Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Add Camellia support to the NSS back end. (It was mostly already

there, but we needed a cbc-mac function.)


git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-cts-cmac@24523 dc483132-0cff-0310-8789-dd5450dbe970
  • Loading branch information...
commit f21cf7d75d86c080f0eb8db79e708c7daf95e7c4 1 parent 335330f
ghudson authored
View
20 src/lib/crypto/nss/enc_provider/camellia.c
@@ -41,9 +41,7 @@
#ifdef CAMELLIA
-/* XXX This still needs a cbc-mac function. */
-
-krb5_error_code
+static krb5_error_code
krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data)
{
@@ -56,7 +54,7 @@ krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec,
ivec, data, num_data);
}
-krb5_error_code
+static krb5_error_code
krb5int_camellia_decrypt(krb5_key key, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data)
{
@@ -69,6 +67,20 @@ krb5int_camellia_decrypt(krb5_key key, const krb5_data *ivec,
ivec, data, num_data);
}
+krb5_error_code
+krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
+ size_t num_data, const krb5_data *ivec,
+ krb5_data *output)
+{
+ krb5_error_code ret;
+
+ ret = k5_nss_gen_import(key, CKM_CAMELLIA_CBC, CKA_DECRYPT);
+ if (ret != 0)
+ return ret;
+ return k5_nss_gen_cbcmac_iov(key, CKM_CAMELLIA_CBC, ivec, data, num_data,
+ output);
+}
+
/*
* perhaps we should store the NSS context in the krb5_data state here?
*/
View
70 src/lib/crypto/nss/enc_provider/enc_gen.c
@@ -539,6 +539,76 @@ k5_nss_gen_cts_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech,
return ret;
}
+krb5_error_code
+k5_nss_gen_cbcmac_iov(krb5_key krb_key, CK_MECHANISM_TYPE mech,
+ const krb5_data *ivec, const krb5_crypto_iov *data,
+ size_t num_data, krb5_data *output)
+{
+ krb5_error_code ret = 0;
+ PK11Context *ctx = NULL;
+ SECStatus rv;
+ SECItem *param = NULL;
+ struct iov_block_state input_pos, output_pos;
+ unsigned char storage[MAX_BLOCK_SIZE];
+ unsigned char iv0[MAX_BLOCK_SIZE];
+ unsigned char *ptr = NULL, *lastptr = NULL;
+ SECItem iv;
+ size_t blocksize;
+ int length = 0;
+ int currentblock;
+
+ IOV_BLOCK_STATE_INIT(&input_pos);
+ IOV_BLOCK_STATE_INIT(&output_pos);
+
+ blocksize = PK11_GetBlockSize(mech, NULL);
+ assert(blocksize <= sizeof(storage));
+ if (output->length < blocksize)
+ return KRB5_BAD_MSIZE;
+
+ if (ivec && ivec->data) {
+ iv.data = (unsigned char *)ivec->data;
+ iv.len = ivec->length;
+ } else {
+ memset(iv0, 0, sizeof(iv0));
+ iv.data = iv0;
+ iv.len = blocksize;
+ }
+ param = PK11_ParamFromIV(mech, &iv);
+
+ ctx = k5_nss_create_context(krb_key, mech, CKA_ENCRYPT, param);
+ if (ctx == NULL) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+
+ lastptr = iv.data;
+ for (currentblock = 0;;currentblock++) {
+ if (!krb5int_c_iov_get_block_nocopy(storage, blocksize, data, num_data,
+ &input_pos, &ptr))
+ break;
+
+ lastptr = NULL;
+
+ rv = PK11_CipherOp(ctx, ptr, &length, blocksize, ptr, blocksize);
+ if (rv != SECSuccess) {
+ ret = k5_nss_map_last_error();
+ goto done;
+ }
+
+ lastptr = ptr;
+ }
+ memcpy(output->data, lastptr, blocksize);
+
+done:
+ if (ctx) {
+ PK11_Finalize(ctx);
+ PK11_DestroyContext(ctx, PR_TRUE);
+ }
+ if (param)
+ SECITEM_FreeItem(param, PR_TRUE);
+ return ret;
+}
+
void
k5_nss_gen_cleanup(krb5_key krb_key)
{
View
4 src/lib/crypto/nss/enc_provider/enc_provider.h
@@ -34,3 +34,7 @@ extern const struct krb5_enc_provider krb5int_enc_aes128;
extern const struct krb5_enc_provider krb5int_enc_aes256;
extern const struct krb5_enc_provider krb5int_enc_aes128_ctr;
extern const struct krb5_enc_provider krb5int_enc_aes256_ctr;
+#ifdef CAMELLIA
+extern const struct krb5_enc_provider krb5int_enc_camellia128;
+extern const struct krb5_enc_provider krb5int_enc_camellia256;
+#endif
View
6 src/lib/crypto/nss/nss_gen.h
@@ -90,6 +90,12 @@ k5_nss_gen_cts_iov(krb5_key key, CK_MECHANISM_TYPE mech,
CK_ATTRIBUTE_TYPE operation, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data);
+/* Compute a CBC-MAC. */
+krb5_error_code
+k5_nss_gen_cbcmac_iov(krb5_key key, CK_MECHANISM_TYPE mech,
+ const krb5_data *ivec, const krb5_crypto_iov *data,
+ size_t num_data, krb5_data *output);
+
/* Stream state management calls. */
krb5_error_code k5_nss_stream_init_state(krb5_data *new_state);
krb5_error_code k5_nss_stream_free_state(krb5_data *state);
Please sign in to comment.
Something went wrong with that request. Please try again.