diff options
author | Kyungwook Tak <k.tak@samsung.com> | 2016-08-18 19:07:24 +0900 |
---|---|---|
committer | Kyungwook Tak <k.tak@samsung.com> | 2016-08-19 08:55:32 +0900 |
commit | f3aa104bbb7915328a8fc8895f3f014e2ed22f17 (patch) | |
tree | b0ccd9a89b328435045c2c2bdb67b3d2f04f17e6 | |
parent | 2ae8b90be07686640c4115b0760fde7fd315bb6d (diff) | |
download | key-manager-f3aa104bbb7915328a8fc8895f3f014e2ed22f17.tar.gz key-manager-f3aa104bbb7915328a8fc8895f3f014e2ed22f17.tar.bz2 key-manager-f3aa104bbb7915328a8fc8895f3f014e2ed22f17.zip |
Fix sha1 digest length and type mismatch(size_t and uint)
Change-Id: Ia53c49ea40d225971a3061241ee90c58534eaf65
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
-rw-r--r-- | src/manager/service/ss-crypto.cpp | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/src/manager/service/ss-crypto.cpp b/src/manager/service/ss-crypto.cpp index 1da144ac..1e79b483 100644 --- a/src/manager/service/ss-crypto.cpp +++ b/src/manager/service/ss-crypto.cpp @@ -30,13 +30,15 @@ #include <dpl/log/log.h> +// lengths defined as macro to be used independent to type (size_t, unsigned int, int) +#define SALT_SIZE 32 +#define KEY_SIZE 16 +#define IV_SIZE KEY_SIZE + namespace CKM { namespace { -const int SALT_SIZE = 32; -const int KEY_SIZE = 16; - RawBuffer _get_key(const std::string &id) { unsigned char salt[SALT_SIZE]; @@ -56,8 +58,9 @@ RawBuffer _get_key(const std::string &id) RawBuffer _get_iv(const RawBuffer &src) { - RawBuffer iv(KEY_SIZE); - size_t ivlen = iv.size(); + RawBuffer iv(SHA_DIGEST_LENGTH); + + unsigned int ivlen = 0; if (::EVP_Digest(src.data(), src.size(), iv.data(), &ivlen, ::EVP_sha1(), nullptr) != 1) { @@ -65,6 +68,13 @@ RawBuffer _get_iv(const RawBuffer &src) return RawBuffer(); } + if (ivlen < IV_SIZE) { + LogError("Invalid iv size: " << ivlen); + return RawBuffer(); + } + + iv.resize(IV_SIZE); + return iv; } @@ -73,6 +83,16 @@ RawBuffer _decrypt(const RawBuffer &key, const RawBuffer &iv, const RawBuffer &c auto algo = ::EVP_aes_128_cbc(); int tmp_len = (ciphertext.size() / algo->block_size + 1) * algo->block_size; + if (key.size() != KEY_SIZE) { + LogError("Invalid key size: " << key.size() << ", expected: " << KEY_SIZE); + return RawBuffer(); + } + + if (iv.size() != IV_SIZE) { + LogError("Invalid iv size: " << iv.size() << ", expected: " << IV_SIZE); + return RawBuffer(); + } + RawBuffer plaintext(tmp_len, 0); std::unique_ptr<EVP_CIPHER_CTX, void(*)(EVP_CIPHER_CTX *)> ctxptr( |