From 5ffa313d9f6b7c509aa0d7579273150d71ea0f95 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 4 Dec 2009 05:12:35 +0000 Subject: Consolidate the IOV and non-IOV encryption/decryption code paths, and drop the _iov suffix from most encryption- and decryption-related functions. The enc_provider encrypt and decrypt functions take IOVs, as do the enctype entries in etypes.c, and there are no separate encrypt_iov or decrypt_iov functions. aead_provider is gone. Enctype functions now take pointers to the enctype entry instead of pointers to the enc/hash/aead providers; this allows dk_encrypt and dk_decrypt to be polymorphic in the length function they use now that AES and DES3 can't differentiate by aead provider. aes_string_to_key needed to be moved into the krb/ fold for this since it's an enctype function; it was duplicated between builtin/ and openssl/ before. This leaves openssl/aes empty; the build system currently demands that all modules have the same directory structure, so the directory and Makefile will stick around for now. Three separate copies of the derive_random logic are also now consolidated into one. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/krb/prf/dk_prf.c | 50 ++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 18 deletions(-) (limited to 'src/lib/crypto/krb/prf/dk_prf.c') diff --git a/src/lib/crypto/krb/prf/dk_prf.c b/src/lib/crypto/krb/prf/dk_prf.c index a453fc5..3c9a394 100644 --- a/src/lib/crypto/krb/prf/dk_prf.c +++ b/src/lib/crypto/krb/prf/dk_prf.c @@ -34,27 +34,41 @@ #include krb5_error_code -krb5int_dk_prf (const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_key key, const krb5_data *in, krb5_data *out) +krb5int_dk_prf(const struct krb5_keytypes *ktp, krb5_key key, + const krb5_data *in, krb5_data *out) { - krb5_data tmp; - krb5_data prfconst; + const struct krb5_enc_provider *enc = ktp->enc; + const struct krb5_hash_provider *hash = ktp->hash; + krb5_crypto_iov iov; + krb5_data prfconst = make_data("prf", 3); krb5_key kp = NULL; - krb5_error_code ret = 0; + krb5_error_code ret; - prfconst.data = (char *) "prf"; - prfconst.length = 3; - tmp.length = hash->hashsize; - tmp.data = malloc(hash->hashsize); - if (tmp.data == NULL) - return ENOMEM; - hash->hash(1, in, &tmp); - tmp.length = (tmp.length/enc->block_size)*enc->block_size; /*truncate to block size*/ - ret = krb5int_derive_key(enc, key, &kp, &prfconst); - if (ret == 0) - ret = enc->encrypt(kp, NULL, &tmp, out); + /* Hash the input data into an allocated buffer. */ + iov.flags = KRB5_CRYPTO_TYPE_DATA; + ret = alloc_data(&iov.data, hash->hashsize); + if (ret != 0) + return ret; + ret = hash->hash(1, in, &iov.data); + if (ret != 0) + goto cleanup; + + /* Truncate the hash to the closest multiple of the block size. */ + iov.data.length = (iov.data.length / enc->block_size) * enc->block_size; + + /* Derive a key using the PRF constant. */ + ret = krb5int_derive_key(ktp->enc, key, &kp, &prfconst); + if (ret != 0) + goto cleanup; + + /* Encrypt the truncated hash in the derived key to get the output. */ + ret = ktp->enc->encrypt(kp, NULL, &iov, 1); + if (ret != 0) + goto cleanup; + memcpy(out->data, iov.data.data, out->length); + +cleanup: + zapfree(iov.data.data, hash->hashsize); krb5_k_free_key(NULL, kp); - free (tmp.data); return ret; } -- cgit v1.1