From 818fdb1dbca58b8f7bf986b191ac8eb5bebb0a55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20Th=C3=B6ni?= Date: Fri, 10 May 2024 23:16:37 +0200 Subject: [PATCH] ESYS: StartAuthSession bind auth trailing zeroes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When StartAuthSession is called with a bind entity with a auth value containing trailing zeroes, the HMAC or policy session computation of ESYS does not match the computation on the TPM2. The fix is to remove trailing zeroes from the auth value according to the specification (TPM2 Architecture, 19.6.5, Note 2) before computation of the session key. The fixed bug is especially tricky as a randomly generated auth value of the bind object can cause HMAC or policy session to fail occassionally. Signed-off-by: Stefan Thöni --- src/tss2-esys/api/Esys_StartAuthSession.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/src/tss2-esys/api/Esys_StartAuthSession.c b/src/tss2-esys/api/Esys_StartAuthSession.c index 076760d0b..1828a44de 100644 --- a/src/tss2-esys/api/Esys_StartAuthSession.c +++ b/src/tss2-esys/api/Esys_StartAuthSession.c @@ -469,9 +469,20 @@ Esys_StartAuthSession_Finish( LOG_ERROR("Out of memory."); return TSS2_ESYS_RC_MEMORY; } - if (bind != ESYS_TR_NONE && bindNode != NULL - && bindNode->auth.size > 0) - memcpy(&secret[0], &bindNode->auth.buffer[0], bindNode->auth.size); + + if (bind != ESYS_TR_NONE && bindNode != NULL) { + /* + * TPM2.0 Architecture 19.6.5 Note 2 + * + * Remove tailing zeroes from the auth value + */ + while ((bindNode->auth.size > 0) && + (bindNode->auth.buffer[bindNode->auth.size - 1] == 0x00)) + bindNode->auth.size--; + + if (bindNode->auth.size > 0) + memcpy(&secret[0], &bindNode->auth.buffer[0], bindNode->auth.size); + } if (tpmKey != ESYS_TR_NONE) memcpy(&secret[(bind == ESYS_TR_NONE || bindNode == NULL) ? 0 : bindNode->auth.size],