Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tpm2-pkcs11 emits NULL byte padded model numbers #846

Open
uedvt359 opened this issue Oct 18, 2023 · 0 comments
Open

tpm2-pkcs11 emits NULL byte padded model numbers #846

uedvt359 opened this issue Oct 18, 2023 · 0 comments

Comments

@uedvt359
Copy link

I initially reported this here: latchset/pkcs11-provider#296

One of the maintainers has generously traced the issue to here:

Null bytes are illegal per PKCS11 spec.
From https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01.html#_Toc111203192

model model of the device. MUST be padded with the blank character (‘ ‘). MUST NOT be null-terminated.

This is a bug in tmp2-pkcs11, please report it to them.

All of the strings returned in CK_INFO, CK_SLOT_INFO, CK_TOKEN_INFO structure MUST NOT be NULL terminated and must be blank (space) padded to their length.

The broken code starts here:
https://github.com/tpm2-software/tpm2-pkcs11/blame/1b3aab90ee5f7debbce82c7e229aa2950a9e8f0d/src/lib/tpm.c#L784

They use the correct padding helpers but the code is wrong because it always passes 16 byte as the source len, regardless of what's in the vendor structure.
What they need to do is to copy the vendor info, then parse the string, find the NULL bytes and convert them to spaces.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@uedvt359