+/*----- Key groups --------------------------------------------------------*/
+
+typedef struct kgops {
+ const char *ty;
+ const char *(*loadpriv)(key_data *, group **, mp **, dstr *);
+ const char *(*loadpub)(key_data *, group **, ge **, dstr *);
+} kgops;
+
+/* --- Diffie-Hellman --- */
+
+static const char *kgdh_priv(key_data *kd, group **g, mp **x, dstr *t)
+{
+ key_packstruct kps[DH_PRIVFETCHSZ];
+ key_packdef *kp;
+ dh_priv dp;
+ const char *e;
+ int rc;
+
+ kp = key_fetchinit(dh_privfetch, kps, &dp);
+ if ((rc = key_unpack(kp, kd, t)) != 0) {
+ e = key_strerror(rc);
+ goto done;
+ }
+ *g = group_prime(&dp.dp);
+ *x = MP_COPY(dp.x);
+ e = 0;
+done:
+ key_fetchdone(kp);
+ return (e);
+}
+
+static const char *kgdh_pub(key_data *kd, group **g, ge **p, dstr *t)
+{
+ key_packstruct kps[DH_PUBFETCHSZ];
+ key_packdef *kp;
+ dh_pub dp;
+ const char *e;
+ int rc;
+
+ kp = key_fetchinit(dh_pubfetch, kps, &dp);
+ if ((rc = key_unpack(kp, kd, t)) != 0) {
+ e = key_strerror(rc);
+ goto done;
+ }
+ *g = group_prime(&dp.dp);
+ *p = G_CREATE(*g);
+ if (G_FROMINT(*g, *p, dp.y)) {
+ e = "bad public value";
+ goto done;
+ }
+ e = 0;
+done:
+ key_fetchdone(kp);
+ return (e);
+}
+
+static const kgops kgdh_ops = { "tripe-dh", kgdh_priv, kgdh_pub };
+
+/* --- Elliptic curve --- */
+
+static const char *kgec_priv(key_data *kd, group **g, mp **x, dstr *t)
+{
+ key_packstruct kps[EC_PRIVFETCHSZ];
+ key_packdef *kp;
+ ec_priv ep;
+ ec_info ei;
+ const char *e;
+ int rc;
+
+ kp = key_fetchinit(ec_privfetch, kps, &ep);
+ if ((rc = key_unpack(kp, kd, t)) != 0) {
+ e = key_strerror(rc);
+ goto done;
+ }
+ if ((e = ec_getinfo(&ei, ep.cstr)) != 0)
+ goto done;
+ *g = group_ec(&ei);
+ *x = MP_COPY(ep.x);
+ e = 0;
+done:
+ key_fetchdone(kp);
+ return (e);
+}
+
+static const char *kgec_pub(key_data *kd, group **g, ge **p, dstr *t)
+{
+ key_packstruct kps[EC_PUBFETCHSZ];
+ key_packdef *kp;
+ ec_pub ep;
+ ec_info ei;
+ const char *e;
+ int rc;
+
+ kp = key_fetchinit(ec_pubfetch, kps, &ep);
+ if ((rc = key_unpack(kp, kd, t)) != 0) {
+ e = key_strerror(rc);
+ goto done;
+ }
+ if ((e = ec_getinfo(&ei, ep.cstr)) != 0)
+ goto done;
+ *g = group_ec(&ei);
+ *p = G_CREATE(*g);
+ if (G_FROMEC(*g, *p, &ep.p)) {
+ e = "bad public point";
+ goto done;
+ }
+ e = 0;
+done:
+ key_fetchdone(kp);
+ return (e);
+}
+
+static const kgops kgec_ops = { "tripe-ec", kgec_priv, kgec_pub };
+
+/* --- Table of supported key types --- */
+
+static const kgops *kgtab[] = { &kgdh_ops, &kgec_ops, 0 };
+
+/*----- Algswitch stuff ---------------------------------------------------*/
+
+/* --- @algs_get@ --- *
+ *
+ * Arguments: @algswitch *a@ = where to put the algorithms
+ * @key_file *kf@ = key file (for some stupid reason)
+ * @key *k@ = key to inspect
+ *
+ * Returns: Null if OK, or an error message.
+ *
+ * Use: Extracts an algorithm choice from a key.
+ */
+
+static const char *algs_get(algswitch *a, key_file *kf, key *k)
+{
+ const char *p;
+ char *q;
+ dstr d = DSTR_INIT;
+ const char *e;
+
+#define FAIL(msg) do { e = msg; goto done; } while (0)
+
+ if ((p = key_getattr(kf, k, "cipher")) == 0)
+ p = "blowfish-cbc";
+ if ((a->c = gcipher_byname(p)) == 0)
+ FAIL("unknown cipher");
+
+ if ((p = key_getattr(kf, k, "hash")) == 0)
+ p = "rmd160";
+ if ((a->h = ghash_byname(p)) == 0)
+ FAIL("unknown hash function");
+
+ if ((p = key_getattr(kf, k, "mgf")) != 0) {
+ dstr_reset(&d);
+ dstr_putf(&d, "%s-mgf");
+ p = d.buf;
+ }
+ if ((a->mgf = gcipher_byname(p)) == 0)
+ FAIL("unknown MGF cipher");
+
+ if ((p = key_getattr(kf, k, "mac")) != 0) {
+ dstr_reset(&d);
+ dstr_puts(&d, p);
+ if ((q = strchr(d.buf, '/')) != 0)
+ *q++ = 0;
+ if ((a->m = gmac_byname(d.buf)) == 0)
+ FAIL("unknown message authentication code");
+ if (!q)
+ a->tagsz = a->m->hashsz;
+ else {
+ unsigned long n = strtoul(q, &q, 0);
+ if (*q) FAIL("bad tag length string");
+ if (n%8 || n > ~(size_t)0) FAIL("bad tag length");
+ a->tagsz = n/8;
+ }
+ } else {
+ dstr_reset(&d);
+ dstr_putf(&d, "%s-hmac", a->h->name);
+ if ((a->m = gmac_byname(d.buf)) == 0)
+ FAIL("failed to derive HMAC from hash function");
+ a->tagsz = a->h->hashsz/2;
+ }
+
+ e = 0;
+done:
+ dstr_destroy(&d);
+ return (e);
+}
+
+/* --- @algs_check@ --- *
+ *
+ * Arguments: @algswitch *a@ = a choice of algorithms
+ * @const group *g@ = the group we're working in
+ *
+ * Returns: Null if OK, or an error message.
+ *
+ * Use: Checks an algorithm choice for sensibleness. This also
+ * derives some useful information from the choices, and you
+ * must call this before committing the algorithm selection
+ * for use by @keyset@ functions.
+ */
+
+static const char *algs_check(algswitch *a, const group *g)
+{
+ /* --- Derive the key sizes --- *
+ *
+ * Must ensure that we have non-empty keys. This isn't ideal, but it
+ * provides a handy sanity check.
+ */
+
+ a->hashsz = a->h->hashsz;
+ if ((a->cksz = keysz(a->hashsz, a->c->keysz)) == 0)
+ return ("no key size found for cipher");
+ if ((a->mksz = keysz(a->hashsz, a->m->keysz)) == 0)
+ return ("no key size found for MAC");
+
+ /* --- Ensure that the tag size is sane --- */
+
+ if (a->tagsz > a->m->hashsz) return ("tag length too large");
+
+ /* --- Ensure the MGF accepts hashes as keys --- */
+
+ if (keysz(a->hashsz, a->mgf->keysz) != a->hashsz)
+ return ("MGF not suitable -- restrictive key schedule");
+
+ /* --- All ship-shape and Bristol-fashion --- */
+
+ return (0);
+}
+
+/* --- @algs_samep@ --- *
+ *
+ * Arguments: @const algswitch *a, *aa@ = two algorithm selections
+ *
+ * Returns: Nonzero if the two selections are the same.
+ *
+ * Use: Checks sameness of algorithm selections: used to ensure that
+ * peers are using sensible algorithms.
+ */
+
+static int algs_samep(const algswitch *a, const algswitch *aa)
+{
+ return (a->c == aa->c && a->mgf == aa->mgf && a->h == aa->h &&
+ a->m == aa->m && a->tagsz == aa->tagsz);
+}
+