Git-Mirrors/tillitis-key
1
0
Fork 0
mirror of https://github.com/tillitis/tillitis-key1.git synced 2025-08-08 22:52:24 -04:00
Code Issues Projects Releases Packages Wiki Activity

fw: Add pointer argument NULL checks

Browse source
This commit is contained in:
Mikael Ågren 2025-04-09 15:22:33 +02:00
parent e52b68650f
commit b865111c0f
No known key found for this signature in database
GPG key ID: E02DA3D397792C46
7 changed files with 97 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
hw/application_fpga/fw/tk1/auth_app.c
View file

@ -3,6 +3,7 @@
#include <stdbool.h> #include <stdbool.h>
#include <stdint.h> #include <stdint.h>
#include <tkey/assert.h>
#include <tkey/lib.h> #include <tkey/lib.h>
#include <tkey/tk1_mem.h> #include <tkey/tk1_mem.h>
@ -17,6 +18,9 @@ static volatile uint32_t *cdi = (volatile uint32_t *)TK1_MMIO_TK1_CDI_FIRST;
* Requires that the CDI is already calculated and stored */ * Requires that the CDI is already calculated and stored */
static void calculate_auth_digest(uint8_t *nonce, uint8_t *auth_digest) static void calculate_auth_digest(uint8_t *nonce, uint8_t *auth_digest)
{ {
assert(nonce != NULL);
assert(auth_digest != NULL);
blake2s_ctx ctx = {0}; blake2s_ctx ctx = {0};
// Generate a 16 byte authentication digest // Generate a 16 byte authentication digest
@ -29,6 +33,7 @@ static void calculate_auth_digest(uint8_t *nonce, uint8_t *auth_digest)
/* Generates a 16 byte nonce */ /* Generates a 16 byte nonce */
static void generate_nonce(uint32_t *nonce) static void generate_nonce(uint32_t *nonce)
{ {
assert(nonce != NULL);
for (uint8_t i = 0; i < 4; i++) { for (uint8_t i = 0; i < 4; i++) {
nonce[i] = rng_get_word(); nonce[i] = rng_get_word();
@ -39,6 +44,8 @@ static void generate_nonce(uint32_t *nonce)
* already calculated and stored */ * already calculated and stored */
void auth_app_create(struct auth_metadata *auth_table) void auth_app_create(struct auth_metadata *auth_table)
{ {
assert(auth_table != NULL);
uint8_t nonce[16]; uint8_t nonce[16];
uint8_t auth_digest[16]; uint8_t auth_digest[16];
@ -54,6 +61,8 @@ void auth_app_create(struct auth_metadata *auth_table)
bool auth_app_authenticate(struct auth_metadata *auth_table) bool auth_app_authenticate(struct auth_metadata *auth_table)
{ {
assert(auth_table != NULL);
uint8_t auth_digest[16]; uint8_t auth_digest[16];
calculate_auth_digest(auth_table->nonce, auth_digest); calculate_auth_digest(auth_table->nonce, auth_digest);

17
hw/application_fpga/fw/tk1/flash.c
View file

@ -4,6 +4,7 @@
#include <stdbool.h> #include <stdbool.h>
#include <stddef.h> #include <stddef.h>
#include <stdint.h> #include <stdint.h>
#include <tkey/assert.h>
#include <tkey/tk1_mem.h> #include <tkey/tk1_mem.h>
#include "flash.h" #include "flash.h"
@ -128,6 +129,8 @@ void flash_powerdown(void)
void flash_read_manufacturer_device_id(uint8_t *device_id) void flash_read_manufacturer_device_id(uint8_t *device_id)
{ {
assert(device_id != NULL);
uint8_t tx_buf[4] = {0x00}; uint8_t tx_buf[4] = {0x00};
tx_buf[0] = READ_MANUFACTURER_ID; tx_buf[0] = READ_MANUFACTURER_ID;
@ -136,6 +139,8 @@ void flash_read_manufacturer_device_id(uint8_t *device_id)
void flash_read_jedec_id(uint8_t *jedec_id) void flash_read_jedec_id(uint8_t *jedec_id)
{ {
assert(jedec_id != NULL);
uint8_t tx_buf = READ_JEDEC_ID; uint8_t tx_buf = READ_JEDEC_ID;
spi_transfer(&tx_buf, sizeof(tx_buf), NULL, 0, jedec_id, 3); spi_transfer(&tx_buf, sizeof(tx_buf), NULL, 0, jedec_id, 3);
@ -143,6 +148,8 @@ void flash_read_jedec_id(uint8_t *jedec_id)
void flash_read_unique_id(uint8_t *unique_id) void flash_read_unique_id(uint8_t *unique_id)
{ {
assert(unique_id != NULL);
uint8_t tx_buf[5] = {0x00}; uint8_t tx_buf[5] = {0x00};
tx_buf[0] = READ_UNIQUE_ID; tx_buf[0] = READ_UNIQUE_ID;
@ -151,6 +158,8 @@ void flash_read_unique_id(uint8_t *unique_id)
void flash_read_status(uint8_t *status_reg) void flash_read_status(uint8_t *status_reg)
{ {
assert(status_reg != NULL);
uint8_t tx_buf = READ_STATUS_REG_1; uint8_t tx_buf = READ_STATUS_REG_1;
spi_transfer(&tx_buf, sizeof(tx_buf), NULL, 0, status_reg, 1); spi_transfer(&tx_buf, sizeof(tx_buf), NULL, 0, status_reg, 1);
@ -161,6 +170,10 @@ void flash_read_status(uint8_t *status_reg)
int flash_read_data(uint32_t address, uint8_t *dest_buf, size_t size) int flash_read_data(uint32_t address, uint8_t *dest_buf, size_t size)
{ {
if (dest_buf == NULL) {
return -1;
}
uint8_t tx_buf[4] = {0x00}; uint8_t tx_buf[4] = {0x00};
tx_buf[0] = READ_DATA; tx_buf[0] = READ_DATA;
tx_buf[1] = (address >> ADDR_BYTE_3_BIT) & 0xFF; tx_buf[1] = (address >> ADDR_BYTE_3_BIT) & 0xFF;
@ -174,6 +187,10 @@ int flash_read_data(uint32_t address, uint8_t *dest_buf, size_t size)
// zero. // zero.
int flash_write_data(uint32_t address, uint8_t *data, size_t size) int flash_write_data(uint32_t address, uint8_t *data, size_t size)
{ {
if (data == NULL) {
return -1;
}
if (size <= 0 || size > 4096) { if (size <= 0 || size > 4096) {
return -1; return -1;
} }

4
hw/application_fpga/fw/tk1/mgmt_app.c
View file

@ -21,6 +21,10 @@ static const uint8_t allowed_app_digest[32] = {
static uint8_t current_app_digest[32]; static uint8_t current_app_digest[32];
int mgmt_app_init(uint8_t app_digest[32]) { int mgmt_app_init(uint8_t app_digest[32]) {
if (app_digest == NULL) {
return -1;
}
if (memeq(app_digest, allowed_app_digest, 32)) { if (memeq(app_digest, allowed_app_digest, 32)) {
memcpy_s(current_app_digest, sizeof(current_app_digest), app_digest, 32); memcpy_s(current_app_digest, sizeof(current_app_digest), app_digest, 32);
return 0; return 0;

12
hw/application_fpga/fw/tk1/partition_table.c
View file

@ -23,6 +23,10 @@ void part_digest(struct partition_table *part_table, uint8_t *out_digest, size_t
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
}; };
assert(part_table != NULL);
assert(out_digest != NULL);
blake2err = blake2s(out_digest, out_len, blake2err = blake2s(out_digest, out_len,
key, sizeof(key), part_table, sizeof(struct partition_table)); key, sizeof(key), part_table, sizeof(struct partition_table));
@ -43,6 +47,10 @@ int part_table_read(struct partition_table_storage *storage)
}; };
uint8_t check_digest[PART_DIGEST_SIZE]; uint8_t check_digest[PART_DIGEST_SIZE];
if (storage == NULL) {
return -1;
}
flash_release_powerdown(); flash_release_powerdown();
memset(storage, 0x00, sizeof(*storage)); memset(storage, 0x00, sizeof(*storage));
@ -70,6 +78,10 @@ int part_table_write(struct partition_table_storage *storage)
ADDR_PARTITION_TABLE_1, ADDR_PARTITION_TABLE_1,
}; };
if (storage == NULL) {
return -1;
}
part_digest(&storage->table, storage->check_digest, sizeof(storage->check_digest)); part_digest(&storage->table, storage->check_digest, sizeof(storage->check_digest));
for (int i = 0; i < 2; i ++) { for (int i = 0; i < 2; i ++) {

20
hw/application_fpga/fw/tk1/preload_app.c
View file

@ -20,6 +20,10 @@ static uint32_t slot_to_start_address(uint8_t slot) {
/* Loads a preloaded app from flash to app RAM */ /* Loads a preloaded app from flash to app RAM */
int preload_load(struct partition_table *part_table, uint8_t from_slot) int preload_load(struct partition_table *part_table, uint8_t from_slot)
{ {
if (part_table == NULL) {
return -5;
}
if (from_slot >= N_PRELOADED_APP) { if (from_slot >= N_PRELOADED_APP) {
return -4; return -4;
} }
@ -44,6 +48,10 @@ int preload_load(struct partition_table *part_table, uint8_t from_slot)
int preload_store(struct partition_table *part_table, uint32_t offset, int preload_store(struct partition_table *part_table, uint32_t offset,
uint8_t *data, size_t size, uint8_t to_slot) uint8_t *data, size_t size, uint8_t to_slot)
{ {
if (part_table == NULL || data == NULL) {
return -5;
}
if (to_slot >= N_PRELOADED_APP) { if (to_slot >= N_PRELOADED_APP) {
return -4; return -4;
} }
@ -78,6 +86,10 @@ int preload_store_finalize(struct partition_table_storage *part_table_storage, s
{ {
struct partition_table *part_table = &part_table_storage->table; struct partition_table *part_table = &part_table_storage->table;
if (part_table == NULL || app_digest == NULL || app_signature == NULL) {
return -5;
}
if (to_slot >= N_PRELOADED_APP) { if (to_slot >= N_PRELOADED_APP) {
return -4; return -4;
} }
@ -116,6 +128,10 @@ int preload_delete(struct partition_table_storage *part_table_storage, uint8_t s
{ {
struct partition_table *part_table = &part_table_storage->table; struct partition_table *part_table = &part_table_storage->table;
if (part_table_storage == NULL) {
return -5;
}
if (slot >= N_PRELOADED_APP) { if (slot >= N_PRELOADED_APP) {
return -4; return -4;
} }
@ -149,6 +165,10 @@ int preload_delete(struct partition_table_storage *part_table_storage, uint8_t s
} }
int preload_get_digsig(struct partition_table *part_table, uint8_t app_digest[32], uint8_t app_signature[64], uint8_t slot) { int preload_get_digsig(struct partition_table *part_table, uint8_t app_digest[32], uint8_t app_signature[64], uint8_t slot) {
if (part_table == NULL || app_digest == NULL || app_signature == NULL) {
return -5;
}
if (slot >= N_PRELOADED_APP) { if (slot >= N_PRELOADED_APP) {
return -4; return -4;
} }

4
hw/application_fpga/fw/tk1/spi.c
View file

@ -2,6 +2,7 @@
// SPDX-License-Identifier: GPL-2.0-only // SPDX-License-Identifier: GPL-2.0-only
#include "spi.h" #include "spi.h"
#include <tkey/assert.h>
#include <tkey/tk1_mem.h> #include <tkey/tk1_mem.h>
#include <stddef.h> #include <stddef.h>
@ -33,6 +34,8 @@ static void spi_disable(void)
static void spi_write(uint8_t *cmd, size_t size) static void spi_write(uint8_t *cmd, size_t size)
{ {
assert(cmd != NULL);
for (size_t i = 0; i < size; i++) { for (size_t i = 0; i < size; i++) {
while (!spi_ready()) { while (!spi_ready()) {
} }
@ -47,6 +50,7 @@ static void spi_write(uint8_t *cmd, size_t size)
static void spi_read(uint8_t *buf, size_t size) static void spi_read(uint8_t *buf, size_t size)
{ {
assert(buf != NULL);
while (!spi_ready()) { while (!spi_ready()) {
} }

31
hw/application_fpga/fw/tk1/storage.c
View file

@ -16,6 +16,9 @@
* returned. */ * returned. */
static int get_first_empty(struct partition_table *part_table) static int get_first_empty(struct partition_table *part_table)
{ {
if (part_table == NULL) {
return -4;
}
for (uint8_t i = 0; i < N_STORAGE_AREA; i++) { for (uint8_t i = 0; i < N_STORAGE_AREA; i++) {
if (part_table->app_storage[i].status == 0x00) { if (part_table->app_storage[i].status == 0x00) {
@ -26,6 +29,10 @@ static int get_first_empty(struct partition_table *part_table)
} }
static int index_to_address(int index, uint32_t *address) { static int index_to_address(int index, uint32_t *address) {
if (address == NULL) {
return -4;
}
if ((index < 0) || (index >= N_STORAGE_AREA)) { if ((index < 0) || (index >= N_STORAGE_AREA)) {
return -1; return -1;
} }
@ -39,6 +46,10 @@ static int index_to_address(int index, uint32_t *address) {
* authenticated -1 is returned. */ * authenticated -1 is returned. */
static int storage_get_area(struct partition_table *part_table) static int storage_get_area(struct partition_table *part_table)
{ {
if (part_table == NULL) {
return -4;
}
for (uint8_t i = 0; i < N_STORAGE_AREA; i++) { for (uint8_t i = 0; i < N_STORAGE_AREA; i++) {
if (part_table->app_storage[i].status != 0x00) { if (part_table->app_storage[i].status != 0x00) {
if (auth_app_authenticate( if (auth_app_authenticate(
@ -54,6 +65,10 @@ static int storage_get_area(struct partition_table *part_table)
* if an area already was allocated, and negative values for errors. */ * if an area already was allocated, and negative values for errors. */
int storage_allocate_area(struct partition_table_storage *part_table_storage) int storage_allocate_area(struct partition_table_storage *part_table_storage)
{ {
if (part_table_storage == NULL) {
return -4;
}
struct partition_table *part_table = &part_table_storage->table; struct partition_table *part_table = &part_table_storage->table;
if (storage_get_area(part_table) != -1) { if (storage_get_area(part_table) != -1) {
@ -93,6 +108,10 @@ int storage_allocate_area(struct partition_table_storage *part_table_storage)
* non-zero on errors. */ * non-zero on errors. */
int storage_deallocate_area(struct partition_table_storage *part_table_storage) int storage_deallocate_area(struct partition_table_storage *part_table_storage)
{ {
if (part_table_storage == NULL) {
return -4;
}
struct partition_table *part_table = &part_table_storage->table; struct partition_table *part_table = &part_table_storage->table;
int index = storage_get_area(part_table); int index = storage_get_area(part_table);
@ -134,6 +153,10 @@ int storage_deallocate_area(struct partition_table_storage *part_table_storage)
int storage_erase_sector(struct partition_table *part_table, uint32_t offset, int storage_erase_sector(struct partition_table *part_table, uint32_t offset,
size_t size) size_t size)
{ {
if (part_table == NULL) {
return -4;
}
int index = storage_get_area(part_table); int index = storage_get_area(part_table);
if (index == -1) { if (index == -1) {
/* No allocated area */ /* No allocated area */
@ -182,6 +205,10 @@ int storage_erase_sector(struct partition_table *part_table, uint32_t offset,
int storage_write_data(struct partition_table *part_table, uint32_t offset, int storage_write_data(struct partition_table *part_table, uint32_t offset,
uint8_t *data, size_t size) uint8_t *data, size_t size)
{ {
if (part_table == NULL || data == NULL) {
return -4;
}
int index = storage_get_area(part_table); int index = storage_get_area(part_table);
if (index == -1) { if (index == -1) {
/* No allocated area */ /* No allocated area */
@ -215,6 +242,10 @@ int storage_write_data(struct partition_table *part_table, uint32_t offset,
int storage_read_data(struct partition_table *part_table, uint32_t offset, int storage_read_data(struct partition_table *part_table, uint32_t offset,
uint8_t *data, size_t size) uint8_t *data, size_t size)
{ {
if (part_table == NULL || data == NULL) {
return -4;
}
int index = storage_get_area(part_table); int index = storage_get_area(part_table);
if (index == -1) { if (index == -1) {
/* No allocated area */ /* No allocated area */