diff options
| author | Greg Hudson <ghudson@mit.edu> | 2009-09-28 15:52:02 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2009-09-28 15:52:02 +0000 |
| commit | 8672d5cb51d4744e52e358ef6ae6db523aa84a61 (patch) | |
| tree | 6c3404cfa9e96e6aa355b60686e23d154f7e9f4d | |
| parent | ef4e8ce8f3765229cf56cf5f84d80143b32d9b64 (diff) | |
| download | krb5-8672d5cb51d4744e52e358ef6ae6db523aa84a61.zip krb5-8672d5cb51d4744e52e358ef6ae6db523aa84a61.tar.gz krb5-8672d5cb51d4744e52e358ef6ae6db523aa84a61.tar.bz2 | |
Move the implementation of krb5_copy_keyblock[_contents] into crypto
to allow internal use (similar to krb5_free_keyblock[_contents]).
Define krb5_key type and initial internal representation.
Define the constructor, destructor, and accessors.
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/enc-perf@22793 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/include/k5-int.h | 12 | ||||
| -rw-r--r-- | src/include/krb5/krb5.hin | 67 | ||||
| -rw-r--r-- | src/lib/crypto/krb/Makefile.in | 3 | ||||
| -rw-r--r-- | src/lib/crypto/krb/keyblocks.c | 36 | ||||
| -rw-r--r-- | src/lib/crypto/libk5crypto.exports | 6 | ||||
| -rw-r--r-- | src/lib/krb5/krb/copy_key.c | 13 | ||||
| -rw-r--r-- | src/lib/krb5/krb/cp_key_cnt.c | 10 |
7 files changed, 124 insertions, 23 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 1cb2fdb..71fcf64 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -635,6 +635,11 @@ krb5int_locate_server (krb5_context, const krb5_data *realm, struct addrlist *, enum locate_service_type svc, int sockettype, int family); +/* Internal structure of an opaque key identifier */ +struct krb5_key_st { + krb5_keyblock keyblock; +}; + /* new encryption provider api */ struct krb5_enc_provider { @@ -798,13 +803,18 @@ krb5_error_code krb5int_c_combine_keys (krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2, krb5_keyblock *outkey); + void krb5int_c_free_keyblock (krb5_context, krb5_keyblock *key); void krb5int_c_free_keyblock_contents (krb5_context, krb5_keyblock *); -krb5_error_code krb5int_c_init_keyblock +krb5_error_code krb5int_c_init_keyblock (krb5_context, krb5_enctype enctype, size_t length, krb5_keyblock **out); +krb5_error_code krb5int_c_copy_keyblock +(krb5_context context, const krb5_keyblock *from, krb5_keyblock **to); +krb5_error_code krb5int_c_copy_keyblock_contents +(krb5_context context, const krb5_keyblock *from, krb5_keyblock *to); /* * Internal - for cleanup. diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 8111c5b..fd35a50 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -341,6 +341,7 @@ struct _krb5_cryptosystem_entry; * begin "encryption.h" */ +/* Exposed contents of a key. */ typedef struct _krb5_keyblock { krb5_magic magic; krb5_enctype enctype; @@ -348,6 +349,13 @@ typedef struct _krb5_keyblock { krb5_octet *contents; } krb5_keyblock; +/* + * Opaque identifier for a key. Use with the krb5_k APIs for better + * performance for repeated operations with the same key usage. + */ +struct krb5_key_st; +typedef struct krb5_key_st *krb5_key; + #ifdef KRB5_OLD_CRYPTO typedef struct _krb5_encrypt_block { krb5_magic magic; @@ -705,6 +713,65 @@ krb5_error_code KRB5_CALLCONV (krb5_context context, krb5_enctype enctype, size_t data_length, unsigned int *size); +/* + * krb5_k_* functions use opaque key identifiers and should perform + * better for repeated operations with the same key usage. + */ + +krb5_error_code KRB5_CALLCONV +krb5_k_create_key(krb5_context context, krb5_keyblock *key_data, + krb5_key *out); + +void KRB5_CALLCONV krb5_k_free_key(krb5_context context, krb5_key key); + +krb5_error_code KRB5_CALLCONV +krb5_k_key_keyblock(krb5_context context, krb5_key key, + krb5_keyblock **key_data); + +krb5_enctype KRB5_CALLCONV +krb5_k_key_enctype(krb5_context context, krb5_key key); + +krb5_error_code KRB5_CALLCONV +krb5_k_encrypt(krb5_context context, krb5_key key, krb5_keyusage usage, + const krb5_data *cipher_state, const krb5_data *input, + krb5_enc_data *output); + +krb5_error_code KRB5_CALLCONV +krb5_k_encrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage, + const krb5_data *cipher_state, krb5_crypto_iov *data, + size_t num_data); + +krb5_error_code KRB5_CALLCONV +krb5_k_decrypt(krb5_context context, krb5_key key, krb5_keyusage usage, + const krb5_data *cipher_state, const krb5_enc_data *input, + krb5_data *output); + +krb5_error_code KRB5_CALLCONV +krb5_k_decrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage, + const krb5_data *cipher_state, krb5_crypto_iov *data, + size_t num_data); + +krb5_error_code KRB5_CALLCONV +krb5_k_make_checksum(krb5_context context, krb5_cksumtype cksumtype, + krb5_key key, krb5_keyusage usage, const krb5_data *input, + krb5_checksum *cksum); + +krb5_error_code KRB5_CALLCONV +krb5_k_make_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, + krb5_key key, krb5_keyusage usage, + krb5_crypto_iov *data, size_t num_data); + +krb5_error_code KRB5_CALLCONV +krb5_k_verify_checksum(krb5_context context, krb5_key key, krb5_keyusage usage, + const krb5_data *data, const krb5_checksum *cksum, + krb5_boolean *valid); + +krb5_error_code KRB5_CALLCONV +krb5_k_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, + krb5_key key, krb5_keyusage usage, + const krb5_crypto_iov *data, size_t num_data, + krb5_boolean *valid); + #ifdef KRB5_OLD_CRYPTO /* * old cryptosystem routine prototypes. These are now layered diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in index 0a0cd67..c807614 100644 --- a/src/lib/crypto/krb/Makefile.in +++ b/src/lib/crypto/krb/Makefile.in @@ -44,6 +44,7 @@ STLIBOBJS=\ enctype_compare.o \ enctype_to_string.o \ etypes.o \ + key.o \ keyblocks.o \ keyed_cksum.o \ keyed_checksum_types.o \ @@ -86,6 +87,7 @@ OBJS=\ $(OUTPRE)enctype_compare.$(OBJEXT) \ $(OUTPRE)enctype_to_string.$(OBJEXT) \ $(OUTPRE)etypes.$(OBJEXT) \ + $(OUTPRE)key.$(OBJECT) \ $(OUTPRE)keyblocks.$(OBJEXT) \ $(OUTPRE)keyed_cksum.$(OBJEXT) \ $(OUTPRE)keyed_checksum_types.$(OBJEXT) \ @@ -127,6 +129,7 @@ SRCS=\ $(srcdir)/enctype_compare.c \ $(srcdir)/enctype_to_string.c \ $(srcdir)/etypes.c \ + $(srcdir)/key.c \ $(srcdir)/keyblocks.c \ $(srcdir)/keyed_cksum.c \ $(srcdir)/keyed_checksum_types.c\ diff --git a/src/lib/crypto/krb/keyblocks.c b/src/lib/crypto/krb/keyblocks.c index 5912c81..22d2634 100644 --- a/src/lib/crypto/krb/keyblocks.c +++ b/src/lib/crypto/krb/keyblocks.c @@ -60,7 +60,6 @@ krb5_error_code krb5int_c_init_keyblock return 0; } - void krb5int_c_free_keyblock(krb5_context context, register krb5_keyblock *val) { @@ -77,3 +76,38 @@ krb5int_c_free_keyblock_contents(krb5_context context, krb5_keyblock *key) key->contents = 0; } } + +krb5_error_code +krb5int_c_copy_keyblock(krb5_context context, const krb5_keyblock *from, + krb5_keyblock **to) +{ + krb5_keyblock *new_key; + krb5_error_code code; + + *to = NULL; + new_key = malloc(sizeof(*new_key)); + if (!new_key) + return ENOMEM; + code = krb5int_c_copy_keyblock_contents(context, from, new_key); + if (code) { + free(new_key); + return code; + } + *to = new_key; + return 0; +} + +krb5_error_code +krb5int_c_copy_keyblock_contents(krb5_context context, + const krb5_keyblock *from, krb5_keyblock *to) +{ + *to = *from; + if (to->length) { + to->contents = malloc(to->length); + if (!to->contents) + return ENOMEM; + memcpy(to->contents, from->contents, to->length); + } else + to->contents = 0; + return 0; +} diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports index 4ea46fa..e07a15e 100644 --- a/src/lib/crypto/libk5crypto.exports +++ b/src/lib/crypto/libk5crypto.exports @@ -72,6 +72,10 @@ krb5_finish_random_key krb5_free_cksumtypes krb5_hmac krb5_init_random_key +krb5_k_create_key +krb5_k_free_key +krb5_k_key_enctype +krb5_k_key_keyblock krb5_nfold krb5_old_decrypt krb5_old_encrypt @@ -100,6 +104,8 @@ krb5int_aes_string_to_key krb5int_arcfour_string_to_key krb5int_arcfour_translate_usage krb5int_c_combine_keys +krb5int_c_copy_keyblock +krb5int_c_copy_keyblock_contents krb5int_c_free_keyblock krb5int_c_free_keyblock_contents krb5int_c_init_keyblock diff --git a/src/lib/krb5/krb/copy_key.c b/src/lib/krb5/krb/copy_key.c index f926b4f..4772c58 100644 --- a/src/lib/krb5/krb/copy_key.c +++ b/src/lib/krb5/krb/copy_key.c @@ -35,16 +35,5 @@ krb5_error_code KRB5_CALLCONV krb5_copy_keyblock(krb5_context context, const krb5_keyblock *from, krb5_keyblock **to) { - krb5_keyblock *new_key; - - if (!(new_key = (krb5_keyblock *) malloc(sizeof(krb5_keyblock)))) - return ENOMEM; - *new_key = *from; - if (!(new_key->contents = (krb5_octet *)malloc(new_key->length))) { - free(new_key); - return(ENOMEM); - } - memcpy(new_key->contents, from->contents, new_key->length); - *to = new_key; - return 0; + return krb5int_c_copy_keyblock(context, from, to); } diff --git a/src/lib/krb5/krb/cp_key_cnt.c b/src/lib/krb5/krb/cp_key_cnt.c index fb90bfa..74efb5e 100644 --- a/src/lib/krb5/krb/cp_key_cnt.c +++ b/src/lib/krb5/krb/cp_key_cnt.c @@ -35,13 +35,5 @@ krb5_error_code KRB5_CALLCONV krb5_copy_keyblock_contents(krb5_context context, const krb5_keyblock *from, krb5_keyblock *to) { - *to = *from; - if (to->length) { - to->contents = (krb5_octet *)malloc(to->length); - if (!to->contents) - return ENOMEM; - memcpy(to->contents, from->contents, to->length); - } else - to->contents = 0; - return 0; + return krb5int_c_copy_keyblock_contents(context, from, to); } |