Skip to content

Commit

Permalink
krb5: Use iovecs for internal checksum handling
Browse files Browse the repository at this point in the history 
Modify the signature of the checksum operation in the
krb5_checksum_type structure so that it processes iovecs rather than
solid blocks of data.

Update all of the implementations of these functions for all of the
checksum types that we support so that they process iovecs, either
by iterating through the iovec in each function, or by calling
_krb5_evp_digest_iov or _krb5_evp_hmac_iov()

Update callers of these functions so that they turn their single blocks
of data into a single iovec of the correct type before calling checksum
  • Loading branch information
Simon Wilkinson committed May 15, 2018
1 parent bcb2d52 commit d09cf27
Show file tree
Hide file tree
Showing 10 changed files with 139 additions and 60 deletions.
5 changes: 4 additions & 1 deletion lib/krb5/crypto-aes-sha1.c
View file
Expand Up @@ -92,6 +92,7 @@ AES_SHA1_PRF(krb5_context context,
krb5_data *out)
{
struct _krb5_checksum_type *ct = crypto->et->checksum;
struct krb5_crypto_iov iov[1];
krb5_error_code ret;
Checksum result;
krb5_keyblock *derived;
Expand All @@ -103,7 +104,9 @@ AES_SHA1_PRF(krb5_context context,
return ret;
}

ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);
iov[0].data = *in;
iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
ret = (*ct->checksum)(context, NULL, 0, iov, 1, &result);
if (ret) {
krb5_data_free(&result.checksum);
return ret;
Expand Down
11 changes: 6 additions & 5 deletions lib/krb5/crypto-aes-sha2.c
View file
Expand Up @@ -59,9 +59,9 @@ _krb5_aes_sha2_md_for_enctype(krb5_context context,
static krb5_error_code
SP_HMAC_SHA2_checksum(krb5_context context,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
unsigned usage,
const struct krb5_crypto_iov *iov,
int niov,
Checksum *result)
{
krb5_error_code ret;
Expand All @@ -73,8 +73,9 @@ SP_HMAC_SHA2_checksum(krb5_context context,
if (ret)
return ret;

HMAC(md, key->key->keyvalue.data, key->key->keyvalue.length,
data, len, hmac, &hmaclen);
ret = _krb5_evp_hmac_iov(context, key, iov, niov, hmac, &hmaclen, md, NULL);
if (ret)
return ret;

heim_assert(result->checksum.length <= hmaclen, "SHA2 internal error");

Expand Down
10 changes: 7 additions & 3 deletions lib/krb5/crypto-arcfour.c
View file
Expand Up @@ -58,9 +58,9 @@ static struct _krb5_key_type keytype_arcfour = {
krb5_error_code
_krb5_HMAC_MD5_checksum(krb5_context context,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
const struct krb5_crypto_iov *iov,
int niov,
Checksum *result)
{
EVP_MD_CTX *m;
Expand All @@ -73,6 +73,7 @@ _krb5_HMAC_MD5_checksum(krb5_context context,
unsigned char tmp[16];
unsigned char ksign_c_data[16];
krb5_error_code ret;
int i;

m = EVP_MD_CTX_create();
if (m == NULL)
Expand All @@ -93,7 +94,10 @@ _krb5_HMAC_MD5_checksum(krb5_context context,
t[2] = (usage >> 16) & 0xFF;
t[3] = (usage >> 24) & 0xFF;
EVP_DigestUpdate(m, t, 4);
EVP_DigestUpdate(m, data, len);
for (i = 0; i < niov; i++) {
if (_krb5_crypto_iov_should_sign(&iov[i]))
EVP_DigestUpdate(m, iov[i].data.data, iov[i].data.length);
}
EVP_DigestFinal_ex (m, tmp, NULL);
EVP_MD_CTX_destroy(m);

Expand Down
17 changes: 11 additions & 6 deletions lib/krb5/crypto-des-common.c
View file
Expand Up @@ -57,13 +57,14 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
_krb5_des_checksum(krb5_context context,
const EVP_MD *evp_md,
struct _krb5_key_data *key,
const void *data,
size_t len,
const struct krb5_crypto_iov *iov,
int niov,
Checksum *cksum)
{
struct _krb5_evp_schedule *ctx = key->schedule->data;
EVP_MD_CTX *m;
DES_cblock ivec;
int i;
unsigned char *p = cksum->checksum.data;

krb5_generate_random_block(p, 8);
Expand All @@ -74,7 +75,10 @@ _krb5_des_checksum(krb5_context context,

EVP_DigestInit_ex(m, evp_md, NULL);
EVP_DigestUpdate(m, p, 8);
EVP_DigestUpdate(m, data, len);
for (i = 0; i < niov; i++) {
if (_krb5_crypto_iov_should_sign(&iov[i]))
EVP_DigestUpdate(m, iov[i].data.data, iov[i].data.length);
}
EVP_DigestFinal_ex (m, p + 8, NULL);
EVP_MD_CTX_destroy(m);
memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec));
Expand Down Expand Up @@ -126,13 +130,14 @@ _krb5_des_verify(krb5_context context,
static krb5_error_code
RSA_MD5_checksum(krb5_context context,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
const struct krb5_crypto_iov *iov,
int niov,
Checksum *C)
{
if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md5(), NULL) != 1)
if (_krb5_evp_digest_iov(iov, niov, C->checksum.data, NULL, EVP_md5(), NULL) != 1)
krb5_abortx(context, "md5 checksum failed");

return 0;
}

Expand Down
33 changes: 20 additions & 13 deletions lib/krb5/crypto-des.c
View file
Expand Up @@ -99,15 +99,22 @@ static struct _krb5_key_type keytype_des = {
static krb5_error_code
CRC32_checksum(krb5_context context,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
const struct krb5_crypto_iov *iov,
int niov,
Checksum *C)
{
uint32_t crc;
uint32_t crc = 0;
unsigned char *r = C->checksum.data;
int i;

_krb5_crc_init_table ();
crc = _krb5_crc_update (data, len, 0);

for (i = 0; i < niov; i++) {
if (_krb5_crypto_iov_should_sign(&iov[i]))
crc = _krb5_crc_update(iov[i].data.data, iov[i].data.length, crc);
}

r[0] = crc & 0xff;
r[1] = (crc >> 8) & 0xff;
r[2] = (crc >> 16) & 0xff;
Expand All @@ -118,25 +125,25 @@ CRC32_checksum(krb5_context context,
static krb5_error_code
RSA_MD4_checksum(krb5_context context,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
const struct krb5_crypto_iov *iov,
int niov,
Checksum *C)
{
if (EVP_Digest(data, len, C->checksum.data, NULL, EVP_md4(), NULL) != 1)
if (_krb5_evp_digest_iov(iov, niov, C->checksum.data, NULL, EVP_md4(), NULL) != 1)
krb5_abortx(context, "md4 checksum failed");
return 0;
}

static krb5_error_code
RSA_MD4_DES_checksum(krb5_context context,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
const struct krb5_crypto_iov *iov,
int niov,
Checksum *cksum)
{
return _krb5_des_checksum(context, EVP_md4(), key, data, len, cksum);
return _krb5_des_checksum(context, EVP_md4(), key, iov, niov, cksum);
}

static krb5_error_code
Expand All @@ -153,12 +160,12 @@ RSA_MD4_DES_verify(krb5_context context,
static krb5_error_code
RSA_MD5_DES_checksum(krb5_context context,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
const struct krb5_crypto_iov *iov,
int niov,
Checksum *C)
{
return _krb5_des_checksum(context, EVP_md5(), key, data, len, C);
return _krb5_des_checksum(context, EVP_md5(), key, iov, niov, C);
}

static krb5_error_code
Expand Down
11 changes: 7 additions & 4 deletions lib/krb5/crypto-des3.c
View file
Expand Up @@ -59,6 +59,7 @@ DES3_prf(krb5_context context,
krb5_data *out)
{
struct _krb5_checksum_type *ct = crypto->et->checksum;
struct krb5_crypto_iov iov[1];
krb5_error_code ret;
Checksum result;
krb5_keyblock *derived;
Expand All @@ -70,7 +71,9 @@ DES3_prf(krb5_context context,
return ret;
}

ret = (*ct->checksum)(context, NULL, in->data, in->length, 0, &result);
iov[0].data = *in;
iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
ret = (*ct->checksum)(context, NULL, 0, iov, 1, &result);
if (ret) {
krb5_data_free(&result.checksum);
return ret;
Expand Down Expand Up @@ -140,12 +143,12 @@ static struct _krb5_key_type keytype_des3_derived = {
static krb5_error_code
RSA_MD5_DES3_checksum(krb5_context context,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
const struct krb5_crypto_iov *iov,
int niov,
Checksum *C)
{
return _krb5_des_checksum(context, EVP_md5(), key, data, len, C);
return _krb5_des_checksum(context, EVP_md5(), key, iov, niov, C);
}

static krb5_error_code
Expand Down
4 changes: 2 additions & 2 deletions lib/krb5/crypto-null.c
View file
Expand Up @@ -54,9 +54,9 @@ static struct _krb5_key_type keytype_null = {
static krb5_error_code
NONE_checksum(krb5_context context,
struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
const struct krb5_crypto_iov *iov,
int niov,
Checksum *C)
{
return 0;
Expand Down

0 comments on commit d09cf27

Please sign in to comment.