Skip to content

Commit c02fb0d

Browse files
committed
F-2987 - https://fenrir.wolfssl.com/finding/2987 - Fix ECC ECDAA scheme serialization missing count field, RSA RSAES spurious hashAlg, and TPM2_Sign ECDAA count
1 parent 9a0cb66 commit c02fb0d

4 files changed

Lines changed: 89 additions & 10 deletions

File tree

src/tpm2.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3689,6 +3689,10 @@ TPM_RC TPM2_Sign(Sign_In* in, Sign_Out* out)
36893689
TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
36903690
if (in->inScheme.scheme != TPM_ALG_NULL) {
36913691
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
3692+
if (in->inScheme.scheme == TPM_ALG_ECDAA) {
3693+
TPM2_Packet_AppendU16(&packet,
3694+
in->inScheme.details.ecdaa.count);
3695+
}
36923696
}
36933697

36943698
TPM2_Packet_AppendU16(&packet, in->validation.tag);

src/tpm2_packet.c

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -519,26 +519,36 @@ void TPM2_Packet_ParseSymmetric(TPM2_Packet* packet, TPMT_SYM_DEF* symmetric)
519519
void TPM2_Packet_AppendEccScheme(TPM2_Packet* packet, TPMT_SIG_SCHEME* scheme)
520520
{
521521
TPM2_Packet_AppendU16(packet, scheme->scheme);
522-
if (scheme->scheme != TPM_ALG_NULL)
522+
if (scheme->scheme != TPM_ALG_NULL) {
523523
TPM2_Packet_AppendU16(packet, scheme->details.any.hashAlg);
524+
if (scheme->scheme == TPM_ALG_ECDAA) {
525+
TPM2_Packet_AppendU16(packet, scheme->details.ecdaa.count);
526+
}
527+
}
524528
}
525529
void TPM2_Packet_ParseEccScheme(TPM2_Packet* packet, TPMT_SIG_SCHEME* scheme)
526530
{
527531
TPM2_Packet_ParseU16(packet, &scheme->scheme);
528-
if (scheme->scheme != TPM_ALG_NULL)
532+
if (scheme->scheme != TPM_ALG_NULL) {
529533
TPM2_Packet_ParseU16(packet, &scheme->details.any.hashAlg);
534+
if (scheme->scheme == TPM_ALG_ECDAA) {
535+
TPM2_Packet_ParseU16(packet, &scheme->details.ecdaa.count);
536+
}
537+
}
530538
}
531539

532540
void TPM2_Packet_AppendRsaScheme(TPM2_Packet* packet, TPMT_RSA_SCHEME* scheme)
533541
{
534542
TPM2_Packet_AppendU16(packet, scheme->scheme);
535-
if (scheme->scheme != TPM_ALG_NULL)
543+
if (scheme->scheme != TPM_ALG_NULL &&
544+
scheme->scheme != TPM_ALG_RSAES)
536545
TPM2_Packet_AppendU16(packet, scheme->details.anySig.hashAlg);
537546
}
538547
void TPM2_Packet_ParseRsaScheme(TPM2_Packet* packet, TPMT_RSA_SCHEME* scheme)
539548
{
540549
TPM2_Packet_ParseU16(packet, &scheme->scheme);
541-
if (scheme->scheme != TPM_ALG_NULL)
550+
if (scheme->scheme != TPM_ALG_NULL &&
551+
scheme->scheme != TPM_ALG_RSAES)
542552
TPM2_Packet_ParseU16(packet, &scheme->details.anySig.hashAlg);
543553
}
544554

@@ -571,13 +581,15 @@ void TPM2_Packet_ParseKdfScheme(TPM2_Packet* packet, TPMT_KDF_SCHEME* scheme)
571581
void TPM2_Packet_AppendAsymScheme(TPM2_Packet* packet, TPMT_ASYM_SCHEME* scheme)
572582
{
573583
TPM2_Packet_AppendU16(packet, scheme->scheme);
574-
if (scheme->scheme != TPM_ALG_NULL)
584+
if (scheme->scheme != TPM_ALG_NULL &&
585+
scheme->scheme != TPM_ALG_RSAES)
575586
TPM2_Packet_AppendU16(packet, scheme->details.anySig.hashAlg);
576587
}
577588
void TPM2_Packet_ParseAsymScheme(TPM2_Packet* packet, TPMT_ASYM_SCHEME* scheme)
578589
{
579590
TPM2_Packet_ParseU16(packet, &scheme->scheme);
580-
if (scheme->scheme != TPM_ALG_NULL)
591+
if (scheme->scheme != TPM_ALG_NULL &&
592+
scheme->scheme != TPM_ALG_RSAES)
581593
TPM2_Packet_ParseU16(packet, &scheme->details.anySig.hashAlg);
582594
}
583595

tests/unit_tests.c

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1034,6 +1034,68 @@ static void test_wolfTPM2_ComputeName(void)
10341034
}
10351035
#endif
10361036

1037+
/* Test ECC ECDAA scheme serialization roundtrip — verifies count field
1038+
* is preserved, and RSA RSAES scheme produces no spurious hashAlg */
1039+
static void test_TPM2_SchemeSerialize(void)
1040+
{
1041+
TPM2_Packet packet;
1042+
byte buf[256];
1043+
TPMT_SIG_SCHEME eccSchemeIn, eccSchemeOut;
1044+
#ifndef NO_RSA
1045+
TPMT_RSA_SCHEME rsaSchemeIn, rsaSchemeOut;
1046+
#endif
1047+
1048+
/* Test 1: ECDAA scheme roundtrip — count field must survive */
1049+
XMEMSET(&eccSchemeIn, 0, sizeof(eccSchemeIn));
1050+
eccSchemeIn.scheme = TPM_ALG_ECDAA;
1051+
eccSchemeIn.details.ecdaa.hashAlg = TPM_ALG_SHA256;
1052+
eccSchemeIn.details.ecdaa.count = 5;
1053+
1054+
XMEMSET(buf, 0, sizeof(buf));
1055+
XMEMSET(&packet, 0, sizeof(packet));
1056+
packet.buf = buf;
1057+
packet.size = sizeof(buf);
1058+
1059+
TPM2_Packet_AppendEccScheme(&packet, &eccSchemeIn);
1060+
1061+
/* For ECDAA: scheme(2) + hashAlg(2) + count(2) = 6 bytes */
1062+
AssertIntEQ(packet.pos, 6);
1063+
1064+
/* Parse back */
1065+
packet.pos = 0;
1066+
XMEMSET(&eccSchemeOut, 0, sizeof(eccSchemeOut));
1067+
TPM2_Packet_ParseEccScheme(&packet, &eccSchemeOut);
1068+
1069+
AssertIntEQ(eccSchemeOut.scheme, TPM_ALG_ECDAA);
1070+
AssertIntEQ(eccSchemeOut.details.ecdaa.hashAlg, TPM_ALG_SHA256);
1071+
AssertIntEQ(eccSchemeOut.details.ecdaa.count, 5);
1072+
1073+
#ifndef NO_RSA
1074+
/* Test 2: RSAES scheme roundtrip — no hashAlg field (TPMS_EMPTY) */
1075+
XMEMSET(&rsaSchemeIn, 0, sizeof(rsaSchemeIn));
1076+
rsaSchemeIn.scheme = TPM_ALG_RSAES;
1077+
1078+
XMEMSET(buf, 0, sizeof(buf));
1079+
XMEMSET(&packet, 0, sizeof(packet));
1080+
packet.buf = buf;
1081+
packet.size = sizeof(buf);
1082+
1083+
TPM2_Packet_AppendRsaScheme(&packet, &rsaSchemeIn);
1084+
1085+
/* For RSAES: scheme(2) only, no hashAlg */
1086+
AssertIntEQ(packet.pos, 2);
1087+
1088+
/* Parse back */
1089+
packet.pos = 0;
1090+
XMEMSET(&rsaSchemeOut, 0, sizeof(rsaSchemeOut));
1091+
TPM2_Packet_ParseRsaScheme(&packet, &rsaSchemeOut);
1092+
1093+
AssertIntEQ(rsaSchemeOut.scheme, TPM_ALG_RSAES);
1094+
#endif
1095+
1096+
printf("Test TPM Wrapper:\tSchemeSerialize:\t\tPassed\n");
1097+
}
1098+
10371099
static void test_GetAlgId(void)
10381100
{
10391101
TPM_ALG_ID alg = TPM2_GetAlgId("SHA256");
@@ -1780,6 +1842,7 @@ int unit_tests(int argc, char *argv[])
17801842
test_TPM2_KDFe();
17811843
test_wolfTPM2_ComputeName();
17821844
#endif
1845+
test_TPM2_SchemeSerialize();
17831846
test_GetAlgId();
17841847
test_wolfTPM2_ReadPublicKey();
17851848
test_wolfTPM2_CSR();

wolftpm/tpm2_packet.h

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -155,10 +155,10 @@ WOLFTPM_LOCAL void TPM2_Packet_AppendPCR(TPM2_Packet* packet, TPML_PCR_SELECTION
155155
WOLFTPM_LOCAL void TPM2_Packet_ParsePCR(TPM2_Packet* packet, TPML_PCR_SELECTION* pcr);
156156
WOLFTPM_LOCAL void TPM2_Packet_AppendSymmetric(TPM2_Packet* packet, TPMT_SYM_DEF* symmetric);
157157
WOLFTPM_LOCAL void TPM2_Packet_ParseSymmetric(TPM2_Packet* packet, TPMT_SYM_DEF* symmetric);
158-
WOLFTPM_LOCAL void TPM2_Packet_AppendEccScheme(TPM2_Packet* packet, TPMT_SIG_SCHEME* scheme);
159-
WOLFTPM_LOCAL void TPM2_Packet_ParseEccScheme(TPM2_Packet* packet, TPMT_SIG_SCHEME* scheme);
160-
WOLFTPM_LOCAL void TPM2_Packet_AppendRsaScheme(TPM2_Packet* packet, TPMT_RSA_SCHEME* scheme);
161-
WOLFTPM_LOCAL void TPM2_Packet_ParseRsaScheme(TPM2_Packet* packet, TPMT_RSA_SCHEME* scheme);
158+
WOLFTPM_TEST_API void TPM2_Packet_AppendEccScheme(TPM2_Packet* packet, TPMT_SIG_SCHEME* scheme);
159+
WOLFTPM_TEST_API void TPM2_Packet_ParseEccScheme(TPM2_Packet* packet, TPMT_SIG_SCHEME* scheme);
160+
WOLFTPM_TEST_API void TPM2_Packet_AppendRsaScheme(TPM2_Packet* packet, TPMT_RSA_SCHEME* scheme);
161+
WOLFTPM_TEST_API void TPM2_Packet_ParseRsaScheme(TPM2_Packet* packet, TPMT_RSA_SCHEME* scheme);
162162
WOLFTPM_LOCAL void TPM2_Packet_AppendKeyedHashScheme(TPM2_Packet* packet, TPMT_KEYEDHASH_SCHEME* scheme);
163163
WOLFTPM_LOCAL void TPM2_Packet_ParseKeyedHashScheme(TPM2_Packet* packet, TPMT_KEYEDHASH_SCHEME* scheme);
164164
WOLFTPM_LOCAL void TPM2_Packet_AppendKdfScheme(TPM2_Packet* packet, TPMT_KDF_SCHEME* scheme);

0 commit comments

Comments
 (0)