diff --git a/IDE/iotsafe-raspberrypi/main.c b/IDE/iotsafe-raspberrypi/main.c index dcba2baa6..b0a6b73a4 100644 --- a/IDE/iotsafe-raspberrypi/main.c +++ b/IDE/iotsafe-raspberrypi/main.c @@ -56,8 +56,6 @@ static int serial_fd = -1; - - /* Function Declarations */ extern int client_loop(const char *peer_ip, const char *peer_name, const char *peer_port, const char *temperature); @@ -133,10 +131,11 @@ static int usart_read(char *buf, int len) int ret = 0; int i = 0; - char c; + char c; memset(buf, 0, len); - // Read 1 byte at one time until *buf is full or a POSIX read error like timeout occurs. + + /* Read 1 byte at one time until *buf is full or a POSIX read error like timeout occurs. */ do { ret = read(serial_fd, &c, 1U); @@ -147,6 +146,8 @@ static int usart_read(char *buf, int len) break; } } while (i < len && ret > 0); + + #ifdef DEBUG_UART_IO printf("UART Read Actual : %d bytes\n", i); @@ -200,7 +201,7 @@ static void show_usage(const char *program) printf("\t-ip \n"); printf("\t-h \n"); printf("\t-p \n"); - printf("\t-t \n"); + printf("\t-t \n"); printf("\t-d \n"); exit(-1); } diff --git a/src/tls13.c b/src/tls13.c index 7fbad0502..81627aeb9 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -860,11 +860,6 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt, int sal CallbackHKDFExtract cb = ssl->ctx->HkdfExtractCb; if (cb != NULL) { ret = cb(prk, salt, saltLen, ikm, ikmLen, digest, cb_ctx); - if(ret == NOT_COMPILED_IN) - { - WOLFSSL_MSG("Not supported by callback, fallback to software implementation"); - ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest); - } } else #endif @@ -955,7 +950,7 @@ int DeriveMasterSecret(WOLFSSL* ssl) PRIVATE_KEY_UNLOCK(); ret = Tls13_HKDF_Extract(ssl, ssl->arrays->masterSecret, key, ssl->specs.hash_size, - ssl->arrays->masterSecret, 0, mac2hash(ssl->specs.mac_algorithm)); + ssl->arrays->masterSecret, 32, mac2hash(ssl->specs.mac_algorithm)); PRIVATE_KEY_LOCK(); #ifdef HAVE_KEYING_MATERIAL diff --git a/wolfcrypt/src/port/iotsafe/iotsafe.c b/wolfcrypt/src/port/iotsafe/iotsafe.c index 6351f4db8..6d610cb00 100644 --- a/wolfcrypt/src/port/iotsafe/iotsafe.c +++ b/wolfcrypt/src/port/iotsafe/iotsafe.c @@ -720,28 +720,56 @@ static int iotsafe_put_public_key(byte *pubkey_id, unsigned long id_size, return ret; } #ifdef HAVE_HKDF -//hkdf extract static int iotsafe_hkdf_extract(byte* prk, const byte* salt, word32 saltLen, byte* ikm, word32 ikmLen, int digest) { int ret; char *resp; uint16_t hash_algo = 0; + int len; WOLFSSL_MSG("Enter iotsafe_hkdf_extract"); switch (digest) { case WC_SHA256: hash_algo = (uint16_t)1; + if (ikmLen == 0) { + len = WC_SHA256_DIGEST_SIZE; + } break; case WC_SHA384: hash_algo = (uint16_t)2; + if (ikmLen == 0) { + len = WC_SHA384_DIGEST_SIZE; + } break; case WC_SHA512: hash_algo = (uint16_t)4; + if (ikmLen == 0) { + len = WC_SHA512_DIGEST_SIZE; + } break; default: break; } + + if (ikmLen == 0) { + ikmLen = len; + XMEMSET(ikm, 0, len); + } + + #ifdef DEBUG_IOTSAFE + printf("IOTSAFE PK HKDF Extract\n"); + printf("salt: "); + for(word32 i = 0; i < saltLen; i++) + printf("%02X", salt[i]); + + printf("\nikm: "); + for(word32 i = 0; i < ikmLen; i++) + printf("%02X", ikm[i]); + + printf("\nhash: %d\n", digest); + #endif + uint16_t hash_algo_be = XHTONS(hash_algo); iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS, IOTSAFE_INS_HKDF_EXTRACT, 0, 0); @@ -820,14 +848,13 @@ static int iotsafe_sign_hash(byte *privkey_idx, uint16_t id_size, ret = expect_csim_response(csim_cmd, (word32)XSTRLEN(csim_cmd), &resp); if (ret >= 0) { - byte sig_hdr[3]; - if (hex_to_bytes(resp, sig_hdr, 3) < 0) { + byte sig_hdr[2]; + if (hex_to_bytes(resp, sig_hdr, 2) < 0) { ret = BAD_FUNC_ARG; } else if ((sig_hdr[0] == IOTSAFE_TAG_SIGNATURE_FIELD) && - (sig_hdr[1] == 0) && - (sig_hdr[2] == 2 * IOTSAFE_ECC_KSIZE)) { - XSTRNCPY(R, resp + 6, IOTSAFE_ECC_KSIZE * 2); - XSTRNCPY(S, resp + 6 + IOTSAFE_ECC_KSIZE * 2, + (sig_hdr[1] == 2 * IOTSAFE_ECC_KSIZE)) { + XSTRNCPY(R, resp + 4, IOTSAFE_ECC_KSIZE * 2); + XSTRNCPY(S, resp + 4 + IOTSAFE_ECC_KSIZE * 2, IOTSAFE_ECC_KSIZE * 2); ret = wc_ecc_rs_to_sig(R, S, signature, sigLen); } else { @@ -1006,8 +1033,6 @@ static int wolfIoT_ecc_keygen(WOLFSSL* ssl, struct ecc_key* key, } #ifdef HAVE_HKDF - -//hkdf extract iot safe static int wolfIoT_hkdf_extract(byte* prk, const byte* salt, word32 saltLen, byte* ikm, word32 ikmLen, int digest, void* ctx) { @@ -1016,23 +1041,14 @@ static int wolfIoT_hkdf_extract(byte* prk, const byte* salt, word32 saltLen, WOLFSSL_MSG("IOTSAFE: Called wolfIoT_hkdf_extract\n"); - #ifdef DEBUG_IOTSAFE - printf("IOTSAFE PK HKDF Extract\n"); - printf("salt: "); - for(word32 i = 0; i < saltLen; i++) - printf("%02X", salt[i]); - - printf("\nikm: "); - for(word32 i = 0; i < ikmLen; i++) - printf("%02X", ikm[i]); - - printf("\nhash: %d\n", digest); - #endif if(saltLen != 0){ ret = iotsafe_hkdf_extract(prk, salt, saltLen, ikm, ikmLen, digest); } else{ - return NOT_COMPILED_IN; + #ifdef DEBUG_IOTSAFE + printf("SALT is NULL, not support by IoT Safe Applet, fallback to software implementation\n"); + #endif + ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest); } return ret;