svn rev #21633: branches/aes-ccm/src/lib/crypto/ dk/ enc_provider/

lhoward@MIT.EDU lhoward at MIT.EDU
Mon Dec 29 17:33:28 EST 2008 

http://src.mit.edu/fisheye/changelog/krb5/?cs=21633
Commit By: lhoward
Log Message:
Support init_state for CCM



Changed Files:
U   branches/aes-ccm/src/lib/crypto/dk/dk_ccm.c
U   branches/aes-ccm/src/lib/crypto/enc_provider/aes_ctr.c
Modified: branches/aes-ccm/src/lib/crypto/dk/dk_ccm.c
===================================================================
--- branches/aes-ccm/src/lib/crypto/dk/dk_ccm.c	2008-12-29 17:39:29 UTC (rev 21632)
+++ branches/aes-ccm/src/lib/crypto/dk/dk_ccm.c	2008-12-29 22:33:27 UTC (rev 21633)
@@ -300,9 +300,19 @@
 
     header->data.length = header_len;
 
-    ret = krb5_c_random_make_octets(/* XXX */ NULL, &header->data);
-    if (ret != 0)
-	goto cleanup;
+    if (ivec != NULL) {
+	if (ivec->length != 16 ||
+	    ivec->data[0] & ~(CCM_FLAG_MASK_Q) ||
+	    15 - (unsigned)ivec->data[0] != header_len) {
+	    ret = KRB5_BAD_MSIZE;
+	    goto cleanup;
+	}
+	memcpy(header->data.data, &ivec->data[1], header_len);
+    } else {
+	ret = krb5_c_random_make_octets(/* XXX */ NULL, &header->data);
+	if (ret != 0)
+	    goto cleanup;
+    }
 
     sign_data = (krb5_crypto_iov *)calloc(num_data + 1, sizeof(krb5_crypto_iov));
     if (sign_data == NULL) {

Modified: branches/aes-ccm/src/lib/crypto/enc_provider/aes_ctr.c
===================================================================
--- branches/aes-ccm/src/lib/crypto/enc_provider/aes_ctr.c	2008-12-29 17:39:29 UTC (rev 21632)
+++ branches/aes-ccm/src/lib/crypto/enc_provider/aes_ctr.c	2008-12-29 22:33:27 UTC (rev 21633)
@@ -261,11 +261,36 @@
 krb5int_aes_init_state_ctr (const krb5_keyblock *key, krb5_keyusage usage,
 			    krb5_data *state)
 {
-    state->length = BLOCK_SIZE;
-    state->data = calloc(1, state->length);
+    krb5_data nonce;
+    unsigned int n, q;
+    krb5_error_code code;
+
+    code = krb5_c_crypto_length(NULL, key->enctype, KRB5_CRYPTO_TYPE_HEADER, &n);
+    if (code != 0)
+	return code;
+
+    assert(n >= 7 && n <= 13);
+
+    state->length = 16;
+    state->data = malloc(state->length);
     if (state->data == NULL)
 	return ENOMEM;
-    state->data[0] = CCM_DEFAULT_COUNTER_LEN - 1;
+
+    q = 15 - n;
+    state->data[0] = q - 1;
+
+    nonce.data = &state->data[1];
+    nonce.length = n;
+
+    code = krb5_c_random_make_octets(NULL, &nonce);
+    if (code != 0) {
+	free(state->data);
+	state->data = NULL;
+	return code;
+    }
+
+    memset(&state->data[1 + n], 0, q);
+
     return 0;
 }

More information about the cvs-krb5 mailing list