summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2010-08-25 17:47:55 +0200
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2010-08-25 17:52:40 +0200
commite8372045818cb278ad2fe05ab64d3a76990cd1ed (patch)
tree4bb6a3dd05728ee9622b1eabecb7ba8c6beff15f
parent68c4e5ec42e1151591aee19ba36a4dbe22715a91 (diff)
downloadkernel-crypto-e8372045818cb278ad2fe05ab64d3a76990cd1ed.tar.gz
kernel-crypto-e8372045818cb278ad2fe05ab64d3a76990cd1ed.tar.xz
kernel-crypto-e8372045818cb278ad2fe05ab64d3a76990cd1ed.zip
Added ENCRYPT, UNWRAPPING and VERIFY key flags
-rw-r--r--examples/ncr.c4
-rw-r--r--examples/pk.c2
-rw-r--r--ncr-key-wrap.c2
-rw-r--r--ncr-key.c1
-rw-r--r--ncr.h7
5 files changed, 10 insertions, 6 deletions
diff --git a/examples/ncr.c b/examples/ncr.c
index 5169a149e31..3a665392c53 100644
--- a/examples/ncr.c
+++ b/examples/ncr.c
@@ -234,7 +234,7 @@ test_ncr_wrap_key(int cfd)
keydata.key_id_size = 2;
keydata.type = NCR_KEY_TYPE_SECRET;
keydata.algorithm = NCR_ALG_AES_CBC;
- keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING;
+ keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING|NCR_KEY_FLAG_UNWRAPPING;
keydata.key = key;
keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
@@ -401,7 +401,7 @@ test_ncr_wrap_key2(int cfd)
keydata.key_id_size = 2;
keydata.type = NCR_KEY_TYPE_SECRET;
keydata.algorithm = NCR_ALG_AES_CBC;
- keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING;
+ keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING|NCR_KEY_FLAG_UNWRAPPING;
keydata.key = key;
keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
diff --git a/examples/pk.c b/examples/pk.c
index ea5720c59ee..78b6a10b34f 100644
--- a/examples/pk.c
+++ b/examples/pk.c
@@ -576,7 +576,7 @@ test_ncr_wrap_key3(int cfd)
keydata.key_id_size = 2;
keydata.type = NCR_KEY_TYPE_SECRET;
keydata.algorithm = NCR_ALG_AES_CBC;
- keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING;
+ keydata.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING|NCR_KEY_FLAG_UNWRAPPING;
keydata.key = key;
keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
diff --git a/ncr-key-wrap.c b/ncr-key-wrap.c
index 1107083eefc..2f2695de6d7 100644
--- a/ncr-key-wrap.c
+++ b/ncr-key-wrap.c
@@ -624,7 +624,7 @@ int ret;
goto fail;
}
- if (!(key->flags & NCR_KEY_FLAG_WRAPPING)) {
+ if (!(key->flags & NCR_KEY_FLAG_UNWRAPPING)) {
err();
ret = -EPERM;
goto fail;
diff --git a/ncr-key.c b/ncr-key.c
index 8f74ade80e3..f9fdcf4d5b5 100644
--- a/ncr-key.c
+++ b/ncr-key.c
@@ -315,6 +315,7 @@ void ncr_key_assign_flags(struct key_item_st* item, unsigned int flags)
item->flags = flags;
} else {
item->flags = flags & (~(NCR_KEY_FLAG_WRAPPING));
+ item->flags = flags & (~(NCR_KEY_FLAG_UNWRAPPING));
}
}
diff --git a/ncr.h b/ncr.h
index c3850e4e355..701210e74da 100644
--- a/ncr.h
+++ b/ncr.h
@@ -70,10 +70,13 @@ typedef int ncr_key_t;
*/
#define NCR_KEY_FLAG_DECRYPT (1<<2)
#define NCR_KEY_FLAG_SIGN (1<<3)
-/* This flag can only be set by administrator, to prevent
+#define NCR_KEY_FLAG_ENCRYPT (1<<4)
+#define NCR_KEY_FLAG_VERIFY (1<<5)
+/* These flags can only be set by administrator, to prevent
* adversaries exporting wrappable keys with random ones.
*/
-#define NCR_KEY_FLAG_WRAPPING (1<<4)
+#define NCR_KEY_FLAG_WRAPPING (1<<6)
+#define NCR_KEY_FLAG_UNWRAPPING (1<<7)
struct ncr_key_generate_params_st {
ncr_algorithm_t algorithm; /* just a cipher algorithm when