revert changes + spelling/comments

2025-07-29 18:27:29 +02:00 · 2021-12-22 15:11:50 +08:00
parent 9091cbde5f
commit c7fc0fac05
3 changed files with 25 additions and 15 deletions
--- a/IDE/iotsafe-raspberrypi/README.md
+++ b/IDE/iotsafe-raspberrypi/README.md
@ -108,16 +108,18 @@ wolfSSL_iotsafe_on(ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID, PEER_PUBKEY_ID, PEER_CERT_I

 First, user needs to build wolfSSL with the following options:
 ```
-./configure --enable-tls13 --enable-pkcallbacks --enable-debug --enable-iotsafe --enable-hkdf
+./configure CFLAGS="-DWOLFSSL_TRUST_PEER_CERT" --enable-tls13 --enable-pkcallbacks --enable-debug --enable-iotsafe --enable-hkdf
 ```

 Additionally, user can pass `CFLAGS="-DDEBUG_WOLFSSL -DWOLFSSL_DEBUG_TLS -DDEBUG_IOTSAFE"` if more debugging information is to be used. This can clutter the demo stdout more than `--enable-debug` does, but this is very useful to see the overall TLS 1.3 handshaking process with IoT-SAFE.

 Hence, the full wolfSSL build for the demo is:
 ```
-./configure CFLAGS="-DDEBUG_WOLFSSL -DWOLFSSL_DEBUG_TLS -DDEBUG_IOTSAFE" --enable-tls13 --enable-pkcallbacks --enable-debug --enable-iotsafe
+./configure CFLAGS="-DWOLFSSL_TRUST_PEER_CERT -DDEBUG_WOLFSSL -DWOLFSSL_DEBUG_TLS -DDEBUG_IOTSAFE" --enable-tls13 --enable-pkcallbacks --enable-debug --enable-iotsafe
 ```

+`-DWOLFSSL_TRUST_PEER_CERT` is needed for `wolfSSL_CTX_trust_peer_buffer` in `IDE/iotsafe-raspberrypi/client-tls13.c`
+
 ### Running

 After building wolfSSL, from this directory, run `make` and a help usage will be shown.
@ -129,7 +131,7 @@ make all

 Run below to enable printing UART IO:
 ```
-make all ENABLE_DEBUG_UART_IO_EXTRA=on
+make all ENABLE_DEBUG_UART_IO_EXTRA=on|off
 ```

 Run the built `./main.bin` to print the help usage.
--- a/IDE/iotsafe-raspberrypi/client-tls13.c
+++ b/IDE/iotsafe-raspberrypi/client-tls13.c
@ -187,7 +187,7 @@ int client_loop(const char *peer_ip, const char *peer_name, const char *peer_por

    /* Construct HTTP POST */

-    // Header
+    /* Header */
    strcat(buff, "POST /iot/device HTTP/1.1\r\n");
    strcat(buff, "Content-Type: application/json\r\n");
    strcat(buff, "Content-Length: 1000\r\n");
@ -198,10 +198,10 @@ int client_loop(const char *peer_ip, const char *peer_name, const char *peer_por
    strcat(buff, peer_port);
    strcat(buff, "\r\n");

-    // Delimiter
+    /* Delimiter */
    strcat(buff, "\r\n");

-    // Body
+    /* Body */
    srand(time(NULL));
    int devid    = rand() % 100;
    char snum[5] = {0};
@ -240,7 +240,7 @@ int client_loop(const char *peer_ip, const char *peer_name, const char *peer_por

    /* Fill in the server address */
    printf("Peer port: %s\n", peer_port);
-    servAddr.sin_family = AF_INET; // Using IPv4
+    servAddr.sin_family = AF_INET; /* Using IPv4 */
    servAddr.sin_port   = htons(atoi(peer_port));

    /* Get the server IPv4 address from the command line call */
--- a/wolfcrypt/src/port/iotsafe/iotsafe.c
+++ b/wolfcrypt/src/port/iotsafe/iotsafe.c
@ -453,7 +453,7 @@ static int iotsafe_readfile(uint8_t *file_id, uint16_t file_id_sz,
        return ret;
    }

-    filesz_s = search_tlv(resp, ret, 0x20);
+    filesz_s = search_tlv(resp + 4, ret, 0x20);
    if ((filesz_s) && (XSTRLEN(filesz_s)) >= 8) {
        uint8_t fs_msb, fs_lsb;
        if (hex_to_bytes(filesz_s + 4, &fs_msb, 1) < 0)
@ -730,25 +730,32 @@ static int iotsafe_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,

    WOLFSSL_MSG("Enter iotsafe_hkdf_extract");
     switch (digest) {
+        #ifndef NO_SHA256
        case WC_SHA256:
         hash_algo = (uint16_t)1;
         if (ikmLen == 0) {
             len = WC_SHA256_DIGEST_SIZE;
         }
            break;
+        #endif
+        #ifdef WOLFSSL_SHA384
        case WC_SHA384:
          hash_algo = (uint16_t)2;
           if (ikmLen == 0) {
             len = WC_SHA384_DIGEST_SIZE;
         }
             break;
+        #endif
+        #ifdef WOLFSSL_TLS13_SHA512
        case WC_SHA512:
            hash_algo = (uint16_t)4;
             if (ikmLen == 0) {
             len = WC_SHA512_DIGEST_SIZE;
         }
            break;
+        #endif
        default:
+            return BAD_FUNC_ARG;
            break;
     }

@ -848,13 +855,14 @@ static int iotsafe_sign_hash(byte *privkey_idx, uint16_t id_size,

        ret = expect_csim_response(csim_cmd, (word32)XSTRLEN(csim_cmd), &resp);
        if (ret >= 0) {
-            byte sig_hdr[2];
-            if (hex_to_bytes(resp, sig_hdr, 2) < 0) {
+            byte sig_hdr[3];
+            if (hex_to_bytes(resp, sig_hdr, 3) < 0) {
               ret = BAD_FUNC_ARG;
            } else if ((sig_hdr[0] == IOTSAFE_TAG_SIGNATURE_FIELD) &&
-                       (sig_hdr[1] ==  2 * IOTSAFE_ECC_KSIZE)) {
-                XSTRNCPY(R, resp + 4, IOTSAFE_ECC_KSIZE * 2);
-                XSTRNCPY(S, resp + 4 + IOTSAFE_ECC_KSIZE * 2,
+                       (sig_hdr[1] == 0) &&
+                       (sig_hdr[2] ==  2 * IOTSAFE_ECC_KSIZE)) {
+                XSTRNCPY(R, resp + 6, IOTSAFE_ECC_KSIZE * 2);
+                XSTRNCPY(S, resp + 6 + IOTSAFE_ECC_KSIZE * 2,
                        IOTSAFE_ECC_KSIZE * 2);
                ret = wc_ecc_rs_to_sig(R, S, signature, sigLen);
            } else {
@ -1045,8 +1053,8 @@ static int wolfIoT_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
         ret = iotsafe_hkdf_extract(prk, salt, saltLen, ikm, ikmLen, digest);
    }
    else{
-        #ifdef DEBUG_IOTSAFE
-        printf("NULL Salt length not supported by IoT Safe Applet, fallback to software implementation\n");
+         #ifdef DEBUG_IOTSAFE
+        printf("SALT is NULL, not supported by IoT Safe Applet, fallback to software implementation\n");
        #endif
        ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest);
    }