WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

wolfTPM v3.4.0 release. 

* Fixes for building without wolfCrypt or heap.
* Fix for building wolfTPM DLL (was missing tbs.lib).
* Fix for `wolfTPM2_New` to provide default TPM2 HAL IO callback.
pull/362/head
David Garske 2024-07-29 17:21:18 -07:00
parent b36f792416
commit 95ae2f7459
11 changed files with 82 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@ -21,7 +21,7 @@
cmake_minimum_required(VERSION 3.16)
project(wolfTPM VERSION 3.2.0 LANGUAGES C)
project(wolfTPM VERSION 3.4.0 LANGUAGES C)
set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
set(WOLFTPM_DEFINITIONS)

27
ChangeLog.md
View File

@ -1,5 +1,32 @@
# Release Notes
## wolfTPM Release 3.4.0 (July 30, 2024)
**Summary**
Added Endorsement Key Certificate support. Added support for NV read/write with policy. Added policy password support. Refactor of the session authentication structures.
**Detail**
* Added EK Certificate Support (PR #360)
- Added new API's `wolfTPM2_GetKeyTemplate_EK` and `wolfTPM2_GetKeyTemplate_EK` for getting EK public templates used for generating the EK primary key.
- Added `examples/endorsement/get_ek_certs` for showing how to retrieve and validate the manufacturers endorsement key certificates.
* Improvements to auth handling to support Policy Password and Policy Auth Value (PR #350)
- Refactor to eliminate confusing cast between TPMS_AUTH_COMMAND and TPM2_AUTH_SESSION.
- Support for policy auth value and policy password.
- Add new NV policy write/read API's `wolfTPM2_NVWriteAuthPolicy` and `wolfTPM2_NVReadAuthPolicy`.
* Fixed ST33KTPM IAK/IDevID provisioning NV indexes. (PR #361)
* Fixed TLS example build issues with wolfSSL not having crypto callback or PK callback enabled. (PR #360)
* Fixed CSR version (use version 0) (PR #359)
* Fixed issue with Doxygen generation of wolfTPM due to doxybook2 crashing on unnamed enum. (PR #357)
* Fixed HMAC session save last (not typically used) (PR #355)
* Fixed Infineon I2C HAL gating logic (PR #347)
* Added documentation for IAK/IDevID build options. (PR #361)
* Added support for Espressif IDE (see IDE/Espressif) (PR #321)
* Added tests for create_primary (PR #345)
* Improved software TPM (docs/SWTPM.md) documentation (PR #348)
## wolfTPM Release 3.2.0 (Apr 24, 2024)
**Summary**

1
IDE/VisualStudio/user_settings.h
View File

@ -46,6 +46,7 @@ extern "C" {
/* TPM */
#define WOLFSSL_AES_CFB /* required for parameter encryption */
#define WOLFSSL_PUBLIC_MP /* expose mp_ math functions - required for tpm ECC secret encrypt */
#define WOLFTPM_AUTODETECT /* support any TPM model (unknown/safe options) */
/* Callbacks */
#define WOLF_CRYPTO_CB

4
IDE/VisualStudio/wolftpm.vcxproj
View File

@ -212,6 +212,7 @@
<SubSystem>
</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@ -254,6 +255,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@ -289,6 +291,7 @@
<SubSystem>
</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@ -329,6 +332,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>DebugFull</GenerateDebugInformation>
<AdditionalDependencies>tbs.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />

8
configure.ac
View File

@ -1,9 +1,9 @@
# wolftpm
# Copyright (C) 2021 wolfSSL Inc.
# Copyright (C) 2024 wolfSSL Inc.
# All right reserved.
AC_COPYRIGHT([Copyright (C) 2014-2021 wolfSSL Inc.])
AC_INIT([wolftpm],[3.2.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])
AC_COPYRIGHT([Copyright (C) 2014-2024 wolfSSL Inc.])
AC_INIT([wolftpm],[3.4.0],[https://github.com/wolfssl/wolfTPM/issues],[wolftpm],[http://www.wolfssl.com])
AC_PREREQ([2.63])
AC_CONFIG_AUX_DIR([build-aux])
@ -28,7 +28,7 @@ AC_ARG_PROGRAM
AC_CONFIG_HEADERS([src/config.h])
WOLFTPM_LIBRARY_VERSION=16:2:0
WOLFTPM_LIBRARY_VERSION=16:3:0
# | | |
# +------+ | +---+
# | | |

11
examples/endorsement/get_ek_certs.c
View File

@ -38,7 +38,9 @@
#ifndef WOLFTPM2_NO_WOLFCRYPT
#include <wolfssl/wolfcrypt/asn.h>
#if !defined(WOLFCRYPT_ONLY)
#include "trusted_certs.h"
#endif
#endif
/******************************************************************************/
@ -89,7 +91,7 @@ static void show_ek_public(const TPM2B_PUBLIC* pub)
}
else if (pub->publicArea.type == TPM_ALG_ECC) {
const char* curveName = "NULL";
#ifndef WOLFTPM2_NO_WOLFCRYPT
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC)
curveName = wc_ecc_get_name(
TPM2_GetWolfCurve(pub->publicArea.parameters.eccDetail.curveID));
#endif
@ -153,8 +155,8 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
TPMT_PUBLIC publicTemplate;
word32 nvIndex;
#ifndef WOLFTPM2_NO_WOLFCRYPT
int i;
#ifndef WOLFCRYPT_ONLY
int i;
WOLFSSL_CERT_MANAGER* cm = NULL;
#endif
DecodedCert cert;
@ -351,9 +353,10 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
rc = wc_DerToPem(certBuf, certSz, NULL, 0, CERT_TYPE);
if (rc > 0) { /* returns actual PEM size */
pemSz = (word32)rc;
rc = 0;
pemSz++; /* for '\0'*/
rc = 0;
}
if (rc == 0) {
pem = (char*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
rc = MEMORY_E;

9
examples/keygen/external_import.c
View File

@ -88,8 +88,13 @@ int TPM2_ExternalImport_Example(void* userCtx, int argc, char *argv[])
WOLFTPM2_DEV dev;
WOLFTPM2_KEY storage; /* SRK */
WOLFTPM2_KEY *primary;
#ifndef WOLFTPM2_NO_HEAP
WOLFTPM2_KEYBLOB* key2;
WOLFTPM2_KEYBLOB* rsaKey3;
#else
WOLFTPM2_KEYBLOB key2[1];
WOLFTPM2_KEYBLOB rsaKey3[1];
#endif
TPM2B_DIGEST seedValue;
TPMT_PUBLIC publicTemplate3;
TPMA_OBJECT attributes;
@ -122,8 +127,10 @@ int TPM2_ExternalImport_Example(void* userCtx, int argc, char *argv[])
argc--;
}
#ifndef WOLFTPM2_NO_HEAP
key2 = wolfTPM2_NewKeyBlob();
rsaKey3 = wolfTPM2_NewKeyBlob();
#endif
primary = &storage;
rc = wolfTPM2_Init(&dev, TPM2_IoCb, NULL);
@ -229,8 +236,10 @@ exit:
wolfTPM2_UnloadHandle(&dev, &key2->handle);
wolfTPM2_UnloadHandle(&dev, &primary->handle);
#ifndef WOLFTPM2_NO_HEAP
wolfTPM2_FreeKeyBlob(key2);
wolfTPM2_FreeKeyBlob(rsaKey3);
#endif
wolfTPM2_Cleanup(&dev);

6
examples/tls/tls_common.h
View File

@ -89,8 +89,8 @@
/******************************************************************************/
typedef struct SockIoCbCtx {
int listenFd;
int fd;
SOCKET_T listenFd;
SOCKET_T fd;
} SockIoCbCtx;
#ifndef WOLFSSL_USER_IO
@ -266,7 +266,7 @@ static inline int SetupSocketAndListen(SockIoCbCtx* sockIoCtx, word32 port)
static inline int SocketWaitClient(SockIoCbCtx* sockIoCtx)
{
int connd;
SOCKET_T connd;
struct sockaddr_in clientAddr;
XSOCKLENT size = sizeof(clientAddr);

2
src/tpm2.c
View File

@ -642,7 +642,7 @@ TPM_RC TPM2_Init_ex(TPM2_CTX* ctx, TPM2HalIoCb ioCb, void* userCtx,
/* Setup HAL IO Callback */
rc = TPM2_SetHalIoCb(ctx, ioCb, userCtx);
if (rc != TPM_RC_SUCCESS)
return rc;
return rc;
#endif
/* Set the active TPM global */

39
src/tpm2_wrap.c
View File

@ -30,7 +30,7 @@
/* For some struct to buffer conversions */
#include <wolftpm/tpm2_packet.h>
#include <hal/tpm_io.h> /* for default IO callback */
/* Local Functions */
static int wolfTPM2_GetCapabilities_NoDev(WOLFTPM2_CAPS* cap);
@ -182,7 +182,7 @@ WOLFTPM2_DEV* wolfTPM2_New(void)
WOLFTPM2_DEV *dev = (WOLFTPM2_DEV*)XMALLOC(
sizeof(WOLFTPM2_DEV), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (dev != NULL) {
if (wolfTPM2_Init(dev, NULL, NULL) != TPM_RC_SUCCESS) {
if (wolfTPM2_Init(dev, TPM2_IoCb, NULL) != TPM_RC_SUCCESS) {
XFREE(dev, NULL, DYNAMIC_TYPE_TMP_BUFFER);
dev = NULL;
}
@ -797,20 +797,27 @@ static int wolfTPM2_GetCapabilities_NoDev(WOLFTPM2_CAPS* cap)
#if defined(WOLFTPM_SLB9672) || defined(WOLFTPM_SLB9673)
/* Get vendor specific information */
if (rc == 0) {
rc = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_OPERATION_MODE,
int rc_ifx;
rc_ifx = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_OPERATION_MODE,
&cap->opMode, sizeof(cap->opMode));
}
if (rc == 0) {
rc = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_KEYGROUP_ID,
(uint8_t*)&cap->keyGroupId, sizeof(cap->keyGroupId));
}
if (rc == 0) {
rc = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_COUNTER,
(uint8_t*)&cap->fwCounter, sizeof(cap->fwCounter));
}
if (rc == 0) {
rc = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_COUNTER_SAME,
(uint8_t*)&cap->fwCounterSame, sizeof(cap->fwCounterSame));
if (rc_ifx == 0) {
rc_ifx = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_KEYGROUP_ID,
(uint8_t*)&cap->keyGroupId, sizeof(cap->keyGroupId));
}
if (rc_ifx == 0) {
rc_ifx = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_COUNTER,
(uint8_t*)&cap->fwCounter, sizeof(cap->fwCounter));
}
if (rc_ifx == 0) {
rc_ifx = tpm2_ifx_cap_vendor_get(cap, TPM_PT_VENDOR_FIX_FU_COUNTER_SAME,
(uint8_t*)&cap->fwCounterSame, sizeof(cap->fwCounterSame));
}
if (rc_ifx != 0) {
#ifdef DEBUG_WOLFTPM
printf("Error getting Infineon vendor capabilities 0x%x: %s\n",
rc_ifx, TPM2_GetRCString(rc_ifx));
#endif
}
}
#endif
@ -1142,7 +1149,7 @@ int wolfTPM2_Cleanup_ex(WOLFTPM2_DEV* dev, int doShutdown)
return rc;
#endif
if (doShutdown) {
if (doShutdown && TPM2_GetActiveCtx() != NULL) {
Shutdown_In shutdownIn;
XMEMSET(&shutdownIn, 0, sizeof(shutdownIn));
shutdownIn.shutdownType = TPM_SU_CLEAR;

4
wolftpm/version.h
View File

@ -34,8 +34,8 @@
extern "C" {
#endif
#define LIBWOLFTPM_VERSION_STRING "3.2.0"
#define LIBWOLFTPM_VERSION_HEX 0x03002000
#define LIBWOLFTPM_VERSION_STRING "3.4.0"
#define LIBWOLFTPM_VERSION_HEX 0x03004000
#ifdef __cplusplus
}