Skip to content

Commit 9ee1722

Browse files
committed
Address Fenrir feedback: tighten ZGen_2Phase size check and document env-var override risk
1 parent 3eec46e commit 9ee1722

2 files changed

Lines changed: 21 additions & 3 deletions

File tree

docs/SWTPM.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,15 @@ Build Options:
5353

5454
The UART transport uses the same mssim protocol as the socket transport. The serial port is configured as 8N1 raw mode with no flow control. Unlike the socket transport, the serial port file descriptor is kept open across commands (no reconnect per command).
5555

56+
#### Security note: environment variable override
57+
58+
The `TPM2_SWTPM_HOST` environment variable is a development convenience that overrides the compile-time serial device path. On systems where untrusted local users share the environment with the TPM client, an attacker could redirect TPM I/O to a rogue device (e.g. a PTY they control). For production / hardened deployments:
59+
60+
* Unset `TPM2_SWTPM_HOST` in the process environment, and
61+
* Rely on the compile-time default (set via `TPM2_SWTPM_HOST` as a build `-D` macro) to pin the serial path.
62+
63+
The same guidance applies to `TPM2_SWTPM_PORT` (baud rate) and, for the socket transport, to using the env var to redirect the TCP host.
64+
5665
### Example: wolfTPM fwTPM on STM32H5
5766

5867
The wolfTPM project includes a firmware TPM server port for STM32 Cortex-M33 targets with TrustZone support. See [wolftpm-examples/STM32/fwtpm-stm32h5](https://github.com/wolfSSL/wolftpm-examples/pull/1) for build, flash, and test instructions.

examples/native/native_test.c

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1171,11 +1171,20 @@ int TPM2_Native_TestArgs(void* userCtx, int argc, char *argv[])
11711171
cmdIn.zgen2.counter = cmdOut.ecEph.counter;
11721172
rc = TPM2_ZGen_2Phase(&cmdIn.zgen2, &cmdOut.zgen2);
11731173
if (rc == TPM_RC_SUCCESS) {
1174+
/* For the P-256 curve configured above (TPM_ECC_NIST_P256),
1175+
* each Z output is the x-coordinate of the shared point, so
1176+
* its size must equal the curve byte length (32). A mutant
1177+
* that returns any non-zero-sized output would otherwise
1178+
* slip past a plain non-empty check. */
1179+
const int expectedZSz = 32; /* P-256 coordinate size */
11741180
printf("TPM2_ZGen_2Phase: outZ1 %d, outZ2 %d\n",
11751181
cmdOut.zgen2.outZ1.size, cmdOut.zgen2.outZ2.size);
1176-
if (cmdOut.zgen2.outZ1.size == 0 ||
1177-
cmdOut.zgen2.outZ2.size == 0) {
1178-
printf("TPM2_ZGen_2Phase: FAIL (empty output)\n");
1182+
if (cmdOut.zgen2.outZ1.size != expectedZSz ||
1183+
cmdOut.zgen2.outZ2.size != expectedZSz) {
1184+
printf("TPM2_ZGen_2Phase: FAIL (expected Z size %d, "
1185+
"got outZ1=%d outZ2=%d)\n",
1186+
expectedZSz,
1187+
cmdOut.zgen2.outZ1.size, cmdOut.zgen2.outZ2.size);
11791188
rc = -1;
11801189
goto exit;
11811190
}

0 commit comments

Comments
 (0)