Code refactoring

Yubico · Nov 23, 2023 · 8b59c66 · 8b59c66
1 parent daf69b1
commit 8b59c66
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 45 deletions.
diff --git a/lib/util.c b/lib/util.c
@@ -36,6 +36,7 @@
 
 #include "internal.h"
 #include "ykpiv.h"
+#include "util.h"
 
 #define MAX(a,b) (a) > (b) ? (a) : (b)
 #define MIN(a,b) (a) < (b) ? (a) : (b)
@@ -1398,7 +1399,7 @@ uint32_t ykpiv_util_slot_object(uint8_t slot) {
    }
    ptr += offs;
 
-   if (buf[buf_len - 3]) { // This byte is set to 1 if certinfo is YKPIV_CERTINFO_GZIP
+   if (buf[buf_len - 3] == YKPIV_CERTINFO_GZIP) { // This byte is set to 1 if certinfo is YKPIV_CERTINFO_GZIP
      z_stream zs;
      zs.zalloc = Z_NULL;
      zs.zfree = Z_NULL;
@@ -1431,6 +1432,23 @@ uint32_t ykpiv_util_slot_object(uint8_t slot) {
    return YKPIV_OK;
 }
 
+void ykpiv_util_write_certdata(uint8_t *rawdata, size_t rawdata_len, uint8_t certinfo, uint8_t* certdata, unsigned long *certdata_len) {
+  size_t offset = 0;
+
+  unsigned long len_bytes = get_length_size(rawdata_len);
+  memmove(certdata + len_bytes + 1, rawdata, rawdata_len);
+
+  certdata[offset] = TAG_CERT;
+  offset += _ykpiv_set_length(certdata+offset, rawdata_len);
+  offset += rawdata_len;
+  certdata[offset++] = TAG_CERT_COMPRESS;
+  certdata[offset++] = 1;
+  certdata[offset++] = certinfo;
+  certdata[offset++] = TAG_CERT_LRC;
+  certdata[offset++] = 0;
+  *certdata_len = offset;
+}
+
  static ykpiv_rc _read_certificate(ykpiv_state *state, uint8_t slot, uint8_t *buf, size_t *buf_len) {
   ykpiv_rc res = YKPIV_OK;
   unsigned long ul_len = (unsigned long)*buf_len;
@@ -1495,17 +1513,7 @@ static ykpiv_rc _write_certificate(ykpiv_state *state, uint8_t slot, uint8_t *da
   if (req_len < data_len) return YKPIV_SIZE_ERROR; /* detect overflow of unsigned size_t */
   if (req_len > _obj_size_max(state)) return YKPIV_SIZE_ERROR; /* obj_size_max includes limits for TLV encoding */
 
-  buf[offset++] = TAG_CERT;
-  offset += _ykpiv_set_length(buf + offset, data_len);
-  memcpy(buf + offset, data, data_len);
-  offset += data_len;
-
-  // write compression info and LRC trailer
-  buf[offset++] = TAG_CERT_COMPRESS;
-  buf[offset++] = 0x01;
-  buf[offset++] = certinfo == YKPIV_CERTINFO_GZIP ? 0x01 : 0x00;
-  buf[offset++] = TAG_CERT_LRC;
-  buf[offset++] = 00;
+  ykpiv_util_write_certdata(data, data_len, certinfo, buf, &offset);
 
   // write onto device
   return _ykpiv_save_object(state, object_id, buf, offset);

diff --git a/lib/ykpiv.h b/lib/ykpiv.h
@@ -352,6 +352,18 @@ extern "C"
    * @return Error code
    */
   ykpiv_rc ykpiv_util_get_certdata(uint8_t *buf, size_t buf_len, uint8_t* certdata, unsigned long *certdata_len);
+
+  /**
+   * Construct cert data to store
+   *
+   * @param data Raw certificate data
+   * @param data_len Length of raw certificate data
+   * @param cert_info Type of certificate, tex compressed
+   * @param certdata Constructed certificate data
+   * @param certdata_len Length of constructed certificate data
+   */
+  void ykpiv_util_write_certdata(uint8_t *data, size_t data_len, uint8_t certinfo, uint8_t* certdata, unsigned long *certdata_len);
+
   /**
    * Write a certificate to a given slot
    *

diff --git a/ykcs11/token.c b/ykcs11/token.c
@@ -368,8 +368,9 @@ CK_RV token_generate_key(ykpiv_state *state, gen_info_t *gen, CK_BYTE key, CK_BY
   unsigned char *in_ptr = in_data;
   unsigned char data[1024] = {0};
   unsigned char templ[] = {0, YKPIV_INS_GENERATE_ASYMMETRIC, 0, 0};
-  unsigned char *certptr;
-  unsigned long len, len_bytes, offs, recv_len = sizeof(data);
+  uint8_t certdata[YKPIV_OBJ_MAX_SIZE + 16] = {0};
+  size_t certdata_len = sizeof(certdata);
+  unsigned long len, offs, recv_len = sizeof(data);
   char version[7] = {0};
   char label[32] = {0};
   ykpiv_rc res;
@@ -462,39 +463,27 @@ CK_RV token_generate_key(ykpiv_state *state, gen_info_t *gen, CK_BYTE key, CK_BY
   if(rv != CKR_OK)
     return rv;
 
-  len_bytes = get_length_size(recv_len);
+  ykpiv_util_write_certdata(data, recv_len, 0, certdata, &certdata_len);
 
-  certptr = data;
-  memmove(data + len_bytes + 1, data, recv_len);
-
-  *certptr++ = TAG_CERT;
-  certptr += set_length(certptr, recv_len);
-  certptr += recv_len;
-  *certptr++ = TAG_CERT_COMPRESS;
-  *certptr++ = 1;
-  *certptr++ = 0; /* certinfo (gzip etc) */
-  *certptr++ = TAG_CERT_LRC;
-  *certptr++ = 0;
-
-  if(*cert_len < (CK_ULONG)(certptr - data)) {
+  if(*cert_len < (CK_ULONG)certdata_len) {
     DBG("Certificate buffer too small.");
     return CKR_BUFFER_TOO_SMALL;
   }
 
   // Store the certificate into the token
-  if ((res = ykpiv_save_object(state, ykpiv_util_slot_object(key), data, certptr - data)) != YKPIV_OK)
+  if ((res = ykpiv_save_object(state, ykpiv_util_slot_object(key), certdata, certdata_len)) != YKPIV_OK)
     return yrc_to_rv(res);
 
-  memcpy(cert_data, data, certptr - data);
-  *cert_len = certptr - data;
+  memcpy(cert_data, data, (unsigned long) certdata_len);
+  *cert_len = certdata_len;
 
   return CKR_OK;
 }
 
 CK_RV token_import_cert(ykpiv_state *state, CK_ULONG cert_id, CK_BYTE_PTR in, CK_ULONG in_len) {
 
   unsigned char certdata[YKPIV_OBJ_MAX_SIZE + 16] = {0};
-  unsigned char *certptr;
+  size_t certdata_len = sizeof(certdata);
   CK_ULONG cert_len;
   ykpiv_rc res;
   CK_RV rv;
@@ -508,21 +497,10 @@ CK_RV token_import_cert(ykpiv_state *state, CK_ULONG cert_id, CK_BYTE_PTR in, CK
   if (cert_len > YKPIV_OBJ_MAX_SIZE)
     return CKR_FUNCTION_FAILED;
 
-  certptr = certdata;
-
-  *certptr++ = TAG_CERT;
-  certptr += set_length(certptr, cert_len);
-  memcpy(certptr, in, cert_len);
-  certptr += cert_len;
-
-  *certptr++ = TAG_CERT_COMPRESS;
-  *certptr++ = 1;
-  *certptr++ = 0; /* certinfo (gzip etc) */
-  *certptr++ = TAG_CERT_LRC;
-  *certptr++ = 0;
+  ykpiv_util_write_certdata(in, cert_len, 0, certdata, &certdata_len);
 
   // Store the certificate into the token
-  if ((res = ykpiv_save_object(state, cert_id, certdata, certptr - certdata)) != YKPIV_OK)
+  if ((res = ykpiv_save_object(state, cert_id, certdata, certdata_len)) != YKPIV_OK)
     return yrc_to_rv(res);
 
   return CKR_OK;