From e6189a638c1527699a3233fb9a1bce9682aafde1 Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 4 Mar 2022 13:57:36 -0700 Subject: [PATCH 1/4] IOTSafe workarounds: Allow reading files with no GetSize command available, allow sign command response with no padding. --- wolfcrypt/src/port/iotsafe/iotsafe.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/port/iotsafe/iotsafe.c b/wolfcrypt/src/port/iotsafe/iotsafe.c index d1d0b3492..748f24cde 100644 --- a/wolfcrypt/src/port/iotsafe/iotsafe.c +++ b/wolfcrypt/src/port/iotsafe/iotsafe.c @@ -440,9 +440,13 @@ static int iotsafe_readfile(uint8_t *file_id, uint16_t file_id_sz, { char *resp; int ret; - char *filesz_s; - int file_sz = 0; uint16_t off = 0; +#ifdef IOTSAFE_NO_GETDATA + int file_sz = max_size; +#else + int file_sz = 0; + char *filesz_s; + iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS, IOTSAFE_INS_GETDATA, IOTSAFE_GETDATA_FILE, 0); iotsafe_cmd_add_tlv(csim_cmd, IOTSAFE_TAG_FILE_ID, file_id_sz, file_id); @@ -471,6 +475,7 @@ static int iotsafe_readfile(uint8_t *file_id, uint16_t file_id_sz, WOLFSSL_MSG("iotsafe_readfile: insufficient space in buffer"); return -1; } +#endif while (off < file_sz) { byte off_p1, off_p2; @@ -488,6 +493,11 @@ static int iotsafe_readfile(uint8_t *file_id, uint16_t file_id_sz, return -1; } off += ret/2; +#ifdef IOTSAFE_NO_GETDATA + if (XSTRNCMP(&resp[ret-4], "0000", 4) == 0) { + break; + } +#endif } else { WOLFSSL_MSG("IoTSafe: Error reading file."); return -1; @@ -859,6 +869,14 @@ static int iotsafe_sign_hash(byte *privkey_idx, uint16_t id_size, byte sig_hdr[3]; if (hex_to_bytes(resp, sig_hdr, 3) < 0) { ret = BAD_FUNC_ARG; +#ifdef IOTSAFE_SIGN_NO_PADDING + } else if ((sig_hdr[0] == IOTSAFE_TAG_SIGNATURE_FIELD) && + (sig_hdr[1] == 2 * IOTSAFE_ECC_KSIZE)) { + XSTRNCPY(R, resp + 4, IOTSAFE_ECC_KSIZE * 2); + XSTRNCPY(S, resp + 4 + IOTSAFE_ECC_KSIZE * 2, + IOTSAFE_ECC_KSIZE * 2); + ret = wc_ecc_rs_to_sig(R, S, signature, sigLen); +#endif } else if ((sig_hdr[0] == IOTSAFE_TAG_SIGNATURE_FIELD) && (sig_hdr[1] == 0) && (sig_hdr[2] == 2 * IOTSAFE_ECC_KSIZE)) { @@ -868,9 +886,10 @@ static int iotsafe_sign_hash(byte *privkey_idx, uint16_t id_size, ret = wc_ecc_rs_to_sig(R, S, signature, sigLen); } else { ret = WC_HW_E; + WOLFSSL_MSG("Invalid response from EC sign update"); } } else { - WOLFSSL_MSG("Invalid response from EC sign update"); + WOLFSSL_MSG("Invalid/no response from EC sign update"); } /* Terminate sign/sign session. */ From af70edb99daa2bb311f4c1eb713c761f574bc813 Mon Sep 17 00:00:00 2001 From: Kareem Date: Mon, 21 Mar 2022 10:50:06 -0700 Subject: [PATCH 2/4] Strip trailing zeroes from cert buffer when using IOTSAFE_NO_GETDATA. --- wolfcrypt/src/port/iotsafe/iotsafe.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/wolfcrypt/src/port/iotsafe/iotsafe.c b/wolfcrypt/src/port/iotsafe/iotsafe.c index 748f24cde..4ea3c11c3 100644 --- a/wolfcrypt/src/port/iotsafe/iotsafe.c +++ b/wolfcrypt/src/port/iotsafe/iotsafe.c @@ -495,6 +495,17 @@ static int iotsafe_readfile(uint8_t *file_id, uint16_t file_id_sz, off += ret/2; #ifdef IOTSAFE_NO_GETDATA if (XSTRNCMP(&resp[ret-4], "0000", 4) == 0) { + /* Strip trailing zeros */ + for (int idx = 0; idx < off-1; idx+=2) { + if (content[idx] == 0 && content[idx+1] == 0) { + off = idx; +#ifdef DEBUG_IOTSAFE + WOLFSSL_MSG("Stripped trailing zeros from cert buffer."); + WOLFSSL_BUFFER(content, off); +#endif + break; + } + } break; } #endif @@ -503,6 +514,7 @@ static int iotsafe_readfile(uint8_t *file_id, uint16_t file_id_sz, return -1; } } + return off; } From be938ed197709b5db5336fa90d5fee47d4e9a186 Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 25 Mar 2022 16:17:53 -0700 Subject: [PATCH 3/4] IoTSafe Workarounds: Address code review feedback. --- wolfcrypt/src/port/iotsafe/iotsafe.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/port/iotsafe/iotsafe.c b/wolfcrypt/src/port/iotsafe/iotsafe.c index 4ea3c11c3..929388ddc 100644 --- a/wolfcrypt/src/port/iotsafe/iotsafe.c +++ b/wolfcrypt/src/port/iotsafe/iotsafe.c @@ -496,7 +496,8 @@ static int iotsafe_readfile(uint8_t *file_id, uint16_t file_id_sz, #ifdef IOTSAFE_NO_GETDATA if (XSTRNCMP(&resp[ret-4], "0000", 4) == 0) { /* Strip trailing zeros */ - for (int idx = 0; idx < off-1; idx+=2) { + int idx = 0; + for (idx = 0; idx < off-1; idx+=2) { if (content[idx] == 0 && content[idx+1] == 0) { off = idx; #ifdef DEBUG_IOTSAFE @@ -881,15 +882,17 @@ static int iotsafe_sign_hash(byte *privkey_idx, uint16_t id_size, byte sig_hdr[3]; if (hex_to_bytes(resp, sig_hdr, 3) < 0) { ret = BAD_FUNC_ARG; -#ifdef IOTSAFE_SIGN_NO_PADDING - } else if ((sig_hdr[0] == IOTSAFE_TAG_SIGNATURE_FIELD) && + } +#ifdef IOTSAFE_SIG_8BIT_LENGTH + else if ((sig_hdr[0] == IOTSAFE_TAG_SIGNATURE_FIELD) && (sig_hdr[1] == 2 * IOTSAFE_ECC_KSIZE)) { XSTRNCPY(R, resp + 4, IOTSAFE_ECC_KSIZE * 2); XSTRNCPY(S, resp + 4 + IOTSAFE_ECC_KSIZE * 2, IOTSAFE_ECC_KSIZE * 2); ret = wc_ecc_rs_to_sig(R, S, signature, sigLen); + } #endif - } else if ((sig_hdr[0] == IOTSAFE_TAG_SIGNATURE_FIELD) && + else if ((sig_hdr[0] == IOTSAFE_TAG_SIGNATURE_FIELD) && (sig_hdr[1] == 0) && (sig_hdr[2] == 2 * IOTSAFE_ECC_KSIZE)) { XSTRNCPY(R, resp + 6, IOTSAFE_ECC_KSIZE * 2); From 52902f1d373cd42c4448a0d814771ad0895d4603 Mon Sep 17 00:00:00 2001 From: Kareem Date: Mon, 28 Mar 2022 10:25:05 -0700 Subject: [PATCH 4/4] IoTSafe: Add SP_RSA to user_settings.h template. --- IDE/iotsafe/user_settings.h | 1 + 1 file changed, 1 insertion(+) diff --git a/IDE/iotsafe/user_settings.h b/IDE/iotsafe/user_settings.h index e4c288cbe..51671df9c 100644 --- a/IDE/iotsafe/user_settings.h +++ b/IDE/iotsafe/user_settings.h @@ -110,6 +110,7 @@ static inline long XTIME(long *x) { return jiffies;} #define WOLFSSL_SP_SMALL #define WOLFSSL_HAVE_SP_DH #define WOLFSSL_HAVE_SP_ECC +#define WOLFSSL_HAVE_SP_RSA #define SP_WORD_SIZE 32 /* ECC */