Fixes for building with NO_ASN.

wolfSSL · Aug 16, 2024 · 8ec2049 · 8ec2049
1 parent d4b6a34
commit 8ec2049
Show file tree

Hide file tree

Showing 11 changed files with 109 additions and 63 deletions.
diff --git a/examples/boot/secret_seal.c b/examples/boot/secret_seal.c
@@ -64,7 +64,7 @@ static void usage(void)
 }
 
 /* Load Key Public Info */
-#if !defined(NO_FILESYSTEM)
+#if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
 static int LoadAuthKeyInfo(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* authKey,
     TPM_ALG_ID alg, const char* file)
 {
@@ -99,7 +99,7 @@ static int LoadAuthKeyInfo(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* authKey,
     }
     return rc;
 }
-#endif /* !NO_FILESYSTEM */
+#endif /* !NO_FILESYSTEM && !NO_ASN */
 
 int TPM2_Boot_SecretSeal_Example(void* userCtx, int argc, char *argv[])
 {
@@ -232,7 +232,7 @@ int TPM2_Boot_SecretSeal_Example(void* userCtx, int argc, char *argv[])
         else if (alg == TPM_ALG_ECC)
             publicKeyFile = "./certs/example-ecc256-key-pub.der";
     }
-#if !defined(NO_FILESYSTEM)
+#if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
     /* Policy Authorization */
     if (policyFile) {
         policyDigestSz = (word32)sizeof(policyDigest);

diff --git a/examples/boot/secret_unseal.c b/examples/boot/secret_unseal.c
@@ -62,7 +62,7 @@ static void usage(void)
 }
 
 /* Load Key Public Info */
-#if !defined(NO_FILESYSTEM)
+#if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
 static int LoadAuthKeyInfo(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* authKey,
     TPM_ALG_ID alg, const char* file)
 {
@@ -103,7 +103,7 @@ static int LoadAuthKeyInfo(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* authKey,
     }
     return rc;
 }
-#endif /* !NO_FILESYSTEM */
+#endif /* !NO_FILESYSTEM && !NO_ASN */
 
 int TPM2_Boot_SecretUnseal_Example(void* userCtx, int argc, char *argv[])
 {
@@ -251,7 +251,7 @@ int TPM2_Boot_SecretUnseal_Example(void* userCtx, int argc, char *argv[])
     printHexString(policyDigest, policyDigestSz, policyDigestSz);
 
     /* Load external public key and signature */
-#if !defined(NO_FILESYSTEM)
+#if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
     /* Policy Authorization Signature */
     if (pcrSigFile) {
         sigSz = (word32)sizeof(sig);

diff --git a/examples/endorsement/get_ek_certs.c b/examples/endorsement/get_ek_certs.c
@@ -107,7 +107,7 @@ static void show_ek_public(const TPM2B_PUBLIC* pub)
     }
 }
 
-#ifndef WOLFTPM2_NO_WOLFCRYPT
+#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_ASN)
 static int compare_ek_public(const TPM2B_PUBLIC* ekpub,
     const TPM2B_PUBLIC* certpub)
 {
@@ -154,7 +154,7 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
     uint32_t certSz;
     TPMT_PUBLIC publicTemplate;
     word32 nvIndex;
-#ifndef WOLFTPM2_NO_WOLFCRYPT
+#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_ASN)
     #ifndef WOLFCRYPT_ONLY
     int i;
     WOLFSSL_CERT_MANAGER* cm = NULL;
@@ -196,7 +196,8 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
     rc = 0;
     printf("Found %d TCG handles\n", handles.count);
 
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(WOLFCRYPT_ONLY)
+#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(WOLFCRYPT_ONLY) && \
+    !defined(NO_ASN)
     /* load trusted certificates to cert manager */
     certSz = 0;
     cm = wolfSSL_CertManagerNew();
@@ -273,7 +274,7 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
             show_ek_public(&endorse.pub);
         }
 
-    #ifndef WOLFTPM2_NO_WOLFCRYPT
+    #if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_ASN)
         if (rc == 0) {
             /* Attempt to parse certificate */
             printf("Parsing certificate (%d bytes)\n", certSz);
@@ -377,15 +378,15 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
             }
         #endif /* WOLFSSL_DER_TO_PEM */
         }
-    #endif /* !WOLFTPM2_NO_WOLFCRYPT */
+    #endif /* !WOLFTPM2_NO_WOLFCRYPT && !NO_ASN */
 
         wolfTPM2_UnloadHandle(&dev, &endorse.handle);
         XMEMSET(&endorse, 0, sizeof(endorse));
     }
 
 exit:
 
-#ifndef WOLFTPM2_NO_WOLFCRYPT
+#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_ASN)
     #ifdef WOLFSSL_DER_TO_PEM
     XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     #endif

diff --git a/examples/keygen/external_import.c b/examples/keygen/external_import.c
@@ -172,13 +172,17 @@ int TPM2_ExternalImport_Example(void* userCtx, int argc, char *argv[])
     printf("Import Seed %d\n", seedValue.size);
     TPM2_PrintBin(seedValue.buffer, seedValue.size);
 
+#ifndef NO_ASN
     rc = wolfTPM2_ImportPrivateKeyBuffer(&dev, &storage, TPM_ALG_RSA, key2,
         ENCODING_TYPE_PEM, extRSAPrivatePem, (word32)strlen(extRSAPrivatePem),
         NULL, attributes, seedValue.buffer, seedValue.size);
     if (rc != 0) {
         printf("wolfTPM2_ImportPrivateKeyBuffer failed import\n");
         goto exit;
     }
+#else
+    (void)attributes;
+#endif
 
     rc = wolfTPM2_LoadKey(&dev, key2, &primary->handle);
     if (rc != 0) {

diff --git a/examples/keygen/keygen.c b/examples/keygen/keygen.c
@@ -142,7 +142,7 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
     const char *pubFilename = NULL;
 #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
     const char *nameFile = "ak.name"; /* Name Digest for attestation purposes */
-    #if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_RSA)
+    #if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_RSA) && !defined(NO_ASN)
     const char *pemFilename = NULL;
     #endif
 #endif
@@ -404,7 +404,7 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
 
     /* Save EK public key as PEM format file to the disk */
 #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) && \
-    !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_RSA)
+    !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_RSA) && !defined(NO_ASN)
     if (pemFiles) {
         byte pem[MAX_RSA_KEY_BYTES];
         word32 pemSz;

diff --git a/examples/keygen/keyimport.c b/examples/keygen/keyimport.c
@@ -191,7 +191,7 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
              TPMA_OBJECT_userWithAuth |
              TPMA_OBJECT_noDA);
 
-#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
+#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) && !defined(NO_ASN)
     if (impFile != NULL) {
         printf("Loading %s%s key file: %s\n",
             encType == ENCODING_TYPE_PEM ? "PEM" : "DER",

diff --git a/examples/pcr/policy_sign.c b/examples/pcr/policy_sign.c
@@ -133,7 +133,7 @@ static int PolicySign(TPM_ALG_ID alg, const char* keyFile, const char* password,
         }
     }
     if (rc == 0 && alg == TPM_ALG_RSA) {
-    #ifndef NO_RSA
+    #if !defined(NO_RSA) && !defined(NO_ASN)
         rc = wc_InitRsaKey(&key.rsa, NULL);
         if (rc == 0) {
             byte encHash[WC_MAX_DIGEST_SIZE + WC_MAX_ENCODED_DIG_ASN_SZ];
@@ -173,7 +173,7 @@ static int PolicySign(TPM_ALG_ID alg, const char* keyFile, const char* password,
     #endif
     }
     else if (rc == 0 && alg == TPM_ALG_ECC) {
-    #if defined(HAVE_ECC) && defined(WOLFSSL_PUBLIC_MP)
+    #if defined(HAVE_ECC) && defined(WOLFSSL_PUBLIC_MP) && !defined(NO_ASN)
         rc = wc_ecc_init(&key.ecc);
         if (rc == 0) {
             word32 idx = 0;
@@ -203,6 +203,7 @@ static int PolicySign(TPM_ALG_ID alg, const char* keyFile, const char* password,
             wc_ecc_free(&key.ecc);
         }
     #else
+        (void)hashAlg;
         rc = NOT_COMPILED_IN;
     #endif
     }
@@ -212,6 +213,12 @@ static int PolicySign(TPM_ALG_ID alg, const char* keyFile, const char* password,
     XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     wc_FreeRng(&rng);
 
+    (void)hash;
+    (void)hashSz;
+    (void)sig;
+    (void)sigSz;
+    (void)authPubKey;
+
     if (rc != 0) {
         printf("Policy Sign with external key failed %d\n", rc);
     }

diff --git a/examples/pkcs7/pkcs7.c b/examples/pkcs7/pkcs7.c
@@ -342,7 +342,7 @@ int TPM2_PKCS7_ExampleArgs(void* userCtx, int argc, char *argv[])
     TpmCryptoDevCtx tpmCtx;
     int tpmDevId;
     byte derCert[MAX_PKCS7_SIZE];
-    word32 derCertSz;
+    word32 derCertSz = 0;
     byte derPubKey[MAX_PKCS7_SIZE];
     word32 derPubKeySz;
 #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
@@ -491,6 +491,11 @@ int TPM2_PKCS7_ExampleArgs(void* userCtx, int argc, char *argv[])
         XFCLOSE(derFile);
         if (rc != 0) goto exit;
     }
+    else {
+        printf("Failed to open %s\n", inCert);
+        rc = BAD_FUNC_ARG;
+        goto exit;
+    }
 #else
     rc = NOT_COMPILED_IN;
     goto exit;

diff --git a/examples/tpm_test_keys.c b/examples/tpm_test_keys.c
@@ -422,7 +422,7 @@ int getECCkey(WOLFTPM2_DEV* pDev, WOLFTPM2_KEY* pStorageKey, WOLFTPM2_KEY* key,
     if (rc != 0) {
         return rc;
     }
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC)
+#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && !defined(NO_ASN)
     if (pWolfEccKey) {
         /* setup wolf ECC key with TPM deviceID, so crypto callbacks are used */
         rc = wc_ecc_init_ex((ecc_key*)pWolfEccKey, NULL, tpmDevId);

diff --git a/examples/wrap/wrap_test.c b/examples/wrap/wrap_test.c
@@ -116,7 +116,7 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
 
 #ifndef WOLFTPM2_NO_WOLFCRYPT
     int tpmDevId = INVALID_DEVID;
-#if defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(NO_ASN))
+#if (defined(HAVE_ECC) || !defined(NO_RSA)) && !defined(NO_ASN)
     word32 idx;
 #endif
 #ifndef NO_RSA
@@ -432,9 +432,10 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
     rc = wolfTPM2_UnloadHandle(&dev, &publicKey.handle);
     if (rc != 0) goto exit;
 #else
+    (void)tpmDevId;
     rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
     if (rc != 0) goto exit;
-#endif /* !WOLFTPM2_NO_WOLFCRYPT && !NO_RSA */
+#endif /* !WOLFTPM2_NO_WOLFCRYPT && !NO_RSA && !NO_ASN */
 
     /* Load raw RSA public key into TPM */
     rc = wolfTPM2_LoadRsaPublicKey(&dev, &publicKey,
@@ -447,7 +448,7 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
     rc = wolfTPM2_UnloadHandle(&dev, &publicKey.handle);
     if (rc != 0) goto exit;
 
-#if defined(WOLFTPM2_PRIVATE_IMPORT) && !defined(NO_RSA)
+#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_RSA) && !defined(NO_ASN)
     /* Load RSA private key into TPM */
     rc = wc_InitRsaKey(&wolfRsaPrivKey, NULL);
     if (rc != 0) goto exit;
@@ -459,26 +460,38 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
     if (rc != 0) goto exit;
     rc = wolfTPM2_RsaKey_WolfToTpm_ex(&dev, &storageKey, &wolfRsaPrivKey,
         &rsaKey);
-    if (rc != 0) goto exit;
-    /* Use TPM Handle... */
     wc_FreeRsaKey(&wolfRsaPrivKey);
+    if (rc != 0 && rc != NOT_COMPILED_IN) {
+        /* NOT_COMPILED_IN here likely means that AES-CFB is not enabled for
+         * encrypting secrets */
+        goto exit;
+    }
+    printf("RSA Private Key Loaded into TPM: Handle 0x%x\n",
+        (word32)rsaKey.handle.hndl);
+
+    /* Use TPM Handle... */
+
     rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
     if (rc != 0) goto exit;
+#endif /* !WOLFTPM2_NO_WOLFCRYPT && !NO_RSA && !NO_ASN */
 
     /* Load raw RSA private key into TPM */
     rc = wolfTPM2_LoadRsaPrivateKey(&dev, &storageKey, &rsaKey,
         kRsaKeyPubModulus, (word32)sizeof(kRsaKeyPubModulus),
         kRsaKeyPubExponent,
         kRsaKeyPrivQ,      (word32)sizeof(kRsaKeyPrivQ));
-    if (rc != 0) {
+    if (rc != 0 && rc != NOT_COMPILED_IN) {
+        /* NOT_COMPILED_IN here likely means that AES-CFB is not enabled for
+         * encrypting secrets */
         goto exit;
     }
-    /* Use TPM Handle... */
-    printf("RSA Private Key Loaded into TPM: Handle 0x%x\n",
+    printf("RSA Private Key RAW Loaded into TPM: Handle 0x%x\n",
         (word32)rsaKey.handle.hndl);
+
+    /* Use TPM Handle... */
+
     rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
     if (rc != 0) goto exit;
-#endif /* WOLFTPM2_PRIVATE_IMPORT && !NO_RSA */
 
     /* Close TPM session based on RSA storage key */
     wolfTPM2_UnloadHandle(&dev, &tpmSession.handle);
@@ -622,7 +635,7 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
     /*------------------------------------------------------------------------*/
     /* ECC KEY LOADING TESTS */
     /*------------------------------------------------------------------------*/
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC)
+#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && !defined(NO_ASN)
     /* Extract an ECC public key from TPM */
     /* Setup wolf ECC key with TPM deviceID, so crypto callbacks
        can be used for private operations */
@@ -638,7 +651,6 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
     rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
     if (rc != 0) goto exit;
 
-
     /* Load ECC DER public key into TPM */
     rc = wc_ecc_init(&wolfEccPubKey);
     if (rc != 0) goto exit;
@@ -653,9 +665,10 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
     rc = wolfTPM2_UnloadHandle(&dev, &publicKey.handle);
     if (rc != 0) goto exit;
 #else
+    (void)tpmDevId;
     rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
     if (rc != 0) goto exit;
-#endif /* !WOLFTPM2_NO_WOLFCRYPT && HAVE_ECC */
+#endif /* !WOLFTPM2_NO_WOLFCRYPT && HAVE_ECC && !NO_ASN */
 
     /* Load raw ECC public key into TPM */
     rc = wolfTPM2_LoadEccPublicKey(&dev, &publicKey, TPM_ECC_NIST_P256,
@@ -668,7 +681,7 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
     rc = wolfTPM2_UnloadHandle(&dev, &publicKey.handle);
     if (rc != 0) goto exit;
 
-#if defined(WOLFTPM2_PRIVATE_IMPORT) && defined(HAVE_ECC)
+#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && !defined(NO_ASN)
     /* Load ECC DER Private Key into TPM */
     rc = wc_ecc_init(&wolfEccPrivKey);
     if (rc != 0) goto exit;
@@ -678,32 +691,40 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
     if (rc != 0) goto exit;
     rc = wolfTPM2_EccKey_WolfToTpm_ex(&dev, &storageKey, &wolfEccPrivKey,
         &eccKey);
+    wc_ecc_free(&wolfEccPrivKey);
     if (rc != 0 && rc != NOT_COMPILED_IN) {
-        /* a NOT_COMPILED_IN here likely means the WOLFSSL_PUBLIC_MP is enabled
-         * exposing the mp_ math API's needed for encrypting secrets */
+        /* NOT_COMPILED_IN here likely means the WOLFSSL_PUBLIC_MP is enabled
+         * exposing the mp_ math API's or AES CFB is not enabled.
+         * Both are needed for encrypting secrets */
         goto exit;
     }
+    printf("ECC Private Key Loaded into TPM: Handle 0x%x\n",
+        (word32)eccKey.handle.hndl);
+
     /* Use TPM Handle... */
-    wc_ecc_free(&wolfEccPrivKey);
+
     rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
     if (rc != 0) goto exit;
+#endif /* !WOLFTPM2_NO_WOLFCRYPT && HAVE_ECC && !NO_ASN */
 
     /* Load raw ECC private key into TPM */
     rc = wolfTPM2_LoadEccPrivateKey(&dev, &storageKey, &eccKey, TPM_ECC_NIST_P256,
         kEccKeyPubXRaw, (word32)sizeof(kEccKeyPubXRaw),
         kEccKeyPubYRaw, (word32)sizeof(kEccKeyPubYRaw),
         kEccKeyPrivD,   (word32)sizeof(kEccKeyPrivD));
     if (rc != 0 && rc != NOT_COMPILED_IN) {
-        /* a NOT_COMPILED_IN here likely means the WOLFSSL_PUBLIC_MP is enabled
-         * exposing the mp_ math API's needed for encrypting secrets */
+        /* NOT_COMPILED_IN here likely means the WOLFSSL_PUBLIC_MP is enabled
+         * exposing the mp_ math API's or AES CFB is not enabled.
+         * Both are needed for encrypting secrets */
         goto exit;
     }
-    /* Use TPM Handle... */
-    printf("ECC Private Key Loaded into TPM: Handle 0x%x\n",
+    printf("ECC Private Key RAW Loaded into TPM: Handle 0x%x\n",
         (word32)eccKey.handle.hndl);
+
+    /* Use TPM Handle... */
+
     rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
     if (rc != 0) goto exit;
-#endif /* WOLFTPM2_PRIVATE_IMPORT && HAVE_ECC */
 
 #if 0 /* disabled until ECC Encrypted salt is added */
     /* Close TPM session based on ECC storage key */