Sanitize the IO TX/RX buffers (make sure they are zero initialized).

README.md

@@ -6,11 +6,11 @@ Portable TPM 2.0 project designed for embedded use.
 ## Project Features
 
 * This implementation provides all TPM 2.0 API’s in compliance with the specification.
-* Wrappers provided to simplify Key Generation/Loading, RSA encrypt/decrypt, ECC sign/verify, ECDH, NV, Hashing/Hmac and AES.
+* Wrappers provided to simplify Key Generation/Loading, RSA encrypt/decrypt, ECC sign/verify, ECDH, NV, Hashing/HACM, AES, Sealing/Unsealing, Attestation, PCR Extend/Quote and Secure Root of Trust.
 * Testing done using the following TPM 2.0 modules: STM ST33TP* SPI/I2C, Infineon OPTIGA SLB9670/SLB9672, Microchip ATTPM20, Nations Tech Z32H330TC and Nuvoton NPCT650/NPCT750.
 * wolfTPM uses the TPM Interface Specification (TIS) to communicate either over SPI, or using a memory mapped I/O range.
 * wolfTPM can also use the Linux TPM kernel interface (/dev/tpmX) to talk with any physical TPM on SPI, I2C and even LPC bus.
-* Platform support for Raspberry Pi, STM32 with CubeMX, Atmel ASF, Xilinx, Infineon TriCore and Barebox.
+* Platform support for Raspberry Pi (Linux), MMIO, STM32 with CubeMX, Atmel ASF, Xilinx, QNX Infineon TriCore and Barebox.
 * The design allows for easy portability to different platforms:
     * Native C code designed for embedded use.
     * Single IO callback for hardware SPI interface.

hal/tpm_io.c

@@ -152,11 +152,14 @@ int TPM2_IoCb(TPM2_CTX* ctx, int isRead, word32 addr, byte* buf,
     txBuf[3] = (addr)     & 0xFF;
     if (isRead) {
         txBuf[0] = TPM_TIS_READ | ((size & 0xFF) - 1);
-        XMEMSET(&txBuf[TPM_TIS_HEADER_SZ], 0, size);
+        XMEMSET(&txBuf[TPM_TIS_HEADER_SZ], 0,
+            sizeof(txBuf) - TPM_TIS_HEADER_SZ);
     }
     else {
         txBuf[0] = TPM_TIS_WRITE | ((size & 0xFF) - 1);
         XMEMCPY(&txBuf[TPM_TIS_HEADER_SZ], buf, size);
+        XMEMSET(&txBuf[TPM_TIS_HEADER_SZ + size], 0,
+            sizeof(txBuf) - TPM_TIS_HEADER_SZ - size);
     }
     XMEMSET(rxBuf, 0, sizeof(rxBuf));
 
@@ -167,7 +170,6 @@ int TPM2_IoCb(TPM2_CTX* ctx, int isRead, word32 addr, byte* buf,
     }
 #endif
 
-
 #ifdef WOLFTPM_DEBUG_IO
     if (isRead) {
         printf("Read Size %d\n", size);

src/tpm2_tis.c

@@ -195,7 +195,7 @@ int TPM2_TIS_Read(TPM2_CTX* ctx, word32 addr, byte* result,
     txBuf[1] = (addr>>16) & 0xFF;
     txBuf[2] = (addr>>8)  & 0xFF;
     txBuf[3] = (addr)     & 0xFF;
-    XMEMSET(&txBuf[TPM_TIS_HEADER_SZ], 0, len);
+    XMEMSET(&txBuf[TPM_TIS_HEADER_SZ], 0, sizeof(txBuf) - TPM_TIS_HEADER_SZ);
     XMEMSET(rxBuf, 0, sizeof(rxBuf));
 
     rc = ctx->ioCb(ctx, txBuf, rxBuf, len + TPM_TIS_HEADER_SZ, ctx->userCtx);
@@ -203,7 +203,10 @@ int TPM2_TIS_Read(TPM2_CTX* ctx, word32 addr, byte* result,
     XMEMCPY(result, &rxBuf[TPM_TIS_HEADER_SZ], len);
 #endif
     TPM2_TIS_UNLOCK();
-
+#ifdef WOLFTPM_DEBUG_IO
+    printf("TIS Read addr %x, len %d\n", addr, len);
+    TPM2_PrintBin(result, len);
+#endif
     return rc;
 }
 
@@ -231,12 +234,17 @@ int TPM2_TIS_Write(TPM2_CTX* ctx, word32 addr, const byte* value,
     txBuf[2] = (addr>>8)  & 0xFF;
     txBuf[3] = (addr)     & 0xFF;
     XMEMCPY(&txBuf[TPM_TIS_HEADER_SZ], value, len);
+    XMEMSET(&txBuf[TPM_TIS_HEADER_SZ + len], 0,
+        sizeof(txBuf) - TPM_TIS_HEADER_SZ - len);
     XMEMSET(rxBuf, 0, sizeof(rxBuf));
 
     rc = ctx->ioCb(ctx, txBuf, rxBuf, len + TPM_TIS_HEADER_SZ, ctx->userCtx);
 #endif
     TPM2_TIS_UNLOCK();
-
+#ifdef WOLFTPM_DEBUG_IO
+    printf("TIS write addr %x, len %d\n", addr, len);
+    TPM2_PrintBin(value, len);
+#endif
     return rc;
 }