From a062b92dad9db4dddd0cfba4ff2e08ca420c28f2 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 24 May 2022 00:30:42 +0200 Subject: [PATCH] Replacing low level data access to high level routines. Signed-off-by: Pol Henarejos --- pico-ccid | 2 +- src/hsm/dkek.c | 8 +++---- src/hsm/sc_hsm.c | 62 ++++++++++++++++++++++++------------------------ 3 files changed, 36 insertions(+), 36 deletions(-) diff --git a/pico-ccid b/pico-ccid index d19429c..5e2fc08 160000 --- a/pico-ccid +++ b/pico-ccid @@ -1 +1 @@ -Subproject commit d19429cb84dd388c90594b32aa2557ea631249f9 +Subproject commit 5e2fc081f16ab31ec07dbb10035d01ef85fa8e44 diff --git a/src/hsm/dkek.c b/src/hsm/dkek.c index daa7fa2..8ec64f1 100644 --- a/src/hsm/dkek.c +++ b/src/hsm/dkek.c @@ -38,7 +38,7 @@ int load_dkek(uint8_t id, uint8_t *dkek) { file_t *tf = search_dynamic_file(EF_DKEK+id); if (!tf) return CCID_ERR_FILE_NOT_FOUND; - memcpy(dkek, file_read(tf->data+sizeof(uint16_t)), DKEK_SIZE); + memcpy(dkek, file_get_data(tf), DKEK_SIZE); int ret = aes_decrypt_cfb_256(session_pin, DKEK_IV(dkek), DKEK_KEY(dkek), DKEK_KEY_SIZE); if (ret != 0) return CCID_EXEC_ERROR; @@ -68,7 +68,7 @@ int save_dkek_key(uint8_t id, const uint8_t *key) { file_t *tf = search_dynamic_file(EF_DKEK+id); if (!tf) return CCID_ERR_FILE_NOT_FOUND; - memcpy(DKEK_KEY(dkek), file_read(tf->data+sizeof(uint16_t)), DKEK_KEY_SIZE); + memcpy(DKEK_KEY(dkek), file_get_data(tf), DKEK_KEY_SIZE); } else memcpy(DKEK_KEY(dkek), key, DKEK_KEY_SIZE); @@ -81,8 +81,8 @@ int import_dkek_share(uint8_t id, const uint8_t *share) { if (!tf) return CCID_ERR_FILE_NOT_FOUND; memset(tmp_dkek, 0, sizeof(tmp_dkek)); - if (tf->data && file_read_uint16(tf->data) == DKEK_KEY_SIZE) - memcpy(tmp_dkek, file_read(tf->data+sizeof(uint16_t)),DKEK_KEY_SIZE); + if (file_get_size(tf) == DKEK_KEY_SIZE) + memcpy(tmp_dkek, file_get_data(tf),DKEK_KEY_SIZE); for (int i = 0; i < DKEK_KEY_SIZE; i++) tmp_dkek[i] ^= share[i]; flash_write_data_to_file(tf, tmp_dkek, DKEK_KEY_SIZE); diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c index ace7ee9..8d691f3 100644 --- a/src/hsm/sc_hsm.c +++ b/src/hsm/sc_hsm.c @@ -184,7 +184,7 @@ void select_file(file_t *pe) { uint16_t get_device_options() { file_t *ef = search_by_fid(EF_DEVOPS, NULL, SPECIFY_EF); if (ef && ef->data) - return (file_read_uint8(ef->data+2) << 8) | file_read_uint8(ef->data+3); + return (file_read_uint8(file_get_data(ef)) << 8) | file_read_uint8(file_get_data(ef)+1); return 0x0; } @@ -466,14 +466,14 @@ static int cmd_read_binary() } } else { - uint16_t data_len = file_read_uint16(ef->data); + uint16_t data_len = file_get_size(ef); if (offset > data_len) return SW_WRONG_P1P2(); uint16_t maxle = data_len-offset; if (apdu.expected_res_size > maxle) apdu.expected_res_size = maxle; - memcpy(res_APDU, file_read(ef->data+2+offset), data_len-offset); + memcpy(res_APDU, file_get_data(ef)+offset, data_len-offset); res_APDU_size = data_len-offset; } } @@ -488,10 +488,10 @@ int pin_reset_retries(const file_t *pin, bool force) { const file_t *act = search_by_fid(pin->fid+2, NULL, SPECIFY_EF); if (!max || !act) return CCID_ERR_FILE_NOT_FOUND; - uint8_t retries = file_read_uint8(act->data+2); + uint8_t retries = file_read_uint8(file_get_data(act)); if (retries == 0 && force == false) //blocked return CCID_ERR_BLOCKED; - retries = file_read_uint8(max->data+2); + retries = file_read_uint8(file_get_data(max)); int r = flash_write_data_to_file((file_t *)act, &retries, sizeof(retries)); low_flash_available(); return r; @@ -503,7 +503,7 @@ int pin_wrong_retry(const file_t *pin) { const file_t *act = search_by_fid(pin->fid+2, NULL, SPECIFY_EF); if (!act) return CCID_ERR_FILE_NOT_FOUND; - uint8_t retries = file_read_uint8(act->data+2); + uint8_t retries = file_read_uint8(file_get_data(act)); if (retries > 0) { retries -= 1; int r = flash_write_data_to_file((file_t *)act, &retries, sizeof(retries)); @@ -536,9 +536,9 @@ int check_pin(const file_t *pin, const uint8_t *data, size_t len) { else { uint8_t dhash[32]; double_hash_pin(data, len, dhash); - if (sizeof(dhash) != file_read_uint16(pin->data)-1) //1 byte for pin len + if (sizeof(dhash) != file_get_size(pin)-1) //1 byte for pin len return SW_CONDITIONS_NOT_SATISFIED(); - if (memcmp(file_read(pin->data+3), dhash, sizeof(dhash)) != 0) { + if (memcmp(file_get_data(pin)+1, dhash, sizeof(dhash)) != 0) { int retries; if ((retries = pin_wrong_retry(pin)) < CCID_OK) return SW_PIN_BLOCKED(); @@ -570,28 +570,28 @@ static int cmd_verify() { uint16_t opts = get_device_options(); if (opts & HSM_OPT_TRANSPORT_PIN) return SW_DATA_INVALID(); - if (file_read_uint8(file_pin1->data+2) == 0) //not initialized + if (file_get_data(file_pin1) == 0) //not initialized return SW_REFERENCE_NOT_FOUND(); if (apdu.cmd_apdu_data_len > 0) { return check_pin(file_pin1, apdu.cmd_apdu_data, apdu.cmd_apdu_data_len); } - if (file_read_uint8(file_retries_pin1->data+2) == 0) + if (file_read_uint8(file_get_data(file_retries_pin1)) == 0) return SW_PIN_BLOCKED(); if (has_session_pin) return SW_OK(); - return set_res_sw(0x63, 0xc0 | file_read_uint8(file_retries_pin1->data+2)); + return set_res_sw(0x63, 0xc0 | file_read_uint8(file_get_data(file_retries_pin1))); } else if (p2 == 0x88) { //SOPin - if (file_read_uint8(file_sopin->data+2) == 0) //not initialized + if (file_read_uint8(file_get_data(file_sopin)) == 0) //not initialized return SW_REFERENCE_NOT_FOUND(); if (apdu.cmd_apdu_data_len > 0) { return check_pin(file_sopin, apdu.cmd_apdu_data, apdu.cmd_apdu_data_len); } - if (file_read_uint8(file_retries_sopin->data+2) == 0) + if (file_read_uint8(file_get_data(file_retries_sopin)) == 0) return SW_PIN_BLOCKED(); if (has_session_sopin) return SW_OK(); - return set_res_sw(0x63, 0xc0 | file_read_uint8(file_retries_sopin->data+2)); + return set_res_sw(0x63, 0xc0 | file_read_uint8(file_get_data(file_retries_sopin))); } else if (p2 == 0x85) { return SW_OK(); @@ -1224,7 +1224,7 @@ static int cmd_update_ef() { if (!ef->data) return SW_DATA_INVALID(); uint8_t *data_merge = (uint8_t *)calloc(1, offset+data_len); - memcpy(data_merge, file_read(ef->data+2), offset); + memcpy(data_merge, file_get_data(ef), offset); memcpy(data_merge+offset, data, data_len); int r = flash_write_data_to_file(ef, data_merge, offset+data_len); free(data_merge); @@ -1270,7 +1270,7 @@ static int cmd_change_pin() { if (!file_pin1->data) { return SW_REFERENCE_NOT_FOUND(); } - uint8_t pin_len = file_read_uint8(file_pin1->data+2); + uint8_t pin_len = file_read_uint8(file_get_data(file_pin1)); uint16_t r = check_pin(file_pin1, apdu.cmd_apdu_data, pin_len); uint8_t dkek[DKEK_SIZE]; if (r != 0x9000) @@ -1330,9 +1330,9 @@ int load_private_key_rsa(mbedtls_rsa_context *ctx, file_t *fkey) { if (wait_button() == true) //timeout return CCID_VERIFICATION_FAILED; - int key_size = file_read_uint16(fkey->data); + int key_size = file_get_size(fkey); uint8_t kdata[4096/8]; - memcpy(kdata, file_read(fkey->data+2), key_size); + memcpy(kdata, file_get_data(fkey), key_size); if (dkek_decrypt(0, kdata, key_size) != 0) { return CCID_EXEC_ERROR; } @@ -1367,9 +1367,9 @@ int load_private_key_ecdsa(mbedtls_ecdsa_context *ctx, file_t *fkey) { if (wait_button() == true) //timeout return CCID_VERIFICATION_FAILED; - int key_size = file_read_uint16(fkey->data); + int key_size = file_get_size(fkey); uint8_t kdata[67]; //Worst case, 521 bit + 1byte - memcpy(kdata, file_read(fkey->data+2), key_size); + memcpy(kdata, file_get_data(fkey), key_size); if (dkek_decrypt(0, kdata, key_size) != 0) { return CCID_EXEC_ERROR; } @@ -1391,7 +1391,7 @@ static int cmd_signature() { return SW_SECURITY_STATUS_NOT_SATISFIED(); if (!(fkey = search_dynamic_file((KEY_PREFIX << 8) | key_id)) || !fkey->data) return SW_FILE_NOT_FOUND(); - int key_size = file_read_uint16(fkey->data); + int key_size = file_get_size(fkey); if (p2 == ALGO_RSA_PKCS1_SHA1 || p2 == ALGO_RSA_PSS_SHA1 || p2 == ALGO_EC_SHA1) md = MBEDTLS_MD_SHA1; else if (p2 == ALGO_RSA_PKCS1_SHA256 || p2 == ALGO_RSA_PSS_SHA256 || p2 == ALGO_EC_SHA256) @@ -1541,7 +1541,7 @@ static int cmd_key_wrap() { file_t *prkd = search_dynamic_file((PRKD_PREFIX << 8) | key_id); if (!prkd) return SW_FILE_NOT_FOUND(); - const uint8_t *dprkd = file_read(prkd->data+2); + const uint8_t *dprkd = file_get_data(prkd); size_t wrap_len = MAX_DKEK_ENCODE_KEY_BUFFER; if (*dprkd == P15_KEYTYPE_RSA) { mbedtls_rsa_context ctx; @@ -1574,8 +1574,8 @@ static int cmd_key_wrap() { if (wait_button() == true) //timeout return SW_SECURE_MESSAGE_EXEC_ERROR(); - int key_size = file_read_uint16(ef->data), aes_type = HSM_KEY_AES; - memcpy(kdata, file_read(ef->data+2), key_size); + int key_size = file_get_size(ef), aes_type = HSM_KEY_AES; + memcpy(kdata, file_get_data(ef), key_size); if (dkek_decrypt(0, kdata, key_size) != 0) { return SW_EXEC_ERROR(); } @@ -1674,7 +1674,7 @@ static int cmd_decrypt_asym() { return SW_SECURE_MESSAGE_EXEC_ERROR(); return SW_EXEC_ERROR(); } - int key_size = file_read_uint16(ef->data); + int key_size = file_get_size(ef); if (apdu.cmd_apdu_data_len < key_size) //needs padding memset(apdu.cmd_apdu_data+apdu.cmd_apdu_data_len, 0, key_size-apdu.cmd_apdu_data_len); r = mbedtls_rsa_private(&ctx, random_gen, NULL, apdu.cmd_apdu_data, res_APDU); @@ -1689,9 +1689,9 @@ static int cmd_decrypt_asym() { mbedtls_ecdh_context ctx; if (wait_button() == true) //timeout return SW_SECURE_MESSAGE_EXEC_ERROR(); - int key_size = file_read_uint16(ef->data); + int key_size = file_get_size(ef); uint8_t *kdata = (uint8_t *)calloc(1,key_size); - memcpy(kdata, file_read(ef->data+2), key_size); + memcpy(kdata, file_get_data(ef), key_size); if (dkek_decrypt(0, kdata, key_size) != 0) { free(kdata); return SW_EXEC_ERROR(); @@ -1745,9 +1745,9 @@ static int cmd_cipher_sym() { } if (wait_button() == true) //timeout return SW_SECURE_MESSAGE_EXEC_ERROR(); - int key_size = file_read_uint16(ef->data); + int key_size = file_get_size(ef); uint8_t kdata[32]; //maximum AES key size - memcpy(kdata, file_read(ef->data+2), key_size); + memcpy(kdata, file_get_data(ef), key_size); if (dkek_decrypt(0, kdata, key_size) != 0) { return SW_EXEC_ERROR(); } @@ -1799,7 +1799,7 @@ static int cmd_cipher_sym() { res_APDU_size = 16; } else if (algo == ALGO_AES_DERIVE) { - int r = mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), NULL, 0, file_read(ef->data+2), key_size, apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, res_APDU, apdu.cmd_apdu_data_len); + int r = mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), NULL, 0, file_get_data(ef), key_size, apdu.cmd_apdu_data, apdu.cmd_apdu_data_len, res_APDU, apdu.cmd_apdu_data_len); if (r != 0) return SW_EXEC_ERROR(); res_APDU_size = apdu.cmd_apdu_data_len; @@ -1834,7 +1834,7 @@ static int cmd_derive_asym() { return SW_SECURITY_STATUS_NOT_SATISFIED(); if (!(fkey = search_dynamic_file((KEY_PREFIX << 8) | key_id)) || !fkey->data) return SW_FILE_NOT_FOUND(); - int key_size = file_read_uint16(fkey->data); + int key_size = file_get_size(fkey); if (apdu.cmd_apdu_data_len == 0) return SW_WRONG_LENGTH(); if (apdu.cmd_apdu_data[0] == ALGO_EC_DERIVE) {