5 files changed, 34 insertions, 15 deletions

diff --git a/ncr-key-storage.c b/ncr-key-storage.c
index 69e1c50..90d3f74 100644
--- a/ncr-key-storage.c
+++ b/ncr-key-storage.c
@@ -52,7 +52,7 @@ int key_to_storage_data( uint8_t** sdata, size_t * sdata_size, const struct key_
 
 	pkey->type = key->type;
 	pkey->flags = key->flags;
-	pkey->algorithm = key->algorithm;
+	pkey->algorithm = key->algorithm->algo;
 	pkey->key_id_size = key->key_id_size;
 	memcpy(pkey->key_id, key->key_id, key->key_id_size);
 
@@ -95,7 +95,11 @@ int key_from_storage_data(struct key_item_st* key, const void* data, size_t data
 	key->type = pkey->type;
 	key->flags = pkey->flags;
 
-	key->algorithm = pkey->algorithm;
+	key->algorithm = _ncr_algo_to_properties(pkey->algorithm);
+	if (key->algorithm == NULL) {
+		err();
+		return -EINVAL;
+	}
 	key->key_id_size = pkey->key_id_size;
 	memcpy(key->key_id, pkey->key_id, pkey->key_id_size);
 
diff --git a/ncr-key.c b/ncr-key.c
index 134831e..fcdda09 100644
--- a/ncr-key.c
+++ b/ncr-key.c
@@ -337,7 +337,12 @@ int ret;
 	}
 
 	item->type = data.type;
-	item->algorithm = data.algorithm;
+	item->algorithm = _ncr_algo_to_properties(data.algorithm);
+	if (item->algorithm == NULL) {
+		err();
+		ret = -EINVAL;
+		goto fail;
+	}
 	item->flags = data.flags;
 	/* if data cannot be exported then the flags above
 	 * should be overriden */
@@ -434,7 +439,8 @@ size_t size;
 	item->flags = gen.params.keyflags;
 	item->type = ncr_algorithm_to_key_type(gen.params.algorithm);
 	if (item->type == NCR_KEY_TYPE_SECRET) {
-		item->algorithm = /* arbitrary */ NCR_ALG_AES_CBC;
+		/* arbitrary */
+		item->algorithm = _ncr_algo_to_properties(NCR_ALG_AES_CBC);
 
 		size = gen.params.params.secret.bits/8;
 		if ((gen.params.params.secret.bits % 8 != 0) ||
@@ -485,7 +491,7 @@ int ret;
 
 	info.flags = item->flags;
 	info.type = item->type;
-	info.algorithm = item->algorithm;
+	info.algorithm = item->algorithm->algo;
 
 	_ncr_key_item_put( item);
 
@@ -523,7 +529,12 @@ int ret;
 	private->flags = public->flags = gen.params.keyflags;
 	public->type = ncr_algorithm_to_key_type(gen.params.algorithm);
 	private->type = NCR_KEY_TYPE_PRIVATE;
-	private->algorithm = public->algorithm = gen.params.algorithm;
+	private->algorithm = public->algorithm = _ncr_algo_to_properties(gen.params.algorithm);
+	if (private->algorithm == NULL) {
+		err();
+		ret = -EINVAL;
+		goto fail;
+	}
 	public->flags |= (NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE);
 	
 	if (public->type == NCR_KEY_TYPE_PUBLIC) {
diff --git a/ncr-pk.c b/ncr-pk.c
index b95256d..e911c23 100644
--- a/ncr-pk.c
+++ b/ncr-pk.c
@@ -45,7 +45,9 @@ static int tomerr(int err)
 
 void ncr_pk_clear(struct key_item_st* key)
 {
-	switch(key->algorithm) {
+	if (key->algorithm == NULL)
+		return;
+	switch(key->algorithm->algo) {
 		case NCR_ALG_RSA:
 			rsa_free(&key->key.pk.rsa);
 			break;
@@ -71,7 +73,7 @@ static int ncr_pk_make_public_and_id( struct key_item_st * private, struct key_i
 		return -ENOMEM;
 	}
 
-	switch(private->algorithm) {
+	switch(private->algorithm->algo) {
 		case NCR_ALG_RSA:
 			cret = rsa_export(tmp, &max_size, PK_PUBLIC, &private->key.pk.rsa);
 			if (cret != CRYPT_OK) {
@@ -135,7 +137,7 @@ int ncr_pk_pack( const struct key_item_st * key, uint8_t * packed, uint32_t * pa
 		return -EINVAL;
 	}
 
-	switch(key->algorithm) {
+	switch(key->algorithm->algo) {
 		case NCR_ALG_RSA:
 			cret = rsa_export(packed, &max_size, key->key.pk.rsa.type, (void*)&key->key.pk.rsa);
 			if (cret != CRYPT_OK) {
@@ -170,7 +172,7 @@ int ncr_pk_unpack( struct key_item_st * key, const void * packed, size_t packed_
 		return -EINVAL;
 	}
 
-	switch(key->algorithm) {
+	switch(key->algorithm->algo) {
 		case NCR_ALG_RSA:
 			cret = rsa_import(packed, packed_size, (void*)&key->key.pk.rsa);
 			if (cret != CRYPT_OK) {
@@ -253,7 +255,8 @@ int ncr_pk_generate(ncr_algorithm_t algo,
 int ret;
 struct keygen_st st;
 
-	private->algorithm = public->algorithm = algo;
+	private->algorithm = public->algorithm = _ncr_algo_to_properties(algo);
+	BUG_ON(private->algorithm == NULL);
 
 	st.algo = algo;
 	st.private = private;
@@ -334,7 +337,7 @@ int ret;
 
 	memset(ctx, 0, sizeof(*ctx));
 	
-	if (key->algorithm != algo) {
+	if (key->algorithm->algo != algo) {
 		err();
 		return -EINVAL;
 	}
diff --git a/ncr-sessions.c b/ncr-sessions.c
index 05247b3..e3fe411 100644
--- a/ncr-sessions.c
+++ b/ncr-sessions.c
@@ -163,7 +163,7 @@ static const struct algo_properties_st algo_properties[] = {
 
 };
 
-static const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo)
+const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo)
 {
 	ncr_algorithm_t a;
 	int i = 0;
@@ -367,7 +367,7 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses
 				}
 
 			} else if (ns->key->type == NCR_KEY_TYPE_PRIVATE || ns->key->type == NCR_KEY_TYPE_PUBLIC) {
-				ret = ncr_key_params_get_sign_hash(ns->key->algorithm, &session->params);
+				ret = ncr_key_params_get_sign_hash(ns->key->algorithm->algo, &session->params);
 				if (ret < 0) {
 					err();
 					return ret;
diff --git a/ncr_int.h b/ncr_int.h
index bb83c6c..47eb419 100644
--- a/ncr_int.h
+++ b/ncr_int.h
@@ -68,7 +68,7 @@ struct key_item_st {
 	 */
 	ncr_key_type_t type;
 	unsigned int flags;
-	ncr_algorithm_t algorithm; /* valid for public/private keys */
+	const struct algo_properties_st *algorithm; /* non-NULL for public/private keys */
 	uint8_t key_id[MAX_KEY_ID_SIZE];
 	size_t key_id_size;
 
@@ -203,6 +203,7 @@ inline static unsigned int data_flags_to_key(unsigned int data_flags)
 	return flags;
 }
 
+const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo);
 const char* _ncr_algo_to_str(ncr_algorithm_t algo);
 int _ncr_algo_digest_size(ncr_algorithm_t algo);
 int ncr_key_params_get_sign_hash(ncr_algorithm_t algo, struct ncr_key_params_st * params);