From 3c132f6e129f3e4805ae44a8db749930f1e398b1 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 28 Jun 2019 13:09:47 -0400 Subject: [PATCH] Remove now-unused checksum functions fb2dada5eb89c4cd4e39dedd6dbb7dbd5e94f8b8 removed all call sites of krb5int_cbc_checksum(), krb5int_confounder_verify(), and krb5int_confounder_checksum(), but neglected the functions themselves. ticket: 8808 (cherry picked from commit 2063ff09b384d466c15aca8970c01d074230c815) --- src/lib/crypto/krb/Makefile.in | 6 - src/lib/crypto/krb/checksum_cbc.c | 41 ------ src/lib/crypto/krb/checksum_confounder.c | 159 ----------------------- src/lib/crypto/krb/crypto_int.h | 16 --- src/lib/crypto/krb/deps | 26 ---- 5 files changed, 248 deletions(-) delete mode 100644 src/lib/crypto/krb/checksum_cbc.c delete mode 100644 src/lib/crypto/krb/checksum_confounder.c diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in index b587f7e19..2b0c4163d 100644 --- a/src/lib/crypto/krb/Makefile.in +++ b/src/lib/crypto/krb/Makefile.in @@ -10,8 +10,6 @@ STLIBOBJS=\ aead.o \ block_size.o \ cf2.o \ - checksum_cbc.o \ - checksum_confounder.o \ checksum_dk_cmac.o \ checksum_dk_hmac.o \ checksum_etm.o \ @@ -70,8 +68,6 @@ OBJS=\ $(OUTPRE)aead.$(OBJEXT) \ $(OUTPRE)block_size.$(OBJEXT) \ $(OUTPRE)cf2.$(OBJEXT) \ - $(OUTPRE)checksum_cbc.$(OBJEXT) \ - $(OUTPRE)checksum_confounder.$(OBJEXT) \ $(OUTPRE)checksum_dk_cmac.$(OBJEXT) \ $(OUTPRE)checksum_dk_hmac.$(OBJEXT) \ $(OUTPRE)checksum_etm.$(OBJEXT) \ @@ -130,8 +126,6 @@ SRCS=\ $(srcdir)/aead.c \ $(srcdir)/block_size.c \ $(srcdir)/cf2.c \ - $(srcdir)/checksum_cbc.c \ - $(srcdir)/checksum_confounder.c \ $(srcdir)/checksum_dk_cmac.c \ $(srcdir)/checksum_dk_hmac.c \ $(srcdir)/checksum_etm.c \ diff --git a/src/lib/crypto/krb/checksum_cbc.c b/src/lib/crypto/krb/checksum_cbc.c deleted file mode 100644 index 48afeb0e5..000000000 --- a/src/lib/crypto/krb/checksum_cbc.c +++ /dev/null @@ -1,41 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/krb/checksum_cbc.c */ -/* - * Copyright (C) 2009 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* CBC checksum, which computes the ivec resulting from CBC encryption of the - * input. */ - -#include "crypto_int.h" - -krb5_error_code -krb5int_cbc_checksum(const struct krb5_cksumtypes *ctp, - krb5_key key, krb5_keyusage usage, - const krb5_crypto_iov *data, size_t num_data, - krb5_data *output) -{ - if (ctp->enc->cbc_mac == NULL) - return KRB5_CRYPTO_INTERNAL; - return ctp->enc->cbc_mac(key, data, num_data, NULL, output); -} diff --git a/src/lib/crypto/krb/checksum_confounder.c b/src/lib/crypto/krb/checksum_confounder.c deleted file mode 100644 index 34941562c..000000000 --- a/src/lib/crypto/krb/checksum_confounder.c +++ /dev/null @@ -1,159 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* lib/crypto/krb/checksum_confounder.c */ -/* - * Copyright (C) 2009 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* - * Confounder checksum implementation, using tokens of the form: - * enc(xorkey, confounder | hash(confounder | data)) - * where xorkey is the key XOR'd with 0xf0 bytes. - */ - -#include "crypto_int.h" - -/* Derive a key by XOR with 0xF0 bytes. */ -static krb5_error_code -mk_xorkey(krb5_key origkey, krb5_key *xorkey) -{ - krb5_error_code retval = 0; - unsigned char *xorbytes; - krb5_keyblock xorkeyblock; - size_t i = 0; - - xorbytes = k5memdup(origkey->keyblock.contents, origkey->keyblock.length, - &retval); - if (xorbytes == NULL) - return retval; - for (i = 0; i < origkey->keyblock.length; i++) - xorbytes[i] ^= 0xf0; - - /* Do a shallow copy here. */ - xorkeyblock = origkey->keyblock; - xorkeyblock.contents = xorbytes; - - retval = krb5_k_create_key(0, &xorkeyblock, xorkey); - zapfree(xorbytes, origkey->keyblock.length); - return retval; -} - -krb5_error_code -krb5int_confounder_checksum(const struct krb5_cksumtypes *ctp, - krb5_key key, krb5_keyusage usage, - const krb5_crypto_iov *data, size_t num_data, - krb5_data *output) -{ - krb5_error_code ret; - krb5_data conf, hashval; - krb5_key xorkey = NULL; - krb5_crypto_iov *hash_iov, iov; - size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize; - - /* Partition the output buffer into confounder and hash. */ - conf = make_data(output->data, blocksize); - hashval = make_data(output->data + blocksize, hashsize); - - /* Create the confounder. */ - ret = krb5_c_random_make_octets(NULL, &conf); - if (ret != 0) - return ret; - - ret = mk_xorkey(key, &xorkey); - if (ret) - return ret; - - /* Hash the confounder, then the input data. */ - hash_iov = k5calloc(num_data + 1, sizeof(krb5_crypto_iov), &ret); - if (hash_iov == NULL) - goto cleanup; - hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA; - hash_iov[0].data = conf; - memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov)); - ret = ctp->hash->hash(hash_iov, num_data + 1, &hashval); - if (ret != 0) - goto cleanup; - - /* Confounder and hash are in output buffer; encrypt them in place. */ - iov.flags = KRB5_CRYPTO_TYPE_DATA; - iov.data = *output; - ret = ctp->enc->encrypt(xorkey, NULL, &iov, 1); - -cleanup: - free(hash_iov); - krb5_k_free_key(NULL, xorkey); - return ret; -} - -krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp, - krb5_key key, krb5_keyusage usage, - const krb5_crypto_iov *data, - size_t num_data, - const krb5_data *input, - krb5_boolean *valid) -{ - krb5_error_code ret; - unsigned char *plaintext = NULL; - krb5_key xorkey = NULL; - krb5_data computed = empty_data(); - krb5_crypto_iov *hash_iov = NULL, iov; - size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize; - - plaintext = k5memdup(input->data, input->length, &ret); - if (plaintext == NULL) - return ret; - - ret = mk_xorkey(key, &xorkey); - if (ret != 0) - goto cleanup; - - /* Decrypt the input checksum. */ - iov.flags = KRB5_CRYPTO_TYPE_DATA; - iov.data = make_data(plaintext, input->length); - ret = ctp->enc->decrypt(xorkey, NULL, &iov, 1); - if (ret != 0) - goto cleanup; - - /* Hash the confounder, then the input data. */ - hash_iov = k5calloc(num_data + 1, sizeof(krb5_crypto_iov), &ret); - if (hash_iov == NULL) - goto cleanup; - hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA; - hash_iov[0].data = make_data(plaintext, blocksize); - memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov)); - ret = alloc_data(&computed, hashsize); - if (ret != 0) - goto cleanup; - ret = ctp->hash->hash(hash_iov, num_data + 1, &computed); - if (ret != 0) - goto cleanup; - - /* Compare the decrypted hash to the computed one. */ - *valid = (k5_bcmp(plaintext + blocksize, computed.data, hashsize) == 0); - -cleanup: - zapfree(plaintext, input->length); - zapfree(computed.data, hashsize); - free(hash_iov); - krb5_k_free_key(NULL, xorkey); - return ret; -} diff --git a/src/lib/crypto/krb/crypto_int.h b/src/lib/crypto/krb/crypto_int.h index 1b4324d71..5cc1f8e43 100644 --- a/src/lib/crypto/krb/crypto_int.h +++ b/src/lib/crypto/krb/crypto_int.h @@ -299,11 +299,6 @@ krb5_error_code krb5int_unkeyed_checksum(const struct krb5_cksumtypes *ctp, const krb5_crypto_iov *data, size_t num_data, krb5_data *output); -krb5_error_code krb5int_cbc_checksum(const struct krb5_cksumtypes *ctp, - krb5_key key, krb5_keyusage usage, - const krb5_crypto_iov *data, - size_t num_data, - krb5_data *output); krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp, krb5_key key, krb5_keyusage usage, const krb5_crypto_iov *data, @@ -317,17 +312,6 @@ krb5_error_code krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp, krb5_key key, krb5_keyusage usage, const krb5_crypto_iov *data, size_t num_data, krb5_data *output); -krb5_error_code krb5int_confounder_checksum(const struct krb5_cksumtypes *ctp, - krb5_key key, krb5_keyusage usage, - const krb5_crypto_iov *data, - size_t num_data, - krb5_data *output); -krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp, - krb5_key key, krb5_keyusage usage, - const krb5_crypto_iov *data, - size_t num_data, - const krb5_data *input, - krb5_boolean *valid); krb5_error_code krb5int_etm_checksum(const struct krb5_cksumtypes *ctp, krb5_key key, krb5_keyusage usage, const krb5_crypto_iov *data, diff --git a/src/lib/crypto/krb/deps b/src/lib/crypto/krb/deps index 2f4af1906..883d12c56 100644 --- a/src/lib/crypto/krb/deps +++ b/src/lib/crypto/krb/deps @@ -37,32 +37,6 @@ cf2.so cf2.po $(OUTPRE)cf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ cf2.c crypto_int.h -checksum_cbc.so checksum_cbc.po $(OUTPRE)checksum_cbc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h $(srcdir)/../builtin/crypto_mod.h \ - $(srcdir)/../builtin/sha2/sha2.h $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h checksum_cbc.c \ - crypto_int.h -checksum_confounder.so checksum_confounder.po $(OUTPRE)checksum_confounder.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../builtin/aes/aes.h $(srcdir)/../builtin/crypto_mod.h \ - $(srcdir)/../builtin/sha2/sha2.h $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \ - $(top_srcdir)/include/socket-utils.h checksum_confounder.c \ - crypto_int.h checksum_dk_cmac.so checksum_dk_cmac.po $(OUTPRE)checksum_dk_cmac.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \