto_kernel is not yet initialized, we refuse to allocate
  398. * any ciphers - this is a bit extra-paranoid
  399. */
  400. if (crypto_kernel.state != srtp_crypto_kernel_state_secure) {
  401. return srtp_err_status_init_fail;
  402. }
  403. ct = srtp_crypto_kernel_get_cipher_type(id);
  404. if (!ct) {
  405. return srtp_err_status_fail;
  406. }
  407. return ((ct)->alloc(cp, key_len, tag_len));
  408. }
  409. const srtp_auth_type_t *srtp_crypto_kernel_get_auth_type(srtp_auth_type_id_t id)
  410. {
  411. srtp_kernel_auth_type_t *atype;
  412. /* walk down list, looking for id */
  413. atype = crypto_kernel.auth_type_list;
  414. while (atype != NULL) {
  415. if (id == atype->id) {
  416. return atype->auth_type;
  417. }
  418. atype = atype->next;
  419. }
  420. /* haven't found the right one, indicate failure by returning NULL */
  421. return NULL;
  422. }
  423. srtp_err_status_t srtp_crypto_kernel_alloc_auth(srtp_auth_type_id_t id,
  424. srtp_auth_pointer_t *ap,
  425. int key_len,
  426. int tag_len)
  427. {
  428. const srtp_auth_type_t *at;
  429. /*
  430. * if the crypto_kernel is not yet initialized, we refuse to allocate
  431. * any auth functions - this is a bit extra-paranoid
  432. */
  433. if (crypto_kernel.state != srtp_crypto_kernel_state_secure) {
  434. return srtp_err_status_init_fail;
  435. }
  436. at = srtp_crypto_kernel_get_auth_type(id);
  437. if (!at) {
  438. return srtp_err_status_fail;
  439. }
  440. return ((at)->alloc(ap, key_len, tag_len));
  441. }
  442. srtp_err_status_t srtp_crypto_kernel_load_debug_module(
  443. srtp_debug_module_t *new_dm)
  444. {
  445. srtp_kernel_debug_module_t *kdm, *new;
  446. /* defensive coding */
  447. if (new_dm == NULL || new_dm->name == NULL) {
  448. return srtp_err_status_bad_param;
  449. }
  450. /* walk down list, checking if this type is in the list already */
  451. kdm = crypto_kernel.debug_module_list;
  452. while (kdm != NULL) {
  453. if (strncmp(new_dm->name, kdm->mod->name, 64) == 0) {
  454. return srtp_err_status_bad_param;
  455. }
  456. kdm = kdm->next;
  457. }
  458. /* put new_dm at the head of the list */
  459. /* allocate memory */
  460. new = (srtp_kernel_debug_module_t *)srtp_crypto_alloc(
  461. sizeof(srtp_kernel_debug_module_t));
  462. if (new == NULL) {
  463. return srtp_err_status_alloc_fail;
  464. }
  465. /* set fields */
  466. new->mod = new_dm;
  467. new->next = crypto_kernel.debug_module_list;
  468. /* set head of list to new cipher type */
  469. crypto_kernel.debug_module_list = new;
  470. return srtp_err_status_ok;
  471. }
  472. srtp_err_status_t srtp_crypto_kernel_set_debug_module(const char *name, int on)
  473. {
  474. srtp_kernel_debug_module_t *kdm;
  475. /* walk down list, checking if this type is in the list already */
  476. kdm = crypto_kernel.debug_module_list;
  477. while (kdm != NULL) {
  478. if (strncmp(name, kdm->mod->name, 64) == 0) {
  479. kdm->mod->on = on;
  480. return srtp_err_status_ok;
  481. }
  482. kdm = kdm->next;
  483. }
  484. return srtp_err_status_fail;
  485. }