From e8372045818cb278ad2fe05ab64d3a76990cd1ed Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Wed, 25 Aug 2010 17:47:55 +0200
Subject: Added ENCRYPT, UNWRAPPING and VERIFY key flags

---
 examples/ncr.c | 4 ++--
 examples/pk.c  | 2 +-
 ncr-key-wrap.c | 2 +-
 ncr-key.c      | 1 +
 ncr.h          | 7 +++++--
 5 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/examples/ncr.c b/examples/ncr.c
index 5169a14..3a66539 100644
--- a/examples/ncr.c
+++ b/examples/ncr.c
@@ -234,7 +234,7 @@ test_ncr_wrap_key(int cfd)
 	keydata.key_id_size = 2;
 	keydata.type = NCR_KEY_TYPE_SECRET;
 	keydata.algorithm = NCR_ALG_AES_CBC;
-	keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING;
+	keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING|NCR_KEY_FLAG_UNWRAPPING;
 	
 	keydata.key = key;
 	keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
@@ -401,7 +401,7 @@ test_ncr_wrap_key2(int cfd)
 	keydata.key_id_size = 2;
 	keydata.type = NCR_KEY_TYPE_SECRET;
 	keydata.algorithm = NCR_ALG_AES_CBC;
-	keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING;
+	keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING|NCR_KEY_FLAG_UNWRAPPING;
 	
 	keydata.key = key;
 	keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
diff --git a/examples/pk.c b/examples/pk.c
index ea5720c..78b6a10 100644
--- a/examples/pk.c
+++ b/examples/pk.c
@@ -576,7 +576,7 @@ test_ncr_wrap_key3(int cfd)
 	keydata.key_id_size = 2;
 	keydata.type = NCR_KEY_TYPE_SECRET;
 	keydata.algorithm = NCR_ALG_AES_CBC;
-	keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING;
+	keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING|NCR_KEY_FLAG_UNWRAPPING;
 	
 	keydata.key = key;
 	keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
diff --git a/ncr-key-wrap.c b/ncr-key-wrap.c
index 1107083..2f2695d 100644
--- a/ncr-key-wrap.c
+++ b/ncr-key-wrap.c
@@ -624,7 +624,7 @@ int ret;
 		goto fail;
 	}
 
-	if (!(key->flags & NCR_KEY_FLAG_WRAPPING)) {
+	if (!(key->flags & NCR_KEY_FLAG_UNWRAPPING)) {
 		err();
 		ret = -EPERM;
 		goto fail;
diff --git a/ncr-key.c b/ncr-key.c
index 8f74ade..f9fdcf4 100644
--- a/ncr-key.c
+++ b/ncr-key.c
@@ -315,6 +315,7 @@ void ncr_key_assign_flags(struct key_item_st* item, unsigned int flags)
 		item->flags = flags;
 	} else {
 		item->flags = flags & (~(NCR_KEY_FLAG_WRAPPING));
+		item->flags = flags & (~(NCR_KEY_FLAG_UNWRAPPING));
 	}
 }
 
diff --git a/ncr.h b/ncr.h
index c3850e4..701210e 100644
--- a/ncr.h
+++ b/ncr.h
@@ -70,10 +70,13 @@ typedef int ncr_key_t;
  */
 #define NCR_KEY_FLAG_DECRYPT (1<<2)
 #define NCR_KEY_FLAG_SIGN (1<<3)
-/* This flag can only be set by administrator, to prevent
+#define NCR_KEY_FLAG_ENCRYPT (1<<4)
+#define NCR_KEY_FLAG_VERIFY (1<<5)
+/* These flags can only be set by administrator, to prevent
  * adversaries exporting wrappable keys with random ones.
  */
-#define NCR_KEY_FLAG_WRAPPING (1<<4)
+#define NCR_KEY_FLAG_WRAPPING (1<<6)
+#define NCR_KEY_FLAG_UNWRAPPING (1<<7)
 
 struct ncr_key_generate_params_st {
 	ncr_algorithm_t algorithm; /* just a cipher algorithm when
-- 
cgit