[PATCH 1/2] cpio_utils: Fail on invalid Image IVT length
35 views
Skip to first unread message
Michael Glembotzki
Oct 15, 2023, 5:32:25 PM10/15/23
to swup...@googlegroups.com, Michael Glembotzki
An IVT in the sw-description file that is too short would result in a image
being processed with the default IVT. In the worst case, the file would be
incorrectly decrypted and still be processed/installed/executed.
Example:
> cat encryption.key
69D54287F856D30B51B812FDF714556778CF31E1B104D9C68BD90C669C37D1AB E93DA465B309C53FEC5FF93C9637DA58
> cat pre_post_inst.sh.dec
#!/bin/sh
echo "UUUUUU"
Encrypt a shell script. Please note the missing last hex character of the IVT: 8
> openssl enc -aes-256-cbc -in pre_post_inst.sh.dec -out pre_post_inst.sh \
-K 69D54287F856D30B51B812FDF714556778CF31E1B104D9C68BD90C669C37D1AB \
-iv E93DA465B309C53FEC5FF93C9637DA5
cat sw-description
software =
{
version = "1.0.0";
description = "Too small ivt sent in the sw description file";
scripts: (
{
filename = "pre_post_inst.sh";
type = "shellscript";
sha256 = "c7c2ae0d3e25dd2145f76649c1bfd5ee9c588e1d3bf509f1c4d15fef089f6669";
ivt = "E93DA465B309C53FEC5FF93C9637DA5";
encrypted = true;
},
);
}
Create and install swu:
[ERROR] : SWUPDATE failed [0] ERROR : /tmp/scripts/pre_post_inst.sh: line 3: syntax error near unexpected token `"UUUUUU"'
[ERROR] : SWUPDATE failed [0] ERROR : /tmp/scripts/pre_post_inst.sh: line 3: `echo("UUUUUU"'
The space after the echo becomes a bracket.
Signed-off-by: Michael Glembotzki <Michael.G...@iris-sensing.com>
---
core/cpio_utils.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/core/cpio_utils.c b/core/cpio_utils.c
index 4294083..2e5f19a 100644
--- a/core/cpio_utils.c
+++ b/core/cpio_utils.c
@@ -443,7 +443,7 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby
unsigned int md_len = 0;
unsigned char *aes_key = NULL;
unsigned char *ivt = NULL;
- unsigned char ivtbuf[16];
+ unsigned char ivtbuf[AES_BLK_SIZE];
struct InputState input_state = {
.fdin = fdin,
@@ -514,7 +514,11 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby
if (encrypted) {
aes_key = get_aes_key();
- if (imgivt && strlen(imgivt) && !ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) {
+ if (imgivt && strlen(imgivt)) {
+ if(ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) {
+ ERROR("invalid image ivt length");
+ return -EINVAL;
+ }
ivt = ivtbuf;
} else
ivt = get_aes_ivt();
--
2.35.7
being processed with the default IVT. In the worst case, the file would be
incorrectly decrypted and still be processed/installed/executed.
Example:
> cat encryption.key
69D54287F856D30B51B812FDF714556778CF31E1B104D9C68BD90C669C37D1AB E93DA465B309C53FEC5FF93C9637DA58
> cat pre_post_inst.sh.dec
#!/bin/sh
echo "UUUUUU"
Encrypt a shell script. Please note the missing last hex character of the IVT: 8
> openssl enc -aes-256-cbc -in pre_post_inst.sh.dec -out pre_post_inst.sh \
-K 69D54287F856D30B51B812FDF714556778CF31E1B104D9C68BD90C669C37D1AB \
-iv E93DA465B309C53FEC5FF93C9637DA5
cat sw-description
software =
{
version = "1.0.0";
description = "Too small ivt sent in the sw description file";
scripts: (
{
filename = "pre_post_inst.sh";
type = "shellscript";
sha256 = "c7c2ae0d3e25dd2145f76649c1bfd5ee9c588e1d3bf509f1c4d15fef089f6669";
ivt = "E93DA465B309C53FEC5FF93C9637DA5";
encrypted = true;
},
);
}
Create and install swu:
[ERROR] : SWUPDATE failed [0] ERROR : /tmp/scripts/pre_post_inst.sh: line 3: syntax error near unexpected token `"UUUUUU"'
[ERROR] : SWUPDATE failed [0] ERROR : /tmp/scripts/pre_post_inst.sh: line 3: `echo("UUUUUU"'
The space after the echo becomes a bracket.
Signed-off-by: Michael Glembotzki <Michael.G...@iris-sensing.com>
---
core/cpio_utils.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/core/cpio_utils.c b/core/cpio_utils.c
index 4294083..2e5f19a 100644
--- a/core/cpio_utils.c
+++ b/core/cpio_utils.c
@@ -443,7 +443,7 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby
unsigned int md_len = 0;
unsigned char *aes_key = NULL;
unsigned char *ivt = NULL;
- unsigned char ivtbuf[16];
+ unsigned char ivtbuf[AES_BLK_SIZE];
struct InputState input_state = {
.fdin = fdin,
@@ -514,7 +514,11 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby
if (encrypted) {
aes_key = get_aes_key();
- if (imgivt && strlen(imgivt) && !ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) {
+ if (imgivt && strlen(imgivt)) {
+ if(ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) {
+ ERROR("invalid image ivt length");
+ return -EINVAL;
+ }
ivt = ivtbuf;
} else
ivt = get_aes_ivt();
--
2.35.7
Michael Glembotzki
Oct 15, 2023, 5:32:27 PM10/15/23
to swup...@googlegroups.com, Michael Glembotzki
core/util.c | 16 ----------------
include/util.h | 1 -
2 files changed, 17 deletions(-)
diff --git a/core/util.c b/core/util.c
index afe447f..f8223d7 100644
--- a/core/util.c
+++ b/core/util.c
@@ -563,22 +563,6 @@ int set_aes_key(const char *key, const char *ivt)
return 0;
}
-int set_aes_ivt(const char *ivt)
-{
- int ret;
-
- if (!aes_key)
- return -EFAULT;
-
- ret = ascii_to_bin(aes_key->ivt, sizeof(aes_key->ivt), ivt);
-
- if (ret) {
- return -EINVAL;
- }
-
- return 0;
-}
-
const char *get_fwenv_config(void) {
if (!fwenv_config)
#if defined(CONFIG_UBOOT)
diff --git a/include/util.h b/include/util.h
index b50b58e..4202caa 100644
--- a/include/util.h
+++ b/include/util.h
@@ -244,7 +244,6 @@ unsigned char *get_aes_key(void);
char get_aes_keylen(void);
unsigned char *get_aes_ivt(void);
int set_aes_key(const char *key, const char *ivt);
-int set_aes_ivt(const char *ivt);
/* Getting global information */
int get_install_info(sourcetype *source, char *buf, size_t len);
--
2.35.7
include/util.h | 1 -
2 files changed, 17 deletions(-)
diff --git a/core/util.c b/core/util.c
index afe447f..f8223d7 100644
--- a/core/util.c
+++ b/core/util.c
@@ -563,22 +563,6 @@ int set_aes_key(const char *key, const char *ivt)
return 0;
}
-int set_aes_ivt(const char *ivt)
-{
- int ret;
-
- if (!aes_key)
- return -EFAULT;
-
- ret = ascii_to_bin(aes_key->ivt, sizeof(aes_key->ivt), ivt);
-
- if (ret) {
- return -EINVAL;
- }
-
- return 0;
-}
-
const char *get_fwenv_config(void) {
if (!fwenv_config)
#if defined(CONFIG_UBOOT)
diff --git a/include/util.h b/include/util.h
index b50b58e..4202caa 100644
--- a/include/util.h
+++ b/include/util.h
@@ -244,7 +244,6 @@ unsigned char *get_aes_key(void);
char get_aes_keylen(void);
unsigned char *get_aes_ivt(void);
int set_aes_key(const char *key, const char *ivt);
-int set_aes_ivt(const char *ivt);
/* Getting global information */
int get_install_info(sourcetype *source, char *buf, size_t len);
--
2.35.7
Stefano Babic
Oct 16, 2023, 5:57:39 AM10/16/23
to Michael Glembotzki, swup...@googlegroups.com, Michael Glembotzki
Stefano Babic
Oct 16, 2023, 5:57:39 AM10/16/23
to Michael Glembotzki, swup...@googlegroups.com, Michael Glembotzki
On 15.10.23 23:32, Michael Glembotzki wrote:
Reply all
Reply to author
Forward
0 new messages