Elms
e43e8022b5
examples: Add AltName 127.0.0.1 to server certs
2021-01-22 11:54:12 -08:00
David Garske
30c4ace7cc
Merge pull request #140 from tomoveu/fix-user-settings-ifdef
...
Fix typo on WOLFTPM_USER_SETTINGS ifdef
2021-01-22 09:16:08 -08:00
Dimitar Tomov
529dcfe268
Fix typo on WOLFTPM_USER_SETTINGS ifdef
...
POSIX options.h is used when USER_SETTINGS are not available
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2021-01-22 19:08:58 +02:00
elms
a0fb2f58ec
Merge pull request #136 from dgarske/pkcs7_fixes
...
Cleanup of the examples to use the key templates
2021-01-18 14:18:17 -08:00
David Garske
c0fa6423d5
Cleanup of the examples to use the key templates. The PKCS7 example was failing because of a key mismatch between the TPM private key and the public key used in the certificate setup using the CSR and ./certs/certreq/sh`.
2021-01-14 16:41:12 -08:00
elms
48a3364c06
Merge pull request #139 from dgarske/certs_expired
...
Fix for expired wolfSSL certs
2021-01-11 13:26:14 -08:00
David Garske
4c086c2f2c
Fix for expired wolfSSL certs and note about where those files come from. Fixes #138 .
2021-01-11 11:58:46 -08:00
Eric Blankenhorn
da1d34c2fb
Merge pull request #134 from dgarske/release_v2.0
...
Preparation for wolfTPM v2.0 release
2020-12-07 14:59:17 -06:00
David Garske
bd14af9542
Add mention of PR 133
2020-12-07 11:09:13 -08:00
David Garske
845b3d1da2
Release fixes and cleanups. Fixes for init of `WOLFTPM2_HASH` in `wolfTPM2_HashStart`. Fix for for various build configurations (--disable-wrapper). Fix for Microchip "sign" bit on symmetric keys. Fix for scan-build warnings. Cleanup whitespace.
2020-12-07 11:01:02 -08:00
David Garske
b1a11c386a
Preparation for wolfTPM v2.0 release.
2020-12-03 11:12:01 -08:00
elms
c7e93261e4
Merge pull request #129 from tomoveu/add-keygen-example
2020-12-03 10:16:40 -08:00
David Garske
523a9f905c
Fixes for properly setting auth (needs to include name for HMAC cpHash/rpHash calculation). Fix for sessionAttributes when command / response doesn't support it. Fixes for the TLS client / server examples. Added back the useful param enc / hmac debugging enabled with `--enable-debug=verbose`.
2020-12-02 16:47:46 -08:00
David Garske
75db91c003
Updates to demonstrate using parameter encryption with the native test. Allow NULL key for the HmacSetKey (for unsalted / unbound).
2020-12-01 16:00:47 -08:00
David Garske
d044360e38
Fixes for scan-build and g++ warnings.
2020-12-01 10:38:39 -08:00
David Garske
8087afaf27
Fixes from peer review. Resolve issue with make check. Removed the TPM Simulator for make check (does not build out of the box on all platforms). Make dist was not including the new tpm2_socket.h.
2020-12-01 07:45:04 -08:00
David Garske
4b0b70861c
Added parameter encryption support to more examples. Fix to not set "encrypt" or "decrypt" if command doesn't allow it. Updated documentation.
2020-11-30 12:00:54 -08:00
David Garske
4c2e8d3f43
Added response HMAC validation. Fixes for nonce and auth count. Fix for AES CFB decrypt set key (requires `AES_ENCRYPTION` on SetKey). Cleanup verbose debugging. PR ready for review.
2020-11-25 16:04:04 -08:00
David Garske
0e4c6672fd
TPM Parameter Encryption with AES CFB or XOR is fully working. Tested keygen, keyload, keyimport and PCR quote with parameter encryption using both ciphers. This commit includes a refactor of the auth command structure to adhere to TPM spec. Includes optimization for AES CFB and XOR to do done inline. For for the decryption nonce to use the newer for U in KDFa.
2020-11-25 13:00:42 -08:00
Dimitar Tomov
4b98d6d637
Fixed minor errors about missing header, variables not used and whitespaces
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-25 12:33:51 +02:00
David Garske
409fd96502
Fixes for response decryption. Nonce from TPM captured correctly now. Added support for args to all examples.
2020-11-24 16:44:20 -08:00
David Garske
1c5e0ea95a
Refactor of the command parameters.
2020-11-24 11:51:56 -08:00
David Garske
66ea1599c9
Fixes for cpHash calculation. Cleanup of the auth command/response processing.
2020-11-23 21:38:16 -08:00
David Garske
5abeea75a9
Added object names to the command hash calculation (cpHash). Added HMAC key creation. Fixed outstanding TODO items.
2020-11-23 14:54:39 -08:00
David Garske
dbd8e41b47
Refactor of the session authentication. Added "-e" option to some examples to enable parameter encryption and removed the _paramenc.c files. Fixup for the `getPrimaryStoragekey` to allow persisting if not `WOLFTPM_WINAPI`. Improve command line options. Added calculation of command hash and HMAC for sessions.
2020-11-20 16:47:14 -08:00
Dimitar Tomov
a31ef747f7
Keygen examples no longer need to manually generate nonceCaller
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 18:11:25 +02:00
Dimitar Tomov
ade7c0b23a
Added generation of fresh nonceCaller between commands
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 18:05:00 +02:00
Dimitar Tomov
7edd3950bc
Extend wolfTPM2_SESSION with new field for fresh nonceCaller between commands
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 17:50:02 +02:00
Dimitar Tomov
8459ec712a
Prepare for new nonceTPM solution and TPM session tracking
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:37:21 +02:00
Dimitar Tomov
72e365329c
New nonceTPM solution needed, restoring TPMS_AUTH_COMMAND to its TCG spec form
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:30:17 +02:00
Dimitar Tomov
701359a7dc
Fixes to keyload_paramenc, unloading of handles
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:24:18 +02:00
Dimitar Tomov
191412f86b
Minor change, remove obsolete code from keygen_paramenc example
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:08:30 +02:00
Dimitar Tomov
23e5b629fb
Added keyload with parameter encryption example
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:08:30 +02:00
Dimitar Tomov
324bdea6b4
Modify keygen_paramenc to use new wolfTPM2 wrappers for Create and Load
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:08:30 +02:00
Dimitar Tomov
cc812e5d8f
Encrypt innerWrap and TPM2B_Private together for TPM2_Load, without outerWrap
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:08:30 +02:00
Dimitar Tomov
24a49de385
Added AES CFB parameter support, salted TPM session, fixed KDFa and examples
...
* Added key generation example with parameter encryption
* Fixes and cleanups for KDFa
* Added KDFa unit test (passes)
* Added AES CFB support
* Fix for nonceTPM
* Added support for encrypted RSA salt and salted-unbounded session
* Removed unsalted-unbounded specific code for authValueKDF from KDFa
* Add innerWrap support
* Add missing wolfcrypt header for AES CFB
* Fixes for casting when calling KDFa for AES CFB parameter encryption
* Add outerWrap support
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:08:30 +02:00
David Garske
5a77c4c3d7
Merge pull request #133 from tomoveu/new-authSession-handling
...
New auth session handling for TPM2 command handlers
2020-11-18 14:04:38 -08:00
Dimitar Tomov
a516da4158
Minor fixes based on peer review
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-18 23:59:40 +02:00
Dimitar Tomov
5b757b8b72
New auth session handling for TPM2 command handlers
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-18 23:50:45 +02:00
David Garske
0cc3416f87
Merge pull request #130 from elms/mingw/tls
...
minGW support for TLS example
2020-11-13 16:35:24 -08:00
David Garske
b48f53f5e7
Improvements to the example tls_server to accept "RSA" or "ECC". Improvement to TLS examples to old load keys/certs that are needed (reduces max handle load count). Added missing `scripts/tls_setup.sh` to automake.
2020-11-13 16:33:14 -08:00
David Garske
675f7deb22
Fixes for a couple minor build errors and warnings. Found using scan-build, CC=g++ and `NO_FILESYSTEM`.
2020-11-13 15:57:03 -08:00
Elms
951e27f706
examples: cleanup for mingw coexistence
2020-11-13 14:38:19 -08:00
Elms
0bff836fa2
examples: Cleanup TLS examples using keyblob
2020-11-13 11:31:01 -08:00
Elms
6bfebf7cb9
examples: tls_client ECC/RSA as command line option
2020-11-12 14:08:16 -08:00
Elms
3ce0a6871c
Rebase and leverage new API with KEYBLOB
2020-11-12 14:08:13 -08:00
Elms
045800ccf5
examples: factor out common key setup steps
2020-11-12 14:04:00 -08:00
Elms
8213c7af92
socket: Add optional ability to use wolfSSL IO
2020-11-12 14:04:00 -08:00
Elms
1fcae21585
Refactor socket code to support win32
2020-11-12 14:04:00 -08:00
Elms
375eda23d8
doc: Add TLS specific build options for Windows API
2020-11-12 14:04:00 -08:00