Skip to content

Commit 4556395

Browse files
dgarskedgarske
authored
Merge pull request #480 from aidangarske/fenrir-fixes-5
Test Mutations, Unit tests, ForceZero Unification, and Fixes for wolfTPM
2 parents 5e0f300 + 06dbea6 commit 4556395

File tree

6 files changed

+491
-75
lines changed

6 files changed

+491
-75
lines changed

src/tpm2.c

Lines changed: 42 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -233,9 +233,11 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
233233
}
234234

235235
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_HMAC)
236-
rc = TPM2_GetName(ctx, handleValue1, info->inHandleCnt, 0, &name1);
237-
rc |= TPM2_GetName(ctx, handleValue2, info->inHandleCnt, 1, &name2);
238-
rc |= TPM2_GetName(ctx, handleValue3, info->inHandleCnt, 2, &name3);
236+
rc = TPM2_GetName(ctx, handleValue1, info->inHandleCnt, 0, &name1);
237+
if (rc == TPM_RC_SUCCESS)
238+
rc = TPM2_GetName(ctx, handleValue2, info->inHandleCnt, 1, &name2);
239+
if (rc == TPM_RC_SUCCESS)
240+
rc = TPM2_GetName(ctx, handleValue3, info->inHandleCnt, 2, &name3);
239241
if (rc != TPM_RC_SUCCESS) {
240242
#ifdef DEBUG_WOLFTPM
241243
printf("Error getting names for cpHash!\n");
@@ -275,18 +277,17 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
275277
/* Update the Auth Area total size in the command packet */
276278
i = TPM2_Packet_PlaceU32(packet, authTotalSzPos);
277279

278-
#ifdef DEBUG_WOLFTPM
279280
if ((int)authSz != i) {
280281
/* actual auth size did not match estimated size from
281282
* TPM2_Packet_AppendAuth */
283+
#ifdef DEBUG_WOLFTPM
282284
printf("Error: Calculated auth size %d did not match actual %d!\n",
283285
authSz, i);
286+
#endif
284287
return BUFFER_E;
285288
}
286-
#endif
287289

288290
(void)cmdCode;
289-
(void)i;
290291

291292
return rc;
292293
}
@@ -2143,9 +2144,8 @@ TPM_RC TPM2_Duplicate(Duplicate_In* in, Duplicate_Out* out)
21432144
TPM2_Packet_AppendBytes(&packet, in->encryptionKeyIn.buffer,
21442145
in->encryptionKeyIn.size);
21452146

2146-
TPM2_Packet_AppendU16(&packet, in->symmetricAlg.algorithm);
2147-
TPM2_Packet_AppendU16(&packet, in->symmetricAlg.keyBits.sym);
2148-
TPM2_Packet_AppendU16(&packet, in->symmetricAlg.mode.sym);
2147+
TPM2_Packet_AppendSymmetric(&packet,
2148+
(TPMT_SYM_DEF*)&in->symmetricAlg);
21492149

21502150
TPM2_Packet_Finalize(&packet, TPM_ST_SESSIONS, TPM_CC_Duplicate);
21512151

@@ -3176,7 +3176,9 @@ TPM_RC TPM2_Certify(Certify_In* in, Certify_Out* out)
31763176
in->qualifyingData.size);
31773177

31783178
TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
3179-
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
3179+
if (in->inScheme.scheme != TPM_ALG_NULL) {
3180+
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
3181+
}
31803182

31813183
TPM2_Packet_Finalize(&packet, TPM_ST_SESSIONS, TPM_CC_Certify);
31823184

@@ -3239,7 +3241,9 @@ TPM_RC TPM2_CertifyCreation(CertifyCreation_In* in, CertifyCreation_Out* out)
32393241
in->creationHash.size);
32403242

32413243
TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
3242-
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
3244+
if (in->inScheme.scheme != TPM_ALG_NULL) {
3245+
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
3246+
}
32433247

32443248
TPM2_Packet_AppendU16(&packet, in->creationTicket.tag);
32453249
TPM2_Packet_AppendU32(&packet, in->creationTicket.hierarchy);
@@ -3304,7 +3308,9 @@ TPM_RC TPM2_Quote(Quote_In* in, Quote_Out* out)
33043308
in->qualifyingData.size);
33053309

33063310
TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
3307-
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
3311+
if (in->inScheme.scheme != TPM_ALG_NULL) {
3312+
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
3313+
}
33083314

33093315
TPM2_Packet_AppendPCR(&packet, &in->PCRselect);
33103316

@@ -3368,7 +3374,9 @@ TPM_RC TPM2_GetSessionAuditDigest(GetSessionAuditDigest_In* in,
33683374
in->qualifyingData.size);
33693375

33703376
TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
3371-
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
3377+
if (in->inScheme.scheme != TPM_ALG_NULL) {
3378+
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
3379+
}
33723380

33733381
TPM2_Packet_Finalize(&packet, TPM_ST_SESSIONS,
33743382
TPM_CC_GetSessionAuditDigest);
@@ -3430,7 +3438,9 @@ TPM_RC TPM2_GetCommandAuditDigest(GetCommandAuditDigest_In* in,
34303438
in->qualifyingData.size);
34313439

34323440
TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
3433-
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
3441+
if (in->inScheme.scheme != TPM_ALG_NULL) {
3442+
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
3443+
}
34343444

34353445
TPM2_Packet_Finalize(&packet, TPM_ST_SESSIONS,
34363446
TPM_CC_GetCommandAuditDigest);
@@ -3491,7 +3501,9 @@ TPM_RC TPM2_GetTime(GetTime_In* in, GetTime_Out* out)
34913501
in->qualifyingData.size);
34923502

34933503
TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
3494-
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
3504+
if (in->inScheme.scheme != TPM_ALG_NULL) {
3505+
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
3506+
}
34953507

34963508
TPM2_Packet_Finalize(&packet, TPM_ST_SESSIONS, TPM_CC_GetTime);
34973509

@@ -3616,6 +3628,7 @@ TPM_RC TPM2_VerifySignature(VerifySignature_In* in,
36163628
TPM_RC rc;
36173629
TPM2_CTX* ctx = TPM2_GetActiveCtx();
36183630
TPM_ST st;
3631+
UINT16 wireSize = 0;
36193632

36203633
if (ctx == NULL || in == NULL || out == NULL)
36213634
return BAD_FUNC_ARG;
@@ -3651,10 +3664,20 @@ TPM_RC TPM2_VerifySignature(VerifySignature_In* in,
36513664

36523665
TPM2_Packet_ParseU16(&packet, &out->validation.tag);
36533666
TPM2_Packet_ParseU32(&packet, &out->validation.hierarchy);
3654-
TPM2_Packet_ParseU16(&packet, &out->validation.digest.size);
3667+
3668+
TPM2_Packet_ParseU16(&packet, &wireSize);
3669+
out->validation.digest.size = wireSize;
3670+
if (out->validation.digest.size >
3671+
(UINT16)sizeof(out->validation.digest.buffer)) {
3672+
out->validation.digest.size =
3673+
(UINT16)sizeof(out->validation.digest.buffer);
3674+
}
36553675
TPM2_Packet_ParseBytes(&packet,
36563676
out->validation.digest.buffer,
36573677
out->validation.digest.size);
3678+
if (wireSize > out->validation.digest.size)
3679+
TPM2_Packet_ParseBytes(&packet, NULL,
3680+
wireSize - out->validation.digest.size);
36583681
}
36593682

36603683
TPM2_ReleaseLock(ctx);
@@ -5928,7 +5951,9 @@ TPM_RC TPM2_NV_Certify(NV_Certify_In* in, NV_Certify_Out* out)
59285951
in->qualifyingData.size);
59295952

59305953
TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
5931-
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
5954+
if (in->inScheme.scheme != TPM_ALG_NULL) {
5955+
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
5956+
}
59325957

59335958
TPM2_Packet_AppendU16(&packet, in->size);
59345959
TPM2_Packet_AppendU16(&packet, in->offset);

src/tpm2_asn.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -259,7 +259,7 @@ int TPM2_ASN_DecodeX509Cert(uint8_t* input, int inputSz,
259259

260260
if (rc >= 0) {
261261
/* skip leading zero for bit string */
262-
if (input[idx] == 0x00) {
262+
if (pubkey_len > 0 && input[idx] == 0x00) {
263263
idx++;
264264
pubkey_len--;
265265
}
@@ -293,7 +293,7 @@ int TPM2_ASN_DecodeX509Cert(uint8_t* input, int inputSz,
293293

294294
if (rc >= 0) {
295295
/* skip leading zero for bit string */
296-
if (input[idx] == 0x00) {
296+
if (sig_len > 0 && input[idx] == 0x00) {
297297
idx++;
298298
sig_len--;
299299
}

src/tpm2_cryptocb.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1133,6 +1133,7 @@ int wolfTPM2_PK_RsaPssSign(WOLFSSL* ssl,
11331133
inPad, inPadSz,
11341134
out, (int*)outSz);
11351135
}
1136+
TPM2_ForceZero(inPad, sizeof(inPad));
11361137
}
11371138
wc_FreeRsaKey(&rsapub);
11381139
}

src/tpm2_packet.c

Lines changed: 14 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -433,13 +433,18 @@ void TPM2_Packet_ParseAuth(TPM2_Packet* packet, TPMS_AUTH_RESPONSE* authRsp)
433433
void TPM2_Packet_AppendPCR(TPM2_Packet* packet, TPML_PCR_SELECTION* pcr)
434434
{
435435
int i;
436-
TPM2_Packet_AppendU32(packet, pcr->count);
437-
for (i=0; i<(int)pcr->count; i++) {
436+
UINT32 count = pcr->count;
437+
if (count > HASH_COUNT)
438+
count = HASH_COUNT;
439+
TPM2_Packet_AppendU32(packet, count);
440+
for (i=0; i<(int)count; i++) {
441+
UINT8 selectSz = pcr->pcrSelections[i].sizeofSelect;
442+
if (selectSz > PCR_SELECT_MIN)
443+
selectSz = PCR_SELECT_MIN;
438444
TPM2_Packet_AppendU16(packet, pcr->pcrSelections[i].hash);
439-
TPM2_Packet_AppendU8(packet, pcr->pcrSelections[i].sizeofSelect);
445+
TPM2_Packet_AppendU8(packet, selectSz);
440446
TPM2_Packet_AppendBytes(packet,
441-
pcr->pcrSelections[i].pcrSelect,
442-
pcr->pcrSelections[i].sizeofSelect);
447+
pcr->pcrSelections[i].pcrSelect, selectSz);
443448
}
444449
}
445450
void TPM2_Packet_ParsePCR(TPM2_Packet* packet, TPML_PCR_SELECTION* pcr)
@@ -698,9 +703,8 @@ void TPM2_Packet_AppendPublicParms(TPM2_Packet* packet, TPMI_ALG_PUBLIC type,
698703
TPM2_Packet_AppendKeyedHashScheme(packet, &parameters->keyedHashDetail.scheme);
699704
break;
700705
case TPM_ALG_SYMCIPHER:
701-
TPM2_Packet_AppendU16(packet, parameters->symDetail.sym.algorithm);
702-
TPM2_Packet_AppendU16(packet, parameters->symDetail.sym.keyBits.sym);
703-
TPM2_Packet_AppendU16(packet, parameters->symDetail.sym.mode.sym);
706+
TPM2_Packet_AppendSymmetric(packet,
707+
(TPMT_SYM_DEF*)&parameters->symDetail.sym);
704708
break;
705709
case TPM_ALG_RSA:
706710
TPM2_Packet_AppendSymmetric(packet, &parameters->rsaDetail.symmetric);
@@ -728,9 +732,8 @@ void TPM2_Packet_ParsePublicParms(TPM2_Packet* packet, TPMI_ALG_PUBLIC type,
728732
TPM2_Packet_ParseKeyedHashScheme(packet, &parameters->keyedHashDetail.scheme);
729733
break;
730734
case TPM_ALG_SYMCIPHER:
731-
TPM2_Packet_ParseU16(packet, &parameters->symDetail.sym.algorithm);
732-
TPM2_Packet_ParseU16(packet, &parameters->symDetail.sym.keyBits.sym);
733-
TPM2_Packet_ParseU16(packet, &parameters->symDetail.sym.mode.sym);
735+
TPM2_Packet_ParseSymmetric(packet,
736+
(TPMT_SYM_DEF*)&parameters->symDetail.sym);
734737
break;
735738
case TPM_ALG_RSA:
736739
TPM2_Packet_ParseSymmetric(packet, &parameters->rsaDetail.symmetric);

0 commit comments

Comments
 (0)