Minor cleanups.

Author: dgarske

.gitignore

@@ -50,6 +50,8 @@ tests/unit.test
 examples/keygen/keyload
 examples/keygen/keygen
 examples/keygen/keyimport
+examples/nvram/store
+examples/nvram/read
 
 # Generated Cert Files
 certs/ca-*.pem

examples/README.md

@@ -298,7 +298,7 @@ The `keyload` tool takes only one argument, the filename of the stored key. Beca
 
 ## Storing keys into the TPM's NVRAM
 
-These examples demonstrates how to use the TPM as a secure vault for keys. There are two programs, one to store a TPM key into the TPM's NVRAM and another to extract the key from the TPM's NVRAM. Both examples can use parameter encryption to protect from MITM attacks. The Non-volatile memory location is protected with a password authorization that is passed in encrypted form, when "-aes" is given on the commmand line.
+These examples demonstrates how to use the TPM as a secure vault for keys. There are two programs, one to store a TPM key into the TPM's NVRAM and another to extract the key from the TPM's NVRAM. Both examples can use parameter encryption to protect from MITM attacks. The Non-volatile memory location is protected with a password authorization that is passed in encrypted form, when "-aes" is given on the command line.
 
 Before running the examples, make sure there is a keyblob.bin generated using the keygen tool. The key can be of any type, RSA, ECC or symmetric. The example will store the private and public part. In case of a symmetric key the public part is meta data from the TPM. How to generate a key you can see above, in the description of the keygen example.
 
@@ -341,7 +341,7 @@ Loaded key to 0x80000001
 
 ```
 
-The "read" example will try to load the extracted key, if both the public and private part of the key were stored in NVRAM. The "-aes" swiches triggers the use of parameter encryption.
+The "read" example will try to load the extracted key, if both the public and private part of the key were stored in NVRAM. The "-aes" switches triggers the use of parameter encryption.
 
 The examples can work with partial key material - private or public. This is achieved by using the "-priv" and "-pub" options.
 

examples/nvram/read.c

@@ -160,7 +160,8 @@ int TPM2_NVRAM_Read_Example(void* userCtx, int argc, char *argv[])
         offset += readSize;
 
         /* Necessary for storing the publicArea with the correct encoding */
-        rc = TPM2_ParsePublic(&keyBlob.pub, pubAreaBuffer, sizeof(pubAreaBuffer), &pubAreaSize);
+        rc = TPM2_ParsePublic(&keyBlob.pub, pubAreaBuffer,
+            (word32)sizeof(pubAreaBuffer), &pubAreaSize);
         if (rc != TPM_RC_SUCCESS) {
             printf("Decoding of PublicArea failed. Unable to extract correctly.\n");
             goto exit;

examples/nvram/store.c

@@ -158,7 +158,8 @@ int TPM2_NVRAM_Store_Example(void* userCtx, int argc, char *argv[])
         offset += sizeof(keyBlob.pub.size);
 
         /* Necessary for storing the publicArea with the correct byte encoding */
-        rc = TPM2_AppendPublic(pubAreaBuffer, sizeof(pubAreaBuffer), &pubAreaSize, &keyBlob.pub);
+        rc = TPM2_AppendPublic(pubAreaBuffer, (word32)sizeof(pubAreaBuffer),
+            &pubAreaSize, &keyBlob.pub);
         /* Note:
          * Public Area is the only part of a TPM key that can be stored encoded
          * Private Area is stored as-is, because TPM2B_PRIVATE is byte buffer

examples/tpm_test_keys.c

@@ -48,7 +48,8 @@ int writeKeyBlob(const char* filename,
     fp = XFOPEN(filename, "wb");
     if (fp != XBADFILE) {
         /* Make publicArea in encoded format to eliminate empty fields, save space */
-        rc = TPM2_AppendPublic(pubAreaBuffer, sizeof(pubAreaBuffer), &pubAreaSize, &key->pub);
+        rc = TPM2_AppendPublic(pubAreaBuffer, (word32)sizeof(pubAreaBuffer),
+            &pubAreaSize, &key->pub);
         if (rc != TPM_RC_SUCCESS) return rc;
         if (pubAreaSize != (key->pub.size + sizeof(key->pub.size))) {
 #ifdef DEBUG_WOLFTPM
@@ -98,20 +99,23 @@ int readKeyBlob(const char* filename, WOLFTPM2_KEYBLOB* key)
 
         bytes_read = XFREAD(&key->pub.size, 1, sizeof(key->pub.size), fp);
         if (bytes_read != sizeof(key->pub.size)) {
-            printf("Read %zu, expected size marker of %zu bytes\n", bytes_read, sizeof(key->pub.size));
+            printf("Read %zu, expected size marker of %zu bytes\n",
+                bytes_read, sizeof(key->pub.size));
             goto exit;
         }
         fileSz -= bytes_read;
 
         bytes_read = XFREAD(pubAreaBuffer, 1, sizeof(UINT16) + key->pub.size, fp);
         if (bytes_read != sizeof(UINT16) + key->pub.size) {
-            printf("Read %zu, expected public blob %lu bytes\n", bytes_read, sizeof(UINT16) + key->pub.size);
+            printf("Read %zu, expected public blob %lu bytes\n",
+                bytes_read, sizeof(UINT16) + key->pub.size);
             goto exit;
         }
         fileSz -= bytes_read; /* Reminder bytes for private key part */
 
         /* Decode the byte stream into a publicArea structure ready for use */
-        rc = TPM2_ParsePublic(&key->pub, pubAreaBuffer, sizeof(pubAreaBuffer), &pubAreaSize);
+        rc = TPM2_ParsePublic(&key->pub, pubAreaBuffer,
+            (word32)sizeof(pubAreaBuffer), &pubAreaSize);
         if (rc != TPM_RC_SUCCESS) return rc;
 #ifdef DEBUG_WOLFTPM
         TPM2_PrintPublicArea(&key->pub);
@@ -121,7 +125,8 @@ int readKeyBlob(const char* filename, WOLFTPM2_KEYBLOB* key)
             printf("Reading the private part of the key\n");
             bytes_read = XFREAD(&key->priv, 1, fileSz, fp);
             if (bytes_read != fileSz) {
-                printf("Read %zu, expected private blob %zu bytes\n", bytes_read, fileSz);
+                printf("Read %zu, expected private blob %zu bytes\n",
+                    bytes_read, fileSz);
                 goto exit;
             }
             rc = 0; /* success */

src/tpm2.c

@@ -5721,7 +5721,6 @@ int TPM2_HashNvPublic(TPMS_NV_PUBLIC* nvPublic, byte* buffer, UINT16* size)
     if (rc == 0) {
         rc = wc_HashUpdate(&hash, hashType, packet.buf, packet.pos);
     }
-
     if (rc == 0) {
         rc = wc_HashFinal(&hash, hashType, &buffer[2]);
     }
@@ -5747,11 +5746,11 @@ int TPM2_HashNvPublic(TPMS_NV_PUBLIC* nvPublic, byte* buffer, UINT16* size)
 #endif
 }
 
-WOLFTPM_API int TPM2_AppendPublic(byte* buf, size_t size, int* sizeUsed, TPM2B_PUBLIC* pub)
+int TPM2_AppendPublic(byte* buf, word32 size, int* sizeUsed, TPM2B_PUBLIC* pub)
 {
     TPM2_Packet packet;
 
-    if (buf == NULL || sizeUsed == NULL)
+    if (buf == NULL || pub == NULL || sizeUsed == NULL)
         return BAD_FUNC_ARG;
 
     if (size < sizeof(TPM2B_PUBLIC)) {
@@ -5770,11 +5769,11 @@ WOLFTPM_API int TPM2_AppendPublic(byte* buf, size_t size, int* sizeUsed, TPM2B_P
     return TPM_RC_SUCCESS;
 }
 
-WOLFTPM_API int TPM2_ParsePublic(TPM2B_PUBLIC* pub, byte* buf, size_t size, int* sizeUsed)
+int TPM2_ParsePublic(TPM2B_PUBLIC* pub, byte* buf, word32 size, int* sizeUsed)
 {
     TPM2_Packet packet;
 
-    if (buf == NULL || sizeUsed == NULL)
+    if (buf == NULL || pub == NULL || sizeUsed == NULL)
         return BAD_FUNC_ARG;
 
     if (size < sizeof(TPM2B_PUBLIC)) {

src/tpm2_wrap.c

@@ -2664,7 +2664,7 @@ int wolfTPM2_NVWriteAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv,
     rc = wolfTPM2_NVReadPublic(dev, nv->handle.hndl, &nvPublic);
     if (rc != TPM_RC_SUCCESS) {
     #ifdef DEBUG_WOLFTPM
-        printf("Failed to read fresh NvPublic\n");
+        printf("Failed to read fresh NV Public\n");
     #endif
         return TPM_RC_FAILURE;
     }
@@ -2677,7 +2677,7 @@ int wolfTPM2_NVWriteAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv,
     }
 
     /* Necessary, because NVWrite has two handles, second is NV Index */
-    rc = wolfTPM2_SetAuthHandleName(dev, 0, &nv->handle);
+    rc  = wolfTPM2_SetAuthHandleName(dev, 0, &nv->handle);
     rc |= wolfTPM2_SetAuthHandleName(dev, 1, &nv->handle);
     if (rc != TPM_RC_SUCCESS) {
         printf("Storing NV Index Name failed\n");
@@ -2751,7 +2751,7 @@ int wolfTPM2_NVReadAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv,
     rc = wolfTPM2_NVReadPublic(dev, nv->handle.hndl, &nvPublic);
     if (rc != TPM_RC_SUCCESS) {
     #ifdef DEBUG_WOLFTPM
-        printf("Failed to read fresh NvPublic\n");
+        printf("Failed to read fresh NV Public\n");
     #endif
         return TPM_RC_FAILURE;
     }
@@ -2764,15 +2764,14 @@ int wolfTPM2_NVReadAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv,
     }
 
     /* Necessary, because NVWrite has two handles, second is NV Index */
-    rc = wolfTPM2_SetAuthHandleName(dev, 0, &nv->handle);
+    rc  = wolfTPM2_SetAuthHandleName(dev, 0, &nv->handle);
     rc |= wolfTPM2_SetAuthHandleName(dev, 1, &nv->handle);
     if (rc != TPM_RC_SUCCESS) {
         printf("Storing NV Index Name failed\n");
         return TPM_RC_FAILURE;
     }
 
     dataSz = *pDataSz;
-
     while (dataSz > 0) {
         toread = dataSz;
         if (toread > MAX_NV_BUFFER_SIZE)
@@ -2810,7 +2809,6 @@ int wolfTPM2_NVReadAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv,
         pos += toread;
         dataSz -= toread;
     }
-
     *pDataSz = pos;
 
     return rc;

wolftpm/tpm2.h

@@ -2801,8 +2801,8 @@ WOLFTPM_API int TPM2_GetWolfCurve(int curve_id);
 
 WOLFTPM_API int TPM2_ParseAttest(const TPM2B_ATTEST* in, TPMS_ATTEST* out);
 WOLFTPM_API int TPM2_HashNvPublic(TPMS_NV_PUBLIC* nvPublic, byte* buffer, UINT16* size);
-WOLFTPM_API int TPM2_AppendPublic(byte* buf, size_t size, int* sizeUsed, TPM2B_PUBLIC* pub);
-WOLFTPM_API int TPM2_ParsePublic(TPM2B_PUBLIC* pub, byte* buf, size_t size, int* sizeUsed);
+WOLFTPM_API int TPM2_AppendPublic(byte* buf, word32 size, int* sizeUsed, TPM2B_PUBLIC* pub);
+WOLFTPM_API int TPM2_ParsePublic(TPM2B_PUBLIC* pub, byte* buf, word32 size, int* sizeUsed);
 WOLFTPM_LOCAL int TPM2_GetName(TPM2_CTX* ctx, UINT32 handleValue, int handleCnt, int idx, TPM2B_NAME* name);
 
 #ifdef WOLFTPM2_USE_WOLF_RNG