@@ -825,6 +825,68 @@ static void test_TPM2_ParamDec_AESCFB_Roundtrip(void)
825825#endif
826826}
827827
828+ /* Test dispatch-level CmdRequest/CmdResponse nonce mapping.
829+ * Command direction: host encrypts with KDFa(nonceCaller, nonceTPM).
830+ * Response direction: TPM encrypts with KDFa(nonceTPM, nonceCaller),
831+ * so host decryption (CmdResponse) must derive the same key.
832+ * We simulate the TPM's response encryption using the standalone function
833+ * with the response-direction nonce order, then verify CmdResponse decrypts. */
834+ static void test_TPM2_ParamEncDec_Dispatch_Roundtrip (void )
835+ {
836+ #if !defined(WOLFTPM2_NO_WOLFCRYPT ) && defined(WOLFSSL_AES_CFB )
837+ int rc ;
838+ TPM2_AUTH_SESSION session ;
839+ const byte original [] = "Dispatch-level param enc/dec roundtrip test data" ;
840+ byte data [sizeof (original )];
841+
842+ /* Set up session with distinct nonces to catch any swap mutation */
843+ XMEMSET (& session , 0 , sizeof (session ));
844+ session .authHash = TPM_ALG_SHA256 ;
845+ session .symmetric .algorithm = TPM_ALG_AES ;
846+ session .symmetric .keyBits .aes = MAX_AES_KEY_BITS ;
847+ session .symmetric .mode .aes = TPM_ALG_CFB ;
848+
849+ session .auth .size = TPM_SHA256_DIGEST_SIZE ;
850+ XMEMSET (session .auth .buffer , 0xAA , session .auth .size );
851+
852+ session .nonceCaller .size = TPM_SHA256_DIGEST_SIZE ;
853+ XMEMSET (session .nonceCaller .buffer , 0x11 , session .nonceCaller .size );
854+ session .nonceTPM .size = TPM_SHA256_DIGEST_SIZE ;
855+ XMEMSET (session .nonceTPM .buffer , 0x22 , session .nonceTPM .size );
856+
857+ XMEMCPY (data , original , sizeof (original ));
858+
859+ /* Test 1: Command direction — CmdRequest enc, TPM-side dec recovers.
860+ * Simulate TPM decryption with standalone dec using command-direction
861+ * nonce order: KDFa(nonceCaller, nonceTPM) */
862+ rc = TPM2_ParamEnc_CmdRequest (& session , data , sizeof (data ));
863+ AssertIntEQ (TPM_RC_SUCCESS , rc );
864+ AssertIntNE (0 , XMEMCMP (data , original , sizeof (original )));
865+
866+ rc = TPM2_ParamDec_AESCFB (& session , & session .auth , NULL ,
867+ & session .nonceTPM , & session .nonceCaller , data , sizeof (data ));
868+ AssertIntEQ (TPM_RC_SUCCESS , rc );
869+ AssertIntEQ (0 , XMEMCMP (data , original , sizeof (original )));
870+
871+ /* Test 2: Response direction — TPM-side enc, CmdResponse dec recovers.
872+ * Simulate TPM encrypting a response with response-direction nonce order:
873+ * KDFa(nonceTPM, nonceCaller) */
874+ XMEMCPY (data , original , sizeof (original ));
875+ rc = TPM2_ParamEnc_AESCFB (& session , & session .auth , NULL ,
876+ & session .nonceTPM , & session .nonceCaller , data , sizeof (data ));
877+ AssertIntEQ (TPM_RC_SUCCESS , rc );
878+ AssertIntNE (0 , XMEMCMP (data , original , sizeof (original )));
879+
880+ rc = TPM2_ParamDec_CmdResponse (& session , data , sizeof (data ));
881+ AssertIntEQ (TPM_RC_SUCCESS , rc );
882+ AssertIntEQ (0 , XMEMCMP (data , original , sizeof (original )));
883+
884+ printf ("Test TPM Wrapper:\tParamEncDec_Dispatch:\tPassed\n" );
885+ #else
886+ printf ("Test TPM Wrapper:\tParamEncDec_Dispatch:\tSkipped\n" );
887+ #endif
888+ }
889+
828890static void test_GetAlgId (void )
829891{
830892 TPM_ALG_ID alg = TPM2_GetAlgId ("SHA256" );
@@ -1565,6 +1627,7 @@ int unit_tests(int argc, char *argv[])
15651627 test_TPM2_ParamEnc_AESCFB_Vector ();
15661628 test_TPM2_ParamDec_XOR_Roundtrip ();
15671629 test_TPM2_ParamDec_AESCFB_Roundtrip ();
1630+ test_TPM2_ParamEncDec_Dispatch_Roundtrip ();
15681631 test_GetAlgId ();
15691632 test_wolfTPM2_ReadPublicKey ();
15701633 test_wolfTPM2_CSR ();
0 commit comments