From: "Fabio M. Di Nitto"<fdinitto@xxxxxxxxxx>
add support for sha224/256/384/512
change config defaults to match coroparse and totemconfig
Signed-off-by: Fabio M. Di Nitto<fdinitto@xxxxxxxxxx>
---
exec/coroparse.c | 6 +++++-
exec/totemconfig.c | 12 ++++++++++++
exec/totemcrypto.c | 39 ++++++++++++++++++++++++++++++++-------
3 files changed, 49 insertions(+), 8 deletions(-)
diff --git a/exec/coroparse.c b/exec/coroparse.c
index 366cf3e..b602872 100644
--- a/exec/coroparse.c
+++ b/exec/coroparse.c
@@ -480,7 +480,11 @@ static int main_config_parser_cb(const char *path,
}
if (strcmp(path, "totem.crypto_hash") == 0) {
if ((strcmp(value, "none") != 0)&&
- (strcmp(value, "sha1") != 0)) {
+ (strcmp(value, "sha1") != 0)&&
+ (strcmp(value, "sha224") != 0)&&
+ (strcmp(value, "sha256") != 0)&&
+ (strcmp(value, "sha384") != 0)&&
+ (strcmp(value, "sha512") != 0)) {
*error_string = "Invalid hash type";
return (0);
diff --git a/exec/totemconfig.c b/exec/totemconfig.c
index 1138963..008b891 100644
--- a/exec/totemconfig.c
+++ b/exec/totemconfig.c
@@ -155,6 +155,18 @@ static void totem_get_crypto(struct totem_config *totem_config)
if (strcmp(str, "sha1") == 0) {
tmp_hash = "sha1";
}
+ if (strcmp(str, "sha224") == 0) {
+ tmp_hash = "sha224";
+ }
+ if (strcmp(str, "sha256") == 0) {
+ tmp_hash = "sha256";
+ }
+ if (strcmp(str, "sha384") == 0) {
+ tmp_hash = "sha384";
+ }
+ if (strcmp(str, "sha512") == 0) {
+ tmp_hash = "sha512";
+ }
free(str);
}
diff --git a/exec/totemcrypto.c b/exec/totemcrypto.c
index ff993c4..0f910db 100644
--- a/exec/totemcrypto.c
+++ b/exec/totemcrypto.c
@@ -76,6 +76,7 @@
#include<pkcs11.h>
#include<prerror.h>
#include<blapit.h>
+#include<hasht.h>
#define SALT_SIZE 16
@@ -105,23 +106,39 @@ size_t cypher_block_len[] = {
};
enum crypto_hash_t {
- CRYPTO_HASH_TYPE_NONE = 0,
- CRYPTO_HASH_TYPE_SHA1 = 1
+ CRYPTO_HASH_TYPE_NONE = 0,
+ CRYPTO_HASH_TYPE_SHA1 = 1,
+ CRYPTO_HASH_TYPE_SHA224 = 2,
+ CRYPTO_HASH_TYPE_SHA256 = 3,
+ CRYPTO_HASH_TYPE_SHA384 = 4,
+ CRYPTO_HASH_TYPE_SHA512 = 5
};
CK_MECHANISM_TYPE hash_to_nss[] = {
0, /* CRYPTO_HASH_TYPE_NONE */
- CKM_SHA_1_HMAC /* CRYPTO_HASH_TYPE_SHA1 */
+ CKM_SHA_1_HMAC, /* CRYPTO_HASH_TYPE_SHA1 */
+ CKM_SHA224_HMAC, /* CRYPTO_HASH_TYPE_SHA224 */
+ CKM_SHA256_HMAC, /* CRYPTO_HASH_TYPE_SHA256 */
+ CKM_SHA384_HMAC, /* CRYPTO_HASH_TYPE_SHA384 */
+ CKM_SHA512_HMAC /* CRYPTO_HASH_TYPE_SHA512 */
};
size_t hash_len[] = {
0, /* CRYPTO_HASH_TYPE_NONE */
- SHA1_LENGTH /* CRYPTO_HASH_TYPE_SHA1 */
+ SHA1_LENGTH, /* CRYPTO_HASH_TYPE_SHA1 */
+ SHA224_LENGTH, /* CRYPTO_HASH_TYPE_SHA224 */
+ SHA256_LENGTH, /* CRYPTO_HASH_TYPE_SHA256 */
+ SHA384_LENGTH, /* CRYPTO_HASH_TYPE_SHA384 */
+ SHA512_LENGTH /* CRYPTO_HASH_TYPE_SHA512 */
};
size_t hash_block_len[] = {
0, /* CRYPTO_HASH_TYPE_NONE */
- SHA1_BLOCK_LENGTH /* CRYPTO_HASH_TYPE_SHA1 */
+ SHA1_BLOCK_LENGTH, /* CRYPTO_HASH_TYPE_SHA1 */
+ SHA224_BLOCK_LENGTH, /* CRYPTO_HASH_TYPE_SHA224 */
+ SHA256_BLOCK_LENGTH, /* CRYPTO_HASH_TYPE_SHA256 */
+ SHA384_BLOCK_LENGTH, /* CRYPTO_HASH_TYPE_SHA384 */
+ SHA512_BLOCK_LENGTH /* CRYPTO_HASH_TYPE_SHA512 */
};
struct crypto_instance {
@@ -560,7 +577,7 @@ static int string_to_crypto_cipher_type(const char* crypto_cipher_type)
} else if (strcmp(crypto_cipher_type, "aes256") == 0) {
return CRYPTO_CIPHER_TYPE_AES256;
}
- return CRYPTO_CIPHER_TYPE_NONE;
+ return CRYPTO_CIPHER_TYPE_AES256;
}
static int string_to_crypto_hash_type(const char* crypto_hash_type)
@@ -569,9 +586,17 @@ static int string_to_crypto_hash_type(const char* crypto_hash_type)
return CRYPTO_HASH_TYPE_NONE;
} else if (strcmp(crypto_hash_type, "sha1") == 0) {
return CRYPTO_HASH_TYPE_SHA1;
+ } else if (strcmp(crypto_hash_type, "sha224") == 0) {
+ return CRYPTO_HASH_TYPE_SHA224;
+ } else if (strcmp(crypto_hash_type, "sha256") == 0) {
+ return CRYPTO_HASH_TYPE_SHA256;
+ } else if (strcmp(crypto_hash_type, "sha384") == 0) {
+ return CRYPTO_HASH_TYPE_SHA384;
+ } else if (strcmp(crypto_hash_type, "sha512") == 0) {
+ return CRYPTO_HASH_TYPE_SHA512;
}
- return CRYPTO_HASH_TYPE_NONE;
+ return CRYPTO_HASH_TYPE_SHA1;
}
size_t crypto_sec_header_size(
