diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-08-25 17:47:55 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-08-25 17:52:40 +0200 |
commit | e8372045818cb278ad2fe05ab64d3a76990cd1ed (patch) | |
tree | 4bb6a3dd05728ee9622b1eabecb7ba8c6beff15f | |
parent | 68c4e5ec42e1151591aee19ba36a4dbe22715a91 (diff) | |
download | kernel-crypto-e8372045818cb278ad2fe05ab64d3a76990cd1ed.tar.gz kernel-crypto-e8372045818cb278ad2fe05ab64d3a76990cd1ed.tar.xz kernel-crypto-e8372045818cb278ad2fe05ab64d3a76990cd1ed.zip |
Added ENCRYPT, UNWRAPPING and VERIFY key flags
-rw-r--r-- | examples/ncr.c | 4 | ||||
-rw-r--r-- | examples/pk.c | 2 | ||||
-rw-r--r-- | ncr-key-wrap.c | 2 | ||||
-rw-r--r-- | ncr-key.c | 1 | ||||
-rw-r--r-- | ncr.h | 7 |
5 files changed, 10 insertions, 6 deletions
diff --git a/examples/ncr.c b/examples/ncr.c index 5169a149e31..3a665392c53 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -234,7 +234,7 @@ test_ncr_wrap_key(int cfd) keydata.key_id_size = 2; keydata.type = NCR_KEY_TYPE_SECRET; keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; + keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING|NCR_KEY_FLAG_UNWRAPPING; keydata.key = key; keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; @@ -401,7 +401,7 @@ test_ncr_wrap_key2(int cfd) keydata.key_id_size = 2; keydata.type = NCR_KEY_TYPE_SECRET; keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; + keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING|NCR_KEY_FLAG_UNWRAPPING; keydata.key = key; keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; diff --git a/examples/pk.c b/examples/pk.c index ea5720c59ee..78b6a10b34f 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -576,7 +576,7 @@ test_ncr_wrap_key3(int cfd) keydata.key_id_size = 2; keydata.type = NCR_KEY_TYPE_SECRET; keydata.algorithm = NCR_ALG_AES_CBC; - keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING; + keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING|NCR_KEY_FLAG_UNWRAPPING; keydata.key = key; keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; diff --git a/ncr-key-wrap.c b/ncr-key-wrap.c index 1107083eefc..2f2695de6d7 100644 --- a/ncr-key-wrap.c +++ b/ncr-key-wrap.c @@ -624,7 +624,7 @@ int ret; goto fail; } - if (!(key->flags & NCR_KEY_FLAG_WRAPPING)) { + if (!(key->flags & NCR_KEY_FLAG_UNWRAPPING)) { err(); ret = -EPERM; goto fail; diff --git a/ncr-key.c b/ncr-key.c index 8f74ade80e3..f9fdcf4d5b5 100644 --- a/ncr-key.c +++ b/ncr-key.c @@ -315,6 +315,7 @@ void ncr_key_assign_flags(struct key_item_st* item, unsigned int flags) item->flags = flags; } else { item->flags = flags & (~(NCR_KEY_FLAG_WRAPPING)); + item->flags = flags & (~(NCR_KEY_FLAG_UNWRAPPING)); } } @@ -70,10 +70,13 @@ typedef int ncr_key_t; */ #define NCR_KEY_FLAG_DECRYPT (1<<2) #define NCR_KEY_FLAG_SIGN (1<<3) -/* This flag can only be set by administrator, to prevent +#define NCR_KEY_FLAG_ENCRYPT (1<<4) +#define NCR_KEY_FLAG_VERIFY (1<<5) +/* These flags can only be set by administrator, to prevent * adversaries exporting wrappable keys with random ones. */ -#define NCR_KEY_FLAG_WRAPPING (1<<4) +#define NCR_KEY_FLAG_WRAPPING (1<<6) +#define NCR_KEY_FLAG_UNWRAPPING (1<<7) struct ncr_key_generate_params_st { ncr_algorithm_t algorithm; /* just a cipher algorithm when |