From 1cd106eae9b177e6171a5e08ee96c66c86242e91 Mon Sep 17 00:00:00 2001 From: Matt Feddersen Date: Thu, 28 Mar 2024 18:00:09 -0700 Subject: [PATCH] OPK v17.3 --- CHANGELOG.md | 34 ++++ oemcrypto/include/OEMCryptoCENC.h | 4 +- oemcrypto/odk/include/core_message_features.h | 4 +- oemcrypto/odk/include/odk_structs.h | 4 +- oemcrypto/odk/src/core_message_features.cpp | 2 +- oemcrypto/odk/src/odk_timer.c | 2 +- oemcrypto/odk/test/odk_test.cpp | 1 + oemcrypto/oemcrypto_unittests.gyp | 1 + oemcrypto/opk/oemcrypto_ta/oemcrypto.c | 2 +- .../opk/oemcrypto_ta/oemcrypto_api_macros.h | 4 +- ...crypto_and_key_management_layer1_openssl.c | 15 +- .../wtpi_reference/wtpi_crypto_asymmetric.c | 13 -- .../wtpi_test/common/GEN_common_serializer.c | 78 ++++++-- .../wtpi_test/common/common_special_cases.c | 39 +--- .../wtpi_test/ree/GEN_ree_serializer.c | 138 +++++++++++--- .../wtpi_crypto_and_key_management_layer1.c | 4 +- .../common/wtpi_impl/wtpi_crypto_asymmetric.c | 11 ++ .../optee/ta/oemcrypto_ta/oemcrypto_ta.c | 13 +- .../common/GEN_common_serializer.c | 104 ++++++++-- .../common/common_special_cases.c | 4 +- .../common/opk_serialization_base.c | 63 ++++--- .../serialization/ree/GEN_ree_serializer.c | 122 +++++++++--- .../opk/serialization/tee/GEN_dispatcher.c | 6 +- .../serialization/tee/GEN_tee_serializer.c | 3 +- .../test/fuzz_tests/oemcrypto_fuzz_helper.cc | 1 - oemcrypto/test/oec_session_util.cpp | 13 +- oemcrypto/test/oemcrypto_test.cpp | 178 ++++++++++++++++-- 27 files changed, 650 insertions(+), 213 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6aeda43..04db2b8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,34 @@ [TOC] +## [Version 17.3][v17.3] + +This is a minor release that includes a few security fixes. + +General + +- Change OEMCrypto_FreeSecureBuffer() |output_descriptor| parameter to be +[in,out] type. +- Use strlen() instead of sizeof() to get the length of BUILD_INFO + +OPK serialization layer + +- Avoid writing any value to output parameters if the OEMCryptoResult is not +OEMCrypto_SUCCESS. (Applies to [out] type only. Not [in] or [in,out]). This +avoids subtle bugs where the serialization logic may unexpectedly modify (eg +set to 0) an output parameter on failure. + +Tests + +- Fix default cipher mode for CAS unit test. +- Skip entitlement session tests that are only supported on CAS devices. + +OP-TEE port changes + +- Fix memory leaks on failure cases in AES decrypt, RSA key creation, and ECC +key creation. +- Check incoming message size from REE to avoid OOB. + ## [Version 17.2.1][v17.2.1] Patch release which includes a fix for a bug in the OPK session state machine @@ -17,6 +45,11 @@ room for new licenses. Similarly, if the usage table has gaps where previous entries were deleted, then this bug may occur when the CDM tries to defragment the usage table by moving newer usage entries into those gaps. +Other changes + +- In oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_clock_and_gn_layer1.c, +specifically handle WTPI_LoadPersistentData() failure on initialization. + ## [Version 17.2][v17.2] This release contains the first version of OPK to support MediaCAS, an @@ -236,3 +269,4 @@ Public release for OEMCrypto API and ODK library version 16.4. [v17.1+opk-v17.1.1]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v17.1+opk-v17.1.1 [v17.2]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v17.2 [v17.2.1]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v17.2.1 +[v17.3]: https://widevine-partner.googlesource.com/oemcrypto/+/refs/tags/v17.3 diff --git a/oemcrypto/include/OEMCryptoCENC.h b/oemcrypto/include/OEMCryptoCENC.h index 34f0a94..656debe 100644 --- a/oemcrypto/include/OEMCryptoCENC.h +++ b/oemcrypto/include/OEMCryptoCENC.h @@ -3,7 +3,7 @@ // License Agreement. /** - * @mainpage OEMCrypto API v17.2 + * @mainpage OEMCrypto API v17.3 * * OEMCrypto is the low level library implemented by the OEM to provide key and * content protection, usually in a separate secure memory or process space. The @@ -5309,7 +5309,7 @@ OEMCryptoResult OEMCrypto_AllocateSecureBuffer( * will cause the unit test using secure buffers to fail. * * @param[in] session: session id for operation. - * @param[out] output_descriptor: the buffer descriptor modified by + * @param[in,out] output_descriptor: the buffer descriptor modified by * OEMCrypto_AllocateSecureBuffer() * @param[in] secure_fd: The integer returned by * OEMCrypto_AllocateSecureBuffer() diff --git a/oemcrypto/odk/include/core_message_features.h b/oemcrypto/odk/include/core_message_features.h index 42c41ba..951918b 100644 --- a/oemcrypto/odk/include/core_message_features.h +++ b/oemcrypto/odk/include/core_message_features.h @@ -25,9 +25,9 @@ struct CoreMessageFeatures { // This is the published version of the ODK Core Message library. The default // behavior is for the server to restrict messages to at most this version - // number. The default is 17.2. + // number. The default is 17.3. uint32_t maximum_major_version = 17; - uint32_t maximum_minor_version = 2; + uint32_t maximum_minor_version = 3; bool operator==(const CoreMessageFeatures &other) const; bool operator!=(const CoreMessageFeatures &other) const { diff --git a/oemcrypto/odk/include/odk_structs.h b/oemcrypto/odk/include/odk_structs.h index 78e8b6a..4ba7be6 100644 --- a/oemcrypto/odk/include/odk_structs.h +++ b/oemcrypto/odk/include/odk_structs.h @@ -16,10 +16,10 @@ extern "C" { /* The version of this library. */ #define ODK_MAJOR_VERSION 17 -#define ODK_MINOR_VERSION 2 +#define ODK_MINOR_VERSION 3 /* ODK Version string. Date changed automatically on each release. */ -#define ODK_RELEASE_DATE "ODK v17.2 2022-11-21" +#define ODK_RELEASE_DATE "ODK v17.3 2024-03-21" /* The lowest version number for an ODK message. */ #define ODK_FIRST_VERSION 16 diff --git a/oemcrypto/odk/src/core_message_features.cpp b/oemcrypto/odk/src/core_message_features.cpp index 60431f7..94f6b37 100644 --- a/oemcrypto/odk/src/core_message_features.cpp +++ b/oemcrypto/odk/src/core_message_features.cpp @@ -23,7 +23,7 @@ CoreMessageFeatures CoreMessageFeatures::DefaultFeatures( features.maximum_minor_version = 5; // 16.5 break; case 17: - features.maximum_minor_version = 2; // 17.2 + features.maximum_minor_version = 3; // 17.3 break; default: features.maximum_minor_version = 0; diff --git a/oemcrypto/odk/src/odk_timer.c b/oemcrypto/odk/src/odk_timer.c index e811d78..d05d14b 100644 --- a/oemcrypto/odk/src/odk_timer.c +++ b/oemcrypto/odk/src/odk_timer.c @@ -274,7 +274,7 @@ OEMCryptoResult ODK_InitializeSessionValues(ODK_TimerLimits* timer_limits, nonce_values->api_minor_version = 5; break; case 17: - nonce_values->api_minor_version = 2; + nonce_values->api_minor_version = 3; break; case 18: nonce_values->api_minor_version = 3; diff --git a/oemcrypto/odk/test/odk_test.cpp b/oemcrypto/odk/test/odk_test.cpp index 5fafb07..854b7aa 100644 --- a/oemcrypto/odk/test/odk_test.cpp +++ b/oemcrypto/odk/test/odk_test.cpp @@ -873,6 +873,7 @@ std::vector TestCases() { {17, 17, 0, 17, 0}, {17, 17, 1, 17, 1}, {17, 17, 2, 17, 2}, + {17, 17, 3, 17, 3}, }; return test_cases; } diff --git a/oemcrypto/oemcrypto_unittests.gyp b/oemcrypto/oemcrypto_unittests.gyp index fd0b27e..d3008d5 100644 --- a/oemcrypto/oemcrypto_unittests.gyp +++ b/oemcrypto/oemcrypto_unittests.gyp @@ -14,6 +14,7 @@ 'oemcrypto_dir': '.', 'util_dir%': '../util', 'platform_specific_dir': ' build_info_limit ? build_info_limit : current_size; diff --git a/oemcrypto/opk/oemcrypto_ta/oemcrypto_api_macros.h b/oemcrypto/opk/oemcrypto_ta/oemcrypto_api_macros.h index f1ce48d..d9a9bfb 100644 --- a/oemcrypto/opk/oemcrypto_ta/oemcrypto_api_macros.h +++ b/oemcrypto/opk/oemcrypto_ta/oemcrypto_api_macros.h @@ -31,7 +31,7 @@ // version bumps to v17.1, the first released OPK implementation would be // v17.1.0 #define API_MAJOR_VERSION 17 -#define API_MINOR_VERSION 2 -#define OPK_PATCH_VERSION 1 +#define API_MINOR_VERSION 3 +#define OPK_PATCH_VERSION 0 #endif /* OEMCRYPTO_TA_OEMCRYPTO_API_MACROS_H_ */ diff --git a/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_and_key_management_layer1_openssl.c b/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_and_key_management_layer1_openssl.c index 7af7bac..6076a27 100644 --- a/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_and_key_management_layer1_openssl.c +++ b/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_and_key_management_layer1_openssl.c @@ -85,19 +85,8 @@ static bool IsKeyValid(uint32_t index) { } static bool IsKeyHandleValid(WTPI_K1_SymmetricKey_Handle key_handle) { - if (key_handle == NULL || key_handle->index >= MAX_NUMBER_OF_KEYS || - !IsKeyValid(key_handle->index)) { - return false; - } - if (!key_handle->is_key_cached) { - for (size_t i = 0; i < sizeof(key_handle->cached_key); i++) { - if (key_handle->cached_key[i] != 0) { - LOGE("The key is not supposed to be cached. Something might be wrong."); - return false; - } - } - } - return true; + return key_handle != NULL && key_handle->index < MAX_NUMBER_OF_KEYS && + IsKeyValid(key_handle->index); } static OEMCryptoResult GetKeyType(WTPI_K1_SymmetricKey_Handle key_handle, diff --git a/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_asymmetric.c b/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_asymmetric.c index d6ec4dc..5a0282e 100644 --- a/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_asymmetric.c +++ b/oemcrypto/opk/oemcrypto_ta/wtpi_reference/wtpi_crypto_asymmetric.c @@ -36,35 +36,22 @@ typedef struct tee_asymmetric_key_handle { uint8_t ed25519_key[ED25519_PRIVATE_KEY_LEN]; } tee_asymmetric_key_handle; -// Returns true as long as one byte of ed25519_key is non-zero. -static bool HasED25519Key(WTPI_AsymmetricKey_Handle key_handle) { - for (size_t i = 0; i < ED25519_PRIVATE_KEY_LEN; ++i) { - if (key_handle->ed25519_key[i] != 0) { - return true; - } - } - return false; -} - static bool IsAsymmetricKeyHandleValid(WTPI_AsymmetricKey_Handle key_handle) { if (key_handle == NULL) return false; switch (key_handle->key_type) { case DRM_RSA_PRIVATE_KEY: { if (key_handle->rsa_key == NULL) return false; if (key_handle->ecc_key != NULL) return false; - if (HasED25519Key(key_handle)) return false; break; } case DRM_ECC_PRIVATE_KEY: { if (key_handle->ecc_key == NULL) return false; if (key_handle->rsa_key != NULL) return false; - if (HasED25519Key(key_handle)) return false; break; } case PROV40_ED25519_PRIVATE_KEY: { if (key_handle->ecc_key != NULL) return false; if (key_handle->rsa_key != NULL) return false; - if (!HasED25519Key(key_handle)) return false; break; } default: diff --git a/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/GEN_common_serializer.c b/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/GEN_common_serializer.c index 2f3f751..ce2a57a 100644 --- a/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/GEN_common_serializer.c +++ b/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/GEN_common_serializer.c @@ -225,12 +225,20 @@ void OPK_Pack_OEMCrypto_KeyObject(ODK_Message* msg, void OPK_Unpack_OEMCrypto_Substring(ODK_Message* msg, OEMCrypto_Substring* obj) { + OEMCrypto_Substring tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_size_t(msg, &obj->offset); OPK_Unpack_size_t(msg, &obj->length); } void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_0( ODK_Message* msg, OEMCrypto_DTCP2_CMI_Descriptor_0* obj) { + OEMCrypto_DTCP2_CMI_Descriptor_0 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->id); OPK_Unpack_uint8_t(msg, &obj->extension); OPK_Unpack_uint16_t(msg, &obj->length); @@ -239,6 +247,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_0( void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_1( ODK_Message* msg, OEMCrypto_DTCP2_CMI_Descriptor_1* obj) { + OEMCrypto_DTCP2_CMI_Descriptor_1 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->id); OPK_Unpack_uint8_t(msg, &obj->extension); OPK_Unpack_uint16_t(msg, &obj->length); @@ -247,6 +259,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_1( void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_2( ODK_Message* msg, OEMCrypto_DTCP2_CMI_Descriptor_2* obj) { + OEMCrypto_DTCP2_CMI_Descriptor_2 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->id); OPK_Unpack_uint8_t(msg, &obj->extension); OPK_Unpack_uint16_t(msg, &obj->length); @@ -255,6 +271,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_2( void OPK_Unpack_OEMCrypto_DTCP2_CMI_Packet(ODK_Message* msg, OEMCrypto_DTCP2_CMI_Packet* obj) { + OEMCrypto_DTCP2_CMI_Packet tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->dtcp2_required); OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_0(msg, &obj->cmi_descriptor_0); OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_1(msg, &obj->cmi_descriptor_1); @@ -263,6 +283,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Packet(ODK_Message* msg, void OPK_Unpack_OEMCrypto_KeyObject(ODK_Message* msg, OEMCrypto_KeyObject* obj) { + OEMCrypto_KeyObject tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_id); OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_data_iv); OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_data); @@ -278,9 +302,11 @@ void OPK_PackNullable_uint64_t(ODK_Message* msg, const uint64_t* value) { } void OPK_UnpackNullable_uint64_t(ODK_Message* msg, uint64_t** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_uint64_t(msg, *value); + } else { + OPK_Unpack_uint64_t(msg, NULL); } } void OPK_UnpackAlloc_uint64_t(ODK_Message* msg, uint64_t** value) { @@ -297,9 +323,11 @@ void OPK_PackNullable_KeySize(ODK_Message* msg, const KeySize* value) { } void OPK_UnpackNullable_KeySize(ODK_Message* msg, KeySize** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_KeySize(msg, *value); + } else { + OPK_Unpack_KeySize(msg, NULL); } } void OPK_UnpackAlloc_KeySize(ODK_Message* msg, KeySize** value) { @@ -316,9 +344,11 @@ void OPK_PackNullable_uint8_t(ODK_Message* msg, const uint8_t* value) { } void OPK_UnpackNullable_uint8_t(ODK_Message* msg, uint8_t** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_uint8_t(msg, *value); + } else { + OPK_Unpack_uint8_t(msg, NULL); } } void OPK_UnpackAlloc_uint8_t(ODK_Message* msg, uint8_t** value) { @@ -337,9 +367,11 @@ void OPK_PackNullable_OPK_OutputBuffer(ODK_Message* msg, void OPK_UnpackNullable_OPK_OutputBuffer(ODK_Message* msg, OPK_OutputBuffer** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_OPK_OutputBuffer(msg, *value); + } else { + OPK_Unpack_OPK_OutputBuffer(msg, NULL); } } void OPK_PackNullable_WTPI_K1_SymmetricKey_Handle( @@ -352,9 +384,11 @@ void OPK_PackNullable_WTPI_K1_SymmetricKey_Handle( void OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle( ODK_Message* msg, WTPI_K1_SymmetricKey_Handle** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_WTPI_K1_SymmetricKey_Handle(msg, *value); + } else { + OPK_Unpack_WTPI_K1_SymmetricKey_Handle(msg, NULL); } } void OPK_UnpackAlloc_WTPI_K1_SymmetricKey_Handle( @@ -375,9 +409,11 @@ void OPK_PackNullable_WTPI_AsymmetricKey_Handle( void OPK_UnpackNullable_WTPI_AsymmetricKey_Handle( ODK_Message* msg, WTPI_AsymmetricKey_Handle** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_WTPI_AsymmetricKey_Handle(msg, *value); + } else { + OPK_Unpack_WTPI_AsymmetricKey_Handle(msg, NULL); } } void OPK_UnpackAlloc_WTPI_AsymmetricKey_Handle( @@ -396,9 +432,11 @@ void OPK_PackNullable_uint32_t(ODK_Message* msg, const uint32_t* value) { } void OPK_UnpackNullable_uint32_t(ODK_Message* msg, uint32_t** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_uint32_t(msg, *value); + } else { + OPK_Unpack_uint32_t(msg, NULL); } } void OPK_UnpackAlloc_uint32_t(ODK_Message* msg, uint32_t** value) { @@ -415,9 +453,11 @@ void OPK_PackNullable_size_t(ODK_Message* msg, const size_t* value) { } void OPK_UnpackNullable_size_t(ODK_Message* msg, size_t** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_size_t(msg, *value); + } else { + OPK_Unpack_size_t(msg, NULL); } } void OPK_UnpackAlloc_size_t(ODK_Message* msg, size_t** value) { @@ -436,9 +476,11 @@ void OPK_PackNullable_AsymmetricKeyType(ODK_Message* msg, void OPK_UnpackNullable_AsymmetricKeyType(ODK_Message* msg, AsymmetricKeyType** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_AsymmetricKeyType(msg, *value); + } else { + OPK_Unpack_AsymmetricKeyType(msg, NULL); } } void OPK_UnpackAlloc_AsymmetricKeyType(ODK_Message* msg, diff --git a/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/common_special_cases.c b/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/common_special_cases.c index ae713f7..8879732 100644 --- a/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/common_special_cases.c +++ b/oemcrypto/opk/oemcrypto_ta/wtpi_test/common/common_special_cases.c @@ -31,21 +31,11 @@ void OPK_Pack_WTPI_AsymmetricKey_Handle( void OPK_Unpack_WTPI_K1_SymmetricKey_Handle( ODK_Message* message, WTPI_K1_SymmetricKey_Handle* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_size_t(message, (size_t*)value); } void OPK_Unpack_WTPI_AsymmetricKey_Handle(ODK_Message* message, WTPI_AsymmetricKey_Handle* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_size_t(message, (size_t*)value); } @@ -76,9 +66,9 @@ void OPK_Pack_OPK_OutputBuffer(ODK_Message* message, void OPK_Unpack_OPK_OutputBuffer(ODK_Message* message, OPK_OutputBuffer* value) { + OPK_OutputBuffer tmp_value; if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; + value = &tmp_value; } OPK_Unpack_uint32_t(message, (uint32_t*)&value->type); @@ -117,11 +107,6 @@ void OPK_Pack_SymmetricKeyType(ODK_Message* message, void OPK_Unpack_SymmetricKeyType(ODK_Message* message, SymmetricKeyType* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_int(message, (int*)value); } @@ -137,11 +122,6 @@ void OPK_Pack_AsymmetricKeyType(ODK_Message* message, void OPK_Unpack_AsymmetricKeyType(ODK_Message* message, AsymmetricKeyType* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_int(message, (int*)value); } @@ -157,11 +137,6 @@ void OPK_Pack_RSA_Padding_Scheme(ODK_Message* message, void OPK_Unpack_RSA_Padding_Scheme(ODK_Message* message, RSA_Padding_Scheme* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_uint8_t(message, (uint8_t*)value); } @@ -175,11 +150,6 @@ void OPK_Pack_KeySize(ODK_Message* message, const KeySize* value) { } void OPK_Unpack_KeySize(ODK_Message* message, KeySize* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_int(message, (int*)value); } @@ -209,10 +179,5 @@ void OPK_Pack_OEMCrypto_Clock_Security_Level( void OPK_Unpack_OEMCrypto_Clock_Security_Level( ODK_Message* message, OEMCrypto_Clock_Security_Level* value) { - if (value == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; - } - OPK_Unpack_uint32_t(message, (uint32_t*)value); } diff --git a/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/GEN_ree_serializer.c b/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/GEN_ree_serializer.c index 41bad6d..a7a1592 100644 --- a/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/GEN_ree_serializer.c +++ b/oemcrypto/opk/oemcrypto_ta/wtpi_test/ree/GEN_ree_serializer.c @@ -77,7 +77,11 @@ void OPK_Unpack_LoadGenerationNumber_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint64_t(msg, value); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint64_t(msg, value); + } else { + OPK_UnpackNullable_uint64_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -139,7 +143,11 @@ void OPK_Unpack_K1_GetKeySize_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_KeySize(msg, size); + if (SuccessResult(*result)) { + OPK_UnpackNullable_KeySize(msg, size); + } else { + OPK_UnpackNullable_KeySize(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -417,7 +425,11 @@ void OPK_Unpack_K1_CreateKeyHandle_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + } else { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -453,7 +465,11 @@ void OPK_Unpack_K1_DeriveDeviceKeyIntoHandle_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + } else { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -493,7 +509,11 @@ void OPK_Unpack_K1_AESDecryptAndCreateKeyHandle_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + } else { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -535,8 +555,16 @@ void OPK_Unpack_K1_AESDecryptAndCreateKeyHandleForMacKeys_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_mac_key_server); - OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_mac_key_client); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_mac_key_server); + } else { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, NULL); + } + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_mac_key_client); + } else { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -578,7 +606,11 @@ void OPK_Unpack_K1_DeriveKeyFromKeyHandle_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + } else { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -663,7 +695,11 @@ void OPK_Unpack_K1_UnwrapIntoKeyHandle_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, out_key_handle); + } else { + OPK_UnpackNullable_WTPI_K1_SymmetricKey_Handle(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -729,7 +765,11 @@ void OPK_Unpack_CreateAsymmetricKeyHandle_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_AsymmetricKey_Handle(msg, key_handle); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_AsymmetricKey_Handle(msg, key_handle); + } else { + OPK_UnpackNullable_WTPI_AsymmetricKey_Handle(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -767,8 +807,16 @@ void OPK_Unpack_UnwrapIntoAsymmetricKeyHandle_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_WTPI_AsymmetricKey_Handle(msg, key_handle); - OPK_UnpackNullable_uint32_t(msg, allowed_schemes); + if (SuccessResult(*result)) { + OPK_UnpackNullable_WTPI_AsymmetricKey_Handle(msg, key_handle); + } else { + OPK_UnpackNullable_WTPI_AsymmetricKey_Handle(msg, NULL); + } + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, allowed_schemes); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -833,7 +881,11 @@ void OPK_Unpack_GetWrappedAsymmetricKeySize_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_size_t(msg, buffer_size); + if (SuccessResult(*result)) { + OPK_UnpackNullable_size_t(msg, buffer_size); + } else { + OPK_UnpackNullable_size_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1101,7 +1153,11 @@ void OPK_Unpack_GetSignatureSize_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_size_t(msg, signature_length); + if (SuccessResult(*result)) { + OPK_UnpackNullable_size_t(msg, signature_length); + } else { + OPK_UnpackNullable_size_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1174,7 +1230,11 @@ void OPK_Unpack_GetMaxBootCertificateChainSize_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_size_t(msg, out_length); + if (SuccessResult(*result)) { + OPK_UnpackNullable_size_t(msg, out_length); + } else { + OPK_UnpackNullable_size_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1215,7 +1275,11 @@ void OPK_Unpack_GenerateRandomCertificateKeyPair_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_AsymmetricKeyType(msg, key_type); + if (SuccessResult(*result)) { + OPK_UnpackNullable_AsymmetricKeyType(msg, key_type); + } else { + OPK_UnpackNullable_AsymmetricKeyType(msg, NULL); + } if (SuccessResult(*result)) { uint8_t* p; OPK_UnpackInPlace(msg, &p, OPK_FromSizeTPtrPtr(wrapped_private_key_length)); @@ -1307,7 +1371,11 @@ void OPK_Unpack_GetMaxDeviceKeyCoseSign1Size_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_size_t(msg, out_length); + if (SuccessResult(*result)) { + OPK_UnpackNullable_size_t(msg, out_length); + } else { + OPK_UnpackNullable_size_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1337,7 +1405,11 @@ void OPK_Unpack_Crc32Init_Response(ODK_Message* msg, OEMCryptoResult* result, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, initial_hash); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, initial_hash); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1372,7 +1444,11 @@ void OPK_Unpack_Crc32Cont_Response(ODK_Message* msg, OEMCryptoResult* result, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, new_crc); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, new_crc); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1422,7 +1498,11 @@ void OPK_Unpack_Crc32Cont_OutputBuffer_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, new_crc); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, new_crc); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1453,7 +1533,11 @@ void OPK_Unpack_GetTrustedTime_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint64_t(msg, time_in_s); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint64_t(msg, time_in_s); + } else { + OPK_UnpackNullable_uint64_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1565,7 +1649,11 @@ void OPK_Unpack_GetEncryptAndSignSize_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_size_t(msg, wrapped_length); + if (SuccessResult(*result)) { + OPK_UnpackNullable_size_t(msg, wrapped_length); + } else { + OPK_UnpackNullable_size_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1695,7 +1783,11 @@ void OPK_Unpack_VerifyAndDecryptUsageData_Legacy_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint8_t(msg, out); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint8_t(msg, out); + } else { + OPK_UnpackNullable_uint8_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { diff --git a/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_and_key_management_layer1.c b/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_and_key_management_layer1.c index 31136d9..639b14f 100644 --- a/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_and_key_management_layer1.c +++ b/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_and_key_management_layer1.c @@ -131,7 +131,7 @@ static OEMCryptoResult Helper_AESCBC(WTPI_K1_SymmetricKey_Handle key, if (output_len != in_length) { EMSG("output_len was changed to %zu", output_len); } - return OEMCrypto_ERROR_UNKNOWN_FAILURE; + goto err; } if (op_handle != TEE_HANDLE_NULL) TEE_FreeOperation(op_handle); if (key_handle != TEE_HANDLE_NULL) TEE_FreeTransientObject(key_handle); @@ -686,7 +686,7 @@ OEMCryptoResult WTPI_K1_DeriveKeyFromKeyHandle( if (output_len != KEY_SIZE_128) { EMSG("output_len was changed to %zu", output_len); } - return OEMCrypto_ERROR_UNKNOWN_FAILURE; + goto err; } } diff --git a/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_asymmetric.c b/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_asymmetric.c index 697c217..a5615f3 100644 --- a/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_asymmetric.c +++ b/oemcrypto/opk/ports/optee/ta/common/wtpi_impl/wtpi_crypto_asymmetric.c @@ -58,6 +58,14 @@ static OEMCryptoResult Helper_CreateRSAKeyHandle( if (res != OEMCrypto_SUCCESS) { EMSG("RSA DER parsing failed with result %d", res); WTPI_FreeAsymmetricKeyHandle(sess); + TEE_Free(sess_key->modulus); + TEE_Free(sess_key->exp1); + TEE_Free(sess_key->exp2); + TEE_Free(sess_key->prime1); + TEE_Free(sess_key->prime2); + TEE_Free(sess_key->coefficient); + TEE_Free(sess_key->public_exp); + TEE_Free(sess_key->private_exp); TEE_Free(sess_key); return OEMCrypto_ERROR_INVALID_KEY; } @@ -142,6 +150,9 @@ static OEMCryptoResult Helper_CreateECCKeyHandle( if (res != OEMCrypto_SUCCESS) { EMSG("ECC DER parsing failed with result %d", res); WTPI_FreeAsymmetricKeyHandle(sess); + TEE_Free(sess_key->private_val); + TEE_Free(sess_key->public_x); + TEE_Free(sess_key->public_y); TEE_Free(sess_key); return OEMCrypto_ERROR_INVALID_RSA_KEY; } diff --git a/oemcrypto/opk/ports/optee/ta/oemcrypto_ta/oemcrypto_ta.c b/oemcrypto/opk/ports/optee/ta/oemcrypto_ta/oemcrypto_ta.c index 8829d65..91db916 100644 --- a/oemcrypto/opk/ports/optee/ta/oemcrypto_ta/oemcrypto_ta.c +++ b/oemcrypto/opk/ports/optee/ta/oemcrypto_ta/oemcrypto_ta.c @@ -98,13 +98,20 @@ static TEE_Result HandleRequest(uint32_t param_types, TEE_Param params[4]) { return TEE_ERROR_BAD_PARAMETERS; } - size_t request_size = (size_t)(params[2].value.a); - if (request_size > OPK_TRANSPORT_MESSAGE_SIZE) { - DMSG("Size too large. Input is %zu, limit is %d\n", request_size, + size_t transport_size = params[1].memref.size; + if (transport_size > OPK_TRANSPORT_MESSAGE_SIZE) { + DMSG("Size too large. transport size is %d, limit is %d\n", transport_size, OPK_TRANSPORT_MESSAGE_SIZE); return TEE_ERROR_BAD_PARAMETERS; } + size_t request_size = (size_t)(params[2].value.a); + if (request_size > transport_size) { + DMSG("Size too large. Input is %zu, limit is %d\n", request_size, + transport_size); + return TEE_ERROR_BAD_PARAMETERS; + } + /* * The request message data must be copied into a local buffer * so the contents can't be modified while being parsed. diff --git a/oemcrypto/opk/serialization/common/GEN_common_serializer.c b/oemcrypto/opk/serialization/common/GEN_common_serializer.c index 131ba96..023f3eb 100644 --- a/oemcrypto/opk/serialization/common/GEN_common_serializer.c +++ b/oemcrypto/opk/serialization/common/GEN_common_serializer.c @@ -428,12 +428,20 @@ void OPK_Pack_OEMCrypto_EntitledContentKeyObject_V16( void OPK_Unpack_OEMCrypto_Substring(ODK_Message* msg, OEMCrypto_Substring* obj) { + OEMCrypto_Substring tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_size_t(msg, &obj->offset); OPK_Unpack_size_t(msg, &obj->length); } void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_0( ODK_Message* msg, OEMCrypto_DTCP2_CMI_Descriptor_0* obj) { + OEMCrypto_DTCP2_CMI_Descriptor_0 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->id); OPK_Unpack_uint8_t(msg, &obj->extension); OPK_Unpack_uint16_t(msg, &obj->length); @@ -442,6 +450,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_0( void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_1( ODK_Message* msg, OEMCrypto_DTCP2_CMI_Descriptor_1* obj) { + OEMCrypto_DTCP2_CMI_Descriptor_1 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->id); OPK_Unpack_uint8_t(msg, &obj->extension); OPK_Unpack_uint16_t(msg, &obj->length); @@ -450,6 +462,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_1( void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_2( ODK_Message* msg, OEMCrypto_DTCP2_CMI_Descriptor_2* obj) { + OEMCrypto_DTCP2_CMI_Descriptor_2 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->id); OPK_Unpack_uint8_t(msg, &obj->extension); OPK_Unpack_uint16_t(msg, &obj->length); @@ -458,6 +474,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_2( void OPK_Unpack_OEMCrypto_DTCP2_CMI_Packet(ODK_Message* msg, OEMCrypto_DTCP2_CMI_Packet* obj) { + OEMCrypto_DTCP2_CMI_Packet tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_uint8_t(msg, &obj->dtcp2_required); OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_0(msg, &obj->cmi_descriptor_0); OPK_Unpack_OEMCrypto_DTCP2_CMI_Descriptor_1(msg, &obj->cmi_descriptor_1); @@ -466,6 +486,10 @@ void OPK_Unpack_OEMCrypto_DTCP2_CMI_Packet(ODK_Message* msg, void OPK_Unpack_OEMCrypto_KeyObject(ODK_Message* msg, OEMCrypto_KeyObject* obj) { + OEMCrypto_KeyObject tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_id); OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_data_iv); OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_data); @@ -475,6 +499,10 @@ void OPK_Unpack_OEMCrypto_KeyObject(ODK_Message* msg, void OPK_Unpack_OEMCrypto_InputOutputPair(ODK_Message* msg, OEMCrypto_InputOutputPair* obj) { + OEMCrypto_InputOutputPair tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_size_t(msg, &obj->input_data_length); OEMCrypto_SharedMemory* input_data; OPK_UnpackSharedBuffer(msg, &input_data, @@ -486,6 +514,10 @@ void OPK_Unpack_OEMCrypto_InputOutputPair(ODK_Message* msg, void OPK_Unpack_OEMCrypto_SubSampleDescription( ODK_Message* msg, OEMCrypto_SubSampleDescription* obj) { + OEMCrypto_SubSampleDescription tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_size_t(msg, &obj->num_bytes_clear); OPK_Unpack_size_t(msg, &obj->num_bytes_encrypted); OPK_Unpack_uint8_t(msg, &obj->subsample_flags); @@ -494,6 +526,10 @@ void OPK_Unpack_OEMCrypto_SubSampleDescription( void OPK_Unpack_OEMCrypto_SampleDescription(ODK_Message* msg, OEMCrypto_SampleDescription* obj) { + OEMCrypto_SampleDescription tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_size_t(msg, &obj->subsamples_length); OPK_Unpack_OEMCrypto_InputOutputPair(msg, &obj->buffers); OPK_UnpackArray(msg, &obj->iv[0], sizeof(obj->iv)); @@ -533,12 +569,20 @@ void OPK_Unpack_OEMCrypto_SampleDescription(ODK_Message* msg, void OPK_Unpack_OEMCrypto_CENCEncryptPatternDesc( ODK_Message* msg, OEMCrypto_CENCEncryptPatternDesc* obj) { + OEMCrypto_CENCEncryptPatternDesc tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_size_t(msg, &obj->encrypt); OPK_Unpack_size_t(msg, &obj->skip); } void OPK_Unpack_OEMCrypto_EntitledContentKeyObject( ODK_Message* msg, OEMCrypto_EntitledContentKeyObject* obj) { + OEMCrypto_EntitledContentKeyObject tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_OEMCrypto_Substring(msg, &obj->entitlement_key_id); OPK_Unpack_OEMCrypto_Substring(msg, &obj->content_key_id); OPK_Unpack_OEMCrypto_Substring(msg, &obj->content_key_data_iv); @@ -549,6 +593,10 @@ void OPK_Unpack_OEMCrypto_EntitledContentKeyObject( void OPK_Unpack_OEMCrypto_KeyRefreshObject(ODK_Message* msg, OEMCrypto_KeyRefreshObject* obj) { + OEMCrypto_KeyRefreshObject tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_id); OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_control_iv); OPK_Unpack_OEMCrypto_Substring(msg, &obj->key_control); @@ -556,6 +604,10 @@ void OPK_Unpack_OEMCrypto_KeyRefreshObject(ODK_Message* msg, void OPK_Unpack_OEMCrypto_CENCEncryptPatternDesc_V15( ODK_Message* msg, OEMCrypto_CENCEncryptPatternDesc_V15* obj) { + OEMCrypto_CENCEncryptPatternDesc_V15 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_size_t(msg, &obj->encrypt); OPK_Unpack_size_t(msg, &obj->skip); OPK_Unpack_size_t(msg, &obj->offset); @@ -563,6 +615,10 @@ void OPK_Unpack_OEMCrypto_CENCEncryptPatternDesc_V15( void OPK_Unpack_OEMCrypto_EntitledContentKeyObject_V16( ODK_Message* msg, OEMCrypto_EntitledContentKeyObject_V16* obj) { + OEMCrypto_EntitledContentKeyObject_V16 tmp_obj; + if (obj == NULL) { + obj = &tmp_obj; + } OPK_Unpack_OEMCrypto_Substring(msg, &obj->entitlement_key_id); OPK_Unpack_OEMCrypto_Substring(msg, &obj->content_key_id); OPK_Unpack_OEMCrypto_Substring(msg, &obj->content_key_data_iv); @@ -577,9 +633,11 @@ void OPK_PackNullable_uint32_t(ODK_Message* msg, const uint32_t* value) { } void OPK_UnpackNullable_uint32_t(ODK_Message* msg, uint32_t** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_uint32_t(msg, *value); + } else { + OPK_Unpack_uint32_t(msg, NULL); } } void OPK_UnpackAlloc_uint32_t(ODK_Message* msg, uint32_t** value) { @@ -596,9 +654,11 @@ void OPK_PackNullable_size_t(ODK_Message* msg, const size_t* value) { } void OPK_UnpackNullable_size_t(ODK_Message* msg, size_t** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_size_t(msg, *value); + } else { + OPK_Unpack_size_t(msg, NULL); } } void OPK_UnpackAlloc_size_t(ODK_Message* msg, size_t** value) { @@ -617,9 +677,11 @@ void OPK_PackNullable_OEMCrypto_KeyRefreshObject( void OPK_UnpackNullable_OEMCrypto_KeyRefreshObject( ODK_Message* msg, OEMCrypto_KeyRefreshObject** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_OEMCrypto_KeyRefreshObject(msg, *value); + } else { + OPK_Unpack_OEMCrypto_KeyRefreshObject(msg, NULL); } } void OPK_PackNullable_OEMCrypto_EntitledContentKeyObject( @@ -632,9 +694,11 @@ void OPK_PackNullable_OEMCrypto_EntitledContentKeyObject( void OPK_UnpackNullable_OEMCrypto_EntitledContentKeyObject( ODK_Message* msg, OEMCrypto_EntitledContentKeyObject** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_OEMCrypto_EntitledContentKeyObject(msg, *value); + } else { + OPK_Unpack_OEMCrypto_EntitledContentKeyObject(msg, NULL); } } void OPK_PackNullable_OEMCrypto_CENCEncryptPatternDesc( @@ -647,9 +711,11 @@ void OPK_PackNullable_OEMCrypto_CENCEncryptPatternDesc( void OPK_UnpackNullable_OEMCrypto_CENCEncryptPatternDesc( ODK_Message* msg, OEMCrypto_CENCEncryptPatternDesc** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_OEMCrypto_CENCEncryptPatternDesc(msg, *value); + } else { + OPK_Unpack_OEMCrypto_CENCEncryptPatternDesc(msg, NULL); } } void OPK_PackNullable_OEMCrypto_DestBufferDesc( @@ -662,9 +728,11 @@ void OPK_PackNullable_OEMCrypto_DestBufferDesc( void OPK_UnpackNullable_OEMCrypto_DestBufferDesc( ODK_Message* msg, OEMCrypto_DestBufferDesc** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_OEMCrypto_DestBufferDesc(msg, *value); + } else { + OPK_Unpack_OEMCrypto_DestBufferDesc(msg, NULL); } } void OPK_PackNullable_uint16_t(ODK_Message* msg, const uint16_t* value) { @@ -675,9 +743,11 @@ void OPK_PackNullable_uint16_t(ODK_Message* msg, const uint16_t* value) { } void OPK_UnpackNullable_uint16_t(ODK_Message* msg, uint16_t** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_uint16_t(msg, *value); + } else { + OPK_Unpack_uint16_t(msg, NULL); } } void OPK_UnpackAlloc_uint16_t(ODK_Message* msg, uint16_t** value) { @@ -702,9 +772,11 @@ void OPK_PackNullable_int(ODK_Message* msg, const int* value) { } void OPK_UnpackNullable_int(ODK_Message* msg, int** value) { if (OPK_UnpackIsNull(msg)) { - *value = NULL; - } else { + if (value) *value = NULL; + } else if (value) { OPK_Unpack_int(msg, *value); + } else { + OPK_Unpack_int(msg, NULL); } } void OPK_UnpackAlloc_int(ODK_Message* msg, int** value) { diff --git a/oemcrypto/opk/serialization/common/common_special_cases.c b/oemcrypto/opk/serialization/common/common_special_cases.c index edd2019..19d60f2 100644 --- a/oemcrypto/opk/serialization/common/common_special_cases.c +++ b/oemcrypto/opk/serialization/common/common_special_cases.c @@ -62,9 +62,9 @@ void OPK_Pack_OEMCrypto_DestBufferDesc(ODK_Message* message, */ void OPK_Unpack_OEMCrypto_DestBufferDesc(ODK_Message* message, OEMCrypto_DestBufferDesc* obj) { + OEMCrypto_DestBufferDesc temp_destbuf; if (obj == NULL) { - ODK_MESSAGE_SETSTATUS(message, MESSAGE_STATUS_NULL_POINTER_ERROR); - return; + obj = &temp_destbuf; } OPK_Unpack_uint32_t(message, (uint32_t*)&obj->type); switch (obj->type) { diff --git a/oemcrypto/opk/serialization/common/opk_serialization_base.c b/oemcrypto/opk/serialization/common/opk_serialization_base.c index f579a5f..c1f6563 100644 --- a/oemcrypto/opk/serialization/common/opk_serialization_base.c +++ b/oemcrypto/opk/serialization/common/opk_serialization_base.c @@ -250,10 +250,14 @@ static bool CheckTag(ODK_Message* message, TagType tag) { void OPK_Unpack_bool(ODK_Message* message, bool* value) { if (!CheckTag(message, TAG_BOOL)) return; - uint8_t b = 0; - UnpackBytes(message, &b, sizeof(b)); - assert(value); - *value = b ? true : false; + if (value) { + uint8_t b = 0; + UnpackBytes(message, &b, sizeof(b)); + assert(value); + *value = b ? true : false; + } else { + UnpackBytes(message, NULL, sizeof(uint8_t)); + } } static uint64_t Unpack64(ODK_Message* message) { @@ -272,14 +276,20 @@ static uint64_t Unpack64(ODK_Message* message) { void OPK_Unpack_int(ODK_Message* message, int* value) { if (!CheckTag(message, TAG_INT)) return; - assert(value); - *value = (int)Unpack64(message); + if (value) { + *value = (int)Unpack64(message); + } else { + Unpack64(message); + } } void OPK_Unpack_size_t(ODK_Message* message, size_t* value) { if (!CheckTag(message, TAG_SIZE_T)) return; - assert(value); - *value = (size_t)Unpack64(message); + if (value) { + *value = (size_t)Unpack64(message); + } else { + Unpack64(message); + } } void OPK_Unpack_uint8_t(ODK_Message* message, uint8_t* value) { @@ -289,28 +299,37 @@ void OPK_Unpack_uint8_t(ODK_Message* message, uint8_t* value) { void OPK_Unpack_uint16_t(ODK_Message* message, uint16_t* value) { if (!CheckTag(message, TAG_UINT16)) return; - assert(value); - uint8_t buf[sizeof(uint16_t)] = {0}; - UnpackBytes(message, buf, sizeof(buf)); - *value = buf[0]; - *value |= (uint16_t)buf[1] << 8; + if (value) { + uint8_t buf[sizeof(uint16_t)] = {0}; + UnpackBytes(message, buf, sizeof(buf)); + *value = buf[0]; + *value |= (uint16_t)buf[1] << 8; + } else { + UnpackBytes(message, NULL, sizeof(uint16_t)); + } } void OPK_Unpack_uint32_t(ODK_Message* message, uint32_t* value) { if (!CheckTag(message, TAG_UINT32)) return; - assert(value); - uint8_t buf[sizeof(uint32_t)] = {0}; - UnpackBytes(message, buf, sizeof(buf)); - *value = buf[0]; - *value |= (uint32_t)buf[1] << 8; - *value |= (uint32_t)buf[2] << 16; - *value |= (uint32_t)buf[3] << 24; + if (value) { + uint8_t buf[sizeof(uint32_t)] = {0}; + UnpackBytes(message, buf, sizeof(buf)); + *value = buf[0]; + *value |= (uint32_t)buf[1] << 8; + *value |= (uint32_t)buf[2] << 16; + *value |= (uint32_t)buf[3] << 24; + } else { + UnpackBytes(message, NULL, sizeof(uint32_t)); + } } void OPK_Unpack_uint64_t(ODK_Message* message, uint64_t* value) { if (!CheckTag(message, TAG_UINT64)) return; - assert(value); - *value = Unpack64(message); + if (value) { + *value = Unpack64(message); + } else { + Unpack64(message); + } } bool OPK_UnpackBoolValue(ODK_Message* message) { diff --git a/oemcrypto/opk/serialization/ree/GEN_ree_serializer.c b/oemcrypto/opk/serialization/ree/GEN_ree_serializer.c index 448e8f4..db59df9 100644 --- a/oemcrypto/opk/serialization/ree/GEN_ree_serializer.c +++ b/oemcrypto/opk/serialization/ree/GEN_ree_serializer.c @@ -187,7 +187,11 @@ void OPK_Unpack_OpenSession_Response(ODK_Message* msg, OEMCryptoResult* result, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, session); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, session); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -335,7 +339,11 @@ void OPK_Unpack_GenerateNonce_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, nonce); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, nonce); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -710,7 +718,11 @@ void OPK_Unpack_CreateEntitledKeySession_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, key_session); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, key_session); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1689,17 +1701,25 @@ void OPK_Unpack_GetHDCPCapability_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, current); - if (*current) { - if (!Is_Valid_OEMCrypto_HDCP_Capability(**current)) { - ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, current); + if (*current) { + if (!Is_Valid_OEMCrypto_HDCP_Capability(**current)) { + ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + } } + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); } - OPK_UnpackNullable_uint32_t(msg, maximum); - if (*maximum) { - if (!Is_Valid_OEMCrypto_HDCP_Capability(**maximum)) { - ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, maximum); + if (*maximum) { + if (!Is_Valid_OEMCrypto_HDCP_Capability(**maximum)) { + ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + } } + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); } OPK_UnpackEOM(msg); @@ -1732,11 +1752,15 @@ void OPK_Unpack_GetDTCP2Capability_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, capability); - if (*capability) { - if (!Is_Valid_OEMCrypto_DTCP2_Capability(**capability)) { - ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, capability); + if (*capability) { + if (!Is_Valid_OEMCrypto_DTCP2_Capability(**capability)) { + ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + } } + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); } OPK_UnpackEOM(msg); @@ -1833,7 +1857,11 @@ void OPK_Unpack_GetNumberOfOpenSessions_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_size_t(msg, count); + if (SuccessResult(*result)) { + OPK_UnpackNullable_size_t(msg, count); + } else { + OPK_UnpackNullable_size_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1864,7 +1892,11 @@ void OPK_Unpack_GetMaxNumberOfSessions_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_size_t(msg, max); + if (SuccessResult(*result)) { + OPK_UnpackNullable_size_t(msg, max); + } else { + OPK_UnpackNullable_size_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -1917,7 +1949,11 @@ void OPK_Unpack_GetCurrentSRMVersion_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint16_t(msg, version); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint16_t(msg, version); + } else { + OPK_UnpackNullable_uint16_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -2340,7 +2376,11 @@ void OPK_Unpack_CreateNewUsageEntry_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, usage_entry_number); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, usage_entry_number); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -2739,11 +2779,15 @@ void OPK_Unpack_GenerateCertificateKeyPair_Response( OPK_SafeDerefSizeTPtrPtr(wrapped_private_key_length)); } } - OPK_UnpackNullable_uint32_t(msg, key_type); - if (*key_type) { - if (!Is_Valid_OEMCrypto_PrivateKeyType(**key_type)) { - ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, key_type); + if (*key_type) { + if (!Is_Valid_OEMCrypto_PrivateKeyType(**key_type)) { + ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); + } } + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); } OPK_UnpackEOM(msg); @@ -2869,7 +2913,11 @@ void OPK_Unpack_GetHashErrorCode_Response(ODK_Message* msg, if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_uint32_t(msg, failed_frame_number); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, failed_frame_number); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -2905,8 +2953,16 @@ void OPK_Unpack_AllocateSecureBuffer_Response( if (!Is_Valid_OEMCryptoResult(*result)) { ODK_MESSAGE_SETSTATUS(msg, MESSAGE_STATUS_INVALID_ENUM_VALUE); } - OPK_UnpackNullable_OEMCrypto_DestBufferDesc(msg, output_descriptor); - OPK_UnpackNullable_int(msg, secure_fd); + if (SuccessResult(*result)) { + OPK_UnpackNullable_OEMCrypto_DestBufferDesc(msg, output_descriptor); + } else { + OPK_UnpackNullable_OEMCrypto_DestBufferDesc(msg, NULL); + } + if (SuccessResult(*result)) { + OPK_UnpackNullable_int(msg, secure_fd); + } else { + OPK_UnpackNullable_int(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { @@ -2923,7 +2979,7 @@ ODK_Message OPK_Pack_FreeSecureBuffer_Request( uint64_t timestamp = time(0); OPK_Pack_uint64_t(&msg, ×tamp); OPK_Pack_uint32_t(&msg, &session); - OPK_PackIsNull(&msg, output_descriptor); + OPK_PackNullable_OEMCrypto_DestBufferDesc(&msg, output_descriptor); OPK_Pack_int(&msg, &secure_fd); OPK_PackEOM(&msg); OPK_SharedBuffer_FinalizePacking(); @@ -2979,8 +3035,16 @@ void OPK_Unpack_OPK_SerializationVersion_Response( } OPK_UnpackNullable_uint32_t(msg, ree_major); OPK_UnpackNullable_uint32_t(msg, ree_minor); - OPK_UnpackNullable_uint32_t(msg, tee_major); - OPK_UnpackNullable_uint32_t(msg, tee_minor); + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, tee_major); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } + if (SuccessResult(*result)) { + OPK_UnpackNullable_uint32_t(msg, tee_minor); + } else { + OPK_UnpackNullable_uint32_t(msg, NULL); + } OPK_UnpackEOM(msg); if (SuccessResult(*result)) { diff --git a/oemcrypto/opk/serialization/tee/GEN_dispatcher.c b/oemcrypto/opk/serialization/tee/GEN_dispatcher.c index 02bd09e..7b67a28 100644 --- a/oemcrypto/opk/serialization/tee/GEN_dispatcher.c +++ b/oemcrypto/opk/serialization/tee/GEN_dispatcher.c @@ -1661,8 +1661,10 @@ ODK_MessageStatus OPK_DispatchMessage(ODK_Message* request, { OEMCrypto_SESSION session; OPK_Init_uint32_t((uint32_t*)&session); - OEMCrypto_DestBufferDesc* output_descriptor; - OPK_InitPointer((uint8_t**)&output_descriptor); + OEMCrypto_DestBufferDesc* output_descriptor = + (OEMCrypto_DestBufferDesc*)OPK_VarAlloc( + sizeof(OEMCrypto_DestBufferDesc)); + OPK_Init_OEMCrypto_DestBufferDesc(output_descriptor); int secure_fd; OPK_Init_int((int*)&secure_fd); OPK_Unpack_FreeSecureBuffer_Request(request, &session, &output_descriptor, diff --git a/oemcrypto/opk/serialization/tee/GEN_tee_serializer.c b/oemcrypto/opk/serialization/tee/GEN_tee_serializer.c index 3cc1d89..967f8ff 100644 --- a/oemcrypto/opk/serialization/tee/GEN_tee_serializer.c +++ b/oemcrypto/opk/serialization/tee/GEN_tee_serializer.c @@ -2480,8 +2480,7 @@ void OPK_Unpack_FreeSecureBuffer_Request( uint64_t timestamp; OPK_Unpack_uint64_t(msg, ×tamp); OPK_Unpack_uint32_t(msg, session); - *output_descriptor = (OEMCrypto_DestBufferDesc*)OPK_UnpackAlloc( - msg, sizeof(OEMCrypto_DestBufferDesc)); + OPK_UnpackNullable_OEMCrypto_DestBufferDesc(msg, output_descriptor); OPK_Unpack_int(msg, secure_fd); OPK_UnpackEOM(msg); OPK_SharedBuffer_FinalizeUnpacking(); diff --git a/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc b/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc index a5d058e..9bf3d29 100644 --- a/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc +++ b/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc @@ -45,7 +45,6 @@ void SessionFuzz::Terminate() { void OEMCryptoLicenseAPIFuzz::Initialize() { session_fuzz_.Initialize(); session_fuzz_.InstallTestRSAKey(); - session_fuzz_.session().GenerateNonce(); } void OEMCryptoLicenseAPIFuzz::Terminate() { diff --git a/oemcrypto/test/oec_session_util.cpp b/oemcrypto/test/oec_session_util.cpp index 19bfc2c..8b9b557 100644 --- a/oemcrypto/test/oec_session_util.cpp +++ b/oemcrypto/test/oec_session_util.cpp @@ -110,7 +110,6 @@ OEMCryptoResult DecryptCTR(OEMCrypto_SESSION session_id, const uint8_t* key, } // namespace - // Encrypt a block of data using CTR mode. void EncryptCTR(const vector& in_buffer, const uint8_t* key, const uint8_t* starting_iv, vector* out_buffer) { @@ -1070,11 +1069,11 @@ void EntitledMessage::MakeOneKey(size_t entitlement_key_index) { offsets->content_key_data_iv = FindSubstring( key_data->content_key_data_iv, sizeof(key_data->content_key_data_iv)); - EXPECT_EQ(1, GetRandBytes(key_data->content_iv, - sizeof(key_data->content_iv))); + EXPECT_EQ(1, + GetRandBytes(key_data->content_iv, sizeof(key_data->content_iv))); key_data->content_iv_length = sizeof(key_data->content_iv); - offsets->content_iv = FindSubstring( - key_data->content_iv, key_data->content_iv_length); + offsets->content_iv = + FindSubstring(key_data->content_iv, key_data->content_iv_length); } OEMCrypto_EntitledContentKeyObject* EntitledMessage::entitled_key_array() { @@ -1218,13 +1217,15 @@ void EntitledMessage::LoadCasKeys(bool load_even, bool load_odd, even_key.content_key_data_iv = entitled_key_array_[0].content_key_data_iv; even_key.content_key_data = entitled_key_array_[0].content_key_data; even_key.content_iv = entitled_key_array_[0].content_iv; + even_key.cipher_mode = OEMCrypto_CipherMode_CBC; } if (has_odd) { odd_key.entitlement_key_id = entitled_key_array_[1].entitlement_key_id; odd_key.content_key_id = entitled_key_array_[1].content_key_id; odd_key.content_key_data_iv = entitled_key_array_[1].content_key_data_iv; odd_key.content_key_data = entitled_key_array_[1].content_key_data; - even_key.content_iv = entitled_key_array_[1].content_iv; + odd_key.content_iv = entitled_key_array_[1].content_iv; + odd_key.cipher_mode = OEMCrypto_CipherMode_CBC; } OEMCryptoResult sts = OEMCrypto_LoadCasECMKeys( diff --git a/oemcrypto/test/oemcrypto_test.cpp b/oemcrypto/test/oemcrypto_test.cpp index e1f86bb..fc75680 100644 --- a/oemcrypto/test/oemcrypto_test.cpp +++ b/oemcrypto/test/oemcrypto_test.cpp @@ -23,6 +23,14 @@ * * @defgroup usage_table Usage Table Tests * Tests that use the usage table. + * + * @defgroup security Security Tests + * Buffer overflow tests, off-by-one tests, and other security tests. + * + * The way the huge buffer tests work is to create a large buffer and then call + * the API. The test then loops and doubles the buffer until the API returns an + * error. An error is considered a passing test. We expect OEMCrypto to fail + * gracefully on a huge buffer rather than crashing. */ #include @@ -284,7 +292,7 @@ TEST_F(OEMCryptoClientTest, FreeUnallocatedSecureBufferNoFailure) { */ TEST_F(OEMCryptoClientTest, VersionNumber) { const std::string log_message = - "OEMCrypto unit tests for API 17.2. Tests last updated 2023-09-07"; + "OEMCrypto unit tests for API 17.3. Tests last updated 2024-03-21"; cout << " " << log_message << "\n"; cout << " " << "These tests are part of Android T." @@ -293,7 +301,7 @@ TEST_F(OEMCryptoClientTest, VersionNumber) { // If any of the following fail, then it is time to update the log message // above. EXPECT_EQ(ODK_MAJOR_VERSION, 17); - EXPECT_EQ(ODK_MINOR_VERSION, 2); + EXPECT_EQ(ODK_MINOR_VERSION, 3); EXPECT_EQ(kCurrentAPI, 17u); OEMCrypto_Security_Level level = OEMCrypto_SecurityLevel(); EXPECT_GT(level, OEMCrypto_Level_Unknown); @@ -337,6 +345,10 @@ TEST_F(OEMCryptoClientTest, VersionNumber) { ASSERT_LE(version, kCurrentAPI); } +/** @ingroup security + * Test that allocate and free secure buffers fails gracefully on + * a huge request. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryAllocateSecureBufferForHugeBufferSize) { Session s; @@ -355,6 +367,9 @@ TEST_F(OEMCryptoClientTest, s.close(); } +/** @ingroup security + * Test that OEMCrypto_WrapKeyboxOrOEMCert fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryWrapKeyboxOrOEMCertForHugeKeyboxLength) { auto oemcrypto_function = [](size_t keybox_length) { @@ -372,6 +387,9 @@ TEST_F(OEMCryptoClientTest, kHugeInputBufferLength, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_WrapKeyboxOrOEMCert fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryWrapKeyboxOrOEMCertForHugeWrappedKeyboxLength) { auto oemcrypto_function = [](size_t buffer_length) { @@ -389,6 +407,9 @@ TEST_F(OEMCryptoClientTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_WrapKeyboxOrOEMCert fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryWrapKeyboxOrOEMCertForHugeTransportKey) { auto oemcrypto_function = [](size_t transport_key_length) { @@ -403,6 +424,9 @@ TEST_F(OEMCryptoClientTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_WrapKeyboxOrOEMCert fails gracefully on a huge buffer. + */ TEST_F( OEMCryptoClientTest, OEMCryptoMemoryWrapKeyboxOrOEMCertForHugeKeyboxLengthStartingFromLength1) { @@ -556,7 +580,9 @@ TEST_F(OEMCryptoClientTest, NormalInitTermination) { ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_Initialize()); } -// Test that set sandbox doesn't crash for a large sandbox id leangth. +/** @ingroup security + * Test that OEMCrypto_SetSandbox fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemorySetSandboxForHugeSandboxIdLength) { auto oemcrypto_function = [](size_t buffer_length) { vector buffer(buffer_length); @@ -672,7 +698,9 @@ TEST_F(OEMCryptoClientTest, GetRandomLargeBuffer) { ASSERT_LE(count, 6); // P(count > 6) = 4.3e-11 } -// Verify that GetRandom doesn't crash for large input lengths. +/** @ingroup security + * Test that OEMCrypto_GetRandom fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryGetRandomForHugeBuffer) { auto oemcrypto_function = [](size_t buffer_length) { vector buffer(buffer_length); @@ -817,6 +845,9 @@ TEST_F(OEMCryptoClientTest, ClearCopyTestLargeSubsample) { ASSERT_EQ(input_buffer, output_buffer); } +/** @ingroup security + * Test that OEMCrypto_CopyBuffer fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryCopyBufferForHugeBufferLengths) { Session s; ASSERT_NO_FATAL_FAILURE(s.open()); @@ -847,6 +878,9 @@ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryCopyBufferForHugeBufferLengths) { TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_CopyBuffer fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryCopyBufferDirectForHugeBufferLengths) { Session s; @@ -868,6 +902,9 @@ TEST_F(OEMCryptoClientTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_CopyBuffer fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoClientTest, OEMCryptoMemoryCopyBufferForOutOfRangeOffset) { Session s; ASSERT_NO_FATAL_FAILURE(s.open()); @@ -968,7 +1005,7 @@ class OEMCryptoKeyboxTest : public OEMCryptoClientTest { } }; -/******** Dangerous Tests - DO NOT RUN ***********/ +/*------ Dangerous Tests - DO NOT RUN ------------------------------------*/ /*The following tests try to test InstallKeybox API with random buffers of varying length in order to catch any overflow issues. These tests override the actual keybox on the device. Remove the if and endif statement to run these @@ -998,6 +1035,9 @@ TEST_F(OEMCryptoKeyboxTest, } #endif +/** @ingroup security + * Test that OEMCrypto_LoadTestKeybox fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryLoadTestKeyBoxForHugeKeyboxBuffer) { auto f = [](size_t keybox_length) { vector keybox(keybox_length); @@ -1010,6 +1050,9 @@ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryLoadTestKeyBoxForHugeKeyboxBuffer) { kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_LoadTestKeybox fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryLoadTestKeyBoxForHugeKeyboxBufferStartingFromLength1) { auto f = [](size_t keybox_length) { @@ -1032,6 +1075,9 @@ TEST_F(OEMCryptoKeyboxTest, NormalGetDeviceId) { << MaybeHex(dev_id, dev_id_len) << " len = " << dev_id_len << endl; } +/** @ingroup security + * Test that OEMCrypto_GetDeviceID fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryGetDeviceIdForHugeIdLength) { auto oemcrypto_function = [](size_t input_length) { size_t device_id_length = input_length; @@ -1073,6 +1119,9 @@ TEST_F(OEMCryptoKeyboxTest, NormalGetKeyData) { ASSERT_EQ(OEMCrypto_SUCCESS, sts); } +/** @ingroup security + * Test that OEMCrypto_GetKeyData fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryGetKeyIdForHugeIdLength) { auto oemcrypto_function = [](size_t input_length) { size_t key_data_length = input_length; @@ -1113,6 +1162,9 @@ TEST_F(OEMCryptoKeyboxTest, GenerateDerivedKeysFromKeyboxLargeBuffer) { enc_context.data(), enc_context.size())); } +/** @ingroup security + * Test that OEMCrypto_GenerateDerivedKeys fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryGenerateDerivedKeysForHugeMacContextLength) { Session s; @@ -1131,6 +1183,9 @@ TEST_F(OEMCryptoKeyboxTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_GenerateDerivedKeys fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryGenerateDerivedKeysForHugeEncContextLength) { Session s; @@ -1258,6 +1313,10 @@ TEST_F(OEMCryptoProv30Test, GetCertOnlyAPI16) { ASSERT_EQ(OEMCrypto_SUCCESS, license_messages.LoadResponse()); } +/** @ingroup security + * Test that OEMCrypto_GetOEMPublicCertificate fails gracefully on a huge + * buffer. + */ TEST_F(OEMCryptoProv30Test, OEMCryptoMemoryGetOEMPublicCertForHugeCertLength) { if (wrapped_rsa_key_.size() == 0) { // If we don't have a wrapped key yet, create one. @@ -1638,6 +1697,9 @@ class OEMCryptoSessionTests : public OEMCryptoClientTest { } }; +/** @ingroup security + * Test that OEMCrypto_CreateUsageTableHeader fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryCreateUsageTableHeaderForHugeHeaderBufferLength) { auto oemcrypto_function = [](size_t buffer_length) { @@ -1679,6 +1741,10 @@ class OEMCryptoLicenseTestAPI16 : public OEMCryptoSessionTests { LicenseRoundTrip license_messages_; }; +/** @ingroup security + * Test that OEMCrypto_PrepAndSignLicenseRequest fails gracefully on a huge + * buffer. + */ TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryPrepareLicenseRequestForHugeRequestMessageLength) { TestPrepareLicenseRequestForHugeBufferLengths( @@ -1688,6 +1754,10 @@ TEST_F(OEMCryptoSessionTests, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_PrepAndSignLicenseRequest fails gracefully on a huge + * buffer. + */ TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryPrepareLicenseRequestForHugeCoreMessageLength) { TestPrepareLicenseRequestForHugeBufferLengths( @@ -1697,6 +1767,10 @@ TEST_F(OEMCryptoSessionTests, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_PrepAndSignLicenseRequest fails gracefully on a huge + * buffer. + */ TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryPrepareLicenseRequestForHugeSignatureLength) { // There is a limit of signature length that gets validated. Hence not @@ -2214,6 +2288,9 @@ TEST_P(OEMCryptoEntitlementLicenseTest, */ TEST_P(OEMCryptoEntitlementLicenseTest, LoadEntitlementKeysWrongEntitledKeySessionAPI17) { + if (!global_features.supports_cas) { + GTEST_SKIP() << "OEMCrypto does not support CAS"; + } LoadEntitlementLicense(); uint32_t key_session_id = 0; ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( @@ -2248,6 +2325,9 @@ TEST_P(OEMCryptoEntitlementLicenseTest, */ TEST_P(OEMCryptoEntitlementLicenseTest, LoadEntitlementKeysOemcryptoSessionAPI17) { + if (!global_features.supports_cas) { + GTEST_SKIP() << "OEMCrypto does not support CAS"; + } LoadEntitlementLicense(); uint32_t key_session_id = 0; ASSERT_EQ(OEMCrypto_SUCCESS, OEMCrypto_CreateEntitledKeySession( @@ -3107,6 +3187,9 @@ TEST_P(OEMCryptoLicenseTest, SelectKeyEntitledKeyNotThereAPI17) { * id. */ TEST_P(OEMCryptoLicenseTest, SelectKeyEntitlementKeyAPI17) { + if (!global_features.supports_cas) { + GTEST_SKIP() << "OEMCrypto does not support CAS"; + } license_messages_.set_license_type(OEMCrypto_EntitlementLicense); ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest()); ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse()); @@ -3183,6 +3266,9 @@ TEST_P(OEMCryptoLicenseTest, // This verifies that multiple entitled key sessions can be created. They can // load and select keys independently. TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) { + if (!global_features.supports_cas) { + GTEST_SKIP() << "OEMCrypto does not support CAS"; + } license_messages_.set_license_type(OEMCrypto_EntitlementLicense); ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest()); ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse()); @@ -3210,9 +3296,7 @@ TEST_P(OEMCryptoLicenseTest, EntitledKeySessionMultipleKeySessionsAPI17) { session_.session_id(), &key_session_id_2); // For DRM, but not for CAS, we allow there to be only a single entitled // session. - if (!global_features.supports_cas && - (key_session_id_2 == key_session_id_1 || - status == OEMCrypto_ERROR_TOO_MANY_SESSIONS)) { + if (status == OEMCrypto_ERROR_TOO_MANY_SESSIONS) { GTEST_SKIP() << "Skipping test because multiple entitled sessions not supported."; } @@ -3294,6 +3378,9 @@ TEST_P(OEMCryptoLicenseTest, // instead). TEST_P(OEMCryptoLicenseTest, RejectOecSessionDecryptWithEntitlementLicenseAPI17) { + if (!global_features.supports_cas) { + GTEST_SKIP() << "OEMCrypto does not support CAS"; + } license_messages_.set_license_type(OEMCrypto_EntitlementLicense); ASSERT_NO_FATAL_FAILURE(license_messages_.SignAndVerifyRequest()); ASSERT_NO_FATAL_FAILURE(license_messages_.CreateDefaultResponse()); @@ -4038,7 +4125,8 @@ TEST_F(OEMCryptoSessionTests, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } -// Test OEMCrypto_QueryKeyControl doesn't crash for huge key_id_length. +/** Test that OEMCrypto_QueryKeyControl fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryQueryKeyControlForHugeKeyIdLength) { Session session; @@ -4063,8 +4151,9 @@ TEST_F(OEMCryptoSessionTests, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } -// Test OEMCrypto_QueryKeyControl doesn't crash for huge key_control_block -// length. +/** Test OEMCrypto_QueryKeyControl doesn't crash for huge key_control_block + * length. + */ TEST_F(OEMCryptoSessionTests, OEMCryptoMemoryQueryKeyControlForHugeKeyControlBlockLength) { Session session; @@ -4518,8 +4607,9 @@ TEST_P(OEMCryptoLicenseTest, HashForbiddenAPI15) { OEMCrypto_GetHashErrorCode(session_.session_id(), &frame_number)); } -// This test verifies that OEMCrypto_SetDecryptHash doesn't crash for a very -// large hash buffer. +/** This test verifies that OEMCrypto_SetDecryptHash doesn't crash for a very + large hash buffer. +*/ TEST_F(OEMCryptoMemoryLicenseTest, OEMCryptoMemoryDecryptHashForHugeHashBuffer) { uint32_t session_id = session_.session_id(); @@ -5909,6 +5999,8 @@ TEST_F(OEMCryptoLoadsCertificate, LoadWrappedRSAKey) { ASSERT_NO_FATAL_FAILURE(s.LoadWrappedRsaDrmKey(wrapped_rsa_key_)); } +/** Test that OEMCrypto_LoadDRMPrivateKey fails gracefully on a huge buffer. + */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryLoadDrmPrivateKeyForHugeWrappedRsaKeyLength) { ASSERT_NO_FATAL_FAILURE(CreateWrappedRSAKey()); @@ -6114,6 +6206,10 @@ TEST_F(OEMCryptoLoadsCertificate, SupportsCertificatesAPI13) { << "Supported certificates is only " << OEMCrypto_SupportedCertificates(); } +/** @ingroup security + * Test that OEMCrypto_PrepAndSignProvisioningRequest fails gracefully on a huge + * buffer. + */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryPrepareProvisioningRequestForHugeRequestMessageLength) { TestPrepareProvisioningRequestForHugeBufferLengths( @@ -6123,6 +6219,10 @@ TEST_F(OEMCryptoLoadsCertificate, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_PrepAndSignProvisioningRequest fails gracefully on a huge + * buffer. + */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryPrepareProvisioningRequestForHugeSignatureLength) { TestPrepareProvisioningRequestForHugeBufferLengths( @@ -6132,6 +6232,10 @@ TEST_F(OEMCryptoLoadsCertificate, !kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_PrepAndSignProvisioningRequest fails gracefully on a huge + * buffer. + */ TEST_F(OEMCryptoLoadsCertificate, OEMCryptoMemoryPrepareProvisioningRequestForHugeCoreMessageLength) { TestPrepareProvisioningRequestForHugeBufferLengths( @@ -7785,6 +7889,9 @@ TEST_P(OEMCryptoGenericCryptoTest, GenericKeyEncryptSameBufferAPI12) { ASSERT_EQ(expected_encrypted, buffer); } +/** @ingroup security + * Test that OEMCrypto_SelectKey fails gracefully on a huge buffer. + */ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemorySelectKeyForHugeKeyIdLength) { EncryptAndLoadKeys(); OEMCrypto_SESSION session_id = session_.session_id(); @@ -7796,6 +7903,9 @@ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemorySelectKeyForHugeKeyIdLength) { TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_SelectKey fails gracefully on a huge buffer. + */ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemoryGenericKeyEncryptForHugeBuffer) { EncryptAndLoadKeys(); @@ -7858,6 +7968,9 @@ TEST_P(OEMCryptoGenericCryptoTest, GenericKeyDecrypt) { ASSERT_EQ(clear_buffer_, resultant); } +/** @ingroup security + * Test that OEMCrypto_SelectKey fails gracefully on a huge buffer. + */ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemoryGenericKeyDecryptForHugeBuffer) { EncryptAndLoadKeys(); @@ -7963,6 +8076,9 @@ TEST_P(OEMCryptoGenericCryptoTest, GenericKeySign) { ASSERT_EQ(expected_signature, signature); } +/** @ingroup security + * Test that OEMCrypto_Generic_Sign fails gracefully on a huge buffer. + */ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemoryGenericKeySignForHugeBuffer) { EncryptAndLoadKeys(); unsigned int key_index = 2; @@ -7985,6 +8101,9 @@ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemoryGenericKeySignForHugeBuffer) { TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_Generic_Sign fails gracefully on a huge buffer. + */ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemoryGenericKeySignForHugeSignatureLength) { EncryptAndLoadKeys(); @@ -8035,6 +8154,9 @@ TEST_P(OEMCryptoGenericCryptoTest, GenericKeyVerify) { signature.data(), signature.size())); } +/** @ingroup security + * Test that OEMCrypto_Generic_Verify fails gracefully on a huge buffer. + */ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemoryGenericKeyVerifyForHugeBuffer) { EncryptAndLoadKeys(); @@ -8056,6 +8178,9 @@ TEST_P(OEMCryptoGenericCryptoTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_Generic_Verify fails gracefully on a huge buffer. + */ TEST_P(OEMCryptoGenericCryptoTest, OEMCryptoMemoryGenericKeyVerifyForHugeSignatureLength) { EncryptAndLoadKeys(); @@ -8577,6 +8702,9 @@ class OEMCryptoUsageTableTest : public OEMCryptoGenericCryptoTest { } }; +/** @ingroup security + * Test that OEMCrypto_UpdateUsageEntry fails gracefully on a huge buffer. + */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryUpdateUsageEntryForHugeHeaderBuffer) { if (!wvoec::global_features.usage_table) { @@ -8607,6 +8735,9 @@ TEST_P(OEMCryptoUsageTableTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_UpdateUsageEntry fails gracefully on a huge buffer. + */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryUpdateUsageEntryForHugeUsageEntryBuffer) { if (!wvoec::global_features.usage_table) { @@ -8634,6 +8765,9 @@ TEST_P(OEMCryptoUsageTableTest, TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_DeactivateUsageEntry fails gracefully on a huge buffer. + */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryDeactivateUsageEntryForHugePstBuffer) { if (!wvoec::global_features.usage_table) { @@ -8656,6 +8790,9 @@ TEST_P(OEMCryptoUsageTableTest, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_LoadUsageTableHeader fails gracefully on a huge buffer. + */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryLoadUsageTableHeaderForHugeHeader) { if (!wvoec::global_features.usage_table) { @@ -8682,6 +8819,9 @@ TEST_P(OEMCryptoUsageTableTest, kHugeInputBufferLength, !kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_LoadUsageTableHeader fails gracefully on a huge buffer. + */ TEST_P( OEMCryptoUsageTableTest, OEMCryptoMemoryLoadUsageTableHeaderForHugeHeaderStartingHeaderLengthFrom1) { @@ -8702,6 +8842,9 @@ TEST_P( TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_LoadUsageEntry fails gracefully on a huge buffer. + */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryLoadUsageEntryForHugeUsageEntryBuffer) { if (!wvoec::global_features.usage_table) { @@ -8748,6 +8891,9 @@ TEST_P(OEMCryptoUsageTableTest, s.encrypted_usage_entry().size())); } +/** @ingroup security + * Test that OEMCrypto_ReportUsage fails gracefully on a huge buffer. + */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryReportUsageForHugeReportBuffer) { if (!wvoec::global_features.usage_table) { GTEST_SKIP() << "Usage tables are not supported."; @@ -8777,6 +8923,9 @@ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryReportUsageForHugeReportBuffer) { TestHugeLengthDoesNotCrashAPI(oemcrypto_function, kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_ReportUsage fails gracefully on a huge buffer. + */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryReportUsageForHugePstBuffer) { if (!wvoec::global_features.usage_table) { GTEST_SKIP() << "Usage tables are not supported."; @@ -8799,6 +8948,9 @@ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryReportUsageForHugePstBuffer) { TestHugeLengthDoesNotCrashAPI(oemcrypto_function, !kCheckStatus); } +/** @ingroup security + * Test that OEMCrypto_ShrinkUsageTableHeader fails gracefully on a huge buffer. + */ TEST_P(OEMCryptoUsageTableTest, OEMCryptoMemoryShrinkUsageTableHeaderForHugeHeaderBufferLength) { if (!wvoec::global_features.usage_table) {