fix(measured-boot): don't strip last non-0 char

With the current implementation of stripping the last null byte from a string, there was no way to get the TF-M measured boot test suite to pass. It would expect the size of the string passed into extend measurement to be unaffected by the call. This fix should allow passing a string with the null char pre-stripped, allowing the tests to exclude the null char in their test data and not have the length decremented. Further, This patch adds an early exit if either the version or sw_type is larger than its buffer. Without this check, it may be possible to pass a length one more than the maximum, and if the last element is a null, the length will be truncated to fit. This is instead suppsed to return an error. Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com> Change-Id: I98e1bb53345574d4645513009883c6e7b6612531
2025-04-16 09:34:18 +00:00 · 2023-03-20 09:00:30 -05:00 · 2023-03-20 09:00:30 -05:00 · b85bcb8ec9
commit b85bcb8ec9
parent a0a4bf488d
2 changed files with 16 additions and 6 deletions
--- a/include/lib/psa/measured_boot.h
+++ b/include/lib/psa/measured_boot.h
@ -36,10 +36,10 @@
 * signer_id			Pointer to signer_id buffer.
 * signer_id_size		Size of the signer_id in bytes.
 * version			Pointer to version buffer.
- * version_size			Size of the version string in bytes (with \0).
+ * version_size			Size of the version string in bytes.
 * measurement_algo		Algorithm identifier used for measurement.
 * sw_type			Pointer to sw_type buffer.
- * sw_type_size			Size of the sw_type string in bytes (with \0).
+ * sw_type_size			Size of the sw_type string in bytes.
 * measurement_value		Pointer to measurement_value buffer.
 * measurement_value_size	Size of the measurement_value in bytes.
 * lock_measurement		Boolean flag requesting whether the measurement
--- a/lib/psa/measured_boot.c
+++ b/lib/psa/measured_boot.c
@ -80,16 +80,23 @@ rss_measured_boot_extend_measurement(uint8_t index,
 		.lock_measurement = lock_measurement,
 		.measurement_algo = measurement_algo,
 		.sw_type = {0},
-		/* Removing \0 */
-		.sw_type_size = (sw_type_size > 0) ? (sw_type_size - 1) : 0,
+		.sw_type_size = sw_type_size,
 	};

+	if (version_size > VERSION_MAX_SIZE) {
+		return PSA_ERROR_INVALID_ARGUMENT;
+	}
+
+
+	if (version_size > 0 && version[version_size - 1] == '\0') {
+		version_size--;
+	}
+
 	psa_invec in_vec[] = {
 		{.base = &extend_iov,
 			.len = sizeof(struct measured_boot_extend_iovec_t)},
 		{.base = signer_id, .len = signer_id_size},
-		{.base = version,
-			.len = (version_size > 0) ? (version_size - 1) : 0},
+		{.base = version, .len = version_size },
 		{.base = measurement_value, .len = measurement_value_size}
 	};

@ -97,6 +104,9 @@ rss_measured_boot_extend_measurement(uint8_t index,
 		if (extend_iov.sw_type_size > SW_TYPE_MAX_SIZE) {
 			return PSA_ERROR_INVALID_ARGUMENT;
 		}
+		if (sw_type_size > 0 && sw_type[sw_type_size - 1] == '\0') {
+			extend_iov.sw_type_size--;
+		}
 		memcpy(extend_iov.sw_type, sw_type, extend_iov.sw_type_size);
 	}