krb5 commit: De-conditionalize Camellia code
Greg Hudson
ghudson at MIT.EDU
Tue Oct 9 14:27:57 EDT 2012
https://github.com/krb5/krb5/commit/01f30a7f06110f54c5d69fdd7697347c102f5274
commit 01f30a7f06110f54c5d69fdd7697347c102f5274
Author: Greg Hudson <ghudson at mit.edu>
Date: Tue Oct 9 14:27:04 2012 -0400
De-conditionalize Camellia code
The Camellia enctypes and cksumtypes have received IANA assignments.
Add #defines using those assignments to krb5.h, remove the CAMELLIA
conditional, and enable testing code as appropriate.
The Camellia draft has not received an RFC number yet, so there is no
Doxygen markup for the enctype and cksumtype #defines. That can be
added once the RFC number is known.
src/include/k5-int.h | 22 ----------
src/include/krb5/krb5.hin | 4 ++
src/lib/crypto/builtin/camellia/Makefile.in | 3 +-
src/lib/crypto/builtin/camellia/camellia-gen.c | 6 ---
src/lib/crypto/builtin/camellia/camellia.c | 5 --
src/lib/crypto/builtin/enc_provider/camellia.c | 24 -----------
src/lib/crypto/crypto_tests/Makefile.in | 3 +-
src/lib/crypto/crypto_tests/camellia-test.c | 8 +---
src/lib/crypto/crypto_tests/t_cksums.c | 2 -
src/lib/crypto/crypto_tests/t_cmac.c | 6 ---
src/lib/crypto/crypto_tests/t_decrypt.c | 4 --
src/lib/crypto/crypto_tests/t_derive.c | 4 --
src/lib/crypto/crypto_tests/t_encrypt.c | 2 -
src/lib/crypto/crypto_tests/t_short.c | 2 -
src/lib/crypto/crypto_tests/t_str2key.c | 2 -
src/lib/crypto/krb/checksum_dk_cmac.c | 4 --
src/lib/crypto/krb/cksumtypes.c | 2 -
src/lib/crypto/krb/cmac.c | 16 --------
src/lib/crypto/krb/crypto_int.h | 10 +----
src/lib/crypto/krb/derive.c | 6 ---
src/lib/crypto/krb/enc_dk_cmac.c | 4 --
src/lib/crypto/krb/etypes.c | 3 +-
src/lib/crypto/krb/prf_cmac.c | 4 --
src/lib/crypto/krb/s2k_pbkdf2.c | 2 -
src/lib/crypto/nss/enc_provider/camellia.c | 22 ----------
src/lib/crypto/openssl/enc_provider/camellia.c | 22 ----------
src/lib/krb5/krb/init_ctx.c | 2 -
src/lib/krb5/krb/t_etypes.c | 2 -
src/tests/dejagnu/config/default.exp | 50 +++++++++++------------
src/util/k5test.py | 17 ++++----
30 files changed, 42 insertions(+), 221 deletions(-)
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 14123a6..b96d967 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -2383,28 +2383,6 @@ krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
krb5_error_code
krb5int_clean_hostname(krb5_context, const char *, char *, size_t);
-#if 0
-/*
- * There are no IANA assignments for these enctypes or cksumtypes yet. They
- * must be defined to local-use negative numbers at build time for Camellia
- * support to function at the moment. If one is defined, they should all be
- * defined. When IANA assignments exist, these definitions should move to the
- * appropriate places in krb5.hin and all CAMELLIA conditional code should be
- * made unconditional.
- *
- * The present code is experimental and may not be compatible with the
- * standardized version.
- */
-#define ENCTYPE_CAMELLIA128_CTS_CMAC -XXX /* Camellia CTS mode, 128-bit key */
-#define ENCTYPE_CAMELLIA256_CTS_CMAC -YYY /* Camellia CTS mode, 256-bit key */
-#define CKSUMTYPE_CMAC_CAMELLIA128 -XXX /* CMAC, 128-bit Camellia key */
-#define CKSUMTYPE_CMAC_CAMELLIA256 -YYY /* CMAC, 256-bit Camellia key */
-#endif
-
-#ifdef ENCTYPE_CAMELLIA128_CTS_CMAC
-#define CAMELLIA
-#endif
-
struct _krb5_kt { /* should move into k5-int.h */
krb5_magic magic;
const struct _krb5_kt_ops *ops;
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 8c623df..933d2b4 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -440,6 +440,8 @@ typedef struct _krb5_crypto_iov {
#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 /**< RFC 3962 */
#define ENCTYPE_ARCFOUR_HMAC 0x0017
#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
+#define ENCTYPE_CAMELLIA128_CTS_CMAC 0x0019
+#define ENCTYPE_CAMELLIA256_CTS_CMAC 0x001a
#define ENCTYPE_UNKNOWN 0x01ff
#define CKSUMTYPE_CRC32 0x0001
@@ -456,6 +458,8 @@ typedef struct _krb5_crypto_iov {
ENCTYPE_AES128_CTS_HMAC_SHA1_96 */
#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 /**< RFC 3962. Used with
ENCTYPE_AES256_CTS_HMAC_SHA1_96 */
+#define CKSUMTYPE_CMAC_CAMELLIA128 0x0011
+#define CKSUMTYPE_CMAC_CAMELLIA256 0x0012
#define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /*Microsoft netlogon cksumtype*/
#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/
diff --git a/src/lib/crypto/builtin/camellia/Makefile.in b/src/lib/crypto/builtin/camellia/Makefile.in
index b11716e..e6c86bc 100644
--- a/src/lib/crypto/builtin/camellia/Makefile.in
+++ b/src/lib/crypto/builtin/camellia/Makefile.in
@@ -39,8 +39,7 @@ camellia-gen: camellia-gen.o $(GEN_OBJS)
run-camellia-gen: camellia-gen
./camellia-gen > kresults.out
-# Enable when Camellia support becomes unconditional.
-#check:: run-camellia-gen
+check:: run-camellia-gen
clean-unix:: clean-libobjs
diff --git a/src/lib/crypto/builtin/camellia/camellia-gen.c b/src/lib/crypto/builtin/camellia/camellia-gen.c
index a983167..1446d77 100644
--- a/src/lib/crypto/builtin/camellia/camellia-gen.c
+++ b/src/lib/crypto/builtin/camellia/camellia-gen.c
@@ -8,8 +8,6 @@
#include <unistd.h>
#include "camellia.h"
-#ifdef CAMELLIA
-
#define B 16U
unsigned char key[16];
unsigned char test_case_len[] = { B+1, 2*B-1, 2*B, 2*B+1, 3*B-1, 3*B, 4*B, };
@@ -316,18 +314,14 @@ static void cts_test ()
printf ("\n");
}
-#endif /* CAMELLIA */
-
int main ()
{
-#ifdef CAMELLIA
init ();
fips_test ();
ecb_test();
cbc_test();
cts_test();
-#endif
return 0;
}
diff --git a/src/lib/crypto/builtin/camellia/camellia.c b/src/lib/crypto/builtin/camellia/camellia.c
index 222b662..88dfe99 100644
--- a/src/lib/crypto/builtin/camellia/camellia.c
+++ b/src/lib/crypto/builtin/camellia/camellia.c
@@ -36,9 +36,6 @@
#include "camellia.h"
-#include "k5-int.h" /* Only for CAMELLIA; remove later. */
-#ifdef CAMELLIA
-
/* key constants */
#define CAMELLIA_SIGMA1L (0xA09E667FL)
@@ -1540,5 +1537,3 @@ camellia_dec_blk(const unsigned char in_blk[], unsigned char out_blk[],
Camellia_DecryptBlock(cx->keybitlen, in_blk, cx->k_sch, out_blk);
return camellia_good;
}
-
-#endif /* CAMELLIA */
diff --git a/src/lib/crypto/builtin/enc_provider/camellia.c b/src/lib/crypto/builtin/enc_provider/camellia.c
index ef51d44..2faf811 100644
--- a/src/lib/crypto/builtin/enc_provider/camellia.c
+++ b/src/lib/crypto/builtin/enc_provider/camellia.c
@@ -27,8 +27,6 @@
#include "crypto_int.h"
#include "camellia.h"
-#ifdef CAMELLIA
-
/*
* Private per-key data to cache after first generation. We don't want to mess
* with the imported Cemallia implementation too much, so we'll just use two
@@ -339,25 +337,3 @@ const struct krb5_enc_provider krb5int_enc_camellia256 = {
camellia_init_state,
krb5int_default_free_state
};
-
-#else /* CAMELLIA */
-
-/* These won't be used, but are still in the export table. */
-
-krb5_error_code
-krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
- size_t num_data, const krb5_data *iv,
- krb5_data *output)
-{
- return EINVAL;
-}
-
-const struct krb5_enc_provider krb5int_enc_camellia128 = {
- 0
-};
-
-const struct krb5_enc_provider krb5int_enc_camellia256 = {
- 0
-};
-
-#endif /* CAMELLIA */
diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in
index 5aeef54..58e1c48 100644
--- a/src/lib/crypto/crypto_tests/Makefile.in
+++ b/src/lib/crypto/crypto_tests/Makefile.in
@@ -59,8 +59,7 @@ check-unix:: t_nfold t_encrypt t_decrypt t_prf t_prng t_cmac t_hmac \
$(RUN_SETUP) $(VALGRIND) ./aes-test > vt.txt
cmp vt.txt $(srcdir)/expect-vt.txt
$(RUN_SETUP) $(VALGRIND) ./camellia-test > camellia-vt.txt
-# Enable this when Camellia becomes unconditional.
-# cmp camellia-vt.txt $(srcdir)/camellia-expect-vt.txt
+ cmp camellia-vt.txt $(srcdir)/camellia-expect-vt.txt
$(RUN_SETUP) $(VALGRIND) $(C)t_mddriver4 -x
$(RUN_SETUP) $(VALGRIND) $(C)t_mddriver -x
$(RUN_SETUP) $(VALGRIND) ./t_short
diff --git a/src/lib/crypto/crypto_tests/camellia-test.c b/src/lib/crypto/crypto_tests/camellia-test.c
index 9975d4d..73ef2ca 100644
--- a/src/lib/crypto/crypto_tests/camellia-test.c
+++ b/src/lib/crypto/crypto_tests/camellia-test.c
@@ -28,9 +28,7 @@
*/
#include <stdio.h>
-#include "k5-int.h"
-
-#ifdef CAMELLIA
+#include "crypto_int.h"
static char key[32];
static char plain[16], cipher[16], zero[16];
@@ -124,11 +122,8 @@ static void vt_test()
vt_test_1(32);
}
-#endif /* CAMELLIA */
-
int main (int argc, char *argv[])
{
-#ifdef CAMELLIA
if (argc > 2 || (argc == 2 && strcmp(argv[1], "-k"))) {
fprintf(stderr,
"usage:\t%s -k\tfor variable-key tests\n"
@@ -141,6 +136,5 @@ int main (int argc, char *argv[])
vk_test();
else
vt_test();
-#endif /* CAMELLIA */
return 0;
}
diff --git a/src/lib/crypto/crypto_tests/t_cksums.c b/src/lib/crypto/crypto_tests/t_cksums.c
index ee089ee..c0694a1 100644
--- a/src/lib/crypto/crypto_tests/t_cksums.c
+++ b/src/lib/crypto/crypto_tests/t_cksums.c
@@ -108,7 +108,6 @@ struct test {
{ KV5M_DATA, 16,
"\xEB\x38\xCC\x97\xE2\x23\x0F\x59\xDA\x41\x17\xDC\x58\x59\xD7\xEC" }
},
-#ifdef CAMELLIA
{
"abcdefghijk",
CKSUMTYPE_CMAC_CAMELLIA128, ENCTYPE_CAMELLIA128_CTS_CMAC, 7,
@@ -143,7 +142,6 @@ struct test {
{ KV5M_DATA, 16,
"\x3F\xA0\xB4\x23\x55\xE5\x2B\x18\x91\x87\x29\x4A\xA2\x52\xAB\x64" }
},
-#endif
};
static void
diff --git a/src/lib/crypto/crypto_tests/t_cmac.c b/src/lib/crypto/crypto_tests/t_cmac.c
index 7a4b3ae..7a95e43 100644
--- a/src/lib/crypto/crypto_tests/t_cmac.c
+++ b/src/lib/crypto/crypto_tests/t_cmac.c
@@ -40,8 +40,6 @@
#include "crypto_int.h"
-#ifdef CAMELLIA
-
/* All examples use the following Camellia-128 key. */
static unsigned char keybytes[] = {
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
@@ -98,12 +96,9 @@ check_result(const char *name, const unsigned char *result,
}
}
-#endif /* CAMELLIA */
-
int
main(int argc, char **argv)
{
-#ifdef CAMELLIA
krb5_context context = NULL;
krb5_keyblock keyblock;
krb5_key key;
@@ -142,6 +137,5 @@ main(int argc, char **argv)
printf("All CMAC tests passed.\n");
krb5_k_free_key(context, key);
-#endif /* CAMELLIA */
return 0;
}
diff --git a/src/lib/crypto/crypto_tests/t_decrypt.c b/src/lib/crypto/crypto_tests/t_decrypt.c
index 34486c8..9db60a1 100644
--- a/src/lib/crypto/crypto_tests/t_decrypt.c
+++ b/src/lib/crypto/crypto_tests/t_decrypt.c
@@ -445,7 +445,6 @@ struct test {
"\xB7\x34\xD4\xD4\x98\xB6\x71\x4F\x1C\x1D" }
},
-#ifdef CAMELLIA
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
"", 0,
@@ -552,7 +551,6 @@ struct test {
"\xF3\x4A\xD1\x25\x5A\x34\x49\x99\xAD\x37\x14\x68\x87\xA6\xC6\x84"
"\x57\x31\xAC\x7F\x46\x37\x6A\x05\x04\xCD\x06\x57\x14\x74" }
},
-#endif
};
static void
@@ -585,10 +583,8 @@ enctypes[] = {
ENCTYPE_ARCFOUR_HMAC_EXP,
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
-#ifdef CAMELLIA
ENCTYPE_CAMELLIA128_CTS_CMAC,
ENCTYPE_CAMELLIA256_CTS_CMAC
-#endif
};
static char *plaintexts[] = {
diff --git a/src/lib/crypto/crypto_tests/t_derive.c b/src/lib/crypto/crypto_tests/t_derive.c
index 5f4c04a..0f34b00 100644
--- a/src/lib/crypto/crypto_tests/t_derive.c
+++ b/src/lib/crypto/crypto_tests/t_derive.c
@@ -137,7 +137,6 @@ struct test {
"\xD7\xBB\xA9\x07\x76\xD8\x12\x6D\x91\xF3\x4F\x31\x01\xAE\xA8\xBA" }
},
-#ifdef CAMELLIA
/* Kc, Ke, Ki for a Camellia-128 key */
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
@@ -201,7 +200,6 @@ struct test {
"\xFA\x62\x4F\xA0\xE5\x23\x99\x3F\xA3\x88\xAE\xFD\xC6\x7E\x67\xEB"
"\xCD\x8C\x08\xE8\xA0\x24\x6B\x1D\x73\xB0\xD1\xDD\x9F\xC5\x82\xB0" }
},
-#endif
};
static void
@@ -231,10 +229,8 @@ get_enc_provider(krb5_enctype enctype)
case ENCTYPE_DES3_CBC_SHA1: return &krb5int_enc_des3;
case ENCTYPE_AES128_CTS_HMAC_SHA1_96: return &krb5int_enc_aes128;
case ENCTYPE_AES256_CTS_HMAC_SHA1_96: return &krb5int_enc_aes256;
-#ifdef CAMELLIA
case ENCTYPE_CAMELLIA128_CTS_CMAC: return &krb5int_enc_camellia128;
case ENCTYPE_CAMELLIA256_CTS_CMAC: return &krb5int_enc_camellia256;
-#endif
}
abort();
}
diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c
index 580120b..1ac375e 100644
--- a/src/lib/crypto/crypto_tests/t_encrypt.c
+++ b/src/lib/crypto/crypto_tests/t_encrypt.c
@@ -45,10 +45,8 @@ krb5_enctype interesting_enctypes[] = {
ENCTYPE_ARCFOUR_HMAC_EXP,
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-#ifdef CAMELLIA
ENCTYPE_CAMELLIA128_CTS_CMAC,
ENCTYPE_CAMELLIA256_CTS_CMAC,
-#endif
0
};
diff --git a/src/lib/crypto/crypto_tests/t_short.c b/src/lib/crypto/crypto_tests/t_short.c
index 2952066..6ee7b19 100644
--- a/src/lib/crypto/crypto_tests/t_short.c
+++ b/src/lib/crypto/crypto_tests/t_short.c
@@ -42,10 +42,8 @@ krb5_enctype interesting_enctypes[] = {
ENCTYPE_ARCFOUR_HMAC_EXP,
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-#ifdef CAMELLIA
ENCTYPE_CAMELLIA128_CTS_CMAC,
ENCTYPE_CAMELLIA256_CTS_CMAC,
-#endif
0
};
diff --git a/src/lib/crypto/crypto_tests/t_str2key.c b/src/lib/crypto/crypto_tests/t_str2key.c
index fe58bd1..e9b29ba 100644
--- a/src/lib/crypto/crypto_tests/t_str2key.c
+++ b/src/lib/crypto/crypto_tests/t_str2key.c
@@ -410,7 +410,6 @@ struct test {
"\x57\x18\x48\xB7\x84\xA3\xD6\xBD\xC3\x46\x58\x9A\x3E\x39\x3F\x9E" }
},
-#ifdef CAMELLIA
/* The same inputs applied to Camellia enctypes. */
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
@@ -531,7 +530,6 @@ struct test {
"\x16\x3B\x76\x8C\x6D\xB1\x48\xB4\xEE\xC7\x16\x3D\xF5\xAE\xD7\x0E"
"\x20\x6B\x68\xCE\xC0\x78\xBC\x06\x9E\xD6\x8A\x7E\xD3\x6B\x1E\xCC" }
}
-#endif /* CAMELLIA */
};
static void
diff --git a/src/lib/crypto/krb/checksum_dk_cmac.c b/src/lib/crypto/krb/checksum_dk_cmac.c
index bb48c57..59d5c5a 100644
--- a/src/lib/crypto/krb/checksum_dk_cmac.c
+++ b/src/lib/crypto/krb/checksum_dk_cmac.c
@@ -28,8 +28,6 @@
#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
-#ifdef CAMELLIA
-
krb5_error_code
krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp,
krb5_key key, krb5_keyusage usage,
@@ -58,5 +56,3 @@ krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp,
krb5_k_free_key(NULL, kc);
return ret;
}
-
-#endif /* CAMELLIA */
diff --git a/src/lib/crypto/krb/cksumtypes.c b/src/lib/crypto/krb/cksumtypes.c
index fd95057..a1ced98 100644
--- a/src/lib/crypto/krb/cksumtypes.c
+++ b/src/lib/crypto/krb/cksumtypes.c
@@ -101,7 +101,6 @@ const struct krb5_cksumtypes krb5int_cksumtypes_list[] = {
krb5int_hmacmd5_checksum, NULL,
16, 16, 0 },
-#ifdef CAMELLIA
{ CKSUMTYPE_CMAC_CAMELLIA128,
"cmac-camellia128", { 0 }, "CMAC Camellia128 key",
&krb5int_enc_camellia128, NULL,
@@ -113,7 +112,6 @@ const struct krb5_cksumtypes krb5int_cksumtypes_list[] = {
&krb5int_enc_camellia256, NULL,
krb5int_dk_cmac_checksum, NULL,
16, 16, 0 },
-#endif /* CAMELLIA */
};
const size_t krb5int_cksumtypes_length =
diff --git a/src/lib/crypto/krb/cmac.c b/src/lib/crypto/krb/cmac.c
index 19af220..2e220c5 100644
--- a/src/lib/crypto/krb/cmac.c
+++ b/src/lib/crypto/krb/cmac.c
@@ -41,8 +41,6 @@
#include "crypto_int.h"
-#ifdef CAMELLIA
-
#define BLOCK_SIZE 16
static unsigned char const_Rb[BLOCK_SIZE] = {
@@ -221,17 +219,3 @@ krb5int_cmac_checksum(const struct krb5_enc_provider *enc, krb5_key key,
return 0;
}
-
-#else /* CAMELLIA */
-
-/* This won't be used, but is still in the export table. */
-
-krb5_error_code
-krb5int_cmac_checksum(const struct krb5_enc_provider *enc, krb5_key key,
- const krb5_crypto_iov *data, size_t num_data,
- krb5_data *output)
-{
- return EINVAL;
-}
-
-#endif /* CAMELLIA */
diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h
index cb9aef3..01090d0 100644
--- a/src/lib/crypto/krb/crypto_int.h
+++ b/src/lib/crypto/krb/crypto_int.h
@@ -321,11 +321,8 @@ krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
/*** Key derivation functions ***/
enum deriv_alg {
- DERIVE_RFC3961 /* RFC 3961 section 5.1 */
-#ifdef CAMELLIA
- , /* C90 doesn't let enum list end w/comma */
+ DERIVE_RFC3961, /* RFC 3961 section 5.1 */
DERIVE_SP800_108_CMAC /* NIST SP 800-108 with CMAC as PRF */
-#endif
};
krb5_error_code krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
@@ -421,10 +418,8 @@ extern const struct krb5_enc_provider krb5int_enc_aes128;
extern const struct krb5_enc_provider krb5int_enc_aes256;
extern const struct krb5_enc_provider krb5int_enc_aes128_ctr;
extern const struct krb5_enc_provider krb5int_enc_aes256_ctr;
-#ifdef CAMELLIA
extern const struct krb5_enc_provider krb5int_enc_camellia128;
extern const struct krb5_enc_provider krb5int_enc_camellia256;
-#endif
extern const struct krb5_hash_provider krb5int_hash_crc32;
extern const struct krb5_hash_provider krb5int_hash_md4;
@@ -462,8 +457,7 @@ krb5_error_code krb5int_pbkdf2_hmac_sha1(const krb5_data *out,
const krb5_data *salt);
/* The following are used by test programs and are just handler functions from
- * the AES and Camellia enc providers. Define a stub krb5int_camellia_cbc_mac
- * even if CAMELLIA isn't defined, since it's in the export list. */
+ * the AES and Camellia enc providers. */
krb5_error_code krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data);
krb5_error_code krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
diff --git a/src/lib/crypto/krb/derive.c b/src/lib/crypto/krb/derive.c
index 1cb47af..1509f42 100644
--- a/src/lib/crypto/krb/derive.c
+++ b/src/lib/crypto/krb/derive.c
@@ -130,8 +130,6 @@ cleanup:
return ret;
}
-#ifdef CAMELLIA
-
/*
* NIST SP800-108 KDF in feedback mode (section 5.2).
* Parameters:
@@ -207,8 +205,6 @@ cleanup:
return ret;
}
-#endif /* CAMELLIA */
-
krb5_error_code
krb5int_derive_random(const struct krb5_enc_provider *enc,
krb5_key inkey, krb5_data *outrnd,
@@ -217,10 +213,8 @@ krb5int_derive_random(const struct krb5_enc_provider *enc,
switch (alg) {
case DERIVE_RFC3961:
return derive_random_rfc3961(enc, inkey, outrnd, in_constant);
-#ifdef CAMELLIA
case DERIVE_SP800_108_CMAC:
return derive_random_sp800_108_cmac(enc, inkey, outrnd, in_constant);
-#endif
default:
return EINVAL;
}
diff --git a/src/lib/crypto/krb/enc_dk_cmac.c b/src/lib/crypto/krb/enc_dk_cmac.c
index 6593d17..508f9f8 100644
--- a/src/lib/crypto/krb/enc_dk_cmac.c
+++ b/src/lib/crypto/krb/enc_dk_cmac.c
@@ -27,8 +27,6 @@
#include "crypto_int.h"
-#ifdef CAMELLIA
-
#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
/* AEAD */
@@ -182,5 +180,3 @@ cleanup:
zapfree(cksum.data, cksum.length);
return ret;
}
-
-#endif /* CAMELLIA */
diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c
index a9b176d..53be1d5 100644
--- a/src/lib/crypto/krb/etypes.c
+++ b/src/lib/crypto/krb/etypes.c
@@ -144,7 +144,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_dk_prf,
CKSUMTYPE_HMAC_SHA1_96_AES256,
0 /*flags*/ },
-#ifdef CAMELLIA
+
{ ENCTYPE_CAMELLIA128_CTS_CMAC,
"camellia128-cts-cmac", { "camellia128-cts" },
"Camellia-128 CTS mode with CMAC",
@@ -167,7 +167,6 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
krb5int_dk_cmac_prf,
CKSUMTYPE_CMAC_CAMELLIA256,
0 /*flags */ },
-#endif /* CAMELLIA */
};
const int krb5int_enctypes_length =
diff --git a/src/lib/crypto/krb/prf_cmac.c b/src/lib/crypto/krb/prf_cmac.c
index d3e7161..131c36d 100644
--- a/src/lib/crypto/krb/prf_cmac.c
+++ b/src/lib/crypto/krb/prf_cmac.c
@@ -26,8 +26,6 @@
#include "crypto_int.h"
-#ifdef CAMELLIA
-
krb5_error_code
krb5int_dk_cmac_prf(const struct krb5_keytypes *ktp, krb5_key key,
const krb5_data *in, krb5_data *out)
@@ -58,5 +56,3 @@ cleanup:
krb5_k_free_key(NULL, kp);
return ret;
}
-
-#endif /* CAMELLIA */
diff --git a/src/lib/crypto/krb/s2k_pbkdf2.c b/src/lib/crypto/krb/s2k_pbkdf2.c
index 90fe3c6..2476865 100644
--- a/src/lib/crypto/krb/s2k_pbkdf2.c
+++ b/src/lib/crypto/krb/s2k_pbkdf2.c
@@ -183,7 +183,6 @@ krb5int_aes_string_to_key(const struct krb5_keytypes *ktp,
DERIVE_RFC3961, 4096);
}
-#ifdef CAMELLIA
krb5_error_code
krb5int_camellia_string_to_key(const struct krb5_keytypes *ktp,
const krb5_data *string,
@@ -196,4 +195,3 @@ krb5int_camellia_string_to_key(const struct krb5_keytypes *ktp,
return pbkdf2_string_to_key(ktp, string, salt, &pepper, params, key,
DERIVE_SP800_108_CMAC, 32768);
}
-#endif
diff --git a/src/lib/crypto/nss/enc_provider/camellia.c b/src/lib/crypto/nss/enc_provider/camellia.c
index f4eb0de..9859efa 100644
--- a/src/lib/crypto/nss/enc_provider/camellia.c
+++ b/src/lib/crypto/nss/enc_provider/camellia.c
@@ -36,8 +36,6 @@
#include "crypto_int.h"
#include "nss_gen.h"
-#ifdef CAMELLIA
-
static krb5_error_code
krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data)
@@ -113,23 +111,3 @@ const struct krb5_enc_provider krb5int_enc_camellia256 = {
krb5int_default_free_state,
k5_nss_gen_cleanup
};
-
-#else /* CAMELLIA_CCM */
-
-/* These won't be used, but are still in the export table. */
-
-krb5_error_code
-krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
- size_t num_data, const krb5_data *iv,
- krb5_data *output)
-{
- return EINVAL;
-}
-
-const struct krb5_enc_provider krb5int_enc_camellia128 = {
-};
-
-const struct krb5_enc_provider krb5int_enc_camellia256 = {
-};
-
-#endif
diff --git a/src/lib/crypto/openssl/enc_provider/camellia.c b/src/lib/crypto/openssl/enc_provider/camellia.c
index f22826b..2173db6 100644
--- a/src/lib/crypto/openssl/enc_provider/camellia.c
+++ b/src/lib/crypto/openssl/enc_provider/camellia.c
@@ -29,8 +29,6 @@
#include <openssl/camellia.h>
#include <openssl/modes.h>
-#ifdef CAMELLIA
-
static krb5_error_code
cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
size_t num_data);
@@ -384,23 +382,3 @@ const struct krb5_enc_provider krb5int_enc_camellia256 = {
krb5int_camellia_init_state,
krb5int_default_free_state
};
-
-#else /* CAMELLIA */
-
-/* These won't be used, but are still in the export table. */
-
-krb5_error_code
-krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
- size_t num_data, const krb5_data *iv,
- krb5_data *output)
-{
- return EINVAL;
-}
-
-const struct krb5_enc_provider krb5int_enc_camellia128 = {
-};
-
-const struct krb5_enc_provider krb5int_enc_camellia256 = {
-};
-
-#endif /* CAMELLIA */
diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index 6e098f8..aa793fc 100644
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -468,11 +468,9 @@ krb5int_parse_enctype_list(krb5_context context, const char *profkey,
mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, &list);
} else if (strcasecmp(token, "rc4") == 0) {
mod_list(ENCTYPE_ARCFOUR_HMAC, sel, weak, &list);
-#ifdef CAMELLIA
} else if (strcasecmp(token, "camellia") == 0) {
mod_list(ENCTYPE_CAMELLIA256_CTS_CMAC, sel, weak, &list);
mod_list(ENCTYPE_CAMELLIA128_CTS_CMAC, sel, weak, &list);
-#endif
} else if (krb5_string_to_enctype(token, &etype) == 0) {
/* Set a specific enctype. */
mod_list(etype, sel, weak, &list);
diff --git a/src/lib/krb5/krb/t_etypes.c b/src/lib/krb5/krb/t_etypes.c
index 72dbb20..0a8a199 100644
--- a/src/lib/krb5/krb/t_etypes.c
+++ b/src/lib/krb5/krb/t_etypes.c
@@ -97,14 +97,12 @@ static struct {
ENCTYPE_DES3_CBC_SHA1, 0 },
0, 0
},
-#ifdef CAMELLIA
/* Family with enctype removed */
{ "camellia -camellia256-cts-cmac",
{ 0 },
{ ENCTYPE_CAMELLIA128_CTS_CMAC, 0 },
{ ENCTYPE_CAMELLIA128_CTS_CMAC, 0 }
},
-#endif
/* Enctype followed by two families */
{ "+rc4-hmAC des3 +des",
{ 0 },
diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp
index 2804b5c..67963c5 100644
--- a/src/tests/dejagnu/config/default.exp
+++ b/src/tests/dejagnu/config/default.exp
@@ -189,6 +189,30 @@ set passes {
{dummy=[verbose -log "AES enctypes"]}
}
{
+ camellia-only
+ mode=udp
+ des3_krbtgt=0
+ {supported_enctypes=camellia256-cts:normal}
+ {permitted_enctypes(kdc)=camellia256-cts}
+ {permitted_enctypes(slave)=camellia256-cts}
+ {permitted_enctypes(client)=camellia256-cts}
+ {permitted_enctypes(server)=camellia256-cts}
+ {default_tgs_enctypes(kdc)=camellia256-cts}
+ {default_tgs_enctypes(slave)=camellia256-cts}
+ {default_tgs_enctypes(client)=camellia256-cts}
+ {default_tgs_enctypes(server)=camellia256-cts}
+ {default_tkt_enctypes(kdc)=camellia256-cts}
+ {default_tkt_enctypes(slave)=camellia256-cts}
+ {default_tkt_enctypes(client)=camellia256-cts}
+ {default_tkt_enctypes(server)=camellia256-cts}
+ {allow_weak_crypto(kdc)=false}
+ {allow_weak_crypto(slave)=false}
+ {allow_weak_crypto(client)=false}
+ {allow_weak_crypto(server)=false}
+ {master_key_type=camellia256-cts}
+ {dummy=[verbose -log "Camellia-256 enctype"]}
+ }
+ {
aes-des3
mode=udp
des3_krbtgt=0
@@ -263,32 +287,6 @@ set passes {
}
}
-# Add to above when Camellia support becomes unconditional.
-# {
-# camellia-only
-# mode=udp
-# des3_krbtgt=0
-# {supported_enctypes=camellia256-cts:normal}
-# {permitted_enctypes(kdc)=camellia256-cts}
-# {permitted_enctypes(slave)=camellia256-cts}
-# {permitted_enctypes(client)=camellia256-cts}
-# {permitted_enctypes(server)=camellia256-cts}
-# {default_tgs_enctypes(kdc)=camellia256-cts}
-# {default_tgs_enctypes(slave)=camellia256-cts}
-# {default_tgs_enctypes(client)=camellia256-cts}
-# {default_tgs_enctypes(server)=camellia256-cts}
-# {default_tkt_enctypes(kdc)=camellia256-cts}
-# {default_tkt_enctypes(slave)=camellia256-cts}
-# {default_tkt_enctypes(client)=camellia256-cts}
-# {default_tkt_enctypes(server)=camellia256-cts}
-# {allow_weak_crypto(kdc)=false}
-# {allow_weak_crypto(slave)=false}
-# {allow_weak_crypto(client)=false}
-# {allow_weak_crypto(server)=false}
-# {master_key_type=camellia256-cts}
-# {dummy=[verbose -log "Camellia-256 enctype"]}
-# }
-
# des.md5-tgt is set as unused, since it won't trigger the error case
# if SUPPORT_DESMD5 isn't honored.
diff --git a/src/util/k5test.py b/src/util/k5test.py
index 6af782c..4fd8cf7 100644
--- a/src/util/k5test.py
+++ b/src/util/k5test.py
@@ -1185,15 +1185,14 @@ _passes = [
'master_key_type' : 'aes128-cts'}}}}),
# Exercise the camellia256-cts enctype.
-# Enable when Camellia support becomes unconditional.
-# ('camellia256', None,
-# {'all' : {'libdefaults' : {
-# 'default_tgs_enctypes' : 'camellia256-cts',
-# 'default_tkt_enctypes' : 'camellia256-cts',
-# 'permitted_enctypes' : 'camellia256-cts'}}},
-# {'master' : {'realms' : {'$realm' : {
-# 'supported_enctypes' : 'camellia256-cts:normal',
-# 'master_key_type' : 'camellia256-cts'}}}}),
+ ('camellia256', None,
+ {'all' : {'libdefaults' : {
+ 'default_tgs_enctypes' : 'camellia256-cts',
+ 'default_tkt_enctypes' : 'camellia256-cts',
+ 'permitted_enctypes' : 'camellia256-cts'}}},
+ {'master' : {'realms' : {'$realm' : {
+ 'supported_enctypes' : 'camellia256-cts:normal',
+ 'master_key_type' : 'camellia256-cts'}}}}),
# Test a setup with modern principal keys but an old TGT key.
('aes256.destgt', 'des-cbc-crc:normal',
More information about the cvs-krb5
mailing list