diff options
| author | Luke Howard <lukeh@padl.com> | 2008-12-29 22:33:27 +0000 |
|---|---|---|
| committer | Luke Howard <lukeh@padl.com> | 2008-12-29 22:33:27 +0000 |
| commit | 02f6ef7257c2b2d5a2db3d570944ba3cfa9319ee (patch) | |
| tree | 7d1cb7a202bb863c5344bc06bb2a3b346d0f731c | |
| parent | e8998127f6a6a36ec915a34f725abaf05c31accd (diff) | |
| download | krb5-aes-ccm.zip krb5-aes-ccm.tar.gz krb5-aes-ccm.tar.bz2 | |
Support init_state for CCMaes-ccm
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/aes-ccm@21633 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/lib/crypto/dk/dk_ccm.c | 16 | ||||
| -rw-r--r-- | src/lib/crypto/enc_provider/aes_ctr.c | 31 |
2 files changed, 41 insertions, 6 deletions
diff --git a/src/lib/crypto/dk/dk_ccm.c b/src/lib/crypto/dk/dk_ccm.c index d28b5fc..41f6022 100644 --- a/src/lib/crypto/dk/dk_ccm.c +++ b/src/lib/crypto/dk/dk_ccm.c @@ -300,9 +300,19 @@ krb5int_ccm_encrypt_iov(const struct krb5_aead_provider *aead, header->data.length = header_len; - ret = krb5_c_random_make_octets(/* XXX */ NULL, &header->data); - if (ret != 0) - goto cleanup; + if (ivec != NULL) { + if (ivec->length != 16 || + ivec->data[0] & ~(CCM_FLAG_MASK_Q) || + 15 - (unsigned)ivec->data[0] != header_len) { + ret = KRB5_BAD_MSIZE; + goto cleanup; + } + memcpy(header->data.data, &ivec->data[1], header_len); + } else { + ret = krb5_c_random_make_octets(/* XXX */ NULL, &header->data); + if (ret != 0) + goto cleanup; + } sign_data = (krb5_crypto_iov *)calloc(num_data + 1, sizeof(krb5_crypto_iov)); if (sign_data == NULL) { diff --git a/src/lib/crypto/enc_provider/aes_ctr.c b/src/lib/crypto/enc_provider/aes_ctr.c index e7bf0a7..a6e3634 100644 --- a/src/lib/crypto/enc_provider/aes_ctr.c +++ b/src/lib/crypto/enc_provider/aes_ctr.c @@ -261,11 +261,36 @@ static krb5_error_code krb5int_aes_init_state_ctr (const krb5_keyblock *key, krb5_keyusage usage, krb5_data *state) { - state->length = BLOCK_SIZE; - state->data = calloc(1, state->length); + krb5_data nonce; + unsigned int n, q; + krb5_error_code code; + + code = krb5_c_crypto_length(NULL, key->enctype, KRB5_CRYPTO_TYPE_HEADER, &n); + if (code != 0) + return code; + + assert(n >= 7 && n <= 13); + + state->length = 16; + state->data = malloc(state->length); if (state->data == NULL) return ENOMEM; - state->data[0] = CCM_DEFAULT_COUNTER_LEN - 1; + + q = 15 - n; + state->data[0] = q - 1; + + nonce.data = &state->data[1]; + nonce.length = n; + + code = krb5_c_random_make_octets(NULL, &nonce); + if (code != 0) { + free(state->data); + state->data = NULL; + return code; + } + + memset(&state->data[1 + n], 0, q); + return 0; } |