tpm2-pkcs11 icon indicating copy to clipboard operation
tpm2-pkcs11 copied to clipboard

Published 20 hours ago verified publisher icon tpm2-software

tpm2-pkcs11 emits NULL byte padded model numbers

Open uedvt359 opened this issue 1 year ago • 0 comments

I initially reported this here: https://github.com/latchset/pkcs11-provider/issues/296

One of the maintainers has generously traced the issue to here:

Null bytes are illegal per PKCS11 spec. From https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01.html#_Toc111203192

model model of the device. MUST be padded with the blank character (‘ ‘). MUST NOT be null-terminated.

This is a bug in tmp2-pkcs11, please report it to them.

All of the strings returned in CK_INFO, CK_SLOT_INFO, CK_TOKEN_INFO structure MUST NOT be NULL terminated and must be blank (space) padded to their length.

The broken code starts here: https://github.com/tpm2-software/tpm2-pkcs11/blame/1b3aab90ee5f7debbce82c7e229aa2950a9e8f0d/src/lib/tpm.c#L784

They use the correct padding helpers but the code is wrong because it always passes 16 byte as the source len, regardless of what's in the vendor structure. What they need to do is to copy the vendor info, then parse the string, find the NULL bytes and convert them to spaces.

uedvt359 avatar Oct 18 '23 14:10 uedvt359