diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-10-09 14:27:04 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-10-09 14:27:04 -0400 |
| commit | 01f30a7f06110f54c5d69fdd7697347c102f5274 (patch) | |
| tree | d7103da14e3d895f6c2629647daa3fdde0641759 | |
| parent | fd136728de5b603974e3ec21bc5856406c4e814d (diff) | |
| download | krb5-01f30a7f06110f54c5d69fdd7697347c102f5274.tar.gz krb5-01f30a7f06110f54c5d69fdd7697347c102f5274.tar.xz krb5-01f30a7f06110f54c5d69fdd7697347c102f5274.zip | |
De-conditionalize Camellia code
The Camellia enctypes and cksumtypes have received IANA assignments.
Add #defines using those assignments to krb5.h, remove the CAMELLIA
conditional, and enable testing code as appropriate.
The Camellia draft has not received an RFC number yet, so there is no
Doxygen markup for the enctype and cksumtype #defines. That can be
added once the RFC number is known.
30 files changed, 42 insertions, 221 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 14123a648..b96d9675d 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -2383,28 +2383,6 @@ krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *); krb5_error_code krb5int_clean_hostname(krb5_context, const char *, char *, size_t); -#if 0 -/* - * There are no IANA assignments for these enctypes or cksumtypes yet. They - * must be defined to local-use negative numbers at build time for Camellia - * support to function at the moment. If one is defined, they should all be - * defined. When IANA assignments exist, these definitions should move to the - * appropriate places in krb5.hin and all CAMELLIA conditional code should be - * made unconditional. - * - * The present code is experimental and may not be compatible with the - * standardized version. - */ -#define ENCTYPE_CAMELLIA128_CTS_CMAC -XXX /* Camellia CTS mode, 128-bit key */ -#define ENCTYPE_CAMELLIA256_CTS_CMAC -YYY /* Camellia CTS mode, 256-bit key */ -#define CKSUMTYPE_CMAC_CAMELLIA128 -XXX /* CMAC, 128-bit Camellia key */ -#define CKSUMTYPE_CMAC_CAMELLIA256 -YYY /* CMAC, 256-bit Camellia key */ -#endif - -#ifdef ENCTYPE_CAMELLIA128_CTS_CMAC -#define CAMELLIA -#endif - struct _krb5_kt { /* should move into k5-int.h */ krb5_magic magic; const struct _krb5_kt_ops *ops; diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 8c623df94..933d2b450 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -440,6 +440,8 @@ typedef struct _krb5_crypto_iov { #define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 /**< RFC 3962 */ #define ENCTYPE_ARCFOUR_HMAC 0x0017 #define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018 +#define ENCTYPE_CAMELLIA128_CTS_CMAC 0x0019 +#define ENCTYPE_CAMELLIA256_CTS_CMAC 0x001a #define ENCTYPE_UNKNOWN 0x01ff #define CKSUMTYPE_CRC32 0x0001 @@ -456,6 +458,8 @@ typedef struct _krb5_crypto_iov { ENCTYPE_AES128_CTS_HMAC_SHA1_96 */ #define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 /**< RFC 3962. Used with ENCTYPE_AES256_CTS_HMAC_SHA1_96 */ +#define CKSUMTYPE_CMAC_CAMELLIA128 0x0011 +#define CKSUMTYPE_CMAC_CAMELLIA256 0x0012 #define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /*Microsoft netlogon cksumtype*/ #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/ diff --git a/src/lib/crypto/builtin/camellia/Makefile.in b/src/lib/crypto/builtin/camellia/Makefile.in index b11716ecc..e6c86bc13 100644 --- a/src/lib/crypto/builtin/camellia/Makefile.in +++ b/src/lib/crypto/builtin/camellia/Makefile.in @@ -39,8 +39,7 @@ camellia-gen: camellia-gen.o $(GEN_OBJS) run-camellia-gen: camellia-gen ./camellia-gen > kresults.out -# Enable when Camellia support becomes unconditional. -#check:: run-camellia-gen +check:: run-camellia-gen clean-unix:: clean-libobjs diff --git a/src/lib/crypto/builtin/camellia/camellia-gen.c b/src/lib/crypto/builtin/camellia/camellia-gen.c index a98316715..1446d779e 100644 --- a/src/lib/crypto/builtin/camellia/camellia-gen.c +++ b/src/lib/crypto/builtin/camellia/camellia-gen.c @@ -8,8 +8,6 @@ #include <unistd.h> #include "camellia.h" -#ifdef CAMELLIA - #define B 16U unsigned char key[16]; unsigned char test_case_len[] = { B+1, 2*B-1, 2*B, 2*B+1, 3*B-1, 3*B, 4*B, }; @@ -316,18 +314,14 @@ static void cts_test () printf ("\n"); } -#endif /* CAMELLIA */ - int main () { -#ifdef CAMELLIA init (); fips_test (); ecb_test(); cbc_test(); cts_test(); -#endif return 0; } diff --git a/src/lib/crypto/builtin/camellia/camellia.c b/src/lib/crypto/builtin/camellia/camellia.c index 222b66215..88dfe99ad 100644 --- a/src/lib/crypto/builtin/camellia/camellia.c +++ b/src/lib/crypto/builtin/camellia/camellia.c @@ -36,9 +36,6 @@ #include "camellia.h" -#include "k5-int.h" /* Only for CAMELLIA; remove later. */ -#ifdef CAMELLIA - /* key constants */ #define CAMELLIA_SIGMA1L (0xA09E667FL) @@ -1540,5 +1537,3 @@ camellia_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], Camellia_DecryptBlock(cx->keybitlen, in_blk, cx->k_sch, out_blk); return camellia_good; } - -#endif /* CAMELLIA */ diff --git a/src/lib/crypto/builtin/enc_provider/camellia.c b/src/lib/crypto/builtin/enc_provider/camellia.c index ef51d4421..2faf811bf 100644 --- a/src/lib/crypto/builtin/enc_provider/camellia.c +++ b/src/lib/crypto/builtin/enc_provider/camellia.c @@ -27,8 +27,6 @@ #include "crypto_int.h" #include "camellia.h" -#ifdef CAMELLIA - /* * Private per-key data to cache after first generation. We don't want to mess * with the imported Cemallia implementation too much, so we'll just use two @@ -339,25 +337,3 @@ const struct krb5_enc_provider krb5int_enc_camellia256 = { camellia_init_state, krb5int_default_free_state }; - -#else /* CAMELLIA */ - -/* These won't be used, but are still in the export table. */ - -krb5_error_code -krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, - size_t num_data, const krb5_data *iv, - krb5_data *output) -{ - return EINVAL; -} - -const struct krb5_enc_provider krb5int_enc_camellia128 = { - 0 -}; - -const struct krb5_enc_provider krb5int_enc_camellia256 = { - 0 -}; - -#endif /* CAMELLIA */ diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in index 5aeef54a6..58e1c4810 100644 --- a/src/lib/crypto/crypto_tests/Makefile.in +++ b/src/lib/crypto/crypto_tests/Makefile.in @@ -59,8 +59,7 @@ check-unix:: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \ $(RUN_SETUP) $(VALGRIND) ./aes-test > vt.txt cmp vt.txt $(srcdir)/expect-vt.txt $(RUN_SETUP) $(VALGRIND) ./camellia-test > camellia-vt.txt -# Enable this when Camellia becomes unconditional. -# cmp camellia-vt.txt $(srcdir)/camellia-expect-vt.txt + cmp camellia-vt.txt $(srcdir)/camellia-expect-vt.txt $(RUN_SETUP) $(VALGRIND) $(C)t_mddriver4 -x $(RUN_SETUP) $(VALGRIND) $(C)t_mddriver -x $(RUN_SETUP) $(VALGRIND) ./t_short diff --git a/src/lib/crypto/crypto_tests/camellia-test.c b/src/lib/crypto/crypto_tests/camellia-test.c index 9975d4d26..73ef2caa4 100644 --- a/src/lib/crypto/crypto_tests/camellia-test.c +++ b/src/lib/crypto/crypto_tests/camellia-test.c @@ -28,9 +28,7 @@ */ #include <stdio.h> -#include "k5-int.h" - -#ifdef CAMELLIA +#include "crypto_int.h" static char key[32]; static char plain[16], cipher[16], zero[16]; @@ -124,11 +122,8 @@ static void vt_test() vt_test_1(32); } -#endif /* CAMELLIA */ - int main (int argc, char *argv[]) { -#ifdef CAMELLIA if (argc > 2 || (argc == 2 && strcmp(argv[1], "-k"))) { fprintf(stderr, "usage:\t%s -k\tfor variable-key tests\n" @@ -141,6 +136,5 @@ int main (int argc, char *argv[]) vk_test(); else vt_test(); -#endif /* CAMELLIA */ return 0; } diff --git a/src/lib/crypto/crypto_tests/t_cksums.c b/src/lib/crypto/crypto_tests/t_cksums.c index ee089eebd..c0694a1c0 100644 --- a/src/lib/crypto/crypto_tests/t_cksums.c +++ b/src/lib/crypto/crypto_tests/t_cksums.c @@ -108,7 +108,6 @@ struct test { { KV5M_DATA, 16, "\xEB\x38\xCC\x97\xE2\x23\x0F\x59\xDA\x41\x17\xDC\x58\x59\xD7\xEC" } }, -#ifdef CAMELLIA { "abcdefghijk", CKSUMTYPE_CMAC_CAMELLIA128, ENCTYPE_CAMELLIA128_CTS_CMAC, 7, @@ -143,7 +142,6 @@ struct test { { KV5M_DATA, 16, "\x3F\xA0\xB4\x23\x55\xE5\x2B\x18\x91\x87\x29\x4A\xA2\x52\xAB\x64" } }, -#endif }; static void diff --git a/src/lib/crypto/crypto_tests/t_cmac.c b/src/lib/crypto/crypto_tests/t_cmac.c index 7a4b3aeee..7a95e437a 100644 --- a/src/lib/crypto/crypto_tests/t_cmac.c +++ b/src/lib/crypto/crypto_tests/t_cmac.c @@ -40,8 +40,6 @@ #include "crypto_int.h" -#ifdef CAMELLIA - /* All examples use the following Camellia-128 key. */ static unsigned char keybytes[] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, @@ -98,12 +96,9 @@ check_result(const char *name, const unsigned char *result, } } -#endif /* CAMELLIA */ - int main(int argc, char **argv) { -#ifdef CAMELLIA krb5_context context = NULL; krb5_keyblock keyblock; krb5_key key; @@ -142,6 +137,5 @@ main(int argc, char **argv) printf("All CMAC tests passed.\n"); krb5_k_free_key(context, key); -#endif /* CAMELLIA */ return 0; } diff --git a/src/lib/crypto/crypto_tests/t_decrypt.c b/src/lib/crypto/crypto_tests/t_decrypt.c index 34486c865..9db60a1f2 100644 --- a/src/lib/crypto/crypto_tests/t_decrypt.c +++ b/src/lib/crypto/crypto_tests/t_decrypt.c @@ -445,7 +445,6 @@ struct test { "\xB7\x34\xD4\xD4\x98\xB6\x71\x4F\x1C\x1D" } }, -#ifdef CAMELLIA { ENCTYPE_CAMELLIA128_CTS_CMAC, "", 0, @@ -552,7 +551,6 @@ struct test { "\xF3\x4A\xD1\x25\x5A\x34\x49\x99\xAD\x37\x14\x68\x87\xA6\xC6\x84" "\x57\x31\xAC\x7F\x46\x37\x6A\x05\x04\xCD\x06\x57\x14\x74" } }, -#endif }; static void @@ -585,10 +583,8 @@ enctypes[] = { ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA1_96, -#ifdef CAMELLIA ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC -#endif }; static char *plaintexts[] = { diff --git a/src/lib/crypto/crypto_tests/t_derive.c b/src/lib/crypto/crypto_tests/t_derive.c index 5f4c04ae6..0f34b00ed 100644 --- a/src/lib/crypto/crypto_tests/t_derive.c +++ b/src/lib/crypto/crypto_tests/t_derive.c @@ -137,7 +137,6 @@ struct test { "\xD7\xBB\xA9\x07\x76\xD8\x12\x6D\x91\xF3\x4F\x31\x01\xAE\xA8\xBA" } }, -#ifdef CAMELLIA /* Kc, Ke, Ki for a Camellia-128 key */ { ENCTYPE_CAMELLIA128_CTS_CMAC, @@ -201,7 +200,6 @@ struct test { "\xFA\x62\x4F\xA0\xE5\x23\x99\x3F\xA3\x88\xAE\xFD\xC6\x7E\x67\xEB" "\xCD\x8C\x08\xE8\xA0\x24\x6B\x1D\x73\xB0\xD1\xDD\x9F\xC5\x82\xB0" } }, -#endif }; static void @@ -231,10 +229,8 @@ get_enc_provider(krb5_enctype enctype) case ENCTYPE_DES3_CBC_SHA1: return &krb5int_enc_des3; case ENCTYPE_AES128_CTS_HMAC_SHA1_96: return &krb5int_enc_aes128; case ENCTYPE_AES256_CTS_HMAC_SHA1_96: return &krb5int_enc_aes256; -#ifdef CAMELLIA case ENCTYPE_CAMELLIA128_CTS_CMAC: return &krb5int_enc_camellia128; case ENCTYPE_CAMELLIA256_CTS_CMAC: return &krb5int_enc_camellia256; -#endif } abort(); } diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c index 580120b8f..1ac375e49 100644 --- a/src/lib/crypto/crypto_tests/t_encrypt.c +++ b/src/lib/crypto/crypto_tests/t_encrypt.c @@ -45,10 +45,8 @@ krb5_enctype interesting_enctypes[] = { ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, -#ifdef CAMELLIA ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC, -#endif 0 }; diff --git a/src/lib/crypto/crypto_tests/t_short.c b/src/lib/crypto/crypto_tests/t_short.c index 295206651..6ee7b1987 100644 --- a/src/lib/crypto/crypto_tests/t_short.c +++ b/src/lib/crypto/crypto_tests/t_short.c @@ -42,10 +42,8 @@ krb5_enctype interesting_enctypes[] = { ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, -#ifdef CAMELLIA ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC, -#endif 0 }; diff --git a/src/lib/crypto/crypto_tests/t_str2key.c b/src/lib/crypto/crypto_tests/t_str2key.c index fe58bd11c..e9b29ba67 100644 --- a/src/lib/crypto/crypto_tests/t_str2key.c +++ b/src/lib/crypto/crypto_tests/t_str2key.c @@ -410,7 +410,6 @@ struct test { "\x57\x18\x48\xB7\x84\xA3\xD6\xBD\xC3\x46\x58\x9A\x3E\x39\x3F\x9E" } }, -#ifdef CAMELLIA /* The same inputs applied to Camellia enctypes. */ { ENCTYPE_CAMELLIA128_CTS_CMAC, @@ -531,7 +530,6 @@ struct test { "\x16\x3B\x76\x8C\x6D\xB1\x48\xB4\xEE\xC7\x16\x3D\xF5\xAE\xD7\x0E" "\x20\x6B\x68\xCE\xC0\x78\xBC\x06\x9E\xD6\x8A\x7E\xD3\x6B\x1E\xCC" } } -#endif /* CAMELLIA */ }; static void diff --git a/src/lib/crypto/krb/checksum_dk_cmac.c b/src/lib/crypto/krb/checksum_dk_cmac.c index bb48c577c..59d5c5a52 100644 --- a/src/lib/crypto/krb/checksum_dk_cmac.c +++ b/src/lib/crypto/krb/checksum_dk_cmac.c @@ -28,8 +28,6 @@ #define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */ -#ifdef CAMELLIA - krb5_error_code krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp, krb5_key key, krb5_keyusage usage, @@ -58,5 +56,3 @@ krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp, krb5_k_free_key(NULL, kc); return ret; } - -#endif /* CAMELLIA */ diff --git a/src/lib/crypto/krb/cksumtypes.c b/src/lib/crypto/krb/cksumtypes.c index fd95057c4..a1ced981f 100644 --- a/src/lib/crypto/krb/cksumtypes.c +++ b/src/lib/crypto/krb/cksumtypes.c @@ -101,7 +101,6 @@ const struct krb5_cksumtypes krb5int_cksumtypes_list[] = { krb5int_hmacmd5_checksum, NULL, 16, 16, 0 }, -#ifdef CAMELLIA { CKSUMTYPE_CMAC_CAMELLIA128, "cmac-camellia128", { 0 }, "CMAC Camellia128 key", &krb5int_enc_camellia128, NULL, @@ -113,7 +112,6 @@ const struct krb5_cksumtypes krb5int_cksumtypes_list[] = { &krb5int_enc_camellia256, NULL, krb5int_dk_cmac_checksum, NULL, 16, 16, 0 }, -#endif /* CAMELLIA */ }; const size_t krb5int_cksumtypes_length = diff --git a/src/lib/crypto/krb/cmac.c b/src/lib/crypto/krb/cmac.c index 19af2201e..2e220c5d5 100644 --- a/src/lib/crypto/krb/cmac.c +++ b/src/lib/crypto/krb/cmac.c @@ -41,8 +41,6 @@ #include "crypto_int.h" -#ifdef CAMELLIA - #define BLOCK_SIZE 16 static unsigned char const_Rb[BLOCK_SIZE] = { @@ -221,17 +219,3 @@ krb5int_cmac_checksum(const struct krb5_enc_provider *enc, krb5_key key, return 0; } - -#else /* CAMELLIA */ - -/* This won't be used, but is still in the export table. */ - -krb5_error_code -krb5int_cmac_checksum(const struct krb5_enc_provider *enc, krb5_key key, - const krb5_crypto_iov *data, size_t num_data, - krb5_data *output) -{ - return EINVAL; -} - -#endif /* CAMELLIA */ diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h index cb9aef346..01090d006 100644 --- a/src/lib/crypto/krb/crypto_int.h +++ b/src/lib/crypto/krb/crypto_int.h @@ -321,11 +321,8 @@ krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp, /*** Key derivation functions ***/ enum deriv_alg { - DERIVE_RFC3961 /* RFC 3961 section 5.1 */ -#ifdef CAMELLIA - , /* C90 doesn't let enum list end w/comma */ + DERIVE_RFC3961, /* RFC 3961 section 5.1 */ DERIVE_SP800_108_CMAC /* NIST SP 800-108 with CMAC as PRF */ -#endif }; krb5_error_code krb5int_derive_keyblock(const struct krb5_enc_provider *enc, @@ -421,10 +418,8 @@ extern const struct krb5_enc_provider krb5int_enc_aes128; extern const struct krb5_enc_provider krb5int_enc_aes256; extern const struct krb5_enc_provider krb5int_enc_aes128_ctr; extern const struct krb5_enc_provider krb5int_enc_aes256_ctr; -#ifdef CAMELLIA extern const struct krb5_enc_provider krb5int_enc_camellia128; extern const struct krb5_enc_provider krb5int_enc_camellia256; -#endif extern const struct krb5_hash_provider krb5int_hash_crc32; extern const struct krb5_hash_provider krb5int_hash_md4; @@ -462,8 +457,7 @@ krb5_error_code krb5int_pbkdf2_hmac_sha1(const krb5_data *out, const krb5_data *salt); /* The following are used by test programs and are just handler functions from - * the AES and Camellia enc providers. Define a stub krb5int_camellia_cbc_mac - * even if CAMELLIA isn't defined, since it's in the export list. */ + * the AES and Camellia enc providers. */ krb5_error_code krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data); krb5_error_code krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec, diff --git a/src/lib/crypto/krb/derive.c b/src/lib/crypto/krb/derive.c index 1cb47af4b..1509f4225 100644 --- a/src/lib/crypto/krb/derive.c +++ b/src/lib/crypto/krb/derive.c @@ -130,8 +130,6 @@ cleanup: return ret; } -#ifdef CAMELLIA - /* * NIST SP800-108 KDF in feedback mode (section 5.2). * Parameters: @@ -207,8 +205,6 @@ cleanup: return ret; } -#endif /* CAMELLIA */ - krb5_error_code krb5int_derive_random(const struct krb5_enc_provider *enc, krb5_key inkey, krb5_data *outrnd, @@ -217,10 +213,8 @@ krb5int_derive_random(const struct krb5_enc_provider *enc, switch (alg) { case DERIVE_RFC3961: return derive_random_rfc3961(enc, inkey, outrnd, in_constant); -#ifdef CAMELLIA case DERIVE_SP800_108_CMAC: return derive_random_sp800_108_cmac(enc, inkey, outrnd, in_constant); -#endif default: return EINVAL; } diff --git a/src/lib/crypto/krb/enc_dk_cmac.c b/src/lib/crypto/krb/enc_dk_cmac.c index 6593d172e..508f9f823 100644 --- a/src/lib/crypto/krb/enc_dk_cmac.c +++ b/src/lib/crypto/krb/enc_dk_cmac.c @@ -27,8 +27,6 @@ #include "crypto_int.h" -#ifdef CAMELLIA - #define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */ /* AEAD */ @@ -182,5 +180,3 @@ cleanup: zapfree(cksum.data, cksum.length); return ret; } - -#endif /* CAMELLIA */ diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c index a9b176dbd..53be1d54d 100644 --- a/src/lib/crypto/krb/etypes.c +++ b/src/lib/crypto/krb/etypes.c @@ -144,7 +144,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { krb5int_dk_prf, CKSUMTYPE_HMAC_SHA1_96_AES256, 0 /*flags*/ }, -#ifdef CAMELLIA + { ENCTYPE_CAMELLIA128_CTS_CMAC, "camellia128-cts-cmac", { "camellia128-cts" }, "Camellia-128 CTS mode with CMAC", @@ -167,7 +167,6 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { krb5int_dk_cmac_prf, CKSUMTYPE_CMAC_CAMELLIA256, 0 /*flags */ }, -#endif /* CAMELLIA */ }; const int krb5int_enctypes_length = diff --git a/src/lib/crypto/krb/prf_cmac.c b/src/lib/crypto/krb/prf_cmac.c index d3e71617d..131c36d12 100644 --- a/src/lib/crypto/krb/prf_cmac.c +++ b/src/lib/crypto/krb/prf_cmac.c @@ -26,8 +26,6 @@ #include "crypto_int.h" -#ifdef CAMELLIA - krb5_error_code krb5int_dk_cmac_prf(const struct krb5_keytypes *ktp, krb5_key key, const krb5_data *in, krb5_data *out) @@ -58,5 +56,3 @@ cleanup: krb5_k_free_key(NULL, kp); return ret; } - -#endif /* CAMELLIA */ diff --git a/src/lib/crypto/krb/s2k_pbkdf2.c b/src/lib/crypto/krb/s2k_pbkdf2.c index 90fe3c694..2476865f3 100644 --- a/src/lib/crypto/krb/s2k_pbkdf2.c +++ b/src/lib/crypto/krb/s2k_pbkdf2.c @@ -183,7 +183,6 @@ krb5int_aes_string_to_key(const struct krb5_keytypes *ktp, DERIVE_RFC3961, 4096); } -#ifdef CAMELLIA krb5_error_code krb5int_camellia_string_to_key(const struct krb5_keytypes *ktp, const krb5_data *string, @@ -196,4 +195,3 @@ krb5int_camellia_string_to_key(const struct krb5_keytypes *ktp, return pbkdf2_string_to_key(ktp, string, salt, &pepper, params, key, DERIVE_SP800_108_CMAC, 32768); } -#endif diff --git a/src/lib/crypto/nss/enc_provider/camellia.c b/src/lib/crypto/nss/enc_provider/camellia.c index f4eb0deb7..9859efa1d 100644 --- a/src/lib/crypto/nss/enc_provider/camellia.c +++ b/src/lib/crypto/nss/enc_provider/camellia.c @@ -36,8 +36,6 @@ #include "crypto_int.h" #include "nss_gen.h" -#ifdef CAMELLIA - static krb5_error_code krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data) @@ -113,23 +111,3 @@ const struct krb5_enc_provider krb5int_enc_camellia256 = { krb5int_default_free_state, k5_nss_gen_cleanup }; - -#else /* CAMELLIA_CCM */ - -/* These won't be used, but are still in the export table. */ - -krb5_error_code -krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, - size_t num_data, const krb5_data *iv, - krb5_data *output) -{ - return EINVAL; -} - -const struct krb5_enc_provider krb5int_enc_camellia128 = { -}; - -const struct krb5_enc_provider krb5int_enc_camellia256 = { -}; - -#endif diff --git a/src/lib/crypto/openssl/enc_provider/camellia.c b/src/lib/crypto/openssl/enc_provider/camellia.c index f22826bbd..2173db6a8 100644 --- a/src/lib/crypto/openssl/enc_provider/camellia.c +++ b/src/lib/crypto/openssl/enc_provider/camellia.c @@ -29,8 +29,6 @@ #include <openssl/camellia.h> #include <openssl/modes.h> -#ifdef CAMELLIA - static krb5_error_code cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data); @@ -384,23 +382,3 @@ const struct krb5_enc_provider krb5int_enc_camellia256 = { krb5int_camellia_init_state, krb5int_default_free_state }; - -#else /* CAMELLIA */ - -/* These won't be used, but are still in the export table. */ - -krb5_error_code -krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, - size_t num_data, const krb5_data *iv, - krb5_data *output) -{ - return EINVAL; -} - -const struct krb5_enc_provider krb5int_enc_camellia128 = { -}; - -const struct krb5_enc_provider krb5int_enc_camellia256 = { -}; - -#endif /* CAMELLIA */ diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index 6e098f8ba..aa793fc8f 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -468,11 +468,9 @@ krb5int_parse_enctype_list(krb5_context context, const char *profkey, mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, &list); } else if (strcasecmp(token, "rc4") == 0) { mod_list(ENCTYPE_ARCFOUR_HMAC, sel, weak, &list); -#ifdef CAMELLIA } else if (strcasecmp(token, "camellia") == 0) { mod_list(ENCTYPE_CAMELLIA256_CTS_CMAC, sel, weak, &list); mod_list(ENCTYPE_CAMELLIA128_CTS_CMAC, sel, weak, &list); -#endif } else if (krb5_string_to_enctype(token, &etype) == 0) { /* Set a specific enctype. */ mod_list(etype, sel, weak, &list); diff --git a/src/lib/krb5/krb/t_etypes.c b/src/lib/krb5/krb/t_etypes.c index 72dbb20aa..0a8a19984 100644 --- a/src/lib/krb5/krb/t_etypes.c +++ b/src/lib/krb5/krb/t_etypes.c @@ -97,14 +97,12 @@ static struct { ENCTYPE_DES3_CBC_SHA1, 0 }, 0, 0 }, -#ifdef CAMELLIA /* Family with enctype removed */ { "camellia -camellia256-cts-cmac", { 0 }, { ENCTYPE_CAMELLIA128_CTS_CMAC, 0 }, { ENCTYPE_CAMELLIA128_CTS_CMAC, 0 } }, -#endif /* Enctype followed by two families */ { "+rc4-hmAC des3 +des", { 0 }, diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index 2804b5c7f..67963c579 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -189,6 +189,30 @@ set passes { {dummy=[verbose -log "AES enctypes"]} } { + camellia-only + mode=udp + des3_krbtgt=0 + {supported_enctypes=camellia256-cts:normal} + {permitted_enctypes(kdc)=camellia256-cts} + {permitted_enctypes(slave)=camellia256-cts} + {permitted_enctypes(client)=camellia256-cts} + {permitted_enctypes(server)=camellia256-cts} + {default_tgs_enctypes(kdc)=camellia256-cts} + {default_tgs_enctypes(slave)=camellia256-cts} + {default_tgs_enctypes(client)=camellia256-cts} + {default_tgs_enctypes(server)=camellia256-cts} + {default_tkt_enctypes(kdc)=camellia256-cts} + {default_tkt_enctypes(slave)=camellia256-cts} + {default_tkt_enctypes(client)=camellia256-cts} + {default_tkt_enctypes(server)=camellia256-cts} + {allow_weak_crypto(kdc)=false} + {allow_weak_crypto(slave)=false} + {allow_weak_crypto(client)=false} + {allow_weak_crypto(server)=false} + {master_key_type=camellia256-cts} + {dummy=[verbose -log "Camellia-256 enctype"]} + } + { aes-des3 mode=udp des3_krbtgt=0 @@ -263,32 +287,6 @@ set passes { } } -# Add to above when Camellia support becomes unconditional. -# { -# camellia-only -# mode=udp -# des3_krbtgt=0 -# {supported_enctypes=camellia256-cts:normal} -# {permitted_enctypes(kdc)=camellia256-cts} -# {permitted_enctypes(slave)=camellia256-cts} -# {permitted_enctypes(client)=camellia256-cts} -# {permitted_enctypes(server)=camellia256-cts} -# {default_tgs_enctypes(kdc)=camellia256-cts} -# {default_tgs_enctypes(slave)=camellia256-cts} -# {default_tgs_enctypes(client)=camellia256-cts} -# {default_tgs_enctypes(server)=camellia256-cts} -# {default_tkt_enctypes(kdc)=camellia256-cts} -# {default_tkt_enctypes(slave)=camellia256-cts} -# {default_tkt_enctypes(client)=camellia256-cts} -# {default_tkt_enctypes(server)=camellia256-cts} -# {allow_weak_crypto(kdc)=false} -# {allow_weak_crypto(slave)=false} -# {allow_weak_crypto(client)=false} -# {allow_weak_crypto(server)=false} -# {master_key_type=camellia256-cts} -# {dummy=[verbose -log "Camellia-256 enctype"]} -# } - # des.md5-tgt is set as unused, since it won't trigger the error case # if SUPPORT_DESMD5 isn't honored. diff --git a/src/util/k5test.py b/src/util/k5test.py index 6af782c72..4fd8cf752 100644 --- a/src/util/k5test.py +++ b/src/util/k5test.py @@ -1185,15 +1185,14 @@ _passes = [ 'master_key_type' : 'aes128-cts'}}}}), # Exercise the camellia256-cts enctype. -# Enable when Camellia support becomes unconditional. -# ('camellia256', None, -# {'all' : {'libdefaults' : { -# 'default_tgs_enctypes' : 'camellia256-cts', -# 'default_tkt_enctypes' : 'camellia256-cts', -# 'permitted_enctypes' : 'camellia256-cts'}}}, -# {'master' : {'realms' : {'$realm' : { -# 'supported_enctypes' : 'camellia256-cts:normal', -# 'master_key_type' : 'camellia256-cts'}}}}), + ('camellia256', None, + {'all' : {'libdefaults' : { + 'default_tgs_enctypes' : 'camellia256-cts', + 'default_tkt_enctypes' : 'camellia256-cts', + 'permitted_enctypes' : 'camellia256-cts'}}}, + {'master' : {'realms' : {'$realm' : { + 'supported_enctypes' : 'camellia256-cts:normal', + 'master_key_type' : 'camellia256-cts'}}}}), # Test a setup with modern principal keys but an old TGT key. ('aes256.destgt', 'des-cbc-crc:normal', |