Check max message size against firmware version

Yubico · Aug 29, 2024 · eaf9ebd · eaf9ebd
1 parent f2aa63e
commit eaf9ebd
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 10 deletions.
diff --git a/lib/internal.h b/lib/internal.h
@@ -46,6 +46,10 @@ struct yh_connector {
   char address[32];
   uint32_t port;
   uint32_t pid;
+  uint8_t fw_version_major;
+  uint8_t fw_version_minor;
+  uint8_t fw_version_patch;
+
 };
 
 #ifndef __WIN32

diff --git a/lib/tests/test_util.c b/lib/tests/test_util.c
@@ -35,21 +35,21 @@ static void test_status(void) {
     yh_connector c;
   } tests[] = {
     {"status=OK\nversion=1.2.3\n",
-     {NULL, NULL, NULL, {0}, {0}, true, 1, 2, 3, "", 0, 0}},
-    {"", {NULL, NULL, NULL, {0}, {0}, false, 0, 0, 0, "", 0, 0}},
-    {"foobar", {NULL, NULL, NULL, {0}, {0}, false, 0, 0, 0, "", 0, 0}},
-    {"\n\n\n\n\n\n", {NULL, NULL, NULL, {0}, {0}, false, 0, 0, 0, "", 0, 0}},
+     {NULL, NULL, NULL, {0}, {0}, true, 1, 2, 3, "", 0, 0, 0, 0, 0}},
+    {"", {NULL, NULL, NULL, {0}, {0}, false, 0, 0, 0, "", 0, 0, 0, 0, 0}},
+    {"foobar", {NULL, NULL, NULL, {0}, {0}, false, 0, 0, 0, "", 0, 0, 0, 0, 0}},
+    {"\n\n\n\n\n\n", {NULL, NULL, NULL, {0}, {0}, false, 0, 0, 0, "", 0, 0, 0, 0, 0}},
     {"status=NO_DEVICE\nserial=*\nversion=1.0.2\npid=412\naddress=\nport=12345",
-     {NULL, NULL, NULL, {0}, {0}, false, 1, 0, 2, "", 12345, 412}},
-    {"version=1.2", {NULL, NULL, NULL, {0}, {0}, false, 1, 2, 0, "", 0, 0}},
+     {NULL, NULL, NULL, {0}, {0}, false, 1, 0, 2, "", 12345, 412, 0, 0, 0}},
+    {"version=1.2", {NULL, NULL, NULL, {0}, {0}, false, 1, 2, 0, "", 0, 0, 0, 0, 0}},
     {"version=foobar",
-     {NULL, NULL, NULL, {0}, {0}, false, 0, 0, 0, "", 0, 0}},
+     {NULL, NULL, NULL, {0}, {0}, false, 0, 0, 0, "", 0, 0, 0, 0, 0}},
     {"version=2..\nstatus=OK",
-     {NULL, NULL, NULL, {0}, {0}, true, 2, 0, 0, "", 0, 0}},
+     {NULL, NULL, NULL, {0}, {0}, true, 2, 0, 0, "", 0, 0, 0, 0, 0}},
   };
 
   for (size_t i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) {
-    yh_connector c = {NULL, NULL, NULL, {0}, {0}, false, 0, 0, 0, "", 0, 0};
+    yh_connector c = {NULL, NULL, NULL, {0}, {0}, false, 0, 0, 0, "", 0, 0, 0, 0, 0};
     char *data = strdup(tests[i].data);
 
     parse_status_data(data, &c);

diff --git a/lib/yubihsm.c b/lib/yubihsm.c
@@ -430,7 +430,13 @@ static yh_rc send_encrypted_msg(Scp_ctx *session, yh_cmd cmd,
   }
 
   // Outer command { cmd | cmd_len | sid | encrypted payload | mac }
-  if (3 + 1 + len + SCP_MAC_LEN > SCP_MSG_BUF_SIZE) {
+  int max_message_size = SCP_MSG_BUF_SIZE;
+  if(session->parent->fw_version_major < 2 ||
+     (session->parent->fw_version_major == 2 && session->parent->fw_version_minor < 4)) {
+    max_message_size = 2048;
+  }
+
+  if (3 + 1 + len + SCP_MAC_LEN > max_message_size) {
     DBG_ERR("%s: %u", yh_strerror(YHR_BUFFER_TOO_SMALL), 3 + 1 + len + SCP_MAC_LEN);
     return YHR_BUFFER_TOO_SMALL;
   }
@@ -4815,6 +4821,10 @@ yh_rc yh_connect(yh_connector *connector, int timeout) {
     DBG_ERR("Failed when connecting: %s", yh_strerror(rc));
   }
 
+  yh_util_get_device_info(connector, &connector->fw_version_major,
+                          &connector->fw_version_minor, &connector->fw_version_patch,
+                          NULL, NULL, NULL, NULL, NULL);
+
   return rc;
 }