From b865111c0f431909e9857cb6df7330ecf5a63164 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mikael=20=C3=85gren?= Date: Wed, 9 Apr 2025 15:22:33 +0200 Subject: [PATCH] fw: Add pointer argument NULL checks --- hw/application_fpga/fw/tk1/auth_app.c | 9 ++++++ hw/application_fpga/fw/tk1/flash.c | 17 +++++++++++ hw/application_fpga/fw/tk1/mgmt_app.c | 4 +++ hw/application_fpga/fw/tk1/partition_table.c | 12 ++++++++ hw/application_fpga/fw/tk1/preload_app.c | 20 +++++++++++++ hw/application_fpga/fw/tk1/spi.c | 4 +++ hw/application_fpga/fw/tk1/storage.c | 31 ++++++++++++++++++++ 7 files changed, 97 insertions(+) diff --git a/hw/application_fpga/fw/tk1/auth_app.c b/hw/application_fpga/fw/tk1/auth_app.c index a782623..185b909 100644 --- a/hw/application_fpga/fw/tk1/auth_app.c +++ b/hw/application_fpga/fw/tk1/auth_app.c @@ -3,6 +3,7 @@ #include #include +#include #include #include @@ -17,6 +18,9 @@ static volatile uint32_t *cdi = (volatile uint32_t *)TK1_MMIO_TK1_CDI_FIRST; * Requires that the CDI is already calculated and stored */ static void calculate_auth_digest(uint8_t *nonce, uint8_t *auth_digest) { + assert(nonce != NULL); + assert(auth_digest != NULL); + blake2s_ctx ctx = {0}; // Generate a 16 byte authentication digest @@ -29,6 +33,7 @@ static void calculate_auth_digest(uint8_t *nonce, uint8_t *auth_digest) /* Generates a 16 byte nonce */ static void generate_nonce(uint32_t *nonce) { + assert(nonce != NULL); for (uint8_t i = 0; i < 4; i++) { nonce[i] = rng_get_word(); @@ -39,6 +44,8 @@ static void generate_nonce(uint32_t *nonce) * already calculated and stored */ void auth_app_create(struct auth_metadata *auth_table) { + assert(auth_table != NULL); + uint8_t nonce[16]; uint8_t auth_digest[16]; @@ -54,6 +61,8 @@ void auth_app_create(struct auth_metadata *auth_table) bool auth_app_authenticate(struct auth_metadata *auth_table) { + assert(auth_table != NULL); + uint8_t auth_digest[16]; calculate_auth_digest(auth_table->nonce, auth_digest); diff --git a/hw/application_fpga/fw/tk1/flash.c b/hw/application_fpga/fw/tk1/flash.c index 8bc69f3..d2dffe5 100644 --- a/hw/application_fpga/fw/tk1/flash.c +++ b/hw/application_fpga/fw/tk1/flash.c @@ -4,6 +4,7 @@ #include #include #include +#include #include #include "flash.h" @@ -128,6 +129,8 @@ void flash_powerdown(void) void flash_read_manufacturer_device_id(uint8_t *device_id) { + assert(device_id != NULL); + uint8_t tx_buf[4] = {0x00}; tx_buf[0] = READ_MANUFACTURER_ID; @@ -136,6 +139,8 @@ void flash_read_manufacturer_device_id(uint8_t *device_id) void flash_read_jedec_id(uint8_t *jedec_id) { + assert(jedec_id != NULL); + uint8_t tx_buf = READ_JEDEC_ID; spi_transfer(&tx_buf, sizeof(tx_buf), NULL, 0, jedec_id, 3); @@ -143,6 +148,8 @@ void flash_read_jedec_id(uint8_t *jedec_id) void flash_read_unique_id(uint8_t *unique_id) { + assert(unique_id != NULL); + uint8_t tx_buf[5] = {0x00}; tx_buf[0] = READ_UNIQUE_ID; @@ -151,6 +158,8 @@ void flash_read_unique_id(uint8_t *unique_id) void flash_read_status(uint8_t *status_reg) { + assert(status_reg != NULL); + uint8_t tx_buf = READ_STATUS_REG_1; spi_transfer(&tx_buf, sizeof(tx_buf), NULL, 0, status_reg, 1); @@ -161,6 +170,10 @@ void flash_read_status(uint8_t *status_reg) int flash_read_data(uint32_t address, uint8_t *dest_buf, size_t size) { + if (dest_buf == NULL) { + return -1; + } + uint8_t tx_buf[4] = {0x00}; tx_buf[0] = READ_DATA; tx_buf[1] = (address >> ADDR_BYTE_3_BIT) & 0xFF; @@ -174,6 +187,10 @@ int flash_read_data(uint32_t address, uint8_t *dest_buf, size_t size) // zero. int flash_write_data(uint32_t address, uint8_t *data, size_t size) { + if (data == NULL) { + return -1; + } + if (size <= 0 || size > 4096) { return -1; } diff --git a/hw/application_fpga/fw/tk1/mgmt_app.c b/hw/application_fpga/fw/tk1/mgmt_app.c index ee0db1e..1a3f76c 100644 --- a/hw/application_fpga/fw/tk1/mgmt_app.c +++ b/hw/application_fpga/fw/tk1/mgmt_app.c @@ -21,6 +21,10 @@ static const uint8_t allowed_app_digest[32] = { static uint8_t current_app_digest[32]; int mgmt_app_init(uint8_t app_digest[32]) { + if (app_digest == NULL) { + return -1; + } + if (memeq(app_digest, allowed_app_digest, 32)) { memcpy_s(current_app_digest, sizeof(current_app_digest), app_digest, 32); return 0; diff --git a/hw/application_fpga/fw/tk1/partition_table.c b/hw/application_fpga/fw/tk1/partition_table.c index 1ddec77..a84930f 100644 --- a/hw/application_fpga/fw/tk1/partition_table.c +++ b/hw/application_fpga/fw/tk1/partition_table.c @@ -23,6 +23,10 @@ void part_digest(struct partition_table *part_table, uint8_t *out_digest, size_t 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, }; + + assert(part_table != NULL); + assert(out_digest != NULL); + blake2err = blake2s(out_digest, out_len, key, sizeof(key), part_table, sizeof(struct partition_table)); @@ -43,6 +47,10 @@ int part_table_read(struct partition_table_storage *storage) }; uint8_t check_digest[PART_DIGEST_SIZE]; + if (storage == NULL) { + return -1; + } + flash_release_powerdown(); memset(storage, 0x00, sizeof(*storage)); @@ -70,6 +78,10 @@ int part_table_write(struct partition_table_storage *storage) ADDR_PARTITION_TABLE_1, }; + if (storage == NULL) { + return -1; + } + part_digest(&storage->table, storage->check_digest, sizeof(storage->check_digest)); for (int i = 0; i < 2; i ++) { diff --git a/hw/application_fpga/fw/tk1/preload_app.c b/hw/application_fpga/fw/tk1/preload_app.c index 6b979cb..563f25f 100644 --- a/hw/application_fpga/fw/tk1/preload_app.c +++ b/hw/application_fpga/fw/tk1/preload_app.c @@ -20,6 +20,10 @@ static uint32_t slot_to_start_address(uint8_t slot) { /* Loads a preloaded app from flash to app RAM */ int preload_load(struct partition_table *part_table, uint8_t from_slot) { + if (part_table == NULL) { + return -5; + } + if (from_slot >= N_PRELOADED_APP) { return -4; } @@ -44,6 +48,10 @@ int preload_load(struct partition_table *part_table, uint8_t from_slot) int preload_store(struct partition_table *part_table, uint32_t offset, uint8_t *data, size_t size, uint8_t to_slot) { + if (part_table == NULL || data == NULL) { + return -5; + } + if (to_slot >= N_PRELOADED_APP) { return -4; } @@ -78,6 +86,10 @@ int preload_store_finalize(struct partition_table_storage *part_table_storage, s { struct partition_table *part_table = &part_table_storage->table; + if (part_table == NULL || app_digest == NULL || app_signature == NULL) { + return -5; + } + if (to_slot >= N_PRELOADED_APP) { return -4; } @@ -116,6 +128,10 @@ int preload_delete(struct partition_table_storage *part_table_storage, uint8_t s { struct partition_table *part_table = &part_table_storage->table; + if (part_table_storage == NULL) { + return -5; + } + if (slot >= N_PRELOADED_APP) { return -4; } @@ -149,6 +165,10 @@ int preload_delete(struct partition_table_storage *part_table_storage, uint8_t s } int preload_get_digsig(struct partition_table *part_table, uint8_t app_digest[32], uint8_t app_signature[64], uint8_t slot) { + if (part_table == NULL || app_digest == NULL || app_signature == NULL) { + return -5; + } + if (slot >= N_PRELOADED_APP) { return -4; } diff --git a/hw/application_fpga/fw/tk1/spi.c b/hw/application_fpga/fw/tk1/spi.c index e415923..8204bdb 100644 --- a/hw/application_fpga/fw/tk1/spi.c +++ b/hw/application_fpga/fw/tk1/spi.c @@ -2,6 +2,7 @@ // SPDX-License-Identifier: GPL-2.0-only #include "spi.h" +#include #include #include @@ -33,6 +34,8 @@ static void spi_disable(void) static void spi_write(uint8_t *cmd, size_t size) { + assert(cmd != NULL); + for (size_t i = 0; i < size; i++) { while (!spi_ready()) { } @@ -47,6 +50,7 @@ static void spi_write(uint8_t *cmd, size_t size) static void spi_read(uint8_t *buf, size_t size) { + assert(buf != NULL); while (!spi_ready()) { } diff --git a/hw/application_fpga/fw/tk1/storage.c b/hw/application_fpga/fw/tk1/storage.c index b500dc3..c917f92 100644 --- a/hw/application_fpga/fw/tk1/storage.c +++ b/hw/application_fpga/fw/tk1/storage.c @@ -16,6 +16,9 @@ * returned. */ static int get_first_empty(struct partition_table *part_table) { + if (part_table == NULL) { + return -4; + } for (uint8_t i = 0; i < N_STORAGE_AREA; i++) { if (part_table->app_storage[i].status == 0x00) { @@ -26,6 +29,10 @@ static int get_first_empty(struct partition_table *part_table) } static int index_to_address(int index, uint32_t *address) { + if (address == NULL) { + return -4; + } + if ((index < 0) || (index >= N_STORAGE_AREA)) { return -1; } @@ -39,6 +46,10 @@ static int index_to_address(int index, uint32_t *address) { * authenticated -1 is returned. */ static int storage_get_area(struct partition_table *part_table) { + if (part_table == NULL) { + return -4; + } + for (uint8_t i = 0; i < N_STORAGE_AREA; i++) { if (part_table->app_storage[i].status != 0x00) { if (auth_app_authenticate( @@ -54,6 +65,10 @@ static int storage_get_area(struct partition_table *part_table) * if an area already was allocated, and negative values for errors. */ int storage_allocate_area(struct partition_table_storage *part_table_storage) { + if (part_table_storage == NULL) { + return -4; + } + struct partition_table *part_table = &part_table_storage->table; if (storage_get_area(part_table) != -1) { @@ -93,6 +108,10 @@ int storage_allocate_area(struct partition_table_storage *part_table_storage) * non-zero on errors. */ int storage_deallocate_area(struct partition_table_storage *part_table_storage) { + if (part_table_storage == NULL) { + return -4; + } + struct partition_table *part_table = &part_table_storage->table; int index = storage_get_area(part_table); @@ -134,6 +153,10 @@ int storage_deallocate_area(struct partition_table_storage *part_table_storage) int storage_erase_sector(struct partition_table *part_table, uint32_t offset, size_t size) { + if (part_table == NULL) { + return -4; + } + int index = storage_get_area(part_table); if (index == -1) { /* No allocated area */ @@ -182,6 +205,10 @@ int storage_erase_sector(struct partition_table *part_table, uint32_t offset, int storage_write_data(struct partition_table *part_table, uint32_t offset, uint8_t *data, size_t size) { + if (part_table == NULL || data == NULL) { + return -4; + } + int index = storage_get_area(part_table); if (index == -1) { /* No allocated area */ @@ -215,6 +242,10 @@ int storage_write_data(struct partition_table *part_table, uint32_t offset, int storage_read_data(struct partition_table *part_table, uint32_t offset, uint8_t *data, size_t size) { + if (part_table == NULL || data == NULL) { + return -4; + } + int index = storage_get_area(part_table); if (index == -1) { /* No allocated area */