From f4ed2abdca06dc8125d634c9a57453134bf1d272 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Wed, 13 May 2020 13:45:03 +0200 Subject: [PATCH] keys: provide key type and length Save the type and length of each key and add a function to get this information. --- keys.c | 35 ++++++++++++++++++++++++++--------- keys.h | 1 + test/unit/keys.c | 6 +++++- 3 files changed, 32 insertions(+), 10 deletions(-) diff --git a/keys.c b/keys.c index f74626e..2600c8f 100644 --- a/keys.c +++ b/keys.c @@ -50,11 +50,12 @@ typedef enum { typedef struct { uint32_t id; + int type; + int length; KeyClass class; union { struct { unsigned char *value; - int length; int hash_id; } ntp_mac; CMC_Instance cmac; @@ -250,9 +251,10 @@ KEY_Reload(void) continue; } key.class = NTP_MAC; + key.type = hash_algorithm; + key.length = key_length; key.data.ntp_mac.value = MallocArray(unsigned char, key_length); memcpy(key.data.ntp_mac.value, key_value, key_length); - key.data.ntp_mac.length = key_length; key.data.ntp_mac.hash_id = hash_id; } else if (cmac_algorithm != 0) { cmac_key_length = CMC_GetKeyLength(cmac_algorithm); @@ -266,6 +268,8 @@ KEY_Reload(void) } key.class = CMAC; + key.type = cmac_algorithm; + key.length = key_length; key.data.cmac = CMC_CreateInstance(cmac_algorithm, (unsigned char *)key_value, key_length); assert(key.data.cmac); @@ -399,12 +403,25 @@ KEY_CheckKeyLength(uint32_t key_id) if (!key) return 0; - switch (key->class) { - case NTP_MAC: - return key->data.ntp_mac.length >= MIN_SECURE_KEY_LENGTH; - default: - return 1; - } + return key->length >= MIN_SECURE_KEY_LENGTH; +} + +/* ================================================== */ + +int +KEY_GetKeyInfo(uint32_t key_id, int *type, int *bits) +{ + Key *key; + + key = get_key_by_id(key_id); + + if (!key) + return 0; + + *type = key->type; + *bits = 8 * key->length; + + return 1; } /* ================================================== */ @@ -416,7 +433,7 @@ generate_auth(Key *key, const unsigned char *data, int data_len, switch (key->class) { case NTP_MAC: return HSH_Hash(key->data.ntp_mac.hash_id, key->data.ntp_mac.value, - key->data.ntp_mac.length, data, data_len, auth, auth_len); + key->length, data, data_len, auth, auth_len); case CMAC: return CMC_Hash(key->data.cmac, data, data_len, auth, auth_len); default: diff --git a/keys.h b/keys.h index 39e4ec8..99a8fdd 100644 --- a/keys.h +++ b/keys.h @@ -38,6 +38,7 @@ extern int KEY_KeyKnown(uint32_t key_id); extern int KEY_GetAuthDelay(uint32_t key_id); extern int KEY_GetAuthLength(uint32_t key_id); extern int KEY_CheckKeyLength(uint32_t key_id); +extern int KEY_GetKeyInfo(uint32_t key_id, int *type, int *bits); extern int KEY_GenerateAuth(uint32_t key_id, const unsigned char *data, int data_len, unsigned char *auth, int auth_len); diff --git a/test/unit/keys.c b/test/unit/keys.c index 9c69b4a..0f67479 100644 --- a/test/unit/keys.c +++ b/test/unit/keys.c @@ -99,7 +99,7 @@ generate_key_file(const char *name, uint32_t *keys) void test_unit(void) { - int i, j, data_len, auth_len; + int i, j, data_len, auth_len, type, bits; uint32_t keys[KEYS], key; unsigned char data[100], auth[MAX_HASH_LENGTH]; char conf[][100] = { @@ -144,12 +144,16 @@ test_unit(void) auth[auth_len - 1]++; TEST_CHECK(!KEY_CheckAuth(keys[j], data, data_len, auth, auth_len, auth_len)); + + TEST_CHECK(KEY_GetKeyInfo(keys[j], &type, &bits)); + TEST_CHECK(type > 0 && bits > 0); } for (j = 0; j < 1000; j++) { UTI_GetRandomBytes(&key, sizeof (key)); if (KEY_KeyKnown(key)) continue; + TEST_CHECK(!KEY_GetKeyInfo(key, &type, &bits)); TEST_CHECK(!KEY_GenerateAuth(key, data, data_len, auth, sizeof (auth))); TEST_CHECK(!KEY_CheckAuth(key, data, data_len, auth, auth_len, auth_len)); }