diff --git a/aes_cmac/aes.c b/aes_cmac/aes.c index cf9fbdbe..1f5b7454 100644 --- a/aes_cmac/aes.c +++ b/aes_cmac/aes.c @@ -254,7 +254,7 @@ static int aes_encrypt_ex(const EVP_CIPHER *cipher, const uint8_t *in, uint32_t #endif -int aes_set_key(const uint8_t *key, uint16_t key_len, unsigned char key_algo, aes_context *ctx) { +int aes_set_key(const uint8_t *key, uint32_t key_len, unsigned char key_algo, aes_context *ctx) { #ifdef _WIN32 NTSTATUS status = STATUS_SUCCESS; @@ -410,8 +410,8 @@ uint32_t aes_blocksize(aes_context *key) { #endif } -int aes_add_padding(uint8_t *in, uint16_t max_len, uint16_t *len) { - uint16_t new_len = *len; +int aes_add_padding(uint8_t *in, uint32_t max_len, uint32_t *len) { + uint32_t new_len = *len; if (in) { if (new_len >= max_len) { @@ -435,7 +435,7 @@ int aes_add_padding(uint8_t *in, uint16_t max_len, uint16_t *len) { return 0; } -void aes_remove_padding(uint8_t *in, uint16_t *len) { +void aes_remove_padding(uint8_t *in, uint32_t *len) { while ((*len) > 1 && in[(*len) - 1] == 0) { (*len)--; diff --git a/aes_cmac/aes.h b/aes_cmac/aes.h index 3e777d3d..83a7a725 100644 --- a/aes_cmac/aes.h +++ b/aes_cmac/aes.h @@ -71,7 +71,7 @@ typedef struct { #define YH_INTERNAL #endif -int YH_INTERNAL aes_set_key(const uint8_t *key, uint16_t key_len, unsigned char key_algo, +int YH_INTERNAL aes_set_key(const uint8_t *key, uint32_t key_len, unsigned char key_algo, aes_context *ctx); int YH_INTERNAL @@ -85,8 +85,8 @@ int YH_INTERNAL aes_cbc_decrypt(const uint8_t *in, uint32_t in_len, uint8_t *out const uint8_t *iv, uint32_t iv_len, aes_context *ctx); uint32_t YH_INTERNAL aes_blocksize(aes_context *key); -int YH_INTERNAL aes_add_padding(uint8_t *in, uint16_t max_len, uint16_t *len); -void YH_INTERNAL aes_remove_padding(uint8_t *in, uint16_t *len); +int YH_INTERNAL aes_add_padding(uint8_t *in, uint32_t max_len, uint32_t *len); +void YH_INTERNAL aes_remove_padding(uint8_t *in, uint32_t *len); int YH_INTERNAL aes_destroy(aes_context *ctx); diff --git a/aes_cmac/aes_cmac.c b/aes_cmac/aes_cmac.c index 77d98400..d7f835bc 100644 --- a/aes_cmac/aes_cmac.c +++ b/aes_cmac/aes_cmac.c @@ -74,7 +74,7 @@ static void cmac_generate_subkey(const uint8_t *key, uint8_t *subkey) { } int aes_cmac_encrypt(aes_cmac_context_t *ctx, const uint8_t *message, - const uint16_t message_len, uint8_t *mac) { + const uint32_t message_len, uint8_t *mac) { uint8_t M[AES_BLOCK_SIZE] = {0}; const uint8_t *ptr = message; @@ -87,7 +87,7 @@ int aes_cmac_encrypt(aes_cmac_context_t *ctx, const uint8_t *message, else n_blocks = (message_len + (AES_BLOCK_SIZE - 1)) / AES_BLOCK_SIZE - 1; - int out_len = AES_BLOCK_SIZE; + uint32_t out_len = AES_BLOCK_SIZE; for (uint8_t i = 0; i < n_blocks; i++) { int rc = aes_cbc_encrypt(ptr, AES_BLOCK_SIZE, mac, &out_len, mac, AES_BLOCK_SIZE, ctx->aes_ctx); if (rc) { @@ -121,7 +121,7 @@ int aes_cmac_init(aes_context *aes_ctx, aes_cmac_context_t *ctx) { ctx->aes_ctx = aes_ctx; - int out_len = AES_BLOCK_SIZE; + uint32_t out_len = AES_BLOCK_SIZE; int rc = aes_encrypt(zero, AES_BLOCK_SIZE, L, &out_len, ctx->aes_ctx); if (rc) { return rc; diff --git a/aes_cmac/aes_cmac.h b/aes_cmac/aes_cmac.h index 48d2afe2..82c47a46 100644 --- a/aes_cmac/aes_cmac.h +++ b/aes_cmac/aes_cmac.h @@ -48,7 +48,7 @@ typedef struct { int YH_INTERNAL aes_cmac_init(aes_context *aes_ctx, aes_cmac_context_t *ctx); int YH_INTERNAL aes_cmac_encrypt(aes_cmac_context_t *ctx, const uint8_t *message, - const uint16_t message_len, uint8_t *mac); + const uint32_t message_len, uint8_t *mac); void YH_INTERNAL aes_cmac_destroy(aes_cmac_context_t *ctx); #endif //YUBICO_PIV_TOOL_AES_CMAC_H diff --git a/lib/scp11_util.c b/lib/scp11_util.c index 03d478fc..f641ad7e 100644 --- a/lib/scp11_util.c +++ b/lib/scp11_util.c @@ -41,7 +41,7 @@ #include #endif -static ykpiv_rc compute_full_mac_ex(const uint8_t *data, uint16_t data_len, +static ykpiv_rc compute_full_mac_ex(const uint8_t *data, uint32_t data_len, aes_context *aes_ctx, uint8_t *mac) { aes_cmac_context_t ctx = {0}; @@ -62,8 +62,8 @@ static ykpiv_rc compute_full_mac_ex(const uint8_t *data, uint16_t data_len, return YKPIV_OK; } -static ykpiv_rc compute_full_mac(const uint8_t *data, uint16_t data_len, - const uint8_t *key, uint16_t key_len, +static ykpiv_rc compute_full_mac(const uint8_t *data, uint32_t data_len, + const uint8_t *key, uint32_t key_len, uint8_t *mac) { aes_context aes_ctx = {0}; @@ -78,7 +78,7 @@ static ykpiv_rc compute_full_mac(const uint8_t *data, uint16_t data_len, return rc; } -ykpiv_rc scp11_mac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, size_t data_len, uint8_t *mac_out) { +ykpiv_rc scp11_mac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, uint32_t data_len, uint8_t *mac_out) { int res; if(mac_chain) { uint8_t buf[YKPIV_OBJ_MAX_SIZE] = {0}; @@ -92,7 +92,7 @@ ykpiv_rc scp11_mac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, size_t return res; } -ykpiv_rc scp11_unmac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, size_t data_len, uint16_t sw) { +ykpiv_rc scp11_unmac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, uint32_t data_len, uint16_t sw) { uint8_t resp[YKPIV_OBJ_MAX_SIZE] = {0}; memcpy(resp, data, (data_len - SCP11_HALF_MAC_LEN)); @@ -121,7 +121,7 @@ static ykpiv_rc get_iv(aes_context *key, uint32_t counter, uint8_t *iv, bool dec uint32_t c = htonl(counter); memcpy(iv_data + AES_BLOCK_SIZE - sizeof(int), &c, sizeof(int)); - int len = AES_BLOCK_SIZE; + uint32_t len = AES_BLOCK_SIZE; int drc = aes_encrypt(iv_data, sizeof(iv_data), iv, &len, key); if (drc) { DBG("%s: cipher_encrypt: %d", ykpiv_strerror(YKPIV_KEY_ERROR), drc); @@ -131,7 +131,7 @@ static ykpiv_rc get_iv(aes_context *key, uint32_t counter, uint8_t *iv, bool dec } ykpiv_rc -scp11_encrypt_data(uint8_t *key, uint32_t counter, const uint8_t *data, size_t data_len, uint8_t *enc, size_t *enc_len) { +scp11_encrypt_data(uint8_t *key, uint32_t counter, const uint8_t *data, uint32_t data_len, uint8_t *enc, uint32_t *enc_len) { ykpiv_rc rc; aes_context enc_key = {0}; int drc = aes_set_key(key, SCP11_SESSION_KEY_LEN, YKPIV_ALGO_AES128, &enc_key); @@ -150,13 +150,13 @@ scp11_encrypt_data(uint8_t *key, uint32_t counter, const uint8_t *data, size_t d size_t pad_len = AES_BLOCK_SIZE - (data_len % AES_BLOCK_SIZE); uint8_t padded[YKPIV_OBJ_MAX_SIZE] = {0}; memcpy(padded, data, data_len); - if((drc = aes_add_padding(padded, data_len + pad_len, (uint16_t *) &data_len)) != 0) { + if((drc = aes_add_padding(padded, data_len + pad_len, &data_len)) != 0) { DBG("%s: aes_add_padding: %d", ykpiv_strerror(YKPIV_MEMORY_ERROR), drc); rc = YKPIV_MEMORY_ERROR; goto enc_clean; } - if ((drc = aes_cbc_encrypt(padded, data_len, enc, (uint32_t *) enc_len, iv, AES_BLOCK_SIZE, &enc_key)) != 0) { + if ((drc = aes_cbc_encrypt(padded, data_len, enc, enc_len, iv, AES_BLOCK_SIZE, &enc_key)) != 0) { DBG("%s: cipher_encrypt: %d", ykpiv_strerror(YKPIV_KEY_ERROR), drc); rc = YKPIV_KEY_ERROR; goto enc_clean; @@ -168,7 +168,7 @@ scp11_encrypt_data(uint8_t *key, uint32_t counter, const uint8_t *data, size_t d } ykpiv_rc -scp11_decrypt_data(uint8_t *key, uint32_t counter, uint8_t *enc, size_t enc_len, uint8_t *data, size_t *data_len) { +scp11_decrypt_data(uint8_t *key, uint32_t counter, uint8_t *enc, uint32_t enc_len, uint8_t *data, uint32_t *data_len) { if(enc_len <= 0) { DBG("No data to decrypt"); *data_len = 0; @@ -190,14 +190,14 @@ scp11_decrypt_data(uint8_t *key, uint32_t counter, uint8_t *enc, size_t enc_len, goto aes_dec_clean; } - drc = aes_cbc_decrypt(enc, enc_len, data, (uint32_t *) data_len, iv, AES_BLOCK_SIZE, &dec_key); + drc = aes_cbc_decrypt(enc, enc_len, data, data_len, iv, AES_BLOCK_SIZE, &dec_key); if (drc) { DBG("%s: cipher_decrypt: %d", ykpiv_strerror(YKPIV_KEY_ERROR), drc); rc = YKPIV_KEY_ERROR; goto aes_dec_clean; } - aes_remove_padding(data, (uint16_t *) data_len); + aes_remove_padding(data, data_len); aes_dec_clean: aes_destroy(&dec_key); diff --git a/lib/scp11_util.h b/lib/scp11_util.h index 30eecad2..d91190ad 100644 --- a/lib/scp11_util.h +++ b/lib/scp11_util.h @@ -33,15 +33,15 @@ #include "ykpiv.h" -ykpiv_rc scp11_mac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, size_t data_len, uint8_t *mac_out); +ykpiv_rc scp11_mac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, uint32_t data_len, uint8_t *mac_out); -ykpiv_rc scp11_unmac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, size_t data_len, uint16_t sw); +ykpiv_rc scp11_unmac_data(uint8_t *key, uint8_t *mac_chain, uint8_t *data, uint32_t data_len, uint16_t sw); ykpiv_rc -scp11_encrypt_data(uint8_t *key, uint32_t counter, const uint8_t *data, size_t data_len, uint8_t *enc, size_t *enc_len); +scp11_encrypt_data(uint8_t *key, uint32_t counter, const uint8_t *data, uint32_t data_len, uint8_t *enc, uint32_t *enc_len); ykpiv_rc -scp11_decrypt_data(uint8_t *key, uint32_t counter, uint8_t *enc, size_t enc_len, uint8_t *data, size_t *data_len); +scp11_decrypt_data(uint8_t *key, uint32_t counter, uint8_t *enc, uint32_t enc_len, uint8_t *data, uint32_t *data_len); #endif //YUBICO_PIV_TOOL_AES_UTIL_H diff --git a/lib/tests/aes.c b/lib/tests/aes.c index 0e91223e..b2a25dd9 100644 --- a/lib/tests/aes.c +++ b/lib/tests/aes.c @@ -87,9 +87,9 @@ struct mac_test_data { static int -encryption(uint8_t *key, uint8_t counter, uint8_t *plaintext, size_t plaintext_len, uint8_t *enc, size_t enc_len) { +encryption(uint8_t *key, uint8_t counter, uint8_t *plaintext, uint32_t plaintext_len, uint8_t *enc, size_t enc_len) { uint8_t e[255] = {0}; - size_t e_len = sizeof(e); + uint32_t e_len = sizeof(e); ykpiv_rc rc = scp11_encrypt_data(key, counter, plaintext, plaintext_len, e, &e_len); ck_assert(rc == YKPIV_OK); @@ -98,9 +98,9 @@ encryption(uint8_t *key, uint8_t counter, uint8_t *plaintext, size_t plaintext_l return EXIT_SUCCESS; } -static int decryption(uint8_t *key, uint8_t counter, uint8_t *enc, size_t enc_len, uint8_t *dec, size_t dec_len) { +static int decryption(uint8_t *key, uint8_t counter, uint8_t *enc, uint32_t enc_len, uint8_t *dec, size_t dec_len) { uint8_t d[255] = {0}; - size_t d_len = sizeof(d); + uint32_t d_len = sizeof(d); ykpiv_rc rc = scp11_decrypt_data(key, counter, enc, enc_len, d, &d_len); ck_assert(rc == YKPIV_OK); @@ -109,7 +109,7 @@ static int decryption(uint8_t *key, uint8_t counter, uint8_t *enc, size_t enc_le return EXIT_SUCCESS; } -static int mac(uint8_t *mac_key, uint8_t *mac_chain, uint8_t *data, size_t data_len, uint8_t *mac) { +static int mac(uint8_t *mac_key, uint8_t *mac_chain, uint8_t *data, uint32_t data_len, uint8_t *mac) { uint8_t m[255] = {0}; ykpiv_rc rc = scp11_mac_data(mac_key, mac_chain, data, data_len, m); diff --git a/lib/tests/api.c b/lib/tests/api.c index 2d5daeb4..d425c6c7 100644 --- a/lib/tests/api.c +++ b/lib/tests/api.c @@ -703,7 +703,7 @@ static void test_authenticate_helper(bool full) { res = ykpiv_auth_getchallenge(g_state, &metadata, data, &data_len); ck_assert_int_eq(res, YKPIV_OK); - crc = aes_set_key(key, key_len, YKPIV_ALGO_3DES, &cipher); + crc = aes_set_key(key, (uint32_t) key_len, YKPIV_ALGO_3DES, &cipher); ck_assert_int_eq(crc, 0); uint32_t cipher_len = (uint32_t)data_len; crc = aes_encrypt(data, cipher_len, data, &cipher_len, &cipher); diff --git a/lib/ykpiv.c b/lib/ykpiv.c index c40e0201..5ca18f44 100644 --- a/lib/ykpiv.c +++ b/lib/ykpiv.c @@ -641,9 +641,9 @@ static ykpiv_rc scp11_internal_authenticate(ykpiv_state *state, uint8_t *data, s } static ykpiv_rc -scp11_verify_channel(uint8_t *verification_key, uint8_t *receipt, uint8_t *apdu_data, size_t apdu_data_len, +scp11_verify_channel(uint8_t *verification_key, uint8_t *receipt, uint8_t *apdu_data, uint32_t apdu_data_len, uint8_t *epubkey_sd, size_t epubkey_sd_len) { - size_t ka_data_len = apdu_data_len + epubkey_sd_len + 3; + uint32_t ka_data_len = apdu_data_len + epubkey_sd_len + 3; uint8_t *ka_data = malloc(ka_data_len); if (!ka_data) { DBG("Failed to allocate memory for key agreement data"); @@ -1249,10 +1249,10 @@ static ykpiv_rc _ykpiv_transmit(ykpiv_state *state, const unsigned char *send_da return YKPIV_OK; } -static ykpiv_rc scp11_prepare_transfer(ykpiv_scp11_state *state, APDU *apdu, const uint8_t *apdu_data, size_t apdu_data_len, size_t *apdu_len) { +static ykpiv_rc scp11_prepare_transfer(ykpiv_scp11_state *state, APDU *apdu, const uint8_t *apdu_data, uint32_t apdu_data_len, size_t *apdu_len) { ykpiv_rc rc = YKPIV_OK; uint8_t enc[YKPIV_OBJ_MAX_SIZE] = {0}; - size_t enc_len = sizeof(enc); + uint32_t enc_len = sizeof(enc); if ((rc = scp11_encrypt_data(state->senc, state->enc_counter++, apdu_data, apdu_data_len, enc, &enc_len)) != YKPIV_OK) { @@ -1285,7 +1285,7 @@ static ykpiv_rc scp11_prepare_transfer(ykpiv_scp11_state *state, APDU *apdu, con } static ykpiv_rc -scp11_decrypt_response(ykpiv_scp11_state *state, uint8_t *data, size_t data_len, uint8_t *dec, size_t *dec_len, +scp11_decrypt_response(ykpiv_scp11_state *state, uint8_t *data, uint32_t data_len, uint8_t *dec, uint32_t *dec_len, int sw) { if (data_len == 0) { DBG("No response data to decrypt"); @@ -1371,7 +1371,7 @@ ykpiv_rc _ykpiv_transfer_data(ykpiv_state *state, if (out_data) { if (state->scp11_state.security_level) { uint8_t dec[2048] = {0}; - size_t dec_len = sizeof(dec); + uint32_t dec_len = sizeof(dec); if ((res = scp11_decrypt_response(&state->scp11_state, data, recv_len, dec, &dec_len, *sw)) != YKPIV_OK) { return res; }