Skip to content

Instantly share code, notes, and snippets.

@h-yamamo

h-yamamo/camellia-gcm.patch

Last active May 7, 2016 07:08
Show Gist options
  • Save h-yamamo/bd9a09aee70b693f7c2d to your computer and use it in GitHub Desktop.
Save h-yamamo/bd9a09aee70b693f7c2d to your computer and use it in GitHub Desktop.
Download ZIP
Support Camellia-GCM cipher suites (RFC 6367) for debian jessie openssl package
Raw
camellia-gcm.patch
diff -u openssl-1.0.1k-3+deb8u2 +camellia-gcm
--- a/crypto/evp/aeadtest.c 2015-12-20 20:40:00.000000000 +0900
+++ b/crypto/evp/aeadtest.c 2016-02-03 20:36:41.000000000 +0900
@@ -257,6 +257,24 @@
return 0;
#endif
}
+ else if (strcmp(argv[1], "camellia-128-gcm") == 0)
+ {
+#ifndef OPENSSL_NO_CAMELLIA
+ aead = EVP_aead_camellia_128_gcm();
+#else
+ fprintf(stderr, "No Camellia support. Skipping test.\n");
+ return 0;
+#endif
+ }
+ else if (strcmp(argv[1], "camellia-256-gcm") == 0)
+ {
+#ifndef OPENSSL_NO_CAMELLIA
+ aead = EVP_aead_camellia_256_gcm();
+#else
+ fprintf(stderr, "No Camellia support. Skipping test.\n");
+ return 0;
+#endif
+ }
else
{
fprintf(stderr, "Unknown AEAD: %s\n", argv[1]);
diff -u openssl-1.0.1k-3+deb8u2 +camellia-gcm
--- a/crypto/evp/e_camellia.c 2015-01-08 23:00:36.000000000 +0900
+++ b/crypto/evp/e_camellia.c 2016-02-03 00:33:50.000000000 +0900
@@ -61,6 +61,7 @@
#include <assert.h>
#include <openssl/camellia.h>
#include "evp_locl.h"
+#include "modes_lcl.h"
static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
@@ -122,6 +123,200 @@
return 1;
}
+
+static ctr128_f camellia_gcm_set_key(CAMELLIA_KEY *camellia_key,
+ GCM128_CONTEXT *gcm_ctx,
+ const unsigned char *key, size_t key_len)
+ {
+ Camellia_set_key(key, key_len*8, camellia_key);
+ CRYPTO_gcm128_init(gcm_ctx, camellia_key, (block128_f)Camellia_encrypt);
+#if 0 /* CAMELLIA_CTR_ASM */
+ return (ctr128_f)func;
+#else
+ return NULL;
+#endif
+ }
+
+#define EVP_AEAD_CAMELLIA_GCM_TAG_LEN 16
+
+struct aead_camellia_gcm_ctx {
+ union { double align; CAMELLIA_KEY ks; } ks;
+ GCM128_CONTEXT gcm;
+ ctr128_f ctr;
+ unsigned tag_len;
+};
+
+static int aead_camellia_gcm_init(EVP_AEAD_CTX *ctx,
+ const unsigned char *key, size_t key_len, size_t tag_len)
+ {
+ struct aead_camellia_gcm_ctx *gcm_ctx;
+ const size_t key_bits = key_len * 8;
+
+ if (key_bits != 128 && key_bits != 256)
+ {
+ EVPerr(EVP_F_AEAD_CAMELLIA_GCM_INIT, EVP_R_BAD_KEY_LENGTH);
+ return 0; /* EVP_AEAD_CTX_init should catch this. */
+ }
+
+ if (tag_len == EVP_AEAD_DEFAULT_TAG_LENGTH)
+ tag_len = EVP_AEAD_CAMELLIA_GCM_TAG_LEN;
+
+ if (tag_len > EVP_AEAD_CAMELLIA_GCM_TAG_LEN)
+ {
+ EVPerr(EVP_F_AEAD_CAMELLIA_GCM_INIT, EVP_R_TAG_TOO_LARGE);
+ return 0;
+ }
+
+ gcm_ctx = OPENSSL_malloc(sizeof(struct aead_camellia_gcm_ctx));
+ if (gcm_ctx == NULL)
+ return 0;
+
+ gcm_ctx->ctr = camellia_gcm_set_key(&gcm_ctx->ks.ks, &gcm_ctx->gcm,
+ key, key_len);
+ gcm_ctx->tag_len = tag_len;
+ ctx->aead_state = gcm_ctx;
+
+ return 1;
+ }
+
+static void aead_camellia_gcm_cleanup(EVP_AEAD_CTX *ctx)
+ {
+ struct aead_camellia_gcm_ctx *gcm_ctx = ctx->aead_state;
+ OPENSSL_cleanse(gcm_ctx, sizeof(*gcm_ctx));
+ OPENSSL_free(gcm_ctx);
+ }
+
+static int aead_camellia_gcm_seal(const EVP_AEAD_CTX *ctx,
+ unsigned char *out, size_t *out_len, size_t max_out_len,
+ const unsigned char *nonce, size_t nonce_len,
+ const unsigned char *in, size_t in_len,
+ const unsigned char *ad, size_t ad_len)
+ {
+ size_t bulk = 0;
+ const struct aead_camellia_gcm_ctx *gcm_ctx = ctx->aead_state;
+ GCM128_CONTEXT gcm;
+
+ if (max_out_len < in_len + gcm_ctx->tag_len)
+ {
+ EVPerr(EVP_F_AEAD_CAMELLIA_GCM_SEAL, EVP_R_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
+ CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len);
+
+ if (ad_len > 0 && CRYPTO_gcm128_aad(&gcm, ad, ad_len))
+ return 0;
+
+/** if (gcm_ctx->ctr) #if CAMELLIA_CTR_ASM
+ {
+ if (CRYPTO_gcm128_encrypt_ctr32(&gcm, in + bulk, out + bulk,
+ in_len - bulk, gcm_ctx->ctr))
+ return 0;
+ }
+ else **/
+ {
+ if (CRYPTO_gcm128_encrypt(&gcm, in + bulk, out + bulk,
+ in_len - bulk))
+ return 0;
+ }
+
+ CRYPTO_gcm128_tag(&gcm, out + in_len, gcm_ctx->tag_len);
+ *out_len = in_len + gcm_ctx->tag_len;
+ return 1;
+ }
+
+static int aead_camellia_gcm_open(const EVP_AEAD_CTX *ctx,
+ unsigned char *out, size_t *out_len, size_t max_out_len,
+ const unsigned char *nonce, size_t nonce_len,
+ const unsigned char *in, size_t in_len,
+ const unsigned char *ad, size_t ad_len)
+ {
+ size_t bulk = 0;
+ const struct aead_camellia_gcm_ctx *gcm_ctx = ctx->aead_state;
+ unsigned char tag[EVP_AEAD_CAMELLIA_GCM_TAG_LEN];
+ size_t plaintext_len;
+ GCM128_CONTEXT gcm;
+
+ if (in_len < gcm_ctx->tag_len)
+ {
+ EVPerr(EVP_F_AEAD_CAMELLIA_GCM_OPEN, EVP_R_BAD_DECRYPT);
+ return 0;
+ }
+
+ plaintext_len = in_len - gcm_ctx->tag_len;
+
+ if (max_out_len < plaintext_len)
+ {
+ EVPerr(EVP_F_AEAD_CAMELLIA_GCM_OPEN, EVP_R_BUFFER_TOO_SMALL);
+ return 0;
+ }
+
+ memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
+ CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len);
+
+ if (CRYPTO_gcm128_aad(&gcm, ad, ad_len))
+ return 0;
+
+/** if (gcm_ctx->ctr) #if CAMELLIA_CTR_ASM
+ {
+ if (CRYPTO_gcm128_decrypt_ctr32(&gcm, in + bulk, out + bulk,
+ in_len-bulk-gcm_ctx->tag_len,
+ gcm_ctx->ctr))
+ return 0;
+ }
+ else **/
+ {
+ if (CRYPTO_gcm128_decrypt(&gcm, in + bulk, out + bulk,
+ in_len - bulk - gcm_ctx->tag_len))
+ return 0;
+ }
+
+ CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len);
+ if (CRYPTO_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0)
+ {
+ EVPerr(EVP_F_AEAD_CAMELLIA_GCM_OPEN, EVP_R_BAD_DECRYPT);
+ return 0;
+ }
+
+ *out_len = plaintext_len;
+ return 1;
+ }
+
+static const EVP_AEAD aead_camellia_128_gcm = {
+ 16, /* key len */
+ 12, /* nonce len */
+ EVP_AEAD_CAMELLIA_GCM_TAG_LEN, /* overhead */
+ EVP_AEAD_CAMELLIA_GCM_TAG_LEN, /* max tag length */
+
+ aead_camellia_gcm_init,
+ aead_camellia_gcm_cleanup,
+ aead_camellia_gcm_seal,
+ aead_camellia_gcm_open,
+};
+
+static const EVP_AEAD aead_camellia_256_gcm = {
+ 32, /* key len */
+ 12, /* nonce len */
+ EVP_AEAD_CAMELLIA_GCM_TAG_LEN, /* overhead */
+ EVP_AEAD_CAMELLIA_GCM_TAG_LEN, /* max tag length */
+
+ aead_camellia_gcm_init,
+ aead_camellia_gcm_cleanup,
+ aead_camellia_gcm_seal,
+ aead_camellia_gcm_open,
+};
+
+const EVP_AEAD *EVP_aead_camellia_128_gcm()
+ {
+ return &aead_camellia_128_gcm;
+ }
+
+const EVP_AEAD *EVP_aead_camellia_256_gcm()
+ {
+ return &aead_camellia_256_gcm;
+ }
+
#else
# ifdef PEDANTIC
diff -u openssl-1.0.1k-3+deb8u2+ore2 +camellia-gcm
--- a/crypto/evp/evp.h 2015-12-20 20:40:00.000000000 +0900
+++ b/crypto/evp/evp.h 2016-02-01 20:23:14.000000000 +0900
@@ -1261,6 +1261,11 @@
const EVP_AEAD *EVP_aead_aes_256_gcm(void);
#endif
+#ifndef OPENSSL_NO_CAMELLIA
+const EVP_AEAD *EVP_aead_camellia_128_gcm(void);
+const EVP_AEAD *EVP_aead_camellia_256_gcm(void);
+#endif
+
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
/* EVP_aead_chacha20_poly1305 is ChaCha20 with a Poly1305 authenticator. */
const EVP_AEAD *EVP_aead_chacha20_poly1305(void);
@@ -1379,6 +1384,9 @@
#define EVP_F_AEAD_AES_GCM_INIT 187
#define EVP_F_AEAD_AES_GCM_OPEN 188
#define EVP_F_AEAD_AES_GCM_SEAL 189
+#define EVP_F_AEAD_CAMELLIA_GCM_INIT 195
+#define EVP_F_AEAD_CAMELLIA_GCM_OPEN 196
+#define EVP_F_AEAD_CAMELLIA_GCM_SEAL 197
#define EVP_F_AEAD_CHACHA20_POLY1305_INIT 192
#define EVP_F_AEAD_CHACHA20_POLY1305_OPEN 193
#define EVP_F_AEAD_CHACHA20_POLY1305_SEAL 194
diff -u openssl-1.0.1k-3+deb8u2+ore2 +camellia-gcm
--- a/crypto/evp/evp_err.c 2015-12-20 20:40:00.000000000 +0900
+++ b/crypto/evp/evp_err.c 2016-02-01 20:29:14.000000000 +0900
@@ -73,6 +73,9 @@
{ERR_FUNC(EVP_F_AEAD_AES_GCM_INIT), "AEAD_AES_GCM_INIT"},
{ERR_FUNC(EVP_F_AEAD_AES_GCM_OPEN), "AEAD_AES_GCM_OPEN"},
{ERR_FUNC(EVP_F_AEAD_AES_GCM_SEAL), "AEAD_AES_GCM_SEAL"},
+{ERR_FUNC(EVP_F_AEAD_CAMELLIA_GCM_INIT), "AEAD_CAMELLIA_GCM_INIT"},
+{ERR_FUNC(EVP_F_AEAD_CAMELLIA_GCM_OPEN), "AEAD_CAMELLIA_GCM_OPEN"},
+{ERR_FUNC(EVP_F_AEAD_CAMELLIA_GCM_SEAL), "AEAD_CAMELLIA_GCM_SEAL"},
{ERR_FUNC(EVP_F_AEAD_CHACHA20_POLY1305_INIT), "AEAD_CHACHA20_POLY1305_INIT"},
{ERR_FUNC(EVP_F_AEAD_CHACHA20_POLY1305_OPEN), "AEAD_CHACHA20_POLY1305_OPEN"},
{ERR_FUNC(EVP_F_AEAD_CHACHA20_POLY1305_SEAL), "AEAD_CHACHA20_POLY1305_SEAL"},
diff -u openssl-1.0.1k-3+deb8u2+ore2 +camellia-gcm
--- a/openssl.ld 2015-12-20 20:40:00.000000000 +0900
+++ b/openssl.ld 2016-02-03 21:00:36.000000000 +0900
@@ -4628,6 +4628,8 @@
EVP_AEAD_CTX_cleanup;
EVP_AEAD_CTX_seal;
EVP_AEAD_CTX_open;
+ EVP_aead_camellia_128_gcm;
+ EVP_aead_camellia_256_gcm;
} OPENSSL_1.0.0;
OPENSSL_1.0.1d {
diff -u openssl-1.0.1k-3+deb8u4+ore1 +camellia-gcm
--- a/ssl/s3_lib.c 2016-03-02 01:40:00.000000000 +0900
+++ b/ssl/s3_lib.c 2016-03-02 20:03:54.000000000 +0900
@@ -2406,6 +2406,153 @@
#endif /* OPENSSL_NO_ECDH */
+#ifndef OPENSSL_NO_CAMELLIA
+ /* GCM-Based Cipher Suites from RFC 6367 */
+# if 0 /* change 0 to 1 if you need RSA and DHE suites. */
+ /* Cipher C07A */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+ TLS1_CK_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_CAMELLIA128GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
+ FIXED_NONCE_LEN(4)|
+ SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ 128,
+ 128,
+ },
+
+ /* Cipher C07B */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+ TLS1_CK_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+ SSL_kRSA,
+ SSL_aRSA,
+ SSL_CAMELLIA256GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
+ FIXED_NONCE_LEN(4)|
+ SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ 256,
+ 256,
+ },
+
+ /* Cipher C07C */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+ TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+ SSL_kEDH,
+ SSL_aRSA,
+ SSL_CAMELLIA128GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
+ FIXED_NONCE_LEN(4)|
+ SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ 128,
+ 128,
+ },
+
+ /* Cipher C07D */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+ TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+ SSL_kEDH,
+ SSL_aRSA,
+ SSL_CAMELLIA256GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
+ FIXED_NONCE_LEN(4)|
+ SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ 256,
+ 256,
+ },
+# endif
+ /* Cipher C086 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
+ TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
+ SSL_kEECDH,
+ SSL_aECDSA,
+ SSL_CAMELLIA128GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
+ FIXED_NONCE_LEN(4)|
+ SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ 128,
+ 128,
+ },
+
+ /* Cipher C087 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
+ TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
+ SSL_kEECDH,
+ SSL_aECDSA,
+ SSL_CAMELLIA256GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
+ FIXED_NONCE_LEN(4)|
+ SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ 256,
+ 256,
+ },
+
+ /* Cipher C08A */
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+ TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+ SSL_kEECDH,
+ SSL_aRSA,
+ SSL_CAMELLIA128GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256|SSL_CIPHER_ALGORITHM2_AEAD|
+ FIXED_NONCE_LEN(4)|
+ SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ 128,
+ 128,
+ },
+
+ /* Cipher C08B */
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+ TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+ SSL_kEECDH,
+ SSL_aRSA,
+ SSL_CAMELLIA256GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384|SSL_CIPHER_ALGORITHM2_AEAD|
+ FIXED_NONCE_LEN(4)|
+ SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
+ 256,
+ 256,
+ },
+#endif /* OPENSSL_NO_CAMELLIA */
#ifdef TEMP_GOST_TLS
/* Cipher FF00 */
diff -u openssl-1.0.1k-3+deb8u2+ore2 +camellia-gcm
--- a/apps/speed.c 2015-12-20 20:40:00.000000000 +0900
+++ b/apps/speed.c 2016-02-01 21:22:00.000000000 +0900
@@ -239,7 +239,7 @@
static int do_multi(int multi);
#endif
-#define ALGOR_NUM 33
+#define ALGOR_NUM 35
#define SIZE_NUM 5
#define RSA_NUM 4
#define DSA_NUM 3
@@ -256,6 +256,7 @@
"evp","sha256","sha512","whirlpool",
"aes-128 ige","aes-192 ige","aes-256 ige","ghash",
"aes-128 gcm", "aes-256 gcm", "chacha20 poly1305",
+ "camellia-128 gcm", "camellia-256 gcm",
};
static double results[ALGOR_NUM][SIZE_NUM];
static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
@@ -503,6 +504,8 @@
#define D_AES_128_GCM 30
#define D_AES_256_GCM 31
#define D_CHACHA20_POLY1305 32
+#define D_CAMELLIA_128_GCM 33
+#define D_CAMELLIA_256_GCM 34
double d=0.0;
long c[ALGOR_NUM][SIZE_NUM];
#define R_DSA_512 0
@@ -949,6 +952,14 @@
doit[D_CBC_192_CML]=1;
doit[D_CBC_256_CML]=1;
}
+ else if (strcmp(*argv,"camellia-128-gcm") == 0)
+ {
+ doit[D_CAMELLIA_128_GCM]=1;
+ }
+ else if (strcmp(*argv,"camellia-256-gcm") == 0)
+ {
+ doit[D_CAMELLIA_256_GCM]=1;
+ }
else
#endif
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
@@ -1095,7 +1106,9 @@
#endif
#ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err,"\n");
- BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
+ BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc");
+ BIO_printf(bio_err,"\n");
+ BIO_printf(bio_err,"camellia-128-gcm camellia-256-gcm ");
#endif
#ifndef OPENSSL_NO_RC4
BIO_printf(bio_err,"rc4");
@@ -1325,6 +1338,8 @@
c[D_AES_128_GCM][0]=count;
c[D_AES_256_GCM][0]=count;
c[D_CHACHA20_POLY1305][0]=count;
+ c[D_CAMELLIA_128_GCM][0]=count;
+ c[D_CAMELLIA_256_GCM][0]=count;
for (i=1; i<SIZE_NUM; i++)
{
@@ -1366,6 +1381,8 @@
c[D_AES_128_GCM][i]=c[D_AES_128_GCM][i-1]*l0/l1;
c[D_AES_256_GCM][i]=c[D_AES_256_GCM][i-1]*l0/l1;
c[D_CHACHA20_POLY1305][i]=c[D_CHACHA20_POLY1305][i-1]*l0/l1;
+ c[D_CAMELLIA_128_GCM][i]=c[D_CAMELLIA_128_GCM][i-1]*l0/l1;
+ c[D_CAMELLIA_256_GCM][i]=c[D_CAMELLIA_256_GCM][i-1]*l0/l1;
}
#ifndef OPENSSL_NO_RSA
rsa_c[R_RSA_512][0]=count/2000;
@@ -1963,6 +1980,59 @@
}
}
+ if (doit[D_CAMELLIA_128_GCM])
+ {
+ const EVP_AEAD *aead = EVP_aead_camellia_128_gcm();
+ const unsigned char *nonce = iv;
+ size_t out_len, nonce_len;
+ EVP_AEAD_CTX ctx;
+
+ EVP_AEAD_CTX_init(&ctx, aead, key32, EVP_AEAD_key_length(aead),
+ EVP_AEAD_DEFAULT_TAG_LENGTH, NULL);
+ nonce_len = EVP_AEAD_nonce_length(aead);
+
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CAMELLIA_128_GCM],
+ c[D_CAMELLIA_128_GCM][j], lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CAMELLIA_128_GCM][j]); count++)
+ if (!EVP_AEAD_CTX_seal(&ctx, buf, &out_len, BUFSIZE,
+ nonce, nonce_len, buf, lengths[j],
+ NULL, 0))
+ exit(1);
+ d=Time_F(STOP);
+ print_result(D_CAMELLIA_128_GCM,j,count,d);
+ }
+ EVP_AEAD_CTX_cleanup(&ctx);
+ }
+ if (doit[D_CAMELLIA_256_GCM])
+ {
+ const EVP_AEAD *aead = EVP_aead_camellia_256_gcm();
+ const unsigned char *nonce = iv;
+ size_t out_len, nonce_len;
+ EVP_AEAD_CTX ctx;
+
+ EVP_AEAD_CTX_init(&ctx, aead, key32, EVP_AEAD_key_length(aead),
+ EVP_AEAD_DEFAULT_TAG_LENGTH, NULL);
+ nonce_len = EVP_AEAD_nonce_length(aead);
+
+ for (j=0; j<SIZE_NUM; j++)
+ {
+ print_message(names[D_CAMELLIA_256_GCM],
+ c[D_CAMELLIA_256_GCM][j], lengths[j]);
+ Time_F(START);
+ for (count=0,run=1; COND(c[D_CAMELLIA_256_GCM][j]); count++)
+ if (!EVP_AEAD_CTX_seal(&ctx, buf, &out_len, BUFSIZE,
+ nonce, nonce_len, buf, lengths[j],
+ NULL, 0))
+ exit(1);
+ d=Time_F(STOP);
+ print_result(D_CAMELLIA_256_GCM,j,count,d);
+ }
+ EVP_AEAD_CTX_cleanup(&ctx);
+ }
+
#endif
#ifndef OPENSSL_NO_IDEA
if (doit[D_CBC_IDEA])
diff -u openssl-1.0.1k-3+deb8u2+ore2 +camellia-gcm
--- a/ssl/ssl.h 2015-12-20 20:40:00.000000000 +0900
+++ b/ssl/ssl.h 2016-02-02 01:16:19.000000000 +0900
@@ -292,6 +292,7 @@
#define SSL_TXT_CAMELLIA128 "CAMELLIA128"
#define SSL_TXT_CAMELLIA256 "CAMELLIA256"
#define SSL_TXT_CAMELLIA "CAMELLIA"
+#define SSL_TXT_CAMELLIA_GCM "CAMELLIAGCM"
#define SSL_TXT_CHACHA20 "CHACHA20"
#define SSL_TXT_MD5 "MD5"
diff -u openssl-1.0.1k-3+deb8u2+ore2 +camellia-gcm
--- a/ssl/ssl_ciph.c 2015-12-20 20:40:00.000000000 +0900
+++ b/ssl/ssl_ciph.c 2016-02-02 01:10:53.000000000 +0900
@@ -296,9 +296,10 @@
{0,SSL_TXT_AES256,0, 0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0},
{0,SSL_TXT_AES,0, 0,0,SSL_AES,0,0,0,0,0,0},
{0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0},
- {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
- {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
+ {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA128GCM,0,0,0,0,0,0},
+ {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256|SSL_CAMELLIA256GCM,0,0,0,0,0,0},
{0,SSL_TXT_CAMELLIA ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
+ {0,SSL_TXT_CAMELLIA_GCM,0,0,0,SSL_CAMELLIA128GCM|SSL_CAMELLIA256GCM,0,0,0,0,0,0},
{0,SSL_TXT_CHACHA20 ,0,0,0,SSL_CHACHA20POLY1305,0,0,0,0,0,0},
/* MAC aliases */
@@ -534,6 +535,14 @@
*aead = EVP_aead_aes_256_gcm();
return 1;
#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ case SSL_CAMELLIA128GCM:
+ *aead = EVP_aead_camellia_128_gcm();
+ return 1;
+ case SSL_CAMELLIA256GCM:
+ *aead = EVP_aead_camellia_256_gcm();
+ return 1;
+#endif
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
case SSL_CHACHA20POLY1305:
if (c->id & 0x80)
@@ -1753,6 +1762,12 @@
case SSL_CHACHA20POLY1305:
enc="ChaCha20-Poly1305";
break;
+ case SSL_CAMELLIA128GCM:
+ enc="CamelliaGCM(128)";
+ break;
+ case SSL_CAMELLIA256GCM:
+ enc="CamelliaGCM(256)";
+ break;
default:
enc="unknown";
break;
diff -u openssl-1.0.1k-3+deb8u2+ore2 +camellia-gcm
--- a/ssl/ssl_locl.h 2015-12-20 20:40:00.000000000 +0900
+++ b/ssl/ssl_locl.h 2016-02-02 00:51:42.000000000 +0900
@@ -330,9 +330,12 @@
#define SSL_AES128GCM 0x00001000L
#define SSL_AES256GCM 0x00002000L
#define SSL_CHACHA20POLY1305 0x00004000L
+#define SSL_CAMELLIA128GCM 0x00008000L
+#define SSL_CAMELLIA256GCM 0x00010000L
#define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
-#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
+#define SSL_CAMELLIA (SSL_CAMELLIA128 | SSL_CAMELLIA256 | \
+ SSL_CAMELLIA128GCM | SSL_CAMELLIA256GCM)
/* Bits for algorithm_mac (symmetric authentication) */
diff -u openssl-1.0.1k-3+deb8u2+ore2 +camellia-gcm
--- a/ssl/tls1.h 2015-12-20 20:40:00.000000000 +0900
+++ b/ssl/tls1.h 2016-02-02 01:38:59.000000000 +0900
@@ -528,6 +528,16 @@
#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
+/* Camellia GCM based ciphersuites from RFC6367 */
+#define TLS1_CK_RSA_WITH_CAMELLIA_128_GCM_SHA256 0x0300C07A
+#define TLS1_CK_RSA_WITH_CAMELLIA_256_GCM_SHA384 0x0300C07B
+#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0x0300C07C
+#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0x0300C07D
+#define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0x0300C086
+#define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0x0300C087
+#define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0x0300C08A
+#define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0x0300C08B
+
#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD 0x0300CC13
#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD 0x0300CC14
#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305_OLD 0x0300CC15
@@ -686,6 +696,15 @@
#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256"
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384"
+#define TLS1_TXT_RSA_WITH_CAMELLIA_128_GCM_SHA256 "CAMELLIA128-GCM-SHA256"
+#define TLS1_TXT_RSA_WITH_CAMELLIA_256_GCM_SHA384 "CAMELLIA256-GCM-SHA384"
+#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 "DHE-RSA-CAMELLIA128-GCM-SHA256"
+#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 "DHE-RSA-CAMELLIA256-GCM-SHA384"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 "ECDHE-ECDSA-CAMELLIA128-GCM-SHA256"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 "ECDHE-ECDSA-CAMELLIA256-GCM-SHA384"
+#define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 "ECDHE-RSA-CAMELLIA128-GCM-SHA256"
+#define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 "ECDHE-RSA-CAMELLIA256-GCM-SHA384"
+
#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 "ECDHE-RSA-CHACHA20-POLY1305"
#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 "ECDHE-ECDSA-CHACHA20-POLY1305"
#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 "DHE-RSA-CHACHA20-POLY1305"
diff -u openssl-1.0.1k-3+deb8u2 +camellia-gcm
--- a/test/Makefile 2015-12-20 20:40:00.000000000 +0900
+++ b/test/Makefile 2016-02-03 20:50:57.000000000 +0900
@@ -346,7 +346,8 @@
../util/shlib_wrap.sh ./$(POLY1305TEST)
test_aead: $(AEADTEST)$(EXE_EXT) chacha20_poly1305_old_tests.txt \
- chacha20_poly1305_tests.txt aes_128_gcm_tests.txt aes_256_gcm_tests.txt
+ chacha20_poly1305_tests.txt aes_128_gcm_tests.txt aes_256_gcm_tests.txt \
+ camellia_128_gcm_tests.txt camellia_256_gcm_tests.txt
@echo "Test ChaCha20+Poly1305(rfc7539)"
../util/shlib_wrap.sh ./$(AEADTEST) chacha20-poly1305 \
chacha20_poly1305_tests.txt
@@ -359,6 +360,12 @@
@echo "Test AES-256-GCM"
../util/shlib_wrap.sh ./$(AEADTEST) aes-256-gcm \
aes_256_gcm_tests.txt
+ @echo "Test Camellia-128-GCM"
+ ../util/shlib_wrap.sh ./$(AEADTEST) camellia-128-gcm \
+ camellia_128_gcm_tests.txt
+ @echo "Test Camellia-256-GCM"
+ ../util/shlib_wrap.sh ./$(AEADTEST) camellia-256-gcm \
+ camellia_256_gcm_tests.txt
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
diff -uN 1.0.1k-3+deb8u2+ore2 +camellia-gcm
--- /dev/null 1970-01-01 09:00:00.000000000 +0900
+++ b/test/camellia_128_gcm_tests.txt 2016-02-03 01:33:12.000000000 +0900
@@ -0,0 +1,49 @@
+# Test vector from draft-kato-ipsec-camellia-gcm Section 4.
+
+# Case 1
+KEY: 00000000000000000000000000000000
+NONCE: 000000000000000000000000
+IN: ""
+AD: ""
+CT: ""
+TAG: f5574acc3148dfcb9015200631024df9
+
+# Case 2
+KEY: 00000000000000000000000000000000
+NONCE: 000000000000000000000000
+IN: 00000000000000000000000000000000
+AD: ""
+CT: defe3e0b5c54c94b4f2a0f5a46f6210d
+TAG: f672b94d192266c7c8c8dbb427cc989a
+
+# Case 3
+KEY: feffe9928665731c6d6a8f9467308308
+NONCE: cafebabefacedbaddecaf888
+IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255
+AD: ""
+CT: d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f8260614bab815
+TAG: 86e318012dd8329dc9dae6a170f61b24
+
+# Case 4
+KEY: feffe9928665731c6d6a8f9467308308
+NONCE: cafebabefacedbaddecaf888
+IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+AD: feedfacedeadbeeffeedfacedeadbeefabaddad2
+CT: d0d94a13b632f337a0cc9955b94fa020c815f903aab12f1efaf2fe9d90f729a6cccbfa986ef2ff2c33de418d9a2529091cf18fe652c1cfde13f82606
+TAG: 9f458869431576ea6a095456ec6b8101
+
+# Case 5
+KEY: feffe9928665731c6d6a8f9467308308
+NONCE: cafebabefacedbad
+IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+AD: feedfacedeadbeeffeedfacedeadbeefabaddad2
+CT: 28fd7434d5cd424a5353818fc21a982460d20cf632eb1e6c4fbfca17d5abcf6a52111086162fe9570e7774c7a912aca3dfa10067ddaad40688645bdd
+TAG: e86f8f2e730c49d536f00fb5225d28b1
+
+# Case 6
+KEY: feffe9928665731c6d6a8f9467308308
+NONCE: 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
+IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+AD: feedfacedeadbeeffeedfacedeadbeefabaddad2
+CT: 2e582b8417c93f2ff4f6f7ee3c361e4496e710ee12433baa964987d02f42953e402e6f4af407fe08cd2f35123696014c34db19128df4056faebcd647
+TAG: ceae5569b2af8641572622731aed3e53
diff -uN 1.0.1k-3+deb8u2+ore2 +camellia-gcm
--- /dev/null 1970-01-01 09:00:00.000000000 +0900
+++ b/test/camellia_256_gcm_tests.txt 2016-02-03 01:36:49.000000000 +0900
@@ -0,0 +1,49 @@
+# Test vector from draft-kato-ipsec-camellia-gcm Section 4.
+
+# Case 13
+KEY: 0000000000000000000000000000000000000000000000000000000000000000
+NONCE: 000000000000000000000000
+IN: ""
+AD: ""
+CT: ""
+TAG: 9cdb269b5d293bc5db9c55b057d9b591
+
+# Case 14
+KEY: 0000000000000000000000000000000000000000000000000000000000000000
+NONCE: 000000000000000000000000
+IN: 00000000000000000000000000000000
+AD: ""
+CT: 3d4b2cde666761ba5dfb305178e667fb
+TAG: 284b63bb143c40ce100fb4dea6bb617b
+
+# Case 15
+KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+NONCE: cafebabefacedbaddecaf888
+IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255
+AD: ""
+CT: ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b776549e092
+TAG: c912686270a2b9966415fca3be75c468
+
+# Case 16
+KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+NONCE: cafebabefacedbaddecaf888
+IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+AD: feedfacedeadbeeffeedfacedeadbeefabaddad2
+CT: ad142c11579dd95e41f3c1f324dabc255864d920f1b65759d8f560d4948d447758dfdcf77aa9f62581c7ff572a037f810cb1a9c4b3ca6ed638179b77
+TAG: 4e4b178d8fe26fdc95e2e7246dd94bec
+
+# Case 17
+KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+NONCE: cafebabefacedbad
+IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+AD: feedfacedeadbeeffeedfacedeadbeefabaddad2
+CT: 6ca95fbb7d16577a9ef2fded94dc85b5d40c629f6bef2c649888e3cbb0ededc7810c04b12c2983bbbbc482e16e45c9215ae12c15c55f2f4809d06652
+TAG: e6472b8ebd331bfcc7c0fa63ce094461
+
+# Case 18
+KEY: feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+NONCE: 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
+IN: d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+AD: feedfacedeadbeeffeedfacedeadbeefabaddad2
+CT: e0cddd7564d09c4dc522dd65949262bbf9dcdb07421cf67f3032becb7253c284a16e5bf0f556a308043f53fab9eebb526be7f7ad33d697ac77c67862
+TAG: 5791883f822013f8bd136fc36fb9946b
@h-yamamo
Copy link
Author

h-yamamo commented Feb 5, 2016
edited

This patch requires the preceding chacha20poly1305.patch.
How to build packages:

apt-get -d source openssl
tar xf openssl_1.0.1k.orig.tar.gz
cd openssl-1.0.1k
tar xf ../openssl_1.0.1k-3+deb8u5.debian.tar.xz
cp -a (openssl-chacha20poly1305 repository)/jessie/debian/* debian/
cp (somewhere)/camellia-gcm.patch debian/patches/
echo camellia-gcm.patch >> debian/patches/series
vi debian/changelog  # add description about camellia-gcm
debuild -uc -us

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment