From 51a92d357aebc84b45cf8c90061319d22b170bb5 Mon Sep 17 00:00:00 2001 From: Miloslav Trmač Date: Tue, 24 Aug 2010 20:43:13 +0200 Subject: Reject prohibited key flags immediately Silently ignoring user's requests is unexpected. --- examples/ncr.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) (limited to 'examples') diff --git a/examples/ncr.c b/examples/ncr.c index 5169a14..7de67ee 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -240,12 +240,18 @@ test_ncr_wrap_key(int cfd) keydata.idata = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; keydata.idata_size = 16; - if (ioctl(cfd, NCRIO_KEY_IMPORT, &keydata)) { + ret = ioctl(cfd, NCRIO_KEY_IMPORT, &keydata); + if (geteuid() == 0 && ret) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_IMPORT)"); return 1; } + if (geteuid() != 0) { + /* cannot test further */ + fprintf(stdout, "\t(Wrapping test not completed. Run as root)\n"); + return 0; + } /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &key2)) { @@ -279,19 +285,11 @@ test_ncr_wrap_key(int cfd) kwrap.io = data; kwrap.io_size = sizeof(data); - ret = ioctl(cfd, NCRIO_KEY_WRAP, &kwrap); - - if (geteuid() == 0 && ret) { + if (ioctl(cfd, NCRIO_KEY_WRAP, &kwrap)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); perror("ioctl(NCRIO_KEY_WRAP)"); return 1; } - - if (geteuid() != 0) { - /* cannot test further */ - fprintf(stdout, "\t(Wrapping test not completed. Run as root)\n"); - return 0; - } data_size = kwrap.io_size; -- cgit From 1ba66cab0563708d551e3462c249f1da21695882 Mon Sep 17 00:00:00 2001 From: Miloslav Trmač Date: Tue, 24 Aug 2010 20:56:09 +0200 Subject: Make it possible to import private keys --- examples/ncr.c | 4 ++++ examples/pk.c | 1 + 2 files changed, 5 insertions(+) (limited to 'examples') diff --git a/examples/ncr.c b/examples/ncr.c index 7de67ee..a02f750 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -321,6 +321,10 @@ test_ncr_wrap_key(int cfd) memset(&kwrap, 0, sizeof(kwrap)); kwrap.algorithm = NCR_WALG_AES_RFC3394; kwrap.keytowrap = key2; + kwrap.wrapped_key_algorithm = NCR_ALG_AES_CBC; + kwrap.wrapped_key_type = NCR_KEY_TYPE_SECRET; + kwrap.wrapped_key_flags + = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; kwrap.key = key; kwrap.io = data; kwrap.io_size = data_size; diff --git a/examples/pk.c b/examples/pk.c index 032ae98..7199d53 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -647,6 +647,7 @@ test_ncr_wrap_key3(int cfd) memset(&kwrap, 0, sizeof(kwrap)); kwrap.algorithm = NCR_WALG_AES_RFC5649; kwrap.wrapped_key_algorithm = NCR_ALG_RSA; + kwrap.wrapped_key_type = NCR_KEY_TYPE_PRIVATE; kwrap.keytowrap = privkey; kwrap.key = key; kwrap.io = data; -- cgit