diff options
| author | Greg Hudson <ghudson@mit.edu> | 2009-10-19 20:04:21 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2009-10-19 20:04:21 +0000 |
| commit | e6b93b7dd43bb765900b2db71641479b597844da (patch) | |
| tree | 2b6da09e37da6ca699a8cb43c87e8a4218132254 /src/lib/crypto/builtin/hmac.c | |
| parent | 04a5d19e61bedbb1da4db52334c00f7a54a9d5a8 (diff) | |
| download | krb5-e6b93b7dd43bb765900b2db71641479b597844da.zip krb5-e6b93b7dd43bb765900b2db71641479b597844da.tar.gz krb5-e6b93b7dd43bb765900b2db71641479b597844da.tar.bz2 | |
Implement new APIs to allow improved crypto performance
Merge branches/enc-perf to trunk. Adds the krb5_key opaque type, the
krb5_k_* APIs to use them, and caching of derived keys when krb5_k_*
functions are used. Updates the krb5 auth context and GSS id-rec to
use krb5_keys.
ticket: 6576
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22944 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/builtin/hmac.c')
| -rw-r--r-- | src/lib/crypto/builtin/hmac.c | 39 |
1 files changed, 34 insertions, 5 deletions
diff --git a/src/lib/crypto/builtin/hmac.c b/src/lib/crypto/builtin/hmac.c index 3bff3cf..6726a08 100644 --- a/src/lib/crypto/builtin/hmac.c +++ b/src/lib/crypto/builtin/hmac.c @@ -28,6 +28,17 @@ #include "aead.h" /* + * Because our built-in HMAC implementation doesn't need to invoke any + * encryption or keyed hash functions, it is simplest to define it in + * terms of keyblocks, and then supply a simple wrapper for the + * "normal" krb5_key-using interfaces. The keyblock interfaces are + * useful for the built-in arcfour code which constructs a lot of + * intermediate HMAC keys. For other back ends, it should not be + * necessary to supply the _keyblock versions of the hmac functions if + * the back end code doesn't make use of them. + */ + +/* * the HMAC transform looks like: * * H(K XOR opad, H(K XOR ipad, text)) @@ -40,8 +51,9 @@ */ krb5_error_code -krb5_hmac(const struct krb5_hash_provider *hash, const krb5_keyblock *key, - unsigned int icount, const krb5_data *input, krb5_data *output) +krb5int_hmac_keyblock(const struct krb5_hash_provider *hash, + const krb5_keyblock *key, unsigned int icount, + const krb5_data *input, krb5_data *output) { size_t hashsize, blocksize; unsigned char *xorkey, *ihash; @@ -127,8 +139,10 @@ cleanup: } krb5_error_code -krb5int_hmac_iov(const struct krb5_hash_provider *hash, const krb5_keyblock *key, - const krb5_crypto_iov *data, size_t num_data, krb5_data *output) +krb5int_hmac_iov_keyblock(const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output) { krb5_data *sign_data; size_t num_sign_data; @@ -156,10 +170,25 @@ krb5int_hmac_iov(const struct krb5_hash_provider *hash, const krb5_keyblock *key } /* caller must store checksum in iov as it may be TYPE_TRAILER or TYPE_CHECKSUM */ - ret = krb5_hmac(hash, key, num_sign_data, sign_data, output); + ret = krb5int_hmac_keyblock(hash, key, num_sign_data, sign_data, output); free(sign_data); return ret; } +krb5_error_code +krb5_hmac(const struct krb5_hash_provider *hash, krb5_key key, + unsigned int icount, const krb5_data *input, krb5_data *output) +{ + return krb5int_hmac_keyblock(hash, &key->keyblock, icount, input, output); +} + +krb5_error_code +krb5int_hmac_iov(const struct krb5_hash_provider *hash, krb5_key key, + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output) +{ + return krb5int_hmac_iov_keyblock(hash, &key->keyblock, data, num_data, + output); +} |