Skip to content

Commit 373845a

Browse files
aidangarskeaidangarske
committed
F-2984 - https://fenrir.wolfssl.com/finding/2984 - Add boundary validation tests for CreateKeySeal_ex and LoadKeyedHashKey
1 parent f567d36 commit 373845a

File tree

1 file changed

+57
-0
lines changed

1 file changed

+57
-0
lines changed

tests/unit_tests.c

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1419,6 +1419,62 @@ static void test_KeySealTemplate(void)
14191419
printf("Test TPM Wrapper:\tKeySealTemplate:\t\tPassed\n");
14201420
}
14211421

1422+
/* Test boundary validation for seal size and keyed hash key size */
1423+
static void test_SealAndKeyedHash_Boundaries(void)
1424+
{
1425+
int rc;
1426+
WOLFTPM2_DEV dev;
1427+
WOLFTPM2_KEYBLOB keyBlob;
1428+
WOLFTPM2_KEY key;
1429+
WOLFTPM2_HANDLE parent;
1430+
TPMT_PUBLIC tmpl;
1431+
byte data[MAX_SYM_DATA + 1];
1432+
1433+
XMEMSET(&dev, 0, sizeof(dev));
1434+
XMEMSET(&keyBlob, 0, sizeof(keyBlob));
1435+
XMEMSET(&key, 0, sizeof(key));
1436+
XMEMSET(&parent, 0, sizeof(parent));
1437+
XMEMSET(&tmpl, 0, sizeof(tmpl));
1438+
XMEMSET(data, 0xAA, sizeof(data));
1439+
1440+
/* NULL arg checks */
1441+
rc = wolfTPM2_CreateKeySeal_ex(NULL, &keyBlob, &parent, &tmpl,
1442+
NULL, 0, TPM_ALG_NULL, NULL, 0, data, 1);
1443+
AssertIntEQ(rc, BAD_FUNC_ARG);
1444+
1445+
/* sealSize = MAX_SYM_DATA+1 (129) must be rejected */
1446+
rc = wolfTPM2_CreateKeySeal_ex(&dev, &keyBlob, &parent, &tmpl,
1447+
NULL, 0, TPM_ALG_NULL, NULL, 0, data, MAX_SYM_DATA + 1);
1448+
AssertIntEQ(rc, BAD_FUNC_ARG);
1449+
1450+
/* sealSize = -1 must be rejected */
1451+
rc = wolfTPM2_CreateKeySeal_ex(&dev, &keyBlob, &parent, &tmpl,
1452+
NULL, 0, TPM_ALG_NULL, NULL, 0, data, -1);
1453+
AssertIntEQ(rc, BAD_FUNC_ARG);
1454+
1455+
/* sealSize > 0 with NULL sealData must be rejected */
1456+
rc = wolfTPM2_CreateKeySeal_ex(&dev, &keyBlob, &parent, &tmpl,
1457+
NULL, 0, TPM_ALG_NULL, NULL, 0, NULL, 1);
1458+
AssertIntEQ(rc, BAD_FUNC_ARG);
1459+
1460+
/* keySz = MAX_SYM_DATA+1 (129) must be rejected */
1461+
rc = wolfTPM2_LoadKeyedHashKey(&dev, &key, &parent,
1462+
TPM_ALG_SHA256, data, MAX_SYM_DATA + 1, NULL, 0);
1463+
AssertIntEQ(rc, BUFFER_E);
1464+
1465+
/* keySz = 0 must be rejected */
1466+
rc = wolfTPM2_LoadKeyedHashKey(&dev, &key, &parent,
1467+
TPM_ALG_SHA256, data, 0, NULL, 0);
1468+
AssertIntEQ(rc, BUFFER_E);
1469+
1470+
/* NULL keyBuf must be rejected */
1471+
rc = wolfTPM2_LoadKeyedHashKey(&dev, &key, &parent,
1472+
TPM_ALG_SHA256, NULL, MAX_SYM_DATA, NULL, 0);
1473+
AssertIntEQ(rc, BAD_FUNC_ARG);
1474+
1475+
printf("Test TPM Wrapper:\tSealKeyedHash Boundary:\t\tPassed\n");
1476+
}
1477+
14221478
static void test_GetAlgId(void)
14231479
{
14241480
TPM_ALG_ID alg = TPM2_GetAlgId("SHA256");
@@ -2172,6 +2228,7 @@ int unit_tests(int argc, char *argv[])
21722228
#endif
21732229
test_TPM2_SchemeSerialize();
21742230
test_KeySealTemplate();
2231+
test_SealAndKeyedHash_Boundaries();
21752232
test_GetAlgId();
21762233
test_wolfTPM2_ReadPublicKey();
21772234
test_wolfTPM2_CSR();

0 commit comments

Comments
 (0)