Fix TX/RX buffers to align them with USB buffers and avoid overflows.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2024-12-24 02:06:15 +01:00
parent 991f5fc960
commit c6b03e54ca
7 changed files with 13 additions and 18 deletions
--- a/2
+++ b/2
--- a/src/hsm/cmd_cipher_sym.c
+++ b/src/hsm/cmd_cipher_sym.c
@@ -410,13 +410,7 @@ int cmd_cipher_sym() {
            size_t olen = 0;
            mbedtls_asn1_buf params =
                {.p = aad.data, .len = aad.len, .tag = (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)};
-            int r = mbedtls_pkcs5_pbes2_ext(&params,
-                                        algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_PKCS5_ENCRYPT : MBEDTLS_PKCS5_DECRYPT,
-                                        kdata,
-                                        key_size,
-                                        enc.data,
-                                        enc.len,
-                                        res_APDU, 4096, &olen);
+            int r = mbedtls_pkcs5_pbes2_ext(&params, algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_PKCS5_ENCRYPT : MBEDTLS_PKCS5_DECRYPT, kdata, key_size, enc.data, enc.len, res_APDU, MAX_APDU_DATA, &olen);
            mbedtls_platform_zeroize(kdata, sizeof(kdata));
            if (r != 0) {
                return SW_WRONG_DATA();
--- a/src/hsm/cmd_extras.c
+++ b/src/hsm/cmd_extras.c
@@ -150,7 +150,7 @@ int cmd_extras() {
                return SW_EXEC_ERROR();
            }

-            ret = mbedtls_ecp_point_write_binary(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, res_APDU, 4096);
+            ret = mbedtls_ecp_point_write_binary(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, res_APDU, MAX_APDU_DATA);
            mbedtls_ecdh_free(&hkey);
            if (ret != 0) {
                return SW_EXEC_ERROR();
--- a/src/hsm/cmd_initialize.c
+++ b/src/hsm/cmd_initialize.c
@@ -210,7 +210,7 @@ int cmd_initialize() {
                return SW_EXEC_ERROR();
            }
            uint16_t ee_len = 0, term_len = 0;
-            if ((ee_len = asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
+            if ((ee_len = asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
                mbedtls_ecdsa_free(&ecdsa);
                return SW_EXEC_ERROR();
            }
@@ -222,7 +222,7 @@ int cmd_initialize() {
                return SW_EXEC_ERROR();
            }

-            if ((term_len = asn1_cvc_cert(&ecdsa, PICO_KEYS_KEY_EC, res_APDU + ee_len, 4096 - ee_len, NULL, 0, true)) == 0) {
+            if ((term_len = asn1_cvc_cert(&ecdsa, PICO_KEYS_KEY_EC, res_APDU + ee_len, MAX_APDU_DATA - ee_len, NULL, 0, true)) == 0) {
                mbedtls_ecdsa_free(&ecdsa);
                return SW_EXEC_ERROR();
            }
@@ -235,7 +235,7 @@ int cmd_initialize() {

            const uint8_t *keyid = (const uint8_t *) "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0",
                          *label = (const uint8_t *) "ESPICOHSMTR";
-            uint16_t prkd_len = asn1_build_prkd_ecc(label, (uint16_t)strlen((const char *) label), keyid, 20, 256, res_APDU, 4096);
+            uint16_t prkd_len = asn1_build_prkd_ecc(label, (uint16_t)strlen((const char *) label), keyid, 20, 256, res_APDU, MAX_APDU_DATA);
            fpk = search_file(EF_PRKD_DEV);
            ret = file_put_data(fpk, res_APDU, prkd_len);
        }
--- a/src/hsm/cmd_key_unwrap.c
+++ b/src/hsm/cmd_key_unwrap.c
@@ -57,7 +57,7 @@ int cmd_key_unwrap() {
            return SW_EXEC_ERROR();
        }
        r = store_keys(&ctx, PICO_KEYS_KEY_RSA, key_id);
-        if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
+        if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_RSA, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
            mbedtls_rsa_free(&ctx);
            return SW_EXEC_ERROR();
        }
@@ -77,7 +77,7 @@ int cmd_key_unwrap() {
            return SW_EXEC_ERROR();
        }
        r = store_keys(&ctx, PICO_KEYS_KEY_EC, key_id);
-        if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) {
+        if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
            mbedtls_ecdsa_free(&ctx);
            return SW_EXEC_ERROR();
        }
--- a/src/hsm/cmd_keypair_gen.c
+++ b/src/hsm/cmd_keypair_gen.c
@@ -58,8 +58,7 @@ int cmd_keypair_gen() {
                    mbedtls_rsa_free(&rsa);
                    return SW_EXEC_ERROR();
                }
-                if ((res_APDU_size =
-                         (uint16_t)asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
+                if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
                    return SW_EXEC_ERROR();
                }
                ret = store_keys(&rsa, PICO_KEYS_KEY_RSA, key_id);
@@ -118,8 +117,7 @@ int cmd_keypair_gen() {
                        }
                    }
                }
-                if ((res_APDU_size =
-                         (uint16_t)asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, ext.data, ext.len)) == 0) {
+                if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, MAX_APDU_DATA, ext.data, ext.len)) == 0) {
                    if (ext.data) {
                        free(ext.data);
                    }
--- a/src/hsm/sc_hsm.h
+++ b/src/hsm/sc_hsm.h
@@ -32,6 +32,9 @@
 #include "file.h"
 #include "apdu.h"
 #include "pico_keys.h"
+#include "usb.h"
+
+#define MAX_APDU_DATA (USB_BUFFER_SIZE - 20)

 extern const uint8_t sc_hsm_aid[];