Fix Historical Bytes buffer with correct padding

LedgerHQ · Feb 28, 2024 · 7d68daf · 7d68daf
1 parent 2969c0e
commit 7d68daf
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 10 deletions.
diff --git a/src/gpg_data.c b/src/gpg_data.c
@@ -80,7 +80,7 @@ int gpg_apdu_get_data(unsigned int ref) {
             break;
         case 0x5F52:
             /* Historical bytes */
-            gpg_io_insert((const unsigned char *) N_gpg_pstate->histo, 15);
+            gpg_io_insert((const unsigned char *) N_gpg_pstate->histo, HISTO_LENGTH);
             break;
         case 0x7F66:
             /* Extended length information */
@@ -115,7 +115,7 @@ int gpg_apdu_get_data(unsigned int ref) {
             memmove(G_gpg_vstate.work.io_buffer + G_gpg_vstate.io_offset - 6,
                     G_gpg_vstate.kslot->serial,
                     4);
-            gpg_io_insert_tlv(0x5F52, 15, (const unsigned char *) N_gpg_pstate->histo);
+            gpg_io_insert_tlv(0x5F52, HISTO_LENGTH, (const unsigned char *) N_gpg_pstate->histo);
             gpg_io_insert_tlv(0x7F66, sizeof(C_ext_length), C_ext_length);
 
             gpg_io_mark();

diff --git a/src/gpg_dispatch.c b/src/gpg_dispatch.c
@@ -254,7 +254,7 @@ int gpg_dispatch() {
             /* --- ACTIVATE/TERMINATE FILE --- */
         case INS_ACTIVATE_FILE:
             gpg_io_discard(0);
-            if (N_gpg_pstate->histo[7] == STATE_TERMINATE) {
+            if (N_gpg_pstate->histo[HISTO_OFFSET_STATE] == STATE_TERMINATE) {
                 gpg_install(STATE_ACTIVATE);
             }
             return SW_OK;
@@ -272,7 +272,7 @@ int gpg_dispatch() {
     }
 
     /* Other commands allowed if not terminated */
-    if (N_gpg_pstate->histo[7] != STATE_ACTIVATE) {
+    if (N_gpg_pstate->histo[HISTO_OFFSET_STATE] != STATE_ACTIVATE) {
         return SW_STATE_TERMINATED;
     }
 

diff --git a/src/gpg_init.c b/src/gpg_init.c
@@ -261,14 +261,19 @@ const unsigned char C_default_AID[] = {
     0x00,
     0x00};
 
-const unsigned char C_default_Histo[] = {
+const unsigned char C_default_Histo[HISTO_LENGTH] = {
     0x00,
     0x31,
     0xC5,  // select method: by DF/partialDF; IO-file:readbinary; RFU???
     0x73,
     0xC0,  // select method: by DF/partialDF ,
     0x01,  // data coding style: ontime/byte
     0x80,  // chaining
+    0x00,  // Padding zero bytes
+    0x00,
+    0x00,
+    0x00,
+    0x00,
     0x7F,  // zero state
     0x90,
     0x00};
@@ -408,9 +413,9 @@ void gpg_install(unsigned char app_state) {
     nvm_write((void *) (N_gpg_pstate), NULL, sizeof(gpg_nv_state_t));
 
     // historical bytes
-    memmove(G_gpg_vstate.work.io_buffer, C_default_Histo, sizeof(C_default_Histo));
-    G_gpg_vstate.work.io_buffer[7] = app_state;
-    nvm_write((void *) (N_gpg_pstate->histo), G_gpg_vstate.work.io_buffer, sizeof(C_default_Histo));
+    memmove(G_gpg_vstate.work.io_buffer, C_default_Histo, HISTO_LENGTH);
+    G_gpg_vstate.work.io_buffer[HISTO_OFFSET_STATE] = app_state;
+    nvm_write((void *) (N_gpg_pstate->histo), G_gpg_vstate.work.io_buffer, HISTO_LENGTH);
 
     // AID
     memmove(G_gpg_vstate.work.io_buffer, C_default_AID, sizeof(C_default_AID));

diff --git a/src/gpg_select.c b/src/gpg_select.c
@@ -51,7 +51,7 @@ int gpg_apdu_select() {
         }
 
         gpg_io_discard(0);
-        if (N_gpg_pstate->histo[7] != STATE_ACTIVATE) {
+        if (N_gpg_pstate->histo[HISTO_OFFSET_STATE] != STATE_ACTIVATE) {
             sw = SW_STATE_TERMINATED;
         } else {
             sw = SW_OK;

diff --git a/src/gpg_types.h b/src/gpg_types.h
@@ -41,6 +41,8 @@
 #define GPG_MIN_PW1_LENGTH 6
 #define GPG_MIN_PW3_LENGTH 8
 
+#define HISTO_LENGTH       15
+#define HISTO_OFFSET_STATE 12  // 3rd byte from last (buffer size is 15)
 #ifdef TARGET_NANOS
 #define GPG_KEYS_SLOTS 1
 #else
@@ -159,7 +161,7 @@ struct gpg_nv_state_s {
     /*  4F */
     unsigned char AID[16];
     /*  5F52 */
-    unsigned char histo[15];
+    unsigned char histo[HISTO_LENGTH];
 
     /*  C4 */
     unsigned char PW_status[4];