From b85bcb8ec92126c238572ed7d242115125e411e1 Mon Sep 17 00:00:00 2001 From: Jimmy Brisson Date: Mon, 20 Mar 2023 09:00:30 -0500 Subject: [PATCH] fix(measured-boot): don't strip last non-0 char With the current implementation of stripping the last null byte from a string, there was no way to get the TF-M measured boot test suite to pass. It would expect the size of the string passed into extend measurement to be unaffected by the call. This fix should allow passing a string with the null char pre-stripped, allowing the tests to exclude the null char in their test data and not have the length decremented. Further, This patch adds an early exit if either the version or sw_type is larger than its buffer. Without this check, it may be possible to pass a length one more than the maximum, and if the last element is a null, the length will be truncated to fit. This is instead suppsed to return an error. Signed-off-by: Jimmy Brisson Change-Id: I98e1bb53345574d4645513009883c6e7b6612531 --- include/lib/psa/measured_boot.h | 4 ++-- lib/psa/measured_boot.c | 18 ++++++++++++++---- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/include/lib/psa/measured_boot.h b/include/lib/psa/measured_boot.h index 231da2c3a..af624a6fc 100644 --- a/include/lib/psa/measured_boot.h +++ b/include/lib/psa/measured_boot.h @@ -36,10 +36,10 @@ * signer_id Pointer to signer_id buffer. * signer_id_size Size of the signer_id in bytes. * version Pointer to version buffer. - * version_size Size of the version string in bytes (with \0). + * version_size Size of the version string in bytes. * measurement_algo Algorithm identifier used for measurement. * sw_type Pointer to sw_type buffer. - * sw_type_size Size of the sw_type string in bytes (with \0). + * sw_type_size Size of the sw_type string in bytes. * measurement_value Pointer to measurement_value buffer. * measurement_value_size Size of the measurement_value in bytes. * lock_measurement Boolean flag requesting whether the measurement diff --git a/lib/psa/measured_boot.c b/lib/psa/measured_boot.c index 10c43f1f8..c359e9f85 100644 --- a/lib/psa/measured_boot.c +++ b/lib/psa/measured_boot.c @@ -80,16 +80,23 @@ rss_measured_boot_extend_measurement(uint8_t index, .lock_measurement = lock_measurement, .measurement_algo = measurement_algo, .sw_type = {0}, - /* Removing \0 */ - .sw_type_size = (sw_type_size > 0) ? (sw_type_size - 1) : 0, + .sw_type_size = sw_type_size, }; + if (version_size > VERSION_MAX_SIZE) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + + if (version_size > 0 && version[version_size - 1] == '\0') { + version_size--; + } + psa_invec in_vec[] = { {.base = &extend_iov, .len = sizeof(struct measured_boot_extend_iovec_t)}, {.base = signer_id, .len = signer_id_size}, - {.base = version, - .len = (version_size > 0) ? (version_size - 1) : 0}, + {.base = version, .len = version_size }, {.base = measurement_value, .len = measurement_value_size} }; @@ -97,6 +104,9 @@ rss_measured_boot_extend_measurement(uint8_t index, if (extend_iov.sw_type_size > SW_TYPE_MAX_SIZE) { return PSA_ERROR_INVALID_ARGUMENT; } + if (sw_type_size > 0 && sw_type[sw_type_size - 1] == '\0') { + extend_iov.sw_type_size--; + } memcpy(extend_iov.sw_type, sw_type, extend_iov.sw_type_size); }