yuichitk / libcsuit Goto Github PK
View Code? Open in Web Editor NEWIETF SUIT Manifest parser implemented in C.
License: BSD 2-Clause "Simplified" License
IETF SUIT Manifest parser implemented in C.
License: BSD 2-Clause "Simplified" License
Need diet when libcsuit would be enough stable to do it.
The suit_payload_t array inside the suit_payloads_t struct can be overflowed by the function suit_decode_envelope_from_item.
A missing check of suit_payloads_t.len allows writing beyond the suit_payloads_t.payload array boundary.
This occurs at the condition suit_manifest_decode.c:1032, where values are written to the payload at position payloads.len and payloads.len is increased.
The examples/suit_manifest_parser_main_psa.c file can be used for reproduction.
Therefore replace the given manifest with this manifest: crash.zip
Execution should lead to a Segmentation fault.
master (commit 6fdbecd).
At a quick glance it seems that there are more length checks missing for arrays in typedefs of suit_common.h.
#16: Check if payloads.len >= SUIT_MAX_ARRAY_LENGTH before accessing payload array items.
use Doxygen of something
As an extension to the t_cose library I have added support for encryption to COSE with the HPKE-based key exchange. You can find the code here: laurencelundblade/t_cose#46
The draft that describes the functionality is here:
https://datatracker.ietf.org/doc/html/draft-ietf-suit-firmware-encryption-03
Are you planning to add encryption capabilities to the libcsuit library?
current version supports only SHA256
Currently, the suit_create_es256_public_key() function assumes ECC keys based on NIST P256r1. We should make this function more generic to also use other key sizes.
The function can be found in https://github.com/yuichitk/libcsuit/blob/master/src/suit_cose.c
use these functions below, instead of creating context from QCBOR_BYTE_STRING item with QCBOREncode_Init()
and QCBORDecode_Init()
.
QCBOREncode_BstrWrap()
QCBOREncode_CloseBstrWrap()
QCBORDecode_EnterBstrWrapped()
QCBORDecode_ExitBstrWrapped()
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.