fwTPM/SPDM/src corrections and unit test additions#491
Merged
dgarske merged 16 commits intowolfSSL:masterfrom Apr 21, 2026
Merged
fwTPM/SPDM/src corrections and unit test additions#491dgarske merged 16 commits intowolfSSL:masterfrom
dgarske merged 16 commits intowolfSSL:masterfrom
Conversation
…ive HMAC check test for wolfSPDM_ParseKeyExchangeRsp
…ive HMAC check test for wolfSPDM_ParsePskExchangeRsp
…lon to TriCore SPI extern declaration
…nside i2c_write outer loop to match i2c_read
…gestSize return with signed int before assigning to word32
… abandon path through exit label to run cleanup
…rseEccScheme in TPM2_ECC_Parameters to consume ECDAA count
…range after XATOI in quote example
…e abandon path through exit label to run cleanup
…to > in READ_BE16/READ_BE32 and data chunk length checks
…d auth compare constant-time over fixed bound
…stead of silently truncating oversize auth in NVCreateAuthPolicy, LoadKeyedHashKey, HmacStart, HashStart
… oversize authPolicy digest in wolfTPM2_NVCreateAuthPolicy
…l auth buffer in FwCmd_NV_DefineSpace before return
…ied list counts in TPM2_PCR_Extend, TPM2_SetCommandCodeAuditStatus, TPM2_PolicyOR
There was a problem hiding this comment.
Pull request overview
This PR delivers a set of correctness and hardening fixes across the TPM2 wrapper, fwTPM command processing, and SPDM parsing, and adds/extends unit tests to cover previously untested edge cases (notably ECDAA parsing and HMAC-verify paths).
Changes:
- Add unit tests covering ECDAA ECC_Parameters response parsing and additional TPM2B_SENSITIVE roundtrips; extend SPDM tests to validate ResponderVerifyData HMAC failure/success paths.
- Harden multiple wrapper APIs by rejecting oversize auth/authPolicy inputs (returning
BUFFER_E) instead of truncating, and reuse shared packet helpers for sensitive/scheme parsing. - fwTPM: refactor password-vs-authValue comparison into a constant-time helper and scrub temporary auth material; fix minor HAL/example robustness issues.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/unit_tests.c | Adds ECC ECDAA response-parse regression test and expands sensitive roundtrip coverage. |
| src/tpm2_wrap.c | Tightens input-size validation (auth/authPolicy/usageAuth) and avoids silent truncation. |
| src/tpm2.c | Caps attacker-controlled counts, reuses TPM2_Packet_AppendSensitive, and fixes ECDAA scheme parsing via TPM2_Packet_ParseEccScheme. |
| src/spdm/unit_test.c | Adds SPDM KE_RSP and PSK_EX_RSP tests that exercise verify-data HMAC compare paths (positive/negative). |
| src/fwtpm/fwtpm_command.c | Introduces constant-time auth comparison helper and scrubs NV DefineSpace auth on exit. |
| hal/tpm_io_microchip.c | Resets busy_retry each I2C transaction loop iteration to avoid stale retry counts. |
| hal/tpm_io_infineon.c | Fixes missing semicolon on extern declaration. |
| examples/pkcs7/pkcs7.c | Adjusts digest-size retrieval flow to use an intermediate rc and cast after validation. |
| examples/pcr/quote.c | Splits numeric parsing from range validation for PCR index argument handling. |
| examples/firmware/st33_fw_update.c | Uses goto exit to ensure consistent cleanup on early-return paths. |
| examples/firmware/ifx_fw_update.c | Uses goto exit to ensure consistent cleanup on early-return paths. |
| examples/firmware/ifx_fw_extract.c | Fixes off-by-one bounds checks in big-endian read macros and size validation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
aidangarske
force-pushed
the
fenrir-fixes-9
branch
from
4a0e4cb to
070c2b7
Compare
…pendSensitive in TPM2_LoadExternal and extend roundtrip test coverage
aidangarske
force-pushed
the
fenrir-fixes-9
branch
from
070c2b7 to
c5145d8
Compare
dgarske
approved these changes
Apr 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
F-3245, F-3246, F-3247, F-3248, F-3249, F-3250, F-3251, F-3263, F-3264, F-3265, F-3266, F-3267, F-3268, F-3269, F-3270, F-3271