[Heimdal-source-changes] [heimdal/heimdal] 2c2376: test_rfc3961: Add HMAC tests
GitHub
noreply at github.com
Tis May 15 13:29:43 CEST 2018
Branch: refs/heads/sxw/iovecs
Home: https://github.com/heimdal/heimdal
Commit: 2c23767a9343d9a0dad76776194fb4c13fc834f3
https://github.com/heimdal/heimdal/commit/2c23767a9343d9a0dad76776194fb4c13fc834f3
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/test_rfc3961.c
Log Message:
-----------
test_rfc3961: Add HMAC tests
Add some HMAC-SHA1 tests using the test vectors in RFC2202
Commit: 13055ff684272e8061accb581cfe852de9e99a1f
https://github.com/heimdal/heimdal/commit/13055ff684272e8061accb581cfe852de9e99a1f
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/hcrypto/hmac.c
M lib/hcrypto/hmac.h
M lib/hcrypto/version-script.map
Log Message:
-----------
hcrypto: Add HMAC_CTX_new and HMAC_CTX_free
Add a pair of functions which can be used to allocate and free
an HMAC_CTX structure on the heap. This means that the caller doesn't
need to know the size of the underlying structure.
Commit: a2403a061d07655251723cefdc5403fa486bccdb
https://github.com/heimdal/heimdal/commit/a2403a061d07655251723cefdc5403fa486bccdb
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto.c
M lib/krb5/crypto.h
Log Message:
-----------
krb5: Add _krb5_crypto_iov_should_sign helper function
Add a helper function which contains the knowledge about whether
a particular portion of a krb5_crypto_iovec should be signed or not.
Commit: a51a3cc9984521c30e12c4638c5aaf60206042ee
https://github.com/heimdal/heimdal/commit/a51a3cc9984521c30e12c4638c5aaf60206042ee
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto-evp.c
Log Message:
-----------
krb5: Add _krb5_evp_digest_iov
Add a function which can apply an EVP message digest algorithm over
a set of iovecs to produce a signature.
Commit: bcb2d52d2870f0f9de2b476b0f6674912607ba7a
https://github.com/heimdal/heimdal/commit/bcb2d52d2870f0f9de2b476b0f6674912607ba7a
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto-evp.c
Log Message:
-----------
krb5: Add _krb5_evp_hmac_iov
Add a function which will perform an HMAC over a set of iovecs,
using the hcrypto provided HMAC functions.
Join contiguous iovecs together before passing them to the hash
function so we make as few calls into the hash as possible.
Commit: d09cf275e3a8d1ccd992a1409d80c5a5b1f9ada2
https://github.com/heimdal/heimdal/commit/d09cf275e3a8d1ccd992a1409d80c5a5b1f9ada2
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto-aes-sha1.c
M lib/krb5/crypto-aes-sha2.c
M lib/krb5/crypto-arcfour.c
M lib/krb5/crypto-des-common.c
M lib/krb5/crypto-des.c
M lib/krb5/crypto-des3.c
M lib/krb5/crypto-null.c
M lib/krb5/crypto.c
M lib/krb5/crypto.h
M lib/krb5/pac.c
Log Message:
-----------
krb5: Use iovecs for internal checksum handling
Modify the signature of the checksum operation in the
krb5_checksum_type structure so that it processes iovecs rather than
solid blocks of data.
Update all of the implementations of these functions for all of the
checksum types that we support so that they process iovecs, either
by iterating through the iovec in each function, or by calling
_krb5_evp_digest_iov or _krb5_evp_hmac_iov()
Update callers of these functions so that they turn their single blocks
of data into a single iovec of the correct type before calling checksum
Commit: 9d6a2ec74e3991b2862dc388a4919302bf90e8f7
https://github.com/heimdal/heimdal/commit/9d6a2ec74e3991b2862dc388a4919302bf90e8f7
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto-des-common.c
M lib/krb5/crypto-des.c
M lib/krb5/crypto-des3.c
M lib/krb5/crypto.c
M lib/krb5/crypto.h
Log Message:
-----------
krb5: Use iovecs internally for checksum verification
When verifying checksums, pass iovecs through to the individual
verify routines.
Commit: 5e4426dca4ac79dca543e90c31765c1a2ea52178
https://github.com/heimdal/heimdal/commit/5e4426dca4ac79dca543e90c31765c1a2ea52178
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/test_rfc3961.c
Log Message:
-----------
test_rfc3961: Add performance tests for HMAC-SHA1
Add a selection of performance tests for HMAC-SHA1 to the
RFC3961 library tests.
Commit: 69e9c757d3199c9ac7aac712b705175bb40bb1c5
https://github.com/heimdal/heimdal/commit/69e9c757d3199c9ac7aac712b705175bb40bb1c5
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto.c
M lib/krb5/test_rfc3961.c
Log Message:
-----------
krb5: Use EVP HMAC() function for HMAC-SHA1
Use the EVP HMAC() function that we use for SHA2 HMACs for SHA1 as
well.
Commit: 73521ac4e0806eacb4d3f310fff00ed4ee4cdbc0
https://github.com/heimdal/heimdal/commit/73521ac4e0806eacb4d3f310fff00ed4ee4cdbc0
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto.c
Log Message:
-----------
krb5: Use iovecs throughout krb5_create_checksum_iov
Rather than flattening the iovecs supplied to
krb5_create_checksum_iov into a malloc()'d memory block, refactor
the function so that they can be passed straight through to the
backend hash functions.
Commit: f50652a76e5851fd27a6d24700d6ffd0396aab53
https://github.com/heimdal/heimdal/commit/f50652a76e5851fd27a6d24700d6ffd0396aab53
Author: Simon Wilkinson <sxw at your-file-system.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto.c
Log Message:
-----------
krb5: Reorder checks in _key_schedule
_krb5_find_enctype is a moderately expensive operation, as it
does a linear search of the enctype lists. Avoid calling it
in _key_schedule when we already have a key schedule in place.
This change makes the most common check the first in the function.
Commit: a4ce4a50fcc090072464a389b6c81e39b78f1ad7
https://github.com/heimdal/heimdal/commit/a4ce4a50fcc090072464a389b6c81e39b78f1ad7
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto.c
Log Message:
-----------
krb5: Implement krb5_verify_checksum_iov with iovecs
Instead of flattening the iovecs passed into
krb5_verify_checksum_iov, create a new internal verify_checksum_iov
function which passes iovecs down onto the individual ->verify or
->checksum functions.
Commit: ddcad54692888c3f0f12e59a5dc0bc3d6b1ca8c5
https://github.com/heimdal/heimdal/commit/ddcad54692888c3f0f12e59a5dc0bc3d6b1ca8c5
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto-aes-sha1.c
M lib/krb5/crypto-aes-sha2.c
M lib/krb5/crypto-arcfour.c
M lib/krb5/crypto-des-common.c
M lib/krb5/crypto-des.c
M lib/krb5/crypto-des3.c
M lib/krb5/crypto-evp.c
M lib/krb5/crypto-null.c
M lib/krb5/crypto.c
M lib/krb5/crypto.h
M lib/krb5/pac.c
M lib/krb5/test_rfc3961.c
Log Message:
-----------
krb5: Optionally pass a crypto context to hash functions
Creating and destroying an EVP_CTX_MD structure with every hash
operation is very expensive. Speed things up by caching one within
the krb5_crypto structure. krb5_crypto can already only be safely
used by one thread at a time - adding a message digest context here
shouldn't introduce any further threading risks.
Users of the stashed context must be careful to ensure that they
call no other hash functions whilst they are in the middle of using
the context.
Commit: e78bae60633df0c7920db77bc62233de8ac175c3
https://github.com/heimdal/heimdal/commit/e78bae60633df0c7920db77bc62233de8ac175c3
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto-aes-sha2.c
M lib/krb5/crypto-evp.c
M lib/krb5/crypto.c
M lib/krb5/crypto.h
Log Message:
-----------
krb5: Stash the HMAC context in the krb5_crypto object
Store the EVP HMAC context in the krb5_crypto object so that we
don't have to allocate it for every hashing operating we perform.
Commit: 4e97a40b231fc946869ee289cf85781e5aed4683
https://github.com/heimdal/heimdal/commit/4e97a40b231fc946869ee289cf85781e5aed4683
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/hcrypto/hmac.c
Log Message:
-----------
hcrypto: Make more buffers persist across HMAC operations
If we don't change MD algorithm across two calls to HMAC_Init_ex
using the same context, don't bother reallocating all of our buffers.
Commit: b477ae0942c5427914d8b563eeb691f592840bd7
https://github.com/heimdal/heimdal/commit/b477ae0942c5427914d8b563eeb691f592840bd7
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto.c
M lib/krb5/crypto.h
Log Message:
-----------
krb5: Expand list of vector types that are hashed
So that we can eventually use iovec hashes with encrypt, as well
as sign operations, add CRYPTO_TYPE_HEADER and CRYPTO_TYPE_PADDING
to the list of iovecs which will be hashed.
Commit: 1b33d2f4626f314c30103eee0d34ce4626c3e942
https://github.com/heimdal/heimdal/commit/1b33d2f4626f314c30103eee0d34ce4626c3e942
Author: Simon Wilkinson <sxw at your-file-system.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto.c
Log Message:
-----------
krb5: Actually 0 padding
When we decide we need to zero the padding iovec, do so with 0, not
with the length that we've determined.
This had no effect because we zero the padding properly later, but it
should be fixed, so that things still work when the later memset() goes
away.
Commit: 9941ce290925b12a46eb5067bcfa0f1e841751e9
https://github.com/heimdal/heimdal/commit/9941ce290925b12a46eb5067bcfa0f1e841751e9
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto.c
Log Message:
-----------
krb5: Use iovec checksum in krb5_encrypt_iov_ivec
Use the iovec checksum routines in krb5_encrypt_iov_ivec. This
still marshalls all of the iovecs together to perform the encryption
operation, but this change halves the amount of time spent on
data marshalling in this function.
Commit: 3cc97c2b91b4c52a3c7f0a478123456f1482c2af
https://github.com/heimdal/heimdal/commit/3cc97c2b91b4c52a3c7f0a478123456f1482c2af
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto-aes-sha1.c
M lib/krb5/crypto-aes-sha2.c
M lib/krb5/crypto-arcfour.c
M lib/krb5/crypto-des.c
M lib/krb5/crypto-des3.c
M lib/krb5/crypto-null.c
M lib/krb5/crypto.c
M lib/krb5/crypto.h
Log Message:
-----------
krb5: Add an optional encrypt_iov function to encryption types
Add a encrypt_iov function pointer to all of our encryption types
which can be used to implement an iovec based encryption routine.
Modify krb5_encrypt_iov so that it calls the iovec based routine
if it is available.
Commit: 9fc7a70a1f3fbc141db83d142bc486e335d6bc54
https://github.com/heimdal/heimdal/commit/9fc7a70a1f3fbc141db83d142bc486e335d6bc54
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto-aes-sha1.c
M lib/krb5/crypto-des3.c
M lib/krb5/crypto-evp.c
Log Message:
-----------
krb5: Add EVP iovec encryption routines
Add iovec routines for both padded CBC, and CTS EVP based encryption.
These routines go to great lengths to minimise the number of times
we call EVP_Cipher. With some EVP implementations (such as OpenSSL's
AES-NI) there is a significant entrance and exit overhead from this
routine, due to the use of SIMD vectors for the ivec.
Commit: 099640f3b87ea099a270e7e2760df2cfbc09dc74
https://github.com/heimdal/heimdal/commit/099640f3b87ea099a270e7e2760df2cfbc09dc74
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto-aes-sha1.c
M lib/krb5/crypto.c
Log Message:
-----------
krb5: Add a verify mode for the HMAC_SHA1 checksum
Add a verify operation for this checksum. If a verify operation isn't
defined, then the verify_checksum code has to dynamically allocate and
free a block of memory for the computed checksum, which can be a
significant overhead when performing bulk data encryption.
Commit: 5058808535439b1fe9c87940192164f8f8c4219a
https://github.com/heimdal/heimdal/commit/5058808535439b1fe9c87940192164f8f8c4219a
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-15 (Tue, 15 May 2018)
Changed paths:
M lib/krb5/crypto.c
Log Message:
-----------
krb5: Use iovecs for krb5_decrypt_iov_ivec
When we have an underlying iovec encryption function, use iovecs for
checksum-then-encrypt alogrithms in decrypt_iov_ivec, rather than
coalescing iovecs into a single memory buffer.
Compare: https://github.com/heimdal/heimdal/compare/2c23767a9343^...505880853543
**NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the Heimdal-source-changes
mailing list