fix(measured-boot): don't strip last non-0 char
With the current implementation of stripping the last null
byte from a string, there was no way to get the TF-M measured
boot test suite to pass. It would expect the size of the string
passed into extend measurement to be unaffected by the call.
This fix should allow passing a string with the null char
pre-stripped, allowing the tests to exclude the null char in
their test data and not have the length decremented.
Further, This patch adds an early exit if either the version
or sw_type is larger than its buffer. Without this check,
it may be possible to pass a length one more than the maximum,
and if the last element is a null, the length will be truncated
to fit. This is instead suppsed to return an error.
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Change-Id: I98e1bb53345574d4645513009883c6e7b6612531
diff --git a/include/lib/psa/measured_boot.h b/include/lib/psa/measured_boot.h
index 231da2c..af624a6 100644
--- a/include/lib/psa/measured_boot.h
+++ b/include/lib/psa/measured_boot.h
@@ -36,10 +36,10 @@
* signer_id Pointer to signer_id buffer.
* signer_id_size Size of the signer_id in bytes.
* version Pointer to version buffer.
- * version_size Size of the version string in bytes (with \0).
+ * version_size Size of the version string in bytes.
* measurement_algo Algorithm identifier used for measurement.
* sw_type Pointer to sw_type buffer.
- * sw_type_size Size of the sw_type string in bytes (with \0).
+ * sw_type_size Size of the sw_type string in bytes.
* measurement_value Pointer to measurement_value buffer.
* measurement_value_size Size of the measurement_value in bytes.
* lock_measurement Boolean flag requesting whether the measurement
diff --git a/lib/psa/measured_boot.c b/lib/psa/measured_boot.c
index 10c43f1..c359e9f 100644
--- a/lib/psa/measured_boot.c
+++ b/lib/psa/measured_boot.c
@@ -80,16 +80,23 @@
.lock_measurement = lock_measurement,
.measurement_algo = measurement_algo,
.sw_type = {0},
- /* Removing \0 */
- .sw_type_size = (sw_type_size > 0) ? (sw_type_size - 1) : 0,
+ .sw_type_size = sw_type_size,
};
+ if (version_size > VERSION_MAX_SIZE) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+
+ if (version_size > 0 && version[version_size - 1] == '\0') {
+ version_size--;
+ }
+
psa_invec in_vec[] = {
{.base = &extend_iov,
.len = sizeof(struct measured_boot_extend_iovec_t)},
{.base = signer_id, .len = signer_id_size},
- {.base = version,
- .len = (version_size > 0) ? (version_size - 1) : 0},
+ {.base = version, .len = version_size },
{.base = measurement_value, .len = measurement_value_size}
};
@@ -97,6 +104,9 @@
if (extend_iov.sw_type_size > SW_TYPE_MAX_SIZE) {
return PSA_ERROR_INVALID_ARGUMENT;
}
+ if (sw_type_size > 0 && sw_type[sw_type_size - 1] == '\0') {
+ extend_iov.sw_type_size--;
+ }
memcpy(extend_iov.sw_type, sw_type, extend_iov.sw_type_size);
}