dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Fix TX/RX buffers to align them with USB buffers and avoid overflows.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2024-12-24 02:06:15 +01:00
parent 991f5fc960
commit c6b03e54ca
7 changed files with 13 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pico-keys-sdk

Submodule pico-keys-sdk updated: f8cb36c2cf...9e2b6ac4b6

8
src/hsm/cmd_cipher_sym.c
View File

@@ -410,13 +410,7 @@ int cmd_cipher_sym() {
size_t olen = 0; size_t olen = 0;
mbedtls_asn1_buf params = mbedtls_asn1_buf params =
{.p = aad.data, .len = aad.len, .tag = (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)}; {.p = aad.data, .len = aad.len, .tag = (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)};
int r = mbedtls_pkcs5_pbes2_ext(&params, int r = mbedtls_pkcs5_pbes2_ext(&params, algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_PKCS5_ENCRYPT : MBEDTLS_PKCS5_DECRYPT, kdata, key_size, enc.data, enc.len, res_APDU, MAX_APDU_DATA, &olen);
algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_PKCS5_ENCRYPT : MBEDTLS_PKCS5_DECRYPT,
kdata,
key_size,
enc.data,
enc.len,
res_APDU, 4096, &olen);
mbedtls_platform_zeroize(kdata, sizeof(kdata)); mbedtls_platform_zeroize(kdata, sizeof(kdata));
if (r != 0) { if (r != 0) {
return SW_WRONG_DATA(); return SW_WRONG_DATA();

2
src/hsm/cmd_extras.c
View File

@@ -150,7 +150,7 @@ int cmd_extras() {
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
ret = mbedtls_ecp_point_write_binary(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, res_APDU, 4096); ret = mbedtls_ecp_point_write_binary(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, res_APDU, MAX_APDU_DATA);
mbedtls_ecdh_free(&hkey); mbedtls_ecdh_free(&hkey);
if (ret != 0) { if (ret != 0) {
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();

6
src/hsm/cmd_initialize.c
View File

@@ -210,7 +210,7 @@ int cmd_initialize() {
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
uint16_t ee_len = 0, term_len = 0; uint16_t ee_len = 0, term_len = 0;
if ((ee_len = asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) { if ((ee_len = asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
mbedtls_ecdsa_free(&ecdsa); mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
@@ -222,7 +222,7 @@ int cmd_initialize() {
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
if ((term_len = asn1_cvc_cert(&ecdsa, PICO_KEYS_KEY_EC, res_APDU + ee_len, 4096 - ee_len, NULL, 0, true)) == 0) { if ((term_len = asn1_cvc_cert(&ecdsa, PICO_KEYS_KEY_EC, res_APDU + ee_len, MAX_APDU_DATA - ee_len, NULL, 0, true)) == 0) {
mbedtls_ecdsa_free(&ecdsa); mbedtls_ecdsa_free(&ecdsa);
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
@@ -235,7 +235,7 @@ int cmd_initialize() {
const uint8_t *keyid = (const uint8_t *) "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0", const uint8_t *keyid = (const uint8_t *) "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0",
*label = (const uint8_t *) "ESPICOHSMTR"; *label = (const uint8_t *) "ESPICOHSMTR";
uint16_t prkd_len = asn1_build_prkd_ecc(label, (uint16_t)strlen((const char *) label), keyid, 20, 256, res_APDU, 4096); uint16_t prkd_len = asn1_build_prkd_ecc(label, (uint16_t)strlen((const char *) label), keyid, 20, 256, res_APDU, MAX_APDU_DATA);
fpk = search_file(EF_PRKD_DEV); fpk = search_file(EF_PRKD_DEV);
ret = file_put_data(fpk, res_APDU, prkd_len); ret = file_put_data(fpk, res_APDU, prkd_len);
} }

4
src/hsm/cmd_key_unwrap.c
View File

@@ -57,7 +57,7 @@ int cmd_key_unwrap() {
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
r = store_keys(&ctx, PICO_KEYS_KEY_RSA, key_id); r = store_keys(&ctx, PICO_KEYS_KEY_RSA, key_id);
if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) { if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_RSA, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
mbedtls_rsa_free(&ctx); mbedtls_rsa_free(&ctx);
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
@@ -77,7 +77,7 @@ int cmd_key_unwrap() {
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
r = store_keys(&ctx, PICO_KEYS_KEY_EC, key_id); r = store_keys(&ctx, PICO_KEYS_KEY_EC, key_id);
if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) { if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
mbedtls_ecdsa_free(&ctx); mbedtls_ecdsa_free(&ctx);
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }

6
src/hsm/cmd_keypair_gen.c
View File

@@ -58,8 +58,7 @@ int cmd_keypair_gen() {
mbedtls_rsa_free(&rsa); mbedtls_rsa_free(&rsa);
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
if ((res_APDU_size = if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, MAX_APDU_DATA, NULL, 0)) == 0) {
(uint16_t)asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) {
return SW_EXEC_ERROR(); return SW_EXEC_ERROR();
} }
ret = store_keys(&rsa, PICO_KEYS_KEY_RSA, key_id); ret = store_keys(&rsa, PICO_KEYS_KEY_RSA, key_id);
@@ -118,8 +117,7 @@ int cmd_keypair_gen() {
} }
} }
} }
if ((res_APDU_size = if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, MAX_APDU_DATA, ext.data, ext.len)) == 0) {
(uint16_t)asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, ext.data, ext.len)) == 0) {
if (ext.data) { if (ext.data) {
free(ext.data); free(ext.data);
} }

3
src/hsm/sc_hsm.h
View File

@@ -32,6 +32,9 @@
#include "file.h" #include "file.h"
#include "apdu.h" #include "apdu.h"
#include "pico_keys.h" #include "pico_keys.h"
#include "usb.h"
#define MAX_APDU_DATA (USB_BUFFER_SIZE - 20)
extern const uint8_t sc_hsm_aid[]; extern const uint8_t sc_hsm_aid[];