WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #7176 from danielinux/iotsafe-sha384 

IoT-Safe sha384+sha512 support
pull/7185/head
David Garske 2024-01-29 07:35:50 -08:00 committed by GitHub
parent 3db58af4f8 72e34a829a
commit 60de159707
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 22 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/dox_comments/header_files/iotsafe.h
View File

@ -346,7 +346,7 @@ int wc_iotsafe_ecc_export_private_ex(ecc_key *key, byte *key_id, word16 id_size)
/*! /*!
\ingroup IoTSafe \ingroup IoTSafe
\brief Sign a pre-computed 256-bit HASH, using a private key previously stored, or pre-provisioned, \brief Sign a pre-computed HASH, using a private key previously stored, or pre-provisioned,
in the IoT-Safe applet. in the IoT-Safe applet.
\param in pointer to the buffer containing the message hash to sign \param in pointer to the buffer containing the message hash to sign
@ -367,7 +367,7 @@ int wc_iotsafe_ecc_sign_hash(byte *in, word32 inlen, byte *out, word32 *outlen,
/*! /*!
\ingroup IoTSafe \ingroup IoTSafe
\brief Sign a pre-computed 256-bit HASH, using a private key previously stored, or pre-provisioned, \brief Sign a pre-computed HASH, using a private key previously stored, or pre-provisioned,
in the IoT-Safe applet. Equivalent to \ref wc_iotsafe_ecc_sign_hash "wc_iotsafe_ecc_sign_hash", in the IoT-Safe applet. Equivalent to \ref wc_iotsafe_ecc_sign_hash "wc_iotsafe_ecc_sign_hash",
except that it can be invoked with a key ID of two or more bytes. except that it can be invoked with a key ID of two or more bytes.
@ -390,7 +390,7 @@ int wc_iotsafe_ecc_sign_hash_ex(byte *in, word32 inlen, byte *out, word32 *outle
/*! /*!
\ingroup IoTSafe \ingroup IoTSafe
\brief Verify an ECC signature against a pre-computed 256-bit HASH, using a public key previously stored, or pre-provisioned, \brief Verify an ECC signature against a pre-computed HASH, using a public key previously stored, or pre-provisioned,
in the IoT-Safe applet. Result is written to res. 1 is valid, 0 is invalid. in the IoT-Safe applet. Result is written to res. 1 is valid, 0 is invalid.
Note: Do not use the return value to test for valid. Only use res. Note: Do not use the return value to test for valid. Only use res.
@ -412,7 +412,7 @@ int wc_iotsafe_ecc_verify_hash(byte *sig, word32 siglen, byte *hash, word32 hash
/*! /*!
\ingroup IoTSafe \ingroup IoTSafe
\brief Verify an ECC signature against a pre-computed 256-bit HASH, using a public key previously stored, or pre-provisioned, \brief Verify an ECC signature against a pre-computed HASH, using a public key previously stored, or pre-provisioned,
in the IoT-Safe applet. Result is written to res. 1 is valid, 0 is invalid. in the IoT-Safe applet. Result is written to res. 1 is valid, 0 is invalid.
Note: Do not use the return value to test for valid. Only use res. Note: Do not use the return value to test for valid. Only use res.
Equivalent to \ref wc_iotsafe_ecc_verify_hash "wc_iotsafe_ecc_verify_hash", Equivalent to \ref wc_iotsafe_ecc_verify_hash "wc_iotsafe_ecc_verify_hash",

44
wolfcrypt/src/port/iotsafe/iotsafe.c
View File

@ -749,43 +749,37 @@ static int iotsafe_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
int ret; int ret;
char *resp; char *resp;
uint16_t hash_algo = 0; uint16_t hash_algo = 0;
int len; int hash_len;
uint16_t hash_algo_be = 0; uint16_t hash_algo_be = 0;
WOLFSSL_MSG("Enter iotsafe_hkdf_extract"); WOLFSSL_MSG("Enter iotsafe_hkdf_extract");
switch (digest) { switch (digest) {
#ifndef NO_SHA256 #ifndef NO_SHA256
case WC_SHA256: case WC_SHA256:
hash_algo = (uint16_t)1; hash_algo = (uint16_t)1;
if (ikmLen == 0) { hash_len = WC_SHA256_DIGEST_SIZE;
len = WC_SHA256_DIGEST_SIZE;
}
break; break;
#endif #endif
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
case WC_SHA384: case WC_SHA384:
hash_algo = (uint16_t)2; hash_algo = (uint16_t)2;
if (ikmLen == 0) { hash_len = WC_SHA384_DIGEST_SIZE;
len = WC_SHA384_DIGEST_SIZE;
}
break; break;
#endif #endif
#ifdef WOLFSSL_TLS13_SHA512 #ifdef WOLFSSL_SHA512
case WC_SHA512: case WC_SHA512:
hash_algo = (uint16_t)4; hash_algo = (uint16_t)4;
if (ikmLen == 0) { hash_len = WC_SHA512_DIGEST_SIZE;
len = WC_SHA512_DIGEST_SIZE;
}
break; break;
#endif #endif
default: default:
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
break; break;
} }
if (ikmLen == 0) { if (ikmLen == 0) {
ikmLen = len; ikmLen = hash_len;
XMEMSET(ikm, 0, len); XMEMSET(ikm, 0, hash_len);
} }
#ifdef DEBUG_IOTSAFE #ifdef DEBUG_IOTSAFE
@ -812,14 +806,12 @@ static int iotsafe_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
WOLFSSL_MSG("Unexpected reply from HKDF extract"); WOLFSSL_MSG("Unexpected reply from HKDF extract");
ret = WC_HW_E; ret = WC_HW_E;
} else { } else {
ret = hexbuffer_conv(resp, prk, hash_len);
ret = hexbuffer_conv(resp, prk, 32);
if (ret < 0) if (ret < 0)
ret = WC_HW_E; ret = WC_HW_E;
else else
ret = 0; ret = 0;
} }
return ret; return ret;
} }
#endif #endif