From patchwork Fri Dec 15 14:19:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1876649 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=U5G9R3fy; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=hs4K71ab; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::33a; helo=mail-wm1-x33a.google.com; envelope-from=swupdate+bncbdy5juxlviebbsoc6gvqmgqe2nfpdiq@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-wm1-x33a.google.com (mail-wm1-x33a.google.com [IPv6:2a00:1450:4864:20::33a]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SsBJt378Rz1ySd for ; Sat, 16 Dec 2023 01:23:08 +1100 (AEDT) Received: by mail-wm1-x33a.google.com with SMTP id 5b1f17b1804b1-40c28da6667sf4470095e9.3 for ; Fri, 15 Dec 2023 06:23:08 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1702650186; cv=pass; d=google.com; s=arc-20160816; b=Lp1DshYfE7K+yv6ecUdb6MP9sCCR3FigCoAzAkNqM5rAObALZ5NHIr91n83Mwe12gi z+JZ1HVtnhOVfTPHkKtxQbk6Y7f0mlRoyGiBPFgjROmeO0urW2KwXE2zsJgA8Tn8c3tj VO4++DVoXh20VoXqI8vqCArHDb3PxQj5E/EVFke7P47Aw7R97hUI4Ap4PbMmcqLHPvtf eYsKctpneiwUx+SAUoRqF8IRYSoLK51DFW+7typThT+c1S8020Nik8ymub8cGD4/xtkt ZNfaUDHTAPa9lJdY2JnkzSydX8P67c79P2audhMNBq46G9aFrplDcg5XkE/WYws/cjsr J0ng== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature :dkim-signature; bh=yr7cJFdlHoaY1y1Cpeni0JAtpbCOAtJ/2Ab9QwjVMwA=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=oxki78yE1DGnfu+jBZts2nAadc7JCF48niqwLkqhNclw+fgzzdhuh7wTyuooAxiV2p rHY3j4ysin/uQU3TWlTkgf2lUh8clYzyVoOvof7qzY38oiScIsUdtENt8nL/pK6T8xFS 03mv8dbxH6s9YnGrGnyeEdlpt/lvzkXeVEnbrVinvFIoqztIkh2msdrryyIvf+F8CNy7 TUEk4CH+B02bmQWZRbPz8CBS70+O6nWO50jrvL9qI1ulUIu13cuzjZ3sDZQIdtO5XvNQ vN1DfeOklpGHVF3e0hB3itJW+K1dLeSrXybCARfxTOwmjefyJ1gCB7YkJnKOiPFr+ykL zxiA== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=hsPDCBjb; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62e as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1702650186; x=1703254986; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:sender:from:to:cc:subject:date:message-id :reply-to; bh=yr7cJFdlHoaY1y1Cpeni0JAtpbCOAtJ/2Ab9QwjVMwA=; b=U5G9R3fyDHK++xNpL5yUCsDgPuNmhFAX/ffI7QGw5QhAweSlwlzJcnUaljztsBCggu TNuAhveKXf8c4mABGEM6KyFytkC0mOs8NtmJlFeg1P7QhYgmoCviF+Z85nfIY7ksirrZ 6GsHEJMQJO5MzkYiQk5zu2MuvZ8kfJCUe5vYmVNMdmVlLQxZnNaVe7U09iQcQ/ZwQLjw YdVVmEiGAPfR3OZ0qkgeIDglorCOfado8CJ34R0zEgbXuJ1jP2+oKMMGe4gEZlbbBDVp gqwXn+RGII85Ax68qsVEyIG7dCb669lA4MD92WSu4sAueeUL6KZg36p07VWuIe7zg+No CfqQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702650186; x=1703254986; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=yr7cJFdlHoaY1y1Cpeni0JAtpbCOAtJ/2Ab9QwjVMwA=; b=hs4K71abAFI1evU6PlWf2eAoHCd65O3NeG4ZKeLl0dRiBpVIGLHCWGnBj2gpVmju6s OhTRSst21oXewfca/SgHh9DnVOc7n7J6pBhEYsi1TIg4SHWHjDxusELJBLwLb8Dmn1oj 2fH5Wn3OQyRZ0RF6kchMFXVHowxVsxlwtdQ0NoHb8+i8idKF1oFoq0L2EXxErgHBGIcR 1oH5MQ8TWcCCg2+VzlsN6qQHXRUVhSaoQkXiUAjKCzw3JFBKaSeIxMLoPrHa71ybRBEE ef3s8r6PFKxoNo2DwIJ2YaB7qEaipPZzBsooMkiO+zVENKF3CBkA6XNqwgX5qMuLjPoA G+1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702650186; x=1703254986; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=yr7cJFdlHoaY1y1Cpeni0JAtpbCOAtJ/2Ab9QwjVMwA=; b=LtGDvr9zGNibe958uf2xr9qo8X455WO187EWnw914Cvtat62PWQMdn/85htLArMHWj NDaMqxPl+c7mpzGfbu9rQXyuZDNXIgWzFd/U7YuhsvsQyjrq9MB7vbWIgALXlflXlDp+ jAb99n582ardRSXaPCAuZpf2IShKNVrRJrXV4Mu9AOFwOGhUePMQ4ssboBWFvZXxX2ai +OqYzA7+zyAzyGTaHkN5rqgEYSk5O4S1JOu6BHduvfnTMVfdgf6XOGE32+5hGnYjqZTT 8qJqzpgt0i0p1eQrYB85el+4Rr/iTd2JZx+QpN78diPuxWV1faAbxV0PtR8nhiAhBPva +KJQ== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YwNH294wUfhRa0RPsC6ZYDFjb7rTncd4JWsOW9cxneB8OzVH17t vqhIRJC51RtrWtNd2AhzB0c= X-Google-Smtp-Source: AGHT+IHiakHegexUjPQ/YQSATyuqq3BNeMsEQsZofOy6ZBVgCgcMaIMCLufmukTw4WXQIISD5IluGg== X-Received: by 2002:a05:600c:3b88:b0:40c:2a6c:a462 with SMTP id n8-20020a05600c3b8800b0040c2a6ca462mr3425829wms.78.1702650185545; Fri, 15 Dec 2023 06:23:05 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a05:600c:1c06:b0:40c:6025:3c4c with SMTP id j6-20020a05600c1c0600b0040c60253c4cls129722wms.1.-pod-prod-08-eu; Fri, 15 Dec 2023 06:23:03 -0800 (PST) X-Received: by 2002:a05:600c:22c3:b0:40c:61fe:383c with SMTP id 3-20020a05600c22c300b0040c61fe383cmr710304wmg.198.1702650183529; Fri, 15 Dec 2023 06:23:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702650183; cv=none; d=google.com; s=arc-20160816; b=PGMkxeNJ440MxfShSaR0G+pSI4GvVnzu9awpAD9mv9tZceerkrXYorgwtqogOuoNOB M6cPVR3t4ihyJisZQSvU/HHRNWkP53HT0kGirdznnkB6+fidDrV71gM5nCs/2AilCVp+ bhqDjrpqJJAxFrZ0dbRfuTpG/AIo2OtQkUB8A/yzyCSfF6nmTWmWx00oBTHXlNR6sgrb tc7KOHRB1yhHY7l+5FGzh9TIqVpJTbZWNALq/VL7mpHAFkOh3+LdbgmQke8OhDJrY3T6 Bb6agBRMGbNFZKfdyDCoLCJFp/yZOauPzifDb1zZ9swa3OE9LaVCbRcfY4MqJyuq7Krb xLFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Wrbi5DLpRqhk0VS+hgsl135dOTl6Cz3Hdri5mG1fERE=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=XJw4+WMDtZdpotXos2T20el0EqVRg7SZLNnTcEJotYBsA0T6qyKp/zG1IqdbT+bBaR bTtHR2r7XAZCejb3YT7pvaOhXDteUQCEPjgROtZoq/UyVhvZesZwmZDtUDmDF0QJ1t1m n8LIRIJKvNp14bg/grEECtkkPLlf2Ua3wyQaWtFY6jA8wujno7uNgwv3nWyVipryYoBt URYFrV5oWDu7LG7Tk2lEBsOFHiCUR7C9UmT5nGLO81FvPWMqABUEP3suToMOFtVTM6JC cdhdvDyE+oHoIFBdfG3ddWg9pj8/ZepChB2UgTw/iwWvjbiwE4UsZtPWbcO4SRRS5kwr tweA== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=hsPDCBjb; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62e as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com. [2a00:1450:4864:20::62e]) by gmr-mx.google.com with ESMTPS id p37-20020a05600c1da500b0040c37c4c22asi738317wms.0.2023.12.15.06.23.03 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 15 Dec 2023 06:23:03 -0800 (PST) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62e as permitted sender) client-ip=2a00:1450:4864:20::62e; Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-a1ef2f5ed01so97665266b.0 for ; Fri, 15 Dec 2023 06:23:03 -0800 (PST) X-Received: by 2002:a17:907:7292:b0:a19:d40a:d227 with SMTP id dt18-20020a170907729200b00a19d40ad227mr3591621ejc.243.1702650182790; Fri, 15 Dec 2023 06:23:02 -0800 (PST) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id vx6-20020a170907a78600b00a1e852ab3f0sm10944029ejc.15.2023.12.15.06.23.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Dec 2023 06:23:02 -0800 (PST) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [V3][PATCH 01/10] util: BUG: set_aes_key does not fail on invalid aes key or ivt Date: Fri, 15 Dec 2023 15:19:38 +0100 Message-ID: <20231215142251.52393-2-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231215142251.52393-1-Michael.Glembotzki@iris-sensing.com> References: <20231215142251.52393-1-Michael.Glembotzki@iris-sensing.com> MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=hsPDCBjb; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::62e as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , When parsing an invalid hex string for the aes key or ivt no error is returned. Check if aes key and ivt are valid hex strings. Signed-off-by: Michael Glembotzki --- core/util.c | 25 +++++++++++++++++++++++++ include/util.h | 1 + 2 files changed, 26 insertions(+) diff --git a/core/util.c b/core/util.c index cb2cf78..99ed628 100644 --- a/core/util.c +++ b/core/util.c @@ -520,6 +520,23 @@ unsigned char *get_aes_ivt(void) { return aes_key->ivt; } +bool is_hex_str(const char *ascii) { + unsigned int i, size; + + if (!ascii) + return false; + + size = strlen(ascii); + if (!size) + return false; + + for (i = 0; i < size; ++i) { + if (!isxdigit(ascii[i])) + return false; + } + return true; +} + int set_aes_key(const char *key, const char *ivt) { int ret; @@ -534,6 +551,11 @@ int set_aes_key(const char *key, const char *ivt) return -ENOMEM; } + if (strlen(ivt) != (AES_BLK_SIZE*2) || !is_hex_str(ivt)) { + ERROR("Invalid ivt"); + return -EINVAL; + } + ret = ascii_to_bin(aes_key->ivt, sizeof(aes_key->ivt), ivt); #ifdef CONFIG_PKCS11 keylen = strlen(key) + 1; @@ -551,12 +573,15 @@ int set_aes_key(const char *key, const char *ivt) aes_key->keylen = keylen / 2; break; default: + ERROR("Invalid aes_key length"); return -EINVAL; } + ret |= !is_hex_str(key); ret |= ascii_to_bin(aes_key->key, aes_key->keylen, key); #endif if (ret) { + ERROR("Invalid aes_key"); return -EINVAL; } diff --git a/include/util.h b/include/util.h index 1020bef..062840f 100644 --- a/include/util.h +++ b/include/util.h @@ -163,6 +163,7 @@ int ascii_to_hash(unsigned char *hash, const char *s); int ascii_to_bin(unsigned char *dest, size_t dstlen, const char *src); void hash_to_ascii(const unsigned char *hash, char *s); int IsValidHash(const unsigned char *hash); +bool is_hex_str(const char *ascii); #ifndef typeof #define typeof __typeof__