From 864d4b2669d6e4a798314f28530613a8721491a2 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Mon, 19 Sep 2011 00:35:06 +0000 Subject: [PATCH] Refactor to use oid instead of algorithm_id in KDF interface git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25193 dc483132-0cff-0310-8789-dd5450dbe970 --- src/plugins/preauth/pkinit/pkinit_crypto.h | 2 +- .../preauth/pkinit/pkinit_crypto_openssl.c | 24 +++++++++++-------- src/plugins/preauth/pkinit/pkinit_kdf_test.c | 2 +- 3 files changed, 16 insertions(+), 12 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto.h b/src/plugins/preauth/pkinit/pkinit_crypto.h index ad8e81558..e69fce3ea 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto.h +++ b/src/plugins/preauth/pkinit/pkinit_crypto.h @@ -634,7 +634,7 @@ krb5_error_code pkinit_identity_set_prompter krb5_error_code pkinit_alg_agility_kdf(krb5_context context, krb5_octet_data *secret, - krb5_algorithm_identifier *alg_id, + krb5_octet_data *alg_oid, krb5_principal party_u_info, krb5_principal party_v_info, krb5_enctype enctype, diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index a5f26bb96..509f8b6e4 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -2172,28 +2172,28 @@ cleanup: */ static krb5_error_code pkinit_alg_values(krb5_context context, - krb5_algorithm_identifier *alg_id, + const krb5_octet_data *alg_id, size_t *hash_bytes, const EVP_MD *(**func)(void)) { *hash_bytes = 0; *func = NULL; - if ((alg_id->algorithm.length == krb5_pkinit_sha1_oid_len) && - (0 == memcmp(alg_id->algorithm.data, &krb5_pkinit_sha1_oid, + if ((alg_id->length == krb5_pkinit_sha1_oid_len) && + (0 == memcmp(alg_id->data, &krb5_pkinit_sha1_oid, krb5_pkinit_sha1_oid_len))) { *hash_bytes = 20; *func = &EVP_sha1; return 0; } - else if ((alg_id->algorithm.length == krb5_pkinit_sha256_oid_len) && - (0 == memcmp(alg_id->algorithm.data, krb5_pkinit_sha256_oid, + else if ((alg_id->length == krb5_pkinit_sha256_oid_len) && + (0 == memcmp(alg_id->data, krb5_pkinit_sha256_oid, krb5_pkinit_sha256_oid_len))) { *hash_bytes = 32; *func = &EVP_sha256; return 0; } - else if ((alg_id->algorithm.length == krb5_pkinit_sha512_oid_len) && - (0 == memcmp(alg_id->algorithm.data, krb5_pkinit_sha512_oid, + else if ((alg_id->length == krb5_pkinit_sha512_oid_len) && + (0 == memcmp(alg_id->data, krb5_pkinit_sha512_oid, krb5_pkinit_sha512_oid_len))) { *hash_bytes = 32; *func = &EVP_sha512; @@ -2227,7 +2227,7 @@ pkinit_alg_values(krb5_context context, krb5_error_code pkinit_alg_agility_kdf(krb5_context context, krb5_octet_data *secret, - krb5_algorithm_identifier *alg_id, + krb5_octet_data *alg_oid, krb5_principal party_u_info, krb5_principal party_v_info, krb5_enctype enctype, @@ -2248,6 +2248,7 @@ pkinit_alg_agility_kdf(krb5_context context, krb5_pkinit_supp_pub_info supp_pub_info_fields; krb5_data *other_info = NULL; krb5_data *supp_pub_info = NULL; + krb5_algorithm_identifier alg_id; const EVP_MD *(*EVP_func)(void); /* initialize random_data here to make clean-up safe */ @@ -2266,7 +2267,7 @@ pkinit_alg_agility_kdf(krb5_context context, } memset (key_block->contents, 0, key_block->length); - if (0 != (retval = pkinit_alg_values(context, alg_id, &hash_len, &EVP_func))) + if (0 != (retval = pkinit_alg_values(context, alg_oid, &hash_len, &EVP_func))) goto cleanup; /* 1. reps = keydatalen (K) / hash length (H) */ @@ -2297,7 +2298,10 @@ pkinit_alg_agility_kdf(krb5_context context, goto cleanup; /* Now encode the ASN.1 octet string for "OtherInfo" */ - other_info_fields.algorithm_identifier = *alg_id; + memset(&alg_id, 0, sizeof alg_id); + alg_id.algorithm = *alg_oid; /*alias*/ + + other_info_fields.algorithm_identifier = alg_id; other_info_fields.party_u_info = party_u_info; other_info_fields.party_v_info = party_v_info; other_info_fields.supp_pub_info = *supp_pub_info; diff --git a/src/plugins/preauth/pkinit/pkinit_kdf_test.c b/src/plugins/preauth/pkinit/pkinit_kdf_test.c index ed8987336..1d659bfea 100644 --- a/src/plugins/preauth/pkinit/pkinit_kdf_test.c +++ b/src/plugins/preauth/pkinit/pkinit_kdf_test.c @@ -149,7 +149,7 @@ main (int argc, } /* call krb5_pkinit_alg_agility_kdf() with test vector values*/ - if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, &alg_id, + if (0 != (retval = pkinit_alg_agility_kdf(context, &secret, &alg_id.algorithm, u_principal, v_principal, enctype, &as_req, &pk_as_rep, &test_ticket, &key_block))) { -- 2.26.2