crypto: add new hashing methods and fix config defaults

add support for sha224/256/384/512

change config defaults to match coroparse and totemconfig

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
Reviewed-by: Jan Friesse <jfriesse@redhat.com>

exec/coroparse.c

@@ -480,7 +480,11 @@ static int main_config_parser_cb(const char *path,
 			}
 			if (strcmp(path, "totem.crypto_hash") == 0) {
 				if ((strcmp(value, "none") != 0) &&
-				    (strcmp(value, "sha1") != 0)) {
+				    (strcmp(value, "sha1") != 0) &&
+				    (strcmp(value, "sha224") != 0) &&
+				    (strcmp(value, "sha256") != 0) &&
+				    (strcmp(value, "sha384") != 0) &&
+				    (strcmp(value, "sha512") != 0)) {
 					*error_string = "Invalid hash type";
 
 					return (0);

exec/totemconfig.c

@@ -155,6 +155,18 @@ static void totem_get_crypto(struct totem_config *totem_config)
 		if (strcmp(str, "sha1") == 0) {
 			tmp_hash = "sha1";
 		}
+		if (strcmp(str, "sha224") == 0) {
+			tmp_hash = "sha224";
+		}
+		if (strcmp(str, "sha256") == 0) {
+			tmp_hash = "sha256";
+		}
+		if (strcmp(str, "sha384") == 0) {
+			tmp_hash = "sha384";
+		}
+		if (strcmp(str, "sha512") == 0) {
+			tmp_hash = "sha512";
+		}
 		free(str);
 	}
 

exec/totemcrypto.c

@@ -76,6 +76,7 @@
 #include <pkcs11.h>
 #include <prerror.h>
 #include <blapit.h>
+#include <hasht.h>
 
 #define SALT_SIZE 16
 
@@ -105,23 +106,39 @@ size_t cypher_block_len[] = {
 };
 
 enum crypto_hash_t {
-	CRYPTO_HASH_TYPE_NONE = 0,
-	CRYPTO_HASH_TYPE_SHA1 = 1
+	CRYPTO_HASH_TYPE_NONE	= 0,
+	CRYPTO_HASH_TYPE_SHA1	= 1,
+	CRYPTO_HASH_TYPE_SHA224	= 2,
+	CRYPTO_HASH_TYPE_SHA256	= 3,
+	CRYPTO_HASH_TYPE_SHA384	= 4,
+	CRYPTO_HASH_TYPE_SHA512	= 5
 };
 
 CK_MECHANISM_TYPE hash_to_nss[] = {
 	 0,				/* CRYPTO_HASH_TYPE_NONE */
-	CKM_SHA_1_HMAC			/* CRYPTO_HASH_TYPE_SHA1 */
+	CKM_SHA_1_HMAC,			/* CRYPTO_HASH_TYPE_SHA1 */
+	CKM_SHA224_HMAC,		/* CRYPTO_HASH_TYPE_SHA224 */
+	CKM_SHA256_HMAC,		/* CRYPTO_HASH_TYPE_SHA256 */
+	CKM_SHA384_HMAC,		/* CRYPTO_HASH_TYPE_SHA384 */
+	CKM_SHA512_HMAC			/* CRYPTO_HASH_TYPE_SHA512 */
 };
 
 size_t hash_len[] = {
 	 0,				/* CRYPTO_HASH_TYPE_NONE */
-	SHA1_LENGTH			/* CRYPTO_HASH_TYPE_SHA1 */
+	SHA1_LENGTH,			/* CRYPTO_HASH_TYPE_SHA1 */
+	SHA224_LENGTH,			/* CRYPTO_HASH_TYPE_SHA224 */
+	SHA256_LENGTH,			/* CRYPTO_HASH_TYPE_SHA256 */
+	SHA384_LENGTH,			/* CRYPTO_HASH_TYPE_SHA384 */
+	SHA512_LENGTH			/* CRYPTO_HASH_TYPE_SHA512 */
 };
 
 size_t hash_block_len[] = {
 	 0,				/* CRYPTO_HASH_TYPE_NONE */
-	SHA1_BLOCK_LENGTH		/* CRYPTO_HASH_TYPE_SHA1 */
+	SHA1_BLOCK_LENGTH,		/* CRYPTO_HASH_TYPE_SHA1 */
+	SHA224_BLOCK_LENGTH,		/* CRYPTO_HASH_TYPE_SHA224 */
+	SHA256_BLOCK_LENGTH,		/* CRYPTO_HASH_TYPE_SHA256 */
+	SHA384_BLOCK_LENGTH,		/* CRYPTO_HASH_TYPE_SHA384 */
+	SHA512_BLOCK_LENGTH		/* CRYPTO_HASH_TYPE_SHA512 */
 };
 
 struct crypto_instance {
@@ -560,7 +577,7 @@ static int string_to_crypto_cipher_type(const char* crypto_cipher_type)
 	} else if (strcmp(crypto_cipher_type, "aes256") == 0) {
 		return CRYPTO_CIPHER_TYPE_AES256;
 	}
-	return CRYPTO_CIPHER_TYPE_NONE;
+	return CRYPTO_CIPHER_TYPE_AES256;
 }
 
 static int string_to_crypto_hash_type(const char* crypto_hash_type)
@@ -569,9 +586,17 @@ static int string_to_crypto_hash_type(const char* crypto_hash_type)
 		return CRYPTO_HASH_TYPE_NONE;
 	} else if (strcmp(crypto_hash_type, "sha1") == 0) {
 		return CRYPTO_HASH_TYPE_SHA1;
+	} else if (strcmp(crypto_hash_type, "sha224") == 0) {
+		return CRYPTO_HASH_TYPE_SHA224;
+	} else if (strcmp(crypto_hash_type, "sha256") == 0) {
+		return CRYPTO_HASH_TYPE_SHA256;
+	} else if (strcmp(crypto_hash_type, "sha384") == 0) {
+		return CRYPTO_HASH_TYPE_SHA384;
+	} else if (strcmp(crypto_hash_type, "sha512") == 0) {
+		return CRYPTO_HASH_TYPE_SHA512;
 	}
 
-	return CRYPTO_HASH_TYPE_NONE;
+	return CRYPTO_HASH_TYPE_SHA1;
 }
 
 size_t crypto_sec_header_size(