Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 2ba77c303c06234c44bdef1e7abcbfa7b747949e^! / . / keystore / blob.cpp
commit2ba77c303c06234c44bdef1e7abcbfa7b747949e[log] [tgz]
authorEran Messeri <eranm@google.com>Tue Dec 04 12:22:16 2018 +0000
committerEran Messeri <eranm@google.com>Tue Dec 04 12:35:27 2018 +0000
treebad7748e3a0e4ae77afa0f14c1f57d9a57830c2b
parente229d5efac0a84a3a24a1c07a5ddbd7b153853a8 [diff] [blame]
KeyStore: Fix key name decoding

The key name is encoded into the filename containing the (encrypted) key
material.

Since the key name might contain characters that are not valid in a
filename, the name is encoded using a multi-character custom encoding
scheme.

However, the decoding function did not decode the key name correctly -
in particular, spaces were decoded to 'P', causing CtsVerifier tests
that install a key with a space in the name to fail (due to internal
inconsistency between the key names in KeyChain's DB and key names
obtained from Keystore).

Fix by correctly compensating for the "carrier" character.

Test: atest keystore_unit_tests
Bug: 116716944
Change-Id: I0326a9d9e6912b04bb13b3b350ead8ddcfcc12f8

diff --git a/keystore/blob.cpp b/keystore/blob.cpp
index f08e08d..f887e80 100644
--- a/keystore/blob.cpp
+++ b/keystore/blob.cpp

@@ -559,15 +559,23 @@
  * [0-o]. Therefore in the worst case the length of a key gets doubled. Note
  * that Base64 cannot be used here due to the need of prefix match on keys. */
 
-static std::string encodeKeyName(const std::string& keyName) {
+std::string encodeKeyName(const std::string& keyName) {
     std::string encodedName;
     encodedName.reserve(keyName.size() * 2);
     auto in = keyName.begin();
     while (in != keyName.end()) {
+        // Input character needs to be encoded.
         if (*in < '0' || *in > '~') {
+            // Encode the two most-significant bits of the input char in the first
+            // output character, by counting up from 43 ('+').
             encodedName.append(1, '+' + (uint8_t(*in) >> 6));
+            // Encode the six least-significant bits of the input char in the second
+            // output character, by counting up from 48 ('0').
+            // This is safe because the maximum value is 112, which is the
+            // character 'p'.
             encodedName.append(1, '0' + (*in & 0x3F));
         } else {
+            // No need to encode input char - append as-is.
             encodedName.append(1, *in);
         }
         ++in;
@@ -575,7 +583,7 @@
     return encodedName;
 }
 
-static std::string decodeKeyName(const std::string& encodedName) {
+std::string decodeKeyName(const std::string& encodedName) {
     std::string decodedName;
     decodedName.reserve(encodedName.size());
     auto in = encodedName.begin();
@@ -583,12 +591,19 @@
     char c;
     while (in != encodedName.end()) {
         if (multichar) {
+            // Second part of a multi-character encoding. Turn off the multichar
+            // flag and set the six least-significant bits of c to the value originally
+            // encoded by counting up from '0'.
             multichar = false;
-            decodedName.append(1, c | *in);
+            decodedName.append(1, c | (uint8_t(*in) - '0'));
         } else if (*in >= '+' && *in <= '.') {
+            // First part of a multi-character encoding. Set the multichar flag
+            // and set the two most-significant bits of c to be the two bits originally
+            // encoded by counting up from '+'.
             multichar = true;
             c = (*in - '+') << 6;
         } else {
+            // Regular character, append as-is.
             decodedName.append(1, *in);
         }
         ++in;