From 19bfc49d4ea5f32d13805d5f28825b21ed37f987 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 8 Feb 2019 17:29:34 -0800 Subject: [PATCH] Fix for polling timeout issue on RSA key gen. Improved performance for SLB9670 by adding 10us delay between polling. Tuned max SPI clock and performance for supported TPM 2.0 chips. Cleanups for the configure automake output. Updated benchmarks and console output for examples in README.md. Added self test wrapper and call to it in wrapper init to resolve ATTPM20 issue (can also be enabled using `WOLFTPM_PERFORM_SELFTEST`). --- README.md | 154 ++++++++++++++++++++++++++++------------- configure.ac | 16 ++++- examples/bench/bench.c | 31 +++++---- examples/tpm_io.c | 23 ++++-- src/tpm2_wrap.c | 32 +++++++++ wolftpm/tpm2_types.h | 13 +++- wolftpm/tpm2_wrap.h | 1 + 7 files changed, 195 insertions(+), 75 deletions(-) diff --git a/README.md b/README.md index d7fbe35..4933d2a 100644 --- a/README.md +++ b/README.md @@ -245,36 +245,35 @@ These examples demonstrate features of a TPM 2.0 module. The examples create RSA ``` ./examples/wrap/wrap_test TPM2 Demo for Wrapper API's -Mfg IFX (1), Vendor SLB9670, Fw 7.85 (4555), FIPS 140-2 1, CC-EAL4 1 +Mfg STM (2), Vendor , Fw 74.8 (1151341959), FIPS 140-2 1, CC-EAL4 0 RSA Encrypt/Decrypt Test Passed RSA Encrypt/Decrypt OAEP Test Passed -RSA Key 0x80000001 Exported to wolf RsaKey +RSA Key 0x80000000 Exported to wolf RsaKey wolf RsaKey loaded into TPM: Handle 0x80000000 -RSA Private Key Loaded into TPM: Handle 0x80000001 +RSA Private Key Loaded into TPM: Handle 0x80000000 ECC Sign/Verify Passed -ECC DH Generation Passed +ECC DH Test Passed ECC Verify Test Passed -ECC Key 0x80000001 Exported to wolf ecc_key -wolfSSL Entering GetObjectId() +ECC Key 0x80000000 Exported to wolf ecc_key wolf ecc_key loaded into TPM: Handle 0x80000000 -wolfSSL Entering GetObjectId() -ECC Private Key Loaded into TPM: Handle 0x80000001 +ECC Private Key Loaded into TPM: Handle 0x80000000 NV Test on index 0x1800200 with 1024 bytes passed Hash SHA256 test success +HMAC SHA256 test success +Encrypt/Decrypt (known key) test success Encrypt/Decrypt test success ``` ### TPM2 Benchmarks Note: Key Generation is using existing template from hierarchy seed. -Note: SPI bus speed increased to 10Mhz for these measurements. -Run on Infineon OPTIGA SLB9670: +Run on Infineon OPTIGA SLB9670 at 43MHz: ``` ./examples/bench/bench TPM2 Benchmark using Wrapper API's -RNG 8 KB took 1.089 seconds, 7.344 KB/s +RNG 16 KB took 1.140 seconds, 14.033 KB/s Benchmark symmetric AES-128-CBC-enc not supported! Benchmark symmetric AES-128-CBC-dec not supported! Benchmark symmetric AES-256-CBC-enc not supported! @@ -285,50 +284,83 @@ Benchmark symmetric AES-256-CTR-enc not supported! Benchmark symmetric AES-256-CTR-dec not supported! Benchmark symmetric AES-256-CFB-enc not supported! Benchmark symmetric AES-256-CFB-dec not supported! -SHA1 28 KB took 1.007 seconds, 27.800 KB/s -SHA256 28 KB took 1.002 seconds, 27.946 KB/s -RSA 2048 key gen 6 ops took 12.175 sec, avg 2029.085 ms, 0.493 ops/sec -RSA 2048 Public 45 ops took 1.019 sec, avg 22.649 ms, 44.151 ops/sec -RSA 2048 Private 6 ops took 1.059 sec, avg 176.565 ms, 5.664 ops/sec -RSA 2048 Pub OAEP 46 ops took 1.009 sec, avg 21.925 ms, 45.610 ops/sec -RSA 2048 Priv OAEP 6 ops took 1.051 sec, avg 175.166 ms, 5.709 ops/sec -ECC 256 key gen 4 ops took 1.013 sec, avg 253.259 ms, 3.949 ops/sec -ECDSA 256 sign 14 ops took 1.028 sec, avg 73.403 ms, 13.623 ops/sec -ECDSA 256 verify 9 ops took 1.056 sec, avg 117.290 ms, 8.526 ops/sec -ECDHE 256 agree 5 ops took 1.178 sec, avg 235.695 ms, 4.243 ops/sec +SHA1 138 KB took 1.009 seconds, 136.783 KB/s +SHA256 138 KB took 1.009 seconds, 136.763 KB/s +RSA 2048 key gen 5 ops took 10.981 sec, avg 2196.230 ms, 0.455 ops/sec +RSA 2048 Public 113 ops took 1.005 sec, avg 8.893 ms, 112.449 ops/sec +RSA 2048 Private 7 ops took 1.142 sec, avg 163.207 ms, 6.127 ops/sec +RSA 2048 Pub OAEP 73 ops took 1.011 sec, avg 13.848 ms, 72.211 ops/sec +RSA 2048 Priv OAEP 6 ops took 1.004 sec, avg 167.399 ms, 5.974 ops/sec +ECC 256 key gen 5 ops took 1.157 sec, avg 231.350 ms, 4.322 ops/sec +ECDSA 256 sign 15 ops took 1.033 sec, avg 68.865 ms, 14.521 ops/sec +ECDSA 256 verify 9 ops took 1.022 sec, avg 113.539 ms, 8.808 ops/sec +ECDHE 256 agree 5 ops took 1.161 sec, avg 232.144 ms, 4.308 ops/sec ``` -Run on ST ST33TP SPI: +Run on ST ST33TP SPI at 33MHz: ``` ./examples/bench/bench TPM2 Benchmark using Wrapper API's -RNG 18 KB took 1.081 seconds, 16.657 KB/s -AES-128-CBC-enc 48 KB took 1.026 seconds, 46.779 KB/s -AES-128-CBC-dec 48 KB took 1.024 seconds, 46.887 KB/s -AES-256-CBC-enc 48 KB took 1.026 seconds, 46.797 KB/s -AES-256-CBC-dec 48 KB took 1.023 seconds, 46.941 KB/s -AES-128-CTR-enc 28 KB took 1.022 seconds, 27.392 KB/s -AES-128-CTR-dec 28 KB took 1.022 seconds, 27.391 KB/s -AES-256-CTR-enc 30 KB took 1.069 seconds, 28.074 KB/s -AES-256-CTR-dec 30 KB took 1.068 seconds, 28.080 KB/s -AES-128-CFB-enc 48 KB took 1.038 seconds, 46.226 KB/s -AES-128-CFB-dec 48 KB took 1.025 seconds, 46.843 KB/s -AES-256-CFB-enc 48 KB took 1.037 seconds, 46.298 KB/s -AES-256-CFB-dec 48 KB took 1.026 seconds, 46.793 KB/s -SHA1 116 KB took 1.013 seconds, 114.504 KB/s -SHA256 108 KB took 1.000 seconds, 107.962 KB/s -RSA 2048 key gen 1 ops took 1.908 sec, avg 1908.493 ms, 0.524 ops/sec -RSA 2048 Public 124 ops took 1.002 sec, avg 8.078 ms, 123.790 ops/sec -RSA 2048 Private 5 ops took 1.234 sec, avg 246.729 ms, 4.053 ops/sec -RSA 2048 Pub OAEP 87 ops took 1.007 sec, avg 11.569 ms, 86.436 ops/sec -RSA 2048 Priv OAEP 4 ops took 1.004 sec, avg 250.991 ms, 3.984 ops/sec -ECC 256 key gen 5 ops took 1.091 sec, avg 218.226 ms, 4.582 ops/sec -ECDSA 256 sign 24 ops took 1.001 sec, avg 41.718 ms, 23.971 ops/sec -ECDSA 256 verify 14 ops took 1.033 sec, avg 73.771 ms, 13.555 ops/sec -ECDHE 256 agree 5 ops took 1.231 sec, avg 246.112 ms, 4.063 ops/sec +RNG 14 KB took 1.017 seconds, 13.763 KB/s +AES-128-CBC-enc 40 KB took 1.008 seconds, 39.666 KB/s +AES-128-CBC-dec 42 KB took 1.032 seconds, 40.711 KB/s +AES-256-CBC-enc 40 KB took 1.013 seconds, 39.496 KB/s +AES-256-CBC-dec 40 KB took 1.011 seconds, 39.563 KB/s +AES-128-CTR-enc 26 KB took 1.055 seconds, 24.646 KB/s +AES-128-CTR-dec 26 KB took 1.035 seconds, 25.117 KB/s +AES-256-CTR-enc 26 KB took 1.028 seconds, 25.302 KB/s +AES-256-CTR-dec 26 KB took 1.030 seconds, 25.252 KB/s +AES-128-CFB-enc 42 KB took 1.045 seconds, 40.201 KB/s +AES-128-CFB-dec 40 KB took 1.008 seconds, 39.699 KB/s +AES-256-CFB-enc 40 KB took 1.022 seconds, 39.151 KB/s +AES-256-CFB-dec 42 KB took 1.041 seconds, 40.362 KB/s +SHA1 86 KB took 1.005 seconds, 85.559 KB/s +SHA256 84 KB took 1.019 seconds, 82.467 KB/s +RSA 2048 key gen 1 ops took 7.455 sec, avg 7455.036 ms, 0.134 ops/sec +RSA 2048 Public 110 ops took 1.003 sec, avg 9.122 ms, 109.624 ops/sec +RSA 2048 Private 5 ops took 1.239 sec, avg 247.752 ms, 4.036 ops/sec +RSA 2048 Pub OAEP 81 ops took 1.001 sec, avg 12.364 ms, 80.880 ops/sec +RSA 2048 Priv OAEP 4 ops took 1.007 sec, avg 251.780 ms, 3.972 ops/sec +ECC 256 key gen 5 ops took 1.099 sec, avg 219.770 ms, 4.550 ops/sec +ECDSA 256 sign 24 ops took 1.016 sec, avg 42.338 ms, 23.619 ops/sec +ECDSA 256 verify 14 ops took 1.036 sec, avg 74.026 ms, 13.509 ops/sec +ECDHE 256 agree 5 ops took 1.235 sec, avg 247.085 ms, 4.047 ops/sec + ``` +Run on Microchip ATTPM20 at 33MHz: + +``` +./examples/bench/bench +TPM2 Benchmark using Wrapper API's +RNG 2 KB took 1.867 seconds, 1.071 KB/s +Benchmark symmetric AES-128-CBC-enc not supported! +Benchmark symmetric AES-128-CBC-dec not supported! +Benchmark symmetric AES-256-CBC-enc not supported! +Benchmark symmetric AES-256-CBC-dec not supported! +Benchmark symmetric AES-128-CTR-enc not supported! +Benchmark symmetric AES-128-CTR-dec not supported! +Benchmark symmetric AES-256-CTR-enc not supported! +Benchmark symmetric AES-256-CTR-dec not supported! +AES-128-CFB-enc 16 KB took 1.112 seconds, 14.383 KB/s +AES-128-CFB-dec 16 KB took 1.129 seconds, 14.166 KB/s +AES-256-CFB-enc 12 KB took 1.013 seconds, 11.845 KB/s +AES-256-CFB-dec 12 KB took 1.008 seconds, 11.909 KB/s +SHA1 22 KB took 1.009 seconds, 21.797 KB/s +SHA256 22 KB took 1.034 seconds, 21.270 KB/s +RSA 2048 key gen 3 ops took 15.828 sec, avg 5275.861 ms, 0.190 ops/sec +RSA 2048 Public 22 ops took 1.034 sec, avg 47.021 ms, 21.267 ops/sec +RSA 2048 Private 9 ops took 1.059 sec, avg 117.677 ms, 8.498 ops/sec +RSA 2048 Pub OAEP 21 ops took 1.007 sec, avg 47.959 ms, 20.851 ops/sec +RSA 2048 Priv OAEP 9 ops took 1.066 sec, avg 118.423 ms, 8.444 ops/sec +ECC 256 key gen 7 ops took 1.072 sec, avg 153.140 ms, 6.530 ops/sec +ECDSA 256 sign 18 ops took 1.056 sec, avg 58.674 ms, 17.043 ops/sec +ECDSA 256 verify 24 ops took 1.031 sec, avg 42.970 ms, 23.272 ops/sec +ECDHE 256 agree 16 ops took 1.023 sec, avg 63.934 ms, 15.641 ops/sec +``` + + ### TPM2 Native Tests ``` @@ -345,31 +377,56 @@ TPM2_GetCapability: Property FIRMWARE_VERSION_1 0x004a0008 TPM2_GetCapability: Property FIRMWARE_VERSION_2 0x44a01587 TPM2_GetRandom: Got 32 bytes TPM2_StirRandom: success +TPM2_PCR_Read: Index 0, Count 1 TPM2_PCR_Read: Index 0, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 1, Count 1 TPM2_PCR_Read: Index 1, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 2, Count 1 TPM2_PCR_Read: Index 2, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 3, Count 1 TPM2_PCR_Read: Index 3, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 4, Count 1 TPM2_PCR_Read: Index 4, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 5, Count 1 TPM2_PCR_Read: Index 5, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 6, Count 1 TPM2_PCR_Read: Index 6, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 7, Count 1 TPM2_PCR_Read: Index 7, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 8, Count 1 TPM2_PCR_Read: Index 8, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 9, Count 1 TPM2_PCR_Read: Index 9, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 10, Count 1 TPM2_PCR_Read: Index 10, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 11, Count 1 TPM2_PCR_Read: Index 11, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 12, Count 1 TPM2_PCR_Read: Index 12, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 13, Count 1 TPM2_PCR_Read: Index 13, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 14, Count 1 TPM2_PCR_Read: Index 14, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 15, Count 1 TPM2_PCR_Read: Index 15, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 16, Count 1 TPM2_PCR_Read: Index 16, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 17, Count 1 TPM2_PCR_Read: Index 17, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 18, Count 1 TPM2_PCR_Read: Index 18, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 19, Count 1 TPM2_PCR_Read: Index 19, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 20, Count 1 TPM2_PCR_Read: Index 20, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 21, Count 1 TPM2_PCR_Read: Index 21, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 22, Count 1 TPM2_PCR_Read: Index 22, Digest Sz 32, Update Counter 20 +TPM2_PCR_Read: Index 23, Count 1 TPM2_PCR_Read: Index 23, Digest Sz 32, Update Counter 20 TPM2_PCR_Extend success +TPM2_PCR_Read: Index 0, Count 1 TPM2_PCR_Read: Index 0, Digest Sz 32, Update Counter 21 TPM2_StartAuthSession: sessionHandle 0x3000000 TPM2_PolicyGetDigest: size 32 @@ -513,11 +570,10 @@ Connection: close ## Todo -* Improve overall documentation. * Add support for encrypting / decrypting parameters. * Add support for SensitiveToPrivate inner and outer. * Add `spi_tis_dev` support for Raspberry Pi. -* Add runtime support for detecting module type ST33 or SLB9670. +* Add runtime support for detecting module type ST33, SLB9670 or ATTPM20. ## Support diff --git a/configure.ac b/configure.ac index 4b488a7..81de036 100644 --- a/configure.ac +++ b/configure.ac @@ -169,7 +169,7 @@ fi AM_CONDITIONAL([BUILD_ADVIO], [test "x$ENABLED_ADVIO" = "xyes"]) -# ST33 Support +# STM ST33 Support AC_ARG_ENABLE([st33], [AS_HELP_STRING([--enable-st33],[Enable ST33 TPM Support (default: disabled)])], [ ENABLED_ST33=$enableval ], @@ -183,7 +183,7 @@ fi AM_CONDITIONAL([BUILD_ST33], [test "x$ENABLED_ST33" = "xyes"]) -# MCHP Support +# Microchip ATTPM20 Support AC_ARG_ENABLE([mchp], [AS_HELP_STRING([--enable-mchp],[Enable TPM 2.0 Support (default: disabled)])], [ ENABLED_MCHP=$enableval ], @@ -195,6 +195,14 @@ then fi AM_CONDITIONAL([BUILD_MCHP], [test "x$ENABLED_MCHP" = "xyes"]) +# Infineon SLB9670 +ENABLED_INFINEON=no +if test "x$ENABLED_MCHP" = "xno" && test "x$ENABLED_ST33" = "xno" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_SLB9670" + ENABLED_INFINEON=yes +fi +AM_CONDITIONAL([BUILD_INFINEON], [test "x$ENABLED_INFINEON" = "xyes"]) # HARDEN FLAGS AX_HARDEN_CC_COMPILER_FLAGS @@ -312,5 +320,7 @@ echo " * Wrappers: $ENABLED_WRAPPER" echo " * Examples: $ENABLED_EXAMPLES" echo " * wolfCrypt: $ENABLED_WOLFCRYPT" echo " * Advanced IO: $ENABLED_ADVIO" -echo " * ST33: $ENABLED_ST33" +echo " * Infineon SLB9670 $ENABLED_INFINEON" +echo " * STM ST33: $ENABLED_ST33" +echo " * Microchip ATTPM20: $ENABLED_MCHP" echo " * I2C: $ENABLED_I2C" diff --git a/examples/bench/bench.c b/examples/bench/bench.c index d42b02b..6c4617f 100644 --- a/examples/bench/bench.c +++ b/examples/bench/bench.c @@ -32,7 +32,8 @@ #include /* Configuration */ -#define TPM2_BENCH_DURATION_SEC 1 +#define TPM2_BENCH_DURATION_SEC 1 +#define TPM2_BENCH_DURATION_KEYGEN_SEC 15 static int gUseBase2 = 1; #include @@ -51,10 +52,10 @@ static inline void bench_stats_start(int* count, double* start) *start = current_time(1); } -static inline int bench_stats_check(double start, int* count) +static inline int bench_stats_check(double start, int* count, double maxDurSec) { (*count)++; - return ((current_time(0) - start) < TPM2_BENCH_DURATION_SEC); + return ((current_time(0) - start) < maxDurSec); } /* countSz is number of bytes that 1 count represents. Normally bench_size, @@ -144,7 +145,7 @@ static int bench_sym_hash(WOLFTPM2_DEV* dev, const char* desc, int algo, if (rc != 0) goto exit; rc = wolfTPM2_HashFinish(dev, &hash, digest, &digestSz); if (rc != 0) goto exit; - } while (bench_stats_check(start, &count)); + } while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC)); bench_stats_sym_finish(desc, count, inSz, start); exit: @@ -178,7 +179,7 @@ static int bench_sym_aes(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* storageKey, rc = wolfTPM2_EncryptDecrypt(dev, &aesKey, in, out, inOutSz, NULL, 0, isDecrypt); if (rc != 0) goto exit; - } while (bench_stats_check(start, &count)); + } while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC)); bench_stats_sym_finish(desc, count, inOutSz, start); exit: @@ -244,7 +245,7 @@ int TPM2_Wrapper_Bench(void* userCtx) do { rc = wolfTPM2_GetRandom(&dev, message.buffer, sizeof(message.buffer)); if (rc != 0) goto exit; - } while (bench_stats_check(start, &count)); + } while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC)); bench_stats_sym_finish("RNG", count, sizeof(message.buffer), start); /* AES Benchmarks */ @@ -323,7 +324,7 @@ int TPM2_Wrapper_Bench(void* userCtx) rc = wolfTPM2_CreateAndLoadKey(&dev, &rsaKey, &storageKey.handle, &publicTemplate, (byte*)gKeyAuth, sizeof(gKeyAuth)-1); if (rc != 0) goto exit; - } while (bench_stats_check(start, &count)); + } while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_KEYGEN_SEC)); bench_stats_asym_finish("RSA", 2048, "key gen", count, start); /* Perform RSA encrypt / decrypt (no pad) */ @@ -336,7 +337,7 @@ int TPM2_Wrapper_Bench(void* userCtx) rc = wolfTPM2_RsaEncrypt(&dev, &rsaKey, TPM_ALG_NULL, message.buffer, message.size, cipher.buffer, &cipher.size); if (rc != 0) goto exit; - } while (bench_stats_check(start, &count)); + } while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC)); bench_stats_asym_finish("RSA", 2048, "Public", count, start); bench_stats_start(&count, &start); @@ -345,7 +346,7 @@ int TPM2_Wrapper_Bench(void* userCtx) rc = wolfTPM2_RsaDecrypt(&dev, &rsaKey, TPM_ALG_NULL, cipher.buffer, cipher.size, plain.buffer, &plain.size); if (rc != 0) goto exit; - } while (bench_stats_check(start, &count)); + } while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC)); bench_stats_asym_finish("RSA", 2048, "Private", count, start); @@ -359,7 +360,7 @@ int TPM2_Wrapper_Bench(void* userCtx) rc = wolfTPM2_RsaEncrypt(&dev, &rsaKey, TPM_ALG_OAEP, message.buffer, message.size, cipher.buffer, &cipher.size); if (rc != 0) goto exit; - } while (bench_stats_check(start, &count)); + } while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC)); bench_stats_asym_finish("RSA", 2048, "Pub OAEP", count, start); bench_stats_start(&count, &start); @@ -368,7 +369,7 @@ int TPM2_Wrapper_Bench(void* userCtx) rc = wolfTPM2_RsaDecrypt(&dev, &rsaKey, TPM_ALG_OAEP, cipher.buffer, cipher.size, plain.buffer, &plain.size); if (rc != 0) goto exit; - } while (bench_stats_check(start, &count)); + } while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC)); bench_stats_asym_finish("RSA", 2048, "Priv OAEP", count, start); rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle); @@ -390,7 +391,7 @@ int TPM2_Wrapper_Bench(void* userCtx) rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle, &publicTemplate, (byte*)gKeyAuth, sizeof(gKeyAuth)-1); if (rc != 0) goto exit; - } while (bench_stats_check(start, &count)); + } while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC)); bench_stats_asym_finish("ECC", 256, "key gen", count, start); /* Perform sign / verify */ @@ -403,7 +404,7 @@ int TPM2_Wrapper_Bench(void* userCtx) rc = wolfTPM2_SignHash(&dev, &eccKey, message.buffer, message.size, cipher.buffer, &cipher.size); if (rc != 0) goto exit; - } while (bench_stats_check(start, &count)); + } while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC)); bench_stats_asym_finish("ECDSA", 256, "sign", count, start); bench_stats_start(&count, &start); @@ -411,7 +412,7 @@ int TPM2_Wrapper_Bench(void* userCtx) rc = wolfTPM2_VerifyHash(&dev, &eccKey, cipher.buffer, cipher.size, message.buffer, message.size); if (rc != 0) goto exit; - } while (bench_stats_check(start, &count)); + } while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC)); bench_stats_asym_finish("ECDSA", 256, "verify", count, start); rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle); @@ -435,7 +436,7 @@ int TPM2_Wrapper_Bench(void* userCtx) rc = wolfTPM2_ECDHGen(&dev, &eccKey, &pubPoint, cipher.buffer, &cipher.size); if (rc != 0) goto exit; - } while (bench_stats_check(start, &count)); + } while (bench_stats_check(start, &count, TPM2_BENCH_DURATION_SEC)); bench_stats_asym_finish("ECDHE", 256, "agree", count, start); rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle); diff --git a/examples/tpm_io.c b/examples/tpm_io.c index efc2ba8..3898fe0 100644 --- a/examples/tpm_io.c +++ b/examples/tpm_io.c @@ -53,6 +53,7 @@ /* I2C - (Only tested with ST33HTPH I2C) */ #define TPM2_I2C_ADDR 0x2e #define TPM2_I2C_DEV "/dev/i2c-1" + #define TPM2_I2C_HZ 400000 /* 400kHz */ #else /* SPI */ #ifdef WOLFTPM_MCHP @@ -63,18 +64,28 @@ #ifndef WOLFTPM_CHECK_WAIT_STATE #define WOLFTPM_CHECK_WAIT_STATE #endif - + #ifndef TPM2_SPI_HZ + /* Max: 36MHz (has issues so using 33MHz) */ + #define TPM2_SPI_HZ 33000000 + #endif #elif defined(WOLFTPM_ST33) - /* ST33HTPH SPI uses CE0 */ + /* STM ST33HTPH SPI uses CE0 */ #define TPM2_SPI_DEV "/dev/spidev0.0" - - /* ST33 requires wait state support */ + /* Requires wait state support */ #ifndef WOLFTPM_CHECK_WAIT_STATE #define WOLFTPM_CHECK_WAIT_STATE #endif + #ifndef TPM2_SPI_HZ + /* Max: 33MHz */ + #define TPM2_SPI_HZ 33000000 + #endif #else /* OPTIGA SLB9670 and LetsTrust TPM use CE1 */ #define TPM2_SPI_DEV "/dev/spidev0.1" + #ifndef TPM2_SPI_HZ + /* Max: 43MHz */ + #define TPM2_SPI_HZ 43000000 + #endif #endif #endif @@ -194,8 +205,8 @@ int timeout = TPM_SPI_WAIT_RETRY; #endif - /* 33Mhz - PI has issue with 5-10Mhz on packets sized over 130 */ - unsigned int maxSpeed = 33000000; /* ST=33, INF=43, MCHP=36 */ + /* Note: PI has issue with 5-10Mhz on packets sized over 130 bytes */ + unsigned int maxSpeed = TPM2_SPI_HZ; int mode = 0; /* mode 0 */ int bits_per_word = 8; /* 8-bits */ diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index c688e34..0113adb 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -74,6 +74,14 @@ int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx) printf("TPM2_Startup pass\n"); #endif +#if defined(WOLFTPM_MCHP) || defined(WOLFTPM_PERFORM_SELFTEST) + /* Do self-test (Chips such as ATTPM20 require this before some operations) */ + rc = wolfTPM2_SelfTest(dev); + if (rc != TPM_RC_SUCCESS) { + return rc; + } +#endif + return TPM_RC_SUCCESS; } @@ -86,6 +94,30 @@ int wolfTPM2_GetTpmDevId(WOLFTPM2_DEV* dev) return dev->ctx.did_vid; /* not INVALID_DEVID */ } +int wolfTPM2_SelfTest(WOLFTPM2_DEV* dev) +{ + int rc; + SelfTest_In selfTest; + + if (dev == NULL) + return BAD_FUNC_ARG; + + /* Full self test */ + XMEMSET(&selfTest, 0, sizeof(selfTest)); + selfTest.fullTest = YES; + rc = TPM2_SelfTest(&selfTest); + if (rc != TPM_RC_SUCCESS) { + #ifdef DEBUG_WOLFTPM + printf("TPM2_SelfTest failed 0x%x: %s\n", rc, TPM2_GetRCString(rc)); + #endif + return rc; + } +#ifdef DEBUG_WOLFTPM + printf("TPM2_SelfTest pass\n"); +#endif + + return rc; +} /* Infineon SLB9670 * TPM_PT_MANUFACTURER "IFX" diff --git a/wolftpm/tpm2_types.h b/wolftpm/tpm2_types.h index 62db399..533d650 100644 --- a/wolftpm/tpm2_types.h +++ b/wolftpm/tpm2_types.h @@ -64,7 +64,7 @@ typedef int64_t INT64; /* Infineon SLB9670 TPM 2.0 (default) */ /* #define WOLFTPM_SLB9670 */ -#if !defined(WOLFTPM_ST33) && !defined(WOLFTPM_SLB9670) +#if !defined(WOLFTPM_ST33) && !defined(WOLFTPM_MCHP) && !defined(WOLFTPM_SLB9670) #define WOLFTPM_SLB9670 #endif @@ -216,8 +216,17 @@ typedef int64_t INT64; /* ---------------------------------------------------------------------------*/ /* Optional delay between polling */ +#if defined(WOLFTPM_SLB9670) && !defined(XTPM_WAIT) + /* For Infineon SLB9670 adding 10us delay improves performance */ + #ifdef __linux__ + #ifndef XTPM_WAIT_POLLING_US + #define XTPM_WAIT_POLLING_US 10 /* 0.01ms */ + #endif + #define XTPM_WAIT() usleep(XTPM_WAIT_POLLING_US); + #endif +#endif #ifndef XTPM_WAIT -#define XTPM_WAIT() /* just poll without delay by default */ + #define XTPM_WAIT() /* just poll without delay by default */ #endif #ifndef BUFFER_ALIGNMENT diff --git a/wolftpm/tpm2_wrap.h b/wolftpm/tpm2_wrap.h index 386753d..3a4c687 100644 --- a/wolftpm/tpm2_wrap.h +++ b/wolftpm/tpm2_wrap.h @@ -97,6 +97,7 @@ WOLFTPM_API int wolfTPM2_Cleanup(WOLFTPM2_DEV* dev); WOLFTPM_API int wolfTPM2_GetTpmDevId(WOLFTPM2_DEV* dev); +WOLFTPM_API int wolfTPM2_SelfTest(WOLFTPM2_DEV* dev); WOLFTPM_API int wolfTPM2_GetCapabilities(WOLFTPM2_DEV* dev, WOLFTPM2_CAPS* caps); WOLFTPM_API int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index,