svn rev #22870: branches/enc-perf/src/ include/ lib/krb5/krb/
ghudson@MIT.EDU
ghudson at MIT.EDU
Thu Oct 8 10:39:25 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22870
Commit By: ghudson
Log Message:
Change the krb5_keyblocks in the libkrb5 auth context to krb5_keys,
and use krb5_k functions to encrypt and decrypt with them.
Changed Files:
U branches/enc-perf/src/include/k5-int.h
U branches/enc-perf/src/lib/krb5/krb/auth_con.c
U branches/enc-perf/src/lib/krb5/krb/auth_con.h
U branches/enc-perf/src/lib/krb5/krb/enc_helper.c
U branches/enc-perf/src/lib/krb5/krb/mk_cred.c
U branches/enc-perf/src/lib/krb5/krb/mk_priv.c
U branches/enc-perf/src/lib/krb5/krb/mk_rep.c
U branches/enc-perf/src/lib/krb5/krb/mk_req_ext.c
U branches/enc-perf/src/lib/krb5/krb/mk_safe.c
U branches/enc-perf/src/lib/krb5/krb/rd_cred.c
U branches/enc-perf/src/lib/krb5/krb/rd_priv.c
U branches/enc-perf/src/lib/krb5/krb/rd_rep.c
U branches/enc-perf/src/lib/krb5/krb/rd_req_dec.c
U branches/enc-perf/src/lib/krb5/krb/rd_safe.c
U branches/enc-perf/src/lib/krb5/krb/ser_actx.c
Modified: branches/enc-perf/src/include/k5-int.h
===================================================================
--- branches/enc-perf/src/include/k5-int.h 2009-10-08 13:44:54 UTC (rev 22869)
+++ branches/enc-perf/src/include/k5-int.h 2009-10-08 14:39:24 UTC (rev 22870)
@@ -871,6 +871,11 @@
krb5_keyusage keyusage, const krb5_data *plain,
krb5_enc_data *cipher);
+krb5_error_code krb5_encrypt_keyhelper
+(krb5_context context, krb5_key key,
+ krb5_keyusage keyusage, const krb5_data *plain,
+ krb5_enc_data *cipher);
+
/*
* End "los-proto.h"
*/
Modified: branches/enc-perf/src/lib/krb5/krb/auth_con.c
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/auth_con.c 2009-10-08 13:44:54 UTC (rev 22869)
+++ branches/enc-perf/src/lib/krb5/krb/auth_con.c 2009-10-08 14:39:24 UTC (rev 22870)
@@ -56,12 +56,12 @@
krb5_free_address(context, auth_context->remote_port);
if (auth_context->authentp)
krb5_free_authenticator(context, auth_context->authentp);
- if (auth_context->keyblock)
- krb5_free_keyblock(context, auth_context->keyblock);
+ if (auth_context->key)
+ krb5_k_free_key(context, auth_context->key);
if (auth_context->send_subkey)
- krb5_free_keyblock(context, auth_context->send_subkey);
+ krb5_k_free_key(context, auth_context->send_subkey);
if (auth_context->recv_subkey)
- krb5_free_keyblock(context, auth_context->recv_subkey);
+ krb5_k_free_key(context, auth_context->recv_subkey);
if (auth_context->rcache)
krb5_rc_close(context, auth_context->rcache);
if (auth_context->permitted_etypes)
@@ -158,16 +158,16 @@
krb5_error_code KRB5_CALLCONV
krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock)
{
- if (auth_context->keyblock)
- krb5_free_keyblock(context, auth_context->keyblock);
- return(krb5_copy_keyblock(context, keyblock, &(auth_context->keyblock)));
+ if (auth_context->key)
+ krb5_k_free_key(context, auth_context->key);
+ return(krb5_k_create_key(context, keyblock, &(auth_context->key)));
}
krb5_error_code KRB5_CALLCONV
krb5_auth_con_getkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock)
{
- if (auth_context->keyblock)
- return krb5_copy_keyblock(context, auth_context->keyblock, keyblock);
+ if (auth_context->key)
+ return krb5_k_key_keyblock(context, auth_context->key, keyblock);
*keyblock = NULL;
return 0;
}
@@ -188,10 +188,10 @@
krb5_auth_con_setsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock *keyblock)
{
if (ac->send_subkey != NULL)
- krb5_free_keyblock(ctx, ac->send_subkey);
+ krb5_k_free_key(ctx, ac->send_subkey);
ac->send_subkey = NULL;
if (keyblock !=NULL)
- return krb5_copy_keyblock(ctx, keyblock, &ac->send_subkey);
+ return krb5_k_create_key(ctx, keyblock, &ac->send_subkey);
else
return 0;
}
@@ -200,10 +200,10 @@
krb5_auth_con_setrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock *keyblock)
{
if (ac->recv_subkey != NULL)
- krb5_free_keyblock(ctx, ac->recv_subkey);
+ krb5_k_free_key(ctx, ac->recv_subkey);
ac->recv_subkey = NULL;
if (keyblock != NULL)
- return krb5_copy_keyblock(ctx, keyblock, &ac->recv_subkey);
+ return krb5_k_create_key(ctx, keyblock, &ac->recv_subkey);
else
return 0;
}
@@ -212,7 +212,7 @@
krb5_auth_con_getsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock)
{
if (ac->send_subkey != NULL)
- return krb5_copy_keyblock(ctx, ac->send_subkey, keyblock);
+ return krb5_k_key_keyblock(ctx, ac->send_subkey, keyblock);
*keyblock = NULL;
return 0;
}
@@ -221,7 +221,7 @@
krb5_auth_con_getrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock)
{
if (ac->recv_subkey != NULL)
- return krb5_copy_keyblock(ctx, ac->recv_subkey, keyblock);
+ return krb5_k_key_keyblock(ctx, ac->recv_subkey, keyblock);
*keyblock = NULL;
return 0;
}
@@ -266,12 +266,13 @@
krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context)
{
krb5_error_code ret;
+ krb5_enctype enctype;
- if (auth_context->keyblock) {
+ if (auth_context->key) {
size_t blocksize;
- if ((ret = krb5_c_block_size(context, auth_context->keyblock->enctype,
- &blocksize)))
+ enctype = krb5_k_key_enctype(context, auth_context->key);
+ if ((ret = krb5_c_block_size(context, enctype, &blocksize)))
return(ret);
if ((auth_context->i_vector = (krb5_pointer)calloc(1,blocksize))) {
return 0;
Modified: branches/enc-perf/src/lib/krb5/krb/auth_con.h
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/auth_con.h 2009-10-08 13:44:54 UTC (rev 22869)
+++ branches/enc-perf/src/lib/krb5/krb/auth_con.h 2009-10-08 14:39:24 UTC (rev 22870)
@@ -8,9 +8,9 @@
krb5_address * remote_port;
krb5_address * local_addr;
krb5_address * local_port;
- krb5_keyblock * keyblock;
- krb5_keyblock * send_subkey;
- krb5_keyblock * recv_subkey;
+ krb5_key key;
+ krb5_key send_subkey;
+ krb5_key recv_subkey;
krb5_int32 auth_context_flags;
krb5_ui_4 remote_seq_number;
Modified: branches/enc-perf/src/lib/krb5/krb/enc_helper.c
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/enc_helper.c 2009-10-08 13:44:54 UTC (rev 22869)
+++ branches/enc-perf/src/lib/krb5/krb/enc_helper.c 2009-10-08 14:39:24 UTC (rev 22870)
@@ -48,3 +48,28 @@
return(ret);
}
+krb5_error_code
+krb5_encrypt_keyhelper(krb5_context context, krb5_key key, krb5_keyusage usage,
+ const krb5_data *plain, krb5_enc_data *cipher)
+{
+ krb5_enctype enctype;
+ krb5_error_code ret;
+ size_t enclen;
+
+ enctype = krb5_k_key_enctype(context, key);
+ ret = krb5_c_encrypt_length(context, enctype, plain->length, &enclen);
+ if (ret != 0)
+ return ret;
+
+ cipher->ciphertext.length = enclen;
+ cipher->ciphertext.data = malloc(enclen);
+ if (cipher->ciphertext.data == NULL)
+ return ENOMEM;
+ ret = krb5_k_encrypt(context, key, usage, 0, plain, cipher);
+ if (ret) {
+ free(cipher->ciphertext.data);
+ cipher->ciphertext.data = NULL;
+ }
+
+ return ret;
+}
Modified: branches/enc-perf/src/lib/krb5/krb/mk_cred.c
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/mk_cred.c 2009-10-08 13:44:54 UTC (rev 22869)
+++ branches/enc-perf/src/lib/krb5/krb/mk_cred.c 2009-10-08 14:39:24 UTC (rev 22870)
@@ -22,7 +22,7 @@
*/
static krb5_error_code
encrypt_credencpart(krb5_context context, krb5_cred_enc_part *pcredpart,
- krb5_keyblock *pkeyblock, krb5_enc_data *pencdata)
+ krb5_key pkey, krb5_enc_data *pencdata)
{
krb5_error_code retval;
krb5_data * scratch;
@@ -35,7 +35,7 @@
* If the keyblock is NULL, just copy the data from the encoded
* data to the ciphertext area.
*/
- if (pkeyblock == NULL) {
+ if (pkey == NULL) {
pencdata->ciphertext.data = scratch->data;
pencdata->ciphertext.length = scratch->length;
free(scratch);
@@ -43,9 +43,9 @@
}
/* call the encryption routine */
- retval = krb5_encrypt_helper(context, pkeyblock,
- KRB5_KEYUSAGE_KRB_CRED_ENCPART,
- scratch, pencdata);
+ retval = krb5_encrypt_keyhelper(context, pkey,
+ KRB5_KEYUSAGE_KRB_CRED_ENCPART,
+ scratch, pencdata);
if (retval) {
memset(pencdata->ciphertext.data, 0, pencdata->ciphertext.length);
@@ -65,7 +65,7 @@
static krb5_error_code
krb5_mk_ncred_basic(krb5_context context,
krb5_creds **ppcreds, krb5_int32 nppcreds,
- krb5_keyblock *keyblock, krb5_replay_data *replaydata,
+ krb5_key key, krb5_replay_data *replaydata,
krb5_address *local_addr, krb5_address *remote_addr,
krb5_cred *pcred)
{
@@ -134,8 +134,7 @@
pcred->tickets[i] = NULL;
/* encrypt the credential encrypted part */
- retval = encrypt_credencpart(context, &credenc, keyblock,
- &pcred->enc_part);
+ retval = encrypt_credencpart(context, &credenc, key, &pcred->enc_part);
cleanup:
krb5_free_cred_enc_part(context, &credenc);
@@ -158,7 +157,7 @@
krb5_address remote_fulladdr;
krb5_address local_fulladdr;
krb5_error_code retval;
- krb5_keyblock * keyblock;
+ krb5_key key;
krb5_replay_data replaydata;
krb5_cred * pcred;
krb5_int32 ncred;
@@ -188,8 +187,8 @@
}
/* Get keyblock */
- if ((keyblock = auth_context->send_subkey) == NULL)
- keyblock = auth_context->keyblock;
+ if ((key = auth_context->send_subkey) == NULL)
+ key = auth_context->key;
/* Get replay info */
if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
@@ -246,7 +245,7 @@
}
/* Setup creds structure */
- if ((retval = krb5_mk_ncred_basic(context, ppcreds, ncred, keyblock,
+ if ((retval = krb5_mk_ncred_basic(context, ppcreds, ncred, key,
&replaydata, plocal_fulladdr,
premote_fulladdr, pcred))) {
goto error;
Modified: branches/enc-perf/src/lib/krb5/krb/mk_priv.c
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/mk_priv.c 2009-10-08 13:44:54 UTC (rev 22869)
+++ branches/enc-perf/src/lib/krb5/krb/mk_priv.c 2009-10-08 14:39:24 UTC (rev 22870)
@@ -33,10 +33,11 @@
static krb5_error_code
krb5_mk_priv_basic(krb5_context context, const krb5_data *userdata,
- const krb5_keyblock *keyblock, krb5_replay_data *replaydata,
+ krb5_key key, krb5_replay_data *replaydata,
krb5_address *local_addr, krb5_address *remote_addr,
krb5_pointer i_vector, krb5_data *outbuf)
{
+ krb5_enctype enctype = krb5_k_key_enctype(context, key);
krb5_error_code retval;
krb5_priv privmsg;
krb5_priv_enc_part privmsg_enc_part;
@@ -44,7 +45,7 @@
size_t blocksize, enclen;
privmsg.enc_part.kvno = 0; /* XXX allow user-set? */
- privmsg.enc_part.enctype = keyblock->enctype;
+ privmsg.enc_part.enctype = enctype;
privmsg_enc_part.user_data = *userdata;
privmsg_enc_part.s_address = local_addr;
@@ -60,7 +61,7 @@
return retval;
/* put together an eblock for this encryption */
- if ((retval = krb5_c_encrypt_length(context, keyblock->enctype,
+ if ((retval = krb5_c_encrypt_length(context, enctype,
scratch1->length, &enclen)))
goto clean_scratch;
@@ -73,15 +74,14 @@
/* call the encryption routine */
if (i_vector) {
- if ((retval = krb5_c_block_size(context, keyblock->enctype,
- &blocksize)))
+ if ((retval = krb5_c_block_size(context, enctype, &blocksize)))
goto clean_encpart;
ivdata.length = blocksize;
ivdata.data = i_vector;
}
- if ((retval = krb5_c_encrypt(context, keyblock,
+ if ((retval = krb5_k_encrypt(context, key,
KRB5_KEYUSAGE_KRB_PRIV_ENCPART,
i_vector?&ivdata:0,
scratch1, &privmsg.enc_part)))
@@ -115,15 +115,15 @@
krb5_replay_data *outdata)
{
krb5_error_code retval;
- krb5_keyblock * keyblock;
+ krb5_key key;
krb5_replay_data replaydata;
/* Clear replaydata block */
memset(&replaydata, 0, sizeof(krb5_replay_data));
/* Get keyblock */
- if ((keyblock = auth_context->send_subkey) == NULL)
- keyblock = auth_context->keyblock;
+ if ((key = auth_context->send_subkey) == NULL)
+ key = auth_context->key;
/* Get replay info */
if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
@@ -192,7 +192,7 @@
}
}
- if ((retval = krb5_mk_priv_basic(context, userdata, keyblock, &replaydata,
+ if ((retval = krb5_mk_priv_basic(context, userdata, key, &replaydata,
plocal_fulladdr, premote_fulladdr,
auth_context->i_vector, outbuf))) {
CLEANUP_DONE();
Modified: branches/enc-perf/src/lib/krb5/krb/mk_rep.c
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/mk_rep.c 2009-10-08 13:44:54 UTC (rev 22869)
+++ branches/enc-perf/src/lib/krb5/krb/mk_rep.c 2009-10-08 14:39:24 UTC (rev 22870)
@@ -80,7 +80,8 @@
if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
(auth_context->local_seq_number == 0)) {
- if ((retval = krb5_generate_seq_number(context, auth_context->keyblock,
+ if ((retval = krb5_generate_seq_number(context,
+ &auth_context->key->keyblock,
&auth_context->local_seq_number)))
return(retval);
}
@@ -98,11 +99,11 @@
assert(auth_context->negotiated_etype != ENCTYPE_NULL);
retval = krb5int_generate_and_save_subkey (context, auth_context,
- auth_context->keyblock,
+ &auth_context->key->keyblock,
auth_context->negotiated_etype);
if (retval)
return retval;
- repl.subkey = auth_context->send_subkey;
+ repl.subkey = &auth_context->send_subkey->keyblock;
} else
repl.subkey = auth_context->authentp->subkey;
@@ -115,9 +116,9 @@
if ((retval = encode_krb5_ap_rep_enc_part(&repl, &scratch)))
return retval;
- if ((retval = krb5_encrypt_helper(context, auth_context->keyblock,
- KRB5_KEYUSAGE_AP_REP_ENCPART,
- scratch, &reply.enc_part)))
+ if ((retval = krb5_encrypt_keyhelper(context, auth_context->key,
+ KRB5_KEYUSAGE_AP_REP_ENCPART,
+ scratch, &reply.enc_part)))
goto cleanup_scratch;
if (!(retval = encode_krb5_ap_rep(&reply, &toutbuf))) {
Modified: branches/enc-perf/src/lib/krb5/krb/mk_req_ext.c
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/mk_req_ext.c 2009-10-08 13:44:54 UTC (rev 22869)
+++ branches/enc-perf/src/lib/krb5/krb/mk_req_ext.c 2009-10-08 14:39:24 UTC (rev 22870)
@@ -73,7 +73,7 @@
static krb5_error_code
krb5_generate_authenticator (krb5_context,
krb5_authenticator *, krb5_principal,
- krb5_checksum *, krb5_keyblock *,
+ krb5_checksum *, krb5_key,
krb5_ui_4, krb5_authdata **,
krb5_enctype *desired_etypes,
krb5_enctype tkt_enctype);
@@ -93,6 +93,7 @@
} rnd_data;
krb5_data d;
krb5_error_code retval;
+ krb5_keyblock *kb = NULL;
if (krb5_crypto_us_timeofday(&rnd_data.sec, &rnd_data.usec) == 0) {
d.length = sizeof(rnd_data);
@@ -100,22 +101,23 @@
krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TIMING, &d);
}
- if (auth_context->send_subkey)
- krb5_free_keyblock(context, auth_context->send_subkey);
- if ((retval = krb5_generate_subkey_extended(context, keyblock, enctype,
- &auth_context->send_subkey)))
+ retval = krb5_generate_subkey_extended(context, keyblock, enctype, &kb);
+ if (retval)
return retval;
+ retval = krb5_auth_con_setsendsubkey(context, auth_context, kb);
+ if (retval)
+ goto cleanup;
+ retval = krb5_auth_con_setrecvsubkey(context, auth_context, kb);
+ if (retval)
+ goto cleanup;
- if (auth_context->recv_subkey)
- krb5_free_keyblock(context, auth_context->recv_subkey);
- retval = krb5_copy_keyblock(context, auth_context->send_subkey,
- &auth_context->recv_subkey);
+cleanup:
if (retval) {
- krb5_free_keyblock(context, auth_context->send_subkey);
- auth_context->send_subkey = NULL;
- return retval;
+ (void) krb5_auth_con_setsendsubkey(context, auth_context, NULL);
+ (void) krb5_auth_con_setrecvsubkey(context, auth_context, NULL);
}
- return 0;
+ krb5_free_keyblock(context, kb);
+ return retval;
}
krb5_error_code KRB5_CALLCONV
@@ -159,14 +161,14 @@
*auth_context = new_auth_context;
}
- if ((*auth_context)->keyblock != NULL) {
- krb5_free_keyblock(context, (*auth_context)->keyblock);
- (*auth_context)->keyblock = NULL;
+ if ((*auth_context)->key != NULL) {
+ krb5_k_free_key(context, (*auth_context)->key);
+ (*auth_context)->key = NULL;
}
/* set auth context keyblock */
- if ((retval = krb5_copy_keyblock(context, &in_creds->keyblock,
- &((*auth_context)->keyblock))))
+ if ((retval = krb5_k_create_key(context, &in_creds->keyblock,
+ &((*auth_context)->key))))
goto cleanup;
/* generate seq number if needed */
@@ -205,16 +207,18 @@
checksum.length = in_data->length;
checksum.contents = (krb5_octet *) in_data->data;
} else {
+ krb5_enctype enctype = krb5_k_key_enctype(context,
+ (*auth_context)->key);
krb5_cksumtype cksumtype;
- retval = krb5int_c_mandatory_cksumtype(context, (*auth_context)->keyblock->enctype,
+ retval = krb5int_c_mandatory_cksumtype(context, enctype,
&cksumtype);
if (retval)
goto cleanup_cksum;
if ((*auth_context)->req_cksumtype)
cksumtype = (*auth_context)->req_cksumtype;
- if ((retval = krb5_c_make_checksum(context,
+ if ((retval = krb5_k_make_checksum(context,
cksumtype,
- (*auth_context)->keyblock,
+ (*auth_context)->key,
KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
in_data, &checksum)))
goto cleanup_cksum;
@@ -297,7 +301,7 @@
static krb5_error_code
krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent,
krb5_principal client, krb5_checksum *cksum,
- krb5_keyblock *key, krb5_ui_4 seq_number,
+ krb5_key key, krb5_ui_4 seq_number,
krb5_authdata **authorization,
krb5_enctype *desired_etypes,
krb5_enctype tkt_enctype)
@@ -307,7 +311,7 @@
authent->client = client;
authent->checksum = cksum;
if (key) {
- retval = krb5_copy_keyblock(context, key, &authent->subkey);
+ retval = krb5_k_key_keyblock(context, key, &authent->subkey);
if (retval)
return retval;
} else
Modified: branches/enc-perf/src/lib/krb5/krb/mk_safe.c
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/mk_safe.c 2009-10-08 13:44:54 UTC (rev 22869)
+++ branches/enc-perf/src/lib/krb5/krb/mk_safe.c 2009-10-08 14:39:24 UTC (rev 22870)
@@ -48,7 +48,7 @@
*/
static krb5_error_code
krb5_mk_safe_basic(krb5_context context, const krb5_data *userdata,
- const krb5_keyblock *keyblock, krb5_replay_data *replaydata,
+ krb5_key key, krb5_replay_data *replaydata,
krb5_address *local_addr, krb5_address *remote_addr,
krb5_cksumtype sumtype, krb5_data *outbuf)
{
@@ -88,7 +88,7 @@
if ((retval = encode_krb5_safe(&safemsg, &scratch1)))
return retval;
- if ((retval = krb5_c_make_checksum(context, sumtype, keyblock,
+ if ((retval = krb5_k_make_checksum(context, sumtype, key,
KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
scratch1, &safe_checksum)))
goto cleanup_checksum;
@@ -115,15 +115,15 @@
krb5_replay_data *outdata)
{
krb5_error_code retval;
- krb5_keyblock * keyblock;
+ krb5_key key;
krb5_replay_data replaydata;
/* Clear replaydata block */
memset(&replaydata, 0, sizeof(krb5_replay_data));
- /* Get keyblock */
- if ((keyblock = auth_context->send_subkey) == NULL)
- keyblock = auth_context->keyblock;
+ /* Get key */
+ if ((key = auth_context->send_subkey) == NULL)
+ key = auth_context->key;
/* Get replay info */
if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
@@ -195,10 +195,11 @@
}
{
+ krb5_enctype enctype = krb5_k_key_enctype(context, key);
unsigned int nsumtypes;
unsigned int i;
krb5_cksumtype *sumtypes;
- retval = krb5_c_keyed_checksum_types (context, keyblock->enctype,
+ retval = krb5_c_keyed_checksum_types (context, enctype,
&nsumtypes, &sumtypes);
if (retval) {
CLEANUP_DONE ();
@@ -218,7 +219,7 @@
sumtype = sumtypes[i];
krb5_free_cksumtypes (context, sumtypes);
}
- if ((retval = krb5_mk_safe_basic(context, userdata, keyblock, &replaydata,
+ if ((retval = krb5_mk_safe_basic(context, userdata, key, &replaydata,
plocal_fulladdr, premote_fulladdr,
sumtype, outbuf))) {
CLEANUP_DONE();
Modified: branches/enc-perf/src/lib/krb5/krb/rd_cred.c
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/rd_cred.c 2009-10-08 13:44:54 UTC (rev 22869)
+++ branches/enc-perf/src/lib/krb5/krb/rd_cred.c 2009-10-08 14:39:24 UTC (rev 22870)
@@ -13,7 +13,7 @@
*/
static krb5_error_code
decrypt_credencdata(krb5_context context, krb5_cred *pcred,
- krb5_keyblock *pkeyblock, krb5_cred_enc_part *pcredenc)
+ krb5_key pkey, krb5_cred_enc_part *pcredenc)
{
krb5_cred_enc_part * ppart = NULL;
krb5_error_code retval;
@@ -23,8 +23,8 @@
if (!(scratch.data = (char *)malloc(scratch.length)))
return ENOMEM;
- if (pkeyblock != NULL) {
- if ((retval = krb5_c_decrypt(context, pkeyblock,
+ if (pkey != NULL) {
+ if ((retval = krb5_k_decrypt(context, pkey,
KRB5_KEYUSAGE_KRB_CRED_ENCPART, 0,
&pcred->enc_part, &scratch)))
goto cleanup;
@@ -53,7 +53,7 @@
static krb5_error_code
krb5_rd_cred_basic(krb5_context context, krb5_data *pcreddata,
- krb5_keyblock *pkeyblock, krb5_replay_data *replaydata,
+ krb5_key pkey, krb5_replay_data *replaydata,
krb5_creds ***pppcreds)
{
krb5_error_code retval;
@@ -68,7 +68,7 @@
memset(&encpart, 0, sizeof(encpart));
- if ((retval = decrypt_credencdata(context, pcred, pkeyblock, &encpart)))
+ if ((retval = decrypt_credencdata(context, pcred, pkey, &encpart)))
goto cleanup_cred;
@@ -167,12 +167,12 @@
krb5_replay_data *outdata)
{
krb5_error_code retval;
- krb5_keyblock * keyblock;
+ krb5_key key;
krb5_replay_data replaydata;
- /* Get keyblock */
- if ((keyblock = auth_context->recv_subkey) == NULL)
- keyblock = auth_context->keyblock;
+ /* Get key */
+ if ((key = auth_context->recv_subkey) == NULL)
+ key = auth_context->key;
if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
@@ -186,14 +186,14 @@
/*
- * If decrypting with the first keyblock we try fails, perhaps the
+ * If decrypting with the first key we try fails, perhaps the
* credentials are stored in the session key so try decrypting with
* that.
*/
- if ((retval = krb5_rd_cred_basic(context, pcreddata, keyblock,
+ if ((retval = krb5_rd_cred_basic(context, pcreddata, key,
&replaydata, pppcreds))) {
if ((retval = krb5_rd_cred_basic(context, pcreddata,
- auth_context->keyblock,
+ auth_context->key,
&replaydata, pppcreds))) {
return retval;
}
Modified: branches/enc-perf/src/lib/krb5/krb/rd_priv.c
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/rd_priv.c 2009-10-08 13:44:54 UTC (rev 22869)
+++ branches/enc-perf/src/lib/krb5/krb/rd_priv.c 2009-10-08 14:39:24 UTC (rev 22870)
@@ -54,8 +54,7 @@
static krb5_error_code
krb5_rd_priv_basic(krb5_context context, const krb5_data *inbuf,
- const krb5_keyblock *keyblock,
- const krb5_address *local_addr,
+ const krb5_key key, const krb5_address *local_addr,
const krb5_address *remote_addr, krb5_pointer i_vector,
krb5_replay_data *replaydata, krb5_data *outbuf)
{
@@ -65,6 +64,7 @@
krb5_priv_enc_part * privmsg_enc_part;
size_t blocksize;
krb5_data ivdata;
+ krb5_enctype enctype;
if (!krb5_is_krb_priv(inbuf))
return KRB5KRB_AP_ERR_MSG_TYPE;
@@ -74,8 +74,8 @@
return retval;
if (i_vector) {
- if ((retval = krb5_c_block_size(context, keyblock->enctype,
- &blocksize)))
+ enctype = krb5_k_key_enctype(context, key);
+ if ((retval = krb5_c_block_size(context, enctype, &blocksize)))
goto cleanup_privmsg;
ivdata.length = blocksize;
@@ -88,7 +88,7 @@
goto cleanup_privmsg;
}
- if ((retval = krb5_c_decrypt(context, keyblock,
+ if ((retval = krb5_k_decrypt(context, key,
KRB5_KEYUSAGE_KRB_PRIV_ENCPART,
i_vector?&ivdata:0,
&privmsg->enc_part, &scratch)))
@@ -156,12 +156,12 @@
krb5_replay_data *outdata)
{
krb5_error_code retval;
- krb5_keyblock * keyblock;
+ krb5_key key;
krb5_replay_data replaydata;
- /* Get keyblock */
- if ((keyblock = auth_context->recv_subkey) == NULL)
- keyblock = auth_context->keyblock;
+ /* Get key */
+ if ((key = auth_context->recv_subkey) == NULL)
+ key = auth_context->key;
if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
@@ -213,7 +213,7 @@
}
memset(&replaydata, 0, sizeof(replaydata));
- if ((retval = krb5_rd_priv_basic(context, inbuf, keyblock,
+ if ((retval = krb5_rd_priv_basic(context, inbuf, key,
plocal_fulladdr,
premote_fulladdr,
auth_context->i_vector,
Modified: branches/enc-perf/src/lib/krb5/krb/rd_rep.c
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/rd_rep.c 2009-10-08 13:44:54 UTC (rev 22869)
+++ branches/enc-perf/src/lib/krb5/krb/rd_rep.c 2009-10-08 14:39:24 UTC (rev 22870)
@@ -95,7 +95,7 @@
goto clean_scratch;
}
- retval = krb5_c_decrypt(context, auth_context->keyblock,
+ retval = krb5_k_decrypt(context, auth_context->key,
KRB5_KEYUSAGE_AP_REP_ENCPART, 0,
&reply->enc_part, &scratch);
if (retval)
@@ -115,23 +115,14 @@
/* Set auth subkey. */
if (enc->subkey) {
- if (auth_context->recv_subkey) {
- krb5_free_keyblock(context, auth_context->recv_subkey);
- auth_context->recv_subkey = NULL;
- }
- retval = krb5_copy_keyblock(context, enc->subkey,
- &auth_context->recv_subkey);
+ retval = krb5_auth_con_setrecvsubkey(context, auth_context,
+ enc->subkey);
if (retval)
goto clean_scratch;
- if (auth_context->send_subkey) {
- krb5_free_keyblock(context, auth_context->send_subkey);
- auth_context->send_subkey = NULL;
- }
- retval = krb5_copy_keyblock(context, enc->subkey,
- &auth_context->send_subkey);
+ retval = krb5_auth_con_setsendsubkey(context, auth_context,
+ enc->subkey);
if (retval) {
- krb5_free_keyblock(context, auth_context->send_subkey);
- auth_context->send_subkey = NULL;
+ (void) krb5_auth_con_setrecvsubkey(context, auth_context, NULL);
goto clean_scratch;
}
/* Not used for anything yet. */
@@ -178,7 +169,7 @@
return(ENOMEM);
}
- if ((retval = krb5_c_decrypt(context, auth_context->keyblock,
+ if ((retval = krb5_k_decrypt(context, auth_context->key,
KRB5_KEYUSAGE_AP_REP_ENCPART, 0,
&reply->enc_part, &scratch)))
goto clean_scratch;
Modified: branches/enc-perf/src/lib/krb5/krb/rd_req_dec.c
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/rd_req_dec.c 2009-10-08 13:44:54 UTC (rev 22869)
+++ branches/enc-perf/src/lib/krb5/krb/rd_req_dec.c 2009-10-08 14:39:24 UTC (rev 22870)
@@ -227,12 +227,13 @@
do we need special processing here ? */
/* decrypt the ticket */
- if ((*auth_context)->keyblock) { /* User to User authentication */
- if ((retval = krb5_decrypt_tkt_part(context, (*auth_context)->keyblock,
+ if ((*auth_context)->key) { /* User to User authentication */
+ if ((retval = krb5_decrypt_tkt_part(context,
+ &(*auth_context)->key->keyblock,
req->ticket)))
goto cleanup;
- krb5_free_keyblock(context, (*auth_context)->keyblock);
- (*auth_context)->keyblock = NULL;
+ krb5_k_free_key(context, (*auth_context)->key);
+ (*auth_context)->key = NULL;
} else {
if ((retval = krb5_rd_req_decrypt_tkt_part(context, req, server, keytab)))
goto cleanup;
@@ -459,14 +460,14 @@
(*auth_context)->remote_seq_number = (*auth_context)->authentp->seq_number;
if ((*auth_context)->authentp->subkey) {
- if ((retval = krb5_copy_keyblock(context,
- (*auth_context)->authentp->subkey,
- &((*auth_context)->recv_subkey))))
+ if ((retval = krb5_k_create_key(context,
+ (*auth_context)->authentp->subkey,
+ &((*auth_context)->recv_subkey))))
goto cleanup;
- retval = krb5_copy_keyblock(context, (*auth_context)->authentp->subkey,
- &((*auth_context)->send_subkey));
+ retval = krb5_k_create_key(context, (*auth_context)->authentp->subkey,
+ &((*auth_context)->send_subkey));
if (retval) {
- krb5_free_keyblock(context, (*auth_context)->recv_subkey);
+ krb5_k_free_key(context, (*auth_context)->recv_subkey);
(*auth_context)->recv_subkey = NULL;
goto cleanup;
}
@@ -475,8 +476,8 @@
(*auth_context)->send_subkey = 0;
}
- if ((retval = krb5_copy_keyblock(context, req->ticket->enc_part2->session,
- &((*auth_context)->keyblock))))
+ if ((retval = krb5_k_create_key(context, req->ticket->enc_part2->session,
+ &((*auth_context)->key))))
goto cleanup;
debug_log_authz_data("ticket", req->ticket->enc_part2->authorization_data);
@@ -499,7 +500,8 @@
*ap_req_options = req->ap_options & AP_OPTS_WIRE_MASK;
if (rfc4537_etypes_len != 0)
*ap_req_options |= AP_OPTS_ETYPE_NEGOTIATION;
- if ((*auth_context)->negotiated_etype != (*auth_context)->keyblock->enctype)
+ if ((*auth_context)->negotiated_etype !=
+ krb5_k_key_enctype(context, (*auth_context)->key))
*ap_req_options |= AP_OPTS_USE_SUBKEY;
}
Modified: branches/enc-perf/src/lib/krb5/krb/rd_safe.c
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/rd_safe.c 2009-10-08 13:44:54 UTC (rev 22869)
+++ branches/enc-perf/src/lib/krb5/krb/rd_safe.c 2009-10-08 14:39:24 UTC (rev 22870)
@@ -46,7 +46,7 @@
*/
static krb5_error_code
krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf,
- const krb5_keyblock *keyblock,
+ krb5_key key,
const krb5_address *recv_addr,
const krb5_address *sender_addr,
krb5_replay_data *replaydata, krb5_data *outbuf)
@@ -124,7 +124,7 @@
if (retval)
goto cleanup;
- retval = krb5_c_verify_checksum(context, keyblock,
+ retval = krb5_k_verify_checksum(context, key,
KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
scratch, his_cksum, &valid);
@@ -136,7 +136,7 @@
* Checksum over only the KRB-SAFE-BODY, like RFC 1510 says, in
* case someone actually implements it correctly.
*/
- retval = krb5_c_verify_checksum(context, keyblock,
+ retval = krb5_k_verify_checksum(context, key,
KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
&safe_body, his_cksum, &valid);
if (!valid) {
@@ -164,7 +164,7 @@
krb5_replay_data *outdata)
{
krb5_error_code retval;
- krb5_keyblock * keyblock;
+ krb5_key key;
krb5_replay_data replaydata;
if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
@@ -180,9 +180,9 @@
if (!auth_context->remote_addr)
return KRB5_REMOTE_ADDR_REQUIRED;
- /* Get keyblock */
- if ((keyblock = auth_context->recv_subkey) == NULL)
- keyblock = auth_context->keyblock;
+ /* Get key */
+ if ((key = auth_context->recv_subkey) == NULL)
+ key = auth_context->key;
{
krb5_address * premote_fulladdr;
@@ -220,7 +220,7 @@
}
memset(&replaydata, 0, sizeof(replaydata));
- if ((retval = krb5_rd_safe_basic(context, inbuf, keyblock,
+ if ((retval = krb5_rd_safe_basic(context, inbuf, key,
plocal_fulladdr, premote_fulladdr,
&replaydata, outbuf))) {
CLEANUP_DONE();
Modified: branches/enc-perf/src/lib/krb5/krb/ser_actx.c
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/ser_actx.c 2009-10-08 13:44:54 UTC (rev 22869)
+++ branches/enc-perf/src/lib/krb5/krb/ser_actx.c 2009-10-08 14:39:24 UTC (rev 22870)
@@ -75,6 +75,7 @@
krb5_error_code kret;
krb5_auth_context auth_context;
size_t required;
+ krb5_enctype enctype;
/*
* krb5_auth_context requires at minimum:
@@ -92,9 +93,9 @@
kret = 0;
/* Calculate size required by i_vector - ptooey */
- if (auth_context->i_vector && auth_context->keyblock) {
- kret = krb5_c_block_size(kcontext, auth_context->keyblock->enctype,
- &required);
+ if (auth_context->i_vector && auth_context->key) {
+ enctype = krb5_k_key_enctype(kcontext, auth_context->key);
+ kret = krb5_c_block_size(kcontext, enctype, &required);
} else {
required = 0;
}
@@ -141,11 +142,11 @@
required += sizeof(krb5_int32);
}
- /* Calculate size required by keyblock, if appropriate */
- if (!kret && auth_context->keyblock) {
+ /* Calculate size required by key, if appropriate */
+ if (!kret && auth_context->key) {
kret = krb5_size_opaque(kcontext,
- KV5M_KEYBLOCK,
- (krb5_pointer) auth_context->keyblock,
+ KV5M_KEYBLOCK, (krb5_pointer)
+ &auth_context->key->keyblock,
&required);
if (!kret)
required += sizeof(krb5_int32);
@@ -154,8 +155,8 @@
/* Calculate size required by send_subkey, if appropriate */
if (!kret && auth_context->send_subkey) {
kret = krb5_size_opaque(kcontext,
- KV5M_KEYBLOCK,
- (krb5_pointer) auth_context->send_subkey,
+ KV5M_KEYBLOCK, (krb5_pointer)
+ &auth_context->send_subkey->keyblock,
&required);
if (!kret)
required += sizeof(krb5_int32);
@@ -164,8 +165,8 @@
/* Calculate size required by recv_subkey, if appropriate */
if (!kret && auth_context->recv_subkey) {
kret = krb5_size_opaque(kcontext,
- KV5M_KEYBLOCK,
- (krb5_pointer) auth_context->recv_subkey,
+ KV5M_KEYBLOCK, (krb5_pointer)
+ &auth_context->recv_subkey->keyblock,
&required);
if (!kret)
required += sizeof(krb5_int32);
@@ -197,6 +198,7 @@
size_t remain;
size_t obuf;
krb5_int32 obuf32;
+ krb5_enctype enctype;
required = 0;
bp = *buffer;
@@ -224,9 +226,8 @@
/* Now figure out the number of bytes for i_vector and write it */
if (auth_context->i_vector) {
- kret = krb5_c_block_size(kcontext,
- auth_context->keyblock->enctype,
- &obuf);
+ enctype = krb5_k_key_enctype(kcontext, auth_context->key);
+ kret = krb5_c_block_size(kcontext, enctype, &obuf);
} else {
obuf = 0;
}
@@ -289,12 +290,12 @@
}
/* Now handle keyblock, if appropriate */
- if (!kret && auth_context->keyblock) {
+ if (!kret && auth_context->key) {
(void) krb5_ser_pack_int32(TOKEN_KEYBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
(krb5_pointer)
- auth_context->keyblock,
+ &auth_context->key->keyblock,
&bp,
&remain);
}
@@ -304,8 +305,8 @@
(void) krb5_ser_pack_int32(TOKEN_LSKBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
- (krb5_pointer)
- auth_context->send_subkey,
+ (krb5_pointer) &auth_context->
+ send_subkey->keyblock,
&bp,
&remain);
}
@@ -315,8 +316,8 @@
(void) krb5_ser_pack_int32(TOKEN_RSKBLOCK, &bp, &remain);
kret = krb5_externalize_opaque(kcontext,
KV5M_KEYBLOCK,
- (krb5_pointer)
- auth_context->recv_subkey,
+ (krb5_pointer) &auth_context->
+ recv_subkey->keyblock,
&bp,
&remain);
}
@@ -345,6 +346,22 @@
return(kret);
}
+/* Internalize a keyblock and convert it to a key. */
+static krb5_error_code
+intern_key(krb5_context ctx, krb5_key *key, krb5_octet **bp, size_t *sp)
+{
+ krb5_keyblock *keyblock;
+ krb5_error_code ret;
+
+ ret = krb5_internalize_opaque(ctx, KV5M_KEYBLOCK,
+ (krb5_pointer *) &keyblock, bp, sp);
+ if (ret != 0)
+ return ret;
+ ret = krb5_k_create_key(ctx, keyblock, key);
+ krb5_free_keyblock(ctx, keyblock);
+ return ret;
+}
+
/*
* krb5_auth_context_internalize() - Internalize the krb5_auth_context.
*/
@@ -464,37 +481,29 @@
/* This is the keyblock */
if (!kret && (tag == TOKEN_KEYBLOCK)) {
- if (!(kret = krb5_internalize_opaque(kcontext,
- KV5M_KEYBLOCK,
- (krb5_pointer *)
- &auth_context->keyblock,
- &bp,
- &remain)))
+ if (!(kret = intern_key(kcontext,
+ &auth_context->key,
+ &bp,
+ &remain)))
kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
}
/* This is the send_subkey */
if (!kret && (tag == TOKEN_LSKBLOCK)) {
- if (!(kret = krb5_internalize_opaque(kcontext,
- KV5M_KEYBLOCK,
- (krb5_pointer *)
- &auth_context->
- send_subkey,
- &bp,
- &remain)))
+ if (!(kret = intern_key(kcontext,
+ &auth_context->send_subkey,
+ &bp,
+ &remain)))
kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
}
/* This is the recv_subkey */
if (!kret) {
if (tag == TOKEN_RSKBLOCK) {
- kret = krb5_internalize_opaque(kcontext,
- KV5M_KEYBLOCK,
- (krb5_pointer *)
- &auth_context->
- recv_subkey,
- &bp,
- &remain);
+ kret = intern_key(kcontext,
+ &auth_context->recv_subkey,
+ &bp,
+ &remain);
}
else {
/*
More information about the cvs-krb5
mailing list