diff options
Diffstat (limited to 'ncr-key.c')
| -rw-r--r-- | ncr-key.c | 74 |
1 files changed, 33 insertions, 41 deletions
@@ -287,9 +287,15 @@ fail: } -int ncr_key_assign_flags(struct key_item_st* item, unsigned int flags) +int ncr_key_update_flags(struct key_item_st* item, const struct nlattr *nla) { - if (!capable(CAP_SYS_ADMIN) && (flags & NCR_KEY_FLAG_WRAPPING) != 0) + uint32_t flags; + + if (nla == NULL) + return 0; + flags = nla_get_u32(nla); + if (!capable(CAP_SYS_ADMIN) + && (flags & (NCR_KEY_FLAG_WRAPPING | NCR_KEY_FLAG_UNWRAPPING)) != 0) return -EPERM; item->flags = flags; return 0; @@ -341,13 +347,10 @@ size_t tmp_size; goto fail; } - nla = tb[NCR_ATTR_KEY_FLAGS]; - if (nla != NULL) { - ret = ncr_key_assign_flags(item, nla_get_u32(nla)); - if (ret < 0) { - err(); - goto fail; - } + ret = ncr_key_update_flags(item, tb[NCR_ATTR_KEY_FLAGS]); + if (ret < 0) { + err(); + goto fail; } nla = tb[NCR_ATTR_KEY_ID]; @@ -434,13 +437,10 @@ size_t size; ncr_key_clear(item); /* we generate only secret keys */ - nla = tb[NCR_ATTR_KEY_FLAGS]; - if (nla != NULL) { - ret = ncr_key_assign_flags(item, nla_get_u32(nla)); - if (ret < 0) { - err(); - goto fail; - } + ret = ncr_key_update_flags(item, tb[NCR_ATTR_KEY_FLAGS]); + if (ret < 0) { + err(); + goto fail; } algo = _ncr_nla_to_properties(tb[NCR_ATTR_ALGORITHM]); @@ -495,7 +495,7 @@ fail: * Keysizes (2009-2010)". It maps the strength of public key algorithms to * symmetric ones. Should be kept up to date. */ -struct { +static const struct { unsigned int bits; /* sec level */ unsigned int rsa_bits; unsigned int dlog_bits; @@ -510,7 +510,7 @@ struct { {0,0,0} }; -unsigned int rsa_to_bits(unsigned int rsa_bits) +static unsigned int rsa_to_bits(unsigned int rsa_bits) { int i = 1; @@ -529,7 +529,7 @@ int i = 1; return ecrypt_vals[i-1].bits; } -unsigned int dlog_to_bits(unsigned int dlog_bits) +static unsigned int dlog_to_bits(unsigned int dlog_bits) { int i = 1; @@ -662,7 +662,6 @@ int ncr_key_generate_pair(struct ncr_lists *lst, const struct ncr_key_generate_pair *gen, struct nlattr *tb[]) { -const struct nlattr *nla; struct key_item_st* private = NULL; struct key_item_st* public = NULL; int ret; @@ -692,18 +691,15 @@ int ret; } public->type = public->algorithm->key_type; private->type = NCR_KEY_TYPE_PRIVATE; - nla = tb[NCR_ATTR_KEY_FLAGS]; - if (nla != NULL) { - ret = ncr_key_assign_flags(private, nla_get_u32(nla)); - if (ret < 0) { - err(); - goto fail; - } - ret = ncr_key_assign_flags(public, nla_get_u32(nla)); - if (ret < 0) { - err(); - goto fail; - } + ret = ncr_key_update_flags(private, tb[NCR_ATTR_KEY_FLAGS]); + if (ret < 0) { + err(); + goto fail; + } + ret = ncr_key_update_flags(public, tb[NCR_ATTR_KEY_FLAGS]); + if (ret < 0) { + err(); + goto fail; } public->flags |= (NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE); @@ -736,7 +732,6 @@ fail: int ncr_key_derive(struct ncr_lists *lst, const struct ncr_key_derive *data, struct nlattr *tb[]) { -const struct nlattr *nla; int ret; struct key_item_st* key = NULL; struct key_item_st* newkey = NULL; @@ -749,7 +744,7 @@ struct key_item_st* newkey = NULL; /* wrapping keys cannot be used for anything except wrapping. */ - if (key->flags & NCR_KEY_FLAG_WRAPPING) { + if (key->flags & NCR_KEY_FLAG_WRAPPING || key->flags & NCR_KEY_FLAG_UNWRAPPING) { err(); ret = -EINVAL; goto fail; @@ -763,13 +758,10 @@ struct key_item_st* newkey = NULL; ncr_key_clear(newkey); - nla = tb[NCR_ATTR_KEY_FLAGS]; - if (nla != NULL) { - ret = ncr_key_assign_flags(newkey, nla_get_u32(nla)); - if (ret < 0) { - err(); - goto fail; - } + ret = ncr_key_update_flags(newkey, tb[NCR_ATTR_KEY_FLAGS]); + if (ret < 0) { + err(); + goto fail; } switch (key->type) { |