Consolidate the IOV and non-IOV encryption/decryption code paths, and

drop the _iov suffix from most encryption- and decryption-related functions. The enc_provider encrypt and decrypt functions take IOVs, as do the enctype entries in etypes.c, and there are no separate encrypt_iov or decrypt_iov functions. aead_provider is gone. Enctype functions now take pointers to the enctype entry instead of pointers to the enc/hash/aead providers; this allows dk_encrypt and dk_decrypt to be polymorphic in the length function they use now that AES and DES3 can't differentiate by aead provider. aes_string_to_key needed to be moved into the krb/ fold for this since it's an enctype function; it was duplicated between builtin/ and openssl/ before. This leaves openssl/aes empty; the build system currently demands that all modules have the same directory structure, so the directory and Makefile will stick around for now. Three separate copies of the derive_random logic are also now consolidated into one. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23444 dc483132-0cff-0310-8789-dd5450dbe970
aadamowski · Dec 4, 2009 · 7a6e581 · 7a6e581
1 parent 50a2551
commit 7a6e581
Show file tree

Hide file tree

Showing 82 changed files with 1,092 additions and 4,037 deletions.
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
@@ -647,12 +647,11 @@ struct krb5_enc_provider {
        keylength is the output size */
     size_t block_size, keybytes, keylength;
 
-    /* cipher-state == 0 fresh state thrown away at end */
     krb5_error_code (*encrypt)(krb5_key key, const krb5_data *cipher_state,
-                               const krb5_data *input, krb5_data *output);
+                               krb5_crypto_iov *data, size_t num_data);
 
-    krb5_error_code (*decrypt)(krb5_key key, const krb5_data *ivec,
-                               const krb5_data *input, krb5_data *output);
+    krb5_error_code (*decrypt)(krb5_key key, const krb5_data *cipher_state,
+                               krb5_crypto_iov *data, size_t num_data);
 
     krb5_error_code (*make_key)(const krb5_data *randombits,
                                 krb5_keyblock *key);
@@ -662,13 +661,6 @@ struct krb5_enc_provider {
                                   krb5_data *out_state);
     krb5_error_code (*free_state)(krb5_data *state);
 
-    /* In-place encryption/decryption of multiple buffers */
-    krb5_error_code (*encrypt_iov)(krb5_key key, const krb5_data *cipher_state,
-                                   krb5_crypto_iov *data, size_t num_data);
-
-    krb5_error_code (*decrypt_iov)(krb5_key key, const krb5_data *cipher_state,
-                                   krb5_crypto_iov *data, size_t num_data);
-
 };
 
 struct krb5_hash_provider {
@@ -703,26 +695,6 @@ struct krb5_keyhash_provider {
                                   krb5_boolean *valid);
 };
 
-struct krb5_aead_provider {
-    krb5_error_code (*crypto_length)(const struct krb5_aead_provider *aead,
-                                     const struct krb5_enc_provider *enc,
-                                     const struct krb5_hash_provider *hash,
-                                     krb5_cryptotype type,
-                                     unsigned int *length);
-    krb5_error_code (*encrypt_iov)(const struct krb5_aead_provider *aead,
-                                   const struct krb5_enc_provider *enc,
-                                   const struct krb5_hash_provider *hash,
-                                   krb5_key key, krb5_keyusage keyusage,
-                                   const krb5_data *ivec,
-                                   krb5_crypto_iov *data, size_t num_data);
-    krb5_error_code (*decrypt_iov)(const struct krb5_aead_provider *aead,
-                                   const struct krb5_enc_provider *enc,
-                                   const struct krb5_hash_provider *hash,
-                                   krb5_key key, krb5_keyusage keyusage,
-                                   const krb5_data *ivec,
-                                   krb5_crypto_iov *data, size_t num_data);
-};
-
 /*
  * in here to deal with stuff from lib/crypto
  */
@@ -2575,11 +2547,12 @@ krb5_error_code KRB5_CALLCONV
 krb5int_clean_hostname(krb5_context, const char *, char *, size_t);
 
 krb5_error_code
-krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
-                    const krb5_data *input, krb5_data *output);
+krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                    size_t num_data);
+
 krb5_error_code
-krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
-                    const krb5_data *input, krb5_data *output);
+krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                    size_t num_data);
 
 struct _krb5_kt {       /* should move into k5-int.h */
     krb5_magic magic;

diff --git a/src/lib/crypto/builtin/aes/Makefile.in b/src/lib/crypto/builtin/aes/Makefile.in
@@ -13,20 +13,17 @@ PROG_RPATH=$(KRB5_LIBDIR)
 STLIBOBJS=\
 	aescrypt.o	\
 	aestab.o	\
-	aeskey.o	\
-	aes_s2k.o
+	aeskey.o
 
 OBJS=\
 	$(OUTPRE)aescrypt.$(OBJEXT)	\
 	$(OUTPRE)aestab.$(OBJEXT)	\
-	$(OUTPRE)aeskey.$(OBJEXT)	\
-	$(OUTPRE)aes_s2k.$(OBJEXT)
+	$(OUTPRE)aeskey.$(OBJEXT)
 
 SRCS=\
 	$(srcdir)/aescrypt.c	\
 	$(srcdir)/aestab.c	\
 	$(srcdir)/aeskey.c	\
-	$(srcdir)/aes_s2k.c
 
 GEN_OBJS=\
 	$(OUTPRE)aescrypt.$(OBJEXT)	\

diff --git a/src/lib/crypto/builtin/aes/aes_s2k.c b/src/lib/crypto/builtin/aes/aes_s2k.c
diff --git a/src/lib/crypto/builtin/aes/aes_s2k.h b/src/lib/crypto/builtin/aes/aes_s2k.h
diff --git a/src/lib/crypto/builtin/aes/deps b/src/lib/crypto/builtin/aes/deps
@@ -8,14 +8,3 @@ aestab.so aestab.po $(OUTPRE)aestab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   aes.h aesopt.h aestab.c uitypes.h
 aeskey.so aeskey.po $(OUTPRE)aeskey.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   aes.h aeskey.c aesopt.h uitypes.h
-aes_s2k.so aes_s2k.po $(OUTPRE)aes_s2k.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/dk/dk.h \
-  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
-  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
-  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
-  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
-  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
-  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
-  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
-  aes_s2k.c aes_s2k.h
diff --git a/src/lib/crypto/builtin/deps b/src/lib/crypto/builtin/deps
@@ -4,14 +4,15 @@
 hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
   $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/aead.h \
-  $(srcdir)/../krb/cksumtypes.h $(top_srcdir)/include/k5-buf.h \
-  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
-  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
-  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
-  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
-  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
-  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
-  $(top_srcdir)/include/socket-utils.h hmac.c
+  $(srcdir)/../krb/cksumtypes.h $(srcdir)/../krb/etypes.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hmac.c
 pbkdf2.so pbkdf2.po $(OUTPRE)pbkdf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
   $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/hash_provider/hash_provider.h \

diff --git a/src/lib/crypto/builtin/des/Makefile.in b/src/lib/crypto/builtin/des/Makefile.in
@@ -14,11 +14,9 @@ PROG_RPATH=$(KRB5_LIBDIR)
 
 STLIBOBJS=\
 	afsstring2key.o	\
-	d3_cbc.o	\
 	d3_aead.o	\
 	d3_kysched.o	\
 	f_aead.o 	\
-	f_cbc.o 	\
 	f_cksum.o	\
 	f_parity.o 	\
 	f_sched.o 	\
@@ -28,11 +26,9 @@ STLIBOBJS=\
 	weak_key.o
 
 OBJS=	$(OUTPRE)afsstring2key.$(OBJEXT)	\
-	$(OUTPRE)d3_cbc.$(OBJEXT)	\
 	$(OUTPRE)d3_aead.$(OBJEXT)	\
 	$(OUTPRE)d3_kysched.$(OBJEXT)	\
 	$(OUTPRE)f_aead.$(OBJEXT) 	\
-	$(OUTPRE)f_cbc.$(OBJEXT) 	\
 	$(OUTPRE)f_cksum.$(OBJEXT)	\
 	$(OUTPRE)f_parity.$(OBJEXT) 	\
 	$(OUTPRE)f_sched.$(OBJEXT) 	\
@@ -42,11 +38,9 @@ OBJS=	$(OUTPRE)afsstring2key.$(OBJEXT)	\
 	$(OUTPRE)weak_key.$(OBJEXT)
 
 SRCS=	$(srcdir)/afsstring2key.c	\
-	$(srcdir)/d3_cbc.c	\
 	$(srcdir)/d3_aead.c	\
 	$(srcdir)/d3_kysched.c	\
 	$(srcdir)/f_aead.c	\
-	$(srcdir)/f_cbc.c	\
 	$(srcdir)/f_cksum.c	\
 	$(srcdir)/f_parity.c	\
 	$(srcdir)/f_sched.c	\
@@ -55,7 +49,7 @@ SRCS=	$(srcdir)/afsstring2key.c	\
 	$(srcdir)/weak_key.c	\
 	$(srcdir)/string2key.c
 
-EXTRADEPSRCS = $(SRCDIR)destest.c
+EXTRADEPSRCS = $(srcdir)/destest.c $(srcdir)/f_cbc.c $(srcdir)/t_verify.c
 
 ##DOS##LIBOBJS = $(OBJS)
 

diff --git a/src/lib/crypto/builtin/des/d3_aead.c b/src/lib/crypto/builtin/des/d3_aead.c
@@ -27,12 +27,11 @@
 #include "aead.h"
 
 void
-krb5int_des3_cbc_encrypt_iov(krb5_crypto_iov *data,
-                             unsigned long num_data,
-                             const mit_des_key_schedule ks1,
-                             const mit_des_key_schedule ks2,
-                             const mit_des_key_schedule ks3,
-                             mit_des_cblock ivec)
+krb5int_des3_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data,
+                         const mit_des_key_schedule ks1,
+                         const mit_des_key_schedule ks2,
+                         const mit_des_key_schedule ks3,
+                         mit_des_cblock ivec)
 {
     unsigned DES_INT32 left, right;
     const unsigned DES_INT32 *kp1, *kp2, *kp3;
@@ -89,12 +88,11 @@ krb5int_des3_cbc_encrypt_iov(krb5_crypto_iov *data,
 }
 
 void
-krb5int_des3_cbc_decrypt_iov(krb5_crypto_iov *data,
-                             unsigned long num_data,
-                             const mit_des_key_schedule ks1,
-                             const mit_des_key_schedule ks2,
-                             const mit_des_key_schedule ks3,
-                             mit_des_cblock ivec)
+krb5int_des3_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data,
+                         const mit_des_key_schedule ks1,
+                         const mit_des_key_schedule ks2,
+                         const mit_des_key_schedule ks3,
+                         mit_des_cblock ivec)
 {
     unsigned DES_INT32 left, right;
     const unsigned DES_INT32 *kp1, *kp2, *kp3;