From: Ken Raeburn Date: Mon, 3 Feb 2003 21:53:59 +0000 (+0000) Subject: * aes.c: New file. X-Git-Tag: krb5-1.3-alpha1~134 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=62d7865b4f23cb21c04caef5574e5a52f2b185ec;p=krb5.git * aes.c: New file. * Makefile.in (STLIBOBJS, OBJS, SRCS): Include it. (LOCALINCLUDE): Add aes source dir. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15143 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/crypto/enc_provider/ChangeLog b/src/lib/crypto/enc_provider/ChangeLog index ee0152115..f46ced59f 100644 --- a/src/lib/crypto/enc_provider/ChangeLog +++ b/src/lib/crypto/enc_provider/ChangeLog @@ -1,3 +1,9 @@ +2003-02-03 Ken Raeburn + + * aes.c: New file. + * Makefile.in (STLIBOBJS, OBJS, SRCS): Include it. + (LOCALINCLUDE): Add aes source dir. + 2003-01-10 Ken Raeburn * Makefile.in: Add AC_SUBST_FILE marker for libobj_frag. diff --git a/src/lib/crypto/enc_provider/Makefile.in b/src/lib/crypto/enc_provider/Makefile.in index bb444110e..dbc4f64cc 100644 --- a/src/lib/crypto/enc_provider/Makefile.in +++ b/src/lib/crypto/enc_provider/Makefile.in @@ -2,7 +2,7 @@ thisconfigdir=./.. myfulldir=lib/crypto/enc_provider mydir=enc_provider BUILDTOP=$(REL)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir)/../des -I$(srcdir)/../arcfour +LOCALINCLUDES = -I$(srcdir)/../des -I$(srcdir)/../arcfour -I$(srcdir)/../aes ##DOS##BUILDTOP = ..\..\.. ##DOS##PREFIXDIR=enc_provider @@ -14,16 +14,18 @@ PROG_RPATH=$(KRB5_LIBDIR) RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf -STLIBOBJS= des.o des3.o arcfour.o +STLIBOBJS= des.o des3.o arcfour.o aes.o OBJS= \ $(OUTPRE)des.$(OBJEXT) \ $(OUTPRE)des3.$(OBJEXT) \ + $(OUTPRE)aes.$(OBJEXT) \ $(OUTPRE)arcfour.$(OBJEXT) SRCS= \ $(srcdir)/des.c \ $(srcdir)/des3.c \ + $(srcdir)/aes.c \ $(srcdir)/arcfour.c ##DOS##LIBOBJS = $(OBJS) @@ -55,6 +57,12 @@ des3.so des3.po $(OUTPRE)des3.$(OBJEXT): des3.c $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ $(BUILDTOP)/include/profile.h $(srcdir)/../des/des_int.h \ $(SRCTOP)/include/kerberosIV/des.h +aes.so aes.po $(OUTPRE)aes.$(OBJEXT): aes.c $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ + $(BUILDTOP)/include/profile.h enc_provider.h $(srcdir)/../aes/aes.h \ + $(srcdir)/../aes/uitypes.h arcfour.so arcfour.po $(OUTPRE)arcfour.$(OBJEXT): arcfour.c $(SRCTOP)/include/k5-int.h \ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ diff --git a/src/lib/crypto/enc_provider/aes.c b/src/lib/crypto/enc_provider/aes.c new file mode 100644 index 000000000..4a400cd0a --- /dev/null +++ b/src/lib/crypto/enc_provider/aes.c @@ -0,0 +1,190 @@ +#include "k5-int.h" +#include "enc_provider.h" +#include "aes.h" + +static void +aes_block_size(size_t *blocksize) +{ + *blocksize = 16; +} + +static void +aes128_keysize(size_t *keybytes, size_t *keylength) +{ + *keybytes = *keylength = 16; +} + +static void +aes256_keysize(size_t *keybytes, size_t *keylength) +{ + *keybytes = *keylength = 32; +} + +#if 0 +aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1]); +aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]); +aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]); +aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]); +aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]); +#endif + +#define CHECK_SIZES 0 + +static void printd (const char *descr, krb5_data *d) { + int i, j; + const int r = 16; + + printf("%s:", descr); + + for (i = 0; i < d->length; i += r) { + printf("\n %04x: ", i); + for (j = i; j < i + r && j < d->length; j++) + printf(" %02x", 0xff & d->data[j]); +#ifdef SHOW_TEXT + for (; j < i + r; j++) + printf(" "); + printf(" "); + for (j = i; j < i + r && j < d->length; j++) { + int c = 0xff & d->data[j]; + printf("%c", isprint(c) ? c : '.'); + } +#endif + } + printf("\n"); +} +static void enc(char *out, const char *in, aes_ctx *ctx) +{ + if (aes_enc_blk(in, out, ctx) != aes_good) + abort(); +#if 0 + { + krb5_data e_in, e_out; + e_in.data = in; + e_out.data = out; + e_in.length = e_out.length = BLOCK_SIZE; + printf("encrypting [[\n"); + printd("input block", &e_in); + printd("output block", &e_out); + printf("]]\n"); + } +#endif +} + +static void xorblock(char *out, const char *in) +{ + int z; + for (z = 0; z < BLOCK_SIZE; z++) + out[z] ^= in[z]; +} + +krb5_error_code +krb5int_aes_encrypt(const krb5_keyblock *key, const krb5_data *ivec, + const krb5_data *input, krb5_data *output) +{ + aes_ctx ctx; + unsigned char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE]; + int offset; + int nblocks = 0, blockno; + +/* CHECK_SIZES; */ + + if (aes_enc_key(key->contents, key->length, &ctx) != aes_good) + abort(); + + if (ivec) + memcpy(tmp, ivec->data, BLOCK_SIZE); + else + memset(tmp, 0, BLOCK_SIZE); + + nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE; + + if (nblocks == 1) { + /* XXX Used for DK function. */ + if (aes_enc_blk(input->data, output->data, &ctx) != aes_good) + abort(); + } else { + int nleft; + + for (blockno = 0; blockno < nblocks - 2; blockno++) { + xorblock(tmp, input->data + blockno * BLOCK_SIZE); + enc(tmp2, tmp, &ctx); + memcpy(output->data + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE); + + /* Set up for next block. */ + memcpy(tmp, tmp2, BLOCK_SIZE); + offset += BLOCK_SIZE; + } + /* Do final CTS step for last two blocks (the second of which + may or may not be incomplete). */ + xorblock(tmp, input->data + (nblocks - 2) * BLOCK_SIZE); + enc(tmp2, tmp, &ctx); + nleft = input->length - (nblocks - 1) * BLOCK_SIZE; + memcpy(output->data + (nblocks - 1) * BLOCK_SIZE, tmp2, nleft); + memcpy(tmp, tmp2, BLOCK_SIZE); + + memset(tmp3, 0, sizeof(tmp3)); + memcpy(tmp3, input->data + (nblocks - 1) * BLOCK_SIZE, nleft); + xorblock(tmp, tmp3); + enc(tmp2, tmp, &ctx); + memcpy(output->data + (nblocks - 2) * BLOCK_SIZE, tmp2, BLOCK_SIZE); + } + + return 0; +} + +static krb5_error_code +k5_aes_decrypt(const krb5_keyblock *key, const krb5_data *ivec, + const krb5_data *input, krb5_data *output) +{ + aes_ctx ctx; + + CHECK_SIZES; + + if (aes_dec_key(key->contents, key->length, &ctx) != aes_good) + abort(); + + abort(); + + return 0; +} + +static krb5_error_code +k5_aes_make_key(const krb5_data *randombits, krb5_keyblock *key) +{ + if (key->length != 16 && key->length != 32) + return(KRB5_BAD_KEYSIZE); + if (randombits->length != key->length) + return(KRB5_CRYPTO_INTERNAL); + + key->magic = KV5M_KEYBLOCK; + + memcpy(key->contents, randombits->data, randombits->length); + return(0); +} + +static krb5_error_code +krb5int_aes_init_state (const krb5_keyblock *key, krb5_keyusage usage, + krb5_data *state) +{ + abort(); +} + +const struct krb5_enc_provider krb5int_enc_aes128 = { + aes_block_size, + aes128_keysize, + krb5int_aes_encrypt, + k5_aes_decrypt, + k5_aes_make_key, + krb5int_aes_init_state, + krb5int_default_free_state +}; + +const struct krb5_enc_provider krb5int_enc_aes256 = { + aes_block_size, + aes256_keysize, + krb5int_aes_encrypt, + k5_aes_decrypt, + k5_aes_make_key, + krb5int_aes_init_state, + krb5int_default_free_state +};