Make the camellia-ccm cipher state just the counter value, for

consistency with the spec. (Previously it was the whole counter block, but only the counter value was used.) To accomplish this, add methods to allow enctypes to manage cipher state. Non-CCM enctypes will simply delegate these methods to the enc provider. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24236 dc483132-0cff-0310-8789-dd5450dbe970
author: Greg Hudson <ghudson@mit.edu> 2010-08-09 18:16:04 +0000
committer: Greg Hudson <ghudson@mit.edu> 2010-08-09 18:16:04 +0000
commit: 73181224fd258a022889246d54b0b526f81f3c1d (patch)
tree: 105e84cb01ac3dd47f796305705b92120204020d /src
parent: c44bfe2610195b0438c63f8374541491ed54da6c (diff)
download: krb5-73181224fd258a022889246d54b0b526f81f3c1d.zip
krb5-73181224fd258a022889246d54b0b526f81f3c1d.tar.gz
krb5-73181224fd258a022889246d54b0b526f81f3c1d.tar.bz2
5 files changed, 85 insertions, 9 deletions
diff --git a/src/lib/crypto/krb/dk/dk.h b/src/lib/crypto/krb/dk/dk.h
index c392ab1..a9e1e53 100644
--- a/src/lib/crypto/krb/dk/dk.h
+++ b/src/lib/crypto/krb/dk/dk.h
@@ -115,3 +115,11 @@ krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp,
                          krb5_key key, krb5_keyusage usage,
                          const krb5_crypto_iov *data, size_t num_data,
                          krb5_data *output);
+
+krb5_error_code
+krb5int_dk_ccm_init_state(const struct krb5_keytypes *ktp,
+                          const krb5_keyblock *key, krb5_keyusage usage,
+                          krb5_data *out_state);
+
+void
+krb5int_dk_ccm_free_state(const struct krb5_keytypes *ktp, krb5_data *state);
diff --git a/src/lib/crypto/krb/dk/dk_ccm.c b/src/lib/crypto/krb/dk/dk_ccm.c
index f7de41d..8b7f1a1 100644
--- a/src/lib/crypto/krb/dk/dk_ccm.c
+++ b/src/lib/crypto/krb/dk/dk_ccm.c
@@ -228,7 +228,7 @@ format_Ctr0(krb5_data *counter, const krb5_data *nonce, const krb5_data *state,
 
     /* Finally, the counter value. */
     if (state != NULL)
-        memcpy(&counter->data[1 + n], &state->data[1 + n], q);
+        memcpy(&counter->data[1 + n], state->data, q);
     else
         memset(&counter->data[1 + n], 0, q);
 
@@ -375,10 +375,10 @@ ccm_encrypt(const struct krb5_keytypes *ktp, krb5_key kc,
     if (ret != 0)
         goto cleanup;
 
-    /* Store the counter block as cipher state.  Subsequent encryptions will
-     * reuse the counter value but will generate a fresh nonce. */
+    /* Store the counter value as cipher state.  Subsequent encryptions will
+     * generate a fresh nonce. */
     if (state != NULL)
-        memcpy(state->data, counter.data, counter.length);
+        memcpy(state->data, counter.data + 1 + header_len, 15 - header_len);
 
 cleanup:
     free(sign_data);
@@ -544,10 +544,10 @@ ccm_decrypt(const struct krb5_keytypes *ktp, krb5_key kc,
         goto cleanup;
     }
 
-    /* Store the counter block as cipher state.  Subsequent decryptions will
-     * reuse the counter value but will generate a fresh nonce. */
+    /* Store the counter value as cipher state.  Subsequent encryptions will
+     * generate a fresh nonce. */
     if (state != NULL)
-        memcpy(state->data, counter.data, counter.length);
+        memcpy(state->data, counter.data + 1 + header_len, 15 - header_len);
 
 cleanup:
     free(made_cksum.data);
@@ -588,3 +588,23 @@ krb5int_dk_ccm_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
     return ret;
 }
 
+krb5_error_code
+krb5int_dk_ccm_init_state(const struct krb5_keytypes *ktp,
+                          const krb5_keyblock *key, krb5_keyusage usage,
+                          krb5_data *out_state)
+{
+    unsigned int header_len;
+
+    /* The cipher state is the q-byte block counter value. */
+    header_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER);
+    return alloc_data(out_state, 15 - header_len);
+}
+
+void
+krb5int_dk_ccm_free_state(const struct krb5_keytypes *ktp,
+                          krb5_data *state)
+{
+    free(state->data);
+    state->data = NULL;
+    state->length = 0;
+}
diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c
index 4d0ba0a..102542b 100644
--- a/src/lib/crypto/krb/etypes.c
+++ b/src/lib/crypto/krb/etypes.c
@@ -50,6 +50,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_old_crypto_length, krb5int_old_encrypt, krb5int_old_decrypt,
       krb5int_des_string_to_key,
       krb5int_des_prf,
+      krb5int_init_state_enc, krb5int_free_state_enc,
       CKSUMTYPE_RSA_MD5,
       ETYPE_WEAK },
     { ENCTYPE_DES_CBC_MD4,
@@ -59,6 +60,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_old_crypto_length, krb5int_old_encrypt, krb5int_old_decrypt,
       krb5int_des_string_to_key,
       krb5int_des_prf,
+      krb5int_init_state_enc, krb5int_free_state_enc,
       CKSUMTYPE_RSA_MD4,
       ETYPE_WEAK },
     { ENCTYPE_DES_CBC_MD5,
@@ -68,6 +70,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_old_crypto_length, krb5int_old_encrypt, krb5int_old_decrypt,
       krb5int_des_string_to_key,
       krb5int_des_prf,
+      krb5int_init_state_enc, krb5int_free_state_enc,
       CKSUMTYPE_RSA_MD5,
       ETYPE_WEAK },
     { ENCTYPE_DES_CBC_RAW,
@@ -77,6 +80,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_raw_crypto_length, krb5int_raw_encrypt, krb5int_raw_decrypt,
       krb5int_des_string_to_key,
       krb5int_des_prf,
+      krb5int_init_state_enc, krb5int_free_state_enc,
       0,
       ETYPE_WEAK },
     { ENCTYPE_DES3_CBC_RAW,
@@ -86,6 +90,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_raw_crypto_length, krb5int_raw_encrypt, krb5int_raw_decrypt,
       krb5int_dk_string_to_key,
       NULL, /*PRF*/
+      krb5int_init_state_enc, krb5int_free_state_enc,
       0,
       ETYPE_WEAK },
 
@@ -97,6 +102,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_dk_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
       krb5int_dk_string_to_key,
       krb5int_dk_prf,
+      krb5int_init_state_enc, krb5int_free_state_enc,
       CKSUMTYPE_HMAC_SHA1_DES3,
       0 /*flags*/ },
 
@@ -107,6 +113,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_dk_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
       krb5int_dk_string_to_key,
       NULL, /*PRF*/
+      krb5int_init_state_enc, krb5int_free_state_enc,
       0,
       ETYPE_WEAK },
     { ENCTYPE_ARCFOUR_HMAC,
@@ -118,6 +125,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_arcfour_crypto_length, krb5int_arcfour_encrypt,
       krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
       krb5int_arcfour_prf, /*PRF*/
+      krb5int_init_state_enc, krb5int_free_state_enc,
       CKSUMTYPE_HMAC_MD5_ARCFOUR,
       0 /*flags*/ },
     { ENCTYPE_ARCFOUR_HMAC_EXP,
@@ -129,6 +137,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_arcfour_crypto_length, krb5int_arcfour_encrypt,
       krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
       krb5int_arcfour_prf, /*PRF*/
+      krb5int_init_state_enc, krb5int_free_state_enc,
       CKSUMTYPE_HMAC_MD5_ARCFOUR,
       ETYPE_WEAK
     },
@@ -141,6 +150,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_aes_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
       krb5int_aes_string_to_key,
       krb5int_dk_prf,
+      krb5int_init_state_enc, krb5int_free_state_enc,
       CKSUMTYPE_HMAC_SHA1_96_AES128,
       0 /*flags*/ },
     { ENCTYPE_AES256_CTS_HMAC_SHA1_96,
@@ -151,6 +161,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_aes_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
       krb5int_aes_string_to_key,
       krb5int_dk_prf,
+      krb5int_init_state_enc, krb5int_free_state_enc,
       CKSUMTYPE_HMAC_SHA1_96_AES256,
       0 /*flags*/ },
     { ENCTYPE_CAMELLIA128_CCM_128,
@@ -161,6 +172,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_dk_ccm_crypto_length, krb5int_dk_ccm_encrypt, krb5int_dk_ccm_decrypt,
       krb5int_camellia_ccm_string_to_key,
       krb5int_dk_cmac_prf,
+      krb5int_dk_ccm_init_state, krb5int_dk_ccm_free_state,
       CKSUMTYPE_CMAC_128_CAMELLIA128,
       0 /*flags*/ },
     { ENCTYPE_CAMELLIA256_CCM_128,
@@ -171,6 +183,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_dk_ccm_crypto_length, krb5int_dk_ccm_encrypt, krb5int_dk_ccm_decrypt,
       krb5int_camellia_ccm_string_to_key,
       krb5int_dk_cmac_prf,
+      krb5int_dk_ccm_init_state, krb5int_dk_ccm_free_state,
       CKSUMTYPE_CMAC_128_CAMELLIA256,
       0 /*flags */ },
 };
diff --git a/src/lib/crypto/krb/etypes.h b/src/lib/crypto/krb/etypes.h
index 5b4d49c..70cb7bc 100644
--- a/src/lib/crypto/krb/etypes.h
+++ b/src/lib/crypto/krb/etypes.h
@@ -52,6 +52,14 @@ typedef krb5_error_code (*prf_func)(const struct krb5_keytypes *ktp,
                                     krb5_key key,
                                     const krb5_data *in, krb5_data *out);
 
+typedef krb5_error_code (*init_state_func)(const struct krb5_keytypes *ktp,
+                                           const krb5_keyblock *key,
+                                           krb5_keyusage keyusage,
+                                           krb5_data *out_state);
+
+typedef void (*free_state_func)(const struct krb5_keytypes *ktp,
+                                krb5_data *state);
+
 struct krb5_keytypes {
     krb5_enctype etype;
     char *name;
@@ -65,6 +73,8 @@ struct krb5_keytypes {
     crypt_func decrypt;
     str2key_func str2key;
     prf_func prf;
+    init_state_func init_state;
+    free_state_func free_state;
     krb5_cksumtype required_ctype;
     krb5_flags flags;
 };
@@ -109,4 +119,12 @@ encrypt_block(const struct krb5_enc_provider *enc, krb5_key key,
         return enc->encrypt(key, 0, &iov, 1);
 }
 
+krb5_error_code
+krb5int_init_state_enc(const struct krb5_keytypes *ktp,
+                       const krb5_keyblock *key, krb5_keyusage keyusage,
+                       krb5_data *out_state);
+
+void
+krb5int_free_state_enc(const struct krb5_keytypes *ktp, krb5_data *state);
+
 #endif
diff --git a/src/lib/crypto/krb/state.c b/src/lib/crypto/krb/state.c
index ef0b2b6..4a0bafd 100644
--- a/src/lib/crypto/krb/state.c
+++ b/src/lib/crypto/krb/state.c
@@ -36,6 +36,22 @@
 #include "k5-int.h"
 #include "etypes.h"
 
+/* Most enctypes delegate cipher state handling to the enc provider by using
+ * this function as their init_state methods. */
+krb5_error_code
+krb5int_init_state_enc(const struct krb5_keytypes *ktp,
+                       const krb5_keyblock *key, krb5_keyusage keyusage,
+                       krb5_data *out_state)
+{
+    return ktp->enc->init_state(key, keyusage, out_state);
+}
+
+void
+krb5int_free_state_enc(const struct krb5_keytypes *ktp, krb5_data *state)
+{
+    (void)ktp->enc->free_state(state);
+}
+
 krb5_error_code KRB5_CALLCONV
 krb5_c_init_state (krb5_context context, const krb5_keyblock *key,
                    krb5_keyusage keyusage, krb5_data *new_state)
@@ -45,7 +61,7 @@ krb5_c_init_state (krb5_context context, const krb5_keyblock *key,
     ktp = find_enctype(key->enctype);
     if (ktp == NULL)
         return KRB5_BAD_ENCTYPE;
-    return ktp->enc->init_state(key, keyusage, new_state);
+    return ktp->init_state(ktp, key, keyusage, new_state);
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -57,5 +73,6 @@ krb5_c_free_state(krb5_context context, const krb5_keyblock *key,
     ktp = find_enctype(key->enctype);
     if (ktp == NULL)
         return KRB5_BAD_ENCTYPE;
-    return ktp->enc->free_state(state);
+    ktp->free_state(ktp, state);
+    return 0;
 }
author	Greg Hudson <ghudson@mit.edu>	2010-08-09 18:16:04 +0000
committer	Greg Hudson <ghudson@mit.edu>	2010-08-09 18:16:04 +0000
commit	73181224fd258a022889246d54b0b526f81f3c1d (patch)
tree	105e84cb01ac3dd47f796305705b92120204020d /src
parent	c44bfe2610195b0438c63f8374541491ed54da6c (diff)
download	krb5-73181224fd258a022889246d54b0b526f81f3c1d.zip krb5-73181224fd258a022889246d54b0b526f81f3c1d.tar.gz krb5-73181224fd258a022889246d54b0b526f81f3c1d.tar.bz2