Skip to content

Commit

Permalink
Merge pull request #390 from dgarske/oldcrypt
Browse files Browse the repository at this point in the history
Support for building wolfTPM against older wolfCrypt (like v4.7.0)
  • Loading branch information
embhorn authored Dec 17, 2024
2 parents 415f714 + 88f57f3 commit cb645d3
Show file tree
Hide file tree
Showing 7 changed files with 98 additions and 35 deletions.
23 changes: 23 additions & 0 deletions .github/workflows/make-test-swtpm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,29 @@ jobs:
make check
WOLFSSL_PATH=./wolfssl NO_FILESYSTEM=1 ./examples/run_examples.sh
# test with older wolfCrypt (v4.7.0)
- uses: actions/checkout@master
with:
repository: wolfssl/wolfssl
path: wolfssl-old
ref: v4.7.0-stable
- name: wolfssl old
working-directory: ./wolfssl
run: |
./configure --enable-wolftpm CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_TEST_CERT -DWOLFSSL_KEY_GEN"
make
sudo make install
- name: wolftpm with old wolfssl
# Old wolfSSL before PR #5075 does not support using a public key in place of private key with
# crypto callbacks enabled.
# To use PKCS7 or TLS Server a dummy private key must be used for older wolfSSL versions.
# Use newer wolfSSL TLS client/server to resolve test certificate expirations
run: |
./configure --enable-swtpm
make
make check
WOLFSSL_PATH=./wolfssl NO_PUBASPRIV=1 ./examples/run_examples.sh
# capture logs on failure
- name: Upload failure logs
if: failure()
Expand Down
4 changes: 2 additions & 2 deletions examples/csr/csr.c
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ static int TPM2_CSR_Generate(WOLFTPM2_DEV* dev, int keyType, WOLFTPM2_KEY* key,
#ifdef WOLFTPM2_NO_HEAP
/* single shot API for CSR generation */
rc = wolfTPM2_CSR_Generate_ex(dev, key, subject, keyUsage,
CTC_FILETYPE_PEM, output, outputSz, sigType, makeSelfSignedCert,
ENCODING_TYPE_PEM, output, outputSz, sigType, makeSelfSignedCert,
devId);
#else
rc = wolfTPM2_CSR_SetSubject(dev, csr, subject);
Expand All @@ -104,7 +104,7 @@ static int TPM2_CSR_Generate(WOLFTPM2_DEV* dev, int keyType, WOLFTPM2_KEY* key,
}
}
if (rc == 0) {
rc = wolfTPM2_CSR_MakeAndSign_ex(dev, csr, key, CTC_FILETYPE_PEM,
rc = wolfTPM2_CSR_MakeAndSign_ex(dev, csr, key, ENCODING_TYPE_PEM,
output, outputSz, sigType, makeSelfSignedCert, devId);
}
#endif
Expand Down
9 changes: 9 additions & 0 deletions examples/endorsement/get_ek_certs.c
Original file line number Diff line number Diff line change
Expand Up @@ -278,8 +278,13 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
if (rc == 0) {
/* Attempt to parse certificate */
printf("Parsing certificate (%d bytes)\n", certSz);
#ifdef WOLFSSL_TEST_CERT
InitDecodedCert(&cert, certBuf, certSz, NULL);
rc = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
#else
wc_InitDecodedCert(&cert, certBuf, certSz, NULL);
rc = wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
#endif
if (rc == 0) {
printf("\tSuccessfully parsed\n");

Expand Down Expand Up @@ -338,7 +343,11 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
printf("Error parsing certificate! %s (%d)\n",
TPM2_GetRCString(rc), rc);
}
#ifdef WOLFSSL_TEST_CERT
FreeDecodedCert(&cert);
#else
wc_FreeDecodedCert(&cert);
#endif

#ifndef WOLFCRYPT_ONLY
if (rc == 0) {
Expand Down
8 changes: 6 additions & 2 deletions examples/pkcs7/pkcs7.c
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,16 @@

/* The PKCS7 EX functions were added after v3.15.3 */
#include <wolfssl/version.h>
#if defined(LIBWOLFSSL_VERSION_HEX) && \
LIBWOLFSSL_VERSION_HEX > 0x03015003
#if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX > 0x03015003
#undef ENABLE_PKCS7EX_EXAMPLE
#define ENABLE_PKCS7EX_EXAMPLE
#endif

#if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX < 0x05007004
/* PKCS7 renamed to wc_PKCS7 */
#define wc_PKCS7 PKCS7
#endif

#ifndef MAX_PKCS7_SIZE
#define MAX_PKCS7_SIZE MAX_CONTEXT_SIZE
#endif
Expand Down
46 changes: 28 additions & 18 deletions examples/run_examples.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ fi
if [ -z "$NO_FILESYSTEM" ]; then
NO_FILESYSTEM=0
fi
if [ -z "$NO_PUBASPRIV" ]; then
NO_PUBASPRIV=0
fi
if [ -z "$WOLFCRYPT_DEFAULT" ]; then
WOLFCRYPT_DEFAULT=0
fi
Expand Down Expand Up @@ -337,7 +340,7 @@ fi

# PKCS7 Tests
echo -e "PKCS7 tests"
if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ] && [ $NO_FILESYSTEM -eq 0 ]; then
if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ] && [ $NO_FILESYSTEM -eq 0 ] && [ $NO_PUBASPRIV -eq 0 ]; then
./examples/pkcs7/pkcs7 >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "pkcs7 failed! $RESULT" && exit 1
Expand Down Expand Up @@ -400,22 +403,25 @@ if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ] && [ $NO_FILESYST
run_tpm_tls_client "rsa" "" "4"
run_tpm_tls_client "rsa" "-aes" "4"

run_tpm_tls_server "rsa" "" "3"
run_tpm_tls_server "rsa" "-aes" "3"
run_tpm_tls_server "rsa" "" "4"
run_tpm_tls_server "rsa" "-aes" "4"
if [ $NO_PUBASPRIV -eq 0 ]; then
run_tpm_tls_server "rsa" "" "3"
run_tpm_tls_server "rsa" "-aes" "3"
run_tpm_tls_server "rsa" "" "4"
run_tpm_tls_server "rsa" "-aes" "4"
fi

# TLS client/server ECC TLS v1.2 and v1.3 PK callbacks
run_tpm_tls_client "rsa" "-pk" "3"
run_tpm_tls_client "rsa" "-pk -aes" "3"
run_tpm_tls_client "rsa" "-pk" "4"
run_tpm_tls_client "rsa" "-pk -aes" "4"

run_tpm_tls_server "rsa" "-pk " "3"
run_tpm_tls_server "rsa" "-pk -aes" "3"
run_tpm_tls_server "rsa" "-pk " "4"
run_tpm_tls_server "rsa" "-pk -aes" "4"

if [ $NO_PUBASPRIV -eq 0 ]; then
run_tpm_tls_server "rsa" "-pk " "3"
run_tpm_tls_server "rsa" "-pk -aes" "3"
run_tpm_tls_server "rsa" "-pk " "4"
run_tpm_tls_server "rsa" "-pk -aes" "4"
fi
fi
if [ $WOLFCRYPT_ECC -eq 1 ]; then
# TLS client/server ECC TLS v1.2 and v1.3 Crypto callbacks
Expand All @@ -424,21 +430,25 @@ if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ] && [ $NO_FILESYST
run_tpm_tls_client "ecc" "" "4"
run_tpm_tls_client "ecc" "-aes" "4"

run_tpm_tls_server "ecc" "" "3"
run_tpm_tls_server "ecc" "-aes" "3"
run_tpm_tls_server "ecc" "" "4"
run_tpm_tls_server "ecc" "-aes" "4"
if [ $NO_PUBASPRIV -eq 0 ]; then
run_tpm_tls_server "ecc" "" "3"
run_tpm_tls_server "ecc" "-aes" "3"
run_tpm_tls_server "ecc" "" "4"
run_tpm_tls_server "ecc" "-aes" "4"
fi

# TLS client/server ECC TLS v1.2 and v1.3 PK callbacks
run_tpm_tls_client "ecc" "-pk" "3"
run_tpm_tls_client "ecc" "-pk -aes" "3"
run_tpm_tls_client "ecc" "-pk" "4"
run_tpm_tls_client "ecc" "-pk -aes" "4"

run_tpm_tls_server "ecc" "-pk" "3"
run_tpm_tls_server "ecc" "-pk -aes" "3"
run_tpm_tls_server "ecc" "-pk" "4"
run_tpm_tls_server "ecc" "-pk -aes" "4"
if [ $NO_PUBASPRIV -eq 0 ]; then
run_tpm_tls_server "ecc" "-pk" "3"
run_tpm_tls_server "ecc" "-pk -aes" "3"
run_tpm_tls_server "ecc" "-pk" "4"
run_tpm_tls_server "ecc" "-pk -aes" "4"
fi
fi
fi

Expand Down
16 changes: 11 additions & 5 deletions src/tpm2_wrap.c
Original file line number Diff line number Diff line change
Expand Up @@ -2818,6 +2818,8 @@ int wolfTPM2_DecodeRsaDer(const byte* der, word32 derSz,
rc = wc_InitRsaKey(key, NULL);
if (rc == 0) {
idx = 0;
/* skip PKCS8 header */
(void)wc_GetPkcs8TraditionalOffset((byte*)der, &idx, derSz);
rc = wc_RsaPrivateKeyDecode(der, &idx, key, derSz);
if (rc == 0) {
isPrivateKey = 1;
Expand Down Expand Up @@ -3033,7 +3035,7 @@ int wolfTPM2_ExportPublicKeyBuffer(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
/* load public portion of key into wolf RSA Key */
rc = wolfTPM2_RsaKey_TpmToWolf(dev, tpmKey, &key.rsa);
if (rc == 0) {
rc = wc_RsaKeyToPublicDer_ex(&key.rsa, out, *outSz, 1);
rc = wc_RsaKeyToPublicDer(&key.rsa, out, *outSz);
if (rc > 0) {
derSz = rc;
rc = 0;
Expand Down Expand Up @@ -6836,15 +6838,19 @@ static int CSR_Parse_DN(CertName* name, const char* subject)
{"/CN=", OFFSETOF(CertName, commonName)}, /* Common Name */
{"/C=", OFFSETOF(CertName, country)}, /* Country */
{"/ST=", OFFSETOF(CertName, state)}, /* State */
{"/street=", OFFSETOF(CertName, street)}, /* Street */
{"/L=", OFFSETOF(CertName, locality)}, /* Locality */
{"/SN=", OFFSETOF(CertName, sur)}, /* Surname */
{"/O=", OFFSETOF(CertName, org)}, /* Organization */
{"/OU=", OFFSETOF(CertName, unit)}, /* Organization Unit */
{"/postalCode=", OFFSETOF(CertName, postalCode)}, /* PostalCode */
{"/userid=", OFFSETOF(CertName, userId)}, /* UserID */
{"/serialNumber=", OFFSETOF(CertName, serialDev)}, /* Serial Number */
{"/emailAddress=", OFFSETOF(CertName, email)}, /* Email Address */
#if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX > 0x05000000
{"/street=", OFFSETOF(CertName, street)}, /* Street */
{"/postalCode=", OFFSETOF(CertName, postalCode)}, /* PostalCode */
#endif
#if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX > 0x05003000
{"/userid=", OFFSETOF(CertName, userId)}, /* UserID */
#endif
#ifdef WOLFSSL_CERT_EXT
{"/businessCategory=", OFFSETOF(CertName, busCat)}, /* Business Category */
#endif
Expand Down Expand Up @@ -6916,7 +6922,7 @@ static int CSR_MakeAndSign(WOLFTPM2_DEV* dev, WOLFTPM2_CSR* csr, CSRKey* key,
}

/* Optionally convert to PEM */
if (rc >= 0 && outFormat == CTC_FILETYPE_PEM) {
if (rc >= 0 && outFormat == ENCODING_TYPE_PEM) {
#ifdef WOLFSSL_DER_TO_PEM
byte tmp[MAX_CONTEXT_SIZE];
if (rc > (int)sizeof(tmp)) {
Expand Down
27 changes: 19 additions & 8 deletions wolftpm/tpm2_types.h
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,17 @@ typedef int64_t INT64;
#define ENCODING_TYPE_PEM 1 /* CTC_FILETYPE_PEM */
#define ENCODING_TYPE_ASN1 2 /* CTC_FILETYPE_ASN1 */

#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
#define wc_ecc_key_get_priv(key) (&((key)->k))
#define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
#endif

#ifndef PRIVATE_KEY_LOCK
#define PRIVATE_KEY_LOCK() do {} while (0)
#endif
#ifndef PRIVATE_KEY_UNLOCK
#define PRIVATE_KEY_UNLOCK() do {} while (0)
#endif
#else

#include <stdio.h>
Expand Down Expand Up @@ -172,14 +183,6 @@ typedef int64_t INT64;
#define LITTLE_ENDIAN_ORDER
#endif

#ifndef OFFSETOF
#if defined(__clang__) || (defined(__GNUC__) && (__GNUC__ >= 4))
#define OFFSETOF(type, field) __builtin_offsetof(type, field)
#else
#define OFFSETOF(type, field) ((size_t)&(((type *)0)->field))
#endif
#endif

/* GCC Version */
#ifndef __GNUC_PREREQ
#if defined(__GNUC__) && defined(__GNUC_MINOR__)
Expand Down Expand Up @@ -223,6 +226,14 @@ typedef int64_t INT64;

#endif /* !WOLFTPM2_NO_WOLFCRYPT */

#ifndef OFFSETOF
#if defined(__clang__) || (defined(__GNUC__) && (__GNUC__ >= 4))
#define OFFSETOF(type, field) __builtin_offsetof(type, field)
#else
#define OFFSETOF(type, field) ((size_t)&(((type *)0)->field))
#endif
#endif

#ifndef WOLFTPM_CUSTOM_TYPES
#include <stdlib.h>

Expand Down

0 comments on commit cb645d3

Please sign in to comment.