forked from wolfSSL/wolfssl
fixing comments and spelling; fallback hkdf imp + signature header
This commit is contained in:
Saksik Remy
@ -56,8 +56,6 @@
|
||||
|
||||
static int serial_fd = -1;
|
||||
|
||||
|
||||
|
||||
/* Function Declarations */
|
||||
|
||||
extern int client_loop(const char *peer_ip, const char *peer_name, const char *peer_port, const char *temperature);
|
||||
@ -133,10 +131,11 @@ static int usart_read(char *buf, int len)
|
||||
|
||||
int ret = 0;
|
||||
int i = 0;
|
||||
char c;
|
||||
char c;
|
||||
memset(buf, 0, len);
|
||||
|
||||
// Read 1 byte at one time until *buf is full or a POSIX read error like timeout occurs.
|
||||
|
||||
/* Read 1 byte at one time until *buf is full or a POSIX read error like timeout occurs. */
|
||||
do
|
||||
{
|
||||
ret = read(serial_fd, &c, 1U);
|
||||
@ -147,6 +146,8 @@ static int usart_read(char *buf, int len)
|
||||
break;
|
||||
}
|
||||
} while (i < len && ret > 0);
|
||||
|
||||
|
||||
|
||||
#ifdef DEBUG_UART_IO
|
||||
printf("UART Read Actual : %d bytes\n", i);
|
||||
@ -200,7 +201,7 @@ static void show_usage(const char *program)
|
||||
printf("\t-ip <server IPv4 address eg: 127.0.0.1>\n");
|
||||
printf("\t-h <server name eg: xxx.amazon.com>\n");
|
||||
printf("\t-p <server port eg: 443>\n");
|
||||
printf("\t-t <temperature eg: 25Celcius>\n");
|
||||
printf("\t-t <temperature eg: 25 Celsius>\n");
|
||||
printf("\t-d <serial device eg: /dev/ttyACM0>\n");
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
@ -860,11 +860,6 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt, int sal
|
||||
CallbackHKDFExtract cb = ssl->ctx->HkdfExtractCb;
|
||||
if (cb != NULL) {
|
||||
ret = cb(prk, salt, saltLen, ikm, ikmLen, digest, cb_ctx);
|
||||
if(ret == NOT_COMPILED_IN)
|
||||
{
|
||||
WOLFSSL_MSG("Not supported by callback, fallback to software implementation");
|
||||
ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest);
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
@ -955,7 +950,7 @@ int DeriveMasterSecret(WOLFSSL* ssl)
|
||||
PRIVATE_KEY_UNLOCK();
|
||||
ret = Tls13_HKDF_Extract(ssl, ssl->arrays->masterSecret,
|
||||
key, ssl->specs.hash_size,
|
||||
ssl->arrays->masterSecret, 0, mac2hash(ssl->specs.mac_algorithm));
|
||||
ssl->arrays->masterSecret, 32, mac2hash(ssl->specs.mac_algorithm));
|
||||
PRIVATE_KEY_LOCK();
|
||||
|
||||
#ifdef HAVE_KEYING_MATERIAL
|
||||
|
||||
@ -720,28 +720,56 @@ static int iotsafe_put_public_key(byte *pubkey_id, unsigned long id_size,
|
||||
return ret;
|
||||
}
|
||||
#ifdef HAVE_HKDF
|
||||
//hkdf extract
|
||||
static int iotsafe_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
|
||||
byte* ikm, word32 ikmLen, int digest)
|
||||
{
|
||||
int ret;
|
||||
char *resp;
|
||||
uint16_t hash_algo = 0;
|
||||
int len;
|
||||
|
||||
WOLFSSL_MSG("Enter iotsafe_hkdf_extract");
|
||||
switch (digest) {
|
||||
case WC_SHA256:
|
||||
hash_algo = (uint16_t)1;
|
||||
if (ikmLen == 0) {
|
||||
len = WC_SHA256_DIGEST_SIZE;
|
||||
}
|
||||
break;
|
||||
case WC_SHA384:
|
||||
hash_algo = (uint16_t)2;
|
||||
if (ikmLen == 0) {
|
||||
len = WC_SHA384_DIGEST_SIZE;
|
||||
}
|
||||
break;
|
||||
case WC_SHA512:
|
||||
hash_algo = (uint16_t)4;
|
||||
if (ikmLen == 0) {
|
||||
len = WC_SHA512_DIGEST_SIZE;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
if (ikmLen == 0) {
|
||||
ikmLen = len;
|
||||
XMEMSET(ikm, 0, len);
|
||||
}
|
||||
|
||||
#ifdef DEBUG_IOTSAFE
|
||||
printf("IOTSAFE PK HKDF Extract\n");
|
||||
printf("salt: ");
|
||||
for(word32 i = 0; i < saltLen; i++)
|
||||
printf("%02X", salt[i]);
|
||||
|
||||
printf("\nikm: ");
|
||||
for(word32 i = 0; i < ikmLen; i++)
|
||||
printf("%02X", ikm[i]);
|
||||
|
||||
printf("\nhash: %d\n", digest);
|
||||
#endif
|
||||
|
||||
uint16_t hash_algo_be = XHTONS(hash_algo);
|
||||
|
||||
iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS, IOTSAFE_INS_HKDF_EXTRACT, 0, 0);
|
||||
@ -820,14 +848,13 @@ static int iotsafe_sign_hash(byte *privkey_idx, uint16_t id_size,
|
||||
|
||||
ret = expect_csim_response(csim_cmd, (word32)XSTRLEN(csim_cmd), &resp);
|
||||
if (ret >= 0) {
|
||||
byte sig_hdr[3];
|
||||
if (hex_to_bytes(resp, sig_hdr, 3) < 0) {
|
||||
byte sig_hdr[2];
|
||||
if (hex_to_bytes(resp, sig_hdr, 2) < 0) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
} else if ((sig_hdr[0] == IOTSAFE_TAG_SIGNATURE_FIELD) &&
|
||||
(sig_hdr[1] == 0) &&
|
||||
(sig_hdr[2] == 2 * IOTSAFE_ECC_KSIZE)) {
|
||||
XSTRNCPY(R, resp + 6, IOTSAFE_ECC_KSIZE * 2);
|
||||
XSTRNCPY(S, resp + 6 + IOTSAFE_ECC_KSIZE * 2,
|
||||
(sig_hdr[1] == 2 * IOTSAFE_ECC_KSIZE)) {
|
||||
XSTRNCPY(R, resp + 4, IOTSAFE_ECC_KSIZE * 2);
|
||||
XSTRNCPY(S, resp + 4 + IOTSAFE_ECC_KSIZE * 2,
|
||||
IOTSAFE_ECC_KSIZE * 2);
|
||||
ret = wc_ecc_rs_to_sig(R, S, signature, sigLen);
|
||||
} else {
|
||||
@ -1006,8 +1033,6 @@ static int wolfIoT_ecc_keygen(WOLFSSL* ssl, struct ecc_key* key,
|
||||
}
|
||||
|
||||
#ifdef HAVE_HKDF
|
||||
|
||||
//hkdf extract iot safe
|
||||
static int wolfIoT_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
|
||||
byte* ikm, word32 ikmLen, int digest, void* ctx)
|
||||
{
|
||||
@ -1016,23 +1041,14 @@ static int wolfIoT_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
|
||||
|
||||
WOLFSSL_MSG("IOTSAFE: Called wolfIoT_hkdf_extract\n");
|
||||
|
||||
#ifdef DEBUG_IOTSAFE
|
||||
printf("IOTSAFE PK HKDF Extract\n");
|
||||
printf("salt: ");
|
||||
for(word32 i = 0; i < saltLen; i++)
|
||||
printf("%02X", salt[i]);
|
||||
|
||||
printf("\nikm: ");
|
||||
for(word32 i = 0; i < ikmLen; i++)
|
||||
printf("%02X", ikm[i]);
|
||||
|
||||
printf("\nhash: %d\n", digest);
|
||||
#endif
|
||||
if(saltLen != 0){
|
||||
ret = iotsafe_hkdf_extract(prk, salt, saltLen, ikm, ikmLen, digest);
|
||||
}
|
||||
else{
|
||||
return NOT_COMPILED_IN;
|
||||
#ifdef DEBUG_IOTSAFE
|
||||
printf("SALT is NULL, not support by IoT Safe Applet, fallback to software implementation\n");
|
||||
#endif
|
||||
ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest);
|
||||
}
|
||||
return ret;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user