fixing comments and spelling; fallback hkdf imp + signature header

IDE/iotsafe-raspberrypi/main.c

@@ -56,8 +56,6 @@
 
 static int serial_fd = -1;
 
-
-
 /* Function Declarations */
 
 extern int client_loop(const char *peer_ip, const char *peer_name, const char *peer_port, const char *temperature);
@@ -133,10 +131,11 @@ static int usart_read(char *buf, int len)
 
     int ret = 0;
     int i = 0;
-    char c;
+    char c;  
     memset(buf, 0, len);
 
-    // Read 1 byte at one time until *buf is full or a POSIX read error like timeout occurs.
+  
+   /* Read 1 byte at one time until *buf is full or a POSIX read error like timeout occurs. */
     do
     {
         ret = read(serial_fd, &c, 1U);
@@ -147,6 +146,8 @@ static int usart_read(char *buf, int len)
                 break;
         }
     } while (i < len && ret > 0);
+     
+
 
 #ifdef DEBUG_UART_IO
     printf("UART Read Actual   : %d bytes\n", i);
@@ -200,7 +201,7 @@ static void show_usage(const char *program)
     printf("\t-ip <server IPv4 address eg: 127.0.0.1>\n");
     printf("\t-h <server name eg: xxx.amazon.com>\n");
     printf("\t-p <server port eg: 443>\n");
-    printf("\t-t <temperature eg: 25Celcius>\n");
+    printf("\t-t <temperature eg: 25 Celsius>\n");
     printf("\t-d <serial device eg: /dev/ttyACM0>\n");
     exit(-1);
 }

src/tls13.c

@@ -860,11 +860,6 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt, int sal
     CallbackHKDFExtract cb = ssl->ctx->HkdfExtractCb;
     if (cb != NULL) {
         ret = cb(prk, salt, saltLen, ikm, ikmLen, digest, cb_ctx);
-        if(ret == NOT_COMPILED_IN)
-        {
-            WOLFSSL_MSG("Not supported by callback, fallback to software implementation");
-            ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest);
-        }
     }
     else
 #endif
@@ -955,7 +950,7 @@ int DeriveMasterSecret(WOLFSSL* ssl)
     PRIVATE_KEY_UNLOCK();
     ret = Tls13_HKDF_Extract(ssl, ssl->arrays->masterSecret,
             key, ssl->specs.hash_size,
-            ssl->arrays->masterSecret, 0, mac2hash(ssl->specs.mac_algorithm));
+            ssl->arrays->masterSecret, 32, mac2hash(ssl->specs.mac_algorithm));
     PRIVATE_KEY_LOCK();
 
 #ifdef HAVE_KEYING_MATERIAL

wolfcrypt/src/port/iotsafe/iotsafe.c

@@ -720,28 +720,56 @@ static int iotsafe_put_public_key(byte *pubkey_id, unsigned long id_size,
     return ret;
 }
 #ifdef HAVE_HKDF
-//hkdf extract
 static int iotsafe_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
        byte* ikm, word32 ikmLen, int digest)
 {
     int ret;
     char *resp;
 	uint16_t hash_algo  = 0;
+    int len;
 
     WOLFSSL_MSG("Enter iotsafe_hkdf_extract");
      switch (digest) {
         case WC_SHA256:
          hash_algo = (uint16_t)1;
+         if (ikmLen == 0) {
+             len = WC_SHA256_DIGEST_SIZE;
+         }
             break;
         case WC_SHA384:
           hash_algo = (uint16_t)2;
+           if (ikmLen == 0) {
+             len = WC_SHA384_DIGEST_SIZE;
+         }
              break;
         case WC_SHA512:
             hash_algo = (uint16_t)4;
+             if (ikmLen == 0) {
+             len = WC_SHA512_DIGEST_SIZE;
+         }
             break;
         default:
             break;
      }
+
+    if (ikmLen == 0) {
+        ikmLen = len;
+        XMEMSET(ikm, 0, len);
+    }
+
+    #ifdef DEBUG_IOTSAFE
+    printf("IOTSAFE PK HKDF Extract\n");
+    printf("salt: ");
+    for(word32 i = 0; i < saltLen; i++)
+        printf("%02X", salt[i]);
+
+    printf("\nikm: ");
+    for(word32 i = 0; i < ikmLen; i++)
+        printf("%02X", ikm[i]);
+
+    printf("\nhash: %d\n", digest);
+    #endif
+
 	uint16_t hash_algo_be = XHTONS(hash_algo);
 
     iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS, IOTSAFE_INS_HKDF_EXTRACT, 0, 0);
@@ -820,14 +848,13 @@ static int iotsafe_sign_hash(byte *privkey_idx, uint16_t id_size,
 
         ret = expect_csim_response(csim_cmd, (word32)XSTRLEN(csim_cmd), &resp);
         if (ret >= 0) {
-            byte sig_hdr[3];
-            if (hex_to_bytes(resp, sig_hdr, 3) < 0) {
+            byte sig_hdr[2];
+            if (hex_to_bytes(resp, sig_hdr, 2) < 0) {
                ret = BAD_FUNC_ARG;
             } else if ((sig_hdr[0] == IOTSAFE_TAG_SIGNATURE_FIELD) &&
-                       (sig_hdr[1] == 0) &&
-                       (sig_hdr[2] == 2 * IOTSAFE_ECC_KSIZE)) {
-                XSTRNCPY(R, resp + 6, IOTSAFE_ECC_KSIZE * 2);
-                XSTRNCPY(S, resp + 6 + IOTSAFE_ECC_KSIZE * 2,
+                       (sig_hdr[1] ==  2 * IOTSAFE_ECC_KSIZE)) {
+                XSTRNCPY(R, resp + 4, IOTSAFE_ECC_KSIZE * 2);
+                XSTRNCPY(S, resp + 4 + IOTSAFE_ECC_KSIZE * 2,
                         IOTSAFE_ECC_KSIZE * 2);
                 ret = wc_ecc_rs_to_sig(R, S, signature, sigLen);
             } else {
@@ -1006,8 +1033,6 @@ static int wolfIoT_ecc_keygen(WOLFSSL* ssl, struct ecc_key* key,
 }
 
 #ifdef HAVE_HKDF
-
-//hkdf extract iot safe
 static int wolfIoT_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
        byte* ikm, word32 ikmLen, int digest, void* ctx)
 {
@@ -1016,23 +1041,14 @@ static int wolfIoT_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
 
     WOLFSSL_MSG("IOTSAFE: Called wolfIoT_hkdf_extract\n");
 
-    #ifdef DEBUG_IOTSAFE
-    printf("IOTSAFE PK HKDF Extract\n");
-    printf("salt: ");
-    for(word32 i = 0; i < saltLen; i++)
-        printf("%02X", salt[i]);
-
-    printf("\nikm: ");
-    for(word32 i = 0; i < ikmLen; i++)
-        printf("%02X", ikm[i]);
-
-    printf("\nhash: %d\n", digest);
-    #endif
     if(saltLen != 0){
          ret = iotsafe_hkdf_extract(prk, salt, saltLen, ikm, ikmLen, digest);
     }
     else{
-        return NOT_COMPILED_IN;
+        #ifdef DEBUG_IOTSAFE
+        printf("SALT is NULL, not support by IoT Safe Applet, fallback to software implementation\n");
+        #endif
+        ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest);
     }     
     return ret;