Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2671d4eb authored by Android (Google) Code Review's avatar Android (Google) Code Review
Browse files

Merge change I70f91838 

* changes:
  keystore: Add paddings before checksumming.
parents 18d478a3 ced66258

cmds/keystore/keystore.c

+13 −10
Original line number Original line Diff line number Diff line
@@ -163,19 +163,23 @@ static struct __attribute__((packed)) { 
static int8_t encrypt_blob(char *name, AES_KEY *aes_key)

static int8_t encrypt_blob(char *name, AES_KEY *aes_key)

{

{

    uint8_t vector[AES_BLOCK_SIZE];

    uint8_t vector[AES_BLOCK_SIZE];

    int length = blob.length;

    int length;

    int fd;

    int fd;





    if (read(the_entropy, vector, AES_BLOCK_SIZE) != AES_BLOCK_SIZE) {

    if (read(the_entropy, vector, AES_BLOCK_SIZE) != AES_BLOCK_SIZE) {

        return SYSTEM_ERROR;

        return SYSTEM_ERROR;

    }

    }





    length += blob.value - blob.digested;

    length = (blob.length + blob.value - blob.encrypted) % AES_BLOCK_SIZE;

    if (length) {

        length = AES_BLOCK_SIZE - length;

    }



    length += blob.length + blob.value - blob.digested;

    blob.length = htonl(blob.length);

    blob.length = htonl(blob.length);

    MD5(blob.digested, length, blob.digest);

    MD5(blob.digested, length, blob.digest);





    length += blob.digested - blob.encrypted;

    length += blob.digested - blob.encrypted;

    length = (length + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE * AES_BLOCK_SIZE;

    memcpy(vector, blob.vector, AES_BLOCK_SIZE);

    memcpy(vector, blob.vector, AES_BLOCK_SIZE);

    AES_cbc_encrypt(blob.encrypted, blob.encrypted, length, aes_key, vector,

    AES_cbc_encrypt(blob.encrypted, blob.encrypted, length, aes_key, vector,

                    AES_ENCRYPT);

                    AES_ENCRYPT);
@@ -184,11 +188,9 @@ static int8_t encrypt_blob(char *name, AES_KEY *aes_key) 
    length += blob.encrypted - (uint8_t *)&blob;

    length += blob.encrypted - (uint8_t *)&blob;





    fd = open(".tmp", O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);

    fd = open(".tmp", O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);

    if (fd == -1 || write(fd, &blob, length) != length) {

    length -= write(fd, &blob, length);

        return SYSTEM_ERROR;

    }

    close(fd);

    close(fd);

    return rename(".tmp", name) ? SYSTEM_ERROR : NO_ERROR;

    return (length || rename(".tmp", name)) ? SYSTEM_ERROR : NO_ERROR;

}

}





static int8_t decrypt_blob(char *name, AES_KEY *aes_key)

static int8_t decrypt_blob(char *name, AES_KEY *aes_key)
@@ -210,14 +212,15 @@ static int8_t decrypt_blob(char *name, AES_KEY *aes_key) 
    AES_cbc_encrypt(blob.encrypted, blob.encrypted, length, aes_key,

    AES_cbc_encrypt(blob.encrypted, blob.encrypted, length, aes_key,

                    blob.vector, AES_DECRYPT);

                    blob.vector, AES_DECRYPT);

    length -= blob.digested - blob.encrypted;

    length -= blob.digested - blob.encrypted;

    if (!memcmp(blob.digest, MD5(blob.digested, length, NULL),

    if (memcmp(blob.digest, MD5(blob.digested, length, NULL),

               MD5_DIGEST_LENGTH)) {

               MD5_DIGEST_LENGTH)) {

        return VALUE_CORRUPTED;

        return VALUE_CORRUPTED;

    }

    }





    length -= blob.value - blob.digested;

    length -= blob.value - blob.digested;

    blob.length = ntohl(blob.length);

    blob.length = ntohl(blob.length);

    return (length < blob.length) ? VALUE_CORRUPTED : NO_ERROR;

    return (blob.length < 0 || blob.length > length) ? VALUE_CORRUPTED :

           NO_ERROR;

}

}





/* Here are the actions. Each of them is a function without arguments. All

/* Here are the actions. Each of them is a function without arguments. All