Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ComputeAuthTimeout expiry overflow reproducer #261

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Add ComputeAuthTimeout expiry overflow reproducer #261

wants to merge 4 commits into from

Commits on Apr 15, 2021

  1. Add support for encoding Signatures 

    Some functions in tpm2 expect an encoded TPMT_SIGNATURE.
Here, we add an Encode method on the Signature type
to support these functions.
    @alexmwu
    alexmwu committed Apr 15, 2021
    Configuration menu
    Copy the full SHA
    c7dc278 View commit details
    Browse the repository at this point in the history

  2. Add tpm2.PolicySigned 

    Add the ability to call TPM2_PolicySigned, and add PolicySigned
test to verify correct behavior given different expiration values.
    @alexmwu
    alexmwu committed Apr 15, 2021
    Configuration menu
    Copy the full SHA
    49f8a0e View commit details
    Browse the repository at this point in the history

  3. Add test on ComputeAuthTimeout 

    The Microsoft TPM2 and IBM SW TPM simulator both use an absolute
value method of `expiration = -expiration` in ComputeAuthTimeout.

As abs(Int32Min) cannot be represented
an an int32, this expression evaluates to Int32Min.

See https://github.com/microsoft/ms-tpm-20-ref/blob/b94f9f92c579b723a16be72a69efbbf9c35ce44e/TPMCmd/tpm/src/command/EA/Policy_spt.c#L189

The function goes on to cast expiration to UINT64. This can either
be sign-extended or zero-extended, which is undefined behavior.
If it is sign-extended, this carries the negative bit to create a
large number (9.22 e+18 ms ~ 292471140.58 years).
If it is zero-extended, this results in 2147483648000 ms ~ 68.1 years.

Also, enable non-zero expirations on TestPolicySecret
The TPM2.0 spec, Revision 1.16, states that TPM2_PolicySecret
doesn't return a timeout/ticket for a nonzero expiration
without a nonce.
    @alexmwu
    alexmwu committed Apr 15, 2021
    Configuration menu
    Copy the full SHA
    9770b63 View commit details
    Browse the repository at this point in the history

  4. Allow different nonces in TestPolicySigned/Secret 

    Separate revisions of the TPM spec treat
expirations and nonces differently.
Revision 1.16 requires a nonce with non-zero
expiration while 1.59 does not. For the
ComputeAuthTimeout test, we need empty
nonces and expiration == min int32
to test properly.
    @alexmwu
    alexmwu committed Apr 15, 2021
    Configuration menu
    Copy the full SHA
    9660b15 View commit details
    Browse the repository at this point in the history