From 249f9d4942245bf1c7e1e66b6cb67f1b01f2ae47 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 15 Nov 2023 21:53:50 -0800 Subject: [PATCH] Fixes for building wolfCrypt without PEM to DER support. --- examples/pcr/policy_sign.c | 2 +- src/tpm2_wrap.c | 23 ++++++++--------------- tests/unit_tests.c | 10 ++++------ wolftpm/tpm2_types.h | 5 +++++ 4 files changed, 18 insertions(+), 22 deletions(-) diff --git a/examples/pcr/policy_sign.c b/examples/pcr/policy_sign.c index 41a1515f..1abcdd05 100644 --- a/examples/pcr/policy_sign.c +++ b/examples/pcr/policy_sign.c @@ -109,7 +109,7 @@ static int PolicySign(TPM_ALG_ID alg, const char* keyFile, const char* password, if (rc == 0) { /* handle PEM conversion to DER */ if (encType == ENCODING_TYPE_PEM) { - #if !defined(WOLFTPM2_NO_HEAP) && defined(WOLFSSL_PEM_TO_DER) + #ifdef WOLFTPM2_PEM_DECODE /* der size is base 64 decode length */ word32 derSz = (word32)bufSz * 3 / 4 + 1; byte* derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index 28b6af19..a20492c9 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -2717,9 +2717,7 @@ int wolfTPM2_ImportPublicKeyBuffer(WOLFTPM2_DEV* dev, int keyType, } if (encodingType == ENCODING_TYPE_PEM) { - #if !defined(WOLFTPM2_NO_HEAP) && defined(WOLFSSL_PEM_TO_DER) && \ - (defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)) && \ - !defined(NO_ASN) + #ifdef WOLFTPM2_PEM_DECODE /* der size is base 64 decode length */ derSz = inSz * 3 / 4 + 1; derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -2755,7 +2753,7 @@ int wolfTPM2_ImportPublicKeyBuffer(WOLFTPM2_DEV* dev, int keyType, #endif } -#if !defined(WOLFTPM2_NO_HEAP) && defined(WOLFSSL_PEM_TO_DER) +#ifdef WOLFTPM2_PEM_DECODE if (derBuf != (byte*)input) { XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } @@ -2785,7 +2783,7 @@ int wolfTPM2_ImportPrivateKeyBuffer(WOLFTPM2_DEV* dev, XMEMSET(&sens, 0, sizeof(sens)); if (encodingType == ENCODING_TYPE_PEM) { - #if !defined(WOLFTPM2_NO_HEAP) && defined(WOLFSSL_PEM_TO_DER) + #ifdef WOLFTPM2_PEM_DECODE /* der size is base 64 decode length */ derSz = inSz * 3 / 4 + 1; derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -2856,7 +2854,7 @@ int wolfTPM2_ImportPrivateKeyBuffer(WOLFTPM2_DEV* dev, rc = wolfTPM2_ImportPrivateKey(dev, parentKey, keyBlob, pub, &sens); } -#if !defined(WOLFTPM2_NO_HEAP) && defined(WOLFSSL_PEM_TO_DER) +#ifdef WOLFTPM2_PEM_DECODE if (derBuf != (byte*)input) { XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } @@ -2915,8 +2913,7 @@ int wolfTPM2_RsaPrivateKeyImportDer(WOLFTPM2_DEV* dev, } #endif /* !NO_ASN */ -#if !defined(WOLFTPM2_NO_HEAP) && defined(WOLFSSL_PEM_TO_DER) - +#ifdef WOLFTPM2_PEM_DECODE int wolfTPM2_RsaPrivateKeyImportPem(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* parentKey, WOLFTPM2_KEYBLOB* keyBlob, const char* input, word32 inSz, char* pass, @@ -2927,8 +2924,7 @@ int wolfTPM2_RsaPrivateKeyImportPem(WOLFTPM2_DEV* dev, return wolfTPM2_ImportPrivateKeyBuffer(dev, parentKey, TPM_ALG_RSA, keyBlob, ENCODING_TYPE_PEM, input, inSz, pass, 0, NULL, 0); } - -#endif /* !WOLFTPM2_NO_HEAP && WOLFSSL_PEM_TO_DER */ +#endif /* WOLFTPM2_PEM_DECODE */ int wolfTPM2_RsaKey_TpmToWolf(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey, @@ -3097,17 +3093,14 @@ int wolfTPM2_RsaKey_PubPemToTpm(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey, const byte* pem, word32 pemSz) { int rc = TPM_RC_FAILURE; -#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(WOLFSSL_PEM_TO_DER) && \ - (defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)) +#ifdef WOLFTPM2_PEM_DECODE RsaKey rsaKey; #endif if (dev == NULL || tpmKey == NULL || pem == NULL) return BAD_FUNC_ARG; -#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(WOLFSSL_PEM_TO_DER) && \ - (defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)) && \ - !defined(NO_ASN) +#ifdef WOLFTPM2_PEM_DECODE /* Prepare wolfCrypt key structure */ rc = wc_InitRsaKey(&rsaKey, NULL); if (rc == 0) { diff --git a/tests/unit_tests.c b/tests/unit_tests.c index 6b7562f3..1859ae16 100644 --- a/tests/unit_tests.c +++ b/tests/unit_tests.c @@ -328,7 +328,7 @@ static void test_wolfTPM2_CSR(void) #endif } -#ifndef WOLFTPM2_NO_WOLFCRYPT +#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(WOLFTPM2_PEM_DECODE) static WOLFTPM2_KEY authKey; /* also used for test_wolfTPM2_PCRPolicy */ static void test_wolfTPM_ImportPublicKey(void) @@ -364,9 +364,7 @@ static void test_wolfTPM_ImportPublicKey(void) pemPublicKey, (word32)XSTRLEN(pemPublicKey), attributes ); - if (rc != 0 && rc != NOT_COMPILED_IN) { - AssertIntEQ(rc, 0); - } + AssertIntEQ(rc, 0); wolfTPM2_Cleanup(&dev); } @@ -435,7 +433,7 @@ static void test_wolfTPM2_PCRPolicy(void) wolfTPM2_Cleanup(&dev); } -#endif /* !WOLFTPM2_NO_WOLFCRYPT */ +#endif /* !WOLFTPM2_NO_WOLFCRYPT && WOLFTPM2_PEM_DECODE */ #if defined(HAVE_THREAD_LS) && defined(HAVE_PTHREAD) #include @@ -507,7 +505,7 @@ int unit_tests(int argc, char *argv[]) test_TPM2_KDFa(); test_wolfTPM2_ReadPublicKey(); test_wolfTPM2_CSR(); - #ifndef WOLFTPM2_NO_WOLFCRYPT + #if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(WOLFTPM2_PEM_DECODE) test_wolfTPM_ImportPublicKey(); test_wolfTPM2_PCRPolicy(); #endif diff --git a/wolftpm/tpm2_types.h b/wolftpm/tpm2_types.h index 4cc0e1fb..0a15e26b 100644 --- a/wolftpm/tpm2_types.h +++ b/wolftpm/tpm2_types.h @@ -650,6 +650,11 @@ typedef int64_t INT64; #define WOLFTPM2_CERT_GEN #endif +#if !defined(WOLFTPM2_NO_HEAP) && defined(WOLFSSL_PEM_TO_DER) && \ + (defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)) && \ + !defined(NO_ASN) + #define WOLFTPM2_PEM_DECODE +#endif /* ---------------------------------------------------------------------------*/ /* ENDIANESS HELPERS */