Fix for wolfTPM2_SetKeyAuthPassword that was truncating password to 2 chars. Added test to catch this and made sure there are no others. Bug introduced in PR #427 and release v3.9.2.

Author: dgarske

src/tpm2_wrap.c

@@ -528,8 +528,8 @@ int wolfTPM2_SetKeyAuthPassword(WOLFTPM2_KEY *key, const byte* auth,
     }
 
     /* specify auth password for storage key */
-    if (authSz > (int)sizeof(key->handle.auth.size)) {
-        authSz = (int)sizeof(key->handle.auth.size); /* truncate */
+    if (authSz > (int)sizeof(key->handle.auth.buffer)) {
+        authSz = (int)sizeof(key->handle.auth.buffer); /* truncate */
     }
     key->handle.auth.size = (UINT16)authSz;
     if (auth != NULL) {

wrapper/CSharp/wolfTPM-tests.cs

@@ -127,6 +127,8 @@ private void GenerateKey(string algorithm)
             Template template = new Template();
             byte[] blob_buffer = new byte[Device.MAX_KEYBLOB_BYTES];
 
+            Console.WriteLine("Generating {0} key", algorithm);
+
             if (algorithm == "RSA")
             {
                 rc = template.GetKeyTemplate_RSA((ulong)(
@@ -158,6 +160,7 @@ private void GenerateKey(string algorithm)
             rc = blob.GetKeyBlobAsBuffer(blob_buffer);
             if (rc > 0)
             {
+                Console.WriteLine("Key Blob Size: {0} bytes", rc);
                 Array.Resize(ref blob_buffer, rc);
                 if (algorithm == "RSA")
                 {
@@ -190,6 +193,8 @@ private void LoadGeneratedKey(string algorithm)
             KeyBlob blob = new KeyBlob();
             byte[] blob_buffer;
 
+            Console.WriteLine("Loading {0} key", algorithm);
+
             if (algorithm == "RSA")
             {
                 blob_buffer = generatedRSA;
@@ -213,6 +218,28 @@ private void LoadGeneratedKey(string algorithm)
             rc = blob.SetKeyAuthPassword("ThisIsMyKeyAuth");
             Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
 
+            /* Use key to make sure authentication works */
+            if (algorithm == "RSA") {
+                const int RsaKeySz = 256;
+                const int HashDigestSz = 32;
+                byte[] sig = new byte[RsaKeySz];
+                byte[] digest = new byte[HashDigestSz];
+
+                /* Perform RSA sign / verify - PKCSv1.5 (SSA) padding */
+                for (int i=0; i<digest.Length; i++)  {
+                    digest[i] = 0x11;
+                }
+                rc = device.SignHashScheme(blob, digest, sig,
+                    TPM2_Alg.RSASSA, TPM2_Alg.SHA256);
+                Assert.AreEqual(RsaKeySz, rc);
+
+                rc = device.VerifyHashScheme(blob, sig, digest,
+                    TPM2_Alg.RSASSA, TPM2_Alg.SHA256);
+                Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
+
+                Console.WriteLine("RSA Sign/Verify Success");
+            }
+
             rc = device.UnloadHandle(blob);
             Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
         }

wrapper/CSharp/wolfTPM.cs

@@ -903,8 +903,13 @@ public class Device : IDisposable
 
         const string DLLNAME = "wolftpm";
 
-        public const int MAX_KEYBLOB_BYTES = 1024;
+        /* These "max" buffer sizes are used for testing only and may be larger
+         * depending on actual platform. */
+        /* Temporary buffer large enough for key blob public+private parts */
+        public const int MAX_KEYBLOB_BYTES = 2048; /* MAX_CONTEXT_SIZE */
+        /* Temporary buffer large enough for test CSR's */
         public const int MAX_TPM_BUFFER = 2048;
+
         public const int INVALID_DEVID = -2;
         private IntPtr device = IntPtr.Zero;