kill off GMAC checksums

heimdal · Dec 9, 2015 · a327aab · a327aab
1 parent 32cd9fb
commit a327aab
Show file tree

Hide file tree

Showing 4 changed files with 2 additions and 47 deletions.
diff --git a/lib/krb5/crypto-aes-gcm.c b/lib/krb5/crypto-aes-gcm.c
@@ -65,26 +65,6 @@ static struct _krb5_key_type keytype_aes256_gcm = {
     EVP_aes_256_gcm
 };
 
-struct _krb5_checksum_type _krb5_checksum_gmac_128_aes128 = {
-    CKSUMTYPE_GMAC_128_AES128,
-    "gmac-128-aes128",
-    128,
-    EVP_GCM_TLS_TAG_LEN,
-    F_KEYED | F_CPROOF | F_DERIVED | F_AEAD,
-    _krb5_checksum_aead,
-    NULL
-};
-
-struct _krb5_checksum_type _krb5_checksum_gmac_128_aes256 = {
-    CKSUMTYPE_GMAC_128_AES256,
-    "gmac-128-aes256",
-    128,
-    EVP_GCM_TLS_TAG_LEN,
-    F_KEYED | F_CPROOF | F_DERIVED | F_AEAD,
-    _krb5_checksum_aead,
-    NULL
-};
-
 static krb5_error_code
 AES_CMAC_PRF(krb5_context context,
 	     krb5_crypto crypto,
@@ -126,7 +106,7 @@ struct _krb5_encryption_type _krb5_enctype_aes128_gcm_128 = {
     0,
     &keytype_aes128_gcm,
     NULL, /* should never be called */
-    &_krb5_checksum_gmac_128_aes128,
+    NULL, /* should never be called */
     F_DERIVED | F_SP800_108_KDF | F_ENC_THEN_CKSUM | F_AEAD,
     _krb5_evp_encrypt_gcm,
     16,
@@ -142,7 +122,7 @@ struct _krb5_encryption_type _krb5_enctype_aes256_gcm_128 = {
     0,
     &keytype_aes256_gcm,
     NULL, /* should never be called */
-    &_krb5_checksum_gmac_128_aes256,
+    NULL, /* should never be called */
     F_DERIVED | F_SP800_108_KDF | F_ENC_THEN_CKSUM | F_AEAD,
     _krb5_evp_encrypt_gcm,
     16,

diff --git a/lib/krb5/crypto-algs.c b/lib/krb5/crypto-algs.c
@@ -55,8 +55,6 @@ struct _krb5_checksum_type *_krb5_checksum_types[] = {
     &_krb5_checksum_hmac_sha1_aes256,
     &_krb5_checksum_hmac_sha256_128_aes128,
     &_krb5_checksum_hmac_sha384_192_aes256,
-    &_krb5_checksum_gmac_128_aes128,
-    &_krb5_checksum_gmac_128_aes256,
     &_krb5_checksum_hmac_md5
 };
 

diff --git a/lib/krb5/crypto-evp.c b/lib/krb5/crypto-evp.c
@@ -331,24 +331,3 @@ _krb5_evp_cipher_aead(krb5_context context,
 
     return 0;
 }
-
-/* XXX this is unsafe */
-krb5_error_code
-_krb5_checksum_aead(krb5_context context,
-		    struct _krb5_key_data *key,
-		    const void *data,
-		    size_t len,
-		    unsigned usage,
-		    Checksum *result)
-{
-    krb5_crypto_iov iov[2];
-
-    iov[0].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
-    iov[0].data.data = (void *)data;
-    iov[0].data.length = len;
-
-    iov[1].flags = KRB5_CRYPTO_TYPE_TRAILER;
-    iov[1].data = result->checksum;
-
-    return _krb5_evp_cipher_aead(context, key, iov, 2, NULL, 1);
-}
diff --git a/lib/krb5/crypto.h b/lib/krb5/crypto.h
@@ -143,8 +143,6 @@ extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128;
 extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256;
 extern struct _krb5_checksum_type _krb5_checksum_hmac_sha256_128_aes128;
 extern struct _krb5_checksum_type _krb5_checksum_hmac_sha384_192_aes256;
-extern struct _krb5_checksum_type _krb5_checksum_gmac_128_aes128;
-extern struct _krb5_checksum_type _krb5_checksum_gmac_128_aes256;
 extern struct _krb5_checksum_type _krb5_checksum_hmac_md5;
 extern struct _krb5_checksum_type _krb5_checksum_sha1;
 extern struct _krb5_checksum_type _krb5_checksum_sha2;