mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Add Camilla cipher suites TLS RFC4132 bug 361025 

code supplied by okazaki@kick.gr.jp
This commit is contained in:
rrelyea%redhat.com 2007-02-28 19:47:40 +00:00
Родитель 16d425bd61
Коммит 75c2698ee0
51 изменённых файлов: 2399 добавлений и 32 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

85
security/nss/cmd/bltest/blapitest.c
Просмотреть файл

@ -671,6 +671,8 @@ typedef enum {
bltestRC5_CBC, /* . */
bltestAES_ECB, /* . */
bltestAES_CBC, /* . */
bltestCAMELLIA_ECB, /* . */
bltestCAMELLIA_CBC, /* . */
bltestRSA, /* Public Key Ciphers */
#ifdef NSS_ENABLE_ECC
bltestECDSA, /* . (Public Key Sig.) */
@ -698,6 +700,8 @@ static char *mode_strings[] =
"rc5_cbc",
"aes_ecb",
"aes_cbc",
"camellia_ecb",
"camellia_cbc",
"rsa",
#ifdef NSS_ENABLE_ECC
"ecdsa",
@ -813,7 +817,7 @@ PRBool
is_symmkeyCipher(bltestCipherMode mode)
{
/* change as needed! */
if (mode >= bltestDES_ECB && mode <= bltestAES_CBC)
if (mode >= bltestDES_ECB && mode <= bltestCAMELLIA_CBC)
return PR_TRUE;
return PR_FALSE;
}
@ -855,7 +859,7 @@ cipher_requires_IV(bltestCipherMode mode)
/* change as needed! */
if (mode == bltestDES_CBC || mode == bltestDES_EDE_CBC ||
mode == bltestRC2_CBC || mode == bltestRC5_CBC ||
mode == bltestAES_CBC)
mode == bltestAES_CBC || mode == bltestCAMELLIA_CBC)
return PR_TRUE;
return PR_FALSE;
}
@ -1089,6 +1093,26 @@ aes_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
input, inputLen);
}
SECStatus
camellia_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
unsigned int maxOutputLen, const unsigned char *input,
unsigned int inputLen)
{
return Camellia_Encrypt((CamelliaContext *)cx, output, outputLen,
maxOutputLen,
input, inputLen);
}
SECStatus
camellia_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
unsigned int maxOutputLen, const unsigned char *input,
unsigned int inputLen)
{
return Camellia_Decrypt((CamelliaContext *)cx, output, outputLen,
maxOutputLen,
input, inputLen);
}
SECStatus
rsa_PublicKeyOp(void *key, SECItem *output, const SECItem *input)
{
@ -1309,6 +1333,49 @@ bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
return SECSuccess;
}
SECStatus
bltest_camellia_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
{
bltestSymmKeyParams *camelliap = &cipherInfo->params.sk;
int minorMode;
int i;
int keylen = camelliap->key.buf.len;
int blocklen = CAMELLIA_BLOCK_SIZE;
PRIntervalTime time1, time2;
switch (cipherInfo->mode) {
case bltestCAMELLIA_ECB: minorMode = NSS_CAMELLIA; break;
case bltestCAMELLIA_CBC: minorMode = NSS_CAMELLIA_CBC; break;
default:
return SECFailure;
}
cipherInfo->cx = (void*)Camellia_CreateContext(camelliap->key.buf.data,
camelliap->iv.buf.data,
minorMode, encrypt,
keylen);
if (cipherInfo->cxreps > 0) {
CamelliaContext **dummycx;
dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(CamelliaContext *));
TIMESTART();
for (i=0; i<cipherInfo->cxreps; i++) {
dummycx[i] = (void*)Camellia_CreateContext(camelliap->key.buf.data,
camelliap->iv.buf.data,
minorMode, encrypt,
keylen);
}
TIMEFINISH(cipherInfo->cxtime, 1.0);
for (i=0; i<cipherInfo->cxreps; i++) {
Camellia_DestroyContext(dummycx[i], PR_TRUE);
}
PORT_Free(dummycx);
}
if (encrypt)
cipherInfo->cipher.symmkeyCipher = camellia_Encrypt;
else
cipherInfo->cipher.symmkeyCipher = camellia_Decrypt;
return SECSuccess;
}
SECStatus
bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
{
@ -1863,6 +1930,12 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
cipherInfo->input.pBuf.len);
return bltest_aes_init(cipherInfo, encrypt);
break;
case bltestCAMELLIA_ECB:
case bltestCAMELLIA_CBC:
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
cipherInfo->input.pBuf.len);
return bltest_camellia_init(cipherInfo, encrypt);
break;
case bltestRSA:
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
cipherInfo->input.pBuf.len);
@ -2313,6 +2386,10 @@ cipherFinish(bltestCipherInfo *cipherInfo)
case bltestAES_CBC:
AES_DestroyContext((AESContext *)cipherInfo->cx, PR_TRUE);
break;
case bltestCAMELLIA_ECB:
case bltestCAMELLIA_CBC:
Camellia_DestroyContext((CamelliaContext *)cipherInfo->cx, PR_TRUE);
break;
case bltestRC2_ECB:
case bltestRC2_CBC:
RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE);
@ -2461,6 +2538,8 @@ print_td:
case bltestDES_EDE_CBC:
case bltestAES_ECB:
case bltestAES_CBC:
case bltestCAMELLIA_ECB:
case bltestCAMELLIA_CBC:
case bltestRC2_ECB:
case bltestRC2_CBC:
case bltestRC4:
@ -2603,6 +2682,7 @@ get_params(PRArenaPool *arena, bltestParams *params,
case bltestDES_EDE_CBC:
case bltestRC2_CBC:
case bltestAES_CBC:
case bltestCAMELLIA_CBC:
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
load_file_data(arena, &params->sk.iv, filename, bltestBinary);
case bltestDES_ECB:
@ -2610,6 +2690,7 @@ get_params(PRArenaPool *arena, bltestParams *params,
case bltestRC2_ECB:
case bltestRC4:
case bltestAES_ECB:
case bltestCAMELLIA_ECB:
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
load_file_data(arena, &params->sk.key, filename, bltestBinary);
break;

1
security/nss/cmd/bltest/tests/camellia_cbc/ciphertext0 Normal file
Просмотреть файл

@ -0,0 +1 @@
taydfPlRJe3wf8Td0xJ9Tw==

1
security/nss/cmd/bltest/tests/camellia_cbc/ciphertext1 Normal file
Просмотреть файл

@ -0,0 +1 @@
yoYCZwKnUMcS4ADHxnwObA==

1
security/nss/cmd/bltest/tests/camellia_cbc/ciphertext2 Normal file
Просмотреть файл

@ -0,0 +1 @@
T+Wn4cs1Sbqrh/XtNd4vzQ==

1
security/nss/cmd/bltest/tests/camellia_cbc/iv0 Normal file
Просмотреть файл

@ -0,0 +1 @@
qwertyuiopasdfgh

1
security/nss/cmd/bltest/tests/camellia_cbc/key0 Normal file
Просмотреть файл

@ -0,0 +1 @@
fedcba9876543210

1
security/nss/cmd/bltest/tests/camellia_cbc/key1 Normal file
Просмотреть файл

@ -0,0 +1 @@
fedcba9876543210fedcba98

1
security/nss/cmd/bltest/tests/camellia_cbc/key2 Normal file
Просмотреть файл

@ -0,0 +1 @@
fedcba9876543210fedcba9876543210

1
security/nss/cmd/bltest/tests/camellia_cbc/numtests Normal file
Просмотреть файл

@ -0,0 +1 @@
3

1
security/nss/cmd/bltest/tests/camellia_cbc/plaintext0 Normal file
Просмотреть файл

@ -0,0 +1 @@
0123456789abcdef

1
security/nss/cmd/bltest/tests/camellia_ecb/ciphertext0 Normal file
Просмотреть файл

@ -0,0 +1 @@
6v0CGxSwow3AhsyhunfdbQ==

1
security/nss/cmd/bltest/tests/camellia_ecb/ciphertext1 Normal file
Просмотреть файл

@ -0,0 +1 @@
Nf1GwJiBtZT+VPJp+gBhPA==

1
security/nss/cmd/bltest/tests/camellia_ecb/ciphertext2 Normal file
Просмотреть файл

@ -0,0 +1 @@
ilB/0K3SI86Oecwh7cruGA==

1
security/nss/cmd/bltest/tests/camellia_ecb/key0 Normal file
Просмотреть файл

@ -0,0 +1 @@
fedcba9876543210

1
security/nss/cmd/bltest/tests/camellia_ecb/key1 Normal file
Просмотреть файл

@ -0,0 +1 @@
fedcba9876543210fedcba98

1
security/nss/cmd/bltest/tests/camellia_ecb/key2 Normal file
Просмотреть файл

@ -0,0 +1 @@
fedcba9876543210fedcba9876543210

1
security/nss/cmd/bltest/tests/camellia_ecb/numtests Normal file
Просмотреть файл

@ -0,0 +1 @@
3

1
security/nss/cmd/bltest/tests/camellia_ecb/plaintext0 Normal file
Просмотреть файл

@ -0,0 +1 @@
0123456789abcdef

2
security/nss/cmd/modutil/modutil.c
Просмотреть файл

@ -749,7 +749,7 @@ usage()
"---------------------------------------------------------------------------\n"
"\n"
"Mechanism lists are colon-separated. The following mechanisms are recognized:\n"
"RSA, DSA, DH, RC2, RC4, RC5, AES, DES, MD2, MD5, SHA1, SHA256, SHA512,\n"
"RSA, DSA, DH, RC2, RC4, RC5, AES, CAMELLIA, DES, MD2, MD5, SHA1, SHA256, SHA512,\n"
"SSL, TLS, RANDOM, and FRIENDLY\n"
"\n"
"Cipher lists are colon-separated. The following ciphers are recognized:\n"

1
security/nss/cmd/modutil/pk11.c
Просмотреть файл

@ -160,6 +160,7 @@ static const MaskString mechanismStrings[] = {
{"SSL", PUBLIC_MECH_SSL_FLAG},
{"TLS", PUBLIC_MECH_TLS_FLAG},
{"AES", PUBLIC_MECH_AES_FLAG},
{"CAMELLIA", PUBLIC_MECH_CAMELLIA_FLAG},
{"SHA256", PUBLIC_MECH_SHA256_FLAG},
{"SHA512", PUBLIC_MECH_SHA512_FLAG},
{"RANDOM", PUBLIC_MECH_RANDOM_FLAG},

10
security/nss/cmd/pk11util/pk11table.c
Просмотреть файл

@ -188,6 +188,7 @@ const Constant _consts[] = {
mkEntry(CKK_JUNIPER, KeyType),
mkEntry(CKK_CDMF, KeyType),
mkEntry(CKK_AES, KeyType),
mkEntry(CKK_CAMELLIA, KeyType),
mkEntry(CKK_NETSCAPE_PKCS8, KeyType),
mkEntry(CKC_X_509, CertType),
@ -476,6 +477,12 @@ const Constant _consts[] = {
mkEntry(CKM_AES_MAC, Mechanism),
mkEntry(CKM_AES_MAC_GENERAL, Mechanism),
mkEntry(CKM_AES_CBC_PAD, Mechanism),
mkEntry(CKM_CAMELLIA_KEY_GEN, Mechanism),
mkEntry(CKM_CAMELLIA_ECB, Mechanism),
mkEntry(CKM_CAMELLIA_CBC, Mechanism),
mkEntry(CKM_CAMELLIA_MAC, Mechanism),
mkEntry(CKM_CAMELLIA_MAC_GENERAL, Mechanism),
mkEntry(CKM_CAMELLIA_CBC_PAD, Mechanism),
mkEntry(CKM_DSA_PARAMETER_GEN, Mechanism),
mkEntry(CKM_DH_PKCS_PARAMETER_GEN, Mechanism),
mkEntry(CKM_NETSCAPE_AES_KEY_WRAP, Mechanism),
@ -1222,9 +1229,10 @@ const Commands _commands[] = {
{ArgVar|ArgNew, ArgVar, ArgULong, ArgNone, ArgNone,
ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
{"NewInitArg", F_NewInitializeArgs,
"NewInitArg varName string\n\n"
"NewInitArg varName flags string\n\n"
"Creates a new init variable.\n"
" varName variable name of the new initArg\n"
" flags value to set the flags field\n"
" string string parameter for init arg\n",
{ArgVar|ArgNew, ArgULong, ArgVar|ArgNew, ArgNone, ArgNone,
ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},

64
security/nss/lib/freebl/blapi.h
Просмотреть файл

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: blapi.h,v 1.25 2006/10/02 21:15:46 julien.pierre.bugs%sun.com Exp $ */
/* $Id: blapi.h,v 1.26 2007/02/28 19:47:37 rrelyea%redhat.com Exp $ */
#ifndef _BLAPI_H_
#define _BLAPI_H_
@ -646,6 +646,68 @@ AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
/******************************************/
/*
** Camellia symmetric block cypher
*/
/*
** Create a new Camellia context suitable for Camellia encryption/decryption.
** "key" raw key data
** "keylen" the number of bytes of key data (16, 24, or 32)
*/
extern CamelliaContext *
Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
int mode, int encrypt, unsigned int keylen);
extern CamelliaContext *Camellia_AllocateContext(void);
extern SECStatus Camellia_InitContext(CamelliaContext *cx,
const unsigned char *key,
unsigned int keylen,
const unsigned char *iv,
int mode,
unsigned int encrypt,
unsigned int unused);
/*
** Destroy a Camellia encryption/decryption context.
** "cx" the context
** "freeit" if PR_TRUE then free the object as well as its sub-objects
*/
extern void
Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit);
/*
** Perform Camellia encryption.
** "cx" the context
** "output" the output buffer to store the encrypted data.
** "outputLen" how much data is stored in "output". Set by the routine
** after some data is stored in output.
** "maxOutputLen" the maximum amount of data that can ever be
** stored in "output"
** "input" the input data
** "inputLen" the amount of input data
*/
extern SECStatus
Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
/*
** Perform Camellia decryption.
** "cx" the context
** "output" the output buffer to store the decrypted data.
** "outputLen" how much data is stored in "output". Set by the routine
** after some data is stored in output.
** "maxOutputLen" the maximum amount of data that can ever be
** stored in "output"
** "input" the input data
** "inputLen" the amount of input data
*/
extern SECStatus
Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
/******************************************/
/*

10
security/nss/lib/freebl/blapit.h
Просмотреть файл

@ -38,7 +38,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: blapit.h,v 1.19 2006/05/22 22:10:40 wtchang%redhat.com Exp $ */
/* $Id: blapit.h,v 1.20 2007/02/28 19:47:37 rrelyea%redhat.com Exp $ */
#ifndef _BLAPIT_H_
#define _BLAPIT_H_
@ -69,6 +69,10 @@
#define NSS_AES 0
#define NSS_AES_CBC 1
/* Camellia operation modes */
#define NSS_CAMELLIA 0
#define NSS_CAMELLIA_CBC 1
#define DSA_SIGNATURE_LEN 40 /* Bytes */
#define DSA_SUBPRIME_LEN 20 /* Bytes */
@ -107,6 +111,8 @@
#define AES_KEY_WRAP_BLOCK_SIZE 8 /* bytes */
#define AES_BLOCK_SIZE 16 /* bytes */
#define CAMELLIA_BLOCK_SIZE 16 /* bytes */
#define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
/*
@ -170,6 +176,7 @@ struct RC2ContextStr ;
struct RC4ContextStr ;
struct RC5ContextStr ;
struct AESContextStr ;
struct CamelliaContextStr ;
struct MD2ContextStr ;
struct MD5ContextStr ;
struct SHA1ContextStr ;
@ -182,6 +189,7 @@ typedef struct RC2ContextStr RC2Context;
typedef struct RC4ContextStr RC4Context;
typedef struct RC5ContextStr RC5Context;
typedef struct AESContextStr AESContext;
typedef struct CamelliaContextStr CamelliaContext;
typedef struct MD2ContextStr MD2Context;
typedef struct MD5ContextStr MD5Context;
typedef struct SHA1ContextStr SHA1Context;

1791
security/nss/lib/freebl/camellia.c Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

79
security/nss/lib/freebl/camellia.h Normal file
Просмотреть файл

@ -0,0 +1,79 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Camellia code.
*
* The Initial Developer of the Original Code is
* NTT(Nippon Telegraph and Telephone Corporation).
*
* Portions created by the Initial Developer are Copyright (C) 2006
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* $Id: camellia.h,v 1.1 2007/02/28 19:47:37 rrelyea%redhat.com Exp $
*/
#ifndef _CAMELLIA_H_
#define _CAMELLIA_H_ 1
#define CAMELLIA_BLOCK_SIZE 16 /* bytes */
#define CAMELLIA_MIN_KEYSIZE 16 /* bytes */
#define CAMELLIA_MAX_KEYSIZE 32 /* bytes */
#define CAMELLIA_MAX_EXPANDEDKEY (34*2) /* 32bit unit */
typedef PRUint32 KEY_TABLE_TYPE[CAMELLIA_MAX_EXPANDEDKEY];
typedef SECStatus CamelliaFunc(CamelliaContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen);
typedef SECStatus CamelliaBlockFunc(const PRUint32 *subkey,
unsigned char *output,
const unsigned char *input);
/* CamelliaContextStr
*
* Values which maintain the state for Camellia encryption/decryption.
*
* keysize - the number of key bits
* worker - the encryption/decryption function to use with this context
* iv - initialization vector for CBC mode
* expandedKey - the round keys in 4-byte words
*/
struct CamelliaContextStr
{
PRUint32 keysize; /* bytes */
CamelliaFunc *worker;
PRUint32 expandedKey[CAMELLIA_MAX_EXPANDEDKEY];
PRUint8 iv[CAMELLIA_BLOCK_SIZE];
};
#endif /* _CAMELLIA_H_ */

9
security/nss/lib/freebl/ldvector.c
Просмотреть файл

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: ldvector.c,v 1.14 2006/02/01 21:18:44 wtchang%redhat.com Exp $ */
/* $Id: ldvector.c,v 1.15 2007/02/28 19:47:37 rrelyea%redhat.com Exp $ */
#include "loader.h"
#include "alghmac.h"
@ -227,6 +227,13 @@ static const struct FREEBLVectorStr vector =
FIPS186Change_ReduceModQForDSA,
/* End of Version 3.009. */
Camellia_InitContext,
Camellia_AllocateContext,
Camellia_CreateContext,
Camellia_DestroyContext,
Camellia_Encrypt,
Camellia_Decrypt,
};
const FREEBLVector *

63
security/nss/lib/freebl/loader.c
Просмотреть файл

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: loader.c,v 1.31 2006/10/02 21:15:46 julien.pierre.bugs%sun.com Exp $ */
/* $Id: loader.c,v 1.32 2007/02/28 19:47:37 rrelyea%redhat.com Exp $ */
#include "loader.h"
#include "prmem.h"
@ -1645,3 +1645,64 @@ FIPS186Change_ReduceModQForDSA(const unsigned char *w,
return SECFailure;
return (vector->p_FIPS186Change_ReduceModQForDSA)(w, q, xj);
}
/* === new for Camellia === */
SECStatus
Camellia_InitContext(CamelliaContext *cx, const unsigned char *key,
unsigned int keylen, const unsigned char *iv, int mode,
unsigned int encrypt, unsigned int unused)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
return (vector->p_Camellia_InitContext)(cx, key, keylen, iv, mode, encrypt,
unused);
}
CamelliaContext *
Camellia_AllocateContext(void)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return NULL;
return (vector->p_Camellia_AllocateContext)();
}
CamelliaContext *
Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
int mode, int encrypt,
unsigned int keylen)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return NULL;
return (vector->p_Camellia_CreateContext)(key, iv, mode, encrypt, keylen);
}
void
Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return ;
(vector->p_Camellia_DestroyContext)(cx, freeit);
}
SECStatus
Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
return (vector->p_Camellia_Encrypt)(cx, output, outputLen, maxOutputLen,
input, inputLen);
}
SECStatus
Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
return (vector->p_Camellia_Decrypt)(cx, output, outputLen, maxOutputLen,
input, inputLen);
}

28
security/nss/lib/freebl/loader.h
Просмотреть файл

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: loader.h,v 1.18 2006/02/01 21:18:44 wtchang%redhat.com Exp $ */
/* $Id: loader.h,v 1.19 2007/02/28 19:47:37 rrelyea%redhat.com Exp $ */
#ifndef _LOADER_H_
#define _LOADER_H_ 1
@ -458,6 +458,32 @@ struct FREEBLVectorStr {
unsigned char *xj);
/* Version 3.009 came to here */
SECStatus (* p_Camellia_InitContext)(CamelliaContext *cx,
const unsigned char *key,
unsigned int keylen,
const unsigned char *iv,
int mode,
unsigned int encrypt,
unsigned int unused);
CamelliaContext *(*p_Camellia_AllocateContext)(void);
CamelliaContext * (* p_Camellia_CreateContext)(const unsigned char *key,
const unsigned char *iv,
int mode, int encrypt,
unsigned int keylen);
void (* p_Camellia_DestroyContext)(CamelliaContext *cx, PRBool freeit);
SECStatus (* p_Camellia_Encrypt)(CamelliaContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen);
SECStatus (* p_Camellia_Decrypt)(CamelliaContext *cx, unsigned char *output,
unsigned int *outputLen,
unsigned int maxOutputLen,
const unsigned char *input,
unsigned int inputLen);
};
typedef struct FREEBLVectorStr FREEBLVector;

2
security/nss/lib/freebl/manifest.mn
Просмотреть файл

@ -135,6 +135,7 @@ CSRCS = \
des.c \
rijndael.c \
aeskeywrap.c \
camellia.c \
dh.c \
ec.c \
pqg.c \
@ -157,6 +158,7 @@ ALL_HDRS = \
ec.h \
loader.h \
rijndael.h \
camellia.h \
secmpi.h \
sha.h \
sha_fast.h \

37
security/nss/lib/pk11wrap/pk11mech.c
Просмотреть файл

@ -79,6 +79,7 @@ CK_MECHANISM_TYPE wrapMechanismList[] = {
CKM_DES3_ECB,
CKM_CAST5_ECB,
CKM_AES_ECB,
CKM_CAMELLIA_ECB,
CKM_CAST5_ECB,
CKM_DES_ECB,
CKM_KEY_WRAP_LYNKS,
@ -175,6 +176,8 @@ CK_MECHANISM_TYPE
PK11_GetKeyMechanism(CK_KEY_TYPE type)
{
switch (type) {
case CKK_CAMELLIA:
return CKM_CAMELLIA_CBC;
case CKK_AES:
return CKM_AES_CBC;
case CKK_DES:
@ -228,6 +231,13 @@ CK_MECHANISM_TYPE
PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len)
{
switch (type) {
case CKM_CAMELLIA_ECB:
case CKM_CAMELLIA_CBC:
case CKM_CAMELLIA_MAC:
case CKM_CAMELLIA_MAC_GENERAL:
case CKM_CAMELLIA_CBC_PAD:
case CKM_CAMELLIA_KEY_GEN:
return CKK_CAMELLIA;
case CKM_AES_ECB:
case CKM_AES_CBC:
case CKM_AES_MAC:
@ -413,6 +423,13 @@ CK_MECHANISM_TYPE
PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size)
{
switch (type) {
case CKM_CAMELLIA_ECB:
case CKM_CAMELLIA_CBC:
case CKM_CAMELLIA_MAC:
case CKM_CAMELLIA_MAC_GENERAL:
case CKM_CAMELLIA_CBC_PAD:
case CKM_CAMELLIA_KEY_GEN:
return CKM_CAMELLIA_KEY_GEN;
case CKM_AES_ECB:
case CKM_AES_CBC:
case CKM_AES_MAC:
@ -655,6 +672,9 @@ PK11_GetBlockSize(CK_MECHANISM_TYPE type,SECItem *params)
case CKM_SKIPJACK_CFB16:
case CKM_SKIPJACK_CFB8:
return 4;
case CKM_CAMELLIA_ECB:
case CKM_CAMELLIA_CBC:
case CKM_CAMELLIA_CBC_PAD:
case CKM_AES_ECB:
case CKM_AES_CBC:
case CKM_AES_CBC_PAD:
@ -692,6 +712,7 @@ int
PK11_GetIVLength(CK_MECHANISM_TYPE type)
{
switch (type) {
case CKM_CAMELLIA_ECB:
case CKM_AES_ECB:
case CKM_DES_ECB:
case CKM_DES3_ECB:
@ -732,6 +753,8 @@ PK11_GetIVLength(CK_MECHANISM_TYPE type)
case CKM_CAST3_CBC_PAD:
case CKM_CAST5_CBC_PAD:
return 8;
case CKM_CAMELLIA_CBC:
case CKM_CAMELLIA_CBC_PAD:
case CKM_AES_CBC:
case CKM_AES_CBC_PAD:
return 16;
@ -786,6 +809,7 @@ PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv)
param->len = 0;
param->type = 0;
switch (type) {
case CKM_CAMELLIA_ECB:
case CKM_AES_ECB:
case CKM_DES_ECB:
case CKM_DES3_ECB:
@ -850,6 +874,7 @@ PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv)
param->data = (unsigned char *) rc5_params;
param->len = sizeof(CK_RC5_PARAMS);
break;
case CKM_CAMELLIA_CBC:
case CKM_AES_CBC:
case CKM_DES_CBC:
case CKM_DES3_CBC:
@ -858,6 +883,7 @@ PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv)
case CKM_CAST_CBC:
case CKM_CAST3_CBC:
case CKM_CAST5_CBC:
case CKM_CAMELLIA_CBC_PAD:
case CKM_AES_CBC_PAD:
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
@ -915,6 +941,7 @@ PK11_IVFromParam(CK_MECHANISM_TYPE type,SECItem *param,int *len)
*len = 0;
switch (type) {
case CKM_CAMELLIA_ECB:
case CKM_AES_ECB:
case CKM_DES_ECB:
case CKM_DES3_ECB:
@ -940,6 +967,7 @@ PK11_IVFromParam(CK_MECHANISM_TYPE type,SECItem *param,int *len)
rc5_cbc_params = (CK_RC5_CBC_PARAMS *) param->data;
*len = rc5_cbc_params->ulIvLen;
return rc5_cbc_params->pIv;
case CKM_CAMELLIA_CBC:
case CKM_AES_CBC:
case CKM_DES_CBC:
case CKM_DES3_CBC:
@ -1195,6 +1223,7 @@ PK11_ParamFromAlgid(SECAlgorithmID *algid)
}
break;
case CKM_RC4:
case CKM_CAMELLIA_ECB:
case CKM_AES_ECB:
case CKM_DES_ECB:
case CKM_DES3_ECB:
@ -1210,6 +1239,7 @@ PK11_ParamFromAlgid(SECAlgorithmID *algid)
break;
}
/* FALL THROUGH */
case CKM_CAMELLIA_CBC:
case CKM_AES_CBC:
case CKM_DES_CBC:
case CKM_DES3_CBC:
@ -1218,6 +1248,7 @@ PK11_ParamFromAlgid(SECAlgorithmID *algid)
case CKM_CAST_CBC:
case CKM_CAST3_CBC:
case CKM_CAST5_CBC:
case CKM_CAMELLIA_CBC_PAD:
case CKM_AES_CBC_PAD:
case CKM_DES_CBC_PAD:
case CKM_DES3_CBC_PAD:
@ -1317,6 +1348,7 @@ PK11_GenerateNewParam(CK_MECHANISM_TYPE type, PK11SymKey *key) {
mech->type = siBuffer;
switch (type) {
case CKM_RC4:
case CKM_CAMELLIA_ECB:
case CKM_AES_ECB:
case CKM_DES_ECB:
case CKM_DES3_ECB:
@ -1378,6 +1410,7 @@ PK11_GenerateNewParam(CK_MECHANISM_TYPE type, PK11SymKey *key) {
mech->len = 0;
break;
}
case CKM_CAMELLIA_CBC:
case CKM_AES_CBC:
case CKM_DES_CBC:
case CKM_DES3_CBC:
@ -1450,6 +1483,7 @@ PK11_ParamToAlgid(SECOidTag algTag, SECItem *param,
rv = SECSuccess;
switch (type) {
case CKM_RC4:
case CKM_CAMELLIA_ECB:
case CKM_AES_ECB:
case CKM_DES_ECB:
case CKM_DES3_ECB:
@ -1531,6 +1565,7 @@ PK11_ParamToAlgid(SECOidTag algTag, SECItem *param,
newParams = NULL;
break;
}
case CKM_CAMELLIA_CBC:
case CKM_AES_CBC:
case CKM_DES_CBC:
case CKM_DES3_CBC:
@ -1605,6 +1640,8 @@ PK11_MechanismToAlgtag(CK_MECHANISM_TYPE type) {
CK_MECHANISM_TYPE
PK11_GetPadMechanism(CK_MECHANISM_TYPE type) {
switch(type) {
case CKM_CAMELLIA_CBC:
return CKM_CAMELLIA_CBC_PAD;
case CKM_AES_CBC:
return CKM_AES_CBC_PAD;
case CKM_DES_CBC:

9
security/nss/lib/pk11wrap/pk11slot.c
Просмотреть файл

@ -69,6 +69,7 @@ PK11DefaultArrayEntry PK11_DefaultArray[] = {
{ "RC4", SECMOD_RC4_FLAG, CKM_RC4 },
{ "DES", SECMOD_DES_FLAG, CKM_DES_CBC },
{ "AES", SECMOD_AES_FLAG, CKM_AES_CBC },
{ "Camellia", SECMOD_CAMELLIA_FLAG, CKM_CAMELLIA_CBC },
{ "RC5", SECMOD_RC5_FLAG, CKM_RC5_CBC },
{ "SHA-1", SECMOD_SHA1_FLAG, CKM_SHA_1 },
{ "SHA256", SECMOD_SHA256_FLAG, CKM_SHA256 },
@ -98,7 +99,8 @@ PK11_GetDefaultArray(int *size)
* These slotlists are lists of modules which provide default support for
* a given algorithm or mechanism.
*/
static PK11SlotList pk11_aesSlotList,
static PK11SlotList pk11_camelliaSlotList,
pk11_aesSlotList,
pk11_desSlotList,
pk11_rc4SlotList,
pk11_rc2SlotList,
@ -752,6 +754,7 @@ pk11_InitSlotListStatic(PK11SlotList *list)
SECStatus
PK11_InitSlotLists(void)
{
pk11_InitSlotListStatic(&pk11_camelliaSlotList);
pk11_InitSlotListStatic(&pk11_aesSlotList);
pk11_InitSlotListStatic(&pk11_desSlotList);
pk11_InitSlotListStatic(&pk11_rc4SlotList);
@ -776,6 +779,7 @@ PK11_InitSlotLists(void)
void
PK11_DestroySlotLists(void)
{
pk11_FreeSlotListStatic(&pk11_camelliaSlotList);
pk11_FreeSlotListStatic(&pk11_aesSlotList);
pk11_FreeSlotListStatic(&pk11_desSlotList);
pk11_FreeSlotListStatic(&pk11_rc4SlotList);
@ -807,6 +811,9 @@ PK11_GetSlotList(CK_MECHANISM_TYPE type)
return NULL;
#endif
switch (type) {
case CKM_CAMELLIA_CBC:
case CKM_CAMELLIA_ECB:
return &pk11_camelliaSlotList;
case CKM_AES_CBC:
case CKM_AES_ECB:
return &pk11_aesSlotList;

1
security/nss/lib/pk11wrap/secmod.h
Просмотреть файл

@ -58,6 +58,7 @@
#define PUBLIC_MECH_AES_FLAG 0x00002000ul
#define PUBLIC_MECH_SHA256_FLAG 0x00004000ul
#define PUBLIC_MECH_SHA512_FLAG 0x00008000ul
#define PUBLIC_MECH_CAMELLIA_FLAG 0x00010000ul
#define PUBLIC_MECH_RANDOM_FLAG 0x08000000ul
#define PUBLIC_MECH_FRIENDLY_FLAG 0x10000000ul

3
security/nss/lib/pk11wrap/secmodt.h
Просмотреть файл

@ -182,6 +182,7 @@ struct PK11DefaultArrayEntryStr {
#define SECMOD_AES_FLAG 0x00002000L
#define SECMOD_SHA256_FLAG 0x00004000L
#define SECMOD_SHA512_FLAG 0x00008000L /* also for SHA384 */
#define SECMOD_CAMELLIA_FLAG 0x00010000L /* = PUBLIC_MECH_CAMELLIA_FLAG */
/* reserved bit for future, do not use */
#define SECMOD_RESERVED_FLAG 0X08000000L
#define SECMOD_FRIENDLY_FLAG 0x10000000L
@ -339,7 +340,7 @@ typedef PRUint32 PK11AttrFlags;
#define SECMOD_FIPS 2 /* internal fips module */
/* default module configuration strings */
#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,SHA256,SHA512]"
#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SHA256,SHA512]"
#define SECMOD_MAKE_NSS_FLAGS(fips,slot) \
"Flags=internal,critical"fips" slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})"

1
security/nss/lib/softoken/pk11pars.h
Просмотреть файл

@ -85,6 +85,7 @@ static struct secmodargSlotFlagTable secmod_argSlotFlagTable[] = {
SECMOD_ARG_ENTRY(SSL,SECMOD_SSL_FLAG),
SECMOD_ARG_ENTRY(TLS,SECMOD_TLS_FLAG),
SECMOD_ARG_ENTRY(AES,SECMOD_AES_FLAG),
SECMOD_ARG_ENTRY(Camellia,SECMOD_CAMELLIA_FLAG),
SECMOD_ARG_ENTRY(PublicCerts,SECMOD_FRIENDLY_FLAG),
SECMOD_ARG_ENTRY(RANDOM,SECMOD_RANDOM_FLAG),
};

11
security/nss/lib/softoken/pkcs11.c
Просмотреть файл

@ -257,11 +257,11 @@ static const struct mechanismList mechanisms[] = {
* The second argument is Mechanism info structure. It includes:
* The minimum key size,
* in bits for RSA, DSA, DH, EC*, KEA, RC2 and RC4 * algs.
* in bytes for RC5, AES, and CAST*
* in bytes for RC5, AES, Camellia, and CAST*
* ignored for DES*, IDEA and FORTEZZA based
* The maximum key size,
* in bits for RSA, DSA, DH, EC*, KEA, RC2 and RC4 * algs.
* in bytes for RC5, AES, and CAST*
* in bytes for RC5, AES, Camellia, and CAST*
* ignored for DES*, IDEA and FORTEZZA based
* Flags
* What operations are supported by this mechanism.
@ -352,6 +352,13 @@ static const struct mechanismList mechanisms[] = {
{CKM_AES_MAC, {16, 32, CKF_SN_VR}, PR_TRUE},
{CKM_AES_MAC_GENERAL, {16, 32, CKF_SN_VR}, PR_TRUE},
{CKM_AES_CBC_PAD, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE},
/* ------------------------- Camellia Operations --------------------- */
{CKM_CAMELLIA_KEY_GEN, {16, 32, CKF_GENERATE}, PR_TRUE},
{CKM_CAMELLIA_ECB, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE},
{CKM_CAMELLIA_CBC, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE},
{CKM_CAMELLIA_MAC, {16, 32, CKF_SN_VR}, PR_TRUE},
{CKM_CAMELLIA_MAC_GENERAL, {16, 32, CKF_SN_VR}, PR_TRUE},
{CKM_CAMELLIA_CBC_PAD, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE},
/* ------------------------- Hashing Operations ----------------------- */
{CKM_MD2, {0, 0, CKF_DIGEST}, PR_FALSE},
{CKM_MD2_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},

46
security/nss/lib/softoken/pkcs11c.c
Просмотреть файл

@ -630,6 +630,37 @@ finish_des:
context->destroy = (SFTKDestroy) DES_DestroyContext;
break;
case CKM_CAMELLIA_CBC_PAD:
context->doPad = PR_TRUE;
/* fall thru */
case CKM_CAMELLIA_ECB:
case CKM_CAMELLIA_CBC:
context->blockSize = 16;
if (key_type != CKK_CAMELLIA) {
crv = CKR_KEY_TYPE_INCONSISTENT;
break;
}
att = sftk_FindAttribute(key,CKA_VALUE);
if (att == NULL) {
crv = CKR_KEY_HANDLE_INVALID;
break;
}
context->cipherInfo = Camellia_CreateContext(
(unsigned char*)att->attrib.pValue,
(unsigned char*)pMechanism->pParameter,
pMechanism->mechanism ==
CKM_CAMELLIA_ECB ? NSS_CAMELLIA : NSS_CAMELLIA_CBC,
isEncrypt, att->attrib.ulValueLen);
sftk_FreeAttribute(att);
if (context->cipherInfo == NULL) {
crv = CKR_HOST_MEMORY;
break;
}
context->update = (SFTKCipher) (isEncrypt ?
Camellia_Encrypt : Camellia_Decrypt);
context->destroy = (SFTKDestroy) Camellia_DestroyContext;
break;
case CKM_AES_CBC_PAD:
context->doPad = PR_TRUE;
/* fall thru */
@ -1562,6 +1593,16 @@ sftk_InitCBCMac(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
cbc_mechanism.pParameter = &ivBlock;
cbc_mechanism.ulParameterLen = blockSize;
break;
case CKM_CAMELLIA_MAC_GENERAL:
mac_bytes = *(CK_ULONG *)pMechanism->pParameter;
/* fall through */
case CKM_CAMELLIA_MAC:
blockSize = 16;
PORT_Memset(ivBlock,0,blockSize);
cbc_mechanism.mechanism = CKM_CAMELLIA_CBC;
cbc_mechanism.pParameter = &ivBlock;
cbc_mechanism.ulParameterLen = blockSize;
break;
case CKM_AES_MAC_GENERAL:
mac_bytes = *(CK_ULONG *)pMechanism->pParameter;
/* fall through */
@ -2708,6 +2749,10 @@ nsc_SetupBulkKeyGen(CK_MECHANISM_TYPE mechanism, CK_KEY_TYPE *key_type,
*key_type = CKK_DES3;
*key_length = 24;
break;
case CKM_CAMELLIA_KEY_GEN:
*key_type = CKK_CAMELLIA;
if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE;
break;
case CKM_AES_KEY_GEN:
*key_type = CKK_AES;
if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE;
@ -2904,6 +2949,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession,
case CKM_RC2_KEY_GEN:
case CKM_RC4_KEY_GEN:
case CKM_GENERIC_SECRET_KEY_GEN:
case CKM_CAMELLIA_KEY_GEN:
case CKM_AES_KEY_GEN:
#if NSS_SOFTOKEN_DOES_RC5
case CKM_RC5_KEY_GEN:

12
security/nss/lib/softoken/pkcs11t.h
Просмотреть файл

@ -426,6 +426,9 @@ typedef CK_ULONG CK_KEY_TYPE;
#define CKK_BLOWFISH 0x00000020
#define CKK_TWOFISH 0x00000021
/* Camellia is proposed for v2.20 Amendment 3 */
#define CKK_CAMELLIA 0x00000025
#define CKK_VENDOR_DEFINED 0x80000000
@ -908,6 +911,15 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
#define CKM_TWOFISH_KEY_GEN 0x00001092
#define CKM_TWOFISH_CBC 0x00001093
/* Camellia is proposed for v2.20 Amendment 3 */
#define CKM_CAMELLIA_KEY_GEN 0x00000550
#define CKM_CAMELLIA_ECB 0x00000551
#define CKM_CAMELLIA_CBC 0x00000552
#define CKM_CAMELLIA_MAC 0x00000553
#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
#define CKM_CAMELLIA_CBC_PAD 0x00000555
#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100

38
security/nss/lib/ssl/ssl3con.c
Просмотреть файл

@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: ssl3con.c,v 1.99 2006/12/08 22:37:29 wtchang%redhat.com Exp $ */
/* $Id: ssl3con.c,v 1.100 2007/02/28 19:47:38 rrelyea%redhat.com Exp $ */
#include "nssrenam.h"
#include "cert.h"
@ -107,12 +107,15 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
#endif /* NSS_ENABLE_ECC */
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
{ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
#ifdef NSS_ENABLE_ECC
{ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
{ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
#endif /* NSS_ENABLE_ECC */
{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
{ TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
#ifdef NSS_ENABLE_ECC
@ -121,6 +124,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
#endif /* NSS_ENABLE_ECC */
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
{ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
{ TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
{ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
@ -130,6 +135,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
{ TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
{ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
#endif /* NSS_ENABLE_ECC */
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
{ SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
{ SSL_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
{ TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
@ -218,6 +224,8 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = {
{cipher_idea, calg_idea, 16, 16, type_block, 8, 8, kg_strong},
{cipher_aes_128, calg_aes, 16, 16, type_block, 16,16, kg_strong},
{cipher_aes_256, calg_aes, 32, 32, type_block, 16,16, kg_strong},
{cipher_camellia_128, calg_camellia,16, 16, type_block, 16,16, kg_strong},
{cipher_camellia_256, calg_camellia,32, 32, type_block, 16,16, kg_strong},
{cipher_missing, calg_null, 0, 0, type_stream, 0, 0, kg_null},
};
@ -315,6 +323,17 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
{TLS_DH_ANON_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon},
#endif
{TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa},
{TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
cipher_camellia_128, mac_sha, kea_dhe_dss},
{TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
cipher_camellia_128, mac_sha, kea_dhe_rsa},
{TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa},
{TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
cipher_camellia_256, mac_sha, kea_dhe_dss},
{TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
cipher_camellia_256, mac_sha, kea_dhe_rsa},
{TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
cipher_des, mac_sha,kea_rsa_export_1024},
{TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
@ -382,6 +401,7 @@ static const SSLCipher2Mech alg2Mech[] = {
{ calg_idea , CKM_IDEA_CBC },
{ calg_fortezza , CKM_SKIPJACK_CBC64 },
{ calg_aes , CKM_AES_CBC },
{ calg_camellia , CKM_CAMELLIA_CBC },
/* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */
};
@ -414,6 +434,8 @@ const char * const ssl3_cipherName[] = {
"IDEA-CBC",
"AES-128",
"AES-256",
"Camellia-128",
"Camellia-256",
"missing"
};
@ -1283,6 +1305,16 @@ const ssl3BulkCipherDef *cipher_def;
pwSpec->destroy = (SSLDestroy) AES_DestroyContext;
break;
case ssl_calg_camellia:
initFn = (BLapiInitContextFunc)Camellia_InitContext;
mode = NSS_CAMELLIA_CBC;
optArg1 = server_encrypts;
optArg2 = CAMELLIA_BLOCK_SIZE;
pwSpec->encode = (SSLCipher) Camellia_Encrypt;
pwSpec->decode = (SSLCipher) Camellia_Decrypt;
pwSpec->destroy = (SSLDestroy) Camellia_DestroyContext;
break;
case ssl_calg_idea:
case ssl_calg_fortezza :
default:
@ -1301,7 +1333,8 @@ const ssl3BulkCipherDef *cipher_def;
goto bail_out;
}
if (calg == ssl_calg_des || calg == ssl_calg_3des || calg == ssl_calg_aes) {
if (calg == ssl_calg_des || calg == ssl_calg_3des || calg == ssl_calg_aes
|| calg == ssl_calg_camellia) {
/* For block ciphers, if the server is encrypting, then the client
* is decrypting, and vice versa.
*/
@ -3686,6 +3719,7 @@ static const CK_MECHANISM_TYPE wrapMechanismList[SSL_NUM_WRAP_MECHS] = {
CKM_SKIPJACK_WRAP,
CKM_SKIPJACK_CBC64,
CKM_AES_ECB,
CKM_CAMELLIA_ECB,
UNKNOWN_WRAP_MECHANISM
};

8
security/nss/lib/ssl/sslenum.c
Просмотреть файл

@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslenum.c,v 1.13 2005/12/14 01:49:39 wtchang%redhat.com Exp $ */
/* $Id: sslenum.c,v 1.14 2007/02/28 19:47:38 rrelyea%redhat.com Exp $ */
#include "ssl.h"
#include "sslproto.h"
@ -51,12 +51,15 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
#endif /* NSS_ENABLE_ECC */
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
#ifdef NSS_ENABLE_ECC
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
#endif /* NSS_ENABLE_ECC */
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
/* 128-bit */
@ -66,6 +69,8 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
#endif /* NSS_ENABLE_ECC */
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
TLS_DHE_DSS_WITH_RC4_128_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
@ -75,6 +80,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
#endif /* NSS_ENABLE_ECC */
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,

11
security/nss/lib/ssl/sslimpl.h
Просмотреть файл

@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslimpl.h,v 1.54 2007/01/31 04:20:26 nelson%bolyard.com Exp $ */
/* $Id: sslimpl.h,v 1.55 2007/02/28 19:47:38 rrelyea%redhat.com Exp $ */
#ifndef __sslimpl_h_
#define __sslimpl_h_
@ -86,6 +86,7 @@ typedef SSLSignType SSL3SignType;
#define calg_idea ssl_calg_idea
#define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */
#define calg_aes ssl_calg_aes
#define calg_camellia ssl_calg_camellia
#define mac_null ssl_mac_null
#define mac_md5 ssl_mac_md5
@ -170,7 +171,7 @@ typedef enum { SSLAppOpRead = 0,
#define SSL3_MASTER_SECRET_LENGTH 48
/* number of wrap mechanisms potentially used to wrap master secrets. */
#define SSL_NUM_WRAP_MECHS 14
#define SSL_NUM_WRAP_MECHS 15
/* This makes the cert cache entry exactly 4k. */
#define SSL_MAX_CACHED_CERT_LEN 4060
@ -311,9 +312,9 @@ typedef struct {
} ssl3CipherSuiteCfg;
#ifdef NSS_ENABLE_ECC
#define ssl_V3_SUITES_IMPLEMENTED 43
#define ssl_V3_SUITES_IMPLEMENTED 49
#else
#define ssl_V3_SUITES_IMPLEMENTED 23
#define ssl_V3_SUITES_IMPLEMENTED 29
#endif /* NSS_ENABLE_ECC */
typedef struct sslOptionsStr {
@ -469,6 +470,8 @@ typedef enum {
cipher_idea,
cipher_aes_128,
cipher_aes_256,
cipher_camellia_128,
cipher_camellia_256,
cipher_missing /* reserved for no such supported cipher */
/* This enum must match ssl3_cipherName[] in ssl3con.c. */
} SSL3BulkCipher;

9
security/nss/lib/ssl/sslinfo.c
Просмотреть файл

@ -34,7 +34,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslinfo.c,v 1.15 2005/12/14 01:49:39 wtchang%redhat.com Exp $ */
/* $Id: sslinfo.c,v 1.16 2007/02/28 19:47:38 rrelyea%redhat.com Exp $ */
#include "ssl.h"
#include "sslimpl.h"
#include "sslproto.h"
@ -109,6 +109,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
#define K_ECDH "ECDH", kt_ecdh
#define K_ECDHE "ECDHE", kt_ecdh
#define C_CAMELLIA "CAMELLIA", calg_camellia
#define C_AES "AES", calg_aes
#define C_RC4 "RC4", calg_rc4
#define C_RC2 "RC2", calg_rc2
@ -131,13 +132,19 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
static const SSLCipherSuiteInfo suiteInfo[] = {
/* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher> <MAC> <FIPS> */
{0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
{0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
{0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
{0,CS(SSL_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, },

16
security/nss/lib/ssl/sslproto.h
Просмотреть файл

@ -39,7 +39,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslproto.h,v 1.11 2006/05/16 01:14:43 wtchang%redhat.com Exp $ */
/* $Id: sslproto.h,v 1.12 2007/02/28 19:47:38 rrelyea%redhat.com Exp $ */
#ifndef __sslproto_h_
#define __sslproto_h_
@ -158,6 +158,13 @@
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
#define TLS_DH_ANON_WITH_AES_256_CBC_SHA 0x003A
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041
#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042
#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043
#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045
#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA 0x0046
#define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062
#define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064
@ -165,6 +172,13 @@
#define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065
#define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084
#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085
#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086
#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088
#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA 0x0089
#define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002
#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003

8
security/nss/lib/ssl/sslsock.c
Просмотреть файл

@ -40,7 +40,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslsock.c,v 1.51 2007/01/31 04:20:26 nelson%bolyard.com Exp $ */
/* $Id: sslsock.c,v 1.52 2007/02/28 19:47:38 rrelyea%redhat.com Exp $ */
#include "seccomon.h"
#include "cert.h"
#include "keyhi.h"
@ -95,6 +95,12 @@ static cipherPolicy ssl_ciphers[] = { /* Export France */
{ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED },
{ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED },
#ifdef NSS_ENABLE_ECC

5
security/nss/lib/ssl/sslt.h
Просмотреть файл

@ -37,7 +37,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: sslt.h,v 1.9 2005/08/16 03:42:26 nelsonb%netscape.com Exp $ */
/* $Id: sslt.h,v 1.10 2007/02/28 19:47:38 rrelyea%redhat.com Exp $ */
#ifndef __sslt_h_
#define __sslt_h_
@ -106,7 +106,8 @@ typedef enum {
ssl_calg_3des = 4,
ssl_calg_idea = 5,
ssl_calg_fortezza = 6, /* deprecated, now unused */
ssl_calg_aes = 7 /* coming soon */
ssl_calg_aes = 7, /* coming soon */
ssl_calg_camellia = 8
} SSLCipherAlgorithm;
typedef enum {

22
security/nss/lib/util/secoid.c
Просмотреть файл

@ -169,6 +169,13 @@
#define ANSI_X962_SIGNATURE_OID ANSI_X962_OID, 0x04
#define ANSI_X962_SPECIFY_OID ANSI_X962_SIGNATURE_OID, 0x03
/* for Camellia: iso(1) member-body(2) jisc(392)
* mitsubishi(200011) isl(61) security(1) algorithm(1)
*/
#define MITSUBISHI_ALG 0x2a,0x83,0x08,0x8c,0x9a,0x4b,0x3d,0x01,0x01
#define CAMELLIA_ENCRYPT_OID MITSUBISHI_ALG,1
#define CAMELLIA_WRAP_OID MITSUBISHI_ALG,3
#define CONST_OID static const unsigned char
CONST_OID md2[] = { DIGEST, 0x02 };
@ -451,6 +458,13 @@ CONST_OID aes256_CFB[] = { AES, 44 };
#endif
CONST_OID aes256_KEY_WRAP[] = { AES, 45 };
CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2};
CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3};
CONST_OID camellia256_CBC[] = { CAMELLIA_ENCRYPT_OID, 4};
CONST_OID camellia128_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 2};
CONST_OID camellia192_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 3};
CONST_OID camellia256_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 4};
CONST_OID sha256[] = { SHAXXX, 1 };
CONST_OID sha384[] = { SHAXXX, 2 };
CONST_OID sha512[] = { SHAXXX, 3 };
@ -1469,6 +1483,14 @@ const static SECOidData oids[] = {
SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE,
"X9.62 ECDSA signature with SHA512", CKM_INVALID_MECHANISM,
INVALID_CERT_EXTENSION ),
/* Camellia algorithm OIDs */
OD( camellia128_CBC, SEC_OID_CAMELLIA_128_CBC,
"CAMELLIA-128-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ),
OD( camellia192_CBC, SEC_OID_CAMELLIA_192_CBC,
"CAMELLIA-192-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ),
OD( camellia256_CBC, SEC_OID_CAMELLIA_256_CBC,
"CAMELLIA-256-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ),
};
/*

8
security/nss/lib/util/secoidt.h
Просмотреть файл

@ -40,7 +40,7 @@
/*
* secoidt.h - public data structures for ASN.1 OID functions
*
* $Id: secoidt.h,v 1.20 2006/02/08 06:14:31 rrelyea%redhat.com Exp $
* $Id: secoidt.h,v 1.21 2007/02/28 19:47:36 rrelyea%redhat.com Exp $
*/
#include "secitem.h"
@ -413,6 +413,12 @@ typedef enum {
SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE = 278,
SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE = 279,
SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE = 280,
/* Camellia OIDs (RFC3657)*/
SEC_OID_CAMELLIA_128_CBC = 281,
SEC_OID_CAMELLIA_192_CBC = 282,
SEC_OID_CAMELLIA_256_CBC = 283,
SEC_OID_TOTAL
} SECOidTag;

4
security/nss/tests/cipher/cipher.txt
Просмотреть файл

@ -17,6 +17,10 @@
0 aes_ecb_-D AES_ECB_Decrypt
0 aes_cbc_-E AES_CBC_Encrypt
0 aes_cbc_-D AES_CBC_Decrypt
0 camellia_ecb_-E Camellia_ECB_Encrypt
0 camellia_ecb_-D Camellia_ECB_Decrypt
0 camellia_cbc_-E Camellia_CBC_Encrypt
0 camellia_cbc_-D Camellia_CBC_Decrypt
0 rc2_ecb_-E RC2_ECB_Encrypt
0 rc2_ecb_-D RC2_ECB_Decrypt
0 rc2_cbc_-E RC2_CBC_Encrypt

8
security/nss/tests/cipher/performance.sh
Просмотреть файл

@ -37,7 +37,7 @@ do
if [ $mode != "#" ]; then
echo "bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps"
bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps >> ${SKPERFOUT}
mv "tmp.in" "$mode.in"
mv "tmp.in.0" "$mode.in"
mv tmp.key $mode.key
if [ -f tmp.iv ]; then
mv tmp.iv $mode.iv
@ -66,7 +66,7 @@ do
if [ $mode != "#" ]; then
echo "bltest -N -m $mode -b $bufsize -e $exp -g $keysize -u $cxreps"
bltest -N -m $mode -b $bufsize -e $exp -g $keysize -u $cxreps >> ${RSAPERFOUT}
mv "tmp.in" "$mode.in"
mv "tmp.in.0" "$mode.in"
mv tmp.key $mode.key
echo "bltest -E -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out"
bltest -E -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out >> ${RSAPERFOUT}
@ -95,7 +95,7 @@ do
if [ $mode != "#" ]; then
echo "bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps"
bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps >> ${DSAPERFOUT}
mv "tmp.in" "$mode.in"
mv "tmp.in.0" "$mode.in"
mv tmp.key $mode.key
echo "bltest -S -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out"
bltest -S -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out >> ${DSAPERFOUT}
@ -123,7 +123,7 @@ do
if [ $mode != "#" ]; then
echo "bltest -N -m $mode -b $bufsize"
bltest -N -m $mode -b $bufsize
mv "tmp.in" "$mode.in"
mv "tmp.in.0" "$mode.in"
echo "bltest -H -m $mode -i ${CIPHERDIR}/$mode.in -p $reps -o ${CIPHERDIR}/$mode.out"
bltest -H -m $mode -i ${CIPHERDIR}/$mode.in -p $reps -o ${CIPHERDIR}/$mode.out >> ${HASHPERFOUT}
fi

4
security/nss/tests/cipher/symmkey.txt
Просмотреть файл

@ -21,3 +21,7 @@
aes_cbc 16 8192 10000 100000
aes_ecb 32 8192 10000 100000
aes_cbc 32 8192 10000 100000
camellia_ecb 16 8192 10000 100000
camellia_cbc 16 8192 10000 100000
camellia_ecb 32 8192 10000 100000
camellia_cbc 32 8192 10000 100000

5
security/nss/tests/ssl/ssl.sh
Просмотреть файл

@ -771,8 +771,9 @@ ssl_run()
#this script may be sourced from the distributed stress test - in this case do nothing...
CSHORT="-c ABCDEFcdefgijklmnvyz"
CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014cdefgijklmnvyz"
CSHORT="-c ABCDEF:0041:0084cdefgijklmnvyz"
CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:0041:0084cdefgijklmnvyz"
if [ -z "$DO_REM_ST" -a -z "$DO_DIST_ST" ] ; then

4
security/nss/tests/ssl/sslcov.txt
Просмотреть файл

@ -31,6 +31,8 @@
noECC noTLS v SSL3_RSA_WITH_AES_128_CBC_SHA
noECC noTLS y SSL3_RSA_WITH_AES_256_CBC_SHA
noECC noTLS z SSL3_RSA_WITH_NULL_SHA
noECC noTLS :0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
noECC noTLS :0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
#
noECC TLS c TLS_RSA_WITH_RC4_128_MD5
noECC TLS d TLS_RSA_WITH_3DES_EDE_CBC_SHA
@ -46,6 +48,8 @@
noECC TLS v TLS_RSA_WITH_AES_128_CBC_SHA
noECC TLS y TLS_RSA_WITH_AES_256_CBC_SHA
noECC TLS z TLS_RSA_WITH_NULL_SHA
noECC TLS :0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
noECC TLS :0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
#
# ECC ciphers (SSL3)
#