Merge pull request wolfSSL#721 from danielinux/buffer-hardening

Multiple fixes: buffer bound checks

Author: rizlik

.github/workflows/test-library.yml

@@ -33,11 +33,6 @@ jobs:
         asym: [ed25519, ecc256, ecc384, ecc521, rsa2048, rsa3072, rsa4096, ed448]
         hash: [sha256, sha384, sha3]
 
-        # See https://github.com/wolfSSL/wolfBoot/issues/614 regarding exclusions:
-        exclude:
-          - math: "SPMATH=1 WOLFBOOT_SMALL_STACK=1"
-          - math: "SPMATHALL=1 WOLFBOOT_SMALL_STACK=1"
-
     steps:
       - uses: actions/checkout@v4
         with:
@@ -201,4 +196,3 @@ jobs:
           fi
 
           echo "Got expected non-zero exit and 'Failure' message."
-

Makefile

@@ -612,7 +612,7 @@ include/target.h: $(TARGET_H_TEMPLATE) FORCE
 	sed -e "s/@WOLFBOOT_DTS_UPDATE_ADDRESS@/$(WOLFBOOT_DTS_UPDATE_ADDRESS)/g" | \
 	sed -e "s/@WOLFBOOT_LOAD_ADDRESS@/$(WOLFBOOT_LOAD_ADDRESS)/g" | \
 	sed -e "s/@WOLFBOOT_LOAD_DTS_ADDRESS@/$(WOLFBOOT_LOAD_DTS_ADDRESS)/g" | \
-	sed -e "s/@WOLFBOOT_RAMBOOT_MAX_SIZE@/$(WOLFBOOT_RAMBOOT_MAX_SIZE)/g" | \
+	sed -e "s|@WOLFBOOT_RAMBOOT_MAX_SIZE_DEFINE@|$(if $(strip $(WOLFBOOT_RAMBOOT_MAX_SIZE)),#define WOLFBOOT_RAMBOOT_MAX_SIZE             $(WOLFBOOT_RAMBOOT_MAX_SIZE),/* WOLFBOOT_RAMBOOT_MAX_SIZE undefined */)|g" | \
 	sed -e "s/@WOLFBOOT_PARTITION_SELF_HEADER_ADDRESS@/$(WOLFBOOT_PARTITION_SELF_HEADER_ADDRESS)/g" \
 		> $@
 

docs/TPM.md

@@ -47,6 +47,10 @@ int wolfBoot_unseal_auth(const uint8_t* pubkey_hint, const uint8_t* policy, uint
     int index, uint8_t* secret, int* secret_sz, const byte* auth, int authSz);
 ```
 
+For `wolfBoot_unseal_auth()`, `*secret_sz` is an in/out parameter: set it to the
+capacity of `secret` before the call, and on success it is updated to the
+number of bytes unsealed.
+
 By default this index will be based on an NV Index at `(0x01400300 + index)`.
 The default NV base can be overridden with `WOLFBOOT_TPM_SEAL_NV_BASE`.
 

hal/stm32h7.c

@@ -23,6 +23,9 @@
 
 static uint32_t stm32h7_cache[STM32H7_WORD_SIZE / sizeof(uint32_t)];
 
+#define FLASH_BANK_1 0
+#define FLASH_BANK_2 1
+
 static void RAMFUNCTION flash_set_waitstates(unsigned int waitstates)
 {
     uint32_t reg = FLASH_ACR;
@@ -38,7 +41,7 @@ static RAMFUNCTION void flash_wait_last(void)
 
 static RAMFUNCTION void flash_wait_complete(uint8_t bank)
 {
-    if (bank == 0) {
+    if (bank == FLASH_BANK_1) {
         while ((FLASH_SR1 & FLASH_SR_QW) == FLASH_SR_QW);
     }
     else {
@@ -48,7 +51,7 @@ static RAMFUNCTION void flash_wait_complete(uint8_t bank)
 
 static void RAMFUNCTION flash_clear_errors(uint8_t bank)
 {
-    if (bank == 0) {
+    if (bank == FLASH_BANK_1) {
         FLASH_SR1 |= (FLASH_SR_WRPERR | FLASH_SR_PGSERR | FLASH_SR_STRBERR |
                       FLASH_SR_INCERR | FLASH_SR_OPERR | FLASH_SR_RDPERR |
                       FLASH_SR_RDSERR | FLASH_SR_SNECCERR | FLASH_SR_DBECCERR);
@@ -62,7 +65,7 @@ static void RAMFUNCTION flash_clear_errors(uint8_t bank)
 
 static void RAMFUNCTION flash_program_on(uint8_t bank)
 {
-    if (bank == 0) {
+    if (bank == FLASH_BANK_1) {
         FLASH_CR1 |= FLASH_CR_PG;
         while ((FLASH_CR1 & FLASH_CR_PG) == 0)
             ;
@@ -76,7 +79,7 @@ static void RAMFUNCTION flash_program_on(uint8_t bank)
 
 static void RAMFUNCTION flash_program_off(uint8_t bank)
 {
-    if (bank == 0) {
+    if (bank == FLASH_BANK_1) {
         FLASH_CR1 &= ~FLASH_CR_PG;
     }
     else {
@@ -88,22 +91,22 @@ int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len)
 {
     int i = 0, ii =0;
     uint32_t *src, *dst;
-    uint8_t bank=0;
+    uint8_t bank = FLASH_BANK_1;
     uint8_t *vbytes = (uint8_t *)(stm32h7_cache);
     int off;
     uint32_t base_addr;
 
     if ((address & FLASH_BANK2_BASE_REL) != 0) {
-        bank = 1;
+        bank = FLASH_BANK_2;
     }
 
     while (i < len) {
         if ((len - i > 32) && ((((address + i) & 0x1F) == 0) &&
             ((((uint32_t)data) + i) & 0x1F) == 0))
         {
             flash_wait_last();
-            flash_clear_errors(0);
-            flash_clear_errors(1);
+            flash_clear_errors(FLASH_BANK_1);
+            flash_clear_errors(FLASH_BANK_2);
             flash_program_on(bank);
             flash_wait_complete(bank);
             src = (uint32_t *)(data + i);
@@ -140,8 +143,8 @@ int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len)
 
             /* Actual write from cache to FLASH */
             flash_wait_last();
-            flash_clear_errors(0);
-            flash_clear_errors(1);
+            flash_clear_errors(FLASH_BANK_1);
+            flash_clear_errors(FLASH_BANK_2);
             flash_program_on(bank);
             flash_wait_complete(bank);
             ISB();
@@ -160,7 +163,7 @@ int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len)
 
 void RAMFUNCTION hal_flash_unlock(void)
 {
-    flash_wait_complete(1);
+    flash_wait_complete(FLASH_BANK_1);
     if ((FLASH_CR1 & FLASH_CR_LOCK) != 0) {
         FLASH_KEYR1 = FLASH_KEY1;
         DMB();
@@ -170,7 +173,7 @@ void RAMFUNCTION hal_flash_unlock(void)
             ;
     }
 
-    flash_wait_complete(2);
+    flash_wait_complete(FLASH_BANK_2);
     if ((FLASH_CR2 & FLASH_CR_LOCK) != 0) {
         FLASH_KEYR2 = FLASH_KEY1;
         DMB();
@@ -183,11 +186,11 @@ void RAMFUNCTION hal_flash_unlock(void)
 
 void RAMFUNCTION hal_flash_lock(void)
 {
-    flash_wait_complete(1);
+    flash_wait_complete(FLASH_BANK_1);
     if ((FLASH_CR1 & FLASH_CR_LOCK) == 0)
         FLASH_CR1 |= FLASH_CR_LOCK;
 
-    flash_wait_complete(2);
+    flash_wait_complete(FLASH_BANK_2);
     if ((FLASH_CR2 & FLASH_CR_LOCK) == 0)
         FLASH_CR2 |= FLASH_CR_LOCK;
 }
@@ -211,7 +214,7 @@ int RAMFUNCTION hal_flash_erase(uint32_t address, int len)
                 (((p >> 17) << FLASH_CR_SNB_SHIFT) | FLASH_CR_SER | 0x00);
             DMB();
             FLASH_CR1 |= FLASH_CR_STRT;
-            flash_wait_complete(1);
+            flash_wait_complete(FLASH_BANK_1);
         }
         if ((p>= FLASH_BANK2_BASE_REL) &&
             (p <= (FLASH_TOP - FLASHMEM_ADDRESS_SPACE))) {
@@ -222,7 +225,7 @@ int RAMFUNCTION hal_flash_erase(uint32_t address, int len)
                 (((p >> 17) << FLASH_CR_SNB_SHIFT) | FLASH_CR_SER | 0x00);
             DMB();
             FLASH_CR2 |= FLASH_CR_STRT;
-            flash_wait_complete(2);
+            flash_wait_complete(FLASH_BANK_2);
         }
     }
     return 0;
@@ -619,4 +622,3 @@ int hal_flash_otp_read(uint32_t flashAddress, void* data, uint32_t length)
 }
 
 #endif /* FLASH_OTP_KEYSTORE */
-

include/target.h.in

@@ -118,7 +118,7 @@
 #endif
 
 /* Optional RAM-boot image size cap for targets without partitions */
-#define WOLFBOOT_RAMBOOT_MAX_SIZE             @WOLFBOOT_RAMBOOT_MAX_SIZE@
+@WOLFBOOT_RAMBOOT_MAX_SIZE_DEFINE@
 #define WOLFBOOT_LOAD_DTS_ADDRESS             @WOLFBOOT_LOAD_DTS_ADDRESS@
 
 

src/image.c

@@ -1143,6 +1143,7 @@ static void key_sha384(uint8_t key_slot, uint8_t *hash)
     int pubkey_sz = keystore_get_size(key_slot);
     wc_Sha384 sha384_ctx;
 
+    memset(hash, 0, SHA384_DIGEST_SIZE);
     if (!pubkey || (pubkey_sz < 0))
         return;
 
@@ -1237,6 +1238,7 @@ static void key_sha3_384(uint8_t key_slot, uint8_t *hash)
     int pubkey_sz = keystore_get_size(key_slot);
     wc_Sha3 sha3_ctx;
 
+    memset(hash, 0, WC_SHA3_384_DIGEST_SIZE);
     if (!pubkey || (pubkey_sz < 0))
         return;
     wc_InitSha3_384(&sha3_ctx, NULL, INVALID_DEVID);
@@ -1306,9 +1308,9 @@ int wolfBoot_open_image_address(struct wolfBoot_image *img, uint8_t *image)
 
 #ifdef WOLFBOOT_FIXED_PARTITIONS
     if (img->fw_size > (WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE)) {
-        wolfBoot_printf("Image size %d > max %d\n",
+        wolfBoot_printf("Image size %u > max %u\n",
             (unsigned int)img->fw_size,
-            (WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE));
+            (unsigned int)(WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE));
         img->fw_size = WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE;
         return -1;
     }
@@ -1317,6 +1319,14 @@ int wolfBoot_open_image_address(struct wolfBoot_image *img, uint8_t *image)
     }
     img->trailer = img->hdr + WOLFBOOT_PARTITION_SIZE;
 #else
+#ifdef WOLFBOOT_RAMBOOT_MAX_SIZE
+    if (img->fw_size > WOLFBOOT_RAMBOOT_MAX_SIZE) {
+        wolfBoot_printf("Image size %u > max %u\n",
+            (unsigned int)img->fw_size,
+            (unsigned int)WOLFBOOT_RAMBOOT_MAX_SIZE);
+        return -1;
+    }
+#endif
     if (img->hdr == NULL) {
         img->hdr = image;
     }

src/libwolfboot.c

@@ -374,6 +374,8 @@ static int RAMFUNCTION partition_magic_write(uint8_t part, uintptr_t addr)
     XMEMCPY(NVM_CACHE, (void*)addr_read, NVM_CACHE_SIZE);
     XMEMCPY(NVM_CACHE + off, &wolfboot_magic_trail, sizeof(uint32_t));
     ret = hal_flash_write(addr_write, NVM_CACHE, WOLFBOOT_SECTOR_SIZE);
+    if (ret != 0)
+        return ret;
     nvm_cached_sector = !nvm_cached_sector;
     ret = hal_flash_erase(addr_read, WOLFBOOT_SECTOR_SIZE);
     return ret;

src/string.c

@@ -98,8 +98,9 @@ char *strcat(char *dest, const char *src)
 {
     size_t i = 0;
     size_t j = strlen(dest);
+    size_t src_len = strlen(src);
 
-    for (i = 0; i < strlen(src); i++) {
+    for (i = 0; i < src_len; i++) {
         dest[j++] = src[i];
     }
     dest[j] = '\0';
@@ -186,6 +187,10 @@ char *strncpy(char *dst, const char *src, size_t n)
             break;
     }
 
+    while (++i < n) {
+        dst[i] = '\0';
+    }
+
     return dst;
 }
 

src/tpm.c

@@ -44,6 +44,19 @@ WOLFTPM2_KEY     wolftpm_srk;
 #endif
 
 #if defined(WOLFBOOT_TPM_SEAL) || defined(WOLFBOOT_TPM_KEYSTORE)
+static int wolfBoot_constant_compare(const uint8_t* a, const uint8_t* b,
+    uint32_t len)
+{
+    uint32_t i;
+    uint8_t diff = 0;
+
+    for (i = 0; i < len; i++) {
+        diff |= a[i] ^ b[i];
+    }
+
+    return diff;
+}
+
 void wolfBoot_print_hexstr(const unsigned char* bin, unsigned long sz,
     unsigned long maxLine)
 {
@@ -605,6 +618,8 @@ int wolfBoot_store_blob(TPMI_RH_NV_AUTH authHandle, uint32_t nvIndex,
     if (authSz > 0) {
         if (auth == NULL)
             return BAD_FUNC_ARG;
+        if (authSz > sizeof(nv.handle.auth.buffer))
+            return BAD_FUNC_ARG;
         nv.handle.auth.size = authSz;
         memcpy(nv.handle.auth.buffer, auth, authSz);
     }
@@ -685,6 +700,8 @@ int wolfBoot_read_blob(uint32_t nvIndex, WOLFTPM2_KEYBLOB* blob,
     if (authSz > 0) {
         if (auth == NULL)
             return BAD_FUNC_ARG;
+        if (authSz > sizeof(nv.handle.auth.buffer))
+            return BAD_FUNC_ARG;
         nv.handle.auth.size = authSz;
         memcpy(nv.handle.auth.buffer, auth, authSz);
     }
@@ -696,9 +713,14 @@ int wolfBoot_read_blob(uint32_t nvIndex, WOLFTPM2_KEYBLOB* blob,
         (uint8_t*)&blob->pub.size, &readSz, pos);
     if (rc == 0) {
         pos += readSz;
-        readSz = blob->pub.size;
-        rc = wolfTPM2_NVReadAuth(&wolftpm_dev, &nv, nv.handle.hndl,
-            pubAreaBuffer, &readSz, pos);
+        if (blob->pub.size > sizeof(pubAreaBuffer)) {
+            rc = BUFFER_E;
+        }
+        else {
+            readSz = blob->pub.size;
+            rc = wolfTPM2_NVReadAuth(&wolftpm_dev, &nv, nv.handle.hndl,
+                pubAreaBuffer, &readSz, pos);
+        }
     }
     if (rc == 0) {
         pos += readSz;
@@ -712,9 +734,14 @@ int wolfBoot_read_blob(uint32_t nvIndex, WOLFTPM2_KEYBLOB* blob,
     }
     if (rc == 0) {
         pos += sizeof(blob->priv.size);
-        readSz = blob->priv.size;
-        rc = wolfTPM2_NVReadAuth(&wolftpm_dev, &nv, nv.handle.hndl,
-            blob->priv.buffer, &readSz, pos);
+        if (blob->priv.size > sizeof(blob->priv.buffer)) {
+            rc = BUFFER_E;
+        }
+        else {
+            readSz = blob->priv.size;
+            rc = wolfTPM2_NVReadAuth(&wolftpm_dev, &nv, nv.handle.hndl,
+                blob->priv.buffer, &readSz, pos);
+        }
     }
     if (rc == 0) {
         pos += blob->priv.size;
@@ -744,6 +771,8 @@ int wolfBoot_delete_blob(TPMI_RH_NV_AUTH authHandle, uint32_t nvIndex,
     if (authSz > 0) {
         if (auth == NULL)
             return BAD_FUNC_ARG;
+        if (authSz > sizeof(nv.handle.auth.buffer))
+            return BAD_FUNC_ARG;
         nv.handle.auth.size = authSz;
         memcpy(nv.handle.auth.buffer, auth, authSz);
     }
@@ -925,6 +954,7 @@ int wolfBoot_unseal_blob(const uint8_t* pubkey_hint,
     const uint8_t* auth, int authSz)
 {
     int rc, i;
+    int secret_capacity;
     WOLFTPM2_SESSION policy_session;
     uint32_t key_type;
     TPM_ALG_ID pcrAlg = WOLFBOOT_TPM_PCR_ALG;
@@ -949,8 +979,13 @@ int wolfBoot_unseal_blob(const uint8_t* pubkey_hint,
         return -1;
     }
 
+    secret_capacity = *secret_sz;
     *secret_sz = 0; /* init */
 
+    if (secret_capacity < 0) {
+        return BAD_FUNC_ARG;
+    }
+
     /* extract pcrMask and populate PCR selection array */
     memcpy(&pcrMask, policy, sizeof(pcrMask));
     memset(pcrArray, 0, sizeof(pcrArray));
@@ -1069,9 +1104,16 @@ int wolfBoot_unseal_blob(const uint8_t* pubkey_hint,
         rc = TPM2_Unseal(&unsealIn, &unsealOut);
     }
     if (rc == 0) {
-        *secret_sz = unsealOut.outData.size;
-        memcpy(secret, unsealOut.outData.buffer, *secret_sz);
+        if (unsealOut.outData.size > WOLFBOOT_MAX_SEAL_SZ ||
+                (int)unsealOut.outData.size > secret_capacity) {
+            rc = BUFFER_E;
+        }
+        else {
+            *secret_sz = unsealOut.outData.size;
+            memcpy(secret, unsealOut.outData.buffer, *secret_sz);
+        }
     }
+    TPM2_ForceZero(&unsealOut, sizeof(unsealOut));
 
     wolfTPM2_UnloadHandle(&wolftpm_dev, &seal_blob->handle);
     wolfTPM2_UnloadHandle(&wolftpm_dev, &policy_session.handle);
@@ -1486,7 +1528,8 @@ int wolfBoot_check_rot(int key_slot, uint8_t* pubkey_hint)
         if (rc == 0) {
             /* verify the hint (hash) matches */
             if (digestSz == WOLFBOOT_SHA_DIGEST_SIZE &&
-                memcmp(digest, pubkey_hint, WOLFBOOT_SHA_DIGEST_SIZE) == 0) {
+                wolfBoot_constant_compare(digest, pubkey_hint,
+                    WOLFBOOT_SHA_DIGEST_SIZE) == 0) {
                 wolfBoot_printf("TPM Root of Trust valid (id %d)\n", key_slot);
             }
             else {