提交 992debee authored 作者: Steve Underwood's avatar Steve Underwood
...@@ -29,7 +29,7 @@ The configure script accepts the following options: ...@@ -29,7 +29,7 @@ The configure script accepts the following options:
--enable-openssl use OpenSSL crypto primitives --enable-openssl use OpenSSL crypto primitives
--gdoi use GDOI key management (disabled at present) --gdoi use GDOI key management (disabled at present)
By default, debbuging is enabled and stdout is used for debugging. By default, debugging is enabled and stdout is used for debugging.
You can use the above configure options to have the debugging output You can use the above configure options to have the debugging output
sent to syslog or the system console. Alternatively, you can define sent to syslog or the system console. Alternatively, you can define
ERR_REPORTING_FILE in include/conf.h to be any other file that can be ERR_REPORTING_FILE in include/conf.h to be any other file that can be
...@@ -87,15 +87,30 @@ or rtpw -l ...@@ -87,15 +87,30 @@ or rtpw -l
which the dictionary will be sent, respectively. which the dictionary will be sent, respectively.
options: options:
-a use message authentication
-e <key size> use encryption (use 128, 192, or 256 for key size) -s (s)rtp sender - causes app to send words
-g Use AES-GCM mode (must be used with -e)
-k <key> sets the srtp master key -r (s)rtp receive - causes app to receive words
-s act as rtp sender
-r act as rtp receiver -k <key> use srtp master key <key>, where the
-l list debug modules key is a hexadecimal value (without the
-d <debug> turn on debugging for module <debug> leading "0x")
-i specify input/output file
-e <keysize> encrypt/decrypt (for data confidentiality)
(requires use of -k option as well)
(use 128, 192, or 256 for keysize)
-g use AES-GCM mode (must be used with -e)
-a message authentication
(requires use of -k option as well)
-l list debug modules
-d <debug> turn on debugging for module <debug>
-i specify input/output file
(instead of using dictionary file)
In order to get random 30-byte values for use as key/salt pairs , you In order to get random 30-byte values for use as key/salt pairs , you
can use the following bash function to format the output of can use the following bash function to format the output of
......
...@@ -40,15 +40,14 @@ endif ...@@ -40,15 +40,14 @@ endif
dummy : all runtest dummy : all runtest
# test applications # test applications
ifneq (1, $(USE_OPENSSL)) ifneq (1, $(USE_OPENSSL))
AES_CALC = test/aes_calc$(EXE) AES_CALC = test/aes_calc$(EXE)
endif endif
testapp = #test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \ testapp = test/cipher_driver$(EXE) test/datatypes_driver$(EXE) \
#test/stat_driver$(EXE) test/sha1_driver$(EXE) \ test/stat_driver$(EXE) test/sha1_driver$(EXE) \
#test/kernel_driver$(EXE) $(AES_CALC) test/rand_gen$(EXE) \ test/kernel_driver$(EXE) $(AES_CALC) test/rand_gen$(EXE) \
#test/env$(EXE) test/env$(EXE)
# data values used to test the aes_calc application for AES-128 # data values used to test the aes_calc application for AES-128
k128=000102030405060708090a0b0c0d0e0f k128=000102030405060708090a0b0c0d0e0f
......
...@@ -395,7 +395,7 @@ aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c, ...@@ -395,7 +395,7 @@ aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
for (i=0; i < (bytes_to_encr/sizeof(v128_t)); i++) { for (i=0; i < (bytes_to_encr/sizeof(v128_t)); i++) {
/* fill buffer with new keystream */ /* fill buffer with new keystream */
aes_icm_advance_ismacryp(c, (uint8_t)forIsmacryp); aes_icm_advance_ismacryp(c, forIsmacryp);
/* /*
* add keystream into the data buffer (this would be a lot faster * add keystream into the data buffer (this would be a lot faster
...@@ -443,7 +443,7 @@ aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c, ...@@ -443,7 +443,7 @@ aes_icm_encrypt_ismacryp(aes_icm_ctx_t *c,
if ((bytes_to_encr & 0xf) != 0) { if ((bytes_to_encr & 0xf) != 0) {
/* fill buffer with new keystream */ /* fill buffer with new keystream */
aes_icm_advance_ismacryp(c, (uint8_t)forIsmacryp); aes_icm_advance_ismacryp(c, forIsmacryp);
for (i=0; i < (bytes_to_encr & 0xf); i++) for (i=0; i < (bytes_to_encr & 0xf); i++)
*buf++ ^= c->keystream_buffer.v8[i]; *buf++ ^= c->keystream_buffer.v8[i];
...@@ -476,6 +476,10 @@ aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output) { ...@@ -476,6 +476,10 @@ aes_icm_output(aes_icm_ctx_t *c, uint8_t *buffer, int num_octets_to_output) {
return aes_icm_encrypt(c, buffer, &len); return aes_icm_encrypt(c, buffer, &len);
} }
uint16_t
aes_icm_bytes_encrypted(aes_icm_ctx_t *c) {
return htons(c->counter.v16[7]);
}
char char
aes_icm_description[] = "aes integer counter mode"; aes_icm_description[] = "aes integer counter mode";
......
...@@ -48,7 +48,6 @@ ...@@ -48,7 +48,6 @@
#include "null_cipher.h" #include "null_cipher.h"
#include "alloc.h" #include "alloc.h"
/* the null_cipher uses the cipher debug module */ /* the null_cipher uses the cipher debug module */
extern debug_module_t mod_cipher; extern debug_module_t mod_cipher;
......
...@@ -48,7 +48,6 @@ ...@@ -48,7 +48,6 @@
#include "null_auth.h" #include "null_auth.h"
#include "alloc.h" #include "alloc.h"
/* null_auth uses the auth debug module */ /* null_auth uses the auth debug module */
extern debug_module_t mod_auth; extern debug_module_t mod_auth;
......
...@@ -53,5 +53,8 @@ aes_icm_alloc_ismacryp(cipher_t **c, ...@@ -53,5 +53,8 @@ aes_icm_alloc_ismacryp(cipher_t **c,
int key_len, int key_len,
int forIsmacryp); int forIsmacryp);
uint16_t
aes_icm_bytes_encrypted(aes_icm_ctx_t *c);
#endif /* AES_ICM_H */ #endif /* AES_ICM_H */
...@@ -47,6 +47,7 @@ ...@@ -47,6 +47,7 @@
#include "ut_sim.h" #include "ut_sim.h"
int int
ut_compar(const void *a, const void *b) { ut_compar(const void *a, const void *b) {
return rand() > (RAND_MAX/2) ? -1 : 1; return rand() > (RAND_MAX/2) ? -1 : 1;
......
...@@ -83,10 +83,8 @@ ctr_prng_get_octet_string(void *dest, uint32_t len) { ...@@ -83,10 +83,8 @@ ctr_prng_get_octet_string(void *dest, uint32_t len) {
/* /*
* if we need to re-initialize the prng, do so now * if we need to re-initialize the prng, do so now
*
* avoid 32-bit overflows by subtracting instead of adding
*/ */
if (ctr_prng.octet_count > MAX_PRNG_OUT_LEN - len) { if ((aes_icm_bytes_encrypted(&ctr_prng.state) + len) > 0xffff) {
status = ctr_prng_init(ctr_prng.rand); status = ctr_prng_init(ctr_prng.rand);
if (status) if (status)
return status; return status;
......
...@@ -36,7 +36,7 @@ main (int argc, char *argv[]) { ...@@ -36,7 +36,7 @@ main (int argc, char *argv[]) {
uint8_t key[AES_MAX_KEY_LEN]; uint8_t key[AES_MAX_KEY_LEN];
aes_expanded_key_t exp_key; aes_expanded_key_t exp_key;
int key_len, len; int key_len, len;
int verbose; int verbose = 0;
err_status_t status; err_status_t status;
if (argc == 3) { if (argc == 3) {
......
/*
* Soak test the RNG for exhaustion failures
*/
#include <stdio.h> /* for printf() */
#include <unistd.h> /* for getopt() */
#include "crypto_kernel.h"
#define BUF_LEN (MAX_PRINT_STRING_LEN/2)
int main(int argc, char *argv[])
{
int q;
extern char *optarg;
int num_octets = 0;
err_status_t status;
uint32_t iterations = 0;
int print_values = 0;
if (argc == 1) {
exit(255);
}
status = crypto_kernel_init();
if (status) {
printf("error: crypto_kernel init failed\n");
exit(1);
}
while (1) {
q = getopt(argc, argv, "pvn:");
if (q == -1) {
break;
}
switch (q) {
case 'p':
print_values = 1;
break;
case 'n':
num_octets = atoi(optarg);
if (num_octets < 0 || num_octets > BUF_LEN) {
exit(255);
}
break;
case 'v':
num_octets = 30;
print_values = 0;
break;
default:
exit(255);
}
}
if (num_octets > 0) {
while (iterations < 300000) {
uint8_t buffer[BUF_LEN];
status = crypto_get_random(buffer, num_octets);
if (status) {
printf("iteration %d error: failure in random source\n", iterations);
exit(255);
} else if (print_values) {
printf("%s\n", octet_string_hex_string(buffer, num_octets));
}
iterations++;
}
}
status = crypto_kernel_shutdown();
if (status) {
printf("error: crypto_kernel shutdown failed\n");
exit(1);
}
return 0;
}
...@@ -47,7 +47,6 @@ ...@@ -47,7 +47,6 @@
#include "srtp_priv.h" #include "srtp_priv.h"
#include "ekt.h" #include "ekt.h"
extern debug_module_t mod_srtp; extern debug_module_t mod_srtp;
/* /*
......
差异被折叠。
File mode changed from 100644 to 100755
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论