WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fixes for `TPM2_SetupPCRSel`. Added test cases. Fixes ZD 18492

pull/372/head
David Garske 2024-08-21 11:23:58 -07:00
parent 1cea780851
commit a012348fe9
3 changed files with 87 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/tpm2.c
View File

@ -5650,6 +5650,7 @@ int TPM2_GetName(TPM2_CTX* ctx, UINT32 handleValue, int handleCnt, int idx, TPM2
return TPM_RC_SUCCESS; return TPM_RC_SUCCESS;
} }
/* Caller must zeroize/memset(0) pcr (TPML_PCR_SELECTION) */
void TPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, int pcrIndex) void TPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, int pcrIndex)
{ {
int i = 0; int i = 0;
@ -5662,21 +5663,35 @@ void TPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, int pcrIndex)
else { else {
/* iterate over all banks until the alg matches */ /* iterate over all banks until the alg matches */
for (i = 0; (word32)i < pcr->count; i++) { for (i = 0; (word32)i < pcr->count; i++) {
if (pcr->pcrSelections[0].hash == alg) if (pcr->pcrSelections[i].hash == alg)
break; break;
} }
/* if no match increase the number of banks */ /* if no match increase the number of banks */
if ((word32)i >= pcr->count) if ((word32)i >= pcr->count) {
if (pcr->count + 1 > HASH_COUNT) {
#ifdef DEBUG_WOLFTPM
printf("TPM2_SetupPCRSel: Hash algorithm count error\n");
#endif
return;
}
pcr->count++; pcr->count++;
}
} }
pcr->pcrSelections[i].hash = alg; pcr->pcrSelections[i].hash = alg;
pcr->pcrSelections[i].sizeofSelect = PCR_SELECT_MAX; pcr->pcrSelections[i].sizeofSelect = PCR_SELECT_MAX;
pcr->pcrSelections[i].pcrSelect[pcrIndex >> 3] = (1 << (pcrIndex & 0x7)); pcr->pcrSelections[i].pcrSelect[pcrIndex >> 3] |=
(1 << (pcrIndex & 0x7));
} }
#ifdef DEBUG_WOLFTPM
else {
printf("Invalid PCR Index %d\n", pcrIndex);
}
#endif
} }
/* Caller must zeroize/memset(0) pcr (TPML_PCR_SELECTION) */
void TPM2_SetupPCRSelArray(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, void TPM2_SetupPCRSelArray(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg,
byte* pcrArray, word32 pcrArraySz) byte* pcrArray, word32 pcrArraySz)
{ {

57
tests/unit_tests.c
View File

@ -241,6 +241,62 @@ static void test_wolfTPM2_GetRandom(void)
rc == 0 ? "Passed" : "Failed"); rc == 0 ? "Passed" : "Failed");
} }
static void test_TPM2_PCRSel(void)
{
int rc = 0;
TPML_PCR_SELECTION pcr;
byte pcrArray[PCR_SELECT_MAX];
word32 pcrArraySz;
XMEMSET(&pcr, 0, sizeof(pcr));
XMEMSET(pcrArray, 0, sizeof(pcrArray));
pcrArraySz = 0;
pcrArray[pcrArraySz++] = 1;
pcrArray[pcrArraySz++] = 2;
pcrArray[pcrArraySz++] = 3;
TPM2_SetupPCRSelArray(&pcr, TPM_ALG_SHA, pcrArray, pcrArraySz);
pcrArraySz = 0;
pcrArray[pcrArraySz++] = 4;
pcrArray[pcrArraySz++] = 5;
pcrArray[pcrArraySz++] = 6;
TPM2_SetupPCRSelArray(&pcr, TPM_ALG_SHA256, pcrArray, pcrArraySz);
if (pcr.count != 2 ||
pcr.pcrSelections[0].hash != TPM_ALG_SHA ||
pcr.pcrSelections[0].pcrSelect[0] != 0x0E ||
pcr.pcrSelections[1].hash != TPM_ALG_SHA256 ||
pcr.pcrSelections[1].pcrSelect[0] != 0x70
) {
rc = BAD_FUNC_ARG;
}
AssertIntEQ(rc, 0);
/* Test bad case - invalid PCR */
XMEMSET(&pcr, 0, sizeof(pcr));
pcrArray[0] = PCR_SELECT_MAX+1;
TPM2_SetupPCRSelArray(&pcr, TPM_ALG_SHA256, pcrArray, 1);
if (pcr.count != 0) {
rc = BAD_FUNC_ARG;
}
/* Test bad case - too many hash algorithms */
XMEMSET(&pcr, 0, sizeof(pcr));
pcrArray[0] = 1;
TPM2_SetupPCRSelArray(&pcr, TPM_ALG_SHA, pcrArray, 1);
pcrArray[0] = 2;
TPM2_SetupPCRSelArray(&pcr, TPM_ALG_SHA256, pcrArray, 1);
pcrArray[0] = 3;
TPM2_SetupPCRSelArray(&pcr, TPM_ALG_SHA384, pcrArray, 1);
if (pcr.count != 2) {
rc = BAD_FUNC_ARG;
}
printf("Test TPM Wrapper:\tPCR Select Array:\t%s\n",
rc == 0 ? "Passed" : "Failed");
}
static void test_wolfTPM2_Cleanup(void) static void test_wolfTPM2_Cleanup(void)
{ {
int rc; int rc;
@ -603,6 +659,7 @@ int unit_tests(int argc, char *argv[])
test_wolfTPM2_OpenExisting(); test_wolfTPM2_OpenExisting();
test_wolfTPM2_GetCapabilities(); test_wolfTPM2_GetCapabilities();
test_wolfTPM2_GetRandom(); test_wolfTPM2_GetRandom();
test_TPM2_PCRSel();
test_TPM2_KDFa(); test_TPM2_KDFa();
test_wolfTPM2_ReadPublicKey(); test_wolfTPM2_ReadPublicKey();
test_wolfTPM2_CSR(); test_wolfTPM2_CSR();

19
wolftpm/tpm2.h
View File

@ -3363,7 +3363,7 @@ WOLFTPM_API int TPM2_GetNonce(byte* nonceBuf, int nonceSz);
\brief Helper function to prepare a correct PCR selection \brief Helper function to prepare a correct PCR selection
For example, when preparing to create a TPM2_Quote For example, when preparing to create a TPM2_Quote
\param pcr pointer to a structure of type TPML_PCR_SELECTION \param pcr pointer to a structure of type TPML_PCR_SELECTION. Note: Caller must zeroize/memset(0)
\param alg value of type TPM_ALG_ID specifying the type of hash algorithm used \param alg value of type TPM_ALG_ID specifying the type of hash algorithm used
\param pcrIndex value between 0 and 23 specifying the PCR register for use \param pcrIndex value between 0 and 23 specifying the PCR register for use
@ -3371,7 +3371,7 @@ WOLFTPM_API int TPM2_GetNonce(byte* nonceBuf, int nonceSz);
\code \code
int pcrIndex = 16; // This is a PCR register for DEBUG & testing purposes int pcrIndex = 16; // This is a PCR register for DEBUG & testing purposes
PCR_Read_In pcrRead; PCR_Read_In pcrRead;
XMEMSET(&pcrRead, 0, sizeof(pcrRead));
TPM2_SetupPCRSel(&pcrRead.pcrSelectionIn, TPM_ALG_SHA256, pcrIndex); TPM2_SetupPCRSel(&pcrRead.pcrSelectionIn, TPM_ALG_SHA256, pcrIndex);
\endcode \endcode
@ -3388,17 +3388,22 @@ WOLFTPM_API void TPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg,
\brief Helper function to prepare a correct PCR selection with multiple indices \brief Helper function to prepare a correct PCR selection with multiple indices
For example, when preparing to create a TPM2_Quote For example, when preparing to create a TPM2_Quote
\param pcr pointer to a structure of type TPML_PCR_SELECTION \param pcr pointer to a structure of type TPML_PCR_SELECTION. Note: Caller must zeroize/memset(0)
\param alg value of type TPM_ALG_ID specifying the type of hash algorithm used \param alg value of type TPM_ALG_ID specifying the type of hash algorithm used
\param pcrArray array of values between 0 and 23 specifying the PCR register for use \param pcrArray array of values between 0 and 23 specifying the PCR register for use
\param pcrArrayLen length of the pcrArray \param pcrArraySz length of the pcrArray
_Example_ _Example_
\code \code
int pcrIndex = 16; // This is a PCR register for DEBUG & testing purposes
PCR_Read_In pcrRead; PCR_Read_In pcrRead;
byte pcrArray[PCR_SELECT_MAX];
word32 pcrArraySz = 0;
TPM2_SetupPCRSel(&pcrRead.pcrSelectionIn, TPM_ALG_SHA256, pcrIndex); XMEMSET(&pcrRead, 0, sizeof(pcrRead));
XMEMSET(pcrArray, 0, sizeof(pcrArray));
pcrArray[pcrArraySz++] = 16; // This is a PCR register for DEBUG & testing purposes
TPM2_SetupPCRSelArray(&pcrRead.pcrSelectionIn, TPM_ALG_SHA256, pcrArray, pcrArraySz);
\endcode \endcode
\sa TPM2_PCR_Read \sa TPM2_PCR_Read
@ -3407,7 +3412,7 @@ WOLFTPM_API void TPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg,
\sa TPM2_Quote \sa TPM2_Quote
*/ */
WOLFTPM_API void TPM2_SetupPCRSelArray(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, WOLFTPM_API void TPM2_SetupPCRSelArray(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg,
byte* pcrArray, word32 pcrArrayLen); byte* pcrArray, word32 pcrArraySz);
/*! /*!
\ingroup TPM2_Proprietary \ingroup TPM2_Proprietary