svn rev #24514: branches/camellia-cts-cmac/src/ include/ lib/crypto/ lib/crypto/builtin/camellia/ ...
ghudson@MIT.EDU
ghudson at MIT.EDU
Tue Nov 9 19:03:49 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24514
Commit By: ghudson
Log Message:
On the camellia-cts-cmac branch, replace the Camellia CCM enctypes
with enctypes using CTS and CMAC.
Changed Files:
U branches/camellia-cts-cmac/src/include/k5-int.h
U branches/camellia-cts-cmac/src/lib/crypto/builtin/camellia/camellia-gen.c
U branches/camellia-cts-cmac/src/lib/crypto/builtin/camellia/camellia.c
U branches/camellia-cts-cmac/src/lib/crypto/builtin/enc_provider/Makefile.in
A branches/camellia-cts-cmac/src/lib/crypto/builtin/enc_provider/camellia.c
D branches/camellia-cts-cmac/src/lib/crypto/builtin/enc_provider/camellia_ctr.c
U branches/camellia-cts-cmac/src/lib/crypto/builtin/enc_provider/enc_provider.h
U branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/Makefile.in
U branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/camellia-test.c
D branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_camellia_ccm.c
U branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_cmac.c
U branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_encrypt.c
U branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_short.c
U branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_str2key.c
U branches/camellia-cts-cmac/src/lib/crypto/krb/checksum/cmac.c
U branches/camellia-cts-cmac/src/lib/crypto/krb/cksumtypes.c
U branches/camellia-cts-cmac/src/lib/crypto/krb/dk/Makefile.in
U branches/camellia-cts-cmac/src/lib/crypto/krb/dk/checksum_cmac.c
U branches/camellia-cts-cmac/src/lib/crypto/krb/dk/derive.c
U branches/camellia-cts-cmac/src/lib/crypto/krb/dk/dk.h
D branches/camellia-cts-cmac/src/lib/crypto/krb/dk/dk_ccm.c
A branches/camellia-cts-cmac/src/lib/crypto/krb/dk/dk_cmac.c
U branches/camellia-cts-cmac/src/lib/crypto/krb/dk/stringtokey.c
U branches/camellia-cts-cmac/src/lib/crypto/krb/etypes.c
U branches/camellia-cts-cmac/src/lib/crypto/krb/prf/cmac_prf.c
U branches/camellia-cts-cmac/src/lib/crypto/libk5crypto.exports
U branches/camellia-cts-cmac/src/lib/crypto/nss/enc_provider/camellia.c
U branches/camellia-cts-cmac/src/lib/crypto/openssl/enc_provider/Makefile.in
A branches/camellia-cts-cmac/src/lib/crypto/openssl/enc_provider/camellia.c
D branches/camellia-cts-cmac/src/lib/crypto/openssl/enc_provider/camellia_ctr.c
U branches/camellia-cts-cmac/src/lib/crypto/openssl/enc_provider/enc_provider.h
U branches/camellia-cts-cmac/src/lib/krb5/krb/init_ctx.c
U branches/camellia-cts-cmac/src/lib/krb5/krb/t_etypes.c
U branches/camellia-cts-cmac/src/tests/dejagnu/config/default.exp
U branches/camellia-cts-cmac/src/util/k5test.py
U branches/camellia-cts-cmac/src/windows/identity/plugins/krb5/datarep.c
U branches/camellia-cts-cmac/src/windows/identity/plugins/krb5/lang/en_us/langres.rc
Modified: branches/camellia-cts-cmac/src/include/k5-int.h
===================================================================
--- branches/camellia-cts-cmac/src/include/k5-int.h 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/include/k5-int.h 2010-11-10 00:03:48 UTC (rev 24514)
@@ -2687,23 +2687,23 @@
#if 0
/*
* There are no IANA assignments for these enctypes or cksumtypes yet. They
- * must be defined to local-use negative numbers at build time for Camellia-CCM
+ * must be defined to local-use negative numbers at build time for Camellia
* support to function at the moment. If one is defined, they should all be
* defined. When IANA assignments exist, these definitions should move to the
- * appropriate places in krb5.hin and all CAMELLIA_CCM conditional code should
- * be made unconditional.
+ * appropriate places in krb5.hin and all CAMELLIA conditional code should be
+ * made unconditional.
*
* The present code is experimental and may not be compatible with the
* standardized version.
*/
-#define ENCTYPE_CAMELLIA128_CCM_128 -XXX /* Camellia CCM mode, 128-bit key */
-#define ENCTYPE_CAMELLIA256_CCM_128 -YYY /* Camellia CCM mode, 256-bit key */
-#define CKSUMTYPE_CMAC_128_CAMELLIA128 -XXX /* CMAC, 128-bit Camellia key */
-#define CKSUMTYPE_CMAC_128_CAMELLIA256 -YYY /* CMAC, 256-bit Camellia key */
+#define ENCTYPE_CAMELLIA128_CTS_CMAC -XXX /* Camellia CTS mode, 128-bit key */
+#define ENCTYPE_CAMELLIA256_CTS_CMAC -YYY /* Camellia CTS mode, 256-bit key */
+#define CKSUMTYPE_CMAC_CAMELLIA128 -XXX /* CMAC, 128-bit Camellia key */
+#define CKSUMTYPE_CMAC_CAMELLIA256 -YYY /* CMAC, 256-bit Camellia key */
#endif
-#ifdef ENCTYPE_CAMELLIA128_CCM_128
-#define CAMELLIA_CCM
+#ifdef ENCTYPE_CAMELLIA128_CTS_CMAC
+#define CAMELLIA
#endif
struct _krb5_kt { /* should move into k5-int.h */
Modified: branches/camellia-cts-cmac/src/lib/crypto/builtin/camellia/camellia-gen.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/builtin/camellia/camellia-gen.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/builtin/camellia/camellia-gen.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -8,7 +8,7 @@
#include <unistd.h>
#include "camellia.h"
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
#define B 16U
unsigned char key[16];
@@ -316,11 +316,11 @@
printf ("\n");
}
-#endif /* CAMELLIA_CCM */
+#endif /* CAMELLIA */
int main ()
{
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
init ();
fips_test ();
Modified: branches/camellia-cts-cmac/src/lib/crypto/builtin/camellia/camellia.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/builtin/camellia/camellia.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/builtin/camellia/camellia.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -36,7 +36,8 @@
#include "camellia.h"
-#ifdef CAMELLIA_CCM
+#include "k5-int.h" /* Only for CAMELLIA; remove later. */
+#ifdef CAMELLIA
/* key constants */
@@ -1540,4 +1541,4 @@
return camellia_good;
}
-#endif /* CAMELLIA_CCM */
+#endif /* CAMELLIA */
Modified: branches/camellia-cts-cmac/src/lib/crypto/builtin/enc_provider/Makefile.in
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/builtin/enc_provider/Makefile.in 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/builtin/enc_provider/Makefile.in 2010-11-10 00:03:48 UTC (rev 24514)
@@ -21,20 +21,20 @@
des3.o \
rc4.o \
aes.o \
- camellia_ctr.o
+ camellia.o
OBJS= \
$(OUTPRE)des.$(OBJEXT) \
$(OUTPRE)des3.$(OBJEXT) \
$(OUTPRE)aes.$(OBJEXT) \
- $(OUTPRE)camellia_ctr.$(OBJEXT) \
+ $(OUTPRE)camellia.$(OBJEXT) \
$(OUTPRE)rc4.$(OBJEXT)
SRCS= \
$(srcdir)/des.c \
$(srcdir)/des3.c \
$(srcdir)/aes.c \
- $(srcdir)/camellia_ctr.c\
+ $(srcdir)/camellia.c \
$(srcdir)/rc4.c
##DOS##LIBOBJS = $(OBJS)
Added: branches/camellia-cts-cmac/src/lib/crypto/builtin/enc_provider/camellia.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/builtin/enc_provider/camellia.c (rev 0)
+++ branches/camellia-cts-cmac/src/lib/crypto/builtin/enc_provider/camellia.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -0,0 +1,363 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/enc_provider/camellia.c - Camellia enc provider definition */
+/*
+ * Copyright (C) 2009, 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "enc_provider.h"
+#include "camellia.h"
+#include <aead.h>
+#include <rand2key.h>
+
+#ifdef CAMELLIA
+
+/*
+ * Private per-key data to cache after first generation. We don't want to mess
+ * with the imported Cemallia implementation too much, so we'll just use two
+ * copies of its context, one for encryption and one for decryption, and use
+ * the #rounds field as a flag for whether we've initialized each half.
+ */
+struct camellia_key_info_cache {
+ camellia_ctx enc_ctx, dec_ctx;
+};
+#define CACHE(X) ((struct camellia_key_info_cache *)((X)->cache))
+
+static inline void
+enc(unsigned char *out, const unsigned char *in, camellia_ctx *ctx)
+{
+ if (camellia_enc_blk(in, out, ctx) != camellia_good)
+ abort();
+}
+
+static inline void
+dec(unsigned char *out, const unsigned char *in, camellia_ctx *ctx)
+{
+ if (camellia_dec_blk(in, out, ctx) != camellia_good)
+ abort();
+}
+
+static void
+xorblock(unsigned char *out, const unsigned char *in)
+{
+ int z;
+ for (z = 0; z < BLOCK_SIZE/4; z++) {
+ unsigned char *outptr = &out[z*4];
+ const unsigned char *inptr = &in[z*4];
+ /*
+ * Use unaligned accesses. On x86, this will probably still be faster
+ * than multiple byte accesses for unaligned data, and for aligned data
+ * should be far better. (One test indicated about 2.4% faster
+ * encryption for 1024-byte messages.)
+ *
+ * If some other CPU has really slow unaligned-word or byte accesses,
+ * perhaps this function (or the load/store helpers?) should test for
+ * alignment first.
+ *
+ * If byte accesses are faster than unaligned words, we may need to
+ * conditionalize on CPU type, as that may be hard to determine
+ * automatically.
+ */
+ store_32_n(load_32_n(outptr) ^ load_32_n(inptr), outptr);
+ }
+}
+
+static krb5_error_code
+krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec,
+ krb5_crypto_iov *data, size_t num_data)
+{
+ unsigned char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE];
+ int nblocks = 0, blockno;
+ size_t input_length, i;
+ struct iov_block_state input_pos, output_pos;
+
+ if (key->cache == NULL) {
+ key->cache = malloc(sizeof(struct camellia_key_info_cache));
+ if (key->cache == NULL)
+ return ENOMEM;
+ CACHE(key)->enc_ctx.keybitlen = CACHE(key)->dec_ctx.keybitlen = 0;
+ }
+ if (CACHE(key)->enc_ctx.keybitlen == 0) {
+ if (camellia_enc_key(key->keyblock.contents, key->keyblock.length,
+ &CACHE(key)->enc_ctx) != camellia_good)
+ abort();
+ }
+ if (ivec != NULL)
+ memcpy(tmp, ivec->data, BLOCK_SIZE);
+ else
+ memset(tmp, 0, BLOCK_SIZE);
+
+ for (i = 0, input_length = 0; i < num_data; i++) {
+ krb5_crypto_iov *iov = &data[i];
+
+ if (ENCRYPT_IOV(iov))
+ input_length += iov->data.length;
+ }
+
+ IOV_BLOCK_STATE_INIT(&input_pos);
+ IOV_BLOCK_STATE_INIT(&output_pos);
+
+ nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+ if (nblocks == 1) {
+ krb5int_c_iov_get_block(tmp, BLOCK_SIZE, data, num_data, &input_pos);
+ enc(tmp2, tmp, &CACHE(key)->enc_ctx);
+ krb5int_c_iov_put_block(data, num_data, tmp2, BLOCK_SIZE, &output_pos);
+ } else if (nblocks > 1) {
+ unsigned char blockN2[BLOCK_SIZE]; /* second last */
+ unsigned char blockN1[BLOCK_SIZE]; /* last block */
+
+ for (blockno = 0; blockno < nblocks - 2; blockno++) {
+ unsigned char blockN[BLOCK_SIZE], *block;
+
+ krb5int_c_iov_get_block_nocopy(blockN, BLOCK_SIZE,
+ data, num_data, &input_pos, &block);
+ xorblock(tmp, block);
+ enc(block, tmp, &CACHE(key)->enc_ctx);
+ krb5int_c_iov_put_block_nocopy(data, num_data, blockN, BLOCK_SIZE,
+ &output_pos, block);
+
+ /* Set up for next block. */
+ memcpy(tmp, block, BLOCK_SIZE);
+ }
+
+ /* Do final CTS step for last two blocks (the second of which
+ may or may not be incomplete). */
+
+ /* First, get the last two blocks */
+ memset(blockN1, 0, sizeof(blockN1)); /* pad last block with zeros */
+ krb5int_c_iov_get_block(blockN2, BLOCK_SIZE, data, num_data,
+ &input_pos);
+ krb5int_c_iov_get_block(blockN1, BLOCK_SIZE, data, num_data,
+ &input_pos);
+
+ /* Encrypt second last block */
+ xorblock(tmp, blockN2);
+ enc(tmp2, tmp, &CACHE(key)->enc_ctx);
+ memcpy(blockN2, tmp2, BLOCK_SIZE); /* blockN2 now contains first block */
+ memcpy(tmp, tmp2, BLOCK_SIZE);
+
+ /* Encrypt last block */
+ xorblock(tmp, blockN1);
+ enc(tmp2, tmp, &CACHE(key)->enc_ctx);
+ memcpy(blockN1, tmp2, BLOCK_SIZE);
+
+ /* Put the last two blocks back into the iovec (reverse order) */
+ krb5int_c_iov_put_block(data, num_data, blockN1, BLOCK_SIZE,
+ &output_pos);
+ krb5int_c_iov_put_block(data, num_data, blockN2, BLOCK_SIZE,
+ &output_pos);
+
+ if (ivec != NULL)
+ memcpy(ivec->data, blockN1, BLOCK_SIZE);
+ }
+
+ return 0;
+}
+
+static krb5_error_code
+krb5int_camellia_decrypt(krb5_key key, const krb5_data *ivec,
+ krb5_crypto_iov *data, size_t num_data)
+{
+ unsigned char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE];
+ int nblocks = 0, blockno;
+ unsigned int i;
+ size_t input_length;
+ struct iov_block_state input_pos, output_pos;
+
+ if (key->cache == NULL) {
+ key->cache = malloc(sizeof(struct camellia_key_info_cache));
+ if (key->cache == NULL)
+ return ENOMEM;
+ CACHE(key)->enc_ctx.keybitlen = CACHE(key)->dec_ctx.keybitlen = 0;
+ }
+ if (CACHE(key)->dec_ctx.keybitlen == 0) {
+ if (camellia_dec_key(key->keyblock.contents, key->keyblock.length,
+ &CACHE(key)->dec_ctx) != camellia_good)
+ abort();
+ }
+
+ if (ivec != NULL)
+ memcpy(tmp, ivec->data, BLOCK_SIZE);
+ else
+ memset(tmp, 0, BLOCK_SIZE);
+
+ for (i = 0, input_length = 0; i < num_data; i++) {
+ krb5_crypto_iov *iov = &data[i];
+
+ if (ENCRYPT_IOV(iov))
+ input_length += iov->data.length;
+ }
+
+ IOV_BLOCK_STATE_INIT(&input_pos);
+ IOV_BLOCK_STATE_INIT(&output_pos);
+
+ nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+ if (nblocks == 1) {
+ krb5int_c_iov_get_block(tmp, BLOCK_SIZE, data, num_data, &input_pos);
+ dec(tmp2, tmp, &CACHE(key)->dec_ctx);
+ krb5int_c_iov_put_block(data, num_data, tmp2, BLOCK_SIZE, &output_pos);
+ } else if (nblocks > 1) {
+ unsigned char blockN2[BLOCK_SIZE]; /* second last */
+ unsigned char blockN1[BLOCK_SIZE]; /* last block */
+
+ for (blockno = 0; blockno < nblocks - 2; blockno++) {
+ unsigned char blockN[BLOCK_SIZE], *block;
+
+ krb5int_c_iov_get_block_nocopy(blockN, BLOCK_SIZE,
+ data, num_data, &input_pos, &block);
+ memcpy(tmp2, block, BLOCK_SIZE);
+ dec(block, block, &CACHE(key)->dec_ctx);
+ xorblock(block, tmp);
+ memcpy(tmp, tmp2, BLOCK_SIZE);
+ krb5int_c_iov_put_block_nocopy(data, num_data, blockN, BLOCK_SIZE,
+ &output_pos, block);
+ }
+
+ /* Do last two blocks, the second of which (next-to-last block
+ of plaintext) may be incomplete. */
+
+ /* First, get the last two encrypted blocks */
+ memset(blockN1, 0, sizeof(blockN1)); /* pad last block with zeros */
+ krb5int_c_iov_get_block(blockN2, BLOCK_SIZE, data, num_data,
+ &input_pos);
+ krb5int_c_iov_get_block(blockN1, BLOCK_SIZE, data, num_data,
+ &input_pos);
+
+ if (ivec != NULL)
+ memcpy(ivec->data, blockN2, BLOCK_SIZE);
+
+ /* Decrypt second last block */
+ dec(tmp2, blockN2, &CACHE(key)->dec_ctx);
+ /* Set tmp2 to last (possibly partial) plaintext block, and
+ save it. */
+ xorblock(tmp2, blockN1);
+ memcpy(blockN2, tmp2, BLOCK_SIZE);
+
+ /* Maybe keep the trailing part, and copy in the last
+ ciphertext block. */
+ input_length %= BLOCK_SIZE;
+ memcpy(tmp2, blockN1, input_length ? input_length : BLOCK_SIZE);
+ dec(tmp3, tmp2, &CACHE(key)->dec_ctx);
+ xorblock(tmp3, tmp);
+ memcpy(blockN1, tmp3, BLOCK_SIZE);
+
+ /* Put the last two blocks back into the iovec */
+ krb5int_c_iov_put_block(data, num_data, blockN1, BLOCK_SIZE,
+ &output_pos);
+ krb5int_c_iov_put_block(data, num_data, blockN2, BLOCK_SIZE,
+ &output_pos);
+ }
+
+ return 0;
+}
+
+krb5_error_code
+krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
+ size_t num_data, const krb5_data *iv,
+ krb5_data *output)
+{
+ camellia_ctx ctx;
+ unsigned char blockY[BLOCK_SIZE];
+ struct iov_block_state iov_state;
+
+ if (output->length < BLOCK_SIZE)
+ return KRB5_BAD_MSIZE;
+
+ if (camellia_enc_key(key->keyblock.contents,
+ key->keyblock.length, &ctx) != camellia_good)
+ abort();
+
+ if (iv != NULL)
+ memcpy(blockY, iv->data, BLOCK_SIZE);
+ else
+ memset(blockY, 0, BLOCK_SIZE);
+
+ IOV_BLOCK_STATE_INIT(&iov_state);
+ for (;;) {
+ unsigned char blockB[BLOCK_SIZE];
+
+ if (!krb5int_c_iov_get_block(blockB, BLOCK_SIZE, data, num_data,
+ &iov_state))
+ break;
+
+ xorblock(blockB, blockY);
+ if (camellia_enc_blk(blockB, blockY, &ctx) != camellia_good)
+ abort();
+ }
+
+ output->length = BLOCK_SIZE;
+ memcpy(output->data, blockY, BLOCK_SIZE);
+
+ return 0;
+}
+
+static krb5_error_code
+camellia_init_state(const krb5_keyblock *key, krb5_keyusage usage,
+ krb5_data *state)
+{
+ state->length = 16;
+ state->data = malloc(16);
+ if (state->data == NULL)
+ return ENOMEM;
+ memset(state->data, 0, state->length);
+ return 0;
+}
+
+const struct krb5_enc_provider krb5int_enc_camellia128 = {
+ 16,
+ 16, 16,
+ krb5int_camellia_encrypt,
+ krb5int_camellia_decrypt,
+ krb5int_camellia_cbc_mac,
+ krb5int_camellia_make_key,
+ camellia_init_state,
+ krb5int_default_free_state,
+};
+
+const struct krb5_enc_provider krb5int_enc_camellia256 = {
+ 16,
+ 32, 32,
+ krb5int_camellia_encrypt,
+ krb5int_camellia_decrypt,
+ krb5int_camellia_cbc_mac,
+ krb5int_camellia_make_key,
+ camellia_init_state,
+ krb5int_default_free_state
+};
+
+#else /* CAMELLIA */
+
+/* These won't be used, but are still in the export table. */
+
+krb5_error_code
+krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
+ size_t num_data, const krb5_data *iv,
+ krb5_data *output)
+{
+ return EINVAL;
+}
+
+const struct krb5_enc_provider krb5int_enc_camellia128 = {
+};
+
+#endif /* CAMELLIA */
Modified: branches/camellia-cts-cmac/src/lib/crypto/builtin/enc_provider/enc_provider.h
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/builtin/enc_provider/enc_provider.h 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/builtin/enc_provider/enc_provider.h 2010-11-10 00:03:48 UTC (rev 24514)
@@ -32,7 +32,7 @@
extern const struct krb5_enc_provider krb5int_enc_arcfour;
extern const struct krb5_enc_provider krb5int_enc_aes128;
extern const struct krb5_enc_provider krb5int_enc_aes256;
-#ifdef CAMELLIA_CCM
-extern const struct krb5_enc_provider krb5int_enc_camellia128_ctr;
-extern const struct krb5_enc_provider krb5int_enc_camellia256_ctr;
+#ifdef CAMELLIA
+extern const struct krb5_enc_provider krb5int_enc_camellia128;
+extern const struct krb5_enc_provider krb5int_enc_camellia256;
#endif
Modified: branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/Makefile.in
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/Makefile.in 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/Makefile.in 2010-11-10 00:03:48 UTC (rev 24514)
@@ -55,7 +55,7 @@
aes-test \
camellia-test \
t_mddriver4 t_mddriver \
- t_crc t_cts t_short t_str2key t_fork t_camellia_ccm
+ t_crc t_cts t_short t_str2key t_fork
$(RUN_SETUP) $(VALGRIND) ./t_nfold
$(RUN_SETUP) $(VALGRIND) ./t_encrypt
$(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output
@@ -75,14 +75,13 @@
$(RUN_SETUP) $(VALGRIND) ./aes-test > vt.txt
cmp vt.txt $(srcdir)/expect-vt.txt
$(RUN_SETUP) $(VALGRIND) ./camellia-test > camellia-vt.txt
-# Enable this when Camellia-CCM becomes unconditional.
+# Enable this when Camellia becomes unconditional.
# cmp camellia-vt.txt $(srcdir)/camellia-expect-vt.txt
$(RUN_SETUP) $(VALGRIND) $(C)t_mddriver4 -x
$(RUN_SETUP) $(VALGRIND) $(C)t_mddriver -x
$(RUN_SETUP) $(VALGRIND) ./t_short
$(RUN_SETUP) $(VALGRIND) ./t_str2key
$(RUN_SETUP) $(VALGRIND) ./t_fork
- $(RUN_SETUP) $(VALGRIND) ./t_camellia_ccm
@@ -163,9 +162,6 @@
t_fork$(EXEEXT): t_fork.$(OBJEXT) $(SUPPORT_DEPLIB)
$(CC_LINK) -o $@ t_fork.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB)
-t_camellia_ccm$(EXEEXT): t_camellia_ccm.$(OBJEXT) $(SUPPORT_DEPLIB)
- $(CC_LINK) -o $@ t_camellia_ccm.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB)
-
ytest: ytest.o shs.o $(SUPPORT_DEPLIB) $(CRYPTO_DEPLIB)
$(CC_LINK) -o ytest ytest.o $(SUPPORT_LIB) $(CRYPTO_DEPLIB)
@@ -181,7 +177,7 @@
t_mddriver4.o t_mddriver4 t_mddriver.o t_mddriver \
t_cksum4 t_cksum4.o t_cksum5 t_cksum5.o \
t_kperf.o t_kperf t_short t_short.o t_str2key t_str2key.o \
- t_fork t_fork.o t_camellia_ccm t_camellia_ccm.o \
+ t_fork t_fork.o \
t_mddriver$(EXEEXT) $(OUTPRE)t_mddriver.$(OBJEXT)
-$(RM) t_prng.output
Modified: branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/camellia-test.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/camellia-test.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/camellia-test.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -31,7 +31,7 @@
#include <stdio.h>
#include "k5-int.h"
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
static char key[32];
static char plain[16], cipher[16], zero[16];
@@ -125,11 +125,11 @@
vt_test_1(32);
}
-#endif /* CAMELLIA_CCM */
+#endif /* CAMELLIA */
int main (int argc, char *argv[])
{
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
if (argc > 2 || (argc == 2 && strcmp(argv[1], "-k"))) {
fprintf(stderr,
"usage:\t%s -k\tfor variable-key tests\n"
@@ -142,6 +142,6 @@
vk_test();
else
vt_test();
-#endif /* CAMELLIA_CCM */
+#endif /* CAMELLIA */
return 0;
}
Modified: branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_cmac.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_cmac.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_cmac.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -42,7 +42,7 @@
#include "enc_provider.h"
#include "cksumtypes.h"
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
/* All examples use the following Camellia-128 key. */
static unsigned char keybytes[] = {
@@ -100,23 +100,23 @@
}
}
-#endif /* CAMELLIA_CCM */
+#endif /* CAMELLIA */
int
main(int argc, char **argv)
{
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
krb5_context context = NULL;
krb5_keyblock keyblock;
krb5_key key;
- const struct krb5_enc_provider *enc = &krb5int_enc_camellia128_ctr;
+ const struct krb5_enc_provider *enc = &krb5int_enc_camellia128;
krb5_crypto_iov iov;
unsigned char resultbuf[16];
krb5_data result = make_data(resultbuf, 16);
/* Create the example key. */
keyblock.magic = KV5M_KEYBLOCK;
- keyblock.enctype = ENCTYPE_CAMELLIA128_CCM_128;
+ keyblock.enctype = ENCTYPE_CAMELLIA128_CTS_CMAC;
keyblock.length = 16;
keyblock.contents = keybytes;
assert(krb5_k_create_key(context, &keyblock, &key) == 0);
@@ -144,6 +144,6 @@
printf("All CMAC tests passed.\n");
krb5_k_free_key(context, key);
-#endif /* CAMELLIA_CCM */
+#endif /* CAMELLIA */
return 0;
}
Modified: branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_encrypt.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_encrypt.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_encrypt.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -45,9 +45,9 @@
ENCTYPE_ARCFOUR_HMAC_EXP,
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-#ifdef CAMELLIA_CCM
- ENCTYPE_CAMELLIA128_CCM_128,
- ENCTYPE_CAMELLIA256_CCM_128,
+#ifdef CAMELLIA
+ ENCTYPE_CAMELLIA128_CTS_CMAC,
+ ENCTYPE_CAMELLIA256_CTS_CMAC,
#endif
0
};
Modified: branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_short.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_short.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_short.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -41,9 +41,9 @@
ENCTYPE_ARCFOUR_HMAC_EXP,
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-#ifdef CAMELLIA_CCM
- ENCTYPE_CAMELLIA128_CCM_128,
- ENCTYPE_CAMELLIA256_CCM_128,
+#ifdef CAMELLIA
+ ENCTYPE_CAMELLIA128_CTS_CMAC,
+ ENCTYPE_CAMELLIA256_CTS_CMAC,
#endif
0
};
Modified: branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_str2key.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_str2key.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/crypto_tests/t_str2key.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -158,128 +158,128 @@
"\x57\x18\x48\xB7\x84\xA3\xD6\xBD\xC3\x46\x58\x9A\x3E\x39\x3F\x9E" }
},
-#ifdef CAMELLIA_CCM
- /* The same inputs applied to camellia-ccm enctypes. */
+#ifdef CAMELLIA
+ /* The same inputs applied to Camellia enctypes. */
{
- ENCTYPE_CAMELLIA128_CCM_128,
+ ENCTYPE_CAMELLIA128_CTS_CMAC,
"password",
"ATHENA.MIT.EDUraeburn",
{ KV5M_DATA, 4, "\0\0\0\1" },
{ KV5M_DATA, 16,
- "\xF0\x10\x02\xD2\xB1\xF9\xA1\xAD\xE2\x57\xEE\xF7\x52\x9C\x2A\x16" }
+ "\x01\xCD\x91\xED\x3E\x06\x7D\x3D\xA1\x3C\x13\xA4\xBB\xEC\xFC\xAE" }
},
{
- ENCTYPE_CAMELLIA256_CCM_128,
+ ENCTYPE_CAMELLIA256_CTS_CMAC,
"password",
"ATHENA.MIT.EDUraeburn",
{ KV5M_DATA, 4, "\0\0\0\1" },
{ KV5M_DATA, 32,
- "\xD7\xEF\x37\xE2\xD1\x05\x5E\xB7\xD7\x6B\x06\x39\x6E\xF7\x00\x52"
- "\x3D\xA4\xB0\xB7\xA0\x53\xF5\xCC\x5F\xAE\x4A\x39\xCF\xC5\x75\x0F" }
+ "\xC2\x21\x09\x04\x02\x9D\x7C\x23\xD4\x85\x7B\xA9\x6E\xC4\x8C\xE5"
+ "\x5F\xB6\x07\x69\x4A\xFC\x4F\xE4\xFD\x3A\x18\xB0\xD8\x02\x8D\xCB" }
},
{
- ENCTYPE_CAMELLIA128_CCM_128,
+ ENCTYPE_CAMELLIA128_CTS_CMAC,
"password",
"ATHENA.MIT.EDUraeburn",
{ KV5M_DATA, 4, "\0\0\0\2" },
{ KV5M_DATA, 16,
- "\xDD\x74\x90\xC0\x57\x4A\x44\x6B\x10\x3A\xB3\x1B\x6D\xE4\x77\x4F" }
+ "\xF7\x45\xEE\x4A\xA0\x4B\x0E\xAC\x30\x82\x25\xF3\xDB\xE0\x6C\xB4" }
},
{
- ENCTYPE_CAMELLIA256_CCM_128,
+ ENCTYPE_CAMELLIA256_CTS_CMAC,
"password",
"ATHENA.MIT.EDUraeburn",
{ KV5M_DATA, 4, "\0\0\0\2" },
{ KV5M_DATA, 32,
- "\x68\xC1\x64\x74\x09\x42\x8F\x59\x47\x9B\x26\xC3\x98\x6D\x5B\xB8"
- "\x66\x1C\xDE\x3C\x66\x79\xA0\xF5\x2C\x89\x01\xBD\x78\xDC\xEB\xA2" }
+ "\x31\x79\x77\x0E\x5F\x2E\xDD\x28\xFE\x11\x21\xB9\x17\xCF\xA7\x48"
+ "\x0C\xA6\x73\x63\x67\x17\xFC\x74\xCB\x23\x4A\x84\x1B\xA9\x0F\xAF" }
},
{
- ENCTYPE_CAMELLIA128_CCM_128,
+ ENCTYPE_CAMELLIA128_CTS_CMAC,
"password",
"ATHENA.MIT.EDUraeburn",
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 16,
- "\x1A\xA9\x0A\xA6\x1E\x0B\x3C\xB8\x6A\xA5\xA7\x7E\xD8\x44\x9D\x3B" }
+ "\x12\xCA\xCB\x5B\xFD\xD2\x46\x88\xCF\x8C\x48\xFB\x01\x4E\x9F\xCD" }
},
{
- ENCTYPE_CAMELLIA256_CCM_128,
+ ENCTYPE_CAMELLIA256_CTS_CMAC,
"password",
"ATHENA.MIT.EDUraeburn",
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 32,
- "\xF8\x29\xBC\xE4\xBB\xB1\xA2\x4B\x01\xA0\xE8\xB1\xA7\x09\x52\x0A"
- "\x61\x38\xE9\xAF\xE5\x13\x84\x59\xB2\x0B\xAC\xCA\xB2\x4D\x5F\xAA" }
+ "\xE8\x50\x13\x56\xD1\x94\x84\x7B\xB2\x92\x14\xF8\x8E\x76\xB6\x36"
+ "\x0B\x5C\x1F\x91\xB9\xE1\xD7\x9B\xD7\x99\x3A\x4B\x8E\x73\x0A\x55" }
},
{
- ENCTYPE_CAMELLIA128_CCM_128,
+ ENCTYPE_CAMELLIA128_CTS_CMAC,
"password",
"\x12\x34\x56\x78\x78\x56\x34\x12",
{ KV5M_DATA, 4, "\0\0\0\5" },
{ KV5M_DATA, 16,
- "\x35\x70\xC6\x68\x0D\xC6\xE9\xB0\x2E\x01\x28\x8B\xD0\xD2\xB6\x9B" }
+ "\xE7\x88\xB8\x1C\x48\x92\x51\x89\x5A\x6D\x2A\xAE\x0B\x79\xAE\x50" }
},
{
- ENCTYPE_CAMELLIA256_CCM_128,
+ ENCTYPE_CAMELLIA256_CTS_CMAC,
"password",
"\x12\x34\x56\x78\x78\x56\x34\x12",
{ KV5M_DATA, 4, "\0\0\0\5" },
{ KV5M_DATA, 32,
- "\x40\xB3\xB7\xC8\xF9\xC3\xB8\x65\x18\x10\xDC\x28\x42\x2D\x5F\x6D"
- "\x10\xA6\xB3\xE9\xE1\x2A\x71\xFF\xA6\x35\x41\x08\x4A\xFA\x2C\xA2" }
+ "\xB5\x04\xFD\xB2\x5A\xE5\x77\x92\x02\xAE\xE2\x85\x4B\x7D\xE5\xFD"
+ "\xF3\x62\x7F\xEF\x7B\x48\x2F\xB4\x77\xD4\xFA\x9C\xE7\x31\x0E\xF0" }
},
{
- ENCTYPE_CAMELLIA128_CCM_128,
+ ENCTYPE_CAMELLIA128_CTS_CMAC,
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"pass phrase equals block size",
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 16,
- "\xFF\x99\x18\x52\x84\x8E\x67\x50\x4C\x09\x4F\x94\x68\xC9\xD6\x05" }
+ "\xC4\x3F\x01\x7B\x6D\x13\x51\xF4\xD0\xBF\x0F\x4A\x75\xB1\xF1\xD2" }
},
{
- ENCTYPE_CAMELLIA256_CCM_128,
+ ENCTYPE_CAMELLIA256_CTS_CMAC,
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"pass phrase equals block size",
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 32,
- "\x56\x5C\x0A\x29\xC0\x58\xCD\xDC\x3C\xD8\xA9\xF3\x0A\x92\xAA\xD7"
- "\xFE\x30\xEA\xD4\x16\xC1\x51\xAA\x9B\x54\x75\x56\x62\xF0\x95\xDD" }
+ "\x38\xF7\xFC\x25\xD6\x7E\x41\xAC\xDD\xDB\xC0\x5F\x66\xAE\x11\x13"
+ "\x22\x53\x47\xDC\xBC\x24\x67\xF2\x09\xA9\x7E\x0A\xFB\x30\xDE\x9D" }
},
{
- ENCTYPE_CAMELLIA128_CCM_128,
+ ENCTYPE_CAMELLIA128_CTS_CMAC,
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"pass phrase exceeds block size",
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 16,
- "\xAC\x83\x28\x64\x10\xA2\x8C\x76\x64\x79\x60\xF6\xA0\x37\x88\x03" }
+ "\xD9\xC3\x63\xF7\xED\x5E\x4B\x9A\x17\x8F\xF4\xD8\x4B\x3E\x51\x73" }
},
{
- ENCTYPE_CAMELLIA256_CCM_128,
+ ENCTYPE_CAMELLIA256_CTS_CMAC,
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"pass phrase exceeds block size",
{ KV5M_DATA, 4, "\0\0\x04\xB0" }, /* 1200 */
{ KV5M_DATA, 32,
- "\xD3\x25\x4A\x5B\x45\x1F\x27\x9C\x1A\xD6\x29\x3E\x72\xF0\x69\x55"
- "\xEB\xFF\x36\xB6\x47\xDF\x97\x48\x97\x18\xD7\x5C\xF0\x6C\x40\x7C" }
+ "\x0D\x88\xB2\xB3\x47\xD6\x79\xDA\xD2\xFF\xAE\x25\x6B\x64\xAD\x9A"
+ "\x0F\x09\xB9\x16\x5E\xA8\x32\xB4\x01\xB4\x55\x31\xB9\xE0\xE3\x05" }
},
{
- ENCTYPE_CAMELLIA128_CCM_128,
+ ENCTYPE_CAMELLIA128_CTS_CMAC,
"\xf0\x9d\x84\x9e",
"EXAMPLE.COMpianist",
{ KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */
{ KV5M_DATA, 16,
- "\x5D\xBD\x71\x57\x09\x38\x59\x81\xDA\xAB\xA2\x8A\x43\x10\xD7\x20" }
+ "\xF1\x64\xCF\xBB\xC3\x27\xE1\x70\x34\x93\x40\x92\xDC\xEA\x61\x5B" }
},
{
- ENCTYPE_CAMELLIA256_CCM_128,
+ ENCTYPE_CAMELLIA256_CTS_CMAC,
"\xf0\x9d\x84\x9e",
"EXAMPLE.COMpianist",
{ KV5M_DATA, 4, "\0\0\0\x32" }, /* 50 */
{ KV5M_DATA, 32,
- "\x6A\x1F\x10\xE5\x74\x4E\x32\xDD\x33\x49\x03\xA8\xEB\xD1\x42\x7E"
- "\x4C\x8D\x3D\x6D\xA5\x76\x77\x50\x4C\x38\x4C\x24\x33\x0B\x60\x3D" }
+ "\xBC\xD7\x5F\x07\x22\x5F\x25\xEC\xD4\x35\xA1\x74\x68\xE9\xAD\x64"
+ "\x49\x83\x63\xF7\x87\xD1\xAE\xE9\x2A\xFE\xA9\xCB\x5C\x95\xEE\xAB" }
}
-#endif /* CAMELLIA_CCM */
+#endif /* CAMELLIA */
};
static void
@@ -288,9 +288,9 @@
unsigned int i;
for (i = 0; i < keyblock->length; i++) {
- printf("%02X", keyblock->contents[i]);
- if (i + 1 < keyblock->length)
- printf(" ");
+ printf("\\x%02X", keyblock->contents[i]);
+/* if (i + 1 < keyblock->length)
+ printf(" "); */
}
printf("\n");
}
Modified: branches/camellia-cts-cmac/src/lib/crypto/krb/checksum/cmac.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/krb/checksum/cmac.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/krb/checksum/cmac.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -45,7 +45,7 @@
#include "etypes.h"
#include "cksumtypes.h"
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
#define BLOCK_SIZE 16
@@ -226,7 +226,7 @@
return 0;
}
-#else /* CAMELLIA_CCM */
+#else /* CAMELLIA */
/* This won't be used, but is still in the export table. */
@@ -238,4 +238,4 @@
return EINVAL;
}
-#endif /* CAMELLIA_CCM */
+#endif /* CAMELLIA */
Modified: branches/camellia-cts-cmac/src/lib/crypto/krb/cksumtypes.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/krb/cksumtypes.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/krb/cksumtypes.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -105,19 +105,19 @@
krb5int_hmacmd5_checksum, NULL,
16, 16, 0 },
-#ifdef CAMELLIA_CCM
- { CKSUMTYPE_CMAC_128_CAMELLIA128,
- "cmac-128-camellia128", { 0 }, "CMAC Camellia128 key",
- &krb5int_enc_camellia128_ctr, NULL,
+#ifdef CAMELLIA
+ { CKSUMTYPE_CMAC_CAMELLIA128,
+ "cmac-camellia128", { 0 }, "CMAC Camellia128 key",
+ &krb5int_enc_camellia128, NULL,
krb5int_dk_cmac_checksum, NULL,
16, 16, 0 },
- { CKSUMTYPE_CMAC_128_CAMELLIA256,
- "cmac-128-camellia256", { 0 }, "CMAC Camellia256 key",
- &krb5int_enc_camellia256_ctr, NULL,
+ { CKSUMTYPE_CMAC_CAMELLIA256,
+ "cmac-camellia256", { 0 }, "CMAC Camellia256 key",
+ &krb5int_enc_camellia256, NULL,
krb5int_dk_cmac_checksum, NULL,
16, 16, 0 },
-#endif /* CAMELLIA_CCM */
+#endif /* CAMELLIA */
};
const size_t krb5int_cksumtypes_length =
Modified: branches/camellia-cts-cmac/src/lib/crypto/krb/dk/Makefile.in
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/krb/dk/Makefile.in 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/krb/dk/Makefile.in 2010-11-10 00:03:48 UTC (rev 24514)
@@ -14,7 +14,7 @@
checksum_hmac.o \
checksum_cmac.o \
dk_aead.o \
- dk_ccm.o \
+ dk_cmac.o \
derive.o \
stringtokey.o
@@ -22,7 +22,7 @@
$(OUTPRE)checksum_hmac.$(OBJEXT)\
$(OUTPRE)checksum_cmac.$(OBJEXT)\
$(OUTPRE)dk_aead.$(OBJEXT) \
- $(OUTPRE)dk_ccm.$(OBJEXT) \
+ $(OUTPRE)dk_cmac.$(OBJEXT) \
$(OUTPRE)derive.$(OBJEXT) \
$(OUTPRE)stringtokey.$(OBJEXT)
@@ -30,7 +30,7 @@
$(srcdir)/checksum_hmac.c \
$(srcdir)/checksum_cmac.c \
$(srcdir)/dk_aead.c \
- $(srcdir)/dk_ccm.c \
+ $(srcdir)/dk_cmac.c \
$(srcdir)/derive.c \
$(srcdir)/stringtokey.c
Modified: branches/camellia-cts-cmac/src/lib/crypto/krb/dk/checksum_cmac.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/krb/dk/checksum_cmac.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/krb/dk/checksum_cmac.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -32,7 +32,7 @@
#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
krb5_error_code
krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp,
@@ -63,4 +63,4 @@
return ret;
}
-#endif /* CAMELLIA_CCM */
+#endif /* CAMELLIA */
Modified: branches/camellia-cts-cmac/src/lib/crypto/krb/dk/derive.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/krb/dk/derive.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/krb/dk/derive.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -129,7 +129,7 @@
return ret;
}
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
/*
* NIST SP800-108 KDF in feedback mode (section 5.2).
@@ -206,7 +206,7 @@
return ret;
}
-#endif /* CAMELLIA_CCM */
+#endif /* CAMELLIA */
krb5_error_code
krb5int_derive_random(const struct krb5_enc_provider *enc,
@@ -216,7 +216,7 @@
switch (alg) {
case DERIVE_RFC3961:
return derive_random_rfc3961(enc, inkey, outrnd, in_constant);
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
case DERIVE_SP800_108_CMAC:
return derive_random_sp800_108_cmac(enc, inkey, outrnd, in_constant);
#endif
Modified: branches/camellia-cts-cmac/src/lib/crypto/krb/dk/dk.h
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/krb/dk/dk.h 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/krb/dk/dk.h 2010-11-10 00:03:48 UTC (rev 24514)
@@ -37,6 +37,9 @@
krb5int_aes_crypto_length(const struct krb5_keytypes *ktp,
krb5_cryptotype type);
+unsigned int
+krb5int_camellia_crypto_length(const struct krb5_keytypes *ktp,
+ krb5_cryptotype type);
krb5_error_code
krb5int_dk_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
krb5_keyusage usage, const krb5_data *ivec,
@@ -58,15 +61,15 @@
const krb5_data *params, krb5_keyblock *key);
krb5_error_code
-krb5int_camellia_ccm_string_to_key(const struct krb5_keytypes *enc,
- const krb5_data *string,
- const krb5_data *salt,
- const krb5_data *params,
- krb5_keyblock *key);
+krb5int_camellia_string_to_key(const struct krb5_keytypes *enc,
+ const krb5_data *string,
+ const krb5_data *salt,
+ const krb5_data *params,
+ krb5_keyblock *key);
enum deriv_alg {
DERIVE_RFC3961, /* RFC 3961 section 5.1 */
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
DERIVE_SP800_108_CMAC /* NIST SP 800-108 with CMAC as PRF */
#endif
};
@@ -92,36 +95,20 @@
krb5_key inkey, krb5_data *outrnd,
const krb5_data *in_constant, enum deriv_alg alg);
-unsigned int
-krb5int_dk_ccm_crypto_length(const struct krb5_keytypes *ktp,
- krb5_cryptotype type);
-
krb5_error_code
-krb5int_dk_ccm_encrypt(const struct krb5_keytypes *ktp,
- krb5_key key,
- krb5_keyusage usage,
- const krb5_data *ivec,
- krb5_crypto_iov *data,
- size_t num_data);
+krb5int_dk_cmac_encrypt(const struct krb5_keytypes *ktp,
+ krb5_key key, krb5_keyusage usage,
+ const krb5_data *ivec, krb5_crypto_iov *data,
+ size_t num_data);
krb5_error_code
-krb5int_dk_ccm_decrypt(const struct krb5_keytypes *ktp,
- krb5_key key,
- krb5_keyusage usage,
- const krb5_data *ivec,
- krb5_crypto_iov *data,
- size_t num_data);
+krb5int_dk_cmac_decrypt(const struct krb5_keytypes *ktp,
+ krb5_key key, krb5_keyusage usage,
+ const krb5_data *ivec, krb5_crypto_iov *data,
+ size_t num_data);
krb5_error_code
krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp,
krb5_key key, krb5_keyusage usage,
const krb5_crypto_iov *data, size_t num_data,
krb5_data *output);
-
-krb5_error_code
-krb5int_dk_ccm_init_state(const struct krb5_keytypes *ktp,
- const krb5_keyblock *key, krb5_keyusage usage,
- krb5_data *out_state);
-
-void
-krb5int_dk_ccm_free_state(const struct krb5_keytypes *ktp, krb5_data *state);
Added: branches/camellia-cts-cmac/src/lib/crypto/krb/dk/dk_cmac.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/krb/dk/dk_cmac.c (rev 0)
+++ branches/camellia-cts-cmac/src/lib/crypto/krb/dk/dk_cmac.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -0,0 +1,188 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* lib/crypto/dk/dk_cmac.c - Derived-key enctype functions using CMAC */
+/*
+ * Copyright 2008, 2009, 2010 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+
+#include "k5-int.h"
+#include "dk.h"
+#include "aead.h"
+
+#ifdef CAMELLIA
+
+#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
+
+/* AEAD */
+
+unsigned int
+krb5int_camellia_crypto_length(const struct krb5_keytypes *ktp,
+ krb5_cryptotype type)
+{
+ switch (type) {
+ case KRB5_CRYPTO_TYPE_HEADER:
+ return ktp->enc->block_size;
+ case KRB5_CRYPTO_TYPE_PADDING:
+ return 0;
+ case KRB5_CRYPTO_TYPE_TRAILER:
+ case KRB5_CRYPTO_TYPE_CHECKSUM:
+ return ktp->enc->block_size;
+ default:
+ assert(0 && "bad type passed to krb5int_camellia_crypto_length");
+ return 0;
+ }
+}
+
+/* Derive encryption and integrity keys for CMAC-using enctypes. */
+static krb5_error_code
+derive_keys(const struct krb5_enc_provider *enc, krb5_key key,
+ krb5_keyusage usage, krb5_key *ke_out, krb5_key *ki_out)
+{
+ krb5_error_code ret;
+ unsigned char buf[K5CLENGTH];
+ krb5_data constant = make_data(buf, K5CLENGTH);
+ krb5_key ke, ki;
+
+ *ke_out = *ki_out = NULL;
+
+ /* Derive the encryption key. */
+ store_32_be(usage, buf);
+ buf[4] = 0xAA;
+ ret = krb5int_derive_key(enc, key, &ke, &constant, DERIVE_SP800_108_CMAC);
+ if (ret != 0)
+ return ret;
+
+ /* Derive the integrity key. */
+ buf[4] = 0x55;
+ ret = krb5int_derive_key(enc, key, &ki, &constant, DERIVE_SP800_108_CMAC);
+ if (ret != 0) {
+ krb5_k_free_key(NULL, ke);
+ return ret;
+ }
+
+ *ke_out = ke;
+ *ki_out = ki;
+ return 0;
+}
+
+krb5_error_code
+krb5int_dk_cmac_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
+ krb5_keyusage usage, const krb5_data *ivec,
+ krb5_crypto_iov *data, size_t num_data)
+{
+ const struct krb5_enc_provider *enc = ktp->enc;
+ krb5_error_code ret;
+ krb5_crypto_iov *header, *trailer, *padding;
+ krb5_data cksum = empty_data();
+ krb5_key ke = NULL, ki = NULL;
+
+ /* E(Confounder | Plaintext | Pad) | Checksum */
+
+ /* Validate header and trailer lengths, and zero out padding length. */
+ header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+ if (header == NULL || header->data.length < enc->block_size)
+ return KRB5_BAD_MSIZE;
+ trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+ if (trailer == NULL || trailer->data.length < enc->block_size)
+ return KRB5_BAD_MSIZE;
+ padding = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_PADDING);
+ if (padding != NULL)
+ padding->data.length = 0;
+
+ /* Derive the encryption and integrity keys. */
+ ret = derive_keys(enc, key, usage, &ke, &ki);
+ if (ret != 0)
+ goto cleanup;
+
+ /* Generate confounder. */
+ header->data.length = enc->block_size;
+ ret = krb5_c_random_make_octets(NULL, &header->data);
+ if (ret != 0)
+ goto cleanup;
+
+ /* Checksum the plaintext. */
+ ret = krb5int_cmac_checksum(enc, ki, data, num_data, &trailer->data);
+ if (ret != 0)
+ goto cleanup;
+
+ /* Encrypt the plaintext (header | data | padding) */
+ ret = enc->encrypt(ke, ivec, data, num_data);
+ if (ret != 0)
+ goto cleanup;
+
+cleanup:
+ krb5_k_free_key(NULL, ke);
+ krb5_k_free_key(NULL, ki);
+ zapfree(cksum.data, cksum.length);
+ return ret;
+}
+
+krb5_error_code
+krb5int_dk_cmac_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
+ krb5_keyusage usage, const krb5_data *ivec,
+ krb5_crypto_iov *data, size_t num_data)
+{
+ const struct krb5_enc_provider *enc = ktp->enc;
+ krb5_error_code ret;
+ krb5_crypto_iov *header, *trailer;
+ krb5_data cksum;
+ krb5_key ke = NULL, ki = NULL;
+
+ /* E(Confounder | Plaintext | Pad) | Checksum */
+
+ /* Validate header and trailer lengths. */
+ header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+ if (header == NULL || header->data.length != enc->block_size)
+ return KRB5_BAD_MSIZE;
+ trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+ if (trailer == NULL || trailer->data.length != enc->block_size)
+ return KRB5_BAD_MSIZE;
+
+ /* Derive the encryption and integrity keys. */
+ ret = derive_keys(enc, key, usage, &ke, &ki);
+ if (ret != 0)
+ goto cleanup;
+
+ /* Decrypt the plaintext (header | data | padding). */
+ ret = enc->decrypt(ke, ivec, data, num_data);
+ if (ret != 0)
+ goto cleanup;
+
+ /* Verify the hash. */
+ ret = alloc_data(&cksum, enc->block_size);
+ if (ret != 0)
+ goto cleanup;
+ ret = krb5int_cmac_checksum(enc, ki, data, num_data, &cksum);
+ if (ret != 0)
+ goto cleanup;
+ if (!data_eq(cksum, trailer->data))
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+
+cleanup:
+ krb5_k_free_key(NULL, ke);
+ krb5_k_free_key(NULL, ki);
+ zapfree(cksum.data, cksum.length);
+ return ret;
+}
+
+#endif /* CAMELLIA */
Modified: branches/camellia-cts-cmac/src/lib/crypto/krb/dk/stringtokey.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/krb/dk/stringtokey.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/krb/dk/stringtokey.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -185,13 +185,13 @@
DERIVE_RFC3961);
}
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
krb5_error_code
-krb5int_camellia_ccm_string_to_key(const struct krb5_keytypes *ktp,
- const krb5_data *string,
- const krb5_data *salt,
- const krb5_data *params,
- krb5_keyblock *key)
+krb5int_camellia_string_to_key(const struct krb5_keytypes *ktp,
+ const krb5_data *string,
+ const krb5_data *salt,
+ const krb5_data *params,
+ krb5_keyblock *key)
{
krb5_data pepper = string2data(ktp->name);
Modified: branches/camellia-cts-cmac/src/lib/crypto/krb/etypes.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/krb/etypes.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/krb/etypes.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -164,30 +164,32 @@
krb5int_init_state_enc, krb5int_free_state_enc,
CKSUMTYPE_HMAC_SHA1_96_AES256,
0 /*flags*/ },
-#ifdef CAMELLIA_CCM
- { ENCTYPE_CAMELLIA128_CCM_128,
- "camellia128-ccm-128", { "camellia128-ccm" },
- "Camellia-128 CCM mode with 128-bit MAC",
- &krb5int_enc_camellia128_ctr, NULL,
+#ifdef CAMELLIA
+ { ENCTYPE_CAMELLIA128_CTS_CMAC,
+ "camellia128-cts-cmac", { "camellia128-cts" },
+ "Camellia-128 CTS mode with CMAC",
+ &krb5int_enc_camellia128, NULL,
16,
- krb5int_dk_ccm_crypto_length, krb5int_dk_ccm_encrypt, krb5int_dk_ccm_decrypt,
- krb5int_camellia_ccm_string_to_key,
+ krb5int_camellia_crypto_length,
+ krb5int_dk_cmac_encrypt, krb5int_dk_cmac_decrypt,
+ krb5int_camellia_string_to_key,
krb5int_dk_cmac_prf,
- krb5int_dk_ccm_init_state, krb5int_dk_ccm_free_state,
- CKSUMTYPE_CMAC_128_CAMELLIA128,
+ krb5int_init_state_enc, krb5int_free_state_enc,
+ CKSUMTYPE_CMAC_CAMELLIA128,
0 /*flags*/ },
- { ENCTYPE_CAMELLIA256_CCM_128,
- "camellia256-ccm-128", { "camellia256-ccm" },
- "Camellia-256 CCM mode with 128-bit MAC",
- &krb5int_enc_camellia256_ctr, NULL,
+ { ENCTYPE_CAMELLIA256_CTS_CMAC,
+ "camellia256-cts-cmac", { "camellia256-cts" },
+ "Camellia-256 CTS mode with CMAC",
+ &krb5int_enc_camellia256, NULL,
16,
- krb5int_dk_ccm_crypto_length, krb5int_dk_ccm_encrypt, krb5int_dk_ccm_decrypt,
- krb5int_camellia_ccm_string_to_key,
+ krb5int_camellia_crypto_length,
+ krb5int_dk_cmac_encrypt, krb5int_dk_cmac_decrypt,
+ krb5int_camellia_string_to_key,
krb5int_dk_cmac_prf,
- krb5int_dk_ccm_init_state, krb5int_dk_ccm_free_state,
- CKSUMTYPE_CMAC_128_CAMELLIA256,
+ krb5int_init_state_enc, krb5int_free_state_enc,
+ CKSUMTYPE_CMAC_CAMELLIA256,
0 /*flags */ },
-#endif /* CAMELLIA_CCM */
+#endif /* CAMELLIA */
};
const int krb5int_enctypes_length =
Modified: branches/camellia-cts-cmac/src/lib/crypto/krb/prf/cmac_prf.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/krb/prf/cmac_prf.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/krb/prf/cmac_prf.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -33,7 +33,7 @@
#include "prf_int.h"
#include <dk.h>
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
krb5_error_code
krb5int_dk_cmac_prf(const struct krb5_keytypes *ktp, krb5_key key,
@@ -66,4 +66,4 @@
return ret;
}
-#endif /* CAMELLIA_CCM */
+#endif /* CAMELLIA */
Modified: branches/camellia-cts-cmac/src/lib/crypto/libk5crypto.exports
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/libk5crypto.exports 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/libk5crypto.exports 2010-11-10 00:03:48 UTC (rev 24514)
@@ -97,4 +97,4 @@
krb5int_arcfour_gsscrypt
krb5int_camellia_cbc_mac
krb5int_cmac_checksum
-krb5int_enc_camellia128_ctr
+krb5int_enc_camellia128
Modified: branches/camellia-cts-cmac/src/lib/crypto/nss/enc_provider/camellia.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/nss/enc_provider/camellia.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/nss/enc_provider/camellia.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -39,10 +39,9 @@
#include "aead.h"
#include "nss_gen.h"
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
-/* XXX These won't work yet (they're just the AES functions, which aren't right
- * for CTR mode). Will fix later. */
+/* XXX This still needs a cbc-mac function. */
krb5_error_code
krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec,
@@ -120,7 +119,7 @@
return EINVAL;
}
-const struct krb5_enc_provider krb5int_enc_camellia128_ctr = {
+const struct krb5_enc_provider krb5int_enc_camellia128 = {
};
#endif
Modified: branches/camellia-cts-cmac/src/lib/crypto/openssl/enc_provider/Makefile.in
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/openssl/enc_provider/Makefile.in 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/openssl/enc_provider/Makefile.in 2010-11-10 00:03:48 UTC (rev 24514)
@@ -21,7 +21,7 @@
des3.o \
rc4.o \
aes.o \
- camellia_ctr.o
+ camellia.o
OBJS= \
$(OUTPRE)des.$(OBJEXT) \
@@ -29,7 +29,6 @@
$(OUTPRE)aes.$(OBJEXT) \
$(OUTPRE)aes_ctr.$(OBJEXT) \
$(OUTPRE)camellia.$(OBJEXT) \
- $(OUTPRE)camellia_ctr.$(OBJEXT) \
$(OUTPRE)rc4.$(OBJEXT)
SRCS= \
@@ -38,7 +37,6 @@
$(srcdir)/aes.c \
$(srcdir)/aes_ctr.c \
$(srcdir)/camellia.c \
- $(srcdir)/camellia_ctr.c\
$(srcdir)/rc4.c
##DOS##LIBOBJS = $(OBJS)
Added: branches/camellia-cts-cmac/src/lib/crypto/openssl/enc_provider/camellia.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/openssl/enc_provider/camellia.c (rev 0)
+++ branches/camellia-cts-cmac/src/lib/crypto/openssl/enc_provider/camellia.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -0,0 +1,410 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/crypto/openssl/enc_provider/camellia.c
+ *
+ * Copyright (C) 2003, 2007, 2008, 2009, 2010 by the Massachusetts Institute of
+ * Technology. All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "enc_provider.h"
+#include "rand2key.h"
+#include "aead.h"
+#include "hash_provider/hash_provider.h"
+#include <openssl/evp.h>
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+#ifdef CAMELLIA
+
+static krb5_error_code
+cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+ size_t num_data);
+static krb5_error_code
+cbc_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+ size_t num_data);
+static krb5_error_code
+cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+ size_t num_data, size_t dlen);
+static krb5_error_code
+cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+ size_t num_data, size_t dlen);
+
+#define BLOCK_SIZE 16
+#define NUM_BITS 8
+#define IV_CTS_BUF_SIZE 16 /* 16 - hardcoded in CRYPTO_cts128_en/decrypt */
+
+static void
+xorblock(unsigned char *out, const unsigned char *in)
+{
+ int z;
+ for (z = 0; z < CAMELLIA_BLOCK_SIZE / 4; z++) {
+ unsigned char *outptr = &out[z * 4];
+ unsigned char *inptr = (unsigned char *)&in[z * 4];
+ /*
+ * Use unaligned accesses. On x86, this will probably still be faster
+ * than multiple byte accesses for unaligned data, and for aligned data
+ * should be far better. (One test indicated about 2.4% faster
+ * encryption for 1024-byte messages.)
+ *
+ * If some other CPU has really slow unaligned-word or byte accesses,
+ * perhaps this function (or the load/store helpers?) should test for
+ * alignment first.
+ *
+ * If byte accesses are faster than unaligned words, we may need to
+ * conditionalize on CPU type, as that may be hard to determine
+ * automatically.
+ */
+ store_32_n(load_32_n(outptr) ^ load_32_n(inptr), outptr);
+ }
+}
+
+static const EVP_CIPHER *
+map_mode(unsigned int len)
+{
+ if (len==16)
+ return EVP_camellia_128_cbc();
+ if (len==32)
+ return EVP_camellia_256_cbc();
+ else
+ return NULL;
+}
+
+/* Encrypt one block using CBC. */
+static krb5_error_code
+cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+ size_t num_data)
+{
+ int ret, olen = BLOCK_SIZE;
+ unsigned char iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
+ EVP_CIPHER_CTX ciph_ctx;
+ struct iov_block_state input_pos, output_pos;
+
+ EVP_CIPHER_CTX_init(&ciph_ctx);
+ ret = EVP_EncryptInit_ex(&ciph_ctx, map_mode(key->keyblock.length),
+ NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
+ if (ret == 0)
+ return KRB5_CRYPTO_INTERNAL;
+
+ IOV_BLOCK_STATE_INIT(&input_pos);
+ IOV_BLOCK_STATE_INIT(&output_pos);
+ krb5int_c_iov_get_block(iblock, BLOCK_SIZE, data, num_data, &input_pos);
+ EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
+ ret = EVP_EncryptUpdate(&ciph_ctx, oblock, &olen, iblock, BLOCK_SIZE);
+ if (ret == 1) {
+ krb5int_c_iov_put_block(data, num_data, oblock, BLOCK_SIZE,
+ &output_pos);
+ }
+ EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+ zap(iblock, BLOCK_SIZE);
+ zap(oblock, BLOCK_SIZE);
+ return (ret == 1) ? 0 : KRB5_CRYPTO_INTERNAL;
+}
+
+/* Decrypt one block using CBC. */
+static krb5_error_code
+cbc_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+ size_t num_data)
+{
+ int ret = 0, olen = BLOCK_SIZE;
+ unsigned char iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
+ EVP_CIPHER_CTX ciph_ctx;
+ struct iov_block_state input_pos, output_pos;
+
+ EVP_CIPHER_CTX_init(&ciph_ctx);
+ ret = EVP_DecryptInit_ex(&ciph_ctx, map_mode(key->keyblock.length),
+ NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
+ if (ret == 0)
+ return KRB5_CRYPTO_INTERNAL;
+
+ IOV_BLOCK_STATE_INIT(&input_pos);
+ IOV_BLOCK_STATE_INIT(&output_pos);
+ krb5int_c_iov_get_block(iblock, BLOCK_SIZE, data, num_data, &input_pos);
+ EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
+ ret = EVP_DecryptUpdate(&ciph_ctx, oblock, &olen, iblock, BLOCK_SIZE);
+ if (ret == 1) {
+ krb5int_c_iov_put_block(data, num_data, oblock, BLOCK_SIZE,
+ &output_pos);
+ }
+ EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+ zap(iblock, BLOCK_SIZE);
+ zap(oblock, BLOCK_SIZE);
+ return (ret == 1) ? 0 : KRB5_CRYPTO_INTERNAL;
+}
+
+static krb5_error_code
+cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+ size_t num_data, size_t dlen)
+{
+ int ret = 0;
+ size_t size = 0;
+ unsigned char *oblock = NULL, *dbuf = NULL;
+ unsigned char iv_cts[IV_CTS_BUF_SIZE];
+ struct iov_block_state input_pos, output_pos;
+ CAMELLIA_KEY enck;
+
+ memset(iv_cts,0,sizeof(iv_cts));
+ if (ivec && ivec->data){
+ if (ivec->length != sizeof(iv_cts))
+ return KRB5_CRYPTO_INTERNAL;
+ memcpy(iv_cts, ivec->data,ivec->length);
+ }
+
+ oblock = OPENSSL_malloc(dlen);
+ if (!oblock){
+ return ENOMEM;
+ }
+ dbuf = OPENSSL_malloc(dlen);
+ if (!dbuf){
+ OPENSSL_free(oblock);
+ return ENOMEM;
+ }
+
+ IOV_BLOCK_STATE_INIT(&input_pos);
+ IOV_BLOCK_STATE_INIT(&output_pos);
+
+ krb5int_c_iov_get_block(dbuf, dlen, data, num_data, &input_pos);
+
+ Camellia_set_key(key->keyblock.contents, NUM_BITS * key->keyblock.length,
+ &enck);
+
+ size = CRYPTO_cts128_encrypt((unsigned char *)dbuf, oblock, dlen, &enck,
+ iv_cts, (cbc128_f)Camellia_cbc_encrypt);
+ if (size <= 0) {
+ ret = KRB5_CRYPTO_INTERNAL;
+ } else {
+ krb5int_c_iov_put_block(data, num_data,
+ oblock, dlen, &output_pos);
+ }
+
+ if (!ret && ivec && ivec->data)
+ memcpy(ivec->data, iv_cts, sizeof(iv_cts));
+
+ zap(oblock, dlen);
+ zap(dbuf, dlen);
+ OPENSSL_free(oblock);
+ OPENSSL_free(dbuf);
+
+ return ret;
+}
+
+static krb5_error_code
+cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+ size_t num_data, size_t dlen)
+{
+ int ret = 0;
+ size_t size = 0;
+ unsigned char *oblock = NULL;
+ unsigned char *dbuf = NULL;
+ unsigned char iv_cts[IV_CTS_BUF_SIZE];
+ struct iov_block_state input_pos, output_pos;
+ CAMELLIA_KEY deck;
+
+ memset(iv_cts,0,sizeof(iv_cts));
+ if (ivec && ivec->data){
+ if (ivec->length != sizeof(iv_cts))
+ return KRB5_CRYPTO_INTERNAL;
+ memcpy(iv_cts, ivec->data,ivec->length);
+ }
+
+ IOV_BLOCK_STATE_INIT(&input_pos);
+ IOV_BLOCK_STATE_INIT(&output_pos);
+
+ oblock = OPENSSL_malloc(dlen);
+ if (!oblock)
+ return ENOMEM;
+ dbuf = OPENSSL_malloc(dlen);
+ if (!dbuf){
+ OPENSSL_free(oblock);
+ return ENOMEM;
+ }
+
+ Camellia_set_key(key->keyblock.contents, NUM_BITS * key->keyblock.length,
+ &deck);
+
+ krb5int_c_iov_get_block(dbuf, dlen, data, num_data, &input_pos);
+
+ size = CRYPTO_cts128_decrypt((unsigned char *)dbuf, oblock,
+ dlen, &deck,
+ iv_cts, (cbc128_f)Camellia_cbc_encrypt);
+ if (size <= 0)
+ ret = KRB5_CRYPTO_INTERNAL;
+ else {
+ krb5int_c_iov_put_block(data, num_data, oblock, dlen, &output_pos);
+ }
+
+ if (!ret && ivec && ivec->data)
+ memcpy(ivec->data, iv_cts, sizeof(iv_cts));
+
+ zap(oblock, dlen);
+ zap(dbuf, dlen);
+ OPENSSL_free(oblock);
+ OPENSSL_free(dbuf);
+
+ return ret;
+}
+
+static krb5_error_code
+krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec,
+ krb5_crypto_iov *data, size_t num_data)
+{
+ int ret = 0;
+ int nblocks = 0;
+ size_t input_length, i;
+
+ for (i = 0, input_length = 0; i < num_data; i++){
+ krb5_crypto_iov *iov = &data[i];
+
+ if (ENCRYPT_IOV(iov))
+ input_length += iov->data.length;
+ }
+
+ nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+ if (nblocks == 1) {
+ if (input_length != BLOCK_SIZE)
+ return KRB5_BAD_MSIZE;
+ ret = cbc_enc(key, ivec, data, num_data);
+ } else if (nblocks > 1) {
+ ret = cts_encr(key, ivec, data, num_data, input_length);
+ }
+
+ return ret;
+}
+
+static krb5_error_code
+krb5int_camellia_decrypt(krb5_key key, const krb5_data *ivec,
+ krb5_crypto_iov *data, size_t num_data)
+{
+ int ret = 0;
+ int nblocks = 0;
+ size_t input_length, i;
+
+ for (i = 0, input_length = 0; i < num_data; i++) {
+ krb5_crypto_iov *iov = &data[i];
+
+ if (ENCRYPT_IOV(iov))
+ input_length += iov->data.length;
+ }
+
+ nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+ if (nblocks == 1) {
+ if (input_length != BLOCK_SIZE)
+ return KRB5_BAD_MSIZE;
+ ret = cbc_decr(key, ivec, data, num_data);
+ } else if (nblocks > 1) {
+ ret = cts_decr(key, ivec, data, num_data, input_length);
+ }
+
+ return ret;
+}
+
+krb5_error_code
+krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
+ size_t num_data, const krb5_data *iv,
+ krb5_data *output)
+{
+ CAMELLIA_KEY enck;
+ unsigned char blockY[CAMELLIA_BLOCK_SIZE];
+ struct iov_block_state iov_state;
+
+ if (output->length < CAMELLIA_BLOCK_SIZE)
+ return KRB5_BAD_MSIZE;
+
+ Camellia_set_key(key->keyblock.contents,
+ NUM_BITS * key->keyblock.length, &enck);
+
+ if (iv != NULL)
+ memcpy(blockY, iv->data, CAMELLIA_BLOCK_SIZE);
+ else
+ memset(blockY, 0, CAMELLIA_BLOCK_SIZE);
+
+ IOV_BLOCK_STATE_INIT(&iov_state);
+
+ for (;;) {
+ unsigned char blockB[CAMELLIA_BLOCK_SIZE];
+
+ if (!krb5int_c_iov_get_block(blockB, CAMELLIA_BLOCK_SIZE, data,
+ num_data, &iov_state))
+ break;
+
+ xorblock(blockB, blockY);
+
+ Camellia_ecb_encrypt(blockB, blockY, &enck, 1);
+ }
+
+ output->length = CAMELLIA_BLOCK_SIZE;
+ memcpy(output->data, blockY, CAMELLIA_BLOCK_SIZE);
+
+ return 0;
+}
+
+static krb5_error_code
+krb5int_camellia_init_state (const krb5_keyblock *key, krb5_keyusage usage,
+ krb5_data *state)
+{
+ state->length = 16;
+ state->data = (void *) malloc(16);
+ if (state->data == NULL)
+ return ENOMEM;
+ memset(state->data, 0, state->length);
+ return 0;
+}
+const struct krb5_enc_provider krb5int_enc_camellia128 = {
+ 16,
+ 16, 16,
+ krb5int_camellia_encrypt,
+ krb5int_camellia_decrypt,
+ krb5int_camellia_cbc_mac,
+ krb5int_camellia_make_key,
+ krb5int_camellia_init_state,
+ krb5int_default_free_state
+};
+
+const struct krb5_enc_provider krb5int_enc_camellia256 = {
+ 16,
+ 32, 32,
+ krb5int_camellia_encrypt,
+ krb5int_camellia_decrypt,
+ krb5int_camellia_cbc_mac,
+ krb5int_camellia_make_key,
+ krb5int_camellia_init_state,
+ krb5int_default_free_state
+};
+
+#else /* CAMELLIA */
+
+/* These won't be used, but are still in the export table. */
+
+krb5_error_code
+krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
+ size_t num_data, const krb5_data *iv,
+ krb5_data *output)
+{
+ return EINVAL;
+}
+
+const struct krb5_enc_provider krb5int_enc_camellia128 = {
+};
+
+#endif /* CAMELLIA */
Modified: branches/camellia-cts-cmac/src/lib/crypto/openssl/enc_provider/enc_provider.h
===================================================================
--- branches/camellia-cts-cmac/src/lib/crypto/openssl/enc_provider/enc_provider.h 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/crypto/openssl/enc_provider/enc_provider.h 2010-11-10 00:03:48 UTC (rev 24514)
@@ -34,8 +34,7 @@
extern const struct krb5_enc_provider krb5int_enc_aes256;
extern const struct krb5_enc_provider krb5int_enc_aes128_ctr;
extern const struct krb5_enc_provider krb5int_enc_aes256_ctr;
-#ifdef CAMELLIA_CCM
-extern const struct krb5_enc_provider krb5int_enc_camellia128_ctr;
-extern const struct krb5_enc_provider krb5int_enc_camellia256_ctr;
+#ifdef CAMELLIA
+extern const struct krb5_enc_provider krb5int_enc_camellia128;
+extern const struct krb5_enc_provider krb5int_enc_camellia256;
#endif
-
Modified: branches/camellia-cts-cmac/src/lib/krb5/krb/init_ctx.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/krb5/krb/init_ctx.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/krb5/krb/init_ctx.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -442,10 +442,10 @@
mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, &list);
} else if (strcasecmp(token, "rc4") == 0) {
mod_list(ENCTYPE_ARCFOUR_HMAC, sel, weak, &list);
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
} else if (strcasecmp(token, "camellia") == 0) {
- mod_list(ENCTYPE_CAMELLIA256_CCM_128, sel, weak, &list);
- mod_list(ENCTYPE_CAMELLIA128_CCM_128, sel, weak, &list);
+ mod_list(ENCTYPE_CAMELLIA256_CTS_CMAC, sel, weak, &list);
+ mod_list(ENCTYPE_CAMELLIA128_CTS_CMAC, sel, weak, &list);
#endif
} else if (krb5_string_to_enctype(token, &etype) == 0) {
/* Set a specific enctype. */
Modified: branches/camellia-cts-cmac/src/lib/krb5/krb/t_etypes.c
===================================================================
--- branches/camellia-cts-cmac/src/lib/krb5/krb/t_etypes.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/lib/krb5/krb/t_etypes.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -98,12 +98,12 @@
ENCTYPE_DES3_CBC_SHA1, 0 },
0, 0
},
-#ifdef CAMELLIA_CCM
+#ifdef CAMELLIA
/* Family with enctype removed */
- { "camellia -camellia256-ccm-128",
+ { "camellia -camellia256-cts-cmac",
{ 0 },
- { ENCTYPE_CAMELLIA128_CCM_128, 0 },
- { ENCTYPE_CAMELLIA128_CCM_128, 0 }
+ { ENCTYPE_CAMELLIA128_CTS_CMAC, 0 },
+ { ENCTYPE_CAMELLIA128_CTS_CMAC, 0 }
},
#endif
/* Enctype followed by two families */
Modified: branches/camellia-cts-cmac/src/tests/dejagnu/config/default.exp
===================================================================
--- branches/camellia-cts-cmac/src/tests/dejagnu/config/default.exp 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/tests/dejagnu/config/default.exp 2010-11-10 00:03:48 UTC (rev 24514)
@@ -263,29 +263,29 @@
}
}
-# Add to above when Camellia-CCM support becomes unconditional.
+# Add to above when Camellia support becomes unconditional.
# {
# camellia-only
# mode=udp
# des3_krbtgt=0
-# {supported_enctypes=camellia256-ccm:normal}
-# {permitted_enctypes(kdc)=camellia256-ccm}
-# {permitted_enctypes(slave)=camellia256-ccm}
-# {permitted_enctypes(client)=camellia256-ccm}
-# {permitted_enctypes(server)=camellia256-ccm}
-# {default_tgs_enctypes(kdc)=camellia256-ccm}
-# {default_tgs_enctypes(slave)=camellia256-ccm}
-# {default_tgs_enctypes(client)=camellia256-ccm}
-# {default_tgs_enctypes(server)=camellia256-ccm}
-# {default_tkt_enctypes(kdc)=camellia256-ccm}
-# {default_tkt_enctypes(slave)=camellia256-ccm}
-# {default_tkt_enctypes(client)=camellia256-ccm}
-# {default_tkt_enctypes(server)=camellia256-ccm}
+# {supported_enctypes=camellia256-cts:normal}
+# {permitted_enctypes(kdc)=camellia256-cts}
+# {permitted_enctypes(slave)=camellia256-cts}
+# {permitted_enctypes(client)=camellia256-cts}
+# {permitted_enctypes(server)=camellia256-cts}
+# {default_tgs_enctypes(kdc)=camellia256-cts}
+# {default_tgs_enctypes(slave)=camellia256-cts}
+# {default_tgs_enctypes(client)=camellia256-cts}
+# {default_tgs_enctypes(server)=camellia256-cts}
+# {default_tkt_enctypes(kdc)=camellia256-cts}
+# {default_tkt_enctypes(slave)=camellia256-cts}
+# {default_tkt_enctypes(client)=camellia256-cts}
+# {default_tkt_enctypes(server)=camellia256-cts}
# {allow_weak_crypto(kdc)=false}
# {allow_weak_crypto(slave)=false}
# {allow_weak_crypto(client)=false}
# {allow_weak_crypto(server)=false}
-# {master_key_type=camellia256-ccm}
+# {master_key_type=camellia256-cts}
# {dummy=[verbose -log "Camellia-256 enctype"]}
# }
Modified: branches/camellia-cts-cmac/src/util/k5test.py
===================================================================
--- branches/camellia-cts-cmac/src/util/k5test.py 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/util/k5test.py 2010-11-10 00:03:48 UTC (rev 24514)
@@ -1014,16 +1014,16 @@
'supported_enctypes' : 'aes128-cts:normal',
'master_key_type' : 'aes128-cts'}}}}),
- # Exercise the camellia256-ccm enctype.
-# Enable when Camellia-CCM support becomes unconditional.
+ # Exercise the camellia256-cts enctype.
+# Enable when Camellia support becomes unconditional.
# ('camellia256', None,
# {'all' : {'libdefaults' : {
-# 'default_tgs_enctypes' : 'camellia256-ccm',
-# 'default_tkt_enctypes' : 'camellia256-ccm',
-# 'permitted_enctypes' : 'camellia256-ccm'}}},
+# 'default_tgs_enctypes' : 'camellia256-cts',
+# 'default_tkt_enctypes' : 'camellia256-cts',
+# 'permitted_enctypes' : 'camellia256-cts'}}},
# {'master' : {'realms' : {'$realm' : {
-# 'supported_enctypes' : 'camellia256-ccm:normal',
-# 'master_key_type' : 'camellia256-ccm'}}}}),
+# 'supported_enctypes' : 'camellia256-cts:normal',
+# 'master_key_type' : 'camellia256-cts'}}}}),
# Test a setup with modern principal keys but an old TGT key.
('aes256.destgt', 'des-cbc-crc:normal',
Modified: branches/camellia-cts-cmac/src/windows/identity/plugins/krb5/datarep.c
===================================================================
--- branches/camellia-cts-cmac/src/windows/identity/plugins/krb5/datarep.c 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/windows/identity/plugins/krb5/datarep.c 2010-11-10 00:03:48 UTC (rev 24514)
@@ -93,12 +93,12 @@
resid = IDS_ETYPE_AES256_CTS_HMAC_SHA1_96;
break;
- case ENCTYPE_CAMELLIA128_CCM_128:
- resid = IDS_ETYPE_CAMELLIA128_CCM_128;
+ case ENCTYPE_CAMELLIA128_CTS_CMAC:
+ resid = IDS_ETYPE_CAMELLIA128_CTS_CMAC;
break;
- case ENCTYPE_CAMELLIA256_CCM_128:
- resid = IDS_ETYPE_CAMELLIA256_CCM_128;
+ case ENCTYPE_CAMELLIA256_CTS_CMAC:
+ resid = IDS_ETYPE_CAMELLIA256_CTS_CMAC;
break;
case ENCTYPE_ARCFOUR_HMAC:
Modified: branches/camellia-cts-cmac/src/windows/identity/plugins/krb5/lang/en_us/langres.rc
===================================================================
--- branches/camellia-cts-cmac/src/windows/identity/plugins/krb5/lang/en_us/langres.rc 2010-11-10 00:01:23 UTC (rev 24513)
+++ branches/camellia-cts-cmac/src/windows/identity/plugins/krb5/lang/en_us/langres.rc 2010-11-10 00:03:48 UTC (rev 24514)
@@ -364,8 +364,8 @@
IDS_ETYPE_DES3_CBC_SHA1 "DES3-CBC-SHA1"
IDS_ETYPE_AES128_CTS_HMAC_SHA1_96 "AES128_CTS-HMAC-SHA1_96"
IDS_ETYPE_AES256_CTS_HMAC_SHA1_96 "AES256_CTS-HMAC-SHA1_96"
- IDS_ETYPE_CAMELLIA128_CCM_128 "CAMELLIA128_CCM-128"
- IDS_ETYPE_CAMELLIA256_CCM_128 "CAMELLIA256_CCM-128"
+ IDS_ETYPE_CAMELLIA128_CTS_CMAC "CAMELLIA128_CTS-CMAC"
+ IDS_ETYPE_CAMELLIA256_CTS_CMAC "CAMELLIA256_CTS-CMAC"
IDS_ETYPE_ARCFOUR_HMAC "RC4-HMAC-NT"
IDS_ETYPE_ARCFOUR_HMAC_EXP "RC4-HMAC-NT-EXP"
IDS_ETYPE_UNKNOWN "(Unknown)"
More information about the cvs-krb5
mailing list