Prevent usage of wrapping keys for anything else except wrapping.

1 files changed, 17 insertions, 0 deletions

diff --git a/ncr-sessions.c b/ncr-sessions.c
index 2916729..0a48b23 100644
--- a/ncr-sessions.c
+++ b/ncr-sessions.c
@@ -250,6 +250,15 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses
 				err();
 				goto fail;
 			}
+			
+			/* wrapping keys cannot be used for encryption or decryption
+			 */
+			if (ns->key->flags & NCR_KEY_FLAG_WRAPPING) {
+				err();
+				ret = -EINVAL;
+				goto fail;
+			}
+
 			if (ns->key->type == NCR_KEY_TYPE_SECRET) {
 				int keysize = ns->key->key.secret.size;
 				
@@ -320,6 +329,14 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses
 					goto fail;
 				}
 
+				/* wrapping keys cannot be used for anything except wrapping.
+				 */
+				if (ns->key->flags & NCR_KEY_FLAG_WRAPPING) {
+					err();
+					ret = -EINVAL;
+					goto fail;
+				}
+
 				if (ns->algorithm->is_hmac && ns->key->type == NCR_KEY_TYPE_SECRET) {
 					if (ns->algorithm->kstr == NULL) {
 						err();