[Heimdal-source-changes] [heimdal/heimdal] ae62cc: test_rfc3961: Add HMAC tests
GitHub
noreply at github.com
Ons May 23 15:54:30 CEST 2018
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: ae62cc2341c6f1bfbe96bb5749556a5435b62ad0
https://github.com/heimdal/heimdal/commit/ae62cc2341c6f1bfbe96bb5749556a5435b62ad0
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/test_rfc3961.c
Log Message:
-----------
test_rfc3961: Add HMAC tests
Add some HMAC-SHA1 tests using the test vectors in RFC2202
Commit: c1eb9828f4191842d89744d041d74e399b7d9ca3
https://github.com/heimdal/heimdal/commit/c1eb9828f4191842d89744d041d74e399b7d9ca3
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/hcrypto/hmac.c
M lib/hcrypto/hmac.h
M lib/hcrypto/libhcrypto-exports.def
M lib/hcrypto/version-script.map
Log Message:
-----------
hcrypto: Add HMAC_CTX_new and HMAC_CTX_free
Add a pair of functions which can be used to allocate and free
an HMAC_CTX structure on the heap. This means that the caller doesn't
need to know the size of the underlying structure.
Commit: eb5eae59a4beb53a44dcf13a083496192b8092b4
https://github.com/heimdal/heimdal/commit/eb5eae59a4beb53a44dcf13a083496192b8092b4
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto.c
M lib/krb5/crypto.h
Log Message:
-----------
krb5: Add _krb5_crypto_iov_should_sign helper function
Add a helper function which contains the knowledge about whether
a particular portion of a krb5_crypto_iovec should be signed or not.
Commit: cb632bfdeb12e86e12ffde06479b92ac4c089273
https://github.com/heimdal/heimdal/commit/cb632bfdeb12e86e12ffde06479b92ac4c089273
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto-evp.c
Log Message:
-----------
krb5: Add _krb5_evp_digest_iov
Add a function which can apply an EVP message digest algorithm over
a set of iovecs to produce a signature.
Commit: 3484f092e50969858ca4a3145fd364ec123e4dff
https://github.com/heimdal/heimdal/commit/3484f092e50969858ca4a3145fd364ec123e4dff
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto-evp.c
Log Message:
-----------
krb5: Add _krb5_evp_hmac_iov
Add a function which will perform an HMAC over a set of iovecs,
using the hcrypto provided HMAC functions.
Join contiguous iovecs together before passing them to the hash
function so we make as few calls into the hash as possible.
Commit: ca756f0f7fbfba9483c9a1a5ae58f34d96a5e7bb
https://github.com/heimdal/heimdal/commit/ca756f0f7fbfba9483c9a1a5ae58f34d96a5e7bb
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto-aes-sha1.c
M lib/krb5/crypto-aes-sha2.c
M lib/krb5/crypto-arcfour.c
M lib/krb5/crypto-des-common.c
M lib/krb5/crypto-des.c
M lib/krb5/crypto-des3.c
M lib/krb5/crypto-null.c
M lib/krb5/crypto.c
M lib/krb5/crypto.h
M lib/krb5/pac.c
Log Message:
-----------
krb5: Use iovecs for internal checksum handling
Modify the signature of the checksum operation in the
krb5_checksum_type structure so that it processes iovecs rather than
solid blocks of data.
Update all of the implementations of these functions for all of the
checksum types that we support so that they process iovecs, either
by iterating through the iovec in each function, or by calling
_krb5_evp_digest_iov or _krb5_evp_hmac_iov()
Update callers of these functions so that they turn their single blocks
of data into a single iovec of the correct type before calling checksum
Commit: 8f947638c76b0d9cb2990a32b54f6196a3b9a4dc
https://github.com/heimdal/heimdal/commit/8f947638c76b0d9cb2990a32b54f6196a3b9a4dc
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto-des-common.c
M lib/krb5/crypto-des.c
M lib/krb5/crypto-des3.c
M lib/krb5/crypto.c
M lib/krb5/crypto.h
Log Message:
-----------
krb5: Use iovecs internally for checksum verification
When verifying checksums, pass iovecs through to the individual
verify routines.
Commit: 9a6675292697d51e7a371bd902a85eba970e7c12
https://github.com/heimdal/heimdal/commit/9a6675292697d51e7a371bd902a85eba970e7c12
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/test_rfc3961.c
Log Message:
-----------
test_rfc3961: Add performance tests for HMAC-SHA1
Add a selection of performance tests for HMAC-SHA1 to the
RFC3961 library tests.
Commit: c2271cfbfb12192fb82ab775c927c426a05fcb23
https://github.com/heimdal/heimdal/commit/c2271cfbfb12192fb82ab775c927c426a05fcb23
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto.c
M lib/krb5/test_rfc3961.c
Log Message:
-----------
krb5: Use EVP HMAC() function for HMAC-SHA1
Use the EVP HMAC() function that we use for SHA2 HMACs for SHA1 as
well.
Commit: aedc1fd4bd93be5405a4ce06e2761b4aeffbd678
https://github.com/heimdal/heimdal/commit/aedc1fd4bd93be5405a4ce06e2761b4aeffbd678
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto.c
Log Message:
-----------
krb5: Use iovecs throughout krb5_create_checksum_iov
Rather than flattening the iovecs supplied to
krb5_create_checksum_iov into a malloc()'d memory block, refactor
the function so that they can be passed straight through to the
backend hash functions.
Commit: 152a23f2cee89656cf6bf0b415e11e02879ee579
https://github.com/heimdal/heimdal/commit/152a23f2cee89656cf6bf0b415e11e02879ee579
Author: Simon Wilkinson <sxw at your-file-system.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto.c
Log Message:
-----------
krb5: Reorder checks in _key_schedule
_krb5_find_enctype is a moderately expensive operation, as it
does a linear search of the enctype lists. Avoid calling it
in _key_schedule when we already have a key schedule in place.
This change makes the most common check the first in the function.
Commit: fa1e998b53c551cd76275bd27f293263d356255a
https://github.com/heimdal/heimdal/commit/fa1e998b53c551cd76275bd27f293263d356255a
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto.c
Log Message:
-----------
krb5: Implement krb5_verify_checksum_iov with iovecs
Instead of flattening the iovecs passed into
krb5_verify_checksum_iov, create a new internal verify_checksum_iov
function which passes iovecs down onto the individual ->verify or
->checksum functions.
Commit: e50faea7f01738f4638e21f820c12619d64f0ee8
https://github.com/heimdal/heimdal/commit/e50faea7f01738f4638e21f820c12619d64f0ee8
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto-aes-sha1.c
M lib/krb5/crypto-aes-sha2.c
M lib/krb5/crypto-arcfour.c
M lib/krb5/crypto-des-common.c
M lib/krb5/crypto-des.c
M lib/krb5/crypto-des3.c
M lib/krb5/crypto-evp.c
M lib/krb5/crypto-null.c
M lib/krb5/crypto.c
M lib/krb5/crypto.h
M lib/krb5/pac.c
M lib/krb5/test_rfc3961.c
Log Message:
-----------
krb5: Store a digest context in the crypto structure
Creating and destroying an EVP_CTX_MD structure with every hash
operation is very expensive. Speed things up by caching one within
the krb5_crypto structure. krb5_crypto can already only be safely
used by one thread at a time - adding a message digest context here
shouldn't introduce any further threading risks.
Users of the stashed context must be careful to ensure that they
call no other hash functions whilst they are in the middle of using
the context.
Commit: b9b8e763762554daaf110429a02e361b00b00d4c
https://github.com/heimdal/heimdal/commit/b9b8e763762554daaf110429a02e361b00b00d4c
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto-aes-sha2.c
M lib/krb5/crypto-evp.c
M lib/krb5/crypto.c
M lib/krb5/crypto.h
Log Message:
-----------
krb5: Stash the HMAC context in the krb5_crypto object
Store the EVP HMAC context in the krb5_crypto object so that we
don't have to allocate it for every hashing operating we perform.
Commit: 2d84fc65bbde4d1a65f864f89abefaac08be3057
https://github.com/heimdal/heimdal/commit/2d84fc65bbde4d1a65f864f89abefaac08be3057
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/hcrypto/hmac.c
Log Message:
-----------
hcrypto: Make more buffers persist across HMAC operations
If we don't change MD algorithm across two calls to HMAC_Init_ex
using the same context, don't bother reallocating all of our buffers.
Commit: 550067f6d00131762ed3ec6da11761416da4fc53
https://github.com/heimdal/heimdal/commit/550067f6d00131762ed3ec6da11761416da4fc53
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto.c
M lib/krb5/crypto.h
Log Message:
-----------
krb5: Expand list of vector types that are hashed
So that we can eventually use iovec hashes with encrypt, as well
as sign operations, add CRYPTO_TYPE_HEADER and CRYPTO_TYPE_PADDING
to the list of iovecs which will be hashed.
Commit: c45c0d3c66bb5281dfd775d5b4323e846722c432
https://github.com/heimdal/heimdal/commit/c45c0d3c66bb5281dfd775d5b4323e846722c432
Author: Simon Wilkinson <sxw at your-file-system.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto.c
Log Message:
-----------
krb5: Actually 0 padding
When we decide we need to zero the padding iovec, do so with 0, not
with the length that we've determined.
This had no effect because we zero the padding properly later, but it
should be fixed, so that things still work when the later memset() goes
away.
Commit: 62a8fc89bcd04a51d6557f4248943e7c46dbcbb3
https://github.com/heimdal/heimdal/commit/62a8fc89bcd04a51d6557f4248943e7c46dbcbb3
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto.c
Log Message:
-----------
krb5: Use iovec checksum in krb5_encrypt_iov_ivec
Use the iovec checksum routines in krb5_encrypt_iov_ivec. This
still marshalls all of the iovecs together to perform the encryption
operation, but this change halves the amount of time spent on
data marshalling in this function.
Commit: 57f7373583678143fc653b888d02c19989cf938c
https://github.com/heimdal/heimdal/commit/57f7373583678143fc653b888d02c19989cf938c
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto-aes-sha1.c
M lib/krb5/crypto-aes-sha2.c
M lib/krb5/crypto-arcfour.c
M lib/krb5/crypto-des.c
M lib/krb5/crypto-des3.c
M lib/krb5/crypto-null.c
M lib/krb5/crypto.c
M lib/krb5/crypto.h
Log Message:
-----------
krb5: Add an optional encrypt_iov function to encryption types
Add a encrypt_iov function pointer to all of our encryption types
which can be used to implement an iovec based encryption routine.
Modify krb5_encrypt_iov so that it calls the iovec based routine
if it is available.
Commit: c611a23d775524376d8b136b6e6021407a232a64
https://github.com/heimdal/heimdal/commit/c611a23d775524376d8b136b6e6021407a232a64
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto-aes-sha1.c
M lib/krb5/crypto-des3.c
M lib/krb5/crypto-evp.c
Log Message:
-----------
krb5: Add EVP iovec encryption routines
Add iovec routines for both padded CBC, and CTS EVP based encryption.
These routines go to great lengths to minimise the number of times
we call EVP_Cipher. With some EVP implementations (such as OpenSSL's
AES-NI) there is a significant entrance and exit overhead from this
routine, due to the use of SIMD vectors for the ivec.
Commit: a1c8f029b769697a27e1467a3d79df0241e5d182
https://github.com/heimdal/heimdal/commit/a1c8f029b769697a27e1467a3d79df0241e5d182
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto-aes-sha1.c
M lib/krb5/crypto.c
Log Message:
-----------
krb5: Add a verify mode for the HMAC_SHA1 checksum
Add a verify operation for this checksum. If a verify operation isn't
defined, then the verify_checksum code has to dynamically allocate and
free a block of memory for the computed checksum, which can be a
significant overhead when performing bulk data encryption.
Commit: 8e301d44b16f267a69a13d4e24529fb223d4cb10
https://github.com/heimdal/heimdal/commit/8e301d44b16f267a69a13d4e24529fb223d4cb10
Author: Simon Wilkinson <sxw at auristor.com>
Date: 2018-05-23 (Wed, 23 May 2018)
Changed paths:
M lib/krb5/crypto.c
Log Message:
-----------
krb5: Use iovecs for krb5_decrypt_iov_ivec
When we have an underlying iovec encryption function, use iovecs for
checksum-then-encrypt alogrithms in decrypt_iov_ivec, rather than
coalescing iovecs into a single memory buffer.
Compare: https://github.com/heimdal/heimdal/compare/927185e732df...8e301d44b16f
**NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the Heimdal-source-changes
mailing list