Check max message size against firmware version

Yubico · Aug 29, 2024 · 6ebecda · 6ebecda
1 parent f2aa63e
commit 6ebecda
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/lib/internal.h b/lib/internal.h
@@ -46,6 +46,10 @@ struct yh_connector {
   char address[32];
   uint32_t port;
   uint32_t pid;
+  uint8_t fw_version_major;
+  uint8_t fw_version_minor;
+  uint8_t fw_version_patch;
+
 };
 
 #ifndef __WIN32

diff --git a/lib/yubihsm.c b/lib/yubihsm.c
@@ -430,7 +430,13 @@ static yh_rc send_encrypted_msg(Scp_ctx *session, yh_cmd cmd,
   }
 
   // Outer command { cmd | cmd_len | sid | encrypted payload | mac }
-  if (3 + 1 + len + SCP_MAC_LEN > SCP_MSG_BUF_SIZE) {
+  int max_message_size = SCP_MSG_BUF_SIZE;
+  if(session->parent->fw_version_major < 2 ||
+     (session->parent->fw_version_major == 2 && session->parent->fw_version_minor < 4)) {
+    max_message_size = 2048;
+  }
+
+  if (3 + 1 + len + SCP_MAC_LEN > max_message_size) {
     DBG_ERR("%s: %u", yh_strerror(YHR_BUFFER_TOO_SMALL), 3 + 1 + len + SCP_MAC_LEN);
     return YHR_BUFFER_TOO_SMALL;
   }
@@ -4815,6 +4821,10 @@ yh_rc yh_connect(yh_connector *connector, int timeout) {
     DBG_ERR("Failed when connecting: %s", yh_strerror(rc));
   }
 
+  yh_util_get_device_info(connector, &connector->fw_version_major,
+                          &connector->fw_version_minor, &connector->fw_version_patch,
+                          NULL, NULL, NULL, NULL, NULL);
+
   return rc;
 }