зеркало из https://github.com/mozilla/pjs.git
Add Camilla cipher suites TLS RFC4132 bug 361025
code supplied by okazaki@kick.gr.jp
This commit is contained in:
Родитель
ffcd2e4b96
Коммит
62c83b3478
|
@ -671,6 +671,8 @@ typedef enum {
|
|||
bltestRC5_CBC, /* . */
|
||||
bltestAES_ECB, /* . */
|
||||
bltestAES_CBC, /* . */
|
||||
bltestCAMELLIA_ECB, /* . */
|
||||
bltestCAMELLIA_CBC, /* . */
|
||||
bltestRSA, /* Public Key Ciphers */
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
bltestECDSA, /* . (Public Key Sig.) */
|
||||
|
@ -698,6 +700,8 @@ static char *mode_strings[] =
|
|||
"rc5_cbc",
|
||||
"aes_ecb",
|
||||
"aes_cbc",
|
||||
"camellia_ecb",
|
||||
"camellia_cbc",
|
||||
"rsa",
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
"ecdsa",
|
||||
|
@ -813,7 +817,7 @@ PRBool
|
|||
is_symmkeyCipher(bltestCipherMode mode)
|
||||
{
|
||||
/* change as needed! */
|
||||
if (mode >= bltestDES_ECB && mode <= bltestAES_CBC)
|
||||
if (mode >= bltestDES_ECB && mode <= bltestCAMELLIA_CBC)
|
||||
return PR_TRUE;
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
@ -855,7 +859,7 @@ cipher_requires_IV(bltestCipherMode mode)
|
|||
/* change as needed! */
|
||||
if (mode == bltestDES_CBC || mode == bltestDES_EDE_CBC ||
|
||||
mode == bltestRC2_CBC || mode == bltestRC5_CBC ||
|
||||
mode == bltestAES_CBC)
|
||||
mode == bltestAES_CBC || mode == bltestCAMELLIA_CBC)
|
||||
return PR_TRUE;
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
@ -1089,6 +1093,26 @@ aes_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
|
|||
input, inputLen);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
camellia_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
|
||||
unsigned int maxOutputLen, const unsigned char *input,
|
||||
unsigned int inputLen)
|
||||
{
|
||||
return Camellia_Encrypt((CamelliaContext *)cx, output, outputLen,
|
||||
maxOutputLen,
|
||||
input, inputLen);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
camellia_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
|
||||
unsigned int maxOutputLen, const unsigned char *input,
|
||||
unsigned int inputLen)
|
||||
{
|
||||
return Camellia_Decrypt((CamelliaContext *)cx, output, outputLen,
|
||||
maxOutputLen,
|
||||
input, inputLen);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
rsa_PublicKeyOp(void *key, SECItem *output, const SECItem *input)
|
||||
{
|
||||
|
@ -1309,6 +1333,49 @@ bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
|
|||
return SECSuccess;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
bltest_camellia_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
|
||||
{
|
||||
bltestSymmKeyParams *camelliap = &cipherInfo->params.sk;
|
||||
int minorMode;
|
||||
int i;
|
||||
int keylen = camelliap->key.buf.len;
|
||||
int blocklen = CAMELLIA_BLOCK_SIZE;
|
||||
PRIntervalTime time1, time2;
|
||||
|
||||
switch (cipherInfo->mode) {
|
||||
case bltestCAMELLIA_ECB: minorMode = NSS_CAMELLIA; break;
|
||||
case bltestCAMELLIA_CBC: minorMode = NSS_CAMELLIA_CBC; break;
|
||||
default:
|
||||
return SECFailure;
|
||||
}
|
||||
cipherInfo->cx = (void*)Camellia_CreateContext(camelliap->key.buf.data,
|
||||
camelliap->iv.buf.data,
|
||||
minorMode, encrypt,
|
||||
keylen);
|
||||
if (cipherInfo->cxreps > 0) {
|
||||
CamelliaContext **dummycx;
|
||||
dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(CamelliaContext *));
|
||||
TIMESTART();
|
||||
for (i=0; i<cipherInfo->cxreps; i++) {
|
||||
dummycx[i] = (void*)Camellia_CreateContext(camelliap->key.buf.data,
|
||||
camelliap->iv.buf.data,
|
||||
minorMode, encrypt,
|
||||
keylen);
|
||||
}
|
||||
TIMEFINISH(cipherInfo->cxtime, 1.0);
|
||||
for (i=0; i<cipherInfo->cxreps; i++) {
|
||||
Camellia_DestroyContext(dummycx[i], PR_TRUE);
|
||||
}
|
||||
PORT_Free(dummycx);
|
||||
}
|
||||
if (encrypt)
|
||||
cipherInfo->cipher.symmkeyCipher = camellia_Encrypt;
|
||||
else
|
||||
cipherInfo->cipher.symmkeyCipher = camellia_Decrypt;
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
|
||||
{
|
||||
|
@ -1863,6 +1930,12 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
|
|||
cipherInfo->input.pBuf.len);
|
||||
return bltest_aes_init(cipherInfo, encrypt);
|
||||
break;
|
||||
case bltestCAMELLIA_ECB:
|
||||
case bltestCAMELLIA_CBC:
|
||||
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
|
||||
cipherInfo->input.pBuf.len);
|
||||
return bltest_camellia_init(cipherInfo, encrypt);
|
||||
break;
|
||||
case bltestRSA:
|
||||
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
|
||||
cipherInfo->input.pBuf.len);
|
||||
|
@ -2313,6 +2386,10 @@ cipherFinish(bltestCipherInfo *cipherInfo)
|
|||
case bltestAES_CBC:
|
||||
AES_DestroyContext((AESContext *)cipherInfo->cx, PR_TRUE);
|
||||
break;
|
||||
case bltestCAMELLIA_ECB:
|
||||
case bltestCAMELLIA_CBC:
|
||||
Camellia_DestroyContext((CamelliaContext *)cipherInfo->cx, PR_TRUE);
|
||||
break;
|
||||
case bltestRC2_ECB:
|
||||
case bltestRC2_CBC:
|
||||
RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE);
|
||||
|
@ -2461,6 +2538,8 @@ print_td:
|
|||
case bltestDES_EDE_CBC:
|
||||
case bltestAES_ECB:
|
||||
case bltestAES_CBC:
|
||||
case bltestCAMELLIA_ECB:
|
||||
case bltestCAMELLIA_CBC:
|
||||
case bltestRC2_ECB:
|
||||
case bltestRC2_CBC:
|
||||
case bltestRC4:
|
||||
|
@ -2603,6 +2682,7 @@ get_params(PRArenaPool *arena, bltestParams *params,
|
|||
case bltestDES_EDE_CBC:
|
||||
case bltestRC2_CBC:
|
||||
case bltestAES_CBC:
|
||||
case bltestCAMELLIA_CBC:
|
||||
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
|
||||
load_file_data(arena, ¶ms->sk.iv, filename, bltestBinary);
|
||||
case bltestDES_ECB:
|
||||
|
@ -2610,6 +2690,7 @@ get_params(PRArenaPool *arena, bltestParams *params,
|
|||
case bltestRC2_ECB:
|
||||
case bltestRC4:
|
||||
case bltestAES_ECB:
|
||||
case bltestCAMELLIA_ECB:
|
||||
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
|
||||
load_file_data(arena, ¶ms->sk.key, filename, bltestBinary);
|
||||
break;
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
taydfPlRJe3wf8Td0xJ9Tw==
|
|
@ -0,0 +1 @@
|
|||
yoYCZwKnUMcS4ADHxnwObA==
|
|
@ -0,0 +1 @@
|
|||
T+Wn4cs1Sbqrh/XtNd4vzQ==
|
|
@ -0,0 +1 @@
|
|||
qwertyuiopasdfgh
|
|
@ -0,0 +1 @@
|
|||
fedcba9876543210
|
|
@ -0,0 +1 @@
|
|||
fedcba9876543210fedcba98
|
|
@ -0,0 +1 @@
|
|||
fedcba9876543210fedcba9876543210
|
|
@ -0,0 +1 @@
|
|||
3
|
|
@ -0,0 +1 @@
|
|||
0123456789abcdef
|
|
@ -0,0 +1 @@
|
|||
6v0CGxSwow3AhsyhunfdbQ==
|
|
@ -0,0 +1 @@
|
|||
Nf1GwJiBtZT+VPJp+gBhPA==
|
|
@ -0,0 +1 @@
|
|||
ilB/0K3SI86Oecwh7cruGA==
|
|
@ -0,0 +1 @@
|
|||
fedcba9876543210
|
|
@ -0,0 +1 @@
|
|||
fedcba9876543210fedcba98
|
|
@ -0,0 +1 @@
|
|||
fedcba9876543210fedcba9876543210
|
|
@ -0,0 +1 @@
|
|||
3
|
|
@ -0,0 +1 @@
|
|||
0123456789abcdef
|
|
@ -749,7 +749,7 @@ usage()
|
|||
"---------------------------------------------------------------------------\n"
|
||||
"\n"
|
||||
"Mechanism lists are colon-separated. The following mechanisms are recognized:\n"
|
||||
"RSA, DSA, DH, RC2, RC4, RC5, AES, DES, MD2, MD5, SHA1, SHA256, SHA512,\n"
|
||||
"RSA, DSA, DH, RC2, RC4, RC5, AES, CAMELLIA, DES, MD2, MD5, SHA1, SHA256, SHA512,\n"
|
||||
"SSL, TLS, RANDOM, and FRIENDLY\n"
|
||||
"\n"
|
||||
"Cipher lists are colon-separated. The following ciphers are recognized:\n"
|
||||
|
|
|
@ -160,6 +160,7 @@ static const MaskString mechanismStrings[] = {
|
|||
{"SSL", PUBLIC_MECH_SSL_FLAG},
|
||||
{"TLS", PUBLIC_MECH_TLS_FLAG},
|
||||
{"AES", PUBLIC_MECH_AES_FLAG},
|
||||
{"CAMELLIA", PUBLIC_MECH_CAMELLIA_FLAG},
|
||||
{"SHA256", PUBLIC_MECH_SHA256_FLAG},
|
||||
{"SHA512", PUBLIC_MECH_SHA512_FLAG},
|
||||
{"RANDOM", PUBLIC_MECH_RANDOM_FLAG},
|
||||
|
|
|
@ -188,6 +188,7 @@ const Constant _consts[] = {
|
|||
mkEntry(CKK_JUNIPER, KeyType),
|
||||
mkEntry(CKK_CDMF, KeyType),
|
||||
mkEntry(CKK_AES, KeyType),
|
||||
mkEntry(CKK_CAMELLIA, KeyType),
|
||||
mkEntry(CKK_NETSCAPE_PKCS8, KeyType),
|
||||
|
||||
mkEntry(CKC_X_509, CertType),
|
||||
|
@ -476,6 +477,12 @@ const Constant _consts[] = {
|
|||
mkEntry(CKM_AES_MAC, Mechanism),
|
||||
mkEntry(CKM_AES_MAC_GENERAL, Mechanism),
|
||||
mkEntry(CKM_AES_CBC_PAD, Mechanism),
|
||||
mkEntry(CKM_CAMELLIA_KEY_GEN, Mechanism),
|
||||
mkEntry(CKM_CAMELLIA_ECB, Mechanism),
|
||||
mkEntry(CKM_CAMELLIA_CBC, Mechanism),
|
||||
mkEntry(CKM_CAMELLIA_MAC, Mechanism),
|
||||
mkEntry(CKM_CAMELLIA_MAC_GENERAL, Mechanism),
|
||||
mkEntry(CKM_CAMELLIA_CBC_PAD, Mechanism),
|
||||
mkEntry(CKM_DSA_PARAMETER_GEN, Mechanism),
|
||||
mkEntry(CKM_DH_PKCS_PARAMETER_GEN, Mechanism),
|
||||
mkEntry(CKM_NETSCAPE_AES_KEY_WRAP, Mechanism),
|
||||
|
@ -1222,9 +1229,10 @@ const Commands _commands[] = {
|
|||
{ArgVar|ArgNew, ArgVar, ArgULong, ArgNone, ArgNone,
|
||||
ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
|
||||
{"NewInitArg", F_NewInitializeArgs,
|
||||
"NewInitArg varName string\n\n"
|
||||
"NewInitArg varName flags string\n\n"
|
||||
"Creates a new init variable.\n"
|
||||
" varName variable name of the new initArg\n"
|
||||
" flags value to set the flags field\n"
|
||||
" string string parameter for init arg\n",
|
||||
{ArgVar|ArgNew, ArgULong, ArgVar|ArgNew, ArgNone, ArgNone,
|
||||
ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: blapi.h,v 1.25 2006-10-02 21:15:46 julien.pierre.bugs%sun.com Exp $ */
|
||||
/* $Id: blapi.h,v 1.26 2007-02-28 19:47:37 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#ifndef _BLAPI_H_
|
||||
#define _BLAPI_H_
|
||||
|
@ -646,6 +646,68 @@ AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
|
|||
unsigned int *outputLen, unsigned int maxOutputLen,
|
||||
const unsigned char *input, unsigned int inputLen);
|
||||
|
||||
/******************************************/
|
||||
/*
|
||||
** Camellia symmetric block cypher
|
||||
*/
|
||||
|
||||
/*
|
||||
** Create a new Camellia context suitable for Camellia encryption/decryption.
|
||||
** "key" raw key data
|
||||
** "keylen" the number of bytes of key data (16, 24, or 32)
|
||||
*/
|
||||
extern CamelliaContext *
|
||||
Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
|
||||
int mode, int encrypt, unsigned int keylen);
|
||||
|
||||
extern CamelliaContext *Camellia_AllocateContext(void);
|
||||
extern SECStatus Camellia_InitContext(CamelliaContext *cx,
|
||||
const unsigned char *key,
|
||||
unsigned int keylen,
|
||||
const unsigned char *iv,
|
||||
int mode,
|
||||
unsigned int encrypt,
|
||||
unsigned int unused);
|
||||
/*
|
||||
** Destroy a Camellia encryption/decryption context.
|
||||
** "cx" the context
|
||||
** "freeit" if PR_TRUE then free the object as well as its sub-objects
|
||||
*/
|
||||
extern void
|
||||
Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit);
|
||||
|
||||
/*
|
||||
** Perform Camellia encryption.
|
||||
** "cx" the context
|
||||
** "output" the output buffer to store the encrypted data.
|
||||
** "outputLen" how much data is stored in "output". Set by the routine
|
||||
** after some data is stored in output.
|
||||
** "maxOutputLen" the maximum amount of data that can ever be
|
||||
** stored in "output"
|
||||
** "input" the input data
|
||||
** "inputLen" the amount of input data
|
||||
*/
|
||||
extern SECStatus
|
||||
Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen, unsigned int maxOutputLen,
|
||||
const unsigned char *input, unsigned int inputLen);
|
||||
|
||||
/*
|
||||
** Perform Camellia decryption.
|
||||
** "cx" the context
|
||||
** "output" the output buffer to store the decrypted data.
|
||||
** "outputLen" how much data is stored in "output". Set by the routine
|
||||
** after some data is stored in output.
|
||||
** "maxOutputLen" the maximum amount of data that can ever be
|
||||
** stored in "output"
|
||||
** "input" the input data
|
||||
** "inputLen" the amount of input data
|
||||
*/
|
||||
extern SECStatus
|
||||
Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen, unsigned int maxOutputLen,
|
||||
const unsigned char *input, unsigned int inputLen);
|
||||
|
||||
|
||||
/******************************************/
|
||||
/*
|
||||
|
|
|
@ -38,7 +38,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: blapit.h,v 1.19 2006-05-22 22:10:40 wtchang%redhat.com Exp $ */
|
||||
/* $Id: blapit.h,v 1.20 2007-02-28 19:47:37 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#ifndef _BLAPIT_H_
|
||||
#define _BLAPIT_H_
|
||||
|
@ -69,6 +69,10 @@
|
|||
#define NSS_AES 0
|
||||
#define NSS_AES_CBC 1
|
||||
|
||||
/* Camellia operation modes */
|
||||
#define NSS_CAMELLIA 0
|
||||
#define NSS_CAMELLIA_CBC 1
|
||||
|
||||
#define DSA_SIGNATURE_LEN 40 /* Bytes */
|
||||
#define DSA_SUBPRIME_LEN 20 /* Bytes */
|
||||
|
||||
|
@ -107,6 +111,8 @@
|
|||
#define AES_KEY_WRAP_BLOCK_SIZE 8 /* bytes */
|
||||
#define AES_BLOCK_SIZE 16 /* bytes */
|
||||
|
||||
#define CAMELLIA_BLOCK_SIZE 16 /* bytes */
|
||||
|
||||
#define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
|
||||
|
||||
/*
|
||||
|
@ -170,6 +176,7 @@ struct RC2ContextStr ;
|
|||
struct RC4ContextStr ;
|
||||
struct RC5ContextStr ;
|
||||
struct AESContextStr ;
|
||||
struct CamelliaContextStr ;
|
||||
struct MD2ContextStr ;
|
||||
struct MD5ContextStr ;
|
||||
struct SHA1ContextStr ;
|
||||
|
@ -182,6 +189,7 @@ typedef struct RC2ContextStr RC2Context;
|
|||
typedef struct RC4ContextStr RC4Context;
|
||||
typedef struct RC5ContextStr RC5Context;
|
||||
typedef struct AESContextStr AESContext;
|
||||
typedef struct CamelliaContextStr CamelliaContext;
|
||||
typedef struct MD2ContextStr MD2Context;
|
||||
typedef struct MD5ContextStr MD5Context;
|
||||
typedef struct SHA1ContextStr SHA1Context;
|
||||
|
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -0,0 +1,79 @@
|
|||
/* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is the Camellia code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* NTT(Nippon Telegraph and Telephone Corporation).
|
||||
*
|
||||
* Portions created by the Initial Developer are Copyright (C) 2006
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/*
|
||||
* $Id: camellia.h,v 1.1 2007-02-28 19:47:37 rrelyea%redhat.com Exp $
|
||||
*/
|
||||
|
||||
#ifndef _CAMELLIA_H_
|
||||
#define _CAMELLIA_H_ 1
|
||||
|
||||
#define CAMELLIA_BLOCK_SIZE 16 /* bytes */
|
||||
#define CAMELLIA_MIN_KEYSIZE 16 /* bytes */
|
||||
#define CAMELLIA_MAX_KEYSIZE 32 /* bytes */
|
||||
|
||||
#define CAMELLIA_MAX_EXPANDEDKEY (34*2) /* 32bit unit */
|
||||
|
||||
typedef PRUint32 KEY_TABLE_TYPE[CAMELLIA_MAX_EXPANDEDKEY];
|
||||
|
||||
typedef SECStatus CamelliaFunc(CamelliaContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen,
|
||||
unsigned int maxOutputLen,
|
||||
const unsigned char *input,
|
||||
unsigned int inputLen);
|
||||
|
||||
typedef SECStatus CamelliaBlockFunc(const PRUint32 *subkey,
|
||||
unsigned char *output,
|
||||
const unsigned char *input);
|
||||
|
||||
/* CamelliaContextStr
|
||||
*
|
||||
* Values which maintain the state for Camellia encryption/decryption.
|
||||
*
|
||||
* keysize - the number of key bits
|
||||
* worker - the encryption/decryption function to use with this context
|
||||
* iv - initialization vector for CBC mode
|
||||
* expandedKey - the round keys in 4-byte words
|
||||
*/
|
||||
struct CamelliaContextStr
|
||||
{
|
||||
PRUint32 keysize; /* bytes */
|
||||
CamelliaFunc *worker;
|
||||
PRUint32 expandedKey[CAMELLIA_MAX_EXPANDEDKEY];
|
||||
PRUint8 iv[CAMELLIA_BLOCK_SIZE];
|
||||
};
|
||||
|
||||
#endif /* _CAMELLIA_H_ */
|
|
@ -37,7 +37,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: ldvector.c,v 1.14 2006-02-01 21:18:44 wtchang%redhat.com Exp $ */
|
||||
/* $Id: ldvector.c,v 1.15 2007-02-28 19:47:37 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#include "loader.h"
|
||||
#include "alghmac.h"
|
||||
|
@ -227,6 +227,13 @@ static const struct FREEBLVectorStr vector =
|
|||
FIPS186Change_ReduceModQForDSA,
|
||||
|
||||
/* End of Version 3.009. */
|
||||
Camellia_InitContext,
|
||||
Camellia_AllocateContext,
|
||||
Camellia_CreateContext,
|
||||
Camellia_DestroyContext,
|
||||
Camellia_Encrypt,
|
||||
Camellia_Decrypt,
|
||||
|
||||
};
|
||||
|
||||
const FREEBLVector *
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: loader.c,v 1.31 2006-10-02 21:15:46 julien.pierre.bugs%sun.com Exp $ */
|
||||
/* $Id: loader.c,v 1.32 2007-02-28 19:47:37 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#include "loader.h"
|
||||
#include "prmem.h"
|
||||
|
@ -1645,3 +1645,64 @@ FIPS186Change_ReduceModQForDSA(const unsigned char *w,
|
|||
return SECFailure;
|
||||
return (vector->p_FIPS186Change_ReduceModQForDSA)(w, q, xj);
|
||||
}
|
||||
|
||||
/* === new for Camellia === */
|
||||
SECStatus
|
||||
Camellia_InitContext(CamelliaContext *cx, const unsigned char *key,
|
||||
unsigned int keylen, const unsigned char *iv, int mode,
|
||||
unsigned int encrypt, unsigned int unused)
|
||||
{
|
||||
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
|
||||
return SECFailure;
|
||||
return (vector->p_Camellia_InitContext)(cx, key, keylen, iv, mode, encrypt,
|
||||
unused);
|
||||
}
|
||||
|
||||
CamelliaContext *
|
||||
Camellia_AllocateContext(void)
|
||||
{
|
||||
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
|
||||
return NULL;
|
||||
return (vector->p_Camellia_AllocateContext)();
|
||||
}
|
||||
|
||||
|
||||
CamelliaContext *
|
||||
Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
|
||||
int mode, int encrypt,
|
||||
unsigned int keylen)
|
||||
{
|
||||
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
|
||||
return NULL;
|
||||
return (vector->p_Camellia_CreateContext)(key, iv, mode, encrypt, keylen);
|
||||
}
|
||||
|
||||
void
|
||||
Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit)
|
||||
{
|
||||
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
|
||||
return ;
|
||||
(vector->p_Camellia_DestroyContext)(cx, freeit);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen, unsigned int maxOutputLen,
|
||||
const unsigned char *input, unsigned int inputLen)
|
||||
{
|
||||
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
|
||||
return SECFailure;
|
||||
return (vector->p_Camellia_Encrypt)(cx, output, outputLen, maxOutputLen,
|
||||
input, inputLen);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen, unsigned int maxOutputLen,
|
||||
const unsigned char *input, unsigned int inputLen)
|
||||
{
|
||||
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
|
||||
return SECFailure;
|
||||
return (vector->p_Camellia_Decrypt)(cx, output, outputLen, maxOutputLen,
|
||||
input, inputLen);
|
||||
}
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: loader.h,v 1.18 2006-02-01 21:18:44 wtchang%redhat.com Exp $ */
|
||||
/* $Id: loader.h,v 1.19 2007-02-28 19:47:37 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#ifndef _LOADER_H_
|
||||
#define _LOADER_H_ 1
|
||||
|
@ -458,6 +458,32 @@ struct FREEBLVectorStr {
|
|||
unsigned char *xj);
|
||||
|
||||
/* Version 3.009 came to here */
|
||||
SECStatus (* p_Camellia_InitContext)(CamelliaContext *cx,
|
||||
const unsigned char *key,
|
||||
unsigned int keylen,
|
||||
const unsigned char *iv,
|
||||
int mode,
|
||||
unsigned int encrypt,
|
||||
unsigned int unused);
|
||||
|
||||
CamelliaContext *(*p_Camellia_AllocateContext)(void);
|
||||
CamelliaContext * (* p_Camellia_CreateContext)(const unsigned char *key,
|
||||
const unsigned char *iv,
|
||||
int mode, int encrypt,
|
||||
unsigned int keylen);
|
||||
void (* p_Camellia_DestroyContext)(CamelliaContext *cx, PRBool freeit);
|
||||
|
||||
SECStatus (* p_Camellia_Encrypt)(CamelliaContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen,
|
||||
unsigned int maxOutputLen,
|
||||
const unsigned char *input,
|
||||
unsigned int inputLen);
|
||||
|
||||
SECStatus (* p_Camellia_Decrypt)(CamelliaContext *cx, unsigned char *output,
|
||||
unsigned int *outputLen,
|
||||
unsigned int maxOutputLen,
|
||||
const unsigned char *input,
|
||||
unsigned int inputLen);
|
||||
};
|
||||
|
||||
typedef struct FREEBLVectorStr FREEBLVector;
|
||||
|
|
|
@ -135,6 +135,7 @@ CSRCS = \
|
|||
des.c \
|
||||
rijndael.c \
|
||||
aeskeywrap.c \
|
||||
camellia.c \
|
||||
dh.c \
|
||||
ec.c \
|
||||
pqg.c \
|
||||
|
@ -157,6 +158,7 @@ ALL_HDRS = \
|
|||
ec.h \
|
||||
loader.h \
|
||||
rijndael.h \
|
||||
camellia.h \
|
||||
secmpi.h \
|
||||
sha.h \
|
||||
sha_fast.h \
|
||||
|
|
|
@ -79,6 +79,7 @@ CK_MECHANISM_TYPE wrapMechanismList[] = {
|
|||
CKM_DES3_ECB,
|
||||
CKM_CAST5_ECB,
|
||||
CKM_AES_ECB,
|
||||
CKM_CAMELLIA_ECB,
|
||||
CKM_CAST5_ECB,
|
||||
CKM_DES_ECB,
|
||||
CKM_KEY_WRAP_LYNKS,
|
||||
|
@ -175,6 +176,8 @@ CK_MECHANISM_TYPE
|
|||
PK11_GetKeyMechanism(CK_KEY_TYPE type)
|
||||
{
|
||||
switch (type) {
|
||||
case CKK_CAMELLIA:
|
||||
return CKM_CAMELLIA_CBC;
|
||||
case CKK_AES:
|
||||
return CKM_AES_CBC;
|
||||
case CKK_DES:
|
||||
|
@ -228,6 +231,13 @@ CK_MECHANISM_TYPE
|
|||
PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len)
|
||||
{
|
||||
switch (type) {
|
||||
case CKM_CAMELLIA_ECB:
|
||||
case CKM_CAMELLIA_CBC:
|
||||
case CKM_CAMELLIA_MAC:
|
||||
case CKM_CAMELLIA_MAC_GENERAL:
|
||||
case CKM_CAMELLIA_CBC_PAD:
|
||||
case CKM_CAMELLIA_KEY_GEN:
|
||||
return CKK_CAMELLIA;
|
||||
case CKM_AES_ECB:
|
||||
case CKM_AES_CBC:
|
||||
case CKM_AES_MAC:
|
||||
|
@ -413,6 +423,13 @@ CK_MECHANISM_TYPE
|
|||
PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size)
|
||||
{
|
||||
switch (type) {
|
||||
case CKM_CAMELLIA_ECB:
|
||||
case CKM_CAMELLIA_CBC:
|
||||
case CKM_CAMELLIA_MAC:
|
||||
case CKM_CAMELLIA_MAC_GENERAL:
|
||||
case CKM_CAMELLIA_CBC_PAD:
|
||||
case CKM_CAMELLIA_KEY_GEN:
|
||||
return CKM_CAMELLIA_KEY_GEN;
|
||||
case CKM_AES_ECB:
|
||||
case CKM_AES_CBC:
|
||||
case CKM_AES_MAC:
|
||||
|
@ -655,6 +672,9 @@ PK11_GetBlockSize(CK_MECHANISM_TYPE type,SECItem *params)
|
|||
case CKM_SKIPJACK_CFB16:
|
||||
case CKM_SKIPJACK_CFB8:
|
||||
return 4;
|
||||
case CKM_CAMELLIA_ECB:
|
||||
case CKM_CAMELLIA_CBC:
|
||||
case CKM_CAMELLIA_CBC_PAD:
|
||||
case CKM_AES_ECB:
|
||||
case CKM_AES_CBC:
|
||||
case CKM_AES_CBC_PAD:
|
||||
|
@ -692,6 +712,7 @@ int
|
|||
PK11_GetIVLength(CK_MECHANISM_TYPE type)
|
||||
{
|
||||
switch (type) {
|
||||
case CKM_CAMELLIA_ECB:
|
||||
case CKM_AES_ECB:
|
||||
case CKM_DES_ECB:
|
||||
case CKM_DES3_ECB:
|
||||
|
@ -732,6 +753,8 @@ PK11_GetIVLength(CK_MECHANISM_TYPE type)
|
|||
case CKM_CAST3_CBC_PAD:
|
||||
case CKM_CAST5_CBC_PAD:
|
||||
return 8;
|
||||
case CKM_CAMELLIA_CBC:
|
||||
case CKM_CAMELLIA_CBC_PAD:
|
||||
case CKM_AES_CBC:
|
||||
case CKM_AES_CBC_PAD:
|
||||
return 16;
|
||||
|
@ -786,6 +809,7 @@ PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv)
|
|||
param->len = 0;
|
||||
param->type = 0;
|
||||
switch (type) {
|
||||
case CKM_CAMELLIA_ECB:
|
||||
case CKM_AES_ECB:
|
||||
case CKM_DES_ECB:
|
||||
case CKM_DES3_ECB:
|
||||
|
@ -850,6 +874,7 @@ PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv)
|
|||
param->data = (unsigned char *) rc5_params;
|
||||
param->len = sizeof(CK_RC5_PARAMS);
|
||||
break;
|
||||
case CKM_CAMELLIA_CBC:
|
||||
case CKM_AES_CBC:
|
||||
case CKM_DES_CBC:
|
||||
case CKM_DES3_CBC:
|
||||
|
@ -858,6 +883,7 @@ PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv)
|
|||
case CKM_CAST_CBC:
|
||||
case CKM_CAST3_CBC:
|
||||
case CKM_CAST5_CBC:
|
||||
case CKM_CAMELLIA_CBC_PAD:
|
||||
case CKM_AES_CBC_PAD:
|
||||
case CKM_DES_CBC_PAD:
|
||||
case CKM_DES3_CBC_PAD:
|
||||
|
@ -915,6 +941,7 @@ PK11_IVFromParam(CK_MECHANISM_TYPE type,SECItem *param,int *len)
|
|||
|
||||
*len = 0;
|
||||
switch (type) {
|
||||
case CKM_CAMELLIA_ECB:
|
||||
case CKM_AES_ECB:
|
||||
case CKM_DES_ECB:
|
||||
case CKM_DES3_ECB:
|
||||
|
@ -940,6 +967,7 @@ PK11_IVFromParam(CK_MECHANISM_TYPE type,SECItem *param,int *len)
|
|||
rc5_cbc_params = (CK_RC5_CBC_PARAMS *) param->data;
|
||||
*len = rc5_cbc_params->ulIvLen;
|
||||
return rc5_cbc_params->pIv;
|
||||
case CKM_CAMELLIA_CBC:
|
||||
case CKM_AES_CBC:
|
||||
case CKM_DES_CBC:
|
||||
case CKM_DES3_CBC:
|
||||
|
@ -1195,6 +1223,7 @@ PK11_ParamFromAlgid(SECAlgorithmID *algid)
|
|||
}
|
||||
break;
|
||||
case CKM_RC4:
|
||||
case CKM_CAMELLIA_ECB:
|
||||
case CKM_AES_ECB:
|
||||
case CKM_DES_ECB:
|
||||
case CKM_DES3_ECB:
|
||||
|
@ -1210,6 +1239,7 @@ PK11_ParamFromAlgid(SECAlgorithmID *algid)
|
|||
break;
|
||||
}
|
||||
/* FALL THROUGH */
|
||||
case CKM_CAMELLIA_CBC:
|
||||
case CKM_AES_CBC:
|
||||
case CKM_DES_CBC:
|
||||
case CKM_DES3_CBC:
|
||||
|
@ -1218,6 +1248,7 @@ PK11_ParamFromAlgid(SECAlgorithmID *algid)
|
|||
case CKM_CAST_CBC:
|
||||
case CKM_CAST3_CBC:
|
||||
case CKM_CAST5_CBC:
|
||||
case CKM_CAMELLIA_CBC_PAD:
|
||||
case CKM_AES_CBC_PAD:
|
||||
case CKM_DES_CBC_PAD:
|
||||
case CKM_DES3_CBC_PAD:
|
||||
|
@ -1317,6 +1348,7 @@ PK11_GenerateNewParam(CK_MECHANISM_TYPE type, PK11SymKey *key) {
|
|||
mech->type = siBuffer;
|
||||
switch (type) {
|
||||
case CKM_RC4:
|
||||
case CKM_CAMELLIA_ECB:
|
||||
case CKM_AES_ECB:
|
||||
case CKM_DES_ECB:
|
||||
case CKM_DES3_ECB:
|
||||
|
@ -1378,6 +1410,7 @@ PK11_GenerateNewParam(CK_MECHANISM_TYPE type, PK11SymKey *key) {
|
|||
mech->len = 0;
|
||||
break;
|
||||
}
|
||||
case CKM_CAMELLIA_CBC:
|
||||
case CKM_AES_CBC:
|
||||
case CKM_DES_CBC:
|
||||
case CKM_DES3_CBC:
|
||||
|
@ -1450,6 +1483,7 @@ PK11_ParamToAlgid(SECOidTag algTag, SECItem *param,
|
|||
rv = SECSuccess;
|
||||
switch (type) {
|
||||
case CKM_RC4:
|
||||
case CKM_CAMELLIA_ECB:
|
||||
case CKM_AES_ECB:
|
||||
case CKM_DES_ECB:
|
||||
case CKM_DES3_ECB:
|
||||
|
@ -1531,6 +1565,7 @@ PK11_ParamToAlgid(SECOidTag algTag, SECItem *param,
|
|||
newParams = NULL;
|
||||
break;
|
||||
}
|
||||
case CKM_CAMELLIA_CBC:
|
||||
case CKM_AES_CBC:
|
||||
case CKM_DES_CBC:
|
||||
case CKM_DES3_CBC:
|
||||
|
@ -1605,6 +1640,8 @@ PK11_MechanismToAlgtag(CK_MECHANISM_TYPE type) {
|
|||
CK_MECHANISM_TYPE
|
||||
PK11_GetPadMechanism(CK_MECHANISM_TYPE type) {
|
||||
switch(type) {
|
||||
case CKM_CAMELLIA_CBC:
|
||||
return CKM_CAMELLIA_CBC_PAD;
|
||||
case CKM_AES_CBC:
|
||||
return CKM_AES_CBC_PAD;
|
||||
case CKM_DES_CBC:
|
||||
|
|
|
@ -69,6 +69,7 @@ PK11DefaultArrayEntry PK11_DefaultArray[] = {
|
|||
{ "RC4", SECMOD_RC4_FLAG, CKM_RC4 },
|
||||
{ "DES", SECMOD_DES_FLAG, CKM_DES_CBC },
|
||||
{ "AES", SECMOD_AES_FLAG, CKM_AES_CBC },
|
||||
{ "Camellia", SECMOD_CAMELLIA_FLAG, CKM_CAMELLIA_CBC },
|
||||
{ "RC5", SECMOD_RC5_FLAG, CKM_RC5_CBC },
|
||||
{ "SHA-1", SECMOD_SHA1_FLAG, CKM_SHA_1 },
|
||||
{ "SHA256", SECMOD_SHA256_FLAG, CKM_SHA256 },
|
||||
|
@ -98,7 +99,8 @@ PK11_GetDefaultArray(int *size)
|
|||
* These slotlists are lists of modules which provide default support for
|
||||
* a given algorithm or mechanism.
|
||||
*/
|
||||
static PK11SlotList pk11_aesSlotList,
|
||||
static PK11SlotList pk11_camelliaSlotList,
|
||||
pk11_aesSlotList,
|
||||
pk11_desSlotList,
|
||||
pk11_rc4SlotList,
|
||||
pk11_rc2SlotList,
|
||||
|
@ -752,6 +754,7 @@ pk11_InitSlotListStatic(PK11SlotList *list)
|
|||
SECStatus
|
||||
PK11_InitSlotLists(void)
|
||||
{
|
||||
pk11_InitSlotListStatic(&pk11_camelliaSlotList);
|
||||
pk11_InitSlotListStatic(&pk11_aesSlotList);
|
||||
pk11_InitSlotListStatic(&pk11_desSlotList);
|
||||
pk11_InitSlotListStatic(&pk11_rc4SlotList);
|
||||
|
@ -776,6 +779,7 @@ PK11_InitSlotLists(void)
|
|||
void
|
||||
PK11_DestroySlotLists(void)
|
||||
{
|
||||
pk11_FreeSlotListStatic(&pk11_camelliaSlotList);
|
||||
pk11_FreeSlotListStatic(&pk11_aesSlotList);
|
||||
pk11_FreeSlotListStatic(&pk11_desSlotList);
|
||||
pk11_FreeSlotListStatic(&pk11_rc4SlotList);
|
||||
|
@ -807,6 +811,9 @@ PK11_GetSlotList(CK_MECHANISM_TYPE type)
|
|||
return NULL;
|
||||
#endif
|
||||
switch (type) {
|
||||
case CKM_CAMELLIA_CBC:
|
||||
case CKM_CAMELLIA_ECB:
|
||||
return &pk11_camelliaSlotList;
|
||||
case CKM_AES_CBC:
|
||||
case CKM_AES_ECB:
|
||||
return &pk11_aesSlotList;
|
||||
|
|
|
@ -58,6 +58,7 @@
|
|||
#define PUBLIC_MECH_AES_FLAG 0x00002000ul
|
||||
#define PUBLIC_MECH_SHA256_FLAG 0x00004000ul
|
||||
#define PUBLIC_MECH_SHA512_FLAG 0x00008000ul
|
||||
#define PUBLIC_MECH_CAMELLIA_FLAG 0x00010000ul
|
||||
|
||||
#define PUBLIC_MECH_RANDOM_FLAG 0x08000000ul
|
||||
#define PUBLIC_MECH_FRIENDLY_FLAG 0x10000000ul
|
||||
|
|
|
@ -182,6 +182,7 @@ struct PK11DefaultArrayEntryStr {
|
|||
#define SECMOD_AES_FLAG 0x00002000L
|
||||
#define SECMOD_SHA256_FLAG 0x00004000L
|
||||
#define SECMOD_SHA512_FLAG 0x00008000L /* also for SHA384 */
|
||||
#define SECMOD_CAMELLIA_FLAG 0x00010000L /* = PUBLIC_MECH_CAMELLIA_FLAG */
|
||||
/* reserved bit for future, do not use */
|
||||
#define SECMOD_RESERVED_FLAG 0X08000000L
|
||||
#define SECMOD_FRIENDLY_FLAG 0x10000000L
|
||||
|
@ -339,7 +340,7 @@ typedef PRUint32 PK11AttrFlags;
|
|||
#define SECMOD_FIPS 2 /* internal fips module */
|
||||
|
||||
/* default module configuration strings */
|
||||
#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,SHA256,SHA512]"
|
||||
#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SHA256,SHA512]"
|
||||
|
||||
#define SECMOD_MAKE_NSS_FLAGS(fips,slot) \
|
||||
"Flags=internal,critical"fips" slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})"
|
||||
|
|
|
@ -85,6 +85,7 @@ static struct secmodargSlotFlagTable secmod_argSlotFlagTable[] = {
|
|||
SECMOD_ARG_ENTRY(SSL,SECMOD_SSL_FLAG),
|
||||
SECMOD_ARG_ENTRY(TLS,SECMOD_TLS_FLAG),
|
||||
SECMOD_ARG_ENTRY(AES,SECMOD_AES_FLAG),
|
||||
SECMOD_ARG_ENTRY(Camellia,SECMOD_CAMELLIA_FLAG),
|
||||
SECMOD_ARG_ENTRY(PublicCerts,SECMOD_FRIENDLY_FLAG),
|
||||
SECMOD_ARG_ENTRY(RANDOM,SECMOD_RANDOM_FLAG),
|
||||
};
|
||||
|
|
|
@ -257,11 +257,11 @@ static const struct mechanismList mechanisms[] = {
|
|||
* The second argument is Mechanism info structure. It includes:
|
||||
* The minimum key size,
|
||||
* in bits for RSA, DSA, DH, EC*, KEA, RC2 and RC4 * algs.
|
||||
* in bytes for RC5, AES, and CAST*
|
||||
* in bytes for RC5, AES, Camellia, and CAST*
|
||||
* ignored for DES*, IDEA and FORTEZZA based
|
||||
* The maximum key size,
|
||||
* in bits for RSA, DSA, DH, EC*, KEA, RC2 and RC4 * algs.
|
||||
* in bytes for RC5, AES, and CAST*
|
||||
* in bytes for RC5, AES, Camellia, and CAST*
|
||||
* ignored for DES*, IDEA and FORTEZZA based
|
||||
* Flags
|
||||
* What operations are supported by this mechanism.
|
||||
|
@ -352,6 +352,13 @@ static const struct mechanismList mechanisms[] = {
|
|||
{CKM_AES_MAC, {16, 32, CKF_SN_VR}, PR_TRUE},
|
||||
{CKM_AES_MAC_GENERAL, {16, 32, CKF_SN_VR}, PR_TRUE},
|
||||
{CKM_AES_CBC_PAD, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE},
|
||||
/* ------------------------- Camellia Operations --------------------- */
|
||||
{CKM_CAMELLIA_KEY_GEN, {16, 32, CKF_GENERATE}, PR_TRUE},
|
||||
{CKM_CAMELLIA_ECB, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE},
|
||||
{CKM_CAMELLIA_CBC, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE},
|
||||
{CKM_CAMELLIA_MAC, {16, 32, CKF_SN_VR}, PR_TRUE},
|
||||
{CKM_CAMELLIA_MAC_GENERAL, {16, 32, CKF_SN_VR}, PR_TRUE},
|
||||
{CKM_CAMELLIA_CBC_PAD, {16, 32, CKF_EN_DE_WR_UN}, PR_TRUE},
|
||||
/* ------------------------- Hashing Operations ----------------------- */
|
||||
{CKM_MD2, {0, 0, CKF_DIGEST}, PR_FALSE},
|
||||
{CKM_MD2_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE},
|
||||
|
|
|
@ -630,6 +630,37 @@ finish_des:
|
|||
context->destroy = (SFTKDestroy) DES_DestroyContext;
|
||||
break;
|
||||
|
||||
case CKM_CAMELLIA_CBC_PAD:
|
||||
context->doPad = PR_TRUE;
|
||||
/* fall thru */
|
||||
case CKM_CAMELLIA_ECB:
|
||||
case CKM_CAMELLIA_CBC:
|
||||
context->blockSize = 16;
|
||||
if (key_type != CKK_CAMELLIA) {
|
||||
crv = CKR_KEY_TYPE_INCONSISTENT;
|
||||
break;
|
||||
}
|
||||
att = sftk_FindAttribute(key,CKA_VALUE);
|
||||
if (att == NULL) {
|
||||
crv = CKR_KEY_HANDLE_INVALID;
|
||||
break;
|
||||
}
|
||||
context->cipherInfo = Camellia_CreateContext(
|
||||
(unsigned char*)att->attrib.pValue,
|
||||
(unsigned char*)pMechanism->pParameter,
|
||||
pMechanism->mechanism ==
|
||||
CKM_CAMELLIA_ECB ? NSS_CAMELLIA : NSS_CAMELLIA_CBC,
|
||||
isEncrypt, att->attrib.ulValueLen);
|
||||
sftk_FreeAttribute(att);
|
||||
if (context->cipherInfo == NULL) {
|
||||
crv = CKR_HOST_MEMORY;
|
||||
break;
|
||||
}
|
||||
context->update = (SFTKCipher) (isEncrypt ?
|
||||
Camellia_Encrypt : Camellia_Decrypt);
|
||||
context->destroy = (SFTKDestroy) Camellia_DestroyContext;
|
||||
break;
|
||||
|
||||
case CKM_AES_CBC_PAD:
|
||||
context->doPad = PR_TRUE;
|
||||
/* fall thru */
|
||||
|
@ -1562,6 +1593,16 @@ sftk_InitCBCMac(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
|
|||
cbc_mechanism.pParameter = &ivBlock;
|
||||
cbc_mechanism.ulParameterLen = blockSize;
|
||||
break;
|
||||
case CKM_CAMELLIA_MAC_GENERAL:
|
||||
mac_bytes = *(CK_ULONG *)pMechanism->pParameter;
|
||||
/* fall through */
|
||||
case CKM_CAMELLIA_MAC:
|
||||
blockSize = 16;
|
||||
PORT_Memset(ivBlock,0,blockSize);
|
||||
cbc_mechanism.mechanism = CKM_CAMELLIA_CBC;
|
||||
cbc_mechanism.pParameter = &ivBlock;
|
||||
cbc_mechanism.ulParameterLen = blockSize;
|
||||
break;
|
||||
case CKM_AES_MAC_GENERAL:
|
||||
mac_bytes = *(CK_ULONG *)pMechanism->pParameter;
|
||||
/* fall through */
|
||||
|
@ -2708,6 +2749,10 @@ nsc_SetupBulkKeyGen(CK_MECHANISM_TYPE mechanism, CK_KEY_TYPE *key_type,
|
|||
*key_type = CKK_DES3;
|
||||
*key_length = 24;
|
||||
break;
|
||||
case CKM_CAMELLIA_KEY_GEN:
|
||||
*key_type = CKK_CAMELLIA;
|
||||
if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE;
|
||||
break;
|
||||
case CKM_AES_KEY_GEN:
|
||||
*key_type = CKK_AES;
|
||||
if (*key_length == 0) crv = CKR_TEMPLATE_INCOMPLETE;
|
||||
|
@ -2904,6 +2949,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession,
|
|||
case CKM_RC2_KEY_GEN:
|
||||
case CKM_RC4_KEY_GEN:
|
||||
case CKM_GENERIC_SECRET_KEY_GEN:
|
||||
case CKM_CAMELLIA_KEY_GEN:
|
||||
case CKM_AES_KEY_GEN:
|
||||
#if NSS_SOFTOKEN_DOES_RC5
|
||||
case CKM_RC5_KEY_GEN:
|
||||
|
|
|
@ -426,6 +426,9 @@ typedef CK_ULONG CK_KEY_TYPE;
|
|||
#define CKK_BLOWFISH 0x00000020
|
||||
#define CKK_TWOFISH 0x00000021
|
||||
|
||||
/* Camellia is proposed for v2.20 Amendment 3 */
|
||||
#define CKK_CAMELLIA 0x00000025
|
||||
|
||||
#define CKK_VENDOR_DEFINED 0x80000000
|
||||
|
||||
|
||||
|
@ -908,6 +911,15 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
|
|||
#define CKM_TWOFISH_KEY_GEN 0x00001092
|
||||
#define CKM_TWOFISH_CBC 0x00001093
|
||||
|
||||
/* Camellia is proposed for v2.20 Amendment 3 */
|
||||
#define CKM_CAMELLIA_KEY_GEN 0x00000550
|
||||
#define CKM_CAMELLIA_ECB 0x00000551
|
||||
#define CKM_CAMELLIA_CBC 0x00000552
|
||||
#define CKM_CAMELLIA_MAC 0x00000553
|
||||
#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
|
||||
#define CKM_CAMELLIA_CBC_PAD 0x00000555
|
||||
#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
|
||||
#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
|
||||
|
||||
/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
|
||||
#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: ssl3con.c,v 1.99 2006-12-08 22:37:29 wtchang%redhat.com Exp $ */
|
||||
/* $Id: ssl3con.c,v 1.100 2007-02-28 19:47:38 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#include "nssrenam.h"
|
||||
#include "cert.h"
|
||||
|
@ -107,12 +107,15 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
|||
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
{ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
{ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
{ TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
|
@ -121,6 +124,8 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
|||
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
{ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
|
@ -130,6 +135,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
|||
{ TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
{ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
{ SSL_RSA_WITH_RC4_128_MD5, SSL_NOT_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ SSL_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
{ TLS_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
||||
|
@ -218,6 +224,8 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = {
|
|||
{cipher_idea, calg_idea, 16, 16, type_block, 8, 8, kg_strong},
|
||||
{cipher_aes_128, calg_aes, 16, 16, type_block, 16,16, kg_strong},
|
||||
{cipher_aes_256, calg_aes, 32, 32, type_block, 16,16, kg_strong},
|
||||
{cipher_camellia_128, calg_camellia,16, 16, type_block, 16,16, kg_strong},
|
||||
{cipher_camellia_256, calg_camellia,32, 32, type_block, 16,16, kg_strong},
|
||||
{cipher_missing, calg_null, 0, 0, type_stream, 0, 0, kg_null},
|
||||
};
|
||||
|
||||
|
@ -315,6 +323,17 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
|
|||
{TLS_DH_ANON_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_dh_anon},
|
||||
#endif
|
||||
|
||||
{TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa},
|
||||
{TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
|
||||
cipher_camellia_128, mac_sha, kea_dhe_dss},
|
||||
{TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
cipher_camellia_128, mac_sha, kea_dhe_rsa},
|
||||
{TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa},
|
||||
{TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
||||
cipher_camellia_256, mac_sha, kea_dhe_dss},
|
||||
{TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
cipher_camellia_256, mac_sha, kea_dhe_rsa},
|
||||
|
||||
{TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
||||
cipher_des, mac_sha,kea_rsa_export_1024},
|
||||
{TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
||||
|
@ -382,6 +401,7 @@ static const SSLCipher2Mech alg2Mech[] = {
|
|||
{ calg_idea , CKM_IDEA_CBC },
|
||||
{ calg_fortezza , CKM_SKIPJACK_CBC64 },
|
||||
{ calg_aes , CKM_AES_CBC },
|
||||
{ calg_camellia , CKM_CAMELLIA_CBC },
|
||||
/* { calg_init , (CK_MECHANISM_TYPE)0x7fffffffL } */
|
||||
};
|
||||
|
||||
|
@ -414,6 +434,8 @@ const char * const ssl3_cipherName[] = {
|
|||
"IDEA-CBC",
|
||||
"AES-128",
|
||||
"AES-256",
|
||||
"Camellia-128",
|
||||
"Camellia-256",
|
||||
"missing"
|
||||
};
|
||||
|
||||
|
@ -1283,6 +1305,16 @@ const ssl3BulkCipherDef *cipher_def;
|
|||
pwSpec->destroy = (SSLDestroy) AES_DestroyContext;
|
||||
break;
|
||||
|
||||
case ssl_calg_camellia:
|
||||
initFn = (BLapiInitContextFunc)Camellia_InitContext;
|
||||
mode = NSS_CAMELLIA_CBC;
|
||||
optArg1 = server_encrypts;
|
||||
optArg2 = CAMELLIA_BLOCK_SIZE;
|
||||
pwSpec->encode = (SSLCipher) Camellia_Encrypt;
|
||||
pwSpec->decode = (SSLCipher) Camellia_Decrypt;
|
||||
pwSpec->destroy = (SSLDestroy) Camellia_DestroyContext;
|
||||
break;
|
||||
|
||||
case ssl_calg_idea:
|
||||
case ssl_calg_fortezza :
|
||||
default:
|
||||
|
@ -1301,7 +1333,8 @@ const ssl3BulkCipherDef *cipher_def;
|
|||
goto bail_out;
|
||||
}
|
||||
|
||||
if (calg == ssl_calg_des || calg == ssl_calg_3des || calg == ssl_calg_aes) {
|
||||
if (calg == ssl_calg_des || calg == ssl_calg_3des || calg == ssl_calg_aes
|
||||
|| calg == ssl_calg_camellia) {
|
||||
/* For block ciphers, if the server is encrypting, then the client
|
||||
* is decrypting, and vice versa.
|
||||
*/
|
||||
|
@ -3686,6 +3719,7 @@ static const CK_MECHANISM_TYPE wrapMechanismList[SSL_NUM_WRAP_MECHS] = {
|
|||
CKM_SKIPJACK_WRAP,
|
||||
CKM_SKIPJACK_CBC64,
|
||||
CKM_AES_ECB,
|
||||
CKM_CAMELLIA_ECB,
|
||||
UNKNOWN_WRAP_MECHANISM
|
||||
};
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: sslenum.c,v 1.13 2005-12-14 01:49:39 wtchang%redhat.com Exp $ */
|
||||
/* $Id: sslenum.c,v 1.14 2007-02-28 19:47:38 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#include "ssl.h"
|
||||
#include "sslproto.h"
|
||||
|
@ -51,12 +51,15 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
|||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
|
||||
/* 128-bit */
|
||||
|
@ -66,6 +69,8 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
|||
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_RC4_128_SHA,
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
|
||||
|
@ -75,6 +80,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
|||
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
SSL_RSA_WITH_RC4_128_MD5,
|
||||
SSL_RSA_WITH_RC4_128_SHA,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: sslimpl.h,v 1.54 2007-01-31 04:20:26 nelson%bolyard.com Exp $ */
|
||||
/* $Id: sslimpl.h,v 1.55 2007-02-28 19:47:38 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#ifndef __sslimpl_h_
|
||||
#define __sslimpl_h_
|
||||
|
@ -86,6 +86,7 @@ typedef SSLSignType SSL3SignType;
|
|||
#define calg_idea ssl_calg_idea
|
||||
#define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */
|
||||
#define calg_aes ssl_calg_aes
|
||||
#define calg_camellia ssl_calg_camellia
|
||||
|
||||
#define mac_null ssl_mac_null
|
||||
#define mac_md5 ssl_mac_md5
|
||||
|
@ -170,7 +171,7 @@ typedef enum { SSLAppOpRead = 0,
|
|||
#define SSL3_MASTER_SECRET_LENGTH 48
|
||||
|
||||
/* number of wrap mechanisms potentially used to wrap master secrets. */
|
||||
#define SSL_NUM_WRAP_MECHS 14
|
||||
#define SSL_NUM_WRAP_MECHS 15
|
||||
|
||||
/* This makes the cert cache entry exactly 4k. */
|
||||
#define SSL_MAX_CACHED_CERT_LEN 4060
|
||||
|
@ -311,9 +312,9 @@ typedef struct {
|
|||
} ssl3CipherSuiteCfg;
|
||||
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 43
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 49
|
||||
#else
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 23
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 29
|
||||
#endif /* NSS_ENABLE_ECC */
|
||||
|
||||
typedef struct sslOptionsStr {
|
||||
|
@ -469,6 +470,8 @@ typedef enum {
|
|||
cipher_idea,
|
||||
cipher_aes_128,
|
||||
cipher_aes_256,
|
||||
cipher_camellia_128,
|
||||
cipher_camellia_256,
|
||||
cipher_missing /* reserved for no such supported cipher */
|
||||
/* This enum must match ssl3_cipherName[] in ssl3con.c. */
|
||||
} SSL3BulkCipher;
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: sslinfo.c,v 1.15 2005-12-14 01:49:39 wtchang%redhat.com Exp $ */
|
||||
/* $Id: sslinfo.c,v 1.16 2007-02-28 19:47:38 rrelyea%redhat.com Exp $ */
|
||||
#include "ssl.h"
|
||||
#include "sslimpl.h"
|
||||
#include "sslproto.h"
|
||||
|
@ -109,6 +109,7 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
|
|||
#define K_ECDH "ECDH", kt_ecdh
|
||||
#define K_ECDHE "ECDHE", kt_ecdh
|
||||
|
||||
#define C_CAMELLIA "CAMELLIA", calg_camellia
|
||||
#define C_AES "AES", calg_aes
|
||||
#define C_RC4 "RC4", calg_rc4
|
||||
#define C_RC2 "RC2", calg_rc2
|
||||
|
@ -131,13 +132,19 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
|
|||
|
||||
static const SSLCipherSuiteInfo suiteInfo[] = {
|
||||
/* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher> <MAC> <FIPS> */
|
||||
{0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, },
|
||||
|
||||
{0,CS(TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(SSL_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
|
||||
{0,CS(SSL_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, },
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: sslproto.h,v 1.11 2006-05-16 01:14:43 wtchang%redhat.com Exp $ */
|
||||
/* $Id: sslproto.h,v 1.12 2007-02-28 19:47:38 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#ifndef __sslproto_h_
|
||||
#define __sslproto_h_
|
||||
|
@ -158,6 +158,13 @@
|
|||
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
|
||||
#define TLS_DH_ANON_WITH_AES_256_CBC_SHA 0x003A
|
||||
|
||||
#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041
|
||||
#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042
|
||||
#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043
|
||||
#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0044
|
||||
#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0045
|
||||
#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA 0x0046
|
||||
|
||||
#define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062
|
||||
#define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064
|
||||
|
||||
|
@ -165,6 +172,13 @@
|
|||
#define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065
|
||||
#define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066
|
||||
|
||||
#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084
|
||||
#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0085
|
||||
#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0086
|
||||
#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x0087
|
||||
#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0088
|
||||
#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA 0x0089
|
||||
|
||||
#define TLS_ECDH_ECDSA_WITH_NULL_SHA 0xC001
|
||||
#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA 0xC002
|
||||
#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 0xC003
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: sslsock.c,v 1.51 2007-01-31 04:20:26 nelson%bolyard.com Exp $ */
|
||||
/* $Id: sslsock.c,v 1.52 2007-02-28 19:47:38 rrelyea%redhat.com Exp $ */
|
||||
#include "seccomon.h"
|
||||
#include "cert.h"
|
||||
#include "keyhi.h"
|
||||
|
@ -95,6 +95,12 @@ static cipherPolicy ssl_ciphers[] = { /* Export France */
|
|||
{ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED },
|
||||
{ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, SSL_ALLOWED, SSL_NOT_ALLOWED },
|
||||
#ifdef NSS_ENABLE_ECC
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
/* $Id: sslt.h,v 1.9 2005-08-16 03:42:26 nelsonb%netscape.com Exp $ */
|
||||
/* $Id: sslt.h,v 1.10 2007-02-28 19:47:38 rrelyea%redhat.com Exp $ */
|
||||
|
||||
#ifndef __sslt_h_
|
||||
#define __sslt_h_
|
||||
|
@ -106,7 +106,8 @@ typedef enum {
|
|||
ssl_calg_3des = 4,
|
||||
ssl_calg_idea = 5,
|
||||
ssl_calg_fortezza = 6, /* deprecated, now unused */
|
||||
ssl_calg_aes = 7 /* coming soon */
|
||||
ssl_calg_aes = 7, /* coming soon */
|
||||
ssl_calg_camellia = 8
|
||||
} SSLCipherAlgorithm;
|
||||
|
||||
typedef enum {
|
||||
|
|
|
@ -169,6 +169,13 @@
|
|||
#define ANSI_X962_SIGNATURE_OID ANSI_X962_OID, 0x04
|
||||
#define ANSI_X962_SPECIFY_OID ANSI_X962_SIGNATURE_OID, 0x03
|
||||
|
||||
/* for Camellia: iso(1) member-body(2) jisc(392)
|
||||
* mitsubishi(200011) isl(61) security(1) algorithm(1)
|
||||
*/
|
||||
#define MITSUBISHI_ALG 0x2a,0x83,0x08,0x8c,0x9a,0x4b,0x3d,0x01,0x01
|
||||
#define CAMELLIA_ENCRYPT_OID MITSUBISHI_ALG,1
|
||||
#define CAMELLIA_WRAP_OID MITSUBISHI_ALG,3
|
||||
|
||||
#define CONST_OID static const unsigned char
|
||||
|
||||
CONST_OID md2[] = { DIGEST, 0x02 };
|
||||
|
@ -451,6 +458,13 @@ CONST_OID aes256_CFB[] = { AES, 44 };
|
|||
#endif
|
||||
CONST_OID aes256_KEY_WRAP[] = { AES, 45 };
|
||||
|
||||
CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2};
|
||||
CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3};
|
||||
CONST_OID camellia256_CBC[] = { CAMELLIA_ENCRYPT_OID, 4};
|
||||
CONST_OID camellia128_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 2};
|
||||
CONST_OID camellia192_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 3};
|
||||
CONST_OID camellia256_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 4};
|
||||
|
||||
CONST_OID sha256[] = { SHAXXX, 1 };
|
||||
CONST_OID sha384[] = { SHAXXX, 2 };
|
||||
CONST_OID sha512[] = { SHAXXX, 3 };
|
||||
|
@ -1469,6 +1483,14 @@ const static SECOidData oids[] = {
|
|||
SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE,
|
||||
"X9.62 ECDSA signature with SHA512", CKM_INVALID_MECHANISM,
|
||||
INVALID_CERT_EXTENSION ),
|
||||
|
||||
/* Camellia algorithm OIDs */
|
||||
OD( camellia128_CBC, SEC_OID_CAMELLIA_128_CBC,
|
||||
"CAMELLIA-128-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ),
|
||||
OD( camellia192_CBC, SEC_OID_CAMELLIA_192_CBC,
|
||||
"CAMELLIA-192-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ),
|
||||
OD( camellia256_CBC, SEC_OID_CAMELLIA_256_CBC,
|
||||
"CAMELLIA-256-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ),
|
||||
};
|
||||
|
||||
/*
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
/*
|
||||
* secoidt.h - public data structures for ASN.1 OID functions
|
||||
*
|
||||
* $Id: secoidt.h,v 1.20 2006-02-08 06:14:31 rrelyea%redhat.com Exp $
|
||||
* $Id: secoidt.h,v 1.21 2007-02-28 19:47:36 rrelyea%redhat.com Exp $
|
||||
*/
|
||||
|
||||
#include "secitem.h"
|
||||
|
@ -413,6 +413,12 @@ typedef enum {
|
|||
SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE = 278,
|
||||
SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE = 279,
|
||||
SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE = 280,
|
||||
|
||||
/* Camellia OIDs (RFC3657)*/
|
||||
SEC_OID_CAMELLIA_128_CBC = 281,
|
||||
SEC_OID_CAMELLIA_192_CBC = 282,
|
||||
SEC_OID_CAMELLIA_256_CBC = 283,
|
||||
|
||||
SEC_OID_TOTAL
|
||||
} SECOidTag;
|
||||
|
||||
|
|
|
@ -17,6 +17,10 @@
|
|||
0 aes_ecb_-D AES_ECB_Decrypt
|
||||
0 aes_cbc_-E AES_CBC_Encrypt
|
||||
0 aes_cbc_-D AES_CBC_Decrypt
|
||||
0 camellia_ecb_-E Camellia_ECB_Encrypt
|
||||
0 camellia_ecb_-D Camellia_ECB_Decrypt
|
||||
0 camellia_cbc_-E Camellia_CBC_Encrypt
|
||||
0 camellia_cbc_-D Camellia_CBC_Decrypt
|
||||
0 rc2_ecb_-E RC2_ECB_Encrypt
|
||||
0 rc2_ecb_-D RC2_ECB_Decrypt
|
||||
0 rc2_cbc_-E RC2_CBC_Encrypt
|
||||
|
|
|
@ -37,7 +37,7 @@ do
|
|||
if [ $mode != "#" ]; then
|
||||
echo "bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps"
|
||||
bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps >> ${SKPERFOUT}
|
||||
mv "tmp.in" "$mode.in"
|
||||
mv "tmp.in.0" "$mode.in"
|
||||
mv tmp.key $mode.key
|
||||
if [ -f tmp.iv ]; then
|
||||
mv tmp.iv $mode.iv
|
||||
|
@ -66,7 +66,7 @@ do
|
|||
if [ $mode != "#" ]; then
|
||||
echo "bltest -N -m $mode -b $bufsize -e $exp -g $keysize -u $cxreps"
|
||||
bltest -N -m $mode -b $bufsize -e $exp -g $keysize -u $cxreps >> ${RSAPERFOUT}
|
||||
mv "tmp.in" "$mode.in"
|
||||
mv "tmp.in.0" "$mode.in"
|
||||
mv tmp.key $mode.key
|
||||
echo "bltest -E -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out"
|
||||
bltest -E -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out >> ${RSAPERFOUT}
|
||||
|
@ -95,7 +95,7 @@ do
|
|||
if [ $mode != "#" ]; then
|
||||
echo "bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps"
|
||||
bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps >> ${DSAPERFOUT}
|
||||
mv "tmp.in" "$mode.in"
|
||||
mv "tmp.in.0" "$mode.in"
|
||||
mv tmp.key $mode.key
|
||||
echo "bltest -S -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out"
|
||||
bltest -S -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out >> ${DSAPERFOUT}
|
||||
|
@ -123,7 +123,7 @@ do
|
|||
if [ $mode != "#" ]; then
|
||||
echo "bltest -N -m $mode -b $bufsize"
|
||||
bltest -N -m $mode -b $bufsize
|
||||
mv "tmp.in" "$mode.in"
|
||||
mv "tmp.in.0" "$mode.in"
|
||||
echo "bltest -H -m $mode -i ${CIPHERDIR}/$mode.in -p $reps -o ${CIPHERDIR}/$mode.out"
|
||||
bltest -H -m $mode -i ${CIPHERDIR}/$mode.in -p $reps -o ${CIPHERDIR}/$mode.out >> ${HASHPERFOUT}
|
||||
fi
|
||||
|
|
|
@ -21,3 +21,7 @@
|
|||
aes_cbc 16 8192 10000 100000
|
||||
aes_ecb 32 8192 10000 100000
|
||||
aes_cbc 32 8192 10000 100000
|
||||
camellia_ecb 16 8192 10000 100000
|
||||
camellia_cbc 16 8192 10000 100000
|
||||
camellia_ecb 32 8192 10000 100000
|
||||
camellia_cbc 32 8192 10000 100000
|
||||
|
|
|
@ -771,8 +771,9 @@ ssl_run()
|
|||
|
||||
#this script may be sourced from the distributed stress test - in this case do nothing...
|
||||
|
||||
CSHORT="-c ABCDEFcdefgijklmnvyz"
|
||||
CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014cdefgijklmnvyz"
|
||||
CSHORT="-c ABCDEF:0041:0084cdefgijklmnvyz"
|
||||
CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014:0041:0084cdefgijklmnvyz"
|
||||
|
||||
|
||||
if [ -z "$DO_REM_ST" -a -z "$DO_DIST_ST" ] ; then
|
||||
|
||||
|
|
|
@ -31,6 +31,8 @@
|
|||
noECC noTLS v SSL3_RSA_WITH_AES_128_CBC_SHA
|
||||
noECC noTLS y SSL3_RSA_WITH_AES_256_CBC_SHA
|
||||
noECC noTLS z SSL3_RSA_WITH_NULL_SHA
|
||||
noECC noTLS :0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
noECC noTLS :0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||
#
|
||||
noECC TLS c TLS_RSA_WITH_RC4_128_MD5
|
||||
noECC TLS d TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
|
@ -46,6 +48,8 @@
|
|||
noECC TLS v TLS_RSA_WITH_AES_128_CBC_SHA
|
||||
noECC TLS y TLS_RSA_WITH_AES_256_CBC_SHA
|
||||
noECC TLS z TLS_RSA_WITH_NULL_SHA
|
||||
noECC TLS :0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
noECC TLS :0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|
||||
#
|
||||
# ECC ciphers (SSL3)
|
||||
#
|
||||
|
|
Загрузка…
Ссылка в новой задаче