Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
c63386b
F-6847 - Bound ECDSA verify R/S to key size in crypto callback
aidangarske Jul 13, 2026
71d0b3d
F-6839 - Fix dead error handling in TPM2_ASN_DecodeX509Cert
aidangarske Jul 13, 2026
46c906e
F-6840 - Report tag mismatch from TPM2_ASN_DecodeTag
aidangarske Jul 13, 2026
7a6519b
F-6848 - Scrub hash context in TPM2_CalcCpHash and TPM2_CalcRpHash
aidangarske Jul 13, 2026
378c181
F-6844 - Clamp TPM2B sizes in TPM2_Packet_AppendPublicArea
aidangarske Jul 13, 2026
2b68fa9
F-6842 - Add XOR param-enc mask-size boundary test
aidangarske Jul 13, 2026
c9ec803
F-6843 - Add AES-CFB param-enc key-size boundary test
aidangarske Jul 13, 2026
a78f99f
F-6849 - Document 32-byte ML-KEM K in fwTPM seed KDF
aidangarske Jul 13, 2026
e770f3b
F-6845 - Add field-level roundtrip test for RSA and ECC TPMT_PUBLIC
aidangarske Jul 13, 2026
212f425
F-6841 - Add response HMAC verification test for TPM2_ResponseProcess
aidangarske Jul 13, 2026
2bdbf66
F-6841 - Expose TPM2_CalcRpHash to tests via WOLFTPM_TEST_API
aidangarske Jul 13, 2026
5aa84dd
F-6841 - Exercise response nonceTPM update in HMAC verify test
aidangarske Jul 13, 2026
3964e7f
F-6844 - Clamp ECC point sizes in TPM2_Packet_AppendEccPoint
aidangarske Jul 13, 2026
9188fcd
F-6845 - Run RSA/ECC public roundtrip test in non-PQC builds
aidangarske Jul 13, 2026
b7241a7
F-6844 - Cover keyedHash/sym/mldsa/mlkem clamp arms in append test
aidangarske Jul 13, 2026
45369f5
F-6847 - Guard ECC verify test on curve size and add oversized-S case
aidangarske Jul 13, 2026
ce96373
F-6839 - Add valid-certificate happy-path test for DecodeX509Cert
aidangarske Jul 13, 2026
2ef42a0
F-6840 - Use fixed pass print in DecodeTag error test
aidangarske Jul 13, 2026
14d02a3
F-6842 - Share TPM2_XOR_MASK_MAX via header so test matches impl
aidangarske Jul 13, 2026
5c682e1
F-6839 - Cover truncated-buffer error path in DecodeX509Cert test
aidangarske Jul 13, 2026
213bfaa
F-6840 - Bound RsaDecodeSignature size check against TPM_RC error codes
aidangarske Jul 13, 2026
7028c98
F-6839 - Revert DecodeX509Cert guard changes; ASN errors are negative
aidangarske Jul 13, 2026
129191b
F-6840 - Revert DecodeTag change and EK cert bound; ASN errors are ne…
aidangarske Jul 13, 2026
c76dbe6
F-6847 - Cover keySz==0 fallback in ECC verify crypto callback test
aidangarske Jul 13, 2026
5fdaa79
F-6847 - Add ChangeLog entry for crypto callback and marshaling harde…
aidangarske Jul 13, 2026
6ce2ed1
F-6847 - Remove ChangeLog entry
aidangarske Jul 13, 2026
fac885a
F-6847 - Drop keySz==0 ECC verify test; old wolfSSL wc_ecc_size deref…
aidangarske Jul 13, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/fwtpm/fwtpm_crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -2592,6 +2592,7 @@ TPM_RC FwDecryptSeed(FWTPM_CTX* ctx,
encSeedBuf, encSeedSz, &sharedK);
}
if (rc == 0) {
/* K is 32-byte ML-KEM secret per FIPS 203 (Part 1 47.4 errata) */
int kdfRc = TPM2_KDFa_ex(nameAlg,
sharedK.buffer, sharedK.size, kdfLabel,
encSeedBuf, (UINT32)encSeedSz,
Expand Down Expand Up @@ -2845,6 +2846,7 @@ TPM_RC FwEncryptSeed(FWTPM_CTX* ctx,
rc = TPM_RC_SIZE;
}
if (rc == 0) {
/* K is 32-byte ML-KEM secret per FIPS 203 (Part 1 47.4 errata) */
int kdfRc = TPM2_KDFa_ex(nameAlg,
sharedK.buffer, sharedK.size, kdfLabel,
ciphertext->buffer, (UINT32)ciphertext->size,
Expand Down
10 changes: 9 additions & 1 deletion src/tpm2_cryptocb.c
Original file line number Diff line number Diff line change
Expand Up @@ -352,20 +352,28 @@ int wolfTPM2_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
byte sigRS[MAX_ECC_BYTES*2];
byte *r = sigRS, *s = &sigRS[MAX_ECC_BYTES];
word32 rLen = MAX_ECC_BYTES, sLen = MAX_ECC_BYTES;
word32 keySz = 0;

XMEMSET(&eccPub, 0, sizeof(eccPub));
XMEMSET(sigRS, 0, sizeof(sigRS));

/* Decode ECDSA Header */
rc = wc_ecc_sig_to_rs(info->pk.eccverify.sig,
info->pk.eccverify.siglen, r, &rLen, s, &sLen);
if (rc == 0) {
/* R/S larger than key size underflows the pad offset */
keySz = wc_ecc_size(info->pk.eccverify.key);
if (keySz == 0 || keySz > MAX_ECC_BYTES ||
rLen > keySz || sLen > keySz) {
rc = exit_rc;
}
}
if (rc == 0) {
/* load public key into TPM */
rc = wolfTPM2_EccKey_WolfToTpm(tlsCtx->dev,
info->pk.eccverify.key, &eccPub);
if (rc == 0) {
/* combine R and S at key size (zero pad leading) */
word32 keySz = wc_ecc_size(info->pk.eccverify.key);
XMEMMOVE(&sigRS[keySz-rLen], r, rLen);
XMEMSET(&sigRS[0], 0, keySz-rLen);
XMEMMOVE(&sigRS[keySz + (keySz-sLen)], s, sLen);
Expand Down
26 changes: 26 additions & 0 deletions src/tpm2_packet.c
Comment thread
embhorn marked this conversation as resolved.
Original file line number Diff line number Diff line change
Expand Up @@ -740,8 +740,12 @@ void TPM2_Packet_ParseAsymScheme(TPM2_Packet* packet, TPMT_ASYM_SCHEME* scheme)

void TPM2_Packet_AppendEccPoint(TPM2_Packet* packet, TPMS_ECC_POINT* point)
{
if (point->x.size > sizeof(point->x.buffer))
point->x.size = sizeof(point->x.buffer);
TPM2_Packet_AppendU16(packet, point->x.size);
TPM2_Packet_AppendBytes(packet, point->x.buffer, point->x.size);
if (point->y.size > sizeof(point->y.buffer))
point->y.size = sizeof(point->y.buffer);
TPM2_Packet_AppendU16(packet, point->y.size);
TPM2_Packet_AppendBytes(packet, point->y.buffer, point->y.size);
}
Expand Down Expand Up @@ -1157,6 +1161,8 @@ void TPM2_Packet_AppendPublicArea(TPM2_Packet* packet, TPMT_PUBLIC* publicArea)
TPM2_Packet_AppendU16(packet, publicArea->type);
TPM2_Packet_AppendU16(packet, publicArea->nameAlg);
TPM2_Packet_AppendU32(packet, publicArea->objectAttributes);
if (publicArea->authPolicy.size > sizeof(publicArea->authPolicy.buffer))
publicArea->authPolicy.size = sizeof(publicArea->authPolicy.buffer);
TPM2_Packet_AppendU16(packet, publicArea->authPolicy.size);
TPM2_Packet_AppendBytes(packet, publicArea->authPolicy.buffer,
publicArea->authPolicy.size);
Expand All @@ -1166,16 +1172,28 @@ void TPM2_Packet_AppendPublicArea(TPM2_Packet* packet, TPMT_PUBLIC* publicArea)

switch (publicArea->type) {
case TPM_ALG_KEYEDHASH:
if (publicArea->unique.keyedHash.size >
sizeof(publicArea->unique.keyedHash.buffer))
publicArea->unique.keyedHash.size =
sizeof(publicArea->unique.keyedHash.buffer);
TPM2_Packet_AppendU16(packet, publicArea->unique.keyedHash.size);
TPM2_Packet_AppendBytes(packet, publicArea->unique.keyedHash.buffer,
publicArea->unique.keyedHash.size);
break;
case TPM_ALG_SYMCIPHER:
if (publicArea->unique.sym.size >
sizeof(publicArea->unique.sym.buffer))
publicArea->unique.sym.size =
sizeof(publicArea->unique.sym.buffer);
TPM2_Packet_AppendU16(packet, publicArea->unique.sym.size);
TPM2_Packet_AppendBytes(packet, publicArea->unique.sym.buffer,
publicArea->unique.sym.size);
break;
case TPM_ALG_RSA:
if (publicArea->unique.rsa.size >
sizeof(publicArea->unique.rsa.buffer))
publicArea->unique.rsa.size =
sizeof(publicArea->unique.rsa.buffer);
TPM2_Packet_AppendU16(packet, publicArea->unique.rsa.size);
Comment thread
aidangarske marked this conversation as resolved.
TPM2_Packet_AppendBytes(packet, publicArea->unique.rsa.buffer,
publicArea->unique.rsa.size);
Expand All @@ -1186,13 +1204,21 @@ void TPM2_Packet_AppendPublicArea(TPM2_Packet* packet, TPMT_PUBLIC* publicArea)
#ifdef WOLFTPM_MLDSA
case TPM_ALG_MLDSA:
case TPM_ALG_HASH_MLDSA:
if (publicArea->unique.mldsa.size >
sizeof(publicArea->unique.mldsa.buffer))
publicArea->unique.mldsa.size =
sizeof(publicArea->unique.mldsa.buffer);
TPM2_Packet_AppendU16(packet, publicArea->unique.mldsa.size);
TPM2_Packet_AppendBytes(packet, publicArea->unique.mldsa.buffer,
publicArea->unique.mldsa.size);
break;
#endif /* WOLFTPM_MLDSA */
#ifdef WOLFTPM_MLKEM
case TPM_ALG_MLKEM:
if (publicArea->unique.mlkem.size >
sizeof(publicArea->unique.mlkem.buffer))
publicArea->unique.mlkem.size =
sizeof(publicArea->unique.mlkem.buffer);
TPM2_Packet_AppendU16(packet, publicArea->unique.mlkem.size);
TPM2_Packet_AppendBytes(packet, publicArea->unique.mlkem.buffer,
publicArea->unique.mlkem.size);
Expand Down
9 changes: 2 additions & 7 deletions src/tpm2_param_enc.c
Original file line number Diff line number Diff line change
Expand Up @@ -57,13 +57,6 @@
/* --- Param Enc/Dec Functions -- */
/******************************************************************************/

/* Maximum XOR mask size. RSA-2048 inSensitive parameter blobs on Create can
* exceed MAX_DIGEST_BUFFER (1024), so leave headroom to ~1250 bytes. Keep
* stack usage bounded by switching to heap under WOLFTPM_SMALL_STACK. */
#ifndef TPM2_XOR_MASK_MAX
#define TPM2_XOR_MASK_MAX 1280
#endif

/* XOR parameter encryption/decryption (shared by client and fwTPM).
* XOR is symmetric so encrypt and decrypt are the same operation.
* nonceA/nonceB order determines direction (caller/TPM or TPM/caller). */
Expand Down Expand Up @@ -389,6 +382,7 @@ int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode,
rc = wc_HashFinal(&hash_ctx, hashType, hash->buffer);

wc_HashFree(&hash_ctx, hashType);
TPM2_ForceZero(&hash_ctx, sizeof(hash_ctx));
}

#ifdef WOLFTPM_DEBUG_VERBOSE
Expand Down Expand Up @@ -435,6 +429,7 @@ int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
rc = wc_HashFinal(&hash_ctx, hashType, hash->buffer);

wc_HashFree(&hash_ctx, hashType);
TPM2_ForceZero(&hash_ctx, sizeof(hash_ctx));
}

#ifdef WOLFTPM_DEBUG_VERBOSE
Expand Down
Loading
Loading