From 75c2698ee0b3c847e33db90779a55320458ed88f Mon Sep 17 00:00:00 2001 From: "rrelyea%redhat.com" Date: Wed, 28 Feb 2007 19:47:40 +0000 Subject: [PATCH] Add Camilla cipher suites TLS RFC4132 bug 361025 code supplied by okazaki@kick.gr.jp --- security/nss/cmd/bltest/blapitest.c | 85 +- .../cmd/bltest/tests/camellia_cbc/ciphertext0 | 1 + .../cmd/bltest/tests/camellia_cbc/ciphertext1 | 1 + .../cmd/bltest/tests/camellia_cbc/ciphertext2 | 1 + .../nss/cmd/bltest/tests/camellia_cbc/iv0 | 1 + .../nss/cmd/bltest/tests/camellia_cbc/key0 | 1 + .../nss/cmd/bltest/tests/camellia_cbc/key1 | 1 + .../nss/cmd/bltest/tests/camellia_cbc/key2 | 1 + .../cmd/bltest/tests/camellia_cbc/numtests | 1 + .../cmd/bltest/tests/camellia_cbc/plaintext0 | 1 + .../cmd/bltest/tests/camellia_ecb/ciphertext0 | 1 + .../cmd/bltest/tests/camellia_ecb/ciphertext1 | 1 + .../cmd/bltest/tests/camellia_ecb/ciphertext2 | 1 + .../nss/cmd/bltest/tests/camellia_ecb/key0 | 1 + .../nss/cmd/bltest/tests/camellia_ecb/key1 | 1 + .../nss/cmd/bltest/tests/camellia_ecb/key2 | 1 + .../cmd/bltest/tests/camellia_ecb/numtests | 1 + .../cmd/bltest/tests/camellia_ecb/plaintext0 | 1 + security/nss/cmd/modutil/modutil.c | 2 +- security/nss/cmd/modutil/pk11.c | 1 + security/nss/cmd/pk11util/pk11table.c | 10 +- security/nss/lib/freebl/blapi.h | 64 +- security/nss/lib/freebl/blapit.h | 10 +- security/nss/lib/freebl/camellia.c | 1791 +++++++++++++++++ security/nss/lib/freebl/camellia.h | 79 + security/nss/lib/freebl/ldvector.c | 9 +- security/nss/lib/freebl/loader.c | 63 +- security/nss/lib/freebl/loader.h | 28 +- security/nss/lib/freebl/manifest.mn | 2 + security/nss/lib/pk11wrap/pk11mech.c | 37 + security/nss/lib/pk11wrap/pk11slot.c | 9 +- security/nss/lib/pk11wrap/secmod.h | 1 + security/nss/lib/pk11wrap/secmodt.h | 3 +- security/nss/lib/softoken/pk11pars.h | 1 + security/nss/lib/softoken/pkcs11.c | 11 +- security/nss/lib/softoken/pkcs11c.c | 46 + security/nss/lib/softoken/pkcs11t.h | 12 + security/nss/lib/ssl/ssl3con.c | 38 +- security/nss/lib/ssl/sslenum.c | 8 +- security/nss/lib/ssl/sslimpl.h | 11 +- security/nss/lib/ssl/sslinfo.c | 9 +- security/nss/lib/ssl/sslproto.h | 16 +- security/nss/lib/ssl/sslsock.c | 8 +- security/nss/lib/ssl/sslt.h | 5 +- security/nss/lib/util/secoid.c | 22 + security/nss/lib/util/secoidt.h | 8 +- security/nss/tests/cipher/cipher.txt | 4 + security/nss/tests/cipher/performance.sh | 8 +- security/nss/tests/cipher/symmkey.txt | 4 + security/nss/tests/ssl/ssl.sh | 5 +- security/nss/tests/ssl/sslcov.txt | 4 + 51 files changed, 2399 insertions(+), 32 deletions(-) create mode 100644 security/nss/cmd/bltest/tests/camellia_cbc/ciphertext0 create mode 100644 security/nss/cmd/bltest/tests/camellia_cbc/ciphertext1 create mode 100644 security/nss/cmd/bltest/tests/camellia_cbc/ciphertext2 create mode 100644 security/nss/cmd/bltest/tests/camellia_cbc/iv0 create mode 100644 security/nss/cmd/bltest/tests/camellia_cbc/key0 create mode 100644 security/nss/cmd/bltest/tests/camellia_cbc/key1 create mode 100644 security/nss/cmd/bltest/tests/camellia_cbc/key2 create mode 100644 security/nss/cmd/bltest/tests/camellia_cbc/numtests create mode 100644 security/nss/cmd/bltest/tests/camellia_cbc/plaintext0 create mode 100644 security/nss/cmd/bltest/tests/camellia_ecb/ciphertext0 create mode 100644 security/nss/cmd/bltest/tests/camellia_ecb/ciphertext1 create mode 100644 security/nss/cmd/bltest/tests/camellia_ecb/ciphertext2 create mode 100644 security/nss/cmd/bltest/tests/camellia_ecb/key0 create mode 100644 security/nss/cmd/bltest/tests/camellia_ecb/key1 create mode 100644 security/nss/cmd/bltest/tests/camellia_ecb/key2 create mode 100644 security/nss/cmd/bltest/tests/camellia_ecb/numtests create mode 100644 security/nss/cmd/bltest/tests/camellia_ecb/plaintext0 create mode 100644 security/nss/lib/freebl/camellia.c create mode 100644 security/nss/lib/freebl/camellia.h diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c index 50daac1d9d95..fccb2af6185e 100644 --- a/security/nss/cmd/bltest/blapitest.c +++ b/security/nss/cmd/bltest/blapitest.c @@ -671,6 +671,8 @@ typedef enum { bltestRC5_CBC, /* . */ bltestAES_ECB, /* . */ bltestAES_CBC, /* . */ + bltestCAMELLIA_ECB, /* . */ + bltestCAMELLIA_CBC, /* . */ bltestRSA, /* Public Key Ciphers */ #ifdef NSS_ENABLE_ECC bltestECDSA, /* . (Public Key Sig.) */ @@ -698,6 +700,8 @@ static char *mode_strings[] = "rc5_cbc", "aes_ecb", "aes_cbc", + "camellia_ecb", + "camellia_cbc", "rsa", #ifdef NSS_ENABLE_ECC "ecdsa", @@ -813,7 +817,7 @@ PRBool is_symmkeyCipher(bltestCipherMode mode) { /* change as needed! */ - if (mode >= bltestDES_ECB && mode <= bltestAES_CBC) + if (mode >= bltestDES_ECB && mode <= bltestCAMELLIA_CBC) return PR_TRUE; return PR_FALSE; } @@ -855,7 +859,7 @@ cipher_requires_IV(bltestCipherMode mode) /* change as needed! */ if (mode == bltestDES_CBC || mode == bltestDES_EDE_CBC || mode == bltestRC2_CBC || mode == bltestRC5_CBC || - mode == bltestAES_CBC) + mode == bltestAES_CBC || mode == bltestCAMELLIA_CBC) return PR_TRUE; return PR_FALSE; } @@ -1089,6 +1093,26 @@ aes_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, input, inputLen); } +SECStatus +camellia_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen, + unsigned int maxOutputLen, const unsigned char *input, + unsigned int inputLen) +{ + return Camellia_Encrypt((CamelliaContext *)cx, output, outputLen, + maxOutputLen, + input, inputLen); +} + +SECStatus +camellia_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen, + unsigned int maxOutputLen, const unsigned char *input, + unsigned int inputLen) +{ + return Camellia_Decrypt((CamelliaContext *)cx, output, outputLen, + maxOutputLen, + input, inputLen); +} + SECStatus rsa_PublicKeyOp(void *key, SECItem *output, const SECItem *input) { @@ -1309,6 +1333,49 @@ bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt) return SECSuccess; } +SECStatus +bltest_camellia_init(bltestCipherInfo *cipherInfo, PRBool encrypt) +{ + bltestSymmKeyParams *camelliap = &cipherInfo->params.sk; + int minorMode; + int i; + int keylen = camelliap->key.buf.len; + int blocklen = CAMELLIA_BLOCK_SIZE; + PRIntervalTime time1, time2; + + switch (cipherInfo->mode) { + case bltestCAMELLIA_ECB: minorMode = NSS_CAMELLIA; break; + case bltestCAMELLIA_CBC: minorMode = NSS_CAMELLIA_CBC; break; + default: + return SECFailure; + } + cipherInfo->cx = (void*)Camellia_CreateContext(camelliap->key.buf.data, + camelliap->iv.buf.data, + minorMode, encrypt, + keylen); + if (cipherInfo->cxreps > 0) { + CamelliaContext **dummycx; + dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(CamelliaContext *)); + TIMESTART(); + for (i=0; icxreps; i++) { + dummycx[i] = (void*)Camellia_CreateContext(camelliap->key.buf.data, + camelliap->iv.buf.data, + minorMode, encrypt, + keylen); + } + TIMEFINISH(cipherInfo->cxtime, 1.0); + for (i=0; icxreps; i++) { + Camellia_DestroyContext(dummycx[i], PR_TRUE); + } + PORT_Free(dummycx); + } + if (encrypt) + cipherInfo->cipher.symmkeyCipher = camellia_Encrypt; + else + cipherInfo->cipher.symmkeyCipher = camellia_Decrypt; + return SECSuccess; +} + SECStatus bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) { @@ -1863,6 +1930,12 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt) cipherInfo->input.pBuf.len); return bltest_aes_init(cipherInfo, encrypt); break; + case bltestCAMELLIA_ECB: + case bltestCAMELLIA_CBC: + SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, + cipherInfo->input.pBuf.len); + return bltest_camellia_init(cipherInfo, encrypt); + break; case bltestRSA: SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, cipherInfo->input.pBuf.len); @@ -2313,6 +2386,10 @@ cipherFinish(bltestCipherInfo *cipherInfo) case bltestAES_CBC: AES_DestroyContext((AESContext *)cipherInfo->cx, PR_TRUE); break; + case bltestCAMELLIA_ECB: + case bltestCAMELLIA_CBC: + Camellia_DestroyContext((CamelliaContext *)cipherInfo->cx, PR_TRUE); + break; case bltestRC2_ECB: case bltestRC2_CBC: RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE); @@ -2461,6 +2538,8 @@ print_td: case bltestDES_EDE_CBC: case bltestAES_ECB: case bltestAES_CBC: + case bltestCAMELLIA_ECB: + case bltestCAMELLIA_CBC: case bltestRC2_ECB: case bltestRC2_CBC: case bltestRC4: @@ -2603,6 +2682,7 @@ get_params(PRArenaPool *arena, bltestParams *params, case bltestDES_EDE_CBC: case bltestRC2_CBC: case bltestAES_CBC: + case bltestCAMELLIA_CBC: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j); load_file_data(arena, ¶ms->sk.iv, filename, bltestBinary); case bltestDES_ECB: @@ -2610,6 +2690,7 @@ get_params(PRArenaPool *arena, bltestParams *params, case bltestRC2_ECB: case bltestRC4: case bltestAES_ECB: + case bltestCAMELLIA_ECB: sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); load_file_data(arena, ¶ms->sk.key, filename, bltestBinary); break; diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext0 b/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext0 new file mode 100644 index 000000000000..e7895954ab47 --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext0 @@ -0,0 +1 @@ +taydfPlRJe3wf8Td0xJ9Tw== diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext1 b/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext1 new file mode 100644 index 000000000000..7dbd9b036e9f --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext1 @@ -0,0 +1 @@ +yoYCZwKnUMcS4ADHxnwObA== diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext2 b/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext2 new file mode 100644 index 000000000000..007a2b0fafec --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext2 @@ -0,0 +1 @@ +T+Wn4cs1Sbqrh/XtNd4vzQ== diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/iv0 b/security/nss/cmd/bltest/tests/camellia_cbc/iv0 new file mode 100644 index 000000000000..4e65bc034778 --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_cbc/iv0 @@ -0,0 +1 @@ +qwertyuiopasdfgh diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/key0 b/security/nss/cmd/bltest/tests/camellia_cbc/key0 new file mode 100644 index 000000000000..13911cc29af0 --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_cbc/key0 @@ -0,0 +1 @@ +fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/key1 b/security/nss/cmd/bltest/tests/camellia_cbc/key1 new file mode 100644 index 000000000000..a9cb2f12f849 --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_cbc/key1 @@ -0,0 +1 @@ +fedcba9876543210fedcba98 diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/key2 b/security/nss/cmd/bltest/tests/camellia_cbc/key2 new file mode 100644 index 000000000000..ab55fe2ee54f --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_cbc/key2 @@ -0,0 +1 @@ +fedcba9876543210fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/numtests b/security/nss/cmd/bltest/tests/camellia_cbc/numtests new file mode 100644 index 000000000000..00750edc07d6 --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_cbc/numtests @@ -0,0 +1 @@ +3 diff --git a/security/nss/cmd/bltest/tests/camellia_cbc/plaintext0 b/security/nss/cmd/bltest/tests/camellia_cbc/plaintext0 new file mode 100644 index 000000000000..8d6a8d555b67 --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_cbc/plaintext0 @@ -0,0 +1 @@ +0123456789abcdef diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext0 b/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext0 new file mode 100644 index 000000000000..084ba780eef1 --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext0 @@ -0,0 +1 @@ +6v0CGxSwow3AhsyhunfdbQ== diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext1 b/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext1 new file mode 100644 index 000000000000..dbd6e5f420ad --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext1 @@ -0,0 +1 @@ +Nf1GwJiBtZT+VPJp+gBhPA== diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext2 b/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext2 new file mode 100644 index 000000000000..0b278ce2a617 --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext2 @@ -0,0 +1 @@ +ilB/0K3SI86Oecwh7cruGA== diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/key0 b/security/nss/cmd/bltest/tests/camellia_ecb/key0 new file mode 100644 index 000000000000..13911cc29af0 --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_ecb/key0 @@ -0,0 +1 @@ +fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/key1 b/security/nss/cmd/bltest/tests/camellia_ecb/key1 new file mode 100644 index 000000000000..a9cb2f12f849 --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_ecb/key1 @@ -0,0 +1 @@ +fedcba9876543210fedcba98 diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/key2 b/security/nss/cmd/bltest/tests/camellia_ecb/key2 new file mode 100644 index 000000000000..ab55fe2ee54f --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_ecb/key2 @@ -0,0 +1 @@ +fedcba9876543210fedcba9876543210 diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/numtests b/security/nss/cmd/bltest/tests/camellia_ecb/numtests new file mode 100644 index 000000000000..00750edc07d6 --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_ecb/numtests @@ -0,0 +1 @@ +3 diff --git a/security/nss/cmd/bltest/tests/camellia_ecb/plaintext0 b/security/nss/cmd/bltest/tests/camellia_ecb/plaintext0 new file mode 100644 index 000000000000..8d6a8d555b67 --- /dev/null +++ b/security/nss/cmd/bltest/tests/camellia_ecb/plaintext0 @@ -0,0 +1 @@ +0123456789abcdef diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c index b749357302af..d068c2bf3d39 100644 --- a/security/nss/cmd/modutil/modutil.c +++ b/security/nss/cmd/modutil/modutil.c @@ -749,7 +749,7 @@ usage() "---------------------------------------------------------------------------\n" "\n" "Mechanism lists are colon-separated. The following mechanisms are recognized:\n" -"RSA, DSA, DH, RC2, RC4, RC5, AES, DES, MD2, MD5, SHA1, SHA256, SHA512,\n" +"RSA, DSA, DH, RC2, RC4, RC5, AES, CAMELLIA, DES, MD2, MD5, SHA1, SHA256, SHA512,\n" "SSL, TLS, RANDOM, and FRIENDLY\n" "\n" "Cipher lists are colon-separated. The following ciphers are recognized:\n" diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c index 36ffdf8cd951..6988931a8e79 100644 --- a/security/nss/cmd/modutil/pk11.c +++ b/security/nss/cmd/modutil/pk11.c @@ -160,6 +160,7 @@ static const MaskString mechanismStrings[] = { {"SSL", PUBLIC_MECH_SSL_FLAG}, {"TLS", PUBLIC_MECH_TLS_FLAG}, {"AES", PUBLIC_MECH_AES_FLAG}, + {"CAMELLIA", PUBLIC_MECH_CAMELLIA_FLAG}, {"SHA256", PUBLIC_MECH_SHA256_FLAG}, {"SHA512", PUBLIC_MECH_SHA512_FLAG}, {"RANDOM", PUBLIC_MECH_RANDOM_FLAG}, diff --git a/security/nss/cmd/pk11util/pk11table.c b/security/nss/cmd/pk11util/pk11table.c index 1f1406a65e43..c233fd80d052 100644 --- a/security/nss/cmd/pk11util/pk11table.c +++ b/security/nss/cmd/pk11util/pk11table.c @@ -188,6 +188,7 @@ const Constant _consts[] = { mkEntry(CKK_JUNIPER, KeyType), mkEntry(CKK_CDMF, KeyType), mkEntry(CKK_AES, KeyType), + mkEntry(CKK_CAMELLIA, KeyType), mkEntry(CKK_NETSCAPE_PKCS8, KeyType), mkEntry(CKC_X_509, CertType), @@ -476,6 +477,12 @@ const Constant _consts[] = { mkEntry(CKM_AES_MAC, Mechanism), mkEntry(CKM_AES_MAC_GENERAL, Mechanism), mkEntry(CKM_AES_CBC_PAD, Mechanism), + mkEntry(CKM_CAMELLIA_KEY_GEN, Mechanism), + mkEntry(CKM_CAMELLIA_ECB, Mechanism), + mkEntry(CKM_CAMELLIA_CBC, Mechanism), + mkEntry(CKM_CAMELLIA_MAC, Mechanism), + mkEntry(CKM_CAMELLIA_MAC_GENERAL, Mechanism), + mkEntry(CKM_CAMELLIA_CBC_PAD, Mechanism), mkEntry(CKM_DSA_PARAMETER_GEN, Mechanism), mkEntry(CKM_DH_PKCS_PARAMETER_GEN, Mechanism), mkEntry(CKM_NETSCAPE_AES_KEY_WRAP, Mechanism), @@ -1222,9 +1229,10 @@ const Commands _commands[] = { {ArgVar|ArgNew, ArgVar, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, {"NewInitArg", F_NewInitializeArgs, -"NewInitArg varName string\n\n" +"NewInitArg varName flags string\n\n" "Creates a new init variable.\n" " varName variable name of the new initArg\n" +" flags value to set the flags field\n" " string string parameter for init arg\n", {ArgVar|ArgNew, ArgULong, ArgVar|ArgNew, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }}, diff --git a/security/nss/lib/freebl/blapi.h b/security/nss/lib/freebl/blapi.h index 846f8800a7b2..9d12188e9dda 100644 --- a/security/nss/lib/freebl/blapi.h +++ b/security/nss/lib/freebl/blapi.h @@ -37,7 +37,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: blapi.h,v 1.25 2006/10/02 21:15:46 julien.pierre.bugs%sun.com Exp $ */ +/* $Id: blapi.h,v 1.26 2007/02/28 19:47:37 rrelyea%redhat.com Exp $ */ #ifndef _BLAPI_H_ #define _BLAPI_H_ @@ -646,6 +646,68 @@ AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output, unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen); + /******************************************/ +/* +** Camellia symmetric block cypher +*/ + +/* +** Create a new Camellia context suitable for Camellia encryption/decryption. +** "key" raw key data +** "keylen" the number of bytes of key data (16, 24, or 32) +*/ +extern CamelliaContext * +Camellia_CreateContext(const unsigned char *key, const unsigned char *iv, + int mode, int encrypt, unsigned int keylen); + +extern CamelliaContext *Camellia_AllocateContext(void); +extern SECStatus Camellia_InitContext(CamelliaContext *cx, + const unsigned char *key, + unsigned int keylen, + const unsigned char *iv, + int mode, + unsigned int encrypt, + unsigned int unused); +/* +** Destroy a Camellia encryption/decryption context. +** "cx" the context +** "freeit" if PR_TRUE then free the object as well as its sub-objects +*/ +extern void +Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit); + +/* +** Perform Camellia encryption. +** "cx" the context +** "output" the output buffer to store the encrypted data. +** "outputLen" how much data is stored in "output". Set by the routine +** after some data is stored in output. +** "maxOutputLen" the maximum amount of data that can ever be +** stored in "output" +** "input" the input data +** "inputLen" the amount of input data +*/ +extern SECStatus +Camellia_Encrypt(CamelliaContext *cx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen); + +/* +** Perform Camellia decryption. +** "cx" the context +** "output" the output buffer to store the decrypted data. +** "outputLen" how much data is stored in "output". Set by the routine +** after some data is stored in output. +** "maxOutputLen" the maximum amount of data that can ever be +** stored in "output" +** "input" the input data +** "inputLen" the amount of input data +*/ +extern SECStatus +Camellia_Decrypt(CamelliaContext *cx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen); + /******************************************/ /* diff --git a/security/nss/lib/freebl/blapit.h b/security/nss/lib/freebl/blapit.h index e7aa212b5b51..a0a6d21574b8 100644 --- a/security/nss/lib/freebl/blapit.h +++ b/security/nss/lib/freebl/blapit.h @@ -38,7 +38,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: blapit.h,v 1.19 2006/05/22 22:10:40 wtchang%redhat.com Exp $ */ +/* $Id: blapit.h,v 1.20 2007/02/28 19:47:37 rrelyea%redhat.com Exp $ */ #ifndef _BLAPIT_H_ #define _BLAPIT_H_ @@ -69,6 +69,10 @@ #define NSS_AES 0 #define NSS_AES_CBC 1 +/* Camellia operation modes */ +#define NSS_CAMELLIA 0 +#define NSS_CAMELLIA_CBC 1 + #define DSA_SIGNATURE_LEN 40 /* Bytes */ #define DSA_SUBPRIME_LEN 20 /* Bytes */ @@ -107,6 +111,8 @@ #define AES_KEY_WRAP_BLOCK_SIZE 8 /* bytes */ #define AES_BLOCK_SIZE 16 /* bytes */ +#define CAMELLIA_BLOCK_SIZE 16 /* bytes */ + #define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048 /* @@ -170,6 +176,7 @@ struct RC2ContextStr ; struct RC4ContextStr ; struct RC5ContextStr ; struct AESContextStr ; +struct CamelliaContextStr ; struct MD2ContextStr ; struct MD5ContextStr ; struct SHA1ContextStr ; @@ -182,6 +189,7 @@ typedef struct RC2ContextStr RC2Context; typedef struct RC4ContextStr RC4Context; typedef struct RC5ContextStr RC5Context; typedef struct AESContextStr AESContext; +typedef struct CamelliaContextStr CamelliaContext; typedef struct MD2ContextStr MD2Context; typedef struct MD5ContextStr MD5Context; typedef struct SHA1ContextStr SHA1Context; diff --git a/security/nss/lib/freebl/camellia.c b/security/nss/lib/freebl/camellia.c new file mode 100644 index 000000000000..4841fc810376 --- /dev/null +++ b/security/nss/lib/freebl/camellia.c @@ -0,0 +1,1791 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Camellia code. + * + * The Initial Developer of the Original Code is + * NTT(Nippon Telegraph and Telephone Corporation). + * + * Portions created by the Initial Developer are Copyright (C) 2006 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +/* + * $Id: camellia.c,v 1.1 2007/02/28 19:47:37 rrelyea%redhat.com Exp $ + */ + +#include "prinit.h" +#include "prerr.h" +#include "secerr.h" + +#include "prtypes.h" +#include "blapi.h" +#include "camellia.h" + + +/* key constants */ + +#define CAMELLIA_SIGMA1L (0xA09E667FL) +#define CAMELLIA_SIGMA1R (0x3BCC908BL) +#define CAMELLIA_SIGMA2L (0xB67AE858L) +#define CAMELLIA_SIGMA2R (0x4CAA73B2L) +#define CAMELLIA_SIGMA3L (0xC6EF372FL) +#define CAMELLIA_SIGMA3R (0xE94F82BEL) +#define CAMELLIA_SIGMA4L (0x54FF53A5L) +#define CAMELLIA_SIGMA4R (0xF1D36F1CL) +#define CAMELLIA_SIGMA5L (0x10E527FAL) +#define CAMELLIA_SIGMA5R (0xDE682D1DL) +#define CAMELLIA_SIGMA6L (0xB05688C2L) +#define CAMELLIA_SIGMA6R (0xB3E6C1FDL) + +/* + * macros + */ + + +#if defined(_MSC_VER) + +# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) +# define GETU32(p) SWAP(*((PRUint32 *)(p))) +# define PUTU32(ct, st) {*((PRUint32 *)(ct)) = SWAP((st));} + +#else /* not MS-VC */ + +# define GETU32(pt) \ + (((PRUint32)(pt)[0] << 24) \ + ^ ((PRUint32)(pt)[1] << 16) \ + ^ ((PRUint32)(pt)[2] << 8) \ + ^ ((PRUint32)(pt)[3])) + +# define PUTU32(ct, st) { \ + (ct)[0] = (PRUint8)((st) >> 24); \ + (ct)[1] = (PRUint8)((st) >> 16); \ + (ct)[2] = (PRUint8)((st) >> 8); \ + (ct)[3] = (PRUint8)(st); } + +#endif + +#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2]) +#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1]) + +/* rotation right shift 1byte */ +#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) +/* rotation left shift 1bit */ +#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) +/* rotation left shift 1byte */ +#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24)) + +#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \ + do { \ + w0 = ll; \ + ll = (ll << bits) + (lr >> (32 - bits)); \ + lr = (lr << bits) + (rl >> (32 - bits)); \ + rl = (rl << bits) + (rr >> (32 - bits)); \ + rr = (rr << bits) + (w0 >> (32 - bits)); \ + } while(0) + +#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \ + do { \ + w0 = ll; \ + w1 = lr; \ + ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \ + lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \ + rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \ + rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \ + } while(0) + +#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)]) +#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)]) +#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)]) +#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)]) + +#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ + do { \ + il = xl ^ kl; \ + ir = xr ^ kr; \ + t0 = il >> 16; \ + t1 = ir >> 16; \ + yl = CAMELLIA_SP1110(ir & 0xff) \ + ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \ + ^ CAMELLIA_SP3033(t1 & 0xff) \ + ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \ + yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \ + ^ CAMELLIA_SP0222(t0 & 0xff) \ + ^ CAMELLIA_SP3033((il >> 8) & 0xff) \ + ^ CAMELLIA_SP4404(il & 0xff); \ + yl ^= yr; \ + yr = CAMELLIA_RR8(yr); \ + yr ^= yl; \ + } while(0) + + +/* + * for speed up + * + */ +#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \ + do { \ + t0 = kll; \ + t0 &= ll; \ + lr ^= CAMELLIA_RL1(t0); \ + t1 = klr; \ + t1 |= lr; \ + ll ^= t1; \ + \ + t2 = krr; \ + t2 |= rr; \ + rl ^= t2; \ + t3 = krl; \ + t3 &= rl; \ + rr ^= CAMELLIA_RL1(t3); \ + } while(0) + +#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \ + do { \ + ir = CAMELLIA_SP1110(xr & 0xff) \ + ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \ + ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \ + ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \ + il = CAMELLIA_SP1110((xl >> 24) & 0xff) \ + ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \ + ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \ + ^ CAMELLIA_SP4404(xl & 0xff); \ + il ^= kl; \ + ir ^= kr; \ + ir ^= il; \ + il = CAMELLIA_RR8(il); \ + il ^= ir; \ + yl ^= ir; \ + yr ^= il; \ + } while(0) + + +static const PRUint32 camellia_sp1110[256] = { + 0x70707000,0x82828200,0x2c2c2c00,0xececec00, + 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500, + 0xe4e4e400,0x85858500,0x57575700,0x35353500, + 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100, + 0x23232300,0xefefef00,0x6b6b6b00,0x93939300, + 0x45454500,0x19191900,0xa5a5a500,0x21212100, + 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00, + 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00, + 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00, + 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00, + 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00, + 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00, + 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00, + 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00, + 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600, + 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00, + 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600, + 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00, + 0x74747400,0x12121200,0x2b2b2b00,0x20202000, + 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900, + 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200, + 0x34343400,0x7e7e7e00,0x76767600,0x05050500, + 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100, + 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700, + 0x14141400,0x58585800,0x3a3a3a00,0x61616100, + 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00, + 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600, + 0x53535300,0x18181800,0xf2f2f200,0x22222200, + 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200, + 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100, + 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800, + 0x60606000,0xfcfcfc00,0x69696900,0x50505000, + 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00, + 0xa1a1a100,0x89898900,0x62626200,0x97979700, + 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500, + 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200, + 0x10101000,0xc4c4c400,0x00000000,0x48484800, + 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00, + 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00, + 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400, + 0x87878700,0x5c5c5c00,0x83838300,0x02020200, + 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300, + 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300, + 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200, + 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600, + 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00, + 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00, + 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00, + 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00, + 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00, + 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600, + 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900, + 0x78787800,0x98989800,0x06060600,0x6a6a6a00, + 0xe7e7e700,0x46464600,0x71717100,0xbababa00, + 0xd4d4d400,0x25252500,0xababab00,0x42424200, + 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00, + 0x72727200,0x07070700,0xb9b9b900,0x55555500, + 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00, + 0x36363600,0x49494900,0x2a2a2a00,0x68686800, + 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400, + 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00, + 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100, + 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400, + 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00, +}; + +static const PRUint32 camellia_sp0222[256] = { + 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9, + 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb, + 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a, + 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282, + 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727, + 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242, + 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c, + 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b, + 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f, + 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d, + 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe, + 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434, + 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595, + 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a, + 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad, + 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a, + 0x00171717,0x001a1a1a,0x00353535,0x00cccccc, + 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a, + 0x00e8e8e8,0x00242424,0x00565656,0x00404040, + 0x00e1e1e1,0x00636363,0x00090909,0x00333333, + 0x00bfbfbf,0x00989898,0x00979797,0x00858585, + 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a, + 0x00dadada,0x006f6f6f,0x00535353,0x00626262, + 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf, + 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2, + 0x00bdbdbd,0x00363636,0x00222222,0x00383838, + 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c, + 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444, + 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565, + 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323, + 0x00484848,0x00101010,0x00d1d1d1,0x00515151, + 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0, + 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa, + 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f, + 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b, + 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5, + 0x00202020,0x00898989,0x00000000,0x00909090, + 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7, + 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5, + 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929, + 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404, + 0x009b9b9b,0x00949494,0x00212121,0x00666666, + 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7, + 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5, + 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c, + 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676, + 0x00030303,0x002d2d2d,0x00dedede,0x00969696, + 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c, + 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919, + 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d, + 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d, + 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2, + 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4, + 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575, + 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484, + 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5, + 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa, + 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414, + 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0, + 0x00787878,0x00707070,0x00e3e3e3,0x00494949, + 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6, + 0x00777777,0x00939393,0x00868686,0x00838383, + 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9, + 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d, +}; + +static const PRUint32 camellia_sp3033[256] = { + 0x38003838,0x41004141,0x16001616,0x76007676, + 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2, + 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a, + 0x75007575,0x06000606,0x57005757,0xa000a0a0, + 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9, + 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090, + 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727, + 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede, + 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7, + 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767, + 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf, + 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d, + 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565, + 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e, + 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b, + 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6, + 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333, + 0xfd00fdfd,0x66006666,0x58005858,0x96009696, + 0x3a003a3a,0x09000909,0x95009595,0x10001010, + 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc, + 0xef00efef,0x26002626,0xe500e5e5,0x61006161, + 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282, + 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898, + 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb, + 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0, + 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e, + 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b, + 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111, + 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959, + 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8, + 0x12001212,0x04000404,0x74007474,0x54005454, + 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828, + 0x55005555,0x68006868,0x50005050,0xbe00bebe, + 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb, + 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca, + 0x70007070,0xff00ffff,0x32003232,0x69006969, + 0x08000808,0x62006262,0x00000000,0x24002424, + 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded, + 0x45004545,0x81008181,0x73007373,0x6d006d6d, + 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a, + 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101, + 0xe600e6e6,0x25002525,0x48004848,0x99009999, + 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9, + 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171, + 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313, + 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d, + 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5, + 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717, + 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646, + 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747, + 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b, + 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac, + 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535, + 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d, + 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121, + 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d, + 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa, + 0x7c007c7c,0x77007777,0x56005656,0x05000505, + 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434, + 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252, + 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd, + 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0, + 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a, + 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f, +}; + +static const PRUint32 camellia_sp4404[256] = { + 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0, + 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae, + 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5, + 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092, + 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f, + 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b, + 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d, + 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c, + 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0, + 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084, + 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076, + 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004, + 0x14140014,0x3a3a003a,0xdede00de,0x11110011, + 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2, + 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a, + 0x24240024,0xe8e800e8,0x60600060,0x69690069, + 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062, + 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064, + 0x10100010,0x00000000,0xa3a300a3,0x75750075, + 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd, + 0x87870087,0x83830083,0xcdcd00cd,0x90900090, + 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf, + 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6, + 0x81810081,0x6f6f006f,0x13130013,0x63630063, + 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc, + 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4, + 0x78780078,0x06060006,0xe7e700e7,0x71710071, + 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d, + 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac, + 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1, + 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043, + 0x15150015,0xadad00ad,0x77770077,0x80800080, + 0x82820082,0xecec00ec,0x27270027,0xe5e500e5, + 0x85850085,0x35350035,0x0c0c000c,0x41410041, + 0xefef00ef,0x93930093,0x19190019,0x21210021, + 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd, + 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce, + 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a, + 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d, + 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d, + 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d, + 0x12120012,0x20200020,0xb1b100b1,0x99990099, + 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005, + 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7, + 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c, + 0x0f0f000f,0x16160016,0x18180018,0x22220022, + 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091, + 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050, + 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097, + 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2, + 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db, + 0x03030003,0xdada00da,0x3f3f003f,0x94940094, + 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033, + 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2, + 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b, + 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e, + 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e, + 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059, + 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba, + 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa, + 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a, + 0x49490049,0x68680068,0x38380038,0xa4a400a4, + 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1, + 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e, +}; + + +/** + * Stuff related to the Camellia key schedule + */ +#define subl(x) subL[(x)] +#define subr(x) subR[(x)] + +void camellia_setup128(const unsigned char *key, PRUint32 *subkey) +{ + PRUint32 kll, klr, krl, krr; + PRUint32 il, ir, t0, t1, w0, w1; + PRUint32 kw4l, kw4r, dw, tl, tr; + PRUint32 subL[26]; + PRUint32 subR[26]; + + /** + * k == kll || klr || krl || krr (|| is concatination) + */ + kll = GETU32(key ); + klr = GETU32(key + 4); + krl = GETU32(key + 8); + krr = GETU32(key + 12); + /** + * generate KL dependent subkeys + */ + subl(0) = kll; subr(0) = klr; + subl(1) = krl; subr(1) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(4) = kll; subr(4) = klr; + subl(5) = krl; subr(5) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); + subl(10) = kll; subr(10) = klr; + subl(11) = krl; subr(11) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(13) = krl; subr(13) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); + subl(16) = kll; subr(16) = klr; + subl(17) = krl; subr(17) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); + subl(18) = kll; subr(18) = klr; + subl(19) = krl; subr(19) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); + subl(22) = kll; subr(22) = klr; + subl(23) = krl; subr(23) = krr; + + /* generate KA */ + kll = subl(0); klr = subr(0); + krl = subl(1); krr = subr(1); + CAMELLIA_F(kll, klr, + CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, + w0, w1, il, ir, t0, t1); + krl ^= w0; krr ^= w1; + CAMELLIA_F(krl, krr, + CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, + kll, klr, il, ir, t0, t1); + CAMELLIA_F(kll, klr, + CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, + krl, krr, il, ir, t0, t1); + krl ^= w0; krr ^= w1; + CAMELLIA_F(krl, krr, + CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, + w0, w1, il, ir, t0, t1); + kll ^= w0; klr ^= w1; + + /* generate KA dependent subkeys */ + subl(2) = kll; subr(2) = klr; + subl(3) = krl; subr(3) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(6) = kll; subr(6) = klr; + subl(7) = krl; subr(7) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(8) = kll; subr(8) = klr; + subl(9) = krl; subr(9) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(12) = kll; subr(12) = klr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(14) = kll; subr(14) = klr; + subl(15) = krl; subr(15) = krr; + CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); + subl(20) = kll; subr(20) = klr; + subl(21) = krl; subr(21) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); + subl(24) = kll; subr(24) = klr; + subl(25) = krl; subr(25) = krr; + + + /* absorb kw2 to other subkeys */ + subl(3) ^= subl(1); subr(3) ^= subr(1); + subl(5) ^= subl(1); subr(5) ^= subr(1); + subl(7) ^= subl(1); subr(7) ^= subr(1); + subl(1) ^= subr(1) & ~subr(9); + dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); + subl(11) ^= subl(1); subr(11) ^= subr(1); + subl(13) ^= subl(1); subr(13) ^= subr(1); + subl(15) ^= subl(1); subr(15) ^= subr(1); + subl(1) ^= subr(1) & ~subr(17); + dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); + subl(19) ^= subl(1); subr(19) ^= subr(1); + subl(21) ^= subl(1); subr(21) ^= subr(1); + subl(23) ^= subl(1); subr(23) ^= subr(1); + subl(24) ^= subl(1); subr(24) ^= subr(1); + + /* absorb kw4 to other subkeys */ + kw4l = subl(25); kw4r = subr(25); + subl(22) ^= kw4l; subr(22) ^= kw4r; + subl(20) ^= kw4l; subr(20) ^= kw4r; + subl(18) ^= kw4l; subr(18) ^= kw4r; + kw4l ^= kw4r & ~subr(16); + dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); + subl(14) ^= kw4l; subr(14) ^= kw4r; + subl(12) ^= kw4l; subr(12) ^= kw4r; + subl(10) ^= kw4l; subr(10) ^= kw4r; + kw4l ^= kw4r & ~subr(8); + dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); + subl(6) ^= kw4l; subr(6) ^= kw4r; + subl(4) ^= kw4l; subr(4) ^= kw4r; + subl(2) ^= kw4l; subr(2) ^= kw4r; + subl(0) ^= kw4l; subr(0) ^= kw4r; + + /* key XOR is end of F-function */ + CamelliaSubkeyL(0) = subl(0) ^ subl(2); + CamelliaSubkeyR(0) = subr(0) ^ subr(2); + CamelliaSubkeyL(2) = subl(3); + CamelliaSubkeyR(2) = subr(3); + CamelliaSubkeyL(3) = subl(2) ^ subl(4); + CamelliaSubkeyR(3) = subr(2) ^ subr(4); + CamelliaSubkeyL(4) = subl(3) ^ subl(5); + CamelliaSubkeyR(4) = subr(3) ^ subr(5); + CamelliaSubkeyL(5) = subl(4) ^ subl(6); + CamelliaSubkeyR(5) = subr(4) ^ subr(6); + CamelliaSubkeyL(6) = subl(5) ^ subl(7); + CamelliaSubkeyR(6) = subr(5) ^ subr(7); + tl = subl(10) ^ (subr(10) & ~subr(8)); + dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(7) = subl(6) ^ tl; + CamelliaSubkeyR(7) = subr(6) ^ tr; + CamelliaSubkeyL(8) = subl(8); + CamelliaSubkeyR(8) = subr(8); + CamelliaSubkeyL(9) = subl(9); + CamelliaSubkeyR(9) = subr(9); + tl = subl(7) ^ (subr(7) & ~subr(9)); + dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(10) = tl ^ subl(11); + CamelliaSubkeyR(10) = tr ^ subr(11); + CamelliaSubkeyL(11) = subl(10) ^ subl(12); + CamelliaSubkeyR(11) = subr(10) ^ subr(12); + CamelliaSubkeyL(12) = subl(11) ^ subl(13); + CamelliaSubkeyR(12) = subr(11) ^ subr(13); + CamelliaSubkeyL(13) = subl(12) ^ subl(14); + CamelliaSubkeyR(13) = subr(12) ^ subr(14); + CamelliaSubkeyL(14) = subl(13) ^ subl(15); + CamelliaSubkeyR(14) = subr(13) ^ subr(15); + tl = subl(18) ^ (subr(18) & ~subr(16)); + dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(15) = subl(14) ^ tl; + CamelliaSubkeyR(15) = subr(14) ^ tr; + CamelliaSubkeyL(16) = subl(16); + CamelliaSubkeyR(16) = subr(16); + CamelliaSubkeyL(17) = subl(17); + CamelliaSubkeyR(17) = subr(17); + tl = subl(15) ^ (subr(15) & ~subr(17)); + dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(18) = tl ^ subl(19); + CamelliaSubkeyR(18) = tr ^ subr(19); + CamelliaSubkeyL(19) = subl(18) ^ subl(20); + CamelliaSubkeyR(19) = subr(18) ^ subr(20); + CamelliaSubkeyL(20) = subl(19) ^ subl(21); + CamelliaSubkeyR(20) = subr(19) ^ subr(21); + CamelliaSubkeyL(21) = subl(20) ^ subl(22); + CamelliaSubkeyR(21) = subr(20) ^ subr(22); + CamelliaSubkeyL(22) = subl(21) ^ subl(23); + CamelliaSubkeyR(22) = subr(21) ^ subr(23); + CamelliaSubkeyL(23) = subl(22); + CamelliaSubkeyR(23) = subr(22); + CamelliaSubkeyL(24) = subl(24) ^ subl(23); + CamelliaSubkeyR(24) = subr(24) ^ subr(23); + + /* apply the inverse of the last half of P-function */ + dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw; + dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw; + dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw; + dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw; + dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw; + dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw; + dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw; + dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw; + dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw; + dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw; + dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw; + dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw; + dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw; + dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw; + dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw; + dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw; + dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw; + dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw; + + return; +} + +void camellia_setup256(const unsigned char *key, PRUint32 *subkey) +{ + PRUint32 kll,klr,krl,krr; /* left half of key */ + PRUint32 krll,krlr,krrl,krrr; /* right half of key */ + PRUint32 il, ir, t0, t1, w0, w1; /* temporary variables */ + PRUint32 kw4l, kw4r, dw, tl, tr; + PRUint32 subL[34]; + PRUint32 subR[34]; + + /** + * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr) + * (|| is concatination) + */ + + kll = GETU32(key ); + klr = GETU32(key + 4); + krl = GETU32(key + 8); + krr = GETU32(key + 12); + krll = GETU32(key + 16); + krlr = GETU32(key + 20); + krrl = GETU32(key + 24); + krrr = GETU32(key + 28); + + /* generate KL dependent subkeys */ + subl(0) = kll; subr(0) = klr; + subl(1) = krl; subr(1) = krr; + CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45); + subl(12) = kll; subr(12) = klr; + subl(13) = krl; subr(13) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(16) = kll; subr(16) = klr; + subl(17) = krl; subr(17) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17); + subl(22) = kll; subr(22) = klr; + subl(23) = krl; subr(23) = krr; + CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34); + subl(30) = kll; subr(30) = klr; + subl(31) = krl; subr(31) = krr; + + /* generate KR dependent subkeys */ + CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); + subl(4) = krll; subr(4) = krlr; + subl(5) = krrl; subr(5) = krrr; + CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15); + subl(8) = krll; subr(8) = krlr; + subl(9) = krrl; subr(9) = krrr; + CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); + subl(18) = krll; subr(18) = krlr; + subl(19) = krrl; subr(19) = krrr; + CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); + subl(26) = krll; subr(26) = krlr; + subl(27) = krrl; subr(27) = krrr; + CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34); + + /* generate KA */ + kll = subl(0) ^ krll; klr = subr(0) ^ krlr; + krl = subl(1) ^ krrl; krr = subr(1) ^ krrr; + CAMELLIA_F(kll, klr, + CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, + w0, w1, il, ir, t0, t1); + krl ^= w0; krr ^= w1; + CAMELLIA_F(krl, krr, + CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, + kll, klr, il, ir, t0, t1); + kll ^= krll; klr ^= krlr; + CAMELLIA_F(kll, klr, + CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, + krl, krr, il, ir, t0, t1); + krl ^= w0 ^ krrl; krr ^= w1 ^ krrr; + CAMELLIA_F(krl, krr, + CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, + w0, w1, il, ir, t0, t1); + kll ^= w0; klr ^= w1; + + /* generate KB */ + krll ^= kll; krlr ^= klr; + krrl ^= krl; krrr ^= krr; + CAMELLIA_F(krll, krlr, + CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, + w0, w1, il, ir, t0, t1); + krrl ^= w0; krrr ^= w1; + CAMELLIA_F(krrl, krrr, + CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, + w0, w1, il, ir, t0, t1); + krll ^= w0; krlr ^= w1; + + /* generate KA dependent subkeys */ + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15); + subl(6) = kll; subr(6) = klr; + subl(7) = krl; subr(7) = krr; + CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30); + subl(14) = kll; subr(14) = klr; + subl(15) = krl; subr(15) = krr; + subl(24) = klr; subr(24) = krl; + subl(25) = krr; subr(25) = kll; + CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49); + subl(28) = kll; subr(28) = klr; + subl(29) = krl; subr(29) = krr; + + /* generate KB dependent subkeys */ + subl(2) = krll; subr(2) = krlr; + subl(3) = krrl; subr(3) = krrr; + CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); + subl(10) = krll; subr(10) = krlr; + subl(11) = krrl; subr(11) = krrr; + CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30); + subl(20) = krll; subr(20) = krlr; + subl(21) = krrl; subr(21) = krrr; + CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51); + subl(32) = krll; subr(32) = krlr; + subl(33) = krrl; subr(33) = krrr; + + /* absorb kw2 to other subkeys */ + subl(3) ^= subl(1); subr(3) ^= subr(1); + subl(5) ^= subl(1); subr(5) ^= subr(1); + subl(7) ^= subl(1); subr(7) ^= subr(1); + subl(1) ^= subr(1) & ~subr(9); + dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); + subl(11) ^= subl(1); subr(11) ^= subr(1); + subl(13) ^= subl(1); subr(13) ^= subr(1); + subl(15) ^= subl(1); subr(15) ^= subr(1); + subl(1) ^= subr(1) & ~subr(17); + dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); + subl(19) ^= subl(1); subr(19) ^= subr(1); + subl(21) ^= subl(1); subr(21) ^= subr(1); + subl(23) ^= subl(1); subr(23) ^= subr(1); + subl(1) ^= subr(1) & ~subr(25); + dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw); + subl(27) ^= subl(1); subr(27) ^= subr(1); + subl(29) ^= subl(1); subr(29) ^= subr(1); + subl(31) ^= subl(1); subr(31) ^= subr(1); + subl(32) ^= subl(1); subr(32) ^= subr(1); + + /* absorb kw4 to other subkeys */ + kw4l = subl(33); kw4r = subr(33); + subl(30) ^= kw4l; subr(30) ^= kw4r; + subl(28) ^= kw4l; subr(28) ^= kw4r; + subl(26) ^= kw4l; subr(26) ^= kw4r; + kw4l ^= kw4r & ~subr(24); + dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw); + subl(22) ^= kw4l; subr(22) ^= kw4r; + subl(20) ^= kw4l; subr(20) ^= kw4r; + subl(18) ^= kw4l; subr(18) ^= kw4r; + kw4l ^= kw4r & ~subr(16); + dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); + subl(14) ^= kw4l; subr(14) ^= kw4r; + subl(12) ^= kw4l; subr(12) ^= kw4r; + subl(10) ^= kw4l; subr(10) ^= kw4r; + kw4l ^= kw4r & ~subr(8); + dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); + subl(6) ^= kw4l; subr(6) ^= kw4r; + subl(4) ^= kw4l; subr(4) ^= kw4r; + subl(2) ^= kw4l; subr(2) ^= kw4r; + subl(0) ^= kw4l; subr(0) ^= kw4r; + + /* key XOR is end of F-function */ + CamelliaSubkeyL(0) = subl(0) ^ subl(2); + CamelliaSubkeyR(0) = subr(0) ^ subr(2); + CamelliaSubkeyL(2) = subl(3); + CamelliaSubkeyR(2) = subr(3); + CamelliaSubkeyL(3) = subl(2) ^ subl(4); + CamelliaSubkeyR(3) = subr(2) ^ subr(4); + CamelliaSubkeyL(4) = subl(3) ^ subl(5); + CamelliaSubkeyR(4) = subr(3) ^ subr(5); + CamelliaSubkeyL(5) = subl(4) ^ subl(6); + CamelliaSubkeyR(5) = subr(4) ^ subr(6); + CamelliaSubkeyL(6) = subl(5) ^ subl(7); + CamelliaSubkeyR(6) = subr(5) ^ subr(7); + tl = subl(10) ^ (subr(10) & ~subr(8)); + dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(7) = subl(6) ^ tl; + CamelliaSubkeyR(7) = subr(6) ^ tr; + CamelliaSubkeyL(8) = subl(8); + CamelliaSubkeyR(8) = subr(8); + CamelliaSubkeyL(9) = subl(9); + CamelliaSubkeyR(9) = subr(9); + tl = subl(7) ^ (subr(7) & ~subr(9)); + dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(10) = tl ^ subl(11); + CamelliaSubkeyR(10) = tr ^ subr(11); + CamelliaSubkeyL(11) = subl(10) ^ subl(12); + CamelliaSubkeyR(11) = subr(10) ^ subr(12); + CamelliaSubkeyL(12) = subl(11) ^ subl(13); + CamelliaSubkeyR(12) = subr(11) ^ subr(13); + CamelliaSubkeyL(13) = subl(12) ^ subl(14); + CamelliaSubkeyR(13) = subr(12) ^ subr(14); + CamelliaSubkeyL(14) = subl(13) ^ subl(15); + CamelliaSubkeyR(14) = subr(13) ^ subr(15); + tl = subl(18) ^ (subr(18) & ~subr(16)); + dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(15) = subl(14) ^ tl; + CamelliaSubkeyR(15) = subr(14) ^ tr; + CamelliaSubkeyL(16) = subl(16); + CamelliaSubkeyR(16) = subr(16); + CamelliaSubkeyL(17) = subl(17); + CamelliaSubkeyR(17) = subr(17); + tl = subl(15) ^ (subr(15) & ~subr(17)); + dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(18) = tl ^ subl(19); + CamelliaSubkeyR(18) = tr ^ subr(19); + CamelliaSubkeyL(19) = subl(18) ^ subl(20); + CamelliaSubkeyR(19) = subr(18) ^ subr(20); + CamelliaSubkeyL(20) = subl(19) ^ subl(21); + CamelliaSubkeyR(20) = subr(19) ^ subr(21); + CamelliaSubkeyL(21) = subl(20) ^ subl(22); + CamelliaSubkeyR(21) = subr(20) ^ subr(22); + CamelliaSubkeyL(22) = subl(21) ^ subl(23); + CamelliaSubkeyR(22) = subr(21) ^ subr(23); + tl = subl(26) ^ (subr(26) & ~subr(24)); + dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(23) = subl(22) ^ tl; + CamelliaSubkeyR(23) = subr(22) ^ tr; + CamelliaSubkeyL(24) = subl(24); + CamelliaSubkeyR(24) = subr(24); + CamelliaSubkeyL(25) = subl(25); + CamelliaSubkeyR(25) = subr(25); + tl = subl(23) ^ (subr(23) & ~subr(25)); + dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw); + CamelliaSubkeyL(26) = tl ^ subl(27); + CamelliaSubkeyR(26) = tr ^ subr(27); + CamelliaSubkeyL(27) = subl(26) ^ subl(28); + CamelliaSubkeyR(27) = subr(26) ^ subr(28); + CamelliaSubkeyL(28) = subl(27) ^ subl(29); + CamelliaSubkeyR(28) = subr(27) ^ subr(29); + CamelliaSubkeyL(29) = subl(28) ^ subl(30); + CamelliaSubkeyR(29) = subr(28) ^ subr(30); + CamelliaSubkeyL(30) = subl(29) ^ subl(31); + CamelliaSubkeyR(30) = subr(29) ^ subr(31); + CamelliaSubkeyL(31) = subl(30); + CamelliaSubkeyR(31) = subr(30); + CamelliaSubkeyL(32) = subl(32) ^ subl(31); + CamelliaSubkeyR(32) = subr(32) ^ subr(31); + + /* apply the inverse of the last half of P-function */ + dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw; + dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw; + dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw; + dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw; + dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw; + dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw; + dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw; + dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw; + dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw; + dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw; + dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw; + dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw; + dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw; + dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw; + dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw; + dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw; + dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw; + dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw; + dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw; + dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw; + dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw; + dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw; + dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw; + dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw); + CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw; + + return; +} + +void camellia_setup192(const unsigned char *key, PRUint32 *subkey) +{ + unsigned char kk[32]; + PRUint32 krll, krlr, krrl,krrr; + + memcpy(kk, key, 24); + memcpy((unsigned char *)&krll, key+16,4); + memcpy((unsigned char *)&krlr, key+20,4); + krrl = ~krll; + krrr = ~krlr; + memcpy(kk+24, (unsigned char *)&krrl, 4); + memcpy(kk+28, (unsigned char *)&krrr, 4); + camellia_setup256(kk, subkey); + return; +} + + +/** + * Stuff related to camellia encryption/decryption + * + */ +SECStatus +camellia_encrypt128(const PRUint32 *subkey, + unsigned char *output, + const unsigned char *input) +{ + PRUint32 il, ir, t0, t1; + PRUint32 io[4]; + + io[0] = GETU32(input); + io[1] = GETU32(input+4); + io[2] = GETU32(input+8); + io[3] = GETU32(input+12); + + /* pre whitening but absorb kw2*/ + io[0] ^= CamelliaSubkeyL(0); + io[1] ^= CamelliaSubkeyR(0); + /* main iteration */ + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(2),CamelliaSubkeyR(2), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(3),CamelliaSubkeyR(3), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(4),CamelliaSubkeyR(4), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(5),CamelliaSubkeyR(5), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(6),CamelliaSubkeyR(6), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(7),CamelliaSubkeyR(7), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(8),CamelliaSubkeyR(8), + CamelliaSubkeyL(9),CamelliaSubkeyR(9), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(10),CamelliaSubkeyR(10), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(11),CamelliaSubkeyR(11), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(12),CamelliaSubkeyR(12), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(13),CamelliaSubkeyR(13), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(14),CamelliaSubkeyR(14), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(15),CamelliaSubkeyR(15), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(16),CamelliaSubkeyR(16), + CamelliaSubkeyL(17),CamelliaSubkeyR(17), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(18),CamelliaSubkeyR(18), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(19),CamelliaSubkeyR(19), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(20),CamelliaSubkeyR(20), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(21),CamelliaSubkeyR(21), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(22),CamelliaSubkeyR(22), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(23),CamelliaSubkeyR(23), + io[0],io[1],il,ir,t0,t1); + + /* post whitening but kw4 */ + io[2] ^= CamelliaSubkeyL(24); + io[3] ^= CamelliaSubkeyR(24); + + t0 = io[0]; + t1 = io[1]; + io[0] = io[2]; + io[1] = io[3]; + io[2] = t0; + io[3] = t1; + + PUTU32(output, io[0]); + PUTU32(output+4, io[1]); + PUTU32(output+8, io[2]); + PUTU32(output+12, io[3]); + + return SECSuccess; +} + +SECStatus +camellia_decrypt128(const PRUint32 *subkey, + unsigned char *output, + const unsigned char *input) +{ + PRUint32 il,ir,t0,t1; /* temporary valiables */ + PRUint32 io[4]; + + io[0] = GETU32(input); + io[1] = GETU32(input+4); + io[2] = GETU32(input+8); + io[3] = GETU32(input+12); + + /* pre whitening but absorb kw2*/ + io[0] ^= CamelliaSubkeyL(24); + io[1] ^= CamelliaSubkeyR(24); + + /* main iteration */ + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(23),CamelliaSubkeyR(23), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(22),CamelliaSubkeyR(22), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(21),CamelliaSubkeyR(21), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(20),CamelliaSubkeyR(20), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(19),CamelliaSubkeyR(19), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(18),CamelliaSubkeyR(18), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(17),CamelliaSubkeyR(17), + CamelliaSubkeyL(16),CamelliaSubkeyR(16), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(15),CamelliaSubkeyR(15), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(14),CamelliaSubkeyR(14), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(13),CamelliaSubkeyR(13), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(12),CamelliaSubkeyR(12), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(11),CamelliaSubkeyR(11), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(10),CamelliaSubkeyR(10), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(9),CamelliaSubkeyR(9), + CamelliaSubkeyL(8),CamelliaSubkeyR(8), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(7),CamelliaSubkeyR(7), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(6),CamelliaSubkeyR(6), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(5),CamelliaSubkeyR(5), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(4),CamelliaSubkeyR(4), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(3),CamelliaSubkeyR(3), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(2),CamelliaSubkeyR(2), + io[0],io[1],il,ir,t0,t1); + + /* post whitening but kw4 */ + io[2] ^= CamelliaSubkeyL(0); + io[3] ^= CamelliaSubkeyR(0); + + t0 = io[0]; + t1 = io[1]; + io[0] = io[2]; + io[1] = io[3]; + io[2] = t0; + io[3] = t1; + + PUTU32(output, io[0]); + PUTU32(output+4, io[1]); + PUTU32(output+8, io[2]); + PUTU32(output+12, io[3]); + + return SECSuccess; +} + +/** + * stuff for 192 and 256bit encryption/decryption + */ +SECStatus +camellia_encrypt256(const PRUint32 *subkey, + unsigned char *output, + const unsigned char *input) +{ + PRUint32 il,ir,t0,t1; /* temporary valiables */ + PRUint32 io[4]; + + io[0] = GETU32(input); + io[1] = GETU32(input+4); + io[2] = GETU32(input+8); + io[3] = GETU32(input+12); + + /* pre whitening but absorb kw2*/ + io[0] ^= CamelliaSubkeyL(0); + io[1] ^= CamelliaSubkeyR(0); + + /* main iteration */ + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(2),CamelliaSubkeyR(2), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(3),CamelliaSubkeyR(3), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(4),CamelliaSubkeyR(4), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(5),CamelliaSubkeyR(5), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(6),CamelliaSubkeyR(6), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(7),CamelliaSubkeyR(7), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(8),CamelliaSubkeyR(8), + CamelliaSubkeyL(9),CamelliaSubkeyR(9), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(10),CamelliaSubkeyR(10), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(11),CamelliaSubkeyR(11), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(12),CamelliaSubkeyR(12), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(13),CamelliaSubkeyR(13), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(14),CamelliaSubkeyR(14), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(15),CamelliaSubkeyR(15), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(16),CamelliaSubkeyR(16), + CamelliaSubkeyL(17),CamelliaSubkeyR(17), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(18),CamelliaSubkeyR(18), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(19),CamelliaSubkeyR(19), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(20),CamelliaSubkeyR(20), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(21),CamelliaSubkeyR(21), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(22),CamelliaSubkeyR(22), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(23),CamelliaSubkeyR(23), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(24),CamelliaSubkeyR(24), + CamelliaSubkeyL(25),CamelliaSubkeyR(25), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(26),CamelliaSubkeyR(26), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(27),CamelliaSubkeyR(27), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(28),CamelliaSubkeyR(28), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(29),CamelliaSubkeyR(29), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(30),CamelliaSubkeyR(30), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(31),CamelliaSubkeyR(31), + io[0],io[1],il,ir,t0,t1); + + /* post whitening but kw4 */ + io[2] ^= CamelliaSubkeyL(32); + io[3] ^= CamelliaSubkeyR(32); + + t0 = io[0]; + t1 = io[1]; + io[0] = io[2]; + io[1] = io[3]; + io[2] = t0; + io[3] = t1; + + PUTU32(output, io[0]); + PUTU32(output+4, io[1]); + PUTU32(output+8, io[2]); + PUTU32(output+12, io[3]); + + return SECSuccess; +} + +SECStatus +camellia_decrypt256(const PRUint32 *subkey, + unsigned char *output, + const unsigned char *input) +{ + PRUint32 il,ir,t0,t1; /* temporary valiables */ + PRUint32 io[4]; + + io[0] = GETU32(input); + io[1] = GETU32(input+4); + io[2] = GETU32(input+8); + io[3] = GETU32(input+12); + + /* pre whitening but absorb kw2*/ + io[0] ^= CamelliaSubkeyL(32); + io[1] ^= CamelliaSubkeyR(32); + + /* main iteration */ + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(31),CamelliaSubkeyR(31), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(30),CamelliaSubkeyR(30), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(29),CamelliaSubkeyR(29), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(28),CamelliaSubkeyR(28), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(27),CamelliaSubkeyR(27), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(26),CamelliaSubkeyR(26), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(25),CamelliaSubkeyR(25), + CamelliaSubkeyL(24),CamelliaSubkeyR(24), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(23),CamelliaSubkeyR(23), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(22),CamelliaSubkeyR(22), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(21),CamelliaSubkeyR(21), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(20),CamelliaSubkeyR(20), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(19),CamelliaSubkeyR(19), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(18),CamelliaSubkeyR(18), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(17),CamelliaSubkeyR(17), + CamelliaSubkeyL(16),CamelliaSubkeyR(16), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(15),CamelliaSubkeyR(15), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(14),CamelliaSubkeyR(14), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(13),CamelliaSubkeyR(13), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(12),CamelliaSubkeyR(12), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(11),CamelliaSubkeyR(11), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(10),CamelliaSubkeyR(10), + io[0],io[1],il,ir,t0,t1); + + CAMELLIA_FLS(io[0],io[1],io[2],io[3], + CamelliaSubkeyL(9),CamelliaSubkeyR(9), + CamelliaSubkeyL(8),CamelliaSubkeyR(8), + t0,t1,il,ir); + + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(7),CamelliaSubkeyR(7), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(6),CamelliaSubkeyR(6), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(5),CamelliaSubkeyR(5), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(4),CamelliaSubkeyR(4), + io[0],io[1],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[0],io[1], + CamelliaSubkeyL(3),CamelliaSubkeyR(3), + io[2],io[3],il,ir,t0,t1); + CAMELLIA_ROUNDSM(io[2],io[3], + CamelliaSubkeyL(2),CamelliaSubkeyR(2), + io[0],io[1],il,ir,t0,t1); + + /* post whitening but kw4 */ + io[2] ^= CamelliaSubkeyL(0); + io[3] ^= CamelliaSubkeyR(0); + + t0 = io[0]; + t1 = io[1]; + io[0] = io[2]; + io[1] = io[3]; + io[2] = t0; + io[3] = t1; + + PUTU32(output, io[0]); + PUTU32(output+4, io[1]); + PUTU32(output+8, io[2]); + PUTU32(output+12, io[3]); + + return SECSuccess; +} + + +/************************************************************************** + * + * Stuff related to the Camellia key schedule + * + *************************************************************************/ + +SECStatus +camellia_key_expansion(CamelliaContext *cx, + const unsigned char *key, + const unsigned int keysize) +{ + cx->keysize = keysize; + + switch(keysize) { + case 16: + camellia_setup128(key, cx->expandedKey); + break; + case 24: + camellia_setup192(key, cx->expandedKey); + break; + case 32: + camellia_setup256(key, cx->expandedKey); + break; + default: + break; + } + return SECSuccess; +} + + +/************************************************************************** + * + * Camellia modes of operation (ECB and CBC) + * + *************************************************************************/ + +SECStatus +camellia_encryptECB(CamelliaContext *cx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen) +{ + CamelliaBlockFunc *encryptor; + + encryptor = (cx->keysize == 16) + ? &camellia_encrypt128 + : &camellia_encrypt256; + + while (inputLen > 0) { + (*encryptor)(cx->expandedKey, output, input); + + output += CAMELLIA_BLOCK_SIZE; + input += CAMELLIA_BLOCK_SIZE; + inputLen -= CAMELLIA_BLOCK_SIZE; + } + return SECSuccess; +} + +SECStatus +camellia_encryptCBC(CamelliaContext *cx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen) +{ + unsigned int j; + unsigned char *lastblock; + unsigned char inblock[CAMELLIA_BLOCK_SIZE]; + CamelliaBlockFunc *encryptor; + + if (!inputLen) + return SECSuccess; + lastblock = cx->iv; + + encryptor = (cx->keysize == 16) + ? &camellia_encrypt128 + : &camellia_encrypt256; + + while (inputLen > 0) { + /* XOR with the last block (IV if first block) */ + for (j=0; jexpandedKey, output, inblock); + + /* move to the next block */ + lastblock = output; + output += CAMELLIA_BLOCK_SIZE; + input += CAMELLIA_BLOCK_SIZE; + inputLen -= CAMELLIA_BLOCK_SIZE; + } + memcpy(cx->iv, lastblock, CAMELLIA_BLOCK_SIZE); + return SECSuccess; +} + +SECStatus +camellia_decryptECB(CamelliaContext *cx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen) +{ + CamelliaBlockFunc *decryptor; + + decryptor = (cx->keysize == 16) + ? &camellia_decrypt128 + : &camellia_decrypt256; + + + while (inputLen > 0) { + + (*decryptor)(cx->expandedKey, output, input); + + output += CAMELLIA_BLOCK_SIZE; + input += CAMELLIA_BLOCK_SIZE; + inputLen -= CAMELLIA_BLOCK_SIZE; + } + return SECSuccess; +} + +SECStatus +camellia_decryptCBC(CamelliaContext *cx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen) +{ + const unsigned char *in; + unsigned char *out; + unsigned int j; + unsigned char newIV[CAMELLIA_BLOCK_SIZE]; + CamelliaBlockFunc *decryptor; + + + + if (!inputLen) + return SECSuccess; + + PORT_Assert(output - input >= 0 || input - output >= (int)inputLen ); + + in = input + (inputLen - CAMELLIA_BLOCK_SIZE); + memcpy(newIV, in, CAMELLIA_BLOCK_SIZE); + out = output + (inputLen - CAMELLIA_BLOCK_SIZE); + + decryptor = (cx->keysize == 16) + ? &camellia_decrypt128 + : &camellia_decrypt256; + + while (inputLen > CAMELLIA_BLOCK_SIZE) { + (*decryptor)(cx->expandedKey, out, in); + + for (j=0; jexpandedKey, out, in); + + for (j=0; jiv[j]; + } + memcpy(cx->iv, newIV, CAMELLIA_BLOCK_SIZE); + return SECSuccess; +} + +/************************************************************************** + * + * BLAPI Interface functions + * + *************************************************************************/ + +CamelliaContext * +Camellia_AllocateContext(void) +{ + return PORT_ZNew(CamelliaContext); +} + +SECStatus +Camellia_InitContext(CamelliaContext *cx, const unsigned char *key, + unsigned int keysize, + const unsigned char *iv, int mode, unsigned int encrypt, + unsigned int unused) +{ + if (key == NULL || + (keysize != 16 && keysize != 24 && keysize != 32)) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + if (mode != NSS_CAMELLIA && mode != NSS_CAMELLIA_CBC) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + if (mode == NSS_CAMELLIA_CBC && iv == NULL) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + if (!cx) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + if (mode == NSS_CAMELLIA_CBC) { + memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE); + cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC; + } else { + cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB; + } + + /* Generate expanded key */ + if (camellia_key_expansion(cx, key, keysize) != SECSuccess) + goto cleanup; + + return SECSuccess; +cleanup: + return SECFailure; +} + +/* + * Camellia_CreateContext + * create a new context for Camellia operations + */ + + +CamelliaContext * +Camellia_CreateContext(const unsigned char *key, const unsigned char *iv, + int mode, int encrypt, + unsigned int keysize) +{ + CamelliaContext *cx; + + if (key == NULL || + (keysize != 16 && keysize != 24 && keysize != 32)) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } + if (mode != NSS_CAMELLIA && mode != NSS_CAMELLIA_CBC) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } + if (mode == NSS_CAMELLIA_CBC && iv == NULL) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } + cx = PORT_ZNew(CamelliaContext); + if (!cx) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + return NULL; + } + + /* copy in the iv, if neccessary */ + if (mode == NSS_CAMELLIA_CBC) { + memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE); + cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC; + } else { + cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB; + } + /* copy keysize */ + cx->keysize = keysize; + + /* Generate expanded key */ + if (camellia_key_expansion(cx, key, keysize) != SECSuccess) + goto cleanup; + + return cx; + cleanup: + PORT_ZFree(cx, sizeof *cx); + return NULL; +} + +/* + * Camellia_DestroyContext + * + * Zero an Camellia cipher context. If freeit is true, also free the pointer + * to the context. + */ +void +Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit) +{ + if (cx) + memset(cx, 0, sizeof *cx); + if (freeit) + PORT_Free(cx); +} + +/* + * Camellia_Encrypt + * + * Encrypt an arbitrary-length buffer. The output buffer must already be + * allocated to at least inputLen. + */ +SECStatus +Camellia_Encrypt(CamelliaContext *cx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen) +{ + + /* Check args */ + if (cx == NULL || output == NULL || input == NULL || + outputLen == NULL) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + if (inputLen % CAMELLIA_BLOCK_SIZE != 0) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + if (maxOutputLen < inputLen) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + *outputLen = inputLen; + + return (*cx->worker)(cx, output, outputLen, maxOutputLen, + input, inputLen); +} + +/* + * Camellia_Decrypt + * + * Decrypt and arbitrary-length buffer. The output buffer must already be + * allocated to at least inputLen. + */ +SECStatus +Camellia_Decrypt(CamelliaContext *cx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen) +{ + + /* Check args */ + if (cx == NULL || output == NULL || input == NULL + || outputLen == NULL) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + if (inputLen % CAMELLIA_BLOCK_SIZE != 0) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + if (maxOutputLen < inputLen) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + *outputLen = inputLen; + + return (*cx->worker)(cx, output, outputLen, maxOutputLen, + input, inputLen); +} diff --git a/security/nss/lib/freebl/camellia.h b/security/nss/lib/freebl/camellia.h new file mode 100644 index 000000000000..d27d3f41f7a6 --- /dev/null +++ b/security/nss/lib/freebl/camellia.h @@ -0,0 +1,79 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Camellia code. + * + * The Initial Developer of the Original Code is + * NTT(Nippon Telegraph and Telephone Corporation). + * + * Portions created by the Initial Developer are Copyright (C) 2006 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +/* + * $Id: camellia.h,v 1.1 2007/02/28 19:47:37 rrelyea%redhat.com Exp $ + */ + +#ifndef _CAMELLIA_H_ +#define _CAMELLIA_H_ 1 + +#define CAMELLIA_BLOCK_SIZE 16 /* bytes */ +#define CAMELLIA_MIN_KEYSIZE 16 /* bytes */ +#define CAMELLIA_MAX_KEYSIZE 32 /* bytes */ + +#define CAMELLIA_MAX_EXPANDEDKEY (34*2) /* 32bit unit */ + +typedef PRUint32 KEY_TABLE_TYPE[CAMELLIA_MAX_EXPANDEDKEY]; + +typedef SECStatus CamelliaFunc(CamelliaContext *cx, unsigned char *output, + unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, + unsigned int inputLen); + +typedef SECStatus CamelliaBlockFunc(const PRUint32 *subkey, + unsigned char *output, + const unsigned char *input); + +/* CamelliaContextStr + * + * Values which maintain the state for Camellia encryption/decryption. + * + * keysize - the number of key bits + * worker - the encryption/decryption function to use with this context + * iv - initialization vector for CBC mode + * expandedKey - the round keys in 4-byte words + */ +struct CamelliaContextStr +{ + PRUint32 keysize; /* bytes */ + CamelliaFunc *worker; + PRUint32 expandedKey[CAMELLIA_MAX_EXPANDEDKEY]; + PRUint8 iv[CAMELLIA_BLOCK_SIZE]; +}; + +#endif /* _CAMELLIA_H_ */ diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c index fb827e07d079..8455b165db6a 100644 --- a/security/nss/lib/freebl/ldvector.c +++ b/security/nss/lib/freebl/ldvector.c @@ -37,7 +37,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: ldvector.c,v 1.14 2006/02/01 21:18:44 wtchang%redhat.com Exp $ */ +/* $Id: ldvector.c,v 1.15 2007/02/28 19:47:37 rrelyea%redhat.com Exp $ */ #include "loader.h" #include "alghmac.h" @@ -227,6 +227,13 @@ static const struct FREEBLVectorStr vector = FIPS186Change_ReduceModQForDSA, /* End of Version 3.009. */ + Camellia_InitContext, + Camellia_AllocateContext, + Camellia_CreateContext, + Camellia_DestroyContext, + Camellia_Encrypt, + Camellia_Decrypt, + }; const FREEBLVector * diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c index 4e2dd45eead6..863ecb87105a 100644 --- a/security/nss/lib/freebl/loader.c +++ b/security/nss/lib/freebl/loader.c @@ -37,7 +37,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: loader.c,v 1.31 2006/10/02 21:15:46 julien.pierre.bugs%sun.com Exp $ */ +/* $Id: loader.c,v 1.32 2007/02/28 19:47:37 rrelyea%redhat.com Exp $ */ #include "loader.h" #include "prmem.h" @@ -1645,3 +1645,64 @@ FIPS186Change_ReduceModQForDSA(const unsigned char *w, return SECFailure; return (vector->p_FIPS186Change_ReduceModQForDSA)(w, q, xj); } + +/* === new for Camellia === */ +SECStatus +Camellia_InitContext(CamelliaContext *cx, const unsigned char *key, + unsigned int keylen, const unsigned char *iv, int mode, + unsigned int encrypt, unsigned int unused) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_Camellia_InitContext)(cx, key, keylen, iv, mode, encrypt, + unused); +} + +CamelliaContext * +Camellia_AllocateContext(void) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return NULL; + return (vector->p_Camellia_AllocateContext)(); +} + + +CamelliaContext * +Camellia_CreateContext(const unsigned char *key, const unsigned char *iv, + int mode, int encrypt, + unsigned int keylen) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return NULL; + return (vector->p_Camellia_CreateContext)(key, iv, mode, encrypt, keylen); +} + +void +Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return ; + (vector->p_Camellia_DestroyContext)(cx, freeit); +} + +SECStatus +Camellia_Encrypt(CamelliaContext *cx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_Camellia_Encrypt)(cx, output, outputLen, maxOutputLen, + input, inputLen); +} + +SECStatus +Camellia_Decrypt(CamelliaContext *cx, unsigned char *output, + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) + return SECFailure; + return (vector->p_Camellia_Decrypt)(cx, output, outputLen, maxOutputLen, + input, inputLen); +} diff --git a/security/nss/lib/freebl/loader.h b/security/nss/lib/freebl/loader.h index cf0d0b5ba840..d77bf6942cc2 100644 --- a/security/nss/lib/freebl/loader.h +++ b/security/nss/lib/freebl/loader.h @@ -37,7 +37,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: loader.h,v 1.18 2006/02/01 21:18:44 wtchang%redhat.com Exp $ */ +/* $Id: loader.h,v 1.19 2007/02/28 19:47:37 rrelyea%redhat.com Exp $ */ #ifndef _LOADER_H_ #define _LOADER_H_ 1 @@ -458,6 +458,32 @@ struct FREEBLVectorStr { unsigned char *xj); /* Version 3.009 came to here */ + SECStatus (* p_Camellia_InitContext)(CamelliaContext *cx, + const unsigned char *key, + unsigned int keylen, + const unsigned char *iv, + int mode, + unsigned int encrypt, + unsigned int unused); + + CamelliaContext *(*p_Camellia_AllocateContext)(void); + CamelliaContext * (* p_Camellia_CreateContext)(const unsigned char *key, + const unsigned char *iv, + int mode, int encrypt, + unsigned int keylen); + void (* p_Camellia_DestroyContext)(CamelliaContext *cx, PRBool freeit); + + SECStatus (* p_Camellia_Encrypt)(CamelliaContext *cx, unsigned char *output, + unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, + unsigned int inputLen); + + SECStatus (* p_Camellia_Decrypt)(CamelliaContext *cx, unsigned char *output, + unsigned int *outputLen, + unsigned int maxOutputLen, + const unsigned char *input, + unsigned int inputLen); }; typedef struct FREEBLVectorStr FREEBLVector; diff --git a/security/nss/lib/freebl/manifest.mn b/security/nss/lib/freebl/manifest.mn index 8e172c426c7a..34b1d7157160 100644 --- a/security/nss/lib/freebl/manifest.mn +++ b/security/nss/lib/freebl/manifest.mn @@ -135,6 +135,7 @@ CSRCS = \ des.c \ rijndael.c \ aeskeywrap.c \ + camellia.c \ dh.c \ ec.c \ pqg.c \ @@ -157,6 +158,7 @@ ALL_HDRS = \ ec.h \ loader.h \ rijndael.h \ + camellia.h \ secmpi.h \ sha.h \ sha_fast.h \ diff --git a/security/nss/lib/pk11wrap/pk11mech.c b/security/nss/lib/pk11wrap/pk11mech.c index fe106de50530..90af17a9a865 100644 --- a/security/nss/lib/pk11wrap/pk11mech.c +++ b/security/nss/lib/pk11wrap/pk11mech.c @@ -79,6 +79,7 @@ CK_MECHANISM_TYPE wrapMechanismList[] = { CKM_DES3_ECB, CKM_CAST5_ECB, CKM_AES_ECB, + CKM_CAMELLIA_ECB, CKM_CAST5_ECB, CKM_DES_ECB, CKM_KEY_WRAP_LYNKS, @@ -175,6 +176,8 @@ CK_MECHANISM_TYPE PK11_GetKeyMechanism(CK_KEY_TYPE type) { switch (type) { + case CKK_CAMELLIA: + return CKM_CAMELLIA_CBC; case CKK_AES: return CKM_AES_CBC; case CKK_DES: @@ -228,6 +231,13 @@ CK_MECHANISM_TYPE PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len) { switch (type) { + case CKM_CAMELLIA_ECB: + case CKM_CAMELLIA_CBC: + case CKM_CAMELLIA_MAC: + case CKM_CAMELLIA_MAC_GENERAL: + case CKM_CAMELLIA_CBC_PAD: + case CKM_CAMELLIA_KEY_GEN: + return CKK_CAMELLIA; case CKM_AES_ECB: case CKM_AES_CBC: case CKM_AES_MAC: @@ -413,6 +423,13 @@ CK_MECHANISM_TYPE PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size) { switch (type) { + case CKM_CAMELLIA_ECB: + case CKM_CAMELLIA_CBC: + case CKM_CAMELLIA_MAC: + case CKM_CAMELLIA_MAC_GENERAL: + case CKM_CAMELLIA_CBC_PAD: + case CKM_CAMELLIA_KEY_GEN: + return CKM_CAMELLIA_KEY_GEN; case CKM_AES_ECB: case CKM_AES_CBC: case CKM_AES_MAC: @@ -655,6 +672,9 @@ PK11_GetBlockSize(CK_MECHANISM_TYPE type,SECItem *params) case CKM_SKIPJACK_CFB16: case CKM_SKIPJACK_CFB8: return 4; + case CKM_CAMELLIA_ECB: + case CKM_CAMELLIA_CBC: + case CKM_CAMELLIA_CBC_PAD: case CKM_AES_ECB: case CKM_AES_CBC: case CKM_AES_CBC_PAD: @@ -692,6 +712,7 @@ int PK11_GetIVLength(CK_MECHANISM_TYPE type) { switch (type) { + case CKM_CAMELLIA_ECB: case CKM_AES_ECB: case CKM_DES_ECB: case CKM_DES3_ECB: @@ -732,6 +753,8 @@ PK11_GetIVLength(CK_MECHANISM_TYPE type) case CKM_CAST3_CBC_PAD: case CKM_CAST5_CBC_PAD: return 8; + case CKM_CAMELLIA_CBC: + case CKM_CAMELLIA_CBC_PAD: case CKM_AES_CBC: case CKM_AES_CBC_PAD: return 16; @@ -786,6 +809,7 @@ PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv) param->len = 0; param->type = 0; switch (type) { + case CKM_CAMELLIA_ECB: case CKM_AES_ECB: case CKM_DES_ECB: case CKM_DES3_ECB: @@ -850,6 +874,7 @@ PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv) param->data = (unsigned char *) rc5_params; param->len = sizeof(CK_RC5_PARAMS); break; + case CKM_CAMELLIA_CBC: case CKM_AES_CBC: case CKM_DES_CBC: case CKM_DES3_CBC: @@ -858,6 +883,7 @@ PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv) case CKM_CAST_CBC: case CKM_CAST3_CBC: case CKM_CAST5_CBC: + case CKM_CAMELLIA_CBC_PAD: case CKM_AES_CBC_PAD: case CKM_DES_CBC_PAD: case CKM_DES3_CBC_PAD: @@ -915,6 +941,7 @@ PK11_IVFromParam(CK_MECHANISM_TYPE type,SECItem *param,int *len) *len = 0; switch (type) { + case CKM_CAMELLIA_ECB: case CKM_AES_ECB: case CKM_DES_ECB: case CKM_DES3_ECB: @@ -940,6 +967,7 @@ PK11_IVFromParam(CK_MECHANISM_TYPE type,SECItem *param,int *len) rc5_cbc_params = (CK_RC5_CBC_PARAMS *) param->data; *len = rc5_cbc_params->ulIvLen; return rc5_cbc_params->pIv; + case CKM_CAMELLIA_CBC: case CKM_AES_CBC: case CKM_DES_CBC: case CKM_DES3_CBC: @@ -1195,6 +1223,7 @@ PK11_ParamFromAlgid(SECAlgorithmID *algid) } break; case CKM_RC4: + case CKM_CAMELLIA_ECB: case CKM_AES_ECB: case CKM_DES_ECB: case CKM_DES3_ECB: @@ -1210,6 +1239,7 @@ PK11_ParamFromAlgid(SECAlgorithmID *algid) break; } /* FALL THROUGH */ + case CKM_CAMELLIA_CBC: case CKM_AES_CBC: case CKM_DES_CBC: case CKM_DES3_CBC: @@ -1218,6 +1248,7 @@ PK11_ParamFromAlgid(SECAlgorithmID *algid) case CKM_CAST_CBC: case CKM_CAST3_CBC: case CKM_CAST5_CBC: + case CKM_CAMELLIA_CBC_PAD: case CKM_AES_CBC_PAD: case CKM_DES_CBC_PAD: case CKM_DES3_CBC_PAD: @@ -1317,6 +1348,7 @@ PK11_GenerateNewParam(CK_MECHANISM_TYPE type, PK11SymKey *key) { mech->type = siBuffer; switch (type) { case CKM_RC4: + case CKM_CAMELLIA_ECB: case CKM_AES_ECB: case CKM_DES_ECB: case CKM_DES3_ECB: @@ -1378,6 +1410,7 @@ PK11_GenerateNewParam(CK_MECHANISM_TYPE type, PK11SymKey *key) { mech->len = 0; break; } + case CKM_CAMELLIA_CBC: case CKM_AES_CBC: case CKM_DES_CBC: case CKM_DES3_CBC: @@ -1450,6 +1483,7 @@ PK11_ParamToAlgid(SECOidTag algTag, SECItem *param, rv = SECSuccess; switch (type) { case CKM_RC4: + case CKM_CAMELLIA_ECB: case CKM_AES_ECB: case CKM_DES_ECB: case CKM_DES3_ECB: @@ -1531,6 +1565,7 @@ PK11_ParamToAlgid(SECOidTag algTag, SECItem *param, newParams = NULL; break; } + case CKM_CAMELLIA_CBC: case CKM_AES_CBC: case CKM_DES_CBC: case CKM_DES3_CBC: @@ -1605,6 +1640,8 @@ PK11_MechanismToAlgtag(CK_MECHANISM_TYPE type) { CK_MECHANISM_TYPE PK11_GetPadMechanism(CK_MECHANISM_TYPE type) { switch(type) { + case CKM_CAMELLIA_CBC: + return CKM_CAMELLIA_CBC_PAD; case CKM_AES_CBC: return CKM_AES_CBC_PAD; case CKM_DES_CBC: diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index 94d4ffabaf70..f7b71c2be6fe 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -69,6 +69,7 @@ PK11DefaultArrayEntry PK11_DefaultArray[] = { { "RC4", SECMOD_RC4_FLAG, CKM_RC4 }, { "DES", SECMOD_DES_FLAG, CKM_DES_CBC }, { "AES", SECMOD_AES_FLAG, CKM_AES_CBC }, + { "Camellia", SECMOD_CAMELLIA_FLAG, CKM_CAMELLIA_CBC }, { "RC5", SECMOD_RC5_FLAG, CKM_RC5_CBC }, { "SHA-1", SECMOD_SHA1_FLAG, CKM_SHA_1 }, { "SHA256", SECMOD_SHA256_FLAG, CKM_SHA256 }, @@ -98,7 +99,8 @@ PK11_GetDefaultArray(int *size) * These slotlists are lists of modules which provide default support for * a given algorithm or mechanism. */ -static PK11SlotList pk11_aesSlotList, +static PK11SlotList pk11_camelliaSlotList, + pk11_aesSlotList, pk11_desSlotList, pk11_rc4SlotList, pk11_rc2SlotList, @@ -752,6 +754,7 @@ pk11_InitSlotListStatic(PK11SlotList *list) SECStatus PK11_InitSlotLists(void) { + pk11_InitSlotListStatic(&pk11_camelliaSlotList); pk11_InitSlotListStatic(&pk11_aesSlotList); pk11_InitSlotListStatic(&pk11_desSlotList); pk11_InitSlotListStatic(&pk11_rc4SlotList); @@ -776,6 +779,7 @@ PK11_InitSlotLists(void) void PK11_DestroySlotLists(void) { + pk11_FreeSlotListStatic(&pk11_camelliaSlotList); pk11_FreeSlotListStatic(&pk11_aesSlotList); pk11_FreeSlotListStatic(&pk11_desSlotList); pk11_FreeSlotListStatic(&pk11_rc4SlotList); @@ -807,6 +811,9 @@ PK11_GetSlotList(CK_MECHANISM_TYPE type) return NULL; #endif switch (type) { + case CKM_CAMELLIA_CBC: + case CKM_CAMELLIA_ECB: + return &pk11_camelliaSlotList; case CKM_AES_CBC: case CKM_AES_ECB: return &pk11_aesSlotList; diff --git a/security/nss/lib/pk11wrap/secmod.h b/security/nss/lib/pk11wrap/secmod.h index 0578bbc0442d..de6d8fb6dabf 100644 --- a/security/nss/lib/pk11wrap/secmod.h +++ b/security/nss/lib/pk11wrap/secmod.h @@ -58,6 +58,7 @@ #define PUBLIC_MECH_AES_FLAG 0x00002000ul #define PUBLIC_MECH_SHA256_FLAG 0x00004000ul #define PUBLIC_MECH_SHA512_FLAG 0x00008000ul +#define PUBLIC_MECH_CAMELLIA_FLAG 0x00010000ul #define PUBLIC_MECH_RANDOM_FLAG 0x08000000ul #define PUBLIC_MECH_FRIENDLY_FLAG 0x10000000ul diff --git a/security/nss/lib/pk11wrap/secmodt.h b/security/nss/lib/pk11wrap/secmodt.h index a6f7b180f89f..e670ad8a1295 100644 --- a/security/nss/lib/pk11wrap/secmodt.h +++ b/security/nss/lib/pk11wrap/secmodt.h @@ -182,6 +182,7 @@ struct PK11DefaultArrayEntryStr { #define SECMOD_AES_FLAG 0x00002000L #define SECMOD_SHA256_FLAG 0x00004000L #define SECMOD_SHA512_FLAG 0x00008000L /* also for SHA384 */ +#define SECMOD_CAMELLIA_FLAG 0x00010000L /* = PUBLIC_MECH_CAMELLIA_FLAG */ /* reserved bit for future, do not use */ #define SECMOD_RESERVED_FLAG 0X08000000L #define SECMOD_FRIENDLY_FLAG 0x10000000L @@ -339,7 +340,7 @@ typedef PRUint32 PK11AttrFlags; #define SECMOD_FIPS 2 /* internal fips module */ /* default module configuration strings */ -#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,SHA256,SHA512]" +#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SHA256,SHA512]" #define SECMOD_MAKE_NSS_FLAGS(fips,slot) \ "Flags=internal,critical"fips" slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})" diff --git a/security/nss/lib/softoken/pk11pars.h b/security/nss/lib/softoken/pk11pars.h index b7a742aa2498..b745c93e94d3 100644 --- a/security/nss/lib/softoken/pk11pars.h +++ b/security/nss/lib/softoken/pk11pars.h @@ -85,6 +85,7 @@ static struct secmodargSlotFlagTable secmod_argSlotFlagTable[] = { SECMOD_ARG_ENTRY(SSL,SECMOD_SSL_FLAG), SECMOD_ARG_ENTRY(TLS,SECMOD_TLS_FLAG), SECMOD_ARG_ENTRY(AES,SECMOD_AES_FLAG), + SECMOD_ARG_ENTRY(Camellia,SECMOD_CAMELLIA_FLAG), SECMOD_ARG_ENTRY(PublicCerts,SECMOD_FRIENDLY_FLAG), SECMOD_ARG_ENTRY(RANDOM,SECMOD_RANDOM_FLAG), }; diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 76f307c3e823..eba10bf637d9 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -257,11 +257,11 @@ static const struct mechanismList mechanisms[] = { * The second argument is Mechanism info structure. It includes: * The minimum key size, * in bits for RSA, DSA, DH, EC*, KEA, RC2 and RC4 * algs. - * in bytes for RC5, AES, and CAST* + * in bytes for RC5, AES, Camellia, and CAST* * ignored for DES*, IDEA and FORTEZZA based * The maximum key size, * in bits for RSA, DSA, DH, EC*, KEA, RC2 and RC4 * algs. - * in bytes for RC5, AES, and CAST* + * in bytes for RC5, AES, Camellia, and CAST* * ignored for DES*, IDEA and FORTEZZA based * Flags * What operations are supported by this mechanism. @@ -352,6 +352,13 @@ static const struct mechanismList mechanisms[] = { {CKM_AES_MAC, {16, 32, CKF_SN_VR}, PR_TRUE}, {CKM_AES_MAC_GENERAL, {16, 32, CKF_SN_VR}, PR_TRUE}, {CKM_AES_CBC_PAD, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE}, + /* ------------------------- Camellia Operations --------------------- */ + {CKM_CAMELLIA_KEY_GEN, {16, 32, CKF_GENERATE}, PR_TRUE}, + {CKM_CAMELLIA_ECB, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE}, + {CKM_CAMELLIA_CBC, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE}, + {CKM_CAMELLIA_MAC, {16, 32, CKF_SN_VR}, PR_TRUE}, + {CKM_CAMELLIA_MAC_GENERAL, {16, 32, CKF_SN_VR}, PR_TRUE}, + {CKM_CAMELLIA_CBC_PAD, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE}, /* ------------------------- Hashing Operations ----------------------- */ {CKM_MD2, {0, 0, CKF_DIGEST}, PR_FALSE}, {CKM_MD2_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 318e0d7fea57..cfd1e7cb00b7 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -630,6 +630,37 @@ finish_des: context->destroy = (SFTKDestroy) DES_DestroyContext; break; + case CKM_CAMELLIA_CBC_PAD: + context->doPad = PR_TRUE; + /* fall thru */ + case CKM_CAMELLIA_ECB: + case CKM_CAMELLIA_CBC: + context->blockSize = 16; + if (key_type != CKK_CAMELLIA) { + crv = CKR_KEY_TYPE_INCONSISTENT; + break; + } + att = sftk_FindAttribute(key,CKA_VALUE); + if (att == NULL) { + crv = CKR_KEY_HANDLE_INVALID; + break; + } + context->cipherInfo = Camellia_CreateContext( + (unsigned char*)att->attrib.pValue, + (unsigned char*)pMechanism->pParameter, + pMechanism->mechanism == + CKM_CAMELLIA_ECB ? NSS_CAMELLIA : NSS_CAMELLIA_CBC, + isEncrypt, att->attrib.ulValueLen); + sftk_FreeAttribute(att); + if (context->cipherInfo == NULL) { + crv = CKR_HOST_MEMORY; + break; + } + context->update = (SFTKCipher) (isEncrypt ? + Camellia_Encrypt : Camellia_Decrypt); + context->destroy = (SFTKDestroy) Camellia_DestroyContext; + break; + case CKM_AES_CBC_PAD: context->doPad = PR_TRUE; /* fall thru */ @@ -1562,6 +1593,16 @@ sftk_InitCBCMac(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, cbc_mechanism.pParameter = &ivBlock; cbc_mechanism.ulParameterLen = blockSize; break; + case CKM_CAMELLIA_MAC_GENERAL: + mac_bytes = *(CK_ULONG *)pMechanism->pParameter; + /* fall through */ + case CKM_CAMELLIA_MAC: + blockSize = 16; + PORT_Memset(ivBlock,0,blockSize); + cbc_mechanism.mechanism = CKM_CAMELLIA_CBC; + cbc_mechanism.pParameter = &ivBlock; + cbc_mechanism.ulParameterLen = blockSize; + break; case CKM_AES_MAC_GENERAL: mac_bytes = *(CK_ULONG *)pMechanism->pParameter; /* fall through */ @@ -2708,6 +2749,10 @@ nsc_SetupBulkKeyGen(CK_MECHANISM_TYPE mechanism, CK_KEY_TYPE *key_type, *key_type = CKK_DES3; *key_length = 24; break; + case CKM_CAMELLIA_KEY_GEN: + *key_type = CKK_CAMELLIA; + if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; + break; case CKM_AES_KEY_GEN: *key_type = CKK_AES; if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE; @@ -2904,6 +2949,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, case CKM_RC2_KEY_GEN: case CKM_RC4_KEY_GEN: case CKM_GENERIC_SECRET_KEY_GEN: + case CKM_CAMELLIA_KEY_GEN: case CKM_AES_KEY_GEN: #if NSS_SOFTOKEN_DOES_RC5 case CKM_RC5_KEY_GEN: diff --git a/security/nss/lib/softoken/pkcs11t.h b/security/nss/lib/softoken/pkcs11t.h index 771f65ab2077..1eef6bf610b2 100644 --- a/security/nss/lib/softoken/pkcs11t.h +++ b/security/nss/lib/softoken/pkcs11t.h @@ -426,6 +426,9 @@ typedef CK_ULONG CK_KEY_TYPE; #define CKK_BLOWFISH 0x00000020 #define CKK_TWOFISH 0x00000021 +/* Camellia is proposed for v2.20 Amendment 3 */ +#define CKK_CAMELLIA 0x00000025 + #define CKK_VENDOR_DEFINED 0x80000000 @@ -908,6 +911,15 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_TWOFISH_KEY_GEN 0x00001092 #define CKM_TWOFISH_CBC 0x00001093 +/* Camellia is proposed for v2.20 Amendment 3 */ +#define CKM_CAMELLIA_KEY_GEN 0x00000550 +#define CKM_CAMELLIA_ECB 0x00000551 +#define CKM_CAMELLIA_CBC 0x00000552 +#define CKM_CAMELLIA_MAC 0x00000553 +#define CKM_CAMELLIA_MAC_GENERAL 0x00000554 +#define CKM_CAMELLIA_CBC_PAD 0x00000555 +#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556 +#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557 /* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */ #define CKM_DES_ECB_ENCRYPT_DATA 0x00001100 diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index ae8e87f67d47..0d1c26c91d85 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -39,7 +39,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: ssl3con.c,v 1.99 2006/12/08 22:37:29 wtchang%redhat.com Exp $ */ +/* $Id: ssl3con.c,v 1.100 2007/02/28 19:47:38 rrelyea%redhat.com Exp $ */ #include "nssrenam.h" #include "cert.h" @@ -107,12 +107,15 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, #endif /* NSS_ENABLE_ECC */ + { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, + { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, #ifdef NSS_ENABLE_ECC { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, #endif /* NSS_ENABLE_ECC */ + { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, #ifdef NSS_ENABLE_ECC @@ -121,6 +124,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, #endif /* NSS_ENABLE_ECC */ + { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, + { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, @@ -130,6 +135,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, #endif /* NSS_ENABLE_ECC */ + { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE}, { SSL_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE}, @@ -218,6 +224,8 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = { {cipher_idea, calg_idea, 16, 16, type_block, 8, 8, kg_strong}, {cipher_aes_128, calg_aes, 16, 16, type_block, 16,16, kg_strong}, {cipher_aes_256, calg_aes, 32, 32, type_block, 16,16, kg_strong}, + {cipher_camellia_128, calg_camellia,16, 16, type_block, 16,16, kg_strong}, + {cipher_camellia_256, calg_camellia,32, 32, type_block, 16,16, kg_strong}, {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, kg_null}, }; @@ -315,6 +323,17 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {TLS_DH_ANON_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon}, #endif + {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa}, + {TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + cipher_camellia_128, mac_sha, kea_dhe_dss}, + {TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + cipher_camellia_128, mac_sha, kea_dhe_rsa}, + {TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa}, + {TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + cipher_camellia_256, mac_sha, kea_dhe_dss}, + {TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + cipher_camellia_256, mac_sha, kea_dhe_rsa}, + {TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, cipher_des, mac_sha,kea_rsa_export_1024}, {TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, @@ -382,6 +401,7 @@ static const SSLCipher2Mech alg2Mech[] = { { calg_idea , CKM_IDEA_CBC }, { calg_fortezza , CKM_SKIPJACK_CBC64 }, { calg_aes , CKM_AES_CBC }, + { calg_camellia , CKM_CAMELLIA_CBC }, /* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */ }; @@ -414,6 +434,8 @@ const char * const ssl3_cipherName[] = { "IDEA-CBC", "AES-128", "AES-256", + "Camellia-128", + "Camellia-256", "missing" }; @@ -1283,6 +1305,16 @@ const ssl3BulkCipherDef *cipher_def; pwSpec->destroy = (SSLDestroy) AES_DestroyContext; break; + case ssl_calg_camellia: + initFn = (BLapiInitContextFunc)Camellia_InitContext; + mode = NSS_CAMELLIA_CBC; + optArg1 = server_encrypts; + optArg2 = CAMELLIA_BLOCK_SIZE; + pwSpec->encode = (SSLCipher) Camellia_Encrypt; + pwSpec->decode = (SSLCipher) Camellia_Decrypt; + pwSpec->destroy = (SSLDestroy) Camellia_DestroyContext; + break; + case ssl_calg_idea: case ssl_calg_fortezza : default: @@ -1301,7 +1333,8 @@ const ssl3BulkCipherDef *cipher_def; goto bail_out; } - if (calg == ssl_calg_des || calg == ssl_calg_3des || calg == ssl_calg_aes) { + if (calg == ssl_calg_des || calg == ssl_calg_3des || calg == ssl_calg_aes + || calg == ssl_calg_camellia) { /* For block ciphers, if the server is encrypting, then the client * is decrypting, and vice versa. */ @@ -3686,6 +3719,7 @@ static const CK_MECHANISM_TYPE wrapMechanismList[SSL_NUM_WRAP_MECHS] = { CKM_SKIPJACK_WRAP, CKM_SKIPJACK_CBC64, CKM_AES_ECB, + CKM_CAMELLIA_ECB, UNKNOWN_WRAP_MECHANISM }; diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c index e4536cacbc57..519ae487629b 100644 --- a/security/nss/lib/ssl/sslenum.c +++ b/security/nss/lib/ssl/sslenum.c @@ -39,7 +39,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslenum.c,v 1.13 2005/12/14 01:49:39 wtchang%redhat.com Exp $ */ +/* $Id: sslenum.c,v 1.14 2007/02/28 19:47:38 rrelyea%redhat.com Exp $ */ #include "ssl.h" #include "sslproto.h" @@ -51,12 +51,15 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, #endif /* NSS_ENABLE_ECC */ + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, #ifdef NSS_ENABLE_ECC TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, #endif /* NSS_ENABLE_ECC */ + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, /* 128-bit */ @@ -66,6 +69,8 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, #endif /* NSS_ENABLE_ECC */ + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, @@ -75,6 +80,7 @@ const PRUint16 SSL_ImplementedCiphers[] = { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, #endif /* NSS_ENABLE_ECC */ + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index e2f5c4b0acab..93d7c507320c 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -39,7 +39,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslimpl.h,v 1.54 2007/01/31 04:20:26 nelson%bolyard.com Exp $ */ +/* $Id: sslimpl.h,v 1.55 2007/02/28 19:47:38 rrelyea%redhat.com Exp $ */ #ifndef __sslimpl_h_ #define __sslimpl_h_ @@ -86,6 +86,7 @@ typedef SSLSignType SSL3SignType; #define calg_idea ssl_calg_idea #define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */ #define calg_aes ssl_calg_aes +#define calg_camellia ssl_calg_camellia #define mac_null ssl_mac_null #define mac_md5 ssl_mac_md5 @@ -170,7 +171,7 @@ typedef enum { SSLAppOpRead = 0, #define SSL3_MASTER_SECRET_LENGTH 48 /* number of wrap mechanisms potentially used to wrap master secrets. */ -#define SSL_NUM_WRAP_MECHS 14 +#define SSL_NUM_WRAP_MECHS 15 /* This makes the cert cache entry exactly 4k. */ #define SSL_MAX_CACHED_CERT_LEN 4060 @@ -311,9 +312,9 @@ typedef struct { } ssl3CipherSuiteCfg; #ifdef NSS_ENABLE_ECC -#define ssl_V3_SUITES_IMPLEMENTED 43 +#define ssl_V3_SUITES_IMPLEMENTED 49 #else -#define ssl_V3_SUITES_IMPLEMENTED 23 +#define ssl_V3_SUITES_IMPLEMENTED 29 #endif /* NSS_ENABLE_ECC */ typedef struct sslOptionsStr { @@ -469,6 +470,8 @@ typedef enum { cipher_idea, cipher_aes_128, cipher_aes_256, + cipher_camellia_128, + cipher_camellia_256, cipher_missing /* reserved for no such supported cipher */ /* This enum must match ssl3_cipherName[] in ssl3con.c. */ } SSL3BulkCipher; diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c index 0a0236a3c4df..02cb90dcd936 100644 --- a/security/nss/lib/ssl/sslinfo.c +++ b/security/nss/lib/ssl/sslinfo.c @@ -34,7 +34,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslinfo.c,v 1.15 2005/12/14 01:49:39 wtchang%redhat.com Exp $ */ +/* $Id: sslinfo.c,v 1.16 2007/02/28 19:47:38 rrelyea%redhat.com Exp $ */ #include "ssl.h" #include "sslimpl.h" #include "sslproto.h" @@ -109,6 +109,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) #define K_ECDH "ECDH", kt_ecdh #define K_ECDHE "ECDHE", kt_ecdh +#define C_CAMELLIA "CAMELLIA", calg_camellia #define C_AES "AES", calg_aes #define C_RC4 "RC4", calg_rc4 #define C_RC2 "RC2", calg_rc2 @@ -131,13 +132,19 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) static const SSLCipherSuiteInfo suiteInfo[] = { /* <------ Cipher suite --------------------> */ +{0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, }, +{0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, }, {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, }, {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, }, +{0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, }, {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, }, +{0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, }, +{0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, }, {0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA, 0, 0, 0, }, {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, +{0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, }, {0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, }, {0,CS(SSL_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, }, {0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, }, diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h index 12cca12c677e..dc68ab2d8b27 100644 --- a/security/nss/lib/ssl/sslproto.h +++ b/security/nss/lib/ssl/sslproto.h @@ -39,7 +39,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslproto.h,v 1.11 2006/05/16 01:14:43 wtchang%redhat.com Exp $ */ +/* $Id: sslproto.h,v 1.12 2007/02/28 19:47:38 rrelyea%redhat.com Exp $ */ #ifndef __sslproto_h_ #define __sslproto_h_ @@ -158,6 +158,13 @@ #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039 #define TLS_DH_ANON_WITH_AES_256_CBC_SHA 0x003A +#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 +#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 +#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 +#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044 +#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045 +#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA 0x0046 + #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062 #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064 @@ -165,6 +172,13 @@ #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065 #define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066 +#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 +#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085 +#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086 +#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087 +#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088 +#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA 0x0089 + #define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001 #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002 #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003 diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index 4f58708b8d48..1becfdcf2196 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -40,7 +40,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslsock.c,v 1.51 2007/01/31 04:20:26 nelson%bolyard.com Exp $ */ +/* $Id: sslsock.c,v 1.52 2007/02/28 19:47:38 rrelyea%redhat.com Exp $ */ #include "seccomon.h" #include "cert.h" #include "keyhi.h" @@ -95,6 +95,12 @@ static cipherPolicy ssl_ciphers[] = { /* Export France */ { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, + { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, + { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, + { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, + { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, + { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, + { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED }, { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED }, { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED }, #ifdef NSS_ENABLE_ECC diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h index a47a10543a05..a4e5e3705562 100644 --- a/security/nss/lib/ssl/sslt.h +++ b/security/nss/lib/ssl/sslt.h @@ -37,7 +37,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslt.h,v 1.9 2005/08/16 03:42:26 nelsonb%netscape.com Exp $ */ +/* $Id: sslt.h,v 1.10 2007/02/28 19:47:38 rrelyea%redhat.com Exp $ */ #ifndef __sslt_h_ #define __sslt_h_ @@ -106,7 +106,8 @@ typedef enum { ssl_calg_3des = 4, ssl_calg_idea = 5, ssl_calg_fortezza = 6, /* deprecated, now unused */ - ssl_calg_aes = 7 /* coming soon */ + ssl_calg_aes = 7, /* coming soon */ + ssl_calg_camellia = 8 } SSLCipherAlgorithm; typedef enum { diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c index 315fe9d683fc..ea441ff3aa6c 100644 --- a/security/nss/lib/util/secoid.c +++ b/security/nss/lib/util/secoid.c @@ -169,6 +169,13 @@ #define ANSI_X962_SIGNATURE_OID ANSI_X962_OID, 0x04 #define ANSI_X962_SPECIFY_OID ANSI_X962_SIGNATURE_OID, 0x03 +/* for Camellia: iso(1) member-body(2) jisc(392) + * mitsubishi(200011) isl(61) security(1) algorithm(1) + */ +#define MITSUBISHI_ALG 0x2a,0x83,0x08,0x8c,0x9a,0x4b,0x3d,0x01,0x01 +#define CAMELLIA_ENCRYPT_OID MITSUBISHI_ALG,1 +#define CAMELLIA_WRAP_OID MITSUBISHI_ALG,3 + #define CONST_OID static const unsigned char CONST_OID md2[] = { DIGEST, 0x02 }; @@ -451,6 +458,13 @@ CONST_OID aes256_CFB[] = { AES, 44 }; #endif CONST_OID aes256_KEY_WRAP[] = { AES, 45 }; +CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2}; +CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3}; +CONST_OID camellia256_CBC[] = { CAMELLIA_ENCRYPT_OID, 4}; +CONST_OID camellia128_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 2}; +CONST_OID camellia192_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 3}; +CONST_OID camellia256_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 4}; + CONST_OID sha256[] = { SHAXXX, 1 }; CONST_OID sha384[] = { SHAXXX, 2 }; CONST_OID sha512[] = { SHAXXX, 3 }; @@ -1469,6 +1483,14 @@ const static SECOidData oids[] = { SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE, "X9.62 ECDSA signature with SHA512", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), + + /* Camellia algorithm OIDs */ + OD( camellia128_CBC, SEC_OID_CAMELLIA_128_CBC, + "CAMELLIA-128-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ), + OD( camellia192_CBC, SEC_OID_CAMELLIA_192_CBC, + "CAMELLIA-192-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ), + OD( camellia256_CBC, SEC_OID_CAMELLIA_256_CBC, + "CAMELLIA-256-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ), }; /* diff --git a/security/nss/lib/util/secoidt.h b/security/nss/lib/util/secoidt.h index 958f6709fb1c..8fcf26369db8 100644 --- a/security/nss/lib/util/secoidt.h +++ b/security/nss/lib/util/secoidt.h @@ -40,7 +40,7 @@ /* * secoidt.h - public data structures for ASN.1 OID functions * - * $Id: secoidt.h,v 1.20 2006/02/08 06:14:31 rrelyea%redhat.com Exp $ + * $Id: secoidt.h,v 1.21 2007/02/28 19:47:36 rrelyea%redhat.com Exp $ */ #include "secitem.h" @@ -413,6 +413,12 @@ typedef enum { SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE = 278, SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE = 279, SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE = 280, + + /* Camellia OIDs (RFC3657)*/ + SEC_OID_CAMELLIA_128_CBC = 281, + SEC_OID_CAMELLIA_192_CBC = 282, + SEC_OID_CAMELLIA_256_CBC = 283, + SEC_OID_TOTAL } SECOidTag; diff --git a/security/nss/tests/cipher/cipher.txt b/security/nss/tests/cipher/cipher.txt index 29915cfc99c2..5565e529963d 100644 --- a/security/nss/tests/cipher/cipher.txt +++ b/security/nss/tests/cipher/cipher.txt @@ -17,6 +17,10 @@ 0 aes_ecb_-D AES_ECB_Decrypt 0 aes_cbc_-E AES_CBC_Encrypt 0 aes_cbc_-D AES_CBC_Decrypt + 0 camellia_ecb_-E Camellia_ECB_Encrypt + 0 camellia_ecb_-D Camellia_ECB_Decrypt + 0 camellia_cbc_-E Camellia_CBC_Encrypt + 0 camellia_cbc_-D Camellia_CBC_Decrypt 0 rc2_ecb_-E RC2_ECB_Encrypt 0 rc2_ecb_-D RC2_ECB_Decrypt 0 rc2_cbc_-E RC2_CBC_Encrypt diff --git a/security/nss/tests/cipher/performance.sh b/security/nss/tests/cipher/performance.sh index 98d1b0a383d3..0ac211da5e2b 100755 --- a/security/nss/tests/cipher/performance.sh +++ b/security/nss/tests/cipher/performance.sh @@ -37,7 +37,7 @@ do if [ $mode != "#" ]; then echo "bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps" bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps >> ${SKPERFOUT} - mv "tmp.in" "$mode.in" + mv "tmp.in.0" "$mode.in" mv tmp.key $mode.key if [ -f tmp.iv ]; then mv tmp.iv $mode.iv @@ -66,7 +66,7 @@ do if [ $mode != "#" ]; then echo "bltest -N -m $mode -b $bufsize -e $exp -g $keysize -u $cxreps" bltest -N -m $mode -b $bufsize -e $exp -g $keysize -u $cxreps >> ${RSAPERFOUT} - mv "tmp.in" "$mode.in" + mv "tmp.in.0" "$mode.in" mv tmp.key $mode.key echo "bltest -E -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out" bltest -E -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out >> ${RSAPERFOUT} @@ -95,7 +95,7 @@ do if [ $mode != "#" ]; then echo "bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps" bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps >> ${DSAPERFOUT} - mv "tmp.in" "$mode.in" + mv "tmp.in.0" "$mode.in" mv tmp.key $mode.key echo "bltest -S -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out" bltest -S -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out >> ${DSAPERFOUT} @@ -123,7 +123,7 @@ do if [ $mode != "#" ]; then echo "bltest -N -m $mode -b $bufsize" bltest -N -m $mode -b $bufsize - mv "tmp.in" "$mode.in" + mv "tmp.in.0" "$mode.in" echo "bltest -H -m $mode -i ${CIPHERDIR}/$mode.in -p $reps -o ${CIPHERDIR}/$mode.out" bltest -H -m $mode -i ${CIPHERDIR}/$mode.in -p $reps -o ${CIPHERDIR}/$mode.out >> ${HASHPERFOUT} fi diff --git a/security/nss/tests/cipher/symmkey.txt b/security/nss/tests/cipher/symmkey.txt index d1f18ad1ca55..095668a7c91a 100644 --- a/security/nss/tests/cipher/symmkey.txt +++ b/security/nss/tests/cipher/symmkey.txt @@ -21,3 +21,7 @@ aes_cbc 16 8192 10000 100000 aes_ecb 32 8192 10000 100000 aes_cbc 32 8192 10000 100000 + camellia_ecb 16 8192 10000 100000 + camellia_cbc 16 8192 10000 100000 + camellia_ecb 32 8192 10000 100000 + camellia_cbc 32 8192 10000 100000 diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh index de9a8b044bf3..fa75892eb118 100755 --- a/security/nss/tests/ssl/ssl.sh +++ b/security/nss/tests/ssl/ssl.sh @@ -771,8 +771,9 @@ ssl_run() #this script may be sourced from the distributed stress test - in this case do nothing... -CSHORT="-c ABCDEFcdefgijklmnvyz" -CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014cdefgijklmnvyz" +CSHORT="-c ABCDEF:0041:0084cdefgijklmnvyz" +CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:0041:0084cdefgijklmnvyz" + if [ -z "$DO_REM_ST" -a -z "$DO_DIST_ST" ] ; then diff --git a/security/nss/tests/ssl/sslcov.txt b/security/nss/tests/ssl/sslcov.txt index 1a8144564a1b..f5fa52d29949 100644 --- a/security/nss/tests/ssl/sslcov.txt +++ b/security/nss/tests/ssl/sslcov.txt @@ -31,6 +31,8 @@ noECC noTLS v SSL3_RSA_WITH_AES_128_CBC_SHA noECC noTLS y SSL3_RSA_WITH_AES_256_CBC_SHA noECC noTLS z SSL3_RSA_WITH_NULL_SHA + noECC noTLS :0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + noECC noTLS :0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA # noECC TLS c TLS_RSA_WITH_RC4_128_MD5 noECC TLS d TLS_RSA_WITH_3DES_EDE_CBC_SHA @@ -46,6 +48,8 @@ noECC TLS v TLS_RSA_WITH_AES_128_CBC_SHA noECC TLS y TLS_RSA_WITH_AES_256_CBC_SHA noECC TLS z TLS_RSA_WITH_NULL_SHA + noECC TLS :0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + noECC TLS :0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA # # ECC ciphers (SSL3) #