diff options
Diffstat (limited to 'src')
30 files changed, 42 insertions, 221 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 14123a648..b96d9675d 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -2383,28 +2383,6 @@ krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *); krb5_error_code krb5int_clean_hostname(krb5_context, const char *, char *, size_t); -#if 0 -/* - * There are no IANA assignments for these enctypes or cksumtypes yet. They - * must be defined to local-use negative numbers at build time for Camellia - * support to function at the moment. If one is defined, they should all be - * defined. When IANA assignments exist, these definitions should move to the - * appropriate places in krb5.hin and all CAMELLIA conditional code should be - * made unconditional. - * - * The present code is experimental and may not be compatible with the - * standardized version. - */ -#define ENCTYPE_CAMELLIA128_CTS_CMAC -XXX /* Camellia CTS mode, 128-bit key */ -#define ENCTYPE_CAMELLIA256_CTS_CMAC -YYY /* Camellia CTS mode, 256-bit key */ -#define CKSUMTYPE_CMAC_CAMELLIA128 -XXX /* CMAC, 128-bit Camellia key */ -#define CKSUMTYPE_CMAC_CAMELLIA256 -YYY /* CMAC, 256-bit Camellia key */ -#endif - -#ifdef ENCTYPE_CAMELLIA128_CTS_CMAC -#define CAMELLIA -#endif - struct _krb5_kt { /* should move into k5-int.h */ krb5_magic magic; const struct _krb5_kt_ops *ops; diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 8c623df94..933d2b450 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -440,6 +440,8 @@ typedef struct _krb5_crypto_iov { #define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 /**< RFC 3962 */ #define ENCTYPE_ARCFOUR_HMAC 0x0017 #define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018 +#define ENCTYPE_CAMELLIA128_CTS_CMAC 0x0019 +#define ENCTYPE_CAMELLIA256_CTS_CMAC 0x001a #define ENCTYPE_UNKNOWN 0x01ff #define CKSUMTYPE_CRC32 0x0001 @@ -456,6 +458,8 @@ typedef struct _krb5_crypto_iov { ENCTYPE_AES128_CTS_HMAC_SHA1_96 */ #define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 /**< RFC 3962. Used with ENCTYPE_AES256_CTS_HMAC_SHA1_96 */ +#define CKSUMTYPE_CMAC_CAMELLIA128 0x0011 +#define CKSUMTYPE_CMAC_CAMELLIA256 0x0012 #define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /*Microsoft netlogon cksumtype*/ #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/ diff --git a/src/lib/crypto/builtin/camellia/Makefile.in b/src/lib/crypto/builtin/camellia/Makefile.in index b11716ecc..e6c86bc13 100644 --- a/src/lib/crypto/builtin/camellia/Makefile.in +++ b/src/lib/crypto/builtin/camellia/Makefile.in @@ -39,8 +39,7 @@ camellia-gen: camellia-gen.o $(GEN_OBJS) run-camellia-gen: camellia-gen ./camellia-gen > kresults.out -# Enable when Camellia support becomes unconditional. -#check:: run-camellia-gen +check:: run-camellia-gen clean-unix:: clean-libobjs diff --git a/src/lib/crypto/builtin/camellia/camellia-gen.c b/src/lib/crypto/builtin/camellia/camellia-gen.c index a98316715..1446d779e 100644 --- a/src/lib/crypto/builtin/camellia/camellia-gen.c +++ b/src/lib/crypto/builtin/camellia/camellia-gen.c @@ -8,8 +8,6 @@ #include <unistd.h> #include "camellia.h" -#ifdef CAMELLIA - #define B 16U unsigned char key[16]; unsigned char test_case_len[] = { B+1, 2*B-1, 2*B, 2*B+1, 3*B-1, 3*B, 4*B, }; @@ -316,18 +314,14 @@ static void cts_test () printf ("\n"); } -#endif /* CAMELLIA */ - int main () { -#ifdef CAMELLIA init (); fips_test (); ecb_test(); cbc_test(); cts_test(); -#endif return 0; } diff --git a/src/lib/crypto/builtin/camellia/camellia.c b/src/lib/crypto/builtin/camellia/camellia.c index 222b66215..88dfe99ad 100644 --- a/src/lib/crypto/builtin/camellia/camellia.c +++ b/src/lib/crypto/builtin/camellia/camellia.c @@ -36,9 +36,6 @@ #include "camellia.h" -#include "k5-int.h" /* Only for CAMELLIA; remove later. */ -#ifdef CAMELLIA - /* key constants */ #define CAMELLIA_SIGMA1L (0xA09E667FL) @@ -1540,5 +1537,3 @@ camellia_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], Camellia_DecryptBlock(cx->keybitlen, in_blk, cx->k_sch, out_blk); return camellia_good; } - -#endif /* CAMELLIA */ diff --git a/src/lib/crypto/builtin/enc_provider/camellia.c b/src/lib/crypto/builtin/enc_provider/camellia.c index ef51d4421..2faf811bf 100644 --- a/src/lib/crypto/builtin/enc_provider/camellia.c +++ b/src/lib/crypto/builtin/enc_provider/camellia.c @@ -27,8 +27,6 @@ #include "crypto_int.h" #include "camellia.h" -#ifdef CAMELLIA - /* * Private per-key data to cache after first generation. We don't want to mess * with the imported Cemallia implementation too much, so we'll just use two @@ -339,25 +337,3 @@ const struct krb5_enc_provider krb5int_enc_camellia256 = { camellia_init_state, krb5int_default_free_state }; - -#else /* CAMELLIA */ - -/* These won't be used, but are still in the export table. */ - -krb5_error_code -krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, - size_t num_data, const krb5_data *iv, - krb5_data *output) -{ - return EINVAL; -} - -const struct krb5_enc_provider krb5int_enc_camellia128 = { - 0 -}; - -const struct krb5_enc_provider krb5int_enc_camellia256 = { - 0 -}; - -#endif /* CAMELLIA */ diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in index 5aeef54a6..58e1c4810 100644 --- a/src/lib/crypto/crypto_tests/Makefile.in +++ b/src/lib/crypto/crypto_tests/Makefile.in @@ -59,8 +59,7 @@ check-unix:: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \ $(RUN_SETUP) $(VALGRIND) ./aes-test > vt.txt cmp vt.txt $(srcdir)/expect-vt.txt $(RUN_SETUP) $(VALGRIND) ./camellia-test > camellia-vt.txt -# Enable this when Camellia becomes unconditional. -# cmp camellia-vt.txt $(srcdir)/camellia-expect-vt.txt + cmp camellia-vt.txt $(srcdir)/camellia-expect-vt.txt $(RUN_SETUP) $(VALGRIND) $(C)t_mddriver4 -x $(RUN_SETUP) $(VALGRIND) $(C)t_mddriver -x $(RUN_SETUP) $(VALGRIND) ./t_short diff --git a/src/lib/crypto/crypto_tests/camellia-test.c b/src/lib/crypto/crypto_tests/camellia-test.c index 9975d4d26..73ef2caa4 100644 --- a/src/lib/crypto/crypto_tests/camellia-test.c +++ b/src/lib/crypto/crypto_tests/camellia-test.c @@ -28,9 +28,7 @@ */ #include <stdio.h> -#include "k5-int.h" - -#ifdef CAMELLIA +#include "crypto_int.h" static char key[32]; static char plain[16], cipher[16], zero[16]; @@ -124,11 +122,8 @@ static void vt_test() vt_test_1(32); } -#endif /* CAMELLIA */ - int main (int argc, char *argv[]) { -#ifdef CAMELLIA if (argc > 2 || (argc == 2 && strcmp(argv[1], "-k"))) { fprintf(stderr, "usage:\t%s -k\tfor variable-key tests\n" @@ -141,6 +136,5 @@ int main (int argc, char *argv[]) vk_test(); else vt_test(); -#endif /* CAMELLIA */ return 0; } diff --git a/src/lib/crypto/crypto_tests/t_cksums.c b/src/lib/crypto/crypto_tests/t_cksums.c index ee089eebd..c0694a1c0 100644 --- a/src/lib/crypto/crypto_tests/t_cksums.c +++ b/src/lib/crypto/crypto_tests/t_cksums.c @@ -108,7 +108,6 @@ struct test { { KV5M_DATA, 16, "\xEB\x38\xCC\x97\xE2\x23\x0F\x59\xDA\x41\x17\xDC\x58\x59\xD7\xEC" } }, -#ifdef CAMELLIA { "abcdefghijk", CKSUMTYPE_CMAC_CAMELLIA128, ENCTYPE_CAMELLIA128_CTS_CMAC, 7, @@ -143,7 +142,6 @@ struct test { { KV5M_DATA, 16, "\x3F\xA0\xB4\x23\x55\xE5\x2B\x18\x91\x87\x29\x4A\xA2\x52\xAB\x64" } }, -#endif }; static void diff --git a/src/lib/crypto/crypto_tests/t_cmac.c b/src/lib/crypto/crypto_tests/t_cmac.c index 7a4b3aeee..7a95e437a 100644 --- a/src/lib/crypto/crypto_tests/t_cmac.c +++ b/src/lib/crypto/crypto_tests/t_cmac.c @@ -40,8 +40,6 @@ #include "crypto_int.h" -#ifdef CAMELLIA - /* All examples use the following Camellia-128 key. */ static unsigned char keybytes[] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, @@ -98,12 +96,9 @@ check_result(const char *name, const unsigned char *result, } } -#endif /* CAMELLIA */ - int main(int argc, char **argv) { -#ifdef CAMELLIA krb5_context context = NULL; krb5_keyblock keyblock; krb5_key key; @@ -142,6 +137,5 @@ main(int argc, char **argv) printf("All CMAC tests passed.\n"); krb5_k_free_key(context, key); -#endif /* CAMELLIA */ return 0; } diff --git a/src/lib/crypto/crypto_tests/t_decrypt.c b/src/lib/crypto/crypto_tests/t_decrypt.c index 34486c865..9db60a1f2 100644 --- a/src/lib/crypto/crypto_tests/t_decrypt.c +++ b/src/lib/crypto/crypto_tests/t_decrypt.c @@ -445,7 +445,6 @@ struct test { "\xB7\x34\xD4\xD4\x98\xB6\x71\x4F\x1C\x1D" } }, -#ifdef CAMELLIA { ENCTYPE_CAMELLIA128_CTS_CMAC, "", 0, @@ -552,7 +551,6 @@ struct test { "\xF3\x4A\xD1\x25\x5A\x34\x49\x99\xAD\x37\x14\x68\x87\xA6\xC6\x84" "\x57\x31\xAC\x7F\x46\x37\x6A\x05\x04\xCD\x06\x57\x14\x74" } }, -#endif }; static void @@ -585,10 +583,8 @@ enctypes[] = { ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_AES128_CTS_HMAC_SHA1_96, ENCTYPE_AES256_CTS_HMAC_SHA1_96, -#ifdef CAMELLIA ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC -#endif }; static char *plaintexts[] = { diff --git a/src/lib/crypto/crypto_tests/t_derive.c b/src/lib/crypto/crypto_tests/t_derive.c index 5f4c04ae6..0f34b00ed 100644 --- a/src/lib/crypto/crypto_tests/t_derive.c +++ b/src/lib/crypto/crypto_tests/t_derive.c @@ -137,7 +137,6 @@ struct test { "\xD7\xBB\xA9\x07\x76\xD8\x12\x6D\x91\xF3\x4F\x31\x01\xAE\xA8\xBA" } }, -#ifdef CAMELLIA /* Kc, Ke, Ki for a Camellia-128 key */ { ENCTYPE_CAMELLIA128_CTS_CMAC, @@ -201,7 +200,6 @@ struct test { "\xFA\x62\x4F\xA0\xE5\x23\x99\x3F\xA3\x88\xAE\xFD\xC6\x7E\x67\xEB" "\xCD\x8C\x08\xE8\xA0\x24\x6B\x1D\x73\xB0\xD1\xDD\x9F\xC5\x82\xB0" } }, -#endif }; static void @@ -231,10 +229,8 @@ get_enc_provider(krb5_enctype enctype) case ENCTYPE_DES3_CBC_SHA1: return &krb5int_enc_des3; case ENCTYPE_AES128_CTS_HMAC_SHA1_96: return &krb5int_enc_aes128; case ENCTYPE_AES256_CTS_HMAC_SHA1_96: return &krb5int_enc_aes256; -#ifdef CAMELLIA case ENCTYPE_CAMELLIA128_CTS_CMAC: return &krb5int_enc_camellia128; case ENCTYPE_CAMELLIA256_CTS_CMAC: return &krb5int_enc_camellia256; -#endif } abort(); } diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c index 580120b8f..1ac375e49 100644 --- a/src/lib/crypto/crypto_tests/t_encrypt.c +++ b/src/lib/crypto/crypto_tests/t_encrypt.c @@ -45,10 +45,8 @@ krb5_enctype interesting_enctypes[] = { ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, -#ifdef CAMELLIA ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC, -#endif 0 }; diff --git a/src/lib/crypto/crypto_tests/t_short.c b/src/lib/crypto/crypto_tests/t_short.c index 295206651..6ee7b1987 100644 --- a/src/lib/crypto/crypto_tests/t_short.c +++ b/src/lib/crypto/crypto_tests/t_short.c @@ -42,10 +42,8 @@ krb5_enctype interesting_enctypes[] = { ENCTYPE_ARCFOUR_HMAC_EXP, ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_AES128_CTS_HMAC_SHA1_96, -#ifdef CAMELLIA ENCTYPE_CAMELLIA128_CTS_CMAC, ENCTYPE_CAMELLIA256_CTS_CMAC, -#endif 0 }; diff --git a/src/lib/crypto/crypto_tests/t_str2key.c b/src/lib/crypto/crypto_tests/t_str2key.c index fe58bd11c..e9b29ba67 100644 --- a/src/lib/crypto/crypto_tests/t_str2key.c +++ b/src/lib/crypto/crypto_tests/t_str2key.c @@ -410,7 +410,6 @@ struct test { "\x57\x18\x48\xB7\x84\xA3\xD6\xBD\xC3\x46\x58\x9A\x3E\x39\x3F\x9E" } }, -#ifdef CAMELLIA /* The same inputs applied to Camellia enctypes. */ { ENCTYPE_CAMELLIA128_CTS_CMAC, @@ -531,7 +530,6 @@ struct test { "\x16\x3B\x76\x8C\x6D\xB1\x48\xB4\xEE\xC7\x16\x3D\xF5\xAE\xD7\x0E" "\x20\x6B\x68\xCE\xC0\x78\xBC\x06\x9E\xD6\x8A\x7E\xD3\x6B\x1E\xCC" } } -#endif /* CAMELLIA */ }; static void diff --git a/src/lib/crypto/krb/checksum_dk_cmac.c b/src/lib/crypto/krb/checksum_dk_cmac.c index bb48c577c..59d5c5a52 100644 --- a/src/lib/crypto/krb/checksum_dk_cmac.c +++ b/src/lib/crypto/krb/checksum_dk_cmac.c @@ -28,8 +28,6 @@ #define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */ -#ifdef CAMELLIA - krb5_error_code krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp, krb5_key key, krb5_keyusage usage, @@ -58,5 +56,3 @@ krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp, krb5_k_free_key(NULL, kc); return ret; } - -#endif /* CAMELLIA */ diff --git a/src/lib/crypto/krb/cksumtypes.c b/src/lib/crypto/krb/cksumtypes.c index fd95057c4..a1ced981f 100644 --- a/src/lib/crypto/krb/cksumtypes.c +++ b/src/lib/crypto/krb/cksumtypes.c @@ -101,7 +101,6 @@ const struct krb5_cksumtypes krb5int_cksumtypes_list[] = { krb5int_hmacmd5_checksum, NULL, 16, 16, 0 }, -#ifdef CAMELLIA { CKSUMTYPE_CMAC_CAMELLIA128, "cmac-camellia128", { 0 }, "CMAC Camellia128 key", &krb5int_enc_camellia128, NULL, @@ -113,7 +112,6 @@ const struct krb5_cksumtypes krb5int_cksumtypes_list[] = { &krb5int_enc_camellia256, NULL, krb5int_dk_cmac_checksum, NULL, 16, 16, 0 }, -#endif /* CAMELLIA */ }; const size_t krb5int_cksumtypes_length = diff --git a/src/lib/crypto/krb/cmac.c b/src/lib/crypto/krb/cmac.c index 19af2201e..2e220c5d5 100644 --- a/src/lib/crypto/krb/cmac.c +++ b/src/lib/crypto/krb/cmac.c @@ -41,8 +41,6 @@ #include "crypto_int.h" -#ifdef CAMELLIA - #define BLOCK_SIZE 16 static unsigned char const_Rb[BLOCK_SIZE] = { @@ -221,17 +219,3 @@ krb5int_cmac_checksum(const struct krb5_enc_provider *enc, krb5_key key, return 0; } - -#else /* CAMELLIA */ - -/* This won't be used, but is still in the export table. */ - -krb5_error_code -krb5int_cmac_checksum(const struct krb5_enc_provider *enc, krb5_key key, - const krb5_crypto_iov *data, size_t num_data, - krb5_data *output) -{ - return EINVAL; -} - -#endif /* CAMELLIA */ diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h index cb9aef346..01090d006 100644 --- a/src/lib/crypto/krb/crypto_int.h +++ b/src/lib/crypto/krb/crypto_int.h @@ -321,11 +321,8 @@ krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp, /*** Key derivation functions ***/ enum deriv_alg { - DERIVE_RFC3961 /* RFC 3961 section 5.1 */ -#ifdef CAMELLIA - , /* C90 doesn't let enum list end w/comma */ + DERIVE_RFC3961, /* RFC 3961 section 5.1 */ DERIVE_SP800_108_CMAC /* NIST SP 800-108 with CMAC as PRF */ -#endif }; krb5_error_code krb5int_derive_keyblock(const struct krb5_enc_provider *enc, @@ -421,10 +418,8 @@ extern const struct krb5_enc_provider krb5int_enc_aes128; extern const struct krb5_enc_provider krb5int_enc_aes256; extern const struct krb5_enc_provider krb5int_enc_aes128_ctr; extern const struct krb5_enc_provider krb5int_enc_aes256_ctr; -#ifdef CAMELLIA extern const struct krb5_enc_provider krb5int_enc_camellia128; extern const struct krb5_enc_provider krb5int_enc_camellia256; -#endif extern const struct krb5_hash_provider krb5int_hash_crc32; extern const struct krb5_hash_provider krb5int_hash_md4; @@ -462,8 +457,7 @@ krb5_error_code krb5int_pbkdf2_hmac_sha1(const krb5_data *out, const krb5_data *salt); /* The following are used by test programs and are just handler functions from - * the AES and Camellia enc providers. Define a stub krb5int_camellia_cbc_mac - * even if CAMELLIA isn't defined, since it's in the export list. */ + * the AES and Camellia enc providers. */ krb5_error_code krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data); krb5_error_code krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec, diff --git a/src/lib/crypto/krb/derive.c b/src/lib/crypto/krb/derive.c index 1cb47af4b..1509f4225 100644 --- a/src/lib/crypto/krb/derive.c +++ b/src/lib/crypto/krb/derive.c @@ -130,8 +130,6 @@ cleanup: return ret; } -#ifdef CAMELLIA - /* * NIST SP800-108 KDF in feedback mode (section 5.2). * Parameters: @@ -207,8 +205,6 @@ cleanup: return ret; } -#endif /* CAMELLIA */ - krb5_error_code krb5int_derive_random(const struct krb5_enc_provider *enc, krb5_key inkey, krb5_data *outrnd, @@ -217,10 +213,8 @@ krb5int_derive_random(const struct krb5_enc_provider *enc, switch (alg) { case DERIVE_RFC3961: return derive_random_rfc3961(enc, inkey, outrnd, in_constant); -#ifdef CAMELLIA case DERIVE_SP800_108_CMAC: return derive_random_sp800_108_cmac(enc, inkey, outrnd, in_constant); -#endif default: return EINVAL; } diff --git a/src/lib/crypto/krb/enc_dk_cmac.c b/src/lib/crypto/krb/enc_dk_cmac.c index 6593d172e..508f9f823 100644 --- a/src/lib/crypto/krb/enc_dk_cmac.c +++ b/src/lib/crypto/krb/enc_dk_cmac.c @@ -27,8 +27,6 @@ #include "crypto_int.h" -#ifdef CAMELLIA - #define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */ /* AEAD */ @@ -182,5 +180,3 @@ cleanup: zapfree(cksum.data, cksum.length); return ret; } - -#endif /* CAMELLIA */ diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c index a9b176dbd..53be1d54d 100644 --- a/src/lib/crypto/krb/etypes.c +++ b/src/lib/crypto/krb/etypes.c @@ -144,7 +144,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { krb5int_dk_prf, CKSUMTYPE_HMAC_SHA1_96_AES256, 0 /*flags*/ }, -#ifdef CAMELLIA + { ENCTYPE_CAMELLIA128_CTS_CMAC, "camellia128-cts-cmac", { "camellia128-cts" }, "Camellia-128 CTS mode with CMAC", @@ -167,7 +167,6 @@ const struct krb5_keytypes krb5int_enctypes_list[] = { krb5int_dk_cmac_prf, CKSUMTYPE_CMAC_CAMELLIA256, 0 /*flags */ }, -#endif /* CAMELLIA */ }; const int krb5int_enctypes_length = diff --git a/src/lib/crypto/krb/prf_cmac.c b/src/lib/crypto/krb/prf_cmac.c index d3e71617d..131c36d12 100644 --- a/src/lib/crypto/krb/prf_cmac.c +++ b/src/lib/crypto/krb/prf_cmac.c @@ -26,8 +26,6 @@ #include "crypto_int.h" -#ifdef CAMELLIA - krb5_error_code krb5int_dk_cmac_prf(const struct krb5_keytypes *ktp, krb5_key key, const krb5_data *in, krb5_data *out) @@ -58,5 +56,3 @@ cleanup: krb5_k_free_key(NULL, kp); return ret; } - -#endif /* CAMELLIA */ diff --git a/src/lib/crypto/krb/s2k_pbkdf2.c b/src/lib/crypto/krb/s2k_pbkdf2.c index 90fe3c694..2476865f3 100644 --- a/src/lib/crypto/krb/s2k_pbkdf2.c +++ b/src/lib/crypto/krb/s2k_pbkdf2.c @@ -183,7 +183,6 @@ krb5int_aes_string_to_key(const struct krb5_keytypes *ktp, DERIVE_RFC3961, 4096); } -#ifdef CAMELLIA krb5_error_code krb5int_camellia_string_to_key(const struct krb5_keytypes *ktp, const krb5_data *string, @@ -196,4 +195,3 @@ krb5int_camellia_string_to_key(const struct krb5_keytypes *ktp, return pbkdf2_string_to_key(ktp, string, salt, &pepper, params, key, DERIVE_SP800_108_CMAC, 32768); } -#endif diff --git a/src/lib/crypto/nss/enc_provider/camellia.c b/src/lib/crypto/nss/enc_provider/camellia.c index f4eb0deb7..9859efa1d 100644 --- a/src/lib/crypto/nss/enc_provider/camellia.c +++ b/src/lib/crypto/nss/enc_provider/camellia.c @@ -36,8 +36,6 @@ #include "crypto_int.h" #include "nss_gen.h" -#ifdef CAMELLIA - static krb5_error_code krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data) @@ -113,23 +111,3 @@ const struct krb5_enc_provider krb5int_enc_camellia256 = { krb5int_default_free_state, k5_nss_gen_cleanup }; - -#else /* CAMELLIA_CCM */ - -/* These won't be used, but are still in the export table. */ - -krb5_error_code -krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, - size_t num_data, const krb5_data *iv, - krb5_data *output) -{ - return EINVAL; -} - -const struct krb5_enc_provider krb5int_enc_camellia128 = { -}; - -const struct krb5_enc_provider krb5int_enc_camellia256 = { -}; - -#endif diff --git a/src/lib/crypto/openssl/enc_provider/camellia.c b/src/lib/crypto/openssl/enc_provider/camellia.c index f22826bbd..2173db6a8 100644 --- a/src/lib/crypto/openssl/enc_provider/camellia.c +++ b/src/lib/crypto/openssl/enc_provider/camellia.c @@ -29,8 +29,6 @@ #include <openssl/camellia.h> #include <openssl/modes.h> -#ifdef CAMELLIA - static krb5_error_code cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data); @@ -384,23 +382,3 @@ const struct krb5_enc_provider krb5int_enc_camellia256 = { krb5int_camellia_init_state, krb5int_default_free_state }; - -#else /* CAMELLIA */ - -/* These won't be used, but are still in the export table. */ - -krb5_error_code -krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data, - size_t num_data, const krb5_data *iv, - krb5_data *output) -{ - return EINVAL; -} - -const struct krb5_enc_provider krb5int_enc_camellia128 = { -}; - -const struct krb5_enc_provider krb5int_enc_camellia256 = { -}; - -#endif /* CAMELLIA */ diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index 6e098f8ba..aa793fc8f 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -468,11 +468,9 @@ krb5int_parse_enctype_list(krb5_context context, const char *profkey, mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, &list); } else if (strcasecmp(token, "rc4") == 0) { mod_list(ENCTYPE_ARCFOUR_HMAC, sel, weak, &list); -#ifdef CAMELLIA } else if (strcasecmp(token, "camellia") == 0) { mod_list(ENCTYPE_CAMELLIA256_CTS_CMAC, sel, weak, &list); mod_list(ENCTYPE_CAMELLIA128_CTS_CMAC, sel, weak, &list); -#endif } else if (krb5_string_to_enctype(token, &etype) == 0) { /* Set a specific enctype. */ mod_list(etype, sel, weak, &list); diff --git a/src/lib/krb5/krb/t_etypes.c b/src/lib/krb5/krb/t_etypes.c index 72dbb20aa..0a8a19984 100644 --- a/src/lib/krb5/krb/t_etypes.c +++ b/src/lib/krb5/krb/t_etypes.c @@ -97,14 +97,12 @@ static struct { ENCTYPE_DES3_CBC_SHA1, 0 }, 0, 0 }, -#ifdef CAMELLIA /* Family with enctype removed */ { "camellia -camellia256-cts-cmac", { 0 }, { ENCTYPE_CAMELLIA128_CTS_CMAC, 0 }, { ENCTYPE_CAMELLIA128_CTS_CMAC, 0 } }, -#endif /* Enctype followed by two families */ { "+rc4-hmAC des3 +des", { 0 }, diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index 2804b5c7f..67963c579 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -189,6 +189,30 @@ set passes { {dummy=[verbose -log "AES enctypes"]} } { + camellia-only + mode=udp + des3_krbtgt=0 + {supported_enctypes=camellia256-cts:normal} + {permitted_enctypes(kdc)=camellia256-cts} + {permitted_enctypes(slave)=camellia256-cts} + {permitted_enctypes(client)=camellia256-cts} + {permitted_enctypes(server)=camellia256-cts} + {default_tgs_enctypes(kdc)=camellia256-cts} + {default_tgs_enctypes(slave)=camellia256-cts} + {default_tgs_enctypes(client)=camellia256-cts} + {default_tgs_enctypes(server)=camellia256-cts} + {default_tkt_enctypes(kdc)=camellia256-cts} + {default_tkt_enctypes(slave)=camellia256-cts} + {default_tkt_enctypes(client)=camellia256-cts} + {default_tkt_enctypes(server)=camellia256-cts} + {allow_weak_crypto(kdc)=false} + {allow_weak_crypto(slave)=false} + {allow_weak_crypto(client)=false} + {allow_weak_crypto(server)=false} + {master_key_type=camellia256-cts} + {dummy=[verbose -log "Camellia-256 enctype"]} + } + { aes-des3 mode=udp des3_krbtgt=0 @@ -263,32 +287,6 @@ set passes { } } -# Add to above when Camellia support becomes unconditional. -# { -# camellia-only -# mode=udp -# des3_krbtgt=0 -# {supported_enctypes=camellia256-cts:normal} -# {permitted_enctypes(kdc)=camellia256-cts} -# {permitted_enctypes(slave)=camellia256-cts} -# {permitted_enctypes(client)=camellia256-cts} -# {permitted_enctypes(server)=camellia256-cts} -# {default_tgs_enctypes(kdc)=camellia256-cts} -# {default_tgs_enctypes(slave)=camellia256-cts} -# {default_tgs_enctypes(client)=camellia256-cts} -# {default_tgs_enctypes(server)=camellia256-cts} -# {default_tkt_enctypes(kdc)=camellia256-cts} -# {default_tkt_enctypes(slave)=camellia256-cts} -# {default_tkt_enctypes(client)=camellia256-cts} -# {default_tkt_enctypes(server)=camellia256-cts} -# {allow_weak_crypto(kdc)=false} -# {allow_weak_crypto(slave)=false} -# {allow_weak_crypto(client)=false} -# {allow_weak_crypto(server)=false} -# {master_key_type=camellia256-cts} -# {dummy=[verbose -log "Camellia-256 enctype"]} -# } - # des.md5-tgt is set as unused, since it won't trigger the error case # if SUPPORT_DESMD5 isn't honored. diff --git a/src/util/k5test.py b/src/util/k5test.py index 6af782c72..4fd8cf752 100644 --- a/src/util/k5test.py +++ b/src/util/k5test.py @@ -1185,15 +1185,14 @@ _passes = [ 'master_key_type' : 'aes128-cts'}}}}), # Exercise the camellia256-cts enctype. -# Enable when Camellia support becomes unconditional. -# ('camellia256', None, -# {'all' : {'libdefaults' : { -# 'default_tgs_enctypes' : 'camellia256-cts', -# 'default_tkt_enctypes' : 'camellia256-cts', -# 'permitted_enctypes' : 'camellia256-cts'}}}, -# {'master' : {'realms' : {'$realm' : { -# 'supported_enctypes' : 'camellia256-cts:normal', -# 'master_key_type' : 'camellia256-cts'}}}}), + ('camellia256', None, + {'all' : {'libdefaults' : { + 'default_tgs_enctypes' : 'camellia256-cts', + 'default_tkt_enctypes' : 'camellia256-cts', + 'permitted_enctypes' : 'camellia256-cts'}}}, + {'master' : {'realms' : {'$realm' : { + 'supported_enctypes' : 'camellia256-cts:normal', + 'master_key_type' : 'camellia256-cts'}}}}), # Test a setup with modern principal keys but an old TGT key. ('aes256.destgt', 'des-cbc-crc:normal', |