return (e);
}
-static const kgops kgdh_ops = { "tripe-dh", kgdh_priv, kgdh_pub };
+static const kgops kgdh_ops = { "dh", kgdh_priv, kgdh_pub };
/* --- Elliptic curve --- */
return (e);
}
-static const kgops kgec_ops = { "tripe-ec", kgec_priv, kgec_pub };
+static const kgops kgec_ops = { "ec", kgec_priv, kgec_pub };
/* --- Table of supported key types --- */
/* --- Derive the key sizes --- *
*
* Must ensure that we have non-empty keys. This isn't ideal, but it
- * provides a handy sanity check.
+ * provides a handy sanity check. Also must be based on a 64- or 128-bit
+ * block cipher or we can't do the data expiry properly.
*/
a->hashsz = a->h->hashsz;
if ((a->mksz = keysz(a->hashsz, a->m->keysz)) == 0)
return ("no key size found for MAC");
+ /* --- Derive the data limit --- */
+
+ if (a->c->blksz < 16) a->expsz = MEG(64);
+ else a->expsz = MEG(2048);
+
/* --- Ensure that the tag size is sane --- */
if (a->tagsz > a->m->hashsz) return ("tag length too large");
A_END);
}
+/* --- @keykg@ --- *
+ *
+ * Arguments: @key_file *kf@ = pointer to key file
+ * @key *k@ = pointer to key
+ * @const char **tyr@ = where to put the type string
+ *
+ * Returns: Pointer to indicated key-group options, or null.
+ *
+ * Use: Looks up a key's group indicator and tries to find a matching
+ * table entry.
+ */
+
+static const kgops *keykg(key_file *kf, key *k, const char **tyr)
+{
+ const char *ty;
+ const kgops **ko;
+
+ /* --- Look up the key type in the table --- *
+ *
+ * There are several places to look for this. The most obvious is the
+ * `kx-group' key attribute. But there's also the key type itself.
+ */
+
+ ty = key_getattr(kf, k, "kx-group");
+ if (!ty && strncmp(k->type, "tripe-", 6) == 0) ty = k->type + 6;
+ if (!ty) ty = "dh";
+ if (tyr) *tyr = ty;
+
+ for (ko = kgtab; *ko; ko++) {
+ if (strcmp((*ko)->ty, ty) == 0)
+ return (*ko);
+ }
+ return (0);
+}
+
/* --- @loadpriv@ --- *
*
* Arguments: @dstr *d@ = string to write errors in
group *g = 0;
mp *x = 0;
int rc = -1;
- const kgops **ko;
- const char *e;
+ const kgops *ko;
+ const char *e, *tag, *ty;
algswitch a;
/* --- Open the private key file --- */
/* --- Find the private key --- */
- if (key_qtag(&kf, tag_priv, &t, &k, &kd)) {
- dstr_putf(d, "private key `%s' not found in keyring `%s'",
- tag_priv, kr_priv);
+ if (tag_priv ?
+ key_qtag(&kf, tag = tag_priv, &t, &k, &kd) :
+ key_qtag(&kf, tag = "tripe", &t, &k, &kd) &&
+ key_qtag(&kf, tag = "tripe-dh", &t, &k, &kd)) {
+ dstr_putf(d, "private key `%s' not found in keyring `%s'", tag, kr_priv);
goto done_1;
}
/* --- Look up the key type in the table --- */
- for (ko = kgtab; *ko; ko++) {
- if (strcmp((*ko)->ty, k->type) == 0)
- goto tymatch;
+ if ((ko = keykg(&kf, k, &ty)) == 0) {
+ dstr_putf(d, "private key `%s' has unknown type `%s'", t.buf, ty);
+ goto done_1;
}
- dstr_putf(d, "private key `%s' has unknown type `%s'", t.buf, k->type);
- goto done_1;
-tymatch:;
/* --- Load the key --- */
- if ((e = (*ko)->loadpriv(*kd, &g, &x, &t)) != 0) {
+ if ((e = ko->loadpriv(*kd, &g, &x, &t)) != 0) {
dstr_putf(d, "error reading private key `%s': %s", t.buf, e);
goto done_1;
}
key *k;
key_data **kd;
dstr t = DSTR_INIT;
- const kgops **ko;
- const char *e;
+ const kgops *ko;
+ const char *e, *ty;
group *g = 0;
ge *p = 0;
algswitch a;
/* --- Look up the key type in the table --- */
- for (ko = kgtab; *ko; ko++) {
- if (strcmp((*ko)->ty, k->type) == 0)
- goto tymatch;
+ if ((ko = keykg(kf_pub, k, &ty)) == 0) {
+ a_warn("KEYMGMT",
+ "public-key", "%s", t.buf,
+ "unknown-type", "%s", ty,
+ A_END);
+ goto done;
}
- a_warn("KEYMGMT",
- "public-key", "%s", t.buf,
- "unknown-type", "%s", k->type,
- A_END);
- goto done;
-tymatch:;
/* --- Load the key --- */
- if ((e = (*ko)->loadpub(*kd, &g, &p, &t)) != 0) {
+ if ((e = ko->loadpub(*kd, &g, &p, &t)) != 0) {
a_warn("KEYMGMT", "public-key", "%s", t.buf, "bad", "%s", e, A_END);
goto done;
}