Move the implementation of krb5_copy_keyblock[_contents] into crypto

 to allow internal use (similar to krb5_free_keyblock[_contents]).
Define krb5_key type and initial internal representation.
Define the constructor, destructor, and accessors.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/enc-perf@22793 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 1cb2fdb92583fa1e02f745dd59f802febdbd5f45..71fcf64aefd0664886249330274d319a814e795f 100644 (file)
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -635,6 +635,11 @@ krb5int_locate_server (krb5_context, const krb5_data *realm,
                       struct addrlist *, enum locate_service_type svc,
                       int sockettype, int family);
 
+/* Internal structure of an opaque key identifier */
+struct krb5_key_st {
+    krb5_keyblock keyblock;
+};
+
 /* new encryption provider api */
 
 struct krb5_enc_provider {
@@ -798,13 +803,18 @@ krb5_error_code krb5int_c_combine_keys
 (krb5_context context, krb5_keyblock *key1, krb5_keyblock *key2,
                krb5_keyblock *outkey);
 
+
 void  krb5int_c_free_keyblock
 (krb5_context, krb5_keyblock *key);
 void  krb5int_c_free_keyblock_contents
        (krb5_context, krb5_keyblock *);
-krb5_error_code   krb5int_c_init_keyblock
+krb5_error_code krb5int_c_init_keyblock
                (krb5_context, krb5_enctype enctype,
                size_t length, krb5_keyblock **out); 
+krb5_error_code krb5int_c_copy_keyblock
+(krb5_context context, const krb5_keyblock *from, krb5_keyblock **to);
+krb5_error_code krb5int_c_copy_keyblock_contents
+(krb5_context context, const krb5_keyblock *from, krb5_keyblock *to);
 
 /*
  * Internal - for cleanup.

diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 8111c5bb6271ce96ff8f40024fcfae03e304a025..fd35a50fa4c56519e525f92b12ec3e551cb40f27 100644 (file)
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -341,6 +341,7 @@ struct _krb5_cryptosystem_entry;
  * begin "encryption.h"
  */
 
+/* Exposed contents of a key. */
 typedef struct _krb5_keyblock {
     krb5_magic magic;
     krb5_enctype enctype;
@@ -348,6 +349,13 @@ typedef struct _krb5_keyblock {
     krb5_octet *contents;
 } krb5_keyblock;
 
+/*
+ * Opaque identifier for a key.  Use with the krb5_k APIs for better
+ * performance for repeated operations with the same key usage.
+ */
+struct krb5_key_st;
+typedef struct krb5_key_st *krb5_key;
+
 #ifdef KRB5_OLD_CRYPTO
 typedef struct _krb5_encrypt_block {
     krb5_magic magic;
@@ -705,6 +713,65 @@ krb5_error_code KRB5_CALLCONV
     (krb5_context context, krb5_enctype enctype,
                    size_t data_length, unsigned int *size);
 
+/*
+ * krb5_k_* functions use opaque key identifiers and should perform
+ * better for repeated operations with the same key usage.
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_create_key(krb5_context context, krb5_keyblock *key_data,
+                 krb5_key *out);
+
+void KRB5_CALLCONV krb5_k_free_key(krb5_context context, krb5_key key);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_key_keyblock(krb5_context context, krb5_key key,
+                   krb5_keyblock **key_data);
+
+krb5_enctype KRB5_CALLCONV
+krb5_k_key_enctype(krb5_context context, krb5_key key);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_encrypt(krb5_context context, krb5_key key, krb5_keyusage usage,
+              const krb5_data *cipher_state, const krb5_data *input,
+              krb5_enc_data *output);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_encrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage,
+                  const krb5_data *cipher_state, krb5_crypto_iov *data,
+                  size_t num_data);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_decrypt(krb5_context context, krb5_key key, krb5_keyusage usage,
+              const krb5_data *cipher_state, const krb5_enc_data *input,
+              krb5_data *output);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_decrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage,
+                  const krb5_data *cipher_state, krb5_crypto_iov *data,
+                  size_t num_data);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
+                    krb5_key key, krb5_keyusage usage, const krb5_data *input,
+                    krb5_checksum *cksum);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_make_checksum_iov(krb5_context context, krb5_cksumtype cksumtype,
+                        krb5_key key, krb5_keyusage usage,
+                        krb5_crypto_iov *data, size_t num_data);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_verify_checksum(krb5_context context, krb5_key key, krb5_keyusage usage,
+                      const krb5_data *data, const krb5_checksum *cksum,
+                      krb5_boolean *valid);
+
+krb5_error_code KRB5_CALLCONV
+krb5_k_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype,
+                          krb5_key key, krb5_keyusage usage,
+                          const krb5_crypto_iov *data, size_t num_data,
+                          krb5_boolean *valid);
+
 #ifdef KRB5_OLD_CRYPTO
 /*
  * old cryptosystem routine prototypes.  These are now layered

diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in
index 0a0cd67cae3748fd32e1aa2eb96711ab7bd47e94..c80761497d5672b87474d7673cf0277b354d4ff7 100644 (file)
--- a/src/lib/crypto/krb/Makefile.in
+++ b/src/lib/crypto/krb/Makefile.in
@@ -44,6 +44,7 @@ STLIBOBJS=\
        enctype_compare.o       \
        enctype_to_string.o     \
        etypes.o                \
+       key.o                   \
        keyblocks.o             \
        keyed_cksum.o           \
        keyed_checksum_types.o  \
@@ -86,6 +87,7 @@ OBJS=\
        $(OUTPRE)enctype_compare.$(OBJEXT)      \
        $(OUTPRE)enctype_to_string.$(OBJEXT)    \
        $(OUTPRE)etypes.$(OBJEXT)               \
+       $(OUTPRE)key.$(OBJECT)                  \
        $(OUTPRE)keyblocks.$(OBJEXT)            \
        $(OUTPRE)keyed_cksum.$(OBJEXT)          \
        $(OUTPRE)keyed_checksum_types.$(OBJEXT) \
@@ -127,6 +129,7 @@ SRCS=\
        $(srcdir)/enctype_compare.c     \
        $(srcdir)/enctype_to_string.c   \
        $(srcdir)/etypes.c              \
+       $(srcdir)/key.c                 \
        $(srcdir)/keyblocks.c           \
        $(srcdir)/keyed_cksum.c         \
        $(srcdir)/keyed_checksum_types.c\

diff --git a/src/lib/crypto/krb/keyblocks.c b/src/lib/crypto/krb/keyblocks.c
index 5912c81b43159f34d6258356d4d0bf1dbc870534..22d2634c1ff662a8e24843acf24fa70d6e9ca33f 100644 (file)
--- a/src/lib/crypto/krb/keyblocks.c
+++ b/src/lib/crypto/krb/keyblocks.c
@@ -60,7 +60,6 @@ krb5_error_code   krb5int_c_init_keyblock
     return 0;
 }
 
-
 void 
 krb5int_c_free_keyblock(krb5_context context, register krb5_keyblock *val)
 {
@@ -77,3 +76,38 @@ krb5int_c_free_keyblock_contents(krb5_context context, krb5_keyblock *key)
        key->contents = 0;
     }
 }
+
+krb5_error_code
+krb5int_c_copy_keyblock(krb5_context context, const krb5_keyblock *from,
+                       krb5_keyblock **to)
+{
+    krb5_keyblock *new_key;
+    krb5_error_code code;
+
+    *to = NULL;
+    new_key = malloc(sizeof(*new_key));
+    if (!new_key)
+       return ENOMEM;
+    code = krb5int_c_copy_keyblock_contents(context, from, new_key);
+    if (code) {
+       free(new_key);
+       return code;
+    }
+    *to = new_key;
+    return 0;
+}
+
+krb5_error_code
+krb5int_c_copy_keyblock_contents(krb5_context context,
+                                const krb5_keyblock *from, krb5_keyblock *to)
+{
+    *to = *from;
+    if (to->length) {
+        to->contents = malloc(to->length);
+        if (!to->contents)
+            return ENOMEM;
+        memcpy(to->contents, from->contents, to->length);
+    } else
+        to->contents = 0;
+    return 0;
+}

diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports
index 4ea46fa193a2173b5578e4ffbf0dfcb0e6936844..e07a15e5d30d92adcc7278b227786d5dc14fbdbd 100644 (file)
--- a/src/lib/crypto/libk5crypto.exports
+++ b/src/lib/crypto/libk5crypto.exports
@@ -72,6 +72,10 @@ krb5_finish_random_key
 krb5_free_cksumtypes
 krb5_hmac
 krb5_init_random_key
+krb5_k_create_key
+krb5_k_free_key
+krb5_k_key_enctype
+krb5_k_key_keyblock
 krb5_nfold
 krb5_old_decrypt
 krb5_old_encrypt
@@ -100,6 +104,8 @@ krb5int_aes_string_to_key
 krb5int_arcfour_string_to_key
 krb5int_arcfour_translate_usage
 krb5int_c_combine_keys
+krb5int_c_copy_keyblock
+krb5int_c_copy_keyblock_contents
 krb5int_c_free_keyblock
 krb5int_c_free_keyblock_contents
 krb5int_c_init_keyblock

diff --git a/src/lib/krb5/krb/copy_key.c b/src/lib/krb5/krb/copy_key.c
index f926b4f369dcca9892d2944edc4f906dc0650cdc..4772c58c16f5d2dcd1ce58af196d5bdada4d83e2 100644 (file)
--- a/src/lib/krb5/krb/copy_key.c
+++ b/src/lib/krb5/krb/copy_key.c
@@ -35,16 +35,5 @@
 krb5_error_code KRB5_CALLCONV
 krb5_copy_keyblock(krb5_context context, const krb5_keyblock *from, krb5_keyblock **to)
 {
-       krb5_keyblock   *new_key;
-
-       if (!(new_key = (krb5_keyblock *) malloc(sizeof(krb5_keyblock))))
-               return ENOMEM;
-       *new_key = *from;
-       if (!(new_key->contents = (krb5_octet *)malloc(new_key->length))) {
-               free(new_key);
-               return(ENOMEM);
-       }
-       memcpy(new_key->contents, from->contents, new_key->length);
-       *to = new_key;
-       return 0;
+    return krb5int_c_copy_keyblock(context, from, to);
 }

diff --git a/src/lib/krb5/krb/cp_key_cnt.c b/src/lib/krb5/krb/cp_key_cnt.c
index fb90bfac13429b577a52f1853afdc06991bafc83..74efb5ef1de0846a2715416d078fcd71d2bc61c1 100644 (file)
--- a/src/lib/krb5/krb/cp_key_cnt.c
+++ b/src/lib/krb5/krb/cp_key_cnt.c
@@ -35,13 +35,5 @@
 krb5_error_code KRB5_CALLCONV
 krb5_copy_keyblock_contents(krb5_context context, const krb5_keyblock *from, krb5_keyblock *to)
 {
-    *to = *from;
-    if (to->length) {
-        to->contents = (krb5_octet *)malloc(to->length);
-        if (!to->contents)
-            return ENOMEM;
-        memcpy(to->contents, from->contents, to->length);
-    } else 
-        to->contents = 0;
-    return 0;
+    return krb5int_c_copy_keyblock_contents(context, from, to);
 }