X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/a93aacce200e0d68b614d8bfb05d9cbeba850b12..5290b9d5791238de2e19ec479087bda6e3c787e2:/server/keymgmt.c

diff --git a/server/keymgmt.c b/server/keymgmt.c
index d28421fe..8f0d1a2a 100644
--- a/server/keymgmt.c
+++ b/server/keymgmt.c
@@ -166,7 +166,7 @@ static const kgops *kgtab[] = {
 /* --- @algs_get@ --- *
  *
  * Arguments:	@algswitch *a@ = where to put the algorithms
- *		@dstr *e@ = where to write errror tokens
+ *		@dstr *e@ = where to write error tokens
  *		@key_file *kf@ = key file
  *		@key *k@ = key to inspect
  *
@@ -180,7 +180,7 @@ static int algs_get(algswitch *a, dstr *e, key_file *kf, key *k)
   const char *p;
   const bulkcrypto *bulk;
   char *q, *qq;
-  dstr d = DSTR_INIT;
+  dstr d = DSTR_INIT, dd = DSTR_INIT;
   int rc = -1;
 
   /* --- Hash function --- */
@@ -225,6 +225,25 @@ static int algs_get(algswitch *a, dstr *e, key_file *kf, key *k)
     }
   }
 
+  /* --- Block cipher for miscellaneous use --- */
+
+  if (!(a->bulk->prim & BCP_BLKC))
+    a->b = 0;
+  else {
+    if ((p = key_getattr(kf, k, "blkc")) == 0) {
+      dstr_reset(&dd);
+      dstr_puts(&dd, a->c ? a->c->name : "rijndael-");
+      if ((q = strrchr(dd.buf, '-')) != 0) *q = 0;
+      p = dd.buf;
+    }
+    dstr_reset(&d);
+    dstr_putf(&d, "%s-ecb", p);
+    if ((a->b = gcipher_byname(d.buf)) == 0) {
+      a_format(e, "unknown-blkc", "%s", p, A_END);
+      goto done;
+    }
+  }
+
   /* --- Message authentication for bulk data --- */
 
   if (!(a->bulk->prim & BCP_MAC)) {
@@ -270,6 +289,7 @@ static int algs_get(algswitch *a, dstr *e, key_file *kf, key *k)
   rc = 0;
 done:
   dstr_destroy(&d);
+  dstr_destroy(&dd);
   return (rc);
 }
 
@@ -313,6 +333,12 @@ static int algs_check(algswitch *a, dstr *e, const group *g)
 	     A_END);
     return (-1);
   }
+  if (a->b && (a->bksz = keysz(a->hashsz, a->b->keysz)) == 0) {
+    a_format(e, "blkc", "%.*s", strlen(a->b->name) - 4, a->b->name,
+	     "no-key-size", "%lu", (unsigned long)a->hashsz,
+	     A_END);
+    return (-1);
+  }
 
   /* --- Derive the data limit --- */
 
@@ -347,7 +373,9 @@ int km_samealgsp(const kdata *kdx, const kdata *kdy)
 {
   const algswitch *a = &kdx->algs, *aa = &kdy->algs;
 
-  return (group_samep(kdx->g, kdy->g) && a->c == aa->c &&
+  return (group_samep(kdx->g, kdy->g) &&
+	  a->bulk == aa->bulk &&
+	  a->c == aa->c && a->b == aa->b &&
 	  a->mgf == aa->mgf && a->h == aa->h &&
 	  a->m == aa->m && a->tagsz == aa->tagsz);
 }
@@ -855,6 +883,7 @@ void km_unref(kdata *kd)
   G_DESTROY(kd->g, kd->kpub);
   xfree(kd->tag);
   G_DESTROYGROUP(kd->g);
+  DESTROY(kd);
 }
 
 /*----- That's all, folks -------------------------------------------------*/