From a92443718f19ffc36fbe55d85a4785130a4b33c7 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 6 Sep 2010 22:02:15 +0200 Subject: Algorithm to OID discovery moved to a single place. --- libtomcrypt/hashes/crypt_hash_is_valid.c | 5 +- libtomcrypt/hashes/hash_get_oid.c | 55 ++-------------------- libtomcrypt/headers/tomcrypt_pk.h | 6 +-- libtomcrypt/misc/pk_get_oid.c | 26 +++------- .../der/x509/der_decode_subject_public_key_info.c | 2 +- .../der/x509/der_encode_subject_public_key_info.c | 2 +- libtomcrypt/pk/dsa/dsa_export.c | 8 +++- libtomcrypt/pk/dsa/dsa_import.c | 8 +++- libtomcrypt/pk/rsa/rsa_export.c | 8 +++- libtomcrypt/pk/rsa/rsa_import.c | 8 +++- ncr-int.h | 2 +- ncr-sessions.c | 55 ++++++++++++++++++---- 12 files changed, 96 insertions(+), 89 deletions(-) diff --git a/libtomcrypt/hashes/crypt_hash_is_valid.c b/libtomcrypt/hashes/crypt_hash_is_valid.c index 59320a3..4912eb2 100644 --- a/libtomcrypt/hashes/crypt_hash_is_valid.c +++ b/libtomcrypt/hashes/crypt_hash_is_valid.c @@ -9,6 +9,7 @@ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ #include "tomcrypt.h" +#include /** @file crypt_hash_is_valid.c @@ -22,7 +23,9 @@ */ int hash_is_valid(const struct algo_properties_st *hash) { - return CRYPT_OK; + if (hash->can_digest == 0) return CRYPT_INVALID_ARG; + + return CRYPT_OK; } /* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_hash_is_valid.c,v $ */ diff --git a/libtomcrypt/hashes/hash_get_oid.c b/libtomcrypt/hashes/hash_get_oid.c index 835ffb1..e31e055 100644 --- a/libtomcrypt/hashes/hash_get_oid.c +++ b/libtomcrypt/hashes/hash_get_oid.c @@ -16,60 +16,15 @@ @return CRYPT_OK if valid */ -static const oid_st sha1_oid = { - .OIDlen = 6, - .OID = {1, 3, 14, 3, 2, 26}, -}; - -static const oid_st md5_oid = { - .OIDlen = 6, - .OID = {1, 2, 840, 113549, 2, 5,}, -}; - -static const oid_st sha224_oid = { - .OIDlen = 9, - .OID = {2, 16, 840, 1, 101, 3, 4, 2, 4,}, -}; - -static const oid_st sha256_oid = { - .OIDlen = 9, - .OID = {2, 16, 840, 1, 101, 3, 4, 2, 1,}, -}; - -static const oid_st sha384_oid = { - .OIDlen = 9, - .OID = {2, 16, 840, 1, 101, 3, 4, 2, 2,}, -}; - -static const oid_st sha512_oid = { - .OIDlen = 9, - .OID = {2, 16, 840, 1, 101, 3, 4, 2, 3,}, -}; - int hash_get_oid(const struct algo_properties_st *hash, oid_st * st) { - switch (hash->algo) { - case NCR_ALG_SHA1: - memcpy(st, &sha1_oid, sizeof(*st)); - break; - case NCR_ALG_MD5: - memcpy(st, &md5_oid, sizeof(*st)); - break; - case NCR_ALG_SHA2_224: - memcpy(st, &sha224_oid, sizeof(*st)); - break; - case NCR_ALG_SHA2_256: - memcpy(st, &sha256_oid, sizeof(*st)); - break; - case NCR_ALG_SHA2_384: - memcpy(st, &sha384_oid, sizeof(*st)); - break; - case NCR_ALG_SHA2_512: - memcpy(st, &sha512_oid, sizeof(*st)); - break; - default: + if (hash->can_digest == 0 || hash->oids[0].key_size != -1) { + /* not a digest */ return CRYPT_INVALID_ARG; } + + memcpy(st, &hash->oids[0].oid, sizeof(*st)); + return CRYPT_OK; } diff --git a/libtomcrypt/headers/tomcrypt_pk.h b/libtomcrypt/headers/tomcrypt_pk.h index f544e44..687f580 100644 --- a/libtomcrypt/headers/tomcrypt_pk.h +++ b/libtomcrypt/headers/tomcrypt_pk.h @@ -18,7 +18,7 @@ typedef struct Oid { unsigned long OIDlen; } oid_st; -int pk_get_oid(int pk, oid_st * st); +int pk_get_oid(const struct algo_properties_st *pk, oid_st * st); int rand_prime(mp_int * N, long len); /* ---- RSA ---- */ @@ -234,7 +234,7 @@ int der_length_sequence(ltc_asn1_list * list, unsigned long inlen, /* SUBJECT PUBLIC KEY INFO */ int der_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen, - unsigned int algorithm, void *public_key, + const struct algo_properties_st *algorithm, void *public_key, unsigned long public_key_len, unsigned long parameters_type, void *parameters, @@ -242,7 +242,7 @@ int der_encode_subject_public_key_info(unsigned char *out, int der_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen, - unsigned int algorithm, void *public_key, + const struct algo_properties_st *algorithm, void *public_key, unsigned long *public_key_len, unsigned long parameters_type, ltc_asn1_list * parameters, diff --git a/libtomcrypt/misc/pk_get_oid.c b/libtomcrypt/misc/pk_get_oid.c index 7b2803f..07d0b5b 100644 --- a/libtomcrypt/misc/pk_get_oid.c +++ b/libtomcrypt/misc/pk_get_oid.c @@ -8,32 +8,20 @@ * */ #include "tomcrypt.h" - -static const oid_st rsa_oid = { - .OIDlen = 7, - .OID = {1, 2, 840, 113549, 1, 1, 1}, -}; - -static const oid_st dsa_oid = { - .OIDlen = 6, - .OID = {1, 2, 840, 10040, 4, 1}, -}; +#include /* Returns the OID of the public key algorithm. @return CRYPT_OK if valid */ -int pk_get_oid(int pk, oid_st * st) +int pk_get_oid(const struct algo_properties_st *pk, oid_st * st) { - switch (pk) { - case PKA_RSA: - memcpy(st, &rsa_oid, sizeof(*st)); - break; - case PKA_DSA: - memcpy(st, &dsa_oid, sizeof(*st)); - break; - default: + if (pk->is_pk == 0 || pk->oids[0].key_size != -1) { + /* not a pk */ return CRYPT_INVALID_ARG; } + + memcpy(st, &pk->oids[0].oid, sizeof(*st)); + return CRYPT_OK; } diff --git a/libtomcrypt/pk/asn1/der/x509/der_decode_subject_public_key_info.c b/libtomcrypt/pk/asn1/der/x509/der_decode_subject_public_key_info.c index 3ebb8ea..c5bd894 100644 --- a/libtomcrypt/pk/asn1/der/x509/der_decode_subject_public_key_info.c +++ b/libtomcrypt/pk/asn1/der/x509/der_decode_subject_public_key_info.c @@ -48,7 +48,7 @@ @return CRYPT_OK on success */ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen, - unsigned int algorithm, void* public_key, unsigned long* public_key_len, + const struct algo_properties_st *algorithm, void* public_key, unsigned long* public_key_len, unsigned long parameters_type, ltc_asn1_list* parameters, unsigned long parameters_len) { int err, len; diff --git a/libtomcrypt/pk/asn1/der/x509/der_encode_subject_public_key_info.c b/libtomcrypt/pk/asn1/der/x509/der_encode_subject_public_key_info.c index 4c7e966..7db7a5e 100644 --- a/libtomcrypt/pk/asn1/der/x509/der_encode_subject_public_key_info.c +++ b/libtomcrypt/pk/asn1/der/x509/der_encode_subject_public_key_info.c @@ -48,7 +48,7 @@ @return CRYPT_OK on success */ int der_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen, - unsigned int algorithm, void* public_key, unsigned long public_key_len, + const struct algo_properties_st *algorithm, void* public_key, unsigned long public_key_len, unsigned long parameters_type, void* parameters, unsigned long parameters_len) { int err; diff --git a/libtomcrypt/pk/dsa/dsa_export.c b/libtomcrypt/pk/dsa/dsa_export.c index 01569e7..ad2991f 100644 --- a/libtomcrypt/pk/dsa/dsa_export.c +++ b/libtomcrypt/pk/dsa/dsa_export.c @@ -9,6 +9,7 @@ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ #include "tomcrypt.h" +#include /** @file dsa_export.c @@ -30,11 +31,16 @@ int dsa_export(unsigned char *out, unsigned long *outlen, int type, { unsigned long zero = 0; int err; + const struct algo_properties_st *algo = _ncr_algo_to_properties(NCR_ALG_DSA); LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); LTC_ARGCHK(key != NULL); + if (algo == NULL) { + return CRYPT_INVALID_ARG; + } + /* can we store the static header? */ if (type == PK_PRIVATE && key->type != PK_PRIVATE) { return CRYPT_PK_TYPE_MISMATCH; @@ -83,7 +89,7 @@ int dsa_export(unsigned char *out, unsigned long *outlen, int type, int_list[2].type = LTC_ASN1_INTEGER; err = der_encode_subject_public_key_info(out, outlen, - PKA_DSA, tmp, tmplen, + algo, tmp, tmplen, LTC_ASN1_SEQUENCE, int_list, sizeof(int_list) / diff --git a/libtomcrypt/pk/dsa/dsa_import.c b/libtomcrypt/pk/dsa/dsa_import.c index cf21e3b..5a60937 100644 --- a/libtomcrypt/pk/dsa/dsa_import.c +++ b/libtomcrypt/pk/dsa/dsa_import.c @@ -9,6 +9,7 @@ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ #include "tomcrypt.h" +#include /** @file dsa_import.c @@ -29,10 +30,15 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key * key) int err; unsigned long zero = 0; unsigned char *tmpbuf = NULL; + const struct algo_properties_st *algo = _ncr_algo_to_properties(NCR_ALG_DSA); LTC_ARGCHK(in != NULL); LTC_ARGCHK(key != NULL); + if (algo == NULL) { + return CRYPT_INVALID_ARG; + } + /* init key */ if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL) != CRYPT_OK) { @@ -65,7 +71,7 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key * key) } err = der_decode_subject_public_key_info(in, inlen, - PKA_DSA, tmpbuf, + algo, tmpbuf, &tmpbuf_len, LTC_ASN1_SEQUENCE, params, 3); diff --git a/libtomcrypt/pk/rsa/rsa_export.c b/libtomcrypt/pk/rsa/rsa_export.c index 483af19..cb667a4 100644 --- a/libtomcrypt/pk/rsa/rsa_export.c +++ b/libtomcrypt/pk/rsa/rsa_export.c @@ -31,6 +31,8 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, { unsigned long zero = 0; int err; + const struct algo_properties_st *algo = _ncr_algo_to_properties(NCR_ALG_RSA); + LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); LTC_ARGCHK(key != NULL); @@ -40,6 +42,10 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, return CRYPT_PK_INVALID_TYPE; } + if (algo == NULL) { + return CRYPT_INVALID_ARG; + } + if (type == PK_PRIVATE) { /* private key */ /* output is @@ -75,7 +81,7 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, } err = der_encode_subject_public_key_info(out, outlen, - PKA_RSA, tmp, tmplen, + algo, tmp, tmplen, LTC_ASN1_NULL, NULL, 0); diff --git a/libtomcrypt/pk/rsa/rsa_import.c b/libtomcrypt/pk/rsa/rsa_import.c index de8a103..6a42b07 100644 --- a/libtomcrypt/pk/rsa/rsa_import.c +++ b/libtomcrypt/pk/rsa/rsa_import.c @@ -9,6 +9,7 @@ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ #include "tomcrypt.h" +#include /** @file rsa_import.c @@ -30,10 +31,15 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key * key) mp_int zero; unsigned char *tmpbuf = NULL; unsigned long tmpbuf_len; + const struct algo_properties_st *algo = _ncr_algo_to_properties(NCR_ALG_RSA); LTC_ARGCHK(in != NULL); LTC_ARGCHK(key != NULL); + if (algo == NULL) { + return CRYPT_INVALID_ARG; + } + /* init key */ if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, @@ -50,7 +56,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key * key) } err = der_decode_subject_public_key_info(in, inlen, - PKA_RSA, tmpbuf, &tmpbuf_len, + algo, tmpbuf, &tmpbuf_len, LTC_ASN1_NULL, NULL, 0); if (err == CRYPT_OK) { /* SubjectPublicKeyInfo format */ diff --git a/ncr-int.h b/ncr-int.h index e09eb5c..940adde 100644 --- a/ncr-int.h +++ b/ncr-int.h @@ -209,7 +209,7 @@ const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo); const struct algo_properties_st *_ncr_nla_to_properties(const struct nlattr *nla); int _ncr_key_get_sec_level(struct key_item_st *item); -const struct algo_properties_st *_ncr_oid_to_properties(oid_st * oid); +const struct algo_properties_st *_ncr_oid_to_properties(const oid_st * oid); const oid_st *_ncr_properties_to_oid(const struct algo_properties_st *prop, int key_size); diff --git a/ncr-sessions.c b/ncr-sessions.c index a716670..1b45564 100644 --- a/ncr-sessions.c +++ b/ncr-sessions.c @@ -297,6 +297,43 @@ const static struct algo_oid_st dh_oid[] = { {.key_size = 0} }; +const static struct algo_oid_st sha1_oid[] = { + {.key_size = -1, + .oid = {.OIDlen = 6, .OID = {1, 3, 14, 3, 2, 26}}}, + {.key_size = 0} +}; + +const static struct algo_oid_st md5_oid[] = { + {.key_size = -1, + .oid = {.OIDlen = 6,.OID = {1, 2, 840, 113549, 2, 5,}}}, + {.key_size = 0} +}; + +const static struct algo_oid_st sha224_oid[] = { + {.key_size = -1, + .oid = {.OIDlen = 9,.OID = {2, 16, 840, 1, 101, 3, 4, 2, 4,}}}, + {.key_size = 0} +}; + +const static struct algo_oid_st sha256_oid[] = { + {.key_size = -1, + .oid = {.OIDlen = 9,.OID = {2, 16, 840, 1, 101, 3, 4, 2, 1,}}}, + {.key_size = 0} +}; + +const static struct algo_oid_st sha384_oid[] = { + {.key_size = -1, + .oid = {.OIDlen = 9,.OID = {2, 16, 840, 1, 101, 3, 4, 2, 2,}}}, + {.key_size = 0} +}; + +const static struct algo_oid_st sha512_oid[] = { + {.key_size = -1, + .oid = {.OIDlen = 9,.OID = {2, 16, 840, 1, 101, 3, 4, 2, 3,}}}, + {.key_size = 0} +}; + + /* OIDs are used in cipher algorithms to distinguish keys on key wrapping. */ @@ -330,22 +367,22 @@ static const struct algo_properties_st algo_properties[] = { .needs_iv = 0,.is_symmetric = 1,.can_encrypt = 1, .key_type = NCR_KEY_TYPE_SECRET, /* FIXME: no OIDs */ }, {.algo = NCR_ALG_SHA1, KSTR("sha1"), - .digest_size = 20,.can_digest = 1, + .digest_size = 20,.can_digest = 1, .oids = sha1_oid, .key_type = NCR_KEY_TYPE_INVALID}, - {.algo = NCR_ALG_MD5, KSTR("md5"), - .digest_size = 16,.can_digest = 1, + {.algo = NCR_ALG_MD5, KSTR("md5"), + .digest_size = 16,.can_digest = 1, .oids = md5_oid, .key_type = NCR_KEY_TYPE_INVALID}, {.algo = NCR_ALG_SHA2_224, KSTR("sha224"), - .digest_size = 28,.can_digest = 1, + .digest_size = 28,.can_digest = 1, .oids = sha224_oid, .key_type = NCR_KEY_TYPE_INVALID}, {.algo = NCR_ALG_SHA2_256, KSTR("sha256"), - .digest_size = 32,.can_digest = 1, + .digest_size = 32,.can_digest = 1, .oids = sha256_oid, .key_type = NCR_KEY_TYPE_INVALID}, {.algo = NCR_ALG_SHA2_384, KSTR("sha384"), - .digest_size = 48,.can_digest = 1, + .digest_size = 48,.can_digest = 1, .oids = sha384_oid, .key_type = NCR_KEY_TYPE_INVALID}, {.algo = NCR_ALG_SHA2_512, KSTR("sha512"), - .digest_size = 64,.can_digest = 1, + .digest_size = 64,.can_digest = 1, .oids = sha512_oid, .key_type = NCR_KEY_TYPE_INVALID}, {.is_hmac = 1, KSTR("hmac(sha1)"), .digest_size = 20,.can_sign = 1, @@ -402,7 +439,7 @@ const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo) return NULL; } -static void print_oid(oid_st * oid) +static void print_oid(const oid_st * oid) { char txt[128] = ""; char tmp[64]; @@ -416,7 +453,7 @@ static void print_oid(oid_st * oid) dprintk(1, KERN_DEBUG, "unknown oid: %s\n", txt); } -const struct algo_properties_st *_ncr_oid_to_properties(oid_st * oid) +const struct algo_properties_st *_ncr_oid_to_properties(const oid_st * oid) { const struct algo_properties_st *a; int i; -- cgit