diff --git a/CMakeLists.txt b/CMakeLists.txt index 8cc8556..309bca2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -73,7 +73,6 @@ set(SOURCES ${SOURCES} ${CMAKE_CURRENT_LIST_DIR}/src/hsm/cvc.c ${CMAKE_CURRENT_LIST_DIR}/src/hsm/files.c ${CMAKE_CURRENT_LIST_DIR}/src/hsm/kek.c - ${CMAKE_CURRENT_LIST_DIR}/src/hsm/oid.c ) set(USB_ITF_CCID 1) @@ -88,19 +87,30 @@ target_include_directories(pico_hsm PUBLIC ${INCLUDES}) target_compile_options(pico_hsm PUBLIC -Wall - -Werror ) +if (NOT MSVC) + target_compile_options(pico_hsm PUBLIC + -Werror + ) +endif() if(ENABLE_EMULATION) - +if (NOT MSVC) target_compile_options(pico_hsm PUBLIC -fdata-sections -ffunction-sections ) +endif() if(APPLE) target_link_options(pico_hsm PUBLIC -Wl,-dead_strip ) +elseif(MSVC) + target_compile_options(pico_hsm PUBLIC + -WX + ) + + target_link_libraries(pico_hsm PUBLIC wsock32 ws2_32 Bcrypt) else() target_link_options(pico_hsm PUBLIC -Wl,--gc-sections @@ -108,6 +118,5 @@ target_link_options(pico_hsm PUBLIC endif (APPLE) else() pico_add_extra_outputs(pico_hsm) - target_link_libraries(pico_hsm PRIVATE pico_keys_sdk pico_stdlib pico_multicore hardware_flash hardware_sync hardware_adc pico_unique_id hardware_rtc tinyusb_device tinyusb_board) endif() diff --git a/pico-keys-sdk b/pico-keys-sdk index adf53b4..a9dc6fd 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit adf53b4231726368af387b10255980c8afa76441 +Subproject commit a9dc6fd7f87fff7505ad526c7392ec1bc3a811a9 diff --git a/src/hsm/cmd_bip_slip.c b/src/hsm/cmd_bip_slip.c index 3811714..2a8aed7 100644 --- a/src/hsm/cmd_bip_slip.c +++ b/src/hsm/cmd_bip_slip.c @@ -109,7 +109,7 @@ int node_fingerprint_slip(mbedtls_ecp_keypair *ctx, uint8_t fingerprint[4]) { return CCID_OK; } -int load_master_bip(uint32_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32], +int load_master_bip(uint16_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32], uint8_t key_type[1]) { uint8_t mkey[65]; mbedtls_ecp_keypair_init(ctx); @@ -147,7 +147,7 @@ int load_master_bip(uint32_t mid, mbedtls_ecp_keypair *ctx, uint8_t chain[32], } int node_derive_path(const uint8_t *path, - size_t path_len, + uint16_t path_len, mbedtls_ecp_keypair *ctx, uint8_t chain[32], uint8_t fingerprint[4], @@ -155,8 +155,7 @@ int node_derive_path(const uint8_t *path, uint8_t last_node[4], uint8_t key_type[1]) { uint8_t *tag_data = NULL, *p = NULL; - size_t tag_len = 0; - uint16_t tag = 0x0; + uint16_t tag_len = 0, tag = 0x0; uint8_t node = 0, N[64] = { 0 }; int r = 0; memset(last_node, 0, 4); @@ -231,7 +230,7 @@ int cmd_bip_slip() { random_gen(NULL, seed, seed_len); } else { - seed_len = MIN(apdu.nc, 64); + seed_len = MIN((uint8_t)apdu.nc, 64); memcpy(seed, apdu.data, seed_len); } if (p1 == 0x1 || p1 == 0x2) { @@ -266,7 +265,7 @@ int cmd_bip_slip() { } mbedtls_ecp_keypair ctx; uint8_t chain[32] = { 0 }, fgpt[4] = { 0 }, last_node[4] = { 0 }, key_type = 0, nodes = 0; - size_t olen = 0; + uint16_t olen = 0; int r = node_derive_path(apdu.data, apdu.nc, &ctx, chain, fgpt, &nodes, last_node, &key_type); if (r != CCID_OK) { @@ -288,7 +287,7 @@ int cmd_bip_slip() { mbedtls_ecp_point_write_binary(&ctx.grp, &ctx.Q, MBEDTLS_ECP_PF_COMPRESSED, - &olen, + (size_t *)&olen, pubkey, sizeof(pubkey)); memcpy(res_APDU + res_APDU_size, pubkey, olen); diff --git a/src/hsm/cmd_challenge.c b/src/hsm/cmd_challenge.c index a9bb1b7..6f77658 100644 --- a/src/hsm/cmd_challenge.c +++ b/src/hsm/cmd_challenge.c @@ -27,8 +27,8 @@ int cmd_challenge() { return SW_WRONG_LENGTH(); } memcpy(res_APDU, rb, apdu.ne); - challenge_len = MIN(apdu.ne, sizeof(challenge)); + challenge_len = (uint8_t)MIN(apdu.ne, sizeof(challenge)); memcpy(challenge, rb, challenge_len); - res_APDU_size = apdu.ne; + res_APDU_size = (uint16_t)apdu.ne; return SW_OK(); } diff --git a/src/hsm/cmd_change_pin.c b/src/hsm/cmd_change_pin.c index cff6b75..0da02a1 100644 --- a/src/hsm/cmd_change_pin.c +++ b/src/hsm/cmd_change_pin.c @@ -61,7 +61,7 @@ int cmd_change_pin() { return SW_EXEC_ERROR(); } uint8_t dhash[33]; - dhash[0] = apdu.nc - pin_len; + dhash[0] = (uint8_t)apdu.nc - pin_len; double_hash_pin(apdu.data + pin_len, apdu.nc - pin_len, dhash + 1); flash_write_data_to_file(file_pin, dhash, sizeof(dhash)); low_flash_available(); diff --git a/src/hsm/cmd_cipher_sym.c b/src/hsm/cmd_cipher_sym.c index 68a1f36..a9aa86e 100644 --- a/src/hsm/cmd_cipher_sym.c +++ b/src/hsm/cmd_cipher_sym.c @@ -43,7 +43,7 @@ extern uint8_t hd_keytype; static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations, - int *keylen, mbedtls_md_type_t *md_type) { + uint16_t *keylen, mbedtls_md_type_t *md_type) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_asn1_buf prf_alg_oid; unsigned char *p = params->p; @@ -78,7 +78,7 @@ static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params, return 0; } - if ((ret = mbedtls_asn1_get_int(&p, end, keylen)) != 0) { + if ((ret = mbedtls_asn1_get_int(&p, end, (int *)keylen)) != 0) { if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret); } @@ -106,11 +106,11 @@ static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params, /* Taken from https://github.com/Mbed-TLS/mbedtls/issues/2335 */ int mbedtls_ansi_x963_kdf(mbedtls_md_type_t md_type, - size_t input_len, + uint16_t input_len, uint8_t *input, - size_t shared_info_len, + uint16_t shared_info_len, uint8_t *shared_info, - size_t output_len, + uint16_t output_len, uint8_t *output) { mbedtls_md_context_t md_ctx; const mbedtls_md_info_t *md_info = NULL; @@ -163,8 +163,7 @@ int mbedtls_ansi_x963_kdf(mbedtls_md_type_t md_type, } int cmd_cipher_sym() { - int key_id = P1(apdu); - int algo = P2(apdu); + uint8_t key_id = P1(apdu), algo = P2(apdu); if (!isUserAuthenticated) { return SW_SECURITY_STATUS_NOT_SATISFIED(); } @@ -180,7 +179,7 @@ int cmd_cipher_sym() { return SW_CONDITIONS_NOT_SATISFIED(); } } - int key_size = file_get_size(ef); + uint16_t key_size = file_get_size(ef); uint8_t kdata[64]; //maximum AES key size memcpy(kdata, file_get_data(ef), key_size); if (hd_keytype == 0 && mkek_decrypt(kdata, key_size) != 0) { @@ -270,7 +269,7 @@ int cmd_cipher_sym() { res_APDU_size = apdu.nc; } else if (algo == ALGO_EXT_CIPHER_ENCRYPT || algo == ALGO_EXT_CIPHER_DECRYPT) { - size_t oid_len = 0, aad_len = 0, iv_len = 0, enc_len = 0; + uint16_t oid_len = 0, aad_len = 0, iv_len = 0, enc_len = 0; uint8_t *oid = NULL, *aad = NULL, *iv = NULL, *enc = NULL; if (!asn1_find_tag(apdu.data, apdu.nc, 0x6, &oid_len, &oid) || oid_len == 0 || oid == NULL) { @@ -384,7 +383,8 @@ int cmd_cipher_sym() { res_APDU_size = apdu.ne > 0 && apdu.ne < 65536 ? apdu.ne : mbedtls_md_get_size(md_info); } else if (memcmp(oid, OID_PKCS5_PBKDF2, oid_len) == 0) { - int iterations = 0, keylen = 0; + int iterations = 0; + uint16_t keylen = 0; mbedtls_asn1_buf salt, params = { .p = enc, .len = enc_len, .tag = (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) }; @@ -412,7 +412,7 @@ int cmd_cipher_sym() { res_APDU_size = keylen ? keylen : (apdu.ne > 0 && apdu.ne < 65536 ? apdu.ne : 32); } else if (memcmp(oid, OID_PKCS5_PBES2, oid_len) == 0) { - size_t olen = 0; + uint16_t olen = 0; mbedtls_asn1_buf params = {.p = aad, .len = aad_len, .tag = (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)}; int r = mbedtls_pkcs5_pbes2_ext(¶ms, @@ -421,7 +421,7 @@ int cmd_cipher_sym() { key_size, enc, enc_len, - res_APDU, 4096, &olen); + res_APDU, 4096, (size_t *)&olen); mbedtls_platform_zeroize(kdata, sizeof(kdata)); if (r != 0) { return SW_WRONG_DATA(); @@ -634,7 +634,6 @@ int cmd_cipher_sym() { mode = (algo == ALGO_EXT_CIPHER_ENCRYPT ? MBEDTLS_AES_ENCRYPT : MBEDTLS_AES_DECRYPT); int r = 0; - uint8_t tmp_iv[16]; memset(tmp_iv, 0, sizeof(tmp_iv)); if (iv == NULL || iv_len == 0) { iv = tmp_iv; diff --git a/src/hsm/cmd_decrypt_asym.c b/src/hsm/cmd_decrypt_asym.c index 72681c7..690e0b2 100644 --- a/src/hsm/cmd_decrypt_asym.c +++ b/src/hsm/cmd_decrypt_asym.c @@ -27,7 +27,7 @@ #include "oid.h" int cmd_decrypt_asym() { - int key_id = P1(apdu); + uint8_t key_id = P1(apdu); uint8_t p2 = P2(apdu); if (!isUserAuthenticated) { return SW_SECURITY_STATUS_NOT_SATISFIED(); @@ -56,13 +56,13 @@ int cmd_decrypt_asym() { } return SW_EXEC_ERROR(); } - int key_size = file_get_size(ef); + uint16_t key_size = file_get_size(ef); if (apdu.nc < key_size) { //needs padding memset(apdu.data + apdu.nc, 0, key_size - apdu.nc); } if (p2 == ALGO_RSA_DECRYPT_PKCS1 || p2 == ALGO_RSA_DECRYPT_OEP) { - size_t olen = apdu.nc; - r = mbedtls_rsa_pkcs1_decrypt(&ctx, random_gen, NULL, &olen, apdu.data, res_APDU, 512); + uint16_t olen = apdu.nc; + r = mbedtls_rsa_pkcs1_decrypt(&ctx, random_gen, NULL, (size_t *)&olen, apdu.data, res_APDU, 512); if (r == 0) { res_APDU_size = olen; } @@ -84,7 +84,7 @@ int cmd_decrypt_asym() { if (wait_button_pressed() == true) { //timeout return SW_SECURE_MESSAGE_EXEC_ERROR(); } - int key_size = file_get_size(ef); + uint16_t key_size = file_get_size(ef); uint8_t *kdata = (uint8_t *) calloc(1, key_size); memcpy(kdata, file_get_data(ef), key_size); if (mkek_decrypt(kdata, key_size) != 0) { @@ -114,10 +114,10 @@ int cmd_decrypt_asym() { r = mbedtls_ecdh_read_public(&ctx, apdu.data - 1, apdu.nc + 1); } else if (p2 == ALGO_EC_DH_XKEK) { - size_t pub_len = 0; + uint16_t pub_len = 0; const uint8_t *pub = cvc_get_pub(apdu.data, apdu.nc, &pub_len); if (pub) { - size_t t86_len = 0; + uint16_t t86_len = 0; const uint8_t *t86 = cvc_get_field(pub, pub_len, &t86_len, 0x86); if (t86) { r = mbedtls_ecdh_read_public(&ctx, t86 - 1, t86_len + 1); @@ -128,12 +128,12 @@ int cmd_decrypt_asym() { mbedtls_ecdh_free(&ctx); return SW_DATA_INVALID(); } - size_t olen = 0; + uint16_t olen = 0; // The SmartCard-HSM returns the point result of the DH operation // with a leading '04' res_APDU[0] = 0x04; r = - mbedtls_ecdh_calc_secret(&ctx, &olen, res_APDU + 1, MBEDTLS_ECP_MAX_BYTES, random_gen, + mbedtls_ecdh_calc_secret(&ctx, (size_t *)&olen, res_APDU + 1, MBEDTLS_ECP_MAX_BYTES, random_gen, NULL); mbedtls_ecdh_free(&ctx); if (r != 0) { @@ -144,17 +144,17 @@ int cmd_decrypt_asym() { } else { res_APDU_size = 0; - size_t ext_len = 0; + uint16_t ext_len = 0; const uint8_t *ext = NULL; if ((ext = cvc_get_ext(apdu.data, apdu.nc, &ext_len)) == NULL) { return SW_WRONG_DATA(); } uint8_t *p = NULL, *tag_data = NULL, *kdom_uid = NULL; uint16_t tag = 0; - size_t tag_len = 0, kdom_uid_len = 0; + uint16_t tag_len = 0, kdom_uid_len = 0; while (walk_tlv(ext, ext_len, &p, &tag, &tag_len, &tag_data)) { if (tag == 0x73) { - size_t oid_len = 0; + uint16_t oid_len = 0; uint8_t *oid_data = NULL; if (asn1_find_tag(tag_data, tag_len, 0x6, &oid_len, &oid_data) == true && @@ -172,7 +172,7 @@ int cmd_decrypt_asym() { if (kdom_uid_len == 0 || kdom_uid == NULL) { return SW_WRONG_DATA(); } - for (int n = 0; n < MAX_KEY_DOMAINS; n++) { + for (uint8_t n = 0; n < MAX_KEY_DOMAINS; n++) { file_t *tf = search_dynamic_file(EF_XKEK + n); if (tf) { if (file_get_size(tf) == kdom_uid_len && diff --git a/src/hsm/cmd_external_authenticate.c b/src/hsm/cmd_external_authenticate.c index b003109..8d5ae4d 100644 --- a/src/hsm/cmd_external_authenticate.c +++ b/src/hsm/cmd_external_authenticate.c @@ -46,7 +46,7 @@ int cmd_external_authenticate() { hash256(input, dev_name_len + challenge_len, hash); int r = puk_verify(apdu.data, - apdu.nc, + (uint16_t)apdu.nc, hash, 32, file_get_data(ef_puk_aut), diff --git a/src/hsm/cmd_extras.c b/src/hsm/cmd_extras.c index e0f26ba..cddb33e 100644 --- a/src/hsm/cmd_extras.c +++ b/src/hsm/cmd_extras.c @@ -111,9 +111,9 @@ int cmd_extras() { memcpy(mse.Qpt, apdu.data, sizeof(mse.Qpt)); uint8_t buf[MBEDTLS_ECP_MAX_BYTES]; - size_t olen = 0; + uint16_t olen = 0; ret = mbedtls_ecdh_calc_secret(&hkey, - &olen, + (size_t *)&olen, buf, MBEDTLS_ECP_MAX_BYTES, random_gen, @@ -141,7 +141,7 @@ int cmd_extras() { ret = mbedtls_ecp_point_write_binary(&hkey.ctx.mbed_ecdh.grp, &hkey.ctx.mbed_ecdh.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, - &olen, + (size_t *)&olen, res_APDU, 4096); mbedtls_ecdh_free(&hkey); diff --git a/src/hsm/cmd_general_authenticate.c b/src/hsm/cmd_general_authenticate.c index af41cb0..a666305 100644 --- a/src/hsm/cmd_general_authenticate.c +++ b/src/hsm/cmd_general_authenticate.c @@ -28,11 +28,11 @@ int cmd_general_authenticate() { if (P1(apdu) == 0x0 && P2(apdu) == 0x0) { if (apdu.data[0] == 0x7C) { int r = 0; - size_t pubkey_len = 0; + uint16_t pubkey_len = 0; const uint8_t *pubkey = NULL; uint16_t tag = 0x0; uint8_t *tag_data = NULL, *p = NULL; - size_t tag_len = 0; + uint16_t tag_len = 0; while (walk_tlv(apdu.data + 2, apdu.nc - 2, &p, &tag, &tag_len, &tag_data)) { if (tag == 0x80) { pubkey = tag_data - 1; //mbedtls ecdh starts reading one pos before diff --git a/src/hsm/cmd_initialize.c b/src/hsm/cmd_initialize.c index 8dd45c1..33c3b81 100644 --- a/src/hsm/cmd_initialize.c +++ b/src/hsm/cmd_initialize.c @@ -48,8 +48,8 @@ int cmd_initialize() { has_session_pin = has_session_sopin = false; uint16_t tag = 0x0; uint8_t *tag_data = NULL, *p = NULL, *kds = NULL, *dkeks = NULL; - size_t tag_len = 0; - while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) { + uint16_t tag_len = 0; + while (walk_tlv(apdu.data, (uint16_t)apdu.nc, &p, &tag, &tag_len, &tag_data)) { if (tag == 0x80) { //options file_t *tf = search_by_fid(EF_DEVOPS, NULL, SPECIFY_EF); flash_write_data_to_file(tf, tag_data, tag_len); @@ -57,7 +57,7 @@ int cmd_initialize() { else if (tag == 0x81) { //user pin if (file_pin1 && file_pin1->data) { uint8_t dhash[33]; - dhash[0] = tag_len; + dhash[0] = (uint8_t)tag_len; double_hash_pin(tag_data, tag_len, dhash + 1); flash_write_data_to_file(file_pin1, dhash, sizeof(dhash)); hash_multi(tag_data, tag_len, session_pin); @@ -67,7 +67,7 @@ int cmd_initialize() { else if (tag == 0x82) { //sopin pin if (file_sopin && file_sopin->data) { uint8_t dhash[33]; - dhash[0] = tag_len; + dhash[0] = (uint8_t)tag_len; double_hash_pin(tag_data, tag_len, dhash + 1); flash_write_data_to_file(file_sopin, dhash, sizeof(dhash)); hash_multi(tag_data, tag_len, session_sopin); @@ -104,7 +104,7 @@ int cmd_initialize() { pk_status[1] = puks; pk_status[2] = tag_data[1]; flash_write_data_to_file(ef_puk, pk_status, sizeof(pk_status)); - for (int i = 0; i < puks; i++) { + for (uint8_t i = 0; i < puks; i++) { file_t *tf = file_new(EF_PUK + i); if (!tf) { release_mkek(mkek); @@ -199,7 +199,7 @@ int cmd_initialize() { } file_t *fpk = search_by_fid(EF_EE_DEV, NULL, SPECIFY_EF); - ret = flash_write_data_to_file(fpk, res_APDU, cvc_len); + ret = flash_write_data_to_file(fpk, res_APDU, (uint16_t)cvc_len); if (ret != 0) { mbedtls_ecdsa_free(&ecdsa); return SW_EXEC_ERROR(); @@ -212,7 +212,7 @@ int cmd_initialize() { memcpy(res_APDU + cvc_len, res_APDU, cvc_len); mbedtls_ecdsa_free(&ecdsa); fpk = search_by_fid(EF_TERMCA, NULL, SPECIFY_EF); - ret = flash_write_data_to_file(fpk, res_APDU, 2 * cvc_len); + ret = flash_write_data_to_file(fpk, res_APDU, (uint16_t)(2 * cvc_len)); if (ret != 0) { return SW_EXEC_ERROR(); } @@ -220,8 +220,8 @@ int cmd_initialize() { const uint8_t *keyid = (const uint8_t *) "\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0", *label = (const uint8_t *) "ESPICOHSMTR"; - size_t prkd_len = asn1_build_prkd_ecc(label, - strlen((const char *) label), + uint16_t prkd_len = asn1_build_prkd_ecc(label, + (uint16_t)strlen((const char *) label), keyid, 20, 256, diff --git a/src/hsm/cmd_key_domain.c b/src/hsm/cmd_key_domain.c index aeecb31..827fe75 100644 --- a/src/hsm/cmd_key_domain.c +++ b/src/hsm/cmd_key_domain.c @@ -22,7 +22,7 @@ #include "files.h" uint8_t get_key_domain(file_t *fkey) { - size_t tag_len = 0; + uint16_t tag_len = 0; if (!file_has_data(fkey)) { return 0xff; } @@ -103,7 +103,7 @@ int cmd_key_domain() { return SW_WRONG_LENGTH(); } if (p1 == 0x3) { //if key domain is not empty, command is denied - for (int i = 1; i < 256; i++) { + for (uint8_t i = 1; i < 256; i++) { file_t *fkey = search_dynamic_file(KEY_PREFIX << 8 | i); if (get_key_domain(fkey) == p2) { return SW_FILE_EXISTS(); @@ -150,7 +150,7 @@ int cmd_key_domain() { } else if (p1 == 0x2) { //XKEK Key Domain creation if (apdu.nc > 0) { - size_t pub_len = 0; + uint16_t pub_len = 0; file_t *fterm = search_by_fid(EF_TERMCA, NULL, SPECIFY_EF); if (!fterm) { return SW_EXEC_ERROR(); @@ -159,13 +159,13 @@ int cmd_key_domain() { if (!pub) { return SW_EXEC_ERROR(); } - size_t t86_len = 0; + uint16_t t86_len = 0; const uint8_t *t86 = cvc_get_field(pub, pub_len, &t86_len, 0x86); if (!t86 || t86[0] != 0x4) { return SW_EXEC_ERROR(); } - size_t t54_len = 0; - const uint8_t *t54 = cvc_get_field(apdu.data, apdu.nc, &t54_len, 0x54); + uint16_t t54_len = 0; + const uint8_t *t54 = cvc_get_field(apdu.data, (uint16_t)apdu.nc, &t54_len, 0x54); if (!t54) { return SW_WRONG_DATA(); } @@ -174,7 +174,7 @@ int cmd_key_domain() { memcpy(input + 1, t86 + 1, (t86_len - 1) / 2); hash256(input, (t86_len - 1) / 2 + 1, hash); free(input); - int r = puk_verify(t54, t54_len, hash, 32, apdu.data, apdu.nc); + int r = puk_verify(t54, t54_len, hash, 32, apdu.data, (uint16_t)apdu.nc); if (r != 0) { return SW_CONDITIONS_NOT_SATISFIED(); } @@ -184,12 +184,12 @@ int cmd_key_domain() { } //All checks done. Get Key Domain UID - pub = cvc_get_pub(apdu.data, apdu.nc, &pub_len); + pub = cvc_get_pub(apdu.data, (uint16_t)apdu.nc, &pub_len); if (pub) { - size_t t86_len = 0; - const uint8_t *t86 = cvc_get_field(pub, pub_len, &t86_len, 0x86); + t86_len = 0; + t86 = cvc_get_field(pub, pub_len, &t86_len, 0x86); if (t86) { - flash_write_data_to_file(tf, t86 + 1, t86_len - 1); + flash_write_data_to_file(tf, t86 + 1, (uint16_t)t86_len - 1); low_flash_available(); } } diff --git a/src/hsm/cmd_key_unwrap.c b/src/hsm/cmd_key_unwrap.c index d214bf9..1eb0ecb 100644 --- a/src/hsm/cmd_key_unwrap.c +++ b/src/hsm/cmd_key_unwrap.c @@ -22,7 +22,8 @@ #include "cvc.h" int cmd_key_unwrap() { - int key_id = P1(apdu), r = 0; + uint8_t key_id = P1(apdu); + int r = 0; if (P2(apdu) != 0x93) { return SW_WRONG_P1P2(); } @@ -30,8 +31,9 @@ int cmd_key_unwrap() { return SW_SECURITY_STATUS_NOT_SATISFIED(); } int key_type = dkek_type_key(apdu.data); - uint8_t kdom = -1, *allowed = NULL; - size_t allowed_len = 0; + uint8_t *allowed = NULL; + int16_t kdom = -1; + uint16_t allowed_len = 0; if (key_type == 0x0) { return SW_DATA_INVALID(); } @@ -39,14 +41,14 @@ int cmd_key_unwrap() { mbedtls_rsa_context ctx; mbedtls_rsa_init(&ctx); do { - r = dkek_decode_key(++kdom, &ctx, apdu.data, apdu.nc, NULL, &allowed, &allowed_len); + r = dkek_decode_key((uint8_t)++kdom, &ctx, apdu.data, (uint16_t)apdu.nc, NULL, &allowed, &allowed_len); } while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS); if (r != CCID_OK) { mbedtls_rsa_free(&ctx); return SW_EXEC_ERROR(); } r = store_keys(&ctx, PICO_KEYS_KEY_RSA, key_id); - if ((res_APDU_size = asn1_cvc_aut(&ctx, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) { + if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) { mbedtls_rsa_free(&ctx); return SW_EXEC_ERROR(); } @@ -59,14 +61,14 @@ int cmd_key_unwrap() { mbedtls_ecdsa_context ctx; mbedtls_ecdsa_init(&ctx); do { - r = dkek_decode_key(++kdom, &ctx, apdu.data, apdu.nc, NULL, &allowed, &allowed_len); + r = dkek_decode_key((uint8_t)++kdom, &ctx, apdu.data, (uint16_t)apdu.nc, NULL, &allowed, &allowed_len); } while ((r == CCID_ERR_FILE_NOT_FOUND || r == CCID_WRONG_DKEK) && kdom < MAX_KEY_DOMAINS); if (r != CCID_OK) { mbedtls_ecdsa_free(&ctx); return SW_EXEC_ERROR(); } r = store_keys(&ctx, PICO_KEYS_KEY_EC, key_id); - if ((res_APDU_size = asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) { + if ((res_APDU_size = (uint16_t)asn1_cvc_aut(&ctx, PICO_KEYS_KEY_EC, res_APDU, 4096, NULL, 0)) == 0) { mbedtls_ecdsa_free(&ctx); return SW_EXEC_ERROR(); } @@ -79,10 +81,10 @@ int cmd_key_unwrap() { uint8_t aes_key[64]; int key_size = 0, aes_type = 0; do { - r = dkek_decode_key(++kdom, + r = dkek_decode_key((uint8_t)++kdom, aes_key, apdu.data, - apdu.nc, + (uint16_t)apdu.nc, &key_size, &allowed, &allowed_len); @@ -111,17 +113,17 @@ int cmd_key_unwrap() { } } if ((allowed != NULL && allowed_len > 0) || kdom >= 0) { - size_t meta_len = (allowed_len > 0 ? 2 + allowed_len : 0) + (kdom >= 0 ? 3 : 0); + uint16_t meta_len = (allowed_len > 0 ? 2 + allowed_len : 0) + (kdom >= 0 ? 3 : 0); uint8_t *meta = (uint8_t *) calloc(1, meta_len), *m = meta; if (allowed_len > 0) { *m++ = 0x91; - *m++ = allowed_len; + *m++ = (uint8_t)allowed_len; memcpy(m, allowed, allowed_len); m += allowed_len; } if (kdom >= 0) { *m++ = 0x92; *m++ = 1; - *m++ = kdom; + *m++ = (uint8_t)kdom; } r = meta_add((KEY_PREFIX << 8) | key_id, meta, meta_len); free(meta); diff --git a/src/hsm/cmd_key_wrap.c b/src/hsm/cmd_key_wrap.c index 938f543..d303ddc 100644 --- a/src/hsm/cmd_key_wrap.c +++ b/src/hsm/cmd_key_wrap.c @@ -24,7 +24,8 @@ extern uint8_t get_key_domain(file_t *fkey); int cmd_key_wrap() { - int key_id = P1(apdu), r = 0; + int r = 0; + uint8_t key_id = P1(apdu); if (P2(apdu) != 0x92) { return SW_WRONG_P1P2(); } @@ -53,8 +54,7 @@ int cmd_key_wrap() { return SW_FILE_NOT_FOUND(); } const uint8_t *dprkd = file_get_data(prkd); - size_t wrap_len = MAX_DKEK_ENCODE_KEY_BUFFER; - size_t tag_len = 0; + uint16_t wrap_len = MAX_DKEK_ENCODE_KEY_BUFFER, tag_len = 0; const uint8_t *meta_tag = get_meta_tag(ef, 0x91, &tag_len); if (*dprkd == P15_KEYTYPE_RSA) { mbedtls_rsa_context ctx; @@ -85,14 +85,14 @@ int cmd_key_wrap() { mbedtls_ecdsa_free(&ctx); } else if (*dprkd == P15_KEYTYPE_AES) { - uint8_t kdata[64]; //maximum AES key size + uint8_t kdata_aes[64]; //maximum AES key size if (wait_button_pressed() == true) { //timeout return SW_SECURE_MESSAGE_EXEC_ERROR(); } - int key_size = file_get_size(ef), aes_type = PICO_KEYS_KEY_AES; - memcpy(kdata, file_get_data(ef), key_size); - if (mkek_decrypt(kdata, key_size) != 0) { + uint16_t key_size = file_get_size(ef), aes_type = PICO_KEYS_KEY_AES; + memcpy(kdata_aes, file_get_data(ef), key_size); + if (mkek_decrypt(kdata_aes, key_size) != 0) { return SW_EXEC_ERROR(); } if (key_size == 64) { @@ -107,8 +107,8 @@ int cmd_key_wrap() { else if (key_size == 16) { aes_type = PICO_KEYS_KEY_AES_128; } - r = dkek_encode_key(kdom, kdata, aes_type, res_APDU, &wrap_len, meta_tag, tag_len); - mbedtls_platform_zeroize(kdata, sizeof(kdata)); + r = dkek_encode_key(kdom, kdata_aes, aes_type, res_APDU, &wrap_len, meta_tag, tag_len); + mbedtls_platform_zeroize(kdata_aes, sizeof(kdata_aes)); } if (r != CCID_OK) { return SW_EXEC_ERROR(); diff --git a/src/hsm/cmd_keypair_gen.c b/src/hsm/cmd_keypair_gen.c index 25a4dd0..7b3b1a3 100644 --- a/src/hsm/cmd_keypair_gen.c +++ b/src/hsm/cmd_keypair_gen.c @@ -31,29 +31,29 @@ int cmd_keypair_gen() { } int ret = 0; - size_t tout = 0; + uint16_t tout = 0; //sc_asn1_print_tags(apdu.data, apdu.nc); uint8_t *p = NULL; //DEBUG_DATA(apdu.data,apdu.nc); - if (asn1_find_tag(apdu.data, apdu.nc, 0x7f49, &tout, &p) && tout > 0 && p != NULL) { - size_t oid_len = 0; + if (asn1_find_tag(apdu.data, (uint16_t)apdu.nc, 0x7f49, &tout, &p) && tout > 0 && p != NULL) { + uint16_t oid_len = 0; uint8_t *oid = NULL; if (asn1_find_tag(p, tout, 0x6, &oid_len, &oid) && oid_len > 0 && oid != NULL) { if (memcmp(oid, OID_ID_TA_RSA_V1_5_SHA_256, oid_len) == 0) { //RSA - size_t ex_len = 3, ks_len = 2; + uint16_t ex_len = 3, ks_len = 2; uint8_t *ex = NULL, *ks = NULL; uint32_t exponent = 65537, key_size = 2048; if (asn1_find_tag(p, tout, 0x82, &ex_len, &ex) && ex_len > 0 && ex != NULL) { uint8_t *dt = ex; exponent = 0; - for (int i = 0; i < ex_len; i++) { + for (uint16_t i = 0; i < ex_len; i++) { exponent = (exponent << 8) | *dt++; } } if (asn1_find_tag(p, tout, 0x2, &ks_len, &ks) && ks_len > 0 && ks != NULL) { uint8_t *dt = ks; key_size = 0; - for (int i = 0; i < ks_len; i++) { + for (uint16_t i = 0; i < ks_len; i++) { key_size = (key_size << 8) | *dt++; } } @@ -69,7 +69,7 @@ int cmd_keypair_gen() { return SW_EXEC_ERROR(); } if ((res_APDU_size = - asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) { + (uint16_t)asn1_cvc_aut(&rsa, PICO_KEYS_KEY_RSA, res_APDU, 4096, NULL, 0)) == 0) { return SW_EXEC_ERROR(); } ret = store_keys(&rsa, PICO_KEYS_KEY_RSA, key_id); @@ -80,7 +80,7 @@ int cmd_keypair_gen() { mbedtls_rsa_free(&rsa); } else if (memcmp(oid, OID_ID_TA_ECDSA_SHA_256, MIN(oid_len, 10)) == 0) { //ECC - size_t prime_len; + uint16_t prime_len; uint8_t *prime = NULL; if (asn1_find_tag(p, tout, 0x81, &prime_len, &prime) != true) { return SW_WRONG_DATA(); @@ -98,14 +98,14 @@ int cmd_keypair_gen() { mbedtls_ecdsa_free(&ecdsa); return SW_EXEC_ERROR(); } - size_t l91 = 0, ext_len = 0; + uint16_t l91 = 0, ext_len = 0; uint8_t *p91 = NULL, *ext = NULL; - if (asn1_find_tag(apdu.data, apdu.nc, 0x91, &l91, &p91) && p91 != NULL && l91 > 0) { - for (int n = 0; n < l91; n++) { + if (asn1_find_tag(apdu.data, (uint16_t)apdu.nc, 0x91, &l91, &p91) && p91 != NULL && l91 > 0) { + for (size_t n = 0; n < l91; n++) { if (p91[n] == ALGO_EC_DH_XKEK) { - size_t l92 = 0; + uint16_t l92 = 0; uint8_t *p92 = NULL; - if (!asn1_find_tag(apdu.data, apdu.nc, 0x92, &l92, + if (!asn1_find_tag(apdu.data, (uint16_t)apdu.nc, 0x92, &l92, &p92) || p92 == NULL || l92 == 0) { return SW_WRONG_DATA(); } @@ -116,24 +116,24 @@ int cmd_keypair_gen() { if (!tf_xkek) { return SW_WRONG_DATA(); } - ext_len = 2 + 2 + strlen(OID_ID_KEY_DOMAIN_UID) + 2 + file_get_size( + ext_len = 2 + 2 + (uint16_t)strlen(OID_ID_KEY_DOMAIN_UID) + 2 + file_get_size( tf_xkek); ext = (uint8_t *) calloc(1, ext_len); uint8_t *pe = ext; *pe++ = 0x73; - *pe++ = ext_len - 2; + *pe++ = (uint8_t)ext_len - 2; *pe++ = 0x6; - *pe++ = strlen(OID_ID_KEY_DOMAIN_UID); + *pe++ = (uint8_t)strlen(OID_ID_KEY_DOMAIN_UID); memcpy(pe, OID_ID_KEY_DOMAIN_UID, strlen(OID_ID_KEY_DOMAIN_UID)); pe += strlen(OID_ID_KEY_DOMAIN_UID); *pe++ = 0x80; - *pe++ = file_get_size(tf_xkek); + *pe++ = (uint8_t)file_get_size(tf_xkek); memcpy(pe, file_get_data(tf_xkek), file_get_size(tf_xkek)); } } } if ((res_APDU_size = - asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, ext, ext_len)) == 0) { + (uint16_t)asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, ext, ext_len)) == 0) { if (ext) { free(ext); } diff --git a/src/hsm/cmd_mse.c b/src/hsm/cmd_mse.c index b1545dd..e3ac568 100644 --- a/src/hsm/cmd_mse.c +++ b/src/hsm/cmd_mse.c @@ -33,8 +33,8 @@ int cmd_mse() { if (p1 & 0x1) { //SET uint16_t tag = 0x0; uint8_t *tag_data = NULL, *p = NULL; - size_t tag_len = 0; - while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) { + uint16_t tag_len = 0; + while (walk_tlv(apdu.data, (uint16_t)apdu.nc, &p, &tag, &tag_len, &tag_data)) { if (tag == 0x80) { if (p2 == 0xA4) { if (tag_len == 10 && @@ -54,7 +54,7 @@ int cmd_mse() { } } else if (p2 == 0xA4) { /* Aut */ - for (int i = 0; i < MAX_PUK; i++) { + for (uint8_t i = 0; i < MAX_PUK; i++) { file_t *ef = search_dynamic_file(EF_PUK + i); if (!ef) { break; @@ -62,7 +62,7 @@ int cmd_mse() { if (!file_has_data(ef)) { break; } - size_t chr_len = 0; + uint16_t chr_len = 0; const uint8_t *chr = cvc_get_chr(file_get_data(ef), file_get_size(ef), &chr_len); diff --git a/src/hsm/cmd_pso.c b/src/hsm/cmd_pso.c index e06a3dd..fe513a5 100644 --- a/src/hsm/cmd_pso.c +++ b/src/hsm/cmd_pso.c @@ -20,7 +20,7 @@ #include "asn1.h" #include "cvc.h" -extern int add_cert_puk_store(const uint8_t *data, size_t data_len, bool copy); +extern int add_cert_puk_store(const uint8_t *data, uint16_t data_len, bool copy); extern PUK *current_puk; int cmd_pso() { @@ -49,7 +49,7 @@ int cmd_pso() { } return SW_EXEC_ERROR(); } - for (int i = 0; i < 0xfe; i++) { + for (uint8_t i = 0; i < 0xfe; i++) { uint16_t fid = (CA_CERTIFICATE_PREFIX << 8) | i; file_t *ca_ef = search_dynamic_file(fid); if (!ca_ef) { @@ -60,17 +60,17 @@ int cmd_pso() { return SW_FILE_FULL(); } - size_t chr_len = 0; + uint16_t chr_len = 0; const uint8_t *chr = cvc_get_chr(apdu.data, apdu.nc, &chr_len); if (chr == NULL) { return SW_WRONG_DATA(); } - size_t puk_len = 0, puk_bin_len = 0; + uint16_t puk_len = 0, puk_bin_len = 0; const uint8_t *puk = cvc_get_pub(apdu.data, apdu.nc, &puk_len), *puk_bin = NULL; if (puk == NULL) { return SW_WRONG_DATA(); } - size_t oid_len = 0; + uint16_t oid_len = 0; const uint8_t *oid = cvc_get_field(puk, puk_len, &oid_len, 0x6); if (oid == NULL) { return SW_WRONG_DATA(); @@ -89,8 +89,8 @@ int cmd_pso() { mbedtls_ecp_group_free(&grp); return SW_WRONG_DATA(); } - size_t plen = mbedtls_mpi_size(&grp.P); - size_t t86_len = 0; + uint16_t plen = (uint16_t)mbedtls_mpi_size(&grp.P); + uint16_t t86_len = 0; const uint8_t *t86 = cvc_get_field(puk, puk_len, &t86_len, 0x86); if (mbedtls_ecp_get_type(&grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { if (plen != t86_len) { @@ -126,7 +126,7 @@ int cmd_pso() { } } file_t *cd_ef = file_new((CD_PREFIX << 8) | i); - size_t cd_len = asn1_build_cert_description(chr, + uint16_t cd_len = (uint16_t)asn1_build_cert_description(chr, chr_len, puk_bin, puk_bin_len, @@ -137,7 +137,7 @@ int cmd_pso() { return SW_EXEC_ERROR(); } uint8_t *buf = (uint8_t *) calloc(cd_len, sizeof(uint8_t)); - int r = asn1_build_cert_description(chr, + r = (int)asn1_build_cert_description(chr, chr_len, puk_bin, puk_bin_len, @@ -153,7 +153,6 @@ int cmd_pso() { break; } } - return SW_OK(); } else { return SW_INCORRECT_P1P2(); diff --git a/src/hsm/cmd_puk_auth.c b/src/hsm/cmd_puk_auth.c index 76f55cd..2457003 100644 --- a/src/hsm/cmd_puk_auth.c +++ b/src/hsm/cmd_puk_auth.c @@ -36,7 +36,7 @@ int cmd_puk_auth() { if (p2 != 0x0) { return SW_INCORRECT_P1P2(); } - for (int i = 0; i < puk_data[0]; i++) { + for (uint8_t i = 0; i < puk_data[0]; i++) { ef = search_dynamic_file(EF_PUK + i); if (!ef) { /* Never should not happen */ return SW_MEMORY_FAILURE(); @@ -79,7 +79,7 @@ int cmd_puk_auth() { if (!file_has_data(ef)) { return SW_REFERENCE_NOT_FOUND(); } - size_t chr_len = 0; + uint16_t chr_len = 0; const uint8_t *chr = cvc_get_chr(file_get_data(ef), file_get_size(ef), &chr_len); if (chr) { memcpy(res_APDU, chr, chr_len); diff --git a/src/hsm/cmd_read_binary.c b/src/hsm/cmd_read_binary.c index 2fb7496..7c4a6df 100644 --- a/src/hsm/cmd_read_binary.c +++ b/src/hsm/cmd_read_binary.c @@ -19,7 +19,7 @@ int cmd_read_binary() { uint16_t fid = 0x0; - uint32_t offset = 0; + uint16_t offset = 0; uint8_t ins = INS(apdu), p1 = P1(apdu), p2 = P2(apdu); const file_t *ef = NULL; @@ -68,7 +68,7 @@ int cmd_read_binary() { } if (ef->data) { if ((ef->type & FILE_DATA_FUNC) == FILE_DATA_FUNC) { - uint16_t data_len = ((int (*)(const file_t *, int))(ef->data))((const file_t *) ef, 1); //already copies content to res_APDU + uint16_t data_len = (uint16_t)((int (*)(const file_t *, int))(ef->data))((const file_t *) ef, 1); //already copies content to res_APDU if (offset > data_len) { return SW_WRONG_P1P2(); } diff --git a/src/hsm/cmd_reset_retry.c b/src/hsm/cmd_reset_retry.c index 2388d75..f4567d5 100644 --- a/src/hsm/cmd_reset_retry.c +++ b/src/hsm/cmd_reset_retry.c @@ -34,17 +34,17 @@ int cmd_reset_retry() { return SW_COMMAND_NOT_ALLOWED(); } if (P1(apdu) == 0x0 || P1(apdu) == 0x2) { - int newpin_len = 0; + uint8_t newpin_len = 0; if (P1(apdu) == 0x0) { uint8_t so_pin_len = file_read_uint8(file_get_data(file_sopin)); - if (apdu.nc <= so_pin_len + 1) { + if ((uint16_t)apdu.nc <= so_pin_len + 1) { return SW_WRONG_LENGTH(); } uint16_t r = check_pin(file_sopin, apdu.data, so_pin_len); if (r != 0x9000) { return r; } - newpin_len = apdu.nc - so_pin_len; + newpin_len = (uint8_t)apdu.nc - so_pin_len; } else if (P1(apdu) == 0x2) { if (!has_session_sopin) { @@ -53,7 +53,7 @@ int cmd_reset_retry() { if (apdu.nc > 16) { return SW_WRONG_LENGTH(); } - newpin_len = apdu.nc; + newpin_len = (uint8_t)apdu.nc; } uint8_t dhash[33]; dhash[0] = newpin_len; diff --git a/src/hsm/cmd_select.c b/src/hsm/cmd_select.c index bed5a7a..3c8da6d 100644 --- a/src/hsm/cmd_select.c +++ b/src/hsm/cmd_select.c @@ -96,7 +96,7 @@ int cmd_select() { } } else if (p1 == 0x04) { //Select by DF name - e.g., [truncated] application identifier - if (!(pe = search_by_name(apdu.data, apdu.nc))) { + if (!(pe = search_by_name(apdu.data, (uint16_t)apdu.nc))) { return SW_FILE_NOT_FOUND(); } if (card_terminated) { @@ -104,12 +104,12 @@ int cmd_select() { } } else if (p1 == 0x08) { //Select from the MF - Path without the MF identifier - if (!(pe = search_by_path(apdu.data, apdu.nc, MF))) { + if (!(pe = search_by_path(apdu.data, (uint8_t)apdu.nc, MF))) { return SW_FILE_NOT_FOUND(); } } else if (p1 == 0x09) { //Select from the current DF - Path without the current DF identifier - if (!(pe = search_by_path(apdu.data, apdu.nc, currentDF))) { + if (!(pe = search_by_path(apdu.data, (uint8_t)apdu.nc, currentDF))) { return SW_FILE_NOT_FOUND(); } } @@ -125,7 +125,7 @@ int cmd_select() { res_APDU[res_APDU_size++] = 0xFF; res_APDU[res_APDU_size++] = HSM_VERSION_MAJOR; res_APDU[res_APDU_size++] = HSM_VERSION_MINOR; - res_APDU[1] = res_APDU_size - 2; + res_APDU[1] = (uint8_t)res_APDU_size - 2; } } else { diff --git a/src/hsm/cmd_signature.c b/src/hsm/cmd_signature.c index 30f0344..42a7272 100644 --- a/src/hsm/cmd_signature.c +++ b/src/hsm/cmd_signature.c @@ -57,8 +57,8 @@ static const uint8_t hdr_ripemd160[] = { static const struct digest_info_prefix { mbedtls_md_type_t algorithm; const uint8_t *hdr; - size_t hdr_len; - size_t hash_len; + uint16_t hdr_len; + uint16_t hash_len; } digest_info_prefix[] = { { MBEDTLS_MD_MD5, hdr_md5, sizeof(hdr_md5), 16 }, { MBEDTLS_MD_SHA1, hdr_sha1, sizeof(hdr_sha1), 20 }, @@ -71,11 +71,11 @@ static const struct digest_info_prefix { }; int pkcs1_strip_digest_info_prefix(mbedtls_md_type_t *algorithm, const uint8_t *in_dat, - size_t in_len, + uint16_t in_len, uint8_t *out_dat, - size_t *out_len) { + uint16_t *out_len) { for (int i = 0; digest_info_prefix[i].algorithm != 0; i++) { - size_t hdr_len = digest_info_prefix[i].hdr_len, hash_len = digest_info_prefix[i].hash_len; + uint16_t hdr_len = digest_info_prefix[i].hdr_len, hash_len = digest_info_prefix[i].hash_len; const uint8_t *hdr = digest_info_prefix[i].hdr; if (in_len == (hdr_len + hash_len) && !memcmp(in_dat, hdr, hdr_len)) { if (algorithm) { @@ -116,7 +116,7 @@ int cmd_signature() { if (key_has_purpose(fkey, p2) == false) { return SW_CONDITIONS_NOT_SATISFIED(); } - int key_size = file_get_size(fkey); + uint16_t key_size = file_get_size(fkey); if (p2 == ALGO_RSA_PKCS1_SHA1 || p2 == ALGO_RSA_PSS_SHA1 || p2 == ALGO_EC_SHA1) { md = MBEDTLS_MD_SHA1; } @@ -153,9 +153,9 @@ int cmd_signature() { return SW_EXEC_ERROR(); } uint8_t *hash = apdu.data; - size_t hash_len = apdu.nc; + uint16_t hash_len = apdu.nc; if (p2 == ALGO_RSA_PKCS1) { //DigestInfo attached - size_t nc = apdu.nc; + uint16_t nc = apdu.nc; if (pkcs1_strip_digest_info_prefix(&md, apdu.data, apdu.nc, apdu.data, &nc) != CCID_OK) { //gets the MD algo id and strips it off return SW_EXEC_ERROR(); @@ -164,10 +164,10 @@ int cmd_signature() { } else { //sc_asn1_print_tags(apdu.data, apdu.nc); - size_t tout = 0, oid_len = 0; + uint16_t tout = 0, oid_len = 0; uint8_t *p = NULL, *oid = NULL; if (asn1_find_tag(apdu.data, apdu.nc, 0x30, &tout, &p) && tout > 0 && p != NULL) { - size_t tout30 = 0; + uint16_t tout30 = 0; uint8_t *c30 = NULL; if (asn1_find_tag(p, tout, 0x30, &tout30, &c30) && tout30 > 0 && c30 != NULL) { asn1_find_tag(c30, tout30, 0x6, &oid_len, &oid); @@ -276,10 +276,10 @@ int cmd_signature() { } return SW_EXEC_ERROR(); } - size_t olen = 0; + uint16_t olen = 0; uint8_t buf[MBEDTLS_ECDSA_MAX_LEN]; if (mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN, - &olen, random_gen, NULL) != 0) { + (size_t *)&olen, random_gen, NULL) != 0) { mbedtls_ecdsa_free(&ctx); return SW_EXEC_ERROR(); } @@ -288,7 +288,7 @@ int cmd_signature() { mbedtls_ecdsa_free(&ctx); } else if (p2 == ALGO_HD) { - size_t olen = 0; + uint16_t olen = 0; uint8_t buf[MBEDTLS_ECDSA_MAX_LEN]; if (hd_context.grp.id == MBEDTLS_ECP_DP_NONE) { return SW_CONDITIONS_NOT_SATISFIED(); @@ -299,7 +299,7 @@ int cmd_signature() { md = MBEDTLS_MD_SHA256; if (mbedtls_ecdsa_write_signature(&hd_context, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN, - &olen, random_gen, NULL) != 0) { + (size_t *)&olen, random_gen, NULL) != 0) { mbedtls_ecdsa_free(&hd_context); return SW_EXEC_ERROR(); } diff --git a/src/hsm/cmd_update_ef.c b/src/hsm/cmd_update_ef.c index 97051f5..9fae86a 100644 --- a/src/hsm/cmd_update_ef.c +++ b/src/hsm/cmd_update_ef.c @@ -48,15 +48,15 @@ int cmd_update_ef() { uint16_t tag = 0x0; uint8_t *tag_data = NULL, *p = NULL; - size_t tag_len = 0; - while (walk_tlv(apdu.data, apdu.nc, &p, &tag, &tag_len, &tag_data)) { + uint16_t tag_len = 0; + while (walk_tlv(apdu.data, (uint16_t)apdu.nc, &p, &tag, &tag_len, &tag_data)) { if (tag == 0x54) { //ofset tag - for (int i = 1; i <= tag_len; i++) { + for (size_t i = 1; i <= tag_len; i++) { offset |= (*tag_data++ << (8 * (tag_len - i))); } } else if (tag == 0x53) { //data - data_len = tag_len; + data_len = (uint16_t)tag_len; data = tag_data; } } diff --git a/src/hsm/cmd_verify.c b/src/hsm/cmd_verify.c index 7211ed8..66a725a 100644 --- a/src/hsm/cmd_verify.c +++ b/src/hsm/cmd_verify.c @@ -37,7 +37,7 @@ int cmd_verify() { return SW_REFERENCE_NOT_FOUND(); } if (apdu.nc > 0) { - return check_pin(file_pin1, apdu.data, apdu.nc); + return check_pin(file_pin1, apdu.data, (uint16_t)apdu.nc); } if (file_read_uint8(file_get_data(file_retries_pin1)) == 0) { return SW_PIN_BLOCKED(); @@ -49,7 +49,7 @@ int cmd_verify() { return SW_REFERENCE_NOT_FOUND(); } if (apdu.nc > 0) { - return check_pin(file_sopin, apdu.data, apdu.nc); + return check_pin(file_sopin, apdu.data, (uint16_t)apdu.nc); } if (file_read_uint8(file_get_data(file_retries_sopin)) == 0) { return SW_PIN_BLOCKED(); diff --git a/src/hsm/cvc.c b/src/hsm/cvc.c index 93434a5..ded1157 100644 --- a/src/hsm/cvc.c +++ b/src/hsm/cvc.c @@ -29,14 +29,14 @@ #include "files.h" extern const uint8_t *dev_name; -extern size_t dev_name_len; +extern uint16_t dev_name_len; -size_t asn1_cvc_public_key_rsa(mbedtls_rsa_context *rsa, uint8_t *buf, size_t buf_len) { +uint16_t asn1_cvc_public_key_rsa(mbedtls_rsa_context *rsa, uint8_t *buf, uint16_t buf_len) { const uint8_t oid_rsa[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x02, 0x01, 0x02 }; - size_t n_size = mbedtls_mpi_size(&rsa->N), e_size = mbedtls_mpi_size(&rsa->E); - size_t ntot_size = asn1_len_tag(0x81, n_size), etot_size = asn1_len_tag(0x82, e_size); - size_t oid_len = asn1_len_tag(0x6, sizeof(oid_rsa)); - size_t tot_len = asn1_len_tag(0x7f49, oid_len + ntot_size + etot_size); + uint16_t n_size = (uint16_t)mbedtls_mpi_size(&rsa->N), e_size = (uint16_t)mbedtls_mpi_size(&rsa->E); + uint16_t ntot_size = asn1_len_tag(0x81, n_size), etot_size = asn1_len_tag(0x82, e_size); + uint16_t oid_len = asn1_len_tag(0x6, sizeof(oid_rsa)); + uint16_t tot_len = asn1_len_tag(0x7f49, oid_len + ntot_size + etot_size); if (buf == NULL || buf_len == 0) { return tot_len; } @@ -72,23 +72,23 @@ const uint8_t *pointA[] = { "\x01\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC", }; -size_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, size_t buf_len) { +uint16_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, uint16_t buf_len) { uint8_t Y_buf[MBEDTLS_ECP_MAX_PT_LEN], G_buf[MBEDTLS_ECP_MAX_PT_LEN]; const uint8_t oid_ecdsa[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x02, 0x02, 0x03 }; const uint8_t oid_ri[] = { 0x04, 0x00, 0x7F, 0x00, 0x07, 0x02, 0x02, 0x05, 0x02, 0x03 }; const uint8_t *oid = oid_ecdsa; - size_t p_size = mbedtls_mpi_size(&ecdsa->grp.P), a_size = mbedtls_mpi_size(&ecdsa->grp.A); - size_t b_size = mbedtls_mpi_size(&ecdsa->grp.B), g_size = 0; - size_t o_size = mbedtls_mpi_size(&ecdsa->grp.N), y_size = 0; - mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &g_size, G_buf, sizeof(G_buf)); - mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &y_size, Y_buf, sizeof(Y_buf)); - size_t c_size = 1; - size_t ptot_size = asn1_len_tag(0x81, p_size), atot_size = asn1_len_tag(0x82, a_size ? a_size : (pointA[ecdsa->grp.id] && ecdsa->grp.id < 6 ? p_size : 1)); - size_t btot_size = asn1_len_tag(0x83, b_size), gtot_size = asn1_len_tag(0x84, g_size); - size_t otot_size = asn1_len_tag(0x85, o_size), ytot_size = asn1_len_tag(0x86, y_size); - size_t ctot_size = asn1_len_tag(0x87, c_size); - size_t oid_len = asn1_len_tag(0x6, sizeof(oid_ecdsa)); - size_t tot_len = 0, tot_data_len = 0; + uint16_t p_size = (uint16_t)mbedtls_mpi_size(&ecdsa->grp.P), a_size = (uint16_t)mbedtls_mpi_size(&ecdsa->grp.A); + uint16_t b_size = (uint16_t)mbedtls_mpi_size(&ecdsa->grp.B), g_size = 0; + uint16_t o_size = (uint16_t)mbedtls_mpi_size(&ecdsa->grp.N), y_size = 0; + mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, (size_t *)&g_size, G_buf, sizeof(G_buf)); + mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, (size_t *)&y_size, Y_buf, sizeof(Y_buf)); + uint16_t c_size = 1; + uint16_t ptot_size = asn1_len_tag(0x81, p_size), atot_size = asn1_len_tag(0x82, a_size ? a_size : (pointA[ecdsa->grp.id] && ecdsa->grp.id < 6 ? p_size : 1)); + uint16_t btot_size = asn1_len_tag(0x83, b_size), gtot_size = asn1_len_tag(0x84, g_size); + uint16_t otot_size = asn1_len_tag(0x85, o_size), ytot_size = asn1_len_tag(0x86, y_size); + uint16_t ctot_size = asn1_len_tag(0x87, c_size); + uint16_t oid_len = asn1_len_tag(0x6, sizeof(oid_ecdsa)); + uint16_t tot_len = 0, tot_data_len = 0; if (mbedtls_ecp_get_type(&ecdsa->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { tot_data_len = oid_len + ptot_size + otot_size + gtot_size + ytot_size; oid = oid_ri; @@ -157,33 +157,33 @@ size_t asn1_cvc_public_key_ecdsa(mbedtls_ecdsa_context *ecdsa, uint8_t *buf, siz return tot_len; } -size_t asn1_cvc_cert_body(void *rsa_ecdsa, +uint16_t asn1_cvc_cert_body(void *rsa_ecdsa, uint8_t key_type, uint8_t *buf, - size_t buf_len, + uint16_t buf_len, const uint8_t *ext, - size_t ext_len, + uint16_t ext_len, bool full) { - size_t pubkey_size = 0; + uint16_t pubkey_size = 0; if (key_type & PICO_KEYS_KEY_RSA) { pubkey_size = asn1_cvc_public_key_rsa(rsa_ecdsa, NULL, 0); } else if (key_type & PICO_KEYS_KEY_EC) { pubkey_size = asn1_cvc_public_key_ecdsa(rsa_ecdsa, NULL, 0); } - size_t cpi_size = 4, ext_size = 0, role_size = 0, valid_size = 0; + uint16_t cpi_size = 4, ext_size = 0, role_size = 0, valid_size = 0; if (ext && ext_len > 0) { ext_size = asn1_len_tag(0x65, ext_len); } const uint8_t *role = (const uint8_t *)"\x06\x09\x04\x00\x7F\x00\x07\x03\x01\x02\x02\x53\x01\x00"; - size_t rolelen = 14; + uint16_t rolelen = 14; if (full) { role_size = asn1_len_tag(0x7f4c, rolelen); valid_size = asn1_len_tag(0x5f24, 6) + asn1_len_tag(0x5f25, 6); } uint8_t *car = NULL, *chr = NULL; - size_t lencar = 0, lenchr = 0; + uint16_t lencar = 0, lenchr = 0; if (asn1_find_tag(apdu.data, apdu.nc, 0x42, &lencar, &car) == false || lencar == 0 || car == NULL) { @@ -191,7 +191,7 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa, lencar = dev_name_len; if (dev_name == NULL) { car = (uint8_t *)"ESPICOHSMTR00001"; - lencar = strlen((const char *)car); + lencar = (uint16_t)strlen((const char *)car); } } if (asn1_find_tag(apdu.data, apdu.nc, 0x5f20, &lenchr, @@ -203,9 +203,9 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa, lenchr = lencar; } } - size_t car_size = asn1_len_tag(0x42, lencar), chr_size = asn1_len_tag(0x5f20, lenchr); + uint16_t car_size = asn1_len_tag(0x42, lencar), chr_size = asn1_len_tag(0x5f20, lenchr); - size_t tot_len = asn1_len_tag(0x7f4e, cpi_size + car_size + pubkey_size + chr_size + ext_size + role_size + valid_size); + uint16_t tot_len = asn1_len_tag(0x7f4e, cpi_size + car_size + pubkey_size + chr_size + ext_size + role_size + valid_size); if (buf_len == 0 || buf == NULL) { return tot_len; @@ -257,22 +257,22 @@ size_t asn1_cvc_cert_body(void *rsa_ecdsa, return tot_len; } -size_t asn1_cvc_cert(void *rsa_ecdsa, +uint16_t asn1_cvc_cert(void *rsa_ecdsa, uint8_t key_type, uint8_t *buf, - size_t buf_len, + uint16_t buf_len, const uint8_t *ext, - size_t ext_len, + uint16_t ext_len, bool full) { - size_t key_size = 0; + uint16_t key_size = 0; if (key_type & PICO_KEYS_KEY_RSA) { - key_size = mbedtls_mpi_size(&((mbedtls_rsa_context *) rsa_ecdsa)->N); + key_size = (uint16_t)mbedtls_mpi_size(&((mbedtls_rsa_context *) rsa_ecdsa)->N); } else if (key_type & PICO_KEYS_KEY_EC) { key_size = 2 * (int)((mbedtls_ecp_curve_info_from_grp_id(((mbedtls_ecdsa_context *) rsa_ecdsa)->grp.id)->bit_size + 7) / 8); } - size_t body_size = asn1_cvc_cert_body(rsa_ecdsa, key_type, NULL, 0, ext, ext_len, full), sig_size = asn1_len_tag(0x5f37, key_size); - size_t tot_len = asn1_len_tag(0x7f21, body_size + sig_size); + uint16_t body_size = asn1_cvc_cert_body(rsa_ecdsa, key_type, NULL, 0, ext, ext_len, full), sig_size = asn1_len_tag(0x5f37, key_size); + uint16_t tot_len = asn1_len_tag(0x7f21, body_size + sig_size); if (buf_len == 0 || buf == NULL) { return tot_len; } @@ -313,19 +313,19 @@ size_t asn1_cvc_cert(void *rsa_ecdsa, mbedtls_mpi_free(&r); mbedtls_mpi_free(&s); } - return p - buf; + return (uint16_t)(p - buf); } -size_t asn1_cvc_aut(void *rsa_ecdsa, +uint16_t asn1_cvc_aut(void *rsa_ecdsa, uint8_t key_type, uint8_t *buf, - size_t buf_len, + uint16_t buf_len, const uint8_t *ext, - size_t ext_len) { - size_t cvcert_size = asn1_cvc_cert(rsa_ecdsa, key_type, NULL, 0, ext, ext_len, false); - size_t outcar_len = dev_name_len; + uint16_t ext_len) { + uint16_t cvcert_size = asn1_cvc_cert(rsa_ecdsa, key_type, NULL, 0, ext, ext_len, false); + uint16_t outcar_len = dev_name_len; const uint8_t *outcar = dev_name; - size_t outcar_size = asn1_len_tag(0x42, outcar_len); + uint16_t outcar_size = asn1_len_tag(0x42, outcar_len); file_t *fkey = search_by_fid(EF_KEY_DEV, NULL, SPECIFY_EF); if (!fkey) { return 0; @@ -336,8 +336,9 @@ size_t asn1_cvc_aut(void *rsa_ecdsa, mbedtls_ecdsa_free(&ectx); return 0; } - int ret = 0, key_size = 2 * mbedtls_mpi_size(&ectx.d); - size_t outsig_size = asn1_len_tag(0x5f37, key_size), tot_len = asn1_len_tag(0x67, cvcert_size + outcar_size + outsig_size); + int ret = 0; + uint16_t key_size = 2 * (uint16_t)mbedtls_mpi_size(&ectx.d); + uint16_t outsig_size = asn1_len_tag(0x5f37, key_size), tot_len = asn1_len_tag(0x67, cvcert_size + outcar_size + outsig_size); if (buf_len == 0 || buf == NULL) { return tot_len; } @@ -370,24 +371,24 @@ size_t asn1_cvc_aut(void *rsa_ecdsa, mbedtls_mpi_write_binary(&s, p, mbedtls_mpi_size(&s)); p += mbedtls_mpi_size(&s); mbedtls_mpi_free(&r); mbedtls_mpi_free(&s); - return p - buf; + return (uint16_t)(p - buf); } -size_t asn1_build_cert_description(const uint8_t *label, - size_t label_len, +uint16_t asn1_build_cert_description(const uint8_t *label, + uint16_t label_len, const uint8_t *puk, - size_t puk_len, + uint16_t puk_len, uint16_t fid, uint8_t *buf, - size_t buf_len) { - size_t opt_len = 2; - size_t seq1_size = + uint16_t buf_len) { + uint16_t opt_len = 2; + uint16_t seq1_size = asn1_len_tag(0x30, asn1_len_tag(0xC, label_len) + asn1_len_tag(0x3, opt_len)); - size_t seq2_size = asn1_len_tag(0x30, asn1_len_tag(0x4, 20)); /* SHA1 is 20 bytes length */ - size_t seq3_size = + uint16_t seq2_size = asn1_len_tag(0x30, asn1_len_tag(0x4, 20)); /* SHA1 is 20 bytes length */ + uint16_t seq3_size = asn1_len_tag(0xA1, asn1_len_tag(0x30, asn1_len_tag(0x30, asn1_len_tag(0x4, sizeof(uint16_t))))); - size_t tot_len = asn1_len_tag(0x30, seq1_size + seq2_size + seq3_size); + uint16_t tot_len = asn1_len_tag(0x30, seq1_size + seq2_size + seq3_size); if (buf_len == 0 || buf == NULL) { return tot_len; } @@ -426,18 +427,18 @@ size_t asn1_build_cert_description(const uint8_t *label, p += format_tlv_len(sizeof(uint16_t), p); *p++ = fid >> 8; *p++ = fid & 0xff; - return p - buf; + return (uint16_t)(p - buf); } -size_t asn1_build_prkd_generic(const uint8_t *label, - size_t label_len, +uint16_t asn1_build_prkd_generic(const uint8_t *label, + uint16_t label_len, const uint8_t *keyid, - size_t keyid_len, - size_t keysize, + uint16_t keyid_len, + uint16_t keysize, int key_type, uint8_t *buf, - size_t buf_len) { - size_t seq_len = 0; + uint16_t buf_len) { + uint16_t seq_len = 0; const uint8_t *seq = NULL; uint8_t first_tag = 0x0; if (key_type & PICO_KEYS_KEY_EC) { @@ -455,10 +456,10 @@ size_t asn1_build_prkd_generic(const uint8_t *label, seq_len = 3; first_tag = 0xA8; } - size_t seq1_size = asn1_len_tag(0x30, asn1_len_tag(0xC, label_len)); - size_t seq2_size = + uint16_t seq1_size = asn1_len_tag(0x30, asn1_len_tag(0xC, label_len)); + uint16_t seq2_size = asn1_len_tag(0x30, asn1_len_tag(0x4, keyid_len) + asn1_len_tag(0x3, seq_len)); - size_t seq3_size = 0, seq4_size = 0; + uint16_t seq3_size = 0, seq4_size = 0; if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) { seq4_size = asn1_len_tag(0xA1, asn1_len_tag(0x30, asn1_len_tag(0x30, asn1_len_tag(0x4, 0)) + asn1_len_tag(0x2, 2))); } @@ -466,7 +467,7 @@ size_t asn1_build_prkd_generic(const uint8_t *label, seq3_size = asn1_len_tag(0xA0, asn1_len_tag(0x30, asn1_len_tag(0x2, 2))); seq4_size = asn1_len_tag(0xA1, asn1_len_tag(0x30, asn1_len_tag(0x30, asn1_len_tag(0x4, 0)))); } - size_t tot_len = asn1_len_tag(first_tag, seq1_size + seq2_size + seq4_size); + uint16_t tot_len = asn1_len_tag(first_tag, seq1_size + seq2_size + seq4_size); if (buf_len == 0 || buf == NULL) { return tot_len; } @@ -507,7 +508,7 @@ size_t asn1_build_prkd_generic(const uint8_t *label, //Seq 4 *p++ = 0xA1; - size_t inseq4_len = asn1_len_tag(0x30, asn1_len_tag(0x4, 0)); + uint16_t inseq4_len = asn1_len_tag(0x30, asn1_len_tag(0x4, 0)); if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) { inseq4_len += asn1_len_tag(0x2, 2); } @@ -524,16 +525,16 @@ size_t asn1_build_prkd_generic(const uint8_t *label, *p++ = (keysize >> 8) & 0xff; *p++ = keysize & 0xff; } - return p - buf; + return (uint16_t)(p - buf); } -size_t asn1_build_prkd_ecc(const uint8_t *label, - size_t label_len, +uint16_t asn1_build_prkd_ecc(const uint8_t *label, + uint16_t label_len, const uint8_t *keyid, - size_t keyid_len, - size_t keysize, + uint16_t keyid_len, + uint16_t keysize, uint8_t *buf, - size_t buf_len) { + uint16_t buf_len) { return asn1_build_prkd_generic(label, label_len, keyid, @@ -544,13 +545,13 @@ size_t asn1_build_prkd_ecc(const uint8_t *label, buf_len); } -size_t asn1_build_prkd_rsa(const uint8_t *label, - size_t label_len, +uint16_t asn1_build_prkd_rsa(const uint8_t *label, + uint16_t label_len, const uint8_t *keyid, - size_t keyid_len, - size_t keysize, + uint16_t keyid_len, + uint16_t keysize, uint8_t *buf, - size_t buf_len) { + uint16_t buf_len) { return asn1_build_prkd_generic(label, label_len, keyid, @@ -561,13 +562,13 @@ size_t asn1_build_prkd_rsa(const uint8_t *label, buf_len); } -size_t asn1_build_prkd_aes(const uint8_t *label, - size_t label_len, +uint16_t asn1_build_prkd_aes(const uint8_t *label, + uint16_t label_len, const uint8_t *keyid, - size_t keyid_len, - size_t keysize, + uint16_t keyid_len, + uint16_t keysize, uint8_t *buf, - size_t buf_len) { + uint16_t buf_len) { return asn1_build_prkd_generic(label, label_len, keyid, @@ -578,7 +579,7 @@ size_t asn1_build_prkd_aes(const uint8_t *label, buf_len); } -const uint8_t *cvc_get_field(const uint8_t *data, size_t len, size_t *olen, uint16_t tag) { +const uint8_t *cvc_get_field(const uint8_t *data, uint16_t len, uint16_t *olen, uint16_t tag) { uint8_t *rdata = NULL; if (data == NULL || len == 0) { return NULL; @@ -589,7 +590,7 @@ const uint8_t *cvc_get_field(const uint8_t *data, size_t len, size_t *olen, uint return rdata; } -const uint8_t *cvc_get_body(const uint8_t *data, size_t len, size_t *olen) { +const uint8_t *cvc_get_body(const uint8_t *data, uint16_t len, uint16_t *olen) { const uint8_t *bkdata = data; if ((data = cvc_get_field(data, len, olen, 0x67)) == NULL) { /* Check for CSR */ data = bkdata; @@ -600,7 +601,7 @@ const uint8_t *cvc_get_body(const uint8_t *data, size_t len, size_t *olen) { return NULL; } -const uint8_t *cvc_get_sig(const uint8_t *data, size_t len, size_t *olen) { +const uint8_t *cvc_get_sig(const uint8_t *data, uint16_t len, uint16_t *olen) { const uint8_t *bkdata = data; if ((data = cvc_get_field(data, len, olen, 0x67)) == NULL) { /* Check for CSR */ data = bkdata; @@ -611,28 +612,28 @@ const uint8_t *cvc_get_sig(const uint8_t *data, size_t len, size_t *olen) { return NULL; } -const uint8_t *cvc_get_car(const uint8_t *data, size_t len, size_t *olen) { +const uint8_t *cvc_get_car(const uint8_t *data, uint16_t len, uint16_t *olen) { if ((data = cvc_get_body(data, len, olen)) != NULL) { return cvc_get_field(data, len, olen, 0x42); } return NULL; } -const uint8_t *cvc_get_chr(const uint8_t *data, size_t len, size_t *olen) { +const uint8_t *cvc_get_chr(const uint8_t *data, uint16_t len, uint16_t *olen) { if ((data = cvc_get_body(data, len, olen)) != NULL) { return cvc_get_field(data, len, olen, 0x5F20); } return NULL; } -const uint8_t *cvc_get_pub(const uint8_t *data, size_t len, size_t *olen) { +const uint8_t *cvc_get_pub(const uint8_t *data, uint16_t len, uint16_t *olen) { if ((data = cvc_get_body(data, len, olen)) != NULL) { return cvc_get_field(data, len, olen, 0x7F49); } return NULL; } -const uint8_t *cvc_get_ext(const uint8_t *data, size_t len, size_t *olen) { +const uint8_t *cvc_get_ext(const uint8_t *data, uint16_t len, uint16_t *olen) { if ((data = cvc_get_body(data, len, olen)) != NULL) { return cvc_get_field(data, len, olen, 0x65); } @@ -642,7 +643,7 @@ const uint8_t *cvc_get_ext(const uint8_t *data, size_t len, size_t *olen) { extern PUK puk_store[MAX_PUK_STORE_ENTRIES]; extern int puk_store_entries; -int puk_store_index(const uint8_t *chr, size_t chr_len) { +int puk_store_index(const uint8_t *chr, uint16_t chr_len) { for (int i = 0; i < puk_store_entries; i++) { if (memcmp(puk_store[i].chr, chr, chr_len) == 0) { return i; @@ -651,8 +652,8 @@ int puk_store_index(const uint8_t *chr, size_t chr_len) { return -1; } -mbedtls_ecp_group_id cvc_inherite_ec_group(const uint8_t *ca, size_t ca_len) { - size_t chr_len = 0, car_len = 0; +mbedtls_ecp_group_id cvc_inherite_ec_group(const uint8_t *ca, uint16_t ca_len) { + uint16_t chr_len = 0, car_len = 0; const uint8_t *chr = NULL, *car = NULL; int eq = -1; do { @@ -670,12 +671,12 @@ mbedtls_ecp_group_id cvc_inherite_ec_group(const uint8_t *ca, size_t ca_len) { } } } while (car && chr && eq != 0); - size_t ca_puk_len = 0; + uint16_t ca_puk_len = 0; const uint8_t *ca_puk = cvc_get_pub(ca, ca_len, &ca_puk_len); if (!ca_puk) { return MBEDTLS_ECP_DP_NONE; } - size_t t81_len = 0; + uint16_t t81_len = 0; const uint8_t *t81 = cvc_get_field(ca_puk, ca_puk_len, &t81_len, 0x81); if (!t81) { return MBEDTLS_ECP_DP_NONE; @@ -685,23 +686,23 @@ mbedtls_ecp_group_id cvc_inherite_ec_group(const uint8_t *ca, size_t ca_len) { } int puk_verify(const uint8_t *sig, - size_t sig_len, + uint16_t sig_len, const uint8_t *hash, - size_t hash_len, + uint16_t hash_len, const uint8_t *ca, - size_t ca_len) { - size_t puk_len = 0; + uint16_t ca_len) { + uint16_t puk_len = 0; const uint8_t *puk = cvc_get_pub(ca, ca_len, &puk_len); if (!puk) { return CCID_WRONG_DATA; } - size_t oid_len = 0; + uint16_t oid_len = 0; const uint8_t *oid = cvc_get_field(puk, puk_len, &oid_len, 0x6); if (!oid) { return CCID_WRONG_DATA; } if (memcmp(oid, OID_ID_TA_RSA, 9) == 0) { //RSA - size_t t81_len = 0, t82_len = 0; + uint16_t t81_len = 0, t82_len = 0; const uint8_t *t81 = cvc_get_field(puk, puk_len, &t81_len, 0x81), *t82 = cvc_get_field(puk, puk_len, &t81_len, @@ -757,7 +758,7 @@ int puk_verify(const uint8_t *sig, mbedtls_rsa_free(&rsa); return CCID_EXEC_ERROR; } - r = mbedtls_rsa_pkcs1_verify(&rsa, md, hash_len, hash, sig); + r = mbedtls_rsa_pkcs1_verify(&rsa, md, (unsigned int)hash_len, hash, sig); mbedtls_rsa_free(&rsa); if (r != 0) { return CCID_WRONG_SIGNATURE; @@ -784,7 +785,7 @@ int puk_verify(const uint8_t *sig, return CCID_WRONG_DATA; } - size_t t86_len = 0; + uint16_t t86_len = 0; const uint8_t *t86 = cvc_get_field(puk, puk_len, &t86_len, 0x86); if (!t86) { return CCID_WRONG_DATA; @@ -838,13 +839,13 @@ int puk_verify(const uint8_t *sig, return CCID_OK; } -int cvc_verify(const uint8_t *cert, size_t cert_len, const uint8_t *ca, size_t ca_len) { - size_t puk_len = 0; +int cvc_verify(const uint8_t *cert, uint16_t cert_len, const uint8_t *ca, uint16_t ca_len) { + uint16_t puk_len = 0; const uint8_t *puk = cvc_get_pub(ca, ca_len, &puk_len); if (!puk) { return CCID_WRONG_DATA; } - size_t oid_len = 0, cv_body_len = 0, sig_len = 0; + uint16_t oid_len = 0, cv_body_len = 0, sig_len = 0; const uint8_t *oid = cvc_get_field(puk, puk_len, &oid_len, 0x6); const uint8_t *cv_body = cvc_get_body(cert, cert_len, &cv_body_len); const uint8_t *sig = cvc_get_sig(cert, cert_len, &sig_len); diff --git a/src/hsm/cvc.h b/src/hsm/cvc.h index 1959cfd..1eb217a 100644 --- a/src/hsm/cvc.h +++ b/src/hsm/cvc.h @@ -28,78 +28,78 @@ typedef struct PUK { const uint8_t *puk; - size_t puk_len; + uint16_t puk_len; const uint8_t *car; - size_t car_len; + uint16_t car_len; const uint8_t *chr; - size_t chr_len; + uint16_t chr_len; const uint8_t *cvcert; - size_t cvcert_len; + uint16_t cvcert_len; bool copied; } PUK; #define MAX_PUK_STORE_ENTRIES 4 -extern size_t asn1_cvc_cert(void *rsa_ecdsa, +extern uint16_t asn1_cvc_cert(void *rsa_ecdsa, uint8_t key_type, uint8_t *buf, - size_t buf_len, + uint16_t buf_len, const uint8_t *ext, - size_t ext_len, + uint16_t ext_len, bool full); -extern size_t asn1_cvc_aut(void *rsa_ecdsa, +extern uint16_t asn1_cvc_aut(void *rsa_ecdsa, uint8_t key_type, uint8_t *buf, - size_t buf_len, + uint16_t buf_len, const uint8_t *ext, - size_t ext_len); -extern size_t asn1_build_cert_description(const uint8_t *label, - size_t label_len, + uint16_t ext_len); +extern uint16_t asn1_build_cert_description(const uint8_t *label, + uint16_t label_len, const uint8_t *puk, - size_t puk_len, + uint16_t puk_len, uint16_t fid, uint8_t *buf, - size_t buf_len); -extern const uint8_t *cvc_get_field(const uint8_t *data, size_t len, size_t *olen, uint16_t tag); -extern const uint8_t *cvc_get_car(const uint8_t *data, size_t len, size_t *olen); -extern const uint8_t *cvc_get_chr(const uint8_t *data, size_t len, size_t *olen); -extern const uint8_t *cvc_get_pub(const uint8_t *data, size_t len, size_t *olen); -extern const uint8_t *cvc_get_ext(const uint8_t *data, size_t len, size_t *olen); -extern int cvc_verify(const uint8_t *cert, size_t cert_len, const uint8_t *ca, size_t ca_len); -extern mbedtls_ecp_group_id cvc_inherite_ec_group(const uint8_t *ca, size_t ca_len); + uint16_t buf_len); +extern const uint8_t *cvc_get_field(const uint8_t *data, uint16_t len, uint16_t *olen, uint16_t tag); +extern const uint8_t *cvc_get_car(const uint8_t *data, uint16_t len, uint16_t *olen); +extern const uint8_t *cvc_get_chr(const uint8_t *data, uint16_t len, uint16_t *olen); +extern const uint8_t *cvc_get_pub(const uint8_t *data, uint16_t len, uint16_t *olen); +extern const uint8_t *cvc_get_ext(const uint8_t *data, uint16_t len, uint16_t *olen); +extern int cvc_verify(const uint8_t *cert, uint16_t cert_len, const uint8_t *ca, uint16_t ca_len); +extern mbedtls_ecp_group_id cvc_inherite_ec_group(const uint8_t *ca, uint16_t ca_len); extern int puk_verify(const uint8_t *sig, - size_t sig_len, + uint16_t sig_len, const uint8_t *hash, - size_t hash_len, + uint16_t hash_len, const uint8_t *ca, - size_t ca_len); -extern size_t asn1_build_prkd_ecc(const uint8_t *label, - size_t label_len, + uint16_t ca_len); +extern uint16_t asn1_build_prkd_ecc(const uint8_t *label, + uint16_t label_len, const uint8_t *keyid, - size_t keyid_len, - size_t keysize, + uint16_t keyid_len, + uint16_t keysize, uint8_t *buf, - size_t buf_len); -extern size_t asn1_build_prkd_rsa(const uint8_t *label, - size_t label_len, + uint16_t buf_len); +extern uint16_t asn1_build_prkd_rsa(const uint8_t *label, + uint16_t label_len, const uint8_t *keyid, - size_t keyid_len, - size_t keysize, + uint16_t keyid_len, + uint16_t keysize, uint8_t *buf, - size_t buf_len); -extern size_t asn1_build_prkd_aes(const uint8_t *label, - size_t label_len, + uint16_t buf_len); +extern uint16_t asn1_build_prkd_aes(const uint8_t *label, + uint16_t label_len, const uint8_t *keyid, - size_t keyid_len, - size_t keysize, + uint16_t keyid_len, + uint16_t keysize, uint8_t *buf, - size_t buf_len); -extern size_t asn1_build_prkd_generic(const uint8_t *label, - size_t label_len, + uint16_t buf_len); +extern uint16_t asn1_build_prkd_generic(const uint8_t *label, + uint16_t label_len, const uint8_t *keyid, - size_t keyid_len, - size_t keysize, + uint16_t keyid_len, + uint16_t keysize, int key_tpe, uint8_t *buf, - size_t buf_len); + uint16_t buf_len); #endif diff --git a/src/hsm/files.c b/src/hsm/files.c index f863ab1..8a5fb4b 100644 --- a/src/hsm/files.c +++ b/src/hsm/files.c @@ -101,7 +101,7 @@ file_t file_entries[] = { ///* 30 */ { .fid = 0x0000, .parent = 0, .name = openpgpcard_aid, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = {0} }, /* 31 */ { .fid = 0x0000, .parent = 5, .name = sc_hsm_aid, .type = FILE_TYPE_WORKING_EF, .data = NULL, .ef_structure = FILE_EF_TRANSPARENT, .acl = { 0 } }, - /* 32 */ { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_UNKNOWN, .data = NULL, + /* 32 */ { .fid = 0x0000, .parent = 0xff, .name = NULL, .type = FILE_TYPE_NOT_KNOWN, .data = NULL, .ef_structure = 0, .acl = { 0 } } //end }; diff --git a/src/hsm/kek.c b/src/hsm/kek.c index 2144c1e..3bfb378 100644 --- a/src/hsm/kek.c +++ b/src/hsm/kek.c @@ -41,7 +41,7 @@ uint8_t pending_save_dkek = 0xff; #define POLY 0xedb88320 uint32_t crc32c(const uint8_t *buf, size_t len) { - uint32_t crc = ~0; + uint32_t crc = 0xffffffffffffffff; while (len--) { crc ^= *buf++; for (int k = 0; k < 8; k++) { @@ -258,7 +258,7 @@ int dkek_kmac(uint8_t id, uint8_t *kmac) { //kmac 32 bytes return CCID_OK; } -int mkek_encrypt(uint8_t *data, size_t len) { +int mkek_encrypt(uint8_t *data, uint16_t len) { int r; uint8_t mkek[MKEK_SIZE + 4]; if ((r = load_mkek(mkek)) != CCID_OK) { @@ -269,7 +269,7 @@ int mkek_encrypt(uint8_t *data, size_t len) { return r; } -int mkek_decrypt(uint8_t *data, size_t len) { +int mkek_decrypt(uint8_t *data, uint16_t len) { int r; uint8_t mkek[MKEK_SIZE + 4]; if ((r = load_mkek(mkek)) != CCID_OK) { @@ -284,16 +284,17 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, - size_t *out_len, + uint16_t *out_len, const uint8_t *allowed, - size_t allowed_len) { + uint16_t allowed_len) { if (!(key_type & PICO_KEYS_KEY_RSA) && !(key_type & PICO_KEYS_KEY_EC) && !(key_type & PICO_KEYS_KEY_AES)) { return CCID_WRONG_DATA; } uint8_t kb[8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13]; //worst case: RSA-4096 (plus, 13 bytes padding) memset(kb, 0, sizeof(kb)); - int kb_len = 0, r = 0; + uint16_t kb_len = 0; + int r = 0; uint8_t *algo = NULL; uint8_t algo_len = 0; uint8_t kenc[32]; @@ -351,17 +352,17 @@ int dkek_encode_key(uint8_t id, } mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx; kb_len = 0; - put_uint16_t(mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len); kb_len += 2; + put_uint16_t((uint16_t)mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len); kb_len += 2; - put_uint16_t(mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len); kb_len += 2; + put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&rsa->D, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->D)); - kb_len += mbedtls_mpi_size(&rsa->D); - put_uint16_t(mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len); kb_len += 2; + kb_len += (uint16_t)mbedtls_mpi_size(&rsa->D); + put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&rsa->N, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->N)); - kb_len += mbedtls_mpi_size(&rsa->N); - put_uint16_t(mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len); kb_len += 2; + kb_len += (uint16_t)mbedtls_mpi_size(&rsa->N); + put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&rsa->E, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->E)); - kb_len += mbedtls_mpi_size(&rsa->E); + kb_len += (uint16_t)mbedtls_mpi_size(&rsa->E); algo = (uint8_t *) "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x01\x02"; algo_len = 12; @@ -372,38 +373,38 @@ int dkek_encode_key(uint8_t id, } mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx; kb_len = 0; - put_uint16_t(mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len); kb_len += 2; - put_uint16_t(mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len); kb_len += 2; + put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len); kb_len += 2; + put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&ecdsa->grp.A, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.A)); - kb_len += mbedtls_mpi_size(&ecdsa->grp.A); - put_uint16_t(mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len); kb_len += 2; + kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.A); + put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&ecdsa->grp.B, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.B)); - kb_len += mbedtls_mpi_size(&ecdsa->grp.B); - put_uint16_t(mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len); kb_len += 2; + kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.B); + put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&ecdsa->grp.P, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.P)); - kb_len += mbedtls_mpi_size(&ecdsa->grp.P); - put_uint16_t(mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len); kb_len += 2; + kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.P); + put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&ecdsa->grp.N, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.N)); - kb_len += mbedtls_mpi_size(&ecdsa->grp.N); + kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.N); - size_t olen = 0; + uint16_t olen = 0; mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, - &olen, + (size_t *)&olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2); put_uint16_t(olen, kb + 8 + kb_len); kb_len += 2 + olen; - put_uint16_t(mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2; + put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d)); - kb_len += mbedtls_mpi_size(&ecdsa->d); + kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->d); mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, - &olen, + (size_t *)&olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2); put_uint16_t(olen, kb + 8 + kb_len); @@ -450,7 +451,7 @@ int dkek_encode_key(uint8_t id, memcpy(kb, random_bytes_get(8), 8); kb_len += 8; //8 random bytes - int kb_len_pad = ((int) (kb_len / 16)) * 16; + uint16_t kb_len_pad = ((uint16_t) (kb_len / 16)) * 16; if (kb_len % 16 > 0) { kb_len_pad = ((int) (kb_len / 16) + 1) * 16; } @@ -496,10 +497,10 @@ int dkek_type_key(const uint8_t *in) { int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, - size_t in_len, + uint16_t in_len, int *key_size_out, uint8_t **allowed, - size_t *allowed_len) { + uint16_t *allowed_len) { uint8_t kcv[8]; int r = 0; memset(kcv, 0, sizeof(kcv)); @@ -559,10 +560,10 @@ int dkek_decode_key(uint8_t id, return CCID_WRONG_DATA; } - size_t ofs = 9; + uint16_t ofs = 9; //OID - size_t len = get_uint16_t(in, ofs); + uint16_t len = get_uint16_t(in, ofs); ofs += len + 2; //Allowed algorithms diff --git a/src/hsm/kek.h b/src/hsm/kek.h index 5c85c2f..aa095cc 100644 --- a/src/hsm/kek.h +++ b/src/hsm/kek.h @@ -31,23 +31,23 @@ extern void init_mkek(); extern void release_mkek(uint8_t *); extern int import_dkek_share(uint8_t, const uint8_t *share); extern int dkek_kcv(uint8_t, uint8_t *kcv); -extern int mkek_encrypt(uint8_t *data, size_t len); -extern int mkek_decrypt(uint8_t *data, size_t len); +extern int mkek_encrypt(uint8_t *data, uint16_t len); +extern int mkek_decrypt(uint8_t *data, uint16_t len); extern int dkek_encode_key(uint8_t, void *key_ctx, int key_type, uint8_t *out, - size_t *out_len, + uint16_t *out_len, const uint8_t *, - size_t); + uint16_t); extern int dkek_type_key(const uint8_t *in); extern int dkek_decode_key(uint8_t, void *key_ctx, const uint8_t *in, - size_t in_len, + uint16_t in_len, int *key_size_out, uint8_t **, - size_t *); + uint16_t *); #define MAX_DKEK_ENCODE_KEY_BUFFER (8 + 1 + 12 + 6 + (8 + 2 * 4 + 2 * 4096 / 8 + 3 + 13) + 16) diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index f4450f2..23cdfd2 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -42,7 +42,7 @@ const uint8_t atr_sc_hsm[] = { uint8_t session_pin[32], session_sopin[32]; bool has_session_pin = false, has_session_sopin = false; const uint8_t *dev_name = NULL; -size_t dev_name_len = 0; +uint16_t dev_name_len = 0; static int sc_hsm_process_apdu(); @@ -87,7 +87,7 @@ int sc_hsm_select_aid(app_t *a) { return CCID_OK; } -void __attribute__((constructor)) sc_hsm_ctor() { +INITIALIZER( sc_hsm_ctor ) { ccid_atr = atr_sc_hsm; register_app(sc_hsm_select_aid, sc_hsm_aid); } @@ -174,7 +174,7 @@ int puk_store_entries = 0; PUK *current_puk = NULL; uint8_t puk_status[MAX_PUK]; -int add_cert_puk_store(const uint8_t *data, size_t data_len, bool copy) { +int add_cert_puk_store(const uint8_t *data, uint16_t data_len, bool copy) { if (data == NULL || data_len == 0) { return CCID_ERR_NULL_PARAM; } @@ -229,14 +229,14 @@ void reset_puk_store() { file_t *fterm = search_by_fid(EF_TERMCA, NULL, SPECIFY_EF); if (fterm) { uint8_t *p = NULL, *fterm_data = file_get_data(fterm), *pq = fterm_data; - size_t fterm_data_len = file_get_size(fterm); + uint16_t fterm_data_len = file_get_size(fterm); while (walk_tlv(fterm_data, fterm_data_len, &p, NULL, NULL, NULL)) { - add_cert_puk_store(pq, p - pq, false); + add_cert_puk_store(pq, (uint16_t)(p - pq), false); pq = p; } } for (int i = 0; i < 0xfe; i++) { - file_t *ef = search_dynamic_file((CA_CERTIFICATE_PREFIX << 8) | i); + file_t *ef = search_dynamic_file((CA_CERTIFICATE_PREFIX << 8) | (uint8_t)i); if (ef && file_get_size(ef) > 0) { add_cert_puk_store(file_get_data(ef), file_get_size(ef), false); } @@ -285,6 +285,7 @@ bool wait_button_pressed() { } int parse_token_info(const file_t *f, int mode) { + (void)f; #ifdef __FOR_CI char *label = "SmartCard-HSM"; #else @@ -301,13 +302,13 @@ int parse_token_info(const file_t *f, int mode) { #else *p++ = 0x4; *p++ = 8; memset(p, 0, 8); p += 8; #endif - *p++ = 0xC; *p++ = strlen(manu); strcpy((char *) p, manu); p += strlen(manu); - *p++ = 0x80; *p++ = strlen(label); strcpy((char *) p, label); p += strlen(label); + *p++ = 0xC; *p++ = (uint8_t)strlen(manu); strcpy((char *) p, manu); p += strlen(manu); + *p++ = 0x80; *p++ = (uint8_t)strlen(label); strcpy((char *) p, label); p += strlen(label); *p++ = 0x3; *p++ = 2; *p++ = 4; *p++ = 0x30; - res_APDU_size = p - res_APDU; - res_APDU[1] = res_APDU_size - 2; + res_APDU_size = (uint16_t)(p - res_APDU); + res_APDU[1] = (uint8_t)res_APDU_size - 2; } - return 2 + (2 + 1) + (2 + 8) + (2 + strlen(manu)) + (2 + strlen(label)) + (2 + 2); + return (int)(2 + (2 + 1) + (2 + 8) + (2 + strlen(manu)) + (2 + strlen(label)) + (2 + 2)); } int pin_reset_retries(const file_t *pin, bool force) { @@ -358,7 +359,7 @@ bool pka_enabled() { return file_has_data(ef_puk) && file_read_uint8(file_get_data(ef_puk)) > 0; } -int check_pin(const file_t *pin, const uint8_t *data, size_t len) { +uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len) { if (!file_has_data((file_t *) pin)) { return SW_REFERENCE_NOT_FOUND(); } @@ -372,7 +373,7 @@ int check_pin(const file_t *pin, const uint8_t *data, size_t len) { if ((retries = pin_wrong_retry(pin)) < CCID_OK) { return SW_PIN_BLOCKED(); } - return set_res_sw(0x63, 0xc0 | retries); + return set_res_sw(0x63, 0xc0 | (uint8_t)retries); } } else { @@ -386,7 +387,7 @@ int check_pin(const file_t *pin, const uint8_t *data, size_t len) { if ((retries = pin_wrong_retry(pin)) < CCID_OK) { return SW_PIN_BLOCKED(); } - return set_res_sw(0x63, 0xc0 | retries); + return set_res_sw(0x63, 0xc0 | (uint8_t)retries); } } int r = pin_reset_retries(pin, false); @@ -414,12 +415,12 @@ int check_pin(const file_t *pin, const uint8_t *data, size_t len) { return SW_OK(); } -const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, size_t *tag_len) { +const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, uint16_t *tag_len) { if (ef == NULL) { return NULL; } uint8_t *meta_data = NULL; - uint8_t meta_size = meta_find(ef->fid, &meta_data); + uint16_t meta_size = meta_find(ef->fid, &meta_data); if (meta_size > 0 && meta_data != NULL) { uint16_t tag = 0x0; uint8_t *tag_data = NULL, *p = NULL; @@ -433,7 +434,7 @@ const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, size_t *tag_len) { } uint32_t get_key_counter(file_t *fkey) { - size_t tag_len = 0; + uint16_t tag_len = 0; const uint8_t *meta_tag = get_meta_tag(fkey, 0x90, &tag_len); if (meta_tag) { return (meta_tag[0] << 24) | (meta_tag[1] << 16) | (meta_tag[2] << 8) | meta_tag[3]; @@ -442,10 +443,10 @@ uint32_t get_key_counter(file_t *fkey) { } bool key_has_purpose(file_t *ef, uint8_t purpose) { - size_t tag_len = 0; + uint16_t tag_len = 0; const uint8_t *meta_tag = get_meta_tag(ef, 0x91, &tag_len); if (meta_tag) { - for (int i = 0; i < tag_len; i++) { + for (unsigned i = 0; i < tag_len; i++) { if (meta_tag[i] == purpose) { return true; } @@ -460,11 +461,11 @@ uint32_t decrement_key_counter(file_t *fkey) { return 0xffffff; } uint8_t *meta_data = NULL; - uint8_t meta_size = meta_find(fkey->fid, &meta_data); + uint16_t meta_size = meta_find(fkey->fid, &meta_data); if (meta_size > 0 && meta_data != NULL) { uint16_t tag = 0x0; uint8_t *tag_data = NULL, *p = NULL; - size_t tag_len = 0; + uint16_t tag_len = 0; uint8_t *cmeta = (uint8_t *) calloc(1, meta_size); /* We cannot modify meta_data, as it comes from flash memory. It must be cpied to an aux buffer */ memcpy(cmeta, meta_data, meta_size); @@ -478,7 +479,7 @@ uint32_t decrement_key_counter(file_t *fkey) { tag_data[2] = (val >> 8) & 0xff; tag_data[3] = val & 0xff; - int r = meta_add(fkey->fid, cmeta, meta_size); + int r = meta_add(fkey->fid, cmeta, (uint16_t)meta_size); free(cmeta); if (r != 0) { return 0xffffffff; @@ -494,17 +495,18 @@ uint32_t decrement_key_counter(file_t *fkey) { // Stores the private and public keys in flash int store_keys(void *key_ctx, int type, uint8_t key_id) { - int r, key_size = 0; + int r = 0; + uint16_t key_size = 0; uint8_t kdata[4096 / 8]; // worst case if (type & PICO_KEYS_KEY_RSA) { mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx; - key_size = mbedtls_mpi_size(&rsa->P) + mbedtls_mpi_size(&rsa->Q); + key_size = (uint16_t)mbedtls_mpi_size(&rsa->P) + (uint16_t)mbedtls_mpi_size(&rsa->Q); mbedtls_mpi_write_binary(&rsa->P, kdata, key_size / 2); mbedtls_mpi_write_binary(&rsa->Q, kdata + key_size / 2, key_size / 2); } else if (type & PICO_KEYS_KEY_EC) { mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx; - key_size = mbedtls_mpi_size(&ecdsa->d); + key_size = (uint16_t)mbedtls_mpi_size(&ecdsa->d); kdata[0] = ecdsa->grp.id & 0xff; mbedtls_ecp_write_key(ecdsa, kdata + 1, key_size); key_size++; @@ -535,7 +537,7 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) { if (r != CCID_OK) { return r; } - r = flash_write_data_to_file(fpk, kdata, key_size); + r = flash_write_data_to_file(fpk, kdata, (uint16_t)key_size); if (r != CCID_OK) { return r; } @@ -544,7 +546,7 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) { if (type & PICO_KEYS_KEY_EC) { key_size--; } - size_t prkd_len = asn1_build_prkd_generic(NULL, 0, (uint8_t *)key_id_str, strlen(key_id_str), key_size * 8, type, kdata, sizeof(kdata)); + uint16_t prkd_len = asn1_build_prkd_generic(NULL, 0, (uint8_t *)key_id_str, (uint16_t)strlen(key_id_str), key_size * 8, type, kdata, sizeof(kdata)); if (prkd_len > 0) { fpk = file_new((PRKD_PREFIX << 8) | key_id); r = flash_write_data_to_file(fpk, kdata, prkd_len); @@ -557,13 +559,13 @@ int store_keys(void *key_ctx, int type, uint8_t key_id) { } int find_and_store_meta_key(uint8_t key_id) { - size_t lt[4] = { 0, 0, 0, 0 }, meta_size = 0; + uint16_t lt[4] = { 0, 0, 0, 0 }, meta_size = 0; uint8_t *pt[4] = { NULL, NULL, NULL, NULL }; uint8_t t90[4] = { 0xFF, 0xFF, 0xFF, 0xFE }; - for (int t = 0; t < 4; t++) { + for (uint16_t t = 0; t < 4; t++) { uint8_t *ptt = NULL; - size_t ltt = 0; - if (asn1_find_tag(apdu.data, apdu.nc, 0x90 + t, <t, &ptt) && ptt != NULL && ltt > 0) { + uint16_t ltt = 0; + if (asn1_find_tag(apdu.data, (uint16_t)apdu.nc, 0x90 + t, <t, &ptt) && ptt != NULL && ltt > 0) { lt[t] = ltt; pt[t] = ptt; meta_size += asn1_len_tag(0x90 + t, lt[t]); @@ -579,7 +581,7 @@ int find_and_store_meta_key(uint8_t key_id) { } if (meta_size) { uint8_t *meta = (uint8_t *) calloc(1, meta_size), *m = meta; - for (int t = 0; t < 4; t++) { + for (uint8_t t = 0; t < 4; t++) { if (lt[t] > 0 && pt[t] != NULL) { *m++ = 0x90 + t; m += format_tlv_len(lt[t], m); @@ -587,7 +589,7 @@ int find_and_store_meta_key(uint8_t key_id) { m += lt[t]; } } - int r = meta_add((KEY_PREFIX << 8) | key_id, meta, meta_size); + int r = meta_add((KEY_PREFIX << 8) | key_id, meta, (uint16_t)meta_size); free(meta); if (r != 0) { return CCID_EXEC_ERROR; @@ -601,7 +603,7 @@ int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) { return CCID_VERIFICATION_FAILED; } - int key_size = file_get_size(fkey); + uint16_t key_size = file_get_size(fkey); uint8_t kdata[4096 / 8]; memcpy(kdata, file_get_data(fkey), key_size); if (mkek_decrypt(kdata, key_size) != 0) { @@ -645,7 +647,7 @@ int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) { return CCID_VERIFICATION_FAILED; } - int key_size = file_get_size(fkey); + uint16_t key_size = file_get_size(fkey); uint8_t kdata[67]; // Worst case, 521 bit + 1byte memcpy(kdata, file_get_data(fkey), key_size); if (mkek_decrypt(kdata, key_size) != 0) { @@ -735,9 +737,9 @@ int sc_hsm_process_apdu() { } for (const cmd_t *cmd = cmds; cmd->ins != 0x00; cmd++) { if (cmd->ins == INS(apdu)) { - int r = cmd->cmd_handler(); + int res = cmd->cmd_handler(); sm_wrap(); - return r; + return res; } } return SW_INS_NOT_SUPPORTED(); diff --git a/src/hsm/sc_hsm.h b/src/hsm/sc_hsm.h index 9a7b194..fa8d3ff 100644 --- a/src/hsm/sc_hsm.h +++ b/src/hsm/sc_hsm.h @@ -102,20 +102,18 @@ extern const uint8_t sc_hsm_aid[]; extern int pin_reset_retries(const file_t *pin, bool); extern int pin_wrong_retry(const file_t *pin); -extern void hash(const uint8_t *input, size_t len, uint8_t output[32]); -extern void hash_multi(const uint8_t *input, size_t len, uint8_t output[32]); -extern void double_hash_pin(const uint8_t *pin, size_t len, uint8_t output[32]); +extern void hash(const uint8_t *input, uint16_t len, uint8_t output[32]); extern uint16_t get_device_options(); extern bool has_session_pin, has_session_sopin; extern uint8_t session_pin[32], session_sopin[32]; -extern int check_pin(const file_t *pin, const uint8_t *data, size_t len); +extern uint16_t check_pin(const file_t *pin, const uint8_t *data, uint16_t len); extern bool pka_enabled(); extern const uint8_t *dev_name; -extern size_t dev_name_len; +extern uint16_t dev_name_len; extern uint8_t puk_status[MAX_PUK]; extern int puk_store_select_chr(const uint8_t *chr); extern int delete_file(file_t *ef); -extern const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, size_t *tag_len); +extern const uint8_t *get_meta_tag(file_t *ef, uint16_t meta_tag, uint16_t *tag_len); extern bool key_has_purpose(file_t *ef, uint8_t purpose); extern int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey); extern int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey);