diff --git a/src/wh_client_she.c b/src/wh_client_she.c index 716934f83..55e936382 100644 --- a/src/wh_client_she.c +++ b/src/wh_client_she.c @@ -96,6 +96,13 @@ int wh_Client_SheSetUidResponse(whClientContext* c) resp = (whMessageShe_SetUidResponse*)wh_CommClient_GetDataPtr(c->comm); ret = wh_Client_RecvResponse(c, &group, &action, &dataSz, (uint8_t*)resp); + if (ret == WH_ERROR_OK) { + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_SET_UID || + dataSz < sizeof(*resp)) { + ret = WH_ERROR_ABORTED; + } + } if (ret == WH_ERROR_OK) { ret = resp->rc; } @@ -150,6 +157,13 @@ int wh_Client_SheSecureBoot(whClientContext* c, uint8_t* bootloader, initResp = (whMessageShe_SecureBootInitResponse*)respBuf; } while (ret == WH_ERROR_NOTREADY); } + if (ret == 0) { + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_SECURE_BOOT_INIT || + dataSz < sizeof(*initResp)) { + ret = WH_ERROR_ABORTED; + } + } /* send update sub command until we've sent the entire bootloader */ while (ret == 0 && bootloaderSent < bootloaderLen) { @@ -186,6 +200,15 @@ int wh_Client_SheSecureBoot(whClientContext* c, uint8_t* bootloader, respBuf); } while (ret == WH_ERROR_NOTREADY); } + if (ret == 0) { + whMessageShe_SecureBootUpdateResponse* updateResp = + (whMessageShe_SecureBootUpdateResponse*)respBuf; + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_SECURE_BOOT_UPDATE || + dataSz < sizeof(*updateResp)) { + ret = WH_ERROR_ABORTED; + } + } /* increment sent */ if (ret == 0) { @@ -205,6 +228,13 @@ int wh_Client_SheSecureBoot(whClientContext* c, uint8_t* bootloader, finishResp = (whMessageShe_SecureBootFinishResponse*)respBuf; } while (ret == WH_ERROR_NOTREADY); } + if (ret == 0) { + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_SECURE_BOOT_FINISH || + dataSz < sizeof(*finishResp)) { + ret = WH_ERROR_ABORTED; + } + } if (ret == 0) { ret = finishResp->rc; @@ -242,13 +272,18 @@ int wh_Client_SheGetStatusResponse(whClientContext* c, uint8_t* sreg) resp = (whMessageShe_GetStatusResponse*)wh_CommClient_GetDataPtr(c->comm); ret = wh_Client_RecvResponse(c, &group, &action, &dataSz, (uint8_t*)resp); - - /* return error or set sreg */ if (ret == 0) { - if (resp->rc != WH_SHE_ERC_NO_ERROR) - ret = resp->rc; - else - *sreg = resp->sreg; + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_GET_STATUS || + dataSz < sizeof(*resp)) { + ret = WH_ERROR_ABORTED; + } + } + if (ret == 0) { + ret = resp->rc; + } + if (ret == 0) { + *sreg = resp->sreg; } return ret; } @@ -307,15 +342,20 @@ int wh_Client_SheLoadKeyResponse(whClientContext* c, uint8_t* messageFour, ret = wh_Client_RecvResponse(c, &group, &action, &dataSz, (uint8_t*)resp); if (ret == 0) { - if (resp->rc != WH_SHE_ERC_NO_ERROR) { - ret = resp->rc; - } - else { - /* copy out message 4 and 5 */ - memcpy(messageFour, resp->messageFour, sizeof(resp->messageFour)); - memcpy(messageFive, resp->messageFive, sizeof(resp->messageFive)); + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_LOAD_KEY || + dataSz < sizeof(*resp)) { + ret = WH_ERROR_ABORTED; } } + if (ret == 0) { + ret = resp->rc; + } + if (ret == 0) { + /* copy out message 4 and 5 */ + memcpy(messageFour, resp->messageFour, sizeof(resp->messageFour)); + memcpy(messageFive, resp->messageFive, sizeof(resp->messageFive)); + } return ret; } @@ -366,6 +406,13 @@ int wh_Client_SheLoadPlainKeyResponse(whClientContext* c) (whMessageShe_LoadPlainKeyResponse*)wh_CommClient_GetDataPtr(c->comm); ret = wh_Client_RecvResponse(c, &group, &action, &dataSz, (uint8_t*)resp); + if (ret == 0) { + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_LOAD_PLAIN_KEY || + dataSz < sizeof(*resp)) { + ret = WH_ERROR_ABORTED; + } + } if (ret == 0) { ret = resp->rc; } @@ -417,18 +464,23 @@ int wh_Client_SheExportRamKeyResponse(whClientContext* c, uint8_t* messageOne, ret = wh_Client_RecvResponse(c, &group, &action, &dataSz, (uint8_t*)resp); if (ret == 0) { - if (resp->rc != WH_SHE_ERC_NO_ERROR) { - ret = resp->rc; - } - else { - memcpy(messageOne, resp->messageOne, sizeof(resp->messageOne)); - memcpy(messageTwo, resp->messageTwo, sizeof(resp->messageTwo)); - memcpy(messageThree, resp->messageThree, - sizeof(resp->messageThree)); - memcpy(messageFour, resp->messageFour, sizeof(resp->messageFour)); - memcpy(messageFive, resp->messageFive, sizeof(resp->messageFive)); + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_EXPORT_RAM_KEY || + dataSz < sizeof(*resp)) { + ret = WH_ERROR_ABORTED; } } + if (ret == 0) { + ret = resp->rc; + } + if (ret == 0) { + memcpy(messageOne, resp->messageOne, sizeof(resp->messageOne)); + memcpy(messageTwo, resp->messageTwo, sizeof(resp->messageTwo)); + memcpy(messageThree, resp->messageThree, + sizeof(resp->messageThree)); + memcpy(messageFour, resp->messageFour, sizeof(resp->messageFour)); + memcpy(messageFive, resp->messageFive, sizeof(resp->messageFive)); + } return ret; } @@ -473,6 +525,13 @@ int wh_Client_SheInitRndResponse(whClientContext* c) resp = (whMessageShe_InitRngResponse*)wh_CommClient_GetDataPtr(c->comm); ret = wh_Client_RecvResponse(c, &group, &action, &dataSz, (uint8_t*)resp); + if (ret == 0) { + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_INIT_RND || + dataSz < sizeof(*resp)) { + ret = WH_ERROR_ABORTED; + } + } if (ret == 0) { ret = resp->rc; } @@ -516,15 +575,21 @@ int wh_Client_SheRndResponse(whClientContext* c, uint8_t* out, uint32_t* outSz) resp = (whMessageShe_RndResponse*)wh_CommClient_GetDataPtr(c->comm); ret = wh_Client_RecvResponse(c, &group, &action, &dataSz, (uint8_t*)resp); - if (ret == 0) { - if (resp->rc != WH_SHE_ERC_NO_ERROR) - ret = resp->rc; - else { - memcpy(out, resp->rnd, sizeof(resp->rnd)); - *outSz = sizeof(resp->rnd); + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_RND || + dataSz < sizeof(*resp)) { + ret = WH_ERROR_ABORTED; } } + if (ret == 0) { + ret = resp->rc; + } + if (ret == 0) { + memcpy(out, resp->rnd, sizeof(resp->rnd)); + *outSz = sizeof(resp->rnd); + } + return ret; } @@ -577,6 +642,13 @@ int wh_Client_SheExtendSeedResponse(whClientContext* c) resp = (whMessageShe_ExtendSeedResponse*)wh_CommClient_GetDataPtr(c->comm); ret = wh_Client_RecvResponse(c, &group, &action, &dataSz, (uint8_t*)resp); + if (ret == 0) { + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_EXTEND_SEED || + dataSz < sizeof(*resp)) { + ret = WH_ERROR_ABORTED; + } + } if (ret == 0) { ret = resp->rc; } @@ -640,11 +712,19 @@ int wh_Client_SheEncEcbResponse(whClientContext* c, uint8_t* out, uint32_t sz) ret = wh_Client_RecvResponse(c, &group, &action, &dataSz, (uint8_t*)resp); if (ret == 0) { - if (resp->rc != WH_SHE_ERC_NO_ERROR) { - ret = resp->rc; + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_ENC_ECB || + dataSz < sizeof(*resp) || + dataSz < sizeof(*resp) + resp->sz) { + ret = WH_ERROR_ABORTED; } - else if (sz < resp->sz) { - ret = WH_ERROR_BADARGS; + } + if (ret == 0) { + ret = resp->rc; + } + if (ret == 0) { + if (sz < resp->sz) { + ret = WH_ERROR_BUFFER_SIZE; } else { memcpy(out, packOut, resp->sz); @@ -712,11 +792,19 @@ int wh_Client_SheEncCbcResponse(whClientContext* c, uint8_t* out, uint32_t sz) ret = wh_Client_RecvResponse(c, &group, &action, &dataSz, (uint8_t*)resp); if (ret == 0) { - if (resp->rc != WH_SHE_ERC_NO_ERROR) { - ret = resp->rc; + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_ENC_CBC || + dataSz < sizeof(*resp) || + dataSz < sizeof(*resp) + resp->sz) { + ret = WH_ERROR_ABORTED; } - else if (sz < resp->sz) { - ret = WH_ERROR_BADARGS; + } + if (ret == 0) { + ret = resp->rc; + } + if (ret == 0) { + if (sz < resp->sz) { + ret = WH_ERROR_BUFFER_SIZE; } else { memcpy(out, packOut, resp->sz); @@ -780,11 +868,19 @@ int wh_Client_SheDecEcbResponse(whClientContext* c, uint8_t* out, uint32_t sz) ret = wh_Client_RecvResponse(c, &group, &action, &dataSz, (uint8_t*)resp); if (ret == 0) { - if (resp->rc != WH_SHE_ERC_NO_ERROR) { - ret = resp->rc; + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_DEC_ECB || + dataSz < sizeof(*resp) || + dataSz < sizeof(*resp) + resp->sz) { + ret = WH_ERROR_ABORTED; } - else if (sz < resp->sz) { - ret = WH_ERROR_BADARGS; + } + if (ret == 0) { + ret = resp->rc; + } + if (ret == 0) { + if (sz < resp->sz) { + ret = WH_ERROR_BUFFER_SIZE; } else { memcpy(out, packOut, resp->sz); @@ -852,11 +948,19 @@ int wh_Client_SheDecCbcResponse(whClientContext* c, uint8_t* out, uint32_t sz) ret = wh_Client_RecvResponse(c, &group, &action, &dataSz, (uint8_t*)resp); if (ret == 0) { - if (resp->rc != WH_SHE_ERC_NO_ERROR) { - ret = resp->rc; + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_DEC_CBC || + dataSz < sizeof(*resp) || + dataSz < sizeof(*resp) + resp->sz) { + ret = WH_ERROR_ABORTED; } - else if (sz < resp->sz) { - ret = WH_ERROR_BADARGS; + } + if (ret == 0) { + ret = resp->rc; + } + if (ret == 0) { + if (sz < resp->sz) { + ret = WH_ERROR_BUFFER_SIZE; } else { memcpy(out, packOut, resp->sz); @@ -919,13 +1023,18 @@ int wh_Client_SheGenerateMacResponse(whClientContext* c, uint8_t* out, ret = wh_Client_RecvResponse(c, &group, &action, &dataSz, (uint8_t*)resp); if (ret == 0) { - if (resp->rc != WH_SHE_ERC_NO_ERROR) { - ret = resp->rc; - } - else { - memcpy(out, resp->mac, WH_SHE_KEY_SZ); + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_GEN_MAC || + dataSz < sizeof(*resp)) { + ret = WH_ERROR_ABORTED; } } + if (ret == 0) { + ret = resp->rc; + } + if (ret == 0) { + memcpy(out, resp->mac, WH_SHE_KEY_SZ); + } return ret; } @@ -991,13 +1100,18 @@ int wh_Client_SheVerifyMacResponse(whClientContext* c, uint8_t* outStatus) resp = (whMessageShe_VerifyMacResponse*)wh_CommClient_GetDataPtr(c->comm); ret = wh_Client_RecvResponse(c, &group, &action, &dataSz, (uint8_t*)resp); if (ret == 0) { - if (resp->rc != WH_SHE_ERC_NO_ERROR) { - ret = resp->rc; - } - else { - *outStatus = resp->status; + if (group != WH_MESSAGE_GROUP_SHE || + action != WH_SHE_VERIFY_MAC || + dataSz < sizeof(*resp)) { + ret = WH_ERROR_ABORTED; } } + if (ret == 0) { + ret = resp->rc; + } + if (ret == 0) { + *outStatus = resp->status; + } return ret; }