Skip to content

Commit 3de7072

Browse files
aidangarskeaidangarske
committed
F-2983 - https://fenrir.wolfssl.com/finding/2983 - Add known-answer unit test for TPM2_KDFe
1 parent bfbd728 commit 3de7072

3 files changed

Lines changed: 59 additions & 1 deletion

File tree

src/tpm2_wrap.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1987,7 +1987,7 @@ int wolfTPM2_Cleanup(WOLFTPM2_DEV* dev)
19871987
/* The KDF for producing a symmetric key.
19881988
* See TPM 2.0 Part 1 specification (11.4.9.3)
19891989
*/
1990-
static int TPM2_KDFe(
1990+
WOLFTPM_TEST_API int TPM2_KDFe(
19911991
TPM_ALG_ID hashAlg, /* IN: hash algorithm used */
19921992
const TPM2B_DATA *Z, /* IN: x coordinate of shared secret */
19931993
const char *label, /* IN: a 0-byte terminated label used in KDF */

tests/unit_tests.c

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -932,6 +932,53 @@ static void test_TPM2_HashNvPublic(void)
932932
#endif
933933
}
934934

935+
/* Known-answer test for TPM2_KDFe (SP800-56A one-step KDF for ECC).
936+
* Reference: independently computed SHA-256(counter || Z || label || U || V)
937+
* with counter starting at 1. */
938+
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC)
939+
static void test_TPM2_KDFe(void)
940+
{
941+
int rc;
942+
TPM2B_DATA Z, partyU, partyV;
943+
byte key[WC_SHA256_DIGEST_SIZE];
944+
int i;
945+
static const byte expectedKey[] = {
946+
0x5e, 0x51, 0xcd, 0x71, 0xd3, 0xe1, 0x58, 0xfc,
947+
0x44, 0xc1, 0x5c, 0x41, 0xac, 0x74, 0x3d, 0xd0,
948+
0x96, 0x91, 0xc8, 0x99, 0x32, 0xe8, 0x38, 0x08,
949+
0xd6, 0x56, 0x35, 0xf2, 0x31, 0xee, 0xba, 0xea
950+
};
951+
952+
/* Z = 0x01..0x20 (32 bytes) */
953+
Z.size = 32;
954+
for (i = 0; i < 32; i++) Z.buffer[i] = (byte)(i + 1);
955+
956+
/* partyU = 0xAA repeated 32 bytes */
957+
partyU.size = 32;
958+
XMEMSET(partyU.buffer, 0xAA, 32);
959+
960+
/* partyV = 0xBB repeated 32 bytes */
961+
partyV.size = 32;
962+
XMEMSET(partyV.buffer, 0xBB, 32);
963+
964+
XMEMSET(key, 0, sizeof(key));
965+
rc = TPM2_KDFe(TPM_ALG_SHA256, &Z, "SECRET", &partyU, &partyV,
966+
key, (UINT32)sizeof(key));
967+
AssertIntEQ(rc, (int)sizeof(key));
968+
AssertIntEQ(0, XMEMCMP(key, expectedKey, sizeof(expectedKey)));
969+
970+
/* Test NULL args */
971+
rc = TPM2_KDFe(TPM_ALG_SHA256, NULL, "SECRET", &partyU, &partyV,
972+
key, sizeof(key));
973+
AssertIntEQ(rc, BAD_FUNC_ARG);
974+
rc = TPM2_KDFe(TPM_ALG_SHA256, &Z, "SECRET", &partyU, &partyV,
975+
NULL, sizeof(key));
976+
AssertIntEQ(rc, BAD_FUNC_ARG);
977+
978+
printf("Test TPM Wrapper:\tKDFe:\t\t\tPassed\n");
979+
}
980+
#endif
981+
935982
static void test_GetAlgId(void)
936983
{
937984
TPM_ALG_ID alg = TPM2_GetAlgId("SHA256");
@@ -1674,6 +1721,9 @@ int unit_tests(int argc, char *argv[])
16741721
test_TPM2_ParamDec_AESCFB_Roundtrip();
16751722
test_TPM2_ParamEncDec_Dispatch_Roundtrip();
16761723
test_TPM2_HashNvPublic();
1724+
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC)
1725+
test_TPM2_KDFe();
1726+
#endif
16771727
test_GetAlgId();
16781728
test_wolfTPM2_ReadPublicKey();
16791729
test_wolfTPM2_CSR();

wolftpm/tpm2_wrap.h

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4522,6 +4522,14 @@ WOLFTPM_API int wolfTPM2_FirmwareUpgradeCancel(WOLFTPM2_DEV* dev);
45224522
#endif /* WOLFTPM_FIRMWARE_UPGRADE */
45234523

45244524

4525+
/* KDFe - exposed for unit testing */
4526+
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC)
4527+
WOLFTPM_TEST_API int TPM2_KDFe(
4528+
TPM_ALG_ID hashAlg, const TPM2B_DATA *Z, const char *label,
4529+
const TPM2B_DATA *partyUInfo, const TPM2B_DATA *partyVInfo,
4530+
BYTE *key, UINT32 keySz);
4531+
#endif
4532+
45254533
#ifdef __cplusplus
45264534
} /* extern "C" */
45274535
#endif

0 commit comments

Comments
 (0)