From b7c374d0d17f240d3e2172e09b4e0dce0bd16099 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 15 Aug 2023 12:12:39 -0700 Subject: [PATCH] Improvements to the secure_rot example. Add support for manually placing hash. --- examples/boot/include.am | 3 +- examples/boot/secure_rot.c | 228 +++++++++++++++++-------------------- examples/csr/csr.c | 8 +- examples/pcr/extend.c | 2 +- examples/pkcs7/pkcs7.c | 46 ++++---- examples/seal/unseal.c | 2 +- examples/tpm_test_keys.c | 51 ++++----- examples/tpm_test_keys.h | 2 + wolftpm/tpm2_types.h | 11 +- 9 files changed, 169 insertions(+), 184 deletions(-) diff --git a/examples/boot/include.am b/examples/boot/include.am index e2fef0f7..06e87d2b 100644 --- a/examples/boot/include.am +++ b/examples/boot/include.am @@ -4,7 +4,8 @@ if BUILD_EXAMPLES noinst_PROGRAMS += examples/boot/secure_rot noinst_HEADERS += examples/boot/boot.h -examples_boot_secure_rot_SOURCES = examples/boot/secure_rot.c +examples_boot_secure_rot_SOURCES = examples/boot/secure_rot.c \ + examples/tpm_test_keys.c examples_boot_secure_rot_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD) examples_boot_secure_rot_DEPENDENCIES = src/libwolftpm.la endif diff --git a/examples/boot/secure_rot.c b/examples/boot/secure_rot.c index 35b28635..58103a21 100644 --- a/examples/boot/secure_rot.c +++ b/examples/boot/secure_rot.c @@ -32,58 +32,61 @@ #include #include +#include #include #include -/* WC_HASH_TYPE_SHA256 or WC_HASH_TYPE_SHA384 */ -#define TPM2_SECURE_ROT_HASH_ALGO WC_HASH_TYPE_SHA256 - -#define TPM2_SECURE_ROT_EXAMPLE_PUB_KEY "certs/example-rsa-key-pub.der" - /******************************************************************************/ /* --- BEGIN TPM NVRAM Secure Boot Root of Trust Example -- */ /******************************************************************************/ static void usage(void) { printf("Expected usage:\n"); - printf("./examples/boot/secure_rot [-nvindex] [-write] [-lock]\n"); + printf("./examples/boot/secure_rot [-nvindex] [-write=/-hash=] [-auth] [-sha384] [-lock]\n"); printf("* -nvindex=[handle] (default 0x%x)\n", TPM2_DEMO_NV_SECURE_ROT_INDEX); + printf("* -hash=hash: Hex string digest to write\n"); printf("* -write=filename: DER formatted public key to write\n"); - printf("\tDefault public key: " TPM2_SECURE_ROT_EXAMPLE_PUB_KEY "\n"); + printf("* -auth=password: Optional password for NV\n"); + printf("* -sha384: Use SHA2-384 (default is SHA2-256)\n"); printf("* -lock: Lock the write\n"); + printf("\nExamples:\n"); + printf("\t./examples/boot/secure_rot -write=./certs/example-ecc256-key-pub.der\n"); + printf("\t./examples/boot/secure_rot -sha384 -hash=" + "e77dd3112a27948a3f2d87f32dc69ebe" + "ed0b3344c5d7726f5742f4f0c0f451aa" + "be4213f8b3b986639e69ed0ea8b49d94\n" + ); } -/* forward declaration */ -static int load_file(const char* fname, byte** buf, size_t* bufLen); - -/* Example for reading unique system registers for derived authentication - * used to access TPM NV */ -static int GetSystemUniqueAuth(enum wc_HashType hashType, byte* authBuf) +static signed char HexCharToByte(signed char ch) { - int rc; - wc_HashAlg hash; - uint32_t reg1 = 0x01234567; - uint32_t reg2 = 0x89ABCDEF; - uint32_t reg3 = 0x01234567; - uint32_t reg4 = 0x89ABCDEF; - - rc = wc_HashInit(&hash, hashType); - if (rc == 0) { - rc = wc_HashUpdate(&hash, hashType, (byte*)®1, sizeof(reg1)); - if (rc == 0) - rc = wc_HashUpdate(&hash, hashType, (byte*)®2, sizeof(reg2)); - if (rc == 0) - rc = wc_HashUpdate(&hash, hashType, (byte*)®3, sizeof(reg3)); - if (rc == 0) - rc = wc_HashUpdate(&hash, hashType, (byte*)®4, sizeof(reg4)); - if (rc == 0) { - rc = wc_HashFinal(&hash, hashType, authBuf); + signed char ret = (signed char)ch; + if (ret >= '0' && ret <= '9') + ret -= '0'; + else if (ret >= 'A' && ret <= 'F') + ret -= 'A' - 10; + else if (ret >= 'a' && ret <= 'f') + ret -= 'a' - 10; + else + ret = -1; /* error case - return code must be signed */ + return ret; +} +static int HexToByte(const char *hex, unsigned char *output, unsigned long sz) +{ + int outSz = 0; + word32 i; + for (i = 0; i < sz; i+=2) { + signed char ch1, ch2; + ch1 = HexCharToByte(hex[i]); + ch2 = HexCharToByte(hex[i+1]); + if ((ch1 < 0) || (ch2 < 0)) { + return -1; } - wc_HashFree(&hash, hashType); + output[outSz++] = (unsigned char)((ch1 << 4) + ch2); } - return rc; + return outSz; } int TPM2_Boot_SecureROT_Example(void* userCtx, int argc, char *argv[]) @@ -93,26 +96,27 @@ int TPM2_Boot_SecureROT_Example(void* userCtx, int argc, char *argv[]) WOLFTPM2_SESSION tpmSession; WOLFTPM2_HANDLE parent; WOLFTPM2_NV nv; + TPMS_NV_PUBLIC nvPublic; word32 nvAttributes; /* always use AES CFB parameter encryption */ int paramEncAlg = TPM_ALG_CFB; /* use platform handle to prevent TPM2_Clear from removing */ TPMI_RH_NV_AUTH authHandle = TPM_RH_PLATFORM; - const char* filename = TPM2_SECURE_ROT_EXAMPLE_PUB_KEY; + const char* filename = NULL; word32 nvIndex = TPM2_DEMO_NV_SECURE_ROT_INDEX; int doWrite = 0, doLock = 0; byte* buf = NULL; size_t bufSz = 0; - enum wc_HashType hashType = TPM2_SECURE_ROT_HASH_ALGO; + enum wc_HashType hashType = WC_HASH_TYPE_SHA256; byte digest[WC_MAX_DIGEST_SIZE]; - word32 digestSz = wc_HashGetDigestSize(hashType); + word32 digestSz = 0; byte authBuf[WC_SHA256_DIGEST_SIZE]; + word32 authBufSz = 0; - if (digestSz <= 0) { - printf("Unsupported hash type %d!\n", hashType); - usage(); - return -1; - } + XMEMSET(&tpmSession, 0, sizeof(tpmSession)); + XMEMSET(&parent, 0, sizeof(parent)); + XMEMSET(authBuf, 0, sizeof(authBuf)); + XMEMSET(digest, 0, sizeof(digest)); if (argc >= 2) { if (XSTRCMP(argv[1], "-?") == 0 || @@ -124,8 +128,8 @@ int TPM2_Boot_SecureROT_Example(void* userCtx, int argc, char *argv[]) } while (argc > 1) { if (XSTRNCMP(argv[argc-1], "-nvindex=", XSTRLEN("-nvindex=")) == 0) { - nvIndex = (word32)XSTRTOL(argv[argc-1] + - XSTRLEN("-nvindex="), NULL, 0); + const char* nvIndexStr = argv[argc-1] + XSTRLEN("-nvindex="); + nvIndex = (word32)XSTRTOL(nvIndexStr, NULL, 0); if ((authHandle == TPM_RH_PLATFORM && ( nvIndex > TPM_20_PLATFORM_MFG_NV_SPACE && nvIndex < TPM_20_OWNER_NV_SPACE)) || @@ -133,17 +137,45 @@ int TPM2_Boot_SecureROT_Example(void* userCtx, int argc, char *argv[]) nvIndex > TPM_20_OWNER_NV_SPACE && nvIndex < TPM_20_TCG_NV_SPACE))) { - printf("Invalid NV Index %s\n", argv[argc-1] + 8); - nvIndex = 0; + fprintf(stderr, "Invalid NV Index %s\n", nvIndexStr); + usage(); + return -1; } } else if (XSTRNCMP(argv[argc-1], "-write=", XSTRLEN("-write=")) == 0) { doWrite = 1; filename = argv[argc-1] + XSTRLEN("-write="); } - else if (XSTRCMP(argv[argc-1], "-write") == 0) { + else if (XSTRNCMP(argv[argc-1], "-hash=", XSTRLEN("-hash=")) == 0) { + const char* hashHexStr = argv[argc-1] + XSTRLEN("-hash="); + int hashHexStrLen = (int)XSTRLEN(hashHexStr); + if (hashHexStrLen > (int)sizeof(digest)*2+1) + hashHexStrLen = -1; + else + digestSz = HexToByte(hashHexStr, digest, hashHexStrLen); + if (digestSz < 0) { + fprintf(stderr, "Invalid hash length\n"); + usage(); + return -1; + } doWrite = 1; } + else if (XSTRNCMP(argv[argc-1], "-auth=", XSTRLEN("-auth=")) == 0) { + const char* authHexStr = argv[argc-1] + XSTRLEN("-auth="); + int authHexStrLen = (int)XSTRLEN(authHexStr); + if (authHexStrLen > (int)sizeof(authBuf)*2+1) + authBufSz = -1; + else + authBufSz = HexToByte(authHexStr, authBuf, authHexStrLen); + if (authBufSz < 0) { + fprintf(stderr, "Invalid auth length\n"); + usage(); + return -1; + } + } + else if (XSTRCMP(argv[argc-1], "-sha384") == 0) { + hashType = WC_HASH_TYPE_SHA384; + } else if (XSTRCMP(argv[argc-1], "-lock") == 0) { doLock = 1; } @@ -153,9 +185,8 @@ int TPM2_Boot_SecureROT_Example(void* userCtx, int argc, char *argv[]) argc--; }; - XMEMSET(&tpmSession, 0, sizeof(tpmSession)); - XMEMSET(&parent, 0, sizeof(parent)); - XMEMSET(digest, 0, sizeof(digest)); + /* setup the parent handle OWNER/PLATFORM */ + parent.hndl = authHandle; rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx); if (rc != TPM_RC_SUCCESS) { @@ -163,15 +194,6 @@ int TPM2_Boot_SecureROT_Example(void* userCtx, int argc, char *argv[]) goto exit; } - /* Derive a unique value from hardware to authenticate the NV */ - rc = GetSystemUniqueAuth(hashType, authBuf); - if (rc != 0) { - printf("Error getting system unique NV auth! %d\n", rc); - goto exit; - } - printf("NV Auth (%d)\n", (int)sizeof(authBuf)); - TPM2_PrintBin(authBuf, sizeof(authBuf)); - /* Start TPM session for parameter encryption */ printf("Parameter Encryption: Enabled %s and HMAC\n\n", TPM2_GetAlgName(paramEncAlg)); @@ -186,23 +208,32 @@ int TPM2_Boot_SecureROT_Example(void* userCtx, int argc, char *argv[]) TPMA_SESSION_continueSession)); if (rc != 0) goto exit; + printf("NV Auth (%d)\n", authBufSz); + TPM2_PrintBin(authBuf, authBufSz); + /* Open file */ if (doWrite) { - printf("Storing hash of public key file %s to " - "NV index 0x%x with password protection\n\n", - filename, nvIndex); + if (filename == NULL) { + printf("Storing hash to NV index 0x%x\n\n", nvIndex); + } + else { + printf("Storing hash of public key file %s to NV index 0x%x\n\n", + filename, nvIndex); + + rc = loadFile(filename, &buf, &bufSz); + if (rc == 0) { + /* hash public key */ + digestSz = wc_HashGetDigestSize(hashType); + rc = wc_Hash(hashType, buf, (word32)bufSz, digest, digestSz); + } + } - rc = load_file(filename, &buf, &bufSz); if (rc == 0) { - /* hash public key */ - rc = wc_Hash(hashType, buf, (word32)bufSz, digest, digestSz); - printf("Public Key Hash (%d)\n", digestSz); TPM2_PrintBin(digest, digestSz); } if (rc == 0) { /* Get NV attributes */ - parent.hndl = authHandle; rc = wolfTPM2_GetNvAttributesTemplate(parent.hndl, &nvAttributes); } if (rc == 0) { @@ -211,7 +242,7 @@ int TPM2_Boot_SecureROT_Example(void* userCtx, int argc, char *argv[]) /* Create NV */ rc = wolfTPM2_NVCreateAuth(&dev, &parent, &nv, nvIndex, - nvAttributes, digestSz, authBuf, sizeof(authBuf)); + nvAttributes, digestSz, authBuf, authBufSz); if (rc == TPM_RC_NV_DEFINED) { printf("Warning: NV Index 0x%x already exists!\n", nvIndex); rc = 0; @@ -228,8 +259,14 @@ int TPM2_Boot_SecureROT_Example(void* userCtx, int argc, char *argv[]) /* Setup the NV access */ XMEMSET(&nv, 0, sizeof(nv)); nv.handle.hndl = nvIndex; - nv.handle.auth.size = sizeof(authBuf); - XMEMCPY(nv.handle.auth.buffer, authBuf, sizeof(authBuf)); + nv.handle.auth.size = authBufSz; + XMEMCPY(nv.handle.auth.buffer, authBuf, nv.handle.auth.size); + + /* Read the NV Index publicArea to have up to date NV Index Name */ + rc = wolfTPM2_NVReadPublic(&dev, nvIndex, &nvPublic); + if (rc == 0) { + digestSz = nvPublic.dataSize; + } /* Read access */ printf("Reading NV 0x%x public key hash\n", nvIndex); @@ -263,59 +300,6 @@ int TPM2_Boot_SecureROT_Example(void* userCtx, int argc, char *argv[]) return rc; } -static int load_file(const char* fname, byte** buf, size_t* bufLen) -{ - int ret; -#if !defined(NO_FILESYSTEM) - long int fileSz; - XFILE lFile; - - if (fname == NULL || buf == NULL || bufLen == NULL) - return BAD_FUNC_ARG; - - /* set defaults */ - *buf = NULL; - *bufLen = 0; - - /* open file (read-only binary) */ - lFile = XFOPEN(fname, "rb"); - if (!lFile) { - fprintf(stderr, "Error loading %s\n", fname); - return BUFFER_E; - } - - XFSEEK(lFile, 0, XSEEK_END); - fileSz = (int)ftell(lFile); - XFSEEK(lFile, 0, XSEEK_SET); - if (fileSz > 0) { - *bufLen = (size_t)fileSz; - *buf = (byte*)XMALLOC(*bufLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (*buf == NULL) { - ret = MEMORY_E; - fprintf(stderr, - "Error allocating %lu bytes\n", (unsigned long)*bufLen); - } - else { - size_t readLen = fread(*buf, *bufLen, 1, lFile); - - /* check response code */ - ret = (readLen > 0) ? 0 : -1; - } - } - else { - ret = BUFFER_E; - } - fclose(lFile); -#else - (void)fname; - (void)buf; - (void)bufLen; - ret = NOT_COMPILED_IN; -#endif - return ret; -} -/* !NO_FILESYSTEM */ - /******************************************************************************/ /* --- END TPM NVRAM Secure Boot Root of Trust Example -- */ /******************************************************************************/ diff --git a/examples/csr/csr.c b/examples/csr/csr.c index 8d5a28cb..1d8cb087 100644 --- a/examples/csr/csr.c +++ b/examples/csr/csr.c @@ -102,10 +102,10 @@ static int TPM2_CSR_Generate(WOLFTPM2_DEV* dev, int keyType, WOLFTPM2_KEY* key, output.size = rc; printf("Generated/Signed Cert (PEM %d)\n", output.size); #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - FILE* pemFile = fopen(outputPemFile, "wb"); - if (pemFile) { - rc = (int)fwrite(output.buffer, 1, output.size, pemFile); - fclose(pemFile); + XFILE pemFile = XFOPEN(outputPemFile, "wb"); + if (pemFile != XBADFILE) { + rc = (int)XFWRITE(output.buffer, 1, output.size, pemFile); + XFCLOSE(pemFile); rc = (rc == output.size) ? 0 : -1; if (rc == 0) { printf("Saved to %s\n", outputPemFile); diff --git a/examples/pcr/extend.c b/examples/pcr/extend.c index a7023698..538d9db6 100644 --- a/examples/pcr/extend.c +++ b/examples/pcr/extend.c @@ -124,7 +124,7 @@ int TPM2_PCR_Extend_Test(void* userCtx, int argc, char *argv[]) if (filename) { fp = XFOPEN(filename, "rb"); } - if (filename && fp) { + if (filename && fp != XBADFILE) { #if !defined(NO_SHA256) wc_InitSha256(&sha256); while (!XFEOF(fp)) { diff --git a/examples/pkcs7/pkcs7.c b/examples/pkcs7/pkcs7.c index a0f8ec8f..1843877e 100644 --- a/examples/pkcs7/pkcs7.c +++ b/examples/pkcs7/pkcs7.c @@ -97,7 +97,7 @@ static int PKCS7_SignVerifyEx(WOLFTPM2_DEV* dev, int tpmDevId, WOLFTPM2_BUFFER* byte dataChunk[MY_DATA_CHUNKS]; word32 dataChunkSz, offset = 0; #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - FILE* pemFile; + XFILE pemFile; #endif XMEMSET(&pkcs7, 0, sizeof(pkcs7)); @@ -152,13 +152,13 @@ static int PKCS7_SignVerifyEx(WOLFTPM2_DEV* dev, int tpmDevId, WOLFTPM2_BUFFER* TPM2_PrintBin(outputFoot.buffer, outputFoot.size); #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - pemFile = fopen("./examples/pkcs7/pkcs7tpmsignedex.p7s", "wb"); - if (pemFile) { + pemFile = XFOPEN("./examples/pkcs7/pkcs7tpmsignedex.p7s", "wb"); + if (pemFile != XBADFILE) { /* Header */ - rc = (int)fwrite(outputHead.buffer, 1, outputHead.size, pemFile); + rc = (int)XFWRITE(outputHead.buffer, 1, outputHead.size, pemFile); if (rc != outputHead.size) { - fclose(pemFile); + XFCLOSE(pemFile); rc = -1; goto exit; } @@ -168,9 +168,9 @@ static int PKCS7_SignVerifyEx(WOLFTPM2_DEV* dev, int tpmDevId, WOLFTPM2_BUFFER* if (dataChunkSz == 0) break; - rc = (int)fwrite(dataChunk, 1, dataChunkSz, pemFile); + rc = (int)XFWRITE(dataChunk, 1, dataChunkSz, pemFile); if (rc != (int)dataChunkSz) { - fclose(pemFile); + XFCLOSE(pemFile); rc = -1; goto exit; } @@ -179,13 +179,13 @@ static int PKCS7_SignVerifyEx(WOLFTPM2_DEV* dev, int tpmDevId, WOLFTPM2_BUFFER* dataChunkSz = GetMyData(NULL, 0, 0); /* get total size */ /* Footer */ - rc = (int)fwrite(outputFoot.buffer, 1, outputFoot.size, pemFile); + rc = (int)XFWRITE(outputFoot.buffer, 1, outputFoot.size, pemFile); if (rc != outputFoot.size) { - fclose(pemFile); + XFCLOSE(pemFile); rc = -1; goto exit; } - fclose(pemFile); + XFCLOSE(pemFile); } #endif @@ -229,7 +229,7 @@ static int PKCS7_SignVerify(WOLFTPM2_DEV* dev, int tpmDevId, WOLFTPM2_BUFFER* de byte data[] = "My encoded DER cert."; WOLFTPM2_BUFFER output; #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - FILE* pemFile; + XFILE pemFile; #endif XMEMSET(&pkcs7, 0, sizeof(pkcs7)); @@ -255,10 +255,10 @@ static int PKCS7_SignVerify(WOLFTPM2_DEV* dev, int tpmDevId, WOLFTPM2_BUFFER* de TPM2_PrintBin(output.buffer, output.size); #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - pemFile = fopen("./examples/pkcs7/pkcs7tpmsigned.p7s", "wb"); - if (pemFile) { - rc = (int)fwrite(output.buffer, 1, output.size, pemFile); - fclose(pemFile); + pemFile = XFOPEN("./examples/pkcs7/pkcs7tpmsigned.p7s", "wb"); + if (pemFile != XBADFILE) { + rc = (int)XFWRITE(output.buffer, 1, output.size, pemFile); + XFCLOSE(pemFile); if (rc != output.size) { rc = -1; goto exit; } @@ -306,7 +306,7 @@ int TPM2_PKCS7_ExampleArgs(void* userCtx, int argc, char *argv[]) int tpmDevId; WOLFTPM2_BUFFER der; #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - FILE* derFile; + XFILE derFile; #endif (void)argc; @@ -354,13 +354,13 @@ int TPM2_PKCS7_ExampleArgs(void* userCtx, int argc, char *argv[]) /* load DER certificate for TPM key (obtained by running `./examples/csr/csr` and `./certs/certreq.sh`) */ #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) - derFile = fopen("./certs/client-rsa-cert.der", "rb"); - if (derFile) { - fseek(derFile, 0, SEEK_END); - der.size = (int)ftell(derFile); - rewind(derFile); - rc = (int)fread(der.buffer, 1, der.size, derFile); - fclose(derFile); + derFile = XFOPEN("./certs/client-rsa-cert.der", "rb"); + if (derFile != XBADFILE) { + XFSEEK(derFile, 0, XSEEK_END); + der.size = (int)XFTELL(derFile); + XREWIND(derFile); + rc = (int)XFREAD(der.buffer, 1, der.size, derFile); + XFCLOSE(derFile); if (rc != der.size) { rc = -1; goto exit; } diff --git a/examples/seal/unseal.c b/examples/seal/unseal.c index 39d3800e..e8ed77b4 100644 --- a/examples/seal/unseal.c +++ b/examples/seal/unseal.c @@ -131,7 +131,7 @@ int TPM2_Unseal_Example(void* userCtx, int argc, char *argv[]) /* Output the unsealed data to a file */ if (filename) { fp = XFOPEN(filename, "wb"); - if (fp) { + if (fp != XBADFILE) { len = XFWRITE(cmdOut_unseal.outData.buffer, 1, cmdOut_unseal.outData.size, fp); if (len != cmdOut_unseal.outData.size) { printf("Error while writing the unsealed data to a file.\n"); diff --git a/examples/tpm_test_keys.c b/examples/tpm_test_keys.c index 7e0c54c1..d0b95b85 100644 --- a/examples/tpm_test_keys.c +++ b/examples/tpm_test_keys.c @@ -390,54 +390,51 @@ int getECCkey(WOLFTPM2_DEV* pDev, WOLFTPM2_KEY* pStorageKey, WOLFTPM2_KEY* key, int loadFile(const char* fname, byte** buf, size_t* bufLen) { - int ret; -#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM) && \ - !defined(WOLFTPM2_NO_HEAP) - long int fileSz; - XFILE lFile; + int ret = 0; +#if !defined(NO_FILESYSTEM) + ssize_t fileSz, readLen; + XFILE fp; if (fname == NULL || buf == NULL || bufLen == NULL) return BAD_FUNC_ARG; - /* set defaults */ - *buf = NULL; - *bufLen = 0; - /* open file (read-only binary) */ - lFile = XFOPEN(fname, "rb"); - if (!lFile) { + fp = XFOPEN(fname, "rb"); + if (fp == XBADFILE) { fprintf(stderr, "Error loading %s\n", fname); return BUFFER_E; } - XFSEEK(lFile, 0, XSEEK_END); - fileSz = (int)ftell(lFile); - XFSEEK(lFile, 0, XSEEK_SET); - if (fileSz > 0) { - *bufLen = (size_t)fileSz; - *buf = (byte*)XMALLOC(*bufLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFSEEK(fp, 0, XSEEK_END); + fileSz = XFTELL(fp); + XREWIND(fp); + if (fileSz > 0) { if (*buf == NULL) { - ret = MEMORY_E; - fprintf(stderr, - "Error allocating %lu bytes\n", (unsigned long)*bufLen); + #if !defined(WOLFTPM2_NO_HEAP) + *buf = (byte*)XMALLOC(fileSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (*buf == NULL) + ret = MEMORY_E; + #endif } - else { - size_t readLen = fread(*buf, *bufLen, 1, lFile); - - /* check response code */ - ret = (readLen > 0) ? 0 : -1; + else if (*buf != NULL && fileSz > (ssize_t)*bufLen) { + ret = INPUT_SIZE_E; + } + *bufLen = (size_t)fileSz; + if (ret == 0) { + readLen = XFREAD(*buf, 1, *bufLen, fp); + ret = (readLen == (ssize_t)*bufLen) ? 0 : -1; } } else { ret = BUFFER_E; } - fclose(lFile); + XFCLOSE(fp); #else (void)fname; (void)buf; (void)bufLen; ret = NOT_COMPILED_IN; -#endif /* !WOLFTPM2_NO_WOLFCRYPT && !NO_FILESYSTEM && !WOLFTPM2_NO_HEAP */ +#endif /* !NO_FILESYSTEM */ return ret; } diff --git a/examples/tpm_test_keys.h b/examples/tpm_test_keys.h index 03b8e271..bf4d9066 100644 --- a/examples/tpm_test_keys.h +++ b/examples/tpm_test_keys.h @@ -66,6 +66,8 @@ WOLFTPM_LOCAL int getECCkey(WOLFTPM2_DEV* pDev, const byte* auth, int authSz, TPMT_PUBLIC* publicTemplate); + +/* if *buf != NULL, it will use existing buffer and provided bufLen */ WOLFTPM_LOCAL int loadFile(const char* fname, byte** buf, size_t* bufLen); #endif /* !WOLFTPM2_NO_WRAPPER */ diff --git a/wolftpm/tpm2_types.h b/wolftpm/tpm2_types.h index 0fb1b628..7a357cd8 100644 --- a/wolftpm/tpm2_types.h +++ b/wolftpm/tpm2_types.h @@ -144,13 +144,14 @@ typedef int64_t INT64; typedef uint64_t word64; /* Errors from wolfssl/wolfcrypt/error-crypt.h */ - #define BAD_FUNC_ARG -173 /* Bad function argument provided */ - #define BUFFER_E -132 /* output buffer too small or input too large */ - #define NOT_COMPILED_IN -174 /* Feature not compiled in */ #define BAD_MUTEX_E -106 /* Bad mutex operation */ #define WC_TIMEOUT_E -107 /* timeout error */ - #define LENGTH_ONLY_E -202 - #define INPUT_SIZE_E -412 + #define MEMORY_E -125 /* out of memory error */ + #define BUFFER_E -132 /* output buffer too small or input too large */ + #define BAD_FUNC_ARG -173 /* Bad function argument provided */ + #define NOT_COMPILED_IN -174 /* Feature not compiled in */ + #define LENGTH_ONLY_E -202 /* Returning output length only */ + #define INPUT_SIZE_E -412 /* input size too big error */ /* Errors from wolfssl/error-ssl.h */ #define SOCKET_ERROR_E -308 /* error state on socket */