@@ -31,6 +31,10 @@ enum mock_mode {
3131
3232static enum mock_mode current_mode ;
3333static int nvread_calls ;
34+ static int unexpected_nvcreate_calls ;
35+ static int unexpected_nvwrite_calls ;
36+ static int unexpected_nvopen_calls ;
37+ static int unexpected_nvdelete_calls ;
3438static int oversized_pub_read_attempted ;
3539static int oversized_priv_read_attempted ;
3640static int forcezero_calls ;
@@ -54,6 +58,13 @@ int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index,
5458 return 0 ;
5559}
5660
61+ int wolfTPM2_UnsetAuth (WOLFTPM2_DEV * dev , int index )
62+ {
63+ (void )dev ;
64+ (void )index ;
65+ return 0 ;
66+ }
67+
5768int wolfTPM2_SetAuthSession (WOLFTPM2_DEV * dev , int index ,
5869 WOLFTPM2_SESSION * tpmSession , TPMA_SESSION sessionAttributes )
5970{
@@ -280,6 +291,71 @@ int TPM2_ParsePublic(TPM2B_PUBLIC* pub, byte* buf, word32 size, int* sizeUsed)
280291 return 0 ;
281292}
282293
294+ int TPM2_AppendPublic (byte * out , word32 outSz , int * pubAreaSize ,
295+ TPM2B_PUBLIC * pub )
296+ {
297+ (void )pub ;
298+ ck_assert_uint_ge (outSz , 4 );
299+ memset (out , 0 , 4 );
300+ * pubAreaSize = 4 ;
301+ return 0 ;
302+ }
303+
304+ int wolfTPM2_NVCreateAuth (WOLFTPM2_DEV * dev , WOLFTPM2_HANDLE * parent ,
305+ WOLFTPM2_NV * nv , word32 nvIndex , word32 nvAttributes , word32 maxSize ,
306+ const byte * auth , int authSz )
307+ {
308+ (void )dev ;
309+ (void )parent ;
310+ (void )nv ;
311+ (void )nvIndex ;
312+ (void )nvAttributes ;
313+ (void )maxSize ;
314+ (void )auth ;
315+ (void )authSz ;
316+ unexpected_nvcreate_calls ++ ;
317+ ck_abort_msg ("Unexpected wolfTPM2_NVCreateAuth call" );
318+ return -1 ;
319+ }
320+
321+ int wolfTPM2_NVWriteAuth (WOLFTPM2_DEV * dev , WOLFTPM2_NV * nv ,
322+ word32 nvIndex , byte * dataBuf , word32 dataSz , word32 offset )
323+ {
324+ (void )dev ;
325+ (void )nv ;
326+ (void )nvIndex ;
327+ (void )dataBuf ;
328+ (void )dataSz ;
329+ (void )offset ;
330+ unexpected_nvwrite_calls ++ ;
331+ ck_abort_msg ("Unexpected wolfTPM2_NVWriteAuth call" );
332+ return -1 ;
333+ }
334+
335+ int wolfTPM2_NVOpen (WOLFTPM2_DEV * dev , WOLFTPM2_NV * nv ,
336+ word32 nvIndex , const byte * auth , word32 authSz )
337+ {
338+ (void )dev ;
339+ (void )nv ;
340+ (void )nvIndex ;
341+ (void )auth ;
342+ (void )authSz ;
343+ unexpected_nvopen_calls ++ ;
344+ ck_abort_msg ("Unexpected wolfTPM2_NVOpen call" );
345+ return -1 ;
346+ }
347+
348+ int wolfTPM2_NVDeleteAuth (WOLFTPM2_DEV * dev , WOLFTPM2_HANDLE * parent ,
349+ word32 nvIndex )
350+ {
351+ (void )dev ;
352+ (void )parent ;
353+ (void )nvIndex ;
354+ unexpected_nvdelete_calls ++ ;
355+ ck_abort_msg ("Unexpected wolfTPM2_NVDeleteAuth call" );
356+ return -1 ;
357+ }
358+
283359int wolfTPM2_NVReadAuth (WOLFTPM2_DEV * dev , WOLFTPM2_NV * nv ,
284360 word32 nvIndex , byte * dataBuf , word32 * pDataSz , word32 offset )
285361{
@@ -326,6 +402,10 @@ static void setup(void)
326402{
327403 current_mode = MOCK_OVERSIZE_PUB ;
328404 nvread_calls = 0 ;
405+ unexpected_nvcreate_calls = 0 ;
406+ unexpected_nvwrite_calls = 0 ;
407+ unexpected_nvopen_calls = 0 ;
408+ unexpected_nvdelete_calls = 0 ;
329409 oversized_pub_read_attempted = 0 ;
330410 oversized_priv_read_attempted = 0 ;
331411 forcezero_calls = 0 ;
@@ -350,6 +430,56 @@ START_TEST(test_wolfBoot_read_blob_rejects_oversized_public_area)
350430}
351431END_TEST
352432
433+ START_TEST (test_wolfBoot_store_blob_rejects_oversized_auth )
434+ {
435+ WOLFTPM2_KEYBLOB blob ;
436+ uint8_t auth [sizeof (((WOLFTPM2_NV * )0 )-> handle .auth .buffer ) + 1 ];
437+ int rc ;
438+
439+ memset (& blob , 0 , sizeof (blob ));
440+ memset (auth , 0x44 , sizeof (auth ));
441+
442+ rc = wolfBoot_store_blob (TPM_RH_PLATFORM , 0x01400300 , 0 , & blob ,
443+ auth , (uint32_t )sizeof (auth ));
444+
445+ ck_assert_int_eq (rc , BAD_FUNC_ARG );
446+ ck_assert_int_eq (unexpected_nvcreate_calls , 0 );
447+ ck_assert_int_eq (unexpected_nvwrite_calls , 0 );
448+ }
449+ END_TEST
450+
451+ START_TEST (test_wolfBoot_read_blob_rejects_oversized_auth )
452+ {
453+ WOLFTPM2_KEYBLOB blob ;
454+ uint8_t auth [sizeof (((WOLFTPM2_NV * )0 )-> handle .auth .buffer ) + 1 ];
455+ int rc ;
456+
457+ memset (& blob , 0 , sizeof (blob ));
458+ memset (auth , 0x55 , sizeof (auth ));
459+
460+ rc = wolfBoot_read_blob (0x01400300 , & blob , auth , (uint32_t )sizeof (auth ));
461+
462+ ck_assert_int_eq (rc , BAD_FUNC_ARG );
463+ ck_assert_int_eq (nvread_calls , 0 );
464+ }
465+ END_TEST
466+
467+ START_TEST (test_wolfBoot_delete_blob_rejects_oversized_auth )
468+ {
469+ uint8_t auth [sizeof (((WOLFTPM2_NV * )0 )-> handle .auth .buffer ) + 1 ];
470+ int rc ;
471+
472+ memset (auth , 0x66 , sizeof (auth ));
473+
474+ rc = wolfBoot_delete_blob (TPM_RH_PLATFORM , 0x01400300 , auth ,
475+ (uint32_t )sizeof (auth ));
476+
477+ ck_assert_int_eq (rc , BAD_FUNC_ARG );
478+ ck_assert_int_eq (unexpected_nvopen_calls , 0 );
479+ ck_assert_int_eq (unexpected_nvdelete_calls , 0 );
480+ }
481+ END_TEST
482+
353483START_TEST (test_wolfBoot_unseal_blob_zeroes_unseal_output )
354484{
355485 uint8_t secret [WOLFBOOT_MAX_SEAL_SZ ];
@@ -428,6 +558,9 @@ static Suite *tpm_blob_suite(void)
428558 s = suite_create ("TPM Blob" );
429559 tc = tcase_create ("wolfBoot_read_blob" );
430560 tcase_add_checked_fixture (tc , setup , NULL );
561+ tcase_add_test (tc , test_wolfBoot_store_blob_rejects_oversized_auth );
562+ tcase_add_test (tc , test_wolfBoot_read_blob_rejects_oversized_auth );
563+ tcase_add_test (tc , test_wolfBoot_delete_blob_rejects_oversized_auth );
431564 tcase_add_test (tc , test_wolfBoot_read_blob_rejects_oversized_public_area );
432565 tcase_add_test (tc , test_wolfBoot_read_blob_rejects_oversized_private_area );
433566 tcase_add_test (tc , test_wolfBoot_unseal_blob_zeroes_unseal_output );
0 commit comments