- Fixed SPDM cleartext fallback in TPM2_SendCommand(): positive error codes from SPDM now return immediately

  instead of falling through to cleartext retry
  - Fixed same SPDM cleartext fallback in TPM2_SendCommandAuth(): same pattern applied
  - Added VdCode validation in wolfTPM2_SPDM_SecuredExchange(): verifies response matches expected TPM2_CMD
  vendor code before accepting payload

Author: aidangarske

src/tpm2.c

@@ -497,7 +497,11 @@ static TPM_RC TPM2_SendCommandAuth(TPM2_CTX* ctx, TPM2_Packet* packet,
     /* submit command and wait for response */
 #ifdef WOLFTPM_SPDM
     rc = TPM2_SPDM_SendCommand(ctx, packet);
-    if (rc < 0) /* SPDM not active, use normal transport */
+    if (rc >= 0) {
+        if (rc != TPM_RC_SUCCESS)
+            return rc; /* SPDM active but failed, do not retry cleartext */
+    }
+    else /* rc < 0: SPDM not active, use normal transport */
 #endif
     {
         rc = (TPM_RC)INTERNAL_SEND_COMMAND(ctx, packet);
@@ -533,8 +537,11 @@ static TPM_RC TPM2_SendCommand(TPM2_CTX* ctx, TPM2_Packet* packet)
 
 #ifdef WOLFTPM_SPDM
     rc = TPM2_SPDM_SendCommand(ctx, packet);
-    if (rc == TPM_RC_SUCCESS)
+    if (rc >= 0) {
+        if (rc != TPM_RC_SUCCESS)
+            return rc; /* SPDM active but failed, do not retry cleartext */
         return TPM2_Packet_Parse(rc, packet);
+    }
     /* rc < 0 means SPDM not active, fall through to normal transport */
 #endif
 

src/tpm2_spdm.c

@@ -245,6 +245,12 @@ int wolfTPM2_SPDM_SecuredExchange(
             return rc;
         }
 
+        /* Verify response is for our TPM2_CMD request */
+        if (XMEMCMP(rspVdCode, WOLFSPDM_VDCODE_TPM2_CMD,
+                     WOLFSPDM_VDCODE_LEN) != 0) {
+            return WOLFSPDM_E_PEER_ERROR;
+        }
+
         return TPM_RC_SUCCESS;
     }
 #endif /* WOLFTPM_SPDM_TCG */