From 592210f321025742735f662422a2b7b8480d8a42 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 29 May 2025 11:53:05 -0700 Subject: [PATCH] Expose `TPM2_ASN_TrimZeros`. --- src/tpm2_asn.c | 3 --- tests/unit_tests.c | 6 ++++-- wolftpm/tpm2_asn.h | 43 ++++++++++++++++++++++++++++++------------- 3 files changed, 34 insertions(+), 18 deletions(-) diff --git a/src/tpm2_asn.c b/src/tpm2_asn.c index bc586e5..e67de33 100644 --- a/src/tpm2_asn.c +++ b/src/tpm2_asn.c @@ -27,8 +27,6 @@ #ifndef WOLFTPM2_NO_ASN -#if defined(HAVE_ECC) && (defined(WOLFTPM_CRYPTOCB) || \ - (defined(HAVE_PK_CALLBACKS) && !defined(WOLFCRYPT_ONLY))) /* Helper to trim leading zeros when not required */ byte* TPM2_ASN_TrimZeros(byte* in, word32* len) { @@ -40,7 +38,6 @@ byte* TPM2_ASN_TrimZeros(byte* in, word32* len) *len -= idx; return in; } -#endif int TPM2_ASN_GetLength_ex(const uint8_t* input, word32* inOutIdx, int* len, word32 maxIdx, int check) diff --git a/tests/unit_tests.c b/tests/unit_tests.c index f064837..a3a8baf 100644 --- a/tests/unit_tests.c +++ b/tests/unit_tests.c @@ -397,7 +397,8 @@ static void test_wolfTPM2_CSR(void) #endif } -#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) +#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && \ + !defined(WOLFTPM2_NO_ASN) static void test_wolfTPM2_EccSignVerifyDig(const byte* digest, int digestSz, TPM_ECC_CURVE curve, TPMI_ALG_HASH hashAlg) { @@ -829,7 +830,8 @@ int unit_tests(int argc, char *argv[]) test_wolfTPM2_KeyBlob(TPM_ALG_ECC); test_wolfTPM2_Cleanup(); test_wolfTPM2_thread_local_storage(); - #if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) + #if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && \ + !defined(WOLFTPM2_NO_ASN) test_wolfTPM2_EccSignVerify(); #endif #endif /* !WOLFTPM2_NO_WRAPPER */ diff --git a/wolftpm/tpm2_asn.h b/wolftpm/tpm2_asn.h index a557597..533ceb5 100644 --- a/wolftpm/tpm2_asn.h +++ b/wolftpm/tpm2_asn.h @@ -80,8 +80,9 @@ typedef struct DecodedX509 { \param maxIdx Maximum allowed index in buffer \return Length on success, TPM_RC_INSUFFICIENT on buffer error */ -WOLFTPM_API int TPM2_ASN_GetLength(const uint8_t* input, word32* inOutIdx, int* len, - word32 maxIdx); +WOLFTPM_API int TPM2_ASN_GetLength(const uint8_t* input, word32* inOutIdx, + int* len, word32 maxIdx); + /*! \ingroup ASN \brief Decodes ASN.1 length with optional length checking @@ -92,8 +93,9 @@ WOLFTPM_API int TPM2_ASN_GetLength(const uint8_t* input, word32* inOutIdx, int* \param check Flag to enable length validation \return Length on success, TPM_RC_INSUFFICIENT on buffer error */ -WOLFTPM_API int TPM2_ASN_GetLength_ex(const uint8_t* input, word32* inOutIdx, int* len, - word32 maxIdx, int check); +WOLFTPM_API int TPM2_ASN_GetLength_ex(const uint8_t* input, word32* inOutIdx, + int* len, word32 maxIdx, int check); + /*! \ingroup ASN \brief Decodes ASN.1 tag and validates length @@ -104,15 +106,19 @@ WOLFTPM_API int TPM2_ASN_GetLength_ex(const uint8_t* input, word32* inOutIdx, in \param tag Expected ASN.1 tag value \return 0 on success, TPM_RC_INSUFFICIENT on buffer error, TPM_RC_VALUE on tag mismatch */ -WOLFTPM_API int TPM2_ASN_DecodeTag(const uint8_t* input, int inputSz, int* inOutIdx, int* tag_len, uint8_t tag); +WOLFTPM_API int TPM2_ASN_DecodeTag(const uint8_t* input, int inputSz, + int* inOutIdx, int* tag_len, uint8_t tag); + /*! \ingroup ASN \brief Decodes RSA signature from ASN.1 format \param pInput Pointer to buffer containing ASN.1 encoded RSA signature \param inputSz Size of input buffer - \return Size of decoded signature on success, TPM_RC_VALUE on invalid input, TPM_RC_INSUFFICIENT on buffer error + \return Size of decoded signature on success, TPM_RC_VALUE on invalid input, + TPM_RC_INSUFFICIENT on buffer error */ WOLFTPM_API int TPM2_ASN_RsaDecodeSignature(uint8_t** pInput, int inputSz); + /*! \brief Decodes an X.509 certificate \param input Buffer containing ASN.1 encoded X.509 certificate @@ -120,28 +126,39 @@ WOLFTPM_API int TPM2_ASN_RsaDecodeSignature(uint8_t** pInput, int inputSz); \param x509 Structure to store decoded certificate data \return 0 on success, TPM_RC_VALUE on invalid input, TPM_RC_INSUFFICIENT on buffer error */ -WOLFTPM_API int TPM2_ASN_DecodeX509Cert(uint8_t* input, int inputSz, DecodedX509* x509); +WOLFTPM_API int TPM2_ASN_DecodeX509Cert(uint8_t* input, int inputSz, + DecodedX509* x509); + /*! \ingroup ASN \brief Decodes RSA public key from ASN.1 format into TPM2B_PUBLIC structure \param input Buffer containing ASN.1 encoded RSA public key \param inputSz Size of input buffer \param pub TPM2B_PUBLIC structure to store decoded key - \return 0 on success, TPM_RC_VALUE on invalid input, TPM_RC_INSUFFICIENT on buffer error + \return 0 on success, TPM_RC_VALUE on invalid input, + TPM_RC_INSUFFICIENT on buffer error */ -WOLFTPM_API int TPM2_ASN_DecodeRsaPubKey(uint8_t* input, int inputSz, TPM2B_PUBLIC* pub); +WOLFTPM_API int TPM2_ASN_DecodeRsaPubKey(uint8_t* input, int inputSz, + TPM2B_PUBLIC* pub); + /*! \ingroup ASN \brief Removes PKCS#1 v1.5 padding from RSA signature - \param pSig Pointer to buffer containing padded signature, updated to point to unpadded data + \param pSig Pointer to buffer containing padded signature, updated to point + to unpadded data \param sigSz Size of signature buffer, updated with unpadded size \return 0 on success, TPM_RC_VALUE on invalid padding */ WOLFTPM_API int TPM2_ASN_RsaUnpadPkcsv15(uint8_t** pSig, int* sigSz); - -WOLFTPM_LOCAL byte* TPM2_ASN_TrimZeros(byte* in, word32* len); - +/*! + \ingroup ASN + \brief Removes leading zero bytes from a buffer + \param in Pointer to input buffer containing data to trim + \param len Pointer to length of input buffer, updated with new length after trimming + \return Pointer to the trimmed buffer (may be same as input if no trimming needed) +*/ +WOLFTPM_API byte* TPM2_ASN_TrimZeros(byte* in, word32* len); #ifdef __cplusplus } /* extern "C" */