From ba1339b055285ee425560dd70ae29373069f8b04 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 22 Jul 2021 11:09:16 -0700 Subject: [PATCH 1/2] Fix for compiler warning for file read in make_credential.c. Updated attestation example documentation. --- examples/attestation/README.md | 21 +++++++++++---------- examples/attestation/make_credential.c | 5 +++-- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/examples/attestation/README.md b/examples/attestation/README.md index 0a7c258..3ff6cb3 100644 --- a/examples/attestation/README.md +++ b/examples/attestation/README.md @@ -52,8 +52,10 @@ TPM2.0 Key generation example Loading SRK: Storage 0x81000200 (282 bytes) RSA AIK template Creating new RSA key... -Created new key (pub 280, priv 222 bytes) +New key created and loaded (pub 280, priv 222 bytes) Wrote 508 bytes to keyblob.bin +Wrote 288 bytes to srk.pub +Wrote AK Name digest ``` ### Make Credential Example Usage @@ -62,15 +64,16 @@ Using the `make_credential` example an attestation server can generate remote at ``` $ ./examples/attestation/make_credential -Using default values -Demo how to create a credential blob for remote attestation -wolfTPM2_Init: success +Using public key from SRK to create the challenge +Demo how to create a credential challenge for remote attestation Credential will be stored in cred.blob -Reading 508 bytes from keyblob.bin +wolfTPM2_Init: success +Reading 288 bytes from srk.pub Reading the private part of the key -AK loaded at 0x80000001 +Public key for encryption loaded +Read AK Name digest success TPM2_MakeCredential success -Wrote credential blob and secret to cred.blob, 514 bytes +Wrote credential blob and secret to cred.blob, 648 bytes ``` The transfer of the PAK and AK public parts between the client and attestation server is not part of the `make_credential` example, because the exchange is implementation specific. @@ -90,9 +93,7 @@ SRK loaded Reading 508 bytes from keyblob.bin Reading the private part of the key AK loaded at 0x80000001 -TPM2_StartAuthSession: sessionHandle 0x3000000 -TPM2_policyCommandCode success -Read credential blob and secret from cred.blob, 514 bytes +Read credential blob and secret from cred.blob, 648 bytes TPM2_ActivateCredential success ``` diff --git a/examples/attestation/make_credential.c b/examples/attestation/make_credential.c index 7a9b7e1..26c3171 100644 --- a/examples/attestation/make_credential.c +++ b/examples/attestation/make_credential.c @@ -145,8 +145,9 @@ int TPM2_MakeCredential_Example(void* userCtx, int argc, char *argv[]) /* Load AK Name digest */ fp = XFOPEN("ak.name", "rb"); if (fp != XBADFILE) { - XFREAD((BYTE*)&name, 1, sizeof(name), fp); - printf("Read AK Name digest\n"); + size_t nameReadSz = XFREAD((BYTE*)&name, 1, sizeof(name), fp); + printf("Read AK Name digest %s\n", + nameReadSz == sizeof(name) ? "success" : "failed"); XFCLOSE(fp); } #endif From 54d3fea42b875b2803e00f6a7d4da59a1570dc25 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 22 Jul 2021 11:33:13 -0700 Subject: [PATCH 2/2] Fix for mismatch memset size. --- examples/native/native_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/native/native_test.c b/examples/native/native_test.c index 431ef59..22a5a3f 100644 --- a/examples/native/native_test.c +++ b/examples/native/native_test.c @@ -733,7 +733,7 @@ int TPM2_Native_TestArgs(void* userCtx, int argc, char *argv[]) XMEMCPY(session[0].auth.buffer, storagePwd, session[0].auth.size); /* Create a loaded new TPM 2.0 key and then unload it */ - XMEMSET(&cmdIn.createLoaded, 0, sizeof(cmdOut.createLoaded)); + XMEMSET(&cmdIn.createLoaded, 0, sizeof(cmdIn.createLoaded)); cmdIn.createLoaded.parentHandle = storage.handle; cmdIn.createLoaded.inSensitive.sensitive.userAuth.size = sizeof(usageAuth)-1; XMEMCPY(cmdIn.createLoaded.inSensitive.sensitive.userAuth.buffer, usageAuth,