diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-11-20 00:31:46 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-11-20 00:31:46 +0000 |
| commit | 41acda8ebd3517c3d0f2184c09741cd10d061182 (patch) | |
| tree | dcc9695ff569763cfa96eff1c895d88d27721d12 /src/lib/crypto/builtin | |
| parent | 52bae3736c1835b8d7ba6b2e8bda370fe58f044b (diff) | |
| download | krb5-41acda8ebd3517c3d0f2184c09741cd10d061182.tar.gz krb5-41acda8ebd3517c3d0f2184c09741cd10d061182.tar.xz krb5-41acda8ebd3517c3d0f2184c09741cd10d061182.zip | |
Implement Camellia-CTS-CMAC instead of Camellia-CCM
Replace the Camellia-CCM enctypes with Camellia-CTS-CMAC. Still not
compiled in by default since we don't have enctype assignments yet.
ticket: 6822
target_verion: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24524 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/builtin')
| -rw-r--r-- | src/lib/crypto/builtin/camellia/camellia-gen.c | 6 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/camellia/camellia.c | 5 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/enc_provider/Makefile.in | 6 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/enc_provider/camellia.c | 366 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/enc_provider/camellia_ctr.c | 225 | ||||
| -rw-r--r-- | src/lib/crypto/builtin/enc_provider/enc_provider.h | 6 |
6 files changed, 378 insertions, 236 deletions
diff --git a/src/lib/crypto/builtin/camellia/camellia-gen.c b/src/lib/crypto/builtin/camellia/camellia-gen.c index bbe64d039..a98316715 100644 --- a/src/lib/crypto/builtin/camellia/camellia-gen.c +++ b/src/lib/crypto/builtin/camellia/camellia-gen.c @@ -8,7 +8,7 @@ #include <unistd.h> #include "camellia.h" -#ifdef CAMELLIA_CCM +#ifdef CAMELLIA #define B 16U unsigned char key[16]; @@ -316,11 +316,11 @@ static void cts_test () printf ("\n"); } -#endif /* CAMELLIA_CCM */ +#endif /* CAMELLIA */ int main () { -#ifdef CAMELLIA_CCM +#ifdef CAMELLIA init (); fips_test (); diff --git a/src/lib/crypto/builtin/camellia/camellia.c b/src/lib/crypto/builtin/camellia/camellia.c index 1b8cc46dd..30998d043 100644 --- a/src/lib/crypto/builtin/camellia/camellia.c +++ b/src/lib/crypto/builtin/camellia/camellia.c @@ -36,7 +36,8 @@ #include "camellia.h" -#ifdef CAMELLIA_CCM +#include "k5-int.h" /* Only for CAMELLIA; remove later. */ +#ifdef CAMELLIA /* key constants */ @@ -1540,4 +1541,4 @@ camellia_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], return camellia_good; } -#endif /* CAMELLIA_CCM */ +#endif /* CAMELLIA */ diff --git a/src/lib/crypto/builtin/enc_provider/Makefile.in b/src/lib/crypto/builtin/enc_provider/Makefile.in index f3d4a0b2c..aadec6e6a 100644 --- a/src/lib/crypto/builtin/enc_provider/Makefile.in +++ b/src/lib/crypto/builtin/enc_provider/Makefile.in @@ -21,20 +21,20 @@ STLIBOBJS= \ des3.o \ rc4.o \ aes.o \ - camellia_ctr.o + camellia.o OBJS= \ $(OUTPRE)des.$(OBJEXT) \ $(OUTPRE)des3.$(OBJEXT) \ $(OUTPRE)aes.$(OBJEXT) \ - $(OUTPRE)camellia_ctr.$(OBJEXT) \ + $(OUTPRE)camellia.$(OBJEXT) \ $(OUTPRE)rc4.$(OBJEXT) SRCS= \ $(srcdir)/des.c \ $(srcdir)/des3.c \ $(srcdir)/aes.c \ - $(srcdir)/camellia_ctr.c\ + $(srcdir)/camellia.c \ $(srcdir)/rc4.c ##DOS##LIBOBJS = $(OBJS) diff --git a/src/lib/crypto/builtin/enc_provider/camellia.c b/src/lib/crypto/builtin/enc_provider/camellia.c new file mode 100644 index 000000000..566f2d78f --- /dev/null +++ b/src/lib/crypto/builtin/enc_provider/camellia.c @@ -0,0 +1,366 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* lib/crypto/enc_provider/camellia.c - Camellia enc provider definition */ +/* + * Copyright (C) 2009, 2010 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include "k5-int.h" +#include "enc_provider.h" +#include "camellia.h" +#include <aead.h> +#include <rand2key.h> + +#ifdef CAMELLIA + +/* + * Private per-key data to cache after first generation. We don't want to mess + * with the imported Cemallia implementation too much, so we'll just use two + * copies of its context, one for encryption and one for decryption, and use + * the #rounds field as a flag for whether we've initialized each half. + */ +struct camellia_key_info_cache { + camellia_ctx enc_ctx, dec_ctx; +}; +#define CACHE(X) ((struct camellia_key_info_cache *)((X)->cache)) + +static inline void +enc(unsigned char *out, const unsigned char *in, camellia_ctx *ctx) +{ + if (camellia_enc_blk(in, out, ctx) != camellia_good) + abort(); +} + +static inline void +dec(unsigned char *out, const unsigned char *in, camellia_ctx *ctx) +{ + if (camellia_dec_blk(in, out, ctx) != camellia_good) + abort(); +} + +static void +xorblock(unsigned char *out, const unsigned char *in) +{ + int z; + for (z = 0; z < BLOCK_SIZE/4; z++) { + unsigned char *outptr = &out[z*4]; + const unsigned char *inptr = &in[z*4]; + /* + * Use unaligned accesses. On x86, this will probably still be faster + * than multiple byte accesses for unaligned data, and for aligned data + * should be far better. (One test indicated about 2.4% faster + * encryption for 1024-byte messages.) + * + * If some other CPU has really slow unaligned-word or byte accesses, + * perhaps this function (or the load/store helpers?) should test for + * alignment first. + * + * If byte accesses are faster than unaligned words, we may need to + * conditionalize on CPU type, as that may be hard to determine + * automatically. + */ + store_32_n(load_32_n(outptr) ^ load_32_n(inptr), outptr); + } +} + +static krb5_error_code +krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec, + krb5_crypto_iov *data, size_t num_data) +{ + unsigned char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE]; + int nblocks = 0, blockno; + size_t input_length, i; + struct iov_block_state input_pos, output_pos; + + if (key->cache == NULL) { + key->cache = malloc(sizeof(struct camellia_key_info_cache)); + if (key->cache == NULL) + return ENOMEM; + CACHE(key)->enc_ctx.keybitlen = CACHE(key)->dec_ctx.keybitlen = 0; + } + if (CACHE(key)->enc_ctx.keybitlen == 0) { + if (camellia_enc_key(key->keyblock.contents, key->keyblock.length, + &CACHE(key)->enc_ctx) != camellia_good) + abort(); + } + if (ivec != NULL) + memcpy(tmp, ivec->data, BLOCK_SIZE); + else + memset(tmp, 0, BLOCK_SIZE); + + for (i = 0, input_length = 0; i < num_data; i++) { + krb5_crypto_iov *iov = &data[i]; + + if (ENCRYPT_IOV(iov)) + input_length += iov->data.length; + } + + IOV_BLOCK_STATE_INIT(&input_pos); + IOV_BLOCK_STATE_INIT(&output_pos); + + nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE; + if (nblocks == 1) { + krb5int_c_iov_get_block(tmp, BLOCK_SIZE, data, num_data, &input_pos); + enc(tmp2, tmp, &CACHE(key)->enc_ctx); + krb5int_c_iov_put_block(data, num_data, tmp2, BLOCK_SIZE, &output_pos); + } else if (nblocks > 1) { + unsigned char blockN2[BLOCK_SIZE]; /* second last */ + unsigned char blockN1[BLOCK_SIZE]; /* last block */ + + for (blockno = 0; blockno < nblocks - 2; blockno++) { + unsigned char blockN[BLOCK_SIZE], *block; + + krb5int_c_iov_get_block_nocopy(blockN, BLOCK_SIZE, + data, num_data, &input_pos, &block); + xorblock(tmp, block); + enc(block, tmp, &CACHE(key)->enc_ctx); + krb5int_c_iov_put_block_nocopy(data, num_data, blockN, BLOCK_SIZE, + &output_pos, block); + + /* Set up for next block. */ + memcpy(tmp, block, BLOCK_SIZE); + } + + /* Do final CTS step for last two blocks (the second of which + may or may not be incomplete). */ + + /* First, get the last two blocks */ + memset(blockN1, 0, sizeof(blockN1)); /* pad last block with zeros */ + krb5int_c_iov_get_block(blockN2, BLOCK_SIZE, data, num_data, + &input_pos); + krb5int_c_iov_get_block(blockN1, BLOCK_SIZE, data, num_data, + &input_pos); + + /* Encrypt second last block */ + xorblock(tmp, blockN2); + enc(tmp2, tmp, &CACHE(key)->enc_ctx); + memcpy(blockN2, tmp2, BLOCK_SIZE); /* blockN2 now contains first block */ + memcpy(tmp, tmp2, BLOCK_SIZE); + + /* Encrypt last block */ + xorblock(tmp, blockN1); + enc(tmp2, tmp, &CACHE(key)->enc_ctx); + memcpy(blockN1, tmp2, BLOCK_SIZE); + + /* Put the last two blocks back into the iovec (reverse order) */ + krb5int_c_iov_put_block(data, num_data, blockN1, BLOCK_SIZE, + &output_pos); + krb5int_c_iov_put_block(data, num_data, blockN2, BLOCK_SIZE, + &output_pos); + + if (ivec != NULL) + memcpy(ivec->data, blockN1, BLOCK_SIZE); + } + + return 0; +} + +static krb5_error_code +krb5int_camellia_decrypt(krb5_key key, const krb5_data *ivec, + krb5_crypto_iov *data, size_t num_data) +{ + unsigned char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE]; + int nblocks = 0, blockno; + unsigned int i; + size_t input_length; + struct iov_block_state input_pos, output_pos; + + if (key->cache == NULL) { + key->cache = malloc(sizeof(struct camellia_key_info_cache)); + if (key->cache == NULL) + return ENOMEM; + CACHE(key)->enc_ctx.keybitlen = CACHE(key)->dec_ctx.keybitlen = 0; + } + if (CACHE(key)->dec_ctx.keybitlen == 0) { + if (camellia_dec_key(key->keyblock.contents, key->keyblock.length, + &CACHE(key)->dec_ctx) != camellia_good) + abort(); + } + + if (ivec != NULL) + memcpy(tmp, ivec->data, BLOCK_SIZE); + else + memset(tmp, 0, BLOCK_SIZE); + + for (i = 0, input_length = 0; i < num_data; i++) { + krb5_crypto_iov *iov = &data[i]; + + if (ENCRYPT_IOV(iov)) + input_length += iov->data.length; + } + + IOV_BLOCK_STATE_INIT(&input_pos); + IOV_BLOCK_STATE_INIT(&output_pos); + + nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE; + if (nblocks == 1) { + krb5int_c_iov_get_block(tmp, BLOCK_SIZE, data, num_data, &input_pos); + dec(tmp2, tmp, &CACHE(key)->dec_ctx); + krb5int_c_iov_put_block(data, num_data, tmp2, BLOCK_SIZE, &output_pos); + } else if (nblocks > 1) { + unsigned char blockN2[BLOCK_SIZE]; /* second last */ + unsigned char blockN1[BLOCK_SIZE]; /* last block */ + + for (blockno = 0; blockno < nblocks - 2; blockno++) { + unsigned char blockN[BLOCK_SIZE], *block; + + krb5int_c_iov_get_block_nocopy(blockN, BLOCK_SIZE, + data, num_data, &input_pos, &block); + memcpy(tmp2, block, BLOCK_SIZE); + dec(block, block, &CACHE(key)->dec_ctx); + xorblock(block, tmp); + memcpy(tmp, tmp2, BLOCK_SIZE); + krb5int_c_iov_put_block_nocopy(data, num_data, blockN, BLOCK_SIZE, + &output_pos, block); + } + + /* Do last two blocks, the second of which (next-to-last block + of plaintext) may be incomplete. */ + + /* First, get the last two encrypted blocks */ + memset(blockN1, 0, sizeof(blockN1)); /* pad last block with zeros */ + krb5int_c_iov_get_block(blockN2, BLOCK_SIZE, data, num_data, + &input_pos); + krb5int_c_iov_get_block(blockN1, BLOCK_SIZE, data, num_data, + &input_pos); + + if (ivec != NULL) + memcpy(ivec->data, blockN2, BLOCK_SIZE); + + /* Decrypt second last block */ + dec(tmp2, blockN2, &CACHE(key)->dec_ctx); + /* Set tmp2 to last (possibly partial) plaintext block, and + save it. */ + xorblock(tmp2, blockN1); + memcpy(blockN2, tmp2, BLOCK_SIZE); + + /* Maybe keep the trailing part, and copy in the last + ciphertext block. */ + input_length %= BLOCK_SIZE; + memcpy(tmp2, blockN1, input_length ? input_length : BLOCK_SIZE); + dec(tmp3, tmp2, &CACHE(key)->dec_ctx); + xorblock(tmp3, tmp); + memcpy(blockN1, tmp3, BLOCK_SIZE); + + /* Put the last two blocks back into the iovec */ + krb5int_c_iov_put_block(data, num_data, blockN1, BLOCK_SIZE, + &output_pos); + krb5int_c_iov_put_block(data, num_data, blockN2, BLOCK_SIZE, + &output_pos); + } + + return 0; +} + +krb5_error_code +krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, + size_t num_data, const krb5_data *iv, + krb5_data *output) +{ + camellia_ctx ctx; + unsigned char blockY[BLOCK_SIZE]; + struct iov_block_state iov_state; + + if (output->length < BLOCK_SIZE) + return KRB5_BAD_MSIZE; + + if (camellia_enc_key(key->keyblock.contents, + key->keyblock.length, &ctx) != camellia_good) + abort(); + + if (iv != NULL) + memcpy(blockY, iv->data, BLOCK_SIZE); + else + memset(blockY, 0, BLOCK_SIZE); + + IOV_BLOCK_STATE_INIT(&iov_state); + for (;;) { + unsigned char blockB[BLOCK_SIZE]; + + if (!krb5int_c_iov_get_block(blockB, BLOCK_SIZE, data, num_data, + &iov_state)) + break; + + xorblock(blockB, blockY); + if (camellia_enc_blk(blockB, blockY, &ctx) != camellia_good) + abort(); + } + + output->length = BLOCK_SIZE; + memcpy(output->data, blockY, BLOCK_SIZE); + + return 0; +} + +static krb5_error_code +camellia_init_state(const krb5_keyblock *key, krb5_keyusage usage, + krb5_data *state) +{ + state->length = 16; + state->data = malloc(16); + if (state->data == NULL) + return ENOMEM; + memset(state->data, 0, state->length); + return 0; +} + +const struct krb5_enc_provider krb5int_enc_camellia128 = { + 16, + 16, 16, + krb5int_camellia_encrypt, + krb5int_camellia_decrypt, + krb5int_camellia_cbc_mac, + krb5int_camellia_make_key, + camellia_init_state, + krb5int_default_free_state, +}; + +const struct krb5_enc_provider krb5int_enc_camellia256 = { + 16, + 32, 32, + krb5int_camellia_encrypt, + krb5int_camellia_decrypt, + krb5int_camellia_cbc_mac, + krb5int_camellia_make_key, + camellia_init_state, + krb5int_default_free_state +}; + +#else /* CAMELLIA */ + +/* These won't be used, but are still in the export table. */ + +krb5_error_code +krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, + size_t num_data, const krb5_data *iv, + krb5_data *output) +{ + return EINVAL; +} + +const struct krb5_enc_provider krb5int_enc_camellia128 = { +}; + +const struct krb5_enc_provider krb5int_enc_camellia256 = { +}; + +#endif /* CAMELLIA */ diff --git a/src/lib/crypto/builtin/enc_provider/camellia_ctr.c b/src/lib/crypto/builtin/enc_provider/camellia_ctr.c deleted file mode 100644 index 8171ab651..000000000 --- a/src/lib/crypto/builtin/enc_provider/camellia_ctr.c +++ /dev/null @@ -1,225 +0,0 @@ -/* - * lib/crypto/builtin/enc_provider/camellia_ctr.c - * - * Copyright (C) 2003, 2007-2010 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "k5-int.h" -#include "enc_provider.h" -#include "camellia.h" -#include <aead.h> -#include <rand2key.h> - -#ifdef CAMELLIA_CCM - -static void -xorblock(unsigned char *out, const unsigned char *in) -{ - int z; - for (z = 0; z < BLOCK_SIZE / 4; z++) { - unsigned char *outptr = &out[z * 4]; - unsigned char *inptr = (unsigned char *)&in[z * 4]; - /* - * Use unaligned accesses. On x86, this will probably still be faster - * than multiple byte accesses for unaligned data, and for aligned data - * should be far better. (One test indicated about 2.4% faster - * encryption for 1024-byte messages.) - * - * If some other CPU has really slow unaligned-word or byte accesses, - * perhaps this function (or the load/store helpers?) should test for - * alignment first. - * - * If byte accesses are faster than unaligned words, we may need to - * conditionalize on CPU type, as that may be hard to determine - * automatically. - */ - store_32_n(load_32_n(outptr) ^ load_32_n(inptr), outptr); - } -} - -/* Get the current counter block number from the IV */ -static inline void getctrblockno(krb5_ui_8 *pblockno, - const unsigned char ctr[BLOCK_SIZE]) -{ - *pblockno = load_64_be(&ctr[BLOCK_SIZE - 8]); -} - -/* Store the current counter block number in the IV */ -static inline void putctrblockno(krb5_ui_8 blockno, - unsigned char ctr[BLOCK_SIZE]) -{ - store_64_be(blockno, &ctr[BLOCK_SIZE - 8]); -} - -/* - * ivec must be a correctly formatted counter block per NIST SP800-38C A.3. - */ -static krb5_error_code -krb5int_camellia_encrypt_ctr(krb5_key key, const krb5_data *ivec, - krb5_crypto_iov *data, size_t num_data) -{ - camellia_ctx ctx; - unsigned char ctr[BLOCK_SIZE]; - krb5_ui_8 blockno; - struct iov_block_state input_pos, output_pos; - - if (camellia_enc_key(key->keyblock.contents, - key->keyblock.length, &ctx) != camellia_good) - abort(); - - IOV_BLOCK_STATE_INIT(&input_pos); - IOV_BLOCK_STATE_INIT(&output_pos); - - /* Don't encrypt the header (B0), and use zero instead of IOV padding. */ - input_pos.ignore_header = output_pos.ignore_header = 1; - input_pos.pad_to_boundary = output_pos.pad_to_boundary = 1; - - if (ivec == NULL) - return EINVAL; - if (ivec->length != BLOCK_SIZE) - return KRB5_BAD_MSIZE; - - memcpy(ctr, ivec->data, BLOCK_SIZE); - - getctrblockno(&blockno, ctr); - - for (;;) { - unsigned char storage[BLOCK_SIZE], *block; - unsigned char ectr[BLOCK_SIZE]; - - if (!krb5int_c_iov_get_block_nocopy(storage, BLOCK_SIZE, data, - num_data, &input_pos, &block)) - break; - - if (camellia_enc_blk(ctr, ectr, &ctx) != camellia_good) - abort(); - - xorblock(block, ectr); - krb5int_c_iov_put_block_nocopy(data, num_data, storage, BLOCK_SIZE, - &output_pos, block); - putctrblockno(++blockno, ctr); - } - - if (ivec != NULL) - memcpy(ivec->data, ctr, sizeof(ctr)); - - return 0; -} - -krb5_error_code -krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, - size_t num_data, const krb5_data *iv, - krb5_data *output) -{ - camellia_ctx ctx; - unsigned char blockY[BLOCK_SIZE]; - struct iov_block_state iov_state; - - if (output->length < BLOCK_SIZE) - return KRB5_BAD_MSIZE; - - if (camellia_enc_key(key->keyblock.contents, - key->keyblock.length, &ctx) != camellia_good) - abort(); - - if (iv != NULL) - memcpy(blockY, iv->data, BLOCK_SIZE); - else - memset(blockY, 0, BLOCK_SIZE); - - IOV_BLOCK_STATE_INIT(&iov_state); - - /* - * The CCM header may not fit in a block, because it includes a variable - * length encoding of the associated data length. This encoding plus the - * associated data itself is padded to the block size. - */ - iov_state.include_sign_only = 1; - iov_state.pad_to_boundary = 1; - - for (;;) { - unsigned char blockB[BLOCK_SIZE]; - - if (!krb5int_c_iov_get_block(blockB, BLOCK_SIZE, data, num_data, - &iov_state)) - break; - - xorblock(blockB, blockY); - - if (camellia_enc_blk(blockB, blockY, &ctx) != camellia_good) - abort(); - } - - output->length = BLOCK_SIZE; - memcpy(output->data, blockY, BLOCK_SIZE); - - return 0; -} - -static krb5_error_code -krb5int_camellia_init_state_ctr(const krb5_keyblock *key, krb5_keyusage usage, - krb5_data *state) -{ - return alloc_data(state, 16); -} - -const struct krb5_enc_provider krb5int_enc_camellia128_ctr = { - 16, - 16, 16, - krb5int_camellia_encrypt_ctr, - krb5int_camellia_encrypt_ctr, - krb5int_camellia_cbc_mac, - krb5int_camellia_make_key, - krb5int_camellia_init_state_ctr, - krb5int_default_free_state, - NULL -}; - -const struct krb5_enc_provider krb5int_enc_camellia256_ctr = { - 16, - 32, 32, - krb5int_camellia_encrypt_ctr, - krb5int_camellia_encrypt_ctr, - krb5int_camellia_cbc_mac, - krb5int_camellia_make_key, - krb5int_camellia_init_state_ctr, - krb5int_default_free_state, - NULL -}; - -#else /* CAMELLIA_CCM */ - -/* These won't be used, but is still in the export table. */ - -krb5_error_code -krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, - size_t num_data, const krb5_data *iv, - krb5_data *output) -{ - return EINVAL; -} - -const struct krb5_enc_provider krb5int_enc_camellia128_ctr = { -}; - -#endif /* CAMELLIA_CCM */ diff --git a/src/lib/crypto/builtin/enc_provider/enc_provider.h b/src/lib/crypto/builtin/enc_provider/enc_provider.h index 39175d1b9..e7afb3101 100644 --- a/src/lib/crypto/builtin/enc_provider/enc_provider.h +++ b/src/lib/crypto/builtin/enc_provider/enc_provider.h @@ -32,7 +32,7 @@ extern const struct krb5_enc_provider krb5int_enc_des3; extern const struct krb5_enc_provider krb5int_enc_arcfour; extern const struct krb5_enc_provider krb5int_enc_aes128; extern const struct krb5_enc_provider krb5int_enc_aes256; -#ifdef CAMELLIA_CCM -extern const struct krb5_enc_provider krb5int_enc_camellia128_ctr; -extern const struct krb5_enc_provider krb5int_enc_camellia256_ctr; +#ifdef CAMELLIA +extern const struct krb5_enc_provider krb5int_enc_camellia128; +extern const struct krb5_enc_provider krb5int_enc_camellia256; #endif |