Minor fixes for NVRAM examples

Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>

examples/README.md

@@ -281,7 +281,7 @@ Typical output for storing and then reading an RSA key using parameter encryptio
 $ ./examples/nvram/store -aes
 TPM2_StartAuthSession: sessionHandle 0x2000000
 Reading 840 bytes from keyblob.bin
-Storing key at TPM NV index 0x1800203 with password protection
+Storing key at TPM NV index 0x1800202 with password protection
 Public part = 616 bytes
 Private part = 222 bytes
 NV write succeeded
@@ -290,7 +290,7 @@ $ ./examples/nvram/read 616 222 -aes
 TPM2_StartAuthSession: sessionHandle 0x2000000
 Trying to read 616 bytes of public key part from NV
 Trying to read 222 bytes of private key part from NV
-Extraction of key from NVRAM at index 0x1800203 succeeded
+Extraction of key from NVRAM at index 0x1800202 succeeded
 ```
 
 The read example takes as first argument the size of the public part and as second argument the private part. This information is given from the store example. The "-aes" swiches triggers the use of parameter encryption.

examples/nvram/read.c

@@ -120,28 +120,28 @@ int TPM2_NVRAM_Read_Example(void* userCtx, int argc, char *argv[])
 
     /* Prepare auth for NV Index */
     XMEMSET(&nv, 0, sizeof(nv));
-    nv.handle.hndl = TPM2_DEMO_NVRAM_STORE_PRIV_INDEX;
+    nv.handle.hndl = TPM2_DEMO_NVRAM_STORE_INDEX;
     nv.handle.auth.size = auth.size;
     XMEMCPY(nv.handle.auth.buffer, auth.buffer, auth.size);
 
     readSize = keyBlob.pub.size;
     printf("Trying to read %d bytes of public key part from NV\n", readSize);
-    rc = wolfTPM2_NVReadAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_PRIV_INDEX,
+    rc = wolfTPM2_NVReadAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_INDEX,
         (byte*)&keyBlob.pub.publicArea, &readSize, 0);
     if (rc != 0) goto exit;
 
     readSize = keyBlob.priv.size;
     printf("Trying to read %d bytes of private key part from NV\n", readSize);
-    rc = wolfTPM2_NVReadAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_PRIV_INDEX,
+    rc = wolfTPM2_NVReadAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_INDEX,
         (byte*)&keyBlob.priv.buffer, &readSize, keyBlob.pub.size);
     if (rc != 0) goto exit;
 
     parent.hndl = TPM_RH_OWNER;
-    rc = wolfTPM2_NVDeleteAuth(&dev, &parent, TPM2_DEMO_NVRAM_STORE_PRIV_INDEX);
+    rc = wolfTPM2_NVDeleteAuth(&dev, &parent, TPM2_DEMO_NVRAM_STORE_INDEX);
     if (rc != 0) goto exit;
 
     printf("Extraction of key from NVRAM at index 0x%x succeeded\n" ,
-        TPM2_DEMO_NVRAM_STORE_PRIV_INDEX);
+        TPM2_DEMO_NVRAM_STORE_INDEX);
 
 exit:
 

examples/nvram/store.c

@@ -116,20 +116,20 @@ int TPM2_NVRAM_Store_Example(void* userCtx, int argc, char *argv[])
     if (rc != 0) goto exit;
 
     /* Our wolfTPM2 wrapper for NV_Define */
-    rc = wolfTPM2_NVCreateAuth(&dev, &parent, &nv, TPM2_DEMO_NVRAM_STORE_PRIV_INDEX,
+    rc = wolfTPM2_NVCreateAuth(&dev, &parent, &nv, TPM2_DEMO_NVRAM_STORE_INDEX,
         nvAttributes, TPM2_DEMO_NV_TEST_SIZE, (byte*)gNvAuth, sizeof(gNvAuth)-1);
     if (rc != 0 && rc != TPM_RC_NV_DEFINED) goto exit;
 
     printf("Storing key at TPM NV index 0x%x with password protection\n",
-             TPM2_DEMO_NVRAM_STORE_PRIV_INDEX);
+             TPM2_DEMO_NVRAM_STORE_INDEX);
 
     printf("Public part = %d bytes\n", keyBlob.pub.size);
-    rc = wolfTPM2_NVWriteAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_PRIV_INDEX,
+    rc = wolfTPM2_NVWriteAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_INDEX,
         (byte*)&keyBlob.pub.publicArea, keyBlob.pub.size, 0);
     if (rc != 0) goto exit;
 
     printf("Private part = %d bytes\n", keyBlob.priv.size);
-    rc = wolfTPM2_NVWriteAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_PRIV_INDEX,
+    rc = wolfTPM2_NVWriteAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_INDEX,
         keyBlob.priv.buffer, keyBlob.priv.size, keyBlob.pub.size);
     if (rc != 0) goto exit;
 

examples/tpm_test.h

@@ -42,8 +42,7 @@
 
 #define TPM2_DEMO_NV_TEST_INDEX         0x01800200
 #define TPM2_DEMO_NV_TEST_AUTH_INDEX    0x01800201
-#define TPM2_DEMO_NVRAM_STORE_PUB_INDEX 0x01800202
-#define TPM2_DEMO_NVRAM_STORE_PRIV_INDEX 0x01800203
+#define TPM2_DEMO_NVRAM_STORE_INDEX     0x01800202
 #define TPM2_DEMO_NV_TEST_SIZE          1024 /* max size on Infineon SLB9670 is 1664 */
 
 static const char gStorageKeyAuth[] = "ThisIsMyStorageKeyAuth";

src/tpm2.c

@@ -5675,7 +5675,6 @@ int TPM2_HashNvPublic(TPMS_NV_PUBLIC* nvPublic, byte* buffer, UINT16* size)
     wc_HashAlg hash;
     enum wc_HashType hashType;
     byte appending[sizeof(TPMS_NV_PUBLIC)];
-    TPM2B_DATA digest;
     TPM2_Packet packet;
 
     /* Prepare temporary buffer */
@@ -5707,14 +5706,14 @@ int TPM2_HashNvPublic(TPMS_NV_PUBLIC* nvPublic, byte* buffer, UINT16* size)
     }
 
     if (rc == 0) {
-        rc = wc_HashFinal(&hash, hashType, digest.buffer);
+        rc = wc_HashFinal(&hash, hashType, &buffer[2]);
     }
 
     if (rc == 0) {
+        /* Concatenate the nvPublic digest with nameAlg at the front */
         nameAlgValue = TPM2_Packet_SwapU16(nvPublic->nameAlg);
         nameAlgSize = sizeof(nvPublic->nameAlg);
         XMEMCPY(buffer, (byte*)&nameAlgValue, nameAlgSize);
-        XMEMCPY(&buffer[2], digest.buffer, hashSize);
         /* account for nameAlg concatenation */
         *size = hashSize + nameAlgSize;
         rc = TPM_RC_SUCCESS;

src/tpm2_wrap.c

@@ -430,7 +430,7 @@ int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index,
     return wolfTPM2_SetAuth(dev, index, TPM_RS_PW, auth, 0, name);
 }
 
-int wolfTPM2_SetNameHandle(WOLFTPM2_DEV* dev, int index,
+int wolfTPM2_SetAuthHandleName(WOLFTPM2_DEV* dev, int index,
     const WOLFTPM2_HANDLE* handle)
 {
     const TPM2B_NAME* name = NULL;
@@ -2602,6 +2602,7 @@ int wolfTPM2_NVCreateAuth(WOLFTPM2_DEV* dev, WOLFTPM2_HANDLE* parent,
         return rc;
     }
 
+    XMEMSET(nv, 0, sizeof(*nv));
     /* Compute NV Index name in case of parameter encryption */
     rc = TPM2_HashNvPublic(&in.publicInfo.nvPublic,
                             (byte*)&nv->handle.name.name,
@@ -2611,7 +2612,6 @@ int wolfTPM2_NVCreateAuth(WOLFTPM2_DEV* dev, WOLFTPM2_HANDLE* parent,
     }
 
     /* return new NV handle */
-    XMEMSET(nv, 0, sizeof(*nv));
     nv->handle.hndl = (TPM_HANDLE)nvIndex;
     nv->handle.auth = in.auth;
     /* nv->handle.name already populated by TPM2_HashNvPublic above */
@@ -2675,11 +2675,11 @@ int wolfTPM2_NVWriteAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv,
     }
 
     /* Necessary, because NVWrite has two handles, second is NV Index */
-    rc = wolfTPM2_SetNameHandle(dev, 0, &nv->handle);
-    rc |= wolfTPM2_SetNameHandle(dev, 1, &nv->handle);
+    rc = wolfTPM2_SetAuthHandleName(dev, 0, &nv->handle);
+    rc |= wolfTPM2_SetAuthHandleName(dev, 1, &nv->handle);
     if (rc != TPM_RC_SUCCESS) {
         printf("Storing NV Index Name failed\n");
-        return rc;
+        return TPM_RC_FAILURE;
     }
 
     while (dataSz > 0) {
@@ -2761,11 +2761,11 @@ int wolfTPM2_NVReadAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv,
     }
 
     /* Necessary, because NVWrite has two handles, second is NV Index */
-    rc = wolfTPM2_SetNameHandle(dev, 0, &nv->handle);
-    rc |= wolfTPM2_SetNameHandle(dev, 1, &nv->handle);
+    rc = wolfTPM2_SetAuthHandleName(dev, 0, &nv->handle);
+    rc |= wolfTPM2_SetAuthHandleName(dev, 1, &nv->handle);
     if (rc != TPM_RC_SUCCESS) {
         printf("Storing NV Index Name failed\n");
-        return rc;
+        return TPM_RC_FAILURE;
     }
 
     dataSz = *pDataSz;

wolftpm/tpm2_wrap.h

@@ -139,7 +139,7 @@ WOLFTPM_API int wolfTPM2_SetAuthPassword(WOLFTPM2_DEV* dev, int index, const TPM
 WOLFTPM_API int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index, const WOLFTPM2_HANDLE* handle);
 WOLFTPM_API int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index,
     const WOLFTPM2_SESSION* tpmSession, TPMA_SESSION sessionAttributes);
-WOLFTPM_API int wolfTPM2_SetNameHandle(WOLFTPM2_DEV* dev, int index, const WOLFTPM2_HANDLE* handle);
+WOLFTPM_API int wolfTPM2_SetAuthHandleName(WOLFTPM2_DEV* dev, int index, const WOLFTPM2_HANDLE* handle);
 
 WOLFTPM_API int wolfTPM2_StartSession(WOLFTPM2_DEV* dev,
     WOLFTPM2_SESSION* session, WOLFTPM2_KEY* tpmKey,