@@ -520,6 +520,23 @@ unsigned char *get_aes_ivt(void) {
return aes_key->ivt;
}
+bool is_hex_str(const char *ascii) {
+ unsigned int i, size;
+
+ if (!ascii)
+ return false;
+
+ size = strlen(ascii);
+ if (!size)
+ return false;
+
+ for (i = 0; i < size; ++i) {
+ if (!isxdigit(ascii[i]))
+ return false;
+ }
+ return true;
+}
+
int set_aes_key(const char *key, const char *ivt)
{
int ret;
@@ -534,6 +551,11 @@ int set_aes_key(const char *key, const char *ivt)
return -ENOMEM;
}
+ if (strlen(ivt) != (AES_BLK_SIZE*2) || !is_hex_str(ivt)) {
+ ERROR("Invalid ivt");
+ return -EINVAL;
+ }
+
ret = ascii_to_bin(aes_key->ivt, sizeof(aes_key->ivt), ivt);
#ifdef CONFIG_PKCS11
keylen = strlen(key) + 1;
@@ -551,12 +573,15 @@ int set_aes_key(const char *key, const char *ivt)
aes_key->keylen = keylen / 2;
break;
default:
+ ERROR("Invalid aes_key length");
return -EINVAL;
}
+ ret |= !is_hex_str(key);
ret |= ascii_to_bin(aes_key->key, aes_key->keylen, key);
#endif
if (ret) {
+ ERROR("Invalid aes_key");
return -EINVAL;
}
@@ -163,6 +163,7 @@ int ascii_to_hash(unsigned char *hash, const char *s);
int ascii_to_bin(unsigned char *dest, size_t dstlen, const char *src);
void hash_to_ascii(const unsigned char *hash, char *s);
int IsValidHash(const unsigned char *hash);
+bool is_hex_str(const char *ascii);
#ifndef typeof
#define typeof __typeof__
When parsing an invalid hex string for the aes key or ivt no error is returned. Check if aes key and ivt are valid hex strings. Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com> --- core/util.c | 25 +++++++++++++++++++++++++ include/util.h | 1 + 2 files changed, 26 insertions(+)