revert changes + spelling/comments

IDE/iotsafe-raspberrypi/README.md

@@ -108,16 +108,18 @@ wolfSSL_iotsafe_on(ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID, PEER_PUBKEY_ID, PEER_CERT_I
 
 First, user needs to build wolfSSL with the following options:
 ```
-./configure --enable-tls13 --enable-pkcallbacks --enable-debug --enable-iotsafe --enable-hkdf
+./configure CFLAGS="-DWOLFSSL_TRUST_PEER_CERT" --enable-tls13 --enable-pkcallbacks --enable-debug --enable-iotsafe --enable-hkdf
 ```
 
 Additionally, user can pass `CFLAGS="-DDEBUG_WOLFSSL -DWOLFSSL_DEBUG_TLS -DDEBUG_IOTSAFE"` if more debugging information is to be used. This can clutter the demo stdout more than `--enable-debug` does, but this is very useful to see the overall TLS 1.3 handshaking process with IoT-SAFE.
 
 Hence, the full wolfSSL build for the demo is:
 ```
-./configure CFLAGS="-DDEBUG_WOLFSSL -DWOLFSSL_DEBUG_TLS -DDEBUG_IOTSAFE" --enable-tls13 --enable-pkcallbacks --enable-debug --enable-iotsafe
+./configure CFLAGS="-DWOLFSSL_TRUST_PEER_CERT -DDEBUG_WOLFSSL -DWOLFSSL_DEBUG_TLS -DDEBUG_IOTSAFE" --enable-tls13 --enable-pkcallbacks --enable-debug --enable-iotsafe
 ```
 
+`-DWOLFSSL_TRUST_PEER_CERT` is needed for `wolfSSL_CTX_trust_peer_buffer` in `IDE/iotsafe-raspberrypi/client-tls13.c`
+
 ### Running
 
 After building wolfSSL, from this directory, run `make` and a help usage will be shown.
@@ -129,7 +131,7 @@ make all
 
 Run below to enable printing UART IO:
 ```
-make all ENABLE_DEBUG_UART_IO_EXTRA=on
+make all ENABLE_DEBUG_UART_IO_EXTRA=on|off
 ```
 
 Run the built `./main.bin` to print the help usage.

IDE/iotsafe-raspberrypi/client-tls13.c

@@ -187,7 +187,7 @@ int client_loop(const char *peer_ip, const char *peer_name, const char *peer_por
 
     /* Construct HTTP POST */
 
-    // Header
+    /* Header */
     strcat(buff, "POST /iot/device HTTP/1.1\r\n");
     strcat(buff, "Content-Type: application/json\r\n");
     strcat(buff, "Content-Length: 1000\r\n");
@@ -198,10 +198,10 @@ int client_loop(const char *peer_ip, const char *peer_name, const char *peer_por
     strcat(buff, peer_port);
     strcat(buff, "\r\n");
 
-    // Delimiter
+    /* Delimiter */
     strcat(buff, "\r\n");
 
-    // Body
+    /* Body */
     srand(time(NULL));
     int devid    = rand() % 100;
     char snum[5] = {0};
@@ -240,7 +240,7 @@ int client_loop(const char *peer_ip, const char *peer_name, const char *peer_por
 
     /* Fill in the server address */
     printf("Peer port: %s\n", peer_port);
-    servAddr.sin_family = AF_INET; // Using IPv4
+    servAddr.sin_family = AF_INET; /* Using IPv4 */
     servAddr.sin_port   = htons(atoi(peer_port));
 
     /* Get the server IPv4 address from the command line call */

wolfcrypt/src/port/iotsafe/iotsafe.c

@@ -453,7 +453,7 @@ static int iotsafe_readfile(uint8_t *file_id, uint16_t file_id_sz,
         return ret;
     }
 
-    filesz_s = search_tlv(resp, ret, 0x20);
+    filesz_s = search_tlv(resp + 4, ret, 0x20);
     if ((filesz_s) && (XSTRLEN(filesz_s)) >= 8) {
         uint8_t fs_msb, fs_lsb;
         if (hex_to_bytes(filesz_s + 4, &fs_msb, 1) < 0)
@@ -730,25 +730,32 @@ static int iotsafe_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
 
     WOLFSSL_MSG("Enter iotsafe_hkdf_extract");
      switch (digest) {
+        #ifndef NO_SHA256
         case WC_SHA256:
          hash_algo = (uint16_t)1;
          if (ikmLen == 0) {
              len = WC_SHA256_DIGEST_SIZE;
          }
             break;
+        #endif
+        #ifdef WOLFSSL_SHA384
         case WC_SHA384:
           hash_algo = (uint16_t)2;
            if (ikmLen == 0) {
              len = WC_SHA384_DIGEST_SIZE;
          }
              break;
+        #endif
+        #ifdef WOLFSSL_TLS13_SHA512
         case WC_SHA512:
             hash_algo = (uint16_t)4;
              if (ikmLen == 0) {
              len = WC_SHA512_DIGEST_SIZE;
          }
             break;
+        #endif
         default:
+            return BAD_FUNC_ARG;
             break;
      }
 
@@ -848,13 +855,14 @@ static int iotsafe_sign_hash(byte *privkey_idx, uint16_t id_size,
 
         ret = expect_csim_response(csim_cmd, (word32)XSTRLEN(csim_cmd), &resp);
         if (ret >= 0) {
-            byte sig_hdr[2];
-            if (hex_to_bytes(resp, sig_hdr, 2) < 0) {
+            byte sig_hdr[3];
+            if (hex_to_bytes(resp, sig_hdr, 3) < 0) {
                ret = BAD_FUNC_ARG;
             } else if ((sig_hdr[0] == IOTSAFE_TAG_SIGNATURE_FIELD) &&
-                       (sig_hdr[1] ==  2 * IOTSAFE_ECC_KSIZE)) {
-                XSTRNCPY(R, resp + 4, IOTSAFE_ECC_KSIZE * 2);
-                XSTRNCPY(S, resp + 4 + IOTSAFE_ECC_KSIZE * 2,
+                       (sig_hdr[1] == 0) &&
+                       (sig_hdr[2] ==  2 * IOTSAFE_ECC_KSIZE)) {
+                XSTRNCPY(R, resp + 6, IOTSAFE_ECC_KSIZE * 2);
+                XSTRNCPY(S, resp + 6 + IOTSAFE_ECC_KSIZE * 2,
                         IOTSAFE_ECC_KSIZE * 2);
                 ret = wc_ecc_rs_to_sig(R, S, signature, sigLen);
             } else {
@@ -1045,8 +1053,8 @@ static int wolfIoT_hkdf_extract(byte* prk, const byte* salt, word32 saltLen,
          ret = iotsafe_hkdf_extract(prk, salt, saltLen, ikm, ikmLen, digest);
     }
     else{
-        #ifdef DEBUG_IOTSAFE
-        printf("NULL Salt length not supported by IoT Safe Applet, fallback to software implementation\n");
+         #ifdef DEBUG_IOTSAFE
+        printf("SALT is NULL, not supported by IoT Safe Applet, fallback to software implementation\n");
         #endif
         ret = wc_Tls13_HKDF_Extract(prk, salt, saltLen, ikm, ikmLen, digest);
     }