Add ComputeAuthTimeout expiry overflow reproducer #261
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some functions in tpm2 expect an encoded TPMT_SIGNATURE. Here, we add an Encode method on the Signature type to support these functions.
Add the ability to call TPM2_PolicySigned, and add PolicySigned test to verify correct behavior given different expiration values.
The Microsoft TPM2 and IBM SW TPM simulator both use an absolute value method of `expiration = -expiration` in ComputeAuthTimeout. As abs(Int32Min) cannot be represented an an int32, this expression evaluates to Int32Min. See https://github.com/microsoft/ms-tpm-20-ref/blob/b94f9f92c579b723a16be72a69efbbf9c35ce44e/TPMCmd/tpm/src/command/EA/Policy_spt.c#L189 The function goes on to cast expiration to UINT64. This can either be sign-extended or zero-extended, which is undefined behavior. If it is sign-extended, this carries the negative bit to create a large number (9.22 e+18 ms ~ 292471140.58 years). If it is zero-extended, this results in 2147483648000 ms ~ 68.1 years. Also, enable non-zero expirations on TestPolicySecret The TPM2.0 spec, Revision 1.16, states that TPM2_PolicySecret doesn't return a timeout/ticket for a nonzero expiration without a nonce.
Separate revisions of the TPM spec treat expirations and nonces differently. Revision 1.16 requires a nonce with non-zero expiration while 1.59 does not. For the ComputeAuthTimeout test, we need empty nonces and expiration == min int32 to test properly.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
(Split off from #237 to allow merging the new functionality in)
The Microsoft TPM2 and IBM SW TPM simulator both use an absolute
value method of
expiration = -expirationin ComputeAuthTimeout.As abs(min Int32) cannot be represented an an int32, this expression evaluates to min Int32.
See https://github.com/microsoft/ms-tpm-20-ref/blob/b94f9f92c579b723a16be72a69efbbf9c35ce44e/TPMCmd/tpm/src/command/EA/Policy_spt.c#L189
The function goes on to cast expiration to UINT64. This can either
be sign-extended or zero-extended, which is undefined behavior.