crypto/kernel/key.c

*90e502c7SAndroid Build Coastguard Worker/*
*90e502c7SAndroid Build Coastguard Worker * key.c
*90e502c7SAndroid Build Coastguard Worker *
*90e502c7SAndroid Build Coastguard Worker * key usage limits enforcement
*90e502c7SAndroid Build Coastguard Worker *
*90e502c7SAndroid Build Coastguard Worker * David A. Mcgrew
*90e502c7SAndroid Build Coastguard Worker * Cisco Systems, Inc.
*90e502c7SAndroid Build Coastguard Worker */
*90e502c7SAndroid Build Coastguard Worker/*
*90e502c7SAndroid Build Coastguard Worker *
*90e502c7SAndroid Build Coastguard Worker * Copyright (c) 2001-2017 Cisco Systems, Inc.
*90e502c7SAndroid Build Coastguard Worker * All rights reserved.
*90e502c7SAndroid Build Coastguard Worker *
*90e502c7SAndroid Build Coastguard Worker * Redistribution and use in source and binary forms, with or without
*90e502c7SAndroid Build Coastguard Worker * modification, are permitted provided that the following conditions
*90e502c7SAndroid Build Coastguard Worker * are met:
*90e502c7SAndroid Build Coastguard Worker *
*90e502c7SAndroid Build Coastguard Worker *   Redistributions of source code must retain the above copyright
*90e502c7SAndroid Build Coastguard Worker *   notice, this list of conditions and the following disclaimer.
*90e502c7SAndroid Build Coastguard Worker *
*90e502c7SAndroid Build Coastguard Worker *   Redistributions in binary form must reproduce the above
*90e502c7SAndroid Build Coastguard Worker *   copyright notice, this list of conditions and the following
*90e502c7SAndroid Build Coastguard Worker *   disclaimer in the documentation and/or other materials provided
*90e502c7SAndroid Build Coastguard Worker *   with the distribution.
*90e502c7SAndroid Build Coastguard Worker *
*90e502c7SAndroid Build Coastguard Worker *   Neither the name of the Cisco Systems, Inc. nor the names of its
*90e502c7SAndroid Build Coastguard Worker *   contributors may be used to endorse or promote products derived
*90e502c7SAndroid Build Coastguard Worker *   from this software without specific prior written permission.
*90e502c7SAndroid Build Coastguard Worker *
*90e502c7SAndroid Build Coastguard Worker * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
*90e502c7SAndroid Build Coastguard Worker * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
*90e502c7SAndroid Build Coastguard Worker * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
*90e502c7SAndroid Build Coastguard Worker * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
*90e502c7SAndroid Build Coastguard Worker * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
*90e502c7SAndroid Build Coastguard Worker * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
*90e502c7SAndroid Build Coastguard Worker * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
*90e502c7SAndroid Build Coastguard Worker * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
*90e502c7SAndroid Build Coastguard Worker * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
*90e502c7SAndroid Build Coastguard Worker * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
*90e502c7SAndroid Build Coastguard Worker * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
*90e502c7SAndroid Build Coastguard Worker * OF THE POSSIBILITY OF SUCH DAMAGE.
*90e502c7SAndroid Build Coastguard Worker *
*90e502c7SAndroid Build Coastguard Worker */
*90e502c7SAndroid Build Coastguard Worker
*90e502c7SAndroid Build Coastguard Worker#ifdef HAVE_CONFIG_H
*90e502c7SAndroid Build Coastguard Worker#include <config.h>
*90e502c7SAndroid Build Coastguard Worker#endif
*90e502c7SAndroid Build Coastguard Worker
*90e502c7SAndroid Build Coastguard Worker#include "key.h"
*90e502c7SAndroid Build Coastguard Worker
*90e502c7SAndroid Build Coastguard Worker#define soft_limit 0x10000
*90e502c7SAndroid Build Coastguard Worker
*90e502c7SAndroid Build Coastguard Workersrtp_err_status_t srtp_key_limit_set(srtp_key_limit_t key,
*90e502c7SAndroid Build Coastguard Worker                                     const srtp_xtd_seq_num_t s)
*90e502c7SAndroid Build Coastguard Worker{
*90e502c7SAndroid Build Coastguard Worker#ifdef NO_64BIT_MATH
*90e502c7SAndroid Build Coastguard Worker    if (high32(s) == 0 && low32(s) < soft_limit) {
*90e502c7SAndroid Build Coastguard Worker        return srtp_err_status_bad_param;
*90e502c7SAndroid Build Coastguard Worker    }
*90e502c7SAndroid Build Coastguard Worker#else
*90e502c7SAndroid Build Coastguard Worker    if (s < soft_limit) {
*90e502c7SAndroid Build Coastguard Worker        return srtp_err_status_bad_param;
*90e502c7SAndroid Build Coastguard Worker    }
*90e502c7SAndroid Build Coastguard Worker#endif
*90e502c7SAndroid Build Coastguard Worker    key->num_left = s;
*90e502c7SAndroid Build Coastguard Worker    key->state = srtp_key_state_normal;
*90e502c7SAndroid Build Coastguard Worker    return srtp_err_status_ok;
*90e502c7SAndroid Build Coastguard Worker}
*90e502c7SAndroid Build Coastguard Worker
*90e502c7SAndroid Build Coastguard Workersrtp_err_status_t srtp_key_limit_clone(srtp_key_limit_t original,
*90e502c7SAndroid Build Coastguard Worker                                       srtp_key_limit_t *new_key)
*90e502c7SAndroid Build Coastguard Worker{
*90e502c7SAndroid Build Coastguard Worker    if (original == NULL) {
*90e502c7SAndroid Build Coastguard Worker        return srtp_err_status_bad_param;
*90e502c7SAndroid Build Coastguard Worker    }
*90e502c7SAndroid Build Coastguard Worker    *new_key = original;
*90e502c7SAndroid Build Coastguard Worker    return srtp_err_status_ok;
*90e502c7SAndroid Build Coastguard Worker}
*90e502c7SAndroid Build Coastguard Worker
*90e502c7SAndroid Build Coastguard Workersrtp_err_status_t srtp_key_limit_check(const srtp_key_limit_t key)
*90e502c7SAndroid Build Coastguard Worker{
*90e502c7SAndroid Build Coastguard Worker    if (key->state == srtp_key_state_expired) {
*90e502c7SAndroid Build Coastguard Worker        return srtp_err_status_key_expired;
*90e502c7SAndroid Build Coastguard Worker    }
*90e502c7SAndroid Build Coastguard Worker    return srtp_err_status_ok;
*90e502c7SAndroid Build Coastguard Worker}
*90e502c7SAndroid Build Coastguard Worker
*90e502c7SAndroid Build Coastguard Workersrtp_key_event_t srtp_key_limit_update(srtp_key_limit_t key)
*90e502c7SAndroid Build Coastguard Worker{
*90e502c7SAndroid Build Coastguard Worker#ifdef NO_64BIT_MATH
*90e502c7SAndroid Build Coastguard Worker    if (low32(key->num_left) == 0) {
*90e502c7SAndroid Build Coastguard Worker        // carry
*90e502c7SAndroid Build Coastguard Worker        key->num_left =
*90e502c7SAndroid Build Coastguard Worker            make64(high32(key->num_left) - 1, low32(key->num_left) - 1);
*90e502c7SAndroid Build Coastguard Worker    } else {
*90e502c7SAndroid Build Coastguard Worker        // no carry
*90e502c7SAndroid Build Coastguard Worker        key->num_left = make64(high32(key->num_left), low32(key->num_left) - 1);
*90e502c7SAndroid Build Coastguard Worker    }
*90e502c7SAndroid Build Coastguard Worker    if (high32(key->num_left) != 0 || low32(key->num_left) >= soft_limit) {
*90e502c7SAndroid Build Coastguard Worker        return srtp_key_event_normal; /* we're above the soft limit */
*90e502c7SAndroid Build Coastguard Worker    }
*90e502c7SAndroid Build Coastguard Worker#else
*90e502c7SAndroid Build Coastguard Worker    key->num_left--;
*90e502c7SAndroid Build Coastguard Worker    if (key->num_left >= soft_limit) {
*90e502c7SAndroid Build Coastguard Worker        return srtp_key_event_normal; /* we're above the soft limit */
*90e502c7SAndroid Build Coastguard Worker    }
*90e502c7SAndroid Build Coastguard Worker#endif
*90e502c7SAndroid Build Coastguard Worker    if (key->state == srtp_key_state_normal) {
*90e502c7SAndroid Build Coastguard Worker        /* we just passed the soft limit, so change the state */
*90e502c7SAndroid Build Coastguard Worker        key->state = srtp_key_state_past_soft_limit;
*90e502c7SAndroid Build Coastguard Worker    }
*90e502c7SAndroid Build Coastguard Worker#ifdef NO_64BIT_MATH
*90e502c7SAndroid Build Coastguard Worker    if (low32(key->num_left) == 0 && high32(key->num_left == 0))
*90e502c7SAndroid Build Coastguard Worker#else
*90e502c7SAndroid Build Coastguard Worker    if (key->num_left < 1)
*90e502c7SAndroid Build Coastguard Worker#endif
*90e502c7SAndroid Build Coastguard Worker    { /* we just hit the hard limit */
*90e502c7SAndroid Build Coastguard Worker        key->state = srtp_key_state_expired;
*90e502c7SAndroid Build Coastguard Worker        return srtp_key_event_hard_limit;
*90e502c7SAndroid Build Coastguard Worker    }
*90e502c7SAndroid Build Coastguard Worker    return srtp_key_event_soft_limit;
*90e502c7SAndroid Build Coastguard Worker}