The Camellia enctypes and cksumtypes have received IANA assignments.
Add #defines using those assignments to krb5.h, remove the CAMELLIA
conditional, and enable testing code as appropriate.
The Camellia draft has not received an RFC number yet, so there is no
Doxygen markup for the enctype and cksumtype #defines. That can be
added once the RFC number is known.
krb5_error_code
krb5int_clean_hostname(krb5_context, const char *, char *, size_t);
-#if 0
-/*
- * There are no IANA assignments for these enctypes or cksumtypes yet. They
- * must be defined to local-use negative numbers at build time for Camellia
- * support to function at the moment. If one is defined, they should all be
- * defined. When IANA assignments exist, these definitions should move to the
- * appropriate places in krb5.hin and all CAMELLIA conditional code should be
- * made unconditional.
- *
- * The present code is experimental and may not be compatible with the
- * standardized version.
- */
-#define ENCTYPE_CAMELLIA128_CTS_CMAC -XXX /* Camellia CTS mode, 128-bit key */
-#define ENCTYPE_CAMELLIA256_CTS_CMAC -YYY /* Camellia CTS mode, 256-bit key */
-#define CKSUMTYPE_CMAC_CAMELLIA128 -XXX /* CMAC, 128-bit Camellia key */
-#define CKSUMTYPE_CMAC_CAMELLIA256 -YYY /* CMAC, 256-bit Camellia key */
-#endif
-
-#ifdef ENCTYPE_CAMELLIA128_CTS_CMAC
-#define CAMELLIA
-#endif
-
struct _krb5_kt { /* should move into k5-int.h */
krb5_magic magic;
const struct _krb5_kt_ops *ops;
#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012 /**< RFC 3962 */
#define ENCTYPE_ARCFOUR_HMAC 0x0017
#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
+#define ENCTYPE_CAMELLIA128_CTS_CMAC 0x0019
+#define ENCTYPE_CAMELLIA256_CTS_CMAC 0x001a
#define ENCTYPE_UNKNOWN 0x01ff
#define CKSUMTYPE_CRC32 0x0001
ENCTYPE_AES128_CTS_HMAC_SHA1_96 */
#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 /**< RFC 3962. Used with
ENCTYPE_AES256_CTS_HMAC_SHA1_96 */
+#define CKSUMTYPE_CMAC_CAMELLIA128 0x0011
+#define CKSUMTYPE_CMAC_CAMELLIA256 0x0012
#define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /*Microsoft netlogon cksumtype*/
#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/
run-camellia-gen: camellia-gen
./camellia-gen > kresults.out
-# Enable when Camellia support becomes unconditional.
-#check:: run-camellia-gen
+check:: run-camellia-gen
clean-unix:: clean-libobjs
#include <unistd.h>
#include "camellia.h"
-#ifdef CAMELLIA
-
#define B 16U
unsigned char key[16];
unsigned char test_case_len[] = { B+1, 2*B-1, 2*B, 2*B+1, 3*B-1, 3*B, 4*B, };
printf ("\n");
}
-#endif /* CAMELLIA */
-
int main ()
{
-#ifdef CAMELLIA
init ();
fips_test ();
ecb_test();
cbc_test();
cts_test();
-#endif
return 0;
}
#include "camellia.h"
-#include "k5-int.h" /* Only for CAMELLIA; remove later. */
-#ifdef CAMELLIA
-
/* key constants */
#define CAMELLIA_SIGMA1L (0xA09E667FL)
Camellia_DecryptBlock(cx->keybitlen, in_blk, cx->k_sch, out_blk);
return camellia_good;
}
-
-#endif /* CAMELLIA */
#include "crypto_int.h"
#include "camellia.h"
-#ifdef CAMELLIA
-
/*
* Private per-key data to cache after first generation. We don't want to mess
* with the imported Cemallia implementation too much, so we'll just use two
camellia_init_state,
krb5int_default_free_state
};
-
-#else /* CAMELLIA */
-
-/* These won't be used, but are still in the export table. */
-
-krb5_error_code
-krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
- size_t num_data, const krb5_data *iv,
- krb5_data *output)
-{
- return EINVAL;
-}
-
-const struct krb5_enc_provider krb5int_enc_camellia128 = {
- 0
-};
-
-const struct krb5_enc_provider krb5int_enc_camellia256 = {
- 0
-};
-
-#endif /* CAMELLIA */
$(RUN_SETUP) $(VALGRIND) ./aes-test > vt.txt
cmp vt.txt $(srcdir)/expect-vt.txt
$(RUN_SETUP) $(VALGRIND) ./camellia-test > camellia-vt.txt
-# Enable this when Camellia becomes unconditional.
-# cmp camellia-vt.txt $(srcdir)/camellia-expect-vt.txt
+ cmp camellia-vt.txt $(srcdir)/camellia-expect-vt.txt
$(RUN_SETUP) $(VALGRIND) $(C)t_mddriver4 -x
$(RUN_SETUP) $(VALGRIND) $(C)t_mddriver -x
$(RUN_SETUP) $(VALGRIND) ./t_short
*/
#include <stdio.h>
-#include "k5-int.h"
-
-#ifdef CAMELLIA
+#include "crypto_int.h"
static char key[32];
static char plain[16], cipher[16], zero[16];
vt_test_1(32);
}
-#endif /* CAMELLIA */
-
int main (int argc, char *argv[])
{
-#ifdef CAMELLIA
if (argc > 2 || (argc == 2 && strcmp(argv[1], "-k"))) {
fprintf(stderr,
"usage:\t%s -k\tfor variable-key tests\n"
vk_test();
else
vt_test();
-#endif /* CAMELLIA */
return 0;
}
{ KV5M_DATA, 16,
"\xEB\x38\xCC\x97\xE2\x23\x0F\x59\xDA\x41\x17\xDC\x58\x59\xD7\xEC" }
},
-#ifdef CAMELLIA
{
"abcdefghijk",
CKSUMTYPE_CMAC_CAMELLIA128, ENCTYPE_CAMELLIA128_CTS_CMAC, 7,
{ KV5M_DATA, 16,
"\x3F\xA0\xB4\x23\x55\xE5\x2B\x18\x91\x87\x29\x4A\xA2\x52\xAB\x64" }
},
-#endif
};
static void
#include "crypto_int.h"
-#ifdef CAMELLIA
-
/* All examples use the following Camellia-128 key. */
static unsigned char keybytes[] = {
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
}
}
-#endif /* CAMELLIA */
-
int
main(int argc, char **argv)
{
-#ifdef CAMELLIA
krb5_context context = NULL;
krb5_keyblock keyblock;
krb5_key key;
printf("All CMAC tests passed.\n");
krb5_k_free_key(context, key);
-#endif /* CAMELLIA */
return 0;
}
"\xB7\x34\xD4\xD4\x98\xB6\x71\x4F\x1C\x1D" }
},
-#ifdef CAMELLIA
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
"", 0,
"\xF3\x4A\xD1\x25\x5A\x34\x49\x99\xAD\x37\x14\x68\x87\xA6\xC6\x84"
"\x57\x31\xAC\x7F\x46\x37\x6A\x05\x04\xCD\x06\x57\x14\x74" }
},
-#endif
};
static void
ENCTYPE_ARCFOUR_HMAC_EXP,
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
-#ifdef CAMELLIA
ENCTYPE_CAMELLIA128_CTS_CMAC,
ENCTYPE_CAMELLIA256_CTS_CMAC
-#endif
};
static char *plaintexts[] = {
"\xD7\xBB\xA9\x07\x76\xD8\x12\x6D\x91\xF3\x4F\x31\x01\xAE\xA8\xBA" }
},
-#ifdef CAMELLIA
/* Kc, Ke, Ki for a Camellia-128 key */
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
"\xFA\x62\x4F\xA0\xE5\x23\x99\x3F\xA3\x88\xAE\xFD\xC6\x7E\x67\xEB"
"\xCD\x8C\x08\xE8\xA0\x24\x6B\x1D\x73\xB0\xD1\xDD\x9F\xC5\x82\xB0" }
},
-#endif
};
static void
case ENCTYPE_DES3_CBC_SHA1: return &krb5int_enc_des3;
case ENCTYPE_AES128_CTS_HMAC_SHA1_96: return &krb5int_enc_aes128;
case ENCTYPE_AES256_CTS_HMAC_SHA1_96: return &krb5int_enc_aes256;
-#ifdef CAMELLIA
case ENCTYPE_CAMELLIA128_CTS_CMAC: return &krb5int_enc_camellia128;
case ENCTYPE_CAMELLIA256_CTS_CMAC: return &krb5int_enc_camellia256;
-#endif
}
abort();
}
ENCTYPE_ARCFOUR_HMAC_EXP,
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-#ifdef CAMELLIA
ENCTYPE_CAMELLIA128_CTS_CMAC,
ENCTYPE_CAMELLIA256_CTS_CMAC,
-#endif
0
};
ENCTYPE_ARCFOUR_HMAC_EXP,
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-#ifdef CAMELLIA
ENCTYPE_CAMELLIA128_CTS_CMAC,
ENCTYPE_CAMELLIA256_CTS_CMAC,
-#endif
0
};
"\x57\x18\x48\xB7\x84\xA3\xD6\xBD\xC3\x46\x58\x9A\x3E\x39\x3F\x9E" }
},
-#ifdef CAMELLIA
/* The same inputs applied to Camellia enctypes. */
{
ENCTYPE_CAMELLIA128_CTS_CMAC,
"\x16\x3B\x76\x8C\x6D\xB1\x48\xB4\xEE\xC7\x16\x3D\xF5\xAE\xD7\x0E"
"\x20\x6B\x68\xCE\xC0\x78\xBC\x06\x9E\xD6\x8A\x7E\xD3\x6B\x1E\xCC" }
}
-#endif /* CAMELLIA */
};
static void
#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
-#ifdef CAMELLIA
-
krb5_error_code
krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp,
krb5_key key, krb5_keyusage usage,
krb5_k_free_key(NULL, kc);
return ret;
}
-
-#endif /* CAMELLIA */
krb5int_hmacmd5_checksum, NULL,
16, 16, 0 },
-#ifdef CAMELLIA
{ CKSUMTYPE_CMAC_CAMELLIA128,
"cmac-camellia128", { 0 }, "CMAC Camellia128 key",
&krb5int_enc_camellia128, NULL,
&krb5int_enc_camellia256, NULL,
krb5int_dk_cmac_checksum, NULL,
16, 16, 0 },
-#endif /* CAMELLIA */
};
const size_t krb5int_cksumtypes_length =
#include "crypto_int.h"
-#ifdef CAMELLIA
-
#define BLOCK_SIZE 16
static unsigned char const_Rb[BLOCK_SIZE] = {
return 0;
}
-
-#else /* CAMELLIA */
-
-/* This won't be used, but is still in the export table. */
-
-krb5_error_code
-krb5int_cmac_checksum(const struct krb5_enc_provider *enc, krb5_key key,
- const krb5_crypto_iov *data, size_t num_data,
- krb5_data *output)
-{
- return EINVAL;
-}
-
-#endif /* CAMELLIA */
/*** Key derivation functions ***/
enum deriv_alg {
- DERIVE_RFC3961 /* RFC 3961 section 5.1 */
-#ifdef CAMELLIA
- , /* C90 doesn't let enum list end w/comma */
+ DERIVE_RFC3961, /* RFC 3961 section 5.1 */
DERIVE_SP800_108_CMAC /* NIST SP 800-108 with CMAC as PRF */
-#endif
};
krb5_error_code krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
extern const struct krb5_enc_provider krb5int_enc_aes256;
extern const struct krb5_enc_provider krb5int_enc_aes128_ctr;
extern const struct krb5_enc_provider krb5int_enc_aes256_ctr;
-#ifdef CAMELLIA
extern const struct krb5_enc_provider krb5int_enc_camellia128;
extern const struct krb5_enc_provider krb5int_enc_camellia256;
-#endif
extern const struct krb5_hash_provider krb5int_hash_crc32;
extern const struct krb5_hash_provider krb5int_hash_md4;
const krb5_data *salt);
/* The following are used by test programs and are just handler functions from
- * the AES and Camellia enc providers. Define a stub krb5int_camellia_cbc_mac
- * even if CAMELLIA isn't defined, since it's in the export list. */
+ * the AES and Camellia enc providers. */
krb5_error_code krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data);
krb5_error_code krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
return ret;
}
-#ifdef CAMELLIA
-
/*
* NIST SP800-108 KDF in feedback mode (section 5.2).
* Parameters:
return ret;
}
-#endif /* CAMELLIA */
-
krb5_error_code
krb5int_derive_random(const struct krb5_enc_provider *enc,
krb5_key inkey, krb5_data *outrnd,
switch (alg) {
case DERIVE_RFC3961:
return derive_random_rfc3961(enc, inkey, outrnd, in_constant);
-#ifdef CAMELLIA
case DERIVE_SP800_108_CMAC:
return derive_random_sp800_108_cmac(enc, inkey, outrnd, in_constant);
-#endif
default:
return EINVAL;
}
#include "crypto_int.h"
-#ifdef CAMELLIA
-
#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
/* AEAD */
zapfree(cksum.data, cksum.length);
return ret;
}
-
-#endif /* CAMELLIA */
krb5int_dk_prf,
CKSUMTYPE_HMAC_SHA1_96_AES256,
0 /*flags*/ },
-#ifdef CAMELLIA
+
{ ENCTYPE_CAMELLIA128_CTS_CMAC,
"camellia128-cts-cmac", { "camellia128-cts" },
"Camellia-128 CTS mode with CMAC",
krb5int_dk_cmac_prf,
CKSUMTYPE_CMAC_CAMELLIA256,
0 /*flags */ },
-#endif /* CAMELLIA */
};
const int krb5int_enctypes_length =
#include "crypto_int.h"
-#ifdef CAMELLIA
-
krb5_error_code
krb5int_dk_cmac_prf(const struct krb5_keytypes *ktp, krb5_key key,
const krb5_data *in, krb5_data *out)
krb5_k_free_key(NULL, kp);
return ret;
}
-
-#endif /* CAMELLIA */
DERIVE_RFC3961, 4096);
}
-#ifdef CAMELLIA
krb5_error_code
krb5int_camellia_string_to_key(const struct krb5_keytypes *ktp,
const krb5_data *string,
return pbkdf2_string_to_key(ktp, string, salt, &pepper, params, key,
DERIVE_SP800_108_CMAC, 32768);
}
-#endif
#include "crypto_int.h"
#include "nss_gen.h"
-#ifdef CAMELLIA
-
static krb5_error_code
krb5int_camellia_encrypt(krb5_key key, const krb5_data *ivec,
krb5_crypto_iov *data, size_t num_data)
krb5int_default_free_state,
k5_nss_gen_cleanup
};
-
-#else /* CAMELLIA_CCM */
-
-/* These won't be used, but are still in the export table. */
-
-krb5_error_code
-krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
- size_t num_data, const krb5_data *iv,
- krb5_data *output)
-{
- return EINVAL;
-}
-
-const struct krb5_enc_provider krb5int_enc_camellia128 = {
-};
-
-const struct krb5_enc_provider krb5int_enc_camellia256 = {
-};
-
-#endif
#include <openssl/camellia.h>
#include <openssl/modes.h>
-#ifdef CAMELLIA
-
static krb5_error_code
cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
size_t num_data);
krb5int_camellia_init_state,
krb5int_default_free_state
};
-
-#else /* CAMELLIA */
-
-/* These won't be used, but are still in the export table. */
-
-krb5_error_code
-krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
- size_t num_data, const krb5_data *iv,
- krb5_data *output)
-{
- return EINVAL;
-}
-
-const struct krb5_enc_provider krb5int_enc_camellia128 = {
-};
-
-const struct krb5_enc_provider krb5int_enc_camellia256 = {
-};
-
-#endif /* CAMELLIA */
mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, &list);
} else if (strcasecmp(token, "rc4") == 0) {
mod_list(ENCTYPE_ARCFOUR_HMAC, sel, weak, &list);
-#ifdef CAMELLIA
} else if (strcasecmp(token, "camellia") == 0) {
mod_list(ENCTYPE_CAMELLIA256_CTS_CMAC, sel, weak, &list);
mod_list(ENCTYPE_CAMELLIA128_CTS_CMAC, sel, weak, &list);
-#endif
} else if (krb5_string_to_enctype(token, &etype) == 0) {
/* Set a specific enctype. */
mod_list(etype, sel, weak, &list);
ENCTYPE_DES3_CBC_SHA1, 0 },
0, 0
},
-#ifdef CAMELLIA
/* Family with enctype removed */
{ "camellia -camellia256-cts-cmac",
{ 0 },
{ ENCTYPE_CAMELLIA128_CTS_CMAC, 0 },
{ ENCTYPE_CAMELLIA128_CTS_CMAC, 0 }
},
-#endif
/* Enctype followed by two families */
{ "+rc4-hmAC des3 +des",
{ 0 },
{master_key_type=aes256-cts-hmac-sha1-96}
{dummy=[verbose -log "AES enctypes"]}
}
+ {
+ camellia-only
+ mode=udp
+ des3_krbtgt=0
+ {supported_enctypes=camellia256-cts:normal}
+ {permitted_enctypes(kdc)=camellia256-cts}
+ {permitted_enctypes(slave)=camellia256-cts}
+ {permitted_enctypes(client)=camellia256-cts}
+ {permitted_enctypes(server)=camellia256-cts}
+ {default_tgs_enctypes(kdc)=camellia256-cts}
+ {default_tgs_enctypes(slave)=camellia256-cts}
+ {default_tgs_enctypes(client)=camellia256-cts}
+ {default_tgs_enctypes(server)=camellia256-cts}
+ {default_tkt_enctypes(kdc)=camellia256-cts}
+ {default_tkt_enctypes(slave)=camellia256-cts}
+ {default_tkt_enctypes(client)=camellia256-cts}
+ {default_tkt_enctypes(server)=camellia256-cts}
+ {allow_weak_crypto(kdc)=false}
+ {allow_weak_crypto(slave)=false}
+ {allow_weak_crypto(client)=false}
+ {allow_weak_crypto(server)=false}
+ {master_key_type=camellia256-cts}
+ {dummy=[verbose -log "Camellia-256 enctype"]}
+ }
{
aes-des3
mode=udp
}
}
-# Add to above when Camellia support becomes unconditional.
-# {
-# camellia-only
-# mode=udp
-# des3_krbtgt=0
-# {supported_enctypes=camellia256-cts:normal}
-# {permitted_enctypes(kdc)=camellia256-cts}
-# {permitted_enctypes(slave)=camellia256-cts}
-# {permitted_enctypes(client)=camellia256-cts}
-# {permitted_enctypes(server)=camellia256-cts}
-# {default_tgs_enctypes(kdc)=camellia256-cts}
-# {default_tgs_enctypes(slave)=camellia256-cts}
-# {default_tgs_enctypes(client)=camellia256-cts}
-# {default_tgs_enctypes(server)=camellia256-cts}
-# {default_tkt_enctypes(kdc)=camellia256-cts}
-# {default_tkt_enctypes(slave)=camellia256-cts}
-# {default_tkt_enctypes(client)=camellia256-cts}
-# {default_tkt_enctypes(server)=camellia256-cts}
-# {allow_weak_crypto(kdc)=false}
-# {allow_weak_crypto(slave)=false}
-# {allow_weak_crypto(client)=false}
-# {allow_weak_crypto(server)=false}
-# {master_key_type=camellia256-cts}
-# {dummy=[verbose -log "Camellia-256 enctype"]}
-# }
-
# des.md5-tgt is set as unused, since it won't trigger the error case
# if SUPPORT_DESMD5 isn't honored.
'master_key_type' : 'aes128-cts'}}}}),
# Exercise the camellia256-cts enctype.
-# Enable when Camellia support becomes unconditional.
-# ('camellia256', None,
-# {'all' : {'libdefaults' : {
-# 'default_tgs_enctypes' : 'camellia256-cts',
-# 'default_tkt_enctypes' : 'camellia256-cts',
-# 'permitted_enctypes' : 'camellia256-cts'}}},
-# {'master' : {'realms' : {'$realm' : {
-# 'supported_enctypes' : 'camellia256-cts:normal',
-# 'master_key_type' : 'camellia256-cts'}}}}),
+ ('camellia256', None,
+ {'all' : {'libdefaults' : {
+ 'default_tgs_enctypes' : 'camellia256-cts',
+ 'default_tkt_enctypes' : 'camellia256-cts',
+ 'permitted_enctypes' : 'camellia256-cts'}}},
+ {'master' : {'realms' : {'$realm' : {
+ 'supported_enctypes' : 'camellia256-cts:normal',
+ 'master_key_type' : 'camellia256-cts'}}}}),
# Test a setup with modern principal keys but an old TGT key.
('aes256.destgt', 'des-cbc-crc:normal',
projects / thirdparty / krb5.git / commitdiff
