Add Unit Testing, Fix Short Curcuits, Other fixes#488
Open
aidangarske wants to merge 33 commits intowolfSSL:masterfrom
Open
Add Unit Testing, Fix Short Curcuits, Other fixes#488aidangarske wants to merge 33 commits intowolfSSL:masterfrom
aidangarske wants to merge 33 commits intowolfSSL:masterfrom
Conversation
… non-ECB modes and oversized IV in wolfTPM2_EncryptDecryptBlock
…ession[0] in SpdmEnable, SpdmDisable, and SpdmNationsIdentityKeySet
…key from stack on error paths in wolfTPM2_ImportEccPrivateKeySeed
…uth and key material from debug output
…C key and bind key from debug output in tpm2_param_enc.c
…wolfTPM2_NVStoreKey persistent handle range checks
…wolfTPM2_NVDeleteKey persistent handle range checks
…wolfTPM2_UnloadHandle persistent handle guard
…A3 digest sizes to TPM2_GetHashDigestSize F-2963 - https://fenrir.wolfssl.com/finding/2963 F-2964 - https://fenrir.wolfssl.com/finding/2964 F-2965 - https://fenrir.wolfssl.com/finding/2965 F-3003 - https://fenrir.wolfssl.com/finding/3003 F-3006 - https://fenrir.wolfssl.com/finding/3006 F-3007 - https://fenrir.wolfssl.com/finding/3007 F-3008 - https://fenrir.wolfssl.com/finding/3008
…PMT_KEYEDHASH_SCHEME XOR serialization
…nd SM2 signature serialization
…ack-local HashSequenceStart_In in wolfTPM2_HashStart
…t on error returns in wolfTPM2_StartSession
…it OR in HMAC response verification
…export for ECDH shared secret in wolfTPM2_EncryptSecret_ECC
…export for ECC signature r/s in policy_sign example
…it OR in TPM2_HmacVerify constant-time comparison
…it OR in FWTPM_ProcessCommand HMAC session auth
…it OR in FwCredentialUnwrap integrity HMAC check
…it OR in FwImportVerifyAndDecrypt integrity HMAC check
…it OR in FWTPM_ProcessCommand policy digest check
…key size to match authHash strength in wolfTPM2_StartSession
… to RSA key strength in wolfTPM2_ImportRsaPrivateKeySeed
… mutation side effect in TPM2_Packet_AppendPublic
…rseSensitive counterpart and roundtrip test
… not implemented error message
…it OR in ticket HMAC verification
…it OR in FwCmd_PolicyCpHash consistency check
…it OR in FwCmd_PolicyNameHash consistency check
…it OR in FwCmd_PolicyTicket cpHashA constraint check
…it OR in FwCmd_PolicyAuthorizeNV policy digest check
…uit OR in FWTPM_ProcessCommand PolicyPassword auth check
There was a problem hiding this comment.
Pull request overview
This PR tightens TPM2 serialization/parsing correctness and security checks (constant-time comparisons, IV validation, session preservation) and adds unit tests covering several previously untested/buggy paths.
Changes:
- Add/extend TPM structure support and packet (de)serialization for keyed-hash XOR scheme, ECSCHNORR/SM2 signatures, and sensitive-area parsing.
- Harden wrapper/fwTPM logic (session[0] preservation for SPDM flows, IV validation in EncryptDecryptBlock, improved hash digest sizing for SHA3/SM3, constant-time compare paths).
- Add unit tests for new serialization paths and wrapper boundary/argument validation behaviors.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| wolftpm/tpm2_packet.h | Exposes additional packet helpers for unit testing (keyedhash scheme, signature, sensitive). |
| wolftpm/tpm2.h | Adds TPMS_SCHEME_XOR and keyedhash union support for TPM_ALG_XOR scheme details. |
| tests/unit_tests.c | Adds unit tests for keyedhash XOR serialization, ECSCHNORR/SM2 signature serialization, sensitive roundtrip parsing, and wrapper boundary/arg checks. |
| src/tpm2_wrap.c | Preserves session[0] across SPDM platform-auth operations; improves secret export constant-time behavior; validates IV handling; zeroes sensitive stack copies on error paths. |
| src/tpm2_util.c | Extends TPM2_GetHashDigestSize to cover SM3_256 and SHA3 digests. |
| src/tpm2_param_enc.c | Removes verbose debug printing of key material (reduces sensitive logging exposure). |
| src/tpm2_packet.c | Fixes keyedhash scheme (HMAC vs XOR) serialization; adds TPM2_Packet_ParseSensitive; extends signature (de)serialization for ECSCHNORR/SM2. |
| src/tpm2_crypto.c | Updates HMAC verification to avoid early short-circuit before constant-time comparison. |
| src/tpm2.c | Updates response HMAC verification block to avoid short-circuiting the constant-compare call (but still early-returns on size mismatch). |
| src/fwtpm/fwtpm_crypto.c | Updates fwTPM integrity/HMAC checks to avoid short-circuiting constant-compare (introduces a verified OOB-read risk on malformed inputs). |
| src/fwtpm/fwtpm_command.c | Updates multiple policy/HMAC comparisons to avoid early short-circuits and reduce timing leakage. |
| hal/tpm_io_zephyr.c | Improves Zephyr SPI transport build error text and guidance. |
| examples/wrap/wrap_test.c | Updates example to provide an IV for EncryptDecrypt calls. |
| examples/pcr/policy_sign.c | Uses constant-time fixed-width export for ECC signature components (r/s). |
| examples/bench/bench.c | Updates bench to provide/reset an IV for EncryptDecrypt calls. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…it OR in FwVerifySignatureCore RSA-PKCS1v1.5 check
aidangarske
force-pushed
the
fenrir-fixes-8
branch
from
e33df51 to
882b46f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixed
By design not fixed