On Fri, Nov 4, 2022 at 11:33 AM Kees Cook [off-list ref] wrote:

On Thu, Nov 03, 2022 at 11:01:12AM -0700, Evan Green wrote:

quoted

In addition to the private key and public key, the TPM2_Create
command may also return creation data, a creation hash, and a creation
ticket. These fields allow the TPM to attest to the contents of a
specified set of PCRs at the time the trusted key was created. Encrypted
hibernation will use this to ensure that PCRs settable only by the
kernel were set properly at the time of creation, indicating this is an
authentic hibernate key.

Encode these additional parameters into the ASN.1 created to represent
the key blob. The new fields are made optional so that they don't bloat
key blobs which don't need them, and to ensure interoperability with
old blobs.

Signed-off-by: Evan Green <redacted>

There's a lot of open-coded math for the bounds checking. I didn't
immediately see any problems, but it'd be nice if there was a way to
hook a fuzzer up to this, or at least write some KUnit tests to check
boundary conditions explicitly.

Reviewed-by: Kees Cook <redacted>

Thank you! Yes, agreed about all the bounds checking. I could probably
pull out the "check for src + 2 > end, then get_unaligned_be16()" into
a helper function. Let me see if that makes things look better or ends
up looking the same.
-Evan