WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Cleanups from testing.

pull/294/head
David Garske 2023-08-30 11:21:43 -07:00
parent a15260342f
commit 78cd7190be
4 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
examples/boot/README.md
View File

@ -68,7 +68,8 @@ Example for creating a sealed secret using that signed policy based on public ke
```sh ```sh
# Create a keyed hash sealed object using the policy authorization for the public key # Create a keyed hash sealed object using the policy authorization for the public key
./examples/boot/secret_seal -policy=policyauth.bin -out=sealblob.bin ./examples/boot/secret_seal -rsa -policy=policyauth.bin -out=sealblob.bin
./examples/boot/secret_seal -ecc -policy=policyauth.bin -out=sealblob.bin
# OR # OR
# Provide the public key for policy authorization (instead of -policy=) # Provide the public key for policy authorization (instead of -policy=)
./examples/boot/secret_seal -rsa -publickey=./certs/example-rsa2048-key-pub.der -out=sealblob.bin ./examples/boot/secret_seal -rsa -publickey=./certs/example-rsa2048-key-pub.der -out=sealblob.bin

4
examples/boot/secret_seal.c
View File

@ -49,7 +49,7 @@ static void usage(void)
printf("Expected usage:\n"); printf("Expected usage:\n");
printf("./examples/boot/secret_seal [-secretstr=/-secrethex] [-policy=] [-out=]\n"); printf("./examples/boot/secret_seal [-secretstr=/-secrethex] [-policy=] [-out=]\n");
printf("./examples/boot/secret_seal [-secretstr=/-secrethex] [-ecc/-rsa] [-publickey=] [-out=]\n"); printf("./examples/boot/secret_seal [-secretstr=/-secrethex] [-ecc/-rsa] [-publickey=] [-out=]\n");
printf("* -secret=value: Secret to seal (default=random)\n"); printf("* -secretstr=string/-secrethex=hex: Secret to seal (default=random)\n");
printf("* -policy=file: Policy authorization digest for the public key used to sign the policy (default policyauth.bin)\n"); printf("* -policy=file: Policy authorization digest for the public key used to sign the policy (default policyauth.bin)\n");
printf("* -ecc/-rsa: Public key is RSA or ECC (default is RSA)\n"); printf("* -ecc/-rsa: Public key is RSA or ECC (default is RSA)\n");
printf("* -publickey=file: Public key file (PEM or DER) for the policy signing key used\n"); printf("* -publickey=file: Public key file (PEM or DER) for the policy signing key used\n");
@ -138,6 +138,8 @@ int TPM2_Boot_SecretSeal_Example(void* userCtx, int argc, char *argv[])
else if (XSTRNCMP(argv[argc-1], "-secretstr=", XSTRLEN("-secretstr=")) == 0) { else if (XSTRNCMP(argv[argc-1], "-secretstr=", XSTRLEN("-secretstr=")) == 0) {
const char* secretStr = argv[argc-1] + XSTRLEN("-secretstr="); const char* secretStr = argv[argc-1] + XSTRLEN("-secretstr=");
secretSz = (int)XSTRLEN(secretStr); secretSz = (int)XSTRLEN(secretStr);
if (secretSz > (word32)sizeof(secret))
secretSz = (word32)sizeof(secret);
XMEMCPY(secret, secretStr, secretSz); XMEMCPY(secret, secretStr, secretSz);
} }
else if (XSTRNCMP(argv[argc-1], "-secrethex=", XSTRLEN("-secrethex=")) == 0) { else if (XSTRNCMP(argv[argc-1], "-secrethex=", XSTRLEN("-secrethex=")) == 0) {

9
examples/boot/secret_unseal.c
View File

@ -127,6 +127,8 @@ int TPM2_Boot_SecretUnseal_Example(void* userCtx, int argc, char *argv[])
Unseal_Out unsealOut; Unseal_Out unsealOut;
byte* policyRef = NULL; /* optional nonce */ byte* policyRef = NULL; /* optional nonce */
word32 policyRefSz = 0; word32 policyRefSz = 0;
byte secret[MAX_SYM_DATA+1]; /* room for NULL term */
word32 secretSz = 0;
XMEMSET(&dev, 0, sizeof(WOLFTPM2_DEV)); XMEMSET(&dev, 0, sizeof(WOLFTPM2_DEV));
XMEMSET(&storage, 0, sizeof(WOLFTPM2_KEY)); XMEMSET(&storage, 0, sizeof(WOLFTPM2_KEY));
@ -331,8 +333,11 @@ int TPM2_Boot_SecretUnseal_Example(void* userCtx, int argc, char *argv[])
goto exit; goto exit;
} }
printf("Secret (%d bytes):\n", unsealOut.outData.size); secretSz = unsealOut.outData.size;
printHexString(unsealOut.outData.buffer, unsealOut.outData.size, 32); XMEMSET(secret, 0, sizeof(secret));
XMEMCPY(secret, unsealOut.outData.buffer, secretSz);
printf("Secret (%d bytes): %s\n", secretSz, secret);
printHexString(secret, secretSz, 32);
exit: exit:
if (rc != 0) { if (rc != 0) {

15
examples/boot/secure_rot.c
View File

@ -43,12 +43,12 @@
static void usage(void) static void usage(void)
{ {
printf("Expected usage:\n"); printf("Expected usage:\n");
printf("./examples/boot/secure_rot [-nvindex] [-write=/-hash=] [-auth] [-sha384] [-lock]\n"); printf("./examples/boot/secure_rot [-nvindex] [-write=/-hash=] [-authhex=/-authstr=] [-sha384] [-lock]\n");
printf("* -nvindex=[handle] (default 0x%x)\n", printf("* -nvindex=[handle] (default 0x%x)\n",
TPM2_DEMO_NV_SECURE_ROT_INDEX); TPM2_DEMO_NV_SECURE_ROT_INDEX);
printf("* -hash=hash: Hex string digest to write\n"); printf("* -hash=hash: Hex string digest to write\n");
printf("* -write=filename: DER formatted public key to write\n"); printf("* -write=filename: DER formatted public key to write\n");
printf("* -auth=password: Optional password for NV\n"); printf("* -authstr=password/-authhex=hexstring: Optional password for NV\n");
printf("* -sha384: Use SHA2-384 (default is SHA2-256)\n"); printf("* -sha384: Use SHA2-384 (default is SHA2-256)\n");
printf("* -lock: Lock the write\n"); printf("* -lock: Lock the write\n");
printf("\nExamples:\n"); printf("\nExamples:\n");
@ -135,8 +135,15 @@ int TPM2_Boot_SecureROT_Example(void* userCtx, int argc, char *argv[])
} }
doWrite = 1; doWrite = 1;
} }
else if (XSTRNCMP(argv[argc-1], "-auth=", XSTRLEN("-auth=")) == 0) { else if (XSTRNCMP(argv[argc-1], "-authstr=", XSTRLEN("-authstr=")) == 0) {
const char* authHexStr = argv[argc-1] + XSTRLEN("-auth="); const char* authHexStr = argv[argc-1] + XSTRLEN("-authstr=");
authBufSz = (int)XSTRLEN(authHexStr);
if (authBufSz > (int)sizeof(authBuf))
authBufSz = (word32)sizeof(authBuf);
XMEMCPY(authBuf, authHexStr, authBufSz);
}
else if (XSTRNCMP(argv[argc-1], "-authhex=", XSTRLEN("-authhex=")) == 0) {
const char* authHexStr = argv[argc-1] + XSTRLEN("-authhex=");
int authHexStrLen = (int)XSTRLEN(authHexStr); int authHexStrLen = (int)XSTRLEN(authHexStr);
if (authHexStrLen > (int)sizeof(authBuf)*2+1) if (authHexStrLen > (int)sizeof(authBuf)*2+1)
authBufSz = -1; authBufSz = -1;