diff options
-rw-r--r-- | examples/ncr.c | 2 | ||||
-rw-r--r-- | ncr-sessions.c | 6 | ||||
-rw-r--r-- | ncr.h | 1 |
3 files changed, 8 insertions, 1 deletions
diff --git a/examples/ncr.c b/examples/ncr.c index 9691fea5dc1..468ffc08d28 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -1507,7 +1507,7 @@ test_ncr_hash_key(int cfd) kimport.type = NCR_KEY_TYPE_SECRET; kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags); kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS; - kimport.flags = NCR_KEY_FLAG_EXPORTABLE; + kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_HASHABLE; kimport.algo_head.nla_len = NLA_HDRLEN + algo_size; kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM; memcpy(kimport.algo, hash_vectors[0].algorithm, algo_size); diff --git a/ncr-sessions.c b/ncr-sessions.c index a7504b37f21..46266f26496 100644 --- a/ncr-sessions.c +++ b/ncr-sessions.c @@ -1301,6 +1301,12 @@ static int _ncr_session_update_key(struct ncr_lists *lists, ret = -EINVAL; goto fail; } + + if (!(key->flags & NCR_KEY_FLAG_HASHABLE)) { + err(); + ret = -EPERM; + goto fail; + } switch(sess->op) { case NCR_OP_ENCRYPT: @@ -106,6 +106,7 @@ typedef __s32 ncr_key_t; */ #define NCR_KEY_FLAG_WRAPPING (1<<6) #define NCR_KEY_FLAG_UNWRAPPING (1<<7) +#define NCR_KEY_FLAG_HASHABLE (1<<8) struct ncr_key_generate { __u32 input_size, output_size; |