fwtpm: peer-review batch 4 (polish)

Input validation:
- NV_DefineSpace: validate nvIndex in [NV_INDEX_FIRST, NV_INDEX_LAST]
  and reject reserved TPM_NT values
- DA lockout allow-list: permit GetCapability, SelfTest, GetRandom,
  DictionaryAttackLockReset, StartAuthSession, FlushContext during DA
- KDFa: guard keySz * 8 against overflow
- FwAppendCreationHashAndTicket: bounds check before objName copy

Crypto improvements:
- ConstantCompare: use word32 accumulator instead of byte
- FwDeriveWrapKey: use full parent privKey for HMAC (was truncated to
  32 bytes of predictable DER headers for RSA keys)

Hardening:
- SwTpmConnect: open with O_CLOEXEC|O_NOFOLLOW, verify S_ISCHR
- SwTpmTransmit: partial-write retry loop (matches receive side)
- sigaction for SIGPIPE in fwtpm_io, fwtpm_tis, fwtpm_main
- fwtpm_main: volatile sig_atomic_t for signal flag
- TisShmCleanup: check SEM_FAILED (not just NULL) before sem_close
- fwtpm_io: 30s select() timeout, connection-replace debug logging

Author: dgarske

src/fwtpm/fwtpm_command.c

@@ -9597,6 +9597,22 @@ static TPM_RC FwCmd_NV_DefineSpace(FWTPM_CTX* ctx, TPM2_Packet* cmd,
         }
     }
 
+    /* Validate NV index handle range */
+    if (rc == 0) {
+        UINT32 nvIdx = publicInfo.nvPublic.nvIndex;
+        if (nvIdx < NV_INDEX_FIRST || nvIdx > NV_INDEX_LAST) {
+            rc = TPM_RC_NV_RANGE;
+        }
+    }
+
+    /* Validate NV type (TPM_NT) — reject reserved values */
+    if (rc == 0) {
+        UINT32 nt = (publicInfo.nvPublic.attributes & TPMA_NV_TPM_NT) >> 4;
+        if (nt > TPM_NT_PIN_PASS && nt != TPM_NT_PIN_FAIL) {
+            rc = TPM_RC_ATTRIBUTES;
+        }
+    }
+
     /* Check for duplicate */
     if (rc == 0 && FwFindNvIndex(ctx, publicInfo.nvPublic.nvIndex) != NULL) {
         rc = TPM_RC_NV_DEFINED;
@@ -12557,12 +12573,22 @@ int FWTPM_ProcessCommand(FWTPM_CTX* ctx,
         }
     }
 
-    /* DA lockout check: reject all auth attempts if lockout threshold exceeded */
+    /* DA lockout check: reject auth attempts if lockout threshold exceeded.
+     * Per TPM 2.0 spec, certain commands must still be allowed during lockout
+     * (e.g., GetCapability, DictionaryAttackLockReset for recovery). */
 #ifndef FWTPM_NO_DA
     if (ctx->daFailedTries >= ctx->daMaxTries && ctx->daMaxTries > 0) {
-        *rspSize = FwBuildErrorResponse(rspBuf,
-            TPM_ST_NO_SESSIONS, TPM_RC_LOCKOUT);
-        return TPM_RC_SUCCESS;
+        if (cmdCode != TPM_CC_GetCapability &&
+            cmdCode != TPM_CC_SelfTest &&
+            cmdCode != TPM_CC_GetRandom &&
+            cmdCode != TPM_CC_DictionaryAttackLockReset &&
+            cmdCode != TPM_CC_DictionaryAttackParameters &&
+            cmdCode != TPM_CC_StartAuthSession &&
+            cmdCode != TPM_CC_FlushContext) {
+            *rspSize = FwBuildErrorResponse(rspBuf,
+                TPM_ST_NO_SESSIONS, TPM_RC_LOCKOUT);
+            return TPM_RC_SUCCESS;
+        }
     }
 #endif
 

src/fwtpm/fwtpm_crypto.c

@@ -353,6 +353,9 @@ int FwAppendCreationHashAndTicket(FWTPM_CTX* ctx, TPM2_Packet* rsp,
         ticketDataSz = chSz;
     }
     if (objNameSz > 0) {
+        if (ticketDataSz + objNameSz > (int)sizeof(ticketData)) {
+            return TPM_RC_SIZE;
+        }
         XMEMCPY(ticketData + ticketDataSz, objName, objNameSz);
         ticketDataSz += objNameSz;
     }
@@ -827,10 +830,13 @@ int FwDeriveWrapKey(const FWTPM_Object* parent,
 
     rc = wc_HmacInit(hmac, NULL, INVALID_DEVID);
 
-    /* AES key = HMAC-SHA256(parentPriv, "fwTPM-wrap-key") */
+    /* AES key = HMAC-SHA256(parentPriv, "fwTPM-wrap-key")
+     * Use full parent private key as HMAC key — HMAC handles arbitrary-length
+     * keys via internal hashing. The previous 32-byte truncation used
+     * predictable ASN.1 DER header bytes for RSA keys. */
     if (rc == 0) {
         rc = wc_HmacSetKey(hmac, WC_SHA256, parent->privKey,
-            (parent->privKeySize > 32) ? 32 : parent->privKeySize);
+            parent->privKeySize);
     }
     if (rc == 0) {
         rc = wc_HmacUpdate(hmac, (const byte*)"fwTPM-wrap-key", 14);

src/fwtpm/fwtpm_io.c

@@ -536,7 +536,13 @@ int FWTPM_IO_ServerLoop(FWTPM_CTX* ctx)
 #ifndef _WIN32
     /* Ignore SIGPIPE so write to closed socket returns error instead
      * of killing the process */
-    signal(SIGPIPE, SIG_IGN);
+    {
+        struct sigaction sa;
+        sa.sa_handler = SIG_IGN;
+        sigemptyset(&sa.sa_mask);
+        sa.sa_flags = 0;
+        sigaction(SIGPIPE, &sa, NULL);
+    }
 #endif
 
     /* Multiplexed select loop: handles listen sockets AND active client fds
@@ -562,22 +568,35 @@ int FWTPM_IO_ServerLoop(FWTPM_CTX* ctx)
             if (platFd > maxFd) maxFd = platFd;
         }
 
-        if (select(maxFd + 1, &readFds, NULL, NULL, NULL) < 0) {
-            if (errno == EINTR) {
-                continue;
+        {
+            struct timeval tv;
+            int selRc;
+            tv.tv_sec = 30;
+            tv.tv_usec = 0;
+            selRc = select(maxFd + 1, &readFds, NULL, NULL, &tv);
+            if (selRc < 0) {
+                if (errno == EINTR) {
+                    continue;
+                }
+            #ifdef DEBUG_WOLFTPM
+                printf("fwTPM: select error %d (%s)\n", errno, strerror(errno));
+            #endif
+                rc = TPM_RC_FAILURE;
+                break;
+            }
+            if (selRc == 0) {
+                continue; /* timeout — recheck ctx->running */
             }
-        #ifdef DEBUG_WOLFTPM
-            printf("fwTPM: select error %d (%s)\n", errno, strerror(errno));
-        #endif
-            rc = TPM_RC_FAILURE;
-            break;
         }
 
         /* Accept new platform connection */
         if (FD_ISSET(ctx->io.platListenFd, &readFds)) {
             int newFd = accept(ctx->io.platListenFd, NULL, NULL);
             if (newFd >= 0) {
                 if (platFd >= 0) {
+                #ifdef DEBUG_WOLFTPM
+                    printf("fwTPM: platform connection replaced\n");
+                #endif
                     close(platFd);
                 }
                 platFd = newFd;
@@ -589,6 +608,9 @@ int FWTPM_IO_ServerLoop(FWTPM_CTX* ctx)
             int newFd = accept(ctx->io.listenFd, NULL, NULL);
             if (newFd >= 0) {
                 if (cmdFd >= 0) {
+                #ifdef DEBUG_WOLFTPM
+                    printf("fwTPM: command connection replaced\n");
+                #endif
                     close(cmdFd);
                 }
                 cmdFd = newFd;

src/fwtpm/fwtpm_main.c

@@ -38,12 +38,16 @@
 #include <string.h>
 #include <signal.h>
 
-/* Global context pointer for signal handler */
+/* Global context pointer for signal handler.
+ * Only the volatile flag is set in the handler; actual cleanup
+ * happens in the main loop after the flag is observed. */
+static volatile sig_atomic_t g_terminate = 0;
 static FWTPM_CTX* g_ctx = NULL;
 
 static void sigterm_handler(int sig)
 {
     (void)sig;
+    g_terminate = 1;
     if (g_ctx != NULL) {
         g_ctx->running = 0;
     }
@@ -155,8 +159,14 @@ int main(int argc, char* argv[])
 
     /* Install signal handler for graceful shutdown with NV save */
     g_ctx = &ctx;
-    signal(SIGTERM, sigterm_handler);
-    signal(SIGINT, sigterm_handler);
+    {
+        struct sigaction sa;
+        sa.sa_handler = sigterm_handler;
+        sigemptyset(&sa.sa_mask);
+        sa.sa_flags = 0;
+        sigaction(SIGTERM, &sa, NULL);
+        sigaction(SIGINT, &sa, NULL);
+    }
 
     /* Initialize socket transport */
     rc = FWTPM_IO_Init(&ctx);

src/fwtpm/fwtpm_tis.c

@@ -417,7 +417,13 @@ int FWTPM_TIS_ServerLoop(FWTPM_CTX* ctx)
     ctx->running = 1;
 
 #ifndef _WIN32
-    signal(SIGPIPE, SIG_IGN);
+    {
+        struct sigaction sa;
+        sa.sa_handler = SIG_IGN;
+        sigemptyset(&sa.sa_mask);
+        sa.sa_flags = 0;
+        sigaction(SIGPIPE, &sa, NULL);
+    }
 #endif
 
     printf("fwTPM TIS: Server ready, waiting for register accesses...\n");

src/fwtpm/fwtpm_tis_shm.c

@@ -158,12 +158,12 @@ static void TisShmCleanup(void* ctx)
 {
     FWTPM_TIS_SHM_CTX* shm = (FWTPM_TIS_SHM_CTX*)ctx;
 
-    if (shm->semRsp != NULL) {
+    if (shm->semRsp != NULL && shm->semRsp != SEM_FAILED) {
         sem_close(shm->semRsp);
         sem_unlink(FWTPM_TIS_SEM_RSP);
         shm->semRsp = NULL;
     }
-    if (shm->semCmd != NULL) {
+    if (shm->semCmd != NULL && shm->semCmd != SEM_FAILED) {
         sem_close(shm->semCmd);
         sem_unlink(FWTPM_TIS_SEM_CMD);
         shm->semCmd = NULL;

src/tpm2_crypto.c

@@ -64,13 +64,14 @@ int TPM2_KDFa_ex(
     word32 counter = 0;
     int hLen, copyLen, lLen = 0;
     byte uint32Buf[sizeof(UINT32)];
-    UINT32 sizeInBits = keySz * 8;
+    UINT32 sizeInBits;
     UINT32 pos;
     byte hash[WC_MAX_DIGEST_SIZE];
 
-    if (key == NULL) {
+    if (key == NULL || keySz > (0xFFFFFFFFUL / 8)) {
         return BAD_FUNC_ARG;
     }
+    sizeInBits = keySz * 8;
 
     hashType = TPM2_GetHashType(hashAlg);
     if (hashType == (int)WC_HASH_TYPE_NONE) {

src/tpm2_swtpm.c

@@ -64,6 +64,7 @@
 #ifdef WOLFTPM_SWTPM_UART
 #include <fcntl.h>
 #include <termios.h>
+#include <sys/stat.h>
 #endif
 
 #include <wolftpm/tpm2_socket.h>
@@ -99,17 +100,23 @@ static TPM_RC SwTpmTransmit(TPM2_CTX* ctx, const void* buffer, ssize_t bufSz)
         return BAD_FUNC_ARG;
     }
 
-    wrc = write(ctx->tcpCtx.fd, buffer, bufSz);
-    if (bufSz != wrc) {
-        rc = TPM_RC_FAILURE;
-    }
-
-#ifdef WOLFTPM_DEBUG_VERBOSE
-    if (wrc < 0) {
-        printf("Failed to send the TPM command to fd %d, got errno %d ="
-               "%s\n", ctx->tcpCtx.fd, errno, strerror(errno));
+    {
+        const char* ptr = (const char*)buffer;
+        int remaining = bufSz;
+        while (remaining > 0) {
+            wrc = write(ctx->tcpCtx.fd, ptr, remaining);
+            if (wrc <= 0) {
+            #ifdef WOLFTPM_DEBUG_VERBOSE
+                printf("Failed to send the TPM command to fd %d, got errno %d ="
+                       "%s\n", ctx->tcpCtx.fd, errno, strerror(errno));
+            #endif
+                rc = TPM_RC_FAILURE;
+                break;
+            }
+            remaining -= (int)wrc;
+            ptr += wrc;
+        }
     }
-#endif
 
     return rc;
 }
@@ -170,13 +177,21 @@ static TPM_RC SwTpmConnect(TPM2_CTX* ctx, const char* host, const char* port)
     /* Note: TPM2_SWTPM_HOST env var is checked by caller
      * (TPM2_SWTPM_SendCommand) before invoking SwTpmConnect */
 
-    fd = open(host, O_RDWR | O_NOCTTY);
+    fd = open(host, O_RDWR | O_NOCTTY | O_CLOEXEC | O_NOFOLLOW);
     if (fd < 0) {
     #ifdef DEBUG_WOLFTPM
         printf("Failed to open UART device %s: %s\n", host, strerror(errno));
     #endif
         return TPM_RC_FAILURE;
     }
+    /* Verify the opened path is a character device */
+    {
+        struct stat st;
+        if (fstat(fd, &st) != 0 || !S_ISCHR(st.st_mode)) {
+            close(fd);
+            return TPM_RC_FAILURE;
+        }
+    }
 
     /* Configure serial port: 8N1, raw mode, no flow control */
     XMEMSET(&tty, 0, sizeof(tty));

src/tpm2_util.c

@@ -97,11 +97,11 @@ int TPM2_GetHashType(TPMI_ALG_HASH hashAlg)
 int TPM2_ConstantCompare(const byte* a, const byte* b, word32 len)
 {
     word32 i;
-    volatile byte result = 0;
+    volatile word32 result = 0;
     for (i = 0; i < len; i++) {
-        result |= a[i] ^ b[i];
+        result |= (word32)(a[i] ^ b[i]);
     }
-    return (int)result;
+    return (result != 0) ? 1 : 0;
 }
 
 /* This routine fills the first len bytes of the memory area pointed by mem