From 4834f6feca73429b093c98cdfa376f6d4c24a18d Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 5 Sep 2010 11:41:58 +0200 Subject: Added flag NCR_KEY_FLAG_HASHABLE and enforced it when reading a key for hashing. --- examples/ncr.c | 2 +- ncr-sessions.c | 6 ++++++ ncr.h | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/examples/ncr.c b/examples/ncr.c index 9691fea..468ffc0 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -1507,7 +1507,7 @@ test_ncr_hash_key(int cfd) kimport.type = NCR_KEY_TYPE_SECRET; kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; - kimport.flags = NCR_KEY_FLAG_EXPORTABLE; + kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_HASHABLE; kimport.algo_head.nla_len = NLA_HDRLEN + algo_size; kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; memcpy(kimport.algo, hash_vectors[0].algorithm, algo_size); diff --git a/ncr-sessions.c b/ncr-sessions.c index a7504b3..46266f2 100644 --- a/ncr-sessions.c +++ b/ncr-sessions.c @@ -1301,6 +1301,12 @@ static int _ncr_session_update_key(struct ncr_lists *lists, ret = -EINVAL; goto fail; } + + if (!(key->flags & NCR_KEY_FLAG_HASHABLE)) { + err(); + ret = -EPERM; + goto fail; + } switch(sess->op) { case NCR_OP_ENCRYPT: diff --git a/ncr.h b/ncr.h index ce84f7a..734382b 100644 --- a/ncr.h +++ b/ncr.h @@ -106,6 +106,7 @@ typedef __s32 ncr_key_t; */ #define NCR_KEY_FLAG_WRAPPING (1<<6) #define NCR_KEY_FLAG_UNWRAPPING (1<<7) +#define NCR_KEY_FLAG_HASHABLE (1<<8) struct ncr_key_generate { __u32 input_size, output_size; -- cgit