diff --git a/pico-keys-sdk b/pico-keys-sdk index d78e977..f8cb36c 160000 --- a/pico-keys-sdk +++ b/pico-keys-sdk @@ -1 +1 @@ -Subproject commit d78e97792682d2bfc73fade50fce74683680571e +Subproject commit f8cb36c2cf5de7f0e8b7cd4a497160e86de50107 diff --git a/src/hsm/cmd_delete_file.c b/src/hsm/cmd_delete_file.c index 1ecbecb..3f21715 100644 --- a/src/hsm/cmd_delete_file.c +++ b/src/hsm/cmd_delete_file.c @@ -30,7 +30,7 @@ int cmd_delete_file() { } } else { - uint16_t fid = (apdu.data[0] << 8) | apdu.data[1]; + uint16_t fid = get_uint16_t_be(apdu.data); if (!(ef = search_file(fid))) { return SW_FILE_NOT_FOUND(); } diff --git a/src/hsm/cmd_extras.c b/src/hsm/cmd_extras.c index 84623cd..d8a096f 100644 --- a/src/hsm/cmd_extras.c +++ b/src/hsm/cmd_extras.c @@ -70,8 +70,7 @@ int cmd_extras() { gettimeofday(&tv, NULL); #endif struct tm *tm = localtime(&tv.tv_sec); - put_uint16_t_be(tm->tm_year + 1900, res_APDU); - res_APDU_size += 2; + res_APDU_size += put_uint16_t_be(tm->tm_year + 1900, res_APDU); res_APDU[res_APDU_size++] = tm->tm_mon; res_APDU[res_APDU_size++] = tm->tm_mday; res_APDU[res_APDU_size++] = tm->tm_wday; @@ -84,7 +83,7 @@ int cmd_extras() { return SW_WRONG_LENGTH(); } struct tm tm; - tm.tm_year = ((apdu.data[0] << 8) | (apdu.data[1])) - 1900; + tm.tm_year = get_uint16_t_be(apdu.data) - 1900; tm.tm_mon = apdu.data[2]; tm.tm_mday = apdu.data[3]; tm.tm_wday = apdu.data[4]; @@ -110,8 +109,7 @@ int cmd_extras() { } uint16_t opts = get_device_options(); if (apdu.nc == 0) { - put_uint16_t_be(opts, res_APDU); - res_APDU_size += 2; + res_APDU_size += put_uint16_t_be(opts, res_APDU); } else { uint8_t newopts[] = { apdu.data[0], (opts & 0xff) }; @@ -216,8 +214,8 @@ int cmd_extras() { if (apdu.nc != 4) { return SW_WRONG_LENGTH(); } - phy_data.vid = (apdu.data[0] << 8) | apdu.data[1]; - phy_data.pid = (apdu.data[2] << 8) | apdu.data[3]; + phy_data.vid = get_uint16_t_be(apdu.data); + phy_data.pid = get_uint16_t_be(apdu.data + 2); phy_data.vidpid_present = true; } else if (P2(apdu) == PHY_LED_GPIO) { @@ -232,7 +230,7 @@ int cmd_extras() { if (apdu.nc != 2) { return SW_WRONG_LENGTH(); } - phy_data.opts = (apdu.data[0] << 8) | apdu.data[1]; + phy_data.opts = get_uint16_t_be(apdu.data); } else { return SW_INCORRECT_P1P2(); @@ -253,7 +251,7 @@ int cmd_extras() { if (apdu.nc < 2) { return SW_WRONG_LENGTH(); } - uint16_t row = (apdu.data[0] << 8) | apdu.data[1]; + uint16_t row = get_uint16_t_be(apdu.data); bool israw = P2(apdu) == 0x1; if (apdu.nc == 2) { if (row > 0xbf && row < 0xf48) { @@ -302,16 +300,11 @@ int cmd_extras() { else if (cmd == CMD_MEMORY) { res_APDU_size = 0; uint32_t free = flash_free_space(), total = flash_total_space(), used = flash_used_space(), nfiles = flash_num_files(), size = flash_size(); - put_uint32_t_be(free, res_APDU + res_APDU_size); - res_APDU_size += 4; - put_uint32_t_be(used, res_APDU + res_APDU_size); - res_APDU_size += 4; - put_uint32_t_be(total, res_APDU + res_APDU_size); - res_APDU_size += 4; - put_uint32_t_be(nfiles, res_APDU + res_APDU_size); - res_APDU_size += 4; - put_uint32_t_be(size, res_APDU + res_APDU_size); - res_APDU_size += 4; + res_APDU_size += put_uint32_t_be(free, res_APDU + res_APDU_size); + res_APDU_size += put_uint32_t_be(used, res_APDU + res_APDU_size); + res_APDU_size += put_uint32_t_be(total, res_APDU + res_APDU_size); + res_APDU_size += put_uint32_t_be(nfiles, res_APDU + res_APDU_size); + res_APDU_size += put_uint32_t_be(size, res_APDU + res_APDU_size); } else { return SW_INCORRECT_P1P2(); diff --git a/src/hsm/cmd_initialize.c b/src/hsm/cmd_initialize.c index 9a62f66..e630c50 100644 --- a/src/hsm/cmd_initialize.c +++ b/src/hsm/cmd_initialize.c @@ -247,8 +247,7 @@ int cmd_initialize() { } else { //free memory bytes request int heap_left = heapLeft(); - put_uint32_t_be(heap_left, res_APDU); - res_APDU_size = 4; + res_APDU_size += put_uint32_t_be(heap_left, res_APDU); res_APDU[4] = 0; res_APDU[5] = HSM_VERSION_MAJOR; res_APDU[6] = HSM_VERSION_MINOR; diff --git a/src/hsm/cmd_list_keys.c b/src/hsm/cmd_list_keys.c index 6ceda5b..bf334d9 100644 --- a/src/hsm/cmd_list_keys.c +++ b/src/hsm/cmd_list_keys.c @@ -22,12 +22,10 @@ int cmd_list_keys() { /* First we send DEV private key */ /* Both below conditions should be always TRUE */ if (search_file(EF_PRKD_DEV)) { - put_uint16_t_be(EF_PRKD_DEV, res_APDU + res_APDU_size); - res_APDU_size += 2; + res_APDU_size += put_uint16_t_be(EF_PRKD_DEV, res_APDU + res_APDU_size); } if (search_file(EF_KEY_DEV)) { - put_uint16_t_be(EF_KEY_DEV, res_APDU + res_APDU_size); - res_APDU_size += 2; + res_APDU_size += put_uint16_t_be(EF_KEY_DEV, res_APDU + res_APDU_size); } //first CC for (int i = 0; i < dynamic_files; i++) { diff --git a/src/hsm/cmd_select.c b/src/hsm/cmd_select.c index 46c9fb3..99df917 100644 --- a/src/hsm/cmd_select.c +++ b/src/hsm/cmd_select.c @@ -48,7 +48,7 @@ int cmd_select() { //} if (apdu.nc == 2) { - fid = get_uint16_t_be(apdu.data, 0); + fid = get_uint16_t_be(apdu.data); } //if ((fid & 0xff00) == (KEY_PREFIX << 8)) @@ -119,8 +119,7 @@ int cmd_select() { res_APDU[res_APDU_size++] = 0x85; res_APDU[res_APDU_size++] = 5; uint16_t opts = get_device_options(); - put_uint16_t_be(opts, res_APDU + res_APDU_size); - res_APDU_size += 2; + res_APDU_size += put_uint16_t_be(opts, res_APDU + res_APDU_size); res_APDU[res_APDU_size++] = 0xFF; res_APDU[res_APDU_size++] = HSM_VERSION_MAJOR; res_APDU[res_APDU_size++] = HSM_VERSION_MINOR; diff --git a/src/hsm/cvc.c b/src/hsm/cvc.c index 448f5ed..8b6b22e 100644 --- a/src/hsm/cvc.c +++ b/src/hsm/cvc.c @@ -497,8 +497,7 @@ uint16_t asn1_build_prkd_generic(const uint8_t *label, p += format_tlv_len(asn1_len_tag(0x2, 2), p); *p++ = 0x2; p += format_tlv_len(2, p); - put_uint16_t_be(keysize, p); - p += 2; + p += put_uint16_t_be(keysize, p); } //Seq 4 @@ -517,8 +516,7 @@ uint16_t asn1_build_prkd_generic(const uint8_t *label, if (key_type & PICO_KEYS_KEY_EC || key_type & PICO_KEYS_KEY_RSA) { *p++ = 0x2; p += format_tlv_len(2, p); - put_uint16_t_be(keysize, p); - p += 2; + p += put_uint16_t_be(keysize, p); } return (uint16_t)(p - buf); } diff --git a/src/hsm/kek.c b/src/hsm/kek.c index 2aeb62a..db02214 100644 --- a/src/hsm/kek.c +++ b/src/hsm/kek.c @@ -341,15 +341,15 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1 } mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx; kb_len = 0; - put_uint16_t_be((uint16_t)mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len); kb_len += 2; + kb_len += put_uint16_t_be((uint16_t)mbedtls_rsa_get_len(rsa) * 8, kb + 8 + kb_len); - put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len); kb_len += 2; + kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->D), kb + 8 + kb_len); mbedtls_mpi_write_binary(&rsa->D, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->D)); kb_len += (uint16_t)mbedtls_mpi_size(&rsa->D); - put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len); kb_len += 2; + kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->N), kb + 8 + kb_len); mbedtls_mpi_write_binary(&rsa->N, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->N)); kb_len += (uint16_t)mbedtls_mpi_size(&rsa->N); - put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len); kb_len += 2; + kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&rsa->E), kb + 8 + kb_len); mbedtls_mpi_write_binary(&rsa->E, kb + 8 + kb_len, mbedtls_mpi_size(&rsa->E)); kb_len += (uint16_t)mbedtls_mpi_size(&rsa->E); @@ -362,32 +362,32 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1 } mbedtls_ecdsa_context *ecdsa = (mbedtls_ecdsa_context *) key_ctx; kb_len = 0; - put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len); kb_len += 2; - put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len); kb_len += 2; + kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P) * 8, kb + 8 + kb_len); + kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.A), kb + 8 + kb_len); mbedtls_mpi_write_binary(&ecdsa->grp.A, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.A)); kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.A); - put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len); kb_len += 2; + kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.B), kb + 8 + kb_len); mbedtls_mpi_write_binary(&ecdsa->grp.B, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.B)); kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.B); - put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len); kb_len += 2; + kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.P), kb + 8 + kb_len); mbedtls_mpi_write_binary(&ecdsa->grp.P, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.P)); kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.P); - put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len); kb_len += 2; + kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->grp.N), kb + 8 + kb_len); mbedtls_mpi_write_binary(&ecdsa->grp.N, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->grp.N)); kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->grp.N); size_t olen = 0; mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->grp.G, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2); - put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len); - kb_len += 2 + (uint16_t)olen; + kb_len += put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len); + kb_len += (uint16_t)olen; - put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); kb_len += 2; + kb_len += put_uint16_t_be((uint16_t)mbedtls_mpi_size(&ecdsa->d), kb + 8 + kb_len); mbedtls_mpi_write_binary(&ecdsa->d, kb + 8 + kb_len, mbedtls_mpi_size(&ecdsa->d)); kb_len += (uint16_t)mbedtls_mpi_size(&ecdsa->d); mbedtls_ecp_point_write_binary(&ecdsa->grp, &ecdsa->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, kb + 8 + kb_len + 2, sizeof(kb) - 8 - kb_len - 2); - put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len); - kb_len += 2 + (uint16_t)olen; + kb_len += put_uint16_t_be((uint16_t)olen, kb + 8 + kb_len); + kb_len += (uint16_t)olen; algo = (uint8_t *) "\x00\x0A\x04\x00\x7F\x00\x07\x02\x02\x02\x02\x03"; algo_len = 12; @@ -418,7 +418,7 @@ int dkek_encode_key(uint8_t id, void *key_ctx, int key_type, uint8_t *out, uint1 } if (allowed && allowed_len > 0) { - put_uint16_t_be(allowed_len, out + *out_len); *out_len += 2; + *out_len += put_uint16_t_be(allowed_len, out + *out_len); memcpy(out + *out_len, allowed, allowed_len); *out_len += allowed_len; } @@ -526,21 +526,21 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le uint16_t ofs = 9; //OID - uint16_t len = get_uint16_t_be(in, ofs); + uint16_t len = get_uint16_t_be(in + ofs); ofs += len + 2; //Allowed algorithms - len = get_uint16_t_be(in, ofs); + len = get_uint16_t_be(in + ofs); *allowed = (uint8_t *) (in + ofs + 2); *allowed_len = len; ofs += len + 2; //Access conditions - len = get_uint16_t_be(in, ofs); + len = get_uint16_t_be(in + ofs); ofs += len + 2; //Key OID - len = get_uint16_t_be(in, ofs); + len = get_uint16_t_be(in + ofs); ofs += len + 2; if ((in_len - 16 - ofs) % 16 != 0) { @@ -554,7 +554,7 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le return r; } - int key_size = get_uint16_t_be(kb, 8); + int key_size = get_uint16_t_be(kb + 8); if (key_size_out) { *key_size_out = key_size; } @@ -563,14 +563,14 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) key_ctx; mbedtls_rsa_init(rsa); if (key_type == 5) { - len = get_uint16_t_be(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb + ofs); ofs += 2; r = mbedtls_mpi_read_binary(&rsa->D, kb + ofs, len); ofs += len; if (r != 0) { mbedtls_rsa_free(rsa); return PICOKEY_WRONG_DATA; } - len = get_uint16_t_be(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb + ofs); ofs += 2; r = mbedtls_mpi_read_binary(&rsa->N, kb + ofs, len); ofs += len; if (r != 0) { mbedtls_rsa_free(rsa); @@ -579,12 +579,12 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le } else if (key_type == 6) { //DP-1 - len = get_uint16_t_be(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb + ofs); ofs += len + 2; //DQ-1 - len = get_uint16_t_be(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb + ofs); ofs += len + 2; - len = get_uint16_t_be(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb + ofs); ofs += 2; r = mbedtls_mpi_read_binary(&rsa->P, kb + ofs, len); ofs += len; if (r != 0) { mbedtls_rsa_free(rsa); @@ -592,19 +592,19 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le } //PQ - len = get_uint16_t_be(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb + ofs); ofs += len + 2; - len = get_uint16_t_be(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb + ofs); ofs += 2; r = mbedtls_mpi_read_binary(&rsa->Q, kb + ofs, len); ofs += len; if (r != 0) { mbedtls_rsa_free(rsa); return PICOKEY_WRONG_DATA; } //N - len = get_uint16_t_be(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb + ofs); ofs += len + 2; } - len = get_uint16_t_be(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb + ofs); ofs += 2; r = mbedtls_mpi_read_binary(&rsa->E, kb + ofs, len); ofs += len; if (r != 0) { mbedtls_rsa_free(rsa); @@ -642,13 +642,13 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le mbedtls_ecdsa_init(ecdsa); //A - len = get_uint16_t_be(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb + ofs); ofs += len + 2; //B - len = get_uint16_t_be(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb + ofs); ofs += len + 2; //P - len = get_uint16_t_be(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb + ofs); ofs += 2; mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(kb + ofs, len); if (ec_id == MBEDTLS_ECP_DP_NONE) { mbedtls_ecdsa_free(ecdsa); @@ -657,13 +657,13 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le ofs += len; //N - len = get_uint16_t_be(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb + ofs); ofs += len + 2; //G - len = get_uint16_t_be(kb, ofs); ofs += len + 2; + len = get_uint16_t_be(kb + ofs); ofs += len + 2; //d - len = get_uint16_t_be(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb + ofs); ofs += 2; r = mbedtls_ecp_read_key(ec_id, ecdsa, kb + ofs, len); if (r != 0) { mbedtls_ecdsa_free(ecdsa); @@ -672,7 +672,7 @@ int dkek_decode_key(uint8_t id, void *key_ctx, const uint8_t *in, uint16_t in_le ofs += len; //Q - len = get_uint16_t_be(kb, ofs); ofs += 2; + len = get_uint16_t_be(kb + ofs); ofs += 2; r = mbedtls_ecp_point_read_binary(&ecdsa->grp, &ecdsa->Q, kb + ofs, len); if (r != 0) { r = mbedtls_ecp_mul(&ecdsa->grp, &ecdsa->Q, &ecdsa->d, &ecdsa->grp.G, random_gen, NULL); diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index a0bb47c..9ef933e 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -269,7 +269,7 @@ int sc_hsm_unload() { uint16_t get_device_options() { file_t *ef = search_file(EF_DEVOPS); if (file_has_data(ef)) { - return (file_read_uint8(ef) << 8) | file_read_uint8_offset(ef, 1); + return get_uint16_t_be(file_get_data(ef)); } return 0x0; } @@ -462,7 +462,7 @@ uint32_t get_key_counter(file_t *fkey) { uint16_t tag_len = 0; const uint8_t *meta_tag = get_meta_tag(fkey, 0x90, &tag_len); if (meta_tag) { - return (meta_tag[0] << 24) | (meta_tag[1] << 16) | (meta_tag[2] << 8) | meta_tag[3]; + return get_uint32_t_be(meta_tag); } return 0xffffffff; } @@ -498,8 +498,7 @@ uint32_t decrement_key_counter(file_t *fkey) { asn1_ctx_init(meta_data, meta_size, &ctxi); while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) { if (tag == 0x90) { // ofset tag - uint32_t val = - (tag_data[0] << 24) | (tag_data[1] << 16) | (tag_data[2] << 8) | tag_data[3]; + uint32_t val = get_uint32_t_be(tag_data); val--; put_uint32_t_be(val, tag_data); int r = meta_add(fkey->fid, cmeta, (uint16_t)meta_size);