1 /*
2  * crypto_kernel.c
3  *
4  * header for the cryptographic kernel
5  *
6  * David A. McGrew
7  * Cisco Systems, Inc.
8  */
9 /*
10  *
11  * Copyright(c) 2001-2006 Cisco Systems, Inc.
12  * All rights reserved.
13  *
14  * Redistribution and use in source and binary forms, with or without
15  * modification, are permitted provided that the following conditions
16  * are met:
17  *
18  *   Redistributions of source code must retain the above copyright
19  *   notice, this list of conditions and the following disclaimer.
20  *
21  *   Redistributions in binary form must reproduce the above
22  *   copyright notice, this list of conditions and the following
23  *   disclaimer in the documentation and/or other materials provided
24  *   with the distribution.
25  *
26  *   Neither the name of the Cisco Systems, Inc. nor the names of its
27  *   contributors may be used to endorse or promote products derived
28  *   from this software without specific prior written permission.
29  *
30  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
31  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
32  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
33  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
34  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
35  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
36  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
37  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
41  * OF THE POSSIBILITY OF SUCH DAMAGE.
42  *
43  */
44 
45 
46 #include "alloc.h"
47 
48 #include "crypto_kernel.h"
49 
50 /* the debug module for the crypto_kernel */
51 
52 debug_module_t mod_crypto_kernel = {
53   0,                  /* debugging is off by default */
54   "crypto kernel"     /* printable name for module   */
55 };
56 
57 /*
58  * other debug modules that can be included in the kernel
59  */
60 
61 extern debug_module_t mod_auth;
62 extern debug_module_t mod_cipher;
63 extern debug_module_t mod_stat;
64 extern debug_module_t mod_alloc;
65 
66 /*
67  * cipher types that can be included in the kernel
68  */
69 
70 extern cipher_type_t null_cipher;
71 extern cipher_type_t aes_icm;
72 extern cipher_type_t aes_cbc;
73 
74 
75 /*
76  * auth func types that can be included in the kernel
77  */
78 
79 extern auth_type_t null_auth;
80 extern auth_type_t hmac;
81 
82 /* crypto_kernel is a global variable, the only one of its datatype */
83 
84 crypto_kernel_t
85 crypto_kernel = {
86   crypto_kernel_state_insecure,    /* start off in insecure state */
87   NULL,                            /* no cipher types yet         */
88   NULL,                            /* no auth types yet           */
89   NULL                             /* no debug modules yet        */
90 };
91 
92 #define MAX_RNG_TRIALS 25
93 
94 err_status_t
crypto_kernel_init()95 crypto_kernel_init() {
96   err_status_t status;
97 
98   /* check the security state */
99   if (crypto_kernel.state == crypto_kernel_state_secure) {
100 
101     /*
102      * we're already in the secure state, but we've been asked to
103      * re-initialize, so we just re-run the self-tests and then return
104      */
105     return crypto_kernel_status();
106   }
107 
108   /* initialize error reporting system */
109   status = err_reporting_init("crypto");
110   if (status)
111     return status;
112 
113   /* load debug modules */
114   status = crypto_kernel_load_debug_module(&mod_crypto_kernel);
115   if (status)
116     return status;
117   status = crypto_kernel_load_debug_module(&mod_auth);
118   if (status)
119     return status;
120   status = crypto_kernel_load_debug_module(&mod_cipher);
121   if (status)
122     return status;
123   status = crypto_kernel_load_debug_module(&mod_stat);
124   if (status)
125     return status;
126   status = crypto_kernel_load_debug_module(&mod_alloc);
127   if (status)
128     return status;
129 
130   /* initialize random number generator */
131   status = rand_source_init();
132   if (status)
133     return status;
134 
135   /* run FIPS-140 statistical tests on rand_source */
136   status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS);
137   if (status)
138     return status;
139 
140   /* initialize pseudorandom number generator */
141   status = ctr_prng_init(rand_source_get_octet_string);
142   if (status)
143     return status;
144 
145   /* run FIPS-140 statistical tests on ctr_prng */
146   status = stat_test_rand_source_with_repetition(ctr_prng_get_octet_string, MAX_RNG_TRIALS);
147   if (status)
148     return status;
149 
150   /* load cipher types */
151   status = crypto_kernel_load_cipher_type(&null_cipher, NULL_CIPHER);
152   if (status)
153     return status;
154   status = crypto_kernel_load_cipher_type(&aes_icm, AES_128_ICM);
155   if (status)
156     return status;
157   status = crypto_kernel_load_cipher_type(&aes_cbc, AES_128_CBC);
158   if (status)
159     return status;
160 
161   /* load auth func types */
162   status = crypto_kernel_load_auth_type(&null_auth, NULL_AUTH);
163   if (status)
164     return status;
165   status = crypto_kernel_load_auth_type(&hmac, HMAC_SHA1);
166   if (status)
167     return status;
168 
169   /* change state to secure */
170   crypto_kernel.state = crypto_kernel_state_secure;
171 
172   return err_status_ok;
173 }
174 
175 err_status_t
crypto_kernel_status()176 crypto_kernel_status() {
177   err_status_t status;
178   kernel_cipher_type_t  *ctype = crypto_kernel.cipher_type_list;
179   kernel_auth_type_t    *atype = crypto_kernel.auth_type_list;
180   kernel_debug_module_t *dm    = crypto_kernel.debug_module_list;
181 
182   /* run FIPS-140 statistical tests on rand_source */
183   printf("testing rand_source...");
184   status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS);
185   if (status) {
186     printf("failed\n");
187     crypto_kernel.state = crypto_kernel_state_insecure;
188     return status;
189   }
190   printf("passed\n");
191 
192   /* for each cipher type, describe and test */
193   while(ctype != NULL) {
194     printf("cipher: %s\n", ctype->cipher_type->description);
195     printf("  instance count: %d\n", ctype->cipher_type->ref_count);
196     printf("  self-test: ");
197     status = cipher_type_self_test(ctype->cipher_type);
198     if (status) {
199       printf("failed with error code %d\n", status);
200       exit(status);
201     }
202     printf("passed\n");
203     ctype = ctype->next;
204   }
205 
206   /* for each auth type, describe and test */
207   while(atype != NULL) {
208     printf("auth func: %s\n", atype->auth_type->description);
209     printf("  instance count: %d\n", atype->auth_type->ref_count);
210     printf("  self-test: ");
211     status = auth_type_self_test(atype->auth_type);
212     if (status) {
213       printf("failed with error code %d\n", status);
214       exit(status);
215     }
216     printf("passed\n");
217     atype = atype->next;
218   }
219 
220   /* describe each debug module */
221   printf("debug modules loaded:\n");
222   while (dm != NULL) {
223     printf("  %s ", dm->mod->name);
224     if (dm->mod->on)
225       printf("(on)\n");
226     else
227       printf("(off)\n");
228     dm = dm->next;
229   }
230 
231   return err_status_ok;
232 }
233 
234 err_status_t
crypto_kernel_list_debug_modules()235 crypto_kernel_list_debug_modules() {
236   kernel_debug_module_t *dm = crypto_kernel.debug_module_list;
237 
238   /* describe each debug module */
239   printf("debug modules loaded:\n");
240   while (dm != NULL) {
241     printf("  %s ", dm->mod->name);
242     if (dm->mod->on)
243       printf("(on)\n");
244     else
245       printf("(off)\n");
246     dm = dm->next;
247   }
248 
249   return err_status_ok;
250 }
251 
252 err_status_t
crypto_kernel_shutdown()253 crypto_kernel_shutdown() {
254   err_status_t status;
255 
256   /*
257    * free dynamic memory used in crypto_kernel at present
258    */
259 
260   /* walk down cipher type list, freeing memory */
261   while (crypto_kernel.cipher_type_list != NULL) {
262     kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list;
263     crypto_kernel.cipher_type_list = ctype->next;
264     debug_print(mod_crypto_kernel,
265 		"freeing memory for cipher %s",
266 		ctype->cipher_type->description);
267     crypto_free(ctype);
268   }
269 
270   /* walk down authetication module list, freeing memory */
271   while (crypto_kernel.auth_type_list != NULL) {
272      kernel_auth_type_t *atype = crypto_kernel.auth_type_list;
273      crypto_kernel.auth_type_list = atype->next;
274      debug_print(mod_crypto_kernel,
275 		"freeing memory for authentication %s",
276 		atype->auth_type->description);
277      crypto_free(atype);
278   }
279 
280   /* walk down debug module list, freeing memory */
281   while (crypto_kernel.debug_module_list != NULL) {
282     kernel_debug_module_t *kdm = crypto_kernel.debug_module_list;
283     crypto_kernel.debug_module_list = kdm->next;
284     debug_print(mod_crypto_kernel,
285 		"freeing memory for debug module %s",
286 		kdm->mod->name);
287     crypto_free(kdm);
288   }
289 
290   /* de-initialize random number generator */  status = rand_source_deinit();
291   if (status)
292     return status;
293 
294   /* return to insecure state */
295   crypto_kernel.state = crypto_kernel_state_insecure;
296 
297   return err_status_ok;
298 }
299 
300 err_status_t
crypto_kernel_load_cipher_type(cipher_type_t * new_ct,cipher_type_id_t id)301 crypto_kernel_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) {
302   kernel_cipher_type_t *ctype, *new_ctype;
303   err_status_t status;
304 
305   /* defensive coding */
306   if (new_ct == NULL)
307     return err_status_bad_param;
308 
309   /* check cipher type by running self-test */
310   status = cipher_type_self_test(new_ct);
311   if (status) {
312     return status;
313   }
314 
315   /* walk down list, checking if this type is in the list already  */
316   ctype = crypto_kernel.cipher_type_list;
317   while (ctype != NULL) {
318     if ((new_ct == ctype->cipher_type) || (id == ctype->id))
319       return err_status_bad_param;
320     ctype = ctype->next;
321   }
322 
323   /* put new_ct at the head of the list */
324   /* allocate memory */
325   new_ctype = (kernel_cipher_type_t *) crypto_alloc(sizeof(kernel_cipher_type_t));
326   if (new_ctype == NULL)
327     return err_status_alloc_fail;
328 
329   /* set fields */
330   new_ctype->cipher_type = new_ct;
331   new_ctype->id = id;
332   new_ctype->next = crypto_kernel.cipher_type_list;
333 
334   /* set head of list to new cipher type */
335   crypto_kernel.cipher_type_list = new_ctype;
336 
337   /* load debug module, if there is one present */
338   if (new_ct->debug != NULL)
339     crypto_kernel_load_debug_module(new_ct->debug);
340   /* we could check for errors here */
341 
342   return err_status_ok;
343 }
344 
345 err_status_t
crypto_kernel_load_auth_type(auth_type_t * new_at,auth_type_id_t id)346 crypto_kernel_load_auth_type(auth_type_t *new_at, auth_type_id_t id) {
347   kernel_auth_type_t *atype, *new_atype;
348   err_status_t status;
349 
350   /* defensive coding */
351   if (new_at == NULL)
352     return err_status_bad_param;
353 
354   /* check auth type by running self-test */
355   status = auth_type_self_test(new_at);
356   if (status) {
357     return status;
358   }
359 
360   /* walk down list, checking if this type is in the list already  */
361   atype = crypto_kernel.auth_type_list;
362   while (atype != NULL) {
363     if ((new_at == atype->auth_type) || (id == atype->id))
364       return err_status_bad_param;
365     atype = atype->next;
366   }
367 
368   /* put new_at at the head of the list */
369   /* allocate memory */
370   new_atype = (kernel_auth_type_t *)crypto_alloc(sizeof(kernel_auth_type_t));
371   if (new_atype == NULL)
372     return err_status_alloc_fail;
373 
374   /* set fields */
375   new_atype->auth_type = new_at;
376   new_atype->id = id;
377   new_atype->next = crypto_kernel.auth_type_list;
378 
379   /* set head of list to new auth type */
380   crypto_kernel.auth_type_list = new_atype;
381 
382   /* load debug module, if there is one present */
383   if (new_at->debug != NULL)
384     crypto_kernel_load_debug_module(new_at->debug);
385   /* we could check for errors here */
386 
387   return err_status_ok;
388 
389 }
390 
391 
392 cipher_type_t *
crypto_kernel_get_cipher_type(cipher_type_id_t id)393 crypto_kernel_get_cipher_type(cipher_type_id_t id) {
394   kernel_cipher_type_t *ctype;
395 
396   /* walk down list, looking for id  */
397   ctype = crypto_kernel.cipher_type_list;
398   while (ctype != NULL) {
399     if (id == ctype->id)
400       return ctype->cipher_type;
401     ctype = ctype->next;
402   }
403 
404   /* haven't found the right one, indicate failure by returning NULL */
405   return NULL;
406 }
407 
408 
409 err_status_t
crypto_kernel_alloc_cipher(cipher_type_id_t id,cipher_pointer_t * cp,int key_len)410 crypto_kernel_alloc_cipher(cipher_type_id_t id,
411 			      cipher_pointer_t *cp,
412 			      int key_len) {
413   cipher_type_t *ct;
414 
415   /*
416    * if the crypto_kernel is not yet initialized, we refuse to allocate
417    * any ciphers - this is a bit extra-paranoid
418    */
419   if (crypto_kernel.state != crypto_kernel_state_secure)
420     return err_status_init_fail;
421 
422   ct = crypto_kernel_get_cipher_type(id);
423   if (!ct)
424     return err_status_fail;
425 
426   return ((ct)->alloc(cp, key_len));
427 }
428 
429 
430 
431 auth_type_t *
crypto_kernel_get_auth_type(auth_type_id_t id)432 crypto_kernel_get_auth_type(auth_type_id_t id) {
433   kernel_auth_type_t *atype;
434 
435   /* walk down list, looking for id  */
436   atype = crypto_kernel.auth_type_list;
437   while (atype != NULL) {
438     if (id == atype->id)
439       return atype->auth_type;
440     atype = atype->next;
441   }
442 
443   /* haven't found the right one, indicate failure by returning NULL */
444   return NULL;
445 }
446 
447 err_status_t
crypto_kernel_alloc_auth(auth_type_id_t id,auth_pointer_t * ap,int key_len,int tag_len)448 crypto_kernel_alloc_auth(auth_type_id_t id,
449 			 auth_pointer_t *ap,
450 			 int key_len,
451 			 int tag_len) {
452   auth_type_t *at;
453 
454   /*
455    * if the crypto_kernel is not yet initialized, we refuse to allocate
456    * any auth functions - this is a bit extra-paranoid
457    */
458   if (crypto_kernel.state != crypto_kernel_state_secure)
459     return err_status_init_fail;
460 
461   at = crypto_kernel_get_auth_type(id);
462   if (!at)
463     return err_status_fail;
464 
465   return ((at)->alloc(ap, key_len, tag_len));
466 }
467 
468 err_status_t
crypto_kernel_load_debug_module(debug_module_t * new_dm)469 crypto_kernel_load_debug_module(debug_module_t *new_dm) {
470   kernel_debug_module_t *kdm, *new;
471 
472   /* defensive coding */
473   if (new_dm == NULL)
474     return err_status_bad_param;
475 
476   /* walk down list, checking if this type is in the list already  */
477   kdm = crypto_kernel.debug_module_list;
478   while (kdm != NULL) {
479     if (strncmp(new_dm->name, kdm->mod->name, 64) == 0)
480       return err_status_bad_param;
481     kdm = kdm->next;
482   }
483 
484   /* put new_dm at the head of the list */
485   /* allocate memory */
486   new = (kernel_debug_module_t *)crypto_alloc(sizeof(kernel_debug_module_t));
487   if (new == NULL)
488     return err_status_alloc_fail;
489 
490   /* set fields */
491   new->mod = new_dm;
492   new->next = crypto_kernel.debug_module_list;
493 
494   /* set head of list to new cipher type */
495   crypto_kernel.debug_module_list = new;
496 
497   return err_status_ok;
498 }
499 
500 err_status_t
crypto_kernel_set_debug_module(char * name,int on)501 crypto_kernel_set_debug_module(char *name, int on) {
502   kernel_debug_module_t *kdm;
503 
504   /* walk down list, checking if this type is in the list already  */
505   kdm = crypto_kernel.debug_module_list;
506   while (kdm != NULL) {
507     if (strncmp(name, kdm->mod->name, 64) == 0) {
508       kdm->mod->on = on;
509       return err_status_ok;
510     }
511     kdm = kdm->next;
512   }
513 
514   return err_status_fail;
515 }
516 
517 err_status_t
crypto_get_random(unsigned char * buffer,unsigned int length)518 crypto_get_random(unsigned char *buffer, unsigned int length) {
519   if (crypto_kernel.state == crypto_kernel_state_secure)
520     return ctr_prng_get_octet_string(buffer, length);
521   else
522     return err_status_fail;
523 }
524