Fixes for build error without wolfCrpyt (--disable-wolfcrypt). Fixes to better propagate errors when features are not compiled in. Add wolf error code descriptions when wolfCrypt is disabled.

Author: dgarske

examples/keygen/keygen.c

@@ -29,6 +29,7 @@
 #include <examples/tpm_test_keys.h>
 
 #include <stdio.h>
+#include <stdlib.h> /* atoi */
 
 #ifndef WOLFTPM2_NO_WRAPPER
 

src/tpm2.c

@@ -226,6 +226,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
         #else
             (void)handleValue;
             (void)handlePos;
+            return NOT_COMPILED_IN;
         #endif
         }
 
@@ -328,6 +329,9 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
                     return TPM_RC_HMAC;
                 }
             }
+        #else
+            (void)cmdCode;
+            return NOT_COMPILED_IN;
         #endif
 
             /* Handle session request for decryption */
@@ -339,12 +343,12 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
             #ifdef DEBUG_WOLFTPM
                     printf("Response parameter decryption failed\n");
             #endif
-                    return TPM_RC_FAILURE;
+                    return rc;
                 }
             }
         }
     }
-    (void)cmdCode;
+
     return rc;
 }
 
@@ -5345,6 +5349,16 @@ const char* TPM2_GetRCString(int rc)
         #else
             return wc_GetErrorString(rc);
         #endif
+    #else
+        switch (rc) {
+            TPM_RC_STR(BAD_FUNC_ARG, "Bad function argument provided");
+            TPM_RC_STR(BUFFER_E, "Output buffer too small or input too large");
+            TPM_RC_STR(NOT_COMPILED_IN, "Feature not compiled in");
+            TPM_RC_STR(BAD_MUTEX_E, "Bad mutex operation");
+            TPM_RC_STR(WC_TIMEOUT_E, "Timeout error");
+            default:
+                break;
+        }
     #endif
     }
     else if (rc == 0) {
@@ -5729,7 +5743,7 @@ int TPM2_HashNvPublic(TPMS_NV_PUBLIC* nvPublic, byte* buffer, UINT16* size)
     (void)nvPublic;
     (void)buffer;
     (void)size;
-    return TPM_RC_SUCCESS;
+    return NOT_COMPILED_IN;
 #endif
 }
 

src/tpm2_param_enc.c

@@ -267,7 +267,7 @@ static int TPM2_ParamDec_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
     return rc;
 }
 
-#ifdef WOLFSSL_AES_CFB
+#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(WOLFSSL_AES_CFB)
 /* Perform AES CFB encryption over the first parameter of a TPM packet */
 static int TPM2_ParamEnc_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
     TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
@@ -551,13 +551,15 @@ TPM_RC TPM2_ParamEnc_CmdRequest(TPM2_AUTH_SESSION *session,
         rc = TPM2_ParamEnc_XOR(session, &session->auth, &session->nonceCaller,
             &session->nonceTPM, paramData, paramSz);
     }
-#ifdef WOLFSSL_AES_CFB
     else if (session->symmetric.algorithm == TPM_ALG_AES &&
              session->symmetric.mode.aes == TPM_ALG_CFB) {
+    #if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(WOLFSSL_AES_CFB)
         rc = TPM2_ParamEnc_AESCFB(session, &session->auth, &session->nonceCaller,
             &session->nonceTPM, paramData, paramSz);
+    #else
+        rc = NOT_COMPILED_IN;
+    #endif
     }
-#endif
 
     return rc;
 }
@@ -580,13 +582,15 @@ TPM_RC TPM2_ParamDec_CmdResponse(TPM2_AUTH_SESSION *session,
         rc = TPM2_ParamDec_XOR(session, &session->auth, &session->nonceCaller,
             &session->nonceTPM, paramData, paramSz);
     }
-#ifdef WOLFSSL_AES_CFB
     else if (session->symmetric.algorithm == TPM_ALG_AES &&
              session->symmetric.mode.aes == TPM_ALG_CFB) {
+    #if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(WOLFSSL_AES_CFB) 
         rc = TPM2_ParamDec_AESCFB(session, &session->auth, &session->nonceCaller,
             &session->nonceTPM, paramData, paramSz);
+    #else
+        rc = NOT_COMPILED_IN;
+    #endif
     }
-#endif
 
     return rc;
 }

src/tpm2_wrap.c

@@ -534,8 +534,7 @@ int wolfTPM2_Cleanup(WOLFTPM2_DEV* dev)
 #endif
 }
 
-#ifndef WOLFTPM2_NO_WOLFCRYPT
-#ifndef NO_RSA
+#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_RSA)
 /* returns both the plaintext and encrypted salt, based on the salt key bPublic. */
 int wolfTPM2_RSA_Salt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
     TPM2B_DIGEST *salt, TPM2B_ENCRYPTED_SECRET *encSalt, TPMT_PUBLIC *publicArea)
@@ -601,7 +600,7 @@ int wolfTPM2_RSA_Salt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
 
     return 0;
 }
-#endif /* !NO_RSA */
+#endif /* !WOLFTPM2_NO_WOLFCRYPT && !NO_RSA */
 
 int wolfTPM2_EncryptSalt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
     StartAuthSession_In* in, TPM2B_AUTH* bindAuth, TPM2B_DIGEST* salt)
@@ -613,6 +612,7 @@ int wolfTPM2_EncryptSalt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
         return TPM_RC_SUCCESS;
     }
 
+#ifndef WOLFTPM2_NO_WOLFCRYPT
     /* generate a salt */
     salt->size = TPM2_GetHashDigestSize(in->authHash);
     if (salt->size <= 0) {
@@ -645,12 +645,17 @@ int wolfTPM2_EncryptSalt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
             rc = NOT_COMPILED_IN;
             break;
     }
+#else
+    (void)dev;
+    (void)in;
+    (void)salt;
+    rc = NOT_COMPILED_IN;
+#endif /* !WOLFTPM2_NO_WOLFCRYPT */
 
     (void)bindAuth; /* TODO: Add bind support */
 
     return rc;
 }
-#endif /* !WOLFTPM2_NO_WOLFCRYPT */
 
 int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session,
     WOLFTPM2_KEY* tpmKey, WOLFTPM2_HANDLE* bind, TPM_SE sesType,
@@ -693,15 +698,12 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session,
     }
 
     authSesIn.sessionType = sesType;
-#ifdef WOLFSSL_AES_CFB
     if (encDecAlg == TPM_ALG_CFB) {
         authSesIn.symmetric.algorithm = TPM_ALG_AES;
         authSesIn.symmetric.keyBits.aes = 128;
         authSesIn.symmetric.mode.aes = TPM_ALG_CFB;
     }
-    else
-#endif
-    if (encDecAlg == TPM_ALG_XOR) {
+    else if (encDecAlg == TPM_ALG_XOR) {
         authSesIn.symmetric.algorithm = TPM_ALG_XOR;
         authSesIn.symmetric.keyBits.xorr = TPM_ALG_SHA256;
         authSesIn.symmetric.mode.sym = TPM_ALG_NULL;
@@ -719,16 +721,15 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session,
         return rc;
     }
 
-#ifndef WOLFTPM2_NO_WOLFCRYPT
     /* Generate and Encrypt salt using "SECRET" */
     rc = wolfTPM2_EncryptSalt(dev, tpmKey, &authSesIn, bindAuth, &session->salt);
     if (rc != 0) {
     #ifdef DEBUG_WOLFTPM
         printf("Building encrypted salt failed %d: %s!\n", rc,
             wolfTPM2_GetRCString(rc));
     #endif
+        return rc;
     }
-#endif
 
     rc = TPM2_StartAuthSession(&authSesIn, &authSesOut);
     if (rc != TPM_RC_SUCCESS) {