Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 453234: Support for SEED Cipher Suites to TLS RFC 4010
patch by Yeonjung Kang <kang.yeonjung@gmail.com>, r=nelson
  • Loading branch information
nelson%bolyard.com committed Dec 17, 2008
1 parent b32ad2f commit f1d0bf2
Show file tree
Hide file tree
Showing 38 changed files with 1,221 additions and 15 deletions.
81 changes: 79 additions & 2 deletions security/nss/cmd/bltest/blapitest.c
Expand Up @@ -673,6 +673,8 @@ typedef enum {
bltestAES_CBC, /* . */
bltestCAMELLIA_ECB, /* . */
bltestCAMELLIA_CBC, /* . */
bltestSEED_ECB, /* SEED algorithm */
bltestSEED_CBC, /* SEED algorithm */
bltestRSA, /* Public Key Ciphers */
#ifdef NSS_ENABLE_ECC
bltestECDSA, /* . (Public Key Sig.) */
Expand Down Expand Up @@ -702,6 +704,8 @@ static char *mode_strings[] =
"aes_cbc",
"camellia_ecb",
"camellia_cbc",
"seed_ecb",
"seed_cbc",
"rsa",
#ifdef NSS_ENABLE_ECC
"ecdsa",
Expand Down Expand Up @@ -817,7 +821,7 @@ PRBool
is_symmkeyCipher(bltestCipherMode mode)
{
/* change as needed! */
if (mode >= bltestDES_ECB && mode <= bltestCAMELLIA_CBC)
if (mode >= bltestDES_ECB && mode <= bltestSEED_CBC)
return PR_TRUE;
return PR_FALSE;
}
Expand Down Expand Up @@ -859,7 +863,8 @@ cipher_requires_IV(bltestCipherMode mode)
/* change as needed! */
if (mode == bltestDES_CBC || mode == bltestDES_EDE_CBC ||
mode == bltestRC2_CBC || mode == bltestRC5_CBC ||
mode == bltestAES_CBC || mode == bltestCAMELLIA_CBC)
mode == bltestAES_CBC || mode == bltestCAMELLIA_CBC||
mode == bltestSEED_CBC)
return PR_TRUE;
return PR_FALSE;
}
Expand Down Expand Up @@ -1113,6 +1118,24 @@ camellia_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
input, inputLen);
}

SECStatus
seed_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
unsigned int maxOutputLen, const unsigned char *input,
unsigned int inputLen)
{
return SEED_Encrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
input, inputLen);
}

SECStatus
seed_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
unsigned int maxOutputLen, const unsigned char *input,
unsigned int inputLen)
{
return SEED_Decrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
input, inputLen);
}

SECStatus
rsa_PublicKeyOp(void *key, SECItem *output, const SECItem *input)
{
Expand Down Expand Up @@ -1376,6 +1399,46 @@ bltest_camellia_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
return SECSuccess;
}

SECStatus
bltest_seed_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
{
PRIntervalTime time1, time2;
bltestSymmKeyParams *seedp = &cipherInfo->params.sk;
int minorMode;
int i;

switch (cipherInfo->mode) {
case bltestSEED_ECB: minorMode = NSS_SEED; break;
case bltestSEED_CBC: minorMode = NSS_SEED_CBC; break;
default:
return SECFailure;
}
cipherInfo->cx = (void*)SEED_CreateContext(seedp->key.buf.data,
seedp->iv.buf.data,
minorMode, encrypt);
if (cipherInfo->cxreps > 0) {
SEEDContext **dummycx;
dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(SEEDContext *));
TIMESTART();
for (i=0; i<cipherInfo->cxreps; i++) {
dummycx[i] = (void*)SEED_CreateContext(seedp->key.buf.data,
seedp->iv.buf.data,
minorMode, encrypt);
}
TIMEFINISH(cipherInfo->cxtime, 1.0);
for (i=0; i<cipherInfo->cxreps; i++) {
SEED_DestroyContext(dummycx[i], PR_TRUE);
}
PORT_Free(dummycx);
}
if (encrypt)
cipherInfo->cipher.symmkeyCipher = seed_Encrypt;
else
cipherInfo->cipher.symmkeyCipher = seed_Decrypt;

return SECSuccess;
}

SECStatus
bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
{
Expand Down Expand Up @@ -1936,6 +1999,12 @@ cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
cipherInfo->input.pBuf.len);
return bltest_camellia_init(cipherInfo, encrypt);
break;
case bltestSEED_ECB:
case bltestSEED_CBC:
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
cipherInfo->input.pBuf.len);
return bltest_seed_init(cipherInfo, encrypt);
break;
case bltestRSA:
SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
cipherInfo->input.pBuf.len);
Expand Down Expand Up @@ -2390,6 +2459,10 @@ cipherFinish(bltestCipherInfo *cipherInfo)
case bltestCAMELLIA_CBC:
Camellia_DestroyContext((CamelliaContext *)cipherInfo->cx, PR_TRUE);
break;
case bltestSEED_ECB:
case bltestSEED_CBC:
SEED_DestroyContext((SEEDContext *)cipherInfo->cx, PR_TRUE);
break;
case bltestRC2_ECB:
case bltestRC2_CBC:
RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE);
Expand Down Expand Up @@ -2540,6 +2613,8 @@ dump_performance_info(bltestCipherInfo *infoList, double totalTimeInt,
case bltestAES_CBC:
case bltestCAMELLIA_ECB:
case bltestCAMELLIA_CBC:
case bltestSEED_ECB:
case bltestSEED_CBC:
case bltestRC2_ECB:
case bltestRC2_CBC:
case bltestRC4:
Expand Down Expand Up @@ -2683,6 +2758,7 @@ get_params(PRArenaPool *arena, bltestParams *params,
case bltestRC2_CBC:
case bltestAES_CBC:
case bltestCAMELLIA_CBC:
case bltestSEED_CBC:
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
load_file_data(arena, &params->sk.iv, filename, bltestBinary);
case bltestDES_ECB:
Expand All @@ -2691,6 +2767,7 @@ get_params(PRArenaPool *arena, bltestParams *params,
case bltestRC4:
case bltestAES_ECB:
case bltestCAMELLIA_ECB:
case bltestSEED_ECB:
sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
load_file_data(arena, &params->sk.key, filename, bltestBinary);
break;
Expand Down
1 change: 1 addition & 0 deletions security/nss/cmd/bltest/tests/seed_cbc/ciphertext0
@@ -0,0 +1 @@
JVdzim3if1YIcpGABasoCQ==
1 change: 1 addition & 0 deletions security/nss/cmd/bltest/tests/seed_cbc/iv0
@@ -0,0 +1 @@
1234567890123456
1 change: 1 addition & 0 deletions security/nss/cmd/bltest/tests/seed_cbc/key0
@@ -0,0 +1 @@
fedcba9876543210
1 change: 1 addition & 0 deletions security/nss/cmd/bltest/tests/seed_cbc/numtests
@@ -0,0 +1 @@
1
1 change: 1 addition & 0 deletions security/nss/cmd/bltest/tests/seed_cbc/plaintext0
@@ -0,0 +1 @@
0123456789abcdef
1 change: 1 addition & 0 deletions security/nss/cmd/bltest/tests/seed_ecb/ciphertext0
@@ -0,0 +1 @@
GX8KY3uUhAQnL6XbQhXjEw==
1 change: 1 addition & 0 deletions security/nss/cmd/bltest/tests/seed_ecb/iv0
@@ -0,0 +1 @@
1234567890123456
1 change: 1 addition & 0 deletions security/nss/cmd/bltest/tests/seed_ecb/key0
@@ -0,0 +1 @@
fedcba9876543210
1 change: 1 addition & 0 deletions security/nss/cmd/bltest/tests/seed_ecb/numtests
@@ -0,0 +1 @@
1
1 change: 1 addition & 0 deletions security/nss/cmd/bltest/tests/seed_ecb/plaintext0
@@ -0,0 +1 @@
0123456789abcdef
24 changes: 24 additions & 0 deletions security/nss/lib/freebl/blapi.h
Expand Up @@ -516,6 +516,30 @@ extern SECStatus DES_Decrypt(DESContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);

/******************************************/
/*
** SEED symmetric block cypher
*/
extern SEEDContext *
SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
int mode, PRBool encrypt);
extern SEEDContext *SEED_AllocateContext(void);
extern SECStatus SEED_InitContext(SEEDContext *cx,
const unsigned char *key,
unsigned int keylen,
const unsigned char *iv,
int mode, unsigned int encrypt,
unsigned int );
extern void SEED_DestroyContext(SEEDContext *cx, PRBool freeit);
extern SECStatus
SEED_Encrypt(SEEDContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
extern SECStatus
SEED_Decrypt(SEEDContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);

/******************************************/
/*
** AES symmetric block cypher (Rijndael)
Expand Down
9 changes: 9 additions & 0 deletions security/nss/lib/freebl/blapit.h
Expand Up @@ -73,6 +73,10 @@
#define NSS_CAMELLIA 0
#define NSS_CAMELLIA_CBC 1

/* SEED operation modes */
#define NSS_SEED 0
#define NSS_SEED_CBC 1

#define DSA_SIGNATURE_LEN 40 /* Bytes */
#define DSA_SUBPRIME_LEN 20 /* Bytes */

Expand Down Expand Up @@ -113,6 +117,9 @@

#define CAMELLIA_BLOCK_SIZE 16 /* bytes */

#define SEED_BLOCK_SIZE 16 /* bytes */
#define SEED_KEY_LENGTH 16 /* bytes */

#define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048

/*
Expand Down Expand Up @@ -183,6 +190,7 @@ struct SHA1ContextStr ;
struct SHA256ContextStr ;
struct SHA512ContextStr ;
struct AESKeyWrapContextStr ;
struct SEEDContextStr ;

typedef struct DESContextStr DESContext;
typedef struct RC2ContextStr RC2Context;
Expand All @@ -198,6 +206,7 @@ typedef struct SHA512ContextStr SHA512Context;
/* SHA384Context is really a SHA512ContextStr. This is not a mistake. */
typedef struct SHA512ContextStr SHA384Context;
typedef struct AESKeyWrapContextStr AESKeyWrapContext;
typedef struct SEEDContextStr SEEDContext;

/***************************************************************************
** RSA Public and Private Key structures
Expand Down
12 changes: 11 additions & 1 deletion security/nss/lib/freebl/ldvector.c
Expand Up @@ -239,10 +239,20 @@ static const struct FREEBLVectorStr vector =
Camellia_Encrypt,
Camellia_Decrypt,

/* End of Version 3.010. */
PQG_DestroyParams,
PQG_DestroyVerify,

/* End of Version 3.010. */

SEED_InitContext,
SEED_AllocateContext,
SEED_CreateContext,
SEED_DestroyContext,
SEED_Encrypt,
SEED_Decrypt

/* End of Version 3.011. */

};

const FREEBLVector *
Expand Down
48 changes: 48 additions & 0 deletions security/nss/lib/freebl/loader.c
Expand Up @@ -486,6 +486,44 @@ DES_Decrypt(DESContext *cx, unsigned char *output, unsigned int *outputLen,
return (vector->p_DES_Decrypt)(cx, output, outputLen, maxOutputLen, input,
inputLen);
}
SEEDContext *
SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
int mode, PRBool encrypt)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return NULL;
return (vector->p_SEED_CreateContext)(key, iv, mode, encrypt);
}

void
SEED_DestroyContext(SEEDContext *cx, PRBool freeit)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return;
(vector->p_SEED_DestroyContext)(cx, freeit);
}

SECStatus
SEED_Encrypt(SEEDContext *cx, unsigned char *output, unsigned int *outputLen,
unsigned int maxOutputLen, const unsigned char *input,
unsigned int inputLen)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
return (vector->p_SEED_Encrypt)(cx, output, outputLen, maxOutputLen, input,
inputLen);
}

SECStatus
SEED_Decrypt(SEEDContext *cx, unsigned char *output, unsigned int *outputLen,
unsigned int maxOutputLen, const unsigned char *input,
unsigned int inputLen)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
return (vector->p_SEED_Decrypt)(cx, output, outputLen, maxOutputLen, input,
inputLen);
}

AESContext *
AES_CreateContext(const unsigned char *key, const unsigned char *iv,
Expand Down Expand Up @@ -1359,6 +1397,16 @@ DES_InitContext(DESContext *cx, const unsigned char *key,
return (vector->p_DES_InitContext)(cx, key, keylen, iv, mode, encrypt, xtra);
}

SECStatus
SEED_InitContext(SEEDContext *cx, const unsigned char *key,
unsigned int keylen, const unsigned char *iv, int mode,
unsigned int encrypt, unsigned int xtra)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
return (vector->p_SEED_InitContext)(cx, key, keylen, iv, mode, encrypt, xtra);
}

SECStatus
RC2_InitContext(RC2Context *cx, const unsigned char *key,
unsigned int keylen, const unsigned char *iv, int mode,
Expand Down
27 changes: 27 additions & 0 deletions security/nss/lib/freebl/loader.h
Expand Up @@ -491,6 +491,33 @@ struct FREEBLVectorStr {
void (* p_PQG_DestroyVerify)(PQGVerify *vfy);

/* Version 3.010 came to here */

SECStatus (* p_SEED_InitContext)(SEEDContext *cx,
const unsigned char *key,
unsigned int keylen,
const unsigned char *iv,
int mode,
unsigned int encrypt,
unsigned int );

SEEDContext *(*p_SEED_AllocateContext)(void);

SEEDContext *(* p_SEED_CreateContext)(const unsigned char *key,
const unsigned char *iv,
int mode, PRBool encrypt);

void (* p_SEED_DestroyContext)(SEEDContext *cx, PRBool freeit);

SECStatus (* p_SEED_Encrypt)(SEEDContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);

SECStatus (* p_SEED_Decrypt)(SEEDContext *cx, unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);

/* Version 3.011 came to here */

};

typedef struct FREEBLVectorStr FREEBLVector;
Expand Down
2 changes: 2 additions & 0 deletions security/nss/lib/freebl/manifest.mn
Expand Up @@ -150,6 +150,7 @@ CSRCS = \
rsa.c \
shvfy.c \
tlsprfalg.c \
seed.c \
$(MPI_SRCS) \
$(MPCPU_SRCS) \
$(ECL_SRCS) \
Expand All @@ -172,6 +173,7 @@ ALL_HDRS = \
sha256.h \
shsign.h \
vis_proto.h \
seed.h \
$(NULL)


Expand Down

0 comments on commit f1d0bf2

Please sign in to comment.