diff options
| author | Erwin Nindl <nine@wirdorange.org> | 2007-07-13 16:05:16 +0000 |
|---|---|---|
| committer | Erwin Nindl <nine@wirdorange.org> | 2007-07-13 16:05:16 +0000 |
| commit | 17b77485fa4ea8ecbf472e2d1daa15007ff93705 (patch) | |
| tree | 1b1c72d09b898f8d5dcdd68dcbd86d030e66ded5 /srtp/crypto/kernel | |
| parent | bugfix window size (diff) | |
* removed srtp directory
* install libsrtp under /usr/local/lib
* cleaned up Makefile
Diffstat (limited to 'srtp/crypto/kernel')
| -rw-r--r-- | srtp/crypto/kernel/CVS/Entries | 5 | ||||
| -rw-r--r-- | srtp/crypto/kernel/CVS/Repository | 1 | ||||
| -rw-r--r-- | srtp/crypto/kernel/CVS/Root | 1 | ||||
| -rw-r--r-- | srtp/crypto/kernel/alloc.c | 119 | ||||
| -rw-r--r-- | srtp/crypto/kernel/crypto_kernel.c | 523 | ||||
| -rw-r--r-- | srtp/crypto/kernel/err.c | 148 | ||||
| -rw-r--r-- | srtp/crypto/kernel/key.c | 115 |
7 files changed, 0 insertions, 912 deletions
diff --git a/srtp/crypto/kernel/CVS/Entries b/srtp/crypto/kernel/CVS/Entries deleted file mode 100644 index 90057ec..0000000 --- a/srtp/crypto/kernel/CVS/Entries +++ /dev/null @@ -1,5 +0,0 @@ -/alloc.c/1.4/Thu Jun 8 17:00:28 2006// -/crypto_kernel.c/1.7/Tue Jul 11 22:10:31 2006// -/err.c/1.6/Thu Jun 8 17:00:28 2006// -/key.c/1.7/Thu Jun 8 17:00:28 2006// -D diff --git a/srtp/crypto/kernel/CVS/Repository b/srtp/crypto/kernel/CVS/Repository deleted file mode 100644 index 87ab491..0000000 --- a/srtp/crypto/kernel/CVS/Repository +++ /dev/null @@ -1 +0,0 @@ -srtp/crypto/kernel diff --git a/srtp/crypto/kernel/CVS/Root b/srtp/crypto/kernel/CVS/Root deleted file mode 100644 index 05e15d8..0000000 --- a/srtp/crypto/kernel/CVS/Root +++ /dev/null @@ -1 +0,0 @@ -srtp.cvs.sourceforge.net:/cvsroot/srtp diff --git a/srtp/crypto/kernel/alloc.c b/srtp/crypto/kernel/alloc.c deleted file mode 100644 index 5dd0947..0000000 --- a/srtp/crypto/kernel/alloc.c +++ /dev/null @@ -1,119 +0,0 @@ -/* - * alloc.c - * - * memory allocation and deallocation - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "alloc.h" -#include "crypto_kernel.h" - -/* the debug module for memory allocation */ - -debug_module_t mod_alloc = { - 0, /* debugging is off by default */ - "alloc" /* printable name for module */ -}; - -/* - * Nota bene: the debugging statements for crypto_alloc() and - * crypto_free() have identical prefixes, which include the addresses - * of the memory locations on which they are operating. This fact can - * be used to locate memory leaks, by turning on memory debugging, - * grepping for 'alloc', then matching alloc and free calls by - * address. - */ - -#ifdef SRTP_KERNEL_LINUX - -#include <linux/interrupt.h> - -void * -crypto_alloc(size_t size) { - void *ptr; - - ptr = kmalloc(size, in_interrupt() ? GFP_ATOMIC : GFP_KERNEL); - - if (ptr) { - debug_print(mod_alloc, "(location: %p) allocated", ptr); - } else - debug_print(mod_alloc, "allocation failed (asked for %d bytes)\n", size); - - return ptr; -} - -void -crypto_free(void *ptr) { - - debug_print(mod_alloc, "(location: %p) freed", ptr); - - kfree(ptr); -} - - -#elif defined(HAVE_STDLIB_H) - -void * -crypto_alloc(size_t size) { - void *ptr; - - ptr = malloc(size); - - if (ptr) { - debug_print(mod_alloc, "(location: %p) allocated", ptr); - } else - debug_print(mod_alloc, "allocation failed (asked for %d bytes)\n", size); - - return ptr; -} - -void -crypto_free(void *ptr) { - - debug_print(mod_alloc, "(location: %p) freed", ptr); - - free(ptr); -} - -#else /* we need to define our own memory allocation routines */ - -#error no memory allocation defined yet - -#endif diff --git a/srtp/crypto/kernel/crypto_kernel.c b/srtp/crypto/kernel/crypto_kernel.c deleted file mode 100644 index 230dda6..0000000 --- a/srtp/crypto/kernel/crypto_kernel.c +++ /dev/null @@ -1,523 +0,0 @@ -/* - * crypto_kernel.c - * - * header for the cryptographic kernel - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright(c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - - -#include "alloc.h" - -#include "crypto_kernel.h" - -/* the debug module for the crypto_kernel */ - -debug_module_t mod_crypto_kernel = { - 0, /* debugging is off by default */ - "crypto kernel" /* printable name for module */ -}; - -/* - * other debug modules that can be included in the kernel - */ - -extern debug_module_t mod_auth; -extern debug_module_t mod_cipher; -extern debug_module_t mod_stat; -extern debug_module_t mod_alloc; - -/* - * cipher types that can be included in the kernel - */ - -extern cipher_type_t null_cipher; -extern cipher_type_t aes_icm; -extern cipher_type_t aes_cbc; - - -/* - * auth func types that can be included in the kernel - */ - -extern auth_type_t null_auth; -extern auth_type_t hmac; - -/* crypto_kernel is a global variable, the only one of its datatype */ - -crypto_kernel_t -crypto_kernel = { - crypto_kernel_state_insecure, /* start off in insecure state */ - NULL, /* no cipher types yet */ - NULL, /* no auth types yet */ - NULL /* no debug modules yet */ -}; - -#define MAX_RNG_TRIALS 25 - -err_status_t -crypto_kernel_init() { - err_status_t status; - - /* check the security state */ - if (crypto_kernel.state == crypto_kernel_state_secure) { - - /* - * we're already in the secure state, but we've been asked to - * re-initialize, so we just re-run the self-tests and then return - */ - return crypto_kernel_status(); - } - - /* initialize error reporting system */ - status = err_reporting_init("crypto"); - if (status) - return status; - - /* load debug modules */ - status = crypto_kernel_load_debug_module(&mod_crypto_kernel); - if (status) - return status; - status = crypto_kernel_load_debug_module(&mod_auth); - if (status) - return status; - status = crypto_kernel_load_debug_module(&mod_cipher); - if (status) - return status; - status = crypto_kernel_load_debug_module(&mod_stat); - if (status) - return status; - status = crypto_kernel_load_debug_module(&mod_alloc); - if (status) - return status; - - /* initialize random number generator */ - status = rand_source_init(); - if (status) - return status; - - /* run FIPS-140 statistical tests on rand_source */ - status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS); - if (status) - return status; - - /* initialize pseudorandom number generator */ - status = ctr_prng_init(rand_source_get_octet_string); - if (status) - return status; - - /* run FIPS-140 statistical tests on ctr_prng */ - status = stat_test_rand_source_with_repetition(ctr_prng_get_octet_string, MAX_RNG_TRIALS); - if (status) - return status; - - /* load cipher types */ - status = crypto_kernel_load_cipher_type(&null_cipher, NULL_CIPHER); - if (status) - return status; - status = crypto_kernel_load_cipher_type(&aes_icm, AES_128_ICM); - if (status) - return status; - status = crypto_kernel_load_cipher_type(&aes_cbc, AES_128_CBC); - if (status) - return status; - - /* load auth func types */ - status = crypto_kernel_load_auth_type(&null_auth, NULL_AUTH); - if (status) - return status; - status = crypto_kernel_load_auth_type(&hmac, HMAC_SHA1); - if (status) - return status; - - /* change state to secure */ - crypto_kernel.state = crypto_kernel_state_secure; - - return err_status_ok; -} - -err_status_t -crypto_kernel_status() { - err_status_t status; - kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; - kernel_auth_type_t *atype = crypto_kernel.auth_type_list; - kernel_debug_module_t *dm = crypto_kernel.debug_module_list; - - /* run FIPS-140 statistical tests on rand_source */ - printf("testing rand_source..."); - status = stat_test_rand_source_with_repetition(rand_source_get_octet_string, MAX_RNG_TRIALS); - if (status) { - printf("failed\n"); - crypto_kernel.state = crypto_kernel_state_insecure; - return status; - } - printf("passed\n"); - - /* for each cipher type, describe and test */ - while(ctype != NULL) { - printf("cipher: %s\n", ctype->cipher_type->description); - printf(" instance count: %d\n", ctype->cipher_type->ref_count); - printf(" self-test: "); - status = cipher_type_self_test(ctype->cipher_type); - if (status) { - printf("failed with error code %d\n", status); - exit(status); - } - printf("passed\n"); - ctype = ctype->next; - } - - /* for each auth type, describe and test */ - while(atype != NULL) { - printf("auth func: %s\n", atype->auth_type->description); - printf(" instance count: %d\n", atype->auth_type->ref_count); - printf(" self-test: "); - status = auth_type_self_test(atype->auth_type); - if (status) { - printf("failed with error code %d\n", status); - exit(status); - } - printf("passed\n"); - atype = atype->next; - } - - /* describe each debug module */ - printf("debug modules loaded:\n"); - while (dm != NULL) { - printf(" %s ", dm->mod->name); - if (dm->mod->on) - printf("(on)\n"); - else - printf("(off)\n"); - dm = dm->next; - } - - return err_status_ok; -} - -err_status_t -crypto_kernel_list_debug_modules() { - kernel_debug_module_t *dm = crypto_kernel.debug_module_list; - - /* describe each debug module */ - printf("debug modules loaded:\n"); - while (dm != NULL) { - printf(" %s ", dm->mod->name); - if (dm->mod->on) - printf("(on)\n"); - else - printf("(off)\n"); - dm = dm->next; - } - - return err_status_ok; -} - -err_status_t -crypto_kernel_shutdown() { - err_status_t status; - - /* - * free dynamic memory used in crypto_kernel at present - */ - - /* walk down cipher type list, freeing memory */ - while (crypto_kernel.cipher_type_list != NULL) { - kernel_cipher_type_t *ctype = crypto_kernel.cipher_type_list; - crypto_kernel.cipher_type_list = ctype->next; - debug_print(mod_crypto_kernel, - "freeing memory for cipher %s", - ctype->cipher_type->description); - crypto_free(ctype); - } - - /* walk down authetication module list, freeing memory */ - while (crypto_kernel.auth_type_list != NULL) { - kernel_auth_type_t *atype = crypto_kernel.auth_type_list; - crypto_kernel.auth_type_list = atype->next; - debug_print(mod_crypto_kernel, - "freeing memory for authentication %s", - atype->auth_type->description); - crypto_free(atype); - } - - /* walk down debug module list, freeing memory */ - while (crypto_kernel.debug_module_list != NULL) { - kernel_debug_module_t *kdm = crypto_kernel.debug_module_list; - crypto_kernel.debug_module_list = kdm->next; - debug_print(mod_crypto_kernel, - "freeing memory for debug module %s", - kdm->mod->name); - crypto_free(kdm); - } - - /* de-initialize random number generator */ status = rand_source_deinit(); - if (status) - return status; - - /* return to insecure state */ - crypto_kernel.state = crypto_kernel_state_insecure; - - return err_status_ok; -} - -err_status_t -crypto_kernel_load_cipher_type(cipher_type_t *new_ct, cipher_type_id_t id) { - kernel_cipher_type_t *ctype, *new_ctype; - err_status_t status; - - /* defensive coding */ - if (new_ct == NULL) - return err_status_bad_param; - - /* check cipher type by running self-test */ - status = cipher_type_self_test(new_ct); - if (status) { - return status; - } - - /* walk down list, checking if this type is in the list already */ - ctype = crypto_kernel.cipher_type_list; - while (ctype != NULL) { - if ((new_ct == ctype->cipher_type) || (id == ctype->id)) - return err_status_bad_param; - ctype = ctype->next; - } - - /* put new_ct at the head of the list */ - /* allocate memory */ - new_ctype = (kernel_cipher_type_t *) crypto_alloc(sizeof(kernel_cipher_type_t)); - if (new_ctype == NULL) - return err_status_alloc_fail; - - /* set fields */ - new_ctype->cipher_type = new_ct; - new_ctype->id = id; - new_ctype->next = crypto_kernel.cipher_type_list; - - /* set head of list to new cipher type */ - crypto_kernel.cipher_type_list = new_ctype; - - /* load debug module, if there is one present */ - if (new_ct->debug != NULL) - crypto_kernel_load_debug_module(new_ct->debug); - /* we could check for errors here */ - - return err_status_ok; -} - -err_status_t -crypto_kernel_load_auth_type(auth_type_t *new_at, auth_type_id_t id) { - kernel_auth_type_t *atype, *new_atype; - err_status_t status; - - /* defensive coding */ - if (new_at == NULL) - return err_status_bad_param; - - /* check auth type by running self-test */ - status = auth_type_self_test(new_at); - if (status) { - return status; - } - - /* walk down list, checking if this type is in the list already */ - atype = crypto_kernel.auth_type_list; - while (atype != NULL) { - if ((new_at == atype->auth_type) || (id == atype->id)) - return err_status_bad_param; - atype = atype->next; - } - - /* put new_at at the head of the list */ - /* allocate memory */ - new_atype = (kernel_auth_type_t *)crypto_alloc(sizeof(kernel_auth_type_t)); - if (new_atype == NULL) - return err_status_alloc_fail; - - /* set fields */ - new_atype->auth_type = new_at; - new_atype->id = id; - new_atype->next = crypto_kernel.auth_type_list; - - /* set head of list to new auth type */ - crypto_kernel.auth_type_list = new_atype; - - /* load debug module, if there is one present */ - if (new_at->debug != NULL) - crypto_kernel_load_debug_module(new_at->debug); - /* we could check for errors here */ - - return err_status_ok; - -} - - -cipher_type_t * -crypto_kernel_get_cipher_type(cipher_type_id_t id) { - kernel_cipher_type_t *ctype; - - /* walk down list, looking for id */ - ctype = crypto_kernel.cipher_type_list; - while (ctype != NULL) { - if (id == ctype->id) - return ctype->cipher_type; - ctype = ctype->next; - } - - /* haven't found the right one, indicate failure by returning NULL */ - return NULL; -} - - -err_status_t -crypto_kernel_alloc_cipher(cipher_type_id_t id, - cipher_pointer_t *cp, - int key_len) { - cipher_type_t *ct; - - /* - * if the crypto_kernel is not yet initialized, we refuse to allocate - * any ciphers - this is a bit extra-paranoid - */ - if (crypto_kernel.state != crypto_kernel_state_secure) - return err_status_init_fail; - - ct = crypto_kernel_get_cipher_type(id); - if (!ct) - return err_status_fail; - - return ((ct)->alloc(cp, key_len)); -} - - - -auth_type_t * -crypto_kernel_get_auth_type(auth_type_id_t id) { - kernel_auth_type_t *atype; - - /* walk down list, looking for id */ - atype = crypto_kernel.auth_type_list; - while (atype != NULL) { - if (id == atype->id) - return atype->auth_type; - atype = atype->next; - } - - /* haven't found the right one, indicate failure by returning NULL */ - return NULL; -} - -err_status_t -crypto_kernel_alloc_auth(auth_type_id_t id, - auth_pointer_t *ap, - int key_len, - int tag_len) { - auth_type_t *at; - - /* - * if the crypto_kernel is not yet initialized, we refuse to allocate - * any auth functions - this is a bit extra-paranoid - */ - if (crypto_kernel.state != crypto_kernel_state_secure) - return err_status_init_fail; - - at = crypto_kernel_get_auth_type(id); - if (!at) - return err_status_fail; - - return ((at)->alloc(ap, key_len, tag_len)); -} - -err_status_t -crypto_kernel_load_debug_module(debug_module_t *new_dm) { - kernel_debug_module_t *kdm, *new; - - /* defensive coding */ - if (new_dm == NULL) - return err_status_bad_param; - - /* walk down list, checking if this type is in the list already */ - kdm = crypto_kernel.debug_module_list; - while (kdm != NULL) { - if (strncmp(new_dm->name, kdm->mod->name, 64) == 0) - return err_status_bad_param; - kdm = kdm->next; - } - - /* put new_dm at the head of the list */ - /* allocate memory */ - new = (kernel_debug_module_t *)crypto_alloc(sizeof(kernel_debug_module_t)); - if (new == NULL) - return err_status_alloc_fail; - - /* set fields */ - new->mod = new_dm; - new->next = crypto_kernel.debug_module_list; - - /* set head of list to new cipher type */ - crypto_kernel.debug_module_list = new; - - return err_status_ok; -} - -err_status_t -crypto_kernel_set_debug_module(char *name, int on) { - kernel_debug_module_t *kdm; - - /* walk down list, checking if this type is in the list already */ - kdm = crypto_kernel.debug_module_list; - while (kdm != NULL) { - if (strncmp(name, kdm->mod->name, 64) == 0) { - kdm->mod->on = on; - return err_status_ok; - } - kdm = kdm->next; - } - - return err_status_fail; -} - -err_status_t -crypto_get_random(unsigned char *buffer, unsigned int length) { - if (crypto_kernel.state == crypto_kernel_state_secure) - return ctr_prng_get_octet_string(buffer, length); - else - return err_status_fail; -} diff --git a/srtp/crypto/kernel/err.c b/srtp/crypto/kernel/err.c deleted file mode 100644 index 4a3a858..0000000 --- a/srtp/crypto/kernel/err.c +++ /dev/null @@ -1,148 +0,0 @@ -/* - * err.c - * - * error status reporting functions - * - * David A. McGrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright(c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "err.h" - -#ifdef ERR_REPORTING_SYSLOG -# ifdef HAVE_SYSLOG_H -# include <syslog.h> -# endif -#endif - - -/* err_level reflects the level of errors that are reported */ - -err_reporting_level_t err_level = err_level_none; - -#ifdef SRTP_KERNEL_LINUX -err_status_t -err_reporting_init(char *ident) { - - return err_status_ok; -} - -#else /* SRTP_KERNEL_LINUX */ - -/* err_file is the FILE to which errors are reported */ - -static FILE *err_file = NULL; - -err_status_t -err_reporting_init(char *ident) { -#ifdef ERR_REPORTING_SYSLOG - openlog(ident, LOG_PID, LOG_AUTHPRIV); -#endif - - /* - * Believe it or not, openlog doesn't return an error on failure. - * But then, neither does the syslog() call... - */ - -#ifdef ERR_REPORTING_STDOUT - err_file = stdout; -#elif defined(USE_ERR_REPORTING_FILE) - /* open file for error reporting */ - err_file = fopen(ERR_REPORTING_FILE, "w"); - if (err_file == NULL) - return err_status_init_fail; -#endif - - return err_status_ok; -} - -void -err_report(int priority, char *format, ...) { - va_list args; - - if (priority <= err_level) { - - va_start(args, format); - if (err_file != NULL) { - vfprintf(err_file, format, args); - /* fprintf(err_file, "\n"); */ - } -#ifdef ERR_REPORTING_SYSLOG - if (1) { /* FIXME: Make this a runtime option. */ - int syslogpri; - - switch (priority) { - case err_level_emergency: - syslogpri = LOG_EMERG; - break; - case err_level_alert: - syslogpri = LOG_ALERT; - break; - case err_level_critical: - syslogpri = LOG_CRIT; - break; - case err_level_error: - syslogpri = LOG_ERR; - break; - case err_level_warning: - syslogpri = LOG_WARNING; - break; - case err_level_notice: - syslogpri = LOG_NOTICE; - break; - case err_level_info: - syslogpri = LOG_INFO; - break; - case err_level_debug: - case err_level_none: - default: - syslogpri = LOG_DEBUG; - break; - } - - vsyslog(syslogpri, format, args); -#endif - va_end(args); - } -} -#endif /* SRTP_KERNEL_LINUX */ - -void -err_reporting_set_level(err_reporting_level_t lvl) { - err_level = lvl; -} diff --git a/srtp/crypto/kernel/key.c b/srtp/crypto/kernel/key.c deleted file mode 100644 index 9f63b22..0000000 --- a/srtp/crypto/kernel/key.c +++ /dev/null @@ -1,115 +0,0 @@ -/* - * key.c - * - * key usage limits enforcement - * - * David A. Mcgrew - * Cisco Systems, Inc. - */ -/* - * - * Copyright (c) 2001-2006 Cisco Systems, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials provided - * with the distribution. - * - * Neither the name of the Cisco Systems, Inc. nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include "key.h" - -#define soft_limit 0x10000 - -err_status_t -key_limit_set(key_limit_t key, const xtd_seq_num_t s) { -#ifdef NO_64BIT_MATH - if (high32(s) == 0 && low32(s) < soft_limit) - return err_status_bad_param; -#else - if (s < soft_limit) - return err_status_bad_param; -#endif - key->num_left = s; - key->state = key_state_normal; - return err_status_ok; -} - -err_status_t -key_limit_clone(key_limit_t original, key_limit_t *new_key) { - if (original == NULL) - return err_status_bad_param; - *new_key = original; - return err_status_ok; -} - -err_status_t -key_limit_check(const key_limit_t key) { - if (key->state == key_state_expired) - return err_status_key_expired; - return err_status_ok; -} - -key_event_t -key_limit_update(key_limit_t key) { -#ifdef NO_64BIT_MATH - if (low32(key->num_left) == 0) - { - // carry - key->num_left = make64(high32(key->num_left)-1,low32(key->num_left) - 1); - } - else - { - // no carry - key->num_left = make64(high32(key->num_left),low32(key->num_left) - 1); - } - if (high32(key->num_left) != 0 || low32(key->num_left) >= soft_limit) { - return key_event_normal; /* we're above the soft limit */ - } -#else - key->num_left--; - if (key->num_left >= soft_limit) { - return key_event_normal; /* we're above the soft limit */ - } -#endif - if (key->state == key_state_normal) { - /* we just passed the soft limit, so change the state */ - key->state = key_state_past_soft_limit; - } -#ifdef NO_64BIT_MATH - if (low32(key->num_left) == 0 && high32(key->num_left == 0)) -#else - if (key->num_left < 1) -#endif - { /* we just hit the hard limit */ - key->state = key_state_expired; - return key_event_hard_limit; - } - return key_event_soft_limit; -} - |