WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Review comment

pull/404/head
Tesfa Mael 2025-03-05 11:52:53 -08:00
parent ceb2c224d6
commit 7400f0f369
3 changed files with 129 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
examples/endorsement/verify_ek_cert.c
View File

@ -33,7 +33,7 @@
#include <wolftpm/tpm2_asn.h>
#include <stdio.h>
#ifndef WOLFTPM2_NO_ASN
#ifndef WOLFTPM2_NO_WRAPPER
#include <examples/endorsement/endorsement.h>
@ -327,19 +327,20 @@ exit:
/* --- END TPM2.0 Endorsement certificate tool -- */
/******************************************************************************/
#endif /* !WOLFTPM2_NO_WRAPPER */
#endif /* !WOLFTPM2_NO_ASN */
#ifndef NO_MAIN_DRIVER
int main(int argc, char *argv[])
{
int rc = -1;
#ifndef WOLFTPM2_NO_WRAPPER
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_ASN)
rc = TPM2_EndorsementCertVerify_Example(NULL, argc, argv);
#else
printf("Wrapper code not compiled in\n");
(void)argc;
(void)argv;
#endif /* !WOLFTPM2_NO_WRAPPER */
#endif /* !WOLFTPM2_NO_WRAPPER && !WOLFTPM2_NO_ASN */
return rc;
}

234
src/tpm2_asn.c
View File

@ -23,11 +23,9 @@
#include <config.h>
#endif
#include <wolftpm/tpm2_wrap.h>
#include <wolftpm/tpm2_asn.h>
#ifndef WOLFTPM2_NO_ASN
#ifndef WOLFTPM2_NO_WRAPPER
int TPM2_ASN_GetLength_ex(const uint8_t* input, word32* inOutIdx, int* len,
word32 maxIdx, int check)
@ -144,125 +142,144 @@ int TPM2_ASN_RsaDecodeSignature(uint8_t** pInput, int inputSz)
int TPM2_ASN_DecodeX509Cert(uint8_t* input, int inputSz,
DecodedX509* x509)
{
int rc;
int rc = 0;
word32 idx = 0;
int tot_len, cert_len = 0, len, pubkey_len = 0, sig_len = 0;
if (input == NULL || x509 == NULL)
return TPM_RC_VALUE;
if (input == NULL || x509 == NULL) {
rc = TPM_RC_VALUE;
}
/* Decode outer SEQUENCE */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &tot_len, inputSz);
if (rc < 0)
return rc;
if (rc == 0) {
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &tot_len, inputSz);
}
/* Store certificate location */
x509->certBegin = idx;
x509->cert = &input[idx];
if (rc == 0) {
x509->certBegin = idx;
x509->cert = &input[idx];
/* Decode certificate SEQUENCE */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &cert_len, inputSz);
if (rc < 0)
return rc;
x509->certSz = cert_len + (idx - x509->certBegin);
/* Decode version */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_CONTEXT_SPECIFIC | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz);
if (rc < 0)
return rc;
if (input[idx] != TPM2_ASN_INTEGER || input[idx] != 1)
return TPM_RC_VALUE;
idx += len;
/* Skip serial number */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_INTEGER, &idx, &len, inputSz);
if (rc < 0)
return rc;
idx += len;
/* Skip algorithm identifier */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz);
if (rc < 0)
return rc;
idx += len;
/* Skip issuer */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz);
if (rc < 0)
return rc;
idx += len;
/* Skip validity */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz);
if (rc < 0)
return rc;
idx += len;
/* Skip subject */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz);
if (rc < 0)
return rc;
idx += len;
/* Skip subject public key info */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz);
if (rc < 0)
return rc;
idx += len;
/* Get public key */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_BIT_STRING, &idx, &pubkey_len, inputSz);
if (rc < 0)
return rc;
if (input[idx] == 0x00) {
idx++;
pubkey_len--;
/* Decode certificate SEQUENCE */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &cert_len, inputSz);
}
x509->publicKey = &input[idx];
x509->pubKeySz = pubkey_len;
/* Get signature algorithm */
idx = x509->certBegin + x509->certSz;
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz);
if (rc < 0)
return rc;
if (rc == 0) {
x509->certSz = cert_len + (idx - x509->certBegin);
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_OBJECT_ID, &idx, &len, inputSz);
if (rc < 0)
return rc;
idx += len;
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_TAG_NULL, &idx, &len, inputSz);
if (rc < 0)
return rc;
idx += len;
/* Get signature */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_BIT_STRING, &idx, &sig_len, inputSz);
if (rc < 0)
return rc;
if (input[idx] == 0x00) {
idx++;
sig_len--;
/* Decode version */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_CONTEXT_SPECIFIC | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz);
}
x509->sigSz = sig_len;
x509->signature = &input[idx];
return TPM_RC_SUCCESS;
if (rc == 0) {
/* check version == 1 */
if (input[idx] != TPM2_ASN_INTEGER || input[idx] != 1) {
rc = TPM_RC_VALUE;
}
}
if (rc == 0) {
idx += len; /* skip version */
/* Skip serial number */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_INTEGER, &idx, &len, inputSz);
}
if (rc == 0) {
idx += len; /* skip serial */
/* Skip algorithm identifier */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz);
}
if (rc == 0) {
idx += len; /* skip signature oid */
/* Skip issuer */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz);
}
if (rc == 0) {
idx += len; /* skip issuer */
/* Skip validity */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz);
}
if (rc == 0) {
idx += len; /* skip validity */
/* Skip subject */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz);
}
if (rc == 0) {
idx += len; /* skip subject */
/* Skip subject public key info */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz);
}
if (rc == 0) {
idx += len; /* skip subject public key info */
/* Get public key */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_BIT_STRING, &idx, &pubkey_len, inputSz);
}
if (rc == 0) {
/* skip leading zero for bit string */
if (input[idx] == 0x00) {
idx++;
pubkey_len--;
}
x509->publicKey = &input[idx];
x509->pubKeySz = pubkey_len;
/* Get signature algorithm */
idx = x509->certBegin + x509->certSz;
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz);
}
if (rc == 0) {
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_OBJECT_ID, &idx, &len, inputSz);
}
if (rc == 0) {
idx += len; /* skip oid */
/* Skip signature algorithm parameters */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_TAG_NULL, &idx, &len, inputSz);
}
if (rc == 0) {
idx += len; /* skip tag */
/* Get signature */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_BIT_STRING, &idx, &sig_len, inputSz);
}
if (rc == 0) {
/* skip leading zero for bit string */
if (input[idx] == 0x00) {
idx++;
sig_len--;
}
/* signature */
x509->sigSz = sig_len;
x509->signature = &input[idx];
rc = TPM_RC_SUCCESS;
}
return rc;
}
int TPM2_ASN_DecodeRsaPubKey(uint8_t* input, int inputSz,
@ -330,5 +347,4 @@ int TPM2_ASN_RsaUnpadPkcsv15(uint8_t** pSig, int* sigSz)
return rc;
}
#endif /* !WOLFTPM2_NO_WRAPPER */
#endif /* !WOLFTPM2_NO_ASN */

2
wolftpm/tpm2_asn.h
View File

@ -26,7 +26,6 @@
#include <wolftpm/tpm2_types.h>
#ifndef WOLFTPM2_NO_ASN
#ifndef WOLFTPM2_NO_WRAPPER
#ifdef __cplusplus
extern "C" {
@ -144,6 +143,5 @@ WOLFTPM_API int TPM2_ASN_RsaUnpadPkcsv15(uint8_t** pSig, int* sigSz);
} /* extern "C" */
#endif
#endif /* !WOLFTPM2_NO_WRAPPER */
#endif /* !WOLFTPM2_NO_ASN */
#endif /* WOLFTPM_TPM2_ASN_H */