Refactor to use oid instead of algorithm_id in KDF interface
authorSam Hartman <hartmans@mit.edu>
Mon, 19 Sep 2011 00:35:06 +0000 (00:35 +0000)
committerSam Hartman <hartmans@mit.edu>
Mon, 19 Sep 2011 00:35:06 +0000 (00:35 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25193 dc483132-0cff-0310-8789-dd5450dbe970

src/plugins/preauth/pkinit/pkinit_crypto.h
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
src/plugins/preauth/pkinit/pkinit_kdf_test.c

index ad8e81558673e34838c7c4daa4b024dff69a2e93..e69fce3ea8529f0490d66977b61a8be5be62cd7b 100644 (file)
@@ -634,7 +634,7 @@ krb5_error_code pkinit_identity_set_prompter
 krb5_error_code
 pkinit_alg_agility_kdf(krb5_context context,
                        krb5_octet_data *secret,
-                       krb5_algorithm_identifier *alg_id,
+                       krb5_octet_data *alg_oid,
                        krb5_principal party_u_info,
                        krb5_principal party_v_info,
                        krb5_enctype enctype,
index a5f26bb96fb6b80856775900b40e00e22a089c2f..509f8b6e42c01e0fe81c1c557670074e9f0324cd 100644 (file)
@@ -2172,28 +2172,28 @@ cleanup:
  */
 static krb5_error_code
 pkinit_alg_values(krb5_context context,
-                  krb5_algorithm_identifier *alg_id,
+                  const krb5_octet_data *alg_id,
                   size_t *hash_bytes,
                   const EVP_MD *(**func)(void))
 {
     *hash_bytes = 0;
     *func = NULL;
-    if ((alg_id->algorithm.length == krb5_pkinit_sha1_oid_len) &&
-        (0 == memcmp(alg_id->algorithm.data, &krb5_pkinit_sha1_oid,
+    if ((alg_id->length == krb5_pkinit_sha1_oid_len) &&
+        (0 == memcmp(alg_id->data, &krb5_pkinit_sha1_oid,
                      krb5_pkinit_sha1_oid_len))) {
         *hash_bytes = 20;
         *func = &EVP_sha1;
         return 0;
     }
-    else if ((alg_id->algorithm.length == krb5_pkinit_sha256_oid_len) &&
-        (0 == memcmp(alg_id->algorithm.data, krb5_pkinit_sha256_oid,
+    else if ((alg_id->length == krb5_pkinit_sha256_oid_len) &&
+        (0 == memcmp(alg_id->data, krb5_pkinit_sha256_oid,
                      krb5_pkinit_sha256_oid_len))) {
         *hash_bytes = 32;
         *func = &EVP_sha256;
         return 0;
     }
-    else if ((alg_id->algorithm.length == krb5_pkinit_sha512_oid_len) &&
-        (0 == memcmp(alg_id->algorithm.data, krb5_pkinit_sha512_oid,
+    else if ((alg_id->length == krb5_pkinit_sha512_oid_len) &&
+             (0 == memcmp(alg_id->data, krb5_pkinit_sha512_oid,
                      krb5_pkinit_sha512_oid_len))) {
         *hash_bytes = 32;
         *func = &EVP_sha512;
@@ -2227,7 +2227,7 @@ pkinit_alg_values(krb5_context context,
 krb5_error_code
 pkinit_alg_agility_kdf(krb5_context context,
                        krb5_octet_data *secret,
-                       krb5_algorithm_identifier *alg_id,
+                       krb5_octet_data *alg_oid,
                        krb5_principal party_u_info,
                        krb5_principal party_v_info,
                        krb5_enctype enctype,
@@ -2248,6 +2248,7 @@ pkinit_alg_agility_kdf(krb5_context context,
     krb5_pkinit_supp_pub_info supp_pub_info_fields;
     krb5_data *other_info = NULL;
     krb5_data *supp_pub_info = NULL;
+    krb5_algorithm_identifier alg_id;
     const EVP_MD *(*EVP_func)(void);
 
     /* initialize random_data here to make clean-up safe */
@@ -2266,7 +2267,7 @@ pkinit_alg_agility_kdf(krb5_context context,
     }
     memset (key_block->contents, 0, key_block->length);
 
-    if (0 != (retval = pkinit_alg_values(context, alg_id, &hash_len, &EVP_func)))
+    if (0 != (retval = pkinit_alg_values(context, alg_oid, &hash_len, &EVP_func)))
         goto cleanup;
 
     /* 1.  reps = keydatalen (K) / hash length (H) */
@@ -2297,7 +2298,10 @@ pkinit_alg_agility_kdf(krb5_context context,
         goto cleanup;
 
     /* Now encode the ASN.1 octet string for "OtherInfo" */
-    other_info_fields.algorithm_identifier = *alg_id;
+    memset(&alg_id, 0, sizeof alg_id);
+    alg_id.algorithm = *alg_oid; /*alias*/
+
+    other_info_fields.algorithm_identifier = alg_id;
     other_info_fields.party_u_info = party_u_info;
     other_info_fields.party_v_info = party_v_info;
     other_info_fields.supp_pub_info = *supp_pub_info;
index ed898733674c371014b41c5a3db4a55c74dd17c7..1d659bfeac8ff17a4bcd227f1d96025f4c7a13c1 100644 (file)
@@ -149,7 +149,7 @@ main (int argc,
        }
 
     /* call krb5_pkinit_alg_agility_kdf() with test vector values*/
-    if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, &alg_id,
+    if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, &alg_id.algorithm,
                                              u_principal, v_principal,
                                              enctype, &as_req, &pk_as_rep,
                                              &test_ticket, &key_block))) {