diff options
author | Greg Hudson <ghudson@mit.edu> | 2009-12-04 05:12:35 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2009-12-04 05:12:35 +0000 |
commit | 5ffa313d9f6b7c509aa0d7579273150d71ea0f95 (patch) | |
tree | 48f8d5606c919dd09d950c5cbf1609f312f2937d /src/lib/crypto/krb/raw | |
parent | ea6f77d42700352fcb2a06444d1dc00acf7c20fc (diff) | |
download | krb5-5ffa313d9f6b7c509aa0d7579273150d71ea0f95.tar.gz krb5-5ffa313d9f6b7c509aa0d7579273150d71ea0f95.tar.xz krb5-5ffa313d9f6b7c509aa0d7579273150d71ea0f95.zip |
Consolidate the IOV and non-IOV encryption/decryption code paths, and
drop the _iov suffix from most encryption- and decryption-related
functions. The enc_provider encrypt and decrypt functions take IOVs,
as do the enctype entries in etypes.c, and there are no separate
encrypt_iov or decrypt_iov functions.
aead_provider is gone. Enctype functions now take pointers to the
enctype entry instead of pointers to the enc/hash/aead providers; this
allows dk_encrypt and dk_decrypt to be polymorphic in the length
function they use now that AES and DES3 can't differentiate by aead
provider.
aes_string_to_key needed to be moved into the krb/ fold for this since
it's an enctype function; it was duplicated between builtin/ and
openssl/ before. This leaves openssl/aes empty; the build system
currently demands that all modules have the same directory structure,
so the directory and Makefile will stick around for now.
Three separate copies of the derive_random logic are also now
consolidated into one.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/crypto/krb/raw')
-rw-r--r-- | src/lib/crypto/krb/raw/Makefile.in | 6 | ||||
-rw-r--r-- | src/lib/crypto/krb/raw/deps | 38 | ||||
-rw-r--r-- | src/lib/crypto/krb/raw/raw.h | 29 | ||||
-rw-r--r-- | src/lib/crypto/krb/raw/raw_aead.c | 88 | ||||
-rw-r--r-- | src/lib/crypto/krb/raw/raw_decrypt.c | 39 | ||||
-rw-r--r-- | src/lib/crypto/krb/raw/raw_encrypt.c | 51 |
6 files changed, 44 insertions, 207 deletions
diff --git a/src/lib/crypto/krb/raw/Makefile.in b/src/lib/crypto/krb/raw/Makefile.in index 78dc0e3e5..147b1d52e 100644 --- a/src/lib/crypto/krb/raw/Makefile.in +++ b/src/lib/crypto/krb/raw/Makefile.in @@ -12,11 +12,11 @@ PROG_RPATH=$(KRB5_LIBDIR) RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf -STLIBOBJS= raw_decrypt.o raw_encrypt.o raw_aead.o +STLIBOBJS= raw_aead.o -OBJS= $(OUTPRE)raw_decrypt.$(OBJEXT) $(OUTPRE)raw_encrypt.$(OBJEXT) $(OUTPRE)raw_aead.$(OBJEXT) +OBJS= $(OUTPRE)raw_aead.$(OBJEXT) -SRCS= $(srcdir)/raw_decrypt.c $(srcdir)/raw_encrypt.c $(srcdir)/raw_aead.c +SRCS= $(srcdir)/raw_aead.c ##DOS##LIBOBJS = $(OBJS) diff --git a/src/lib/crypto/krb/raw/deps b/src/lib/crypto/krb/raw/deps index 3e76b617b..654c4c31c 100644 --- a/src/lib/crypto/krb/raw/deps +++ b/src/lib/crypto/krb/raw/deps @@ -1,37 +1,15 @@ # # Generated makefile dependencies follow. # -raw_decrypt.so raw_decrypt.po $(OUTPRE)raw_decrypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - raw.h raw_decrypt.c -raw_encrypt.so raw_encrypt.po $(OUTPRE)raw_encrypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - raw.h raw_encrypt.c raw_aead.so raw_aead.po $(OUTPRE)raw_aead.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h \ - $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ - $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ - $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ - $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - raw.h raw_aead.c + $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \ + $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ + $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ + $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ + $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \ + $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h raw.h raw_aead.c diff --git a/src/lib/crypto/krb/raw/raw.h b/src/lib/crypto/krb/raw/raw.h index 8f82feaf5..ee54d5874 100644 --- a/src/lib/crypto/krb/raw/raw.h +++ b/src/lib/crypto/krb/raw/raw.h @@ -26,23 +26,18 @@ */ #include "k5-int.h" +#include "etypes.h" -void krb5_raw_encrypt_length(const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - size_t input, size_t *length); +unsigned int +krb5int_raw_crypto_length(const struct krb5_keytypes *ktp, + krb5_cryptotype type); -krb5_error_code krb5int_raw_encrypt(const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_key key, krb5_keyusage usage, - const krb5_data *ivec, - const krb5_data *input, - krb5_data *output); +krb5_error_code +krb5int_raw_encrypt(const struct krb5_keytypes *ktp, krb5_key key, + krb5_keyusage usage, const krb5_data *ivec, + krb5_crypto_iov *data, size_t num_data); -krb5_error_code krb5int_raw_decrypt(const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_key key, krb5_keyusage usage, - const krb5_data *ivec, - const krb5_data *input, - krb5_data *arg_output); - -extern const struct krb5_aead_provider krb5int_aead_raw; +krb5_error_code +krb5int_raw_decrypt(const struct krb5_keytypes *ktp, krb5_key key, + krb5_keyusage usage, const krb5_data *ivec, + krb5_crypto_iov *data, size_t num_data); diff --git a/src/lib/crypto/krb/raw/raw_aead.c b/src/lib/crypto/krb/raw/raw_aead.c index ea91de83a..75f23241c 100644 --- a/src/lib/crypto/krb/raw/raw_aead.c +++ b/src/lib/crypto/krb/raw/raw_aead.c @@ -30,47 +30,28 @@ #include "raw.h" #include "aead.h" -/* AEAD */ - -static krb5_error_code -krb5int_raw_crypto_length(const struct krb5_aead_provider *aead, - const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_cryptotype type, - unsigned int *length) +unsigned int +krb5int_raw_crypto_length(const struct krb5_keytypes *ktp, + krb5_cryptotype type) { switch (type) { case KRB5_CRYPTO_TYPE_PADDING: - *length = enc->block_size; - break; + return ktp->enc->block_size; default: - *length = 0; - break; + return 0; } - - return 0; } -static krb5_error_code -krb5int_raw_encrypt_iov(const struct krb5_aead_provider *aead, - const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_key key, - krb5_keyusage usage, - const krb5_data *ivec, - krb5_crypto_iov *data, - size_t num_data) +krb5_error_code +krb5int_raw_encrypt(const struct krb5_keytypes *ktp, krb5_key key, + krb5_keyusage usage, const krb5_data *ivec, + krb5_crypto_iov *data, size_t num_data) { - krb5_error_code ret; krb5_crypto_iov *padding; size_t i; - unsigned int blocksize = 0; - unsigned int plainlen = 0; - unsigned int padsize = 0; + unsigned int blocksize, plainlen = 0, padsize = 0; - ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &blocksize); - if (ret != 0) - return ret; + blocksize = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_PADDING); for (i = 0; i < num_data; i++) { krb5_crypto_iov *iov = &data[i]; @@ -94,33 +75,21 @@ krb5int_raw_encrypt_iov(const struct krb5_aead_provider *aead, padding->data.length = padsize; } - assert(enc->encrypt_iov != NULL); - - ret = enc->encrypt_iov(key, ivec, data, num_data); /* will update ivec */ - - return ret; + return ktp->enc->encrypt(key, ivec, data, num_data); } -static krb5_error_code -krb5int_raw_decrypt_iov(const struct krb5_aead_provider *aead, - const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_key key, - krb5_keyusage usage, - const krb5_data *ivec, - krb5_crypto_iov *data, - size_t num_data) +krb5_error_code +krb5int_raw_decrypt(const struct krb5_keytypes *ktp, krb5_key key, + krb5_keyusage usage, const krb5_data *ivec, + krb5_crypto_iov *data, size_t num_data) { - krb5_error_code ret; size_t i; - unsigned int blocksize = 0; /* careful, this is enc block size not confounder len */ + unsigned int blocksize = 0; /* enc block size, not confounder len */ unsigned int cipherlen = 0; /* E(Confounder | Plaintext | Pad) | Checksum */ - ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &blocksize); - if (ret != 0) - return ret; + blocksize = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_PADDING); for (i = 0; i < num_data; i++) { const krb5_crypto_iov *iov = &data[i]; @@ -131,28 +100,13 @@ krb5int_raw_decrypt_iov(const struct krb5_aead_provider *aead, if (blocksize == 0) { /* Check for correct input length in CTS mode */ - if (enc->block_size != 0 && cipherlen < enc->block_size) + if (ktp->enc->block_size != 0 && cipherlen < ktp->enc->block_size) return KRB5_BAD_MSIZE; } else { /* Check that the input data is correctly padded */ - if ((cipherlen % blocksize) != 0) + if (cipherlen % blocksize != 0) return KRB5_BAD_MSIZE; } - /* Validate header and trailer lengths */ - - /* derive the keys */ - - /* decrypt the plaintext (header | data | padding) */ - assert(enc->decrypt_iov != NULL); - - ret = enc->decrypt_iov(key, ivec, data, num_data); /* will update ivec */ - - return ret; + return ktp->enc->decrypt(key, ivec, data, num_data); } - -const struct krb5_aead_provider krb5int_aead_raw = { - krb5int_raw_crypto_length, - krb5int_raw_encrypt_iov, - krb5int_raw_decrypt_iov -}; diff --git a/src/lib/crypto/krb/raw/raw_decrypt.c b/src/lib/crypto/krb/raw/raw_decrypt.c deleted file mode 100644 index d2e12d6d9..000000000 --- a/src/lib/crypto/krb/raw/raw_decrypt.c +++ /dev/null @@ -1,39 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include "k5-int.h" -#include "raw.h" - -krb5_error_code -krb5int_raw_decrypt(const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_key key, krb5_keyusage usage, - const krb5_data *ivec, const krb5_data *input, - krb5_data *output) -{ - return((*(enc->decrypt))(key, ivec, input, output)); -} diff --git a/src/lib/crypto/krb/raw/raw_encrypt.c b/src/lib/crypto/krb/raw/raw_encrypt.c deleted file mode 100644 index ba8eb3b90..000000000 --- a/src/lib/crypto/krb/raw/raw_encrypt.c +++ /dev/null @@ -1,51 +0,0 @@ -/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include "k5-int.h" -#include "raw.h" - -void -krb5_raw_encrypt_length(const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - size_t inputlen, size_t *length) -{ - size_t blocksize; - - blocksize = enc->block_size; - - *length = krb5_roundup(inputlen, blocksize); -} - -krb5_error_code -krb5int_raw_encrypt(const struct krb5_enc_provider *enc, - const struct krb5_hash_provider *hash, - krb5_key key, krb5_keyusage usage, - const krb5_data *ivec, const krb5_data *input, - krb5_data *output) -{ - return((*(enc->encrypt))(key, ivec, input, output)); -} |