Cleanups from testing.

2023-08-30 11:21:43 -07:00 · 2023-08-30 11:21:43 -07:00 · 78cd7190be
parent a15260342f
commit 78cd7190be
4 changed files with 23 additions and 8 deletions
--- a/examples/boot/README.md
+++ b/examples/boot/README.md
@ -68,7 +68,8 @@ Example for creating a sealed secret using that signed policy based on public ke

 ```sh
 # Create a keyed hash sealed object using the policy authorization for the public key
-./examples/boot/secret_seal -policy=policyauth.bin -out=sealblob.bin
+./examples/boot/secret_seal -rsa -policy=policyauth.bin -out=sealblob.bin
+./examples/boot/secret_seal -ecc -policy=policyauth.bin -out=sealblob.bin
 # OR
 # Provide the public key for policy authorization (instead of -policy=)
 ./examples/boot/secret_seal -rsa -publickey=./certs/example-rsa2048-key-pub.der -out=sealblob.bin
--- a/examples/boot/secret_seal.c
+++ b/examples/boot/secret_seal.c
@ -49,7 +49,7 @@ static void usage(void)
    printf("Expected usage:\n");
    printf("./examples/boot/secret_seal [-secretstr=/-secrethex] [-policy=] [-out=]\n");
    printf("./examples/boot/secret_seal [-secretstr=/-secrethex] [-ecc/-rsa] [-publickey=] [-out=]\n");
-    printf("* -secret=value: Secret to seal (default=random)\n");
+    printf("* -secretstr=string/-secrethex=hex: Secret to seal (default=random)\n");
    printf("* -policy=file: Policy authorization digest for the public key used to sign the policy (default policyauth.bin)\n");
    printf("* -ecc/-rsa: Public key is RSA or ECC (default is RSA)\n");
    printf("* -publickey=file: Public key file (PEM or DER) for the policy signing key used\n");
@ -138,6 +138,8 @@ int TPM2_Boot_SecretSeal_Example(void* userCtx, int argc, char *argv[])
        else if (XSTRNCMP(argv[argc-1], "-secretstr=", XSTRLEN("-secretstr=")) == 0) {
            const char* secretStr = argv[argc-1] + XSTRLEN("-secretstr=");
            secretSz = (int)XSTRLEN(secretStr);
+            if (secretSz > (word32)sizeof(secret))
+                secretSz = (word32)sizeof(secret);
            XMEMCPY(secret, secretStr, secretSz);
        }
        else if (XSTRNCMP(argv[argc-1], "-secrethex=", XSTRLEN("-secrethex=")) == 0) {
--- a/examples/boot/secret_unseal.c
+++ b/examples/boot/secret_unseal.c
@ -127,6 +127,8 @@ int TPM2_Boot_SecretUnseal_Example(void* userCtx, int argc, char *argv[])
    Unseal_Out unsealOut;
    byte* policyRef = NULL; /* optional nonce */
    word32 policyRefSz = 0;
+    byte secret[MAX_SYM_DATA+1]; /* room for NULL term */
+    word32 secretSz = 0;

    XMEMSET(&dev, 0, sizeof(WOLFTPM2_DEV));
    XMEMSET(&storage, 0, sizeof(WOLFTPM2_KEY));
@ -331,8 +333,11 @@ int TPM2_Boot_SecretUnseal_Example(void* userCtx, int argc, char *argv[])
        goto exit;
    }

-    printf("Secret (%d bytes):\n", unsealOut.outData.size);
-    printHexString(unsealOut.outData.buffer, unsealOut.outData.size, 32);
+    secretSz = unsealOut.outData.size;
+    XMEMSET(secret, 0, sizeof(secret));
+    XMEMCPY(secret, unsealOut.outData.buffer, secretSz);
+    printf("Secret (%d bytes): %s\n", secretSz, secret);
+    printHexString(secret, secretSz, 32);

 exit:
    if (rc != 0) {
--- a/examples/boot/secure_rot.c
+++ b/examples/boot/secure_rot.c
@ -43,12 +43,12 @@
 static void usage(void)
 {
    printf("Expected usage:\n");
-    printf("./examples/boot/secure_rot [-nvindex] [-write=/-hash=] [-auth] [-sha384] [-lock]\n");
+    printf("./examples/boot/secure_rot [-nvindex] [-write=/-hash=] [-authhex=/-authstr=] [-sha384] [-lock]\n");
    printf("* -nvindex=[handle] (default 0x%x)\n",
        TPM2_DEMO_NV_SECURE_ROT_INDEX);
    printf("* -hash=hash: Hex string digest to write\n");
    printf("* -write=filename: DER formatted public key to write\n");
-    printf("* -auth=password: Optional password for NV\n");
+    printf("* -authstr=password/-authhex=hexstring: Optional password for NV\n");
    printf("* -sha384: Use SHA2-384 (default is SHA2-256)\n");
    printf("* -lock: Lock the write\n");
    printf("\nExamples:\n");
@ -135,8 +135,15 @@ int TPM2_Boot_SecureROT_Example(void* userCtx, int argc, char *argv[])
            }
            doWrite = 1;
        }
-        else if (XSTRNCMP(argv[argc-1], "-auth=", XSTRLEN("-auth=")) == 0) {
-            const char* authHexStr = argv[argc-1] + XSTRLEN("-auth=");
+        else if (XSTRNCMP(argv[argc-1], "-authstr=", XSTRLEN("-authstr=")) == 0) {
+            const char* authHexStr = argv[argc-1] + XSTRLEN("-authstr=");
+            authBufSz = (int)XSTRLEN(authHexStr);
+            if (authBufSz > (int)sizeof(authBuf))
+                authBufSz = (word32)sizeof(authBuf);
+            XMEMCPY(authBuf, authHexStr, authBufSz);
+        }
+        else if (XSTRNCMP(argv[argc-1], "-authhex=", XSTRLEN("-authhex=")) == 0) {
+            const char* authHexStr = argv[argc-1] + XSTRLEN("-authhex=");
            int authHexStrLen = (int)XSTRLEN(authHexStr);
            if (authHexStrLen > (int)sizeof(authBuf)*2+1)
                authBufSz = -1;