Skip to content

Commit

Permalink
SCP11: Fix data types for big endian
Browse files Browse the repository at this point in the history
  • Loading branch information
aveenismail committed Dec 19, 2024
1 parent d78df9a commit 8fa9b65
Show file tree
Hide file tree
Showing 8 changed files with 33 additions and 33 deletions.
8 changes: 4 additions & 4 deletions aes_cmac/aes.c
Original file line number Diff line number Diff line change
Expand Up @@ -254,7 +254,7 @@ static int aes_encrypt_ex(const EVP_CIPHER *cipher, const uint8_t *in, uint32_t

#endif

int aes_set_key(const uint8_t *key, uint16_t key_len, unsigned char key_algo, aes_context *ctx) {
int aes_set_key(const uint8_t *key, uint32_t key_len, unsigned char key_algo, aes_context *ctx) {
#ifdef _WIN32
NTSTATUS status = STATUS_SUCCESS;

Expand Down Expand Up @@ -410,8 +410,8 @@ uint32_t aes_blocksize(aes_context *key) {
#endif
}

int aes_add_padding(uint8_t *in, uint16_t max_len, uint16_t *len) {
uint16_t new_len = *len;
int aes_add_padding(uint8_t *in, uint32_t max_len, uint32_t *len) {
uint32_t new_len = *len;

if (in) {
if (new_len >= max_len) {
Expand All @@ -435,7 +435,7 @@ int aes_add_padding(uint8_t *in, uint16_t max_len, uint16_t *len) {
return 0;
}

void aes_remove_padding(uint8_t *in, uint16_t *len) {
void aes_remove_padding(uint8_t *in, uint32_t *len) {

while ((*len) > 1 && in[(*len) - 1] == 0) {
(*len)--;
Expand Down
6 changes: 3 additions & 3 deletions aes_cmac/aes.h
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ typedef struct {
#define YH_INTERNAL
#endif

int YH_INTERNAL aes_set_key(const uint8_t *key, uint16_t key_len, unsigned char key_algo,
int YH_INTERNAL aes_set_key(const uint8_t *key, uint32_t key_len, unsigned char key_algo,
aes_context *ctx);

int YH_INTERNAL
Expand All @@ -85,8 +85,8 @@ int YH_INTERNAL aes_cbc_decrypt(const uint8_t *in, uint32_t in_len, uint8_t *out
const uint8_t *iv, uint32_t iv_len, aes_context *ctx);

uint32_t YH_INTERNAL aes_blocksize(aes_context *key);
int YH_INTERNAL aes_add_padding(uint8_t *in, uint16_t max_len, uint16_t *len);
void YH_INTERNAL aes_remove_padding(uint8_t *in, uint16_t *len);
int YH_INTERNAL aes_add_padding(uint8_t *in, uint32_t max_len, uint32_t *len);
void YH_INTERNAL aes_remove_padding(uint8_t *in, uint32_t *len);

int YH_INTERNAL aes_destroy(aes_context *ctx);

Expand Down
6 changes: 3 additions & 3 deletions aes_cmac/aes_cmac.c
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ static void cmac_generate_subkey(const uint8_t *key, uint8_t *subkey) {
}

int aes_cmac_encrypt(aes_cmac_context_t *ctx, const uint8_t *message,
const uint16_t message_len, uint8_t *mac) {
const uint32_t message_len, uint8_t *mac) {

uint8_t M[AES_BLOCK_SIZE] = {0};
const uint8_t *ptr = message;
Expand All @@ -87,7 +87,7 @@ int aes_cmac_encrypt(aes_cmac_context_t *ctx, const uint8_t *message,
else
n_blocks = (message_len + (AES_BLOCK_SIZE - 1)) / AES_BLOCK_SIZE - 1;

int out_len = AES_BLOCK_SIZE;
uint32_t out_len = AES_BLOCK_SIZE;
for (uint8_t i = 0; i < n_blocks; i++) {
int rc = aes_cbc_encrypt(ptr, AES_BLOCK_SIZE, mac, &out_len, mac, AES_BLOCK_SIZE, ctx->aes_ctx);
if (rc) {
Expand Down Expand Up @@ -121,7 +121,7 @@ int aes_cmac_init(aes_context *aes_ctx, aes_cmac_context_t *ctx) {

ctx->aes_ctx = aes_ctx;

int out_len = AES_BLOCK_SIZE;
uint32_t out_len = AES_BLOCK_SIZE;
int rc = aes_encrypt(zero, AES_BLOCK_SIZE, L, &out_len, ctx->aes_ctx);
if (rc) {
return rc;
Expand Down
2 changes: 1 addition & 1 deletion aes_cmac/aes_cmac.h
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ typedef struct {
int YH_INTERNAL aes_cmac_init(aes_context *aes_ctx, aes_cmac_context_t *ctx);
int YH_INTERNAL aes_cmac_encrypt(aes_cmac_context_t *ctx,
const uint8_t *message,
const uint16_t message_len, uint8_t *mac);
const uint32_t message_len, uint8_t *mac);
void YH_INTERNAL aes_cmac_destroy(aes_cmac_context_t *ctx);

#endif //YUBICO_PIV_TOOL_AES_CMAC_H
22 changes: 11 additions & 11 deletions lib/scp11_util.c
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@
#include <arpa/inet.h>
#endif

static ykpiv_rc compute_full_mac_ex(const uint8_t *data, uint16_t data_len,
static ykpiv_rc compute_full_mac_ex(const uint8_t *data, uint32_t data_len,
aes_context *aes_ctx, uint8_t *mac) {

aes_cmac_context_t ctx = {0};
Expand All @@ -62,8 +62,8 @@ static ykpiv_rc compute_full_mac_ex(const uint8_t *data, uint16_t data_len,
return YKPIV_OK;
}

static ykpiv_rc compute_full_mac(const uint8_t *data, uint16_t data_len,
const uint8_t *key, uint16_t key_len,
static ykpiv_rc compute_full_mac(const uint8_t *data, uint32_t data_len,
const uint8_t *key, uint32_t key_len,
uint8_t *mac) {

aes_context aes_ctx = {0};
Expand All @@ -78,7 +78,7 @@ static ykpiv_rc compute_full_mac(const uint8_t *data, uint16_t data_len,
return rc;
}

ykpiv_rc scp11_mac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, size_t data_len, uint8_t *mac_out) {
ykpiv_rc scp11_mac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, uint32_t data_len, uint8_t *mac_out) {
int res;
if(mac_chain) {
uint8_t buf[YKPIV_OBJ_MAX_SIZE] = {0};
Expand All @@ -92,7 +92,7 @@ ykpiv_rc scp11_mac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, size_t
return res;
}

ykpiv_rc scp11_unmac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, size_t data_len, uint16_t sw) {
ykpiv_rc scp11_unmac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, uint32_t data_len, uint16_t sw) {

uint8_t resp[YKPIV_OBJ_MAX_SIZE] = {0};
memcpy(resp, data, (data_len - SCP11_HALF_MAC_LEN));
Expand Down Expand Up @@ -131,7 +131,7 @@ static ykpiv_rc get_iv(aes_context *key, uint32_t counter, uint8_t *iv, bool dec
}

ykpiv_rc
scp11_encrypt_data(uint8_t *key, uint32_t counter, const uint8_t *data, size_t data_len, uint8_t *enc, size_t *enc_len) {
scp11_encrypt_data(uint8_t *key, uint32_t counter, const uint8_t *data, uint32_t data_len, uint8_t *enc, uint32_t *enc_len) {
ykpiv_rc rc;
aes_context enc_key = {0};
int drc = aes_set_key(key, SCP11_SESSION_KEY_LEN, YKPIV_ALGO_AES128, &enc_key);
Expand All @@ -150,13 +150,13 @@ scp11_encrypt_data(uint8_t *key, uint32_t counter, const uint8_t *data, size_t d
size_t pad_len = AES_BLOCK_SIZE - (data_len % AES_BLOCK_SIZE);
uint8_t padded[YKPIV_OBJ_MAX_SIZE] = {0};
memcpy(padded, data, data_len);
if((drc = aes_add_padding(padded, data_len + pad_len, (uint16_t *) &data_len)) != 0) {
if((drc = aes_add_padding(padded, data_len + pad_len, &data_len)) != 0) {
DBG("%s: aes_add_padding: %d", ykpiv_strerror(YKPIV_MEMORY_ERROR), drc);
rc = YKPIV_MEMORY_ERROR;
goto enc_clean;
}

if ((drc = aes_cbc_encrypt(padded, data_len, enc, (uint32_t *) enc_len, iv, AES_BLOCK_SIZE, &enc_key)) != 0) {
if ((drc = aes_cbc_encrypt(padded, data_len, enc, enc_len, iv, AES_BLOCK_SIZE, &enc_key)) != 0) {
DBG("%s: cipher_encrypt: %d", ykpiv_strerror(YKPIV_KEY_ERROR), drc);
rc = YKPIV_KEY_ERROR;
goto enc_clean;
Expand All @@ -168,7 +168,7 @@ scp11_encrypt_data(uint8_t *key, uint32_t counter, const uint8_t *data, size_t d
}

ykpiv_rc
scp11_decrypt_data(uint8_t *key, uint32_t counter, uint8_t *enc, size_t enc_len, uint8_t *data, size_t *data_len) {
scp11_decrypt_data(uint8_t *key, uint32_t counter, uint8_t *enc, uint32_t enc_len, uint8_t *data, uint32_t *data_len) {
if(enc_len <= 0) {
DBG("No data to decrypt");
*data_len = 0;
Expand All @@ -190,14 +190,14 @@ scp11_decrypt_data(uint8_t *key, uint32_t counter, uint8_t *enc, size_t enc_len,
goto aes_dec_clean;
}

drc = aes_cbc_decrypt(enc, enc_len, data, (uint32_t *) data_len, iv, AES_BLOCK_SIZE, &dec_key);
drc = aes_cbc_decrypt(enc, enc_len, data, data_len, iv, AES_BLOCK_SIZE, &dec_key);
if (drc) {
DBG("%s: cipher_decrypt: %d", ykpiv_strerror(YKPIV_KEY_ERROR), drc);
rc = YKPIV_KEY_ERROR;
goto aes_dec_clean;
}

aes_remove_padding(data, (uint16_t *) data_len);
aes_remove_padding(data, data_len);

aes_dec_clean:
aes_destroy(&dec_key);
Expand Down
8 changes: 4 additions & 4 deletions lib/scp11_util.h
Original file line number Diff line number Diff line change
Expand Up @@ -33,15 +33,15 @@

#include "ykpiv.h"

ykpiv_rc scp11_mac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, size_t data_len, uint8_t *mac_out);
ykpiv_rc scp11_mac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, uint32_t data_len, uint8_t *mac_out);

ykpiv_rc scp11_unmac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, size_t data_len, uint16_t sw);
ykpiv_rc scp11_unmac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, uint32_t data_len, uint16_t sw);

ykpiv_rc
scp11_encrypt_data(uint8_t *key, uint32_t counter, const uint8_t *data, size_t data_len, uint8_t *enc, size_t *enc_len);
scp11_encrypt_data(uint8_t *key, uint32_t counter, const uint8_t *data, uint32_t data_len, uint8_t *enc, uint32_t *enc_len);

ykpiv_rc
scp11_decrypt_data(uint8_t *key, uint32_t counter, uint8_t *enc, size_t enc_len, uint8_t *data, size_t *data_len);
scp11_decrypt_data(uint8_t *key, uint32_t counter, uint8_t *enc, uint32_t enc_len, uint8_t *data, uint32_t *data_len);


#endif //YUBICO_PIV_TOOL_AES_UTIL_H
6 changes: 3 additions & 3 deletions lib/tests/aes.c
Original file line number Diff line number Diff line change
Expand Up @@ -87,9 +87,9 @@ struct mac_test_data {


static int
encryption(uint8_t *key, uint8_t counter, uint8_t *plaintext, size_t plaintext_len, uint8_t *enc, size_t enc_len) {
encryption(uint8_t *key, uint8_t counter, uint8_t *plaintext, uint32_t plaintext_len, uint8_t *enc, size_t enc_len) {
uint8_t e[255] = {0};
size_t e_len = sizeof(e);
uint32_t e_len = sizeof(e);
ykpiv_rc rc = scp11_encrypt_data(key, counter, plaintext, plaintext_len, e, &e_len);

ck_assert(rc == YKPIV_OK);
Expand All @@ -100,7 +100,7 @@ encryption(uint8_t *key, uint8_t counter, uint8_t *plaintext, size_t plaintext_l

static int decryption(uint8_t *key, uint8_t counter, uint8_t *enc, size_t enc_len, uint8_t *dec, size_t dec_len) {
uint8_t d[255] = {0};
size_t d_len = sizeof(d);
uint32_t d_len = sizeof(d);
ykpiv_rc rc = scp11_decrypt_data(key, counter, enc, enc_len, d, &d_len);

ck_assert(rc == YKPIV_OK);
Expand Down
8 changes: 4 additions & 4 deletions lib/ykpiv.c
Original file line number Diff line number Diff line change
Expand Up @@ -1249,10 +1249,10 @@ static ykpiv_rc _ykpiv_transmit(ykpiv_state *state, const unsigned char *send_da
return YKPIV_OK;
}

static ykpiv_rc scp11_prepare_transfer(ykpiv_scp11_state *state, APDU *apdu, const uint8_t *apdu_data, size_t apdu_data_len, size_t *apdu_len) {
static ykpiv_rc scp11_prepare_transfer(ykpiv_scp11_state *state, APDU *apdu, const uint8_t *apdu_data, uint32_t apdu_data_len, size_t *apdu_len) {
ykpiv_rc rc = YKPIV_OK;
uint8_t enc[YKPIV_OBJ_MAX_SIZE] = {0};
size_t enc_len = sizeof(enc);
uint32_t enc_len = sizeof(enc);

if ((rc = scp11_encrypt_data(state->senc, state->enc_counter++, apdu_data, apdu_data_len, enc, &enc_len)) !=
YKPIV_OK) {
Expand Down Expand Up @@ -1285,7 +1285,7 @@ static ykpiv_rc scp11_prepare_transfer(ykpiv_scp11_state *state, APDU *apdu, con
}

static ykpiv_rc
scp11_decrypt_response(ykpiv_scp11_state *state, uint8_t *data, size_t data_len, uint8_t *dec, size_t *dec_len,
scp11_decrypt_response(ykpiv_scp11_state *state, uint8_t *data, uint32_t data_len, uint8_t *dec, uint32_t *dec_len,
int sw) {
if (data_len == 0) {
DBG("No response data to decrypt");
Expand Down Expand Up @@ -1371,7 +1371,7 @@ ykpiv_rc _ykpiv_transfer_data(ykpiv_state *state,
if (out_data) {
if (state->scp11_state.security_level) {
uint8_t dec[2048] = {0};
size_t dec_len = sizeof(dec);
uint32_t dec_len = sizeof(dec);
if ((res = scp11_decrypt_response(&state->scp11_state, data, recv_len, dec, &dec_len, *sw)) != YKPIV_OK) {
return res;
}
Expand Down

0 comments on commit 8fa9b65

Please sign in to comment.