Merge pull request #419 from dgarske/parsepubsz

embhorn · web-flow · commit 33a532f58c5f · 2025-06-06T15:07:26.000-05:00
Fix `TPM2_ParsePublic` size argument
diff --git a/examples/attestation/make_credential.c b/examples/attestation/make_credential.c
@@ -49,8 +49,8 @@ static void usage(void)
     printf("Notes:\n");
     printf("\tName digest is loaded from \"ak.name\" file\n");
     printf("\tPublic key is loaded from a file containing TPM2B_PUBLIC\n");
-    printf("\t\"tek.pub\" for EK pub");
-    printf("\t\"tsrk.pub\" for SRK pub");
+    printf("\t\"ek.pub\" for EK pub\n");
+    printf("\t\"srk.pub\" for SRK pub\n");
     printf("\tOutput is stored in \"cred.blob\"\n");
     printf("Demo usage without parameters, uses SRK pub\n");
 }
diff --git a/examples/nvram/read.c b/examples/nvram/read.c
@@ -221,7 +221,7 @@ int TPM2_NVRAM_Read_Example(void* userCtx, int argc, char *argv[])
 
             /* Necessary for storing the publicArea with the correct encoding */
             rc = TPM2_ParsePublic(&keyBlob.pub, pubAreaBuffer,
-                (word32)sizeof(pubAreaBuffer), &pubAreaSize);
+                readSize, &pubAreaSize);
             if (rc != TPM_RC_SUCCESS) {
                 printf("Decoding of PublicArea failed. Unable to extract correctly.\n");
                 goto exit;
diff --git a/examples/run_examples.sh b/examples/run_examples.sh
@@ -493,17 +493,9 @@ if [ $WOLFCRYPT_ENABLE -eq 1 ]; then
 fi
 
 if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $NO_FILESYSTEM -eq 0 ]; then
-    ./examples/keygen/keygen keyblob.bin -rsa >> $TPMPWD/run.out 2>&1
-    RESULT=$?
-    [ $RESULT -ne 0 ] && echo -e "keygen rsa failed! $RESULT" && exit 1
-    ./examples/attestation/make_credential >> $TPMPWD/run.out 2>&1
-    RESULT=$?
-    [ $RESULT -ne 0 ] && echo -e "make_credential failed! $RESULT" && exit 1
-    ./examples/attestation/activate_credential >> $TPMPWD/run.out 2>&1
-    RESULT=$?
-    [ $RESULT -ne 0 ] && echo -e "activate_credential failed! $RESULT" && exit 1
+    rm -f keyblob.bin
 
-    # Endorsement hierarchy
+    # Endorsement hierarchy (assumes keyblob.bin for key)
     ./examples/keygen/keygen keyblob.bin -rsa -eh >> $TPMPWD/run.out 2>&1
     RESULT=$?
     [ $RESULT -ne 0 ] && echo -e "keygen rsa endorsement failed! $RESULT" && exit 1
@@ -514,10 +506,21 @@ if [ $WOLFCRYPT_ENABLE -eq 1 ] && [ $NO_FILESYSTEM -eq 0 ]; then
     RESULT=$?
     [ $RESULT -ne 0 ] && echo -e "activate_credential endorsement failed! $RESULT" && exit 1
 
+    ./examples/keygen/keygen keyblob.bin -rsa >> $TPMPWD/run.out 2>&1
+    RESULT=$?
+    [ $RESULT -ne 0 ] && echo -e "keygen rsa failed! $RESULT" && exit 1
+    ./examples/attestation/make_credential >> $TPMPWD/run.out 2>&1
+    RESULT=$?
+    [ $RESULT -ne 0 ] && echo -e "make_credential failed! $RESULT" && exit 1
+    ./examples/attestation/activate_credential >> $TPMPWD/run.out 2>&1
+    RESULT=$?
+    [ $RESULT -ne 0 ] && echo -e "activate_credential failed! $RESULT" && exit 1
+
     rm -f cred.blob
     rm -f ek.pub
     rm -f srk.pub
     rm -f ak.name
+    # Keeping keyblob.bin for tests later
 fi
 
 # PCR Quote Tests
diff --git a/examples/tpm_test_keys.c b/examples/tpm_test_keys.c
@@ -216,7 +216,7 @@ int readKeyBlob(const char* filename, WOLFTPM2_KEYBLOB* key)
 
         /* Decode the byte stream into a publicArea structure ready for use */
         rc = TPM2_ParsePublic(&key->pub, pubAreaBuffer,
-            (word32)sizeof(pubAreaBuffer), &pubAreaSize);
+            sizeof(UINT16) + key->pub.size, &pubAreaSize);
         if (rc != TPM_RC_SUCCESS) {
             goto exit;
         }
diff --git a/src/tpm2.c b/src/tpm2.c
@@ -6465,13 +6465,6 @@ int TPM2_ParsePublic(TPM2B_PUBLIC* pub, byte* buf, word32 size, int* sizeUsed)
     if (buf == NULL || pub == NULL || sizeUsed == NULL)
         return BAD_FUNC_ARG;
 
-    if (size < sizeof(TPM2B_PUBLIC)) {
-    #ifdef DEBUG_WOLFTPM
-        printf("Insufficient buffer size for TPM2B_PUBLIC operations\n");
-    #endif
-        return TPM_RC_FAILURE;
-    }
-
     /* Prepare temporary buffer */
     packet.buf = buf;
     packet.pos = 0;
diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
@@ -481,7 +481,7 @@ int wolfTPM2_SetKeyBlobFromBuffer(WOLFTPM2_KEYBLOB* key, byte *buffer,
 
     /* Decode the byte stream into a publicArea structure ready for use */
     rc = TPM2_ParsePublic(&key->pub, pubAreaBuffer,
-        (word32)sizeof(pubAreaBuffer), &pubAreaSize);
+        (word32)(sizeof(UINT16) + key->pub.size), &pubAreaSize);
     if (rc != TPM_RC_SUCCESS) {
         return rc;
     }

Original file line number	Diff line number	Diff line change
`@@ -216,7 +216,7 @@ int readKeyBlob(const char* filename, WOLFTPM2_KEYBLOB* key)`
`216`	`216`
`217`	`217`	`/* Decode the byte stream into a publicArea structure ready for use */`
`218`	`218`	`rc = TPM2_ParsePublic(&key->pub, pubAreaBuffer,`
`219`		`- (word32)sizeof(pubAreaBuffer), &pubAreaSize);`
	`219`	`+ sizeof(UINT16) + key->pub.size, &pubAreaSize);`
`220`	`220`	`if (rc != TPM_RC_SUCCESS) {`
`221`	`221`	`goto exit;`
`222`	`222`	`}`
Original file line number	Diff line number	Diff line change
`@@ -481,7 +481,7 @@ int wolfTPM2_SetKeyBlobFromBuffer(WOLFTPM2_KEYBLOB* key, byte *buffer,`
`481`	`481`
`482`	`482`	`/* Decode the byte stream into a publicArea structure ready for use */`
`483`	`483`	`rc = TPM2_ParsePublic(&key->pub, pubAreaBuffer,`
`484`		`- (word32)sizeof(pubAreaBuffer), &pubAreaSize);`
	`484`	`+ (word32)(sizeof(UINT16) + key->pub.size), &pubAreaSize);`
`485`	`485`	`if (rc != TPM_RC_SUCCESS) {`
`486`	`486`	`return rc;`
`487`	`487`	`}`