Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add Camellia support to the NSS back end. (It was mostly already

there, but we needed a cbc-mac function.)


git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-cts-cmac@24523 dc483132-0cff-0310-8789-dd5450dbe970
  • Loading branch information...
commit f21cf7d75d86c080f0eb8db79e708c7daf95e7c4 1 parent 335330f
ghudson authored
View
20 src/lib/crypto/nss/enc_provider/camellia.c
@@ -41,9 +41,7 @@
#ifdef CAMELLIA
-/* XXX This still needs a cbc-mac function. */
-
-krb5_error_code
+static krb5_error_code
krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data)
{
@@ -56,7 +54,7 @@ krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec,
ivec, data, num_data);
}
-krb5_error_code
+static krb5_error_code
krb5int_camellia_decrypt(krb5_key key, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data)
{
@@ -69,6 +67,20 @@ krb5int_camellia_decrypt(krb5_key key, const krb5_data *ivec,
ivec, data, num_data);
}
+krb5_error_code
+krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
+ size_t num_data, const krb5_data *ivec,
+ krb5_data *output)
+{
+ krb5_error_code ret;
+
+ ret = k5_nss_gen_import(key, CKM_CAMELLIA_CBC, CKA_DECRYPT);
+ if (ret != 0)
+ return ret;
+ return k5_nss_gen_cbcmac_iov(key, CKM_CAMELLIA_CBC, ivec, data, num_data,
+ output);
+}
+
/*
* perhaps we should store the NSS context in the krb5_data state here?
*/
View
70 src/lib/crypto/nss/enc_provider/enc_gen.c
@@ -539,6 +539,76 @@ k5_nss_gen_cts_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech,
return ret;
}
+krb5_error_code
+k5_nss_gen_cbcmac_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech,
+ const krb5_data *ivec, const krb5_crypto_iov *data,
+ size_t num_data, krb5_data *output)
+{
+ krb5_error_code ret = 0;
+ PK11Context *ctx = NULL;
+ SECStatus rv;
+ SECItem *param = NULL;
+ struct iov_block_state input_pos, output_pos;
+ unsigned char storage[MAX_BLOCK_SIZE];
+ unsigned char iv0[MAX_BLOCK_SIZE];
+ unsigned char *ptr = NULL, *lastptr = NULL;
+ SECItem iv;
+ size_t blocksize;
+ int length = 0;
+ int currentblock;
+
+ IOV_BLOCK_STATE_INIT(&input_pos);
+ IOV_BLOCK_STATE_INIT(&output_pos);
+
+ blocksize = PK11_GetBlockSize(mech, NULL);
+ assert(blocksize <= sizeof(storage));
+ if (output->length < blocksize)
+ return KRB5_BAD_MSIZE;
+
+ if (ivec && ivec->data) {
+ iv.data = (unsigned char *)ivec->data;
+ iv.len = ivec->length;
+ } else {
+ memset(iv0, 0, sizeof(iv0));
+ iv.data = iv0;
+ iv.len = blocksize;
+ }
+ param = PK11_ParamFromIV(mech, &iv);
+
+ ctx = k5_nss_create_context(krb_key, mech, CKA_ENCRYPT, param);
+ if (ctx == NULL) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+
+ lastptr = iv.data;
+ for (currentblock = 0;;currentblock++) {
+ if (!krb5int_c_iov_get_block_nocopy(storage, blocksize, data, num_data,
+ &input_pos, &ptr))
+ break;
+
+ lastptr = NULL;
+
+ rv = PK11_CipherOp(ctx, ptr, &length, blocksize, ptr, blocksize);
+ if (rv != SECSuccess) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+
+ lastptr = ptr;
+ }
+ memcpy(output->data, lastptr, blocksize);
+
+done:
+ if (ctx) {
+ PK11_Finalize(ctx);
+ PK11_DestroyContext(ctx, PR_TRUE);
+ }
+ if (param)
+ SECITEM_FreeItem(param, PR_TRUE);
+ return ret;
+}
+
void
k5_nss_gen_cleanup(krb5_key krb_key)
{
View
4 src/lib/crypto/nss/enc_provider/enc_provider.h
@@ -34,3 +34,7 @@ extern const struct krb5_enc_provider krb5int_enc_aes128;
extern const struct krb5_enc_provider krb5int_enc_aes256;
extern const struct krb5_enc_provider krb5int_enc_aes128_ctr;
extern const struct krb5_enc_provider krb5int_enc_aes256_ctr;
+#ifdef CAMELLIA
+extern const struct krb5_enc_provider krb5int_enc_camellia128;
+extern const struct krb5_enc_provider krb5int_enc_camellia256;
+#endif
View
6 src/lib/crypto/nss/nss_gen.h
@@ -90,6 +90,12 @@ k5_nss_gen_cts_iov(krb5_key key, CK_MECHANISM_TYPE mech,
CK_ATTRIBUTE_TYPE operation, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data);
+/* Compute a CBC-MAC. */
+krb5_error_code
+k5_nss_gen_cbcmac_iov(krb5_key key, CK_MECHANISM_TYPE mech,
+ const krb5_data *ivec, const krb5_crypto_iov *data,
+ size_t num_data, krb5_data *output);
+
/* Stream state management calls. */
krb5_error_code k5_nss_stream_init_state(krb5_data *new_state);
krb5_error_code k5_nss_stream_free_state(krb5_data *state);
Please sign in to comment.
Something went wrong with that request. Please try again.