[Problem] If old scheme row is not password protected and the user tries to
read it with non empty password it will get reencrypted with this password.
[Solution] Throw an authentication exception if password is not empty and row
is not password protected.
[Verification] Run ckm-tests-internal -t ENCRYPTION_SCHEME_TEST/T120_Read_wrong_pass
Change-Id: I44b270dbbefd043b6efb9371f0d7a81c1b234b31
if ((row.encryptionScheme & ENCR_PASSWORD) && password.empty()) {
ThrowErr(Exc::AuthenticationFailed,
if ((row.encryptionScheme & ENCR_PASSWORD) && password.empty()) {
ThrowErr(Exc::AuthenticationFailed,
- "DB row is password protected, but given password is "
- "empty.");
+ "DB row is password protected, but given password is empty.");
+ }
+
+ if(!(row.encryptionScheme & ENCR_PASSWORD) && !password.empty()) {
+ ThrowErr(Exc::AuthenticationFailed,
+ "DB row is not password protected, but given password is not empty.");
}
if ((row.encryptionScheme & ENCR_APPKEY) && !haveKey(row.ownerLabel)) {
}
if ((row.encryptionScheme & ENCR_APPKEY) && !haveKey(row.ownerLabel)) {
- ThrowErr(Exc::AuthenticationFailed, "Missing application key for ",
- row.ownerLabel, " label.");
+ ThrowErr(Exc::AuthenticationFailed,
+ "Missing application key for ",
+ row.ownerLabel,
+ " label.");