+/*----- Algswitch stuff ---------------------------------------------------*/
+
+/* --- @algs_get@ --- *
+ *
+ * Arguments: @algswitch *a@ = where to put the algorithms
+ * @key_file *kf@ = key file (for some stupid reason)
+ * @key *k@ = key to inspect
+ *
+ * Returns: Null if OK, or an error message.
+ *
+ * Use: Extracts an algorithm choice from a key.
+ */
+
+static const char *algs_get(algswitch *a, key_file *kf, key *k)
+{
+ const char *p;
+ char *q;
+ dstr d = DSTR_INIT;
+ const char *e;
+
+#define FAIL(msg) do { e = msg; goto done; } while (0)
+
+ if ((p = key_getattr(kf, k, "cipher")) == 0)
+ p = "blowfish-cbc";
+ if ((a->c = gcipher_byname(p)) == 0)
+ FAIL("unknown cipher");
+
+ if ((p = key_getattr(kf, k, "hash")) == 0)
+ p = "rmd160";
+ if ((a->h = ghash_byname(p)) == 0)
+ FAIL("unknown hash function");
+
+ if ((p = key_getattr(kf, k, "mgf")) != 0) {
+ dstr_reset(&d);
+ dstr_putf(&d, "%s-mgf");
+ p = d.buf;
+ }
+ if ((a->mgf = gcipher_byname(p)) == 0)
+ FAIL("unknown MGF cipher");
+
+ if ((p = key_getattr(kf, k, "mac")) != 0) {
+ dstr_reset(&d);
+ dstr_puts(&d, p);
+ if ((q = strchr(d.buf, '/')) != 0)
+ *q++ = 0;
+ if ((a->m = gmac_byname(d.buf)) == 0)
+ FAIL("unknown message authentication code");
+ if (!q)
+ a->tagsz = a->m->hashsz;
+ else {
+ unsigned long n = strtoul(q, &q, 0);
+ if (*q) FAIL("bad tag length string");
+ if (n%8 || n > ~(size_t)0) FAIL("bad tag length");
+ a->tagsz = n/8;
+ }
+ } else {
+ dstr_reset(&d);
+ dstr_putf(&d, "%s-hmac", a->h->name);
+ if ((a->m = gmac_byname(d.buf)) == 0)
+ FAIL("failed to derive HMAC from hash function");
+ a->tagsz = a->h->hashsz/2;
+ }
+
+ e = 0;
+done:
+ dstr_destroy(&d);
+ return (e);
+}
+
+/* --- @algs_check@ --- *
+ *
+ * Arguments: @algswitch *a@ = a choice of algorithms
+ * @const group *g@ = the group we're working in
+ *
+ * Returns: Null if OK, or an error message.
+ *
+ * Use: Checks an algorithm choice for sensibleness. This also
+ * derives some useful information from the choices, and you
+ * must call this before committing the algorithm selection
+ * for use by @keyset@ functions.
+ */
+
+static const char *algs_check(algswitch *a, const group *g)
+{
+ /* --- Derive the key sizes --- *
+ *
+ * Must ensure that we have non-empty keys. This isn't ideal, but it
+ * provides a handy sanity check.
+ */
+
+ a->hashsz = a->h->hashsz;
+ if ((a->cksz = keysz(a->hashsz, a->c->keysz)) == 0)
+ return ("no key size found for cipher");
+ if ((a->mksz = keysz(a->hashsz, a->m->keysz)) == 0)
+ return ("no key size found for MAC");
+
+ /* --- Ensure that the tag size is sane --- */
+
+ if (a->tagsz > a->m->hashsz) return ("tag length too large");
+
+ /* --- Ensure the MGF accepts hashes as keys --- */
+
+ if (keysz(a->hashsz, a->mgf->keysz) != a->hashsz)
+ return ("MGF not suitable -- restrictive key schedule");
+
+ /* --- All ship-shape and Bristol-fashion --- */
+
+ return (0);
+}
+
+/* --- @algs_samep@ --- *
+ *
+ * Arguments: @const algswitch *a, *aa@ = two algorithm selections
+ *
+ * Returns: Nonzero if the two selections are the same.
+ *
+ * Use: Checks sameness of algorithm selections: used to ensure that
+ * peers are using sensible algorithms.
+ */
+
+static int algs_samep(const algswitch *a, const algswitch *aa)
+{
+ return (a->c == aa->c && a->mgf == aa->mgf && a->h == aa->h &&
+ a->m == aa->m && a->tagsz == aa->tagsz);
+}
+