WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Review comment

pull/404/head
Tesfa Mael 2025-03-05 11:52:53 -08:00
parent ceb2c224d6
commit 7400f0f369
3 changed files with 129 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
examples/endorsement/verify_ek_cert.c
View File

@ -33,7 +33,7 @@
#include <wolftpm/tpm2_asn.h> #include <wolftpm/tpm2_asn.h>
#include <stdio.h> #include <stdio.h>
#ifndef WOLFTPM2_NO_ASN
#ifndef WOLFTPM2_NO_WRAPPER #ifndef WOLFTPM2_NO_WRAPPER
#include <examples/endorsement/endorsement.h> #include <examples/endorsement/endorsement.h>
@ -327,19 +327,20 @@ exit:
/* --- END TPM2.0 Endorsement certificate tool -- */ /* --- END TPM2.0 Endorsement certificate tool -- */
/******************************************************************************/ /******************************************************************************/
#endif /* !WOLFTPM2_NO_WRAPPER */ #endif /* !WOLFTPM2_NO_WRAPPER */
#endif /* !WOLFTPM2_NO_ASN */
#ifndef NO_MAIN_DRIVER #ifndef NO_MAIN_DRIVER
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
int rc = -1; int rc = -1;
#ifndef WOLFTPM2_NO_WRAPPER #if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_ASN)
rc = TPM2_EndorsementCertVerify_Example(NULL, argc, argv); rc = TPM2_EndorsementCertVerify_Example(NULL, argc, argv);
#else #else
printf("Wrapper code not compiled in\n"); printf("Wrapper code not compiled in\n");
(void)argc; (void)argc;
(void)argv; (void)argv;
#endif /* !WOLFTPM2_NO_WRAPPER */ #endif /* !WOLFTPM2_NO_WRAPPER && !WOLFTPM2_NO_ASN */
return rc; return rc;
} }

110
src/tpm2_asn.c
View File

@ -23,11 +23,9 @@
#include <config.h> #include <config.h>
#endif #endif
#include <wolftpm/tpm2_wrap.h>
#include <wolftpm/tpm2_asn.h> #include <wolftpm/tpm2_asn.h>
#ifndef WOLFTPM2_NO_ASN #ifndef WOLFTPM2_NO_ASN
#ifndef WOLFTPM2_NO_WRAPPER
int TPM2_ASN_GetLength_ex(const uint8_t* input, word32* inOutIdx, int* len, int TPM2_ASN_GetLength_ex(const uint8_t* input, word32* inOutIdx, int* len,
word32 maxIdx, int check) word32 maxIdx, int check)
@ -144,88 +142,101 @@ int TPM2_ASN_RsaDecodeSignature(uint8_t** pInput, int inputSz)
int TPM2_ASN_DecodeX509Cert(uint8_t* input, int inputSz, int TPM2_ASN_DecodeX509Cert(uint8_t* input, int inputSz,
DecodedX509* x509) DecodedX509* x509)
{ {
int rc; int rc = 0;
word32 idx = 0; word32 idx = 0;
int tot_len, cert_len = 0, len, pubkey_len = 0, sig_len = 0; int tot_len, cert_len = 0, len, pubkey_len = 0, sig_len = 0;
if (input == NULL || x509 == NULL) if (input == NULL || x509 == NULL) {
return TPM_RC_VALUE; rc = TPM_RC_VALUE;
}
/* Decode outer SEQUENCE */ /* Decode outer SEQUENCE */
if (rc == 0) {
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED, rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &tot_len, inputSz); &idx, &tot_len, inputSz);
if (rc < 0) }
return rc;
/* Store certificate location */ /* Store certificate location */
if (rc == 0) {
x509->certBegin = idx; x509->certBegin = idx;
x509->cert = &input[idx]; x509->cert = &input[idx];
/* Decode certificate SEQUENCE */ /* Decode certificate SEQUENCE */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED, rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &cert_len, inputSz); &idx, &cert_len, inputSz);
if (rc < 0) }
return rc;
if (rc == 0) {
x509->certSz = cert_len + (idx - x509->certBegin); x509->certSz = cert_len + (idx - x509->certBegin);
/* Decode version */ /* Decode version */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_CONTEXT_SPECIFIC | TPM2_ASN_CONSTRUCTED, rc = TPM2_ASN_GetHeader(input, TPM2_ASN_CONTEXT_SPECIFIC | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz); &idx, &len, inputSz);
if (rc < 0) }
return rc;
if (input[idx] != TPM2_ASN_INTEGER || input[idx] != 1) if (rc == 0) {
return TPM_RC_VALUE; /* check version == 1 */
if (input[idx] != TPM2_ASN_INTEGER || input[idx] != 1) {
rc = TPM_RC_VALUE;
}
}
idx += len; if (rc == 0) {
idx += len; /* skip version */
/* Skip serial number */ /* Skip serial number */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_INTEGER, &idx, &len, inputSz); rc = TPM2_ASN_GetHeader(input, TPM2_ASN_INTEGER, &idx, &len, inputSz);
if (rc < 0) }
return rc;
idx += len; if (rc == 0) {
idx += len; /* skip serial */
/* Skip algorithm identifier */ /* Skip algorithm identifier */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED, rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz); &idx, &len, inputSz);
if (rc < 0) }
return rc;
idx += len; if (rc == 0) {
idx += len; /* skip signature oid */
/* Skip issuer */ /* Skip issuer */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED, rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz); &idx, &len, inputSz);
if (rc < 0) }
return rc;
idx += len; if (rc == 0) {
idx += len; /* skip issuer */
/* Skip validity */ /* Skip validity */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED, rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz); &idx, &len, inputSz);
if (rc < 0) }
return rc;
idx += len; if (rc == 0) {
idx += len; /* skip validity */
/* Skip subject */ /* Skip subject */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED, rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz); &idx, &len, inputSz);
if (rc < 0) }
return rc;
idx += len; if (rc == 0) {
idx += len; /* skip subject */
/* Skip subject public key info */ /* Skip subject public key info */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED, rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz); &idx, &len, inputSz);
if (rc < 0) }
return rc;
idx += len; if (rc == 0) {
idx += len; /* skip subject public key info */
/* Get public key */ /* Get public key */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_BIT_STRING, &idx, &pubkey_len, inputSz); rc = TPM2_ASN_GetHeader(input, TPM2_ASN_BIT_STRING, &idx, &pubkey_len, inputSz);
if (rc < 0) }
return rc;
if (rc == 0) {
/* skip leading zero for bit string */
if (input[idx] == 0x00) { if (input[idx] == 0x00) {
idx++; idx++;
pubkey_len--; pubkey_len--;
@ -237,32 +248,38 @@ int TPM2_ASN_DecodeX509Cert(uint8_t* input, int inputSz,
idx = x509->certBegin + x509->certSz; idx = x509->certBegin + x509->certSz;
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED, rc = TPM2_ASN_GetHeader(input, TPM2_ASN_SEQUENCE | TPM2_ASN_CONSTRUCTED,
&idx, &len, inputSz); &idx, &len, inputSz);
if (rc < 0) }
return rc;
if (rc == 0) {
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_OBJECT_ID, &idx, &len, inputSz); rc = TPM2_ASN_GetHeader(input, TPM2_ASN_OBJECT_ID, &idx, &len, inputSz);
if (rc < 0) }
return rc;
idx += len;
if (rc == 0) {
idx += len; /* skip oid */
/* Skip signature algorithm parameters */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_TAG_NULL, &idx, &len, inputSz); rc = TPM2_ASN_GetHeader(input, TPM2_ASN_TAG_NULL, &idx, &len, inputSz);
if (rc < 0) }
return rc;
idx += len; if (rc == 0) {
idx += len; /* skip tag */
/* Get signature */ /* Get signature */
rc = TPM2_ASN_GetHeader(input, TPM2_ASN_BIT_STRING, &idx, &sig_len, inputSz); rc = TPM2_ASN_GetHeader(input, TPM2_ASN_BIT_STRING, &idx, &sig_len, inputSz);
if (rc < 0) }
return rc;
if (rc == 0) {
/* skip leading zero for bit string */
if (input[idx] == 0x00) { if (input[idx] == 0x00) {
idx++; idx++;
sig_len--; sig_len--;
} }
/* signature */
x509->sigSz = sig_len; x509->sigSz = sig_len;
x509->signature = &input[idx]; x509->signature = &input[idx];
rc = TPM_RC_SUCCESS;
return TPM_RC_SUCCESS; }
return rc;
} }
int TPM2_ASN_DecodeRsaPubKey(uint8_t* input, int inputSz, int TPM2_ASN_DecodeRsaPubKey(uint8_t* input, int inputSz,
@ -330,5 +347,4 @@ int TPM2_ASN_RsaUnpadPkcsv15(uint8_t** pSig, int* sigSz)
return rc; return rc;
} }
#endif /* !WOLFTPM2_NO_WRAPPER */
#endif /* !WOLFTPM2_NO_ASN */ #endif /* !WOLFTPM2_NO_ASN */

2
wolftpm/tpm2_asn.h
View File

@ -26,7 +26,6 @@
#include <wolftpm/tpm2_types.h> #include <wolftpm/tpm2_types.h>
#ifndef WOLFTPM2_NO_ASN #ifndef WOLFTPM2_NO_ASN
#ifndef WOLFTPM2_NO_WRAPPER
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
@ -144,6 +143,5 @@ WOLFTPM_API int TPM2_ASN_RsaUnpadPkcsv15(uint8_t** pSig, int* sigSz);
} /* extern "C" */ } /* extern "C" */
#endif #endif
#endif /* !WOLFTPM2_NO_WRAPPER */
#endif /* !WOLFTPM2_NO_ASN */ #endif /* !WOLFTPM2_NO_ASN */
#endif /* WOLFTPM_TPM2_ASN_H */ #endif /* WOLFTPM_TPM2_ASN_H */