diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-09-05 17:34:36 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-09-05 17:40:18 +0200 |
commit | a33f87422c42e0d44ab080f0305c7ccf430ec4d0 (patch) | |
tree | 32edecd5c82cc54b7be66045e681ee5213a9ac19 | |
parent | 416900e867ce3bc1bd77d576996b618183533293 (diff) | |
download | cryptodev-linux-a33f87422c42e0d44ab080f0305c7ccf430ec4d0.tar.gz cryptodev-linux-a33f87422c42e0d44ab080f0305c7ccf430ec4d0.tar.xz cryptodev-linux-a33f87422c42e0d44ab080f0305c7ccf430ec4d0.zip |
Added flag: NCR_KEY_FLAG_ALLOW_TRANSPARENT_HASH
-rw-r--r-- | examples/pk.c | 4 | ||||
-rw-r--r-- | ncr-int.h | 2 | ||||
-rw-r--r-- | ncr-sessions.c | 22 | ||||
-rw-r--r-- | ncr.h | 1 |
4 files changed, 20 insertions, 9 deletions
diff --git a/examples/pk.c b/examples/pk.c index f307c6c..c27ab25 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -1440,7 +1440,7 @@ static int test_ncr_rsa(int cfd) strcpy(kgen.algo, ALG_RSA); kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; - kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; + kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE|NCR_KEY_FLAG_ALLOW_TRANSPARENT_HASH; kgen.bits_head.nla_len = NLA_HDRLEN + sizeof(kgen.bits); kgen.bits_head.nla_type = NCR_ATTR_RSA_MODULUS_BITS; kgen.bits = 1024; @@ -1580,7 +1580,7 @@ static int test_ncr_dsa(int cfd) strcpy(kgen.algo, ALG_DSA); kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags); kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; - kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; + kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE|NCR_KEY_FLAG_ALLOW_TRANSPARENT_HASH; kgen.q_bits_head.nla_len = NLA_HDRLEN + sizeof(kgen.q_bits); kgen.q_bits_head.nla_type = NCR_ATTR_DSA_Q_BITS; kgen.q_bits = 160; @@ -21,7 +21,7 @@ struct ncr_out; // Not all known algorithms - only for quick internal identification. Note // that more than one struct algo_properties_st may share the same enum value! enum ncr_algorithm { - NCR_ALG_NONE__, + NCR_ALG_NONE, NCR_ALG_NULL, NCR_ALG_3DES_CBC, diff --git a/ncr-sessions.c b/ncr-sessions.c index 46266f2..bf7c5fa 100644 --- a/ncr-sessions.c +++ b/ncr-sessions.c @@ -365,18 +365,20 @@ static const struct algo_properties_st algo_properties[] = { { .algo = NCR_ALG_RSA, KSTR("rsa"), .is_pk = 1, .can_encrypt=1, .can_sign=1, .key_type = NCR_KEY_TYPE_PUBLIC, .oids = rsa_oid }, - { .algo = NCR_ALG_RSA, KSTR(NCR_ALG_RSA_TRANSPARENT_HASH), .is_pk = 1, - .can_encrypt=1, .can_sign=1, .has_transparent_hash = 1, - .key_type = NCR_KEY_TYPE_PUBLIC, /* FIXME: no OIDs */ }, { .algo = NCR_ALG_DSA, KSTR("dsa"), .is_pk = 1, .can_sign=1, .key_type = NCR_KEY_TYPE_PUBLIC, .oids = dsa_oid }, - { .algo = NCR_ALG_DSA, KSTR(NCR_ALG_DSA_TRANSPARENT_HASH), .is_pk = 1, - .can_sign=1, .has_transparent_hash = 1, - .key_type = NCR_KEY_TYPE_PUBLIC, /* FIXME: no OIDs */ }, { .algo = NCR_ALG_DH, KSTR("dh"), .is_pk = 1, .can_kx=1, .key_type = NCR_KEY_TYPE_PUBLIC, .oids = dh_oid }, + + { .algo = NCR_ALG_DSA, KSTR(NCR_ALG_DSA_TRANSPARENT_HASH), .is_pk = 1, + .can_sign=1, .has_transparent_hash = 1, + .key_type = NCR_KEY_TYPE_PUBLIC, .oids = rsa_oid }, + { .algo = NCR_ALG_RSA, KSTR(NCR_ALG_RSA_TRANSPARENT_HASH), .is_pk = 1, + .can_encrypt=1, .can_sign=1, .has_transparent_hash = 1, + .key_type = NCR_KEY_TYPE_PUBLIC, .oids = dsa_oid }, + #undef KSTR }; @@ -726,6 +728,14 @@ static struct session_item_st *_ncr_session_init(struct ncr_lists *lists, } if (ns->algorithm->has_transparent_hash) { + /* transparent hash has to be allowed by the key + */ + if (!(ns->key->flags & NCR_KEY_FLAG_ALLOW_TRANSPARENT_HASH)) { + err(); + ret = -EPERM; + goto fail; + } + ns->transparent_hash = kzalloc(ns->hash.digestsize, GFP_KERNEL); if (ns->transparent_hash == NULL) { err(); @@ -107,6 +107,7 @@ typedef __s32 ncr_key_t; #define NCR_KEY_FLAG_WRAPPING (1<<6) #define NCR_KEY_FLAG_UNWRAPPING (1<<7) #define NCR_KEY_FLAG_HASHABLE (1<<8) +#define NCR_KEY_FLAG_ALLOW_TRANSPARENT_HASH (1<<9) struct ncr_key_generate { __u32 input_size, output_size; |