From 30f2e644aad728fa2e259c5824dd5f50ee2473cc Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Mon, 13 Jul 2020 09:54:00 -0700
Subject: [PATCH] Added NPCT75x Nuvoton support.

---
 README.md            | 37 +++++++++++++++++++++++++++++++++++--
 configure.ac         | 12 ++++++++++++
 examples/tpm_io.c    |  4 ++++
 src/tpm2_wrap.c      | 12 +++++++++++-
 wolftpm/tpm2_types.h | 38 +++++++++++++++++++++++++++++---------
 wolftpm/tpm2_wrap.h  |  3 +++
 6 files changed, 94 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index ff37aa5..ae207ee 100644
--- a/README.md
+++ b/README.md
@@ -72,8 +72,8 @@ Tested with:
 * Infineon OPTIGA (TM) Trusted Platform Module 2.0 SLB 9670.
 * LetsTrust: http://letstrust.de (https://buyzero.de/collections/andere-platinen/products/letstrust-hardware-tpm-trusted-platform-module). Compact Raspberry Pi TPM 2.0 board based on Infineon SLB 9670.
 * ST ST33TP* TPM 2.0 module (SPI and I2C)
-* Microchip ATTPM20
-* Nuvoton NPCT650 TPM2.0
+* Microchip ATTPM20 module
+* Nuvoton NPCT65X or NPCT75x TPM2.0 module
 
 #### Device Identification
 
@@ -95,6 +95,9 @@ Mfg NTZ (0), Vendor Z32H330, Fw 7.51 (419631892), FIPS 140-2 0, CC-EAL4 0
 Nuvoton NPCT650 TPM2.0
 Mfg NTC (0), Vendor rlsNPCT , Fw 1.3 (65536), FIPS 140-2 0, CC-EAL4 0
 
+Nuvoton NPCT750 TPM2.0
+TPM2: Caps 0x30000697, Did 0x00fc, Vid 0x1050, Rid 0x 1
+Mfg NTC (0), Vendor NPCT75x"!!4rls, Fw 7.2 (131072), FIPS 140-2 1, CC-EAL4 0
 
 ## Building
 
@@ -124,6 +127,7 @@ autogen.sh requires: automake and libtool: `sudo apt-get install automake libtoo
 --enable-i2c            Enable I2C TPM Support (default: disabled, requires advio) - WOLFTPM_I2C
 --enable-mchp           Enable Microchip TPM Support (default: disabled) - WOLFTPM_MCHP
 WOLFTPM_TIS_LOCK        Enable Linux Named Semaphore for locking access to SPI device for concurrent access between processes.
+--enable-nuvoton        Enable Nuvoton NPCT65x/NPCT75x Support (default: disabled) - WOLFTPM_NUVOTON
 WOLFTPM_USE_SYMMETRIC   Enables symmetric AES/Hashing/HMAC support for TLS examples.
 WOLFTPM2_USE_SW_ECDHE   Disables use of TPM for ECC ephemeral key generation and shared secret.
 TLS_BENCH_MODE          Enables TLS benchmarking mode.
@@ -165,6 +169,13 @@ Build wolfTPM:
 ```
 ./autogen.sh
 ./configure --enable-mchp
+### Building Nuvoton
+
+Build wolfTPM:
+
+```
+./autogen.sh
+./configure --enable-nuvoton
 make
 ```
 
@@ -369,6 +380,28 @@ ECDSA    256 verify         4 ops took 1.061 sec, avg 265.216 ms, 3.771 ops/sec
 ECDHE    256 agree          6 ops took 1.055 sec, avg 175.915 ms, 5.685 ops/sec
 ```
 
+Run on Nuvoton NPCT750 at 43MHz:
+
+```
+RNG                 16 KB took 1.114 seconds,   14.368 KB/s
+Benchmark symmetric AES-128-CBC-enc not supported!
+Benchmark symmetric AES-128-CBC-dec not supported!
+Benchmark symmetric AES-256-CBC-enc not supported!
+Benchmark symmetric AES-256-CBC-dec not supported!
+SHA1               120 KB took 1.012 seconds,  118.618 KB/s
+SHA256             122 KB took 1.012 seconds,  120.551 KB/s
+SHA384             120 KB took 1.003 seconds,  119.608 KB/s
+RSA     2048 key gen        5 ops took 17.043 sec, avg 3408.678 ms, 0.293 ops/sec
+RSA     2048 Public       134 ops took 1.004 sec, avg 7.490 ms, 133.517 ops/sec
+RSA     2048 Private       15 ops took 1.054 sec, avg 70.261 ms, 14.233 ops/sec
+RSA     2048 Pub  OAEP    116 ops took 1.002 sec, avg 8.636 ms, 115.797 ops/sec
+RSA     2048 Priv OAEP     15 ops took 1.061 sec, avg 70.716 ms, 14.141 ops/sec
+ECC      256 key gen       12 ops took 1.008 sec, avg 84.020 ms, 11.902 ops/sec
+ECDSA    256 sign          18 ops took 1.015 sec, avg 56.399 ms, 17.731 ops/sec
+ECDSA    256 verify        26 ops took 1.018 sec, avg 39.164 ms, 25.533 ops/sec
+ECDHE    256 agree         35 ops took 1.029 sec, avg 29.402 ms, 34.011 ops/sec
+```
+
 ### TPM2 Native Tests
 
 ```
diff --git a/configure.ac b/configure.ac
index 3719fa4..b930ed9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -199,6 +199,16 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_MCHP"
 fi
 
+# Nuvoton NPCT65x/NPCT75x
+AC_ARG_ENABLE([nuvoton],
+    [AS_HELP_STRING([--enable-nuvoton],[Enable Nuvoton NPCT65x/NPCT75x TPM Support (default: disabled)])],
+    [ ENABLED_NUVOTON=$enableval ],
+    [ ENABLED_NUVOTON=no ]
+    )
+if test "x$ENABLED_NUVOTON" = "xyes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_NUVOTON"
+fi
 
 # Infineon SLB9670
 ENABLED_INFINEON=no
@@ -243,6 +253,7 @@ AM_CONDITIONAL([BUILD_ST33], [test "x$ENABLED_ST33" = "xyes"])
 AM_CONDITIONAL([BUILD_MCHP], [test "x$ENABLED_MCHP" = "xyes"])
 AM_CONDITIONAL([BUILD_INFINEON], [test "x$ENABLED_INFINEON" = "xyes"])
 AM_CONDITIONAL([BUILD_DEVTPM], [test "x$ENABLED_DEVTPM" = "xyes"])
+AM_CONDITIONAL([BUILD_NUVOTON], [test "x$ENABLED_NUVOTON" = "xyes"])
 
 
 
@@ -361,3 +372,4 @@ echo "   * STM ST33:                  $ENABLED_ST33"
 echo "   * Microchip ATTPM20:         $ENABLED_MCHP"
 echo "   * I2C:                       $ENABLED_I2C"
 echo "   * Linux kernel TPM device:   $ENABLED_DEVTPM"
+echo "   * Nuvoton NPCT75x:           $ENABLED_NUVOTON"
diff --git a/examples/tpm_io.c b/examples/tpm_io.c
index b7a2f8f..51b9d55 100644
--- a/examples/tpm_io.c
+++ b/examples/tpm_io.c
@@ -68,9 +68,13 @@
         #elif defined(WOLFTPM_ST33)
             /* STM ST33HTPH SPI uses CE0 */
             #define TPM2_SPI_DEV "/dev/spidev0.0"
+        #elif defined(WOLFTPM_NUVOTON)
+            /* Nuvoton NPCT75x uses CE0 */
+            #define TPM2_SPI_DEV_CS "0"
         #else
             /* OPTIGA SLB9670 and LetsTrust TPM use CE1 */
             #define TPM2_SPI_DEV "/dev/spidev0.1"
+            #define TPM2_SPI_DEV "/dev/spidev0."TPM2_SPI_DEV_CS
         #endif
     #endif
 
diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
index 8a8ef4a..77ca7bf 100644
--- a/src/tpm2_wrap.c
+++ b/src/tpm2_wrap.c
@@ -278,9 +278,19 @@ static int wolfTPM2_ParseCapabilities(WOLFTPM2_CAPS* caps,
                 }
                 else if (XMEMCMP(&caps->mfgStr, "STM", 3) == 0) {
                     caps->mfg = TPM_MFG_STM;
+                    caps->req_wait_state = 1;
                 }
                 else if (XMEMCMP(&caps->mfgStr, "MCHP", 4) == 0) {
                     caps->mfg = TPM_MFG_MCHP;
+                    caps->req_wait_state = 1;
+                }
+                else if (XMEMCMP(&caps->mfgStr, "NTC", 4) == 0) {
+                    caps->mfg = TPM_MFG_NUVOTON;
+                    caps->req_wait_state = 1;
+                }
+                else if (XMEMCMP(&caps->mfgStr, "NTZ", 4) == 0) {
+                    caps->mfg = TPM_MFG_NATIONTECH;
+                    caps->req_wait_state = 1;
                 }
                 break;
             case TPM_PT_VENDOR_STRING_1:
@@ -304,7 +314,7 @@ static int wolfTPM2_ParseCapabilities(WOLFTPM2_CAPS* caps,
                 caps->fwVerMinor = val & 0xFFFF;
                 break;
             case TPM_PT_FIRMWARE_VERSION_2:
-                if (caps->mfg == TPM_MFG_INFINEON) {
+                if (caps->mfg == TPM_MFG_INFINEON || caps->mfg == TPM_MFG_NUVOTON) {
                     caps->fwVerVendor = val >> 8;
                     caps->cc_eal4 = (val & 0x00000002) ? 0 : 1;
                 }
diff --git a/wolftpm/tpm2_types.h b/wolftpm/tpm2_types.h
index c2adc48..d187863 100644
--- a/wolftpm/tpm2_types.h
+++ b/wolftpm/tpm2_types.h
@@ -155,13 +155,19 @@ typedef int64_t  INT64;
 
 /* Microchip ATTPM20 */
 /* #define WOLFTPM_MCHP */
+/* Nuvoton NPCT75x TPM 2.0 module */
+/* #define WOLFTPM_NUVOTON */
 
 /* Infineon SLB9670 TPM 2.0 (default) */
 /* #define WOLFTPM_SLB9670 */
-#if !defined(WOLFTPM_ST33) && !defined(WOLFTPM_MCHP) && !defined(WOLFTPM_SLB9670)
+
+/* Define a default chip */
+#if !defined(WOLFTPM_ST33) && !defined(WOLFTPM_MCHP) && \
+    !defined(WOLFTPM_NUVOTON) && !defined(WOLFTPM_SLB9670)
     #define WOLFTPM_SLB9670
 #endif
 
+
 /* Chip Specific Settings */
 #ifdef WOLFTPM_MCHP
     /* Microchip ATTPM20 */
@@ -169,25 +175,39 @@ typedef int64_t  INT64;
     #ifndef WOLFTPM_CHECK_WAIT_STATE
         #define WOLFTPM_CHECK_WAIT_STATE
     #endif
+    /* Max: 36MHz (has issues so using 33MHz) */
+    #define TPM2_SPI_MAX_HZ_MICROCHIP 33000000
     #ifndef TPM2_SPI_MAX_HZ
-        /* Max: 36MHz (has issues so using 33MHz) */
-        #define TPM2_SPI_MAX_HZ 33000000
+        #define TPM2_SPI_MAX_HZ TPM2_SPI_MAX_HZ_MICROCHIP
     #endif
 #elif defined(WOLFTPM_ST33)
-    /* ST33TPM20 modules */
+    /* ST ST33TPM20 modules */
     /* Requires wait state support */
     #ifndef WOLFTPM_CHECK_WAIT_STATE
         #define WOLFTPM_CHECK_WAIT_STATE
     #endif
+    /* Max: 33MHz */
+    #define TPM2_SPI_MAX_HZ_ST 33000000
     #ifndef TPM2_SPI_MAX_HZ
-        /* Max: 33MHz */
-        #define TPM2_SPI_MAX_HZ 33000000
+        #define TPM2_SPI_MAX_HZ TPM2_SPI_MAX_HZ_ST
     #endif
-#else
-    /* OPTIGA SLB9670 */
+#elif defined(WOLFTPM_NUVOTON)
+    /* Nuvoton NPCT75x module */
+    /* Requires wait state support */
+    #ifndef WOLFTPM_CHECK_WAIT_STATE
+        #define WOLFTPM_CHECK_WAIT_STATE
+    #endif
+    #define TPM2_SPI_MAX_HZ_NUVOTON 43000000
     #ifndef TPM2_SPI_MAX_HZ
         /* Max: 43MHz */
-        #define TPM2_SPI_MAX_HZ 43000000
+        #define TPM2_SPI_MAX_HZ TPM2_SPI_MAX_HZ_NUVOTON
+    #endif
+#else
+    /* Infineon OPTIGA SLB9670 */
+    /* Max: 43MHz */
+    #define TPM2_SPI_MAX_HZ_INFINEON 43000000
+    #ifndef TPM2_SPI_MAX_HZ
+        #define TPM2_SPI_MAX_HZ TPM2_SPI_MAX_HZ_INFINEON
     #endif
 #endif
 
diff --git a/wolftpm/tpm2_wrap.h b/wolftpm/tpm2_wrap.h
index f0dad16..010f392 100644
--- a/wolftpm/tpm2_wrap.h
+++ b/wolftpm/tpm2_wrap.h
@@ -81,6 +81,8 @@ typedef enum WOLFTPM2_MFG {
     TPM_MFG_INFINEON,
     TPM_MFG_STM,
     TPM_MFG_MCHP,
+    TPM_MFG_NUVOTON,
+    TPM_MFG_NATIONTECH,
 } WOLFTPM2_MFG;
 typedef struct WOLFTPM2_CAPS {
     WOLFTPM2_MFG mfg;
@@ -94,6 +96,7 @@ typedef struct WOLFTPM2_CAPS {
     /* bits */
     word16 fips140_2 : 1; /* using FIPS mode */
     word16 cc_eal4   : 1; /* Common Criteria EAL4+ */
+    word16 req_wait_state : 1; /* requires SPI wait state */
 } WOLFTPM2_CAPS;
 
 /* NV Handles */