diff options
| author | Greg Hudson <ghudson@mit.edu> | 2009-12-04 05:12:35 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2009-12-04 05:12:35 +0000 |
| commit | 5ffa313d9f6b7c509aa0d7579273150d71ea0f95 (patch) | |
| tree | 48f8d5606c919dd09d950c5cbf1609f312f2937d /src/lib/crypto/krb/prf/dk_prf.c | |
| parent | ea6f77d42700352fcb2a06444d1dc00acf7c20fc (diff) | |
| download | krb5-5ffa313d9f6b7c509aa0d7579273150d71ea0f95.zip krb5-5ffa313d9f6b7c509aa0d7579273150d71ea0f95.tar.gz krb5-5ffa313d9f6b7c509aa0d7579273150d71ea0f95.tar.bz2 | |
Consolidate the IOV and non-IOV encryption/decryption code paths, and
drop the _iov suffix from most encryption- and decryption-related
functions. The enc_provider encrypt and decrypt functions take IOVs,
as do the enctype entries in etypes.c, and there are no separate
encrypt_iov or decrypt_iov functions.
aead_provider is gone. Enctype functions now take pointers to the
enctype entry instead of pointers to the enc/hash/aead providers; this
allows dk_encrypt and dk_decrypt to be polymorphic in the length
function they use now that AES and DES3 can't differentiate by aead
provider.
aes_string_to_key needed to be moved into the krb/ fold for this since
it's an enctype function; it was duplicated between builtin/ and
openssl/ before. This leaves openssl/aes empty; the build system
currently demands that all modules have the same directory structure,
so the directory and Makefile will stick around for now.
Three separate copies of the derive_random logic are also now
consolidated into one.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/krb/prf/dk_prf.c')
| -rw-r--r-- | src/lib/crypto/krb/prf/dk_prf.c | 50 |
1 files changed, 32 insertions, 18 deletions
diff --git a/src/lib/crypto/krb/prf/dk_prf.c b/src/lib/crypto/krb/prf/dk_prf.c index a453fc5..3c9a394 100644 --- a/src/lib/crypto/krb/prf/dk_prf.c +++ b/src/lib/crypto/krb/prf/dk_prf.c @@ -34,27 +34,41 @@ #include <dk.h> krb5_error_code -krb5int_dk_prf (const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_key key, const krb5_data *in, krb5_data *out) +krb5int_dk_prf(const struct krb5_keytypes *ktp, krb5_key key, + const krb5_data *in, krb5_data *out) { - krb5_data tmp; - krb5_data prfconst; + const struct krb5_enc_provider *enc = ktp->enc; + const struct krb5_hash_provider *hash = ktp->hash; + krb5_crypto_iov iov; + krb5_data prfconst = make_data("prf", 3); krb5_key kp = NULL; - krb5_error_code ret = 0; + krb5_error_code ret; - prfconst.data = (char *) "prf"; - prfconst.length = 3; - tmp.length = hash->hashsize; - tmp.data = malloc(hash->hashsize); - if (tmp.data == NULL) - return ENOMEM; - hash->hash(1, in, &tmp); - tmp.length = (tmp.length/enc->block_size)*enc->block_size; /*truncate to block size*/ - ret = krb5int_derive_key(enc, key, &kp, &prfconst); - if (ret == 0) - ret = enc->encrypt(kp, NULL, &tmp, out); + /* Hash the input data into an allocated buffer. */ + iov.flags = KRB5_CRYPTO_TYPE_DATA; + ret = alloc_data(&iov.data, hash->hashsize); + if (ret != 0) + return ret; + ret = hash->hash(1, in, &iov.data); + if (ret != 0) + goto cleanup; + + /* Truncate the hash to the closest multiple of the block size. */ + iov.data.length = (iov.data.length / enc->block_size) * enc->block_size; + + /* Derive a key using the PRF constant. */ + ret = krb5int_derive_key(ktp->enc, key, &kp, &prfconst); + if (ret != 0) + goto cleanup; + + /* Encrypt the truncated hash in the derived key to get the output. */ + ret = ktp->enc->encrypt(kp, NULL, &iov, 1); + if (ret != 0) + goto cleanup; + memcpy(out->data, iov.data.data, out->length); + +cleanup: + zapfree(iov.data.data, hash->hashsize); krb5_k_free_key(NULL, kp); - free (tmp.data); return ret; } |