svn rev #21615: branches/mskrb-integ/src/lib/crypto/

Sat Dec 27 20:06:11 EST 2008

http://src.mit.edu/fisheye/changelog/krb5/?cs=21615
Commit By: lhoward
Log Message:
Add a compatibility layer for new cryptosystems such as CCM that do not
implement the hash and verify methods, but do implement hash_iov and
veirfy_iov. This is similar to what we've done at for encryption
callbacks.



Changed Files:
U   branches/mskrb-integ/src/lib/crypto/make_checksum.c
U   branches/mskrb-integ/src/lib/crypto/verify_checksum.c
Modified: branches/mskrb-integ/src/lib/crypto/make_checksum.c
===================================================================

--- branches/mskrb-integ/src/lib/crypto/make_checksum.c	2008-12-28 01:05:18 UTC (rev 21614)
+++ branches/mskrb-integ/src/lib/crypto/make_checksum.c	2008-12-28 01:06:10 UTC (rev 21615)
@@ -63,7 +63,10 @@
 
     if (krb5_cksumtypes_list[i].keyhash) {
 	/* check if key is compatible */
+	const struct krb5_keyhash_provider *keyhash;
 
+	keyhash = krb5_cksumtypes_list[i].keyhash;
+
 	if (krb5_cksumtypes_list[i].keyed_etype) {
 	    for (e1=0; e1<krb5_enctypes_length; e1++) 
 		if (krb5_enctypes_list[e1].etype ==
@@ -82,7 +85,18 @@
 	    }
 	}
 
-	ret = (*(krb5_cksumtypes_list[i].keyhash->hash))(key, usage, 0, input, &data);
+	if (keyhash->hash == NULL) {
+	    krb5_crypto_iov iov[1];
+
+	    iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+	    iov[0].data = *input;
+
+	    assert(keyhash->hash_iov != NULL);
+
+	    ret = (*keyhash->hash_iov)(key, usage, 0, iov, 1, &data);
+	} else {
+	    ret = (*keyhash->hash)(key, usage, 0, input, &data);
+	}
     } else if (krb5_cksumtypes_list[i].flags & KRB5_CKSUMFLAG_DERIVE) {
 	ret = krb5_dk_make_checksum(krb5_cksumtypes_list[i].hash,
 				    key, usage, input, &data);

Modified: branches/mskrb-integ/src/lib/crypto/verify_checksum.c
===================================================================
--- branches/mskrb-integ/src/lib/crypto/verify_checksum.c	2008-12-28 01:05:18 UTC (rev 21614)
+++ branches/mskrb-integ/src/lib/crypto/verify_checksum.c	2008-12-28 01:06:10 UTC (rev 21615)
@@ -51,11 +51,26 @@
     indata.length = cksum->length;
     indata.data = (char *) cksum->contents;
 
-    if (krb5_cksumtypes_list[i].keyhash &&
-	krb5_cksumtypes_list[i].keyhash->verify)
-	return((*(krb5_cksumtypes_list[i].keyhash->verify))(key, usage, 0, data,
-							    &indata, valid));
+    if (krb5_cksumtypes_list[i].keyhash) {
+	const struct krb5_keyhash_provider *keyhash;
 
+	keyhash = krb5_cksumtypes_list[i].keyhash;
+
+	if (keyhash->verify == NULL) {
+	    krb5_crypto_iov iov[1];
+
+	    iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+	    iov[0].data = *data;
+
+	    assert(keyhash->verify_iov != NULL);
+
+	    ret = (*keyhash->verify_iov)(key, usage, 0, iov, 1, &indata, valid);
+	} else {
+	    ret = (*keyhash->verify)(key, usage, 0, data, &indata, valid);
+	}
+	return(ret);
+    }
+
     /* otherwise, make the checksum again, and compare */
 
     if ((ret = krb5_c_checksum_length(context, cksum->checksum_type, &hashsize)))


