From 8b5c5fe89785a1eb6dcf01e3969ebe535633e0c5 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 11 Sep 2024 10:28:27 -0700 Subject: [PATCH] Peer review feedback. Cleanups for code comments, logging and white-space. --- examples/tls/tls_client.c | 13 ++++++++++--- examples/tls/tls_server.c | 18 ++++++++++++------ 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/examples/tls/tls_client.c b/examples/tls/tls_client.c index f63f311..b589ab7 100644 --- a/examples/tls/tls_client.c +++ b/examples/tls/tls_client.c @@ -247,7 +247,12 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[]) bindKey = &storageKey; } else { - #ifndef WOLFTPM_MFG_IDENTITY /* not fatal if using mfg identity */ + /* error printed in getPrimaryStoragekey */ + #ifdef WOLFTPM_MFG_IDENTITY /* not fatal if using mfg identity */ + printf("Allowing primary creation failure, since not required " + "when using a pre-provisioned IDevID key\n"); + rc = 0; + #else goto exit; #endif } @@ -291,7 +296,9 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[]) /* Attempt to use pre-provisioned identity key */ rc = wolfTPM2_ReadPublicKey(&dev, &eccKey, TPM2_IDEVID_KEY_HANDLE); if (rc == 0) { - /* TODO: Supply master password (if not TEST_SAMPLE) */ + /* Custom should supply their own custom master password used during + * device provisioning. If using a sample TPM supply NULL to use the + * default password. */ wolfTPM2_SetIdentityAuth(&dev, &eccKey.handle, NULL, 0); } else @@ -487,7 +494,7 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[]) } #elif defined(NO_FILESYSTEM) - /* Load "cert" buffer with ASN.1/DER certificate */ + /* Example for loading cert using an ASN.1/DER certificate */ #if 0 rc = wolfSSL_CTX_use_certificate_buffer(ctx, cert.buffer, (long)cert.size, WOLFSSL_FILETYPE_ASN1); diff --git a/examples/tls/tls_server.c b/examples/tls/tls_server.c index ab730cf..1b65d20 100644 --- a/examples/tls/tls_server.c +++ b/examples/tls/tls_server.c @@ -263,7 +263,12 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[]) bindKey = &storageKey; } else { - #ifndef WOLFTPM_MFG_IDENTITY /* not fatal if using mfg identity */ + /* error printed in getPrimaryStoragekey */ + #ifdef WOLFTPM_MFG_IDENTITY /* not fatal if using mfg identity */ + printf("Allowing primary creation failure, since not required " + "when using a pre-provisioned IDevID key\n"); + rc = 0; + #else goto exit; #endif } @@ -307,7 +312,9 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[]) /* Attempt to use pre-provisioned identity key */ rc = wolfTPM2_ReadPublicKey(&dev, &eccKey, TPM2_IDEVID_KEY_HANDLE); if (rc == 0) { - /* TODO: Supply master password (if not TEST_SAMPLE) */ + /* Custom should supply their own custom master password used during + * device provisioning. If using a sample TPM supply NULL to use the + * default password. */ wolfTPM2_SetIdentityAuth(&dev, &eccKey.handle, NULL, 0); } else @@ -454,7 +461,7 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[]) WOLFSSL_FILETYPE_ASN1); #endif #else - const char* useCert = "./certs/server-rsa-cert.pem"; + const char* useCert = "./certs/server-rsa-cert.pem"; if (useSelfSign) { useCert = "./certs/tpm-rsa-cert.pem"; } @@ -481,16 +488,15 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[]) /* Load "cert" buffer with ASN.1/DER certificate */ rc = wolfSSL_CTX_use_certificate_buffer(ctx, cert, (long)certSz, WOLFSSL_FILETYPE_ASN1); - } #elif defined(NO_FILESYSTEM) - /* Load "cert" buffer with ASN.1/DER certificate */ + /* Example for loading cert using an ASN.1/DER certificate */ #if 0 rc = wolfSSL_CTX_use_certificate_buffer(ctx, cert.buffer, (long)cert.size, WOLFSSL_FILETYPE_ASN1); #endif #else - const char* useCert = "./certs/server-ecc-cert.pem"; + const char* useCert = "./certs/server-ecc-cert.pem"; if (useSelfSign) { useCert = "./certs/tpm-ecc-cert.pem"; }