Fixed issues with ZGen_2Phase to populate x and y. Fix for fwtpm without NV.

Author: dgarske

hal/tpm_io_fwtpm.c

@@ -55,6 +55,8 @@ static int gFwtpmClientInit = 0;
 int FWTPM_TIS_ClientConnect(FWTPM_TIS_CLIENT_CTX* client)
 {
     int fd;
+    int openFlags;
+    int fdFlags;
     struct stat st;
     FWTPM_TIS_REGS* shm;
     sem_t* semCmd;
@@ -70,16 +72,14 @@ int FWTPM_TIS_ClientConnect(FWTPM_TIS_CLIENT_CTX* client)
     /* Open existing shared memory file. O_NOFOLLOW and O_CLOEXEC are not
      * universally available across POSIX targets — guard at compile time
      * and fall back to fcntl(FD_CLOEXEC) for the close-on-exec semantics. */
-    {
-        int openFlags = O_RDWR;
-    #ifdef O_NOFOLLOW
-        openFlags |= O_NOFOLLOW;
-    #endif
-    #ifdef O_CLOEXEC
-        openFlags |= O_CLOEXEC;
-    #endif
-        fd = open(FWTPM_TIS_SHM_PATH, openFlags);
-    }
+    openFlags = O_RDWR;
+#ifdef O_NOFOLLOW
+    openFlags |= O_NOFOLLOW;
+#endif
+#ifdef O_CLOEXEC
+    openFlags |= O_CLOEXEC;
+#endif
+    fd = open(FWTPM_TIS_SHM_PATH, openFlags);
     if (fd < 0) {
     #ifdef DEBUG_WOLFTPM
         printf("fwTPM HAL: open(%s) failed: %d (%s)\n",
@@ -88,8 +88,12 @@ int FWTPM_TIS_ClientConnect(FWTPM_TIS_CLIENT_CTX* client)
         return TPM_RC_FAILURE;
     }
 #ifndef O_CLOEXEC
-    /* Fallback for platforms without O_CLOEXEC */
-    (void)fcntl(fd, F_SETFD, FD_CLOEXEC);
+    fdFlags = fcntl(fd, F_GETFD);
+    if (fdFlags >= 0) {
+        (void)fcntl(fd, F_SETFD, fdFlags | FD_CLOEXEC);
+    }
+#else
+    (void)fdFlags;
 #endif
 
     /* Verify file is large enough before mapping */

scripts/fwtpm_emu_test.sh

@@ -102,7 +102,7 @@ set -e
 # Show UART output (filter emulator noise)
 echo ""
 echo "--- fwTPM output ---"
-grep -E "^===|^fwTPM|^  |^Running|^  Startup|^  SelfTest|^  GetRandom|^  GetCapability|^  Random|^All self|^SELF-TEST" "$LOG"
+grep -E "^===|^fwTPM|^  |^Running|^  Startup|^  SelfTest|^  GetRandom|^  GetCapability|^  Random|^All self|^SELF-TEST" "$LOG" || true
 echo "--- end ---"
 echo ""
 

src/fwtpm/fwtpm_command.c

@@ -11908,8 +11908,9 @@ static TPM_RC FwCmd_ZGen_2Phase(FWTPM_CTX* ctx, TPM2_Packet* cmd,
     FWTPM_DECLARE_VAR(privKeyA, ecc_key);
     FWTPM_DECLARE_VAR(privEph, ecc_key);
     FWTPM_DECLARE_VAR(peerPub, ecc_key);
-    byte z1Buf[66], z2Buf[66]; /* shared secret x-coordinates */
-    word32 z1Sz, z2Sz;
+    byte z1xBuf[66], z1yBuf[66]; /* shared point coordinates (outZ1) */
+    byte z2xBuf[66], z2yBuf[66]; /* shared point coordinates (outZ2) */
+    word32 z1xSz, z1ySz, z2xSz, z2ySz;
     int wcCurve;
     int markPos;
     int paramSzPos, paramStart;
@@ -12029,8 +12030,8 @@ static TPM_RC FwCmd_ZGen_2Phase(FWTPM_CTX* ctx, TPM2_Packet* cmd,
         if (rc != 0) rc = TPM_RC_ECC_POINT;
     }
     if (rc == 0) {
-        z1Sz = (word32)sizeof(z1Buf);
-        rc = wc_ecc_shared_secret(privKeyA, peerPub, z1Buf, &z1Sz);
+        rc = FwEccSharedPoint(privKeyA, peerPub,
+            z1xBuf, &z1xSz, z1yBuf, &z1ySz);
         if (rc != 0) rc = TPM_RC_FAILURE;
     }
 
@@ -12065,35 +12066,41 @@ static TPM_RC FwCmd_ZGen_2Phase(FWTPM_CTX* ctx, TPM2_Packet* cmd,
         if (rc != 0) rc = TPM_RC_ECC_POINT;
     }
     if (rc == 0) {
-        z2Sz = (word32)sizeof(z2Buf);
-        rc = wc_ecc_shared_secret(privEph, peerPub, z2Buf, &z2Sz);
+        rc = FwEccSharedPoint(privEph, peerPub,
+            z2xBuf, &z2xSz, z2yBuf, &z2ySz);
         if (rc != 0) rc = TPM_RC_FAILURE;
     }
 
-    /* Build response: outZ1 + outZ2 as TPM2B_ECC_POINT (x-only) */
+    /* Build response: outZ1 + outZ2 as TPM2B_ECC_POINT with full (x,y).
+     * TPM 2.0 Part 3 §14.7: Z value is the x-coordinate; y is populated
+     * for spec-strictness and TPM_ALG_ECMQV compatibility. */
     if (rc == 0) {
         paramStart = FwRspParamsBegin(rsp, cmdTag, &paramSzPos);
 
         /* outZ1 */
         TPM2_Packet_MarkU16(rsp, &markPos);
-        TPM2_Packet_AppendU16(rsp, (UINT16)z1Sz);
-        TPM2_Packet_AppendBytes(rsp, z1Buf, z1Sz);
-        TPM2_Packet_AppendU16(rsp, 0); /* y = empty */
+        TPM2_Packet_AppendU16(rsp, (UINT16)z1xSz);
+        TPM2_Packet_AppendBytes(rsp, z1xBuf, z1xSz);
+        TPM2_Packet_AppendU16(rsp, (UINT16)z1ySz);
+        TPM2_Packet_AppendBytes(rsp, z1yBuf, z1ySz);
         TPM2_Packet_PlaceU16(rsp, markPos);
 
         /* outZ2 */
         TPM2_Packet_MarkU16(rsp, &markPos);
-        TPM2_Packet_AppendU16(rsp, (UINT16)z2Sz);
-        TPM2_Packet_AppendBytes(rsp, z2Buf, z2Sz);
-        TPM2_Packet_AppendU16(rsp, 0); /* y = empty */
+        TPM2_Packet_AppendU16(rsp, (UINT16)z2xSz);
+        TPM2_Packet_AppendBytes(rsp, z2xBuf, z2xSz);
+        TPM2_Packet_AppendU16(rsp, (UINT16)z2ySz);
+        TPM2_Packet_AppendBytes(rsp, z2yBuf, z2ySz);
         TPM2_Packet_PlaceU16(rsp, markPos);
 
         FwRspParamsEnd(rsp, cmdTag, paramSzPos, paramStart);
     }
 
     /* Cleanup */
-    TPM2_ForceZero(z1Buf, sizeof(z1Buf));
-    TPM2_ForceZero(z2Buf, sizeof(z2Buf));
+    TPM2_ForceZero(z1xBuf, sizeof(z1xBuf));
+    TPM2_ForceZero(z1yBuf, sizeof(z1yBuf));
+    TPM2_ForceZero(z2xBuf, sizeof(z2xBuf));
+    TPM2_ForceZero(z2yBuf, sizeof(z2yBuf));
     /* Zero ephemeral key — it was consumed and must not be reused */
     TPM2_ForceZero(ctx->ecEphemeralKey, sizeof(ctx->ecEphemeralKey));
     ctx->ecEphemeralKeySz = 0;

src/fwtpm/fwtpm_crypto.c

@@ -2195,6 +2195,67 @@ int FwImportEccKey(const FWTPM_Object* obj, ecc_key* key)
     }
     return FwImportEccPubFromPublic(&obj->pub, key);
 }
+
+/* Compute ECDH shared point R = priv.k * peer.pub, returning both x and y
+ * coordinates. wc_ecc_shared_secret only returns x; ZGen_2Phase marshals a
+ * full TPM2B_ECC_POINT and TPM_ALG_ECMQV requires y as well.
+ * xBuf/yBuf must each hold at least curve byte length. */
+int FwEccSharedPoint(ecc_key* priv, ecc_key* peer,
+    byte* xBuf, word32* xSz, byte* yBuf, word32* ySz)
+{
+    int rc;
+    int curveIdx;
+    ecc_point* R = NULL;
+    mp_int prime, a;
+    const ecc_set_type* dp;
+    int primeInit = 0, aInit = 0;
+
+    if (priv == NULL || peer == NULL || xBuf == NULL || xSz == NULL ||
+        yBuf == NULL || ySz == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    curveIdx = wc_ecc_get_curve_idx(priv->dp->id);
+    if (curveIdx < 0)
+        return ECC_BAD_ARG_E;
+    dp = wc_ecc_get_curve_params(curveIdx);
+    if (dp == NULL)
+        return ECC_BAD_ARG_E;
+
+    R = wc_ecc_new_point();
+    if (R == NULL)
+        return MEMORY_E;
+
+    rc = mp_init(&prime);
+    if (rc == 0) {
+        primeInit = 1;
+        rc = mp_init(&a);
+    }
+    if (rc == 0) {
+        aInit = 1;
+        rc = mp_read_radix(&prime, dp->prime, MP_RADIX_HEX);
+    }
+    if (rc == 0)
+        rc = mp_read_radix(&a, dp->Af, MP_RADIX_HEX);
+    if (rc == 0)
+        rc = wc_ecc_mulmod(ecc_get_k(priv), &peer->pubkey, R, &a, &prime, 1);
+
+    if (rc == 0) {
+        *xSz = (word32)mp_unsigned_bin_size(R->x);
+        rc = mp_to_unsigned_bin(R->x, xBuf);
+    }
+    if (rc == 0) {
+        *ySz = (word32)mp_unsigned_bin_size(R->y);
+        rc = mp_to_unsigned_bin(R->y, yBuf);
+    }
+
+    if (aInit)
+        mp_clear(&a);
+    if (primeInit)
+        mp_clear(&prime);
+    wc_ecc_del_point(R);
+    return rc;
+}
 #endif /* HAVE_ECC */
 
 #ifndef NO_RSA

src/fwtpm/fwtpm_tis.c

@@ -331,7 +331,7 @@ static void TisHandleRegAccess(FWTPM_CTX* ctx, FWTPM_TIS_REGS* regs)
         if (len > 4) {
             len = 4;
         }
-        XMEMSET(regs->reg_data, 0, len);
+        XMEMSET(regs->reg_data, 0, sizeof(regs->reg_data));
         /* Pack value into reg_data (little-endian, matching TIS spec) */
         if (len >= 1) regs->reg_data[0] = (BYTE)(val);
         if (len >= 2) regs->reg_data[1] = (BYTE)(val >> 8);

src/tpm2_wrap.c

@@ -1705,10 +1705,10 @@ int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index,
         XMEMCPY(session->auth.buffer, auth->buffer, session->auth.size);
     }
     if (name) {
-        if (name->size > sizeof(session->name.name)) {
-            return BUFFER_E;
-        }
         session->name.size = name->size;
+        if (session->name.size > sizeof(session->name.name)) {
+            session->name.size = sizeof(session->name.name);
+        }
         XMEMCPY(session->name.name, name->name, session->name.size);
     }
 

tests/fwtpm_unit_tests.c

@@ -1993,6 +1993,7 @@ static void test_fwtpm_clock_sethal(void)
     printf("Test fwTPM:\tClock HAL:\t\t\tPassed\n");
 }
 
+#ifndef FWTPM_NO_NV
 /* Mock NV HAL backend: 64 KB byte buffer with per-call counters. */
 #define MOCK_NV_SIZE (64 * 1024)
 static byte gMockNvStore[MOCK_NV_SIZE];
@@ -2030,6 +2031,7 @@ static int mock_nv_erase(void* c, word32 off, word32 sz)
     gMockNvErases++;
     return TPM_RC_SUCCESS;
 }
+#endif /* !FWTPM_NO_NV */
 
 /* Register a mock NV HAL before FWTPM_Init and verify that NV writes
  * go to the mock backend rather than the default file. */

wolftpm/fwtpm/fwtpm_crypto.h

@@ -222,6 +222,8 @@ int FwGetRsaHashOid(UINT16 hashAlg);
 int FwImportEccKeyFromDer(const FWTPM_Object* obj, ecc_key* key);
 int FwImportEccPubFromPublic(const TPMT_PUBLIC* pub, ecc_key* key);
 int FwImportEccKey(const FWTPM_Object* obj, ecc_key* key);
+int FwEccSharedPoint(ecc_key* priv, ecc_key* peer,
+    byte* xBuf, word32* xSz, byte* yBuf, word32* ySz);
 #endif /* HAVE_ECC */
 
 /* --- Sign/Verify --- */