From 68c4e5ec42e1151591aee19ba36a4dbe22715a91 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 25 Aug 2010 17:45:44 +0200 Subject: The RFC5649 wrapping algorithm now includes a DER encoding of the data to distinguish between keys of different types. This prevents keys being unwrapped in a wrong type. --- examples/pk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'examples') diff --git a/examples/pk.c b/examples/pk.c index 032ae98..ea5720c 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -646,7 +646,7 @@ test_ncr_wrap_key3(int cfd) /* try unwrapping */ memset(&kwrap, 0, sizeof(kwrap)); kwrap.algorithm = NCR_WALG_AES_RFC5649; - kwrap.wrapped_key_algorithm = NCR_ALG_RSA; + kwrap.wrapped_key_flags = 0; kwrap.keytowrap = privkey; kwrap.key = key; kwrap.io = data; -- cgit From e8372045818cb278ad2fe05ab64d3a76990cd1ed Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 25 Aug 2010 17:47:55 +0200 Subject: Added ENCRYPT, UNWRAPPING and VERIFY key flags --- examples/ncr.c | 4 ++-- examples/pk.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'examples') diff --git a/examples/ncr.c b/examples/ncr.c index 5169a14..3a66539 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -234,7 +234,7 @@ test_ncr_wrap_key(int cfd) keydata.key_id_size = 2; keydata.type = NCR_KEY_TYPE_SECRET; keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; + keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING|NCR_KEY_FLAG_UNWRAPPING; keydata.key = key; keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; @@ -401,7 +401,7 @@ test_ncr_wrap_key2(int cfd) keydata.key_id_size = 2; keydata.type = NCR_KEY_TYPE_SECRET; keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; + keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING|NCR_KEY_FLAG_UNWRAPPING; keydata.key = key; keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; diff --git a/examples/pk.c b/examples/pk.c index ea5720c..78b6a10 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -576,7 +576,7 @@ test_ncr_wrap_key3(int cfd) keydata.key_id_size = 2; keydata.type = NCR_KEY_TYPE_SECRET; keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; + keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING|NCR_KEY_FLAG_UNWRAPPING; keydata.key = key; keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; -- cgit