Merge pull request #42 from AvinashHedage/hmac_sign_len_validation

updated handling of mac length return value in begin operation
divegeek · Apr 11, 2022 · 6bc34c8 · 6bc34c8
2 parents 5c1b15f + 2778ce6
commit 6bc34c8
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -1770,7 +1770,7 @@ private void finishSigningVerifyingOperation(KMOperationState op, byte[] scratch
               KMByteBlob.cast(data[SIGNATURE]).length() > (SHA256_DIGEST_LEN_BITS / 8)) {
             KMException.throwIt(KMError.UNSUPPORTED_MAC_LENGTH);
           }
-          if ((KMByteBlob.cast(data[SIGNATURE]).length() < (op.getMinMacLength() / 8))) {
+          if ((KMByteBlob.cast(data[SIGNATURE]).length() < (short)(op.getMinMacLength() / 8))) {
             KMException.throwIt(KMError.INVALID_MAC_LENGTH);
           }
 
@@ -2207,14 +2207,17 @@ private void processBeginOperationCmd(APDU apdu) {
     } else {
       iv = KMArray.instance((short) 0);
     }
-
+    short macLen = 0;
+    if(op.getMacLength() !=  KMType.INVALID_VALUE) {
+    	macLen = (short) (op.getMacLength()/8) ;
+    }
     short params = KMKeyParameters.instance(iv);
     short resp  = KMArray.instance((short) 5);
     KMArray.cast(resp).add((short) 0, KMInteger.uint_16(KMError.OK));
     KMArray.cast(resp).add((short) 1, params);
     KMArray.cast(resp).add((short) 2, data[OP_HANDLE]);
     KMArray.cast(resp).add((short) 3, KMInteger.uint_8(op.getBufferingMode()));
-    KMArray.cast(resp).add((short) 4, KMInteger.uint_16((short) (op.getMacLength() / 8)));
+    KMArray.cast(resp).add((short) 4, KMInteger.uint_16(macLen));
     sendOutgoing(apdu, resp);
   }