From 217f3d4680ed605fbce36868a59dd99ec90dfab6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 30 May 2007 18:42:34 +0000
Subject: [PATCH] Add selection code for secret key crypto.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20704 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/crypto.c | 50 +++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 47 insertions(+), 3 deletions(-)

diff --git a/lib/hx509/crypto.c b/lib/hx509/crypto.c
index 4dc23f318..86cd702f8 100644
--- a/lib/hx509/crypto.c
+++ b/lib/hx509/crypto.c
@@ -113,6 +113,7 @@ struct signature_alg {
 
 #define SIG_DIGEST	0x100
 #define SIG_PUBLIC_SIG	0x200
+#define SIG_SECRET	0x400
 
     int (*verify_signature)(hx509_context context,
 			    const struct signature_alg *,
@@ -1418,6 +1419,15 @@ const AlgorithmIdentifier _hx509_signature_rsa_data = {
     { 7, rk_UNCONST(rsa_oid) }, NULL
 };
 
+static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 };
+const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = {
+    { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL
+};
+
+static const unsigned aes256_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
+const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data = {
+    { 9, rk_UNCONST(aes256_cbc_oid) }, NULL
+};
 
 const AlgorithmIdentifier *
 hx509_signature_sha512(void)
@@ -1471,6 +1481,14 @@ const AlgorithmIdentifier *
 hx509_signature_rsa(void)
 { return &_hx509_signature_rsa_data; }
 
+const AlgorithmIdentifier *
+hx509_crypto_des_rsdi_ede3_cbc(void)
+{ return &_hx509_des_rsdi_ede3_cbc_oid; }
+
+const AlgorithmIdentifier *
+hx509_crypto_aes256_cbc(void)
+{ return &_hx509_crypto_aes256_cbc_data; }
+
 int
 _hx509_private_key_init(hx509_private_key *key,
 			hx509_private_key_ops *ops,
@@ -1570,6 +1588,7 @@ _hx509_private_key_export(hx509_context context,
 struct hx509cipher {
     const char *name;
     const heim_oid *(*oid_func)(void);
+    const AlgorithmIdentifier *(*ai_func)(void);
     const EVP_CIPHER *(*evp_func)(void);
     int (*get_params)(hx509_context, const hx509_crypto,
 		      const heim_octet_string *, heim_octet_string *);
@@ -1737,6 +1756,7 @@ static const struct hx509cipher ciphers[] = {
     {
 	"rc2-cbc",
 	oid_id_pkcs3_rc2_cbc,
+	NULL,
 	EVP_rc2_cbc,
 	CMSRC2CBCParam_get,
 	CMSRC2CBCParam_set
@@ -1744,6 +1764,7 @@ static const struct hx509cipher ciphers[] = {
     {
 	"rc2-cbc",
 	oid_id_rsadsi_rc2_cbc,
+	NULL,
 	EVP_rc2_cbc,
 	CMSRC2CBCParam_get,
 	CMSRC2CBCParam_set
@@ -1751,6 +1772,7 @@ static const struct hx509cipher ciphers[] = {
     {
 	"rc2-40-cbc",
 	oid_private_rc2_40,
+	NULL,
 	EVP_rc2_40_cbc,
 	CMSRC2CBCParam_get,
 	CMSRC2CBCParam_set
@@ -1758,6 +1780,7 @@ static const struct hx509cipher ciphers[] = {
     {
 	"des-ede3-cbc",
 	oid_id_pkcs3_des_ede3_cbc,
+	NULL,
 	EVP_des_ede3_cbc,
 	CMSCBCParam_get,
 	CMSCBCParam_set
@@ -1765,6 +1788,7 @@ static const struct hx509cipher ciphers[] = {
     {
 	"des-ede3-cbc",
 	oid_id_rsadsi_des_ede3_cbc,
+	hx509_crypto_des_rsdi_ede3_cbc,
 	EVP_des_ede3_cbc,
 	CMSCBCParam_get,
 	CMSCBCParam_set
@@ -1772,6 +1796,7 @@ static const struct hx509cipher ciphers[] = {
     {
 	"aes-128-cbc",
 	oid_id_aes_128_cbc,
+	NULL,
 	EVP_aes_128_cbc,
 	CMSCBCParam_get,
 	CMSCBCParam_set
@@ -1779,6 +1804,7 @@ static const struct hx509cipher ciphers[] = {
     {
 	"aes-192-cbc",
 	oid_id_aes_192_cbc,
+	NULL,
 	EVP_aes_192_cbc,
 	CMSCBCParam_get,
 	CMSCBCParam_set
@@ -1786,6 +1812,7 @@ static const struct hx509cipher ciphers[] = {
     {
 	"aes-256-cbc",
 	oid_id_aes_256_cbc,
+	hx509_crypto_aes256_cbc,
 	EVP_aes_256_cbc,
 	CMSCBCParam_get,
 	CMSCBCParam_set
@@ -2397,7 +2424,6 @@ hx509_crypto_select(const hx509_context context,
 		    hx509_peer_info peer,
 		    AlgorithmIdentifier *selected)
 {
-    const heim_oid *keytype = NULL;
     const AlgorithmIdentifier *def;
     size_t i, j;
     int ret, bits;
@@ -2411,15 +2437,20 @@ hx509_crypto_select(const hx509_context context,
 	bits = SIG_PUBLIC_SIG;
 	/* XXX depend on `sourceŽ and `peerŽ */
 	def = hx509_signature_rsa_with_sha256();
+    } else if (type == HX509_SELECT_SECRET_ENC) {
+	bits = SIG_SECRET;
+	def = hx509_crypto_aes256_cbc();
     } else {
 	hx509_set_error_string(context, 0, EINVAL, 
 			       "Unknown type %d of selection", type);
 	return EINVAL;
     }
 
-    keytype = find_keytype(source);
-
     if (peer) {
+	const heim_oid *keytype = NULL;
+
+	keytype = find_keytype(source);
+
 	for (i = 0; i < peer->len; i++) {
 	    for (j = 0; sig_algs[j]; j++) {
 		if ((sig_algs[j]->flags & bits) != bits)
@@ -2437,6 +2468,19 @@ hx509_crypto_select(const hx509_context context,
 		    hx509_clear_error_string(context);
 		return ret;
 	    }
+	    if (bits & SIG_SECRET) {
+		const struct hx509cipher *cipher;
+
+		cipher = find_cipher_by_oid(&peer->val[i].algorithm);
+		if (cipher == NULL)
+		    continue;
+		if (cipher->ai_func == NULL)
+		    continue;
+		ret = copy_AlgorithmIdentifier(&peer->val[i], cipher->ai_func());
+		if (ret)
+		    hx509_clear_error_string(context);
+		return ret;
+	    }
 	}
     }