From af3a67a4bc106d25e89eef3ababeec81158e6230 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Mon, 10 Nov 2025 14:12:12 -0700 Subject: [PATCH 1/3] add missing sanitization of input arguments to crypto handlers --- src/wh_server_cert.c | 18 +++++ src/wh_server_crypto.c | 172 +++++++++++++++++++++++++++++++++++------ 2 files changed, 166 insertions(+), 24 deletions(-) diff --git a/src/wh_server_cert.c b/src/wh_server_cert.c index 79d7b5033..b73d28ac1 100644 --- a/src/wh_server_cert.c +++ b/src/wh_server_cert.c @@ -387,10 +387,28 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic, whMessageCert_SimpleResponse resp = {0}; const uint8_t* cert_data; + /* Validate minimum size */ + if (req_size < sizeof(whMessageCert_AddTrustedRequest)) { + resp.rc = WH_ERROR_BADARGS; + wh_MessageCert_TranslateSimpleResponse( + magic, &resp, (whMessageCert_SimpleResponse*)resp_packet); + *out_resp_size = sizeof(resp); + break; + } + /* Convert request struct */ wh_MessageCert_TranslateAddTrustedRequest( magic, (whMessageCert_AddTrustedRequest*)req_packet, &req); + /* Validate certificate data fits within request */ + if (req_size < sizeof(req) + req.cert_len) { + resp.rc = WH_ERROR_BADARGS; + wh_MessageCert_TranslateSimpleResponse( + magic, &resp, (whMessageCert_SimpleResponse*)resp_packet); + *out_resp_size = sizeof(resp); + break; + } + /* Get pointer to certificate data */ cert_data = (const uint8_t*)req_packet + sizeof(req); diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c index 44877714a..67efae2e6 100644 --- a/src/wh_server_crypto.c +++ b/src/wh_server_crypto.c @@ -370,12 +370,15 @@ static int _HandleRsaFunction( whServerContext* ctx, uint16_t magic, const void* cryptoDataIn, uint16_t inSize, void* cryptoDataOut, uint16_t* outSize) { - (void)inSize; - int ret; RsaKey rsa[1]; whMessageCrypto_RsaRequest req; + /* Validate minimum size */ + if (inSize < sizeof(whMessageCrypto_RsaRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate request */ ret = wh_MessageCrypto_TranslateRsaRequest( magic, (const whMessageCrypto_RsaRequest*)cryptoDataIn, &req); @@ -391,6 +394,13 @@ static int _HandleRsaFunction( whServerContext* ctx, uint16_t magic, WH_KEYTYPE_CRYPTO, ctx->comm->client_id, req.keyId); word32 in_len = (word32)(req.inLen); word32 out_len = (word32)(req.outLen); + + /* Ensure input data fits within request payload */ + uint32_t available = inSize - sizeof(whMessageCrypto_RsaRequest); + if (in_len > available) { + return WH_ERROR_BADARGS; + } + /* in and out are after the fixed size fields */ byte* in = (uint8_t*)(cryptoDataIn + sizeof(whMessageCrypto_RsaRequest)); byte* out = (uint8_t*)(cryptoDataOut + sizeof(whMessageCrypto_RsaResponse)); @@ -953,12 +963,15 @@ static int _HandleEccSign(whServerContext* ctx, uint16_t magic, const void* cryptoDataIn, uint16_t inSize, void* cryptoDataOut, uint16_t* outSize) { - (void)inSize; - int ret; ecc_key key[1]; whMessageCrypto_EccSignRequest req; + /* Validate minimum size */ + if (inSize < sizeof(whMessageCrypto_EccSignRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate request */ ret = wh_MessageCrypto_TranslateEccSignRequest( magic, (const whMessageCrypto_EccSignRequest*)cryptoDataIn, &req); @@ -966,6 +979,12 @@ static int _HandleEccSign(whServerContext* ctx, uint16_t magic, return ret; } + /* Validate variable-length fields fit within inSize */ + uint32_t required_size = sizeof(whMessageCrypto_EccSignRequest) + req.sz; + if (inSize < required_size) { + return WH_ERROR_BADARGS; + } + /* Extract parameters from translated request */ uint8_t* in = (uint8_t*)(cryptoDataIn) + sizeof(whMessageCrypto_EccSignRequest); @@ -1034,13 +1053,16 @@ static int _HandleEccVerify(whServerContext* ctx, uint16_t magic, const void* cryptoDataIn, uint16_t inSize, void* cryptoDataOut, uint16_t* outSize) { - (void)inSize; - int ret; ecc_key key[1]; whMessageCrypto_EccVerifyRequest req; whMessageCrypto_EccVerifyResponse res; + /* Validate minimum size */ + if (inSize < sizeof(whMessageCrypto_EccVerifyRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate request */ ret = wh_MessageCrypto_TranslateEccVerifyRequest( magic, (const whMessageCrypto_EccVerifyRequest*)cryptoDataIn, &req); @@ -1048,6 +1070,13 @@ static int _HandleEccVerify(whServerContext* ctx, uint16_t magic, return ret; } + /* Validate variable-length fields fit within inSize */ + uint32_t required_size = + sizeof(whMessageCrypto_EccVerifyRequest) + req.sigSz + req.hashSz; + if (inSize < required_size) { + return WH_ERROR_BADARGS; + } + /* Extract parameters from translated request */ uint32_t options = req.options; whKeyId key_id = wh_KeyId_TranslateFromClient( @@ -1301,12 +1330,15 @@ static int _HandleHkdf(whServerContext* ctx, uint16_t magic, const void* cryptoDataIn, uint16_t inSize, void* cryptoDataOut, uint16_t* outSize) { - (void)inSize; - int ret = WH_ERROR_OK; whMessageCrypto_HkdfRequest req; whMessageCrypto_HkdfResponse res; + /* Validate minimum size */ + if (inSize < sizeof(whMessageCrypto_HkdfRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate request */ ret = wh_MessageCrypto_TranslateHkdfRequest( magic, (const whMessageCrypto_HkdfRequest*)cryptoDataIn, &req); @@ -1328,6 +1360,18 @@ static int _HandleHkdf(whServerContext* ctx, uint16_t magic, uint8_t* label = req.label; uint16_t label_size = WH_NVM_LABEL_LEN; + /* Validate variable-length fields fit within input buffer */ + uint32_t available = inSize - sizeof(whMessageCrypto_HkdfRequest); + if (inKeySz > available) { + return WH_ERROR_BADARGS; + } + if (saltSz > (available - inKeySz)) { + return WH_ERROR_BADARGS; + } + if (infoSz > (available - inKeySz - saltSz)) { + return WH_ERROR_BADARGS; + } + /* Get pointers to variable-length input data */ const uint8_t* inKey = (const uint8_t*)cryptoDataIn + sizeof(whMessageCrypto_HkdfRequest); @@ -1431,14 +1475,17 @@ static int _HandleCmacKdf(whServerContext* ctx, uint16_t magic, const void* cryptoDataIn, uint16_t inSize, void* cryptoDataOut, uint16_t* outSize) { - (void)inSize; - int ret = WH_ERROR_OK; whMessageCrypto_CmacKdfRequest req; whMessageCrypto_CmacKdfResponse res; memset(&res, 0, sizeof(res)); + /* Validate minimum size */ + if (inSize < sizeof(whMessageCrypto_CmacKdfRequest)) { + return WH_ERROR_BADARGS; + } + ret = wh_MessageCrypto_TranslateCmacKdfRequest( magic, (const whMessageCrypto_CmacKdfRequest*)cryptoDataIn, &req); if (ret != 0) { @@ -1459,6 +1506,18 @@ static int _HandleCmacKdf(whServerContext* ctx, uint16_t magic, uint8_t* label = req.label; uint16_t label_size = WH_NVM_LABEL_LEN; + /* Validate variable-length fields fit within input buffer */ + uint32_t available = inSize - sizeof(whMessageCrypto_CmacKdfRequest); + if (saltSz > available) { + return WH_ERROR_BADARGS; + } + if (zSz > (available - saltSz)) { + return WH_ERROR_BADARGS; + } + if (fixedInfoSz > (available - saltSz - zSz)) { + return WH_ERROR_BADARGS; + } + const uint8_t* salt = (const uint8_t*)cryptoDataIn + sizeof(whMessageCrypto_CmacKdfRequest); const uint8_t* z = salt + saltSz; @@ -1983,8 +2042,6 @@ static int _HandleAesCbc(whServerContext* ctx, uint16_t magic, const void* crypt uint16_t inSize, void* cryptoDataOut, uint16_t* outSize) { - (void)inSize; - int ret = 0; Aes aes[1] = {0}; whMessageCrypto_AesCbcRequest req; @@ -1992,6 +2049,11 @@ static int _HandleAesCbc(whServerContext* ctx, uint16_t magic, const void* crypt uint8_t* cachedKey = NULL; whNvmMetadata* keyMeta = NULL; + /* Validate minimum size */ + if (inSize < sizeof(whMessageCrypto_AesCbcRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate request */ ret = wh_MessageCrypto_TranslateAesCbcRequest( magic, (const whMessageCrypto_AesCbcRequest*)cryptoDataIn, &req); @@ -1999,12 +2061,13 @@ static int _HandleAesCbc(whServerContext* ctx, uint16_t magic, const void* crypt return ret; } + /* Validate variable-length fields fit within inSize */ uint32_t enc = req.enc; uint32_t key_len = req.keyLen; uint32_t len = req.sz; - uint64_t needed_size = sizeof(whMessageCrypto_AesCbcResponse) + len + - key_len + AES_BLOCK_SIZE; - if (needed_size > inSize) { + uint32_t required_size = + sizeof(whMessageCrypto_AesCbcRequest) + len + key_len + AES_BLOCK_SIZE; + if (inSize < required_size) { return WH_ERROR_BADARGS; } @@ -2096,13 +2159,16 @@ static int _HandleAesGcm(whServerContext* ctx, uint16_t magic, const void* cryptoDataIn, uint16_t inSize, void* cryptoDataOut, uint16_t* outSize) { - (void)inSize; - int ret = 0; Aes aes[1] = {0}; uint8_t* cachedKey = NULL; whNvmMetadata* keyMeta = NULL; + /* Validate minimum size */ + if (inSize < sizeof(whMessageCrypto_AesGcmRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate request */ whMessageCrypto_AesGcmRequest req; ret = wh_MessageCrypto_TranslateAesGcmRequest( @@ -2111,6 +2177,14 @@ static int _HandleAesGcm(whServerContext* ctx, uint16_t magic, return ret; } + /* Validate variable-length fields fit within inSize */ + uint32_t required_size = sizeof(whMessageCrypto_AesGcmRequest) + req.sz + + req.keyLen + req.ivSz + req.authInSz + + ((req.enc == 0) ? req.authTagSz : 0); + if (inSize < required_size) { + return WH_ERROR_BADARGS; + } + /* Translate response */ whMessageCrypto_AesGcmResponse res; res.sz = req.sz; @@ -2433,18 +2507,28 @@ static int _HandleCmac(whServerContext* ctx, uint16_t magic, uint16_t seq, const void* cryptoDataIn, uint16_t inSize, void* cryptoDataOut, uint16_t* outSize) { - (void)inSize; - int ret; whMessageCrypto_CmacRequest req; whMessageCrypto_CmacResponse res; + /* Validate minimum size */ + if (inSize < sizeof(whMessageCrypto_CmacRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate request */ ret = wh_MessageCrypto_TranslateCmacRequest(magic, cryptoDataIn, &req); if (ret != 0) { return ret; } + /* Validate variable-length fields fit within inSize */ + uint32_t required_size = + sizeof(whMessageCrypto_CmacRequest) + req.inSz + req.keySz; + if (inSize < required_size) { + return WH_ERROR_BADARGS; + } + uint32_t i; word32 len; whKeyId keyId = WH_KEYID_ERASED; @@ -2677,13 +2761,16 @@ static int _HandleSha256(whServerContext* ctx, uint16_t magic, const void* cryptoDataIn, uint16_t inSize, void* cryptoDataOut, uint16_t* outSize) { - (void)inSize; - int ret = 0; wc_Sha256 sha256[1]; whMessageCrypto_Sha256Request req; whMessageCrypto_Sha2Response res = {0}; + /* Validate minimum size */ + if (inSize < sizeof(whMessageCrypto_Sha256Request)) { + return WH_ERROR_BADARGS; + } + /* Translate the request */ ret = wh_MessageCrypto_TranslateSha256Request(magic, cryptoDataIn, &req); if (ret != 0) { @@ -2747,13 +2834,22 @@ static int _HandleSha224(whServerContext* ctx, uint16_t magic, wc_Sha224 sha224[1]; whMessageCrypto_Sha256Request req; whMessageCrypto_Sha2Response res; - (void)inSize; + + /* Validate minimum size */ + if (inSize < sizeof(whMessageCrypto_Sha256Request)) { + return WH_ERROR_BADARGS; + } /* Translate the request */ ret = wh_MessageCrypto_TranslateSha256Request(magic, cryptoDataIn, &req); if (ret != 0) { return ret; } + + /* Validate lastBlockLen is reasonable */ + if (req.isLastBlock && req.lastBlockLen > WC_SHA224_BLOCK_SIZE) { + return WH_ERROR_BADARGS; + } ret = wc_InitSha224_ex(sha224, NULL, ctx->crypto->devId); if (ret != 0) { return ret; @@ -2812,7 +2908,11 @@ static int _HandleSha384(whServerContext* ctx, uint16_t magic, wc_Sha384 sha384[1]; whMessageCrypto_Sha512Request req; whMessageCrypto_Sha2Response res; - (void)inSize; + + /* Validate minimum size */ + if (inSize < sizeof(whMessageCrypto_Sha512Request)) { + return WH_ERROR_BADARGS; + } /* Translate the request */ ret = wh_MessageCrypto_TranslateSha512Request(magic, cryptoDataIn, &req); @@ -2820,6 +2920,11 @@ static int _HandleSha384(whServerContext* ctx, uint16_t magic, return ret; } + /* Validate lastBlockLen is reasonable */ + if (req.isLastBlock && req.lastBlockLen > WC_SHA384_BLOCK_SIZE) { + return WH_ERROR_BADARGS; + } + /* init sha2 struct with the devid */ ret = wc_InitSha384_ex(sha384, NULL, ctx->crypto->devId); if (ret != 0) { @@ -2881,13 +2986,22 @@ static int _HandleSha512(whServerContext* ctx, uint16_t magic, whMessageCrypto_Sha512Request req; whMessageCrypto_Sha2Response res; int hashType = WC_HASH_TYPE_SHA512; - (void)inSize; + + /* Validate minimum size */ + if (inSize < sizeof(whMessageCrypto_Sha512Request)) { + return WH_ERROR_BADARGS; + } /* Translate the request */ ret = wh_MessageCrypto_TranslateSha512Request(magic, cryptoDataIn, &req); if (ret != 0) { return ret; } + + /* Validate lastBlockLen is reasonable */ + if (req.isLastBlock && req.lastBlockLen > WC_SHA512_BLOCK_SIZE) { + return WH_ERROR_BADARGS; + } /* init sha2 struct with devid */ hashType = req.resumeState.hashType; switch (hashType) { @@ -3377,6 +3491,11 @@ int wh_Server_HandleCryptoRequest(whServerContext* ctx, uint16_t magic, return WH_ERROR_BADARGS; } + /* Validate req_size to prevent integer underflow */ + if (req_size < sizeof(whMessageCrypto_GenericResponseHeader)) { + return WH_ERROR_BADARGS; + } + /* Translate the request message to get the algo type */ wh_MessageCrypto_TranslateGenericRequestHeader( magic, (whMessageCrypto_GenericRequestHeader*)req_packet, &rqstHeader); @@ -5019,6 +5138,11 @@ int wh_Server_HandleCryptoDmaRequest(whServerContext* ctx, uint16_t magic, return WH_ERROR_BADARGS; } + /* Validate req_size to prevent integer underflow */ + if (req_size < sizeof(whMessageCrypto_GenericResponseHeader)) { + return WH_ERROR_BADARGS; + } + /* Translate the request message to get the algo type */ wh_MessageCrypto_TranslateGenericRequestHeader( magic, (whMessageCrypto_GenericRequestHeader*)req_packet, &rqstHeader); From 7758567136ba1867b06b7f5de7127f302c28c2e7 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Mon, 10 Nov 2025 15:01:37 -0700 Subject: [PATCH 2/3] protect input length checks against overflow --- src/wh_server_cert.c | 2 +- src/wh_server_crypto.c | 56 +++++++++++++++++++++++++++++++----------- 2 files changed, 42 insertions(+), 16 deletions(-) diff --git a/src/wh_server_cert.c b/src/wh_server_cert.c index b73d28ac1..7e65aa987 100644 --- a/src/wh_server_cert.c +++ b/src/wh_server_cert.c @@ -401,7 +401,7 @@ int wh_Server_HandleCertRequest(whServerContext* server, uint16_t magic, magic, (whMessageCert_AddTrustedRequest*)req_packet, &req); /* Validate certificate data fits within request */ - if (req_size < sizeof(req) + req.cert_len) { + if (req.cert_len > req_size - sizeof(req)) { resp.rc = WH_ERROR_BADARGS; wh_MessageCert_TranslateSimpleResponse( magic, &resp, (whMessageCert_SimpleResponse*)resp_packet); diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c index 67efae2e6..4f01a1caf 100644 --- a/src/wh_server_crypto.c +++ b/src/wh_server_crypto.c @@ -980,8 +980,7 @@ static int _HandleEccSign(whServerContext* ctx, uint16_t magic, } /* Validate variable-length fields fit within inSize */ - uint32_t required_size = sizeof(whMessageCrypto_EccSignRequest) + req.sz; - if (inSize < required_size) { + if (req.sz > inSize - sizeof(whMessageCrypto_EccSignRequest)) { return WH_ERROR_BADARGS; } @@ -1071,9 +1070,12 @@ static int _HandleEccVerify(whServerContext* ctx, uint16_t magic, } /* Validate variable-length fields fit within inSize */ - uint32_t required_size = - sizeof(whMessageCrypto_EccVerifyRequest) + req.sigSz + req.hashSz; - if (inSize < required_size) { + uint32_t available = inSize - sizeof(whMessageCrypto_EccVerifyRequest); + if (req.sigSz > available) { + return WH_ERROR_BADARGS; + } + available -= req.sigSz; + if (req.hashSz > available) { return WH_ERROR_BADARGS; } @@ -2065,9 +2067,16 @@ static int _HandleAesCbc(whServerContext* ctx, uint16_t magic, const void* crypt uint32_t enc = req.enc; uint32_t key_len = req.keyLen; uint32_t len = req.sz; - uint32_t required_size = - sizeof(whMessageCrypto_AesCbcRequest) + len + key_len + AES_BLOCK_SIZE; - if (inSize < required_size) { + uint32_t available = inSize - sizeof(whMessageCrypto_AesCbcRequest); + if (len > available) { + return WH_ERROR_BADARGS; + } + available -= len; + if (key_len > available) { + return WH_ERROR_BADARGS; + } + available -= key_len; + if (AES_BLOCK_SIZE > available) { return WH_ERROR_BADARGS; } @@ -2178,10 +2187,24 @@ static int _HandleAesGcm(whServerContext* ctx, uint16_t magic, } /* Validate variable-length fields fit within inSize */ - uint32_t required_size = sizeof(whMessageCrypto_AesGcmRequest) + req.sz + - req.keyLen + req.ivSz + req.authInSz + - ((req.enc == 0) ? req.authTagSz : 0); - if (inSize < required_size) { + uint32_t available = inSize - sizeof(whMessageCrypto_AesGcmRequest); + if (req.sz > available) { + return WH_ERROR_BADARGS; + } + available -= req.sz; + if (req.keyLen > available) { + return WH_ERROR_BADARGS; + } + available -= req.keyLen; + if (req.ivSz > available) { + return WH_ERROR_BADARGS; + } + available -= req.ivSz; + if (req.authInSz > available) { + return WH_ERROR_BADARGS; + } + available -= req.authInSz; + if (req.enc == 0 && req.authTagSz > available) { return WH_ERROR_BADARGS; } @@ -2523,9 +2546,12 @@ static int _HandleCmac(whServerContext* ctx, uint16_t magic, uint16_t seq, } /* Validate variable-length fields fit within inSize */ - uint32_t required_size = - sizeof(whMessageCrypto_CmacRequest) + req.inSz + req.keySz; - if (inSize < required_size) { + uint32_t available = inSize - sizeof(whMessageCrypto_CmacRequest); + if (req.inSz > available) { + return WH_ERROR_BADARGS; + } + available -= req.inSz; + if (req.keySz > available) { return WH_ERROR_BADARGS; } From b48986be5d74f5d880dcb1c17febb5d849b01cf7 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Mon, 10 Nov 2025 15:34:44 -0700 Subject: [PATCH 3/3] add more missing checks --- src/wh_server_counter.c | 36 ++++++++++++++++- src/wh_server_crypto.c | 85 +++++++++++++++++++++++++++++------------ 2 files changed, 95 insertions(+), 26 deletions(-) diff --git a/src/wh_server_counter.c b/src/wh_server_counter.c index 047177057..b2e33ffbd 100644 --- a/src/wh_server_counter.c +++ b/src/wh_server_counter.c @@ -42,8 +42,6 @@ int wh_Server_HandleCounter(whServerContext* server, uint16_t magic, const void* req_packet, uint16_t* out_resp_size, void* resp_packet) { - (void)req_size; - whKeyId counterId = 0; int ret = 0; whNvmMetadata meta[1] = {{0}}; @@ -59,6 +57,14 @@ int wh_Server_HandleCounter(whServerContext* server, uint16_t magic, whMessageCounter_InitRequest req = {0}; whMessageCounter_InitResponse resp = {0}; + if (req_size < sizeof(whMessageCounter_InitRequest)) { + resp.rc = WH_ERROR_BADARGS; + (void)wh_MessageCounter_TranslateInitResponse( + magic, &resp, (whMessageCounter_InitResponse*)resp_packet); + *out_resp_size = sizeof(resp); + return WH_ERROR_OK; + } + /* translate request */ (void)wh_MessageCounter_TranslateInitRequest( magic, (whMessageCounter_InitRequest*)req_packet, &req); @@ -87,6 +93,15 @@ int wh_Server_HandleCounter(whServerContext* server, uint16_t magic, whMessageCounter_IncrementRequest req = {0}; whMessageCounter_IncrementResponse resp = {0}; + if (req_size < sizeof(whMessageCounter_IncrementRequest)) { + resp.rc = WH_ERROR_BADARGS; + (void)wh_MessageCounter_TranslateIncrementResponse( + magic, &resp, + (whMessageCounter_IncrementResponse*)resp_packet); + *out_resp_size = sizeof(resp); + return WH_ERROR_OK; + } + /* translate request */ (void)wh_MessageCounter_TranslateIncrementRequest( magic, (whMessageCounter_IncrementRequest*)req_packet, &req); @@ -133,6 +148,14 @@ int wh_Server_HandleCounter(whServerContext* server, uint16_t magic, whMessageCounter_ReadRequest req = {0}; whMessageCounter_ReadResponse resp = {0}; + if (req_size < sizeof(whMessageCounter_ReadRequest)) { + resp.rc = WH_ERROR_BADARGS; + (void)wh_MessageCounter_TranslateReadResponse( + magic, &resp, (whMessageCounter_ReadResponse*)resp_packet); + *out_resp_size = sizeof(resp); + return WH_ERROR_OK; + } + /* translate request */ (void)wh_MessageCounter_TranslateReadRequest( magic, (whMessageCounter_ReadRequest*)req_packet, &req); @@ -164,6 +187,15 @@ int wh_Server_HandleCounter(whServerContext* server, uint16_t magic, whMessageCounter_DestroyRequest req = {0}; whMessageCounter_DestroyResponse resp = {0}; + if (req_size < sizeof(whMessageCounter_DestroyRequest)) { + resp.rc = WH_ERROR_BADARGS; + (void)wh_MessageCounter_TranslateDestroyResponse( + magic, &resp, + (whMessageCounter_DestroyResponse*)resp_packet); + *out_resp_size = sizeof(resp); + return WH_ERROR_OK; + } + /* translate request */ (void)wh_MessageCounter_TranslateDestroyRequest( magic, (whMessageCounter_DestroyRequest*)req_packet, &req); diff --git a/src/wh_server_crypto.c b/src/wh_server_crypto.c index 4f01a1caf..27a8a3c3b 100644 --- a/src/wh_server_crypto.c +++ b/src/wh_server_crypto.c @@ -269,12 +269,13 @@ static int _HandleRsaKeyGen(whServerContext* ctx, uint16_t magic, const void* cryptoDataIn, uint16_t inSize, void* cryptoDataOut, uint16_t* outSize) { - (void)inSize; - int ret = 0; RsaKey rsa[1] = {0}; whMessageCrypto_RsaKeyGenRequest req; whMessageCrypto_RsaKeyGenResponse res; + if (inSize < sizeof(whMessageCrypto_RsaKeyGenRequest)) { + return WH_ERROR_BADARGS; + } /* Translate request */ ret = wh_MessageCrypto_TranslateRsaKeyGenRequest( @@ -507,12 +508,15 @@ static int _HandleRsaGetSize(whServerContext* ctx, uint16_t magic, const void* cryptoDataIn, uint16_t inSize, void* cryptoDataOut, uint16_t* outSize) { - (void)inSize; - int ret; RsaKey rsa[1]; whMessageCrypto_RsaGetSizeRequest req; whMessageCrypto_RsaGetSizeResponse res; + int key_size = 0; + + if (inSize < sizeof(whMessageCrypto_RsaGetSizeRequest)) { + return WH_ERROR_BADARGS; + } /* Translate request */ ret = wh_MessageCrypto_TranslateRsaGetSizeRequest( @@ -527,8 +531,6 @@ static int _HandleRsaGetSize(whServerContext* ctx, uint16_t magic, uint32_t options = req.options; int evict = !!(options & WH_MESSAGE_CRYPTO_RSA_GET_SIZE_OPTIONS_EVICT); - int key_size = 0; - /* init rsa key */ ret = wc_InitRsaKey_ex(rsa, NULL, ctx->crypto->devId); /* load the key from the keystore */ @@ -1205,12 +1207,14 @@ static int _HandleRng(whServerContext* ctx, uint16_t magic, const void* cryptoDataIn, uint16_t inSize, void* cryptoDataOut, uint16_t* outSize) { - (void)inSize; - int ret = WH_ERROR_OK; whMessageCrypto_RngRequest req; whMessageCrypto_RngResponse res; + if (inSize < sizeof(whMessageCrypto_RngRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate request */ ret = wh_MessageCrypto_TranslateRngRequest( magic, (const whMessageCrypto_RngRequest*)cryptoDataIn, &req); @@ -1811,13 +1815,17 @@ static int _HandleAesCtr(whServerContext* ctx, uint16_t magic, const void* cryptoDataIn, uint16_t inSize, void* cryptoDataOut, uint16_t* outSize) { - (void)inSize; int ret = 0; Aes aes[1] = {0}; whMessageCrypto_AesCtrRequest req; whMessageCrypto_AesCtrResponse res; uint8_t* cachedKey = NULL; whNvmMetadata* keyMeta = NULL; + + if (inSize < sizeof(whMessageCrypto_AesCtrRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate request */ ret = wh_MessageCrypto_TranslateAesCtrRequest( magic, (const whMessageCrypto_AesCtrRequest*)cryptoDataIn, &req); @@ -1931,8 +1939,6 @@ static int _HandleAesEcb(whServerContext* ctx, uint16_t magic, const void* cryptoDataIn, uint16_t inSize, void* cryptoDataOut, uint16_t* outSize) { - (void)inSize; - int ret = 0; Aes aes[1] = {0}; whMessageCrypto_AesEcbRequest req; @@ -1940,6 +1946,10 @@ static int _HandleAesEcb(whServerContext* ctx, uint16_t magic, uint8_t* cachedKey = NULL; whNvmMetadata* keyMeta = NULL; + if (inSize < sizeof(whMessageCrypto_AesEcbRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate request */ ret = wh_MessageCrypto_TranslateAesEcbRequest( magic, (const whMessageCrypto_AesEcbRequest*)cryptoDataIn, &req); @@ -2366,9 +2376,12 @@ static int _HandleAesGcmDma(whServerContext* ctx, uint16_t magic, uint16_t seq, whKeyId keyId; uint32_t keyLen; - (void)inSize; (void)seq; + if (inSize < sizeof(whMessageCrypto_AesDmaRequest)) { + return WH_ERROR_BADARGS; + } + ret = wh_MessageCrypto_TranslateAesDmaRequest( magic, (whMessageCrypto_AesDmaRequest*)cryptoDataIn, &req); if (ret != WH_ERROR_OK) { @@ -3820,7 +3833,6 @@ static int _HandleSha256Dma(whServerContext* ctx, uint16_t magic, uint16_t seq, void* cryptoDataOut, uint16_t* outSize) { (void)seq; - (void)inSize; int ret = 0; whMessageCrypto_Sha2DmaRequest req; @@ -3828,6 +3840,10 @@ static int _HandleSha256Dma(whServerContext* ctx, uint16_t magic, uint16_t seq, wc_Sha256 sha256[1]; int clientDevId; + if (inSize < sizeof(whMessageCrypto_Sha2DmaRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate the request */ ret = wh_MessageCrypto_TranslateSha2DmaRequest( magic, (whMessageCrypto_Sha2DmaRequest*)cryptoDataIn, &req); @@ -3943,13 +3959,16 @@ static int _HandleSha224Dma(whServerContext* ctx, uint16_t magic, uint16_t seq, void* cryptoDataOut, uint16_t* outSize) { (void)seq; - (void)inSize; int ret = 0; whMessageCrypto_Sha2DmaRequest req; whMessageCrypto_Sha2DmaResponse res; wc_Sha224 sha224[1]; int clientDevId; + if (inSize < sizeof(whMessageCrypto_Sha2DmaRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate the request */ ret = wh_MessageCrypto_TranslateSha2DmaRequest( magic, (whMessageCrypto_Sha2DmaRequest*)cryptoDataIn, &req); @@ -4065,13 +4084,16 @@ static int _HandleSha384Dma(whServerContext* ctx, uint16_t magic, uint16_t seq, void* cryptoDataOut, uint16_t* outSize) { (void)seq; - (void)inSize; int ret = 0; whMessageCrypto_Sha2DmaRequest req; whMessageCrypto_Sha2DmaResponse res; wc_Sha384 sha384[1]; int clientDevId; + if (inSize < sizeof(whMessageCrypto_Sha2DmaRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate the request */ ret = wh_MessageCrypto_TranslateSha2DmaRequest( magic, (whMessageCrypto_Sha2DmaRequest*)cryptoDataIn, &req); @@ -4187,7 +4209,6 @@ static int _HandleSha512Dma(whServerContext* ctx, uint16_t magic, uint16_t seq, void* cryptoDataOut, uint16_t* outSize) { (void)seq; - (void)inSize; int ret = 0; whMessageCrypto_Sha2DmaRequest req; whMessageCrypto_Sha2DmaResponse res; @@ -4195,6 +4216,10 @@ static int _HandleSha512Dma(whServerContext* ctx, uint16_t magic, uint16_t seq, int clientDevId; int hashType = WC_HASH_TYPE_SHA512; + if (inSize < sizeof(whMessageCrypto_Sha2DmaRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate the request */ ret = wh_MessageCrypto_TranslateSha2DmaRequest( magic, (whMessageCrypto_Sha2DmaRequest*)cryptoDataIn, &req); @@ -4331,8 +4356,6 @@ static int _HandleMlDsaKeyGenDma(whServerContext* ctx, uint16_t magic, (void)outSize; return WH_ERROR_NOHANDLER; #else - (void)inSize; - int ret = WH_ERROR_OK; MlDsaKey key[1]; void* clientOutAddr = NULL; @@ -4341,6 +4364,10 @@ static int _HandleMlDsaKeyGenDma(whServerContext* ctx, uint16_t magic, whMessageCrypto_MlDsaKeyGenDmaRequest req; whMessageCrypto_MlDsaKeyGenDmaResponse res; + if (inSize < sizeof(whMessageCrypto_MlDsaKeyGenDmaRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate the request */ ret = wh_MessageCrypto_TranslateMlDsaKeyGenDmaRequest( magic, (whMessageCrypto_MlDsaKeyGenDmaRequest*)cryptoDataIn, &req); @@ -4455,8 +4482,6 @@ static int _HandleMlDsaSignDma(whServerContext* ctx, uint16_t magic, (void)outSize; return WH_ERROR_NOHANDLER; #else - (void)inSize; - int ret = 0; MlDsaKey key[1]; void* msgAddr = NULL; @@ -4465,6 +4490,10 @@ static int _HandleMlDsaSignDma(whServerContext* ctx, uint16_t magic, whMessageCrypto_MlDsaSignDmaRequest req; whMessageCrypto_MlDsaSignDmaResponse res; + if (inSize < sizeof(whMessageCrypto_MlDsaSignDmaRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate the request */ ret = wh_MessageCrypto_TranslateMlDsaSignDmaRequest( magic, (whMessageCrypto_MlDsaSignDmaRequest*)cryptoDataIn, &req); @@ -4564,8 +4593,6 @@ static int _HandleMlDsaVerifyDma(whServerContext* ctx, uint16_t magic, (void)outSize; return WH_ERROR_NOHANDLER; #else - (void)inSize; - int ret = 0; MlDsaKey key[1]; void* msgAddr = NULL; @@ -4575,6 +4602,10 @@ static int _HandleMlDsaVerifyDma(whServerContext* ctx, uint16_t magic, whMessageCrypto_MlDsaVerifyDmaRequest req; whMessageCrypto_MlDsaVerifyDmaResponse res; + if (inSize < sizeof(whMessageCrypto_MlDsaVerifyDmaRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate the request */ ret = wh_MessageCrypto_TranslateMlDsaVerifyDmaRequest( magic, (whMessageCrypto_MlDsaVerifyDmaRequest*)cryptoDataIn, &req); @@ -4730,12 +4761,15 @@ static int _HandleCmacDma(whServerContext* ctx, uint16_t magic, uint16_t seq, void* cryptoDataOut, uint16_t* outSize) { (void)seq; - (void)inSize; int ret = 0; whMessageCrypto_CmacDmaRequest req; whMessageCrypto_CmacDmaResponse res; + if (inSize < sizeof(whMessageCrypto_CmacDmaRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate request */ ret = wh_MessageCrypto_TranslateCmacDmaRequest( magic, (whMessageCrypto_CmacDmaRequest*)cryptoDataIn, &req); @@ -5086,13 +5120,16 @@ static int _HandleRngDma(whServerContext* ctx, uint16_t magic, uint16_t seq, void* cryptoDataOut, uint16_t* outSize) { (void)seq; - (void)inSize; int ret = 0; whMessageCrypto_RngDmaRequest req; whMessageCrypto_RngDmaResponse res; void* outAddr = NULL; + if (inSize < sizeof(whMessageCrypto_RngDmaRequest)) { + return WH_ERROR_BADARGS; + } + /* Translate the request */ ret = wh_MessageCrypto_TranslateRngDmaRequest( magic, (whMessageCrypto_RngDmaRequest*)cryptoDataIn, &req);