feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

fixing comments and spelling; fallback hkdf imp + signature header

Browse Source
This commit is contained in:
Saksik Remy
2021-12-21 15:41:43 +08:00
parent 93712fcfbd
commit 31cf4f305c
3 changed files with 45 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
IDE/iotsafe-raspberrypi/main.c
View File

@ -56,8 +56,6 @@
static int serial_fd = -1; static int serial_fd = -1;
/* Function Declarations */ /* Function Declarations */
extern int client_loop(const char *peer_ip, const char *peer_name, const char *peer_port, const char *temperature); extern int client_loop(const char *peer_ip, const char *peer_name, const char *peer_port, const char *temperature);
@ -133,10 +131,11 @@ static int usart_read(char *buf, int len)
int ret = 0; int ret = 0;
int i = 0; int i = 0;
char c; char c;
memset(buf, 0, len); memset(buf, 0, len);
// Read 1 byte at one time until *buf is full or a POSIX read error like timeout occurs.
/* Read 1 byte at one time until *buf is full or a POSIX read error like timeout occurs. */
do do
{ {
ret = read(serial_fd, &c, 1U); ret = read(serial_fd, &c, 1U);
@ -147,6 +146,8 @@ static int usart_read(char *buf, int len)
break; break;
} }
} while (i < len && ret > 0); } while (i < len && ret > 0);
#ifdef DEBUG_UART_IO #ifdef DEBUG_UART_IO
printf("UART Read Actual : %d bytes\n", i); printf("UART Read Actual : %d bytes\n", i);
@ -200,7 +201,7 @@ static void show_usage(const char *program)
printf("\t-ip <server IPv4 address eg: 127.0.0.1>\n"); printf("\t-ip <server IPv4 address eg: 127.0.0.1>\n");
printf("\t-h <server name eg: xxx.amazon.com>\n"); printf("\t-h <server name eg: xxx.amazon.com>\n");
printf("\t-p <server port eg: 443>\n"); printf("\t-p <server port eg: 443>\n");
printf("\t-t <temperature eg: 25Celcius>\n"); printf("\t-t <temperature eg: 25 Celsius>\n");
printf("\t-d <serial device eg: /dev/ttyACM0>\n"); printf("\t-d <serial device eg: /dev/ttyACM0>\n");
exit(-1); exit(-1);
} }

7
src/tls13.c
View File

@ -860,11 +860,6 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt, int sal
CallbackHKDFExtract cb = ssl->ctx->HkdfExtractCb; CallbackHKDFExtract cb = ssl->ctx->HkdfExtractCb;
if (cb != NULL) { if (cb != NULL) {
ret = cb(prk, salt, saltLen, ikm, ikmLen, digest, cb_ctx); ret = cb(prk, salt, saltLen, ikm, ikmLen, digest, cb_ctx);
if(ret == NOT_COMPILED_IN)
{
WOLFSSL_MSG("Not supported by callback, fallback to software implementation");
ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest);
}
} }
else else
#endif #endif
@ -955,7 +950,7 @@ int DeriveMasterSecret(WOLFSSL* ssl)
PRIVATE_KEY_UNLOCK(); PRIVATE_KEY_UNLOCK();
ret = Tls13_HKDF_Extract(ssl, ssl->arrays->masterSecret, ret = Tls13_HKDF_Extract(ssl, ssl->arrays->masterSecret,
key, ssl->specs.hash_size, key, ssl->specs.hash_size,
ssl->arrays->masterSecret, 0, mac2hash(ssl->specs.mac_algorithm)); ssl->arrays->masterSecret, 32, mac2hash(ssl->specs.mac_algorithm));
PRIVATE_KEY_LOCK(); PRIVATE_KEY_LOCK();
#ifdef HAVE_KEYING_MATERIAL #ifdef HAVE_KEYING_MATERIAL

60
wolfcrypt/src/port/iotsafe/iotsafe.c
View File

@ -720,28 +720,56 @@ static int iotsafe_put_public_key(byte *pubkey_id, unsigned long id_size,
return ret; return ret;
} }
#ifdef HAVE_HKDF #ifdef HAVE_HKDF
//hkdf extract
static int iotsafe_hkdf_extract(byte* prk, const byte* salt, word32 saltLen, static int iotsafe_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
byte* ikm, word32 ikmLen, int digest) byte* ikm, word32 ikmLen, int digest)
{ {
int ret; int ret;
char *resp; char *resp;
uint16_t hash_algo = 0; uint16_t hash_algo = 0;
int len;
WOLFSSL_MSG("Enter iotsafe_hkdf_extract"); WOLFSSL_MSG("Enter iotsafe_hkdf_extract");
switch (digest) { switch (digest) {
case WC_SHA256: case WC_SHA256:
hash_algo = (uint16_t)1; hash_algo = (uint16_t)1;
if (ikmLen == 0) {
len = WC_SHA256_DIGEST_SIZE;
}
break; break;
case WC_SHA384: case WC_SHA384:
hash_algo = (uint16_t)2; hash_algo = (uint16_t)2;
if (ikmLen == 0) {
len = WC_SHA384_DIGEST_SIZE;
}
break; break;
case WC_SHA512: case WC_SHA512:
hash_algo = (uint16_t)4; hash_algo = (uint16_t)4;
if (ikmLen == 0) {
len = WC_SHA512_DIGEST_SIZE;
}
break; break;
default: default:
break; break;
} }
if (ikmLen == 0) {
ikmLen = len;
XMEMSET(ikm, 0, len);
}
#ifdef DEBUG_IOTSAFE
printf("IOTSAFE PK HKDF Extract\n");
printf("salt: ");
for(word32 i = 0; i < saltLen; i++)
printf("%02X", salt[i]);
printf("\nikm: ");
for(word32 i = 0; i < ikmLen; i++)
printf("%02X", ikm[i]);
printf("\nhash: %d\n", digest);
#endif
uint16_t hash_algo_be = XHTONS(hash_algo); uint16_t hash_algo_be = XHTONS(hash_algo);
iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS, IOTSAFE_INS_HKDF_EXTRACT, 0, 0); iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS, IOTSAFE_INS_HKDF_EXTRACT, 0, 0);
@ -820,14 +848,13 @@ static int iotsafe_sign_hash(byte *privkey_idx, uint16_t id_size,
ret = expect_csim_response(csim_cmd, (word32)XSTRLEN(csim_cmd), &resp); ret = expect_csim_response(csim_cmd, (word32)XSTRLEN(csim_cmd), &resp);
if (ret >= 0) { if (ret >= 0) {
byte sig_hdr[3]; byte sig_hdr[2];
if (hex_to_bytes(resp, sig_hdr, 3) < 0) { if (hex_to_bytes(resp, sig_hdr, 2) < 0) {
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
} else if ((sig_hdr[0] == IOTSAFE_TAG_SIGNATURE_FIELD) && } else if ((sig_hdr[0] == IOTSAFE_TAG_SIGNATURE_FIELD) &&
(sig_hdr[1] == 0) && (sig_hdr[1] == 2 * IOTSAFE_ECC_KSIZE)) {
(sig_hdr[2] == 2 * IOTSAFE_ECC_KSIZE)) { XSTRNCPY(R, resp + 4, IOTSAFE_ECC_KSIZE * 2);
XSTRNCPY(R, resp + 6, IOTSAFE_ECC_KSIZE * 2); XSTRNCPY(S, resp + 4 + IOTSAFE_ECC_KSIZE * 2,
XSTRNCPY(S, resp + 6 + IOTSAFE_ECC_KSIZE * 2,
IOTSAFE_ECC_KSIZE * 2); IOTSAFE_ECC_KSIZE * 2);
ret = wc_ecc_rs_to_sig(R, S, signature, sigLen); ret = wc_ecc_rs_to_sig(R, S, signature, sigLen);
} else { } else {
@ -1006,8 +1033,6 @@ static int wolfIoT_ecc_keygen(WOLFSSL* ssl, struct ecc_key* key,
} }
#ifdef HAVE_HKDF #ifdef HAVE_HKDF
//hkdf extract iot safe
static int wolfIoT_hkdf_extract(byte* prk, const byte* salt, word32 saltLen, static int wolfIoT_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
byte* ikm, word32 ikmLen, int digest, void* ctx) byte* ikm, word32 ikmLen, int digest, void* ctx)
{ {
@ -1016,23 +1041,14 @@ static int wolfIoT_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
WOLFSSL_MSG("IOTSAFE: Called wolfIoT_hkdf_extract\n"); WOLFSSL_MSG("IOTSAFE: Called wolfIoT_hkdf_extract\n");
#ifdef DEBUG_IOTSAFE
printf("IOTSAFE PK HKDF Extract\n");
printf("salt: ");
for(word32 i = 0; i < saltLen; i++)
printf("%02X", salt[i]);
printf("\nikm: ");
for(word32 i = 0; i < ikmLen; i++)
printf("%02X", ikm[i]);
printf("\nhash: %d\n", digest);
#endif
if(saltLen != 0){ if(saltLen != 0){
ret = iotsafe_hkdf_extract(prk, salt, saltLen, ikm, ikmLen, digest); ret = iotsafe_hkdf_extract(prk, salt, saltLen, ikm, ikmLen, digest);
} }
else{ else{
return NOT_COMPILED_IN; #ifdef DEBUG_IOTSAFE
printf("SALT is NULL, not support by IoT Safe Applet, fallback to software implementation\n");
#endif
ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest);
} }
return ret; return ret;