From eef7de54be0cd38abb689de7b0a749154b04c694 Mon Sep 17 00:00:00 2001
From: Miloslav Trmač <mitr@redhat.com>
Date: Wed, 18 Aug 2010 05:31:14 +0200
Subject: Replace ncr_algorithm_t by NLA_NUL_STRING

---
 examples/ncr.c    | 145 +++++++++++++++++++++++++++++-------------------------
 examples/pk.c     |  77 ++++++++++++++++-------------
 examples/speed.c  |  25 +++++-----
 ncr-int.h         |  24 ++++++++-
 ncr-key-storage.c |   6 ++-
 ncr-key.c         |   4 +-
 ncr-pk.c          |   3 +-
 ncr-sessions.c    |  96 +++++++++++++++++++++---------------
 ncr.h             |  40 ++-------------
 utils.c           |   6 +--
 10 files changed, 227 insertions(+), 199 deletions(-)

diff --git a/examples/ncr.c b/examples/ncr.c
index facecd88ec0..a9b0cea70d2 100644
--- a/examples/ncr.c
+++ b/examples/ncr.c
@@ -22,6 +22,9 @@
 
 #define ALIGN_NL __attribute__((aligned(NLA_ALIGNTO)))
 
+#define ALG_AES_CBC "cbc(aes)"
+#define ALG_AES_ECB "ecb(aes)"
+
 static void randomize_data(uint8_t * data, size_t data_size)
 {
 int i;
@@ -40,7 +43,7 @@ test_ncr_key(int cfd)
 	struct __attribute__((packed)) {
 		struct ncr_key_generate f;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_AES_CBC)] ALIGN_NL;
 		struct nlattr flags_head ALIGN_NL;
 		uint32_t flags ALIGN_NL;
 		struct nlattr bits_head ALIGN_NL;
@@ -64,7 +67,7 @@ test_ncr_key(int cfd)
 		struct nlattr type_head ALIGN_NL;
 		uint32_t type ALIGN_NL;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_AES_CBC)] ALIGN_NL;
 		struct nlattr flags_head ALIGN_NL;
 		uint32_t flags ALIGN_NL;
 	} kimport;
@@ -106,7 +109,7 @@ test_ncr_key(int cfd)
 	kimport.type = NCR_KEY_TYPE_SECRET;
 	kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo);
 	kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kimport.algo = NCR_ALG_AES_CBC;
+	strcpy(kimport.algo, ALG_AES_CBC);
 	kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags);
 	kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 	kimport.flags = NCR_KEY_FLAG_EXPORTABLE;
@@ -162,7 +165,7 @@ test_ncr_key(int cfd)
 	kgen.f.key = key;
 	kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo);
 	kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kgen.algo = NCR_ALG_AES_CBC;
+	strcpy(kgen.algo, ALG_AES_CBC);
 	kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags);
 	kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 	kgen.flags = NCR_KEY_FLAG_EXPORTABLE;
@@ -227,10 +230,6 @@ test_ncr_key(int cfd)
 	for (;;) {
 		void *data;
 
-		if (nla->nla_len < NLA_HDRLEN + sizeof(uint32_t)) {
-			fprintf(stderr, "Attribute too small\n");
-			return 1;
-		}
 		if (nla->nla_len >
 		    kinfo.f.output_size - ((char *)nla - (char *)&kinfo)) {
 			fprintf(stderr, "Attributes overflow\n");
@@ -239,13 +238,26 @@ test_ncr_key(int cfd)
 		data = (char *)nla + NLA_HDRLEN;
 		switch (nla->nla_type) {
 		case NCR_ATTR_ALGORITHM:
-			if (*(uint32_t *)data != NCR_ALG_AES_CBC) {
+			if (nla->nla_len < NLA_HDRLEN + 1) {
+				fprintf(stderr, "Attribute too small\n");
+				return 1;
+			}
+			if (((char *)data)[nla->nla_len - NLA_HDRLEN - 1]
+			    != 0) {
+				fprintf(stderr, "NUL missing\n");
+				return 1;
+			}
+			if (strcmp(data, ALG_AES_CBC) != 0) {
 				fprintf(stderr, "Unexpected algorithm\n");
 				return 1;
 			}
 			got_algo++;
 			break;
 		case NCR_ATTR_KEY_FLAGS:
+			if (nla->nla_len < NLA_HDRLEN + sizeof(uint32_t)) {
+				fprintf(stderr, "Attribute too small\n");
+				return 1;
+			}
 			if (*(uint32_t *)data != NCR_KEY_FLAG_EXPORTABLE) {
 				fprintf(stderr, "Unexpected key flags\n");
 				return 1;
@@ -253,6 +265,10 @@ test_ncr_key(int cfd)
 			got_flags++;
 			break;
 		case NCR_ATTR_KEY_TYPE:
+			if (nla->nla_len < NLA_HDRLEN + sizeof(uint32_t)) {
+				fprintf(stderr, "Attribute too small\n");
+				return 1;
+			}
 			if (*(uint32_t *)data != NCR_KEY_TYPE_SECRET) {
 				fprintf(stderr, "Unexpected key type\n");
 				return 1;
@@ -294,7 +310,7 @@ test_ncr_key(int cfd)
 	kgen.f.key = key;
 	kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo);
 	kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kgen.algo = NCR_ALG_AES_CBC;
+	strcpy(kgen.algo, ALG_AES_CBC);
 	kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags);
 	kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 	kgen.flags = 0;
@@ -346,7 +362,7 @@ test_ncr_wrap_key(int cfd)
 		struct nlattr type_head ALIGN_NL;
 		uint32_t type ALIGN_NL;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_AES_CBC)] ALIGN_NL;
 		struct nlattr flags_head ALIGN_NL;
 		uint32_t flags ALIGN_NL;
 	} kimport;
@@ -360,7 +376,7 @@ test_ncr_wrap_key(int cfd)
 		struct nlattr wrap_algo_head ALIGN_NL;
 		uint32_t wrap_algo ALIGN_NL;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_AES_CBC)] ALIGN_NL;
 	} kunwrap;
 	uint8_t data[WRAPPED_KEY_DATA_SIZE];
 	int data_size;
@@ -394,7 +410,7 @@ test_ncr_wrap_key(int cfd)
 	kimport.type = NCR_KEY_TYPE_SECRET;
 	kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo);
 	kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kimport.algo = NCR_ALG_AES_CBC;
+	strcpy(kimport.algo, ALG_AES_CBC);
 	kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags);
 	kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 	kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING;
@@ -428,7 +444,7 @@ test_ncr_wrap_key(int cfd)
 	kimport.type = NCR_KEY_TYPE_SECRET;
 	kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo);
 	kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kimport.algo = NCR_ALG_AES_CBC;
+	strcpy(kimport.algo, ALG_AES_CBC);
 	kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags);
 	kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 	kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE;
@@ -500,7 +516,7 @@ test_ncr_wrap_key(int cfd)
 	kunwrap.wrap_algo = NCR_WALG_AES_RFC3394;
 	kunwrap.algo_head.nla_len = NLA_HDRLEN + sizeof(kunwrap.algo);
 	kunwrap.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kunwrap.algo = NCR_ALG_AES_CBC;
+	strcpy(kunwrap.algo, ALG_AES_CBC);
 
 	if (ioctl(cfd, NCRIO_KEY_UNWRAP, &kunwrap)) {
 		perror("ioctl(NCRIO_KEY_UNWRAP)");
@@ -556,7 +572,7 @@ test_ncr_wrap_key2(int cfd)
 		struct nlattr type_head ALIGN_NL;
 		uint32_t type ALIGN_NL;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_AES_CBC)] ALIGN_NL;
 		struct nlattr flags_head ALIGN_NL;
 		uint32_t flags ALIGN_NL;
 	} kimport;
@@ -599,7 +615,7 @@ test_ncr_wrap_key2(int cfd)
 	kimport.type = NCR_KEY_TYPE_SECRET;
 	kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo);
 	kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kimport.algo = NCR_ALG_AES_CBC;
+	strcpy(kimport.algo, ALG_AES_CBC);
 	kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags);
 	kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 	kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING;
@@ -631,7 +647,7 @@ test_ncr_wrap_key2(int cfd)
 	kimport.type = NCR_KEY_TYPE_SECRET;
 	kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo);
 	kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kimport.algo = NCR_ALG_AES_CBC;
+	strcpy(kimport.algo, ALG_AES_CBC);
 	kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags);
 	kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 	kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE;
@@ -675,7 +691,7 @@ test_ncr_store_wrap_key(int cfd)
 		struct nlattr type_head ALIGN_NL;
 		uint32_t type ALIGN_NL;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_AES_CBC)] ALIGN_NL;
 		struct nlattr flags_head ALIGN_NL;
 		uint32_t flags ALIGN_NL;
 	} kimport;
@@ -715,7 +731,7 @@ test_ncr_store_wrap_key(int cfd)
 	kimport.type = NCR_KEY_TYPE_SECRET;
 	kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo);
 	kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kimport.algo = NCR_ALG_AES_CBC;
+	strcpy(kimport.algo, ALG_AES_CBC);
 	kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags);
 	kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 	kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE;
@@ -837,7 +853,7 @@ test_ncr_aes(int cfd)
 		struct nlattr type_head ALIGN_NL;
 		uint32_t type ALIGN_NL;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_AES_ECB)] ALIGN_NL;
 		struct nlattr flags_head ALIGN_NL;
 		uint32_t flags ALIGN_NL;
 	} kimport;
@@ -846,7 +862,7 @@ test_ncr_aes(int cfd)
 	struct __attribute__((packed)) {
 		struct ncr_session_once f;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_AES_ECB)] ALIGN_NL;
 		struct nlattr key_head ALIGN_NL;
 		uint32_t key ALIGN_NL;
 		struct nlattr input_head ALIGN_NL;
@@ -880,7 +896,7 @@ test_ncr_aes(int cfd)
 		kimport.type = NCR_KEY_TYPE_SECRET;
 		kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo);
 		kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-		kimport.algo = NCR_ALG_AES_CBC;
+		strcpy(kimport.algo, ALG_AES_ECB);
 		kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags);
 		kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 		kimport.flags = NCR_KEY_FLAG_EXPORTABLE;
@@ -896,7 +912,7 @@ test_ncr_aes(int cfd)
 		op.f.op = NCR_OP_ENCRYPT;
 		op.algo_head.nla_len = NLA_HDRLEN + sizeof(op.algo);
 		op.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-		op.algo = NCR_ALG_AES_ECB;
+		strcpy(op.algo, ALG_AES_ECB);
 		op.key_head.nla_len = NLA_HDRLEN + sizeof(op.key);
 		op.key_head.nla_type = NCR_ATTR_KEY;
 		op.key = key;
@@ -950,7 +966,7 @@ test_ncr_aes(int cfd)
 		kimport.type = NCR_KEY_TYPE_SECRET;
 		kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo);
 		kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-		kimport.algo = NCR_ALG_AES_CBC;
+		strcpy(kimport.algo, ALG_AES_CBC);
 		kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags);
 		kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 		kimport.flags = NCR_KEY_FLAG_EXPORTABLE;
@@ -966,7 +982,7 @@ test_ncr_aes(int cfd)
 		op.f.op = NCR_OP_DECRYPT;
 		op.algo_head.nla_len = NLA_HDRLEN + sizeof(op.algo);
 		op.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-		op.algo = NCR_ALG_AES_ECB;
+		strcpy(op.algo, ALG_AES_ECB);
 		op.key_head.nla_len = NLA_HDRLEN + sizeof(op.key);
 		op.key_head.nla_type = NCR_ATTR_KEY;
 		op.key = key;
@@ -1010,8 +1026,7 @@ test_ncr_aes(int cfd)
 }
 
 struct hash_vectors_st {
-	const char* name;
-	ncr_algorithm_t algorithm;
+	const char* algorithm;
 	const uint8_t* key; /* if hmac */
 	int key_size;
 	const uint8_t* plaintext;
@@ -1021,8 +1036,7 @@ struct hash_vectors_st {
 	ncr_crypto_op_t op;
 } hash_vectors[] = {
 	{
-		.name = "SHA1",
-		.algorithm = NCR_ALG_SHA1,
+		.algorithm = "sha1",
 		.key = NULL,
 		.plaintext = (uint8_t*)"what do ya want for nothing?",
 		.plaintext_size = sizeof("what do ya want for nothing?")-1,
@@ -1031,8 +1045,7 @@ struct hash_vectors_st {
 		.op = NCR_OP_SIGN,
 	},
 	{
-		.name = "HMAC-MD5",
-		.algorithm = NCR_ALG_HMAC_MD5,
+		.algorithm = "hmac(md5)",
 		.key = (uint8_t*)"Jefe",
 		.key_size = 4,
 		.plaintext = (uint8_t*)"what do ya want for nothing?",
@@ -1043,8 +1056,7 @@ struct hash_vectors_st {
 	},
 	/* from rfc4231 */
 	{
-		.name = "HMAC-SHA224",
-		.algorithm = NCR_ALG_HMAC_SHA2_224,
+		.algorithm = "hmac(sha224)",
 		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
 		.key_size = 20,
 		.plaintext = (uint8_t*)"Hi There",
@@ -1054,8 +1066,7 @@ struct hash_vectors_st {
 		.op = NCR_OP_SIGN,
 	},
 	{
-		.name = "HMAC-SHA256",
-		.algorithm = NCR_ALG_HMAC_SHA2_256,
+		.algorithm = "hmac(sha256)",
 		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
 		.key_size = 20,
 		.plaintext = (uint8_t*)"Hi There",
@@ -1065,8 +1076,7 @@ struct hash_vectors_st {
 		.op = NCR_OP_SIGN,
 	},
 	{
-		.name = "HMAC-SHA384",
-		.algorithm = NCR_ALG_HMAC_SHA2_384,
+		.algorithm = "hmac(sha384)",
 		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
 		.key_size = 20,
 		.plaintext = (uint8_t*)"Hi There",
@@ -1076,8 +1086,7 @@ struct hash_vectors_st {
 		.op = NCR_OP_SIGN,
 	},
 	{
-		.name = "HMAC-SHA512",
-		.algorithm = NCR_ALG_HMAC_SHA2_512,
+		.algorithm = "hmac(sha512)",
 		.key = (uint8_t*)"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
 		.key_size = 20,
 		.plaintext = (uint8_t*)"Hi There",
@@ -1101,24 +1110,24 @@ test_ncr_hash(int cfd)
 		uint8_t id[2] ALIGN_NL;
 		struct nlattr type_head ALIGN_NL;
 		uint32_t type ALIGN_NL;
-		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
 		struct nlattr flags_head ALIGN_NL;
 		uint32_t flags ALIGN_NL;
+		struct nlattr algo_head ALIGN_NL;
+		char algo[128] ALIGN_NL;
 	} kimport;
 	uint8_t data[HASH_DATA_SIZE];
 	int i, j;
 	size_t data_size;
 	struct __attribute__((packed)) {
 		struct ncr_session_once f;
-		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
 		struct nlattr key_head ALIGN_NL;
 		uint32_t key ALIGN_NL;
 		struct nlattr input_head ALIGN_NL;
 		struct ncr_session_input_data input ALIGN_NL;
 		struct nlattr output_head ALIGN_NL;
 		struct ncr_session_output_buffer output ALIGN_NL;
+		struct nlattr algo_head ALIGN_NL;
+		char algo[128] ALIGN_NL;
 	} op;
 
 	/* convert it to key */
@@ -1130,13 +1139,14 @@ test_ncr_hash(int cfd)
 
 	fprintf(stdout, "Tests on Hashes\n");
 	for (i=0;i<sizeof(hash_vectors)/sizeof(hash_vectors[0]);i++) {
+		size_t algo_size;
 
-		fprintf(stdout, "\t%s:\n", hash_vectors[i].name);
+		algo_size = strlen(hash_vectors[i].algorithm) + 1;
+		fprintf(stdout, "\t%s:\n", hash_vectors[i].algorithm);
 		/* import key */
 		if (hash_vectors[i].key != NULL) {
 
 			memset(&kimport.f, 0, sizeof(kimport.f));
-			kimport.f.input_size = sizeof(kimport);
 			kimport.f.key = key;
 			kimport.f.data = hash_vectors[i].key;
 			kimport.f.data_size = hash_vectors[i].key_size;
@@ -1149,14 +1159,16 @@ test_ncr_hash(int cfd)
 				= NLA_HDRLEN + sizeof(kimport.type);
 			kimport.type_head.nla_type = NCR_ATTR_KEY_TYPE;
 			kimport.type = NCR_KEY_TYPE_SECRET;
-			kimport.algo_head.nla_len
-				= NLA_HDRLEN + sizeof(kimport.algo);
-			kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-			kimport.algo = NCR_ALG_AES_CBC;
 			kimport.flags_head.nla_len
 				= NLA_HDRLEN + sizeof(kimport.flags);
 			kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 			kimport.flags = NCR_KEY_FLAG_EXPORTABLE;
+			kimport.algo_head.nla_len = NLA_HDRLEN + algo_size;
+			kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM;
+			memcpy(kimport.algo, hash_vectors[i].algorithm,
+			       algo_size);
+			kimport.f.input_size
+				= kimport.algo + algo_size - (char *)&kimport;
 			if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) {
 				fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 				perror("ioctl(NCRIO_KEY_IMPORT)");
@@ -1165,11 +1177,7 @@ test_ncr_hash(int cfd)
 		}
 
 		memset(&op.f, 0, sizeof(op.f));
-		op.f.input_size = sizeof(op);
 		op.f.op = hash_vectors[i].op;
-		op.algo_head.nla_len = NLA_HDRLEN + sizeof(op.algo);
-		op.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-		op.algo = hash_vectors[i].algorithm;
 		op.key_head.nla_len = NLA_HDRLEN + sizeof(op.key);
 		op.key_head.nla_type = NCR_ATTR_KEY;
 		op.key = hash_vectors[i].key != NULL ? key : NCR_KEY_INVALID;
@@ -1182,6 +1190,10 @@ test_ncr_hash(int cfd)
 		op.output.buffer = data;
 		op.output.buffer_size = sizeof(data);
 		op.output.result_size_ptr = &data_size;
+		op.algo_head.nla_len = NLA_HDRLEN + algo_size;
+		op.algo_head.nla_type = NCR_ATTR_ALGORITHM;
+		memcpy(op.algo, hash_vectors[i].algorithm, algo_size);
+		op.f.input_size = op.algo + algo_size - (char *)&op;
 
 		if (ioctl(cfd, NCRIO_SESSION_ONCE, &op)) {
 			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -1223,18 +1235,18 @@ test_ncr_hash_key(int cfd)
 		uint8_t id[2] ALIGN_NL;
 		struct nlattr type_head ALIGN_NL;
 		uint32_t type ALIGN_NL;
-		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
 		struct nlattr flags_head ALIGN_NL;
 		uint32_t flags ALIGN_NL;
+		struct nlattr algo_head ALIGN_NL;
+		char algo[128] ALIGN_NL;
 	} kimport;
 	uint8_t data[HASH_DATA_SIZE];
 	int j;
-	size_t data_size;
+	size_t data_size, algo_size;
 	struct __attribute__((packed)) {
 		struct ncr_session_init f;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[128] ALIGN_NL;
 	} op_init;
 	struct __attribute__((packed)) {
 		struct ncr_session_update f;
@@ -1262,10 +1274,10 @@ test_ncr_hash_key(int cfd)
 
 	fprintf(stdout, "Tests on Hashes of Keys\n");
 
-	fprintf(stdout, "\t%s:\n", hash_vectors[0].name);
+	fprintf(stdout, "\t%s:\n", hash_vectors[0].algorithm);
+	algo_size = strlen(hash_vectors[0].algorithm) + 1;
 	/* import key */
 	memset(&kimport.f, 0, sizeof(kimport.f));
-	kimport.f.input_size = sizeof(kimport);
 	kimport.f.key = key;
 	kimport.f.data = hash_vectors[0].plaintext;
 	kimport.f.data_size = hash_vectors[0].plaintext_size;
@@ -1276,12 +1288,13 @@ test_ncr_hash_key(int cfd)
 	kimport.type_head.nla_len = NLA_HDRLEN + sizeof(kimport.type);
 	kimport.type_head.nla_type = NCR_ATTR_KEY_TYPE;
 	kimport.type = NCR_KEY_TYPE_SECRET;
-	kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo);
-	kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kimport.algo = NCR_ALG_AES_CBC;
 	kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags);
 	kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 	kimport.flags = NCR_KEY_FLAG_EXPORTABLE;
+	kimport.algo_head.nla_len = NLA_HDRLEN + algo_size;
+	kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM;
+	memcpy(kimport.algo, hash_vectors[0].algorithm, algo_size);
+	kimport.f.input_size = kimport.algo + algo_size - (char *)&kimport;
 	if (ioctl(cfd, NCRIO_KEY_IMPORT, &kimport)) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
 		perror("ioctl(NCRIO_KEY_IMPORT)");
@@ -1289,11 +1302,11 @@ test_ncr_hash_key(int cfd)
 	}
 
 	memset(&op_init.f, 0, sizeof(op_init.f));
-	op_init.f.input_size = sizeof(op_init);
 	op_init.f.op = hash_vectors[0].op;
-	op_init.algo_head.nla_len = NLA_HDRLEN + sizeof(op_init.algo);
+	op_init.algo_head.nla_len = NLA_HDRLEN + algo_size;
 	op_init.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	op_init.algo = hash_vectors[0].algorithm;
+	memcpy(op_init.algo, hash_vectors[0].algorithm, algo_size);
+	op_init.f.input_size = op_init.algo + algo_size - (char *)&op_init;
 
 	ses = ioctl(cfd, NCRIO_SESSION_INIT, &op_init);
 	if (ses < 0) {
diff --git a/examples/pk.c b/examples/pk.c
index 8645fd45661..25032755504 100644
--- a/examples/pk.c
+++ b/examples/pk.c
@@ -28,6 +28,13 @@
 
 #define ALIGN_NL __attribute__((aligned(NLA_ALIGNTO)))
 
+#define SIGNATURE_HASH "sha1"
+
+#define ALG_AES_CBC "cbc(aes)"
+#define ALG_DH "dh"
+#define ALG_DSA "dsa"
+#define ALG_RSA "rsa"
+
 static void
 print_hex_datum (gnutls_datum_t * dat)
 {
@@ -315,7 +322,7 @@ static int test_ncr_dh(int cfd)
 struct __attribute__((packed)) {
 	struct ncr_key_generate_pair f;
 	struct nlattr algo_head ALIGN_NL;
-	uint32_t algo ALIGN_NL;
+	char algo[sizeof(ALG_DH)] ALIGN_NL;
 	struct nlattr flags_head ALIGN_NL;
 	uint32_t flags ALIGN_NL;
 	unsigned char buffer[DATA_SIZE] ALIGN_NL;
@@ -386,7 +393,7 @@ struct __attribute__((packed)) {
 	kgen.f.public_key = public1;
 	kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo);
 	kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kgen.algo = NCR_ALG_DH;
+	strcpy(kgen.algo, ALG_DH);
 	kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags);
 	kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 	kgen.flags = NCR_KEY_FLAG_EXPORTABLE;
@@ -428,7 +435,7 @@ struct __attribute__((packed)) {
 	kgen.f.public_key = public2;
 	kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo);
 	kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kgen.algo = NCR_ALG_DH;
+	strcpy(kgen.algo, ALG_DH);
 	kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags);
 	kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 	kgen.flags = NCR_KEY_FLAG_EXPORTABLE;
@@ -604,7 +611,7 @@ test_ncr_wrap_key3(int cfd)
 		struct nlattr type_head ALIGN_NL;
 		uint32_t type ALIGN_NL;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_AES_CBC)] ALIGN_NL;
 		struct nlattr flags_head ALIGN_NL;
 		uint32_t flags ALIGN_NL;
 	} kimport;
@@ -618,12 +625,12 @@ test_ncr_wrap_key3(int cfd)
 		struct nlattr wrap_algo_head ALIGN_NL;
 		uint32_t wrap_algo ALIGN_NL;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_RSA)] ALIGN_NL;
 	} kunwrap;
 	struct __attribute__((packed)) {
 		struct ncr_key_generate_pair f;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_RSA)] ALIGN_NL;
 		struct nlattr flags_head ALIGN_NL;
 		uint32_t flags ALIGN_NL;
 		struct nlattr bits_head ALIGN_NL;
@@ -679,7 +686,7 @@ test_ncr_wrap_key3(int cfd)
 	kimport.type = NCR_KEY_TYPE_SECRET;
 	kimport.algo_head.nla_len = NLA_HDRLEN + sizeof(kimport.algo);
 	kimport.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kimport.algo = NCR_ALG_AES_CBC;
+	strcpy(kimport.algo, ALG_AES_CBC);
 	kimport.flags_head.nla_len = NLA_HDRLEN + sizeof(kimport.flags);
 	kimport.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 	kimport.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPING;
@@ -701,7 +708,7 @@ test_ncr_wrap_key3(int cfd)
 		kgen.f.public_key = pubkey;
 		kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo);
 		kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-		kgen.algo = NCR_ALG_RSA;
+		strcpy(kgen.algo, ALG_RSA);
 		kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags);
 		kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 		kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE;
@@ -773,7 +780,7 @@ test_ncr_wrap_key3(int cfd)
 			kunwrap.algo_head.nla_len
 				= NLA_HDRLEN + sizeof(kunwrap.algo);
 			kunwrap.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-			kunwrap.algo = NCR_ALG_RSA;
+			strcpy(kunwrap.algo, ALG_RSA);
 
 			ret = ioctl(cfd, NCRIO_KEY_UNWRAP, &kunwrap);
 			if (ret) {
@@ -797,13 +804,13 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 	struct __attribute__((packed)) {
 		struct ncr_session_once f;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_RSA)] ALIGN_NL;
 		struct nlattr key_head ALIGN_NL;
 		uint32_t key ALIGN_NL;
 		struct nlattr rsa_head ALIGN_NL;
 		uint32_t rsa ALIGN_NL;
 		struct nlattr oaep_hash_head ALIGN_NL;
-		uint32_t oaep_hash ALIGN_NL;
+		char oaep_hash[sizeof(SIGNATURE_HASH)] ALIGN_NL;
 		struct nlattr input_head ALIGN_NL;
 		struct ncr_session_input_data input ALIGN_NL;
 		struct nlattr output_head ALIGN_NL;
@@ -825,7 +832,7 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 	op.f.op = NCR_OP_ENCRYPT;
 	op.algo_head.nla_len = NLA_HDRLEN + sizeof(op.algo);
 	op.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	op.algo = NCR_ALG_RSA;
+	strcpy(op.algo, ALG_RSA);
 	op.key_head.nla_len = NLA_HDRLEN + sizeof(op.key);
 	op.key_head.nla_type = NCR_ATTR_KEY;
 	op.key = pubkey;
@@ -838,7 +845,7 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 	}
 	op.oaep_hash_head.nla_len = NLA_HDRLEN + sizeof(op.oaep_hash);
 	op.oaep_hash_head.nla_type = NCR_ATTR_RSA_OAEP_HASH_ALGORITHM;
-	op.oaep_hash = NCR_ALG_SHA1; /* Ignored if not using OAEP */
+	strcpy(op.oaep_hash, SIGNATURE_HASH); /* Ignored if not using OAEP */
 	op.input_head.nla_len = NLA_HDRLEN + sizeof(op.input);
 	op.input_head.nla_type = NCR_ATTR_UPDATE_INPUT_DATA;
 	op.input.data = data;
@@ -861,7 +868,7 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 	op.f.op = NCR_OP_DECRYPT;
 	op.algo_head.nla_len = NLA_HDRLEN + sizeof(op.algo);
 	op.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	op.algo = NCR_ALG_RSA;
+	strcpy(op.algo, ALG_RSA);
 	op.key_head.nla_len = NLA_HDRLEN + sizeof(op.key);
 	op.key_head.nla_type = NCR_ATTR_KEY;
 	op.key = privkey;
@@ -874,7 +881,7 @@ static int rsa_key_encrypt(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int oae
 	}
 	op.oaep_hash_head.nla_len = NLA_HDRLEN + sizeof(op.oaep_hash);
 	op.oaep_hash_head.nla_type = NCR_ATTR_RSA_OAEP_HASH_ALGORITHM;
-	op.oaep_hash = NCR_ALG_SHA1; /* Ignored if not using OAEP */
+	strcpy(op.oaep_hash, SIGNATURE_HASH); /* Ignored if not using OAEP */
 	op.input_head.nla_len = NLA_HDRLEN + sizeof(op.input);
 	op.input_head.nla_type = NCR_ATTR_UPDATE_INPUT_DATA;
 	op.input.data = data;
@@ -911,13 +918,13 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 	struct __attribute__((packed)) {
 		struct ncr_session_once f;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_RSA)] ALIGN_NL;
 		struct nlattr key_head ALIGN_NL;
 		uint32_t key ALIGN_NL;
 		struct nlattr rsa_head ALIGN_NL;
 		uint32_t rsa ALIGN_NL;
 		struct nlattr sign_hash_head ALIGN_NL;
-		uint32_t sign_hash ALIGN_NL;
+		char sign_hash[sizeof(SIGNATURE_HASH)] ALIGN_NL;
 		struct nlattr input_head ALIGN_NL;
 		struct ncr_session_input_data input ALIGN_NL;
 		struct nlattr signature_head ALIGN_NL;
@@ -926,13 +933,13 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 	struct __attribute__((packed)) {
 		struct ncr_session_once f;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_RSA)] ALIGN_NL;
 		struct nlattr key_head ALIGN_NL;
 		uint32_t key ALIGN_NL;
 		struct nlattr rsa_head ALIGN_NL;
 		uint32_t rsa ALIGN_NL;
 		struct nlattr sign_hash_head ALIGN_NL;
-		uint32_t sign_hash ALIGN_NL;
+		char sign_hash[sizeof(SIGNATURE_HASH)] ALIGN_NL;
 		struct nlattr input_head ALIGN_NL;
 		struct ncr_session_input_data input ALIGN_NL;
 		struct nlattr signature_head ALIGN_NL;
@@ -954,7 +961,7 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 	ksign.f.op = NCR_OP_SIGN;
 	ksign.algo_head.nla_len = NLA_HDRLEN + sizeof(ksign.algo);
 	ksign.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	ksign.algo = NCR_ALG_RSA;
+	strcpy(ksign.algo, ALG_RSA);
 	ksign.key_head.nla_len = NLA_HDRLEN + sizeof(ksign.key);
 	ksign.key_head.nla_type = NCR_ATTR_KEY;
 	ksign.key = privkey;
@@ -963,7 +970,7 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 	ksign.rsa = (pss != 0) ? RSA_PKCS1_PSS : RSA_PKCS1_V1_5;
 	ksign.sign_hash_head.nla_len = NLA_HDRLEN + sizeof(ksign.sign_hash);
 	ksign.sign_hash_head.nla_type = NCR_ATTR_SIGNATURE_HASH_ALGORITHM;
-	ksign.sign_hash = NCR_ALG_SHA1;
+	strcpy(ksign.sign_hash, SIGNATURE_HASH);
 	ksign.input_head.nla_len = NLA_HDRLEN + sizeof(ksign.input);
 	ksign.input_head.nla_type = NCR_ATTR_UPDATE_INPUT_DATA;
 	ksign.input.data = data;
@@ -988,7 +995,7 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 	kverify.f.op = NCR_OP_VERIFY;
 	kverify.algo_head.nla_len = NLA_HDRLEN + sizeof(kverify.algo);
 	kverify.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kverify.algo = NCR_ALG_RSA;
+	strcpy(kverify.algo, ALG_RSA);
 	kverify.key_head.nla_len = NLA_HDRLEN + sizeof(kverify.key);
 	kverify.key_head.nla_type = NCR_ATTR_KEY;
 	kverify.key = pubkey;
@@ -997,7 +1004,7 @@ static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int
 	kverify.rsa = (pss != 0) ? RSA_PKCS1_PSS : RSA_PKCS1_V1_5;
 	kverify.sign_hash_head.nla_len = NLA_HDRLEN + sizeof(kverify.sign_hash);
 	kverify.sign_hash_head.nla_type = NCR_ATTR_SIGNATURE_HASH_ALGORITHM;
-	kverify.sign_hash = NCR_ALG_SHA1;
+	strcpy(kverify.sign_hash, SIGNATURE_HASH);
 	kverify.input_head.nla_len = NLA_HDRLEN + sizeof(kverify.input);
 	kverify.input_head.nla_type = NCR_ATTR_UPDATE_INPUT_DATA;
 	kverify.input.data = data;
@@ -1030,11 +1037,11 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 	struct __attribute__((packed)) {
 		struct ncr_session_once f;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_DSA)] ALIGN_NL;
 		struct nlattr key_head ALIGN_NL;
 		uint32_t key ALIGN_NL;
 		struct nlattr sign_hash_head ALIGN_NL;
-		uint32_t sign_hash ALIGN_NL;
+		char sign_hash[sizeof(SIGNATURE_HASH)] ALIGN_NL;
 		struct nlattr input_head ALIGN_NL;
 		struct ncr_session_input_data input ALIGN_NL;
 		struct nlattr signature_head ALIGN_NL;
@@ -1043,11 +1050,11 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 	struct __attribute__((packed)) {
 		struct ncr_session_once f;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_DSA)] ALIGN_NL;
 		struct nlattr key_head ALIGN_NL;
 		uint32_t key ALIGN_NL;
 		struct nlattr sign_hash_head ALIGN_NL;
-		uint32_t sign_hash ALIGN_NL;
+		char sign_hash[sizeof(SIGNATURE_HASH)] ALIGN_NL;
 		struct nlattr input_head ALIGN_NL;
 		struct ncr_session_input_data input ALIGN_NL;
 		struct nlattr signature_head ALIGN_NL;
@@ -1069,13 +1076,13 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 	ksign.f.op = NCR_OP_SIGN;
 	ksign.algo_head.nla_len = NLA_HDRLEN + sizeof(ksign.algo);
 	ksign.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	ksign.algo = NCR_ALG_DSA;
+	strcpy(ksign.algo, ALG_DSA);
 	ksign.key_head.nla_len = NLA_HDRLEN + sizeof(ksign.key);
 	ksign.key_head.nla_type = NCR_ATTR_KEY;
 	ksign.key = privkey;
 	ksign.sign_hash_head.nla_len = NLA_HDRLEN + sizeof(ksign.sign_hash);
 	ksign.sign_hash_head.nla_type = NCR_ATTR_SIGNATURE_HASH_ALGORITHM;
-	ksign.sign_hash = NCR_ALG_SHA1;
+	strcpy(ksign.sign_hash, SIGNATURE_HASH);
 	ksign.input_head.nla_len = NLA_HDRLEN + sizeof(ksign.input);
 	ksign.input_head.nla_type = NCR_ATTR_UPDATE_INPUT_DATA;
 	ksign.input.data = data;
@@ -1098,13 +1105,13 @@ static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey)
 	kverify.f.op = NCR_OP_VERIFY;
 	kverify.algo_head.nla_len = NLA_HDRLEN + sizeof(kverify.algo);
 	kverify.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kverify.algo = NCR_ALG_DSA;
+	strcpy(kverify.algo, ALG_DSA);
 	kverify.key_head.nla_len = NLA_HDRLEN + sizeof(kverify.key);
 	kverify.key_head.nla_type = NCR_ATTR_KEY;
 	kverify.key = pubkey;
 	kverify.sign_hash_head.nla_len = NLA_HDRLEN + sizeof(kverify.sign_hash);
 	kverify.sign_hash_head.nla_type = NCR_ATTR_SIGNATURE_HASH_ALGORITHM;
-	kverify.sign_hash = NCR_ALG_SHA1;
+	strcpy(kverify.sign_hash, SIGNATURE_HASH);
 	kverify.input_head.nla_len = NLA_HDRLEN + sizeof(kverify.input);
 	kverify.input_head.nla_type = NCR_ATTR_UPDATE_INPUT_DATA;
 	kverify.input.data = data;
@@ -1139,7 +1146,7 @@ static int test_ncr_rsa(int cfd)
 	struct __attribute__((packed)) {
 		struct ncr_key_generate_pair f;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_RSA)] ALIGN_NL;
 		struct nlattr flags_head ALIGN_NL;
 		uint32_t flags ALIGN_NL;
 		struct nlattr bits_head ALIGN_NL;
@@ -1174,7 +1181,7 @@ static int test_ncr_rsa(int cfd)
 	kgen.f.public_key = pubkey;
 	kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo);
 	kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kgen.algo = NCR_ALG_RSA;
+	strcpy(kgen.algo, ALG_RSA);
 	kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags);
 	kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 	kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE;
@@ -1265,7 +1272,7 @@ static int test_ncr_dsa(int cfd)
 	struct __attribute__((packed)) {
 		struct ncr_key_generate_pair f;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_DSA)] ALIGN_NL;
 		struct nlattr flags_head ALIGN_NL;
 		uint32_t flags ALIGN_NL;
 		struct nlattr q_bits_head ALIGN_NL;
@@ -1302,7 +1309,7 @@ static int test_ncr_dsa(int cfd)
 	kgen.f.public_key = pubkey;
 	kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo);
 	kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kgen.algo = NCR_ALG_DSA;
+	strcpy(kgen.algo, ALG_DSA);
 	kgen.flags_head.nla_len = NLA_HDRLEN + sizeof(kgen.flags);
 	kgen.flags_head.nla_type = NCR_ATTR_KEY_FLAGS;
 	kgen.flags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE;
diff --git a/examples/speed.c b/examples/speed.c
index a75009e736b..70a2ed851c3 100644
--- a/examples/speed.c
+++ b/examples/speed.c
@@ -32,6 +32,7 @@
 #include "../ncr.h"
 
 #define ALIGN_NL __attribute__((aligned(NLA_ALIGNTO)))
+#define ALG_AES_CBC "cbc(aes)"
 
 static double udifftimeval(struct timeval start, struct timeval end)
 {
@@ -72,7 +73,7 @@ static void value2human(double bytes, double time, double* data, double* speed,c
 }
 
 
-int encrypt_data_ncr_direct(int cfd, int algo, int chunksize)
+int encrypt_data_ncr_direct(int cfd, const char *algo, int chunksize)
 {
 	char *buffer, iv[32];
 	static int val = 23;
@@ -84,14 +85,12 @@ int encrypt_data_ncr_direct(int cfd, int algo, int chunksize)
 	struct __attribute__((packed)) {
 		struct ncr_key_generate f;
 		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
+		char algo[sizeof(ALG_AES_CBC)] ALIGN_NL;
 		struct nlattr bits_head ALIGN_NL;
 		uint32_t bits ALIGN_NL;
 	} kgen;
 	struct __attribute__((packed)) {
 		struct ncr_session_once f;
-		struct nlattr algo_head ALIGN_NL;
-		uint32_t algo ALIGN_NL;
 		struct nlattr key_head ALIGN_NL;
 		uint32_t key ALIGN_NL;
 		struct nlattr input_head ALIGN_NL;
@@ -99,8 +98,12 @@ int encrypt_data_ncr_direct(int cfd, int algo, int chunksize)
 		struct nlattr output_head ALIGN_NL;
 		struct ncr_session_output_buffer output ALIGN_NL;
 		struct nlattr iv_head ALIGN_NL;
+		struct nlattr algo_head ALIGN_NL;
+		char algo[128] ALIGN_NL;
 	} op;
+	size_t algo_size;
 
+	algo_size = strlen(algo) + 1;
 	key = ioctl(cfd, NCRIO_KEY_INIT);
 	if (key == -1) {
 		fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -113,7 +116,7 @@ int encrypt_data_ncr_direct(int cfd, int algo, int chunksize)
 	kgen.f.key = key;
 	kgen.algo_head.nla_len = NLA_HDRLEN + sizeof(kgen.algo);
 	kgen.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-	kgen.algo = NCR_ALG_AES_CBC;
+	strcpy(kgen.algo, ALG_AES_CBC);
 	kgen.bits_head.nla_len = NLA_HDRLEN + sizeof(kgen.bits);
 	kgen.bits_head.nla_type = NCR_ATTR_SECRET_KEY_BITS;
 	kgen.bits = 128; /* 16 bytes */
@@ -141,11 +144,7 @@ int encrypt_data_ncr_direct(int cfd, int algo, int chunksize)
 		size_t output_size;
 
 		memset(&op.f, 0, sizeof(op.f));
-		op.f.input_size = sizeof(op);
 		op.f.op = NCR_OP_ENCRYPT;
-		op.algo_head.nla_len = NLA_HDRLEN + sizeof(op.algo);
-		op.algo_head.nla_type = NCR_ATTR_ALGORITHM;
-		op.algo = algo;
 		op.key_head.nla_len = NLA_HDRLEN + sizeof(op.key);
 		op.key_head.nla_type = NCR_ATTR_KEY;
 		op.key = key;
@@ -160,6 +159,10 @@ int encrypt_data_ncr_direct(int cfd, int algo, int chunksize)
 		op.output.result_size_ptr = &output_size;
 		op.iv_head.nla_len = NLA_HDRLEN + 0;
 		op.iv_head.nla_type = NCR_ATTR_IV;
+		op.algo_head.nla_len = NLA_HDRLEN + algo_size;
+		op.algo_head.nla_type = NCR_ATTR_ALGORITHM;
+		memcpy(op.algo, algo, algo_size);
+		op.f.input_size = op.algo + algo_size - (char *)&op;
 
 		if (ioctl(cfd, NCRIO_SESSION_ONCE, &op)) {
 			fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__);
@@ -193,14 +196,14 @@ int main(void)
 
 	fprintf(stderr, "\nTesting NCR-DIRECT with NULL cipher: \n");
 	for (i = 256; i <= (64 * 1024); i *= 2) {
-		if (encrypt_data_ncr_direct(fd, NCR_ALG_NULL, i))
+		if (encrypt_data_ncr_direct(fd, "ecb(cipher_null)", i))
 			break;
 	}
 
 
 	fprintf(stderr, "\nTesting NCR-DIRECT with AES-128-CBC cipher: \n");
 	for (i = 256; i <= (64 * 1024); i *= 2) {
-		if (encrypt_data_ncr_direct(fd, NCR_ALG_AES_CBC, i))
+		if (encrypt_data_ncr_direct(fd, "cbc(aes)", i))
 			break;
 	}
 
diff --git a/ncr-int.h b/ncr-int.h
index 669c1a2c983..274000e86e9 100644
--- a/ncr-int.h
+++ b/ncr-int.h
@@ -18,9 +18,29 @@
 struct nlattr;
 struct ncr_out;
 
+// Not all known algorithms - only for quick internal identification
+enum ncr_algorithm {
+	NCR_ALG_NONE__,
+	NCR_ALG_NULL,
+
+	NCR_ALG_3DES_CBC,
+
+	NCR_ALG_MD5,
+	NCR_ALG_SHA1,
+	NCR_ALG_SHA2_224,
+	NCR_ALG_SHA2_256,
+	NCR_ALG_SHA2_384,
+	NCR_ALG_SHA2_512,
+
+	NCR_ALG_RSA,
+	NCR_ALG_DSA,
+	NCR_ALG_DH,
+};
+
 struct algo_properties_st {
-	ncr_algorithm_t algo;
+	enum ncr_algorithm algo;
 	const char *kstr;
+	size_t kstr_len;
 	unsigned needs_iv:1;
 	unsigned is_hmac:1;
 	unsigned can_sign:1;
@@ -196,7 +216,7 @@ int key_to_storage_data( uint8_t** data, size_t * data_size, const struct key_it
 
 /* misc helper macros */
 
-const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo);
+const struct algo_properties_st *_ncr_algo_to_properties(const char *algo);
 const struct algo_properties_st *_ncr_nla_to_properties(const struct nlattr *nla);
 int _ncr_key_get_sec_level(struct key_item_st* item);
 
diff --git a/ncr-key-storage.c b/ncr-key-storage.c
index 149c45a3197..9afa2dc0411 100644
--- a/ncr-key-storage.c
+++ b/ncr-key-storage.c
@@ -35,7 +35,7 @@ struct packed_key {
 	uint32_t version;
 	uint8_t type;
 	uint32_t flags;
-	uint16_t algorithm; /* valid for public/private keys */
+	uint8_t algorithm[32];	/* NUL-terminated */
 	uint8_t key_id[MAX_KEY_ID_SIZE];
 	uint8_t key_id_size;
 
@@ -59,7 +59,8 @@ int key_to_storage_data( uint8_t** sdata, size_t * sdata_size, const struct key_
 	pkey->version = THIS_VERSION;
 	pkey->type = key->type;
 	pkey->flags = key->flags;
-	pkey->algorithm = key->algorithm->algo;
+	BUG_ON(strlen(key->algorithm->kstr) > sizeof(pkey->algorithm) - 1);
+	strcpy(pkey->algorithm, key->algorithm->kstr);
 	pkey->key_id_size = key->key_id_size;
 	memcpy(pkey->key_id, key->key_id, key->key_id_size);
 
@@ -95,6 +96,7 @@ int key_from_storage_data(struct key_item_st* key, const void* data, size_t data
 	int ret;
 
 	if (data_size != sizeof(*pkey) || pkey->version != THIS_VERSION
+	    || memchr(pkey->algorithm, '\0', sizeof(pkey->algorithm)) == NULL
 	    || pkey->key_id_size > MAX_KEY_ID_SIZE) {
 		err();
 		return -EINVAL;
diff --git a/ncr-key.c b/ncr-key.c
index 56708d8fba7..6e682451375 100644
--- a/ncr-key.c
+++ b/ncr-key.c
@@ -624,8 +624,8 @@ int ret;
 			ret = ncr_out_put_u32(out, *attr, item->type);
 			break;
 		case NCR_ATTR_ALGORITHM:
-			ret = ncr_out_put_u32(out, *attr,
-					      item->algorithm->algo);
+			ret = ncr_out_put_string(out, *attr,
+						 item->algorithm->kstr);
 			break;
 		default:
 			break; /* Silently ignore */
diff --git a/ncr-pk.c b/ncr-pk.c
index ed904d60d4a..ecac4c777b2 100644
--- a/ncr-pk.c
+++ b/ncr-pk.c
@@ -123,7 +123,8 @@ static int ncr_pk_make_public_and_id( struct key_item_st * private, struct key_i
 	}
 
 	key_id_size = MAX_KEY_ID_SIZE;
-	cret = hash_memory(_ncr_algo_to_properties(NCR_ALG_SHA1), tmp, max_size, private->key_id, &key_id_size);
+	cret = hash_memory(_ncr_algo_to_properties("sha1"), tmp, max_size,
+			   private->key_id, &key_id_size);
 	if (cret != CRYPT_OK) {
 		err();
 		ret = _ncr_tomerr(cret);
diff --git a/ncr-sessions.c b/ncr-sessions.c
index 8f3e721de8d..41f8a4c9000 100644
--- a/ncr-sessions.c
+++ b/ncr-sessions.c
@@ -130,87 +130,91 @@ err_sess:
 }
 
 static const struct algo_properties_st algo_properties[] = {
-	{ .algo = NCR_ALG_NULL, .kstr = "ecb(cipher_null)", 
+#define KSTR(x) .kstr = x, .kstr_len = sizeof(x) - 1
+	{ .algo = NCR_ALG_NULL, KSTR("ecb(cipher_null)"),
 		.needs_iv = 0, .is_symmetric=1, .can_encrypt=1,
 		.key_type = NCR_KEY_TYPE_INVALID },
-	{ .algo = NCR_ALG_3DES_CBC, .kstr = "cbc(des3_ede)", 
+	{ .algo = NCR_ALG_3DES_CBC, KSTR("cbc(des3_ede)"),
 		.needs_iv = 1, .is_symmetric=1, .can_encrypt=1,
 		.key_type = NCR_KEY_TYPE_SECRET },
-	{ .algo = NCR_ALG_AES_CBC, .kstr = "cbc(aes)", 
+	{ KSTR("cbc(aes)"),
 		.needs_iv = 1, .is_symmetric=1, .can_encrypt=1,
 		.key_type = NCR_KEY_TYPE_SECRET },
-	{ .algo = NCR_ALG_CAMELLIA_CBC, .kstr = "cbc(camelia)", 
+	{ KSTR("cbc(camelia)"),
 		.needs_iv = 1, .is_symmetric=1, .can_encrypt=1,
 		.key_type = NCR_KEY_TYPE_SECRET },
-	{ .algo = NCR_ALG_AES_CTR, .kstr = "ctr(aes)", 
+	{ KSTR("ctr(aes)"),
 		.needs_iv = 1, .is_symmetric=1, .can_encrypt=1,
 		.key_type = NCR_KEY_TYPE_SECRET },
-	{ .algo = NCR_ALG_CAMELLIA_CTR, .kstr = "ctr(camelia)", 
+	{ KSTR("ctr(camelia)"),
 		.needs_iv = 1, .is_symmetric=1, .can_encrypt=1,
 		.key_type = NCR_KEY_TYPE_SECRET },
-	{ .algo = NCR_ALG_ARCFOUR, .kstr = NULL, 
+	{ KSTR("ecb(aes)"),
 		.needs_iv = 0, .is_symmetric=1, .can_encrypt=1,
 		.key_type = NCR_KEY_TYPE_SECRET },
-	{ .algo = NCR_ALG_AES_ECB, .kstr = "ecb(aes)", 
+	{ KSTR("ecb(camelia)"),
 		.needs_iv = 0, .is_symmetric=1, .can_encrypt=1,
 		.key_type = NCR_KEY_TYPE_SECRET },
-	{ .algo = NCR_ALG_CAMELLIA_ECB, .kstr = "ecb(camelia)", 
-		.needs_iv = 0, .is_symmetric=1, .can_encrypt=1,
-		.key_type = NCR_KEY_TYPE_SECRET },
-	{ .algo = NCR_ALG_SHA1, .kstr = "sha1", 
+	{ .algo = NCR_ALG_SHA1, KSTR("sha1"),
 		.digest_size = 20, .can_digest=1,
 		.key_type = NCR_KEY_TYPE_INVALID },
-	{ .algo = NCR_ALG_MD5, .kstr = "md5", 
+	{ .algo = NCR_ALG_MD5, KSTR("md5"),
 		.digest_size = 16, .can_digest=1,
 		.key_type = NCR_KEY_TYPE_INVALID },
-	{ .algo = NCR_ALG_SHA2_224, .kstr = "sha224", 
+	{ .algo = NCR_ALG_SHA2_224, KSTR("sha224"),
 		.digest_size = 28, .can_digest=1,
 		.key_type = NCR_KEY_TYPE_INVALID },
-	{ .algo = NCR_ALG_SHA2_256, .kstr = "sha256", 
+	{ .algo = NCR_ALG_SHA2_256, KSTR("sha256"),
 		.digest_size = 32, .can_digest=1,
 		.key_type = NCR_KEY_TYPE_INVALID },
-	{ .algo = NCR_ALG_SHA2_384, .kstr = "sha384", 
+	{ .algo = NCR_ALG_SHA2_384, KSTR("sha384"),
 		.digest_size = 48, .can_digest=1,
 		.key_type = NCR_KEY_TYPE_INVALID },
-	{ .algo = NCR_ALG_SHA2_512, .kstr = "sha512", 
+	{ .algo = NCR_ALG_SHA2_512, KSTR("sha512"),
 		.digest_size = 64, .can_digest=1,
 		.key_type = NCR_KEY_TYPE_INVALID },
-	{ .algo = NCR_ALG_HMAC_SHA1, .is_hmac = 1, .kstr = "hmac(sha1)", 
+	{ .is_hmac = 1, KSTR("hmac(sha1)"),
 		.digest_size = 20, .can_sign=1,
 		.key_type = NCR_KEY_TYPE_SECRET },
-	{ .algo = NCR_ALG_HMAC_MD5, .is_hmac = 1, .kstr = "hmac(md5)", 
+	{ .is_hmac = 1, KSTR("hmac(md5)"),
 		.digest_size = 16, .can_sign=1,
 		.key_type = NCR_KEY_TYPE_SECRET },
-	{ .algo = NCR_ALG_HMAC_SHA2_224, .is_hmac = 1, .kstr = "hmac(sha224)", 
+	{ .is_hmac = 1, KSTR("hmac(sha224)"),
 		.digest_size = 28, .can_sign=1,
 		.key_type = NCR_KEY_TYPE_SECRET },
-	{ .algo = NCR_ALG_HMAC_SHA2_256, .is_hmac = 1, .kstr = "hmac(sha256)", 
+	{ .is_hmac = 1, KSTR("hmac(sha256)"),
 		.digest_size = 32, .can_sign=1,
 		.key_type = NCR_KEY_TYPE_SECRET },
-	{ .algo = NCR_ALG_HMAC_SHA2_384, .is_hmac = 1, .kstr = "hmac(sha384)", 
+	{ .is_hmac = 1, KSTR("hmac(sha384)"),
 		.digest_size = 48, .can_sign=1,
 		.key_type = NCR_KEY_TYPE_SECRET },
-	{ .algo = NCR_ALG_HMAC_SHA2_512, .is_hmac = 1, .kstr = "hmac(sha512)", 
+	{ .is_hmac = 1, KSTR("hmac(sha512)"),
 		.digest_size = 64, .can_sign=1,
 		.key_type = NCR_KEY_TYPE_SECRET },
-	{ .algo = NCR_ALG_RSA, .kstr = NULL, .is_pk = 1,
+	/* NOTE: These algorithm names are not available through the kernel API
+	   (yet). */
+	{ .algo = NCR_ALG_RSA, KSTR("rsa"), .is_pk = 1,
 		.can_encrypt=1, .can_sign=1, .key_type = NCR_KEY_TYPE_PUBLIC },
-	{ .algo = NCR_ALG_DSA, .kstr = NULL, .is_pk = 1,
+	{ .algo = NCR_ALG_DSA, KSTR("dsa"), .is_pk = 1,
 		.can_sign=1, .key_type = NCR_KEY_TYPE_PUBLIC },
-	{ .algo = NCR_ALG_DH, .kstr = NULL, .is_pk = 1,
+	{ .algo = NCR_ALG_DH, KSTR("dh"), .is_pk = 1,
 		.can_kx=1, .key_type = NCR_KEY_TYPE_PUBLIC },
-	{ .algo = NCR_ALG_NONE }
-
+#undef KSTR
 };
 
-const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo)
+/* The lookups by string are inefficient - can we look up all we need from
+   crypto API? */
+const struct algo_properties_st *_ncr_algo_to_properties(const char *algo)
 {
-	ncr_algorithm_t a;
-	int i = 0;
-
-	for (i = 0; (a = algo_properties[i].algo) != NCR_ALG_NONE; i++) {
-		if (a == algo)
-			return &algo_properties[i];
+	const struct algo_properties_st *a;
+	size_t name_len;
+
+	name_len = strlen(algo);
+	for (a = algo_properties;
+	     a < algo_properties + ARRAY_SIZE(algo_properties); a++) {
+		if (a->kstr_len == name_len
+		    && memcmp(a->kstr, algo, name_len) == 0)
+			return a;
 	}
 
 	return NULL;
@@ -218,9 +222,21 @@ const struct algo_properties_st *_ncr_algo_to_properties(ncr_algorithm_t algo)
 
 const struct algo_properties_st *_ncr_nla_to_properties(const struct nlattr *nla)
 {
+	const struct algo_properties_st *a;
+	size_t name_len;
+
 	if (nla == NULL)
 		return NULL;
-	return _ncr_algo_to_properties(nla_get_u32(nla));
+
+	/* nla_len() >= 1 ensured by validate_nla() case NLA_NUL_STRING */
+	name_len = nla_len(nla) - 1;
+	for (a = algo_properties;
+	     a < algo_properties + ARRAY_SIZE(algo_properties); a++) {
+		if (a->kstr_len == name_len
+		    && memcmp(a->kstr, nla_data(nla), name_len + 1) == 0)
+			return a;
+	}
+	return NULL;
 }
 
 static int key_item_get_nla_read(struct key_item_st **st,
@@ -294,7 +310,7 @@ static int _ncr_session_init(struct ncr_lists *lists, ncr_crypto_op_t op,
 				if (ns->algorithm->algo == NCR_ALG_NULL)
 				  keysize = 0;
 				
-				if (ns->algorithm->kstr == NULL) {
+				if (ns->algorithm->is_pk) {
 					err();
 					ret = -EINVAL;
 					goto fail;
@@ -341,7 +357,7 @@ static int _ncr_session_init(struct ncr_lists *lists, ncr_crypto_op_t op,
 			}
 
 			if (ns->algorithm->can_digest) {
-				if (ns->algorithm->kstr == NULL) {
+				if (ns->algorithm->is_pk) {
 					err();
 					ret = -EINVAL;
 					goto fail;
@@ -371,7 +387,7 @@ static int _ncr_session_init(struct ncr_lists *lists, ncr_crypto_op_t op,
 				}
 
 				if (ns->algorithm->is_hmac && ns->key->type == NCR_KEY_TYPE_SECRET) {
-					if (ns->algorithm->kstr == NULL) {
+					if (ns->algorithm->is_pk) {
 						err();
 						ret = -EINVAL;
 						goto fail;
@@ -399,7 +415,7 @@ static int _ncr_session_init(struct ncr_lists *lists, ncr_crypto_op_t op,
 						goto fail;
 					}
 
-					if (sign_hash->kstr == NULL) {
+					if (sign_hash->is_pk) {
 						err();
 						ret = -EINVAL;
 						goto fail;
diff --git a/ncr.h b/ncr.h
index bc681acf43d..3dae3f38eb8 100644
--- a/ncr.h
+++ b/ncr.h
@@ -30,10 +30,9 @@
    of attributes used for the frequent operations? */
 enum {
 	NCR_ATTR_UNSPEC,	      /* 0 is special in lib/nlattr.c. */
-	/* FIXME: Use NLA_STRING for this, later */
-	NCR_ATTR_ALGORITHM,	      /* NLA_U32 - ncr_algorithm_t */
+	NCR_ATTR_ALGORITHM,	      /* NLA_NUL_STRING */
 	NCR_ATTR_DERIVATION_ALGORITHM, /* NLA_U32 - ncr_algorithm_t */
-	NCR_ATTR_SIGNATURE_HASH_ALGORITHM, /* NLA_U32 - ncr_algorithm_t */
+	NCR_ATTR_SIGNATURE_HASH_ALGORITHM, /* NLA_NUL_STRING */
 	NCR_ATTR_WRAPPING_ALGORITHM,  /* NLA_U32 - ncr_wrap_algorithm_t */
 	NCR_ATTR_UPDATE_INPUT_DATA,   /* NLA_BINARY - ncr_session_input_data */
 	/* NLA_BINARY - ncr_session_output_buffer */
@@ -51,7 +50,7 @@ enum {
 	NCR_ATTR_RSA_MODULUS_BITS,    /* NLA_U32 */
 	NCR_ATTR_RSA_E,		      /* NLA_BINARY */
 	NCR_ATTR_RSA_ENCODING_METHOD, /* NLA_U32 - ncr_rsa_type_t */
-	NCR_ATTR_RSA_OAEP_HASH_ALGORITHM, /* NLA_U32 - ncr_algorithm_t */
+	NCR_ATTR_RSA_OAEP_HASH_ALGORITHM, /* NLA_NUL_STRING */
 	NCR_ATTR_RSA_PSS_SALT_LENGTH, /* NLA_U32 */
 	NCR_ATTR_DSA_P_BITS,	      /* NLA_U32 */
 	NCR_ATTR_DSA_Q_BITS,	      /* NLA_U32 */
@@ -69,39 +68,6 @@ enum {
 #define NCR_CIPHER_MAX_BLOCK_LEN 32
 #define NCR_HASH_MAX_OUTPUT_SIZE  64
 
-typedef enum {
-	NCR_ALG_NONE,
-	NCR_ALG_NULL,
-	NCR_ALG_3DES_CBC,
-	NCR_ALG_AES_CBC,
-	NCR_ALG_CAMELLIA_CBC,
-	NCR_ALG_ARCFOUR,
-	NCR_ALG_AES_ECB,
-	NCR_ALG_CAMELLIA_ECB,
-	NCR_ALG_AES_CTR,
-	NCR_ALG_CAMELLIA_CTR,
-
-	NCR_ALG_SHA1=40,
-	NCR_ALG_MD5,
-	NCR_ALG_SHA2_224,
-	NCR_ALG_SHA2_256,
-	NCR_ALG_SHA2_384,
-	NCR_ALG_SHA2_512,
-
-	NCR_ALG_HMAC_SHA1=80,
-	NCR_ALG_HMAC_MD5,
-	NCR_ALG_HMAC_SHA2_224,
-	NCR_ALG_HMAC_SHA2_256,
-	NCR_ALG_HMAC_SHA2_384,
-	NCR_ALG_HMAC_SHA2_512,
-
-	NCR_ALG_RSA=140,
-	NCR_ALG_DSA,
-	NCR_ALG_DH, /* DH as in PKCS #3 */
-} ncr_algorithm_t;
-
-
-
 typedef enum {
 	NCR_WALG_AES_RFC3394, /* for secret keys only */
 	NCR_WALG_AES_RFC5649, /* can wrap arbitrary key */
diff --git a/utils.c b/utils.c
index 8118a1d9e57..23d75f126d5 100644
--- a/utils.c
+++ b/utils.c
@@ -48,9 +48,9 @@
 #endif /* !CONFIG_COMPAT */
 
 static const struct nla_policy ncr_attr_policy[NCR_ATTR_MAX + 1] = {
-	[NCR_ATTR_ALGORITHM] = { NLA_U32, 0 },
+	[NCR_ATTR_ALGORITHM] = { NLA_NUL_STRING, 0 },
 	[NCR_ATTR_DERIVATION_ALGORITHM] = { NLA_U32, 0 },
-	[NCR_ATTR_SIGNATURE_HASH_ALGORITHM] = { NLA_U32, 0 },
+	[NCR_ATTR_SIGNATURE_HASH_ALGORITHM] = { NLA_NUL_STRING, 0 },
 	[NCR_ATTR_WRAPPING_ALGORITHM] = { NLA_U32, 0 },
 	[NCR_ATTR_UPDATE_INPUT_DATA] = {
 		NLA_BINARY, MAX_SESSION_INPUT_DATA_SIZE
@@ -74,7 +74,7 @@ static const struct nla_policy ncr_attr_policy[NCR_ATTR_MAX + 1] = {
 	[NCR_ATTR_RSA_MODULUS_BITS] = { NLA_U32, 0 },
 	[NCR_ATTR_RSA_E] = { NLA_BINARY, 0 },
 	[NCR_ATTR_RSA_ENCODING_METHOD] = { NLA_U32, 0 },
-	[NCR_ATTR_RSA_OAEP_HASH_ALGORITHM] = { NLA_U32, 0 },
+	[NCR_ATTR_RSA_OAEP_HASH_ALGORITHM] = { NLA_NUL_STRING, 0 },
 	[NCR_ATTR_RSA_PSS_SALT_LENGTH] = { NLA_U32, 0 },
 	[NCR_ATTR_DSA_P_BITS] = { NLA_U32, 0 },
 	[NCR_ATTR_DSA_Q_BITS] = { NLA_U32, 0 },
-- 
cgit