4
* some bookkeeping functions for authentication functions
12
* Copyright (c) 2001-2006, Cisco Systems, Inc.
13
* All rights reserved.
15
* Redistribution and use in source and binary forms, with or without
16
* modification, are permitted provided that the following conditions
19
* Redistributions of source code must retain the above copyright
20
* notice, this list of conditions and the following disclaimer.
22
* Redistributions in binary form must reproduce the above
23
* copyright notice, this list of conditions and the following
24
* disclaimer in the documentation and/or other materials provided
25
* with the distribution.
27
* Neither the name of the Cisco Systems, Inc. nor the names of its
28
* contributors may be used to endorse or promote products derived
29
* from this software without specific prior written permission.
31
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
32
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
33
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
34
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
35
* COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
36
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
37
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
38
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
39
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
40
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
41
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
42
* OF THE POSSIBILITY OF SUCH DAMAGE.
48
/* the debug module for authentiation */
50
debug_module_t mod_auth = {
51
0, /* debugging is off by default */
52
"auth func" /* printable name for module */
57
auth_get_key_length(const auth_t *a) {
62
auth_get_tag_length(const auth_t *a) {
67
auth_get_prefix_length(const auth_t *a) {
72
auth_type_get_ref_count(const auth_type_t *at) {
77
* auth_type_self_test() tests an auth function of type ct against
78
* test cases provided in an array of values of key, data, and tag
79
* that is known to be good
82
/* should be big enough for most occasions */
83
#define SELF_TEST_TAG_BUF_OCTETS 32
86
auth_type_self_test(const auth_type_t *at) {
87
auth_test_case_t *test_case = at->test_data;
90
uint8_t tag[SELF_TEST_TAG_BUF_OCTETS];
93
debug_print(mod_auth, "running self-test for auth function %s",
97
* check to make sure that we have at least one test case, and
98
* return an error if we don't - we need to be paranoid here
100
if (test_case == NULL)
101
return err_status_cant_check;
103
/* loop over all test cases */
104
while (test_case != NULL) {
106
/* check test case parameters */
107
if (test_case->tag_length_octets > SELF_TEST_TAG_BUF_OCTETS)
108
return err_status_bad_param;
111
status = auth_type_alloc(at, &a, test_case->key_length_octets,
112
test_case->tag_length_octets);
116
/* initialize auth */
117
status = auth_init(a, test_case->key);
123
/* zeroize tag then compute */
124
octet_string_set_to_zero(tag, test_case->tag_length_octets);
125
status = auth_compute(a, test_case->data,
126
test_case->data_length_octets, tag);
132
debug_print(mod_auth, "key: %s",
133
octet_string_hex_string(test_case->key,
134
test_case->key_length_octets));
135
debug_print(mod_auth, "data: %s",
136
octet_string_hex_string(test_case->data,
137
test_case->data_length_octets));
138
debug_print(mod_auth, "tag computed: %s",
139
octet_string_hex_string(tag, test_case->tag_length_octets));
140
debug_print(mod_auth, "tag expected: %s",
141
octet_string_hex_string(test_case->tag,
142
test_case->tag_length_octets));
144
/* check the result */
145
status = err_status_ok;
146
for (i=0; i < test_case->tag_length_octets; i++)
147
if (tag[i] != test_case->tag[i]) {
148
status = err_status_algo_fail;
149
debug_print(mod_auth, "test case %d failed", case_num);
150
debug_print(mod_auth, " (mismatch at octet %d)", i);
154
return err_status_algo_fail;
157
/* deallocate the auth function */
158
status = auth_dealloc(a);
163
* the auth function passed the test case, so move on to the next test
164
* case in the list; if NULL, we'll quit and return an OK
166
test_case = test_case->next_test_case;
170
return err_status_ok;