e43e8022b5
examples: Add AltName 127.0.0.1 to server certs
2021-01-22 11:54:12 -08:00
30c4ace7cc
Merge pull request #140 from tomoveu/fix-user-settings-ifdef
...
Fix typo on WOLFTPM_USER_SETTINGS ifdef
2021-01-22 09:16:08 -08:00
529dcfe268
Fix typo on WOLFTPM_USER_SETTINGS ifdef
...
POSIX options.h is used when USER_SETTINGS are not available
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2021-01-22 19:08:58 +02:00
a0fb2f58ec
Merge pull request #136 from dgarske/pkcs7_fixes
...
Cleanup of the examples to use the key templates
2021-01-18 14:18:17 -08:00
c0fa6423d5
Cleanup of the examples to use the key templates. The PKCS7 example was failing because of a key mismatch between the TPM private key and the public key used in the certificate setup using the CSR and ./certs/certreq/sh`.
2021-01-14 16:41:12 -08:00
48a3364c06
Merge pull request #139 from dgarske/certs_expired
...
Fix for expired wolfSSL certs
2021-01-11 13:26:14 -08:00
4c086c2f2c
Fix for expired wolfSSL certs and note about where those files come from. Fixes #138 .
2021-01-11 11:58:46 -08:00
da1d34c2fb
Merge pull request #134 from dgarske/release_v2.0
...
Preparation for wolfTPM v2.0 release
2020-12-07 14:59:17 -06:00
bd14af9542
Add mention of PR 133
2020-12-07 11:09:13 -08:00
845b3d1da2
Release fixes and cleanups. Fixes for init of `WOLFTPM2_HASH` in `wolfTPM2_HashStart`. Fix for for various build configurations (--disable-wrapper). Fix for Microchip "sign" bit on symmetric keys. Fix for scan-build warnings. Cleanup whitespace.
2020-12-07 11:01:02 -08:00
b1a11c386a
Preparation for wolfTPM v2.0 release.
2020-12-03 11:12:01 -08:00
c7e93261e4
Merge pull request #129 from tomoveu/add-keygen-example
2020-12-03 10:16:40 -08:00
523a9f905c
Fixes for properly setting auth (needs to include name for HMAC cpHash/rpHash calculation). Fix for sessionAttributes when command / response doesn't support it. Fixes for the TLS client / server examples. Added back the useful param enc / hmac debugging enabled with `--enable-debug=verbose`.
2020-12-02 16:47:46 -08:00
75db91c003
Updates to demonstrate using parameter encryption with the native test. Allow NULL key for the HmacSetKey (for unsalted / unbound).
2020-12-01 16:00:47 -08:00
d044360e38
Fixes for scan-build and g++ warnings.
2020-12-01 10:38:39 -08:00
8087afaf27
Fixes from peer review. Resolve issue with make check. Removed the TPM Simulator for make check (does not build out of the box on all platforms). Make dist was not including the new tpm2_socket.h.
2020-12-01 07:45:04 -08:00
4b0b70861c
Added parameter encryption support to more examples. Fix to not set "encrypt" or "decrypt" if command doesn't allow it. Updated documentation.
2020-11-30 12:00:54 -08:00
4c2e8d3f43
Added response HMAC validation. Fixes for nonce and auth count. Fix for AES CFB decrypt set key (requires `AES_ENCRYPTION` on SetKey). Cleanup verbose debugging. PR ready for review.
2020-11-25 16:04:04 -08:00
0e4c6672fd
TPM Parameter Encryption with AES CFB or XOR is fully working. Tested keygen, keyload, keyimport and PCR quote with parameter encryption using both ciphers. This commit includes a refactor of the auth command structure to adhere to TPM spec. Includes optimization for AES CFB and XOR to do done inline. For for the decryption nonce to use the newer for U in KDFa.
2020-11-25 13:00:42 -08:00
4b98d6d637
Fixed minor errors about missing header, variables not used and whitespaces
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-25 12:33:51 +02:00
409fd96502
Fixes for response decryption. Nonce from TPM captured correctly now. Added support for args to all examples.
2020-11-24 16:44:20 -08:00
1c5e0ea95a
Refactor of the command parameters.
2020-11-24 11:51:56 -08:00
66ea1599c9
Fixes for cpHash calculation. Cleanup of the auth command/response processing.
2020-11-23 21:38:16 -08:00
5abeea75a9
Added object names to the command hash calculation (cpHash). Added HMAC key creation. Fixed outstanding TODO items.
2020-11-23 14:54:39 -08:00
dbd8e41b47
Refactor of the session authentication. Added "-e" option to some examples to enable parameter encryption and removed the _paramenc.c files. Fixup for the `getPrimaryStoragekey` to allow persisting if not `WOLFTPM_WINAPI`. Improve command line options. Added calculation of command hash and HMAC for sessions.
2020-11-20 16:47:14 -08:00
a31ef747f7
Keygen examples no longer need to manually generate nonceCaller
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 18:11:25 +02:00
ade7c0b23a
Added generation of fresh nonceCaller between commands
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 18:05:00 +02:00
7edd3950bc
Extend wolfTPM2_SESSION with new field for fresh nonceCaller between commands
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 17:50:02 +02:00
8459ec712a
Prepare for new nonceTPM solution and TPM session tracking
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:37:21 +02:00
72e365329c
New nonceTPM solution needed, restoring TPMS_AUTH_COMMAND to its TCG spec form
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:30:17 +02:00
701359a7dc
Fixes to keyload_paramenc, unloading of handles
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:24:18 +02:00
191412f86b
Minor change, remove obsolete code from keygen_paramenc example
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:08:30 +02:00
23e5b629fb
Added keyload with parameter encryption example
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:08:30 +02:00
324bdea6b4
Modify keygen_paramenc to use new wolfTPM2 wrappers for Create and Load
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:08:30 +02:00
cc812e5d8f
Encrypt innerWrap and TPM2B_Private together for TPM2_Load, without outerWrap
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:08:30 +02:00
24a49de385
Added AES CFB parameter support, salted TPM session, fixed KDFa and examples
...
* Added key generation example with parameter encryption
* Fixes and cleanups for KDFa
* Added KDFa unit test (passes)
* Added AES CFB support
* Fix for nonceTPM
* Added support for encrypted RSA salt and salted-unbounded session
* Removed unsalted-unbounded specific code for authValueKDF from KDFa
* Add innerWrap support
* Add missing wolfcrypt header for AES CFB
* Fixes for casting when calling KDFa for AES CFB parameter encryption
* Add outerWrap support
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-19 15:08:30 +02:00
5a77c4c3d7
Merge pull request #133 from tomoveu/new-authSession-handling
...
New auth session handling for TPM2 command handlers
2020-11-18 14:04:38 -08:00
a516da4158
Minor fixes based on peer review
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-18 23:59:40 +02:00
5b757b8b72
New auth session handling for TPM2 command handlers
...
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
2020-11-18 23:50:45 +02:00
0cc3416f87
Merge pull request #130 from elms/mingw/tls
...
minGW support for TLS example
2020-11-13 16:35:24 -08:00
b48f53f5e7
Improvements to the example tls_server to accept "RSA" or "ECC". Improvement to TLS examples to old load keys/certs that are needed (reduces max handle load count). Added missing `scripts/tls_setup.sh` to automake.
2020-11-13 16:33:14 -08:00
675f7deb22
Fixes for a couple minor build errors and warnings. Found using scan-build, CC=g++ and `NO_FILESYSTEM`.
2020-11-13 15:57:03 -08:00
951e27f706
examples: cleanup for mingw coexistence
2020-11-13 14:38:19 -08:00
0bff836fa2
examples: Cleanup TLS examples using keyblob
2020-11-13 11:31:01 -08:00
6bfebf7cb9
examples: tls_client ECC/RSA as command line option
2020-11-12 14:08:16 -08:00
3ce0a6871c
Rebase and leverage new API with KEYBLOB
2020-11-12 14:08:13 -08:00
045800ccf5
examples: factor out common key setup steps
2020-11-12 14:04:00 -08:00
8213c7af92
socket: Add optional ability to use wolfSSL IO
2020-11-12 14:04:00 -08:00
1fcae21585
Refactor socket code to support win32
2020-11-12 14:04:00 -08:00
375eda23d8
doc: Add TLS specific build options for Windows API
2020-11-12 14:04:00 -08:00
Elms
David Garske
Dimitar Tomov
Eric Blankenhorn