diff options
| author | Greg Hudson <ghudson@mit.edu> | 2009-12-10 17:10:10 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2009-12-10 17:10:10 +0000 |
| commit | bad149c2a94f20df57f9d51810aff23aeb0921a4 (patch) | |
| tree | 9a023564d65fe8c46bcc330f950b37b919599c03 /src/include | |
| parent | 009463e22f989a287835228459487c64dcb0b8b3 (diff) | |
| download | krb5-bad149c2a94f20df57f9d51810aff23aeb0921a4.tar.gz krb5-bad149c2a94f20df57f9d51810aff23aeb0921a4.tar.xz krb5-bad149c2a94f20df57f9d51810aff23aeb0921a4.zip | |
Restructure the crypto checksum implementation to minimize
dependencies on the internals of modules.
* Keyhash providers are gone.
* The cksumtypes table contains checksum and verify functions,
similar to the etypes encrypt and decrypt functions. New checksum
functions parallel the old keyhash providers, and there are also
functions for unkeyed and derived-key HMAC checksums.
* The flags field is now used to indicate whether a checksum is
unkeyed, but not whether it is a derived-key HMAC checksum.
* The descbc checksum is handled through a new enc_provider function
which calculates a CBC MAC.
The OpenSSL module does not implement the CBC MAC function (it didn't
implement descbc before). builtin/des could probably get rid of
f_cksum.c (the old DES CBC routine) with some alterations to
string2key.c.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23462 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/k5-int.h | 25 |
1 files changed, 5 insertions, 20 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 2047bb989..e0637e69d 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -653,6 +653,11 @@ struct krb5_enc_provider { krb5_error_code (*decrypt)(krb5_key key, const krb5_data *cipher_state, krb5_crypto_iov *data, size_t num_data); + /* May be NULL if the cipher is not used for a cbc-mac checksum. */ + krb5_error_code (*cbc_mac)(krb5_key key, const krb5_crypto_iov *data, + size_t num_data, const krb5_data *ivec, + krb5_data *output); + krb5_error_code (*make_key)(const krb5_data *randombits, krb5_keyblock *key); @@ -671,26 +676,6 @@ struct krb5_hash_provider { krb5_data *output); }; -struct krb5_keyhash_provider { - size_t hashsize; - - krb5_error_code (*hash)(krb5_key key, krb5_keyusage keyusage, - const krb5_data *input, krb5_data *output); - - krb5_error_code (*verify)(krb5_key key, krb5_keyusage keyusage, - const krb5_data *input, const krb5_data *hash, - krb5_boolean *valid); - - krb5_error_code (*hash_iov)(krb5_key key, krb5_keyusage keyusage, - const krb5_crypto_iov *data, size_t num_data, - krb5_data *output); - - krb5_error_code (*verify_iov)(krb5_key key, krb5_keyusage keyusage, - const krb5_crypto_iov *data, - size_t num_data, const krb5_data *hash, - krb5_boolean *valid); -}; - /* * in here to deal with stuff from lib/crypto */ |