#include "k5-int.h"
#include "dk.h"
+static krb5_key
+find_cached_dkey(struct derived_key *list, const krb5_data *constant)
+{
+ for (; list; list = list->next) {
+ if (data_eq(list->constant, *constant)) {
+ krb5_k_reference_key(NULL, list->dkey);
+ return list->dkey;
+ }
+ }
+ return NULL;
+}
+
+static krb5_error_code
+add_cached_dkey(krb5_key key, const krb5_data *constant,
+ const krb5_keyblock *dkeyblock, krb5_key *cached_dkey)
+{
+ krb5_key dkey;
+ krb5_error_code ret;
+ struct derived_key *dkent = NULL;
+ char *data = NULL;
+
+ /* Allocate fields for the new entry. */
+ dkent = malloc(sizeof(*dkent));
+ if (dkent == NULL)
+ goto cleanup;
+ data = malloc(constant->length);
+ if (data == NULL)
+ goto cleanup;
+ ret = krb5_k_create_key(NULL, dkeyblock, &dkey);
+ if (ret != 0)
+ goto cleanup;
+
+ /* Add the new entry to the list. */
+ memcpy(data, constant->data, constant->length);
+ dkent->dkey = dkey;
+ dkent->constant.data = data;
+ dkent->constant.length = constant->length;
+ dkent->next = key->derived;
+ key->derived = dkent;
+
+ /* Return a "copy" of the cached key. */
+ krb5_k_reference_key(NULL, dkey);
+ *cached_dkey = dkey;
+ return 0;
+
+cleanup:
+ free(dkent);
+ free(data);
+ return ENOMEM;
+}
+
+/*
+ * Compute a derived key into the keyblock outkey. This variation on
+ * krb5_derive_key does not cache the result, as it is only used
+ * directly in situations which are not expected to be repeated with
+ * the same inkey and constant.
+ */
krb5_error_code
krb5_derive_keyblock(const struct krb5_enc_provider *enc,
krb5_key inkey, krb5_keyblock *outkey,
{
krb5_keyblock keyblock;
krb5_error_code ret;
+ krb5_key dkey;
*outkey = NULL;
- /* Set up a temporary keyblock. */
+ /* Check for a cached result. */
+ dkey = find_cached_dkey(inkey->derived, in_constant);
+ if (dkey != NULL) {
+ *outkey = dkey;
+ return 0;
+ }
+
+ /* Derive into a temporary keyblock. */
keyblock.length = enc->keylength;
keyblock.contents = malloc(keyblock.length);
if (keyblock.contents == NULL)
return ENOMEM;
-
ret = krb5_derive_keyblock(enc, inkey, &keyblock, in_constant);
if (ret)
goto cleanup;
- /* Convert the keyblock to a key. */
- ret = krb5_k_create_key(NULL, &keyblock, outkey);
+ /* Cache the derived key. */
+ ret = add_cached_dkey(inkey, in_constant, &keyblock, &dkey);
+ if (ret != 0)
+ goto cleanup;
+
+ *outkey = dkey;
cleanup:
zapfree(keyblock.contents, keyblock.length);
goto cleanup;
key->refcount = 1;
+ key->derived = NULL;
*out = key;
return 0;
void KRB5_CALLCONV
krb5_k_free_key(krb5_context context, krb5_key key)
{
+ struct derived_key *dk;
+
if (key == NULL || --key->refcount > 0)
return;
+
+ /* Free the derived key cache. */
+ while ((dk = key->derived) != NULL) {
+ key->derived = dk->next;
+ krb5_k_free_key(context, dk->dkey);
+ free(dk);
+ }
krb5int_c_free_keyblock_contents(context, &key->keyblock);
}
projects / thirdparty / krb5.git / commitdiff
