From: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Date: Fri, 17 Feb 2023 20:13:46 +0000 (+0100)
Subject: Fix decryption with unexpected password
X-Git-Tag: accepted/tizen/unified/20230406.165733~5^2~27
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F90%2F288590%2F2;p=platform%2Fcore%2Fsecurity%2Fkey-manager.git

Fix decryption with unexpected password

Passing a password when a row was not additionally encrypted with one
did not fail as it should. Make it do so.

Change-Id: Ifd84cca1b55c67ef7e5b470cc42bb4efac6a0703
---

diff --git a/src/manager/crypto/sw-backend/store.cpp b/src/manager/crypto/sw-backend/store.cpp
index 3c5b898..a75d078 100644
--- a/src/manager/crypto/sw-backend/store.cpp
+++ b/src/manager/crypto/sw-backend/store.cpp
@@ -76,12 +76,15 @@ RawBuffer unpack(const RawBuffer &packed, const Password &pass)
 {
 	MessageBuffer buffer;
 	buffer.Push(RawBuffer(packed));
-	int encryptionScheme = 0;
+	int encryptionScheme = EncryptionScheme::NONE;
 	RawBuffer data;
 	buffer.Deserialize(encryptionScheme, data);
 
-	if (encryptionScheme == 0)
+	if (encryptionScheme == EncryptionScheme::NONE) {
+		if (!pass.empty())
+			ThrowErr(Exc::AuthenticationFailed, "Unexpected custom password.");
 		return data;
+	}
 
 	MessageBuffer internalBuffer;
 	internalBuffer.Push(std::move(data));
@@ -97,7 +100,6 @@ RawBuffer unpack(const RawBuffer &packed, const Password &pass)
 	 * AES GCM will check data integrity and handle cases where:
 	 * - wrong password is used
 	 * - password is empty when it shouldn't be
-	 * - password is not empty when it should be
 	 */
 	RawBuffer key = passwordToKey(pass, iv, Params::DERIVED_KEY_LENGTH);