* Added new units tests and fixed missing XMEMSET
* Renamed and modified PemToTpm to PubPemToTpm, works only with Pub keys
* Fixes from peer feedback
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
* Added option in keygen example to create and use keys under the EK
- Added PolicySecret to provide EK auth
* Fix wrong total auth area size when multiple auth sessions are used
* Workaround policy Session for EK auth
* Added flag in WOLFTPM2_HANDLE to specify when policyAuth is used
* Added three macros to check TPM2.0 Policy session type
* Added option to use keys under Endorsement Hierarchy in attestation examples
- MakeCredential modified to work without auth as TCG spec defines
- MakeCredential can now use EK pub to encrypt challenge
- AcivateCredential can now work with EK pub to decrypt challenge
* Added new wolfTPM2 wrapper for TPM2_CreateLoaded
- Added missing TPM2_CreateLoaded command in tpm2.c
- Create and load a key in single TPM 2.0 operation
* Added new wolfTPM2 wrappers to use PEM format in keygen
- wolfTPM2_RsaKey_TpmToPem
- wolfTPM2_RsaKey_PemToTpm
* Improved keygen, output in PEM format and saving EK's TPM2B_PUBLIC
- Added keygen option to output PEM files for TPM public keys
- Added saving of EK's TPM2B_PUBLIC for attestation purposes
* Modified keygen
- Uses new wolfTPM2_CreateLoaded wrapper to acquire correct AK name
- Stores AK name for attestation purposes
* Modified keyload to be able to load keys created under the EK/EH
- Uses new wrapper
- Can load keys created under EK/EH, non-AK and AK
* Added new wrapper for satisfying EK policy
* Applied fixes from peer review
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
* Doxygen configuration and script file under docs
* Added doxygen header to describe the different documentation modules
* Added doxygen comments about TPM2 Proprietary commands in wolfTPM
* Added doxygen comments about wolfTPM2 wrappers
* Added explanatory comments for TPM2 Standard commands and TPM2 IO examples
* Updates from peer feedback
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
* Updated copyright
* Fixed minor cast warning.
* Fixed minor scan-build warnings.
* Cleanup print public and fix possible print of uninitialized field.
* Make sure hmac buffer space is reserved
* Add name computation for NV handles, modify TPM2_GetName
* Make TPM2_GetName handle multiple TPM Handle types
* Add wolfTPM2_SetNameHandle for passing handle name to parameter encryption
* Compute fresh NV Index Name during NVWrite with updated nvPublic information
* Compute fresh NV Index Name during NVRead, the same way NVWrite needs it
The NV_WRITTEN flag is being set, when there are consequtive reads, which
forces the hash to update. In order for this to take place, we need to
read the current(fresh) nvPublic information using TPM2_NV_ReadPublic.
* Add wolfTPM2_UnsetAuth to clear past authorization sessions when not needed
A way to clear auth sessions that are no longer needed was missing.
For example, after a TPM2_NVRead which uses two auth session slots, there
was no way for the user to clear the second slot afterwards. The only
possibility before was to overwrite with invalid values.
This way a TPM2_NVUndefineSpace would fail right after TPM2_NVRead, just
because there was an auth session not prevously cleared. This can be
handled either by the user manually or the user can use wolfTPM2 wrappers
that handle it now automatically using wolfTPM2_UnsetAuth.
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
* Added key generation example with parameter encryption
* Fixes and cleanups for KDFa
* Added KDFa unit test (passes)
* Added AES CFB support
* Fix for nonceTPM
* Added support for encrypted RSA salt and salted-unbounded session
* Removed unsalted-unbounded specific code for authValueKDF from KDFa
* Add innerWrap support
* Add missing wolfcrypt header for AES CFB
* Fixes for casting when calling KDFa for AES CFB parameter encryption
* Add outerWrap support
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
* Added RSA support for `wolfTPM2_SignHash` and `wolfTPM2_VerifyHash`.
* Added `wolfTPM2_SignHashScheme` and `wolfTPM2_VerifyHashScheme` support for signature scheme and hash algo.
* Added `wolfTPM2_LoadRsaPrivateKey_ex` and `wolfTPM2_LoadRsaPublicKey_ex` support for signature scheme and hash algo.
* Fix for typo on hashAlg and sigAlg (per spec).
* Added RSA sign/verify examples for PKCSv1.5 (SSA) and PSS padding schemes.
* Fixes for building without ECC key import/export.
David Garske
Dimitar Tomov
Elms
Dimitar Tomov
Chris Conlon
Eric Blankenhorn