svn rev #22793: branches/enc-perf/src/ include/ include/krb5/ lib/crypto/ lib/crypto/krb/ ...

ghudson@MIT.EDU ghudson at MIT.EDU
Mon Sep 28 11:52:02 EDT 2009


http://src.mit.edu/fisheye/changelog/krb5/?cs=22793
Commit By: ghudson
Log Message:
Move the implementation of krb5_copy_keyblock[_contents] into crypto
 to allow internal use (similar to krb5_free_keyblock[_contents]).
Define krb5_key type and initial internal representation.
Define the constructor, destructor, and accessors.



Changed Files:
U   branches/enc-perf/src/include/k5-int.h
U   branches/enc-perf/src/include/krb5/krb5.hin
U   branches/enc-perf/src/lib/crypto/krb/Makefile.in
U   branches/enc-perf/src/lib/crypto/krb/keyblocks.c
U   branches/enc-perf/src/lib/crypto/libk5crypto.exports
U   branches/enc-perf/src/lib/krb5/krb/copy_key.c
U   branches/enc-perf/src/lib/krb5/krb/cp_key_cnt.c
Modified: branches/enc-perf/src/include/k5-int.h
===================================================================
--- branches/enc-perf/src/include/k5-int.h	2009-09-28 14:34:12 UTC (rev 22792)
+++ branches/enc-perf/src/include/k5-int.h	2009-09-28 15:52:02 UTC (rev 22793)
@@ -635,6 +635,11 @@
 		       struct addrlist *, enum locate_service_type svc,
 		       int sockettype, int family);
 
+/* Internal structure of an opaque key identifier */
+struct krb5_key_st {
+    krb5_keyblock keyblock;
+};
+
 /* new encryption provider api */
 
 struct krb5_enc_provider {
@@ -798,13 +803,18 @@
 (krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2,
 		krb5_keyblock *outkey);
 
+
 void  krb5int_c_free_keyblock
 (krb5_context, krb5_keyblock *key);
 void  krb5int_c_free_keyblock_contents
 	(krb5_context, krb5_keyblock *);
-krb5_error_code   krb5int_c_init_keyblock
+krb5_error_code krb5int_c_init_keyblock
 		(krb5_context, krb5_enctype enctype,
 		size_t length, krb5_keyblock **out); 
+krb5_error_code krb5int_c_copy_keyblock
+(krb5_context context, const krb5_keyblock *from, krb5_keyblock **to);
+krb5_error_code krb5int_c_copy_keyblock_contents
+(krb5_context context, const krb5_keyblock *from, krb5_keyblock *to);
 
 /*
  * Internal - for cleanup.

Modified: branches/enc-perf/src/include/krb5/krb5.hin
===================================================================
--- branches/enc-perf/src/include/krb5/krb5.hin	2009-09-28 14:34:12 UTC (rev 22792)
+++ branches/enc-perf/src/include/krb5/krb5.hin	2009-09-28 15:52:02 UTC (rev 22793)
@@ -341,6 +341,7 @@
  * begin "encryption.h"
  */
 
+/* Exposed contents of a key. */
 typedef struct _krb5_keyblock {
     krb5_magic magic;
     krb5_enctype enctype;
@@ -348,6 +349,13 @@
     krb5_octet *contents;
 } krb5_keyblock;
 
+/*
+ * Opaque identifier for a key.  Use with the krb5_k APIs for better
+ * performance for repeated operations with the same key usage.
+ */
+struct krb5_key_st;
+typedef struct krb5_key_st *krb5_key;
+
 #ifdef KRB5_OLD_CRYPTO
 typedef struct _krb5_encrypt_block {
     krb5_magic magic;
@@ -705,6 +713,65 @@
     (krb5_context context, krb5_enctype enctype,
 		    size_t data_length, unsigned int *size);
 
+/*
+ * krb5_k_* functions use opaque key identifiers and should perform
+ * better for repeated operations with the same key usage.
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_create_key(krb5_context context, krb5_keyblock *key_data,
+		  krb5_key *out);
+
+void KRB5_CALLCONV krb5_k_free_key(krb5_context context, krb5_key key);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_key_keyblock(krb5_context context, krb5_key key,
+		    krb5_keyblock **key_data);
+
+krb5_enctype KRB5_CALLCONV
+krb5_k_key_enctype(krb5_context context, krb5_key key);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_encrypt(krb5_context context, krb5_key key, krb5_keyusage usage,
+	       const krb5_data *cipher_state, const krb5_data *input,
+	       krb5_enc_data *output);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_encrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage,
+		   const krb5_data *cipher_state, krb5_crypto_iov *data,
+		   size_t num_data);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_decrypt(krb5_context context, krb5_key key, krb5_keyusage usage,
+	       const krb5_data *cipher_state, const krb5_enc_data *input,
+	       krb5_data *output);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_decrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage,
+		   const krb5_data *cipher_state, krb5_crypto_iov *data,
+		   size_t num_data);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
+		     krb5_key key, krb5_keyusage usage, const krb5_data *input,
+		     krb5_checksum *cksum);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_make_checksum_iov(krb5_context context, krb5_cksumtype cksumtype,
+			 krb5_key key, krb5_keyusage usage,
+			 krb5_crypto_iov *data, size_t num_data);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_verify_checksum(krb5_context context, krb5_key key, krb5_keyusage usage,
+		       const krb5_data *data, const krb5_checksum *cksum,
+		       krb5_boolean *valid);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype,
+			   krb5_key key, krb5_keyusage usage,
+			   const krb5_crypto_iov *data, size_t num_data,
+			   krb5_boolean *valid);
+
 #ifdef KRB5_OLD_CRYPTO
 /*
  * old cryptosystem routine prototypes.  These are now layered

Modified: branches/enc-perf/src/lib/crypto/krb/Makefile.in
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/Makefile.in	2009-09-28 14:34:12 UTC (rev 22792)
+++ branches/enc-perf/src/lib/crypto/krb/Makefile.in	2009-09-28 15:52:02 UTC (rev 22793)
@@ -44,6 +44,7 @@
 	enctype_compare.o	\
 	enctype_to_string.o	\
 	etypes.o		\
+	key.o			\
 	keyblocks.o 		\
 	keyed_cksum.o		\
 	keyed_checksum_types.o	\
@@ -86,6 +87,7 @@
 	$(OUTPRE)enctype_compare.$(OBJEXT)	\
 	$(OUTPRE)enctype_to_string.$(OBJEXT)	\
 	$(OUTPRE)etypes.$(OBJEXT)		\
+	$(OUTPRE)key.$(OBJECT)			\
 	$(OUTPRE)keyblocks.$(OBJEXT) 		\
 	$(OUTPRE)keyed_cksum.$(OBJEXT)		\
 	$(OUTPRE)keyed_checksum_types.$(OBJEXT)	\
@@ -127,6 +129,7 @@
 	$(srcdir)/enctype_compare.c	\
 	$(srcdir)/enctype_to_string.c	\
 	$(srcdir)/etypes.c		\
+	$(srcdir)/key.c			\
 	$(srcdir)/keyblocks.c 		\
 	$(srcdir)/keyed_cksum.c		\
 	$(srcdir)/keyed_checksum_types.c\

Modified: branches/enc-perf/src/lib/crypto/krb/keyblocks.c
===================================================================
--- branches/enc-perf/src/lib/crypto/krb/keyblocks.c	2009-09-28 14:34:12 UTC (rev 22792)
+++ branches/enc-perf/src/lib/crypto/krb/keyblocks.c	2009-09-28 15:52:02 UTC (rev 22793)
@@ -60,7 +60,6 @@
     return 0;
 }
 
-
 void 
 krb5int_c_free_keyblock(krb5_context context, register krb5_keyblock *val)
 {
@@ -77,3 +76,38 @@
 	key->contents = 0;
     }
 }
+
+krb5_error_code
+krb5int_c_copy_keyblock(krb5_context context, const krb5_keyblock *from,
+			krb5_keyblock **to)
+{
+    krb5_keyblock *new_key;
+    krb5_error_code code;
+
+    *to = NULL;
+    new_key = malloc(sizeof(*new_key));
+    if (!new_key)
+	return ENOMEM;
+    code = krb5int_c_copy_keyblock_contents(context, from, new_key);
+    if (code) {
+	free(new_key);
+	return code;
+    }
+    *to = new_key;
+    return 0;
+}
+
+krb5_error_code
+krb5int_c_copy_keyblock_contents(krb5_context context,
+				 const krb5_keyblock *from, krb5_keyblock *to)
+{
+    *to = *from;
+    if (to->length) {
+        to->contents = malloc(to->length);
+        if (!to->contents)
+            return ENOMEM;
+        memcpy(to->contents, from->contents, to->length);
+    } else
+        to->contents = 0;
+    return 0;
+}

Modified: branches/enc-perf/src/lib/crypto/libk5crypto.exports
===================================================================
--- branches/enc-perf/src/lib/crypto/libk5crypto.exports	2009-09-28 14:34:12 UTC (rev 22792)
+++ branches/enc-perf/src/lib/crypto/libk5crypto.exports	2009-09-28 15:52:02 UTC (rev 22793)
@@ -72,6 +72,10 @@
 krb5_free_cksumtypes
 krb5_hmac
 krb5_init_random_key
+krb5_k_create_key
+krb5_k_free_key
+krb5_k_key_enctype
+krb5_k_key_keyblock
 krb5_nfold
 krb5_old_decrypt
 krb5_old_encrypt
@@ -100,6 +104,8 @@
 krb5int_arcfour_string_to_key
 krb5int_arcfour_translate_usage
 krb5int_c_combine_keys
+krb5int_c_copy_keyblock
+krb5int_c_copy_keyblock_contents
 krb5int_c_free_keyblock
 krb5int_c_free_keyblock_contents
 krb5int_c_init_keyblock

Modified: branches/enc-perf/src/lib/krb5/krb/copy_key.c
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/copy_key.c	2009-09-28 14:34:12 UTC (rev 22792)
+++ branches/enc-perf/src/lib/krb5/krb/copy_key.c	2009-09-28 15:52:02 UTC (rev 22793)
@@ -35,16 +35,5 @@
 krb5_error_code KRB5_CALLCONV
 krb5_copy_keyblock(krb5_context context, const krb5_keyblock *from, krb5_keyblock **to)
 {
-	krb5_keyblock	*new_key;
-
-	if (!(new_key = (krb5_keyblock *) malloc(sizeof(krb5_keyblock))))
-		return ENOMEM;
-	*new_key = *from;
-	if (!(new_key->contents = (krb5_octet *)malloc(new_key->length))) {
-		free(new_key);
-		return(ENOMEM);
-	}
-	memcpy(new_key->contents, from->contents, new_key->length);
-	*to = new_key;
-	return 0;
+    return krb5int_c_copy_keyblock(context, from, to);
 }

Modified: branches/enc-perf/src/lib/krb5/krb/cp_key_cnt.c
===================================================================
--- branches/enc-perf/src/lib/krb5/krb/cp_key_cnt.c	2009-09-28 14:34:12 UTC (rev 22792)
+++ branches/enc-perf/src/lib/krb5/krb/cp_key_cnt.c	2009-09-28 15:52:02 UTC (rev 22793)
@@ -35,13 +35,5 @@
 krb5_error_code KRB5_CALLCONV
 krb5_copy_keyblock_contents(krb5_context context, const krb5_keyblock *from, krb5_keyblock *to)
 {
-    *to = *from;
-    if (to->length) {
-        to->contents = (krb5_octet *)malloc(to->length);
-        if (!to->contents)
-            return ENOMEM;
-        memcpy(to->contents, from->contents, to->length);
-    } else 
-        to->contents = 0;
-    return 0;
+    return krb5int_c_copy_keyblock_contents(context, from, to);
 }




More information about the cvs-krb5 mailing list