wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-05 13:44:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes after review comments

Browse Source
This commit is contained in:
Daniele Lacamera
2021-12-09 11:23:44 +01:00
parent 1cb8b34fba
commit f02763b088
1 changed files with 70 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
wolfcrypt/src/port/iotsafe/iotsafe.c
View File

@@ -58,6 +58,8 @@ static wolfSSL_IOTSafe_CSIM_read_cb csim_read_cb = NULL;
static wolfSSL_IOTSafe_CSIM_write_cb csim_write_cb = NULL; static wolfSSL_IOTSafe_CSIM_write_cb csim_write_cb = NULL;
#define GETRAND_CMD_SIZE (24 + 2) #define GETRAND_CMD_SIZE (24 + 2)
#define IOTSAFE_MAX_RETRIES (8)
#define AT_CSIM_CMD_SIZE 13 #define AT_CSIM_CMD_SIZE 13
#define AT_CMD_HDR_SIZE 10 #define AT_CMD_HDR_SIZE 10
@@ -480,10 +482,6 @@ static int iotsafe_readfile(uint8_t *file_id, uint16_t file_id_sz,
iotsafe_cmd_complete(csim_cmd); iotsafe_cmd_complete(csim_cmd);
ret = expect_csim_response(csim_cmd, (word32)XSTRLEN(csim_cmd), &resp); ret = expect_csim_response(csim_cmd, (word32)XSTRLEN(csim_cmd), &resp);
if (ret > 0) { if (ret > 0) {
/*
if (ret > 2 * 0xF3)
ret = 2 * 0xF3;
*/
if (ret > 2 * (file_sz - off)) if (ret > 2 * (file_sz - off))
ret = 2 * (file_sz - off); ret = 2 * (file_sz - off);
if (hex_to_bytes(resp, content + off, (ret / 2)) < 0) { if (hex_to_bytes(resp, content + off, (ret / 2)) < 0) {
@@ -529,7 +527,9 @@ static int iotsafe_getrandom(unsigned char* output, unsigned long sz)
else else
ret = 0; ret = 0;
} }
for (i = 0; i < 3; i++) {
/* Send an empty command until the applet is responsive again */
for (i = 0; i < IOTSAFE_MAX_RETRIES; i++) {
if (expect_tok(NULL, 0, NULL, NULL) < 0) { if (expect_tok(NULL, 0, NULL, NULL) < 0) {
ret = WC_HW_E; ret = WC_HW_E;
} }
@@ -591,7 +591,7 @@ static int iotsafe_parse_public_key(char* resp, int len, ecc_key *key)
* Return -1 on error; 0 if the operation is successful, but * Return -1 on error; 0 if the operation is successful, but
* the generated public key was not yet stored in `key`; 1 if * the generated public key was not yet stored in `key`; 1 if
* the operation is successful and the public key was found in the * the operation is successful and the public key was found in the
* command response and copied to the `key` structure. * command response and copied to the `key` structure, if not NULL.
*/ */
static int iotsafe_gen_keypair(byte *wr_slot, unsigned long id_size, static int iotsafe_gen_keypair(byte *wr_slot, unsigned long id_size,
ecc_key *key) ecc_key *key)
@@ -605,7 +605,7 @@ static int iotsafe_gen_keypair(byte *wr_slot, unsigned long id_size,
if (ret < 1) { if (ret < 1) {
WOLFSSL_MSG("Unexpected reply from Keygen"); WOLFSSL_MSG("Unexpected reply from Keygen");
ret = WC_HW_E; ret = WC_HW_E;
} else { } else if (key != NULL) {
if (iotsafe_parse_public_key(resp, ret, key) == 0) { if (iotsafe_parse_public_key(resp, ret, key) == 0) {
/* iotsafe_parse_public_key was successful on response. /* iotsafe_parse_public_key was successful on response.
* Return '1' here to indicate that the key is populated. * Return '1' here to indicate that the key is populated.
@@ -617,6 +617,8 @@ static int iotsafe_gen_keypair(byte *wr_slot, unsigned long id_size,
*/ */
ret = 0; ret = 0;
} }
} else {
ret = 0;
} }
return ret; return ret;
} }
@@ -646,6 +648,7 @@ static int iotsafe_put_public_key(byte *pubkey_id, unsigned long id_size,
{ {
char *resp; char *resp;
int ret; int ret;
int retries = 0;
word32 qxlen = IOTSAFE_ECC_KSIZE, qylen = IOTSAFE_ECC_KSIZE; word32 qxlen = IOTSAFE_ECC_KSIZE, qylen = IOTSAFE_ECC_KSIZE;
byte ecc_pub_raw[IOTSAFE_TAG_ECC_KEY_FIELD_SZ] = { byte ecc_pub_raw[IOTSAFE_TAG_ECC_KEY_FIELD_SZ] = {
IOTSAFE_TAG_ECC_KEY_TYPE, IOTSAFE_TAG_ECC_KEY_TYPE,
@@ -676,7 +679,12 @@ static int iotsafe_put_public_key(byte *pubkey_id, unsigned long id_size,
do { do {
ret = expect_ok("AT\r\n", 4); ret = expect_ok("AT\r\n", 4);
if (ret == 0) {
if (++retries > IOTSAFE_MAX_RETRIES)
return WC_HW_E;
}
} while (ret == 0); } while (ret == 0);
retries = 0;
if (ret > 0) { if (ret > 0) {
/* Put Public Update */ /* Put Public Update */
@@ -700,7 +708,12 @@ static int iotsafe_put_public_key(byte *pubkey_id, unsigned long id_size,
} }
do { do {
ret = expect_ok("AT\r\n", 4); ret = expect_ok("AT\r\n", 4);
if (ret == 0) {
if (++retries > IOTSAFE_MAX_RETRIES)
ret = WC_HW_E;
}
} while (ret == 0); } while (ret == 0);
if (ret > 0)
ret = 0; ret = 0;
} }
} }
@@ -717,6 +730,7 @@ static int iotsafe_sign_hash(byte *privkey_idx, uint16_t id_size,
char *resp; char *resp;
char R[2 * IOTSAFE_ECC_KSIZE + 1]; char R[2 * IOTSAFE_ECC_KSIZE + 1];
char S[2 * IOTSAFE_ECC_KSIZE + 1]; char S[2 * IOTSAFE_ECC_KSIZE + 1];
int retries = 0;
R[2*IOTSAFE_ECC_KSIZE] = '\0'; R[2*IOTSAFE_ECC_KSIZE] = '\0';
S[2*IOTSAFE_ECC_KSIZE] = '\0'; S[2*IOTSAFE_ECC_KSIZE] = '\0';
@@ -742,9 +756,14 @@ static int iotsafe_sign_hash(byte *privkey_idx, uint16_t id_size,
} }
do { do {
ret = expect_ok("AT\r\n", 4); ret = expect_ok("AT\r\n", 4);
if (ret == 0) {
if (++retries > IOTSAFE_MAX_RETRIES)
return WC_HW_E;
}
} while (ret == 0); } while (ret == 0);
if (ret < 0) if (ret < 0)
return WC_HW_E; return WC_HW_E;
retries = 0;
/* Compose sign_update message with hash to sign */ /* Compose sign_update message with hash to sign */
iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS, iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS,
@@ -781,6 +800,10 @@ static int iotsafe_sign_hash(byte *privkey_idx, uint16_t id_size,
} }
do { do {
ret = expect_ok("AT\r\n", 4); ret = expect_ok("AT\r\n", 4);
if (ret == 0) {
if (++retries > IOTSAFE_MAX_RETRIES)
ret = WC_HW_E;
}
} while (ret == 0); } while (ret == 0);
if (ret < 0) if (ret < 0)
return WC_HW_E; return WC_HW_E;
@@ -803,6 +826,7 @@ static int iotsafe_verify_hash(byte *pubkey_idx, uint16_t id_size,
uint16_t hash_algo_be = XHTONS(hash_algo); uint16_t hash_algo_be = XHTONS(hash_algo);
int ret = 1; int ret = 1;
char *resp; char *resp;
int retries = 0;
*result = 0; *result = 0;
iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS, IOTSAFE_INS_VERIFY_INIT, 0, 1); iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS, IOTSAFE_INS_VERIFY_INIT, 0, 1);
@@ -821,9 +845,14 @@ static int iotsafe_verify_hash(byte *pubkey_idx, uint16_t id_size,
} }
do { do {
ret = expect_ok("AT\r\n", 4); ret = expect_ok("AT\r\n", 4);
if (ret == 0) {
if (++retries > IOTSAFE_MAX_RETRIES)
return WC_HW_E;
}
} while (ret == 0); } while (ret == 0);
if (ret < 0) if (ret < 0)
return WC_HW_E; return WC_HW_E;
retries = 0;
/* Compose verify_update message with hash + signature */ /* Compose verify_update message with hash + signature */
iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS, iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS,
@@ -863,12 +892,17 @@ static int iotsafe_verify_hash(byte *pubkey_idx, uint16_t id_size,
do { do {
ret = expect_ok("AT\r\n", 4); ret = expect_ok("AT\r\n", 4);
if (ret == 0) {
if (++retries > IOTSAFE_MAX_RETRIES)
return WC_HW_E;
}
} while (ret == 0); } while (ret == 0);
if (ret < 0) { if (ret < 0) {
return WC_HW_E; return WC_HW_E;
} else { } else {
ret = 0; ret = 0;
} }
retries = 0;
} else { } else {
/* TODO: RSA */ /* TODO: RSA */
ret = NOT_COMPILED_IN; ret = NOT_COMPILED_IN;
@@ -905,7 +939,8 @@ static int wolfIoT_ecc_keygen(WOLFSSL* ssl, struct ecc_key* key,
#endif #endif
if (iotsafe->enabled) { if (iotsafe->enabled) {
ret = iotsafe_gen_keypair((byte *)&iotsafe->ecdh_keypair_slot, IOTSAFE_ID_SIZE, key); ret = iotsafe_gen_keypair((byte *)&iotsafe->ecdh_keypair_slot,
IOTSAFE_ID_SIZE, key);
if (ret == 0) { if (ret == 0) {
ret = iotsafe_get_public_key((byte *)&iotsafe->ecdh_keypair_slot, ret = iotsafe_get_public_key((byte *)&iotsafe->ecdh_keypair_slot,
IOTSAFE_ID_SIZE, key); IOTSAFE_ID_SIZE, key);
@@ -1095,6 +1130,7 @@ static int wolfIoT_ecc_shared_secret(WOLFSSL* ssl, struct ecc_key* otherKey,
IOTSAFE *iotsafe = wolfSSL_get_iotsafe_ctx(ssl); IOTSAFE *iotsafe = wolfSSL_get_iotsafe_ctx(ssl);
byte *keypair_slot; byte *keypair_slot;
byte *pubkey_idx; byte *pubkey_idx;
int retries = 0;
#ifndef WOLFSSL_SMALL_STACK #ifndef WOLFSSL_SMALL_STACK
ecc_key _tmpKey; ecc_key _tmpKey;
tmpKey = &_tmpKey; tmpKey = &_tmpKey;
@@ -1151,7 +1187,8 @@ static int wolfIoT_ecc_shared_secret(WOLFSSL* ssl, struct ecc_key* otherKey,
/* Exporting generated public key into DER buffer */ /* Exporting generated public key into DER buffer */
ret = wc_ecc_export_x963(tmpKey, pubKeyDer, pubKeySz); ret = wc_ecc_export_x963(tmpKey, pubKeyDer, pubKeySz);
if (ret == 0) { if (ret == 0) {
WOLFSSL_MSG("IoT-SAFE: Key pair generated, public key exported"); WOLFSSL_MSG(
"IoT-SAFE: Key pair generated, public key exported");
} else { } else {
WOLFSSL_MSG("IoT-SAFE: Error storing Public key."); WOLFSSL_MSG("IoT-SAFE: Error storing Public key.");
} }
@@ -1168,20 +1205,23 @@ static int wolfIoT_ecc_shared_secret(WOLFSSL* ssl, struct ecc_key* otherKey,
if (ret == 0) { if (ret == 0) {
do { do {
ret = expect_ok("AT\r\n", 4); ret = expect_ok("AT\r\n", 4);
if (ret == 0) {
if (++retries > IOTSAFE_MAX_RETRIES)
ret = WC_HW_E;
}
} while (ret == 0); } while (ret == 0);
if (ret > 0) { if (ret > 0) {
/* Generating shared secret /* Generating shared secret
*/ */
#if (IOTSAFE_ID_SIZE == 1) iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS, IOTSAFE_INS_COMPUTE_DH,
#elif (IOTSAFE_ID_SIZE == 2) 0, 0);
#else iotsafe_cmd_add_tlv(csim_cmd, IOTSAFE_TAG_PRIVKEY_ID,
#error "IOTSAFE key generation unsupported for key size" IOTSAFE_ID_SIZE, keypair_slot);
#endif iotsafe_cmd_add_tlv(csim_cmd, IOTSAFE_TAG_PUBKEY_ID,
iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS, IOTSAFE_INS_COMPUTE_DH, 0, 0); IOTSAFE_ID_SIZE, pubkey_idx);
iotsafe_cmd_add_tlv(csim_cmd, IOTSAFE_TAG_PRIVKEY_ID, IOTSAFE_ID_SIZE, keypair_slot);
iotsafe_cmd_add_tlv(csim_cmd, IOTSAFE_TAG_PUBKEY_ID, IOTSAFE_ID_SIZE, pubkey_idx);
iotsafe_cmd_complete(csim_cmd); iotsafe_cmd_complete(csim_cmd);
ret = expect_csim_response(csim_cmd, (word32)XSTRLEN(csim_cmd), &resp); ret = expect_csim_response(csim_cmd, (word32)XSTRLEN(csim_cmd),
&resp);
} }
} }
if (ret <= 0) { if (ret <= 0) {
@@ -1281,8 +1321,8 @@ int wc_iotsafe_ecc_export_public_ex(ecc_key *key, byte *key_id, uint16_t id_size
int wc_iotsafe_ecc_sign_hash_ex(byte *in, word32 inlen, byte *out, int wc_iotsafe_ecc_sign_hash_ex(byte *in, word32 inlen, byte *out,
word32 *outlen, byte *key_id, uint16_t id_size) word32 *outlen, byte *key_id, uint16_t id_size)
{ {
return iotsafe_sign_hash(key_id, id_size, IOTSAFE_HASH_SHA256, IOTSAFE_SIGN_ECDSA, return iotsafe_sign_hash(key_id, id_size, IOTSAFE_HASH_SHA256,
in, inlen, out, outlen); IOTSAFE_SIGN_ECDSA, in, inlen, out, outlen);
} }
int wc_iotsafe_ecc_verify_hash_ex(byte *sig, word32 siglen, byte *hash, int wc_iotsafe_ecc_verify_hash_ex(byte *sig, word32 siglen, byte *hash,
@@ -1300,20 +1340,15 @@ int wc_iotsafe_ecc_verify_hash_ex(byte *sig, word32 siglen, byte *hash,
ret = wc_ecc_sig_to_rs(sig, siglen, sig_raw, &r_size, sig_raw ret = wc_ecc_sig_to_rs(sig, siglen, sig_raw, &r_size, sig_raw
+ IOTSAFE_ECC_KSIZE, &s_size); + IOTSAFE_ECC_KSIZE, &s_size);
if (ret == 0) if (ret == 0)
ret = iotsafe_verify_hash(key_id, id_size, IOTSAFE_HASH_SHA256, IOTSAFE_SIGN_ECDSA, ret = iotsafe_verify_hash(key_id, id_size, IOTSAFE_HASH_SHA256,
hash, hashlen, sig_raw, 2 * IOTSAFE_ECC_KSIZE, res); IOTSAFE_SIGN_ECDSA, hash, hashlen, sig_raw, 2 * IOTSAFE_ECC_KSIZE,
res);
return ret; return ret;
} }
int wc_iotsafe_ecc_gen_k_ex(byte *key_id, uint16_t id_size) int wc_iotsafe_ecc_gen_k_ex(byte *key_id, uint16_t id_size)
{ {
int ret = 0; return iotsafe_gen_keypair(key_id, id_size, NULL);
ecc_key* key = XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC);
ret = iotsafe_gen_keypair(key_id, id_size, key);
if (ret > 0)
ret = 0;
XFREE(key, NULL, DYNAMIC_TYPE_ECC);
return ret;
} }
int wc_iotsafe_ecc_import_public(ecc_key *key, byte key_id) int wc_iotsafe_ecc_import_public(ecc_key *key, byte key_id)
@@ -1342,13 +1377,7 @@ int wc_iotsafe_ecc_verify_hash(byte *sig, word32 siglen, byte *hash,
} }
int wc_iotsafe_ecc_gen_k(byte key_id) int wc_iotsafe_ecc_gen_k(byte key_id)
{ {
int ret = 0; return iotsafe_gen_keypair(&key_id, 1, NULL);
ecc_key* key = XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC);
ret = iotsafe_gen_keypair(&key_id, 1, key);
if (ret > 0)
ret = 0;
XFREE(key, NULL, DYNAMIC_TYPE_ECC);
return ret;
} }
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
@@ -1414,23 +1443,16 @@ int wolfSSL_CTX_iotsafe_enable(WOLFSSL_CTX *ctx)
return 0; return 0;
} }
int wolfSSL_iotsafe_on_ex(WOLFSSL *ssl, byte *privkey_id, int wolfSSL_iotsafe_on_ex(WOLFSSL *ssl, byte *privkey_id, byte *ecdh_keypair_slot,
byte *ecdh_keypair_slot, byte *peer_pubkey_slot, byte *peer_cert_slot, word16 id_size) byte *peer_pubkey_slot, byte *peer_cert_slot, word16 id_size)
{ {
#if defined(HAVE_PK_CALLBACKS) #if defined(HAVE_PK_CALLBACKS)
int ret; int ret;
IOTSAFE iotsafe; IOTSAFE iotsafe;
#ifdef TWO_BYTES_ID_DEMO
iotsafe.privkey_id = *privkey_id;
iotsafe.ecdh_keypair_slot = *ecdh_keypair_slot;
iotsafe.peer_pubkey_slot = *peer_pubkey_slot;
iotsafe.peer_cert_slot = *peer_cert_slot;
#else
XMEMCPY(&iotsafe.privkey_id, privkey_id, id_size); XMEMCPY(&iotsafe.privkey_id, privkey_id, id_size);
XMEMCPY(&iotsafe.ecdh_keypair_slot, ecdh_keypair_slot, id_size); XMEMCPY(&iotsafe.ecdh_keypair_slot, ecdh_keypair_slot, id_size);
XMEMCPY(&iotsafe.peer_pubkey_slot, peer_pubkey_slot, id_size); XMEMCPY(&iotsafe.peer_pubkey_slot, peer_pubkey_slot, id_size);
XMEMCPY(&iotsafe.peer_cert_slot, peer_cert_slot, id_size); XMEMCPY(&iotsafe.peer_cert_slot, peer_cert_slot, id_size);
#endif
iotsafe.enabled = 1; iotsafe.enabled = 1;
ret = wolfSSL_set_iotsafe_ctx(ssl, &iotsafe); ret = wolfSSL_set_iotsafe_ctx(ssl, &iotsafe);
if (ret == 0) { if (ret == 0) {
@@ -1453,7 +1475,7 @@ int wolfSSL_iotsafe_on_ex(WOLFSSL *ssl, byte *privkey_id,
int wolfSSL_iotsafe_on(WOLFSSL *ssl, byte privkey_id, int wolfSSL_iotsafe_on(WOLFSSL *ssl, byte privkey_id,
byte ecdh_keypair_slot, byte peer_pubkey_slot, byte peer_cert_slot) byte ecdh_keypair_slot, byte peer_pubkey_slot, byte peer_cert_slot)
{ {
return wolfSSL_iotsafe_on_ex(ssl, &privkey_id, &ecdh_keypair_slot, &peer_pubkey_slot, return wolfSSL_iotsafe_on_ex(ssl, &privkey_id, &ecdh_keypair_slot,
&peer_cert_slot, 1); &peer_pubkey_slot, &peer_cert_slot, 1);
} }
#endif /* WOLFSSL_IOTSAFE */ #endif /* WOLFSSL_IOTSAFE */