svn rev #22956: trunk/src/lib/gssapi/krb5/
ghudson@MIT.EDU
ghudson at MIT.EDU
Tue Oct 20 10:23:32 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22956
Commit By: ghudson
Log Message:
Make some gss-krb5 utility functions take enctypes instead of keys,
and adjust callers. Fixes a bug where kg_arcfour_docrypt_iov was
passing a keyblock instead of a key to kg_translate_iov after the
enc-perf merge.
Changed Files:
U trunk/src/lib/gssapi/krb5/gssapiP_krb5.h
U trunk/src/lib/gssapi/krb5/k5seal.c
U trunk/src/lib/gssapi/krb5/k5sealiov.c
U trunk/src/lib/gssapi/krb5/k5unseal.c
U trunk/src/lib/gssapi/krb5/k5unsealiov.c
U trunk/src/lib/gssapi/krb5/util_cksum.c
U trunk/src/lib/gssapi/krb5/util_crypt.c
U trunk/src/lib/gssapi/krb5/wrap_size_limit.c
Modified: trunk/src/lib/gssapi/krb5/gssapiP_krb5.h
===================================================================
--- trunk/src/lib/gssapi/krb5/gssapiP_krb5.h 2009-10-20 14:14:46 UTC (rev 22955)
+++ trunk/src/lib/gssapi/krb5/gssapiP_krb5.h 2009-10-20 14:23:32 UTC (rev 22956)
@@ -277,10 +277,10 @@
krb5_key subkey,
krb5_cksumtype *cksumtype);
-int kg_confounder_size (krb5_context context, krb5_key key);
+int kg_confounder_size (krb5_context context, krb5_enctype enctype);
krb5_error_code kg_make_confounder (krb5_context context,
- krb5_key key, unsigned char *buf);
+ krb5_enctype enctype, unsigned char *buf);
krb5_error_code kg_encrypt (krb5_context context,
krb5_key key, int usage,
Modified: trunk/src/lib/gssapi/krb5/k5seal.c
===================================================================
--- trunk/src/lib/gssapi/krb5/k5seal.c 2009-10-20 14:14:46 UTC (rev 22955)
+++ trunk/src/lib/gssapi/krb5/k5seal.c 2009-10-20 14:23:32 UTC (rev 22956)
@@ -90,7 +90,7 @@
/* create the token buffer */
/* Do we need confounder? */
if (do_encrypt || (!bigend && (toktype == KG_TOK_SEAL_MSG)))
- conflen = kg_confounder_size(context, enc);
+ conflen = kg_confounder_size(context, enc->keyblock.enctype);
else conflen = 0;
if (toktype == KG_TOK_SEAL_MSG) {
@@ -171,7 +171,8 @@
}
if (conflen) {
- if ((code = kg_make_confounder(context, enc, plain))) {
+ if ((code = kg_make_confounder(context, enc->keyblock.enctype,
+ plain))) {
xfree(plain);
xfree(t);
return(code);
Modified: trunk/src/lib/gssapi/krb5/k5sealiov.c
===================================================================
--- trunk/src/lib/gssapi/krb5/k5sealiov.c 2009-10-20 14:14:46 UTC (rev 22955)
+++ trunk/src/lib/gssapi/krb5/k5sealiov.c 2009-10-20 14:23:32 UTC (rev 22956)
@@ -73,7 +73,7 @@
/* Determine confounder length */
if (toktype == KG_TOK_WRAP_MSG || conf_req_flag)
- k5_headerlen = kg_confounder_size(context, ctx->enc);
+ k5_headerlen = kg_confounder_size(context, ctx->enc->keyblock.enctype);
/* Check padding length */
if (toktype == KG_TOK_WRAP_MSG) {
@@ -175,7 +175,8 @@
md5cksum.length = k5_trailerlen;
if (k5_headerlen != 0) {
- code = kg_make_confounder(context, ctx->enc, ptr + 14 + ctx->cksum_size);
+ code = kg_make_confounder(context, ctx->enc->keyblock.enctype,
+ ptr + 14 + ctx->cksum_size);
if (code != 0)
goto cleanup;
}
@@ -473,7 +474,7 @@
/* Header | Checksum | Confounder | Data | Pad */
size_t data_size;
- k5_headerlen = kg_confounder_size(context, ctx->enc);
+ k5_headerlen = kg_confounder_size(context, ctx->enc->keyblock.enctype);
data_size = 14 /* Header */ + ctx->cksum_size + k5_headerlen;
Modified: trunk/src/lib/gssapi/krb5/k5unseal.c
===================================================================
--- trunk/src/lib/gssapi/krb5/k5unseal.c 2009-10-20 14:14:46 UTC (rev 22955)
+++ trunk/src/lib/gssapi/krb5/k5unseal.c 2009-10-20 14:23:32 UTC (rev 22956)
@@ -210,7 +210,7 @@
if ((sealalg == 0xffff) && ctx->big_endian) {
token.length = tmsglen;
} else {
- conflen = kg_confounder_size(context, ctx->enc);
+ conflen = kg_confounder_size(context, ctx->enc->keyblock.enctype);
token.length = tmsglen - conflen - plain[tmsglen-1];
}
Modified: trunk/src/lib/gssapi/krb5/k5unsealiov.c
===================================================================
--- trunk/src/lib/gssapi/krb5/k5unsealiov.c 2009-10-20 14:14:46 UTC (rev 22955)
+++ trunk/src/lib/gssapi/krb5/k5unsealiov.c 2009-10-20 14:23:32 UTC (rev 22956)
@@ -180,7 +180,7 @@
goto cleanup;
}
}
- conflen = kg_confounder_size(context, ctx->enc);
+ conflen = kg_confounder_size(context, ctx->enc->keyblock.enctype);
}
if (header->buffer.length != token_wrapper_len + 14 + cksum_len + conflen) {
@@ -557,7 +557,8 @@
case KG_TOK_MIC_MSG:
case KG_TOK_WRAP_MSG:
case KG_TOK_DEL_CTX:
- theader->buffer.length += ctx->cksum_size + kg_confounder_size(context, ctx->enc);
+ theader->buffer.length += ctx->cksum_size +
+ kg_confounder_size(context, ctx->enc->keyblock.enctype);
/*
* we can't set the padding accurately until decryption;
Modified: trunk/src/lib/gssapi/krb5/util_cksum.c
===================================================================
--- trunk/src/lib/gssapi/krb5/util_cksum.c 2009-10-20 14:14:46 UTC (rev 22955)
+++ trunk/src/lib/gssapi/krb5/util_cksum.c 2009-10-20 14:23:32 UTC (rev 22956)
@@ -137,7 +137,7 @@
/* Checksum over ( Header | Confounder | Data | Pad ) */
if (toktype == KG_TOK_WRAP_MSG)
- conf_len = kg_confounder_size(context, enc);
+ conf_len = kg_confounder_size(context, enc->keyblock.enctype);
/* Checksum output */
kiov[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
Modified: trunk/src/lib/gssapi/krb5/util_crypt.c
===================================================================
--- trunk/src/lib/gssapi/krb5/util_crypt.c 2009-10-20 14:14:46 UTC (rev 22955)
+++ trunk/src/lib/gssapi/krb5/util_crypt.c 2009-10-20 14:23:32 UTC (rev 22956)
@@ -180,17 +180,16 @@
}
int
-kg_confounder_size(context, key)
+kg_confounder_size(context, enctype)
krb5_context context;
- krb5_key key;
+ krb5_enctype enctype;
{
krb5_error_code code;
size_t blocksize;
/* We special case rc4*/
- if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC ||
- key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
+ if (enctype == ENCTYPE_ARCFOUR_HMAC || enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
return 8;
- code = krb5_c_block_size(context, key->keyblock.enctype, &blocksize);
+ code = krb5_c_block_size(context, enctype, &blocksize);
if (code)
return(-1); /* XXX */
@@ -198,15 +197,15 @@
}
krb5_error_code
-kg_make_confounder(context, key, buf)
+kg_make_confounder(context, enctype, buf)
krb5_context context;
- krb5_key key;
+ krb5_enctype enctype;
unsigned char *buf;
{
int confsize;
krb5_data lrandom;
- confsize = kg_confounder_size(context, key);
+ confsize = kg_confounder_size(context, enctype);
if (confsize < 0)
return KRB5_BAD_MSIZE;
@@ -375,9 +374,9 @@
/* AEAD */
static krb5_error_code
-kg_translate_iov_v1(context, key, iov, iov_count, pkiov, pkiov_count)
+kg_translate_iov_v1(context, enctype, iov, iov_count, pkiov, pkiov_count)
krb5_context context;
- krb5_key key;
+ krb5_enctype enctype;
gss_iov_buffer_desc *iov;
int iov_count;
krb5_crypto_iov **pkiov;
@@ -393,7 +392,7 @@
*pkiov = NULL;
*pkiov_count = 0;
- conf_len = kg_confounder_size(context, key);
+ conf_len = kg_confounder_size(context, enctype);
header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
assert(header != NULL);
@@ -443,12 +442,12 @@
}
static krb5_error_code
-kg_translate_iov_v3(context, dce_style, ec, rrc, key, iov, iov_count, pkiov, pkiov_count)
+kg_translate_iov_v3(context, dce_style, ec, rrc, enctype, iov, iov_count, pkiov, pkiov_count)
krb5_context context;
int dce_style; /* DCE_STYLE indicates actual RRC is EC + RRC */
size_t ec; /* Extra rotate count for DCE_STYLE, pad length otherwise */
size_t rrc; /* Rotate count */
- krb5_key key;
+ krb5_enctype enctype;
gss_iov_buffer_desc *iov;
int iov_count;
krb5_crypto_iov **pkiov;
@@ -472,13 +471,13 @@
trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
assert(trailer == NULL || rrc == 0);
- code = krb5_c_crypto_length(context, key->keyblock.enctype,
- KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
+ code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER,
+ &k5_headerlen);
if (code != 0)
return code;
- code = krb5_c_crypto_length(context, key->keyblock.enctype,
- KRB5_CRYPTO_TYPE_TRAILER, &k5_trailerlen);
+ code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_TRAILER,
+ &k5_trailerlen);
if (code != 0)
return code;
@@ -558,21 +557,23 @@
}
static krb5_error_code
-kg_translate_iov(context, proto, dce_style, ec, rrc, key, iov, iov_count, pkiov, pkiov_count)
+kg_translate_iov(context, proto, dce_style, ec, rrc, enctype, iov, iov_count, pkiov, pkiov_count)
krb5_context context;
int proto; /* 1 if CFX, 0 for pre-CFX */
int dce_style;
size_t ec;
size_t rrc;
- krb5_key key;
+ krb5_enctype enctype;
gss_iov_buffer_desc *iov;
int iov_count;
krb5_crypto_iov **pkiov;
size_t *pkiov_count;
{
return proto ?
- kg_translate_iov_v3(context, dce_style, ec, rrc, key, iov, iov_count, pkiov, pkiov_count) :
- kg_translate_iov_v1(context, key, iov, iov_count, pkiov, pkiov_count);
+ kg_translate_iov_v3(context, dce_style, ec, rrc, enctype,
+ iov, iov_count, pkiov, pkiov_count) :
+ kg_translate_iov_v1(context, enctype, iov, iov_count,
+ pkiov, pkiov_count);
}
krb5_error_code
@@ -609,8 +610,9 @@
pivd = NULL;
}
- code = kg_translate_iov(context, proto, dce_style, ec, rrc, key,
- iov, iov_count, &kiov, &kiov_count);
+ code = kg_translate_iov(context, proto, dce_style, ec, rrc,
+ key->keyblock.enctype, iov, iov_count,
+ &kiov, &kiov_count);
if (code == 0) {
code = krb5_k_encrypt_iov(context, key, usage, pivd, kiov, kiov_count);
free(kiov);
@@ -658,8 +660,9 @@
pivd = NULL;
}
- code = kg_translate_iov(context, proto, dce_style, ec, rrc, key,
- iov, iov_count, &kiov, &kiov_count);
+ code = kg_translate_iov(context, proto, dce_style, ec, rrc,
+ key->keyblock.enctype, iov, iov_count,
+ &kiov, &kiov_count);
if (code == 0) {
code = krb5_k_decrypt_iov(context, key, usage, pivd, kiov, kiov_count);
free(kiov);
@@ -728,7 +731,7 @@
goto cleanup_arcfour;
code = kg_translate_iov(context, 0 /* proto */, 0 /* dce_style */,
- 0 /* ec */, 0 /* rrc */, longterm_key,
+ 0 /* ec */, 0 /* rrc */, longterm_key->enctype,
iov, iov_count, &kiov, &kiov_count);
if (code)
goto cleanup_arcfour;
Modified: trunk/src/lib/gssapi/krb5/wrap_size_limit.c
===================================================================
--- trunk/src/lib/gssapi/krb5/wrap_size_limit.c 2009-10-20 14:14:46 UTC (rev 22955)
+++ trunk/src/lib/gssapi/krb5/wrap_size_limit.c 2009-10-20 14:23:32 UTC (rev 22956)
@@ -165,7 +165,7 @@
/* Calculate the token size and subtract that from the output size */
overhead = 7 + ctx->mech_used->length;
data_size = req_output_size;
- conflen = kg_confounder_size(ctx->k5_context, ctx->enc);
+ conflen = kg_confounder_size(ctx->k5_context, ctx->enc->keyblock.enctype);
data_size = (conflen + data_size + 8) & (~(OM_uint32)7);
ohlen = g_token_size(ctx->mech_used,
(unsigned int) (data_size + ctx->cksum_size + 14))
More information about the cvs-krb5
mailing list