From 2b757183a2e0255ee00f9cafca4f1ba57a8e894a Mon Sep 17 00:00:00 2001
From: "Fabio M. Di Nitto" <fdinitto@redhat.com>
Date: Fri, 12 Oct 2012 19:49:02 +0200
Subject: [PATCH] libknet: move crypto to fully modular system

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
---
 libknet/crypto.c    | 42 +++++++++++++++++++++++++++++++++++-------
 libknet/crypto.h    | 10 +++++++++-
 libknet/nsscrypto.c | 10 ++++++++--
 libknet/nsscrypto.h |  4 ++--
 4 files changed, 54 insertions(+), 12 deletions(-)

diff --git a/libknet/crypto.c b/libknet/crypto.c
index bad8e4da3..5ca68ccc4 100644
--- a/libknet/crypto.c
+++ b/libknet/crypto.c
@@ -1,17 +1,40 @@
 #include "config.h"
 
 #include <stdlib.h>
+#include <string.h>
 
 #include "crypto.h"
 #include "nsscrypto.h"
-#include "libknet-private.h"
+#include "libknet.h"
 
 #ifdef CRYPTO_DEBUG
+#include <stdio.h>
 #define log_printf(format, args...) fprintf(stderr, format "\n", ##args);
 #else
 #define log_printf(format, args...);
 #endif
 
+/*
+ * internal module switch data
+ */
+
+crypto_model_t modules_cmds[] = {
+	{ "nss", nsscrypto_init, nsscrypto_fini, nsscrypto_encrypt_and_sign, nsscrypto_authenticate_and_decrypt },
+	{ NULL, NULL, NULL, NULL, NULL },
+};
+
+static int get_model(const char *model)
+{
+	int idx = 0;
+
+	while (modules_cmds[idx].model_name != NULL) {
+		if (!strcmp(modules_cmds[idx].model_name, model))
+			return idx;
+		idx++;
+	}
+	return -1;
+}
+
 /*
  * exported API
  */
@@ -23,7 +46,7 @@ int crypto_encrypt_and_sign (
 	unsigned char *buf_out,
 	ssize_t *buf_out_len)
 {
-	return nsscrypto_encrypt_and_sign(instance->model_instance,
+	return modules_cmds[instance->model].crypt(instance->model_instance,
 					  buf_in, buf_in_len, buf_out, buf_out_len);
 }
 
@@ -31,7 +54,7 @@ int crypto_authenticate_and_decrypt (struct crypto_instance *instance,
 	unsigned char *buf,
 	ssize_t *buf_len)
 {
-	return nsscrypto_authenticate_and_decrypt(instance->model_instance, buf, buf_len);
+	return modules_cmds[instance->model].decrypt(instance->model_instance, buf, buf_len);
 }
 
 int crypto_init(
@@ -50,20 +73,25 @@ int crypto_init(
 		return -1;
 	}
 
-	/* do the model switch here */
-	if (nsscrypto_init(knet_h, knet_handle_crypto_cfg)) {
+	knet_h->crypto_instance->model = get_model(knet_handle_crypto_cfg->crypto_model);
+	if (knet_h->crypto_instance->model < 0) {
+		log_printf("model %s not supported", knet_handle_crypto_cfg->crypto_model);
+		return -1;
+	}
+
+	if (modules_cmds[knet_h->crypto_instance->model].init(knet_h, knet_handle_crypto_cfg)) {
 		free(knet_h->crypto_instance);
 		return -1;
 	}
 
-	return nsscrypto_init(knet_h, knet_handle_crypto_cfg);
+	return 0;
 }
 
 void crypto_fini(
 	knet_handle_t knet_h)
 {
 	if (knet_h->crypto_instance) {
-		nsscrypto_fini(knet_h);
+		modules_cmds[knet_h->crypto_instance->model].fini(knet_h);
 		free(knet_h->crypto_instance);
 		knet_h->crypto_instance = NULL;
 	}
diff --git a/libknet/crypto.h b/libknet/crypto.h
index 011a72d14..4a82f1c60 100644
--- a/libknet/crypto.h
+++ b/libknet/crypto.h
@@ -2,13 +2,21 @@
 #define CRYPTO_H_DEFINED
 
 #include <sys/types.h>
-#include "libknet.h"
+#include "libknet-private.h"
 
 struct crypto_instance {
 	int	model;
 	void	*model_instance;
 };
 
+typedef struct {
+	const char	*model_name;
+	int (*init)	(knet_handle_t knet_h, struct knet_handle_crypto_cfg *knet_handle_crypto_cfg);
+	void (*fini)	(knet_handle_t knet_h);
+	int (*crypt)	(void *model_instance, const unsigned char *buf_in, const ssize_t buf_in_len, unsigned char *buf_out, ssize_t *buf_out_len);
+	int (*decrypt)	(void *model_instance, unsigned char *buf, ssize_t *buf_len);
+} crypto_model_t;
+
 int crypto_authenticate_and_decrypt (
 	struct crypto_instance *instance,
 	unsigned char *buf,
diff --git a/libknet/nsscrypto.c b/libknet/nsscrypto.c
index 917147e33..cb51eb676 100644
--- a/libknet/nsscrypto.c
+++ b/libknet/nsscrypto.c
@@ -12,6 +12,7 @@
 #include "libknet-private.h"
 
 #ifdef CRYPTO_DEBUG
+#include <stdio.h>
 #define log_printf(format, args...) fprintf(stderr, format "\n", ##args);
 #else
 #define log_printf(format, args...);
@@ -455,12 +456,14 @@ static int init_nss(struct nsscrypto_instance *instance)
  */
 
 int nsscrypto_encrypt_and_sign (
-	struct nsscrypto_instance *instance,
+	void *model_instance,
 	const unsigned char *buf_in,
 	const ssize_t buf_in_len,
 	unsigned char *buf_out,
 	ssize_t *buf_out_len)
 {
+	struct nsscrypto_instance *instance = model_instance;
+
 	if (cipher_to_nss[instance->crypto_cipher_type]) {
 		if (encrypt_nss(instance, buf_in, buf_in_len, buf_out, buf_out_len) < 0) {
 			return -1;
@@ -480,10 +483,13 @@ int nsscrypto_encrypt_and_sign (
 	return 0;
 }
 
-int nsscrypto_authenticate_and_decrypt (struct nsscrypto_instance *instance,
+int nsscrypto_authenticate_and_decrypt (
+	void *model_instance,
 	unsigned char *buf,
 	ssize_t *buf_len)
 {
+	struct nsscrypto_instance *instance = model_instance;
+
 	if (hash_to_nss[instance->crypto_hash_type]) {
 		unsigned char	tmp_hash[hash_len[instance->crypto_hash_type]];
 
diff --git a/libknet/nsscrypto.h b/libknet/nsscrypto.h
index 38c25ec99..0c815eabe 100644
--- a/libknet/nsscrypto.h
+++ b/libknet/nsscrypto.h
@@ -7,12 +7,12 @@
 struct nsscrypto_instance;
 
 int nsscrypto_authenticate_and_decrypt (
-	struct nsscrypto_instance *instance,
+	void *model_instance,
 	unsigned char *buf,
 	ssize_t *buf_len);
 
 int nsscrypto_encrypt_and_sign (
-	struct nsscrypto_instance *instance,
+	void *model_instance,
 	const unsigned char *buf_in,
 	const ssize_t buf_in_len,
 	unsigned char *buf_out,