Skip to content

Commit ce20c30

Browse files
jackctj117jackctj117
committed
Wrapped changes in correct guard
1 parent 2d49418 commit ce20c30

2 files changed

Lines changed: 23 additions & 14 deletions

File tree

src/tpm2_wrap.c

Lines changed: 18 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -7332,23 +7332,24 @@ typedef struct CSRKey {
73327332
TpmCryptoDevCtx tpmCtx;
73337333
} CSRKey;
73347334

7335+
#ifdef WOLFSSL_CERT_SIGN_CB
73357336
/*
73367337
* Internal callback function for wc_SignCert_cb that uses TPM for signing.
7337-
*
7338+
*
73387339
* This callback implements the wc_SignCertCb interface to perform certificate
73397340
* and CSR signing using the TPM. It is used internally by CSR_MakeAndSign_Cb
73407341
* when the callback-based signing approach is selected.
7341-
*
7342+
*
73427343
* For RSA keys:
73437344
* - Input is PKCS#1 v1.5 padded digest (already encoded by wolfSSL)
73447345
* - Uses wolfTPM2_RsaDecrypt with TPM_ALG_NULL (no padding) to perform
73457346
* the private key operation for signing
7346-
*
7347+
*
73477348
* For ECC keys:
73487349
* - Input is the raw hash to sign
73497350
* - Uses wolfTPM2_SignHash to sign with TPM
73507351
* - Converts TPM's R||S format to DER-encoded ECDSA signature
7351-
*
7352+
*
73527353
* Parameters:
73537354
* in - Data to sign (encoded for RSA, raw hash for ECC)
73547355
* inLen - Length of input data
@@ -7357,7 +7358,7 @@ typedef struct CSRKey {
73577358
* sigAlgo - Signature algorithm (not used, determined by keyType)
73587359
* keyType - Key type (RSA_TYPE or ECC_TYPE)
73597360
* ctx - TpmSignCbCtx containing TPM device and key
7360-
*
7361+
*
73617362
* Returns:
73627363
* 0 on success
73637364
* BAD_FUNC_ARG on invalid parameters
@@ -7424,6 +7425,7 @@ static int wolfTPM2_SignCertCb(const byte* in, word32 inLen,
74247425

74257426
return rc;
74267427
}
7428+
#endif /* WOLFSSL_CERT_SIGN_CB */
74277429

74287430

74297431
static int CSR_MakeAndSign(WOLFTPM2_DEV* dev, WOLFTPM2_CSR* csr, CSRKey* key,
@@ -7476,20 +7478,21 @@ static int CSR_MakeAndSign(WOLFTPM2_DEV* dev, WOLFTPM2_CSR* csr, CSRKey* key,
74767478
return rc;
74777479
}
74787480

7481+
#ifdef WOLFSSL_CERT_SIGN_CB
74797482
/*
74807483
* Internal function for CSR/Certificate generation and signing using the
74817484
* callback-based approach.
7482-
*
7485+
*
74837486
* This function generates and signs a Certificate Signing Request (CSR) or
74847487
* self-signed certificate using the new wc_SignCert_cb() API. Unlike the
74857488
* legacy CSR_MakeAndSign() function which requires crypto callback setup,
74867489
* this function calls TPM signing directly via wolfTPM2_SignCertCb().
7487-
*
7490+
*
74887491
* Advantages of this approach:
74897492
* - FIPS compliant (no wolfCrypt crypto offloading)
74907493
* - Simpler code path (no crypto callback infrastructure)
74917494
* - Direct TPM signing without intermediate key structures
7492-
*
7495+
*
74937496
* Parameters:
74947497
* dev - Initialized TPM device
74957498
* csr - CSR structure with subject, extensions, etc.
@@ -7499,7 +7502,7 @@ static int CSR_MakeAndSign(WOLFTPM2_DEV* dev, WOLFTPM2_CSR* csr, CSRKey* key,
74997502
* out - Output buffer
75007503
* outSz - Size of output buffer
75017504
* selfSignCert - 1 to create self-signed cert, 0 for CSR
7502-
*
7505+
*
75037506
* Returns:
75047507
* Positive value: size of generated CSR/certificate
75057508
* BAD_FUNC_ARG: invalid parameters
@@ -7615,6 +7618,7 @@ static int CSR_MakeAndSign_Cb(WOLFTPM2_DEV* dev, WOLFTPM2_CSR* csr,
76157618

76167619
return rc;
76177620
}
7621+
#endif /* WOLFSSL_CERT_SIGN_CB */
76187622

76197623

76207624
static int CSR_KeySetup(WOLFTPM2_DEV* dev, WOLFTPM2_CSR* csr, WOLFTPM2_KEY* key,
@@ -7836,6 +7840,7 @@ int wolfTPM2_CSR_MakeAndSign_ex(WOLFTPM2_DEV* dev, WOLFTPM2_CSR* csr,
78367840
csr->req.version = 0;
78377841
}
78387842

7843+
#ifdef WOLFSSL_CERT_SIGN_CB
78397844
/* Use new callback-based signing if devId not specified */
78407845
if (devId == INVALID_DEVID) {
78417846
/* Set signature type if not specified */
@@ -7853,8 +7858,10 @@ int wolfTPM2_CSR_MakeAndSign_ex(WOLFTPM2_DEV* dev, WOLFTPM2_CSR* csr,
78537858
rc = CSR_MakeAndSign_Cb(dev, csr, key, keyType, outFormat, out, outSz,
78547859
selfSignCert);
78557860
}
7856-
else {
7857-
/* Fall back to crypto callback approach for backward compatibility */
7861+
else
7862+
#endif /* WOLFSSL_CERT_SIGN_CB */
7863+
{
7864+
/* Use crypto callback approach */
78587865
CSRKey csrKey;
78597866
rc = CSR_KeySetup(dev, csr, key, &csrKey, sigType, devId);
78607867
if (rc == 0) {

wolftpm/tpm2_wrap.h

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -110,22 +110,24 @@ typedef struct WOLFTPM2_CSR {
110110
Cert req;
111111
} WOLFTPM2_CSR;
112112

113+
#ifdef WOLFSSL_CERT_SIGN_CB
113114
/*!
114115
\ingroup wolfTPM2_Wrappers
115116
\brief Context structure for TPM-based certificate signing callback.
116-
117+
117118
This structure holds the TPM device and key references needed for the
118119
certificate signing callback (wc_SignCertCb). It is used internally by
119120
wolfTPM2_CSR_MakeAndSign_ex when using the callback-based signing approach.
120-
121+
121122
\sa wolfTPM2_CSR_MakeAndSign_ex
122123
\sa wc_SignCert_cb
123124
*/
124125
typedef struct TpmSignCbCtx {
125126
WOLFTPM2_DEV* dev; /*!< Pointer to initialized TPM device */
126127
WOLFTPM2_KEY* key; /*!< Pointer to TPM key used for signing */
127128
} TpmSignCbCtx;
128-
#endif
129+
#endif /* WOLFSSL_CERT_SIGN_CB */
130+
#endif /* WOLFTPM2_CERT_GEN */
129131

130132
/* buffer similar to TPM2B_MAX_BUFFER that can be used */
131133
typedef struct WOLFTPM2_BUFFER {

0 commit comments

Comments
 (0)