Skip to content

Commit b5255c3

Browse files
committed
F-2504 - https://fenrir.wolfssl.com/finding/2504 - Restore auth zero-padding in wolfTPM2_CreatePrimaryKey_ex and add matching padding to wolfTPM2_CreateKey and wolfTPM2_CreateLoadedKey for consistent auth handling
1 parent da46003 commit b5255c3

File tree

1 file changed

+51
-9
lines changed

1 file changed

+51
-9
lines changed

src/tpm2_wrap.c

Lines changed: 51 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2593,11 +2593,25 @@ int wolfTPM2_CreatePrimaryKey_ex(WOLFTPM2_DEV* dev, WOLFTPM2_PKEY* pkey,
25932593
createPriIn.primaryHandle = primaryHandle;
25942594
if (auth && authSz > 0) {
25952595
TPM2B_AUTH* createPriAuth = &createPriIn.inSensitive.sensitive.userAuth;
2596-
if (authSz > (int)sizeof(createPriAuth->buffer)) {
2597-
return BUFFER_E;
2596+
int nameAlgDigestSz = TPM2_GetHashDigestSize(publicTemplate->nameAlg);
2597+
if (nameAlgDigestSz > 0) {
2598+
if (authSz > nameAlgDigestSz) {
2599+
authSz = nameAlgDigestSz;
2600+
}
2601+
XMEMCPY(createPriAuth->buffer, auth, authSz);
2602+
if (authSz < nameAlgDigestSz) {
2603+
XMEMSET(createPriAuth->buffer + authSz, 0,
2604+
nameAlgDigestSz - authSz);
2605+
authSz = nameAlgDigestSz;
2606+
}
2607+
}
2608+
else {
2609+
if (authSz > (int)sizeof(createPriAuth->buffer)) {
2610+
return BUFFER_E;
2611+
}
2612+
XMEMCPY(createPriAuth->buffer, auth, authSz);
25982613
}
25992614
createPriAuth->size = authSz;
2600-
XMEMCPY(createPriAuth->buffer, auth, authSz);
26012615
}
26022616
XMEMCPY(&createPriIn.inPublic.publicArea, publicTemplate,
26032617
sizeof(TPMT_PUBLIC));
@@ -2754,11 +2768,25 @@ int wolfTPM2_CreateKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEYBLOB* keyBlob,
27542768
createIn.parentHandle = parent->hndl;
27552769
if (auth) {
27562770
TPM2B_AUTH* pAuth = &createIn.inSensitive.sensitive.userAuth;
2757-
if (authSz > (int)sizeof(pAuth->buffer)) {
2758-
return BUFFER_E;
2771+
int nameAlgDigestSz = TPM2_GetHashDigestSize(publicTemplate->nameAlg);
2772+
if (nameAlgDigestSz > 0) {
2773+
if (authSz > nameAlgDigestSz) {
2774+
authSz = nameAlgDigestSz;
2775+
}
2776+
XMEMCPY(pAuth->buffer, auth, authSz);
2777+
if (authSz < nameAlgDigestSz) {
2778+
XMEMSET(pAuth->buffer + authSz, 0,
2779+
nameAlgDigestSz - authSz);
2780+
authSz = nameAlgDigestSz;
2781+
}
2782+
}
2783+
else {
2784+
if (authSz > (int)sizeof(pAuth->buffer)) {
2785+
return BUFFER_E;
2786+
}
2787+
XMEMCPY(pAuth->buffer, auth, authSz);
27592788
}
27602789
pAuth->size = (UINT16)authSz;
2761-
XMEMCPY(pAuth->buffer, auth, (size_t)authSz);
27622790
}
27632791
wolfTPM2_CopyPubT(&createIn.inPublic.publicArea, publicTemplate);
27642792

@@ -2876,11 +2904,25 @@ int wolfTPM2_CreateLoadedKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEYBLOB* keyBlob,
28762904
createLoadedIn.parentHandle = parent->hndl;
28772905
if (auth) {
28782906
TPM2B_AUTH* pAuth = &createLoadedIn.inSensitive.sensitive.userAuth;
2879-
if (authSz > (int)sizeof(pAuth->buffer)) {
2880-
return BUFFER_E;
2907+
int nameAlgDigestSz = TPM2_GetHashDigestSize(publicTemplate->nameAlg);
2908+
if (nameAlgDigestSz > 0) {
2909+
if (authSz > nameAlgDigestSz) {
2910+
authSz = nameAlgDigestSz;
2911+
}
2912+
XMEMCPY(pAuth->buffer, auth, authSz);
2913+
if (authSz < nameAlgDigestSz) {
2914+
XMEMSET(pAuth->buffer + authSz, 0,
2915+
nameAlgDigestSz - authSz);
2916+
authSz = nameAlgDigestSz;
2917+
}
2918+
}
2919+
else {
2920+
if (authSz > (int)sizeof(pAuth->buffer)) {
2921+
return BUFFER_E;
2922+
}
2923+
XMEMCPY(pAuth->buffer, auth, authSz);
28812924
}
28822925
pAuth->size = (UINT16)authSz;
2883-
XMEMCPY(pAuth->buffer, auth, (size_t)authSz);
28842926
}
28852927
XMEMCPY(&createLoadedIn.inPublic.publicArea, publicTemplate,
28862928
sizeof(TPMT_PUBLIC));

0 commit comments

Comments
 (0)