Conditionalize the Camellia-CCM code, requiring the builder to define

local-use enctype and cksumtype numbers at build time in order to
enable it.  Disable tests which aren't easily conditionalized on C
preprocessor defines.


git-svn-id: svn://anonsvn.mit.edu/krb5/branches/camellia-ccm@24293 dc483132-0cff-0310-8789-dd5450dbe970

src/include/k5-int.h

@@ -2559,6 +2559,25 @@ krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
                          size_t num_data, const krb5_data *iv,
                          krb5_data *output);
 
+#if 0
+/*
+ * There are no IANA assignments for these enctypes or cksumtypes yet.  They
+ * must be defined to local-use negative numbers at build time for Camellia-CCM
+ * support to function at the moment.  If one is defined, they should all be
+ * defined.  When IANA assignments exist, these definitions should move to the
+ * appropriate places in krb5.hin and all CAMELLIA_CCM conditional code should
+ * be made unconditional.
+ */
+#define ENCTYPE_CAMELLIA128_CCM_128 -XXX /* Camellia CCM mode, 128-bit key */
+#define ENCTYPE_CAMELLIA256_CCM_128 -YYY /* Camellia CCM mode, 256-bit key */
+#define CKSUMTYPE_CMAC_128_CAMELLIA128  -XXX  /* CMAC, 128-bit Camellia key */
+#define CKSUMTYPE_CMAC_128_CAMELLIA256  -YYY  /* CMAC, 256-bit Camellia key */
+#endif
+
+#ifdef ENCTYPE_CAMELLIA128_CCM_128
+#define CAMELLIA_CCM
+#endif
+
 struct _krb5_kt {       /* should move into k5-int.h */
     krb5_magic magic;
     const struct _krb5_kt_ops *ops;

src/include/krb5/krb5.hin

@@ -421,8 +421,6 @@ typedef struct _krb5_crypto_iov {
 #define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012
 #define ENCTYPE_ARCFOUR_HMAC    0x0017
 #define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
-#define ENCTYPE_CAMELLIA128_CCM_128 -66 /* Camellia CCM mode, 128-bit key */
-#define ENCTYPE_CAMELLIA256_CCM_128 -67 /* Camellia CCM mode, 256-bit key */
 #define ENCTYPE_UNKNOWN         0x01ff
 
 #define CKSUMTYPE_CRC32         0x0001
@@ -437,8 +435,6 @@ typedef struct _krb5_crypto_iov {
 #define CKSUMTYPE_HMAC_SHA1_DES3        0x000c
 #define CKSUMTYPE_HMAC_SHA1_96_AES128   0x000f
 #define CKSUMTYPE_HMAC_SHA1_96_AES256   0x0010
-#define CKSUMTYPE_CMAC_128_CAMELLIA128  -66  /* CMAC, 128-bit Camellia key */
-#define CKSUMTYPE_CMAC_128_CAMELLIA256  -67  /* CMAC, 256-bit Camellia key */
 #define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /*Microsoft netlogon cksumtype*/
 #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/
 

src/lib/crypto/builtin/enc_provider/camellia_ctr.c

@@ -30,6 +30,8 @@
 #include <aead.h>
 #include <rand2key.h>
 
+#ifdef CAMELLIA_CCM
+
 static void
 xorblock(unsigned char *out, const unsigned char *in)
 {
@@ -204,3 +206,20 @@ const struct krb5_enc_provider krb5int_enc_camellia256_ctr = {
     krb5int_default_free_state,
     NULL
 };
+
+#else /* CAMELLIA_CCM */
+
+/* These won't be used, but is still in the export table. */
+
+krb5_error_code
+krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
+                         size_t num_data, const krb5_data *iv,
+			 krb5_data *output)
+{
+    return EINVAL;
+}
+
+const struct krb5_enc_provider krb5int_enc_camellia128_ctr = {
+};
+
+#endif /* CAMELLIA_CCM */

src/lib/crypto/builtin/enc_provider/enc_provider.h

@@ -32,5 +32,7 @@ extern const struct krb5_enc_provider krb5int_enc_des3;
 extern const struct krb5_enc_provider krb5int_enc_arcfour;
 extern const struct krb5_enc_provider krb5int_enc_aes128;
 extern const struct krb5_enc_provider krb5int_enc_aes256;
+#ifdef CAMELLIA_CCM
 extern const struct krb5_enc_provider krb5int_enc_camellia128_ctr;
 extern const struct krb5_enc_provider krb5int_enc_camellia256_ctr;
+#endif

src/lib/crypto/crypto_tests/Makefile.in

@@ -31,6 +31,7 @@ EXTRADEPSRCS=\
 	$(srcdir)/t_mddriver.c	\
 	$(srcdir)/t_kperf.c	\
 	$(srcdir)/t_short.c	\
+	$(srcdir)/t_str2key.c	\
 	$(srcdir)/ytest.c	
 
 ##DOSBUILDTOP = ..\..\..
@@ -67,7 +68,8 @@ check-unix:: t_nfold t_encrypt t_prf t_prng t_cmac t_hmac \
 	$(RUN_SETUP) $(VALGRIND) ./aes-test > vt.txt
 	cmp vt.txt $(srcdir)/expect-vt.txt
 	$(RUN_SETUP) $(VALGRIND) ./camellia-test > camellia-vt.txt
-	cmp camellia-vt.txt $(srcdir)/camellia-expect-vt.txt
+# Enable this when Camellia-CCM becomes unconditional.
+#	cmp camellia-vt.txt $(srcdir)/camellia-expect-vt.txt
 	$(RUN_SETUP) $(VALGRIND) $(C)t_mddriver4 -x
 	$(RUN_SETUP) $(VALGRIND) $(C)t_mddriver -x
 	$(RUN_SETUP) $(VALGRIND) ./t_short

src/lib/crypto/crypto_tests/camellia-test.c

@@ -31,6 +31,8 @@
 #include <stdio.h>
 #include "k5-int.h"
 
+#ifdef CAMELLIA_CCM
+
 static char key[32];
 static char plain[16], cipher[16], zero[16];
 
@@ -123,9 +125,11 @@ static void vt_test()
     vt_test_1(32);
 }
 
+#endif /* CAMELLIA_CCM */
 
 int main (int argc, char *argv[])
 {
+#ifdef CAMELLIA_CCM
     if (argc > 2 || (argc == 2 && strcmp(argv[1], "-k"))) {
 	fprintf(stderr,
 		"usage:\t%s -k\tfor variable-key tests\n"
@@ -138,5 +142,6 @@ int main (int argc, char *argv[])
 	vk_test();
     else
 	vt_test();
+#endif /* CAMELLIA_CCM */
     return 0;
 }

src/lib/crypto/crypto_tests/t_camellia_ccm.c

@@ -39,6 +39,8 @@
 
 #include "k5-int.h"
 
+#ifdef CAMELLIA_CCM
+
 static krb5_keyblock key_128 = {
     KV5M_KEYBLOCK,
     ENCTYPE_CAMELLIA128_CCM_128,
@@ -248,9 +250,12 @@ verify_cksum(krb5_context context)
     }
 }
 
+#endif /* CAMELLIA_CCM */
+
 int
 main(int argc, char **argv)
 {
+#ifdef CAMELLIA_CCM
     krb5_context context = NULL;
     krb5_data seed = string2data("seed");
 
@@ -263,5 +268,6 @@ main(int argc, char **argv)
         verify_enc(context);
         verify_cksum(context);
     }
+#endif /* CAMELLIA_CCM */
     return 0;
 }

src/lib/crypto/crypto_tests/t_cmac.c

@@ -42,6 +42,8 @@
 #include "enc_provider.h"
 #include "cksumtypes.h"
 
+#ifdef CAMELLIA_CCM
+
 /* All examples use the following Camellia-128 key. */
 static unsigned char keybytes[] = {
     0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
@@ -98,9 +100,12 @@ check_result(const char *name, const unsigned char *result,
     }
 }
 
+#endif /* CAMELLIA_CCM */
+
 int
 main(int argc, char **argv)
 {
+#ifdef CAMELLIA_CCM
     krb5_context context = NULL;
     krb5_keyblock keyblock;
     krb5_key key;
@@ -139,5 +144,6 @@ main(int argc, char **argv)
 
     printf("All CMAC tests passed.\n");
     krb5_k_free_key(context, key);
+#endif /* CAMELLIA_CCM */
     return 0;
 }

src/lib/crypto/crypto_tests/t_encrypt.c

@@ -45,8 +45,10 @@ krb5_enctype interesting_enctypes[] = {
     ENCTYPE_ARCFOUR_HMAC_EXP,
     ENCTYPE_AES256_CTS_HMAC_SHA1_96,
     ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+#ifdef CAMELLIA_CCM
     ENCTYPE_CAMELLIA128_CCM_128,
     ENCTYPE_CAMELLIA256_CCM_128,
+#endif
     0
 };
 

src/lib/crypto/crypto_tests/t_short.c

@@ -41,8 +41,10 @@ krb5_enctype interesting_enctypes[] = {
     ENCTYPE_ARCFOUR_HMAC_EXP,
     ENCTYPE_AES256_CTS_HMAC_SHA1_96,
     ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+#ifdef CAMELLIA_CCM
     ENCTYPE_CAMELLIA128_CCM_128,
     ENCTYPE_CAMELLIA256_CCM_128,
+#endif
     0
 };
 

src/lib/crypto/crypto_tests/t_str2key.c

@@ -158,6 +158,7 @@ struct test {
           "\x57\x18\x48\xB7\x84\xA3\xD6\xBD\xC3\x46\x58\x9A\x3E\x39\x3F\x9E" }
     },
 
+#ifdef CAMELLIA_CCM
     /* The same inputs applied to camellia-ccm enctypes. */
     { 
         ENCTYPE_CAMELLIA128_CCM_128,
@@ -278,6 +279,7 @@ struct test {
           "\x6A\x1F\x10\xE5\x74\x4E\x32\xDD\x33\x49\x03\xA8\xEB\xD1\x42\x7E"
           "\x4C\x8D\x3D\x6D\xA5\x76\x77\x50\x4C\x38\x4C\x24\x33\x0B\x60\x3D" }
     }
+#endif /* CAMELLIA_CCM */
 };
 
 static void

src/lib/crypto/krb/checksum/cmac.c

@@ -45,6 +45,8 @@
 #include "etypes.h"
 #include "cksumtypes.h"
 
+#ifdef CAMELLIA_CCM
+
 #define BLOCK_SIZE 16
 
 static unsigned char const_Rb[BLOCK_SIZE] = {
@@ -223,3 +225,17 @@ krb5int_cmac_checksum(const struct krb5_enc_provider *enc, krb5_key key,
 
     return 0;
 }
+
+#else /* CAMELLIA_CCM */
+
+/* This won't be used, but is still in the export table. */
+
+krb5_error_code
+krb5int_cmac_checksum(const struct krb5_enc_provider *enc, krb5_key key,
+                      const krb5_crypto_iov *data, size_t num_data,
+                      krb5_data *output)
+{
+    return EINVAL;
+}
+
+#endif /* CAMELLIA_CCM */

src/lib/crypto/krb/cksumtypes.c

@@ -105,6 +105,7 @@ const struct krb5_cksumtypes krb5int_cksumtypes_list[] = {
       krb5int_hmacmd5_checksum, NULL,
       16, 16, 0 },
 
+#ifdef CAMELLIA_CCM
     { CKSUMTYPE_CMAC_128_CAMELLIA128,
       "cmac-128-camellia128", { 0 }, "CMAC Camellia128 key",
       &krb5int_enc_camellia128_ctr, NULL,
@@ -116,6 +117,7 @@ const struct krb5_cksumtypes krb5int_cksumtypes_list[] = {
       &krb5int_enc_camellia256_ctr, NULL,
       krb5int_dk_cmac_checksum, NULL,
       16, 16, 0 },
+#endif /* CAMELLIA_CCM */
 };
 
 const size_t krb5int_cksumtypes_length =

src/lib/crypto/krb/dk/checksum_cmac.c

@@ -32,6 +32,8 @@
 
 #define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
 
+#ifdef CAMELLIA_CCM
+
 krb5_error_code
 krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp,
                          krb5_key key, krb5_keyusage usage,
@@ -61,3 +63,4 @@ krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp,
     return ret;
 }
 
+#endif /* CAMELLIA_CCM */

src/lib/crypto/krb/dk/derive.c

@@ -129,6 +129,8 @@ derive_random_rfc3961(const struct krb5_enc_provider *enc,
     return ret;
 }
 
+#ifdef CAMELLIA_CCM
+
 /*
  * NIST SP800-108 KDF in feedback mode (section 5.2).
  * Parameters:
@@ -204,6 +206,8 @@ derive_random_sp800_108_cmac(const struct krb5_enc_provider *enc,
     return ret;
 }
 
+#endif /* CAMELLIA_CCM */
+
 krb5_error_code
 krb5int_derive_random(const struct krb5_enc_provider *enc,
                       krb5_key inkey, krb5_data *outrnd,
@@ -212,8 +216,10 @@ krb5int_derive_random(const struct krb5_enc_provider *enc,
     switch (alg) {
     case DERIVE_RFC3961:
         return derive_random_rfc3961(enc, inkey, outrnd, in_constant);
+#ifdef CAMELLIA_CCM
     case DERIVE_SP800_108_CMAC:
         return derive_random_sp800_108_cmac(enc, inkey, outrnd, in_constant);
+#endif
     default:
         return EINVAL;
     }

src/lib/crypto/krb/dk/dk.h

@@ -66,7 +66,9 @@ krb5int_camellia_ccm_string_to_key(const struct krb5_keytypes *enc,
 
 enum deriv_alg {
     DERIVE_RFC3961,             /* RFC 3961 section 5.1 */
+#ifdef CAMELLIA_CCM
     DERIVE_SP800_108_CMAC       /* NIST SP 800-108 with CMAC as PRF */
+#endif
 };
 
 krb5_error_code

src/lib/crypto/krb/dk/dk_ccm.c

@@ -28,6 +28,8 @@
 #include "dk.h"
 #include "aead.h"
 
+#ifdef CAMELLIA_CCM
+
 /*
  * Implement CCM-mode AEAD as described in section 5.3 and 5.4 of RFC 5116.
  * This is the CCM mode as described in NIST SP800-38C, with a 12 byte nonce
@@ -608,3 +610,5 @@ krb5int_dk_ccm_free_state(const struct krb5_keytypes *ktp,
     state->data = NULL;
     state->length = 0;
 }
+
+#endif /* CAMELLIA_CCM */

src/lib/crypto/krb/dk/stringtokey.c

@@ -185,6 +185,7 @@ krb5int_aes_string_to_key(const struct krb5_keytypes *ktp,
                                 DERIVE_RFC3961);
 }
 
+#ifdef CAMELLIA_CCM
 krb5_error_code
 krb5int_camellia_ccm_string_to_key(const struct krb5_keytypes *ktp,
                                    const krb5_data *string,
@@ -197,4 +198,4 @@ krb5int_camellia_ccm_string_to_key(const struct krb5_keytypes *ktp,
     return pbkdf2_string_to_key(ktp, string, salt, &pepper, params, key,
                                 DERIVE_SP800_108_CMAC);
 }
-
+#endif

src/lib/crypto/krb/etypes.c

@@ -164,6 +164,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_init_state_enc, krb5int_free_state_enc,
       CKSUMTYPE_HMAC_SHA1_96_AES256,
       0 /*flags*/ },
+#ifdef CAMELLIA_CCM
     { ENCTYPE_CAMELLIA128_CCM_128,
       "camellia128-ccm-128", { "camellia128-ccm" },
       "Camellia-128 CCM mode with 128-bit MAC",
@@ -186,6 +187,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       krb5int_dk_ccm_init_state, krb5int_dk_ccm_free_state,
       CKSUMTYPE_CMAC_128_CAMELLIA256,
       0 /*flags */ },
+#endif /* CAMELLIA_CCM */
 };
 
 const int krb5int_enctypes_length =

src/lib/crypto/krb/prf/cmac_prf.c

@@ -33,6 +33,8 @@
 #include "prf_int.h"
 #include <dk.h>
 
+#ifdef CAMELLIA_CCM
+
 krb5_error_code
 krb5int_dk_cmac_prf(const struct krb5_keytypes *ktp, krb5_key key,
                     const krb5_data *in, krb5_data *out)
@@ -64,3 +66,4 @@ krb5int_dk_cmac_prf(const struct krb5_keytypes *ktp, krb5_key key,
     return ret;
 }
 
+#endif /* CAMELLIA_CCM */