/* * replay_driver.c * * A driver for the replay_database implementation * * David A. McGrew * Cisco Systems, Inc. */ /* * * Copyright (c) 2001-2017, Cisco Systems, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * Neither the name of the Cisco Systems, Inc. nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifdef HAVE_CONFIG_H #include #endif #include #include "rdb.h" #include "ut_sim.h" #include "cipher_priv.h" /* * num_trials defines the number of trials that are used in the * validation functions below */ unsigned num_trials = 1 << 16; srtp_err_status_t test_rdb_db(void); double rdb_check_adds_per_second(void); int main(void) { srtp_err_status_t err; printf("testing anti-replay database (srtp_rdb_t)...\n"); err = test_rdb_db(); if (err) { printf("failed\n"); exit(1); } printf("done\n"); printf("rdb_check/rdb_adds per second: %e\n", rdb_check_adds_per_second()); return 0; } void print_rdb(srtp_rdb_t *rdb) { printf("rdb: {%u, %s}\n", rdb->window_start, v128_bit_string(&rdb->bitmask)); } srtp_err_status_t rdb_check_add(srtp_rdb_t *rdb, uint32_t idx) { if (srtp_rdb_check(rdb, idx) != srtp_err_status_ok) { printf("rdb_check failed at index %u\n", idx); return srtp_err_status_fail; } if (srtp_rdb_add_index(rdb, idx) != srtp_err_status_ok) { printf("rdb_add_index failed at index %u\n", idx); return srtp_err_status_fail; } return srtp_err_status_ok; } srtp_err_status_t rdb_check_expect_failure(srtp_rdb_t *rdb, uint32_t idx) { srtp_err_status_t err; err = srtp_rdb_check(rdb, idx); if ((err != srtp_err_status_replay_old) && (err != srtp_err_status_replay_fail)) { printf("rdb_check failed at index %u (false positive)\n", idx); return srtp_err_status_fail; } return srtp_err_status_ok; } srtp_err_status_t rdb_check_add_unordered(srtp_rdb_t *rdb, uint32_t idx) { srtp_err_status_t rstat; /* printf("index: %u\n", idx); */ rstat = srtp_rdb_check(rdb, idx); if ((rstat != srtp_err_status_ok) && (rstat != srtp_err_status_replay_old)) { printf("rdb_check_add_unordered failed at index %u\n", idx); return rstat; } if (rstat == srtp_err_status_replay_old) { return srtp_err_status_ok; } if (srtp_rdb_add_index(rdb, idx) != srtp_err_status_ok) { printf("rdb_add_index failed at index %u\n", idx); return srtp_err_status_fail; } return srtp_err_status_ok; } srtp_err_status_t test_rdb_db() { srtp_rdb_t rdb; uint32_t idx, ircvd; ut_connection utc; srtp_err_status_t err; if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { printf("rdb_init failed\n"); return srtp_err_status_init_fail; } /* test sequential insertion */ for (idx = 0; idx < num_trials; idx++) { err = rdb_check_add(&rdb, idx); if (err) return err; } /* test for false positives */ for (idx = 0; idx < num_trials; idx++) { err = rdb_check_expect_failure(&rdb, idx); if (err) return err; } /* re-initialize */ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { printf("rdb_init failed\n"); return srtp_err_status_fail; } /* test non-sequential insertion */ ut_init(&utc); for (idx = 0; idx < num_trials; idx++) { ircvd = ut_next_index(&utc); err = rdb_check_add_unordered(&rdb, ircvd); if (err) return err; err = rdb_check_expect_failure(&rdb, ircvd); if (err) return err; } /* re-initialize */ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { printf("rdb_init failed\n"); return srtp_err_status_fail; } /* test insertion with large gaps */ for (idx = 0, ircvd = 0; idx < num_trials; idx++, ircvd += (1 << (srtp_cipher_rand_u32_for_tests() % 10))) { err = rdb_check_add(&rdb, ircvd); if (err) return err; err = rdb_check_expect_failure(&rdb, ircvd); if (err) return err; } /* re-initialize */ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { printf("rdb_init failed\n"); return srtp_err_status_fail; } /* test loss of first 513 packets */ for (idx = 0; idx < num_trials; idx++) { err = rdb_check_add(&rdb, idx + 513); if (err) return err; } /* test for false positives */ for (idx = 0; idx < num_trials + 513; idx++) { err = rdb_check_expect_failure(&rdb, idx); if (err) return err; } /* test for key expired */ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { printf("rdb_init failed\n"); return srtp_err_status_fail; } rdb.window_start = 0x7ffffffe; if (srtp_rdb_increment(&rdb) != srtp_err_status_ok) { printf("srtp_rdb_increment of 0x7ffffffe failed\n"); return srtp_err_status_fail; } if (srtp_rdb_get_value(&rdb) != 0x7fffffff) { printf("rdb valiue was not 0x7fffffff\n"); return srtp_err_status_fail; } if (srtp_rdb_increment(&rdb) != srtp_err_status_key_expired) { printf("srtp_rdb_increment of 0x7fffffff did not return " "srtp_err_status_key_expired\n"); return srtp_err_status_fail; } if (srtp_rdb_get_value(&rdb) != 0x7fffffff) { printf("rdb valiue was not 0x7fffffff\n"); return srtp_err_status_fail; } return srtp_err_status_ok; } #include /* for clock() */ #include /* for random() */ #define REPLAY_NUM_TRIALS 10000000 double rdb_check_adds_per_second(void) { uint32_t i; srtp_rdb_t rdb; clock_t timer; int failures = 0; /* count number of failures */ if (srtp_rdb_init(&rdb) != srtp_err_status_ok) { printf("rdb_init failed\n"); exit(1); } timer = clock(); for (i = 0; i < REPLAY_NUM_TRIALS; i += 3) { if (srtp_rdb_check(&rdb, i + 2) != srtp_err_status_ok) ++failures; if (srtp_rdb_add_index(&rdb, i + 2) != srtp_err_status_ok) ++failures; if (srtp_rdb_check(&rdb, i + 1) != srtp_err_status_ok) ++failures; if (srtp_rdb_add_index(&rdb, i + 1) != srtp_err_status_ok) ++failures; if (srtp_rdb_check(&rdb, i) != srtp_err_status_ok) ++failures; if (srtp_rdb_add_index(&rdb, i) != srtp_err_status_ok) ++failures; } timer = clock() - timer; return (double)CLOCKS_PER_SEC * REPLAY_NUM_TRIALS / timer; }