From 638fc9ce2cfdd2e8395471d974ec0d28d1b9064c Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sun, 6 Dec 2009 16:23:11 +0000 Subject: Make the libk5crypto hash_provider interface take crypto_iov lists instead of lists of krb5_data. Make the base HMAC APIs take crypto_iov lists and drop the _iov variants. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23450 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/krb/dk/checksum.c | 53 +++------------------------------------- src/lib/crypto/krb/dk/dk.h | 11 ++------- src/lib/crypto/krb/dk/dk_aead.c | 4 +-- 3 files changed, 7 insertions(+), 61 deletions(-) (limited to 'src/lib/crypto/krb/dk') diff --git a/src/lib/crypto/krb/dk/checksum.c b/src/lib/crypto/krb/dk/checksum.c index 106bf15..dee4f47 100644 --- a/src/lib/crypto/krb/dk/checksum.c +++ b/src/lib/crypto/krb/dk/checksum.c @@ -35,55 +35,8 @@ krb5_error_code krb5int_dk_make_checksum(const struct krb5_hash_provider *hash, krb5_key key, krb5_keyusage usage, - const krb5_data *input, krb5_data *output) -{ - const struct krb5_keytypes *ktp; - const struct krb5_enc_provider *enc; - krb5_error_code ret; - unsigned char constantdata[K5CLENGTH]; - krb5_data datain; - krb5_key kc; - - ktp = find_enctype(key->keyblock.enctype); - if (ktp == NULL) - return KRB5_BAD_ENCTYPE; - enc = ktp->enc; - - /* - * key->length will be tested in enc->encrypt. - * output->length will be tested in krb5int_hmac. - */ - - /* Derive the key. */ - - datain.data = (char *) constantdata; - datain.length = K5CLENGTH; - - store_32_be(usage, constantdata); - - datain.data[4] = (char) 0x99; - - ret = krb5int_derive_key(enc, key, &kc, &datain); - if (ret) - return ret; - - /* hash the data */ - - datain = *input; - - ret = krb5int_hmac(hash, kc, 1, &datain, output); - if (ret) - memset(output->data, 0, output->length); - - krb5_k_free_key(NULL, kc); - return ret; -} - -krb5_error_code -krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash, - krb5_key key, krb5_keyusage usage, - const krb5_crypto_iov *data, size_t num_data, - krb5_data *output) + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output) { const struct krb5_keytypes *ktp; const struct krb5_enc_provider *enc; @@ -117,7 +70,7 @@ krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash, /* Hash the data. */ - ret = krb5int_hmac_iov(hash, kc, data, num_data, output); + ret = krb5int_hmac(hash, kc, data, num_data, output); if (ret) memset(output->data, 0, output->length); diff --git a/src/lib/crypto/krb/dk/dk.h b/src/lib/crypto/krb/dk/dk.h index 892f6b4..5e00268 100644 --- a/src/lib/crypto/krb/dk/dk.h +++ b/src/lib/crypto/krb/dk/dk.h @@ -70,18 +70,11 @@ krb5int_derive_key(const struct krb5_enc_provider *enc, krb5_error_code krb5int_dk_make_checksum(const struct krb5_hash_provider *hash, - krb5_key key, - krb5_keyusage usage, - const krb5_data *input, + krb5_key key, krb5_keyusage usage, + const krb5_crypto_iov *data, size_t num_data, krb5_data *output); krb5_error_code -krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash, - krb5_key key, krb5_keyusage usage, - const krb5_crypto_iov *data, size_t num_data, - krb5_data *output); - -krb5_error_code krb5int_derive_random(const struct krb5_enc_provider *enc, krb5_key inkey, krb5_data *outrnd, const krb5_data *in_constant); diff --git a/src/lib/crypto/krb/dk/dk_aead.c b/src/lib/crypto/krb/dk/dk_aead.c index 59c84db..f44ae84 100644 --- a/src/lib/crypto/krb/dk/dk_aead.c +++ b/src/lib/crypto/krb/dk/dk_aead.c @@ -156,7 +156,7 @@ krb5int_dk_encrypt(const struct krb5_keytypes *ktp, krb5_key key, d2.length = hash->hashsize; d2.data = (char *)cksum; - ret = krb5int_hmac_iov(hash, ki, data, num_data, &d2); + ret = krb5int_hmac(hash, ki, data, num_data, &d2); if (ret != 0) goto cleanup; @@ -254,7 +254,7 @@ krb5int_dk_decrypt(const struct krb5_keytypes *ktp, krb5_key key, d1.length = hash->hashsize; /* non-truncated length */ d1.data = (char *)cksum; - ret = krb5int_hmac_iov(hash, ki, data, num_data, &d1); + ret = krb5int_hmac(hash, ki, data, num_data, &d1); if (ret != 0) goto cleanup; -- cgit v1.1