Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for building wolfTPM against older wolfCrypt (like v4.7.0) #390

Merged
merged 3 commits into from
Dec 17, 2024
Merged

Support for building wolfTPM against older wolfCrypt (like v4.7.0) #390

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7c48b76
Support for building wolfTPM against older wolfCrypt (like v4.7.0).
dgarske Dec 13, 2024
e4ea095
Fix CI for old wolfSSL.
dgarske Dec 13, 2024
88f57f3
Fix CI
dgarske Dec 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions .github/workflows/make-test-swtpm.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,29 @@ jobs:
make check
WOLFSSL_PATH=./wolfssl NO_FILESYSTEM=1 ./examples/run_examples.sh

# test with older wolfCrypt (v4.7.0)
- uses: actions/checkout@master
with:
repository: wolfssl/wolfssl
path: wolfssl-old
ref: v4.7.0-stable
- name: wolfssl old
working-directory: ./wolfssl
run: |
./configure --enable-wolftpm CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_TEST_CERT -DWOLFSSL_KEY_GEN"
make
sudo make install
- name: wolftpm with old wolfssl
# Old wolfSSL before PR #5075 does not support using a public key in place of private key with
# crypto callbacks enabled.
# To use PKCS7 or TLS Server a dummy private key must be used for older wolfSSL versions.
# Use newer wolfSSL TLS client/server to resolve test certificate expirations
run: |
./configure --enable-swtpm
make
make check
WOLFSSL_PATH=./wolfssl NO_PUBASPRIV=1 ./examples/run_examples.sh

# capture logs on failure
- name: Upload failure logs
if: failure()
Expand Down
4 changes: 2 additions & 2 deletions examples/csr/csr.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ static int TPM2_CSR_Generate(WOLFTPM2_DEV* dev, int keyType, WOLFTPM2_KEY* key,
#ifdef WOLFTPM2_NO_HEAP
/* single shot API for CSR generation */
rc = wolfTPM2_CSR_Generate_ex(dev, key, subject, keyUsage,
CTC_FILETYPE_PEM, output, outputSz, sigType, makeSelfSignedCert,
ENCODING_TYPE_PEM, output, outputSz, sigType, makeSelfSignedCert,
devId);
#else
rc = wolfTPM2_CSR_SetSubject(dev, csr, subject);
Expand All @@ -104,7 +104,7 @@ static int TPM2_CSR_Generate(WOLFTPM2_DEV* dev, int keyType, WOLFTPM2_KEY* key,
}
}
if (rc == 0) {
rc = wolfTPM2_CSR_MakeAndSign_ex(dev, csr, key, CTC_FILETYPE_PEM,
rc = wolfTPM2_CSR_MakeAndSign_ex(dev, csr, key, ENCODING_TYPE_PEM,
output, outputSz, sigType, makeSelfSignedCert, devId);
}
#endif
Expand Down
9 changes: 9 additions & 0 deletions examples/endorsement/get_ek_certs.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,8 +278,13 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
if (rc == 0) {
/* Attempt to parse certificate */
printf("Parsing certificate (%d bytes)\n", certSz);
#ifdef WOLFSSL_TEST_CERT
InitDecodedCert(&cert, certBuf, certSz, NULL);
rc = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
#else
wc_InitDecodedCert(&cert, certBuf, certSz, NULL);
rc = wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
#endif
if (rc == 0) {
printf("\tSuccessfully parsed\n");

Expand Down Expand Up @@ -338,7 +343,11 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
printf("Error parsing certificate! %s (%d)\n",
TPM2_GetRCString(rc), rc);
}
#ifdef WOLFSSL_TEST_CERT
FreeDecodedCert(&cert);
#else
wc_FreeDecodedCert(&cert);
#endif

#ifndef WOLFCRYPT_ONLY
if (rc == 0) {
Expand Down
8 changes: 6 additions & 2 deletions examples/pkcs7/pkcs7.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,16 @@

/* The PKCS7 EX functions were added after v3.15.3 */
#include <wolfssl/version.h>
#if defined(LIBWOLFSSL_VERSION_HEX) && \
LIBWOLFSSL_VERSION_HEX > 0x03015003
#if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX > 0x03015003
#undef ENABLE_PKCS7EX_EXAMPLE
#define ENABLE_PKCS7EX_EXAMPLE
#endif

#if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX < 0x05007004
/* PKCS7 renamed to wc_PKCS7 */
#define wc_PKCS7 PKCS7
#endif

#ifndef MAX_PKCS7_SIZE
#define MAX_PKCS7_SIZE MAX_CONTEXT_SIZE
#endif
Expand Down
46 changes: 28 additions & 18 deletions examples/run_examples.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ fi
if [ -z "$NO_FILESYSTEM" ]; then
NO_FILESYSTEM=0
fi
if [ -z "$NO_PUBASPRIV" ]; then
NO_PUBASPRIV=0
fi
if [ -z "$WOLFCRYPT_DEFAULT" ]; then
WOLFCRYPT_DEFAULT=0
fi
Expand Down Expand Up @@ -337,7 +340,7 @@ fi

# PKCS7 Tests
echo -e "PKCS7 tests"
if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ] && [ $NO_FILESYSTEM -eq 0 ]; then
if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ] && [ $NO_FILESYSTEM -eq 0 ] && [ $NO_PUBASPRIV -eq 0 ]; then
./examples/pkcs7/pkcs7 >> run.out 2>&1
RESULT=$?
[ $RESULT -ne 0 ] && echo -e "pkcs7 failed! $RESULT" && exit 1
Expand Down Expand Up @@ -400,22 +403,25 @@ if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ] && [ $NO_FILESYST
run_tpm_tls_client "rsa" "" "4"
run_tpm_tls_client "rsa" "-aes" "4"

run_tpm_tls_server "rsa" "" "3"
run_tpm_tls_server "rsa" "-aes" "3"
run_tpm_tls_server "rsa" "" "4"
run_tpm_tls_server "rsa" "-aes" "4"
if [ $NO_PUBASPRIV -eq 0 ]; then
run_tpm_tls_server "rsa" "" "3"
run_tpm_tls_server "rsa" "-aes" "3"
run_tpm_tls_server "rsa" "" "4"
run_tpm_tls_server "rsa" "-aes" "4"
fi

# TLS client/server ECC TLS v1.2 and v1.3 PK callbacks
run_tpm_tls_client "rsa" "-pk" "3"
run_tpm_tls_client "rsa" "-pk -aes" "3"
run_tpm_tls_client "rsa" "-pk" "4"
run_tpm_tls_client "rsa" "-pk -aes" "4"

run_tpm_tls_server "rsa" "-pk " "3"
run_tpm_tls_server "rsa" "-pk -aes" "3"
run_tpm_tls_server "rsa" "-pk " "4"
run_tpm_tls_server "rsa" "-pk -aes" "4"

if [ $NO_PUBASPRIV -eq 0 ]; then
run_tpm_tls_server "rsa" "-pk " "3"
run_tpm_tls_server "rsa" "-pk -aes" "3"
run_tpm_tls_server "rsa" "-pk " "4"
run_tpm_tls_server "rsa" "-pk -aes" "4"
fi
fi
if [ $WOLFCRYPT_ECC -eq 1 ]; then
# TLS client/server ECC TLS v1.2 and v1.3 Crypto callbacks
Expand All @@ -424,21 +430,25 @@ if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $WOLFCRYPT_DEFAULT -eq 0 ] && [ $NO_FILESYST
run_tpm_tls_client "ecc" "" "4"
run_tpm_tls_client "ecc" "-aes" "4"

run_tpm_tls_server "ecc" "" "3"
run_tpm_tls_server "ecc" "-aes" "3"
run_tpm_tls_server "ecc" "" "4"
run_tpm_tls_server "ecc" "-aes" "4"
if [ $NO_PUBASPRIV -eq 0 ]; then
run_tpm_tls_server "ecc" "" "3"
run_tpm_tls_server "ecc" "-aes" "3"
run_tpm_tls_server "ecc" "" "4"
run_tpm_tls_server "ecc" "-aes" "4"
fi

# TLS client/server ECC TLS v1.2 and v1.3 PK callbacks
run_tpm_tls_client "ecc" "-pk" "3"
run_tpm_tls_client "ecc" "-pk -aes" "3"
run_tpm_tls_client "ecc" "-pk" "4"
run_tpm_tls_client "ecc" "-pk -aes" "4"

run_tpm_tls_server "ecc" "-pk" "3"
run_tpm_tls_server "ecc" "-pk -aes" "3"
run_tpm_tls_server "ecc" "-pk" "4"
run_tpm_tls_server "ecc" "-pk -aes" "4"
if [ $NO_PUBASPRIV -eq 0 ]; then
run_tpm_tls_server "ecc" "-pk" "3"
run_tpm_tls_server "ecc" "-pk -aes" "3"
run_tpm_tls_server "ecc" "-pk" "4"
run_tpm_tls_server "ecc" "-pk -aes" "4"
fi
fi
fi

Expand Down
16 changes: 11 additions & 5 deletions src/tpm2_wrap.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2818,6 +2818,8 @@ int wolfTPM2_DecodeRsaDer(const byte* der, word32 derSz,
rc = wc_InitRsaKey(key, NULL);
if (rc == 0) {
idx = 0;
/* skip PKCS8 header */
(void)wc_GetPkcs8TraditionalOffset((byte*)der, &idx, derSz);
rc = wc_RsaPrivateKeyDecode(der, &idx, key, derSz);
if (rc == 0) {
isPrivateKey = 1;
Expand Down Expand Up @@ -3033,7 +3035,7 @@ int wolfTPM2_ExportPublicKeyBuffer(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
/* load public portion of key into wolf RSA Key */
rc = wolfTPM2_RsaKey_TpmToWolf(dev, tpmKey, &key.rsa);
if (rc == 0) {
rc = wc_RsaKeyToPublicDer_ex(&key.rsa, out, *outSz, 1);
rc = wc_RsaKeyToPublicDer(&key.rsa, out, *outSz);
if (rc > 0) {
derSz = rc;
rc = 0;
Expand Down Expand Up @@ -6836,15 +6838,19 @@ static int CSR_Parse_DN(CertName* name, const char* subject)
{"/CN=", OFFSETOF(CertName, commonName)}, /* Common Name */
{"/C=", OFFSETOF(CertName, country)}, /* Country */
{"/ST=", OFFSETOF(CertName, state)}, /* State */
{"/street=", OFFSETOF(CertName, street)}, /* Street */
{"/L=", OFFSETOF(CertName, locality)}, /* Locality */
{"/SN=", OFFSETOF(CertName, sur)}, /* Surname */
{"/O=", OFFSETOF(CertName, org)}, /* Organization */
{"/OU=", OFFSETOF(CertName, unit)}, /* Organization Unit */
{"/postalCode=", OFFSETOF(CertName, postalCode)}, /* PostalCode */
{"/userid=", OFFSETOF(CertName, userId)}, /* UserID */
{"/serialNumber=", OFFSETOF(CertName, serialDev)}, /* Serial Number */
{"/emailAddress=", OFFSETOF(CertName, email)}, /* Email Address */
#if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX > 0x05000000
{"/street=", OFFSETOF(CertName, street)}, /* Street */
{"/postalCode=", OFFSETOF(CertName, postalCode)}, /* PostalCode */
#endif
#if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX > 0x05003000
{"/userid=", OFFSETOF(CertName, userId)}, /* UserID */
#endif
#ifdef WOLFSSL_CERT_EXT
{"/businessCategory=", OFFSETOF(CertName, busCat)}, /* Business Category */
#endif
Expand Down Expand Up @@ -6916,7 +6922,7 @@ static int CSR_MakeAndSign(WOLFTPM2_DEV* dev, WOLFTPM2_CSR* csr, CSRKey* key,
}

/* Optionally convert to PEM */
if (rc >= 0 && outFormat == CTC_FILETYPE_PEM) {
if (rc >= 0 && outFormat == ENCODING_TYPE_PEM) {
#ifdef WOLFSSL_DER_TO_PEM
byte tmp[MAX_CONTEXT_SIZE];
if (rc > (int)sizeof(tmp)) {
Expand Down
27 changes: 19 additions & 8 deletions wolftpm/tpm2_types.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,17 @@ typedef int64_t INT64;
#define ENCODING_TYPE_PEM 1 /* CTC_FILETYPE_PEM */
#define ENCODING_TYPE_ASN1 2 /* CTC_FILETYPE_ASN1 */

#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
#define wc_ecc_key_get_priv(key) (&((key)->k))
#define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
#endif

#ifndef PRIVATE_KEY_LOCK
#define PRIVATE_KEY_LOCK() do {} while (0)
#endif
#ifndef PRIVATE_KEY_UNLOCK
#define PRIVATE_KEY_UNLOCK() do {} while (0)
#endif
#else

#include <stdio.h>
Expand Down Expand Up @@ -172,14 +183,6 @@ typedef int64_t INT64;
#define LITTLE_ENDIAN_ORDER
#endif

#ifndef OFFSETOF
#if defined(__clang__) || (defined(__GNUC__) && (__GNUC__ >= 4))
#define OFFSETOF(type, field) __builtin_offsetof(type, field)
#else
#define OFFSETOF(type, field) ((size_t)&(((type *)0)->field))
#endif
#endif

/* GCC Version */
#ifndef __GNUC_PREREQ
#if defined(__GNUC__) && defined(__GNUC_MINOR__)
Expand Down Expand Up @@ -223,6 +226,14 @@ typedef int64_t INT64;

#endif /* !WOLFTPM2_NO_WOLFCRYPT */

#ifndef OFFSETOF
#if defined(__clang__) || (defined(__GNUC__) && (__GNUC__ >= 4))
#define OFFSETOF(type, field) __builtin_offsetof(type, field)
#else
#define OFFSETOF(type, field) ((size_t)&(((type *)0)->field))
#endif
#endif

#ifndef WOLFTPM_CUSTOM_TYPES
#include <stdlib.h>

Expand Down
Loading