diff options
Diffstat (limited to 'ncr-sessions.c')
| -rw-r--r-- | ncr-sessions.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/ncr-sessions.c b/ncr-sessions.c index 2916729..0a48b23 100644 --- a/ncr-sessions.c +++ b/ncr-sessions.c @@ -250,6 +250,15 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses err(); goto fail; } + + /* wrapping keys cannot be used for encryption or decryption + */ + if (ns->key->flags & NCR_KEY_FLAG_WRAPPING) { + err(); + ret = -EINVAL; + goto fail; + } + if (ns->key->type == NCR_KEY_TYPE_SECRET) { int keysize = ns->key->key.secret.size; @@ -320,6 +329,14 @@ static int _ncr_session_init(struct ncr_lists* lists, struct ncr_session_st* ses goto fail; } + /* wrapping keys cannot be used for anything except wrapping. + */ + if (ns->key->flags & NCR_KEY_FLAG_WRAPPING) { + err(); + ret = -EINVAL; + goto fail; + } + if (ns->algorithm->is_hmac && ns->key->type == NCR_KEY_TYPE_SECRET) { if (ns->algorithm->kstr == NULL) { err(); |