Use new asn1 structs.

polhenarejos · polhenarejos · commit c3b66773e8f8 · 2024-03-13T18:11:28.000+01:00
Signed-off-by: Pol Henarejos &lt;pol.henarejos@cttc.es&gt;
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -89,7 +89,7 @@ target_compile_options(pico_hsm PUBLIC
     -Wall
 )
 if (NOT MSVC)
-    target_compile_options(pico_hsm PUBLIC 
+    target_compile_options(pico_hsm PUBLIC
         -Werror
     )
 endif()
@@ -106,10 +106,10 @@ target_link_options(pico_hsm PUBLIC
         -Wl,-dead_strip
         )
 elseif(MSVC)
-    target_compile_options(pico_hsm PUBLIC 
+    target_compile_options(pico_hsm PUBLIC
         -WX
     )
-    
+
     target_link_libraries(pico_hsm PUBLIC wsock32 ws2_32 Bcrypt)
 else()
 target_link_options(pico_hsm PUBLIC
diff --git a/pico-keys-sdk b/pico-keys-sdk
@@ -1 +1 @@
-Subproject commit caddf87c236a068f94e5283e10b9411d1cfa39e0
+Subproject commit e055d4cfc9df1a41585ac83d484b903088f3db13
diff --git a/src/hsm/cmd_bip_slip.c b/src/hsm/cmd_bip_slip.c
@@ -160,7 +160,10 @@ int node_derive_path(const uint8_t *path,
     int r = 0;
     memset(last_node, 0, 4);
     memset(fingerprint, 0, 4);
-    for (; walk_tlv(path, path_len, &p, &tag, &tag_len, &tag_data); node++) {
+
+    asn1_ctx_t ctxi;
+    asn1_ctx_init((uint8_t *)path, path_len, &ctxi);
+    for (; walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data); node++) {
         if (tag == 0x02) {
             if ((node == 0 && tag_len != 1) || (node != 0 && tag_len != 4)) {
                 return CCID_WRONG_DATA;
diff --git a/src/hsm/cmd_cipher_sym.c b/src/hsm/cmd_cipher_sym.c
diff --git a/src/hsm/cmd_decrypt_asym.c b/src/hsm/cmd_decrypt_asym.c
@@ -152,34 +152,32 @@ int cmd_decrypt_asym() {
             if ((ext = cvc_get_ext(apdu.data, (uint16_t)apdu.nc, &ext_len)) == NULL) {
                 return SW_WRONG_DATA();
             }
-            uint8_t *p = NULL, *tag_data = NULL, *kdom_uid = NULL;
+            uint8_t *p = NULL;
             uint16_t tag = 0;
-            uint16_t tag_len = 0, kdom_uid_len = 0;
-            while (walk_tlv(ext, ext_len, &p, &tag, &tag_len, &tag_data)) {
+            asn1_ctx_t ctxi, ctxo = { 0 }, kdom_uid = { 0 };
+            asn1_ctx_init((uint8_t *)ext, ext_len, &ctxi);
+            while (walk_tlv(&ctxi, &p, &tag, &ctxo.len, &ctxo.data)) {
                 if (tag == 0x73) {
-                    uint16_t oid_len = 0;
-                    uint8_t *oid_data = NULL;
-                    if (asn1_find_tag(tag_data, tag_len, 0x6, &oid_len,
-                                      &oid_data) == true &&
-                        oid_len == strlen(OID_ID_KEY_DOMAIN_UID) &&
-                        memcmp(oid_data, OID_ID_KEY_DOMAIN_UID,
+                    asn1_ctx_t oid = {0};
+                    if (asn1_find_tag(&ctxo, 0x6, &oid) == true &&
+                        oid.len == strlen(OID_ID_KEY_DOMAIN_UID) &&
+                        memcmp(oid.data, OID_ID_KEY_DOMAIN_UID,
                                strlen(OID_ID_KEY_DOMAIN_UID)) == 0) {
-                        if (asn1_find_tag(tag_data, tag_len, 0x80, &kdom_uid_len,
-                                          &kdom_uid) == false) {
+                        if (asn1_find_tag(&ctxo, 0x80, &kdom_uid) == false) {
                             return SW_WRONG_DATA();
                         }
                         break;
                     }
                 }
             }
-            if (kdom_uid_len == 0 || kdom_uid == NULL) {
+            if (asn1_len(&kdom_uid) == 0) {
                 return SW_WRONG_DATA();
             }
             for (uint8_t n = 0; n < MAX_KEY_DOMAINS; n++) {
                 file_t *tf = search_dynamic_file(EF_XKEK + n);
                 if (tf) {
-                    if (file_get_size(tf) == kdom_uid_len &&
-                        memcmp(file_get_data(tf), kdom_uid, kdom_uid_len) == 0) {
+                    if (file_get_size(tf) == kdom_uid.len &&
+                        memcmp(file_get_data(tf), kdom_uid.data, kdom_uid.len) == 0) {
                         file_new(EF_DKEK + n);
                         if (store_dkek_key(n, res_APDU + 1) != CCID_OK) {
                             return SW_EXEC_ERROR();
diff --git a/src/hsm/cmd_general_authenticate.c b/src/hsm/cmd_general_authenticate.c
@@ -33,7 +33,9 @@ int cmd_general_authenticate() {
             uint16_t tag = 0x0;
             uint8_t *tag_data = NULL, *p = NULL;
             uint16_t tag_len = 0;
-            while (walk_tlv(apdu.data + 2, (uint16_t)(apdu.nc - 2), &p, &tag, &tag_len, &tag_data)) {
+            asn1_ctx_t ctxi;
+            asn1_ctx_init(apdu.data + 2, (uint16_t)(apdu.nc - 2), &ctxi);
+            while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) {
                 if (tag == 0x80) {
                     pubkey = tag_data - 1; //mbedtls ecdh starts reading one pos before
                     pubkey_len = tag_len + 1;
diff --git a/src/hsm/cmd_initialize.c b/src/hsm/cmd_initialize.c
@@ -49,7 +49,9 @@ int cmd_initialize() {
         uint16_t tag = 0x0;
         uint8_t *tag_data = NULL, *p = NULL, *kds = NULL, *dkeks = NULL;
         uint16_t tag_len = 0;
-        while (walk_tlv(apdu.data, (uint16_t)apdu.nc, &p, &tag, &tag_len, &tag_data)) {
+        asn1_ctx_t ctxi;
+        asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);
+        while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) {
             if (tag == 0x80) { //options
                 file_t *tf = search_by_fid(EF_DEVOPS, NULL, SPECIFY_EF);
                 flash_write_data_to_file(tf, tag_data, tag_len);
diff --git a/src/hsm/cmd_keypair_gen.c b/src/hsm/cmd_keypair_gen.c
@@ -31,31 +31,21 @@ int cmd_keypair_gen() {
     }
     int ret = 0;
 
-    uint16_t tout = 0;
     //sc_asn1_print_tags(apdu.data, apdu.nc);
-    uint8_t *p = NULL;
     //DEBUG_DATA(apdu.data,apdu.nc);
-    if (asn1_find_tag(apdu.data, (uint16_t)apdu.nc, 0x7f49, &tout, &p) && tout > 0 && p != NULL) {
-        uint16_t oid_len = 0;
-        uint8_t *oid = NULL;
-        if (asn1_find_tag(p, tout, 0x6, &oid_len, &oid) && oid_len > 0 && oid != NULL) {
-            if (memcmp(oid, OID_ID_TA_RSA_V1_5_SHA_256, oid_len) == 0) { //RSA
-                uint16_t ex_len = 3, ks_len = 2;
-                uint8_t *ex = NULL, *ks = NULL;
+    asn1_ctx_t ctxi, ctxo = { 0 };
+    asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);
+    if (asn1_find_tag(&ctxi, 0x7f49, &ctxo) && asn1_len(&ctxo) > 0) {
+        asn1_ctx_t oid = { 0 };
+        if (asn1_find_tag(&ctxo, 0x6, &oid) && asn1_len(&oid) > 0) {
+            if (memcmp(oid.data, OID_ID_TA_RSA_V1_5_SHA_256, oid.len) == 0) { //RSA
+                asn1_ctx_t ex = { 0 }, ks = { 0 };
                 uint32_t exponent = 65537, key_size = 2048;
-                if (asn1_find_tag(p, tout, 0x82, &ex_len, &ex) && ex_len > 0 && ex != NULL) {
-                    uint8_t *dt = ex;
-                    exponent = 0;
-                    for (uint16_t i = 0; i < ex_len; i++) {
-                        exponent = (exponent << 8) | *dt++;
-                    }
+                if (asn1_find_tag(&ctxo, 0x82, &ex) && asn1_len(&ex) > 0) {
+                    exponent = asn1_get_uint(&ex);
                 }
-                if (asn1_find_tag(p, tout, 0x2, &ks_len, &ks) && ks_len > 0 && ks != NULL) {
-                    uint8_t *dt = ks;
-                    key_size = 0;
-                    for (uint16_t i = 0; i < ks_len; i++) {
-                        key_size = (key_size << 8) | *dt++;
-                    }
+                if (asn1_find_tag(&ctxo, 0x2, &ks) && asn1_len(&ks) > 0) {
+                    key_size = asn1_get_uint(&ks);
                 }
                 printf("KEYPAIR RSA %lu (%lx)\r\n",
                        (unsigned long) key_size,
@@ -79,13 +69,12 @@ int cmd_keypair_gen() {
                 }
                 mbedtls_rsa_free(&rsa);
             }
-            else if (memcmp(oid, OID_ID_TA_ECDSA_SHA_256, MIN(oid_len, 10)) == 0) {   //ECC
-                uint16_t prime_len;
-                uint8_t *prime = NULL;
-                if (asn1_find_tag(p, tout, 0x81, &prime_len, &prime) != true) {
+            else if (memcmp(oid.data, OID_ID_TA_ECDSA_SHA_256, MIN(oid.len, 10)) == 0) {   //ECC
+                asn1_ctx_t prime = { 0 };
+                if (asn1_find_tag(&ctxo, 0x81, &prime) != true) {
                     return SW_WRONG_DATA();
                 }
-                mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(prime, prime_len);
+                mbedtls_ecp_group_id ec_id = ec_get_curve_from_prime(prime.data, prime.len);
                 printf("KEYPAIR ECC %d\r\n", ec_id);
                 if (ec_id == MBEDTLS_ECP_DP_NONE) {
                     return SW_FUNC_NOT_SUPPORTED();
@@ -98,30 +87,27 @@ int cmd_keypair_gen() {
                     mbedtls_ecdsa_free(&ecdsa);
                     return SW_EXEC_ERROR();
                 }
-                uint16_t l91 = 0, ext_len = 0;
-                uint8_t *p91 = NULL, *ext = NULL;
-                if (asn1_find_tag(apdu.data, (uint16_t)apdu.nc, 0x91, &l91, &p91) && p91 != NULL && l91 > 0) {
-                    for (size_t n = 0; n < l91; n++) {
-                        if (p91[n] == ALGO_EC_DH_XKEK) {
-                            uint16_t l92 = 0;
-                            uint8_t *p92 = NULL;
-                            if (!asn1_find_tag(apdu.data, (uint16_t)apdu.nc, 0x92, &l92,
-                                               &p92) || p92 == NULL || l92 == 0) {
+                asn1_ctx_t a91 = { 0 }, ext = { 0 };
+                if (asn1_find_tag(&ctxi, 0x91, &a91) && asn1_len(&a91) > 0) {
+                    for (size_t n = 0; n < a91.len; n++) {
+                        if (a91.data[n] == ALGO_EC_DH_XKEK) {
+                            asn1_ctx_t a92 = {0};
+                            if (!asn1_find_tag(&ctxi, 0x92, &a92) || asn1_len(&a92) == 0) {
                                 return SW_WRONG_DATA();
                             }
-                            if (p92[0] > MAX_KEY_DOMAINS) {
+                            if (a92.data[0] > MAX_KEY_DOMAINS) {
                                 return SW_WRONG_DATA();
                             }
-                            file_t *tf_xkek = search_dynamic_file(EF_XKEK + p92[0]);
+                            file_t *tf_xkek = search_dynamic_file(EF_XKEK + a92.data[0]);
                             if (!tf_xkek) {
                                 return SW_WRONG_DATA();
                             }
-                            ext_len = 2 + 2 + (uint16_t)strlen(OID_ID_KEY_DOMAIN_UID) + 2 + file_get_size(
+                            ext.len = 2 + 2 + (uint16_t)strlen(OID_ID_KEY_DOMAIN_UID) + 2 + file_get_size(
                                 tf_xkek);
-                            ext = (uint8_t *) calloc(1, ext_len);
-                            uint8_t *pe = ext;
+                            ext.data = (uint8_t *) calloc(1, ext.len);
+                            uint8_t *pe = ext.data;
                             *pe++ = 0x73;
-                            *pe++ = (uint8_t)ext_len - 2;
+                            *pe++ = (uint8_t)ext.len - 2;
                             *pe++ = 0x6;
                             *pe++ = (uint8_t)strlen(OID_ID_KEY_DOMAIN_UID);
                             memcpy(pe, OID_ID_KEY_DOMAIN_UID, strlen(OID_ID_KEY_DOMAIN_UID));
@@ -133,15 +119,15 @@ int cmd_keypair_gen() {
                     }
                 }
                 if ((res_APDU_size =
-                         (uint16_t)asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, ext, ext_len)) == 0) {
-                    if (ext) {
-                        free(ext);
+                         (uint16_t)asn1_cvc_aut(&ecdsa, PICO_KEYS_KEY_EC, res_APDU, 4096, ext.data, ext.len)) == 0) {
+                    if (ext.data) {
+                        free(ext.data);
                     }
                     mbedtls_ecdsa_free(&ecdsa);
                     return SW_EXEC_ERROR();
                 }
-                if (ext) {
-                    free(ext);
+                if (ext.data) {
+                    free(ext.data);
                 }
                 ret = store_keys(&ecdsa, PICO_KEYS_KEY_EC, key_id);
                 mbedtls_ecdsa_free(&ecdsa);
diff --git a/src/hsm/cmd_mse.c b/src/hsm/cmd_mse.c
@@ -34,7 +34,9 @@ int cmd_mse() {
         uint16_t tag = 0x0;
         uint8_t *tag_data = NULL, *p = NULL;
         uint16_t tag_len = 0;
-        while (walk_tlv(apdu.data, (uint16_t)apdu.nc, &p, &tag, &tag_len, &tag_data)) {
+        asn1_ctx_t ctxi;
+        asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);
+        while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) {
             if (tag == 0x80) {
                 if (p2 == 0xA4) {
                     if (tag_len == 10 &&
diff --git a/src/hsm/cmd_signature.c b/src/hsm/cmd_signature.c
@@ -152,8 +152,7 @@ int cmd_signature() {
             }
             return SW_EXEC_ERROR();
         }
-        uint8_t *hash = apdu.data;
-        uint16_t hash_len = (uint16_t)apdu.nc;
+        asn1_ctx_t hash = {.len = (uint16_t)apdu.nc, .data = apdu.data};
         if (p2 == ALGO_RSA_PKCS1) { //DigestInfo attached
             uint16_t nc = (uint16_t)apdu.nc;
             if (pkcs1_strip_digest_info_prefix(&md, apdu.data, (uint16_t)apdu.nc, apdu.data,
@@ -164,35 +163,34 @@ int cmd_signature() {
         }
         else {
             //sc_asn1_print_tags(apdu.data, apdu.nc);
-            uint16_t tout = 0, oid_len = 0;
-            uint8_t *p = NULL, *oid = NULL;
-            if (asn1_find_tag(apdu.data, (uint16_t)apdu.nc, 0x30, &tout, &p) && tout > 0 && p != NULL) {
-                uint16_t tout30 = 0;
-                uint8_t *c30 = NULL;
-                if (asn1_find_tag(p, tout, 0x30, &tout30, &c30) && tout30 > 0 && c30 != NULL) {
-                    asn1_find_tag(c30, tout30, 0x6, &oid_len, &oid);
+            asn1_ctx_t ctxi, ctxo = { 0 }, oid = { 0 };
+            asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);
+            if (asn1_find_tag(&ctxi, 0x30, &ctxo) && asn1_len(&ctxo) > 0) {
+                asn1_ctx_t a30 = { 0 };
+                if (asn1_find_tag(&ctxo, 0x30, &a30) && asn1_len(&a30) > 0) {
+                    asn1_find_tag(&a30, 0x6, &oid);
                 }
-                asn1_find_tag(p, tout, 0x4, &hash_len, &hash);
+                asn1_find_tag(&ctxo, 0x4, &hash);
             }
-            if (oid && oid_len > 0) {
-                if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA1, oid_len) == 0) {
+            if (asn1_len(&oid)) {
+                if (memcmp(oid.data, MBEDTLS_OID_DIGEST_ALG_SHA1, oid.len) == 0) {
                     md = MBEDTLS_MD_SHA1;
                 }
-                else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA224, oid_len) == 0) {
+                else if (memcmp(oid.data, MBEDTLS_OID_DIGEST_ALG_SHA224, oid.len) == 0) {
                     md = MBEDTLS_MD_SHA224;
                 }
-                else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA256, oid_len) == 0) {
+                else if (memcmp(oid.data, MBEDTLS_OID_DIGEST_ALG_SHA256, oid.len) == 0) {
                     md = MBEDTLS_MD_SHA256;
                 }
-                else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA384, oid_len) == 0) {
+                else if (memcmp(oid.data, MBEDTLS_OID_DIGEST_ALG_SHA384, oid.len) == 0) {
                     md = MBEDTLS_MD_SHA384;
                 }
-                else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA512, oid_len) == 0) {
+                else if (memcmp(oid.data, MBEDTLS_OID_DIGEST_ALG_SHA512, oid.len) == 0) {
                     md = MBEDTLS_MD_SHA512;
                 }
             }
             if (p2 >= ALGO_RSA_PSS && p2 <= ALGO_RSA_PSS_SHA512) {
-                if (p2 == ALGO_RSA_PSS && !oid) {
+                if (p2 == ALGO_RSA_PSS && asn1_len(&oid) == 0) {
                     if (apdu.nc == 20) { //default is sha1
                         md = MBEDTLS_MD_SHA1;
                     }
@@ -220,7 +218,7 @@ int cmd_signature() {
         }
         else {
             uint8_t *signature = (uint8_t *) calloc(key_size, sizeof(uint8_t));
-            r = mbedtls_rsa_pkcs1_sign(&ctx, random_gen, NULL, md, hash_len, hash, signature);
+            r = mbedtls_rsa_pkcs1_sign(&ctx, random_gen, NULL, md, hash.len, hash.data, signature);
             memcpy(res_APDU, signature, key_size);
             free(signature);
         }
diff --git a/src/hsm/cmd_update_ef.c b/src/hsm/cmd_update_ef.c
@@ -49,7 +49,9 @@ int cmd_update_ef() {
     uint16_t tag = 0x0;
     uint8_t *tag_data = NULL, *p = NULL;
     uint16_t tag_len = 0;
-    while (walk_tlv(apdu.data, (uint16_t)apdu.nc, &p, &tag, &tag_len, &tag_data)) {
+    asn1_ctx_t ctxi;
+    asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);
+    while (walk_tlv(&ctxi, &p, &tag, &tag_len, &tag_data)) {
         if (tag == 0x54) { //ofset tag
             for (size_t i = 1; i <= tag_len; i++) {
                 offset |= (*tag_data++ << (8 * (tag_len - i)));
diff --git a/src/hsm/cvc.c b/src/hsm/cvc.c
diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c

Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,7 @@ target_compile_options(pico_hsm PUBLIC`
`89`	`89`	`-Wall`
`90`	`90`	`)`
`91`	`91`	`if (NOT MSVC)`
`92`		`- target_compile_options(pico_hsm PUBLIC`
	`92`	`+ target_compile_options(pico_hsm PUBLIC`
`93`	`93`	`-Werror`
`94`	`94`	`)`
`95`	`95`	`endif()`
`@@ -106,10 +106,10 @@ target_link_options(pico_hsm PUBLIC`
`106`	`106`	`-Wl,-dead_strip`
`107`	`107`	`)`
`108`	`108`	`elseif(MSVC)`
`109`		`- target_compile_options(pico_hsm PUBLIC`
	`109`	`+ target_compile_options(pico_hsm PUBLIC`
`110`	`110`	`-WX`
`111`	`111`	`)`
`112`		`-`
	`112`	`+`
`113`	`113`	`target_link_libraries(pico_hsm PUBLIC wsock32 ws2_32 Bcrypt)`
`114`	`114`	`else()`
`115`	`115`	`target_link_options(pico_hsm PUBLIC`
Original file line number	Diff line number	Diff line change
`@@ -152,8 +152,7 @@ int cmd_signature() {`
`152`	`152`	`}`
`153`	`153`	`return SW_EXEC_ERROR();`
`154`	`154`	`}`
`155`		`- uint8_t *hash = apdu.data;`
`156`		`- uint16_t hash_len = (uint16_t)apdu.nc;`
	`155`	`+ asn1_ctx_t hash = {.len = (uint16_t)apdu.nc, .data = apdu.data};`
`157`	`156`	`if (p2 == ALGO_RSA_PKCS1) { //DigestInfo attached`
`158`	`157`	`uint16_t nc = (uint16_t)apdu.nc;`
`159`	`158`	`if (pkcs1_strip_digest_info_prefix(&md, apdu.data, (uint16_t)apdu.nc, apdu.data,`
`@@ -164,35 +163,34 @@ int cmd_signature() {`
`164`	`163`	`}`
`165`	`164`	`else {`
`166`	`165`	`//sc_asn1_print_tags(apdu.data, apdu.nc);`
`167`		`- uint16_t tout = 0, oid_len = 0;`
`168`		`- uint8_t p = NULL, oid = NULL;`
`169`		`- if (asn1_find_tag(apdu.data, (uint16_t)apdu.nc, 0x30, &tout, &p) && tout > 0 && p != NULL) {`
`170`		`- uint16_t tout30 = 0;`
`171`		`- uint8_t *c30 = NULL;`
`172`		`- if (asn1_find_tag(p, tout, 0x30, &tout30, &c30) && tout30 > 0 && c30 != NULL) {`
`173`		`- asn1_find_tag(c30, tout30, 0x6, &oid_len, &oid);`
	`166`	`+ asn1_ctx_t ctxi, ctxo = { 0 }, oid = { 0 };`
	`167`	`+ asn1_ctx_init(apdu.data, (uint16_t)apdu.nc, &ctxi);`
	`168`	`+ if (asn1_find_tag(&ctxi, 0x30, &ctxo) && asn1_len(&ctxo) > 0) {`
	`169`	`+ asn1_ctx_t a30 = { 0 };`
	`170`	`+ if (asn1_find_tag(&ctxo, 0x30, &a30) && asn1_len(&a30) > 0) {`
	`171`	`+ asn1_find_tag(&a30, 0x6, &oid);`
`174`	`172`	`}`
`175`		`- asn1_find_tag(p, tout, 0x4, &hash_len, &hash);`
	`173`	`+ asn1_find_tag(&ctxo, 0x4, &hash);`
`176`	`174`	`}`
`177`		`- if (oid && oid_len > 0) {`
`178`		`- if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA1, oid_len) == 0) {`
	`175`	`+ if (asn1_len(&oid)) {`
	`176`	`+ if (memcmp(oid.data, MBEDTLS_OID_DIGEST_ALG_SHA1, oid.len) == 0) {`
`179`	`177`	`md = MBEDTLS_MD_SHA1;`
`180`	`178`	`}`
`181`		`- else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA224, oid_len) == 0) {`
	`179`	`+ else if (memcmp(oid.data, MBEDTLS_OID_DIGEST_ALG_SHA224, oid.len) == 0) {`
`182`	`180`	`md = MBEDTLS_MD_SHA224;`
`183`	`181`	`}`
`184`		`- else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA256, oid_len) == 0) {`
	`182`	`+ else if (memcmp(oid.data, MBEDTLS_OID_DIGEST_ALG_SHA256, oid.len) == 0) {`
`185`	`183`	`md = MBEDTLS_MD_SHA256;`
`186`	`184`	`}`
`187`		`- else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA384, oid_len) == 0) {`
	`185`	`+ else if (memcmp(oid.data, MBEDTLS_OID_DIGEST_ALG_SHA384, oid.len) == 0) {`
`188`	`186`	`md = MBEDTLS_MD_SHA384;`
`189`	`187`	`}`
`190`		`- else if (memcmp(oid, MBEDTLS_OID_DIGEST_ALG_SHA512, oid_len) == 0) {`
	`188`	`+ else if (memcmp(oid.data, MBEDTLS_OID_DIGEST_ALG_SHA512, oid.len) == 0) {`
`191`	`189`	`md = MBEDTLS_MD_SHA512;`
`192`	`190`	`}`
`193`	`191`	`}`
`194`	`192`	`if (p2 >= ALGO_RSA_PSS && p2 <= ALGO_RSA_PSS_SHA512) {`
`195`		`- if (p2 == ALGO_RSA_PSS && !oid) {`
	`193`	`+ if (p2 == ALGO_RSA_PSS && asn1_len(&oid) == 0) {`
`196`	`194`	`if (apdu.nc == 20) { //default is sha1`
`197`	`195`	`md = MBEDTLS_MD_SHA1;`
`198`	`196`	`}`
`@@ -220,7 +218,7 @@ int cmd_signature() {`
`220`	`218`	`}`
`221`	`219`	`else {`
`222`	`220`	`uint8_t signature = (uint8_t ) calloc(key_size, sizeof(uint8_t));`
`223`		`- r = mbedtls_rsa_pkcs1_sign(&ctx, random_gen, NULL, md, hash_len, hash, signature);`
	`221`	`+ r = mbedtls_rsa_pkcs1_sign(&ctx, random_gen, NULL, md, hash.len, hash.data, signature);`
`224`	`222`	`memcpy(res_APDU, signature, key_size);`
`225`	`223`	`free(signature);`
`226`	`224`	`}`