diff --git a/pico-keys-sdk b/pico-keys-sdk index ffaf20d..3f541f1 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit ffaf20da5d65a2dfc6c92026014f818ec9382f21 +Subproject commit 3f541f13d536aee190bd61f1603f11044535d2ff diff --git a/src/hsm/cmd_cipher_sym.c b/src/hsm/cmd_cipher_sym.c index bcd714f..61739bf 100644 --- a/src/hsm/cmd_cipher_sym.c +++ b/src/hsm/cmd_cipher_sym.c @@ -143,10 +143,7 @@ int mbedtls_ansi_x963_kdf(mbedtls_md_type_t md_type, mbedtls_md_update(&md_ctx, input, input_len); //TODO: be careful with architecture little vs. big - counter_buf[0] = (uint8_t) ((counter >> 24) & 0xff); - counter_buf[1] = (uint8_t) ((counter >> 16) & 0xff); - counter_buf[2] = (uint8_t) ((counter >> 8) & 0xff); - counter_buf[3] = (uint8_t) ((counter >> 0) & 0xff); + put_uint32_t_be(counter, counter_buf); mbedtls_md_update(&md_ctx, counter_buf, 4); diff --git a/src/hsm/cmd_extras.c b/src/hsm/cmd_extras.c index aa0de9c..bacebce 100644 --- a/src/hsm/cmd_extras.c +++ b/src/hsm/cmd_extras.c @@ -302,26 +302,16 @@ int cmd_extras() { else if (cmd == CMD_MEMORY) { res_APDU_size = 0; uint32_t free = flash_free_space(), total = flash_total_space(), used = flash_used_space(), nfiles = flash_num_files(), size = flash_size(); - res_APDU[res_APDU_size++] = free >> 24; - res_APDU[res_APDU_size++] = free >> 16; - res_APDU[res_APDU_size++] = free >> 8; - res_APDU[res_APDU_size++] = free; - res_APDU[res_APDU_size++] = used >> 24; - res_APDU[res_APDU_size++] = used >> 16; - res_APDU[res_APDU_size++] = used >> 8; - res_APDU[res_APDU_size++] = used; - res_APDU[res_APDU_size++] = total >> 24; - res_APDU[res_APDU_size++] = total >> 16; - res_APDU[res_APDU_size++] = total >> 8; - res_APDU[res_APDU_size++] = total; - res_APDU[res_APDU_size++] = nfiles >> 24; - res_APDU[res_APDU_size++] = nfiles >> 16; - res_APDU[res_APDU_size++] = nfiles >> 8; - res_APDU[res_APDU_size++] = nfiles; - res_APDU[res_APDU_size++] = size >> 24; - res_APDU[res_APDU_size++] = size >> 16; - res_APDU[res_APDU_size++] = size >> 8; - res_APDU[res_APDU_size++] = size; + put_uint32_t_be(free, res_APDU + res_APDU_size); + res_APDU_size += 4; + put_uint32_t_be(used, res_APDU + res_APDU_size); + res_APDU_size += 4; + put_uint32_t_be(total, res_APDU + res_APDU_size); + res_APDU_size += 4; + put_uint32_t_be(nfiles, res_APDU + res_APDU_size); + res_APDU_size += 4; + put_uint32_t_be(size, res_APDU + res_APDU_size); + res_APDU_size += 4; } else { return SW_INCORRECT_P1P2(); diff --git a/src/hsm/cmd_initialize.c b/src/hsm/cmd_initialize.c index 0f513fb..9a62f66 100644 --- a/src/hsm/cmd_initialize.c +++ b/src/hsm/cmd_initialize.c @@ -247,10 +247,8 @@ int cmd_initialize() { } else { //free memory bytes request int heap_left = heapLeft(); - res_APDU[0] = ((heap_left >> 24) & 0xff); - res_APDU[1] = ((heap_left >> 16) & 0xff); - res_APDU[2] = ((heap_left >> 8) & 0xff); - res_APDU[3] = ((heap_left >> 0) & 0xff); + put_uint32_t_be(heap_left, res_APDU); + res_APDU_size = 4; res_APDU[4] = 0; res_APDU[5] = HSM_VERSION_MAJOR; res_APDU[6] = HSM_VERSION_MINOR; diff --git a/src/hsm/cmd_read_binary.c b/src/hsm/cmd_read_binary.c index 513f348..3d6c887 100644 --- a/src/hsm/cmd_read_binary.c +++ b/src/hsm/cmd_read_binary.c @@ -30,7 +30,7 @@ int cmd_read_binary() { offset = p2; } else { - offset = make_uint16_t(p1, p2) & 0x7fff; + offset = make_uint16_t_be(p1, p2) & 0x7fff; ef = currentEF; } } @@ -41,7 +41,7 @@ int cmd_read_binary() { } } else { - uint16_t file_id = make_uint16_t(p1, p2); // & 0x7fff; + uint16_t file_id = make_uint16_t_be(p1, p2); // & 0x7fff; if (file_id == 0x0) { ef = currentEF; } diff --git a/src/hsm/cmd_select.c b/src/hsm/cmd_select.c index 05bd4d1..555f7b5 100644 --- a/src/hsm/cmd_select.c +++ b/src/hsm/cmd_select.c @@ -48,7 +48,7 @@ int cmd_select() { //} if (apdu.nc == 2) { - fid = get_uint16_t(apdu.data, 0); + fid = get_uint16_t_be(apdu.data, 0); } //if ((fid & 0xff00) == (KEY_PREFIX << 8)) diff --git a/src/hsm/kek.c b/src/hsm/kek.c index 2b8b1ac..2aeb62a 100644 --- a/src/hsm/kek.c +++ b/src/hsm/kek.c @@ -328,7 +328,7 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1 return PICOKEY_WRONG_LENGTH; } - put_uint16_t(kb_len, kb + 8); + put_uint16_t_be(kb_len, kb + 8); memcpy(kb + 10, key_ctx, kb_len); kb_len += 2; @@ -341,15 +341,15 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1 } mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx; kb_len = 0; - put_uint16_t((uint16_t)mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len); kb_len += 2; + put_uint16_t_be((uint16_t)mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len); kb_len += 2; - put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len); kb_len += 2; + put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&rsa->D, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->D)); kb_len += (uint16_t)mbedtls_mpi_size(&rsa->D); - put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len); kb_len += 2; + put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&rsa->N, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->N)); kb_len += (uint16_t)mbedtls_mpi_size(&rsa->N); - put_uint16_t((uint16_t)mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len); kb_len += 2; + put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&rsa->E, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->E)); kb_len += (uint16_t)mbedtls_mpi_size(&rsa->E); @@ -362,31 +362,31 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1 } mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx; kb_len = 0; - put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len); kb_len += 2; - put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len); kb_len += 2; + put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len); kb_len += 2; + put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&ecdsa->grp.A, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.A)); kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.A); - put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len); kb_len += 2; + put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&ecdsa->grp.B, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.B)); kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.B); - put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len); kb_len += 2; + put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&ecdsa->grp.P, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.P)); kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.P); - put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len); kb_len += 2; + put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&ecdsa->grp.N, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.N)); kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.N); size_t olen = 0; mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2); - put_uint16_t((uint16_t)olen, kb + 8 + kb_len); + put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len); kb_len += 2 + (uint16_t)olen; - put_uint16_t((uint16_t)mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2; + put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2; mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d)); kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->d); mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2); - put_uint16_t((uint16_t)olen, kb + 8 + kb_len); + put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len); kb_len += 2 + (uint16_t)olen; algo = (uint8_t *) "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x03"; @@ -418,7 +418,7 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1 } if (allowed && allowed_len > 0) { - put_uint16_t(allowed_len, out + *out_len); *out_len += 2; + put_uint16_t_be(allowed_len, out + *out_len); *out_len += 2; memcpy(out + *out_len, allowed, allowed_len); *out_len += allowed_len; } @@ -526,21 +526,21 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le uint16_t ofs = 9; //OID - uint16_t len = get_uint16_t(in, ofs); + uint16_t len = get_uint16_t_be(in, ofs); ofs += len + 2; //Allowed algorithms - len = get_uint16_t(in, ofs); + len = get_uint16_t_be(in, ofs); *allowed = (uint8_t *) (in + ofs + 2); *allowed_len = len; ofs += len + 2; //Access conditions - len = get_uint16_t(in, ofs); + len = get_uint16_t_be(in, ofs); ofs += len + 2; //Key OID - len = get_uint16_t(in, ofs); + len = get_uint16_t_be(in, ofs); ofs += len + 2; if ((in_len - 16 - ofs) % 16 != 0) { @@ -554,7 +554,7 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le return r; } - int key_size = get_uint16_t(kb, 8); + int key_size = get_uint16_t_be(kb, 8); if (key_size_out) { *key_size_out = key_size; } @@ -563,14 +563,14 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx; mbedtls_rsa_init(rsa); if (key_type == 5) { - len = get_uint16_t(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb, ofs); ofs += 2; r = mbedtls_mpi_read_binary(&rsa->D, kb + ofs, len); ofs += len; if (r != 0) { mbedtls_rsa_free(rsa); return PICOKEY_WRONG_DATA; } - len = get_uint16_t(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb, ofs); ofs += 2; r = mbedtls_mpi_read_binary(&rsa->N, kb + ofs, len); ofs += len; if (r != 0) { mbedtls_rsa_free(rsa); @@ -579,12 +579,12 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le } else if (key_type == 6) { //DP-1 - len = get_uint16_t(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb, ofs); ofs += len + 2; //DQ-1 - len = get_uint16_t(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb, ofs); ofs += len + 2; - len = get_uint16_t(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb, ofs); ofs += 2; r = mbedtls_mpi_read_binary(&rsa->P, kb + ofs, len); ofs += len; if (r != 0) { mbedtls_rsa_free(rsa); @@ -592,19 +592,19 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le } //PQ - len = get_uint16_t(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb, ofs); ofs += len + 2; - len = get_uint16_t(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb, ofs); ofs += 2; r = mbedtls_mpi_read_binary(&rsa->Q, kb + ofs, len); ofs += len; if (r != 0) { mbedtls_rsa_free(rsa); return PICOKEY_WRONG_DATA; } //N - len = get_uint16_t(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb, ofs); ofs += len + 2; } - len = get_uint16_t(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb, ofs); ofs += 2; r = mbedtls_mpi_read_binary(&rsa->E, kb + ofs, len); ofs += len; if (r != 0) { mbedtls_rsa_free(rsa); @@ -642,13 +642,13 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le mbedtls_ecdsa_init(ecdsa); //A - len = get_uint16_t(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb, ofs); ofs += len + 2; //B - len = get_uint16_t(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb, ofs); ofs += len + 2; //P - len = get_uint16_t(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb, ofs); ofs += 2; mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(kb + ofs, len); if (ec_id == MBEDTLS_ECP_DP_NONE) { mbedtls_ecdsa_free(ecdsa); @@ -657,13 +657,13 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le ofs += len; //N - len = get_uint16_t(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb, ofs); ofs += len + 2; //G - len = get_uint16_t(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb, ofs); ofs += len + 2; //d - len = get_uint16_t(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb, ofs); ofs += 2; r = mbedtls_ecp_read_key(ec_id, ecdsa, kb + ofs, len); if (r != 0) { mbedtls_ecdsa_free(ecdsa); @@ -672,7 +672,7 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le ofs += len; //Q - len = get_uint16_t(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb, ofs); ofs += 2; r = mbedtls_ecp_point_read_binary(&ecdsa->grp, &ecdsa->Q, kb + ofs, len); if (r != 0) { r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL); diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index b41ab83..a0bb47c 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -501,11 +501,7 @@ uint32_t decrement_key_counter(file_t *fkey) { uint32_t val = (tag_data[0] << 24) | (tag_data[1] << 16) | (tag_data[2] << 8) | tag_data[3]; val--; - tag_data[0] = (val >> 24) & 0xff; - tag_data[1] = (val >> 16) & 0xff; - tag_data[2] = (val >> 8) & 0xff; - tag_data[3] = val & 0xff; - + put_uint32_t_be(val, tag_data); int r = meta_add(fkey->fid, cmeta, (uint16_t)meta_size); free(cmeta); if (r != 0) {