* aes.c: New file.

* Makefile.in (STLIBOBJS, OBJS, SRCS): Include it.
(LOCALINCLUDE): Add aes source dir.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15143 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 206 insertions, 2 deletions

diff --git a/src/lib/crypto/enc_provider/ChangeLog b/src/lib/crypto/enc_provider/ChangeLog
index ee01521..f46ced5 100644
--- a/src/lib/crypto/enc_provider/ChangeLog
+++ b/src/lib/crypto/enc_provider/ChangeLog
@@ -1,3 +1,9 @@
+2003-02-03  Ken Raeburn  <raeburn@mit.edu>
+
+	* aes.c: New file.
+	* Makefile.in (STLIBOBJS, OBJS, SRCS): Include it.
+	(LOCALINCLUDE): Add aes source dir.
+
 2003-01-10  Ken Raeburn  <raeburn@mit.edu>
 
 	* Makefile.in: Add AC_SUBST_FILE marker for libobj_frag.
diff --git a/src/lib/crypto/enc_provider/Makefile.in b/src/lib/crypto/enc_provider/Makefile.in
index bb44411..dbc4f64 100644
--- a/src/lib/crypto/enc_provider/Makefile.in
+++ b/src/lib/crypto/enc_provider/Makefile.in
@@ -2,7 +2,7 @@ thisconfigdir=./..
 myfulldir=lib/crypto/enc_provider
 mydir=enc_provider
 BUILDTOP=$(REL)..$(S)..$(S)..
-LOCALINCLUDES = -I$(srcdir)/../des -I$(srcdir)/../arcfour
+LOCALINCLUDES = -I$(srcdir)/../des -I$(srcdir)/../arcfour -I$(srcdir)/../aes
 
 ##DOS##BUILDTOP = ..\..\..
 ##DOS##PREFIXDIR=enc_provider
@@ -14,16 +14,18 @@ PROG_RPATH=$(KRB5_LIBDIR)
 
 RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf
 
-STLIBOBJS= des.o des3.o arcfour.o
+STLIBOBJS= des.o des3.o arcfour.o aes.o
 
 OBJS= \
 	$(OUTPRE)des.$(OBJEXT) \
 	$(OUTPRE)des3.$(OBJEXT) \
+	$(OUTPRE)aes.$(OBJEXT) \
 	$(OUTPRE)arcfour.$(OBJEXT)
 
 SRCS= \
 	$(srcdir)/des.c \
 	$(srcdir)/des3.c \
+	$(srcdir)/aes.c \
 	$(srcdir)/arcfour.c
 
 ##DOS##LIBOBJS = $(OBJS)
@@ -55,6 +57,12 @@ des3.so des3.po $(OUTPRE)des3.$(OBJEXT): des3.c $(SRCTOP)/include/k5-int.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
   $(BUILDTOP)/include/profile.h $(srcdir)/../des/des_int.h \
   $(SRCTOP)/include/kerberosIV/des.h
+aes.so aes.po $(OUTPRE)aes.$(OBJEXT): aes.c $(SRCTOP)/include/k5-int.h \
+  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
+  $(BUILDTOP)/include/profile.h enc_provider.h $(srcdir)/../aes/aes.h \
+  $(srcdir)/../aes/uitypes.h
 arcfour.so arcfour.po $(OUTPRE)arcfour.$(OBJEXT): arcfour.c $(SRCTOP)/include/k5-int.h \
   $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
diff --git a/src/lib/crypto/enc_provider/aes.c b/src/lib/crypto/enc_provider/aes.c
new file mode 100644
index 0000000..4a400cd
--- /dev/null
+++ b/src/lib/crypto/enc_provider/aes.c
@@ -0,0 +1,190 @@
+#include "k5-int.h"
+#include "enc_provider.h"
+#include "aes.h"
+
+static void
+aes_block_size(size_t *blocksize)
+{
+    *blocksize = 16;
+}
+
+static void
+aes128_keysize(size_t *keybytes, size_t *keylength)
+{
+    *keybytes = *keylength = 16;
+}
+
+static void
+aes256_keysize(size_t *keybytes, size_t *keylength)
+{
+    *keybytes = *keylength = 32;
+}
+
+#if 0
+aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1]);
+aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]);
+aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]);
+aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]);
+aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]);
+#endif
+
+#define CHECK_SIZES 0
+
+static void printd (const char *descr, krb5_data *d) {
+    int i, j;
+    const int r = 16;
+
+    printf("%s:", descr);
+
+    for (i = 0; i < d->length; i += r) {
+	printf("\n  %04x: ", i);
+	for (j = i; j < i + r && j < d->length; j++)
+	    printf(" %02x", 0xff & d->data[j]);
+#ifdef SHOW_TEXT
+	for (; j < i + r; j++)
+	    printf("   ");
+	printf("   ");
+	for (j = i; j < i + r && j < d->length; j++) {
+	    int c = 0xff & d->data[j];
+	    printf("%c", isprint(c) ? c : '.');
+	}
+#endif
+    }
+    printf("\n");
+}
+static void enc(char *out, const char *in, aes_ctx *ctx)
+{
+    if (aes_enc_blk(in, out, ctx) != aes_good)
+	abort();
+#if 0
+    {
+	krb5_data e_in, e_out;
+	e_in.data = in;
+	e_out.data = out;
+	e_in.length = e_out.length = BLOCK_SIZE;
+	printf("encrypting [[\n");
+	printd("input block", &e_in);
+	printd("output block", &e_out);
+	printf("]]\n");
+    }
+#endif
+}
+
+static void xorblock(char *out, const char *in)
+{
+    int z;
+    for (z = 0; z < BLOCK_SIZE; z++)
+	out[z] ^= in[z];
+}
+
+krb5_error_code
+krb5int_aes_encrypt(const krb5_keyblock *key, const krb5_data *ivec,
+		    const krb5_data *input, krb5_data *output)
+{
+    aes_ctx ctx;
+    unsigned char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE];
+    int offset;
+    int nblocks = 0, blockno;
+
+/*    CHECK_SIZES; */
+
+    if (aes_enc_key(key->contents, key->length, &ctx) != aes_good)
+	abort();
+
+    if (ivec)
+	memcpy(tmp, ivec->data, BLOCK_SIZE);
+    else
+	memset(tmp, 0, BLOCK_SIZE);
+
+    nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+
+    if (nblocks == 1) {
+	/* XXX Used for DK function.  */
+	if (aes_enc_blk(input->data, output->data, &ctx) != aes_good)
+	    abort();
+    } else {
+	int nleft;
+
+	for (blockno = 0; blockno < nblocks - 2; blockno++) {
+	    xorblock(tmp, input->data + blockno * BLOCK_SIZE);
+	    enc(tmp2, tmp, &ctx);
+	    memcpy(output->data + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE);
+
+	    /* Set up for next block.  */
+	    memcpy(tmp, tmp2, BLOCK_SIZE);
+	    offset += BLOCK_SIZE;
+	}
+	/* Do final CTS step for last two blocks (the second of which
+	   may or may not be incomplete).  */
+	xorblock(tmp, input->data + (nblocks - 2) * BLOCK_SIZE);
+	enc(tmp2, tmp, &ctx);
+	nleft = input->length - (nblocks - 1) * BLOCK_SIZE;
+	memcpy(output->data + (nblocks - 1) * BLOCK_SIZE, tmp2, nleft);
+	memcpy(tmp, tmp2, BLOCK_SIZE);
+
+	memset(tmp3, 0, sizeof(tmp3));
+	memcpy(tmp3, input->data + (nblocks - 1) * BLOCK_SIZE, nleft);
+	xorblock(tmp, tmp3);
+	enc(tmp2, tmp, &ctx);
+	memcpy(output->data + (nblocks - 2) * BLOCK_SIZE, tmp2, BLOCK_SIZE);
+    }
+
+    return 0;
+}
+
+static krb5_error_code
+k5_aes_decrypt(const krb5_keyblock *key, const krb5_data *ivec,
+	       const krb5_data *input, krb5_data *output)
+{
+    aes_ctx ctx;
+
+    CHECK_SIZES;
+
+    if (aes_dec_key(key->contents, key->length, &ctx) != aes_good)
+	abort();
+
+    abort();
+
+    return 0;
+}
+
+static krb5_error_code
+k5_aes_make_key(const krb5_data *randombits, krb5_keyblock *key)
+{
+    if (key->length != 16 && key->length != 32)
+	return(KRB5_BAD_KEYSIZE);
+    if (randombits->length != key->length)
+	return(KRB5_CRYPTO_INTERNAL);
+
+    key->magic = KV5M_KEYBLOCK;
+
+    memcpy(key->contents, randombits->data, randombits->length);
+    return(0);
+}
+
+static krb5_error_code
+krb5int_aes_init_state (const krb5_keyblock *key, krb5_keyusage usage,
+			krb5_data *state)
+{
+    abort();
+}
+
+const struct krb5_enc_provider krb5int_enc_aes128 = {
+    aes_block_size,
+    aes128_keysize,
+    krb5int_aes_encrypt,
+    k5_aes_decrypt,
+    k5_aes_make_key,
+    krb5int_aes_init_state,
+    krb5int_default_free_state
+};
+
+const struct krb5_enc_provider krb5int_enc_aes256 = {
+    aes_block_size,
+    aes256_keysize,
+    krb5int_aes_encrypt,
+    k5_aes_decrypt,
+    k5_aes_make_key,
+    krb5int_aes_init_state,
+    krb5int_default_free_state
+};