diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-06-17 10:59:12 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-06-17 20:49:05 +0200 |
commit | 094ae51f5909d71c18ed87f25aa493b8d22d0247 (patch) | |
tree | 70be3cbf8566e2d6895bfedb5a952463a2e79eb3 /userspace | |
parent | 71b9a53ef1f813c66ffd0fd83289c50f61a5f28a (diff) | |
download | cryptodev-linux-094ae51f5909d71c18ed87f25aa493b8d22d0247.tar.gz cryptodev-linux-094ae51f5909d71c18ed87f25aa493b8d22d0247.tar.xz cryptodev-linux-094ae51f5909d71c18ed87f25aa493b8d22d0247.zip |
Be more strict when loading master key.
Diffstat (limited to 'userspace')
-rw-r--r-- | userspace/setkey.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/userspace/setkey.c b/userspace/setkey.c index 2642b90..535773d 100644 --- a/userspace/setkey.c +++ b/userspace/setkey.c @@ -14,21 +14,37 @@ #include <sys/stat.h> #include "../ncr.h" #include <stdlib.h> - - +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> int main(int argc, char** argv) { int fd = -1; FILE* fp; struct ncr_master_key_st key; - int size; + int size, ret; + struct stat st; if (argc != 2) { fprintf(stderr, "Usage: setkey [filename]\n"); exit(1); } + /* check permissions */ + ret = stat(argv[1], &st); + if (ret < 0) { + fprintf(stderr, "Cannot find key: %s\n", argv[1]); + exit(1); + } + + if (st.st_mode & S_IROTH || st.st_mode & S_IRGRP || st.st_uid != 0) { + fprintf(stderr, "Key file must belong to root and must be readable by him only.\n"); + exit(1); + } + + /* read key */ + memset(&key, 0, sizeof(key)); fp = fopen(argv[1], "r"); size = fread(key.key, 1, sizeof(key.key), fp); |