| Message ID | 20231204100620.27789-2-Michael.Glembotzki@iris-sensing.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [V2,01/10] util: BUG: set_aes_key does not fail on invalid aes key or ivt | expand |
Hi Michael, On 04.12.23 11:05, Michael Glembotzki wrote: > When parsing an invalid hex string for the aes key or ivt no error is > returned. > > Check if aes key and ivt are valid hex strings. > > Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com> > --- > core/util.c | 25 +++++++++++++++++++++++++ > include/util.h | 1 + > 2 files changed, 26 insertions(+) > > diff --git a/core/util.c b/core/util.c > index cb2cf78..e206ce7 100644 > --- a/core/util.c > +++ b/core/util.c > @@ -520,6 +520,23 @@ unsigned char *get_aes_ivt(void) { > return aes_key->ivt; > } > > +int is_hex_str(const char *ascii) { There are further is_<check_something>() functions in SWUpdate, and they return (or they should) a bool. The semantic means "if is what we check" we return true - as example, is_valid_state(), is_bootloader(),... You are using the opposite logic here, returning true if it is not a hex. > + unsigned int i, size; > + > + if (!ascii) > + return -1; > + > + size = strlen(ascii); > + if (!size) > + return -1; > + > + for (i = 0; i < size; ++i) { > + if (!isxdigit(ascii[i])) > + return -1; > + } > + return 0; > +} > + > int set_aes_key(const char *key, const char *ivt) > { > int ret; > @@ -534,6 +551,11 @@ int set_aes_key(const char *key, const char *ivt) > return -ENOMEM; > } > > + if (strlen(ivt) != (AES_BLK_SIZE*2) || is_hex_str(ivt)) { > + ERROR("Invalid ivt"); > + return -EINVAL; > + } > + > ret = ascii_to_bin(aes_key->ivt, sizeof(aes_key->ivt), ivt); > #ifdef CONFIG_PKCS11 > keylen = strlen(key) + 1; > @@ -551,12 +573,15 @@ int set_aes_key(const char *key, const char *ivt) > aes_key->keylen = keylen / 2; > break; > default: > + ERROR("Invalid aes_key length"); > return -EINVAL; > } > + ret |= is_hex_str(key); > ret |= ascii_to_bin(aes_key->key, aes_key->keylen, key); This should then rechecked when return value is bool. > #endif > > if (ret) { > + ERROR("Invalid aes_key"); > return -EINVAL; > } > > diff --git a/include/util.h b/include/util.h > index dc0b957..afe3a4f 100644 > --- a/include/util.h > +++ b/include/util.h > @@ -162,6 +162,7 @@ int ascii_to_hash(unsigned char *hash, const char *s); > int ascii_to_bin(unsigned char *dest, size_t dstlen, const char *src); > void hash_to_ascii(const unsigned char *hash, char *s); > int IsValidHash(const unsigned char *hash); > +int is_hex_str(const char *ascii); > > #ifndef typeof > #define typeof __typeof__ Best regards, Stefano
diff --git a/core/util.c b/core/util.c index cb2cf78..e206ce7 100644 --- a/core/util.c +++ b/core/util.c @@ -520,6 +520,23 @@ unsigned char *get_aes_ivt(void) { return aes_key->ivt; } +int is_hex_str(const char *ascii) { + unsigned int i, size; + + if (!ascii) + return -1; + + size = strlen(ascii); + if (!size) + return -1; + + for (i = 0; i < size; ++i) { + if (!isxdigit(ascii[i])) + return -1; + } + return 0; +} + int set_aes_key(const char *key, const char *ivt) { int ret; @@ -534,6 +551,11 @@ int set_aes_key(const char *key, const char *ivt) return -ENOMEM; } + if (strlen(ivt) != (AES_BLK_SIZE*2) || is_hex_str(ivt)) { + ERROR("Invalid ivt"); + return -EINVAL; + } + ret = ascii_to_bin(aes_key->ivt, sizeof(aes_key->ivt), ivt); #ifdef CONFIG_PKCS11 keylen = strlen(key) + 1; @@ -551,12 +573,15 @@ int set_aes_key(const char *key, const char *ivt) aes_key->keylen = keylen / 2; break; default: + ERROR("Invalid aes_key length"); return -EINVAL; } + ret |= is_hex_str(key); ret |= ascii_to_bin(aes_key->key, aes_key->keylen, key); #endif if (ret) { + ERROR("Invalid aes_key"); return -EINVAL; } diff --git a/include/util.h b/include/util.h index dc0b957..afe3a4f 100644 --- a/include/util.h +++ b/include/util.h @@ -162,6 +162,7 @@ int ascii_to_hash(unsigned char *hash, const char *s); int ascii_to_bin(unsigned char *dest, size_t dstlen, const char *src); void hash_to_ascii(const unsigned char *hash, char *s); int IsValidHash(const unsigned char *hash); +int is_hex_str(const char *ascii); #ifndef typeof #define typeof __typeof__
When parsing an invalid hex string for the aes key or ivt no error is returned. Check if aes key and ivt are valid hex strings. Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com> --- core/util.c | 25 +++++++++++++++++++++++++ include/util.h | 1 + 2 files changed, 26 insertions(+)