Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2671d4eb authored by Android (Google) Code Review's avatar Android (Google) Code Review
Browse files

Merge change I70f91838

* changes:
  keystore: Add paddings before checksumming.
parents 18d478a3 ced66258
Loading
Loading
Loading
Loading
+13 −10
Original line number Original line Diff line number Diff line
@@ -163,19 +163,23 @@ static struct __attribute__((packed)) {
static int8_t encrypt_blob(char *name, AES_KEY *aes_key)
static int8_t encrypt_blob(char *name, AES_KEY *aes_key)
{
{
    uint8_t vector[AES_BLOCK_SIZE];
    uint8_t vector[AES_BLOCK_SIZE];
    int length = blob.length;
    int length;
    int fd;
    int fd;


    if (read(the_entropy, vector, AES_BLOCK_SIZE) != AES_BLOCK_SIZE) {
    if (read(the_entropy, vector, AES_BLOCK_SIZE) != AES_BLOCK_SIZE) {
        return SYSTEM_ERROR;
        return SYSTEM_ERROR;
    }
    }


    length += blob.value - blob.digested;
    length = (blob.length + blob.value - blob.encrypted) % AES_BLOCK_SIZE;
    if (length) {
        length = AES_BLOCK_SIZE - length;
    }

    length += blob.length + blob.value - blob.digested;
    blob.length = htonl(blob.length);
    blob.length = htonl(blob.length);
    MD5(blob.digested, length, blob.digest);
    MD5(blob.digested, length, blob.digest);


    length += blob.digested - blob.encrypted;
    length += blob.digested - blob.encrypted;
    length = (length + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE * AES_BLOCK_SIZE;
    memcpy(vector, blob.vector, AES_BLOCK_SIZE);
    memcpy(vector, blob.vector, AES_BLOCK_SIZE);
    AES_cbc_encrypt(blob.encrypted, blob.encrypted, length, aes_key, vector,
    AES_cbc_encrypt(blob.encrypted, blob.encrypted, length, aes_key, vector,
                    AES_ENCRYPT);
                    AES_ENCRYPT);
@@ -184,11 +188,9 @@ static int8_t encrypt_blob(char *name, AES_KEY *aes_key)
    length += blob.encrypted - (uint8_t *)&blob;
    length += blob.encrypted - (uint8_t *)&blob;


    fd = open(".tmp", O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
    fd = open(".tmp", O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
    if (fd == -1 || write(fd, &blob, length) != length) {
    length -= write(fd, &blob, length);
        return SYSTEM_ERROR;
    }
    close(fd);
    close(fd);
    return rename(".tmp", name) ? SYSTEM_ERROR : NO_ERROR;
    return (length || rename(".tmp", name)) ? SYSTEM_ERROR : NO_ERROR;
}
}


static int8_t decrypt_blob(char *name, AES_KEY *aes_key)
static int8_t decrypt_blob(char *name, AES_KEY *aes_key)
@@ -210,14 +212,15 @@ static int8_t decrypt_blob(char *name, AES_KEY *aes_key)
    AES_cbc_encrypt(blob.encrypted, blob.encrypted, length, aes_key,
    AES_cbc_encrypt(blob.encrypted, blob.encrypted, length, aes_key,
                    blob.vector, AES_DECRYPT);
                    blob.vector, AES_DECRYPT);
    length -= blob.digested - blob.encrypted;
    length -= blob.digested - blob.encrypted;
    if (!memcmp(blob.digest, MD5(blob.digested, length, NULL),
    if (memcmp(blob.digest, MD5(blob.digested, length, NULL),
               MD5_DIGEST_LENGTH)) {
               MD5_DIGEST_LENGTH)) {
        return VALUE_CORRUPTED;
        return VALUE_CORRUPTED;
    }
    }


    length -= blob.value - blob.digested;
    length -= blob.value - blob.digested;
    blob.length = ntohl(blob.length);
    blob.length = ntohl(blob.length);
    return (length < blob.length) ? VALUE_CORRUPTED : NO_ERROR;
    return (blob.length < 0 || blob.length > length) ? VALUE_CORRUPTED :
           NO_ERROR;
}
}


/* Here are the actions. Each of them is a function without arguments. All
/* Here are the actions. Each of them is a function without arguments. All