Skip to content

Commit

Permalink
SCP11: Increase buffer sizes
Browse files Browse the repository at this point in the history
  • Loading branch information
@aveenismail
aveenismail committed Nov 22, 2024
1 parent 488f0cb commit d29aa35
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 9 deletions.
4 changes: 2 additions & 2 deletions lib/internal.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,9 +200,9 @@ union u_APDU {
unsigned char p1;
unsigned char p2;
unsigned char lc;
unsigned char data[0x100]; // Max 255 bytes + Le
unsigned char data[YKPIV_OBJ_MAX_SIZE - 6]; // Max message bytes - apdu len - Le
} st;
unsigned char raw[0x100 + 5];
unsigned char raw[YKPIV_OBJ_MAX_SIZE]; // Max message size the yubikey can receive
};

typedef union u_APDU APDU;
Expand Down
6 changes: 1 addition & 5 deletions lib/ykpiv.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1705,7 +1705,7 @@ static ykpiv_rc _general_authenticate(ykpiv_state *state,
unsigned char algorithm, unsigned char key, bool decipher) {
unsigned char indata[YKPIV_OBJ_MAX_SIZE] = {0};
unsigned char *dataptr = indata;
unsigned char data[2048] = {0};
unsigned char data[4096] = {0};
unsigned char templ[] = {0, YKPIV_INS_AUTHENTICATE, algorithm, key};
unsigned long recv_len = sizeof(data);
size_t key_len = 0;
Expand Down Expand Up @@ -2618,7 +2618,6 @@ ykpiv_rc ykpiv_import_private_key(ykpiv_state *state, const unsigned char key, u
}

ykpiv_rc ykpiv_attest(ykpiv_state *state, const unsigned char key, unsigned char *data, size_t *data_len) {
fprintf(stderr, "------------------------- ykpiv_attest()\n");
ykpiv_rc res;
unsigned char templ[] = {0, YKPIV_INS_ATTEST, key, 0};
int sw = 0;
Expand All @@ -2631,14 +2630,11 @@ ykpiv_rc ykpiv_attest(ykpiv_state *state, const unsigned char key, unsigned char
ul_data_len = (unsigned long)*data_len;

if (YKPIV_OK != (res = _ykpiv_begin_transaction(state))) return res;
fprintf(stderr, "------------------------- _ykpiv_begin_transaction() OK\n");
if (YKPIV_OK != (res = _ykpiv_ensure_application_selected_ex(state, state->scp11_state.security_level == SCP11_KEY_USAGE))) goto Cleanup;
fprintf(stderr, "------------------------- _ykpiv_ensure_application_selected() OK\n");

if ((res = _ykpiv_transfer_data(state, templ, NULL, 0, data, &ul_data_len, &sw)) != YKPIV_OK) {
goto Cleanup;
}
fprintf(stderr, "------------------------- _ykpiv_transfer_data() OK\n");
res = ykpiv_translate_sw_ex(__FUNCTION__, sw);
if (res != YKPIV_OK) {
goto Cleanup;
Expand Down
4 changes: 2 additions & 2 deletions tool/yubico-piv-tool.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ static void print_version(ykpiv_state *state, const char *output_file_name) {
static bool sign_data(ykpiv_state *state, const unsigned char *in, size_t len, unsigned char *out,
size_t *out_len, unsigned char algorithm, int key) {

unsigned char signinput[1024] = {0};
unsigned char signinput[4096] = {0};
if(YKPIV_IS_RSA(algorithm)) {
size_t padlen = 0;
switch (algorithm) {
Expand Down Expand Up @@ -176,7 +176,7 @@ static int yk_rsa_meth_sign(int dtype, const unsigned char *m, unsigned int m_le
size_t yk_siglen = RSA_size(rsa);
const RSA_METHOD *meth = RSA_get_method(rsa);
const struct internal_key *key = RSA_meth_get0_app_data(meth);
unsigned char message[256] = {0};
unsigned char message[2048] = {0};

if(key->oid_len) {
memcpy(message, key->oid, key->oid_len);
Expand Down

0 comments on commit d29aa35

Please sign in to comment.