From d5872221ba1fb55796812a65707859ccf673c9f6 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 30 May 2025 17:59:57 -0700 Subject: [PATCH 1/2] Fix `TPM2_ParsePublic` size argument. --- examples/nvram/read.c | 2 +- examples/tpm_test_keys.c | 2 +- src/tpm2.c | 7 ------- src/tpm2_wrap.c | 2 +- 4 files changed, 3 insertions(+), 10 deletions(-) diff --git a/examples/nvram/read.c b/examples/nvram/read.c index 4ca26a7..6d9ed72 100644 --- a/examples/nvram/read.c +++ b/examples/nvram/read.c @@ -221,7 +221,7 @@ int TPM2_NVRAM_Read_Example(void* userCtx, int argc, char *argv[]) /* Necessary for storing the publicArea with the correct encoding */ rc = TPM2_ParsePublic(&keyBlob.pub, pubAreaBuffer, - (word32)sizeof(pubAreaBuffer), &pubAreaSize); + readSize, &pubAreaSize); if (rc != TPM_RC_SUCCESS) { printf("Decoding of PublicArea failed. Unable to extract correctly.\n"); goto exit; diff --git a/examples/tpm_test_keys.c b/examples/tpm_test_keys.c index 710e782..4aaaa49 100644 --- a/examples/tpm_test_keys.c +++ b/examples/tpm_test_keys.c @@ -216,7 +216,7 @@ int readKeyBlob(const char* filename, WOLFTPM2_KEYBLOB* key) /* Decode the byte stream into a publicArea structure ready for use */ rc = TPM2_ParsePublic(&key->pub, pubAreaBuffer, - (word32)sizeof(pubAreaBuffer), &pubAreaSize); + sizeof(UINT16) + key->pub.size, &pubAreaSize); if (rc != TPM_RC_SUCCESS) { goto exit; } diff --git a/src/tpm2.c b/src/tpm2.c index bd1fcf1..bce1453 100644 --- a/src/tpm2.c +++ b/src/tpm2.c @@ -6465,13 +6465,6 @@ int TPM2_ParsePublic(TPM2B_PUBLIC* pub, byte* buf, word32 size, int* sizeUsed) if (buf == NULL || pub == NULL || sizeUsed == NULL) return BAD_FUNC_ARG; - if (size < sizeof(TPM2B_PUBLIC)) { - #ifdef DEBUG_WOLFTPM - printf("Insufficient buffer size for TPM2B_PUBLIC operations\n"); - #endif - return TPM_RC_FAILURE; - } - /* Prepare temporary buffer */ packet.buf = buf; packet.pos = 0; diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index c43352f..ad6e174 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -481,7 +481,7 @@ int wolfTPM2_SetKeyBlobFromBuffer(WOLFTPM2_KEYBLOB* key, byte *buffer, /* Decode the byte stream into a publicArea structure ready for use */ rc = TPM2_ParsePublic(&key->pub, pubAreaBuffer, - (word32)sizeof(pubAreaBuffer), &pubAreaSize); + (word32)(sizeof(UINT16) + key->pub.size), &pubAreaSize); if (rc != TPM_RC_SUCCESS) { return rc; } From 47193894e82b321506c81abd105bf440afc0e0c0 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 4 Jun 2025 14:45:30 -0700 Subject: [PATCH 2/2] Cleanups for make_credential and `keygen -rsa` test case --- examples/attestation/make_credential.c | 4 ++-- examples/run_examples.sh | 23 +++++++++++++---------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/examples/attestation/make_credential.c b/examples/attestation/make_credential.c index a7cc0a9..64c68b6 100644 --- a/examples/attestation/make_credential.c +++ b/examples/attestation/make_credential.c @@ -49,8 +49,8 @@ static void usage(void) printf("Notes:\n"); printf("\tName digest is loaded from \"ak.name\" file\n"); printf("\tPublic key is loaded from a file containing TPM2B_PUBLIC\n"); - printf("\t\"tek.pub\" for EK pub"); - printf("\t\"tsrk.pub\" for SRK pub"); + printf("\t\"ek.pub\" for EK pub\n"); + printf("\t\"srk.pub\" for SRK pub\n"); printf("\tOutput is stored in \"cred.blob\"\n"); printf("Demo usage without parameters, uses SRK pub\n"); } diff --git a/examples/run_examples.sh b/examples/run_examples.sh index 7fd5b3a..a1e8576 100755 --- a/examples/run_examples.sh +++ b/examples/run_examples.sh @@ -493,17 +493,9 @@ if [ $WOLFCRYPT_ENABLE -eq 1 ]; then fi if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $NO_FILESYSTEM -eq 0 ]; then - ./examples/keygen/keygen keyblob.bin -rsa >> $TPMPWD/run.out 2>&1 - RESULT=$? - [ $RESULT -ne 0 ] && echo -e "keygen rsa failed! $RESULT" && exit 1 - ./examples/attestation/make_credential >> $TPMPWD/run.out 2>&1 - RESULT=$? - [ $RESULT -ne 0 ] && echo -e "make_credential failed! $RESULT" && exit 1 - ./examples/attestation/activate_credential >> $TPMPWD/run.out 2>&1 - RESULT=$? - [ $RESULT -ne 0 ] && echo -e "activate_credential failed! $RESULT" && exit 1 + rm -f keyblob.bin - # Endorsement hierarchy + # Endorsement hierarchy (assumes keyblob.bin for key) ./examples/keygen/keygen keyblob.bin -rsa -eh >> $TPMPWD/run.out 2>&1 RESULT=$? [ $RESULT -ne 0 ] && echo -e "keygen rsa endorsement failed! $RESULT" && exit 1 @@ -514,10 +506,21 @@ if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $NO_FILESYSTEM -eq 0 ]; then RESULT=$? [ $RESULT -ne 0 ] && echo -e "activate_credential endorsement failed! $RESULT" && exit 1 + ./examples/keygen/keygen keyblob.bin -rsa >> $TPMPWD/run.out 2>&1 + RESULT=$? + [ $RESULT -ne 0 ] && echo -e "keygen rsa failed! $RESULT" && exit 1 + ./examples/attestation/make_credential >> $TPMPWD/run.out 2>&1 + RESULT=$? + [ $RESULT -ne 0 ] && echo -e "make_credential failed! $RESULT" && exit 1 + ./examples/attestation/activate_credential >> $TPMPWD/run.out 2>&1 + RESULT=$? + [ $RESULT -ne 0 ] && echo -e "activate_credential failed! $RESULT" && exit 1 + rm -f cred.blob rm -f ek.pub rm -f srk.pub rm -f ak.name + # Keeping keyblob.bin for tests later fi # PCR Quote Tests