2 files changed, 26 insertions, 3 deletions

diff --git a/ncr.c b/ncr.c
index c7f54942df3..352e0edf0a0 100644
--- a/ncr.c
+++ b/ncr.c
@@ -91,10 +91,17 @@ struct ncr_master_key_st st;
 		return -EINVAL;
 	}
 
+	if (st.key_size != 16 && st.key_size != 24 && st.key_size != 32) {
+		dprintk(0, KERN_DEBUG, "Master key size must be 16,24 or 32.\n");
+		return -EINVAL;
+	}
+
 	if (master_key.type != NCR_KEY_TYPE_INVALID) {
 		dprintk(0, KERN_DEBUG, "Master key was previously initialized.\n");
 	}
 
+	dprintk(0, KERN_INFO, "Intializing master key.\n");
+
 	master_key.type = NCR_KEY_TYPE_SECRET;
 	
 	memcpy(master_key.key.secret.data, st.key, st.key_size);
diff --git a/userspace/setkey.c b/userspace/setkey.c
index 2642b902c3a..535773d79b7 100644
--- a/userspace/setkey.c
+++ b/userspace/setkey.c
@@ -14,21 +14,37 @@
 #include <sys/stat.h>
 #include "../ncr.h"
 #include <stdlib.h>
-
-
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
 
 int main(int argc, char** argv)
 {
 	int fd = -1;
 	FILE* fp;
 	struct ncr_master_key_st key;
-	int size;
+	int size, ret;
+	struct stat st;
 	
 	if (argc != 2) {
 		fprintf(stderr, "Usage: setkey [filename]\n");
 		exit(1);
 	}
 	
+	/* check permissions */
+	ret = stat(argv[1], &st);
+	if (ret < 0) {
+		fprintf(stderr, "Cannot find key: %s\n", argv[1]);
+		exit(1);
+	}
+	
+	if (st.st_mode & S_IROTH || st.st_mode & S_IRGRP || st.st_uid != 0) {
+		fprintf(stderr, "Key file must belong to root and must be readable by him only.\n");
+		exit(1);
+	}
+	
+	/* read key */
+	
 	memset(&key, 0, sizeof(key));
 	fp = fopen(argv[1], "r");
 	size = fread(key.key, 1, sizeof(key.key), fp);