Fix skoll review

Author: aidangarske

examples/seal/seal.c

@@ -128,8 +128,6 @@ int TPM2_Seal_Example(void* userCtx, int argc, char *argv[])
     }
 
     wolfTPM2_GetKeyTemplate_KeySeal(&publicTemplate, TPM_ALG_SHA256);
-    /* Allow password based unsealing */
-    publicTemplate.objectAttributes |= TPMA_OBJECT_userWithAuth;
 
     /* set session for authorization key */
     auth.size = (int)sizeof(gKeyAuth)-1;

src/spdm/spdm_psk.c

@@ -356,19 +356,21 @@ int wolfSPDM_ConnectPsk(WOLFSPDM_CTX* ctx)
     wolfSPDM_TranscriptReset(ctx);
 
     /* Step 1: GET_VERSION */
-    SPDM_CONNECT_STEP(ctx, "PSK Step 1: GET_VERSION\n",
-        wolfSPDM_GetVersion(ctx));
+    wolfSPDM_DebugPrint(ctx, "PSK Step 1: GET_VERSION\n");
+    rc = wolfSPDM_GetVersion(ctx);
 
     /* Steps 2-3: GET_CAPABILITIES + NEGOTIATE_ALGORITHMS
      * Not mandatory for PSK mode per TCG PC Client PSK spec.
      * NS350 supports direct GET_VERSION -> PSK_EXCHANGE. */
 
     /* Step 2: PSK_EXCHANGE / PSK_EXCHANGE_RSP */
-    txSz = sizeof(txBuf);
-    rxSz = sizeof(rxBuf);
+    if (rc == WOLFSPDM_SUCCESS) {
+        txSz = sizeof(txBuf);
+        rxSz = sizeof(rxBuf);
 
-    wolfSPDM_DebugPrint(ctx, "PSK Step 4: PSK_EXCHANGE\n");
-    rc = wolfSPDM_BuildPskExchange(ctx, txBuf, &txSz);
+        wolfSPDM_DebugPrint(ctx, "PSK Step 4: PSK_EXCHANGE\n");
+        rc = wolfSPDM_BuildPskExchange(ctx, txBuf, &txSz);
+    }
     if (rc == WOLFSPDM_SUCCESS) {
         rc = wolfSPDM_TranscriptAdd(ctx, txBuf, txSz);
     }
@@ -417,6 +419,8 @@ int wolfSPDM_ConnectPsk(WOLFSPDM_CTX* ctx)
     }
 
     /* Always zero sensitive stack buffers */
+    wc_ForceZero(txBuf, sizeof(txBuf));
+    wc_ForceZero(rxBuf, sizeof(rxBuf));
     wc_ForceZero(finBuf, sizeof(finBuf));
     wc_ForceZero(encBuf, sizeof(encBuf));
     wc_ForceZero(decBuf, sizeof(decBuf));

src/spdm/spdm_tcg.c

@@ -89,7 +89,7 @@ int wolfSPDM_TCG_VendorCmdSecured(WOLFSPDM_CTX* ctx, const char* vdCode,
     byte spdmMsg[WOLFSPDM_VENDOR_BUF_SZ];
     int spdmMsgSz;
     byte decBuf[WOLFSPDM_VENDOR_BUF_SZ];
-    word32 decSz;
+    word32 decSz = 0;
     int rc;
     byte ver;
 

src/tpm2.c

@@ -233,11 +233,9 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
             }
 
         #if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_HMAC)
-            rc = TPM2_GetName(ctx, handleValue1, info->inHandleCnt, 0, &name1);
-            if (rc == TPM_RC_SUCCESS)
-                rc = TPM2_GetName(ctx, handleValue2, info->inHandleCnt, 1, &name2);
-            if (rc == TPM_RC_SUCCESS)
-                rc = TPM2_GetName(ctx, handleValue3, info->inHandleCnt, 2, &name3);
+            rc =  TPM2_GetName(ctx, handleValue1, info->inHandleCnt, 0, &name1);
+            rc |= TPM2_GetName(ctx, handleValue2, info->inHandleCnt, 1, &name2);
+            rc |= TPM2_GetName(ctx, handleValue3, info->inHandleCnt, 2, &name3);
             if (rc != TPM_RC_SUCCESS) {
             #ifdef DEBUG_WOLFTPM
                 printf("Error getting names for cpHash!\n");
@@ -277,17 +275,18 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
     /* Update the Auth Area total size in the command packet */
     i = TPM2_Packet_PlaceU32(packet, authTotalSzPos);
 
+#ifdef DEBUG_WOLFTPM
     if ((int)authSz != i) {
         /* actual auth size did not match estimated size from
          * TPM2_Packet_AppendAuth */
-    #ifdef DEBUG_WOLFTPM
         printf("Error: Calculated auth size %d did not match actual %d!\n",
             authSz, i);
-    #endif
         return BUFFER_E;
     }
+#endif
 
     (void)cmdCode;
+    (void)i;
 
     return rc;
 }
@@ -2144,8 +2143,9 @@ TPM_RC TPM2_Duplicate(Duplicate_In* in, Duplicate_Out* out)
         TPM2_Packet_AppendBytes(&packet, in->encryptionKeyIn.buffer,
             in->encryptionKeyIn.size);
 
-        TPM2_Packet_AppendSymmetric(&packet,
-            (TPMT_SYM_DEF*)&in->symmetricAlg);
+        TPM2_Packet_AppendU16(&packet, in->symmetricAlg.algorithm);
+        TPM2_Packet_AppendU16(&packet, in->symmetricAlg.keyBits.sym);
+        TPM2_Packet_AppendU16(&packet, in->symmetricAlg.mode.sym);
 
         TPM2_Packet_Finalize(&packet, TPM_ST_SESSIONS, TPM_CC_Duplicate);
 
@@ -3175,10 +3175,7 @@ TPM_RC TPM2_Certify(Certify_In* in, Certify_Out* out)
         TPM2_Packet_AppendBytes(&packet, in->qualifyingData.buffer,
             in->qualifyingData.size);
 
-        TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
-        if (in->inScheme.scheme != TPM_ALG_NULL) {
-            TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
-        }
+        TPM2_Packet_AppendEccScheme(&packet, &in->inScheme);
 
         TPM2_Packet_Finalize(&packet, TPM_ST_SESSIONS, TPM_CC_Certify);
 
@@ -3240,10 +3237,7 @@ TPM_RC TPM2_CertifyCreation(CertifyCreation_In* in, CertifyCreation_Out* out)
         TPM2_Packet_AppendBytes(&packet, in->creationHash.buffer,
             in->creationHash.size);
 
-        TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
-        if (in->inScheme.scheme != TPM_ALG_NULL) {
-            TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
-        }
+        TPM2_Packet_AppendEccScheme(&packet, &in->inScheme);
 
         TPM2_Packet_AppendU16(&packet, in->creationTicket.tag);
         TPM2_Packet_AppendU32(&packet, in->creationTicket.hierarchy);
@@ -3307,10 +3301,7 @@ TPM_RC TPM2_Quote(Quote_In* in, Quote_Out* out)
         TPM2_Packet_AppendBytes(&packet, in->qualifyingData.buffer,
             in->qualifyingData.size);
 
-        TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
-        if (in->inScheme.scheme != TPM_ALG_NULL) {
-            TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
-        }
+        TPM2_Packet_AppendEccScheme(&packet, &in->inScheme);
 
         TPM2_Packet_AppendPCR(&packet, &in->PCRselect);
 
@@ -3373,10 +3364,7 @@ TPM_RC TPM2_GetSessionAuditDigest(GetSessionAuditDigest_In* in,
         TPM2_Packet_AppendBytes(&packet, in->qualifyingData.buffer,
             in->qualifyingData.size);
 
-        TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
-        if (in->inScheme.scheme != TPM_ALG_NULL) {
-            TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
-        }
+        TPM2_Packet_AppendEccScheme(&packet, &in->inScheme);
 
         TPM2_Packet_Finalize(&packet, TPM_ST_SESSIONS,
             TPM_CC_GetSessionAuditDigest);
@@ -3437,10 +3425,7 @@ TPM_RC TPM2_GetCommandAuditDigest(GetCommandAuditDigest_In* in,
         TPM2_Packet_AppendBytes(&packet, in->qualifyingData.buffer,
             in->qualifyingData.size);
 
-        TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
-        if (in->inScheme.scheme != TPM_ALG_NULL) {
-            TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
-        }
+        TPM2_Packet_AppendEccScheme(&packet, &in->inScheme);
 
         TPM2_Packet_Finalize(&packet, TPM_ST_SESSIONS,
             TPM_CC_GetCommandAuditDigest);
@@ -3500,10 +3485,7 @@ TPM_RC TPM2_GetTime(GetTime_In* in, GetTime_Out* out)
         TPM2_Packet_AppendBytes(&packet, in->qualifyingData.buffer,
             in->qualifyingData.size);
 
-        TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
-        if (in->inScheme.scheme != TPM_ALG_NULL) {
-            TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
-        }
+        TPM2_Packet_AppendEccScheme(&packet, &in->inScheme);
 
         TPM2_Packet_Finalize(&packet, TPM_ST_SESSIONS, TPM_CC_GetTime);
 
@@ -3628,7 +3610,6 @@ TPM_RC TPM2_VerifySignature(VerifySignature_In* in,
     TPM_RC rc;
     TPM2_CTX* ctx = TPM2_GetActiveCtx();
     TPM_ST st;
-    UINT16 wireSize = 0;
 
     if (ctx == NULL || in == NULL || out == NULL)
         return BAD_FUNC_ARG;
@@ -3664,20 +3645,10 @@ TPM_RC TPM2_VerifySignature(VerifySignature_In* in,
 
             TPM2_Packet_ParseU16(&packet, &out->validation.tag);
             TPM2_Packet_ParseU32(&packet, &out->validation.hierarchy);
-
-            TPM2_Packet_ParseU16(&packet, &wireSize);
-            out->validation.digest.size = wireSize;
-            if (out->validation.digest.size >
-                    (UINT16)sizeof(out->validation.digest.buffer)) {
-                out->validation.digest.size =
-                    (UINT16)sizeof(out->validation.digest.buffer);
-            }
+            TPM2_Packet_ParseU16(&packet, &out->validation.digest.size);
             TPM2_Packet_ParseBytes(&packet,
                         out->validation.digest.buffer,
                         out->validation.digest.size);
-            if (wireSize > out->validation.digest.size)
-                TPM2_Packet_ParseBytes(&packet, NULL,
-                    wireSize - out->validation.digest.size);
         }
 
         TPM2_ReleaseLock(ctx);
@@ -3709,14 +3680,7 @@ TPM_RC TPM2_Sign(Sign_In* in, Sign_Out* out)
         TPM2_Packet_AppendU16(&packet, in->digest.size);
         TPM2_Packet_AppendBytes(&packet, in->digest.buffer, in->digest.size);
 
-        TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
-        if (in->inScheme.scheme != TPM_ALG_NULL) {
-            TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
-            if (in->inScheme.scheme == TPM_ALG_ECDAA) {
-                TPM2_Packet_AppendU16(&packet,
-                    in->inScheme.details.ecdaa.count);
-            }
-        }
+        TPM2_Packet_AppendEccScheme(&packet, &in->inScheme);
 
         TPM2_Packet_AppendU16(&packet, in->validation.tag);
         TPM2_Packet_AppendU32(&packet, in->validation.hierarchy);
@@ -5954,10 +5918,7 @@ TPM_RC TPM2_NV_Certify(NV_Certify_In* in, NV_Certify_Out* out)
         TPM2_Packet_AppendBytes(&packet, in->qualifyingData.buffer,
             in->qualifyingData.size);
 
-        TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
-        if (in->inScheme.scheme != TPM_ALG_NULL) {
-            TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
-        }
+        TPM2_Packet_AppendEccScheme(&packet, &in->inScheme);
 
         TPM2_Packet_AppendU16(&packet, in->size);
         TPM2_Packet_AppendU16(&packet, in->offset);

src/tpm2_wrap.c

@@ -3884,8 +3884,13 @@ int wolfTPM2_DecodeRsaDer(const byte* der, word32 derSz,
             pub->publicArea.objectAttributes = attributes;
             rsa->keyBits = nSz * 8;
             rsa->exponent = e;
+            /* if both sign and decrypt are set then must use NULL scheme */
             rsa->scheme.scheme =
-                (attributes & TPMA_OBJECT_sign) ? TPM_ALG_RSASSA : TPM_ALG_NULL;
+                ((attributes & TPMA_OBJECT_sign) &&
+                 (attributes & TPMA_OBJECT_decrypt)) ?
+                    TPM_ALG_NULL :
+                ((attributes & TPMA_OBJECT_sign) ? TPM_ALG_RSASSA :
+                    TPM_ALG_NULL);
             rsa->scheme.details.anySig.hashAlg = WOLFTPM2_WRAP_DIGEST;
             pub->publicArea.unique.rsa.size = nSz;
             XMEMCPY(pub->publicArea.unique.rsa.buffer, n, nSz);
@@ -3996,8 +4001,13 @@ int wolfTPM2_DecodeEccDer(const byte* der, word32 derSz, TPM2B_PUBLIC* pub,
             pub->publicArea.nameAlg = WOLFTPM2_WRAP_DIGEST;
             pub->publicArea.objectAttributes = attributes;
             ecc->symmetric.algorithm = TPM_ALG_NULL;
+            /* if both sign and decrypt are set then must use NULL scheme */
             ecc->scheme.scheme =
-                (attributes & TPMA_OBJECT_sign) ? TPM_ALG_ECDSA : TPM_ALG_NULL;
+                ((attributes & TPMA_OBJECT_sign) &&
+                 (attributes & TPMA_OBJECT_decrypt)) ?
+                    TPM_ALG_NULL :
+                ((attributes & TPMA_OBJECT_sign) ? TPM_ALG_ECDSA :
+                    TPM_ALG_NULL);
             ecc->scheme.details.ecdsa.hashAlg = WOLFTPM2_WRAP_DIGEST;
             ecc->curveID = curveId;
             ecc->kdf.scheme = TPM_ALG_NULL;
@@ -9473,7 +9483,6 @@ int wolfTPM2_SetIdentityAuth(WOLFTPM2_DEV* dev, WOLFTPM2_HANDLE* handle,
         TPM2_PrintBin(handle->auth.buffer, handle->auth.size);
     #endif
     }
-    wc_ForceZero(digest, sizeof(digest));
 
     (void)dev;
 

tests/unit_tests.c

@@ -1244,7 +1244,8 @@ static void test_TPM2_HashNvPublic(void)
 /* Known-answer test for TPM2_KDFe (SP800-56A one-step KDF for ECC).
  * Reference: independently computed SHA-256(counter || Z || label || U || V)
  * with counter starting at 1. */
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC)
+#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && \
+    !defined(WC_NO_RNG) && defined(WOLFSSL_PUBLIC_MP)
 static void test_TPM2_KDFe(void)
 {
     int rc;
@@ -1419,7 +1420,9 @@ static void test_KeySealTemplate(void)
     printf("Test TPM Wrapper:\tKeySealTemplate:\t\tPassed\n");
 }
 
-/* Test boundary validation for seal size and keyed hash key size */
+/* Test boundary validation for seal size and keyed hash key size.
+ * Uses zero-initialized dev intentionally — only testing argument validation,
+ * not TPM operations. */
 static void test_SealAndKeyedHash_Boundaries(void)
 {
     int rc;
@@ -2138,7 +2141,14 @@ static void test_wolfTPM2_DecodeDer_DefaultAttribs(void)
 
     /* userWithAuth should be set */
     AssertTrue(attrs & TPMA_OBJECT_userWithAuth);
+
+    /* When both sign and decrypt are set, scheme must be NULL */
+    AssertIntEQ(pub.publicArea.parameters.eccDetail.scheme.scheme,
+        TPM_ALG_NULL);
 #endif
+    /* Note: DecodeRsaDer uses the same default attribute and scheme logic
+     * as DecodeEccDer — validated by the ECC test above. RSA DER key is
+     * too large (1217 bytes) to embed inline for a unit test. */
 
     printf("Test TPM Wrapper:\tDecodeDer DefaultAttribs:\tPassed\n");
 }
@@ -2222,8 +2232,11 @@ int unit_tests(int argc, char *argv[])
     test_TPM2_ParamDec_AESCFB_Roundtrip();
     test_TPM2_ParamEncDec_Dispatch_Roundtrip();
     test_TPM2_HashNvPublic();
-    #if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC)
+    #if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && \
+        !defined(WC_NO_RNG) && defined(WOLFSSL_PUBLIC_MP)
     test_TPM2_KDFe();
+    #endif
+    #if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC)
     test_wolfTPM2_ComputeName();
     #endif
     test_TPM2_SchemeSerialize();

wolftpm/tpm2_wrap.h

@@ -4523,7 +4523,8 @@ WOLFTPM_API int wolfTPM2_FirmwareUpgradeCancel(WOLFTPM2_DEV* dev);
 
 
 /* KDFe - exposed for unit testing */
-#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC)
+#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC) && \
+    !defined(WC_NO_RNG) && defined(WOLFSSL_PUBLIC_MP)
 WOLFTPM_TEST_API int TPM2_KDFe(
     TPM_ALG_ID hashAlg, const TPM2B_DATA *Z, const char *label,
     const TPM2B_DATA *partyUInfo, const TPM2B_DATA *partyVInfo,